Bug 610901 - need to explicitly construct/destruct JITScript (r=dvander)
authorLuke Wagner <lw@mozilla.com>
Wed, 10 Nov 2010 11:43:22 -0800
changeset 57758 001472f3c9af067a7f23ba4b7cbe847f33c623ab
parent 57757 e8c612257ca5a044d5828fb51312eced6d737f02
child 57759 b9eac30071aab3f931166d7caa5fc663ef17ef6e
push id1
push usershaver@mozilla.com
push dateTue, 04 Jan 2011 17:58:04 +0000
reviewersdvander
bugs610901
milestone2.0b8pre
Bug 610901 - need to explicitly construct/destruct JITScript (r=dvander)
js/src/methodjit/Compiler.cpp
js/src/methodjit/MethodJIT.cpp
js/src/methodjit/MethodJIT.h
--- a/js/src/methodjit/Compiler.cpp
+++ b/js/src/methodjit/Compiler.cpp
@@ -421,17 +421,17 @@ mjit::Compiler::finishThisUp(JITScript *
                         sizeof(CallSite) * callSites.length();
 
     uint8 *cursor = (uint8 *)cx->calloc(totalBytes);
     if (!cursor) {
         execPool->release();
         return Compile_Error;
     }
 
-    JITScript *jit = (JITScript *)cursor;
+    JITScript *jit = new(cursor) JITScript;
     cursor += sizeof(JITScript);
 
     jit->code = JSC::MacroAssemblerCodeRef(result, execPool, masm.size() + stubcc.size());
     jit->nCallSites = callSites.length();
     jit->invokeEntry = result;
 
     /* Build the pc -> ncode mapping. */
     void **nmap = (void **)cursor;
--- a/js/src/methodjit/MethodJIT.cpp
+++ b/js/src/methodjit/MethodJIT.cpp
@@ -798,18 +798,17 @@ js::mjit::JaegerShotAtSafePoint(JSContex
 }
 
 template <typename T>
 static inline void Destroy(T &t)
 {
     t.~T();
 }
 
-void
-mjit::JITScript::release()
+mjit::JITScript::~JITScript()
 {
 #if defined DEBUG && (defined JS_CPU_X86 || defined JS_CPU_X64) 
     void *addr = code.m_code.executableAddress();
     memset(addr, 0xcc, code.m_size);
 #endif
 
     code.m_executablePool->release();
 
@@ -838,27 +837,27 @@ mjit::JITScript::release()
 void
 mjit::ReleaseScriptCode(JSContext *cx, JSScript *script)
 {
     // NB: The recompiler may call ReleaseScriptCode, in which case it
     // will get called again when the script is destroyed, so we
     // must protect against calling ReleaseScriptCode twice.
 
     if (script->jitNormal) {
-        script->jitNormal->release();
-        script->jitArityCheckNormal = NULL;
+        script->jitNormal->~JITScript();
         cx->free(script->jitNormal);
         script->jitNormal = NULL;
+        script->jitArityCheckNormal = NULL;
     }
 
     if (script->jitCtor) {
-        script->jitCtor->release();
-        script->jitArityCheckCtor = NULL;
+        script->jitCtor->~JITScript();
         cx->free(script->jitCtor);
         script->jitCtor = NULL;
+        script->jitArityCheckCtor = NULL;
     }
 }
 
 #ifdef JS_METHODJIT_PROFILE_STUBS
 void JS_FASTCALL
 mjit::ProfileStubCall(VMFrame &f)
 {
     JSOp op = JSOp(*f.regs.pc);
--- a/js/src/methodjit/MethodJIT.h
+++ b/js/src/methodjit/MethodJIT.h
@@ -316,26 +316,27 @@ struct JITScript {
     uint32           nGetElems;
     ic::SetElementIC *setElems;
     uint32           nSetElems;
 #endif
     void            *invokeEntry;       /* invoke address */
     void            *fastEntry;         /* cached entry, fastest */
     void            *arityCheckEntry;   /* arity check address */
 
+    ~JITScript();
+
     bool isValidCode(void *ptr) {
         char *jitcode = (char *)code.m_code.executableAddress();
         char *jcheck = (char *)ptr;
         return jcheck >= jitcode && jcheck < jitcode + code.m_size;
     }
 
     void sweepCallICs();
     void purgeMICs();
     void purgePICs();
-    void release();
 };
 
 /*
  * Execute the given mjit code. This is a low-level call and callers must
  * provide the same guarantees as JaegerShot/CheckStackAndEnterMethodJIT.
  */
 JSBool EnterMethodJIT(JSContext *cx, JSStackFrame *fp, void *code, Value *stackLimit);