Fixed the known native arg handler from accidentally using 'continue' to break out of a loop one level higher. This was causing crashes when the arg didn't match the expected types (bug 450530).
authorDavid Anderson <danderson@mozilla.com>
Thu, 14 Aug 2008 11:48:43 -0700
changeset 18172 8a48902b37536cfb441ee74c0dd5124d9d807eba
parent 18171 161cb76cb8f0e1d741ec1e0032ac46c4e7a220e6
child 18173 aec0cf8db20c1a13d2e28e9d99ab5af97534fe57
child 18176 0e382636c8c517ef3eefa06b873ba42e35919644
child 18178 afb6940312f13e4f3869d073009acd51de5fa88a
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs450530
milestone1.9.1a2pre
Fixed the known native arg handler from accidentally using 'continue' to break out of a loop one level higher. This was causing crashes when the arg didn't match the expected types (bug 450530).
js/src/jstracer.cpp
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -3563,16 +3563,20 @@ TraceRecorder::record_JSOP_CALL()
         if (argc != knownargc)
             continue;
 
         intN prefixc = strlen(known->prefix);
         LIns* args[5];
         LIns** argp = &args[argc + prefixc - 1];
         char argtype;
 
+#if defined _DEBUG
+        memset(args, 0xCD, sizeof(args));	
+#endif
+
         jsval& thisval = stackval(0 - (argc + 1));
         LIns* thisval_ins = get(&thisval);
         if (known->tclasp &&
             !JSVAL_IS_PRIMITIVE(thisval) &&
             !guardClass(JSVAL_TO_OBJECT(thisval), thisval_ins, known->tclasp)) {
             continue; /* might have another specialization for |this| */
         }
 
@@ -3602,17 +3606,17 @@ TraceRecorder::record_JSOP_CALL()
             break;
           default:
             JS_NOT_REACHED("illegal number of prefix args");
         }
 
 #undef HANDLE_PREFIX
 
 #define HANDLE_ARG(i)                                                          \
-    JS_BEGIN_MACRO                                                             \
+    {                                                                          \
         jsval& arg = stackval(-(i + 1));                                       \
         argtype = known->argtypes[i];                                          \
         if (argtype == 'd' || argtype == 'i') {                                \
             if (!isNumber(arg))                                                \
                 continue; /* might have another specialization for arg */      \
             *argp = get(&arg);                                                 \
             if (argtype == 'i')                                                \
                 *argp = f2i(*argp);                                            \
@@ -3627,17 +3631,17 @@ TraceRecorder::record_JSOP_CALL()
         } else if (argtype == 'f') {                                           \
             if (!VALUE_IS_FUNCTION(cx, arg))                                   \
                 continue; /* might have another specialization for arg */      \
             *argp = get(&arg);                                                 \
         } else {                                                               \
             continue;     /* might have another specialization for arg */      \
         }                                                                      \
         argp--;                                                                \
-    JS_END_MACRO
+    }
 
         switch (strlen(known->argtypes)) {
           case 4:
             HANDLE_ARG(3);
             /* FALL THROUGH */
           case 3:
             HANDLE_ARG(2);
             /* FALL THROUGH */
@@ -3650,16 +3654,20 @@ TraceRecorder::record_JSOP_CALL()
           case 0:
             break;
           default:
             JS_NOT_REACHED("illegal number of args to traceable native");
         }
 
 #undef HANDLE_ARG
 
+#if defined _DEBUG
+        JS_ASSERT(args[0] != (LIns *)0xcdcdcdcd);
+#endif
+
         LIns* res_ins = lir->insCall(known->builtin, args);
         switch (known->errtype) {
           case FAIL_NULL:
             guard(false, lir->ins_eq0(res_ins), OOM_EXIT);
             break;
           case FAIL_NEG:
           {
             res_ins = lir->ins1(LIR_i2f, res_ins);