[INFER] Don't add stale unsynced entries to inline frame info, bug 647973.
authorBrian Hackett <bhackett1024@gmail.com>
Wed, 06 Apr 2011 12:24:17 -0700
changeset 74906 b8b674ac06e71bd0bb3a0d050f8f7e5df9246c71
parent 74905 dc3bb73615dd190131a934ea5fd5d66355953069
child 74907 6474999c14c6156188805afd8ad6ec398056b265
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs647973
milestone2.2a1pre
[INFER] Don't add stale unsynced entries to inline frame info, bug 647973.
js/src/jit-test/tests/jaeger/inline/bug647973.js
js/src/methodjit/FrameState.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/inline/bug647973.js
@@ -0,0 +1,11 @@
+function f(a1, a2, a3, a4) {
+}
+function g(a1, a2) {
+    var d = new Date(0);
+    f();
+    assertEq(typeof d, 'object');
+}
+g();
+gc();
+f(2, 2, 2, f(2, 2, 2, 12 === 12));
+g(false, false);
--- a/js/src/methodjit/FrameState.cpp
+++ b/js/src/methodjit/FrameState.cpp
@@ -74,16 +74,18 @@ FrameState::~FrameState()
 void
 FrameState::getUnsyncedEntries(uint32 *pdepth, Vector<UnsyncedEntry> *unsyncedEntries)
 {
     *pdepth = totalDepth() + VALUES_PER_STACK_FRAME;
 
     /* Mark all unsynced entries in the frame. */
     for (uint32 i = 0; i < a->tracker.nentries; i++) {
         FrameEntry *fe = a->tracker[i];
+        if (fe >= sp)
+            continue;
         if (fe->type.synced() && fe->data.synced())
             continue;
         if (fe->inlined)
             continue;
 
         UnsyncedEntry entry;
         PodZero(&entry);