Closed Bug 790051 Opened 12 years ago Closed 12 years ago

IonMonkey: Fix invalidation code to allow for vm calls from ICs.

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla18

People

(Reporter: djvj, Assigned: djvj)

References

Details

Attachments

(1 file, 1 obsolete file)

Spurred by bug 786126. IonMonkey currently can't put vm calls inside its ICs because the calculation of on-stack invalidation patch points for vm calls only works for in-line calls, and wouldn't work for calls within the out-of-line IC stubs. Change the invalidation infrastructure to allow for this.
Blocks: 786126
Blocks: 785465
Attached patch Patch. (obsolete) (deleted) — Splinter Review
Adds a dynamically growable mapping in IonScript which maps between |returnAddressToFp| values and |SafepointIndex| pointers. Also changes GetTopIonJSScript to take an extra parameter to extract the top frame's safepointIndex, so the stub generator can get access to the shared SafepointIndex. The patch for 785465 will allow proper testing of this patch.
This patch adds two related things. The first is the ability to have a dynamically modifiable mapping of returnAddresses to SnapshotIndexes, to be used in situations where we have an out-of-line call and we can't fake an appropriate returnAddress that'll capture the right snapshot. The second is a new exit frame type: OOLNativeGetterExitFrame, for JSNative calls occurring in OOL code. This is necessary for adding JSNative calls to Ion IC stubs.
Attachment #659870 - Attachment is obsolete: true
Attachment #664101 - Flags: review?(jdemooij)
Comment on attachment 664101 [details] [diff] [review] Add dynamic safepoints and OOL exit frame type Review of attachment 664101 [details] [diff] [review]: ----------------------------------------------------------------- Looks good, r=me without the (now unused) dynamic safepoint stuff. ::: js/src/ion/Ion.cpp @@ +1524,5 @@ > IonScript *ionScript = script->ion; > ionScript->incref(); > > + uint8 *retAddrToFp = it.returnAddressToFp(); > + const SafepointIndex *si = ionScript->containsCodeAddress(retAddrToFp) ? Nit: align the ? and : like this: const SafePointIndex *si = ionScript->... ? ionScript->... : ionScript->...; ::: js/src/ion/arm/IonFrames-arm.h @@ +207,5 @@ > return reinterpret_cast<IonNativeExitFrameLayout *>(footer()); > } > + inline IonOOLNativeGetterExitFrameLayout *oolNativeGetterExit() { > + // see CodeGenerator::visitCallNative > + JS_ASSERT(footer()->ionCode() == ION_FRAME_OOL_NATIVE_GETTER); Nit: JS_ASSERT(isOOLNativeGetter()); to match the other methods, and update/remove the comment. ::: js/src/ion/shared/IonFrames-x86-shared.h @@ +240,5 @@ > + uint32_t hiCalleeResult_; > + > + // The frame includes the object argument. > + uint32_t loThisResult_; > + uint32_t hiThisResult_; Nit: I think CalleeResult means the space is used both for the callee and the result Value, so this could be just loThis_/hiThis_;
Attachment #664101 - Flags: review?(jdemooij) → review+
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Assignee: general → jdemooij
Assignee: jdemooij → kvijayan
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: