Status: New
Owner: ----
New issue 2110 by [email protected]: Inconsistent results assigning
large numbers to Uint8Array
http://code.google.com/p/v8/issues/detail?id=2110
Hello,
Firstly, I wasn't sure whether to raise this against Chromium or v8, but it
looks like a jitting issue so I thought here was most appropriate.
Apologies if this is the wrong forum.
I've been debugging an issue with typed arrays and have found inconsistent
results are generated when assigning large values (>= 0x80000000, i.e.
INT_MAX+1 upwards) to Uint8Array elements. Here's a minimal repro:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
</head>
<body>
<script>
var mem = new Uint8Array(1);
function test() {
mem[0] = 0x800000aa;
}
test();
var a = mem[0];
test();
var b = mem[0];
mem[0] = 0x800000aa;
var c = mem[0];
alert('a:' + a.toString(16) + ', b:' + b.toString(16) + ', c:' +
c.toString(16));
</script>
</body>
</html>
With Chrome 18.0.1025.162 this displays an alert which says:
'a:aa, b:0, c:aa'
I'd expect:
'a:aa, b:aa, c:aa'
So the second time that test() is executed, it's truncating the assignment
differently. I'm assuming that this is due to jitting - especially
considering that the 3rd assignment (outside of test()) behaves
differently. I can work around this by masking the assigned value with
0xff, but it's alarming that different results are being generated.
NB: if you change the constant from 0x800000aa to 0x700000aa the test works
as expected (a,b and c all end up as 0xaa). So it's not just related to
truncating large values, it's related to truncating large values greater
than INT_MAX.
I've only just downloaded the v8 source, but I'll see if I can make a test
case specifically for v8.
Regards,
Paul
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
