nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1897150: Initialize thisValue on every comparator call r=jandem

Browse source 
I also considered setting this in ArraySortData::setComparatorArgs, but this matches the change we made for the descriptor.

The only data for the comparator call that is still constant is the comparator itself. I think that's still fine, so long as we trace it during a GC, which we do.

Differential Revision: https://phabricator.services.mozilla.com/D210749
This commit is contained in:
Iain Ireland 2024-05-20 12:09:59 +00:00
parent d4e1eb0d58
commit df9a2fef47
3 changed files with 24 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

9
js/src/jit-test/tests/arrays/bug1897150-1.js Normal file
View file

@ -0,0 +1,9 @@
var arr = [1,2,3,4]
var global = 1;
var comparator = function(a, b) {
assertEq(this.global, 1);
return b - a;
}
arr.sort(comparator);

9
js/src/jit-test/tests/arrays/bug1897150-2.js Normal file
View file

@ -0,0 +1,9 @@
var typedArr = Uint8Array.from([1,2,3,4])
var global = 1;
var comparator = function(a, b) {
assertEq(this.global, 1);
return b - a;
}
typedArr.sort(comparator);

6
js/src/jit/TrampolineNatives.cpp
View file

@ -88,6 +88,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm,
-int32_t(FrameSize) + ArraySortData::offsetOfComparatorReturnValue(); -int32_t(FrameSize) + ArraySortData::offsetOfComparatorReturnValue();
constexpr int32_t DescriptorOffset = constexpr int32_t DescriptorOffset =
-int32_t(FrameSize) + ArraySortData::offsetOfDescriptor(); -int32_t(FrameSize) + ArraySortData::offsetOfDescriptor();
constexpr int32_t ComparatorThisOffset =
-int32_t(FrameSize) + ArraySortData::offsetOfComparatorThis();
#ifdef JS_USE_LINK_REGISTER #ifdef JS_USE_LINK_REGISTER
masm.pushReturnAddress(); masm.pushReturnAddress();
@ -157,6 +159,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm,
Label callDone, jitCallFast, jitCallSlow; Label callDone, jitCallFast, jitCallSlow;
masm.bind(&jitCallFast); masm.bind(&jitCallFast);
{ {
masm.storeValue(UndefinedValue(),
Address(FramePointer, ComparatorThisOffset));
masm.storePtr(ImmWord(jitCallDescriptor), masm.storePtr(ImmWord(jitCallDescriptor),
Address(FramePointer, DescriptorOffset)); Address(FramePointer, DescriptorOffset));
masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0); masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0);
@ -166,6 +170,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm,
} }
masm.bind(&jitCallSlow); masm.bind(&jitCallSlow);
{ {
masm.storeValue(UndefinedValue(),
Address(FramePointer, ComparatorThisOffset));
masm.storePtr(ImmWord(jitCallDescriptor), masm.storePtr(ImmWord(jitCallDescriptor),
Address(FramePointer, DescriptorOffset)); Address(FramePointer, DescriptorOffset));
masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0); masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0);