Bug 679397 - X64 branch patch code seems to be wrong for jmp 64bit, but is actually fine: comment needed. (r=edwsmith)
authorEdwin Smith <edwsmith@adobe.com>
Wed, 17 Aug 2011 16:11:36 -0400
changeset 77104 0412880dec39053fe7cffcc0222704a840db6522
parent 77103 806abed2a8f77dbaa627688b60647f75c4665af1
child 77105 3c8c7eb5e4ff975f2ae2a6fe9a9f14442ac10b25
push id78
push userclegnitto@mozilla.com
push dateFri, 16 Dec 2011 17:32:24 +0000
treeherdermozilla-release@79d24e644fdd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersedwsmith
bugs679397
milestone9.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 679397 - X64 branch patch code seems to be wrong for jmp 64bit, but is actually fine: comment needed. (r=edwsmith)
js/src/nanojit/NativeX64.cpp
--- a/js/src/nanojit/NativeX64.cpp
+++ b/js/src/nanojit/NativeX64.cpp
@@ -2020,16 +2020,17 @@ namespace nanojit
         if (patch[0] == 0xE9) {
             // jmp disp32
             next = patch+5;
         } else if (patch[0] == 0x0F && (patch[1] & 0xF0) == 0x80) {
             // jcc disp32
             next = patch+6;
         } else if ((patch[0] == 0xFF) && (patch[1] == 0x25)) {
             // jmp 64bit target
+            // This uses RIP-relative addressing, the 4 bytes after FF 25 is an offset of 0.
             next = patch+6;
             ((int64_t*)next)[0] = int64_t(target);
             return;
         } else {
             next = 0;
             TODO(unknown_patch);
         }
         // Guards can result in a valid branch being patched again later, so don't assert