mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out 2 changesets (bug 1892764) for causing multiple perma failures. CLOSED TREE 

Backed out changeset a9cb81e8f486 (bug 1892764)
Backed out changeset d60c63179d2a (bug 1892764)
This commit is contained in:
Sandor Molnar 2024-10-08 02:23:14 +03:00
Родитель 7c7396a75b
Коммит 5ebdafe551
31 изменённых файлов: 40 добавлений и 382 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
dom/bindings/BindingUtils.h
Просмотреть файл

@ -12,7 +12,6 @@
#include "jsfriendapi.h"
#include "js/CharacterEncoding.h"
#include "js/Conversions.h"
#include "js/experimental/BindingAllocs.h"
#include "js/experimental/JitInfo.h" // JSJitGetterOp, JSJitInfo
#include "js/friend/WindowProxy.h" // js::IsWindow, js::IsWindowProxy, js::ToWindowProxyIfWindow
#include "js/MemoryFunctions.h"
@ -2814,8 +2813,7 @@ class MOZ_STACK_CLASS BindingJSObjectCreator {
void CreateObject(JSContext* aCx, const JSClass* aClass,
JS::Handle<JSObject*> aProto, T* aNative,
JS::MutableHandle<JSObject*> aReflector) {
aReflector.set(
JS_NewObjectWithGivenProtoAndUseAllocSite(aCx, aClass, aProto));
aReflector.set(JS_NewObjectWithGivenProto(aCx, aClass, aProto));
if (aReflector) {
JS::SetReservedSlot(aReflector, DOM_OBJECT_SLOT,
JS::PrivateValue(aNative));

31
js/public/experimental/BindingAllocs.h
Просмотреть файл

@ -1,31 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* Special allocation functions for DOM binding code.
*
*/
#ifndef js_experimental_BindingAllocs_h
#define js_experimental_BindingAllocs_h
#include "jstypes.h"
/**
* Unlike JS_NewObject, JS_NewObjectWithGivenProtoAndUseAllocSite does not
* compute a default proto. If proto is nullptr, the JS object will have `null`
* as [[Prototype]].
*
* If the JIT code has set an allocation site, this allocation will consume that
* allocation site. This only happens for DOM calls with Object return type.
*
* Must be called with a non-null clasp.
*
*/
extern JS_PUBLIC_API JSObject* JS_NewObjectWithGivenProtoAndUseAllocSite(
JSContext* cx, const JSClass* clasp, JS::Handle<JSObject*> proto);
#endif // js_experimental_BindingAllocs_h

30
js/src/gc/Pretenuring.h
Просмотреть файл

@ -61,8 +61,7 @@ class AllocSite {
Normal = 0,
Unknown = 1,
Optimized = 2,
Missing = 3,
Tenuring = 4,
Missing = 3
};
enum class State : uint32_t { ShortLived = 0, Unknown = 1, LongLived = 2 };
@ -92,10 +91,10 @@ class AllocSite {
// Note that the offset does not need to correspond with the script stored in
// this AllocSite, because if we're doing trial-inlining, the script will be
// the outer script and the pc offset can be in an inlined script.
uint32_t pcOffset_ : 29;
static constexpr uint32_t InvalidPCOffset = Bit(29) - 1;
uint32_t pcOffset_ : 30;
static constexpr uint32_t InvalidPCOffset = Bit(30) - 1;
uint32_t kind_ : 3;
uint32_t kind_ : 2;
// Number of nursery allocations at this site since it was last processed by
// processSite().
@ -166,12 +165,6 @@ class AllocSite {
kind_ = uint32_t(Kind::Optimized);
}
void initTenuringSite(JS::Zone* zone) {
assertUninitialized();
zone_ = zone;
kind_ = uint32_t(Kind::Tenuring);
}
// Initialize a site to be a wasm site.
void initWasm(JS::Zone* zone) {
assertUninitialized();
@ -219,7 +212,6 @@ class AllocSite {
bool isUnknown() const { return kind() == Kind::Unknown; }
bool isOptimized() const { return kind() == Kind::Optimized; }
bool isMissing() const { return kind() == Kind::Missing; }
bool isTenuring() const { return kind() == Kind::Tenuring; }
Kind kind() const {
MOZ_ASSERT((Kind(kind_) == Kind::Normal || Kind(kind_) == Kind::Missing) ==
@ -232,13 +224,10 @@ class AllocSite {
// Whether allocations at this site should be allocated in the nursery or the
// tenured heap.
Heap initialHeap() const {
if (isNormal()) {
return state() == State::LongLived ? Heap::Tenured : Heap::Default;
if (!isNormal()) {
return Heap::Default;
}
if (isTenuring()) {
return Heap::Tenured;
}
return Heap::Default;
return state() == State::LongLived ? Heap::Tenured : Heap::Default;
}
bool hasNurseryAllocations() const {
@ -326,10 +315,6 @@ class PretenuringZone {
// not recorded by optimized JIT code.
AllocSite optimizedAllocSite;
// Alloc Site which always tenure allocates. Used to avoid type punning
// when JIT-compiling for the Realm local allocation site.
AllocSite tenuringAllocSite;
// Allocation sites used for nursery cells promoted to the next nursery
// generation that didn't come from optimized alloc sites.
AllocSite promotedAllocSites[NurseryTraceKinds];
@ -359,7 +344,6 @@ class PretenuringZone {
promotedAllocSites[i].initUnknownSite(zone, JS::TraceKind(i));
}
optimizedAllocSite.initOptimizedSite(zone);
tenuringAllocSite.initTenuringSite(zone);
}
AllocSite& unknownAllocSite(JS::TraceKind kind) {

3
js/src/gc/Zone.h
Просмотреть файл

@ -868,9 +868,6 @@ class Zone : public js::ZoneAllocator, public js::gc::GraphNodeBase<JS::Zone> {
js::gc::AllocSite* optimizedAllocSite() {
return &pretenuring.optimizedAllocSite;
}
js::gc::AllocSite* tenuringAllocSite() {
return &pretenuring.tenuringAllocSite;
}
uint32_t nurseryAllocCount(JS::TraceKind kind) const {
return pretenuring.nurseryAllocCount(kind);
}

4
js/src/jit-test/tests/gc/pretenured-operations.js
Просмотреть файл

@ -38,7 +38,3 @@ check(() => { return Array(); });
check(() => { return Array(100); });
check(() => { return new Array(); });
check(() => { return new Array(100); });
// DOM Allocations
let fdo = new FakeDOMObject();
check(() => { return fdo.doBar(); })

42
js/src/jit/BaselineCacheIRCompiler.cpp
Просмотреть файл

@ -3221,7 +3221,7 @@ void BaselineCacheIRCompiler::pushBoundFunctionArguments(
bool BaselineCacheIRCompiler::emitCallNativeShared(
NativeCallType callType, ObjOperandId calleeId, Int32OperandId argcId,
CallFlags flags, uint32_t argcFixed, Maybe<bool> ignoresReturnValue,
Maybe<uint32_t> targetOffset, ClearLocalAllocSite clearLocalAllocSite) {
Maybe<uint32_t> targetOffset) {
AutoOutputRegister output(*this);
AutoScratchRegisterMaybeOutput scratch(allocator, masm, output);
AutoScratchRegister scratch2(allocator, masm);
@ -3319,24 +3319,9 @@ bool BaselineCacheIRCompiler::emitCallNativeShared(
masm.switchToBaselineFrameRealm(scratch2);
}
// We will also unilaterally clear this on exception handling.
if (clearLocalAllocSite == ClearLocalAllocSite::Yes) {
masm.storeLocalAllocSite(ImmPtr(nullptr), scratch2);
}
return true;
}
void BaselineCacheIRCompiler::loadAllocSiteIntoContext(uint32_t siteOffset) {
AutoScratchRegister scratch(allocator, masm);
AutoScratchRegister site(allocator, masm);
StubFieldOffset siteField(siteOffset, StubField::Type::AllocSite);
emitLoadStubField(siteField, site);
masm.storeLocalAllocSite(site.get(), scratch);
}
#ifdef JS_SIMULATOR
bool BaselineCacheIRCompiler::emitCallNativeFunction(ObjOperandId calleeId,
Int32OperandId argcId,
@ -3359,19 +3344,6 @@ bool BaselineCacheIRCompiler::emitCallDOMFunction(
return emitCallNativeShared(NativeCallType::Native, calleeId, argcId, flags,
argcFixed, ignoresReturnValue, targetOffset_);
}
bool BaselineCacheIRCompiler::emitCallDOMFunctionWithAllocSite(
ObjOperandId calleeId, Int32OperandId argcId, ObjOperandId thisObjId,
CallFlags flags, uint32_t argcFixed, uint32_t siteOffset,
uint32_t targetOffset) {
JitSpew(JitSpew_Codegen, "%s", __FUNCTION__);
loadAllocSiteIntoContext(siteOffset);
Maybe<bool> ignoresReturnValue;
Maybe<uint32_t> targetOffset_ = mozilla::Some(targetOffset);
return emitCallNativeShared(NativeCallType::Native, calleeId, argcId, flags,
argcFixed, ignoresReturnValue, targetOffset_,
ClearLocalAllocSite::Yes);
}
#else
bool BaselineCacheIRCompiler::emitCallNativeFunction(ObjOperandId calleeId,
Int32OperandId argcId,
@ -3396,18 +3368,6 @@ bool BaselineCacheIRCompiler::emitCallDOMFunction(ObjOperandId calleeId,
return emitCallNativeShared(NativeCallType::Native, calleeId, argcId, flags,
argcFixed, ignoresReturnValue, targetOffset);
}
bool BaselineCacheIRCompiler::emitCallDOMFunctionWithAllocSite(
ObjOperandId calleeId, Int32OperandId argcId, ObjOperandId thisObjId,
CallFlags flags, uint32_t argcFixed, uint32_t siteOffset) {
JitSpew(JitSpew_Codegen, "%s", __FUNCTION__);
loadAllocSiteIntoContext(siteOffset);
Maybe<bool> ignoresReturnValue = mozilla::Some(false);
Maybe<uint32_t> targetOffset;
return emitCallNativeShared(NativeCallType::Native, calleeId, argcId, flags,
argcFixed, ignoresReturnValue, targetOffset,
ClearLocalAllocSite::Yes);
}
#endif
bool BaselineCacheIRCompiler::emitCallClassHook(ObjOperandId calleeId,

13
js/src/jit/BaselineCacheIRCompiler.h
Просмотреть файл

@ -99,14 +99,11 @@ class MOZ_RAII BaselineCacheIRCompiler : public CacheIRCompiler {
void updateReturnValue();
enum class NativeCallType { Native, ClassHook };
enum class ClearLocalAllocSite { No, Yes };
bool emitCallNativeShared(
NativeCallType callType, ObjOperandId calleeId, Int32OperandId argcId,
CallFlags flags, uint32_t argcFixed,
mozilla::Maybe<bool> ignoresReturnValue,
mozilla::Maybe<uint32_t> targetOffset,
ClearLocalAllocSite clearLocalAllocSite = ClearLocalAllocSite::No);
void loadAllocSiteIntoContext(uint32_t siteOffset);
bool emitCallNativeShared(NativeCallType callType, ObjOperandId calleeId,
Int32OperandId argcId, CallFlags flags,
uint32_t argcFixed,
mozilla::Maybe<bool> ignoresReturnValue,
mozilla::Maybe<uint32_t> targetOffset);
enum class StringCode { CodeUnit, CodePoint };
bool emitStringFromCodeResult(Int32OperandId codeId, StringCode stringCode);

20
js/src/jit/CacheIR.cpp
Просмотреть файл

@ -12374,15 +12374,6 @@ AttachDecision CallIRGenerator::tryAttachCallNative(HandleFunction calleeFunc) {
mode_)) {
MOZ_ASSERT(!isConstructing, "DOM functions are not constructors");
gc::AllocSite* allocSite = nullptr;
if (calleeFunc->jitInfo()->returnType() == JSVAL_TYPE_OBJECT &&
JS::Prefs::dom_alloc_site()) {
allocSite = maybeCreateAllocSite();
if (!allocSite) {
return AttachDecision::NoAction;
}
}
// Guard that |this| is an object.
ValOperandId thisValId =
writer.loadArgumentDynamicSlot(ArgumentKind::This, argcId, flags);
@ -12394,15 +12385,8 @@ AttachDecision CallIRGenerator::tryAttachCallNative(HandleFunction calleeFunc) {
// Ensure callee matches this stub's callee
writer.guardSpecificFunction(calleeObjId, calleeFunc);
if (allocSite) {
writer.callDOMFunctionWithAllocSite(calleeObjId, argcId, thisObjId,
calleeFunc, flags,
ClampFixedArgc(argc_), allocSite);
} else {
writer.callDOMFunction(calleeObjId, argcId, thisObjId, calleeFunc, flags,
ClampFixedArgc(argc_));
}
writer.callDOMFunction(calleeObjId, argcId, thisObjId, calleeFunc, flags,
ClampFixedArgc(argc_));
trackAttached("Call.CallDOM");
} else if (isSpecialized) {

3
js/src/jit/CacheIRGenerator.h
Просмотреть файл

@ -961,8 +961,7 @@ inline bool BytecodeCallOpCanHaveInlinableNative(JSOp op) {
inline bool BytecodeOpCanHaveAllocSite(JSOp op) {
return BytecodeCallOpCanHaveInlinableNative(op) || op == JSOp::NewArray ||
op == JSOp::NewObject || op == JSOp::NewInit || op == JSOp::CallIter ||
op == JSOp::CallContentIter;
op == JSOp::NewObject || op == JSOp::NewInit;
}
class MOZ_RAII CloseIterIRGenerator : public IRGenerator {

16
js/src/jit/CacheIROps.yaml
Просмотреть файл

@ -2043,22 +2043,6 @@
target: RawPointerField
#endif
- name: CallDOMFunctionWithAllocSite
shared: false
transpile: true
cost_estimate: 4
custom_writer: true
args:
callee: ObjId
argc: Int32Id
thisObj: ObjId
flags: CallFlagsImm
argcFixed: UInt32Imm
site: AllocSiteField
#ifdef JS_SIMULATOR
target: RawPointerField
#endif
- name: CallClassHook
shared: false
transpile: true

16
js/src/jit/CacheIRWriter.h
Просмотреть файл

@ -570,22 +570,6 @@ class MOZ_RAII CacheIRWriter : public JS::CustomAutoRooter {
#endif
}
void callDOMFunctionWithAllocSite(ObjOperandId calleeId, Int32OperandId argc,
ObjOperandId thisObjId,
JSFunction* calleeFunc, CallFlags flags,
uint32_t argcFixed,
gc::AllocSite* allocSite) {
#ifdef JS_SIMULATOR
void* rawPtr = JS_FUNC_TO_DATA_PTR(void*, calleeFunc->native());
void* redirected = Simulator::RedirectNativeFunction(rawPtr, Args_General3);
callDOMFunctionWithAllocSite_(calleeId, argc, thisObjId, flags, argcFixed,
allocSite, redirected);
#else
callDOMFunctionWithAllocSite_(calleeId, argc, thisObjId, flags, argcFixed,
allocSite);
#endif
}
void callAnyNativeFunction(ObjOperandId calleeId, Int32OperandId argc,
CallFlags flags, uint32_t argcFixed) {
MOZ_ASSERT(!flags.isSameRealm());

14
js/src/jit/CodeGenerator.cpp
Просмотреть файл

@ -6127,16 +6127,8 @@ void CodeGenerator::visitCallDOMNative(LCallDOMNative* call) {
masm.switchToObjectRealm(argJSContext, argJSContext);
}
bool preTenureWrapperAllocation =
call->mir()->to<MCallDOMNative>()->initialHeap() == gc::Heap::Tenured;
if (preTenureWrapperAllocation) {
auto ptr = ImmPtr(mirGen().realm->zone()->tenuringAllocSite());
masm.storeLocalAllocSite(ptr, argJSContext);
}
// Construct native exit frame.
uint32_t safepointOffset = masm.buildFakeExitFrame(argJSContext);
masm.loadJSContext(argJSContext);
masm.enterFakeExitFrame(argJSContext, argJSContext,
ExitFrameType::IonDOMMethod);
@ -6177,12 +6169,6 @@ void CodeGenerator::visitCallDOMNative(LCallDOMNative* call) {
masm.switchToRealm(gen->realm->realmPtr(), ReturnReg);
}
// Wipe out the preTenuring bit from the local alloc site
// On exception we handle this in C++
if (preTenureWrapperAllocation) {
masm.storeLocalAllocSite(ImmPtr(nullptr), argJSContext);
}
// Until C++ code is instrumented against Spectre, prevent speculative
// execution from returning any private data.
if (JitOptions.spectreJitToCxxCalls && call->mir()->hasLiveDefUses()) {

4
js/src/jit/CompileWrappers.cpp
Просмотреть файл

@ -185,10 +185,6 @@ gc::AllocSite* CompileZone::catchAllAllocSite(JS::TraceKind traceKind,
return zone()->unknownAllocSite(traceKind);
}
gc::AllocSite* CompileZone::tenuringAllocSite() {
return zone()->tenuringAllocSite();
}
JS::Realm* CompileRealm::realm() { return reinterpret_cast<JS::Realm*>(this); }
/* static */

1
js/src/jit/CompileWrappers.h
Просмотреть файл

@ -128,7 +128,6 @@ class CompileZone {
gc::AllocSite* catchAllAllocSite(JS::TraceKind traceKind,
gc::CatchAllAllocSite siteKind);
gc::AllocSite* tenuringAllocSite();
bool hasRealmWithAllocMetadataBuilder();
};

13
js/src/jit/IonCacheIRCompiler.cpp
Просмотреть файл

@ -2149,13 +2149,6 @@ bool IonCacheIRCompiler::emitCallDOMFunction(
CallFlags flags, uint32_t argcFixed, uint32_t targetOffset) {
MOZ_CRASH("Call ICs not used in ion");
}
bool IonCacheIRCompiler::emitCallDOMFunctionWithAllocSite(
ObjOperandId calleeId, Int32OperandId argcId, ObjOperandId thisObjId,
CallFlags flags, uint32_t argcFixed, uint32_t siteOffset,
uint32_t targetOffset) {
MOZ_CRASH("Call ICs not used in ion");
}
#else
bool IonCacheIRCompiler::emitCallNativeFunction(ObjOperandId calleeId,
Int32OperandId argcId,
@ -2172,12 +2165,6 @@ bool IonCacheIRCompiler::emitCallDOMFunction(ObjOperandId calleeId,
uint32_t argcFixed) {
MOZ_CRASH("Call ICs not used in ion");
}
bool IonCacheIRCompiler::emitCallDOMFunctionWithAllocSite(
ObjOperandId calleeId, Int32OperandId argcId, ObjOperandId thisObjId,
CallFlags flags, uint32_t argcFixed, uint32_t siteOffset) {
MOZ_CRASH("Call ICs not used in ion");
}
#endif
bool IonCacheIRCompiler::emitCallClassHook(ObjOperandId calleeId,

1
js/src/jit/JitFrames.cpp
Просмотреть файл

@ -691,7 +691,6 @@ static JitFrameLayout* GetLastProfilingFrame(ResumeFromException* rfe) {
void HandleException(ResumeFromException* rfe) {
JSContext* cx = TlsContext.get();
cx->realm()->localAllocSite = nullptr;
#ifdef DEBUG
if (!IsPortableBaselineInterpreterEnabled()) {
cx->runtime()->jitRuntime()->clearDisallowArbitraryCode();

8
js/src/jit/MIR.cpp
Просмотреть файл

@ -1676,17 +1676,13 @@ WrappedFunction::WrappedFunction(JSFunction* nativeFun, uint16_t nargs,
MCall* MCall::New(TempAllocator& alloc, WrappedFunction* target, size_t maxArgc,
size_t numActualArgs, bool construct, bool ignoresReturnValue,
bool isDOMCall, mozilla::Maybe<DOMObjectKind> objectKind,
mozilla::Maybe<gc::Heap> initialHeap) {
bool isDOMCall, mozilla::Maybe<DOMObjectKind> objectKind) {
MOZ_ASSERT(isDOMCall == objectKind.isSome());
MOZ_ASSERT(isDOMCall == initialHeap.isSome());
MOZ_ASSERT(maxArgc >= numActualArgs);
MCall* ins;
if (isDOMCall) {
MOZ_ASSERT(!construct);
ins = new (alloc)
MCallDOMNative(target, numActualArgs, *objectKind, *initialHeap);
ins = new (alloc) MCallDOMNative(target, numActualArgs, *objectKind);
} else {
ins =
new (alloc) MCall(target, numActualArgs, construct, ignoresReturnValue);

17
js/src/jit/MIR.h
Просмотреть файл

@ -2344,8 +2344,7 @@ class MCall : public MCallBase {
static MCall* New(TempAllocator& alloc, WrappedFunction* target,
size_t maxArgc, size_t numActualArgs, bool construct,
bool ignoresReturnValue, bool isDOMCall,
mozilla::Maybe<DOMObjectKind> objectKind,
mozilla::Maybe<gc::Heap> initialHeap);
mozilla::Maybe<DOMObjectKind> objectKind);
bool needsClassCheck() const { return needsClassCheck_; }
void disableClassCheck() { needsClassCheck_ = false; }
@ -2388,14 +2387,9 @@ class MCallDOMNative : public MCall {
DOMObjectKind objectKind_;
// Allow wrapper pre-tenuring
gc::Heap initialHeap_ = gc::Heap::Default;
MCallDOMNative(WrappedFunction* target, uint32_t numActualArgs,
DOMObjectKind objectKind, gc::Heap initialHeap)
: MCall(target, numActualArgs, false, false),
objectKind_(objectKind),
initialHeap_(initialHeap) {
DOMObjectKind objectKind)
: MCall(target, numActualArgs, false, false), objectKind_(objectKind) {
MOZ_ASSERT(getJitInfo()->type() != JSJitInfo::InlinableNative);
// If our jitinfo is not marked eliminatable, that means that our C++
@ -2412,8 +2406,7 @@ class MCallDOMNative : public MCall {
friend MCall* MCall::New(TempAllocator& alloc, WrappedFunction* target,
size_t maxArgc, size_t numActualArgs, bool construct,
bool ignoresReturnValue, bool isDOMCall,
mozilla::Maybe<DOMObjectKind> objectKind,
mozilla::Maybe<gc::Heap> initalHeap);
mozilla::Maybe<DOMObjectKind> objectKind);
const JSJitInfo* getJitInfo() const;
@ -2427,8 +2420,6 @@ class MCallDOMNative : public MCall {
virtual bool isCallDOMNative() const override { return true; }
virtual void computeMovable() override;
gc::Heap initialHeap() { return initialHeap_; }
};
// Used to invoke a JSClass call/construct hook.

10
js/src/jit/MacroAssembler.cpp
Просмотреть файл

@ -2650,16 +2650,6 @@ void MacroAssembler::switchToWasmInstanceRealm(Register scratch1,
storePtr(scratch2, Address(scratch1, JSContext::offsetOfRealm()));
}
template <typename ValueType>
void MacroAssembler::storeLocalAllocSite(ValueType value, Register scratch) {
loadPtr(AbsoluteAddress(ContextRealmPtr(runtime())), scratch);
storePtr(value, Address(scratch, JS::Realm::offsetOfLocalAllocSite()));
}
template void MacroAssembler::storeLocalAllocSite(Register, Register);
template void MacroAssembler::storeLocalAllocSite(ImmWord, Register);
template void MacroAssembler::storeLocalAllocSite(ImmPtr, Register);
void MacroAssembler::debugAssertContextRealm(const void* realm,
Register scratch) {
#ifdef DEBUG

3
js/src/jit/MacroAssembler.h
Просмотреть файл

@ -5153,9 +5153,6 @@ class MacroAssembler : public MacroAssemblerSpecific {
void switchToWasmInstanceRealm(Register scratch1, Register scratch2);
void debugAssertContextRealm(const void* realm, Register scratch);
template <typename ValueType>
void storeLocalAllocSite(ValueType value, Register scratch);
void loadJitActivation(Register dest);
void guardSpecificAtom(Register str, JSAtom* atom, Register scratch,

5
js/src/jit/WarpBuilderShared.cpp
Просмотреть файл

@ -80,14 +80,13 @@ MDefinition* WarpBuilderShared::unboxObjectInfallible(MDefinition* def,
}
MCall* WarpBuilderShared::makeCall(CallInfo& callInfo, bool needsThisCheck,
WrappedFunction* target, bool isDOMCall,
gc::Heap initialHeap) {
WrappedFunction* target, bool isDOMCall) {
auto addUndefined = [this]() -> MConstant* {
return constant(UndefinedValue());
};
return MakeCall(alloc(), addUndefined, callInfo, needsThisCheck, target,
isDOMCall, initialHeap);
isDOMCall);
}
MInstruction* WarpBuilderShared::makeSpreadCall(CallInfo& callInfo,

11
js/src/jit/WarpBuilderShared.h
Просмотреть файл

@ -320,14 +320,12 @@ class MOZ_STACK_CLASS CallInfo {
template <typename Undef>
MCall* MakeCall(TempAllocator& alloc, Undef addUndefined, CallInfo& callInfo,
bool needsThisCheck, WrappedFunction* target, bool isDOMCall,
gc::Heap initialHeap = gc::Heap::Default) {
bool needsThisCheck, WrappedFunction* target, bool isDOMCall) {
MOZ_ASSERT(callInfo.argFormat() == CallInfo::ArgFormat::Standard);
MOZ_ASSERT_IF(needsThisCheck, !target);
MOZ_ASSERT_IF(isDOMCall, target->jitInfo()->type() == JSJitInfo::Method);
mozilla::Maybe<DOMObjectKind> objKind;
mozilla::Maybe<gc::Heap> heap;
if (isDOMCall) {
const Shape* shape = callInfo.thisArg()->toGuardShape()->shape();
MOZ_ASSERT(shape->getObjectClass()->isDOMClass());
@ -337,8 +335,6 @@ MCall* MakeCall(TempAllocator& alloc, Undef addUndefined, CallInfo& callInfo,
MOZ_ASSERT(shape->isProxy());
objKind.emplace(DOMObjectKind::Proxy);
}
heap.emplace(initialHeap);
}
uint32_t targetArgs = callInfo.argc();
@ -352,7 +348,7 @@ MCall* MakeCall(TempAllocator& alloc, Undef addUndefined, CallInfo& callInfo,
MCall* call =
MCall::New(alloc, target, targetArgs + 1 + callInfo.constructing(),
callInfo.argc(), callInfo.constructing(),
callInfo.ignoresReturnValue(), isDOMCall, objKind, heap);
callInfo.ignoresReturnValue(), isDOMCall, objKind);
if (!call) {
return nullptr;
}
@ -432,8 +428,7 @@ class WarpBuilderShared {
IsMovable movable = IsMovable::No);
MCall* makeCall(CallInfo& callInfo, bool needsThisCheck,
WrappedFunction* target = nullptr, bool isDOMCall = false,
gc::Heap initialHeap = gc::Heap::Default);
WrappedFunction* target = nullptr, bool isDOMCall = false);
MInstruction* makeSpreadCall(CallInfo& callInfo, bool needsThisCheck,
bool isSameRealm = false,
WrappedFunction* target = nullptr);

37
js/src/jit/WarpCacheIRTranspiler.cpp
Просмотреть файл

@ -285,10 +285,10 @@ class MOZ_RAII WarpCacheIRTranspiler : public WarpBuilderShared {
[[nodiscard]] bool updateCallInfo(MDefinition* callee, CallFlags flags);
[[nodiscard]] bool emitCallFunction(
ObjOperandId calleeId, Int32OperandId argcId,
mozilla::Maybe<ObjOperandId> thisObjId, CallFlags flags, CallKind kind,
mozilla::Maybe<uint32_t> siteOffset = mozilla::Nothing());
[[nodiscard]] bool emitCallFunction(ObjOperandId calleeId,
Int32OperandId argcId,
mozilla::Maybe<ObjOperandId> thisObjId,
CallFlags flags, CallKind kind);
[[nodiscard]] bool emitFunApplyArgsObj(WrappedFunction* wrappedTarget,
CallFlags flags);
@ -5816,8 +5816,7 @@ bool WarpCacheIRTranspiler::maybeCreateThis(MDefinition* callee,
bool WarpCacheIRTranspiler::emitCallFunction(
ObjOperandId calleeId, Int32OperandId argcId,
mozilla::Maybe<ObjOperandId> thisObjId, CallFlags flags, CallKind kind,
mozilla::Maybe<uint32_t> siteOffset) {
mozilla::Maybe<ObjOperandId> thisObjId, CallFlags flags, CallKind kind) {
MDefinition* callee = getOperand(calleeId);
if (kind == CallKind::Scripted && callInfo_ && callInfo_->isInlined()) {
// We are transpiling to generate the correct guards. We also
@ -5886,14 +5885,8 @@ bool WarpCacheIRTranspiler::emitCallFunction(
switch (callInfo_->argFormat()) {
case CallInfo::ArgFormat::Standard: {
gc::Heap initialHeap = gc::Heap::Default;
if (siteOffset) {
MOZ_ASSERT(kind == CallKind::DOM);
MOZ_ASSERT(readStubWord(*siteOffset) <= (uintptr_t)(gc::Heap::Tenured));
initialHeap = static_cast<gc::Heap>(readStubWord(*siteOffset));
}
MCall* call = makeCall(*callInfo_, needsThisCheck, wrappedTarget,
kind == CallKind::DOM, initialHeap);
kind == CallKind::DOM);
if (!call) {
return false;
}
@ -5974,13 +5967,6 @@ bool WarpCacheIRTranspiler::emitCallDOMFunction(ObjOperandId calleeId,
return emitCallFunction(calleeId, argcId, mozilla::Some(thisObjId), flags,
CallKind::DOM);
}
bool WarpCacheIRTranspiler::emitCallDOMFunctionWithAllocSite(
ObjOperandId calleeId, Int32OperandId argcId, ObjOperandId thisObjId,
CallFlags flags, uint32_t argcFixed, uint32_t siteOffset) {
return emitCallFunction(calleeId, argcId, mozilla::Some(thisObjId), flags,
CallKind::DOM, mozilla::Some(siteOffset));
}
#else
bool WarpCacheIRTranspiler::emitCallNativeFunction(ObjOperandId calleeId,
Int32OperandId argcId,
@ -5997,14 +5983,6 @@ bool WarpCacheIRTranspiler::emitCallDOMFunction(
return emitCallFunction(calleeId, argcId, mozilla::Some(thisObjId), flags,
CallKind::DOM);
}
bool WarpCacheIRTranspiler::emitCallDOMFunctionWithAllocSite(
ObjOperandId calleeId, Int32OperandId argcId, ObjOperandId thisObjId,
CallFlags flags, uint32_t argcFixed, uint32_t siteOffset,
uint32_t targetOffset) {
return emitCallFunction(calleeId, argcId, mozilla::Some(thisObjId), flags,
CallKind::DOM, mozilla::Some(siteOffset));
}
#endif
bool WarpCacheIRTranspiler::emitCallScriptedFunction(ObjOperandId calleeId,
@ -6707,9 +6685,10 @@ bool WarpCacheIRTranspiler::emitCloseIterScriptedResult(ObjOperandId iterId,
bool constructing = false;
bool ignoresRval = false;
bool needsThisCheck = false;
bool isDOMCall = false;
CallInfo callInfo(alloc(), constructing, ignoresRval);
callInfo.initForCloseIter(iter, callee);
MCall* call = makeCall(callInfo, needsThisCheck, wrappedTarget);
MCall* call = makeCall(callInfo, needsThisCheck, wrappedTarget, isDOMCall);
if (!call) {
return false;
}

17
js/src/jsapi.cpp
Просмотреть файл

@ -1920,23 +1920,6 @@ JS_PUBLIC_API JSObject* JS_NewObjectWithGivenProto(JSContext* cx,
return NewObjectWithGivenProto(cx, clasp, proto);
}
JS_PUBLIC_API JSObject* JS_NewObjectWithGivenProtoAndUseAllocSite(
JSContext* cx, const JSClass* clasp, HandleObject proto) {
MOZ_ASSERT(!cx->zone()->isAtomsZone());
AssertHeapIsIdle();
CHECK_THREAD(cx);
cx->check(proto);
MOZ_ASSERT(clasp);
MOZ_ASSERT(!clasp->isJSFunction());
MOZ_ASSERT(clasp != &PlainObject::class_);
MOZ_ASSERT(clasp != &ArrayObject::class_);
MOZ_ASSERT(!(clasp->flags & JSCLASS_IS_GLOBAL));
return NewObjectWithGivenProtoAndAllocSite(cx, clasp, proto,
cx->realm()->localAllocSite);
}
JS_PUBLIC_API JSObject* JS_NewPlainObject(JSContext* cx) {
MOZ_ASSERT(!cx->zone()->isAtomsZone());
AssertHeapIsIdle();

1
js/src/moz.build
Просмотреть файл

@ -238,7 +238,6 @@ EXPORTS.js += [
# change, but they're at least plausible first passes at designing something.
# We expose them as-is, buyer beware.
EXPORTS.js.experimental += [
"../public/experimental/BindingAllocs.h",
"../public/experimental/CodeCoverage.h",
"../public/experimental/CompileScript.h",
"../public/experimental/CTypes.h",

43
js/src/shell/js.cpp
Просмотреть файл

@ -128,7 +128,6 @@
#include "js/Equality.h" // JS::SameValue
#include "js/ErrorReport.h" // JS::PrintError
#include "js/Exception.h" // JS::StealPendingExceptionStack
#include "js/experimental/BindingAllocs.h" // JS_NewObjectWithGivenProtoAndUseAllocSite
#include "js/experimental/CodeCoverage.h" // js::EnableCodeCoverage
#include "js/experimental/CompileScript.h" // JS::NewFrontendContext, JS::DestroyFrontendContext, JS::HadFrontendErrors, JS::ConvertFrontendErrorsToRuntimeErrors, JS::CompileGlobalScriptToStencil, JS::CompileModuleScriptToStencil
#include "js/experimental/CTypes.h" // JS::InitCTypesClass
@ -10316,9 +10315,7 @@ static ExtraGlobalBindingWithHelp extraGlobalBindingsWithHelp[] = {
" FakeDOMObject.prototype.global\n"
" Getter/setter with JSJitInfo::AliasEverything\n"
" FakeDOMObject.prototype.doFoo()\n"
" Method with JSJitInfo\n"
" FakeDOMObject.prototype.getObject()\n"
" Method with JSJitInfo that returns an object."},
" Method with JSJitInfo"},
};
// clang-format on
@ -10797,26 +10794,6 @@ static bool dom_doFoo(JSContext* cx, HandleObject obj, void* self,
return true;
}
static bool dom_doBar(JSContext* cx, HandleObject obj, void* self,
const JSJitMethodCallArgs& args) {
MOZ_ASSERT(JS::GetClass(obj) == GetDomClass());
MOZ_ASSERT(self == DOM_PRIVATE_VALUE);
MOZ_ASSERT(cx->realm() == args.callee().as<JSFunction>().realm());
static const JSClass barClass = {
"BarObj",
};
JSObject* retObj =
JS_NewObjectWithGivenProtoAndUseAllocSite(cx, &barClass, nullptr);
if (!retObj) {
return false;
}
args.rval().setObject(*retObj);
return true;
}
static const JSJitInfo dom_x_getterinfo = {
{(JSJitGetterOp)dom_get_x},
{0}, /* protoID */
@ -10916,22 +10893,6 @@ static const JSJitInfo doFoo_methodinfo = {
0 /* slotIndex */
};
static const JSJitInfo doBar_methodinfo = {
{(JSJitGetterOp)dom_doBar},
{0}, /* protoID */
{0}, /* depth */
JSJitInfo::Method,
JSJitInfo::AliasEverything, /* aliasSet */
JSVAL_TYPE_OBJECT, /* returnType */
false, /* isInfallible. False in setters. */
false, /* isMovable */
false, /* isEliminatable */
false, /* isAlwaysInSlot */
false, /* isLazilyCachedInSlot */
false, /* isTypedMethod */
0 /* slotIndex */
};
static const JSPropertySpec dom_props[] = {
JSPropertySpec::nativeAccessors("x", JSPROP_ENUMERATE, dom_genericGetter,
&dom_x_getterinfo, dom_genericSetter,
@ -10947,8 +10908,6 @@ static const JSPropertySpec dom_props[] = {
static const JSFunctionSpec dom_methods[] = {
JS_FNINFO("doFoo", dom_genericMethod, &doFoo_methodinfo, 3,
JSPROP_ENUMERATE),
JS_FNINFO("doBar", dom_genericMethod, &doBar_methodinfo, 3,
JSPROP_ENUMERATE),
JS_FS_END,
};

21
js/src/vm/JSObject-inl.h
Просмотреть файл

@ -369,11 +369,6 @@ NativeObject* NewObjectWithGivenTaggedProto(JSContext* cx, const JSClass* clasp,
NewObjectKind newKind,
ObjectFlags objFlags);
NativeObject* NewObjectWithGivenTaggedProtoAndAllocSite(
JSContext* cx, const JSClass* clasp, Handle<TaggedProto> proto,
gc::AllocKind allocKind, NewObjectKind newKind, ObjectFlags objFlags,
gc::AllocSite* site);
template <NewObjectKind NewKind>
inline NativeObject* NewObjectWithGivenTaggedProto(JSContext* cx,
const JSClass* clasp,
@ -384,15 +379,6 @@ inline NativeObject* NewObjectWithGivenTaggedProto(JSContext* cx,
objFlags);
}
template <NewObjectKind NewKind>
inline NativeObject* NewObjectWithGivenTaggedProtoAndAllocSite(
JSContext* cx, const JSClass* clasp, Handle<TaggedProto> proto,
ObjectFlags objFlags, gc::AllocSite* site) {
gc::AllocKind allocKind = gc::GetGCObjectKind(clasp);
return NewObjectWithGivenTaggedProtoAndAllocSite(cx, clasp, proto, allocKind,
NewKind, objFlags, site);
}
namespace detail {
template <typename T, NewObjectKind NewKind>
@ -419,13 +405,6 @@ inline NativeObject* NewObjectWithGivenProto(JSContext* cx,
cx, clasp, AsTaggedProto(proto), ObjectFlags());
}
inline NativeObject* NewObjectWithGivenProtoAndAllocSite(
JSContext* cx, const JSClass* clasp, HandleObject proto,
js::gc::AllocSite* site) {
return NewObjectWithGivenTaggedProtoAndAllocSite<GenericObject>(
cx, clasp, AsTaggedProto(proto), ObjectFlags(), site);
}
inline NativeObject* NewTenuredObjectWithGivenProto(
JSContext* cx, const JSClass* clasp, HandleObject proto,
ObjectFlags objFlags = ObjectFlags()) {

16
js/src/vm/JSObject.cpp
Просмотреть файл

@ -740,8 +740,7 @@ bool js::TestIntegrityLevel(JSContext* cx, HandleObject obj,
static MOZ_ALWAYS_INLINE NativeObject* NewObject(
JSContext* cx, const JSClass* clasp, Handle<TaggedProto> proto,
gc::AllocKind kind, NewObjectKind newKind, ObjectFlags objFlags,
gc::AllocSite* allocSite = nullptr) {
gc::AllocKind kind, NewObjectKind newKind, ObjectFlags objFlags) {
MOZ_ASSERT(clasp->isNativeObject());
// Some classes have specialized allocation functions and shouldn't end up
@ -750,8 +749,6 @@ static MOZ_ALWAYS_INLINE NativeObject* NewObject(
MOZ_ASSERT(clasp != &PlainObject::class_);
MOZ_ASSERT(!clasp->isJSFunction());
MOZ_ASSERT_IF(allocSite, allocSite->zone() == cx->zone());
// Computing nfixed based on the AllocKind isn't right for objects which can
// store fixed data inline (TypedArrays and ArrayBuffers) so for simplicity
// and performance reasons we don't support such objects here.
@ -769,8 +766,8 @@ static MOZ_ALWAYS_INLINE NativeObject* NewObject(
return nullptr;
}
gc::Heap heap = GetInitialHeap(newKind, clasp, allocSite);
NativeObject* obj = NativeObject::create(cx, kind, heap, shape, allocSite);
gc::Heap heap = GetInitialHeap(newKind, clasp);
NativeObject* obj = NativeObject::create(cx, kind, heap, shape);
if (!obj) {
return nullptr;
}
@ -785,13 +782,6 @@ NativeObject* js::NewObjectWithGivenTaggedProto(
return NewObject(cx, clasp, proto, allocKind, newKind, objFlags);
}
NativeObject* js::NewObjectWithGivenTaggedProtoAndAllocSite(
JSContext* cx, const JSClass* clasp, Handle<TaggedProto> proto,
gc::AllocKind allocKind, NewObjectKind newKind, ObjectFlags objFlags,
gc::AllocSite* site) {
return NewObject(cx, clasp, proto, allocKind, newKind, objFlags, site);
}
NativeObject* js::NewObjectWithClassProto(JSContext* cx, const JSClass* clasp,
HandleObject protoArg,
gc::AllocKind allocKind,

1
js/src/vm/Realm.cpp
Просмотреть файл

@ -61,7 +61,6 @@ Realm::Realm(Compartment* comp, const JS::RealmOptions& options)
Realm::~Realm() {
MOZ_ASSERT(!hasBeenEnteredIgnoringJit());
MOZ_ASSERT(!isDebuggee());
MOZ_ASSERT(!localAllocSite);
// Write the code coverage information in a file.
if (lcovRealm_) {

10
js/src/vm/Realm.h
Просмотреть файл

@ -809,16 +809,6 @@ class JS::Realm : public JS::shadow::Realm {
js::RealmFuses realmFuses;
// Allocation site used by binding code to provide feedback
// on allocation heap for DOM allocation functions.
//
// See CallIRGenerator::tryAttachCallNative
js::gc::AllocSite* localAllocSite = nullptr;
static size_t offsetOfLocalAllocSite() {
return offsetof(JS::Realm, localAllocSite);
}
private:
void purgeForOfPicChain();
};

7
modules/libpref/init/StaticPrefList.yaml
Просмотреть файл

@ -7976,13 +7976,6 @@
#endif
mirror: always
# Use the realm local dom alloc site.
- name: javascript.options.dom_alloc_site
type: bool
value: true
mirror: always
set_spidermonkey_pref: always
# Use better error message when accessing property of null or undefined.
- name: javascript.options.property_error_message_fix
type: bool