Bug 1384318 - Inline native check for emitMegamorphicLoadSlot variants. r=jandem

2017-07-25 15:17:00 -04:00 · 2017-07-25 15:17:00 -04:00 · 43fc02b967
--- a/js/src/jit/BaselineCacheIRCompiler.cpp
+++ b/js/src/jit/BaselineCacheIRCompiler.cpp
@ -494,6 +494,11 @@ BaselineCacheIRCompiler::emitMegamorphicLoadSlotResult()
    if (!addFailurePath(&failure))
        return false;

+    // The object must be Native.
+    masm.loadObjClass(obj, scratch3);
+    masm.branchTest32(Assembler::NonZero, Address(scratch3, Class::offsetOfFlags()),
+                      Imm32(Class::NON_NATIVE), failure->label());
+
    masm.Push(UndefinedValue());
    masm.moveStackPtrTo(scratch3.get());

--- a/js/src/jit/CacheIRCompiler.cpp
+++ b/js/src/jit/CacheIRCompiler.cpp
@ -2449,6 +2449,11 @@ CacheIRCompiler::emitMegamorphicLoadSlotByValueResult()
    if (!addFailurePath(&failure))
        return false;

+    // The object must be Native.
+    masm.loadObjClass(obj, scratch);
+    masm.branchTest32(Assembler::NonZero, Address(scratch, Class::offsetOfFlags()),
+                      Imm32(Class::NON_NATIVE), failure->label());
+
    // idVal will be in vp[0], result will be stored in vp[1].
    masm.reserveStack(sizeof(Value));
    masm.Push(idVal);
--- a/js/src/jit/IonCacheIRCompiler.cpp
+++ b/js/src/jit/IonCacheIRCompiler.cpp
@ -846,6 +846,11 @@ IonCacheIRCompiler::emitMegamorphicLoadSlotResult()
    if (!addFailurePath(&failure))
        return false;

+    // The object must be Native.
+    masm.loadObjClass(obj, scratch3);
+    masm.branchTest32(Assembler::NonZero, Address(scratch3, Class::offsetOfFlags()),
+                      Imm32(Class::NON_NATIVE), failure->label());
+
    masm.Push(UndefinedValue());
    masm.moveStackPtrTo(scratch3.get());

--- a/js/src/jit/VMFunctions.cpp
+++ b/js/src/jit/VMFunctions.cpp
@ -1617,8 +1617,8 @@ template <bool HandleMissing>
 bool
 GetNativeDataProperty(JSContext* cx, JSObject* obj, PropertyName* name, Value* vp)
 {
-    if (MOZ_UNLIKELY(!obj->isNative()))
-        return false;
+    // Condition checked by caller.
+    MOZ_ASSERT(obj->isNative());
    return GetNativeDataProperty<HandleMissing>(cx, &obj->as<NativeObject>(), NameToId(name), vp);
 }

@ -1666,8 +1666,8 @@ GetNativeDataPropertyByValue(JSContext* cx, JSObject* obj, Value* vp)
 {
    JS::AutoCheckCannotGC nogc;

-    if (MOZ_UNLIKELY(!obj->isNative()))
-        return false;
+    // Condition checked by caller.
+    MOZ_ASSERT(obj->isNative());

    // vp[0] contains the id, result will be stored in vp[1].
    Value idVal = vp[0];