From a58061ddd7ede00ed962af3b61920cedd63401e3 Mon Sep 17 00:00:00 2001
From: Iain Ireland <iireland@mozilla.com>
Date: Mon, 24 Aug 2020 18:27:44 +0000
Subject: [PATCH] Bug 1660553: Inline FunCall r=jandem

Differential Revision: https://phabricator.services.mozilla.com/D87910
---
 js/src/jit/TrialInlining.cpp         |  9 ++++++++-
 js/src/jit/WarpCacheIRTranspiler.cpp | 15 +++++++++++++--
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/js/src/jit/TrialInlining.cpp b/js/src/jit/TrialInlining.cpp
index 7489f657368d..b91c5fdfa8a7 100644
--- a/js/src/jit/TrialInlining.cpp
+++ b/js/src/jit/TrialInlining.cpp
@@ -296,8 +296,14 @@ bool TrialInliner::maybeInlineCall(const ICEntry& entry, BytecodeLocation loc) {
     return true;
   }
 
+  // We only inline FunCall if we are calling the js::fun_call builtin.
+  MOZ_ASSERT_IF(loc.getOp() == JSOp::FunCall,
+                data->callFlags.getArgFormat() == CallFlags::FunCall);
+
   // TODO: The arguments rectifier is not yet supported.
-  if (loc.getCallArgc() < data->target->nargs()) {
+  uint32_t argc =
+      loc.getOp() == JSOp::FunCall ? loc.getCallArgc() - 1 : loc.getCallArgc();
+  if (argc < data->target->nargs()) {
     return true;
   }
 
@@ -326,6 +332,7 @@ bool TrialInliner::tryInlining() {
       case JSOp::Call:
       case JSOp::CallIgnoresRv:
       case JSOp::CallIter:
+      case JSOp::FunCall:
         if (!maybeInlineCall(icScript_->icEntry(icIndex), loc)) {
           return false;
         }
diff --git a/js/src/jit/WarpCacheIRTranspiler.cpp b/js/src/jit/WarpCacheIRTranspiler.cpp
index 6751018ef4e4..0b1fae24e7db 100644
--- a/js/src/jit/WarpCacheIRTranspiler.cpp
+++ b/js/src/jit/WarpCacheIRTranspiler.cpp
@@ -3216,8 +3216,19 @@ bool WarpCacheIRTranspiler::emitCallInlinedFunction(ObjOperandId calleeId,
                                                     uint32_t icScriptOffset,
                                                     CallFlags flags) {
   if (callInfo_->isInlined()) {
-    // We are transpiling to generate the correct guards. Code for the inlined
-    // function itself will be generated in WarpBuilder::buildInlinedCall.
+    // We are transpiling to generate the correct guards. We also
+    // update the CallInfo to use the correct arguments. Code for the
+    // inlined function itself will be generated in
+    // WarpBuilder::buildInlinedCall.
+    MDefinition* callee = getOperand(calleeId);
+    switch (updateCallInfo(callee, flags)) {
+      case ArgumentLocation::Standard:
+        break;
+      case ArgumentLocation::OOM:
+        return false;
+      default:
+        MOZ_CRASH("Unsupported argument location");
+    }
     return true;
   }
   return emitCallFunction(calleeId, argcId, flags, CallKind::Scripted);