From 7e056a6f727bb6c3a852935abbfcd0ab9f957f38 Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@dbsoft.org>
Date: Fri, 21 Apr 2023 19:10:43 -0500
Subject: [PATCH] Issue #1691 - Part 10: Add and use method to annotate CC
 crashes with a class name.
 https://bugzilla.mozilla.org/show_bug.cgi?id=1277260 Make PtrInfo into a
 class and mark it final. Also fix an erroneous debug assert because mBaseURL
 not set in one code path.

(cherry picked from commit a1890054011adf0cf87be0d56047418c9f201420)
---
 dom/script/ScriptLoader.cpp     |  4 ++--
 xpcom/base/nsCycleCollector.cpp | 38 +++++++++++++++++++++++++++------
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp
index ca650c80c8..4e960da085 100644
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -1764,11 +1764,11 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
   MOZ_ASSERT_IF(!request->IsModuleRequest(), !aElement->GetScriptAsync());
   request->SetScriptMode(false, aElement->GetScriptAsync());
 
+  request->mBaseURL = mDocument->GetDocBaseURI();
+
   if (request->IsModuleRequest()) {
     ModuleLoadRequest* modReq = request->AsModuleRequest();
 
-    request->mBaseURL = mDocument->GetDocBaseURI();
-
     if (aElement->GetScriptAsync()) {
       AddAsyncRequest(modReq);
     } else {
diff --git a/xpcom/base/nsCycleCollector.cpp b/xpcom/base/nsCycleCollector.cpp
index 9acc2d7b7e..db99a05877 100644
--- a/xpcom/base/nsCycleCollector.cpp
+++ b/xpcom/base/nsCycleCollector.cpp
@@ -337,7 +337,7 @@ public:
 // Base types
 ////////////////////////////////////////////////////////////////////////
 
-struct PtrInfo;
+class PtrInfo;
 
 class EdgePool
 {
@@ -533,13 +533,15 @@ enum NodeColor { black, white, grey };
 // hundreds of thousands of them to be allocated and touched
 // repeatedly during each cycle collection.
 
-struct PtrInfo
+class PtrInfo final
 {
+public:
   void* mPointer;
   nsCycleCollectionParticipant* mParticipant;
   uint32_t mColor : 2;
   uint32_t mInternalRefs : 30;
   uint32_t mRefCount;
+
 private:
   EdgePool::Iterator mFirstChild;
 
@@ -609,8 +611,29 @@ public:
     CC_GRAPH_ASSERT(aLastChild.Initialized());
     (this + 1)->mFirstChild = aLastChild;
   }
+
+  void AnnotatedReleaseAssert(bool aCondition, const char* aMessage);
 };
 
+void
+PtrInfo::AnnotatedReleaseAssert(bool aCondition, const char* aMessage)
+{
+  if (aCondition) {
+    return;
+  }
+
+#ifdef MOZ_CRASHREPORTER
+  const char* piName = "Unknown";
+  if (mParticipant) {
+    piName = mParticipant->ClassName();
+  }
+  nsPrintfCString msg("%s, for class %s", aMessage, piName);
+  CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("CycleCollector"), msg);
+#endif
+
+  MOZ_CRASH();
+}
+
 /**
  * A structure designed to be used like a linked list of PtrInfo, except
  * it allocates many PtrInfos at a time.
@@ -2297,8 +2320,10 @@ CCGraphBuilder::NoteNativeRoot(void* aRoot,
 NS_IMETHODIMP_(void)
 CCGraphBuilder::DescribeRefCountedNode(nsrefcnt aRefCount, const char* aObjName)
 {
-  MOZ_RELEASE_ASSERT(aRefCount != 0, "CCed refcounted object has zero refcount");
-  MOZ_RELEASE_ASSERT(aRefCount != UINT32_MAX, "CCed refcounted object has overflowing refcount");
+  mCurrPi->AnnotatedReleaseAssert(aRefCount != 0,
+                                  "CCed refcounted object has zero refcount");
+  mCurrPi->AnnotatedReleaseAssert(aRefCount != UINT32_MAX,
+                                  "CCed refcounted object has overflowing refcount");
 
   mResults.mVisitedRefCounted++;
 
@@ -3112,9 +3137,8 @@ nsCycleCollector::ScanWhiteNodes(bool aFullySynchGraphBuild)
       continue;
     }
 
-    if (pi->mInternalRefs > pi->mRefCount) {
-      MOZ_CRASH();
-    }
+    pi->AnnotatedReleaseAssert(pi->mInternalRefs <= pi->mRefCount,
+                               "More references to an object than its refcount");
 
     // This node will get marked black in the next pass.
   }