js/src/jit-test/tests/basic/bigLoadStoreDisp.js@6474c204b198 (annotated)
js/src/jit-test/tests/basic/bigLoadStoreDisp.js
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // In Nanojit, loads and stores have a maximum displacement of 16-bits. Any |
| michael@0 | 2 | // displacements larger than that should be split off into a separate |
| michael@0 | 3 | // instruction that adds the displacement to the base pointer. This |
| michael@0 | 4 | // program tests if this is done correctly. |
| michael@0 | 5 | // |
| michael@0 | 6 | // x.y ends up having a dslot offset of 79988, because of the 20000 array |
| michael@0 | 7 | // elements before it. If Nanojit incorrectly stores this offset into a |
| michael@0 | 8 | // 16-bit value it will truncate to 14452 (because 79988 - 65536 == 14452). |
| michael@0 | 9 | // This means that the increments in the second loop will be done to one of |
| michael@0 | 10 | // the array elements instead of x.y. And so x.y's final value will be |
| michael@0 | 11 | // (99 + 8) instead of 1099. |
| michael@0 | 12 | // |
| michael@0 | 13 | // Note that setting x.y to 99 and checking its value at the end will |
| michael@0 | 14 | // access the correct location because those lines are interpreted. Phew. |
| michael@0 | 15 | |
| michael@0 | 16 | var x = {} |
| michael@0 | 17 | for (var i = 0; i < 20000; i++) |
| michael@0 | 18 | x[i] = 0; |
| michael@0 | 19 | x.y = 99; // not traced, correctly accessed |
| michael@0 | 20 | |
| michael@0 | 21 | for (var i = 0; i < 1000; ++i) { |
| michael@0 | 22 | x.y++; // traced, will access an array elem if disp was truncated |
| michael@0 | 23 | } |
| michael@0 | 24 | assertEq(x.y, 1099); // not traced, correctly accessed |
| michael@0 | 25 |
