RESOLVED FIXED 127146
throwing an objc object (or general binding object) triggers an assertion 
https://bugs.webkit.org/show_bug.cgi?id=127146
Summary throwing an objc object (or general binding object) triggers an assertion
Oliver Hunt
Reported 2014-01-16 14:47:32 PST
So Bindings::Instance consumes all property assignment including the "stack" assignment when throwing an exception. This trigger the following assertion which should probably just be removed. frame #1: 0x0000000100493acb JavaScriptCore`JSC::Interpreter::unwind(this=0x000000010e4124c0, callFrame=0x00007fff5fbfcfd0, exceptionValue=0x00007fff5fbfcfc8) + 587 at Interpreter.cpp:680 677 } 678 679 ASSERT(callFrame->vm().exceptionStack().size()); -> 680 ASSERT(!exceptionValue.isObject() || asObject(exceptionValue)->hasProperty(callFrame, callFrame->vm().propertyNames->stack)); 681
Attachments
Patch (1.60 KB, patch)
2014-01-16 14:49 PST, Oliver Hunt 		ap: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2014-01-16 14:49:19 PST
Created attachment 221416 [details] Patch
Oliver Hunt
Comment 2 2014-01-16 14:51:26 PST
Committed r162156: <http://trac.webkit.org/changeset/162156>
Note You need to log in before you can comment on or make changes to this bug.