Last Comment Bug 650618 - Crash [@ js_ErrorToException] or "Assertion failure: obj->isGlobal()," or "Assertion failure: isGlobal(),"
: Crash [@ js_ErrorToException] or "Assertion failure: obj->isGlobal()," or "As...
: assertion, regression, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Linux
: -- critical (vote)
: mozilla8
Assigned To: Luke Wagner [:luke]
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: jsfunfuzz
  Show dependency treegraph
Reported: 2011-04-17 02:21 PDT by Gary Kwong [:gkw] [:nth10sd]
Modified: 2013-02-05 15:29 PST (History)
10 users (show)
choller: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

stack (4.12 KB, text/plain)
2011-04-17 02:21 PDT, Gary Kwong [:gkw] [:nth10sd]
no flags Details
give xml objects a parent (2.48 KB, patch)
2011-07-12 10:17 PDT, Luke Wagner [:luke]
jwalden+bmo: review+
Details | Diff | Splinter Review

Description Gary Kwong [:gkw] [:nth10sd] 2011-04-17 02:21:09 PDT
Created attachment 526573 [details]


asserts js debug shell on TM changeset 242947d76f73 without -m nor -j at Assertion failure: obj->isGlobal(),
Comment 1 Gary Kwong [:gkw] [:nth10sd] 2011-04-17 02:22:48 PDT
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   67971:f2dca3c21175
user:        Luke Wagner
date:        Fri Apr 08 10:52:48 2011 -0700
summary:     Bug 602994 - Preparatory syntactic cleanup (r=waldo)
Comment 2 Luke Wagner [:luke] 2011-04-18 10:17:55 PDT
Pre-existing bug (or not?) caught by new assertions.  The class of the object-with-null-parent-but-not-global is js_AttributeNameClass.  Hey, Waldo is already cc'd!
Comment 3 Luke Wagner [:luke] 2011-04-18 10:21:25 PDT
Which follows from the fact that NewXMLAttributeName passes NULL as parent.  Looks like other XML things too.  Can we just give these suckers JS_GetGlobalForScopeChain as parent or do XML things really want NULL parents?
Comment 4 Gary Kwong [:gkw] [:nth10sd] 2011-04-27 09:32:14 PDT
This now asserts at:

Assertion failure: isGlobal(),
Comment 5 Jeff Walden [:Waldo] (remove +bmo to email) 2011-04-27 16:51:19 PDT
I'd expect we can give them regular parents like everything else.
Comment 6 Gary Kwong [:gkw] [:nth10sd] 2011-07-02 21:21:23 PDT
Comment 0 also crashes js opt shell without any CLI arguments at js_ErrorToException on TM changeset f59568ec0513
Comment 7 Luke Wagner [:luke] 2011-07-12 10:17:12 PDT
Created attachment 545404 [details] [diff] [review]
give xml objects a parent

Oops, let this drop.
Comment 8 Jeff Walden [:Waldo] (remove +bmo to email) 2011-07-13 16:57:10 PDT
Comment on attachment 545404 [details] [diff] [review]
give xml objects a parent

Review of attachment 545404 [details] [diff] [review]:

It's facially possible for GetGlobalForScopeChain to return null, so add null-checks to the calls you're adding, just in case it's possible that might be hit.  (It doesn't seem productive to actually check whether that possibility is real, just for E4X.)
Comment 9 Luke Wagner [:luke] 2011-07-14 11:03:52 PDT
I don't think that its actually possible for GetGlobalForScopeChain to return NULL at these sites since, even if cx->globalObject is left NULL, entering a compartment (which must be done to be executing any of this code) will push a dummy frame which provides the scope chain.
Comment 10 :Ehsan Akhgari 2011-07-15 14:21:48 PDT
I took the liberty of backing out this patch from inbound <> because I seriously question if we're going to remove the DOM Worker support for at least a while!
Comment 11 Luke Wagner [:luke] 2011-07-15 17:37:51 PDT
In my defense, it all looked fine before the pull rebase :/
Comment 12 :Ehsan Akhgari 2011-07-18 11:30:53 PDT
(In reply to comment #11)
> In my defense, it all looked fine before the pull rebase :/

Yeah, hg rebase still has some bugs, I guess.  Also, you should reland your patch.  :-)
Comment 14 Marco Bonardo [::mak] 2011-07-19 08:07:43 PDT
Comment 15 Christian Holler (:decoder) 2013-02-05 15:29:47 PST
E4X has been removed, not adding this test.

Note You need to log in before you can comment on or make changes to this bug.