Closed
Bug 1467142
Opened 5 years ago
Closed 5 years ago
MacroAssembler::branchTestObjCompartment needs to guard on the compartment instead of realm
Categories
(Core :: JavaScript Engine: JIT, enhancement)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla62
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | fixed |
People
(Reporter: jandem, Assigned: jandem)
References
Details
Attachments
(1 file)
|
4.14 KB,
patch
|
tcampbell
:
review+
|
Details | Diff | Splinter Review |
I just realized bug 1363214 broke this because the guard is always false if we compare a JSCompartment* to obj->group->realm_. I think it's okay for this code to guard on the compartment and to accept same-realm compartments.
Attachment #8983786 -
Flags: review?(tcampbell)
|
Assignee | |
Comment 1•5 years ago
|
||
Note that this introduces an extra load. I think that's fine and we should be able to remove these ICs eventually anyway.
|
|
Assignee | |
Comment 2•5 years ago
|
||
(In reply to Jan de Mooij [:jandem] from comment #0) > guard on the compartment and to accept same-realm compartments. Er, same-compartment realms :)
|
||
Comment 3•5 years ago
|
||
Comment on attachment 8983786 [details] [diff] [review] Patch Review of attachment 8983786 [details] [diff] [review]: ----------------------------------------------------------------- Good find. Extra load is likely fine as these ICs are already complicated.
Attachment #8983786 -
Flags: review?(tcampbell) → review+
Pushed by jandemooij@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/7b760c430347 Fix MacroAssembler::branchTestObjCompartment to guard on realm->compartment instead of realm. r=tcampbell
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/7b760c430347
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox62:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
You need to log in
before you can comment on or make changes to this bug.
Description
•