Closed
Bug 706532
Opened 13 years ago
Closed 13 years ago
JS Correctness: Different TypeError variants with/without methodjit
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla11
People
(Reporter: decoder, Assigned: bhackett1024)
Details
(Keywords: testcase)
Attachments
(1 file)
7.78 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
The following test produces two different TypeError versions with options "-m -a" vs. no options on mozilla-central revision ca140190529a: (toString++); var self = this; this.self++; Output: $ $JS -m -a min.js min.js:3: TypeError: can't convert #1={self:#1#, toString:NaN} to number $ $JS min.js min.js:3: TypeError: can't convert this.self to number
Assignee | ||
Comment 1•13 years ago
|
||
After the objshrink merge this now gives the same output regardless of options, though unfortunately it is the really ugly one using sharp variables. I'll look into fixing that and restoring the this.self output in all cases.
Assignee | ||
Comment 2•13 years ago
|
||
Patch. The decompiler doesn't work on opcodes that are in the middle of a decomposed op because the source notes it needs aren't present. This rejiggers things so that when decompiling at such an inner op it tries to decompile the outer op instead.
Assignee: general → bhackett1024
Attachment #579178 -
Flags: review?(luke)
Comment 3•13 years ago
|
||
Comment on attachment 579178 [details] [diff] [review] patch Looks reasonable. I recommend you ask Gary for pre-fuzzing.
Attachment #579178 -
Flags: review?(luke) → review+
Comment 4•13 years ago
|
||
> Looks reasonable. I recommend you ask Gary for pre-fuzzing.
This does not blow up the fuzzers after fuzzing for awhile.
Assignee | ||
Comment 5•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/12c1f73c461f
Comment 6•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/12c1f73c461f
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
You need to log in
before you can comment on or make changes to this bug.
Description
•