fixed detached TypedArray in sort()

This commit is contained in:
Fabrice Bellard 2023-12-27 17:13:44 +01:00
parent e6da06e4f6
commit b8791e9b4a
3 changed files with 50 additions and 48 deletions

5
TODO
View File

@ -1,6 +1,3 @@
Bugs:
- modules: better error handling with cyclic module references
Misc ideas: Misc ideas:
- use custom printf to avoid compatibility issues with floating point numbers - use custom printf to avoid compatibility issues with floating point numbers
- consistent naming for preprocessor defines - consistent naming for preprocessor defines
@ -66,5 +63,5 @@ Optimization ideas:
Test262o: 0/11262 errors, 463 excluded Test262o: 0/11262 errors, 463 excluded
Test262o commit: 7da91bceb9ce7613f87db47ddd1292a2dda58b42 (es5-tests branch) Test262o commit: 7da91bceb9ce7613f87db47ddd1292a2dda58b42 (es5-tests branch)
Result: 35/75280 errors, 909 excluded, 585 skipped Result: 16/76387 errors, 1497 excluded, 8397 skipped
Test262 commit: 31126581e7290f9233c29cefd93f66c6ac78f1c9 Test262 commit: 31126581e7290f9233c29cefd93f66c6ac78f1c9

View File

@ -53160,7 +53160,7 @@ static JSValue js_TA_get_float64(JSContext *ctx, const void *a) {
struct TA_sort_context { struct TA_sort_context {
JSContext *ctx; JSContext *ctx;
int exception; int exception; /* 1 = exception, 2 = detached typed array */
JSValueConst arr; JSValueConst arr;
JSValueConst cmp; JSValueConst cmp;
JSValue (*getfun)(JSContext *ctx, const void *a); JSValue (*getfun)(JSContext *ctx, const void *a);
@ -53178,6 +53178,8 @@ static int js_TA_cmp_generic(const void *a, const void *b, void *opaque) {
cmp = 0; cmp = 0;
if (!psc->exception) { if (!psc->exception) {
/* Note: the typed array can be detached without causing an
error */
a_idx = *(uint32_t *)a; a_idx = *(uint32_t *)a;
b_idx = *(uint32_t *)b; b_idx = *(uint32_t *)b;
argv[0] = psc->getfun(ctx, psc->array_ptr + argv[0] = psc->getfun(ctx, psc->array_ptr +
@ -53205,8 +53207,9 @@ static int js_TA_cmp_generic(const void *a, const void *b, void *opaque) {
/* make sort stable: compare array offsets */ /* make sort stable: compare array offsets */
cmp = (a_idx > b_idx) - (a_idx < b_idx); cmp = (a_idx > b_idx) - (a_idx < b_idx);
} }
if (validate_typed_array(ctx, psc->arr) < 0) { if (unlikely(typed_array_is_detached(ctx,
psc->exception = 1; JS_VALUE_GET_PTR(psc->arr)))) {
psc->exception = 2;
} }
done: done:
JS_FreeValue(ctx, (JSValue)argv[0]); JS_FreeValue(ctx, (JSValue)argv[0]);
@ -53230,11 +53233,11 @@ static JSValue js_typed_array_sort(JSContext *ctx, JSValueConst this_val,
tsc.arr = this_val; tsc.arr = this_val;
tsc.cmp = argv[0]; tsc.cmp = argv[0];
if (!JS_IsUndefined(tsc.cmp) && check_function(ctx, tsc.cmp))
return JS_EXCEPTION;
len = js_typed_array_get_length_internal(ctx, this_val); len = js_typed_array_get_length_internal(ctx, this_val);
if (len < 0) if (len < 0)
return JS_EXCEPTION; return JS_EXCEPTION;
if (!JS_IsUndefined(tsc.cmp) && check_function(ctx, tsc.cmp))
return JS_EXCEPTION;
if (len > 1) { if (len > 1) {
p = JS_VALUE_GET_OBJ(this_val); p = JS_VALUE_GET_OBJ(this_val);
@ -53300,8 +53303,11 @@ static JSValue js_typed_array_sort(JSContext *ctx, JSValueConst this_val,
tsc.elt_size = elt_size; tsc.elt_size = elt_size;
rqsort(array_idx, len, sizeof(array_idx[0]), rqsort(array_idx, len, sizeof(array_idx[0]),
js_TA_cmp_generic, &tsc); js_TA_cmp_generic, &tsc);
if (tsc.exception) if (tsc.exception) {
if (tsc.exception == 1)
goto fail; goto fail;
/* detached typed array during the sort: no error */
} else {
array_tmp = js_malloc(ctx, len * elt_size); array_tmp = js_malloc(ctx, len * elt_size);
if (!array_tmp) { if (!array_tmp) {
fail: fail:
@ -53338,6 +53344,7 @@ static JSValue js_typed_array_sort(JSContext *ctx, JSValueConst this_val,
abort(); abort();
} }
js_free(ctx, array_tmp); js_free(ctx, array_tmp);
}
js_free(ctx, array_idx); js_free(ctx, array_idx);
} else { } else {
rqsort(array_ptr, len, elt_size, cmpfun, &tsc); rqsort(array_ptr, len, elt_size, cmpfun, &tsc);

View File

@ -5,8 +5,6 @@ test262/test/built-ins/RegExp/lookahead-quantifier-match-groups.js:27: Test262Er
test262/test/built-ins/RegExp/lookahead-quantifier-match-groups.js:27: strict mode: Test262Error: Expected [a, abc] and [a, undefined] to have the same contents. ? quantifier test262/test/built-ins/RegExp/lookahead-quantifier-match-groups.js:27: strict mode: Test262Error: Expected [a, abc] and [a, undefined] to have the same contents. ? quantifier
test262/test/built-ins/RegExp/unicode_full_case_folding.js:20: Test262Error: \u0390 does not match \u1fd3 test262/test/built-ins/RegExp/unicode_full_case_folding.js:20: Test262Error: \u0390 does not match \u1fd3
test262/test/built-ins/RegExp/unicode_full_case_folding.js:20: strict mode: Test262Error: \u0390 does not match \u1fd3 test262/test/built-ins/RegExp/unicode_full_case_folding.js:20: strict mode: Test262Error: \u0390 does not match \u1fd3
test262/test/built-ins/TypedArray/prototype/sort/sort-tonumber.js:30: TypeError: ArrayBuffer is detached (Testing with Float64Array.)
test262/test/built-ins/TypedArray/prototype/sort/sort-tonumber.js:30: strict mode: TypeError: ArrayBuffer is detached (Testing with Float64Array.)
test262/test/language/expressions/assignment/target-member-computed-reference-null.js:32: Test262Error: Expected a DummyError but got a TypeError test262/test/language/expressions/assignment/target-member-computed-reference-null.js:32: Test262Error: Expected a DummyError but got a TypeError
test262/test/language/expressions/assignment/target-member-computed-reference-null.js:32: strict mode: Test262Error: Expected a DummyError but got a TypeError test262/test/language/expressions/assignment/target-member-computed-reference-null.js:32: strict mode: Test262Error: Expected a DummyError but got a TypeError
test262/test/language/expressions/assignment/target-member-computed-reference-undefined.js:32: Test262Error: Expected a DummyError but got a TypeError test262/test/language/expressions/assignment/target-member-computed-reference-undefined.js:32: Test262Error: Expected a DummyError but got a TypeError