Closed
Bug 1250863
Opened 8 years ago
Closed 8 years ago
Differential Testing: Different output message involving .findScripts
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
INVALID
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | affected |
People
(Reporter: gkw, Unassigned)
Details
(Keywords: regression, testcase)
// jsfunfuzz-generated
setGCCallback({
action: "majorGC",
});
// Adapted from randomly chosen test: js/src/jit-test/tests/debug/bug-826669.js
gczeal(9, 2);
var g1 = newGlobal();
var dbg = new Debugger();
var g1w = dbg.addDebuggee(g1);
g1.eval('function f() {}');
print(dbg.findScripts({}));
$ ./js-dbg-64-dm-clang-darwin-a9e33d8c48b5 --fuzzing-safe --no-threads --ion-eager testcase.js
[object Script],[object Script],[object Script]
$ ./js-dbg-64-dm-clang-darwin-a9e33d8c48b5 --fuzzing-safe --no-threads --no-baseline --no-ion testcase.js
[object Script],[object Script]
Tested this on m-c rev a9e33d8c48b5.
My configure flags are:
CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin14.5.0 --disable-jemalloc --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests
python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic" -r a9e33d8c48b5
Due to skipped revisions, the first bad revision could be any of:
changeset: https://hg.mozilla.org/mozilla-central/rev/3bcc3881b95d
user: Shu-yu Guo
date: Tue Oct 06 14:00:28 2015 -0700
summary: Bug 589199 - Make a global lexical scope and hook it up to JS entry points. (r=efaust)
changeset: https://hg.mozilla.org/mozilla-central/rev/b9f647fe2d10
user: Shu-yu Guo
date: Tue Oct 06 14:00:29 2015 -0700
summary: Bug 589199 - Parse and emit bytecode for global lexicals. (r=efaust)
changeset: https://hg.mozilla.org/mozilla-central/rev/b2d8f1cd3afc
user: Shu-yu Guo
date: Tue Oct 06 14:00:29 2015 -0700
summary: Bug 589199 - Support global lexicals in the interpreter. (r=efaust)
changeset: https://hg.mozilla.org/mozilla-central/rev/6e4a8943d496
user: Shu-yu Guo
date: Tue Oct 06 14:00:29 2015 -0700
summary: Bug 589199 - Support global lexicals in Baseline. (r=jandem)
changeset: https://hg.mozilla.org/mozilla-central/rev/26fc971a24c4
user: Shu-yu Guo
date: Tue Oct 06 14:00:29 2015 -0700
summary: Bug 589199 - Support global lexicals in Ion. (r=jandem)
changeset: https://hg.mozilla.org/mozilla-central/rev/3228ac384c92
user: Shu-yu Guo
date: Tue Oct 06 14:00:29 2015 -0700
summary: Bug 589199 - Fix eval static scope to play with the global lexical scope. (r=efaust)
changeset: https://hg.mozilla.org/mozilla-central/rev/04eb8f524122
user: Shu-yu Guo
date: Tue Oct 06 14:00:29 2015 -0700
summary: Bug 589199 - Fix up the global lexical scope when merging off-thread compiled scripts. (r=bhackett)
changeset: https://hg.mozilla.org/mozilla-central/rev/c609df6d3895
user: Shu-yu Guo
date: Tue Oct 06 14:00:29 2015 -0700
summary: Bug 1202902 - Support non-syntactic extensible lexical scopes. (r=billm)
Shu-yu, is bug 589199 or bug 1202902 a likely regressor?Flags: needinfo?(shu)
|
||
Comment 1•8 years ago
|
||
This is not a bug but findScripts exposing GC behavior.
Sometimes the eval script from |g1.eval('function f() {}')| is GCed, sometimes it isn't. I'd blacklist findScripts from differential fuzzing.Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(shu)
Resolution: --- → INVALID
|
Reporter | |
Comment 2•8 years ago
|
||
Blacklisting of ".findScripts" done in: https://github.com/MozillaSecurity/funfuzz/commit/669fb6cb83c870cb9ea7495bb146a683304cd5bb Thanks!
Summary: Differential Testing: Different output message involving majorGC → Differential Testing: Different output message involving .findScripts
You need to log in
before you can comment on or make changes to this bug.
Description
•