Closed
Bug 683470
Opened 14 years ago
Closed 14 years ago
"Assertion failure: *f.regs.pc == JSOP_CALL || *f.regs.pc == JSOP_NEW || *f.regs.pc == JSOP_EVAL || *f.regs.pc == JSOP_FUNCALL || *f.regs.pc == JSOP_FUNAPPLY," with trap
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla9
People
(Reporter: gkw, Assigned: luke)
Details
(Keywords: assertion, testcase, Whiteboard: [js-triage-done])
Attachments
(2 files)
|
2.13 KB,
text/plain
|
Details | |
|
1.54 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
f = (function() {
function b() {
"use strict";
Object.defineProperty(this, "x", ({}));
}
for each(let d in [0, 0]) {
try {
b(d);
} catch (e) {}
}
})
dis(f)
trap(f, 54, undefined);
f()
asserts js debug shell on MC changeset fcca99426576 with -m, -a and -d at Assertion failure: *f.regs.pc == JSOP_CALL || *f.regs.pc == JSOP_NEW || *f.regs.pc == JSOP_EVAL || *f.regs.pc == JSOP_FUNCALL || *f.regs.pc == JSOP_FUNAPPLY,
|
Reporter | |
Comment 1•14 years ago
|
||
Not sure if this is related to TI, the assert seems to be at methodjit/InvokeHelpers.cpp:188
|
|
Assignee | |
Comment 2•14 years ago
|
||
Oops, assert should use js_GetOpcode.
|
|
||
Updated•14 years ago
|
Attachment #557344 -
Flags: review?(dvander) → review+
|
|
Assignee | |
Comment 3•14 years ago
|
||
Whiteboard: js-triage-needed → [js-triage-done][inbound]
|
|
||
Comment 4•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [js-triage-done][inbound] → [js-triage-done]
Target Milestone: --- → mozilla9
|
||
Comment 5•13 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug683470.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•