Closed
Bug 732860
Opened 12 years ago
Closed 12 years ago
IonMonkey: Assertion failure: index < natoms, at ../../jsscript.h:735
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: decoder, Assigned: nbp)
References
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
1.71 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
The following testcase asserts on ionmonkey revision 1fd6c40d3852 (run with --ion -n -m --ion-eager): function trySetProperty(o, p, v, strict) { function strictSetProperty() { "use strict"; o[p] = v; } try { strictSetProperty(); } catch (e) { return "throw"; } } var slowArray = [1, 2, 3]; var objs = [{}, { 1: 2 }, { a: 3 }, [], [00 ], [, 1], slowArray, function a(){}, /a/]; for (var i = 0, sz = objs.length; i < sz; i++) { var o = objs[i]; var o2 = Object.preventExtensions(o); assertEq(trySetProperty(o, "baz", 17, true), "throw", "object " + i); }
Assignee | ||
Updated•12 years ago
|
Assignee: general → nicolas.b.pierron
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•12 years ago
|
||
Attachment #605575 -
Flags: review?(dvander)
Comment on attachment 605575 [details] [diff] [review] Fix Pc recovery in js_DecompileValueGenerator Review of attachment 605575 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/jsopcode.cpp @@ +5674,5 @@ > if (!cx->hasfp() || !cx->fp()->isScriptFrame()) > goto do_fallback; > > fp = js_GetTopStackFrame(cx, FRAME_EXPAND_ALL); > + script = cx->stack.currentScript(&pc); Nice catch. I'm concerned about that js_GetTopStackFrame call there, but we can worry about it later :)
Attachment #605575 -
Flags: review?(dvander) → review+
Assignee | ||
Comment 3•12 years ago
|
||
https://hg.mozilla.org/projects/ionmonkey/rev/e5b9b7441a4e
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 5•11 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/ion/bug732860.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•