Closed Bug 700070 Opened 14 years ago Closed 14 years ago

Debugger: onExceptionUnwind resumption values can cause assertions

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla11

People

(Reporter: jimb, Assigned: jimb)

References

Details

(Whiteboard: [inbound])

Attachments

(1 file)

Have stubs::AnyFrameEpilogue call the full ScriptEpilogue before StackFrame::functionEpilogue, not just ScriptDebugEpilogue after functionEpilogue.
3.72 KB, patch
jorendorff
: review+
Details | Diff | Splinter Review
The debugger tests don't try returning all four kinds of resumption values from an onExceptionUnwind handler, and under JaegerMonkey, forcing a constructor to return a primitive can cause an assertion: Assertion failure: !args.rval().isPrimitive(), at /home/jimb/moz/dbg/js/src/jsinterp.cpp:651 This patch changes AnyFrameEpilogue to match what the interpreter and mjit::Compiler::emitReturn does, and adds test cases for all the resumption values.
Attachment #572241 - Flags: review?(jorendorff)
Blocks: 687683
Comment on attachment 572241 [details] [diff] [review] Have stubs::AnyFrameEpilogue call the full ScriptEpilogue before StackFrame::functionEpilogue, not just ScriptDebugEpilogue after functionEpilogue. Does rearranging the order of ScriptEpilogue and functionEpilogue matter? It could if there's a JSD1 debugging hook that gets called from ScriptEpilogue, but I don't think it really matters. Either order is fine. r=me.
Attachment #572241 - Flags: review?(jorendorff) → review+
(In reply to Jason Orendorff [:jorendorff] from comment #1) > Does rearranging the order of ScriptEpilogue and functionEpilogue matter? It > could if there's a JSD1 debugging hook that gets called from ScriptEpilogue, > but I don't think it really matters. Either order is fine. I think it doesn't matter, because all functionEpilogue does is 'put' the call object or arguments object. Those objects have to work properly both before and after that call. If anyone can access the actual stack slots they used to alias, then I guess one could see that they're not aliased any more. But can they?
https://hg.mozilla.org/integration/mozilla-inbound/rev/4ecf595875a5
Status: NEW → ASSIGNED
Whiteboard: [inbound]
When pushing to inbound, please can you set the assignee & target milestone (https://wiki.mozilla.org/Tree_Rules/Inbound#Please_do_the_following_after_pushing_to_inbound), thanks :-) https://hg.mozilla.org/mozilla-central/rev/4ecf595875a5
Assignee: general → jimb
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
(In reply to Ed Morley [:edmorley] from comment #4) > When pushing to inbound, please can you set the assignee & target milestone > (https://wiki.mozilla.org/Tree_Rules/ > Inbound#Please_do_the_following_after_pushing_to_inbound), thanks :-) > > https://hg.mozilla.org/mozilla-central/rev/4ecf595875a5 Thanks; I'll do this in the future.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: