Bug 870328

Result mismatch involving eval

RESOLVED FIXED in mozilla23

Get help with this page

Status

()

Product:

▸

Core

Component:

▸

JavaScript Engine

Importance:

critical

Status:

RESOLVED FIXED

Reported:

5 years ago

Modified:

5 years ago

People

(Reporter: gkw, Assigned: jandem)

Tracking

(Blocks: 1 bug, {regression, testcase})

Version:

Trunk

Target:

mozilla23

Platform:

x86_64

Mac OS X

Keywords:

regression, testcase

Points:

---

Blocks:

349611, 690446

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

testcase 5 years ago Gary Kwong [:gkw] [:nth10sd] 1.81 KB, text/plain		Details
Patch 5 years ago Jan de Mooij [:jandem] 1.53 KB, patch	bhackett : review+	Details \| Diff \| Splinter Review

Gary Kwong [:gkw] [:nth10sd]

(Reporter)

Description

•

5 years ago

Created attachment 747380 [details]
testcase

The attached (not-so-reduced) testcase shows the following output on js debug shell on m-c changeset e19d0885977c (https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1368021890/jsshell-mac64.zip) with --no-baseline --ion-parallel-compile=on --thread-count=9 -a --ion-eager:

NestTest mismatch resultO: undefined
resultD:
jsfunfuzz stopping due to finding a bug.
w28-reduced.js:52:5 ReferenceError: assignment to undeclared variable x

Note the unexpected mismatch error.

Without some of the flags, it only shows (expected):

w28-reduced.js:52:5 ReferenceError: assignment to undeclared variable x


autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   131118:39ff12be624b
user:        Jan de Mooij
date:        Tue May 07 16:27:14 2013 +0200
summary:     Bug 690446 - Emit *GNAME ops in non-eval strict-mode code. r=bhackett

Jan de Mooij [:jandem]

(Assignee)

Comment 1

•

5 years ago

Created attachment 747433 [details] [diff] [review]
Patch

The isSetName check in visitSetPropertyCacheT did not include JSOP_SETGNAME. The patch fixes it to match the check in visitSetPropertyCacheV.

(If isSetName is false, the cache does not check for undeclared vars in strict mode.)

Assignee: general → jdemooij

Status: NEW → ASSIGNED

Attachment #747433 - Flags: review?(bhackett1024)

Brian Hackett (:bhackett)

Updated

•

5 years ago

Attachment #747433 - Flags: review?(bhackett1024) → review+

Jan de Mooij [:jandem]

(Assignee)

Comment 2

•

5 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/197a59a83835

David Baron :dbaron: ⌚UTC-7 (away June 18-21)

Comment 3

•

5 years ago

https://hg.mozilla.org/mozilla-central/rev/197a59a83835

Status: ASSIGNED → RESOLVED

Last Resolved: 5 years ago

Resolution: --- → FIXED

Target Milestone: --- → mozilla23

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Result mismatch involving eval

Status

()

People

(Reporter: gkw, Assigned: jandem)

Tracking

(Blocks: 1 bug, {regression, testcase})

Firefox Tracking Flags

(Not tracked)

Details

Security

(public)

User Story

Attachments

(2 attachments)

Description

Comment 1

Updated

Comment 2

Comment 3