Closed Bug 469492 Opened 17 years ago Closed 16 years ago

JS_GetFrameScopeChain is broken

Categories

(Core :: JavaScript Engine, defect, P2)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: igor)

References

Details

(Keywords: assertion, fixed1.9.0.14, fixed1.9.1, Whiteboard: [firebug-p1] fixed-in-tracemonkey)

Attachments

(3 files, 2 obsolete files)

Screenshot of Firebug extension to monitor network, DOM and JavaScript activity.
136.30 KB, image/gif
Details
v2
5.91 KB, patch
igor
: review+
dveditz
: approval1.9.0.14+
Details | Diff | Splinter Review
Merged patch for 1.9.0
5.67 KB, patch
igor
: review+
Details | Diff | Splinter Review
changeset: 22755:ad710c32b0e9 tag: qparent is my baseline. i suspect that someone has broken some promise about what can be done. 0:000> dt cx 0:000> dv cx = 0x07ffa328 fp = 0x0012b260 parent = 0x09613620 callobj = 0x066a1000 funobj = 0x09b10180 Local var @ 0x1255dc Type JSContext* 0x07ffa328 +0x098 fp : (null) +0x194 interpLevel : 3 0:000> dt fp Local var @ 0x1255e0 Type JSStackFrame* 0x0012b260 +0x000 regs : (null) +0x004 imacpc : (null) +0x008 slots : (null) +0x00c callobj : 0x066a1000 JSObject +0x010 argsobj : 0x066a2f40 JSObject +0x014 varobj : 0x09b107a0 JSObject +0x018 callee : 0x09b10180 JSObject +0x01c script : (null) +0x020 fun : 0x072b22a0 JSFunction +0x024 thisp : 0x09613620 JSObject +0x028 argc : 1 +0x02c argv : 0x07e10594 -> 164497440 +0x030 rval : 22 +0x034 down : 0x07e104e8 JSStackFrame +0x038 annotation : (null) +0x03c scopeChain : 0x09b107a0 JSObject +0x040 sharpDepth : 0 +0x044 sharpArray : (null) +0x048 flags : 0x22 +0x05c pcDisabledSave : 6 0:000> dt fp JSStackFrame callee->fslots[1] Local var @ 0x1255e0 Type JSStackFrame* 0x0012b260 +0x018 callee : +0x008 fslots : [1] 157365792 js3250!JS_Assert(char * s = 0x00655d60 "fp->scopeChain == parent", char * file = 0x00655d28 "c:/home/mozilla.org/mozilla-central/js/src/jsfun.cpp", int ln = 622)+0x2d js3250!js_GetCallObject(struct JSContext * cx = 0x07ffa328, struct JSStackFrame * fp = 0x0012b260, struct JSObject * parent = 0x09613620)+0x127 js3250!JS_GetFrameCallObject(struct JSContext * cx = 0x07ffa328, struct JSStackFrame * fp = 0x0012b260)+0x2f js3250!JS_GetFrameScopeChain(struct JSContext * cx = 0x07ffa328, struct JSStackFrame * fp = 0x0012b260)+0x10 jsd3250!jsd_GetScopeChainForStackFrame(struct JSDContext * jsdc = 0x00d67720, struct JSDThreadState * jsdthreadstate = 0x07763960, struct JSDStackFrameInfo * jsdframe = 0x077639f8)+0x5b jsd3250!JSD_GetScopeChainForStackFrame(struct JSDContext * jsdc = 0x00d67720, struct JSDThreadState * jsdthreadstate = 0x07763960, struct JSDStackFrameInfo * jsdframe = 0x077639f8)+0x20 jsd3250!jsdStackFrame::GetScope(class jsdIValue ** _rval = 0x001257d4)+0x2e xpcom_core!NS_InvokeByIndex_P(class nsISupports * that = 0x0a2cae70, unsigned int methodIndex = 0x12, unsigned int paramCount = 1, struct nsXPTCVariant * params = 0x001257d4)+0x27 xpc3250!XPCWrappedNative::CallMethod(class XPCCallContext * ccx = 0x0a2cae70, XPCWrappedNative::CallMode mode = 18 (No matching enumerant))+0x1284 xpc3250!XPCWrappedNative::GetAttribute(class XPCCallContext * ccx = 0x001259a4)+0xe xpc3250!XPC_WN_GetterSetter(struct JSContext * cx = 0x059e5730, struct JSObject * obj = 0x094e1c80, unsigned int argc = 0, long * argv = 0x07f414d4, long * vp = 0x00125ab0)+0x210 js3250!js_Invoke(struct JSContext * cx = 0x059e5730, unsigned int argc = 0, long * vp = 0x07f414cc, unsigned int flags = 2)+0x87a js3250!js_InternalInvoke(struct JSContext * cx = 0x059e5730, struct JSObject * obj = 0x094e1c80, long fval = 107620928, unsigned int flags = 0, unsigned int argc = 0, long * argv = 0x00000000, long * rval = 0x00126a98)+0x6d js3250!js_InternalGetOrSet(struct JSContext * cx = 0x059e5730, struct JSObject * obj = 0x094e1c80, long id = 112793324, long fval = 107620928, JSAccessMode mode = JSACC_READ (4), unsigned int argc = 0, long * argv = 0x00000000, long * rval = 0x00126a98)+0x1df js3250!js_NativeGet(struct JSContext * cx = 0x059e5730, struct JSObject * obj = 0x094e1c80, struct JSObject * pobj = 0x094e1c80, struct JSScopeProperty * sprop = 0x0a8e3738, long * vp = 0x00126a98)+0x1f2 js3250!js_GetPropertyHelper(struct JSContext * cx = 0x059e5730, struct JSObject * obj = 0x094e1c80, long id = 112793324, long * vp = 0x00126a98, struct JSPropCacheEntry ** entryp = 0x0012689c)+0x3ec js3250!js_Interpret(struct JSContext * cx = 0x059e5730)+0xa001 js3250!js_Invoke(struct JSContext * cx = 0x059e5730, unsigned int argc = 1, long * vp = 0x07f40e90, unsigned int flags = 0)+0x8f7 xpc3250!nsXPCWrappedJSClass::CallMethod(class nsXPCWrappedJS * wrapper = 0x0a2500b0, unsigned short methodIndex = 3, struct XPTMethodDescriptor * info = 0x03828ca0, struct nsXPTCMiniVariant * nativeParams = 0x00126eb4)+0xf32 xpc3250!nsXPCWrappedJS::CallMethod(unsigned short methodIndex = 3, struct XPTMethodDescriptor * info = 0x03828ca0, struct nsXPTCMiniVariant * params = 0x00126eb4)+0x41 xpcom_core!PrepareAndDispatch xpcom_core!SharedStub gklayout!nsEventListenerManager::HandleEventSubType gklayout!nsEventListenerManager::HandleEvent gklayout!nsEventTargetChainItem::HandleEvent gklayout!nsEventTargetChainItem::HandleEventTargetChain gklayout!nsEventDispatcher::Dispatch gklayout!PresShell::HandleEventInternal gklayout!PresShell::HandleEventWithTarget gklayout!nsEventStateManager::CheckForAndDispatchClick gklayout!nsEventStateManager::PostHandleEvent gklayout!PresShell::HandleEventInternal gklayout!PresShell::HandlePositionedEvent gklayout!PresShell::HandleEvent gklayout!nsViewManager::HandleEvent gklayout!nsViewManager::DispatchEvent gklayout!HandleEvent gkwidget!nsWindow::DispatchEvent gkwidget!nsWindow::DispatchWindowEvent gkwidget!nsWindow::DispatchMouseEvent gkwidget!ChildWindow::DispatchMouseEvent gkwidget!nsWindow::ProcessMessage gkwidget!nsWindow::WindowProc USER32!InternalCallWinProc USER32!UserCallWinProcCheckWow USER32!DispatchMessageWorker USER32!DispatchMessageW gkwidget!nsAppShell::ProcessNextNativeEvent gkwidget!nsBaseAppShell::DoProcessNextNativeEvent gkwidget!nsBaseAppShell::OnProcessNextEvent xpcom_core!nsThread::ProcessNextEvent xpcom_core!NS_ProcessNextEvent_P jsd3250!jsdService::EnterNestedEventLoop(class jsdINestCallback * callback = 0x087ae3a8, unsigned int * _rval = 0x00128338)+0xfc xpcom_core!NS_InvokeByIndex_P xpc3250!XPCWrappedNative::CallMethod xpc3250!XPC_WN_CallMethod(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x067c00e0, unsigned int argc = 1, long * argv = 0x07e10698, long * vp = 0x001285f0)+0x181 js3250!js_Invoke(struct JSContext * cx = 0x07ffa328, unsigned int argc = 1, long * vp = 0x07e10690, unsigned int flags = 2)+0x87a js3250!js_Interpret(struct JSContext * cx = 0x07ffa328)+0xe2b2 js3250!js_Invoke(struct JSContext * cx = 0x07ffa328, unsigned int argc = 3, long * vp = 0x07e105b4, unsigned int flags = 0)+0x8f7 xpc3250!nsXPCWrappedJSClass::CallMethod xpc3250!nsXPCWrappedJS::CallMethod xpcom_core!PrepareAndDispatch xpcom_core!SharedStub jsd3250!jsds_ExecutionHookProc(struct JSDContext * jsdc = 0x09fcdf30, struct JSDThreadState * jsdthreadstate = 0x03b94880, unsigned int type = 0, void * callerdata = 0x00129a08, long * rval = 0x001299fc)+0x2de jsd3250!jsd_CallExecutionHook(struct JSDContext * jsdc = 0x00d67720, struct JSContext * cx = 0x07ffa328, unsigned int type = 0, <function> * hook = 0x01191b80, void * hookData = 0x00000000, long * rval = 0x0012a8c8)+0x71 jsd3250!jsd_InterruptHandler(struct JSContext * cx = 0x07ffa328, struct JSScript * script = 0x0a211948, unsigned char * pc = 0x0a211984 "AT", long * rval = 0x0012a8c8, void * closure = 0x00d67720)+0x128 js3250!js_Interpret(struct JSContext * cx = 0x07ffa328)+0x4ad js3250!js_Invoke(struct JSContext * cx = 0x07ffa328, unsigned int argc = 1, long * vp = 0x07e10598, unsigned int flags = 0)+0x8f7 xpc3250!nsXPCWrappedJSClass::CallMethod xpc3250!nsXPCWrappedJS::CallMethod xpcom_core!PrepareAndDispatch xpcom_core!SharedStub gklayout!nsTreeBodyFrame::SetView gklayout!nsTreeBoxObject::SetView xpcom_core!NS_InvokeByIndex_P xpc3250!XPCWrappedNative::CallMethod xpc3250!XPCWrappedNative::SetAttribute xpc3250!XPC_WN_GetterSetter(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x09613620, unsigned int argc = 1, long * argv = 0x07e10594, long * vp = 0x0012b290)+0x1a8 js3250!js_Invoke(struct JSContext * cx = 0x07ffa328, unsigned int argc = 1, long * vp = 0x07e1058c, unsigned int flags = 2)+0x87a js3250!js_InternalInvoke(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x09613620, long fval = 162595200, unsigned int flags = 0, unsigned int argc = 1, long * argv = 0x0012c2c4, long * rval = 0x0012c2c4)+0x6d js3250!js_InternalGetOrSet(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x09613620, long id = 73804292, long fval = 162595200, JSAccessMode mode = JSACC_WRITE (8), unsigned int argc = 1, long * argv = 0x0012c2c4, long * rval = 0x0012c2c4)+0x1df js3250!js_NativeSet(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x09613620, struct JSScopeProperty * sprop = 0x08eefdd8, long * vp = 0x0012c2c4)+0x1a6 js3250!js_SetPropertyHelper(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x09613620, long id = 73804292, long * vp = 0x0012c2c4, struct JSPropCacheEntry ** entryp = 0x0012c09c)+0xa4d js3250!js_Interpret(struct JSContext * cx = 0x07ffa328)+0xc542 js3250!js_Invoke(struct JSContext * cx = 0x07ffa328, unsigned int argc = 1, long * vp = 0x07e104d4, unsigned int flags = 0)+0x8f7 js3250!js_InternalInvoke(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x066b14a0, long fval = 108146688, unsigned int flags = 0, unsigned int argc = 1, long * argv = 0x07e104d0, long * rval = 0x0012c4bc)+0x6d js3250!JS_CallFunctionValue(struct JSContext * cx = 0x07ffa328, struct JSObject * obj = 0x066b14a0, long fval = 108146688, unsigned int argc = 1, long * argv = 0x07e104d0, long * rval = 0x0012c4bc)+0x5d gklayout!nsJSContext::CallEventHandler(class nsISupports * aTarget = 0x0a2d2a40, void * aScope = 0x066b14a0, void * aHandler = 0x06723000, class nsIArray * aargv = 0x0a8ed498, class nsIVariant ** arv = 0x0012c688)+0x2ec gklayout!nsJSEventListener::HandleEvent gklayout!nsEventListenerManager::HandleEventSubType gklayout!nsEventListenerManager::HandleEvent gklayout!nsEventTargetChainItem::HandleEvent gklayout!nsEventTargetChainItem::HandleEventTargetChain gklayout!nsEventDispatcher::Dispatch gklayout!DocumentViewerImpl::LoadComplete docshell!nsDocShell::EndPageLoad docshell!nsWebShell::EndPageLoad docshell!nsDocShell::OnStateChange docshell!nsDocLoader::FireOnStateChange docshell!nsDocLoader::doStopDocumentLoad docshell!nsDocLoader::DocLoaderIsEmpty docshell!nsDocLoader::OnStopRequest necko!nsLoadGroup::RemoveRequest imglib2!imgRequestProxy::RemoveFromLoadGroup imglib2!imgRequestProxy::OnStopRequest imglib2!imgRequest::OnStopRequest imglib2!ProxyListener::OnStopRequest jar50!nsJARChannel::OnStopRequest necko!nsInputStreamPump::OnStateStop necko!nsInputStreamPump::OnInputStreamReady xpcom_core!nsInputStreamReadyEvent::Run xpcom_core!nsThread::ProcessNextEvent xpcom_core!NS_ProcessNextEvent_P xpcom_core!nsThread::Shutdown xpcom_core!NS_InvokeByIndex_P xpcom_core!nsProxyObjectCallInfo::Run xpcom_core!nsThread::ProcessNextEvent xpcom_core!NS_ProcessNextEvent_P appshell!nsXULWindow::ShowModal appshell!nsContentTreeOwner::ShowAsModal embedcomponents!nsWindowWatcher::OpenWindowJSInternal embedcomponents!nsWindowWatcher::OpenWindowJS gklayout!nsGlobalWindow::OpenInternal gklayout!nsGlobalWindow::OpenDialog xpcom_core!NS_InvokeByIndex_P xpc3250!XPCWrappedNative::CallMethod xpc3250!XPC_WN_CallMethod(struct JSContext * cx = 0x039e6138, struct JSObject * obj = 0x04393340, unsigned int argc = 5, long * argv = 0x039f8974, long * vp = 0x0012e120)+0x181 js3250!js_Invoke(struct JSContext * cx = 0x039e6138, unsigned int argc = 5, long * vp = 0x039f896c, unsigned int flags = 2)+0x87a js3250!js_Interpret(struct JSContext * cx = 0x039e6138)+0xe2b2 js3250!js_Invoke(struct JSContext * cx = 0x039e6138, unsigned int argc = 1, long * vp = 0x039f88c4, unsigned int flags = 0)+0x8f7 js3250!js_InternalInvoke(struct JSContext * cx = 0x039e6138, struct JSObject * obj = 0x06e80080, long fval = 119485856, unsigned int flags = 0, unsigned int argc = 1, long * argv = 0x039f88c0, long * rval = 0x0012f1f0)+0x6d js3250!JS_CallFunctionValue(struct JSContext * cx = 0x039e6138, struct JSObject * obj = 0x06e80080, long fval = 119485856, unsigned int argc = 1, long * argv = 0x039f88c0, long * rval = 0x0012f1f0)+0x5d gklayout!nsJSContext::CallEventHandler gklayout!nsJSEventListener::HandleEvent
Requesting blocking based on this being a duplicate of 469924
Flags: blocking1.9.1?
Whiteboard: [firebug p1]
Blocks: 453978
Whiteboard: [firebug p1] → [firebug-p1]
This issue (originally filed as 469924) is blocking me from deploying an extension for Firebug which presents network, DOM and JavaScript activity in a time co-related manner. (Screenshot of the extension is attached.) The extension will be useful to developers trying to analyze 3rd party websites and for debugging AJAX applications. Currently, I'm making this work by restricting it to a single browsing tab (so we don't need to read the scope chain) With such a restriction, I cannot release it to a broader audience.
Bring this to your kind attention ;-)
Flags: wanted1.9.1?
that extension looks like it would be a great way to track events and a user's interaction with a webpage. Any way we can bump this into the queue?
Recommend we block on this as the add-on would be a great help to web developers who rely on Firefox and Firebug for building their sites.
Flags: blocking1.9.1? → blocking1.9.1+
P2.
Priority: -- → P2
Assignee: general → igor
With the latest TM tip I am having the asserts with the example even without pressing the Start Test button with Linux 64-bit build of Firefox: Program received signal SIGTRAP, Trace/breakpoint trap. JS_Assert (s=0xf7ebea31 "fp->scopeChain", file=0xf7ebe51c "/scratch/igor/m/tm/js/src/jsinterp.cpp", ln=682) at /scratch/igor/m/tm/js/src/jsutil.cpp:68 (gdb) fr 1 #1 0xf7db1c13 in js_GetScopeChain (cx=0x81147b0, fp=0xfffa445c) at /scratch/igor/m/tm/js/src/jsinterp.cpp:682 (gdb) bt #0 JS_Assert (s=0xf7ebea31 "fp->scopeChain", file=0xf7ebe51c "/scratch/igor/m/tm/js/src/jsinterp.cpp", ln=682) at /scratch/igor/m/tm/js/src/jsutil.cpp:68 #1 0xf7db1c13 in js_GetScopeChain (cx=0x81147b0, fp=0xfffa445c) at /scratch/igor/m/tm/js/src/jsinterp.cpp:682 #2 0xf7d3a124 in JS_GetScopeChain (cx=0x81147b0) at /scratch/igor/m/tm/js/src/jsapi.cpp:1801 #3 0xf614646d in XPC_WN_JSOp_ThisObject (cx=0x81147b0, obj=0x84a4e40) at /scratch/igor/m/tm/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1325 #4 0xf7db129e in js_ComputeGlobalThis (cx=0x81147b0, lazy=1, argv=0x965ace8) at /scratch/igor/m/tm/js/src/jsinterp.cpp:884 #5 0xf7db1457 in js_ComputeThis (cx=0x81147b0, lazy=1, argv=0x965ace8) at /scratch/igor/m/tm/js/src/jsinterp.cpp:921 #6 0xf7d5dcaa in JS_GetFrameThis (cx=0x81147b0, fp=0xfffa445c) at /scratch/igor/m/tm/js/src/jsdbgapi.cpp:1135 #7 0xf623c514 in jsd_NewThreadState (jsdc=0x9019000, cx=0x81147b0) at /scratch/igor/m/tm/js/jsd/jsd_stak.c:133 #8 0xf6239430 in jsd_CallCallHook (jsdc=0x9019000, cx=0x81147b0, type=2, hook=0xf62491d6 <jsds_CallHookProc>, hookData=0x0) at /scratch/igor/m/tm/js/jsd/jsd_hook\ .c:215 #9 0xf623d8c2 in _callHook (jsdc=0x9019000, cx=0x81147b0, fp=0xfffa445c, before=1, type=2, hook=0xf62491d6 <jsds_CallHookProc>, hookData=0x0) at /scratch/igor/m/\ tm/js/jsd/jsd_step.c:252 #10 0xf623d9d9 in jsd_FunctionCallHook (cx=0x81147b0, fp=0xfffa445c, before=1, ok=0x0, closure=0x9019000) at /scratch/igor/m/tm/js/jsd/jsd_step.c:285 #11 0xf7db336d in js_Invoke (cx=0x81147b0, argc=3, vp=0x965ace0, flags=0) at /scratch/igor/m/tm/js/src/jsinterp.cpp:1320 #12 0xf7d4ccad in array_extra (cx=0x81147b0, mode=FOREACH, argc=3, vp=0x965acc0) at /scratch/igor/m/tm/js/src/jsarray.cpp:3038 #13 0xf7d4cf2d in array_forEach (cx=0x81147b0, argc=1, vp=0x965acc0) at /scratch/igor/m/tm/js/src/jsarray.cpp:3094 #14 0xf7da11a2 in js_Interpret (cx=0x81147b0) at /scratch/igor/m/tm/js/src/jsinterp.cpp:5022 #15 0xf7db34c4 in js_Invoke (cx=0x81147b0, argc=1, vp=0x9657f08, flags=0) at /scratch/igor/m/tm/js/src/jsinterp.cpp:1364 #16 0xf7d7fca4 in js_fun_call (cx=0x81147b0, argc=1, vp=0x9657ed0) at /scratch/igor/m/tm/js/src/jsfun.cpp:1654 #17 0xf7da11a2 in js_Interpret (cx=0x81147b0) at /scratch/igor/m/tm/js/src/jsinterp.cpp:5022 #18 0xf7db34c4 in js_Invoke (cx=0x81147b0, argc=3, vp=0x90d5848, flags=0) at /scratch/igor/m/tm/js/src/jsinterp.cpp:1364 #19 0xf61320bb in nsXPCWrappedJSClass::CallMethod (this=0x8301738, wrapper=0x96c6880, methodIndex=3, info=0x81d2cf8, nativeParams=0xfffa5794) at /scratch/igor/m/t\ m/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1608 #20 0xf6128d87 in nsXPCWrappedJS::CallMethod (this=0x96c6880, methodIndex=3, info=0x81d2cf8, params=0xfffa5794) at /scratch/igor/m/tm/js/src/xpconnect/src/xpcwrap\ pedjs.cpp:561 #21 0xf794f9cd in PrepareAndDispatch (methodIndex=3, self=0x9024d10, args=0xfffa5854) at /scratch/igor/m/tm/xpcom/reflect/xptcall/src/md/unix/xptcstubs_gcc_x86_un\ ix.cpp:95 #22 0xf79395f4 in nsTimerImpl::Fire (this=0x8f9ac00) at /scratch/igor/m/tm/xpcom/threads/nsTimerImpl.cpp:436 #23 0xf79397dd in nsTimerEvent::Run (this=0xf258e4c8) at /scratch/igor/m/tm/xpcom/threads/nsTimerImpl.cpp:520 #24 0xf7932e73 in nsThread::ProcessNextEvent (this=0x80aac50, mayWait=1, result=0xfffa5970) at /scratch/igor/m/tm/xpcom/threads/nsThread.cpp:510 #25 0xf78be1f9 in NS_ProcessNextEvent_P (thread=0x80aac50, mayWait=1) at nsThreadUtils.cpp:230 #26 0xf4942cca in nsBaseAppShell::Run (this=0x8523ed0) at /scratch/igor/m/tm/widget/src/xpwidgets/nsBaseAppShell.cpp:170 #27 0xf6401cc1 in nsAppStartup::Run (this=0x858f5e0) at /scratch/igor/m/tm/toolkit/components/startup/src/nsAppStartup.cpp:192 #28 0xf7f15f4b in XRE_main (argc=1, argv=0xfffa6024, aAppData=0x804c980) at /scratch/igor/m/tm/toolkit/xre/nsAppRunner.cpp:3220 #29 0x08048e82 in main (argc=2, argv=0xfffa6024) at /scratch/igor/m/tm/browser/app/nsBrowserApp.cpp:156
Possibly related: bug 485055
A reason for this bug is that js_Invoke calls the call hook before it sets up the scopeChain for the frame. When the hook calls JS_GetScopeChain, it hits that null and dies. Compare that with the JSOP_CALL case in the interpreter - there the call hook is invoked after the frame is fully initialized.
(In reply to comment #11) > A reason for this bug is that js_Invoke calls the call hook before it sets up > the scopeChain for the frame. When the hook calls JS_GetScopeChain, it hits > that null and dies. Compare that with the JSOP_CALL case in the interpreter - > there the call hook is invoked after the frame is fully initialized. which is clearly correct! /be
Attached patch v1 (obsolete) — Splinter Review
The patch calls the callHook after the frame is fully initialized. With it the test extension works. But I need to do more testing to be sure.
Attached patch v2 (obsolete) — Splinter Review
The new version has better comments and assumes in JS_Invoke to simplify code that an interpreted function always has a non-null script, the same assumption that interpreter's JSOP_CALL makes.
Attachment #369791 - Attachment is obsolete: true
Attachment #369807 - Flags: review?(brendan)
Comment on attachment 369807 [details] [diff] [review] v2 >+ * Try converting to function, for closure and API compatibility if >+ * there is a call op defined. Need a FIXME citing a new bug on file for this bad old code. Or use the bug 408416. > if (FUN_INTERPRETED(fun)) { > native = NULL; > script = fun->u.i.script; >+ JS_ASSERT(script); Usually don't assert non-null but I can live with this. Note native is null. > } else { > native = fun->u.n.native; >+ if (!native) { >+ /* FIXME - is this possible? */ File this FIXME if it's worth fixing. Would JS_NOT_REACHED here be appropriate to, to help catch this "impossible" condition among debug-build dogfooders? >+ *vp = (flags & JSINVOKE_CONSTRUCT) ? vp[1] : JSVAL_VOID; >+ ok = JS_TRUE; >+ goto out2; >+ } > script = NULL; Here native is guaranteed non-null, script null. >- /* Call the function, either a native method or an interpreted script. */ > if (native) { . . . >+ } else { > /* Use parent scope so js_GetCallObject can find the right "Call". */ >+ JS_ASSERT(script); No need to assert non-null again, unless I missed an update of the script local variable in between. r=me with fixes. /be
Attachment #369807 - Flags: review?(brendan) → review+
Attached patch v2Splinter Review
The new patch adds missing bug number with FIXME comments and removes too-paranoiac assert.
Attachment #369807 - Attachment is obsolete: true
Attachment #369995 - Flags: review+
I nominate the bug for 1.9.0 as the same bug exists on 1.9.0 branch and would affect debugger extensions developed for it.
Flags: wanted1.9.1? → wanted1.9.0.x?
landed to TM - http://hg.mozilla.org/tracemonkey/rev/59b93895357d
Whiteboard: [firebug-p1] → [firebug-p1] fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/59b93895357d
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Attachment #369995 - Flags: approval1.9.0.13?
Blocks: 506567
Flags: wanted1.9.0.x?
Flags: wanted1.9.0.x+
Flags: blocking1.9.0.14+
Comment on attachment 369995 [details] [diff] [review] v2 Is this the appropriate patch for the 1.9.0 branch? Code-freeze for 1.9.0.14 is August 11.
Attachment #369995 - Flags: approval1.9.0.14? → approval1.9.0.14+
Comment on attachment 369995 [details] [diff] [review] v2 Approved for 1.9.0.14, a=dveditz for release-drivers
No longer blocks: 506567
I'm going to check this in now. I've looked it over and I *think* I resolved the conflicts correctly but I'd feel better if Igor stamped it.
Attachment #394216 - Flags: review?(igor)
Checking in js/src/jsinterp.c; /cvsroot/mozilla/js/src/jsinterp.c,v <-- jsinterp.c new revision: 3.508; previous revision: 3.507 done
Keywords: fixed1.9.0.14
I will stamp this later today or tomorrow. I need to remind myself about the problem.
Attachment #394216 - Flags: review?(igor) → review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: