NaN's most significant bit signifies the sign of NaN. This bit's value was inconsistent with other engines' as well as inconsistent in Chakra when using the -NoNative flag. This fix makes NaN respect the sign bit. This is viewable through typed array buffers.

Author: wyrichte

lib/Common/Common/NumberUtilities.cpp

@@ -17,6 +17,7 @@ using namespace Js;
     // Redeclare static constants
     const UINT64 NumberConstantsBase::k_Nan;
     const UINT32 NumberConstantsBase::k_Nan32;
+    const UINT64 NumberConstantsBase::k_NegativeNan;
     const INT64 NumberUtilitiesBase::Pos_InvalidInt64;
     const INT64 NumberUtilitiesBase::Neg_InvalidInt64;
     const uint64 NumberConstants::k_PosInf;
@@ -59,6 +60,7 @@ using namespace Js;
     const double NumberConstants::MAX_VALUE = *(double*)(&NumberConstants::k_PosMax);
     const double NumberConstants::MIN_VALUE = *(double*)(&NumberConstants::k_PosMin);
     const double NumberConstants::NaN = *(double*)(&NumberConstants::k_Nan);
+    const double NumberConstants::NegativeNaN = *(double*)(&NumberConstants::k_NegativeNan);
     const double NumberConstants::NEGATIVE_INFINITY= *(double*)(&NumberConstants::k_NegInf);
     const double NumberConstants::POSITIVE_INFINITY= *(double*)(&NumberConstants::k_PosInf );
     const double NumberConstants::NEG_ZERO= *(double*)(&NumberConstants::k_NegZero );

lib/Common/Common/NumberUtilities.h

@@ -64,6 +64,7 @@ namespace Js
         static const double     MAX_VALUE;
         static const double     MIN_VALUE;
         static const double     NaN;
+        static const double     NegativeNaN;
         static const double     NEGATIVE_INFINITY;
         static const double     POSITIVE_INFINITY;
         static const double     NEG_ZERO;
@@ -99,6 +100,7 @@ namespace Js
 
         static bool IsFinite(double value);
         static bool IsNan(double value);
+        static bool IsNegative(double value);
         static bool IsFloat32NegZero(float value);
         static bool IsSpecial(double value, uint64 nSpecial);
         static uint64 ToSpecial(double value);

lib/Common/Common/NumberUtilities.inl

@@ -137,8 +137,8 @@ namespace Js
     NUMBER_UTIL_INLINE bool NumberUtilities::IsNan(double value)
     {
 #if defined(TARGET_64)
-        // NaN is a range of values; all bits on the exponent are 1's and some nonzero significant.
-        // no distinction on signed NaN's
+        // NaN is a range of values; all bits on the exponent are 1's 
+        // and some nonzero significant. No distinction on signed NaN's.
         uint64 nCompare = ToSpecial(value);
         bool isNan = (0 == (~nCompare & 0x7FF0000000000000ull) &&
             0 != (nCompare & 0x000FFFFFFFFFFFFFull));
@@ -149,6 +149,12 @@ namespace Js
 #endif
     }
 
+    NUMBER_UTIL_INLINE bool NumberUtilities::IsNegative(double value)
+    {
+        uint64 nCompare = ToSpecial(value);
+        return nCompare & 0x8000000000000000ull;
+    }
+
     NUMBER_UTIL_INLINE bool NumberUtilities::IsSpecial(double value, uint64 nSpecial)
     {
         // Perform a bitwise comparison using uint64 instead of a double comparison, since that

lib/Common/Common/NumberUtilitiesBase.h

@@ -12,8 +12,9 @@ namespace Js
     class NumberConstantsBase
     {
     public:
-        static const UINT64 k_Nan = 0xFFF8000000000000ull;
+        static const UINT64 k_Nan = 0x7FF8000000000000ull;
         static const UINT32 k_Nan32 = 0x7FC00000ul;
+        static const UINT64 k_NegativeNan = 0xFFF8000000000000ull;
     };
 
     class NumberUtilitiesBase

lib/Runtime/Language/JavascriptConversion.inl

@@ -297,10 +297,11 @@ namespace Js {
 #if FLOATVAR
            if (typeId == TypeIds_Number)
            {
-               // NaN could have sign bit set, but that isn't observable so canonicalize to positive NaN
                double numberValue = JavascriptNumber::GetValue(value);
                return JavascriptNumber::IsNan(numberValue)
-                   ? JavascriptNumber::ToVar(JavascriptNumber::NaN)
+                   ? JavascriptNumber::IsNegative(numberValue)
+                        ? JavascriptNumber::ToVar(JavascriptNumber::NegativeNaN)
+                        : JavascriptNumber::ToVar(JavascriptNumber::NaN)
                    : value;
            }
 #else

lib/Runtime/Library/JavascriptNumber.cpp

@@ -23,7 +23,7 @@ namespace Js
 #if FLOATVAR
         if (IsNan(value))
         {
-            value = JavascriptNumber::NaN;
+            value = IsNegative(value) ? JavascriptNumber::NegativeNaN : JavascriptNumber::NaN;
         }
 #endif
         return JavascriptNumber::NewInlined(value, scriptContext);

lib/Runtime/Library/JavascriptNumber.h

@@ -55,6 +55,7 @@ namespace Js
         static bool TryToVarFastWithCheck(double value, Var* result);
 
         inline static BOOL IsNan(double value) { return NumberUtilities::IsNan(value); }
+        inline static BOOL IsNegative(double value) { return NumberUtilities::IsNegative(value); }
         static bool IsZero(double value);
         static BOOL IsNegZero(double value);
         static bool IsPosInf(double value);

lib/Runtime/Library/JavascriptNumber.inl

@@ -14,7 +14,7 @@ namespace Js
 #endif
     )
     {
-        AssertMsg(!IsNan(value) || ToSpecial(value) == k_Nan || ToSpecial(value) == 0x7FF8000000000000ull, "We should only produce a NaN with this value");
+        AssertMsg(!IsNan(value) || ToSpecial(value) == k_NegativeNan || ToSpecial(value) == 0x7FF8000000000000ull, "We should only produce a NaN with this value");
         SetSpecial(ToSpecial(value) ^ FloatTag_Value);
     }
 #else
@@ -96,7 +96,7 @@ namespace Js
 #if FLOATVAR
         if (IsNan(value))
         {
-            value = JavascriptNumber::NaN;
+            value = IsNegative(value) ? JavascriptNumber::NegativeNaN : JavascriptNumber::NaN;
         }
 
         *result = JavascriptNumber::ToVar(value);
@@ -128,7 +128,7 @@ namespace Js
     {
         if (IsNan(value))
         {
-            value = JavascriptNumber::NaN;
+            value = IsNegative(value) ? JavascriptNumber::NegativeNaN : JavascriptNumber::NaN;
         }
         return ToVar(value);
     }
@@ -148,7 +148,7 @@ namespace Js
     inline Var JavascriptNumber::ToVar(double value)
     {
         uint64 val = *(uint64*)&value;
-        AssertMsg(!IsNan(value) || ToSpecial(value) == k_Nan || ToSpecial(value) == 0x7FF8000000000000ull, "We should only produce a NaN with this value");
+        AssertMsg(!IsNan(value) || ToSpecial(value) == k_NegativeNan || ToSpecial(value) == 0x7FF8000000000000ull, "We should only produce a NaN with this value");
         return reinterpret_cast<Var>(val ^ FloatTag_Value);
     }
 

test/Number/NegativeNaN.baseline

@@ -0,0 +1,12 @@
+0,0,0,0,0,0,248,127
+0,0,0,0,0,0,248,255
+0,0,192,127
+0,0,192,255
+7ff8000000000000
+fff8000000000000
+0,0,0,0,0,0,248,127
+0,0,0,0,0,0,248,255
+0,0,192,127
+0,0,192,255
+7ff8000000000000
+fff8000000000000

test/Number/NegativeNaN.js

@@ -0,0 +1,37 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+function f(){
+    f64 = new Float64Array([NaN]);
+    u8 = new Uint8Array(f64.buffer);
+    print(u8)
+    
+    f64 = new Float64Array([-NaN]);
+    u8 = new Uint8Array(f64.buffer);
+    print(u8)
+
+    f64 = new Float32Array([NaN]);
+    u8 = new Uint8Array(f64.buffer);
+    print(u8)
+    
+    f64 = new Float32Array([-NaN]);
+    u8 = new Uint8Array(f64.buffer);
+    print(u8)
+
+    // GitHub bug #398
+    function numberToRawBits(v) {
+        var isLittleEndian = new Uint8Array(new Uint16Array([1]).buffer)[0] === 1;
+        var reduce = Array.prototype[isLittleEndian ? 'reduceRight' : 'reduce'];
+        var uint8 = new Uint8Array(new Float64Array([v]).buffer);
+        return reduce.call(uint8, (a, v) => a + (v < 16 ? "0" : "") + v.toString(16), "");
+    }
+    
+    console.log(numberToRawBits(NaN));
+    console.log(numberToRawBits(-NaN));
+  
+}
+f()
+f()
+