mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 831822 - Fix various rooting hazards and unnecessary roots found by static analysis, r=terrence.

This commit is contained in:
Brian Hackett 2013-01-18 06:48:13 -07:00
Родитель 54682603d2
Коммит 713893c541
25 изменённых файлов: 72 добавлений и 74 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
js/src/ion/Bailouts.cpp
Просмотреть файл

@ -208,7 +208,7 @@ PushInlinedFrame(JSContext *cx, StackFrame *callerFrame)
if (JSOp(*regs.pc) == JSOP_NEW)
flags = INITIAL_CONSTRUCT;
if (!cx->stack.pushInlineFrame(cx, regs, inlineArgs, *fun, script, flags, DONT_REPORT_ERROR))
if (!cx->stack.pushInlineFrame(cx, regs, inlineArgs, fun, script, flags, DONT_REPORT_ERROR))
return NULL;
StackFrame *fp = cx->stack.fp();

4
js/src/ion/IonFrames.cpp
Просмотреть файл

@ -667,7 +667,7 @@ ion::AutoTempAllocatorRooter::trace(JSTracer *trc)
}
void
ion::GetPcScript(JSContext *cx, MutableHandleScript scriptRes, jsbytecode **pcRes)
ion::GetPcScript(JSContext *cx, JSScript **scriptRes, jsbytecode **pcRes)
{
JS_ASSERT(cx->fp()->beginsIonActivation());
IonSpew(IonSpew_Snapshots, "Recover PC & Script from the last frame.");
@ -696,7 +696,7 @@ ion::GetPcScript(JSContext *cx, MutableHandleScript scriptRes, jsbytecode **pcRe
InlineFrameIterator ifi(cx, &it);
// Set the result.
scriptRes.set(ifi.script());
*scriptRes = ifi.script();
if (pcRes)
*pcRes = ifi.pc();

2
js/src/ion/IonFrames.h
Просмотреть файл

@ -277,7 +277,7 @@ GetTopIonJSScript(JSContext *cx,
void **returnAddrOut = NULL);
void
GetPcScript(JSContext *cx, MutableHandleScript scriptRes, jsbytecode **pcRes);
GetPcScript(JSContext *cx, JSScript **scriptRes, jsbytecode **pcRes);
// Given a slot index, returns the offset, in bytes, of that slot from an
// IonJSFrameLayout. Slot distances are uniform across architectures, however,

4
js/src/ion/PcScriptCache-inl.h
Просмотреть файл

@ -16,7 +16,7 @@ namespace ion {
// Get a value from the cache. May perform lazy allocation.
bool
PcScriptCache::get(JSRuntime *rt, uint32_t hash, uint8_t *addr,
MutableHandleScript scriptRes, jsbytecode **pcRes)
JSScript **scriptRes, jsbytecode **pcRes)
{
// If a GC occurred, lazily clear the cache now.
if (gcNumber != rt->gcNumber) {
@ -27,7 +27,7 @@ PcScriptCache::get(JSRuntime *rt, uint32_t hash, uint8_t *addr,
if (entries[hash].returnAddress != addr)
return false;
scriptRes.set(entries[hash].script);
*scriptRes = entries[hash].script;
if (pcRes)
*pcRes = entries[hash].pc;

2
js/src/ion/PcScriptCache.h
Просмотреть файл

@ -44,7 +44,7 @@ struct PcScriptCache
// Get a value from the cache. May perform lazy allocation.
// Defined in PcScriptCache-inl.h.
bool get(JSRuntime *rt, uint32_t hash, uint8_t *addr,
MutableHandleScript scriptRes, jsbytecode **pcRes);
JSScript **scriptRes, jsbytecode **pcRes);
void add(uint32_t hash, uint8_t *addr, jsbytecode *pc, UnrootedScript script) {
entries[hash].returnAddress = addr;

2
js/src/ion/VMFunctions.cpp
Просмотреть файл

@ -62,7 +62,7 @@ InvokeFunction(JSContext *cx, HandleFunction fun0, uint32_t argc, Value *argv, V
if (fun->isCloneAtCallsite()) {
RootedScript script(cx);
jsbytecode *pc;
types::TypeScript::GetPcScript(cx, &script, &pc);
types::TypeScript::GetPcScript(cx, script.address(), &pc);
fun = CloneFunctionAtCallsite(cx, fun0, script, pc);
if (!fun)
return false;

28
js/src/jsapi.cpp
Просмотреть файл

@ -586,9 +586,8 @@ JS_ValueToUint16(JSContext *cx, jsval valueArg, uint16_t *ip)
}
JS_PUBLIC_API(JSBool)
JS_ValueToBoolean(JSContext *cx, jsval valueArg, JSBool *bp)
JS_ValueToBoolean(JSContext *cx, jsval value, JSBool *bp)
{
RootedValue value(cx, valueArg);
AssertHeapIsIdle(cx);
CHECK_REQUEST(cx);
assertSameCompartment(cx, value);
@ -615,10 +614,8 @@ JS_GetTypeName(JSContext *cx, JSType type)
}
JS_PUBLIC_API(JSBool)
JS_StrictlyEqual(JSContext *cx, jsval value1Arg, jsval value2Arg, JSBool *equal)
JS_StrictlyEqual(JSContext *cx, jsval value1, jsval value2, JSBool *equal)
{
RootedValue value1(cx, value1Arg);
RootedValue value2(cx, value2Arg);
AssertHeapIsIdle(cx);
CHECK_REQUEST(cx);
assertSameCompartment(cx, value1, value2);
@ -645,10 +642,8 @@ JS_LooselyEqual(JSContext *cx, jsval value1Arg, jsval value2Arg, JSBool *equal)
}
JS_PUBLIC_API(JSBool)
JS_SameValue(JSContext *cx, jsval value1Arg, jsval value2Arg, JSBool *same)
JS_SameValue(JSContext *cx, jsval value1, jsval value2, JSBool *same)
{
RootedValue value1(cx, value1Arg);
RootedValue value2(cx, value2Arg);
AssertHeapIsIdle(cx);
CHECK_REQUEST(cx);
assertSameCompartment(cx, value1, value2);
@ -1589,8 +1584,8 @@ JS_TransplantObject(JSContext *cx, JSObject *origobjArg, JSObject *targetArg)
AutoMaybeTouchDeadCompartments agc(cx);
JSCompartment *destination = target->compartment();
Value origv = ObjectValue(*origobj);
JSObject *newIdentity;
RootedValue origv(cx, ObjectValue(*origobj));
RootedObject newIdentity(cx);
if (origobj->compartment() == destination) {
// If the original object is in the same compartment as the
@ -1667,7 +1662,7 @@ js_TransplantObjectWithWrapper(JSContext *cx,
JS_ASSERT(!IsCrossCompartmentWrapper(targetobj));
JS_ASSERT(!IsCrossCompartmentWrapper(targetwrapper));
JSObject *newWrapper;
RootedObject newWrapper(cx);
JSCompartment *destination = targetobj->compartment();
// |origv| is the map entry we're looking up. The map entries are going to
@ -1917,7 +1912,6 @@ JS_PUBLIC_API(JSBool)
JS_ResolveStandardClass(JSContext *cx, JSObject *objArg, jsid id, JSBool *resolved)
{
RootedObject obj(cx, objArg);
JSString *idstr;
JSRuntime *rt;
JSAtom *atom;
JSStdName *stdnm;
@ -1932,7 +1926,7 @@ JS_ResolveStandardClass(JSContext *cx, JSObject *objArg, jsid id, JSBool *resolv
if (!rt->hasContexts() || !JSID_IS_ATOM(id))
return true;
idstr = JSID_TO_STRING(id);
RootedString idstr(cx, JSID_TO_STRING(id));
/* Check whether we're resolving 'undefined', and define it if so. */
atom = rt->atomState.undefined;
@ -4319,9 +4313,10 @@ JS_GetProperty(JSContext *cx, JSObject *objArg, const char *name, jsval *vp)
}
JS_PUBLIC_API(JSBool)
JS_GetPropertyDefault(JSContext *cx, JSObject *objArg, const char *name, jsval def, jsval *vp)
JS_GetPropertyDefault(JSContext *cx, JSObject *objArg, const char *name, jsval defArg, jsval *vp)
{
RootedObject obj(cx, objArg);
RootedValue def(cx, defArg);
JSAtom *atom = Atomize(cx, name, strlen(name));
return atom && JS_GetPropertyByIdDefault(cx, obj, AtomToId(atom), def, vp);
}
@ -4357,8 +4352,9 @@ JS_GetMethodById(JSContext *cx, JSObject *objArg, jsid idArg, JSObject **objp, j
JS_PUBLIC_API(JSBool)
JS_GetMethod(JSContext *cx, JSObject *objArg, const char *name, JSObject **objp, jsval *vp)
{
RootedObject obj(cx, objArg);
JSAtom *atom = Atomize(cx, name, strlen(name));
return atom && JS_GetMethodById(cx, objArg, AtomToId(atom), objp, vp);
return atom && JS_GetMethodById(cx, obj, AtomToId(atom), objp, vp);
}
JS_PUBLIC_API(JSBool)
@ -6367,7 +6363,7 @@ JS_WriteStructuredClone(JSContext *cx, jsval valueArg, uint64_t **bufp, size_t *
optionalCallbacks ?
optionalCallbacks :
cx->runtime->structuredCloneCallbacks;
return WriteStructuredClone(cx, valueArg, (uint64_t **) bufp, nbytesp,
return WriteStructuredClone(cx, value, (uint64_t **) bufp, nbytesp,
callbacks, closure, transferable);
}

14
js/src/jsarray.cpp
Просмотреть файл

@ -950,14 +950,14 @@ InitArrayElements(JSContext *cx, HandleObject obj, uint32_t start, uint32_t coun
JS_ASSERT(start == MAX_ARRAY_INDEX + 1);
RootedValue value(cx);
RootedId id(cx);
Value idval = DoubleValue(MAX_ARRAY_INDEX + 1);
double index = MAX_ARRAY_INDEX + 1;
do {
value = *vector++;
if (!ValueToId(cx, idval, &id) ||
if (!ValueToId(cx, DoubleValue(index), &id) ||
!JSObject::setGeneric(cx, obj, obj, id, &value, true)) {
return false;
}
idval.getDoubleRef() += 1;
index += 1;
} while (vector != end);
return true;
@ -1007,10 +1007,12 @@ array_reverse(JSContext *cx, unsigned argc, Value *vp)
/* Fill out the array's initialized length to its proper length. */
obj->ensureDenseInitializedLength(cx, len, 0);
RootedValue origlo(cx), orighi(cx);
uint32_t lo = 0, hi = len - 1;
for (; lo < hi; lo++, hi--) {
Value origlo = obj->getDenseElement(lo);
Value orighi = obj->getDenseElement(hi);
origlo = obj->getDenseElement(lo);
orighi = obj->getDenseElement(hi);
obj->setDenseElement(lo, orighi);
if (orighi.isMagic(JS_ELEMENTS_HOLE) &&
!js_SuppressDeletedProperty(cx, obj, INT_TO_JSID(lo))) {
@ -1750,7 +1752,7 @@ TryReuseArrayType(JSObject *obj, JSObject *nobj)
* modifications.
*/
static inline bool
CanOptimizeForDenseStorage(JSObject *arr, uint32_t startingIndex, uint32_t count, JSContext *cx)
CanOptimizeForDenseStorage(HandleObject arr, uint32_t startingIndex, uint32_t count, JSContext *cx)
{
/* If the desired properties overflow dense storage, we can't optimize. */
if (UINT32_MAX - startingIndex < count)

4
js/src/jsbool.cpp
Просмотреть файл

@ -204,13 +204,13 @@ js::ToBooleanSlow(const Value &v)
}
bool
js::BooleanGetPrimitiveValueSlow(JSContext *cx, JSObject &obj, Value *vp)
js::BooleanGetPrimitiveValueSlow(JSContext *cx, HandleObject obj, Value *vp)
{
InvokeArgsGuard ag;
if (!cx->stack.pushInvokeArgs(cx, 0, &ag))
return false;
ag.setCallee(cx->compartment->maybeGlobal()->booleanValueOf());
ag.setThis(ObjectValue(obj));
ag.setThis(ObjectValue(*obj));
if (!Invoke(cx, ag))
return false;
*vp = ag.rval();

2
js/src/jsbool.h
Просмотреть файл

@ -22,7 +22,7 @@ js_BooleanToString(JSContext *cx, JSBool b);
namespace js {
inline bool
BooleanGetPrimitiveValue(JSContext *cx, JSObject &obj, Value *vp);
BooleanGetPrimitiveValue(JSContext *cx, HandleObject obj, Value *vp);
} /* namespace js */

8
js/src/jsboolinlines.h
Просмотреть файл

@ -18,13 +18,13 @@
namespace js {
bool BooleanGetPrimitiveValueSlow(JSContext *, JSObject &, Value *);
bool BooleanGetPrimitiveValueSlow(JSContext *, HandleObject, Value *);
inline bool
BooleanGetPrimitiveValue(JSContext *cx, JSObject &obj, Value *vp)
BooleanGetPrimitiveValue(JSContext *cx, HandleObject obj, Value *vp)
{
if (obj.isBoolean()) {
*vp = BooleanValue(obj.asBoolean().unbox());
if (obj->isBoolean()) {
*vp = BooleanValue(obj->asBoolean().unbox());
return true;
}

9
js/src/jsclone.cpp
Просмотреть файл

@ -121,7 +121,7 @@ SwapBytes(uint64_t u)
}
bool
js::WriteStructuredClone(JSContext *cx, const Value &v, uint64_t **bufp, size_t *nbytesp,
js::WriteStructuredClone(JSContext *cx, HandleValue v, uint64_t **bufp, size_t *nbytesp,
const JSStructuredCloneCallbacks *cb, void *cbClosure,
jsval transferable)
{
@ -466,7 +466,7 @@ JSStructuredCloneWriter::parseTransferable()
return false;
}
JSObject* array = &transferable.toObject();
RootedObject array(context(), &transferable.toObject());
if (!JS_IsArrayObject(context(), array)) {
reportErrorTransferable();
return false;
@ -477,9 +477,10 @@ JSStructuredCloneWriter::parseTransferable()
return false;
}
RootedValue v(context());
for (uint32_t i = 0; i < length; ++i) {
Value v;
if (!JS_GetElement(context(), array, i, &v)) {
if (!JS_GetElement(context(), array, i, v.address())) {
return false;
}

2
js/src/jsclone.h
Просмотреть файл

@ -15,7 +15,7 @@
namespace js {
bool
WriteStructuredClone(JSContext *cx, const Value &v, uint64_t **bufp, size_t *nbytesp,
WriteStructuredClone(JSContext *cx, HandleValue v, uint64_t **bufp, size_t *nbytesp,
const JSStructuredCloneCallbacks *cb, void *cbClosure,
jsval transferable);

4
js/src/jscntxt.cpp
Просмотреть файл

@ -642,8 +642,8 @@ js::ReportUsageError(JSContext *cx, HandleObject callee, const char *msg)
JS_ASSERT(!shape->writable());
JS_ASSERT(shape->hasDefaultGetter());
jsval usage;
if (!JS_LookupProperty(cx, callee, "usage", &usage))
RootedValue usage(cx);
if (!JS_LookupProperty(cx, callee, "usage", usage.address()))
return;
if (JSVAL_IS_VOID(usage)) {

6
js/src/jsfuninlines.h
Просмотреть файл

@ -157,10 +157,10 @@ ClassMethodIsNative(JSContext *cx, HandleObject obj, Class *clasp, HandleId meth
JS_ASSERT(!obj->isProxy());
JS_ASSERT(obj->getClass() == clasp);
Value v;
if (!HasDataProperty(cx, obj, methodid, &v)) {
RootedValue v(cx);
if (!HasDataProperty(cx, obj, methodid, v.address())) {
RootedObject proto(cx, obj->getProto());
if (!proto || proto->getClass() != clasp || !HasDataProperty(cx, proto, methodid, &v))
if (!proto || proto->getClass() != clasp || !HasDataProperty(cx, proto, methodid, v.address()))
return false;
}

4
js/src/jsinfer.cpp
Просмотреть файл

@ -2418,14 +2418,14 @@ TypeCompartment::addAllocationSiteTypeObject(JSContext *cx, AllocationSiteKey ke
}
static inline jsid
GetAtomId(JSContext *cx, HandleScript script, const jsbytecode *pc, unsigned offset)
GetAtomId(JSContext *cx, UnrootedScript script, const jsbytecode *pc, unsigned offset)
{
PropertyName *name = script->getName(GET_UINT32_INDEX(pc + offset));
return MakeTypeId(cx, NameToId(name));
}
bool
types::UseNewType(JSContext *cx, HandleScript script, jsbytecode *pc)
types::UseNewType(JSContext *cx, UnrootedScript script, jsbytecode *pc)
{
JS_ASSERT(cx->typeInferenceEnabled());

4
js/src/jsinfer.h
Просмотреть файл

@ -1087,7 +1087,7 @@ typedef HashSet<ReadBarriered<TypeObject>, TypeObjectEntry, SystemAllocPolicy> T
/* Whether to use a new type object when calling 'new' at script/pc. */
bool
UseNewType(JSContext *cx, HandleScript script, jsbytecode *pc);
UseNewType(JSContext *cx, UnrootedScript script, jsbytecode *pc);
/* Whether to use a new type object for an initializer opcode at script/pc. */
bool
@ -1180,7 +1180,7 @@ class TypeScript
static inline void MonitorString(JSContext *cx, HandleScript script, jsbytecode *pc);
static inline void MonitorUnknown(JSContext *cx, HandleScript script, jsbytecode *pc);
static inline void GetPcScript(JSContext *cx, MutableHandleScript script, jsbytecode **pc);
static inline void GetPcScript(JSContext *cx, JSScript **script, jsbytecode **pc);
static inline void MonitorOverflow(JSContext *cx);
static inline void MonitorString(JSContext *cx);
static inline void MonitorUnknown(JSContext *cx);

15
js/src/jsinferinlines.h
Просмотреть файл

@ -678,11 +678,10 @@ extern void TypeDynamicResult(JSContext *cx, HandleScript script, jsbytecode *pc
inline bool
UseNewTypeAtEntry(JSContext *cx, StackFrame *fp)
{
if (!fp->isConstructing() || !cx->typeInferenceEnabled() || !fp->prev())
return false;
RootedScript prevScript(cx, fp->prev()->script());
JSScript *prevScript = fp->prev()->script();
return UseNewType(cx, prevScript, fp->prevpc());
}
@ -917,7 +916,7 @@ TypeScript::MonitorUnknown(JSContext *cx, HandleScript script, jsbytecode *pc)
}
/* static */ inline void
TypeScript::GetPcScript(JSContext *cx, MutableHandleScript script, jsbytecode **pc)
TypeScript::GetPcScript(JSContext *cx, JSScript **script, jsbytecode **pc)
{
AutoAssertNoGC nogc;
#ifdef JS_ION
@ -926,7 +925,7 @@ TypeScript::GetPcScript(JSContext *cx, MutableHandleScript script, jsbytecode **
return;
}
#endif
script.set(cx->fp()->script());
*script = cx->fp()->script();
*pc = cx->regs().pc;
}
@ -935,7 +934,7 @@ TypeScript::MonitorOverflow(JSContext *cx)
{
RootedScript script(cx);
jsbytecode *pc;
GetPcScript(cx, &script, &pc);
GetPcScript(cx, script.address(), &pc);
MonitorOverflow(cx, script, pc);
}
@ -944,7 +943,7 @@ TypeScript::MonitorString(JSContext *cx)
{
RootedScript script(cx);
jsbytecode *pc;
GetPcScript(cx, &script, &pc);
GetPcScript(cx, script.address(), &pc);
MonitorString(cx, script, pc);
}
@ -953,7 +952,7 @@ TypeScript::MonitorUnknown(JSContext *cx)
{
RootedScript script(cx);
jsbytecode *pc;
GetPcScript(cx, &script, &pc);
GetPcScript(cx, script.address(), &pc);
MonitorUnknown(cx, script, pc);
}
@ -962,7 +961,7 @@ TypeScript::Monitor(JSContext *cx, const js::Value &rval)
{
RootedScript script(cx);
jsbytecode *pc;
GetPcScript(cx, &script, &pc);
GetPcScript(cx, script.address(), &pc);
Monitor(cx, script, pc, rval);
}

2
js/src/jsinterp.cpp
Просмотреть файл

@ -2398,7 +2398,7 @@ BEGIN_CASE(JSOP_FUNCALL)
InitialFrameFlags initial = construct ? INITIAL_CONSTRUCT : INITIAL_NONE;
bool newType = cx->typeInferenceEnabled() && UseNewType(cx, script, regs.pc);
RootedScript funScript(cx, fun->nonLazyScript());
if (!cx->stack.pushInlineFrame(cx, regs, args, *fun, funScript, initial))
if (!cx->stack.pushInlineFrame(cx, regs, args, fun, funScript, initial))
goto error;
SET_SCRIPT(regs.fp()->script());

6
js/src/jsinterpinlines.h
Просмотреть файл

@ -733,7 +733,7 @@ GetObjectElementOperation(JSContext *cx, JSOp op, HandleObject obj, const Value
uint32_t index;
if (IsDefinitelyIndex(rref, &index)) {
if (analyze && !obj->isNative()) {
RootedScript script(cx, NULL);
JSScript *script = NULL;
jsbytecode *pc = NULL;
types::TypeScript::GetPcScript(cx, &script, &pc);
@ -745,7 +745,7 @@ GetObjectElementOperation(JSContext *cx, JSOp op, HandleObject obj, const Value
return false;
} else {
if (analyze) {
RootedScript script(cx, NULL);
JSScript *script = NULL;
jsbytecode *pc = NULL;
types::TypeScript::GetPcScript(cx, &script, &pc);
@ -843,7 +843,7 @@ SetObjectElementOperation(JSContext *cx, Handle<JSObject*> obj, HandleId id, con
uint32_t length = obj->getDenseInitializedLength();
int32_t i = JSID_TO_INT(id);
if ((uint32_t)i >= length && !cx->fp()->beginsIonActivation()) {
RootedScript script(cx);
JSScript *script = NULL;
jsbytecode *pc;
types::TypeScript::GetPcScript(cx, &script, &pc);

3
js/src/json.cpp
Просмотреть файл

@ -340,7 +340,8 @@ PreprocessValue(JSContext *cx, HandleObject holder, KeyType key, MutableHandleVa
return false;
vp.set(StringValue(str));
} else if (ObjectClassIs(obj, ESClass_Boolean, cx)) {
if (!BooleanGetPrimitiveValue(cx, obj, vp.address()))
RootedObject nobj(cx, &obj);
if (!BooleanGetPrimitiveValue(cx, nobj, vp.address()))
return false;
JS_ASSERT(vp.get().isBoolean());
}

2
js/src/methodjit/InvokeHelpers.cpp
Просмотреть файл

@ -358,7 +358,7 @@ UncachedInlineCall(VMFrame &f, InitialFrameFlags initial,
FrameRegs regs = f.regs;
/* Get pointer to new frame/slots, prepare arguments. */
if (!cx->stack.pushInlineFrame(cx, regs, args, *newfun, newscript, initial, &f.stackLimit))
if (!cx->stack.pushInlineFrame(cx, regs, args, newfun, newscript, initial, &f.stackLimit))
return false;
/* Finish the handoff to the new frame regs. */

1
js/src/vm/RegExpObject-inl.h
Просмотреть файл

@ -124,7 +124,6 @@ RegExpShared::isJITRuntimeEnabled(JSContext *cx)
inline bool
RegExpToShared(JSContext *cx, JSObject &obj, RegExpGuard *g)
{
JS_ASSERT(ObjectClassIs(obj, ESClass_RegExp, cx));
if (obj.isRegExp())
return obj.asRegExp().getShared(cx, g);
return Proxy::regexp_toShared(cx, &obj, g);

12
js/src/vm/Stack-inl.h
Просмотреть файл

@ -457,7 +457,7 @@ ContextStack::getCallFrame(JSContext *cx, MaybeReportError report, const CallArg
JS_ALWAYS_INLINE bool
ContextStack::pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &args,
JSFunction &callee, HandleScript script,
HandleFunction callee, HandleScript script,
InitialFrameFlags initial, MaybeReportError report)
{
mozilla::Maybe<AutoAssertNoGC> maybeNoGC;
@ -469,15 +469,15 @@ ContextStack::pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &ar
JS_ASSERT(onTop());
JS_ASSERT(regs.sp == args.end());
/* Cannot assert callee == args.callee() since this is called from LeaveTree. */
JS_ASSERT(callee.nonLazyScript() == script);
JS_ASSERT(callee->nonLazyScript() == script);
StackFrame::Flags flags = ToFrameFlags(initial);
StackFrame *fp = getCallFrame(cx, report, args, &callee, script, &flags);
StackFrame *fp = getCallFrame(cx, report, args, callee, script, &flags);
if (!fp)
return false;
/* Initialize frame, locals, regs. */
fp->initCallFrame(cx, callee, script, args.length(), flags);
fp->initCallFrame(cx, *callee, script, args.length(), flags);
/*
* N.B. regs may differ from the active registers, if the parent is about
@ -489,7 +489,7 @@ ContextStack::pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &ar
JS_ALWAYS_INLINE bool
ContextStack::pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &args,
JSFunction &callee, HandleScript script,
HandleFunction callee, HandleScript script,
InitialFrameFlags initial, Value **stackLimit)
{
AssertCanGC();
@ -561,7 +561,7 @@ ContextStack::currentScript(jsbytecode **ppc,
#ifdef JS_ION
if (fp->beginsIonActivation()) {
RootedScript script(cx_);
JSScript *script = NULL;
ion::GetPcScript(cx_, &script, ppc);
if (!allowCrossCompartment && script->compartment() != cx_->compartment)
return UnrootedScript(NULL);

4
js/src/vm/Stack.h
Просмотреть файл

@ -1616,11 +1616,11 @@ class ContextStack
* The 'stackLimit' overload updates 'stackLimit' if it changes.
*/
bool pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &args,
JSFunction &callee, HandleScript script,
HandleFunction callee, HandleScript script,
InitialFrameFlags initial,
MaybeReportError report = REPORT_ERROR);
bool pushInlineFrame(JSContext *cx, FrameRegs &regs, const CallArgs &args,
JSFunction &callee, HandleScript script,
HandleFunction callee, HandleScript script,
InitialFrameFlags initial, Value **stackLimit);
void popInlineFrame(FrameRegs &regs);