Drive-by change to remove some code we no longer need after Stencil removed the
off-thread parse/XDR global.
Note that we still assert/check isUsedAsPrototype under getInitialOrPropMapShape.
Depends on D136146
Differential Revision: https://phabricator.services.mozilla.com/D136147
In bug 1738020 we moved the shape teleporting code into NativeObject::addProperty,
which we call from TryAssignPlain, so this should just work now.
Exception is the shape-reuse fast path, but the previous patch ensures we no longer
use that if the object is a prototype object, so we can just add an assertion there.
Differential Revision: https://phabricator.services.mozilla.com/D136146
We were checking the old and new shapes have the same object flags, but this was
(almost) never the case after we added the HasEnumerable flag in bug 1733075,
disabling the optimization in practice.
With this patch we hit the fast path again on Reddit.
Differential Revision: https://phabricator.services.mozilla.com/D136145
Split `cx->zone()->isAtomsZone()` branch into 2 functions, for atom case and
non-atom case.
Also removed reduncent steps (static string lookup, length validation,
deflation) from atom case, based on the atomization progress.
Differential Revision: https://phabricator.services.mozilla.com/D135101
To avoid duplicate steps through the atomization process:
* If the function assumes the input doesn't match static strings
(static strings case is already handled), append `NoStatic`
* If the function assumes the length is valid, append `ValidLength`
Differential Revision: https://phabricator.services.mozilla.com/D135100
This is a simple fix for a too-small field for the virtual register number on arm64,
where the field gets only 18 bits. This change expands the field to 21 bits. This
is enough to solve compilation problems on web.autocad.com.
Differential Revision: https://phabricator.services.mozilla.com/D136106
Previously the 'gray mark bits are valid state' was initially false, and set to
true after the first full GC. But there's no reason that the gray state is
invalid initially. The state is only marked as invalid when we abort gray
unmarking due to OOM, which does lead to an actually incorrect state where some
things are marked gray when they should be black. The initial state of cells
being marked white is not invalid, although cycles through white cells cannot
be collected at this time.
This patch has no impact on AWSY.
Differential Revision: https://phabricator.services.mozilla.com/D136026
Bug 1748700 shows a regression introduced by bug 1716580, which incorrectly
optimised some wasm compare-select cases. The underlying problem was
inadequate testing in the latter bug.
This bug adds comprehensive testing of compare-select for the following
cases:
```
compare in i32 i64
select in i32 i64
compare-op in eq ne lt_s lt_u gt_s gt_u le_s le_u ge_s ge_u
```
It is verified as able to detect the regression introduced by bug 1716580.
Differential Revision: https://phabricator.services.mozilla.com/D135919
The testcase triggers a bailout loop in the bigint case. It's not possible to write an equivalent testcase for string concatenation, because we don't attach a stub unless the concatenation succeeds.
I've also verified that this prints a message for the fuzzer in all the differential testcases I could find.
Differential Revision: https://phabricator.services.mozilla.com/D135619
DefineProperty on an arguments object doesn't have the same magic as SetProperty for updating the ArgumentsData array, so we have to make sure that no elements have been overridden in OptimizeArgumentsSpreadCall before calling ArrayFromArgumentsObject.
This is a regression from anba's patches in bug 1740737 to optimize `...arguments`. It's the rare bug that only fails in the interpreter. (In higher tiers, we already always guarded on the HasOverriddenElement flag.)
Differential Revision: https://phabricator.services.mozilla.com/D135770
Allows AVX SIMD instructions on x86/x64. Mostly as experiment for benchmarking --
if success, it will be on if available.
Differential Revision: https://phabricator.services.mozilla.com/D135561
In 1746231 the JS Exception stuff was moved from the
callback call site into the callback itself.
However, when it was moved, an exception could be
added even if we were going to permit the script
execution. This is wrong.
Move the exception stuff back to the callback site
and use the result of the callback to determine if
we add anything to the stack or not
Differential Revision: https://phabricator.services.mozilla.com/D135250
Prior to bug 1716580, Ion could in some cases merge a 32-bit wasm compare and
a 32-bit wasm select into just two machine instructions. Bug 1716580 expanded
that to include 64-bit operands on some targets. Unfortunately the resulting
code was incorrect for the case where the comparison is of unsigned-64-bit
values, and this was not adequately covered by testing.
This patch:
* fixes the problem, which is a missing test in JSOpToCondition().
* enhances existing test cases for the transformation so as to check for
correct handling of signedness in the comparisons.
Differential Revision: https://phabricator.services.mozilla.com/D135605
Centrally this introduces a static_assert that the stack map's
frame-offset-from-top field can hold the values it needs to hold.
This static_assert turns out to fail on x86-32 with SIMD enabled, and
we can also provoke a release assert that guards against overflow with
the enclosed test case, which is valid code.
To fix this, the field must be expanded by one bit, and it might as
well be expanded on all platforms.
Differential Revision: https://phabricator.services.mozilla.com/D135032
This records parallel task time as part of the current GC slice and reports it
in the JS_GC_PROFILE output, plus some misc tidyup.
Differential Revision: https://phabricator.services.mozilla.com/D135524
Tooru Fujisawa
Jan de Mooij
criss
Yury Delendik
Philip Chimento
Lars T Hansen
Jon Coppeard
Matthew Gaudet
Kagami Sascha Rosylight
Julian Seward
Andre Natal
Iain Ireland
Noemi Erli
Yulia Startsev
Tom Ritter
Sebastian Hengst
Andi-Bogdan Postelnicu
Cristian Tuns
Rolf Martin Glomsrud
Ryan Hunt
Csoregi Natalia