Bug 1133196 - Ensure script observability when setting Debugger.Frame.onStep. (r=jandem)

2015-02-26 13:50:18 -08:00 · 2015-02-26 13:50:18 -08:00 · 6fd7570cc7
--- a/js/src/jit-test/tests/debug/bug1133196.js
+++ b/js/src/jit-test/tests/debug/bug1133196.js
@ -0,0 +1,16 @@
+// |jit-test| error: TypeError
+
+var g = newGlobal();
+g.parent = this;
+g.eval("(" + function() {
+    var dbg = new Debugger(parent);
+    dbg.onExceptionUnwind = function(frame) {
+        frame.older.onStep = function() {}
+    };
+} + ")()");
+function f() {
+    (function inner(arr) {
+        inner(arr.map);
+    })([]);
+}
+f();
--- a/js/src/jit/BaselineFrame.h
+++ b/js/src/jit/BaselineFrame.h
@ -49,7 +49,7 @@ class BaselineFrame

        // Frame has execution observed by a Debugger.
        //
-        // See comment above 'debugMode' in jscompartment.h for explanation of
+        // See comment above 'isDebuggee' in jscompartment.h for explanation of
        // invariants of debuggee compartments, scripts, and frames.
        DEBUGGEE         = 1 << 6,

--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@ -4974,10 +4974,10 @@ DebuggerScript_setBreakpoint(JSContext *cx, unsigned argc, Value *vp)
    if (!handler)
        return false;

-    // Ensure observability *before* setting the breakpoint. If the script's
-    // compartment is not already a debuggee, trying to ensure observability
-    // after setting the breakpoint (and thus marking the script as a
-    // debuggee) will skip actually ensuring observability.
+    // Ensure observability *before* setting the breakpoint. If the script is
+    // not already a debuggee, trying to ensure observability after setting
+    // the breakpoint (and thus marking the script as a debuggee) will skip
+    // actually ensuring observability.
    if (!dbg->ensureExecutionObservabilityOfScript(cx, script))
        return false;

@ -5937,6 +5937,12 @@ DebuggerFrame_setOnStep(JSContext *cx, unsigned argc, Value *vp)
    if (!args[0].isUndefined() && prior.isUndefined()) {
        // Single stepping toggled off->on.
        AutoCompartment ac(cx, frame.scopeChain());
+        // Ensure observability *before* incrementing the step mode
+        // count. Calling this function after calling incrementStepModeCount
+        // will make it a no-op.
+        Debugger *dbg = Debugger::fromChildJSObject(thisobj);
+        if (!dbg->ensureExecutionObservabilityOfScript(cx, frame.script()))
+            return false;
        if (!frame.script()->incrementStepModeCount(cx))
            return false;
    } else if (args[0].isUndefined() && !prior.isUndefined()) {
--- a/js/src/vm/Stack.h
+++ b/js/src/vm/Stack.h
@ -304,7 +304,7 @@ class InterpreterFrame
        PREV_UP_TO_DATE    =     0x4000,  /* see DebugScopes::updateLiveScopes */

        /*
-         * See comment above 'debugMode' in jscompartment.h for explanation of
+         * See comment above 'isDebuggee' in jscompartment.h for explanation of
         * invariants of debuggee compartments, scripts, and frames.
         */
        DEBUGGEE           =     0x8000,  /* Execution is being observed by Debugger */