Closed
Bug 857836
Opened 12 years ago
Closed 12 years ago
Assertion failure: paTypeObject->getPropertyCount() == NumFixedSlots, at builtin/ParallelArray.cpp
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla23
| Tracking | Status | |
|---|---|---|
| firefox20 | --- | unaffected |
| firefox21 | --- | unaffected |
| firefox22 | --- | fixed |
| firefox23 | + | fixed |
| firefox-esr17 | --- | unaffected |
People
(Reporter: gkw, Assigned: shu)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: [jsbugmon:update])
Attachments
(2 files)
|
8.34 KB,
text/plain
|
Details | |
|
1.33 KB,
patch
|
bhackett1024
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Function("\
Proxy.create((function() {\
return {\
getOwnPropertyDescriptor: function() {},\
};\
}), ParallelArray.prototype);\
__defineGetter__(\"x\", ParallelArray);\
x;\
")()
asserts js debug shell on m-c changeset f20b0ce9e528 without any CLI arguments at Assertion failure: paTypeObject->getPropertyCount() == NumFixedSlots, at builtin/ParallelArray.cpp
|
Reporter | |
Comment 1•12 years ago
|
||
Due to skipped revisions, the first bad revision could be any of:
changeset: 125553:8c6ec2899d89
user: Vladimir Vukicevic
date: Mon Mar 18 18:50:19 2013 -0400
summary: b=851964; Odin/OSX, part 2. add BreakpadUserExceptionHandler support to breakpad; r=ted
changeset: 125554:fe29b2ae604b
user: Vladimir Vukicevic
date: Mon Mar 18 19:07:07 2013 -0400
summary: b=851964; Odin/OSX, part 3. enable AsmJS on OSX by using new Breakpad user handler, r=luke
changeset: 125555:b00eb1ef1517
user: Nicholas D. Matsakis
date: Tue Mar 19 22:12:27 2013 -0400
summary: Bug 829602 - Enable self-hosted parallelarray r=dvander,till
changeset: 125556:cfa733af8c86
user: Boris Zbarsky
date: Tue Mar 19 22:20:16 2013 -0400
summary: Bug 852118 followup. Fix the layout debugger to fix bustage
changeset: 125557:5a2d12a34466
user: David Zbarsky
date: Tue Mar 19 22:31:44 2013 -0400
summary: Bug 846995 Part 1: Fix all the files that reference SVGAnimatedTransformList r=jwatt
changeset: 125558:d92e88a18263
user: David Zbarsky
date: Tue Mar 19 22:31:44 2013 -0400
summary: Bug 846995 Part 2: Rename SVGAnimatedTransformList to nsSVGAnimatedTransformList r=jwatt
changeset: 125559:26f0d590a021
user: David Zbarsky
date: Tue Mar 19 22:31:44 2013 -0400
summary: Bug 846995 Part 3: Rename DOMSVGAnimatedTransformList and kill nsISupports r=jwatt
changeset: 125560:b147c2b08372
user: Nicholas Nethercote
date: Mon Mar 11 22:43:23 2013 -0700
summary: Bug 849367 (part 1) - Speed up TokenStream::matchChar(). r=jorendorff.
changeset: 125561:3924eba670bb
user: Patrick McManus
date: Tue Mar 19 21:27:25 2013 -0400
summary: bug 767742 - close spdy sessions under total connection pressure r=honzab
changeset: 125562:4bb793ac828d
user: Brian Hackett
date: Tue Mar 19 20:53:47 2013 -0600
summary: Bug 839209 - Relax CanFakeSync, r=dvander.
changeset: 125563:893a57ee94bf
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 720070 - Add missing test for bug 720070. r=needed-tests
changeset: 125564:129ff7d52968
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 718852 - Add missing test for bug 718852. r=needed-tests
changeset: 125565:053bb31882c4
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 696748 - Add missing test for bug 696748. r=needed-tests
changeset: 125566:e051419897da
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 593611 - Add missing test for bug 593611. r=needed-tests
changeset: 125567:f1c918eaacfa
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 576891 - Add missing test for bug 576891. r=needed-tests
changeset: 125568:08dff7a8e784
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 563243 - Add missing test for bug 563243. r=needed-tests
changeset: 125569:e8db09a9c66c
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 558531 - Add missing test for bug 558531. r=needed-tests
changeset: 125570:edd1edc19f46
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 572232 - Add missing test for bug 572232. r=needed-tests
changeset: 125571:1ea0203ab5fa
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 566136 - Add missing test for bug 566136. r=needed-tests
changeset: 125572:7882cc0068e5
user: Christian Holler
date: Wed Mar 20 03:58:09 2013 +0100
summary: Bug 616009 - Add missing test for bug 616009. r=needed-tests
changeset: 125573:5882acd59c33
user: Phil Ringnalda
date: Tue Mar 19 20:20:38 2013 -0700
summary: Back out 26f0d590a021, d92e88a18263, 5a2d12a34466 (bug 846995) for not building
changeset: 125574:26653529ea8b
user: Phil Ringnalda
date: Tue Mar 19 21:44:48 2013 -0700
summary: Back out fe29b2ae604b, 8c6ec2899d89 and 6b2f3cb031da (bug 851964) for test hangs
I'm guessing bug 829602 regressed this.
Blocks: 829602
Flags: needinfo?(nmatsakis)
|
||
Comment 2•12 years ago
|
||
Seems like a safe guess. I can kind of imagine what's causing this, I'll look into it.
Flags: needinfo?(nmatsakis)
|
|
Reporter | |
Comment 3•12 years ago
|
||
Assigning to Niko based on comment 2.
Assignee: general → nmatsakis
Status: NEW → ASSIGNED
|
Assignee | |
Comment 4•12 years ago
|
||
What causes the assertion is that we're trying to add definite properties to a TypeObject that's been marked unknownProperties(). The best part is how it gets marked here:
1) The Function constructor causes the script to be !compileAndGo, which causes us to not use a script/pc-specialized TypeObject for ParallelArrays.
2) The Proxy marks ParallelArray.prototype to be unknownProperties(), so when we try to construct a new ParallelArray, we get the unspecialized type object, which has been marked unknownProperties() due to the proxy.
Assignee: nmatsakis → shu
Attachment #737035 -
Flags: review?(bhackett1024)
|
||
Updated•12 years ago
|
Attachment #737035 -
Flags: review?(bhackett1024) → review+
|
|
Reporter | |
Updated•12 years ago
|
Keywords: checkin-needed
|
||
Comment 5•12 years ago
|
||
Flags: in-testsuite?
Keywords: checkin-needed
|
||
Comment 6•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
|
|
Reporter | |
Comment 7•12 years ago
|
||
This affects Firefox 22 as well (showed up on mozilla-aurora testing).
status-firefox20:
--- → unaffected
status-firefox21:
--- → unaffected
status-firefox22:
--- → affected
status-firefox23:
--- → fixed
status-firefox-esr17:
--- → unaffected
Flags: needinfo?(shu)
|
|
Assignee | |
Comment 8•12 years ago
|
||
Comment on attachment 737035 [details] [diff] [review]
fix
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 829602
User impact if declined: Crashes when using ParallelArrays with proxies
Testing completed (on m-c, etc.): m-c
Risk to taking this patch (and alternatives if risky): None
String or IDL/UUID changes made by this patch:
Attachment #737035 -
Flags: approval-mozilla-aurora?
Flags: needinfo?(shu)
|
||
Updated•12 years ago
|
tracking-firefox23:
--- → +
|
|
||
Updated•12 years ago
|
Attachment #737035 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 9•12 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•