Bug 1509420: Handle CCWs of functions properly in bindToAsyncStack shell function. r=jorendorff
authorJim Blandy <jimb@mozilla.com>
Wed, 12 Dec 2018 23:58:03 +0000
changeset 450365 606d75702c5cc63ea9f2cefcdac7d49aa53dabe6
parent 450364 8c491aa06a8e3943f5a946fcf9080adcdc399e0e
child 450366 1da261b7f019321c54677afcefe19da35dec68e0
push id110479
push usercsabou@mozilla.com
push dateThu, 13 Dec 2018 04:02:11 +0000
treeherdermozilla-inbound@3ecc407c0cc8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjorendorff
bugs1509420
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1509420: Handle CCWs of functions properly in bindToAsyncStack shell function. r=jorendorff In js.cpp, BindToAsyncStack used JSObject::isCallable to check the type of its argument, and then BoundToAsyncStack (the native for the function returned) assumed that it could call JSObject::as<JSFunction> on that value. However, there are many things that are isCallable but not is<JSFunction>, two examples being CCWs and function proxies. Differential Revision: https://phabricator.services.mozilla.com/D14343
js/src/jit-test/tests/saved-stacks/bug-1509420.js
js/src/shell/js.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/saved-stacks/bug-1509420.js
@@ -0,0 +1,9 @@
+// bindtoAsyncStack shouldn't choke on CCWs of functions.
+
+var g = newGlobal();
+g.evaluate("function h() {}");
+bindToAsyncStack(g.h, { stack: saveStack() })();
+
+bindToAsyncStack(new Proxy(() => {}, { apply: () => {} }),
+                 { stack: saveStack() })
+();
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -1075,19 +1075,17 @@ static bool SetPromiseRejectionTrackerCa
 
   args.rval().setUndefined();
   return true;
 }
 
 static bool BoundToAsyncStack(JSContext* cx, unsigned argc, Value* vp) {
   CallArgs args = CallArgsFromVp(argc, vp);
 
-  RootedFunction function(cx, (&GetFunctionNativeReserved(&args.callee(), 0)
-                                    .toObject()
-                                    .as<JSFunction>()));
+  RootedValue function(cx, GetFunctionNativeReserved(&args.callee(), 0));
   RootedObject options(
       cx, &GetFunctionNativeReserved(&args.callee(), 1).toObject());
 
   RootedSavedFrame stack(cx, nullptr);
   bool isExplicit;
 
   RootedValue v(cx);