Closed Bug 1560754 Opened 1 year ago Closed 1 year ago

[jsdbg2] DebuggeeFrameGeneratorScript keys are removed when they should not be, and unnecessary anyway


(Core :: JavaScript Engine, defect, P1)




Tracking Status
firefox69 --- fixed


(Reporter: jimb, Assigned: jimb)





(1 file)

The DebuggeeFrameGeneratorScript variant of CrossCompartmentKey doesn't carry enough information to make it unique to a single Debugger.Frame for a generator call, so if there are ever multiple Debugger.Frames for different calls to a single generator, they will all try to put identical entries in the cross-compartment wrapper table. Subsequent puts will overwrite the first, resulting in a single table entry attempting to serve all the Debugger.Frames. Then, the first time a Debugger.Frame tries to remove its key, it will remove the entry the other Debugger.Frames expect to find there.

Fortunately, the DebuggeeFrameGeneratorScript keys are, despite being introduced by yours truly in bug 1551176 (patch), are unnecessary. Since an AbstractGeneratorObject and its callee's script are always in the same compartment, and the AGO holds a strong reference to the script, the cross-compartment wrapper table entry for the edge from the Debugger.Frame to its AbstractGeneratorObject suffices both to document the edge from the debugger's compartment to the debuggee's, and to hold the script alive.

Currently we don't actually try to remove cross-compartment wrapper tables, but the fix for bug 1557343 will begin doing so.

Stop inserting DebuggeeFrameGeneratorScript keys in the cross-compartment
wrapper table for the edges from Debugger.Frames for generator / async calls to
the generators' scripts. The wrappers are unnecessary, and since they're not
unique when multiple Debugger.Frames refer to different calls of the same
generator, we can't easily tell when to remove them.

Assignee: nobody → jimb
Priority: -- → P1
Pushed by
Remove DebuggeeFrameGeneratorScript. r=jorendorff
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in before you can comment on or make changes to this bug.