Closed Bug 653262 Opened 13 years ago Closed 13 years ago

TI: Assertion failure: isScriptFrame(), at ../jsinterp.h:329

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: assertion, testcase) 

The following testcase asserts on TI revision 09cce9915b80 (run with -m -n -a),
tested on 64 bit:

const HAVE_TM = 'tracemonkey' in this;
const HOTLOOP = HAVE_TM ? tracemonkey : 8;
with(evalcx(''))(function eval() {}, this.__defineGetter__("x", Function));
var i = 0;
var o;
new(x);



I'm not sure if it's valid due to the evalcx call in there.
When invoking a constructor on a dummy frame we would query the current frame's script to check whether to create a unique type object for the result.  Needed a guard to check the frame actually has a script.

http://hg.mozilla.org/projects/jaegermonkey/rev/f85a663ce75a
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/bug653262.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.