mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add more rooting for interpreter, TI and JIT, bug 772303, r=terrence. Also disable Windows PGO for RegExp.cpp because the compiler is broken.

This commit is contained in:
Brian Hackett 2012-07-12 12:36:27 -06:00
Родитель fdba2c21f7
Коммит f6b80832a6
20 изменённых файлов: 176 добавлений и 153 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
js/src/Makefile.in
Просмотреть файл

@ -677,6 +677,8 @@ ifeq ($(CPU_ARCH),x86)
# Workaround compiler bug on PGO (Bug 721284) # Workaround compiler bug on PGO (Bug 721284)
MonoIC.$(OBJ_SUFFIX): CXXFLAGS += -GL- MonoIC.$(OBJ_SUFFIX): CXXFLAGS += -GL-
Compiler.$(OBJ_SUFFIX): CXXFLAGS += -GL- Compiler.$(OBJ_SUFFIX): CXXFLAGS += -GL-
# Ditto (Bug 772303)
RegExp.$(OBJ_SUFFIX): CXXFLAGS += -GL-
endif endif
endif # _MSC_VER endif # _MSC_VER

4
js/src/builtin/RegExp.cpp
Просмотреть файл

@ -576,7 +576,7 @@ ExecuteRegExp(JSContext *cx, Native native, unsigned argc, Value *vp)
return false; return false;
/* Step 4. */ /* Step 4. */
const Value &lastIndex = reobj->getLastIndex(); Value lastIndex = reobj->getLastIndex();
/* Step 5. */ /* Step 5. */
double i; double i;
@ -588,7 +588,7 @@ ExecuteRegExp(JSContext *cx, Native native, unsigned argc, Value *vp)
i = 0; i = 0;
const jschar *chars = linearInput->chars(); const jschar *chars = linearInput->chars();
size_t length = input->length(); size_t length = linearInput->length();
/* Step 9a. */ /* Step 9a. */
if (i < 0 || i > length) { if (i < 0 || i > length) {

5
js/src/frontend/Parser.cpp
Просмотреть файл

@ -516,7 +516,10 @@ CheckStrictParameters(JSContext *cx, Parser *parser)
return false; return false;
// Start with lastVariable(), not the last argument, for destructuring. // Start with lastVariable(), not the last argument, for destructuring.
for (Shape::Range r = sc->bindings.lastVariable(); !r.empty(); r.popFront()) { Shape::Range r = sc->bindings.lastVariable();
Shape::Range::AutoRooter root(cx, &r);
for (; !r.empty(); r.popFront()) {
jsid id = r.front().propid(); jsid id = r.front().propid();
if (!JSID_IS_ATOM(id)) if (!JSID_IS_ATOM(id))
continue; continue;

12
js/src/jsgc.cpp
Просмотреть файл

@ -4327,6 +4327,18 @@ JS::CheckStackRoots(JSContext *cx)
// could happen.) // could happen.)
JS_ASSERT(!cx->rootingUnnecessary); JS_ASSERT(!cx->rootingUnnecessary);
// GCs can't happen when analysis/inference/compilation are active.
if (cx->compartment->activeAnalysis)
return;
// Can switch to the atoms compartment during analysis.
if (IsAtomsCompartment(cx->compartment)) {
for (CompartmentsIter c(rt); !c.done(); c.next()) {
if (c.get()->activeAnalysis)
return;
}
}
AutoCopyFreeListToArenas copy(rt); AutoCopyFreeListToArenas copy(rt);
JSTracer checker; JSTracer checker;

19
js/src/jsinfer.cpp
Просмотреть файл

@ -4452,8 +4452,8 @@ CheckNewScriptProperties(JSContext *cx, HandleTypeObject type, JSFunction *fun)
* than we will use for subsequent new objects. Generate an object with the * than we will use for subsequent new objects. Generate an object with the
* appropriate final shape. * appropriate final shape.
*/ */
baseobj = NewReshapedObject(cx, type, baseobj->getParent(), kind, RootedShape shape(cx, baseobj->lastProperty());
baseobj->lastProperty()); baseobj = NewReshapedObject(cx, type, baseobj->getParent(), kind, shape);
if (!baseobj || if (!baseobj ||
!type->addDefiniteProperties(cx, baseobj) || !type->addDefiniteProperties(cx, baseobj) ||
!initializerList.append(done)) { !initializerList.append(done)) {
@ -5023,13 +5023,15 @@ JSFunction::setTypeForScriptedFunction(JSContext *cx, bool singleton)
if (!setSingletonType(cx)) if (!setSingletonType(cx))
return false; return false;
} else { } else {
RootedFunction self(cx, this);
TypeObject *type = cx->compartment->types.newTypeObject(cx, script(), TypeObject *type = cx->compartment->types.newTypeObject(cx, script(),
JSProto_Function, getProto()); JSProto_Function, getProto());
if (!type) if (!type)
return false; return false;
setType(type); self->setType(type);
type->interpretedFunction = this; type->interpretedFunction = self;
} }
return true; return true;
@ -5203,10 +5205,10 @@ JSObject::makeLazyType(JSContext *cx)
* looking at the class prototype key. * looking at the class prototype key.
*/ */
if (isSlowArray()) if (self->isSlowArray())
type->flags |= OBJECT_FLAG_NON_DENSE_ARRAY | OBJECT_FLAG_NON_PACKED_ARRAY; type->flags |= OBJECT_FLAG_NON_DENSE_ARRAY | OBJECT_FLAG_NON_PACKED_ARRAY;
if (IsTypedArrayProto(this)) if (IsTypedArrayProto(self))
type->flags |= OBJECT_FLAG_NON_TYPED_ARRAY; type->flags |= OBJECT_FLAG_NON_TYPED_ARRAY;
self->type_ = type; self->type_ = type;
@ -5259,7 +5261,7 @@ JSObject::setNewTypeUnknown(JSContext *cx)
} }
TypeObject * TypeObject *
JSObject::getNewType(JSContext *cx, JSFunction *fun) JSObject::getNewType(JSContext *cx, JSFunction *fun_)
{ {
TypeObjectSet &table = cx->compartment->newTypeObjects; TypeObjectSet &table = cx->compartment->newTypeObjects;
@ -5281,13 +5283,14 @@ JSObject::getNewType(JSContext *cx, JSFunction *fun)
* Object.create is called with a prototype object that is also the * Object.create is called with a prototype object that is also the
* 'prototype' property of some scripted function. * 'prototype' property of some scripted function.
*/ */
if (type->newScript && type->newScript->fun != fun) if (type->newScript && type->newScript->fun != fun_)
type->clearNewScript(cx); type->clearNewScript(cx);
return type; return type;
} }
RootedObject self(cx, this); RootedObject self(cx, this);
RootedFunction fun(cx, fun_);
if (!setDelegate(cx)) if (!setDelegate(cx))
return NULL; return NULL;

2
js/src/jsinterp.cpp
Просмотреть файл

@ -839,7 +839,7 @@ TryNoteIter::settle()
* in *expr. * in *expr.
*/ */
static bool static bool
DoIncDec(JSContext *cx, JSScript *script, jsbytecode *pc, const Value &v, Value *slot, Value *expr) DoIncDec(JSContext *cx, HandleScript script, jsbytecode *pc, const Value &v, Value *slot, Value *expr)
{ {
const JSCodeSpec &cs = js_CodeSpec[*pc]; const JSCodeSpec &cs = js_CodeSpec[*pc];

32
js/src/jsobj.cpp
Просмотреть файл

@ -2183,16 +2183,16 @@ JSObject::sealOrFreeze(JSContext *cx, ImmutabilityType it)
return true; return true;
} }
bool /* static */ bool
JSObject::isSealedOrFrozen(JSContext *cx, ImmutabilityType it, bool *resultp) JSObject::isSealedOrFrozen(JSContext *cx, HandleObject obj, ImmutabilityType it, bool *resultp)
{ {
if (isExtensible()) { if (obj->isExtensible()) {
*resultp = false; *resultp = false;
return true; return true;
} }
AutoIdVector props(cx); AutoIdVector props(cx);
if (!GetPropertyNames(cx, this, JSITER_HIDDEN | JSITER_OWNONLY, &props)) if (!GetPropertyNames(cx, obj, JSITER_HIDDEN | JSITER_OWNONLY, &props))
return false; return false;
RootedId id(cx); RootedId id(cx);
@ -2200,7 +2200,7 @@ JSObject::isSealedOrFrozen(JSContext *cx, ImmutabilityType it, bool *resultp)
id = props[i]; id = props[i];
unsigned attrs; unsigned attrs;
if (!getGenericAttributes(cx, id, &attrs)) if (!obj->getGenericAttributes(cx, id, &attrs))
return false; return false;
/* /*
@ -2241,7 +2241,7 @@ obj_isFrozen(JSContext *cx, unsigned argc, Value *vp)
return false; return false;
bool frozen; bool frozen;
if (!obj->isFrozen(cx, &frozen)) if (!JSObject::isFrozen(cx, obj, &frozen))
return false; return false;
vp->setBoolean(frozen); vp->setBoolean(frozen);
return true; return true;
@ -2267,7 +2267,7 @@ obj_isSealed(JSContext *cx, unsigned argc, Value *vp)
return false; return false;
bool sealed; bool sealed;
if (!obj->isSealed(cx, &sealed)) if (!JSObject::isSealed(cx, obj, &sealed))
return false; return false;
vp->setBoolean(sealed); vp->setBoolean(sealed);
return true; return true;
@ -2509,7 +2509,7 @@ js::NewObjectWithType(JSContext *cx, HandleTypeObject type, JSObject *parent, gc
JSObject * JSObject *
js::NewReshapedObject(JSContext *cx, HandleTypeObject type, JSObject *parent, js::NewReshapedObject(JSContext *cx, HandleTypeObject type, JSObject *parent,
gc::AllocKind kind, Shape *shape) gc::AllocKind kind, HandleShape shape)
{ {
RootedObject res(cx, NewObjectWithType(cx, type, parent, kind)); RootedObject res(cx, NewObjectWithType(cx, type, parent, kind));
if (!res) if (!res)
@ -2612,16 +2612,20 @@ js_CreateThisForFunction(JSContext *cx, HandleObject callee, bool newType)
JSObject *obj = js_CreateThisForFunctionWithProto(cx, callee, proto); JSObject *obj = js_CreateThisForFunctionWithProto(cx, callee, proto);
if (obj && newType) { if (obj && newType) {
RootedObject nobj(cx, obj);
/* /*
* Reshape the object and give it a (lazily instantiated) singleton * Reshape the object and give it a (lazily instantiated) singleton
* type before passing it as the 'this' value for the call. * type before passing it as the 'this' value for the call.
*/ */
obj->clear(cx); nobj->clear(cx);
if (!obj->setSingletonType(cx)) if (!nobj->setSingletonType(cx))
return NULL; return NULL;
JSScript *calleeScript = callee->toFunction()->script(); JSScript *calleeScript = callee->toFunction()->script();
TypeScript::SetThis(cx, calleeScript, types::Type::ObjectType(obj)); TypeScript::SetThis(cx, calleeScript, types::Type::ObjectType(nobj));
return nobj;
} }
return obj; return obj;
@ -3527,10 +3531,12 @@ JSObject::growSlots(JSContext *cx, uint32_t oldCount, uint32_t newCount)
gc::AllocKind kind = type()->newScript->allocKind; gc::AllocKind kind = type()->newScript->allocKind;
unsigned newScriptSlots = gc::GetGCKindSlots(kind); unsigned newScriptSlots = gc::GetGCKindSlots(kind);
if (newScriptSlots == numFixedSlots() && gc::TryIncrementAllocKind(&kind)) { if (newScriptSlots == numFixedSlots() && gc::TryIncrementAllocKind(&kind)) {
AutoEnterTypeInference enter(cx);
Rooted<TypeObject*> typeObj(cx, type()); Rooted<TypeObject*> typeObj(cx, type());
RootedShape shape(cx, typeObj->newScript->shape);
JSObject *obj = NewReshapedObject(cx, typeObj, JSObject *obj = NewReshapedObject(cx, typeObj,
getParent(), kind, getParent(), kind, shape);
typeObj->newScript->shape);
if (!obj) if (!obj)
return false; return false;

10
js/src/jsobj.h
Просмотреть файл

@ -531,7 +531,7 @@ struct JSObject : public js::ObjectImpl
*/ */
bool sealOrFreeze(JSContext *cx, ImmutabilityType it); bool sealOrFreeze(JSContext *cx, ImmutabilityType it);
bool isSealedOrFrozen(JSContext *cx, ImmutabilityType it, bool *resultp); static bool isSealedOrFrozen(JSContext *cx, js::HandleObject obj, ImmutabilityType it, bool *resultp);
static inline unsigned getSealedOrFrozenAttributes(unsigned attrs, ImmutabilityType it); static inline unsigned getSealedOrFrozenAttributes(unsigned attrs, ImmutabilityType it);
@ -543,8 +543,12 @@ struct JSObject : public js::ObjectImpl
/* ES5 15.2.3.9: non-extensible, all properties non-configurable, all data props read-only */ /* ES5 15.2.3.9: non-extensible, all properties non-configurable, all data props read-only */
bool freeze(JSContext *cx) { return sealOrFreeze(cx, FREEZE); } bool freeze(JSContext *cx) { return sealOrFreeze(cx, FREEZE); }
bool isSealed(JSContext *cx, bool *resultp) { return isSealedOrFrozen(cx, SEAL, resultp); } static inline bool isSealed(JSContext *cx, js::HandleObject obj, bool *resultp) {
bool isFrozen(JSContext *cx, bool *resultp) { return isSealedOrFrozen(cx, FREEZE, resultp); } return isSealedOrFrozen(cx, obj, SEAL, resultp);
}
static inline bool isFrozen(JSContext *cx, js::HandleObject obj, bool *resultp) {
return isSealedOrFrozen(cx, obj, FREEZE, resultp);
}
/* Accessors for elements. */ /* Accessors for elements. */

2
js/src/jsobjinlines.h
Просмотреть файл

@ -1552,7 +1552,7 @@ CopyInitializerObject(JSContext *cx, HandleObject baseobj)
JSObject * JSObject *
NewReshapedObject(JSContext *cx, HandleTypeObject type, JSObject *parent, NewReshapedObject(JSContext *cx, HandleTypeObject type, JSObject *parent,
gc::AllocKind kind, Shape *shape); gc::AllocKind kind, HandleShape shape);
/* /*
* As for gc::GetGCObjectKind, where numSlots is a guess at the final size of * As for gc::GetGCObjectKind, where numSlots is a guess at the final size of

5
js/src/jsproxy.cpp
Просмотреть файл

@ -367,7 +367,7 @@ IndirectProxyHandler::getPropertyDescriptor(JSContext *cx, JSObject *proxy,
} }
static bool static bool
GetOwnPropertyDescriptor(JSContext *cx, JSObject *obj, jsid id, unsigned flags, GetOwnPropertyDescriptor(JSContext *cx, HandleObject obj, jsid id, unsigned flags,
JSPropertyDescriptor *desc) JSPropertyDescriptor *desc)
{ {
// If obj is a proxy, we can do better than just guessing. This is // If obj is a proxy, we can do better than just guessing. This is
@ -389,7 +389,8 @@ IndirectProxyHandler::getOwnPropertyDescriptor(JSContext *cx, JSObject *proxy,
jsid id, bool set, jsid id, bool set,
PropertyDescriptor *desc) PropertyDescriptor *desc)
{ {
return GetOwnPropertyDescriptor(cx, GetProxyTargetObject(proxy), id, RootedObject target(cx, GetProxyTargetObject(proxy));
return GetOwnPropertyDescriptor(cx, target, id,
JSRESOLVE_QUALIFIED, desc); JSRESOLVE_QUALIFIED, desc);
} }

6
js/src/jsxml.cpp
Просмотреть файл

@ -1717,7 +1717,7 @@ GetCurrentScopeChain(JSContext *cx)
} }
static JSXML * static JSXML *
ParseXMLSource(JSContext *cx, JSString *src) ParseXMLSource(JSContext *cx, HandleString src)
{ {
jsval nsval; jsval nsval;
JSLinearString *uri; JSLinearString *uri;
@ -1856,7 +1856,7 @@ ToXML(JSContext *cx, jsval v)
JSObject *obj; JSObject *obj;
JSXML *xml; JSXML *xml;
Class *clasp; Class *clasp;
JSString *str; RootedString str(cx);
uint32_t length; uint32_t length;
if (JSVAL_IS_PRIMITIVE(v)) { if (JSVAL_IS_PRIMITIVE(v)) {
@ -1937,7 +1937,7 @@ ToXMLList(JSContext *cx, jsval v)
JSObject *obj, *listobj; JSObject *obj, *listobj;
JSXML *xml, *list, *kid; JSXML *xml, *list, *kid;
Class *clasp; Class *clasp;
JSString *str; RootedString str(cx);
uint32_t i, length; uint32_t i, length;
if (JSVAL_IS_PRIMITIVE(v)) { if (JSVAL_IS_PRIMITIVE(v)) {

2
js/src/methodjit/BaseAssembler.h
Просмотреть файл

@ -1375,7 +1375,7 @@ static const JSC::MacroAssembler::RegisterID JSParamReg_Argc = JSC::MIPSRegiste
}; };
/* Return f<true> if the script is strict mode code, f<false> otherwise. */ /* Return f<true> if the script is strict mode code, f<false> otherwise. */
#define STRICT_VARIANT(f) \ #define STRICT_VARIANT(script, f) \
(FunctionTemplateConditional(script->strictModeCode, \ (FunctionTemplateConditional(script->strictModeCode, \
f<true>, f<false>)) f<true>, f<false>))

37
js/src/methodjit/Compiler.cpp
Просмотреть файл

@ -2523,7 +2523,7 @@ mjit::Compiler::generateMethod()
prepareStubCall(Uses(1)); prepareStubCall(Uses(1));
masm.move(ImmPtr(name), Registers::ArgReg1); masm.move(ImmPtr(name), Registers::ArgReg1);
INLINE_STUBCALL(STRICT_VARIANT(stubs::DelProp), REJOIN_FALLTHROUGH); INLINE_STUBCALL(STRICT_VARIANT(script, stubs::DelProp), REJOIN_FALLTHROUGH);
frame.pop(); frame.pop();
pushSyncedEntry(0); pushSyncedEntry(0);
} }
@ -2532,7 +2532,7 @@ mjit::Compiler::generateMethod()
BEGIN_CASE(JSOP_DELELEM) BEGIN_CASE(JSOP_DELELEM)
{ {
prepareStubCall(Uses(2)); prepareStubCall(Uses(2));
INLINE_STUBCALL(STRICT_VARIANT(stubs::DelElem), REJOIN_FALLTHROUGH); INLINE_STUBCALL(STRICT_VARIANT(script, stubs::DelElem), REJOIN_FALLTHROUGH);
frame.popn(2); frame.popn(2);
pushSyncedEntry(0); pushSyncedEntry(0);
} }
@ -3032,7 +3032,7 @@ mjit::Compiler::generateMethod()
prepareStubCall(Uses(0)); prepareStubCall(Uses(0));
masm.move(ImmPtr(innerFun), Registers::ArgReg1); masm.move(ImmPtr(innerFun), Registers::ArgReg1);
INLINE_STUBCALL(STRICT_VARIANT(stubs::DefFun), REJOIN_FALLTHROUGH); INLINE_STUBCALL(STRICT_VARIANT(script, stubs::DefFun), REJOIN_FALLTHROUGH);
} }
END_CASE(JSOP_DEFFUN) END_CASE(JSOP_DEFFUN)
@ -4200,18 +4200,8 @@ mjit::Compiler::inlineCallHelper(uint32_t argc, bool callingNew, FrameSize &call
if (icCalleeType.isSet()) if (icCalleeType.isSet())
notObjectJump = masm.testObject(Assembler::NotEqual, icCalleeType.reg()); notObjectJump = masm.testObject(Assembler::NotEqual, icCalleeType.reg());
/*
* For an optimized apply, keep icCalleeData in a callee-saved register for
* the subsequent ic::SplatApplyArgs call.
*/
Registers tempRegs(Registers::AvailRegs); Registers tempRegs(Registers::AvailRegs);
if (callIC.frameSize.isDynamic() && !Registers::isSaved(icCalleeData)) { tempRegs.takeReg(icCalleeData);
RegisterID x = tempRegs.takeAnyReg(Registers::SavedRegs).reg();
masm.move(icCalleeData, x);
icCalleeData = x;
} else {
tempRegs.takeReg(icCalleeData);
}
/* Reserve space just before initialization of funGuard. */ /* Reserve space just before initialization of funGuard. */
RESERVE_IC_SPACE(masm); RESERVE_IC_SPACE(masm);
@ -4252,9 +4242,16 @@ mjit::Compiler::inlineCallHelper(uint32_t argc, bool callingNew, FrameSize &call
* Check after the function is known not to be a native so that the * Check after the function is known not to be a native so that the
* catch-all/native path has a static depth. * catch-all/native path has a static depth.
*/ */
if (callIC.frameSize.isDynamic()) if (callIC.frameSize.isDynamic()) {
OOL_STUBCALL(ic::SplatApplyArgs, REJOIN_CALL_SPLAT); OOL_STUBCALL(ic::SplatApplyArgs, REJOIN_CALL_SPLAT);
/*
* Restore identity of callee after SplatApplyArgs, which may
* have been clobbered (not callee save reg or changed by moving GC).
*/
stubcc.masm.loadPayload(frame.addressOf(origThis), icCalleeData);
}
/* /*
* No-op jump that gets patched by ic::New/Call to the stub generated * No-op jump that gets patched by ic::New/Call to the stub generated
* by generateFullCallStub. * by generateFullCallStub.
@ -4697,7 +4694,7 @@ mjit::Compiler::jsop_setprop_slow(PropertyName *name)
{ {
prepareStubCall(Uses(2)); prepareStubCall(Uses(2));
masm.move(ImmPtr(name), Registers::ArgReg1); masm.move(ImmPtr(name), Registers::ArgReg1);
INLINE_STUBCALL(STRICT_VARIANT(stubs::SetName), REJOIN_FALLTHROUGH); INLINE_STUBCALL(STRICT_VARIANT(script, stubs::SetName), REJOIN_FALLTHROUGH);
JS_STATIC_ASSERT(JSOP_SETNAME_LENGTH == JSOP_SETPROP_LENGTH); JS_STATIC_ASSERT(JSOP_SETNAME_LENGTH == JSOP_SETPROP_LENGTH);
frame.shimmy(1); frame.shimmy(1);
if (script->hasScriptCounts) if (script->hasScriptCounts)
@ -5399,7 +5396,7 @@ mjit::Compiler::jsop_setprop(PropertyName *name, bool popGuaranteed)
stubcc.linkExit(notObject.get(), Uses(2)); stubcc.linkExit(notObject.get(), Uses(2));
stubcc.leave(); stubcc.leave();
stubcc.masm.move(ImmPtr(name), Registers::ArgReg1); stubcc.masm.move(ImmPtr(name), Registers::ArgReg1);
OOL_STUBCALL(STRICT_VARIANT(stubs::SetName), REJOIN_FALLTHROUGH); OOL_STUBCALL(STRICT_VARIANT(script, stubs::SetName), REJOIN_FALLTHROUGH);
} }
frame.storeTo(rhs, Address(reg, JSObject::getFixedSlotOffset(slot)), popGuaranteed); frame.storeTo(rhs, Address(reg, JSObject::getFixedSlotOffset(slot)), popGuaranteed);
frame.unpinReg(reg); frame.unpinReg(reg);
@ -5463,7 +5460,7 @@ mjit::Compiler::jsop_setprop(PropertyName *name, bool popGuaranteed)
stubcc.leave(); stubcc.leave();
stubcc.masm.move(ImmPtr(name), Registers::ArgReg1); stubcc.masm.move(ImmPtr(name), Registers::ArgReg1);
OOL_STUBCALL(STRICT_VARIANT(stubs::SetName), REJOIN_FALLTHROUGH); OOL_STUBCALL(STRICT_VARIANT(script, stubs::SetName), REJOIN_FALLTHROUGH);
typeCheck = stubcc.masm.jump(); typeCheck = stubcc.masm.jump();
pic.hasTypeCheck = true; pic.hasTypeCheck = true;
@ -6316,7 +6313,7 @@ mjit::Compiler::jsop_setgname_slow(PropertyName *name)
{ {
prepareStubCall(Uses(2)); prepareStubCall(Uses(2));
masm.move(ImmPtr(name), Registers::ArgReg1); masm.move(ImmPtr(name), Registers::ArgReg1);
INLINE_STUBCALL(STRICT_VARIANT(stubs::SetGlobalName), REJOIN_FALLTHROUGH); INLINE_STUBCALL(STRICT_VARIANT(script, stubs::SetGlobalName), REJOIN_FALLTHROUGH);
frame.popn(2); frame.popn(2);
pushSyncedEntry(0); pushSyncedEntry(0);
} }
@ -6453,7 +6450,7 @@ void
mjit::Compiler::jsop_setelem_slow() mjit::Compiler::jsop_setelem_slow()
{ {
prepareStubCall(Uses(3)); prepareStubCall(Uses(3));
INLINE_STUBCALL(STRICT_VARIANT(stubs::SetElem), REJOIN_FALLTHROUGH); INLINE_STUBCALL(STRICT_VARIANT(script, stubs::SetElem), REJOIN_FALLTHROUGH);
frame.popn(3); frame.popn(3);
frame.pushSynced(JSVAL_TYPE_UNKNOWN); frame.pushSynced(JSVAL_TYPE_UNKNOWN);
} }

8
js/src/methodjit/FastOps.cpp
Просмотреть файл

@ -1212,7 +1212,7 @@ mjit::Compiler::jsop_setelem_dense()
masm.storeValue(vr, BaseIndex(slotsReg, key.reg(), masm.JSVAL_SCALE)); masm.storeValue(vr, BaseIndex(slotsReg, key.reg(), masm.JSVAL_SCALE));
stubcc.leave(); stubcc.leave();
OOL_STUBCALL(STRICT_VARIANT(stubs::SetElem), REJOIN_FALLTHROUGH); OOL_STUBCALL(STRICT_VARIANT(script, stubs::SetElem), REJOIN_FALLTHROUGH);
if (!hoisted) if (!hoisted)
frame.freeReg(slotsReg); frame.freeReg(slotsReg);
@ -1486,7 +1486,7 @@ mjit::Compiler::jsop_setelem_typed(int atype)
frame.freeReg(objReg); frame.freeReg(objReg);
stubcc.leave(); stubcc.leave();
OOL_STUBCALL(STRICT_VARIANT(stubs::SetElem), REJOIN_FALLTHROUGH); OOL_STUBCALL(STRICT_VARIANT(script, stubs::SetElem), REJOIN_FALLTHROUGH);
frame.shimmy(2); frame.shimmy(2);
stubcc.rejoin(Changes(2)); stubcc.rejoin(Changes(2));
@ -1687,9 +1687,9 @@ mjit::Compiler::jsop_setelem(bool popGuaranteed)
stubcc.leave(); stubcc.leave();
#if defined JS_POLYIC #if defined JS_POLYIC
passICAddress(&ic); passICAddress(&ic);
ic.slowPathCall = OOL_STUBCALL(STRICT_VARIANT(ic::SetElement), REJOIN_FALLTHROUGH); ic.slowPathCall = OOL_STUBCALL(STRICT_VARIANT(script, ic::SetElement), REJOIN_FALLTHROUGH);
#else #else
OOL_STUBCALL(STRICT_VARIANT(stubs::SetElem), REJOIN_FALLTHROUGH); OOL_STUBCALL(STRICT_VARIANT(script, stubs::SetElem), REJOIN_FALLTHROUGH);
#endif #endif
ic.fastPathRejoin = masm.label(); ic.fastPathRejoin = masm.label();

26
js/src/methodjit/MonoIC.cpp
Просмотреть файл

@ -58,12 +58,12 @@ PatchGetFallback(VMFrame &f, ic::GetGlobalNameIC *ic)
void JS_FASTCALL void JS_FASTCALL
ic::GetGlobalName(VMFrame &f, ic::GetGlobalNameIC *ic) ic::GetGlobalName(VMFrame &f, ic::GetGlobalNameIC *ic)
{ {
JSObject &obj = f.fp()->global(); RootedObject obj(f.cx, &f.fp()->global());
PropertyName *name = f.script()->getName(GET_UINT32_INDEX(f.pc())); PropertyName *name = f.script()->getName(GET_UINT32_INDEX(f.pc()));
RecompilationMonitor monitor(f.cx); RecompilationMonitor monitor(f.cx);
Shape *shape = obj.nativeLookup(f.cx, NameToId(name)); Shape *shape = obj->nativeLookup(f.cx, NameToId(name));
if (monitor.recompiled()) { if (monitor.recompiled()) {
stubs::Name(f); stubs::Name(f);
@ -83,10 +83,10 @@ ic::GetGlobalName(VMFrame &f, ic::GetGlobalNameIC *ic)
/* Patch shape guard. */ /* Patch shape guard. */
Repatcher repatcher(f.chunk()); Repatcher repatcher(f.chunk());
repatcher.repatch(ic->fastPathStart.dataLabelPtrAtOffset(ic->shapeOffset), obj.lastProperty()); repatcher.repatch(ic->fastPathStart.dataLabelPtrAtOffset(ic->shapeOffset), obj->lastProperty());
/* Patch loads. */ /* Patch loads. */
uint32_t index = obj.dynamicSlotIndex(slot); uint32_t index = obj->dynamicSlotIndex(slot);
JSC::CodeLocationLabel label = ic->fastPathStart.labelAtOffset(ic->loadStoreOffset); JSC::CodeLocationLabel label = ic->fastPathStart.labelAtOffset(ic->loadStoreOffset);
repatcher.patchAddressOffsetForValueLoad(label, index * sizeof(Value)); repatcher.patchAddressOffsetForValueLoad(label, index * sizeof(Value));
@ -107,9 +107,8 @@ template void JS_FASTCALL DisabledSetGlobal<false>(VMFrame &f, ic::SetGlobalName
static void static void
PatchSetFallback(VMFrame &f, ic::SetGlobalNameIC *ic) PatchSetFallback(VMFrame &f, ic::SetGlobalNameIC *ic)
{ {
JSScript *script = f.script();
Repatcher repatch(f.chunk()); Repatcher repatch(f.chunk());
VoidStubSetGlobal stub = STRICT_VARIANT(DisabledSetGlobal); VoidStubSetGlobal stub = STRICT_VARIANT(f.script(), DisabledSetGlobal);
JSC::FunctionPtr fptr(JS_FUNC_TO_DATA_PTR(void *, stub)); JSC::FunctionPtr fptr(JS_FUNC_TO_DATA_PTR(void *, stub));
repatch.relink(ic->slowPathCall, fptr); repatch.relink(ic->slowPathCall, fptr);
} }
@ -153,21 +152,20 @@ UpdateSetGlobalName(VMFrame &f, ic::SetGlobalNameIC *ic, JSObject *obj, Shape *s
void JS_FASTCALL void JS_FASTCALL
ic::SetGlobalName(VMFrame &f, ic::SetGlobalNameIC *ic) ic::SetGlobalName(VMFrame &f, ic::SetGlobalNameIC *ic)
{ {
JSObject &obj = f.fp()->global(); RootedObject obj(f.cx, &f.fp()->global());
JSScript *script = f.script(); RootedPropertyName name(f.cx, f.script()->getName(GET_UINT32_INDEX(f.pc())));
PropertyName *name = script->getName(GET_UINT32_INDEX(f.pc()));
RecompilationMonitor monitor(f.cx); RecompilationMonitor monitor(f.cx);
Shape *shape = obj.nativeLookup(f.cx, NameToId(name)); Shape *shape = obj->nativeLookup(f.cx, NameToId(name));
if (!monitor.recompiled()) { if (!monitor.recompiled()) {
LookupStatus status = UpdateSetGlobalName(f, ic, &obj, shape); LookupStatus status = UpdateSetGlobalName(f, ic, obj, shape);
if (status == Lookup_Error) if (status == Lookup_Error)
THROW(); THROW();
} }
STRICT_VARIANT(stubs::SetGlobalName)(f, name); STRICT_VARIANT(f.script(), stubs::SetGlobalName)(f, name);
} }
class EqualityICLinker : public LinkerHelper class EqualityICLinker : public LinkerHelper
@ -764,8 +762,8 @@ class CallCompiler : public BaseCompiler
args = CallArgsFromSp(f.u.call.dynamicArgc, f.regs.sp); args = CallArgsFromSp(f.u.call.dynamicArgc, f.regs.sp);
} }
JSFunction *fun; RootedFunction fun(cx);
if (!IsFunctionObject(args.calleev(), &fun)) if (!IsFunctionObject(args.calleev(), fun.address()))
return false; return false;
if ((!callingNew && !fun->isNative()) || (callingNew && !fun->isNativeConstructor())) if ((!callingNew && !fun->isNative()) || (callingNew && !fun->isNativeConstructor()))

108
js/src/methodjit/PolyIC.cpp
Просмотреть файл

@ -68,7 +68,6 @@ class PICStubCompiler : public BaseCompiler
protected: protected:
const char *type; const char *type;
VMFrame &f; VMFrame &f;
JSScript *script;
ic::PICInfo &pic; ic::PICInfo &pic;
void *stub; void *stub;
uint64_t gcNumber; uint64_t gcNumber;
@ -76,8 +75,8 @@ class PICStubCompiler : public BaseCompiler
public: public:
bool canCallHook; bool canCallHook;
PICStubCompiler(const char *type, VMFrame &f, JSScript *script, ic::PICInfo &pic, void *stub) PICStubCompiler(const char *type, VMFrame &f, ic::PICInfo &pic, void *stub)
: BaseCompiler(f.cx), type(type), f(f), script(script), pic(pic), stub(stub), : BaseCompiler(f.cx), type(type), f(f), pic(pic), stub(stub),
gcNumber(f.cx->runtime->gcNumber), canCallHook(pic.canCallHook) gcNumber(f.cx->runtime->gcNumber), canCallHook(pic.canCallHook)
{ } { }
@ -113,7 +112,7 @@ class PICStubCompiler : public BaseCompiler
void spew(const char *event, const char *op) { void spew(const char *event, const char *op) {
#ifdef JS_METHODJIT_SPEW #ifdef JS_METHODJIT_SPEW
JaegerSpew(JSpew_PICs, "%s %s: %s (%s: %d)\n", JaegerSpew(JSpew_PICs, "%s %s: %s (%s: %d)\n",
type, event, op, script->filename, CurrentLine(cx)); type, event, op, f.script()->filename, CurrentLine(cx));
#endif #endif
} }
}; };
@ -165,15 +164,15 @@ GeneratePrototypeGuards(JSContext *cx, Vector<JSC::MacroAssembler::Jump,8> &mism
class SetPropCompiler : public PICStubCompiler class SetPropCompiler : public PICStubCompiler
{ {
JSObject *obj; RootedObject obj;
PropertyName *name; RootedPropertyName name;
int lastStubSecondShapeGuard; int lastStubSecondShapeGuard;
public: public:
SetPropCompiler(VMFrame &f, JSScript *script, JSObject *obj, ic::PICInfo &pic, PropertyName *name, SetPropCompiler(VMFrame &f, JSObject *obj, ic::PICInfo &pic, PropertyName *name,
VoidStubPIC stub) VoidStubPIC stub)
: PICStubCompiler("setprop", f, script, pic, JS_FUNC_TO_DATA_PTR(void *, stub)), : PICStubCompiler("setprop", f, pic, JS_FUNC_TO_DATA_PTR(void *, stub)),
obj(obj), name(name), lastStubSecondShapeGuard(pic.secondShapeGuard) obj(f.cx, obj), name(f.cx, name), lastStubSecondShapeGuard(pic.secondShapeGuard)
{ } { }
static void reset(Repatcher &repatcher, ic::PICInfo &pic) static void reset(Repatcher &repatcher, ic::PICInfo &pic)
@ -751,17 +750,17 @@ namespace mjit {
class GetPropCompiler : public PICStubCompiler class GetPropCompiler : public PICStubCompiler
{ {
JSObject *obj; RootedObject obj;
PropertyName *name; RootedPropertyName name;
int lastStubSecondShapeGuard; int lastStubSecondShapeGuard;
public: public:
GetPropCompiler(VMFrame &f, JSScript *script, JSObject *obj, ic::PICInfo &pic, PropertyName *name, GetPropCompiler(VMFrame &f, JSObject *obj, ic::PICInfo &pic, PropertyName *name,
VoidStubPIC stub) VoidStubPIC stub)
: PICStubCompiler("getprop", f, script, pic, : PICStubCompiler("getprop", f, pic,
JS_FUNC_TO_DATA_PTR(void *, stub)), JS_FUNC_TO_DATA_PTR(void *, stub)),
obj(obj), obj(f.cx, obj),
name(name), name(f.cx, name),
lastStubSecondShapeGuard(pic.secondShapeGuard) lastStubSecondShapeGuard(pic.secondShapeGuard)
{ } { }
@ -872,7 +871,7 @@ class GetPropCompiler : public PICStubCompiler
RecompilationMonitor monitor(f.cx); RecompilationMonitor monitor(f.cx);
JSObject *obj = f.fp()->global().getOrCreateStringPrototype(f.cx); RootedObject obj(f.cx, f.fp()->global().getOrCreateStringPrototype(f.cx));
if (!obj) if (!obj)
return error(); return error();
@ -1217,12 +1216,15 @@ class GetPropCompiler : public PICStubCompiler
linkerEpilogue(linker, start, shapeMismatches); linkerEpilogue(linker, start, shapeMismatches);
} }
LookupStatus generateStub(JSObject *holder, Shape *shape) LookupStatus generateStub(JSObject *holder, HandleShape shape)
{ {
Vector<Jump, 8> shapeMismatches(cx); Vector<Jump, 8> shapeMismatches(cx);
Assembler masm; Assembler masm;
// Ignore GC pointers baked into assembly visible on the stack.
SkipRoot skip(cx, &masm);
Label start; Label start;
Jump shapeGuardJump; Jump shapeGuardJump;
Jump argsLenGuard; Jump argsLenGuard;
@ -1445,9 +1447,9 @@ class ScopeNameCompiler : public PICStubCompiler
} }
public: public:
ScopeNameCompiler(VMFrame &f, JSScript *script, JSObject *scopeChain, ic::PICInfo &pic, ScopeNameCompiler(VMFrame &f, JSObject *scopeChain, ic::PICInfo &pic,
PropertyName *name, VoidStubPIC stub) PropertyName *name, VoidStubPIC stub)
: PICStubCompiler("name", f, script, pic, JS_FUNC_TO_DATA_PTR(void *, stub)), : PICStubCompiler("name", f, pic, JS_FUNC_TO_DATA_PTR(void *, stub)),
scopeChain(f.cx, scopeChain), name(f.cx, name), scopeChain(f.cx, scopeChain), name(f.cx, name),
getprop(f.cx, NULL, name, *thisFromCtor(), f) getprop(f.cx, NULL, name, *thisFromCtor(), f)
{ } { }
@ -1713,9 +1715,9 @@ class BindNameCompiler : public PICStubCompiler
RootedPropertyName name; RootedPropertyName name;
public: public:
BindNameCompiler(VMFrame &f, JSScript *script, JSObject *scopeChain, ic::PICInfo &pic, BindNameCompiler(VMFrame &f, JSObject *scopeChain, ic::PICInfo &pic,
PropertyName *name, VoidStubPIC stub) PropertyName *name, VoidStubPIC stub)
: PICStubCompiler("bind", f, script, pic, JS_FUNC_TO_DATA_PTR(void *, stub)), : PICStubCompiler("bind", f, pic, JS_FUNC_TO_DATA_PTR(void *, stub)),
scopeChain(f.cx, scopeChain), name(f.cx, name) scopeChain(f.cx, scopeChain), name(f.cx, name)
{ } { }
@ -1860,9 +1862,7 @@ ic::GetProp(VMFrame &f, ic::PICInfo *pic)
bool cached = pic->cached; bool cached = pic->cached;
VoidStubPIC stub = cached ? DisabledGetPropIC : DisabledGetPropNoCacheIC; VoidStubPIC stub = cached ? DisabledGetPropIC : DisabledGetPropNoCacheIC;
JSScript *script = f.fp()->script(); RootedPropertyName name(f.cx, pic->name);
PropertyName *name = pic->name;
if (name == f.cx->runtime->atomState.lengthAtom) { if (name == f.cx->runtime->atomState.lengthAtom) {
if (IsOptimizedArguments(f.fp(), &f.regs.sp[-1])) { if (IsOptimizedArguments(f.fp(), &f.regs.sp[-1])) {
f.regs.sp[-1].setInt32(f.regs.fp()->numActualArgs()); f.regs.sp[-1].setInt32(f.regs.fp()->numActualArgs());
@ -1871,7 +1871,7 @@ ic::GetProp(VMFrame &f, ic::PICInfo *pic)
if (!f.regs.sp[-1].isPrimitive()) { if (!f.regs.sp[-1].isPrimitive()) {
JSObject *obj = &f.regs.sp[-1].toObject(); JSObject *obj = &f.regs.sp[-1].toObject();
if (obj->isArray() || obj->isString()) { if (obj->isArray() || obj->isString()) {
GetPropCompiler cc(f, script, obj, *pic, NULL, stub); GetPropCompiler cc(f, obj, *pic, NULL, stub);
if (obj->isArray()) { if (obj->isArray()) {
LookupStatus status = cc.generateArrayLengthStub(); LookupStatus status = cc.generateArrayLengthStub();
if (status == Lookup_Error) if (status == Lookup_Error)
@ -1890,7 +1890,7 @@ ic::GetProp(VMFrame &f, ic::PICInfo *pic)
} }
if (f.regs.sp[-1].isString()) { if (f.regs.sp[-1].isString()) {
GetPropCompiler cc(f, script, NULL, *pic, name, stub); GetPropCompiler cc(f, NULL, *pic, name, stub);
if (name == f.cx->runtime->atomState.lengthAtom) { if (name == f.cx->runtime->atomState.lengthAtom) {
LookupStatus status = cc.generateStringLengthStub(); LookupStatus status = cc.generateStringLengthStub();
if (status == Lookup_Error) if (status == Lookup_Error)
@ -1912,22 +1912,22 @@ ic::GetProp(VMFrame &f, ic::PICInfo *pic)
RecompilationMonitor monitor(f.cx); RecompilationMonitor monitor(f.cx);
JSObject *obj = ValueToObject(f.cx, f.regs.sp[-1]); RootedObject obj(f.cx, ValueToObject(f.cx, f.regs.sp[-1]));
if (!obj) if (!obj)
THROW(); THROW();
if (!monitor.recompiled() && pic->shouldUpdate(f.cx)) { if (!monitor.recompiled() && pic->shouldUpdate(f.cx)) {
GetPropCompiler cc(f, script, obj, *pic, name, stub); GetPropCompiler cc(f, obj, *pic, name, stub);
if (!cc.update()) if (!cc.update())
THROW(); THROW();
} }
Value v; RootedValue v(f.cx);
if (cached) { if (cached) {
if (!GetPropertyOperation(f.cx, f.script(), f.pc(), f.regs.sp[-1], &v)) if (!GetPropertyOperation(f.cx, f.script(), f.pc(), f.regs.sp[-1], v.address()))
THROW(); THROW();
} else { } else {
if (!obj->getProperty(f.cx, name, &v)) if (!obj->getProperty(f.cx, name, v.address()))
THROW(); THROW();
} }
@ -1944,14 +1944,13 @@ DisabledSetPropIC(VMFrame &f, ic::PICInfo *pic)
void JS_FASTCALL void JS_FASTCALL
ic::SetProp(VMFrame &f, ic::PICInfo *pic) ic::SetProp(VMFrame &f, ic::PICInfo *pic)
{ {
JSScript *script = f.fp()->script();
JS_ASSERT(pic->isSet()); JS_ASSERT(pic->isSet());
VoidStubPIC stub = STRICT_VARIANT(DisabledSetPropIC); VoidStubPIC stub = STRICT_VARIANT(f.script(), DisabledSetPropIC);
// Save this in case the compiler triggers a recompilation of this script. // Save this in case the compiler triggers a recompilation of this script.
PropertyName *name = pic->name; RootedPropertyName name(f.cx, pic->name);
VoidStubName nstub = STRICT_VARIANT(stubs::SetName); VoidStubName nstub = STRICT_VARIANT(f.script(), stubs::SetName);
RecompilationMonitor monitor(f.cx); RecompilationMonitor monitor(f.cx);
@ -1962,7 +1961,7 @@ ic::SetProp(VMFrame &f, ic::PICInfo *pic)
// Note, we can't use SetName for PROPINC PICs because the property // Note, we can't use SetName for PROPINC PICs because the property
// cache can't handle a GET and SET from the same scripted PC. // cache can't handle a GET and SET from the same scripted PC.
if (!monitor.recompiled() && pic->shouldUpdate(f.cx)) { if (!monitor.recompiled() && pic->shouldUpdate(f.cx)) {
SetPropCompiler cc(f, script, obj, *pic, name, stub); SetPropCompiler cc(f, obj, *pic, name, stub);
LookupStatus status = cc.update(); LookupStatus status = cc.update();
if (status == Lookup_Error) if (status == Lookup_Error)
THROW(); THROW();
@ -1986,12 +1985,10 @@ DisabledXNameIC(VMFrame &f, ic::PICInfo *pic)
void JS_FASTCALL void JS_FASTCALL
ic::XName(VMFrame &f, ic::PICInfo *pic) ic::XName(VMFrame &f, ic::PICInfo *pic)
{ {
JSScript *script = f.fp()->script();
/* GETXPROP is guaranteed to have an object. */ /* GETXPROP is guaranteed to have an object. */
JSObject *obj = &f.regs.sp[-1].toObject(); JSObject *obj = &f.regs.sp[-1].toObject();
ScopeNameCompiler cc(f, script, obj, *pic, pic->name, DisabledXNameIC); ScopeNameCompiler cc(f, obj, *pic, pic->name, DisabledXNameIC);
LookupStatus status = cc.updateForXName(); LookupStatus status = cc.updateForXName();
if (status == Lookup_Error) if (status == Lookup_Error)
@ -2006,16 +2003,14 @@ ic::XName(VMFrame &f, ic::PICInfo *pic)
void JS_FASTCALL void JS_FASTCALL
ic::Name(VMFrame &f, ic::PICInfo *pic) ic::Name(VMFrame &f, ic::PICInfo *pic)
{ {
JSScript *script = f.fp()->script(); ScopeNameCompiler cc(f, f.fp()->scopeChain(), *pic, pic->name, DisabledNameIC);
ScopeNameCompiler cc(f, script, f.fp()->scopeChain(), *pic, pic->name, DisabledNameIC);
LookupStatus status = cc.updateForName(); LookupStatus status = cc.updateForName();
if (status == Lookup_Error) if (status == Lookup_Error)
THROW(); THROW();
Value rval; RootedValue rval(f.cx);
if (!cc.retrieve(&rval, PICInfo::NAME)) if (!cc.retrieve(rval.address(), PICInfo::NAME))
THROW(); THROW();
f.regs.sp[0] = rval; f.regs.sp[0] = rval;
} }
@ -2029,10 +2024,8 @@ DisabledBindNameIC(VMFrame &f, ic::PICInfo *pic)
void JS_FASTCALL void JS_FASTCALL
ic::BindName(VMFrame &f, ic::PICInfo *pic) ic::BindName(VMFrame &f, ic::PICInfo *pic)
{ {
JSScript *script = f.fp()->script();
VoidStubPIC stub = DisabledBindNameIC; VoidStubPIC stub = DisabledBindNameIC;
BindNameCompiler cc(f, script, f.fp()->scopeChain(), *pic, pic->name, stub); BindNameCompiler cc(f, f.fp()->scopeChain(), *pic, pic->name, stub);
JSObject *obj = cc.update(); JSObject *obj = cc.update();
if (!obj) if (!obj)
@ -2181,7 +2174,7 @@ GetElementIC::purge(Repatcher &repatcher)
} }
LookupStatus LookupStatus
GetElementIC::attachGetProp(VMFrame &f, JSObject *obj, const Value &v, PropertyName *name, GetElementIC::attachGetProp(VMFrame &f, HandleObject obj, HandleValue v, HandlePropertyName name,
Value *vp) Value *vp)
{ {
JS_ASSERT(v.isString()); JS_ASSERT(v.isString());
@ -2362,7 +2355,7 @@ GetElementIC::attachGetProp(VMFrame &f, JSObject *obj, const Value &v, PropertyN
#if defined JS_METHODJIT_TYPED_ARRAY #if defined JS_METHODJIT_TYPED_ARRAY
LookupStatus LookupStatus
GetElementIC::attachTypedArray(VMFrame &f, JSObject *obj, const Value &v, jsid id, Value *vp) GetElementIC::attachTypedArray(VMFrame &f, HandleObject obj, HandleValue v, HandleId id, Value *vp)
{ {
JSContext *cx = f.cx; JSContext *cx = f.cx;
@ -2455,16 +2448,18 @@ GetElementIC::attachTypedArray(VMFrame &f, JSObject *obj, const Value &v, jsid i
#endif /* JS_METHODJIT_TYPED_ARRAY */ #endif /* JS_METHODJIT_TYPED_ARRAY */
LookupStatus LookupStatus
GetElementIC::update(VMFrame &f, JSObject *obj, const Value &v, jsid id, Value *vp) GetElementIC::update(VMFrame &f, HandleObject obj, HandleValue v, HandleId id, Value *vp)
{ {
/* /*JSObject *obj, const Value &v, jsid id, Value *vp)
* Only treat this as a GETPROP for non-numeric string identifiers. The * Only treat this as a GETPROP for non-numeric string identifiers. The
* GETPROP IC assumes the id has already gone through filtering for string * GETPROP IC assumes the id has already gone through filtering for string
* indexes in the emitter. * indexes in the emitter.
*/ */
uint32_t dummy; uint32_t dummy;
if (v.isString() && JSID_IS_ATOM(id) && !JSID_TO_ATOM(id)->isIndex(&dummy)) if (v.isString() && JSID_IS_ATOM(id) && !JSID_TO_ATOM(id)->isIndex(&dummy)) {
return attachGetProp(f, obj, v, JSID_TO_ATOM(id)->asPropertyName(), vp); RootedPropertyName name(f.cx, JSID_TO_ATOM(id)->asPropertyName());
return attachGetProp(f, obj, v, name, vp);
}
#if defined JS_METHODJIT_TYPED_ARRAY #if defined JS_METHODJIT_TYPED_ARRAY
/* /*
@ -2496,7 +2491,8 @@ ic::GetElement(VMFrame &f, ic::GetElementIC *ic)
return; return;
} }
Value idval = f.regs.sp[-1]; RootedValue idval_(cx, f.regs.sp[-1]);
Value &idval = idval_.get();
RecompilationMonitor monitor(cx); RecompilationMonitor monitor(cx);
@ -2526,7 +2522,7 @@ ic::GetElement(VMFrame &f, ic::GetElementIC *ic)
#ifdef DEBUG #ifdef DEBUG
f.regs.sp[-2] = MagicValue(JS_GENERIC_MAGIC); f.regs.sp[-2] = MagicValue(JS_GENERIC_MAGIC);
#endif #endif
LookupStatus status = ic->update(f, obj, idval, id, &f.regs.sp[-2]); LookupStatus status = ic->update(f, obj, idval_, id, &f.regs.sp[-2]);
if (status != Lookup_Uncacheable) { if (status != Lookup_Uncacheable) {
if (status == Lookup_Error) if (status == Lookup_Error)
THROW(); THROW();

6
js/src/methodjit/PolyIC.h
Просмотреть файл

@ -243,10 +243,10 @@ struct GetElementIC : public BasePolyIC {
} }
void purge(Repatcher &repatcher); void purge(Repatcher &repatcher);
LookupStatus update(VMFrame &f, JSObject *obj, const Value &v, jsid id, Value *vp); LookupStatus update(VMFrame &f, HandleObject obj, HandleValue v, HandleId id, Value *vp);
LookupStatus attachGetProp(VMFrame &f, JSObject *obj, const Value &v, PropertyName *name, LookupStatus attachGetProp(VMFrame &f, HandleObject obj, HandleValue v, HandlePropertyName name,
Value *vp); Value *vp);
LookupStatus attachTypedArray(VMFrame &f, JSObject *obj, const Value &v, jsid id, Value *vp); LookupStatus attachTypedArray(VMFrame &f, HandleObject obj, HandleValue v, HandleId id, Value *vp);
LookupStatus disable(VMFrame &f, const char *reason); LookupStatus disable(VMFrame &f, const char *reason);
LookupStatus error(JSContext *cx); LookupStatus error(JSContext *cx);
bool shouldUpdate(JSContext *cx); bool shouldUpdate(JSContext *cx);

37
js/src/methodjit/StubCalls.cpp
Просмотреть файл

@ -123,7 +123,7 @@ stubs::SetElem(VMFrame &f)
Value &objval = regs.sp[-3]; Value &objval = regs.sp[-3];
Value &idval = regs.sp[-2]; Value &idval = regs.sp[-2];
Value rval = regs.sp[-1]; RootedValue rval(cx, regs.sp[-1]);
RootedId id(cx); RootedId id(cx);
@ -155,7 +155,7 @@ stubs::SetElem(VMFrame &f)
} }
} }
} while (0); } while (0);
if (!obj->setGeneric(cx, obj, id, &rval, strict)) if (!obj->setGeneric(cx, obj, id, rval.address(), strict))
THROW(); THROW();
end_setelem: end_setelem:
/* :FIXME: Moving the assigned object into the lowest stack slot /* :FIXME: Moving the assigned object into the lowest stack slot
@ -337,13 +337,13 @@ stubs::DefFun(VMFrame &f, JSFunction *fun_)
Rooted<JSObject*> parent(cx, &fp->varObj()); Rooted<JSObject*> parent(cx, &fp->varObj());
/* ES5 10.5 (NB: with subsequent errata). */ /* ES5 10.5 (NB: with subsequent errata). */
PropertyName *name = fun->atom->asPropertyName(); RootedPropertyName name(cx, fun->atom->asPropertyName());
RootedShape shape(cx); RootedShape shape(cx);
RootedObject pobj(cx); RootedObject pobj(cx);
if (!parent->lookupProperty(cx, name, &pobj, &shape)) if (!parent->lookupProperty(cx, name, &pobj, &shape))
THROW(); THROW();
Value rval = ObjectValue(*fun); RootedValue rval(cx, ObjectValue(*fun));
do { do {
/* Steps 5d, 5f. */ /* Steps 5d, 5f. */
@ -386,7 +386,7 @@ stubs::DefFun(VMFrame &f, JSFunction *fun_)
*/ */
/* Step 5f. */ /* Step 5f. */
if (!parent->setProperty(cx, parent, name, &rval, strict)) if (!parent->setProperty(cx, parent, name, rval.address(), strict))
THROW(); THROW();
} while (false); } while (false);
} }
@ -465,8 +465,9 @@ StubEqualityOp(VMFrame &f)
JSContext *cx = f.cx; JSContext *cx = f.cx;
FrameRegs &regs = f.regs; FrameRegs &regs = f.regs;
Value rval = regs.sp[-1]; RootedValue rval_(cx, regs.sp[-1]);
Value lval = regs.sp[-2]; RootedValue lval_(cx, regs.sp[-2]);
Value &rval = rval_.get(), &lval = lval_.get();
bool cond; bool cond;
@ -575,8 +576,9 @@ stubs::Add(VMFrame &f)
{ {
JSContext *cx = f.cx; JSContext *cx = f.cx;
FrameRegs &regs = f.regs; FrameRegs &regs = f.regs;
Value rval = regs.sp[-1]; RootedValue rval_(cx, regs.sp[-1]);
Value lval = regs.sp[-2]; RootedValue lval_(cx, regs.sp[-2]);
Value &rval = rval_.get(), &lval = lval_.get();
/* The string + string case is easily the hottest; try it first. */ /* The string + string case is easily the hottest; try it first. */
bool lIsString = lval.isString(); bool lIsString = lval.isString();
@ -861,11 +863,11 @@ stubs::Neg(VMFrame &f)
void JS_FASTCALL void JS_FASTCALL
stubs::NewInitArray(VMFrame &f, uint32_t count) stubs::NewInitArray(VMFrame &f, uint32_t count)
{ {
Rooted<TypeObject*> type(f.cx, (TypeObject *) f.scratch);
RootedObject obj(f.cx, NewDenseAllocatedArray(f.cx, count)); RootedObject obj(f.cx, NewDenseAllocatedArray(f.cx, count));
if (!obj) if (!obj)
THROW(); THROW();
TypeObject *type = (TypeObject *) f.scratch;
if (type) { if (type) {
obj->setType(type); obj->setType(type);
} else { } else {
@ -881,7 +883,7 @@ void JS_FASTCALL
stubs::NewInitObject(VMFrame &f, JSObject *baseobj) stubs::NewInitObject(VMFrame &f, JSObject *baseobj)
{ {
JSContext *cx = f.cx; JSContext *cx = f.cx;
TypeObject *type = (TypeObject *) f.scratch; Rooted<TypeObject*> type(f.cx, (TypeObject *) f.scratch);
RootedObject obj(cx); RootedObject obj(cx);
if (baseobj) { if (baseobj) {
@ -919,7 +921,7 @@ stubs::InitElem(VMFrame &f, uint32_t last)
/* Find the object being initialized at top of stack. */ /* Find the object being initialized at top of stack. */
const Value &lref = regs.sp[-3]; const Value &lref = regs.sp[-3];
JS_ASSERT(lref.isObject()); JS_ASSERT(lref.isObject());
JSObject *obj = &lref.toObject(); RootedObject obj(cx, &lref.toObject());
/* Fetch id now that we have obj. */ /* Fetch id now that we have obj. */
RootedId id(cx); RootedId id(cx);
@ -978,8 +980,8 @@ stubs::GetProp(VMFrame &f, PropertyName *name)
JSContext *cx = f.cx; JSContext *cx = f.cx;
FrameRegs &regs = f.regs; FrameRegs &regs = f.regs;
Value rval; RootedValue rval(cx);
if (!GetPropertyOperation(cx, f.script(), f.pc(), f.regs.sp[-1], &rval)) if (!GetPropertyOperation(cx, f.script(), f.pc(), f.regs.sp[-1], rval.address()))
THROW(); THROW();
regs.sp[-1] = rval; regs.sp[-1] = rval;
@ -1022,8 +1024,7 @@ InitPropOrMethod(VMFrame &f, PropertyName *name, JSOp op)
/* Load the property's initial value into rval. */ /* Load the property's initial value into rval. */
JS_ASSERT(regs.stackDepth() >= 2); JS_ASSERT(regs.stackDepth() >= 2);
Value rval; RootedValue rval(f.cx, regs.sp[-1]);
rval = regs.sp[-1];
/* Load the object being initialized into lval/obj. */ /* Load the object being initialized into lval/obj. */
RootedObject obj(cx, &regs.sp[-2].toObject()); RootedObject obj(cx, &regs.sp[-2].toObject());
@ -1033,7 +1034,7 @@ InitPropOrMethod(VMFrame &f, PropertyName *name, JSOp op)
RootedId id(cx, NameToId(name)); RootedId id(cx, NameToId(name));
if (JS_UNLIKELY(name == cx->runtime->atomState.protoAtom) if (JS_UNLIKELY(name == cx->runtime->atomState.protoAtom)
? !baseops::SetPropertyHelper(cx, obj, obj, id, 0, &rval, false) ? !baseops::SetPropertyHelper(cx, obj, obj, id, 0, rval.address(), false)
: !DefineNativeProperty(cx, obj, id, rval, NULL, NULL, : !DefineNativeProperty(cx, obj, id, rval, NULL, NULL,
JSPROP_ENUMERATE, 0, 0, 0)) { JSPROP_ENUMERATE, 0, 0, 0)) {
THROW(); THROW();
@ -1434,7 +1435,7 @@ stubs::In(VMFrame &f)
THROWV(JS_FALSE); THROWV(JS_FALSE);
} }
JSObject *obj = &rref.toObject(); RootedObject obj(cx, &rref.toObject());
RootedId id(cx); RootedId id(cx);
if (!FetchElementId(f.cx, obj, f.regs.sp[-2], id.address(), &f.regs.sp[-2])) if (!FetchElementId(f.cx, obj, f.regs.sp[-2], id.address(), &f.regs.sp[-2]))
THROWV(JS_FALSE); THROWV(JS_FALSE);

2
js/src/shell/js.cpp
Просмотреть файл

@ -1472,7 +1472,7 @@ SetThrowHook(JSContext *cx, unsigned argc, jsval *vp)
static JSBool static JSBool
LineToPC(JSContext *cx, unsigned argc, jsval *vp) LineToPC(JSContext *cx, unsigned argc, jsval *vp)
{ {
JSScript *script; RootedScript script(cx);
int32_t lineArg = 0; int32_t lineArg = 0;
uint32_t lineno; uint32_t lineno;
jsbytecode *pc; jsbytecode *pc;

4
js/src/vm/Debugger.cpp
Просмотреть файл

@ -4026,10 +4026,10 @@ DebuggerObject_isSealedHelper(JSContext *cx, unsigned argc, Value *vp, SealHelpe
ErrorCopier ec(ac, dbg->toJSObject()); ErrorCopier ec(ac, dbg->toJSObject());
bool r; bool r;
if (op == Seal) { if (op == Seal) {
if (!obj->isSealed(cx, &r)) if (!JSObject::isSealed(cx, obj, &r))
return false; return false;
} else if (op == Freeze) { } else if (op == Freeze) {
if (!obj->isFrozen(cx, &r)) if (!JSObject::isFrozen(cx, obj, &r))
return false; return false;
} else { } else {
r = obj->isExtensible(); r = obj->isExtensible();