Closed Bug 465276 Opened 17 years ago Closed 17 years ago

TM: bizarre results for ((1 * (1)) | "")

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9.1b2

People

(Reporter: jruderman, Assigned: gal)

References

Details

(Keywords: testcase, verified1.9.1)

Attachments

(1 file)

patch
1.81 KB, patch
edwsmith
: review+
dvander
: review+
Details | Diff | Splinter Review
e.js: empty = []; out = []; for (var j=0;j<10;++j) { empty[42]; out.push((1 * (1)) | ""); } print(uneval(out)); ./js -j ~/e.js [1, 1, 1965522873, 9, 16, 25, 36, 49, 64, 81]
Why do I need the "empty[42]" part? That's an artifact of how the fuzzer works, rather than something the fuzzer generated :(
Attached patch patchSplinter Review
Assignee: general → gal
Status: NEW → ASSIGNED
Attachment #348523 - Flags: review?(edwsmith)
This is a super evil bug. We can't do CSE across in-trace branch labels. Will push with r=me until someone + or - it.
Attachment #348523 - Flags: review?(danderson)
Attachment #348523 - Flags: review?(danderson) → review+
http://hg.mozilla.org/tracemonkey/rev/55e30117ecee
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
ccing ed and graydon
Attachment #348523 - Flags: review?(edwsmith) → review+
reopening, marking blocking beta2, will close once landed on m-c.
Status: RESOLVED → REOPENED
Flags: blocking1.9.1+
Resolution: FIXED → ---
Target Milestone: --- → mozilla1.9.1b2
Fixed in the merge pushed by vlad on Nov 18 14:11:14 2008 -0800: http://hg.mozilla.org/mozilla-central/rev/e8ed5d4bf531
Status: REOPENED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
Checking in js1_5/extensions/regress-465276.js; /cvsroot/mozilla/js/tests/js1_5/extensions/regress-465276.js,v <-- regress-465276.js initial revision: 1.1
Flags: in-testsuite+
Flags: in-litmus-
v 1.9.1, 1.9.2
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1verified1.9.1
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: