| author | Kannan Vijayan <kvijayan@mozilla.com> |
| Wed, 05 Jun 2013 16:52:11 -0400 | |
| changeset 134145 | be065b3be5febd4c7ee9081d65817e02f357b115 |
| parent 134144 | 01458e7eb7071780e726d8ed65994fbffd7c37ff |
| child 134146 | 060a106fe89e6f43a41c6b94870b3b2fa668296f |
| push id | 29070 |
| push user | kvijayan@mozilla.com |
| push date | Wed, 05 Jun 2013 20:52:54 +0000 |
| treeherder | mozilla-inbound@be065b3be5fe [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | bhackett |
| bugs | 870034 |
| milestone | 24.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/js/src/ion/BaselineIC.cpp +++ b/js/src/ion/BaselineIC.cpp @@ -6823,17 +6823,23 @@ TryAttachCallStub(JSContext *cx, ICCall_ if (!callee.isObject()) return true; RootedObject obj(cx, &callee.toObject()); if (!obj->isFunction()) return true; RootedFunction fun(cx, obj->toFunction()); + if (fun->hasScript()) { + // Never attach optimized scripted call stubs for JSOP_FUNAPPLY. + // MagicArguments may escape the frame through them. + if (op == JSOP_FUNAPPLY) + return true; + RootedScript calleeScript(cx, fun->nonLazyScript()); if (!calleeScript->hasBaselineScript() && !calleeScript->hasIonScript()) return true; if (calleeScript->shouldCloneAtCallsite) return true; // Check if this stub chain has already generalized scripted calls. @@ -6875,37 +6881,41 @@ TryAttachCallStub(JSContext *cx, ICCall_ return true; } if (fun->isNative() && (!constructing || (constructing && fun->isNativeConstructor()))) { // Generalied native call stubs are not here yet! JS_ASSERT(!stub->nativeStubsAreGeneralized()); // Check for JSOP_FUNAPPLY - if (op == JSOP_FUNAPPLY && fun->maybeNative() == js_fun_apply) { - if (!TryAttachFunApplyStub(cx, stub, script, pc, thisv, argc, vp + 2)) - return false; - } else { - if (stub->nativeStubCount() >= ICCall_Fallback::MAX_NATIVE_STUBS) { - IonSpew(IonSpew_BaselineIC, - " Too many Call_Native stubs. TODO: add Call_AnyNative!"); - return true; - } - - IonSpew(IonSpew_BaselineIC, " Generating Call_Native stub (fun=%p, cons=%s)", - fun.get(), constructing ? "yes" : "no"); - ICCall_Native::Compiler compiler(cx, stub->fallbackMonitorStub()->firstMonitorStub(), - fun, constructing, pc - script->code); - ICStub *newStub = compiler.getStub(compiler.getStubSpace(script)); - if (!newStub) - return false; - - stub->addNewStub(newStub); + if (op == JSOP_FUNAPPLY) { + if (fun->maybeNative() == js_fun_apply) + return TryAttachFunApplyStub(cx, stub, script, pc, thisv, argc, vp + 2); + + // Don't try to attach a "regular" optimized call stubs for FUNAPPLY ops, + // since MagicArguments may escape through them. return true; } + + if (stub->nativeStubCount() >= ICCall_Fallback::MAX_NATIVE_STUBS) { + IonSpew(IonSpew_BaselineIC, + " Too many Call_Native stubs. TODO: add Call_AnyNative!"); + return true; + } + + IonSpew(IonSpew_BaselineIC, " Generating Call_Native stub (fun=%p, cons=%s)", + fun.get(), constructing ? "yes" : "no"); + ICCall_Native::Compiler compiler(cx, stub->fallbackMonitorStub()->firstMonitorStub(), + fun, constructing, pc - script->code); + ICStub *newStub = compiler.getStub(compiler.getStubSpace(script)); + if (!newStub) + return false; + + stub->addNewStub(newStub); + return true; } return true; } static bool MaybeCloneFunctionAtCallsite(JSContext *cx, MutableHandleValue callee, HandleScript script, jsbytecode *pc)