Closed Bug 708156 Opened 8 years ago Closed 8 years ago

SpiderMonkey can use stale script analysis when debug mode is turned on

Categories

(Core :: JavaScript Engine, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla11

People

(Reporter: jimb, Assigned: jimb)

References

Details

Attachments

(1 file)

The contents of a ScriptAnalysis depend on the value of debugMode; for example, see the way usesReturnValue_ gets set in ScriptAnalysis::analyzeByteCode. In some cases, the compiler may try to use a ScriptAnalysis created before debug mode was turned on to generate code when debug mode is on, leading to... Undesirable Consequences [orchestra spike].

Some tests in js/src/jit-test/tests/debug cause the assertions in the attached patch to fail, if you comment out the call to JSScript::clearAnalysis that it adds.
Attachment #579556 - Flags: review?(bhackett1024)
Blocks: 674171
Assignee: general → jimb
OS: Linux → All
Hardware: x86_64 → All
Target Milestone: --- → mozilla11
Flags: in-testsuite+
Attachment #579556 - Flags: review?(bhackett1024) → review+
https://hg.mozilla.org/mozilla-central/rev/7a0d03046d42
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.