From eee4e46aea64fbf882cb9dda2088a8a1082ed208 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 04:42:18 +0200 Subject: Merging upstream version 115.10.0esr. Signed-off-by: Daniel Baumann --- js/src/jit/CacheIR.cpp | 11 ++++++++--- js/src/jit/IonAnalysis.cpp | 4 ++-- js/src/jit/JitFrames.cpp | 20 ++++++++++---------- 3 files changed, 20 insertions(+), 15 deletions(-) (limited to 'js/src/jit') diff --git a/js/src/jit/CacheIR.cpp b/js/src/jit/CacheIR.cpp index 68163e7d6c..2a7c72abe4 100644 --- a/js/src/jit/CacheIR.cpp +++ b/js/src/jit/CacheIR.cpp @@ -498,9 +498,14 @@ enum class NativeGetPropKind { static NativeGetPropKind IsCacheableGetPropCall(NativeObject* obj, NativeObject* holder, - PropertyInfo prop) { + PropertyInfo prop, + jsbytecode* pc = nullptr) { MOZ_ASSERT(IsCacheableProtoChain(obj, holder)); + if (pc && JSOp(*pc) == JSOp::GetBoundName) { + return NativeGetPropKind::None; + } + if (!prop.isAccessorProperty()) { return NativeGetPropKind::None; } @@ -593,7 +598,7 @@ static NativeGetPropKind CanAttachNativeGetProp(JSContext* cx, JSObject* obj, return NativeGetPropKind::Slot; } - return IsCacheableGetPropCall(nobj, *holder, propInfo->ref()); + return IsCacheableGetPropCall(nobj, *holder, propInfo->ref(), pc); } if (!prop.isFound()) { @@ -3130,7 +3135,7 @@ AttachDecision GetNameIRGenerator::tryAttachGlobalNameGetter(ObjOperandId objId, GlobalObject* global = &globalLexical->global(); - NativeGetPropKind kind = IsCacheableGetPropCall(global, holder, *prop); + NativeGetPropKind kind = IsCacheableGetPropCall(global, holder, *prop, pc_); if (kind != NativeGetPropKind::NativeGetter && kind != NativeGetPropKind::ScriptedGetter) { return AttachDecision::NoAction; diff --git a/js/src/jit/IonAnalysis.cpp b/js/src/jit/IonAnalysis.cpp index d15c0d5df0..77b166af04 100644 --- a/js/src/jit/IonAnalysis.cpp +++ b/js/src/jit/IonAnalysis.cpp @@ -747,13 +747,13 @@ static bool IsDiamondPattern(MBasicBlock* initialBlock) { MTest* initialTest = ins->toTest(); MBasicBlock* trueBranch = initialTest->ifTrue(); - if (trueBranch->numPredecessors() != 1 || trueBranch->numSuccessors() != 1) { + if (trueBranch->numPredecessors() != 1 || !trueBranch->lastIns()->isGoto()) { return false; } MBasicBlock* falseBranch = initialTest->ifFalse(); if (falseBranch->numPredecessors() != 1 || - falseBranch->numSuccessors() != 1) { + !falseBranch->lastIns()->isGoto()) { return false; } diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp index fd65289e61..5e723041cd 100644 --- a/js/src/jit/JitFrames.cpp +++ b/js/src/jit/JitFrames.cpp @@ -897,32 +897,32 @@ static void TraceThisAndArguments(JSTracer* trc, const JSJitFrameIter& frame, return; } - size_t nargs = layout->numActualArgs(); - size_t nformals = 0; - JSFunction* fun = CalleeTokenToFunction(layout->calleeToken()); + + size_t numFormals = fun->nargs(); + size_t numArgs = std::max(layout->numActualArgs(), numFormals); + size_t firstArg = 0; + if (frame.type() != FrameType::JSJitToWasm && !frame.isExitFrameLayout() && !fun->nonLazyScript()->mayReadFrameArgsDirectly()) { - nformals = fun->nargs(); + firstArg = numFormals; } - size_t newTargetOffset = std::max(nargs, fun->nargs()); - Value* argv = layout->thisAndActualArgs(); // Trace |this|. TraceRoot(trc, argv, "ion-thisv"); - // Trace actual arguments beyond the formals. Note + 1 for thisv. - for (size_t i = nformals + 1; i < nargs + 1; i++) { - TraceRoot(trc, &argv[i], "ion-argv"); + // Trace arguments. Note + 1 for thisv. + for (size_t i = firstArg; i < numArgs; i++) { + TraceRoot(trc, &argv[i + 1], "ion-argv"); } // Always trace the new.target from the frame. It's not in the snapshots. // +1 to pass |this| if (CalleeTokenIsConstructing(layout->calleeToken())) { - TraceRoot(trc, &argv[1 + newTargetOffset], "ion-newTarget"); + TraceRoot(trc, &argv[1 + numArgs], "ion-newTarget"); } } -- cgit v1.2.3