Closed Bug 660562 Opened 13 years ago Closed 13 years ago

TI: "Assertion failure: data.s.payload.why == why,"

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 660538

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: assertion, testcase) 

(function() {
    for (a in (
        arguments for (l in [0])
    ))
    {}
})()

asserts js debug shell on JM changeset 68620d37fb23 with -n at Assertion failure: data.s.payload.why == why,

#2  0x08202419 in JS_Assert (s=0x83e3f70 "data.s.payload.why == why", file=0x83e3ef4 "/home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsvalue.h", ln=538)
    at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsutil.cpp:89
#3  0x08099639 in js::Value::isMagic (this=0xf76dc0b8, why=JS_NO_ITER_VALUE) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsvalue.h:538
#4  0x08136d17 in js_IteratorMore (cx=0x84f4958, iterobj=0xf75041b8, rval=0xf76dc0b8) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsiter.cpp:1006
#5  0x08397c54 in IteratorMore (cx=0x84f4958, iterobj=0xf75041b8, cond=0xffffc73c, rval=0xf76dc0b8) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsinterp.cpp:2148
#6  0x083a08aa in js::Interpret (cx=0x84f4958, entryFrame=0xf76dc030, inlineCallCount=1, interpMode=js::JSINTERP_NORMAL)
    at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsinterp.cpp:3119
#7  0x0812df96 in js::RunScript (cx=0x84f4958, script=0x8533178, fp=0xf76dc030) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsinterp.cpp:617
#8  0x0812f397 in js::Execute (cx=0x84f4958, chain=..., script=0x8533178, prev=0x0, flags=0, result=0x0) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsinterp.cpp:1002
#9  0x0807aad6 in JS_ExecuteScript (cx=0x84f4958, obj=0xf75020a8, scriptObj=0xf7504118, rval=0x0) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-70356-68620d37fb23/compilePath/js/src/jsapi.cpp:5077
/snip
Same symptoms as bug 660538, but maybe a different underlying cause (generators involved).
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
A testcase for this bug was already added in the original bug (bug 660538).
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.