Why do I get a V8_Fatal when I twice reference an array out of bounds, if
the array is created by C++ code:
Local<Array> a = Array::New(isolate);
context->Global()->Set(String::NewFromUtf8(isolate, "a"), a);
but not when it is created by JavaScript?
Script::Compile(String::NewFromUtf8(isolate, "a = [];"))->Run();
Is there some pixie dust I need to scatter on objects created via C++?
Here is the full code:
// Create isolate & context.
Isolate* isolate = Isolate::New();
Isolate::Scope isolate_scope(isolate);
HandleScope handle_scope(isolate);
Local<Context> context = Context::New(isolate);
Context::Scope context_scope(context);
// Create empty array 'a'
Local<Array> a = Array::New(isolate);
context->Global()->Set(String::NewFromUtf8(isolate, "a"), a);
// Reference off end of the array. Crash occurs during second Run.
Local<String> source = String::NewFromUtf8(isolate, "a[0];");
Local<Script> script = Script::Compile(source);
Local<Value> result = script->Run();
Local<Value> result2 = script->Run();
The error occurs in Deoptimizer::DoComputeCompiledStubFrame() because
descriptor->register_param_count_ == -1.
Oliver
P.S. Apologies that this is a reframed repost. My original post did not
elicit any interest, but this problem is keeping me off recent version of
v8 because I cannot find a workaround*. *More details in issue 3332
<http://code.google.com/p/v8/issues/detail?id=3332>.
--
--
v8-users mailing list
[email protected]
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
