Avoid JSArena as temp buffer in TraceRecorder::snapshot (variation of patch in bug 521880, r=me).

2024-09-13 09:24:08 -07:00 · 2009-10-12 22:41:08 -07:00 · 2009-10-12 22:41:08 -07:00 · 9d03f17cd2
commit 9d03f17cd2
parent 123ea89fbf
2 changed files with 9 additions and 7 deletions
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@ -2310,7 +2310,8 @@ TraceRecorder::TraceRecorder(JSContext* cx, VMSideExit* _anchor, Fragment* _frag
      mark(*JS_TRACE_MONITOR(cx).traceAlloc),
      whichTreesToTrash(&tempAlloc),
      cfgMerges(&tempAlloc),
-      monitorReason(reason)
+      monitorReason(reason),
+      tempTypeMap(cx)
 {
    JS_ASSERT(!_fragment->vmprivate && ti && cx->fp->regs->pc == (jsbytecode*)_fragment->ip);
    /* Reset the fragment state we care about in case we got a recycled fragment.
@ -4010,9 +4011,11 @@ TraceRecorder::snapshot(ExitType exitType)
    /* Capture the type map into a temporary location. */
    unsigned ngslots = treeInfo->globalSlots->length();
    unsigned typemap_size = (stackSlots + ngslots) * sizeof(JSTraceType);
-    void *mark = JS_ARENA_MARK(&cx->tempPool);
-    JSTraceType* typemap;
-    JS_ARENA_ALLOCATE_CAST(typemap, JSTraceType*, &cx->tempPool, typemap_size);
+
+    /* Use the recorder-local temporary type map. */
+    JSTraceType* typemap = NULL;
+    if (tempTypeMap.resize(typemap_size))
+        typemap = tempTypeMap.begin(); /* crash if resize() fails. */

    /*
     * Determine the type of a store by looking at the current type of the
@ -4073,7 +4076,6 @@ TraceRecorder::snapshot(ExitType exitType)
 #if defined JS_JIT_SPEW
                TreevisLogExit(cx, e);
 #endif
-                JS_ARENA_RELEASE(&cx->tempPool, mark);
                return e;
            }
        }
@ -4107,8 +4109,6 @@ TraceRecorder::snapshot(ExitType exitType)
 #if defined JS_JIT_SPEW
    TreevisLogExit(cx, exit);
 #endif
-
-    JS_ARENA_RELEASE(&cx->tempPool, mark);
    return exit;
 }

--- a/js/src/jstracer.h
+++ b/js/src/jstracer.h
@ -51,6 +51,7 @@
 #include "jsinterp.h"
 #include "jslock.h"
 #include "jsnum.h"
+#include "jsvector.h"

 #if defined(DEBUG) && !defined(JS_JIT_SPEW)
 #define JS_JIT_SPEW
@ -929,6 +930,7 @@ class TraceRecorder {
    bool                    loop;
    nanojit::LIns*          loopLabel;
    MonitorReason           monitorReason;
+    js::Vector<JSTraceType, 256> tempTypeMap;

    nanojit::LIns* insImmObj(JSObject* obj);
    nanojit::LIns* insImmFun(JSFunction* fun);