Bug 496251: use up-to-date typemap when getting upvar from trace entry native frame, r=gal
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -1898,25 +1898,24 @@ js_GetUpvarOnTrace(JSContext* cx, uint32
* nativeStackFramePos is the offset of the start of the
* activation record corresponding to *fip in the native
* stack.
*/
int32 nativeStackFramePos = state->callstackBase[0]->spoffset;
for (FrameInfo** fip2 = state->callstackBase; fip2 <= fip; fip2++)
nativeStackFramePos += (*fip2)->spdist;
nativeStackFramePos -= (2 + (*fip)->get_argc());
- uint8* typemap = (uint8*) (fi+1);
return GetUpvarOnTraceTail(state, cookie, nativeStackFramePos,
- typemap, result);
+ fi->get_typemap(), result);
}
}
if (state->outermostTree->script->staticLevel == upvarLevel) {
- return GetUpvarOnTraceTail(state, cookie, 0,
- state->outermostTree->stackTypeMap(), result);
+ return GetUpvarOnTraceTail(state, cookie, 0, state->callstackBase[0]->get_typemap(),
+ result);
}
/*
* If we did not find the upvar in the frames for the active traces,
* then we simply get the value from the interpreter state.
*/
jsval v = js_GetUpvar(cx, level, cookie);
uint8 type = getCoercedType(v);
--- a/js/src/jstracer.h
+++ b/js/src/jstracer.h
@@ -312,16 +312,19 @@ struct FrameInfo {
// Safer accessors for argc.
enum { CONSTRUCTING_MASK = 0x8000 };
void set_argc(uint16 argc, bool constructing) {
this->argc = argc | (constructing ? CONSTRUCTING_MASK : 0);
}
uint16 get_argc() const { return argc & ~CONSTRUCTING_MASK; }
bool is_constructing() const { return (argc & CONSTRUCTING_MASK) != 0; }
+
+ // The typemap just before the callee is called.
+ uint8* get_typemap() { return (uint8*) (this+1); }
};
struct UnstableExit
{
nanojit::Fragment* fragment;
VMSideExit* exit;
UnstableExit* next;
};