Closed
Bug 656490
Opened 13 years ago
Closed 13 years ago
"Assertion failure: *cx->regs().pc == JSOP_EVAL" trapping eval op
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: luke)
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
1.94 KB,
patch
|
dmandelin
:
review+
|
Details | Diff | Splinter Review |
function f() { eval(''); } dis(f); trap(f, 6, ''); f(); Assertion failure: *cx->regs().pc == JSOP_EVAL, at jsobj.cpp:1294 flags: HEAVYWEIGHT main: 00000: callname "eval" 00003: string "" 00006: eval 1 <-- trap goes here 00009: lineno 1 00012: nullblockchain 00013: pop 00014: stop Source notes: ofs line pc delta desc args ---- ---- ----- ------ -------- ------ 0: 1 6 [ 6] pcbase offset 6 This testcase triggers the assertion all the way back to when the assertion (along with the function DirectEval in which it lives) was introduced: changeset: http://hg.mozilla.org/tracemonkey/rev/8b7e0800ba3d user: Luke Wagner date: Fri Apr 08 10:52:51 2011 -0700 summary: Bug 602994 - Clean up eval, remove unneeded security checks, assert equivalence of principal lookup (r=waldo,mrbkap) Maybe the assertion condition needs to use js_GetOpcode, like in bug 432361?
Assignee | ||
Comment 1•13 years ago
|
||
Sounds like it.
Assignee | ||
Comment 2•13 years ago
|
||
Updated•13 years ago
|
Attachment #535499 -
Flags: review?(dmandelin) → review+
Assignee | ||
Comment 3•13 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/3476e2f644a8
Whiteboard: fixed-in-tracemonkey
Comment 4•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/3476e2f644a8
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•