Closed
Bug 496870
Opened 15 years ago
Closed 15 years ago
"Assertion failure: op == JSOP_ADD, at ../jsopcode.cpp"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta1-fixed |
People
(Reporter: gkw, Assigned: mrbkap)
Details
(4 keywords, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
979 bytes,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
"" + new Function("<x{[]%\"\"}/>");
asserts TM debug js shell without -j at Assertion failure: op == JSOP_ADD, at ../jsopcode.cpp:2102
|
Reporter | |
Comment 1•15 years ago
|
||
This seems ancient. The testcase asserts in 01012006 CVS checkout but not in 01012003 CVS checkout. This is in no way blocking1.9.1 since it's been present for so long but as per previous experience, will be good to first have some opinion as to the severity of this bug, just-in-case.
Keywords: regression,
regressionwindow-wanted
|
||
Comment 2•15 years ago
|
||
Slightly cleaner testcase:
"" + (function(){ <x{y*0}/> })Keywords: regressionwindow-wanted
|
|
Reporter | |
Updated•15 years ago
|
Flags: blocking1.9.2?
|
Assignee | |
Comment 3•15 years ago
|
||
The fuzzer owes me a beer for fixing an E4X bug. Or Gary, either one. :)
|
||
Updated•15 years ago
|
Attachment #382190 -
Flags: review?(jwalden+bmo) → review+
|
||
Comment 4•15 years ago
|
||
Blake, this had your name all over it :-P. /be
|
|
Assignee | |
Comment 5•15 years ago
|
||
An additional testcase that misbehaved:
function() <x{y+0}/>
was returning
function() <x{y0}/>
due to the same problem.|
|
Assignee | |
Comment 6•15 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/f50409fe63ed
Whiteboard: fixed-in-tracemonkey
|
||
Comment 7•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/f50409fe63ed
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Flags: blocking1.9.2? → blocking1.9.2+
Resolution: --- → FIXED
|
|
Reporter | |
Comment 8•15 years ago
|
||
The patch applies as-is on the 1.9.1 branch. Should it land on 1.9.1?
Flags: wanted1.9.1?
|
|
||
Updated•15 years ago
|
Flags: wanted1.9.1? → wanted1.9.1+
|
|
||
Comment 9•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/62dae27ab113
Keywords: fixed1.9.1
|
|
Reporter | |
Updated•15 years ago
|
Flags: in-testsuite?
|
||
Comment 10•15 years ago
|
||
Mass change: adding fixed1.9.2 keyword (This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)
Keywords: fixed1.9.2
|
||
Updated•15 years ago
|
status1.9.2:
--- → beta1-fixed
Keywords: fixed1.9.2
|
||
Comment 11•11 years ago
|
||
E4X has been removed, so we won't add the test.
Flags: in-testsuite? → in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•