From 1d92752dd6c1efded5a11ccb200e53d5d0f092bb Mon Sep 17 00:00:00 2001
From: Jim Blandy <jimb@mozilla.com>
Date: Tue, 7 Aug 2018 11:33:56 -0700
Subject: [PATCH] Bug 1073753: Document GC sensitivity of
 Debugger.prototype.onNewGlobalObject. r=jorendorff DONTBUILD

---
 js/src/doc/Debugger/Debugger.md | 6 ++++++
 js/src/vm/Debugger.cpp          | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/js/src/doc/Debugger/Debugger.md b/js/src/doc/Debugger/Debugger.md
index 0818fcb15683..73e73315fd9b 100644
--- a/js/src/doc/Debugger/Debugger.md
+++ b/js/src/doc/Debugger/Debugger.md
@@ -246,6 +246,12 @@ compartment.
     thereby escaping the capability-based limits. For this reason,
     `onNewGlobalObject` is only available to privileged code.
 
+    Note that, even though the presence of a `Debugger`'s `onNewGlobalObject`
+    hook can have arbitrary side effects, the garbage collector does not
+    consider the presence of the hook sufficient reason to keep the `Debugger`
+    alive. Thus, the behavior of code that uses `onNewGlobalObject` on unrooted,
+    enabled `Debugger`s may be affected by the garbage collector's activity, and
+    is not entirely deterministic.
 
 
 ## Function Properties of the Debugger Prototype Object
diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp
index b71b2071b4b6..24a1364cd321 100644
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@@ -837,6 +837,9 @@ Debugger::hasAnyLiveHooks(JSRuntime* rt) const
     if (!enabled)
         return false;
 
+    // A onNewGlobalObject hook does not hold its Debugger live, so its behavior
+    // is nondeterministic. This behavior is not satisfying, but it is at least
+    // documented.
     if (getHook(OnDebuggerStatement) ||
         getHook(OnExceptionUnwind) ||
         getHook(OnNewScript) ||