Closed
Bug 485867
Opened 16 years ago
Closed 15 years ago
"Assertion failure: strncmp(rval, js_function_str, 8) == 0, at jsopcode.c" or "Assertion failure: strncmp(rval, js_function_str, 8) == 0, at ../jsopcode.cpp"
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: gkw, Assigned: igor)
References
Details
(Keywords: assertion, regression, testcase)
uneval(new Function("({x setter: getter function(){}})"));
Assertion failure: strncmp(rval, js_function_str, 8) == 0, at jsopcode.c:4254
"05/29/2007 18:48 PDT" CVS checkout:
$ ./js
js> uneval(new Function("({x setter: getter function(){}})"));
(function anonymous() {({x setter: getter function () {}});})
js>
"05/29/2007 18:50 PDT" CVS checkout:
$ ./js
js> uneval(new Function("({x setter: getter function(){}})"));
Assertion failure: strncmp(rval, js_function_str, 8) == 0, at jsopcode.c:4254
A manual CVS bisect shows bug 381113 may be related:
Implement ES4/JS2 expression closures (381113, r=mrbkap).
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-05-29+18%3A48%3A00&maxdate=2007-05-29+18%3A50%3A00&cvsroot=%2Fcvsroot
Flags: blocking1.9.1?
|
||
Comment 1•16 years ago
|
||
On IRC, brendan suggested removing the bizarre syntax { foo: getter function(){} } from the parser. I don't have time to do this.
I don't think this should block. It is a truly bizarre testcase with consequences only if you uneval an object that uses this weird construct.
|
||
Comment 2•16 years ago
|
||
This absolutely should not block if it's debug-only, no opt crash or impurity.
/be
|
||
Comment 3•16 years ago
|
||
minused accordingly
Flags: wanted1.9.1+
Flags: blocking1.9.1?
Flags: blocking1.9.1-
|
Reporter | |
Comment 4•16 years ago
|
||
For complete-ness, this occurs on TM tip without -j:
=====
js> uneval(new Function("({x setter: getter function(){}})"));
Assertion failure: strncmp(rval, js_function_str, 8) == 0, at ../jsopcode.cpp:4526
Program received signal SIGTRAP, Trace/breakpoint trap.
JS_Assert (s=0x1ab500 "strncmp(rval, js_function_str, 8) == 0", file=0x1a9ea6 "../jsopcode.cpp", ln=4526) at ../jsutil.cpp:69
69 abort();
(gdb)
(gdb) bt
#0 JS_Assert (s=0x1ab500 "strncmp(rval, js_function_str, 8) == 0", file=0x1a9ea6 "../jsopcode.cpp", ln=4526) at ../jsutil.cpp:69
#1 0x000c5f58 in Decompile (ss=0xbfffeaf4, pc=0x30deda "[", nb=12, nextop=JSOP_NOP) at ../jsopcode.cpp:4526
#2 0x000c7238 in DecompileCode (jp=0x30def0, script=0x30de90, pc=0x30ded4 "Y\001#", len=12, pcdepth=0) at ../jsopcode.cpp:4831
#3 0x000c9218 in js_DecompileFunction (jp=0x30def0) at ../jsopcode.cpp:5000
#4 0x0001ddf2 in JS_DecompileFunction (cx=0x30bc50, fun=0x2ab6c8, indent=32768) at ../jsapi.cpp:5040
#5 0x0005f67a in fun_toStringHelper (cx=0x30bc50, indent=32768, argc=0, vp=0x81303c) at ../jsfun.cpp:1615
#6 0x0005f6e6 in fun_toSource (cx=0x30bc50, argc=0, vp=0x81303c) at ../jsfun.cpp:1632
#7 0x00096f86 in js_Invoke (cx=0x30bc50, argc=0, vp=0x81303c, flags=0) at jsinterp.cpp:1247
#8 0x0009769f in js_InternalInvoke (cx=0x30bc50, obj=0x2ab6c8, fval=2773104, flags=0, argc=0, argv=0x0, rval=0xbfffeeb8) at jsinterp.cpp:1441
#9 0x000af175 in js_TryMethod (cx=0x30bc50, obj=0x2ab6c8, atom=0x2a825c, argc=0, argv=0x0, rval=0xbfffeeb8) at ../jsobj.cpp:5503
#10 0x00108fdb in js_ValueToSource (cx=0x30bc50, v=2799304) at ../jsstr.cpp:2995
#11 0x00109080 in str_uneval (cx=0x30bc50, argc=1, vp=0x813018) at ../jsstr.cpp:506
#12 0x00083477 in js_Interpret (cx=0x30bc50) at ../jsinterp.cpp:5149
#13 0x00095d2f in js_Execute (cx=0x30bc50, chain=0x2a6000, script=0x30d930, down=0x0, flags=0, result=0xbffff738) at jsinterp.cpp:1614
#14 0x0001dee6 in JS_ExecuteScript (cx=0x30bc50, obj=0x2a6000, script=0x30d930, rval=0xbffff738) at ../jsapi.cpp:5074
#15 0x00008676 in Process (cx=0x30bc50, obj=0x2a6000, filename=0x0, forceTTY=0) at ../../shell/js.cpp:505
#16 0x00009b02 in ProcessArgs (cx=0x30bc50, obj=0x2a6000, argv=0xbffff8f0, argc=0) at ../../shell/js.cpp:806
#17 0x0000af91 in main (argc=0, argv=0xbffff8f0, envp=0xbffff8f4) at ../../shell/js.cpp:4726
(gdb)
Summary: "Assertion failure: strncmp(rval, js_function_str, 8) == 0, at jsopcode.c" → "Assertion failure: strncmp(rval, js_function_str, 8) == 0, at jsopcode.c" or "Assertion failure: strncmp(rval, js_function_str, 8) == 0, at ../jsopcode.cpp"
|
Assignee | |
Updated•16 years ago
|
Assignee: general → igor
|
|
Reporter | |
Updated•15 years ago
|
Flags: wanted1.9.2?
|
|
Reporter | |
Updated•15 years ago
|
Flags: in-testsuite?
|
|
Reporter | |
Comment 5•15 years ago
|
||
(In reply to comment #1)
> On IRC, brendan suggested removing the bizarre syntax { foo: getter
> function(){} } from the parser.
The testcase no longer seems to assert.
changeset: 40653:e47d2506e0ad
user: Jeff Walden
date: Tue Oct 06 12:35:33 2009 -0700
summary: Bug 517580 - Unconditionally build with support for getters and setters, remove support for the deprecated { x getter: function() {}} and x getter= function() {} getter syntaxes (mutatis mutandis for setter) now that ES5 provides Object.getOwnPropertyDescriptor and Object.defineProperty and { get x() { } } syntax, and provide __{define,lookup}{G,S}etter__ only if a preprocessor variable is defined (unconditionally provided for the moment). r=luke
I think this is resolved by bug 517580.
Waldo / Luke / Igor, should this be resolved FIXED?
OS: Mac OS X → All
Hardware: x86 → All
|
|
Reporter | |
Comment 6•15 years ago
|
||
With an older build:
./js-dbg-64-jm-linux -j
js> uneval(new Function("({x setter: getter function(){}})"));
Assertion failure: strncmp(rval, js_function_str, 8) == 0, at ../jsopcode.cpp:4598
Aborted (core dumped)
With a build off TM changeset fe0495fbde4c:
~/Desktop/jsfunfuzz-dbg-64-tm-40656-fe0495fbde4c/patched$ ./js-dbg-64-tm-linux -j
js> uneval(new Function("({x setter: getter function(){}})"));
typein:1: SyntaxError: missing : after property id:
typein:1: ({x setter: getter function(){}})
typein:1: ....^
js>
|
||
Comment 7•15 years ago
|
||
Yeah, I killed the obsolete syntax necessary to cause this bug -- closing as INVALID.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
|
|
||
Comment 8•15 years ago
|
||
Wouldn't FIXED be the thing?
I've been waiting years (years!) for this bug to be fixed. Thanks again Waldo!
/be
|
|
||
Comment 9•15 years ago
|
||
To me FIXED implies something done that actively addressed the problem, not simply caused it never to happen. INVALID says either there was no problem or there is no problem, but not because a once-existing problem has been resolved. But it's been awhile since I was active enough in triage to say which meaning is truly canonical; I'm not going to waste any brain cells thinking more about which is more righteous. :-)
|
|
||
Comment 10•15 years ago
|
||
The bug reports an assert-botch, which really happened. Nothing invalid in filing a complaint about it. The patch for bug 517580 indeed cured the symptom. This is therefore FIXED.
/be
Resolution: INVALID → FIXED
|
|
Reporter | |
Updated•13 years ago
|
Flags: wanted1.9.2?
You need to log in
before you can comment on or make changes to this bug.
Description
•