mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1083781 - Remove AutoEnterAnalysis from Recover instructions. r=bhackett
This revert some of the modifications made by Bug 1006899, Bug 1054241, Bug 1057598 and Bug 1064358 as it is now safe to iterate the stack during a bailout.
This commit is contained in:
parent
bb96350313
commit
13d7de6673
@ -874,13 +874,8 @@ RStringSplit::recover(JSContext *cx, SnapshotIterator &iter) const
|
|||||||
RootedString str(cx, iter.read().toString());
|
RootedString str(cx, iter.read().toString());
|
||||||
RootedString sep(cx, iter.read().toString());
|
RootedString sep(cx, iter.read().toString());
|
||||||
RootedTypeObject typeObj(cx, iter.read().toObject().type());
|
RootedTypeObject typeObj(cx, iter.read().toObject().type());
|
||||||
|
|
||||||
RootedValue result(cx);
|
RootedValue result(cx);
|
||||||
|
|
||||||
// Use AutoEnterAnalysis to avoid invoking the object metadata callback,
|
|
||||||
// which could try to walk the stack while bailing out.
|
|
||||||
types::AutoEnterAnalysis enter(cx);
|
|
||||||
|
|
||||||
JSObject *res = str_split_string(cx, typeObj, str, sep);
|
JSObject *res = str_split_string(cx, typeObj, str, sep);
|
||||||
if (!res)
|
if (!res)
|
||||||
return false;
|
return false;
|
||||||
@ -1008,10 +1003,6 @@ RNewObject::recover(JSContext *cx, SnapshotIterator &iter) const
|
|||||||
RootedValue result(cx);
|
RootedValue result(cx);
|
||||||
JSObject *resultObject = nullptr;
|
JSObject *resultObject = nullptr;
|
||||||
|
|
||||||
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
|
|
||||||
// while bailing out, which could try to walk the stack.
|
|
||||||
types::AutoEnterAnalysis enter(cx);
|
|
||||||
|
|
||||||
// See CodeGenerator::visitNewObjectVMCall
|
// See CodeGenerator::visitNewObjectVMCall
|
||||||
if (templateObjectIsClassPrototype_)
|
if (templateObjectIsClassPrototype_)
|
||||||
resultObject = NewInitObjectWithClassPrototype(cx, templateObject);
|
resultObject = NewInitObjectWithClassPrototype(cx, templateObject);
|
||||||
@ -1049,10 +1040,6 @@ RNewArray::recover(JSContext *cx, SnapshotIterator &iter) const
|
|||||||
RootedValue result(cx);
|
RootedValue result(cx);
|
||||||
RootedTypeObject type(cx);
|
RootedTypeObject type(cx);
|
||||||
|
|
||||||
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
|
|
||||||
// while bailing out, which could try to walk the stack.
|
|
||||||
types::AutoEnterAnalysis enter(cx);
|
|
||||||
|
|
||||||
// See CodeGenerator::visitNewArrayCallVM
|
// See CodeGenerator::visitNewArrayCallVM
|
||||||
if (!templateObject->hasSingletonType())
|
if (!templateObject->hasSingletonType())
|
||||||
type = templateObject->type();
|
type = templateObject->type();
|
||||||
@ -1084,10 +1071,6 @@ RNewDerivedTypedObject::recover(JSContext *cx, SnapshotIterator &iter) const
|
|||||||
Rooted<TypedObject *> owner(cx, &iter.read().toObject().as<TypedObject>());
|
Rooted<TypedObject *> owner(cx, &iter.read().toObject().as<TypedObject>());
|
||||||
int32_t offset = iter.read().toInt32();
|
int32_t offset = iter.read().toInt32();
|
||||||
|
|
||||||
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
|
|
||||||
// while bailing out, which could try to walk the stack.
|
|
||||||
types::AutoEnterAnalysis enter(cx);
|
|
||||||
|
|
||||||
JSObject *obj = OutlineTypedObject::createDerived(cx, descr, owner, offset);
|
JSObject *obj = OutlineTypedObject::createDerived(cx, descr, owner, offset);
|
||||||
if (!obj)
|
if (!obj)
|
||||||
return false;
|
return false;
|
||||||
@ -1116,10 +1099,6 @@ RCreateThisWithTemplate::recover(JSContext *cx, SnapshotIterator &iter) const
|
|||||||
{
|
{
|
||||||
RootedNativeObject templateObject(cx, &iter.read().toObject().as<NativeObject>());
|
RootedNativeObject templateObject(cx, &iter.read().toObject().as<NativeObject>());
|
||||||
|
|
||||||
// Use AutoEnterAnalysis to avoid invoking the object metadata callback
|
|
||||||
// while bailing out, which could try to walk the stack.
|
|
||||||
types::AutoEnterAnalysis enter(cx);
|
|
||||||
|
|
||||||
// See CodeGenerator::visitCreateThisWithTemplate
|
// See CodeGenerator::visitCreateThisWithTemplate
|
||||||
gc::AllocKind allocKind = templateObject->asTenured().getAllocKind();
|
gc::AllocKind allocKind = templateObject->asTenured().getAllocKind();
|
||||||
gc::InitialHeap initialHeap = tenuredHeap_ ? gc::TenuredHeap : gc::DefaultHeap;
|
gc::InitialHeap initialHeap = tenuredHeap_ ? gc::TenuredHeap : gc::DefaultHeap;
|
||||||
|
@ -779,8 +779,7 @@ static MOZ_ALWAYS_INLINE bool
|
|||||||
NewObjectMetadata(ExclusiveContext *cxArg, JSObject **pmetadata)
|
NewObjectMetadata(ExclusiveContext *cxArg, JSObject **pmetadata)
|
||||||
{
|
{
|
||||||
// The metadata callback is invoked before each created object, except when
|
// The metadata callback is invoked before each created object, except when
|
||||||
// analysis/compilation is active, to avoid recursion. It is also skipped
|
// analysis/compilation is active, to avoid recursion.
|
||||||
// when we allocate objects during a bailout, to prevent stack iterations.
|
|
||||||
MOZ_ASSERT(!*pmetadata);
|
MOZ_ASSERT(!*pmetadata);
|
||||||
if (JSContext *cx = cxArg->maybeJSContext()) {
|
if (JSContext *cx = cxArg->maybeJSContext()) {
|
||||||
if (MOZ_UNLIKELY((size_t)cx->compartment()->hasObjectMetadataCallback()) &&
|
if (MOZ_UNLIKELY((size_t)cx->compartment()->hasObjectMetadataCallback()) &&
|
||||||
|
Loading…
Reference in New Issue
Block a user