From c061c7fea46199f8163b07340081c5b2a9a4073e Mon Sep 17 00:00:00 2001 From: "brendan%mozilla.org" Date: Thu, 7 Sep 2006 04:47:23 +0000 Subject: [PATCH] Fix stack budget for postfix ++ and -- applied to property refs (350238, r=mrbkap). --- js/src/jsemit.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/js/src/jsemit.c b/js/src/jsemit.c index c793bc1a882d..eea0b2f850f9 100644 --- a/js/src/jsemit.c +++ b/js/src/jsemit.c @@ -5336,6 +5336,20 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) pn2 = pn->pn_kid; JS_ASSERT(pn2->pn_type != TOK_RP); op = pn->pn_op; + + /* + * Allocate another stack slot for GC protection in case the initial + * value being post-incremented or -decremented is not a number, but + * converts to a jsdouble. In the TOK_NAME cases, op has 0 operand + * uses and 1 definition, so we don't need an extra stack slot -- we + * can use the one allocated for the def. + */ + if (pn2->pn_type != TOK_NAME && + (js_CodeSpec[op].format & JOF_POST) && + (uintN)++cg->stackDepth > cg->maxStackDepth) { + cg->maxStackDepth = cg->stackDepth; + } + switch (pn2->pn_type) { case TOK_NAME: pn2->pn_op = op; @@ -5391,18 +5405,8 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) JS_ASSERT(0); } - /* - * Allocate another stack slot for GC protection in case the initial - * value being post-incremented or -decremented is not a number, but - * converts to a jsdouble. In the TOK_NAME cases, op has 0 operand - * uses and 1 definition, so we don't need an extra stack slot -- we - * can use the one allocated for the def. - */ - if (pn2->pn_type != TOK_NAME && - (js_CodeSpec[op].format & JOF_POST) && - (uintN)cg->stackDepth == cg->maxStackDepth) { - ++cg->maxStackDepth; - } + if (pn2->pn_type != TOK_NAME && (js_CodeSpec[op].format & JOF_POST)) + --cg->stackDepth; break; case TOK_DELETE: