summaryrefslogtreecommitdiff
path: root/js/src
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-03-25 14:49:32 +0200
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-03-25 14:49:32 +0200
commit2818e8dedb4a9a6cf40688ad42bf2be05e2f26d2 (patch)
treeeadb970219bff53c96ebf7b300d87e0f3413cdb2 /js/src
parente7a220aae2dd6f92c57b92fdd08ff94e5826c035 (diff)
downloaduxp-2818e8dedb4a9a6cf40688ad42bf2be05e2f26d2.tar.gz
Bug 1334314 - Fix debug mode OSR exception handling for IteratorClose trynotes
Issue #74
Diffstat (limited to 'js/src')
-rw-r--r--js/src/jit-test/tests/ion/bug1334314.js16
-rw-r--r--js/src/jit/BaselineBailouts.cpp41
2 files changed, 48 insertions, 9 deletions
diff --git a/js/src/jit-test/tests/ion/bug1334314.js b/js/src/jit-test/tests/ion/bug1334314.js
new file mode 100644
index 0000000000..488fc90274
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug1334314.js
@@ -0,0 +1,16 @@
+// |jit-test| error: TypeError
+
+var g = newGlobal();
+g.parent = this;
+g.eval("new Debugger(parent).onExceptionUnwind = function () { };");
+
+function f() {
+ [[]] = [];
+}
+try {
+ f();
+} catch (e) {};
+try {
+ f();
+} catch (e) {};
+f();
diff --git a/js/src/jit/BaselineBailouts.cpp b/js/src/jit/BaselineBailouts.cpp
index 8fc8a522d4..161e1aa4cd 100644
--- a/js/src/jit/BaselineBailouts.cpp
+++ b/js/src/jit/BaselineBailouts.cpp
@@ -487,7 +487,7 @@ GetNextNonLoopEntryPc(jsbytecode* pc)
}
static bool
-HasLiveIteratorAtStackDepth(JSScript* script, jsbytecode* pc, uint32_t stackDepth)
+HasLiveStackValueAtDepth(JSScript* script, jsbytecode* pc, uint32_t stackDepth)
{
if (!script->hasTrynotes())
return false;
@@ -501,14 +501,37 @@ HasLiveIteratorAtStackDepth(JSScript* script, jsbytecode* pc, uint32_t stackDept
if (pcOffset >= tn->start + tn->length)
continue;
- // For-in loops have only the iterator on stack.
- if (tn->kind == JSTRY_FOR_IN && stackDepth == tn->stackDepth)
- return true;
+ switch (tn->kind) {
+ case JSTRY_FOR_IN:
+ // For-in loops have only the iterator on stack.
+ if (stackDepth == tn->stackDepth)
+ return true;
+ break;
+
+ case JSTRY_FOR_OF:
+ // For-of loops have both the iterator and the result object on
+ // stack. The iterator is below the result object.
+ if (stackDepth == tn->stackDepth - 1)
+ return true;
+ break;
+
+ case JSTRY_ITERCLOSE:
+ // Code that need to call IteratorClose have the iterator on the
+ // stack.
+ if (stackDepth == tn->stackDepth)
+ return true;
+ break;
- // For-of loops have both the iterator and the result object on
- // stack. The iterator is below the result object.
- if (tn->kind == JSTRY_FOR_OF && stackDepth == tn->stackDepth - 1)
- return true;
+ case JSTRY_DESTRUCTURING_ITERCLOSE:
+ // Destructuring code that need to call IteratorClose have both
+ // the iterator and the "done" value on the stack.
+ if (stackDepth == tn->stackDepth || stackDepth == tn->stackDepth - 1)
+ return true;
+ break;
+
+ default:
+ break;
+ }
}
return false;
@@ -945,7 +968,7 @@ InitFromBailout(JSContext* cx, HandleScript caller, jsbytecode* callerPC,
// iterators, however, so read them out. They will be closed by
// HandleExceptionBaseline.
MOZ_ASSERT(cx->compartment()->isDebuggee());
- if (iter.moreFrames() || HasLiveIteratorAtStackDepth(script, pc, i + 1)) {
+ if (iter.moreFrames() || HasLiveStackValueAtDepth(script, pc, i + 1)) {
v = iter.read();
} else {
iter.skip();