User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Build Identifier: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Result of expression is allways '1' ('element' is checkbox):
tarr[tidx] = element.checked == true ? '1' : '0';
however, if-else construction works well:
if(element.checked == true)
tarr[tidx] = '1';
tarr[tidx] = '0';
Firefox/3.6.3 works with both constructions well.
Can you write a complete minimal testcase? I tried this with:
var bar = document.getElementById('foo').checked == true ? '1' : '0';
and it works correctly.
This is not a security-sensitive issue, so please don't abuse that flag.
Heck, a testcase of any sort, even nonminimal, would be useful. I also can't reproduce this problem.
Closing. ms, please reopen if you can post a test-case that shows the problem. Thanks!
Created attachment 534695 [details]
Created attachment 534696 [details]
Testcase and screen outputs added. Change of any checkbox outputs current status of all checkboxes. Each additional change shows incorect checkboxes status.
Thanks ms! This is a bug in JM, introduced in FF4.
Created attachment 534736 [details] [diff] [review]
The syncAndForgetEverything in emitStubCmp could clobber Registers::ReturnReg. This also fixes a similar problem in jsop_relational_double.
The TI-branch does not have this problem because it does not sync between the stub call and the branch. Do we want to wait for the TI merge or land this in the meantime? Maybe for FF 6?
This looks safe and important enough that I'd take it for FF5 beta if reviews are completed promptly.
Comment on attachment 534736 [details] [diff] [review]
I don't have level 3 commit access, so I'll need somebody to push this to mozilla-aurora and mozilla-beta (if it's green on the TM tinderbox).
Created attachment 535068 [details] [diff] [review]
This is the patch that landed on TM (I added "and jsop_relational_double" to the commit message).
Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0
I verified this issue and it looks as being fixed, but the status of this bug is Assigned. Shouldn't the status be: Resolved Fixed?
It's waiting for a merge from the tracemonkey repository to the mainline mozilla-central repository before it's marked fixed. The bug status refers to the status on the trunk, the branches have their own status-firefoxN flags (which are correctly set to fixed).
It looks like this is on m-c and has been for a while. Is there a reason the bot didn't mark this fixed?
There were a few times I marked it by the tbpl log on the merge push and it seems like that misses some things.
Mozilla/5.0 (Windows NT 6.1; rv:8.0a1) Gecko/20110711 Firefox/8.0a1
Verified issue using the test case from Comment 4 on Windows 7.
Setting resolution to VERIFIED FIXED.