Closed Bug 651978 Opened 14 years ago Closed 14 years ago

TI+JM: incorrect result with array length

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jandem, Unassigned)

References

Details

-- function f() { for (var i=0; i<20; i++) { } var arr = [{}, null]; var len = arr.length; arr[undefined] = 123; assertEq(len, 2); } f(); -- $ ./js -n -m test.js test.js:7: Error: Assertion failed: got (void 0), expected 2 I thought this was related to array length hoisting but was able to reduce it further. After recompiling for the setelem, |len| is restored. The type register has |undefined| tag instead of int32, probably because it was not synced.
Same issue as bug 651627, we expected the type tag for arr/len to have been synced at script entry, which the interpreter didn't do. Fixed by rev 90a7b141e0cf.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.