Closed Bug 1268955 Opened 8 years ago Closed 8 years ago

Differential Testing: Different output message involving caller

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla49
Tracking Flags:
Tracking Status
firefox49 --- fixed

People

(Reporter: gkw, Assigned: bbouvier)

References

Details

(Keywords: testcase)

Attachments

(1 file)

1268955.patch
5.53 KB, patch
Waldo
: review+
Details | Diff | Splinter Review 
x = eval("\
    \"use strict\";\
    (function(stdlib, foreign, heap) {\
        \"use asm\";\
        function f() {};\
        return f;\
    });\
");
try {
    x["caller"];
    print(x);
} catch (e) {
    print(e);
}


$ ./js-dbg-32-dm-clang-darwin-4292da9df16b --fuzzing-safe --no-threads --ion-eager testcase.js
function (stdlib, foreign, heap) {        "use asm";        function f() {};        return f;    }

$ ./js-dbg-32-dm-clang-darwin-4292da9df16b --fuzzing-safe --no-threads --ion-eager --no-fpu testcase.js
TypeError: 'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them


Tested this on m-c rev 4292da9df16b.

My configure flags are:

LD=ld CROSS_COMPILE=1 CC="clang -Qunused-arguments -msse2 -mfpmath=sse -arch i386" RANLIB=ranlib CXX="clang++ -Qunused-arguments -msse2 -mfpmath=sse -arch i386" AS=$CC AR=ar STRIP="strip -x -S" HOST_CC="clang -Qunused-arguments -msse2 -mfpmath=sse" AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 HOST_CXX="clang++ -Qunused-arguments -msse2 -mfpmath=sse" sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=i386-apple-darwin14.5.0 --disable-jemalloc --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests

python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic --32" -r 4292da9df16b
This has seemed to exist prior to m-c rev dc4b163f7db7 (early Nov 2014). Guessing this might be related to asm.js, so setting needinfo? from :bbouvier as a start.
Flags: needinfo?(bbouvier)
Nice catch, gary! asm.js doesn't respect "use strict" semantics when it comes to calling arguments or caller.
Flags: needinfo?(bbouvier)
Attached patch 1268955.patchSplinter Review 
Waldo, setting you as the reviewer, since you referenced this issue in the comment I'm deleting here.
Assignee: nobody → bbouvier
Status: NEW → ASSIGNED
Attachment #8747654 - Flags: review?(jwalden+bmo)
Comment on attachment 8747654 [details] [diff] [review]
1268955.patch

Review of attachment 8747654 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/asmjs/AsmJS.cpp
@@ +8280,5 @@
> +js::IsAsmJSStrictModeModuleOrFunction(JSFunction* fun)
> +{
> +    if (IsAsmJSModule(fun)) {
> +        return AsmJSModuleToModuleObject(fun)->module().asAsmJS().strict();
> +    }

Don't brace this.

::: js/src/jit-test/tests/asm.js/testSource.js
@@ +398,5 @@
>  
>  })();
> +
> +/* Check strict semantics */
> +(function () {

Please put this in a new test, rather than tacking onto the existing one.

@@ +399,5 @@
>  })();
> +
> +/* Check strict semantics */
> +(function () {
> +    var caught = false;

Declare this at first use much further down.

@@ +412,5 @@
> +            caught = false;
> +            try {
> +                scope[callee][getter];
> +            } catch (e) {
> +                print(e);

Remove the print, and beyond just checking for caught-ness, please do an instanceof TypeError check.

::: js/src/jsfun.cpp
@@ +139,2 @@
>          fun->isBoundFunction())
>      {

This all fits in 99ch now, right?  One-line it.

@@ +220,5 @@
>  static bool
>  CallerRestrictions(JSContext* cx, HandleFunction fun)
>  {
>      // Throw if the function is a builtin (note: this doesn't include asm.js),
> +    // a strict mode function or a bound function.

Over my dead body are you removing the serial comma after "strict mode function".  PUT IT BACK OR ELSE.  :-)

@@ +227,2 @@
>          fun->isBoundFunction())
>      {

One line.
Attachment #8747654 - Flags: review?(jwalden+bmo) → review+
That said, please keep some mention of the bug I noted -- I still have not much confidence in our arguments/caller semantics being correct for all possible pairings of callee/caller.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: