Title: [212458] trunk/Source/_javascript_Core
- Revision
- 212458
- Author
- keith_mil...@apple.com
- Date
- 2017-02-16 13:04:25 -0800 (Thu, 16 Feb 2017)
Log Message
ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()
https://bugs.webkit.org/show_bug.cgi?id=168354
Reviewed by Filip Pizlo.
Add a new vmEntryGlobalObject method for the debugger so that
the debugger does not crash in debug builds when trying to
detach itself from a global object.
* debugger/Debugger.cpp:
(JSC::Debugger::detach):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::vmEntryGlobalObjectForDebuggerDetach):
* interpreter/CallFrame.h:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (212457 => 212458)
--- trunk/Source/_javascript_Core/ChangeLog 2017-02-16 20:09:04 UTC (rev 212457)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-02-16 21:04:25 UTC (rev 212458)
@@ -1,5 +1,22 @@
2017-02-16 Keith Miller <keith_mil...@apple.com>
+ ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()
+ https://bugs.webkit.org/show_bug.cgi?id=168354
+
+ Reviewed by Filip Pizlo.
+
+ Add a new vmEntryGlobalObject method for the debugger so that
+ the debugger does not crash in debug builds when trying to
+ detach itself from a global object.
+
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::detach):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::vmEntryGlobalObjectForDebuggerDetach):
+ * interpreter/CallFrame.h:
+
+2017-02-16 Keith Miller <keith_mil...@apple.com>
+
Refactor AccessCase to be more like B3Value
https://bugs.webkit.org/show_bug.cgi?id=168408
Modified: trunk/Source/_javascript_Core/debugger/Debugger.cpp (212457 => 212458)
--- trunk/Source/_javascript_Core/debugger/Debugger.cpp 2017-02-16 20:09:04 UTC (rev 212457)
+++ trunk/Source/_javascript_Core/debugger/Debugger.cpp 2017-02-16 21:04:25 UTC (rev 212458)
@@ -171,7 +171,7 @@
// If we're detaching from the currently executing global object, manually tear down our
// stack, since we won't get further debugger callbacks to do so. Also, resume execution,
// since there's no point in staying paused once a window closes.
- if (m_isPaused && m_currentCallFrame && m_currentCallFrame->vmEntryGlobalObject() == globalObject) {
+ if (m_isPaused && m_currentCallFrame && m_currentCallFrame->vmEntryGlobalObjectForDebuggerDetach() == globalObject) {
m_currentCallFrame = nullptr;
m_pauseOnCallFrame = nullptr;
continueProgram();
Modified: trunk/Source/_javascript_Core/interpreter/CallFrame.cpp (212457 => 212458)
--- trunk/Source/_javascript_Core/interpreter/CallFrame.cpp 2017-02-16 20:09:04 UTC (rev 212457)
+++ trunk/Source/_javascript_Core/interpreter/CallFrame.cpp 2017-02-16 21:04:25 UTC (rev 212458)
@@ -197,6 +197,21 @@
return vm().entryScope->globalObject();
}
+JSGlobalObject* CallFrame::vmEntryGlobalObjectForDebuggerDetach()
+{
+ if (callee()->isObject()) {
+ JSGlobalObject* global = static_cast<JSObject*>(callee())->globalObject();
+ if (this == global->globalExec())
+ return global;
+ }
+ // If we're not an object, we're wasm, and therefore we're executing code and the below is safe.
+
+ // For any ExecState that's not a globalExec, the
+ // dynamic global object must be set since code is running
+ ASSERT(vm().entryScope);
+ return vm().entryScope->globalObject();
+}
+
CallFrame* CallFrame::callerFrame(VMEntryFrame*& currVMEntryFrame)
{
if (callerFrameOrVMEntryFrame() == currVMEntryFrame) {
Modified: trunk/Source/_javascript_Core/interpreter/CallFrame.h (212457 => 212458)
--- trunk/Source/_javascript_Core/interpreter/CallFrame.h 2017-02-16 20:09:04 UTC (rev 212457)
+++ trunk/Source/_javascript_Core/interpreter/CallFrame.h 2017-02-16 21:04:25 UTC (rev 212458)
@@ -102,6 +102,10 @@
// Global object in which execution began.
JS_EXPORT_PRIVATE JSGlobalObject* vmEntryGlobalObject();
+ // We need a special version of vmEntryGlobalObject for detaching the debugger since
+ // could be called by a finalizer.
+ JSGlobalObject* vmEntryGlobalObjectForDebuggerDetach();
+
// Global object in which the currently executing code was defined.
// Differs from vmEntryGlobalObject() during function calls across web browser frames.
JSGlobalObject* lexicalGlobalObject() const;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes