From 08ddae23d9cfbb232b47b13ec955c3c3d91ef0c4 Mon Sep 17 00:00:00 2001 From: Sean Stangl Date: Thu, 5 Aug 2010 13:23:18 -0700 Subject: [PATCH] [JAEGER] Un-constify BindName's inline jump offset. b=584642, r=dvander. --- js/src/methodjit/Compiler.cpp | 9 +++++++-- js/src/methodjit/PolyIC.cpp | 16 ++++++++++++++-- js/src/methodjit/PolyIC.h | 7 ++++++- js/src/trace-test/tests/pic/bug584642.js | 3 +++ 4 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 js/src/trace-test/tests/pic/bug584642.js diff --git a/js/src/methodjit/Compiler.cpp b/js/src/methodjit/Compiler.cpp index 2035fc88485..070b00174d6 100644 --- a/js/src/methodjit/Compiler.cpp +++ b/js/src/methodjit/Compiler.cpp @@ -2790,11 +2790,12 @@ mjit::Compiler::jsop_bindname(uint32 index) pic.shapeGuard = masm.label(); #if defined JS_NUNBOX32 Jump j = masm.branchPtr(Assembler::NotEqual, masm.payloadOf(parent), ImmPtr(0)); + DBGLABEL(inlineJumpOffset); #elif defined JS_PUNBOX64 masm.loadPayload(parent, Registers::ValueReg); Jump j = masm.branchPtr(Assembler::NotEqual, Registers::ValueReg, ImmPtr(0)); + Label inlineJumpOffset = masm.label(); #endif - DBGLABEL(dbgInlineJumpOffset); { pic.slowPathStart = stubcc.masm.label(); stubcc.linkExit(j, Uses(0)); @@ -2807,7 +2808,11 @@ mjit::Compiler::jsop_bindname(uint32 index) frame.pushTypedPayload(JSVAL_TYPE_OBJECT, pic.objReg); frame.freeReg(pic.shapeReg); - JS_ASSERT(masm.differenceBetween(pic.shapeGuard, dbgInlineJumpOffset) == BINDNAME_INLINE_JUMP_OFFSET); +#if defined JS_NUNBOX32 + JS_ASSERT(masm.differenceBetween(pic.shapeGuard, inlineJumpOffset) == BINDNAME_INLINE_JUMP_OFFSET); +#elif defined JS_PUNBOX64 + pic.labels.bindname.inlineJumpOffset = masm.differenceBetween(pic.shapeGuard, inlineJumpOffset); +#endif stubcc.rejoin(Changes(1)); diff --git a/js/src/methodjit/PolyIC.cpp b/js/src/methodjit/PolyIC.cpp index 34c8e4e5edb..e469b4c6efb 100644 --- a/js/src/methodjit/PolyIC.cpp +++ b/js/src/methodjit/PolyIC.cpp @@ -1665,6 +1665,18 @@ class BindNameCompiler : public PICStubCompiler JSAtom *atom; void *stub; + static int32 inlineJumpOffset(ic::PICInfo &pic) { +#if defined JS_NUNBOX32 + return BINDNAME_INLINE_JUMP_OFFSET; +#elif defined JS_PUNBOX64 + return pic.labels.bindname.inlineJumpOffset; +#endif + } + + inline int32 inlineJumpOffset() { + return inlineJumpOffset(pic); + } + public: BindNameCompiler(VMFrame &f, JSScript *script, JSObject *scopeChain, ic::PICInfo &pic, JSAtom *atom, VoidStubUInt32 stub) @@ -1681,7 +1693,7 @@ class BindNameCompiler : public PICStubCompiler static void reset(ic::PICInfo &pic) { RepatchBuffer repatcher(pic.fastPathStart.executableAddress(), INLINE_PATH_LENGTH); - repatcher.relink(pic.fastPathStart.jumpAtOffset(BINDNAME_INLINE_JUMP_OFFSET), + repatcher.relink(pic.fastPathStart.jumpAtOffset(inlineJumpOffset(pic)), pic.slowPathStart); RepatchBuffer repatcher2(pic.slowPathStart.executableAddress(), INLINE_PATH_LENGTH); @@ -1753,7 +1765,7 @@ class BindNameCompiler : public PICStubCompiler PICRepatchBuffer repatcher(pic, pic.lastPathStart()); if (!pic.stubsGenerated) - repatcher.relink(pic.shapeGuard + BINDNAME_INLINE_JUMP_OFFSET, cs); + repatcher.relink(pic.shapeGuard + inlineJumpOffset(), cs); else repatcher.relink(BINDNAME_STUB_JUMP_OFFSET, cs); diff --git a/js/src/methodjit/PolyIC.h b/js/src/methodjit/PolyIC.h index 986738bdb6a..d07cf1e539f 100644 --- a/js/src/methodjit/PolyIC.h +++ b/js/src/methodjit/PolyIC.h @@ -116,7 +116,6 @@ static const int32 SCOPENAME_JUMP_OFFSET = 5; //asserted static const int32 BINDNAME_INLINE_JUMP_OFFSET = 10; //asserted static const int32 BINDNAME_STUB_JUMP_OFFSET = 5; //asserted #elif defined JS_CPU_X64 -static const int32 BINDNAME_INLINE_JUMP_OFFSET = 36; //asserted static const int32 BINDNAME_STUB_JUMP_OFFSET = 5; //asserted #endif @@ -178,6 +177,12 @@ union PICLabels { // after the jump -- at which point this is always 0. int32 stubShapeJump : 8; } getelem; + + /* BindNameCompiler */ + struct { + /* Offset from shapeGuard to end of shape jump. */ + int32 inlineJumpOffset : 8; + } bindname; }; #endif diff --git a/js/src/trace-test/tests/pic/bug584642.js b/js/src/trace-test/tests/pic/bug584642.js new file mode 100644 index 00000000000..b69f8d499bb --- /dev/null +++ b/js/src/trace-test/tests/pic/bug584642.js @@ -0,0 +1,3 @@ +// |trace-test| error: ReferenceError +Function("x=[(x)=s]")(); +/* Don't assert. */