Closed
Bug 943989
Opened 11 years ago
Closed 11 years ago
Incorrect generation guard done in GenerateDOMProxyChecks in the baseline compiler
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
(Blocks 1 open bug)
Details
(Whiteboard: [qa-])
Attachments
(1 file, 1 obsolete file)
|
2.98 KB,
patch
|
efaust
:
review+
|
Details | Diff | Splinter Review |
masm.branch32(Assembler::NotEqual,
Address(tempVal.scratchReg(), offsetof(ExpandoAndGeneration, expando)),
scratch, &failDOMProxyCheck);
Note the offsetof call. Should be "generation", not "expando".
|
Assignee | |
Updated•11 years ago
|
Component: JavaScript Engine → JavaScript Engine: JIT
|
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8339445 -
Flags: review?(efaustbmo)
|
|
Assignee | |
Comment 2•11 years ago
|
||
Attachment #8339481 -
Flags: review?(efaustbmo)
|
|
Assignee | |
Updated•11 years ago
|
Attachment #8339445 -
Attachment is obsolete: true
Attachment #8339445 -
Flags: review?(efaustbmo)
|
||
Comment 3•11 years ago
|
||
Comment on attachment 8339481 [details] [diff] [review]
Let's have it actually compile
Review of attachment 8339481 [details] [diff] [review]:
-----------------------------------------------------------------
There is standing precedent to do this as ExpandoAndGeneration::offsetOf{Expando,Generation} and let them be inlined.
r=me. Thanks for the cleanup.
Attachment #8339481 -
Flags: review?(efaustbmo) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/04ab309c684a with that change to static methods.
Flags: in-testsuite?
Whiteboard: [need review]
Target Milestone: --- → mozilla28
|
||
Comment 5•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•