Closed
Bug 611575
Opened 14 years ago
Closed 14 years ago
TM: simple program gives wrong answer
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 596730
Tracking | Status | |
---|---|---|
blocking2.0 | --- | final+ |
People
(Reporter: n.nethercote, Assigned: dvander)
References
Details
(Keywords: regression)
I've reduced this to the following test case: function f(a) { print("pre-splice: " + a); while (a[0] in { 'x': 1 }) { a.splice(0, 1); } print("post-splice: " + a); }; f(["x", "x", "y"]); f(["x", "x", "y"]); f(["x", "x", "y"]); f(["x", "x", "y"]); f(["x", "x", "y"]); Running with -m I get the expected output: [ocean:~/moz/ws1/js/src/tmp] js1d32 -m parser.js pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: y (Copying this from 596730 comment 2.) Running with -j the while loop finishes too early, as the last line printed shows: [ocean:~/moz/ws1/js/src/tmp] js1d32 -j parser.js pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: y pre-splice: x,x,y post-splice: x,y If you change just about anything in the program, the bug goes away. This includes removing the first print() call! hg bisect blames the following changeset: The first bad revision is: changeset: 55739:0aa283c6294f user: David Anderson <danderson@mozilla.com> date: Fri Oct 22 16:27:28 2010 -0700 summary: Trace returning from JSOP_STOP with callDepth=0 (bug 606083, r=billm).
Reporter | ||
Comment 1•14 years ago
|
||
(Apologies for the out-of-order paragraphs in comment 0. Hopefully the gist is clear.)
Updated•14 years ago
|
blocking2.0: --- → ?
Keywords: regression
Assignee | ||
Comment 2•14 years ago
|
||
That bisect result is suspicious; likely it caused something to trace where it would have aborted before. I'll take a look.
Assignee: general → dvander
Status: NEW → ASSIGNED
blocking2.0: ? → final+
Reporter | ||
Comment 3•14 years ago
|
||
That's potentially good news: it makes it more likely that there's a single defect causing both this bug and bug 596730.
Reporter | ||
Comment 4•14 years ago
|
||
(In reply to comment #3) > That's potentially good news: it makes it more likely that there's a single > defect causing both this bug and bug 596730. Turned out that is the case. Marking this as a dup.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•