Closed
Bug 1114757
Opened 9 years ago
Closed 9 years ago
Roll up and backport fuzz bugs caused by bug 1032869
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla36
Tracking | Status | |
---|---|---|
firefox35 | --- | unaffected |
firefox36 | --- | fixed |
firefox37 | --- | unaffected |
People
(Reporter: shu, Assigned: shu)
References
Details
Attachments
(1 file, 1 obsolete file)
72.05 KB,
patch
|
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Landing bug 1032869 caused a lot of fuzz bugs. I'm going to backport them all at once by rolling them into one patch. The bugs affected are: - bug 1113710 - bug 1111477 - bug 1109964 - bug 1111300 - bug 1107937 - bug 1111199 - bug 1109915 - bug 1109375 - bug 1109328 - bug 1108145 - bug 1107525 - bug 1108159 - bug 1107913 - bug 1106719 - bug 1106164
Assignee | ||
Updated•9 years ago
|
Assignee | ||
Comment 1•9 years ago
|
||
* * * Bug 1106164 - Fix incorrect use of SnapshotIterator in the in-place From 1ddf74d05c245f4645ab4921671b775e6bf788fe Mon Sep 17 00:00:00 2001 debug mode Ion exception bailout. (r=jandem) * * * Bug 1106719 - Don't call onExceptionUnwind and onPop debugger hooks From b2dc1329b121f44e4d49807283a7aceb45fa9cc9 Mon Sep 17 00:00:00 2001 on OOM. (r=jimb) * * * Bug 1107913 - Fix yet another corner case for onExceptionUnwind debug From c41522f1f6cc0bab5fe4d85f9f16076300c988ad Mon Sep 17 00:00:00 2001 mode OSR. (r=jandem) * * * Bug 1108159 - Fix debuggers sweeping logic for off-thread "debuggee" From 7412acaf8cc0559223255ff21889488295875e75 Mon Sep 17 00:00:00 2001 compartments. (r=jimb) * * * Bug 1107525 - Fix corner case of in-place debug mode bailout and SPS From 9729dce1ba6f98766ffbfc0780a512fd25f4c812 Mon Sep 17 00:00:00 2001 pseudo frame popping. (r=jandem) * * * Bug 1108145 - Fix debug mode in-place Ion->Baseline bailout at loop From 1ff4bb035407450ae95661999b207de0c24b0019 Mon Sep 17 00:00:00 2001 heads. (r=jandem) * * * Bug 1109328 - Fix an OOM case when compiling debug instrumentation in From 1e53f1996c6e15bb630b5f0385fbf77c79e3f215 Mon Sep 17 00:00:00 2001 Baseline. (r=jandem) * * * Bug 1109375 - Make ICGetProp_Generic clonable for debug mode OSR. From aaa249d09fb2624cd95a2f705fa6dff1b6cf6e0a Mon Sep 17 00:00:00 2001 (r=jandem) * * * Bug 1109915 - Forward live debug scopes when bailing out with a From 00b4fb573825e55ae91e133b2f147af5a5220097 Mon Sep 17 00:00:00 2001 RematerializedFrame. (r=luke) * * * Bug 1111199 - Use pcForNativeAddress instead of pcForReturnAddress From 4c99f79150da57f5612a65bf190b4e7b38174d87 Mon Sep 17 00:00:00 2001 when doing debug mode OSR during exception handling. (r=jandem) * * * Bug 1107937 - Part 1: Move RematerializedFrames from From 2d820bf5c4c8a60301a9dddfd5fb83036a5ee8c0 Mon Sep 17 00:00:00 2001 ThreadSafeContext back to JSContext and remove the PJS use case. (r=me) * * * Bug 1107937 - Part 2: Correctly rematerialize CallObjects on From 3d5a8bbff4c80b781bbf605f73243f6ed34eb7b5 Mon Sep 17 00:00:00 2001 heavyweight function frames. (r=jandem) * * * Bug 1107937 - Followup: bring RematerializedFrame::hasCallObj From a9607199268ab5ab08f5b5b21f1afb619b87d64f Mon Sep 17 00:00:00 2001 implementation in line with Interpreter and BaselineFrame's. (r=jandem) * * * Bug 1111300 - Fix stupid bug miscomputing the number of actual args From 0b2ab272bbfb2b56f3ae75c6be2b7aa9a1b1c85c Mon Sep 17 00:00:00 2001 in RematerializedFrames. (r=efaust) * * * Bug 1109964 - Recover missing arguments in DebugScopeProxy when the From 4b43078ae46c827ff1edc7b9fe55a592d42795af Mon Sep 17 00:00:00 2001 optimized arguments comes from a non-'arguments' slot. (r=luke) * * * Bug 1111477 - Always initialize scope chain for bailout to baseline From fc744d5f78a0925b33f7c48c8d90a6699c3e2b69 Mon Sep 17 00:00:00 2001 if bailing in-place for debug mode. (r=jandem) * * * Bug 1113710 - Don't try to ensure Debugger visibility of From e6bbfcc8288fd2076bbe998c054043c7a0941405 Mon Sep 17 00:00:00 2001 about-to-be-finalized scripts. (r=terrence)
Assignee | ||
Comment 2•9 years ago
|
||
Approval Request Comment [Feature/regressing bug #]: bug 1032869 [User impact if declined]: crashes when using the builtin Debugger [Describe test coverage new/current, TBPL]: on mozilla-central [Risks and why]: low risk; no changes, just bugfixes [String/UUID change made/needed]: none
Assignee: nobody → shu
Attachment #8540356 -
Attachment is obsolete: true
Attachment #8540363 -
Flags: approval-mozilla-aurora?
Updated•9 years ago
|
Attachment #8540363 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 3•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/2f714060ef55
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox35:
--- → unaffected
status-firefox36:
--- → fixed
status-firefox37:
--- → unaffected
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in
before you can comment on or make changes to this bug.
Description
•