Closed
Bug 457093
Opened 17 years ago
Closed 17 years ago
toString on js function w/ try catch silently hangs js execution
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: mfenniak-moz, Assigned: crowderbt)
References
Details
(Keywords: regression, testcase, verified1.8.1.18)
Attachments
(2 files, 1 obsolete file)
|
307 bytes,
text/html
|
Details | |
|
934 bytes,
patch
|
brendan
:
review+
dveditz
:
approval1.8.1.18+
|
Details | Diff | Splinter Review |
In attached test case, the "alert" function is never reached in normal execution. It appears that calling toString on the method with a try { } catch (E) {} block stops further JS execution (without a visible exception).
This issue only occurs in Firefox 2.0.0.17; it does not occur in FF 3 or FF 2.0.0.16.
|
||
Comment 1•17 years ago
|
||
Gary, do you have branch ability to bisect and find the regressing cvs commit?
/be
|
||
Updated•17 years ago
|
|
|
||
Comment 2•17 years ago
|
||
Same happens with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17
OS: Windows Server 2003 → All
Hardware: PC → All
|
||
Comment 3•17 years ago
|
||
Ok found the Regression Range:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre)
Gecko/2008080703 BonEcho/2.0.0.17pre -> works with the Testcase
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre)
Gecko/2008080803 BonEcho/2.0.0.17pre -> fails on the Testcase
Bonsai Query for this Timeframe : http://tinyurl.com/4vkc7v
So regression from Bug 437288 ?
Flags: blocking1.8.1.18?
|
||
Comment 4•17 years ago
|
||
if that's the regression range bug 437288 looks like the culprit to me, too. Brian?
Assignee: general → crowder
Blocks: 437288
|
|
||
Comment 5•17 years ago
|
||
Tomcat, many thanks. See bug 437288 comment 16, which cites the bad merge I found by diffing patches (not interdiff, it failed; diff with grep to strip out context jitter).
Brian, could you field this one? Thanks.
/be
No longer blocks: 437288
Summary: tostring on js function w/ try catch silently hangs js execution → toString on js function w/ try catch silently hangs js execution
|
|
||
Updated•17 years ago
|
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.18?
Flags: blocking1.8.1.18+
|
||
Comment 6•17 years ago
|
||
What's the impact of this in terms of broken websites and add-ons?
|
||
Comment 7•17 years ago
|
||
not really a hang but more of script termination with no error in opt.
Assertion failure: newtop <= oldtop, at jsopcode.c:1988
/cvsroot/mozilla/js/tests/js1_5/decompilation/regress-457093-01.js,v <--
regress-457093-01.js
initial revision: 1.1
http://hg.mozilla.org/mozilla-central/rev/2e7f03bc1820
Flags: in-testsuite+
Flags: in-litmus-
|
||
Comment 8•17 years ago
|
||
(In reply to comment #3)
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre)
> Gecko/2008080703 BonEcho/2.0.0.17pre -> works with the Testcase
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre)
> Gecko/2008080803 BonEcho/2.0.0.17pre -> fails on the Testcase
(what a morning to wake up to; I could only hop on to this in the late afternoon local time)
Confirming Tomcat's regression range:
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.17pre) Gecko/20080807 BonEcho/2.0.0.17pre -> works on testcase, dialog shows up.
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.17pre) Gecko/20080808 BonEcho/2.0.0.17pre -> fails on testcase, dialog doesn't show up.
|
Reporter | |
Comment 9•17 years ago
|
||
(In reply to comment #6)
> What's the impact of this in terms of broken websites and add-ons?
This issue and bug 456964 break a web application named Replicon Web TimeSheet, making it unusable with Firefox 2.0.0.17. Web TimeSheet has over 20,000 active users; our support department has received about a dozen tickets regarding FF 2.0.0.17 in the past two days. We only expect support calls to increase as more users apply the software update.
|
Assignee | |
Comment 10•17 years ago
|
||
Attachment #340592 -
Flags: review?(brendan)
|
|
Assignee | |
Comment 11•17 years ago
|
||
Attachment #340592 -
Attachment is obsolete: true
Attachment #340593 -
Flags: review?(brendan)
Attachment #340592 -
Flags: review?(brendan)
|
|
||
Updated•17 years ago
|
Attachment #340593 -
Flags: review?(brendan) → review+
|
|
Assignee | |
Updated•17 years ago
|
Attachment #340593 -
Flags: approval1.8.1.18?
|
|
||
Comment 13•17 years ago
|
||
Comment on attachment 340593 [details] [diff] [review]
Whoops, without junk this time.
Approved for 1.8.1.18, a=dveditz
Attachment #340593 -
Flags: approval1.8.1.18? → approval1.8.1.18+
|
|
Assignee | |
Comment 16•17 years ago
|
||
I might not get to this this weekend, so help is appreciated.
Keywords: checkin-needed
|
|
||
Comment 17•17 years ago
|
||
see also bug 457417
|
|
||
Comment 18•17 years ago
|
||
also js1_5/Regress/regress-252892.js Assertion failure: top != 0 is fixed by this patch.
|
|
||
Comment 19•17 years ago
|
||
also js1_5/Regress/regress-417893.js browser only Assertion failure: top != 0
|
|
||
Comment 20•17 years ago
|
||
also js1_5/decompilation/regress-456964-01.js and e4x/decompilation/regress-355474-01.js Assertion failure: top != 0
|
||
Comment 21•17 years ago
|
||
mozilla/js/src/jsopcode.c 3.89.2.78
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: checkin-needed → fixed1.8.1.18
Resolution: --- → FIXED
|
|
Reporter | |
Comment 25•17 years ago
|
||
Confirmed fixed in FF nightly 2008-09-30-03-mozilla1.8
Status: RESOLVED → VERIFIED
|
|
||
Comment 26•17 years ago
|
||
Also verified with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.18pre) Gecko/20080930 BonEcho/2.0.0.18pre
Keywords: fixed1.8.1.18 → verified1.8.1.18
|
|
||
Comment 27•17 years ago
|
||
all tests pass 1.8.1 opt/debug shell/browser linux/mac/windows.
You need to log in
before you can comment on or make changes to this bug.
Description
•