<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[177146] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/177146">177146</a></dd>
<dt>Author</dt> <dd>msaboff@apple.com</dd>
<dt>Date</dt> <dd>2014-12-11 08:41:33 -0800 (Thu, 11 Dec 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>REGRESSION: Use of undefined CallFrame::ScopeChain value
https://bugs.webkit.org/show_bug.cgi?id=139533
Reviewed by Mark Lam.
Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
all usages of these funcitons. In some cases the scope is passed in or determined
another way. In some cases the scope is used to calculate other values. Lastly
were places where these functions where used that are no longer needed. For
example when making a call, the caller's ScopeChain was copied to the callee's
ScopeChain. This change no longer uses the ScopeChain call frame header slot.
That slot will be removed in a future patch.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* runtime/JSLexicalEnvironment.h:
(JSC::JSLexicalEnvironment::create):
(JSC::JSLexicalEnvironment::JSLexicalEnvironment):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_create_lexical_environment):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_create_lexical_environment):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::handleHostCall):
(JSC::LLInt::setUpCall):
(JSC::LLInt::llint_throw_stack_overflow_error):
Pass the current scope value to the helper operationCreateActivation() and
the call to JSLexicalEnvironment::create() instead of using the stack frame
scope chain value.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
CreateActivation now has a second child, the scope.
* interpreter/CallFrame.h:
(JSC::ExecState::init): Deleted. This is dead code.
(JSC::ExecState::scope): Deleted.
(JSC::ExecState::setScope): Deleted.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
chain slot.
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
Changed process to find JSScope values on the stack or by some other means.
* runtime/JSWithScope.h:
(JSC::JSWithScope::JSWithScope): Deleted.
Eliminated unused constructor.
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::StrictEvalActivation):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::create):
Changed to pass in the current scope.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFixupPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITh">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterCallFrameh">trunk/Source/JavaScriptCore/interpreter/CallFrame.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpretercpp">trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITh">trunk/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlinesh">trunk/Source/JavaScriptCore/jit/JITInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodescpp">trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodes32_64cpp">trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationscpp">trunk/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationsh">trunk/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntSlowPathscpp">trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSLexicalEnvironmenth">trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSWithScopeh">trunk/Source/JavaScriptCore/runtime/JSWithScope.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStrictEvalActivationcpp">trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStrictEvalActivationh">trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/ChangeLog 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -1,3 +1,75 @@
</span><ins>+2014-12-11 Michael Saboff <msaboff@apple.com>
+
+ REGRESSION: Use of undefined CallFrame::ScopeChain value
+ https://bugs.webkit.org/show_bug.cgi?id=139533
+
+ Reviewed by Mark Lam.
+
+ Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
+ all usages of these funcitons. In some cases the scope is passed in or determined
+ another way. In some cases the scope is used to calculate other values. Lastly
+ were places where these functions where used that are no longer needed. For
+ example when making a call, the caller's ScopeChain was copied to the callee's
+ ScopeChain. This change no longer uses the ScopeChain call frame header slot.
+ That slot will be removed in a future patch.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * jit/JIT.h:
+ * jit/JITInlines.h:
+ (JSC::JIT::callOperation):
+ * runtime/JSLexicalEnvironment.h:
+ (JSC::JSLexicalEnvironment::create):
+ (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_create_lexical_environment):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_create_lexical_environment):
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::handleHostCall):
+ (JSC::LLInt::setUpCall):
+ (JSC::LLInt::llint_throw_stack_overflow_error):
+ Pass the current scope value to the helper operationCreateActivation() and
+ the call to JSLexicalEnvironment::create() instead of using the stack frame
+ scope chain value.
+
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ CreateActivation now has a second child, the scope.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::init): Deleted. This is dead code.
+ (JSC::ExecState::scope): Deleted.
+ (JSC::ExecState::setScope): Deleted.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
+ chain slot.
+
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ Changed process to find JSScope values on the stack or by some other means.
+
+ * runtime/JSWithScope.h:
+ (JSC::JSWithScope::JSWithScope): Deleted.
+ Eliminated unused constructor.
+
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+ Changed to pass in the current scope.
+
</ins><span class="cx"> 2014-12-10 Gyuyoung Kim <gyuyoung.kim@samsung.com>
</span><span class="cx">
</span><span class="cx"> Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -3398,7 +3398,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case op_create_lexical_environment: {
</span><del>- Node* lexicalEnvironment = addToGraph(CreateActivation, get(VirtualRegister(currentInstruction[1].u.operand)));
</del><ins>+ Node* lexicalEnvironment = addToGraph(CreateActivation, get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand)));
</ins><span class="cx"> set(VirtualRegister(currentInstruction[1].u.operand), lexicalEnvironment);
</span><span class="cx"> set(VirtualRegister(currentInstruction[2].u.operand), lexicalEnvironment);
</span><span class="cx"> NEXT_OPCODE(op_create_lexical_environment);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -1172,6 +1172,8 @@
</span><span class="cx">
</span><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+
+ case CreateActivation:
</ins><span class="cx"> case NewFunction: {
</span><span class="cx"> fixEdge<CellUse>(node->child2());
</span><span class="cx"> break;
</span><span class="lines">@@ -1216,7 +1218,6 @@
</span><span class="cx"> case IsNumber:
</span><span class="cx"> case IsObject:
</span><span class="cx"> case IsFunction:
</span><del>- case CreateActivation:
</del><span class="cx"> case CreateArguments:
</span><span class="cx"> case PhantomArguments:
</span><span class="cx"> case TearOffArguments:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -1204,6 +1204,11 @@
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1);
</span><span class="cx"> return appendCallWithExceptionCheckSetResult(operation, result);
</span><span class="cx"> }
</span><ins>+ JITCompiler::Call callOperation(C_JITOperation_EJscZ operation, GPRReg result, GPRReg arg1, int32_t arg2)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImm32(arg2));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
</ins><span class="cx"> JITCompiler::Call callOperation(C_JITOperation_EZ operation, GPRReg result, GPRReg arg1)
</span><span class="cx"> {
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -4180,9 +4180,11 @@
</span><span class="cx"> case CreateActivation: {
</span><span class="cx"> GPRTemporary result(this);
</span><span class="cx"> GPRReg resultGPR = result.gpr();
</span><ins>+ SpeculateCellOperand scope(this, node->child2());
+ GPRReg scopeGPR = scope.gpr();
</ins><span class="cx">
</span><span class="cx"> flushRegisters();
</span><del>- callOperation(operationCreateActivation, resultGPR, framePointerOffsetToGetActivationRegisters());
</del><ins>+ callOperation(operationCreateActivation, resultGPR, scopeGPR, framePointerOffsetToGetActivationRegisters());
</ins><span class="cx">
</span><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -4243,9 +4243,11 @@
</span><span class="cx">
</span><span class="cx"> GPRTemporary result(this);
</span><span class="cx"> GPRReg resultGPR = result.gpr();
</span><del>-
</del><ins>+ SpeculateCellOperand scope(this, node->child2());
+ GPRReg scopeGPR = scope.gpr();
+
</ins><span class="cx"> flushRegisters();
</span><del>- callOperation(operationCreateActivation, resultGPR, framePointerOffsetToGetActivationRegisters());
</del><ins>+ callOperation(operationCreateActivation, resultGPR, scopeGPR, framePointerOffsetToGetActivationRegisters());
</ins><span class="cx">
</span><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterCallFrameh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/CallFrame.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/CallFrame.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/interpreter/CallFrame.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -45,12 +45,6 @@
</span><span class="cx"> JSValue calleeAsValue() const { return this[JSStack::Callee].jsValue(); }
</span><span class="cx"> JSObject* callee() const { return this[JSStack::Callee].function(); }
</span><span class="cx"> CodeBlock* codeBlock() const { return this[JSStack::CodeBlock].Register::codeBlock(); }
</span><del>- JSScope* scope() const
- {
- ASSERT(this[JSStack::ScopeChain].Register::scope());
- return this[JSStack::ScopeChain].Register::scope();
- }
-
</del><span class="cx"> JSScope* scope(int scopeRegisterOffset) const
</span><span class="cx"> {
</span><span class="cx"> ASSERT(this[scopeRegisterOffset].Register::scope());
</span><span class="lines">@@ -191,23 +185,9 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> void setCallerFrame(CallFrame* frame) { callerFrameAndPC().callerFrame = frame; }
</span><del>- void setScope(JSScope* scope) { static_cast<Register*>(this)[JSStack::ScopeChain] = scope; }
</del><span class="cx"> void setScope(int scopeRegisterOffset, JSScope* scope) { static_cast<Register*>(this)[scopeRegisterOffset] = scope; }
</span><span class="cx"> void setActivation(JSLexicalEnvironment*);
</span><span class="cx">
</span><del>- ALWAYS_INLINE void init(CodeBlock* codeBlock, Instruction* vPC, JSScope* scope,
- CallFrame* callerFrame, int argc, JSObject* callee)
- {
- ASSERT(callerFrame == noCaller() || callerFrame->stack()->containsAddress(this));
-
- setCodeBlock(codeBlock);
- setScope(scope);
- setCallerFrame(callerFrame);
- setReturnPC(vPC); // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.
- setArgumentCountIncludingThis(argc); // original argument count (for the sake of the "arguments" object)
- setCallee(callee);
- }
-
</del><span class="cx"> // Read a register from the codeframe (or constant from the CodeBlock).
</span><span class="cx"> Register& r(int);
</span><span class="cx"> // Read a register for a non-constant
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -381,7 +381,7 @@
</span><span class="cx"> --it;
</span><span class="cx"> dataLogF("[Callee] | %10p | %p \n", it, callFrame->callee());
</span><span class="cx"> --it;
</span><del>- dataLogF("[ScopeChain] | %10p | %p \n", it, callFrame->scope());
</del><ins>+ // FIXME: Remove the next decrement when the ScopeChain slot is removed from the call header
</ins><span class="cx"> --it;
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> AbstractPC pc = callFrame->abstractReturnPC(callFrame->vm());
</span><span class="lines">@@ -767,8 +767,8 @@
</span><span class="cx"> JSValue Interpreter::execute(ProgramExecutable* program, CallFrame* callFrame, JSObject* thisObj)
</span><span class="cx"> {
</span><span class="cx"> SamplingScope samplingScope(this);
</span><del>-
- JSScope* scope = callFrame->scope();
</del><ins>+
+ JSScope* scope = thisObj->globalObject();
</ins><span class="cx"> VM& vm = *scope->vm();
</span><span class="cx">
</span><span class="cx"> ASSERT(!vm.exception());
</span><span class="lines">@@ -929,18 +929,21 @@
</span><span class="cx"> return jsNull();
</span><span class="cx">
</span><span class="cx"> bool isJSCall = (callType == CallTypeJS);
</span><del>- JSScope* scope;
</del><ins>+ JSScope* scope = nullptr;
</ins><span class="cx"> CodeBlock* newCodeBlock;
</span><span class="cx"> size_t argsCount = 1 + args.size(); // implicit "this" parameter
</span><span class="cx">
</span><del>- if (isJSCall)
</del><ins>+ JSGlobalObject* globalObject;
+
+ if (isJSCall) {
</ins><span class="cx"> scope = callData.js.scope;
</span><del>- else {
</del><ins>+ globalObject = scope->globalObject();
+ } else {
</ins><span class="cx"> ASSERT(callType == CallTypeHost);
</span><del>- scope = callFrame->scope();
</del><ins>+ globalObject = function->globalObject();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- VMEntryScope entryScope(vm, scope->globalObject());
</del><ins>+ VMEntryScope entryScope(vm, globalObject);
</ins><span class="cx"> if (!vm.isSafeToRecurse())
</span><span class="cx"> return checkedReturn(throwStackOverflowError(callFrame));
</span><span class="cx">
</span><span class="lines">@@ -997,18 +1000,21 @@
</span><span class="cx"> return checkedReturn(throwStackOverflowError(callFrame));
</span><span class="cx">
</span><span class="cx"> bool isJSConstruct = (constructType == ConstructTypeJS);
</span><del>- JSScope* scope;
</del><ins>+ JSScope* scope = nullptr;
</ins><span class="cx"> CodeBlock* newCodeBlock;
</span><span class="cx"> size_t argsCount = 1 + args.size(); // implicit "this" parameter
</span><span class="cx">
</span><del>- if (isJSConstruct)
</del><ins>+ JSGlobalObject* globalObject;
+
+ if (isJSConstruct) {
</ins><span class="cx"> scope = constructData.js.scope;
</span><del>- else {
</del><ins>+ globalObject = scope->globalObject();
+ } else {
</ins><span class="cx"> ASSERT(constructType == ConstructTypeHost);
</span><del>- scope = callFrame->scope();
</del><ins>+ globalObject = constructor->globalObject();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- VMEntryScope entryScope(vm, scope->globalObject());
</del><ins>+ VMEntryScope entryScope(vm, globalObject);
</ins><span class="cx"> if (!vm.isSafeToRecurse())
</span><span class="cx"> return checkedReturn(throwStackOverflowError(callFrame));
</span><span class="cx">
</span><span class="lines">@@ -1138,7 +1144,7 @@
</span><span class="cx">
</span><span class="cx"> JSScope* variableObject;
</span><span class="cx"> if ((numVariables || numFunctions) && eval->isStrictMode()) {
</span><del>- scope = StrictEvalActivation::create(callFrame);
</del><ins>+ scope = StrictEvalActivation::create(callFrame, scope);
</ins><span class="cx"> variableObject = scope;
</span><span class="cx"> } else {
</span><span class="cx"> for (JSScope* node = scope; ; node = node->next()) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/jit/JIT.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -699,6 +699,8 @@
</span><span class="cx"> MacroAssembler::Call callOperation(J_JITOperation_EJIdc, int, GPRReg, const Identifier*);
</span><span class="cx"> MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg);
</span><span class="cx"> MacroAssembler::Call callOperation(J_JITOperation_EJscC, int, GPRReg, JSCell*);
</span><ins>+ MacroAssembler::Call callOperation(C_JITOperation_EJscZ, GPRReg, int32_t);
+ MacroAssembler::Call callOperation(C_JITOperation_EJscZ, int, GPRReg, int32_t);
</ins><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx"> MacroAssembler::Call callOperation(WithProfileTag, J_JITOperation_EJJ, int, GPRReg, GPRReg);
</span><span class="cx"> #else
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlines.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlines.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/jit/JITInlines.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -210,6 +210,12 @@
</span><span class="cx"> return appendCallWithExceptionCheck(operation);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EJscZ operation, GPRReg arg1, int32_t arg2)
+{
+ setupArgumentsWithExecState(arg1, TrustedImm32(arg2));
+ return appendCallWithExceptionCheck(operation);
+}
+
</ins><span class="cx"> ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EO operation, GPRReg arg)
</span><span class="cx"> {
</span><span class="cx"> setupArgumentsWithExecState(arg);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -672,7 +672,8 @@
</span><span class="cx"> int dst = currentInstruction[1].u.operand;
</span><span class="cx"> int scope = currentInstruction[2].u.operand;
</span><span class="cx">
</span><del>- callOperation(operationCreateActivation, 0);
</del><ins>+ emitGetVirtualRegister(scope, regT0);
+ callOperation(operationCreateActivation, regT0, 0);
</ins><span class="cx"> emitStoreCell(dst, returnValueGPR);
</span><span class="cx"> emitStoreCell(scope, returnValueGPR);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -901,7 +901,8 @@
</span><span class="cx"> int lexicalEnvironment = currentInstruction[1].u.operand;
</span><span class="cx"> int scope = currentInstruction[2].u.operand;
</span><span class="cx">
</span><del>- callOperation(operationCreateActivation, 0);
</del><ins>+ emitLoadPayload(currentInstruction[2].u.operand, regT0);
+ callOperation(operationCreateActivation, regT0, 0);
</ins><span class="cx"> emitStoreCell(lexicalEnvironment, returnValueGPR);
</span><span class="cx"> emitStoreCell(scope, returnValueGPR);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -608,11 +608,11 @@
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationCallEval(ExecState* exec, ExecState* execCallee)
</span><span class="cx"> {
</span><del>- ASSERT(exec->codeBlock()->codeType() != FunctionCode
</del><ins>+
+ ASSERT_UNUSED(exec, exec->codeBlock()->codeType() != FunctionCode
</ins><span class="cx"> || !exec->codeBlock()->needsActivation()
</span><span class="cx"> || exec->hasActivation());
</span><span class="cx">
</span><del>- execCallee->setScope(exec->scope());
</del><span class="cx"> execCallee->setCodeBlock(0);
</span><span class="cx">
</span><span class="cx"> if (!isHostFunction(execCallee->calleeAsValue(), globalFuncEval))
</span><span class="lines">@@ -631,7 +631,6 @@
</span><span class="cx"> ExecState* exec = execCallee->callerFrame();
</span><span class="cx"> VM* vm = &exec->vm();
</span><span class="cx">
</span><del>- execCallee->setScope(exec->scope());
</del><span class="cx"> execCallee->setCodeBlock(0);
</span><span class="cx">
</span><span class="cx"> if (kind == CodeForCall) {
</span><span class="lines">@@ -692,7 +691,6 @@
</span><span class="cx">
</span><span class="cx"> JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
</span><span class="cx"> JSScope* scope = callee->scopeUnchecked();
</span><del>- execCallee->setScope(scope);
</del><span class="cx"> ExecutableBase* executable = callee->executable();
</span><span class="cx">
</span><span class="cx"> MacroAssemblerCodePtr codePtr;
</span><span class="lines">@@ -702,7 +700,6 @@
</span><span class="cx"> else {
</span><span class="cx"> FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
</span><span class="cx"> JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, &scope, kind);
</span><del>- execCallee->setScope(scope);
</del><span class="cx"> if (error) {
</span><span class="cx"> throwStackOverflowError(exec);
</span><span class="cx"> return reinterpret_cast<char*>(vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress());
</span><span class="lines">@@ -757,12 +754,10 @@
</span><span class="cx">
</span><span class="cx"> JSFunction* function = jsCast<JSFunction*>(calleeAsFunctionCell);
</span><span class="cx"> JSScope* scope = function->scopeUnchecked();
</span><del>- execCallee->setScope(scope);
</del><span class="cx"> ExecutableBase* executable = function->executable();
</span><span class="cx"> if (UNLIKELY(!executable->hasJITCodeFor(kind))) {
</span><span class="cx"> FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
</span><span class="cx"> JSObject* error = functionExecutable->prepareForExecution(execCallee, function, &scope, kind);
</span><del>- execCallee->setScope(scope);
</del><span class="cx"> if (error) {
</span><span class="cx"> exec->vm().throwException(exec, error);
</span><span class="cx"> return reinterpret_cast<char*>(vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress());
</span><span class="lines">@@ -1401,12 +1396,11 @@
</span><span class="cx"> return JSValue::encode(JSValue());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, int32_t offset)
</del><ins>+JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, JSScope* currentScope, int32_t offset)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><del>- JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->registers() + offset, exec->codeBlock());
- exec->setScope(lexicalEnvironment);
</del><ins>+ JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->registers() + offset, currentScope, exec->codeBlock());
</ins><span class="cx"> return lexicalEnvironment;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -132,6 +132,7 @@
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJZ)(ExecState*, EncodedJSValue, int32_t);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJZC)(ExecState*, EncodedJSValue, int32_t, JSCell*);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJJC)(ExecState*, EncodedJSValue, EncodedJSValue, JSCell*);
</span><ins>+typedef JSCell* JIT_OPERATION (*C_JITOperation_EJscZ)(ExecState*, JSScope*, int32_t);
</ins><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssSt)(ExecState*, JSString*, Structure*);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssJss)(ExecState*, JSString*, JSString*);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssJssJss)(ExecState*, JSString*, JSString*, JSString*);
</span><span class="lines">@@ -292,7 +293,7 @@
</span><span class="cx"> void JIT_OPERATION operationProfileDidCall(ExecState*, EncodedJSValue) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationProfileWillCall(ExecState*, EncodedJSValue) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationCheckHasInstance(ExecState*, EncodedJSValue, EncodedJSValue baseVal) WTF_INTERNAL;
</span><del>-JSCell* JIT_OPERATION operationCreateActivation(ExecState*, int32_t offset) WTF_INTERNAL;
</del><ins>+JSCell* JIT_OPERATION operationCreateActivation(ExecState*, JSScope* currentScope, int32_t offset) WTF_INTERNAL;
</ins><span class="cx"> JSCell* JIT_OPERATION operationCreateArguments(ExecState*) WTF_INTERNAL;
</span><span class="cx"> JSCell* JIT_OPERATION operationCreateArgumentsDuringOSRExit(ExecState*) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationGetArgumentsLength(ExecState*, int32_t) WTF_INTERNAL;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -259,7 +259,7 @@
</span><span class="cx"> exec,
</span><span class="cx"> static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
</span><span class="cx"> opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)],
</span><del>- exec->scope(), pc);
</del><ins>+ exec->uncheckedR(exec->codeBlock()->scopeRegister().offset()).Register::scope(), pc);
</ins><span class="cx"> if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
</span><span class="cx"> dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
</span><span class="cx"> *bitwise_cast<volatile char*>(exec->returnPC().value());
</span><span class="lines">@@ -503,7 +503,9 @@
</span><span class="cx"> #if LLINT_SLOW_PATH_TRACING
</span><span class="cx"> dataLogF("Creating an lexicalEnvironment, exec = %p!\n", exec);
</span><span class="cx"> #endif
</span><del>- JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->codeBlock());
</del><ins>+ int scopeReg = pc[2].u.operand;
+ JSScope* scope = exec->uncheckedR(scopeReg).Register::scope();
+ JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, scope, exec->codeBlock());
</ins><span class="cx"> exec->uncheckedR(pc[2].u.operand) = lexicalEnvironment;
</span><span class="cx"> LLINT_RETURN(JSValue(lexicalEnvironment));
</span><span class="cx"> }
</span><span class="lines">@@ -1030,7 +1032,6 @@
</span><span class="cx"> ExecState* exec = execCallee->callerFrame();
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx">
</span><del>- execCallee->setScope(exec->scope());
</del><span class="cx"> execCallee->setCodeBlock(0);
</span><span class="cx"> execCallee->clearReturnPC();
</span><span class="cx">
</span><span class="lines">@@ -1094,7 +1095,6 @@
</span><span class="cx"> JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
</span><span class="cx"> JSScope* scope = callee->scopeUnchecked();
</span><span class="cx"> VM& vm = *scope->vm();
</span><del>- execCallee->setScope(scope);
</del><span class="cx"> ExecutableBase* executable = callee->executable();
</span><span class="cx">
</span><span class="cx"> MacroAssemblerCodePtr codePtr;
</span><span class="lines">@@ -1104,7 +1104,6 @@
</span><span class="cx"> else {
</span><span class="cx"> FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
</span><span class="cx"> JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, &scope, kind);
</span><del>- execCallee->setScope(scope);
</del><span class="cx"> if (error)
</span><span class="cx"> LLINT_CALL_THROW(exec, error);
</span><span class="cx"> codeBlock = functionExecutable->codeBlockFor(kind);
</span><span class="lines">@@ -1235,8 +1234,6 @@
</span><span class="cx"> execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
</span><span class="cx"> execCallee->setCallerFrame(exec);
</span><span class="cx"> execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
</span><del>- JSScope* callerScope = exec->uncheckedR(exec->codeBlock()->scopeRegister().offset()).Register::scope();
- execCallee->setScope(callerScope);
</del><span class="cx"> execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
</span><span class="cx"> execCallee->setCodeBlock(0);
</span><span class="cx"> exec->setCurrentVPC(pc);
</span><span class="lines">@@ -1433,7 +1430,7 @@
</span><span class="cx"> {
</span><span class="cx"> ExecState* exec = vm->topCallFrame;
</span><span class="cx"> if (!exec)
</span><del>- exec = protoFrame->scope()->globalObject()->globalExec();
</del><ins>+ exec = protoFrame->callee()->globalObject()->globalExec();
</ins><span class="cx"> throwStackOverflowError(exec);
</span><span class="cx"> return encodeResult(0, 0);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSLexicalEnvironmenth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -41,12 +41,12 @@
</span><span class="cx">
</span><span class="cx"> class JSLexicalEnvironment : public JSEnvironmentRecord {
</span><span class="cx"> private:
</span><del>- JSLexicalEnvironment(VM&, CallFrame*, Register*, CodeBlock*);
</del><ins>+ JSLexicalEnvironment(VM&, CallFrame*, Register*, JSScope*, CodeBlock*);
</ins><span class="cx">
</span><span class="cx"> public:
</span><span class="cx"> typedef JSEnvironmentRecord Base;
</span><span class="cx">
</span><del>- static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, Register* registers, CodeBlock* codeBlock)
</del><ins>+ static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, Register* registers, JSScope* currentScope, CodeBlock* codeBlock)
</ins><span class="cx"> {
</span><span class="cx"> SymbolTable* symbolTable = codeBlock->symbolTable();
</span><span class="cx"> ASSERT(codeBlock->codeType() == FunctionCode);
</span><span class="lines">@@ -56,14 +56,14 @@
</span><span class="cx"> vm.heap,
</span><span class="cx"> allocationSize(symbolTable)
</span><span class="cx"> )
</span><del>- ) JSLexicalEnvironment(vm, callFrame, registers, codeBlock);
</del><ins>+ ) JSLexicalEnvironment(vm, callFrame, registers, currentScope, codeBlock);
</ins><span class="cx"> lexicalEnvironment->finishCreation(vm);
</span><span class="cx"> return lexicalEnvironment;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, CodeBlock* codeBlock)
</del><ins>+ static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, JSScope* currentScope, CodeBlock* codeBlock)
</ins><span class="cx"> {
</span><del>- return create(vm, callFrame, callFrame->registers() + codeBlock->framePointerOffsetToGetActivationRegisters(), codeBlock);
</del><ins>+ return create(vm, callFrame, callFrame->registers() + codeBlock->framePointerOffsetToGetActivationRegisters(), currentScope, codeBlock);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="lines">@@ -108,12 +108,12 @@
</span><span class="cx"> extern int activationCount;
</span><span class="cx"> extern int allTheThingsCount;
</span><span class="cx">
</span><del>-inline JSLexicalEnvironment::JSLexicalEnvironment(VM& vm, CallFrame* callFrame, Register* registers, CodeBlock* codeBlock)
</del><ins>+inline JSLexicalEnvironment::JSLexicalEnvironment(VM& vm, CallFrame* callFrame, Register* registers, JSScope* currentScope, CodeBlock* codeBlock)
</ins><span class="cx"> : Base(
</span><span class="cx"> vm,
</span><span class="cx"> callFrame->lexicalGlobalObject()->activationStructure(),
</span><span class="cx"> registers,
</span><del>- callFrame->scope(),
</del><ins>+ currentScope,
</ins><span class="cx"> codeBlock->symbolTable())
</span><span class="cx"> {
</span><span class="cx"> SymbolTable* symbolTable = codeBlock->symbolTable();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSWithScopeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSWithScope.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSWithScope.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/runtime/JSWithScope.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -53,16 +53,6 @@
</span><span class="cx"> DECLARE_EXPORT_INFO;
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- JSWithScope(ExecState* exec, JSObject* object)
- : Base(
- exec->vm(),
- exec->lexicalGlobalObject()->withScopeStructure(),
- exec->scope()
- )
- , m_object(exec->vm(), this, object)
- {
- }
-
</del><span class="cx"> JSWithScope(ExecState* exec, JSObject* object, JSScope* next)
</span><span class="cx"> : Base(
</span><span class="cx"> exec->vm(),
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStrictEvalActivationcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.cpp (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.cpp 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -35,11 +35,11 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo StrictEvalActivation::s_info = { "Object", &Base::s_info, 0, CREATE_METHOD_TABLE(StrictEvalActivation) };
</span><span class="cx">
</span><del>-StrictEvalActivation::StrictEvalActivation(ExecState* exec)
</del><ins>+StrictEvalActivation::StrictEvalActivation(ExecState* exec, JSScope* currentScope)
</ins><span class="cx"> : Base(
</span><span class="cx"> exec->vm(),
</span><span class="cx"> exec->lexicalGlobalObject()->strictEvalActivationStructure(),
</span><del>- exec->scope()
</del><ins>+ currentScope
</ins><span class="cx"> )
</span><span class="cx"> {
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStrictEvalActivationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h (177145 => 177146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h 2014-12-11 16:41:33 UTC (rev 177146)
</span><span class="lines">@@ -34,9 +34,9 @@
</span><span class="cx"> public:
</span><span class="cx"> typedef JSScope Base;
</span><span class="cx">
</span><del>- static StrictEvalActivation* create(ExecState* exec)
</del><ins>+ static StrictEvalActivation* create(ExecState* exec, JSScope* currentScope)
</ins><span class="cx"> {
</span><del>- StrictEvalActivation* lexicalEnvironment = new (NotNull, allocateCell<StrictEvalActivation>(*exec->heap())) StrictEvalActivation(exec);
</del><ins>+ StrictEvalActivation* lexicalEnvironment = new (NotNull, allocateCell<StrictEvalActivation>(*exec->heap())) StrictEvalActivation(exec, currentScope);
</ins><span class="cx"> lexicalEnvironment->finishCreation(exec->vm());
</span><span class="cx"> return lexicalEnvironment;
</span><span class="cx"> }
</span><span class="lines">@@ -55,7 +55,7 @@
</span><span class="cx"> static const unsigned StructureFlags = IsEnvironmentRecord | Base::StructureFlags;
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- StrictEvalActivation(ExecState*);
</del><ins>+ StrictEvalActivation(ExecState*, JSScope*);
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre>
</div>
</div>
</body>
</html>