Closed
Bug 622060
Opened 14 years ago
Closed 14 years ago
jsreftest.html?test=ecma_3/Number/15.7.4.3-02.js | application timed out after 330 seconds with no output
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: philor, Assigned: billm)
References
Details
(Keywords: intermittent-failure, Whiteboard: [test which aborts the suite][fixed-in-tracemonkey])
Attachments
(1 file)
820 bytes,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
Started on the merge from mozilla-central, and so far has been every time (all two of them) on Windows debug. I think Waldo said something about this test earlier today, so he may already know what's up. http://tinderbox.mozilla.org/showlog.cgi?log=TraceMonkey/1293688596.1293691268.1566.gz Rev3 WINNT 6.1 tracemonkey debug test jsreftest on 2010/12/29 21:56:36 s: talos-r3-w7-015 REFTEST TEST-START | file:///c:/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_3/Number/15.7.4.3-02.js ++DOMWINDOW == 29 (125BB918) [serial = 2326] [outer = 046D2118] BUGNUMBER: 446494 STATUS: num.toLocaleString should handle exponents TEST-UNEXPECTED-FAIL | file:///c:/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_3/Number/15.7.4.3-02.js | application timed out after 330 seconds with no output
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment 9•14 years ago
|
||
What I know about it is that it's perma-fail with jstests.py with the JS shell. I don't know anything about browser failures offhand.
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Assignee | ||
Comment 12•14 years ago
|
||
This looks like some sort of buffer overflow in num_toLocaleString. I get Valgrind warnings in Linux.
Assignee: general → wmccloskey
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment hidden (Legacy TBPL/Treeherder Robot) |
Assignee | ||
Comment 15•14 years ago
|
||
This fixes the valgrind issue. I haven't tested it in Windows, but I suspect it's the same problem. In order to make sure this fix is right, here are my assumptions. This is where the problem happens: buflen = digits + (*nint ? strlen(nint + 1) : 0); if (*nint == '.') buflen += decimalLength; I'm assuming that it does strlen(nint+1) because it wants to skip the decimal point, since that length is added on the third line. However, when we run with the input '1e-10', there is no decimal point, so we allocate a buffer that's 1 byte too small. If there's some other reason for doing strlen(nint+1), then my fix is wrong. However, it passes jit-tests and jstests, and it works on the example in bug 614931. As an aside, is there any way we can make this code safer? There are all sorts of places it could go wrong through off-by-one errors and the like. Is there any possibility of using a C++ string object, or would that be too slow?
Attachment #500402 -
Flags: review?(bzbarsky)
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment 17•14 years ago
|
||
Comment on attachment 500402 [details] [diff] [review] fix Yeah, this looks right. Can you add a test?
Attachment #500402 -
Flags: review?(bzbarsky) → review+
Reporter | ||
Comment 18•14 years ago
|
||
But because it is (and remains, I just stopped tbplbot-spamming so you could hear yourselves think) permaorange and stops the run, so we haven't actually run the rest of the jsreftests on debug Windows even once since the merge landed, can you land the fix first, and then think about whether you can add a test?
Severity: normal → blocker
Whiteboard: [orange] → [orange][test which aborts the suite]
Assignee | ||
Comment 19•14 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/e0fc487c23f4 Strangely, this test was already failing on my machine. I couldn't think of any more tests to add. Instead, I added assertions that should fire if we ever try to write beyond the end of the buffer.
Whiteboard: [orange][test which aborts the suite] → [orange][test which aborts the suite][fixed-in-tracemonkey]
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment 21•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/e0fc487c23f4
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Keywords: intermittent-failure
Updated•12 years ago
|
Whiteboard: [orange][test which aborts the suite][fixed-in-tracemonkey] → [test which aborts the suite][fixed-in-tracemonkey]
You need to log in
before you can comment on or make changes to this bug.
Description
•