Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 673710 - Assertion failure: top != 0, at jsopcode.cpp:1154
: Assertion failure: top != 0, at jsopcode.cpp:1154
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
: 673777 (view as bug list)
Depends on:
Blocks: 647624
  Show dependency treegraph
Reported: 2011-07-23 10:22 PDT by Jan de Mooij [:jandem]
Modified: 2011-07-25 11:35 PDT (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Jan de Mooij [:jandem] 2011-07-23 10:22:41 PDT
function f() {
    a[1, 2]++;
$ ./js test.js
Assertion failure: top != 0, at jsopcode.cpp:1154

JM repository, revision 4fbb36c1c9a3, 32-bit OS X. 
I have not bisected this but I'm pretty sure it's bug 647624.
Comment 1 Gary Kwong [:gkw] [:nth10sd] 2011-07-25 10:04:19 PDT
Here's another testcase:

+(function() {
    w([] = "", c--)()

Assertion failure: top != 0,
Comment 2 Brian Hackett (:bhackett) 2011-07-25 10:26:32 PDT
*** Bug 673777 has been marked as a duplicate of this bug. ***
Comment 3 Brian Hackett (:bhackett) 2011-07-25 11:35:59 PDT
Problem when decompiling portions of a script, where in the big switch we could end up in a situation where the pc points to an op which is followed by a decomposed version, but the case that has actually been processed was something totally different (from an '&&', '||' or ',' expression).  This fix just moves the decomposed check into the individual cases which have (or might have) decomposed versions.

It would be nice if the invariants in Decompile() were clearer.  There are several variables that look vaguely related to the current op (pc, len, oplen, op, cs), and it's not clear at all what relationships these have to one another.

Note You need to log in before you can comment on or make changes to this bug.