Bug 744730 - jsdbg2: Fix assertion when processing onPop hook for a frame which the Debugger has forced to return. r=jimb.

--HG-- extra : rebase_source : 880176173a76c611c8347fe958c682e155d43f53
2024-09-13 09:24:08 -07:00 · 2012-12-03 17:15:16 -06:00 · 2012-12-03 17:15:16 -06:00 · cdfd5d49e5
commit cdfd5d49e5
parent e1d78648ac
2 changed files with 21 additions and 4 deletions
--- a/js/src/jit-test/tests/debug/Frame-onPop-after-debugger-return.js
+++ b/js/src/jit-test/tests/debug/Frame-onPop-after-debugger-return.js
@ -0,0 +1,11 @@
+// Bug 744730.
+
+var g = newGlobal('new-compartment');
+var dbg = Debugger(g);
+dbg.onDebuggerStatement = function (f) { return {return: 1234}; };
+var hit = false;
+dbg.onEnterFrame = function (f) {
+    f.onPop = function () { hit = true};
+};
+g.eval("debugger;");
+assertEq(hit, true);
--- a/js/src/methodjit/BaseAssembler.h
+++ b/js/src/methodjit/BaseAssembler.h
@ -721,14 +721,16 @@ static const JSC::MacroAssembler::RegisterID JSParamReg_Argc  = JSC::MIPSRegiste
                              DataLabelPtr *pinlined, int32_t frameDepth) {
        setupInfallibleVMFrame(frameDepth);

-        /* regs->fp = fp */
+        // regs->fp = fp
        storePtr(JSFrameReg, FrameAddress(VMFrame::offsetOfFp));

-        /* PC -> regs->pc :( */
+        // PC -> regs->pc :(  Note: If pc is null, we are emitting a trampoline,
+        // so regs->pc is already correct.
+        if (pc)
            storePtr(ImmPtr(pc), FrameAddress(VMFrame::offsetOfRegsPc()));

        if (inlining) {
-            /* inlined -> regs->inlined :( */
+            // inlined -> regs->inlined :(
            DataLabelPtr ptr = storePtrWithPatch(ImmPtr(NULL),
                                                 FrameAddress(VMFrame::offsetOfInlined));
            if (pinlined)
@ -775,6 +777,10 @@ static const JSC::MacroAssembler::RegisterID JSParamReg_Argc  = JSC::MIPSRegiste
    // A fallible VM call is a stub call (taking a VMFrame & and one optional
    // parameter) that needs the entire VMFrame to be coherent, meaning that
    // |pc|, |inlined| and |fp| are guaranteed to be up-to-date.
+    //
+    // If |pc| is null, the caller guarantees that the current regs->pc may be
+    // trusted. This is the case for a single debug-only path; see
+    // generateForceReturn.
    Call fallibleVMCall(bool inlining, void *ptr, jsbytecode *pc,
                        DataLabelPtr *pinlined, int32_t frameDepth) {
        setupFallibleVMFrame(inlining, pc, pinlined, frameDepth);