Closed
Bug 792001
Opened 8 years ago
Closed 8 years ago
IonMonkey: Fix FromCharCode race condition
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla18
People
(Reporter: jandem, Assigned: jandem)
Details
(Whiteboard: [ion:p1:fx18])
Attachments
(1 file)
|
4.14 KB,
patch
|
nbp
:
review+
|
Details | Diff | Splinter Review |
visitFromCharCode stores the char in a static variable and passes its address to a stub. This assumes that JIT code won't run concurrently, but this is false with web workers etc. The patch just passes the code to a stub.
Attachment #662125 -
Flags: review?(nicolas.b.pierron)
|
||
Comment 1•8 years ago
|
||
Comment on attachment 662125 [details] [diff] [review] Patch Review of attachment 662125 [details] [diff] [review]: ----------------------------------------------------------------- Good catch.
Attachment #662125 -
Flags: review?(nicolas.b.pierron) → review+
|
||
Comment 2•8 years ago
|
||
Comment on attachment 662125 [details] [diff] [review] Patch Review of attachment 662125 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/ion/VMFunctions.cpp @@ +334,5 @@ > +{ > + code = uint16_t(code); > + > + if (StaticStrings::hasUnit(code)) > + return cx->runtime->staticStrings.getUnit(code); This seems kind of useless considering the inline path in JIT code.
|
Assignee | |
Comment 3•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/5a347c0388fd (In reply to Tom Schuster [:evilpie] from comment #2) > > This seems kind of useless considering the inline path in JIT code. True, I added it in case we later decide to call the stub in other cases or from somewhere else (and the stub is a slow path anyway so it shouldn't matter for performance).
|
|
||
Comment 4•8 years ago
|
||
(In reply to Tom Schuster [:evilpie] from comment #2) > Comment on attachment 662125 [details] [diff] [review] > Patch > > Review of attachment 662125 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: js/src/ion/VMFunctions.cpp > @@ +334,5 @@ > > +{ > > + code = uint16_t(code); > > + > > + if (StaticStrings::hasUnit(code)) > > + return cx->runtime->staticStrings.getUnit(code); > > This seems kind of useless considering the inline path in JIT code. I agree, but the function name suppose that it handle all cases, so to avoid disturbing people using it later it's best to keep it like that. And hasUnit is just a simple branch which is not a perf issue compared to the cost of the out-of-line VM call.
|
|
Assignee | |
Comment 5•8 years ago
|
||
I just realized that hasUnit/getUnit take a jschar, so a follow-up patch to pass jschar to them: https://hg.mozilla.org/integration/mozilla-inbound/rev/a8c051013c48
Whiteboard: [ion:p1:fx18]
|
||
Comment 6•8 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5a347c0388fd https://hg.mozilla.org/mozilla-central/rev/a8c051013c48
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in
before you can comment on or make changes to this bug.
Description
•