Closed Bug 792001 Opened 7 years ago Closed 7 years ago

IonMonkey: Fix FromCharCode race condition

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla18

People

(Reporter: jandem, Assigned: jandem)

Details

(Whiteboard: [ion:p1:fx18])

Attachments

(1 file)

Patch
4.14 KB, patch
nbp
: review+
Details | Diff | Splinter Review
Attached patch PatchSplinter Review 
visitFromCharCode stores the char in a static variable and passes its address to a stub. This assumes that JIT code won't run concurrently, but this is false with web workers etc. The patch just passes the code to a stub.
Attachment #662125 - Flags: review?(nicolas.b.pierron)
Comment on attachment 662125 [details] [diff] [review]
Patch

Review of attachment 662125 [details] [diff] [review]:
-----------------------------------------------------------------

Good catch.
Attachment #662125 - Flags: review?(nicolas.b.pierron) → review+
Comment on attachment 662125 [details] [diff] [review]
Patch

Review of attachment 662125 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ion/VMFunctions.cpp
@@ +334,5 @@
> +{
> +    code = uint16_t(code);
> +
> +    if (StaticStrings::hasUnit(code))
> +        return cx->runtime->staticStrings.getUnit(code);

This seems kind of useless considering the inline path in JIT code.
https://hg.mozilla.org/integration/mozilla-inbound/rev/5a347c0388fd

(In reply to Tom Schuster [:evilpie] from comment #2)
> 
> This seems kind of useless considering the inline path in JIT code.

True, I added it in case we later decide to call the stub in other cases or from somewhere else (and the stub is a slow path anyway so it shouldn't matter for performance).
(In reply to Tom Schuster [:evilpie] from comment #2)
> Comment on attachment 662125 [details] [diff] [review]
> Patch
> 
> Review of attachment 662125 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: js/src/ion/VMFunctions.cpp
> @@ +334,5 @@
> > +{
> > +    code = uint16_t(code);
> > +
> > +    if (StaticStrings::hasUnit(code))
> > +        return cx->runtime->staticStrings.getUnit(code);
> 
> This seems kind of useless considering the inline path in JIT code.

I agree, but the function name suppose that it handle all cases, so to avoid disturbing people using it later it's best to keep it like that.  And hasUnit is just a simple branch which is not a perf issue compared to the cost of the out-of-line VM call.
I just realized that hasUnit/getUnit take a jschar, so a follow-up patch to pass jschar to them:

https://hg.mozilla.org/integration/mozilla-inbound/rev/a8c051013c48
https://hg.mozilla.org/mozilla-central/rev/5a347c0388fd
https://hg.mozilla.org/mozilla-central/rev/a8c051013c48
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in before you can comment on or make changes to this bug.