Diff
Modified: trunk/LayoutTests/ChangeLog (94094 => 94095)
--- trunk/LayoutTests/ChangeLog 2011-08-30 19:03:52 UTC (rev 94094)
+++ trunk/LayoutTests/ChangeLog 2011-08-30 19:13:33 UTC (rev 94095)
@@ -1,3 +1,16 @@
+2011-08-29 Oliver Hunt <oli...@apple.com>
+
+ TypedArrays don't ensure that denormalised values are normalised
+ https://bugs.webkit.org/show_bug.cgi?id=67178
+
+ Reviewed by Gavin Barraclough.
+
+ Add test to ensure that we create a non-signalling nan when reading
+ a singaling nan from a typed array.
+
+ * fast/canvas/webgl/webgl-array-invalid-ranges-expected.txt:
+ * fast/canvas/webgl/webgl-array-invalid-ranges.html:
+
2011-08-30 David Levin <le...@chromium.org>
[chromium] Update baselines after r94084 and r94088 and r93909.
Modified: trunk/LayoutTests/fast/canvas/webgl/webgl-array-invalid-ranges-expected.txt (94094 => 94095)
--- trunk/LayoutTests/fast/canvas/webgl/webgl-array-invalid-ranges-expected.txt 2011-08-30 19:03:52 UTC (rev 94094)
+++ trunk/LayoutTests/fast/canvas/webgl/webgl-array-invalid-ranges-expected.txt 2011-08-30 19:13:33 UTC (rev 94095)
@@ -77,6 +77,7 @@
PASS Setting Float32Array from array with out-of-range offset was caught
PASS Setting Float32Array from fake array with invalid length was caught
PASS Setting Float32Array from Float32Array with out-of-range offset was caught
+PASS isNaN(floats[0]) is true
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/fast/canvas/webgl/webgl-array-invalid-ranges.html (94094 => 94095)
--- trunk/LayoutTests/fast/canvas/webgl/webgl-array-invalid-ranges.html 2011-08-30 19:03:52 UTC (rev 94094)
+++ trunk/LayoutTests/fast/canvas/webgl/webgl-array-invalid-ranges.html 2011-08-30 19:13:33 UTC (rev 94095)
@@ -147,6 +147,14 @@
}
}
+buffer = new ArrayBuffer(40);
+ints = new Int32Array(buffer, 0, 10);
+floats = new Float32Array(buffer, 0, 10);
+// Plant a NaN into the buffer
+ints[0]=-0x7ffff;
+// Read the NaN out as a float
+shouldBeTrue("isNaN(floats[0])");
+
successfullyParsed = true;
</script>
Modified: trunk/Source/_javascript_Core/ChangeLog (94094 => 94095)
--- trunk/Source/_javascript_Core/ChangeLog 2011-08-30 19:03:52 UTC (rev 94094)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-08-30 19:13:33 UTC (rev 94095)
@@ -1,3 +1,17 @@
+2011-08-30 Oliver Hunt <oli...@apple.com>
+
+ TypedArrays don't ensure that denormalised values are normalised
+ https://bugs.webkit.org/show_bug.cgi?id=67178
+
+ Reviewed by Gavin Barraclough.
+
+ Add a couple of assertions to jsNumber() to ensure that
+ we block signaling NaNs
+
+ * runtime/JSValue.h:
+ (JSC::jsDoubleNumber):
+ (JSC::jsNumber):
+
2011-08-30 Ademar de Souza Reis Jr. <ademar.r...@openbossa.org>
[Qt] Do not unconditionally use pkg-config in .pro files
Modified: trunk/Source/_javascript_Core/runtime/JSValue.h (94094 => 94095)
--- trunk/Source/_javascript_Core/runtime/JSValue.h 2011-08-30 19:03:52 UTC (rev 94094)
+++ trunk/Source/_javascript_Core/runtime/JSValue.h 2011-08-30 19:13:33 UTC (rev 94095)
@@ -392,11 +392,13 @@
ALWAYS_INLINE JSValue jsDoubleNumber(double d)
{
+ ASSERT(JSValue(JSValue::EncodeAsDouble, d).isNumber());
return JSValue(JSValue::EncodeAsDouble, d);
}
ALWAYS_INLINE JSValue jsNumber(double d)
{
+ ASSERT(JSValue(d).isNumber());
return JSValue(d);
}
Modified: trunk/Source/WebCore/ChangeLog (94094 => 94095)
--- trunk/Source/WebCore/ChangeLog 2011-08-30 19:03:52 UTC (rev 94094)
+++ trunk/Source/WebCore/ChangeLog 2011-08-30 19:13:33 UTC (rev 94095)
@@ -1,3 +1,16 @@
+2011-08-29 Oliver Hunt <oli...@apple.com>
+
+ TypedArrays don't ensure that denormalised values are normalised
+ https://bugs.webkit.org/show_bug.cgi?id=67178
+
+ Reviewed by Gavin Barraclough.
+
+ Ensure that we convert singaling nans to silent nans when loading
+ from a typed array.
+
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateImplementation):
+
2011-08-29 Alexey Proskuryakov <a...@apple.com>
DumpRenderTree should begin each test with an empty cookie store
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (94094 => 94095)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2011-08-30 19:03:52 UTC (rev 94094)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2011-08-30 19:13:33 UTC (rev 94095)
@@ -2225,7 +2225,11 @@
push(@implContent, "\nJSValue ${className}::getByIndex(ExecState*, unsigned index)\n");
push(@implContent, "{\n");
push(@implContent, " ASSERT_GC_OBJECT_INHERITS(this, &s_info);\n");
- push(@implContent, " return jsNumber(static_cast<$implClassName*>(impl())->item(index));\n");
+ push(@implContent, " double result = static_cast<$implClassName*>(impl())->item(index);\n");
+ # jsNumber conversion doesn't suppress signalling NaNs, so enforce that here.
+ push(@implContent, " if (isnan(result))\n");
+ push(@implContent, " return jsNaN();\n");
+ push(@implContent, " return JSValue(result);\n");
push(@implContent, "}\n\n");
if ($interfaceName eq "HTMLCollection" or $interfaceName eq "HTMLAllCollection") {
$implIncludes{"JSNode.h"} = 1;
