Bug 1116103 - Only look for an ICEntry in debug mode OSR if we aren't handling an exception. (r=jandem)
authorShu-yu Guo <shu@rfrn.org>
Mon, 05 Jan 2015 19:25:10 -0800
changeset 248013 aeac390e496fc4feaec1cf2ccd4d0a9b9691f50b
parent 248012 5aa1ef502b3c36e0ce25fe0a66d35cca536ebe62
child 248014 5667902b8cbaa7936ae15050d378aa390c84cbb6
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1116103
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1116103 - Only look for an ICEntry in debug mode OSR if we aren't handling an exception. (r=jandem)
js/src/jit-test/tests/debug/bug1116103.js
js/src/jit/BaselineDebugModeOSR.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/debug/bug1116103.js
@@ -0,0 +1,11 @@
+// |jit-test| error: ReferenceError
+
+evaluate(`
+    var g = newGlobal();
+    g.parent = this;
+    g.eval('new Debugger(parent).onExceptionUnwind = function() {};');
+`)
+{
+    while (x && 0) {}
+    let x
+}
--- a/js/src/jit/BaselineDebugModeOSR.cpp
+++ b/js/src/jit/BaselineDebugModeOSR.cpp
@@ -200,31 +200,30 @@ CollectJitStackScripts(JSContext *cx, co
                 // it points into the debug mode OSR handler and cannot be
                 // used to look up a corresponding ICEntry.
                 //
                 // See cases F and G in PatchBaselineFramesForDebugMode.
                 if (!entries.append(DebugModeOSREntry(script, info)))
                     return false;
             } else {
                 uint8_t *retAddr = iter.returnAddressToFp();
-                ICEntry *icEntry = script->baselineScript()->maybeICEntryFromReturnAddress(retAddr);
-                if (icEntry) {
-                    // Normally, the frame is settled on a pc with an ICEntry.
-                    if (!entries.append(DebugModeOSREntry(script, *icEntry)))
+                if (iter.baselineFrame()->isDebuggerHandlingException()) {
+                    // We are in the middle of handling an exception. This
+                    // happens since we could have bailed out in place from
+                    // Ion after a throw, settling on the pc which may have no
+                    // ICEntry (e.g., Ion is free to insert resume points
+                    // after non-effectful ops for better register
+                    // allocation).
+                    jsbytecode *pc = script->baselineScript()->pcForNativeAddress(script, retAddr);
+                    if (!entries.append(DebugModeOSREntry(script, script->pcToOffset(pc))))
                         return false;
                 } else {
-                    // Otherwise, we are in the middle of handling an
-                    // exception. This happens since we could have bailed out
-                    // in place from Ion after a throw, settling on the pc
-                    // which may have no ICEntry (e.g., Ion is free to insert
-                    // resume points after non-effectful ops for better
-                    // register allocation).
-                    MOZ_ASSERT(iter.baselineFrame()->isDebuggerHandlingException());
-                    jsbytecode *pc = script->baselineScript()->pcForNativeAddress(script, retAddr);
-                    if (!entries.append(DebugModeOSREntry(script, script->pcToOffset(pc))))
+                    // Normally, the frame is settled on a pc with an ICEntry.
+                    ICEntry &icEntry = script->baselineScript()->icEntryFromReturnAddress(retAddr);
+                    if (!entries.append(DebugModeOSREntry(script, icEntry)))
                         return false;
                 }
             }
 
             if (entries.back().needsRecompileInfo()) {
                 if (!entries.back().allocateRecompileInfo(cx))
                     return false;