Crash in [@ js::EncapsulatedPtr<JSScript, unsigned int>::~EncapsulatedPtr<JSScript, unsigned int>() ] when debugging PlayCanvas game

RESOLVED WORKSFORME

Status

()

Core
JavaScript Engine
--
critical
RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: Dave Evans, Unassigned, NeedInfo)

Tracking

({crash, reproducible, testcase})

31 Branch
x86
Mac OS X
crash, reproducible, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

750.89 KB, application/zip
Details
(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release)
Build ID: 20140716183446

Steps to reproduce:

Visit this page: https://playcanvas.com/samwwwblack/cuiat [Sorry, you have to be logged in]

Click the PLAY button to start the game in a new tab.

Open the JS debugger

Set a breakpoint in one of the game scripts. e.g. customer.js, line 22

Reload the page.


Actual results:

The browser crashes


Expected results:

The page should reload and stop at the breakpoint
(Reporter)

Updated

4 years ago
Component: Untriaged → Developer Tools: Debugger

Comment 1

4 years ago
CR:
https://crash-stats.mozilla.com/report/index/8e16d3e5-3368-440f-b14e-671c42140806

Frame 	Module 	Signature 	Source
0 	mozjs.dll 	js::EncapsulatedPtr<JSScript, unsigned int>::~EncapsulatedPtr<JSScript, unsigned int>() 	
1 	mozjs.dll 	js::HashMapEntry<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject> >::~HashMapEntry<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject> >() 	
2 	mozjs.dll 	js::HashMap<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject>, js::DefaultHasher<js::EncapsulatedPtr<JSScript, unsigned int> >, js::RuntimeAllocPolicy>::relookupOrAdd<JS::Handle<JSScript*> const&, JSObject* const&>(js::detail::HashTable<js::HashMapEntry<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject> >, js::HashMap<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject>, js::DefaultHasher<js::EncapsulatedPtr<JSScript, unsigned int> >, js::RuntimeAllocPolicy>::MapHashPolicy, js::RuntimeAllocPolicy>::AddPtr&, JS::Handle<JSScript*> const&, JSObject* const&) 	obj-firefox/dist/include/js/HashTable.h
3 	mozjs.dll 	js::DebuggerWeakMap<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject>, 0>::relookupOrAdd<JS::Handle<JSScript*>, JSObject*>(js::detail::HashTable<js::HashMapEntry<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject> >, js::HashMap<js::EncapsulatedPtr<JSScript, unsigned int>, js::RelocatablePtr<JSObject>, js::DefaultHasher<js::EncapsulatedPtr<JSScript, unsigned int> >, js::RuntimeAllocPolicy>::MapHashPolicy, js::RuntimeAllocPolicy>::AddPtr&, JS::Handle<JSScript*> const&, JSObject* const&) 	js/src/vm/Debugger.h
4 	mozjs.dll 	js::Debugger::wrapScript(JSContext*, JS::Handle<JSScript*>) 	js/src/vm/Debugger.cpp
5 	mozjs.dll 	DebuggerScript_getChildScripts 	js/src/vm/Debugger.cpp
6 	mozjs.dll 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
7 	mozjs.dll 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
8 	mozjs.dll 	js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) 	js/src/jswrapper.cpp
9 	mozjs.dll 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
10 	mozjs.dll 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>)
Severity: normal → major
Status: UNCONFIRMED → NEW
Crash Signature: [@ js::EncapsulatedPtr<JSScript, unsigned int>::~EncapsulatedPtr<JSScript, unsigned int>() ]
Component: Developer Tools: Debugger → JavaScript Engine
Ever confirmed: true
Keywords: crash, reproducible, testcase
Product: Firefox → Core
Summary: 100% Crash when debugging PlayCanvas game → Crash in [@ js::EncapsulatedPtr<JSScript, unsigned int>::~EncapsulatedPtr<JSScript, unsigned int>() ] when debugging PlayCanvas game

Comment 2

4 years ago
Created attachment 8469225 [details]
Testapp

I've attached an export of the app to test with (so you don't need to login) and checked that opening `index.html` does still cause a crash in Firefox.

Comment 3

4 years ago
I'm not able to reproduce the crash in Nightly (FF35), so I think it's fixed.
Working range:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=6b8da5940f74&tochange=152ef25e89ae

Dave, could you install Nightly and confirm it's fixed on your side?
Severity: major → critical
Flags: needinfo?(dave)

Comment 4

4 years ago
(In reply to Loic from comment #3)
> I'm not able to reproduce the crash in Nightly (FF35), so I think it's fixed.
> Working range:
> http://hg.mozilla.org/mozilla-central/
> pushloghtml?fromchange=6b8da5940f74&tochange=152ef25e89ae
> 
> Dave, could you install Nightly and confirm it's fixed on your side?

I've tested this with Firefox Aurora 35.0a2 (2014-10-22) and Firefox doesn't crash when setting a debugger breakpoint and reloading. 

Many thanks for fixing this.

Updated

4 years ago
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.