[INFER] Handle ic::Call return value after recompiling to an uncached call, bug 621328.
authorBrian Hackett <bhackett1024@gmail.com>
Thu, 30 Dec 2010 14:13:41 -0800
changeset 74696 a5f3949c0db723a3aacfa419b22763f3eb19094f
parent 74695 fbeecf1d1f4c61bfedd19bcc8d99a139ecaccdc9
child 74697 ff050680d3153bc07a9def19dd92718da604a97d
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs621328
milestone2.0b8pre
[INFER] Handle ic::Call return value after recompiling to an uncached call, bug 621328.
js/src/jit-test/tests/jaeger/recompile/bug621328.js
js/src/methodjit/Compiler.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/recompile/bug621328.js
@@ -0,0 +1,9 @@
+function foo() {
+};
+function f() {
+    var e = foo;
+    a = new e();
+    assertEq(typeof(a), "object");
+    e=a;
+}
+f();
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -2690,16 +2690,22 @@ mjit::Compiler::emitUncachedCall(uint32 
     RegisterID r0 = Registers::ReturnReg;
     VoidPtrStubUInt32 stub = callingNew ? stubs::UncachedNew : stubs::UncachedCall;
 
     frame.syncAndKill(Uses(argc + 2));
     prepareStubCall(Uses(argc + 2));
     masm.move(Imm32(argc), Registers::ArgReg1);
     INLINE_STUBCALL(stub);
 
+    if (recompiling) {
+        /* In case we recompiled this call to an uncached call. */
+        OOL_STUBCALL(JS_FUNC_TO_DATA_PTR(void *, callingNew ? ic::New : ic::Call));
+        stubcc.crossJump(stubcc.masm.jump(), masm.label());
+    }
+
     Jump notCompiled = masm.branchTestPtr(Assembler::Zero, r0, r0);
 
     masm.loadPtr(FrameAddress(offsetof(VMFrame, regs.fp)), JSFrameReg);
     callPatch.hasFastNcode = true;
     callPatch.fastNcodePatch =
         masm.storePtrWithPatch(ImmPtr(NULL),
                                Address(JSFrameReg, JSStackFrame::offsetOfncode()));
 
@@ -2712,22 +2718,16 @@ mjit::Compiler::emitUncachedCall(uint32 
 
     frame.takeReg(JSReturnReg_Type);
     frame.takeReg(JSReturnReg_Data);
     frame.pushRegs(JSReturnReg_Type, JSReturnReg_Data, knownPushedType(0), pushedTypeSet(0));
 
     stubcc.linkExitDirect(notCompiled, stubcc.masm.label());
     stubcc.rejoin(Changes(1));
     callPatches.append(callPatch);
-
-    if (recompiling) {
-        /* In case we recompiled this call to an uncached call. */
-        OOL_STUBCALL(JS_FUNC_TO_DATA_PTR(void *, callingNew ? ic::New : ic::Call));
-        stubcc.rejoin(Changes(1));
-    }
 }
 
 static bool
 IsLowerableFunCallOrApply(jsbytecode *pc)
 {
 #ifdef JS_TYPE_INFERENCE
     /* :FIXME: see canUseApplyTricks */
     return false;