Bug 911370 part 2 - Don't leak an invalidated IonScript when handling an exception. r=djvj
authorJan de Mooij <jdemooij@mozilla.com>
Wed, 11 Sep 2013 10:45:50 +0200
changeset 159452 c5d3d7e8a990ae5fa32e1a0dfb5b049f1bfad65b
parent 159451 ab1b3bfa01d7e63d5adc29ff398ca73754fa6bcb
child 159453 8621bdc408416276a715164dc7c7f7f14cfaaaf4
push id2961
push userlsblakk@mozilla.com
push dateMon, 28 Oct 2013 21:59:28 +0000
treeherdermozilla-beta@73ef4f13486f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdjvj
bugs911370
milestone26.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 911370 part 2 - Don't leak an invalidated IonScript when handling an exception. r=djvj
js/src/jit/IonFrames.cpp
--- a/js/src/jit/IonFrames.cpp
+++ b/js/src/jit/IonFrames.cpp
@@ -530,18 +530,25 @@ HandleException(ResumeFromException *rfe
     while (!iter.isEntry()) {
         bool overrecursed = false;
         if (iter.isOptimizedJS()) {
             // Search each inlined frame for live iterator objects, and close
             // them.
             InlineFrameIterator frames(cx, &iter);
             for (;;) {
                 HandleExceptionIon(cx, frames, rfe, &overrecursed);
-                if (rfe->kind != ResumeFromException::RESUME_ENTRY_FRAME)
+
+                if (rfe->kind == ResumeFromException::RESUME_BAILOUT) {
+                    IonScript *ionScript = NULL;
+                    if (iter.checkInvalidation(&ionScript))
+                        ionScript->decref(cx->runtime()->defaultFreeOp());
                     return;
+                }
+
+                JS_ASSERT(rfe->kind == ResumeFromException::RESUME_ENTRY_FRAME);
 
                 // When profiling, each frame popped needs a notification that
                 // the function has exited, so invoke the probe that a function
                 // is exiting.
                 JSScript *script = frames.script();
                 Probes::exitScript(cx, script, script->function(), NULL);
                 if (!frames.more())
                     break;