As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 620407 - JM: "Assertion failure: tpa == TPA_Error,"
: JM: "Assertion failure: tpa == TPA_Error,"
: assertion, regression, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- critical (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: jsfunfuzz
  Show dependency treegraph
Reported: 2010-12-20 09:04 PST by Gary Kwong [:gkw] [:nth10sd]
Modified: 2011-11-03 11:44 PDT (History)
7 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image Gary Kwong [:gkw] [:nth10sd] 2010-12-20 09:04:37 PST
JSON.parse(function() {},
    function() {
        for (a = 0; a < 1; a++) {}

asserts js debug shell on TM changeset 35697ebafa6c with -m and -j at Assertion failure: tpa == TPA_Error,
Comment 1 User image Gary Kwong [:gkw] [:nth10sd] 2010-12-24 04:10:43 PST
autoBisect shows this is probably related to bug 603044:

Due to skipped revisions, the first bad revision could be any of:
changeset:   55675:e000b5963fde
user:        David Anderson
date:        Fri Oct 15 11:36:56 2010 -0700
summary:     Remove JSOP_BEGIN and fix tracer integration issues (bug 603044, r=luke+dmandelin).

changeset:   55676:ae031ec5ad63
user:        David Anderson
date:        Mon Oct 18 20:30:36 2010 -0700
summary:     Build bustage fix.
Comment 2 User image David Anderson [:dvander] 2011-01-03 13:31:34 PST
This bug is somewhere in json.cpp - it looks like parsing fails, setting cx->throwing in the process. But it gets revived in js_FinishJSONParse, which executes code with a pending exception already set.
Comment 3 User image Gary Kwong [:gkw] [:nth10sd] 2011-08-11 12:11:18 PDT
Resolving FIXED, the assertion no longer shows. After the changeset below landed, it now shows a message related to SyntaxError: JSON.parse

autoBisect shows this is probably related to the following changeset:

The first good revision is:
changeset:   62353:f569d49576bb
user:        Bill McCloskey
date:        Fri Feb 11 16:31:32 2011 -0800
summary:     Bug 631951 - Shrink methodjit memory usage by interpreting a few times before compiling (r=dvander)
Comment 4 User image Jesse Ruderman 2011-08-15 01:12:05 PDT
Does the autoBisect result change if you use -a?
Comment 5 User image Gary Kwong [:gkw] [:nth10sd] 2011-11-03 11:44:51 PDT
(In reply to Jesse Ruderman from comment #4)
> Does the autoBisect result change if you use -a?

Yes, it does, good point:

autoBisect shows this is probably related to the following changeset:

The first good revision is:
changeset:   67934:6c8becdd1574
user:        Jeff Walden
date:        Wed Mar 23 16:34:53 2011 -0700
summary:     Bug 589664 - Rewrite the JSON parser.  r=njn, anticipating more review but getting it in-tree now for simplicity, even if more changes need to be made later

Note You need to log in before you can comment on or make changes to this bug.