I am working with exploitations of Javascript in Firefox. I am using gdb to set break points in SpiderMonkey JS engine and want to break at the point a specific allocation is made and observe the heap state. How should I set the break point?
I have tried something like inserting a Math.cos call. For example,
<body>
<p> Hi </p>
<script>
var container = [];
for (var i = 0; i < 125000; ++i) {
container[i] = document.createElementNS('http://www.w3.org/2000/svg', 'image');
}
Math.cos(1); // I want to break here
// ...
</script>
</body>
I run firefox with ./mach run --debug and set a break point at js::math_cos in JS engine, then open the html file, but the break point is never hit.
However, if I run JS shell with the same JS code, break point at js::math_cos is hit whenever a call to Math.cos is made in the input Javascript, perhaps Firefox build is taking a different code path than its JS shell, but I could not find it.
I added an option --disable-e10s when launching Firefox, i.e running ./mach run --disable-e10s --debug, it now breaks on all breakpoints in the script.