Status: New
Owner: ----
New issue 189 by nth10sd: Crash [@
v8::internal::Runtime_InitializeConstContextSlot] and CHECK(attributes !=
ABSENT && (attributes & READ_ONLY) != 0) failed
http://code.google.com/p/v8/issues/detail?id=189
function f() { eval("while((x = delete x) && 0){} const x;"); }
f();
This crashes opt compiled with "scons mode=release library=static
snapshot=on sample=shell" at null at
v8::internal::Runtime_InitializeConstContextSlot(v8::internal::Arguments).
See attached crashlog.txt
This asserts debug compiled with "scons mode=debug library=shared
snapshot=on sample=shell" at CHECK(attributes != ABSENT && (attributes &
READ_ONLY) != 0) failed
$ ./shell_g
V8 version 0.4.8 (candidate)
> function f() { eval("while((x = delete x) && 0){} const x;"); }
f();
>
#
# Fatal error in src/runtime.cc, line 734
# CHECK(attributes != ABSENT && (attributes & READ_ONLY) != 0) failed
#
==== Stack trace ============================================
Security context: 0x1c0d449 <JS Object>#0#
1: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#)
2: arguments adaptor frame: 1->0
3: f(this=0x1c0d47d <JS Global Object>#1#)
4: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#)
==== Details ================================================
[1]: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#) {
// stack-allocated locals
var .result = 0x1e00135 <undefined>
// expression stack (top to bottom)
[03] : 0x1e001e1 <String[1]: x>
[02] : 0x181fa8d <FixedArray[7]>#2#
[01] : 0x1e00135 <undefined>
--------- s o u r c e c o d e ---------
while((x = delete x) && 0){} const x;
-----------------------------------------
}
[2]: arguments adaptor frame: 1->0 {
// actual arguments
[00] : 0x1e0708d <String[37]: while((x = delete x) && 0){} const x;> //
not passed to callee
}
[3]: f(this=0x1c0d47d <JS Global Object>#1#) {
// heap-allocated locals
var .arguments = 0x181fa79 <an Arguments>>#3#
var arguments = 0x181fa79 <an Arguments>>#3#
// expression stack (top to bottom)
[00] : 0x1c0f839 <JS Function>#4#
--------- s o u r c e c o d e ---------
function f() { eval("while((x = delete x) && 0){} const x;"); }
-----------------------------------------
}
[4]: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#) {
// stack-allocated locals
var .result = 0x1e00135 <undefined>
// expression stack (top to bottom)
[01] : 0x1e03ed9 <String[1]: f>
--------- s o u r c e c o d e ---------
f();?
-----------------------------------------
}
==== Key ============================================
#0# 0x1c0d449: 0x1c0d449 <JS Object>
x: 0x1e00161 <true>
NaN: 0x1e03e4d <Number: nan>
Math: 0x180ed29 <a MathConstructor>>#5#
Infinity: 0x1e04111 <Number: inf>
undefined: 0x1e00135 <undefined>
#1# 0x1c0d47d: 0x1c0d47d <JS Global Object>
#2# 0x181fa8d: 0x181fa8d <FixedArray[7]>
0: 0x1c0f791 <JS Function f>#6#
1: 0x181fa8d <FixedArray[7]>#2#
2: 0
3: 0x181fd19 <JS Object>#7#
4: 0x1c0d449 <JS Object>#0#
5: 0x181fa79 <an Arguments>>#3#
6: 0x181fa79 <an Arguments>>#3#
#3# 0x181fa79: 0x181fa79 <an Arguments>>
callee: 0x1c0f791 <JS Function f>#6#
length: 0
#4# 0x1c0f839: 0x1c0f839 <JS Function>
#5# 0x180ed29: 0x180ed29 <a MathConstructor>>
E: 0x1e05695 <Number: 2.718281828459045>
PI: 0x1e05715 <Number: 3.141592653589793>
LN2: 0x1e056c5 <Number: 0.6931471805599453>
LN10: 0x1e056ad <Number: 2.302585092994046>
SQRT2: 0x1e0574d <Number: 1.414213562373095>
LOG2E: 0x1e056e1 <Number: 1.442695040888963>
LOG10E: 0x1e056fd <Number: 0.4342944819032518>
SQRT1_2: 0x1e05731 <Number: 0.7071067811865476>
#6# 0x1c0f791: 0x1c0f791 <JS Function f>
#7# 0x181fd19: 0x181fd19 <JS Object>
=====================
Abort trap
Attachments:
crashlog.txt 1.6 KB
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
