tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit cbae1795a6cf03a577ff55962cc7d9e4746a0c71
parent b34b4c2e4d446f8f4d998892855cf954960b6c23
Author: André Bargull <andre.bargull@gmail.com>
Date:   Tue, 21 Oct 2025 07:05:39 +0000

Bug 1991402 - Part 2: Add IRGenerator::jsop() to get the current JSOp. r=jandem

This allows to remove `CallIRGenerator::op_` and matches other IR generators,
which also read the `JSOp` from the `jsbytecode*` pointer.

Drive-by change:
- Add `IsInlinableFunCallOrApply` to test for optimisable FunCall/FunApply
  call instructions.

Differential Revision: https://phabricator.services.mozilla.com/D266594

Diffstat:

Mjs/src/jit/BaselineIC.cpp | 6+++---


Mjs/src/jit/CacheIR.cpp | 25+++++++++++++------------


Mjs/src/jit/CacheIRGenerator.h | 10++++++----


3 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/js/src/jit/BaselineIC.cpp b/js/src/jit/BaselineIC.cpp
@@ -1644,7 +1644,7 @@ bool DoCallFallback(JSContext* cx, BaselineFrame* frame, ICFallbackStub* stub,
   // allowed to attach stubs.
   if (canAttachStub) {
     HandleValueArray args = HandleValueArray::fromMarkedLocation(argc, vp + 2);
-    CallIRGenerator gen(cx, script, pc, op, stub->state(), frame, argc, callee,
+    CallIRGenerator gen(cx, script, pc, stub->state(), frame, argc, callee,
                         callArgs.thisv(), newTarget, args);
     switch (gen.tryAttachStub()) {
       case AttachDecision::NoAction:
@@ -1735,8 +1735,8 @@ bool DoSpreadCallFallback(JSContext* cx, BaselineFrame* frame,
 
     HandleValueArray args = HandleValueArray::fromMarkedLocation(
         aobj->length(), aobj->getDenseElements());
-    CallIRGenerator gen(cx, script, pc, op, stub->state(), frame, 1, callee,
-                        thisv, newTarget, args);
+    CallIRGenerator gen(cx, script, pc, stub->state(), frame, 1, callee, thisv,
+                        newTarget, args);
     switch (gen.tryAttachStub()) {
       case AttachDecision::NoAction:
         break;
diff --git a/js/src/jit/CacheIR.cpp b/js/src/jit/CacheIR.cpp
@@ -6508,12 +6508,11 @@ void OptimizeSpreadCallIRGenerator::trackAttached(const char* name) {
 }
 
 CallIRGenerator::CallIRGenerator(JSContext* cx, HandleScript script,
-                                 jsbytecode* pc, JSOp op, ICState state,
+                                 jsbytecode* pc, ICState state,
                                  BaselineFrame* frame, uint32_t argc,
                                  HandleValue callee, HandleValue thisval,
                                  HandleValue newTarget, HandleValueArray args)
     : IRGenerator(cx, script, pc, CacheKind::Call, state, frame),
-      op_(op),
       argc_(argc),
       callee_(callee),
       thisval_(thisval),
@@ -11437,7 +11436,7 @@ AttachDecision CallIRGenerator::tryAttachFunCall(HandleFunction callee) {
       writer.callScriptedFunction(thisObjId, argcId, targetFlags,
                                   ClampFixedArgc(argc_));
     } else {
-      writer.callNativeFunction(thisObjId, argcId, op_, target, targetFlags,
+      writer.callNativeFunction(thisObjId, argcId, jsop(), target, targetFlags,
                                 ClampFixedArgc(argc_));
     }
   } else {
@@ -12749,7 +12748,7 @@ AttachDecision CallIRGenerator::tryAttachFunApply(HandleFunction calleeFunc) {
     if (isScripted) {
       writer.callScriptedFunction(thisObjId, argcId, targetFlags, fixedArgc);
     } else {
-      writer.callNativeFunction(thisObjId, argcId, op_, target, targetFlags,
+      writer.callNativeFunction(thisObjId, argcId, jsop(), target, targetFlags,
                                 fixedArgc);
     }
   } else {
@@ -13750,7 +13749,7 @@ AttachDecision CallIRGenerator::tryAttachCallNative(HandleFunction calleeFunc) {
   } else if (isSpecialized) {
     // Ensure callee matches this stub's callee
     writer.guardSpecificFunction(calleeObjId, calleeFunc);
-    writer.callNativeFunction(calleeObjId, argcId, op_, calleeFunc, flags,
+    writer.callNativeFunction(calleeObjId, argcId, jsop(), calleeFunc, flags,
                               ClampFixedArgc(argc_));
 
     trackAttached("Call.CallNative");
@@ -14003,11 +14002,15 @@ AttachDecision CallIRGenerator::tryAttachBoundNative(
   return nativeGen.tryAttachStub();
 }
 
+static bool IsInlinableFunCallOrApply(JSOp op) {
+  return op == JSOp::Call || op == JSOp::CallContent ||
+         op == JSOp::CallIgnoresRv;
+}
+
 AttachDecision CallIRGenerator::tryAttachBoundFunCall(
     Handle<BoundFunctionObject*> calleeObj) {
   // Only optimize fun_call for simple calls.
-  if (op_ != JSOp::Call && op_ != JSOp::CallContent &&
-      op_ != JSOp::CallIgnoresRv) {
+  if (!IsInlinableFunCallOrApply(jsop())) {
     return AttachDecision::NoAction;
   }
 
@@ -14111,8 +14114,7 @@ AttachDecision CallIRGenerator::tryAttachBoundFunCall(
 AttachDecision CallIRGenerator::tryAttachBoundFunApply(
     Handle<BoundFunctionObject*> calleeObj) {
   // Only optimize fun_apply for simple calls.
-  if (op_ != JSOp::Call && op_ != JSOp::CallContent &&
-      op_ != JSOp::CallIgnoresRv) {
+  if (!IsInlinableFunCallOrApply(jsop())) {
     return AttachDecision::NoAction;
   }
 
@@ -14370,7 +14372,7 @@ AttachDecision CallIRGenerator::tryAttachStub() {
   AutoAssertNoPendingException aanpe(cx_);
 
   // Some opcodes are not yet supported.
-  switch (op_) {
+  switch (jsop()) {
     case JSOp::Call:
     case JSOp::CallContent:
     case JSOp::CallIgnoresRv:
@@ -14420,8 +14422,7 @@ AttachDecision CallIRGenerator::tryAttachStub() {
   // Try inlining Function.prototype.{call,apply}. We don't use the
   // InlinableNative mechanism for this because we want to optimize these more
   // aggressively than other natives.
-  if (op_ == JSOp::Call || op_ == JSOp::CallContent ||
-      op_ == JSOp::CallIgnoresRv) {
+  if (IsInlinableFunCallOrApply(jsop())) {
     TRY_ATTACH(tryAttachFunCall(calleeFunc));
     TRY_ATTACH(tryAttachFunApply(calleeFunc));
     TRY_ATTACH(tryAttachFunCallBound(calleeFunc));
diff --git a/js/src/jit/CacheIRGenerator.h b/js/src/jit/CacheIRGenerator.h
@@ -86,6 +86,8 @@ class MOZ_RAII IRGenerator {
   IRGenerator(const IRGenerator&) = delete;
   IRGenerator& operator=(const IRGenerator&) = delete;
 
+  JSOp jsop() const { return JSOp(*pc_); }
+
   bool maybeGuardInt32Index(const Value& index, ValOperandId indexId,
                             uint32_t* int32Index, Int32OperandId* int32IndexId);
 
@@ -143,6 +145,7 @@ class MOZ_RAII IRGenerator {
   gc::AllocSite* maybeCreateAllocSite();
 
   friend class CacheIRSpewer;
+  friend class InlinableNativeIRGenerator;
 
  public:
   explicit IRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
@@ -598,7 +601,6 @@ enum class ScriptedThisResult { NoAction, UninitializedThis, PlainObjectShape };
 
 class MOZ_RAII CallIRGenerator : public IRGenerator {
  private:
-  JSOp op_;
   uint32_t argc_;
   HandleValue callee_;
   HandleValue thisval_;
@@ -639,7 +641,7 @@ class MOZ_RAII CallIRGenerator : public IRGenerator {
   void trackAttached(const char* name /* must be a C string literal */);
 
  public:
-  CallIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc, JSOp op,
+  CallIRGenerator(JSContext* cx, HandleScript script, jsbytecode* pc,
                   ICState state, BaselineFrame* frame, uint32_t argc,
                   HandleValue callee, HandleValue thisval,
                   HandleValue newTarget, HandleValueArray args);
@@ -661,8 +663,8 @@ class MOZ_RAII InlinableNativeIRGenerator {
   HandleScript script() const { return generator_.script_; }
   JSObject* callee() const { return &generator_.callee_.toObject(); }
   bool isFirstStub() const { return generator_.isFirstStub_; }
-  bool ignoresResult() const { return generator_.op_ == JSOp::CallIgnoresRv; }
-  JSOp op() const { return generator_.op_; }
+  bool ignoresResult() const { return op() == JSOp::CallIgnoresRv; }
+  JSOp op() const { return generator_.jsop(); }
   uint32_t stackArgc() const { return generator_.argc_; }
 
   bool isCalleeBoundFunction() const;