searching for reviewer(jandem)
ee459022f97b346cd2a0f323c77de4680c38bd57: Bug 1767525 - Enable ShadowRealms test262 tests under flag r=jandem
Matthew Gaudet <mgaudet@mozilla.com> - Tue, 28 Jun 2022 22:04:17 +0000 - rev 622401
Push 39912 by mlaza@mozilla.com at Wed, 29 Jun 2022 03:44:30 +0000
Bug 1767525 - Enable ShadowRealms test262 tests under flag r=jandem Differential Revision: https://phabricator.services.mozilla.com/D146238
de7cd72a119c7301d185c882739ac3f6c6822378: Bug 1767525 - Implement (under a flag) ShadowRealm constructor and evaluate function. r=jandem
Matthew Gaudet <mgaudet@mozilla.com> - Tue, 28 Jun 2022 22:04:16 +0000 - rev 622399
Push 39912 by mlaza@mozilla.com at Wed, 29 Jun 2022 03:44:30 +0000
Bug 1767525 - Implement (under a flag) ShadowRealm constructor and evaluate function. r=jandem Shell only, without HostInitializeShadowRealm, nor importValue Differential Revision: https://phabricator.services.mozilla.com/D146236
a198b08932204c4317a802e3afa7aa6a215e21e1: Bug 1767525 - Enable ShadowRealms test262 tests under flag r=jandem
Matthew Gaudet <mgaudet@mozilla.com> - Mon, 27 Jun 2022 21:17:35 +0000 - rev 622211
Push 39910 by bszekely@mozilla.com at Tue, 28 Jun 2022 09:16:40 +0000
Bug 1767525 - Enable ShadowRealms test262 tests under flag r=jandem Differential Revision: https://phabricator.services.mozilla.com/D146238
9a3bf794ec6dbfe9f5b32fb61cd6217ca8261f83: Bug 1767525 - Implement (under a flag) ShadowRealm constructor and evaluate function. r=jandem
Matthew Gaudet <mgaudet@mozilla.com> - Mon, 27 Jun 2022 21:17:34 +0000 - rev 622209
Push 39910 by bszekely@mozilla.com at Tue, 28 Jun 2022 09:16:40 +0000
Bug 1767525 - Implement (under a flag) ShadowRealm constructor and evaluate function. r=jandem Shell only, without HostInitializeShadowRealm, nor importValue Differential Revision: https://phabricator.services.mozilla.com/D146236
b7c7880c641033733260e65c766da83af94e7731: Bug 1773650: Move final yield to end of function r=jandem
Iain Ireland <iireland@mozilla.com> - Thu, 16 Jun 2022 20:28:41 +0000 - rev 621201
Push 39861 by nfay@mozilla.com at Fri, 17 Jun 2022 09:39:07 +0000
Bug 1773650: Move final yield to end of function r=jandem We generate very similar code when returning as when we fall off the end of a generator/async function. This patch unifies the two cases. We generate less bytecode this way. Also, OOMs or debugger-induced throws during the return will not be caught by try-catch blocks inside the function (although the outer reject catch will still see them; this is tested in `async/debugger-reject-after-fulfill.js`). It's a bit weird because AsyncResolve is infallible in the spec but not our implementation, but I think this approach is most consistent with the semantics in step 3 of (AsyncBlockStart)[https://tc39.es/ecma262/#sec-async-functions-abstract-operations-async-function-start] (called by EvaluateAsyncFunctionBody). The entire body is evaluated before we check `result.[[Type]]` to decide whether to resolve or reject the promise. Depends on D149469 Differential Revision: https://phabricator.services.mozilla.com/D149470
83ed3d310800c7f80b88a14d3144a5ab7715aa75: Bug 1773650: Move prepareIteratorResult into finishReturn r=jandem
Iain Ireland <iireland@mozilla.com> - Thu, 16 Jun 2022 20:28:41 +0000 - rev 621200
Push 39861 by nfay@mozilla.com at Fri, 17 Jun 2022 09:39:07 +0000
Bug 1773650: Move prepareIteratorResult into finishReturn r=jandem Wrapping the return value in an iterator in `finishReturn` instead of `emitReturn` makes it easier to unify code in the next patch. Differential Revision: https://phabricator.services.mozilla.com/D149469
4b8d188e7836ba37fbfcc10c8bf5831e2919bc39: Bug 1774249 - Fallibly generate unique ID for new prototypes in JSObject::setProtoUnchecked r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Thu, 16 Jun 2022 15:24:25 +0000 - rev 621153
Push 39861 by nfay@mozilla.com at Fri, 17 Jun 2022 09:39:07 +0000
Bug 1774249 - Fallibly generate unique ID for new prototypes in JSObject::setProtoUnchecked r=jandem Generate unique IDs for objects that are used as prototypes ahead of time, so we can do it fallibly. Differential Revision: https://phabricator.services.mozilla.com/D149356
9dc8156b2501e30bf7fc449197dccdbea17fa216: Bug 1774145 - [loong64] Fix usage of undeclared identifiers. r=jandem
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> - Tue, 14 Jun 2022 11:25:18 +0000 - rev 620831
Push 39850 by ctuns@mozilla.com at Tue, 14 Jun 2022 21:37:29 +0000
Bug 1774145 - [loong64] Fix usage of undeclared identifiers. r=jandem Port D148487 and D148779 to loongarch64 platform. Differential Revision: https://phabricator.services.mozilla.com/D149200
415530c370eeebaf31bd479e8ed6240baa0c8db0: Bug 1773843 - update jit-test README and describe how they are used in CI r=jandem DONTBUILD
Steve Fink <sfink@mozilla.com> - Mon, 13 Jun 2022 16:30:50 +0000 - rev 620739
Push 39843 by mlaza@mozilla.com at Mon, 13 Jun 2022 21:53:09 +0000
Bug 1773843 - update jit-test README and describe how they are used in CI r=jandem DONTBUILD Differential Revision: https://phabricator.services.mozilla.com/D148985
28a40cec06a4f55168ea318fa1712b58699b39dc: Bug 1773368 - Remove deprecated typedefs for js::Scope. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Fri, 10 Jun 2022 15:58:08 +0000 - rev 620516
Push 39829 by csabou@mozilla.com at Fri, 10 Jun 2022 21:34:50 +0000
Bug 1773368 - Remove deprecated typedefs for js::Scope. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D148817
91a364b7b4d6ba1f417c85998376631fbec9217e: Bug 1773368 - Remove deprecated typedefs for js::Shape. r=jandem
Ted Campbell <tcampbell@mozilla.com> - Fri, 10 Jun 2022 15:58:07 +0000 - rev 620515
Push 39829 by csabou@mozilla.com at Fri, 10 Jun 2022 21:34:50 +0000
Bug 1773368 - Remove deprecated typedefs for js::Shape. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D148816
13287ab08d40a417d3a6f725f1014870c41ad43e: Bug 1772282 - (part 2 of 3) Replace js/src/ds/SplayTree.h with an AvlTree.h and change all of SM's uses accordingly. r=jandem.
Julian Seward <jseward@acm.org> - Fri, 10 Jun 2022 08:58:05 +0000 - rev 620483
Push 39829 by csabou@mozilla.com at Fri, 10 Jun 2022 21:34:50 +0000
Bug 1772282 - (part 2 of 3) Replace js/src/ds/SplayTree.h with an AvlTree.h and change all of SM's uses accordingly. r=jandem. This changes all 3 of SM's uses of js/src/ds/SplayTree.h to use js/src/ds/AvlTree.h. The new interface is almost identical to the old one, so the changes are mostly trivial: (0) js/src/jit/JitcodeMap.h: two comments referencing unknown "trees" have been amended. (1) js/src/ds/MemoryProtectionExceptionHandler.cpp: this uses a tree to record memory ranges that are protected (?). The only change is of the type of the tree. (2) BacktrackingAllocator.h: a minor use, to record ranges containing calls (`BacktrackingAllocator::callRanges`). Also just a change of type. It would be possible to use the AVL trees to merge the partially-redundant fields `::callRanges` and `::callRangesList`, but that is beyond the scope of this patch. (3) BacktrackingAllocator.h: the main use: changing `LiveRangeSet` to use an AvlTree. This is also just a renaming of the type. (3, more) struct `PrintLiveRange` has been removed. It was a workaround for the fact that the splay trees had no iteration facility. Its use, in BacktrackingAllocator::dumpAllocations, has been replaced by an AVL iterator. (3, more) Note that this change causes the allocator to produce different allocations. This is because the allocator depends on the actual tree layout, specifically which node is closest to the root when more than one node matches a query, and that's different for the two tree implementations. This behaviour manifests in BacktrackingAllocator::tryAllocateRegister, where register-use trees are queried: if (!rAlias.allocations.contains(range, &existing)) { continue; } This asks "does the tree contain a range that overlaps `range`?; if yes, return it in `existing`". If more than one range in the tree overlaps `range`, which one is written to `existing` is arbitrary. The code goes on to decide whether it's OK to evict the bundle containing existing based (in part) on `existing`s spill weight. This could be seen as a bug in the logic in that if `existing` has a low spill weight then it may choose to evict `existing`s bundle, even though some other range -- that wasn't returned -- has a higher spill weight. Hence it could incorrectly decide to evict a bundle that has a higher spill weight than the bundle for which allocation is attempted. The above analysis may be a misinterpretation of the logic. Multiple attempts to "fix" it were made, without success. In any case the resulting allocations are marginally better. See https://bugzilla.mozilla.org/show_bug.cgi?id=1772282#c2 Differential Revision: https://phabricator.services.mozilla.com/D148247
40e15355bc1654c0a5ab24251267478e0ed8ab1e: Bug 1773446 - [loong64] Add frame pointer to all arguments rectifier frames. r=jandem
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> - Thu, 09 Jun 2022 12:09:22 +0000 - rev 620284
Push 39824 by smolnar@mozilla.com at Thu, 09 Jun 2022 22:00:48 +0000
Bug 1773446 - [loong64] Add frame pointer to all arguments rectifier frames. r=jandem Port changes in bug 1772506 to loong64 backend. Differential Revision: https://phabricator.services.mozilla.com/D148752
fbee8a66bfb634ecdc4dcaced1109aad9ba04d39: Bug 1713579: Add testcase r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 16:29:17 +0000 - rev 620151
Push 39819 by nbeleuzu@mozilla.com at Wed, 08 Jun 2022 21:48:24 +0000
Bug 1713579: Add testcase r=jandem Depends on D133129 Differential Revision: https://phabricator.services.mozilla.com/D133130
4b5c1ea3ef603231ff71f470b81fc26f0f1fa163: Bug 1729269: Add testcase r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 16:29:01 +0000 - rev 620150
Push 39819 by nbeleuzu@mozilla.com at Wed, 08 Jun 2022 21:48:24 +0000
Bug 1729269: Add testcase r=jandem Differential Revision: https://phabricator.services.mozilla.com/D124998
0b909b1ebdf89e518a88c06e7d146d969abda4b3: Bug 1770509: Add ResumeMode::ResumeAfterCheckIsObject r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:10 +0000 - rev 620048
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add ResumeMode::ResumeAfterCheckIsObject r=jandem If we throw an exception while building the stack frame in `BailoutIonToBaseline`, we will skip try/catch blocks in that frame. Throwing in `FinishBailoutToBaseline` ensures that we unwind correctly. Differential Revision: https://phabricator.services.mozilla.com/D148333
0c4b84f3d8248eca8dc8347daaf70bf768df92de: Bug 1770509: Update bailoutKind earlier r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:09 +0000 - rev 620047
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Update bailoutKind earlier r=jandem In the next patch, we want to change the bailout kind in BaselineStackBuilder. This patch sets the initial bailout kind earlier, so that we don't clobber the update. Depends on D147356 Differential Revision: https://phabricator.services.mozilla.com/D148332
d26c5eb9eb33bfe4dfb8786a268e6b93d3ac36d6: Bug 1770509: Add tests r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:09 +0000 - rev 620046
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add tests r=jandem Differential Revision: https://phabricator.services.mozilla.com/D147356
347c2d2b6751b06281045aa7fb9e9d6050da14dd: Bug 1770509: Support return methods with nargs > 0 r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:08 +0000 - rev 620045
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Support return methods with nargs > 0 r=jandem We guard on the specific function/script, so nargs is constant for a particular IC stub. Generating a rectifier frame is overkill. The main use case for this is generators: `GeneratorReturn` takes one argument. Differential Revision: https://phabricator.services.mozilla.com/D147355
7ad24b936f3bad013c77c64c4a9fafa09d66a094: Bug 1770509: Support CompletionKind::Throw r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:08 +0000 - rev 620044
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Support CompletionKind::Throw r=jandem The spec handles IteratorClose specially when the completion kind is 'throw' so that the original exception isn't overwritten by an exception that happens while closing the iterator. See https://tc39.es/ecma262/#sec-iteratorclose. Differential Revision: https://phabricator.services.mozilla.com/D147354
7d425224ec84b2666b16bc1550f8b14836b9539d: Bug 1770509: Transpile CloseIterScriptedResult r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:07 +0000 - rev 620042
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Transpile CloseIterScriptedResult r=jandem Differential Revision: https://phabricator.services.mozilla.com/D147352
1d912ad801b0426bcf1b8ca0c6cd6062b25f235c: Bug 1770509: Add CloseIterScriptedResult r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:07 +0000 - rev 620041
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add CloseIterScriptedResult r=jandem This supports custom iterators with `return` methods. It is also necessary to support generators (which call the self-hosted `GeneratorReturn` function), although those won't work until a subsequent patch adds support for rectifier frames. Differential Revision: https://phabricator.services.mozilla.com/D147351
4235a298993aee126b3350aa71612208b0a799a0: Bug 1770509: Support GuardFunctionScript in IonCacheIRCompiler r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:06 +0000 - rev 620040
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Support GuardFunctionScript in IonCacheIRCompiler r=jandem Differential Revision: https://phabricator.services.mozilla.com/D147350
d20dcc34e87c4c5eb81efce900201af08174b99a: Bug 1770509: Rename prepareVMCall to enterStubFrame r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:06 +0000 - rev 620039
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Rename prepareVMCall to enterStubFrame r=jandem Entering a stub frame is the same whether we're doing a callVM or a callJit. This aligns better with baseline and simplifies the getter/setter code. At some point we could consider rewriting the Ion code to use AutoStubFrame. Differential Revision: https://phabricator.services.mozilla.com/D147349
874a4adcb3bfce430de7b403179104b537404368: Bug 1770509: Add LoadFixedSlot to CacheIR r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:06 +0000 - rev 620038
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add LoadFixedSlot to CacheIR r=jandem We had LoadDynamicSlot, but not LoadFixedSlot. Differential Revision: https://phabricator.services.mozilla.com/D147348
9d37be10da8f85e3731cd2e0babc9204387cef8b: Bug 1770509: Add Warp support r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:05 +0000 - rev 620037
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add Warp support r=jandem Differential Revision: https://phabricator.services.mozilla.com/D147347
bbfedd0e08ce50c7665b6f2d8b0715cf0dd0f7ce: Bug 1770509: Add CacheIR generator for CloseIter r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:05 +0000 - rev 620036
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add CacheIR generator for CloseIter r=jandem `tryAttachNoReturnMethod` covers built-in collections (arrays, maps, and sets), and any custom iterator that doesn't have a return method. Differential Revision: https://phabricator.services.mozilla.com/D147346
6c908030c328087ca72bbebdaa5d0ddf95a34202: Bug 1770509: Add baseline IC for CloseIter r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:04 +0000 - rev 620035
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add baseline IC for CloseIter r=jandem Differential Revision: https://phabricator.services.mozilla.com/D147345
0f94133f476e243031cd34af1af40637a4944df1: Bug 1770509: Add JSOp::CloseIter r=jandem
Iain Ireland <iireland@mozilla.com> - Wed, 08 Jun 2022 00:34:04 +0000 - rev 620034
Push 39815 by bszekely@mozilla.com at Wed, 08 Jun 2022 09:32:01 +0000
Bug 1770509: Add JSOp::CloseIter r=jandem This initial implementation doesn't handle throw completions. Support for those is added in a later patch. Differential Revision: https://phabricator.services.mozilla.com/D147344
7903ed468b9ccbb72574bee396d0588325387502: Bug 1772123 - Ion's RA: reorder methods in BacktrackingAllocator.{cpp,h}. r=jandem.
Julian Seward <jseward@acm.org> - Tue, 07 Jun 2022 18:37:14 +0000 - rev 619987
Push 39813 by nfay@mozilla.com at Wed, 08 Jun 2022 03:52:13 +0000
Bug 1772123 - Ion's RA: reorder methods in BacktrackingAllocator.{cpp,h}. r=jandem. BacktrackingAllocator.cpp is a big, complex file. It contains the complete register allocation pipeline and has dozens of methods and functions. Unfortunately the organisation is poor, which obscures the overall structure makes it hard to follow: * often, no clear grouping of methods/functions into logical groups * inadequate group-heading comments, needed for top level navigation * inconsistencies in whether methods are defined before or after their use points * inconsistencies in the sequence of methods relative to flow in the allocator pipeline Any attempt to clean up the allocator first needs to address these structuring issues: * This patch makes no functional changes -- it merely reorders methods in BacktrackingAllocator.cpp and adds a handful of top-level section marker comments. The sequencing of methods is now definition-before-use. The top level group sequencing has been changed so as to match the actual flow of data through the allocation pipeline. * The contents of class BacktrackingAllocator in BacktrackingAllocator.h are rearranged to follow the .cpp changes. The rest of this file is unchanged. * minor change: BacktrackingAllocator::SpillWeightFromUsePolicy was a free method in the .h file. Has been moved to the .cpp file. * minor change: typedef LiveRangeVector is unused and has been removed. Differential Revision: https://phabricator.services.mozilla.com/D147926
2aaff54387ee0e4d2ba38fbaeceed1c4d325db54: Bug 1764451 - Handle ExtendedPrimitives properly in JS::Compartment::wrap() r=jandem
Tim Chevalier <tjc@igalia.com> - Tue, 31 May 2022 10:59:08 +0000 - rev 619290
Push 39775 by imoraru@mozilla.com at Tue, 31 May 2022 15:29:54 +0000
Bug 1764451 - Handle ExtendedPrimitives properly in JS::Compartment::wrap() r=jandem Differential Revision: https://phabricator.services.mozilla.com/D143551
f7930df19aac9725d134272ca07612b699657754: Bug 1426134 - Part 6: Remove no longer used framepointer-temp from LIonToWasmCallBase. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 23 May 2022 15:19:40 +0000 - rev 618537
Push 39736 by ncsoregi@mozilla.com at Mon, 23 May 2022 21:35:27 +0000
Bug 1426134 - Part 6: Remove no longer used framepointer-temp from LIonToWasmCallBase. r=jandem This code is no longer needed. Depends on D146708 Differential Revision: https://phabricator.services.mozilla.com/D146709
d1b71b47f02ac54eaf5ba9bbbad22bb676807b4c: Bug 1426134 - Part 5: Remove frame pointer from allocatable register set. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 23 May 2022 15:19:40 +0000 - rev 618536
Push 39736 by ncsoregi@mozilla.com at Mon, 23 May 2022 21:35:27 +0000
Bug 1426134 - Part 5: Remove frame pointer from allocatable register set. r=jandem Changes: - Replace `regs.take(BaselineFrameReg)` with `regs.takeUnchecked(...)`, because `BaselineFrameReg` is the frame pointer only on some platforms, which means it's no longer in the register set returned from `GeneralRegisterSet::All()`. - Remove `TakeJitRegisters` because the frame pointer is now always preserved. - Update `GenerateDirectCallFromJit` as instructed in the code comments. Drive-by change: - Remove `RegisterID::S0` and `RegisterID::S1`, because they are some old JSC-specific definitions. Instead add `RegisterID::fp`. Depends on D146707 Differential Revision: https://phabricator.services.mozilla.com/D146708
42a0409c631bc212828a4f07669ea31d4024ac9a: Bug 1426134 - Part 4: Disable GetElemSuper IC inlining on x86. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 23 May 2022 15:19:39 +0000 - rev 618535
Push 39736 by ncsoregi@mozilla.com at Mon, 23 May 2022 21:35:27 +0000
Bug 1426134 - Part 4: Disable GetElemSuper IC inlining on x86. r=jandem `LGetPropSuperCache` needs seven register, so it can't be used on x86. Depends on D146706 Differential Revision: https://phabricator.services.mozilla.com/D146707
3a054262db650647a0ebe08ea4e32cf0e914befe: Bug 1426134 - Part 3: Change IonCacheIRCompiler to work with one less temp register. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 23 May 2022 15:19:39 +0000 - rev 618534
Push 39736 by ncsoregi@mozilla.com at Mon, 23 May 2022 21:35:27 +0000
Bug 1426134 - Part 3: Change IonCacheIRCompiler to work with one less temp register. r=jandem Use `AutoScratchRegisterMaybeOutputType` instead of `AutoScratchRegister`, so we need one less register. Change `IonCacheIRCompiler::emitCallNativeSetter()` to use `argUintN` as an additional scratch register on x86. Differential Revision: https://phabricator.services.mozilla.com/D146706
bbf75553a6dcc6a58faa2d823a85359bbe66037d: Bug 1426134 - Part 2: Change JitRealm::generateRegExpMatcherStub to work with one less register on x86. r=jandem
André Bargull <andre.bargull@gmail.com> - Mon, 23 May 2022 15:19:39 +0000 - rev 618533
Push 39736 by ncsoregi@mozilla.com at Mon, 23 May 2022 21:35:27 +0000
Bug 1426134 - Part 2: Change JitRealm::generateRegExpMatcherStub to work with one less register on x86. r=jandem We can't reuse the trick we've been using for `maybeTemp5` where we're reusing `lastIndex` as an additional temp register. (Also see bug 1480819.) Instead just save `regexp` and `lastIndex` on the stack and then use these register for `temp4` resp. `temp5`. This change also means `RegExpMatcherRaw` will now (again) always be called with a valid `lastIndex` argument. Differential Revision: https://phabricator.services.mozilla.com/D146705
e65edbe39b68d5ec9a61200e85b7f1b0d27baed0: Bug 1770268 - Add missing Zone-inl.h include in Shape.cpp. r=jandem
Mike Hommey <mh+mozilla@glandium.org> - Fri, 20 May 2022 08:50:54 +0000 - rev 618349
Push 39723 by abutkovits@mozilla.com at Fri, 20 May 2022 15:37:03 +0000
Bug 1770268 - Add missing Zone-inl.h include in Shape.cpp. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D146856
7fce0c26d9ce9e3340a815b13e5c77452e5c3fb0: Bug 1770048: Improve self-hosted new_List r=jandem,tcampbell
Iain Ireland <iireland@mozilla.com> - Thu, 19 May 2022 14:30:10 +0000 - rev 618246
Push 39720 by nbeleuzu@mozilla.com at Thu, 19 May 2022 18:03:18 +0000
Bug 1770048: Improve self-hosted new_List r=jandem,tcampbell Differential Revision: https://phabricator.services.mozilla.com/D146760
f7f0363c1875c3773e5f6210fa46edd1d3e5fd5c: Bug 1740263 - Block WASM code generation by CSP. r=lth,jandem
Tom Schuster <tschuster@mozilla.com> - Thu, 19 May 2022 14:13:49 +0000 - rev 618242
Push 39720 by nbeleuzu@mozilla.com at Thu, 19 May 2022 18:03:18 +0000
Bug 1740263 - Block WASM code generation by CSP. r=lth,jandem I put the CSP check in the 5 WASM function that V8 also uses: https://source.chromium.org/search?q=IsWasmCodegenAllowed Is there somewhere else we might be generating WASM code? Some kind of caching etc. Differential Revision: https://phabricator.services.mozilla.com/D141978
5e08ab4006dfda069d5d72f5e59692b618926731: Bug 1740263 - Move isRuntimeCodeGenEnabled to JSContext. r=jandem
Tom Schuster <tschuster@mozilla.com> - Thu, 19 May 2022 14:13:49 +0000 - rev 618241
Push 39720 by nbeleuzu@mozilla.com at Thu, 19 May 2022 18:03:18 +0000
Bug 1740263 - Move isRuntimeCodeGenEnabled to JSContext. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D141977
e34ba774b3f84147dd9a0099e267cb5f5ac99f19: Bug 1740263 - Block WASM code generation by CSP. r=lth,jandem
Tom Schuster <tschuster@mozilla.com> - Wed, 18 May 2022 21:39:28 +0000 - rev 618173
Push 39718 by ccozmuta@mozilla.com at Thu, 19 May 2022 09:37:29 +0000
Bug 1740263 - Block WASM code generation by CSP. r=lth,jandem I put the CSP check in the 5 WASM function that V8 also uses: https://source.chromium.org/search?q=IsWasmCodegenAllowed Is there somewhere else we might be generating WASM code? Some kind of caching etc. Differential Revision: https://phabricator.services.mozilla.com/D141978
8365b10be28ee790cc583d54eb762c8c189d92e7: Bug 1740263 - Move isRuntimeCodeGenEnabled to JSContext. r=jandem
Tom Schuster <tschuster@mozilla.com> - Wed, 18 May 2022 21:39:28 +0000 - rev 618172
Push 39718 by ccozmuta@mozilla.com at Thu, 19 May 2022 09:37:29 +0000
Bug 1740263 - Move isRuntimeCodeGenEnabled to JSContext. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D141977
ed94d42362361330672ba80204fd70ac9c3e7db1: Bug 1769723: Don't remove unbox instructions when folding tests. r=jandem
André Bargull <andre.bargull@gmail.com> - Wed, 18 May 2022 09:32:12 +0000 - rev 618095
Push 39716 by ncsoregi@mozilla.com at Wed, 18 May 2022 21:42:45 +0000
Bug 1769723: Don't remove unbox instructions when folding tests. r=jandem Backed out changeset b3b4b19b2fec Differential Revision: https://phabricator.services.mozilla.com/D146594
d86140d2fd38138052eba5164efa5e1ec6c3fd0f: Bug 1768660: Skip fewer values in buildExpressionStack r=jandem
Iain Ireland <iireland@mozilla.com> - Tue, 17 May 2022 18:17:51 +0000 - rev 618024
Push 39712 by abutkovits@mozilla.com at Wed, 18 May 2022 03:14:37 +0000
Bug 1768660: Skip fewer values in buildExpressionStack r=jandem For the innermost frame of debugger mode bailouts, the current approach effectively uses an allow-list to decide which stack slots need to be recovered. This is fragile to any future bytecode changes that keep values alive on the expression stack. It's also unnecessary: if we just recover slots that are included in the snapshot, and skip slots that don't have allocations, everything works out. Differential Revision: https://phabricator.services.mozilla.com/D146525
7e6d07bef039bb85f64ba40b72cd2dc148ef80ad: Bug 1769220: Check test input for all phi-operands. r=jandem
André Bargull <andre.bargull@gmail.com> - Fri, 13 May 2022 13:46:44 +0000 - rev 617199
Push 39692 by imoraru@mozilla.com at Sat, 14 May 2022 04:09:48 +0000
Bug 1769220: Check test input for all phi-operands. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D146286
dd9b3908837c04dcced21bd86ec05d41ef7cd6b7: Bug 1766656 - Take account of dynamic elements when swapping object r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Wed, 11 May 2022 11:06:08 +0000 - rev 616971
Push 39681 by imoraru@mozilla.com at Wed, 11 May 2022 16:02:29 +0000
Bug 1766656 - Take account of dynamic elements when swapping object r=jandem We need to copy nursery allocated elements into malloc memory when swapping a nursery obect into the tenured heap, and update memory accounting in a few places. The patch also fixes a bug in calculating how much of the nursery was tenured which came up during testing (we don't know how big proxy objects if they've been swpping into the nursery so assume the minimum size). Differential Revision: https://phabricator.services.mozilla.com/D145722
f20b3dc51d7fd1831446e6a33c1ad71eb3cc5b1c: Bug 1768232 - Use a flag to indicate fixed elements rather than checking the elements pointer r=jandem
Jon Coppeard <jcoppeard@mozilla.com> - Tue, 10 May 2022 15:10:50 +0000 - rev 616865
Push 39678 by ctuns@mozilla.com at Tue, 10 May 2022 21:39:54 +0000
Bug 1768232 - Use a flag to indicate fixed elements rather than checking the elements pointer r=jandem This adds the ObjectElements::FIXED flag to indicate fixed elements and doesn't rely on the elements pointer. Differential Revision: https://phabricator.services.mozilla.com/D145960
5ce7ffebb6b7eac7544221e2489e81e8acc997a1: Bug 1768346: Don't fold test block if the phi-operand doesn't match the initial test input. r=jandem
André Bargull <andre.bargull@gmail.com> - Tue, 10 May 2022 13:57:04 +0000 - rev 616854
Push 39678 by ctuns@mozilla.com at Tue, 10 May 2022 21:39:54 +0000
Bug 1768346: Don't fold test block if the phi-operand doesn't match the initial test input. r=jandem Differential Revision: https://phabricator.services.mozilla.com/D145956
e59acdccc25bfcbbcadff3d4c0783a0a974bcf77: Bug 1767966 - Part 14: Merge both loops in FoldTests. r=jandem
André Bargull <andre.bargull@gmail.com> - Fri, 06 May 2022 17:24:18 +0000 - rev 616547
Push 39662 by nbeleuzu@mozilla.com at Sat, 07 May 2022 09:54:14 +0000
Bug 1767966 - Part 14: Merge both loops in FoldTests. r=jandem This improves the codegen for `if ((a < 10 && b < 20) || (c < 30 && d < 40)) { ... }`, where all inputs are int32 values. From: ``` cmp $0x0A, %edi setl %sil movzx %sil, %esi test %esi, %esi jz .L1 cmp $0x14, %ebp setl %sil movzx %sil, %esi set .L1 test %esi, %esi jnz .L2 cmp $0x1E, %edx jnl .L3 cmp $0x28, %ebx jnl .L3 ``` To: ``` cmp $0x0A, %ebp jnl .L1 cmp $0x14, %esi jl .L2 set .L1 cmp $0x1E, %edx jnl .L3 cmp $0x28, %ebx jnl .L3 ``` Differential Revision: https://phabricator.services.mozilla.com/D145601
f87376dd24181f87b932b90a7c27d8bde3a25946: Bug 1767966 - Part 13: Remove defunkt constant test condition code. r=jandem
André Bargull <andre.bargull@gmail.com> - Fri, 06 May 2022 17:24:17 +0000 - rev 616546
Push 39662 by nbeleuzu@mozilla.com at Sat, 07 May 2022 09:54:14 +0000
Bug 1767966 - Part 13: Remove defunkt constant test condition code. r=jandem The two tests `!value->isConstant()` and `value->block() != block` in `BlockComputesConstant` have established these conditions: 1. `value` is a `MConstant` 2. `value` is part of `block` So when iterating over all iterations in `block`, the test `*iter != value || !iter->isGoto()` is always true. The code can be rewritten as: ``` if (*iter != value) { return false; } if (!iter->isGoto()) { return false; } ``` When `*iter` is equal to `value`, it can't be a `MGoto` instruction, because `value` is a `MConstant`. Instead the loop should watch out for any instructions which are neither `value` nor a `MGoto`, that means `||` should have been `&&`. Fixing this typo revealed two bugs, which were never noticed because the code was never actually run: 1. When we remove blocks which compute a constant, we may end up with unreachable blocks. This leads to errors in later passes. 2. When both arms of a test compute the same constant, the initial test will have a single predecessor. In that case we would need to replace the test instruction with a goto instruction. Because this optimisation never really worked and because GVN handles a similar case, let's just remove this code. Differential Revision: https://phabricator.services.mozilla.com/D145600