Diff
Modified: trunk/LayoutTests/ChangeLog (265743 => 265744)
--- trunk/LayoutTests/ChangeLog 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/LayoutTests/ChangeLog 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1,3 +1,22 @@
+2020-08-16 Alexey Shvayka <[email protected]>
+
+ Remove OpIsObjectOrNull from ClassExprNode::emitBytecode()
+ https://bugs.webkit.org/show_bug.cgi?id=214525
+
+ Reviewed by Keith Miller.
+
+ New tests are added for `document.all` rather than `makeMasquerader()` since
+ the latter has sufficient test coverage and takes the short path as JSFunction.
+
+ * js/class-syntax-extends-expected.txt:
+ * js/dom/document-all-class-extends-expected.txt: Added.
+ * js/dom/document-all-class-extends.html: Added.
+ * js/dom/document-all-typeof-is-object-fold-expected.txt: Added.
+ * js/dom/document-all-typeof-is-object-fold.html: Added.
+ * js/dom/script-tests/document-all-class-extends.js: Added.
+ * js/dom/script-tests/document-all-typeof-is-object-fold.js: Added.
+ * js/script-tests/class-syntax-extends.js:
+
2020-08-16 Dean Jackson <[email protected]>
[AS Layout Tests] 6 WPT css-backgrounds tests consistently failing
Modified: trunk/LayoutTests/js/class-syntax-extends-expected.txt (265743 => 265744)
--- trunk/LayoutTests/js/class-syntax-extends-expected.txt 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/LayoutTests/js/class-syntax-extends-expected.txt 2020-08-16 20:40:17 UTC (rev 265744)
@@ -26,9 +26,9 @@
PASS x = class extends 3 { constructor() { } }; x.__proto__:::TypeError: The superclass is not a constructor.
PASS x = class extends "abc" { constructor() { } }; x.__proto__:::TypeError: The superclass is not a constructor.
PASS baseWithBadPrototype = function () {}; baseWithBadPrototype.prototype = 3; new baseWithBadPrototype
-PASS x = class extends baseWithBadPrototype { constructor() { } }:::TypeError: The value of the superclass's prototype property is not an object.
+PASS x = class extends baseWithBadPrototype { constructor() { } }:::TypeError: The value of the superclass's prototype property is not an object or null.
PASS baseWithBadPrototype.prototype = "abc"
-PASS x = class extends baseWithBadPrototype { constructor() { } }:::TypeError: The value of the superclass's prototype property is not an object.
+PASS x = class extends baseWithBadPrototype { constructor() { } }:::TypeError: The value of the superclass's prototype property is not an object or null.
PASS baseWithBadPrototype.prototype = null; x = class extends baseWithBadPrototype { constructor() { } }
PASS x = 1; c = class extends ++x { constructor() { } };:::SyntaxError: Unexpected token '++'
PASS x = 1; c = class extends x++ { constructor() { } };:::SyntaxError: Unexpected token '++'. Expected opening '{' at the start of a class body.
Added: trunk/LayoutTests/js/dom/document-all-class-extends-expected.txt (0 => 265744)
--- trunk/LayoutTests/js/dom/document-all-class-extends-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/document-all-class-extends-expected.txt 2020-08-16 20:40:17 UTC (rev 265744)
@@ -0,0 +1,11 @@
+document.all works as superclass.prototype, but not as superclass
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testAsSuperclassPrototype() is true
+PASS class Foo extends document.all {} threw exception TypeError: The superclass is not a constructor..
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/dom/document-all-class-extends.html (0 => 265744)
--- trunk/LayoutTests/js/dom/document-all-class-extends.html (rev 0)
+++ trunk/LayoutTests/js/dom/document-all-class-extends.html 2020-08-16 20:40:17 UTC (rev 265744)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/js/dom/document-all-typeof-is-object-fold-expected.txt (0 => 265744)
--- trunk/LayoutTests/js/dom/document-all-typeof-is-object-fold-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/document-all-typeof-is-object-fold-expected.txt 2020-08-16 20:40:17 UTC (rev 265744)
@@ -0,0 +1,10 @@
+typeof document.all is never 'object'
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testTypeofIsObject() is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/dom/document-all-typeof-is-object-fold.html (0 => 265744)
--- trunk/LayoutTests/js/dom/document-all-typeof-is-object-fold.html (rev 0)
+++ trunk/LayoutTests/js/dom/document-all-typeof-is-object-fold.html 2020-08-16 20:40:17 UTC (rev 265744)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/js/dom/script-tests/document-all-class-extends.js (0 => 265744)
--- trunk/LayoutTests/js/dom/script-tests/document-all-class-extends.js (rev 0)
+++ trunk/LayoutTests/js/dom/script-tests/document-all-class-extends.js 2020-08-16 20:40:17 UTC (rev 265744)
@@ -0,0 +1,18 @@
+description("document.all works as superclass.prototype, but not as superclass");
+
+function testAsSuperclassPrototype() {
+ function Bar() {}
+ Bar.prototype = document.all;
+
+ for (let i = 0; i < 1e5; ++i) {
+ class Foo extends Bar {}
+
+ if (!(new Foo() instanceof Bar))
+ return false;
+ }
+
+ return true;
+}
+
+shouldBe("testAsSuperclassPrototype()", "true");
+shouldThrow("class Foo extends document.all {}", "'TypeError: The superclass is not a constructor.'");
Added: trunk/LayoutTests/js/dom/script-tests/document-all-typeof-is-object-fold.js (0 => 265744)
--- trunk/LayoutTests/js/dom/script-tests/document-all-typeof-is-object-fold.js (rev 0)
+++ trunk/LayoutTests/js/dom/script-tests/document-all-typeof-is-object-fold.js 2020-08-16 20:40:17 UTC (rev 265744)
@@ -0,0 +1,17 @@
+description("typeof document.all is never 'object'");
+
+const documentAll = document.all;
+function testTypeofIsObject() {
+ let acc = 0;
+ for (let i = 0; i < 1e6; ++i)
+ acc += (typeof documentAll === "object");
+
+ if (acc !== 0)
+ return false;
+
+ for (let i = 0; i < 1e6; ++i)
+ acc += (typeof documentAll !== "object");
+ return acc === 1e6;
+}
+
+shouldBe("testTypeofIsObject()", "true");
Modified: trunk/LayoutTests/js/script-tests/class-syntax-extends.js (265743 => 265744)
--- trunk/LayoutTests/js/script-tests/class-syntax-extends.js 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/LayoutTests/js/script-tests/class-syntax-extends.js 2020-08-16 20:40:17 UTC (rev 265744)
@@ -81,9 +81,9 @@
shouldThrow('x = class extends 3 { constructor() { } }; x.__proto__', '"TypeError: The superclass is not a constructor."');
shouldThrow('x = class extends "abc" { constructor() { } }; x.__proto__', '"TypeError: The superclass is not a constructor."');
shouldNotThrow('baseWithBadPrototype = function () {}; baseWithBadPrototype.prototype = 3; new baseWithBadPrototype');
-shouldThrow('x = class extends baseWithBadPrototype { constructor() { } }', '"TypeError: The value of the superclass\'s prototype property is not an object."');
+shouldThrow('x = class extends baseWithBadPrototype { constructor() { } }', '"TypeError: The value of the superclass\'s prototype property is not an object or null."');
shouldNotThrow('baseWithBadPrototype.prototype = "abc"');
-shouldThrow('x = class extends baseWithBadPrototype { constructor() { } }', '"TypeError: The value of the superclass\'s prototype property is not an object."');
+shouldThrow('x = class extends baseWithBadPrototype { constructor() { } }', '"TypeError: The value of the superclass\'s prototype property is not an object or null."');
shouldNotThrow('baseWithBadPrototype.prototype = null; x = class extends baseWithBadPrototype { constructor() { } }');
shouldThrow('x = 1; c = class extends ++x { constructor() { } };');
Modified: trunk/Source/_javascript_Core/ChangeLog (265743 => 265744)
--- trunk/Source/_javascript_Core/ChangeLog 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1,3 +1,79 @@
+2020-08-16 Alexey Shvayka <[email protected]>
+
+ Remove OpIsObjectOrNull from ClassExprNode::emitBytecode()
+ https://bugs.webkit.org/show_bug.cgi?id=214525
+
+ Reviewed by Keith Miller.
+
+ This patch:
+
+ 1. Replaces OpIsObjectOrNull in ClassExprNode::emitBytecode() [1] with emitIsObject() +
+ emitIsNull(), preventing DFG/FTL from throwing a TypeError if `document.all` is the
+ value of superclass "prototype" property, which aligns JSC with V8 and SpiderMonkey.
+ Also, tweaks error message to reflect that `null` is allowed.
+
+ 2. Renames is_object_or_null bytecode op to typeof_is_object, fixing the confusing
+ operationObjectIsObject() name, and aligns it with typeof_is_undefined.
+ New name offers better semantics and clearly communicates the op should be avoided when
+ implementing new features because of `typeof` behavior with [[IsHTMLDDA]] objects [2].
+
+ [1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation (step 5.g.ii)
+ [2]: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-typeof
+
+ * bytecode/BytecodeList.rb:
+ * bytecode/BytecodeUseDef.cpp:
+ (JSC::computeUsesForBytecodeIndexImpl):
+ (JSC::computeDefsForBytecodeIndexImpl):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitEqualityOpImpl):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ClassExprNode::emitBytecode):
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::capabilityLevel):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGHeapLocation.cpp:
+ (WTF::printInternal):
+ * dfg/DFGHeapLocation.h:
+ * dfg/DFGNodeType.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileTypeOfIsObject):
+ (JSC::DFG::SpeculativeJIT::compileIsObjectOrNull): Deleted.
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileNode):
+ (JSC::FTL::DFG::LowerDFGToB3::compileTypeOfIsObject):
+ (JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull): Deleted.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * llint/LowLevelInterpreter.asm:
+ * runtime/CommonSlowPaths.cpp:
+ (JSC::SLOW_PATH_DECL):
+ * runtime/CommonSlowPaths.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeofIsObject):
+ (JSC::jsIsObjectTypeOrNull): Deleted.
+ * runtime/Operations.h:
+
2020-08-15 Adrian Perez de Castro <[email protected]>
Unreviewed non-unified source build fix
Modified: trunk/Source/_javascript_Core/bytecode/BytecodeList.rb (265743 => 265744)
--- trunk/Source/_javascript_Core/bytecode/BytecodeList.rb 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/bytecode/BytecodeList.rb 2020-08-16 20:40:17 UTC (rev 265744)
@@ -328,12 +328,12 @@
:unsigned,
:is_empty,
:typeof_is_undefined,
+ :typeof_is_object,
:is_undefined_or_null,
:is_boolean,
:is_number,
:is_big_int,
:is_object,
- :is_object_or_null,
:is_function,
:is_constructor,
],
Modified: trunk/Source/_javascript_Core/bytecode/BytecodeUseDef.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/bytecode/BytecodeUseDef.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/bytecode/BytecodeUseDef.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -183,12 +183,12 @@
USES(OpTypeof, value)
USES(OpIsEmpty, operand)
USES(OpTypeofIsUndefined, operand)
+ USES(OpTypeofIsObject, operand)
USES(OpIsUndefinedOrNull, operand)
USES(OpIsBoolean, operand)
USES(OpIsNumber, operand)
USES(OpIsBigInt, operand)
USES(OpIsObject, operand)
- USES(OpIsObjectOrNull, operand)
USES(OpIsCellWithType, operand)
USES(OpIsFunction, operand)
USES(OpIsConstructor, operand)
@@ -490,12 +490,12 @@
DEFS(OpIdentityWithProfile, srcDst)
DEFS(OpIsEmpty, dst)
DEFS(OpTypeofIsUndefined, dst)
+ DEFS(OpTypeofIsObject, dst)
DEFS(OpIsUndefinedOrNull, dst)
DEFS(OpIsBoolean, dst)
DEFS(OpIsNumber, dst)
DEFS(OpIsBigInt, dst)
DEFS(OpIsObject, dst)
- DEFS(OpIsObjectOrNull, dst)
DEFS(OpIsCellWithType, dst)
DEFS(OpIsFunction, dst)
DEFS(OpIsConstructor, dst)
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1715,7 +1715,7 @@
}
if (value == "object") {
rewind();
- OpIsObjectOrNull::emit(this, dst, op.m_value);
+ OpTypeofIsObject::emit(this, dst, op.m_value);
return true;
}
if (value == "function") {
Modified: trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -4902,9 +4902,9 @@
generator.emitGetById(protoParent.get(), superclass.get(), generator.propertyNames().prototype);
Ref<Label> protoParentIsObjectOrNullLabel = generator.newLabel();
- generator.emitJumpIfTrue(generator.emitUnaryOp<OpIsObjectOrNull>(tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
- generator.emitJumpIfTrue(generator.emitUnaryOp<OpIsFunction>(tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
- generator.emitThrowTypeError("The value of the superclass's prototype property is not an object."_s);
+ generator.emitJumpIfTrue(generator.emitIsObject(tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
+ generator.emitJumpIfTrue(generator.emitIsNull(tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
+ generator.emitThrowTypeError("The value of the superclass's prototype property is not an object or null."_s);
generator.emitLabel(protoParentIsObjectOrNullLabel.get());
generator.emitDirectPutById(constructor.get(), generator.propertyNames().underscoreProto, superclass.get(), PropertyNode::Unknown);
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1451,6 +1451,7 @@
case IsEmpty:
case TypeOfIsUndefined:
+ case TypeOfIsObject:
case IsUndefinedOrNull:
case IsBoolean:
case IsNumber:
@@ -1457,7 +1458,6 @@
case IsBigInt:
case NumberIsInteger:
case IsObject:
- case IsObjectOrNull:
case IsFunction:
case IsConstructor:
case IsCellWithType:
@@ -1475,6 +1475,21 @@
? child.value().asCell()->structure(m_vm)->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic))
: child.value().isUndefined()));
break;
+ case TypeOfIsObject:
+ if (child.value().isObject()) {
+ JSObject* object = asObject(child.value());
+ if (object->type() == JSFunctionType)
+ setConstant(node, jsBoolean(false));
+ else if (!(object->inlineTypeFlags() & OverridesGetCallData))
+ setConstant(node, jsBoolean(!child.value().asCell()->structure(m_vm)->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic))));
+ else {
+ // FIXME: This could just call getCallData.
+ // https://bugs.webkit.org/show_bug.cgi?id=144457
+ constantWasSet = false;
+ }
+ } else
+ setConstant(node, jsBoolean(child.value().isNull()));
+ break;
case IsUndefinedOrNull:
setConstant(node, jsBoolean(child.value().isUndefinedOrNull()));
break;
@@ -1493,21 +1508,6 @@
case IsObject:
setConstant(node, jsBoolean(child.value().isObject()));
break;
- case IsObjectOrNull:
- if (child.value().isObject()) {
- JSObject* object = asObject(child.value());
- if (object->type() == JSFunctionType)
- setConstant(node, jsBoolean(false));
- else if (!(object->inlineTypeFlags() & OverridesGetCallData))
- setConstant(node, jsBoolean(!child.value().asCell()->structure(m_vm)->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic))));
- else {
- // FIXME: This could just call getCallData.
- // https://bugs.webkit.org/show_bug.cgi?id=144457
- constantWasSet = false;
- }
- } else
- setConstant(node, jsBoolean(child.value().isNull()));
- break;
case IsFunction:
if (child.value().isObject()) {
JSObject* object = asObject(child.value());
@@ -1603,6 +1603,38 @@
}
break;
+ case TypeOfIsObject:
+ // FIXME: Use the masquerades-as-undefined watchpoint thingy.
+ // https://bugs.webkit.org/show_bug.cgi?id=144456
+
+ // These expressions are complicated to parse. A helpful way to parse this is that
+ // "!(T & ~S)" means "T is a subset of S". Conversely, "!(T & S)" means "T is a
+ // disjoint set from S". Things like "T - S" means that, provided that S is a
+ // subset of T, it's the "set of all things in T but not in S". Things like "T | S"
+ // mean the "union of T and S".
+
+ // Is the child's type an object that isn't an other-object (i.e. object that could
+ // have masquaredes-as-undefined traps) and isn't a function? Then: we should fold
+ // this to true.
+ if (!(child.m_type & ~(SpecObject - SpecObjectOther - SpecFunction))) {
+ setConstant(node, jsBoolean(true));
+ constantWasSet = true;
+ break;
+ }
+
+ // Is the child's type definitely not either of: an object that isn't a function,
+ // or either undefined or null? Then: we should fold this to false. This means
+ // for example that if it's any non-function object, including those that have
+ // masquerades-as-undefined traps, then we don't fold. It also means we won't fold
+ // if it's undefined-or-null, since the type bits don't distinguish between
+ // undefined (which should fold to false) and null (which should fold to true).
+ if (!(child.m_type & ((SpecObject - SpecFunction) | SpecOther))) {
+ setConstant(node, jsBoolean(false));
+ constantWasSet = true;
+ break;
+ }
+
+ break;
case IsUndefinedOrNull:
if (!(child.m_type & ~SpecOther)) {
setConstant(node, jsBoolean(true));
@@ -1689,38 +1721,6 @@
}
break;
- case IsObjectOrNull:
- // FIXME: Use the masquerades-as-undefined watchpoint thingy.
- // https://bugs.webkit.org/show_bug.cgi?id=144456
-
- // These expressions are complicated to parse. A helpful way to parse this is that
- // "!(T & ~S)" means "T is a subset of S". Conversely, "!(T & S)" means "T is a
- // disjoint set from S". Things like "T - S" means that, provided that S is a
- // subset of T, it's the "set of all things in T but not in S". Things like "T | S"
- // mean the "union of T and S".
-
- // Is the child's type an object that isn't an other-object (i.e. object that could
- // have masquaredes-as-undefined traps) and isn't a function? Then: we should fold
- // this to true.
- if (!(child.m_type & ~(SpecObject - SpecObjectOther - SpecFunction))) {
- setConstant(node, jsBoolean(true));
- constantWasSet = true;
- break;
- }
-
- // Is the child's type definitely not either of: an object that isn't a function,
- // or either undefined or null? Then: we should fold this to false. This means
- // for example that if it's any non-function object, including those that have
- // masquerades-as-undefined traps, then we don't fold. It also means we won't fold
- // if it's undefined-or-null, since the type bits don't distinguish between
- // undefined (which should fold to false) and null (which should fold to true).
- if (!(child.m_type & ((SpecObject - SpecFunction) | SpecOther))) {
- setConstant(node, jsBoolean(false));
- constantWasSet = true;
- break;
- }
-
- break;
case IsFunction:
if (!(child.m_type & ~SpecFunction)) {
setConstant(node, jsBoolean(true));
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -5742,6 +5742,12 @@
set(bytecode.m_dst, addToGraph(TypeOfIsUndefined, value));
NEXT_OPCODE(op_is_undefined);
}
+ case op_typeof_is_object: {
+ auto bytecode = currentInstruction->as<OpTypeofIsObject>();
+ Node* value = get(bytecode.m_operand);
+ set(bytecode.m_dst, addToGraph(TypeOfIsObject, value));
+ NEXT_OPCODE(op_typeof_is_object);
+ }
case op_is_undefined_or_null: {
auto bytecode = currentInstruction->as<OpIsUndefinedOrNull>();
Node* value = get(bytecode.m_operand);
@@ -5788,13 +5794,6 @@
NEXT_OPCODE(op_is_object);
}
- case op_is_object_or_null: {
- auto bytecode = currentInstruction->as<OpIsObjectOrNull>();
- Node* value = get(bytecode.m_operand);
- set(bytecode.m_dst, addToGraph(IsObjectOrNull, value));
- NEXT_OPCODE(op_is_object_or_null);
- }
-
case op_is_function: {
auto bytecode = currentInstruction->as<OpIsFunction>();
Node* value = get(bytecode.m_operand);
Modified: trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -144,12 +144,12 @@
case op_instanceof_custom:
case op_is_empty:
case op_typeof_is_undefined:
+ case op_typeof_is_object:
case op_is_undefined_or_null:
case op_is_boolean:
case op_is_number:
case op_is_big_int:
case op_is_object:
- case op_is_object_or_null:
case op_is_cell_with_type:
case op_is_function:
case op_is_constructor:
Modified: trunk/Source/_javascript_Core/dfg/DFGClobberize.h (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -592,9 +592,9 @@
write(HeapObjectCount);
return;
- case IsObjectOrNull:
+ case TypeOfIsObject:
read(MiscFields);
- def(HeapLocation(IsObjectOrNullLoc, MiscFields, node->child1()), LazyNode(node));
+ def(HeapLocation(TypeOfIsObjectLoc, MiscFields, node->child1()), LazyNode(node));
return;
case IsFunction:
Modified: trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -144,6 +144,7 @@
case OverridesHasInstance:
case IsEmpty:
case TypeOfIsUndefined:
+ case TypeOfIsObject:
case IsUndefinedOrNull:
case IsBoolean:
case IsNumber:
@@ -150,7 +151,6 @@
case IsBigInt:
case NumberIsInteger:
case IsObject:
- case IsObjectOrNull:
case IsFunction:
case IsConstructor:
case IsCellWithType:
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -2714,11 +2714,11 @@
case IsTypedArrayView:
case IsEmpty:
case TypeOfIsUndefined:
+ case TypeOfIsObject:
case IsUndefinedOrNull:
case IsBoolean:
case IsNumber:
case IsBigInt:
- case IsObjectOrNull:
case IsFunction:
case IsConstructor:
case CreateDirectArguments:
Modified: trunk/Source/_javascript_Core/dfg/DFGHeapLocation.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGHeapLocation.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGHeapLocation.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -62,8 +62,8 @@
out.print("InvalidationPointLoc");
return;
- case IsObjectOrNullLoc:
- out.print("IsObjectOrNullLoc");
+ case TypeOfIsObjectLoc:
+ out.print("TypeOfIsObjectLoc");
return;
case IsFunctionLoc:
Modified: trunk/Source/_javascript_Core/dfg/DFGHeapLocation.h (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGHeapLocation.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGHeapLocation.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -56,7 +56,7 @@
InvalidationPointLoc,
IsFunctionLoc,
IsConstructorLoc,
- IsObjectOrNullLoc,
+ TypeOfIsObjectLoc,
NamedPropertyLoc,
RegExpObjectLastIndexLoc,
SetterLoc,
Modified: trunk/Source/_javascript_Core/dfg/DFGNodeType.h (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -393,6 +393,7 @@
macro(IsCellWithType, NodeResultBoolean) \
macro(IsEmpty, NodeResultBoolean) \
macro(TypeOfIsUndefined, NodeResultBoolean) \
+ macro(TypeOfIsObject, NodeResultBoolean) \
macro(IsUndefinedOrNull, NodeResultBoolean) \
macro(IsBoolean, NodeResultBoolean) \
macro(IsNumber, NodeResultBoolean) \
@@ -400,7 +401,6 @@
macro(IsBigInt, NodeResultBoolean) \
macro(NumberIsInteger, NodeResultBoolean) \
macro(IsObject, NodeResultBoolean) \
- macro(IsObjectOrNull, NodeResultBoolean) \
macro(IsFunction, NodeResultBoolean) \
macro(IsConstructor, NodeResultBoolean) \
macro(IsTypedArrayView, NodeResultBoolean) \
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -2103,7 +2103,7 @@
return constructArray(globalObject, structure, argumentsToCopyRegion, arraySize);
}
-size_t JIT_OPERATION operationObjectIsObject(JSGlobalObject* globalObject, JSCell* object)
+size_t JIT_OPERATION operationTypeOfIsObject(JSGlobalObject* globalObject, JSCell* object)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.h (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -213,7 +213,7 @@
void JIT_OPERATION operationWeakSetAdd(VM*, JSCell*, JSCell*, int32_t) WTF_INTERNAL;
void JIT_OPERATION operationWeakMapSet(VM*, JSCell*, JSCell*, EncodedJSValue, int32_t) WTF_INTERNAL;
double JIT_OPERATION operationFModOnInts(int32_t, int32_t) WTF_INTERNAL;
-size_t JIT_OPERATION operationObjectIsObject(JSGlobalObject*, JSCell*) WTF_INTERNAL;
+size_t JIT_OPERATION operationTypeOfIsObject(JSGlobalObject*, JSCell*) WTF_INTERNAL;
size_t JIT_OPERATION operationObjectIsFunction(JSGlobalObject*, JSCell*) WTF_INTERNAL;
size_t JIT_OPERATION operationIsConstructor(JSGlobalObject*, EncodedJSValue) WTF_INTERNAL;
JSCell* JIT_OPERATION operationTypeOfObject(JSGlobalObject*, JSCell*) WTF_INTERNAL;
Modified: trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1035,6 +1035,7 @@
case InstanceOfCustom:
case IsEmpty:
case TypeOfIsUndefined:
+ case TypeOfIsObject:
case IsUndefinedOrNull:
case IsBoolean:
case IsNumber:
@@ -1041,7 +1042,6 @@
case IsBigInt:
case NumberIsInteger:
case IsObject:
- case IsObjectOrNull:
case IsFunction:
case IsConstructor:
case IsCellWithType:
Modified: trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -257,6 +257,7 @@
case OverridesHasInstance:
case IsEmpty:
case TypeOfIsUndefined:
+ case TypeOfIsObject:
case IsUndefinedOrNull:
case IsBoolean:
case IsNumber:
@@ -263,7 +264,6 @@
case IsBigInt:
case NumberIsInteger:
case IsObject:
- case IsObjectOrNull:
case IsFunction:
case IsConstructor:
case IsCellWithType:
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -9506,7 +9506,7 @@
unblessedBooleanResult(resultGPR, node);
}
-void SpeculativeJIT::compileIsObjectOrNull(Node* node)
+void SpeculativeJIT::compileTypeOfIsObject(Node* node)
{
JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
@@ -9541,7 +9541,7 @@
addSlowPathGenerator(
slowPathCall(
- slowPath, this, operationObjectIsObject, resultGPR, globalObject,
+ slowPath, this, operationTypeOfIsObject, resultGPR, globalObject,
valueRegs.payloadGPR()));
done.link(&m_jit);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1405,7 +1405,7 @@
void compileRegExpTest(Node*);
void compileStringReplace(Node*);
void compileIsObject(Node*);
- void compileIsObjectOrNull(Node*);
+ void compileTypeOfIsObject(Node*);
void compileIsFunction(Node*);
void compileIsConstructor(Node*);
void compileTypeOf(Node*);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -3664,6 +3664,11 @@
break;
}
+ case TypeOfIsObject: {
+ compileTypeOfIsObject(node);
+ break;
+ }
+
case IsUndefinedOrNull: {
JSValueOperand value(this, node->child1());
GPRTemporary result(this, Reuse, value, TagWord);
@@ -3716,11 +3721,6 @@
break;
}
- case IsObjectOrNull: {
- compileIsObjectOrNull(node);
- break;
- }
-
case IsFunction: {
compileIsFunction(node);
break;
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -4283,6 +4283,11 @@
break;
}
+ case TypeOfIsObject: {
+ compileTypeOfIsObject(node);
+ break;
+ }
+
case IsUndefinedOrNull: {
JSValueOperand value(this, node->child1());
GPRTemporary result(this, Reuse, value);
@@ -4691,11 +4696,6 @@
break;
}
- case IsObjectOrNull: {
- compileIsObjectOrNull(node);
- break;
- }
-
case IsFunction: {
compileIsFunction(node);
break;
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -258,6 +258,7 @@
case WeakMapSet:
case IsEmpty:
case TypeOfIsUndefined:
+ case TypeOfIsObject:
case IsUndefinedOrNull:
case IsBoolean:
case IsNumber:
@@ -264,7 +265,6 @@
case IsBigInt:
case NumberIsInteger:
case IsObject:
- case IsObjectOrNull:
case IsFunction:
case IsConstructor:
case IsTypedArrayView:
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1367,6 +1367,9 @@
case TypeOfIsUndefined:
compileTypeOfIsUndefined();
break;
+ case TypeOfIsObject:
+ compileTypeOfIsObject();
+ break;
case IsUndefinedOrNull:
compileIsUndefinedOrNull();
break;
@@ -1427,9 +1430,6 @@
case IsObject:
compileIsObject();
break;
- case IsObjectOrNull:
- compileIsObjectOrNull();
- break;
case IsFunction:
compileIsFunction();
break;
@@ -11671,7 +11671,7 @@
vmCall(Void, operationWeakMapSet, m_vmValue, map, key, value, hash);
}
- void compileIsObjectOrNull()
+ void compileTypeOfIsObject()
{
JSGlobalObject* globalObject = m_graph.globalObjectFor(m_node->origin.semantic);
@@ -11710,7 +11710,7 @@
LValue slowResultValue = lazySlowPath(
[=, &vm] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
return createLazyCallGenerator(vm,
- operationObjectIsObject, locations[0].directGPR(),
+ operationTypeOfIsObject, locations[0].directGPR(),
CCallHelpers::TrustedImmPtr(globalObject), locations[1].directGPR());
}, value);
ValueFromBlock slowResult = m_out.anchor(m_out.notZero64(slowResultValue));
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -286,8 +286,8 @@
DEFINE_SLOW_OP(greatereq)
DEFINE_SLOW_OP(is_function)
DEFINE_SLOW_OP(is_constructor)
- DEFINE_SLOW_OP(is_object_or_null)
DEFINE_SLOW_OP(typeof)
+ DEFINE_SLOW_OP(typeof_is_object)
DEFINE_SLOW_OP(strcat)
DEFINE_SLOW_OP(push_with_scope)
DEFINE_SLOW_OP(create_lexical_environment)
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (265743 => 265744)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2020-08-16 20:40:17 UTC (rev 265744)
@@ -1783,7 +1783,6 @@
slowPathOp(in_by_val)
slowPathOp(is_function)
slowPathOp(is_constructor)
-slowPathOp(is_object_or_null)
slowPathOp(less)
slowPathOp(lesseq)
slowPathOp(mod)
@@ -1799,6 +1798,7 @@
slowPathOp(throw_static_error)
slowPathOp(to_index_string)
slowPathOp(typeof)
+slowPathOp(typeof_is_object)
slowPathOp(unreachable)
slowPathOp(new_promise)
slowPathOp(new_generator)
Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -804,11 +804,11 @@
RETURN(jsTypeStringForValue(globalObject, GET_C(bytecode.m_value).jsValue()));
}
-SLOW_PATH_DECL(slow_path_is_object_or_null)
+SLOW_PATH_DECL(slow_path_typeof_is_object)
{
BEGIN();
- auto bytecode = pc->as<OpIsObjectOrNull>();
- RETURN(jsBoolean(jsIsObjectTypeOrNull(globalObject, GET_C(bytecode.m_operand).jsValue())));
+ auto bytecode = pc->as<OpTypeofIsObject>();
+ RETURN(jsBoolean(jsTypeofIsObject(globalObject, GET_C(bytecode.m_operand).jsValue())));
}
SLOW_PATH_DECL(slow_path_is_function)
Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h (265743 => 265744)
--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -251,8 +251,8 @@
SLOW_PATH_HIDDEN_DECL(slow_path_bitor);
SLOW_PATH_HIDDEN_DECL(slow_path_bitxor);
SLOW_PATH_HIDDEN_DECL(slow_path_typeof);
+SLOW_PATH_HIDDEN_DECL(slow_path_typeof_is_object);
SLOW_PATH_HIDDEN_DECL(slow_path_is_object);
-SLOW_PATH_HIDDEN_DECL(slow_path_is_object_or_null);
SLOW_PATH_HIDDEN_DECL(slow_path_is_function);
SLOW_PATH_HIDDEN_DECL(slow_path_is_constructor);
SLOW_PATH_HIDDEN_DECL(slow_path_in_by_id);
Modified: trunk/Source/_javascript_Core/runtime/Operations.cpp (265743 => 265744)
--- trunk/Source/_javascript_Core/runtime/Operations.cpp 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/runtime/Operations.cpp 2020-08-16 20:40:17 UTC (rev 265744)
@@ -106,7 +106,7 @@
return jsTypeStringForValue(globalObject->vm(), globalObject, v);
}
-bool jsIsObjectTypeOrNull(JSGlobalObject* globalObject, JSValue v)
+bool jsTypeofIsObject(JSGlobalObject* globalObject, JSValue v)
{
VM& vm = globalObject->vm();
if (!v.isCell())
Modified: trunk/Source/_javascript_Core/runtime/Operations.h (265743 => 265744)
--- trunk/Source/_javascript_Core/runtime/Operations.h 2020-08-16 20:16:29 UTC (rev 265743)
+++ trunk/Source/_javascript_Core/runtime/Operations.h 2020-08-16 20:40:17 UTC (rev 265744)
@@ -33,7 +33,7 @@
NEVER_INLINE JSValue jsAddSlowCase(JSGlobalObject*, JSValue, JSValue);
JSValue jsTypeStringForValue(JSGlobalObject*, JSValue);
JSValue jsTypeStringForValue(VM&, JSGlobalObject*, JSValue);
-bool jsIsObjectTypeOrNull(JSGlobalObject*, JSValue);
+bool jsTypeofIsObject(JSGlobalObject*, JSValue);
size_t normalizePrototypeChain(JSGlobalObject*, JSCell*, bool& sawPolyProto);
ALWAYS_INLINE JSString* jsString(JSGlobalObject* globalObject, const String& u1, JSString* s2)
