From fac2089f95967822e89f07ea062ceb862efbc5e2 Mon Sep 17 00:00:00 2001
From: Nicholas Nethercote <nnethercote@mozilla.com>
Date: Tue, 23 Mar 2010 15:49:12 -0700
Subject: [PATCH] Follow-up assertion failure fix for bug 517910.  r=me.

--HG--
extra : convert_revision : dfaf13aa4c5928bcd871ac7f279657c87de7b0f9
---
 js/src/nanojit/LIR.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/js/src/nanojit/LIR.cpp b/js/src/nanojit/LIR.cpp
index 45fca4f3bde..2a71fa4f697 100644
--- a/js/src/nanojit/LIR.cpp
+++ b/js/src/nanojit/LIR.cpp
@@ -2304,10 +2304,18 @@ namespace nanojit
 
     LIns* CseFilter::insStore(LOpcode op, LInsp value, LInsp base, int32_t disp, AccSet accSet)
     {
-        storesSinceLastLoad |= accSet;
-        LIns* ins = out->insStore(op, value, base, disp, accSet);
-        NanoAssert(ins->isop(op) && ins->oprnd1() == value && ins->oprnd2() == base &&
-                   ins->disp() == disp && ins->accSet() == accSet);
+        LInsp ins;
+        if (isS16(disp)) {
+            storesSinceLastLoad |= accSet;
+            ins = out->insStore(op, value, base, disp, accSet);
+            NanoAssert(ins->isop(op) && ins->oprnd1() == value && ins->oprnd2() == base &&
+                       ins->disp() == disp && ins->accSet() == accSet);
+        } else {
+            // If the displacement is more than 16 bits, put it in a separate
+            // instruction.  Nb: LirBufWriter also does this, we do it here
+            // too because CseFilter relies on LirBufWriter not changing code.
+            ins = insStore(op, value, ins2(LIR_addp, base, insImmWord(disp)), 0, accSet);
+        }
         return ins;
     }