Backed out changeset 72d92f058cf0 (bug 989348) under suspicion of causing various devtools crashes
authorWes Kocher <wkocher@mozilla.com>
Fri, 18 Jul 2014 16:29:58 -0700
changeset 217024 f215d413b48943e81e7de5784e8f56773025ce5e
parent 217023 db93dd7269d2f490fc74fef3b4e5845aacf5675c
child 217025 f698c8166457b1e52f6cfcc7f62f593294cda262
push id515
push userraliiev@mozilla.com
push dateMon, 06 Oct 2014 12:51:51 +0000
treeherdermozilla-release@267c7a481bef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs989348
milestone33.0a1
backs out72d92f058cf0b146c30ed042a4ecfaff4cde9b22
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 72d92f058cf0 (bug 989348) under suspicion of causing various devtools crashes
js/src/jit/BaselineCompiler.cpp
js/src/jit/BaselineIC.cpp
js/src/jit/BaselineIC.h
--- a/js/src/jit/BaselineCompiler.cpp
+++ b/js/src/jit/BaselineCompiler.cpp
@@ -1785,44 +1785,32 @@ BaselineCompiler::emit_JSOP_INITPROP()
 }
 
 bool
 BaselineCompiler::emit_JSOP_ENDINIT()
 {
     return true;
 }
 
+typedef bool (*NewbornArrayPushFn)(JSContext *, HandleObject, const Value &);
+static const VMFunction NewbornArrayPushInfo = FunctionInfo<NewbornArrayPushFn>(NewbornArrayPush);
+
 bool
 BaselineCompiler::emit_JSOP_ARRAYPUSH()
 {
     // Keep value in R0, object in R1.
     frame.popRegsAndSync(2);
-    #ifdef DEBUG
-    {
-        Label fail;
-        Label ok;
-        // Stub register is unused in mainline code, so we can use it as
-        // scratch
-        Register scratchReg = BaselineStubReg;
-        masm.branchTestObject(Assembler::NotEqual, R1, &fail);
-        Register objReg = masm.extractObject(R1, ExtractTemp0);
-        masm.branchTestObjClass(Assembler::Equal, objReg, scratchReg, &ArrayObject::class_, &ok);
-
-        masm.bind(&fail);
-        masm.assumeUnreachable("JSOP_ARRAYPUSH operand 1 is not an array.");
-
-        masm.bind(&ok);
-    }
-    #endif
-    // R1 is guaranteed to be a boxed Array object
     masm.unboxObject(R1, R1.scratchReg());
 
-    // Call IC.
-    ICArrayPush_Fallback::Compiler stubCompiler(cx);
-    return emitOpIC(stubCompiler.getStub(&stubSpace_));
+    prepareVMCall();
+
+    pushArg(R0);
+    pushArg(R1.scratchReg());
+
+    return callVM(NewbornArrayPushInfo);
 }
 
 bool
 BaselineCompiler::emit_JSOP_GETELEM()
 {
     // Keep top two stack values in R0 and R1.
     frame.popRegsAndSync(2);
 
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -9654,112 +9654,16 @@ ICTableSwitch::fixupJumpTable(JSScript *
 {
     defaultTarget_ = baseline->nativeCodeForPC(script, (jsbytecode *) defaultTarget_);
 
     for (int32_t i = 0; i < length_; i++)
         table_[i] = baseline->nativeCodeForPC(script, (jsbytecode *) table_[i]);
 }
 
 //
-// ArrayPush_Fallback
-//
-static bool
-DoArrayPushFallback(JSContext *cx, BaselineFrame *frame, ICArrayPush_Fallback *stub_,
-                    HandleObject obj, HandleValue v)
-{
-    // This fallback stub may trigger debug mode toggling.
-    DebugModeOSRVolatileStub<ICArrayPush_Fallback *> stub(frame, stub_);
-
-    FallbackICSpew(cx, stub, "ArrayPush");
-
-    if (!NewbornArrayPush(cx, obj, v))
-        return false;
-
-    // Check if debug mode toggling made the stub invalid.
-    if (stub.invalid())
-        return true;
-
-    if (!stub->hasStub(ICStub::ArrayPush_Native))
-    {
-        ICArrayPush_Native::Compiler compiler(cx);
-        ICStub *newStub = compiler.getStub(compiler.getStubSpace(frame->script()));
-        if (!newStub)
-            return false;
-        stub->addNewStub(newStub);
-    }
-
-    return true;
-}
-
-typedef bool (*DoArrayPushFallbackFn)(JSContext *, BaselineFrame *, ICArrayPush_Fallback *,
-              HandleObject, HandleValue);
-static const VMFunction DoArrayPushFallbackInfo = FunctionInfo<DoArrayPushFallbackFn>(DoArrayPushFallback);
-
-bool
-ICArrayPush_Fallback::Compiler::generateStubCode(MacroAssembler &masm)
-{
-    // Restore the tail call register.
-    EmitRestoreTailCallReg(masm);
-
-    // Push arguments.
-    masm.pushValue(R0);
-    masm.push(R1.scratchReg());
-    masm.push(BaselineStubReg);
-    masm.pushBaselineFramePtr(BaselineFrameReg, R0.scratchReg());
-
-    return tailCallVM(DoArrayPushFallbackInfo, masm);
-}
-
-//
-// ArrayPush_Native
-//
-
-bool
-ICArrayPush_Native::Compiler::generateStubCode(MacroAssembler &masm)
-{
-    Label failure;
-
-    Register obj = R1.scratchReg();
-    GeneralRegisterSet regs(availableGeneralRegs(1));
-    regs.take(obj);
-    Register elementsTemp = regs.takeAny();
-    Register length = regs.takeAny();
-
-    masm.loadPtr(Address(obj, JSObject::offsetOfElements()), elementsTemp);
-    masm.load32(Address(elementsTemp, ObjectElements::offsetOfLength()), length);
-    #ifdef DEBUG
-    {
-      Label ok;
-      masm.branch32(Assembler::Equal,
-                    Address(elementsTemp,
-                            ObjectElements::offsetOfInitializedLength()),
-                    length,
-                    &ok);
-      masm.assumeUnreachable("ArrayPush array length != initializedLength");
-      masm.bind(&ok);
-    }
-    #endif
-    masm.branch32(Assembler::BelowOrEqual,
-                  Address(elementsTemp, ObjectElements::offsetOfCapacity()),
-                  length, &failure);
-    Int32Key key = Int32Key(length);
-
-    JS_STATIC_ASSERT(sizeof(Value) == 8);
-    masm.storeValue(R0, BaseIndex(elementsTemp, length, TimesEight));
-    masm.bumpKey(&key, 1);
-    masm.store32(length, Address(elementsTemp, ObjectElements::offsetOfLength()));
-    masm.store32(length, Address(elementsTemp, ObjectElements::offsetOfInitializedLength()));
-    EmitReturnFromIC(masm);
-
-    masm.bind(&failure);
-    EmitStubGuardFailure(masm);
-    return true;
-}
-
-//
 // IteratorNew_Fallback
 //
 
 static bool
 DoIteratorNewFallback(JSContext *cx, BaselineFrame *frame, ICIteratorNew_Fallback *stub,
                       HandleValue value, MutableHandleValue res)
 {
     jsbytecode *pc = stub->icEntry()->pc(frame->script());
--- a/js/src/jit/BaselineIC.h
+++ b/js/src/jit/BaselineIC.h
@@ -372,19 +372,16 @@ class ICEntry
     _(Call_Fallback)            \
     _(Call_Scripted)            \
     _(Call_AnyScripted)         \
     _(Call_Native)              \
     _(Call_ScriptedApplyArray)  \
     _(Call_ScriptedApplyArguments) \
     _(Call_ScriptedFunCall)     \
                                 \
-    _(ArrayPush_Fallback)       \
-    _(ArrayPush_Native)         \
-                                \
     _(GetElem_Fallback)         \
     _(GetElem_NativeSlot)       \
     _(GetElem_NativePrototypeSlot) \
     _(GetElem_NativePrototypeCallNative) \
     _(GetElem_NativePrototypeCallScripted) \
     _(GetElem_String)           \
     _(GetElem_Dense)            \
     _(GetElem_TypedArray)       \
@@ -2897,79 +2894,16 @@ class ICUnaryArith_Double : public ICStu
         {}
 
         ICStub *getStub(ICStubSpace *space) {
             return ICUnaryArith_Double::New(space, getStubCode());
         }
     };
 };
 
-// ArrayPush
-//      JSOP_ARRAYPUSH
-
-class ICArrayPush_Fallback : public ICFallbackStub
-{
-    friend class ICStubSpace;
-
-    explicit ICArrayPush_Fallback(JitCode *stubCode)
-      : ICFallbackStub(ArrayPush_Fallback, stubCode)
-    {}
-
-  public:
-    static inline ICArrayPush_Fallback *New(ICStubSpace *space, JitCode *code) {
-        if (!code)
-            return nullptr;
-        return space->allocate<ICArrayPush_Fallback>(code);
-    }
-
-    class Compiler : public ICStubCompiler {
-      protected:
-        bool generateStubCode(MacroAssembler &masm);
-
-      public:
-        Compiler(JSContext *cx)
-          : ICStubCompiler(cx, ICStub::ArrayPush_Fallback)
-        {}
-
-        ICStub *getStub(ICStubSpace *space) {
-            return ICArrayPush_Fallback::New(space, getStubCode());
-        }
-    };
-};
-
-class ICArrayPush_Native : public ICStub
-{
-    friend class ICStubSpace;
-
-    explicit ICArrayPush_Native(JitCode *stubCode)
-      : ICStub(ArrayPush_Native, stubCode)
-    {}
-
-  public:
-    static inline ICArrayPush_Native *New(ICStubSpace *space, JitCode *code) {
-        if (!code)
-            return nullptr;
-        return space->allocate<ICArrayPush_Native>(code);
-    }
-
-    class Compiler : public ICStubCompiler {
-      protected:
-        bool generateStubCode(MacroAssembler &masm);
-
-      public:
-        Compiler(JSContext *cx)
-          : ICStubCompiler(cx, ICStub::ArrayPush_Native)
-        {}
-
-        ICStub *getStub(ICStubSpace *space) {
-            return ICArrayPush_Native::New(space, getStubCode());
-        }
-    };
-};
-
 // GetElem
 //      JSOP_GETELEM
 
 class ICGetElem_Fallback : public ICMonitoredFallbackStub
 {
     friend class ICStubSpace;
 
     explicit ICGetElem_Fallback(JitCode *stubCode)