Closed
Bug 1383591
Opened 8 years ago
Closed 8 years ago
Differential Testing: Different output message involving "use strict"
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla56
| Tracking | Status | |
|---|---|---|
| firefox56 | --- | fixed |
People
(Reporter: gkw, Assigned: jandem)
Details
(Keywords: testcase, Whiteboard: [fuzzblocker])
Attachments
(1 file)
|
5.12 KB,
patch
|
nbp
:
review+
|
Details | Diff | Splinter Review |
(function () {
function f(x) {
"use strict";
if (x) {
Object.seal(this);
}
this[0] = 1;
}
for (var y of [1, 0, arguments, 1]) {
try {
new f(y);
} catch (e) {
print(e);
}
}
})()
$ ./js-dbg-64-dm-linux-5928d905c0bc --fuzzing-safe --no-threads --baseline-eager --no-ion testcase.js
TypeError: can't define property 0: Object is not extensible
TypeError: can't define property 0: Object is not extensible
TypeError: can't define property 0: Object is not extensible
$ ./js-dbg-64-dm-linux-5928d905c0bc --fuzzing-safe --no-threads --ion-eager testcase.js
TypeError: can't define property 0: Object is not extensible
TypeError: can't define property 0: Object is not extensible
Tested this on m-c rev 5928d905c0bc.
My configure flags are:
AR=ar sh /home/ubuntu/trees/mozilla-central/js/src/configure --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests
python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic" -r 5928d905c0bc
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/d2f850fe57e1
user: Jan de Mooij
date: Fri Oct 28 12:08:29 2016 +0200
summary: Bug 1313064 - Fix SETELEM check in SetObjectElementOperation to check for the strict version too. r=anba
Jan, is bug 1313064 a likely regressor?
Setting [fuzzblocker] because this seems related to "use strict" and "use strict" differential testing bugs can usually have different causes.
Flags: needinfo?(jdemooij)
Flags: needinfo?(andrebargull)
|
Reporter | |
Updated•8 years ago
|
Whiteboard: [fuzzblocker]
|
|
Reporter | |
Comment 1•8 years ago
|
||
Whoops, only meant to ni? Jan for now.
Flags: needinfo?(andrebargull)
|
Assignee | |
Comment 2•8 years ago
|
||
The setelem OOL path was using current->mir()->strict() but that doesn't always work for OOL paths of course as current is the last block.
This patch sets |current| to nullptr before we generate OOL code, to prevent this kind of bug from happening in the future.
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Flags: needinfo?(jdemooij)
Attachment #8889411 -
Flags: review?(nicolas.b.pierron)
|
||
Comment 3•8 years ago
|
||
Comment on attachment 8889411 [details] [diff] [review]
Patch
Review of attachment 8889411 [details] [diff] [review]:
-----------------------------------------------------------------
Good catch!
Attachment #8889411 -
Flags: review?(nicolas.b.pierron) → review+
Pushed by jandemooij@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/2bb6be91be39
Don't use |current| block in OutOfLineStoreElementHole code. r=nbp
|
|
Assignee | |
Comment 5•8 years ago
|
||
The actual bug predates bug 1313064, it's a very old one I think.
No longer blocks: 1313064
|
||
Comment 6•8 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in
before you can comment on or make changes to this bug.
Description
•