summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
blob: 869feaf7c6aca978c822cc2ef3e4f0855d837360 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
From 3f0f685829445ae82974d61f6017fdb67349c32b Mon Sep 17 00:00:00 2001
From: Dan Gohman <sunfish@mozilla.com>
Date: Fri, 9 Jan 2015 09:04:12 -0500
Subject: [PATCH] Bug 1096138 - IonMonkey: Augment Nops with Mops to avoid
 collisions with fixed live ranges. r=jandem, a=sledru

---
 js/src/jit/CodeGenerator.cpp |  6 ++++++
 js/src/jit/CodeGenerator.h   |  1 +
 js/src/jit/LIR-Common.h      |  6 ++++++
 js/src/jit/LOpcodes.h        |  1 +
 js/src/jit/Lowering.cpp      | 12 ++++++++++++
 5 files changed, 26 insertions(+)

diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
index 4f07524..ba14f86 100644
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -1077,6 +1077,12 @@ CodeGenerator::visitNop(LNop *lir)
 }
 
 bool
+CodeGenerator::visitMop(LMop *lir)
+{
+    return true;
+}
+
+bool
 CodeGenerator::visitOsiPoint(LOsiPoint *lir)
 {
     // Note: markOsiPoint ensures enough space exists between the last
diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h
index 03677a5..dce095d 100644
--- a/js/src/jit/CodeGenerator.h
+++ b/js/src/jit/CodeGenerator.h
@@ -58,6 +58,7 @@ class CodeGenerator : public CodeGeneratorSpecific
 
     bool visitLabel(LLabel *lir);
     bool visitNop(LNop *lir);
+    bool visitMop(LMop *lir);
     bool visitOsiPoint(LOsiPoint *lir);
     bool visitGoto(LGoto *lir);
     bool visitTableSwitch(LTableSwitch *ins);
diff --git a/js/src/jit/LIR-Common.h b/js/src/jit/LIR-Common.h
index c90aef9..e7a0e4c 100644
--- a/js/src/jit/LIR-Common.h
+++ b/js/src/jit/LIR-Common.h
@@ -42,6 +42,12 @@ class LNop : public LInstructionHelper<0, 0, 0>
     LIR_HEADER(Nop)
 };
 
+class LMop : public LInstructionHelper<0, 0, 0>
+{
+  public:
+    LIR_HEADER(Mop)
+};
+
 // An LOsiPoint captures a snapshot after a call and ensures enough space to
 // patch in a call to the invalidation mechanism.
 //
diff --git a/js/src/jit/LOpcodes.h b/js/src/jit/LOpcodes.h
index a32d64f..cd7eef8 100644
--- a/js/src/jit/LOpcodes.h
+++ b/js/src/jit/LOpcodes.h
@@ -10,6 +10,7 @@
 #define LIR_COMMON_OPCODE_LIST(_)   \
     _(Label)                        \
     _(Nop)                          \
+    _(Mop)                          \
     _(OsiPoint)                     \
     _(MoveGroup)                    \
     _(Integer)                      \
diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp
index d5f8227..48b7fa9 100644
--- a/js/src/jit/Lowering.cpp
+++ b/js/src/jit/Lowering.cpp
@@ -3616,12 +3616,24 @@ LIRGenerator::visitInstruction(MInstruction *ins)
     ins->setInWorklistUnchecked();
 #endif
 
+    // If we added a Nop for this instruction, we'll also add a Mop, so that
+    // that live-ranges for fixed register defs, which with LSRA extend through
+    // the Nop so that they can extend through the OsiPoint don't, with their
+    // one-extra extension, extend into a position where they use the input
+    // move group for the following instruction.
+    bool needsMop = !current->instructions().empty() && current->rbegin()->isNop();
+
     // If no safepoint was created, there's no need for an OSI point.
     if (LOsiPoint *osiPoint = popOsiPoint()) {
         if (!add(osiPoint))
             return false;
     }
 
+    if (needsMop) {
+        if (!add(new(alloc()) LMop))
+            return false;
+    }
+
     return true;
 }
 
-- 
2.2.1