Bug 1599416 - Part 2: Remove unused SetTypedObjectOffset function. r=mgaudet
authorAndré Bargull <andre.bargull@gmail.com>
Wed, 27 Nov 2019 13:53:48 +0000
changeset 504038 ade7361b947cc69d2b4f530082b851aa8fbb99f3
parent 504037 1f76130b2caecc112b703b369b4d0f55a115e2f6
child 504039 ca3152f19e29658490445939940c4cd288e1620f
push id36855
push useraiakab@mozilla.com
push dateWed, 27 Nov 2019 21:56:55 +0000
treeherdermozilla-central@62ae0fda7cb6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmgaudet
bugs1599416
milestone72.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1599416 - Part 2: Remove unused SetTypedObjectOffset function. r=mgaudet Differential Revision: https://phabricator.services.mozilla.com/D54706
js/src/builtin/TypedObject.cpp
js/src/builtin/TypedObject.h
js/src/jit/AliasAnalysis.cpp
js/src/jit/CodeGenerator.cpp
js/src/jit/InlinableNatives.h
js/src/jit/IonBuilder.h
js/src/jit/Lowering.cpp
js/src/jit/MCallOptimize.cpp
js/src/jit/MIR.h
js/src/jit/shared/LIR-shared.h
js/src/vm/ArrayBufferObject.h
js/src/vm/SelfHosting.cpp
--- a/js/src/builtin/TypedObject.cpp
+++ b/js/src/builtin/TypedObject.cpp
@@ -2434,31 +2434,16 @@ bool js::AttachTypedObject(JSContext* cx
   MOZ_ASSERT(!handle.isAttached());
   uint32_t offset = AssertedCast<uint32_t>(args[2].toInt32());
 
   handle.attach(cx, target, offset);
 
   return true;
 }
 
-bool js::SetTypedObjectOffset(JSContext*, unsigned argc, Value* vp) {
-  CallArgs args = CallArgsFromVp(argc, vp);
-  MOZ_ASSERT(args.length() == 2);
-  MOZ_ASSERT(args[0].isObject() && args[0].toObject().is<TypedObject>());
-  MOZ_RELEASE_ASSERT(args[1].isInt32());
-
-  OutlineTypedObject& typedObj = args[0].toObject().as<OutlineTypedObject>();
-  int32_t offset = args[1].toInt32();
-
-  MOZ_ASSERT(typedObj.isAttached());
-  typedObj.resetOffset(offset);
-  args.rval().setUndefined();
-  return true;
-}
-
 bool js::ObjectIsTypeDescr(JSContext*, unsigned argc, Value* vp) {
   CallArgs args = CallArgsFromVp(argc, vp);
   MOZ_ASSERT(args.length() == 1);
   MOZ_ASSERT(args[0].isObject());
   args.rval().setBoolean(args[0].toObject().is<TypeDescr>());
   return true;
 }
 
--- a/js/src/builtin/TypedObject.h
+++ b/js/src/builtin/TypedObject.h
@@ -800,24 +800,16 @@ MOZ_MUST_USE bool NewDerivedTypedObject(
  * Usage: AttachTypedObject(typedObj, newDatum, newOffset)
  *
  * Moves `typedObj` to point at the memory referenced by `newDatum` with
  * the offset `newOffset`.
  */
 MOZ_MUST_USE bool AttachTypedObject(JSContext* cx, unsigned argc, Value* vp);
 
 /*
- * Usage: SetTypedObjectOffset(typedObj, offset)
- *
- * Changes the offset for `typedObj` within its buffer to `offset`.
- * `typedObj` must already be attached.
- */
-MOZ_MUST_USE bool SetTypedObjectOffset(JSContext*, unsigned argc, Value* vp);
-
-/*
  * Usage: ObjectIsTypeDescr(obj)
  *
  * True if `obj` is a type object.
  */
 MOZ_MUST_USE bool ObjectIsTypeDescr(JSContext* cx, unsigned argc, Value* vp);
 
 /*
  * Usage: ObjectIsTypedObject(obj)
--- a/js/src/jit/AliasAnalysis.cpp
+++ b/js/src/jit/AliasAnalysis.cpp
@@ -124,17 +124,16 @@ static inline const MDefinition* GetObje
     case MDefinition::Opcode::FallibleStoreElement:
     case MDefinition::Opcode::TypedObjectDescr:
     case MDefinition::Opcode::Slots:
     case MDefinition::Opcode::Elements:
     case MDefinition::Opcode::MaybeCopyElementsForWrite:
     case MDefinition::Opcode::MaybeToDoubleElement:
     case MDefinition::Opcode::TypedArrayLength:
     case MDefinition::Opcode::TypedArrayByteOffset:
-    case MDefinition::Opcode::SetTypedObjectOffset:
     case MDefinition::Opcode::ArrayPopShift:
     case MDefinition::Opcode::ArrayPush:
     case MDefinition::Opcode::LoadTypedArrayElementHole:
     case MDefinition::Opcode::StoreTypedArrayElementHole:
     case MDefinition::Opcode::LoadFixedSlot:
     case MDefinition::Opcode::LoadFixedSlotAndUnbox:
     case MDefinition::Opcode::StoreFixedSlot:
     case MDefinition::Opcode::GetPropertyPolymorphic:
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -7786,42 +7786,16 @@ void CodeGenerator::visitTypedObjectElem
 
     masm.bind(&inlineObject);
     masm.computeEffectiveAddress(
         Address(obj, InlineTypedObject::offsetOfDataStart()), out);
     masm.bind(&done);
   }
 }
 
-void CodeGenerator::visitSetTypedObjectOffset(LSetTypedObjectOffset* lir) {
-  Register object = ToRegister(lir->object());
-  Register offset = ToRegister(lir->offset());
-  Register temp0 = ToRegister(lir->temp0());
-  Register temp1 = ToRegister(lir->temp1());
-
-  // Compute the base pointer for the typed object's owner.
-  masm.loadPtr(Address(object, OutlineTypedObject::offsetOfOwner()), temp0);
-
-  Label inlineObject, done;
-  masm.branchIfInlineTypedObject(temp0, temp1, &inlineObject);
-
-  masm.loadPrivate(Address(temp0, ArrayBufferObject::offsetOfDataSlot()),
-                   temp0);
-  masm.jump(&done);
-
-  masm.bind(&inlineObject);
-  masm.addPtr(ImmWord(InlineTypedObject::offsetOfDataStart()), temp0);
-
-  masm.bind(&done);
-
-  // Compute the new data pointer and set it in the object.
-  masm.addPtr(offset, temp0);
-  masm.storePtr(temp0, Address(object, OutlineTypedObject::offsetOfData()));
-}
-
 void CodeGenerator::visitStringLength(LStringLength* lir) {
   Register input = ToRegister(lir->string());
   Register output = ToRegister(lir->output());
 
   masm.loadStringLength(input, output);
 }
 
 void CodeGenerator::visitMinMaxI(LMinMaxI* ins) {
--- a/js/src/jit/InlinableNatives.h
+++ b/js/src/jit/InlinableNatives.h
@@ -155,18 +155,17 @@
   _(IntrinsicTypedArrayByteOffset)                 \
   _(IntrinsicTypedArrayElementShift)               \
                                                    \
   _(IntrinsicObjectIsTypedObject)                  \
   _(IntrinsicObjectIsTransparentTypedObject)       \
   _(IntrinsicObjectIsOpaqueTypedObject)            \
   _(IntrinsicObjectIsTypeDescr)                    \
   _(IntrinsicTypeDescrIsSimpleType)                \
-  _(IntrinsicTypeDescrIsArrayType)                 \
-  _(IntrinsicSetTypedObjectOffset)
+  _(IntrinsicTypeDescrIsArrayType)
 
 struct JSJitInfo;
 
 namespace js {
 namespace jit {
 
 enum class InlinableNative : uint16_t {
 #define ADD_NATIVE(native) native,
--- a/js/src/jit/IonBuilder.h
+++ b/js/src/jit/IonBuilder.h
@@ -1009,17 +1009,16 @@ class IonBuilder : public MIRGenerator,
   InliningResult inlineIsPossiblyWrappedTypedArray(CallInfo& callInfo);
   InliningResult inlineTypedArrayLength(CallInfo& callInfo);
   InliningResult inlinePossiblyWrappedTypedArrayLength(CallInfo& callInfo);
   InliningResult inlineTypedArrayByteOffset(CallInfo& callInfo);
   InliningResult inlineTypedArrayElementShift(CallInfo& callInfo);
 
   // TypedObject intrinsics and natives.
   InliningResult inlineObjectIsTypeDescr(CallInfo& callInfo);
-  InliningResult inlineSetTypedObjectOffset(CallInfo& callInfo);
   InliningResult inlineConstructTypedObject(CallInfo& callInfo,
                                             TypeDescr* target);
 
   // Utility intrinsics.
   InliningResult inlineIsCallable(CallInfo& callInfo);
   InliningResult inlineIsConstructor(CallInfo& callInfo);
   InliningResult inlineIsObject(CallInfo& callInfo);
   InliningResult inlineToObject(CallInfo& callInfo);
--- a/js/src/jit/Lowering.cpp
+++ b/js/src/jit/Lowering.cpp
@@ -2925,23 +2925,16 @@ void LIRGenerator::visitTypedObjectDescr
          ins);
 }
 
 void LIRGenerator::visitTypedObjectElements(MTypedObjectElements* ins) {
   MOZ_ASSERT(ins->type() == MIRType::Elements);
   define(new (alloc()) LTypedObjectElements(useRegister(ins->object())), ins);
 }
 
-void LIRGenerator::visitSetTypedObjectOffset(MSetTypedObjectOffset* ins) {
-  add(new (alloc())
-          LSetTypedObjectOffset(useRegister(ins->object()),
-                                useRegister(ins->offset()), temp(), temp()),
-      ins);
-}
-
 void LIRGenerator::visitInitializedLength(MInitializedLength* ins) {
   MOZ_ASSERT(ins->elements()->type() == MIRType::Elements);
   define(new (alloc()) LInitializedLength(useRegisterAtStart(ins->elements())),
          ins);
 }
 
 void LIRGenerator::visitSetInitializedLength(MSetInitializedLength* ins) {
   MOZ_ASSERT(ins->elements()->type() == MIRType::Elements);
--- a/js/src/jit/MCallOptimize.cpp
+++ b/js/src/jit/MCallOptimize.cpp
@@ -167,17 +167,16 @@ static bool CanInlineCrossRealm(Inlinabl
     case InlinableNative::IntrinsicTypedArrayByteOffset:
     case InlinableNative::IntrinsicTypedArrayElementShift:
     case InlinableNative::IntrinsicObjectIsTypedObject:
     case InlinableNative::IntrinsicObjectIsTransparentTypedObject:
     case InlinableNative::IntrinsicObjectIsOpaqueTypedObject:
     case InlinableNative::IntrinsicObjectIsTypeDescr:
     case InlinableNative::IntrinsicTypeDescrIsSimpleType:
     case InlinableNative::IntrinsicTypeDescrIsArrayType:
-    case InlinableNative::IntrinsicSetTypedObjectOffset:
     case InlinableNative::IntrinsicArrayIteratorPrototypeOptimizable:
       MOZ_CRASH("Unexpected cross-realm intrinsic call");
 
     case InlinableNative::TestBailout:
     case InlinableNative::TestAssertFloat32:
     case InlinableNative::TestAssertRecoveredOnBailout:
       // Testing functions, not worth inlining cross-realm.
       return false;
@@ -584,18 +583,16 @@ IonBuilder::InliningResult IonBuilder::i
                             &InlineOpaqueTypedObject::class_);
     case InlinableNative::IntrinsicObjectIsTypeDescr:
       return inlineObjectIsTypeDescr(callInfo);
     case InlinableNative::IntrinsicTypeDescrIsSimpleType:
       return inlineHasClass(callInfo, &ScalarTypeDescr::class_,
                             &ReferenceTypeDescr::class_);
     case InlinableNative::IntrinsicTypeDescrIsArrayType:
       return inlineHasClass(callInfo, &ArrayTypeDescr::class_);
-    case InlinableNative::IntrinsicSetTypedObjectOffset:
-      return inlineSetTypedObjectOffset(callInfo);
     case InlinableNative::Limit:
       break;
   }
 
   MOZ_CRASH("Shouldn't get here");
 }
 
 IonBuilder::InliningResult IonBuilder::inlineNativeGetter(CallInfo& callInfo,
@@ -3416,60 +3413,16 @@ IonBuilder::InliningResult IonBuilder::i
   }
 
   pushConstant(BooleanValue(result));
 
   callInfo.setImplicitlyUsedUnchecked();
   return InliningStatus_Inlined;
 }
 
-IonBuilder::InliningResult IonBuilder::inlineSetTypedObjectOffset(
-    CallInfo& callInfo) {
-  MOZ_ASSERT(!callInfo.constructing());
-  MOZ_ASSERT(callInfo.argc() == 2);
-
-  MDefinition* typedObj = callInfo.getArg(0);
-  MDefinition* offset = callInfo.getArg(1);
-
-  // Return type should be undefined or something wacky is going on.
-  if (getInlineReturnType() != MIRType::Undefined) {
-    return InliningStatus_NotInlined;
-  }
-
-  // Check typedObj is a, well, typed object. Go ahead and use TI
-  // data. If this check should fail, that is almost certainly a bug
-  // in self-hosted code -- either because it's not being careful
-  // with TI or because of something else -- but we'll just let it
-  // fall through to the SetTypedObjectOffset intrinsic in such
-  // cases.
-  TemporaryTypeSet* types = typedObj->resultTypeSet();
-  if (typedObj->type() != MIRType::Object || !types) {
-    return InliningStatus_NotInlined;
-  }
-  switch (types->forAllClasses(constraints(), IsTypedObjectClass)) {
-    case TemporaryTypeSet::ForAllResult::ALL_FALSE:
-    case TemporaryTypeSet::ForAllResult::EMPTY:
-    case TemporaryTypeSet::ForAllResult::MIXED:
-      return InliningStatus_NotInlined;
-    case TemporaryTypeSet::ForAllResult::ALL_TRUE:
-      break;
-  }
-
-  // Check type of offset argument is an integer.
-  if (offset->type() != MIRType::Int32) {
-    return InliningStatus_NotInlined;
-  }
-
-  callInfo.setImplicitlyUsedUnchecked();
-  MInstruction* ins = MSetTypedObjectOffset::New(alloc(), typedObj, offset);
-  current->add(ins);
-  current->push(ins);
-  return InliningStatus_Inlined;
-}
-
 IonBuilder::InliningResult IonBuilder::inlineUnsafeSetReservedSlot(
     CallInfo& callInfo) {
   MOZ_ASSERT(!callInfo.constructing());
   MOZ_ASSERT(callInfo.argc() == 3);
 
   if (getInlineReturnType() != MIRType::Undefined) {
     return InliningStatus_NotInlined;
   }
--- a/js/src/jit/MIR.h
+++ b/js/src/jit/MIR.h
@@ -7373,39 +7373,16 @@ class MTypedObjectElements : public MUna
     }
     return congruentIfOperandsEqual(other);
   }
   AliasSet getAliasSet() const override {
     return AliasSet::Load(AliasSet::ObjectFields);
   }
 };
 
-// Inlined version of the js::SetTypedObjectOffset() intrinsic.
-class MSetTypedObjectOffset : public MBinaryInstruction,
-                              public NoTypePolicy::Data {
- private:
-  MSetTypedObjectOffset(MDefinition* object, MDefinition* offset)
-      : MBinaryInstruction(classOpcode, object, offset) {
-    MOZ_ASSERT(object->type() == MIRType::Object);
-    MOZ_ASSERT(offset->type() == MIRType::Int32);
-    setResultType(MIRType::None);
-  }
-
- public:
-  INSTRUCTION_HEADER(SetTypedObjectOffset)
-  TRIVIAL_NEW_WRAPPERS
-  NAMED_OPERANDS((0, object), (1, offset))
-
-  AliasSet getAliasSet() const override {
-    // This affects the result of MTypedObjectElements,
-    // which is described as a load of ObjectFields.
-    return AliasSet::Store(AliasSet::ObjectFields);
-  }
-};
-
 class MKeepAliveObject : public MUnaryInstruction,
                          public SingleObjectPolicy::Data {
   explicit MKeepAliveObject(MDefinition* object)
       : MUnaryInstruction(classOpcode, object) {
     setResultType(MIRType::None);
     setGuard();
   }
 
--- a/js/src/jit/shared/LIR-shared.h
+++ b/js/src/jit/shared/LIR-shared.h
@@ -3885,35 +3885,16 @@ class LTypedObjectElements : public LIns
     setOperand(0, object);
   }
   const LAllocation* object() { return getOperand(0); }
   const MTypedObjectElements* mir() const {
     return mir_->toTypedObjectElements();
   }
 };
 
-// Load a typed array's elements vector.
-class LSetTypedObjectOffset : public LInstructionHelper<0, 2, 2> {
- public:
-  LIR_HEADER(SetTypedObjectOffset)
-
-  LSetTypedObjectOffset(const LAllocation& object, const LAllocation& offset,
-                        const LDefinition& temp0, const LDefinition& temp1)
-      : LInstructionHelper(classOpcode) {
-    setOperand(0, object);
-    setOperand(1, offset);
-    setTemp(0, temp0);
-    setTemp(1, temp1);
-  }
-  const LAllocation* object() { return getOperand(0); }
-  const LAllocation* offset() { return getOperand(1); }
-  const LDefinition* temp0() { return getTemp(0); }
-  const LDefinition* temp1() { return getTemp(1); }
-};
-
 // Bailout if index >= length.
 class LBoundsCheck : public LInstructionHelper<0, 2, 0> {
  public:
   LIR_HEADER(BoundsCheck)
 
   LBoundsCheck(const LAllocation& index, const LAllocation& length)
       : LInstructionHelper(classOpcode) {
     setOperand(0, index);
--- a/js/src/vm/ArrayBufferObject.h
+++ b/js/src/vm/ArrayBufferObject.h
@@ -422,18 +422,16 @@ class ArrayBufferObject : public ArrayBu
       uint32_t newSize, Handle<ArrayBufferObject*> oldBuf,
       MutableHandle<ArrayBufferObject*> newBuf, JSContext* cx);
 
   static void finalize(JSFreeOp* fop, JSObject* obj);
 
   static BufferContents createMappedContents(int fd, size_t offset,
                                              size_t length);
 
-  static size_t offsetOfDataSlot() { return getFixedSlotOffset(DATA_SLOT); }
-
   void setHasTypedObjectViews() { setFlags(flags() | TYPED_OBJECT_VIEWS); }
 
  protected:
   void setDataPointer(BufferContents contents);
   void setByteLength(uint32_t length);
 
   size_t associatedBytes() const;
 
--- a/js/src/vm/SelfHosting.cpp
+++ b/js/src/vm/SelfHosting.cpp
@@ -2391,18 +2391,16 @@ static const JSFunctionSpec intrinsic_fu
                     1, 0, IntrinsicObjectIsOpaqueTypedObject),
     JS_INLINABLE_FN("ObjectIsTransparentTypedObject",
                     js::ObjectIsTransparentTypedObject, 1, 0,
                     IntrinsicObjectIsTransparentTypedObject),
     JS_INLINABLE_FN("TypeDescrIsArrayType", js::TypeDescrIsArrayType, 1, 0,
                     IntrinsicTypeDescrIsArrayType),
     JS_INLINABLE_FN("TypeDescrIsSimpleType", js::TypeDescrIsSimpleType, 1, 0,
                     IntrinsicTypeDescrIsSimpleType),
-    JS_INLINABLE_FN("SetTypedObjectOffset", js::SetTypedObjectOffset, 2, 0,
-                    IntrinsicSetTypedObjectOffset),
     JS_FN("IsBoxedWasmAnyRef", js::IsBoxedWasmAnyRef, 1, 0),
     JS_FN("IsBoxableWasmAnyRef", js::IsBoxableWasmAnyRef, 1, 0),
     JS_FN("BoxWasmAnyRef", js::BoxWasmAnyRef, 1, 0),
     JS_FN("UnboxBoxedWasmAnyRef", js::UnboxBoxedWasmAnyRef, 1, 0),
 
 // clang-format off
 #define LOAD_AND_STORE_SCALAR_FN_DECLS(_constant, _type, _name)         \
     JS_FN("Store_" #_name, js::StoreScalar##_type::Func, 3, 0),         \