Closed Bug 967039 Opened 6 years ago Closed 6 years ago

Bogus assert in DebugLeaveBlock

Categories

(Core :: JavaScript Engine: JIT, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla30

People

(Reporter: jandem, Assigned: jandem)

Details

Attachments

(1 file)

Testcase below asserts with --baseline-eager:

Assertion failure: cx->compartment()->debugMode(), at jit/VMFunctions.cpp:927

The problem is that debug mode can be turned off with (baseline) scripts on the stack.

var g1 = newGlobal();
var dbg = Debugger(g1);
g1.dbg = dbg;
g1.eval("function foo() { dbg.removeDebuggee(this); }");
g1.eval("function f() { try { throw 3; } catch(e) { foo(); } }\n");
g1.f();
Attached patch PatchSplinter Review
Instead of asserting debug mode is enabled, assert the script was compiled in debug mode.
Attachment #8369511 - Flags: review?(wingo)
Comment on attachment 8369511 [details] [diff] [review]
Patch

Review of attachment 8369511 [details] [diff] [review]:
-----------------------------------------------------------------

Nice catch.  I didn't understand the way all of the debugging features interacted.  Would this be the case if one script is being debugged but other things are left as they are?
Attachment #8369511 - Flags: review?(wingo) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/8e3bdddc812e

(In reply to Andy Wingo [:wingo] from comment #2)
> Would this be the case if one script is being debugged but
> other things are left as they are?

It's possible to turn off debug mode with scripts on the stack. Any Baseline scripts on the stack at that point are not destroyed, so will still have the DebugLeaveBlock VM call. (FWIW it's not possible to turn *on* debug mode with scripts on the stack atm, but we want that too, bug 716647.)
https://hg.mozilla.org/mozilla-central/rev/8e3bdddc812e
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.