Closed Bug 700792 Opened 11 years ago Closed 11 years ago

[ObjShrink] "Assertion failure: isScope()," with trap

Categories

(Core :: JavaScript Engine, defect)

x86
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: gkw, Assigned: bhackett1024)

References

Details

(Keywords: assertion, regression, testcase)

Attachments

(2 files)

Attached file stack
f = Function("\
    for(let z in [0,,,,,,,0]) {\
        for each (let z in [,,,,,,,,0,,0]) {\
            print(<y/>)\
        }\
    }\
")
trap(f, 155, '')
f()

asserts js debug shell on JM changeset 1210706b4576 with patch v1 from bug 697279 with -d at Assertion failure: isScope(),

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   78136:7b634ad714fd
user:        Brian Hackett
date:        Wed Oct 12 22:29:43 2011 -0700
summary:     Move scope chains of scope objects to reserved slots, bug 694247.
Attached patch patchSplinter Review
Property cache entries are only filled when all the scope objects are internal (call/block/etc.) or global, and when testing PropertyCache::fullTest assumed an isomorphic chain.  This breaks in debug mode as the debugger can induce construction of new scope objects.

This behavior of lazily creating new scope objects doesn't seem outright wrong but does seem pretty weird.  Will this be going away with bug 659577?
Assignee: general → bhackett1024
Attachment #573238 - Flags: review?(luke)
https://hg.mozilla.org/projects/jaegermonkey/rev/0c887d263ec6
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
(In reply to Brian Hackett from comment #1)
> This behavior of lazily creating new scope objects doesn't seem outright
> wrong but does seem pretty weird.  Will this be going away with bug 659577?

They may be created, but they won't be inserted onto the frame's scope chain.  Rather, they will just be on the (new) scope chain for the debugger's eval.
Attachment #573238 - Flags: review?(luke) → review+
You need to log in before you can comment on or make changes to this bug.