searching for reviewer(jandem)
723659cc5b856ca4e3850076d0388eb1416469fd: Bug 1572870 - Use bytecode interface classes BytecodeLocation and BytecodeIterator to encapsulate bytecode manipulation in VerifyGlobalNames. r=jandem
Adam Holm <asorholm@email.arizona.edu> - Mon, 21 Oct 2019 02:02:17 +0000 - rev 498478
Push 98480 by nbeleuzu@mozilla.com at Tue, 22 Oct 2019 01:10:55 +0000
Bug 1572870 - Use bytecode interface classes BytecodeLocation and BytecodeIterator to encapsulate bytecode manipulation in VerifyGlobalNames. r=jandem Replacing jsbytecode and pcToOffset with BytecodeLocation and BytecodeIterator. Differential Revision: https://phabricator.services.mozilla.com/D41485
f473602d0d244b9b50b08cd909c3a0fe3f8ec148: Bug 1536702 - Part 4: Add test cases for loading BigInt values from TypedArray/Objects. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 21 Oct 2019 11:27:10 +0000 - rev 498367
Push 98412 by csabou@mozilla.com at Mon, 21 Oct 2019 13:00:27 +0000
Bug 1536702 - Part 4: Add test cases for loading BigInt values from TypedArray/Objects. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D48341
1398fdc0f7e9ec2b693412eb636b74bed0ffdc9e: Bug 1536702 - Part 3: Inline loads from BigInt TypedArray/Objects in CacheIR. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 21 Oct 2019 11:26:50 +0000 - rev 498366
Push 98412 by csabou@mozilla.com at Mon, 21 Oct 2019 13:00:27 +0000
Bug 1536702 - Part 3: Inline loads from BigInt TypedArray/Objects in CacheIR. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D48340
71a2bfc0cf2b433186cc97854eb158adca9693f4: Bug 1536702 - Part 2: Add MacroAssembler support to allocate and initialise BigInt values. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 21 Oct 2019 11:26:23 +0000 - rev 498365
Push 98412 by csabou@mozilla.com at Mon, 21 Oct 2019 13:00:27 +0000
Bug 1536702 - Part 2: Add MacroAssembler support to allocate and initialise BigInt values. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D48339
80bd01919ed4d7f244ca47dfb9c1b0879836381e: Bug 1536702 - Part 1: Move emitLoadTypedObjectResult() into CacheIRCompiler. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 21 Oct 2019 11:26:00 +0000 - rev 498364
Push 98412 by csabou@mozilla.com at Mon, 21 Oct 2019 13:00:27 +0000
Bug 1536702 - Part 1: Move emitLoadTypedObjectResult() into CacheIRCompiler. r=jandem Using `emitAddressFromStubField()` allows to unify both implementations to a single function in CacheIRCompiler. Differential Revision: https://phabricator.services.mozilla.com/D48337
f1e9ada5d498dffe705707895124ba5b325cb0da: Bug 1536703 - Part 4: Add test cases for storing BigInt values to TypedArray/Objects. r=jandem
André Bargull <andre.bargull@gmail.com> - Tue, 15 Oct 2019 07:49:17 +0000 - rev 498352
Push 98403 by csabou@mozilla.com at Mon, 21 Oct 2019 11:43:21 +0000
Bug 1536703 - Part 4: Add test cases for storing BigInt values to TypedArray/Objects. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D48336
e512b7dafc1ff11109b7478b773df33e83872984: Bug 1536703 - Part 3: Inline stores to BigInt TypedArray/Objects in CacheIR. r=jandem
André Bargull <andre.bargull@gmail.com> - Wed, 16 Oct 2019 13:43:47 +0000 - rev 498351
Push 98403 by csabou@mozilla.com at Mon, 21 Oct 2019 11:43:21 +0000
Bug 1536703 - Part 3: Inline stores to BigInt TypedArray/Objects in CacheIR. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D48335
e48626d69e7781135faa716a90663f6689d931e1: Bug 1536703 - Part 2: Add support for reading [u]int64 values from a BigInt to the MacroAssembler. r=jandem
André Bargull <andre.bargull@gmail.com> - Tue, 15 Oct 2019 07:48:48 +0000 - rev 498350
Push 98403 by csabou@mozilla.com at Mon, 21 Oct 2019 11:43:21 +0000
Bug 1536703 - Part 2: Add support for reading [u]int64 values from a BigInt to the MacroAssembler. r=jandem Provide an inline assembly implementation of `BigInt::toUint64()` resp. `BigInt::toInt64()`. Differential Revision: https://phabricator.services.mozilla.com/D48334
7bb7d2354ec70faf5cef37ce077c3454f2539a2a: Bug 1536703 - Part 1: Avoid crashes for TypedObjects using bigint properties. r=jandem
André Bargull <andre.bargull@gmail.com> - Tue, 15 Oct 2019 07:48:46 +0000 - rev 498349
Push 98403 by csabou@mozilla.com at Mon, 21 Oct 2019 11:43:21 +0000
Bug 1536703 - Part 1: Avoid crashes for TypedObjects using bigint properties. r=jandem CacheIR.cpp: Disallow bigint properties right away in `GetPropIRGenerator::tryAttachTypedObject` to fix a null-pointer crash in `CacheIRCompiler::emitLoadTypedObjectResultShared`, which passes `fail = nullptr` to `MacroAssembler::loadFromTypedArray`, even though `loadFromTypedArray` always uses the `fail` Label for bigint types. IonBuilder.cpp: Ensure we don't create `MLoadUnboxedScalar` or `MStoreUnboxedScalar` for bigint types, because the former always leads to a bailout and the latter asserts when bigint types are used. Differential Revision: https://phabricator.services.mozilla.com/D48333
2c8041858580d5f745e96a8c7483d1501cc91c73: Bug 1589108 Assert that the current realm's global is not gray on entry to the JS API r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Mon, 21 Oct 2019 10:37:41 +0000 - rev 498334
Push 98400 by jcoppeard@mozilla.com at Mon, 21 Oct 2019 10:39:10 +0000
Bug 1589108 Assert that the current realm's global is not gray on entry to the JS API r=jandem Differential Revision: https://phabricator.services.mozilla.com/D49429
8cc5f974bbd0b29acccbdd54431d0a64d8fd70c1: Bug 1527597 - ReserveProcessExecutableMemory should use MAP_NORESERVE r=jandem
Petr Sumbera <petr.sumbera@oracle.com> - Fri, 18 Oct 2019 10:12:15 +0000 - rev 498116
Push 98291 by rmaries@mozilla.com at Fri, 18 Oct 2019 10:21:10 +0000
Bug 1527597 - ReserveProcessExecutableMemory should use MAP_NORESERVE r=jandem Differential Revision: https://phabricator.services.mozilla.com/D49612
933011b28eda1f1ef628a8401e3af9e26f7727e1: Bug 1583088 - [MIPS64]Fix visitCompareI64{AndBranch}, handle the case that rhs operand is on the stack. r=jandem
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> - Mon, 14 Oct 2019 02:46:19 +0000 - rev 497384
Push 97857 by nerli@mozilla.com at Mon, 14 Oct 2019 03:29:24 +0000
Bug 1583088 - [MIPS64]Fix visitCompareI64{AndBranch}, handle the case that rhs operand is on the stack. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D46755
708c71a54bb82541a8922eb616e6e5f267d9e956: Bug 1586992 - [MIPS] Add branch condition '{Not}Signed' in branchSub32. r=jandem
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> - Tue, 08 Oct 2019 09:10:00 +0000 - rev 496735
Push 97401 by jdemooij@mozilla.com at Tue, 08 Oct 2019 09:10:39 +0000
Bug 1586992 - [MIPS] Add branch condition '{Not}Signed' in branchSub32. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D48481
144ebbca6844259fe509194059447dc6fcbdff28: Bug 1574415 - Part 14: Don't allocate Spectre bounds check scratch register when it's unused. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 12:01:13 +0000 - rev 496566
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 14: Don't allocate Spectre bounds check scratch register when it's unused. r=jandem `ta[0] = 0;` emits the following assembly for Ion CacheIR without this patch: ``` [Codegen] emitStoreTypedElement [Codegen] push %rbx [Codegen] push %rbp [Codegen] movl 0x28(%rax), %ebx [Codegen] xorl %r11d, %r11d [Codegen] cmpl %ebx, %edx [Codegen] jae .Lfrom47 [Codegen] cmovae %r11d, %edx [Codegen] movq 0x38(%rax), %rbx [Codegen] movl %ecx, 0x0(%rbx,%rdx,4) ``` When not allocating the unused scratch register for Spectre bounds checks, this assembly is emitted: ``` [Codegen] emitStoreTypedElement [Codegen] push %rdx [Codegen] movl 0x28(%rax), %edx [Codegen] xorl %r11d, %r11d [Codegen] cmpl %edx, %ebx [Codegen] jae .Lfrom46 [Codegen] cmovae %r11d, %ebx [Codegen] movq 0x38(%rax), %rdx [Codegen] movl %ecx, 0x0(%rdx,%rbx,4) ``` Which shows `%rbp` is no longer spilled on the stack, resulting in a minor performance improvement (~3%) on ยต-benchmarks and also avoiding a performance regression (performance is now again on par with the state before this patch series). For comparison this assembly was generated before this patch series: ``` [Codegen] emitStoreTypedElement [Codegen] push %rbx [Codegen] movl 0x28(%rax), %ecx [Codegen] xorl %r11d, %r11d [Codegen] cmpl %ecx, %edx [Codegen] jae .Lfrom44 [Codegen] cmovae %r11d, %edx [Codegen] movq 0x38(%rax), %rcx [Codegen] xorl %ebx, %ebx [Codegen] movl %ebx, 0x0(%rcx,%rdx,4) ``` Differential Revision: https://phabricator.services.mozilla.com/D47762
3dc778bc0ce0ccb1abc83d46f55f202b95a7e771: Bug 1574415 - Part 13: Move emitStoreTypedObjectScalarProperty into CacheIRCompiler. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 12:00:44 +0000 - rev 496565
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 13: Move emitStoreTypedObjectScalarProperty into CacheIRCompiler. r=jandem After adding `emitAddressFromStubField()`, the emitStoreTypedObjectScalarProperty implementations in the Baseline and Ion CacheIR compiler are exactly equal to each other and hence can be moved into CacheIRCompiler. Differential Revision: https://phabricator.services.mozilla.com/D47761
218a81625331fa748ee2723114ed836a09e93694: Bug 1574415 - Part 12: Remove StoreToTypedObject and instead use new guard ops for StoreTypedObjectScalarProperty. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 12:00:19 +0000 - rev 496564
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 12: Remove StoreToTypedObject and instead use new guard ops for StoreTypedObjectScalarProperty. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D47760
1bd9ae4caa0ba3aa9b08743cbd899c0ce052567d: Bug 1574415 - Part 11: Add regression test for StoreTypedObjectScalarProperty clobbered register bug. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:59:54 +0000 - rev 496563
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 11: Add regression test for StoreTypedObjectScalarProperty clobbered register bug. r=jandem Regression test for the fixed TypedObject bug mentioned in part 9. Differential Revision: https://phabricator.services.mozilla.com/D47759
42469f1d04913311bd96876eb106a8fba39d2223: Bug 1574415 - Part 10: Remove no longer used MacroAssembler methods. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:59:35 +0000 - rev 496562
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 10: Remove no longer used MacroAssembler methods. r=jandem These methods are no longer necessary after the changes from part 9. Differential Revision: https://phabricator.services.mozilla.com/D47758
3601bf7917332395df032c833f9903e826ead8e9: Bug 1574415 - Part 9: Move emitStoreTypedElement into CacheIRCompiler. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:59:10 +0000 - rev 496561
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 9: Move emitStoreTypedElement into CacheIRCompiler. r=jandem Changes `LSetPropertyCache` to use `Float0` as a fixed temporary register, which makes it easier to share the implementation between Baseline and Ion. Additionally this fixes a TypedObject bug where `Float0` was clobbered, see the regression test in part 11. Also adds support for `Constant`, `PayloadReg`, and `PayloadStack` operand locations to `CacheRegisterAllocator::ensureDoubleRegister`, which are now needed because the right-hand side in TypedArray assignments can be constants resp. values in payload registers or on the stack. Differential Revision: https://phabricator.services.mozilla.com/D47757
6eead2ab3379aa4818ca3e6d4fc228ade46d4296: Bug 1574415 - Part 8: Remove no longer used MacroAssembler methods. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:58:44 +0000 - rev 496560
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 8: Remove no longer used MacroAssembler methods. r=jandem These methods are no longer necessary after the changes from part 4. Differential Revision: https://phabricator.services.mozilla.com/D47756
c24cec7a2424857b38d5b3e1024c0526fdb03d65: Bug 1574415 - Part 7: Add helper function when guarding int32-or-double to avoid code duplication. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:58:14 +0000 - rev 496559
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 7: Add helper function when guarding int32-or-double to avoid code duplication. r=jandem The SFINAE code can be removed when C++17's if-constexpr is available. Differential Revision: https://phabricator.services.mozilla.com/D47755
1cc3c2eee37ec2c9cd23d6327b8d8f6ca51dccf3: Bug 1574415 - Part 6: Use ScratchTagScope for CacheIRCompiler::emitGuardToInt32Index. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:57:54 +0000 - rev 496558
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 6: Use ScratchTagScope for CacheIRCompiler::emitGuardToInt32Index. r=jandem Similar to emitGuardToInt32ModUint32 and emitGuardToUint8Clamped, ScratchTagScope can be used in emitGuardToInt32Index to avoid splitting the tag two times. The next part will move this code into a shared helper function. Differential Revision: https://phabricator.services.mozilla.com/D47754
f3b48a00be455786162394ad78a8d044349af958: Bug 1574415 - Part 5: Avoid unnecessary move when source and temporary registers are equal. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:57:30 +0000 - rev 496557
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 5: Avoid unnecessary move when source and temporary registers are equal. r=jandem This avoids emitting `movapd %xmm0, %xmm0` for clamp-uint8 code. Differential Revision: https://phabricator.services.mozilla.com/D47753
ef1f7213e654816da44e0963a27adf1510e1ea03: Bug 1574415 - Part 4: Move emitGuardToInt32ModUint32 and emitGuardToUint8Clamped into CacheIRCompiler. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:57:10 +0000 - rev 496556
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 4: Move emitGuardToInt32ModUint32 and emitGuardToUint8Clamped into CacheIRCompiler. r=jandem IonCacheIRCompiler used `MacroAssembler::truncateConstantOrRegisterToInt32` resp. `clampConstantOrRegisterToUint8`, which allowed to handle more types than just int32 and double, but since `SetPropIRGenerator::tryAttachSetTypedElement` only allows number inputs, this code was probably never taken in practice. Therefore the CacheIRCompiler implementation for both methods only handles int32 and double inputs. As an optimisation to generate better assembly and to reduce register pressure, both methods have special-cases for known int32 inputs and are using `ScratchTagScope` to avoid splitting the tag two times. Part 7 will move the duplicated code into a shared helper function. Differential Revision: https://phabricator.services.mozilla.com/D47752
3f73e398ca61d24ddb9f8de379e1c077452ff9b1: Bug 1574415 - Part 3: Add AutoScratchFloatRegister. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:56:44 +0000 - rev 496555
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 3: Add AutoScratchFloatRegister. r=jandem Add a RAII class to spill and restore `Float0` when used as a scratch register when generating Ion CacheIR assembly. It's still possible to generate incorrect code which doesn't properly restore `Float0`, for example through jump instructions, but the RAII class should at least prevent bugs like in `CacheIRCompiler::emitLoadDoubleTruthyResult` where `Float0` wasn't restored for the truthy case. Differential Revision: https://phabricator.services.mozilla.com/D47751
6067d1828df8f7ca054c4a57430e466e1987aa75: Bug 1574415 - Part 2: Remove no longer used template argument and rename 'StoreToTypedArray'. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:56:29 +0000 - rev 496554
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 2: Remove no longer used template argument and rename 'StoreToTypedArray'. r=jandem `StoreToTypedArray` is now only used for TypedObjects and always passes `Address` for the `dest` argument. Differential Revision: https://phabricator.services.mozilla.com/D42811
d2008fdba4af17f45aad4d2ed3f99b21296fb248: Bug 1574415 - Part 1: Move argument conversion for StoreTypedElement to happen before range checks. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 07 Oct 2019 11:56:27 +0000 - rev 496553
Push 97326 by archaeopteryx@coole-files.de at Mon, 07 Oct 2019 16:46:32 +0000
Bug 1574415 - Part 1: Move argument conversion for StoreTypedElement to happen before range checks. r=jandem This ensures CacheIR doesn't completely ignore out-of-bounds writes to TypedArray objects and also enables to use additional scratch registers for bounds-checking. Differential Revision: https://phabricator.services.mozilla.com/D42810
46c2aeec240856f8f86678dc32ed9717ea2f41fd: Bug 1583816 - Store associated JSFunction directly in JSScript r=jandem
Ted Campbell <tcampbell@mozilla.com> - Tue, 01 Oct 2019 18:40:15 +0000 - rev 495857
Push 96907 by tcampbell@mozilla.com at Wed, 02 Oct 2019 04:10:13 +0000
Bug 1583816 - Store associated JSFunction directly in JSScript r=jandem For function JSScripts, store the JSFunction in the BaseScript functionOrGlobal field. This makes JSScript more consistent with the LazyScript behaviour. Differential Revision: https://phabricator.services.mozilla.com/D47070
73734a2e8547b2cc72920c255b933183e70ee8ba: Bug 1583816 - Add BaseScript::functionNonDelazifying() and simplify code r=jandem
Ted Campbell <tcampbell@mozilla.com> - Mon, 30 Sep 2019 08:45:54 +0000 - rev 495594
Push 96709 by tcampbell@mozilla.com at Mon, 30 Sep 2019 12:59:33 +0000
Bug 1583816 - Add BaseScript::functionNonDelazifying() and simplify code r=jandem Instead of checking for canonical function using scope chain, we can directly use the functionOrGlobal field. By moving this to the BaseScript class we can also simplify the debugger acccess. Depends on D47070 Differential Revision: https://phabricator.services.mozilla.com/D47071
2736f38dd2ce83b8711c0db304fcf6cf5b62f56f: Bug 1583816 - Store associated JSFunction directly in JSScript r=jandem
Ted Campbell <tcampbell@mozilla.com> - Mon, 30 Sep 2019 12:57:43 +0000 - rev 495593
Push 96709 by tcampbell@mozilla.com at Mon, 30 Sep 2019 12:59:33 +0000
Bug 1583816 - Store associated JSFunction directly in JSScript r=jandem For function JSScripts, store the JSFunction in the BaseScript functionOrGlobal field. This makes JSScript more consistent with the LazyScript behaviour. Differential Revision: https://phabricator.services.mozilla.com/D47070
c520d4083fa2a2a66f5a6dc14a4f810e0002bad6: Bug 1583860 - Don't access JSScript::realm() off-thread. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Mon, 30 Sep 2019 12:52:50 +0000 - rev 495592
Push 96708 by tcampbell@mozilla.com at Mon, 30 Sep 2019 12:53:37 +0000
Bug 1583860 - Don't access JSScript::realm() off-thread. r=jandem It is no longer safe to access JSScript::realm() off-thread. That is okay because IonBuilder already has a CompileRealm for us to use. Differential Revision: https://phabricator.services.mozilla.com/D47379
004f5255d2fc01ee3e74f5214ea8ea81f0a1c1bc: Bug 1222547 - Remove telemetry. r=jandem
Tom Schuster <evilpies@gmail.com> - Mon, 30 Sep 2019 10:45:55 +0000 - rev 495565
Push 96691 by evilpies@gmail.com at Mon, 30 Sep 2019 10:46:37 +0000
Bug 1222547 - Remove telemetry. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D47414
ee339b902006a015bdf6ca9e649de4bd6c408e5e: Bug 1222547 - Remove JavaScript Array generics. r=jandem
Tom Schuster <evilpies@gmail.com> - Mon, 30 Sep 2019 10:45:55 +0000 - rev 495564
Push 96691 by evilpies@gmail.com at Mon, 30 Sep 2019 10:46:37 +0000
Bug 1222547 - Remove JavaScript Array generics. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D46817
a864ed2ae59a54616d40dabc67265ab4341a73a8: Bug 1578951 - Mark poisoned zone pointer as defined before checking its contents r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Mon, 30 Sep 2019 08:54:17 +0000 - rev 495549
Push 96683 by jcoppeard@mozilla.com at Mon, 30 Sep 2019 10:09:26 +0000
Bug 1578951 - Mark poisoned zone pointer as defined before checking its contents r=jandem Marking Arena::zone as defined before the assertion should fix this. Looking at this again, I should have make this MakeNoAccess in the first place, so I did that too. Differential Revision: https://phabricator.services.mozilla.com/D47433
1e0685b06c61f350da1973d419223883ba64d3e2: Bug 1488551 - followup: remove unused constructor `TypedOperandId(NumberOperandId id)`. r=jandem
Tetsuharu OHZEKI <tetsuharu.ohzeki@gmail.com> - Fri, 27 Sep 2019 09:48:01 +0000 - rev 495332
Push 96555 by tetsuharu.ohzeki@gmail.com at Fri, 27 Sep 2019 10:20:38 +0000
Bug 1488551 - followup: remove unused constructor `TypedOperandId(NumberOperandId id)`. r=jandem I added this constructor to sort with other types. However, it was mistake. We don't use it. Differential Revision: https://phabricator.services.mozilla.com/D47407
311d8c50d88b1603a4e861eb50a8aeec12aebae5: Bug 1222547 - Remove JavaScript Array generics. r=jandem
Tom Schuster <evilpies@gmail.com> - Thu, 26 Sep 2019 20:43:32 +0000 - rev 495199
Push 96513 by evilpies@gmail.com at Thu, 26 Sep 2019 21:31:15 +0000
Bug 1222547 - Remove JavaScript Array generics. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D46817
cfe458fd3f84c30351572cec5cc8146f5c5fe34c: Bug 1578339 addendum - Avoid function calls in ASCIIness and Latin1ness checking and conversion between Latin1 and UTF-16 for short strings. r=jandem
Henri Sivonen <hsivonen@hsivonen.fi> - Thu, 26 Sep 2019 12:46:16 +0000 - rev 495116
Push 96444 by hsivonen@mozilla.com at Thu, 26 Sep 2019 12:47:05 +0000
Bug 1578339 addendum - Avoid function calls in ASCIIness and Latin1ness checking and conversion between Latin1 and UTF-16 for short strings. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D47072
5bafb70dd2f91ae572e196796dd2e1f5f89d7cd6: Bug 1581695 - [MIPS] Introduce function cmp32Load32. r=jandem
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> - Thu, 26 Sep 2019 08:15:06 +0000 - rev 495076
Push 96411 by jdemooij@mozilla.com at Thu, 26 Sep 2019 08:17:11 +0000
Bug 1581695 - [MIPS] Introduce function cmp32Load32. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D46701
153482073368465845666344d84ec51d5b404f5c: Bug 1548044 - Handle unknownProperties as result of AutoSweepObjectGroup r=jandem,iain
Ted Campbell <tcampbell@mozilla.com> - Tue, 24 Sep 2019 19:55:27 +0000 - rev 494814
Push 96251 by tcampbell@mozilla.com at Tue, 24 Sep 2019 23:07:21 +0000
Bug 1548044 - Handle unknownProperties as result of AutoSweepObjectGroup r=jandem,iain Differential Revision: https://phabricator.services.mozilla.com/D29575
e35199501a974eb8c6582d4c5a0e87e3d4932f68: Bug 1568245 - Move JSScript::global to BaseScript. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Mon, 23 Sep 2019 19:47:28 +0000 - rev 494591
Push 96103 by tcampbell@mozilla.com at Mon, 23 Sep 2019 20:53:43 +0000
Bug 1568245 - Move JSScript::global to BaseScript. r=jandem Combine the LazyScript::function_ and JSScript::global_ fields into the BaseScript type. This provides a common definition of script realm and compartment. Currently a non-lazy function script will set this to point this to the global, but in future it should be made to point to canonical function for both the lazy and non-lazy cases. Differential Revision: https://phabricator.services.mozilla.com/D40520
39ce2fcdbbffad7a1d4a0154ef8c8ebcfb42aa40: Bug 1568245 - Replace JSScript::realm with JSScript::global. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Mon, 23 Sep 2019 19:50:40 +0000 - rev 494590
Push 96103 by tcampbell@mozilla.com at Mon, 23 Sep 2019 20:53:43 +0000
Bug 1568245 - Replace JSScript::realm with JSScript::global. r=jandem The realm can be read off the global object and we can remove one step in the mergeRealms code. Differential Revision: https://phabricator.services.mozilla.com/D40519
08f14e478d360239ee9c66b4a1c6e1043952e1fc: Bug 1582050 - Test bug 1561567 JS_EncodeStringToUTF8BufferPartial without DOM code. r=jandem
Henri Sivonen <hsivonen@hsivonen.fi> - Thu, 19 Sep 2019 14:42:36 +0000 - rev 494199
Push 95882 by hsivonen@mozilla.com at Fri, 20 Sep 2019 05:53:12 +0000
Bug 1582050 - Test bug 1561567 JS_EncodeStringToUTF8BufferPartial without DOM code. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D46131
ddb780b79de0a0ca9156a7a58ecc9db6ba550824: Bug 1581005 - Detect UBSan support via getBuildConfiguration in TestingFunctions.cpp, r=jandem
Gary Kwong <nth10sd@gmail.com> - Tue, 17 Sep 2019 08:03:28 +0000 - rev 494180
Push 95869 by malexandru@mozilla.com at Fri, 20 Sep 2019 03:00:42 +0000
Bug 1581005 - Detect UBSan support via getBuildConfiguration in TestingFunctions.cpp, r=jandem Differential Revision: https://phabricator.services.mozilla.com/D45767
5f8895bf4c3f16e462f84faaeed231b8287791b9: Bug 1575055 - Avoid duplicating CompileOptions constructor code. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Wed, 18 Sep 2019 15:05:53 +0000 - rev 493866
Push 95723 by tcampbell@mozilla.com at Wed, 18 Sep 2019 16:31:11 +0000
Bug 1575055 - Avoid duplicating CompileOptions constructor code. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D42562
b36b8d13ebb9c375024b8a5dae052188af90a2f8: Bug 1575055 - Remove redundant overrides in ReadOnlyCompileOptions. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Wed, 18 Sep 2019 15:05:46 +0000 - rev 493865
Push 95723 by tcampbell@mozilla.com at Wed, 18 Sep 2019 16:31:11 +0000
Bug 1575055 - Remove redundant overrides in ReadOnlyCompileOptions. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D42561
012adaacab67fcd2e6c6cf90d2fcbff46b338378: Bug 1575055 - Unify JS::CompileOptions::canLazilyParse and forceFullParse_. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Wed, 18 Sep 2019 15:05:42 +0000 - rev 493864
Push 95723 by tcampbell@mozilla.com at Wed, 18 Sep 2019 16:31:11 +0000
Bug 1575055 - Unify JS::CompileOptions::canLazilyParse and forceFullParse_. r=jandem If either the Realm or the request needs full-parsing, we disable lazy parsing. Differential Revision: https://phabricator.services.mozilla.com/D42560
4e215473fc09ffe12c56500aadc94ce369f7053d: Bug 1575055 - Privatize js::CompileOptions::strictMode. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Wed, 18 Sep 2019 15:05:35 +0000 - rev 493863
Push 95723 by tcampbell@mozilla.com at Wed, 18 Sep 2019 16:31:11 +0000
Bug 1575055 - Privatize js::CompileOptions::strictMode. r=jandem We already have an accessor to make sure this is can only be set but not cleared so hide the underlying storage. Differential Revision: https://phabricator.services.mozilla.com/D42559
74ea9b874cda24fc8d4d013a37c863ada6faa044: Bug 1575055 - Remove unused CompileOptions::setIntroductionScript. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Wed, 18 Sep 2019 15:05:28 +0000 - rev 493862
Push 95723 by tcampbell@mozilla.com at Wed, 18 Sep 2019 16:31:11 +0000
Bug 1575055 - Remove unused CompileOptions::setIntroductionScript. r=jandem We should always use setIntroductionInfo instead. Differential Revision: https://phabricator.services.mozilla.com/D46294
c7d88625df86c1ee5932292c955e9d912cadebe9: Bug 1561573 - Avoid linearization and inflation to UTF-16 of the string input to TextEncoder. r=jandem,bzbarsky
Henri Sivonen <hsivonen@hsivonen.fi> - Wed, 18 Sep 2019 08:26:52 +0000 - rev 493755
Push 95669 by hsivonen@mozilla.com at Wed, 18 Sep 2019 08:30:40 +0000
Bug 1561573 - Avoid linearization and inflation to UTF-16 of the string input to TextEncoder. r=jandem,bzbarsky Differential Revision: https://phabricator.services.mozilla.com/D44121
c7301314dcfcbeddffccf02d90504d465a8cf871: Bug 1568427 - Add {expectExceptionOnFailure: false} to test r=jandem
Paul Bone <pbone@mozilla.com> - Tue, 17 Sep 2019 08:10:30 +0000 - rev 493707
Push 95649 by pbone@mozilla.com at Wed, 18 Sep 2019 04:30:33 +0000
Bug 1568427 - Add {expectExceptionOnFailure: false} to test r=jandem Differential Revision: https://phabricator.services.mozilla.com/D46112