-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ToString(Object) sometimes returns [object Null] #12411
Comments
I don't think it's out of the ordinary, seeing as how
It could be a bug though whose fix didn't get backported to 5.5 though. |
This is not about what happens when you stringify Also see in the linked v8 issue where an array is stringified, but |
The V8 in v7.x has the same bug. I'll prepare a back-port. |
This has been troubling us for months! So happy the issue has been found. Getting the fix out in a patch release soon would be great for us. Thanks. |
@holm I would assume we do another v7.x patch release next week, as usual. |
Great, thanks a lot for the quick work (as usual)! |
This is a chery-pick if you consider reducing the context to -C2 a cherry-pick; WordIsSmi has been renamed to TaggedIsSmi upstream. Original commit message: [builtins] Fix pointer comparison in ToString builtin. This fixes the bogus {Word32Equal} comparison in the ToString builtin implementing Object.prototype.toString to be a pointer-size {WordEqual} comparison instead. Comparing just the lower half-word is insufficient on 64-bit architectures. R=jgruber@chromium.org TEST=mjsunit/regress/regress-crbug-664506 BUG=chromium:664506 Review-Url: https://codereview.chromium.org/2496043003 Cr-Commit-Position: refs/heads/master@{nodejs#40963} Fixes: nodejs#12411 PR-URL: nodejs#12412 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Fixed in f882f47, should be in the next v7.x release. |
Any idea when the next v7.x release might be? This bug is hurting us quite a bit, and a new release would be wonderful. Thanks as always. |
Next Tuesday, I think. I'm not on the release team though. |
Ben is correct. I have a release almost ready but decided to hold off due to #12663 |
This is a chery-pick if you consider reducing the context to -C2 a cherry-pick; WordIsSmi has been renamed to TaggedIsSmi upstream. Original commit message: [builtins] Fix pointer comparison in ToString builtin. This fixes the bogus {Word32Equal} comparison in the ToString builtin implementing Object.prototype.toString to be a pointer-size {WordEqual} comparison instead. Comparing just the lower half-word is insufficient on 64-bit architectures. R=jgruber@chromium.org TEST=mjsunit/regress/regress-crbug-664506 BUG=chromium:664506 Review-Url: https://codereview.chromium.org/2496043003 Cr-Commit-Position: refs/heads/master@{#40963} Fixes: #12411 PR-URL: #12412 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Linux web 4.4.0-18-generic #34~14.04.1-Ubuntu SMP Thu Apr 7 18:31:54 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
I think we're encountering this bug in our staging and prod environments under heavy load. It does not occur in node v6, but only v7.
I can't reproduce this in the node console (with the v8 repro), but it seems like the v8 code is the same in node.
Is it possible to somehow verify this also applies to node and backport that v8 fix into node v7?
The text was updated successfully, but these errors were encountered: