Note: There are a few cases of duplicates in user autocompletion which are being worked on.

"Assertion failure: op2 == JSOP_POP || op2 == JSOP_POPV", trap on pop following setmethod

RESOLVED FIXED

Status

()

Product:
Core
Component:
JavaScript Engine
--
critical
RESOLVED FIXED
Reported:
6 years ago
Modified:
5 years ago

People

(Reporter: Jesse Ruderman, Assigned: billm)

Tracking

(Blocks: 1 bug, {assertion, regression, testcase})

Version:
Trunk
x86
Mac OS X
Keywords:
assertion, regression, testcase
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 attachment)

fix
1.30 KB, patch
dmandelin
: review+
Details | Diff | Splinter Review
(Reporter)

Description

6 years ago 
function f() { ({}).m = function(){}; }
dis(f);
trap(f, 11, '');
f();

Assertion failure: op2 == JSOP_POP || op2 == JSOP_POPV, at jsinterp.cpp:5510

flags: NULL_CLOSURE
main:
00000:  newobject ({})
00003:  endinit
00004:  lambda (function () {})
00007:  nullblockchain
00008:  setmethod "m"              <-- jsinterp dies here
00011:  pop                        <-- trap is here
00012:  stop

This assertion was added in:

changeset:   http://hg.mozilla.org/tracemonkey/rev/d03cc1038c7a
user:        Bill McCloskey
date:        Wed Oct 06 10:41:36 2010 -0700
summary:     Bug 601986 - Make blockchain determination faster for with, flat closures (r=igor)
(Assignee)

Comment 1

6 years ago 
Created attachment 532001 [details] [diff] [review]
fix

I just fixed this to overlook the trap opcode. We also directly access an opcode a little bit earlier in this code, but it's an optimization and I think it's okay to ignore JSOP_TRAP there.
Assignee: general → wmccloskey
Status: NEW → ASSIGNED
Attachment #532001 - Flags: review?(dmandelin)
Attachment #532001 - Flags: review?(dmandelin) → review+
 (Assignee)

Comment 2

6 years ago 
http://hg.mozilla.org/tracemonkey/rev/deccd0dc4a41
Whiteboard: fixed-in-tracemonkey

Comment 3

6 years ago 
cdleary-bot mozilla-central merge info:
http://hg.mozilla.org/mozilla-central/rev/deccd0dc4a41
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Comment 4

5 years ago 
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/bug656555.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.