New issue
Advanced search Search tips

Issue 661516 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Apr 2017
Cc:
yangguo@chromium.org
leszeks@chromium.org
mythria@chromium.org
rmcilroy@chromium.org
mstarzinger@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 661510



Sign in to add a comment

Stack-trace differences between default and ignition

Project Member Reported by machenb...@chromium.org, Nov 2 2016 
Tracker bug for stack-trace differences.

Currently, the caret position and the character number in stack traces are known to differ and are suppressed by the correctness fuzzer.

Comment 1 by machenb...@chromium.org, Nov 2 2016 

Another stack trace difference, not yet suppressed. Should it be?

# Minimized program:
__v_2 = { get() { return 42 } };
__v_4 = new Proxy(function() { "use strict"; return this }, __v_2);
__v_2 < __v_4


# Compared default with ignition

# Flags of default:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=364 --random-seed -1989169247
# Flags of ignition:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=364 --random-seed -1989169247 --ignition

Difference:
- out4_m/fuzz-03461.js.minimized:3: TypeError: '42' returned for property 'Symbol(Symbol.toPrimitive)' of object '[object Function]' is not a function
+ out4_m/fuzz-03461.js.minimized:3: TypeError: number is not a function

### Start of configuration default:
out4_m/fuzz-03461.js.minimized:3: TypeError: '42' returned for property 'Symbol(Symbol.toPrimitive)' of object '[object Function]' is not a function
__v_2 < __v_4
      ^
TypeError: '42' returned for property 'Symbol(Symbol.toPrimitive)' of object '[object Function]' is not a function
    at out4_m/fuzz-03461.js.minimized:3:7


### End of configuration default

### Start of configuration ignition:
out4_m/fuzz-03461.js.minimized:3: TypeError: number is not a function
__v_2 < __v_4
      ^
TypeError: number is not a function
    at out4_m/fuzz-03461.js.minimized:3:7


### End of configuration ignition

Comment 2 by machenb...@chromium.org, Nov 2 2016 

A similar case:

# Minimized program:
var __v_0 = {};
try {
function* g() {
  __f_1();
}
function* f() {
  yield* g();
}
} catch(e) {; }
function __f_1() {
  __v_0.setListener();
}
for (let _ of f()) { }

# Difference:
- out4_m/fuzz-04983.js.minimized:11: TypeError: __v_0.setListener is not a function
+ out4_m/fuzz-04983.js.minimized:11: TypeError: undefined is not a function

Comment 3 by machenb...@chromium.org, Nov 2 2016 

Another case that might just need better suppression. Right now it's not suppressed.

# Minimized program:
__v_4 = `postMessage('Starting worker');
  switch (__v_0++) {
  };`;
var __v_9 = new Worker(__v_4);


# Compared default with ignition_staging

# Flags of default:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=184 --expose-wasm --random-seed -1964896105
# Flags of ignition_staging:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=184 --expose-wasm --random-seed -1964896105 --ignition-staging

Difference:
- unnamed:42: Uncaught ReferenceError: __v_0 is not defined
+ unnamed:0: Uncaught ReferenceError: __v_0 is not defined

### Start of configuration default:
unnamed:42: Uncaught ReferenceError: __v_0 is not defined
unnamed:2: ReferenceError: __v_0 is not defined
  switch (__v_0++) {
          ^
ReferenceError: __v_0 is not defined
    at unnamed:2:11


### End of configuration default

### Start of configuration ignition_staging:
unnamed:0: Uncaught ReferenceError: __v_0 is not defined
unnamed:1: ReferenceError: __v_0 is not defined
postMessage('Starting worker');
^
ReferenceError: __v_0 is not defined
    at unnamed:1:1


### End of configuration ignition_staging

Comment 4 by hablich@chromium.org, Nov 3 2016

Status: Available (was: Untriaged)

Comment 5 by machenb...@chromium.org, Nov 4 2016 

Yet another case. I'm currently suppressing everything I report here:

# Minimized program:
try {
  eval("new parseInt(~true)")
} catch (e) { print (e.message); };

# Compared default with noturbo

# Flags of default:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=436 --ignition-staging --turbo --always-opt --random-seed -809530293
# Flags of noturbo:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=436 --ignition-staging --turbo --always-opt --random-seed -809530293 --turbo-filter=~

Difference:
- parseInt is not a function
+ parseInt is not a constructor

### Start of configuration default:
parseInt is not a function

### End of configuration default

### Start of configuration noturbo:
parseInt is not a constructor

### End of configuration noturbo

Comment 6 by rmcilroy@chromium.org, Nov 10 2016

Cc: yangguo@chromium.org mythria@chromium.org leszeks@chromium.org
Yang - I remember there were changes which went in to allow V8 to print better output for calling a non-function. Some of the diffs here seem related, e.g.: 

- out4_m/fuzz-04983.js.minimized:11: TypeError: __v_0.setListener is not a function
+ out4_m/fuzz-04983.js.minimized:11: TypeError: undefined is not a function

Do you have knowledge of the code which does this. Any ideas why Ignition might not be doing it?

Comment 7 by machenb...@chromium.org, Dec 13 2016

Labels: -Restrict-View-Google v8-foozzie-failure

Comment 8 by machenb...@chromium.org, Apr 27 2017

Labels: v8-foozzie-legacy
None of this repros anymore with our current comparison settings. Can we set this to Wontfix?

Comment 9 by mstarzinger@chromium.org, Apr 27 2017

Status: WontFix (was: Available)
Yes, WontFix it is. :)

Sign in to add a comment