Comment #3 on issue 1071 by [email protected]: Crash / assertion failure in v8::internal::JSObject::LocalLookup
http://code.google.com/p/v8/issues/detail?id=1071
This is caused by an incorrect context chain length in generated code (either following too many or too few links).
The problem is that the serialized scope info stores the number of context-allocated variables (not the size of the context). It therefore cannot tell the difference between a scope with an "empty" context (having a context size of Context::MIN_CONTEXT_SLOTS and zero variables) and a scope with no local context (having a context size of zero and zero variables).
Solution is to store the context size (in number of slots) in the serialized scope info.
-- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
