Changeset 24394 in webkit for trunk/JavaScriptCore/kjs

Timestamp:

Jul 17, 2007, 7:25:38 PM (18 years ago)

Author:

darin

Message:

JavaScriptCore:

Reviewed by Darin, Maciej, and Adam.

Fixes <​http://bugs.webkit.org/show_bug.cgi?id=9697>,

the failure of ecma/GlobalObject/15.1.2.2-2.js,
the failure of ecma/LexicalConventions/7.7.3-1.js,
and most of the failures of tests in ecma/TypeConversion/9.3.1-3.js.

Bug 9697: parseInt results may be inaccurate for numbers greater than 2⁵³

This patch also fixes similar issues in the lexer and UString::toDouble().

• kjs/function.cpp: (KJS::parseIntOverflow): (KJS::parseInt):
• kjs/function.h:
• kjs/lexer.cpp: (KJS::Lexer::lex):
• kjs/ustring.cpp: (KJS::UString::toDouble):
• tests/mozilla/expected.html:

LayoutTests:

Reviewed by Darin.

Added tests for:
​http://bugs.webkit.org/show_bug.cgi?id=9697

Bug 9697: parseInt results may be inaccurate for numbers greater than 2⁵³

• fast/js/numeric-conversion-expected.txt: Added.
• fast/js/numeric-conversion.html: Added.
• fast/js/resources/numeric-conversion.js: Added.

Location:

trunk/JavaScriptCore/kjs

Files:

• function.cpp (modified) (5 diffs)
• function.h (modified) (1 diff)
• lexer.cpp (modified) (4 diffs)
• ustring.cpp (modified) (4 diffs)

trunk/JavaScriptCore/kjs/function.cpp

@@ -5 +5 @@
  *  Copyright (C) 2001 Peter Kelly ([email protected])
  *  Copyright (C) 2003 Apple Computer, Inc.
+ *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *
  *  This library is free software; you can redistribute it and/or
@@ -26 +27 @@
 #include "function.h"
 
+#include "dtoa.h"
 #include "internal.h"
 #include "function_object.h"
@@ -670 +672 @@
 }
 
+double parseIntOverflow(const char* s, int length, int radix)
+{
+    double number = 0.0;
+    double radixMultiplier = 1.0;
+
+    for (const char* p = s + length - 1; p >= s; p--) {
+        if (radixMultiplier == Inf) {
+            if (*p != '0') {
+                number = Inf;
+                break;
+            }
+        } else {
+            int digit = parseDigit(*p, radix);
+            number += digit * radixMultiplier;
+        }
+
+        radixMultiplier *= radix;
+    }
+
+    return number;
+}
+
 static double parseInt(const UString& s, int radix)
 {
@@ -702 +726 @@
         return NaN;
 
+    int firstDigitPosition = p;
     bool sawDigit = false;
     double number = 0;
@@ -712 +737 @@
         number += digit;
         ++p;
+    }
+
+    if (number >= mantissaOverflowLowerBound) {
+        if (radix == 10)
+            number = kjs_strtod(s.substr(firstDigitPosition, p - firstDigitPosition).ascii(), 0);
+        else if (radix == 2 || radix == 4 || radix == 8 || radix == 16 || radix == 32)
+            number = parseIntOverflow(s.substr(firstDigitPosition, p - firstDigitPosition).ascii(), p - firstDigitPosition, radix);
     }
 

trunk/JavaScriptCore/kjs/function.h

@@ -233 +233 @@
   };
 
+  static const double mantissaOverflowLowerBound = 9007199254740992.0;
+  double parseIntOverflow(const char* s, int length, int radix);
+
 UString escapeStringForPrettyPrinting(const UString& s);
 

trunk/JavaScriptCore/kjs/lexer.cpp

@@ -4 +4 @@
  *  Copyright (C) 1999-2000 Harri Porten ([email protected])
  *  Copyright (C) 2006 Apple Computer, Inc.
+ *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *
  *  This library is free software; you can redistribute it and/or
@@ -28 +29 @@
 #include <string.h>
 
+#include "function.h"
 #include "interpreter.h"
 #include "nodes.h"
@@ -473 +475 @@
       dval += convertHex(c);
     }
+
+    if (dval >= mantissaOverflowLowerBound)
+      dval = parseIntOverflow(buffer8 + 2, p - (buffer8 + 3), 16);
+
     state = Number;
   } else if (state == Octal) {   // scan octal number
@@ -480 +486 @@
       dval += c - '0';
     }
+
+    if (dval >= mantissaOverflowLowerBound)
+      dval = parseIntOverflow(buffer8 + 1, p - (buffer8 + 2), 8);
+
     state = Number;
   }

trunk/JavaScriptCore/kjs/ustring.cpp

@@ -4 +4 @@
  *  Copyright (C) 1999-2000 Harri Porten ([email protected])
  *  Copyright (C) 2004 Apple Computer, Inc.
+ *  Copyright (C) 2007 Cameron Zwarich ([email protected])
  *
  *  This library is free software; you can redistribute it and/or
@@ -27 +28 @@
 #include "JSLock.h"
 #include "dtoa.h"
+#include "function.h"
 #include "identifier.h"
 #include "operations.h"
@@ -889 +891 @@
   // hex number ?
   if (*c == '0' && (*(c+1) == 'x' || *(c+1) == 'X')) {
+    const char* firstDigitPosition = c + 2;
     c++;
     d = 0.0;
@@ -899 +902 @@
         break;
     }
+
+    if (d >= mantissaOverflowLowerBound)
+        d = parseIntOverflow(firstDigitPosition, c - firstDigitPosition, 16);
   } else {
     // regular number ?
     char *end;
     d = kjs_strtod(c, &end);
-    if ((d != 0.0 || end != c) && d != HUGE_VAL && d != -HUGE_VAL) {
+    if ((d != 0.0 || end != c) && d != Inf && d != -Inf) {
       c = end;
     } else {
-      // infinity ?
-      d = 1.0;
+      double sign = 1.0;
+
       if (*c == '+')
         c++;
       else if (*c == '-') {
-        d = -1.0;
+        sign = -1.0;
         c++;
       }
-      if (strncmp(c, "Infinity", 8) != 0)
+
+      // We used strtod() to do the conversion. However, strtod() handles
+      // infinite values slightly differently than JavaScript in that it
+      // converts the string "inf" with any capitalization to infinity,
+      // whereas the ECMA spec requires that it be converted to NaN.
+
+      if (strncmp(c, "Infinity", 8) == 0) {
+        d = sign * Inf;
+        c += 8;
+      } else if ((d == Inf || d == -Inf) && *c != 'I' && *c != 'i')
+        c = end;
+      else
         return NaN;
-      d = d * Inf;
-      c += 8;
     }
   }