bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Differential Testing: Different output message involving the parser

RESOLVED FIXED in Firefox 52

Status

()

Core
JavaScript Engine: JIT
--
major
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: gkw, Unassigned)

Tracking

(Blocks: 2 bugs, {testcase})

Trunk
mozilla52
x86_64
All
testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox52 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
gczeal(4)
function f3() {}
function f2() {
    s = []
    for (var k = 0; k < 9; ++k) {
        print(f3(uneval(s)))
    }
}
try {
    try {
        (function() {
            function f1() {}
            f2(f1)
        })()
    } catch (e) {}
    try {
        m
    } catch (e) {}
    s = ""
    print(h)
} catch (e) {}
try {
    a
} catch (e) {}
try {
    v(")")
} catch (e) {}
try {
    v = this.o.t()
} catch (e) {}
try {
    print(c)
    let c
} catch (e) {}

$ ./js-dbg-64-dm-clang-darwin-560b2c805bf7 --fuzzing-safe --no-threads --no-baseline --no-ion testcase.js
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined

$ ./js-dbg-64-dm-clang-darwin-560b2c805bf7 --fuzzing-safe --no-threads --ion-eager testcase.js
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined

Tested this on m-c rev 560b2c805bf7.

My configure flags are:

CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin14.5.0 --disable-jemalloc --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests

python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic" -r 560b2c805bf7

Due to skipped revisions, the first bad revision could be any of:

changeset:   https://hg.mozilla.org/mozilla-central/rev/cb6fc6d38f8d
user:        Shu-yu Guo
date:        Thu Aug 25 01:28:47 2016 -0700
summary:     Bug 1263355 - Rewrite the frontend: bindings. (r=jorendorff,Waldo)

changeset:   https://hg.mozilla.org/mozilla-central/rev/18bec78f348e
user:        Shu-yu Guo
date:        Thu Aug 25 01:28:47 2016 -0700
summary:     Bug 1263355 - Report memory metrics for Scopes. (r=njn)

Note that the difference in output involve the number of times "undefined" was printed, i.e. 10x vs 9x

Shu-yu, is bug 1263355 a likely regressor?
Flags: needinfo?(shu)
(Reporter)

Comment 1

2 years ago
Preferably this should also be backported to mozilla-aurora...

Comment 2

2 years ago
Created attachment 8793981 [details] [diff] [review]
Fix scope notes for lexical scopes.

The bug is this: when marking Interpreter frames, JSScript::calculateLiveFixed
is used and dead fixed slots on the frame are set to 'undefined'. The verify
prebarriers zeal setting was triggering Interpreter frames to be marked right
after frame slots were put into TDZ. Since the TDZ opcodes were outside of the
extent of the lexical scope according to scope note, the slot that was just put
into TDZ was considered dead and set to 'undefined'.
Attachment #8793981 - Flags: review?(sphink)

Updated

2 years ago
Flags: needinfo?(shu)
Comment on attachment 8793981 [details] [diff] [review]
Fix scope notes for lexical scopes.

Review of attachment 8793981 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks to patient lessons from shu on IRC, I am finally able to grasp what is going on here.
Attachment #8793981 - Flags: review?(sphink) → review+

Updated

2 years ago
Duplicate of this bug: 1305333

Comment 5

2 years ago
Pushed by shu@rfrn.org:
https://hg.mozilla.org/integration/mozilla-inbound/rev/51e9c4c3a8ee
Fix scope notes for lexical scopes. (r=sfink)

Comment 6

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/51e9c4c3a8ee
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox52: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.