summaryrefslogtreecommitdiffstats
path: root/js/src/jit
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-29 13:39:11 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-29 13:39:11 +0200
commit66aa6b595c47231958a855e4b166f5d55df1184d (patch)
tree6be9ba956bd1651cf23d35eff2ae51058d65d813 /js/src/jit
parent927868e8b93f508fe89ee82f618f4a1761366f70 (diff)
downloadUXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar.gz
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar.lz
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.tar.xz
UXP-66aa6b595c47231958a855e4b166f5d55df1184d.zip
Bug 1411415.
Diffstat (limited to 'js/src/jit')
-rw-r--r--js/src/jit/BaselineFrameInfo.h4
-rw-r--r--js/src/jit/RegisterSets.h8
-rw-r--r--js/src/jit/RematerializedFrame.cpp14
3 files changed, 17 insertions, 9 deletions
diff --git a/js/src/jit/BaselineFrameInfo.h b/js/src/jit/BaselineFrameInfo.h
index 13bf0358d..1691270ac 100644
--- a/js/src/jit/BaselineFrameInfo.h
+++ b/js/src/jit/BaselineFrameInfo.h
@@ -67,7 +67,7 @@ class StackValue
union {
struct {
- Value v;
+ JS::UninitializedValue v;
} constant;
struct {
mozilla::AlignedStorage2<ValueOperand> reg;
@@ -112,7 +112,7 @@ class StackValue
}
Value constant() const {
MOZ_ASSERT(kind_ == Constant);
- return data.constant.v;
+ return data.constant.v.asValueRef();
}
ValueOperand reg() const {
MOZ_ASSERT(kind_ == Register);
diff --git a/js/src/jit/RegisterSets.h b/js/src/jit/RegisterSets.h
index 0a4045dd7..08ae53f16 100644
--- a/js/src/jit/RegisterSets.h
+++ b/js/src/jit/RegisterSets.h
@@ -226,13 +226,13 @@ class ConstantOrRegister
// Space to hold either a Value or a TypedOrValueRegister.
union U {
- Value constant;
+ JS::UninitializedValue constant;
TypedOrValueRegister reg;
} data;
- const Value& dataValue() const {
+ Value dataValue() const {
MOZ_ASSERT(constant());
- return data.constant;
+ return data.constant.asValueRef();
}
void setDataValue(const Value& value) {
MOZ_ASSERT(constant());
@@ -268,7 +268,7 @@ class ConstantOrRegister
return constant_;
}
- const Value& value() const {
+ Value value() const {
return dataValue();
}
diff --git a/js/src/jit/RematerializedFrame.cpp b/js/src/jit/RematerializedFrame.cpp
index cb324220c..32fad1267 100644
--- a/js/src/jit/RematerializedFrame.cpp
+++ b/js/src/jit/RematerializedFrame.cpp
@@ -61,9 +61,17 @@ RematerializedFrame::New(JSContext* cx, uint8_t* top, InlineFrameIterator& iter,
{
unsigned numFormals = iter.isFunctionFrame() ? iter.calleeTemplate()->nargs() : 0;
unsigned argSlots = Max(numFormals, iter.numActualArgs());
- size_t numBytes = sizeof(RematerializedFrame) +
- (argSlots + iter.script()->nfixed()) * sizeof(Value) -
- sizeof(Value); // 1 Value included in sizeof(RematerializedFrame)
+ unsigned extraSlots = argSlots + iter.script()->nfixed();
+
+ // One Value slot is included in sizeof(RematerializedFrame), so we can
+ // reduce the extra slot count by one. However, if there are zero slot
+ // allocations total, then reducing the slots by one will lead to
+ // the memory allocation being smaller than sizeof(RematerializedFrame).
+ if (extraSlots > 0)
+ extraSlots -= 1;
+
+ size_t numBytes = sizeof(RematerializedFrame) + (extraSlots * sizeof(Value));
+ MOZ_ASSERT(numBytes >= sizeof(RematerializedFrame));
void* buf = cx->pod_calloc<uint8_t>(numBytes);
if (!buf)