Self-hosted JavaScript assertion info: "js/src/builtin/intl/CommonFunctions.js:1821: locale after concatenation is a canonicalized language tag"
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox-esr68 | --- | wontfix |
firefox68 | --- | wontfix |
firefox69 | --- | wontfix |
firefox70 | --- | fixed |
People
(Reporter: decoder, Assigned: anba)
References
(Regression)
Details
(5 keywords, Whiteboard: [jsbugmon:update])
Attachments
(1 file)
The following testcase crashes on mozilla-central revision a28a338396c3 (build with --enable-valgrind --enable-gczeal --disable-tests --disable-profiling --enable-debug --enable-optimize, run with --fuzzing-safe --ion-offthread-compile=off):
new Intl.DateTimeFormat(["en-u-hc-h24-nu-arab"]).resolvedOptions()
Backtrace:
received signal SIGSEGV, Segmentation fault.
intrinsic_AssertionFailed (cx=cx@entry=0x7ffff5f23000, argc=<optimized out>, vp=<optimized out>) at js/src/vm/SelfHosting.cpp:459
#0 intrinsic_AssertionFailed (cx=cx@entry=0x7ffff5f23000, argc=<optimized out>, vp=<optimized out>) at js/src/vm/SelfHosting.cpp:459
#1 0x00005555558ea03f in CallJSNative (cx=0x7ffff5f23000, native=native@entry=0x555555b658b0 <intrinsic_AssertionFailed(JSContext*, unsigned int, JS::Value*)>, args=...) at js/src/vm/Interpreter.cpp:448
[...]
#5 0x000055555611eb93 in js::jit::DoCallFallback (cx=<optimized out>, frame=0x7fffffffc330, stub=0x7ffff47b0780, argc=1, vp=0x7fffffffc250, res=...) at js/src/jit/BaselineIC.cpp:3209
#6 0x00000fbb16ef43e3 in ?? ()
#7 0x0000000000000000 in ?? ()
rax 0x555557cd7120 93825033662752
rbx 0x7fffffffbc10 140737488337936
rcx 0x555556bdd259 93825015861849
rdx 0x0 0
rsi 0x7ffff6eeb770 140737336227696
rdi 0x7ffff6eea540 140737336223040
rbp 0x7fffffffbc50 140737488338000
rsp 0x7fffffffbbf0 140737488337904
r8 0x7ffff6eeb770 140737336227696
r9 0x7ffff7fe6cc0 140737354034368
r10 0x58 88
r11 0x7ffff6b927a0 140737332717472
r12 0x1633eda08220 24412285862432
r13 0x7ffff5f23000 140737319677952
r14 0x7fffffffbc88 140737488338056
r15 0x7ffff5f56000 140737319886848
rip 0x555555b6590c <intrinsic_AssertionFailed(JSContext*, unsigned int, JS::Value*)+92>
=> 0x555555b6590c <intrinsic_AssertionFailed(JSContext*, unsigned int, JS::Value*)+92>: movl $0x0,0x0
0x555555b65917 <intrinsic_AssertionFailed(JSContext*, unsigned int, JS::Value*)+103>: ud2
autobisectjs shows this is probably related to the following changeset:
The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/82630420613d
user: André Bargull
date: Thu Apr 04 14:07:14 2019 +0000
summary: Bug 1531091: Append Unicode extensions without values and remove "true" value from keywords. r=jwalden
Andre, is bug 1531091 a likely regressor?
Comment 2•5 years ago
|
||
Assignee | ||
Comment 3•5 years ago
|
||
(In reply to Gary Kwong [:gkw] [:nth10sd] from comment #1)
Andre, is bug 1531091 a likely regressor?
Yes!
Assignee | ||
Comment 4•5 years ago
|
||
Updated•5 years ago
|
Assignee | ||
Comment 5•5 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=66bef5e81dba23f164500b46e329059f78537da2
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b2810baa7a82
Sort "relevantExtensionKeys" to ensure the resolved locale's Unicode extension subtag is canonical. r=jwalden
Comment 7•5 years ago
|
||
bugherder |
Comment 8•5 years ago
|
||
Is there a user impact which justifies backport consideration here or can this fix ride Fx70 to release?
Assignee | ||
Comment 9•5 years ago
|
||
I don't think it's necessary to backport the changes, because the fix only ensures spec-compliance, but otherwise doesn't have any user impact.
Updated•5 years ago
|
Updated•3 years ago
|
Description
•