Bug 1507564: Bind code labels when generating lazy table stubs; r=luke
authorBenjamin Bouvier <benj@benj.me>
Thu, 15 Nov 2018 21:25:52 +0000
changeset 503168 5a42e724df8862671b7c826b8f92fd80d9801823
parent 503167 717c99f901764d35ba0ed8fa85b7924e58c3edb0
child 503169 1209d6c6f4f78f6f7b7d07a96e008985d119493a
push id10290
push userffxbld-merge
push dateMon, 03 Dec 2018 16:23:23 +0000
treeherdermozilla-beta@700bed2445e6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs1507564
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1507564: Bind code labels when generating lazy table stubs; r=luke A lazy stub could generate CodeLabels on x86, because of a constant NaN generated for the entry's epilogue that ended up in a constant pool. We need to actually bind these code labels in general. Differential Revision: https://phabricator.services.mozilla.com/D12052
js/src/jit-test/tests/wasm/regress/lazy-table-nan.js
js/src/wasm/WasmCode.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/wasm/regress/lazy-table-nan.js
@@ -0,0 +1,10 @@
+let i = new WebAssembly.Instance(new WebAssembly.Module(wasmTextToBinary(`
+(module
+    (func $f (result f32)
+        f32.const nan:0x42
+    )
+    (table (export "table") 10 anyfunc)
+    (elem (i32.const 0) $f)
+)
+`))).exports;
+i.table.get(0)();
--- a/js/src/wasm/WasmCode.cpp
+++ b/js/src/wasm/WasmCode.cpp
@@ -759,17 +759,16 @@ LazyStubTier::createMany(HasGcTypes gcTy
         {
             return false;
         }
     }
     MOZ_ASSERT(codeRanges.length() == numExpectedRanges, "incorrect number of entries per function");
 
     masm.finish();
 
-    MOZ_ASSERT(!masm.numCodeLabels());
     MOZ_ASSERT(masm.callSites().empty());
     MOZ_ASSERT(masm.callSiteTargets().empty());
     MOZ_ASSERT(masm.callFarJumps().empty());
     MOZ_ASSERT(masm.trapSites().empty());
     MOZ_ASSERT(masm.callFarJumps().empty());
     MOZ_ASSERT(masm.symbolicAccesses().empty());
 
     if (masm.oom()) {
@@ -797,16 +796,20 @@ LazyStubTier::createMany(HasGcTypes gcTy
     uint8_t* codePtr = nullptr;
     if (!segment->addStubs(codeLength, funcExportIndices, funcExports, codeRanges, &codePtr,
                            &interpRangeIndex))
         return false;
 
     masm.executableCopy(codePtr, /* flushICache = */ false);
     memset(codePtr + masm.bytesNeeded(), 0, codeLength - masm.bytesNeeded());
 
+    for (const CodeLabel& label : masm.codeLabels()) {
+        Assembler::Bind(codePtr, label);
+    }
+
     ExecutableAllocator::cacheFlush(codePtr, codeLength);
     if (!ExecutableAllocator::makeExecutable(codePtr, codeLength)) {
         return false;
     }
 
     // Create lazy function exports for funcIndex -> entry lookup.
     if (!exports_.reserve(exports_.length() + funcExportIndices.length())) {
         return false;