Closed
Bug 656490
Opened 13 years ago
Closed 13 years ago
"Assertion failure: *cx->regs().pc == JSOP_EVAL" trapping eval op
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: luke)
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.94 KB,
patch
|
dmandelin
:
review+
|
Details | Diff | Splinter Review |
function f() { eval(''); }
dis(f);
trap(f, 6, '');
f();
Assertion failure: *cx->regs().pc == JSOP_EVAL, at jsobj.cpp:1294
flags: HEAVYWEIGHT
main:
00000: callname "eval"
00003: string ""
00006: eval 1 <-- trap goes here
00009: lineno 1
00012: nullblockchain
00013: pop
00014: stop
Source notes:
ofs line pc delta desc args
---- ---- ----- ------ -------- ------
0: 1 6 [ 6] pcbase offset 6
This testcase triggers the assertion all the way back to when the assertion (along with the function DirectEval in which it lives) was introduced:
changeset: http://hg.mozilla.org/tracemonkey/rev/8b7e0800ba3d
user: Luke Wagner
date: Fri Apr 08 10:52:51 2011 -0700
summary: Bug 602994 - Clean up eval, remove unneeded security checks, assert equivalence of principal lookup (r=waldo,mrbkap)
Maybe the assertion condition needs to use js_GetOpcode, like in bug 432361?
|
Assignee | |
Comment 1•13 years ago
|
||
Sounds like it.
|
|
Assignee | |
Comment 2•13 years ago
|
||
|
||
Updated•13 years ago
|
Attachment #535499 -
Flags: review?(dmandelin) → review+
|
|
Assignee | |
Comment 3•13 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/3476e2f644a8
Whiteboard: fixed-in-tracemonkey
|
||
Comment 4•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/3476e2f644a8
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•