Mercurial > mozilla-central / changeset / c20386dc121942151b81fb5e38c35b0fc6ab7905
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 768313 - Crash with newGlobal, newContext, --dump-bytecode, happens because jaeger inlines the non-pccount script into the pccount script, r=bhackett
authorJason Orendorff <jorendorff@mozilla.com>
Sat, 07 Jul 2012 16:06:09 -0700
changeset 98624 c20386dc121942151b81fb5e38c35b0fc6ab7905
parent 98622 9533b40ff28b292e772572c932915300dd7d1c79
child 98625 5493f54ce6212fbcfa65e6b0acfb8434da715dd8
push id23066
push userryanvm@gmail.com
push dateSun, 08 Jul 2012 17:48:41 +0000
treeherdermozilla-central@221f1a184f67 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett
bugs768313
milestone16.0a1
first release with
nightly linux32
b6fb3d9bd1b9 / 16.0a1 / 20120709035118 / files
nightly linux64
b6fb3d9bd1b9 / 16.0a1 / 20120709035118 / files
nightly mac
b6fb3d9bd1b9 / 16.0a1 / 20120709035118 / files
nightly win32
b6fb3d9bd1b9 / 16.0a1 / 20120709035118 / files
nightly win64
b6fb3d9bd1b9 / 16.0a1 / 20120709035118 / files
last release without
nightly linux32
9abaedb956a1 / 16.0a1 / 20120707030542 / files
nightly linux64
a8f682801a6d / 16.0a1 / 20120706075126 / files
nightly mac
a8f682801a6d / 16.0a1 / 20120706075126 / files
nightly win32
9abaedb956a1 / 16.0a1 / 20120707030542 / files
nightly win64
9abaedb956a1 / 16.0a1 / 20120707030542 / files
Bug 768313 - Crash with newGlobal, newContext, --dump-bytecode, happens because jaeger inlines the non-pccount script into the pccount script, r=bhackett
js/src/jit-test/README file | annotate | diff | comparison | revisions
js/src/jit-test/jit_test.py file | annotate | diff | comparison | revisions
js/src/jit-test/tests/jaeger/bug768313.js file | annotate | diff | comparison | revisions
js/src/methodjit/Compiler.cpp file | annotate | diff | comparison | revisions 
--- a/js/src/jit-test/README
+++ b/js/src/jit-test/README
@@ -66,14 +66,15 @@ to be placed inside any kind of comment.
 The meaning of the items:
 
     slow         Test runs slowly. Do not run if the --no-slow option is given.
     allow-oom    If the test runs out of memory, it counts as passing.
     valgrind     Run test under valgrind.
     tz-pacific   Always run test with the Pacific time zone (TZ=PST8PDT).
     mjitalways   Run js with -a, whether --jitflags says to or not
     debug        Run js with -d, whether --jitflags says to or not
+    dump-bytecode Run js with -D, whether --jitflags says to or not
 
     error        The test should be considered to pass iff it throws the
                  given JS exception.
     exitstatus   The test should exit with the given status value (an integer).
 
 * END
--- a/js/src/jit-test/jit_test.py
+++ b/js/src/jit-test/jit_test.py
@@ -106,16 +106,18 @@ class Test:
                     elif name == 'tz-pacific':
                         test.tz_pacific = True
                     elif name == 'mjitalways':
                         test.jitflags.append('-a')
                     elif name == 'debug':
                         test.jitflags.append('-d')
                     elif name == 'mjit':
                         test.jitflags.append('-m')
+                    elif name == 'dump-bytecode':
+                        test.jitflags.append('-D')
                     else:
                         print('warning: unrecognized |jit-test| attribute %s'%part)
 
         if options.valgrind_all:
             test.valgrind = True
 
         return test
 
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/bug768313.js
@@ -0,0 +1,6 @@
+// |jit-test| mjit; mjitalways; dump-bytecode
+
+function f() { }
+evaluate('function g() { f(); }', {newContext: true});
+for (var i = 0; i < 2; i++)
+    g(0);
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -277,16 +277,22 @@ mjit::Compiler::scanInlineCalls(uint32_t
              * doing so can change type information we have queried already
              * in making inlining decisions.
              */
             if (!script->hasAnalysis() || !script->analysis()->ranInference()) {
                 okay = false;
                 break;
             }
 
+            /* See bug 768313. */
+            if (script->hasScriptCounts != outerScript->hasScriptCounts) {
+                okay = false;
+                break;
+            }
+
             /*
              * The outer and inner scripts must have the same scope. This only
              * allows us to inline calls between non-inner functions. Also
              * check for consistent strictness between the functions.
              */
             if (!globalObj ||
                 fun->getParent() != globalObj ||
                 outerScript->strictModeCode != script->strictModeCode) {
mozilla-central
Deployed from 1769ae2b5feb at 2022-05-11T14:55:53Z.