tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 0e504541fd8f3a67c88e13b0fda4e4cfadaf2e54
parent 12a29323d51ed8da544013b280ff824ab889480e
Author: Jon Coppeard <jcoppeard@mozilla.com>
Date:   Wed, 26 Nov 2025 11:36:52 +0000

Bug 2001969 - Use WeakMap::getUnbarriered on paths that may be called during sweeping r=jandem

This test found a couple of places where we were triggering the barrier during
sweeping. Neither place requires the barrier.

Differential Revision: https://phabricator.services.mozilla.com/D274026

Diffstat:

Mjs/src/debugger/DebugScript.cpp | 15++++++++++++---


Mjs/src/debugger/DebugScript.h | 1+


Ajs/src/jit-test/tests/debug/bug-2001969.js | 18++++++++++++++++++


3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/js/src/debugger/DebugScript.cpp b/js/src/debugger/DebugScript.cpp
@@ -177,6 +177,16 @@ DebugScript* DebugScript::getOrCreate(JSContext* cx, HandleScript script) {
 }
 
 /* static */
+bool DebugScript::hasBreakpointSite(JSScript* script, jsbytecode* pc) {
+  if (!script->hasDebugScript()) {
+    return false;
+  }
+
+  uint32_t offset = script->pcToOffset(pc);
+  return getUnbarriered(script)->breakpoints[offset];
+}
+
+/* static */
 JSBreakpointSite* DebugScript::getBreakpointSite(JSScript* script,
                                                  jsbytecode* pc) {
   uint32_t offset = script->pcToOffset(pc);
@@ -406,13 +416,12 @@ void DebugAPI::checkDebugScriptAfterMovingGC(DebugScript* ds) {
 
 /* static */
 bool DebugAPI::stepModeEnabledSlow(JSScript* script) {
-  return DebugScript::get(script)->stepperCount > 0;
+  return DebugScript::getUnbarriered(script)->stepperCount > 0;
 }
 
 /* static */
 bool DebugAPI::hasBreakpointsAtSlow(JSScript* script, jsbytecode* pc) {
-  JSBreakpointSite* site = DebugScript::getBreakpointSite(script, pc);
-  return !!site;
+  return DebugScript::hasBreakpointSite(script, pc);
 }
 
 /* static */
diff --git a/js/src/debugger/DebugScript.h b/js/src/debugger/DebugScript.h
@@ -92,6 +92,7 @@ class DebugScript {
   static DebugScript* getOrCreate(JSContext* cx, HandleScript script);
 
  public:
+  static bool hasBreakpointSite(JSScript* script, jsbytecode* pc);
   static JSBreakpointSite* getBreakpointSite(JSScript* script, jsbytecode* pc);
   static JSBreakpointSite* getOrCreateBreakpointSite(JSContext* cx,
                                                      HandleScript script,
diff --git a/js/src/jit-test/tests/debug/bug-2001969.js b/js/src/jit-test/tests/debug/bug-2001969.js
@@ -0,0 +1,18 @@
+// |jit-test| --fuzzing-safe; --ion-offthread-compile=off; --baseline-warmup-threshold=0; error: ReferenceError
+
+gczeal(2, 5);
+function assertOffsetColumns(code) {
+  const global = newGlobal({newCompartment: true});
+  const lines = code.split(/\r?\n|\r]/g);
+  const execCode = lines[lines.length - 1];
+  global.eval(execCode);
+  const dbg = new Debugger;
+  let debuggeeFn = dbg.addDebuggee(global).makeDebuggeeValue(global.f);
+  const { script } = debuggeeFn;
+  for (const offset of script.getAllColumnOffsets()) {
+    script.setBreakpoint(offset.offset, {});
+  }
+  global.f(3);
+  throw new Error(`Assertion failed: ${foo}`);
+}
+assertOffsetColumns("function f(){}")