Closed Bug 662841 Opened 14 years ago Closed 14 years ago

TI: "Assertion failure: script->code <= pc && pc < endpc,"

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: assertion, regression, testcase)

Attachments

(1 file)

stack
5.13 KB, text/plain
Details
Attached file stack
var e = newGlobal("new-compartment"); for (let w in [0, 0, 0, 0, 0, 0, 0, 0]) { -e; } asserts js debug shell on JM changeset a53db4f2d235 with -j at Assertion failure: script->code <= pc && pc < endpc,
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 71039:afe33041f481 user: Brian Hackett date: Tue Jun 07 17:44:07 2011 -0700 summary: [INFER] Make sure to get the topmost scripted frame's pc in ContextStack::currentScript, bug 662562.
Blocks: 662562
Keywords: regression
OS: Linux → All
Hardware: x86 → All
The problem is that using currentScript in js_InferFlags made a very subtle change to the semantics, where we called Detecting when the topmost frame is a dummy frame (for a cross compartment wrapper), breaking the assert being tripped here (as cx->fp() does not correspond to the script being tested). I'd like to fix this by making stack.currentScript and stack.currentScriptedScopeChain return NULL if the topmost scripted frame is in another compartment. I don't think there's any sane way we could behave by trying to use a frame or script from another compartment. It would also be nice to do this for js_GetScriptedCaller, but this is used by the debug API and I have no idea what behavior is expected here. Luke, thoughts?
Return NULL for currentScript() if the topmost scripted frame is in a different compartment from cx->compartment. Doesn't change js_GetScriptedCaller's behavior, though this function isn't called much now that currentScript and currentScriptedScopeChain exist. currentScriptedScopeChain is already guaranteed to return an object from cx->compartment. http://hg.mozilla.org/projects/jaegermonkey/rev/279a046a56cd
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/bug662841.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: