Closed
Bug 555922
Opened 15 years ago
Closed 15 years ago
JM: "Assertion failure: !JSVAL_IS_PRIMITIVE(vp[1]), at ../jsinterp.cpp"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: assertion, regression, testcase)
(function() {
let(z) {
for each(b in [{}]) { ({
__noSuchMethod__ getter: Function
}).w()
}
}
})()
asserts js debug shell with -m on JM tip at Assertion failure: !JSVAL_IS_PRIMITIVE(vp[1]), at ../jsinterp.cpp:870This bug is kind of horrible. The code for CALLPROP calls a stub call, and the stack is adjusted afterward. Most stub calls work this way. The problem is that with the contiguous stack patch, Invoke() is going to take cx->regs->sp as the basis for the new frame, and smash the value at |sp[0]|.
http://hg.mozilla.org/users/danderson_mozilla.com/jaegermonkey/rev/2caa6834a5cb
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Comment 3•12 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/jaeger/bug555922.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•