Closed GoogleCodeExporter closed 9 years ago
Unfortunately, I can't read Russian, so this is going to be very hard to
diagnose for me personally.
It would help tremendously if you could test the versions between 10 and 17 to
see where it fails (11, 12, 13, 14, 15, 15.0.1 and the 17 aurora/betas), which
would give me a rough regression range.
After 17.0.2 comes out, there will be a 19 beta to try on the off chance it got
fixed by something else.
Original comment by classi...@floodgap.com
on 2 Jan 2013 at 9:33
It's a regression from 11.0.
You actually don't need to read Russian to reproduce it. Register mail box here:
http://mail.yandex.com/
in Tenfourfox > 10.x you won't see large part of mail UI
Original comment by annu...@gmail.com
on 3 Jan 2013 at 12:21
That's a very early failure. Can you check if this occurs in AuroraFox also? (I
don't use 10.5.)
However, I am able to see the flaw. I need to check it on my Intel Mac.
Marking Medium as the light version works normally.
Original comment by classi...@floodgap.com
on 3 Jan 2013 at 2:28
AuroraFox 19.0a2_7 is affected too
Original comment by annu...@gmail.com
on 3 Jan 2013 at 3:15
Cc'ing Tobias.
To see if this is the JS compiler, does restarting the browser in safe mode fix
it? (Sorry, I'm at the office, so I'm not on my G5.)
Original comment by classi...@floodgap.com
on 3 Jan 2013 at 3:38
Yes, in safe mode it works
Original comment by annu...@gmail.com
on 3 Jan 2013 at 8:21
And just to make sure, when you tested it with 10 it was against 10.0.11? (This
would tell me if the branch changes are innocent.)
Original comment by classi...@floodgap.com
on 3 Jan 2013 at 8:28
It was 10.0.10, however 10.0.11 also works fine
Original comment by annu...@gmail.com
on 3 Jan 2013 at 9:08
debugger view
AuroraFox not working means it's not the compiler or the linker
safe mode working means it's the jit
10.0.11 working means this was a change Mozilla made that causes our jit to
generate bogus code
next step will be to deminify the source
Original comment by classi...@floodgap.com
on 5 Jan 2013 at 12:33
Attachments:
It's also possible it's making JQuery bug out, since there was an earlier
exception in JQuery, which might be the real bug.
Original comment by classi...@floodgap.com
on 5 Jan 2013 at 12:35
Debug mode in 19 doesn't show anything interesting:
++DOMWINDOW == 56 (0x2eb98a64) [serial = 120] [outer = 0x26e5a000]
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004003: file
/Volumes/BruceDeuce/src/mozilla-19b/intl/uconv/src/nsCharsetConverterManager.cpp
, line 301
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004003: file
/Volumes/BruceDeuce/src/mozilla-19b/intl/uconv/src/nsCharsetConverterManager.cpp
, line 301
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x8053000C: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/Element.cpp, line 2488
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
3190
WARNING: NS_ENSURE_TRUE(GetOwner() && !mCanceled) failed: file
/Volumes/BruceDeuce/src/mozilla-19b/image/src/imgRequestProxy.cpp, line 643
JavaScript error: https://mailstatic.yandex.net/neo2/6.15.12/jsx/_bootstrap.js,
line 147: t is undefined
--DOMWINDOW == 55 (0x2ecebc64) [serial = 117] [outer = 0x0] [url =
http://mail.yandex.com/]
++DOMWINDOW == 56 (0x31d3d064) [serial = 121] [outer = 0x26e5a000]
WARNING: NS_ENSURE_SUCCESS(rv, false) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
2956
WARNING: NS_ENSURE_SUCCESS(rv, false) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
2956
WARNING: NS_ENSURE_SUCCESS(rv, false) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
2956
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004003: file
/Volumes/BruceDeuce/src/mozilla-19b/intl/uconv/src/nsCharsetConverterManager.cpp
, line 301
WARNING: NS_ENSURE_SUCCESS(rv, false) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
2956
WARNING: NS_ENSURE_SUCCESS(rv, false) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
2956
WARNING: NS_ENSURE_SUCCESS(rv, false) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
2956
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004003: file
/Volumes/BruceDeuce/src/mozilla-19b/intl/uconv/src/nsCharsetConverterManager.cpp
, line 301
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x8053000C: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/Element.cpp, line 2488
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/nsContentUtils.cpp, line
3190
JavaScript error:
https://mailstatic.yandex.net/neo2/6.15.12/539/jsx/_bootstrap.js, line 147: t
is undefined
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004003: file
/Volumes/BruceDeuce/src/mozilla-19b/intl/uconv/src/nsCharsetConverterManager.cpp
, line 301
WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004003: file
/Volumes/BruceDeuce/src/mozilla-19b/intl/uconv/src/nsCharsetConverterManager.cpp
, line 301
WARNING: NS_ENSURE_TRUE(currentURI) failed: file
/Volumes/BruceDeuce/src/mozilla-19b/content/base/src/ThirdPartyUtil.cpp, line 96
--DOCSHELL 0x31aefa00 == 24 [id = 40]
--DOCSHELL 0x2eef1c00 == 23 [id = 38]
Original comment by classi...@floodgap.com
on 12 Jan 2013 at 5:24
Looking at the URL I wondered what 'jsx' might be.
Found that: http://jsx.github.com/
So jsx compiles JavaScript on the fly and obviously does it wrong in our case,
I suspect because it generates different code based on user agent. Trying a
mainstream user agent should reveal if that's the problem.
Original comment by Tobias.N...@gmail.com
on 12 Jan 2013 at 9:20
Got it wrong; jsx doesn't generate JavaScript code on the fly but (heavily?)
optimizes existing JavaScript code.
Original comment by Tobias.N...@gmail.com
on 13 Jan 2013 at 12:04
It's going to take a while to deobfuscate it to figure out what's going on.
Original comment by classi...@floodgap.com
on 13 Jan 2013 at 4:21
AFAIU, JFX is not JavaScript optimizer but language which compiles to JS.
2013/1/13, tenfourfox@googlecode.com <tenfourfox@googlecode.com>:
Original comment by annu...@gmail.com
on 13 Jan 2013 at 2:28
Turning off type inference makes this even worse.
Original comment by Tobias.N...@gmail.com
on 19 Jan 2013 at 12:47
Too many things landed between 10 and 11 in JS.
Original comment by classi...@floodgap.com
on 21 Jan 2013 at 12:08
Deminified source
Original comment by classi...@floodgap.com
on 21 Jan 2013 at 12:22
Attachments:
The exception is coming out of JQuery. The specific bug is just where it
happened to go bang. It's a DOM exception, so I can't think of a way we can
load this into a shell case for debugging. I'll instrument more when I have a
debug build mounted again.
Original comment by classi...@floodgap.com
on 21 Jan 2013 at 12:34
v.event.add is probably jQuery.event.add.
Original comment by classi...@floodgap.com
on 21 Jan 2013 at 12:38
While looking at something else, it occurs to me that between 10 and 11, the
INLINE_*_JUMPs in ICLabels.h disappeared. We did a lot of work on that at the
time. Ben, what do you think? A bad or misunderstood shape guard might cause an
early bailout and an object to be incorrectly recognized.
Original comment by classi...@floodgap.com
on 23 Jan 2013 at 4:38
It looks like the INLINE_*_JUMPs were removed as part of bug 684505, but I
don't see anything there that would be an obvious problem for PPC.
Original comment by magef...@gmail.com
on 27 Jan 2013 at 1:51
[deleted comment]
Just had a thought that generateAddressOffset might be clobbering tempRegister
unexpectedly and the routine is not expecting that. I'll test my theory for 21.
Original comment by classi...@floodgap.com
on 8 Apr 2013 at 2:51
My assertion doesn't trigger, so it's not that either.
Original comment by classi...@floodgap.com
on 18 Apr 2013 at 2:18
While trying to get YarrJIT running in WebKit I discovered that there are still
some endian bugs in it, at least when dealing with 8 bit characters. May that
be the reason for this bug?
The fix isn't complete yet but once it passes WebKit regexp tests I'll post the
patch here.
Original comment by Tobias.N...@gmail.com
on 23 Jul 2013 at 11:43
Fixed! It was affecting 8 bit strings for patterns of 2 or 3 characters.
The attached patch is against WebKit sources but it shouldn't be hard to get it
into mozilla sources. It's all inside generatePatternCharacterOnce(), again.
Original comment by Tobias.N...@gmail.com
on 23 Jul 2013 at 11:59
Attachments:
Hmmmm. YARR really changed since 17. I'll work this patch into 22.1 final and
if that fixes it, I'll mull over how to backport it to 17. If it doesn't, it
seems a little risky for stable since the code is way different.
Original comment by classi...@floodgap.com
on 24 Jul 2013 at 6:05
Fixed by the patch for issue 239!
Original comment by classi...@floodgap.com
on 13 Sep 2013 at 1:16
(Comments 27 and 28 will be spun off separately since it still applies to YARR
in 24)
Original comment by classi...@floodgap.com
on 13 Sep 2013 at 1:16
Shipped
Original comment by classi...@floodgap.com
on 17 Sep 2013 at 1:37
For the record, Yandex Mail work since 17.0.8 at least (I've forgotten to
report it, sorry), so attribution to issue 239 is wrong.
Original comment by annu...@gmail.com
on 21 Sep 2013 at 11:57
Well, all's well that ends well, I suppose. :)
Original comment by classi...@floodgap.com
on 21 Sep 2013 at 12:53
Original issue reported on code.google.com by
annu...@gmail.com
on 2 Jan 2013 at 7:44