"Assertion failure: op2 == JSOP_POP || op2 == JSOP_POPV", trap on pop following setmethod
RESOLVED
FIXED
Status
()
People
(Reporter: jruderman, Assigned: billm)
Tracking
(Blocks: 1 bug, {assertion, regression, testcase})
Firefox Tracking Flags
(Not tracked)
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 attachment)
|
1.30 KB,
patch
|
dmandelin
:
review+
|
Details | Diff | Splinter Review |
function f() { ({}).m = function(){}; }
dis(f);
trap(f, 11, '');
f();
Assertion failure: op2 == JSOP_POP || op2 == JSOP_POPV, at jsinterp.cpp:5510
flags: NULL_CLOSURE
main:
00000: newobject ({})
00003: endinit
00004: lambda (function () {})
00007: nullblockchain
00008: setmethod "m" <-- jsinterp dies here
00011: pop <-- trap is here
00012: stop
This assertion was added in:
changeset: http://hg.mozilla.org/tracemonkey/rev/d03cc1038c7a
user: Bill McCloskey
date: Wed Oct 06 10:41:36 2010 -0700
summary: Bug 601986 - Make blockchain determination faster for with, flat closures (r=igor)
|
(Assignee) | |
Comment 1•8 years ago
|
||
Created attachment 532001 [details] [diff] [review] fix I just fixed this to overlook the trap opcode. We also directly access an opcode a little bit earlier in this code, but it's an optimization and I think it's okay to ignore JSOP_TRAP there.
|
||
Updated•8 years ago
|
Attachment #532001 -
Flags: review?(dmandelin) → review+
|
|
(Assignee) | |
Comment 2•8 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/deccd0dc4a41
Whiteboard: fixed-in-tracemonkey
|
||
Comment 3•8 years ago
|
||
cdleary-bot mozilla-central merge info: http://hg.mozilla.org/mozilla-central/rev/deccd0dc4a41
|
|
||
Updated•8 years ago
|
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
|
||
Comment 4•6 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/bug656555.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•