From f3bcaf9f88aad2c423ebcd61121562f9834187d4 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 8 Apr 2024 17:11:27 +0200 Subject: Merging upstream version 115.8.0esr. Signed-off-by: Daniel Baumann --- js/src/jit/BaselineBailouts.cpp | 8 +++++++- js/src/jit/MacroAssembler.cpp | 4 ++-- js/src/jit/arm/MacroAssembler-arm.cpp | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) (limited to 'js/src/jit') diff --git a/js/src/jit/BaselineBailouts.cpp b/js/src/jit/BaselineBailouts.cpp index c82a05d0ea..c13bddf97b 100644 --- a/js/src/jit/BaselineBailouts.cpp +++ b/js/src/jit/BaselineBailouts.cpp @@ -125,6 +125,8 @@ class MOZ_STACK_CLASS BaselineStackBuilder { BailoutKind bailoutKind_; + bool canUseTrialInlinedICScripts_ = true; + // The baseline frames we will reconstruct on the heap are not // rooted, so GC must be suppressed. gc::AutoSuppressGC suppress_; @@ -486,7 +488,8 @@ void BaselineStackBuilder::setNextCallee( JSFunction* nextCallee, TrialInliningState trialInliningState) { nextCallee_ = nextCallee; - if (trialInliningState == TrialInliningState::Inlined) { + if (trialInliningState == TrialInliningState::Inlined && + canUseTrialInlinedICScripts_) { // Update icScript_ to point to the icScript of nextCallee const uint32_t pcOff = script_->pcToOffset(pc_); icScript_ = icScript_->findInlinedChild(pcOff); @@ -496,6 +499,9 @@ void BaselineStackBuilder::setNextCallee( // inlined ICScript available, but we also could not if we transitioned // to TrialInliningState::Failure after being monomorphic inlined. icScript_ = nextCallee->nonLazyScript()->jitScript()->icScript(); + if (trialInliningState != TrialInliningState::MonomorphicInlined) { + canUseTrialInlinedICScripts_ = false; + } } } diff --git a/js/src/jit/MacroAssembler.cpp b/js/src/jit/MacroAssembler.cpp index 87e1aff967..641c1cf817 100644 --- a/js/src/jit/MacroAssembler.cpp +++ b/js/src/jit/MacroAssembler.cpp @@ -2662,11 +2662,11 @@ void MacroAssembler::emitMegamorphicCachedSetSlot( branchTest32(Assembler::Zero, scratch2, scratch2, &doAddDynamic); AllocatableRegisterSet regs(RegisterSet::Volatile()); - LiveRegisterSet save(regs.asLiveSet()); + regs.takeUnchecked(scratch2); + LiveRegisterSet save(regs.asLiveSet()); PushRegsInMask(save); - regs.takeUnchecked(scratch2); Register tmp; if (regs.has(obj)) { regs.takeUnchecked(obj); diff --git a/js/src/jit/arm/MacroAssembler-arm.cpp b/js/src/jit/arm/MacroAssembler-arm.cpp index da358c5ec9..fe4f36ab26 100644 --- a/js/src/jit/arm/MacroAssembler-arm.cpp +++ b/js/src/jit/arm/MacroAssembler-arm.cpp @@ -4592,7 +4592,7 @@ void MacroAssembler::moveValue(const TypedOrValueRegister& src, return; } - ScratchFloat32Scope scratch(*this); + ScratchDoubleScope scratch(*this); FloatRegister freg = reg.fpu(); if (type == MIRType::Float32) { convertFloat32ToDouble(freg, scratch); -- cgit v1.2.3