Closed Bug 449666 Opened 16 years ago Closed 16 years ago

TM: Assertion failure: JSSTRING_IS_FLAT during trace recording

Categories

(Core :: JavaScript Engine, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: sayrer, Assigned: sayrer)

References

()

Details

(Keywords: assertion, testcase)

Attachments

(4 files)

Hitting this on blogspot.com blogs
Blocks: landtm
Attached file test case
Attached file shell test case
Attachment #332809 - Attachment mime type: application/x-javascript → text/plain
We have some parts that require flat strings, but they should be guarded, and I wouldn't expect to see quite that stack.
Easy to fix: tracer needs to js_InternNonIntElementId (as interpreter JSOP_GETELEM case code will shortly -- so tracer should update the stack slot to save a redundant intern'ing). Anyone want to grab this, it's easy?

/be
Keywords: assertion, testcase
Attached patch fixSplinter Review
Attachment #333103 - Flags: review?(brendan)
Comment on attachment 333103 [details] [diff] [review]
fix

>+        JSObject *obj = JSVAL_TO_OBJECT(l);
>+
>+        if (!js_InternNonIntElementId(cx, obj, r, &id))
>+            return false;

Looks good, only thought is to cut through the E4X fog by calling js_ValueToStringId instead (js_InternNonIntElementId takes obj only to check whether it's XML, and if not just calls js_ValueToStringId). We know r is a string here, not an object (not a QName, an E4X compound identifier). Modularity is secondary both given how tight the tracer is with the interpreter, and because we have weeded out non-string r cases already.

r=me with that if you buy it, else as is.

/be
Attachment #333103 - Flags: review?(brendan) → review+
Assignee: general → sayrer
http://hg.mozilla.org/index.cgi/tracemonkey/rev/537fe0d1d47e
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
http://hg.mozilla.org/tracemonkey/rev/422f9867bff9
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-449666.js,v  <--  regress-449666.js
initial revision: 1.1
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: