Bug 20023 - Failed assertion in PropertyNameArray.cpp
Summary: Failed assertion in PropertyNameArray.cpp
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: Alexey Proskuryakov
Depends on:
Reported: 2008-07-12 14:36 PDT by David Hansen
Modified: 2008-07-16 01:21 PDT (History)
0 users

See Also:

proposed fix (1.12 KB, patch)
2008-07-15 14:46 PDT, Alexey Proskuryakov
ggaren: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David Hansen 2008-07-12 14:36:00 PDT
Just run this little test:

ASSERTION FAILED: identifier == &UString::Rep::null || identifier == &UString::Rep::empty || identifier->identifierTable
(JavaScriptCore/kjs/PropertyNameArray.cpp:30 void KJS::PropertyNameArray::add(KJS::UString::Rep*))

#include <stdlib.h>
#include <stdbool.h>
#include <JavaScriptCore/JavaScript.h>

static bool
has_prop (JSContextRef jsCtx, JSObjectRef jsObj, JSStringRef jsName)
  if (JSStringIsEqualToUTF8CString (jsName, "fourtyTwo"))
    return true;

  return false;

static JSValueRef
get_prop (JSContextRef jsCtx, JSObjectRef jsObj,
          JSStringRef jsName, JSValueRef *jsExn)
  return JSValueMakeNumber (jsCtx, 42.0);

static void
get_prop_names (JSContextRef jsCtx, JSObjectRef jsObj,
                JSPropertyNameAccumulatorRef jsNames)
  JSStringRef jsStr = JSStringCreateWithUTF8CString ("fourtyTwo");

  JSPropertyNameAccumulatorAddName (jsNames, jsStr);
  JSStringRelease (jsStr);

main (void)
  JSClassDefinition  cdef = kJSClassDefinitionEmpty;
  JSClassRef         jsClass;
  JSGlobalContextRef jsCtx;
  JSStringRef        jsScript;

  jsScript = JSStringCreateWithUTF8CString ("var a = [];"
                                            "for (i in this) { a.push[i]; }");

  cdef.className        = "Foo";
  cdef.hasProperty      = has_prop;
  cdef.getProperty      = get_prop;
  cdef.getPropertyNames = get_prop_names;

  jsClass = JSClassCreate (&cdef);
  jsCtx   = JSGlobalContextCreate (jsClass);

  /* Boom!  */
  JSEvaluateScript (jsCtx, jsScript, NULL, NULL, 0, NULL);

  return EXIT_SUCCESS;

  Local Variables:
  compile-command: "gcc -g -ggdb -O0 -W -Wall \
    `pkg-config --cflags --libs webkit-1.0`   \
    jsaccum.c -o jsaccum"
Comment 1 Alexey Proskuryakov 2008-07-15 14:46:43 PDT
Created attachment 22290 [details]
proposed fix

/me mutters something about the benefits of type safety
Comment 2 Geoffrey Garen 2008-07-15 15:29:09 PDT
Comment on attachment 22290 [details]
proposed fix

To unit test this, you can add some of the code above to testapi.c.
Comment 3 Alexey Proskuryakov 2008-07-16 01:21:43 PDT
Committed revision 35196.

Turns out that testapi already exercised this code path - it's just that no one ran it in a while.