Closed
Bug 278873
Opened 21 years ago
Closed 21 years ago
debugging switch-statement causes assertion
Categories
(Core :: JavaScript Engine, defect, P2)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.8beta1
People
(Reporter: vogge, Assigned: brendan)
Details
(Keywords: js1.5)
Attachments
(2 files)
|
2.22 KB,
patch
|
shaver
:
review+
|
Details | Diff | Splinter Review |
|
2.29 KB,
text/plain
|
Details |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20050117 Firefox/0.10.1
I tried to debug the following javascript-code with jsshell (compiled on the
Firefox-1.0PR with the DEBUG-FLAG):
tracing(true);
function SwitchTest( input) {
switch ( input ) {
default: break;
case A: break;
}
}
This raises an assertion:
js> tracing(true);
1: 00008: popv
inputs: tracing(true) @ 1
stack:
js> function SwitchTest( input) {
switch ( input ) {
default: break;
case A: break;
}
}
2: 00000: deffunAssertion failure: nbytes != 0, at jsapi.c:1459
Reproducible: Always
Steps to Reproduce:
1. compile jsshell with DEBUG-Flag
2. jsshell.exe
3. copy-paste the sourcecode
Speculation:
The error seems to be caused by jsopcode.c line 2054+ (case JSOP_CONDSWITCH).
Especially:
> sn = js_GetSrcNote(jp->script, pc);
JS_ASSERT(sn && SN_TYPE(sn) == SRC_SWITCH);
len = js_GetSrcNoteOffset(sn, 0);
> off = js_GetSrcNoteOffset(sn, 1);
off becomes 0, so does off2 and so ncases is 0 and then
table = (TableEntry *) JS_malloc(cx, (size_t)ncases * sizeof
*table);
mallocs 0 bytes which raises an exception.
|
Assignee | |
Updated•21 years ago
|
Assignee: general → brendan
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: js1.5
OS: Windows 2000 → All
Priority: -- → P2
Hardware: PC → All
Target Milestone: --- → mozilla1.8beta
|
|
Assignee | |
Comment 1•21 years ago
|
||
Goes back to norris, IIRC. Shaver, what do you think?
/be
Attachment #172336 -
Flags: review?(shaver)
|
|
Assignee | |
Updated•21 years ago
|
Status: NEW → ASSIGNED
|
||
Comment 2•21 years ago
|
||
Comment on attachment 172336 [details] [diff] [review]
fix for ancient JSOP_CONDSWITCH bug
r=shaver. I haven't yet lost all recollection of norris' great switch/case
ECMA-conformance rewrite, indeed.
Attachment #172336 -
Flags: review?(shaver) → review+
|
|
Assignee | |
Comment 3•21 years ago
|
||
Fixed.
/be
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
||
Comment 4•20 years ago
|
||
Philipp, is it ok to include your test case in the javascript test library?
|
Reporter | |
Comment 5•20 years ago
|
||
?! Wow! Sure do whatever you want with it (isn't the best code I've written so
far :-)). And thx, I'm honored.
|
|
||
Comment 6•20 years ago
|
||
js1_5/Regress/regress-278873.js checked in.
|
|
||
Updated•20 years ago
|
Flags: testcase+
You need to log in
before you can comment on or make changes to this bug.
Description
•