Reviewers: Hannes Payer,
Description:
Make %DebugPushPromise more robust wrt fuzzing.
If %DebugPushPromise and throwing is called outside its intended context,
we may encounter assertion failures.
[email protected]
BUG=401915
LOG=N
Please review this at https://codereview.chromium.org/453933002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+8, -9 lines):
M src/debug.cc
A + test/mjsunit/regress/regress-crbug-401915.js
Index: src/debug.cc
diff --git a/src/debug.cc b/src/debug.cc
index
dec51b9954a5d15cfb04536cd317964335f9c0e8..2ae8630885b804640cd77f5e4363b62cfd5db8a6
100644
--- a/src/debug.cc
+++ b/src/debug.cc
@@ -1316,11 +1316,9 @@ Handle<Object> Debug::GetPromiseOnStackOnThrow() {
return thread_local_.promise_on_stack_->promise();
}
handler = handler->next();
- // There must be a try-catch handler if a promise is on stack.
- DCHECK_NE(NULL, handler);
// Throwing inside a Promise can be intercepted by an inner try-catch,
so
// we stop at the first try-catch handler.
- } while (!handler->is_catch());
+ } while (handler != NULL && !handler->is_catch());
return undefined;
}
Index: test/mjsunit/regress/regress-crbug-401915.js
diff --git a/test/mjsunit/regress/regress-crbug-387599.js
b/test/mjsunit/regress/regress-crbug-401915.js
similarity index 68%
copy from test/mjsunit/regress/regress-crbug-387599.js
copy to test/mjsunit/regress/regress-crbug-401915.js
index
98750aa918261f707bdee8a05d230c2805aa11e9..96dce048689cb28d9a095a8a5378503ffa4ae449
100644
--- a/test/mjsunit/regress/regress-crbug-387599.js
+++ b/test/mjsunit/regress/regress-crbug-401915.js
@@ -6,14 +6,15 @@
Debug = debug.Debug;
Debug.setListener(function() {});
+Debug.setBreakOnException();
-function f() {
- for (var i = 0; i < 100; i++) {
- %OptimizeFunctionOnNextCall(f, "osr");
+try {
+ try {
+ %DebugPushPromise(new Promise(function() {}));
+ } catch (e) {
}
+ throw new Error();
+} catch (e) {
}
-Debug.setBreakPoint(f, 0, 0);
-f();
-f();
Debug.setListener(null);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
