Bug 1505689 part 4 - Add DisabledBaseline and DisabledIon flags to JSScript. r=tcampbell
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 15 Aug 2019 16:13:45 +0000
changeset 488276 257f973566ba9b0331af6858092345cce9832b34
parent 488275 515f936e0df687205b4c99fa0c4c0aba9e1d0dde
child 488277 7db7c0c4fadd8303e1002a8f737d8f31a9400c4b
push id36440
push userncsoregi@mozilla.com
push dateFri, 16 Aug 2019 03:57:48 +0000
treeherdermozilla-central@a58b7dc85887 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstcampbell
bugs1505689
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1505689 part 4 - Add DisabledBaseline and DisabledIon flags to JSScript. r=tcampbell We want to move BaselineScript and IonScript to JitScript, but JitScript can be discarded on GC. These flags ensure this state is persisted when that happens. Differential Revision: https://phabricator.services.mozilla.com/D41578
js/src/vm/JSScript.h
--- a/js/src/vm/JSScript.h
+++ b/js/src/vm/JSScript.h
@@ -1538,34 +1538,41 @@ class BaseScript : public gc::TenuredCel
     FailedBoundsCheck = 1 << 15,
 
     // Script has had hoisted shape guard fail.
     FailedShapeGuard = 1 << 16,
 
     HadFrequentBailouts = 1 << 17,
     HadOverflowBailout = 1 << 18,
 
+    // Whether Baseline or Ion compilation has been disabled for this script.
+    // IonDisabled is equivalent to |jitScript->canIonCompile() == false| but
+    // JitScript can be discarded on GC and we don't want this to affect
+    // observable behavior (see ArgumentsGetterImpl comment).
+    BaselineDisabled = 1 << 19,
+    IonDisabled = 1 << 20,
+
     // Explicitly marked as uninlineable.
-    Uninlineable = 1 << 19,
+    Uninlineable = 1 << 21,
 
     // Idempotent cache has triggered invalidation.
-    InvalidatedIdempotentCache = 1 << 20,
+    InvalidatedIdempotentCache = 1 << 22,
 
     // Lexical check did fail and bail out.
-    FailedLexicalCheck = 1 << 21,
+    FailedLexicalCheck = 1 << 23,
 
     // See comments below.
-    NeedsArgsAnalysis = 1 << 22,
-    NeedsArgsObj = 1 << 23,
+    NeedsArgsAnalysis = 1 << 24,
+    NeedsArgsObj = 1 << 25,
 
     // Set if the debugger's onNewScript hook has not yet been called.
-    HideScriptFromDebugger = 1 << 24,
+    HideScriptFromDebugger = 1 << 26,
 
     // Set if the script has opted into spew
-    SpewEnabled = 1 << 25,
+    SpewEnabled = 1 << 27,
   };
 
   uint8_t* jitCodeRaw() const { return jitCodeRaw_; }
 
   ScriptSourceObject* sourceObject() const { return sourceObject_; }
   ScriptSource* scriptSource() const { return sourceObject()->source(); }
   ScriptSource* maybeForwardedScriptSource() const;
 
@@ -2622,18 +2629,25 @@ class JSScript : public js::BaseScript {
     MOZ_ASSERT(hasIonScript());
   }
   void clearIonScript(JSFreeOp* fop) {
     MOZ_ASSERT(hasIonScript());
     setIonScriptImpl(fop, nullptr);
   }
 
   // Methods for the Ion-disabled status.
-  bool canIonCompile() const { return ion != ION_DISABLED_SCRIPT; }
-  void disableIon(JSRuntime* rt) { setIonScriptImpl(rt, ION_DISABLED_SCRIPT); }
+  bool canIonCompile() const {
+    bool disabled = hasFlag(MutableFlags::IonDisabled);
+    MOZ_ASSERT_IF(disabled, ion == ION_DISABLED_SCRIPT);
+    return !disabled;
+  }
+  void disableIon(JSRuntime* rt) {
+    setFlag(MutableFlags::IonDisabled);
+    setIonScriptImpl(rt, ION_DISABLED_SCRIPT);
+  }
 
   // Methods for off-thread compilation.
   bool isIonCompilingOffThread() const { return ion == ION_COMPILING_SCRIPT; }
   void setIsIonCompilingOffThread(JSRuntime* rt) {
     MOZ_ASSERT(!ion);
     setIonScriptImpl(rt, ION_COMPILING_SCRIPT);
   }
   void clearIsIonCompilingOffThread(JSRuntime* rt) {
@@ -2668,20 +2682,23 @@ class JSScript : public js::BaseScript {
   }
   void clearBaselineScript(JSFreeOp* fop) {
     MOZ_ASSERT(hasBaselineScript());
     setBaselineScriptImpl(fop, nullptr);
   }
 
   // Methods for the Baseline-disabled status.
   bool canBaselineCompile() const {
-    return baseline != BASELINE_DISABLED_SCRIPT;
+    bool disabled = hasFlag(MutableFlags::BaselineDisabled);
+    MOZ_ASSERT_IF(disabled, baseline == BASELINE_DISABLED_SCRIPT);
+    return !disabled;
   }
   void disableBaselineCompile(JSRuntime* rt) {
     MOZ_ASSERT(!hasBaselineScript());
+    setFlag(MutableFlags::BaselineDisabled);
     setBaselineScriptImpl(rt, BASELINE_DISABLED_SCRIPT);
   }
 
   void updateJitCodeRaw(JSRuntime* rt);
 
   static size_t offsetOfBaselineScript() {
     return offsetof(JSScript, baseline);
   }