Loading Gmail fails with some undefined value exceptions. I'm going to try to debug this.
Created attachment 21033 [details] Stack trace Here's a stack trace from the first undefined value exception.
I asked gdb to print the bytecode that threw the exception. Here it is: 6 instructions; 84 bytes at 0x1344e460; 1 locals (1 parameters); 15 temporaries [ 0] resolve tr0, a(@id0) [ 3] get_by_id tr1, tr0, apply(@id1) [ 7] resolve tr13, f(@id2) [ 10] resolve tr14, arguments(@id3) [ 13] call tr0, tr1, tr0, 12, 3 [ 19] ret tr0 Identifiers: id0 = a id1 = apply id2 = f id3 = arguments
The value returned by the first resolve is bogus, causing the exception to be thrown when calling toObject() on the base in get_by_id. I'll try to see what is up with that resolve.
Google Reader had the least amount of JS out of all of the affected Google products, so I hacked up enough of a local copy to reproduce the error. Using a decent amount of alert debugging, I managed to find the problem. Consider this code: var o = { }; o = o.Nothere || o; print(o == undefined); Trunk prints false, SquirrelFish prints true.
Here is the bytecode for my example: [ 0] load lr2, undefined(@k0) [ 3] load tr0, undefined(@k0) [ 6] new_object lr2 [ 8] get_by_id lr2, lr2, Nothere(@id0) [ 12] jtrue lr2, 1(->15) [ 15] mov tr0, lr2 [ 18] resolve_func tr0, tr1, print(@id1) [ 22] resolve tr14, undefined(@id2) [ 25] eq tr13, lr2, tr14 [ 29] call tr0, tr1, tr0, 12, 2 [ 35] end tr0 The problem is that LogicalAndNode is using the final destination as a temporary.
> The problem is that LogicalAndNode is using the final destination as a temporary. Oops, I meant LogicalOrNode, but the problem is in both.
Created attachment 21067 [details] Proposed patch
Comment on attachment 21067 [details] Proposed patch r=me woo!
Created attachment 21068 [details] Proposed patch with test I accidentally didn't add the test to the last patch, and the description was bad. Here's a new patch.
Landed in r33031.