Backout bug 753283 (20619d227f29) for orange
authorBill McCloskey <wmccloskey@mozilla.com>
Wed, 16 May 2012 14:55:44 -0700
changeset 94143 ee9e7fe2c448eb69c0c3bf875b82aa0605070856
parent 94142 10c12811006914f1920408a78e0a11198b975943
child 94144 0f7d47f6b6dde7e7e687300794330dc638e4965d
push id9492
push userwmccloskey@mozilla.com
push dateWed, 16 May 2012 21:55:51 +0000
treeherdermozilla-inbound@ee9e7fe2c448 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs753283
milestone15.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backout bug 753283 (20619d227f29) for orange
js/src/jit-test/tests/basic/bug753283.js
js/src/jsapi.h
js/src/jsinterp.cpp
js/src/jsinterp.h
js/src/methodjit/Compiler.cpp
js/src/vm/Stack.cpp
deleted file mode 100644
--- a/js/src/jit-test/tests/basic/bug753283.js
+++ /dev/null
@@ -1,27 +0,0 @@
-
-var summary = '';
-function printStatus (msg) {
-  var lines = msg.split ("\n");
-}
-evaluate("\
-function f() {\
-    var ss = [\
-        new f(Int8Array, propertyIsEnumerable, '[let (x = 3, y = 4) x].map(0)')\
-    ];\
-}\
-try {\
-    f();\
-} catch (e) {}\
-  gczeal(4);\
-  printStatus (summary);\
-");
-evaluate("\
-function g(n, h) {\
-    var a = f;\
-    if (n <= 0) \
-    return f; \
-    var t = g(n - 1, h);\
-    var r = function(x) {    };\
-}\
-g(80, f);\
-");
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@@ -693,24 +693,16 @@ static JS_ALWAYS_INLINE Value
 ObjectValue(JSObject &obj)
 {
     Value v;
     v.setObject(obj);
     return v;
 }
 
 static JS_ALWAYS_INLINE Value
-ObjectValueCrashOnTouch()
-{
-    Value v;
-    v.setObject(*reinterpret_cast<JSObject *>(0x42));
-    return v;
-}
-
-static JS_ALWAYS_INLINE Value
 MagicValue(JSWhyMagic why)
 {
     Value v;
     v.setMagic(why);
     return v;
 }
 
 static JS_ALWAYS_INLINE Value
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -1351,21 +1351,21 @@ js::Interpret(JSContext *cx, StackFrame 
 
     register void * const *jumpTable = normalJumpTable;
 
     typedef GenericInterruptEnabler<void * const *> InterruptEnabler;
     InterruptEnabler interruptEnabler(&jumpTable, interruptJumpTable);
 
 # define DO_OP()            JS_BEGIN_MACRO                                    \
                                 CHECK_PCCOUNT_INTERRUPTS();                   \
+                                js::gc::MaybeVerifyBarriers(cx);              \
                                 JS_EXTENSION_(goto *jumpTable[op]);           \
                             JS_END_MACRO
 # define DO_NEXT_OP(n)      JS_BEGIN_MACRO                                    \
                                 TypeCheckNextBytecode(cx, script, n, regs);   \
-                                js::gc::MaybeVerifyBarriers(cx);              \
                                 op = (JSOp) *(regs.pc += (n));                \
                                 DO_OP();                                      \
                             JS_END_MACRO
 
 # define BEGIN_CASE(OP)     L_##OP:
 # define END_CASE(OP)       DO_NEXT_OP(OP##_LENGTH);
 # define END_VARLEN_CASE    DO_NEXT_OP(len);
 # define ADD_EMPTY_CASE(OP) BEGIN_CASE(OP)                                    \
--- a/js/src/jsinterp.h
+++ b/js/src/jsinterp.h
@@ -346,17 +346,17 @@ class TryNoteIter
  * in debug builds and crash in release builds. Instead, we use a safe-for-crash
  * pointer.
  */
 static JS_ALWAYS_INLINE void
 Debug_SetValueRangeToCrashOnTouch(Value *beg, Value *end)
 {
 #ifdef DEBUG
     for (Value *v = beg; v != end; ++v)
-        *v = ObjectValueCrashOnTouch();
+        v->setObject(*reinterpret_cast<JSObject *>(0x42));
 #endif
 }
 
 static JS_ALWAYS_INLINE void
 Debug_SetValueRangeToCrashOnTouch(Value *vec, size_t len)
 {
 #ifdef DEBUG
     Debug_SetValueRangeToCrashOnTouch(vec, vec + len);
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -1226,40 +1226,28 @@ mjit::Compiler::markUndefinedLocal(uint3
     uint32_t slot = LocalSlot(script, i);
     Address local(JSFrameReg, sizeof(StackFrame) + (depth + i) * sizeof(Value));
     if (!cx->typeInferenceEnabled() || !analysis->trackSlot(slot)) {
         masm.storeValue(UndefinedValue(), local);
     } else {
         Lifetime *lifetime = analysis->liveness(slot).live(offset);
         if (lifetime)
             masm.storeValue(UndefinedValue(), local);
-#ifdef DEBUG
-        else
-            masm.storeValue(ObjectValueCrashOnTouch(), local);
-#endif
     }
 }
 
 void
 mjit::Compiler::markUndefinedLocals()
 {
     /*
      * Set locals to undefined, as in initCallFrameLatePrologue.
      * Skip locals which aren't closed and are known to be defined before used,
      */
     for (uint32_t i = 0; i < script->nfixed; i++)
         markUndefinedLocal(0, i);
-
-#ifdef DEBUG
-    uint32_t depth = ssa.getFrame(a->inlineIndex).depth;
-    for (uint32_t i = script->nfixed; i < script->nslots; i++) {
-        Address local(JSFrameReg, sizeof(StackFrame) + (depth + i) * sizeof(Value));
-        masm.storeValue(ObjectValueCrashOnTouch(), local);
-    }
-#endif
 }
 
 CompileStatus
 mjit::Compiler::generateEpilogue()
 {
     return Compile_Okay;
 }
 
--- a/js/src/vm/Stack.cpp
+++ b/js/src/vm/Stack.cpp
@@ -409,17 +409,16 @@ StackSpace::init()
     JS_ASSERT(CAPACITY_BYTES % getpagesize() == 0);
     p = mmap(NULL, CAPACITY_BYTES, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
     if (p == MAP_FAILED)
         return false;
     base_ = reinterpret_cast<Value *>(p);
     trustedEnd_ = base_ + CAPACITY_VALS;
     conservativeEnd_ = defaultEnd_ = trustedEnd_ - BUFFER_VALS;
 #endif
-    Debug_SetValueRangeToCrashOnTouch(base_, trustedEnd_);
     assertInvariants();
     return true;
 }
 
 StackSpace::~StackSpace()
 {
     assertInvariants();
     JS_ASSERT(!seg_);
@@ -755,24 +754,19 @@ ContextStack::pushInvokeArgs(JSContext *
 
 void
 ContextStack::popInvokeArgs(const InvokeArgsGuard &iag)
 {
     JS_ASSERT(iag.pushed());
     JS_ASSERT(onTop());
     JS_ASSERT(space().firstUnused() == seg_->calls().end());
 
-    Value *oldend = seg_->end();
-
     seg_->popCall();
     if (iag.pushedSeg_)
         popSegment();
-
-    if (seg_)
-        Debug_SetValueRangeToCrashOnTouch(seg_->end(), oldend);
 }
 
 bool
 ContextStack::pushInvokeFrame(JSContext *cx, const CallArgs &args,
                               InitialFrameFlags initial, InvokeFrameGuard *ifg)
 {
     JS_ASSERT(onTop());
     JS_ASSERT(space().firstUnused() == args.end());
@@ -873,25 +867,20 @@ ContextStack::popFrame(const FrameGuard 
     JS_ASSERT(fg.pushed());
     JS_ASSERT(onTop());
     JS_ASSERT(space().firstUnused() == fg.regs_.sp);
     JS_ASSERT(&fg.regs_ == &seg_->regs());
 
     if (fg.regs_.fp()->isNonEvalFunctionFrame())
         fg.regs_.fp()->functionEpilogue();
 
-    Value *oldend = seg_->end();
-
     seg_->popRegs(fg.prevRegs_);
     if (fg.pushedSeg_)
         popSegment();
 
-    if (seg_)
-        Debug_SetValueRangeToCrashOnTouch(seg_->end(), oldend);
-
     /*
      * NB: this code can call out and observe the stack (e.g., through GC), so
      * it should only be called from a consistent stack state.
      */
     if (!hasfp())
         cx_->resetCompartment();
 }