Closed
Bug 418293
Opened 16 years ago
Closed 16 years ago
Crash when stopping at breakpoint set by Venkman [@ ComputeGlobalThis]
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.9beta4
People
(Reporter: whimboo, Assigned: mrbkap)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file, 2 obsolete files)
|
2.69 KB,
patch
|
brendan
:
review+
brendan
:
approval1.9b4+
brendan
:
approval1.9+
|
Details | Diff | Splinter Review |
#0 JS_Assert (s=0x110e554 "!fp->thisp && fp->argv == argv", file=0x110e124 "/Users/henrik/Projects/mozilla/source/mozilla/js/src/jsinterp.c", ln=928) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsutil.c:63 #1 0x010626e1 in ComputeGlobalThis (cx=0x3df70010, lazy=1, argv=0x25d498c) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsinterp.c:928 #2 0x010629d3 in js_ComputeThis (cx=0x3df70010, lazy=1, argv=0x25d498c) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsinterp.c:995 #3 0x01035b21 in JS_GetFrameThis (cx=0x3df70010, fp=0x25d4998) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsdbgapi.c:1089 #4 0x2f886dc5 in jsd_NewThreadState (jsdc=0x36c3bc40, cx=0x3df70010) at /Users/henrik/Projects/mozilla/source/mozilla/js/jsd/jsd_stak.c:133 #5 0x2f883cfa in jsd_CallExecutionHook (jsdc=0x36c3bc40, cx=0x3df70010, type=1, hook=0x2f892c16 <jsds_ExecutionHookProc(JSDContext*, JSDThreadState*, unsigned int, void*, long*)>, hookData=0x1, rval=0xbfffa570) at /Users/henrik/Projects/mozilla/source/mozilla/js/jsd/jsd_hook.c:165 #6 0x2f8863d2 in jsd_TrapHandler (cx=0x3df70010, script=0x3f330ab0, pc=0x3f330af4 "S5", rval=0xbfffa570, closure=0x3c78b371) at /Users/henrik/Projects/mozilla/source/mozilla/js/jsd/jsd_scpt.c:736 #7 0x01033d49 in JS_HandleTrap (cx=0x3df70010, script=0x3f330ab0, pc=0x3f330af4 "S5", rval=0xbfffa570) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsdbgapi.c:289 #8 0x0107e173 in js_Interpret (cx=0x3df70010, pc=0x3f330af4 "S5", result=0xbfffa8d8) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsinterp.c:5225 #9 0x010638a8 in js_Invoke (cx=0x3df70010, argc=1, vp=0x25d4820, flags=2) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsinterp.c:1433 #10 0x35811515 in nsXPCWrappedJSClass::CallMethod (this=0x3a044640, wrapper=0x3f3b1cf0, methodIndex=3, info=0x20cd9d0, nativeParams=0xbfffad34) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1473 #11 0x35809c6f in nsXPCWrappedJS::CallMethod (this=0x3f3b1cf0, methodIndex=3, info=0x20cd9d0, params=0xbfffad34) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp:556 #12 0x0139788a in PrepareAndDispatch (self=0x3f3b1d30, methodIndex=3, args=0xbfffae54) at /Users/henrik/Projects/mozilla/source/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp:93 #13 0x013978e8 in nsXPTCStubBase::Stub3 (this=0x3f3b1d30) at ../../../../../../dist/include/xpcom/xptcstubsdef.inc:5 #14 0x1604090e in nsEventListenerManager::HandleEventSubType (this=0x3f39fb90, aListenerStruct=0x3f39b058, aListener=0x3f3b1d30, aDOMEvent=0x3e61edbc, aCurrentTarget=0x3e326e20, aPhaseFlags=6) at /Users/henrik/Projects/mozilla/source/mozilla/content/events/src/nsEventListenerManager.cpp:1082 #15 0x1604267b in nsEventListenerManager::HandleEvent (this=0x3f39fb90, aPresContext=0x3f31cf10, aEvent=0xbfffb1f4, aDOMEvent=0xbfffb124, aCurrentTarget=0x3e326e20, aFlags=6, aEventStatus=0xbfffb128) at /Users/henrik/Projects/mozilla/source/mozilla/content/events/src/nsEventListenerManager.cpp:1184 #16 0x16067b5f in nsEventTargetChainItem::HandleEvent (this=0x3d20b920, aVisitor=@0xbfffb11c, aFlags=6) at /Users/henrik/Projects/mozilla/source/mozilla/content/events/src/nsEventDispatcher.cpp:206 #17 0x16067d31 in nsEventTargetChainItem::HandleEventTargetChain (this=0x3d20b9c0, aVisitor=@0xbfffb11c, aFlags=6, aCallback=0x0) at /Users/henrik/Projects/mozilla/source/mozilla/content/events/src/nsEventDispatcher.cpp:264 #18 0x160685e2 in nsEventDispatcher::Dispatch (aTarget=0x3e326e20, aPresContext=0x3f31cf10, aEvent=0xbfffb1f4, aDOMEvent=0x0, aEventStatus=0xbfffb23c, aCallback=0x0) at /Users/henrik/Projects/mozilla/source/mozilla/content/events/src/nsEventDispatcher.cpp:479 #19 0x15dbcdab in PresShell::HandleDOMEventWithTarget (this=0x3d164200, aTargetContent=0x3e326e20, aEvent=0xbfffb1f4, aStatus=0xbfffb23c) at /Users/henrik/Projects/mozilla/source/mozilla/layout/base/nsPresShell.cpp:5886 #20 0x15f5de8d in nsButtonBoxFrame::DoMouseClick (this=0x259b7a0, aEvent=0xbfffb51c, aTrustEvent=0) at /Users/henrik/Projects/mozilla/source/mozilla/layout/xul/base/src/nsButtonBoxFrame.cpp:160
|
Reporter | |
Comment 1•16 years ago
|
||
Sorry, hit the enter key too early. Here comes the missing part:
While checking the application details dialog and setting a breakpoint in there, Minefield crashes when reaching the breakpoint.
STR:
1. Start Minefield and open Venkman
2. Open Preferences and go to applications
3. Open drop down box of "Web Feed" and select "Application Details"
4. Goto Venkman and goto appManager_onOk within applicationManager.js
5. Set a breakpoint at line 46: if (!this._removed.length) {
6. Go back to the Application Details dialog and hit Ok
Now Minefield crashes with the above stack trace. Here some values:
(gdb) frame 1
#1 0x010626e1 in ComputeGlobalThis (cx=0x3df70010, lazy=1, argv=0x25d498c) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsinterp.c:928
928 JS_ASSERT(!fp->thisp && fp->argv == argv);
(gdb) p !fp->thisp
$1 = 0
(gdb) p fp->argv
$2 = (jsval *) 0x25d4a1c
(gdb) p argv
$3 = (jsval *) 0x25d498c
|
||
Comment 2•16 years ago
|
||
fp in frame 1 must not be cx->fp, then. True? /be
|
|
Reporter | |
Comment 3•16 years ago
|
||
fp is the same as cx->fp:
(gdb) p fp
$1 = (JSStackFrame *) 0x3caca21c
(gdb) p cx->fp
$2 = (JSStackFrame *) 0x3caca21c
Anything other would be suspicious, due to following lines:
fp = cx->fp; /* quell GCC overwarning */
if (lazy) {
JS_ASSERT(!fp->thisp && fp->argv == argv);
fp->dormantNext = cx->dormantFrameChain;
|
|
||
Comment 4•16 years ago
|
||
Yes, sorry -- I meant in frame 3. But JS_GetFrameThis there is passed fp (which must differ from cx->fp for argv to differ in frame 1) from jsd_NewThreadState, which indeed says:
while( NULL != (fp = JS_FrameIterator(cx, &iter)) )
{
JSScript* script = JS_GetFrameScript(cx, fp);
jsuword pc = (jsuword) JS_GetFramePC(cx, fp);
/*
* don't construct a JSDStackFrame for dummy frames (those without a
* |this| object, or native frames, if JSD_INCLUDE_NATIVE_FRAMES
* isn't set.
*/
if (JS_GetFrameThis(cx, fp) &&
So the bug is obvious.
/beAssignee: general → brendan
Flags: blocking1.9+
OS: Mac OS X → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9beta4
|
|
Reporter | |
Comment 5•16 years ago
|
||
Aah, then here the values: (gdb) frame 3 #3 0x01035b21 in JS_GetFrameThis (cx=0x3b8db870, fp=0x3cbb7198) at /Users/henrik/Projects/mozilla/source/mozilla/js/src/jsdbgapi.c:1089 1089 fp->thisp = js_ComputeThis(cx, JS_TRUE, fp->argv); Current language: auto; currently c (gdb) p fp $1 = (JSStackFrame *) 0x3cbb7198 (gdb) p cx->fp $2 = (JSStackFrame *) 0x3cbb721c I'm still not able to get Minefield crash under Windows.
|
||
Comment 6•16 years ago
|
||
I probably have reproducible scenario (crashes always for me) with TRUNK build not older then 4 hours since this comment post on Win XP:
I have setup browser.cache.disk_cache_ssl = true - might be important
I have installed Firebug 1.1.0b10
Start from blank page
Go to www.paypal.com (wait for full load)
Go to www.volny.cz (in another tab!)
Click on 'E-mail' link at the main top black bar
Click 'Zabezpecene prihlaseni' (CZ) or 'Secure login' (EN) in the login form
Minefield blocks this page (certificate domain is not valid)
Click 'Add an exception'
Click 'Get certificate' -> ASSERT FAILS
Call stack (back trace) is:
js3250.dll!JS_Assert(const char * s=0x005ac610, const char * file=0x005ac5e4, int ln=926) Line 59 C
> js3250.dll!ComputeGlobalThis(JSContext * cx=0x033dfe78, int lazy=1, long * argv=0x086e4a1c) Line 926 + 0x2a bytes C
js3250.dll!js_ComputeThis(JSContext * cx=0x033dfe78, int lazy=1, long * argv=0x086e4a1c) Line 993 + 0x11 bytes C
js3250.dll!JS_GetFrameThis(JSContext * cx=0x033dfe78, JSStackFrame * fp=0x086e4a28) Line 1089 + 0x12 bytes C
jsd3250.dll!jsd_NewThreadState(JSDContext * jsdc=0x056c4560, JSContext * cx=0x033dfe78) Line 135 + 0xe bytes C
jsd3250.dll!jsd_CallExecutionHook(JSDContext * jsdc=0x056c4560, JSContext * cx=0x033dfe78, unsigned int type=4, unsigned int (JSDContext *, JSDThreadState *, unsigned int, void *, long *)* hook=0x036c12f0, void * hookData=0x00000000, long * rval=0x00128e04) Line 165 + 0x13 bytes C
jsd3250.dll!jsd_ThrowHandler(JSContext * cx=0x033dfe78, JSScript * script=0x059b64a8, unsigned char * pc=0x059b6546, long * rval=0x00128e04, void * closure=0x056c4560) Line 149 + 0x1b bytes C
js3250.dll!js_Interpret(JSContext * cx=0x033dfe78, unsigned char * pc=0x059b6546, long * result=0x00128f24) Line 6770 + 0x26 bytes C
js3250.dll!js_Invoke(JSContext * cx=0x033dfe78, unsigned int argc=1, long * vp=0x086e4bb4, unsigned int flags=2) Line 1435 + 0x13 bytes C
xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x08605668, unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x00c5e5b0, nsXPTCMiniVariant * nativeParams=0x00129240) Line 1475 + 0x1b bytes C++
xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x00c5e5b0, nsXPTCMiniVariant * params=0x00129240) Line 557 C++
xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x086056e0, unsigned int methodIndex=3, unsigned int * args=0x00129300, unsigned int * stackBytesToPop=0x001292f0) Line 114 + 0x21 bytes C++
xpcom_core.dll!SharedStub() Line 142 C++
gklayout.dll!nsXMLHttpRequest::GetInterface(const nsID & aIID={...}, void * * aResult=0x001294fc) Line 2745 + 0x24 bytes C++
gklayout.dll!nsXMLHttpRequest::GetInterface(const nsID & aIID={...}, void * * aResult=0x001294fc) Line 2745 + 0x24 bytes C++
xpcom_core.dll!NS_InvokeByIndex_P(nsISupports * that=0x00000003, unsigned int methodIndex=2, unsigned int paramCount=1217772, nsXPTCVariant * params=0x00000000) Line 102 C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=3) Line 2339 + 0x21 bytes C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2339 + 0x21 bytes C++
xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x033dfe78, JSObject * obj=0x062931e0, unsigned int argc=1, long * argv=0x086e4b9c, long * vp=0x001297b4) Line 1470 + 0xe bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x033dfe78, unsigned int argc=1, long * vp=0x086e4b94, unsigned int flags=0) Line 1419 + 0x20 bytes C
js3250.dll!js_Interpret(JSContext * cx=0x033dfe78, unsigned char * pc=0x04087e9d, long * result=0x00129fd0) Line 4759 + 0x16 bytes C
js3250.dll!js_Invoke(JSContext * cx=0x033dfe78, unsigned int argc=3, long * vp=0x086e4b5c, unsigned int flags=2) Line 1435 + 0x13 bytes C
xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x05b4ad80, unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x01cf8680, nsXPTCMiniVariant * nativeParams=0x0012a2ec) Line 1475 + 0x1b bytes C++
xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x01cf8680, nsXPTCMiniVariant * params=0x0012a2ec) Line 557 C++
xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x05b4adf8, unsigned int methodIndex=3, unsigned int * args=0x0012a3ac, unsigned int * stackBytesToPop=0x0012a39c) Line 114 + 0x21 bytes C++
xpcom_core.dll!SharedStub() Line 142 C++
xpcom_core.dll!nsObserverList::NotifyObservers(nsISupports * aSubject=0x05b4adf8, const char * aTopic=0x06067cb8, const wchar_t * someData=0x01943cc0) Line 129 C++
xpcom_core.dll!nsObserverList::NotifyObservers(nsISupports * aSubject=0x06067cb8, const char * aTopic=0x01943cc0, const wchar_t * someData=0x00000000) Line 129 C++
xpcom_core.dll!nsObserverService::NotifyObservers(nsISupports * aSubject=0x06067cb8, const char * aTopic=0x01943cc0, const wchar_t * someData=0x00000000) Line 184 C++
necko.dll!nsHttpHandler::NotifyObservers(nsIHttpChannel * chan=0x06067cb8, const char * event=0x01943cc0) Line 493 C++
necko.dll!nsHttpHandler::OnModifyRequest(nsIHttpChannel * chan=0x06067cb8) Line 180 C++
necko.dll!nsHttpChannel::AsyncOpen(nsIStreamListener * listener=0x05b6c580, nsISupports * context=0x00000000) Line 3666 C++
gklayout.dll!nsXMLHttpRequest::Send(nsIVariant * aBody=0x085e6808) Line 2330 + 0x30 bytes C++
xpcom_core.dll!NS_InvokeByIndex_P(nsISupports * that=0x0000000d, unsigned int methodIndex=1, unsigned int paramCount=1223068, nsXPTCVariant * params=0x00000000) Line 102 C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=13) Line 2339 + 0x21 bytes C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2339 + 0x21 bytes C++
xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x033dfe78, JSObject * obj=0x062809e0, unsigned int argc=1, long * argv=0x086e4b48, long * vp=0x0012ac64) Line 1470 + 0xe bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x033dfe78, unsigned int argc=1, long * vp=0x086e4b40, unsigned int flags=0) Line 1419 + 0x20 bytes C
js3250.dll!js_Interpret(JSContext * cx=0x033dfe78, unsigned char * pc=0x086732cf, long * result=0x0012b480) Line 4759 + 0x16 bytes C
js3250.dll!js_Invoke(JSContext * cx=0x033dfe78, unsigned int argc=1, long * vp=0x086e48b0, unsigned int flags=2) Line 1435 + 0x13 bytes C
xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x05f64d18, unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x032e66f0, nsXPTCMiniVariant * nativeParams=0x0012b79c) Line 1475 + 0x1b bytes C++
xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x032e66f0, nsXPTCMiniVariant * params=0x0012b79c) Line 557 C++
xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x05ff4ea0, unsigned int methodIndex=3, unsigned int * args=0x0012b85c, unsigned int * stackBytesToPop=0x0012b84c) Line 114 + 0x21 bytes C++
xpcom_core.dll!SharedStub() Line 142 C++
gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x05ff4ea0, nsIDOMEventListener * aListener=0x0451064c, nsIDOMEvent * aDOMEvent=0x05ee36e8, nsISupports * aCurrentTarget=0x002f991b, unsigned int aPhaseFlags=1) Line 1082 + 0x12 bytes C++
gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x05a3cf70, nsIDOMEventListener * aListener=0x05ff4ea0, nsIDOMEvent * aDOMEvent=0x0451064c, nsISupports * aCurrentTarget=0x033d63b0, unsigned int aPhaseFlags=6) Line 1082 + 0x12 bytes C++
gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext * aPresContext=0x08701020, nsEvent * aEvent=0x0012bb20, nsIDOMEvent * * aDOMEvent=0x0012ba6c, nsISupports * aCurrentTarget=0x033d63b0, unsigned int aFlags=6, nsEventStatus * aEventStatus=0x0012ba70) Line 1190 C++
gklayout.dll!nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor & aVisitor={...}, unsigned int aFlags=6) Line 207 C++
gklayout.dll!nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor & aVisitor={...}, unsigned int aFlags=6, nsDispatchingCallback * aCallback=0x00000000) Line 266 C++
gklayout.dll!nsEventDispatcher::Dispatch(nsISupports * aTarget=0x033d63b0, nsPresContext * aPresContext=0x08701020, nsEvent * aEvent=0x0012bb20, nsIDOMEvent * aDOMEvent=0x00000000, nsEventStatus * aEventStatus=0x0012bb1c, nsDispatchingCallback * aCallback=0x00000000) Line 479 + 0x12 bytes C++
gklayout.dll!PresShell::HandleDOMEventWithTarget(nsIContent * aTargetContent=0x033d63b0, nsEvent * aEvent=0x0012bb20, nsEventStatus * aStatus=0x0012bb1c) Line 5934 + 0x1c bytes C++
gklayout.dll!nsButtonBoxFrame::DoMouseClick(nsGUIEvent * aEvent=0x0012bdf4, int aTrustEvent=0) Line 162 C++
gklayout.dll!nsButtonBoxFrame::MouseClicked(nsPresContext * aPresContext=0x08701020, nsGUIEvent * aEvent=0x0012bdf4) Line 62 + 0x15 bytes C++
gklayout.dll!nsButtonBoxFrame::HandleEvent(nsPresContext * aPresContext=0x08701020, nsGUIEvent * aEvent=0x0012bdf4, nsEventStatus * aEventStatus=0x0012bc60) Line 135 C++
gklayout.dll!nsPresShellEventCB::HandleEvent(nsEventChainPostVisitor & aVisitor={...}) Line 1227 C++
gklayout.dll!nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor & aVisitor={...}, unsigned int aFlags=6, nsDispatchingCallback * aCallback=0x0012bd10) Line 314 C++
gklayout.dll!nsEventDispatcher::Dispatch(nsISupports * aTarget=0x033d63b0, nsPresContext * aPresContext=0x08701020, nsEvent * aEvent=0x0012bdf4, nsIDOMEvent * aDOMEvent=0x00000000, nsEventStatus * aEventStatus=0x0012c228, nsDispatchingCallback * aCallback=0x0012bd10) Line 479 + 0x12 bytes C++
gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012bdf4, nsIView * aView=0x00000000, nsEventStatus * aStatus=0x0012c228) Line 5888 + 0x29 bytes C++
gklayout.dll!PresShell::HandleEventWithTarget(nsEvent * aEvent=0x0012bdf4, nsIFrame * aFrame=0x05ec04b8, nsIContent * aContent=0x033d63b0, nsEventStatus * aStatus=0x0012c228) Line 5793 + 0x12 bytes C++
gklayout.dll!nsEventStateManager::CheckForAndDispatchClick(nsPresContext * aPresContext=0x08701020, nsMouseEvent * aEvent=0x0012c48c, nsEventStatus * aStatus=0x0012c228) Line 3356 + 0x45 bytes C++
gklayout.dll!nsEventStateManager::PostHandleEvent(nsPresContext * aPresContext=0x08701020, nsEvent * aEvent=0x0012c48c, nsIFrame * aTargetFrame=0x05ec04b8, nsEventStatus * aStatus=0x0012c228, nsIView * aView=0x03efbed8) Line 2420 + 0x1c bytes C++
gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012c48c, nsIView * aView=0x03efbed8, nsEventStatus * aStatus=0x0012c228) Line 5909 + 0x3a bytes C++
gklayout.dll!PresShell::HandlePositionedEvent(nsIView * aView=0x03efbed8, nsIFrame * aTargetFrame=0x05ec04b8, nsGUIEvent * aEvent=0x0012c48c, nsEventStatus * aEventStatus=0x0012c228) Line 5776 + 0x14 bytes C++
gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x03efbed8, nsGUIEvent * aEvent=0x0012c48c, nsEventStatus * aEventStatus=0x0012c228) Line 5636 + 0x1e bytes C++
gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x03efbed8, nsPoint aPoint={...}, nsGUIEvent * aEvent=0x0012c48c, int aCaptured=0) Line 1399 C++
gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x0012c48c, nsEventStatus * aStatus=0x0012c370) Line 1351 + 0x22 bytes C++
gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012c48c) Line 171 C++
gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012c48c, nsEventStatus & aStatus=nsEventStatus_eIgnore) Line 972 + 0xc bytes C++
gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x0012c48c) Line 993 C++
gkwidget.dll!nsWindow::DispatchMouseEvent(unsigned int aEventType=301, unsigned int wParam=0, long lParam=6029731, int aIsContextMenuKey=0, short aButton=0) Line 5865 + 0x1a bytes C++
gkwidget.dll!ChildWindow::DispatchMouseEvent(unsigned int aEventType=301, unsigned int wParam=0, long lParam=6029731, int aIsContextMenuKey=0, short aButton=0) Line 6038 C++
gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=514, unsigned int wParam=0, long lParam=6029731, long * aRetValue=0x0012c944) Line 4341 + 0x24 bytes C++
gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x002b0b76, unsigned int msg=514, unsigned int wParam=0, long lParam=6029731) Line 1187 + 0x1d bytes C++
user32.dll!7e418734()
user32.dll!7e418816()
user32.dll!7e4189cd()
user32.dll!7e419402()
user32.dll!7e418a10()
gkwidget.dll!nsAppShell::ProcessNextNativeEvent(int mayWait=1) Line 149 C++
gkwidget.dll!nsBaseAppShell::DoProcessNextNativeEvent(int mayWait=1) Line 133 + 0x11 bytes C++
gkwidget.dll!nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal * thr=0x00bc7a10, int mayWait=1, unsigned int recursionDepth=0) Line 252 + 0xf bytes C++
xpcom_core.dll!nsThread::ProcessNextEvent(int mayWait=1, int * result=0x0012cb40) Line 500 C++
xpcom_core.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x00bc7a10, int mayWait=1) Line 227 + 0x16 bytes C++
appshell.dll!nsXULWindow::ShowModal() Line 398 + 0xc bytes C++
appshell.dll!nsContentTreeOwner::ShowAsModal() Line 525 C++
embedcomponents.dll!nsWindowWatcher::OpenWindowJSInternal(nsIDOMWindow * aParent=0x033ee568, const char * aUrl=0x0454fc68, const char * aName=0x00000000, const char * aFeatures=0x0012d25c, int aDialog=1, nsIArray * argv=0x0454fc0c, int aCalledFromJS=1, nsIDOMWindow * * _retval=0x0012d2b8) Line 945 C++
embedcomponents.dll!nsWindowWatcher::OpenWindowJS(nsIDOMWindow * aParent=0x033ee568, const char * aUrl=0x0454fc68, const char * aName=0x00000000, const char * aFeatures=0x0012d25c, int aDialog=1, nsIArray * argv=0x0454fc0c, nsIDOMWindow * * _retval=0x0012d2b8) Line 485 C++
gklayout.dll!nsGlobalWindow::OpenInternal(const nsAString_internal & aUrl={...}, const nsAString_internal & aName={...}, const nsAString_internal & aOptions={...}, int aDialog=1, int aContentModal=0, int aCalledNoScript=0, int aDoJSFixups=0, nsIArray * argv=0x0454fc0c, nsISupports * aExtraArgument=0x00000000, nsIPrincipal * aCalleePrincipal=0x00c97150, JSContext * aJSCallerContext=0x033ee940, nsIDOMWindow * * aReturn=0x0012d6a4) Line 7222 + 0x69 bytes C++
gklayout.dll!nsGlobalWindow::OpenDialog(nsIDOMWindow * * _retval=0x0012d6a4) Line 5056 + 0x4d bytes C++
xpcom_core.dll!NS_InvokeByIndex_P(nsISupports * that=0x00000010, unsigned int methodIndex=1, unsigned int paramCount=1234596, nsXPTCVariant * params=0x033fb370) Line 102 C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=16) Line 2339 + 0x21 bytes C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2339 + 0x21 bytes C++
xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x033ee940, JSObject * obj=0x03a411a0, unsigned int argc=4, long * argv=0x0331d070, long * vp=0x0012d96c) Line 1470 + 0xe bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x033ee940, unsigned int argc=4, long * vp=0x0331d068, unsigned int flags=0) Line 1419 + 0x20 bytes C
js3250.dll!js_Interpret(JSContext * cx=0x033ee940, unsigned char * pc=0x03ef962e, long * result=0x0012e188) Line 4759 + 0x16 bytes C
js3250.dll!js_Invoke(JSContext * cx=0x033ee940, unsigned int argc=1, long * vp=0x0331d030, unsigned int flags=2) Line 1435 + 0x13 bytes C
xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x0533ede0, unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x032e66f0, nsXPTCMiniVariant * nativeParams=0x0012e4a4) Line 1475 + 0x1b bytes C++
xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, const XPTMethodDescriptor * info=0x032e66f0, nsXPTCMiniVariant * params=0x0012e4a4) Line 557 C++
xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x0533ee58, unsigned int methodIndex=3, unsigned int * args=0x0012e564, unsigned int * stackBytesToPop=0x0012e554) Line 114 + 0x21 bytes C++
xpcom_core.dll!SharedStub() Line 142 C++
gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x0533ee58, nsIDOMEventListener * aListener=0x045539e4, nsIDOMEvent * aDOMEvent=0x03ead6d8, nsISupports * aCurrentTarget=0x002f991b, unsigned int aPhaseFlags=1) Line 1082 + 0x12 bytes C++
gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x0533ec50, nsIDOMEventListener * aListener=0x0533ee58, nsIDOMEvent * aDOMEvent=0x045539e4, nsISupports * aCurrentTarget=0x03ead670, unsigned int aPhaseFlags=2) Line 1082 + 0x12 bytes C++
gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext * aPresContext=0x08627948, nsEvent * aEvent=0x0012e828, nsIDOMEvent * * aDOMEvent=0x0012e774, nsISupports * aCurrentTarget=0x03ead670, unsigned int aFlags=2, nsEventStatus * aEventStatus=0x0012e778) Line 1190 C++
gklayout.dll!nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor & aVisitor={...}, unsigned int aFlags=2) Line 207 C++
gklayout.dll!nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor & aVisitor={...}, unsigned int aFlags=6, nsDispatchingCallback * aCallback=0x00000000) Line 289 C++
gklayout.dll!nsEventDispatcher::Dispatch(nsISupports * aTarget=0x045a4310, nsPresContext * aPresContext=0x08627948, nsEvent * aEvent=0x0012e828, nsIDOMEvent * aDOMEvent=0x00000000, nsEventStatus * aEventStatus=0x0012e824, nsDispatchingCallback * aCallback=0x00000000) Line 479 + 0x12 bytes C++
gklayout.dll!PresShell::HandleDOMEventWithTarget(nsIContent * aTargetContent=0x045a4310, nsEvent * aEvent=0x0012e828, nsEventStatus * aStatus=0x0012e824) Line 5934 + 0x1c bytes C++
gklayout.dll!nsButtonBoxFrame::DoMouseClick(nsGUIEvent * aEvent=0x0012eafc, int aTrustEvent=0) Line 162 C++
gklayout.dll!nsButtonBoxFrame::MouseClicked(nsPresContext * aPresContext=0x08627948, nsGUIEvent * aEvent=0x0012eafc) Line 62 + 0x15 bytes C++
------------
Assertion value is:
fp->thisp = 0x06280da0 {map=0x044fdf38 fslots=0x06280da4 dslots=0x00000000 }
fp->argv = 0x086e4bd4
argv = 0x086e4a1c
------------
This is JS stack:
0 anonymous(aIID = {f3fb86e6-5914-4b47-a1f6-8907e37e1159}) ["chrome://pippki/con
tent/exceptionDialog.js":59]
this = [object Object]
1 anonymous(aIID = {f3fb86e6-5914-4b47-a1f6-8907e37e1159}) ["chrome://pippki/con
tent/exceptionDialog.js":51]
this = [object Object]
2 [native frame]
3 anonymous(data = null, topic = "http-on-modify-request", request = [xpconnect
wrapped nsIHttpChannel @ 0x5703040 (native @ 0x5f78f00)]) ["chrome://firebug/con
tent/spy.js":37]
i = undefined
win = undefined
xhrRequest = undefined
this = [object Object]
4 [native frame]
5 checkCert() ["chrome://pippki/content/exceptionDialog.js":151]
Ci = undefined
req = [object XMLHttpRequest @ 0x5d8caa8 (native @ 0x5d8c9c0)]
uri = [xpconnect wrapped nsIURI @ 0x5c0c118 (native @ 0x5c0be9c)]
this = [object ChromeWindow @ 0x615db30 (native @ 0x5d237bc)]
6 anonymous(event = [object Event @ 0x5eeab20 (native @ 0x5eeaa50)]) ["chrome://
global/content/bindings/dialog.xml":357]
this = [object ChromeWindow @ 0x5a18a20 (native @ 0x5b5abdc)]
7 _fireButtonEvent(aDlgType = "extra2") ["chrome://global/content/bindings/dialo
g.xml":358]
returned = undefined
fn = [function]
handler = "checkCert();"
noCancel = true
event = [object Event @ 0x5eeab20 (native @ 0x5eeaa50)]
this = [object XULElement @ 0x5d7e380 (native @ 0x5aa7d10)]
8 _doButtonCommand(aDlgType = "extra2") ["chrome://global/content/bindings/dialo
g.xml":332]
noCancel = undefined
button = [object XULElement @ 0x5719c28 (native @ 0x5de6388)]
this = [object XULElement @ 0x5d7e380 (native @ 0x5aa7d10)]
9 _handleButtonCommand(aEvent = [object XULCommandEvent @ 0x5eea430 (native @ 0x
5f7b1dc)]) ["chrome://global/content/bindings/dialog.xml":321]
this = [object XULElement @ 0x5719c28 (native @ 0x5de6388)]
Hope it helps...
|
||
Updated•16 years ago
|
Flags: tracking1.9+ → blocking1.9+
|
||
Updated•16 years ago
|
Assignee: brendan → mrbkap
|
Assignee | |
Comment 7•16 years ago
|
||
I'm not going to get a chance to test this for a while, but this attempts to fix the bug by ensuring that we only call into ComputeGlobalThis to compute |this| for cx->fp.
|
|
Reporter | |
Comment 8•16 years ago
|
||
Blake, I'll do the test in a minute. But FYI this crash also happens for me now when starting my debug build and clicking on Venkman under Tools. Looks really bad!
Status: NEW → ASSIGNED
|
|
||
Comment 9•16 years ago
|
||
Comment on attachment 306799 [details] [diff] [review] Untested patch Better to parameterize fp in *Compute*This so JS_GetFrameThis can just pass it in. Can do? /be
|
|
Reporter | |
Comment 10•16 years ago
|
||
Blake, I'll do the test in a minute. But FYI this crash also happens for me now when starting my debug build and clicking on Venkman under Tools. Looks really bad!
|
|
Reporter | |
Comment 11•16 years ago
|
||
Sorry, something went wrong after I got the mid-air collision. After a testrun Venkman now starts again. Even the mentioned testcase doesn't crash the browser anymore. From my point of view the patch works fine.
|
|
Assignee | |
Comment 12•16 years ago
|
||
(In reply to comment #9) > Better to parameterize fp in *Compute*This so JS_GetFrameThis can just pass it > in. So, every other consumer of *Compute*This just uses cx->fp. It seems like less work to just make the "other" consumer do additional work to meet the contract.
|
|
||
Comment 13•16 years ago
|
||
Comment on attachment 306799 [details] [diff] [review] Untested patch First, I'm not convinced this is less code than making everyone pass fp (cx->fp, but some callers have fp already live and possibly in a register. Care to do an A-B code size test? Second, none of the guts should run if (fp->flags & JSFRAME_COMPUTED_THIS) -- just return fp->thisp in that case. Third, style nits about declaration and code blank line separator, and maybe a wittier name than fp2 ;-). Suggest afp. /be
|
|
Assignee | |
Comment 15•16 years ago
|
||
On IRC, I argued for reduced brainprint in the common cases (calling js_ComputeThis with fp == cx->fp).
Attachment #306799 -
Attachment is obsolete: true
Attachment #306963 -
Flags: review?(brendan)
|
|
||
Comment 16•16 years ago
|
||
a1.9b4=beltzner once we have a reviewed patch.
|
|
||
Comment 17•16 years ago
|
||
Thanks, mrbkap -- I fixed the comment and stripped trailing whitespace (everywhere) -- will commit for you if beltzner is as speedy as he has been tonight. /be
Attachment #306963 -
Attachment is obsolete: true
Attachment #306981 -
Flags: review+
Attachment #306981 -
Flags: approval1.9b4?
Attachment #306981 -
Flags: approval1.9+
Attachment #306963 -
Flags: review?(brendan)
|
|
||
Comment 18•16 years ago
|
||
Comment on attachment 306981 [details] [diff] [review] final patch for checkin Per comment 16, pointed out by crowder -- thanks. /be
Attachment #306981 -
Flags: approval1.9b4? → approval1.9b4+
|
|
||
Comment 19•16 years ago
|
||
Fixed: js/src/jsdbgapi.c 3.130 /be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 20•16 years ago
|
||
Thanks Blake! Venkman works again and doesn't cause a crash on start or setting a breakpoint. Verified with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b4pre) Gecko Minefield/3.0b4pre ID:2008030308
Status: RESOLVED → VERIFIED
|
||
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
|
||
Updated•13 years ago
|
Crash Signature: [@ ComputeGlobalThis]
You need to log in
before you can comment on or make changes to this bug.
Description
•