Closed
Bug 1143286
Opened 9 years ago
Closed 9 years ago
Assertion failure: !enclosing->is<ScopeObject>(), at vm/ScopeObject.cpp
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
Tracking | Status | |
---|---|---|
firefox39 | --- | fixed |
People
(Reporter: gkw, Assigned: shu)
References
Details
(Keywords: assertion, regression, testcase)
Attachments
(2 files)
3.54 KB,
text/plain
|
Details | |
1.17 KB,
patch
|
jimb
:
review+
|
Details | Diff | Splinter Review |
// Randomly chosen test: js/src/jit-test/tests/debug/Frame-evalWithBindings-09.js options('strict_mode') g = newGlobal() dbg = Debugger(g) dbg.onDebuggerStatement = function(frame) { frame.evalWithBindings("n", {}) } dbg.onExceptionUnwind = function(frame) { frame.eval("") } g.eval("debugger") asserts js debug shell on m-c changeset 2795a48dfebe with --fuzzing-safe --no-threads --ion-eager at Assertion failure: !enclosing->is<ScopeObject>(), at vm/ScopeObject.cpp. Configure options: CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --enable-debug --enable-nspr-build --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests python -u ~/fuzzing/js/compileShell.py -b "--enable-debug --enable-more-deterministic --enable-nspr-build" -r 2795a48dfebe autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/fb00dedf441c user: Shu-yu Guo date: Wed Jan 14 22:57:35 2015 -0800 summary: Bug 963879 - Part 1: Overhaul ScopeIter and StaticScopeIter to share iteration logic and to go through evals. (r=luke) Shu-yu, is bug 963879 a likely regressor?
Flags: needinfo?(shu)
Reporter | ||
Comment 1•9 years ago
|
||
(lldb) bt 5 * thread #1: tid = 0xd4f9, 0x00000001002c60b8 js-dbg-64-dm-nsprBuild-darwin-2795a48dfebe`js::DebugScopeObject::create(cx=<unavailable>, scope=<unavailable>, enclosing=<unavailable>) + 808 at ScopeObject.cpp:1739, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001002c60b8 js-dbg-64-dm-nsprBuild-darwin-2795a48dfebe`js::DebugScopeObject::create(cx=<unavailable>, scope=<unavailable>, enclosing=<unavailable>) + 808 at ScopeObject.cpp:1739 frame #1: 0x00000001002cc0b4 js-dbg-64-dm-nsprBuild-darwin-2795a48dfebe`GetDebugScope(JSContext*, js::ScopeIter const&) [inlined] GetDebugScopeForScope(si=<unavailable>) + 406 at ScopeObject.cpp:2359 frame #2: 0x00000001002cbf1e js-dbg-64-dm-nsprBuild-darwin-2795a48dfebe`GetDebugScope(cx=0x0000000101f01d30, si=<unavailable>) + 94 at ScopeObject.cpp:2471 frame #3: 0x00000001002cd03a js-dbg-64-dm-nsprBuild-darwin-2795a48dfebe`js::GetDebugScopeForFrame(cx=0x0000000101f01d30, pc=0x0000000104b18349, frame=<unavailable>) + 202 at ScopeObject.cpp:2498 frame #4: 0x0000000100239d1f js-dbg-64-dm-nsprBuild-darwin-2795a48dfebe`DebuggerGenericEval(cx=0x0000000101f01d30, fullMethodName=<unavailable>, code=<unavailable>, evalWithBindings=EvalWithDefaultBindings, dbg=0x0000000000000002, scope=JS::HandleObject at 0x00007fff5fbf5ad8, iter=0x0000000104b11430, bindings=<unavailable>, options=<unavailable>, vp=<unavailable>) + 2239 at Debugger.cpp:6144 (lldb)
Assignee | ||
Comment 2•9 years ago
|
||
Broke with bz's recent changes to get get rid of parent everywhere. See bug 1141905.
Attachment #8577652 -
Flags: review?(jimb)
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → shu
Status: NEW → ASSIGNED
Flags: needinfo?(shu)
Updated•9 years ago
|
Attachment #8577652 -
Flags: review?(jimb) → review+
Assignee | ||
Comment 4•9 years ago
|
||
(In reply to Not doing reviews right now from comment #3) > We should add a testcase here too, right? Yeah, I'll commit the test.
Flags: needinfo?(shu)
Comment 6•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/e9de10ff67c5
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
You need to log in
before you can comment on or make changes to this bug.
Description
•