Bug 803219 - Fix TI sanity checks in the interpreter. r=terrence
authorJan de Mooij <jdemooij@mozilla.com>
Fri, 19 Oct 2012 21:10:01 +0200
changeset 110938 d692e3c39a17a478fba8d552fe38f2d6711cf572
parent 110937 ebdaddbe9b7be4c68024a05cbcdf6f90573d95bc
child 110939 a441f6e0afc90dd7890bcf06afd80b1b8c811d61
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersterrence
bugs803219
milestone19.0a1
Bug 803219 - Fix TI sanity checks in the interpreter. r=terrence
js/src/jsinterp.cpp
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -1025,25 +1025,21 @@ IteratorNext(JSContext *cx, HandleObject
     return js_IteratorNext(cx, iterobj, rval);
 }
 
 /*
  * For bytecodes which push values and then fall through, make sure the
  * types of the pushed values are consistent with type inference information.
  */
 static inline void
-TypeCheckNextBytecode(JSContext *cx, JSScript *script_, unsigned n, const FrameRegs &regs)
+TypeCheckNextBytecode(JSContext *cx, HandleScript script, unsigned n, const FrameRegs &regs)
 {
 #ifdef DEBUG
-    if (cx->typeInferenceEnabled() &&
-        n == GetBytecodeLength(regs.pc))
-    {
-        RootedScript script(cx, script_);
+    if (cx->typeInferenceEnabled() && n == GetBytecodeLength(regs.pc))
         TypeScript::CheckBytecode(cx, script, regs.pc, regs.sp);
-    }
 #endif
 }
 
 JS_NEVER_INLINE InterpretStatus
 js::Interpret(JSContext *cx, StackFrame *entryFrame, InterpMode interpMode)
 {
     JSAutoResolveFlags rf(cx, RESOLVE_INFER);
 
@@ -1251,16 +1247,17 @@ js::Interpret(JSContext *cx, StackFrame 
 
     DO_NEXT_OP(len);
 
     for (;;) {
       advance_pc_by_one:
         JS_ASSERT(js_CodeSpec[op].length == 1);
         len = 1;
       advance_pc:
+        TypeCheckNextBytecode(cx, script, len, regs);
         js::gc::MaybeVerifyBarriers(cx);
         regs.pc += len;
         op = (JSOp) *regs.pc;
 
       do_op:
         CHECK_PCCOUNT_INTERRUPTS();
         switchOp = int(op) | switchMask;
       do_switch: