From eedeed1e471350f54bcd41bb9b5aa7d658070919 Mon Sep 17 00:00:00 2001
From: Jason Orendorff <jorendorff@mozilla.com>
Date: Tue, 10 Mar 2015 12:22:30 -0500
Subject: [PATCH] Bug 1141329, prelude - Make ObjectOpResult pointer-sized to
 fix amazingly bogus code and assertions in IonCaches, introduced by rev
 0712a3d4b79c. r=efaust.

--HG--
extra : rebase_source : 1d82219b61105088cf27154c6200e647091a36e0
---
 js/public/Class.h        | 20 ++++++++++++++++----
 js/src/jit/IonCaches.cpp |  8 ++++----
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/js/public/Class.h b/js/public/Class.h
index 57a5766cb2a8..4232a37d3419 100644
--- a/js/public/Class.h
+++ b/js/public/Class.h
@@ -80,14 +80,26 @@ class AutoIdVector;
 class ObjectOpResult
 {
   private:
-    uint32_t code_;
+    /*
+     * code_ is either one of the special codes OkCode or Uninitialized, or
+     * an error code. For now the error codes are private to the JS engine;
+     * they're defined in js/src/js.msg.
+     *
+     * code_ is uintptr_t (rather than uint32_t) for the convenience of the
+     * JITs, which would otherwise have to deal with either padding or stack
+     * alignment on 64-bit platforms.
+     */
+    uintptr_t code_;
 
   public:
-    enum { OkCode = 0, Uninitialized = 0xffffffff };
+    enum SpecialCodes : uintptr_t {
+        OkCode = 0,
+        Uninitialized = uintptr_t(-1)
+    };
 
     ObjectOpResult() : code_(Uninitialized) {}
 
-    /* Return true if fail() was not called. */
+    /* Return true if succeed() was called. */
     bool ok() const {
         MOZ_ASSERT(code_ != Uninitialized);
         return code_ == OkCode;
@@ -129,7 +141,7 @@ class ObjectOpResult
 
     uint32_t failureCode() const {
         MOZ_ASSERT(!ok());
-        return code_;
+        return uint32_t(code_);
     }
 
     /*
diff --git a/js/src/jit/IonCaches.cpp b/js/src/jit/IonCaches.cpp
index 4db265467d88..b6ccb4dfc9f9 100644
--- a/js/src/jit/IonCaches.cpp
+++ b/js/src/jit/IonCaches.cpp
@@ -1464,11 +1464,11 @@ GetPropertyIC::tryAttachTypedArrayLength(JSContext *cx, HandleScript outerScript
 }
 
 static void
-PushObjectOpResult(MacroAssembler &masm, uint32_t value = ObjectOpResult::Uninitialized)
+PushObjectOpResult(MacroAssembler &masm)
 {
-    static_assert(sizeof(ObjectOpResult) == sizeof(int32_t),
+    static_assert(sizeof(ObjectOpResult) == sizeof(uintptr_t),
                   "ObjectOpResult size must match size reserved by masm.Push() here");
-    masm.Push(Imm32(value));
+    masm.Push(ImmWord(uintptr_t(ObjectOpResult::Uninitialized)));
 }
 
 static bool
@@ -1515,7 +1515,7 @@ EmitCallProxyGet(JSContext *cx, MacroAssembler &masm, IonCache::StubAttacher &at
     masm.movePtr(StackPointer, argProxyReg);
 
     // Unused space, to keep the same stack layout as Proxy::set frames.
-    PushObjectOpResult(masm, 0);
+    PushObjectOpResult(masm);
 
     masm.loadJSContext(argJSContextReg);