diff options
Diffstat (limited to 'js/src/jit')
| -rw-r--r-- | js/src/jit/BaselineFrameInfo.h | 4 | ||||
| -rw-r--r-- | js/src/jit/CodeGenerator.cpp | 4 | ||||
| -rw-r--r-- | js/src/jit/JitFrames.cpp | 2 | ||||
| -rw-r--r-- | js/src/jit/Lowering.cpp | 2 | ||||
| -rw-r--r-- | js/src/jit/MacroAssembler.cpp | 6 | ||||
| -rw-r--r-- | js/src/jit/ProcessExecutableMemory.cpp | 8 | ||||
| -rw-r--r-- | js/src/jit/ProcessExecutableMemory.h | 8 | ||||
| -rw-r--r-- | js/src/jit/RegisterSets.h | 8 | ||||
| -rw-r--r-- | js/src/jit/RematerializedFrame.cpp | 14 | ||||
| -rw-r--r-- | js/src/jit/arm/MacroAssembler-arm.cpp | 12 | ||||
| -rw-r--r-- | js/src/jit/arm/MacroAssembler-arm.h | 16 | ||||
| -rw-r--r-- | js/src/jit/arm64/MacroAssembler-arm64.h | 8 | ||||
| -rw-r--r-- | js/src/jit/mips32/MacroAssembler-mips32.cpp | 4 | ||||
| -rw-r--r-- | js/src/jit/mips32/MacroAssembler-mips32.h | 4 | ||||
| -rw-r--r-- | js/src/jit/mips64/MacroAssembler-mips64.cpp | 2 | ||||
| -rw-r--r-- | js/src/jit/mips64/MacroAssembler-mips64.h | 6 | ||||
| -rw-r--r-- | js/src/jit/shared/IonAssemblerBuffer.h | 4 | ||||
| -rw-r--r-- | js/src/jit/x64/MacroAssembler-x64.h | 8 | ||||
| -rw-r--r-- | js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h | 32 | ||||
| -rw-r--r-- | js/src/jit/x86/MacroAssembler-x86.cpp | 4 | ||||
| -rw-r--r-- | js/src/jit/x86/MacroAssembler-x86.h | 12 |
21 files changed, 108 insertions, 60 deletions
diff --git a/js/src/jit/BaselineFrameInfo.h b/js/src/jit/BaselineFrameInfo.h index 13bf0358d..1691270ac 100644 --- a/js/src/jit/BaselineFrameInfo.h +++ b/js/src/jit/BaselineFrameInfo.h @@ -67,7 +67,7 @@ class StackValue union { struct { - Value v; + JS::UninitializedValue v; } constant; struct { mozilla::AlignedStorage2<ValueOperand> reg; @@ -112,7 +112,7 @@ class StackValue } Value constant() const { MOZ_ASSERT(kind_ == Constant); - return data.constant.v; + return data.constant.v.asValueRef(); } ValueOperand reg() const { MOZ_ASSERT(kind_ == Register); diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp index ccdc5fbfa..7b2f8214b 100644 --- a/js/src/jit/CodeGenerator.cpp +++ b/js/src/jit/CodeGenerator.cpp @@ -8526,8 +8526,8 @@ StoreUnboxedPointer(MacroAssembler& masm, T address, MIRType type, const LAlloca masm.patchableCallPreBarrier(address, type); if (value->isConstant()) { Value v = value->toConstant()->toJSValue(); - if (v.isMarkable()) { - masm.storePtr(ImmGCPtr(v.toMarkablePointer()), address); + if (v.isGCThing()) { + masm.storePtr(ImmGCPtr(v.toGCThing()), address); } else { MOZ_ASSERT(v.isNull()); masm.storePtr(ImmWord(0), address); diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp index 966d952d3..f11f17225 100644 --- a/js/src/jit/JitFrames.cpp +++ b/js/src/jit/JitFrames.cpp @@ -2062,7 +2062,7 @@ SnapshotIterator::traceAllocation(JSTracer* trc) return; Value v = allocationValue(alloc, RM_AlwaysDefault); - if (!v.isMarkable()) + if (!v.isGCThing()) return; Value copy = v; diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp index 7f28a9020..730697163 100644 --- a/js/src/jit/Lowering.cpp +++ b/js/src/jit/Lowering.cpp @@ -2687,7 +2687,7 @@ IsNonNurseryConstant(MDefinition* def) if (!def->isConstant()) return false; Value v = def->toConstant()->toJSValue(); - return !v.isMarkable() || !IsInsideNursery(v.toMarkablePointer()); + return !v.isGCThing() || !IsInsideNursery(v.toGCThing()); } void diff --git a/js/src/jit/MacroAssembler.cpp b/js/src/jit/MacroAssembler.cpp index f633b9b7b..9dbbe7624 100644 --- a/js/src/jit/MacroAssembler.cpp +++ b/js/src/jit/MacroAssembler.cpp @@ -2214,6 +2214,12 @@ MacroAssembler::finish() } MacroAssemblerSpecific::finish(); + + MOZ_RELEASE_ASSERT(size() <= MaxCodeBytesPerProcess, + "AssemblerBuffer should ensure we don't exceed MaxCodeBytesPerProcess"); + + if (bytesNeeded() > MaxCodeBytesPerProcess) + setOOM(); } void diff --git a/js/src/jit/ProcessExecutableMemory.cpp b/js/src/jit/ProcessExecutableMemory.cpp index 71c2ab0dc..301541541 100644 --- a/js/src/jit/ProcessExecutableMemory.cpp +++ b/js/src/jit/ProcessExecutableMemory.cpp @@ -385,14 +385,6 @@ class PageBitSet #endif }; -// Limit on the number of bytes of executable memory to prevent JIT spraying -// attacks. -#if JS_BITS_PER_WORD == 32 -static const size_t MaxCodeBytesPerProcess = 128 * 1024 * 1024; -#else -static const size_t MaxCodeBytesPerProcess = 1 * 1024 * 1024 * 1024; -#endif - // Per-process executable memory allocator. It reserves a block of memory of // MaxCodeBytesPerProcess bytes, then allocates/deallocates pages from that. // diff --git a/js/src/jit/ProcessExecutableMemory.h b/js/src/jit/ProcessExecutableMemory.h index 078ce7cb7..a0e2fab98 100644 --- a/js/src/jit/ProcessExecutableMemory.h +++ b/js/src/jit/ProcessExecutableMemory.h @@ -17,6 +17,14 @@ namespace jit { // alignment though. static const size_t ExecutableCodePageSize = 64 * 1024; +// Limit on the number of bytes of executable memory to prevent JIT spraying +// attacks. +#if JS_BITS_PER_WORD == 32 +static const size_t MaxCodeBytesPerProcess = 128 * 1024 * 1024; +#else +static const size_t MaxCodeBytesPerProcess = 1 * 1024 * 1024 * 1024; +#endif + enum class ProtectionSetting { Protected, // Not readable, writable, or executable. Writable, diff --git a/js/src/jit/RegisterSets.h b/js/src/jit/RegisterSets.h index 0a4045dd7..08ae53f16 100644 --- a/js/src/jit/RegisterSets.h +++ b/js/src/jit/RegisterSets.h @@ -226,13 +226,13 @@ class ConstantOrRegister // Space to hold either a Value or a TypedOrValueRegister. union U { - Value constant; + JS::UninitializedValue constant; TypedOrValueRegister reg; } data; - const Value& dataValue() const { + Value dataValue() const { MOZ_ASSERT(constant()); - return data.constant; + return data.constant.asValueRef(); } void setDataValue(const Value& value) { MOZ_ASSERT(constant()); @@ -268,7 +268,7 @@ class ConstantOrRegister return constant_; } - const Value& value() const { + Value value() const { return dataValue(); } diff --git a/js/src/jit/RematerializedFrame.cpp b/js/src/jit/RematerializedFrame.cpp index cb324220c..32fad1267 100644 --- a/js/src/jit/RematerializedFrame.cpp +++ b/js/src/jit/RematerializedFrame.cpp @@ -61,9 +61,17 @@ RematerializedFrame::New(JSContext* cx, uint8_t* top, InlineFrameIterator& iter, { unsigned numFormals = iter.isFunctionFrame() ? iter.calleeTemplate()->nargs() : 0; unsigned argSlots = Max(numFormals, iter.numActualArgs()); - size_t numBytes = sizeof(RematerializedFrame) + - (argSlots + iter.script()->nfixed()) * sizeof(Value) - - sizeof(Value); // 1 Value included in sizeof(RematerializedFrame) + unsigned extraSlots = argSlots + iter.script()->nfixed(); + + // One Value slot is included in sizeof(RematerializedFrame), so we can + // reduce the extra slot count by one. However, if there are zero slot + // allocations total, then reducing the slots by one will lead to + // the memory allocation being smaller than sizeof(RematerializedFrame). + if (extraSlots > 0) + extraSlots -= 1; + + size_t numBytes = sizeof(RematerializedFrame) + (extraSlots * sizeof(Value)); + MOZ_ASSERT(numBytes >= sizeof(RematerializedFrame)); void* buf = cx->pod_calloc<uint8_t>(numBytes); if (!buf) diff --git a/js/src/jit/arm/MacroAssembler-arm.cpp b/js/src/jit/arm/MacroAssembler-arm.cpp index c6e627db6..d40578514 100644 --- a/js/src/jit/arm/MacroAssembler-arm.cpp +++ b/js/src/jit/arm/MacroAssembler-arm.cpp @@ -3286,8 +3286,8 @@ void MacroAssemblerARMCompat::moveValue(const Value& val, Register type, Register data) { ma_mov(Imm32(val.toNunboxTag()), type); - if (val.isMarkable()) - ma_mov(ImmGCPtr(val.toMarkablePointer()), data); + if (val.isGCThing()) + ma_mov(ImmGCPtr(val.toGCThing()), data); else ma_mov(Imm32(val.toNunboxPayload()), data); } @@ -3484,8 +3484,8 @@ MacroAssemblerARMCompat::storePayload(const Value& val, const BaseIndex& dest) ScratchRegisterScope scratch(asMasm()); SecondScratchRegisterScope scratch2(asMasm()); - if (val.isMarkable()) - ma_mov(ImmGCPtr(val.toMarkablePointer()), scratch); + if (val.isGCThing()) + ma_mov(ImmGCPtr(val.toGCThing()), scratch); else ma_mov(Imm32(val.toNunboxPayload()), scratch); @@ -5314,8 +5314,8 @@ MacroAssembler::branchTestValue(Condition cond, const ValueOperand& lhs, // equal, short circuit false (NotEqual). ScratchRegisterScope scratch(*this); - if (rhs.isMarkable()) - ma_cmp(lhs.payloadReg(), ImmGCPtr(rhs.toMarkablePointer()), scratch); + if (rhs.isGCThing()) + ma_cmp(lhs.payloadReg(), ImmGCPtr(rhs.toGCThing()), scratch); else ma_cmp(lhs.payloadReg(), Imm32(rhs.toNunboxPayload()), scratch); ma_cmp(lhs.typeReg(), Imm32(rhs.toNunboxTag()), scratch, Equal); diff --git a/js/src/jit/arm/MacroAssembler-arm.h b/js/src/jit/arm/MacroAssembler-arm.h index c011af3c3..c20a6c3e5 100644 --- a/js/src/jit/arm/MacroAssembler-arm.h +++ b/js/src/jit/arm/MacroAssembler-arm.h @@ -915,8 +915,8 @@ class MacroAssemblerARMCompat : public MacroAssemblerARM ma_mov(Imm32(val.toNunboxTag()), scratch); ma_str(scratch, ToType(dest), scratch2); - if (val.isMarkable()) - ma_mov(ImmGCPtr(val.toMarkablePointer()), scratch); + if (val.isGCThing()) + ma_mov(ImmGCPtr(val.toGCThing()), scratch); else ma_mov(Imm32(val.toNunboxPayload()), scratch); ma_str(scratch, ToPayload(dest), scratch2); @@ -944,15 +944,15 @@ class MacroAssemblerARMCompat : public MacroAssemblerARM // Store the payload, marking if necessary. if (payloadoffset < 4096 && payloadoffset > -4096) { - if (val.isMarkable()) - ma_mov(ImmGCPtr(val.toMarkablePointer()), scratch2); + if (val.isGCThing()) + ma_mov(ImmGCPtr(val.toGCThing()), scratch2); else ma_mov(Imm32(val.toNunboxPayload()), scratch2); ma_str(scratch2, DTRAddr(scratch, DtrOffImm(payloadoffset))); } else { ma_add(Imm32(payloadoffset), scratch, scratch2); - if (val.isMarkable()) - ma_mov(ImmGCPtr(val.toMarkablePointer()), scratch2); + if (val.isGCThing()) + ma_mov(ImmGCPtr(val.toGCThing()), scratch2); else ma_mov(Imm32(val.toNunboxPayload()), scratch2); ma_str(scratch2, DTRAddr(scratch, DtrOffImm(0))); @@ -977,8 +977,8 @@ class MacroAssemblerARMCompat : public MacroAssemblerARM void popValue(ValueOperand val); void pushValue(const Value& val) { push(Imm32(val.toNunboxTag())); - if (val.isMarkable()) - push(ImmGCPtr(val.toMarkablePointer())); + if (val.isGCThing()) + push(ImmGCPtr(val.toGCThing())); else push(Imm32(val.toNunboxPayload())); } diff --git a/js/src/jit/arm64/MacroAssembler-arm64.h b/js/src/jit/arm64/MacroAssembler-arm64.h index b95831443..c21e2fd66 100644 --- a/js/src/jit/arm64/MacroAssembler-arm64.h +++ b/js/src/jit/arm64/MacroAssembler-arm64.h @@ -306,7 +306,7 @@ class MacroAssemblerCompat : public vixl::MacroAssembler void pushValue(const Value& val) { vixl::UseScratchRegisterScope temps(this); const Register scratch = temps.AcquireX().asUnsized(); - if (val.isMarkable()) { + if (val.isGCThing()) { BufferOffset load = movePatchablePtr(ImmPtr(val.bitsAsPunboxPointer()), scratch); writeDataRelocation(val, load); push(scratch); @@ -349,7 +349,7 @@ class MacroAssemblerCompat : public vixl::MacroAssembler } } void moveValue(const Value& val, Register dest) { - if (val.isMarkable()) { + if (val.isGCThing()) { BufferOffset load = movePatchablePtr(ImmPtr(val.bitsAsPunboxPointer()), dest); writeDataRelocation(val, load); } else { @@ -1835,8 +1835,8 @@ class MacroAssemblerCompat : public vixl::MacroAssembler dataRelocations_.writeUnsigned(load.getOffset()); } void writeDataRelocation(const Value& val, BufferOffset load) { - if (val.isMarkable()) { - gc::Cell* cell = val.toMarkablePointer(); + if (val.isGCThing()) { + gc::Cell* cell = val.toGCThing(); if (cell && gc::IsInsideNursery(cell)) embedsNurseryPointers_ = true; dataRelocations_.writeUnsigned(load.getOffset()); diff --git a/js/src/jit/mips32/MacroAssembler-mips32.cpp b/js/src/jit/mips32/MacroAssembler-mips32.cpp index 0d3e55e21..2b2fab92d 100644 --- a/js/src/jit/mips32/MacroAssembler-mips32.cpp +++ b/js/src/jit/mips32/MacroAssembler-mips32.cpp @@ -1527,8 +1527,8 @@ MacroAssemblerMIPSCompat::getType(const Value& val) void MacroAssemblerMIPSCompat::moveData(const Value& val, Register data) { - if (val.isMarkable()) - ma_li(data, ImmGCPtr(val.toMarkablePointer())); + if (val.isGCThing()) + ma_li(data, ImmGCPtr(val.toGCThing())); else ma_li(data, Imm32(val.toNunboxPayload())); } diff --git a/js/src/jit/mips32/MacroAssembler-mips32.h b/js/src/jit/mips32/MacroAssembler-mips32.h index 4c7618d08..adb626bb0 100644 --- a/js/src/jit/mips32/MacroAssembler-mips32.h +++ b/js/src/jit/mips32/MacroAssembler-mips32.h @@ -480,8 +480,8 @@ class MacroAssemblerMIPSCompat : public MacroAssemblerMIPS void popValue(ValueOperand val); void pushValue(const Value& val) { push(Imm32(val.toNunboxTag())); - if (val.isMarkable()) - push(ImmGCPtr(val.toMarkablePointer())); + if (val.isGCThing()) + push(ImmGCPtr(val.toGCThing())); else push(Imm32(val.toNunboxPayload())); } diff --git a/js/src/jit/mips64/MacroAssembler-mips64.cpp b/js/src/jit/mips64/MacroAssembler-mips64.cpp index 329fa83f8..f58184bca 100644 --- a/js/src/jit/mips64/MacroAssembler-mips64.cpp +++ b/js/src/jit/mips64/MacroAssembler-mips64.cpp @@ -1885,7 +1885,7 @@ MacroAssemblerMIPS64Compat::storeValue(JSValueType type, Register reg, Address d void MacroAssemblerMIPS64Compat::storeValue(const Value& val, Address dest) { - if (val.isMarkable()) { + if (val.isGCThing()) { writeDataRelocation(val); movWithPatch(ImmWord(val.asRawBits()), SecondScratchReg); } else { diff --git a/js/src/jit/mips64/MacroAssembler-mips64.h b/js/src/jit/mips64/MacroAssembler-mips64.h index 4cff87236..bfe452974 100644 --- a/js/src/jit/mips64/MacroAssembler-mips64.h +++ b/js/src/jit/mips64/MacroAssembler-mips64.h @@ -221,8 +221,8 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 } void writeDataRelocation(const Value& val) { - if (val.isMarkable()) { - gc::Cell* cell = val.toMarkablePointer(); + if (val.isGCThing()) { + gc::Cell* cell = val.toGCThing(); if (cell && gc::IsInsideNursery(cell)) embedsNurseryPointers_ = true; dataRelocations_.writeUnsigned(currentOffset()); @@ -498,7 +498,7 @@ class MacroAssemblerMIPS64Compat : public MacroAssemblerMIPS64 void pushValue(ValueOperand val); void popValue(ValueOperand val); void pushValue(const Value& val) { - if (val.isMarkable()) { + if (val.isGCThing()) { writeDataRelocation(val); movWithPatch(ImmWord(val.asRawBits()), ScratchRegister); push(ScratchRegister); diff --git a/js/src/jit/shared/IonAssemblerBuffer.h b/js/src/jit/shared/IonAssemblerBuffer.h index cc20e26d2..3a6552696 100644 --- a/js/src/jit/shared/IonAssemblerBuffer.h +++ b/js/src/jit/shared/IonAssemblerBuffer.h @@ -181,6 +181,10 @@ class AssemblerBuffer protected: virtual Slice* newSlice(LifoAlloc& a) { + if (size() > MaxCodeBytesPerProcess - sizeof(Slice)) { + fail_oom(); + return nullptr; + } Slice* tmp = static_cast<Slice*>(a.alloc(sizeof(Slice))); if (!tmp) { fail_oom(); diff --git a/js/src/jit/x64/MacroAssembler-x64.h b/js/src/jit/x64/MacroAssembler-x64.h index cb81bd7c1..be450767b 100644 --- a/js/src/jit/x64/MacroAssembler-x64.h +++ b/js/src/jit/x64/MacroAssembler-x64.h @@ -58,8 +58,8 @@ class MacroAssemblerX64 : public MacroAssemblerX86Shared // X64 helpers. ///////////////////////////////////////////////////////////////// void writeDataRelocation(const Value& val) { - if (val.isMarkable()) { - gc::Cell* cell = val.toMarkablePointer(); + if (val.isGCThing()) { + gc::Cell* cell = val.toGCThing(); if (cell && gc::IsInsideNursery(cell)) embedsNurseryPointers_ = true; dataRelocations_.writeUnsigned(masm.currentOffset()); @@ -132,7 +132,7 @@ class MacroAssemblerX64 : public MacroAssemblerX86Shared template <typename T> void storeValue(const Value& val, const T& dest) { ScratchRegisterScope scratch(asMasm()); - if (val.isMarkable()) { + if (val.isGCThing()) { movWithPatch(ImmWord(val.asRawBits()), scratch); writeDataRelocation(val); } else { @@ -171,7 +171,7 @@ class MacroAssemblerX64 : public MacroAssemblerX86Shared pop(val.valueReg()); } void pushValue(const Value& val) { - if (val.isMarkable()) { + if (val.isGCThing()) { ScratchRegisterScope scratch(asMasm()); movWithPatch(ImmWord(val.asRawBits()), scratch); writeDataRelocation(val); diff --git a/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h b/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h index 8cb557784..fe678fc7d 100644 --- a/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h +++ b/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h @@ -68,6 +68,33 @@ namespace js { namespace jit { + // AllocPolicy for AssemblerBuffer. OOMs when trying to allocate more than + // MaxCodeBytesPerProcess bytes. Use private inheritance to make sure we + // explicitly have to expose SystemAllocPolicy methods. + class AssemblerBufferAllocPolicy : private SystemAllocPolicy + { + public: + using SystemAllocPolicy::checkSimulatedOOM; + using SystemAllocPolicy::reportAllocOverflow; + using SystemAllocPolicy::free_; + + template <typename T> T* pod_realloc(T* p, size_t oldSize, size_t newSize) { + static_assert(sizeof(T) == 1, + "AssemblerBufferAllocPolicy should only be used with byte vectors"); + MOZ_ASSERT(oldSize <= MaxCodeBytesPerProcess); + if (MOZ_UNLIKELY(newSize > MaxCodeBytesPerProcess)) + return nullptr; + return SystemAllocPolicy::pod_realloc<T>(p, oldSize, newSize); + } + template <typename T> T* pod_malloc(size_t numElems) { + static_assert(sizeof(T) == 1, + "AssemblerBufferAllocPolicy should only be used with byte vectors"); + if (MOZ_UNLIKELY(numElems > MaxCodeBytesPerProcess)) + return nullptr; + return SystemAllocPolicy::pod_malloc<T>(numElems); + } + }; + class AssemblerBuffer { template<size_t size, typename T> @@ -93,6 +120,9 @@ namespace jit { void ensureSpace(size_t space) { + // This should only be called with small |space| values to ensure + // we don't overflow below. + MOZ_ASSERT(space <= 16); if (MOZ_UNLIKELY(!m_buffer.reserve(m_buffer.length() + space))) oomDetected(); } @@ -168,7 +198,7 @@ namespace jit { m_buffer.clear(); } - PageProtectingVector<unsigned char, 256, SystemAllocPolicy> m_buffer; + PageProtectingVector<unsigned char, 256, AssemblerBufferAllocPolicy> m_buffer; bool m_oom; }; diff --git a/js/src/jit/x86/MacroAssembler-x86.cpp b/js/src/jit/x86/MacroAssembler-x86.cpp index 754b29c2d..dc97b5b5b 100644 --- a/js/src/jit/x86/MacroAssembler-x86.cpp +++ b/js/src/jit/x86/MacroAssembler-x86.cpp @@ -499,8 +499,8 @@ MacroAssembler::branchTestValue(Condition cond, const ValueOperand& lhs, const Value& rhs, Label* label) { MOZ_ASSERT(cond == Equal || cond == NotEqual); - if (rhs.isMarkable()) - cmpPtr(lhs.payloadReg(), ImmGCPtr(rhs.toMarkablePointer())); + if (rhs.isGCThing()) + cmpPtr(lhs.payloadReg(), ImmGCPtr(rhs.toGCThing())); else cmpPtr(lhs.payloadReg(), ImmWord(rhs.toNunboxPayload())); diff --git a/js/src/jit/x86/MacroAssembler-x86.h b/js/src/jit/x86/MacroAssembler-x86.h index 21cd63a0c..2b2507c77 100644 --- a/js/src/jit/x86/MacroAssembler-x86.h +++ b/js/src/jit/x86/MacroAssembler-x86.h @@ -94,8 +94,8 @@ class MacroAssemblerX86 : public MacroAssemblerX86Shared } void moveValue(const Value& val, Register type, Register data) { movl(Imm32(val.toNunboxTag()), type); - if (val.isMarkable()) - movl(ImmGCPtr(val.toMarkablePointer()), data); + if (val.isGCThing()) + movl(ImmGCPtr(val.toGCThing()), data); else movl(Imm32(val.toNunboxPayload()), data); } @@ -213,8 +213,8 @@ class MacroAssemblerX86 : public MacroAssemblerX86Shared } void pushValue(const Value& val) { push(Imm32(val.toNunboxTag())); - if (val.isMarkable()) - push(ImmGCPtr(val.toMarkablePointer())); + if (val.isGCThing()) + push(ImmGCPtr(val.toGCThing())); else push(Imm32(val.toNunboxPayload())); } @@ -235,8 +235,8 @@ class MacroAssemblerX86 : public MacroAssemblerX86Shared pop(dest.high); } void storePayload(const Value& val, Operand dest) { - if (val.isMarkable()) - movl(ImmGCPtr(val.toMarkablePointer()), ToPayload(dest)); + if (val.isGCThing()) + movl(ImmGCPtr(val.toGCThing()), ToPayload(dest)); else movl(Imm32(val.toNunboxPayload()), ToPayload(dest)); } |