From 2ac630826269c55fe13b310491f5fd36bc4ae774 Mon Sep 17 00:00:00 2001 From: Brian Hackett Date: Sun, 4 Sep 2011 13:34:38 -0700 Subject: [PATCH] [INFER] Fix bogus assert, allow Disassemble() to be called during GC/arena traversal, bug 684281. --- js/src/jsinfer.cpp | 35 +++++++---------------------------- js/src/jsobjinlines.h | 2 +- js/src/jsopcode.cpp | 26 ++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 29 deletions(-) diff --git a/js/src/jsinfer.cpp b/js/src/jsinfer.cpp index 442029d1f9e..ac3f08c11d4 100644 --- a/js/src/jsinfer.cpp +++ b/js/src/jsinfer.cpp @@ -2346,28 +2346,6 @@ ScriptAnalysis::addSingletonTypeBarrier(JSContext *cx, const jsbytecode *pc, Typ code.typeBarriers = barrier; } -static void -PrintScriptTypeCallback(JSContext *cx, void *data, void *thing, - JSGCTraceKind traceKind, size_t thingSize) -{ - JS_ASSERT(!data); - JS_ASSERT(traceKind == JSTRACE_SCRIPT); - JSScript *script = static_cast(thing); - if (script->hasAnalysis() && script->analysis()->ranInference()) - script->analysis()->printTypes(cx); -} - -#ifdef DEBUG -static void -PrintObjectCallback(JSContext *cx, void *data, void *thing, - JSGCTraceKind traceKind, size_t thingSize) -{ - JS_ASSERT(traceKind == JSTRACE_OBJECT); - TypeObject *object = (TypeObject *) thing; - object->print(cx); -} -#endif - void TypeCompartment::print(JSContext *cx, bool force) { @@ -2376,15 +2354,16 @@ TypeCompartment::print(JSContext *cx, bool force) if (!force && !InferSpewActive(ISpewResult)) return; - { - AutoUnlockGC unlock(cx->runtime); - IterateCells(cx, compartment, gc::FINALIZE_SCRIPT, cx, PrintScriptTypeCallback); + for (gc::CellIter i(cx, compartment, gc::FINALIZE_SCRIPT); !i.done(); i.next()) { + JSScript *script = i.get(); + if (script->hasAnalysis() && script->analysis()->ranInference()) + script->analysis()->printTypes(cx); } #ifdef DEBUG - { - AutoUnlockGC unlock(cx->runtime); - IterateCells(cx, compartment, gc::FINALIZE_TYPE_OBJECT, NULL, PrintObjectCallback); + for (gc::CellIter i(cx, compartment, gc::FINALIZE_TYPE_OBJECT); !i.done(); i.next()) { + TypeObject *object = i.get(); + object->print(cx); } #endif diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h index 2aef163e174..cabf1154e0b 100644 --- a/js/src/jsobjinlines.h +++ b/js/src/jsobjinlines.h @@ -143,7 +143,7 @@ JSObject::getProperty(JSContext *cx, JSObject *receiver, jsid id, js::Value *vp) } else { if (!js_GetProperty(cx, this, receiver, id, vp)) return false; - JS_ASSERT_IF(!hasSingletonType(), + JS_ASSERT_IF(!hasSingletonType() && nativeContains(js_CheckForStringIndex(id)), js::types::TypeHasProperty(cx, type(), id, *vp)); } return true; diff --git a/js/src/jsopcode.cpp b/js/src/jsopcode.cpp index 04480ebd528..a44a9ebb31f 100644 --- a/js/src/jsopcode.cpp +++ b/js/src/jsopcode.cpp @@ -359,9 +359,35 @@ js_DumpScript(JSContext *cx, JSScript *script) return ok; } +static char * +QuoteString(Sprinter *sp, JSString *str, uint32 quote); + static bool ToDisassemblySource(JSContext *cx, jsval v, JSAutoByteString *bytes) { + if (JSVAL_IS_STRING(v)) { + Sprinter sprinter; + void *mark = JS_ARENA_MARK(&cx->tempPool); + INIT_SPRINTER(cx, &sprinter, &cx->tempPool, 0); + char *nbytes = QuoteString(&sprinter, JSVAL_TO_STRING(v), '"'); + if (!nbytes) + return false; + nbytes = JS_sprintf_append(NULL, "%s", nbytes); + JS_ARENA_RELEASE(&cx->tempPool, mark); + if (!nbytes) + return false; + bytes->initBytes(nbytes); + return true; + } + + if (cx->runtime->gcRunning || JS_THREAD_DATA(cx)->noGCOrAllocationCheck) { + char *source = JS_sprintf_append(NULL, ""); + if (!source) + return false; + bytes->initBytes(source); + return true; + } + if (!JSVAL_IS_PRIMITIVE(v)) { JSObject *obj = JSVAL_TO_OBJECT(v); Class *clasp = obj->getClass();