Closed Bug 1478902 Opened 7 years ago Closed 7 years ago

Hardern types in JIT nursery strings allocation

Categories

(Core :: JavaScript: GC, enhancement)

Product:
Core
Component:
JavaScript: GC
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox63 --- fixed

People

(Reporter: pbone, Assigned: pbone)

References

Details

Attachments

(4 files, 1 obsolete file)

Bug 1478902 - Improve types in nursery allocation
1.51 KB, patch
nbp
: review+
Details | Diff | Splinter Review
Bug 1478902 Part 2 - Nursery strings allocation code uses the wrong pointer
1013 bytes, patch
sfink
: review+
Details | Diff | Splinter Review
Bug 1478902 Part 3 - Add assertions to JIT nursery strings allocation
2.24 KB, patch
nbp
: review+
Details | Diff | Splinter Review
Bug 1478902 (squash into part 3) - Use CheckedInt for assertions
2.35 KB, patch
sfink
: review+
Details | Diff | Splinter Review
In Bug 1476500 I forgot to make the similar change for nursery strings.
Assignee: nobody → pbone
Status: NEW → ASSIGNED
Depends on: 1476500
Attachment #8995402 - Flags: review?(nicolas.b.pierron)
Comment on attachment 8995402 [details] [diff] [review] Bug 1478902 - Improve types in nursery allocation Review of attachment 8995402 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/jit/MacroAssembler.cpp @@ +990,4 @@ > > movePtr(ImmPtr(zone->addressOfNurseryPosition()), temp); > loadPtr(Address(temp, 0), result); > addPtr(Imm32(totalSize), result); existing nit: The comment above state that this is true, but this deserves a proper assertions: MOZ_ASSERT(int32_t(totalSize) == totalSize, "Encode nursery displacement instead of 64 bits immediates"); MOZ_ASSERT( reinterpret_cast<uint8_t*>(zone->addressOfNurseryPosition()) + totalSize == zone->addressOfStringNurseryPosition(), "String nursery is at some small offset within the nursery"); @@ +991,5 @@ > movePtr(ImmPtr(zone->addressOfNurseryPosition()), temp); > loadPtr(Address(temp, 0), result); > addPtr(Imm32(totalSize), result); > + branchPtr(Assembler::Below, Address(temp, > + uintptr_t(nurseryEndAddr) - uintptr_t(nurseryPosAddr)), result, fail); nit: Move this outside this expression and give it a name: ptrdiff_t stringNurserySize = … - …;
Attachment #8995402 - Flags: review?(nicolas.b.pierron) → review+
(In reply to Nicolas B. Pierron [:nbp] {backlog: 39} from comment #2) > Comment on attachment 8995402 [details] [diff] [review] > Bug 1478902 - Improve types in nursery allocation > > Review of attachment 8995402 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: js/src/jit/MacroAssembler.cpp > @@ +990,4 @@ > > > > movePtr(ImmPtr(zone->addressOfNurseryPosition()), temp); > > loadPtr(Address(temp, 0), result); > > addPtr(Imm32(totalSize), result); > > existing nit: The comment above state that this is true, but this deserves a > proper assertions: > > MOZ_ASSERT(int32_t(totalSize) == totalSize, "Encode nursery displacement > instead of 64 bits immediates"); > MOZ_ASSERT( > reinterpret_cast<uint8_t*>(zone->addressOfNurseryPosition()) + > totalSize == zone->addressOfStringNurseryPosition(), > "String nursery is at some small offset within the nursery"); I can see similar problems elsewhere, therefore I'll fix this in a seperate bug. > @@ +991,5 @@ > > movePtr(ImmPtr(zone->addressOfNurseryPosition()), temp); > > loadPtr(Address(temp, 0), result); > > addPtr(Imm32(totalSize), result); > > + branchPtr(Assembler::Below, Address(temp, > > + uintptr_t(nurseryEndAddr) - uintptr_t(nurseryPosAddr)), result, fail); > > nit: Move this outside this expression and give it a name: > ptrdiff_t stringNurserySize = … - …; Okay.
(In reply to Paul Bone [:pbone] from comment #3) > (In reply to Nicolas B. Pierron [:nbp] {backlog: 39} from comment #2) > > ::: js/src/jit/MacroAssembler.cpp > > @@ +990,4 @@ > > > > > > movePtr(ImmPtr(zone->addressOfNurseryPosition()), temp); > > > loadPtr(Address(temp, 0), result); > > > addPtr(Imm32(totalSize), result); > > > > existing nit: The comment above state that this is true, but this deserves a > > proper assertions: > > > > MOZ_ASSERT(int32_t(totalSize) == totalSize, "Encode nursery displacement > > instead of 64 bits immediates"); > > MOZ_ASSERT( > > reinterpret_cast<uint8_t*>(zone->addressOfNurseryPosition()) + > > totalSize == zone->addressOfStringNurseryPosition(), > > "String nursery is at some small offset within the nursery"); > > I can see similar problems elsewhere, therefore I'll fix this in a seperate > bug. I think these assertions arn't correct, and I will add them on this bug, but as seperate patches.
Attachment #8995873 - Flags: review?(nicolas.b.pierron)
Attachment #8995873 - Attachment is obsolete: true
Attachment #8995873 - Flags: review?(nicolas.b.pierron)
Attachment #8995878 - Flags: review?(nicolas.b.pierron)
Comment on attachment 8995878 [details] [diff] [review] Bug 1478902 Part 3 - Add assertions to JIT nursery strings allocation Review of attachment 8995878 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/jit/MacroAssembler.cpp @@ +980,4 @@ > addPtr(Imm32(totalSize), result); > const ptrdiff_t endOffset = > uintptr_t(nurseryEndAddr) - uintptr_t(nurseryPosAddr); > + MOZ_ASSERT(endOffset < ptrdiff_t(1)<<31, nit: ptrdiff_t is a signed type. This might not do what you expect on 32 bits architectures.
Attachment #8995878 - Flags: review?(nicolas.b.pierron) → review+
Comment on attachment 8995872 [details] [diff] [review] Bug 1478902 Part 2 - Nursery strings allocation code uses the wrong pointer Review of attachment 8995872 [details] [diff] [review]: ----------------------------------------------------------------- Ouch! Nice catch, thanks.
Attachment #8995872 - Flags: review?(sphink) → review+
I'll roll this into the previous change that adds the assertions. But sfink suggested this and I wanted to get his r+ first.
Attachment #8996213 - Flags: review?(sphink)
Attachment #8996213 - Flags: review?(sphink) → review+
Pushed by pbone@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/6b92b3fbb206 Part 1 - Improve types in nursery allocation r=nbp https://hg.mozilla.org/integration/mozilla-inbound/rev/ce1f02d10be7 Part 2 - Nursery strings allocation code uses the wrong pointer r=sfink https://hg.mozilla.org/integration/mozilla-inbound/rev/07a0de606788 Part 3 - Add assertions to JIT nursery strings allocation r=nbp,sfink
https://hg.mozilla.org/mozilla-central/rev/6b92b3fbb206 https://hg.mozilla.org/mozilla-central/rev/ce1f02d10be7 https://hg.mozilla.org/mozilla-central/rev/07a0de606788
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: