Closed
Bug 764383
Opened 12 years ago
Closed 12 years ago
Assertion failure: canRemoveLastProperty(), at jsobjinlines.h:284
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 767961
People
(Reporter: decoder, Unassigned)
Details
(Keywords: assertion, testcase, Whiteboard: [js:t] [jsbugmon:])
The following test asserts on mozilla-central revision e9bf05c14376 (options -m -n):
eval("var EXP_1 = new MyValuelessObject(new String('string'));")
function MyValuelessObject(value) {
this.toString = this.extends(this.__proto__ = null);
}
|
||
Updated•12 years ago
|
Whiteboard: js-triage-needed [jsbugmon:update] → [js:t][jsbugmon:update]
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [js:t][jsbugmon:update] → [js:t][jsbugmon:update,bisect]
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [js:t][jsbugmon:update,bisect] → [js:t] [jsbugmon:update]
|
|
Reporter | |
Comment 1•12 years ago
|
||
JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 83898:78d17e22a223 parent: 83892:0ac1cbff2a67 user: Brian Hackett date: Thu Jan 05 11:08:38 2012 -0800 summary: Remove JOF_CALLOP, bug 712714. r=dvander
|
|
Reporter | |
Comment 2•12 years ago
|
||
bhackett, mind taking a look here? (if this bug is important enough of course).
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [js:t] [jsbugmon:update] → [js:t] [jsbugmon:update,ignore]
|
|
Reporter | |
Comment 3•12 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 4d59eb5ac2c6).
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [js:t] [jsbugmon:update,ignore] → [js:t] [jsbugmon:bisectfix]
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [js:t] [jsbugmon:bisectfix] → [js:t] [jsbugmon:]
|
|
Reporter | |
Comment 4•12 years ago
|
||
JSBugMon: Fix Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first good revision is: changeset: 102961:b21f4cb16f08 user: Shu-yu Guo date: Tue Aug 21 12:29:47 2012 -0700 summary: Bug 767961 - Only mark properties as definite if we could analyze the entire constructor (r=bhackett)
|
|
Reporter | |
Comment 5•12 years ago
|
||
Likely the same issue as in bug 767961, marking s-s and duping.
Group: core-security
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
|
||
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•