Bug 905903 - Properly trace ICTypeMonitor chains for pre-barrier when unlinking them. r=terrence, a=lsblakk
authorKannan Vijayan <kvijayan@mozilla.com>
Tue, 24 Sep 2013 16:38:45 -0400
changeset 286428 8f44e7a03c4cec983fe5e50ce64cdaf04ef33698
parent 286427 aa4f3e9c4f95bbdaa1aa0b0afa325973212a1315
child 286429 bfd0f8d7509f3395381fb651015de16a166701bc
push id218
push userryanvm@gmail.com
push dateWed, 16 Dec 2015 22:58:33 +0000
reviewersterrence, lsblakk
bugs905903
milestone26.0
Bug 905903 - Properly trace ICTypeMonitor chains for pre-barrier when unlinking them. r=terrence, a=lsblakk
js/src/jit/BaselineIC.cpp
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -463,17 +463,20 @@ ICFallbackStub::unlinkStubsWithKind(JSCo
 
 void
 ICTypeMonitor_Fallback::resetMonitorStubChain(Zone *zone)
 {
     if (zone->needsBarrier()) {
         // We are removing edges from monitored stubs to gcthings (IonCode).
         // Perform one final trace of all monitor stubs for incremental GC,
         // as it must know about those edges.
-        this->trace(zone->barrierTracer());
+        if (hasFallbackStub_) {
+            for (ICStub *s = firstMonitorStub_; !s->isTypeMonitor_Fallback(); s = s->next())
+                s->trace(zone->barrierTracer());
+        }
     }
 
     firstMonitorStub_ = this;
     numOptimizedMonitorStubs_ = 0;
 
     if (hasFallbackStub_) {
         lastMonitorStubPtrAddr_ = NULL;