Bug 460865 - Read barrier for cx->fp. r=mrbkap, r=dmandelin.
This commit is contained in:
Jason Orendorff
@@ -1195,8 +1195,8 @@ obj_eval(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
JSBool setCallerVarObj = JS_FALSE;
|
||||
#endif
|
||||
|
||||
fp = cx->fp;
|
||||
caller = JS_GetScriptedCaller(cx, fp);
|
||||
fp = js_GetTopStackFrame(cx);
|
||||
caller = js_GetScriptedCaller(cx, fp);
|
||||
indirectCall = (caller && caller->regs && *caller->regs->pc != JSOP_EVAL);
|
||||
|
||||
/*
|
||||
@@ -1385,7 +1385,7 @@ obj_watch_handler(JSContext *cx, JSObject *obj, jsval id, jsval old, jsval *nvp,
|
||||
callbacks = JS_GetSecurityCallbacks(cx);
|
||||
if (callbacks && callbacks->findObjectPrincipals) {
|
||||
/* Skip over any obj_watch_* frames between us and the real subject. */
|
||||
caller = JS_GetScriptedCaller(cx, cx->fp);
|
||||
caller = js_GetScriptedCaller(cx, NULL);
|
||||
if (caller) {
|
||||
/*
|
||||
* Only call the watch handler if the watcher is allowed to watch
|
||||
@@ -1858,7 +1858,7 @@ js_Object(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
}
|
||||
if (!obj) {
|
||||
JS_ASSERT(!argc || JSVAL_IS_NULL(argv[0]) || JSVAL_IS_VOID(argv[0]));
|
||||
if (cx->fp->flags & JSFRAME_CONSTRUCTING)
|
||||
if (JS_IsConstructing(cx))
|
||||
return JS_TRUE;
|
||||
obj = js_NewObject(cx, &js_ObjectClass, NULL, NULL, 0);
|
||||
if (!obj)
|
||||
@@ -1996,7 +1996,7 @@ JSClass js_WithClass = {
|
||||
0,0,0,0,0,0,0
|
||||
};
|
||||
|
||||
JSObject *
|
||||
JS_REQUIRES_STACK JSObject *
|
||||
js_NewWithObject(JSContext *cx, JSObject *proto, JSObject *parent, jsint depth)
|
||||
{
|
||||
JSObject *obj;
|
||||
@@ -2050,7 +2050,7 @@ js_CloneBlockObject(JSContext *cx, JSObject *proto, JSObject *parent,
|
||||
return clone;
|
||||
}
|
||||
|
||||
JSBool
|
||||
JS_REQUIRES_STACK JSBool
|
||||
js_PutBlockObject(JSContext *cx, JSBool normalUnwind)
|
||||
{
|
||||
JSStackFrame *fp;
|
||||
@@ -2803,13 +2803,23 @@ js_SetClassObject(JSContext *cx, JSObject *obj, JSProtoKey key, JSObject *cobj)
|
||||
JSBool
|
||||
js_FindClassObject(JSContext *cx, JSObject *start, jsid id, jsval *vp)
|
||||
{
|
||||
JSStackFrame *fp;
|
||||
JSObject *obj, *cobj, *pobj;
|
||||
JSProtoKey key;
|
||||
JSProperty *prop;
|
||||
jsval v;
|
||||
JSScopeProperty *sprop;
|
||||
|
||||
if (start || (cx->fp && (start = cx->fp->scopeChain) != NULL)) {
|
||||
/*
|
||||
* Find the global object. Use cx->fp directly to avoid falling off
|
||||
* trace; all JIT-elided stack frames have the same global object as
|
||||
* cx->fp.
|
||||
*/
|
||||
VOUCH_DOES_NOT_REQUIRE_STACK();
|
||||
if (!start && (fp = cx->fp) != NULL)
|
||||
start = fp->scopeChain;
|
||||
|
||||
if (start) {
|
||||
/* Find the topmost object in the scope chain. */
|
||||
do {
|
||||
obj = start;
|
||||
@@ -3281,7 +3291,7 @@ bad:
|
||||
* access is "object-detecting" in the sense used by web scripts, e.g., when
|
||||
* checking whether document.all is defined.
|
||||
*/
|
||||
static JSBool
|
||||
static JS_REQUIRES_STACK JSBool
|
||||
Detecting(JSContext *cx, jsbytecode *pc)
|
||||
{
|
||||
JSScript *script;
|
||||
@@ -3414,16 +3424,18 @@ js_LookupPropertyWithFlags(JSContext *cx, JSObject *obj, jsid id, uintN flags,
|
||||
*propp = NULL;
|
||||
|
||||
if (clasp->flags & JSCLASS_NEW_RESOLVE) {
|
||||
JSStackFrame *fp = js_GetTopStackFrame(cx);
|
||||
|
||||
newresolve = (JSNewResolveOp)resolve;
|
||||
if (flags == JSRESOLVE_INFER && cx->fp && cx->fp->regs) {
|
||||
if (flags == JSRESOLVE_INFER && fp && fp->regs) {
|
||||
flags = 0;
|
||||
pc = cx->fp->regs->pc;
|
||||
pc = fp->regs->pc;
|
||||
cs = &js_CodeSpec[*pc];
|
||||
format = cs->format;
|
||||
if (JOF_MODE(format) != JOF_NAME)
|
||||
flags |= JSRESOLVE_QUALIFIED;
|
||||
if ((format & (JOF_SET | JOF_FOR)) ||
|
||||
(cx->fp->flags & JSFRAME_ASSIGNING)) {
|
||||
(fp->flags & JSFRAME_ASSIGNING)) {
|
||||
flags |= JSRESOLVE_ASSIGNING;
|
||||
} else {
|
||||
pc += cs->length;
|
||||
@@ -3550,7 +3562,8 @@ js_FindPropertyHelper(JSContext *cx, jsid id, JSObject **objp,
|
||||
JSProperty *prop;
|
||||
JSScopeProperty *sprop;
|
||||
|
||||
obj = cx->fp->scopeChain;
|
||||
JS_ASSERT_IF(entryp, !JS_EXECUTING_TRACE(cx));
|
||||
obj = js_GetTopStackFrame(cx)->scopeChain;
|
||||
shape = OBJ_SHAPE(obj);
|
||||
for (scopeIndex = 0; ; scopeIndex++) {
|
||||
if (obj->map->ops->lookupProperty == js_LookupProperty) {
|
||||
@@ -3603,7 +3616,7 @@ js_FindProperty(JSContext *cx, jsid id, JSObject **objp, JSObject **pobjp,
|
||||
return js_FindPropertyHelper(cx, id, objp, pobjp, propp, NULL) >= 0;
|
||||
}
|
||||
|
||||
JSObject *
|
||||
JS_REQUIRES_STACK JSObject *
|
||||
js_FindIdentifierBase(JSContext *cx, jsid id, JSPropCacheEntry *entry)
|
||||
{
|
||||
JSObject *obj, *pobj;
|
||||
@@ -3746,8 +3759,10 @@ js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||
int protoIndex;
|
||||
JSObject *obj2;
|
||||
JSProperty *prop;
|
||||
JSStackFrame *fp;
|
||||
JSScopeProperty *sprop;
|
||||
|
||||
JS_ASSERT_IF(entryp, !JS_ON_TRACE(cx));
|
||||
/* Convert string indices to integers if appropriate. */
|
||||
CHECK_FOR_STRING_INDEX(id);
|
||||
JS_COUNT_OPERATION(cx, JSOW_GET_PROPERTY);
|
||||
@@ -3774,11 +3789,11 @@ js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||
* Give a strict warning if foo.bar is evaluated by a script for an
|
||||
* object foo with no property named 'bar'.
|
||||
*/
|
||||
if (JSVAL_IS_VOID(*vp) && cx->fp && cx->fp->regs) {
|
||||
if (JSVAL_IS_VOID(*vp) && (fp = js_GetTopStackFrame(cx)) && fp->regs) {
|
||||
JSOp op;
|
||||
uintN flags;
|
||||
|
||||
pc = cx->fp->regs->pc;
|
||||
pc = fp->regs->pc;
|
||||
op = (JSOp) *pc;
|
||||
if (op == JSOP_GETXPROP) {
|
||||
flags = JSREPORT_ERROR;
|
||||
@@ -3796,7 +3811,7 @@ js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||
return JS_TRUE;
|
||||
|
||||
/* Kludge to allow (typeof foo == "undefined") tests. */
|
||||
JS_ASSERT(cx->fp->script);
|
||||
JS_ASSERT(fp->script);
|
||||
pc += js_CodeSpec[op].length;
|
||||
if (Detecting(cx, pc))
|
||||
return JS_TRUE;
|
||||
@@ -3823,8 +3838,10 @@ js_GetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||
if (!js_NativeGet(cx, obj, obj2, sprop, vp))
|
||||
return JS_FALSE;
|
||||
|
||||
if (entryp)
|
||||
if (entryp) {
|
||||
JS_ASSERT_NOT_EXECUTING_TRACE(cx);
|
||||
js_FillPropertyCache(cx, obj, shape, 0, protoIndex, obj2, sprop, entryp);
|
||||
}
|
||||
JS_UNLOCK_OBJ(cx, obj2);
|
||||
return JS_TRUE;
|
||||
}
|
||||
@@ -4024,6 +4041,7 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||
return JS_FALSE;
|
||||
|
||||
if (entryp) {
|
||||
JS_ASSERT_NOT_EXECUTING_TRACE(cx);
|
||||
if (!(attrs & JSPROP_SHARED))
|
||||
js_FillPropertyCache(cx, obj, shape, 0, 0, obj, sprop, entryp);
|
||||
else
|
||||
@@ -4638,7 +4656,7 @@ js_Call(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
if (VALUE_IS_FUNCTION(cx, fval)) {
|
||||
if (!GetCurrentExecutionContext(cx, obj, &nargv[2]))
|
||||
return JS_FALSE;
|
||||
args = js_GetArgsObject(cx, cx->fp);
|
||||
args = js_GetArgsObject(cx, js_GetTopStackFrame(cx));
|
||||
if (!args)
|
||||
return JS_FALSE;
|
||||
nargv[0] = OBJECT_TO_JSVAL(obj);
|
||||
@@ -4652,7 +4670,7 @@ js_Call(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
return ok;
|
||||
}
|
||||
#endif
|
||||
js_ReportIsNotFunction(cx, &argv[-2], cx->fp->flags & JSFRAME_ITERATOR);
|
||||
js_ReportIsNotFunction(cx, &argv[-2], js_GetTopStackFrame(cx)->flags & JSFRAME_ITERATOR);
|
||||
return JS_FALSE;
|
||||
}
|
||||
return clasp->call(cx, obj, argc, argv, rval);
|
||||
@@ -4681,7 +4699,7 @@ js_Construct(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
|
||||
if (VALUE_IS_FUNCTION(cx, cval)) {
|
||||
if (!GetCurrentExecutionContext(cx, obj, &nargv[1]))
|
||||
return JS_FALSE;
|
||||
args = js_GetArgsObject(cx, cx->fp);
|
||||
args = js_GetArgsObject(cx, js_GetTopStackFrame(cx));
|
||||
if (!args)
|
||||
return JS_FALSE;
|
||||
nargv[0] = OBJECT_TO_JSVAL(args);
|
||||
|
||||
Reference in New Issue
Block a user