Incorrect TypedArray#set behavior
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Aug 2013 20:40:34 +0000 (20:40 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Aug 2013 20:40:34 +0000 (20:40 +0000)
commitd2872943524dc634b4eb72135a0657d04b5856ae
treef94e6f7238cccd092aa8bf669a71a181a2a828a8
parentf40bbcd64c7f104b0039d77e8baccbd72949b10c
Incorrect TypedArray#set behavior
https://bugs.webkit.org/show_bug.cgi?id=83818

Source/JavaScriptCore:

Reviewed by Oliver Hunt and Mark Hahnenberg.

This was so much fun! typedArray.set() is like a memmove on steroids, and I'm
not smart enough to figure out optimal versions for *all* of the cases. But I
did come up with optimal implementations for most of the cases, and I wrote
spec-literal code (i.e. copy via a transfer buffer) for the cases I'm not smart
enough to write optimal code for.

* runtime/JSArrayBufferView.h:
(JSC::JSArrayBufferView::hasArrayBuffer):
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::buffer):
(JSC::JSArrayBufferView::existingBufferInButterfly):
(JSC::JSArrayBufferView::neuter):
(JSC::JSArrayBufferView::byteOffset):
* runtime/JSGenericTypedArrayView.h:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::::setWithSpecificType):
(JSC::::set):
(JSC::::existingBuffer):

LayoutTests:

Reviewed by Oliver Hunt and Mark Hahnenberg.

Made it possible for shouldBe() to compare typed arrays to each other and to any array-like
object.

Added a bunch of tests for different kinds of overlapping typedArray.set()'s.

For sanity, also added the reduced test case from the bug. Interestingly, though, that test
case already passed on trunk - probably by luck (we had incidentally changed the default
copy direction from one that happened to not work to one that happened to be fine, but only
for this test).

* fast/js/jsc-test-list:
* fast/js/resources/js-test-pre.js:
(isTypedArray):
(isResultCorrect):
(stringify):
(shouldBe):
* fast/js/script-tests/typed-array-copy.js: Added.
* fast/js/script-tests/typedarray-set-destination-smaller-than-source.js: Added.
* fast/js/script-tests/typedarray-set-overlapping-elements-of-same-size.js: Added.
* fast/js/script-tests/typedarray-set-same-type-memmove.js: Added.
(arraysEqual):
* fast/js/script-tests/typedarray-set-source-smaller-than-destination.js: Added.
* fast/js/typed-array-copy-expected.txt: Added.
* fast/js/typed-array-copy.html: Added.
* fast/js/typedarray-set-destination-smaller-than-source-expected.txt: Added.
* fast/js/typedarray-set-destination-smaller-than-source.html: Added.
* fast/js/typedarray-set-overlapping-elements-of-same-size-expected.txt: Added.
* fast/js/typedarray-set-overlapping-elements-of-same-size.html: Added.
* fast/js/typedarray-set-same-type-memmove-expected.txt: Added.
* fast/js/typedarray-set-same-type-memmove.html: Added.
* fast/js/typedarray-set-source-smaller-than-destination-expected.txt: Added.
* fast/js/typedarray-set-source-smaller-than-destination.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154518 268f45cc-cd09-0410-ab3c-d52691b4dbfc
23 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/js/jsc-test-list
LayoutTests/fast/js/resources/js-test-pre.js
LayoutTests/fast/js/script-tests/typed-array-copy.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/typedarray-set-destination-smaller-than-source.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/typedarray-set-overlapping-elements-of-same-size.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/typedarray-set-same-type-memmove.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/typedarray-set-source-smaller-than-destination.js [new file with mode: 0644]
LayoutTests/fast/js/typed-array-copy-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/typed-array-copy.html [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-destination-smaller-than-source-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-destination-smaller-than-source.html [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-overlapping-elements-of-same-size-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-overlapping-elements-of-same-size.html [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-same-type-memmove-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-same-type-memmove.html [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-source-smaller-than-destination-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/typedarray-set-source-smaller-than-destination.html [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSArrayBufferView.h
Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h
Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h
Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h