commit 54d2c4effea83c8e93c7ac72a054930dbdb68e0c
parent af8ce243a20edba08431d3236750dff2abe472a2
Author: André Bargull <andre.bargull@gmail.com>
Date: Mon, 20 Oct 2025 12:27:42 +0000
Bug 1991402 - Part 8: Convert Map getters. r=jandem
Change `Map.prototype.size` to `JS_INLINABLE_PSG` and then move inlining
support to `InlinableNativeIRGenerator`.
Differential Revision: https://phabricator.services.mozilla.com/D266600
Diffstat:
6 files changed, 35 insertions(+), 55 deletions(-)
diff --git a/js/src/builtin/MapObject.cpp b/js/src/builtin/MapObject.cpp
@@ -371,7 +371,7 @@ const JSClass MapObject::protoClass_ = {
};
const JSPropertySpec MapObject::properties[] = {
- JS_PSG("size", size, 0),
+ JS_INLINABLE_PSG("size", size, 0, MapSize),
JS_STRING_SYM_PS(toStringTag, "Map", JSPROP_READONLY),
JS_PS_END,
};
diff --git a/js/src/builtin/MapObject.h b/js/src/builtin/MapObject.h
@@ -181,10 +181,6 @@ class MapObject : public OrderedHashMapObject {
[[nodiscard]] static bool set(JSContext* cx, unsigned argc, Value* vp);
[[nodiscard]] static bool has(JSContext* cx, unsigned argc, Value* vp);
- static bool isOriginalSizeGetter(Native native) {
- return native == static_cast<Native>(MapObject::size);
- }
-
private:
static const ClassSpec classSpec_;
static const JSClassOps classOps_;
diff --git a/js/src/jit/CacheIR.cpp b/js/src/jit/CacheIR.cpp
@@ -469,7 +469,6 @@ AttachDecision GetPropIRGenerator::tryAttachStub() {
TRY_ATTACH(tryAttachDataView(obj, objId, id));
TRY_ATTACH(tryAttachArrayBufferMaybeShared(obj, objId, id));
TRY_ATTACH(tryAttachRegExp(obj, objId, id));
- TRY_ATTACH(tryAttachMap(obj, objId, id));
TRY_ATTACH(tryAttachNative(obj, objId, id, receiverId));
TRY_ATTACH(tryAttachModuleNamespace(obj, objId, id));
TRY_ATTACH(tryAttachWindowProxy(obj, objId, id));
@@ -2778,53 +2777,6 @@ AttachDecision GetPropIRGenerator::tryAttachRegExp(HandleObject obj,
return AttachDecision::Attach;
}
-AttachDecision GetPropIRGenerator::tryAttachMap(HandleObject obj,
- ObjOperandId objId,
- HandleId id) {
- if (!obj->is<MapObject>()) {
- return AttachDecision::NoAction;
- }
- auto* mapObj = &obj->as<MapObject>();
-
- if (mode_ != ICState::Mode::Specialized) {
- return AttachDecision::NoAction;
- }
-
- // Receiver should be the object.
- if (isSuper()) {
- return AttachDecision::NoAction;
- }
-
- if (!id.isAtom(cx_->names().size)) {
- return AttachDecision::NoAction;
- }
-
- NativeObject* holder = nullptr;
- Maybe<PropertyInfo> prop;
- NativeGetPropKind kind =
- CanAttachNativeGetProp(cx_, obj, id, &holder, &prop, pc_);
- if (kind != NativeGetPropKind::NativeGetter) {
- return AttachDecision::NoAction;
- }
-
- auto& fun = holder->getGetter(*prop)->as<JSFunction>();
- if (!MapObject::isOriginalSizeGetter(fun.native())) {
- return AttachDecision::NoAction;
- }
-
- maybeEmitIdGuard(id);
-
- // Emit all the normal guards for calling this native, but specialize
- // callNativeGetterResult.
- emitCallGetterResultGuards(mapObj, holder, id, *prop, objId);
-
- writer.mapSizeResult(objId);
- writer.returnFromIC();
-
- trackAttached("GetProp.MapSize");
- return AttachDecision::Attach;
-}
-
AttachDecision GetPropIRGenerator::tryAttachFunction(HandleObject obj,
ObjOperandId objId,
HandleId id) {
@@ -11143,6 +11095,35 @@ AttachDecision InlinableNativeIRGenerator::tryAttachMapSet() {
return AttachDecision::Attach;
}
+AttachDecision InlinableNativeIRGenerator::tryAttachMapSize() {
+ // Ensure |this| is a MapObject.
+ if (!thisval_.isObject() || !thisval_.toObject().is<MapObject>()) {
+ return AttachDecision::NoAction;
+ }
+
+ // Expecting no arguments.
+ if (args_.length() != 0) {
+ return AttachDecision::NoAction;
+ }
+
+ // Initialize the input operand.
+ Int32OperandId argcId = initializeInputOperand();
+
+ // Guard callee is the 'size' native function.
+ ObjOperandId calleeId = emitNativeCalleeGuard(argcId);
+
+ // Guard |this| is a MapObject.
+ ValOperandId thisValId = loadThis(calleeId);
+ ObjOperandId objId = writer.guardToObject(thisValId);
+ emitOptimisticClassGuard(objId, &thisval_.toObject(), GuardClassKind::Map);
+
+ writer.mapSizeResult(objId);
+ writer.returnFromIC();
+
+ trackAttached("MapSize");
+ return AttachDecision::Attach;
+}
+
AttachDecision InlinableNativeIRGenerator::tryAttachWeakMapGet() {
// Ensure |this| is a WeakMapObject.
if (!thisval_.isObject() || !thisval_.toObject().is<WeakMapObject>()) {
@@ -13429,6 +13410,8 @@ AttachDecision InlinableNativeIRGenerator::tryAttachStub() {
return tryAttachMapDelete();
case InlinableNative::MapSet:
return tryAttachMapSet();
+ case InlinableNative::MapSize:
+ return tryAttachMapSize();
// Date natives and intrinsics.
case InlinableNative::DateGetTime:
diff --git a/js/src/jit/CacheIRGenerator.h b/js/src/jit/CacheIRGenerator.h
@@ -185,8 +185,6 @@ class MOZ_RAII GetPropIRGenerator : public IRGenerator {
HandleId id);
AttachDecision tryAttachRegExp(HandleObject obj, ObjOperandId objId,
HandleId id);
- AttachDecision tryAttachMap(HandleObject obj, ObjOperandId objId,
- HandleId id);
AttachDecision tryAttachModuleNamespace(HandleObject obj, ObjOperandId objId,
HandleId id);
AttachDecision tryAttachWindowProxy(HandleObject obj, ObjOperandId objId,
@@ -885,6 +883,7 @@ class MOZ_RAII InlinableNativeIRGenerator {
AttachDecision tryAttachMapGet();
AttachDecision tryAttachMapDelete();
AttachDecision tryAttachMapSet();
+ AttachDecision tryAttachMapSize();
AttachDecision tryAttachDateGetTime();
AttachDecision tryAttachDateGet(DateComponent component);
AttachDecision tryAttachWeakMapHas();
diff --git a/js/src/jit/InlinableNatives.cpp b/js/src/jit/InlinableNatives.cpp
@@ -317,6 +317,7 @@ bool js::jit::CanInlineNativeCrossRealm(InlinableNative native) {
case InlinableNative::MapHas:
case InlinableNative::MapDelete:
case InlinableNative::MapSet:
+ case InlinableNative::MapSize:
case InlinableNative::Number:
case InlinableNative::NumberParseInt:
case InlinableNative::NumberToString:
diff --git a/js/src/jit/InlinableNatives.h b/js/src/jit/InlinableNatives.h
@@ -108,6 +108,7 @@
_(MapGet) \
_(MapHas) \
_(MapSet) \
+ _(MapSize) \
\
_(MathAbs) \
_(MathFloor) \
