Assert that JSVAL_ERROR_COOKIE doesn't leak from the JIT into the interpreter (r=me, debug only).
authorAndreas Gal <gal@mozilla.com>
Sun, 01 Feb 2009 23:16:00 -0800
changeset 24590 0518ddc0215d30524ebe6dd77e351e5deffffbc6
parent 24498 313563f92c492433159a42f64d20e2839eade0e1
child 24591 e7fffaf1f9fa99745937e6e59a797e84d4654a42
push id5132
push userrsayre@mozilla.com
push dateWed, 04 Feb 2009 20:48:09 +0000
treeherdermozilla-central@76ca30e94e5c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme, debug
milestone1.9.2a1pre
Assert that JSVAL_ERROR_COOKIE doesn't leak from the JIT into the interpreter (r=me, debug only).
js/src/jstracer.cpp
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -1587,16 +1587,17 @@ NativeToValue(JSContext* cx, jsval& v, u
         JS_ASSERT(*(JSObject**)slot == NULL);
         v = JSVAL_NULL;
         debug_only_v(printf("null<%p> ", *(JSObject**)slot));
         break;
       default:
         JS_ASSERT(type == JSVAL_OBJECT);
         v = OBJECT_TO_JSVAL(*(JSObject**)slot);
         JS_ASSERT(JSVAL_TAG(v) == JSVAL_OBJECT); /* if this fails the pointer was not aligned */
+        JS_ASSERT(v != JSVAL_ERROR_COOKIE); /* don't leak JSVAL_ERROR_COOKIE */
         debug_only_v(printf("object<%p:%s> ", JSVAL_TO_OBJECT(v),
                             JSVAL_IS_NULL(v)
                             ? "null"
                             : STOBJ_GET_CLASS(JSVAL_TO_OBJECT(v))->name);)
         break;
     }
 }