Bug 1153458 - Fix decompiler issue with DoCallNativeGetter. r=efaust
authorJohannes Schulte <j_schulte@outlook.com>
Sat, 11 Apr 2015 02:17:28 +0200
changeset 249905 5da7e1b2b6f7146eb098c9eb31332c42ebf6c990
parent 249904 4eac2966dab77debb7f6a227f924e35451e63f48
child 249906 8ce4a0a6691b52da2fc37275f159e3d79551092f
push id61390
push usercbook@mozilla.com
push dateMon, 22 Jun 2015 08:33:06 +0000
treeherdermozilla-inbound@738e3dcf5eed [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersefaust
bugs1153458
milestone41.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1153458 - Fix decompiler issue with DoCallNativeGetter. r=efaust
js/src/jit-test/tests/baseline/bug1153458.js
js/src/jit/BaselineIC.cpp
js/src/tests/lib/jittests.py
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/baseline/bug1153458.js
@@ -0,0 +1,13 @@
+// |jit-test| baseline-eager; error: TypeError
+try {
+    __defineGetter__("x", Iterator)()
+} catch (e) {}
+f = function() {
+    return (function() {
+        this.x
+    })
+}()
+try {
+    f()
+} catch (e) {}
+f()
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -7661,74 +7661,78 @@ ICGetProp_CallScripted::Compiler::genera
 
 bool
 ICGetProp_CallNative::Compiler::generateStubCode(MacroAssembler& masm)
 {
     MOZ_ASSERT(engine_ == Engine::Baseline);
 
     Label failure;
 
-    AllocatableGeneralRegisterSet regs(availableGeneralRegs(0));
+    AllocatableGeneralRegisterSet regs(availableGeneralRegs(1));
     Register objReg = InvalidReg;
 
     MOZ_ASSERT(!(inputDefinitelyObject_ && outerClass_));
     if (inputDefinitelyObject_) {
         objReg = R0.scratchReg();
     } else {
-        regs.take(R0);
         // Guard input is an object and unbox.
         masm.branchTestObject(Assembler::NotEqual, R0, &failure);
         objReg = masm.extractObject(R0, ExtractTemp0);
         if (outerClass_) {
             ValueOperand val = regs.takeAnyValue();
             Register tmp = regs.takeAny();
             masm.branchTestObjClass(Assembler::NotEqual, objReg, tmp, outerClass_, &failure);
             masm.loadPtr(Address(objReg, ProxyDataOffset + offsetof(ProxyDataLayout, values)), tmp);
             masm.loadValue(Address(tmp, offsetof(ProxyValueArray, privateSlot)), val);
-            objReg = masm.extractObject(val, ExtractTemp0);
+            masm.movePtr(masm.extractObject(val, ExtractTemp0), objReg);
             regs.add(val);
             regs.add(tmp);
         }
     }
-    regs.takeUnchecked(objReg);
 
     Register scratch = regs.takeAnyExcluding(ICTailCallReg);
 
     // Shape guard.
     GuardReceiverObject(masm, ReceiverGuard(receiver_), objReg, scratch,
                         ICGetProp_CallNative::offsetOfReceiverGuard(), &failure);
 
     if (receiver_ != holder_ ) {
         Register holderReg = regs.takeAny();
         masm.loadPtr(Address(ICStubReg, ICGetProp_CallNative::offsetOfHolder()), holderReg);
         masm.loadPtr(Address(ICStubReg, ICGetProp_CallNative::offsetOfHolderShape()), scratch);
         masm.branchTestObjShape(Assembler::NotEqual, holderReg, scratch, &failure);
         regs.add(holderReg);
     }
 
+    // Box and push obj onto baseline frame stack for decompiler
+    if (inputDefinitelyObject_)
+        masm.tagValue(JSVAL_TYPE_OBJECT, objReg, R0);
+    EmitStowICValues(masm, 1);
+    if (inputDefinitelyObject_)
+        objReg = masm.extractObject(R0, ExtractTemp0);
+
     // Push a stub frame so that we can perform a non-tail call.
     enterStubFrame(masm, scratch);
 
     // Load callee function.
     Register callee = regs.takeAny();
     masm.loadPtr(Address(ICStubReg, ICGetProp_CallNative::offsetOfGetter()), callee);
 
     // Push args for vm call.
     masm.push(objReg);
     masm.push(callee);
 
-    if (!inputDefinitelyObject_)
-        regs.add(R0);
-    else
-        regs.add(objReg);
+    regs.add(R0);
 
     if (!callVM(DoCallNativeGetterInfo, masm))
         return false;
     leaveStubFrame(masm);
 
+    EmitUnstowICValues(masm, 1, /* discard = */true);
+
     // Enter type monitor IC to type-check result.
     EmitEnterTypeMonitorIC(masm);
 
     // Failure case - jump to next stub
     masm.bind(&failure);
     EmitStubGuardFailure(masm);
     return true;
 }
--- a/js/src/tests/lib/jittests.py
+++ b/js/src/tests/lib/jittests.py
@@ -210,16 +210,18 @@ class Test:
                         if options.can_test_also_noasmjs:
                             test.test_also.append(['--no-asmjs'])
                     elif name.startswith('test-also='):
                         test.test_also.append([name[len('test-also='):]])
                     elif name.startswith('test-join='):
                         test.test_join.append([name[len('test-join='):]])
                     elif name == 'ion-eager':
                         test.jitflags.append('--ion-eager')
+                    elif name == 'baseline-eager':
+                        test.jitflags.append('--baseline-eager')
                     elif name == 'dump-bytecode':
                         test.jitflags.append('--dump-bytecode')
                     elif name.startswith('--'):
                         # // |jit-test| --ion-gvn=off; --no-sse4
                         test.jitflags.append(name)
                     else:
                         print('{}: warning: unrecognized |jit-test| attribute'
                               ' {}'.format(path, part))