Closed Bug 686381 Opened 13 years ago Closed 13 years ago

IonMonkey: Compile JSOP_AND

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: dvander, Assigned: jandem)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

      No description provided.
I have a patch to compile JSOP_AND and JSOP_OR, will clean-up and attach next week.
Assignee: general → jandemooij
Status: NEW → ASSIGNED
Attached patch PatchSplinter Review
With this patch we fail basic/shapelessCalleeTest.js with --ion-eager, same assert as bug 691598. I was able to reduce it to a test without AND/OR:
--
function f(a, b, c) {
    a();
}
f();
--
Seems to be bug 691598, or do you want me to file a separate bug?
Attachment #570640 - Flags: review?(dvander)
Attachment #570640 - Flags: review?(dvander) → review+
Attached patch Follow-up fixSplinter Review
While fuzzing this a bit I noticed there's a problem with bailouts. Consider this expression:

X && Y

If we bail-out at Y, the snapshot of the RHS block assumes X is still on the stack (X is popped immediately after taking the snapshot). The interpreter, however, assumes JSOP_AND already popped X.

The simplest fix is to change JSOP_AND and JSOP_OR to always leave the value on the stack, and insert a JSOP_POP right before the RHS.

I can probably land this patch on m-c first.
Attachment #571961 - Flags: review?(dvander)
Comment on attachment 571961 [details] [diff] [review]
Follow-up fix

Review of attachment 571961 [details] [diff] [review]:
-----------------------------------------------------------------

Yeah, would be good to land the non-ion changes on m-c first.
Attachment #571961 - Flags: review?(dvander) → review+
I will land these patches tomorrow (after the nightly -> aurora merge).
https://hg.mozilla.org/integration/mozilla-inbound/rev/97dc5c8ab41b

Please don't close this bug, I still have to land the other patch on the IM branch.
http://hg.mozilla.org/projects/ionmonkey/rev/bb133d578f86
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.