Title: [199182] trunk/Source/_javascript_Core
- Revision
- 199182
- Author
- sbar...@apple.com
- Date
- 2016-04-07 14:25:21 -0700 (Thu, 07 Apr 2016)
Log Message
Invalid assertion inside DebuggerScope::getOwnPropertySlot
https://bugs.webkit.org/show_bug.cgi?id=156357
Reviewed by Keith Miller.
The Type Profiler might profile JS code that uses DebuggerScope and accesses properties
on it. Therefore, it may have a DebuggerScope object in its log. Objects in the log
are subject to having their getOwnPropertySlot method called. Therefore, the DebuggerScope
might not always be in a valid state when its getOwnPropertySlot method is called.
Therefore, the assertion invalid.
* debugger/DebuggerScope.cpp:
(JSC::DebuggerScope::getOwnPropertySlot):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (199181 => 199182)
--- trunk/Source/_javascript_Core/ChangeLog 2016-04-07 21:15:34 UTC (rev 199181)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-04-07 21:25:21 UTC (rev 199182)
@@ -1,5 +1,21 @@
2016-04-07 Saam barati <sbar...@apple.com>
+ Invalid assertion inside DebuggerScope::getOwnPropertySlot
+ https://bugs.webkit.org/show_bug.cgi?id=156357
+
+ Reviewed by Keith Miller.
+
+ The Type Profiler might profile JS code that uses DebuggerScope and accesses properties
+ on it. Therefore, it may have a DebuggerScope object in its log. Objects in the log
+ are subject to having their getOwnPropertySlot method called. Therefore, the DebuggerScope
+ might not always be in a valid state when its getOwnPropertySlot method is called.
+ Therefore, the assertion invalid.
+
+ * debugger/DebuggerScope.cpp:
+ (JSC::DebuggerScope::getOwnPropertySlot):
+
+2016-04-07 Saam barati <sbar...@apple.com>
+
Initial implementation of annex b.3.3 behavior was incorrect
https://bugs.webkit.org/show_bug.cgi?id=156276
Modified: trunk/Source/_javascript_Core/debugger/DebuggerScope.cpp (199181 => 199182)
--- trunk/Source/_javascript_Core/debugger/DebuggerScope.cpp 2016-04-07 21:15:34 UTC (rev 199181)
+++ trunk/Source/_javascript_Core/debugger/DebuggerScope.cpp 2016-04-07 21:25:21 UTC (rev 199182)
@@ -70,7 +70,6 @@
bool DebuggerScope::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
DebuggerScope* scope = jsCast<DebuggerScope*>(object);
- ASSERT(scope->isValid());
if (!scope->isValid())
return false;
JSObject* thisObject = JSScope::objectAtScope(scope->jsScope());
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
