Closed Bug 763233 Opened 12 years ago Closed 12 years ago

IonMonkey: Forbid JITing annotated frames

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dvander, Assigned: dvander)

References

Details

(Whiteboard: [ion:p1:fx18])

Attachments

(2 files)

patch for m-i
2.14 KB, patch
mrbkap
: review+
Details | Diff | Splinter Review
patch for ionmonkey
6.17 KB, patch
jandem
: review+
Details | Diff | Splinter Review 
IonMonkey cannot annotate frames, so js_setframeannotation may not work. Current plan is to rename the API to not take an fp, and to only operate on the topmost frame. From there, we can make the API invalidate and forbid ever JITing the calling function.
Err, this isn't totally good enough since invalidation does not give us an fp. But maybe as part of the bailout we can move the annotation from the entry fp (which could no have had one at entry) to the bailed fp.
Attached patch patch for m-iSplinter Review 
On try, SetFrameAnnotation's |fp| was always |cx->fp()|, so this should work.
Assignee: general → dvander
Status: NEW → ASSIGNED
Attachment #634198 - Flags: review?(mrbkap)
This patch disables IonMonkey for annotated frames.
Attachment #634200 - Flags: review?(jdemooij)
Comment on attachment 634198 [details] [diff] [review]
patch for m-i

Review of attachment 634198 [details] [diff] [review]:
-----------------------------------------------------------------

::: caps/src/nsScriptSecurityManager.cpp
@@ +2742,5 @@
>          return NS_ERROR_FAILURE; // XXX better error code?
>      }
>      if (NS_FAILED(principal->EnableCapability(capability, &annotation)))
>          return NS_ERROR_FAILURE;
> +    JS_SetTopFrameAnnotation(cx, annotation);

Is there a way we can assert here or in JS_SetTopFrameAnnotation that fp is the top frame?

::: js/src/jsdbgapi.cpp
@@ +524,2 @@
>  {
> +    cx->fp()->setAnnotation(annotation);

Is it worth asserting that we have a frame?
Attachment #634198 - Flags: review?(mrbkap) → review+
Comment on attachment 634200 [details] [diff] [review]
patch for ionmonkey

Review of attachment 634200 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good, I'm glad this didn't get too complicated.
Attachment #634200 - Flags: review?(jdemooij) → review+
Whiteboard: [ion:p1:fx18]
https://hg.mozilla.org/projects/ionmonkey/rev/f6c3f006b57a
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: