Closed
Bug 998709
Opened 10 years ago
Closed 10 years ago
Differential Testing: Different output message involving __proto__
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 998059
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: regression, testcase)
x = Uint16Array() x.__proto__ = [0] for (var m = 0; m < 2; m++) { print(x.length) } $ ./js-opt-64-dm-ts-darwin-582b2d81ebe1 --fuzzing-safe --ion-parallel-compile=off testcase.js 1 1 $ ./js-opt-64-dm-ts-darwin-582b2d81ebe1 --fuzzing-safe --ion-parallel-compile=off --ion-eager testcase.js 1 0 (Tested this on 64-bit Mac js opt threadsafe deterministic shell off m-c rev 582b2d81ebe1) My configure flags (Mac) are: CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --enable-optimize --disable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --disable-tests --enable-more-deterministic --with-ccache --enable-threadsafe <other NSPR options> autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/6f8ea87eb8d1 user: Brian Hackett date: Thu Mar 06 14:03:03 2014 -0700 summary: Bug 980013 - Watch for length accesses on typed arrays with overridden prototypes, r=luke. Hannes, is this related to bug 980013? (This issue does not seem fixed by the patch in bug 998059, but you could re-check.)
Flags: needinfo?(hv1989)
Comment 1•10 years ago
|
||
The fix was incomplete. The new patch fixes this issue too.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(hv1989)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•