Bug 1233921 - Fix profiler crash when we're doing a debugger bailout. r=shu

--HG-- extra : rebase_source : 481f79748327a7b32261725738469167220344cd
2024-10-26 11:45:37 +00:00 · 2016-03-24 16:50:28 +01:00 · 2016-03-24 16:50:28 +01:00 · 4dd42983c5
commit 4dd42983c5
parent c5c65a0d3d
2 changed files with 21 additions and 5 deletions
--- a/js/src/jit-test/tests/profiler/bug1233921.js
+++ b/js/src/jit-test/tests/profiler/bug1233921.js
@ -0,0 +1,19 @@
+g = newGlobal();
+g.parent = this;
+g.eval("new Debugger(parent).onExceptionUnwind = function () {}");
+enableSPSProfiling();
+try {
+    enableSingleStepProfiling();
+} catch(e) {
+    quit();
+}
+f();
+f();
+function $ERROR() {
+    throw Error;
+}
+function f() {
+    try {
+        $ERROR()
+    } catch (ex) {}
+}
--- a/js/src/jit/BaselineBailouts.cpp
+++ b/js/src/jit/BaselineBailouts.cpp
@ -1090,16 +1090,13 @@ InitFromBailout(JSContext* cx, HandleScript caller, jsbytecode* callerPC,
                //
                // Note that we never resume at this pc, it is set for the sake
                // of frame iterators giving the correct answer.
-                //
-                // We also set nativeCodeForPC to nullptr as this address
-                // won't be used anywhere.
                jsbytecode* throwPC = script->offsetToPC(iter.pcOffset());
                builder.setResumePC(throwPC);
-                nativeCodeForPC = nullptr;
+                nativeCodeForPC = baselineScript->nativeCodeForPC(script, throwPC);
            } else {
                nativeCodeForPC = baselineScript->nativeCodeForPC(script, pc, &slotInfo);
-                MOZ_ASSERT(nativeCodeForPC);
            }
+            MOZ_ASSERT(nativeCodeForPC);

            unsigned numUnsynced = slotInfo.numUnsynced();