Bug 1226816: SharedStubs - Don't enable the call scripted get prop shared stub in ionmonkey yet, r=jandem
authorHannes Verschore <hv1989@gmail.com>
Tue, 01 Dec 2015 18:11:36 +0100
changeset 313348 0d88461fff1b4ca69147817284b021aac512ab33
parent 313347 cfd1e40e0248e8618b3013583e6aa6d75ca38151
child 313349 bc0ad904f1362775043348ee446969729dd5d999
push id8073
push userdmitchell@mozilla.com
push dateWed, 02 Dec 2015 16:15:39 +0000
reviewersjandem
bugs1226816
milestone45.0a1
Bug 1226816: SharedStubs - Don't enable the call scripted get prop shared stub in ionmonkey yet, r=jandem
js/src/jit-test/tests/ion/bug1226816.js
js/src/jit/SharedIC.cpp
js/src/jit/SharedIC.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug1226816.js
@@ -0,0 +1,11 @@
+// |jit-test| error: InternalError
+
+x = 1;
+x;
+function g(y) {}
+g(this);
+x = /x/;
+function f() {
+    f(x.flags);
+}
+f();
--- a/js/src/jit/SharedIC.cpp
+++ b/js/src/jit/SharedIC.cpp
@@ -2547,30 +2547,30 @@ TryAttachNativeGetAccessorPropStub(JSCon
 
     ICStub* monitorStub = stub->fallbackMonitorStub()->firstMonitorStub();
 
     bool isScripted = false;
     bool cacheableCall = IsCacheableGetPropCall(cx, obj, holder, shape, &isScripted,
                                                 isTemporarilyUnoptimizable);
 
     // Try handling scripted getters.
-    if (cacheableCall && isScripted && !isDOMProxy) {
+    if (cacheableCall && isScripted && !isDOMProxy && engine == ICStubCompiler::Engine::Baseline) {
         RootedFunction callee(cx, &shape->getterObject()->as<JSFunction>());
         MOZ_ASSERT(callee->hasScript());
 
         if (UpdateExistingGetPropCallStubs(stub, ICStub::GetProp_CallScripted,
                                            holder.as<NativeObject>(), obj, callee)) {
             *attached = true;
             return true;
         }
 
         JitSpew(JitSpew_BaselineIC, "  Generating GetProp(NativeObj/ScriptedGetter %s:%" PRIuSIZE ") stub",
                 callee->nonLazyScript()->filename(), callee->nonLazyScript()->lineno());
 
-        ICGetProp_CallScripted::Compiler compiler(cx, engine, monitorStub, obj, holder, callee,
+        ICGetProp_CallScripted::Compiler compiler(cx, monitorStub, obj, holder, callee,
                                                   script->pcToOffset(pc));
         ICStub* newStub = compiler.getStub(compiler.getStubSpace(script));
         if (!newStub)
             return false;
 
         stub->addNewStub(newStub);
         *attached = true;
         return true;
@@ -3502,16 +3502,18 @@ ICGetPropNativeDoesNotExistCompiler::gen
     masm.bind(&failure);
     EmitStubGuardFailure(masm);
     return true;
 }
 
 bool
 ICGetProp_CallScripted::Compiler::generateStubCode(MacroAssembler& masm)
 {
+    MOZ_ASSERT(engine_ == Engine::Baseline);
+
     Label failure;
     Label failureLeaveStubFrame;
     AllocatableGeneralRegisterSet regs(availableGeneralRegs(1));
     Register scratch = regs.takeAnyExcluding(ICTailCallReg);
 
     // Guard input is an object.
     masm.branchTestObject(Assembler::NotEqual, R0, &failure);
 
--- a/js/src/jit/SharedIC.h
+++ b/js/src/jit/SharedIC.h
@@ -2926,19 +2926,19 @@ class ICGetProp_CallScripted : public IC
     static ICGetProp_CallScripted* Clone(JSContext* cx, ICStubSpace* space,
                                          ICStub* firstMonitorStub, ICGetProp_CallScripted& other);
 
     class Compiler : public ICGetPropCallGetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
-        Compiler(JSContext* cx, Engine engine, ICStub* firstMonitorStub, HandleObject obj,
+        Compiler(JSContext* cx, ICStub* firstMonitorStub, HandleObject obj,
                  HandleObject holder, HandleFunction getter, uint32_t pcOffset)
-          : ICGetPropCallGetter::Compiler(cx, ICStub::GetProp_CallScripted, engine,
+          : ICGetPropCallGetter::Compiler(cx, ICStub::GetProp_CallScripted, Engine::Baseline,
                                           firstMonitorStub, obj, holder,
                                           getter, pcOffset, /* outerClass = */ nullptr)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
             ReceiverGuard guard(receiver_);
             Shape* holderShape = holder_->as<NativeObject>().lastProperty();
             return newStub<ICGetProp_CallScripted>(space, getStubCode(), firstMonitorStub_,