Abort trace if we inline too deeply.
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -67,16 +67,19 @@
#define HOTLOOP 2
/* Number of times we wait to exit on a side exit before we try to extend the tree. */
#define HOTEXIT 0
/* Number of backedges permitted before a loop is terminated */
#define MAX_XJUMPS 5
+/* Max call depths or inlining */
+#define MAX_CALLDEPTH 5
+
#ifdef DEBUG
#define ABORT_TRACE(msg) do { fprintf(stdout, "abort: %d: %s\n", __LINE__, msg); return false; } while(0)
#else
#define ABORT_TRACE(msg) return false
#endif
#ifdef DEBUG
static struct {
@@ -1967,17 +1970,18 @@ TraceRecorder::clearFrameSlotsFromCache(
nativeFrameTracker.set(vp, (LIns*)0);
for (vp = &fp->slots[0], vpstop = &fp->slots[fp->script->nslots]; vp < vpstop; ++vp)
nativeFrameTracker.set(vp, (LIns*)0);
}
bool
TraceRecorder::record_EnterFrame()
{
- ++callDepth;
+ if (++callDepth >= MAX_CALLDEPTH)
+ ABORT_TRACE("exceeded maximum call depth");
JSStackFrame* fp = cx->fp;
LIns* void_ins = lir->insImm(JSVAL_TO_BOOLEAN(JSVAL_VOID));
unsigned n;
for (n = 0; n < fp->script->nfixed; ++n)
set(&fp->slots[n], void_ins, true);
return true;
}
