Closed
Bug 1206750
Opened 9 years ago
Closed 9 years ago
Assertion failure: next.type != TOK_DIV && next.type != TOK_REGEXP (next token requires contextual specifier to be parsed unambiguously), at js/src/frontend/TokenStream.h:486
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla44
People
(Reporter: decoder, Assigned: Waldo)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [jsbugmon:update])
Attachments
(1 file)
2.70 KB,
patch
|
arai
:
review+
|
Details | Diff | Splinter Review |
The following testcase crashes on mozilla-central revision ccd6b5f5e544 (build with --enable-optimize --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --target=i686-pc-linux-gnu --disable-tests --enable-debug, run with --fuzzing-safe): Reflect.parse('export { x, y as z } from "a" \n/bar/g;', {target: "module"}); Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x0812b908 in js::frontend::TokenStream::addModifierException (this=0xffffbe18, modifierException=js::frontend::Token::OperandIsNone) at js/src/frontend/TokenStream.h:485 #0 0x0812b908 in js::frontend::TokenStream::addModifierException (this=0xffffbe18, modifierException=js::frontend::Token::OperandIsNone) at js/src/frontend/TokenStream.h:485 #1 0x0811c69c in js::frontend::MatchOrInsertSemicolon (ts=..., modifier=js::frontend::Token::None) at js/src/frontend/Parser.cpp:1474 #2 0x08128d0c in js::frontend::Parser<js::frontend::FullParseHandler>::exportDeclaration (this=this@entry=0xffffbe00) at js/src/frontend/Parser.cpp:4864 #3 0x0814e2a8 in js::frontend::Parser<js::frontend::FullParseHandler>::statement (this=this@entry=0xffffbe00, yieldHandling=yieldHandling@entry=js::frontend::YieldIsKeyword, canHaveDirectives=true) at js/src/frontend/Parser.cpp:6820 #4 0x0814e94e in js::frontend::Parser<js::frontend::FullParseHandler>::statements (this=this@entry=0xffffbe00, yieldHandling=yieldHandling@entry=js::frontend::YieldIsKeyword) at js/src/frontend/Parser.cpp:3117 #5 0x08158f1e in js::frontend::Parser<js::frontend::FullParseHandler>::standaloneModule (this=this@entry=0xffffbe00, module=module@entry=...) at js/src/frontend/Parser.cpp:866 #6 0x081d5305 in reflect_parse (cx=0xf7a87020, argc=2, vp=0xf44c4068) at js/src/builtin/ReflectParse.cpp:3858 #7 0x083621ea in js::CallJSNative (cx=0xf7a87020, native=0x81d3ff0 <reflect_parse(JSContext*, uint32_t, JS::Value*)>, args=...) at js/src/jscntxtinlines.h:235 #8 0x0835737f in js::Invoke (cx=0xf7a87020, args=..., construct=construct@entry=js::NO_CONSTRUCT) at js/src/vm/Interpreter.cpp:765 #9 0x08348500 in Interpret (cx=cx@entry=0xf7a87020, state=...) at js/src/vm/Interpreter.cpp:3068 #10 0x08356991 in js::RunScript (cx=cx@entry=0xf7a87020, state=...) at js/src/vm/Interpreter.cpp:706 #11 0x0835cb95 in js::ExecuteKernel (cx=cx@entry=0xf7a87020, script=..., script@entry=..., scopeChainArg=..., thisv=..., newTargetValue=..., type=type@entry=js::EXECUTE_GLOBAL, evalInFrame=evalInFrame@entry=..., result=result@entry=0x0) at js/src/vm/Interpreter.cpp:980 #12 0x0835cef2 in js::Execute (cx=cx@entry=0xf7a87020, script=script@entry=..., scopeChainArg=..., rval=rval@entry=0x0) at js/src/vm/Interpreter.cpp:1014 #13 0x087e2cda in ExecuteScript (cx=cx@entry=0xf7a87020, scope=..., script=script@entry=..., rval=rval@entry=0x0) at js/src/jsapi.cpp:4370 #14 0x087e2e16 in JS_ExecuteScript (cx=cx@entry=0xf7a87020, scriptArg=scriptArg@entry=...) at js/src/jsapi.cpp:4401 #15 0x0806b4b2 in RunFile (compileOnly=false, file=0xf7af49e0, filename=0xffffd058 "min.js", cx=0xf7a87020) at js/src/shell/js.cpp:462 #16 Process (cx=cx@entry=0xf7a87020, filename=0xffffd058 "min.js", forceTTY=forceTTY@entry=false) at js/src/shell/js.cpp:580 #17 0x080ce475 in ProcessArgs (op=0xffffcd20, cx=0xf7a87020) at js/src/shell/js.cpp:5834 #18 Shell (envp=<optimized out>, op=0xffffcd20, cx=0xf7a87020) at js/src/shell/js.cpp:6132 #19 main (argc=3, argv=0xffffce74, envp=0xffffce84) at js/src/shell/js.cpp:6488 eax 0x0 0 ebx 0x9785474 158880884 ecx 0xf7e3b88c -136071028 edx 0x0 0 esi 0x0 0 edi 0xffffc09c -16228 ebp 0xffffb498 4294947992 esp 0xffffb470 4294947952 eip 0x812b908 <js::frontend::TokenStream::addModifierException(js::frontend::Token::ModifierException)+328> => 0x812b908 <js::frontend::TokenStream::addModifierException(js::frontend::Token::ModifierException)+328>: movl $0x1e6,0x0 0x812b912 <js::frontend::TokenStream::addModifierException(js::frontend::Token::ModifierException)+338>: call 0x80ee4d0 <abort()>
Updated•9 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update]
Comment 1•9 years ago
|
||
JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/05f838caf076 user: Tooru Fujisawa date: Fri Aug 07 04:11:59 2015 +0900 summary: Bug 1089045 - Part 1: Supply consistent modifiers to TokenStream. r=Waldo This iteration took 278.472 seconds to run.
Assignee | ||
Comment 2•9 years ago
|
||
Attachment #8663892 -
Flags: review?(arai.unmht)
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → jwalden+bmo
Status: NEW → ASSIGNED
Comment 3•9 years ago
|
||
Comment on attachment 8663892 [details] [diff] [review] Patch Review of attachment 8663892 [details] [diff] [review]: ----------------------------------------------------------------- Thanks! As noted in IRC, would you please apply same fix to |export *| part too? https://dxr.mozilla.org/mozilla-central/rev/9ed17db42e3e46f1c712e4dffd62d54e915e0fac/js/src/frontend/Parser.cpp#4829 > if (!MatchOrInsertSemicolon(tokenStream)) So, this. > return null(); > > return handler.newExportFromDeclaration(begin, kid, moduleSpec); > } else { > report(ParseError, false, null(), JSMSG_FROM_AFTER_EXPORT_STAR); > return null(); > } > > if (!MatchOrInsertSemicolon(tokenStream)) > return null(); and this is dead, sorry I should've noticed :P
Attachment #8663892 -
Flags: review?(arai.unmht) → review+
Comment 5•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/384a3e1b2a99
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox44:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
You need to log in
before you can comment on or make changes to this bug.
Description
•