Bug 904079 - Snapshots should not have emitted-at-uses operands. r=bhackett

--HG-- extra : rebase_source : 501011273e1276d1a178f79e4fcccbe97dd38f21
2024-09-13 09:24:08 -07:00 · 2013-08-13 17:11:41 +02:00 · 2013-08-13 17:11:41 +02:00 · 89063cafd5
commit 89063cafd5
parent d8ab2d1b45
4 changed files with 39 additions and 6 deletions
--- a/js/src/jit-test/tests/ion/try-catch-5.js
+++ b/js/src/jit-test/tests/ion/try-catch-5.js
@ -0,0 +1,8 @@
+function x() {
+    try {
+	do {
+	    var { q , gen } = t;
+	} while(false);
+    } catch (e) {}
+}
+x();
--- a/js/src/jit/Lowering.cpp
+++ b/js/src/jit/Lowering.cpp
@ -988,15 +988,19 @@ CanEmitBitAndAtUses(MInstruction *ins)
    if (ins->getOperand(0)->type() != MIRType_Int32 || ins->getOperand(1)->type() != MIRType_Int32)
        return false;

-    MUseDefIterator iter(ins);
-    if (!iter)
+    MUseIterator iter(ins->usesBegin());
+    if (iter == ins->usesEnd())
        return false;

-    if (!iter.def()->isTest())
+    MNode *node = iter->consumer();
+    if (!node->isDefinition())
+        return false;
+
+    if (!node->toDefinition()->isTest())
        return false;

    iter++;
-    return !iter;
+    return iter == ins->usesEnd();
 }

 bool
--- a/js/src/jit/shared/CodeGenerator-shared.cpp
+++ b/js/src/jit/shared/CodeGenerator-shared.cpp
@ -143,6 +143,9 @@ CodeGeneratorShared::encodeSlots(LSnapshot *snapshot, MResumePoint *resumePoint,
            mir = mir->toPassArg()->getArgument();
        JS_ASSERT(!mir->isPassArg());

+        if (mir->isBox())
+            mir = mir->toBox()->getOperand(0);
+
        MIRType type = mir->isUnused()
                       ? MIRType_Undefined
                       : mir->type();
--- a/js/src/jit/shared/Lowering-shared.cpp
+++ b/js/src/jit/shared/Lowering-shared.cpp
@ -82,9 +82,17 @@ LIRGeneratorShared::buildSnapshot(LInstruction *ins, MResumePoint *rp, BailoutKi
                ins = ins->toPassArg()->getArgument();
            JS_ASSERT(!ins->isPassArg());

+            if (ins->isBox())
+                ins = ins->toBox()->getOperand(0);
+
            // Guards should never be eliminated.
            JS_ASSERT_IF(ins->isUnused(), !ins->isGuard());

+            // Snapshot operands other than constants should never be
+            // emitted-at-uses. Try-catch support depends on there being no
+            // code between an instruction and the LOsiPoint that follows it.
+            JS_ASSERT_IF(!ins->isConstant(), !ins->isEmittedAtUses());
+
            // The register allocation will fill these fields in with actual
            // register/stack assignments. During code generation, we can restore
            // interpreter state with the given information. Note that for
@ -97,8 +105,6 @@ LIRGeneratorShared::buildSnapshot(LInstruction *ins, MResumePoint *rp, BailoutKi
                *type = LConstantIndex::Bogus();
                *payload = use(ins, LUse::KEEPALIVE);
            } else {
-                if (!ensureDefined(ins))
-                    return NULL;
                *type = useType(ins, LUse::KEEPALIVE);
                *payload = usePayload(ins, LUse::KEEPALIVE);
            }
@ -129,6 +135,18 @@ LIRGeneratorShared::buildSnapshot(LInstruction *ins, MResumePoint *rp, BailoutKi

            if (def->isPassArg())
                def = def->toPassArg()->getArgument();
+            JS_ASSERT(!def->isPassArg());
+
+            if (def->isBox())
+                def = def->toBox()->getOperand(0);
+
+            // Guards should never be eliminated.
+            JS_ASSERT_IF(def->isUnused(), !def->isGuard());
+
+            // Snapshot operands other than constants should never be
+            // emitted-at-uses. Try-catch support depends on there being no
+            // code between an instruction and the LOsiPoint that follows it.
+            JS_ASSERT_IF(!def->isConstant(), !def->isEmittedAtUses());

            LAllocation *a = snapshot->getEntry(i);