[Webkit-unassigned] [Bug 157148] New: Assertion failure when accessing static class getter named "name"

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 28 13:13:11 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=157148

            Bug ID: 157148
           Summary: Assertion failure when accessing static class getter
                    named "name"
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: andre.bargull at gmail.com

SVN: rev200124
Build with: perl Tools/Scripts/build-jsc --gtk --debug


The following test case triggers this assertion error:
---
ASSERTION FAILED: !(attributes & ReadOnly)
---


Test case:
---
(class c { static get name(){ } }).name
---


Stack trace:
---
#0  0x00007ffff6e289ac in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:322
#1  0x000000000044cddf in JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1> (this=0x7fffaedbf580, vm=..., propertyName=..., value=..., attributes=6, slot=...)
    at ../../Source/JavaScriptCore/runtime/JSObject.h:1380
#2  0x00000000004461bd in JSC::JSObject::putDirect (this=0x7fffaedbf580, vm=..., propertyName=..., value=..., attributes=6) at ../../Source/JavaScriptCore/runtime/JSObject.h:1524
#3  0x00007ffff6bf47ce in JSC::JSFunction::reifyName (this=0x7fffaedbf580, exec=0x7fffffffcb60, name=...) at ../../Source/JavaScriptCore/runtime/JSFunction.cpp:630
#4  0x00007ffff6bf456a in JSC::JSFunction::reifyName (this=0x7fffaedbf580, exec=0x7fffffffcb60) at ../../Source/JavaScriptCore/runtime/JSFunction.cpp:612
#5  0x00007ffff6bf48fc in JSC::JSFunction::reifyLazyPropertyIfNeeded (this=0x7fffaedbf580, exec=0x7fffffffcb60, propertyName=...) at ../../Source/JavaScriptCore/runtime/JSFunction.cpp:641
#6  0x00007ffff6bf2dcc in JSC::JSFunction::getOwnPropertySlot (object=0x7fffaedbf580, exec=0x7fffffffcb60, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSFunction.cpp:395
#7  0x0000000000445d94 in JSC::JSObject::getNonIndexPropertySlot (this=0x7fffaedbf580, exec=0x7fffffffcb60, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:1320
#8  0x0000000000445919 in JSC::JSObject::getPropertySlot (this=0x7fffaedbf580, exec=0x7fffffffcb60, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:1262
#9  0x0000000000448de4 in JSC::JSValue::getPropertySlot (this=0x7fffffffc9c0, exec=0x7fffffffcb60, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h:785
#10 0x0000000000448ce0 in JSC::JSValue::get (this=0x7fffffffc9c0, exec=0x7fffffffcb60, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h:767
#11 0x00007ffff6a23ed4 in JSC::(anonymous namespace)::llint_slow_path_get_by_id (exec=0x7fffffffcb60, pc=0x7fffae9f3590) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:569
#12 0x00007ffff6a30587 in llint_entry () at ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h:1037
#13 0x00007ffff6a2d895 in vmEntryToJavaScript () at ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h:1037
#14 0x00007ffff69d46d2 in JSC::JITCode::execute (this=0x7ffff0d9c640, vm=0x7fffb09f1000, protoCallFrame=0x7fffffffcd30) at ../../Source/JavaScriptCore/jit/JITCode.cpp:80
#15 0x00007ffff6997f4f in JSC::Interpreter::execute (this=0x7ffff0def058, program=0x7fffaedfbf70, callFrame=0x7fffaede7940, thisObj=0x7fffaedba360)
    at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:960
#16 0x00007ffff6b849ad in JSC::evaluate (exec=0x7fffaede7940, source=..., thisValue=..., returnedException=...) at ../../Source/JavaScriptCore/runtime/Completion.cpp:106
#17 0x000000000043a120 in runInteractive (globalObject=0x7fffaede7900) at ../../Source/JavaScriptCore/jsc.cpp:2083
#18 0x000000000043abcb in runJSC (vm=0x7fffb09f1000, options=...) at ../../Source/JavaScriptCore/jsc.cpp:2244
#19 0x000000000043b0a1 in jscmain (argc=1, argv=0x7fffffffdbb8) at ../../Source/JavaScriptCore/jsc.cpp:2293
#20 0x000000000043967f in main (argc=1, argv=0x7fffffffdbb8) at ../../Source/JavaScriptCore/jsc.cpp:1947
---

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160428/eabbd5f4/attachment-0001.html>

More information about the webkit-unassigned mailing list