Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-08 20:47:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1029910 - Skip over unreadable slots in InlineFrameIterator. (r=nbp)

Browse Source
This commit is contained in:
Shu-yu Guo 2014-06-27 00:41:20 -07:00
parent 0b680d2b4b
commit 87205a8375
2 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
js/src/jit/JitFrameIterator.h
View File

@ -393,13 +393,13 @@ class SnapshotIterator
Value read() {
return allocationValue(readAllocation());
}
Value maybeRead(bool silentFailure = false) {
Value maybeRead(const Value &placeholder = UndefinedValue(), bool silentFailure = false) {
RValueAllocation a = readAllocation();
if (allocationReadable(a))
return allocationValue(a);
if (!silentFailure)
warnUnreadableAllocation();
return UndefinedValue();
return placeholder;
}
void readCommonFrameSlots(Value *scopeChain, Value *rval) {
@ -416,7 +416,8 @@ class SnapshotIterator
template <class Op>
void readFunctionFrameArgs(Op &op, ArgumentsObject **argsObj, Value *thisv,
unsigned start, unsigned end, JSScript *script)
unsigned start, unsigned end, JSScript *script,
const Value &unreadablePlaceholder = UndefinedValue())
{
// Assumes that the common frame arguments have already been read.
if (script->argumentsHasVarBinding()) {
@ -444,7 +445,7 @@ class SnapshotIterator
// We are not always able to read values from the snapshots, some values
// such as non-gc things may still be live in registers and cause an
// error while reading the machine state.
Value v = maybeRead();
Value v = maybeRead(unreadablePlaceholder);
op(v);
}
}
@ -455,7 +456,7 @@ class SnapshotIterator
skip();
}
Value s = maybeRead(true);
Value s = maybeRead(/* placeholder = */ UndefinedValue(), true);
while (moreAllocations())
skip();
@ -531,7 +532,8 @@ class InlineFrameIterator
void readFrameArgsAndLocals(ThreadSafeContext *cx, ArgOp &argOp, LocalOp &localOp,
JSObject **scopeChain, Value *rval,
ArgumentsObject **argsObj, Value *thisv,
ReadFrameArgsBehavior behavior) const
ReadFrameArgsBehavior behavior,
const Value &unreadablePlaceholder = UndefinedValue()) const
{
SnapshotIterator s(si_);
@ -550,8 +552,10 @@ class InlineFrameIterator
// Get the non overflown arguments, which are taken from the inlined
// frame, because it will have the updated value when JSOP_SETARG is
// done.
if (behavior != ReadFrame_Overflown)
s.readFunctionFrameArgs(argOp, argsObj, thisv, 0, nformal, script());
if (behavior != ReadFrame_Overflown) {
s.readFunctionFrameArgs(argOp, argsObj, thisv, 0, nformal, script(),
unreadablePlaceholder);
}
if (behavior != ReadFrame_Formals) {
if (more()) {
@ -579,7 +583,8 @@ class InlineFrameIterator
// Get the overflown arguments
parent_s.readCommonFrameSlots(nullptr, nullptr);
parent_s.readFunctionFrameArgs(argOp, nullptr, nullptr,
nformal, nactual, it.script());
nformal, nactual, it.script(),
unreadablePlaceholder);
} else {
// There is no parent frame to this inlined frame, we can read
// from the frame's Value vector directly.
@ -592,8 +597,14 @@ class InlineFrameIterator
// At this point we've read all the formals in s, and can read the
// locals.
for (unsigned i = 0; i < script()->nfixed(); i++)
localOp(s.read());
for (unsigned i = 0; i < script()->nfixed(); i++) {
// We have to use maybeRead here, some of these might be recover
// instructions, and currently InlineFrameIter does not support
// recovering slots.
//
// FIXME bug 1029963.
localOp(s.maybeRead(unreadablePlaceholder));
}
}
template <class Op>

3
js/src/jit/RematerializedFrame.cpp
View File

@ -39,7 +39,8 @@ RematerializedFrame::RematerializedFrame(ThreadSafeContext *cx, uint8_t *top,
{
CopyValueToRematerializedFrame op(slots_);
iter.readFrameArgsAndLocals(cx, op, op, &scopeChain_, &returnValue_,
&argsObj_, &thisValue_, ReadFrame_Actuals);
&argsObj_, &thisValue_, ReadFrame_Actuals,
MagicValue(JS_OPTIMIZED_OUT));
}
/* static */ RematerializedFrame *