Bug 1523571: Prevent storing VMFunction return value when no actual return-data is present. r=nbp
authorAndré Bargull <andre.bargull@gmail.com>
Tue, 29 Jan 2019 07:55:32 -0800
changeset 455958 f34ff529f92e55627ddbc6f1304f87eaaf5bb341
parent 455957 2220ce4355d511d7c9032473101ca6288e2dc8c7
child 455959 280344f386b27fa1ba1fe0b8058a30053466d729
push id35463
push usershindli@mozilla.com
push dateTue, 29 Jan 2019 21:38:17 +0000
treeherdermozilla-central@4440fbf71c72 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnbp
bugs1523571
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1523571: Prevent storing VMFunction return value when no actual return-data is present. r=nbp
js/src/jit/CodeGenerator.cpp
js/src/jit/shared/CodeGenerator-shared.h
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -12991,20 +12991,19 @@ typedef bool (*ForcedRecompileFn)(JSCont
 static const VMFunction ForcedRecompileFnInfo =
     FunctionInfo<ForcedRecompileFn>(ForcedRecompile, "ForcedRecompile");
 
 void CodeGenerator::visitRecompileCheck(LRecompileCheck* ins) {
   Label done;
   Register tmp = ToRegister(ins->scratch());
   OutOfLineCode* ool;
   if (ins->mir()->forceRecompilation()) {
-    ool =
-        oolCallVM(ForcedRecompileFnInfo, ins, ArgList(), StoreRegisterTo(tmp));
-  } else {
-    ool = oolCallVM(RecompileFnInfo, ins, ArgList(), StoreRegisterTo(tmp));
+    ool = oolCallVM(ForcedRecompileFnInfo, ins, ArgList(), StoreNothing());
+  } else {
+    ool = oolCallVM(RecompileFnInfo, ins, ArgList(), StoreNothing());
   }
 
   // Check if warm-up counter is high enough.
   AbsoluteAddress warmUpCount =
       AbsoluteAddress(ins->mir()->script()->addressOfWarmUpCounter());
   if (ins->mir()->increaseWarmUpCounter()) {
     masm.load32(warmUpCount, tmp);
     masm.add32(Imm32(1), tmp);
--- a/js/src/jit/shared/CodeGenerator-shared.h
+++ b/js/src/jit/shared/CodeGenerator-shared.h
@@ -572,16 +572,20 @@ template <typename... ArgTypes>
 class ArgSeq;
 
 template <>
 class ArgSeq<> {
  public:
   ArgSeq() {}
 
   inline void generate(CodeGeneratorShared* codegen) const {}
+
+#ifdef DEBUG
+  static constexpr size_t numArgs = 0;
+#endif
 };
 
 template <typename HeadType, typename... TailTypes>
 class ArgSeq<HeadType, TailTypes...> : public ArgSeq<TailTypes...> {
  private:
   using RawHeadType = typename mozilla::RemoveReference<HeadType>::Type;
   RawHeadType head_;
 
@@ -592,16 +596,20 @@ class ArgSeq<HeadType, TailTypes...> : p
         head_(std::forward<ProvidedHead>(head)) {}
 
   // Arguments are pushed in reverse order, from last argument to first
   // argument.
   inline void generate(CodeGeneratorShared* codegen) const {
     this->ArgSeq<TailTypes...>::generate(codegen);
     codegen->pushArg(head_);
   }
+
+#ifdef DEBUG
+  static constexpr size_t numArgs = sizeof...(TailTypes) + 1;
+#endif
 };
 
 template <typename... ArgTypes>
 inline ArgSeq<ArgTypes...> ArgList(ArgTypes&&... args) {
   return ArgSeq<ArgTypes...>(std::forward<ArgTypes>(args)...);
 }
 
 // Store wrappers, to generate the right move of data after the VM call.
@@ -697,16 +705,19 @@ class OutOfLineCallVM : public OutOfLine
 
 template <class ArgSeq, class StoreOutputTo>
 inline OutOfLineCode* CodeGeneratorShared::oolCallVM(const VMFunction& fun,
                                                      LInstruction* lir,
                                                      const ArgSeq& args,
                                                      const StoreOutputTo& out) {
   MOZ_ASSERT(lir->mirRaw());
   MOZ_ASSERT(lir->mirRaw()->isInstruction());
+  MOZ_ASSERT(fun.explicitArgs == args.numArgs);
+  MOZ_ASSERT(fun.returnsData() !=
+             (mozilla::IsSame<StoreOutputTo, StoreNothing>::value));
 
   OutOfLineCode* ool =
       new (alloc()) OutOfLineCallVM<ArgSeq, StoreOutputTo>(lir, fun, args, out);
   addOutOfLineCode(ool, lir->mirRaw()->toInstruction());
   return ool;
 }
 
 template <class ArgSeq, class StoreOutputTo>