Closed
Bug 593147
Opened 15 years ago
Closed 15 years ago
TM: global Object created in _newJSDContext needs a compartment
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gwagner, Assigned: jorendorff)
References
Details
Attachments
(1 file)
|
9.86 KB,
patch
|
gal
:
review+
|
Details | Diff | Splinter Review |
Found during mochitest
stack:
0x00000001018ec86c in JS_Assert (s=0x101d1e018 "cx->compartment != cx->runtime->defaultCompartment", file=0x101d1d9b0 "/Users/idefix2/moz/ws1/js/src/jsapi.cpp", ln=2889) at /Users/idefix2/moz/ws1/js/src/jsutil.cpp:80
80 *((int *) NULL) = 0; /* To continue from here in GDB: "return" then "continue". */
(gdb) bt
#0 0x00000001018ec86c in JS_Assert (s=0x101d1e018 "cx->compartment != cx->runtime->defaultCompartment", file=0x101d1d9b0 "/Users/idefix2/moz/ws1/js/src/jsapi.cpp", ln=2889) at /Users/idefix2/moz/ws1/js/src/jsutil.cpp:80
#1 0x000000010178560f in JS_NewGlobalObject (cx=0x11b848a30, clasp=0x10288d860) at /Users/idefix2/moz/ws1/js/src/jsapi.cpp:2889
#2 0x0000000101147fdd in _newJSDContext (jsrt=0x106034a00, callbacks=0x0, user=0x0) at /Users/idefix2/moz/ws1/js/jsd/jsd_high.c:140
#3 0x00000001011482a3 in jsd_DebuggerOnForUser (jsrt=0x106034a00, callbacks=0x0, user=0x0) at /Users/idefix2/moz/ws1/js/jsd/jsd_high.c:202
#4 0x0000000101145a11 in JSD_DebuggerOnForUser (jsrt=0x106034a00, callbacks=0x0, user=0x0) at /Users/idefix2/moz/ws1/js/jsd/jsdebug.c:52
#5 0x0000000101153e93 in jsdService::OnForRuntime (this=0x1220c3df0, rt=0x106034a00) at /Users/idefix2/moz/ws1/js/jsd/jsd_xpc.cpp:2424
#6 0x00000001011541cc in jsdService::On (this=0x1220c3df0) at /Users/idefix2/moz/ws1/js/jsd/jsd_xpc.cpp:2408
#7 0x00000001015cca9d in NS_InvokeByIndex_P (that=0x1220c3df0, methodIndex=28, paramCount=0, params=0x7fff5fbfadc0) at /Users/idefix2/moz/ws1/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208
#8 0x0000000100e80025 in CallMethodHelper::Invoke (this=0x7fff5fbfad80) at /Users/idefix2/moz/ws1/js/src/xpconnect/src/xpcwrappednative.cpp:3081
#9 0x0000000100e829f9 in CallMethodHelper::Call (this=0x7fff5fbfad80) at /Users/idefix2/moz/ws1/js/src/xpconnect/src/xpcwrappednative.cpp:2348
#10 0x0000000100e7c4ba in XPCWrappedNative::CallMethod (ccx=@0x7fff5fbfb010, mode=XPCWrappedNative::CALL_METHOD) at /Users/idefix2/moz/ws1/js/src/xpconnect/src/xpcwrappednative.cpp:2312
#11 0x0000000100e87be5 in XPC_WN_CallMethod (cx=0x1235a4fd0, argc=0, vp=0x118606238) at /Users/idefix2/moz/ws1/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1751
#12 0x00000001019c7dde in js::mjit::stubs::SlowCall (f=@0x7fff5fbfb1c0, argc=0) at /Users/idefix2/moz/ws1/js/src/methodjit/InvokeHelpers.cpp:407
#13 0x000000011b9b33ab in ?? ()
#14 0x000000010197bab1 in EnterMethodJIT (cx=0x1235a4fd0, fp=0x118606128, code=0x11b9a7000, safePoint=0x0) at /Users/idefix2/moz/ws1/js/src/methodjit/MethodJIT.cpp:762
#15 0x000000010197bc66 in js::mjit::JaegerShot (cx=0x1235a4fd0) at /Users/idefix2/moz/ws1/js/src/methodjit/MethodJIT.cpp:788
#16 0x0000000101833e50 in js::RunScript (cx=0x1235a4fd0, script=0x123cf3400, fun=0x12664e428, scopeChain=0x11ee4d8c0) at jsinterp.cpp:465
#17 0x000000010183514e in js::Invoke (cx=0x1235a4fd0, argsRef=@0x7fff5fbfb4f0, flags=0) at jsinterp.cpp:614
#18 0x00000001017efffa in js_fun_apply (cx=0x1235a4fd0, argc=2, vp=0x1186060f0) at /Users/idefix2/moz/ws1/js/src/jsfun.cpp:2385
#19 0x00000001019c7dde in js::mjit::stubs::SlowCall (f=@0x7fff5fbfb640, argc=2) at /Users/idefix2/moz/ws1/js/src/methodjit/InvokeHelpers.cpp:407
#20 0x000000011b06a7c3 in ?? ()
#21 0x000000010197bab1 in EnterMethodJIT (cx=0x1235a4fd0, fp=0x118606050, code=0x11b0699b0, safePoint=0x0) at /Users/idefix2/moz/ws1/js/src/methodjit/MethodJIT.cpp:762
#22 0x000000010197bc66 in js::mjit::JaegerShot (cx=0x1235a4fd0) at /Users/idefix2/moz/ws1/js/src/methodjit/MethodJIT.cpp:788
#23 0x0000000101833e50 in js::RunScript (cx=0x1235a4fd0, script=0x11ed3c880, fun=0x126633c78, scopeChain=0x11ee4d8c0) at jsinterp.cpp:465
#24 0x000000010183514e in js::Invoke (cx=0x1235a4fd0, argsRef=@0x7fff5fbfb970, flags=0) at jsinterp.cpp:614
#25 0x00000001018357b2 in js::ExternalInvoke (cx=0x1235a4fd0, thisv=@0x7fff5fbfba00, fval=@0x7fff5fbfba38, argc=1, argv=0x123d03020, rval=0x7fff5fbfbb90) at jsinterp.cpp:644
#26 0x00000001017823fb in js::ExternalInvoke (cx=0x1235a4fd0, obj=0x11ee4d8c0, fval=@0x7fff5fbfba38, argc=1, argv=0x123d03020, rval=0x7fff5fbfbb90) at jsinterp.h:700
#27 0x0000000101782536 in JS_CallFunctionValue (cx=0x1235a4fd0, obj=0x11ee4d8c0, fval={asBits = 18445477441253825152, debugView = {payload47 = 4939471488, tag = JSVAL_TAG_OBJECT}, s = {payload = {i32 = 644504192, u32 = 644504192, why = 644504192}}, asDouble = -nan(0xb8001266a5a80)}, argc=1, argv=0x123d03020, rval=0x7fff5fbfbb90) at /Users/idefix2/moz/ws1/js/src/jsapi.cpp:4807
#28 0x0000000100919dec in nsJSContext::CallEventHandler (this=0x1235a4f60, aTarget=0x124f565d8, aScope=0x11ee4d8c0, aHandler=0x1266a5a80, aargv=0x121fbb3a0, arv=0x7fff5fbfbde0) at /Users/idefix2/moz/ws1/dom/base/nsJSEnvironment.cpp:2260
#29 0x00000001009a2891 in nsJSEventListener::HandleEvent (this=0x122424720, aEvent=0x11b859950) at /Users/idefix2/moz/ws1/dom/src/events/nsJSEventListener.cpp:228
#30 0x00000001007089a0 in nsEventListenerManager::HandleEventSubType (this=0x11f1d9150, aListenerStruct=0x11b86f130, aListener=0x122424720, aDOMEvent=0x11b859950, aCurrentTarget=0x124f565f8, aPhaseFlags=6, aPusher=0x7fff5fbfc480) at /Users/idefix2/moz/ws1/content/events/src/nsEventListenerManager.cpp:1112
#31 0x0000000100708e18 in nsEventListenerManager::HandleEventInternal (this=0x11f1d9150, aPresContext=0x124f56190, aEvent=0x7fff5fbfc570, aDOMEvent=0x7fff5fbfc460, aCurrentTarget=0x124f565f8, aFlags=6, aEventStatus=0x7fff5fbfc468, aPusher=0x7fff5fbfc480) at /Users/idefix2/moz/ws1/content/events/src/nsEventListenerManager.cpp:1208
#32 0x00000001007380d7 in nsEventListenerManager::HandleEvent (this=0x11f1d9150, aPresContext=0x124f56190, aEvent=0x7fff5fbfc570, aDOMEvent=0x7fff5fbfc460, aCurrentTarget=0x124f565f8, aFlags=6, aEventStatus=0x7fff5fbfc468, aPusher=0x7fff5fbfc480) at nsEventListenerManager.h:146
#33 0x0000000100738282 in nsEventTargetChainItem::HandleEvent (this=0x106200750, aVisitor=@0x7fff5fbfc450, aFlags=6, aMayHaveNewListenerManagers=0, aPusher=0x7fff5fbfc480) at /Users/idefix2/moz/ws1/content/events/src/nsEventDispatcher.cpp:212
#34 0x0000000100736693 in nsEventTargetChainItem::HandleEventTargetChain (this=0x1062007c0, aVisitor=@0x7fff5fbfc450, aFlags=6, aCallback=0x0, aMayHaveNewListenerManagers=0, aPusher=0x7fff5fbfc480) at /Users/idefix2/moz/ws1/content/events/src/nsEventDispatcher.cpp:341
#35 0x000000010073732a in nsEventDispatcher::Dispatch (aTarget=0x1235a4cc0, aPresContext=0x124f56190, aEvent=0x7fff5fbfc570, aDOMEvent=0x0, aEventStatus=0x7fff5fbfc5e4, aCallback=0x0, aTargets=0x0) at /Users/idefix2/moz/ws1/content/events/src/nsEventDispatcher.cpp:628
#36 0x00000001003099af in DocumentViewerImpl::LoadComplete (this=0x124f140f0, aStatus=0) at /Users/idefix2/moz/ws1/layout/base/nsDocumentViewer.cpp:1033
#37 0x0000000100f6edd5 in nsDocShell::EndPageLoad (this=0x1235a4410, aProgress=0x1235a4438, aChannel=0x124f548d0, aStatus=0) at /Users/idefix2/moz/ws1/docshell/base/nsDocShell.cpp:5964
#38 0x0000000100f75832 in nsDocShell::OnStateChange (this=0x1235a4410, aProgress=0x1235a4438, aRequest=0x124f548d0, aStateFlags=131088, aStatus=0) at /Users/idefix2/moz/ws1/docshell/base/nsDocShell.cpp:5824
#39 0x0000000100f9807a in nsDocLoader::FireOnStateChange (this=0x1235a4410, aProgress=0x1235a4438, aRequest=0x124f548d0, aStateFlags=131088, aStatus=0) at /Users/idefix2/moz/ws1/uriloader/base/nsDocLoader.cpp:1334
#40 0x0000000100f98702 in nsDocLoader::doStopDocumentLoad (this=0x1235a4410, request=0x124f548d0, aStatus=0) at /Users/idefix2/moz/ws1/uriloader/base/nsDocLoader.cpp:942
#41 0x0000000100f98a70 in nsDocLoader::DocLoaderIsEmpty (this=0x1235a4410, aFlushLayout=1) at /Users/idefix2/moz/ws1/uriloader/base/nsDocLoader.cpp:818
#42 0x0000000100f99cf2 in nsDocLoader::OnStopRequest (this=0x1235a4410, aRequest=0x11b88a240, aCtxt=0x0, aStatus=0) at /Users/idefix2/moz/ws1/uriloader/base/nsDocLoader.cpp:702
#43 0x0000000100093af3 in nsLoadGroup::RemoveRequest (this=0x1235a4790, request=0x11b88a240, ctxt=0x0, aStatus=0) at /Users/idefix2/moz/ws1/netwerk/base/src/nsLoadGroup.cpp:680
#44 0x0000000100623c7f in nsDocument::DoUnblockOnload (this=0x123bbd800) at /Users/idefix2/moz/ws1/content/base/src/nsDocument.cpp:7188
#45 0x0000000100623daa in nsDocument::UnblockOnload (this=0x123bbd800, aFireSync=1) at /Users/idefix2/moz/ws1/content/base/src/nsDocument.cpp:7130
#46 0x00000001006130f9 in nsDocument::DispatchContentLoadedEvents (this=0x123bbd800) at /Users/idefix2/moz/ws1/content/base/src/nsDocument.cpp:4106
#47 0x000000010062a6d9 in nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run (this=0x106d45a60) at nsThreadUtils.h:347
#48 0x00000001015b192e in nsThread::ProcessNextEvent (this=0x1056237d0, mayWait=0, result=0x7fff5fbfd284) at /Users/idefix2/moz/ws1/xpcom/threads/nsThread.cpp:547
#49 0x000000010153a7d1 in NS_ProcessPendingEvents_P (thread=0x1056237d0, timeout=20) at nsThreadUtils.cpp:200
#50 0x0000000101317a24 in nsBaseAppShell::NativeEventCallback (this=0x105643320) at /Users/idefix2/moz/ws1/widget/src/xpwidgets/nsBaseAppShell.cpp:126
#51 0x00000001012cf21a in nsAppShell::ProcessGeckoEvents (aInfo=0x105643320) at /Users/idefix2/moz/ws1/widget/src/cocoa/nsAppShell.mm:394
#52 0x00007fff866d2e91 in __CFRunLoopDoSources0 ()
#53 0x00007fff866d1089 in __CFRunLoopRun ()
#54 0x00007fff866d084f in CFRunLoopRunSpecific ()
#55 0x00007fff84c7f91a in RunCurrentEventLoopInMode ()
#56 0x00007fff84c7f67d in ReceiveNextEventCommon ()
#57 0x00007fff84c7f5d8 in BlockUntilNextEventMatchingListInMode ()
#58 0x00007fff877da29e in _DPSNextEvent ()
#59 0x00007fff877d9bed in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#60 0x00007fff8779f8d3 in -[NSApplication run] ()
#61 0x00000001012ceb38 in nsAppShell::Run (this=0x105643320) at /Users/idefix2/moz/ws1/widget/src/cocoa/nsAppShell.mm:747
#62 0x000000010103fc58 in nsAppStartup::Run (this=0x1068549f0) at /Users/idefix2/moz/ws1/toolkit/components/startup/src/nsAppStartup.cpp:191
#63 0x000000010003224a in XRE_main (argc=6, argv=0x7fff5fbfeff0, aAppData=0x105615e40) at /Users/idefix2/moz/ws1/toolkit/xre/nsAppRunner.cpp:3665
#64 0x0000000100001297 in main (argc=6, argv=0x7fff5fbfeff0) at /Users/idefix2/moz/ws1/browser/app/nsBrowserApp.cpp:158
|
||
Comment 1•15 years ago
|
||
This is great that we get this far. We should give jsd it's own compartment. Jorendorff jimb any comments on this?
|
Assignee | |
Updated•15 years ago
|
Assignee: general → jorendorff
|
|
||
Comment 2•15 years ago
|
||
Could you comment in one sentence what you want to do here? (just curious)
|
|
Assignee | |
Comment 3•15 years ago
|
||
Attachment #475131 -
Flags: review?(timeless)
|
|
||
Comment 4•15 years ago
|
||
Comment on attachment 475131 [details] [diff] [review]
v1
Stealing. This is mostly compartment related, hopefully timeless won't mind.
Attachment #475131 -
Flags: review?(timeless) → review+
|
|
Assignee | |
Comment 5•15 years ago
|
||
Basically this patch changes jsd_DebuggerOnForUser to take a fourth argument that simply controls which compartment the debugger uses for its own stuff.
If an application isn't using any of the compartments APIs at all, it can just keep doing whatever it's doing, and everything will continue to go in the default compartment.
For an application like Gecko that does use compartments, the only caveat is that you can't use JSD_DebuggerOnForUser, because it still isn't compartment-aware with this patch. Instead you can call debuggerService.on(),
which passes the caller's compartment through to jsd_DebuggerOnForUser.
I had to make some changes to jsapi.h since jsd_high.c needs to switch compartments from C. These are not great APIs for random code to be calling, so I made them FRIEND instead of PUBLIC.
|
||
Comment 6•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•