wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1083781 - Remove AutoEnterAnalysis from Recover instructions. r=bhackett

Browse Source 
This revert some of the modifications made by Bug 1006899, Bug 1054241,
Bug 1057598 and Bug 1064358 as it is now safe to iterate the stack during a
bailout.
This commit is contained in:
Nicolas B. Pierron 2014-10-17 18:32:46 +02:00
parent bb96350313
commit 13d7de6673
2 changed files with 1 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
js/src/jit/Recover.cpp
View File

@ -874,13 +874,8 @@ RStringSplit::recover(JSContext *cx, SnapshotIterator &iter) const
RootedString str(cx, iter.read().toString());
RootedString sep(cx, iter.read().toString());
RootedTypeObject typeObj(cx, iter.read().toObject().type());
RootedValue result(cx);
// Use AutoEnterAnalysis to avoid invoking the object metadata callback,
// which could try to walk the stack while bailing out.
types::AutoEnterAnalysis enter(cx);
JSObject *res = str_split_string(cx, typeObj, str, sep);
if (!res)
return false;
@ -1008,10 +1003,6 @@ RNewObject::recover(JSContext *cx, SnapshotIterator &iter) const
RootedValue result(cx);
JSObject *resultObject = nullptr;
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
// while bailing out, which could try to walk the stack.
types::AutoEnterAnalysis enter(cx);
// See CodeGenerator::visitNewObjectVMCall
if (templateObjectIsClassPrototype_)
resultObject = NewInitObjectWithClassPrototype(cx, templateObject);
@ -1049,10 +1040,6 @@ RNewArray::recover(JSContext *cx, SnapshotIterator &iter) const
RootedValue result(cx);
RootedTypeObject type(cx);
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
// while bailing out, which could try to walk the stack.
types::AutoEnterAnalysis enter(cx);
// See CodeGenerator::visitNewArrayCallVM
if (!templateObject->hasSingletonType())
type = templateObject->type();
@ -1084,10 +1071,6 @@ RNewDerivedTypedObject::recover(JSContext *cx, SnapshotIterator &iter) const
Rooted<TypedObject *> owner(cx, &iter.read().toObject().as<TypedObject>());
int32_t offset = iter.read().toInt32();
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
// while bailing out, which could try to walk the stack.
types::AutoEnterAnalysis enter(cx);
JSObject *obj = OutlineTypedObject::createDerived(cx, descr, owner, offset);
if (!obj)
return false;
@ -1116,10 +1099,6 @@ RCreateThisWithTemplate::recover(JSContext *cx, SnapshotIterator &iter) const
{
RootedNativeObject templateObject(cx, &iter.read().toObject().as<NativeObject>());
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
// while bailing out, which could try to walk the stack.
types::AutoEnterAnalysis enter(cx);
// See CodeGenerator::visitCreateThisWithTemplate
gc::AllocKind allocKind = templateObject->asTenured().getAllocKind();
gc::InitialHeap initialHeap = tenuredHeap_ ? gc::TenuredHeap : gc::DefaultHeap;

3
js/src/jsobjinlines.h
View File

@ -779,8 +779,7 @@ static MOZ_ALWAYS_INLINE bool
NewObjectMetadata(ExclusiveContext *cxArg, JSObject **pmetadata)
{
// The metadata callback is invoked before each created object, except when
// analysis/compilation is active, to avoid recursion. It is also skipped
// when we allocate objects during a bailout, to prevent stack iterations.
// analysis/compilation is active, to avoid recursion.
MOZ_ASSERT(!*pmetadata);
if (JSContext *cx = cxArg->maybeJSContext()) {
if (MOZ_UNLIKELY((size_t)cx->compartment()->hasObjectMetadataCallback()) &&