Issue 2322 in v8: Crash in "let" scope resolution
23 views
Skip to first unread message
codesite...@google.com
Sep 6, 2012, 10:13:17 AM9/6/12
to v8-...@googlegroups.com
Status: Accepted
Owner: rossb...@chromium.org
Labels: Type-Bug Priority-Medium
New issue 2322 by jkum...@chromium.org: Crash in "let" scope resolution
http://code.google.com/p/v8/issues/detail?id=2322
V8 version 3.13.6, ia32 debug with --harmony flag
Running the following testcase:
-----
"use strict";
var result = '';
for (let p in { get a() {}, b : p}) { result += p; }
-----
results in:
#
# Fatal error in ../src/scopes.cc, line 738
# CHECK(s != __null) failed
#
Owner: rossb...@chromium.org
Labels: Type-Bug Priority-Medium
New issue 2322 by jkum...@chromium.org: Crash in "let" scope resolution
http://code.google.com/p/v8/issues/detail?id=2322
V8 version 3.13.6, ia32 debug with --harmony flag
Running the following testcase:
-----
"use strict";
var result = '';
for (let p in { get a() {}, b : p}) { result += p; }
-----
results in:
#
# Fatal error in ../src/scopes.cc, line 738
# CHECK(s != __null) failed
#
codesite...@google.com
Sep 7, 2012, 6:08:19 AM9/7/12
to v8-...@googlegroups.com
Updates:
Cc: farca...@chromium.org
Comment #1 on issue 2322 by jkum...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
Here's another one. If it turns out to be unrelated, feel free to split it
out into a separate issue.
Test case:
-----
"use strict";
let s = "outer_s"; // Removing this line makes it pass
for (let p in {a : 1}) {} // Removing this line makes it pass
function burn(x) {
if ({} instanceof function() { p = true; }) {} // Accessing "p" here
crashes.
}
burn();
-----
Failure:
#
# Fatal error in ../src/scopes.cc, line 412
# CHECK(scope_info_->StackSlotIndex(*name) < 0) failed
#
Cc: farca...@chromium.org
Comment #1 on issue 2322 by jkum...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
Here's another one. If it turns out to be unrelated, feel free to split it
out into a separate issue.
Test case:
-----
"use strict";
let s = "outer_s"; // Removing this line makes it pass
for (let p in {a : 1}) {} // Removing this line makes it pass
function burn(x) {
if ({} instanceof function() { p = true; }) {} // Accessing "p" here
crashes.
}
burn();
-----
Failure:
#
# Fatal error in ../src/scopes.cc, line 412
# CHECK(scope_info_->StackSlotIndex(*name) < 0) failed
#
codesite...@google.com
Sep 13, 2012, 4:11:22 AM9/13/12
to v8-...@googlegroups.com
Updates:
Labels: V8Fuzzer
Comment #2 on issue 2322 by yan...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
(No comment was entered for this change.)
Labels: V8Fuzzer
Comment #2 on issue 2322 by yan...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
(No comment was entered for this change.)
codesite...@google.com
Sep 13, 2012, 4:14:23 AM9/13/12
to v8-...@googlegroups.com
Updates:
Cc: mstar...@chromium.org
Labels: Harmony
Comment #3 on issue 2322 by mstar...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
This is also tracked on ClusterFuzz now:
https://cluster-fuzz.appspot.com/testcase?key=108149676
Cc: mstar...@chromium.org
Labels: Harmony
Comment #3 on issue 2322 by mstar...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
This is also tracked on ClusterFuzz now:
https://cluster-fuzz.appspot.com/testcase?key=108149676
codesite...@google.com
Oct 5, 2012, 5:17:11 AM10/5/12
to v8-...@googlegroups.com
Comment #4 on issue 2322 by rossb...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
I fixed the original issue, now looking into the one from Comment 1, which
is different.
codesite...@google.com
Oct 5, 2012, 8:48:14 AM10/5/12
to v8-...@googlegroups.com
Updates:
Status: Fixed
Comment #5 on issue 2322 by rossb...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
Other issue fixed, too.
Status: Fixed
Comment #5 on issue 2322 by rossb...@chromium.org: Crash in "let" scope
resolution
http://code.google.com/p/v8/issues/detail?id=2322
Other issue fixed, too.
Reply all
Reply to author
Forward
0 new messages