Closed Bug 654734 Opened 9 years ago Closed 8 years ago

TrampolineCompiler::generateForceReturn should emit a call to ScriptDebugEpilogue

Categories

(Core :: JavaScript Engine, defect)

Other Branch
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: jorendorff, Unassigned)

Details

Attachments

(1 file)

The comment says:

/*
 * This is shamelessly copied from emitReturn, but with several changes:
 * - There was always at least one inline call.
 * - We don't know if there is a call object, so we always check.
 * - We don't know where we came from, so we don't know frame depth or PC.
 * - There is no stub buffer.
 */

emitReturn emits a call to stubs::ScriptDebugEpilogue in debug mode.

The trampoline generated by generateForceReturn can only be called in debug mode, so it should unconditionally emit a call to ScriptDebugEpilogue.

This patch applies on top of
  http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2
revision 37b0503c5603.

Please take a look. I have no reason to believe this patch is safe. In particular I'm casting to void* without knowing anything about the types and calling conventions. (Also, ScriptDebugEpilogue can execute arbitrary JS code, due to debugging hooks; but if emitReturn does it I think it's probably safe to do it here too.)
Attachment #530035 - Flags: review?(dvander)
Attachment #530035 - Flags: review?(dvander) → review+
Yeah, this is safe, the calling convention for fallible vm calls is fastcall (VMFrame &), the return value can be anything and there can be one additional parameter. The VMFrame is passed implicitly.
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
http://hg.mozilla.org/mozilla-central/rev/5fd40e7a5faf
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.