Bug 980384 - Fix frame marker for half-constructed stack frames r=jandem
authorAndy Wingo <wingo@igalia.com>
Tue, 11 Mar 2014 09:26:05 +0100
changeset 190128 7450b87d6ff4f51e8632bf5a9951dd1deb982c99
parent 190127 5bd692d15d02c87dc8a4197cd96be36201efa941
child 190129 39f411171c6f3053d6e2f648722ec41e2b9ef546
push id3503
push userraliiev@mozilla.com
push dateMon, 28 Apr 2014 18:51:11 +0000
treeherdermozilla-beta@c95ac01e332e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs980384
milestone30.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 980384 - Fix frame marker for half-constructed stack frames r=jandem
js/src/jit/BaselineFrame.cpp
--- a/js/src/jit/BaselineFrame.cpp
+++ b/js/src/jit/BaselineFrame.cpp
@@ -72,16 +72,23 @@ BaselineFrame::trace(JSTracer *trc, IonF
             StaticBlockObject &blockObj = staticScope->as<StaticBlockObject>();
             nlivefixed = blockObj.localOffset() + blockObj.numVariables();
         }
     }
 
     JS_ASSERT(nlivefixed <= nfixed);
     JS_ASSERT(nlivefixed >= script->nfixedvars());
 
+    // NB: It is possible that numValueSlots() could be zero, even if nfixed is
+    // nonzero.  This is the case if the function has an early stack check.
+    if (numValueSlots() == 0)
+        return;
+
+    JS_ASSERT(nfixed <= numValueSlots());
+
     if (nfixed == nlivefixed) {
         // All locals are live.
         MarkLocals(this, trc, 0, numValueSlots());
     } else {
         // Mark operand stack.
         MarkLocals(this, trc, nfixed, numValueSlots());
 
         // Clear dead locals.