Bug 1502744 - Profiler should allow unsynced baseline addresses. r=jandem

The assert was overzealous and should just be removed. Other return
addresses reported by iterator are just sampled by stack and don't
indicate if stack is synced or not.

Also, fix up an out-of-date comment here.

Differential Revision: https://phabricator.services.mozilla.com/D14108

--HG--
extra : moz-landing-system : lando

js/src/jit-test/tests/profiler/bug1502744.js

@@ -0,0 +1,20 @@
+// |jit-test| error:ReferenceError
+(function(global) {
+    global.makeIterator = function makeIterator(overrides) {
+        var iterator = {
+            return: function(x) {
+                return overrides.ret(x);
+            }
+        };
+        return function() {
+            return iterator;
+        };
+    }
+})(this);
+var iterable = {};
+iterable[Symbol.iterator] = makeIterator({
+    ret: (function() {
+        enableGeckoProfilingWithSlowAssertions();
+    })
+});
+0, [...{} [throwlhs()]] = iterable;

js/src/jit/JSJitFrameIter.cpp

@@ -618,15 +618,18 @@ void JSJitProfilingFrameIterator::fixBaselineReturnAddress() {
     return;
   }
 
-  // Resuming a generator via .throw() pushes a bogus return address onto
-  // the stack. We have the actual jsbytecode* stashed on the frame itself;
-  // translate that into the Baseline code address.
+  // Certain exception handling cases such as debug OSR or resuming a generator
+  // with .throw() will use BaselineFrame::setOverridePc() to indicate the
+  // effective |pc|. We translate the effective-pc into a Baseline code
+  // address.
   if (jsbytecode* override = bl->maybeOverridePc()) {
     PCMappingSlotInfo slotInfo;
     JSScript* script = bl->script();
     returnAddressToFp_ =
         script->baselineScript()->nativeCodeForPC(script, override, &slotInfo);
-    MOZ_ASSERT(slotInfo.isStackSynced());
+
+    // NOTE: The stack may not be synced at this PC. For the purpose of
+    // profiler sampling this is fine.
     return;
   }
 }