From f97efb763e901eb49381fed3639a3480de29f143 Mon Sep 17 00:00:00 2001 From: Marty Rosenberg Date: Fri, 6 Sep 2013 05:14:44 -0400 Subject: [PATCH] Bug 913216: Mark the entire heap to be flushed as soon as we start modifing bounds checks. (r=luke) --- js/src/jit/AsmJSModule.cpp | 6 ++++-- js/src/jit/Ion.cpp | 2 +- js/src/jit/arm/Assembler-arm.cpp | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/js/src/jit/AsmJSModule.cpp b/js/src/jit/AsmJSModule.cpp index 64f265b9d56..bd693ad6fb3 100644 --- a/js/src/jit/AsmJSModule.cpp +++ b/js/src/jit/AsmJSModule.cpp @@ -33,11 +33,13 @@ AsmJSModule::patchHeapAccesses(ArrayBufferObject *heap, JSContext *cx) JSC::X86Assembler::setPointer(heapAccesses_[i].patchOffsetAt(code_), heapOffset); } #elif defined(JS_CPU_ARM) - jit::IonContext ic(cx, NULL); - jit::AutoFlushCache afc("patchBoundsCheck"); + uint32_t bits = mozilla::CeilingLog2(heap->byteLength()); for (unsigned i = 0; i < heapAccesses_.length(); i++) jit::Assembler::updateBoundsCheck(bits, (jit::Instruction*)(heapAccesses_[i].offset() + code_)); + // We already know the exact extent of areas that need to be patched, just make sure we + // flush all of them at once. + jit::AutoFlushCache::updateTop(uintptr_t(code_), pod.codeBytes_); #endif } diff --git a/js/src/jit/Ion.cpp b/js/src/jit/Ion.cpp index f3e301b3e1b..7d2ecde8a68 100644 --- a/js/src/jit/Ion.cpp +++ b/js/src/jit/Ion.cpp @@ -2589,7 +2589,7 @@ void AutoFlushCache::updateTop(uintptr_t p, size_t len) { IonContext *ictx = GetIonContext(); - IonRuntime *irt = ictx->runtime->ionRuntime(); + IonRuntime *irt = (ictx != NULL) ? ictx->runtime->ionRuntime() : NULL; if (!irt || !irt->flusher()) JSC::ExecutableAllocator::cacheFlush((void*)p, len); else diff --git a/js/src/jit/arm/Assembler-arm.cpp b/js/src/jit/arm/Assembler-arm.cpp index 47595724986..76b6e469afa 100644 --- a/js/src/jit/arm/Assembler-arm.cpp +++ b/js/src/jit/arm/Assembler-arm.cpp @@ -2741,7 +2741,8 @@ void Assembler::updateBoundsCheck(uint32_t logHeapSize, Instruction *inst) // O2RegImmShift shift = reg.toO2RegImmShift(); *inst = InstALU(ScratchRegister, InvalidReg, lsr(index, logHeapSize), op_mov, SetCond, Always); - AutoFlushCache::updateTop(uintptr_t(inst), 4); + // NOTE: we don't update the Auto Flush Cache! this function is currently only called from + // within AsmJSModule::patchHeapAccesses, which does that for us. Don't call this! } void