Closed
Bug 744731
Opened 13 years ago
Closed 13 years ago
[jsdbg2] Assertion failure: !script->getGlobalObjectOrNull(), at js/src/vm/Debugger.cpp:2121
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: decoder, Assigned: jorendorff)
Details
(Keywords: assertion, testcase, Whiteboard: [jsbugmon:])
The following code asserts on mozilla-central revision 3fa30b0edd15 (options -n -m -a):
var g = newGlobal('new-compartment');
var dbg = Debugger(g);
dbg.onDebuggerStatement = function (frame) {
for (var f = frame; f; f = f.older) {
if (f.type === "call" && f.script !== null)
(assertEq(dbg.findScripts().length, 0));
assertEq(frame.eval("x();"), null);
}
};
g.eval("function z() { debugger; }");
g.eval("function y() { z(); }");
g.eval("function x() { y(); }");
assertEq(g.eval("debugger; 'ok';"), "ok");
|
Assignee | |
Comment 1•13 years ago
|
||
Doesn't reproduce. Maybe fixed? Bisecting.
Assignee: general → jorendorff
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [jsbugmon:update,bisect]
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update,bisect,bisectfix]
|
|
Assignee | |
Comment 2•13 years ago
|
||
Unless it's just sporadic, we have:
The first good revision is:
changeset: 95772:b863ef9946b8
user: Luke Wagner <luke@mozilla.com>
date: Thu Feb 23 13:59:10 2012 -0800
summary: Bug 659577 - Don't alias stack variables (r=bhackett)
The relevant change was in Debugger.cpp:
>@@ -3370,6 +3376,7 @@ js::EvaluateInEnv
> if (!script)
> return false;
>
>+ script->isActiveEval = true;
> return ExecuteKernel(cx, script, *env, fp->thisValue(), EXECUTE_DEBUG, fp, rval);
> }
In other words, Debugger.Frame.eval() and Debugger.Object.evalInGlobal() scripts are now marked as eval scripts.
I'm not sure why luke changed this, but it definitely fixed this specific bug.
Minimized test case:
var g = newGlobal('new-compartment');
var dbg = Debugger(g);
dbg.onDebuggerStatement = function (frame) {
dbg.onDebuggerStatement = function (frame) {
dbg.findScripts();
};
frame.eval("debugger;");
};
g.eval("debugger;");
I'll check in the passing test and close the bug.
|
|
Assignee | |
Comment 3•13 years ago
|
||
(In reply to Jason Orendorff [:jorendorff] from comment #2)
> Unless it's just sporadic, we have:
Oops stray line; I should've revised it out when I realized the bug isn't sporadic and everything totally makes sense.
|
|
Assignee | |
Comment 4•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Comment 5•13 years ago
|
||
Fix is known, updating JSBugMon, in lieu of tests landing, marking in-testsuite+ and VERIFIED.
Status: RESOLVED → VERIFIED
Flags: in-testsuite+
Whiteboard: [jsbugmon:update,bisect,bisectfix] → [jsbugmon:]
|
|
Assignee | |
Comment 6•13 years ago
|
||
"in lieu of" means "instead of".
"in light of" something means taking it into consideration.
|
|
||
Comment 7•13 years ago
|
||
(In reply to Jason Orendorff [:jorendorff] from comment #6)
> "in lieu of" means "instead of".
>
> "in light of" something means taking it into consideration.
Oops, I definitely meant the latter, I guess.
|
||
Comment 8•13 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•