Closed
Bug 587434
Opened 14 years ago
Closed 14 years ago
JM: IsSaneThisObject assertion failure on CALLXMLNAME
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: gkw, Assigned: cdleary)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.46 KB,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
(function() {
function::a(eval("false"), true);
function a({}) {}
})()
asserts js debug shell on JM changeset 89b775191b9d without -m nor -j at Assertion failure: IsSaneThisObject(vp[1].toObject()), at ../jsinterp.cpp:4734
|
Assignee | |
Updated•14 years ago
|
Assignee: general → cdleary
Status: NEW → ASSIGNED
|
||
Updated•14 years ago
|
blocking2.0: --- → beta5+
|
|
||
Updated•14 years ago
|
blocking2.0: beta5+ → betaN+
|
|
Assignee | |
Comment 1•14 years ago
|
||
Slow push thisv on CALLXMLNAME checks to make sure we're not pushing a call object onto the stack, sets |this| to NULL.
Attachment #468830 -
Flags: review?(jorendorff)
|
||
Updated•14 years ago
|
Attachment #468830 -
Flags: review?(jorendorff) → review+
|
|
Assignee | |
Comment 2•14 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/9ce0b72525ba
Summary: JM: "Assertion failure: IsSaneThisObject(vp[1].toObject())," → JM: IsSaneThisObject assertion failure on CALLXMLNAME
Whiteboard: fixed-in-tracemonkey
|
||
Updated•14 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Comment 3•12 years ago
|
||
A testcase for this bug was automatically identified at js/src/tests/e4x/Regress/regress-587434.js.
Flags: in-testsuite+
|
|
Reporter | |
Comment 4•11 years ago
|
||
Testcases have been landed by virtue of being marked in-testsuite+ -> VERIFIED as well.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•