mozilla-aurora: changeset 78273:9c3b0542705c823c2e94a28f9e3a95c92a3e1f97

author	Brian Hackett <bhackett1024@gmail.com>
	Mon, 17 Oct 2011 07:36:02 -0700
changeset 78273	9c3b0542705c823c2e94a28f9e3a95c92a3e1f97
parent 78272	51d973c83798caa2f7d54af54ca3fc4ee563800c
child 78274	2ff67bfc7b1982b5306ac9084a443ff011e28c03
push id	443
push user	bhackett@mozilla.com
push date	Mon, 17 Oct 2011 14:36:18 +0000
treeherder	mozilla-aurora@9c3b0542705c [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	dvander, asa
bugs	686107
milestone	9.0a2

Fix recompilation hazard in CALLELEMENT, bug 686107. r=dvander a=asa

--- a/js/src/methodjit/PolyIC.cpp
+++ b/js/src/methodjit/PolyIC.cpp
@@ -2874,29 +2874,31 @@ ic::CallElement(VMFrame &f, ic::GetEleme
 
     // Right now, we don't optimize for strings.
     if (!f.regs.sp[-2].isObject()) {
         ic->disable(cx, "non-object");
         stubs::CallElem(f);
         return;
     }
 
+    RecompilationMonitor monitor(cx);
+
     Value thisv = f.regs.sp[-2];
     JSObject *thisObj = ValuePropertyBearer(cx, thisv, -2);
     if (!thisObj)
         THROW();
 
     jsid id;
     Value idval = f.regs.sp[-1];
     if (idval.isInt32() && INT_FITS_IN_JSID(idval.toInt32()))
         id = INT_TO_JSID(idval.toInt32());
     else if (!js_InternNonIntElementId(cx, thisObj, idval, &id))
         THROW();
 
-    if (ic->shouldUpdate(cx)) {
+    if (!monitor.recompiled() && ic->shouldUpdate(cx)) {
 #ifdef DEBUG
         f.regs.sp[-2] = MagicValue(JS_GENERIC_MAGIC);
 #endif
         LookupStatus status = ic->update(f, cx, thisObj, idval, id, &f.regs.sp[-2]);
         if (status != Lookup_Uncacheable) {
             if (status == Lookup_Error)
                 THROW();