Last Comment Bug 677587 - [jsdbg2] Assertion failure: debuggees.has(global), at vm/Debugger.cpp:1564
: [jsdbg2] Assertion failure: debuggees.has(global), at vm/Debugger.cpp:1564
: assertion, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Other Branch
: x86_64 Linux
: -- critical (vote)
: ---
Assigned To: Jason Orendorff [:jorendorff]
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: langfuzz
  Show dependency treegraph
Reported: 2011-08-09 10:18 PDT by Christian Holler (:decoder)
Modified: 2013-02-07 05:16 PST (History)
5 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

v1 (2.45 KB, patch)
2011-08-09 12:07 PDT, Jason Orendorff [:jorendorff]
jimb: review+
Details | Diff | Splinter Review

Description Christian Holler (:decoder) 2011-08-09 10:18:14 PDT
The following code asserts on jsdbg2 branch (revision f189dd6316eb, options -j -m -a -d):

var g = newGlobal('new-compartment');
g.eval("var a = {};");
var dbg = new Debugger;
var gw = dbg.addDebuggee(g);
var desc = gw.getOwnPropertyDescriptor("a");
gw.defineProperty("b", desc);
Debugger(g.a, g.b);

The original (unminimized) version did instead crash at:

#0  0x000000000046f47c in js::detail::HashTableEntry<js::GlobalObject* const>::isFree (this=0x7e8506ab0)

If you think the two issues are unrelated, let me know so I can re-minimize the original test and force a segmentation fault instead of this assert.
Comment 1 Jason Orendorff [:jorendorff] 2011-08-09 12:07:36 PDT
Created attachment 551843 [details] [diff] [review]
Comment 2 Jim Blandy :jimb 2011-08-09 14:12:11 PDT
Comment on attachment 551843 [details] [diff] [review]

Review of attachment 551843 [details] [diff] [review]:

::: js/src/jit-test/tests/debug/Debugger-ctor-05.js
@@ +1,1 @@
> +// Redundant non-repeated Debugger() arguments are ignored.

What does "Redundant non-repeated" mean? And how does it apply to the test case, which does repeat an argument?
Comment 3 Jim Blandy :jimb 2011-08-09 14:14:49 PDT
Comment on attachment 551843 [details] [diff] [review]

Review of attachment 551843 [details] [diff] [review]:

::: js/src/vm/Debugger.cpp
@@ -1466,5 @@
>      /* Add the initial debuggees, if any. */
>      for (Value *p = argv; p != argvEnd; p++) {
>          GlobalObject *debuggee = p->toObject().getProxyPrivate().toObject().getGlobal();
> -        if (!dbg->addDebuggeeGlobal(cx, debuggee))

It might be nice to just put the check in addDebuggeeGlobal itself, since you're doing the 'has' check every place you're calling addDebuggeeGlobal.
Comment 4 Jason Orendorff [:jorendorff] 2011-08-09 14:26:07 PDT
Yep, that's true. Thanks!
Comment 5 Christian Holler (:decoder) 2013-02-07 05:16:31 PST
Automatically extracted testcase for this bug was committed:

Note You need to log in before you can comment on or make changes to this bug.