Attachment #8914335: Part 2 - Test and asserts for bug #1404636

View | Details | Raw Unified | Return to bug 1404636
Collapse All | Expand All

(-)a/js/src/jit-test/tests/ion/bug1404636.js (+6 lines)
Line     Link Here 
Line 0    Link Here 
1 
x = new Uint32Array(4);
2 
try {
3 
    Math.max(Uint32Array.prototype)();
4 
} catch (e) {}
5 
x[3] = -1;
6 
assertEq(x.toString(), "0,0,0,4294967295");
(-)a/js/src/jit/arm/CodeGenerator-arm.cpp (-1 / +9 lines)
Line     Link Here 
 Lines 1426-1444   CodeGeneratorARM::visitUnbox(LUnbox* unb Link Here 
1426 
{
 1426 
{
1427 
    // Note that for unbox, the type and payload indexes are switched on the
 1427 
    // Note that for unbox, the type and payload indexes are switched on the
1428 
    // inputs.
 1428 
    // inputs.
1429 
    MUnbox* mir = unbox->mir();
 1429 
    MUnbox* mir = unbox->mir();
1430 
    Register type = ToRegister(unbox->type());
 1430 
    Register type = ToRegister(unbox->type());
1431 

1431






1432

    ScratchRegisterScope scratch(masm);

1432

    ScratchRegisterScope scratch(masm);





1433


1433








1434

    JSValueTag tag = MIRTypeToTag(mir->type());





1434

    if (mir->fallible()) {

1435

    if (mir->fallible()) {





1435

        masm.ma_cmp(type, Imm32(MIRTypeToTag(mir->type())), scratch);

1436

        masm.ma_cmp(type, Imm32(tag), scratch);





1436

        bailoutIf(Assembler::NotEqual, unbox->snapshot());

1437

        bailoutIf(Assembler::NotEqual, unbox->snapshot());







1438

    } else {





1439

#ifdef DEBUG





1440

        Label ok;





1441

        masm.branch32(Assembler::Equal, type, Imm32(tag), &ok);





1442

        masm.assumeUnreachable("Infallible unbox type mismatch");





1443

        masm.bind(&ok);





1444

#endif





1437

    }

1445

    }





1438

}

1446

}





1439


1447






1440

void

1448

void





1441

CodeGeneratorARM::visitDouble(LDouble* ins)

1449

CodeGeneratorARM::visitDouble(LDouble* ins)





1442

{

1450

{





1443

    const LDefinition* out = ins->getDef(0);

1451

    const LDefinition* out = ins->getDef(0);





1444

    masm.loadConstantDouble(ins->getDouble(), ToFloatRegister(out));

1452

    masm.loadConstantDouble(ins->getDouble(), ToFloatRegister(out));




(-)a/js/src/jit/x64/CodeGenerator-x64.cpp
(+10 lines)









Line 
  

Link Here 










 Lines 110-125
  CodeGeneratorX64::visitUnbox(LUnbox* unb

Link Here 






110

            break;

110

            break;





111

          case MIRType::Symbol:

111

          case MIRType::Symbol:





112

            cond = masm.testSymbol(Assembler::NotEqual, value);

112

            cond = masm.testSymbol(Assembler::NotEqual, value);





113

            break;

113

            break;





114

          default:

114

          default:





115

            MOZ_CRASH("Given MIRType cannot be unboxed.");

115

            MOZ_CRASH("Given MIRType cannot be unboxed.");





116

        }

116

        }





117

        bailoutIf(cond, unbox->snapshot());

117

        bailoutIf(cond, unbox->snapshot());







118

    } else {





119

#ifdef DEBUG





120

        Operand input = ToOperand(unbox->getOperand(LUnbox::Input));





121

        JSValueTag tag = MIRTypeToTag(mir->type());





122

        Label ok;





123

        masm.splitTag(input, ScratchReg);





124

        masm.branch32(Assembler::Equal, ScratchReg, Imm32(tag), &ok);





125

        masm.assumeUnreachable("Infallible unbox type mismatch");





126

        masm.bind(&ok);





127

#endif





118

    }

128

    }





119


129






120

    Operand input = ToOperand(unbox->getOperand(LUnbox::Input));

130

    Operand input = ToOperand(unbox->getOperand(LUnbox::Input));





121

    Register result = ToRegister(unbox->output());

131

    Register result = ToRegister(unbox->output());





122

    switch (mir->type()) {

132

    switch (mir->type()) {





123

      case MIRType::Int32:

133

      case MIRType::Int32:





124

        masm.unboxInt32(input, result);

134

        masm.unboxInt32(input, result);





125

        break;

135

        break;




(-)a/js/src/jit/x86/CodeGenerator-x86.cpp
(-1 / +9 lines)









Line 
  

Link Here 










 Lines 118-136
  CodeGeneratorX86::visitBoxFloatingPoint(

Link Here 






118


118






119

void

119

void





120

CodeGeneratorX86::visitUnbox(LUnbox* unbox)

120

CodeGeneratorX86::visitUnbox(LUnbox* unbox)





121

{

121

{





122

    // Note that for unbox, the type and payload indexes are switched on the

122

    // Note that for unbox, the type and payload indexes are switched on the





123

    // inputs.

123

    // inputs.





124

    MUnbox* mir = unbox->mir();

124

    MUnbox* mir = unbox->mir();





125


125








126

    JSValueTag tag = MIRTypeToTag(mir->type());





126

    if (mir->fallible()) {

127

    if (mir->fallible()) {





127

        masm.cmp32(ToOperand(unbox->type()), Imm32(MIRTypeToTag(mir->type())));

128

        masm.cmp32(ToOperand(unbox->type()), Imm32(tag));





128

        bailoutIf(Assembler::NotEqual, unbox->snapshot());

129

        bailoutIf(Assembler::NotEqual, unbox->snapshot());







130

    } else {





131

#ifdef DEBUG





132

        Label ok;





133

        masm.branch32(Assembler::Equal, ToOperand(unbox->type()), Imm32(tag), &ok);





134

        masm.assumeUnreachable("Infallible unbox type mismatch");





135

        masm.bind(&ok);





136

#endif





129

    }

137

    }





130

}

138

}





131


139






132

void

140

void





133

CodeGeneratorX86::visitCompareB(LCompareB* lir)

141

CodeGeneratorX86::visitCompareB(LCompareB* lir)





134

{

142

{





135

    MCompare* mir = lir->mir();

143

    MCompare* mir = lir->mir();





136


144








Return to bug 1404636