Closed Bug 723791 Opened 13 years ago Closed 13 years ago

fun_getProperty needs a method barrier

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla13

People

(Reporter: luke, Assigned: luke)

Details

Attachments

(2 files)

add the method guard 13 years ago Luke Wagner [:luke] 1.31 KB, patch	jorendorff : review+	Details \| Diff \| Splinter Review
remove noteArgumentsPropertyAccess 13 years ago Luke Wagner [:luke] 3.57 KB, patch	jorendorff : review+	Details \| Diff \| Splinter Review

Luke Wagner [:luke]

Assignee

Description

•

13 years ago

When fun_getProperty searches the call stack for a matching callee (matching 'f' in f.arguments), it needs to use the method barrier. Otherwise, it may miss the innermost frame. This was the *real* cause of bug 721322. The patch in bug 721322, by noting arguments usage, I think just turned off the method optimization. Most of that patch can actually be removed: read-only access to the arguments object via f.arguments may happen at any time and will faithfully return the correct current argument value.

Luke Wagner [:luke]

Assignee

Comment 1

•

13 years ago

Attached patch add the method guard — Details — Splinter Review

Assignee: general → luke

Status: NEW → ASSIGNED

Attachment #594050 - Flags: review?(jorendorff)

Luke Wagner [:luke]

Assignee

Comment 2

•

13 years ago

Attached patch remove noteArgumentsPropertyAccess — Details — Splinter Review

... because it isn't needed. I verified that the tests added by bug 721322 fail with this patch applied (but not the fix patch) and are fixed when the fix patch is applied.

Attachment #594051 - Flags: review?(jorendorff)

Jason Orendorff [:jorendorff]

Comment 3

•

13 years ago

Comment on attachment 594050 [details] [diff] [review] add the method guard Certainly this seems like a strict improvement...

Attachment #594050 - Flags: review?(jorendorff) → review+

Jason Orendorff [:jorendorff]

Comment 4

•

13 years ago

Comment on attachment 594051 [details] [diff] [review] remove noteArgumentsPropertyAccess ...and OK, this is fine. You could back out more of the patch in bug 721322: it contains some renaming that you haven't reverted. Your call.

Attachment #594051 - Flags: review?(jorendorff) → review+

Luke Wagner [:luke]

Assignee

Comment 5

•

13 years ago

I left the renaming b/c it will be removed with a later patch. (We already do a strictly-more powerful analysis to determine when arguments are used for optimization purposes; with that combined with eager arguments creation, strict arguments should just fall out.)

Luke Wagner [:luke]

Assignee

Comment 6

•

13 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/06c253791ae0 https://hg.mozilla.org/integration/mozilla-inbound/rev/dd2e84f637f2

Target Milestone: --- → mozilla13

Ed Morley [:emorley]

Comment 7

•

13 years ago

https://hg.mozilla.org/mozilla-central/rev/06c253791ae0 https://hg.mozilla.org/mozilla-central/rev/dd2e84f637f2

Status: ASSIGNED → RESOLVED

Closed: 13 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

fun_getProperty needs a method barrier

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: luke, Assigned: luke)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Comment 7

Attachment

General

Description

File Name

Content Type