Closed
Bug 654734
Opened 13 years ago
Closed 13 years ago
TrampolineCompiler::generateForceReturn should emit a call to ScriptDebugEpilogue
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jorendorff, Unassigned)
Details
Attachments
(1 file)
|
2.05 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
The comment says: /* * This is shamelessly copied from emitReturn, but with several changes: * - There was always at least one inline call. * - We don't know if there is a call object, so we always check. * - We don't know where we came from, so we don't know frame depth or PC. * - There is no stub buffer. */ emitReturn emits a call to stubs::ScriptDebugEpilogue in debug mode. The trampoline generated by generateForceReturn can only be called in debug mode, so it should unconditionally emit a call to ScriptDebugEpilogue. This patch applies on top of http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2 revision 37b0503c5603. Please take a look. I have no reason to believe this patch is safe. In particular I'm casting to void* without knowing anything about the types and calling conventions. (Also, ScriptDebugEpilogue can execute arbitrary JS code, due to debugging hooks; but if emitReturn does it I think it's probably safe to do it here too.)
Attachment #530035 -
Flags: review?(dvander)
|
||
Updated•13 years ago
|
Attachment #530035 -
Flags: review?(dvander) → review+
Yeah, this is safe, the calling convention for fallible vm calls is fastcall (VMFrame &), the return value can be anything and there can be one additional parameter. The VMFrame is passed implicitly.
|
Assignee | |
Updated•13 years ago
|
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
|
Reporter | |
Comment 2•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/5fd40e7a5faf
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•