Closed Bug 1060572 Opened 11 years ago Closed 11 years ago

Reloading the debugger w/ ASM.js code crashes the browser

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
31 Branch
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla35

People

(Reporter: nick, Assigned: shu)

References

Details

Attachments

(2 files)

test_case.zip
418.98 KB, application/zip
Details
Skip inner asm.js functions in D.S.p.getChildScripts.
1.17 KB, patch
jimb
: review+
Details | Diff | Splinter Review
Attached file test_case.zip
STR: 1. Download attached zip & unzip 2. open wolf3d.html 3. open debugger 4. reload page Expected: page reload Actual: crash Crash reports: FF 34.0: https://crash-stats.mozilla.com/report/index/31ecd438-b2ba-4f02-a9b6-942202140829 https://crash-stats.mozilla.com/report/index/cf66491c-ee4b-4cf1-b958-eb0c92140829 https://crash-stats.mozilla.com/report/index/f32ca933-0f9e-45de-b8be-e7dab2140829 FF 31.0: https://crash-stats.mozilla.com/report/index/e0aa8719-975b-49d0-b42a-58c0f2140829 Looks like different reasons for different versions: FF 34.0: js::ObjectImpl::setPrivateGCThing(js::gc::Cell*) FF 31.0: bool js::HashMap<js::EncapsulatedPtr<JSScript, unsigned long>, js::RelocatablePtr<JSObject>, js::DefaultHasher<js::EncapsulatedPtr<JSScript, unsigned long> >, js::RuntimeAllocPolicy>::relookupOrAdd<JS::Handle<JSScript*> const&, JSObject* const&>(js::de... Affects 31+ OSX.
Component: Developer Tools: Debugger → JavaScript Engine
Product: Firefox → Core
From glancing at the stacks, I don't think this has to do with source maps. Does this not crash for you when you remove the //# sourceMappingURL pragma?
Flags: needinfo?(nick)
If I remove the sourceMappingURL pragma, FF still crashes with the same STR.
Flags: needinfo?(nick)
Summary: Reloading the debugger w/ ASM.js code with source maps crashes the browser → Reloading the debugger w/ ASM.js code crashes the browser
Looks like a null pointer somewhere in the debugger code.
Flags: needinfo?(jimb)
I actually just hit this while working on bug 905700. Whenever the debugger sends the form of a SourceActor to a client, it is now sending `source.introductionScript.source.url` (if it exists) to give the client that information. I get a crash sometimes when it's trying to wrap the JSScript with a Debugger.Script when getting the `introductionScript`. Here's my crash: https://gist.githubusercontent.com/jlongster/6ff774a5b00e04204b35/raw/0f655db330c9c98f0e22879bd37f7234d8569d66/gistfile1.txt Hopefully we can fix this soon, as my work is blocked on it.
There's a second bug here that this patch doesn't fix: off-thread parsing a script will always compile it in non-debug mode. This is hard to fix in the current world, but is trivial once 1032869 lands.
Attachment #8483848 - Flags: review?(jimb)
Attachment #8483848 - Flags: review?(jimb) → review+
https://hg.mozilla.org/mozilla-central/rev/8988fac69d4b
Assignee: nobody → shu
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
I gather that since I've approved the patch, the needinfo can be cleared.
Flags: needinfo?(jimb)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: