Remove the `if (!mozilla::IsPointer<T>::value || thing)` check in
GCVariantImplementation::trace, as GCPolicy will dispatch these to
GCPointerPolicy and InternalPointerPolicy (for pointers) and StructGCPolicy (for
non-pointers).
Also use Rooted for prevState_ in AutoSetNewObjectMetadata and remove
inherit from CustomAutoRooter.
The CacheIR code only sees transparent CCWs so it's fine to do a static unwrap.
DebuggerObject::unwrap is more complicated. We're in the debugger's compartment
there; I went with UnwrapOneCheckedStatic as it seems safest and simplest for
now.
Differential Revision: https://phabricator.services.mozilla.com/D21354
--HG--
extra : moz-landing-system : lando
I've only added support for these, renamed in a couple of error
messages and a few test cases, not renamed all the uses, because there
are so many. Will file followup bugs for that work, but it won't be
urgent.
Note, wabt no longer recognizes get_local et al, it requires local.get
etc. But we should remain backward compatible for a long while still.
Differential Revision: https://phabricator.services.mozilla.com/D21502
--HG--
extra : rebase_source : b78b23ee5edb6121da6884b1bf36336e07ea82ef
Wabt is now supporting funcref exclusively, and with the reftypes
proposal I think there's broad agreement that we will stop using
anyfunc. So let's accept funcref both in the text format and in the
table creation dictionary, and let's use this name as the canonical
name in error messages and similar.
But let's also continue to accept anyfunc, since there may be
in-flight tests and other content that uses it. This includes a
couple of emscripten-compiled benchmarks currently in the repo; I
chose not to change those.
Differential Revision: https://phabricator.services.mozilla.com/D21388
--HG--
extra : rebase_source : 078ffbac2c3d88b2ce74fdcf06493b4db8000dac
StackMapGenerator::createStackMap() creates stack maps in the wasm baseline
compiler. For release builds, it first performs a check to determine whether
the stackmap would describe only non-ref words, and if so, exits without
creating the map, since the map would be useless.
To make the check cheaper, it is inexact but safe, so it sometimes causes a
map to be created even though it is unnecessary. Specifically, the vector
|extras|, which may contain a description of exit stub register save
locations, is regarded as possibly-contributing-refs if it is merely
non-empty. The actual contents are not checked. This causes creation of
33,688 unnecessary stack maps in the Tanks test case, probably one for each
function.
The fix is simple. Actually check every element of |extras| to see if any are
|true|. This makes the test exact, removes all unnecessary map creation, and
reduces the Tanks compile cost from 2.43 billion instructions to 2.39 billion
instructions. That is, the shortcut was overall a loss anyway, presumably due
to the extra costs incurred by the pointless stackmap creation.
--HG--
extra : rebase_source : 4990f28ec6d3d50e289432572c79a6ca105aecc3
Add an RAII guarded initialization for the IO interposer to the
initialization process for xpc shell tests. This ensures that whenever
an xpcshell tests uses the IOInterposer, that it will correctly
catch all registered threads, and will not miss any.
Differential Revision: https://phabricator.services.mozilla.com/D20736
--HG--
extra : moz-landing-system : lando
We are doing this to:
1) Eliminate (hundreds of) static constructors. These account for a significant
fraction of all remaining static constructors in Gecko.
2) Use constexpr for VMFunction data. This was not possible with the linked list
but the new design stores all data in a constexpr array. This will save a few
KB per process.
3) Make it easier to define a new VMFunction.
4) Coalesce duplicate VMFunction copies in Baseline/Ion/ICs.
5) Get rid of the (read-only) HashMap for the VMFunction => code lookup. We can
use a Vector instead.
6) Make it easier in the future to generate the wrappers at compile time.
This patch will let us incrementally convert the remaining VM functions. The
only thing not handled by this patch is support for the TailCall and
extraValuesToPop fields. We can do this when we convert the Baseline IC code
that uses these fields.
Once all VM functions have been converted we can remove and simplify more code.
Differential Revision: https://phabricator.services.mozilla.com/D21332
--HG--
extra : moz-landing-system : lando
This was useful when we had ExclusiveContext and PJS ThreadSafeContext but now we
only use JSContext* so it's simpler to just use that.
Differential Revision: https://phabricator.services.mozilla.com/D21331
--HG--
extra : moz-landing-system : lando
This patch creates stackmaps when compiling wasm via Ion. The resulting maps
(wasm::StackMap) have the same type as those created by the baseline compiler,
and the user thereof (Instance::traceFrame) is unchanged -- it doesn't know or
care which compiler produced a map.
Maps are created for calls and for resumable traps -- that is, the stack
overflow checks at function entry and at loop heads.
As with the baseline compiler, for non-debug builds, stackmaps are omitted
when they would cover only non-ref words. For debug builds, they are never
omitted, as that makes GC-time assertions on map-boundary-correctness more
effective.
Summary of implementation
~~~~~~~~~~~~~~~~~~~~~~~~~
(1) The front end (WasmIonCompile.cpp) is assumed to generate MIR nodes with
type MIRType::RefOrNull to indicate ref-ness as needed.
(2) When lowering MIR to LIR, nodes requiring a stackmap are marked by calling
assignWasmSafepoint [LIRGenerator::{lowerWasmCall,
visitWasmInterruptCheck}].
(3) When lowering LIR to machine insns, for calls and traps, the LSafepoint
created by (2) is associated with a specific assembler offset (machine
insn) and is tagged with the relevant lower-limit masm.framePushed value
[CodeGenerator::{emitWasmCallBase, visitWasmInterruptCheck}].
(4) After code generation (including regalloc) has finished, all the
LSafepoints created by (2)/(3) are visited, and from them wasm::StackMaps
are created [CodeGenerator::generateWasm, CreateStackMapFromLSafepoint].
The StackMaps are added to our running collection thereof.
CodeGenerator::generateWasm also creates the function entry stack map
[CreateStackMapForFunctionEntryTrap].
Changes to existing structure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When generating stackmaps for call instructions, it is crucial to correctly
establish the boundary between the caller and callee's stackmaps. The
boundary is defined thusly: the upper end of the callee's stackmap corresponds
with the the highest-addressed stack word that carries an argument value, and
the lower end of the caller's stackmap is the next word above that, and
includes any and all padding pushed before the arguments proper.
Hence the following change: all MWasmCallNodes must now carry the value
StackArgAreaSizeUnaligned(outgoing arg tys), and so that has been added as an
extra field, stackArgAreaSizeUnaligned_. [FunctionCompiler::{callDirect,
callIndirect, callImport, builtinCall, builtinInstanceMethodCall].
This applies to MWasmCallNodes created by callDirect, callIndirect,
callImport, builtinCall and builtinInstanceMethodCall. For the latter two,
the outgoing argument size is derived from type information in the callee's
SymbolicAddressSignature.
Other details of implementation not mentioned above, in no particular order
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Some JitSpewery has been added.
* There has been some renaming of variables in BaseCompiler::beginFunction so
as to emphasise the commonality with new function
CreateStackMapForFunctionEntryTrap, since they perform essentially the same
job.
* LSafepoint has two new wasm-only fields isWasmTrap_ and
framePushedAtStackMapBase_, needed to determine the map base point when
converting to a wasm::StackMap.
* (debug only) MDefinition::printOpcode now prints the type of each value, so
it's possible to look at MIR dumps and see if the types are right.
* MacroAssembler::wasmReserveStackChecked has been rewritten, although it
generates the same code:
- it returns both: the assembler offset of the trapping insn, so we can key
the associated StackMap to it, and
- the number of bytes of stack allocated before the trap, so that
CreateStackMapForFunctionEntryTrap can take those into account
- The somewhat krunky control flow
if (amount > MAX_UNCHECKED_LEAF_FRAME_SIZE), and the opposite test later,
has been merged into a single test. I find this safer and easier to
reason about.
* GenerateStackmapEntriesForTrapExit is used by both compilers and so has been
moved to the common area WasmGC.{cpp,h}.
* |struct StackMap| and |class StackMaps| have been moved from WasmTypes.h to
WasmGC.h.
--HG--
extra : rebase_source : c3da878fdf81b81b09d14a3b7098252cc2cae3dc
The main behavior changes are:
1) We no longer create a new Window when doing document.open(). We use the
same Window but remove all the event listeners on it and on the existing DOM
tree before removing the document's existing kids.
2) We no longer create a new session history entry. The existing one always
gets replaced instead.
3) We now support document.open on documents that are not in a Window.
The reasons for the various test changes are as follows:
The change to browser_modifiedclick_inherit_principal.js is because we no
longer set the docshell to a wyciwyg URL when document.open() happens and the
test was depending on that to terminate.
browser_wyciwyg_urlbarCopying.js is being removed because it's trying to test
wyciwyg URIs, which no longer exist.
The changes in docshell/test/navigation are because document.open() no longer
affects session history. One of the tests was testing the interactions there
and is being removed; another is being repurposed to just test that
document.open() does not affect history.length.
The change to test_x-frame-options.html is because document.open() now removes
event listeners on the window, which it didn't use to do (and in the specific
case in this test reused the existing inner too, so the listener was still
around in practice). The new behavior matches other browsers.
The removal of test_bug172261.html is because document.open() no longer affects
session history, so you can't go back across it or forward to the "opened"
state, so the situation that test is trying to test no longer exists.
The changes to test_bug255820.html are because reloading a document after
document.open() will now just load the URL of the document that was the entry
document for the open() call, not reload the written content. So there's not
much point testing reload behavior, and in this test it was just reloading the
toplevel test file inside the frames.
The change to test_bug346659.html is because now we no longer create a new
Window on document.open().
The change to test_bug1232829.html is because document.open() (implicit in this
test) no longer adds history entries, so the back() was just leaving the test
page instead of going back across the document.open(). The test is a
crashtest in practice, so might still be testing something useful about how
document.open() interacts with animations.
The change to test_bug715739.html is because the URL of the document after
document.open() is now the URL of the entry document, not a wyciwyg URL, so
reload() has different behavior than it used to.
The change to test_bug329869.html is because now when we go back we're
reloading the original document we had, not doing a wyciwyg load, and the
security info now doesn't include the untrusted script.
The changes to the wpt expectations are removing a bunch of expected failures
now that we pass those tests and disabling some tests that are fundamentally
racy and hence fail randomly. The latter all have github issues filed for the
test problem.
The change to testing/web-platform/tests/common/object-association.js is fixing
tests that were not matching the spec (and were failing in other browsers).
The change to parser-uses-registry-of-owner-document.html is fixing tests that
were not matching the spec (and were failing in other browsers).
The change to document-write.tentative.html is because the test was buggy: it
was using the same iframe element for all its tests and racing loads from some
tests against API calls from other tests, etc. It's a wonder it ever managed
to pass, independent of these patches (and in fact it doesn't pass according to
wpt.fyi data, even in Firefox).
The changes in html/browsers/history/the-history-interface are because
document.open() no longer adds history entries. The test was failing in all
other browsers for the same reason.
The changes in html/browsers/history/the-location-interface are because
reloading a document.open()-created thing now loads the URL of the page that
was the entry document for the open() call. The test was failing in all other
browsers.
The change to reload_document_open_write.html is because we now reload the url
of the document that entered the script that called open() when we reload, not
the written content. Other browsers were failing this test too; Gecko with
the old document.open implementation was the only one that passed.
The change to http-refresh.py is to fix a test bug: it was not returning a
Content-Type header, so we were putting up helper app dialogs, etc.
The change to test_ext_contentscript.js is because we no create a new global
for document.open() calls. Kris Maglione OKed this part.
Differential Revision: https://phabricator.services.mozilla.com/D17323
--HG--
extra : moz-landing-system : lando
We collect the nursery in idle time if there is less than 256KB of space
remaining. However when the nursery is small this doesn't make sense, so
add a percentage-based threshold to be used when the nursery is small.
Differential Revision: https://phabricator.services.mozilla.com/D20247
--HG--
extra : moz-landing-system : lando
This clarifies the descriptions of newCompartment, sameCompartmentAs, and
sameZoneAs.
Differential Revision: https://phabricator.services.mozilla.com/D20910
--HG--
extra : moz-landing-system : lando
I initially set this to 64K thinking that it'd prevent too much changing of
the nursery size and therefore (once implemented) too many calls to
madvise. But that's not true, because the nursery only changes size when a
tenure rate threshold is hit, and once it does it always changes size. So
we can reduce this to 4K for simplicity and alignment with other constants.
Differential Revision: https://phabricator.services.mozilla.com/D21157
--HG--
extra : moz-landing-system : lando
This works around the issue where if the PC and SP don't change while unwinding our JIT frame, we'll fail the unwinder's sanity checks and it won't call our exception handler.
Ideally we'd store proper unwind info, but that's a larger change for another day.
Differential Revision: https://phabricator.services.mozilla.com/D20858
--HG--
extra : moz-landing-system : lando
- Ensure that HasBeenCloned flag is set on LazyScript when setting it on
JSScript so it is preserved by relazification.
- Never preserve HasBeenCloned flag in LazyScript XDR.
NOTE: With the first fix, this is not needed for tests to pass anymore.
- Add a LazyScript::packedFieldsForXDR() helper to strip out runtime
flags before serializing.
Depends on D21069
Differential Revision: https://phabricator.services.mozilla.com/D21070
--HG--
extra : moz-landing-system : lando
This brings LazyScript behaviour of this flag in sync with JSScript and
the split between ImmutableFlags and MutableFlags.
Differential Revision: https://phabricator.services.mozilla.com/D21069
--HG--
extra : moz-landing-system : lando
This actor won't be being used anymore, and acts only as a maintenance burden
for people working on this code (which we're doing pretty often these days!).
Differential Revision: https://phabricator.services.mozilla.com/D20549
--HG--
extra : moz-landing-system : lando
This actor won't be being used anymore, and acts only as a maintenance burden
for people working on this code (which we're doing pretty often these days!).
Differential Revision: https://phabricator.services.mozilla.com/D20549
--HG--
extra : moz-landing-system : lando
Also replace a few packed bitfields with normal fields since this is a
stack type only.
Differential Revision: https://phabricator.services.mozilla.com/D20886
--HG--
extra : moz-landing-system : lando
Both BinASTParserBase.{lazyScript_,handler_} are not used in BinASTParserBase,
but in BinASTParserPerTokenizer.
Moved them to BinASTParserPerTokenizer.
Differential Revision: https://phabricator.services.mozilla.com/D20775
--HG--
extra : moz-landing-system : lando
BinASTParserBase::allocParseNode was used only for creating
ParseNodeKind::ParamsBody node, and other nodes are created by FullParseHandler.
Added FullParseHandler::newParamsBody and removed ParseNode allocation
methods from BinASTParserBase.
Differential Revision: https://phabricator.services.mozilla.com/D20774
--HG--
extra : moz-landing-system : lando
The watchdog thread's stack is intentionally kept as small as possible, since
the work that it does is trivial and should not require much stack space.
One result of this is that the stack segment is generally too small to
instantiate a new service (and we really don't want to be instantiating
services on it anyway).
The debug service is generally instantiated before the watchdog thread tries
to touch it, but this isn't guaranteed (and, in particular, it often isn't for
xpcshell runs on some noopt debug builds). Instantiating it before starting
the watchdog thread solves this problem.
Differential Revision: https://phabricator.services.mozilla.com/D20869
--HG--
extra : rebase_source : 2f9c3e412a7ad9a0b6f84c61907e4a7508f3b18c
Add support to WasmIonCompile for the instructions in the reftypes
proposal: ref.null, ref.is_null, table.get, table.set, table.grow,
table.size.
Also add support for the ref.eq instruction from the gc proposal.
Also update the test suite so that we will not ion-compile test cases
that use gc features that are not landed here.
Note that this patch does not change the compiler-selection behavior:
If --wasm-gc is enabled then only the baseline compiler will be used;
if --wasm-gc is not enabled then no compiler will recognize these
opcodes. Enabling Ion for reftypes content is the subject of
subsequent work.
Differential Revision: https://phabricator.services.mozilla.com/D20519
--HG--
extra : rebase_source : 0048acdd0235b231f74f51630826f0690340bc3b