[INFER] Check VMFrame return addresses against inlined call sites when expanding frames, bug 647199.
authorBrian Hackett <bhackett1024@gmail.com>
Sun, 03 Apr 2011 15:29:01 -0700
changeset 75911 9c4d9a6d58e03d85834c0085793a81a279898a85
parent 75910 42f282c4922c8372834af52930a8665088d2e207
child 75912 11f4754d82828de1d5a3a7a45e7325aa63ff1104
push id67
push userclegnitto@mozilla.com
push dateFri, 04 Nov 2011 22:39:41 +0000
treeherdermozilla-release@04778346a3b0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs647199
milestone2.2a1pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
[INFER] Check VMFrame return addresses against inlined call sites when expanding frames, bug 647199.
js/src/jit-test/tests/jaeger/recompile/bug647199.js
js/src/methodjit/Retcon.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/recompile/bug647199.js
@@ -0,0 +1,11 @@
+TryInWhile( new TryObject( "hello", ThrowException, true ) );
+function TryObject( value, throwFunction, result ) {
+  this.thrower=throwFunction
+}
+function ThrowException() TryInWhile(1);
+function TryInWhile( object ) {
+    try {
+      object.thrower()
+    } catch ( e ) {
+    }  
+}
--- a/js/src/methodjit/Retcon.cpp
+++ b/js/src/methodjit/Retcon.cpp
@@ -280,18 +280,22 @@ Recompiler::expandInlineFrames(JSContext
     JS_ASSERT_IF(next, next->prev() == fp && next->prevInline() == inlined);
 
     /*
      * Treat any frame expansion as a recompilation event, so that f.jit() is
      * stable if no recompilations have occurred.
      */
     cx->compartment->types.frameExpansions++;
 
+    /* Patch the VMFrame's return address if it is returning at the given inline site. */
     void **frameAddr = f->returnAddressLocation();
-    bool patchFrameReturn = (f->scratch != NATIVE_CALL_SCRATCH_VALUE && fp->jit()->isValidCode(*frameAddr));
+    uint8* codeStart = (uint8 *)fp->jit()->code.m_code.executableAddress();
+    bool patchFrameReturn =
+        (f->scratch != NATIVE_CALL_SCRATCH_VALUE) &&
+        (*frameAddr == codeStart + inlined->codeOffset);
 
     InlineFrame *inner = &fp->jit()->inlineFrames()[inlined->inlineIndex];
     jsbytecode *innerpc = inner->fun->script()->code + inlined->pcOffset;
 
     JSStackFrame *innerfp = expandInlineFrameChain(cx, fp, inner);
     JITScript *jit = innerfp->jit();
 
     if (f->regs.fp == fp) {