Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 11:55:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed JSOP_SETELEM+JSOP_POP pairs using wrong stack depth on deep bail (bug 519244, r=brendan).

Browse Source
This commit is contained in:
David Anderson 2009-10-23 14:34:07 -07:00
parent ccee8ccbf2
commit 06f788fd82
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
js/src/jstracer.cpp
View File

@ -6579,20 +6579,23 @@ LeaveTree(InterpState& state, VMSideExit* lr)
op == JSOP_SETPROP || op == JSOP_SETNAME || op == JSOP_SETMETHOD ||
op == JSOP_SETELEM || op == JSOP_INITELEM ||
op == JSOP_INSTANCEOF);
const JSCodeSpec& cs = js_CodeSpec[op];
regs->sp -= (cs.format & JOF_INVOKE) ? GET_ARGC(regs->pc) + 2 : cs.nuses;
regs->sp += cs.ndefs;
regs->pc += cs.length;
/*
* JSOP_SETELEM can be coalesced with a JSOP_POP in the interpeter.
* Since this doesn't re-enter the recorder, the post-state snapshot
* is invalid. Fix it up here.
*/
if (op == JSOP_SETELEM && (JSOp)*regs->pc == JSOP_POP) {
regs->pc += JSOP_POP_LENGTH;
JS_ASSERT(js_CodeSpec[JSOP_POP].ndefs == 0 && js_CodeSpec[JSOP_POP].nuses == 1);
regs->sp -= 1;
if (op == JSOP_SETELEM && JSOp(regs->pc[JSOP_SETELEM_LENGTH]) == JSOP_POP) {
regs->sp -= js_CodeSpec[JSOP_SETELEM].nuses;
regs->sp += js_CodeSpec[JSOP_SETELEM].ndefs;
regs->pc += JSOP_SETELEM_LENGTH;
op = JSOP_POP;
}
const JSCodeSpec& cs = js_CodeSpec[op];
regs->sp -= (cs.format & JOF_INVOKE) ? GET_ARGC(regs->pc) + 2 : cs.nuses;
regs->sp += cs.ndefs;
regs->pc += cs.length;
JS_ASSERT_IF(!cx->fp->imacpc,
cx->fp->slots + cx->fp->script->nfixed +
js_ReconstructStackDepth(cx, cx->fp->script, regs->pc) ==