Closed Bug 836937 Opened 11 years ago Closed 11 years ago

BaselineCompiler: EmitStowICValues and EmitUnstowICValues doesn't update baseline frame size

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: djvj, Unassigned)

References

(Blocks 1 open bug)

Details

EmitStowICValues and EmitUnstowICValues optionally saves R0 and R1 into the baseline frame before entering a type update IC.  However, it does not update the BaselineFrame's frameSize, meaning that these saved values may not be marked if GC occurs while the engine is executing the type-update IC chain.
Just realized that EmitCallTypeUpdateIC enters a stub frame which would update the baseline frame size.

This bug is a non-issue.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.