Bug 1261324 - Fix bogus return address for star generators' .throw being observed by the profiler in Debugger's onExceptionUnwind in Baseline. (r=jandem)

2024-10-16 06:45:42 +00:00 · 2016-04-12 10:21:25 -07:00 · 2016-04-12 10:21:25 -07:00 · ead3b0f847
commit ead3b0f847
parent d4d7e39c75
3 changed files with 42 additions and 4 deletions
--- a/js/src/jit-test/tests/profiler/bug1261324.js
+++ b/js/src/jit-test/tests/profiler/bug1261324.js
@ -0,0 +1,24 @@
+g = newGlobal()
+g.parent = this
+g.eval("new Debugger(parent).onExceptionUnwind = function () {}")
+enableSPSProfiling()
+
+try {
+  // Only the ARM simulator supports single step profiling.
+  enableSingleStepProfiling();
+} catch (e) {
+  quit();
+}
+
+function assertThrowsInstanceOf(f) {
+    try {
+        f()
+    } catch (exc) {}
+}
+function testThrow(thunk) {
+    for (i = 0; i < 20; i++) {
+        iter = thunk()
+        assertThrowsInstanceOf(function() iter.throw())
+    }
+}
+testThrow(function*() {})
--- a/js/src/jit/JitFrameIterator.h
+++ b/js/src/jit/JitFrameIterator.h
@ -277,7 +277,7 @@ class JitProfilingFrameIterator
    bool tryInitWithPC(void* pc);
    bool tryInitWithTable(JitcodeGlobalTable* table, void* pc, JSRuntime* rt,
                          bool forLastCallSite);
-    void fixBaselineDebugModeOSRReturnAddress();
+    void fixBaselineReturnAddress();

    void moveToNextFrame(CommonFrameLayout* frame);

--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@ -2924,13 +2924,27 @@ JitProfilingFrameIterator::tryInitWithTable(JitcodeGlobalTable* table, void* pc,
 }

 void
-JitProfilingFrameIterator::fixBaselineDebugModeOSRReturnAddress()
+JitProfilingFrameIterator::fixBaselineReturnAddress()
 {
    MOZ_ASSERT(type_ == JitFrame_BaselineJS);
    BaselineFrame* bl = (BaselineFrame*)(fp_ - BaselineFrame::FramePointerOffset -
                                         BaselineFrame::Size());
-    if (BaselineDebugModeOSRInfo* info = bl->getDebugModeOSRInfo())
+
+    // Debug mode OSR for Baseline uses a "continuation fixer" and stashes the
+    // actual return address in an auxiliary structure.
+    if (BaselineDebugModeOSRInfo* info = bl->getDebugModeOSRInfo()) {
        returnAddressToFp_ = info->resumeAddr;
+        return;
+    }
+
+    // Resuming a generator via .throw() pushes a bogus return address onto
+    // the stack. We have the actual jsbytecode* stashed on the frame itself;
+    // translate that into the Baseline code address.
+    if (jsbytecode* override = bl->maybeOverridePc()) {
+        JSScript* script = bl->script();
+        returnAddressToFp_ = script->baselineScript()->nativeCodeForPC(script, override);
+        return;
+    }
 }

 void
@ -2985,7 +2999,7 @@ JitProfilingFrameIterator::moveToNextFrame(CommonFrameLayout* frame)
        returnAddressToFp_ = frame->returnAddress();
        fp_ = GetPreviousRawFrame<uint8_t*>(frame);
        type_ = JitFrame_BaselineJS;
-        fixBaselineDebugModeOSRReturnAddress();
+        fixBaselineReturnAddress();
        return;
    }