Closed Bug 743480 Opened 12 years ago Closed 12 years ago

"ParallelArray.prototype.length" causes an uncatchable exception

Categories

(Core :: JavaScript Engine, defect)

x86_64
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: testcase)

Attachments

(1 file, 1 obsolete file)

try { ParallelArray.prototype.length; } catch(e) { } print("PASS");

Does not print "PASS".  Execution just silently halts, and the shell returns exit code 3.

This only happens on the ionmonkey branch, because bug 711304 was only pushed to the ionmonkey branch.
I've disabled testing ParallelArray in jsfunfuzz for now.
The handler for 'length' now returns 0 if it is invoked on the prototype of ParallelArray and the actual length of the array if it is invoked on a ParallelArray object.
Attachment #624575 - Flags: review?(jorendorff)
Comment on attachment 624575 [details] [diff] [review]
makes ParallelArray.prototype.length return 0

Review of attachment 624575 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/builtin/ParallelArray.cpp
@@ +625,5 @@
> +        vp->setNumber((uint32_t) 0);
> +    } else if (obj->getClass() == &ParallelArrayClass) {
> +        /* return the length of the ParallelArray object */
> +        vp->setNumber(GetLength(obj));
> +    }

Please use
    vp->setInt32(0);
instead of vp->setNumber((uint32_t) 0).

And how about:

    if (obj->getClass() == &ParallelArrayClass) {
        ...
    } else {
        /* ... */
        JS_ASSERT(obj->getClass() == &ParallelArrayProtoClass);
        vp->setInt32(0);
    }

It's just more defensive code, in case something ever goes wrong. Which it can't.

r=me with the setInt change; the other one is optional.
Attachment #624575 - Flags: review?(jorendorff) → review+
Incorporates jorendorff's requests, including his more defensive approach.
Attachment #624575 - Attachment is obsolete: true
Attachment #624589 - Flags: checkin?(dvander)
http://hg.mozilla.org/projects/ionmonkey/rev/14735b4dbccc
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.