Closed Bug 517640 Opened 15 years ago Closed 15 years ago

TM: we don't substitute the global object for apply(null, ...)

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- beta1-fixed

People

(Reporter: gal, Assigned: gal)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

minimal fix
821 bytes, patch
mrbkap
: review+
Details | Diff | Splinter Review 
      No description provided.
function f() {
}

for (var i = 0; i < 10; ++i)
    f.apply(null);

This aborts trace right now.

We could run a quick imacro that pops the null and pushes the global object (maybe JSOP_GLOBAL)? If we do it before we unpack the arguments, we could use 1 imacro instead of 8 for the individual argument lengths we support. But then if we fall off trace there is a global object where a null should be. Thats a bit odd. It should be effect-free though when the interpreter resumes.
Flags: blocking1.9.2?
Attached patch minimal fixSplinter Review 
Actually, this minimal fix should be sufficient.
Assignee: general → gal
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
Priority: P2 → P1
This is perf, not correctness.

bz, can you try this?
Makes the abort go away.  Doesn't help my testcase on its own, since we hit other aborts (due to inner trees trying to grow) instead...
Attachment #401651 - Flags: review?(mrbkap)
Comment on attachment 401651 [details] [diff] [review]
minimal fix

Well its a step in the right direction.
Attachment #401651 - Flags: review?(mrbkap) → review+
Could someone land this on TM?
Keywords: checkin-needed
Whiteboard: [fixed in tracemonkey] → fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/8d90c8c461e8
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: