Last Comment Bug 485055 - JS_GetScopeChain() fails
: JS_GetScopeChain() fails
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: 1.9.1 Branch
: x86 Windows XP
: -- normal (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
  Show dependency treegraph
Reported: 2009-03-24 14:18 PDT by John J. Barton
Modified: 2012-04-06 02:19 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description John J. Barton 2009-03-24 14:18:48 PDT
This is from Firebug 
Issue 1603:  	 script panel not updating properly in debugger

What is actually happening is that a Firebug call to array.sort() is triggering a jsd FunctionCall hook. The hook calls JS_GetScopeChain() which fails, causing a error message which is incorrect.

The correct error message would be "JSContext has no scope chain!".
Comment 1 John J. Barton 2009-03-24 14:20:09 PDT
The out of memory error message is bogus, the actual error message is this one from line 1330 in xpcwrappednativejsops.cpp, XPC_WN_JSOp_ThisObject:

    JSObject *scope = JS_GetScopeChain(cx);
>>>>    XPCThrower::Throw(NS_ERROR_FAILURE, cx);
        return nsnull;
Comment 2 John J. Barton 2009-03-24 14:20:34 PDT
Here is the call stack

 	jsd3250.dll!jsds_ErrorHookProc(JSDContext * jsdc=0x01948f20, JSContext * cx=0x0335a3f0, const char * message=0x00545090, JSErrorReport * report=0x0012d100, void * callerdata=0x00000000)  Line 583	C++
 	jsd3250.dll!jsd_DebugErrorHook(JSContext * cx=0x0335a3f0, const char * message=0x00545090, JSErrorReport * report=0x0012d100, void * closure=0x01948f20)  Line 354 + 0x17 bytes	C
 	js3250.dll!js_ReportOutOfMemory(JSContext * cx=0x0335a3f0)  Line 1047 + 0x22 bytes	C++
 	js3250.dll!JS_ReportOutOfMemory(JSContext * cx=0x0335a3f0)  Line 5802 + 0x9 bytes	C++
 	xpc3250.dll!XPCThrower::BuildAndThrowException(JSContext * cx=0x0335a3f0, unsigned int rv=2147500037, const char * sz=0x014ff040)  Line 260 + 0xa bytes	C++
 	xpc3250.dll!XPCThrower::Throw(unsigned int rv=2147500037, JSContext * cx=0x0335a3f0)  Line 57 + 0x11 bytes	C++
>	xpc3250.dll!XPC_WN_JSOp_ThisObject(JSContext * cx=0x0335a3f0, JSObject * obj=0x03cf2a80)  Line 1330 + 0xe bytes	C++
 	js3250.dll!js_ComputeGlobalThis(JSContext * cx=0x0335a3f0, int lazy=1, int * argv=0x0a86343c)  Line 836 + 0x23 bytes	C++
 	js3250.dll!js_ComputeThis(JSContext * cx=0x0335a3f0, int lazy=1, int * argv=0x0a86343c)  Line 873 + 0x11 bytes	C++
 	js3250.dll!JS_GetFrameThis(JSContext * cx=0x0335a3f0, JSStackFrame * fp=0x0012d364)  Line 1136 + 0x12 bytes	C++
 	jsd3250.dll!jsd_NewThreadState(JSDContext * jsdc=0x01948f20, JSContext * cx=0x0335a3f0, JSStackFrame * caller=0x00000000)  Line 144 + 0xe bytes	C
 	jsd3250.dll!jsd_CallCallHook(JSDContext * jsdc=0x01948f20, JSContext * cx=0x0335a3f0, unsigned int type=2, int (JSDContext *, JSDThreadState *, unsigned int, void *)* hook=0x01b62350, void * hookData=0x00000000)  Line 215 + 0x15 bytes	C
 	jsd3250.dll!_callHook(JSDContext * jsdc=0x01948f20, JSContext * cx=0x0335a3f0, JSStackFrame * fp=0x0012d364, int before=1, unsigned int type=2, int (JSDContext *, JSDThreadState *, unsigned int, void *)* hook=0x01b62350, void * hookData=0x00000000)  Line 253 + 0x19 bytes	C
 	jsd3250.dll!jsd_FunctionCallHook(JSContext * cx=0x0335a3f0, JSStackFrame * fp=0x0012d364, int before=1, int * ok=0x00000000, void * closure=0x01948f20)  Line 287 + 0x28 bytes	C
 	js3250.dll!js_Invoke(JSContext * cx=0x0335a3f0, unsigned int argc=2, int * vp=0x0a863434, unsigned int flags=0)  Line 1287 + 0x1f bytes	C++
 	js3250.dll!sort_compare(void * arg=0x0012d4ec, const void * a=0x0bafd6a8, const void * b=0x0bafd6ac, int * result=0x0012d478)  Line 1835 + 0x11 bytes	C++
 	js3250.dll!js_MergeSort(void * src=0x0bafd6a8, unsigned int nel=3, unsigned int elsize=4, int (void *, const void *, const void *, int *)* cmp=0x00435660, void * arg=0x0012d4ec, void * tmp=0x0bafd6b4)  Line 1754 + 0x13 bytes	C++
 	js3250.dll!array_sort(JSContext * cx=0x0335a3f0, unsigned int argc=1, int * vp=0x0a863418)  Line 2097 + 0x1c bytes	C++
 	js3250.dll!js_Interpret(JSContext * cx=0x0335a3f0)  Line 5007 + 0x17 bytes	C++
Comment 3 John J. Barton 2009-03-24 14:21:48 PDT
Maybe related to bug 469492
Comment 4 John J. Barton 2009-03-24 14:24:39 PDT
I may be able to work around this bug.  I assume that the call hook here is Firebug's single step hook which should not be in place at this point. Removing the hook depends upon detecting that the step-into is no longer meaningful.
Comment 5 John J. Barton 2009-03-24 14:55:08 PDT
The out of memory message comes because ThrowExceptionObject also calls getScopeChain() which fails again. The return from ThrowExceptionObject is not success and the caller says "most likely out of memory".
Comment 6 John J. Barton 2009-03-24 15:30:04 PDT
Unfortunately the function call hook is hitting in firebug's net.js:

functionHook TYPE_FUNCTION_CALL stepMode = STEP_INTO hookFrameCount=2 stepFrameCount=1 chrome://firebug/content/net.js

So I think what is happening is that the (invisible) top-level function of the compilation unit is returning, but that does not trigger TYPE_FUNCTION_RETURN which would normally unhook the debugger. Its possible that TYPE_TOPLEVEL_END is triggered, but we avoid using that because we know it crashes Firefox (or so goes the lore).
Comment 7 John J. Barton 2009-03-24 17:30:09 PDT
The TYPE_TOPLEVEL_END is not sent from jsd.

Nevertheless I fixed this problem for Firebug, in a way that makes sense for Firebug.  This is still a bug but it won't stop us from shipping Firebug 1.4.
Comment 8 John J. Barton 2009-04-21 11:37:04 PDT
Looks like Bug 489378 -  Stack overflow in XPCThrower crashes Firebug FBTest
Comment 9 Rob Campbell [:rc] (:robcee) 2009-10-27 11:44:53 PDT
linked bug (Issue 1603) is marked fixed. Can we close this?.
Comment 10 John J. Barton 2009-10-27 13:57:40 PDT
(In reply to comment #9)
> linked bug (Issue 1603) is marked fixed. Can we close this?.

I worked around this bug to close issue 1603, so no.
Comment 11 Luke Wagner [:luke] 2012-04-06 02:19:11 PDT
JS_GetScopeChain has been removed.

Note You need to log in before you can comment on or make changes to this bug.