1. In bug 1545278, Ted is making our story about guarding on object pointer identity more robust. Since I am adding a new guardSpecificObject call in the ConstStringSplit patch, it seemed reasonable to add guardSpecificFunction now instead of later.
2. It's not directly relevant in the current patch, but in a previous version of the StringSplit patch (before I realized we could delete the whole thing) it turned out that calling isSelfHostedFunctionWithName on an arbitrary function can trigger assertions, because GetSelfHostedFunctionName assumes isExtended, but isSelfHostedBuiltin does not necessarily imply isExtended (in the case of nested anonymous functions).
3. Fixing the format string in a JitSpew message I added in a previous stack.
Depends on D29535
Differential Revision: https://phabricator.services.mozilla.com/D29536
--HG--
extra : moz-landing-system : lando
I started changing StringSplit to attach outside of self-hosted code, to match ConstStringSplit. Upon closer examination, the StringSplit IC doesn't actually add any value, and we're better off deleting it. The generated code calls StringSplitHelper, which ends up doing almost exactly the same thing as the call to intrinsic_StringSplitString it replaces. When we first wrote the patch (bug 1366377), the advantage was that we got to skip a lookup to determine the group of the resulting object. However, a subsequent patch created a single group for every StringSplitString result, which is basically free to look up.
I couldn't write a microbenchmark where the StringSplit IC made any difference, so let's just delete it and simplify our codebase.
Depends on D29534
Differential Revision: https://phabricator.services.mozilla.com/D29535
--HG--
extra : moz-landing-system : lando
Some native functions (for example, the Array constructor) have constructor-like behaviour even when called in a non-constructing context. We still want to create template objects for these cases. This fixes a noticeable regression in Speedometer (particularly in EmberJS-debug).
Depends on D29533
Differential Revision: https://phabricator.services.mozilla.com/D29534
--HG--
extra : moz-landing-system : lando
While trying to pin down a performance regression, I realized that both the new and the old implementations of ConstStringSplit are broken. Three years ago, as part of some ES6 work, we changed String.prototype.split to call a self-hosted String_split function instead of native str_split. In turn, String_split calls intrinsic_StringSplitString in the case we care about. However, because the call to intrinsic_StringSplitString is in self-hosted code, we would only get value out of this stub if there was only one caller of String_split in the entire program.
This patch changes ConstStringSplit to look for the self-hosted String_Split function, which means we can attach a stub to the user script instead of self-hosted code. It also adds support in BaselineInspector for extracting metadata about the string split from the stub, which enables the Ion version of this optimization.
Depends on D29532
Differential Revision: https://phabricator.services.mozilla.com/D29533
--HG--
extra : moz-landing-system : lando
When pushing arguments for a JIT call, we push the callee value onto the stack, and then immediately pop it off. This is a remnant of the old implementation.
This patch removes that wart, with a small detour to rewrite/recomment alignJitStackBasedOnNArgs for clarity.
Differential Revision: https://phabricator.services.mozilla.com/D29532
--HG--
extra : moz-landing-system : lando
These tests need to be disabled to get a green run on the Android x86_64
test platform. The failures in toolkit/components/extensions are
concerning and definitely require follow-up.
Differential Revision: https://phabricator.services.mozilla.com/D29843
--HG--
extra : moz-landing-system : lando
Marking GetGlobalJSObject and GetGlobalJSObjectPreserveColor final and inline
on inner/outer windows allows compilers to de-virtualize and inline them, which
makes them just as fast as calling FastGetGlobalJSObject is now (in the case of
GetGlobalJSObjectPreserveColor; GetGlobalJSObject has to do the gray-unmarking,
which is a bit more work).
In WindowDestroyedEvent::Run we want to switch to GetGlobalJSObject(), because
we want to root the object and hence should unmark gray.
In nsGlobalWindowInner::RunTimeoutHandler we likewise want to unmark gray. The
AutoEntryScript constructor likely did that already, but it's not that
expensive when it doesn't need to do any work.
Differential Revision: https://phabricator.services.mozilla.com/D29711
--HG--
extra : moz-landing-system : lando
Consumers that just care about this boolean state should use this instead of
getting the JSObject* directly.
Differential Revision: https://phabricator.services.mozilla.com/D29705
--HG--
extra : moz-landing-system : lando
This can be used in things like assertions or some other rare circumstances
where not exposing the object to active JS is OK.
Differential Revision: https://phabricator.services.mozilla.com/D29704
--HG--
extra : moz-landing-system : lando
This lock was necessary when the JITs used these strings (off-thread Ion compilation),
but now the lock was just adding overhead to each script we finalize etc.
This replaces ExclusiveData<> with MainThreadData<> to assert on-main-thread in debug
builds.
Differential Revision: https://phabricator.services.mozilla.com/D29798
--HG--
extra : moz-landing-system : lando
Ion does not compile the catch block so the analysis fails to account for code
there.
Differential Revision: https://phabricator.services.mozilla.com/D29475
--HG--
extra : moz-landing-system : lando
I considered adding BaselineInterpreter.{h,cpp} files but there are shared
helper functions so this might get awkward. Maybe once the rest of the code is
in we can experiment with changes in this area.
Differential Revision: https://phabricator.services.mozilla.com/D29158
--HG--
extra : moz-landing-system : lando
This trampoline isn't performance sensitive so platform-specific optimizations
are not worth it.
Differential Revision: https://phabricator.services.mozilla.com/D28601
--HG--
extra : moz-landing-system : lando
This patch further centralizes builtin signature information into
SymbolicAddressSignature, removing more than 100 lines of code
and preparing the way for the next patch, which will use this
eager error check to return a JSObject* from Instance::tableGet.
Differential Revision: https://phabricator.services.mozilla.com/D29595
--HG--
extra : rebase_source : d2c7f27b80ebe3c0884845b471c3de61c0979047
In D25705, I added a new arenaId member to the js::BaseAllocPolicy. This
increased the size of everything that uses a JS AllocPolicy, which is a
lot.
This change follows suit from earlier work, which is to make everything
allocation-related have an "arena" version and a "default" version that
uses the arena version with the implied default arena.
StringBuffer is then changed to use this new functionity to define its
own alloc policy that uses the new StringBufferArena.
Differential Revision: https://phabricator.services.mozilla.com/D29685
--HG--
extra : moz-landing-system : lando
This was incorrectly implemented in bug 1542448 - for a class without a
name, the .initializers varaible would correctly use the class scope,
but would incorrectly use the tdzCache of the *surrounding* scope.
Having two distinct .initializer variables use the same tdzCache caused
the crash in this bug.
Differential Revision: https://phabricator.services.mozilla.com/D29574
--HG--
extra : moz-landing-system : lando
The Baseline Interpreter will use incrementNumDebuggeeRealms and
decrementNumDebuggeeRealms to toggle some debugging things if needed.
Differential Revision: https://phabricator.services.mozilla.com/D28636
--HG--
extra : moz-landing-system : lando
This patch passes a message through the HangMonitor channel when navigating
through history to cancel content JS that could hang the chrome JS in the
content process responsible for history navigation. If the content JS is
actually canceled, this also disables the BF cache for the current page, since
it could end up in an inconsistent state due to the JS cancellation.
Differential Revision: https://phabricator.services.mozilla.com/D23089
--HG--
extra : moz-landing-system : lando
Ted Campbell
Iain Ireland
Geoff Brown
Boris Zbarsky
Jan de Mooij
Gurzau Raul
Bogdan Tara
Luke Wagner
Chris Martin
Jim Porter
Robin Templeton
Tom Schuster
Jeff Walden
Brindusan Cristian
Brian Hackett
Paul Bone
Ashley Hauck
Mike Conley
Andreea Pavel
Sylvestre Ledru