Bug 1154556 - OdinMonkey: simplify icache flushing (r=bbouvier)

js/src/asmjs/AsmJSLink.cpp

@@ -60,8 +60,6 @@ CloneModule(JSContext* cx, MutableHandle<AsmJSModuleObject*> moduleObj)
     if (!moduleObj->module().clone(cx, &module))
         return false;
 
-    module->staticallyLink(cx);
-
     AsmJSModuleObject* newModuleObj = AsmJSModuleObject::create(cx, &module);
     if (!newModuleObj)
         return false;
@@ -1049,27 +1047,19 @@ LinkAsmJS(JSContext* cx, unsigned argc, JS::Value* vp)
     RootedFunction fun(cx, &args.callee().as<JSFunction>());
     Rooted<AsmJSModuleObject*> moduleObj(cx, &ModuleFunctionToModuleObject(fun));
 
-    // All ICache flushing of the module being linked has been inhibited under the
-    // assumption that the module is flushed after dynamic linking (when the last code
-    // mutation occurs).  Thus, enter an AutoFlushICache context for the entire module
-    // now.  The module range is set below.
-    AutoFlushICache afc("LinkAsmJS");
 
     // When a module is linked, it is dynamically specialized to the given
     // arguments (buffer, ffis). Thus, if the module is linked again (it is just
     // a function so it can be called multiple times), we need to clone a new
     // module.
-    if (moduleObj->module().isDynamicallyLinked()) {
-        if (!CloneModule(cx, &moduleObj))
-            return false;
-    } else {
-        // CloneModule already calls setAutoFlushICacheRange internally before patching
-        // the cloned module, so avoid calling twice.
-        moduleObj->module().setAutoFlushICacheRange();
-    }
+    if (moduleObj->module().isDynamicallyLinked() && !CloneModule(cx, &moduleObj))
+        return false;
 
     AsmJSModule& module = moduleObj->module();
 
+    AutoFlushICache afc("LinkAsmJS");
+    module.setAutoFlushICacheRange();
+
     // Link the module by performing the link-time validation checks in the
     // asm.js spec and then patching the generated module to associate it with
     // the given heap (ArrayBuffer) and a new global data segment (the closure

js/src/asmjs/AsmJSModule.cpp

@@ -930,6 +930,9 @@ AsmJSModule::detachHeap(JSContext* cx)
     MOZ_ASSERT_IF(active(), activation()->exitReason() == AsmJSExit::Reason_JitFFI ||
                             activation()->exitReason() == AsmJSExit::Reason_SlowFFI);
 
+    AutoFlushICache afc("AsmJSModule::detachHeap");
+    setAutoFlushICacheRange();
+
     restoreHeapToInitialState(maybeHeap_);
 
     MOZ_ASSERT(hasDetachedHeap());
@@ -1654,11 +1657,13 @@ AsmJSModule::clone(JSContext* cx, ScopedJSDeletePtr<AsmJSModule>* moduleOut) con
         }
     }
 
-    // We already know the exact extent of areas that need to be patched, just make sure we
-    // flush all of them at once.
+
+    // Delay flushing until dynamic linking.
+    AutoFlushICache afc("AsmJSModule::clone", /* inhibit = */ true);
     out.setAutoFlushICacheRange();
 
     out.restoreToInitialState(maybeHeap_, code_, cx);
+    out.staticallyLink(cx);
     return true;
 }
 
@@ -2250,10 +2255,8 @@ js::LookupAsmJSModuleInCache(ExclusiveContext* cx,
     parser.tokenStream.advance(module->srcEndBeforeCurly());
 
     {
-        // No need to flush the instruction cache now, it will be flushed when
-        // dynamically linking. We already know the exact extent of areas that need
-        // to be patched, just make sure we flush all of them at once.
-        AutoFlushICache afc("LookupAsmJSModuleInCache", /* inhibit= */ true);
+        // Delay flushing until dynamic linking.
+        AutoFlushICache afc("LookupAsmJSModuleInCache", /* inhibit = */ true);
         module->setAutoFlushICacheRange();
 
         module->staticallyLink(cx);

js/src/asmjs/AsmJSValidate.cpp

@@ -9379,8 +9379,9 @@ CheckModule(ExclusiveContext* cx, AsmJSParser& parser, ParseNode* stmtList,
     if (tk != TOK_EOF && tk != TOK_RC)
         return m.fail(nullptr, "top-level export (return) must be the last statement");
 
-    // The instruction cache is flushed when dynamically linking, so can inhibit now.
-    AutoFlushICache afc("CheckModule", /* inhibit= */ true);
+    // Delay flushing until dynamic linking. The inhibited range is set by the
+    // masm.executableCopy() called transitively by FinishModule.
+    AutoFlushICache afc("CheckModule", /* inhibit = */ true);
 
     ScopedJSDeletePtr<AsmJSModule> module;
     if (!FinishModule(m, &module))