Bug 1520162 - Part 3: Test for proxies after testing for JSFunction in IsConstructor codegen. r=jandem
authorAndré Bargull <andre.bargull@gmail.com>
Tue, 15 Jan 2019 07:07:07 -0800
changeset 514515 44969cba88bf40040c0afa6ebb231525e6df9711
parent 514514 eeba38937ef453e93a82a04146f06e32f002aba7
child 514516 1fecb51398bdff95480c191a0777bf5ccf1424e4
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1520162
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1520162 - Part 3: Test for proxies after testing for JSFunction in IsConstructor codegen. r=jandem
js/src/jit/CodeGenerator.cpp
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -12412,20 +12412,16 @@ class OutOfLineIsCallable : public OutOf
 
 template <CodeGenerator::CallableOrConstructor mode>
 void CodeGenerator::emitIsCallableOrConstructor(Register object,
                                                 Register output,
                                                 Label* failure) {
   Label notFunction, hasCOps, done;
   masm.loadObjClassUnsafe(object, output);
 
-  // Just skim proxies off. Their notion of isCallable()/isConstructor() is
-  // more complicated.
-  masm.branchTestClassIsProxy(true, output, failure);
-
   // An object is callable iff:
   //   is<JSFunction>() || (getClass()->cOps && getClass()->cOps->call).
   // An object is constructor iff:
   //  ((is<JSFunction>() && as<JSFunction>().isConstructor) ||
   //   (getClass()->cOps && getClass()->cOps->construct)).
   masm.branchPtr(Assembler::NotEqual, output, ImmPtr(&JSFunction::class_),
                  &notFunction);
   if (mode == Callable) {
@@ -12436,16 +12432,21 @@ void CodeGenerator::emitIsCallableOrCons
 
     masm.load16ZeroExtend(Address(object, JSFunction::offsetOfFlags()), output);
     masm.rshift32(Imm32(mozilla::FloorLog2(JSFunction::CONSTRUCTOR)), output);
     masm.and32(Imm32(1), output);
   }
   masm.jump(&done);
 
   masm.bind(&notFunction);
+
+  // Just skim proxies off. Their notion of isCallable()/isConstructor() is
+  // more complicated.
+  masm.branchTestClassIsProxy(true, output, failure);
+
   masm.branchPtr(Assembler::NonZero, Address(output, offsetof(js::Class, cOps)),
                  ImmPtr(nullptr), &hasCOps);
   masm.move32(Imm32(0), output);
   masm.jump(&done);
 
   masm.bind(&hasCOps);
   masm.loadPtr(Address(output, offsetof(js::Class, cOps)), output);
   size_t opsOffset = mode == Callable ? offsetof(js::ClassOps, call)