Mercurial > releases > mozilla-beta / changeset / 5fcc03122569395f194d53f96fec95eca025e576
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix iteration of snapshot slots in closeLiveIterator (Bug 749048, r=dvander)
authorNicolas Pierron <nicolas.b.pierron@mozilla.com>
Mon, 30 Apr 2012 19:26:38 -0700
changeset 112434 5fcc03122569395f194d53f96fec95eca025e576
parent 112433 086958bf99e7d81fe86d19c968424a1be96edcf5
child 112435 ff4083f660ed00f8850c9e55e57cfbf8a2444c0f
push id1708
push userakeybl@mozilla.com
push dateMon, 19 Nov 2012 21:10:21 +0000
treeherdermozilla-beta@27b14fe50103 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdvander
bugs749048
milestone15.0a1
first release with
nightly linux32
fdfaef738a00 / 18.0a1 / 20120911140351 / files
nightly linux64
fdfaef738a00 / 18.0a1 / 20120911140351 / files
nightly mac
fdfaef738a00 / 18.0a1 / 20120911140351 / files
nightly win32
fdfaef738a00 / 18.0a1 / 20120911140351 / files
nightly win64
fdfaef738a00 / 18.0a1 / 20120911140351 / files
last release without
nightly linux32
cfaf90b22fc3 / 15.0a1 / 20120430030504 / files
nightly linux64
cfaf90b22fc3 / 15.0a1 / 20120430030504 / files
nightly mac
cfaf90b22fc3 / 15.0a1 / 20120430030504 / files
nightly win32
cfaf90b22fc3 / 15.0a1 / 20120430030504 / files
nightly win64
cfaf90b22fc3 / 15.0a1 / 20120430030504 / files
Fix iteration of snapshot slots in closeLiveIterator (Bug 749048, r=dvander)
js/src/ion/IonFrames.cpp file | annotate | diff | comparison | revisions 
--- a/js/src/ion/IonFrames.cpp
+++ b/js/src/ion/IonFrames.cpp
@@ -265,26 +265,25 @@ IonFrameIterator::machineState() const
             continue;
         machine.setRegisterLocation(reg, spillBase);
     }
 
     return machine;
 }
 
 static void
-CloseLiveIterator(JSContext *cx, const InlineFrameIterator &frame, uint32 stackSlot)
+CloseLiveIterator(JSContext *cx, const InlineFrameIterator &frame, uint32 localSlot)
 {
     SnapshotIterator si = frame.snapshotIterator();
 
-    // Skip stuff that comes before locals.
-    for (unsigned i = 0; i < CountArgSlots(frame.maybeCallee()); i++)
-        si.skip();
+    // Skip stack slots until we reach the iterator object.
+    uint32 base = CountArgSlots(frame.maybeCallee()) + frame.script()->nfixed;
+    uint32 skipSlots = base + localSlot - 1;
 
-    // Skip stack slots until we reach the iterator object.
-    for (unsigned i = 0; i < stackSlot; i++)
+    for (unsigned i = 0; i < skipSlots; i++)
         si.skip();
 
     Value v = si.read();
     JSObject *obj = &v.toObject();
 
     if (cx->isExceptionPending())
         UnwindIteratorForUncatchableException(cx, obj);
     else
@@ -299,26 +298,29 @@ CloseLiveIterators(JSContext *cx, const 
 
     if (!JSScript::isValidOffset(script->trynotesOffset))
         return;
 
     JSTryNote *tn = script->trynotes()->vector;
     JSTryNote *tnEnd = tn + script->trynotes()->length;
 
     for (; tn != tnEnd; ++tn) {
-        if (uint32(pc - script->code) - tn->start >= tn->length)
+        if (uint32(pc - script->code) < tn->start)
+            continue;
+        if (uint32(pc - script->code) >= tn->start + tn->length)
             continue;
 
         if (tn->kind != JSTRY_ITER)
             continue;
 
         JS_ASSERT(JSOp(*(script->code + tn->start + tn->length)) == JSOP_ENDITER);
         JS_ASSERT(tn->stackDepth > 0);
 
-        CloseLiveIterator(cx, frame, tn->stackDepth - 1);
+        uint32 localSlot = tn->stackDepth;
+        CloseLiveIterator(cx, frame, localSlot);
     }
 }
 
 void
 ion::HandleException(ResumeFromException *rfe)
 {
     JSContext *cx = GetIonContext()->cx;
mozilla-beta
Deployed from 80bb07ef5c17 at 2020-12-01T16:21:11Z.