searching for reviewer(jandem)
3ed6ba663393f341de7dbb57929dce52f9063ee2: Bug 1709216: Add copyToScratchValueRegister to fix x86 r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 12 May 2021 01:54:40 +0000 - rev 579438
Push 38456 by nbeleuzu@mozilla.com at Wed, 12 May 2021 09:42:13 +0000
Bug 1709216: Add copyToScratchValueRegister to fix x86 r=jandem `useFixedValueRegister` was unused (since bug 1673553 part 94, I think), so I cannibalized it for spare parts. Differential Revision: https://phabricator.services.mozilla.com/D114769
e7c46af18072cea9efb8be90227881524b906a3f: Bug 1709216: Transpile SameValueResult r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 12 May 2021 01:54:39 +0000 - rev 579437
Push 38456 by nbeleuzu@mozilla.com at Wed, 12 May 2021 09:42:13 +0000
Bug 1709216: Transpile SameValueResult r=jandem Depends on D114258 Differential Revision: https://phabricator.services.mozilla.com/D114259
31d61c8494d04d2d76aa2087b6e1279b26f4a2f1: Bug 1709216: Rename SameValue MIR op r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 12 May 2021 01:54:39 +0000 - rev 579436
Push 38456 by nbeleuzu@mozilla.com at Wed, 12 May 2021 09:42:13 +0000
Bug 1709216: Rename SameValue MIR op r=jandem Rename this to make room for the next patch to use that name when transpiling SameValueResult. Depends on D114257 Differential Revision: https://phabricator.services.mozilla.com/D114258
d10063d1349d834c15ccdc11bdac3ba0363ab083: Bug 1709216: Optimize polymorphic Object.is in CacheIR r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 12 May 2021 01:54:38 +0000 - rev 579435
Push 38456 by nbeleuzu@mozilla.com at Wed, 12 May 2021 09:42:13 +0000
Bug 1709216: Optimize polymorphic Object.is in CacheIR r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114257
60d0ce3bf4d49c0840a1de2e626dbea0bae63cf6: Bug 1710140: Improve test coverage of inlined bailout code r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 11 May 2021 18:22:47 +0000 - rev 579405
Push 38455 by csabou@mozilla.com at Wed, 12 May 2021 04:08:16 +0000
Bug 1710140: Improve test coverage of inlined bailout code r=jandem While removing dead code I accidentally broke getters and setters, and noticed that only setters currently have coverage (ion/bug765454.js), so I'm adding a testcase for bailing out inlined getters as well. Driveby: I've had a local patch floating around for a while to tweak trial inlining jitspew, but I've been too lazy to open a bug and land it; this is just related enough to justify folding it in. Differential Revision: https://phabricator.services.mozilla.com/D114768
99bb49a1cf897e2005ae6fd96f1fe3d3eff40788: Bug 1710126 - Use the PropertyDescriptor constructors for NativeGetOwnPropertyDescriptor. r=jandem
Tom Schuster <evilpies@gmail.com> - Tue, 11 May 2021 17:29:18 +0000 - rev 579395
Push 38454 by smolnar@mozilla.com at Tue, 11 May 2021 21:39:06 +0000
Bug 1710126 - Use the PropertyDescriptor constructors for NativeGetOwnPropertyDescriptor. r=jandem I am not sure if we should preserve parts of the accessor comment, because the constructor always create complete descriptor now. In the future switching GetPropertyAttributes to return JS::PropertyAttributes seems like a good idea. Depends on D114838 Differential Revision: https://phabricator.services.mozilla.com/D114839
e4230a851bd54be58eb271cb8210be00807f954e: Bug 1710126 - Create complete AccessorDescriptors. r=jandem
Tom Schuster <evilpies@gmail.com> - Tue, 11 May 2021 17:29:18 +0000 - rev 579394
Push 38454 by smolnar@mozilla.com at Tue, 11 May 2021 21:39:06 +0000
Bug 1710126 - Create complete AccessorDescriptors. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114838
8a523f660b21d8704a34e7de9e3d57629b71d4dc: Bug 1707792 - Store self-hosted canonical name in extended slot. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Tue, 11 May 2021 12:48:21 +0000 - rev 579352
Push 38453 by cbrindusan@mozilla.com at Tue, 11 May 2021 16:15:28 +0000
Bug 1707792 - Store self-hosted canonical name in extended slot. r=jandem Now, when _SetCanonicalName is used, store the canonical name on the extended slot instead of clobbering the display name. This ensures the function names in the self-hosted realm match their binding names and the original source code for better clarity. Instead we apply the canonical name during function cloning where special cases already needed to exist to find the "original" name. The net result should be easier to understand. Differential Revision: https://phabricator.services.mozilla.com/D113455
2a4d6457ef7e6b798f15fa5be6908ddb41eba8e9: Bug 1710126 - Make PropertyDescriptor getter and setter private. r=jandem
Tom Schuster <evilpies@gmail.com> - Tue, 11 May 2021 11:03:25 +0000 - rev 579334
Push 38453 by cbrindusan@mozilla.com at Tue, 11 May 2021 16:15:28 +0000
Bug 1710126 - Make PropertyDescriptor getter and setter private. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114637
3f1f2606b45fedd5ac295b28a289924298a39800: Bug 1710126 - Make PropertyDescriptor attrs private. r=jandem
Tom Schuster <evilpies@gmail.com> - Tue, 11 May 2021 11:03:24 +0000 - rev 579333
Push 38453 by cbrindusan@mozilla.com at Tue, 11 May 2021 16:15:28 +0000
Bug 1710126 - Make PropertyDescriptor attrs private. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114636
41ba96d381e49ce5a01cd74b80ae8af88ac04f4f: Bug 1710126 - Remove setGetter/setSetter. r=jandem
Tom Schuster <evilpies@gmail.com> - Tue, 11 May 2021 11:03:24 +0000 - rev 579332
Push 38453 by cbrindusan@mozilla.com at Tue, 11 May 2021 16:15:28 +0000
Bug 1710126 - Remove setGetter/setSetter. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114635
500e969f0c545e040c8e14ce8a18c5f3e5d000c9: Bug 1709541 - Disable failing tests for wasi. r=jandem
Dmitry Bezhetskov <dbezhetskov@igalia.com> - Mon, 10 May 2021 05:58:34 +0000 - rev 579201
Push 38449 by abutkovits@mozilla.com at Mon, 10 May 2021 09:35:55 +0000
Bug 1709541 - Disable failing tests for wasi. r=jandem There are only two failing tests. First one bug908915.js failed because of the lack of OSObject.cpp::ResolvePath support for wasi. The second one is failed because it exceeds the recursion limit. Differential Revision: https://phabricator.services.mozilla.com/D114325
d9ada5c21801892bc5ed2472a463ddfbd5bbf907: Bug 1709328: Fix baseline IC register assignment for GetElemSuper r=jandem
Iain Ireland <iireland@mozilla.com> - Fri, 07 May 2021 17:23:18 +0000 - rev 578897
Push 38445 by imoraru@mozilla.com at Fri, 07 May 2021 21:46:25 +0000
Bug 1709328: Fix baseline IC register assignment for GetElemSuper r=jandem When bug 1472211 reordered the operands of GetElemSuper, we got our register assignments out of sync. Our GetElemSuper baseline ICs have been silently failing ever since. This patch re-establishes a consistent assignment between BaselineCodeGen::emit_GetElemSuper, GetPropIRGenerator, and BaselineCacheIRCompiler::init: obj = input operand 0 = baseline frame slot 0 id/key = input operand 1 = R1 receiver = input operand 2 = R0 We have a testcase for megamorphic GetElemSuper, but it didn't catch this bug because our ICs just failed silently (either because a property name is not a valid receiver, or because the superbase object is not a valid property name) and let the fallback handle it. The testcase I've attached to this bug doesn't fail prior to bug 1661211 part 1, where we added support for non-object receivers for GetElemSuper, but I checked out old revisions immediately before and after bug 1472211 and verified in rr that GetNativeDataPropertyByValuePure was passed the correct id before, and the receiver object after. Drive-by: while investigating this bug, I realized that `attachMegamorphicNativeSlot` had an unused argument left over from TI removal. Differential Revision: https://phabricator.services.mozilla.com/D114513
ca806eb90637cdb7f0b234731c7884af87146512: Bug 1709216: Transpile SameValueResult r=jandem
Iain Ireland <iireland@mozilla.com> - Fri, 07 May 2021 17:23:03 +0000 - rev 578896
Push 38445 by imoraru@mozilla.com at Fri, 07 May 2021 21:46:25 +0000
Bug 1709216: Transpile SameValueResult r=jandem Depends on D114258 Differential Revision: https://phabricator.services.mozilla.com/D114259
22fd0e89588075bde59a7a20245dada84d2fe4f0: Bug 1709216: Rename SameValue MIR op r=jandem
Iain Ireland <iireland@mozilla.com> - Fri, 07 May 2021 17:23:02 +0000 - rev 578895
Push 38445 by imoraru@mozilla.com at Fri, 07 May 2021 21:46:25 +0000
Bug 1709216: Rename SameValue MIR op r=jandem Rename this to make room for the next patch to use that name when transpiling SameValueResult. Depends on D114257 Differential Revision: https://phabricator.services.mozilla.com/D114258
205a40a5ac832c321d52fcef502f41671e12a4fd: Bug 1709216: Optimize polymorphic Object.is in CacheIR r=jandem
Iain Ireland <iireland@mozilla.com> - Fri, 07 May 2021 17:23:02 +0000 - rev 578894
Push 38445 by imoraru@mozilla.com at Fri, 07 May 2021 21:46:25 +0000
Bug 1709216: Optimize polymorphic Object.is in CacheIR r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114257
f5df2bb65b1846a53f7db5e0dc98d558a8a76c96: Bug 1708698 - Remove object from PropertyDescriptor in js/src. r=jandem
Tom Schuster <evilpies@gmail.com> - Fri, 07 May 2021 12:29:05 +0000 - rev 578848
Push 38445 by imoraru@mozilla.com at Fri, 07 May 2021 21:46:25 +0000
Bug 1708698 - Remove object from PropertyDescriptor in js/src. r=jandem Some of this code could be updated later to use PropertyDescriptor::Data. Differential Revision: https://phabricator.services.mozilla.com/D113977
6b9eba096472cf45934c138e03985f43825b6db3: Bug 1709288 - Remove unused input for NewArray cache kind r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Fri, 07 May 2021 08:10:57 +0000 - rev 578824
Push 38444 by nbeleuzu@mozilla.com at Fri, 07 May 2021 16:18:55 +0000
Bug 1709288 - Remove unused input for NewArray cache kind r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114213
11741e1b7f7070c5801510b70962899b29b9f763: Bug 1700443: Remove JS_OPTIMIZED_ARGUMENTS r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:28 +0000 - rev 578510
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Remove JS_OPTIMIZED_ARGUMENTS r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114175
e2cacd540779a7585a42c521b542082a7a5e0cb5: Bug 1700443: Remove AnalysisMode r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:27 +0000 - rev 578509
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Remove AnalysisMode r=jandem Depends on D114173 Differential Revision: https://phabricator.services.mozilla.com/D114174
1738078ae0735fffbf34458028b518d25c047450: Bug 1700443: Clean up SetFrameArgumentsObject r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:27 +0000 - rev 578508
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Clean up SetFrameArgumentsObject r=jandem The only remaining caller of SetFrameArgumentsObject is FinishBailoutToBaseline. Depends on D114172 Differential Revision: https://phabricator.services.mozilla.com/D114173
43d61f75ce6f0285befe8e0d6fc50eecbbaff557: Bug 1700443: Clean up EnvironmentObject and Debugger r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:26 +0000 - rev 578507
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Clean up EnvironmentObject and Debugger r=jandem There's a separate usecase here that overloaded JS_OPTIMIZED_ARGUMENTS. getMissingArgumentsMaybeSentinelValue returns JS_OPTIMIZED_ARGUMENTS if it can't recreate the arguments object. The comment on createMissingArguments explains that this occurs if the environment is dead; see `tests/debug/Frame-eval-12.js`, where we return an inner function that subsequently tries to access its parent's arguments. There's a bunch of code on the devtools side of the wall to handle this case, and we have test coverage, so instead of ripping this out I'm just rewriting it to use a different magic value. Depends on D114171 Differential Revision: https://phabricator.services.mozilla.com/D114172
1532bdab7a744335c28c7049b4d48c45115aa92b: Bug 1700443: Remove MIRType::MagicOptimizedArguments r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:26 +0000 - rev 578506
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Remove MIRType::MagicOptimizedArguments r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114171
de19cbf586247f426c8881ecf2f36b6c035026a4: Bug 1700443: Remove FunApplyMagicArgs r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:26 +0000 - rev 578505
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Remove FunApplyMagicArgs r=jandem Depends on D114169 Differential Revision: https://phabricator.services.mozilla.com/D114170
f0c3565b1841cfc688a383db75ac2f616e32a34e: Bug 1700443: Remove dead CacheIR ops r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:25 +0000 - rev 578504
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Remove dead CacheIR ops r=jandem The next patch removes CallFlags::FunApplyMagicArgs. Depends on D114036 Differential Revision: https://phabricator.services.mozilla.com/D114169
97a240f4593b955fd1b37b6d56cb0cb72917ade2: Bug 1700443: Clean up CompileInfo r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:25 +0000 - rev 578503
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Clean up CompileInfo r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114036
2d6ddfca0a019775428a58423b005f51dc919ea5: Bug 1700443: Simplify JSScript flags for arguments r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:24 +0000 - rev 578502
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Simplify JSScript flags for arguments r=jandem After the previous patches, JSScript still has three flags related to arguments analysis. Two of them are immutable (`argumentsHasVarBinding` and `alwaysNeedsArgsObj`), and one is mutable (`needsArgsObj`). We can simplify this down to just `needsArgsObj`, which is now immutable. After the simplification, there's no longer any difference between `argsObjAliasesFormals` and `argumentsAliasesFormals`. Depends on D114034 Differential Revision: https://phabricator.services.mozilla.com/D114035
c7784fbc5ac7fb4720b2f3e9f5af9b17e484ea72: Bug 1700443: Clean up BaselineCodeGen r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:24 +0000 - rev 578501
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Clean up BaselineCodeGen r=jandem The `HAS_ARGS_OBJ` flag in BaselineFrame needs to stick around for the baseline interpreter, but it's immutable for the baseline compiler. (The next patch will move `needsArgsObj` from MutableFlags to ImmutableFlags.) Depends on D114033 Differential Revision: https://phabricator.services.mozilla.com/D114034
bf132d76a3578c35a08c5591a3e5a7cf6e3cc61e: Bug 1700443: Remove argumentsOptimizationFailed r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:24 +0000 - rev 578500
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Remove argumentsOptimizationFailed r=jandem Depends on D114032 Differential Revision: https://phabricator.services.mozilla.com/D114033
ce61dab689b9c19687084f9b97b98dc062c8e007: Bug 1700443: Remove AnalyzeArgumentsUsage r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:51:23 +0000 - rev 578499
Push 38434 by nbeleuzu@mozilla.com at Wed, 05 May 2021 04:13:36 +0000
Bug 1700443: Remove AnalyzeArgumentsUsage r=jandem This patch removes the `needsArgsAnalysis` flag. Other flags will be cleaned up in a later patch. Differential Revision: https://phabricator.services.mozilla.com/D114032
8c70ab56a19b852538d9f3c7bfb980e53e56ff6d: Bug 1708839: Add implicit use after folding away fallible unbox r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 04 May 2021 17:41:09 +0000 - rev 578497
Push 38433 by nbeleuzu@mozilla.com at Tue, 04 May 2021 21:49:50 +0000
Bug 1708839: Add implicit use after folding away fallible unbox r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114165
46a0dd3508e99600445e9ca4102b0b10a7070bf1: Bug 1708722 - Move error reporting APIs to a new public header r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Tue, 04 May 2021 10:55:52 +0000 - rev 578419
Push 38433 by nbeleuzu@mozilla.com at Tue, 04 May 2021 21:49:50 +0000
Bug 1708722 - Move error reporting APIs to a new public header r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113993
ef8d7ecb8fd19af57e8c27a152e7a2ddf3029794: Bug 1708472 - Part 4: Remove template object from NewArray fallback stub r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Tue, 04 May 2021 09:32:29 +0000 - rev 578414
Push 38433 by nbeleuzu@mozilla.com at Tue, 04 May 2021 21:49:50 +0000
Bug 1708472 - Part 4: Remove template object from NewArray fallback stub r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113926
f8141bca192aa204ac0aad6ae04b9256e08fa58a: Bug 1708472 - Part 1: Transpile optimised NewArray stub along the same lines as for NewObject r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Tue, 04 May 2021 09:32:28 +0000 - rev 578411
Push 38433 by nbeleuzu@mozilla.com at Tue, 04 May 2021 21:49:50 +0000
Bug 1708472 - Part 1: Transpile optimised NewArray stub along the same lines as for NewObject r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113923
e4c8bc9f6f349f829ac17fdba6508fda6e5c2ada: Bug 1708722 - Move error reporting APIs to a new public header r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Tue, 04 May 2021 08:52:17 +0000 - rev 578404
Push 38433 by nbeleuzu@mozilla.com at Tue, 04 May 2021 21:49:50 +0000
Bug 1708722 - Move error reporting APIs to a new public header r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113993
fc9efe606084d11e68964a0198066ae7af71dc35: Bug 1706937 - Cleanup JS source-element callback. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Mon, 03 May 2021 20:08:06 +0000 - rev 578359
Push 38431 by malexandru@mozilla.com at Tue, 04 May 2021 03:35:21 +0000
Bug 1706937 - Cleanup JS source-element callback. r=jandem Rename the JSGetElementCallback hook to JSSourceElementCallback to avoid confusion with GetElement operations. Differential Revision: https://phabricator.services.mozilla.com/D113985
880a6c906c5b49a79290644bb0b3c1be8ba66136: Bug 1706937 - Handle nuked CCWs in JS shell source element hook. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Mon, 03 May 2021 20:08:06 +0000 - rev 578358
Push 38431 by malexandru@mozilla.com at Tue, 04 May 2021 03:35:21 +0000
Bug 1706937 - Handle nuked CCWs in JS shell source element hook. r=jandem While the shell uses a private value on the ScriptSourceObject that always has an "element" property, due to CCW nuking we may wind up with a dead-proxy object instead. Handle this case explicitly to avoid failing asserts below. Differential Revision: https://phabricator.services.mozilla.com/D113876
f74fa1d368c7088ed0b2ee7b8d2c68932d322081: Bug 1681371 - Ship the .at() proposal. r=jandem,jorendorff
Tom Schuster <evilpies@gmail.com> - Mon, 03 May 2021 17:49:26 +0000 - rev 578326
Push 38430 by cbrindusan@mozilla.com at Mon, 03 May 2021 21:42:10 +0000
Bug 1681371 - Ship the .at() proposal. r=jandem,jorendorff Differential Revision: https://phabricator.services.mozilla.com/D102453
34701bb8b646960d217e13c2461733d624d27559: Bug 1708698 - Add PropertyDescriptor::Data and Accessor. r=jandem
Tom Schuster <evilpies@gmail.com> - Mon, 03 May 2021 14:29:21 +0000 - rev 578312
Push 38430 by cbrindusan@mozilla.com at Mon, 03 May 2021 21:42:10 +0000
Bug 1708698 - Add PropertyDescriptor::Data and Accessor. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D114004
e9316277cf28f084f8ff8f0dd67db8c608bfe883: Bug 1706404 - Use Maybe<PropertyDescriptor> for JS_GetPropertyDescriptor in js/. r=jandem
Tom Schuster <evilpies@gmail.com> - Thu, 29 Apr 2021 19:16:43 +0000 - rev 578039
Push 38420 by apavel@mozilla.com at Fri, 30 Apr 2021 09:28:29 +0000
Bug 1706404 - Use Maybe<PropertyDescriptor> for JS_GetPropertyDescriptor in js/. r=jandem Depends on D113660 Differential Revision: https://phabricator.services.mozilla.com/D113661
b50507879a6bb9805af5e25cbee04a5ef793b3f1: Bug 1706404 - Use Maybe<PropertyDescriptor> for JS_GetPropertyDescriptor in js/. r=jandem
Tom Schuster <evilpies@gmail.com> - Thu, 29 Apr 2021 17:36:49 +0000 - rev 578022
Push 38419 by nbeleuzu@mozilla.com at Thu, 29 Apr 2021 21:42:31 +0000
Bug 1706404 - Use Maybe<PropertyDescriptor> for JS_GetPropertyDescriptor in js/. r=jandem Depends on D113660 Differential Revision: https://phabricator.services.mozilla.com/D113661
b3e0ea87a16c688b3136b1a0cb375dd9e3510408: Bug 1706309 - Part 4: Remove template object from NewObject fallback stub r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Thu, 29 Apr 2021 13:54:31 +0000 - rev 577980
Push 38419 by nbeleuzu@mozilla.com at Thu, 29 Apr 2021 21:42:31 +0000
Bug 1706309 - Part 4: Remove template object from NewObject fallback stub r=jandem Now this is no longer used we can remove the tempalte object from the fallback stub. Differential Revision: https://phabricator.services.mozilla.com/D113659
2bd28edb7d3627824905af9ae60c6fb19940ea70: Bug 1706309 - Part 2: Transpile NewPlainObject stub in warp r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Thu, 29 Apr 2021 13:54:30 +0000 - rev 577978
Push 38419 by nbeleuzu@mozilla.com at Thu, 29 Apr 2021 21:42:31 +0000
Bug 1706309 - Part 2: Transpile NewPlainObject stub in warp r=jandem This transpiles the optimized stub for NewObject operations and removes WarpNewObject. I'm not sure whether to suppress bailout generation or not in WarpScriptOracle::maybeInlineIC. Iain said this was important but it doesn't seem to make any difference. Differential Revision: https://phabricator.services.mozilla.com/D112723
f6072f619f27ad672535e02839310997bb1a731d: Bug 1706309 - Part 1: Remove the limitation on number of dynamic slots when attaching plain object stub r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Thu, 29 Apr 2021 13:54:29 +0000 - rev 577977
Push 38419 by nbeleuzu@mozilla.com at Thu, 29 Apr 2021 21:42:31 +0000
Bug 1706309 - Part 1: Remove the limitation on number of dynamic slots when attaching plain object stub r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113658
d9c03de428128354944801f24fd2aea65c0b476b: Bug 1706694 - Simplify use of Add/RemoveCellMemory r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Wed, 28 Apr 2021 08:55:54 +0000 - rev 577795
Push 38416 by malexandru@mozilla.com at Wed, 28 Apr 2021 21:55:23 +0000
Bug 1706694 - Simplify use of Add/RemoveCellMemory r=jandem These already check whether the associated cell is tenured so we can remove the extra checks. Depends on D113317 Differential Revision: https://phabricator.services.mozilla.com/D113506
abfa26f32f96833e7c7f925c23e7851de4b4d3e3: Bug 1706694 - Tidy string flattening to use JSRope* in a few more places r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Wed, 28 Apr 2021 08:55:53 +0000 - rev 577794
Push 38416 by malexandru@mozilla.com at Wed, 28 Apr 2021 21:55:23 +0000
Bug 1706694 - Tidy string flattening to use JSRope* in a few more places r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113317
1d6f87631df729ae076d9d8ce5a4ae7f54491340: Bug 1706694 - Don't overwrite leftmost rope's internals at the start when reusing the leftmost child buffer in string flattening r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Wed, 28 Apr 2021 08:55:53 +0000 - rev 577793
Push 38416 by malexandru@mozilla.com at Wed, 28 Apr 2021 21:55:23 +0000
Bug 1706694 - Don't overwrite leftmost rope's internals at the start when reusing the leftmost child buffer in string flattening r=jandem This is unnecessary and was causing problems. We can leave the leftmost rope to be handled in the same way as all the other ropes, and move the special case to just avoid copying the chars when reusing the leftmost buffer. The problem was that now we always barrier ropes, before overwriting the left child pointer with the parent pointer. If this happens during incremental GC we must ensure we haven't already overwritten this pointer we the buffer pointer. This patch also moves changing the leftmost string into a dependent string until the end. Depends on D113316 Differential Revision: https://phabricator.services.mozilla.com/D113503
a47a2921119cea73dcc8fd97b85501deefab2f2e: Bug 1706694 - When flattening ropes, store the parent pointer in the left child field rather than overwriting the cell header r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Wed, 28 Apr 2021 08:55:53 +0000 - rev 577792
Push 38416 by malexandru@mozilla.com at Wed, 28 Apr 2021 21:55:23 +0000
Bug 1706694 - When flattening ropes, store the parent pointer in the left child field rather than overwriting the cell header r=jandem This moves the part that sets the charater data pointer to finish_node as this also shares this field. We pass the parent pointer (and flags) into first_visit_node and set these after we've extracted the left child pointer. Differential Revision: https://phabricator.services.mozilla.com/D113316
e986a5e437c233adf150ebf045e23a5c27380236: Bug 1706314: Add OSR guards for mismatched phis r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 27 Apr 2021 21:17:26 +0000 - rev 577720
Push 38413 by abutkovits@mozilla.com at Wed, 28 Apr 2021 03:32:08 +0000
Bug 1706314: Add OSR guards for mismatched phis r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113417
fef6eb0de42b7f8fb3e50dbc454611f3a04b0e8f: Bug 1706314: Back out previous fix r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 27 Apr 2021 21:17:25 +0000 - rev 577719
Push 38413 by abutkovits@mozilla.com at Wed, 28 Apr 2021 03:32:08 +0000
Bug 1706314: Back out previous fix r=jandem Differential Revision: https://phabricator.services.mozilla.com/D113416