Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 697279 - "Assertion failure: !tc->inStrictMode(),"
: "Assertion failure: !tc->inStrictMode(),"
: assertion, regression, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Mac OS X
: -- critical (vote)
: mozilla11
Assigned To: Tom Schuster [:evilpie]
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: jsfunfuzz 695577
  Show dependency treegraph
Reported: 2011-10-25 15:12 PDT by Gary Kwong [:gkw] [:nth10sd]
Modified: 2012-06-03 10:40 PDT (History)
11 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

stack (7.09 KB, text/plain)
2011-10-25 15:12 PDT, Gary Kwong [:gkw] [:nth10sd]
no flags Details
v1 (1.65 KB, patch)
2011-11-07 14:12 PST, Tom Schuster [:evilpie]
brendan: review+
lukasblakk+bugs: approval‑mozilla‑esr10+
Details | Diff | Splinter Review

Description Gary Kwong [:gkw] [:nth10sd] 2011-10-25 15:12:12 PDT
Created attachment 569518 [details]

Reflect.parse("\"use strict\";*")

asserts js debug shell on m-c changeset f2fa4ae74ee1 without any CLI flags at Assertion failure: !tc->inStrictMode()

Definitely a regression, autoBisect is on it.
Comment 1 Christian Holler (:decoder) 2011-10-25 15:26:48 PDT
I also saw this on LangFuzz because one of the jit-tests is failing with that assertion. I minimized that test and got:

eval("'use strict'; @7");
Comment 2 Gary Kwong [:gkw] [:nth10sd] 2011-10-25 15:27:40 PDT
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   79134:0cff4fe76772
user:        Brendan Eich
date:        Sun Oct 23 22:42:29 2011 -0700
summary:     Ban E4X in ES5 strict mode (bug 695577, r=luke).

This blows up the fuzzers, including decoder's.
Comment 3 Gary Kwong [:gkw] [:nth10sd] 2011-11-04 14:18:25 PDT
> This blows up the fuzzers, including decoder's.

While this bug is on our ignore list, it will prove really really helpful to have this fixed as it shows up on almost every iteration of fuzzing on debug shells, at least on jsfunfuzz.

Can we have this fixed soon, please? (or at least a patch would be nice?)
Comment 4 Tom Schuster [:evilpie] 2011-11-04 14:20:33 PDT
Never really looked into that stuff, but i will take a shot at it.
Comment 5 Tom Schuster [:evilpie] 2011-11-07 14:12:10 PST
Created attachment 572612 [details] [diff] [review]

Maybe this could be done somewhere else, but this fixes it.
Comment 6 Gary Kwong [:gkw] [:nth10sd] 2011-11-07 14:49:44 PST
(In reply to Tom Schuster (evilpie) from comment #5)
> Created attachment 572612 [details] [diff] [review] [diff] [details] [review]
> v1
> Maybe this could be done somewhere else, but this fixes it.

This patch seems to hold up fine after 10 minutes of fuzzing, and it prevents the blowing up of fuzzers.
Comment 7 Brendan Eich [:brendan] 2011-11-14 11:17:10 PST
Comment on attachment 572612 [details] [diff] [review]


Comment 9 Ed Morley [:emorley] 2011-11-14 19:35:01 PST
Comment 10 Gary Kwong [:gkw] [:nth10sd] 2012-03-12 18:46:51 PDT
Nominating for esr10 probably after 10.0.3, this will be nice to have for fuzzing on that branch.

Without the patch a lot of noise is generated - even though we could ignore this assert, due to the simple nature of the testcase, this may mask other asserts.

There have not been regressions on other branches since this patch landed some months ago.
Comment 11 Lukas Blakk [:lsblakk] use ?needinfo 2012-03-20 10:17:51 PDT
Comment on attachment 572612 [details] [diff] [review]

[Triage Comment]
Please go ahead and land, see for details.
Comment 12 Gary Kwong [:gkw] [:nth10sd] 2012-03-20 13:08:57 PDT
Landed on esr10:
Comment 13 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-06-03 10:40:14 PDT
Verified fixed in Firefox 10.0.5esrpre 2012-05-31 js-shell.

Note You need to log in before you can comment on or make changes to this bug.