Incorrect generation guard done in GenerateDOMProxyChecks in the baseline compiler

RESOLVED FIXED in mozilla28

Status

()

RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

(Blocks: 1 bug)

unspecified
mozilla28
x86
Mac OS X
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa-])

Attachments

(1 attachment, 1 obsolete attachment)

masm.branch32(Assembler::NotEqual,
                      Address(tempVal.scratchReg(), offsetof(ExpandoAndGeneration, expando)),
                      scratch, &failDOMProxyCheck);


Note the offsetof call.  Should be "generation", not "expando".
(Assignee)

Updated

5 years ago
Blocks: 922071
(Assignee)

Updated

5 years ago
Component: JavaScript Engine → JavaScript Engine: JIT
(Assignee)

Comment 1

5 years ago
Created attachment 8339445 [details] [diff] [review]
Check the right member for our generation, and replace some hardcoded offsets with offsetof values.
Attachment #8339445 - Flags: review?(efaustbmo)
(Assignee)

Comment 2

5 years ago
Created attachment 8339481 [details] [diff] [review]
Let's have it actually compile
Attachment #8339481 - Flags: review?(efaustbmo)
(Assignee)

Updated

5 years ago
Attachment #8339445 - Attachment is obsolete: true
Attachment #8339445 - Flags: review?(efaustbmo)

Comment 3

5 years ago
Comment on attachment 8339481 [details] [diff] [review]
Let's have it actually compile

Review of attachment 8339481 [details] [diff] [review]:
-----------------------------------------------------------------

There is standing precedent to do this as ExpandoAndGeneration::offsetOf{Expando,Generation} and let them be inlined.

r=me. Thanks for the cleanup.
Attachment #8339481 - Flags: review?(efaustbmo) → review+
(Assignee)

Comment 4

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/04ab309c684a with that change to static methods.
Flags: in-testsuite?
Whiteboard: [need review]
Target Milestone: --- → mozilla28
https://hg.mozilla.org/mozilla-central/rev/04ab309c684a
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Assignee)

Updated

5 years ago
Blocks: 940815

Updated

5 years ago
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.