Merge from tracemonkey.
authorDavid Anderson <danderson@mozilla.com>
Tue, 14 Sep 2010 12:49:35 -0700
changeset 74581 27d130f005b7f3fae9281304ca98e5511295adb2
parent 74580 b32b9cc30f2c879f3184df91af9f73cdc5b79cda (current diff)
parent 53863 d71cdbe5c06b3d44986c32f78da92fb46df3032f (diff)
child 74582 c76f61d9595b09e3fcc0d5813b42cc13bb5dca1a
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
milestone2.0b6pre
Merge from tracemonkey.
js/src/methodjit/Compiler.cpp
js/src/methodjit/MonoIC.cpp
--- a/dom/indexedDB/IDBCursor.cpp
+++ b/dom/indexedDB/IDBCursor.cpp
@@ -250,53 +250,73 @@ IDBCursor::CreateCommon(IDBRequest* aReq
 
   return cursor.forget();
 }
 
 IDBCursor::IDBCursor()
 : mDirection(nsIIDBCursor::NEXT),
   mCachedValue(JSVAL_VOID),
   mHaveCachedValue(false),
-  mJSRuntime(nsnull),
+  mValueRooted(false),
   mContinueCalled(false),
   mDataIndex(0),
   mType(OBJECTSTORE)
 {
   NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
 }
 
 IDBCursor::~IDBCursor()
 {
   NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
 
-  if (mJSRuntime) {
-    js_RemoveRoot(mJSRuntime, &mCachedValue);
+  if (mValueRooted) {
+    NS_DROP_JS_OBJECTS(this, IDBCursor);
   }
 
   if (mListenerManager) {
     mListenerManager->Disconnect();
   }
 }
 
 NS_IMPL_CYCLE_COLLECTION_CLASS(IDBCursor)
 
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(IDBCursor,
                                                   nsDOMEventTargetHelper)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR_AMBIGUOUS(mRequest,
+                                                       nsPIDOMEventTarget)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR_AMBIGUOUS(mTransaction,
+                                                       nsPIDOMEventTarget)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR_AMBIGUOUS(mObjectStore,
                                                        nsPIDOMEventTarget)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR_AMBIGUOUS(mIndex,
                                                        nsPIDOMEventTarget)
-  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR_AMBIGUOUS(mTransaction,
-                                                       nsPIDOMEventTarget)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR(mOnErrorListener)
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
 
+NS_IMPL_CYCLE_COLLECTION_ROOT_BEGIN(IDBCursor)
+  if (tmp->mValueRooted) {
+    NS_DROP_JS_OBJECTS(tmp, IDBCursor);
+    tmp->mCachedValue = JSVAL_VOID;
+    tmp->mHaveCachedValue = false;
+    tmp->mValueRooted = false;
+  }
+NS_IMPL_CYCLE_COLLECTION_ROOT_END
+
+NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(IDBCursor)
+  if (JSVAL_IS_GCTHING(tmp->mCachedValue)) {
+    void *gcThing = JSVAL_TO_GCTHING(tmp->mCachedValue);
+    NS_IMPL_CYCLE_COLLECTION_TRACE_JS_CALLBACK(gcThing)
+  }
+NS_IMPL_CYCLE_COLLECTION_TRACE_END
+
 NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(IDBCursor,
                                                 nsDOMEventTargetHelper)
   // Don't unlink mObjectStore, mIndex, or mTransaction!
+  NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mRequest)
   NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mOnErrorListener)
 NS_IMPL_CYCLE_COLLECTION_UNLINK_END
 
 NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(IDBCursor)
   NS_INTERFACE_MAP_ENTRY(nsIIDBCursor)
   NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(IDBCursor)
 NS_INTERFACE_MAP_END_INHERITING(nsDOMEventTargetHelper)
 
@@ -372,29 +392,25 @@ IDBCursor::GetValue(JSContext* aCx,
     NS_ENSURE_SUCCESS(rv, rv);
 
     return NS_OK;
   }
 
   if (!mHaveCachedValue) {
     JSAutoRequest ar(aCx);
 
-    if (!mJSRuntime) {
-      JSRuntime* rt = JS_GetRuntime(aCx);
-      JSBool ok = js_AddRootRT(rt, &mCachedValue,
-                               "IDBCursor::mCachedValue");
-      NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
-
-      mJSRuntime = rt;
-    }
-
     nsCOMPtr<nsIJSON> json(new nsJSON());
     rv = json->DecodeToJSVal(mData[mDataIndex].value, aCx, &mCachedValue);
     NS_ENSURE_SUCCESS(rv, rv);
 
+    if (!mValueRooted) {
+      NS_HOLD_JS_OBJECTS(this, IDBCursor);
+      mValueRooted = true;
+    }
+
     mHaveCachedValue = true;
   }
 
   *aValue = mCachedValue;
   return NS_OK;
 }
 
 NS_IMETHODIMP
--- a/dom/indexedDB/IDBCursor.h
+++ b/dom/indexedDB/IDBCursor.h
@@ -73,18 +73,18 @@ class IDBCursor : public nsDOMEventTarge
                   public nsIIDBCursor
 {
   friend class ContinueRunnable;
 
 public:
   NS_DECL_ISUPPORTS_INHERITED
   NS_DECL_NSIIDBCURSOR
 
-  NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(IDBCursor,
-                                           nsDOMEventTargetHelper)
+  NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS_INHERITED(IDBCursor,
+                                                         nsDOMEventTargetHelper)
 
   static
   already_AddRefed<IDBCursor>
   Create(IDBRequest* aRequest,
          IDBTransaction* aTransaction,
          IDBObjectStore* aObjectStore,
          PRUint16 aDirection,
          nsTArray<KeyValuePair>& aData);
@@ -132,17 +132,17 @@ protected:
   nsRefPtr<IDBObjectStore> mObjectStore;
   nsRefPtr<IDBIndex> mIndex;
 
   PRUint16 mDirection;
 
   nsCOMPtr<nsIVariant> mCachedKey;
   jsval mCachedValue;
   bool mHaveCachedValue;
-  JSRuntime* mJSRuntime;
+  bool mValueRooted;
 
   bool mContinueCalled;
   PRUint32 mDataIndex;
 
   Type mType;
   nsTArray<KeyValuePair> mData;
   nsTArray<KeyKeyPair> mKeyData;
 
--- a/dom/indexedDB/IDBEvents.cpp
+++ b/dom/indexedDB/IDBEvents.cpp
@@ -200,17 +200,27 @@ IDBEvent::CreateGenericEventRunnable(con
 
   nsCOMPtr<nsIRunnable> runnable(new EventFiringRunnable(aTarget, event));
   return runnable.forget();
 }
 
 NS_IMPL_ADDREF_INHERITED(IDBEvent, nsDOMEvent)
 NS_IMPL_RELEASE_INHERITED(IDBEvent, nsDOMEvent)
 
-NS_INTERFACE_MAP_BEGIN(IDBEvent)
+NS_IMPL_CYCLE_COLLECTION_CLASS(IDBEvent)
+
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(IDBEvent, nsDOMEvent)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR(mSource)
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(IDBEvent, nsDOMEvent)
+  NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mSource)
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(IDBEvent)
   NS_INTERFACE_MAP_ENTRY(nsIIDBEvent)
 NS_INTERFACE_MAP_END_INHERITING(nsDOMEvent)
 
 NS_IMETHODIMP
 IDBEvent::GetSource(nsISupports** aSource)
 {
   nsCOMPtr<nsISupports> source(mSource);
   source.forget(aSource);
@@ -326,17 +336,29 @@ IDBSuccessEvent::CreateRunnable(IDBReque
 
   nsCOMPtr<nsIRunnable> runnable(new EventFiringRunnable(aRequest, event));
   return runnable.forget();
 }
 
 NS_IMPL_ADDREF_INHERITED(IDBSuccessEvent, IDBEvent)
 NS_IMPL_RELEASE_INHERITED(IDBSuccessEvent, IDBEvent)
 
-NS_INTERFACE_MAP_BEGIN(IDBSuccessEvent)
+NS_IMPL_CYCLE_COLLECTION_CLASS(IDBSuccessEvent)
+
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(IDBSuccessEvent, IDBEvent)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR(mResult)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR(mTransaction)
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(IDBSuccessEvent, IDBEvent)
+  NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mResult)
+  NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mTransaction)
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(IDBSuccessEvent)
   NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIIDBTransactionEvent, mTransaction)
   NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(IDBTransactionEvent,
                                                    mTransaction)
   NS_INTERFACE_MAP_ENTRY(nsIIDBSuccessEvent)
   NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(IDBSuccessEvent)
 NS_INTERFACE_MAP_END_INHERITING(IDBEvent)
 
 DOMCI_DATA(IDBSuccessEvent, IDBSuccessEvent)
@@ -367,16 +389,23 @@ IDBSuccessEvent::GetResult(JSContext* aC
 NS_IMETHODIMP
 IDBSuccessEvent::GetTransaction(nsIIDBTransaction** aTransaction)
 {
   nsCOMPtr<nsIIDBTransaction> transaction(mTransaction);
   transaction.forget(aTransaction);
   return NS_OK;
 }
 
+GetSuccessEvent::~GetSuccessEvent()
+{
+  if (mValueRooted) {
+    NS_DROP_JS_OBJECTS(this, GetSuccessEvent);
+  }
+}
+
 nsresult
 GetSuccessEvent::Init(IDBRequest* aRequest,
                       IDBTransaction* aTransaction)
 {
   mSource = aRequest->Source();
   mTransaction = aTransaction;
 
   nsresult rv = InitEvent(NS_LITERAL_STRING(SUCCESS_EVT_STR), PR_FALSE,
@@ -393,58 +422,87 @@ NS_IMETHODIMP
 GetSuccessEvent::GetResult(JSContext* aCx,
                            jsval* aResult)
 {
   if (mValue.IsVoid()) {
     *aResult = JSVAL_VOID;
     return NS_OK;
   }
 
-  if (!mJSRuntime) {
+  if (!mValueRooted) {
+    RootCachedValue();
+
     nsString jsonValue = mValue;
     mValue.Truncate();
 
     JSAutoRequest ar(aCx);
 
-    JSRuntime* rt = JS_GetRuntime(aCx);
-
-    JSBool ok = js_AddRootRT(rt, &mCachedValue,
-                             "GetSuccessEvent::mCachedValue");
-    NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
-
-    mJSRuntime = rt;
-
     nsCOMPtr<nsIJSON> json(new nsJSON());
     nsresult rv = json->DecodeToJSVal(jsonValue, aCx, &mCachedValue);
     if (NS_FAILED(rv)) {
       mCachedValue = JSVAL_VOID;
 
       NS_ERROR("Failed to decode!");
       return rv;
     }
   }
 
   *aResult = mCachedValue;
   return NS_OK;
 }
 
+void
+GetSuccessEvent::RootCachedValue()
+{
+  mValueRooted = PR_TRUE;
+  NS_HOLD_JS_OBJECTS(this, GetSuccessEvent);
+}
+
+NS_IMPL_ADDREF_INHERITED(GetSuccessEvent, IDBSuccessEvent)
+NS_IMPL_RELEASE_INHERITED(GetSuccessEvent, IDBSuccessEvent)
+
+NS_IMPL_CYCLE_COLLECTION_CLASS(GetSuccessEvent)
+
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(GetSuccessEvent,
+                                                  IDBSuccessEvent)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+
+NS_IMPL_CYCLE_COLLECTION_ROOT_BEGIN(GetSuccessEvent)
+  if (tmp->mValueRooted) {
+    NS_DROP_JS_OBJECTS(tmp, GetSuccessEvent);
+    tmp->mCachedValue = JSVAL_VOID;
+    tmp->mValueRooted = PR_FALSE;
+  }
+NS_IMPL_CYCLE_COLLECTION_ROOT_END
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(GetSuccessEvent,
+                                                IDBSuccessEvent)
+  NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mResult)
+  NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mTransaction)
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(GetSuccessEvent)
+  if (JSVAL_IS_GCTHING(tmp->mCachedValue)) {
+    void *gcThing = JSVAL_TO_GCTHING(tmp->mCachedValue);
+    NS_IMPL_CYCLE_COLLECTION_TRACE_JS_CALLBACK(gcThing)
+  }
+NS_IMPL_CYCLE_COLLECTION_TRACE_END
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(GetSuccessEvent)
+NS_INTERFACE_MAP_END_INHERITING(IDBSuccessEvent)
+
 NS_IMETHODIMP
 GetAllSuccessEvent::GetResult(JSContext* aCx,
                               jsval* aResult)
 {
-  if (!mJSRuntime) {
-    JSAutoRequest ar(aCx);
-
-    JSRuntime* rt = JS_GetRuntime(aCx);
+  if (!mValueRooted) {
+    RootCachedValue();
 
-    JSBool ok = js_AddRootRT(rt, &mCachedValue,
-                             "GetSuccessEvent::mCachedValue");
-    NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
-
-    mJSRuntime = rt;
+    JSAutoRequest ar(aCx);
 
     // Swap into a stack array so that we don't hang on to the strings if
     // something fails.
     nsTArray<nsString> values;
     if (!mValues.SwapElements(values)) {
       NS_ERROR("Failed to swap elements!");
       return NS_ERROR_FAILURE;
     }
@@ -492,26 +550,20 @@ GetAllSuccessEvent::GetResult(JSContext*
   *aResult = mCachedValue;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 GetAllKeySuccessEvent::GetResult(JSContext* aCx,
                                  jsval* aResult)
 {
-  if (!mJSRuntime) {
-    JSAutoRequest ar(aCx);
-
-    JSRuntime* rt = JS_GetRuntime(aCx);
+  if (!mValueRooted) {
+    RootCachedValue();
 
-    JSBool ok = js_AddRootRT(rt, &mCachedValue,
-                             "GetSuccessEvent::mCachedValue");
-    NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
-
-    mJSRuntime = rt;
+    JSAutoRequest ar(aCx);
 
     // Swap into a stack array so that we don't hang on to the strings if
     // something fails.
     nsTArray<Key> keys;
     if (!mKeys.SwapElements(keys)) {
       NS_ERROR("Failed to swap elements!");
       return NS_ERROR_FAILURE;
     }
--- a/dom/indexedDB/IDBEvents.h
+++ b/dom/indexedDB/IDBEvents.h
@@ -68,16 +68,18 @@ class IDBTransaction;
 class IDBEvent : public nsDOMEvent,
                  public nsIIDBEvent
 {
 public:
   NS_DECL_ISUPPORTS_INHERITED
   NS_DECL_NSIIDBEVENT
   NS_FORWARD_TO_NSDOMEVENT
 
+  NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(IDBEvent, nsDOMEvent)
+
   static already_AddRefed<nsIDOMEvent>
   CreateGenericEvent(const nsAString& aType);
 
   static already_AddRefed<nsIRunnable>
   CreateGenericEventRunnable(const nsAString& aType,
                              nsIDOMEventTarget* aTarget);
 
 protected:
@@ -116,16 +118,18 @@ class IDBSuccessEvent : public IDBEvent,
 {
 public:
   NS_DECL_ISUPPORTS_INHERITED
   NS_DECL_NSIIDBSUCCESSEVENT
   NS_DECL_NSIIDBTRANSACTIONEVENT
   NS_FORWARD_NSIDOMEVENT(IDBEvent::)
   NS_FORWARD_NSIIDBEVENT(IDBEvent::)
 
+  NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(IDBSuccessEvent, IDBEvent)
+
   static already_AddRefed<nsIDOMEvent>
   Create(IDBRequest* aRequest,
          nsIVariant* aResult,
          nsIIDBTransaction* aTransaction);
 
   static already_AddRefed<nsIRunnable>
   CreateRunnable(IDBRequest* aRequest,
                  nsIVariant* aResult,
@@ -139,38 +143,40 @@ protected:
 };
 
 class GetSuccessEvent : public IDBSuccessEvent
 {
 public:
   GetSuccessEvent(const nsAString& aValue)
   : mValue(aValue),
     mCachedValue(JSVAL_VOID),
-    mJSRuntime(nsnull)
+    mValueRooted(PR_FALSE)
   { }
 
-  ~GetSuccessEvent()
-  {
-    if (mJSRuntime) {
-      js_RemoveRoot(mJSRuntime, &mCachedValue);
-    }
-  }
+  ~GetSuccessEvent();
+
+  NS_DECL_ISUPPORTS_INHERITED
+  NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS_INHERITED(GetSuccessEvent,
+                                                         IDBSuccessEvent)
 
   NS_IMETHOD GetResult(JSContext* aCx,
                        jsval* aResult);
 
   nsresult Init(IDBRequest* aRequest,
                 IDBTransaction* aTransaction);
 
 private:
   nsString mValue;
 
 protected:
+  void RootCachedValue();
+
   jsval mCachedValue;
   JSRuntime* mJSRuntime;
+  PRBool mValueRooted;
 };
 
 class GetAllSuccessEvent : public GetSuccessEvent
 {
 public:
   GetAllSuccessEvent(nsTArray<nsString>& aValues)
   : GetSuccessEvent(EmptyString())
   {
--- a/dom/indexedDB/IDBRequest.cpp
+++ b/dom/indexedDB/IDBRequest.cpp
@@ -108,22 +108,24 @@ IDBRequest::GetOnerror(nsIDOMEventListen
 }
 
 NS_IMPL_CYCLE_COLLECTION_CLASS(IDBRequest)
 
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(IDBRequest,
                                                   nsDOMEventTargetHelper)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR(mOnSuccessListener)
   NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR(mOnErrorListener)
+  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_NSCOMPTR(mSource)
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
 
 NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(IDBRequest,
                                                 nsDOMEventTargetHelper)
   NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mOnSuccessListener)
   NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mOnErrorListener)
+  NS_IMPL_CYCLE_COLLECTION_UNLINK_NSCOMPTR(mSource)
 NS_IMPL_CYCLE_COLLECTION_UNLINK_END
 
 NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(IDBRequest)
   NS_INTERFACE_MAP_ENTRY(nsIIDBRequest)
   NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(IDBRequest)
 NS_INTERFACE_MAP_END_INHERITING(nsDOMEventTargetHelper)
 
 NS_IMPL_ADDREF_INHERITED(IDBRequest, nsDOMEventTargetHelper)
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -1858,17 +1858,17 @@ mjit::Compiler::emitUncachedCall(uint32 
     masm.move(Imm32(argc), Registers::ArgReg1);
     stubCall(stub);
     ADD_CALLSITE(false);
 
     Jump notCompiled = masm.branchTestPtr(Assembler::Zero, r0, r0);
     stubcc.linkExitDirect(notCompiled, stubcc.masm.label());
 
     masm.call(r0);
-#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+#if (defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)) || defined(_WIN64)
     masm.callLabel = masm.label();
 #endif
     ADD_CALLSITE(false);
 
     if (callingNew)
         emitPrimitiveTestForNew(argc);
 
     frame.popn(argc + 2);
--- a/js/src/methodjit/MonoIC.cpp
+++ b/js/src/methodjit/MonoIC.cpp
@@ -529,16 +529,20 @@ class CallCompiler
         masm.move(Imm32(ic.argc), Registers::ArgReg1);
 #endif
 
         /* Push cx. */
 #ifdef JS_CPU_X86
         masm.storePtr(cxReg, Address(Assembler::stackPointerRegister, 0));
 #endif
 
+#ifdef _WIN64
+        /* x64 needs to pad the stack */
+        masm.subPtr(Imm32(32), Assembler::stackPointerRegister);
+#endif
         /* Make the call. */
         Assembler::Call call = masm.call();
 
 #ifdef JS_CPU_X86
         masm.addPtr(Imm32(16), Assembler::stackPointerRegister);
 #endif
 #if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
         // Usually JaegerThrowpoline got called from return address.
@@ -551,16 +555,19 @@ class CallCompiler
                                               Registers::ReturnReg);
         
 
 #if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
         // Usually JaegerThrowpoline got called from return address.
         // So in JaegerThrowpoline without fastcall, esp was added by 8.
         // If we just want to jump there, we need to sub esp by 8 first.
         masm.addPtr(Imm32(8), Assembler::stackPointerRegister);
+#elif defined(_WIN64)
+        /* JaegerThrowpoline expcets that stack is added by 32 for padding */
+        masm.addPtr(Imm32(32), Assembler::stackPointerRegister);
 #endif
 
         Jump done = masm.jump();
 
         /* Move JaegerThrowpoline into register for very far jump on x64. */
         hasException.linkTo(masm.label(), &masm);
         masm.move(ImmPtr(JS_FUNC_TO_DATA_PTR(void *, JaegerThrowpoline)), Registers::ReturnReg);
         masm.jump(Registers::ReturnReg);
--- a/js/src/methodjit/TrampolineMasmX64.asm
+++ b/js/src/methodjit/TrampolineMasmX64.asm
@@ -33,17 +33,16 @@
 ; the provisions above, a recipient may use your version of this file under
 ; the terms of any one of the MPL, the GPL or the LGPL.
 ;
 ; ***** END LICENSE BLOCK *****
 
 
 extern js_InternalThrow:PROC
 extern SetVMFrameRegs:PROC
-extern UnsetVMFrameRegs:PROC
 extern PushActiveVMFrame:PROC
 extern PopActiveVMFrame:PROC
 
 .CODE
 
 ; JSBool JaegerTrampoline(JSContext *cx, JSStackFrame *fp, void *code,
 ;                         Value *stackLimit, void *safePoint);
 JaegerTrampoline PROC FRAME
@@ -99,18 +98,16 @@ JaegerTrampoline PROC FRAME
     call    PushActiveVMFrame
     add     rsp, 20h
 
     ; Jump into the JIT code.
     call    qword ptr [rsp]
     sub     rsp, 20h
     lea     rcx, [rsp+20h]
     call    PopActiveVMFrame
-    lea     rcx, [rsp+20h]
-    call    UnsetVMFrameRegs
 
     add     rsp, 58h+20h
     pop     rbx
     pop     rsi
     pop     rdi
     pop     r15
     pop     r14
     pop     r13