[INFER] Fix recompilation hazard in BindName IC, bug 676764.

2024-09-13 09:24:08 -07:00 · 2011-08-12 13:16:17 -07:00 · 2011-08-12 13:16:17 -07:00 · 4cc8b9aec6
commit 4cc8b9aec6
parent 4c595716d9
1 changed files with 12 additions and 5 deletions
--- a/js/src/methodjit/PolyIC.cpp
+++ b/js/src/methodjit/PolyIC.cpp
@ -1759,11 +1759,18 @@ class BindNameCompiler : public PICStubCompiler
    JSObject *update()
    {
        JS_ASSERT(scopeChain->getParent());
+        RecompilationMonitor monitor(cx);

        JSObject *obj = js_FindIdentifierBase(cx, scopeChain, ATOM_TO_JSID(atom));
-        if (!obj)
+
+        if (monitor.recompiled())
            return obj;

+        if (!obj) {
+            disable("error");
+            return obj;
+        }
+
        if (!pic.hit) {
            spew("first hit", "nop");
            pic.hit = true;
@ -1771,8 +1778,10 @@ class BindNameCompiler : public PICStubCompiler
        }

        LookupStatus status = generateStub(obj);
-        if (status == Lookup_Error)
+        if (status == Lookup_Error) {
+            disable("error");
            return NULL;
+        }

        return obj;
    }
@ -2166,10 +2175,8 @@ ic::BindName(VMFrame &f, ic::PICInfo *pic)
    BindNameCompiler cc(f, script, &f.fp()->scopeChain(), *pic, pic->atom, stub);

    JSObject *obj = cc.update();
-    if (!obj) {
-        cc.disable("error");
+    if (!obj)
        THROW();
-    }

    f.regs.sp[0].setObject(*obj);
 }