Closed Bug 1024444 Opened 10 years ago Closed 10 years ago

Differential Testing: Different output message involving arguments

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla33

People

(Reporter: gkw, Assigned: jandem)

Details

(Keywords: regression, testcase)

Attachments

(1 file)

Patch
1.30 KB, patch
luke
: review+
Details | Diff | Splinter Review 
function f(x) {
    x = eval("a = arguments.callee.arguments");
}
f(1)
print(uneval(a))

$ ./js-dbg-64-dm-ts-darwin-4876594bacaa --fuzzing-safe --ion-parallel-compile=off testcase.js
({0:{}})

$ ./js-dbg-64-dm-ts-darwin-4876594bacaa --fuzzing-safe --ion-parallel-compile=off --ion-eager testcase.js
({0:1})

(Tested this on 64-bit Mac js dbg threadsafe deterministic shell off m-c rev 4876594bacaa)

My configure flags are:

CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --enable-optimize --enable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --disable-tests --enable-more-deterministic --with-ccache --enable-threadsafe <other NSPR options>

I think this might go way back to Jan 2013, approximately rev 4b84e5d7523d, but I'm not sure.

Jan, what do you think could be going on here?
Flags: needinfo?(jdemooij)
Attached patch PatchSplinter Review 
Great find, Gary!

The problem is that maybeForwardToCallObject called ArgumentsObject::MaybeForwardToCallObject only for interpreter frames, but we should also do this for Baseline frames.

I think comment 0 is right and this goes back to the Baseline landing.
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Attachment #8440614 - Flags: review?(luke)
Flags: needinfo?(jdemooij)
Attachment #8440614 - Flags: review?(luke) → review+
https://hg.mozilla.org/mozilla-central/rev/e0ecf7fd2876
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: