Skip to content

Commit

Permalink
Bug 1137291 - avoid clobbering an input register. r=h4writer
Browse files Browse the repository at this point in the history
  • Loading branch information
Lars T Hansen committed Mar 3, 2015
1 parent 3247f39 commit 5ef7f7a
Show file tree
Hide file tree
Showing 10 changed files with 66 additions and 10 deletions.
20 changes: 18 additions & 2 deletions js/src/jit/LIR-Common.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6379,7 +6379,7 @@ class LAsmJSStoreHeap : public LInstructionHelper<0, 2, 0>
}
};

class LAsmJSCompareExchangeHeap : public LInstructionHelper<1, 3, 0>
class LAsmJSCompareExchangeHeap : public LInstructionHelper<1, 3, 1>
{
public:
LIR_HEADER(AsmJSCompareExchangeHeap);
Expand All @@ -6390,6 +6390,7 @@ class LAsmJSCompareExchangeHeap : public LInstructionHelper<1, 3, 0>
setOperand(0, ptr);
setOperand(1, oldValue);
setOperand(2, newValue);
setTemp(0, LDefinition::BogusTemp());
}

const LAllocation *ptr() {
Expand All @@ -6401,13 +6402,20 @@ class LAsmJSCompareExchangeHeap : public LInstructionHelper<1, 3, 0>
const LAllocation *newValue() {
return getOperand(2);
}
const LDefinition *addrTemp() {
return getTemp(0);
}

void setAddrTemp(const LDefinition &addrTemp) {
setTemp(0, addrTemp);
}

MAsmJSCompareExchangeHeap *mir() const {
return mir_->toAsmJSCompareExchangeHeap();
}
};

class LAsmJSAtomicBinopHeap : public LInstructionHelper<1, 2, 1>
class LAsmJSAtomicBinopHeap : public LInstructionHelper<1, 2, 2>
{
public:
LIR_HEADER(AsmJSAtomicBinopHeap);
Expand All @@ -6417,6 +6425,7 @@ class LAsmJSAtomicBinopHeap : public LInstructionHelper<1, 2, 1>
setOperand(0, ptr);
setOperand(1, value);
setTemp(0, temp);
setTemp(1, LDefinition::BogusTemp());
}
const LAllocation *ptr() {
return getOperand(0);
Expand All @@ -6427,6 +6436,13 @@ class LAsmJSAtomicBinopHeap : public LInstructionHelper<1, 2, 1>
const LDefinition *temp() {
return getTemp(0);
}
const LDefinition *addrTemp() {
return getTemp(1);
}

void setAddrTemp(const LDefinition &addrTemp) {
setTemp(1, addrTemp);
}

MAsmJSAtomicBinopHeap *mir() const {
return mir_->toAsmJSAtomicBinopHeap();
Expand Down
2 changes: 2 additions & 0 deletions js/src/jit/arm/CodeGenerator-arm.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1928,6 +1928,7 @@ CodeGeneratorARM::visitAsmJSCompareExchangeHeap(LAsmJSCompareExchangeHeap *ins)
const LAllocation *ptr = ins->ptr();
Register ptrReg = ToRegister(ptr);
BaseIndex srcAddr(HeapReg, ptrReg, TimesOne);
MOZ_ASSERT(ins->addrTemp()->isBogusTemp());

Register oldval = ToRegister(ins->oldValue());
Register newval = ToRegister(ins->newValue());
Expand Down Expand Up @@ -1965,6 +1966,7 @@ CodeGeneratorARM::visitAsmJSAtomicBinopHeap(LAsmJSAtomicBinopHeap *ins)
const LAllocation* value = ins->value();
AtomicOp op = mir->operation();

MOZ_ASSERT(ins->addrTemp()->isBogusTemp());
BaseIndex srcAddr(HeapReg, ptrReg, TimesOne);

Label rejoin;
Expand Down
8 changes: 6 additions & 2 deletions js/src/jit/shared/Lowering-x86-shared.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -509,7 +509,8 @@ LIRGeneratorX86Shared::visitAtomicTypedArrayElementBinop(MAtomicTypedArrayElemen
}

void
LIRGeneratorX86Shared::visitAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins)
LIRGeneratorX86Shared::lowerAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins,
const LDefinition& addrTemp)
{
MDefinition *ptr = ins->ptr();
MOZ_ASSERT(ptr->type() == MIRType_Int32);
Expand Down Expand Up @@ -550,11 +551,13 @@ LIRGeneratorX86Shared::visitAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *
LAsmJSCompareExchangeHeap *lir =
new(alloc()) LAsmJSCompareExchangeHeap(useRegister(ptr), oldval, newval);

lir->setAddrTemp(addrTemp);
defineFixed(lir, ins, LAllocation(AnyRegister(eax)));
}

void
LIRGeneratorX86Shared::visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins)
LIRGeneratorX86Shared::lowerAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins,
const LDefinition& addrTemp)
{
MDefinition *ptr = ins->ptr();
MOZ_ASSERT(ptr->type() == MIRType_Int32);
Expand Down Expand Up @@ -628,6 +631,7 @@ LIRGeneratorX86Shared::visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins)
LAsmJSAtomicBinopHeap *lir =
new(alloc()) LAsmJSAtomicBinopHeap(useRegister(ptr), value, tempDef);

lir->setAddrTemp(addrTemp);
defineFixed(lir, ins, LAllocation(AnyRegister(eax)));
}

Expand Down
4 changes: 2 additions & 2 deletions js/src/jit/shared/Lowering-x86-shared.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ class LIRGeneratorX86Shared : public LIRGeneratorShared
void visitSimdValueX4(MSimdValueX4 *ins);
void visitCompareExchangeTypedArrayElement(MCompareExchangeTypedArrayElement *ins);
void visitAtomicTypedArrayElementBinop(MAtomicTypedArrayElementBinop *ins);
void visitAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins);
void visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins);
void lowerAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins, const LDefinition& addrTemp);
void lowerAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins, const LDefinition& addrTemp);
};

} // namespace jit
Expand Down
2 changes: 2 additions & 0 deletions js/src/jit/x64/CodeGenerator-x64.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -572,6 +572,7 @@ CodeGeneratorX64::visitAsmJSCompareExchangeHeap(LAsmJSCompareExchangeHeap *ins)
Scalar::Type accessType = mir->accessType();
const LAllocation *ptr = ins->ptr();

MOZ_ASSERT(ins->addrTemp()->isBogusTemp());
MOZ_ASSERT(ptr->isRegister());
BaseIndex srcAddr(HeapReg, ToRegister(ptr), TimesOne, mir->offset());

Expand Down Expand Up @@ -618,6 +619,7 @@ CodeGeneratorX64::visitAsmJSAtomicBinopHeap(LAsmJSAtomicBinopHeap *ins)
const LAllocation* value = ins->value();
AtomicOp op = mir->operation();

MOZ_ASSERT(ins->addrTemp()->isBogusTemp());
MOZ_ASSERT(ptr->isRegister());
BaseIndex srcAddr(HeapReg, ToRegister(ptr), TimesOne, mir->offset());

Expand Down
12 changes: 12 additions & 0 deletions js/src/jit/x64/Lowering-x64.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,18 @@ LIRGeneratorX64::visitAsmJSStoreHeap(MAsmJSStoreHeap *ins)
add(lir, ins);
}

void
LIRGeneratorX64::visitAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins)
{
lowerAsmJSCompareExchangeHeap(ins, LDefinition::BogusTemp());
}

void
LIRGeneratorX64::visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins)
{
lowerAsmJSAtomicBinopHeap(ins, LDefinition::BogusTemp());
}

void
LIRGeneratorX64::visitAsmJSLoadFuncPtr(MAsmJSLoadFuncPtr *ins)
{
Expand Down
2 changes: 2 additions & 0 deletions js/src/jit/x64/Lowering-x64.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ class LIRGeneratorX64 : public LIRGeneratorX86Shared
void visitAsmJSLoadHeap(MAsmJSLoadHeap *ins);
void visitAsmJSStoreHeap(MAsmJSStoreHeap *ins);
void visitAsmJSLoadFuncPtr(MAsmJSLoadFuncPtr *ins);
void visitAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins);
void visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins);
void visitStoreTypedArrayElementStatic(MStoreTypedArrayElementStatic *ins);
void visitSubstr(MSubstr *ins);
};
Expand Down
12 changes: 8 additions & 4 deletions js/src/jit/x86/CodeGenerator-x86.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -648,6 +648,7 @@ CodeGeneratorX86::visitAsmJSCompareExchangeHeap(LAsmJSCompareExchangeHeap *ins)
const LAllocation *ptr = ins->ptr();
Register oldval = ToRegister(ins->oldValue());
Register newval = ToRegister(ins->newValue());
Register addrTemp = ToRegister(ins->addrTemp());

MOZ_ASSERT(ptr->isRegister());
// Set up the offset within the heap in the pointer reg.
Expand All @@ -669,12 +670,13 @@ CodeGeneratorX86::visitAsmJSCompareExchangeHeap(LAsmJSCompareExchangeHeap *ins)

// Add in the actual heap pointer explicitly, to avoid opening up
// the abstraction that is compareExchangeToTypedIntArray at this time.
masm.movl(ptrReg, addrTemp);
uint32_t before = masm.size();
masm.addlWithPatch(Imm32(mir->offset()), ptrReg);
masm.addlWithPatch(Imm32(mir->offset()), addrTemp);
uint32_t after = masm.size();
masm.append(AsmJSHeapAccess(before, after, maybeCmpOffset));

Address memAddr(ToRegister(ptr), mir->offset());
Address memAddr(addrTemp, mir->offset());
masm.compareExchangeToTypedIntArray(accessType == Scalar::Uint32 ? Scalar::Int32 : accessType,
memAddr,
oldval,
Expand All @@ -692,6 +694,7 @@ CodeGeneratorX86::visitAsmJSAtomicBinopHeap(LAsmJSAtomicBinopHeap *ins)
Scalar::Type accessType = mir->accessType();
const LAllocation *ptr = ins->ptr();
Register temp = ins->temp()->isBogusTemp() ? InvalidReg : ToRegister(ins->temp());
Register addrTemp = ToRegister(ins->addrTemp());
const LAllocation* value = ins->value();
AtomicOp op = mir->operation();

Expand All @@ -715,12 +718,13 @@ CodeGeneratorX86::visitAsmJSAtomicBinopHeap(LAsmJSAtomicBinopHeap *ins)

// Add in the actual heap pointer explicitly, to avoid opening up
// the abstraction that is atomicBinopToTypedIntArray at this time.
masm.movl(ptrReg, addrTemp);
uint32_t before = masm.size();
masm.addlWithPatch(Imm32(mir->offset()), ptrReg);
masm.addlWithPatch(Imm32(mir->offset()), addrTemp);
uint32_t after = masm.size();
masm.append(AsmJSHeapAccess(before, after, maybeCmpOffset));

Address memAddr(ptrReg, mir->offset());
Address memAddr(addrTemp, mir->offset());
if (value->isConstant()) {
masm.atomicBinopToTypedIntArray(op, accessType == Scalar::Uint32 ? Scalar::Int32 : accessType,
Imm32(ToInt32(value)),
Expand Down
12 changes: 12 additions & 0 deletions js/src/jit/x86/Lowering-x86.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,18 @@ LIRGeneratorX86::visitStoreTypedArrayElementStatic(MStoreTypedArrayElementStatic
add(lir, ins);
}

void
LIRGeneratorX86::visitAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins)
{
lowerAsmJSCompareExchangeHeap(ins, temp());
}

void
LIRGeneratorX86::visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins)
{
lowerAsmJSAtomicBinopHeap(ins, temp());
}

void
LIRGeneratorX86::visitAsmJSLoadFuncPtr(MAsmJSLoadFuncPtr *ins)
{
Expand Down
2 changes: 2 additions & 0 deletions js/src/jit/x86/Lowering-x86.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ class LIRGeneratorX86 : public LIRGeneratorX86Shared
void visitAsmJSLoadHeap(MAsmJSLoadHeap *ins);
void visitAsmJSStoreHeap(MAsmJSStoreHeap *ins);
void visitAsmJSLoadFuncPtr(MAsmJSLoadFuncPtr *ins);
void visitAsmJSCompareExchangeHeap(MAsmJSCompareExchangeHeap *ins);
void visitAsmJSAtomicBinopHeap(MAsmJSAtomicBinopHeap *ins);
void visitStoreTypedArrayElementStatic(MStoreTypedArrayElementStatic *ins);
void visitSubstr(MSubstr *ins);
void lowerPhi(MPhi *phi);
Expand Down

0 comments on commit 5ef7f7a

Please sign in to comment.