|
10.34 KB,
patch
|
dmandelin
:
review+
|
Details | Diff | Splinter Review |
The following test asserts on mozilla-central revision 959c1e6bdb11 (options -m -n -a):
gczeal(2);
string=""
for (var i = 0; i < 100; i++ )
hex=newGlobal('same-compartment');
S-s for now because this is GC related.
|
||
Comment 1•6 years ago
|
||
I got this too in jsfunfuzz.
|
||
Comment 2•6 years ago
|
||
And I get this in the browser with RandomJS. (My testcase also uses gczeal.)
|
(Assignee) | |
Comment 3•6 years ago
|
||
Created attachment 562481 [details] [diff] [review] fix This was a bogus assertion, unfortunately. The setOwnerObject call was supposed to happen right after setting u.i.script. But that inadvertently got broken in a few places. I've added a setter to make it less likely for this to happen again.
|
|
(Assignee) | |
Comment 4•6 years ago
|
||
Also, not S-S. Except for the assertion, the code was fine.
|
||
Updated•6 years ago
|
||
|
|
(Assignee) | |
Comment 5•6 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f7cf12c7ae38
|
||
Comment 6•6 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/f7cf12c7ae38
|
(Reporter) | |
Comment 7•5 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/bug688939.js.
Description
•