Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (199698 => 199699)
--- trunk/Source/_javascript_Core/ChangeLog 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-04-19 01:38:30 UTC (rev 199699)
@@ -1,3 +1,138 @@
+2016-04-18 Saam barati <[email protected]>
+
+ implement dynamic scope accesses in the DFG/FTL
+ https://bugs.webkit.org/show_bug.cgi?id=156567
+
+ Reviewed by Geoffrey Garen.
+
+ This patch adds dynamic scope operations to the DFG/FTL.
+ This patch adds three new DFG nodes: ResolveScope, PutDynamicVar and GetDynamicVar.
+ When we encounter a Dynamic/UnresolvedProperty/UnresolvedPropertyWithVarInjectionChecks
+ resolve type, we will compile dynamic scope resolution nodes. When we encounter
+ a resolve type that needs var injection checks and the var injection
+ watchpoint has already been fired, we will compile dynamic scope resolution
+ nodes.
+
+ This patch also adds a new value to the InitializationMode enum: ConstInitialization.
+ There was a subtle bug where we used to never compile the var injection variant of the
+ resolve type for an eval that injected a var where there was also a global lexical variable with the same name.
+ For example, the store compiled in this eval("var foo = 20;") wouldn't be compiled
+ with var injection checks if there was global let/const variable named "foo".
+ So there was the potential for the injected var to store to the GlobalLexicalObject.
+ I found this bug because my initial implementation in the DFG/FTL ran into it.
+ The reason this bug existed is because when we compile a const initialization,
+ we never need a var injections check. The const initialization always
+ knows where to store its value. This same logic leaked into the above eval's
+ "var foo = 20" store. This new enum value allows us to distinguish const
+ initialization stores from non-const initialization stores.
+
+ (I also changed InitializationMode to be an enum class instead of an enum).
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finishCreation):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
+ (JSC::BytecodeGenerator::initializeBlockScopedFunctions):
+ (JSC::BytecodeGenerator::hoistSloppyModeFunctionIfNecessary):
+ (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
+ (JSC::BytecodeGenerator::emitGetFromScope):
+ (JSC::BytecodeGenerator::initializeVariable):
+ (JSC::BytecodeGenerator::emitInstanceOf):
+ (JSC::BytecodeGenerator::emitPushFunctionNameScope):
+ (JSC::BytecodeGenerator::pushScopedControlFlowContext):
+ (JSC::BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope):
+ (JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
+ (JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::PostfixNode::emitResolve):
+ (JSC::PrefixNode::emitResolve):
+ (JSC::ReadModifyResolveNode::emitBytecode):
+ (JSC::initializationModeForAssignmentContext):
+ (JSC::AssignResolveNode::emitBytecode):
+ (JSC::EmptyLetExpression::emitBytecode):
+ (JSC::ForInNode::emitLoopHeader):
+ (JSC::ForOfNode::emitBytecode):
+ (JSC::ClassExprNode::emitBytecode):
+ (JSC::BindingNode::bindValue):
+ (JSC::AssignmentElementNode::bindValue):
+ (JSC::RestParameterNode::emit):
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::noticeArgumentsUse):
+ (JSC::DFG::ByteCodeParser::promoteToConstant):
+ (JSC::DFG::ByteCodeParser::needsDynamicLookup):
+ (JSC::DFG::ByteCodeParser::planLoad):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::capabilityLevel):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::identifierNumber):
+ (JSC::DFG::Node::hasGetPutInfo):
+ (JSC::DFG::Node::getPutInfo):
+ (JSC::DFG::Node::hasAccessorAttributes):
+ * dfg/DFGNodeType.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
+ (JSC::DFG::SpeculativeJIT::compileResolveScope):
+ (JSC::DFG::SpeculativeJIT::compileGetDynamicVar):
+ (JSC::DFG::SpeculativeJIT::compilePutDynamicVar):
+ (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileNode):
+ (JSC::FTL::DFG::LowerDFGToB3::compare):
+ (JSC::FTL::DFG::LowerDFGToB3::compileResolveScope):
+ (JSC::FTL::DFG::LowerDFGToB3::compileGetDynamicVar):
+ (JSC::FTL::DFG::LowerDFGToB3::compilePutDynamicVar):
+ (JSC::FTL::DFG::LowerDFGToB3::compareEqObjectOrOtherToObject):
+ * jit/CCallHelpers.h:
+ (JSC::CCallHelpers::setupArgumentsWithExecState):
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_to_scope):
+ (JSC::JIT::emitSlow_op_put_to_scope):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_to_scope):
+ (JSC::JIT::emitSlow_op_put_to_scope):
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/GetPutInfo.h:
+ (JSC::resolveModeName):
+ (JSC::initializationModeName):
+ (JSC::isInitialization):
+ (JSC::makeType):
+ (JSC::GetPutInfo::GetPutInfo):
+ * runtime/JSScope.cpp:
+ (JSC::abstractAccess):
+
2016-04-18 Filip Pizlo <[email protected]>
Disable AVX.
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -2087,7 +2087,7 @@
RELEASE_ASSERT(type != LocalClosureVar);
int localScopeDepth = pc[5].u.operand;
- ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), localScopeDepth, scope, ident, Get, type, NotInitialization);
+ ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), localScopeDepth, scope, ident, Get, type, InitializationMode::NotInitialization);
instructions[i + 4].u.operand = op.type;
instructions[i + 5].u.operand = op.depth;
if (op.lexicalEnvironment) {
@@ -2117,14 +2117,14 @@
instructions[i + 5].u.pointer = nullptr;
GetPutInfo getPutInfo = GetPutInfo(pc[4].u.operand);
- ASSERT(getPutInfo.initializationMode() == NotInitialization);
+ ASSERT(!isInitialization(getPutInfo.initializationMode()));
if (getPutInfo.resolveType() == LocalClosureVar) {
instructions[i + 4] = GetPutInfo(getPutInfo.resolveMode(), ClosureVar, getPutInfo.initializationMode()).operand();
break;
}
const Identifier& ident = identifier(pc[3].u.operand);
- ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), localScopeDepth, scope, ident, Get, getPutInfo.resolveType(), NotInitialization);
+ ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), localScopeDepth, scope, ident, Get, getPutInfo.resolveType(), InitializationMode::NotInitialization);
instructions[i + 4].u.operand = GetPutInfo(getPutInfo.resolveMode(), op.type, getPutInfo.initializationMode()).operand();
if (op.type == ModuleVar)
@@ -2193,7 +2193,7 @@
ResolveType type = static_cast<ResolveType>(pc[5].u.operand);
// Even though type profiling may be profiling either a Get or a Put, we can always claim a Get because
// we're abstractly "read"ing from a JSScope.
- ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), localScopeDepth, scope, ident, Get, type, NotInitialization);
+ ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), localScopeDepth, scope, ident, Get, type, InitializationMode::NotInitialization);
if (op.type == ClosureVar || op.type == ModuleVar)
symbolTable = op.lexicalEnvironment->symbolTable();
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -90,7 +90,7 @@
globalScope = newBlockScopeVariable();
emitMove(globalScope.get(), globalObjectScope.get());
}
- emitPutToScope(globalScope.get(), Variable(metadata->ident()), temp.get(), ThrowIfNotFound, NotInitialization);
+ emitPutToScope(globalScope.get(), Variable(metadata->ident()), temp.get(), ThrowIfNotFound, InitializationMode::NotInitialization);
} else
RELEASE_ASSERT_NOT_REACHED();
}
@@ -389,7 +389,7 @@
instructions().append(m_lexicalEnvironmentRegister->index());
instructions().append(UINT_MAX);
instructions().append(virtualRegisterForArgument(1 + i).offset());
- instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, NotInitialization).operand());
+ instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, InitializationMode::NotInitialization).operand());
instructions().append(symbolTableConstantIndex);
instructions().append(offset.offset());
}
@@ -436,7 +436,7 @@
instructions().append(m_lexicalEnvironmentRegister->index());
instructions().append(addConstant(ident));
instructions().append(virtualRegisterForArgument(1 + i).offset());
- instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, NotInitialization).operand());
+ instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, InitializationMode::NotInitialization).operand());
instructions().append(symbolTableConstantIndex);
instructions().append(offset.offset());
}
@@ -868,7 +868,7 @@
ASSERT(!isSimpleParameterList);
Variable var = variable(valuesToMoveIntoVars[i].first);
RegisterID* scope = emitResolveScope(nullptr, var);
- emitPutToScope(scope, var, valuesToMoveIntoVars[i].second.get(), DoNotThrowIfNotFound, NotInitialization);
+ emitPutToScope(scope, var, valuesToMoveIntoVars[i].second.get(), DoNotThrowIfNotFound, InitializationMode::NotInitialization);
}
}
@@ -1933,7 +1933,7 @@
RELEASE_ASSERT(!entry.isNull());
emitNewFunctionExpressionCommon(temp.get(), function);
bool isLexicallyScoped = true;
- emitPutToScope(scope, variableForLocalEntry(name, entry, symbolTableIndex, isLexicallyScoped), temp.get(), DoNotThrowIfNotFound, Initialization);
+ emitPutToScope(scope, variableForLocalEntry(name, entry, symbolTableIndex, isLexicallyScoped), temp.get(), DoNotThrowIfNotFound, InitializationMode::Initialization);
}
}
@@ -1957,7 +1957,7 @@
SymbolTableEntry entry = varSymbolTable->get(functionName.impl());
ASSERT(!entry.isNull());
bool isLexicallyScoped = false;
- emitPutToScope(varScope.m_scope, variableForLocalEntry(functionName, entry, varScope.m_symbolTableConstantIndex, isLexicallyScoped), currentValue.get(), DoNotThrowIfNotFound, NotInitialization);
+ emitPutToScope(varScope.m_scope, variableForLocalEntry(functionName, entry, varScope.m_symbolTableConstantIndex, isLexicallyScoped), currentValue.get(), DoNotThrowIfNotFound, InitializationMode::NotInitialization);
}
}
@@ -2073,7 +2073,7 @@
SymbolTableEntry entry = symbolTable->get(locker, identifier.impl());
RELEASE_ASSERT(!entry.isNull());
RegisterID* transitionValue = pair.first;
- emitPutToScope(loopScope, variableForLocalEntry(identifier, entry, loopSymbolTable->index(), true), transitionValue, DoNotThrowIfNotFound, NotInitialization);
+ emitPutToScope(loopScope, variableForLocalEntry(identifier, entry, loopSymbolTable->index(), true), transitionValue, DoNotThrowIfNotFound, InitializationMode::NotInitialization);
transitionValue->deref();
}
}
@@ -2296,7 +2296,7 @@
instructions().append(kill(dst));
instructions().append(scope->index());
instructions().append(addConstant(variable.ident()));
- instructions().append(GetPutInfo(resolveMode, variable.offset().isScope() ? LocalClosureVar : resolveType(), NotInitialization).operand());
+ instructions().append(GetPutInfo(resolveMode, variable.offset().isScope() ? LocalClosureVar : resolveType(), InitializationMode::NotInitialization).operand());
instructions().append(localScopeDepth());
instructions().append(variable.offset().isScope() ? variable.offset().scopeOffset().offset() : 0);
instructions().append(profile);
@@ -2350,7 +2350,7 @@
{
RELEASE_ASSERT(variable.offset().kind() != VarKind::Invalid);
RegisterID* scope = emitResolveScope(nullptr, variable);
- return emitPutToScope(scope, variable, value, ThrowIfNotFound, NotInitialization);
+ return emitPutToScope(scope, variable, value, ThrowIfNotFound, InitializationMode::NotInitialization);
}
RegisterID* BytecodeGenerator::emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* basePrototype)
@@ -3739,7 +3739,7 @@
ASSERT_UNUSED(numVars, m_codeBlock->m_numVars == static_cast<int>(numVars + 1)); // Should have only created one new "var" for the function name scope.
bool shouldTreatAsLexicalVariable = isStrictMode();
Variable functionVar = variableForLocalEntry(property, m_symbolTableStack.last().m_symbolTable->get(property.impl()), m_symbolTableStack.last().m_symbolTableConstantIndex, shouldTreatAsLexicalVariable);
- emitPutToScope(m_symbolTableStack.last().m_scope, functionVar, callee, ThrowIfNotFound, NotInitialization);
+ emitPutToScope(m_symbolTableStack.last().m_scope, functionVar, callee, ThrowIfNotFound, InitializationMode::NotInitialization);
}
void BytecodeGenerator::pushScopedControlFlowContext()
@@ -4229,7 +4229,7 @@
ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister);
Variable newTargetVar = variable(propertyNames().newTargetLocalPrivateName);
- emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, newTargetVar, newTarget(), DoNotThrowIfNotFound, Initialization);
+ emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, newTargetVar, newTarget(), DoNotThrowIfNotFound, InitializationMode::Initialization);
}
}
@@ -4240,7 +4240,7 @@
ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister);
Variable protoScope = variable(propertyNames().derivedConstructorPrivateName);
- emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, protoScope, &m_calleeRegister, DoNotThrowIfNotFound, Initialization);
+ emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, protoScope, &m_calleeRegister, DoNotThrowIfNotFound, InitializationMode::Initialization);
}
}
}
@@ -4253,7 +4253,7 @@
Variable thisVar = variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped);
RegisterID* scope = isDerivedConstructorContext() ? emitLoadArrowFunctionLexicalEnvironment(propertyNames().thisIdentifier) : m_arrowFunctionContextLexicalEnvironmentRegister;
- emitPutToScope(scope, thisVar, thisRegister(), ThrowIfNotFound, NotInitialization);
+ emitPutToScope(scope, thisVar, thisRegister(), ThrowIfNotFound, InitializationMode::NotInitialization);
}
}
Modified: trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -1158,7 +1158,7 @@
}
RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), value.get(), m_operator);
if (!var.isReadOnly()) {
- generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, NotInitialization);
+ generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, InitializationMode::NotInitialization);
generator.emitProfileType(value.get(), var, divotStart(), divotEnd());
}
@@ -1358,7 +1358,7 @@
emitIncOrDec(generator, value.get(), m_operator);
if (!var.isReadOnly()) {
- generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, NotInitialization);
+ generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, InitializationMode::NotInitialization);
generator.emitProfileType(value.get(), var, divotStart(), divotEnd());
}
return generator.moveToDestinationIfNeeded(dst, value.get());
@@ -1909,12 +1909,27 @@
RefPtr<RegisterID> result = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()), this);
RegisterID* returnResult = result.get();
if (!var.isReadOnly()) {
- returnResult = generator.emitPutToScope(scope.get(), var, result.get(), ThrowIfNotFound, NotInitialization);
+ returnResult = generator.emitPutToScope(scope.get(), var, result.get(), ThrowIfNotFound, InitializationMode::NotInitialization);
generator.emitProfileType(result.get(), var, divotStart(), divotEnd());
}
return returnResult;
}
+static InitializationMode initializationModeForAssignmentContext(AssignmentContext assignmentContext)
+{
+ switch (assignmentContext) {
+ case AssignmentContext::DeclarationStatement:
+ return InitializationMode::Initialization;
+ case AssignmentContext::ConstDeclarationStatement:
+ return InitializationMode::ConstInitialization;
+ case AssignmentContext::AssignmentExpression:
+ return InitializationMode::NotInitialization;
+ }
+
+ ASSERT_NOT_REACHED();
+ return InitializationMode::NotInitialization;
+}
+
// ------------------------------ AssignResolveNode -----------------------------------
RegisterID* AssignResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
@@ -1966,8 +1981,7 @@
generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
RegisterID* returnResult = result.get();
if (!isReadOnly) {
- returnResult = generator.emitPutToScope(scope.get(), var, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound,
- m_assignmentContext == AssignmentContext::ConstDeclarationStatement || m_assignmentContext == AssignmentContext::DeclarationStatement ? Initialization : NotInitialization);
+ returnResult = generator.emitPutToScope(scope.get(), var, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_assignmentContext));
generator.emitProfileType(result.get(), var, divotStart(), divotEnd());
}
@@ -2162,7 +2176,7 @@
} else {
RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
RefPtr<RegisterID> value = generator.emitLoad(nullptr, jsUndefined());
- generator.emitPutToScope(scope.get(), var, value.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, Initialization);
+ generator.emitPutToScope(scope.get(), var, value.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::Initialization);
generator.emitProfileType(value.get(), var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1));
}
@@ -2370,7 +2384,7 @@
generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
RegisterID* scope = generator.emitResolveScope(nullptr, var);
generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
- generator.emitPutToScope(scope, var, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, NotInitialization);
+ generator.emitPutToScope(scope, var, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization);
}
generator.emitProfileType(propertyName, var, m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1));
return;
@@ -2591,7 +2605,7 @@
generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
RegisterID* scope = generator.emitResolveScope(nullptr, var);
generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
- generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, NotInitialization);
+ generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization);
}
generator.emitProfileType(value, var, m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1));
} else if (m_lexpr->isDotAccessorNode()) {
@@ -3311,7 +3325,7 @@
Variable classNameVar = generator.variable(m_name);
RELEASE_ASSERT(classNameVar.isResolved());
RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, classNameVar);
- generator.emitPutToScope(scope.get(), classNameVar, constructor.get(), ThrowIfNotFound, Initialization);
+ generator.emitPutToScope(scope.get(), classNameVar, constructor.get(), ThrowIfNotFound, InitializationMode::Initialization);
generator.popLexicalScope(this);
}
@@ -3608,8 +3622,7 @@
generator.emitReadOnlyExceptionIfNeeded(var);
return;
}
- generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound,
- m_bindingContext == AssignmentContext::ConstDeclarationStatement || m_bindingContext == AssignmentContext::DeclarationStatement ? Initialization : NotInitialization);
+ generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_bindingContext));
generator.emitProfileType(value, var, divotStart(), divotEnd());
if (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement)
generator.liftTDZCheckIfPossible(var);
@@ -3659,7 +3672,7 @@
}
generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd());
if (!isReadOnly) {
- generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, NotInitialization);
+ generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization);
generator.emitProfileType(value, var, divotStart(), divotEnd());
}
} else if (m_assignmentTarget->isDotAccessorNode()) {
@@ -3710,7 +3723,7 @@
generator.emitProfileType(restParameterArray.get(), var, m_divotStart, m_divotEnd);
RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
generator.emitExpressionInfo(m_divotEnd, m_divotStart, m_divotEnd);
- generator.emitPutToScope(scope.get(), var, restParameterArray.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, Initialization);
+ generator.emitPutToScope(scope.get(), var, restParameterArray.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::Initialization);
}
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -2648,9 +2648,24 @@
case GetGlobalVar:
forNode(node).makeHeapTop();
break;
+
case GetGlobalLexicalVariable:
forNode(node).makeBytecodeTop();
break;
+
+ case GetDynamicVar:
+ clobberWorld(node->origin.semantic, clobberLimit);
+ forNode(node).makeBytecodeTop();
+ break;
+
+ case PutDynamicVar:
+ clobberWorld(node->origin.semantic, clobberLimit);
+ break;
+
+ case ResolveScope:
+ clobberWorld(node->origin.semantic, clobberLimit);
+ forNode(node).setType(m_graph, SpecObject);
+ break;
case VarInjectionWatchpoint:
case PutGlobalVariable:
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -968,6 +968,8 @@
for (ArgumentPosition* argument : m_inlineStackTop->m_argumentPositions)
argument->mergeShouldNeverUnbox(true);
}
+
+ bool needsDynamicLookup(ResolveType, OpcodeID);
VM* m_vm;
CodeBlock* m_codeBlock;
@@ -2640,6 +2642,61 @@
return method;
}
+bool ByteCodeParser::needsDynamicLookup(ResolveType type, OpcodeID opcode)
+{
+ ASSERT(opcode == op_resolve_scope || opcode == op_get_from_scope || opcode == op_put_to_scope);
+
+ JSGlobalObject* globalObject = m_inlineStackTop->m_codeBlock->globalObject();
+ if (needsVarInjectionChecks(type) && globalObject->varInjectionWatchpoint()->hasBeenInvalidated())
+ return true;
+
+ switch (type) {
+ case GlobalProperty:
+ case GlobalVar:
+ case GlobalLexicalVar:
+ case ClosureVar:
+ case LocalClosureVar:
+ case ModuleVar:
+ return false;
+
+ case UnresolvedProperty:
+ case UnresolvedPropertyWithVarInjectionChecks: {
+ // The heuristic for UnresolvedProperty scope accesses is we will ForceOSRExit if we
+ // haven't exited from from this access before to let the baseline JIT try to better
+ // cache the access. If we've already exited from this operation, it's unlikely that
+ // the baseline will come up with a better ResolveType and instead we will compile
+ // this as a dynamic scope access.
+
+ // We only track our heuristic through resolve_scope since resolve_scope will
+ // dominate unresolved gets/puts on that scope.
+ if (opcode != op_resolve_scope)
+ return true;
+
+ if (m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, InadequateCoverage)) {
+ // We've already exited so give up on getting better ResolveType information.
+ return true;
+ }
+
+ // We have not exited yet, so let's have the baseline get better ResolveType information for us.
+ // This type of code is often seen when we tier up in a loop but haven't executed the part
+ // of a function that comes after the loop.
+ return false;
+ }
+
+ case Dynamic:
+ return true;
+
+ case GlobalPropertyWithVarInjectionChecks:
+ case GlobalVarWithVarInjectionChecks:
+ case GlobalLexicalVarWithVarInjectionChecks:
+ case ClosureVarWithVarInjectionChecks:
+ return false;
+ }
+
+ ASSERT_NOT_REACHED();
+ return false;
+}
+
GetByOffsetMethod ByteCodeParser::planLoad(const ObjectPropertyCondition& condition)
{
if (verbose)
@@ -4284,6 +4341,12 @@
unsigned depth = currentInstruction[5].u.operand;
int scope = currentInstruction[2].u.operand;
+ if (needsDynamicLookup(resolveType, op_resolve_scope)) {
+ unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[currentInstruction[3].u.operand];
+ set(VirtualRegister(dst), addToGraph(ResolveScope, OpInfo(identifierNumber), get(VirtualRegister(scope))));
+ NEXT_OPCODE(op_resolve_scope);
+ }
+
// get_from_scope and put_to_scope depend on this watchpoint forcing OSR exit, so they don't add their own watchpoints.
if (needsVarInjectionChecks(resolveType))
addToGraph(VarInjectionWatchpoint);
@@ -4370,6 +4433,12 @@
operand = reinterpret_cast<uintptr_t>(currentInstruction[6].u.pointer);
}
+ if (needsDynamicLookup(resolveType, op_get_from_scope)) {
+ set(VirtualRegister(dst),
+ addToGraph(GetDynamicVar, OpInfo(identifierNumber), OpInfo(currentInstruction[4].u.operand), get(VirtualRegister(scope))));
+ NEXT_OPCODE(op_get_from_scope);
+ }
+
UNUSED_PARAM(watchpoints); // We will use this in the future. For now we set it as a way of documenting the fact that that's what index 5 is in GlobalVar mode.
JSGlobalObject* globalObject = m_inlineStackTop->m_codeBlock->globalObject();
@@ -4498,13 +4567,7 @@
break;
}
case UnresolvedProperty:
- case UnresolvedPropertyWithVarInjectionChecks: {
- addToGraph(ForceOSRExit);
- Node* scopeNode = get(VirtualRegister(scope));
- addToGraph(Phantom, scopeNode);
- set(VirtualRegister(dst), addToGraph(JSConstant, OpInfo(m_constantUndefined)));
- break;
- }
+ case UnresolvedPropertyWithVarInjectionChecks:
case ModuleVar:
case Dynamic:
RELEASE_ASSERT_NOT_REACHED();
@@ -4541,6 +4604,12 @@
JSGlobalObject* globalObject = m_inlineStackTop->m_codeBlock->globalObject();
+ if (needsDynamicLookup(resolveType, op_put_to_scope)) {
+ ASSERT(identifierNumber != UINT_MAX);
+ addToGraph(PutDynamicVar, OpInfo(identifierNumber), OpInfo(currentInstruction[4].u.operand), get(VirtualRegister(scope)), get(VirtualRegister(value)));
+ NEXT_OPCODE(op_put_to_scope);
+ }
+
switch (resolveType) {
case GlobalProperty:
case GlobalPropertyWithVarInjectionChecks: {
@@ -4565,7 +4634,7 @@
case GlobalLexicalVarWithVarInjectionChecks:
case GlobalVar:
case GlobalVarWithVarInjectionChecks: {
- if (getPutInfo.initializationMode() != Initialization && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) {
+ if (!isInitialization(getPutInfo.initializationMode()) && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) {
SpeculatedType prediction = SpecEmpty;
Node* value = addToGraph(GetGlobalLexicalVariable, OpInfo(operand), OpInfo(prediction));
addToGraph(CheckNotEmpty, value);
@@ -4601,14 +4670,6 @@
break;
}
- case UnresolvedProperty:
- case UnresolvedPropertyWithVarInjectionChecks: {
- addToGraph(ForceOSRExit);
- Node* scopeNode = get(VirtualRegister(scope));
- addToGraph(Phantom, scopeNode);
- break;
- }
-
case ModuleVar:
// Need not to keep "scope" and "value" register values here by Phantom because
// they are not used in LLInt / baseline op_put_to_scope with ModuleVar.
@@ -4616,6 +4677,8 @@
break;
case Dynamic:
+ case UnresolvedProperty:
+ case UnresolvedPropertyWithVarInjectionChecks:
RELEASE_ASSERT_NOT_REACHED();
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -101,6 +101,7 @@
CapabilityLevel capabilityLevel(OpcodeID opcodeID, CodeBlock* codeBlock, Instruction* pc)
{
UNUSED_PARAM(codeBlock); // This function does some bytecode parsing. Ordinarily bytecode parsing requires the owning CodeBlock. It's sort of strange that we don't use it here right now.
+ UNUSED_PARAM(pc);
switch (opcodeID) {
case op_enter:
@@ -229,25 +230,10 @@
case op_get_rest_length:
case op_log_shadow_chicken_prologue:
case op_log_shadow_chicken_tail:
+ case op_put_to_scope:
+ case op_resolve_scope:
return CanCompileAndInline;
- case op_put_to_scope: {
- ResolveType resolveType = GetPutInfo(pc[4].u.operand).resolveType();
- // If we're writing to a readonly property we emit a Dynamic put that
- // the DFG can't currently handle.
- if (resolveType == Dynamic)
- return CannotCompile;
- return CanCompileAndInline;
- }
-
- case op_resolve_scope: {
- // We don't compile 'catch' or 'with', so there's no point in compiling variable resolution within them.
- ResolveType resolveType = static_cast<ResolveType>(pc[4].u.operand);
- if (resolveType == Dynamic)
- return CannotCompile;
- return CanCompileAndInline;
- }
-
case op_new_regexp:
case op_switch_string: // Don't inline because we don't want to copy string tables in the concurrent JIT.
return CanCompile;
Modified: trunk/Source/_javascript_Core/dfg/DFGClobberize.h (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -461,6 +461,9 @@
case In:
case ValueAdd:
case SetFunctionName:
+ case GetDynamicVar:
+ case PutDynamicVar:
+ case ResolveScope:
read(World);
write(Heap);
return;
Modified: trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -241,6 +241,9 @@
case CopyRest:
case LogShadowChickenPrologue:
case LogShadowChickenTail:
+ case GetDynamicVar:
+ case PutDynamicVar:
+ case ResolveScope:
return false;
case CreateActivation:
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -1479,6 +1479,13 @@
break;
}
+ case ResolveScope:
+ case GetDynamicVar:
+ case PutDynamicVar: {
+ fixEdge<KnownCellUse>(node->child1());
+ break;
+ }
+
#if !ASSERT_DISABLED
// Have these no-op cases here to ensure that nobody forgets to add handlers for new opcodes.
case SetArgument:
Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGNode.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGNode.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -876,6 +876,9 @@
case PutSetterById:
case PutGetterSetterById:
case DeleteById:
+ case GetDynamicVar:
+ case PutDynamicVar:
+ case ResolveScope:
return true;
default:
return false;
@@ -888,6 +891,23 @@
return m_opInfo;
}
+ bool hasGetPutInfo()
+ {
+ switch (op()) {
+ case GetDynamicVar:
+ case PutDynamicVar:
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ unsigned getPutInfo()
+ {
+ ASSERT(hasGetPutInfo());
+ return m_opInfo2;
+ }
+
bool hasAccessorAttributes()
{
switch (op()) {
Modified: trunk/Source/_javascript_Core/dfg/DFGNodeType.h (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -216,12 +216,15 @@
macro(GetTypedArrayByteOffset, NodeResultInt32) \
macro(GetScope, NodeResultJS) \
macro(SkipScope, NodeResultJS) \
+ macro(ResolveScope, NodeResultJS | NodeMustGenerate) \
macro(GetGlobalObject, NodeResultJS) \
macro(GetClosureVar, NodeResultJS) \
macro(PutClosureVar, NodeMustGenerate) \
macro(GetGlobalVar, NodeResultJS) \
macro(GetGlobalLexicalVariable, NodeResultJS) \
macro(PutGlobalVariable, NodeMustGenerate) \
+ macro(GetDynamicVar, NodeResultJS | NodeMustGenerate) \
+ macro(PutDynamicVar, NodeMustGenerate) \
macro(NotifyWrite, NodeMustGenerate) \
macro(VarInjectionWatchpoint, NodeMustGenerate) \
macro(GetRegExpObjectLastIndex, NodeResultJS) \
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -1525,6 +1525,78 @@
dataLog("\n");
}
+JSCell* JIT_OPERATION operationResolveScope(ExecState* exec, JSScope* scope, UniquedStringImpl* impl)
+{
+ VM& vm = exec->vm();
+ NativeCallFrameTracer tracer(&vm, exec);
+
+ JSObject* resolvedScope = JSScope::resolve(exec, scope, Identifier::fromUid(exec, impl));
+ return resolvedScope;
+}
+
+EncodedJSValue JIT_OPERATION operationGetDynamicVar(ExecState* exec, JSObject* scope, UniquedStringImpl* impl, unsigned getPutInfoBits)
+{
+ VM& vm = exec->vm();
+ NativeCallFrameTracer tracer(&vm, exec);
+
+ const Identifier& ident = Identifier::fromUid(exec, impl);
+ GetPutInfo getPutInfo(getPutInfoBits);
+
+ PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
+ if (!scope->getPropertySlot(exec, ident, slot)) {
+ if (getPutInfo.resolveMode() == ThrowIfNotFound)
+ vm.throwException(exec, createUndefinedVariableError(exec, ident));
+ return JSValue::encode(jsUndefined());
+ }
+
+ if (scope->isGlobalLexicalEnvironment()) {
+ // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
+ JSValue result = slot.getValue(exec, ident);
+ if (result == jsTDZValue()) {
+ exec->vm().throwException(exec, createTDZError(exec));
+ return JSValue::encode(jsUndefined());
+ }
+ return JSValue::encode(result);
+ }
+
+ return JSValue::encode(slot.getValue(exec, ident));
+}
+
+void JIT_OPERATION operationPutDynamicVar(ExecState* exec, JSObject* scope, EncodedJSValue value, UniquedStringImpl* impl, unsigned getPutInfoBits)
+{
+ VM& vm = exec->vm();
+ NativeCallFrameTracer tracer(&vm, exec);
+
+ const Identifier& ident = Identifier::fromUid(exec, impl);
+ GetPutInfo getPutInfo(getPutInfoBits);
+ bool hasProperty = scope->hasProperty(exec, ident);
+ if (hasProperty
+ && scope->isGlobalLexicalEnvironment()
+ && !isInitialization(getPutInfo.initializationMode())) {
+ // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
+ PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
+ JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot);
+ if (slot.getValue(exec, ident) == jsTDZValue()) {
+ exec->vm().throwException(exec, createTDZError(exec));
+ return;
+ }
+ }
+
+ if (getPutInfo.resolveMode() == ThrowIfNotFound && !hasProperty) {
+ exec->vm().throwException(exec, createUndefinedVariableError(exec, ident));
+ return;
+ }
+
+ CodeOrigin origin = exec->codeOrigin();
+ bool strictMode;
+ if (origin.inlineCallFrame)
+ strictMode = origin.inlineCallFrame->baselineCodeBlock->isStrictMode();
+ else
+ strictMode = exec->codeBlock()->isStrictMode();
+ PutPropertySlot slot(scope, strictMode, PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode()));
+ scope->methodTable()->put(scope, exec, ident, JSValue::decode(value), slot);
+}
+
extern "C" void JIT_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock, OSRExitBase* exit)
{
// It's sort of preferable that we don't GC while in here. Anyways, doing so wouldn't
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.h (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -151,6 +151,10 @@
int32_t JIT_OPERATION operationSizeOfVarargs(ExecState*, EncodedJSValue arguments, int32_t firstVarArgOffset);
void JIT_OPERATION operationLoadVarargs(ExecState*, int32_t firstElementDest, EncodedJSValue arguments, int32_t offset, int32_t length, int32_t mandatoryMinimum);
+JSCell* JIT_OPERATION operationResolveScope(ExecState*, JSScope*, UniquedStringImpl*);
+EncodedJSValue JIT_OPERATION operationGetDynamicVar(ExecState*, JSObject* scope, UniquedStringImpl*, unsigned);
+void JIT_OPERATION operationPutDynamicVar(ExecState*, JSObject* scope, EncodedJSValue, UniquedStringImpl*, unsigned);
+
int64_t JIT_OPERATION operationConvertBoxedDoubleToInt52(EncodedJSValue);
int64_t JIT_OPERATION operationConvertDoubleToInt52(double);
Modified: trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -204,6 +204,11 @@
changed |= setPrediction(node->getHeapPrediction());
break;
}
+
+ case GetDynamicVar: {
+ changed |= setPrediction(SpecBytecodeTop);
+ break;
+ }
case GetGetterSetterByOffset:
case GetExecutable: {
@@ -568,6 +573,11 @@
changed |= setPrediction(SpecObjectOther);
break;
}
+
+ case ResolveScope: {
+ changed |= setPrediction(SpecObjectOther);
+ break;
+ }
case CreateThis:
case NewObject: {
@@ -789,6 +799,7 @@
case ExitOK:
case LoadVarargs:
case CopyRest:
+ case PutDynamicVar:
break;
// This gets ignored because it only pretends to produce a value.
Modified: trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -344,6 +344,9 @@
case GetRegExpObjectLastIndex:
case SetRegExpObjectLastIndex:
case RecordRegExpCachedResult:
+ case GetDynamicVar:
+ case PutDynamicVar:
+ case ResolveScope:
return true;
case BottomValue:
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -7807,6 +7807,58 @@
noResult(node);
}
+void SpeculativeJIT::compileResolveScope(Node* node)
+{
+ SpeculateCellOperand scope(this, node->child1());
+ GPRReg scopeGPR = scope.gpr();
+ GPRFlushedCallResult result(this);
+ GPRReg resultGPR = result.gpr();
+ flushRegisters();
+ callOperation(operationResolveScope, resultGPR, scopeGPR, identifierUID(node->identifierNumber()));
+ m_jit.exceptionCheck();
+ cellResult(resultGPR, node);
+}
+
+void SpeculativeJIT::compileGetDynamicVar(Node* node)
+{
+ SpeculateCellOperand scope(this, node->child1());
+ GPRReg scopeGPR = scope.gpr();
+#if USE(JSVALUE64)
+ flushRegisters();
+ GPRFlushedCallResult result(this);
+ callOperation(operationGetDynamicVar, result.gpr(), scopeGPR, identifierUID(node->identifierNumber()), node->getPutInfo());
+ m_jit.exceptionCheck();
+ jsValueResult(result.gpr(), node);
+#else
+ flushRegisters();
+ GPRFlushedCallResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
+ callOperation(operationGetDynamicVar, resultTag.gpr(), resultPayload.gpr(), scopeGPR, identifierUID(node->identifierNumber()), node->getPutInfo());
+ m_jit.exceptionCheck();
+ jsValueResult(resultTag.gpr(), resultPayload.gpr(), node);
+#endif
+}
+
+void SpeculativeJIT::compilePutDynamicVar(Node* node)
+{
+ SpeculateCellOperand scope(this, node->child1());
+ GPRReg scopeGPR = scope.gpr();
+ JSValueOperand value(this, node->child2());
+
+#if USE(JSVALUE64)
+ GPRReg valueGPR = value.gpr();
+ flushRegisters();
+ callOperation(operationPutDynamicVar, NoResult, scopeGPR, valueGPR, identifierUID(node->identifierNumber()), node->getPutInfo());
+#else
+ GPRReg tag = value.tagGPR();
+ GPRReg payload = value.payloadGPR();
+ flushRegisters();
+ callOperation(operationPutDynamicVar, NoResult, scopeGPR, tag, payload, identifierUID(node->identifierNumber()), node->getPutInfo());
+#endif
+ m_jit.exceptionCheck();
+ noResult(node);
+}
+
void SpeculativeJIT::compilePutAccessorByVal(Node* node)
{
SpeculateCellOperand base(this, node->child1());
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -1250,7 +1250,24 @@
return appendCall(operation);
}
+ JITCompiler::Call callOperation(C_JITOperation_EJscI operation, GPRReg result, GPRReg arg1, UniquedStringImpl* impl)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(impl));
+ return appendCallSetResult(operation, result);
+ }
+
+
#if USE(JSVALUE64)
+ JITCompiler::Call callOperation(V_JITOperation_EOJIUi operation, GPRReg arg1, GPRReg arg2, UniquedStringImpl* impl, unsigned value)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(impl), TrustedImm32(value));
+ return appendCall(operation);
+ }
+ JITCompiler::Call callOperation(J_JITOperation_EOIUi operation, GPRReg result, GPRReg arg1, UniquedStringImpl* impl, unsigned value)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(impl), TrustedImm32(value));
+ return appendCallSetResult(operation, result);
+ }
JITCompiler::Call callOperation(J_JITOperation_E operation, GPRReg result)
{
m_jit.setupArgumentsExecState();
@@ -1656,6 +1673,16 @@
#define SH4_32BIT_DUMMY_ARG
#endif
+ JITCompiler::Call callOperation(V_JITOperation_EOJIUi operation, GPRReg arg1, GPRReg arg2Tag, GPRReg arg2Payload, UniquedStringImpl* impl, unsigned value)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, arg2Payload, arg2Tag, TrustedImmPtr(impl), TrustedImm32(value));
+ return appendCall(operation);
+ }
+ JITCompiler::Call callOperation(J_JITOperation_EOIUi operation, GPRReg resultTag, GPRReg resultPayload, GPRReg arg1, UniquedStringImpl* impl, unsigned value)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(impl), TrustedImm32(value));
+ return appendCallSetResult(operation, resultPayload, resultTag);
+ }
JITCompiler::Call callOperation(D_JITOperation_G operation, FPRReg result, JSGlobalObject* globalObject)
{
m_jit.setupArguments(TrustedImmPtr(globalObject));
@@ -2477,6 +2504,9 @@
void compileMaterializeNewObject(Node*);
void compileRecordRegExpCachedResult(Node*);
void compileCallObjectConstructor(Node*);
+ void compileResolveScope(Node*);
+ void compileGetDynamicVar(Node*);
+ void compilePutDynamicVar(Node*);
void moveTrueTo(GPRReg);
void moveFalseTo(GPRReg);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -5048,6 +5048,21 @@
compileMaterializeNewObject(node);
break;
+ case PutDynamicVar: {
+ compilePutDynamicVar(node);
+ break;
+ }
+
+ case GetDynamicVar: {
+ compileGetDynamicVar(node);
+ break;
+ }
+
+ case ResolveScope: {
+ compileResolveScope(node);
+ break;
+ }
+
case Unreachable:
RELEASE_ASSERT_NOT_REACHED();
break;
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -4359,6 +4359,21 @@
break;
}
+ case PutDynamicVar: {
+ compilePutDynamicVar(node);
+ break;
+ }
+
+ case GetDynamicVar: {
+ compileGetDynamicVar(node);
+ break;
+ }
+
+ case ResolveScope: {
+ compileResolveScope(node);
+ break;
+ }
+
case NotifyWrite: {
compileNotifyWrite(node);
break;
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -236,6 +236,9 @@
case SetFunctionName:
case LogShadowChickenPrologue:
case LogShadowChickenTail:
+ case ResolveScope:
+ case GetDynamicVar:
+ case PutDynamicVar:
// These are OK.
break;
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -966,6 +966,15 @@
case RecordRegExpCachedResult:
compileRecordRegExpCachedResult();
break;
+ case ResolveScope:
+ compileResolveScope();
+ break;
+ case GetDynamicVar:
+ compileGetDynamicVar();
+ break;
+ case PutDynamicVar:
+ compilePutDynamicVar();
+ break;
case PhantomLocal:
case LoopHint:
@@ -7525,6 +7534,27 @@
DFG_CRASH(m_graph, m_node, "Bad use kinds");
}
+
+ void compileResolveScope()
+ {
+ UniquedStringImpl* uid = m_graph.identifiers()[m_node->identifierNumber()];
+ setJSValue(vmCall(m_out.intPtr, m_out.operation(operationResolveScope),
+ m_callFrame, lowCell(m_node->child1()), m_out.constIntPtr(uid)));
+ }
+
+ void compileGetDynamicVar()
+ {
+ UniquedStringImpl* uid = m_graph.identifiers()[m_node->identifierNumber()];
+ setJSValue(vmCall(m_out.int64, m_out.operation(operationGetDynamicVar),
+ m_callFrame, lowCell(m_node->child1()), m_out.constIntPtr(uid), m_out.constInt32(m_node->getPutInfo())));
+ }
+
+ void compilePutDynamicVar()
+ {
+ UniquedStringImpl* uid = m_graph.identifiers()[m_node->identifierNumber()];
+ setJSValue(vmCall(Void, m_out.operation(operationPutDynamicVar),
+ m_callFrame, lowCell(m_node->child1()), lowJSValue(m_node->child2()), m_out.constIntPtr(uid), m_out.constInt32(m_node->getPutInfo())));
+ }
void compareEqObjectOrOtherToObject(Edge leftChild, Edge rightChild)
{
Modified: trunk/Source/_javascript_Core/jit/CCallHelpers.h (199698 => 199699)
--- trunk/Source/_javascript_Core/jit/CCallHelpers.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/jit/CCallHelpers.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -324,6 +324,16 @@
addCallArgument(arg4);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ addCallArgument(arg2);
+ addCallArgument(arg3);
+ addCallArgument(arg4);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2, TrustedImmPtr arg3)
{
resetCallArguments();
@@ -480,6 +490,26 @@
addCallArgument(arg5);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, TrustedImm32 arg3)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ addCallArgument(arg2);
+ addCallArgument(arg3);
+ }
+
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, TrustedImmPtr arg4, TrustedImm32 arg5)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ addCallArgument(arg2);
+ addCallArgument(arg3);
+ addCallArgument(arg4);
+ addCallArgument(arg5);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5)
{
resetCallArguments();
@@ -1500,6 +1530,12 @@
setupArgumentsWithExecState(arg1, arg2, arg3);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4)
+ {
+ poke(arg4, POKE_ARGUMENT_OFFSET);
+ setupArgumentsWithExecState(arg1, arg2, arg3);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, TrustedImm32 arg4)
{
poke(arg4, POKE_ARGUMENT_OFFSET);
@@ -1736,6 +1772,13 @@
setupArgumentsWithExecState(arg1, arg2, arg3);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, TrustedImmPtr arg4, TrustedImm32 arg5)
+ {
+ poke(arg5, POKE_ARGUMENT_OFFSET + 1);
+ poke(arg4, POKE_ARGUMENT_OFFSET);
+ setupArgumentsWithExecState(arg1, arg2, arg3);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, TrustedImmPtr arg2, GPRReg arg3, GPRReg arg4)
{
poke(arg4, POKE_ARGUMENT_OFFSET);
@@ -1963,6 +2006,14 @@
move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4)
+ {
+ setupTwoStubArgsGPR<GPRInfo::argumentGPR1, GPRInfo::argumentGPR2>(arg1, arg2);
+ move(arg3, GPRInfo::argumentGPR3);
+ move(arg4, GPRInfo::argumentGPR4);
+ move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5)
{
setupThreeStubArgsGPR<GPRInfo::argumentGPR1, GPRInfo::argumentGPR4, GPRInfo::argumentGPR5>(arg1, arg4, arg5);
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -2045,7 +2045,7 @@
bool hasProperty = scope->hasProperty(exec, ident);
if (hasProperty
&& scope->isGlobalLexicalEnvironment()
- && getPutInfo.initializationMode() != Initialization) {
+ && !isInitialization(getPutInfo.initializationMode())) {
// When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot);
@@ -2060,7 +2060,7 @@
return;
}
- PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, getPutInfo.initializationMode() == Initialization);
+ PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode()));
scope->methodTable()->put(scope, exec, ident, value, slot);
if (exec->vm().exception())
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (199698 => 199699)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -155,6 +155,7 @@
typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EZIcfZ)(ExecState*, int32_t, InlineCallFrame*, int32_t);
typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EZZ)(ExecState*, int32_t, int32_t);
typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EZSymtabJ)(ExecState*, int32_t, SymbolTable*, EncodedJSValue);
+typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EOIUi)(ExecState*, JSObject*, UniquedStringImpl*, uint32_t);
typedef JSCell* JIT_OPERATION (*C_JITOperation_E)(ExecState*);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EZ)(ExecState*, int32_t);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EC)(ExecState*, JSCell*);
@@ -186,6 +187,7 @@
typedef JSCell* JIT_OPERATION (*C_JITOperation_EStZ)(ExecState*, Structure*, int32_t);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EStZZ)(ExecState*, Structure*, int32_t, int32_t);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EZ)(ExecState*, int32_t);
+typedef JSCell* JIT_OPERATION (*C_JITOperation_EJscI)(ExecState*, JSScope*, UniquedStringImpl*);
typedef double JIT_OPERATION (*D_JITOperation_D)(double);
typedef double JIT_OPERATION (*D_JITOperation_G)(JSGlobalObject*);
typedef double JIT_OPERATION (*D_JITOperation_DD)(double, double);
@@ -253,6 +255,7 @@
typedef void JIT_OPERATION (*V_JITOperation_J)(EncodedJSValue);
typedef void JIT_OPERATION (*V_JITOperation_Z)(int32_t);
typedef void JIT_OPERATION (*V_JITOperation_ECRUiUi)(ExecState*, JSCell*, Register*, uint32_t, uint32_t);
+typedef void JIT_OPERATION (*V_JITOperation_EOJIUi)(ExecState*, JSObject*, EncodedJSValue, UniquedStringImpl*, uint32_t);
typedef char* JIT_OPERATION (*P_JITOperation_E)(ExecState*);
typedef char* JIT_OPERATION (*P_JITOperation_EC)(ExecState*, JSCell*);
typedef char* JIT_OPERATION (*P_JITOperation_ECli)(ExecState*, CallLinkInfo*);
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -971,7 +971,7 @@
RELEASE_ASSERT(constantScope);
emitWriteBarrier(constantScope, value, ShouldFilterValue);
emitVarInjectionCheck(needsVarInjectionChecks(resolveType));
- if (getPutInfo.initializationMode() != Initialization && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) {
+ if (!isInitialization(getPutInfo.initializationMode()) && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) {
// We need to do a TDZ check here because we can't always prove we need to emit TDZ checks statically.
if (indirectLoadForOperand)
emitGetVarFromIndirectPointer(bitwise_cast<JSValue**>(operandSlot), regT0);
@@ -1053,7 +1053,7 @@
linkCount++;
if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks)
linkCount++; // bad structure
- if (getPutInfo.initializationMode() != Initialization && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) // TDZ check.
+ if (!isInitialization(getPutInfo.initializationMode()) && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) // TDZ check.
linkCount++;
if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) {
// GlobalProperty/GlobalPropertyWithVarInjectionsCheck
@@ -1061,7 +1061,7 @@
linkCount++; // emitLoadWithStructureCheck
// GlobalLexicalVar
- bool needsTDZCheck = getPutInfo.initializationMode() != Initialization;
+ bool needsTDZCheck = !isInitialization(getPutInfo.initializationMode());
if (needsTDZCheck)
linkCount++;
linkCount++; // Notify write check.
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -1019,7 +1019,7 @@
RELEASE_ASSERT(constantScope);
emitWriteBarrier(constantScope, value, ShouldFilterValue);
emitVarInjectionCheck(needsVarInjectionChecks(resolveType));
- if (getPutInfo.initializationMode() != Initialization && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) {
+ if (!isInitialization(getPutInfo.initializationMode()) && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) {
// We need to do a TDZ check here because we can't always prove we need to emit TDZ checks statically.
if (indirectLoadForOperand)
emitGetVarFromIndirectPointer(bitwise_cast<JSValue**>(operandSlot), regT1, regT0);
@@ -1097,14 +1097,14 @@
|| resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)
&& currentInstruction[5].u.watchpointSet->state() != IsInvalidated)
linkCount++;
- if (getPutInfo.initializationMode() != Initialization && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) // TDZ check.
+ if (!isInitialization(getPutInfo.initializationMode()) && (resolveType == GlobalLexicalVar || resolveType == GlobalLexicalVarWithVarInjectionChecks)) // TDZ check.
linkCount++;
if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) {
// GlobalProperty/GlobalPropertyWithVarInjectionsCheck
linkCount++; // emitLoadWithStructureCheck
// GlobalLexicalVar
- bool needsTDZCheck = getPutInfo.initializationMode() != Initialization;
+ bool needsTDZCheck = !isInitialization(getPutInfo.initializationMode());
if (needsTDZCheck)
linkCount++;
linkCount++; // Notify write check.
Modified: trunk/Source/_javascript_Core/llint/LLIntData.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/llint/LLIntData.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/llint/LLIntData.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -183,7 +183,7 @@
static_assert(GlobalLexicalVarWithVarInjectionChecks == 8, "LLInt assumes GlobalLexicalVarWithVarInjectionChecks ResultType is == 8");
static_assert(ClosureVarWithVarInjectionChecks == 9, "LLInt assumes ClosureVarWithVarInjectionChecks ResultType is == 9");
- static_assert(InitializationMode::Initialization == 0, "LLInt assumes that InitializationMode::Initialization is 0");
+ static_assert(static_cast<unsigned>(InitializationMode::NotInitialization) == 2, "LLInt assumes that InitializationMode::NotInitialization is 0");
STATIC_ASSERT(GetPutInfo::typeBits == 0x3ff);
STATIC_ASSERT(GetPutInfo::initializationShift == 10);
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -1483,7 +1483,7 @@
bool hasProperty = scope->hasProperty(exec, ident);
if (hasProperty
&& scope->isGlobalLexicalEnvironment()
- && getPutInfo.initializationMode() != Initialization) {
+ && !isInitialization(getPutInfo.initializationMode())) {
// When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot);
@@ -1494,7 +1494,7 @@
if (getPutInfo.resolveMode() == ThrowIfNotFound && !hasProperty)
LLINT_THROW(createUndefinedVariableError(exec, ident));
- PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, getPutInfo.initializationMode() == Initialization);
+ PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode()));
scope->methodTable()->put(scope, exec, ident, value, slot);
CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, getPutInfo, slot, ident);
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (199698 => 199699)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2016-04-19 01:38:30 UTC (rev 199699)
@@ -367,7 +367,7 @@
const ResolveTypeMask = 0x3ff
const InitializationModeMask = 0xffc00
const InitializationModeShift = 10
-const Initialization = 0
+const NotInitialization = 2
const MarkedBlockSize = 16 * 1024
const MarkedBlockMask = ~(MarkedBlockSize - 1)
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (199698 => 199699)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2016-04-19 01:38:30 UTC (rev 199699)
@@ -2109,7 +2109,7 @@
loadisFromInstruction(4, t0)
andi InitializationModeMask, t0
rshifti InitializationModeShift, t0
- bieq t0, Initialization, .noNeedForTDZCheck
+ bineq t0, NotInitialization, .noNeedForTDZCheck
loadpFromInstruction(6, t0)
loadq [t0], t0
bqeq t0, ValueEmpty, .pDynamic
Modified: trunk/Source/_javascript_Core/runtime/GetPutInfo.h (199698 => 199699)
--- trunk/Source/_javascript_Core/runtime/GetPutInfo.h 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/runtime/GetPutInfo.h 2016-04-19 01:38:30 UTC (rev 199699)
@@ -65,10 +65,11 @@
Dynamic
};
-enum InitializationMode {
- Initialization, // "let x = 20;"
- NotInitialization // "x = 20;"
-};
+enum class InitializationMode : unsigned {
+ Initialization, // "let x = 20;"
+ ConstInitialization, // "const x = 20;"
+ NotInitialization // "x = 20;"
+};
ALWAYS_INLINE const char* resolveModeName(ResolveMode resolveMode)
{
@@ -103,11 +104,24 @@
{
static const char* const names[] = {
"Initialization",
+ "ConstInitialization",
"NotInitialization"
};
- return names[initializationMode];
+ return names[static_cast<unsigned>(initializationMode)];
}
+ALWAYS_INLINE bool isInitialization(InitializationMode initializationMode)
+{
+ switch (initializationMode) {
+ case InitializationMode::Initialization:
+ case InitializationMode::ConstInitialization:
+ return true;
+ case InitializationMode::NotInitialization:
+ return false;
+ }
+ ASSERT_NOT_REACHED();
+ return false;
+}
ALWAYS_INLINE ResolveType makeType(ResolveType type, bool needsVarInjectionChecks)
{
@@ -198,7 +212,7 @@
static_assert((modeBits & initializationBits & typeBits) == 0x0, "There should be no intersection between ResolveMode ResolveType and InitializationMode");
GetPutInfo(ResolveMode resolveMode, ResolveType resolveType, InitializationMode initializationMode)
- : m_operand((resolveMode << modeShift) | (initializationMode << initializationShift) | resolveType)
+ : m_operand((resolveMode << modeShift) | (static_cast<unsigned>(initializationMode) << initializationShift) | resolveType)
{
}
Modified: trunk/Source/_javascript_Core/runtime/JSScope.cpp (199698 => 199699)
--- trunk/Source/_javascript_Core/runtime/JSScope.cpp 2016-04-19 00:25:12 UTC (rev 199698)
+++ trunk/Source/_javascript_Core/runtime/JSScope.cpp 2016-04-19 01:38:30 UTC (rev 199699)
@@ -92,13 +92,13 @@
JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(scope);
SymbolTableEntry entry = globalLexicalEnvironment->symbolTable()->get(ident.impl());
if (!entry.isNull()) {
- if (getOrPut == Put && entry.isReadOnly() && initializationMode != Initialization) {
+ if (getOrPut == Put && entry.isReadOnly() && !isInitialization(initializationMode)) {
// We know the property will be at global lexical environment, but we don't know how to cache it.
op = ResolveOp(Dynamic, 0, 0, 0, 0, 0);
return true;
}
- // We can try to force const Initialization to always go down the fast path. It is provably impossible to construct
+ // We can force const Initialization to always go down the fast path. It is provably impossible to construct
// a program that needs a var injection check here. You can convince yourself of this as follows:
// Any other let/const/class would be a duplicate of this in the global scope, so we would never get here in that situation.
// Also, if we had an eval in the global scope that defined a const, it would also be a duplicate of this const, and so it would
@@ -106,7 +106,7 @@
// we will never have a Dynamic ResolveType here because if we were inside a "with" statement, that would mean the "const" definition
// isn't a global, it would be a local to the "with" block.
// We still need to make the slow path correct for when we need to fire a watchpoint.
- ResolveType resolveType = initializationMode == Initialization ? GlobalLexicalVar : makeType(GlobalLexicalVar, needsVarInjectionChecks);
+ ResolveType resolveType = initializationMode == InitializationMode::ConstInitialization ? GlobalLexicalVar : makeType(GlobalLexicalVar, needsVarInjectionChecks);
op = ResolveOp(
resolveType, depth, 0, 0, entry.watchpointSet(),
reinterpret_cast<uintptr_t>(globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot()));
