Closed Bug 453701 Opened 17 years ago Closed 17 years ago

TM: "Assertion failed: (rmask(rr) & FpRegs) != 0" with hasOwnProperty

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: dvander)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

abort tracing if a callee doesn't want a primitive |this|
659 bytes, patch
brendan
: review+
Details | Diff | Splinter Review
./js -j js> (function() { for (var j = 0; j < 5; ++j) { (1).hasOwnProperty(""); } })() Assertion failed: (rmask(rr) & FpRegs) != 0 (nanojit/Nativei386.cpp:766) (tracemonkey branch)
In JSOP_CALLPROP we're not checking whether the callee will allow a primitive |this|. For now I just aborted recording. Please let me know if I'm on the completely wrong track here.
Assignee: general → danderson
Status: NEW → ASSIGNED
Attachment #337105 - Flags: review?(brendan)
Attachment #337105 - Flags: review?(brendan) → review+
Comment on attachment 337105 [details] [diff] [review] abort tracing if a callee doesn't want a primitive |this| >diff -r 1a8d24f2c2aa js/src/jstracer.cpp >--- a/js/src/jstracer.cpp Thu Sep 04 22:14:27 2008 -0700 >+++ b/js/src/jstracer.cpp Fri Sep 05 12:22:16 2008 -0700 >@@ -6087,6 +6087,14 @@ TraceRecorder::record_JSOP_CALLPROP() > ABORT_TRACE("callee is not an object"); > JS_ASSERT(HAS_FUNCTION_CLASS(PCVAL_TO_OBJECT(pcval))); > >+ if (JSVAL_IS_PRIMITIVE(l)) { >+ JSFunction* fun; >+ if (fun = GET_FUNCTION_PRIVATE(cx, PCVAL_TO_OBJECT(pcval)), I'd initialize fun in its declaration, we avoid nested assignments in conditions except for loop control (old Unix hacker exception, IIRC K&R do this). >+ !PRIMITIVE_THIS_TEST(fun, l)) { which helps avoid bracing here. >+ ABORT_TRACE("callee does not accept primitives"); Cool -- if we see this at all, I'll be surprised. We can either add a built-in call or maybe generalize primitive-this to work for interpreted functions (bug 412571). >+ } >+ } >+ > stack(-1, INS_CONSTPTR(PCVAL_TO_OBJECT(pcval))); > return true; > } r=me with that, thanks. /be
Pushed fix with changes in comment as changeset d2e24a3d240e.
Closing from m-c merge last night.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Summary: "Assertion failed: (rmask(rr) & FpRegs) != 0" with hasOwnProperty → TM: "Assertion failed: (rmask(rr) & FpRegs) != 0" with hasOwnProperty
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-453701.js,v <-- regress-453701.js initial revision: 1.1 m-c: changeset: 19331:d2abf4d6503f
Flags: in-testsuite+
Flags: in-litmus-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: