The name `AUTO_PROFILER_MARKER_TEXT` is more consistent with the equivalent non-`AUTO` macro, and similarly arguments have been re-ordered to be the same, i.e.: Name, category&options, text.
The different macros with different argument sets can now be collapsed into one macro, and the optional arguments (timing, inner window id, backtrace) can easily be added to the `MarkerOptions` where needed.
As a bonus, a specific start time can optionally be provided at construction time.
Differential Revision: https://phabricator.services.mozilla.com/D89588
I was thinking about writing an [SMDOC] comment until I realized we already had one. I settled for a few updates to that comment and some annotations on the ASCII diagrams.
Differential Revision: https://phabricator.services.mozilla.com/D89524
This patch hoists the stub frame / rectifier frame code into its own function. The next patch splits that function up.
Differential Revision: https://phabricator.services.mozilla.com/D89521
The `invalidate` argument to `BailoutIonToBaseline` and `InitFromBailout` was only used for a single assertion in the IonReturnOverride case, which could be more directly asserted in `jit::Bailout`.
Differential Revision: https://phabricator.services.mozilla.com/D89517
I would like to add a comment here explaining *why* we have to overwrite the arguments in the caller, but I'm not confident I understand myself.
Similarly, I tried rewriting the comment about not updating when the arguments object aliases the formals ("In such cases, the list of arguments reported by the snapshot are only aliases of argument object slots..."), but I wasn't sure I understood.
Differential Revision: https://phabricator.services.mozilla.com/D89514
My approach in this stack is to incrementally extract parts of `InitFromBailout` (and some parts of `BailoutIonToBaseline` into methods on BaselineStackBuilder. Some of the intermediate patches look a little strange, but I think it ends up in a reasonable place.
Differential Revision: https://phabricator.services.mozilla.com/D89511
Introduce a vector of HelperThreadTask, called HelperThreadTaskVector.
When a HelperThreadTask is running, the task will be added into the
vector, and be removed when runHelperThreadTask is done.
And add is<T> and as<T> utilities for HelperThreadTask, so when some
CancelOffThreadXXX function is called, it could iterate the vector and
check if the task from the vector is of certain type.
Differential Revision: https://phabricator.services.mozilla.com/D86354
This adds a 'minimum' argument to the JS-API for the WebAssembly.Memory
and WebAssembly.Table objects. This parameter represents the minimum
size of the object which was specified by the 'initial' parameter. This
supports using either initial or minimum to specify the parameter.
This commit is part of the work to add type reflections to the
WebAssembly JS-API as specified in the js-types proposal.
Differential Revision: https://phabricator.services.mozilla.com/D85887
Because guarding on the Class and the BaseScript is quite a bit slower than
GuardSpecificFunction, try the function guard if we're attaching the first stub.
Make trial inlining ignore the unused stub so we can still inline. This is similar
to the heuristics WarpOracle uses but is still a bit more conservative.
Differential Revision: https://phabricator.services.mozilla.com/D89140
We want GuardFunctionScript to compare the JSFunction field without any flag checks
but that only works if native functions are guaranteed to not have an identical value
stored there.
Differential Revision: https://phabricator.services.mozilla.com/D89136
This does two things: avoid triggering an assertion about the number of dynamic slots while the object is in an intermidiate state, and preserve the number of dictionary mode slots when reallocating the dynamic slots.
Differential Revision: https://phabricator.services.mozilla.com/D89630
With the latest parser changes this class is now unnecessary. Remove the count of live AutoKeepAtoms instances on the zone and anything that used it.
Differential Revision: https://phabricator.services.mozilla.com/D89645
wasm::ToCString() couldn't OOM, but wasm::ToString() can, so the
all the use cases need to check for OOM and propagate it.
Differential Revision: https://phabricator.services.mozilla.com/D89671
x86 has few register so to do div/mod for i64 it call the runtime
and clobber almost all gp registers including WasmTlsReg.
To be able to call c++ runtime via Builtin thunk we need to set up WasmTlsReg.
In this patch I create dependencies from MIR level to Codegen to be sure that WasmTlsReg is alive
when we call runtime.
Differential Revision: https://phabricator.services.mozilla.com/D88524
This method only asserts that mInitialized is false, then sets
mInitialized to true. All call sites check that the flag is false,
so the assertion is redundant, so this method can be inlined
and simplified.
Differential Revision: https://phabricator.services.mozilla.com/D89480
This method only asserts that mInitialized is false, then sets
mInitialized to true. All call sites check that the flag is false,
so the assertion is redundant, so this method can be inlined
and simplified.
Differential Revision: https://phabricator.services.mozilla.com/D89480
We have a tls dependency in callWithABI for wasm because we call builtins via BuiltinThunk.
Last one requires that tls to be loaded. In this patch I gradually extend callWithABI interface to
pass offset to tls. This allows us to preserve tls and load it by offset in callWithABI and frees us from
the Frame::tls dependency.
Differential Revision: https://phabricator.services.mozilla.com/D88426
This changes the off-thread promise helper code from using its own mutex to
using the helper thread lock for synchronisation.
For promise tasks executed on helper threads there's little benefit from using
a separate mutex as we already have to wait on the helper thread lock to start
the task. The changes ensure we don't delete the OffThreadPromiseTask while the
helper thread system thinks it's still running.
Differential Revision: https://phabricator.services.mozilla.com/D89472
Currently wasm uses its own mutex for off-thread compilation. This leads to the
sitation where the CompileTask structure can be freed while the helper thread
is still running (the ModuleGenerator destructor synchronises on its mutex, but
the helper thread run method releases this mutex before it returns).
Using the helper thread lock here makes sense. The helper thread lock is
already required to start the compiation task so I don't think there's much
gain from using a separate mutex.
Differential Revision: https://phabricator.services.mozilla.com/D89471
Let's see following code and let's assume that wasm-compiler is ion:
call foo
call bar
Ion can clobber tls inside foo and then it can go with clobbered tls into bar.
There will be a crash if bar uses tls. At compile-time we don't know whether bar will use tls or not.
It works when we restore tls each time when we are returning from a function because of the current frame structure.
But now, when we want to get rid of Frame::tls we should guarantee that Ion doesn't clobber tls inside a function.
In fact we forces Ion to restore tls iff it clobbers it and it is a rare case.
Baseline doesn't need such logic because of its private stack slot for tls.
Differential Revision: https://phabricator.services.mozilla.com/D83061
Under unknown circumstances, we can end up running chrome
JS during thread manager shutdown. Sometimes this ends up
trying to load new JSMs, but gJarHandler has already been
cleared, leading to a crash.
To avoid this and other issues, this patch forbids the
importing of new JSMs after we're late enough in shutdown
to have cleared the ClearOnShutdown pointers. I allow the
importing of JSMs that have already been loaded, as that
seems like it should be okay.
Differential Revision: https://phabricator.services.mozilla.com/D89477
This should clarify why they are unsafe.
Also rename the overlong 'unsafeUnbarrieredForTracing' to 'unbarrieredAddress'
to be more like Rooted::address and since it is used outside of tracing in a
couple of places.
Differential Revision: https://phabricator.services.mozilla.com/D89012
This moves the default barrier implementations for the pre and read barriers to
the Cell base class and combines the existing post barrier implemenations in to
a single function.
Differential Revision: https://phabricator.services.mozilla.com/D89011
This testcase is a bit fragile to changes in warmup thresholds. It might be nice if we added a testing function to trial-inline a function on-demand.
Differential Revision: https://phabricator.services.mozilla.com/D89215
This happens when using the logger on youtube.com.
The written CacheIR code is not actually valid when writing failed, so we crash.
Differential Revision: https://phabricator.services.mozilla.com/D89195
The bug here occurs when we:
a) Trial-inline A into B, creating an ICScript owned by B with a pointer to A's JitScript.
b) Perform a compacting GC, discarding the JitScript for A, but preserving the JitScript for B (because it is on the stack).
c) Create a new JitScript for A.
d) Warp-compile B, without hitting the B->A trial-inlined call IC.
In this case, the `JitScript*` stored in the ICScript created in `a)` is dangling, and does not match the JitScript created in `c)`.
The easy way to fix this is to not store a `JitScript*` here in the first place. We only use `ICScript::jitScript_` to:
a) Tell whether the ICScript is inlined, which can be done more easily by looking at the depth.
b) Find the `FallbackICStubSpace` for non-inlined ICScripts.
If we use the depth to tell when an ICScript is inlined, then we don't need a pointer to find the owning JitScript (and therefore its stub space) for non-inlined ICScripts. Non-inlined ICScripts are embedded inside a JitScript, so we can compute the offset directly.
Differential Revision: https://phabricator.services.mozilla.com/D88690
This patch was generated by running:
```
perl -p -i \
-e 's/^(\s+)([a-zA-Z0-9.]+) = NS_ConvertUTF8toUTF16\((.*)\);/\1CopyUTF8toUTF16(\3, \2);/;' \
-e 's/^(\s+)([a-zA-Z0-9.]+) = NS_ConvertUTF16toUTF8\((.*)\);/\1CopyUTF16toUTF8(\3, \2);/;' \
$FILE
```
against every .cpp and .h in mozilla-central, and then fixing up the
inevitable errors that happen as a result of matching C++ expressions with
regexes. The errors fell into three categories:
1. Calling the convert functions with `std::string::c_str()`; these were
changed to simply pass the string instead, relying on implicit conversion
to `mozilla::Span`.
2. Calling the convert functions with raw pointers, which is not permitted
with the copy functions; these were changed to invoke `MakeStringSpan` first.
3. Other miscellaneous errors resulting from over-eager regexes and/or the
replacement not being type-aware. These changes were reverted.
Differential Revision: https://phabricator.services.mozilla.com/D88903
This stores slots/element ranges as object and start index rather than having
two separate representations (one used during marking, one when we yield to the
mutator during marking). It's possible that this could affect marking
performance but we'll catch that by checking the mark rate telemetry. This
should also reduce the size needed for the mark stack a little.
Differential Revision: https://phabricator.services.mozilla.com/D88723
This stores slots/element ranges as object and start index rather than having
two separate representations (one used during marking, one when we yield to the
mutator during marking). It's possible that this could affect marking
performance but we'll catch that by checking the mark rate telemetry. This
should also reduce the size needed for the mark stack a little.
Differential Revision: https://phabricator.services.mozilla.com/D88723
On real hardware, when a background thread finishes compilation, it must signal
to the other executing threads that they need to reload a new version of the
code. Ideally, each executing thread would run an ISB instruction to do so. We
hereby use a system call membarrier that interrupts every other running thread,
and will cause the same effect as a local ISB would. It is heavyweight, so we
make sure to only run it in the case where we're on a background thread.
In the simulator, pending icache flushing requests were never satisfied before
this patch, when the request was emitted from a thread other than the main
thread. Similar behavior as above is emulated.
Differential Revision: https://phabricator.services.mozilla.com/D88395
This adds an OOL path to handle null/undefined => globalThis without a VM call.
IonBuilder optimizes that case based on TI and this ensures we're not a lot slower
for that.
Also give the MIR instruction an empty AliasSet so we can optimize it better in
inlined functions. We no longer have the thisValue hook mentioned in the comment.
Differential Revision: https://phabricator.services.mozilla.com/D88974
Initially the plan was to reuse TraceCacheIRStub but this patch adds the tracing
code for Warp separately because:
* CacheIR stub data in Warp contains nursery indexes. It's nice to keep that out of the IC-tracing code.
* We can use WarpGCPtr similar to other snapshotted GC pointers. It asserts GC things are not moved.
Differential Revision: https://phabricator.services.mozilla.com/D88965
Longer-term more CompileInfo fields should be moved into WarpSnapshot, we can
then dump these fields.
Depends on D88963
Differential Revision: https://phabricator.services.mozilla.com/D88964
Use TODO(post-Warp) for TODOs that can only be addressed when IonBuilder is gone.
Remove some TODOs that are no longer relevant or don't need to be addressed
short-term.
Depends on D88961
Differential Revision: https://phabricator.services.mozilla.com/D88962
Allowlisting this op in the checker is wrong because we don't want a
MagicValue to show up for JSOp::ToString in Baseline.
Depends on D88960
Differential Revision: https://phabricator.services.mozilla.com/D88961
The ones in maybeInlineIC have been addressed. The one about extra var environments
isn't really a TODO for Warp specifically.
Also change the stub data copying to just use nullptr if there's no stub data.
This is fairly common for simpler IC stubs.
Differential Revision: https://phabricator.services.mozilla.com/D88960
If useOffThreadParseGlobal option is set to false, ParseTask generates
CompilationInfo, that contains both input and stencil output,
and the main thread grabs it and instantiate it on the main thread, when
finishing the compilation.
Differential Revision: https://phabricator.services.mozilla.com/D88594
CompileGlobalScriptToStencil returns CompilationStencil in CompilationInfo as the result of compilation,
and the consumer can call InstantiateStencils to instantiate GC objects,
that can be done later and in different thread.
Differential Revision: https://phabricator.services.mozilla.com/D88592
This test fails when run with `--code-coverage` because that flag keeps the
top-level scripts of each file alive which messes with the census
expectations.
Differential Revision: https://phabricator.services.mozilla.com/D89060
We don't have to store a separate return offset for trial inlining, because the rectifier code after returning from the call is exactly the same. Post-bailout, inline frames will return into the normal non-inline code.
Differential Revision: https://phabricator.services.mozilla.com/D88694
Add a `getShared` accessor to RegExpObject to retrieve a previously assigned
`RegExpShared` object. And then replace two calls to the fallible
`RegExpObject::getShared()` method with the new accessor. This way we can
avoid calling a fallible method whose return value is ignored.
Depends on D88795
Differential Revision: https://phabricator.services.mozilla.com/D88796
It seems nice to also assert the array length is divisible by two, given that
the array is created entirely elsewhere.
Depends on D88794
Differential Revision: https://phabricator.services.mozilla.com/D88795
Remove unnecessary rooting and move a rooting variable outside of a loop. Sadly
we still don't have static analysis to catch this (bug 1362038).
Drive-by change:
- Add more blank lines before comments.
Depends on D88792
Differential Revision: https://phabricator.services.mozilla.com/D88793
The `skip` out-param is only read when `InterpretDollar` returns `true`, so we
can remove both assignments which are followed by `return false`.
Drive-by change:
- Move another assignment to `skip` to appear directly before `return true`, so
it's more obvious that `skip` only needs to be set on success.
- Add a blank line before a comment, per our normal style guides.
Depends on D88791
Differential Revision: https://phabricator.services.mozilla.com/D88792
These macros were used by the local irregexp copy to implement Unicode RegExps.
They have been replaced by calls to ICU.
Depends on D88789
Differential Revision: https://phabricator.services.mozilla.com/D88790
`next()` throws StopIteration when the iterator has been exhausted. Before
PEP 479, throwing StopIteration implicitly closes a generator and is not
propagated to the caller. After PEP 479, the StopIteration error is propagated
to the caller.
Differential Revision: https://phabricator.services.mozilla.com/D88789
Unfortunately we already have MSetArrayLength so introducing MCallSetArrayLength might be confusing.
I am not sure what do instead.
Differential Revision: https://phabricator.services.mozilla.com/D88902
CacheIRCompiler using int32-or-double and MIR always using double makes it annoying
to share more code like in the previous patch. Hopefully we can align this more in
the future.
Differential Revision: https://phabricator.services.mozilla.com/D87708
GuardAndGetNumberFromBoolean is infallible, so that was renamed to BooleanToNumber.
That's consistent with BooleanToString.
Differential Revision: https://phabricator.services.mozilla.com/D87704
The patch converts the relevant prefs to use StaticPrefList and let's content JS in child processes to run longer if there
aren't mousedown/ups or keyevents or such. mousemove or wheel aren't considered as important events.
Differential Revision: https://phabricator.services.mozilla.com/D88668
This lets us include some extra flags in the MIME type that's used by the bytecode
cache. It also simplifies the XDR code a bit.
The approach is similar to Wasm's GetOptimizedEncodingBuildId.
Differential Revision: https://phabricator.services.mozilla.com/D88726
This adds the preference, JS shell option, and {ContextOptions,CompileOptions} fields,
but the value isn't read and the code always acts as it's set to true.
Differential Revision: https://phabricator.services.mozilla.com/D88922
Since the `dumpStencil` duplicates part of the BytecodeCompiler code, we must
explicitly instantiate the top-level stencil before parse is run. Also add a
test case for this.
Differential Revision: https://phabricator.services.mozilla.com/D88898
The assertion in emitLoadArgumentSlot was unnecessary. Spread calls always have an argc of 1, so `hasArgumentArray` and `!addArgc` cancel each other out in GetIndexOfArgument.
Depends on D88513
Differential Revision: https://phabricator.services.mozilla.com/D88514
CallInfo::ArgFormat::Array supports FunApplyArray (in this patch), SpreadCall (in the next patch), and eventually SpreadNew/SpreadSuperCall.
Depends on D88512
Differential Revision: https://phabricator.services.mozilla.com/D88513
Prior to the NON_PACKED flag, we had to iterate over each element of the array to verify that it was packed. It made sense to fold the argc check in with that code. Now that we are using the flag, I moved the argc check inside the call op to match other argument formats.
Differential Revision: https://phabricator.services.mozilla.com/D88510
Put the optimised marking path inside the trace hook so that we simplify
calling the trace hook from the marking code.
Differential Revision: https://phabricator.services.mozilla.com/D88632
Transpile `LoadInstanceOfObjectResult` through the existing `MInstanceOf` op.
In contrast to the CacheIR implementation, `MInstanceOf` can also handle
proxy objects in the prototype chain via a VM call, whereas the CacheIR
implementation always bails out in that case.
Depends on D88574
Differential Revision: https://phabricator.services.mozilla.com/D88575
Change `MInstanceOf` to use `MDefinition` for the prototype in preparation for
part 3. Lowering uses `useRegisterOrConstant()` to ensure we still bake in the
prototype for constant objects, which is the default in both Ion and Warp.
Drive-by change:
Remove bogus `LInstanceOfV::lhs()` and `LInstanceOfCache::lhs()` methods. The
left-hand side is a boxed operand, so it can't be accessed through `getOperand`.
Depends on D88573
Differential Revision: https://phabricator.services.mozilla.com/D88574
Use a CallVM instead of a FailurePath to match the Ion optimised path. This
change will allow part 4 to use the existing MArrayJoin call for Warp.
Differential Revision: https://phabricator.services.mozilla.com/D88564
We don't currently use this in Warp and it can cause some weirdness, especially
with lower warmup thresholds and off-thread compilation, where we start a
recompile for no good reason.
Differential Revision: https://phabricator.services.mozilla.com/D88584
We can only assert that the array length is writable for the
`handleTrue = true` case. This also requires to reintroduce the writable array
length check to the Ion IC code.
Added tests to cover multiple scenarios where the StoreDenseElementHole IC is
used.
Differential Revision: https://phabricator.services.mozilla.com/D88031
This parses BigInt property names as if they were computed, which means we don't end up neeeding to atomize
them.
This does mean that BigInt property names take a slower path on construction, meaning that it is possible
to measure a slowdown on executing the construction of a huge literal with thousands of BigInt properties.
This patch adds one bit to ParseNode.h, but does not change the overall size of parse nodes, as it fits
into padding around pre-existing bitfields.
Differential Revision: https://phabricator.services.mozilla.com/D87627
Despite looking directly at this code while adding the assertion in bug 1660553, I somehow missed that scripted calls were being attached too early. It's not a problem for Ion, because we only inline `FunCall`/`FunApply` if we're calling the jsnative, but it matters for Warp.
Differential Revision: https://phabricator.services.mozilla.com/D88463
Gerald Squelart
Tooru Fujisawa
Jon Coppeard
Csoregi Natalia
Iain Ireland
Tom Ritter
Yoshi Cheng-Hao Huang
Jessica Tallon
Jan de Mooij
Simon Giesecke
Benjamin Bouvier
Ryan Hunt
Butkovits Atila
Dmitry Bezhetskov
Andrew McCreight
Razvan Maries
Jeff Walden
Bogdan Tara
Sylvestre Ledru
Tom Schuster
Mihai Alexandru Michis
Kannan Vijayan
Steve Fink
Nathan Froyd
Gurzau Raul
Ted Campbell
yohaan
André Bargull
Olli Pettay
Paul Bone
Matthew Gaudet
Adam Vandolder