summaryrefslogtreecommitdiffstats
path: root/js/src/jit
diff options
context:
space:
mode:
Diffstat (limited to 'js/src/jit')
-rw-r--r--js/src/jit/BaselineCompiler.cpp6
-rw-r--r--js/src/jit/BaselineCompiler.h1
-rw-r--r--js/src/jit/BaselineIC.cpp56
-rw-r--r--js/src/jit/BaselineIC.h12
-rw-r--r--js/src/jit/BaselineJIT.cpp2
-rw-r--r--js/src/jit/CodeGenerator.cpp41
-rw-r--r--js/src/jit/CodeGenerator.h5
-rw-r--r--js/src/jit/InlinableNatives.h1
-rw-r--r--js/src/jit/Ion.cpp2
-rw-r--r--js/src/jit/IonAnalysis.cpp6
-rw-r--r--js/src/jit/IonAnalysis.h2
-rw-r--r--js/src/jit/IonBuilder.cpp51
-rw-r--r--js/src/jit/IonBuilder.h18
-rw-r--r--js/src/jit/IonCaches.cpp2
-rw-r--r--js/src/jit/Lowering.cpp10
-rw-r--r--js/src/jit/Lowering.h1
-rw-r--r--js/src/jit/MCallOptimize.cpp42
-rw-r--r--js/src/jit/MIR.cpp38
-rw-r--r--js/src/jit/MIR.h42
-rw-r--r--js/src/jit/MOpcodes.h1
-rw-r--r--js/src/jit/VMFunctions.cpp22
-rw-r--r--js/src/jit/VMFunctions.h7
-rw-r--r--js/src/jit/shared/LIR-shared.h31
-rw-r--r--js/src/jit/shared/LOpcodes-shared.h1
24 files changed, 159 insertions, 241 deletions
diff --git a/js/src/jit/BaselineCompiler.cpp b/js/src/jit/BaselineCompiler.cpp
index 6b64bfb44..b2f9d3b23 100644
--- a/js/src/jit/BaselineCompiler.cpp
+++ b/js/src/jit/BaselineCompiler.cpp
@@ -3292,6 +3292,12 @@ BaselineCompiler::emit_JSOP_CALL()
}
bool
+BaselineCompiler::emit_JSOP_CALL_IGNORES_RV()
+{
+ return emitCall();
+}
+
+bool
BaselineCompiler::emit_JSOP_CALLITER()
{
return emitCall();
diff --git a/js/src/jit/BaselineCompiler.h b/js/src/jit/BaselineCompiler.h
index 910a52980..95e0c77ad 100644
--- a/js/src/jit/BaselineCompiler.h
+++ b/js/src/jit/BaselineCompiler.h
@@ -159,6 +159,7 @@ namespace jit {
_(JSOP_INITALIASEDLEXICAL) \
_(JSOP_UNINITIALIZED) \
_(JSOP_CALL) \
+ _(JSOP_CALL_IGNORES_RV) \
_(JSOP_CALLITER) \
_(JSOP_FUNCALL) \
_(JSOP_FUNAPPLY) \
diff --git a/js/src/jit/BaselineIC.cpp b/js/src/jit/BaselineIC.cpp
index 2f20ffa4f..a001357f8 100644
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -10,6 +10,8 @@
#include "mozilla/SizePrintfMacros.h"
#include "mozilla/TemplateLib.h"
+#include "jsfriendapi.h"
+#include "jsfun.h"
#include "jslibmath.h"
#include "jstypes.h"
@@ -321,7 +323,14 @@ DoTypeUpdateFallback(JSContext* cx, BaselineFrame* frame, ICUpdatedStub* stub, H
MOZ_CRASH("Invalid stub");
}
- return stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value);
+ if (!stub->addUpdateStubForValue(cx, script /* = outerScript */, obj, id, value)) {
+ // The calling JIT code assumes this function is infallible (for
+ // instance we may reallocate dynamic slots before calling this),
+ // so ignore OOMs if we failed to attach a stub.
+ cx->recoverFromOutOfMemory();
+ }
+
+ return true;
}
typedef bool (*DoTypeUpdateFallbackFn)(JSContext*, BaselineFrame*, ICUpdatedStub*, HandleValue,
@@ -2253,14 +2262,20 @@ DenseOrUnboxedArraySetElemStubExists(JSContext* cx, ICStub::Kind kind,
for (ICStubConstIterator iter = stub->beginChainConst(); !iter.atEnd(); iter++) {
if (kind == ICStub::SetElem_DenseOrUnboxedArray && iter->isSetElem_DenseOrUnboxedArray()) {
ICSetElem_DenseOrUnboxedArray* nstub = iter->toSetElem_DenseOrUnboxedArray();
- if (obj->maybeShape() == nstub->shape() && obj->getGroup(cx) == nstub->group())
+ if (obj->maybeShape() == nstub->shape() &&
+ JSObject::getGroup(cx, obj) == nstub->group())
+ {
return true;
+ }
}
if (kind == ICStub::SetElem_DenseOrUnboxedArrayAdd && iter->isSetElem_DenseOrUnboxedArrayAdd()) {
ICSetElem_DenseOrUnboxedArrayAdd* nstub = iter->toSetElem_DenseOrUnboxedArrayAdd();
- if (obj->getGroup(cx) == nstub->group() && SetElemAddHasSameShapes(nstub, obj))
+ if (JSObject::getGroup(cx, obj) == nstub->group() &&
+ SetElemAddHasSameShapes(nstub, obj))
+ {
return true;
+ }
}
}
return false;
@@ -2446,7 +2461,7 @@ DoSetElemFallback(JSContext* cx, BaselineFrame* frame, ICSetElem_Fallback* stub_
&addingCase, &protoDepth))
{
RootedShape shape(cx, obj->maybeShape());
- RootedObjectGroup group(cx, obj->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj));
if (!group)
return false;
@@ -4277,7 +4292,7 @@ DoSetPropFallback(JSContext* cx, BaselineFrame* frame, ICSetProp_Fallback* stub_
if (!obj)
return false;
RootedShape oldShape(cx, obj->maybeShape());
- RootedObjectGroup oldGroup(cx, obj->getGroup(cx));
+ RootedObjectGroup oldGroup(cx, JSObject::getGroup(cx, obj));
if (!oldGroup)
return false;
RootedReceiverGuard oldGuard(cx, ReceiverGuard(obj));
@@ -5175,14 +5190,13 @@ GetTemplateObjectForNative(JSContext* cx, HandleFunction target, const CallArgs&
if (native == js::array_slice) {
if (args.thisv().isObject()) {
- JSObject* obj = &args.thisv().toObject();
+ RootedObject obj(cx, &args.thisv().toObject());
if (!obj->isSingleton()) {
if (obj->group()->maybePreliminaryObjects()) {
*skipAttach = true;
return true;
}
- res.set(NewFullyAllocatedArrayTryReuseGroup(cx, &args.thisv().toObject(), 0,
- TenuredObject));
+ res.set(NewFullyAllocatedArrayTryReuseGroup(cx, obj, 0, TenuredObject));
return !!res;
}
}
@@ -5489,11 +5503,17 @@ TryAttachCallStub(JSContext* cx, ICCall_Fallback* stub, HandleScript script, jsb
MOZ_ASSERT_IF(templateObject, !templateObject->group()->maybePreliminaryObjects());
}
+ bool ignoresReturnValue = false;
+ if (op == JSOP_CALL_IGNORES_RV && fun->isNative()) {
+ const JSJitInfo* jitInfo = fun->jitInfo();
+ ignoresReturnValue = jitInfo && jitInfo->type() == JSJitInfo::IgnoresReturnValueNative;
+ }
+
JitSpew(JitSpew_BaselineIC, " Generating Call_Native stub (fun=%p, cons=%s, spread=%s)",
fun.get(), constructing ? "yes" : "no", isSpread ? "yes" : "no");
ICCall_Native::Compiler compiler(cx, stub->fallbackMonitorStub()->firstMonitorStub(),
- fun, templateObject, constructing, isSpread,
- script->pcToOffset(pc));
+ fun, templateObject, constructing, ignoresReturnValue,
+ isSpread, script->pcToOffset(pc));
ICStub* newStub = compiler.getStub(compiler.getStubSpace(script));
if (!newStub)
return false;
@@ -5596,12 +5616,14 @@ DoCallFallback(JSContext* cx, BaselineFrame* frame, ICCall_Fallback* stub_, uint
MOZ_ASSERT(argc == GET_ARGC(pc));
bool constructing = (op == JSOP_NEW);
+ bool ignoresReturnValue = (op == JSOP_CALL_IGNORES_RV);
// Ensure vp array is rooted - we may GC in here.
size_t numValues = argc + 2 + constructing;
AutoArrayRooter vpRoot(cx, numValues, vp);
- CallArgs callArgs = CallArgsFromSp(argc + constructing, vp + numValues, constructing);
+ CallArgs callArgs = CallArgsFromSp(argc + constructing, vp + numValues, constructing,
+ ignoresReturnValue);
RootedValue callee(cx, vp[0]);
// Handle funapply with JSOP_ARGUMENTS
@@ -5631,6 +5653,7 @@ DoCallFallback(JSContext* cx, BaselineFrame* frame, ICCall_Fallback* stub_, uint
return false;
} else {
MOZ_ASSERT(op == JSOP_CALL ||
+ op == JSOP_CALL_IGNORES_RV ||
op == JSOP_CALLITER ||
op == JSOP_FUNCALL ||
op == JSOP_FUNAPPLY ||
@@ -6681,7 +6704,12 @@ ICCall_Native::Compiler::generateStubCode(MacroAssembler& masm)
// stub and use that instead of the original one.
masm.callWithABI(Address(ICStubReg, ICCall_Native::offsetOfNative()));
#else
- masm.callWithABI(Address(callee, JSFunction::offsetOfNativeOrScript()));
+ if (ignoresReturnValue_) {
+ masm.loadPtr(Address(callee, JSFunction::offsetOfJitInfo()), callee);
+ masm.callWithABI(Address(callee, JSJitInfo::offsetOfIgnoresReturnValueNative()));
+ } else {
+ masm.callWithABI(Address(callee, JSFunction::offsetOfNativeOrScript()));
+ }
#endif
// Test for failure.
@@ -7961,7 +7989,7 @@ ICUpdatedStub*
ICSetElemDenseOrUnboxedArrayAddCompiler::getStubSpecific(ICStubSpace* space,
Handle<ShapeVector> shapes)
{
- RootedObjectGroup group(cx, obj_->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj_));
if (!group)
return nullptr;
Rooted<JitCode*> stubCode(cx, getStubCode());
@@ -8098,7 +8126,7 @@ ICSetProp_Native::ICSetProp_Native(JitCode* stubCode, ObjectGroup* group, Shape*
ICSetProp_Native*
ICSetProp_Native::Compiler::getStub(ICStubSpace* space)
{
- RootedObjectGroup group(cx, obj_->getGroup(cx));
+ RootedObjectGroup group(cx, JSObject::getGroup(cx, obj_));
if (!group)
return nullptr;
diff --git a/js/src/jit/BaselineIC.h b/js/src/jit/BaselineIC.h
index 98f0e1c59..e1ad12559 100644
--- a/js/src/jit/BaselineIC.h
+++ b/js/src/jit/BaselineIC.h
@@ -1940,7 +1940,7 @@ class ICSetPropNativeAddCompiler : public ICStubCompiler
template <size_t ProtoChainDepth>
ICUpdatedStub* getStubSpecific(ICStubSpace* space, Handle<ShapeVector> shapes)
{
- RootedObjectGroup newGroup(cx, obj_->getGroup(cx));
+ RootedObjectGroup newGroup(cx, JSObject::getGroup(cx, obj_));
if (!newGroup)
return nullptr;
@@ -2277,6 +2277,7 @@ class ICSetProp_CallNative : public ICSetPropCallSetter
// Call
// JSOP_CALL
+// JSOP_CALL_IGNORES_RV
// JSOP_FUNAPPLY
// JSOP_FUNCALL
// JSOP_NEW
@@ -2547,6 +2548,7 @@ class ICCall_Native : public ICMonitoredStub
protected:
ICStub* firstMonitorStub_;
bool isConstructing_;
+ bool ignoresReturnValue_;
bool isSpread_;
RootedFunction callee_;
RootedObject templateObject_;
@@ -2556,17 +2558,19 @@ class ICCall_Native : public ICMonitoredStub
virtual int32_t getKey() const {
return static_cast<int32_t>(engine_) |
(static_cast<int32_t>(kind) << 1) |
- (static_cast<int32_t>(isConstructing_) << 17) |
- (static_cast<int32_t>(isSpread_) << 18);
+ (static_cast<int32_t>(isSpread_) << 17) |
+ (static_cast<int32_t>(isConstructing_) << 18) |
+ (static_cast<int32_t>(ignoresReturnValue_) << 19);
}
public:
Compiler(JSContext* cx, ICStub* firstMonitorStub,
HandleFunction callee, HandleObject templateObject,
- bool isConstructing, bool isSpread, uint32_t pcOffset)
+ bool isConstructing, bool ignoresReturnValue, bool isSpread, uint32_t pcOffset)
: ICCallStubCompiler(cx, ICStub::Call_Native),
firstMonitorStub_(firstMonitorStub),
isConstructing_(isConstructing),
+ ignoresReturnValue_(ignoresReturnValue),
isSpread_(isSpread),
callee_(cx, callee),
templateObject_(cx, templateObject),
diff --git a/js/src/jit/BaselineJIT.cpp b/js/src/jit/BaselineJIT.cpp
index d0e297c2d..5c21926b5 100644
--- a/js/src/jit/BaselineJIT.cpp
+++ b/js/src/jit/BaselineJIT.cpp
@@ -273,7 +273,7 @@ jit::BaselineCompile(JSContext* cx, JSScript* script, bool forceDebugInstrumenta
MOZ_ASSERT(script->canBaselineCompile());
MOZ_ASSERT(IsBaselineEnabled(cx));
- script->ensureNonLazyCanonicalFunction(cx);
+ script->ensureNonLazyCanonicalFunction();
LifoAlloc alloc(TempAllocator::PreferredLifoChunkSize);
TempAllocator* temp = alloc.new_<TempAllocator>(&alloc);
diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
index fcb711237..205812942 100644
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -1053,7 +1053,7 @@ PrepareAndExecuteRegExp(JSContext* cx, MacroAssembler& masm, Register regexp, Re
Address pairsVectorAddress(masm.getStackPointer(), pairsVectorStartOffset);
- RegExpStatics* res = cx->global()->getRegExpStatics(cx);
+ RegExpStatics* res = GlobalObject::getRegExpStatics(cx, cx->global());
if (!res)
return false;
#ifdef JS_USE_LINK_REGISTER
@@ -3688,7 +3688,13 @@ CodeGenerator::visitCallNative(LCallNative* call)
masm.passABIArg(argContextReg);
masm.passABIArg(argUintNReg);
masm.passABIArg(argVpReg);
- masm.callWithABI(JS_FUNC_TO_DATA_PTR(void*, target->native()));
+ JSNative native = target->native();
+ if (call->ignoresReturnValue()) {
+ const JSJitInfo* jitInfo = target->jitInfo();
+ if (jitInfo && jitInfo->type() == JSJitInfo::IgnoresReturnValueNative)
+ native = jitInfo->ignoresReturnValueMethod;
+ }
+ masm.callWithABI(JS_FUNC_TO_DATA_PTR(void*, native));
emitTracelogStopEvent(TraceLogger_Call);
@@ -3845,13 +3851,15 @@ CodeGenerator::visitCallGetIntrinsicValue(LCallGetIntrinsicValue* lir)
callVM(GetIntrinsicValueInfo, lir);
}
-typedef bool (*InvokeFunctionFn)(JSContext*, HandleObject, bool, uint32_t, Value*, MutableHandleValue);
+typedef bool (*InvokeFunctionFn)(JSContext*, HandleObject, bool, bool, uint32_t, Value*,
+ MutableHandleValue);
static const VMFunction InvokeFunctionInfo =
FunctionInfo<InvokeFunctionFn>(InvokeFunction, "InvokeFunction");
void
CodeGenerator::emitCallInvokeFunction(LInstruction* call, Register calleereg,
- bool constructing, uint32_t argc, uint32_t unusedStack)
+ bool constructing, bool ignoresReturnValue,
+ uint32_t argc, uint32_t unusedStack)
{
// Nestle %esp up to the argument vector.
// Each path must account for framePushed_ separately, for callVM to be valid.
@@ -3859,6 +3867,7 @@ CodeGenerator::emitCallInvokeFunction(LInstruction* call, Register calleereg,
pushArg(masm.getStackPointer()); // argv.
pushArg(Imm32(argc)); // argc.
+ pushArg(Imm32(ignoresReturnValue));
pushArg(Imm32(constructing)); // constructing.
pushArg(calleereg); // JSFunction*.
@@ -3945,8 +3954,8 @@ CodeGenerator::visitCallGeneric(LCallGeneric* call)
// Handle uncompiled or native functions.
masm.bind(&invoke);
- emitCallInvokeFunction(call, calleereg, call->isConstructing(), call->numActualArgs(),
- unusedStack);
+ emitCallInvokeFunction(call, calleereg, call->isConstructing(), call->ignoresReturnValue(),
+ call->numActualArgs(), unusedStack);
masm.bind(&end);
@@ -4001,7 +4010,8 @@ CodeGenerator::visitCallKnown(LCallKnown* call)
masm.checkStackAlignment();
if (target->isClassConstructor() && !call->isConstructing()) {
- emitCallInvokeFunction(call, calleereg, call->isConstructing(), call->numActualArgs(), unusedStack);
+ emitCallInvokeFunction(call, calleereg, call->isConstructing(), call->ignoresReturnValue(),
+ call->numActualArgs(), unusedStack);
return;
}
@@ -4045,7 +4055,8 @@ CodeGenerator::visitCallKnown(LCallKnown* call)
if (call->isConstructing() && target->nargs() > call->numActualArgs())
emitCallInvokeFunctionShuffleNewTarget(call, calleereg, target->nargs(), unusedStack);
else
- emitCallInvokeFunction(call, calleereg, call->isConstructing(), call->numActualArgs(), unusedStack);
+ emitCallInvokeFunction(call, calleereg, call->isConstructing(), call->ignoresReturnValue(),
+ call->numActualArgs(), unusedStack);
masm.bind(&end);
@@ -4072,6 +4083,7 @@ CodeGenerator::emitCallInvokeFunction(T* apply, Register extraStackSize)
pushArg(objreg); // argv.
pushArg(ToRegister(apply->getArgc())); // argc.
+ pushArg(Imm32(false)); // ignoresReturnValue.
pushArg(Imm32(false)); // isConstrucing.
pushArg(ToRegister(apply->getFunction())); // JSFunction*.
@@ -4428,19 +4440,6 @@ CodeGenerator::visitApplyArrayGeneric(LApplyArrayGeneric* apply)
emitApplyGeneric(apply);
}
-typedef bool (*ArraySpliceDenseFn)(JSContext*, HandleObject, uint32_t, uint32_t);
-static const VMFunction ArraySpliceDenseInfo =
- FunctionInfo<ArraySpliceDenseFn>(ArraySpliceDense, "ArraySpliceDense");
-
-void
-CodeGenerator::visitArraySplice(LArraySplice* lir)
-{
- pushArg(ToRegister(lir->getDeleteCount()));
- pushArg(ToRegister(lir->getStart()));
- pushArg(ToRegister(lir->getObject()));
- callVM(ArraySpliceDenseInfo, lir);
-}
-
void
CodeGenerator::visitBail(LBail* lir)
{
diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h
index b5f170d84..12f1238ef 100644
--- a/js/src/jit/CodeGenerator.h
+++ b/js/src/jit/CodeGenerator.h
@@ -165,8 +165,8 @@ class CodeGenerator final : public CodeGeneratorSpecific
void visitOutOfLineCallPostWriteElementBarrier(OutOfLineCallPostWriteElementBarrier* ool);
void visitCallNative(LCallNative* call);
void emitCallInvokeFunction(LInstruction* call, Register callereg,
- bool isConstructing, uint32_t argc,
- uint32_t unusedStack);
+ bool isConstructing, bool ignoresReturnValue,
+ uint32_t argc, uint32_t unusedStack);
void visitCallGeneric(LCallGeneric* call);
void emitCallInvokeFunctionShuffleNewTarget(LCallKnown *call,
Register calleeReg,
@@ -251,7 +251,6 @@ class CodeGenerator final : public CodeGeneratorSpecific
void emitSetPropertyPolymorphic(LInstruction* lir, Register obj,
Register scratch, const ConstantOrRegister& value);
void visitSetPropertyPolymorphicV(LSetPropertyPolymorphicV* ins);
- void visitArraySplice(LArraySplice* splice);
void visitSetPropertyPolymorphicT(LSetPropertyPolymorphicT* ins);
void visitAbsI(LAbsI* lir);
void visitAtan2D(LAtan2D* lir);
diff --git a/js/src/jit/InlinableNatives.h b/js/src/jit/InlinableNatives.h
index 18535389a..1d0506f74 100644
--- a/js/src/jit/InlinableNatives.h
+++ b/js/src/jit/InlinableNatives.h
@@ -15,7 +15,6 @@
_(ArrayShift) \
_(ArrayPush) \
_(ArraySlice) \
- _(ArraySplice) \
\
_(AtomicsCompareExchange) \
_(AtomicsExchange) \
diff --git a/js/src/jit/Ion.cpp b/js/src/jit/Ion.cpp
index c61b414e0..b8a2d2fba 100644
--- a/js/src/jit/Ion.cpp
+++ b/js/src/jit/Ion.cpp
@@ -2153,7 +2153,7 @@ IonCompile(JSContext* cx, JSScript* script,
// Make sure the script's canonical function isn't lazy. We can't de-lazify
// it in a helper thread.
- script->ensureNonLazyCanonicalFunction(cx);
+ script->ensureNonLazyCanonicalFunction();
TrackPropertiesForSingletonScopes(cx, script, baselineFrame);
diff --git a/js/src/jit/IonAnalysis.cpp b/js/src/jit/IonAnalysis.cpp
index 41c71c9c3..5fc624fb1 100644
--- a/js/src/jit/IonAnalysis.cpp
+++ b/js/src/jit/IonAnalysis.cpp
@@ -4055,7 +4055,7 @@ AnalyzePoppedThis(JSContext* cx, ObjectGroup* group,
// Add the property to the object, being careful not to update type information.
DebugOnly<unsigned> slotSpan = baseobj->slotSpan();
MOZ_ASSERT(!baseobj->containsPure(id));
- if (!baseobj->addDataProperty(cx, id, baseobj->slotSpan(), JSPROP_ENUMERATE))
+ if (!NativeObject::addDataProperty(cx, baseobj, id, baseobj->slotSpan(), JSPROP_ENUMERATE))
return false;
MOZ_ASSERT(baseobj->slotSpan() != slotSpan);
MOZ_ASSERT(!baseobj->inDictionaryMode());
@@ -4132,7 +4132,7 @@ CmpInstructions(const void* a, const void* b)
}
bool
-jit::AnalyzeNewScriptDefiniteProperties(JSContext* cx, JSFunction* fun,
+jit::AnalyzeNewScriptDefiniteProperties(JSContext* cx, HandleFunction fun,
ObjectGroup* group, HandlePlainObject baseobj,
Vector<TypeNewScript::Initializer>* initializerList)
{
@@ -4142,7 +4142,7 @@ jit::AnalyzeNewScriptDefiniteProperties(JSContext* cx, JSFunction* fun,
// which will definitely be added to the created object before it has a
// chance to escape and be accessed elsewhere.
- RootedScript script(cx, fun->getOrCreateScript(cx));
+ RootedScript script(cx, JSFunction::getOrCreateScript(cx, fun));
if (!script)
return false;
diff --git a/js/src/jit/IonAnalysis.h b/js/src/jit/IonAnalysis.h
index 1ce8edc80..efd31415b 100644
--- a/js/src/jit/IonAnalysis.h
+++ b/js/src/jit/IonAnalysis.h
@@ -196,7 +196,7 @@ MCompare*
ConvertLinearInequality(TempAllocator& alloc, MBasicBlock* block, const LinearSum& sum);
MOZ_MUST_USE bool
-AnalyzeNewScriptDefiniteProperties(JSContext* cx, JSFunction* fun,
+AnalyzeNewScriptDefiniteProperties(JSContext* cx, HandleFunction fun,
ObjectGroup* group, HandlePlainObject baseobj,
Vector<TypeNewScript::Initializer>* initializerList);
diff --git a/js/src/jit/IonBuilder.cpp b/js/src/jit/IonBuilder.cpp
index a54a58add..2d053de5a 100644
--- a/js/src/jit/IonBuilder.cpp
+++ b/js/src/jit/IonBuilder.cpp
@@ -466,7 +466,8 @@ IonBuilder::canInlineTarget(JSFunction* target, CallInfo& callInfo)
// Allow constructing lazy scripts when performing the definite properties
// analysis, as baseline has not been used to warm the caller up yet.
if (target->isInterpreted() && info().analysisMode() == Analysis_DefiniteProperties) {
- RootedScript script(analysisContext, target->getOrCreateScript(analysisContext));
+ RootedFunction fun(analysisContext, target);
+ RootedScript script(analysisContext, JSFunction::getOrCreateScript(analysisContext, fun));
if (!script)
return InliningDecision_Error;
@@ -1938,6 +1939,7 @@ IonBuilder::inspectOpcode(JSOp op)
return jsop_funapply(GET_ARGC(pc));
case JSOP_CALL:
+ case JSOP_CALL_IGNORES_RV:
case JSOP_CALLITER:
case JSOP_NEW:
case JSOP_SUPERCALL:
@@ -1945,7 +1947,8 @@ IonBuilder::inspectOpcode(JSOp op)
if (!outermostBuilder()->iterators_.append(current->peek(-1)))
return false;
}
- return jsop_call(GET_ARGC(pc), (JSOp)*pc == JSOP_NEW || (JSOp)*pc == JSOP_SUPERCALL);
+ return jsop_call(GET_ARGC(pc), (JSOp)*pc == JSOP_NEW || (JSOp)*pc == JSOP_SUPERCALL,
+ (JSOp)*pc == JSOP_CALL_IGNORES_RV);
case JSOP_EVAL:
case JSOP_STRICTEVAL:
@@ -5873,7 +5876,7 @@ IonBuilder::inlineGenericFallback(JSFunction* target, CallInfo& callInfo, MBasic
return false;
// Create a new CallInfo to track modified state within this block.
- CallInfo fallbackInfo(alloc(), callInfo.constructing());
+ CallInfo fallbackInfo(alloc(), callInfo.constructing(), callInfo.ignoresReturnValue());
if (!fallbackInfo.init(callInfo))
return false;
fallbackInfo.popFormals(fallbackBlock);
@@ -5912,7 +5915,7 @@ IonBuilder::inlineObjectGroupFallback(CallInfo& callInfo, MBasicBlock* dispatchB
MOZ_ASSERT(cache->idempotent());
// Create a new CallInfo to track modified state within the fallback path.
- CallInfo fallbackInfo(alloc(), callInfo.constructing());
+ CallInfo fallbackInfo(alloc(), callInfo.constructing(), callInfo.ignoresReturnValue());
if (!fallbackInfo.init(callInfo))
return false;
@@ -6088,7 +6091,7 @@ IonBuilder::inlineCalls(CallInfo& callInfo, const ObjectVector& targets, BoolVec
inlineBlock->rewriteSlot(funIndex, funcDef);
// Create a new CallInfo to track modified state within the inline block.
- CallInfo inlineInfo(alloc(), callInfo.constructing());
+ CallInfo inlineInfo(alloc(), callInfo.constructing(), callInfo.ignoresReturnValue());
if (!inlineInfo.init(callInfo))
return false;
inlineInfo.popFormals(inlineBlock);
@@ -6537,7 +6540,8 @@ IonBuilder::jsop_funcall(uint32_t argc)
TemporaryTypeSet* calleeTypes = current->peek(calleeDepth)->resultTypeSet();
JSFunction* native = getSingleCallTarget(calleeTypes);
if (!native || !native->isNative() || native->native() != &fun_call) {
- CallInfo callInfo(alloc(), false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!callInfo.init(current, argc))
return false;
return makeCall(native, callInfo);
@@ -6562,7 +6566,8 @@ IonBuilder::jsop_funcall(uint32_t argc)
argc -= 1;
}
- CallInfo callInfo(alloc(), false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!callInfo.init(current, argc))
return false;
@@ -6599,7 +6604,8 @@ IonBuilder::jsop_funapply(uint32_t argc)
TemporaryTypeSet* calleeTypes = current->peek(calleeDepth)->resultTypeSet();
JSFunction* native = getSingleCallTarget(calleeTypes);
if (argc != 2 || info().analysisMode() == Analysis_ArgumentsUsage) {
- CallInfo callInfo(alloc(), false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!callInfo.init(current, argc))
return false;
return makeCall(native, callInfo);
@@ -6628,7 +6634,8 @@ IonBuilder::jsop_funapply(uint32_t argc)
return jsop_funapplyarray(argc);
}
- CallInfo callInfo(alloc(), false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!callInfo.init(current, argc))
return false;
return makeCall(native, callInfo);
@@ -6737,7 +6744,8 @@ IonBuilder::jsop_funapplyarguments(uint32_t argc)
// can inline the apply() target and don't care about the actual arguments
// that were passed in.
- CallInfo callInfo(alloc(), false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
// Vp
MDefinition* vp = current->pop();
@@ -6783,7 +6791,7 @@ IonBuilder::jsop_funapplyarguments(uint32_t argc)
}
bool
-IonBuilder::jsop_call(uint32_t argc, bool constructing)
+IonBuilder::jsop_call(uint32_t argc, bool constructing, bool ignoresReturnValue)
{
startTrackingOptimizations();
@@ -6809,7 +6817,7 @@ IonBuilder::jsop_call(uint32_t argc, bool constructing)
if (calleeTypes && !getPolyCallTargets(calleeTypes, constructing, targets, 4))
return false;
- CallInfo callInfo(alloc(), constructing);
+ CallInfo callInfo(alloc(), constructing, ignoresReturnValue);
if (!callInfo.init(current, argc))
return false;
@@ -6945,7 +6953,8 @@ IonBuilder::makeCallHelper(JSFunction* target, CallInfo& callInfo)
}
MCall* call = MCall::New(alloc(), target, targetArgs + 1 + callInfo.constructing(),
- callInfo.argc(), callInfo.constructing(), isDOMCall);
+ callInfo.argc(), callInfo.constructing(),
+ callInfo.ignoresReturnValue(), isDOMCall);
if (!call)
return nullptr;
@@ -7046,7 +7055,7 @@ IonBuilder::jsop_eval(uint32_t argc)
// Emit a normal call if the eval has never executed. This keeps us from
// disabling compilation for the script when testing with --ion-eager.
if (calleeTypes && calleeTypes->empty())
- return jsop_call(argc, /* constructing = */ false);
+ return jsop_call(argc, /* constructing = */ false, false);
JSFunction* singleton = getSingleCallTarget(calleeTypes);
if (!singleton)
@@ -7062,7 +7071,8 @@ IonBuilder::jsop_eval(uint32_t argc)
if (info().funMaybeLazy()->isArrow())
return abort("Direct eval from arrow function");
- CallInfo callInfo(alloc(), /* constructing = */ false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!callInfo.init(current, argc))
return false;
callInfo.setImplicitlyUsedUnchecked();
@@ -7101,7 +7111,8 @@ IonBuilder::jsop_eval(uint32_t argc)
current->push(dynamicName);
current->push(constant(UndefinedValue())); // thisv
- CallInfo evalCallInfo(alloc(), /* constructing = */ false);
+ CallInfo evalCallInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!evalCallInfo.init(current, /* argc = */ 0))
return false;
@@ -7118,7 +7129,7 @@ IonBuilder::jsop_eval(uint32_t argc)
return resumeAfter(ins) && pushTypeBarrier(ins, types, BarrierKind::TypeSet);
}
- return jsop_call(argc, /* constructing = */ false);
+ return jsop_call(argc, /* constructing = */ false, false);
}
bool
@@ -12000,7 +12011,8 @@ IonBuilder::getPropTryCommonGetter(bool* emitted, MDefinition* obj, PropertyName
current->push(obj);
- CallInfo callInfo(alloc(), false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!callInfo.init(current, 0))
return false;
@@ -12495,7 +12507,8 @@ IonBuilder::setPropTryCommonSetter(bool* emitted, MDefinition* obj,
// Call the setter. Note that we have to push the original value, not
// the setter's return value.
- CallInfo callInfo(alloc(), false);
+ CallInfo callInfo(alloc(), /* constructing = */ false,
+ /* ignoresReturnValue = */ BytecodeIsPopped(pc));
if (!callInfo.init(current, 1))
return false;
diff --git a/js/src/jit/IonBuilder.h b/js/src/jit/IonBuilder.h
index dd40b4bd6..1f763a4f2 100644
--- a/js/src/jit/IonBuilder.h
+++ b/js/src/jit/IonBuilder.h
@@ -699,6 +699,7 @@ class IonBuilder
MOZ_MUST_USE bool jsop_funapplyarguments(uint32_t argc);
MOZ_MUST_USE bool jsop_funapplyarray(uint32_t argc);
MOZ_MUST_USE bool jsop_call(uint32_t argc, bool constructing);
+ MOZ_MUST_USE bool jsop_call(uint32_t argc, bool constructing, bool ignoresReturnValue);
MOZ_MUST_USE bool jsop_eval(uint32_t argc);
MOZ_MUST_USE bool jsop_ifeq(JSOp op);
MOZ_MUST_USE bool jsop_try();
@@ -820,7 +821,6 @@ class IonBuilder
InliningStatus inlineArrayPush(CallInfo& callInfo);
InliningStatus inlineArraySlice(CallInfo& callInfo);
InliningStatus inlineArrayJoin(CallInfo& callInfo);
- InliningStatus inlineArraySplice(CallInfo& callInfo);
// Math natives.
InliningStatus inlineMathAbs(CallInfo& callInfo);
@@ -1352,16 +1352,21 @@ class CallInfo
MDefinition* newTargetArg_;
MDefinitionVector args_;
- bool constructing_;
- bool setter_;
+ bool constructing_:1;
+
+ // True if the caller does not use the return value.
+ bool ignoresReturnValue_:1;
+
+ bool setter_:1;
public:
- CallInfo(TempAllocator& alloc, bool constructing)
+ CallInfo(TempAllocator& alloc, bool constructing, bool ignoresReturnValue)
: fun_(nullptr),
thisArg_(nullptr),
newTargetArg_(nullptr),
args_(alloc),
constructing_(constructing),
+ ignoresReturnValue_(ignoresReturnValue),
setter_(false)
{ }
@@ -1370,6 +1375,7 @@ class CallInfo
fun_ = callInfo.fun();
thisArg_ = callInfo.thisArg();
+ ignoresReturnValue_ = callInfo.ignoresReturnValue();
if (constructing())
newTargetArg_ = callInfo.getNewTarget();
@@ -1466,6 +1472,10 @@ class CallInfo
return constructing_;
}
+ bool ignoresReturnValue() const {
+ return ignoresReturnValue_;
+ }
+
void setNewTarget(MDefinition* newTarget) {
MOZ_ASSERT(constructing());
newTargetArg_ = newTarget;
diff --git a/js/src/jit/IonCaches.cpp b/js/src/jit/IonCaches.cpp
index 9901bdd07..48e0792bb 100644
--- a/js/src/jit/IonCaches.cpp
+++ b/js/src/jit/IonCaches.cpp
@@ -3316,7 +3316,7 @@ SetPropertyIC::update(JSContext* cx, HandleScript outerScript, size_t cacheIndex
RootedObjectGroup oldGroup(cx);
RootedShape oldShape(cx);
if (cache.canAttachStub()) {
- oldGroup = obj->getGroup(cx);
+ oldGroup = JSObject::getGroup(cx, obj);
if (!oldGroup)
return false;
diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp
index 68417138b..22f1d5f70 100644
--- a/js/src/jit/Lowering.cpp
+++ b/js/src/jit/Lowering.cpp
@@ -657,16 +657,6 @@ LIRGenerator::visitAssertRecoveredOnBailout(MAssertRecoveredOnBailout* assertion
}
void
-LIRGenerator::visitArraySplice(MArraySplice* ins)
-{
- LArraySplice* lir = new(alloc()) LArraySplice(useRegisterAtStart(ins->object()),
- useRegisterAtStart(ins->start()),
- useRegisterAtStart(ins->deleteCount()));
- add(lir, ins);
- assignSafepoint(lir, ins);
-}
-
-void
LIRGenerator::visitGetDynamicName(MGetDynamicName* ins)
{
MDefinition* envChain = ins->getEnvironmentChain();
diff --git a/js/src/jit/Lowering.h b/js/src/jit/Lowering.h
index b096bb143..9342ef471 100644
--- a/js/src/jit/Lowering.h
+++ b/js/src/jit/Lowering.h
@@ -107,7 +107,6 @@ class LIRGenerator : public LIRGeneratorSpecific
void visitCall(MCall* call);
void visitApplyArgs(MApplyArgs* apply);
void visitApplyArray(MApplyArray* apply);
- void visitArraySplice(MArraySplice* splice);
void visitBail(MBail* bail);
void visitUnreachable(MUnreachable* unreachable);
void visitEncodeSnapshot(MEncodeSnapshot* ins);
diff --git a/js/src/jit/MCallOptimize.cpp b/js/src/jit/MCallOptimize.cpp
index 359f04639..5eee30e49 100644
--- a/js/src/jit/MCallOptimize.cpp
+++ b/js/src/jit/MCallOptimize.cpp
@@ -85,8 +85,6 @@ IonBuilder::inlineNativeCall(CallInfo& callInfo, JSFunction* target)
return inlineArrayPush(callInfo);
case InlinableNative::ArraySlice:
return inlineArraySlice(callInfo);
- case InlinableNative::ArraySplice:
- return inlineArraySplice(callInfo);
// Atomic natives.
case InlinableNative::AtomicsCompareExchange:
@@ -654,46 +652,6 @@ IonBuilder::inlineArrayPopShift(CallInfo& callInfo, MArrayPopShift::Mode mode)
}
IonBuilder::InliningStatus
-IonBuilder::inlineArraySplice(CallInfo& callInfo)
-{
- if (callInfo.argc() != 2 || callInfo.constructing()) {
- trackOptimizationOutcome(TrackedOutcome::CantInlineNativeBadForm);
- return InliningStatus_NotInlined;
- }
-
- // Ensure |this|, argument and result are objects.
- if (getInlineReturnType() != MIRType::Object)
- return InliningStatus_NotInlined;
- if (callInfo.thisArg()->type() != MIRType::Object)
- return InliningStatus_NotInlined;
- if (callInfo.getArg(0)->type() != MIRType::Int32)
- return InliningStatus_NotInlined;
- if (callInfo.getArg(1)->type() != MIRType::Int32)
- return InliningStatus_NotInlined;
-
- callInfo.setImplicitlyUsedUnchecked();
-
- // Specialize arr.splice(start, deleteCount) with unused return value and
- // avoid creating the result array in this case.
- if (!BytecodeIsPopped(pc)) {
- trackOptimizationOutcome(TrackedOutcome::CantInlineGeneric);
- return InliningStatus_NotInlined;
- }
-
- MArraySplice* ins = MArraySplice::New(alloc(),
- callInfo.thisArg(),
- callInfo.getArg(0),
- callInfo.getArg(1));
-
- current->add(ins);
- pushConstant(UndefinedValue());
-
- if (!resumeAfter(ins))
- return InliningStatus_Error;
- return InliningStatus_Inlined;
-}
-
-IonBuilder::InliningStatus
IonBuilder::inlineArrayJoin(CallInfo& callInfo)
{
if (callInfo.argc() != 1 || callInfo.constructing()) {
diff --git a/js/src/jit/MIR.cpp b/js/src/jit/MIR.cpp
index fa9cc3019..0cf31adb3 100644
--- a/js/src/jit/MIR.cpp
+++ b/js/src/jit/MIR.cpp
@@ -1970,7 +1970,7 @@ WrappedFunction::WrappedFunction(JSFunction* fun)
MCall*
MCall::New(TempAllocator& alloc, JSFunction* target, size_t maxArgc, size_t numActualArgs,
- bool construct, bool isDOMCall)
+ bool construct, bool ignoresReturnValue, bool isDOMCall)
{
WrappedFunction* wrappedTarget = target ? new(alloc) WrappedFunction(target) : nullptr;
MOZ_ASSERT(maxArgc >= numActualArgs);
@@ -1979,7 +1979,7 @@ MCall::New(TempAllocator& alloc, JSFunction* target, size_t maxArgc, size_t numA
MOZ_ASSERT(!construct);
ins = new(alloc) MCallDOMNative(wrappedTarget, numActualArgs);
} else {
- ins = new(alloc) MCall(wrappedTarget, numActualArgs, construct);
+ ins = new(alloc) MCall(wrappedTarget, numActualArgs, construct, ignoresReturnValue);
}
if (!ins->init(alloc, maxArgc + NumNonArgumentOperands))
return nullptr;
@@ -2630,40 +2630,6 @@ jit::EqualTypes(MIRType type1, TemporaryTypeSet* typeset1,
return typeset1->equals(typeset2);
}
-// Tests whether input/inputTypes can always be stored to an unboxed
-// object/array property with the given unboxed type.
-bool
-jit::CanStoreUnboxedType(TempAllocator& alloc,
- JSValueType unboxedType, MIRType input, TypeSet* inputTypes)
-{
- TemporaryTypeSet types;
-
- switch (unboxedType) {
- case JSVAL_TYPE_BOOLEAN:
- case JSVAL_TYPE_INT32:
- case JSVAL_TYPE_DOUBLE:
- case JSVAL_TYPE_STRING:
- types.addType(TypeSet::PrimitiveType(unboxedType), alloc.lifoAlloc());
- break;
-
- case JSVAL_TYPE_OBJECT:
- types.addType(TypeSet::AnyObjectType(), alloc.lifoAlloc());
- types.addType(TypeSet::NullType(), alloc.lifoAlloc());
- break;
-
- default:
- MOZ_CRASH("Bad unboxed type");
- }
-
- return TypeSetIncludes(&types, input, inputTypes);
-}
-
-static bool
-CanStoreUnboxedType(TempAllocator& alloc, JSValueType unboxedType, MDefinition* value)
-{
- return CanStoreUnboxedType(alloc, unboxedType, value->type(), value->resultTypeSet());
-}
-
bool
MPhi::specializeType(TempAllocator& alloc)
{
diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h
index 9076339f1..6c376d528 100644
--- a/js/src/jit/MIR.h
+++ b/js/src/jit/MIR.h
@@ -4043,14 +4043,18 @@ class MCall
uint32_t numActualArgs_;
// True if the call is for JSOP_NEW.
- bool construct_;
+ bool construct_:1;
- bool needsArgCheck_;
+ // True if the caller does not use the return value.
+ bool ignoresReturnValue_:1;
- MCall(WrappedFunction* target, uint32_t numActualArgs, bool construct)
+ bool needsArgCheck_:1;
+
+ MCall(WrappedFunction* target, uint32_t numActualArgs, bool construct, bool ignoresReturnValue)
: target_(target),
numActualArgs_(numActualArgs),
construct_(construct),
+ ignoresReturnValue_(ignoresReturnValue),
needsArgCheck_(true)
{
setResultType(MIRType::Value);
@@ -4059,7 +4063,7 @@ class MCall
public:
INSTRUCTION_HEADER(Call)
static MCall* New(TempAllocator& alloc, JSFunction* target, size_t maxArgc, size_t numActualArgs,
- bool construct, bool isDOMCall);
+ bool construct, bool ignoresReturnValue, bool isDOMCall);
void initFunction(MDefinition* func) {
initOperand(FunctionOperandIndex, func);
@@ -4104,6 +4108,10 @@ class MCall
return construct_;
}
+ bool ignoresReturnValue() const {
+ return ignoresReturnValue_;
+ }
+
// The number of stack arguments is the max between the number of formal
// arguments and the number of actual arguments. The number of stack
// argument includes the |undefined| padding added in case of underflow.
@@ -4147,7 +4155,7 @@ class MCallDOMNative : public MCall
// virtual things from MCall.
protected:
MCallDOMNative(WrappedFunction* target, uint32_t numActualArgs)
- : MCall(target, numActualArgs, false)
+ : MCall(target, numActualArgs, false, false)
{
MOZ_ASSERT(getJitInfo()->type() != JSJitInfo::InlinableNative);
@@ -4162,7 +4170,8 @@ class MCallDOMNative : public MCall
}
friend MCall* MCall::New(TempAllocator& alloc, JSFunction* target, size_t maxArgc,
- size_t numActualArgs, bool construct, bool isDOMCall);
+ size_t numActualArgs, bool construct, bool ignoresReturnValue,
+ bool isDOMCall);
const JSJitInfo* getJitInfo() const;
public:
@@ -4177,27 +4186,6 @@ class MCallDOMNative : public MCall
virtual void computeMovable() override;
};
-// arr.splice(start, deleteCount) with unused return value.
-class MArraySplice
- : public MTernaryInstruction,
- public Mix3Policy<ObjectPolicy<0>, IntPolicy<1>, IntPolicy<2> >::Data
-{
- private:
-
- MArraySplice(MDefinition* object, MDefinition* start, MDefinition* deleteCount)
- : MTernaryInstruction(object, start, deleteCount)
- { }
-
- public:
- INSTRUCTION_HEADER(ArraySplice)
- TRIVIAL_NEW_WRAPPERS
- NAMED_OPERANDS((0, object), (1, start), (2, deleteCount))
-
- bool possiblyCalls() const override {
- return true;
- }
-};
-
// fun.apply(self, arguments)
class MApplyArgs
: public MAryInstruction<3>,
diff --git a/js/src/jit/MOpcodes.h b/js/src/jit/MOpcodes.h
index ab37604b4..9e460a2ba 100644
--- a/js/src/jit/MOpcodes.h
+++ b/js/src/jit/MOpcodes.h
@@ -69,7 +69,6 @@ namespace jit {
_(Call) \
_(ApplyArgs) \
_(ApplyArray) \
- _(ArraySplice) \
_(Bail) \
_(Unreachable) \
_(EncodeSnapshot) \
diff --git a/js/src/jit/VMFunctions.cpp b/js/src/jit/VMFunctions.cpp
index 402d910b9..1ff7adfd1 100644
--- a/js/src/jit/VMFunctions.cpp
+++ b/js/src/jit/VMFunctions.cpp
@@ -54,8 +54,8 @@ VMFunction::addToFunctions()
}
bool
-InvokeFunction(JSContext* cx, HandleObject obj, bool constructing, uint32_t argc, Value* argv,
- MutableHandleValue rval)
+InvokeFunction(JSContext* cx, HandleObject obj, bool constructing, bool ignoresReturnValue,
+ uint32_t argc, Value* argv, MutableHandleValue rval)
{
TraceLoggerThread* logger = TraceLoggerForMainThread(cx->runtime());
TraceLogStartEvent(logger, TraceLogger_Call);
@@ -104,7 +104,7 @@ InvokeFunction(JSContext* cx, HandleObject obj, bool constructing, uint32_t argc
return InternalConstructWithProvidedThis(cx, fval, thisv, cargs, newTarget, rval);
}
- InvokeArgs args(cx);
+ InvokeArgsMaybeIgnoresReturnValue args(cx, ignoresReturnValue);
if (!args.init(cx, argc))
return false;
@@ -120,7 +120,7 @@ InvokeFunctionShuffleNewTarget(JSContext* cx, HandleObject obj, uint32_t numActu
{
MOZ_ASSERT(numFormalArgs > numActualArgs);
argv[1 + numActualArgs] = argv[1 + numFormalArgs];
- return InvokeFunction(cx, obj, true, numActualArgs, argv, rval);
+ return InvokeFunction(cx, obj, true, false, numActualArgs, argv, rval);
}
bool
@@ -304,18 +304,6 @@ template bool StringsEqual<true>(JSContext* cx, HandleString lhs, HandleString r
template bool StringsEqual<false>(JSContext* cx, HandleString lhs, HandleString rhs, bool* res);
bool
-ArraySpliceDense(JSContext* cx, HandleObject obj, uint32_t start, uint32_t deleteCount)
-{
- JS::AutoValueArray<4> argv(cx);
- argv[0].setUndefined();
- argv[1].setObject(*obj);
- argv[2].set(Int32Value(start));
- argv[3].set(Int32Value(deleteCount));
-
- return js::array_splice_impl(cx, 2, argv.begin(), false);
-}
-
-bool
ArrayPopDense(JSContext* cx, HandleObject obj, MutableHandleValue rval)
{
MOZ_ASSERT(obj->is<ArrayObject>());
@@ -555,7 +543,7 @@ CreateThis(JSContext* cx, HandleObject callee, HandleObject newTarget, MutableHa
if (callee->is<JSFunction>()) {
RootedFunction fun(cx, &callee->as<JSFunction>());
if (fun->isInterpreted() && fun->isConstructor()) {
- JSScript* script = fun->getOrCreateScript(cx);
+ JSScript* script = JSFunction::getOrCreateScript(cx, fun);
if (!script || !script->ensureHasTypes(cx))
return false;
if (fun->isBoundFunction() || script->isDerivedClassConstructor()) {
diff --git a/js/src/jit/VMFunctions.h b/js/src/jit/VMFunctions.h
index 9a2edd0f3..94f741397 100644
--- a/js/src/jit/VMFunctions.h
+++ b/js/src/jit/VMFunctions.h
@@ -584,8 +584,8 @@ class AutoDetectInvalidation
};
MOZ_MUST_USE bool
-InvokeFunction(JSContext* cx, HandleObject obj0, bool constructing, uint32_t argc, Value* argv,
- MutableHandleValue rval);
+InvokeFunction(JSContext* cx, HandleObject obj0, bool constructing, bool ignoresReturnValue,
+ uint32_t argc, Value* argv, MutableHandleValue rval);
MOZ_MUST_USE bool
InvokeFunctionShuffleNewTarget(JSContext* cx, HandleObject obj, uint32_t numActualArgs,
uint32_t numFormalArgs, Value* argv, MutableHandleValue rval);
@@ -739,9 +739,6 @@ JSObject* CreateDerivedTypedObj(JSContext* cx, HandleObject descr,
HandleObject owner, int32_t offset);
MOZ_MUST_USE bool
-ArraySpliceDense(JSContext* cx, HandleObject obj, uint32_t start, uint32_t deleteCount);
-
-MOZ_MUST_USE bool
Recompile(JSContext* cx);
MOZ_MUST_USE bool
ForcedRecompile(JSContext* cx);
diff --git a/js/src/jit/shared/LIR-shared.h b/js/src/jit/shared/LIR-shared.h
index ffa4d8367..ecf02816e 100644
--- a/js/src/jit/shared/LIR-shared.h
+++ b/js/src/jit/shared/LIR-shared.h
@@ -1898,6 +1898,9 @@ class LJSCallInstructionHelper : public LCallInstructionHelper<Defs, Operands, T
bool isConstructing() const {
return mir()->isConstructing();
}
+ bool ignoresReturnValue() const {
+ return mir()->ignoresReturnValue();
+ }
};
// Generates a polymorphic callsite, wherein the function being called is
@@ -2218,34 +2221,6 @@ class LApplyArrayGeneric : public LCallInstructionHelper<BOX_PIECES, BOX_PIECES
}
};
-class LArraySplice : public LCallInstructionHelper<0, 3, 0>
-{
- public:
- LIR_HEADER(ArraySplice)
-
- LArraySplice(const LAllocation& object, const LAllocation& start,
- const LAllocation& deleteCount)
- {
- setOperand(0, object);
- setOperand(1, start);
- setOperand(2, deleteCount);
- }
-
- MArraySplice* mir() const {
- return mir_->toArraySplice();
- }
-
- const LAllocation* getObject() {
- return getOperand(0);
- }
- const LAllocation* getStart() {
- return getOperand(1);
- }
- const LAllocation* getDeleteCount() {
- return getOperand(2);
- }
-};
-
class LGetDynamicName : public LCallInstructionHelper<BOX_PIECES, 2, 3>
{
public:
diff --git a/js/src/jit/shared/LOpcodes-shared.h b/js/src/jit/shared/LOpcodes-shared.h
index deae92839..e260d7e94 100644
--- a/js/src/jit/shared/LOpcodes-shared.h
+++ b/js/src/jit/shared/LOpcodes-shared.h
@@ -69,7 +69,6 @@
_(NewArrayDynamicLength) \
_(NewTypedArray) \
_(NewTypedArrayDynamicLength) \
- _(ArraySplice) \
_(NewObject) \
_(NewTypedObject) \
_(NewNamedLambdaObject) \