Open Bug 168081 Opened 22 years ago Updated 2 years ago

Function().caller can silently terminate JS execution

Categories

(Core :: DOM: Core & HTML, defect, P5)

x86
All
defect

Tracking

()

People

(Reporter: ggb.mzl, Unassigned)

References

()

Details

Attachments

(3 files, 1 obsolete file)

I have a javascript routine to trace through the stack to indetify the path that
called the current function.

This behaves properly, except that it does not terminate when it gets into the
javascript engine (i.e. returning a null value in the caller, and thus letting
me know there are no more availble callers in the stack), but rather it just
aborts the javascript.

This works as expected in Internet Explorere 6.
Resolving as WORKSFORME. 

We've had some crashing bugs involving regular expressions that
have recently been fixed. Note your function involves not only 
Function.caller, but also some regular expressions as well.


George: 

1. What build date of Mozilla were you using?
2. Could you try it with an up-to-date build and report back?
3. Please download a Talkback-enabled build - that way,
   if you crash, you can run the talkback.exe to give us the
   IDs of the crashes, and we'll look up the stack traces
4. If an up-to-date build no longer crashes, please mark this
   bug "Verified". Otherwise, please reopen the bug.

Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
I should have said, I'm using Mozilla trunk binaries on WinNT
with these build IDs:

                      2002090308
                      2002091110

With these, the testcase runs fine for me, both remotely 
and locally.
I am using Mozilla 1.1 (not the 1.2 alpha) on Windows 2000 rather than NT
(although it would seem inlikely that the difference between NT and 2000 would
make much difference).

The last alert message that displays should start with "Trace = " and finish
with a row of hyphens.  Are you seeing this alert message?

The problem is, that when I say that Javascript crashes, it does so totally
silently.  It executes as if nothing is wrong, it just simply gets to a line of
code, and then simply does not go any further, but silently stops executing any
further.  It goes through the loop within the DumpTrace() frunction several
times, but then stops working without ever exiting the loop, or giving any
indication (not even in the Javascript console) that anything is wrong.

Other tests I have carried out seem to point strongly to the link
"parent=parent.caller" being the line at which the process stops, and not the
regular expression (I had an alert placed between the two statements, and that
alert did not execute on the final loop when it stopped working - thus
indicating that it stopped working before it got to the regular expression, and
not after the regular expression)

If you are saying that you get a result different to this, then I shalll try to
download the 1.2 alpha version of Mozilla (which is, I assume, the one you
suggest that I try) and see if that has fixed the problem here.
Reopening and resummarizing as 
     "Function().caller can silently terminate JS execution"

Now I see what George means; I will attach a reduced testcase
below that doesn't use any regular expressions, etc. -
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
Summary: Function().caller can crash javascript → Function().caller can silently terminate JS execution
Attached file Reduced HTML testcase
Reassigning this to DOM Level 0, as the bug does not occur in the
standalone JS shell nor in the XPCshell. Here is the main function
of the reduced testcase:

function DumpTrace()
{
 var i = 0;
 for(parent = arguments.callee.caller; parent != null; parent = parent.caller)                                     
   showThis("In middle of DumpTrace(); i = " + (i++))  
 showThis("At end    of DumpTrace(); i = " + (i++))
 return i;
}

This, in turn, gets called from test():

function test()
{
  showThis("Return value of DumpTrace() = "+DumpTrace())
}


OUTPUT

-------------  JS shell, XPC shell, NN4.7, IE6  ----------------------

In middle of DumpTrace(); i = 0
In middle of DumpTrace(); i = 1
At end    of DumpTrace(); i = 2
Return value of DumpTrace() = 3


-------------  Mozilla trunk binary 2002091011  ----------------------
In middle of DumpTrace(); i = 0
In middle of DumpTrace(); i = 1


For some reason, in the browser execution terminates silently 
at the end of the function.caller loop in DumpTrace().

I also added an alert('Done') after the call to test().
In NN4.7 and IE6 this alert comes up, but in Mozilla it doesn't,
since JS execution has ceased. 

Again, in the JS shell and XPCshell, the analogous print('Done')
does get executed. Reassigning to DOM Level 0.
Assignee: rogerl → jst
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → DOM Level 0
Ever confirmed: true
OS: Windows 2000 → All
QA Contact: pschwartau → desale
It seems that silently killing JS is not restricted to Function().caller.  I
have added a new test case that demonstrates that trying to access
document.defaultView.fullScreen will also silently terminate the JS engine.
Please ignore my last comment.

document.defaultView.fullScreen is not silent death, but is caused by an
uncaught exception (Permission denied).
Attachment #99517 - Attachment is obsolete: true
Mass-reassigning bugs to dom_bugs@netscape.com
Assignee: jst → dom_bugs
With a current build, Phil's testcase shows the right output in the browser.  So
does the original testcase George attached.  So it sounds like we fixed
something somewhere....
Assignee: general → nobody
QA Contact: desale → general
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: