That's fine. The problem raises only in debug build. However, I think we should do something with it, cause we probably want to keep debug builds working.
Peter 2013/4/26 Yang Guo <[email protected]> > Hi Peter, > > I somehow overlooked this patch for the past three weeks, and just saw > this now. Sorry about this! Unfortunately, I'm leaving this afternoon for a > three-week vacation. I'll investigate this issue as soon as I get back! > > Cheers, > > Yang > > Yang Guo | Software Engineer | Google Germany GmbH | Dienerstr. 12, 80331 > München > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > Geschäftsführer: Graham Law, Katherine Stephens > > > On Tue, Apr 2, 2013 at 2:36 AM, <[email protected]> wrote: > >> Reviewers: Yang, >> >> Message: >> Hi Yang >> >> Could you please advise with this issue. >> >> Originally WebKit crashes on debug-mode assert at >> >> receiver = isolate->factory()->ToObject(**receiver, >> calling_frames_native_context)**; >> >> at runtime.cc:10443 >> >> because it spots a frame with a global object === undefined >> >> This patch checks that the undefined global object indeed can appear. If >> you >> apply this patch and try to compile x64 version (not ia32!), build will >> fail. >> >> We probably need to fix some part of this. Either get rid of undefined or >> allow >> it in assert. >> >> What do you think about this? >> >> Peter >> >> Description: >> Demo for WebKit bug #113735 >> >> See the bug info: >> https://bugs.webkit.org/show_**bug.cgi?id=113735<https://bugs.webkit.org/show_bug.cgi?id=113735> >> >> Please review this at >> https://codereview.chromium.**org/13412003/<https://codereview.chromium.org/13412003/> >> >> SVN Base: >> https://v8.googlecode.com/svn/**branches/bleeding_edge<https://v8.googlecode.com/svn/branches/bleeding_edge> >> >> Affected files: >> M src/array.js >> >> >> Index: src/array.js >> diff --git a/src/array.js b/src/array.js >> index 7cf744bedf29fc9c138b848d8d66d9**021cd8afa0..** >> 59c1e31dda7c13bee8435d53bc25ce**1bca810c59 100644 >> --- a/src/array.js >> +++ b/src/array.js >> @@ -741,6 +741,9 @@ function ArraySplice(start, delete_count) { >> return deleted_elements; >> } >> >> +if ( IS_NULL_OR_UNDEFINED((**function(){return this;})()) ) { >> + throw "Failed check for bad global object"; >> +} >> >> function ArraySort(comparefn) { >> if (IS_NULL_OR_UNDEFINED(this) && !IS_UNDETECTABLE(this)) { >> >> >> > -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
