Closed
Bug 700792
Opened 13 years ago
Closed 13 years ago
[ObjShrink] "Assertion failure: isScope()," with trap
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gkw, Assigned: bhackett1024)
References
Details
(Keywords: assertion, regression, testcase)
Attachments
(2 files)
3.44 KB,
text/plain
|
Details | |
725 bytes,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
f = Function("\
for(let z in [0,,,,,,,0]) {\
for each (let z in [,,,,,,,,0,,0]) {\
print(<y/>)\
}\
}\
")
trap(f, 155, '')
f()
asserts js debug shell on JM changeset 1210706b4576 with patch v1 from bug 697279 with -d at Assertion failure: isScope(),
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: 78136:7b634ad714fd
user: Brian Hackett
date: Wed Oct 12 22:29:43 2011 -0700
summary: Move scope chains of scope objects to reserved slots, bug 694247.
Assignee | ||
Comment 1•13 years ago
|
||
Property cache entries are only filled when all the scope objects are internal (call/block/etc.) or global, and when testing PropertyCache::fullTest assumed an isomorphic chain. This breaks in debug mode as the debugger can induce construction of new scope objects.
This behavior of lazily creating new scope objects doesn't seem outright wrong but does seem pretty weird. Will this be going away with bug 659577?
Assignee: general → bhackett1024
Attachment #573238 -
Flags: review?(luke)
Assignee | ||
Comment 2•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
![]() |
||
Comment 3•13 years ago
|
||
(In reply to Brian Hackett from comment #1)
> This behavior of lazily creating new scope objects doesn't seem outright
> wrong but does seem pretty weird. Will this be going away with bug 659577?
They may be created, but they won't be inserted onto the frame's scope chain. Rather, they will just be on the (new) scope chain for the debugger's eval.
![]() |
||
Updated•13 years ago
|
Attachment #573238 -
Flags: review?(luke) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•