Closed
Bug 566556
Opened 15 years ago
Closed 15 years ago
"Assertion failure: bytes != 0" with defineSetter, watch
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: luke)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
847 bytes,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
this.__defineSetter__('x', Object.create);
this.watch('x', function() {});
x = 3;
Assertion failure: bytes != 0, at ../jscntxt.h:1941
|
||
Comment 1•15 years ago
|
||
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: 41905:a00078178698
user: Luke Wagner
date: Wed Mar 03 17:52:26 2010 -0800
summary: Bug 540706 - use contiguous buffer for stack frames and slots (r=waldo)
|
|
Assignee | |
Comment 2•15 years ago
|
||
Oh, decompiler. js_watch_set places a frame for an empty function, with nslots == 0, which, before this patch, (regs.sp == NULL) was catching. To have fewer corner cases, the contiguous stack patch always keeps regs.sp != NULL (regs.sp == fp->slots() for empty scripts and slow natives), hence the 0-byte malloc.
|
|
Assignee | |
Comment 3•15 years ago
|
||
Oops, pretend I added the test case in comment 0.
Thanks Jesse and Gary!
|
||
Updated•15 years ago
|
Attachment #445987 -
Flags: review?(jwalden+bmo) → review+
|
|
Assignee | |
Comment 4•15 years ago
|
||
Whiteboard: fixed-in-tracemonkey
|
||
Comment 5•15 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Comment 6•12 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug566556.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•