Tidy up MaxMemoryPages(IndexType::I64) so that it returns a value
corresponding to the max buffer byte length. Fix two asserts that
were incorrect and that triggered when making this change.
Add a test that the max memory pages for i64 is indeed at least 8GB.
Drive-by fix to allow a test to OOM without reporting that as a
failure.
Differential Revision: https://phabricator.services.mozilla.com/D130452
Bug 1721849 added 'data' variable which only got called by assertions which are
ignore in opt builds outside Nightly and causes the build to report 'data' as
unused variable.
Differential Revision: https://phabricator.services.mozilla.com/D130456
This replaces use of MCreateThisWithTemplate with MNewPlainObject. This adds a
MIR flag to replace checks for MCreatThisWithTemplate.
Differential Revision: https://phabricator.services.mozilla.com/D130104
Use scoped enums for `CanAttachDenseElementHole` to improve the readibility
compared to using three plain `bool` parameters.
Differential Revision: https://phabricator.services.mozilla.com/D129623
The follows the existing implementations of `MGetInlinedArgument` and
`MGetFrameArgument`. There are only two differences:
1. A bailout occurs when the index is negative. This implies both instructions
must be guards.
2. Undefined is returned when the index is larger than the arguments length.
Differential Revision: https://phabricator.services.mozilla.com/D129622
The `ELEMENT_OVERRIDDEN_BIT` flag is set whenever any element is defined on an
arguments object, irrespective of whether the element is in-bounds or out-of-bounds.
That means that flag can also be used to determine if an arguments object has any
elements besides the frame arguments.
When reading a possible out-of-bounds index, we can therefore use the following
approach:
1. Fail whenever `ELEMENT_OVERRIDDEN_BIT` is set.
2. If the index is in-bounds:
a. Return the in-bounds element unless it's `FORWARD_TO_CALL_SLOT`.
3. Else,
a. Fail if the index is less than zero.
b. Return `undefined`.
Plus a prototype guard check to ensure the element isn't present on any object
of the prototype chain.
Differential Revision: https://phabricator.services.mozilla.com/D129620
`profiler_thread_is_being_profiled` is used a lot for markers, so it makes sense to have a specialized version, which is a bit shorter, and lives in ProfilerMarkers.h.
Differential Revision: https://phabricator.services.mozilla.com/D130009
This is useful for the following parts, as UniqueFileHandle is a cross-platform
type which can also be used to support transferring HANDLEs between processes.
This change requires fairly sweeping changes to existing callsites, which
previously did not require owning access to the handle types when transferring.
For the most part these changes were straightforward, but manual.
Differential Revision: https://phabricator.services.mozilla.com/D126564
This function compiles its string arguments, first creating the top-level
stencil in a way similar to compileToStencil, but then delazify all inner
functions using DelazifyCanonicalScriptedFunction from the previous patch.
Differential Revision: https://phabricator.services.mozilla.com/D128182
This change clone some of the functions used to initialize the
CompilationSyntaxParseCache. These are specialized to copy the minimal set of
information needed for skipping inner functions and for iterating over
closed-over-bindings.
Unforutnately, as opposed to what this structure was initialy designed for, we
are not yet able to reuse the Stencils from the InputScript as ParseAtomIndex of
the InputScript are in the context of the InputScript and not of the
CompilationState which wraps the CompilationSyntaxParseCache. Until we are
capable of reusing the same indexes of a previous compilation, we would have to
duplicate the Stencil structures. Thus, copyScriptInfo and
copyClosedOVerBindings are copied from the original functions and adapted to
work with Stencil inputs.
Differential Revision: https://phabricator.services.mozilla.com/D128180
This patchs adds an InputName structure. This structure is used to represent
names held by the GC or another Stencil, and isolate these names such that they
are properly interned before being used in the CompilationState of the existing
compilation.
InputName is a variant over a JSAtom* or a NameStencilRef. The NameStencilRef is
a TaggedParserAtomIndex from a CompilationStencil given as context.
A function is added as part of the ParserAtomsTable, such that
TaggedParserAtomIndex from another compilation can be interned as well. For
encoding where the atom is represented by the tag it-self, this is a no-op,
whereas for larger atoms, these have to be registered in the table. Identically,
another function is added to compare an InputName with an internalized name,
which would be necessary to convert `ScopeContext::searchInEnclosingScope`.
ParserBindingIter are updated to be initialized with a `ScopeStencilRef`, in a
similar way as already done with `Scope*`.
BindingIter and ParserBindingIter creation are wrapped behind the local
InputBindingIter function, used to return one or the other based on the input
type. Identically, InputName can be constructed from a scope and its matching
name type. These would be handy to convert `ScopeContext` methods to
`InputScopeIter`, while maintaining a single implementation of the binding
traversal, which would dispatch to one variant or the other based on the type of
the scope.
Differential Revision: https://phabricator.services.mozilla.com/D125987
In order to make CompilationInput accept Stencil instead of GC objects as
inputs, we have to create structure which are able to abstract over the GC Scope
pointer, the BaseScript pointer, and the manipulation of the the scopes.
This patch adds the structures used in all follow-up patches from Bug 1730881
which are implementing all the accessors necessary to make it possible to later
initialize a CompilationInput with a Stencil.
Stencil references are abstracted using a `ScopeStencilRef` /
`ScriptStencilRef`, to capture the `CompilationStencil` input and the index
which is a reference to an element within the `CompilationStencil`. These
structures are made to avoid accidental missuse of indexes with the wrong
stencil.
`InputScope` / `InputScript` are variants over the pointer to the GC object and
the equivalent Stencil reference. They are used to provide a common interface to
interpret GC / Stencil data.
Differential Revision: https://phabricator.services.mozilla.com/D125986
When ENABLE_WASM_MEMORY64 is not defined, the isMem32() test will
always return true, and there should be no 64-bit case - instead, that
case could just MOZ_CRASH. This prevents the expansion of templates
for 64-bit code (which would be dead) and means we don't have to
provide masm stubs on platforms that don't support memory64.
Differential Revision: https://phabricator.services.mozilla.com/D130248
We use MarkPagesUnusedHard/MarkPagesInUseHard on unused pages in nursery chunks
to allow the OS to make use of this memory without releasing the address space.
The latter function is currently applied to the start of the chunk including
the header, even though this part is never passed to MarkPagesUnusedHard. Since
MarkPagesInUseHard uses MOZ_MAKE_MEM_UNDEFINED on the address range it
receives, valgrind warns us about accessing memory that has been marked as
undefined when we touch the chunk header.
The fix is to not call MarkPagesInUseHard on the first page of the chunk, since
MarkPagesUnusedHard is never called on this region either.
Differential Revision: https://phabricator.services.mozilla.com/D129815
XrayTraits::ensureHolder() can return the result of XrayTraits::createHolder(),
which in turns returns the result of JS_NewObjectWithGivenProto(),
so we need to null check the result. The other callers already do this.
Differential Revision: https://phabricator.services.mozilla.com/D129432
Bug 1247299 added a `column` member variable reduce differential testing false positives, but the SavedFrame::Lookup constructor inadvertently sets the constructor's `column` parameter = 0, not the `column` member variable.
js/src/vm/SavedStacks.cpp:198:14 [-Wshadow-field-in-constructor-modified] modifying constructor parameter 'column' that shadows a field of 'js::SavedFrame::Lookup'
Differential Revision: https://phabricator.services.mozilla.com/D129900
The "NonPrototype" in the name no longer matters, because shape teleporting is now
handled by addProperty which we end up calling.
Differential Revision: https://phabricator.services.mozilla.com/D129631
Lars T Hansen
Sebastian Hengst
Jon Coppeard
Nicolas B. Pierron
Cristian Tuns
André Bargull
Gerald Squelart
Nika Layzell
criss
Lukas Bernhard
Kershaw Chang
Steve Fink
Yoshi Cheng-Hao Huang
Andrew McCreight
Chris Peterson
Jan de Mooij