Closed
Bug 790051
Opened 12 years ago
Closed 12 years ago
IonMonkey: Fix invalidation code to allow for vm calls from ICs.
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla18
People
(Reporter: djvj, Assigned: djvj)
References
Details
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
Spurred by bug 786126.
IonMonkey currently can't put vm calls inside its ICs because the calculation of on-stack invalidation patch points for vm calls only works for in-line calls, and wouldn't work for calls within the out-of-line IC stubs.
Change the invalidation infrastructure to allow for this.
Assignee | ||
Comment 1•12 years ago
|
||
Adds a dynamically growable mapping in IonScript which maps between |returnAddressToFp| values and |SafepointIndex| pointers.
Also changes GetTopIonJSScript to take an extra parameter to extract the top frame's safepointIndex, so the stub generator can get access to the shared SafepointIndex.
The patch for 785465 will allow proper testing of this patch.
Assignee | ||
Comment 2•12 years ago
|
||
This patch adds two related things.
The first is the ability to have a dynamically modifiable mapping of returnAddresses to SnapshotIndexes, to be used in situations where we have an out-of-line call and we can't fake an appropriate returnAddress that'll capture the right snapshot.
The second is a new exit frame type: OOLNativeGetterExitFrame, for JSNative calls occurring in OOL code. This is necessary for adding JSNative calls to Ion IC stubs.
Attachment #659870 -
Attachment is obsolete: true
Attachment #664101 -
Flags: review?(jdemooij)
Comment 3•12 years ago
|
||
Comment on attachment 664101 [details] [diff] [review]
Add dynamic safepoints and OOL exit frame type
Review of attachment 664101 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good, r=me without the (now unused) dynamic safepoint stuff.
::: js/src/ion/Ion.cpp
@@ +1524,5 @@
> IonScript *ionScript = script->ion;
> ionScript->incref();
>
> + uint8 *retAddrToFp = it.returnAddressToFp();
> + const SafepointIndex *si = ionScript->containsCodeAddress(retAddrToFp) ?
Nit: align the ? and : like this:
const SafePointIndex *si = ionScript->...
? ionScript->...
: ionScript->...;
::: js/src/ion/arm/IonFrames-arm.h
@@ +207,5 @@
> return reinterpret_cast<IonNativeExitFrameLayout *>(footer());
> }
> + inline IonOOLNativeGetterExitFrameLayout *oolNativeGetterExit() {
> + // see CodeGenerator::visitCallNative
> + JS_ASSERT(footer()->ionCode() == ION_FRAME_OOL_NATIVE_GETTER);
Nit: JS_ASSERT(isOOLNativeGetter()); to match the other methods, and update/remove the comment.
::: js/src/ion/shared/IonFrames-x86-shared.h
@@ +240,5 @@
> + uint32_t hiCalleeResult_;
> +
> + // The frame includes the object argument.
> + uint32_t loThisResult_;
> + uint32_t hiThisResult_;
Nit: I think CalleeResult means the space is used both for the callee and the result Value, so this could be just loThis_/hiThis_;
Attachment #664101 -
Flags: review?(jdemooij) → review+
Updated•12 years ago
|
Whiteboard: [ion:t]
Assignee | ||
Comment 4•12 years ago
|
||
Whiteboard: [ion:t]
Comment 5•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Updated•12 years ago
|
Assignee: general → jdemooij
Updated•12 years ago
|
Assignee: jdemooij → kvijayan
You need to log in
before you can comment on or make changes to this bug.
Description
•