"Assertion failure: obj->isNative()" with proxy, eval

RESOLVED DUPLICATE of bug 566000

Status

()

P2
critical
RESOLVED DUPLICATE of bug 566000
9 years ago
9 years ago

People

(Reporter: jruderman, Unassigned)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
assertion, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
eval('d', Proxy.create({}, this));

Assertion failure: obj->isNative(), at ../jsobj.cpp:3779

Comment 1

9 years ago
That's an interesting stack:

#0  0x0000000100150ba6 in JS_Assert (s=0x1001da55a "obj->isNative()", file=0x1001e8155 "../jsobj.cpp", ln=3779) at ../jsutil.cpp:77
#1  0x00000001000c162b in js_FindClassObject (cx=0x10083c800, start=0x0, protoKey=JSProto_TypeError, vp=0x7fff5fbfd9e0, clasp=0x0) at ../jsobj.cpp:3779
#2  0x00000001000c1881 in js_GetClassPrototype (cx=0x10083c800, scope=0x101402200, protoKey=JSProto_TypeError, protop=0x7fff5fbfda98, clasp=0x0) at ../jsobj.cpp:5690
#3  0x000000010006b73e in js_ErrorToException (cx=0x10083c800, message=0x1004141b0 "has is not a function", reportp=0x7fff5fbfdb80, callback=0x1000366b1 <js_GetErrorMessage(void*, char const*, unsigned int)>, userRef=0x0) at ../jsexn.cpp:1157
#4  0x0000000100039364 in ReportError (cx=0x10083c800, message=0x1004141b0 "has is not a function", reportp=0x7fff5fbfdb80, callback=0x1000366b1 <js_GetErrorMessage(void*, char const*, unsigned int)>, userRef=0x0) at ../jscntxt.cpp:1644
#5  0x000000010003a778 in js_ReportErrorNumberVA (cx=0x10083c800, flags=0, callback=0x1000366b1 <js_GetErrorMessage(void*, char const*, unsigned int)>, userRef=0x0, errorNumber=22, charArgs=1, ap=0x7fff5fbfdc40) at ../jscntxt.cpp:1997
#6  0x0000000100010526 in JS_ReportErrorNumber (cx=0x10083c800, errorCallback=0x1000366b1 <js_GetErrorMessage(void*, char const*, unsigned int)>, userRef=0x0, errorNumber=22) at ../jsapi.cpp:5351
#7  0x00000001001034df in GetTrap (cx=0x10083c800, handler=0x1014021c0, atom=0x101400c24, fvalp=0x7fff5fbfddb8) at ../jsproxy.cpp:292
#8  0x0000000100103551 in Trap (cx=0x10083c800, handler=0x1014021c0, atom=0x101400c24, argc=1, argv=0x7fff5fbfde30, rval=0x7fff5fbfde18) at ../jsproxy.cpp:314
#9  0x0000000100103e79 in JSProxy::has (cx=0x10083c800, proxy=0x101402200, id=4297462356, bp=0x7fff5fbfdeaf) at ../jsproxy.cpp:524
#10 0x0000000100103f79 in proxy_LookupProperty (cx=0x10083c800, obj=0x101402200, id=4297462356, objp=0x7fff5fbfdf68, propp=0x7fff5fbfdf60) at ../jsproxy.cpp:620
#11 0x000000010000b164 in JSObject::lookupProperty (this=0x101402200, cx=0x10083c800, id=4297462356, objp=0x7fff5fbfdf68, propp=0x7fff5fbfdf60) at jsobj.h:629
#12 0x00000001000c00d2 in js_FindPropertyHelper (cx=0x10083c800, id=4297462356, cacheResult=1, objp=0x7fff5fbfe3e8, pobjp=0x7fff5fbfe3e0, propp=0x7fff5fbfe3a0) at ../jsobj.cpp:4516
#13 0x0000000100099172 in js_Interpret (cx=0x10083c800) at jsops.cpp:2203
#14 0x00000001000aaf50 in js_Execute (cx=0x10083c800, chain=0x101402200, script=0x100414650, down=0x0, flags=16, result=0x1010000d8) at jsinterp.cpp:835
#15 0x00000001000c8585 in obj_eval () at ../jsobj.cpp:1338
#16 0x00000001000989da in js_Interpret (cx=0x10083c800) at jsops.cpp:2146
#17 0x00000001000aaf50 in js_Execute (cx=0x10083c800, chain=0x101402000, script=0x1004147b0, down=0x0, flags=0, result=0x0) at jsinterp.cpp:835
#18 0x0000000100012463 in JS_ExecuteScript (cx=0x10083c800, obj=0x101402000, script=0x1004147b0, rval=0x0) at ../jsapi.cpp:4774
#19 0x000000010000a2d1 in Process (cx=0x10083c800, obj=0x101402000, filename=0x7fff5fbffa95 "x.js", forceTTY=0) at ../../shell/js.cpp:452
#20 0x000000010000af15 in ProcessArgs (cx=0x10083c800, obj=0x101402000, argv=0x7fff5fbff948, argc=1) at ../../shell/js.cpp:866
#21 0x000000010000b090 in main (argc=1, argv=0x7fff5fbff948, envp=0x7fff5fbff958) at ../../shell/js.cpp:5107

Comment 2

9 years ago
#1  0x00000001000c162b in js_FindClassObject (cx=0x10083c800, start=0x0, protoKey=JSProto_TypeError, vp=0x7fff5fbfd9e0, clasp=0x0) at ../jsobj.cpp:3779
3779	    JS_ASSERT(obj->isNative());
(gdb) l
3774	        if (!atom)
3775	            return false;
3776	        id = ATOM_TO_JSID(atom);
3777	    }
3778	
3779	    JS_ASSERT(obj->isNative());
3780	    if (js_LookupPropertyWithFlags(cx, obj, id, JSRESOLVE_CLASSNAME,
3781	                                   &pobj, &prop) < 0) {
3782	        return JS_FALSE;
3783	    }
(gdb) l
3784	    v = JSVAL_VOID;
3785	    if (prop)  {
3786	        if (pobj->isNative()) {
3787	            sprop = (JSScopeProperty *) prop;
3788	            if (SPROP_HAS_VALID_SLOT(sprop, pobj->scope())) {
3789	                v = pobj->lockedGetSlot(sprop->slot);
3790	                if (JSVAL_IS_PRIMITIVE(v))
3791	                    v = JSVAL_VOID;
3792	            }
3793	        }
(gdb) l
3794	        pobj->dropProperty(cx, prop);
3795	    }
3796	    *vp = v;
3797	    return JS_TRUE;
3798	}

Updated

9 years ago
Blocks: 566818

Updated

9 years ago
No longer blocks: 566818
OS: Mac OS X → All
Priority: -- → P2
Hardware: x86 → All

Updated

9 years ago
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 566000
You need to log in before you can comment on or make changes to this bug.