Bug 945453 - Postbarrier JIT-code writes to arguments objects r=terrence r=djvj

2013-12-11 14:03:24 +00:00 · 2013-12-11 14:03:24 +00:00 · 9b1330b3b0
--- a/js/src/gc/StoreBuffer.cpp
+++ b/js/src/gc/StoreBuffer.cpp
@ -10,6 +10,7 @@

 #include "mozilla/Assertions.h"

+#include "vm/ArgumentsObject.h"
 #include "vm/ForkJoin.h"

 #include "jsgcinlines.h"
@ -64,7 +65,11 @@ StoreBuffer::WholeCellEdges::mark(JSTracer *trc)
    JS_ASSERT(tenured->isTenured());
    JSGCTraceKind kind = GetGCThingTraceKind(tenured);
    if (kind <= JSTRACE_OBJECT) {
-        MarkChildren(trc, static_cast<JSObject *>(tenured));
+        JSObject *object = static_cast<JSObject *>(tenured);
+        if (object->is<ArgumentsObject>())
+            ArgumentsObject::trace(trc, object);
+        else
+            MarkChildren(trc, object);
        return;
    }
 #ifdef JS_ION
--- a/js/src/jit/BaselineCompiler.cpp
+++ b/js/src/jit/BaselineCompiler.cpp
@ -2343,6 +2343,26 @@ BaselineCompiler::emitFormalArgAccess(uint32_t arg, bool get)
    } else {
        masm.patchableCallPreBarrier(argAddr, MIRType_Value);
        storeValue(frame.peek(-1), argAddr, R0);
+
+#ifdef JSGC_GENERATIONAL
+        // Fully sync the stack if post-barrier is needed.
+        frame.syncStack(0);
+
+        // Reload the arguments object
+        Register reg = R2.scratchReg();
+        masm.loadPtr(Address(BaselineFrameReg, BaselineFrame::reverseOffsetOfArgsObj()), reg);
+
+        Nursery &nursery = cx->runtime()->gcNursery;
+        Label skipBarrier;
+        Label isTenured;
+        masm.branchPtr(Assembler::Below, reg, ImmWord(nursery.start()), &isTenured);
+        masm.branchPtr(Assembler::Below, reg, ImmWord(nursery.heapEnd()), &skipBarrier);
+
+        masm.bind(&isTenured);
+        masm.call(&postBarrierSlot_);
+
+        masm.bind(&skipBarrier);
+#endif
    }

    masm.bind(&done);
--- a/js/src/jit/IonBuilder.cpp
+++ b/js/src/jit/IonBuilder.cpp
@ -9111,7 +9111,10 @@ IonBuilder::jsop_setarg(uint32_t arg)
    // If an arguments object is in use, and it aliases formals, then all SETARGs
    // must go through the arguments object.
    if (info().argsObjAliasesFormals()) {
-        current->add(MSetArgumentsObjectArg::New(alloc(), current->argumentsObject(), GET_SLOTNO(pc), val));
+        if (NeedsPostBarrier(info(), val))
+            current->add(MPostWriteBarrier::New(alloc(), current->argumentsObject(), val));
+        current->add(MSetArgumentsObjectArg::New(alloc(), current->argumentsObject(),
+                                                 GET_SLOTNO(pc), val));
        return true;
    }