Bug 728609 - Increment gcNumber in EndVerifyBarriers (r=bhackett)
authorBill McCloskey <wmccloskey@mozilla.com>
Thu, 23 Feb 2012 14:02:21 -0800
changeset 87575 51c51a451762eaa36aecd91c0111901554453129
parent 87574 0bf0007285f78dcc7bbb3275a8a116d99d0410f7
child 87576 c18ad658c0242552309616d218859d9a92f47120
push id22133
push usermak77@bonardo.net
push dateFri, 24 Feb 2012 10:23:30 +0000
treeherdermozilla-central@fbcdc2c87df8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett
bugs728609
milestone13.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 728609 - Increment gcNumber in EndVerifyBarriers (r=bhackett)
js/src/jit-test/tests/basic/bug728609.js
js/src/jit-test/tests/basic/bug729364.js
js/src/jsgc.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug728609.js
@@ -0,0 +1,23 @@
+var lfcode = new Array();
+lfcode.push("\
+test();\
+function test() {\
+  function removeAllProperties(o) {\
+    bar() = thaw, patterns;\
+  }\
+  var o = {};\
+  o.first = { toSource: function() { removeAllProperties(o); } };\
+  return o.toSource();\
+}\
+");
+lfcode.push("test();");
+gczeal(4);
+while (true) {
+        var file = lfcode.shift(); if (file == undefined) { break; }
+                loadFile(file);
+}
+function loadFile(lfVarx) {
+        try {
+                        evaluate(lfVarx);
+        } catch (lfVare) {      }
+}
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug729364.js
@@ -0,0 +1,20 @@
+function f() {
+  try {} catch (e) {}
+}
+function g(code) {
+  function m() {
+    return "(function(){return " + code + "})()"
+  }
+  var codeNestedDeep = m(codeNestedDeep)
+  h(m(code), "same-compartment")
+  h(codeNestedDeep, "same-compartment")
+}
+function h(code, globalType) {
+  try {
+    evalcx(code, newGlobal(globalType))
+  } catch (e) {
+    "" + f()
+  }
+}
+function p()(function() function() {})
+g("print(let(x=verifybarriers(),q)((x(\"\",l('')))?(\"\"):(\"\")))()")
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@@ -4317,17 +4317,22 @@ EndVerifyBarriers(JSContext *cx)
     AutoCopyFreeListToArenas copy(rt);
     RecordNativeStackTopForGC(cx);
 
     VerifyTracer *trc = (VerifyTracer *)rt->gcVerifyData;
 
     if (!trc)
         return;
 
+    /*
+     * We need to bump gcNumber so that the methodjit knows that jitcode has
+     * been discarded.
+     */
     JS_ASSERT(trc->number == rt->gcNumber);
+    rt->gcNumber++;
 
     /* We need to disable barriers before tracing, which may invoke barriers. */
     for (CompartmentsIter c(rt); !c.done(); c.next())
         c->needsBarrier_ = false;
 
     for (CompartmentsIter c(rt); !c.done(); c.next())
         c->discardJitCode(cx);