Bug 1393011 - Part 3: Fix a bug where BufferInstructionIterator advances too far. r=nbp

In the case of InstIsGuard(), the BufferInstructionIterator implementation forgot that the underlying AssemblerBufferInstIterator is based on BufferOffsets, the incrementation of which skips pools already. --HG-- extra : histedit_source : c0520c1e7d4ab4a65d4546ee196192f2164c32a3
2017-12-13 15:56:29 -06:00 · 2017-12-13 15:56:29 -06:00 · db486799ac
--- a/js/src/jit/arm/Assembler-arm.cpp
+++ b/js/src/jit/arm/Assembler-arm.cpp
@ -3289,26 +3289,21 @@ Instruction::maybeSkipAutomaticInstructions()
    return this;
 }

-void
+Instruction*
 BufferInstructionIterator::maybeSkipAutomaticInstructions()
 {
+    const PoolHeader* ph;
    // If this is a guard, and the next instruction is a header, always work
    // around the pool. If it isn't a guard, then start looking ahead.
-
-    const PoolHeader* ph;
    if (InstIsGuard(*this, &ph)) {
        // Don't skip a natural guard.
        if (ph->isNatural())
-            return;
-        advance(sizeof(Instruction) * (1 + ph->size()));
-        maybeSkipAutomaticInstructions();
-        return;
-    }
-
-    if (InstIsBNop(cur())) {
-        next();
-        maybeSkipAutomaticInstructions();
+            return cur();
+        return next();
    }
+    if (InstIsBNop(cur()))
+        return next();
+    return cur();
 }

 // Cases to be handled:
--- a/js/src/jit/arm/Assembler-arm.h
+++ b/js/src/jit/arm/Assembler-arm.h
@ -1137,7 +1137,6 @@ PatchBackedge(CodeLocationJump& jump_, CodeLocationLabel label, JitZoneGroup::Ba
    PatchJump(jump_, label);
 }

-class InstructionIterator;
 class Assembler;
 typedef js::jit::AssemblerBufferWithConstantPools<1024, 4, Instruction, Assembler> ARMBuffer;

@ -2290,13 +2289,24 @@ class InstructionIterator
    }
 };

+// Compile-time iterator over instructions, with a safe interface that
+// references not-necessarily-linear Instructions by linear BufferOffset.
 class BufferInstructionIterator : public ARMBuffer::AssemblerBufferInstIterator
 {
  public:
    BufferInstructionIterator(BufferOffset bo, ARMBuffer* buffer)
      : ARMBuffer::AssemblerBufferInstIterator(bo, buffer)
    {}
-    void maybeSkipAutomaticInstructions();
+
+    // Advances the buffer to the next intentionally-inserted instruction.
+    Instruction* next() {
+        advance(cur()->size());
+        maybeSkipAutomaticInstructions();
+        return cur();
+    }
+
+    // Advances the BufferOffset past any automatically-inserted instructions.
+    Instruction* maybeSkipAutomaticInstructions();
 };

 static const uint32_t NumIntArgRegs = 4;