Bug 1560754 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

The `DebuggeeFrameGeneratorScript` variant of `CrossCompartmentKey` doesn't carry enough information to make it unique to a single `Debugger.Frame` for a generator call, so if there are ever multiple `Debugger.Frame`s for different calls to a single generator, they will all try to put identical entries in the cross-compartment wrapper table. Subsequent puts will overwrite the first, resulting in a single table entry attempting to serve all the `Debugger.Frame`s. Then, the first time a `Debugger.Frame` tries to remove its key, it will remove the entry the other `Debugger.Frame`s expect to find there.

Fortunately, the `DebuggeeFrameGeneratorScript` keys are, despite being introduced by yours truly in bug 155176 ([patch]), are unnecessary. Since an `AbstractGeneratorObject` and its callee's script are always in the same compartment, and the `AGO` holds a strong reference to the script, the cross-compartment wrapper table entry for the edge from the `Debugger.Frame` to its `AbstractGeneratorObject` suffices both to document the edge from the debugger's compartment to the debuggee's, and to hold the script alive.

Currently we don't actually try to remove cross-compartment wrapper tables, but the fix for bug 1557343 will begin doing so.

[patch]: https://phabricator.services.mozilla.com/D32272
The `DebuggeeFrameGeneratorScript` variant of `CrossCompartmentKey` doesn't carry enough information to make it unique to a single `Debugger.Frame` for a generator call, so if there are ever multiple `Debugger.Frame`s for different calls to a single generator, they will all try to put identical entries in the cross-compartment wrapper table. Subsequent puts will overwrite the first, resulting in a single table entry attempting to serve all the `Debugger.Frame`s. Then, the first time a `Debugger.Frame` tries to remove its key, it will remove the entry the other `Debugger.Frame`s expect to find there.

Fortunately, the `DebuggeeFrameGeneratorScript` keys are, despite being introduced by yours truly in bug 1551176 ([patch]), are unnecessary. Since an `AbstractGeneratorObject` and its callee's script are always in the same compartment, and the `AGO` holds a strong reference to the script, the cross-compartment wrapper table entry for the edge from the `Debugger.Frame` to its `AbstractGeneratorObject` suffices both to document the edge from the debugger's compartment to the debuggee's, and to hold the script alive.

Currently we don't actually try to remove cross-compartment wrapper tables, but the fix for bug 1557343 will begin doing so.

[patch]: https://phabricator.services.mozilla.com/D32272

Back to Bug 1560754 Comment 0