<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[178591] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/178591">178591</a></dd>
<dt>Author</dt> <dd>msaboff@apple.com</dd>
<dt>Date</dt> <dd>2015-01-16 12:40:22 -0800 (Fri, 16 Jan 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>REGRESSION (<a href="http://trac.webkit.org/projects/webkit/changeset/174226">r174226</a>): Header on huffingtonpost.com is too large
https://bugs.webkit.org/show_bug.cgi?id=140306
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
arguments register or whether we need to resolve "arguments". If the arguments have
been captured, then they are stored in the lexical environment and the arguments
register is not used.
Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
register is captured. Renamed the function to willResolveToArgumentsRegister() to
better indicate what we are checking.
Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
an arguments object that was optimized out of an inlined callFrame. The 32 bit path
incorrectly calculated the location of the reified callee frame. This alignment resulted
in the removal of operationCreateInlinedArgumentsDuringOSRExit()
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::willResolveToArgumentsRegister):
(JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):
(JSC::BytecodeGenerator::emitEnumeration):
(JSC::BytecodeGenerator::willResolveToArguments): Deleted.
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::getArgumentByVal):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::ArrayPatternNode::emitDirectBinding):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
* dfg/DFGOperations.cpp:
(JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
* dfg/DFGOperations.h:
(JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
LayoutTests:
Updated js/arguments-iterator to test changing argument to array values.
Removed tests that changed arguments to a string and an object as they were
bogus and didn't test what the appeared to test.
for .. of works on iterable objects only.
Added new regression test, js/regress-140306.
* js/arguments-iterator-expected.txt:
* js/regress-140306-expected.txt: Added.
* js/regress-140306.html: Added.
* js/script-tests/arguments-iterator.js:
(testEmptyArrayArguments):
(testArrayArguments):
(testOverwrittenArguments): Deleted.
(testNullArguments): Deleted.
(testNonArrayLikeArguments): Deleted.
* js/script-tests/regress-140306.js: Added.
(checkArgs):
(applyToArgs):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsjsargumentsiteratorexpectedtxt">trunk/LayoutTests/js/arguments-iterator-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsscripttestsargumentsiteratorjs">trunk/LayoutTests/js/script-tests/arguments-iterator.js</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerNodesCodegencpp">trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOperationscpp">trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOperationsh">trunk/Source/JavaScriptCore/dfg/DFGOperations.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsjsregress140306expectedtxt">trunk/LayoutTests/js/regress-140306-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregress140306html">trunk/LayoutTests/js/regress-140306.html</a></li>
<li><a href="#trunkLayoutTestsjsscripttestsregress140306js">trunk/LayoutTests/js/script-tests/regress-140306.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/LayoutTests/ChangeLog 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2015-01-16 Michael Saboff <msaboff@apple.com>
+
+ REGRESSION (r174226): Header on huffingtonpost.com is too large
+ https://bugs.webkit.org/show_bug.cgi?id=140306
+
+ Reviewed by Filip Pizlo.
+
+ Updated js/arguments-iterator to test changing argument to array values.
+ Removed tests that changed arguments to a string and an object as they were
+ bogus and didn't test what the appeared to test.
+ for .. of works on iterable objects only.
+
+ Added new regression test, js/regress-140306.
+
+ * js/arguments-iterator-expected.txt:
+ * js/regress-140306-expected.txt: Added.
+ * js/regress-140306.html: Added.
+ * js/script-tests/arguments-iterator.js:
+ (testEmptyArrayArguments):
+ (testArrayArguments):
+ (testOverwrittenArguments): Deleted.
+ (testNullArguments): Deleted.
+ (testNonArrayLikeArguments): Deleted.
+ * js/script-tests/regress-140306.js: Added.
+ (checkArgs):
+ (applyToArgs):
+
</ins><span class="cx"> 2015-01-16 Jeremy Jones <jeremyj@apple.com>
</span><span class="cx">
</span><span class="cx"> [mac] Fix test expectations after r178310.
</span></span></pre></div>
<a id="trunkLayoutTestsjsargumentsiteratorexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/arguments-iterator-expected.txt (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/arguments-iterator-expected.txt 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/LayoutTests/js/arguments-iterator-expected.txt 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -36,36 +36,24 @@
</span><span class="cx"> PASS actualArgumentsLength is iteratedArgumentsLength
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS actualArgumentsLength is iteratedArgumentsLength
</span><ins>+PASS testEmptyArrayArguments('a') is true
+PASS testEmptyArrayArguments() is true
</ins><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><del>-PASS arg === realArg is true
-PASS arg === realArg is true
-PASS arg === realArg is true
</del><span class="cx"> PASS actualArgumentsLength is iteratedArgumentsLength
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><del>-PASS arg === realArg is true
-PASS arg === realArg is true
-PASS arg === realArg is true
</del><span class="cx"> PASS actualArgumentsLength is iteratedArgumentsLength
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><del>-PASS arg === realArg is true
-PASS arg === realArg is true
-PASS arg === realArg is true
</del><span class="cx"> PASS actualArgumentsLength is iteratedArgumentsLength
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><span class="cx"> PASS arg === realArg is true
</span><del>-PASS arg === realArg is true
-PASS arg === realArg is true
-PASS arg === realArg is true
</del><span class="cx"> PASS actualArgumentsLength is iteratedArgumentsLength
</span><del>-PASS testNullArguments() threw exception TypeError: null is not an object (evaluating 'fail("nothing to iterate")').
-PASS testNonArrayLikeArguments() is true
</del><span class="cx"> PASS successfullyParsed is true
</span><span class="cx">
</span><span class="cx"> TEST COMPLETE
</span></span></pre></div>
<a id="trunkLayoutTestsjsregress140306expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress-140306-expected.txt (0 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress-140306-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress-140306-expected.txt 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+Regression test for https://webkit.org/b/140306. This test should run without any exceptions.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregress140306html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress-140306.html (0 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress-140306.html (rev 0)
+++ trunk/LayoutTests/js/regress-140306.html 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="script-tests/regress-140306.js"></script>
+<script src="../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsscripttestsargumentsiteratorjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/script-tests/arguments-iterator.js (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/arguments-iterator.js 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/LayoutTests/js/script-tests/arguments-iterator.js 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -76,43 +76,33 @@
</span><span class="cx"> testReifiedArguments({})
</span><span class="cx">
</span><span class="cx">
</span><del>-function testOverwrittenArguments() {
- var i = 0;
- arguments = "foobar";
</del><ins>+function testEmptyArrayArguments() {
+ arguments = [];
</ins><span class="cx"> for (arg of arguments) {
</span><del>- realArg = arguments[i++];
- shouldBeTrue("arg === realArg");
</del><ins>+ fail("nothing to iterate");
+ return false;
</ins><span class="cx"> }
</span><del>- iteratedArgumentsLength = i;
- actualArgumentsLength = arguments.length;
- shouldBe("actualArgumentsLength", "iteratedArgumentsLength");
</del><ins>+
+ return true;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+shouldBeTrue("testEmptyArrayArguments('a')");
+shouldBeTrue("testEmptyArrayArguments()");
</ins><span class="cx">
</span><del>-testOverwrittenArguments();
-testOverwrittenArguments("a");
-testOverwrittenArguments("a", "b");
-testOverwrittenArguments({})
</del><span class="cx">
</span><del>-
-
-function testNullArguments() {
</del><ins>+function testArrayArguments() {
</ins><span class="cx"> var i = 0;
</span><del>- arguments = null;
</del><ins>+ arguments = [1, 2, 3];
</ins><span class="cx"> for (arg of arguments) {
</span><del>- fail("nothing to iterate");
</del><ins>+ realArg = arguments[i++];
+ shouldBeTrue("arg === realArg");
</ins><span class="cx"> }
</span><ins>+ iteratedArgumentsLength = i;
+ actualArgumentsLength = arguments.length;
+ shouldBe("actualArgumentsLength", "iteratedArgumentsLength");
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-shouldThrow("testNullArguments()");
-function testNonArrayLikeArguments() {
- var i = 0;
- arguments = {};
- for (arg of arguments) {
- fail("nothing to iterate");
- return false;
- }
- return true;
-}
-shouldBeTrue("testNonArrayLikeArguments()");
-
</del><ins>+testArrayArguments();
+testArrayArguments("a");
+testArrayArguments("a", "b");
+testArrayArguments({});
</ins></span></pre></div>
<a id="trunkLayoutTestsjsscripttestsregress140306js"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/script-tests/regress-140306.js (0 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/regress-140306.js (rev 0)
+++ trunk/LayoutTests/js/script-tests/regress-140306.js 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -0,0 +1,34 @@
</span><ins>+description(
+"Regression test for https://webkit.org/b/140306. This test should run without any exceptions."
+);
+
+testArgs = [ 1, "Second", new Number(3) ];
+
+function checkArgs(a0, a1, a2) {
+ if (a0 !== testArgs[0])
+ throw "Value of declared arg a0 is wrong. Should be: " + testArgs[0] + ", was: " + a0;
+
+ if (a1 !== testArgs[1])
+ throw "Value of declared arg a1 is wrong. Should be: " + testArgs[1] + ", was: " + a1;
+
+ if (a2 !== testArgs[2])
+ throw "Value of declared arg a2 is wrong. Should be: " + testArgs[2] + ", was: " + a2;
+
+ if (arguments.length != 3)
+ throw "Length of arguments is wrong. Should be: 3, was: " + arguments.length;
+
+ for (var i = 0; i < arguments.length; i++) {
+ if (arguments[i] !== testArgs[i])
+ throw "Value of arguments[" + i + "] is wrong. Should be: " + testArgs[i] + ", was: " + arguments[i];
+ }
+}
+
+function applyToArgs() {
+ arguments = testArgs;
+
+ checkArgs.apply(this, arguments)
+
+ try { } catch (e) { throw e; } // To force the creation of an activation object
+}
+
+applyToArgs(42);
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -1,3 +1,45 @@
</span><ins>+2015-01-16 Michael Saboff <msaboff@apple.com>
+
+ REGRESSION (r174226): Header on huffingtonpost.com is too large
+ https://bugs.webkit.org/show_bug.cgi?id=140306
+
+ Reviewed by Filip Pizlo.
+
+ BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
+ arguments register or whether we need to resolve "arguments". If the arguments have
+ been captured, then they are stored in the lexical environment and the arguments
+ register is not used.
+
+ Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
+ register is captured. Renamed the function to willResolveToArgumentsRegister() to
+ better indicate what we are checking.
+
+ Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
+ an arguments object that was optimized out of an inlined callFrame. The 32 bit path
+ incorrectly calculated the location of the reified callee frame. This alignment resulted
+ in the removal of operationCreateInlinedArgumentsDuringOSRExit()
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
+ (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::emitEnumeration):
+ (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::BracketAccessorNode::emitBytecode):
+ (JSC::DotAccessorNode::emitBytecode):
+ (JSC::getArgumentByVal):
+ (JSC::ApplyFunctionCallDotNode::emitBytecode):
+ (JSC::ArrayPatternNode::emitDirectBinding):
+ * dfg/DFGOSRExitCompilerCommon.cpp:
+ (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
+ * dfg/DFGOperations.cpp:
+ (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
+ * dfg/DFGOperations.h:
+ (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
+
</ins><span class="cx"> 2015-01-15 Csaba Osztrogonác <ossy@webkit.org>
</span><span class="cx">
</span><span class="cx"> Remove ENABLE(SQL_DATABASE) guards
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -563,7 +563,7 @@
</span><span class="cx"> m_codeBlock->addParameter();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool BytecodeGenerator::willResolveToArguments(const Identifier& ident)
</del><ins>+bool BytecodeGenerator::willResolveToArgumentsRegister(const Identifier& ident)
</ins><span class="cx"> {
</span><span class="cx"> if (ident != propertyNames().arguments)
</span><span class="cx"> return false;
</span><span class="lines">@@ -575,6 +575,9 @@
</span><span class="cx"> if (entry.isNull())
</span><span class="cx"> return false;
</span><span class="cx">
</span><ins>+ if (m_localArgumentsRegister && isCaptured(m_localArgumentsRegister->index()))
+ return false;
+
</ins><span class="cx"> if (m_codeBlock->usesArguments() && m_codeType == FunctionCode && m_localArgumentsRegister)
</span><span class="cx"> return true;
</span><span class="cx">
</span><span class="lines">@@ -583,7 +586,7 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* BytecodeGenerator::uncheckedLocalArgumentsRegister()
</span><span class="cx"> {
</span><del>- ASSERT(willResolveToArguments(propertyNames().arguments));
</del><ins>+ ASSERT(willResolveToArgumentsRegister(propertyNames().arguments));
</ins><span class="cx"> ASSERT(m_localArgumentsRegister);
</span><span class="cx"> return m_localArgumentsRegister;
</span><span class="cx"> }
</span><span class="lines">@@ -1874,7 +1877,7 @@
</span><span class="cx"> RELEASE_ASSERT(!n->m_next);
</span><span class="cx"> auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression();
</span><span class="cx"> RefPtr<RegisterID> argumentRegister;
</span><del>- if (expression->isResolveNode() && willResolveToArguments(static_cast<ResolveNode*>(expression)->identifier()) && !symbolTable().slowArguments())
</del><ins>+ if (expression->isResolveNode() && willResolveToArgumentsRegister(static_cast<ResolveNode*>(expression)->identifier()) && !symbolTable().slowArguments())
</ins><span class="cx"> argumentRegister = uncheckedLocalArgumentsRegister();
</span><span class="cx"> else
</span><span class="cx"> argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
</span><span class="lines">@@ -2016,7 +2019,7 @@
</span><span class="cx"> RELEASE_ASSERT(!n->m_next);
</span><span class="cx"> auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression();
</span><span class="cx"> RefPtr<RegisterID> argumentRegister;
</span><del>- if (expression->isResolveNode() && willResolveToArguments(static_cast<ResolveNode*>(expression)->identifier()) && !symbolTable().slowArguments())
</del><ins>+ if (expression->isResolveNode() && willResolveToArgumentsRegister(static_cast<ResolveNode*>(expression)->identifier()) && !symbolTable().slowArguments())
</ins><span class="cx"> argumentRegister = uncheckedLocalArgumentsRegister();
</span><span class="cx"> else
</span><span class="cx"> argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
</span><span class="lines">@@ -2594,7 +2597,7 @@
</span><span class="cx"> void BytecodeGenerator::emitEnumeration(ThrowableExpressionData* node, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack)
</span><span class="cx"> {
</span><span class="cx"> if (subjectNode->isResolveNode()
</span><del>- && willResolveToArguments(static_cast<ResolveNode*>(subjectNode)->identifier())
</del><ins>+ && willResolveToArgumentsRegister(static_cast<ResolveNode*>(subjectNode)->identifier())
</ins><span class="cx"> && !symbolTable().slowArguments()) {
</span><span class="cx"> RefPtr<RegisterID> index = emitLoad(newTemporary(), jsNumber(0));
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -277,7 +277,7 @@
</span><span class="cx">
</span><span class="cx"> void setIsNumericCompareFunction(bool isNumericCompareFunction);
</span><span class="cx">
</span><del>- bool willResolveToArguments(const Identifier&);
</del><ins>+ bool willResolveToArgumentsRegister(const Identifier&);
</ins><span class="cx">
</span><span class="cx"> bool hasSafeLocalArgumentsRegister() { return m_localArgumentsRegister; }
</span><span class="cx"> RegisterID* uncheckedLocalArgumentsRegister();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerNodesCodegencpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -382,7 +382,7 @@
</span><span class="cx"> RegisterID* BracketAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><span class="cx"> if (m_base->isResolveNode()
</span><del>- && generator.willResolveToArguments(static_cast<ResolveNode*>(m_base)->identifier())
</del><ins>+ && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(m_base)->identifier())
</ins><span class="cx"> && !generator.symbolTable().slowArguments()) {
</span><span class="cx"> RefPtr<RegisterID> property = generator.emitNode(m_subscript);
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><span class="lines">@@ -418,7 +418,7 @@
</span><span class="cx"> if (!m_base->isResolveNode())
</span><span class="cx"> goto nonArgumentsPath;
</span><span class="cx"> ResolveNode* resolveNode = static_cast<ResolveNode*>(m_base);
</span><del>- if (!generator.willResolveToArguments(resolveNode->identifier()))
</del><ins>+ if (!generator.willResolveToArgumentsRegister(resolveNode->identifier()))
</ins><span class="cx"> goto nonArgumentsPath;
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><span class="cx"> return generator.emitGetArgumentsLength(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister());
</span><span class="lines">@@ -599,7 +599,7 @@
</span><span class="cx"> static RegisterID* getArgumentByVal(BytecodeGenerator& generator, ExpressionNode* base, RegisterID* property, RegisterID* dst, JSTextPosition divot, JSTextPosition divotStart, JSTextPosition divotEnd)
</span><span class="cx"> {
</span><span class="cx"> if (base->isResolveNode()
</span><del>- && generator.willResolveToArguments(static_cast<ResolveNode*>(base)->identifier())
</del><ins>+ && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(base)->identifier())
</ins><span class="cx"> && !generator.symbolTable().slowArguments()) {
</span><span class="cx"> generator.emitExpressionInfo(divot, divotStart, divotEnd);
</span><span class="cx"> return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister(), property);
</span><span class="lines">@@ -757,7 +757,7 @@
</span><span class="cx"> RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr);
</span><span class="cx"> RefPtr<RegisterID> argsRegister;
</span><span class="cx"> ArgumentListNode* args = m_args->m_listNode->m_next;
</span><del>- if (args->m_expr->isResolveNode() && generator.willResolveToArguments(static_cast<ResolveNode*>(args->m_expr)->identifier()) && !generator.symbolTable().slowArguments())
</del><ins>+ if (args->m_expr->isResolveNode() && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(args->m_expr)->identifier()) && !generator.symbolTable().slowArguments())
</ins><span class="cx"> argsRegister = generator.uncheckedLocalArgumentsRegister();
</span><span class="cx"> else
</span><span class="cx"> argsRegister = generator.emitNode(args->m_expr);
</span><span class="lines">@@ -2776,7 +2776,7 @@
</span><span class="cx"> RegisterID* ArrayPatternNode::emitDirectBinding(BytecodeGenerator& generator, RegisterID* dst, ExpressionNode* rhs)
</span><span class="cx"> {
</span><span class="cx"> if (rhs->isResolveNode()
</span><del>- && generator.willResolveToArguments(static_cast<ResolveNode*>(rhs)->identifier())
</del><ins>+ && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(rhs)->identifier())
</ins><span class="cx"> && generator.hasSafeLocalArgumentsRegister()&& !generator.symbolTable().slowArguments()) {
</span><span class="cx"> for (size_t i = 0; i < m_targetPatterns.size(); i++) {
</span><span class="cx"> auto target = m_targetPatterns[i];
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -327,7 +327,6 @@
</span><span class="cx"> if (m_didCreateArgumentsObject.add(inlineCallFrame).isNewEntry) {
</span><span class="cx"> // We know this call frame optimized out an arguments object that
</span><span class="cx"> // the baseline JIT would have created. Do that creation now.
</span><del>-#if USE(JSVALUE64)
</del><span class="cx"> if (inlineCallFrame) {
</span><span class="cx"> jit.addPtr(AssemblyHelpers::TrustedImm32(inlineCallFrame->stackOffset * sizeof(EncodedJSValue)), GPRInfo::callFrameRegister, GPRInfo::regT0);
</span><span class="cx"> jit.setupArguments(GPRInfo::regT0);
</span><span class="lines">@@ -337,6 +336,7 @@
</span><span class="cx"> AssemblyHelpers::TrustedImmPtr(
</span><span class="cx"> bitwise_cast<void*>(operationCreateArgumentsDuringOSRExit)),
</span><span class="cx"> GPRInfo::nonArgGPR0);
</span><ins>+#if USE(JSVALUE64)
</ins><span class="cx"> jit.call(GPRInfo::nonArgGPR0);
</span><span class="cx"> jit.store64(GPRInfo::returnValueGPR, AssemblyHelpers::addressFor(argumentsRegister));
</span><span class="cx"> jit.store64(
</span><span class="lines">@@ -344,20 +344,6 @@
</span><span class="cx"> AssemblyHelpers::addressFor(unmodifiedArgumentsRegister(argumentsRegister)));
</span><span class="cx"> jit.move(GPRInfo::returnValueGPR, GPRInfo::regT0); // no-op move on almost all platforms.
</span><span class="cx"> #else // USE(JSVALUE64) -> so the 32_64 part
</span><del>- if (inlineCallFrame) {
- jit.setupArgumentsWithExecState(
- AssemblyHelpers::TrustedImmPtr(inlineCallFrame));
- jit.move(
- AssemblyHelpers::TrustedImmPtr(
- bitwise_cast<void*>(operationCreateInlinedArgumentsDuringOSRExit)),
- GPRInfo::nonArgGPR0);
- } else {
- jit.setupArgumentsExecState();
- jit.move(
- AssemblyHelpers::TrustedImmPtr(
- bitwise_cast<void*>(operationCreateArgumentsDuringOSRExit)),
- GPRInfo::nonArgGPR0);
- }
</del><span class="cx"> jit.call(GPRInfo::nonArgGPR0);
</span><span class="cx"> jit.store32(
</span><span class="cx"> AssemblyHelpers::TrustedImm32(JSValue::CellTag),
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -774,12 +774,6 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationCreateInlinedArgumentsDuringOSRExit(ExecState* exec, InlineCallFrame* inlineCallFrame)
-{
- DeferGCForAWhile(exec->vm().heap);
- return operationCreateInlinedArguments(exec, inlineCallFrame);
-}
-
</del><span class="cx"> void JIT_OPERATION operationTearOffInlinedArguments(
</span><span class="cx"> ExecState* exec, JSCell* argumentsCell, JSCell* activationCell, InlineCallFrame* inlineCallFrame)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOperations.h (178590 => 178591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOperations.h 2015-01-16 20:22:58 UTC (rev 178590)
+++ trunk/Source/JavaScriptCore/dfg/DFGOperations.h 2015-01-16 20:40:22 UTC (rev 178591)
</span><span class="lines">@@ -97,7 +97,6 @@
</span><span class="cx"> size_t JIT_OPERATION operationCompareStrictEqCell(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
</span><span class="cx"> size_t JIT_OPERATION operationCompareStrictEq(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
</span><span class="cx"> JSCell* JIT_OPERATION operationCreateInlinedArguments(ExecState*, InlineCallFrame*) WTF_INTERNAL;
</span><del>-JSCell* JIT_OPERATION operationCreateInlinedArgumentsDuringOSRExit(ExecState*, InlineCallFrame*) WTF_INTERNAL;
</del><span class="cx"> void JIT_OPERATION operationTearOffInlinedArguments(ExecState*, JSCell*, JSCell*, InlineCallFrame*) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationGetInlinedArgumentByVal(ExecState*, int32_t, InlineCallFrame*, int32_t) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationGetArgumentByVal(ExecState*, int32_t, int32_t) WTF_INTERNAL;
</span></span></pre>
</div>
</div>
</body>
</html>