Last Comment Bug 708156 - SpiderMonkey can use stale script analysis when debug mode is turned on
: SpiderMonkey can use stale script analysis when debug mode is turned on
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: mozilla11
Assigned To: Jim Blandy :jimb
:
:
Mentors:
Depends on:
Blocks: 674171
  Show dependency treegraph
 
Reported: 2011-12-06 18:01 PST by Jim Blandy :jimb
Modified: 2011-12-16 05:55 PST (History)
1 user (show)
jimb: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Ensure that JM compilation doesn't used out-of-date ScriptAnalysis structures. (3.04 KB, patch)
2011-12-06 18:01 PST, Jim Blandy :jimb
bhackett1024: review+
Details | Diff | Splinter Review

Description Jim Blandy :jimb 2011-12-06 18:01:37 PST
Created attachment 579556 [details] [diff] [review]
Ensure that JM compilation doesn't used out-of-date ScriptAnalysis structures.

The contents of a ScriptAnalysis depend on the value of debugMode; for example, see the way usesReturnValue_ gets set in ScriptAnalysis::analyzeByteCode. In some cases, the compiler may try to use a ScriptAnalysis created before debug mode was turned on to generate code when debug mode is on, leading to... Undesirable Consequences [orchestra spike].

Some tests in js/src/jit-test/tests/debug cause the assertions in the attached patch to fail, if you comment out the call to JSScript::clearAnalysis that it adds.
Comment 2 Jim Blandy :jimb 2011-12-15 18:11:49 PST
Try server run:
https://tbpl.mozilla.org/?tree=Try&rev=48fe5b5d6aa3
Comment 3 Ed Morley [:emorley] 2011-12-16 05:55:40 PST
https://hg.mozilla.org/mozilla-central/rev/7a0d03046d42

Note You need to log in before you can comment on or make changes to this bug.