Last Comment Bug 676486 - TM: Assertion failure: hasArgs(), at vm/Stack-inl.h:271
: TM: Assertion failure: hasArgs(), at vm/Stack-inl.h:271
: assertion, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Linux
-- critical (vote)
: mozilla8
Assigned To: Luke Wagner [:luke]
: Jason Orendorff [:jorendorff]
Depends on: 674843
Blocks: langfuzz
  Show dependency treegraph
Reported: 2011-08-04 03:03 PDT by Christian Holler (:decoder)
Modified: 2013-01-14 08:46 PST (History)
5 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fix and test (1.45 KB, patch)
2011-08-04 10:17 PDT, Luke Wagner [:luke]
jwalden+bmo: review+
Details | Diff | Splinter Review

Description User image Christian Holler (:decoder) 2011-08-04 03:03:35 PDT
The following testcase asserts on m-i revision 1d1c771a3aba (run with -j -m), tested on 64 bit.

function test() {
    var proxy = Proxy.createFunction(
    function() { 
        return (function () { with (arguments) { eval("foo") } })(); 
    assertEq((new proxy()).origin, "new");

The first bad revision is:
changeset:   73673:8bff20b3f8db
user:        Luke Wagner
date:        Tue Aug 02 09:21:51 2011 -0700
summary:     Bug 674843 - Censor pushed-but-not-active InvokeSessionGuard frames from the debugger's view (r=waldo)
Comment 1 User image Luke Wagner [:luke] 2011-08-04 10:15:27 PDT
It looks like this is debug-only and AFAICS, it wouldn't even be possible except for the bug described in bug 670071 comment 2.
Comment 2 User image Luke Wagner [:luke] 2011-08-04 10:17:54 PDT
Created attachment 550736 [details] [diff] [review]
fix and test

Thanks for the reduced test case!
Comment 4 User image Marco Bonardo [::mak] 2011-08-06 03:00:53 PDT
Comment 5 User image Christian Holler (:decoder) 2013-01-14 08:46:03 PST
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug676486.js.

Note You need to log in before you can comment on or make changes to this bug.