Bug 749039 - Fixup registers when returning from methodjit (r=bhackett)

2024-09-13 09:24:08 -07:00 · 2012-05-07 10:12:30 -07:00 · 2012-05-07 10:12:30 -07:00 · d795f500b9
commit d795f500b9
parent f28811574f
5 changed files with 29 additions and 4 deletions
--- a/js/src/jit-test/tests/basic/bug749039.js
+++ b/js/src/jit-test/tests/basic/bug749039.js
@ -0,0 +1,11 @@
+// |jit-test| error: ReferenceError;
+gczeal(4);
+try { jsTestDriverEnd(); } catch(exc1) {}
+evaluate("\
+schedulegc(10);\
+for(var i=0; i<3; i++) {\
+    var obj = { first: 'first', second: 'second' };\
+    for (var elem in obj) {}\
+    x.push(count);\
+}\
+");
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@ -4249,9 +4249,7 @@ END_CASE(JSOP_ARRAYPUSH)

  forced_return:
    UnwindScope(cx, 0);
-    regs.sp = regs.fp()->base();
-    regs.pc = script->code + script->length - JSOP_STOP_LENGTH;
-    JS_ASSERT(*regs.pc == JSOP_STOP);
+    regs.setToEndOfScript();

    if (entryFrame != regs.fp())
        goto inline_return;
--- a/js/src/methodjit/InvokeHelpers.cpp
+++ b/js/src/methodjit/InvokeHelpers.cpp
@ -565,7 +565,7 @@ js_InternalThrow(VMFrame &f)
        // property.
        JS_ASSERT(!f.fp()->finishedInInterpreter());
        UnwindScope(cx, 0);
-        f.regs.sp = f.fp()->base();
+        f.regs.setToEndOfScript();

        if (cx->compartment->debugMode()) {
            // This can turn a throw or error into a healthy return. Note that
--- a/js/src/methodjit/MethodJIT.cpp
+++ b/js/src/methodjit/MethodJIT.cpp
@ -1076,6 +1076,9 @@ mjit::EnterMethodJIT(JSContext *cx, StackFrame *fp, void *code, Value *stackLimi
        return ok ? Jaeger_Returned : Jaeger_Throwing;
    }

+    cx->regs().refreshFramePointer(fp);
+    cx->regs().setToEndOfScript();
+
    /* The entry frame should have finished. */
    JS_ASSERT(fp == cx->fp());

--- a/js/src/vm/Stack.h
+++ b/js/src/vm/Stack.h
@ -42,6 +42,7 @@
 #define Stack_h__

 #include "jsfun.h"
+#include "jsautooplen.h"

 struct JSContext;
 struct JSCompartment;
@ -1288,6 +1289,11 @@ class FrameRegs
        fp_ = (StackFrame *) newfp;
    }

+    /* For EnterMethodJIT: */
+    void refreshFramePointer(StackFrame *fp) {
+        fp_ = fp;
+    }
+
    /* For stubs::CompileFunction, ContextStack: */
    void prepareToRun(StackFrame &fp, JSScript *script) {
        pc = script->code;
@ -1296,6 +1302,13 @@ class FrameRegs
        inlined_ = NULL;
    }

+    void setToEndOfScript() {
+        JSScript *script = fp()->script();
+        sp = fp()->base();
+        pc = script->code + script->length - JSOP_STOP_LENGTH;
+        JS_ASSERT(*pc == JSOP_STOP);
+    }
+
    /* For pushDummyFrame: */
    void initDummyFrame(StackFrame &fp) {
        pc = NULL;