Closed
Bug 748568
Opened 12 years ago
Closed 12 years ago
JS Correctness: Different output without -d and with -d
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: regression, testcase, Whiteboard: js-triage-needed)
(function() { print(arguments[QName("constructor")]) })() displays different output in a 32-bit js debug shell on m-c changeset b9936b8bcccf with and without -d. Without -d: undefined With -d: function Object() { [native code] } autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 91358:fa24b215d49e user: Luke Wagner date: Mon Apr 02 08:58:30 2012 -0700 summary: Bug 740446 - make 'arguments' more like a normal local binding (r=bhackett)
Comment 1•12 years ago
|
||
This is an e4x caused by QName. I looked into to see that there is no memory corruption, just subtly different paths taken when coercing a value to an id: The non -d path optimizes away 'arguments' and thereby executes NormalArgumentsObject::optimizedGetElem which uses ValueToId. The -d path goes through the standard GetObjectElementOperation path which takes a different, more convoluted route that ends up turning the QName into the string "constructor". Fixing this will add complexity to NormalArgumentsObject::optimizedGetElem, so I'd rather not. To ignore these in the future, just don't generate QName when fuzzing for divergent behavior.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•