wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Backed out changeset d01a2a30d626 (bug 848449)

Browse Source
This commit is contained in:
Ed Morley 2013-03-07 13:03:27 +00:00
parent 91c00df9b4
commit 8b6f1835f1
47 changed files with 180 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
js/src/frontend/BytecodeEmitter.cpp
View File

@ -4344,6 +4344,7 @@ EmitFor(JSContext *cx, BytecodeEmitter *bce, ParseNode *pn, ptrdiff_t top)
static JS_NEVER_INLINE bool
EmitFunc(JSContext *cx, BytecodeEmitter *bce, ParseNode *pn)
{
AssertCanGC();
RootedFunction fun(cx, pn->pn_funbox->function());
JS_ASSERT(fun->isInterpreted());
if (fun->hasScript()) {

8
js/src/ion/CodeGenerator.cpp
View File

@ -4361,6 +4361,7 @@ CodeGenerator::generate()
bool
CodeGenerator::link()
{
AssertCanGC();
JSContext *cx = GetIonContext()->cx;
Linker linker(masm);
@ -4623,6 +4624,7 @@ const VMFunction CallsiteCloneIC::UpdateInfo =
bool
CodeGenerator::visitCallsiteCloneIC(OutOfLineUpdateCache *ool, CallsiteCloneIC *ic)
{
AssertCanGC();
LInstruction *lir = ool->lir();
saveLive(lir);
@ -4654,6 +4656,7 @@ const VMFunction NameIC::UpdateInfo = FunctionInfo<NameICFn>(NameIC::update);
bool
CodeGenerator::visitNameIC(OutOfLineUpdateCache *ool, NameIC *ic)
{
AssertCanGC();
LInstruction *lir = ool->lir();
saveLive(lir);
@ -4701,6 +4704,7 @@ const VMFunction GetPropertyIC::UpdateInfo =
bool
CodeGenerator::visitGetPropertyIC(OutOfLineUpdateCache *ool, GetPropertyIC *ic)
{
AssertCanGC();
LInstruction *lir = ool->lir();
saveLive(lir);
@ -4746,6 +4750,7 @@ const VMFunction GetElementIC::UpdateInfo =
bool
CodeGenerator::visitGetElementIC(OutOfLineUpdateCache *ool, GetElementIC *ic)
{
AssertCanGC();
LInstruction *lir = ool->lir();
saveLive(lir);
@ -4778,6 +4783,7 @@ const VMFunction BindNameIC::UpdateInfo =
bool
CodeGenerator::visitBindNameIC(OutOfLineUpdateCache *ool, BindNameIC *ic)
{
AssertCanGC();
LInstruction *lir = ool->lir();
saveLive(lir);
@ -4871,6 +4877,7 @@ const VMFunction SetPropertyIC::UpdateInfo =
bool
CodeGenerator::visitSetPropertyIC(OutOfLineUpdateCache *ool, SetPropertyIC *ic)
{
AssertCanGC();
LInstruction *lir = ool->lir();
saveLive(lir);
@ -5605,6 +5612,7 @@ static const VMFunction SPSExitInfo = FunctionInfo<SPSFn>(SPSExit);
bool
CodeGenerator::visitFunctionBoundary(LFunctionBoundary *lir)
{
AssertCanGC();
Register temp = ToRegister(lir->temp()->output());
switch (lir->type()) {

7
js/src/ion/Ion.cpp
View File

@ -328,6 +328,8 @@ IonActivation::~IonActivation()
IonCode *
IonCode::New(JSContext *cx, uint8_t *code, uint32_t bufferSize, JSC::ExecutablePool *pool)
{
AssertCanGC();
IonCode *codeObj = gc::NewGCThing<IonCode, CanGC>(cx, gc::FINALIZE_IONCODE, sizeof(IonCode), gc::DefaultHeap);
if (!codeObj) {
pool->release();
@ -1087,6 +1089,7 @@ void
AttachFinishedCompilations(JSContext *cx)
{
#ifdef JS_THREADSAFE
AssertCanGC();
IonCompartment *ion = cx->compartment->ionCompartment();
if (!ion || !cx->runtime->workerThreadState)
return;
@ -1673,6 +1676,7 @@ ion::CanEnterUsingFastInvoke(JSContext *cx, HandleScript script, uint32_t numAct
return Method_Error;
// This can GC, so afterward, script->ion is not guaranteed to be valid.
AssertCanGC();
if (!cx->compartment->ionCompartment()->enterJIT())
return Method_Error;
@ -1685,6 +1689,7 @@ ion::CanEnterUsingFastInvoke(JSContext *cx, HandleScript script, uint32_t numAct
static IonExecStatus
EnterIon(JSContext *cx, StackFrame *fp, void *jitcode)
{
AssertCanGC();
JS_CHECK_RECURSION(cx, return IonExec_Aborted);
JS_ASSERT(ion::IsEnabled(cx));
JS_ASSERT(CheckFrame(fp));
@ -1769,6 +1774,7 @@ EnterIon(JSContext *cx, StackFrame *fp, void *jitcode)
IonExecStatus
ion::Cannon(JSContext *cx, StackFrame *fp)
{
AssertCanGC();
RootedScript script(cx, fp->script());
IonScript *ion = script->ion;
IonCode *code = ion->method();
@ -1800,6 +1806,7 @@ ion::Cannon(JSContext *cx, StackFrame *fp)
IonExecStatus
ion::SideCannon(JSContext *cx, StackFrame *fp, jsbytecode *pc)
{
AssertCanGC();
RootedScript script(cx, fp->script());
IonScript *ion = script->ion;
IonCode *code = ion->method();

10
js/src/ion/IonBuilder.cpp
View File

@ -187,6 +187,8 @@ IonBuilder::getPolyCallTargets(types::StackTypeSet *calleeTypes,
bool
IonBuilder::canInlineTarget(JSFunction *target)
{
AssertCanGC();
if (!target->isInterpreted()) {
IonSpew(IonSpew_Inlining, "Cannot inline due to non-interpreted");
return false;
@ -758,6 +760,8 @@ IonBuilder::snoopControlFlow(JSOp op)
bool
IonBuilder::inspectOpcode(JSOp op)
{
AssertCanGC();
// Don't compile fat opcodes, run the decomposed version instead.
if (js_CodeSpec[op].format & JOF_DECOMPOSE)
return true;
@ -2903,6 +2907,7 @@ class AutoAccumulateExits
bool
IonBuilder::inlineScriptedCall(HandleFunction target, CallInfo &callInfo)
{
AssertCanGC();
JS_ASSERT(target->isInterpreted());
JS_ASSERT(callInfo.hasCallType());
JS_ASSERT(types::IsInlinableCall(pc));
@ -3126,6 +3131,8 @@ IonBuilder::patchInlinedReturns(CallInfo &callInfo, MIRGraphExits &exits, MBasic
bool
IonBuilder::makeInliningDecision(AutoObjectVector &targets)
{
AssertCanGC();
// For "small" functions, we should be more aggressive about inlining.
// This is based on the following intuition:
// 1. The call overhead for a small function will likely be a much
@ -4080,6 +4087,8 @@ IonBuilder::jsop_funapplyarguments(uint32_t argc)
bool
IonBuilder::jsop_call(uint32_t argc, bool constructing)
{
AssertCanGC();
// Acquire known call target if existent.
AutoObjectVector originals(cx);
types::StackTypeSet *calleeTypes = oracle->getCallTarget(script(), argc, pc);
@ -6652,6 +6661,7 @@ bool
IonBuilder::getPropTryMonomorphic(bool *emitted, HandleId id, types::StackTypeSet *barrier,
TypeOracle::Unary unary, TypeOracle::UnaryTypes unaryTypes)
{
AssertCanGC();
JS_ASSERT(*emitted == false);
bool accessGetter = oracle->propertyReadAccessGetter(script(), pc);

2
js/src/ion/IonCaches.cpp
View File

@ -96,6 +96,7 @@ IonCache::CacheName(IonCache::Kind kind)
IonCache::LinkStatus
IonCache::linkCode(JSContext *cx, MacroAssembler &masm, IonScript *ion, IonCode **code)
{
AssertCanGC();
Linker linker(masm);
*code = linker.newCode(cx);
if (!code)
@ -1923,6 +1924,7 @@ BindNameIC::update(JSContext *cx, size_t cacheIndex, HandleObject scopeChain)
bool
NameIC::attach(JSContext *cx, IonScript *ion, HandleObject scopeChain, HandleObject holder, HandleShape shape)
{
AssertCanGC();
MacroAssembler masm(cx);
Label failures;

3
js/src/ion/IonFrames.cpp
View File

@ -247,6 +247,7 @@ IonFrameIterator::machineState() const
static void
CloseLiveIterator(JSContext *cx, const InlineFrameIterator &frame, uint32_t localSlot)
{
AssertCanGC();
SnapshotIterator si = frame.snapshotIterator();
// Skip stack slots until we reach the iterator object.
@ -268,6 +269,7 @@ CloseLiveIterator(JSContext *cx, const InlineFrameIterator &frame, uint32_t loca
static void
CloseLiveIterators(JSContext *cx, const InlineFrameIterator &frame)
{
AssertCanGC();
RootedScript script(cx, frame.script());
jsbytecode *pc = frame.pc();
@ -298,6 +300,7 @@ CloseLiveIterators(JSContext *cx, const InlineFrameIterator &frame)
void
ion::HandleException(ResumeFromException *rfe)
{
AssertCanGC();
JSContext *cx = GetIonContext()->cx;
IonSpew(IonSpew_Invalidate, "handling exception");

1
js/src/ion/IonLinker.h
View File

@ -30,6 +30,7 @@ class Linker
}
IonCode *newCode(JSContext *cx, IonCompartment *comp) {
AssertCanGC();
gc::AutoSuppressGC suppressGC(cx);
if (masm.oom())
return fail(cx);

1
js/src/ion/TypeOracle.cpp
View File

@ -606,6 +606,7 @@ TypeInferenceOracle::callArgsBarrier(HandleScript caller, jsbytecode *pc)
bool
TypeInferenceOracle::canEnterInlinedFunction(RawScript caller, jsbytecode *pc, RawFunction target)
{
AssertCanGC();
RootedScript targetScript(cx, target->nonLazyScript());
// Make sure empty script has type information, to allow inlining in more cases.

2
js/src/ion/VMFunctions.cpp
View File

@ -53,6 +53,8 @@ ShouldMonitorReturnType(JSFunction *fun)
bool
InvokeFunction(JSContext *cx, HandleFunction fun0, uint32_t argc, Value *argv, Value *rval)
{
AssertCanGC();
RootedFunction fun(cx, fun0);
if (fun->isInterpreted()) {
if (fun->isInterpretedLazy() && !fun->getOrCreateScript(cx))

1
js/src/ion/shared/CodeGenerator-shared.cpp
View File

@ -369,6 +369,7 @@ CodeGeneratorShared::markOsiPoint(LOsiPoint *ins, uint32_t *callPointOffset)
bool
CodeGeneratorShared::callVM(const VMFunction &fun, LInstruction *ins, const Register *dynStack)
{
AssertCanGC();
#ifdef DEBUG
if (ins->mirRaw()) {
JS_ASSERT(ins->mirRaw()->isInstruction());

1
js/src/ion/shared/CodeGenerator-shared.h
View File

@ -569,6 +569,7 @@ template <class ArgSeq, class StoreOutputTo>
bool
CodeGeneratorShared::visitOutOfLineCallVM(OutOfLineCallVM<ArgSeq, StoreOutputTo> *ool)
{
AssertCanGC();
LInstruction *lir = ool->lir();
saveLive(lir);

1
js/src/ion/x86/Trampoline-x86.cpp
View File

@ -386,6 +386,7 @@ IonRuntime::generateBailoutHandler(JSContext *cx)
IonCode *
IonRuntime::generateVMWrapper(JSContext *cx, const VMFunction &f)
{
AssertCanGC();
typedef MoveResolver::MoveOperand MoveOperand;
JS_ASSERT(!StackKeptAligned);

1
js/src/jsanalyze.cpp
View File

@ -27,6 +27,7 @@ using mozilla::DebugOnly;
void
analyze::PrintBytecode(JSContext *cx, HandleScript script, jsbytecode *pc)
{
AssertCanGC();
printf("#%u:", script->id());
Sprinter sprinter(cx);
if (!sprinter.init())

6
js/src/jsapi.h
View File

@ -1690,6 +1690,7 @@ namespace JS {
JS_ALWAYS_INLINE bool
ToNumber(JSContext *cx, const Value &v, double *out)
{
AssertCanGC();
AssertArgumentsAreSane(cx, v);
{
js::SkipRoot root(cx, &v);
@ -1780,6 +1781,7 @@ namespace JS {
JS_ALWAYS_INLINE bool
ToUint16(JSContext *cx, const js::Value &v, uint16_t *out)
{
AssertCanGC();
AssertArgumentsAreSane(cx, v);
{
js::SkipRoot skip(cx, &v);
@ -1796,6 +1798,7 @@ ToUint16(JSContext *cx, const js::Value &v, uint16_t *out)
JS_ALWAYS_INLINE bool
ToInt32(JSContext *cx, const js::Value &v, int32_t *out)
{
AssertCanGC();
AssertArgumentsAreSane(cx, v);
{
js::SkipRoot root(cx, &v);
@ -1812,6 +1815,7 @@ ToInt32(JSContext *cx, const js::Value &v, int32_t *out)
JS_ALWAYS_INLINE bool
ToUint32(JSContext *cx, const js::Value &v, uint32_t *out)
{
AssertCanGC();
AssertArgumentsAreSane(cx, v);
{
js::SkipRoot root(cx, &v);
@ -1828,6 +1832,7 @@ ToUint32(JSContext *cx, const js::Value &v, uint32_t *out)
JS_ALWAYS_INLINE bool
ToInt64(JSContext *cx, const js::Value &v, int64_t *out)
{
AssertCanGC();
AssertArgumentsAreSane(cx, v);
{
js::SkipRoot skip(cx, &v);
@ -1845,6 +1850,7 @@ ToInt64(JSContext *cx, const js::Value &v, int64_t *out)
JS_ALWAYS_INLINE bool
ToUint64(JSContext *cx, const js::Value &v, uint64_t *out)
{
AssertCanGC();
AssertArgumentsAreSane(cx, v);
{
js::SkipRoot skip(cx, &v);

4
js/src/jsatom.cpp
View File

@ -328,6 +328,8 @@ template <AllowGC allowGC>
RawAtom
js::AtomizeString(JSContext *cx, JSString *str, js::InternBehavior ib /* = js::DoNotInternAtom */)
{
AssertCanGC();
if (str->isAtom()) {
JSAtom &atom = str->asAtom();
/* N.B. static atoms are effectively always interned. */
@ -369,6 +371,7 @@ js::AtomizeString<NoGC>(JSContext *cx, JSString *str, js::InternBehavior ib);
RawAtom
js::Atomize(JSContext *cx, const char *bytes, size_t length, InternBehavior ib)
{
AssertCanGC();
CHECK_REQUEST(cx);
if (!JSString::validateLength(cx, length))
@ -465,6 +468,7 @@ template<XDRMode mode>
bool
js::XDRAtom(XDRState<mode> *xdr, MutableHandleAtom atomp)
{
AssertCanGC();
if (mode == XDR_ENCODE) {
uint32_t nchars = atomp->length();
if (!xdr->codeUint32(&nchars))

2
js/src/jscntxt.cpp
View File

@ -451,6 +451,8 @@ static void
ReportError(JSContext *cx, const char *message, JSErrorReport *reportp,
JSErrorCallback callback, void *userRef)
{
AssertCanGC();
/*
* Check the error report, and set a JavaScript-catchable exception
* if the error is defined to have an associated exception. If an

3
js/src/jsdbgapi.cpp
View File

@ -1014,6 +1014,7 @@ JS_UnwrapObjectAndInnerize(JSObject *obj)
JS_FRIEND_API(JSBool)
js_CallContextDebugHandler(JSContext *cx)
{
AssertCanGC();
ScriptFrameIter iter(cx);
JS_ASSERT(!iter.done());
@ -1112,6 +1113,8 @@ static char *
FormatFrame(JSContext *cx, const ScriptFrameIter &iter, char *buf, int num,
JSBool showArgs, JSBool showLocals, JSBool showThisProps)
{
AssertCanGC();
RootedScript script(cx, iter.script());
jsbytecode* pc = iter.pc();

4
js/src/jsfun.cpp
View File

@ -456,6 +456,8 @@ js::XDRInterpretedFunction(XDRState<XDR_DECODE> *, HandleObject, HandleScript, M
JSObject *
js::CloneInterpretedFunction(JSContext *cx, HandleObject enclosingScope, HandleFunction srcFun)
{
AssertCanGC();
/* NB: Keep this in sync with XDRInterpretedFunction. */
RootedFunction clone(cx, NewFunction(cx, NullPtr(), NULL, 0,
@ -615,6 +617,7 @@ FindBody(JSContext *cx, HandleFunction fun, StableCharPtr chars, size_t length,
JSString *
js::FunctionToString(JSContext *cx, HandleFunction fun, bool bodyOnly, bool lambdaParen)
{
AssertCanGC();
StringBuffer out(cx);
RootedScript script(cx);
@ -1471,6 +1474,7 @@ js::NewFunction(JSContext *cx, HandleObject funobjArg, Native native, unsigned n
JSFunction *
js::CloneFunctionObject(JSContext *cx, HandleFunction fun, HandleObject parent, gc::AllocKind allocKind)
{
AssertCanGC();
JS_ASSERT(parent);
JS_ASSERT(!fun->isBoundFunction());

4
js/src/jsgc.cpp
View File

@ -4509,12 +4509,14 @@ Collect(JSRuntime *rt, bool incremental, int64_t budget,
void
js::GC(JSRuntime *rt, JSGCInvocationKind gckind, gcreason::Reason reason)
{
AssertCanGC();
Collect(rt, false, SliceBudget::Unlimited, gckind, reason);
}
void
js::GCSlice(JSRuntime *rt, JSGCInvocationKind gckind, gcreason::Reason reason, int64_t millis)
{
AssertCanGC();
int64_t sliceBudget;
if (millis)
sliceBudget = SliceBudget::TimeBudget(millis);
@ -4529,6 +4531,7 @@ js::GCSlice(JSRuntime *rt, JSGCInvocationKind gckind, gcreason::Reason reason, i
void
js::GCFinalSlice(JSRuntime *rt, JSGCInvocationKind gckind, gcreason::Reason reason)
{
AssertCanGC();
Collect(rt, true, SliceBudget::Unlimited, gckind, reason);
}
@ -4545,6 +4548,7 @@ ZonesSelected(JSRuntime *rt)
void
js::GCDebugSlice(JSRuntime *rt, bool limit, int64_t objCount)
{
AssertCanGC();
int64_t budget = limit ? SliceBudget::WorkBudget(objCount) : SliceBudget::Unlimited;
if (!ZonesSelected(rt)) {
if (IsIncrementalGCInProgress(rt))

3
js/src/jsgcinlines.h
View File

@ -476,6 +476,9 @@ template <typename T, AllowGC allowGC>
inline T *
NewGCThing(JSContext *cx, AllocKind kind, size_t thingSize, InitialHeap heap)
{
if (allowGC)
AssertCanGC();
JS_ASSERT(thingSize == js::gc::Arena::thingSize(kind));
JS_ASSERT_IF(cx->compartment == cx->runtime->atomsCompartment,
kind == FINALIZE_STRING ||

2
js/src/jsinfer.cpp
View File

@ -6154,6 +6154,8 @@ JSCompartment::getNewType(JSContext *cx, Class *clasp, TaggedProto proto_, JSFun
Rooted<TaggedProto> proto(cx, proto_);
RootedFunction fun(cx, fun_);
AssertCanGC();
if (proto.isObject() && !proto.toObject()->setDelegate(cx))
return NULL;

5
js/src/jsinferinlines.h
View File

@ -604,6 +604,7 @@ TrackPropertyTypes(JSContext *cx, RawObject obj, RawId id)
inline void
AddTypePropertyId(JSContext *cx, JSObject *obj, jsid id, Type type)
{
AssertCanGC();
if (cx->typeInferenceEnabled())
id = IdToTypeId(id);
if (TrackPropertyTypes(cx, obj, id))
@ -613,6 +614,7 @@ AddTypePropertyId(JSContext *cx, JSObject *obj, jsid id, Type type)
inline void
AddTypePropertyId(JSContext *cx, JSObject *obj, jsid id, const Value &value)
{
AssertCanGC();
if (cx->typeInferenceEnabled())
id = IdToTypeId(id);
if (TrackPropertyTypes(cx, obj, id))
@ -622,6 +624,7 @@ AddTypePropertyId(JSContext *cx, JSObject *obj, jsid id, const Value &value)
inline void
AddTypeProperty(JSContext *cx, TypeObject *obj, const char *name, Type type)
{
AssertCanGC();
if (cx->typeInferenceEnabled() && !obj->unknownProperties())
obj->addPropertyType(cx, name, type);
}
@ -629,6 +632,7 @@ AddTypeProperty(JSContext *cx, TypeObject *obj, const char *name, Type type)
inline void
AddTypeProperty(JSContext *cx, TypeObject *obj, const char *name, const Value &value)
{
AssertCanGC();
if (cx->typeInferenceEnabled() && !obj->unknownProperties())
obj->addPropertyType(cx, name, value);
}
@ -1573,6 +1577,7 @@ inline HeapTypeSet *
TypeObject::getProperty(JSContext *cx, RawId id, bool own)
{
JS_ASSERT(cx->compartment->activeAnalysis);
AssertCanGC();
JS_ASSERT(JSID_IS_VOID(id) || JSID_IS_EMPTY(id) || JSID_IS_STRING(id));
JS_ASSERT_IF(!JSID_IS_EMPTY(id), id == IdToTypeId(id));

2
js/src/jsinterpinlines.h
View File

@ -153,6 +153,7 @@ GuardFunApplyArgumentsOptimization(JSContext *cx, AbstractFramePtr frame, Handle
static inline bool
GuardFunApplyArgumentsOptimization(JSContext *cx)
{
AssertCanGC();
FrameRegs &regs = cx->regs();
CallArgs args = CallArgsFromSp(GET_ARGC(regs.pc), regs.sp);
return GuardFunApplyArgumentsOptimization(cx, cx->fp(), args.calleev(), args.array(),
@ -863,6 +864,7 @@ static JS_ALWAYS_INLINE bool
GetElementOperation(JSContext *cx, JSOp op, MutableHandleValue lref, HandleValue rref,
MutableHandleValue res)
{
AssertCanGC();
JS_ASSERT(op == JSOP_GETELEM || op == JSOP_CALLELEM);
uint32_t index;

2
js/src/jsiter.cpp
View File

@ -1503,6 +1503,8 @@ static JSBool
SendToGenerator(JSContext *cx, JSGeneratorOp op, HandleObject obj,
JSGenerator *gen, const Value &arg)
{
AssertCanGC();
if (gen->state == JSGEN_RUNNING || gen->state == JSGEN_CLOSING) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NESTING_GENERATOR);
return false;

1
js/src/jsnum.cpp
View File

@ -1329,6 +1329,7 @@ js::NumberValueToStringBuffer(JSContext *cx, const Value &v, StringBuffer &sb)
JS_PUBLIC_API(bool)
js::ToNumberSlow(JSContext *cx, Value v, double *out)
{
AssertCanGC();
#ifdef DEBUG
/*
* MSVC bizarrely miscompiles this, complaining about the first brace below

2
js/src/jsnum.h
View File

@ -126,6 +126,7 @@ GetPrefixInteger(JSContext *cx, const jschar *start, const jschar *end, int base
JS_ALWAYS_INLINE bool
ToNumber(JSContext *cx, Value *vp)
{
AssertCanGC();
#ifdef DEBUG
{
SkipRoot skip(cx, vp);
@ -208,6 +209,7 @@ IsDefinitelyIndex(const Value &v, uint32_t *indexp)
static inline bool
ToInteger(JSContext *cx, const js::Value &v, double *dp)
{
AssertCanGC();
#ifdef DEBUG
{
SkipRoot skip(cx, &v);

6
js/src/jsobj.cpp
View File

@ -1181,6 +1181,7 @@ static inline JSObject *
NewObject(JSContext *cx, Class *clasp, types::TypeObject *type_, JSObject *parent,
gc::AllocKind kind, NewObjectKind newKind)
{
AssertCanGC();
JS_ASSERT(clasp != &ArrayClass);
JS_ASSERT_IF(clasp == &FunctionClass,
kind == JSFunction::FinalizeKind || kind == JSFunction::ExtendedFinalizeKind);
@ -1765,6 +1766,7 @@ JSObject::ReserveForTradeGuts(JSContext *cx, JSObject *aArg, JSObject *bArg,
{
RootedObject a(cx, aArg);
RootedObject b(cx, bArg);
AssertCanGC();
JS_ASSERT(a->compartment() == b->compartment());
AutoCompartment ac(cx, a);
@ -2976,6 +2978,7 @@ js_FindClassObject(JSContext *cx, JSProtoKey protoKey, MutableHandleValue vp, Cl
/* static */ bool
JSObject::allocSlot(JSContext *cx, HandleObject obj, uint32_t *slotp)
{
AssertCanGC();
uint32_t slot = obj->slotSpan();
JS_ASSERT(slot >= JSSLOT_FREE(obj->getClass()));
@ -3452,6 +3455,9 @@ LookupPropertyWithFlagsInline(JSContext *cx,
typename MaybeRooted<JSObject*, allowGC>::MutableHandleType objp,
typename MaybeRooted<Shape*, allowGC>::MutableHandleType propp)
{
if (allowGC)
AssertCanGC();
/* Search scopes starting with obj and following the prototype link. */
typename MaybeRooted<JSObject*, allowGC>::RootType current(cx, obj);

6
js/src/jsopcode.cpp
View File

@ -328,6 +328,7 @@ JS_FRIEND_API(JSBool)
js_DisassembleAtPC(JSContext *cx, JSScript *scriptArg, JSBool lines,
jsbytecode *pc, bool showAll, Sprinter *sp)
{
AssertCanGC();
RootedScript script(cx, scriptArg);
jsbytecode *next, *end;
@ -446,6 +447,7 @@ QuoteString(Sprinter *sp, JSString *str, uint32_t quote);
static bool
ToDisassemblySource(JSContext *cx, jsval v, JSAutoByteString *bytes)
{
AssertCanGC();
if (JSVAL_IS_STRING(v)) {
Sprinter sprinter(cx);
if (!sprinter.init())
@ -526,6 +528,7 @@ unsigned
js_Disassemble1(JSContext *cx, HandleScript script, jsbytecode *pc,
unsigned loc, JSBool lines, Sprinter *sp)
{
AssertCanGC();
JSOp op = (JSOp)*pc;
if (op >= JSOP_LIMIT) {
char numBuf1[12], numBuf2[12];
@ -1530,6 +1533,7 @@ FindStartPC(JSContext *cx, ScriptFrameIter &iter, int spindex, int skipStackHits
static bool
DecompileExpressionFromStack(JSContext *cx, int spindex, int skipStackHits, HandleValue v, char **res)
{
AssertCanGC();
JS_ASSERT(spindex < 0 ||
spindex == JSDVG_IGNORE_STACK ||
spindex == JSDVG_SEARCH_STACK);
@ -1581,6 +1585,7 @@ char *
js::DecompileValueGenerator(JSContext *cx, int spindex, HandleValue v,
HandleString fallbackArg, int skipStackHits)
{
AssertCanGC();
RootedString fallback(cx, fallbackArg);
{
char *result;
@ -1675,6 +1680,7 @@ DecompileArgumentFromStack(JSContext *cx, int formalIndex, char **res)
char *
js::DecompileArgument(JSContext *cx, int formalIndex, HandleValue v)
{
AssertCanGC();
{
char *result;
if (!DecompileArgumentFromStack(cx, formalIndex, &result))

2
js/src/jspropertytree.cpp
View File

@ -130,6 +130,8 @@ Shape::removeChild(RawShape child)
RawShape
PropertyTree::getChild(JSContext *cx, Shape *parent_, uint32_t nfixed, const StackShape &child)
{
AssertCanGC();
{
RawShape shape = NULL;

4
js/src/jsscript.cpp
View File

@ -2014,6 +2014,7 @@ JSScript::enclosingScriptsCompiledSuccessfully() const
void
js::CallNewScriptHook(JSContext *cx, HandleScript script, HandleFunction fun)
{
AssertCanGC();
JS_ASSERT(!script->isActiveEval);
if (JSNewScriptHook hook = cx->runtime->debugHooks.newScriptHook) {
AutoKeepAtoms keep(cx->runtime);
@ -2292,6 +2293,8 @@ Rebase(RawScript dst, RawScript src, T *srcp)
RawScript
js::CloneScript(JSContext *cx, HandleObject enclosingScope, HandleFunction fun, HandleScript src)
{
AssertCanGC();
/* NB: Keep this in sync with XDRScript. */
uint32_t nconsts = src->hasConsts() ? src->consts()->length : 0;
@ -2828,6 +2831,7 @@ js::SetFrameArgumentsObject(JSContext *cx, AbstractFramePtr frame,
/* static */ bool
JSScript::argumentsOptimizationFailed(JSContext *cx, HandleScript script)
{
AssertCanGC();
JS_ASSERT(script->function());
JS_ASSERT(script->analyzedArgsUsage());
JS_ASSERT(script->argumentsHasVarBinding());

7
js/src/jsstr.cpp
View File

@ -1154,6 +1154,7 @@ RopeMatch(JSContext *cx, JSString *textstr, const jschar *pat, uint32_t patlen,
static JSBool
str_contains(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
CallArgs args = CallArgsFromVp(argc, vp);
// Steps 1, 2, and 3
@ -1205,6 +1206,7 @@ str_contains(JSContext *cx, unsigned argc, Value *vp)
static JSBool
str_indexOf(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
CallArgs args = CallArgsFromVp(argc, vp);
// Steps 1, 2, and 3
@ -1333,6 +1335,7 @@ str_lastIndexOf(JSContext *cx, unsigned argc, Value *vp)
static JSBool
str_startsWith(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
CallArgs args = CallArgsFromVp(argc, vp);
// Steps 1, 2, and 3
@ -1387,6 +1390,7 @@ str_startsWith(JSContext *cx, unsigned argc, Value *vp)
static JSBool
str_endsWith(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
CallArgs args = CallArgsFromVp(argc, vp);
// Steps 1, 2, and 3
@ -2900,6 +2904,7 @@ class SplitRegExpMatcher
bool operator()(JSContext *cx, Handle<JSLinearString*> str, size_t index,
SplitMatchResult *result) const
{
AssertCanGC();
const jschar *chars = str->chars();
size_t length = str->length();
@ -3870,6 +3875,7 @@ js_strchr_limit(const jschar *s, jschar c, const jschar *limit)
jschar *
js::InflateString(JSContext *cx, const char *bytes, size_t *lengthp)
{
AssertCanGC();
size_t nchars;
jschar *chars;
size_t nbytes = *lengthp;
@ -3896,6 +3902,7 @@ js::InflateString(JSContext *cx, const char *bytes, size_t *lengthp)
jschar *
js::InflateUTF8String(JSContext *cx, const char *bytes, size_t *lengthp)
{
AssertCanGC();
size_t nchars;
jschar *chars;
size_t nbytes = *lengthp;

4
js/src/methodjit/Compiler.cpp
View File

@ -6508,6 +6508,8 @@ mjit::Compiler::jsop_bindgname()
bool
mjit::Compiler::jsop_getgname(uint32_t index)
{
AssertCanGC();
/* Optimize undefined, NaN and Infinity. */
PropertyName *name = script_->getName(index);
if (name == cx->names().undefined) {
@ -7993,6 +7995,8 @@ mjit::Compiler::BarrierState
mjit::Compiler::pushAddressMaybeBarrier(Address address, JSValueType type, bool reuseBase,
bool testUndefined)
{
AssertCanGC();
if (!hasTypeBarriers(PC) && !testUndefined) {
frame.push(address, type, reuseBase);
return BarrierState();

4
js/src/methodjit/InvokeHelpers.cpp
View File

@ -212,6 +212,7 @@ stubs::HitStackQuota(VMFrame &f)
void * JS_FASTCALL
stubs::FixupArity(VMFrame &f, uint32_t nactual)
{
AssertCanGC();
JSContext *cx = f.cx;
StackFrame *oldfp = f.fp();
@ -308,6 +309,7 @@ static inline bool
UncachedInlineCall(VMFrame &f, InitialFrameFlags initial,
void **pret, bool *unjittable, uint32_t argc)
{
AssertCanGC();
JSContext *cx = f.cx;
CallArgs args = CallArgsFromSp(argc, f.regs.sp);
RootedFunction newfun(cx, args.callee().toFunction());
@ -694,6 +696,7 @@ stubs::CreateThis(VMFrame &f, JSObject *proto)
void JS_FASTCALL
stubs::ScriptDebugPrologue(VMFrame &f)
{
AssertCanGC();
Probes::enterScript(f.cx, f.script(), f.script()->function(), f.fp());
JSTrapStatus status = js::ScriptDebugPrologue(f.cx, f.fp());
switch (status) {
@ -732,6 +735,7 @@ stubs::ScriptProbeOnlyEpilogue(VMFrame &f)
void JS_FASTCALL
stubs::CrossChunkShim(VMFrame &f, void *edge_)
{
AssertCanGC();
DebugOnly<CrossChunkEdge*> edge = (CrossChunkEdge *) edge_;
mjit::ExpandInlineFrames(f.cx->compartment);

5
js/src/methodjit/MonoIC.cpp
View File

@ -59,6 +59,8 @@ PatchGetFallback(VMFrame &f, ic::GetGlobalNameIC *ic)
void JS_FASTCALL
ic::GetGlobalName(VMFrame &f, ic::GetGlobalNameIC *ic)
{
AssertCanGC();
RootedObject obj(f.cx, &f.fp()->global());
PropertyName *name = f.script()->getName(GET_UINT32_INDEX(f.pc()));
@ -102,6 +104,7 @@ ic::GetGlobalName(VMFrame &f, ic::GetGlobalNameIC *ic)
static void JS_FASTCALL
DisabledSetGlobal(VMFrame &f, ic::SetGlobalNameIC *ic)
{
AssertCanGC();
RootedPropertyName name(f.cx, f.script()->getName(GET_UINT32_INDEX(f.pc())));
stubs::SetName(f, name);
}
@ -154,6 +157,8 @@ UpdateSetGlobalName(VMFrame &f, ic::SetGlobalNameIC *ic, JSObject *obj, RawShape
void JS_FASTCALL
ic::SetGlobalName(VMFrame &f, ic::SetGlobalNameIC *ic)
{
AssertCanGC();
RootedObject obj(f.cx, &f.fp()->global());
RootedPropertyName name(f.cx, f.script()->getName(GET_UINT32_INDEX(f.pc())));

3
js/src/methodjit/PolyIC.cpp
View File

@ -894,6 +894,8 @@ class GetPropCompiler : public PICStubCompiler
LookupStatus generateStringPropertyStub()
{
AssertCanGC();
if (!f.fp()->script()->compileAndGo)
return disable("String.prototype without compile-and-go global");
@ -1248,6 +1250,7 @@ class GetPropCompiler : public PICStubCompiler
LookupStatus generateStub(HandleObject holder, HandleShape shape)
{
AssertCanGC();
Vector<Jump, 8> shapeMismatches(cx);
MJITInstrumentation sps(&f.cx->runtime->spsProfiler);

3
js/src/methodjit/StubCalls.cpp
View File

@ -77,6 +77,7 @@ stubs::BindGlobalName(VMFrame &f)
void JS_FASTCALL
stubs::SetName(VMFrame &f, PropertyName *name)
{
AssertCanGC();
JSContext *cx = f.cx;
RootedObject scope(cx, &f.regs.sp[-2].toObject());
HandleValue value = HandleValue::fromMarkedLocation(&f.regs.sp[-1]);
@ -728,6 +729,7 @@ stubs::Mod(VMFrame &f)
void JS_FASTCALL
stubs::DebuggerStatement(VMFrame &f, jsbytecode *pc)
{
AssertCanGC();
JSDebuggerHandler handler = f.cx->runtime->debugHooks.debuggerHandler;
if (handler || !f.cx->compartment->getDebuggees().empty()) {
JSTrapStatus st = JSTRAP_CONTINUE;
@ -773,6 +775,7 @@ stubs::Interrupt(VMFrame &f, jsbytecode *pc)
void JS_FASTCALL
stubs::TriggerIonCompile(VMFrame &f)
{
AssertCanGC();
RootedScript script(f.cx, f.script());
if (ion::js_IonOptions.parallelCompilation && !f.cx->runtime->profilingScripts) {

1
js/src/shell/js.cpp
View File

@ -2026,6 +2026,7 @@ DumpHeap(JSContext *cx, unsigned argc, jsval *vp)
void *thingToIgnore;
FILE *dumpFile;
bool ok;
AssertCanGC();
const char *fileName = NULL;
JSAutoByteString fileNameBytes;

2
js/src/vm/ArgumentsObject.cpp
View File

@ -119,6 +119,8 @@ template <typename CopyArgs>
ArgumentsObject::create(JSContext *cx, HandleScript script, HandleFunction callee, unsigned numActuals,
CopyArgs &copy)
{
AssertCanGC();
RootedObject proto(cx, callee->global().getOrCreateObjectPrototype(cx));
if (!proto)
return NULL;

12
js/src/vm/Debugger.cpp
View File

@ -3589,6 +3589,7 @@ Class DebuggerArguments_class = {
static JSBool
DebuggerArguments_getArg(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
CallArgs args = CallArgsFromVp(argc, vp);
int32_t i = args.callee().toFunction()->getExtendedSlot(0).toInt32();
@ -4044,6 +4045,7 @@ Class DebuggerObject_class = {
static JSObject *
DebuggerObject_checkThis(JSContext *cx, const CallArgs &args, const char *fnname)
{
AssertCanGC();
if (!args.thisv().isObject()) {
ReportObjectRequired(cx);
return NULL;
@ -4088,6 +4090,7 @@ DebuggerObject_checkThis(JSContext *cx, const CallArgs &args, const char *fnname
static JSBool
DebuggerObject_construct(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NO_CONSTRUCTOR, "Debugger.Object");
return false;
}
@ -4095,6 +4098,7 @@ DebuggerObject_construct(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getProto(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, "get proto", args, dbg, refobj);
RootedObject proto(cx);
{
@ -4112,6 +4116,7 @@ DebuggerObject_getProto(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getClass(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_REFERENT(cx, argc, vp, "get class", args, refobj);
const char *s = refobj->getClass()->name;
JSAtom *str = Atomize(cx, s, strlen(s));
@ -4132,6 +4137,7 @@ DebuggerObject_getCallable(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getName(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, "get name", args, dbg, obj);
if (!obj->isFunction()) {
args.rval().setUndefined();
@ -4154,6 +4160,7 @@ DebuggerObject_getName(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getDisplayName(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, "get display name", args, dbg, obj);
if (!obj->isFunction()) {
args.rval().setUndefined();
@ -4176,6 +4183,7 @@ DebuggerObject_getDisplayName(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getParameterNames(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_REFERENT(cx, argc, vp, "get parameterNames", args, obj);
if (!obj->isFunction()) {
args.rval().setUndefined();
@ -4217,6 +4225,7 @@ DebuggerObject_getParameterNames(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getScript(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, "get script", args, dbg, obj);
if (!obj->isFunction()) {
@ -4242,6 +4251,7 @@ DebuggerObject_getScript(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getEnvironment(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, "get environment", args, dbg, obj);
/* Don't bother switching compartments just to check obj's type and get its env. */
@ -4277,6 +4287,7 @@ DebuggerObject_getGlobal(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getOwnPropertyDescriptor(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, "getOwnPropertyDescriptor", args, dbg, obj);
RootedId id(cx);
@ -4323,6 +4334,7 @@ DebuggerObject_getOwnPropertyDescriptor(JSContext *cx, unsigned argc, Value *vp)
static JSBool
DebuggerObject_getOwnPropertyNames(JSContext *cx, unsigned argc, Value *vp)
{
AssertCanGC();
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, "getOwnPropertyNames", args, dbg, obj);
AutoIdVector keys(cx);

5
js/src/vm/ScopeObject.cpp
View File

@ -202,6 +202,8 @@ CallObject::create(JSContext *cx, HandleScript script, HandleObject enclosing, H
CallObject *
CallObject::createForFunction(JSContext *cx, HandleObject enclosing, HandleFunction callee)
{
AssertCanGC();
RootedObject scopeChain(cx, enclosing);
JS_ASSERT(scopeChain);
@ -222,6 +224,7 @@ CallObject::createForFunction(JSContext *cx, HandleObject enclosing, HandleFunct
CallObject *
CallObject::createForFunction(JSContext *cx, AbstractFramePtr frame)
{
AssertCanGC();
JS_ASSERT(frame.isNonEvalFunctionFrame());
assertSameCompartment(cx, frame);
@ -242,6 +245,7 @@ CallObject::createForFunction(JSContext *cx, AbstractFramePtr frame)
CallObject *
CallObject::createForStrictEval(JSContext *cx, AbstractFramePtr frame)
{
AssertCanGC();
JS_ASSERT(frame.isStrictEvalFrame());
JS_ASSERT_IF(frame.isStackFrame(), cx->fp() == frame.asStackFrame());
JS_ASSERT_IF(frame.isStackFrame(), cx->regs().pc == frame.script()->code);
@ -1286,6 +1290,7 @@ class DebugScopeProxy : public BaseProxyHandler
static bool checkForMissingArguments(JSContext *cx, jsid id, ScopeObject &scope,
ArgumentsObject **maybeArgsObj)
{
AssertCanGC();
*maybeArgsObj = NULL;
if (!isArguments(cx, id) || !isFunctionScope(scope))

1
js/src/vm/Shape-inl.h
View File

@ -263,6 +263,7 @@ Shape::matchesParamsAfterId(RawBaseShape base, uint32_t aslot,
inline bool
Shape::getUserId(JSContext *cx, MutableHandleId idp) const
{
AssertCanGC();
const Shape *self = this;
#ifdef DEBUG
{

4
js/src/vm/Shape.cpp
View File

@ -277,6 +277,7 @@ ShapeTable::grow(JSContext *cx)
RawShape
Shape::getChildBinding(JSContext *cx, const StackShape &child)
{
AssertCanGC();
JS_ASSERT(!inDictionary());
/* Try to allocate all slots inline. */
@ -479,6 +480,7 @@ JSObject::addPropertyInternal(JSContext *cx, HandleObject obj, HandleId id,
unsigned flags, int shortid, Shape **spp,
bool allowDictionary)
{
AssertCanGC();
JS_ASSERT_IF(!allowDictionary, !obj->inDictionaryMode());
AutoRooterGetterSetter gsRoot(cx, attrs, &getter, &setter);
@ -927,6 +929,7 @@ JSObject::rollbackProperties(JSContext *cx, uint32_t slotSpan)
Shape *
JSObject::replaceWithNewEquivalentShape(JSContext *cx, Shape *oldShape, Shape *newShape)
{
AssertCanGC();
JS_ASSERT(cx->compartment == oldShape->compartment());
JS_ASSERT_IF(oldShape != lastProperty(),
inDictionaryMode() &&
@ -1273,6 +1276,7 @@ EmptyShape::getInitialShape(JSContext *cx, Class *clasp, TaggedProto proto, JSOb
void
NewObjectCache::invalidateEntriesForShape(JSContext *cx, HandleShape shape, HandleObject proto)
{
AssertCanGC();
Class *clasp = shape->getObjectClass();
gc::AllocKind kind = gc::GetGCObjectKind(shape->numFixedSlots());

12
js/src/vm/Stack-inl.h
View File

@ -375,6 +375,9 @@ STATIC_POSTCONDITION(!return || ubound(from) >= nvals)
JS_ALWAYS_INLINE bool
StackSpace::ensureSpace(JSContext *cx, MaybeReportError report, Value *from, ptrdiff_t nvals) const
{
if (report)
AssertCanGC();
assertInvariants();
JS_ASSERT(from >= firstUnused());
#ifdef XP_WIN
@ -388,6 +391,7 @@ StackSpace::ensureSpace(JSContext *cx, MaybeReportError report, Value *from, ptr
inline Value *
StackSpace::getStackLimit(JSContext *cx, MaybeReportError report)
{
AssertCanGC();
FrameRegs &regs = cx->regs();
unsigned nvals = regs.fp()->script()->nslots + STACK_JIT_EXTRA;
return ensureSpace(cx, report, regs.sp, nvals)
@ -401,6 +405,9 @@ JS_ALWAYS_INLINE StackFrame *
ContextStack::getCallFrame(JSContext *cx, MaybeReportError report, const CallArgs &args,
JSFunction *fun, HandleScript script, StackFrame::Flags *flags) const
{
if (report)
AssertCanGC();
JS_ASSERT(fun->nonLazyScript() == script);
unsigned nformal = fun->nargs;
@ -442,6 +449,9 @@ ContextStack::pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &ar
HandleFunction callee, HandleScript script,
InitialFrameFlags initial, MaybeReportError report)
{
if (report)
AssertCanGC();
JS_ASSERT(onTop());
JS_ASSERT(regs.sp == args.end());
/* Cannot assert callee == args.callee() since this is called from LeaveTree. */
@ -468,6 +478,7 @@ ContextStack::pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &ar
HandleFunction callee, HandleScript script,
InitialFrameFlags initial, Value **stackLimit)
{
AssertCanGC();
if (!pushInlineFrame(cx, regs, args, callee, script, initial))
return false;
*stackLimit = space().conservativeEnd_;
@ -479,6 +490,7 @@ ContextStack::getFixupFrame(JSContext *cx, MaybeReportError report,
const CallArgs &args, JSFunction *fun, HandleScript script,
void *ncode, InitialFrameFlags initial, Value **stackLimit)
{
AssertCanGC();
JS_ASSERT(onTop());
JS_ASSERT(fun->nonLazyScript() == args.callee().toFunction()->nonLazyScript());
JS_ASSERT(fun->nonLazyScript() == script);

17
js/src/vm/Stack.cpp
View File

@ -721,6 +721,9 @@ StackSpace::markActiveCompartments()
JS_FRIEND_API(bool)
StackSpace::ensureSpaceSlow(JSContext *cx, MaybeReportError report, Value *from, ptrdiff_t nvals) const
{
if (report)
AssertCanGC();
assertInvariants();
JSCompartment *dest = cx->compartment;
@ -888,6 +891,9 @@ Value *
ContextStack::ensureOnTop(JSContext *cx, MaybeReportError report, unsigned nvars,
MaybeExtend extend, bool *pushedSeg)
{
if (report)
AssertCanGC();
Value *firstUnused = space().firstUnused();
FrameRegs *regs = cx->maybeRegs();
@ -966,6 +972,9 @@ bool
ContextStack::pushInvokeArgs(JSContext *cx, unsigned argc, InvokeArgsGuard *iag,
MaybeReportError report)
{
if (report)
AssertCanGC();
JS_ASSERT(argc <= StackSpace::ARGS_LENGTH_MAX);
unsigned nvars = 2 + argc;
@ -1004,6 +1013,9 @@ ContextStack::pushInvokeFrame(JSContext *cx, MaybeReportError report,
const CallArgs &args, JSFunction *funArg,
InitialFrameFlags initial, FrameGuard *fg)
{
if (report)
AssertCanGC();
JS_ASSERT(onTop());
JS_ASSERT(space().firstUnused() == args.end());
@ -1040,6 +1052,8 @@ ContextStack::pushExecuteFrame(JSContext *cx, HandleScript script, const Value &
HandleObject scopeChain, ExecuteType type,
AbstractFramePtr evalInFrame, ExecuteFrameGuard *efg)
{
AssertCanGC();
/*
* Even though global code and indirect eval do not execute in the context
* of the current frame, prev-link these to the current frame so that the
@ -1152,6 +1166,7 @@ ContextStack::popFrame(const FrameGuard &fg)
bool
ContextStack::pushGeneratorFrame(JSContext *cx, JSGenerator *gen, GeneratorFrameGuard *gfg)
{
AssertCanGC();
HeapValue *genvp = gen->stackSnapshot;
JS_ASSERT(genvp == HeapValueify(gen->fp->generatorArgsSnapshotBegin()));
unsigned vplen = HeapValueify(gen->fp->generatorArgsSnapshotEnd()) - genvp;
@ -1221,6 +1236,8 @@ ContextStack::popGeneratorFrame(const GeneratorFrameGuard &gfg)
bool
ContextStack::saveFrameChain()
{
AssertCanGC();
bool pushedSeg;
if (!ensureOnTop(cx_, REPORT_ERROR, 0, CANT_EXTEND, &pushedSeg))
return false;

1
js/src/vm/String-inl.h
View File

@ -416,6 +416,7 @@ js::StaticStrings::getInt(int32_t i)
inline JSLinearString *
js::StaticStrings::getUnitStringForElement(JSContext *cx, JSString *str, size_t index)
{
AssertCanGC();
JS_ASSERT(index < str->length());
const jschar *chars = str->getChars(cx);
if (!chars)

1
js/src/vm/StringBuffer.cpp
View File

@ -69,6 +69,7 @@ StringBuffer::finishString()
RawAtom
StringBuffer::finishAtom()
{
AssertCanGC();
JSContext *cx = context();
size_t length = cb.length();

1
js/src/vm/StringObject-inl.h
View File

@ -15,6 +15,7 @@ namespace js {
inline bool
StringObject::init(JSContext *cx, HandleString str)
{
AssertCanGC();
JS_ASSERT(gc::GetGCKindSlots(getAllocKind()) == 2);
Rooted<StringObject *> self(cx, this);