Bug 1015339 - Fix DumpJSStack to not crash with Ion code on the stack. r=shu
authorJan de Mooij <jdemooij@mozilla.com>
Fri, 09 Jan 2015 10:09:30 +0100
changeset 248801 4307416e17ed3fadfac5715acf096a7f79b02d82
parent 248800 d4a53398ac445e0b02423495291ec88c04f7d64b
child 248802 14bb2f5eed924ce5a8a83b3a567d19f3e6c7d795
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersshu
bugs1015339
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1015339 - Fix DumpJSStack to not crash with Ion code on the stack. r=shu
js/src/jit-test/tests/basic/bug1015339.js
js/src/jsfriendapi.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug1015339.js
@@ -0,0 +1,9 @@
+function f(x, y) {
+    for (var i=0; i<40; i++) {
+	var stack = getBacktrace({args: true, locals: true, thisprops: true});
+	assertEq(stack.contains("f(x = "), true);
+	assertEq(stack.contains("this = "), true);
+	backtrace();
+    }
+}
+f(1, 2);
--- a/js/src/jsfriendapi.cpp
+++ b/js/src/jsfriendapi.cpp
@@ -659,16 +659,19 @@ js_DumpObject(JSObject *obj)
 
 #endif
 
 static const char *
 FormatValue(JSContext *cx, const Value &vArg, JSAutoByteString &bytes)
 {
     RootedValue v(cx, vArg);
 
+    if (v.isMagic(JS_OPTIMIZED_OUT))
+        return "[unavailable]";
+
     /*
      * We could use Maybe<AutoCompartment> here, but G++ can't quite follow
      * that, and warns about uninitialized members being used in the
      * destructor.
      */
     RootedString str(cx);
     if (v.isObject()) {
         AutoCompartment ac(cx, &v.toObject());
@@ -733,17 +736,20 @@ FormatFrame(JSContext *cx, const ScriptF
                     if (fi.frameIndex() == i) {
                         arg = iter.callObj(cx).aliasedVar(fi);
                         break;
                     }
                 }
             } else if (script->argsObjAliasesFormals() && iter.hasArgsObj()) {
                 arg = iter.argsObj().arg(i);
             } else {
-                arg = iter.unaliasedActual(i, DONT_CHECK_ALIASING);
+                if (iter.hasUsableAbstractFramePtr())
+                    arg = iter.unaliasedActual(i, DONT_CHECK_ALIASING);
+                else
+                    arg = MagicValue(JS_OPTIMIZED_OUT);
             }
 
             JSAutoByteString valueBytes;
             const char *value = FormatValue(cx, arg, valueBytes);
 
             JSAutoByteString nameBytes;
             const char *name = nullptr;