Closed
Bug 741204
Opened 13 years ago
Closed 13 years ago
IonMonkey: Crash [@ JSAutoByteString::ptr] with iterator
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 732852
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: crash, testcase, Whiteboard: [jsbugmon:update,ignore])
Crash Data
The following testcase crashes on ionmonkey revision e96d5b1f47b8 (run with --ion -n -m --ion-eager):
var a = {y: 1};
function B(){}
var b = new B;
var arr = [a, b];
for each (var obj in arr)
obj.x = 2;
reportCompare(expect, actual, summary);
|
Reporter | |
Comment 1•13 years ago
|
||
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000403dbc in JSAutoByteString::ptr (this=0x0) at ../dist/include/js/Vector.h:293
293 return mBegin;
(gdb) bt
#0 0x0000000000403dbc in JSAutoByteString::ptr (this=0x0) at ../dist/include/js/Vector.h:293
#1 0x0000000000404606 in js::ObjectImpl::lastProperty (this=0x0) at ../../vm/ObjectImpl.h:266
#2 0x0000000000405bf8 in js::ObjectImpl::getClass (this=0x0) at ../../vm/ObjectImpl-inl.h:245
#3 0x0000000000405c1e in js::ObjectImpl::hasClass (this=0x0, c=0x9e5720) at ../../vm/ObjectImpl-inl.h:257
#4 0x00000000004e2001 in JSObject::isIterator (this=0x0) at ../jsobjinlines.h:792
#5 0x000000000050181b in js::CloseIterator (cx=0xa32d30, obj=0x0) at /srv/repos/ionmonkey/js/src/jsiter.cpp:936
#6 0x000000000050193e in js::UnwindIteratorForException (cx=0xa32d30, obj=0x0) at /srv/repos/ionmonkey/js/src/jsiter.cpp:967
#7 0x000000000074bc2e in js::ion::HandleException (rfe=0x7fffffffbb08) at /srv/repos/ionmonkey/js/src/ion/IonFrames.cpp:394
#8 0x00007ffff7fb6ce2 in ?? ()
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [jsbugmon:update]
|
|
Reporter | |
Comment 2•13 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 67bf9a4a1f77).
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [jsbugmon:update] → [jsbugmon:update,ignore]
|
|
Reporter | |
Comment 3•13 years ago
|
||
Bisect points to this revision as the fix:
The first good revision is:
changeset: 92490:35144214826e
user: David Anderson
date: Mon Apr 09 14:07:13 2012 -0700
summary: Ensure that iterators are closed correctly during exceptions in Ion code (bug 732852 part 7, r=pierron).
Given the stack trace here and the commit summary of bug 732852, I assume this bug is a duplicate of bug 732852.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Comment 4•12 years ago
|
||
A testcase for this bug was already added in the original bug (bug 732852).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•