From 89063cafd5b3ab32429f2ba5ef44668b83c0ca08 Mon Sep 17 00:00:00 2001 From: Jan de Mooij Date: Tue, 13 Aug 2013 17:11:41 +0200 Subject: [PATCH] Bug 904079 - Snapshots should not have emitted-at-uses operands. r=bhackett --HG-- extra : rebase_source : 501011273e1276d1a178f79e4fcccbe97dd38f21 --- js/src/jit-test/tests/ion/try-catch-5.js | 8 ++++++++ js/src/jit/Lowering.cpp | 12 ++++++++---- js/src/jit/shared/CodeGenerator-shared.cpp | 3 +++ js/src/jit/shared/Lowering-shared.cpp | 22 ++++++++++++++++++++-- 4 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 js/src/jit-test/tests/ion/try-catch-5.js diff --git a/js/src/jit-test/tests/ion/try-catch-5.js b/js/src/jit-test/tests/ion/try-catch-5.js new file mode 100644 index 00000000000..059ce6281e2 --- /dev/null +++ b/js/src/jit-test/tests/ion/try-catch-5.js @@ -0,0 +1,8 @@ +function x() { + try { + do { + var { q , gen } = t; + } while(false); + } catch (e) {} +} +x(); diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp index 3804022e3f2..8f10aca56b5 100644 --- a/js/src/jit/Lowering.cpp +++ b/js/src/jit/Lowering.cpp @@ -988,15 +988,19 @@ CanEmitBitAndAtUses(MInstruction *ins) if (ins->getOperand(0)->type() != MIRType_Int32 || ins->getOperand(1)->type() != MIRType_Int32) return false; - MUseDefIterator iter(ins); - if (!iter) + MUseIterator iter(ins->usesBegin()); + if (iter == ins->usesEnd()) return false; - if (!iter.def()->isTest()) + MNode *node = iter->consumer(); + if (!node->isDefinition()) + return false; + + if (!node->toDefinition()->isTest()) return false; iter++; - return !iter; + return iter == ins->usesEnd(); } bool diff --git a/js/src/jit/shared/CodeGenerator-shared.cpp b/js/src/jit/shared/CodeGenerator-shared.cpp index 676affc4c89..187b6398aa7 100644 --- a/js/src/jit/shared/CodeGenerator-shared.cpp +++ b/js/src/jit/shared/CodeGenerator-shared.cpp @@ -143,6 +143,9 @@ CodeGeneratorShared::encodeSlots(LSnapshot *snapshot, MResumePoint *resumePoint, mir = mir->toPassArg()->getArgument(); JS_ASSERT(!mir->isPassArg()); + if (mir->isBox()) + mir = mir->toBox()->getOperand(0); + MIRType type = mir->isUnused() ? MIRType_Undefined : mir->type(); diff --git a/js/src/jit/shared/Lowering-shared.cpp b/js/src/jit/shared/Lowering-shared.cpp index 1d51a2d6a88..abd2fe2ccc7 100644 --- a/js/src/jit/shared/Lowering-shared.cpp +++ b/js/src/jit/shared/Lowering-shared.cpp @@ -82,9 +82,17 @@ LIRGeneratorShared::buildSnapshot(LInstruction *ins, MResumePoint *rp, BailoutKi ins = ins->toPassArg()->getArgument(); JS_ASSERT(!ins->isPassArg()); + if (ins->isBox()) + ins = ins->toBox()->getOperand(0); + // Guards should never be eliminated. JS_ASSERT_IF(ins->isUnused(), !ins->isGuard()); + // Snapshot operands other than constants should never be + // emitted-at-uses. Try-catch support depends on there being no + // code between an instruction and the LOsiPoint that follows it. + JS_ASSERT_IF(!ins->isConstant(), !ins->isEmittedAtUses()); + // The register allocation will fill these fields in with actual // register/stack assignments. During code generation, we can restore // interpreter state with the given information. Note that for @@ -97,8 +105,6 @@ LIRGeneratorShared::buildSnapshot(LInstruction *ins, MResumePoint *rp, BailoutKi *type = LConstantIndex::Bogus(); *payload = use(ins, LUse::KEEPALIVE); } else { - if (!ensureDefined(ins)) - return NULL; *type = useType(ins, LUse::KEEPALIVE); *payload = usePayload(ins, LUse::KEEPALIVE); } @@ -129,6 +135,18 @@ LIRGeneratorShared::buildSnapshot(LInstruction *ins, MResumePoint *rp, BailoutKi if (def->isPassArg()) def = def->toPassArg()->getArgument(); + JS_ASSERT(!def->isPassArg()); + + if (def->isBox()) + def = def->toBox()->getOperand(0); + + // Guards should never be eliminated. + JS_ASSERT_IF(def->isUnused(), !def->isGuard()); + + // Snapshot operands other than constants should never be + // emitted-at-uses. Try-catch support depends on there being no + // code between an instruction and the LOsiPoint that follows it. + JS_ASSERT_IF(!def->isConstant(), !def->isEmittedAtUses()); LAllocation *a = snapshot->getEntry(i);