Bug 1254122 - Don't bother saving scratch registers across TypeUpdate IC calls. (r=jandem)
authorEric Faust <efaustbmo@gmail.com>
Wed, 23 Mar 2016 14:43:36 -0700
changeset 290131 e0a5e93a96d8eb1a31b45327786e2ff4253661ac
parent 290130 85ff16d9d6f3dffaaf07d22b82d85bde8629253c
child 290132 cafb33796c3520b9a0d64340cbd9f3c1974baaae
push id30114
push usercbook@mozilla.com
push dateThu, 24 Mar 2016 15:15:54 +0000
treeherdermozilla-central@24c5fbde4488 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1254122
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1254122 - Don't bother saving scratch registers across TypeUpdate IC calls. (r=jandem)
js/src/jit/BaselineIC.cpp
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -5094,31 +5094,30 @@ ICSetProp_Unboxed::Compiler::generateStu
     // Unbox and group guard.
     Register object = masm.extractObject(R0, ExtractTemp0);
     masm.loadPtr(Address(ICStubReg, ICSetProp_Unboxed::offsetOfGroup()), scratch);
     masm.branchPtr(Assembler::NotEqual, Address(object, JSObject::offsetOfGroup()), scratch,
                    &failure);
 
     if (needsUpdateStubs()) {
         // Stow both R0 and R1 (object and value).
-        masm.push(object);
-        masm.push(ICStubReg);
         EmitStowICValues(masm, 2);
 
         // Move RHS into R0 for TypeUpdate check.
         masm.moveValue(R1, R0);
 
         // Call the type update stub.
         if (!callTypeUpdateIC(masm, sizeof(Value)))
             return false;
 
         // Unstow R0 and R1 (object and key)
         EmitUnstowICValues(masm, 2);
-        masm.pop(ICStubReg);
-        masm.pop(object);
+
+        // The TypeUpdate IC may have smashed object. Rederive it.
+        masm.unboxObject(R0, object);
 
         // Trigger post barriers here on the values being written. Fields which
         // objects can be written to also need update stubs.
         LiveGeneralRegisterSet saveRegs;
         saveRegs.add(R0);
         saveRegs.add(R1);
         saveRegs.addUnchecked(object);
         saveRegs.add(ICStubReg);
@@ -5165,31 +5164,30 @@ ICSetProp_TypedObject::Compiler::generat
 
     // Guard that the object group matches.
     masm.loadPtr(Address(ICStubReg, ICSetProp_TypedObject::offsetOfGroup()), scratch);
     masm.branchPtr(Assembler::NotEqual, Address(object, JSObject::offsetOfGroup()), scratch,
                    &failure);
 
     if (needsUpdateStubs()) {
         // Stow both R0 and R1 (object and value).
-        masm.push(object);
-        masm.push(ICStubReg);
         EmitStowICValues(masm, 2);
 
         // Move RHS into R0 for TypeUpdate check.
         masm.moveValue(R1, R0);
 
         // Call the type update stub.
         if (!callTypeUpdateIC(masm, sizeof(Value)))
             return false;
 
         // Unstow R0 and R1 (object and key)
         EmitUnstowICValues(masm, 2);
-        masm.pop(ICStubReg);
-        masm.pop(object);
+
+        // We may have clobbered object in the TypeUpdate IC. Rederive it.
+        masm.unboxObject(R0, object);
 
         // Trigger post barriers here on the values being written. Descriptors
         // which can write objects also need update stubs.
         LiveGeneralRegisterSet saveRegs;
         saveRegs.add(R0);
         saveRegs.add(R1);
         saveRegs.addUnchecked(object);
         saveRegs.add(ICStubReg);