Bug 745194 - [jsdbg2] Crash on Heap, trying to execute NULL, with Debugger forced return, methodjit, and GC. r=bhackett.

--HG--
extra : rebase_source : f5dbf256b10161f0859df94dcccec123415d7a4b

js/src/jit-test/tests/debug/Debugger-onEnterFrame-resumption-06.js

@@ -0,0 +1,13 @@
+// |jit-test| mjitalways
+// Bug 745194.
+
+var g = newGlobal('new-compartment');
+var dbg = Debugger(g);
+g.eval("function f() {}");
+dbg.onEnterFrame = function (frame) {
+    if (frame.type == 'call') {
+        gc();
+        return { return: 'PASS' };
+    }
+};
+assertEq(g.eval("f()"), 'PASS');

js/src/jit-test/tests/debug/Debugger-onEnterFrame-resumption-07.js

@@ -0,0 +1,16 @@
+// |jit-test| mjitalways
+// Bug 745194.
+
+var g = newGlobal('new-compartment');
+g.eval("function f() {}" +
+       "function h() { return new f; }");
+var dbg = Debugger(g);
+dbg.onEnterFrame = function (frame) {
+    if (frame.constructing) {
+        gc();
+        return { return: 0 };
+    }
+};
+var result = g.eval("h()");
+assertEq(typeof result, 'object');
+assertEq(Object.getPrototypeOf(result), g.f.prototype);

js/src/methodjit/InvokeHelpers.cpp

@@ -668,12 +668,19 @@ stubs::ScriptDebugPrologue(VMFrame &f)
     switch (status) {
       case JSTRAP_CONTINUE:
         break;
+
       case JSTRAP_RETURN:
+        if (!f.fp()->nativeReturnAddress()) {
+            // ClearAllFrames was called. Resume in the interpreter.
+            f.fp()->setNativeReturnAddress(JS_FUNC_TO_DATA_PTR(void *, JaegerInterpolineScripted));
+        }
         *f.returnAddressLocation() = f.cx->jaegerRuntime().forceReturnFromFastCall();
         return;
+
       case JSTRAP_ERROR:
       case JSTRAP_THROW:
         THROW();
+
       default:
         JS_NOT_REACHED("bad ScriptDebugPrologue status");
     }