Diff
Modified: trunk/JSTests/ChangeLog (222142 => 222143)
--- trunk/JSTests/ChangeLog 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/JSTests/ChangeLog 2017-09-18 12:47:26 UTC (rev 222143)
@@ -1,3 +1,19 @@
+2017-09-17 Yusuke Suzuki <[email protected]>
+
+ [DFG] Remove ToThis more aggressively
+ https://bugs.webkit.org/show_bug.cgi?id=177056
+
+ Reviewed by Saam Barati.
+
+ * stress/generator-with-this-strict.js: Added.
+ (shouldBe):
+ (generator):
+ (target):
+ * stress/generator-with-this.js: Added.
+ (shouldBe):
+ (generator):
+ (target):
+
2017-09-17 Michael Saboff <[email protected]>
https://bugs.webkit.org/show_bug.cgi?id=177038
Added: trunk/JSTests/stress/generator-with-this-strict.js (0 => 222143)
--- trunk/JSTests/stress/generator-with-this-strict.js (rev 0)
+++ trunk/JSTests/stress/generator-with-this-strict.js 2017-09-18 12:47:26 UTC (rev 222143)
@@ -0,0 +1,20 @@
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+function* generator()
+{
+ 'use strict'
+ return this;
+}
+
+function target()
+{
+ var gen = generator();
+ return gen.next().value;
+}
+noInline(target);
+
+for (var i = 0; i < 1e6; ++i)
+ shouldBe(target(), undefined);
Added: trunk/JSTests/stress/generator-with-this.js (0 => 222143)
--- trunk/JSTests/stress/generator-with-this.js (rev 0)
+++ trunk/JSTests/stress/generator-with-this.js 2017-09-18 12:47:26 UTC (rev 222143)
@@ -0,0 +1,20 @@
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+function* generator()
+{
+ return this;
+}
+
+function target()
+{
+ var gen = generator();
+ return gen.next().value;
+}
+noInline(target);
+
+var result = this;
+for (var i = 0; i < 1e6; ++i)
+ shouldBe(target(), result);
Modified: trunk/Source/_javascript_Core/ChangeLog (222142 => 222143)
--- trunk/Source/_javascript_Core/ChangeLog 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-09-18 12:47:26 UTC (rev 222143)
@@ -1,5 +1,72 @@
2017-09-17 Yusuke Suzuki <[email protected]>
+ [DFG] Remove ToThis more aggressively
+ https://bugs.webkit.org/show_bug.cgi?id=177056
+
+ Reviewed by Saam Barati.
+
+ The variation of toThis() implementation is limited. So, we attempts to implement common toThis operation in AI.
+ We move scope related toThis to JSScope::toThis. And AI investigates proven value/structure's toThis methods
+ and attempts to fold/convert to efficient nodes.
+
+ We introduces GetGlobalThis, which just loads globalThis from semantic origin's globalObject. Using this,
+ we can implement JSScope::toThis in DFG. This can avoid costly toThis indirect function pointer call.
+
+ Currently, we just emit GetGlobalThis if necessary. We can further convert it to constant if we can put
+ watchpoint to JSGlobalObject's globalThis change. But we leave it for a future patch for now.
+
+ This removes GetGlobalThis from ES6 generators in common cases.
+
+ spread-generator.es6 303.1550+-9.5037 290.9337+-8.3487 might be 1.0420x faster
+
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::isToThisAnIdentity):
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGConstantFoldingPhase.cpp:
+ (JSC::DFG::ConstantFoldingPhase::foldConstants):
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::convertToGetGlobalThis):
+ * dfg/DFGNodeType.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetGlobalThis):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileNode):
+ (JSC::FTL::DFG::LowerDFGToB3::compileGetGlobalThis):
+ * runtime/JSGlobalLexicalEnvironment.cpp:
+ (JSC::JSGlobalLexicalEnvironment::toThis): Deleted.
+ * runtime/JSGlobalLexicalEnvironment.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::toThis): Deleted.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::addressOfGlobalThis):
+ * runtime/JSLexicalEnvironment.cpp:
+ (JSC::JSLexicalEnvironment::toThis): Deleted.
+ * runtime/JSLexicalEnvironment.h:
+ * runtime/JSScope.cpp:
+ (JSC::JSScope::toThis):
+ * runtime/JSScope.h:
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::toThis): Deleted.
+ * runtime/StrictEvalActivation.h:
+
+2017-09-17 Yusuke Suzuki <[email protected]>
+
Merge JSLexicalEnvironment and JSEnvironmentRecord
https://bugs.webkit.org/show_bug.cgi?id=175492
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -140,18 +140,38 @@
DFG_NODE_DO_TO_CHILDREN(m_graph, node, verifyEdge);
}
-inline bool isToThisAnIdentity(bool isStrictMode, AbstractValue& valueForNode)
+enum class ToThisResult {
+ Identity,
+ Undefined,
+ GlobalThis,
+ Dynamic,
+};
+inline ToThisResult isToThisAnIdentity(VM& vm, bool isStrictMode, AbstractValue& valueForNode)
{
// We look at the type first since that will cover most cases and does not require iterating all the structures.
if (isStrictMode) {
if (valueForNode.m_type && !(valueForNode.m_type & SpecObjectOther))
- return true;
+ return ToThisResult::Identity;
} else {
if (valueForNode.m_type && !(valueForNode.m_type & (~SpecObject | SpecObjectOther)))
- return true;
+ return ToThisResult::Identity;
}
+ if (JSValue value = valueForNode.value()) {
+ if (value.isCell()) {
+ auto* toThisMethod = value.asCell()->classInfo(vm)->methodTable.toThis;
+ if (toThisMethod == &JSObject::toThis)
+ return ToThisResult::Identity;
+ if (toThisMethod == &JSScope::toThis) {
+ if (isStrictMode)
+ return ToThisResult::Undefined;
+ return ToThisResult::GlobalThis;
+ }
+ }
+ }
+
if ((isStrictMode || (valueForNode.m_type && !(valueForNode.m_type & ~SpecObject))) && valueForNode.m_structure.isFinite()) {
+ bool allStructuresAreJSScope = !valueForNode.m_structure.isClear();
bool overridesToThis = false;
valueForNode.m_structure.forEach([&](RegisteredStructure structure) {
TypeInfo type = structure->typeInfo();
@@ -163,11 +183,20 @@
// 2) The AI has proven that the type of this is a subtype of object
if (type.isObject() && type.overridesToThis())
overridesToThis = true;
+
+ // If all the structures are JSScope's ones, we know the details of JSScope::toThis() operation.
+ allStructuresAreJSScope &= structure->classInfo()->methodTable.toThis == JSScope::info()->methodTable.toThis;
});
- return !overridesToThis;
+ if (!overridesToThis)
+ return ToThisResult::Identity;
+ if (allStructuresAreJSScope) {
+ if (isStrictMode)
+ return ToThisResult::Undefined;
+ return ToThisResult::GlobalThis;
+ }
}
- return false;
+ return ToThisResult::Dynamic;
}
template<typename AbstractStateType>
@@ -2072,9 +2101,23 @@
AbstractValue& destination = forNode(node);
bool strictMode = m_graph.executableFor(node->origin.semantic)->isStrictMode();
- if (isToThisAnIdentity(strictMode, source)) {
- m_state.setFoundConstants(true);
- destination = source;
+ ToThisResult result = isToThisAnIdentity(m_vm, strictMode, source);
+ if (result != ToThisResult::Dynamic) {
+ switch (result) {
+ case ToThisResult::Identity:
+ m_state.setFoundConstants(true);
+ destination = source;
+ break;
+ case ToThisResult::Undefined:
+ setConstant(node, jsUndefined());
+ break;
+ case ToThisResult::GlobalThis:
+ m_state.setFoundConstants(true);
+ destination.setType(m_graph, SpecObject);
+ break;
+ case ToThisResult::Dynamic:
+ RELEASE_ASSERT_NOT_REACHED();
+ }
break;
}
@@ -2279,6 +2322,11 @@
break;
}
+ case GetGlobalThis: {
+ forNode(node).setType(m_graph, SpecObject);
+ break;
+ }
+
case GetClosureVar:
if (JSValue value = m_graph.tryGetConstantClosureVar(forNode(node->child1()), node->scopeOffset())) {
setConstant(node, *m_graph.freeze(value));
Modified: trunk/Source/_javascript_Core/dfg/DFGClobberize.h (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -184,6 +184,10 @@
def(PureValue(node));
return;
+ case GetGlobalThis:
+ read(World);
+ return;
+
case AtomicsIsLockFree:
if (node->child1().useKind() == Int32Use)
def(PureValue(node));
Modified: trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -612,11 +612,17 @@
}
case ToThis: {
- if (!isToThisAnIdentity(m_graph.executableFor(node->origin.semantic)->isStrictMode(), m_state.forNode(node->child1())))
+ ToThisResult result = isToThisAnIdentity(m_graph.m_vm, m_graph.executableFor(node->origin.semantic)->isStrictMode(), m_state.forNode(node->child1()));
+ if (result == ToThisResult::Identity) {
+ node->convertToIdentity();
+ changed = true;
break;
-
- node->convertToIdentity();
- changed = true;
+ }
+ if (result == ToThisResult::GlobalThis) {
+ node->convertToGetGlobalThis();
+ changed = true;
+ break;
+ }
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -125,6 +125,7 @@
case GetScope:
case SkipScope:
case GetGlobalObject:
+ case GetGlobalThis:
case GetClosureVar:
case PutClosureVar:
case GetRegExpObjectLastIndex:
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -2082,6 +2082,7 @@
case GetByValWithThis:
case CompareEqPtr:
case NumberToStringWithValidRadixConstant:
+ case GetGlobalThis:
break;
#else
default:
Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGNode.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGNode.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -710,6 +710,13 @@
children.setChild2(Edge());
m_opInfo = radix;
}
+
+ void convertToGetGlobalThis()
+ {
+ ASSERT(m_op == ToThis);
+ setOpAndDefaultFlags(GetGlobalThis);
+ children.setChild1(Edge());
+ }
void convertToDirectCall(FrozenValue*);
Modified: trunk/Source/_javascript_Core/dfg/DFGNodeType.h (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -231,6 +231,7 @@
macro(ResolveScope, NodeResultJS | NodeMustGenerate) \
macro(ResolveScopeForHoistingFuncDeclInEval, NodeResultJS | NodeMustGenerate) \
macro(GetGlobalObject, NodeResultJS) \
+ macro(GetGlobalThis, NodeResultJS) \
macro(GetClosureVar, NodeResultJS) \
macro(PutClosureVar, NodeMustGenerate) \
macro(GetGlobalVar, NodeResultJS) \
Modified: trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -863,6 +863,10 @@
break;
}
+ case GetGlobalThis:
+ setPrediction(SpecObject);
+ break;
+
case ResolveScope: {
setPrediction(SpecObjectOther);
break;
Modified: trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -250,6 +250,7 @@
case GetScope:
case SkipScope:
case GetGlobalObject:
+ case GetGlobalThis:
case GetClosureVar:
case PutClosureVar:
case GetGlobalVar:
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -6519,6 +6519,15 @@
cellResult(result.gpr(), node);
}
+void SpeculativeJIT::compileGetGlobalThis(Node* node)
+{
+ GPRTemporary result(this);
+ GPRReg resultGPR = result.gpr();
+ auto* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
+ m_jit.loadPtr(globalObject->addressOfGlobalThis(), resultGPR);
+ cellResult(resultGPR, node);
+}
+
void SpeculativeJIT::compileGetArrayLength(Node* node)
{
switch (node->arrayMode().type()) {
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -2840,6 +2840,7 @@
void compileGetScope(Node*);
void compileSkipScope(Node*);
void compileGetGlobalObject(Node*);
+ void compileGetGlobalThis(Node*);
void compileGetArrayLength(Node*);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -4259,6 +4259,10 @@
case GetGlobalObject:
compileGetGlobalObject(node);
break;
+
+ case GetGlobalThis:
+ compileGetGlobalThis(node);
+ break;
case GetClosureVar: {
SpeculateCellOperand base(this, node->child1());
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -4454,6 +4454,10 @@
case GetGlobalObject:
compileGetGlobalObject(node);
break;
+
+ case GetGlobalThis:
+ compileGetGlobalThis(node);
+ break;
case GetClosureVar: {
SpeculateCellOperand base(this, node->child1());
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -116,6 +116,7 @@
case LoopHint:
case SkipScope:
case GetGlobalObject:
+ case GetGlobalThis:
case CreateActivation:
case PushWithScope:
case NewFunction:
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -896,6 +896,9 @@
case GetGlobalObject:
compileGetGlobalObject();
break;
+ case GetGlobalThis:
+ compileGetGlobalThis();
+ break;
case GetClosureVar:
compileGetClosureVar();
break;
@@ -5960,6 +5963,12 @@
LValue structure = loadStructure(lowCell(m_node->child1()));
setJSValue(m_out.loadPtr(structure, m_heaps.Structure_globalObject));
}
+
+ void compileGetGlobalThis()
+ {
+ auto* globalObject = m_graph.globalObjectFor(m_node->origin.semantic);
+ setJSValue(m_out.loadPtr(m_out.absolute(globalObject->addressOfGlobalThis())));
+ }
void compileGetClosureVar()
{
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalLexicalEnvironment.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSGlobalLexicalEnvironment.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalLexicalEnvironment.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -61,11 +61,4 @@
return entry.isReadOnly();
}
-JSValue JSGlobalLexicalEnvironment::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
-{
- if (ecmaMode == StrictMode)
- return jsUndefined();
- return exec->globalThisValue();
-}
-
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalLexicalEnvironment.h (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSGlobalLexicalEnvironment.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalLexicalEnvironment.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -34,7 +34,7 @@
public:
typedef JSSegmentedVariableObject Base;
- static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesToThis;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot;
static JSGlobalLexicalEnvironment* create(VM& vm, Structure* structure, JSScope* parentScope)
{
@@ -55,8 +55,6 @@
bool isEmpty() const { return !symbolTable()->size(); }
bool isConstVariable(UniquedStringImpl*);
- static JSValue toThis(JSCell*, ExecState*, ECMAMode);
-
DECLARE_INFO;
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject)
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -1378,13 +1378,6 @@
thisObject->m_typedArraySuperConstructor.visit(visitor);
}
-JSValue JSGlobalObject::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
-{
- if (ecmaMode == StrictMode)
- return jsUndefined();
- return exec->globalThisValue();
-}
-
ExecState* JSGlobalObject::globalExec()
{
return CallFrame::create(m_globalCallFrame);
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -466,7 +466,7 @@
public:
typedef JSSegmentedVariableObject Base;
- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesToThis | IsImmutablePrototypeExoticObject;
+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | IsImmutablePrototypeExoticObject;
JS_EXPORT_PRIVATE static JSGlobalObject* create(VM&, Structure*);
@@ -826,6 +826,7 @@
VM& vm() const { return m_vm; }
JSObject* globalThis() const;
+ WriteBarrier<JSObject>* addressOfGlobalThis() { return &m_globalThis; }
static Structure* createStructure(VM& vm, JSValue prototype)
{
@@ -881,14 +882,12 @@
};
JS_EXPORT_PRIVATE void addStaticGlobals(GlobalPropertyInfo*, int count);
- JS_EXPORT_PRIVATE static JSC::JSValue toThis(JSC::JSCell*, JSC::ExecState*, ECMAMode);
-
void setNeedsSiteSpecificQuirks(bool needQuirks) { m_needsSiteSpecificQuirks = needQuirks; }
private:
friend class LLIntOffsetsExtractor;
- JS_EXPORT_PRIVATE void setGlobalThis(VM&, JSObject* globalThis);
+ void setGlobalThis(VM&, JSObject* globalThis);
JS_EXPORT_PRIVATE void init(VM&);
Modified: trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -136,11 +136,4 @@
return Base::deleteProperty(cell, exec, propertyName);
}
-JSValue JSLexicalEnvironment::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
-{
- if (ecmaMode == StrictMode)
- return jsUndefined();
- return exec->globalThisValue();
-}
-
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -48,7 +48,7 @@
}
using Base = JSSymbolTableObject;
- static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesToThis;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
WriteBarrierBase<Unknown>* variables()
{
@@ -112,8 +112,6 @@
static bool deleteProperty(JSCell*, ExecState*, PropertyName);
- static JSValue toThis(JSCell*, ExecState*, ECMAMode);
-
DECLARE_INFO;
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject) { return Structure::create(vm, globalObject, jsNull(), TypeInfo(LexicalEnvironmentType, StructureFlags), info()); }
Modified: trunk/Source/_javascript_Core/runtime/JSScope.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSScope.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSScope.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -406,4 +406,11 @@
return nullptr;
}
+JSValue JSScope::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
+{
+ if (ecmaMode == StrictMode)
+ return jsUndefined();
+ return exec->globalThisValue();
+}
+
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSScope.h (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/JSScope.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/JSScope.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -38,7 +38,7 @@
class JSScope : public JSNonFinalObject {
public:
typedef JSNonFinalObject Base;
- static const unsigned StructureFlags = Base::StructureFlags;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesToThis;
friend class LLIntOffsetsExtractor;
static size_t offsetOfNext();
@@ -74,6 +74,8 @@
SymbolTable* symbolTable(VM&);
+ JS_EXPORT_PRIVATE static JSValue toThis(JSCell*, ExecState*, ECMAMode);
+
protected:
JSScope(VM&, Structure*, JSScope* next);
Modified: trunk/Source/_javascript_Core/runtime/StrictEvalActivation.cpp (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/StrictEvalActivation.cpp 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/StrictEvalActivation.cpp 2017-09-18 12:47:26 UTC (rev 222143)
@@ -49,11 +49,4 @@
return false;
}
-JSValue StrictEvalActivation::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
-{
- if (ecmaMode == StrictMode)
- return jsUndefined();
- return exec->globalThisValue();
}
-
-}
Modified: trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h (222142 => 222143)
--- trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h 2017-09-18 08:10:13 UTC (rev 222142)
+++ trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h 2017-09-18 12:47:26 UTC (rev 222143)
@@ -32,7 +32,7 @@
class StrictEvalActivation : public JSScope {
public:
typedef JSScope Base;
- static const unsigned StructureFlags = Base::StructureFlags | OverridesToThis;
+ static const unsigned StructureFlags = Base::StructureFlags;
static StrictEvalActivation* create(ExecState* exec, JSScope* currentScope)
{
@@ -43,7 +43,6 @@
}
static bool deleteProperty(JSCell*, ExecState*, PropertyName);
- static JSValue toThis(JSCell*, ExecState*, ECMAMode);
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
{
