Open Bug 168081 Opened 22 years ago Updated 2 years ago

Function().caller can silently terminate JS execution

Categories

(Core :: DOM: Core & HTML, defect, P5)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
All
Type:
defect

Tracking

()

People

(Reporter: ggb.mzl, Unassigned)

References

(
URL
)

Details

Attachments

(3 files, 1 obsolete file)

This is a simple test case that demonstrates the problem
771 bytes, text/html
Details
Reduced HTML testcase
856 bytes, text/html
Details
Reduced JS shell testcase
393 bytes, text/plain
Details
I have a javascript routine to trace through the stack to indetify the path that called the current function. This behaves properly, except that it does not terminate when it gets into the javascript engine (i.e. returning a null value in the caller, and thus letting me know there are no more availble callers in the stack), but rather it just aborts the javascript. This works as expected in Internet Explorere 6.
Resolving as WORKSFORME. We've had some crashing bugs involving regular expressions that have recently been fixed. Note your function involves not only Function.caller, but also some regular expressions as well. George: 1. What build date of Mozilla were you using? 2. Could you try it with an up-to-date build and report back? 3. Please download a Talkback-enabled build - that way, if you crash, you can run the talkback.exe to give us the IDs of the crashes, and we'll look up the stack traces 4. If an up-to-date build no longer crashes, please mark this bug "Verified". Otherwise, please reopen the bug. Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
I should have said, I'm using Mozilla trunk binaries on WinNT with these build IDs: 2002090308 2002091110 With these, the testcase runs fine for me, both remotely and locally.
I am using Mozilla 1.1 (not the 1.2 alpha) on Windows 2000 rather than NT (although it would seem inlikely that the difference between NT and 2000 would make much difference). The last alert message that displays should start with "Trace = " and finish with a row of hyphens. Are you seeing this alert message? The problem is, that when I say that Javascript crashes, it does so totally silently. It executes as if nothing is wrong, it just simply gets to a line of code, and then simply does not go any further, but silently stops executing any further. It goes through the loop within the DumpTrace() frunction several times, but then stops working without ever exiting the loop, or giving any indication (not even in the Javascript console) that anything is wrong. Other tests I have carried out seem to point strongly to the link "parent=parent.caller" being the line at which the process stops, and not the regular expression (I had an alert placed between the two statements, and that alert did not execute on the final loop when it stopped working - thus indicating that it stopped working before it got to the regular expression, and not after the regular expression) If you are saying that you get a result different to this, then I shalll try to download the 1.2 alpha version of Mozilla (which is, I assume, the one you suggest that I try) and see if that has fixed the problem here.
Reopening and resummarizing as "Function().caller can silently terminate JS execution" Now I see what George means; I will attach a reduced testcase below that doesn't use any regular expressions, etc. -
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
Summary: Function().caller can crash javascript → Function().caller can silently terminate JS execution
Attached file Reduced HTML testcase
Reassigning this to DOM Level 0, as the bug does not occur in the standalone JS shell nor in the XPCshell. Here is the main function of the reduced testcase: function DumpTrace() { var i = 0; for(parent = arguments.callee.caller; parent != null; parent = parent.caller) showThis("In middle of DumpTrace(); i = " + (i++)) showThis("At end of DumpTrace(); i = " + (i++)) return i; } This, in turn, gets called from test(): function test() { showThis("Return value of DumpTrace() = "+DumpTrace()) } OUTPUT ------------- JS shell, XPC shell, NN4.7, IE6 ---------------------- In middle of DumpTrace(); i = 0 In middle of DumpTrace(); i = 1 At end of DumpTrace(); i = 2 Return value of DumpTrace() = 3 ------------- Mozilla trunk binary 2002091011 ---------------------- In middle of DumpTrace(); i = 0 In middle of DumpTrace(); i = 1 For some reason, in the browser execution terminates silently at the end of the function.caller loop in DumpTrace(). I also added an alert('Done') after the call to test(). In NN4.7 and IE6 this alert comes up, but in Mozilla it doesn't, since JS execution has ceased. Again, in the JS shell and XPCshell, the analogous print('Done') does get executed. Reassigning to DOM Level 0.
Assignee: rogerl → jst
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → DOM Level 0
Ever confirmed: true
OS: Windows 2000 → All
QA Contact: pschwartau → desale
It seems that silently killing JS is not restricted to Function().caller. I have added a new test case that demonstrates that trying to access document.defaultView.fullScreen will also silently terminate the JS engine.
Please ignore my last comment. document.defaultView.fullScreen is not silent death, but is caused by an uncaught exception (Permission denied).
Attachment #99517 - Attachment is obsolete: true
Mass-reassigning bugs to dom_bugs@netscape.com
Assignee: jst → dom_bugs
With a current build, Phil's testcase shows the right output in the browser. So does the original testcase George attached. So it sounds like we fixed something somewhere....
Assignee: general → nobody
QA Contact: desale → general
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: