The current implementation of
Debugger.prototype.findScripts is GC sensitive, which means that the set of scripts it finds can depend on the timing of GC, making it behave unpredictably.
This can impact users as well as cause intermittent test failures.
Some preliminar analysis from Jim:
The fundamental problem is that
Debugger.prototype.findScripts uses Zone::cellIter to look for JSScripts: https://searchfox.org/mozilla-central/rev/e7d9a8749303b39dadcc0e18ea0d60a570a68145/js/src/gc/Zone.h#207-213
Since this just scans the arenas directly, rather than trying to see which scripts are actually reachable via strong GC edges, the set of scripts it finds can depend on the timing of GC, making it behave unpredictably. Developers are frequently surprised by what is reachable and what is not, resulting in tests with intermittent failures, or changes to SpiderMonkey that ought to have no visible effect being visible to the Debugger API. Every problem is fixable, but new ones appear pretty regularly, and it's just a bad influence on the design.