Closed
Bug 441361
Opened 16 years ago
Closed 16 years ago
Split objects in the shell don't work
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: mrbkap, Assigned: mrbkap)
Details
Attachments
(1 file)
2.53 KB,
patch
|
crowderbt
:
review+
|
Details | Diff | Splinter Review |
Currently, we assert: Assertion failure: !JS_GetParent(cx, obj), at js.cpp:2339. This is due to bug 418515 -- before that bug, calling JS_NewObject with a null parent and an object that was not going to share its scope with its prototype would return an object with a null parent. This is no longer the case. Fixing that is easy, but then we crash: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x0000000c 0x0006419f in js_Execute The reason was missing error checking in ProcessArgs. That fixes the crash, but now we cannot initialize the inner object because the outer object has no concept of "freezing" and happily returns NULL for its inner when asked. I'll finish patching tomorrow.
Assignee | ||
Comment 1•16 years ago
|
||
This fixes the innerObject thing. I also noticed (when playing with this.__count__ in the shell) that the class was missing JSCLASS_NEW_ENUMERATE, which caused exciting memory corruption and crashing on shutdown.
Updated•16 years ago
|
Attachment #326503 -
Flags: review?(crowder) → review+
Assignee | ||
Comment 2•16 years ago
|
||
Fix pushed as changeset 44c589bd2a7b.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Comment 3•16 years ago
|
||
Do we need this on branch Blake?
Comment 4•16 years ago
|
||
This is a helpful debug utility in the js shell, and doesn't affect the browser at all. Totally NPOTB, so probably not necessary for branch.
Comment 5•16 years ago
|
||
mrbkap: a little help on how to test?
Assignee | ||
Comment 6•16 years ago
|
||
Bob, if the testsuite can pass -z to the shell, then just starting 'js -z' will verify this bug. It might be interesting to run the whole testsuite against -z, but keep in mind that there very well might be bugs in -z, not in the engine.
Comment 7•16 years ago
|
||
Ok. I can easily add -z. I'll run the full suite later today and run the results by you.
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•