Bug 747926 - Preserve type tag when overwriting VM stack values (r=bhackett,a=lsblakk)
authorBill McCloskey <wmccloskey@mozilla.com>
Mon, 07 May 2012 10:12:58 -0700
changeset 94204 6114cf84a407d9ee8a70c2dc00fe7c2792c4d460
parent 94203 5a750b6f3a3c7ca0a788c0a5f4448d3482040be5
child 94205 76f314b1de5f1cea84597dc4583b2306d1f849e1
push id1257
push userwmccloskey@mozilla.com
push dateThu, 10 May 2012 18:35:45 +0000
treeherdermozilla-aurora@6114cf84a407 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett, lsblakk
bugs747926
milestone14.0a2
Bug 747926 - Preserve type tag when overwriting VM stack values (r=bhackett,a=lsblakk)
js/src/jit-test/tests/basic/bug747926.js
js/src/vm/Stack.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug747926.js
@@ -0,0 +1,12 @@
+a = 'a';
+b = [,];
+exhaustiveSliceTest("exhaustive slice test 1", a);
+print('---');
+exhaustiveSliceTest("exhaustive slice test 2", b);
+function exhaustiveSliceTest(testname, a){
+  x = 0
+  var y = 0;
+  countHeap();
+    for (y=a.length; y + a.length; y--) { print(y);
+					  var b  = a.slice(x,y); }
+}
--- a/js/src/vm/Stack.cpp
+++ b/js/src/vm/Stack.cpp
@@ -479,21 +479,26 @@ StackSpace::markFrameSlots(JSTracer *trc
      */
     analyze::AutoEnterAnalysis aea(script->compartment());
     analyze::ScriptAnalysis *analysis = script->analysis();
     uint32_t offset = pc - script->code;
     Value *fixedEnd = slotsBegin + script->nfixed;
     for (Value *vp = slotsBegin; vp < fixedEnd; vp++) {
         uint32_t slot = analyze::LocalSlot(script, vp - slotsBegin);
 
-        /* Will this slot be synced by the JIT? */
+        /*
+         * Will this slot be synced by the JIT? If not, replace with a dummy
+         * value with the same type tag.
+         */
         if (!analysis->trackSlot(slot) || analysis->liveness(slot).live(offset))
             gc::MarkValueRoot(trc, vp, "vm_stack");
-        else
-            *vp = UndefinedValue();
+        else if (vp->isObject())
+            *vp = ObjectValue(fp->scopeChain()->global());
+        else if (vp->isString())
+            *vp = StringValue(trc->runtime->atomState.nullAtom);
     }
 
     gc::MarkValueRootRange(trc, fixedEnd, slotsEnd, "vm_stack");
 }
 
 void
 StackSpace::mark(JSTracer *trc)
 {