Bug 1149119 - Do not inline bound functions with non-atomized arguments. r=jandem, a=abillings
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Fri, 24 Apr 2015 16:25:53 -0400
changeset 260269 0e69c76cbbe2
parent 260268 7298f6e3943e
child 260270 8fc6195511e5
push id732
push userryanvm@gmail.com
push date2015-04-24 20:26 +0000
treeherdermozilla-release@0e69c76cbbe2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem, abillings
bugs1149119
milestone38.0
Bug 1149119 - Do not inline bound functions with non-atomized arguments. r=jandem, a=abillings
js/src/jit/IonBuilder.cpp
js/src/jit/MCallOptimize.cpp
--- a/js/src/jit/IonBuilder.cpp
+++ b/js/src/jit/IonBuilder.cpp
@@ -12435,16 +12435,19 @@ IonBuilder::storeReferenceTypedObjectVal
 
     current->add(store);
     return true;
 }
 
 MConstant*
 IonBuilder::constant(const Value& v)
 {
+    MOZ_ASSERT(!v.isString() || v.toString()->isAtom(),
+               "Handle non-atomized strings outside IonBuilder.");
+
     MConstant* c = MConstant::New(alloc(), v, constraints());
     current->add(c);
     return c;
 }
 
 MConstant*
 IonBuilder::constantInt(int32_t i)
 {
--- a/js/src/jit/MCallOptimize.cpp
+++ b/js/src/jit/MCallOptimize.cpp
@@ -2491,31 +2491,35 @@ IonBuilder::inlineBoundFunction(CallInfo
 
     if (gc::IsInsideNursery(scriptedTarget))
         return InliningStatus_NotInlined;
 
     for (size_t i = 0; i < target->getBoundFunctionArgumentCount(); i++) {
         const Value val = target->getBoundFunctionArgument(i);
         if (val.isObject() && gc::IsInsideNursery(&val.toObject()))
             return InliningStatus_NotInlined;
+        if (val.isString() && !val.toString()->isAtom())
+            return InliningStatus_NotInlined;
     }
 
     const Value thisVal = target->getBoundFunctionThis();
     if (thisVal.isObject() && gc::IsInsideNursery(&thisVal.toObject()))
         return InliningStatus_NotInlined;
+    if (thisVal.isString() && !thisVal.toString()->isAtom())
+        return InliningStatus_NotInlined;
 
     size_t argc = target->getBoundFunctionArgumentCount() + nativeCallInfo.argc();
     if (argc > ARGS_LENGTH_MAX)
         return InliningStatus_NotInlined;
 
     nativeCallInfo.thisArg()->setImplicitlyUsedUnchecked();
 
     CallInfo callInfo(alloc(), nativeCallInfo.constructing());
     callInfo.setFun(constant(ObjectValue(*scriptedTarget)));
-    callInfo.setThis(constant(target->getBoundFunctionThis()));
+    callInfo.setThis(constant(thisVal));
 
     if (!callInfo.argv().reserve(argc))
         return InliningStatus_Error;
 
     for (size_t i = 0; i < target->getBoundFunctionArgumentCount(); i++)
         callInfo.argv().infallibleAppend(constant(target->getBoundFunctionArgument(i)));
     for (size_t i = 0; i < nativeCallInfo.argc(); i++)
         callInfo.argv().infallibleAppend(nativeCallInfo.getArg(i));