Closed Bug 1560754 Opened 6 years ago Closed 6 years ago

[jsdbg2] DebuggeeFrameGeneratorScript keys are removed when they should not be, and unnecessary anyway

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla69
Tracking Flags:
Tracking Status
firefox69 --- fixed

People

(Reporter: jimb, Assigned: jimb)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1560754: Remove DebuggeeFrameGeneratorScript. r?jorendorff
47 bytes, text/x-phabricator-request
Details | Review

The DebuggeeFrameGeneratorScript variant of CrossCompartmentKey doesn't carry enough information to make it unique to a single Debugger.Frame for a generator call, so if there are ever multiple Debugger.Frames for different calls to a single generator, they will all try to put identical entries in the cross-compartment wrapper table. Subsequent puts will overwrite the first, resulting in a single table entry attempting to serve all the Debugger.Frames. Then, the first time a Debugger.Frame tries to remove its key, it will remove the entry the other Debugger.Frames expect to find there.

Fortunately, the DebuggeeFrameGeneratorScript keys are, despite being introduced by yours truly in bug 1551176 (patch), are unnecessary. Since an AbstractGeneratorObject and its callee's script are always in the same compartment, and the AGO holds a strong reference to the script, the cross-compartment wrapper table entry for the edge from the Debugger.Frame to its AbstractGeneratorObject suffices both to document the edge from the debugger's compartment to the debuggee's, and to hold the script alive.

Currently we don't actually try to remove cross-compartment wrapper tables, but the fix for bug 1557343 will begin doing so.

Stop inserting DebuggeeFrameGeneratorScript keys in the cross-compartment
wrapper table for the edges from Debugger.Frames for generator / async calls to
the generators' scripts. The wrappers are unnecessary, and since they're not
unique when multiple Debugger.Frames refer to different calls of the same
generator, we can't easily tell when to remove them.

Assignee: nobody → jimb
Priority: -- → P1
Pushed by jblandy@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1dd4e16a1a96 Remove DebuggeeFrameGeneratorScript. r=jorendorff

https://hg.mozilla.org/mozilla-central/rev/1dd4e16a1a96

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox69: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
Has Regression Range: --- → yes
Keywords: regression
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: