Bug 1250190: Make DebuggeeWouldRun checks not assume we always unlock before re-locking. r=fitzgen

--HG-- extra : rebase_source : 3d14ae5bfff214fca7edd9c5d5870ce11a686b3f
2024-10-22 01:35:35 +00:00 · 2016-03-02 11:09:40 -08:00 · 2016-03-02 11:09:40 -08:00 · 159d69538f
commit 159d69538f
parent 1aba8160bb
6 changed files with 39 additions and 10 deletions
--- a/js/src/devtools/automation/cgc-jittest-timeouts.txt
+++ b/js/src/devtools/automation/cgc-jittest-timeouts.txt
@ -13,6 +13,8 @@ basic/testBug614653.js
 basic/testBug686274.js
 basic/testManyVars.js
 basic/testTypedArrayInit.js
+debug/DebuggeeWouldRun-01.js
+debug/DebuggeeWouldRun-02.js
 gc/bug-1014972.js
 gc/bug-1246593.js
 gc/bug-906236.js
--- a/js/src/jit-test/tests/debug/DebuggeeWouldRun-01.js
+++ b/js/src/jit-test/tests/debug/DebuggeeWouldRun-01.js
@ -0,0 +1,7 @@
+// Bug 1250190: Shouldn't crash. |jit-test| exitstatus: 3
+
+g = newGlobal();
+var dbg = Debugger(g)
+dbg.onNewPromise = () => g.makeFakePromise();
+g.makeFakePromise();
+
--- a/js/src/jit-test/tests/debug/DebuggeeWouldRun-02.js
+++ b/js/src/jit-test/tests/debug/DebuggeeWouldRun-02.js
@ -0,0 +1,7 @@
+// Bug 1250190: Shouldn't crash. |jit-test| exitstatus: 3
+
+var g = newGlobal();
+var dbg = Debugger(g)
+dbg.onNewGlobalObject = () => g.newGlobal();
+g.newGlobal();
+print("yo");
--- a/js/src/jit-test/tests/debug/DebuggeeWouldRun-03.js
+++ b/js/src/jit-test/tests/debug/DebuggeeWouldRun-03.js
@ -0,0 +1,9 @@
+// Bug 1250190: Shouldn't crash. |jit-test| error: yadda
+
+var g = newGlobal();
+var dbg = new Debugger(g);
+dbg.onNewGlobalObject = function () {
+  dbg.onNewGlobalObject = function () { throw "yadda"; };
+  newGlobal();
+}
+newGlobal();
--- a/js/src/jit-test/tests/debug/DebuggeeWouldRun-04.js
+++ b/js/src/jit-test/tests/debug/DebuggeeWouldRun-04.js
@ -0,0 +1,9 @@
+// Bug 1250190: Shouldn't crash. |jit-test| error: yadda
+
+var g = newGlobal();
+var dbg = new Debugger(g);
+dbg.onNewScript = function () {
+  dbg.onNewScript = function () { throw "yadda"; };
+  g.Function("noodles;");
+}
+g.Function("poodles;");
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@ -311,18 +311,13 @@ class MOZ_RAII js::EnterDebuggeeNoExecute
    }

 #ifdef DEBUG
-    static bool isUniqueLockedInStack(JSContext* cx, Debugger& dbg) {
+    static bool isLockedInStack(JSContext* cx, Debugger& dbg) {
        JSRuntime* rt = cx->runtime();
-        EnterDebuggeeNoExecute* found = nullptr;
        for (EnterDebuggeeNoExecute* it = rt->noExecuteDebuggerTop; it; it = it->prev_) {
-            if (&it->debugger() == &dbg && !it->unlocked_) {
-                // This invariant does not hold when DebuggeeWouldRun is only a
-                // warning.
-                MOZ_ASSERT_IF(rt->options().throwOnDebuggeeWouldRun(), !found);
-                found = it;
-            }
+            if (&it->debugger() == &dbg)
+                return !it->unlocked_;
        }
-        return !!found;
+        return false;
    }
 #endif

@ -1155,7 +1150,7 @@ Debugger::handleUncaughtExceptionHelper(Maybe<AutoCompartment>& ac,

    // Uncaught exceptions arise from Debugger code, and so we must already be
    // in an NX section.
-    MOZ_ASSERT(EnterDebuggeeNoExecute::isUniqueLockedInStack(cx, *this));
+    MOZ_ASSERT(EnterDebuggeeNoExecute::isLockedInStack(cx, *this));

    if (cx->isExceptionPending()) {
        if (callHook && uncaughtExceptionHook) {