Closed
Bug 483630
Opened 16 years ago
Closed 13 years ago
JS parser behaves differently on Mac and Linux
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jimb, Unassigned)
Details
In changeset 95f3b4659cb2, on Mac we see:
$ ./js-dbg-tm-intelmac -j
js> (function (){ for (var y in this) {} })();
js> [''.watch("", function(){}) for each (x in ['', '', eval, '', '']) if
(x)].map(Function)
Assertion failure: count <= (size_t) (fp->regs->sp - StackBase(fp) - depth), at ../jsobj.cpp:2409
Trace/BPT trap
$
while on Linux we see:
frida:src$ obj~/js
js> (function (){ for (var y in this) {} })();
js> [''.watch("", function(){}) for each (x in ['', '', eval, '', '']) if
(x)].map(Function)
typein:3: SyntaxError: malformed formal parameter
js>
|
||
Comment 1•16 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=479351#c0 is another example where a hang occurred in Linux but not in Mac.
|
||
Comment 2•16 years ago
|
||
Was the JIT off intentionally during the Linux test?
|
Reporter | |
Comment 3•16 years ago
|
||
No, but the results are the same:
frida:src$ obj~/js -j
js> (function (){ for (var y in this) {} })();
js> [''.watch("", function(){}) for each (x in ['', '', eval, '', '']) if
(x)].map(Function)
typein:3: SyntaxError: malformed formal parameter
js>
|
|
||
Comment 4•16 years ago
|
||
(In reply to comment #3)
> No, but the results are the same:
>
> frida:src$ obj~/js -j
> js> (function (){ for (var y in this) {} })();
> js> [''.watch("", function(){}) for each (x in ['', '', eval, '', '']) if
> (x)].map(Function)
> typein:3: SyntaxError: malformed formal parameter
> js>
Nope, I beg to differ - 32-bit Ubuntu Linux shows the assertion with that changeset with -j on.
$ ./js-dbg-tm-intelmac
js> (function (){ for (var y in this) {} })();
js> [''.watch("", function(){}) for each (x in ['', '', eval, '', '']) if(x)].map(Function)
typein:2: SyntaxError: malformed formal parameter
js>
$ ./js-dbg-tm-intelmac -j
js> (function (){ for (var y in this) {} })();
js> [''.watch("", function(){}) for each (x in ['', '', eval, '', '']) if(x)].map(Function)
Assertion failure: count <= (size_t) (fp->regs->sp - StackBase(fp) - depth), at ../jsobj.cpp:2409
Trace/breakpoint trap (core dumped)
$ hg identify
95f3b4659cb2
|
|
||
Comment 5•16 years ago
|
||
I've sent a js shell executable and core dump to Jim, we'll probably cast this aside till blockers for 3.5 are done.
|
|
Reporter | |
Comment 6•16 years ago
|
||
I can reproduce now. Sorry for the fuss:
$ hg identify
95f3b4659cb2
$ grep 'running' obj~/config.status
echo "running ${CONFIG_SHELL-/bin/sh} ../configure '--enable-debug=-g3 -O0' --disable-optimize --no-create --no-recursion"
$ obj~/js
js> (function (){ for (var y in this) {} })();
js> [''.watch("", function(){}) for each (x in ['', '', eval, '', ''])
if(x)].map(Function)
typein:3: SyntaxError: malformed formal parameter
js>
$ obj~/js -j
js> (function (){ for (var y in this) {} })();
js> [''.watch("", function(){}) for each (x in ['', '', eval, '', ''])
if(x)].map(Function)
Assertion failure: count <= (size_t) (fp->regs->sp - StackBase(fp) - depth), at ../jsobj.cpp:2409
Trace/breakpoint trap (core dumped)
$ c++ --version
c++ (GCC) 4.4.0 20090319 (experimental)
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ uname -a
Linux frida 2.6.27-14-generic #1 SMP Fri Mar 13 18:00:20 UTC 2009 i686 GNU/Linux
$ cat /etc/issue
Ubuntu 8.10 \n \l
$
|
||
Comment 7•14 years ago
|
||
Jim, can you reproduce with methodjit?
|
|
||
Comment 8•13 years ago
|
||
The tracer has been removed.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•