Bug 1149119 - Do not inline bound functions with non-atomized arguments. r=jandem, a=abillings
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Fri, 24 Apr 2015 16:24:11 -0400
changeset 265767 76ef277068e7c69cec7898bf5cb0e1edf6b77da6
parent 265766 5086a9614080d5acd7861a5413713202583cbf9b
child 265768 ba2e25d19d373aec548a884a4e4c49ea8644ebaf
push id4718
push userraliiev@mozilla.com
push dateMon, 11 May 2015 18:39:53 +0000
treeherdermozilla-beta@c20c4ef55f08 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem, abillings
bugs1149119
milestone39.0a2
Bug 1149119 - Do not inline bound functions with non-atomized arguments. r=jandem, a=abillings
js/src/jit/IonBuilder.cpp
js/src/jit/MCallOptimize.cpp
--- a/js/src/jit/IonBuilder.cpp
+++ b/js/src/jit/IonBuilder.cpp
@@ -12840,16 +12840,19 @@ IonBuilder::storeReferenceTypedObjectVal
 
     current->add(store);
     return true;
 }
 
 MConstant*
 IonBuilder::constant(const Value& v)
 {
+    MOZ_ASSERT(!v.isString() || v.toString()->isAtom(),
+               "Handle non-atomized strings outside IonBuilder.");
+
     MConstant* c = MConstant::New(alloc(), v, constraints());
     current->add(c);
     return c;
 }
 
 MConstant*
 IonBuilder::constantInt(int32_t i)
 {
--- a/js/src/jit/MCallOptimize.cpp
+++ b/js/src/jit/MCallOptimize.cpp
@@ -2666,31 +2666,35 @@ IonBuilder::inlineBoundFunction(CallInfo
 
     if (gc::IsInsideNursery(scriptedTarget))
         return InliningStatus_NotInlined;
 
     for (size_t i = 0; i < target->getBoundFunctionArgumentCount(); i++) {
         const Value val = target->getBoundFunctionArgument(i);
         if (val.isObject() && gc::IsInsideNursery(&val.toObject()))
             return InliningStatus_NotInlined;
+        if (val.isString() && !val.toString()->isAtom())
+            return InliningStatus_NotInlined;
     }
 
     const Value thisVal = target->getBoundFunctionThis();
     if (thisVal.isObject() && gc::IsInsideNursery(&thisVal.toObject()))
         return InliningStatus_NotInlined;
+    if (thisVal.isString() && !thisVal.toString()->isAtom())
+        return InliningStatus_NotInlined;
 
     size_t argc = target->getBoundFunctionArgumentCount() + nativeCallInfo.argc();
     if (argc > ARGS_LENGTH_MAX)
         return InliningStatus_NotInlined;
 
     nativeCallInfo.thisArg()->setImplicitlyUsedUnchecked();
 
     CallInfo callInfo(alloc(), nativeCallInfo.constructing());
     callInfo.setFun(constant(ObjectValue(*scriptedTarget)));
-    callInfo.setThis(constant(target->getBoundFunctionThis()));
+    callInfo.setThis(constant(thisVal));
 
     if (!callInfo.argv().reserve(argc))
         return InliningStatus_Error;
 
     for (size_t i = 0; i < target->getBoundFunctionArgumentCount(); i++)
         callInfo.argv().infallibleAppend(constant(target->getBoundFunctionArgument(i)));
     for (size_t i = 0; i < nativeCallInfo.argc(); i++)
         callInfo.argv().infallibleAppend(nativeCallInfo.getArg(i));