Bug 476666 - TM: Crash reading near 0 @Detecting, regression due to bug 476238. r=gal.
authorJason Orendorff <jorendorff@mozilla.com>
Tue, 03 Feb 2009 12:19:50 -0600
changeset 24604 e1ea24d8d7ed11383a1f467e88aca5df7327264d
parent 24603 5f5c1cd636413e21c0559a48dbd4d6c2a415ef6f
child 24605 879703a426f401644f315dc76ad3ac13a28a06a2
push id5132
push userrsayre@mozilla.com
push dateWed, 04 Feb 2009 20:48:09 +0000
treeherdermozilla-central@76ca30e94e5c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgal
bugs476666, 476238
milestone1.9.2a1pre
Bug 476666 - TM: Crash reading near 0 @Detecting, regression due to bug 476238. r=gal.
js/src/jsinterp.cpp
js/src/jsobj.cpp
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -4288,23 +4288,21 @@ js_Interpret(JSContext *cx)
                 } else {
                     entry = NULL;
                     if (i < 0)
                         atom = rt->atomState.lengthAtom;
                     else
                         LOAD_ATOM(i);
                 }
                 id = ATOM_TO_JSID(atom);
-                BEGIN_PC_HINT(regs.pc);
-                    if (entry
-                        ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
-                        : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
-                        goto error;
-                    }
-                END_PC_HINT();
+                if (entry
+                    ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
+                    : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
+                    goto error;
+                }
             } while (0);
 
             STORE_OPND(-1, rval);
             JS_ASSERT(JSOP_GETPROP_LENGTH + i == js_CodeSpec[op].length);
             len = JSOP_GETPROP_LENGTH + i;
           END_VARLEN_CASE
 
           BEGIN_CASE(JSOP_LENGTH)
@@ -4398,31 +4396,27 @@ js_Interpret(JSContext *cx)
                     JSXMLObjectOps *ops;
 
                     ops = (JSXMLObjectOps *) obj->map->ops;
                     obj = ops->getMethod(cx, obj, id, &rval);
                     if (!obj)
                         goto error;
                 } else
 #endif
-                BEGIN_PC_HINT(regs.pc);
-                    if (entry
-                        ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
-                        : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
-                        goto error;
-                    }
-                END_PC_HINT();
+                if (entry
+                    ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
+                    : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
+                    goto error;
+                }
                 STORE_OPND(-1, OBJECT_TO_JSVAL(obj));
                 STORE_OPND(-2, rval);
             } else {
                 JS_ASSERT(obj->map->ops->getProperty == js_GetProperty);
-                BEGIN_PC_HINT(regs.pc);
-                    if (!js_GetPropertyHelper(cx, obj, id, &rval, &entry))
-                        goto error;
-                END_PC_HINT();
+                if (!js_GetPropertyHelper(cx, obj, id, &rval, &entry))
+                    goto error;
                 STORE_OPND(-1, lval);
                 STORE_OPND(-2, rval);
             }
 
           end_callprop:
             /* Wrap primitive lval in object clothing if necessary. */
             if (JSVAL_IS_PRIMITIVE(lval)) {
                 /* FIXME: https://bugzilla.mozilla.org/show_bug.cgi?id=412571 */
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -3899,24 +3899,26 @@ js_NativeSet(JSContext *cx, JSObject *ob
 /*
  * Find out where we currently are in the code. If no hint was supplied,
  * de-optimize and consult the stack frame.
  */
 static jsbytecode*
 js_GetCurrentBytecodePC(JSContext* cx)
 {
     jsbytecode *pc = cx->pcHint;
-    if (!pc) {
+    if (!pc || !JS_ON_TRACE(cx)) {
         JSStackFrame* fp = js_GetTopStackFrame(cx);
         if (fp && fp->regs) {
             pc = fp->regs->pc;
             // FIXME: Set pc to imacpc when recording JSOP_CALL inside the 
             //        JSOP_GETELEM imacro (bug 476559).
             if (*pc == JSOP_CALL && fp->imacpc && *fp->imacpc == JSOP_GETELEM)
                 pc = fp->imacpc;
+        } else {
+            pc = NULL;
         }
     }
     return pc;
 }
 
 JSBool
 js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
                      JSPropCacheEntry **entryp)