Closed Bug 818528 Opened 12 years ago Closed 12 years ago

BaselineCompiler: Fix Call IC's non-optimizing-recursion bug.

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
17 Branch
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: djvj, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Fix.
3.43 KB, patch
jandem
: review+
Details | Diff | Splinter Review
Baseline's call IC's fallback stub performs the call manually before adding a stub for it. For recursive call stacks, this gets into a situation where none of the recursive activations are able to use optimized stack because the optimized call stub is not added until after the first recursive call is complete. This leads to high stack usage and a "InternalError: too much recursion" error. Showing up in jit-tests/test/basic/testBug673068.js
Attached patch Fix.Splinter Review
Attachment #688847 - Flags: review?(jdemooij)
Depends on: BaselineGreen
Blocks: BaselineGreen
No longer depends on: BaselineGreen
Comment on attachment 688847 [details] [diff] [review] Fix. Review of attachment 688847 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/ion/BaselineIC.cpp @@ -1111,5 @@ > - > - types::TypeScript::Monitor(cx, res); > - > - // Attach new stub. > - if (stub->numOptimizedStubs() >= ICCall_Fallback::MAX_OPTIMIZED_STUBS) { Nit: we should keep this "if" so that we don't forget to fix it.
Attachment #688847 - Flags: review?(jdemooij) → review+
Nits fixed, committed: https://hg.mozilla.org/projects/ionmonkey/rev/377ca8a512c3
Summary: BaselineCompiler: Fix Call IC's infinite-recursion bug. → BaselineCompiler: Fix Call IC's non-optimizing-recursion bug.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: