Closed Bug 654734 Opened 9 years ago Closed 8 years ago

TrampolineCompiler::generateForceReturn should emit a call to ScriptDebugEpilogue


(Core :: JavaScript Engine, defect)

Other Branch
Not set





(Reporter: jorendorff, Unassigned)



(1 file)

The comment says:

 * This is shamelessly copied from emitReturn, but with several changes:
 * - There was always at least one inline call.
 * - We don't know if there is a call object, so we always check.
 * - We don't know where we came from, so we don't know frame depth or PC.
 * - There is no stub buffer.

emitReturn emits a call to stubs::ScriptDebugEpilogue in debug mode.

The trampoline generated by generateForceReturn can only be called in debug mode, so it should unconditionally emit a call to ScriptDebugEpilogue.

This patch applies on top of
revision 37b0503c5603.

Please take a look. I have no reason to believe this patch is safe. In particular I'm casting to void* without knowing anything about the types and calling conventions. (Also, ScriptDebugEpilogue can execute arbitrary JS code, due to debugging hooks; but if emitReturn does it I think it's probably safe to do it here too.)
Attachment #530035 - Flags: review?(dvander)
Attachment #530035 - Flags: review?(dvander) → review+
Yeah, this is safe, the calling convention for fallible vm calls is fastcall (VMFrame &), the return value can be anything and there can be one additional parameter. The VMFrame is passed implicitly.
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.