Closed
Bug 520513
Opened 15 years ago
Closed 15 years ago
"Assertion failure: !(evalcg->flags & TCF_IN_FOR_INIT), at ../jsemit.cpp" or "Assertion failure: 0, at ../jsemit.cpp"
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.9.2
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta3-fixed |
| status1.9.1 | --- | ? |
People
(Reporter: gkw, Assigned: brendan)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.39 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
(function(){
var c;
eval("var c; for each(var c in s);");
})()
asserts js dbg shell on TM tip without -j at Assertion failure: !(evalcg->flags & TCF_IN_FOR_INIT), at ../jsemit.cpp:2171
autoBisecting soon...
|
Reporter | |
Comment 1•15 years ago
|
||
autoBisect shows this is probably related to bug 452498: The first bad revision is: changeset: 26784:2cf0bbe3772a user: Brendan Eich date: Sun Apr 05 21:17:22 2009 -0700 summary: upvar2, aka the big one take 2 (452498, r=mrbkap). The assertion then was Assertion failure: 0, at ../jsemit.cpp:4579 which then morphed into the present one sometime later.
Blocks: upvar2
status1.9.1:
--- → ?
Flags: blocking1.9.2?
Summary: "Assertion failure: !(evalcg->flags & TCF_IN_FOR_INIT), at ../jsemit.cpp" → "Assertion failure: !(evalcg->flags & TCF_IN_FOR_INIT), at ../jsemit.cpp" or "Assertion failure: 0, at ../jsemit.cpp"
|
Assignee | |
Updated•15 years ago
|
Assignee: general → brendan
Status: NEW → ASSIGNED
OS: Mac OS X → All
Priority: -- → P2
Hardware: x86 → All
Target Milestone: --- → mozilla1.9.2
|
|
Assignee | |
Comment 2•15 years ago
|
||
Similar bail-out from BindNameToSlot in the upvar-not-from-eval-in-function code was added earlier in BindNameToSlot for bug 470758. I cited both that bug and this one in the comment here. /be
Attachment #404775 -
Flags: review?(mrbkap)
|
||
Updated•15 years ago
|
Attachment #404775 -
Flags: review?(mrbkap) → review+
|
||
Updated•15 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
|
|
Assignee | |
Comment 4•15 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/f0e770f882c9 /be
Whiteboard: fixed-in-tracemonkey
|
|
Assignee | |
Comment 5•15 years ago
|
||
Followup warning fix: http://hg.mozilla.org/tracemonkey/rev/2f1bf725cfff /be
|
|
||
Comment 6•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/f0e770f882c9
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Comment 7•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e765a05161f4
status1.9.2:
--- → final-fixed
|
||
Comment 8•11 years ago
|
||
Automatically extracted testcase for this bug was committed: https://hg.mozilla.org/mozilla-central/rev/efaf8960a929
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•