From f0f683b11df0f070437faedf2c1072bae859e3e1 Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <benj@benj.me>
Date: Mon, 23 Feb 2015 16:31:26 +0100
Subject: [PATCH] Bug 1134638: 11. Add type checks in move emitter and LIR
 generation; r=nbp

---
 js/src/jit/LIR.cpp                        | 2 ++
 js/src/jit/Lowering.cpp                   | 5 +++++
 js/src/jit/shared/Lowering-x86-shared.cpp | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/js/src/jit/LIR.cpp b/js/src/jit/LIR.cpp
index 21d1dee0786..740d0c18ee9 100644
--- a/js/src/jit/LIR.cpp
+++ b/js/src/jit/LIR.cpp
@@ -547,12 +547,14 @@ LMoveGroup::add(LAllocation *from, LAllocation *to, LDefinition::Type type)
 
     // Check that SIMD moves are aligned according to ABI requirements.
     if (LDefinition(type).isSimdType()) {
+        MOZ_ASSERT(from->isMemory() || from->isFloatReg());
         if (from->isMemory()) {
             if (from->isArgument())
                 MOZ_ASSERT(from->toArgument()->index() % SimdMemoryAlignment == 0);
             else
                 MOZ_ASSERT(from->toStackSlot()->slot() % SimdMemoryAlignment == 0);
         }
+        MOZ_ASSERT(to->isMemory() || to->isFloatReg());
         if (to->isMemory()) {
             if (to->isArgument())
                 MOZ_ASSERT(to->toArgument()->index() % SimdMemoryAlignment == 0);
diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp
index 7d869e5792e..d1c7fdaec97 100644
--- a/js/src/jit/Lowering.cpp
+++ b/js/src/jit/Lowering.cpp
@@ -3969,6 +3969,7 @@ LIRGenerator::visitSimdShuffle(MSimdShuffle *ins)
 void
 LIRGenerator::visitSimdUnaryArith(MSimdUnaryArith *ins)
 {
+    MOZ_ASSERT(IsSimdType(ins->input()->type()));
     MOZ_ASSERT(IsSimdType(ins->type()));
 
     // Cannot be at start, as the ouput is used as a temporary to store values.
@@ -3988,6 +3989,8 @@ LIRGenerator::visitSimdUnaryArith(MSimdUnaryArith *ins)
 void
 LIRGenerator::visitSimdBinaryComp(MSimdBinaryComp *ins)
 {
+    MOZ_ASSERT(IsSimdType(ins->lhs()->type()));
+    MOZ_ASSERT(IsSimdType(ins->rhs()->type()));
     MOZ_ASSERT(ins->type() == MIRType_Int32x4);
 
     if (ShouldReorderCommutative(ins->lhs(), ins->rhs(), ins))
@@ -4007,6 +4010,8 @@ LIRGenerator::visitSimdBinaryComp(MSimdBinaryComp *ins)
 void
 LIRGenerator::visitSimdBinaryBitwise(MSimdBinaryBitwise *ins)
 {
+    MOZ_ASSERT(IsSimdType(ins->lhs()->type()));
+    MOZ_ASSERT(IsSimdType(ins->rhs()->type()));
     MOZ_ASSERT(IsSimdType(ins->type()));
 
     MDefinition *lhs = ins->lhs();
diff --git a/js/src/jit/shared/Lowering-x86-shared.cpp b/js/src/jit/shared/Lowering-x86-shared.cpp
index f57b4dce9dc..05ff8079c98 100644
--- a/js/src/jit/shared/Lowering-x86-shared.cpp
+++ b/js/src/jit/shared/Lowering-x86-shared.cpp
@@ -634,6 +634,8 @@ LIRGeneratorX86Shared::visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins)
 void
 LIRGeneratorX86Shared::visitSimdBinaryArith(MSimdBinaryArith *ins)
 {
+    MOZ_ASSERT(IsSimdType(ins->lhs()->type()));
+    MOZ_ASSERT(IsSimdType(ins->rhs()->type()));
     MOZ_ASSERT(IsSimdType(ins->type()));
 
     MDefinition *lhs = ins->lhs();