Closed
Bug 650618
Opened 13 years ago
Closed 13 years ago
Crash [@ js_ErrorToException] or "Assertion failure: obj->isGlobal()," or "Assertion failure: isGlobal(),"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla8
People
(Reporter: gkw, Assigned: luke)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [js-triage-done][inbound])
Crash Data
Attachments
(2 files)
4.12 KB,
text/plain
|
Details | |
2.48 KB,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
print(evalcx("#1=@o")) asserts js debug shell on TM changeset 242947d76f73 without -m nor -j at Assertion failure: obj->isGlobal(),
Reporter | ||
Comment 1•13 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 67971:f2dca3c21175 user: Luke Wagner date: Fri Apr 08 10:52:48 2011 -0700 summary: Bug 602994 - Preparatory syntactic cleanup (r=waldo)
Blocks: 602994
Assignee | ||
Comment 2•13 years ago
|
||
Pre-existing bug (or not?) caught by new assertions. The class of the object-with-null-parent-but-not-global is js_AttributeNameClass. Hey, Waldo is already cc'd!
No longer blocks: 602994
Assignee | ||
Comment 3•13 years ago
|
||
Which follows from the fact that NewXMLAttributeName passes NULL as parent. Looks like other XML things too. Can we just give these suckers JS_GetGlobalForScopeChain as parent or do XML things really want NULL parents?
Reporter | ||
Comment 4•13 years ago
|
||
This now asserts at: Assertion failure: isGlobal(),
Summary: "Assertion failure: obj->isGlobal()," → "Assertion failure: obj->isGlobal()," or "Assertion failure: isGlobal(),"
Comment 5•13 years ago
|
||
I'd expect we can give them regular parents like everything else.
Reporter | ||
Comment 6•13 years ago
|
||
Comment 0 also crashes js opt shell without any CLI arguments at js_ErrorToException on TM changeset f59568ec0513
Crash Signature: [@ js_ErrorToException]
Summary: "Assertion failure: obj->isGlobal()," or "Assertion failure: isGlobal()," → Crash [@ js_ErrorToException] or "Assertion failure: obj->isGlobal()," or "Assertion failure: isGlobal(),"
Updated•13 years ago
|
Whiteboard: js-triage-needed
Assignee | ||
Comment 7•13 years ago
|
||
Oops, let this drop.
Assignee | ||
Updated•13 years ago
|
Whiteboard: js-triage-needed → js-triage-done
Comment 8•13 years ago
|
||
Comment on attachment 545404 [details] [diff] [review] give xml objects a parent Review of attachment 545404 [details] [diff] [review]: ----------------------------------------------------------------- It's facially possible for GetGlobalForScopeChain to return null, so add null-checks to the calls you're adding, just in case it's possible that might be hit. (It doesn't seem productive to actually check whether that possibility is real, just for E4X.)
Attachment #545404 -
Flags: review?(jwalden+bmo) → review+
Assignee | ||
Comment 9•13 years ago
|
||
I don't think that its actually possible for GetGlobalForScopeChain to return NULL at these sites since, even if cx->globalObject is left NULL, entering a compartment (which must be done to be executing any of this code) will push a dummy frame which provides the scope chain.
Comment 10•13 years ago
|
||
I took the liberty of backing out this patch from inbound <http://hg.mozilla.org/integration/mozilla-inbound/rev/66fd359c514e> because I seriously question if we're going to remove the DOM Worker support for at least a while!
Assignee | ||
Comment 11•13 years ago
|
||
In my defense, it all looked fine before the pull rebase :/
Comment 12•13 years ago
|
||
(In reply to comment #11) > In my defense, it all looked fine before the pull rebase :/ Yeah, hg rebase still has some bugs, I guess. Also, you should reland your patch. :-)
Assignee | ||
Comment 13•13 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/777a3c916936
Whiteboard: js-triage-done → [js-triage-done][inbound]
Comment 14•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/777a3c916936
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
You need to log in
before you can comment on or make changes to this bug.
Description
•