[INFER] Don't evict existing type register when allocating data register in storeTop, bug 643653.
authorBrian Hackett <bhackett1024@gmail.com>
Thu, 24 Mar 2011 12:12:09 -0700
changeset 74845 87cbe5b2742ab5d66e86d0bf3ef1a7f2f2efa33b
parent 74844 23d22ab4808427f973ed40a1a8ed3db764e70563
child 74846 7bfbc13e500a03b1c72822b1c22291c061938531
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs643653
milestone2.0b13pre
[INFER] Don't evict existing type register when allocating data register in storeTop, bug 643653.
js/src/jit-test/tests/jaeger/bug643653-2.js
js/src/methodjit/FrameState.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/bug643653-2.js
@@ -0,0 +1,58 @@
+var HEAP, IHEAP, FHEAP;
+var TOTAL_MEMORY = 50 * 1024 * 1024;
+HEAP = IHEAP = new Int32Array(TOTAL_MEMORY);
+STACK_ROOT = STACKTOP = undefined;
+var _rng;
+var __str2;
+var __str3;
+{
+    var __stackBase__ = STACKTOP;
+    var $n;
+    var $tmp5 = __stackBase__ + 12;
+    var $tmp6 = $n;
+    var $mul7 = ($tmp6) * 3;
+    $this_addr_i23 = $tmp5;
+    $id_addr_i = __str2;
+    $desc_addr_i = __str3;
+    $N_addr_i = $mul7;
+    var $this1_i24 = $this_addr_i23;
+    var $tmp_i25 = $id_addr_i;
+    var $tmp2_i = $desc_addr_i;
+    var $tmp3_i = $N_addr_i;
+    __Z9makeFastaI10RandomizedEvPKcS2_jRT_($tmp_i25, $tmp2_i, $tmp3_i, $this1_i24);
+}
+function __Z9makeFastaI10RandomizedEvPKcS2_jRT_($id, $desc, $N, $output)
+{
+    $output_addr = $output;
+    var $tmp4 = $output_addr;
+    $this_addr_i = $tmp4;
+    var $this1_i = $this_addr_i;
+    var $table_i = $this1_i;
+    var $call_i = __ZN10LineBuffer7genrandER10Cumulativej(0, $table_i, 0);
+}
+function __ZN10LineBuffer7genrandER10Cumulativej($this, $table, $N)
+{
+    var $this_addr_i1;
+    var $pct_addr_i;
+    $table_addr = $table;
+    var $tmp3 = $table_addr;
+    $this_addr_i = _rng;
+    $max_addr_i = 1;
+    var $this1_i = $this_addr_i;
+    var $last_i = $this1_i;
+    var $tmp_i = IHEAP[$last_i];
+    var $mul_i = ($tmp_i) * 3877;
+    var $add_i = ($mul_i) + 29573;
+    var $rem_i = ($add_i) % 139968;
+    var $last2_i = $this1_i;
+    IHEAP[$last2_i] = $rem_i;
+    var $tmp3_i = $max_addr_i;
+    var $last4_i = $this1_i;
+    var $tmp5_i = IHEAP[$last4_i];
+    var $conv_i = ($tmp5_i);
+    var $mul6_i = ($tmp3_i) * ($conv_i);
+    var $div_i = ($mul6_i) / 139968;
+    $this_addr_i1 = $tmp3;
+    $pct_addr_i = $div_i;
+    assertEq($pct_addr_i, NaN);
+}
--- a/js/src/methodjit/FrameState.cpp
+++ b/js/src/methodjit/FrameState.cpp
@@ -2059,19 +2059,25 @@ FrameState::storeTop(FrameEntry *target,
             target->data.setFPRegister(fpreg);
             regstate(fpreg).reassociate(target);
         }
 
         target->setType(JSVAL_TYPE_DOUBLE);
     } else {
         /*
          * Move the backing store down - we spill registers here, but we could be
-         * smarter and re-use the type reg.
+         * smarter and re-use the type reg. If we need registers for both the type
+         * and data in the backing, make sure we keep the other components pinned.
+         * There is nothing else to keep us from evicting the backing's registers.
          */
+        if (backing->type.inRegister())
+            pinReg(backing->type.reg());
         RegisterID reg = tempRegForData(backing);
+        if (backing->type.inRegister())
+            unpinReg(backing->type.reg());
         target->data.setRegister(reg);
         regstate(reg).reassociate(target);
 
         if (type == JSVAL_TYPE_UNKNOWN) {
             if (backing->isTypeKnown()) {
                 target->setType(backing->getKnownType());
             } else {
                 pinReg(reg);