Closed
Bug 744731
Opened 11 years ago
Closed 10 years ago
[jsdbg2] Assertion failure: !script->getGlobalObjectOrNull(), at js/src/vm/Debugger.cpp:2121
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: decoder, Assigned: jorendorff)
Details
(Keywords: assertion, testcase, Whiteboard: [jsbugmon:])
The following code asserts on mozilla-central revision 3fa30b0edd15 (options -n -m -a):
var g = newGlobal('new-compartment');
var dbg = Debugger(g);
dbg.onDebuggerStatement = function (frame) {
for (var f = frame; f; f = f.older) {
if (f.type === "call" && f.script !== null)
(assertEq(dbg.findScripts().length, 0));
assertEq(frame.eval("x();"), null);
}
};
g.eval("function z() { debugger; }");
g.eval("function y() { z(); }");
g.eval("function x() { y(); }");
assertEq(g.eval("debugger; 'ok';"), "ok");
|
Assignee | |
Comment 1•10 years ago
|
||
Doesn't reproduce. Maybe fixed? Bisecting.
Assignee: general → jorendorff
|
Reporter | |
Updated•10 years ago
|
Whiteboard: [jsbugmon:update,bisect]
|
|
Reporter | |
Updated•10 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update,bisect,bisectfix]
|
|
Assignee | |
Comment 2•10 years ago
|
||
Unless it's just sporadic, we have: The first good revision is: changeset: 95772:b863ef9946b8 user: Luke Wagner <luke@mozilla.com> date: Thu Feb 23 13:59:10 2012 -0800 summary: Bug 659577 - Don't alias stack variables (r=bhackett) The relevant change was in Debugger.cpp: >@@ -3370,6 +3376,7 @@ js::EvaluateInEnv > if (!script) > return false; > >+ script->isActiveEval = true; > return ExecuteKernel(cx, script, *env, fp->thisValue(), EXECUTE_DEBUG, fp, rval); > } In other words, Debugger.Frame.eval() and Debugger.Object.evalInGlobal() scripts are now marked as eval scripts. I'm not sure why luke changed this, but it definitely fixed this specific bug. Minimized test case: var g = newGlobal('new-compartment'); var dbg = Debugger(g); dbg.onDebuggerStatement = function (frame) { dbg.onDebuggerStatement = function (frame) { dbg.findScripts(); }; frame.eval("debugger;"); }; g.eval("debugger;"); I'll check in the passing test and close the bug.
|
|
Assignee | |
Comment 3•10 years ago
|
||
(In reply to Jason Orendorff [:jorendorff] from comment #2) > Unless it's just sporadic, we have: Oops stray line; I should've revised it out when I realized the bug isn't sporadic and everything totally makes sense.
|
|
Assignee | |
Comment 4•10 years ago
|
||
Pushed tests. http://hg.mozilla.org/integration/mozilla-inbound/rev/2cf3cca4171e
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 5•10 years ago
|
||
Fix is known, updating JSBugMon, in lieu of tests landing, marking in-testsuite+ and VERIFIED.
Status: RESOLVED → VERIFIED
Flags: in-testsuite+
Whiteboard: [jsbugmon:update,bisect,bisectfix] → [jsbugmon:]
|
|
Assignee | |
Comment 6•10 years ago
|
||
"in lieu of" means "instead of". "in light of" something means taking it into consideration.
|
|
||
Comment 7•10 years ago
|
||
(In reply to Jason Orendorff [:jorendorff] from comment #6) > "in lieu of" means "instead of". > > "in light of" something means taking it into consideration. Oops, I definitely meant the latter, I guess.
|
||
Comment 8•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2cf3cca4171e
You need to log in
before you can comment on or make changes to this bug.
Description
•