IonMonkey: Fix FromCharCode race condition

RESOLVED FIXED in mozilla18

Status

()

Product:
Core
Component:
JavaScript Engine
Status:
RESOLVED FIXED
Reported:
6 years ago
Modified:
6 years ago

People

(Reporter: jandem, Assigned: jandem)

Tracking

Version:
unspecified
Target:
mozilla18
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ion:p1:fx18])

Attachments

(1 attachment)

Patch
4.14 KB, patch
nbp
: review+
Details | Diff | Splinter Review
(Assignee)

Description

6 years ago 
Created attachment 662125 [details] [diff] [review]
Patch

visitFromCharCode stores the char in a static variable and passes its address to a stub. This assumes that JIT code won't run concurrently, but this is false with web workers etc. The patch just passes the code to a stub.
Attachment #662125 - Flags: review?(nicolas.b.pierron)

Comment 1

6 years ago 
Comment on attachment 662125 [details] [diff] [review]
Patch

Review of attachment 662125 [details] [diff] [review]:
-----------------------------------------------------------------

Good catch.
Attachment #662125 - Flags: review?(nicolas.b.pierron) → review+

Comment 2

6 years ago 
Comment on attachment 662125 [details] [diff] [review]
Patch

Review of attachment 662125 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ion/VMFunctions.cpp
@@ +334,5 @@
> +{
> +    code = uint16_t(code);
> +
> +    if (StaticStrings::hasUnit(code))
> +        return cx->runtime->staticStrings.getUnit(code);

This seems kind of useless considering the inline path in JIT code.
(Assignee)

Comment 3

6 years ago 
https://hg.mozilla.org/integration/mozilla-inbound/rev/5a347c0388fd

(In reply to Tom Schuster [:evilpie] from comment #2)
> 
> This seems kind of useless considering the inline path in JIT code.

True, I added it in case we later decide to call the stub in other cases or from somewhere else (and the stub is a slow path anyway so it shouldn't matter for performance).

Comment 4

6 years ago 
(In reply to Tom Schuster [:evilpie] from comment #2)
> Comment on attachment 662125 [details] [diff] [review]
> Patch
> 
> Review of attachment 662125 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: js/src/ion/VMFunctions.cpp
> @@ +334,5 @@
> > +{
> > +    code = uint16_t(code);
> > +
> > +    if (StaticStrings::hasUnit(code))
> > +        return cx->runtime->staticStrings.getUnit(code);
> 
> This seems kind of useless considering the inline path in JIT code.

I agree, but the function name suppose that it handle all cases, so to avoid disturbing people using it later it's best to keep it like that.  And hasUnit is just a simple branch which is not a perf issue compared to the cost of the out-of-line VM call.
(Assignee)

Comment 5

6 years ago 
I just realized that hasUnit/getUnit take a jschar, so a follow-up patch to pass jschar to them:

https://hg.mozilla.org/integration/mozilla-inbound/rev/a8c051013c48
Whiteboard: [ion:p1:fx18]

Comment 6

6 years ago 
https://hg.mozilla.org/mozilla-central/rev/5a347c0388fd
https://hg.mozilla.org/mozilla-central/rev/a8c051013c48
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in before you can comment on or make changes to this bug.