wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 792001 - Fix race condition with inlined String.fromCharCode. r=pierron

Browse Source 
--HG--
extra : rebase_source : 275c53293443fec806ad8cf775173d9fdff698ab
This commit is contained in:
Jan de Mooij 2012-09-18 16:11:05 +02:00
parent a0c458414b
commit 5f089c5033
3 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
js/src/ion/CodeGenerator.cpp
View File

@ -2046,30 +2046,19 @@ CodeGenerator::visitFromCharCode(LFromCharCode *lir)
Register code = ToRegister(lir->code());
Register output = ToRegister(lir->output());
// This static variable would be used by js_NewString as an initial buffer.
Label fast;
masm.cmpPtr(code, ImmWord(StaticStrings::UNIT_STATIC_LIMIT));
masm.j(Assembler::Below, &fast);
// Store the code in the tmpString. This assume that jitted codes are not
// running concurently.
static jschar tmpString[2] = {0, 0};
Register tmpStringAddr = output;
masm.movePtr(ImmWord(tmpString), tmpStringAddr);
masm.store16(code, Address(tmpStringAddr, 0));
// Copy the tmpString to a newly allocated string.
typedef JSFixedString *(*pf)(JSContext *, const jschar *, size_t);
static const VMFunction newStringCopyNInfo = FunctionInfo<pf>(js_NewStringCopyN);
OutOfLineCode *ool = oolCallVM(newStringCopyNInfo, lir, (ArgList(), tmpStringAddr, Imm32(1)),
StoreRegisterTo(output));
typedef JSFixedString *(*pf)(JSContext *, int32_t);
static const VMFunction Info = FunctionInfo<pf>(ion::StringFromCharCode);
OutOfLineCode *ool = oolCallVM(Info, lir, (ArgList(), code), StoreRegisterTo(output));
if (!ool)
return false;
masm.jump(ool->entry());
masm.bind(&fast);
// OOL path if code >= UNIT_STATIC_LIMIT.
masm.branch32(Assembler::AboveOrEqual, code, Imm32(StaticStrings::UNIT_STATIC_LIMIT),
ool->entry());
masm.movePtr(ImmWord(&gen->compartment->rt->staticStrings.unitStaticTable), output);
masm.loadPtr(BaseIndex(output, code, ScalePointer), output);
masm.bind(ool->rejoin());
return true;
}

13
js/src/ion/VMFunctions.cpp
View File

@ -329,6 +329,19 @@ ArrayShiftDense(JSContext *cx, HandleObject obj, MutableHandleValue rval)
return true;
}
JSFixedString *
StringFromCharCode(JSContext *cx, int32_t code)
{
code = uint16_t(code);
if (StaticStrings::hasUnit(code))
return cx->runtime->staticStrings.getUnit(code);
jschar c = jschar(code);
return js_NewStringCopyN(cx, &c, 1);
}
bool
SetProperty(JSContext *cx, HandleObject obj, HandlePropertyName name, HandleValue value,
bool strict, bool isSetName)

2
js/src/ion/VMFunctions.h
View File

@ -430,6 +430,8 @@ bool ArrayPopDense(JSContext *cx, HandleObject obj, MutableHandleValue rval);
bool ArrayPushDense(JSContext *cx, HandleObject obj, HandleValue v, uint32_t *length);
bool ArrayShiftDense(JSContext *cx, HandleObject obj, MutableHandleValue rval);
JSFixedString *StringFromCharCode(JSContext *cx, int32_t code);
bool SetProperty(JSContext *cx, HandleObject obj, HandlePropertyName name, HandleValue value,
bool strict, bool isSetName);