Closed
Bug 593559
Opened 14 years ago
Closed 14 years ago
"Assertion failure: !argv[-1].isMagic()" with iter.throw
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | betaN+ |
People
(Reporter: jruderman, Assigned: luke)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
(deleted),
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
Testcase
var iter = (function () {yield})();
var t = iter.throw;
new t;
Result
Assertion failure: !argv[-1].isMagic(), at jsinterp.cpp:301
The first bad revision is
changeset: 52720:66c8ad02543b
user: Luke Wagner <lw@mozilla.com>
date: Mon Aug 16 12:35:04 2010 -0700
summary: Bug 581263 - remove slow natives (r=waldo,mrbkap)
Assignee | ||
Comment 1•14 years ago
|
||
This predates bug 581263: JSFUN_CONSTRUCTOR (originally, JSFUN_FAST_CONSTRUCTOR) has the same value as JSPROP_READONLY. Hence, generator_throw is being interpreted as a constructor when it only wants to be a readonly property. A simple fix is to just use the recently-vacated JSFUN_FAST_NATIVE bit for JSFUN_CONSTRUCTOR, but I get the feeling this was supposed to work somehow... is something else amiss?
Updated•14 years ago
|
blocking2.0: --- → ?
Assignee | ||
Comment 2•14 years ago
|
||
Assuming the answer to comment 1 is "this shouldn't have worked ever", the patch chooses a new bit for JSFUN_CONSTRUCTOR.
Updated•14 years ago
|
blocking2.0: ? → betaN+
Comment 3•14 years ago
|
||
Comment on attachment 487144 [details] [diff] [review]
maybe
Cool, I need this patch!
/be
Attachment #487144 -
Flags: review?(brendan) → review+
Assignee | ||
Comment 4•14 years ago
|
||
Assignee | ||
Updated•14 years ago
|
Whiteboard: fixed-in-tracemonkey
Comment 5•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 6•12 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug593559.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•