Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 619433 - [meta] TypeInference browser integration
: [meta] TypeInference browser integration
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: x86_64 Linux
: -- normal with 6 votes (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on: 530641 639967 650864 650912 651119 652646 653639 655708 655711 658623 662082
Blocks: TypeInference
  Show dependency treegraph
Reported: 2010-12-15 12:15 PST by David Anderson [:dvander]
Modified: 2012-01-19 07:26 PST (History)
15 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description David Anderson [:dvander] 2010-12-15 12:15:07 PST
Tracking bug for making type inference work in the browser, which includes mochitest failures, possible problems involving the embedding or XPConnect, etc.
Comment 1 Brian Hackett (:bhackett) 2011-03-06 20:13:12 PST
Fix a missed case when compiling JSOP_STRICTEQ (x === x on a known double) that showed up running jstestbrowser with TI on.
Comment 2 Brian Hackett (:bhackett) 2011-03-07 08:27:11 PST
Make a new type object for each function that is associated with a script.
Comment 3 Brian Hackett (:bhackett) 2011-03-07 16:29:16 PST
Remove a hack for telling apart fastcalls and native calls when recompiling.  This requires an additional write after each native call returns, which will be less of an issue as we move forwards with inlined/traceable natives.
Comment 4 Brian Hackett (:bhackett) 2011-03-07 20:13:43 PST
Fix a couple cases where cx->compartment was used during GC (it is NULL during the final GC, and I think is wrong the rest of the time).
Comment 5 Brian Hackett (:bhackett) 2011-03-07 23:48:26 PST
Fix a bug in JSOP_NEG which would force a frame entry to be double if the result was a double, breaking the invariant correlating the FrameState types with inference types (this invariant should be asserted somewhere, but isn't yet).  Also fix a couple memory leaks.
Comment 6 Brian Hackett (:bhackett) 2011-03-08 10:23:28 PST
Fix cases where we could cx->malloc data during GC (when making condensed constraints and when reconstructing type sets with removed entries), triggering a reentrant GC.  This changes things to use js_malloc in these cases.
Comment 7 Brian Hackett (:bhackett) 2011-03-09 11:12:24 PST
Restore the cutoff from earlier versions of inference that mark type sets as unknown when adding objects which have been added to many other large type sets, to avoid the algorithm's worst-case cubic behavior.
Comment 8 Brian Hackett (:bhackett) 2011-03-10 12:30:29 PST
Overhaul handling of scripted new in inference.  Previously, we tried to figure out what the 'this' type was at the callsite, and on dynamic calls would call getProperty to figure out the .prototype value to use (basically duplicate js_ComputeThis).  This is stupid because getProperty ends up getting called twice, and wrong because getProperty can be effectful if it has a scripted getter.

Now it is modeled on what ScriptPrologue does --- compute the possible objects which 'this' could be when analyzing the script, rather than when discovering a call to it.
Comment 9 Brian Hackett (:bhackett) 2011-05-12 09:55:13 PDT
Several fixes to get jit-tests working under Windows.  A few warnings, a fix for where accessing an enum in a bitwise field gets sign-extended by cl, and interpoline fix where all the memory operations were being done backwards.
Comment 10 Brian Hackett (:bhackett) 2011-05-12 18:03:34 PDT
Don't analyze types in compileAndGo scripts whose associated global has had its standard classes cleared.  According to GlobalObject::clearScope such scripts will never run again, and trying to do reanalysis after e.g. a GC caused reentrance problems with standard class initialization.
Comment 11 Brian Hackett (:bhackett) 2011-05-22 08:56:57 PDT
Fix some orange on tinderbox, recent regression where we recorded isOwnProperty constraints on the type set pushed by a GETGNAME/CALLGNAME, rather than on the global property itself (so we were not sensitive to that property getting deleted or reconfigured).
Comment 12 Marco Castelluccio [:marco] 2012-01-19 06:31:40 PST
Can we close this now?
Comment 13 Brian Hackett (:bhackett) 2012-01-19 06:33:26 PST

Note You need to log in before you can comment on or make changes to this bug.