Bug 127146 - throwing an objc object (or general binding object) triggers an assertion
Summary: throwing an objc object (or general binding object) triggers an assertion
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Oliver Hunt
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-16 14:47 PST by Oliver Hunt
Modified: 2014-01-16 14:51 PST (History)
0 users

See Also:

Attachments
Patch (1.60 KB, patch)
2014-01-16 14:49 PST, Oliver Hunt 		ap: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Hunt 2014-01-16 14:47:32 PST 
So Bindings::Instance consumes all property assignment including the "stack" assignment when throwing an exception.

This trigger the following assertion which should probably just be removed.

frame #1: 0x0000000100493acb JavaScriptCore`JSC::Interpreter::unwind(this=0x000000010e4124c0, callFrame=0x00007fff5fbfcfd0, exceptionValue=0x00007fff5fbfcfc8) + 587 at Interpreter.cpp:680
   677 	    }
   678 	
   679 	    ASSERT(callFrame->vm().exceptionStack().size());
-> 680 	    ASSERT(!exceptionValue.isObject() || asObject(exceptionValue)->hasProperty(callFrame, callFrame->vm().propertyNames->stack));
   681
Comment 1 Oliver Hunt 2014-01-16 14:49:19 PST 
Created attachment 221416 [details]
Patch
Comment 2 Oliver Hunt 2014-01-16 14:51:26 PST 
Committed r162156: <http://trac.webkit.org/changeset/162156>