Bug 798823 - Don't use an empty IonActivation in FastInvokeGuard. r=dvander

2012-10-07 14:27:11 -07:00 · 2012-10-07 14:27:11 -07:00 · 3923aee558
--- a/js/src/ion/Ion.cpp
+++ b/js/src/ion/Ion.cpp
@ -1478,28 +1478,28 @@ ion::FastInvoke(JSContext *cx, HandleFunction fun, CallArgs &args)
    //        JM -> Ion -> array_sort -> Ion
    //     In this cas we use an IonActivation with entryfp == NULL
    //     and prevpc != NULL.
+    IonActivation activation(cx, NULL);
    if (!fp->beginsIonActivation()) {
        fp->setCallingIntoIon();
        clearCallingIntoIon = true;
-        cx->runtime->ionActivation->setEntryFp(fp);
+        activation.setEntryFp(fp);
    } else {
-        JS_ASSERT(!cx->runtime->ionActivation->entryfp());
+        JS_ASSERT(!activation.entryfp());
    }

-    cx->runtime->ionActivation->setPrevPc(cx->regs().pc);
+    activation.setPrevPc(cx->regs().pc);

    EnterIonCode enter = cx->compartment->ionCompartment()->enterJITInfallible();
    void *calleeToken = CalleeToToken(fun);

    Value result = Int32Value(fun->nargs);
+
+    JSAutoResolveFlags rf(cx, RESOLVE_INFER);
    enter(jitcode, args.length() + 1, &args[0] - 1, fp, calleeToken, &result);

    if (clearCallingIntoIon)
        fp->clearCallingIntoIon();

-    cx->runtime->ionActivation->setEntryFp(NULL);
-    cx->runtime->ionActivation->setPrevPc(NULL);
-
    JS_ASSERT(fp == cx->fp());
    JS_ASSERT(!cx->runtime->hasIonReturnOverride());

--- a/js/src/jit-test/tests/ion/bug798823.js
+++ b/js/src/jit-test/tests/ion/bug798823.js
@ -0,0 +1,37 @@
+function g() {
+  switch (0) {
+  default:
+    w = newGlobal('');
+  }
+  return function(f, code) {
+    try {
+      evalcx(code, w)
+    } catch (e) {}
+  }
+}
+
+function f(code) {
+  h(Function(code), code);
+}
+h = g()
+f("\
+    x = [];\
+    y = new Set;\
+    z = [];\
+    Object.defineProperty(x, 5, {\
+        get: (function(j) {}),\
+    });\
+    Object.defineProperty(z, 3, {});\
+    z[9] = 1;\
+    x.shift();\
+");
+f("\
+    z.every(function() {\
+        x.filter(function(j) {\
+            if (j) {} else {\
+                y.add()\
+            }\
+        });\
+        return 2\
+    })\
+");
--- a/js/src/jsinterpinlines.h
+++ b/js/src/jsinterpinlines.h
@ -995,7 +995,6 @@ class FastInvokeGuard
    RootedScript script_;
 #ifdef JS_ION
    ion::IonContext ictx_;
-    ion::IonActivation activation_;
    bool useIon_;
 #endif

@ -1005,7 +1004,6 @@ class FastInvokeGuard
        script_(cx)
 #ifdef JS_ION
        , ictx_(cx, cx->compartment, NULL),
-        activation_(cx, NULL),
        useIon_(ion::IsEnabled(cx))
 #endif
    {
@ -1027,8 +1025,6 @@ class FastInvokeGuard
    }

    bool invoke(JSContext *cx) {
-        /* Disabled for now to fix bug 797131 fallout. */
-#if 0
 #ifdef JS_ION
        if (useIon_ && fun_) {
            JS_ASSERT(fun_->script() == script_);
@ -1053,7 +1049,6 @@ class FastInvokeGuard
                script_->incUseCount(5);
            }
        }
-#endif
 #endif

        return Invoke(cx, args_);