Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 643847 - "Assertion failure: !entry->vindex,"
: "Assertion failure: !entry->vindex,"
: assertion, regression, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- critical (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: 596805 630996
  Show dependency treegraph
Reported: 2011-03-22 11:58 PDT by Gary Kwong [:gkw] [:nth10sd]
Modified: 2013-01-19 13:59 PST (History)
5 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Gary Kwong [:gkw] [:nth10sd] 2011-03-22 11:58:04 PDT
function f(o) {
  o.constructor = function() {};
function(v) {});
Object.defineProperty(__proto__, 'constructor', {
  writable: true,

asserts js debug shell on TM changeset c811be25eaad without -m nor -j at Assertion failure: entry->vcapTag() == 0

Not the smallest regression window:
Comment 1 Gary Kwong [:gkw] [:nth10sd] 2011-03-22 12:03:34 PDT
Tested on 64-bit shell.
Comment 2 Gary Kwong [:gkw] [:nth10sd] 2011-03-25 03:23:02 PDT
Testing on 32-bit shell in 64-bit Ubuntu Linux 10.04,

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   54587:7ef107ab081e
user:        Brendan Eich
date:        Thu Sep 16 11:56:54 2010 -0700
summary:     Fix shape vs. slot management under putProperty, plus related layering and error reporting fixes (596805, r=jorendorff).

This means the regression window in comment #0 is incorrect.
Comment 3 Gary Kwong [:gkw] [:nth10sd] 2011-12-08 11:59:55 PST
Still occurs in m-c changeset 5c8405e6226e which has now morphed to:

Assertion failure: !entry->vindex,
Comment 4 Christian Holler (:decoder) 2011-12-08 12:02:36 PST
Could be a duplicate of bug 637202.
Comment 5 Gary Kwong [:gkw] [:nth10sd] 2011-12-31 19:33:10 PST
Fixed by bug 713944.
Comment 6 Christian Holler (:decoder) 2013-01-19 13:59:22 PST
Automatically extracted testcase for this bug was committed:

Note You need to log in before you can comment on or make changes to this bug.