Closed
Bug 749697
Opened 12 years ago
Closed 12 years ago
Assertion failure: cx->stack.containsSlow(fp)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla15
People
(Reporter: past, Assigned: jorendorff)
References
Details
Attachments
(2 files)
|
3.98 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
6.21 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
STR: 1) Apply patches in bug 723062 and bug 724862 on top of fx-team. 2) Visit http://htmlpad.org/debugger/ 3) Open the debugger. 4) Set a breakpoint in line 12 of the debugger/ script. 5) Click on 'Click me!'. 6)In the variables pane, change the value of 'a' to 2 and hit ENTER. 7) Boom. Crash data: http://past.pastebin.mozilla.org/1601020
|
Reporter | |
Comment 1•12 years ago
|
||
Jason, this still happens in fx-team tip, although the line is the previous one: Assertion failure: cx->stack.containsSlow(fp), at /Users/past/src/fx-team/js/src/jsdbgapi.cpp:557
|
Assignee | |
Comment 2•12 years ago
|
||
The funny thing about this is that the frame must already have passed the assertion in THIS_FRAME() that StackContains(cx, fp). It's not immediately clear what difference there is between the two; I'll look closer tomorrow.
Assignee: general → jorendorff
|
|
Assignee | |
Comment 3•12 years ago
|
||
Status: I reproduced this, filed bug 755808 to make this testable in the shell, wrote a shell test case, figured out why it's crashing, and asked luke what to do. Now trying to actually do that. Here's the test (but you need the patch in bug 755808 to make the test run). // frame.eval can evaluate code in a frame pushed in another context. Bug 749697. // In other words, the debugger can see all frames on the stack, even though // each frame is attached to a particular JSContext and multiple JSContexts may // have frames on the stack. var g = newGlobal('new-compartment'); g.eval('function f(a) { debugger; evaluate("debugger;", {newContext: true}); }'); var dbg = new Debugger(g); var hits = 0; dbg.onDebuggerStatement = function (frame1) { dbg.onDebuggerStatement = function (frame2) { assertEq(frame1.eval("a").return, 31); hits++; }; }; g.f(31); assertEq(hits, 1);
|
|
Assignee | |
Comment 4•12 years ago
|
||
Weaken this particular assertion. Not a full fix, but a necessary first step. I decided to use AllFramesIter in the debug-only containsSlow(fp) method because StackSegment::contains(fp) isn't tight enough to use in that assert.
Attachment #624469 -
Flags: review?(luke)
|
||
Updated•12 years ago
|
Attachment #624469 -
Flags: review?(luke) → review+
|
|
Assignee | |
Comment 5•12 years ago
|
||
Attachment #624472 -
Flags: review?(luke)
|
|
Assignee | |
Updated•12 years ago
|
Attachment #624469 -
Attachment description: v1 → v1, part 1 - weaken the failing assertion
|
|
||
Comment 6•12 years ago
|
||
Comment on attachment 624472 [details] [diff] [review] v1, part 2 - the fix and tests Review of attachment 624472 [details] [diff] [review]: ----------------------------------------------------------------- Well that was easy ;)
Attachment #624472 -
Flags: review?(luke) → review+
|
|
Assignee | |
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/64a08b7fbbb7 https://hg.mozilla.org/integration/mozilla-inbound/rev/7af988cb3ad9
|
||
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/64a08b7fbbb7 https://hg.mozilla.org/mozilla-central/rev/7af988cb3ad9
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla15
You need to log in
before you can comment on or make changes to this bug.
Description
•