Closed
Bug 1383591
Opened 7 years ago
Closed 7 years ago
Differential Testing: Different output message involving "use strict"
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox56 | --- | fixed |
People
(Reporter: gkw, Assigned: jandem)
Details
(Keywords: testcase, Whiteboard: [fuzzblocker])
Attachments
(1 file)
5.12 KB,
patch
|
nbp
:
review+
|
Details | Diff | Splinter Review |
(function () { function f(x) { "use strict"; if (x) { Object.seal(this); } this[0] = 1; } for (var y of [1, 0, arguments, 1]) { try { new f(y); } catch (e) { print(e); } } })() $ ./js-dbg-64-dm-linux-5928d905c0bc --fuzzing-safe --no-threads --baseline-eager --no-ion testcase.js TypeError: can't define property 0: Object is not extensible TypeError: can't define property 0: Object is not extensible TypeError: can't define property 0: Object is not extensible $ ./js-dbg-64-dm-linux-5928d905c0bc --fuzzing-safe --no-threads --ion-eager testcase.js TypeError: can't define property 0: Object is not extensible TypeError: can't define property 0: Object is not extensible Tested this on m-c rev 5928d905c0bc. My configure flags are: AR=ar sh /home/ubuntu/trees/mozilla-central/js/src/configure --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic" -r 5928d905c0bc autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/d2f850fe57e1 user: Jan de Mooij date: Fri Oct 28 12:08:29 2016 +0200 summary: Bug 1313064 - Fix SETELEM check in SetObjectElementOperation to check for the strict version too. r=anba Jan, is bug 1313064 a likely regressor? Setting [fuzzblocker] because this seems related to "use strict" and "use strict" differential testing bugs can usually have different causes.
Flags: needinfo?(jdemooij)
Flags: needinfo?(andrebargull)
Reporter | ||
Updated•7 years ago
|
Whiteboard: [fuzzblocker]
Reporter | ||
Comment 1•7 years ago
|
||
Whoops, only meant to ni? Jan for now.
Flags: needinfo?(andrebargull)
Assignee | ||
Comment 2•7 years ago
|
||
The setelem OOL path was using current->mir()->strict() but that doesn't always work for OOL paths of course as current is the last block. This patch sets |current| to nullptr before we generate OOL code, to prevent this kind of bug from happening in the future.
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Flags: needinfo?(jdemooij)
Attachment #8889411 -
Flags: review?(nicolas.b.pierron)
Comment 3•7 years ago
|
||
Comment on attachment 8889411 [details] [diff] [review] Patch Review of attachment 8889411 [details] [diff] [review]: ----------------------------------------------------------------- Good catch!
Attachment #8889411 -
Flags: review?(nicolas.b.pierron) → review+
Pushed by jandemooij@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/2bb6be91be39 Don't use |current| block in OutOfLineStoreElementHole code. r=nbp
Assignee | ||
Comment 5•7 years ago
|
||
The actual bug predates bug 1313064, it's a very old one I think.
No longer blocks: 1313064
Comment 6•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2bb6be91be39
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in
before you can comment on or make changes to this bug.
Description
•