Context Navigation

← Previous Changeset
Next Changeset →

Changeset 212458 in webkit

Timestamp:

Feb 16, 2017 1:04:25 PM (7 years ago)

Author:

keith_miller@apple.com

Message:

ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running

vm.apiLock().ownerThread() != std::this_thread::get_id()

https://bugs.webkit.org/show_bug.cgi?id=168354

Reviewed by Filip Pizlo.

Add a new vmEntryGlobalObject method for the debugger so that
the debugger does not crash in debug builds when trying to
detach itself from a global object.

debugger/Debugger.cpp:

(JSC::Debugger::detach):

interpreter/CallFrame.cpp:

(JSC::CallFrame::vmEntryGlobalObjectForDebuggerDetach):

interpreter/CallFrame.h:

Location:

trunk/Source/JavaScriptCore

Files:

: 4 edited

ChangeLog (modified) (1 diff)
debugger/Debugger.cpp (modified) (1 diff)
interpreter/CallFrame.cpp (modified) (1 diff)
interpreter/CallFrame.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/ChangeLog

-                      r212453
+                      r212458
+-02-16  Keith Miller  <keith_miller@apple.com>
+        ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()
+        https://bugs.webkit.org/show_bug.cgi?id=168354
+        Reviewed by Filip Pizlo.
+        Add a new vmEntryGlobalObject method for the debugger so that
+        the debugger does not crash in debug builds when trying to
+        detach itself from a global object.
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::detach):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::vmEntryGlobalObjectForDebuggerDetach):
+        * interpreter/CallFrame.h:
 -02-16  Keith Miller  <keith_miller@apple.com>

trunk/Source/JavaScriptCore/debugger/Debugger.cpp

r212448	r212458
172	172	// stack, since we won't get further debugger callbacks to do so. Also, resume execution,
173	173	// since there's no point in staying paused once a window closes.
174		if (m_isPaused && m_currentCallFrame && m_currentCallFrame->vmEntryGlobalObject() == globalObject) {
	174	if (m_isPaused && m_currentCallFrame && m_currentCallFrame->vmEntryGlobalObjectForDebuggerDetach() == globalObject) {
175	175	m_currentCallFrame = nullptr;
176	176	m_pauseOnCallFrame = nullptr;

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

-                      r210149
+                      r212458
+}
+JSGlobalObject* CallFrame::vmEntryGlobalObjectForDebuggerDetach()
+{
+    if (callee()->isObject()) {
+        JSGlobalObject* global = static_cast<JSObject*>(callee())->globalObject();
+        if (this == global->globalExec())
+            return global;
+    }
+    // If we're not an object, we're wasm, and therefore we're executing code and the below is safe.
+    // For any ExecState that's not a globalExec, the
+    // dynamic global object must be set since code is running
+    ASSERT(vm().entryScope);
+    return vm().entryScope->globalObject();
+}
 CallFrame* CallFrame::callerFrame(VMEntryFrame*& currVMEntryFrame)
+{

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

-                      r210149
+                      r212458
         JS_EXPORT_PRIVATE JSGlobalObject* vmEntryGlobalObject();
+        // We need a special version of vmEntryGlobalObject for detaching the debugger since
+        // could be called by a finalizer.
+        JSGlobalObject* vmEntryGlobalObjectForDebuggerDetach();
         // Global object in which the currently executing code was defined.
         // Differs from vmEntryGlobalObject() during function calls across web browser frames.

Note: See TracChangeset for help on using the changeset viewer.