[INFER] Don't run same-compartment assertions for GETLOCAL followed by POP, bug 657287.
authorBrian Hackett <bhackett1024@gmail.com>
Mon, 16 May 2011 06:59:37 -0700
changeset 75064 1b270bc6f9c1110d3436e6f863c296aed0bab05c
parent 75063 fab81b1881e3db5857d3677d842d41929fcce6d8
child 75065 3cd8666e409f9ad0d898262fe85f23439cc2180f
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs657287
milestone6.0a1
[INFER] Don't run same-compartment assertions for GETLOCAL followed by POP, bug 657287.
js/src/jsinterp.cpp
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -1882,16 +1882,17 @@ namespace reprmeter {
             fprintf(f, ",%llu\n", c);
         }
         fclose(f);
     }
 }
 #endif /* JS_REPRMETER */
 
 #define PUSH_COPY(v)             do { *regs.sp++ = v; assertSameCompartment(cx, regs.sp[-1]); } while (0)
+#define PUSH_COPY_SKIP_CHECK(v)  *regs.sp++ = v
 #define PUSH_NULL()              regs.sp++->setNull()
 #define PUSH_UNDEFINED()         regs.sp++->setUndefined()
 #define PUSH_BOOLEAN(b)          regs.sp++->setBoolean(b)
 #define PUSH_DOUBLE(d)           regs.sp++->setDouble(d)
 #define PUSH_INT32(i)            regs.sp++->setInt32(i)
 #define PUSH_STRING(s)           do { regs.sp++->setString(s); assertSameCompartment(cx, regs.sp[-1]); } while (0)
 #define PUSH_OBJECT(obj)         do { regs.sp++->setObject(obj); assertSameCompartment(cx, regs.sp[-1]); } while (0)
 #define PUSH_OBJECT_OR_NULL(obj) do { regs.sp++->setObjectOrNull(obj); assertSameCompartment(cx, regs.sp[-1]); } while (0)
@@ -5189,19 +5190,30 @@ BEGIN_CASE(JSOP_SETARG)
     JS_ASSERT(slot < regs.fp()->numFormalArgs());
     METER_SLOT_OP(op, slot);
     argv[slot] = regs.sp[-1];
 }
 END_SET_CASE(JSOP_SETARG)
 
 BEGIN_CASE(JSOP_GETLOCAL)
 {
-    uint32 slot = GET_SLOTNO(regs.pc);
-    JS_ASSERT(slot < script->nslots);
-    PUSH_COPY(regs.fp()->slots()[slot]);
+    /*
+     * Skip the same-compartment assertion if the local will be immediately
+     * popped. We do not guarantee sync for dead locals when coming in from the
+     * method JIT, and a GETLOCAL followed by POP is not considered to be
+     * a use of the variable.
+     */
+     uint32 slot = GET_SLOTNO(regs.pc);
+     JS_ASSERT(slot < script->nslots);
+    PUSH_COPY_SKIP_CHECK(regs.fp()->slots()[slot]);
+
+#ifdef DEBUG
+    if (regs.pc[JSOP_GETLOCAL_LENGTH] != JSOP_POP)
+        assertSameCompartment(cx, regs.sp[-1]);
+#endif
 }
 END_CASE(JSOP_GETLOCAL)
 
 BEGIN_CASE(JSOP_CALLLOCAL)
 {
     uint32 slot = GET_SLOTNO(regs.pc);
     JS_ASSERT(slot < script->nslots);
     PUSH_COPY(regs.fp()->slots()[slot]);