Bug 1115847 - Commit correct version of patch from bug 1100337. (r=me)

2024-09-13 09:24:08 -07:00 · 2014-12-27 21:03:13 -08:00 · 2014-12-27 21:03:13 -08:00 · 71c71ab2e2
commit 71c71ab2e2
parent f7a220a203
4 changed files with 18 additions and 54 deletions
--- a/js/src/jit/BaselineBailouts.cpp
+++ b/js/src/jit/BaselineBailouts.cpp
@ -1039,9 +1039,9 @@ InitFromBailout(JSContext *cx, HandleScript caller, jsbytecode *callerPC,

            if (excInfo && excInfo->propagatingIonExceptionForDebugMode() && resumeAfter) {
                // When propagating an exception for debug mode, set the
-                // return address as the return-from-IC for the throwing op,
-                // so that Debugger hooks report the correct pc offset of the
-                // throwing op instead of its successor.
+                // return address as native code for the throwing op, so that
+                // Debugger hooks report the correct pc offset of the throwing
+                // op instead of its successor.
                //
                // This should not be done if we are at a resume-at point, as
                // might be the case when propagating an exception thrown from
@ -1051,10 +1051,8 @@ InitFromBailout(JSContext *cx, HandleScript caller, jsbytecode *callerPC,
                //
                // Note that we never resume into this address, it is set for
                // the sake of frame iterators giving the correct answer.
-                ICEntry &icEntry = baselineScript->anyKindICEntryFromPCOffset(iter.pcOffset());
-                nativeCodeForPC = baselineScript->returnAddressForIC(icEntry);
-            } else {
-                MOZ_ASSERT(nativeCodeForPC);
+                jsbytecode *throwPC = script->offsetToPC(iter.pcOffset());
+                nativeCodeForPC = baselineScript->nativeCodeForPC(script, throwPC);
            }

            MOZ_ASSERT(nativeCodeForPC);
--- a/js/src/jit/BaselineDebugModeOSR.cpp
+++ b/js/src/jit/BaselineDebugModeOSR.cpp
@ -214,8 +214,9 @@ CollectJitStackScripts(JSContext *cx, const Debugger::ExecutionObservableSet &ob
                    // Otherwise, we are in the middle of handling an
                    // exception. This happens since we could have bailed out
                    // in place from Ion after a throw, settling on the pc
-                    // *after* the bytecode that threw the exception, which
-                    // may have no ICEntry.
+                    // which may have no ICEntry (e.g., Ion is free to insert
+                    // resume points after non-effectful ops for better
+                    // register allocation).
                    MOZ_ASSERT(iter.baselineFrame()->isDebuggerHandlingException());
                    jsbytecode *pc = script->baselineScript()->pcForNativeAddress(script, retAddr);
                    if (!entries.append(DebugModeOSREntry(script, script->pcToOffset(pc))))
@ -400,24 +401,9 @@ PatchBaselineFramesForDebugMode(JSContext *cx, const Debugger::ExecutionObservab
            BaselineScript *bl = script->baselineScript();
            ICEntry::Kind kind = entry.frameKind;

-            if (kind == ICEntry::Kind_Op || kind == ICEntry::Kind_NonOp) {
-                uint8_t *retAddr;
-                if (kind == ICEntry::Kind_Op) {
-                    // Case A above.
-                    retAddr = bl->returnAddressForIC(bl->icEntryFromPCOffset(pcOffset));
-                } else {
-                    // Case H above.
-                    //
-                    // It could happen that the in-place Ion bailout chose the
-                    // return-from-IC address of a NonOp IC for the frame
-                    // iterators to report the correct bytecode pc.
-                    //
-                    // See note under propagatingIonExceptionForDebugMode in
-                    // InitFromBailout.
-                    MOZ_ASSERT(iter.baselineFrame()->isDebuggerHandlingException());
-                    retAddr = bl->returnAddressForIC(bl->anyKindICEntryFromPCOffset(pcOffset));
-                }
-
+            if (kind == ICEntry::Kind_Op) {
+                // Case A above.
+                //
                // Patching these cases needs to patch both the stub frame and
                // the baseline frame. The stub frame is patched below. For
                // the baseline frame here, we resume right after the IC
@ -425,6 +411,7 @@ PatchBaselineFramesForDebugMode(JSContext *cx, const Debugger::ExecutionObservab
                //
                // Since we're using the same IC stub code, we can resume
                // directly to the IC resume address.
+                uint8_t *retAddr = bl->returnAddressForIC(bl->icEntryFromPCOffset(pcOffset));
                SpewPatchBaselineFrame(prev->returnAddress(), retAddr, script, kind, pc);
                DebugModeOSRVolatileJitFrameIterator::forwardLiveIterators(
                    cx, prev->returnAddress(), retAddr);
--- a/js/src/jit/BaselineJIT.cpp
+++ b/js/src/jit/BaselineJIT.cpp
@ -550,14 +550,16 @@ BaselineScript::returnAddressForIC(const ICEntry &ent)
    return method()->raw() + ent.returnOffset().offset();
 }

-static inline
-size_t ComputeBinarySearchMid(BaselineScript *baseline, uint32_t pcOffset)
+ICEntry &
+BaselineScript::icEntryFromPCOffset(uint32_t pcOffset)
 {
+    // Multiple IC entries can have the same PC offset, but this method only looks for
+    // those which have isForOp() set.
    size_t bottom = 0;
-    size_t top = baseline->numICEntries();
+    size_t top = numICEntries();
    size_t mid = bottom + (top - bottom) / 2;
    while (mid < top) {
-        ICEntry &midEntry = baseline->icEntry(mid);
+        ICEntry &midEntry = icEntry(mid);
        if (midEntry.pcOffset() < pcOffset)
            bottom = mid + 1;
        else if (midEntry.pcOffset() > pcOffset)
@ -566,28 +568,6 @@ size_t ComputeBinarySearchMid(BaselineScript *baseline, uint32_t pcOffset)
            break;
        mid = bottom + (top - bottom) / 2;
    }
-    return mid;
-}
-
-ICEntry &
-BaselineScript::anyKindICEntryFromPCOffset(uint32_t pcOffset)
-{
-    size_t mid = ComputeBinarySearchMid(this, pcOffset);
-
-    // Return any IC entry with a matching PC offset.
-    for (size_t i = mid; i < numICEntries() && icEntry(i).pcOffset() == pcOffset; i--)
-        return icEntry(i);
-    for (size_t i = mid+1; i < numICEntries() && icEntry(i).pcOffset() == pcOffset; i++)
-        return icEntry(i);
-    MOZ_CRASH("Invalid PC offset for IC entry.");
-}
-
-ICEntry &
-BaselineScript::icEntryFromPCOffset(uint32_t pcOffset)
-{
-    // Multiple IC entries can have the same PC offset, but this method only looks for
-    // those which have isForOp() set.
-    size_t mid = ComputeBinarySearchMid(this, pcOffset);

    // Found an IC entry with a matching PC offset.  Search backward, and then
    // forward from this IC entry, looking for one with the same PC offset which
--- a/js/src/jit/BaselineJIT.h
+++ b/js/src/jit/BaselineJIT.h
@ -330,7 +330,6 @@ struct BaselineScript
    ICEntry &icEntry(size_t index);
    ICEntry *maybeICEntryFromReturnOffset(CodeOffsetLabel returnOffset);
    ICEntry &icEntryFromReturnOffset(CodeOffsetLabel returnOffset);
-    ICEntry &anyKindICEntryFromPCOffset(uint32_t pcOffset);
    ICEntry &icEntryFromPCOffset(uint32_t pcOffset);
    ICEntry &icEntryFromPCOffset(uint32_t pcOffset, ICEntry *prevLookedUpEntry);
    ICEntry *maybeICEntryFromReturnAddress(uint8_t *returnAddr);