Bug 1308193 - Reorganize code that looks like it could return a stack address. r=nbp
authorSean Stangl <sstangl@mozilla.com>
Fri, 21 Jul 2017 14:52:00 -0400
changeset 421862 8e1e06adf80f82d3d5cf08eadaf569a107bd1ecf
parent 421861 41e32078db7450a025c98d03e27d34058b4f55d6
child 421863 167f91f87172c3fd4ca7ac8f8e1f6bd6a2bf2dc1
push id1517
push userjlorenzo@mozilla.com
push dateThu, 14 Sep 2017 16:50:54 +0000
treeherdermozilla-release@3b41fd564418 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnbp
bugs1308193
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1308193 - Reorganize code that looks like it could return a stack address. r=nbp
js/src/jit/IonBuilder.cpp
--- a/js/src/jit/IonBuilder.cpp
+++ b/js/src/jit/IonBuilder.cpp
@@ -8534,18 +8534,17 @@ IonBuilder::getElemAddCache(MDefinition*
 }
 
 TemporaryTypeSet*
 IonBuilder::computeHeapType(const TemporaryTypeSet* objTypes, const jsid id)
 {
     if (objTypes->unknownObject() || objTypes->getObjectCount() == 0)
         return nullptr;
 
-    TemporaryTypeSet empty;
-    TemporaryTypeSet* acc = &empty;
+    TemporaryTypeSet* acc = nullptr;
     LifoAlloc* lifoAlloc = alloc().lifoAlloc();
 
     Vector<HeapTypeSetKey, 4, SystemAllocPolicy> properties;
     if (!properties.reserve(objTypes->getObjectCount()))
         return nullptr;
 
     for (unsigned i = 0; i < objTypes->getObjectCount(); i++) {
         TypeSet::ObjectKey* key = objTypes->getObject(i);
@@ -8555,17 +8554,24 @@ IonBuilder::computeHeapType(const Tempor
 
         HeapTypeSetKey property = key->property(id);
         HeapTypeSet* currentSet = property.maybeTypes();
 
         if (!currentSet || currentSet->unknown())
             return nullptr;
 
         properties.infallibleAppend(property);
-        acc = TypeSet::unionSets(acc, currentSet, lifoAlloc);
+
+        if (acc) {
+            acc = TypeSet::unionSets(acc, currentSet, lifoAlloc);
+        } else {
+            TemporaryTypeSet empty;
+            acc = TypeSet::unionSets(&empty, currentSet, lifoAlloc);
+        }
+
         if (!acc)
             return nullptr;
     }
 
     // Freeze all the properties associated with the refined type set.
     for (HeapTypeSetKey* i = properties.begin(); i != properties.end(); i++)
         i->freeze(constraints());