Last Comment Bug 654536 - TI+JM: incorrect result with function.call
: TI+JM: incorrect result with function.call
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Jan de Mooij [:jandem] (PTO until July 31)
:
Mentors:
Depends on:
Blocks: infer-regress
  Show dependency treegraph
 
Reported: 2011-05-03 12:44 PDT by Jan de Mooij [:jandem] (PTO until July 31)
Modified: 2011-05-05 12:52 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch (1.51 KB, patch)
2011-05-05 11:08 PDT, Jan de Mooij [:jandem] (PTO until July 31)
bhackett1024: review+
Details | Diff | Splinter Review

Description Jan de Mooij [:jandem] (PTO until July 31) 2011-05-03 12:44:32 PDT
--
function f() {
    var x = Object.prototype.hasOwnProperty.call(1);
    assertEq(x, false);
    isNaN(2);
}
f();
--
$ ./js -n -m -a test.js
test.js:3: Error: Assertion failed: got function call() {[native code]}, expected false

Revision 3147f81224c8, 32-bit OS X.
Comment 1 Jan de Mooij [:jandem] (PTO until July 31) 2011-05-05 11:08:06 PDT
Created attachment 530373 [details] [diff] [review]
Patch

The hasOwnProperty.call(1) triggers recompilation of f (initialization of Number). We need to use the special rejoin path also for ic::NativeCall to load the return value correctly in case of lowered call/apply and a native function.
Comment 2 Brian Hackett (:bhackett) 2011-05-05 11:34:36 PDT
Comment on attachment 530373 [details] [diff] [review]
Patch

I think that NativeCall/New need to have the same ABI as Call/New: return the code pointer to jump to or NULL (in this case, always NULL), so after the rejoin we don't interpret the maybe random value of eax as the return code pointer.  r+ with that fixed.
Comment 3 Brian Hackett (:bhackett) 2011-05-05 11:37:43 PDT
Comment on attachment 530373 [details] [diff] [review]
Patch

I think that NativeCall/New need to have the same ABI as Call/New: return the code pointer to jump to or NULL (in this case, always NULL), so after the rejoin we don't interpret the maybe random value of eax as the return code pointer.  r+ with that fixed.
Comment 4 Brian Hackett (:bhackett) 2011-05-05 11:38:14 PDT
Comment on attachment 530373 [details] [diff] [review]
Patch

I think that NativeCall/New need to have the same ABI as Call/New: return the code pointer to jump to or NULL (in this case, always NULL), so after the rejoin we don't interpret the maybe random value of eax as the return code pointer.  r+ with that fixed.
Comment 5 Brian Hackett (:bhackett) 2011-05-05 11:38:26 PDT
Comment on attachment 530373 [details] [diff] [review]
Patch

I think that NativeCall/New need to have the same ABI as Call/New: return the code pointer to jump to or NULL (in this case, always NULL), so after the rejoin we don't interpret the maybe random value of eax as the return code pointer.  r+ with that fixed.
Comment 6 Brian Hackett (:bhackett) 2011-05-05 11:39:14 PDT
Hilarious.
Comment 7 Jan de Mooij [:jandem] (PTO until July 31) 2011-05-05 12:52:36 PDT
Oops that was embarrassing, shouldn't submit patches when I'm in a hurry.

http://hg.mozilla.org/projects/jaegermonkey/rev/8436c7bca2e9

Note You need to log in before you can comment on or make changes to this bug.