The following testcase asserts on mozilla-central revision b03bb3ce8cee (no options required): var gTestcases = new Array(); var gTc = gTestcases.length; function TestCase(n, d, e, a) gTestcases[gTc++] = this; function reportCompare () { var testcase = new TestCase(); } function exitFunc (funcName) { reportCompare(); } var o15 = Object.prototype; function f2(o) { ({ x: [eval("o")][0] }.x.__defineGetter__((1000), function() {})); } f2(o15) test(); function test() { exitFunc('test'); test(false); reportCompare(); try {} catch(exc) {} }

JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 119980:e6d6b014a076 parent: 119968:d802d6faa080 user: Brian Hackett date: Sat Jan 26 13:21:27 2013 -0700 summary: Bug 832364 - Generate optimized paths for element accesses on native objects, r=jandem. This iteration took 114.115 seconds to run. Oops! We didn't test rev d802d6faa080, a parent of the blamed revision! Let's do that now. Rev d802d6faa080: Updating... Compiling... Testing... [Uninteresting] It didn't crash. (0.935 seconds) good (not interesting) As expected, the parent's label is the opposite of the blamed rev's label.

This might be a duplicate of Bug 851247.

JSBugMon: Cannot process bug: Unknown exception (check manually)

JSBugMon: The testcase found in this bug no longer reproduces (tried revision f20b0ce9e528).

JSBugMon: Fix Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first good revision is: changeset: 127424:ae738d911ded parent: 127423:3d370087403a parent: 125135:b2636816c7fd user: Jan de Mooij date: Mon Mar 18 16:53:57 2013 +0100 summary: Merge from mozilla-central. This iteration took 169.259 seconds to run. Oops! We didn't test rev 3d370087403a, a parent of the blamed revision! Let's do that now. We did not test rev 3d370087403a because it is not a descendant of either b03bb3ce8cee or 475dc5f51bdb. Rev 3d370087403a: Updating... Compiling... Testing... [Uninteresting] It didn't crash. (0.096 seconds) good (not interesting) Bisect lied to us! Parent rev 3d370087403a was also good! Oops! We didn't test rev b2636816c7fd, a parent of the blamed revision! Let's do that now. Rev b2636816c7fd: Updating... Compiling... Testing... Exit status: CRASHED signal 11 (SIGSEGV) (0.207 seconds) bad (interesting) As expected, the parent's label is the opposite of the blamed rev's label. Perhaps we should expand the search to include the common ancestor of the blamed changeset's parents. The common ancestor of 3d370087403a and b2636816c7fd is 3df2b971c106. Rev 3df2b971c106: Updating... Compiling... Testing... Exit status: CRASHED signal 11 (SIGSEGV) (0.168 seconds) bad (interesting) The following line is still under testing: Try setting -s to 3df2b971c106, and -e to 475dc5f51bdb, and re-run autoBisect.

This probably got fixed by the BaselineCompiler landing, but bisection all the branches has gotten `hg bisect` confused.

I meant "bisection of all the merges".

Unlikely to be fixed by the BC landing because the merge is much older. Closing this as WFM for now as it's unlikely to be worked on further.