Closed Bug 928776 Opened 11 years ago Closed 11 years ago

Create template call and decl env objects in baseline

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla27

People

(Reporter: bhackett1024, Assigned: bhackett1024)

References

Details

Attachments

(1 file)

patch
16.32 KB, patch
jandem
: review+
Details | Diff | Splinter Review 
As with the template objects addressed in bug 922270, these are templates which IonBuilder depends on.
Attached patch patchSplinter Review 
Assignee: nobody → bhackett1024

        Attachment #819526 -
        Flags: review?(jdemooij)

    
    

    
  
Comment on attachment 819526 [details] [diff] [review]
patch

Review of attachment 819526 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit/IonBuilder.cpp
@@ -4507,5 @@
> -
> -    // Add dummy values on the slot of the template object such as we do not try
> -    // mark uninitialized values.
> -    templateObj->setFixedSlot(DeclEnvObject::enclosingScopeSlot(), MagicValue(JS_GENERIC_MAGIC));
> -    templateObj->setFixedSlot(DeclEnvObject::lambdaSlot(), MagicValue(JS_GENERIC_MAGIC));

Was this bogus or do we still want this in BaselineCompiler.cpp?

        Attachment #819526 -
        Flags: review?(jdemooij) → review+

    
    

    
  
(In reply to Jan de Mooij [:jandem] from comment #2)
> Comment on attachment 819526 [details] [diff] [review]
> patch
> 
> Review of attachment 819526 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: js/src/jit/IonBuilder.cpp
> @@ -4507,5 @@
> > -
> > -    // Add dummy values on the slot of the template object such as we do not try
> > -    // mark uninitialized values.
> > -    templateObj->setFixedSlot(DeclEnvObject::enclosingScopeSlot(), MagicValue(JS_GENERIC_MAGIC));
> > -    templateObj->setFixedSlot(DeclEnvObject::lambdaSlot(), MagicValue(JS_GENERIC_MAGIC));
> 
> Was this bogus or do we still want this in BaselineCompiler.cpp?

These calls are bogus, after allocating an object its slots are immediately initialized up to its slot span.  See JSObject::updateSlotsForSpan, otherwise we would have all sorts of hazards when allocating objects.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/f6801c7e6500
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: