Bug 618362 - Fix offset when accessing args in strict mode (r=njn)

js/src/jit-test/tests/arguments/strict-args.js

@@ -13,7 +13,7 @@ function strictArgs(a)
 }
 
 var a1, a2, a3;
-for (var i = 0; i < 5; i++)
+for (var i = 0; i < HOTLOOP+1; i++)
 {
   a1 = strictArgs();
   a2 = strictArgs(1);

js/src/jstracer.cpp

@@ -10476,8 +10476,8 @@ TraceRecorder::newArguments(LIns* callee_ins, bool strict)
     if (strict) {
         LIns* argsData_ins = w.getObjPrivatizedSlot(argsobj_ins, JSObject::JSSLOT_ARGS_DATA);
         ptrdiff_t slotsOffset = offsetof(ArgumentsData, slots);
-        cx->fp()->forEachCanonicalActualArg(BoxArg(this, ArgsSlotsAddress(argsData_ins,
-                                                                          slotsOffset)));
+        cx->fp()->forEachCanonicalActualArg(BoxArg(this, ArgsSlotOffsetAddress(argsData_ins,
+                                                                               slotsOffset)));
     }
 
     return argsobj_ins;
@@ -12586,7 +12586,8 @@ TraceRecorder::guardNotHole(LIns *argsobj_ins, LIns *idx_ins)
     LIns* vp_ins = w.addp(argsData_ins, slotOffset_ins);
 
     guard(false,
-          w.name(is_boxed_magic(ArgsSlotsAddress(vp_ins), JS_ARGS_HOLE), "guard(not deleted arg)"),
+          w.name(is_boxed_magic(ArgsSlotOffsetAddress(vp_ins), JS_ARGS_HOLE),
+                 "guard(not deleted arg)"),
           MISMATCH_EXIT);
 }
 

js/src/tracejit/Writer.h

@@ -244,10 +244,10 @@ struct FCSlotsAddress : Address
       : Address(base, slot * sizeof(Value), ACCSET_FCSLOTS) {}
 };
 
-struct ArgsSlotsAddress : Address
+struct ArgsSlotOffsetAddress : Address
 {
-    ArgsSlotsAddress(nj::LIns *base, unsigned slot = 0)
-      : Address(base, slot * sizeof(Value), ACCSET_ARGS_DATA) {}
+    ArgsSlotOffsetAddress(nj::LIns *base, unsigned offset = 0)
+      : Address(base, offset, ACCSET_ARGS_DATA) {}
 };
 
 struct AnyAddress : Address