The Tor Browser: js/src/jit-test/tests/basic/bigLoadStoreDisp.js@deefc01c0e14 (annotated)

js/src/jit-test/tests/basic/bigLoadStoreDisp.js@deefc01c0e14 (annotated)

js/src/jit-test/tests/basic/bigLoadStoreDisp.js

Thu, 15 Jan 2015 21:03:48 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 15 Jan 2015 21:03:48 +0100
branch: TOR_BUG_9701
changeset 11: deefc01c0e14
permissions: -rw-r--r--

Integrate friendly tips from Tor colleagues to make (or not) 4.5 alpha 3;
This includes removal of overloaded (but unused) methods, and addition of
a overlooked call to DataStruct::SetData(nsISupports, uint32_t, bool.)

 // In Nanojit, loads and stores have a maximum displacement of 16-bits.  Any
 // displacements larger than that should be split off into a separate
 // instruction that adds the displacement to the base pointer.  This
 // program tests if this is done correctly.
 //
 // x.y ends up having a dslot offset of 79988, because of the 20000 array
 // elements before it.  If Nanojit incorrectly stores this offset into a
 // 16-bit value it will truncate to 14452 (because 79988 - 65536 == 14452).
 // This means that the increments in the second loop will be done to one of
 // the array elements instead of x.y.  And so x.y's final value will be
 // (99 + 8) instead of 1099.
 //
 // Note that setting x.y to 99 and checking its value at the end will
 // access the correct location because those lines are interpreted.  Phew.
 var x = {}
 for (var i = 0; i < 20000; i++)
     x[i] = 0;
 x.y = 99;            // not traced, correctly accessed
 for (var i = 0; i < 1000; ++i) {
     x.y++;           // traced, will access an array elem if disp was truncated
 }
 assertEq(x.y, 1099); // not traced, correctly accessed