Bug 720680: Less paren slop. (r=cdleary)
authorAdam <adam@sigterm.info>
Wed, 25 Jan 2012 22:25:31 -0800
changeset 86658 38a3bc6cc423b044c7c73b0404f3a109d9511ad2
parent 86657 7f26e362a9f7d06f43d5e525ca5c4d9b79ccb11b
child 86659 2b74b62701e2f5f636fb1ed447170cf18cbd45e9
push id805
push userakeybl@mozilla.com
push dateWed, 01 Feb 2012 18:17:35 +0000
treeherdermozilla-aurora@6fb3bf232436 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscdleary
bugs720680
milestone12.0a1
Bug 720680: Less paren slop. (r=cdleary)
js/src/jit-test/tests/basic/regress-bug720680.js
js/src/jsopcode.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/regress-bug720680.js
@@ -0,0 +1,15 @@
+// |jit-test| error: InternalError
+version(0);
+eval("\
+function TimeFromYear( y ) {}\
+addTestCase( -2208988800000 );\
+function addTestCase( t ) {\
+  var start = TimeFromYear((addTestCase(addTestCase << t, 0)));\
+    new TestCase( \
+                  SECTION,\
+                  '(new Date('+d+')).getUTCDay()',\
+                  WeekDay((d)),\
+                  (new Date(let ({ stop } = 'properties.length' )('/ab[c\\\n]/'))).getUTCDay() \
+                );\
+}\
+");
--- a/js/src/jsopcode.cpp
+++ b/js/src/jsopcode.cpp
@@ -850,18 +850,17 @@ Sprinter::put(const char *s, size_t len)
 
     /* s is within the buffer already */
     if (s >= oldBase && s < oldEnd) {
         /* buffer was realloc'ed */
         if (base != oldBase)
             s = stringAt(s - oldBase);  /* this is where it lives now */
         memmove(bp, s, len);
     } else {
-        JS_ASSERT(s < base || s >= base + size);
-        memcpy(bp, s, len);
+        js_memcpy(bp, s, len);
     }
 
     bp[len] = 0;
     return oldOffset;
 }
 
 ptrdiff_t
 Sprinter::putString(JSString *s)
@@ -2054,17 +2053,17 @@ DecompileDestructuringLHS(SprintStack *s
         /*
          * We may need to auto-parenthesize the left-most value decompiled
          * here, so add back PAREN_SLOP temporarily.  Then decompile until the
          * opcode that would reduce the stack depth to (ss->top-1), which we
          * pass to Decompile encoded as -(ss->top-1) - 1 or just -ss->top for
          * the nb parameter.
          */
         ptrdiff_t todo = ss->sprinter.getOffset();
-        ss->sprinter.setOffset(todo + PAREN_SLOP);
+        ss->sprinter.reserve(PAREN_SLOP);
         pc = Decompile(ss, pc, -((intN)ss->top));
         if (!pc)
             return NULL;
         if (pc == endpc)
             return pc;
         LOAD_OP_DATA(pc);
         LOCAL_ASSERT(op == JSOP_ENUMELEM || op == JSOP_ENUMCONSTELEM);
         xval = PopStr(ss, JSOP_NOP);