Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-18 15:55:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1527862: Use proper initialization condition in AutoDebuggerJobQueueInterruption destructor. r=arai

Browse Source 
The AutoDebuggerJobQueueInterruption destructor asserts that the Debugger has
properly managed its hooks' asynchronous jobs. But this assertion clearly only
applies when the AutoDebuggerJobQueueInterruption is properly initialized;
otherwise, the debuggee's job queue is still in place.

Unfortunately, the destructor was using the wrong test to determine whether the
debuggee's queue had been saved. This patch makes it uses the `initialized`
method, rather that checking the `cx` field, which is always initialized.

Differential Revision: https://phabricator.services.mozilla.com/D20575

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Jim Blandy 2019-02-21 01:58:12 +00:00
parent 9f8b29287b
commit 99c8e0c2ea
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
js/src/builtin/Promise.cpp
View File

@ -5179,7 +5179,7 @@ JS::AutoDebuggerJobQueueInterruption::AutoDebuggerJobQueueInterruption(
}
JS::AutoDebuggerJobQueueInterruption::~AutoDebuggerJobQueueInterruption() {
MOZ_ASSERT_IF(cx, cx->jobQueue->empty());
MOZ_ASSERT_IF(initialized(), cx->jobQueue->empty());
}
bool JS::AutoDebuggerJobQueueInterruption::init(JSContext* cx) {

23
js/src/jit-test/tests/debug/job-queue-04.js Normal file
View File

@ -0,0 +1,23 @@
// Bug 1527862: Don't assert that the Debugger drained its job queue unless we
// actually saved the debuggee's queue.
// Put a job in the queue.
Promise.resolve(42).then(() => {});
var g = newGlobal({ newCompartment: true });
var dbg = new Debugger(g);
dbg.onNewScript = script => {};
// Cause an OOM while initializing the AutoDebuggerJobQueueInterruption, so that
// the destructor is run on an uninitialized instance.
//
// A properly initialized AutoDebuggerJobQueueInterruption asserts that the
// debugger left its job queue entry, before restoring the debuggee's job queue
// that it saved when it was initialized. But if OOM interrupts initialization,
// the job queue left on the JSContext is still the debuggee's, which we have no
// reason to expect is empty, so we shouldn't make any assertions about its
// state. The assertion must be conditional on proper initialization (and use
// the correct condition).
oomTest(() => {
g.eval("(function() {})");
});