Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-20 16:55:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1148970 - Check for possibly incomplete type sets when double checking the correctness of argument type set information, r=jandem.

Browse Source
This commit is contained in:
Brian Hackett 2015-04-09 10:29:53 -06:00
parent 385fbe4a65
commit eae3e3f79c
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
js/src/jit/CodeGenerator.cpp
View File

@ -3535,6 +3535,18 @@ CodeGenerator::generateArgumentsChecks(bool bailout)
Label success;
masm.jump(&success);
masm.bind(&miss);
// Check for cases where the type set guard might have missed due to
// changing object groups.
for (uint32_t i = info.startArgSlot(); i < info.endArgSlot(); i++) {
Label skip;
Address addr(StackPointer, ArgToStackOffset((i - info.startArgSlot()) * sizeof(Value)));
masm.branchTestObject(Assembler::NotEqual, addr, &skip);
Register obj = masm.extractObject(addr, temp);
masm.guardTypeSetMightBeIncomplete(obj, temp, &success);
masm.bind(&skip);
}
masm.assumeUnreachable("Argument check fail.");
masm.bind(&success);
}