Changeset 219026 in webkit for trunk/Source/JavaScriptCore/b3/testb3.cpp

Timestamp:

Jun 30, 2017, 4:37:01 PM (8 years ago)

Author:

[email protected]

Message:

B3ReduceDoubleToFloat incorrectly reduces operations over two double constants
​https://bugs.webkit.org/show_bug.cgi?id=174034
<rdar://problem/30793007>

Reviewed by Filip Pizlo.

B3ReduceDoubleToFloat had a bug in it where it would incorrectly
reduce binary operations over double constants into the same binary
operation over the double constants casted to floats. This is clearly
incorrect as these two things will produce different values. For example:

a = DoubleConst(bitwise_cast<double>(0x8000000000000001ull))
b = DoubleConst(bitwise_cast<double>(0x0000000000000000ull))
c = EqualOrUnordered(@a, @b) produces 0

into:

a = FloatConst(static_cast<float>(bitwise_cast<double>(0x8000000000000001ull)))
b = FloatConst(static_cast<float>(bitwise_cast<double>(0x0000000000000000ull)))
c = EqualOrUnordered(@a, @b) produces 1

Which produces a different value for @c.

• b3/B3ReduceDoubleToFloat.cpp:
• b3/testb3.cpp:

(JSC::B3::doubleEq):
(JSC::B3::doubleNeq):
(JSC::B3::doubleGt):
(JSC::B3::doubleGte):
(JSC::B3::doubleLt):
(JSC::B3::doubleLte):
(JSC::B3::testDoubleLiteralComparison):
(JSC::B3::run):

File:

• trunk/Source/JavaScriptCore/b3/testb3.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/b3/testb3.cpp

@@ -68 +68 @@
 #include "PureNaN.h"
 #include <cmath>
+#include <list>
 #include <string>
 #include <wtf/FastTLS.h>
@@ -15431 +15432 @@
     CHECK_EQ(bitwise_cast<uintptr_t>(_pthread_getspecific_direct(WTF_TESTING_KEY)), static_cast<uintptr_t>(0xdead));
 #endif
+}
+
+NEVER_INLINE bool doubleEq(double a, double b) { return a == b; }
+NEVER_INLINE bool doubleNeq(double a, double b) { return a != b; }
+NEVER_INLINE bool doubleGt(double a, double b) { return a > b; }
+NEVER_INLINE bool doubleGte(double a, double b) { return a >= b; }
+NEVER_INLINE bool doubleLt(double a, double b) { return a < b; }
+NEVER_INLINE bool doubleLte(double a, double b) { return a <= b; }
+
+void testDoubleLiteralComparison(double a, double b)
+{
+    using Test = std::tuple<B3::Opcode, bool (*)(double, double)>;
+    std::list<Test> tests = {
+        { NotEqual, doubleNeq },
+        { Equal, doubleEq },
+        { EqualOrUnordered, doubleEq },
+        { GreaterThan, doubleGt },
+        { GreaterEqual, doubleGte },
+        { LessThan, doubleLt },
+        { LessEqual, doubleLte },
+    };
+
+    for (const Test& test : tests) {
+        Procedure proc;
+        BasicBlock* root = proc.addBlock();
+        Value* valueA = root->appendNew<ConstDoubleValue>(proc, Origin(), a);
+        Value* valueB = root->appendNew<ConstDoubleValue>(proc, Origin(), b);
+
+        // This is here just to make reduceDoubleToFloat do things.
+        Value* valueC = root->appendNew<ConstDoubleValue>(proc, Origin(), 0.0);
+        Value* valueAsFloat = root->appendNew<Value>(proc, DoubleToFloat, Origin(), valueC);
+
+        root->appendNewControlValue(
+            proc, Return, Origin(),
+                root->appendNew<Value>(proc, BitAnd, Origin(),
+                    root->appendNew<Value>(proc, std::get<0>(test), Origin(), valueA, valueB),
+                    root->appendNew<Value>(proc, Equal, Origin(), valueAsFloat, valueAsFloat)));
+
+        CHECK(!!compileAndRun<int32_t>(proc) == std::get<1>(test)(a, b));
+    }
 }
 
@@ -16967 +17008 @@
     RUN(testFastTLSStore());
 
+    RUN(testDoubleLiteralComparison(bitwise_cast<double>(0x8000000000000001ull), bitwise_cast<double>(0x0000000000000000ull)));
+    RUN(testDoubleLiteralComparison(bitwise_cast<double>(0x0000000000000000ull), bitwise_cast<double>(0x8000000000000001ull)));
+    RUN(testDoubleLiteralComparison(125.3144446948241, 125.3144446948242));
+    RUN(testDoubleLiteralComparison(125.3144446948242, 125.3144446948241));
+
     if (isX86()) {
         RUN(testBranchBitAndImmFusion(Identity, Int64, 1, Air::BranchTest32, Air::Arg::Tmp));