Closed Bug 1273267 Opened 4 years ago Closed 4 years ago

OdinMonkey: Differential Testing: Different output message involving "use asm"

Categories

(Core :: JavaScript Engine: JIT, defect, major)

x86_64
All
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 1245627
Tracking Status
firefox49 --- affected

People

(Reporter: gkw, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: testcase)

f = (function(stdlib, foreign, heap) {
    "use asm";
    var Float32ArrayView = new stdlib.Float32Array(heap);
    var Float64ArrayView = new stdlib.Float64Array(heap);
    function f() {
        Float32ArrayView[0 >> 2] = 0 / 0
        return Float64ArrayView[0 >> 0]
    }
    return f
})(this, {}, new ArrayBuffer(4096));
for (var j = 0; j < 2; ++j) {
    print(f());
}


$ ./js-dbg-64-dm-clang-darwin-d0be57e84807 --fuzzing-safe --no-threads --ion-eager testcase.js
1.058925634e-314
1.058925634e-314

$ ./js-dbg-64-dm-clang-darwin-d0be57e84807 --fuzzing-safe --no-threads --baseline-eager testcase.js
1.058925634e-314
2.1199235295e-314

Tested this on m-c rev d0be57e84807.

My configure flags are:

CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin14.5.0 --disable-jemalloc --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests

python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic" -r d0be57e84807

This seems to have been around since early Nov 2014 (m-c rev dc4b163f7db7), so setting needinfo? from :luke and :bbouvier as a fallback.

I'm on the fence as to whether this should be s-s (ArrayBuffer seems needed above), so setting it pending further analysis.
Flags: needinfo?(luke)
Flags: needinfo?(bbouvier)
Not security-sensitive. Different canonicalization of NaN, it's exactly the same issue as in bug 1245627. Will look into it.
Group: javascript-core-security
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(luke)
Flags: needinfo?(bbouvier)
Resolution: --- → DUPLICATE
Duplicate of bug: 1245627
You need to log in before you can comment on or make changes to this bug.