Bug 1384318 - Inline native check for emitMegamorphicLoadSlot variants. r=jandem
authorSean Stangl <sstangl@mozilla.com>
Tue, 25 Jul 2017 15:17:00 -0400
changeset 420038 6eea5fcd952669d07f9154e64ab3887ded8d8af8
parent 420037 b1826fe01838c61584a50af4d2104eca1fc1b724
child 420039 1efacc8c49ba68b524de18c6b30153cb78e524d2
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1384318
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1384318 - Inline native check for emitMegamorphicLoadSlot variants. r=jandem
js/src/jit/BaselineCacheIRCompiler.cpp
js/src/jit/CacheIRCompiler.cpp
js/src/jit/IonCacheIRCompiler.cpp
js/src/jit/VMFunctions.cpp
--- a/js/src/jit/BaselineCacheIRCompiler.cpp
+++ b/js/src/jit/BaselineCacheIRCompiler.cpp
@@ -489,16 +489,21 @@ BaselineCacheIRCompiler::emitMegamorphic
     AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output);
     AutoScratchRegister scratch2(allocator, masm);
     AutoScratchRegister scratch3(allocator, masm);
 
     FailurePath* failure;
     if (!addFailurePath(&failure))
         return false;
 
+    // The object must be Native.
+    masm.loadObjClass(obj, scratch3);
+    masm.branchTest32(Assembler::NonZero, Address(scratch3, Class::offsetOfFlags()),
+                      Imm32(Class::NON_NATIVE), failure->label());
+
     masm.Push(UndefinedValue());
     masm.moveStackPtrTo(scratch3.get());
 
     LiveRegisterSet volatileRegs(GeneralRegisterSet::Volatile(), liveVolatileFloatRegs());
     volatileRegs.takeUnchecked(scratch1);
     volatileRegs.takeUnchecked(scratch2);
     volatileRegs.takeUnchecked(scratch3);
     masm.PushRegsInMask(volatileRegs);
--- a/js/src/jit/CacheIRCompiler.cpp
+++ b/js/src/jit/CacheIRCompiler.cpp
@@ -2444,16 +2444,21 @@ CacheIRCompiler::emitMegamorphicLoadSlot
     bool handleMissing = reader.readBool();
 
     AutoScratchRegisterMaybeOutput scratch(allocator, masm, output);
 
     FailurePath* failure;
     if (!addFailurePath(&failure))
         return false;
 
+    // The object must be Native.
+    masm.loadObjClass(obj, scratch);
+    masm.branchTest32(Assembler::NonZero, Address(scratch, Class::offsetOfFlags()),
+                      Imm32(Class::NON_NATIVE), failure->label());
+
     // idVal will be in vp[0], result will be stored in vp[1].
     masm.reserveStack(sizeof(Value));
     masm.Push(idVal);
     masm.moveStackPtrTo(idVal.scratchReg());
 
     LiveRegisterSet volatileRegs(GeneralRegisterSet::Volatile(), liveVolatileFloatRegs());
     volatileRegs.takeUnchecked(scratch);
     volatileRegs.takeUnchecked(idVal);
--- a/js/src/jit/IonCacheIRCompiler.cpp
+++ b/js/src/jit/IonCacheIRCompiler.cpp
@@ -841,16 +841,21 @@ IonCacheIRCompiler::emitMegamorphicLoadS
     AutoScratchRegisterMaybeOutput scratch1(allocator, masm, output);
     AutoScratchRegister scratch2(allocator, masm);
     AutoScratchRegister scratch3(allocator, masm);
 
     FailurePath* failure;
     if (!addFailurePath(&failure))
         return false;
 
+    // The object must be Native.
+    masm.loadObjClass(obj, scratch3);
+    masm.branchTest32(Assembler::NonZero, Address(scratch3, Class::offsetOfFlags()),
+                      Imm32(Class::NON_NATIVE), failure->label());
+
     masm.Push(UndefinedValue());
     masm.moveStackPtrTo(scratch3.get());
 
     LiveRegisterSet volatileRegs(GeneralRegisterSet::Volatile(), liveVolatileFloatRegs());
     volatileRegs.takeUnchecked(scratch1);
     volatileRegs.takeUnchecked(scratch2);
     volatileRegs.takeUnchecked(scratch3);
     masm.PushRegsInMask(volatileRegs);
--- a/js/src/jit/VMFunctions.cpp
+++ b/js/src/jit/VMFunctions.cpp
@@ -1612,18 +1612,18 @@ GetNativeDataProperty(JSContext* cx, Nat
         obj = &proto->as<NativeObject>();
     }
 }
 
 template <bool HandleMissing>
 bool
 GetNativeDataProperty(JSContext* cx, JSObject* obj, PropertyName* name, Value* vp)
 {
-    if (MOZ_UNLIKELY(!obj->isNative()))
-        return false;
+    // Condition checked by caller.
+    MOZ_ASSERT(obj->isNative());
     return GetNativeDataProperty<HandleMissing>(cx, &obj->as<NativeObject>(), NameToId(name), vp);
 }
 
 template bool
 GetNativeDataProperty<true>(JSContext* cx, JSObject* obj, PropertyName* name, Value* vp);
 
 template bool
 GetNativeDataProperty<false>(JSContext* cx, JSObject* obj, PropertyName* name, Value* vp);
@@ -1661,18 +1661,18 @@ ValueToAtomOrSymbol(JSContext* cx, Value
 }
 
 template <bool HandleMissing>
 bool
 GetNativeDataPropertyByValue(JSContext* cx, JSObject* obj, Value* vp)
 {
     JS::AutoCheckCannotGC nogc;
 
-    if (MOZ_UNLIKELY(!obj->isNative()))
-        return false;
+    // Condition checked by caller.
+    MOZ_ASSERT(obj->isNative());
 
     // vp[0] contains the id, result will be stored in vp[1].
     Value idVal = vp[0];
     jsid id;
     if (!ValueToAtomOrSymbol(cx, idVal, &id))
         return false;
 
     Value* res = vp + 1;