[INFER] Don't make a local copy of cx->regs until ready to push a new frame, bug 655991.
authorBrian Hackett <bhackett1024@gmail.com>
Tue, 10 May 2011 10:07:58 -0700
changeset 75019 0df33bc6cc381a34a55a8d9f1048e9343ce3ddc6
parent 75018 64b33a6af9f8af6b8c64f4897647ead8a6d39031
child 75020 5aadf6bc110b9b4d5a7690f24ed8e543354ee917
push id1199
push userjorendorff@mozilla.com
push dateSat, 13 Aug 2011 18:32:33 +0000
treeherdermozilla-inbound@080fece621e4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs655991
milestone6.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
[INFER] Don't make a local copy of cx->regs until ready to push a new frame, bug 655991.
js/src/methodjit/InvokeHelpers.cpp
--- a/js/src/methodjit/InvokeHelpers.cpp
+++ b/js/src/methodjit/InvokeHelpers.cpp
@@ -385,31 +385,34 @@ UncachedInlineCall(VMFrame &f, uint32 fl
             newscript->typeSetThis(cx, &argTypes[0]);
         for (unsigned i = 0; i < argc; i++)
             newscript->typeSetArgument(cx, i, &argTypes[1 + i]);
     } else {
         CallArgs args = CallArgsFromVp(argc, vp);
         cx->typeMonitorCall(args, flags & StackFrame::CONSTRUCTING);
     }
 
-    /* Preserve f.regs.fp while pushing the new frame. */
-    FrameRegs regs = f.regs;
-    PreserveRegsGuard regsGuard(cx, regs);
-
     /* Get pointer to new frame/slots, prepare arguments. */
     StackFrame *newfp = cx->stack.getInlineFrameWithinLimit(cx, f.regs.sp, argc,
                                                             newfun, newscript, &flags,
                                                             f.entryfp, &f.stackLimit, NULL);
     if (JS_UNLIKELY(!newfp))
         return false;
 
     /* Initialize frame, locals. */
     newfp->initCallFrame(cx, callee, newfun, argc, flags);
     SetValueRangeToUndefined(newfp->slots(), newscript->nfixed);
 
+    /*
+     * Preserve f.regs.fp while pushing the new frame, for the invariant that
+     * f.regs reflects the state when we entered the stub call.
+     */
+    FrameRegs regs = f.regs;
+    PreserveRegsGuard regsGuard(cx, regs);
+
     /* Officially push the frame. */
     cx->stack.pushInlineFrame(newscript, newfp, regs);
 
     /* Scope with a call object parented by callee's parent. */
     if (newfun->isHeavyweight() && !js::CreateFunCallObject(cx, newfp))
         return false;
 
     /* Try to compile if not already compiled. */