[webkit-changes] [242475] releases/WebKitGTK/webkit-2.24

Tue, 05 Mar 2019 09:22:08 -0800

Title: [242475] releases/WebKitGTK/webkit-2.24
Revision
242475
Author
carlo...@webkit.org
Date
2019-03-05 09:21:19 -0800 (Tue, 05 Mar 2019)

Log Message

Merge r242114 - wasmToJS() should purify incoming NaNs.
https://bugs.webkit.org/show_bug.cgi?id=194807
<rdar://problem/48189132>

Reviewed by Saam Barati.

JSTests:

* wasm/regress/wasmToJS-should-purify-NaNs.js: Added.

Source/_javascript_Core:

* runtime/JSCJSValue.h:
(JSC::jsNumber):
* runtime/TypedArrayAdaptors.h:
(JSC::IntegralTypedArrayAdaptor::toJSValue):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog (242474 => 242475)


--- releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog	2019-03-05 17:21:14 UTC (rev 242474)
+++ releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog	2019-03-05 17:21:19 UTC (rev 242475)
@@ -1,3 +1,13 @@
+2019-02-26  Mark Lam  <mark....@apple.com>
+
+        wasmToJS() should purify incoming NaNs.
+        https://bugs.webkit.org/show_bug.cgi?id=194807
+        <rdar://problem/48189132>
+
+        Reviewed by Saam Barati.
+
+        * wasm/regress/wasmToJS-should-purify-NaNs.js: Added.
+
 2019-02-26  Guillaume Emont  <guijem...@igalia.com>
 
         [JSC] Repeat string created from Array.prototype.join() take too much memory

Added: releases/WebKitGTK/webkit-2.24/JSTests/wasm/regress/wasmToJS-should-purify-NaNs.js (0 => 242475)


--- releases/WebKitGTK/webkit-2.24/JSTests/wasm/regress/wasmToJS-should-purify-NaNs.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/JSTests/wasm/regress/wasmToJS-should-purify-NaNs.js	2019-03-05 17:21:19 UTC (rev 242475)
@@ -0,0 +1,21 @@
+var o = {};
+
+var jsFunc = function (arg1, arg2) {
+    return o + arg1;
+}
+
+var importObject = {
+    env: {
+        jsFunc
+    }
+};
+var wasmCode = new Uint8Array([0x0, 0x61, 0x73, 0x6d, 0x1, 0x0, 0x0, 0x0, 0x1, 0xe, 0x3, 0x60, 0x2, 0x7c, 0x7c, 0x1, 0x7f, 0x60, 0x0, 0x0, 0x60, 0x0, 0x1, 0x7f, 0x2, 0xe, 0x1, 0x3, 0x65, 0x6e, 0x76, 0x6, 0x6a, 0x73, 0x46, 0x75, 0x6e, 0x63, 0x0, 0x0, 0x3, 0x3, 0x2, 0x1, 0x2, 0x4, 0x5, 0x1, 0x70, 0x1, 0x1, 0x1, 0x5, 0x3, 0x1, 0x0, 0x2, 0x6, 0x15, 0x3, 0x7f, 0x1, 0x41, 0x80, 0x88, 0x4, 0xb, 0x7f, 0x0, 0x41, 0x80, 0x88, 0x4, 0xb, 0x7f, 0x0, 0x41, 0x80, 0x8, 0xb, 0x7, 0x2c, 0x4, 0x6, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x2, 0x0, 0xb, 0x5f, 0x5f, 0x68, 0x65, 0x61, 0x70, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x3, 0x1, 0xa, 0x5f, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x64, 0x3, 0x2, 0x4, 0x6d, 0x61, 0x69, 0x6e, 0x0, 0x2, 0xa, 0x1f, 0x2, 0x2, 0x0, 0xb, 0x1a, 0x0, 0x44, 0x43, 0x43, 0x43, 0x0, 0x0, 0x0, 0xff, 0xff, 0x44, 0x43, 0x43, 0x43, 0x0, 0x0, 0x0, 0xff, 0xff, 0x10, 0x80, 0x80, 0x80, 0x80, 0x0, 0xb, 0x0, 0x4d, 0xb, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x3d, 
 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x7, 0x39, 0x0, 0x0, 0x0, 0x3, 0x63, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x10, 0xe, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x6d, 0x61, 0x63, 0x69, 0x6e, 0x66, 0x6f, 0x0, 0x0, 0x42, 0xd, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x61, 0x62, 0x62, 0x72, 0x65, 0x76, 0x1, 0x11, 0x1, 0x25, 0xe, 0x13, 0x5, 0x3, 0xe, 0x10, 0x17, 0x1b, 0xe, 0x11, 0x1, 0x12, 0x6, 0x0, 0x0, 0x2, 0x2e, 0x0, 0x11, 0x1, 0x12, 0x6, 0x3, 0xe, 0x3a, 0xb, 0x3b, 0xb, 0x27, 0x19, 0x49, 0x13, 0x3f, 0x19, 0x0, 0x0, 0x3, 0x24, 0x0, 0x3, 0xe, 0x3e, 0xb, 0xb, 0xb, 0x0, 0x0, 0x0, 0x0, 0x64, 0xb, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x54, 0x0, 0x0, 0x0, 0x4, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0xfb, 0xe, 0xd, 0x0, 0x1, 0x1, 0x1, 0x1, 
 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x31, 0x36, 0x6a, 0x74, 0x37, 0x69, 0x74, 0x6a, 0x70, 0x69, 0x6b, 0x69, 0x2e, 0x24, 0x0, 0x0, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x63, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x5, 0x0, 0x0, 0x0, 0x18, 0x5, 0xa, 0xa, 0x8, 0x2f, 0x5, 0x3, 0x6, 0x66, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x72, 0xa, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x73, 0x74, 0x72, 0x63, 0x6c, 0x61, 0x6e, 0x67, 0x20, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x20, 0x38, 0x2e, 0x30, 0x2e, 0x30, 0x20, 0x28, 0x74, 0x72, 0x75, 0x6e, 0x6b, 0x20, 0x33, 0x34, 0x31, 0x39, 0x36, 0x30, 0x29, 0x0, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x31, 0x36, 0x6a, 0x74, 0x37, 0x69, 0x74, 0x6a, 0x70, 0x69, 0x6b, 0x69, 0x2e, 0x24, 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x63, 0x0, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x31, 0x36, 0x6a, 0x74, 0x37, 0x69, 0x74, 0x6a, 0x70, 0x69, 0x6b, 0x69, 0x2e, 0x
 24, 0x0, 0x6d, 0x61, 0x69, 0x6e, 0x0, 0x69, 0x6e, 0x74, 0x0, 0x0, 0x29, 0x4, 0x6e, 0x61, 0x6d, 0x65, 0x1, 0x22, 0x3, 0x0, 0x6, 0x6a, 0x73, 0x46, 0x75, 0x6e, 0x63, 0x1, 0x11, 0x5f, 0x5f, 0x77, 0x61, 0x73, 0x6d, 0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x5f, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x2, 0x4, 0x6d, 0x61, 0x69, 0x6e]);
+
+var wasmModule = new WebAssembly.Module(wasmCode);
+var wasmInstance = new WebAssembly.Instance(wasmModule, importObject);
+
+var wasmInstanceExported = wasmInstance.exports;
+var res = wasmInstanceExported.main();
+
+if (res != 0)
+    throw "FAILED";

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog (242474 => 242475)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-03-05 17:21:14 UTC (rev 242474)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-03-05 17:21:19 UTC (rev 242475)
@@ -1,3 +1,18 @@
+2019-02-26  Mark Lam  <mark....@apple.com>
+
+        wasmToJS() should purify incoming NaNs.
+        https://bugs.webkit.org/show_bug.cgi?id=194807
+        <rdar://problem/48189132>
+
+        Reviewed by Saam Barati.
+
+        * runtime/JSCJSValue.h:
+        (JSC::jsNumber):
+        * runtime/TypedArrayAdaptors.h:
+        (JSC::IntegralTypedArrayAdaptor::toJSValue):
+        * wasm/js/WasmToJS.cpp:
+        (JSC::Wasm::wasmToJS):
+
 2019-02-26  Dominik Infuehr  <dinfu...@igalia.com>
 
         Fix warnings on ARM and MIPS

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/JSCJSValue.h (242474 => 242475)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/JSCJSValue.h	2019-03-05 17:21:14 UTC (rev 242474)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/JSCJSValue.h	2019-03-05 17:21:19 UTC (rev 242475)
@@ -1,7 +1,7 @@
 /*
  *  Copyright (C) 1999-2001 Harri Porten (por...@kde.org)
  *  Copyright (C) 2001 Peter Kelly (p...@post.com)
- *  Copyright (C) 2003-2018 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003-2019 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Library General Public
@@ -23,6 +23,7 @@
 #pragma once
 
 #include "JSExportMacros.h"
+#include "PureNaN.h"
 #include <functional>
 #include <math.h>
 #include <stddef.h>
@@ -548,6 +549,7 @@
 ALWAYS_INLINE JSValue jsNumber(double d)
 {
     ASSERT(JSValue(d).isNumber());
+    ASSERT(!isImpureNaN(d));
     return JSValue(d);
 }

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/TypedArrayAdaptors.h (242474 => 242475)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/TypedArrayAdaptors.h	2019-03-05 17:21:14 UTC (rev 242474)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/TypedArrayAdaptors.h	2019-03-05 17:21:19 UTC (rev 242475)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -45,6 +45,7 @@
 
     static JSValue toJSValue(Type value)
     {
+        static_assert(!std::is_floating_point<Type>::value, "");
         return jsNumber(value);
     }

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/wasm/js/WasmToJS.cpp (242474 => 242475)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/wasm/js/WasmToJS.cpp	2019-03-05 17:21:14 UTC (rev 242474)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/wasm/js/WasmToJS.cpp	2019-03-05 17:21:19 UTC (rev 242475)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -249,7 +249,7 @@
                         break;
                     case F32:
                     case F64:
-                        arg = jsNumber(bitwise_cast<double>(buffer[argNum]));
+                        arg = jsNumber(purifyNaN(bitwise_cast<double>(buffer[argNum])));
                         break;
                     }
                     args.append(arg);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to