Closed
Bug 611575
Opened 15 years ago
Closed 15 years ago
TM: simple program gives wrong answer
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 596730
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: n.nethercote, Assigned: dvander)
References
Details
(Keywords: regression)
I've reduced this to the following test case:
function f(a) {
print("pre-splice: " + a);
while (a[0] in { 'x': 1 }) {
a.splice(0, 1);
}
print("post-splice: " + a);
};
f(["x", "x", "y"]);
f(["x", "x", "y"]);
f(["x", "x", "y"]);
f(["x", "x", "y"]);
f(["x", "x", "y"]);
Running with -m I get the expected output:
[ocean:~/moz/ws1/js/src/tmp] js1d32 -m parser.js
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: y
(Copying this from 596730 comment 2.)
Running with -j the while loop finishes too early, as the last line printed
shows:
[ocean:~/moz/ws1/js/src/tmp] js1d32 -j parser.js
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: y
pre-splice: x,x,y
post-splice: x,y
If you change just about anything in the program, the bug goes away. This
includes removing the first print() call!
hg bisect blames the following changeset:
The first bad revision is:
changeset: 55739:0aa283c6294f
user: David Anderson <danderson@mozilla.com>
date: Fri Oct 22 16:27:28 2010 -0700
summary: Trace returning from JSOP_STOP with callDepth=0 (bug 606083,
r=billm).
|
Reporter | |
Comment 1•15 years ago
|
||
(Apologies for the out-of-order paragraphs in comment 0. Hopefully the gist is clear.)
|
|
||
Updated•15 years ago
|
blocking2.0: --- → ?
Keywords: regression
|
|
Assignee | |
Comment 2•15 years ago
|
||
That bisect result is suspicious; likely it caused something to trace where it would have aborted before. I'll take a look.
Assignee: general → dvander
Status: NEW → ASSIGNED
blocking2.0: ? → final+
|
|
Reporter | |
Comment 3•15 years ago
|
||
That's potentially good news: it makes it more likely that there's a single defect causing both this bug and bug 596730.
|
|
Reporter | |
Comment 4•15 years ago
|
||
(In reply to comment #3)
> That's potentially good news: it makes it more likely that there's a single
> defect causing both this bug and bug 596730.
Turned out that is the case. Marking this as a dup.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•