mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-18 15:55:36 +00:00
Bug 1618880 - Fix GC hazard in jit::InvalidateActivation. r=jonco
Differential Revision: https://phabricator.services.mozilla.com/D66815 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
bc8997ee18
commit
4a2e100a77
@ -2427,7 +2427,7 @@ static void InvalidateActivation(JSFreeOp* fop,
|
||||
} else if (frame.isBailoutJS()) {
|
||||
type = "Bailing";
|
||||
}
|
||||
JSScript* script = MaybeForwarded(frame.script());
|
||||
JSScript* script = frame.maybeForwardedScript();
|
||||
JitSpew(JitSpew_IonInvalidate,
|
||||
"#%zu %s JS frame @ %p, %s:%u:%u (fun: %p, script: %p, pc %p)",
|
||||
frameno, type, frame.fp(), script->maybeForwardedFilename(),
|
||||
@ -2467,7 +2467,7 @@ static void InvalidateActivation(JSFreeOp* fop,
|
||||
continue;
|
||||
}
|
||||
|
||||
JSScript* script = MaybeForwarded(frame.script());
|
||||
JSScript* script = frame.maybeForwardedScript();
|
||||
if (!script->hasIonScript()) {
|
||||
continue;
|
||||
}
|
||||
|
@ -114,6 +114,16 @@ JSScript* JSJitFrameIter::script() const {
|
||||
return script;
|
||||
}
|
||||
|
||||
JSScript* JSJitFrameIter::maybeForwardedScript() const {
|
||||
MOZ_ASSERT(isScripted());
|
||||
if (isBaselineJS()) {
|
||||
return MaybeForwardedScriptFromCalleeToken(baselineFrame()->calleeToken());
|
||||
}
|
||||
JSScript* script = MaybeForwardedScriptFromCalleeToken(calleeToken());
|
||||
MOZ_ASSERT(script);
|
||||
return script;
|
||||
}
|
||||
|
||||
void JSJitFrameIter::baselineScriptAndPc(JSScript** scriptRes,
|
||||
jsbytecode** pcRes) const {
|
||||
MOZ_ASSERT(isBaselineJS());
|
||||
|
@ -186,6 +186,7 @@ class JSJitFrameIter {
|
||||
JSFunction* maybeCallee() const;
|
||||
unsigned numActualArgs() const;
|
||||
JSScript* script() const;
|
||||
JSScript* maybeForwardedScript() const;
|
||||
void baselineScriptAndPc(JSScript** scriptRes, jsbytecode** pcRes) const;
|
||||
Value* actualArgs() const;
|
||||
|
||||
|
@ -730,6 +730,19 @@ void EnsureBareExitFrame(JitActivation* act, JitFrameLayout* frame) {
|
||||
MOZ_ASSERT(exitFrame->isBareExit());
|
||||
}
|
||||
|
||||
JSScript* MaybeForwardedScriptFromCalleeToken(CalleeToken token) {
|
||||
switch (GetCalleeTokenTag(token)) {
|
||||
case CalleeToken_Script:
|
||||
return MaybeForwarded(CalleeTokenToScript(token));
|
||||
case CalleeToken_Function:
|
||||
case CalleeToken_FunctionConstructing: {
|
||||
JSFunction* fun = MaybeForwarded(CalleeTokenToFunction(token));
|
||||
return MaybeForwarded(fun)->nonLazyScript();
|
||||
}
|
||||
}
|
||||
MOZ_CRASH("invalid callee token tag");
|
||||
}
|
||||
|
||||
CalleeToken TraceCalleeToken(JSTracer* trc, CalleeToken token) {
|
||||
switch (CalleeTokenTag tag = GetCalleeTokenTag(token)) {
|
||||
case CalleeToken_Function:
|
||||
|
@ -74,6 +74,8 @@ static inline JSScript* ScriptFromCalleeToken(CalleeToken token) {
|
||||
MOZ_CRASH("invalid callee token tag");
|
||||
}
|
||||
|
||||
JSScript* MaybeForwardedScriptFromCalleeToken(CalleeToken token);
|
||||
|
||||
// In between every two frames lies a small header describing both frames. This
|
||||
// header, minimally, contains a returnAddress word and a descriptor word. The
|
||||
// descriptor describes the size and type of the previous frame, whereas the
|
||||
|
Loading…
Reference in New Issue
Block a user