Fix another IC patching range check (bug 602333 part 4, r=dmandelin, a=b8+).
authorDavid Anderson <danderson@mozilla.com>
Tue, 23 Nov 2010 17:07:01 -0800
changeset 58119 160e6bf9752e638bd61f6c645d612d8b82d7efb3
parent 58118 a6f34600b008ef3b5301584c5466fc3504c8fe60
child 58120 052a96664eba9433af0f58a515b25f53b770a02b
push id17164
push userdanderson@mozilla.com
push dateWed, 24 Nov 2010 01:19:59 +0000
treeherdermozilla-central@160e6bf9752e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdmandelin, b8
bugs602333
milestone2.0b8pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Fix another IC patching range check (bug 602333 part 4, r=dmandelin, a=b8+).
js/src/methodjit/PolyIC.cpp
--- a/js/src/methodjit/PolyIC.cpp
+++ b/js/src/methodjit/PolyIC.cpp
@@ -2112,20 +2112,18 @@ GetElementIC::attachGetProp(JSContext *c
     Jump done = masm.jump();
 
     PICLinker buffer(masm, *this);
     if (!buffer.init(cx))
         return error(cx);
 
     if (hasLastStringStub && !buffer.verifyRange(lastStringStub))
         return disable(cx, "code memory is out of range");
-    if ((shouldPatchInlineTypeGuard() || shouldPatchUnconditionalClaspGuard()) &&
-        !buffer.verifyRange(cx->fp()->jit())) {
+    if (!buffer.verifyRange(cx->fp()->jit()))
         return disable(cx, "code memory is out of range");
-    }
 
     // Patch all guards.
     buffer.maybeLink(atomIdGuard, slowPathStart);
     buffer.maybeLink(atomTypeGuard, slowPathStart);
     buffer.link(shapeGuard, slowPathStart);
     buffer.maybeLink(protoGuard, slowPathStart);
     buffer.link(done, fastPathRejoin);