commit 739186d77d4815ead3989e862ef7d2e954e7cfd3
parent cbae1795a6cf03a577ff55962cc7d9e4746a0c71
Author: André Bargull <andre.bargull@gmail.com>
Date: Tue, 21 Oct 2025 07:05:39 +0000
Bug 1991402 - Part 3: Pass callee and bound-target to InlinableNativeIRGenerator. r=jandem
The next part will change the type of `InlinableNativeIRGenerator::generator_`
to `IRGenerator&`, so it can be called with `GetPropIRGenerator`. That means we
can no longer read the callee and bound-target through `generator_`.
Differential Revision: https://phabricator.services.mozilla.com/D266595
Diffstat:
2 files changed, 34 insertions(+), 51 deletions(-)
diff --git a/js/src/jit/CacheIR.cpp b/js/src/jit/CacheIR.cpp
@@ -6528,31 +6528,6 @@ BoundFunctionObject* InlinableNativeIRGenerator::boundCallee() const {
return &callee()->as<BoundFunctionObject>();
}
-bool InlinableNativeIRGenerator::isTargetBoundFunction() const {
- switch (flags_.getArgFormat()) {
- case CallFlags::Standard:
- case CallFlags::Spread:
- return false;
- case CallFlags::FunCall:
- case CallFlags::FunApplyArgsObj:
- case CallFlags::FunApplyArray:
- case CallFlags::FunApplyNullUndefined:
- if (callee()->is<JSFunction>()) {
- MOZ_ASSERT(generator_.thisval_.isObject());
- return generator_.thisval_.toObject().is<BoundFunctionObject>();
- }
- return false;
- case CallFlags::Unknown:
- break;
- }
- MOZ_CRASH("Unsupported arg format");
-}
-
-BoundFunctionObject* InlinableNativeIRGenerator::boundTarget() const {
- MOZ_ASSERT(isTargetBoundFunction());
- return &generator_.thisval_.toObject().as<BoundFunctionObject>();
-}
-
ObjOperandId InlinableNativeIRGenerator::emitNativeCalleeGuard(
Int32OperandId argcId) {
// Note: we rely on GuardSpecificFunction to also guard against the same
@@ -11420,8 +11395,8 @@ AttachDecision CallIRGenerator::tryAttachFunCall(HandleFunction callee) {
: HandleValueArray::empty();
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget, thisValue,
- args, targetFlags);
+ InlinableNativeIRGenerator nativeGen(*this, callee, target, newTarget,
+ thisValue, args, targetFlags);
TRY_ATTACH(nativeGen.tryAttachStub());
}
@@ -12698,8 +12673,8 @@ AttachDecision CallIRGenerator::tryAttachFunApply(HandleFunction calleeFunc) {
aobj->length(), aobj->getDenseElements());
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget, thisValue,
- args, targetFlags);
+ InlinableNativeIRGenerator nativeGen(*this, calleeFunc, target, newTarget,
+ thisValue, args, targetFlags);
TRY_ATTACH(nativeGen.tryAttachStub());
}
if (format == CallFlags::FunApplyArray &&
@@ -12717,8 +12692,8 @@ AttachDecision CallIRGenerator::tryAttachFunApply(HandleFunction calleeFunc) {
HandleValueArray args = HandleValueArray::empty();
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget, thisValue,
- args, targetFlags);
+ InlinableNativeIRGenerator nativeGen(*this, calleeFunc, target, newTarget,
+ thisValue, args, targetFlags);
TRY_ATTACH(nativeGen.tryAttachStub());
}
@@ -12918,8 +12893,8 @@ AttachDecision CallIRGenerator::tryAttachInlinableNative(HandleFunction callee,
MOZ_ASSERT(flags.getArgFormat() == CallFlags::Standard ||
flags.getArgFormat() == CallFlags::Spread);
- InlinableNativeIRGenerator nativeGen(*this, callee, newTarget_, thisval_,
- args_, flags);
+ InlinableNativeIRGenerator nativeGen(*this, callee, callee, newTarget_,
+ thisval_, args_, flags);
return nativeGen.tryAttachStub();
}
@@ -13997,8 +13972,8 @@ AttachDecision CallIRGenerator::tryAttachBoundNative(
auto args = numBoundArgs != 0 ? concatenatedArgs : args_;
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget_, thisValue,
- args, flags);
+ InlinableNativeIRGenerator nativeGen(*this, calleeObj, target, newTarget_,
+ thisValue, args, flags);
return nativeGen.tryAttachStub();
}
@@ -14106,8 +14081,8 @@ AttachDecision CallIRGenerator::tryAttachBoundFunCall(
})();
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget, thisValue,
- args, targetFlags);
+ InlinableNativeIRGenerator nativeGen(*this, calleeObj, target, newTarget,
+ thisValue, args, targetFlags);
return nativeGen.tryAttachStub();
}
@@ -14193,8 +14168,8 @@ AttachDecision CallIRGenerator::tryAttachBoundFunApply(
HandleValueArray args = HandleValueArray::empty();
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget, thisValue,
- args, targetFlags);
+ InlinableNativeIRGenerator nativeGen(*this, calleeObj, target, newTarget,
+ thisValue, args, targetFlags);
return nativeGen.tryAttachStub();
}
@@ -14277,8 +14252,8 @@ AttachDecision CallIRGenerator::tryAttachFunCallBound(
auto args = numBoundArgs != 0 ? concatenatedArgs : callArgs;
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget, thisValue,
- args, targetFlags);
+ InlinableNativeIRGenerator nativeGen(*this, callee, target, newTarget,
+ thisValue, args, targetFlags, bound);
return nativeGen.tryAttachStub();
}
@@ -14363,8 +14338,8 @@ AttachDecision CallIRGenerator::tryAttachFunApplyBound(
}
// Check for specific native-function optimizations.
- InlinableNativeIRGenerator nativeGen(*this, target, newTarget, thisValue,
- args, targetFlags);
+ InlinableNativeIRGenerator nativeGen(*this, callee, target, newTarget,
+ thisValue, args, targetFlags, bound);
return nativeGen.tryAttachStub();
}
diff --git a/js/src/jit/CacheIRGenerator.h b/js/src/jit/CacheIRGenerator.h
@@ -654,24 +654,27 @@ class MOZ_RAII InlinableNativeIRGenerator {
CacheIRWriter& writer;
JSContext* cx_;
+ HandleObject callee_;
HandleFunction target_;
HandleValue newTarget_;
HandleValue thisval_;
HandleValueArray args_;
+ Handle<BoundFunctionObject*> boundTarget_;
CallFlags flags_;
+ uint32_t stackArgc_;
HandleScript script() const { return generator_.script_; }
- JSObject* callee() const { return &generator_.callee_.toObject(); }
+ JSObject* callee() const { return callee_; }
bool isFirstStub() const { return generator_.isFirstStub_; }
bool ignoresResult() const { return op() == JSOp::CallIgnoresRv; }
JSOp op() const { return generator_.jsop(); }
- uint32_t stackArgc() const { return generator_.argc_; }
+ uint32_t stackArgc() const { return stackArgc_; }
bool isCalleeBoundFunction() const;
BoundFunctionObject* boundCallee() const;
- bool isTargetBoundFunction() const;
- BoundFunctionObject* boundTarget() const;
+ bool isTargetBoundFunction() const { return boundTarget_ != nullptr; }
+ BoundFunctionObject* boundTarget() const { return boundTarget_; }
ObjOperandId emitNativeCalleeGuard(Int32OperandId argcId);
void emitOptimisticClassGuard(ObjOperandId objId, JSObject* obj,
@@ -881,17 +884,22 @@ class MOZ_RAII InlinableNativeIRGenerator {
}
public:
- InlinableNativeIRGenerator(CallIRGenerator& generator, HandleFunction target,
- HandleValue newTarget, HandleValue thisValue,
- HandleValueArray args, CallFlags flags)
+ InlinableNativeIRGenerator(CallIRGenerator& generator, HandleObject callee,
+ HandleFunction target, HandleValue newTarget,
+ HandleValue thisValue, HandleValueArray args,
+ CallFlags flags,
+ Handle<BoundFunctionObject*> boundTarget = nullptr)
: generator_(generator),
writer(generator.writer),
cx_(generator.cx_),
+ callee_(callee),
target_(target),
newTarget_(newTarget),
thisval_(thisValue),
args_(args),
- flags_(flags) {}
+ boundTarget_(boundTarget),
+ flags_(flags),
+ stackArgc_(generator.argc_) {}
AttachDecision tryAttachStub();
};
