Backed out 2 changesets (bug 1541404) for causing leaks at AnalyzeArgumentsUsage
authorMihai Alexandru Michis <malexandru@mozilla.com>
Tue, 14 May 2019 16:00:32 +0300
changeset 535662 9afa1dcd247b1d206f66e31290cec79f11dbf6c9
parent 535661 06c7b6262c1cdddc3a24968c9258193b9f128a8b
child 535663 37081b3411f5ed9475b2b72e6ce6433a42125d67
push id2082
push userffxbld-merge
push dateMon, 01 Jul 2019 08:34:18 +0000
treeherdermozilla-release@2fb19d0466d2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1541404
milestone68.0a1
backs outc4b0bd61050bb7f3117c2a46ed740fc5d61d0700
760cc10c63b0a19b2553560c69d32a91f0472074
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 2 changesets (bug 1541404) for causing leaks at AnalyzeArgumentsUsage Backed out changeset c4b0bd61050b (bug 1541404) Backed out changeset 760cc10c63b0 (bug 1541404)
js/src/jit/BaselineCompiler.cpp
js/src/jit/VMFunctions.cpp
js/src/jit/arm/MacroAssembler-arm.cpp
js/src/jit/arm/MacroAssembler-arm.h
js/src/jit/arm64/MacroAssembler-arm64.h
js/src/jit/mips32/MacroAssembler-mips32.h
js/src/jit/mips64/MacroAssembler-mips64.h
js/src/jit/none/MacroAssembler-none.h
js/src/jit/x64/MacroAssembler-x64.h
js/src/jit/x86/MacroAssembler-x86.h
js/src/vm/TypeInference.cpp
--- a/js/src/jit/BaselineCompiler.cpp
+++ b/js/src/jit/BaselineCompiler.cpp
@@ -158,17 +158,18 @@ MethodStatus BaselineCompiler::compile()
           script->filename(), script->lineno(), script->column());
 
   TraceLoggerThread* logger = TraceLoggerForCurrentThread(cx);
   TraceLoggerEvent scriptEvent(TraceLogger_AnnotateScripts, script);
   AutoTraceLog logScript(logger, scriptEvent);
   AutoTraceLog logCompile(logger, TraceLogger_BaselineCompilation);
 
   AutoKeepTypeScripts keepTypes(cx);
-  if (!script->ensureHasTypes(cx, keepTypes)) {
+  if (!script->ensureHasTypes(cx, keepTypes) ||
+      !script->ensureHasAnalyzedArgsUsage(cx)) {
     return Method_Error;
   }
 
   // When code coverage is only enabled for optimizations, or when a Debugger
   // set the collectCoverageInfo flag, we have to create the ScriptCounts if
   // they do not exist.
   if (!script->hasScriptCounts() && cx->realm()->collectCoverage()) {
     if (!script->initScriptCounts(cx)) {
@@ -410,17 +411,17 @@ static void LoadUint24Operand(MacroAssem
   masm.rshift32(Imm32(8), dest);
 }
 
 static void LoadInlineValueOperand(MacroAssembler& masm, Register pc,
                                    ValueOperand dest) {
   // Note: the Value might be unaligned but as above we rely on all our
   // platforms having appropriate support for unaligned accesses (except for
   // floating point instructions on ARM).
-  masm.loadUnalignedValue(Address(pc, sizeof(jsbytecode)), dest);
+  masm.loadValue(Address(pc, sizeof(jsbytecode)), dest);
 }
 
 template <>
 void BaselineCompilerCodeGen::loadScript(Register dest) {
   masm.movePtr(ImmGCPtr(handler.script()), dest);
 }
 
 template <>
@@ -6681,20 +6682,16 @@ bool BaselineInterpreterGenerator::gener
 JitCode* JitRuntime::generateDebugTrapHandler(JSContext* cx,
                                               DebugTrapHandlerKind kind) {
   StackMacroAssembler masm;
 
   AllocatableGeneralRegisterSet regs(GeneralRegisterSet::All());
   regs.takeUnchecked(BaselineFrameReg);
   regs.takeUnchecked(ICStubReg);
   regs.takeUnchecked(PCRegAtStart);
-#ifdef JS_CODEGEN_ARM
-  regs.takeUnchecked(BaselineSecondScratchReg);
-  masm.setSecondScratchReg(BaselineSecondScratchReg);
-#endif
   Register scratch1 = regs.takeAny();
   Register scratch2 = regs.takeAny();
   Register scratch3 = regs.takeAny();
 
   if (kind == DebugTrapHandlerKind::Interpreter) {
     // The interpreter calls this for every script when debugging, so check if
     // the script has any breakpoints or is in step mode before calling into
     // C++.
--- a/js/src/jit/VMFunctions.cpp
+++ b/js/src/jit/VMFunctions.cpp
@@ -1048,16 +1048,24 @@ bool GlobalNameConflictsCheckFromIon(JSC
 }
 
 bool InitFunctionEnvironmentObjects(JSContext* cx, BaselineFrame* frame) {
   return frame->initFunctionEnvironmentObjects(cx);
 }
 
 bool NewArgumentsObject(JSContext* cx, BaselineFrame* frame,
                         MutableHandleValue res) {
+  // BaselineCompiler calls ensureHasAnalyzedArgsUsage at compile time. The
+  // interpreters have to do this as part of JSOP_ARGUMENTS.
+  if (frame->runningInInterpreter()) {
+    if (!frame->script()->ensureHasAnalyzedArgsUsage(cx)) {
+      return false;
+    }
+  }
+
   ArgumentsObject* obj = ArgumentsObject::createExpected(cx, frame);
   if (!obj) {
     return false;
   }
   res.setObject(*obj);
   return true;
 }
 
--- a/js/src/jit/arm/MacroAssembler-arm.cpp
+++ b/js/src/jit/arm/MacroAssembler-arm.cpp
@@ -3045,16 +3045,19 @@ void MacroAssemblerARMCompat::loadValue(
     }
   } else {
     ma_alu(addr.base, lsl(addr.index, addr.scale), scratch, OpAdd);
     loadValue(Address(scratch, addr.offset), val);
   }
 }
 
 void MacroAssemblerARMCompat::loadValue(Address src, ValueOperand val) {
+  Address payload = ToPayload(src);
+  Address type = ToType(src);
+
   // TODO: copy this code into a generic function that acts on all sequences
   // of memory accesses
   if (isValueDTRDCandidate(val)) {
     // If the value we want is in two consecutive registers starting with an
     // even register, they can be combined as a single ldrd.
     int offset = src.offset;
     if (offset < 256 && offset > -256) {
       ma_ldrd(EDtrAddr(src.base, EDtrOffImm(src.offset)), val.payloadReg(),
@@ -3088,35 +3091,26 @@ void MacroAssemblerARMCompat::loadValue(
       }
       startDataTransferM(IsLoad, src.base, mode);
       transferReg(val.payloadReg());
       transferReg(val.typeReg());
       finishDataTransfer();
       return;
     }
   }
-
-  loadUnalignedValue(src, val);
-}
-
-void MacroAssemblerARMCompat::loadUnalignedValue(const Address& src,
-                                                 ValueOperand dest) {
-  Address payload = ToPayload(src);
-  Address type = ToType(src);
-
   // Ensure that loading the payload does not erase the pointer to the Value
   // in memory.
-  if (type.base != dest.payloadReg()) {
+  if (type.base != val.payloadReg()) {
     SecondScratchRegisterScope scratch2(asMasm());
-    ma_ldr(payload, dest.payloadReg(), scratch2);
-    ma_ldr(type, dest.typeReg(), scratch2);
+    ma_ldr(payload, val.payloadReg(), scratch2);
+    ma_ldr(type, val.typeReg(), scratch2);
   } else {
     SecondScratchRegisterScope scratch2(asMasm());
-    ma_ldr(type, dest.typeReg(), scratch2);
-    ma_ldr(payload, dest.payloadReg(), scratch2);
+    ma_ldr(type, val.typeReg(), scratch2);
+    ma_ldr(payload, val.payloadReg(), scratch2);
   }
 }
 
 void MacroAssemblerARMCompat::tagValue(JSValueType type, Register payload,
                                        ValueOperand dest) {
   MOZ_ASSERT(dest.typeReg() != dest.payloadReg());
   if (payload != dest.payloadReg()) {
     ma_mov(payload, dest.payloadReg());
--- a/js/src/jit/arm/MacroAssembler-arm.h
+++ b/js/src/jit/arm/MacroAssembler-arm.h
@@ -1055,21 +1055,16 @@ class MacroAssemblerARMCompat : public M
     store32(temp, ToPayload(dest));
   }
 
   void loadValue(Address src, ValueOperand val);
   void loadValue(Operand dest, ValueOperand val) {
     loadValue(dest.toAddress(), val);
   }
   void loadValue(const BaseIndex& addr, ValueOperand val);
-
-  // Like loadValue but guaranteed to not use LDRD or LDM instructions (these
-  // don't support unaligned accesses).
-  void loadUnalignedValue(const Address& src, ValueOperand dest);
-
   void tagValue(JSValueType type, Register payload, ValueOperand dest);
 
   void pushValue(ValueOperand val);
   void popValue(ValueOperand val);
   void pushValue(const Value& val) {
     push(Imm32(val.toNunboxTag()));
     if (val.isGCThing()) {
       push(ImmGCPtr(val.toGCThing()));
--- a/js/src/jit/arm64/MacroAssembler-arm64.h
+++ b/js/src/jit/arm64/MacroAssembler-arm64.h
@@ -292,19 +292,16 @@ class MacroAssemblerCompat : public vixl
     Ldr(ARMRegister(val, 64), MemOperand(src));
   }
   void loadValue(Address src, ValueOperand val) {
     Ldr(ARMRegister(val.valueReg(), 64), MemOperand(src));
   }
   void loadValue(const BaseIndex& src, ValueOperand val) {
     doBaseIndex(ARMRegister(val.valueReg(), 64), src, vixl::LDR_x);
   }
-  void loadUnalignedValue(const Address& src, ValueOperand dest) {
-    loadValue(src, dest);
-  }
   void tagValue(JSValueType type, Register payload, ValueOperand dest) {
     // This could be cleverer, but the first attempt had bugs.
     Orr(ARMRegister(dest.valueReg(), 64), ARMRegister(payload, 64),
         Operand(ImmShiftedTag(type).value));
   }
   void pushValue(ValueOperand val) {
     vixl::MacroAssembler::Push(ARMRegister(val.valueReg(), 64));
   }
--- a/js/src/jit/mips32/MacroAssembler-mips32.h
+++ b/js/src/jit/mips32/MacroAssembler-mips32.h
@@ -513,21 +513,16 @@ class MacroAssemblerMIPSCompat : public 
     store32(temp, ToPayload(dest));
   }
 
   void loadValue(Address src, ValueOperand val);
   void loadValue(Operand dest, ValueOperand val) {
     loadValue(dest.toAddress(), val);
   }
   void loadValue(const BaseIndex& addr, ValueOperand val);
-
-  void loadUnalignedValue(const Address& src, ValueOperand dest) {
-    loadValue(src, dest);
-  }
-
   void tagValue(JSValueType type, Register payload, ValueOperand dest);
 
   void pushValue(ValueOperand val);
   void popValue(ValueOperand val);
 #if MOZ_LITTLE_ENDIAN
   void pushValue(const Value& val) {
     push(Imm32(val.toNunboxTag()));
     if (val.isGCThing()) {
--- a/js/src/jit/mips64/MacroAssembler-mips64.h
+++ b/js/src/jit/mips64/MacroAssembler-mips64.h
@@ -555,21 +555,16 @@ class MacroAssemblerMIPS64Compat : publi
     storePtr(temp, dest);
   }
 
   void loadValue(Address src, ValueOperand val);
   void loadValue(Operand dest, ValueOperand val) {
     loadValue(dest.toAddress(), val);
   }
   void loadValue(const BaseIndex& addr, ValueOperand val);
-
-  void loadUnalignedValue(const Address& src, ValueOperand dest) {
-    loadValue(src, dest);
-  }
-
   void tagValue(JSValueType type, Register payload, ValueOperand dest);
 
   void pushValue(ValueOperand val);
   void popValue(ValueOperand val);
   void pushValue(const Value& val) {
     if (val.isGCThing()) {
       writeDataRelocation(val);
       movWithPatch(ImmWord(val.asRawBits()), ScratchRegister);
--- a/js/src/jit/none/MacroAssembler-none.h
+++ b/js/src/jit/none/MacroAssembler-none.h
@@ -284,20 +284,16 @@ class MacroAssemblerNone : public Assemb
   template <typename T, typename S, typename U>
   void storeValue(T, S, U) {
     MOZ_CRASH();
   }
   template <typename T, typename S>
   void loadValue(T, S) {
     MOZ_CRASH();
   }
-  template <typename T, typename S>
-  void loadUnalignedValue(T, S) {
-    MOZ_CRASH();
-  }
   template <typename T>
   void pushValue(const T&) {
     MOZ_CRASH();
   }
   template <typename T, typename S>
   void pushValue(T, S) {
     MOZ_CRASH();
   }
--- a/js/src/jit/x64/MacroAssembler-x64.h
+++ b/js/src/jit/x64/MacroAssembler-x64.h
@@ -191,19 +191,16 @@ class MacroAssemblerX64 : public MacroAs
   }
   void loadValue(Operand src, ValueOperand val) { movq(src, val.valueReg()); }
   void loadValue(Address src, ValueOperand val) {
     loadValue(Operand(src), val);
   }
   void loadValue(const BaseIndex& src, ValueOperand val) {
     loadValue(Operand(src), val);
   }
-  void loadUnalignedValue(const Address& src, ValueOperand dest) {
-    loadValue(src, dest);
-  }
   void tagValue(JSValueType type, Register payload, ValueOperand dest) {
     ScratchRegisterScope scratch(asMasm());
     MOZ_ASSERT(dest.valueReg() != scratch);
     if (payload != dest.valueReg()) {
       movq(payload, dest.valueReg());
     }
     mov(ImmShiftedTag(type), scratch);
     orq(scratch, dest.valueReg());
--- a/js/src/jit/x86/MacroAssembler-x86.h
+++ b/js/src/jit/x86/MacroAssembler-x86.h
@@ -213,19 +213,16 @@ class MacroAssemblerX86 : public MacroAs
     }
   }
   void loadValue(Address src, ValueOperand val) {
     loadValue(Operand(src), val);
   }
   void loadValue(const BaseIndex& src, ValueOperand val) {
     loadValue(Operand(src), val);
   }
-  void loadUnalignedValue(const Address& src, ValueOperand dest) {
-    loadValue(src, dest);
-  }
   void tagValue(JSValueType type, Register payload, ValueOperand dest) {
     MOZ_ASSERT(dest.typeReg() != dest.payloadReg());
     if (payload != dest.payloadReg()) {
       movl(payload, dest.payloadReg());
     }
     movl(ImmType(type), dest.typeReg());
   }
   void pushValue(ValueOperand val) {
--- a/js/src/vm/TypeInference.cpp
+++ b/js/src/vm/TypeInference.cpp
@@ -3492,22 +3492,16 @@ bool JSScript::makeTypes(JSContext* cx) 
   cx->check(this);
 
   // Scripts that will never run in the Baseline Interpreter or the JITs don't
   // need a TypeScript.
   MOZ_ASSERT(!hasForceInterpreterOp());
 
   AutoEnterAnalysis enter(cx);
 
-  // Run the arguments-analysis if needed. Both the Baseline Interpreter and
-  // Compiler rely on this.
-  if (!ensureHasAnalyzedArgsUsage(cx)) {
-    return false;
-  }
-
   UniquePtr<jit::ICScript> icScript(jit::ICScript::create(cx, this));
   if (!icScript) {
     return false;
   }
 
   // We need to call prepareForDestruction on ICScript before we |delete| it.
   auto prepareForDestruction = mozilla::MakeScopeExit(
       [&] { icScript->prepareForDestruction(cx->zone()); });