Bug 1703469: Use JSScript instead of JSFunction in trial inlining r=jandem

We inline scripts, not functions, so switching to scripts as soon as possible in the inliner makes everything a little cleaner.

Differential Revision: https://phabricator.services.mozilla.com/D251758

Author: iainireland

js/src/jit/TrialInlining.cpp

@@ -206,7 +206,7 @@ Maybe<InlinableCallData> FindInlinableCallData(ICCacheIRStub* stub) {
 
   ObjOperandId calleeGuardOperand;
   CallFlags flags;
-  JSFunction* target = nullptr;
+  JSScript* targetScript = nullptr;
 
   CacheIRReader reader(stubInfo);
   while (reader.more()) {
@@ -219,21 +219,26 @@ Maybe<InlinableCallData> FindInlinableCallData(ICCacheIRStub* stub) {
 
     switch (op) {
       case CacheOp::GuardSpecificFunction: {
-        // If we see a guard, remember which operand we are guarding.
+        // If we see a guard for a scripted function, remember which
+        // operand we are guarding.
         MOZ_ASSERT(data.isNothing());
-        calleeGuardOperand = reader.objOperandId();
+        ObjOperandId maybeCalleeGuardOperand = reader.objOperandId();
         uint32_t targetOffset = reader.stubOffset();
         (void)reader.stubOffset();  // nargsAndFlags
-        uintptr_t rawTarget = stubInfo->getStubRawWord(stubData, targetOffset);
-        target = reinterpret_cast<JSFunction*>(rawTarget);
+        uintptr_t rawFunction = stubInfo->getStubRawWord(stubData, targetOffset);
+        JSFunction* function = reinterpret_cast<JSFunction*>(rawFunction);
+        if (function->hasBytecode()) {
+          calleeGuardOperand = maybeCalleeGuardOperand;
+          targetScript = function->nonLazyScript();
+        }
         break;
       }
       case CacheOp::GuardFunctionScript: {
         MOZ_ASSERT(data.isNothing());
         calleeGuardOperand = reader.objOperandId();
         uint32_t targetOffset = reader.stubOffset();
-        uintptr_t rawTarget = stubInfo->getStubRawWord(stubData, targetOffset);
-        target = reinterpret_cast<BaseScript*>(rawTarget)->function();
+        uintptr_t rawScript = stubInfo->getStubRawWord(stubData, targetOffset);
+        targetScript = reinterpret_cast<JSScript*>(rawScript);
         (void)reader.stubOffset();  // nargsAndFlags
         break;
       }
@@ -294,7 +299,7 @@ Maybe<InlinableCallData> FindInlinableCallData(ICCacheIRStub* stub) {
     }
     data->calleeOperand = calleeGuardOperand;
     data->callFlags = flags;
-    data->target = target;
+    data->target = targetScript;
   }
   return data;
 }
@@ -306,7 +311,7 @@ Maybe<InlinableGetterData> FindInlinableGetterData(ICCacheIRStub* stub) {
   const uint8_t* stubData = stub->stubDataStart();
 
   ObjOperandId maybeCalleeOperand;
-  uintptr_t maybeRawCallee = 0;
+  JSScript* targetScript = nullptr;
 
   CacheIRReader reader(stubInfo);
   while (reader.more()) {
@@ -320,9 +325,14 @@ Maybe<InlinableGetterData> FindInlinableGetterData(ICCacheIRStub* stub) {
     switch (op) {
       case CacheOp::LoadObject: {
         // If we load a constant object, remember it in case it's the callee.
-        maybeCalleeOperand = reader.objOperandId();
-        uint32_t maybeCalleeOffset = reader.stubOffset();
-        maybeRawCallee = stubInfo->getStubRawWord(stubData, maybeCalleeOffset);
+        ObjOperandId resultOperand = reader.objOperandId();
+        uint32_t objOffset = reader.stubOffset();
+        uintptr_t rawObject = stubInfo->getStubRawWord(stubData, objOffset);
+        JSObject* object = reinterpret_cast<JSObject*>(rawObject);
+        if (object->is<JSFunction>() && object->as<JSFunction>().hasBytecode()) {
+          maybeCalleeOperand = resultOperand;
+          targetScript = object->as<JSFunction>().nonLazyScript();
+        }
         break;
       }
       case CacheOp::CallScriptedGetterResult: {
@@ -333,7 +343,7 @@ Maybe<InlinableGetterData> FindInlinableGetterData(ICCacheIRStub* stub) {
 
         if (maybeCalleeOperand == calleeOperand) {
           data.emplace();
-          data->target = reinterpret_cast<JSFunction*>(maybeRawCallee);
+          data->target = targetScript;
           data->receiverOperand = receiverOperand;
           data->calleeOperand = calleeOperand;
           data->sameRealm = sameRealm;
@@ -352,7 +362,7 @@ Maybe<InlinableGetterData> FindInlinableGetterData(ICCacheIRStub* stub) {
 
         if (maybeCalleeOperand == calleeOperand) {
           data.emplace();
-          data->target = reinterpret_cast<JSFunction*>(maybeRawCallee);
+          data->target = targetScript;
           data->receiverOperand = receiverOperand;
           data->calleeOperand = calleeOperand;
           data->icScript = reinterpret_cast<ICScript*>(rawICScript);
@@ -384,7 +394,7 @@ Maybe<InlinableSetterData> FindInlinableSetterData(ICCacheIRStub* stub) {
   const uint8_t* stubData = stub->stubDataStart();
 
   ObjOperandId maybeCalleeOperand;
-  uintptr_t maybeRawCallee = 0;
+  JSScript* targetScript = nullptr;
 
   CacheIRReader reader(stubInfo);
   while (reader.more()) {
@@ -398,9 +408,14 @@ Maybe<InlinableSetterData> FindInlinableSetterData(ICCacheIRStub* stub) {
     switch (op) {
       case CacheOp::LoadObject: {
         // If we load a constant object, remember it in case it's the callee.
-        maybeCalleeOperand = reader.objOperandId();
-        uint32_t maybeCalleeOffset = reader.stubOffset();
-        maybeRawCallee = stubInfo->getStubRawWord(stubData, maybeCalleeOffset);
+        ObjOperandId resultOperand = reader.objOperandId();
+        uint32_t objOffset = reader.stubOffset();
+        uintptr_t rawObject = stubInfo->getStubRawWord(stubData, objOffset);
+        JSObject* object = reinterpret_cast<JSObject*>(rawObject);
+        if (object->is<JSFunction>() && object->as<JSFunction>().hasBytecode()) {
+          maybeCalleeOperand = resultOperand;
+          targetScript = object->as<JSFunction>().nonLazyScript();
+        }
         break;
       }
       case CacheOp::CallScriptedSetter: {
@@ -412,7 +427,7 @@ Maybe<InlinableSetterData> FindInlinableSetterData(ICCacheIRStub* stub) {
 
         if (maybeCalleeOperand == calleeOperand) {
           data.emplace();
-          data->target = reinterpret_cast<JSFunction*>(maybeRawCallee);
+          data->target = targetScript;
           data->receiverOperand = receiverOperand;
           data->calleeOperand = calleeOperand;
           data->rhsOperand = rhsOperand;
@@ -433,7 +448,7 @@ Maybe<InlinableSetterData> FindInlinableSetterData(ICCacheIRStub* stub) {
 
         if (maybeCalleeOperand == calleeOperand) {
           data.emplace();
-          data->target = reinterpret_cast<JSFunction*>(maybeRawCallee);
+          data->target = targetScript;
           data->receiverOperand = receiverOperand;
           data->calleeOperand = calleeOperand;
           data->rhsOperand = rhsOperand;
@@ -512,13 +527,12 @@ bool TrialInliner::IsValidInliningOp(JSOp op) {
 }
 
 /*static*/
-bool TrialInliner::canInline(JSFunction* target, HandleScript caller,
+bool TrialInliner::canInline(JSScript* script, HandleScript caller,
                              BytecodeLocation loc) {
-  if (!target->hasJitScript()) {
+  if (!script->hasJitScript()) {
     JitSpew(JitSpew_WarpTrialInlining, "SKIP: no JIT script");
     return false;
   }
-  JSScript* script = target->nonLazyScript();
   if (!script->jitScript()->hasBaselineScript()) {
     JitSpew(JitSpew_WarpTrialInlining, "SKIP: no BaselineScript");
     return false;
@@ -536,7 +550,7 @@ bool TrialInliner::canInline(JSFunction* target, HandleScript caller,
     return false;
   }
   // Don't inline cross-realm calls.
-  if (target->realm() != caller->realm()) {
+  if (script->realm() != caller->realm()) {
     JitSpew(JitSpew_WarpTrialInlining, "SKIP: cross-realm call");
     return false;
   }
@@ -567,9 +581,10 @@ bool TrialInliner::canInline(JSFunction* target, HandleScript caller,
     }
   }
 
-  if (TooManyFormalArguments(target->nargs())) {
+  if (script->function() &&
+      TooManyFormalArguments(script->function()->nargs())) {
     JitSpew(JitSpew_WarpTrialInlining, "SKIP: Too many formal arguments: %u",
-            unsigned(target->nargs()));
+            unsigned(script->function()->nargs()));
     return false;
   }
 
@@ -623,38 +638,36 @@ static bool ShouldUseMonomorphicInlining(JSScript* targetScript) {
   return true;
 }
 
-TrialInliningDecision TrialInliner::getInliningDecision(JSFunction* target,
+TrialInliningDecision TrialInliner::getInliningDecision(JSScript* targetScript,
                                                         ICCacheIRStub* stub,
                                                         BytecodeLocation loc) {
 #ifdef JS_JITSPEW
   if (JitSpewEnabled(JitSpew_WarpTrialInlining)) {
-    BaseScript* baseScript =
-        target->hasBaseScript() ? target->baseScript() : nullptr;
-
     UniqueChars funName;
-    if (target->maybePartialDisplayAtom()) {
-      funName = AtomToPrintableString(cx(), target->maybePartialDisplayAtom());
+    if (targetScript->function()) {
+      if (JSAtom* atom = targetScript->function()->maybePartialDisplayAtom()) {
+        funName = AtomToPrintableString(cx(), atom);
+      }
     }
 
     JitSpew(JitSpew_WarpTrialInlining,
             "Inlining candidate JSOp::%s (offset=%u): callee script '%s' "
             "(%s:%u:%u)",
             CodeName(loc.getOp()), loc.bytecodeToOffset(script_),
             funName ? funName.get() : "<unnamed>",
-            baseScript ? baseScript->filename() : "<not-scripted>",
-            baseScript ? baseScript->lineno() : 0,
-            baseScript ? baseScript->column().oneOriginValue() : 0);
+            targetScript->filename(),
+            targetScript->lineno(),
+            targetScript->column().oneOriginValue());
     JitSpewIndent spewIndent(JitSpew_WarpTrialInlining);
   }
 #endif
 
-  if (!canInline(target, script_, loc)) {
+  if (!canInline(targetScript, script_, loc)) {
     return TrialInliningDecision::NoInline;
   }
 
   // Don't inline (direct) recursive calls. This still allows recursion if
   // called through another function (f => g => f).
-  JSScript* targetScript = target->nonLazyScript();
   if (script_ == targetScript) {
     JitSpew(JitSpew_WarpTrialInlining, "SKIP: recursion");
     return TrialInliningDecision::NoInline;
@@ -705,18 +718,15 @@ TrialInliningDecision TrialInliner::getInliningDecision(JSFunction* target,
   return TrialInliningDecision::MonomorphicInline;
 }
 
-ICScript* TrialInliner::createInlinedICScript(JSFunction* target,
+ICScript* TrialInliner::createInlinedICScript(JSScript* targetScript,
                                               BytecodeLocation loc) {
-  MOZ_ASSERT(target->hasJitEntry());
-  MOZ_ASSERT(target->hasJitScript());
+  MOZ_ASSERT(targetScript->hasJitScript());
 
   InliningRoot* root = getOrCreateInliningRoot();
   if (!root) {
     return nullptr;
   }
 
-  JSScript* targetScript = target->baseScript()->asJSScript();
-
   // We don't have to check for overflow here because we have already
   // successfully allocated an ICScript with this number of entries
   // when creating the JitScript for the target function, and we
@@ -857,7 +867,8 @@ bool TrialInliner::maybeInlineGetter(ICEntry& entry, ICFallbackStub* fallback,
   cloneSharedPrefix(stub, data->endOfSharedPrefix, writer);
 
   writer.callInlinedGetterResult(data->receiverOperand, data->calleeOperand,
-                                 data->target, newICScript, data->sameRealm);
+                                 data->target->function(), newICScript,
+                                 data->sameRealm);
   writer.returnFromIC();
 
   return replaceICStub(entry, fallback, writer, kind);
@@ -901,8 +912,8 @@ bool TrialInliner::maybeInlineSetter(ICEntry& entry, ICFallbackStub* fallback,
   cloneSharedPrefix(stub, data->endOfSharedPrefix, writer);
 
   writer.callInlinedSetter(data->receiverOperand, data->calleeOperand,
-                           data->target, data->rhsOperand, newICScript,
-                           data->sameRealm);
+                           data->target->function(), data->rhsOperand,
+                           newICScript, data->sameRealm);
   writer.returnFromIC();
 
   return replaceICStub(entry, fallback, writer, kind);

js/src/jit/TrialInlining.h

@@ -49,8 +49,6 @@
 class JS_PUBLIC_API JSTracer;
 struct JS_PUBLIC_API JSContext;
 
-class JSFunction;
-
 namespace JS {
 class Zone;
 }
@@ -112,7 +110,7 @@ class InliningRoot {
 
 class InlinableOpData {
  public:
-  JSFunction* target = nullptr;
+  JSScript* target = nullptr;
   ICScript* icScript = nullptr;
   const uint8_t* endOfSharedPrefix = nullptr;
 };
@@ -168,7 +166,7 @@ class MOZ_RAII TrialInliner {
   [[nodiscard]] bool maybeInlineSetter(ICEntry& entry, ICFallbackStub* fallback,
                                        BytecodeLocation loc, CacheKind kind);
 
-  static bool canInline(JSFunction* target, HandleScript caller,
+  static bool canInline(JSScript* target, HandleScript caller,
                         BytecodeLocation loc);
 
   static bool IsValidInliningOp(JSOp op);
@@ -177,11 +175,11 @@ class MOZ_RAII TrialInliner {
   ICCacheIRStub* maybeSingleStub(const ICEntry& entry);
   void cloneSharedPrefix(ICCacheIRStub* stub, const uint8_t* endOfPrefix,
                          CacheIRWriter& writer);
-  ICScript* createInlinedICScript(JSFunction* target, BytecodeLocation loc);
+  ICScript* createInlinedICScript(JSScript* target, BytecodeLocation loc);
   [[nodiscard]] bool replaceICStub(ICEntry& entry, ICFallbackStub* fallback,
                                    CacheIRWriter& writer, CacheKind kind);
 
-  TrialInliningDecision getInliningDecision(JSFunction* target,
+  TrialInliningDecision getInliningDecision(JSScript* target,
                                             ICCacheIRStub* stub,
                                             BytecodeLocation loc);
 

js/src/jit/WarpOracle.cpp

@@ -1019,8 +1019,8 @@ AbortReasonOr<bool> WarpScriptOracle::maybeInlineCall(
     return false;
   }
 
-  RootedFunction targetFunction(cx_, inlineData->target);
-  if (!TrialInliner::canInline(targetFunction, script_, loc)) {
+  RootedScript targetScript(cx_, inlineData->target);
+  if (!TrialInliner::canInline(targetScript, script_, loc)) {
     return false;
   }
 
@@ -1029,7 +1029,6 @@ AbortReasonOr<bool> WarpScriptOracle::maybeInlineCall(
   MOZ_ASSERT_IF(!isTrialInlined, fallbackStub->trialInliningState() ==
                                      TrialInliningState::MonomorphicInlined);
 
-  RootedScript targetScript(cx_, targetFunction->nonLazyScript());
   ICScript* icScript = nullptr;
   if (isTrialInlined) {
     icScript = inlineData->icScript;