All users were logged out of Bugzilla on October 13th, 2018

OdinMonkey: Differential Testing: Different output message involving "use asm"

RESOLVED DUPLICATE of bug 1245627

Status

()

--
major
RESOLVED DUPLICATE of bug 1245627
2 years ago
2 years ago

People

(Reporter: gkw, Unassigned)

Tracking

(Blocks: 2 bugs, {testcase})

Trunk
x86_64
All
testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox49 affected)

Details

(Reporter)

Description

2 years ago
f = (function(stdlib, foreign, heap) {
    "use asm";
    var Float32ArrayView = new stdlib.Float32Array(heap);
    var Float64ArrayView = new stdlib.Float64Array(heap);
    function f() {
        Float32ArrayView[0 >> 2] = 0 / 0
        return Float64ArrayView[0 >> 0]
    }
    return f
})(this, {}, new ArrayBuffer(4096));
for (var j = 0; j < 2; ++j) {
    print(f());
}


$ ./js-dbg-64-dm-clang-darwin-d0be57e84807 --fuzzing-safe --no-threads --ion-eager testcase.js
1.058925634e-314
1.058925634e-314

$ ./js-dbg-64-dm-clang-darwin-d0be57e84807 --fuzzing-safe --no-threads --baseline-eager testcase.js
1.058925634e-314
2.1199235295e-314

Tested this on m-c rev d0be57e84807.

My configure flags are:

CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin14.5.0 --disable-jemalloc --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests

python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic" -r d0be57e84807

This seems to have been around since early Nov 2014 (m-c rev dc4b163f7db7), so setting needinfo? from :luke and :bbouvier as a fallback.

I'm on the fence as to whether this should be s-s (ArrayBuffer seems needed above), so setting it pending further analysis.
Flags: needinfo?(luke)
Flags: needinfo?(bbouvier)
Not security-sensitive. Different canonicalization of NaN, it's exactly the same issue as in bug 1245627. Will look into it.
Group: javascript-core-security
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(luke)
Flags: needinfo?(bbouvier)
Resolution: --- → DUPLICATE
Duplicate of bug: 1245627
You need to log in before you can comment on or make changes to this bug.