Closed
Bug 1186226
Opened 9 years ago
Closed 9 years ago
Differential Testing: Different output message involving OdinMonkey
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla42
Tracking | Status | |
---|---|---|
firefox42 | --- | fixed |
People
(Reporter: gkw, Assigned: bbouvier)
References
Details
(Keywords: regression, testcase, Whiteboard: [fuzzblocker:js-differential-test])
Attachments
(1 file)
3.28 KB,
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
f = (function() { "use asm"; function f() { return (0 > (-(~~1) >>> 0)) | 0; } return f; })(); print(f()); $ ./js-dbg-32-dm-nsprBuild-darwin-d00e4167b482 --fuzzing-safe --no-threads --ion-eager testcase.js 1 $ ./js-dbg-32-dm-nsprBuild-darwin-d00e4167b482 --fuzzing-safe --no-threads --baseline-eager --no-fpu testcase.js 0 Tested this on m-c rev d00e4167b482. My configure flags are: LD=ld CROSS_COMPILE=1 CC="clang -Qunused-arguments -msse2 -mfpmath=sse -arch i386" RANLIB=ranlib CXX="clang++ -Qunused-arguments -msse2 -mfpmath=sse -arch i386" AS=$CC AR=ar STRIP="strip -x -S" HOST_CC="clang -Qunused-arguments -msse2 -mfpmath=sse" AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 HOST_CXX="clang++ -Qunused-arguments -msse2 -mfpmath=sse" sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=i386-apple-darwin9.2.0 --enable-macos-target=10.5 --enable-debug --enable-nspr-build --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic --enable-nspr-build --32" -r d00e4167b482 autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/b822456c6e2f user: Brian Hackett date: Tue Jul 07 11:24:36 2015 -0700 summary: Bug 1175714 - Watch for baseline frame values with nursery types during OSR, r=jandem. Setting [fuzzblocker] because this is blocking differential testing fuzzing on OdinMonkey. Jan / Benjamin, do you think anyone of you could take this please - because Brian is away till the end of the month.
Flags: needinfo?(jdemooij)
Flags: needinfo?(benj)
Updated•9 years ago
|
Whiteboard: [fuzzblocker:js-differential-test]
Reporter | ||
Comment 1•9 years ago
|
||
Another testcase: f = function() { "use asm"; function f(i0) { i0 = i0 | 0; return 0 < 4294967294 | 0; } return f; }(); print(f()); $ ./js-dbg-32-dm-nsprBuild-darwin-1875a5584e5f --fuzzing-safe --no-threads --ion-eager testcase.js 0 $ ./js-dbg-32-dm-nsprBuild-darwin-1875a5584e5f --fuzzing-safe --no-threads --baseline-eager --no-fpu testcase.js 1
Assignee | ||
Comment 2•9 years ago
|
||
Taking. It's a fallout from bug 1157624. Can't withdraw bug 1175714 from the list of blockers, as I don't have access to it.
Assignee | ||
Comment 3•9 years ago
|
||
A quite simple patch: when determining the type for a comparison, we need to look at *both* hand sides. During the big split, I thought only looking at the LHS would be enough, but these test cases show it isn't.
Assignee | ||
Comment 4•9 years ago
|
||
(for the record, bug 1157624 landed in mozilla-42, which is the current nightly, so no need to uplift, if it can land quickly enough)
Comment 5•9 years ago
|
||
Comment on attachment 8637056 [details] [diff] [review] fix.patch Review of attachment 8637056 [details] [diff] [review]: ----------------------------------------------------------------- Good find. ::: js/src/asmjs/AsmJSValidate.cpp @@ +8506,5 @@ > case JSOP_GT: stmt = I32::SGtI32; break; > case JSOP_GE: stmt = I32::SGeI32; break; > default: MOZ_CRASH("unexpected comparison op"); > } > + } else if (lhsType.isUnsigned() && lhsType.isUnsigned()) { The second one should be rhsType instead of lhsType.
Attachment #8637056 -
Flags: review?(jdemooij) → review+
Comment 7•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/9b5d7e71135a
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
You need to log in
before you can comment on or make changes to this bug.
Description
•