Closed
Bug 592226
Opened 14 years ago
Closed 14 years ago
"Assertion failure: !JSID_IS_VOID(lastProp->id)," with gc
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
| status1.9.2 | --- | unaffected |
| status1.9.1 | --- | unaffected |
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: assertion, regression, testcase)
x = Proxy.create((function () {
return {
get: Object.create
}
})([]), "")
try {
(function () {
for each(l in [0]) {
print(x)
}
})()
} catch (e) {}
gc()
for each(let a in [0]) {
print(x)
}
asserts js debug shell on TM changeset e8ee411dca70 without -j at Assertion failure: !JSID_IS_VOID(lastProp->id), when passed in as a CLI argument.
s-s because this involves gc..
|
Reporter | |
Updated•14 years ago
|
blocking2.0: --- → ?
|
|
Reporter | |
Comment 1•14 years ago
|
||
Probably related to bug 558451.
Regression window:
http://hg.mozilla.org/tracemonkey/pushloghtml?fromchange=be9979b4c10b&tochange=f3e58c264932
Blocks: 558451
|
||
Updated•14 years ago
|
status1.9.1:
--- → unaffected
status1.9.2:
--- → unaffected
|
||
Updated•14 years ago
|
blocking2.0: ? → betaN+
|
||
Comment 2•14 years ago
|
||
Another WFM that wants to be FIXED with fix-patch bug citation.
/be
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
|
||
Comment 3•14 years ago
|
||
The first good revision is:
changeset: 52696:ef7cd335c64e
parent: 52694:d575f16c7f55
parent: 51607:f3e58c264932
user: David Mandelin <dmandelin@mozilla.com>
date: Mon Aug 30 15:19:36 2010 -0700
summary: [JAEGER] Merge from Tracemonkey.
|
|
||
Comment 4•14 years ago
|
||
The common ancestor of those changesets is the completely busted:
changeset: 51604:e5958cd4a135
user: Brendan Eich <brendan@mozilla.org>
date: Sun Aug 29 11:57:08 2010 -0700
summary: Merge JSScope into JSObject and JSScopeProperty (now js::Shape; bug 558451, r=jorendorff).
|
|
||
Comment 5•14 years ago
|
||
I suspect hg bisect is correct, but it's hard to tell. And if it is correct, we don't really know what fixed the bug.
In the future, PLEASE don't land on top of brokenness and then back out the brokenness by hand. And for the sake of all that is sane, don't merge between project branches unless both are green.
|
|
||
Comment 6•14 years ago
|
||
Brendan says "if bug 595365 was not involved in fixing the problem, then it must have been bug 593256".
Resolution: WORKSFORME → FIXED
|
|
||
Updated•14 years ago
|
Group: core-security
|
||
Comment 7•12 years ago
|
||
Automatically extracted testcase for this bug was committed:
https://hg.mozilla.org/mozilla-central/rev/efaf8960a929
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•