Status: New
Owner: ----
New issue 193 by nth10sd: Fatal error in src/builtins.cc, line 127 -
unreachable code
http://code.google.com/p/v8/issues/detail?id=193
Parse in the attached b.js into debug js shell and poof. (see console spew
below)
This seems to work as expected in opt compiled with "scons mode=release
library=static snapshot=on sample=shell".
This causes weird behaviour in debug compiled with "scons mode=debug
library=shared
snapshot=on sample=shell"
===
$ cat b.js
(function () {
eval("while(constructor.call(/x/)) var b = null;");
})()
$ ./shell_g b.js
#
# Fatal error in src/builtins.cc, line 127
# unreachable code
#
==== Stack trace ============================================
Security context: 0x1c0d449 <JS Object>#0#
1: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#)
2: arguments adaptor frame: 1->0
3: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#)
4: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#)
==== Details ================================================
[1]: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#) {
// stack-allocated locals
var .result = 0x1e00135 <undefined>
// expression stack (top to bottom)
[02] : 0x1823249 <JS RegExp>#2#
[01] : 0x1c0d56d <JS Function>#3#
--------- s o u r c e c o d e ---------
while(constructor.call(/x/)) var b = null;
-----------------------------------------
}
[2]: arguments adaptor frame: 1->0 {
// actual arguments
[00] : 0x1e0708d <String[42]: while(constructor.call(/x/)) var b = null;>
// not passed to callee
}
[3]: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#) {
// heap-allocated locals
var .arguments = 0x181f85d <an Arguments>>#4#
var arguments = 0x181f85d <an Arguments>>#4#
// expression stack (top to bottom)
[00] : 0x1c0f7e5 <JS Function>#5#
--------- s o u r c e c o d e ---------
function () {?eval("while(constructor.call(/x/)) var b = null;");?}
-----------------------------------------
}
[4]: /* anonymous */(this=0x1c0d47d <JS Global Object>#1#) {
// stack-allocated locals
var .result = 0x1e00135 <undefined>
// expression stack (top to bottom)
[01] : 0x1c0f781 <JS Function>#6#
--------- s o u r c e c o d e ---------
(function () {?eval("while(constructor.call(/x/)) var b = null;");?})()
-----------------------------------------
}
==== Key ============================================
#0# 0x1c0d449: 0x1c0d449 <JS Object>
NaN: 0x1e03e4d <Number: nan>
Math: 0x180ed29 <a MathConstructor>>#7#
Infinity: 0x1e04111 <Number: inf>
undefined: 0x1e00135 <undefined>
#1# 0x1c0d47d: 0x1c0d47d <JS Global Object>
#2# 0x1823249: 0x1823249 <JS RegExp>
source: 0x1e070c9 <String[1]: x>
global: 0x1e00179 <false>
multiline: 0x1e00179 <false>
lastIndex: 0
ignoreCase: 0x1e00179 <false>
#3# 0x1c0d56d: 0x1c0d56d <JS Function>
#4# 0x181f85d: 0x181f85d <an Arguments>>
callee: 0x1c0f781 <JS Function>#6#
length: 0
#5# 0x1c0f7e5: 0x1c0f7e5 <JS Function>
#6# 0x1c0f781: 0x1c0f781 <JS Function>
#7# 0x180ed29: 0x180ed29 <a MathConstructor>>
E: 0x1e05695 <Number: 2.718281828459045>
PI: 0x1e05715 <Number: 3.141592653589793>
LN2: 0x1e056c5 <Number: 0.6931471805599453>
LN10: 0x1e056ad <Number: 2.302585092994046>
SQRT2: 0x1e0574d <Number: 1.414213562373095>
LOG2E: 0x1e056e1 <Number: 1.442695040888963>
LOG10E: 0x1e056fd <Number: 0.4342944819032518>
SQRT1_2: 0x1e05731 <Number: 0.7071067811865476>
=====================
Abort trap
$ svn log | head
------------------------------------------------------------------------
r1081 | [email protected] | 2009-01-15 21:09:23 +0800 (Thu, 15 Jan 2009)
| 1 line
Lint error.
------------------------------------------------------------------------
r1080 | [email protected] | 2009-01-15 20:45:48 +0800 (Thu, 15 Jan 2009)
| 3 lines
Noone really liked the name "GenerationVariant" so here it gets renamed
to "Trace".
Review URL: http://codereview.chromium.org/18091
Attachments:
b.js 71 bytes
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
