diff options
Diffstat (limited to 'bug1375074-save-restore-x28.patch')
-rw-r--r-- | bug1375074-save-restore-x28.patch | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/bug1375074-save-restore-x28.patch b/bug1375074-save-restore-x28.patch deleted file mode 100644 index 57a83a2..0000000 --- a/bug1375074-save-restore-x28.patch +++ /dev/null @@ -1,74 +0,0 @@ -# HG changeset patch -# User Lars T Hansen <lhansen@mozilla.com> -# Date 1519822672 -3600 -# Wed Feb 28 13:57:52 2018 +0100 -# Node ID 672f0415217b202ae59a930769dffd9d6ba6b87c -# Parent 825fd04dacc6297d3a980ec4184079405950b35d -Bug 1375074 - Save and restore non-volatile x28 on ARM64 for generated unboxed object constructor. - -diff --git a/js/src/jit-test/tests/bug1375074.js b/js/src/jit-test/tests/bug1375074.js -new file mode 100644 ---- /dev/null -+++ b/js/src/jit-test/tests/bug1375074.js -@@ -0,0 +1,18 @@ -+// This forces the VM to start creating unboxed objects and thus stresses a -+// particular path into generated code for a specialized unboxed object -+// constructor. -+ -+var K = 2000; // 2000 should be plenty -+var s = "["; -+var i; -+for ( i=0; i < K-1; i++ ) -+ s = s + `{"i":${i}},`; -+s += `{"i":${i}}]`; -+var v = JSON.parse(s); -+ -+assertEq(v.length == K, true); -+ -+for ( i=0; i < K; i++) { -+ assertEq(v[i] instanceof Object, true); -+ assertEq(v[i].i, i); -+} -diff --git a/js/src/vm/UnboxedObject.cpp b/js/src/vm/UnboxedObject.cpp ---- a/js/src/vm/UnboxedObject.cpp -+++ b/js/src/vm/UnboxedObject.cpp -@@ -95,7 +95,15 @@ UnboxedLayout::makeConstructorCode(JSCon - #endif - - #ifdef JS_CODEGEN_ARM64 -- // ARM64 communicates stack address via sp, but uses a pseudo-sp for addressing. -+ // ARM64 communicates stack address via sp, but uses a pseudo-sp (PSP) for -+ // addressing. The register we use for PSP may however also be used by -+ // calling code, and it is nonvolatile, so save it. Do this as a special -+ // case first because the generic save/restore code needs the PSP to be -+ // initialized already. -+ MOZ_ASSERT(PseudoStackPointer64.Is(masm.GetStackPointer64())); -+ masm.Str(PseudoStackPointer64, vixl::MemOperand(sp, -16, vixl::PreIndex)); -+ -+ // Initialize the PSP from the SP. - masm.initStackPtr(); - #endif - -@@ -233,7 +241,22 @@ UnboxedLayout::makeConstructorCode(JSCon - masm.pop(ScratchDoubleReg); - masm.PopRegsInMask(savedNonVolatileRegisters); - -+#ifdef JS_CODEGEN_ARM64 -+ // Now restore the value that was in the PSP register on entry, and return. -+ -+ // Obtain the correct SP from the PSP. -+ masm.Mov(sp, PseudoStackPointer64); -+ -+ // Restore the saved value of the PSP register, this value is whatever the -+ // caller had saved in it, not any actual SP value, and it must not be -+ // overwritten subsequently. -+ masm.Ldr(PseudoStackPointer64, vixl::MemOperand(sp, 16, vixl::PostIndex)); -+ -+ // Perform a plain Ret(), as abiret() will move SP <- PSP and that is wrong. -+ masm.Ret(vixl::lr); -+#else - masm.abiret(); -+#endif - - masm.bind(&failureStoreOther); - |