Assertion failure: v.toString()->isAtom(), at ../frontend/BytecodeEmitter.h:547

RESOLVED FIXED in mozilla15

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: decoder, Assigned: luke)

Tracking

(Blocks: 2 bugs, {assertion, regression, testcase})

Trunk
mozilla15
x86_64
All
assertion, regression, testcase
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: js-triage-done)

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
The following test asserts on mozilla-central revision 032d43b1770f (no options required):


for (d in [(1000), 0]) {
    const a = (d += (this).toString())
}
eval("switch(b) { case a: }");
jsfunfuzz found this too - reproduced on 64-bit Mac OS X 10.7.

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   92788:6dbb135d3f1f
user:        Luke Wagner
date:        Tue May 01 14:01:06 2012 -0700
summary:     Bug 749617 - rm XDRState::codeString (r=njn,a=not-libxul)
Blocks: 349611, 749617
Keywords: regression
OS: Linux → All
(Assignee)

Comment 2

5 years ago
Created attachment 621617 [details] [diff] [review]
fix and test

Ah, const vars as case labels allow raw values hence non-atomized strings.

Thanks for the test case!
Assignee: general → luke
Status: NEW → ASSIGNED
Attachment #621617 - Flags: review?(n.nethercote)
Attachment #621617 - Flags: review?(n.nethercote) → review+
(Assignee)

Comment 3

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/bce99efec425
Whiteboard: js-triage-needed → js-triage-done
Target Milestone: --- → mozilla15

Comment 4

5 years ago
https://hg.mozilla.org/mozilla-central/rev/bce99efec425
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Reporter)

Comment 5

5 years ago
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug752205.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.