Closed
Bug 1193046
Opened 10 years ago
Closed 10 years ago
[jsdbg2] Debugger.Environment reports "optimized out" too often
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla43
| Tracking | Status | |
|---|---|---|
| firefox43 | --- | fixed |
People
(Reporter: jimb, Assigned: shu)
Details
Attachments
(1 file, 2 obsolete files)
|
5.78 KB,
patch
|
jimb
:
review+
|
Details | Diff | Splinter Review |
Test case (due to Shu):
var g = newGlobal();
var dbg = new Debugger(g);
g.eval(`
function outer(unaliasedArg) {
var unaliasedVar = unaliasedArg + 42;
var aliasedVar = unaliasedArg;
inner(); // offset 30
return;
function inner() {
aliasedVar++;
}
}
`);
for (var script of dbg.findScripts()) {
if (script.displayName === "inner") {
script.setBreakpoint(0, { hit: function(frame) {
var outerEnv = frame.environment.parent;
print(uneval(outerEnv.getVariable('unaliasedArg'))); // optimized out
print(uneval(outerEnv.getVariable('unaliasedVar'))); // optimized out
print(uneval(outerEnv.getVariable('aliasedVar'))); // 42
outerEnv = frame.older.environment;
print(uneval(outerEnv.getVariable('unaliasedArg'))); // optimized out, SHOULD be 42
print(uneval(outerEnv.getVariable('unaliasedVar'))); // optimized out, SHOULD be 84
print(uneval(outerEnv.getVariable('aliasedVar'))); // 42
}});
}
}
g.outer(42);
The problem is that we're failing to clear the PREV_UP_TO_DATE bit on a frame when we mark its caller as a debuggee, which leads the code that updates liveScopes to believe that it need not produce an entry for the caller. As a consequence, we can't pair up DebugScopeObjects with the stack frames that supply values for their unaliased variables, and requests for those values yield only the "optimized out" marker.
|
||
Comment 1•10 years ago
|
||
This may help bug 1186404. I'm not keen on disabling optimizations when the debugger is attached (as that bug suggests) so hopefully this helps.
| Comment hidden (metoo) |
|
Assignee | |
Comment 3•10 years ago
|
||
Attachment #8646073 -
Flags: review?(jimb)
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8646073 [details] [diff] [review]
Clear prevUpToDate on younger frames when toggling frame debuggeeness off->on.
Review of attachment 8646073 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/vm/ScopeObject.cpp
@@ +2271,5 @@
> + // This are two exceptions where fp->prevUpToDate() is cleared without
> + // popping the frame. When a frame is rematerialized or has its
> + // debuggeeness toggled off->on, all frames younger than the frame must
> + // have their prevUpToDate set to false. This is because unrematerialized
> + // Ion frames have and non-debuggee frames and are skipped by
"... have and ..." ?
Is it me or did you a few words in there?
|
|
Assignee | |
Comment 5•10 years ago
|
||
Fix comment typo.
Attachment #8646073 -
Attachment is obsolete: true
Attachment #8646073 -
Flags: review?(jimb)
Attachment #8646099 -
Flags: review?(jimb)
|
|
Assignee | |
Comment 6•10 years ago
|
||
Had a test case that didn't test anything.
Attachment #8646099 -
Attachment is obsolete: true
Attachment #8646099 -
Flags: review?(jimb)
Attachment #8646598 -
Flags: review?(jimb)
|
Reporter | |
Updated•10 years ago
|
Attachment #8646598 -
Flags: review?(jimb) → review+
|
||
Comment 8•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox43:
--- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in
before you can comment on or make changes to this bug.
Description
•