Closed Bug 1005532 Opened 10 years ago Closed 10 years ago

IonMonkey: Recover MNewObject

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla32

People

(Reporter: nbp, Assigned: nbp)

References

Details

Attachments

(1 file)

Recover MNewObject.
11.07 KB, patch
sstangl
: review+
Details | Diff | Splinter Review 
Convert MNewObject in such a way that we can encode it as a recover instruction.
This is needed to implement any kind of escape analysis working on objects.

About the patch: The templateObject cannot be encoded as part of the recover instruction as the recover instruction buffer is not marked. To work around this limitation, I add a MConstant which is emitted at use (no extra code generated at runtime) to hold the templateObject.

 - If the MNewObject is not recovered this should not change the generated code.

 - If the MNewObject is recovered on bailout, then the MConstant will be listed as part of the snapshot and it would be encoded in the list of Values which are marked during GCs.

The recover part just duplicate the fallback path of NewObject which is based on VMFunction calls.
Attachment #8416941 - Flags: review?(sstangl)
Comment on attachment 8416941 [details] [diff] [review]
Recover MNewObject.

Review of attachment 8416941 [details] [diff] [review]:
-----------------------------------------------------------------

Seems fine to me.

::: js/src/jit/MIR.h
@@ +944,5 @@
>      INSTRUCTION_HEADER(Constant)
>      static MConstant *New(TempAllocator &alloc, const Value &v,
>                            types::CompilerConstraintList *constraints = nullptr);
>      static MConstant *NewAsmJS(TempAllocator &alloc, const Value &v, MIRType type);
> +    static MConstant *NewConstraintLessObject(TempAllocator &alloc, JSObject *v);

This should be "NewConstraintlessObject".

@@ +1472,5 @@
> +
> +        // The constant is inlined in the code of MNewObject, but we need a
> +        // MConstant such as it would be marked during GC, and thus as we can
> +        // safely access it in the recover instruction.
> +        templateConst->setEmittedAtUses();

This comment should describe the new state of the world, not the old state.
Attachment #8416941 - Flags: review?(sstangl) → review+
https://hg.mozilla.org/mozilla-central/rev/db65001f1407
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Depends on: 1009957
Depends on: 1006899
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: