Closed Bug 870328 Opened 8 years ago Closed 8 years ago

Result mismatch involving eval

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla23

People

(Reporter: gkw, Assigned: jandem)

References

Details

(Keywords: regression, testcase)

Attachments

(2 files)

testcase
1.81 KB, text/plain
Details
Patch
1.53 KB, patch
bhackett1024
: review+
Details | Diff | Splinter Review
Attached file testcase 
The attached (not-so-reduced) testcase shows the following output on js debug shell on m-c changeset e19d0885977c (https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1368021890/jsshell-mac64.zip) with --no-baseline --ion-parallel-compile=on --thread-count=9 -a --ion-eager:

NestTest mismatch resultO: undefined
resultD:
jsfunfuzz stopping due to finding a bug.
w28-reduced.js:52:5 ReferenceError: assignment to undeclared variable x

Note the unexpected mismatch error.

Without some of the flags, it only shows (expected):

w28-reduced.js:52:5 ReferenceError: assignment to undeclared variable x


autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   131118:39ff12be624b
user:        Jan de Mooij
date:        Tue May 07 16:27:14 2013 +0200
summary:     Bug 690446 - Emit *GNAME ops in non-eval strict-mode code. r=bhackett
Attached patch PatchSplinter Review 
The isSetName check in visitSetPropertyCacheT did not include JSOP_SETGNAME. The patch fixes it to match the check in visitSetPropertyCacheV.

(If isSetName is false, the cache does not check for undeclared vars in strict mode.)
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Attachment #747433 - Flags: review?(bhackett1024)
Attachment #747433 - Flags: review?(bhackett1024) → review+
https://hg.mozilla.org/mozilla-central/rev/197a59a83835
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
You need to log in before you can comment on or make changes to this bug.