Closed
Bug 621420
Opened 13 years ago
Closed 13 years ago
"Assertion failure: !vp->isPrimitive() && callee != &vp[0].toObject()"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 202019
People
(Reporter: jruderman, Assigned: adrake)
References
Details
(Keywords: assertion, regression, testcase)
Attachments
(1 file)
1.70 KB,
patch
|
Details | Diff | Splinter Review |
new (''.toLowerCase.bind()); Assertion failure: !vp->isPrimitive() && callee != &vp[0].toObject(), at jscntxtinlines.h:720
Reporter | ||
Comment 1•13 years ago
|
||
The first bad revision is: changeset: 32b049250e03 user: David Anderson date: Mon Oct 04 14:13:33 2010 -0700 summary: ICs for scripted new (bug 589398, r=luke,dmandelin).
Reporter | ||
Updated•13 years ago
|
Blocks: 589398
Keywords: regression
Assignee | ||
Comment 2•13 years ago
|
||
In InvokeConstructor, if a non-fast constructor returns a primitive object, the return value is forced to the 'this' that was handed to the constructor. Unfortunately, native string operations reassign 'this' to a string (which is primitive), causing the return value if they are used as a constructor to still be primitive. This propagates up through the native constructor for a bound function, which then triggers the assert. Prior versions simply set the return value to the object created directly, and ignored the (possibly reassigned) 'this'. I don't believe there are any cases where 'this' is legitimately assigned to a totally different object in a constructor, so this patch simply restores the old behavior. Also included in this patch is a regression test for the test suite.
Assignee: general → adrake
Status: NEW → ASSIGNED
Comment 3•13 years ago
|
||
(In reply to comment #2) Nice detective-ing. > In InvokeConstructor, if a non-fast constructor returns a primitive object, the I think you mean non-constructor native? If so, then I believe the problem you noted will go away with bug 202019 (which is r+'d and waiting to land).
Depends on: 202019
Assignee | ||
Comment 4•13 years ago
|
||
Yep, that fixes this issue too. Thanks for the heads up!
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•