Closed
Bug 457093
Opened 12 years ago
Closed 12 years ago
toString on js function w/ try catch silently hangs js execution
Categories
(Core :: JavaScript Engine, defect)
Not set
Tracking
()
VERIFIED
FIXED
People
(Reporter: mfenniak-moz, Assigned: crowderbt)
References
Details
(Keywords: regression, testcase, verified1.8.1.18)
Attachments
(2 files, 1 obsolete file)
|
307 bytes,
text/html
|
Details | |
|
934 bytes,
patch
|
brendan
:
review+
dveditz
:
approval1.8.1.18+
|
Details | Diff | Splinter Review |
In attached test case, the "alert" function is never reached in normal execution. It appears that calling toString on the method with a try { } catch (E) {} block stops further JS execution (without a visible exception).
This issue only occurs in Firefox 2.0.0.17; it does not occur in FF 3 or FF 2.0.0.16.
|
||
Comment 1•12 years ago
|
||
Gary, do you have branch ability to bisect and find the regressing cvs commit? /be
|
||
Updated•12 years ago
|
|
|
||
Comment 2•12 years ago
|
||
Same happens with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17
OS: Windows Server 2003 → All
Hardware: PC → All
|
||
Comment 3•12 years ago
|
||
Ok found the Regression Range: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre) Gecko/2008080703 BonEcho/2.0.0.17pre -> works with the Testcase Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre) Gecko/2008080803 BonEcho/2.0.0.17pre -> fails on the Testcase Bonsai Query for this Timeframe : http://tinyurl.com/4vkc7v So regression from Bug 437288 ?
Flags: blocking1.8.1.18?
|
||
Comment 4•12 years ago
|
||
if that's the regression range bug 437288 looks like the culprit to me, too. Brian?
Assignee: general → crowder
Blocks: 437288
|
|
||
Comment 5•12 years ago
|
||
Tomcat, many thanks. See bug 437288 comment 16, which cites the bad merge I found by diffing patches (not interdiff, it failed; diff with grep to strip out context jitter). Brian, could you field this one? Thanks. /be
No longer blocks: 437288
Summary: tostring on js function w/ try catch silently hangs js execution → toString on js function w/ try catch silently hangs js execution
|
|
||
Updated•12 years ago
|
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.18?
Flags: blocking1.8.1.18+
|
||
Comment 6•12 years ago
|
||
What's the impact of this in terms of broken websites and add-ons?
|
||
Comment 7•12 years ago
|
||
not really a hang but more of script termination with no error in opt. Assertion failure: newtop <= oldtop, at jsopcode.c:1988 /cvsroot/mozilla/js/tests/js1_5/decompilation/regress-457093-01.js,v <-- regress-457093-01.js initial revision: 1.1 http://hg.mozilla.org/mozilla-central/rev/2e7f03bc1820
Flags: in-testsuite+
Flags: in-litmus-
|
||
Comment 8•12 years ago
|
||
(In reply to comment #3) > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre) > Gecko/2008080703 BonEcho/2.0.0.17pre -> works with the Testcase > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre) > Gecko/2008080803 BonEcho/2.0.0.17pre -> fails on the Testcase (what a morning to wake up to; I could only hop on to this in the late afternoon local time) Confirming Tomcat's regression range: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.17pre) Gecko/20080807 BonEcho/2.0.0.17pre -> works on testcase, dialog shows up. Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.17pre) Gecko/20080808 BonEcho/2.0.0.17pre -> fails on testcase, dialog doesn't show up.
|
Reporter | |
Comment 9•12 years ago
|
||
(In reply to comment #6) > What's the impact of this in terms of broken websites and add-ons? This issue and bug 456964 break a web application named Replicon Web TimeSheet, making it unusable with Firefox 2.0.0.17. Web TimeSheet has over 20,000 active users; our support department has received about a dozen tickets regarding FF 2.0.0.17 in the past two days. We only expect support calls to increase as more users apply the software update.
|
Assignee | |
Comment 10•12 years ago
|
||
Attachment #340592 -
Flags: review?(brendan)
|
|
Assignee | |
Comment 11•12 years ago
|
||
Attachment #340592 -
Attachment is obsolete: true
Attachment #340593 -
Flags: review?(brendan)
Attachment #340592 -
Flags: review?(brendan)
|
|
||
Updated•12 years ago
|
Attachment #340593 -
Flags: review?(brendan) → review+
|
|
Assignee | |
Updated•12 years ago
|
Attachment #340593 -
Flags: approval1.8.1.18?
|
|
||
Comment 13•12 years ago
|
||
Comment on attachment 340593 [details] [diff] [review] Whoops, without junk this time. Approved for 1.8.1.18, a=dveditz
Attachment #340593 -
Flags: approval1.8.1.18? → approval1.8.1.18+
|
|
Assignee | |
Comment 16•12 years ago
|
||
I might not get to this this weekend, so help is appreciated.
Keywords: checkin-needed
|
|
||
Comment 17•12 years ago
|
||
see also bug 457417
|
|
||
Comment 18•12 years ago
|
||
also js1_5/Regress/regress-252892.js Assertion failure: top != 0 is fixed by this patch.
|
|
||
Comment 19•12 years ago
|
||
also js1_5/Regress/regress-417893.js browser only Assertion failure: top != 0
|
|
||
Comment 20•12 years ago
|
||
also js1_5/decompilation/regress-456964-01.js and e4x/decompilation/regress-355474-01.js Assertion failure: top != 0
|
||
Comment 21•12 years ago
|
||
mozilla/js/src/jsopcode.c 3.89.2.78
Status: NEW → RESOLVED
Closed: 12 years ago
Keywords: checkin-needed → fixed1.8.1.18
Resolution: --- → FIXED
|
|
Reporter | |
Comment 25•12 years ago
|
||
Confirmed fixed in FF nightly 2008-09-30-03-mozilla1.8
Status: RESOLVED → VERIFIED
Also verified with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.18pre) Gecko/20080930 BonEcho/2.0.0.18pre
Keywords: fixed1.8.1.18 → verified1.8.1.18
|
|
||
Comment 27•12 years ago
|
||
all tests pass 1.8.1 opt/debug shell/browser linux/mac/windows.
You need to log in
before you can comment on or make changes to this bug.
Description
•