Backed out changeset e8c23c42db7f (bug 488203) to see whether it causes the leak.

This commit is contained in:
Andreas Gal 2009-04-16 10:07:53 -07:00
parent 53d87f13a2
commit a943161ace
3 changed files with 20 additions and 45 deletions

View File

@ -4393,8 +4393,15 @@ js_Interpret(JSContext *cx)
#define COMPUTE_THIS(cx, fp, obj) \
JS_BEGIN_MACRO \
if (!(obj = js_ComputeThisForFrame(cx, fp))) \
goto error; \
if (fp->flags & JSFRAME_COMPUTED_THIS) { \
obj = fp->thisp; \
} else { \
obj = js_ComputeThis(cx, JS_TRUE, fp->argv); \
if (!obj) \
goto error; \
fp->thisp = obj; \
fp->flags |= JSFRAME_COMPUTED_THIS; \
} \
JS_END_MACRO
BEGIN_CASE(JSOP_THIS)

View File

@ -465,19 +465,6 @@ extern const uint16 js_PrimitiveTestFlags[];
JSFUN_THISP_TEST(JSFUN_THISP_FLAGS((fun)->flags), \
js_PrimitiveTestFlags[JSVAL_TAG(thisv) - 1]))
static inline JSObject *
js_ComputeThisForFrame(JSContext *cx, JSStackFrame *fp)
{
if (fp->flags & JSFRAME_COMPUTED_THIS)
return fp->thisp;
JSObject* obj = js_ComputeThis(cx, JS_TRUE, fp->argv);
if (!obj)
return NULL;
fp->thisp = obj;
fp->flags |= JSFRAME_COMPUTED_THIS;
return obj;
}
/*
* NB: js_Invoke requires that cx is currently running JS (i.e., that cx->fp
* is non-null), and that vp points to the callee, |this| parameter, and

View File

@ -1743,11 +1743,9 @@ skip:
}
for (; n != 0; fp = fp->down) {
--n;
if (fp->callee) {
if (fp->callee) { // might not have it if the entry frame is global
JS_ASSERT(JSVAL_IS_OBJECT(fp->argv[-1]));
fp->thisp = JSVAL_TO_OBJECT(fp->argv[-1]);
if (fp->flags & JSFRAME_CONSTRUCTING) // constructors always compute 'this'
fp->flags |= JSFRAME_COMPUTED_THIS;
}
}
}
@ -3392,7 +3390,7 @@ js_SynthesizeFrame(JSContext* cx, const FrameInfo& fi)
newifp->frame.xmlNamespace = NULL;
newifp->frame.blockChain = NULL;
newifp->mark = newmark;
newifp->frame.thisp = NULL; // will be updated in FlushNativeStackFrame
newifp->frame.thisp = NULL; // will be set by js_ExecuteTree -> FlushNativeStackFrame
newifp->frame.regs = fp->regs;
newifp->frame.regs->pc = script->code;
@ -4350,6 +4348,8 @@ LeaveTree(InterpState& state, VMSideExit* lr)
// Verify that our state restoration worked.
for (JSStackFrame* fp = cx->fp; fp; fp = fp->down) {
JS_ASSERT_IF(fp->callee, JSVAL_IS_OBJECT(fp->argv[-1]));
JS_ASSERT_IF(fp->callee && fp->thisp != JSVAL_TO_OBJECT(fp->argv[-1]),
!(fp->flags & JSFRAME_COMPUTED_THIS) && !fp->thisp);
}
#endif
#ifdef JS_JIT_SPEW
@ -6239,32 +6239,13 @@ TraceRecorder::unbox_jsval(jsval v, LIns*& v_ins, LIns* exit)
JS_REQUIRES_STACK bool
TraceRecorder::getThis(LIns*& this_ins)
{
JSObject* thisObj = js_ComputeThisForFrame(cx, cx->fp);
if (!thisObj)
ABORT_TRACE("js_ComputeThis failed");
if (!cx->fp->callee || JSVAL_IS_NULL(cx->fp->argv[-1])) {
JS_ASSERT(callDepth == 0);
/*
* In global code, or if this is NULL, wrap the global object and bake it directly
* into the trace.
*/
this_ins = INS_CONSTPTR(thisObj);
set(&cx->fp->argv[-1], this_ins);
return true;
}
this_ins = get(&cx->fp->argv[-1]);
/*
* When we inline through scripted functions, we have already previously touched the 'this'
* object and hence it is already guaranteed to be wrapped. Otherwise we have to explicitly
* check that the object has been wrapped. If not, we side exit and let the interpreter
* wrap it.
*/
if (callDepth == 0) {
LIns* map_ins = lir->insLoad(LIR_ldp, this_ins, (int)offsetof(JSObject, map));
LIns* ops_ins = lir->insLoad(LIR_ldp, map_ins, (int)offsetof(JSObjectMap, ops));
LIns* op_ins = lir->insLoad(LIR_ldp, ops_ins, (int)offsetof(JSObjectOps, thisObject));
guard(true, lir->ins_eq0(op_ins), MISMATCH_EXIT);
if (cx->fp->callee) { /* in a function */
if (JSVAL_IS_NULL(cx->fp->argv[-1]))
return false;
this_ins = get(&cx->fp->argv[-1]);
guard(false, lir->ins_eq0(this_ins), MISMATCH_EXIT);
} else { /* in global code */
this_ins = scopeChain();
}
return true;
}