Bug 1607670 part 3 - Split jit::CreateThis in CreateThisFromIC and Cr…

…eateThisFromIon. r=tcampbell The callers are very different and have different constraints, especially in later patches in this stack. Differential Revision: https://phabricator.services.mozilla.com/D59505 --HG-- extra : moz-landing-system : lando
dothq · Jan 21, 2020 · 3b4f46a · 3b4f46a
1 parent 817caff
commit 3b4f46a
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 17 deletions.
diff --git a/js/src/jit/BaselineCacheIRCompiler.cpp b/js/src/jit/BaselineCacheIRCompiler.cpp
@@ -2669,10 +2669,10 @@ void BaselineCacheIRCompiler::createThis(Register argcReg, Register calleeReg,
   loadStackObject(ArgumentKind::Callee, flags, depth, argcReg, scratch);
   masm.push(scratch);
 
-  // Call CreateThis
+  // Call CreateThisFromIC.
   using Fn =
       bool (*)(JSContext*, HandleObject, HandleObject, MutableHandleValue);
-  callVM<Fn, CreateThis>(masm);
+  callVM<Fn, CreateThisFromIC>(masm);
 
 #ifdef DEBUG
   Label createdThisOK;

diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
@@ -6968,7 +6968,7 @@ void CodeGenerator::visitCreateThis(LCreateThis* lir) {
 
   using Fn = bool (*)(JSContext * cx, HandleObject callee,
                       HandleObject newTarget, MutableHandleValue rval);
-  callVM<Fn, jit::CreateThis>(lir);
+  callVM<Fn, jit::CreateThisFromIon>(lir);
 }
 
 void CodeGenerator::visitCreateThisWithProto(LCreateThisWithProto* lir) {

diff --git a/js/src/jit/VMFunctionList-inl.h b/js/src/jit/VMFunctionList-inl.h
@@ -99,8 +99,9 @@ namespace jit {
   _(CreateAsyncFromSyncIterator, js::CreateAsyncFromSyncIterator)              \
   _(CreateDerivedTypedObj, js::jit::CreateDerivedTypedObj)                     \
   _(CreateGenerator, js::jit::CreateGenerator)                                 \
-  _(CreateThis, js::jit::CreateThis)                                           \
   _(CreateThisForFunctionWithProto, js::CreateThisForFunctionWithProto)        \
+  _(CreateThisFromIC, js::jit::CreateThisFromIC)                               \
+  _(CreateThisFromIon, js::jit::CreateThisFromIon)                             \
   _(CreateThisWithTemplate, js::CreateThisWithTemplate)                        \
   _(DebugAfterYield, js::jit::DebugAfterYield)                                 \
   _(DebugEpilogueOnBaselineReturn, js::jit::DebugEpilogueOnBaselineReturn)     \

diff --git a/js/src/jit/VMFunctions.cpp b/js/src/jit/VMFunctions.cpp
@@ -681,21 +681,42 @@ bool GetIntrinsicValue(JSContext* cx, HandlePropertyName name,
   return true;
 }
 
-bool CreateThis(JSContext* cx, HandleObject callee, HandleObject newTarget,
-                MutableHandleValue rval) {
+bool CreateThisFromIC(JSContext* cx, HandleObject callee,
+                      HandleObject newTarget, MutableHandleValue rval) {
+  HandleFunction fun = callee.as<JSFunction>();
+  MOZ_ASSERT(fun->isInterpreted());
+  MOZ_ASSERT(fun->isConstructor());
+
+  // CreateThis expects rval to be this magic value.
   rval.set(MagicValue(JS_IS_CONSTRUCTING));
 
-  if (callee->is<JSFunction>()) {
-    RootedFunction fun(cx, &callee->as<JSFunction>());
-    if (fun->isInterpreted() && fun->isConstructor()) {
-      if (!js::CreateThis(cx, fun, newTarget, GenericObject, rval)) {
-        return false;
-      }
-      MOZ_ASSERT_IF(rval.isObject(),
-                    fun->realm() == rval.toObject().nonCCWRealm());
-    }
+  if (!js::CreateThis(cx, fun, newTarget, GenericObject, rval)) {
+    return false;
+  }
+
+  MOZ_ASSERT_IF(rval.isObject(), fun->realm() == rval.toObject().nonCCWRealm());
+  return true;
+}
+
+bool CreateThisFromIon(JSContext* cx, HandleObject callee,
+                       HandleObject newTarget, MutableHandleValue rval) {
+  // Return JS_IS_CONSTRUCTING for cases not supported by the inline call path.
+  rval.set(MagicValue(JS_IS_CONSTRUCTING));
+
+  if (!callee->is<JSFunction>()) {
+    return true;
+  }
+
+  HandleFunction fun = callee.as<JSFunction>();
+  if (!fun->isInterpreted() || !fun->isConstructor()) {
+    return true;
+  }
+
+  if (!js::CreateThis(cx, fun, newTarget, GenericObject, rval)) {
+    return false;
   }
 
+  MOZ_ASSERT_IF(rval.isObject(), fun->realm() == rval.toObject().nonCCWRealm());
   return true;
 }
 

diff --git a/js/src/jit/VMFunctions.h b/js/src/jit/VMFunctions.h
@@ -927,8 +927,12 @@ bool OperatorInI(JSContext* cx, uint32_t index, HandleObject obj, bool* out);
 MOZ_MUST_USE bool GetIntrinsicValue(JSContext* cx, HandlePropertyName name,
                                     MutableHandleValue rval);
 
-MOZ_MUST_USE bool CreateThis(JSContext* cx, HandleObject callee,
-                             HandleObject newTarget, MutableHandleValue rval);
+MOZ_MUST_USE bool CreateThisFromIC(JSContext* cx, HandleObject callee,
+                                   HandleObject newTarget,
+                                   MutableHandleValue rval);
+MOZ_MUST_USE bool CreateThisFromIon(JSContext* cx, HandleObject callee,
+                                    HandleObject newTarget,
+                                    MutableHandleValue rval);
 
 bool GetDynamicNamePure(JSContext* cx, JSObject* scopeChain, JSString* str,
                         Value* vp);