Note: There are a few cases of duplicates in user autocompletion which are being worked on.

[jsdbg2] Assertion failure: debuggees.has(global), at vm/Debugger.cpp:1564

RESOLVED FIXED

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: decoder, Assigned: jorendorff)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Other Branch
x86_64
Linux
assertion, testcase
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
The following code asserts on jsdbg2 branch (revision f189dd6316eb, options -j -m -a -d):


var g = newGlobal('new-compartment');
g.eval("var a = {};");
var dbg = new Debugger;
var gw = dbg.addDebuggee(g);
var desc = gw.getOwnPropertyDescriptor("a");
gw.defineProperty("b", desc);
Debugger(g.a, g.b);


The original (unminimized) version did instead crash at:

#0  0x000000000046f47c in js::detail::HashTableEntry<js::GlobalObject* const>::isFree (this=0x7e8506ab0)

If you think the two issues are unrelated, let me know so I can re-minimize the original test and force a segmentation fault instead of this assert.
(Assignee)

Comment 1

6 years ago
Created attachment 551843 [details] [diff] [review]
v1
Attachment #551843 - Flags: review?(jimb)
(Assignee)

Updated

6 years ago
Assignee: general → jorendorff

Comment 2

6 years ago
Comment on attachment 551843 [details] [diff] [review]
v1

Review of attachment 551843 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit-test/tests/debug/Debugger-ctor-05.js
@@ +1,1 @@
> +// Redundant non-repeated Debugger() arguments are ignored.

What does "Redundant non-repeated" mean? And how does it apply to the test case, which does repeat an argument?
Attachment #551843 - Flags: review?(jimb) → review+

Comment 3

6 years ago
Comment on attachment 551843 [details] [diff] [review]
v1

Review of attachment 551843 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/vm/Debugger.cpp
@@ -1466,5 @@
>  
>      /* Add the initial debuggees, if any. */
>      for (Value *p = argv; p != argvEnd; p++) {
>          GlobalObject *debuggee = p->toObject().getProxyPrivate().toObject().getGlobal();
> -        if (!dbg->addDebuggeeGlobal(cx, debuggee))

It might be nice to just put the check in addDebuggeeGlobal itself, since you're doing the 'has' check every place you're calling addDebuggeeGlobal.
(Assignee)

Comment 4

6 years ago
Yep, that's true. Thanks!

http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2/rev/bc955352f821
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Reporter)

Comment 5

5 years ago
Automatically extracted testcase for this bug was committed:

https://hg.mozilla.org/mozilla-central/rev/2e891e0db397
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.