Closed
Bug 937674
Opened 11 years ago
Closed 11 years ago
Don't instantiate types when adding type object guards around type write barriers
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: bhackett1024, Assigned: bhackett1024)
References
Details
(Whiteboard: [qa-])
Attachments
(1 file)
|
12.40 KB,
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
This is a use of JSContext through GetIonContext() that hasn't been eliminated yet.
Attachment #830880 -
Flags: review?(jdemooij)
|
||
Comment 1•11 years ago
|
||
Comment on attachment 830880 [details] [diff] [review]
patch
Review of attachment 830880 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/jit/Lowering.cpp
@@ +2833,5 @@
> bool
> +LIRGenerator::visitGuardObjectIdentity(MGuardObjectIdentity *ins)
> +{
> + LGuardObjectIdentity *guard = new LGuardObjectIdentity(useRegister(ins->obj()));
> + return assignSnapshot(guard) && add(guard, ins);
MGuardObjectIdentity redefines its operand, so I think this should be:
return assignSnapshot(guard) && redefine(ins, ins->obj()) && add(guard, ins);
::: js/src/jit/MIR.h
@@ +6892,5 @@
> +class MGuardObjectIdentity
> + : public MUnaryInstruction,
> + public SingleObjectPolicy
> +{
> + CompilerRoot<JSObject *> singleObject_;
Just curious, do we still need this in the no-GC-during-compilation world?
Attachment #830880 -
Flags: review?(jdemooij) → review+
|
Assignee | |
Comment 2•11 years ago
|
||
Currently, the only thing I think the compiler roots help with is asserting that we don't end up with nursery pointers in the Ion data structures in GGC builds.
https://hg.mozilla.org/integration/mozilla-inbound/rev/2eaab43b65d4
Assignee: nobody → bhackett1024
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
|
||
Updated•11 years ago
|
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•