Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 656748 - TI+JM: incorrect result with x++, -0
: TI+JM: incorrect result with x++, -0
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: infer-regress
  Show dependency treegraph
Reported: 2011-05-12 13:58 PDT by Jan de Mooij [:jandem]
Modified: 2011-05-14 10:58 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Jan de Mooij [:jandem] 2011-05-12 13:58:47 PDT
function f() {
    var x = -0;
    if (3 > 2) {};
    var y = x + 2.14;
    assertEq(y, 3.14);
$ ./js -n -a -m test.js
test.js:6: Error: Assertion failed: got 1, expected 3.14

Revision 09461ee64436, 32-bit OS X.
Comment 1 Brian Hackett (:bhackett) 2011-05-14 10:58:38 PDT
There is an invariant in place that for locals and args which have been inferred as doubles, the representation used by the FrameState is also a double.  We were checking this after SETLOCAL and SETARG, but not other ops which write to locals and args (thought that an INCLOCAL etc. applied to a double would end up with a double entry, which this example disproves).  The fix centralizes this logic into updateVarType (existing function used to track the current inferred types for each variable).

Note You need to log in before you can comment on or make changes to this bug.