From 0500eeff41e77fd6730d0ce170ed65522e348525 Mon Sep 17 00:00:00 2001
From: Bill McCloskey <wmccloskey@mozilla.com>
Date: Wed, 22 Feb 2012 13:38:34 -0800
Subject: [PATCH] Bug 728086 - Back out f4e8839c28f5 to fix Windows purple
 builds

---
 js/src/jswrapper.cpp |  2 +-
 js/src/vm/Stack.cpp  | 27 ++-------------------------
 js/src/vm/Stack.h    |  6 +++---
 3 files changed, 6 insertions(+), 29 deletions(-)

diff --git a/js/src/jswrapper.cpp b/js/src/jswrapper.cpp
index dd41451eee0..4188f6f51af 100644
--- a/js/src/jswrapper.cpp
+++ b/js/src/jswrapper.cpp
@@ -792,9 +792,9 @@ CrossCompartmentWrapper::nativeCall(JSContext *cx, JSObject *wrapper, Class *cla
     if (!Wrapper::nativeCall(cx, wrapper, clasp, native, dstArgs))
         return false;
 
-    srcArgs.rval() = dstArgs.rval();
     dstArgs.pop();
     call.leave();
+    srcArgs.rval() = dstArgs.rval();
     return call.origin->wrap(cx, &srcArgs.rval());
 }
 
diff --git a/js/src/vm/Stack.cpp b/js/src/vm/Stack.cpp
index 6802cc00d21..cf0f8be1a59 100644
--- a/js/src/vm/Stack.cpp
+++ b/js/src/vm/Stack.cpp
@@ -413,7 +413,6 @@ StackSpace::init()
     trustedEnd_ = base_ + CAPACITY_VALS;
     conservativeEnd_ = defaultEnd_ = trustedEnd_ - BUFFER_VALS;
 #endif
-    Debug_SetValueRangeToCrashOnTouch(base_, trustedEnd_);
     assertInvariants();
     return true;
 }
@@ -737,8 +736,6 @@ ContextStack::pushInvokeArgs(JSContext *cx, uintN argc, InvokeArgsGuard *iag)
     if (!firstUnused)
         return false;
 
-    MakeRangeGCSafe(firstUnused, argc);
-
     ImplicitCast<CallArgs>(*iag) = CallArgsFromVp(argc, firstUnused);
 
     seg_->pushCall(*iag);
@@ -754,19 +751,9 @@ ContextStack::popInvokeArgs(const InvokeArgsGuard &iag)
     JS_ASSERT(onTop());
     JS_ASSERT(space().firstUnused() == seg_->calls().end());
 
-    Value *oldend = seg_->end();
-    Value *oldbeg;
-
     seg_->popCall();
-    if (iag.pushedSeg_) {
-        oldbeg = reinterpret_cast<Value *>(seg_);
+    if (iag.pushedSeg_)
         popSegment();
-    } else {
-        oldbeg = seg_->end();
-    }
-
-    if (seg_)
-        Debug_SetValueRangeToCrashOnTouch(oldbeg, oldend);
 }
 
 bool
@@ -879,19 +866,9 @@ ContextStack::popFrame(const FrameGuard &fg)
     if (fg.regs_.fp()->isNonEvalFunctionFrame())
         fg.regs_.fp()->functionEpilogue();
 
-    Value *oldend = seg_->end();
-    Value *oldbeg;
-
     seg_->popRegs(fg.prevRegs_);
-    if (fg.pushedSeg_) {
-        oldbeg = reinterpret_cast<Value *>(seg_);
+    if (fg.pushedSeg_)
         popSegment();
-    } else {
-        oldbeg = seg_->end();
-    }
-
-    if (seg_)
-        Debug_SetValueRangeToCrashOnTouch(oldbeg, oldend);
 
     /*
      * NB: this code can call out and observe the stack (e.g., through GC), so
diff --git a/js/src/vm/Stack.h b/js/src/vm/Stack.h
index 2e6e30b41f1..274789b9c71 100644
--- a/js/src/vm/Stack.h
+++ b/js/src/vm/Stack.h
@@ -95,10 +95,10 @@ namespace detail {
  *
  * SpiderMonkey uses a per-thread stack to store the activation records,
  * parameters, locals, and expression temporaries for the stack of actively
- * executing scripts, functions and generators. The stack is owned by the
- * StackSpace object stored in the runtime.
+ * executing scripts, functions and generators. The per-thread stack is owned
+ * by the StackSpace object stored in the thread's ThreadData.
  *
- * The stack is subdivided into contiguous segments of memory which
+ * The per-thread stack is subdivided into contiguous segments of memory which
  * have a memory layout invariant that allows fixed offsets to be used for stack
  * access (by jit code) as well as fast call/return. This memory layout is
  * encapsulated by a set of types that describe different regions of memory.