Closed
Bug 451721
Opened 16 years ago
Closed 16 years ago
TM: js1_5/extensions/regress-424942.js FAIL
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: bc, Assigned: igor)
References
Details
(Keywords: regression, testcase)
occurs in mozilla-central, tracemonkey with or without jit enabled. js1_5/extensions/regress-424942.js ./js1_5/extensions/regress-424942.js:102: InternalError: script too large
Flags: in-testsuite+
Flags: in-litmus-
Reporter | ||
Updated•16 years ago
|
Summary: js1_5/extensions/regress-424942.js FAIL → TM: js1_5/extensions/regress-424942.js FAIL
Comment 1•16 years ago
|
||
Can we retest this? Doesn't look like a jit bug too me.
Reporter | ||
Comment 2•16 years ago
|
||
Bug 445262 cause this.
Assignee | ||
Updated•16 years ago
|
Assignee: general → igor
Assignee | ||
Comment 3•16 years ago
|
||
This is a regression from the bug 447762. As a result of var/local merge the 64K limit is imposed on the number of variables plus the stack depth, not just the number of variables. Since the test case creates a function with 2**16-1 variables and 2 stack slots, it fails during the compilation. So for the fix I suggest to change the following lines in the test case: print('testing (1<<16) - 1') testoverflow((1<<16) - 1); print('done testing (1<<16) - 1'); into something like: // we use 2**16-3, not 2**16-1, as 64K is the limit for the number // of variables in a function plus the stack depth and the function // uses 2 stack slots. print('testing (1<<16) - 3') testoverflow((1<<16) - 3); print('done testing (1<<16) - 3'); Such change would not affect the test coverage as any number beyond 32K would expose the original problem reported in the bug 447762. To Bob Clary: would you update the test case in the bug 447762?
Reporter | ||
Updated•16 years ago
|
Group: core-security
Reporter | ||
Comment 4•16 years ago
|
||
dveditz, I screwed up and have been discussing a security sensitive bug in public. Not sure of the implications, but we should assume someone has enough information to replicate. test updated in attachment to bug 424942
Assignee | ||
Comment 5•16 years ago
|
||
I guess I am the biggest contributer to the screwup. Sorry about that.
Assignee | ||
Comment 6•16 years ago
|
||
fixed via updating the test case
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 7•16 years ago
|
||
verified fixed mozilla-central, tracemonkey but not a product issue - only test.
Status: RESOLVED → VERIFIED
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•