<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[181993] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/181993">181993</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2015-03-25 21:28:43 -0700 (Wed, 25 Mar 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Heap variables shouldn't end up in the stack frame
https://bugs.webkit.org/show_bug.cgi?id=141174
Reviewed by Geoffrey Garen.
Source/JavaScriptCore:
This is a major change to how JavaScriptCore handles declared variables (i.e. "var"). It removes
any ambiguity about whether a variable should be in the heap or on the stack. A variable will no
longer move between heap and stack during its lifetime. This enables a bunch of optimizations and
simplifications:
- Accesses to variables no longer need checks or indirections to determine where the variable is
at that moment in time. For example, loading a closure variable now takes just one load instead
of two. Loading an argument by index now takes a bounds check and a load in the fastest case
(when no arguments object allocation is required) while previously that same operation required
a "did I allocate arguments yet" check, a bounds check, and then the load.
- Reasoning about the allocation of an activation or arguments object now follows the same simple
logic as the allocation of any other kind of object. Previously, those objects were lazily
allocated - so an allocation instruction wasn't the actual allocation site, since it might not
allocate anything at all. This made the implementation of traditional escape analyses really
awkward, and ultimately it meant that we missed important cases. Now, we can reason about the
arguments object using the usual SSA tricks which allows for more comprehensive removal.
- The allocations of arguments objects, functions, and activations are now much faster. While
this patch generally expands our ability to eliminate arguments object allocations, an earlier
version of the patch - which lacked that functionality - was a progression on some arguments-
and closure-happy benchmarks because although no allocations were eliminated, all allocations
were faster.
- There is no tear-off. The runtime no loner needs to know about where on the stack a frame keeps
its arguments objects or activations. The runtime doesn't have to do things to the arguments
objects and activations that a frame allocated, when the frame is unwound. We always had horrid
bugs in that code, so it's good to see it go. This removes *a ton* of machinery from the DFG,
FTL, CodeBlock, and other places. All of the things having to do with "captured variables" is
now gone. This also enables implementing block-scoping. Without this change, block-scope
support would require telling CodeBlock and all of the rest of the runtime about all of the
variables that store currently-live scopes. That would have been so disastrously hard that it
might as well be impossible. With this change, it's fair game for the bytecode generator to
simply allocate whatever activations it wants, wherever it wants, and to keep them live for
however long it wants. This all works, because after bytecode generation, an activation is just
an object and variables that refer to it are just normal variables.
- SymbolTable can now tell you explicitly where a variable lives. The answer is in the form of a
VarOffset object, which has methods like isStack(), isScope(), etc. VirtualRegister is never
used for offsets of non-stack variables anymore. We now have shiny new objects for other kinds
of offsets - ScopeOffset for offsets into scopes, and DirectArgumentsOffset for offsets into
an arguments object.
- Functions that create activations can now tier-up into the FTL. Previously they couldn't. Also,
using activations used to prevent inlining; now functions that use activations can be inlined
just fine.
This is a >1% speed-up on Octane. This is a >2% speed-up on CompressionBench. This is a tiny
speed-up on AsmBench (~0.4% or something). This looks like it might be a speed-up on SunSpider.
It's only a slow-down on very short-running microbenchmarks we had previously written for our old
style of tear-off-based arguments optimization. Those benchmarks are not part of any major suite.
The easiest way of understanding this change is to start by looking at the changes in runtime/,
and then the changes in bytecompiler/, and then sort of work your way up the compiler tiers.
* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/AbortReason.h:
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::BaseIndex::withOffset):
* bytecode/ByValInfo.h:
(JSC::hasOptimizableIndexingForJSType):
(JSC::hasOptimizableIndexing):
(JSC::jitArrayModeForJSType):
(JSC::jitArrayModePermitsPut):
(JSC::jitArrayModeForStructure):
* bytecode/BytecodeKills.h: Added.
(JSC::BytecodeKills::BytecodeKills):
(JSC::BytecodeKills::operandIsKilled):
(JSC::BytecodeKills::forEachOperandKilledAt):
(JSC::BytecodeKills::KillSet::KillSet):
(JSC::BytecodeKills::KillSet::add):
(JSC::BytecodeKills::KillSet::forEachLocal):
(JSC::BytecodeKills::KillSet::contains):
* bytecode/BytecodeList.json:
* bytecode/BytecodeLivenessAnalysis.cpp:
(JSC::isValidRegisterForLiveness):
(JSC::stepOverInstruction):
(JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
(JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::computeFullLiveness):
(JSC::BytecodeLivenessAnalysis::computeKills):
(JSC::indexForOperand): Deleted.
(JSC::BytecodeLivenessAnalysis::getLivenessInfoForNonCapturedVarsAtBytecodeOffset): Deleted.
(JSC::getLivenessInfo): Deleted.
* bytecode/BytecodeLivenessAnalysis.h:
* bytecode/BytecodeLivenessAnalysisInlines.h:
(JSC::operandIsAlwaysLive):
(JSC::operandThatIsNotAlwaysLiveIsLive):
(JSC::operandIsLive):
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::nameForRegister):
(JSC::CodeBlock::validate):
(JSC::CodeBlock::isCaptured): Deleted.
(JSC::CodeBlock::framePointerOffsetToGetActivationRegisters): Deleted.
(JSC::CodeBlock::machineSlowArguments): Deleted.
* bytecode/CodeBlock.h:
(JSC::unmodifiedArgumentsRegister): Deleted.
(JSC::CodeBlock::setArgumentsRegister): Deleted.
(JSC::CodeBlock::argumentsRegister): Deleted.
(JSC::CodeBlock::uncheckedArgumentsRegister): Deleted.
(JSC::CodeBlock::usesArguments): Deleted.
(JSC::CodeBlock::captureCount): Deleted.
(JSC::CodeBlock::captureStart): Deleted.
(JSC::CodeBlock::captureEnd): Deleted.
(JSC::CodeBlock::argumentIndexAfterCapture): Deleted.
(JSC::CodeBlock::hasSlowArguments): Deleted.
(JSC::ExecState::argumentAfterCapture): Deleted.
* bytecode/CodeOrigin.h:
* bytecode/DataFormat.h:
(JSC::dataFormatToString):
* bytecode/FullBytecodeLiveness.h:
(JSC::FullBytecodeLiveness::getLiveness):
(JSC::FullBytecodeLiveness::operandIsLive):
(JSC::FullBytecodeLiveness::FullBytecodeLiveness): Deleted.
(JSC::FullBytecodeLiveness::getOut): Deleted.
* bytecode/Instruction.h:
(JSC::Instruction::Instruction):
* bytecode/Operands.h:
(JSC::Operands::virtualRegisterForIndex):
* bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromClassInfo):
* bytecode/SpeculatedType.h:
(JSC::isDirectArgumentsSpeculation):
(JSC::isScopedArgumentsSpeculation):
(JSC::isActionableMutableArraySpeculation):
(JSC::isActionableArraySpeculation):
(JSC::isArgumentsSpeculation): Deleted.
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::setArgumentsRegister): Deleted.
(JSC::UnlinkedCodeBlock::usesArguments): Deleted.
(JSC::UnlinkedCodeBlock::argumentsRegister): Deleted.
* bytecode/ValueRecovery.cpp:
(JSC::ValueRecovery::dumpInContext):
* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::directArgumentsThatWereNotCreated):
(JSC::ValueRecovery::outOfBandArgumentsThatWereNotCreated):
(JSC::ValueRecovery::nodeID):
(JSC::ValueRecovery::argumentsThatWereNotCreated): Deleted.
* bytecode/VirtualRegister.h:
(JSC::VirtualRegister::operator==):
(JSC::VirtualRegister::operator!=):
(JSC::VirtualRegister::operator<):
(JSC::VirtualRegister::operator>):
(JSC::VirtualRegister::operator<=):
(JSC::VirtualRegister::operator>=):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeNextParameter):
(JSC::BytecodeGenerator::visibleNameForParameter):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::createVariable):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::initializeVariable):
(JSC::BytecodeGenerator::emitInstanceOf):
(JSC::BytecodeGenerator::emitNewFunction):
(JSC::BytecodeGenerator::emitNewFunctionInternal):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitReturn):
(JSC::BytecodeGenerator::emitConstruct):
(JSC::BytecodeGenerator::isArgumentNumber):
(JSC::BytecodeGenerator::emitEnumeration):
(JSC::BytecodeGenerator::addVar): Deleted.
(JSC::BytecodeGenerator::emitInitLazyRegister): Deleted.
(JSC::BytecodeGenerator::initializeCapturedVariable): Deleted.
(JSC::BytecodeGenerator::resolveCallee): Deleted.
(JSC::BytecodeGenerator::addCallee): Deleted.
(JSC::BytecodeGenerator::addParameter): Deleted.
(JSC::BytecodeGenerator::willResolveToArgumentsRegister): Deleted.
(JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister): Deleted.
(JSC::BytecodeGenerator::createLazyRegisterIfNecessary): Deleted.
(JSC::BytecodeGenerator::isCaptured): Deleted.
(JSC::BytecodeGenerator::local): Deleted.
(JSC::BytecodeGenerator::constLocal): Deleted.
(JSC::BytecodeGenerator::emitResolveConstantLocal): Deleted.
(JSC::BytecodeGenerator::emitGetArgumentsLength): Deleted.
(JSC::BytecodeGenerator::emitGetArgumentByVal): Deleted.
(JSC::BytecodeGenerator::emitLazyNewFunction): Deleted.
(JSC::BytecodeGenerator::createArgumentsIfNecessary): Deleted.
* bytecompiler/BytecodeGenerator.h:
(JSC::Variable::Variable):
(JSC::Variable::isResolved):
(JSC::Variable::ident):
(JSC::Variable::offset):
(JSC::Variable::isLocal):
(JSC::Variable::local):
(JSC::Variable::isSpecial):
(JSC::BytecodeGenerator::argumentsRegister):
(JSC::BytecodeGenerator::emitNode):
(JSC::BytecodeGenerator::registerFor):
(JSC::Local::Local): Deleted.
(JSC::Local::operator bool): Deleted.
(JSC::Local::get): Deleted.
(JSC::Local::isSpecial): Deleted.
(JSC::ResolveScopeInfo::ResolveScopeInfo): Deleted.
(JSC::ResolveScopeInfo::isLocal): Deleted.
(JSC::ResolveScopeInfo::localIndex): Deleted.
(JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister): Deleted.
(JSC::BytecodeGenerator::captureMode): Deleted.
(JSC::BytecodeGenerator::shouldTearOffArgumentsEagerly): Deleted.
(JSC::BytecodeGenerator::shouldCreateArgumentsEagerly): Deleted.
(JSC::BytecodeGenerator::hasWatchableVariable): Deleted.
(JSC::BytecodeGenerator::watchableVariableIdentifier): Deleted.
* bytecompiler/NodesCodegen.cpp:
(JSC::ResolveNode::isPure):
(JSC::ResolveNode::emitBytecode):
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::EmptyVarExpression::emitBytecode):
(JSC::ForInNode::tryGetBoundLocal):
(JSC::ForInNode::emitLoopHeader):
(JSC::ForOfNode::emitBytecode):
(JSC::ArrayPatternNode::emitDirectBinding):
(JSC::BindingNode::bindValue):
(JSC::getArgumentByVal): Deleted.
* dfg/DFGAbstractHeap.h:
* dfg/DFGAbstractInterpreter.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberWorld):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberCapturedVars): Deleted.
* dfg/DFGAbstractValue.h:
* dfg/DFGArgumentPosition.h:
(JSC::DFG::ArgumentPosition::addVariable):
* dfg/DFGArgumentsEliminationPhase.cpp: Added.
(JSC::DFG::performArgumentsElimination):
* dfg/DFGArgumentsEliminationPhase.h: Added.
* dfg/DFGArgumentsSimplificationPhase.cpp: Removed.
* dfg/DFGArgumentsSimplificationPhase.h: Removed.
* dfg/DFGArgumentsUtilities.cpp: Added.
(JSC::DFG::argumentsInvolveStackSlot):
(JSC::DFG::emitCodeToGetArgumentsArrayLength):
* dfg/DFGArgumentsUtilities.h: Added.
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine):
(JSC::DFG::ArrayMode::alreadyChecked):
(JSC::DFG::arrayTypeToString):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::canCSEStorage):
(JSC::DFG::ArrayMode::modeForPut):
* dfg/DFGAvailabilityMap.cpp:
(JSC::DFG::AvailabilityMap::prune):
* dfg/DFGAvailabilityMap.h:
(JSC::DFG::AvailabilityMap::closeOverNodes):
(JSC::DFG::AvailabilityMap::closeStartingWithLocal):
* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::newVariableAccessData):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::flushDirect):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::noticeArgumentsUse):
(JSC::DFG::ByteCodeParser::handleVarargsCall):
(JSC::DFG::ByteCodeParser::attemptToInlineCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGCPSRethreadingPhase.cpp:
(JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
(JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
* dfg/DFGCSEPhase.cpp:
* dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h: Added.
(JSC::DFG::CallCreateDirectArgumentsSlowPathGenerator::CallCreateDirectArgumentsSlowPathGenerator):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::isSupportedForInlining):
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGCommon.h:
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::CommonData):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::cleanVariables):
* dfg/DFGDisassembler.h:
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGFlushFormat.cpp:
(WTF::printInternal):
* dfg/DFGFlushFormat.h:
(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):
(JSC::DFG::dataFormatFor):
* dfg/DFGForAllKills.h: Added.
(JSC::DFG::forAllLiveNodesAtTail):
(JSC::DFG::forAllDirectlyKilledOperands):
(JSC::DFG::forAllKilledOperands):
(JSC::DFG::forAllKilledNodesAtNodeIndex):
(JSC::DFG::forAllKillsInBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::substituteGetLocal):
(JSC::DFG::Graph::livenessFor):
(JSC::DFG::Graph::killsFor):
(JSC::DFG::Graph::tryGetConstantClosureVar):
(JSC::DFG::Graph::tryGetRegisters): Deleted.
* dfg/DFGGraph.h:
(JSC::DFG::Graph::symbolTableFor):
(JSC::DFG::Graph::uses):
(JSC::DFG::Graph::bytecodeRegisterForArgument): Deleted.
(JSC::DFG::Graph::capturedVarsFor): Deleted.
(JSC::DFG::Graph::usesArguments): Deleted.
(JSC::DFG::Graph::argumentsRegisterFor): Deleted.
(JSC::DFG::Graph::machineArgumentsRegisterFor): Deleted.
(JSC::DFG::Graph::uncheckedArgumentsRegisterFor): Deleted.
* dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* dfg/DFGHeapLocation.h:
* dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::initialize):
(JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGMayExit.cpp:
(JSC::DFG::mayExit):
* dfg/DFGMinifiedID.h:
* dfg/DFGMinifiedNode.cpp:
(JSC::DFG::MinifiedNode::fromNode):
* dfg/DFGMinifiedNode.h:
(JSC::DFG::belongsInMinifiedGraph):
(JSC::DFG::MinifiedNode::hasInlineCallFrame):
(JSC::DFG::MinifiedNode::inlineCallFrame):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToIdentityOn):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasConstant):
(JSC::DFG::Node::constant):
(JSC::DFG::Node::hasScopeOffset):
(JSC::DFG::Node::scopeOffset):
(JSC::DFG::Node::hasDirectArgumentsOffset):
(JSC::DFG::Node::capturedArgumentsOffset):
(JSC::DFG::Node::variablePointer):
(JSC::DFG::Node::hasCallVarargsData):
(JSC::DFG::Node::hasLoadVarargsData):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::objectMaterializationData):
(JSC::DFG::Node::isPhantomAllocation):
(JSC::DFG::Node::willHaveCodeGenOrOSR):
(JSC::DFG::Node::shouldSpeculateDirectArguments):
(JSC::DFG::Node::shouldSpeculateScopedArguments):
(JSC::DFG::Node::isPhantomArguments): Deleted.
(JSC::DFG::Node::hasVarNumber): Deleted.
(JSC::DFG::Node::varNumber): Deleted.
(JSC::DFG::Node::registerPointer): Deleted.
(JSC::DFG::Node::shouldSpeculateArguments): Deleted.
* dfg/DFGNodeType.h:
* dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
(JSC::DFG::OSRAvailabilityAnalysisPhase::run):
(JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
* dfg/DFGOSRExitCompiler.cpp:
(JSC::DFG::OSRExitCompiler::emitRestoreArguments):
* dfg/DFGOSRExitCompiler.h:
(JSC::DFG::OSRExitCompiler::badIndex): Deleted.
(JSC::DFG::OSRExitCompiler::initializePoisoned): Deleted.
(JSC::DFG::OSRExitCompiler::poisonIndex): Deleted.
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::ArgumentsRecoveryGenerator::ArgumentsRecoveryGenerator): Deleted.
(JSC::DFG::ArgumentsRecoveryGenerator::~ArgumentsRecoveryGenerator): Deleted.
(JSC::DFG::ArgumentsRecoveryGenerator::generateFor): Deleted.
* dfg/DFGOSRExitCompilerCommon.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::read):
(JSC::DFG::PreciseLocalClobberizeAdaptor::write):
(JSC::DFG::PreciseLocalClobberizeAdaptor::def):
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
(JSC::DFG::preciseLocalClobberize):
(JSC::DFG::PreciseLocalClobberizeAdaptor::writeTop): Deleted.
(JSC::DFG::forEachLocalReadByUnwind): Deleted.
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::run):
(JSC::DFG::PredictionPropagationPhase::propagate):
(JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
(JSC::DFG::PredictionPropagationPhase::propagateThroughArgumentPositions):
* dfg/DFGPromoteHeapAccess.h:
(JSC::DFG::promoteHeapAccess):
* dfg/DFGPromotedHeapLocation.cpp:
(WTF::printInternal):
* dfg/DFGPromotedHeapLocation.h:
* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
(JSC::DFG::SpeculativeJIT::emitGetLength):
(JSC::DFG::SpeculativeJIT::emitGetCallee):
(JSC::DFG::SpeculativeJIT::emitGetArgumentStart):
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
(JSC::DFG::SpeculativeJIT::compileGetByValOnScopedArguments):
(JSC::DFG::SpeculativeJIT::compileGetArrayLength):
(JSC::DFG::SpeculativeJIT::compileNewFunction):
(JSC::DFG::SpeculativeJIT::compileForwardVarargs):
(JSC::DFG::SpeculativeJIT::compileCreateActivation):
(JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
(JSC::DFG::SpeculativeJIT::compileGetFromArguments):
(JSC::DFG::SpeculativeJIT::compilePutToArguments):
(JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
(JSC::DFG::SpeculativeJIT::emitAllocateArguments): Deleted.
(JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): Deleted.
(JSC::DFG::SpeculativeJIT::compileGetArgumentsLength): Deleted.
(JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): Deleted.
(JSC::DFG::SpeculativeJIT::compileNewFunctionExpression): Deleted.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
(JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters): Deleted.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStackLayoutPhase.cpp:
(JSC::DFG::StackLayoutPhase::run):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* dfg/DFGStructureRegistrationPhase.cpp:
(JSC::DFG::StructureRegistrationPhase::run):
* dfg/DFGUnificationPhase.cpp:
(JSC::DFG::UnificationPhase::run):
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validateCPS):
* dfg/DFGValueSource.cpp:
(JSC::DFG::ValueSource::dump):
* dfg/DFGValueSource.h:
(JSC::DFG::dataFormatToValueSourceKind):
(JSC::DFG::valueSourceKindToDataFormat):
(JSC::DFG::ValueSource::ValueSource):
(JSC::DFG::ValueSource::forFlushFormat):
(JSC::DFG::ValueSource::valueRecovery):
* dfg/DFGVarargsForwardingPhase.cpp: Added.
(JSC::DFG::performVarargsForwarding):
* dfg/DFGVarargsForwardingPhase.h: Added.
* dfg/DFGVariableAccessData.cpp:
(JSC::DFG::VariableAccessData::VariableAccessData):
(JSC::DFG::VariableAccessData::flushFormat):
(JSC::DFG::VariableAccessData::mergeIsCaptured): Deleted.
* dfg/DFGVariableAccessData.h:
(JSC::DFG::VariableAccessData::shouldNeverUnbox):
(JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
(JSC::DFG::VariableAccessData::isCaptured): Deleted.
(JSC::DFG::VariableAccessData::mergeIsArgumentsAlias): Deleted.
(JSC::DFG::VariableAccessData::isArgumentsAlias): Deleted.
* dfg/DFGVariableAccessDataDump.cpp:
(JSC::DFG::VariableAccessDataDump::dump):
* dfg/DFGVariableAccessDataDump.h:
* dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::tryToSetConstantRecovery):
* dfg/DFGVariableEventStream.h:
* ftl/FTLAbstractHeap.cpp:
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractField::dump):
(JSC::FTL::IndexedAbstractHeap::dump):
(JSC::FTL::NumberedAbstractHeap::dump):
(JSC::FTL::AbsoluteAbstractHeap::dump):
* ftl/FTLAbstractHeap.h:
* ftl/FTLAbstractHeapRepository.cpp:
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLCompile.cpp:
(JSC::FTL::mmAllocateDataSection):
* ftl/FTLExitArgument.cpp:
(JSC::FTL::ExitArgument::dump):
* ftl/FTLExitPropertyValue.cpp:
(JSC::FTL::ExitPropertyValue::withLocalsOffset):
* ftl/FTLExitPropertyValue.h:
* ftl/FTLExitTimeObjectMaterialization.cpp:
(JSC::FTL::ExitTimeObjectMaterialization::ExitTimeObjectMaterialization):
(JSC::FTL::ExitTimeObjectMaterialization::accountForLocalsOffset):
* ftl/FTLExitTimeObjectMaterialization.h:
(JSC::FTL::ExitTimeObjectMaterialization::origin):
* ftl/FTLExitValue.cpp:
(JSC::FTL::ExitValue::withLocalsOffset):
(JSC::FTL::ExitValue::valueFormat):
(JSC::FTL::ExitValue::dumpInContext):
* ftl/FTLExitValue.h:
(JSC::FTL::ExitValue::isArgument):
(JSC::FTL::ExitValue::argumentsObjectThatWasNotCreated): Deleted.
(JSC::FTL::ExitValue::isArgumentsObjectThatWasNotCreated): Deleted.
(JSC::FTL::ExitValue::valueFormat): Deleted.
* ftl/FTLInlineCacheSize.cpp:
(JSC::FTL::sizeOfCallForwardVarargs):
(JSC::FTL::sizeOfConstructForwardVarargs):
(JSC::FTL::sizeOfICFor):
* ftl/FTLInlineCacheSize.h:
* ftl/FTLIntrinsicRepository.h:
* ftl/FTLJSCallVarargs.cpp:
(JSC::FTL::JSCallVarargs::JSCallVarargs):
(JSC::FTL::JSCallVarargs::emit):
* ftl/FTLJSCallVarargs.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compilePutStack):
(JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::compileArrayPush):
(JSC::FTL::LowerDFGToLLVM::compileArrayPop):
(JSC::FTL::LowerDFGToLLVM::compileCreateActivation):
(JSC::FTL::LowerDFGToLLVM::compileNewFunction):
(JSC::FTL::LowerDFGToLLVM::compileCreateDirectArguments):
(JSC::FTL::LowerDFGToLLVM::compileCreateScopedArguments):
(JSC::FTL::LowerDFGToLLVM::compileCreateClonedArguments):
(JSC::FTL::LowerDFGToLLVM::compileStringCharAt):
(JSC::FTL::LowerDFGToLLVM::compileStringCharCodeAt):
(JSC::FTL::LowerDFGToLLVM::compileGetGlobalVar):
(JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):
(JSC::FTL::LowerDFGToLLVM::compileGetArgumentCount):
(JSC::FTL::LowerDFGToLLVM::compileGetClosureVar):
(JSC::FTL::LowerDFGToLLVM::compilePutClosureVar):
(JSC::FTL::LowerDFGToLLVM::compileGetFromArguments):
(JSC::FTL::LowerDFGToLLVM::compilePutToArguments):
(JSC::FTL::LowerDFGToLLVM::compileCallOrConstructVarargs):
(JSC::FTL::LowerDFGToLLVM::compileForwardVarargs):
(JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorPname):
(JSC::FTL::LowerDFGToLLVM::ArgumentsLength::ArgumentsLength):
(JSC::FTL::LowerDFGToLLVM::getArgumentsLength):
(JSC::FTL::LowerDFGToLLVM::getCurrentCallee):
(JSC::FTL::LowerDFGToLLVM::getArgumentsStart):
(JSC::FTL::LowerDFGToLLVM::baseIndex):
(JSC::FTL::LowerDFGToLLVM::allocateObject):
(JSC::FTL::LowerDFGToLLVM::allocateVariableSizedObject):
(JSC::FTL::LowerDFGToLLVM::isArrayType):
(JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
(JSC::FTL::LowerDFGToLLVM::buildExitArguments):
(JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
(JSC::FTL::LowerDFGToLLVM::exitValueForNode):
(JSC::FTL::LowerDFGToLLVM::loadStructure):
(JSC::FTL::LowerDFGToLLVM::compilePhantomArguments): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileCheckArgumentsNotCreated): Deleted.
(JSC::FTL::LowerDFGToLLVM::checkArgumentsNotCreated): Deleted.
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileRecovery):
(JSC::FTL::compileStub):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):
* ftl/FTLOutput.h:
(JSC::FTL::Output::aShr):
(JSC::FTL::Output::lShr):
(JSC::FTL::Output::zeroExtPtr):
* heap/CopyToken.h:
* interpreter/CallFrame.h:
(JSC::ExecState::getArgumentUnsafe):
* interpreter/Interpreter.cpp:
(JSC::sizeOfVarargs):
(JSC::sizeFrameForVarargs):
(JSC::loadVarargs):
(JSC::unwindCallFrame):
* interpreter/Interpreter.h:
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::Frame::createArguments):
(JSC::StackVisitor::Frame::existingArguments): Deleted.
* interpreter/StackVisitor.h:
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::storeValue):
(JSC::AssemblyHelpers::loadValue):
(JSC::AssemblyHelpers::storeTrustedValue):
(JSC::AssemblyHelpers::branchIfNotCell):
(JSC::AssemblyHelpers::branchIsEmpty):
(JSC::AssemblyHelpers::argumentsStart):
(JSC::AssemblyHelpers::baselineArgumentsRegisterFor): Deleted.
(JSC::AssemblyHelpers::offsetOfLocals): Deleted.
(JSC::AssemblyHelpers::offsetOfArguments): Deleted.
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgument):
* jit/GPRInfo.h:
(JSC::JSValueRegs::withTwoAvailableRegs):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileSetupVarargsFrame):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileSetupVarargsFrame):
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_new_func):
(JSC::JIT::emit_op_create_direct_arguments):
(JSC::JIT::emit_op_create_scoped_arguments):
(JSC::JIT::emit_op_create_out_of_band_arguments):
(JSC::JIT::emit_op_tear_off_arguments): Deleted.
(JSC::JIT::emit_op_create_arguments): Deleted.
(JSC::JIT::emit_op_init_lazy_reg): Deleted.
(JSC::JIT::emit_op_get_arguments_length): Deleted.
(JSC::JIT::emitSlow_op_get_arguments_length): Deleted.
(JSC::JIT::emit_op_get_argument_by_val): Deleted.
(JSC::JIT::emitSlow_op_get_argument_by_val): Deleted.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_tear_off_arguments): Deleted.
(JSC::JIT::emit_op_create_arguments): Deleted.
(JSC::JIT::emit_op_init_lazy_reg): Deleted.
(JSC::JIT::emit_op_get_arguments_length): Deleted.
(JSC::JIT::emitSlow_op_get_arguments_length): Deleted.
(JSC::JIT::emit_op_get_argument_by_val): Deleted.
(JSC::JIT::emitSlow_op_get_argument_by_val): Deleted.
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_get_from_arguments):
(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_init_global_const):
(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::emitDirectArgumentsGetByVal):
(JSC::JIT::emitScopedArgumentsGetByVal):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_get_from_arguments):
(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_init_global_const):
* jit/SetupVarargsFrame.cpp:
(JSC::emitSetupVarargsFrameFastCase):
* llint/LLIntOffsetsExtractor.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* parser/Nodes.h:
(JSC::ScopeNode::captures):
* runtime/Arguments.cpp: Removed.
* runtime/Arguments.h: Removed.
* runtime/ArgumentsMode.h: Added.
* runtime/DirectArgumentsOffset.cpp: Added.
(JSC::DirectArgumentsOffset::dump):
* runtime/DirectArgumentsOffset.h: Added.
(JSC::DirectArgumentsOffset::DirectArgumentsOffset):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
* runtime/ConstantMode.cpp: Added.
(WTF::printInternal):
* runtime/ConstantMode.h:
(JSC::modeForIsConstant):
* runtime/DirectArguments.cpp: Added.
(JSC::DirectArguments::DirectArguments):
(JSC::DirectArguments::createUninitialized):
(JSC::DirectArguments::create):
(JSC::DirectArguments::createByCopying):
(JSC::DirectArguments::visitChildren):
(JSC::DirectArguments::copyBackingStore):
(JSC::DirectArguments::createStructure):
(JSC::DirectArguments::overrideThings):
(JSC::DirectArguments::overrideThingsIfNecessary):
(JSC::DirectArguments::overrideArgument):
(JSC::DirectArguments::copyToArguments):
(JSC::DirectArguments::overridesSize):
* runtime/DirectArguments.h: Added.
(JSC::DirectArguments::internalLength):
(JSC::DirectArguments::length):
(JSC::DirectArguments::canAccessIndexQuickly):
(JSC::DirectArguments::getIndexQuickly):
(JSC::DirectArguments::setIndexQuickly):
(JSC::DirectArguments::callee):
(JSC::DirectArguments::argument):
(JSC::DirectArguments::overrodeThings):
(JSC::DirectArguments::offsetOfCallee):
(JSC::DirectArguments::offsetOfLength):
(JSC::DirectArguments::offsetOfMinCapacity):
(JSC::DirectArguments::offsetOfOverrides):
(JSC::DirectArguments::storageOffset):
(JSC::DirectArguments::offsetOfSlot):
(JSC::DirectArguments::allocationSize):
(JSC::DirectArguments::storage):
* runtime/FunctionPrototype.cpp:
* runtime/GenericArguments.h: Added.
(JSC::GenericArguments::GenericArguments):
* runtime/GenericArgumentsInlines.h: Added.
(JSC::GenericArguments<Type>::getOwnPropertySlot):
(JSC::GenericArguments<Type>::getOwnPropertySlotByIndex):
(JSC::GenericArguments<Type>::getOwnPropertyNames):
(JSC::GenericArguments<Type>::put):
(JSC::GenericArguments<Type>::putByIndex):
(JSC::GenericArguments<Type>::deleteProperty):
(JSC::GenericArguments<Type>::deletePropertyByIndex):
(JSC::GenericArguments<Type>::defineOwnProperty):
(JSC::GenericArguments<Type>::copyToArguments):
* runtime/GenericOffset.h: Added.
(JSC::GenericOffset::GenericOffset):
(JSC::GenericOffset::operator!):
(JSC::GenericOffset::offsetUnchecked):
(JSC::GenericOffset::offset):
(JSC::GenericOffset::operator==):
(JSC::GenericOffset::operator!=):
(JSC::GenericOffset::operator<):
(JSC::GenericOffset::operator>):
(JSC::GenericOffset::operator<=):
(JSC::GenericOffset::operator>=):
(JSC::GenericOffset::operator+):
(JSC::GenericOffset::operator-):
(JSC::GenericOffset::operator+=):
(JSC::GenericOffset::operator-=):
* runtime/JSArgumentsIterator.cpp:
(JSC::JSArgumentsIterator::finishCreation):
(JSC::argumentsFuncIterator):
* runtime/JSArgumentsIterator.h:
(JSC::JSArgumentsIterator::create):
(JSC::JSArgumentsIterator::next):
* runtime/JSEnvironmentRecord.cpp:
(JSC::JSEnvironmentRecord::visitChildren):
* runtime/JSEnvironmentRecord.h:
(JSC::JSEnvironmentRecord::variables):
(JSC::JSEnvironmentRecord::isValid):
(JSC::JSEnvironmentRecord::variableAt):
(JSC::JSEnvironmentRecord::offsetOfVariables):
(JSC::JSEnvironmentRecord::offsetOfVariable):
(JSC::JSEnvironmentRecord::allocationSizeForScopeSize):
(JSC::JSEnvironmentRecord::allocationSize):
(JSC::JSEnvironmentRecord::JSEnvironmentRecord):
(JSC::JSEnvironmentRecord::finishCreationUninitialized):
(JSC::JSEnvironmentRecord::finishCreation):
(JSC::JSEnvironmentRecord::registers): Deleted.
(JSC::JSEnvironmentRecord::registerAt): Deleted.
(JSC::JSEnvironmentRecord::addressOfRegisters): Deleted.
(JSC::JSEnvironmentRecord::offsetOfRegisters): Deleted.
* runtime/JSFunction.cpp:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addFunction):
(JSC::JSGlobalObject::visitChildren):
(JSC::JSGlobalObject::addStaticGlobals):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::directArgumentsStructure):
(JSC::JSGlobalObject::scopedArgumentsStructure):
(JSC::JSGlobalObject::outOfBandArgumentsStructure):
(JSC::JSGlobalObject::argumentsStructure): Deleted.
* runtime/JSLexicalEnvironment.cpp:
(JSC::JSLexicalEnvironment::symbolTableGet):
(JSC::JSLexicalEnvironment::symbolTablePut):
(JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
(JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
(JSC::JSLexicalEnvironment::visitChildren): Deleted.
* runtime/JSLexicalEnvironment.h:
(JSC::JSLexicalEnvironment::create):
(JSC::JSLexicalEnvironment::JSLexicalEnvironment):
(JSC::JSLexicalEnvironment::registersOffset): Deleted.
(JSC::JSLexicalEnvironment::storageOffset): Deleted.
(JSC::JSLexicalEnvironment::storage): Deleted.
(JSC::JSLexicalEnvironment::allocationSize): Deleted.
(JSC::JSLexicalEnvironment::isValidIndex): Deleted.
(JSC::JSLexicalEnvironment::isValid): Deleted.
(JSC::JSLexicalEnvironment::registerAt): Deleted.
* runtime/JSNameScope.cpp:
(JSC::JSNameScope::visitChildren): Deleted.
* runtime/JSNameScope.h:
(JSC::JSNameScope::create):
(JSC::JSNameScope::value):
(JSC::JSNameScope::finishCreation):
(JSC::JSNameScope::JSNameScope):
* runtime/JSScope.cpp:
(JSC::abstractAccess):
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::findVariableIndex):
(JSC::JSSegmentedVariableObject::addVariables):
(JSC::JSSegmentedVariableObject::visitChildren):
(JSC::JSSegmentedVariableObject::findRegisterIndex): Deleted.
(JSC::JSSegmentedVariableObject::addRegisters): Deleted.
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::variableAt):
(JSC::JSSegmentedVariableObject::assertVariableIsInThisObject):
(JSC::JSSegmentedVariableObject::registerAt): Deleted.
(JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject): Deleted.
* runtime/JSSymbolTableObject.h:
(JSC::JSSymbolTableObject::offsetOfSymbolTable):
(JSC::symbolTableGet):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributes):
* runtime/JSType.h:
* runtime/Options.h:
* runtime/ClonedArguments.cpp: Added.
(JSC::ClonedArguments::ClonedArguments):
(JSC::ClonedArguments::createEmpty):
(JSC::ClonedArguments::createWithInlineFrame):
(JSC::ClonedArguments::createWithMachineFrame):
(JSC::ClonedArguments::createByCopyingFrom):
(JSC::ClonedArguments::createStructure):
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::getOwnPropertyNames):
(JSC::ClonedArguments::put):
(JSC::ClonedArguments::deleteProperty):
(JSC::ClonedArguments::defineOwnProperty):
(JSC::ClonedArguments::materializeSpecials):
(JSC::ClonedArguments::materializeSpecialsIfNecessary):
* runtime/ClonedArguments.h: Added.
(JSC::ClonedArguments::specialsMaterialized):
* runtime/ScopeOffset.cpp: Added.
(JSC::ScopeOffset::dump):
* runtime/ScopeOffset.h: Added.
(JSC::ScopeOffset::ScopeOffset):
* runtime/ScopedArguments.cpp: Added.
(JSC::ScopedArguments::ScopedArguments):
(JSC::ScopedArguments::finishCreation):
(JSC::ScopedArguments::createUninitialized):
(JSC::ScopedArguments::create):
(JSC::ScopedArguments::createByCopying):
(JSC::ScopedArguments::createByCopyingFrom):
(JSC::ScopedArguments::visitChildren):
(JSC::ScopedArguments::createStructure):
(JSC::ScopedArguments::overrideThings):
(JSC::ScopedArguments::overrideThingsIfNecessary):
(JSC::ScopedArguments::overrideArgument):
(JSC::ScopedArguments::copyToArguments):
* runtime/ScopedArguments.h: Added.
(JSC::ScopedArguments::internalLength):
(JSC::ScopedArguments::length):
(JSC::ScopedArguments::canAccessIndexQuickly):
(JSC::ScopedArguments::getIndexQuickly):
(JSC::ScopedArguments::setIndexQuickly):
(JSC::ScopedArguments::callee):
(JSC::ScopedArguments::overrodeThings):
(JSC::ScopedArguments::offsetOfOverrodeThings):
(JSC::ScopedArguments::offsetOfTotalLength):
(JSC::ScopedArguments::offsetOfTable):
(JSC::ScopedArguments::offsetOfScope):
(JSC::ScopedArguments::overflowStorageOffset):
(JSC::ScopedArguments::allocationSize):
(JSC::ScopedArguments::overflowStorage):
* runtime/ScopedArgumentsTable.cpp: Added.
(JSC::ScopedArgumentsTable::ScopedArgumentsTable):
(JSC::ScopedArgumentsTable::~ScopedArgumentsTable):
(JSC::ScopedArgumentsTable::destroy):
(JSC::ScopedArgumentsTable::create):
(JSC::ScopedArgumentsTable::clone):
(JSC::ScopedArgumentsTable::setLength):
(JSC::ScopedArgumentsTable::set):
(JSC::ScopedArgumentsTable::createStructure):
* runtime/ScopedArgumentsTable.h: Added.
(JSC::ScopedArgumentsTable::length):
(JSC::ScopedArgumentsTable::get):
(JSC::ScopedArgumentsTable::lock):
(JSC::ScopedArgumentsTable::offsetOfLength):
(JSC::ScopedArgumentsTable::offsetOfArguments):
(JSC::ScopedArgumentsTable::at):
* runtime/SymbolTable.cpp:
(JSC::SymbolTableEntry::prepareToWatch):
(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::visitChildren):
(JSC::SymbolTable::localToEntry):
(JSC::SymbolTable::entryFor):
(JSC::SymbolTable::cloneScopePart):
(JSC::SymbolTable::prepareForTypeProfiling):
(JSC::SymbolTable::uniqueIDForOffset):
(JSC::SymbolTable::globalTypeSetForOffset):
(JSC::SymbolTable::cloneCapturedNames): Deleted.
(JSC::SymbolTable::uniqueIDForRegister): Deleted.
(JSC::SymbolTable::globalTypeSetForRegister): Deleted.
* runtime/SymbolTable.h:
(JSC::SymbolTableEntry::varOffsetFromBits):
(JSC::SymbolTableEntry::scopeOffsetFromBits):
(JSC::SymbolTableEntry::Fast::varOffset):
(JSC::SymbolTableEntry::Fast::scopeOffset):
(JSC::SymbolTableEntry::Fast::isDontEnum):
(JSC::SymbolTableEntry::Fast::getAttributes):
(JSC::SymbolTableEntry::SymbolTableEntry):
(JSC::SymbolTableEntry::varOffset):
(JSC::SymbolTableEntry::isWatchable):
(JSC::SymbolTableEntry::scopeOffset):
(JSC::SymbolTableEntry::setAttributes):
(JSC::SymbolTableEntry::constantMode):
(JSC::SymbolTableEntry::isDontEnum):
(JSC::SymbolTableEntry::disableWatching):
(JSC::SymbolTableEntry::pack):
(JSC::SymbolTableEntry::isValidVarOffset):
(JSC::SymbolTable::createNameScopeTable):
(JSC::SymbolTable::maxScopeOffset):
(JSC::SymbolTable::didUseScopeOffset):
(JSC::SymbolTable::didUseVarOffset):
(JSC::SymbolTable::scopeSize):
(JSC::SymbolTable::nextScopeOffset):
(JSC::SymbolTable::takeNextScopeOffset):
(JSC::SymbolTable::add):
(JSC::SymbolTable::set):
(JSC::SymbolTable::argumentsLength):
(JSC::SymbolTable::setArgumentsLength):
(JSC::SymbolTable::argumentOffset):
(JSC::SymbolTable::setArgumentOffset):
(JSC::SymbolTable::arguments):
(JSC::SlowArgument::SlowArgument): Deleted.
(JSC::SymbolTableEntry::Fast::getIndex): Deleted.
(JSC::SymbolTableEntry::getIndex): Deleted.
(JSC::SymbolTableEntry::isValidIndex): Deleted.
(JSC::SymbolTable::captureStart): Deleted.
(JSC::SymbolTable::setCaptureStart): Deleted.
(JSC::SymbolTable::captureEnd): Deleted.
(JSC::SymbolTable::setCaptureEnd): Deleted.
(JSC::SymbolTable::captureCount): Deleted.
(JSC::SymbolTable::isCaptured): Deleted.
(JSC::SymbolTable::parameterCount): Deleted.
(JSC::SymbolTable::parameterCountIncludingThis): Deleted.
(JSC::SymbolTable::setParameterCountIncludingThis): Deleted.
(JSC::SymbolTable::slowArguments): Deleted.
(JSC::SymbolTable::setSlowArguments): Deleted.
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* runtime/VarOffset.cpp: Added.
(JSC::VarOffset::dump):
(WTF::printInternal):
* runtime/VarOffset.h: Added.
(JSC::VarOffset::VarOffset):
(JSC::VarOffset::assemble):
(JSC::VarOffset::isValid):
(JSC::VarOffset::operator!):
(JSC::VarOffset::kind):
(JSC::VarOffset::isStack):
(JSC::VarOffset::isScope):
(JSC::VarOffset::isDirectArgument):
(JSC::VarOffset::stackOffsetUnchecked):
(JSC::VarOffset::scopeOffsetUnchecked):
(JSC::VarOffset::capturedArgumentsOffsetUnchecked):
(JSC::VarOffset::stackOffset):
(JSC::VarOffset::scopeOffset):
(JSC::VarOffset::capturedArgumentsOffset):
(JSC::VarOffset::rawOffset):
(JSC::VarOffset::checkSanity):
(JSC::VarOffset::operator==):
(JSC::VarOffset::operator!=):
(JSC::VarOffset::hash):
(JSC::VarOffset::isHashTableDeletedValue):
(JSC::VarOffsetHash::hash):
(JSC::VarOffsetHash::equal):
* tests/stress/arguments-exit-strict-mode.js: Added.
* tests/stress/arguments-exit.js: Added.
* tests/stress/arguments-inlined-exit-strict-mode-fixed.js: Added.
* tests/stress/arguments-inlined-exit-strict-mode.js: Added.
* tests/stress/arguments-inlined-exit.js: Added.
* tests/stress/arguments-interference.js: Added.
* tests/stress/arguments-interference-cfg.js: Added.
* tests/stress/dead-get-closure-var.js: Added.
* tests/stress/get-declared-unpassed-argument-in-direct-arguments.js: Added.
* tests/stress/get-declared-unpassed-argument-in-scoped-arguments.js: Added.
* tests/stress/varargs-closure-inlined-exit-strict-mode.js: Added.
* tests/stress/varargs-closure-inlined-exit.js: Added.
* tests/stress/varargs-exit.js: Added.
* tests/stress/varargs-inlined-exit.js: Added.
* tests/stress/varargs-inlined-simple-exit-aliasing-weird-reversed-args.js: Added.
* tests/stress/varargs-inlined-simple-exit-aliasing-weird.js: Added.
* tests/stress/varargs-inlined-simple-exit-aliasing.js: Added.
* tests/stress/varargs-inlined-simple-exit.js: Added.
* tests/stress/varargs-too-few-arguments.js: Added.
* tests/stress/varargs-varargs-closure-inlined-exit.js: Added.
* tests/stress/varargs-varargs-inlined-exit-strict-mode.js: Added.
* tests/stress/varargs-varargs-inlined-exit.js: Added.
Source/WTF:
* wtf/FastBitVector.h:
(WTF::FastBitVector::resize): Small change: don't resize if you don't have to resize.
LayoutTests:
* js/function-apply-aliased-expected.txt:
* js/function-dot-arguments-expected.txt:
* js/regress/arguments-expected.txt: Added.
* js/regress/arguments-named-and-reflective-expected.txt: Added.
* js/regress/arguments-named-and-reflective.html: Added.
* js/regress/arguments-strict-mode-expected.txt: Added.
* js/regress/arguments-strict-mode.html: Added.
* js/regress/arguments.html: Added.
* js/regress/script-tests/arguments-named-and-reflective.js: Added.
* js/regress/script-tests/arguments-strict-mode.js: Added.
* js/regress/script-tests/arguments.js: Added.
* js/regress/script-tests/try-catch-get-by-val-cloned-arguments.js: Added.
* js/regress/script-tests/try-catch-get-by-val-direct-arguments.js: Added.
* js/regress/script-tests/try-catch-get-by-val-scoped-arguments.js: Added.
* js/regress/script-tests/varargs-call.js: Added.
* js/regress/script-tests/varargs-construct-inline.js: Added.
* js/regress/script-tests/varargs-construct.js: Added.
* js/regress/script-tests/varargs-inline.js: Added.
* js/regress/script-tests/varargs-strict-mode.js: Added.
* js/regress/script-tests/varargs.js: Added.
* js/regress/try-catch-get-by-val-cloned-arguments-expected.txt: Added.
* js/regress/try-catch-get-by-val-cloned-arguments.html: Added.
* js/regress/try-catch-get-by-val-direct-arguments-expected.txt: Added.
* js/regress/try-catch-get-by-val-direct-arguments.html: Added.
* js/regress/try-catch-get-by-val-scoped-arguments-expected.txt: Added.
* js/regress/try-catch-get-by-val-scoped-arguments.html: Added.
* js/regress/varargs-call-expected.txt: Added.
* js/regress/varargs-call.html: Added.
* js/regress/varargs-construct-expected.txt: Added.
* js/regress/varargs-construct-inline-expected.txt: Added.
* js/regress/varargs-construct-inline.html: Added.
* js/regress/varargs-construct.html: Added.
* js/regress/varargs-expected.txt: Added.
* js/regress/varargs-inline-expected.txt: Added.
* js/regress/varargs-inline.html: Added.
* js/regress/varargs-strict-mode-expected.txt: Added.
* js/regress/varargs-strict-mode.html: Added.
* js/regress/varargs.html: Added.
* js/script-tests/function-apply-aliased.js:
* js/script-tests/function-dot-arguments.js:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsjsfunctionapplyaliasedexpectedtxt">trunk/LayoutTests/js/function-apply-aliased-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsfunctiondotargumentsexpectedtxt">trunk/LayoutTests/js/function-dot-arguments-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsscripttestsfunctionapplyaliasedjs">trunk/LayoutTests/js/script-tests/function-apply-aliased.js</a></li>
<li><a href="#trunkLayoutTestsjsscripttestsfunctiondotargumentsjs">trunk/LayoutTests/js/script-tests/function-dot-arguments.js</a></li>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj">trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreassemblerAbortReasonh">trunk/Source/JavaScriptCore/assembler/AbortReason.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreassemblerAbstractMacroAssemblerh">trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeByValInfoh">trunk/Source/JavaScriptCore/bytecode/ByValInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeBytecodeListjson">trunk/Source/JavaScriptCore/bytecode/BytecodeList.json</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeBytecodeLivenessAnalysiscpp">trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeBytecodeLivenessAnalysish">trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeBytecodeLivenessAnalysisInlinesh">trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysisInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeBytecodeUseDefh">trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockh">trunk/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeOriginh">trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeDataFormath">trunk/Source/JavaScriptCore/bytecode/DataFormat.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeFullBytecodeLivenessh">trunk/Source/JavaScriptCore/bytecode/FullBytecodeLiveness.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeInstructionh">trunk/Source/JavaScriptCore/bytecode/Instruction.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeOperandsh">trunk/Source/JavaScriptCore/bytecode/Operands.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeSpeculatedTypecpp">trunk/Source/JavaScriptCore/bytecode/SpeculatedType.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeSpeculatedTypeh">trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockh">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeValueRecoverycpp">trunk/Source/JavaScriptCore/bytecode/ValueRecovery.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeValueRecoveryh">trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeVirtualRegisterh">trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerNodesCodegencpp">trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractHeaph">trunk/Source/JavaScriptCore/dfg/DFGAbstractHeap.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractInterpreterh">trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh">trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractValueh">trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentPositionh">trunk/Source/JavaScriptCore/dfg/DFGArgumentPosition.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArrayModecpp">trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArrayModeh">trunk/Source/JavaScriptCore/dfg/DFGArrayMode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAvailabilityMapcpp">trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAvailabilityMaph">trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGBackwardsPropagationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCPSRethreadingPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCSEPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCapabilitiescpp">trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCommonh">trunk/Source/JavaScriptCore/dfg/DFGCommon.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCommonDatah">trunk/Source/JavaScriptCore/dfg/DFGCommonData.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGConstantFoldingPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDCEPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGDCEPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDisassemblerh">trunk/Source/JavaScriptCore/dfg/DFGDisassembler.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDoesGCcpp">trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFixupPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFlushFormatcpp">trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFlushFormath">trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphcpp">trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphh">trunk/Source/JavaScriptCore/dfg/DFGGraph.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGHeapLocationcpp">trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGHeapLocationh">trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGInPlaceAbstractStatecpp">trunk/Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGJITCompilercpp">trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGMayExitcpp">trunk/Source/JavaScriptCore/dfg/DFGMayExit.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGMinifiedIDh">trunk/Source/JavaScriptCore/dfg/DFGMinifiedID.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGMinifiedNodecpp">trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGMinifiedNodeh">trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodecpp">trunk/Source/JavaScriptCore/dfg/DFGNode.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeh">trunk/Source/JavaScriptCore/dfg/DFGNode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeTypeh">trunk/Source/JavaScriptCore/dfg/DFGNodeType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRAvailabilityAnalysisPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilercpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilerh">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompiler32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompiler64cpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommonh">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOperationscpp">trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOperationsh">trunk/Source/JavaScriptCore/dfg/DFGOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPlancpp">trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPreciseLocalClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPromoteHeapAccessh">trunk/Source/JavaScriptCore/dfg/DFGPromoteHeapAccess.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPromotedHeapLocationcpp">trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPromotedHeapLocationh">trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSSAConversionPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSafeToExecuteh">trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITh">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGStackLayoutPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGStrengthReductionPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGStructureRegistrationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGUnificationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGUnificationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGValidatecpp">trunk/Source/JavaScriptCore/dfg/DFGValidate.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGValueSourcecpp">trunk/Source/JavaScriptCore/dfg/DFGValueSource.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGValueSourceh">trunk/Source/JavaScriptCore/dfg/DFGValueSource.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVariableAccessDatacpp">trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVariableAccessDatah">trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVariableAccessDataDumpcpp">trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVariableAccessDataDumph">trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVariableEventStreamcpp">trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVariableEventStreamh">trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLAbstractHeapcpp">trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLAbstractHeaph">trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLAbstractHeapRepositorycpp">trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLAbstractHeapRepositoryh">trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCapabilitiescpp">trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCompilecpp">trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitArgumentcpp">trunk/Source/JavaScriptCore/ftl/FTLExitArgument.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitPropertyValuecpp">trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitPropertyValueh">trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitTimeObjectMaterializationcpp">trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitTimeObjectMaterializationh">trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitValuecpp">trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitValueh">trunk/Source/JavaScriptCore/ftl/FTLExitValue.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLInlineCacheSizecpp">trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLInlineCacheSizeh">trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLIntrinsicRepositoryh">trunk/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLJSCallVarargscpp">trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLJSCallVarargsh">trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLOSRExitCompilercpp">trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLOperationscpp">trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLOutputh">trunk/Source/JavaScriptCore/ftl/FTLOutput.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapCopyTokenh">trunk/Source/JavaScriptCore/heap/CopyToken.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterCallFrameh">trunk/Source/JavaScriptCore/interpreter/CallFrame.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpretercpp">trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpreterh">trunk/Source/JavaScriptCore/interpreter/Interpreter.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterStackVisitorcpp">trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterStackVisitorh">trunk/Source/JavaScriptCore/interpreter/StackVisitor.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitAssemblyHelpersh">trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCCallHelpersh">trunk/Source/JavaScriptCore/jit/CCallHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitGPRInfoh">trunk/Source/JavaScriptCore/jit/GPRInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITcpp">trunk/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITh">trunk/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCallcpp">trunk/Source/JavaScriptCore/jit/JITCall.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCall32_64cpp">trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlinesh">trunk/Source/JavaScriptCore/jit/JITInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodescpp">trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodes32_64cpp">trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationscpp">trunk/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationsh">trunk/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccesscpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitSetupVarargsFramecpp">trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntOffsetsExtractorcpp">trunk/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntSlowPathscpp">trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreterasm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreter32_64asm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreter64asm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm</a></li>
<li><a href="#trunkSourceJavaScriptCoreparserNodesh">trunk/Source/JavaScriptCore/parser/Nodes.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeCommonSlowPathscpp">trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeCommonSlowPathsh">trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeConstantModeh">trunk/Source/JavaScriptCore/runtime/ConstantMode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionPrototypecpp">trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArgumentsIteratorcpp">trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArgumentsIteratorh">trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSEnvironmentRecordcpp">trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSEnvironmentRecordh">trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjecth">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSLexicalEnvironmentcpp">trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSLexicalEnvironmenth">trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSNameScopecpp">trunk/Source/JavaScriptCore/runtime/JSNameScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSNameScopeh">trunk/Source/JavaScriptCore/runtime/JSNameScope.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSScopecpp">trunk/Source/JavaScriptCore/runtime/JSScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjectcpp">trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjecth">trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSymbolTableObjecth">trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSTypeh">trunk/Source/JavaScriptCore/runtime/JSType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeOptionsh">trunk/Source/JavaScriptCore/runtime/Options.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSymbolTablecpp">trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSymbolTableh">trunk/Source/JavaScriptCore/runtime/SymbolTable.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMcpp">trunk/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMh">trunk/Source/JavaScriptCore/runtime/VM.h</a></li>
<li><a href="#trunkSourceWTFChangeLog">trunk/Source/WTF/ChangeLog</a></li>
<li><a href="#trunkSourceWTFwtfFastBitVectorh">trunk/Source/WTF/wtf/FastBitVector.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsjsregressargumentsexpectedtxt">trunk/LayoutTests/js/regress/arguments-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressargumentsnamedandreflectiveexpectedtxt">trunk/LayoutTests/js/regress/arguments-named-and-reflective-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressargumentsnamedandreflectivehtml">trunk/LayoutTests/js/regress/arguments-named-and-reflective.html</a></li>
<li><a href="#trunkLayoutTestsjsregressargumentsstrictmodeexpectedtxt">trunk/LayoutTests/js/regress/arguments-strict-mode-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressargumentsstrictmodehtml">trunk/LayoutTests/js/regress/arguments-strict-mode.html</a></li>
<li><a href="#trunkLayoutTestsjsregressargumentshtml">trunk/LayoutTests/js/regress/arguments.html</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsargumentsnamedandreflectivejs">trunk/LayoutTests/js/regress/script-tests/arguments-named-and-reflective.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsargumentsstrictmodejs">trunk/LayoutTests/js/regress/script-tests/arguments-strict-mode.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsargumentsjs">trunk/LayoutTests/js/regress/script-tests/arguments.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscriptteststrycatchgetbyvalclonedargumentsjs">trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-cloned-arguments.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscriptteststrycatchgetbyvaldirectargumentsjs">trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-direct-arguments.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscriptteststrycatchgetbyvalscopedargumentsjs">trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-scoped-arguments.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsvarargscalljs">trunk/LayoutTests/js/regress/script-tests/varargs-call.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsvarargsconstructinlinejs">trunk/LayoutTests/js/regress/script-tests/varargs-construct-inline.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsvarargsconstructjs">trunk/LayoutTests/js/regress/script-tests/varargs-construct.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsvarargsinlinejs">trunk/LayoutTests/js/regress/script-tests/varargs-inline.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsvarargsstrictmodejs">trunk/LayoutTests/js/regress/script-tests/varargs-strict-mode.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsvarargsjs">trunk/LayoutTests/js/regress/script-tests/varargs.js</a></li>
<li><a href="#trunkLayoutTestsjsregresstrycatchgetbyvalclonedargumentsexpectedtxt">trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregresstrycatchgetbyvalclonedargumentshtml">trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments.html</a></li>
<li><a href="#trunkLayoutTestsjsregresstrycatchgetbyvaldirectargumentsexpectedtxt">trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregresstrycatchgetbyvaldirectargumentshtml">trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments.html</a></li>
<li><a href="#trunkLayoutTestsjsregresstrycatchgetbyvalscopedargumentsexpectedtxt">trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregresstrycatchgetbyvalscopedargumentshtml">trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments.html</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargscallexpectedtxt">trunk/LayoutTests/js/regress/varargs-call-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargscallhtml">trunk/LayoutTests/js/regress/varargs-call.html</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsconstructexpectedtxt">trunk/LayoutTests/js/regress/varargs-construct-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsconstructinlineexpectedtxt">trunk/LayoutTests/js/regress/varargs-construct-inline-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsconstructinlinehtml">trunk/LayoutTests/js/regress/varargs-construct-inline.html</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsconstructhtml">trunk/LayoutTests/js/regress/varargs-construct.html</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsexpectedtxt">trunk/LayoutTests/js/regress/varargs-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsinlineexpectedtxt">trunk/LayoutTests/js/regress/varargs-inline-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsinlinehtml">trunk/LayoutTests/js/regress/varargs-inline.html</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsstrictmodeexpectedtxt">trunk/LayoutTests/js/regress/varargs-strict-mode-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargsstrictmodehtml">trunk/LayoutTests/js/regress/varargs-strict-mode.html</a></li>
<li><a href="#trunkLayoutTestsjsregressvarargshtml">trunk/LayoutTests/js/regress/varargs.html</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeBytecodeKillsh">trunk/Source/JavaScriptCore/bytecode/BytecodeKills.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsEliminationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsEliminationPhaseh">trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsUtilitiescpp">trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsUtilitiesh">trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCallCreateDirectArgumentsSlowPathGeneratorh">trunk/Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGForAllKillsh">trunk/Source/JavaScriptCore/dfg/DFGForAllKills.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVarargsForwardingPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGVarargsForwardingPhaseh">trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArgumentsModeh">trunk/Source/JavaScriptCore/runtime/ArgumentsMode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeClonedArgumentscpp">trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeClonedArgumentsh">trunk/Source/JavaScriptCore/runtime/ClonedArguments.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeConstantModecpp">trunk/Source/JavaScriptCore/runtime/ConstantMode.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeDirectArgumentscpp">trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeDirectArgumentsh">trunk/Source/JavaScriptCore/runtime/DirectArguments.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeDirectArgumentsOffsetcpp">trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeDirectArgumentsOffseth">trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeGenericArgumentsh">trunk/Source/JavaScriptCore/runtime/GenericArguments.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeGenericArgumentsInlinesh">trunk/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeGenericOffseth">trunk/Source/JavaScriptCore/runtime/GenericOffset.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScopeOffsetcpp">trunk/Source/JavaScriptCore/runtime/ScopeOffset.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScopeOffseth">trunk/Source/JavaScriptCore/runtime/ScopeOffset.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScopedArgumentscpp">trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScopedArgumentsh">trunk/Source/JavaScriptCore/runtime/ScopedArguments.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScopedArgumentsTablecpp">trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeScopedArgumentsTableh">trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVarOffsetcpp">trunk/Source/JavaScriptCore/runtime/VarOffset.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVarOffseth">trunk/Source/JavaScriptCore/runtime/VarOffset.h</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsexitfixedjs">trunk/Source/JavaScriptCore/tests/stress/arguments-exit-fixed.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsexitstrictmodefixedjs">trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode-fixed.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsexitstrictmodejs">trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsexitjs">trunk/Source/JavaScriptCore/tests/stress/arguments-exit.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsinlinedexitstrictmodefixedjs">trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode-fixed.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsinlinedexitstrictmodejs">trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsinlinedexitjs">trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsinterferencecfgjs">trunk/Source/JavaScriptCore/tests/stress/arguments-interference-cfg.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressargumentsinterferencejs">trunk/Source/JavaScriptCore/tests/stress/arguments-interference.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressdeadgetclosurevarjs">trunk/Source/JavaScriptCore/tests/stress/dead-get-closure-var.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressgetdeclaredunpassedargumentindirectargumentsjs">trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-direct-arguments.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressgetdeclaredunpassedargumentinscopedargumentsjs">trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-scoped-arguments.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsclosureinlinedexitstrictmodejs">trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit-strict-mode.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsclosureinlinedexitjs">trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsexitjs">trunk/Source/JavaScriptCore/tests/stress/varargs-exit.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsinlinedexitjs">trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-exit.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitaliasingweirdreversedargsjs">trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird-reversed-args.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitaliasingweirdjs">trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitaliasingjs">trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitjs">trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargstoofewargumentsjs">trunk/Source/JavaScriptCore/tests/stress/varargs-too-few-arguments.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsvarargsclosureinlinedexitjs">trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-closure-inlined-exit.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsvarargsinlinedexitstrictmodejs">trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit-strict-mode.js</a></li>
<li><a href="#trunkSourceJavaScriptCoretestsstressvarargsvarargsinlinedexitjs">trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit.js</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsSimplificationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsSimplificationPhaseh">trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArgumentscpp">trunk/Source/JavaScriptCore/runtime/Arguments.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArgumentsh">trunk/Source/JavaScriptCore/runtime/Arguments.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/LayoutTests/ChangeLog 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,3 +1,51 @@
</span><ins>+2015-03-25 Filip Pizlo <fpizlo@apple.com>
+
+ Heap variables shouldn't end up in the stack frame
+ https://bugs.webkit.org/show_bug.cgi?id=141174
+
+ Reviewed by Geoffrey Garen.
+
+ * js/function-apply-aliased-expected.txt:
+ * js/function-dot-arguments-expected.txt:
+ * js/regress/arguments-expected.txt: Added.
+ * js/regress/arguments-named-and-reflective-expected.txt: Added.
+ * js/regress/arguments-named-and-reflective.html: Added.
+ * js/regress/arguments-strict-mode-expected.txt: Added.
+ * js/regress/arguments-strict-mode.html: Added.
+ * js/regress/arguments.html: Added.
+ * js/regress/script-tests/arguments-named-and-reflective.js: Added.
+ * js/regress/script-tests/arguments-strict-mode.js: Added.
+ * js/regress/script-tests/arguments.js: Added.
+ * js/regress/script-tests/try-catch-get-by-val-cloned-arguments.js: Added.
+ * js/regress/script-tests/try-catch-get-by-val-direct-arguments.js: Added.
+ * js/regress/script-tests/try-catch-get-by-val-scoped-arguments.js: Added.
+ * js/regress/script-tests/varargs-call.js: Added.
+ * js/regress/script-tests/varargs-construct-inline.js: Added.
+ * js/regress/script-tests/varargs-construct.js: Added.
+ * js/regress/script-tests/varargs-inline.js: Added.
+ * js/regress/script-tests/varargs-strict-mode.js: Added.
+ * js/regress/script-tests/varargs.js: Added.
+ * js/regress/try-catch-get-by-val-cloned-arguments-expected.txt: Added.
+ * js/regress/try-catch-get-by-val-cloned-arguments.html: Added.
+ * js/regress/try-catch-get-by-val-direct-arguments-expected.txt: Added.
+ * js/regress/try-catch-get-by-val-direct-arguments.html: Added.
+ * js/regress/try-catch-get-by-val-scoped-arguments-expected.txt: Added.
+ * js/regress/try-catch-get-by-val-scoped-arguments.html: Added.
+ * js/regress/varargs-call-expected.txt: Added.
+ * js/regress/varargs-call.html: Added.
+ * js/regress/varargs-construct-expected.txt: Added.
+ * js/regress/varargs-construct-inline-expected.txt: Added.
+ * js/regress/varargs-construct-inline.html: Added.
+ * js/regress/varargs-construct.html: Added.
+ * js/regress/varargs-expected.txt: Added.
+ * js/regress/varargs-inline-expected.txt: Added.
+ * js/regress/varargs-inline.html: Added.
+ * js/regress/varargs-strict-mode-expected.txt: Added.
+ * js/regress/varargs-strict-mode.html: Added.
+ * js/regress/varargs.html: Added.
+ * js/script-tests/function-apply-aliased.js:
+ * js/script-tests/function-dot-arguments.js:
+
</ins><span class="cx"> 2015-03-25 Chris Fleizach <cfleizach@apple.com>
</span><span class="cx">
</span><span class="cx"> AX: table cells that use display:block render the table inaccessible to VoiceOver
</span></span></pre></div>
<a id="trunkLayoutTestsjsfunctionapplyaliasedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/function-apply-aliased-expected.txt (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/function-apply-aliased-expected.txt 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/LayoutTests/js/function-apply-aliased-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -22,6 +22,7 @@
</span><span class="cx"> PASS myFunctionWithApply.apply(myObject, arg1Array) is [myFunctionWithApply, "myFunctionWithApply.apply", myObject]
</span><span class="cx"> PASS forwarder(myFunctionWithApply, myObject, arg1Array) is [myFunctionWithApply, "myFunctionWithApply.apply", myObject]
</span><span class="cx"> PASS myFunctionWithApply.aliasedApply(myObject, arg1Array) is [myObject, "myFunctionWithApply", "arg1"]
</span><ins>+PASS throw 42 threw exception 42.
</ins><span class="cx"> PASS myFunction.apply(null, new Array(5000000)) threw exception RangeError: Maximum call stack size exceeded..
</span><span class="cx"> PASS myFunction.apply(null, new Array(1 << 30)) threw exception RangeError: Maximum call stack size exceeded..
</span><span class="cx"> PASS recurseArguments.apply(null, new Array(50000)) threw exception RangeError: Maximum call stack size exceeded..
</span></span></pre></div>
<a id="trunkLayoutTestsjsfunctiondotargumentsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/function-dot-arguments-expected.txt (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/function-dot-arguments-expected.txt 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/LayoutTests/js/function-dot-arguments-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -32,12 +32,12 @@
</span><span class="cx"> PASS tearOffTest4a(1, 2, 3, false) is [10, 2, 3, false]
</span><span class="cx"> PASS tearOffTest4b(1, 2, 3, false) is [1, 2, 3, false]
</span><span class="cx"> PASS tearOffTest4c(1, 2, 3, false) is [1, 2, 3, false]
</span><del>-PASS tearOffTest5(1, 2, 3, false) is [10, 2, 3, false]
-PASS tearOffTest5a(1, 2, 3, false) is [10, 2, 3, false]
</del><ins>+PASS tearOffTest5(1, 2, 3, false) is [1, 2, 3, false]
+PASS tearOffTest5a(1, 2, 3, false) is [1, 2, 3, false]
</ins><span class="cx"> PASS tearOffTest5b(1, 2, 3, false) is [1, 2, 3, false]
</span><span class="cx"> PASS tearOffTest5c(1, 2, 3, false) is [1, 2, 3, false]
</span><del>-PASS tearOffTest6(1, 2, 3, false) is [10, 2, 3, false]
-PASS tearOffTest6a(1, 2, 3, false) is [10, 2, 3, false]
</del><ins>+PASS tearOffTest6(1, 2, 3, false) is [1, 2, 3, false]
+PASS tearOffTest6a(1, 2, 3, false) is [1, 2, 3, false]
</ins><span class="cx"> PASS tearOffTest6b(1, 2, 3, false) is [1, 2, 3, false]
</span><span class="cx"> PASS tearOffTest6c(1, 2, 3, false) is [1, 2, 3, false]
</span><span class="cx"> PASS tearOffTest7(1, 2, 3, false) is [10, 2, 3, false]
</span><span class="lines">@@ -56,9 +56,9 @@
</span><span class="cx"> PASS tearOffTest10a(1, 2, 3, false) is [undefined, 2, 3, false]
</span><span class="cx"> PASS tearOffTest10b(1, 2, 3, false) is [undefined, 2, 3, false]
</span><span class="cx"> PASS tearOffTest10c(1, 2, 3, false) is [undefined, 2, 3, false]
</span><del>-PASS lexicalArgumentsLiveRead1(0, 2, 3) is 1
-PASS lexicalArgumentsLiveRead2(1, 0, 3) is 2
-PASS lexicalArgumentsLiveRead3(1, 2, 0) is 3
</del><ins>+PASS lexicalArgumentsLiveRead1(0, 2, 3) is 0
+PASS lexicalArgumentsLiveRead2(1, 0, 3) is 0
+PASS lexicalArgumentsLiveRead3(1, 2, 0) is 0
</ins><span class="cx"> PASS lexicalArgumentsLiveWrite1(0, 2, 3) is 0
</span><span class="cx"> PASS lexicalArgumentsLiveWrite2(1, 0, 3) is 0
</span><span class="cx"> PASS lexicalArgumentsLiveWrite3(1, 2, 0) is 0
</span></span></pre></div>
<a id="trunkLayoutTestsjsregressargumentsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/arguments-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/arguments-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/arguments-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/arguments
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressargumentsnamedandreflectiveexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/arguments-named-and-reflective-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/arguments-named-and-reflective-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/arguments-named-and-reflective-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/arguments-named-and-reflective
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressargumentsnamedandreflectivehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/arguments-named-and-reflective.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/arguments-named-and-reflective.html (rev 0)
+++ trunk/LayoutTests/js/regress/arguments-named-and-reflective.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/arguments-named-and-reflective.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressargumentsstrictmodeexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/arguments-strict-mode-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/arguments-strict-mode-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/arguments-strict-mode-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/arguments-strict-mode
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressargumentsstrictmodehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/arguments-strict-mode.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/arguments-strict-mode.html (rev 0)
+++ trunk/LayoutTests/js/regress/arguments-strict-mode.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/arguments-strict-mode.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressargumentshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/arguments.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/arguments.html (rev 0)
+++ trunk/LayoutTests/js/regress/arguments.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/arguments.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsargumentsnamedandreflectivejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/arguments-named-and-reflective.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/arguments-named-and-reflective.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/arguments-named-and-reflective.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+function foo(a, b) {
+ return arguments[0] + b;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = foo(i, 1);
+ if (result != i + 1)
+ throw "Error: bad result: " + result;
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsargumentsstrictmodejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/arguments-strict-mode.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/arguments-strict-mode.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/arguments-strict-mode.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+function foo() {
+ "use strict";
+ return arguments[0];
+}
+
+noInline(foo);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = foo(i);
+ if (result != i)
+ throw "Error: bad result: " + result;
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsargumentsjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/arguments.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/arguments.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+function foo() {
+ return arguments[0];
+}
+
+noInline(foo);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = foo(i);
+ if (result != i)
+ throw "Error: bad result: " + result;
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscriptteststrycatchgetbyvalclonedargumentsjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-cloned-arguments.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-cloned-arguments.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-cloned-arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+function foo() {
+ "use strict";
+ try {
+ return arguments[0];
+ } catch (e) {
+ return 42;
+ }
+}
+
+var n = 100000;
+var result = 0;
+for (var i = 0; i < n; ++i)
+ result += foo(24);
+
+if (result != n * 24)
+ throw "Error: bad result: " + result;
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscriptteststrycatchgetbyvaldirectargumentsjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-direct-arguments.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-direct-arguments.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-direct-arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+function foo() {
+ try {
+ return arguments[0];
+ } catch (e) {
+ return 42;
+ }
+}
+
+var n = 100000;
+var result = 0;
+for (var i = 0; i < n; ++i)
+ result += foo(24);
+
+if (result != n * 24)
+ throw "Error: bad result: " + result;
+
+result = foo();
+if (result !== void 0)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscriptteststrycatchgetbyvalscopedargumentsjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-scoped-arguments.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-scoped-arguments.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/try-catch-get-by-val-scoped-arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+function foo(p) {
+ if (!p)
+ return function() { return p; };
+ try {
+ return arguments[1];
+ } catch (e) {
+ return 42;
+ }
+}
+
+var n = 100000;
+var result = 0;
+for (var i = 0; i < n; ++i)
+ result += foo(true, 24);
+
+if (result != n * 24)
+ throw "Error: bad result: " + result;
+
+result = foo(true);
+if (result !== void 0)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsvarargscalljs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/varargs-call.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/varargs-call.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/varargs-call.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+noInline(foo);
+
+function bar() {
+ return foo.apply(null, arguments);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = bar(1, 2);
+ if (result != 3)
+ throw "Error: bad result: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsvarargsconstructinlinejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/varargs-construct-inline.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/varargs-construct-inline.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/varargs-construct-inline.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+function foo(a, b) {
+ this.f = a;
+ this.g = b;
+}
+
+function Bar() {
+ foo.apply(this, arguments);
+}
+
+noInline(Bar);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = new Bar(1, 2);
+ if (result.f != 1)
+ throw "Error: bad result.f: " + result.f;
+ if (result.g != 2)
+ throw "Error: bad result.g: " + result.g;
+}
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsvarargsconstructjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/varargs-construct.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/varargs-construct.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/varargs-construct.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,24 @@
</span><ins>+function Foo(a, b) {
+ this.f = a;
+ this.g = b;
+}
+
+noInline(Foo);
+
+function bar() {
+ var result = new Foo(...arguments);
+ if (!result)
+ throw "Error: bad result: " + result;
+ return result;
+}
+
+noInline(bar);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = bar(1, 2);
+ if (result.f != 1)
+ throw "Error: bad result.f: " + result.f;
+ if (result.g != 2)
+ throw "Error: bad result.g: " + result.g;
+}
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsvarargsinlinejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/varargs-inline.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/varargs-inline.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/varargs-inline.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,20 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function bar() {
+ return foo.apply(null, arguments);
+}
+
+function baz(a, b) {
+ return bar(a, b);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = baz(1, 2);
+ if (result != 3)
+ throw "Error: bad result: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsvarargsstrictmodejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/varargs-strict-mode.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/varargs-strict-mode.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/varargs-strict-mode.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+"use strict";
+
+function foo(a, b) {
+ return a + b;
+}
+
+function bar() {
+ return foo.apply(null, arguments);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = bar(1, 2);
+ if (result != 3)
+ throw "Error: bad result: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsvarargsjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/varargs.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/varargs.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/varargs.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function bar() {
+ return foo.apply(null, arguments);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 1000000; ++i) {
+ var result = bar(1, 2);
+ if (result != 3)
+ throw "Error: bad result: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregresstrycatchgetbyvalclonedargumentsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/try-catch-get-by-val-cloned-arguments
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregresstrycatchgetbyvalclonedargumentshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments.html (rev 0)
+++ trunk/LayoutTests/js/regress/try-catch-get-by-val-cloned-arguments.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/try-catch-get-by-val-cloned-arguments.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregresstrycatchgetbyvaldirectargumentsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/try-catch-get-by-val-direct-arguments
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregresstrycatchgetbyvaldirectargumentshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments.html (rev 0)
+++ trunk/LayoutTests/js/regress/try-catch-get-by-val-direct-arguments.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/try-catch-get-by-val-direct-arguments.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregresstrycatchgetbyvalscopedargumentsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/try-catch-get-by-val-scoped-arguments
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregresstrycatchgetbyvalscopedargumentshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments.html (rev 0)
+++ trunk/LayoutTests/js/regress/try-catch-get-by-val-scoped-arguments.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/try-catch-get-by-val-scoped-arguments.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargscallexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-call-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-call-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-call-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/varargs-call
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargscallhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-call.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-call.html (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-call.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/varargs-call.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsconstructexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-construct-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-construct-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-construct-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/varargs-construct
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsconstructinlineexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-construct-inline-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-construct-inline-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-construct-inline-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/varargs-construct-inline
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsconstructinlinehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-construct-inline.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-construct-inline.html (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-construct-inline.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/varargs-construct-inline.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsconstructhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-construct.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-construct.html (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-construct.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/varargs-construct.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/varargs
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsinlineexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-inline-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-inline-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-inline-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/varargs-inline
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsinlinehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-inline.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-inline.html (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-inline.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/varargs-inline.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsstrictmodeexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-strict-mode-expected.txt (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-strict-mode-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-strict-mode-expected.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/varargs-strict-mode
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargsstrictmodehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs-strict-mode.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs-strict-mode.html (rev 0)
+++ trunk/LayoutTests/js/regress/varargs-strict-mode.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/varargs-strict-mode.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressvarargshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/varargs.html (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/varargs.html (rev 0)
+++ trunk/LayoutTests/js/regress/varargs.html 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/varargs.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsscripttestsfunctionapplyaliasedjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/script-tests/function-apply-aliased.js (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/function-apply-aliased.js 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/LayoutTests/js/script-tests/function-apply-aliased.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -44,6 +44,9 @@
</span><span class="cx"> shouldBe("forwarder(myFunctionWithApply, myObject, arg1Array)", '[myFunctionWithApply, "myFunctionWithApply.apply", myObject]');
</span><span class="cx"> shouldBe("myFunctionWithApply.aliasedApply(myObject, arg1Array)", '[myObject, "myFunctionWithApply", "arg1"]');
</span><span class="cx">
</span><ins>+// Let's make sure that shouldThrow() is compiled before we do crazy.
+shouldThrow("throw 42");
+
</ins><span class="cx"> function stackOverflowTest() {
</span><span class="cx"> try {
</span><span class="cx"> var a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z;
</span></span></pre></div>
<a id="trunkLayoutTestsjsscripttestsfunctiondotargumentsjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/script-tests/function-dot-arguments.js (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/function-dot-arguments.js 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/LayoutTests/js/script-tests/function-dot-arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -362,7 +362,7 @@
</span><span class="cx">
</span><span class="cx"> return arrayify(inner());
</span><span class="cx"> }
</span><del>-shouldBe("tearOffTest5(1, 2, 3, false)", "[10, 2, 3, false]");
</del><ins>+shouldBe("tearOffTest5(1, 2, 3, false)", "[1, 2, 3, false]");
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> function tearOffTest5a(a, b, c, d)
</span><span class="lines">@@ -382,7 +382,7 @@
</span><span class="cx"> return arrayify(inner());
</span><span class="cx"> }
</span><span class="cx"> }
</span><del>-shouldBe("tearOffTest5a(1, 2, 3, false)", "[10, 2, 3, false]");
</del><ins>+shouldBe("tearOffTest5a(1, 2, 3, false)", "[1, 2, 3, false]");
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> function tearOffTest5b(a, b, c, d)
</span><span class="lines">@@ -426,7 +426,7 @@
</span><span class="cx"> delete arguments[0];
</span><span class="cx"> return arrayify(tearOffTest6External());
</span><span class="cx"> }
</span><del>-shouldBe("tearOffTest6(1, 2, 3, false)", "[10, 2, 3, false]");
</del><ins>+shouldBe("tearOffTest6(1, 2, 3, false)", "[1, 2, 3, false]");
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> function tearOffTest6aExternal()
</span><span class="lines">@@ -446,7 +446,7 @@
</span><span class="cx"> return arrayify(tearOffTest6aExternal());
</span><span class="cx"> }
</span><span class="cx"> }
</span><del>-shouldBe("tearOffTest6a(1, 2, 3, false)", "[10, 2, 3, false]");
</del><ins>+shouldBe("tearOffTest6a(1, 2, 3, false)", "[1, 2, 3, false]");
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> function tearOffTest6bExternal()
</span><span class="lines">@@ -739,7 +739,7 @@
</span><span class="cx"> a = 1;
</span><span class="cx"> return lexicalArgumentsLiveRead1.arguments[0];
</span><span class="cx"> }
</span><del>-shouldBe("lexicalArgumentsLiveRead1(0, 2, 3)", "1");
</del><ins>+shouldBe("lexicalArgumentsLiveRead1(0, 2, 3)", "0");
</ins><span class="cx">
</span><span class="cx"> function lexicalArgumentsLiveRead2(a, b, c)
</span><span class="cx"> {
</span><span class="lines">@@ -747,7 +747,7 @@
</span><span class="cx"> b = 2;
</span><span class="cx"> return lexicalArgumentsLiveRead2.arguments[1];
</span><span class="cx"> }
</span><del>-shouldBe("lexicalArgumentsLiveRead2(1, 0, 3)", "2");
</del><ins>+shouldBe("lexicalArgumentsLiveRead2(1, 0, 3)", "0");
</ins><span class="cx">
</span><span class="cx"> function lexicalArgumentsLiveRead3(a, b, c)
</span><span class="cx"> {
</span><span class="lines">@@ -755,7 +755,7 @@
</span><span class="cx"> c = 3;
</span><span class="cx"> return lexicalArgumentsLiveRead3.arguments[2];
</span><span class="cx"> }
</span><del>-shouldBe("lexicalArgumentsLiveRead3(1, 2, 0)", "3");
</del><ins>+shouldBe("lexicalArgumentsLiveRead3(1, 2, 0)", "0");
</ins><span class="cx">
</span><span class="cx"> function lexicalArgumentsLiveWrite1(a, b, c)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -118,8 +118,9 @@
</span><span class="cx">
</span><span class="cx"> dfg/DFGAbstractHeap.cpp
</span><span class="cx"> dfg/DFGAbstractValue.cpp
</span><del>- dfg/DFGArgumentsSimplificationPhase.cpp
</del><span class="cx"> dfg/DFGArithMode.cpp
</span><ins>+ dfg/DFGArgumentsEliminationPhase.cpp
+ dfg/DFGArgumentsUtilities.cpp
</ins><span class="cx"> dfg/DFGArrayMode.cpp
</span><span class="cx"> dfg/DFGAtTailAbstractState.cpp
</span><span class="cx"> dfg/DFGAvailability.cpp
</span><span class="lines">@@ -232,6 +233,7 @@
</span><span class="cx"> dfg/DFGValidate.cpp
</span><span class="cx"> dfg/DFGValueSource.cpp
</span><span class="cx"> dfg/DFGValueStrength.cpp
</span><ins>+ dfg/DFGVarargsForwardingPhase.cpp
</ins><span class="cx"> dfg/DFGVariableAccessData.cpp
</span><span class="cx"> dfg/DFGVariableAccessDataDump.cpp
</span><span class="cx"> dfg/DFGVariableEvent.cpp
</span><span class="lines">@@ -398,7 +400,6 @@
</span><span class="cx">
</span><span class="cx"> set(JavaScriptCore_RUNTIME_SOURCES
</span><span class="cx"> runtime/ArgList.cpp
</span><del>- runtime/Arguments.cpp
</del><span class="cx"> runtime/ArgumentsIteratorConstructor.cpp
</span><span class="cx"> runtime/ArgumentsIteratorPrototype.cpp
</span><span class="cx"> runtime/ArrayBuffer.cpp
</span><span class="lines">@@ -414,6 +415,7 @@
</span><span class="cx"> runtime/BooleanPrototype.cpp
</span><span class="cx"> runtime/BundlePath.cpp
</span><span class="cx"> runtime/CallData.cpp
</span><ins>+ runtime/ClonedArguments.cpp
</ins><span class="cx"> runtime/CodeCache.cpp
</span><span class="cx"> runtime/CodeSpecializationKind.cpp
</span><span class="cx"> runtime/CommonIdentifiers.cpp
</span><span class="lines">@@ -423,6 +425,7 @@
</span><span class="cx"> runtime/Completion.cpp
</span><span class="cx"> runtime/ConsoleClient.cpp
</span><span class="cx"> runtime/ConsolePrototype.cpp
</span><ins>+ runtime/ConstantMode.cpp
</ins><span class="cx"> runtime/ConstructData.cpp
</span><span class="cx"> runtime/ControlFlowProfiler.cpp
</span><span class="cx"> runtime/CustomGetterSetter.cpp
</span><span class="lines">@@ -431,6 +434,8 @@
</span><span class="cx"> runtime/DateConversion.cpp
</span><span class="cx"> runtime/DateInstance.cpp
</span><span class="cx"> runtime/DatePrototype.cpp
</span><ins>+ runtime/DirectArguments.cpp
+ runtime/DirectArgumentsOffset.cpp
</ins><span class="cx"> runtime/DumpContext.cpp
</span><span class="cx"> runtime/Error.cpp
</span><span class="cx"> runtime/ErrorConstructor.cpp
</span><span class="lines">@@ -538,6 +543,9 @@
</span><span class="cx"> runtime/RegExpPrototype.cpp
</span><span class="cx"> runtime/RuntimeType.cpp
</span><span class="cx"> runtime/SamplingCounter.cpp
</span><ins>+ runtime/ScopeOffset.cpp
+ runtime/ScopedArguments.cpp
+ runtime/ScopedArgumentsTable.cpp
</ins><span class="cx"> runtime/SetConstructor.cpp
</span><span class="cx"> runtime/SetIteratorConstructor.cpp
</span><span class="cx"> runtime/SetIteratorPrototype.cpp
</span><span class="lines">@@ -570,6 +578,7 @@
</span><span class="cx"> runtime/TypedArrayType.cpp
</span><span class="cx"> runtime/VM.cpp
</span><span class="cx"> runtime/VMEntryScope.cpp
</span><ins>+ runtime/VarOffset.cpp
</ins><span class="cx"> runtime/Watchdog.cpp
</span><span class="cx"> runtime/WatchdogNone.cpp
</span><span class="cx"> runtime/WeakMapConstructor.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,3 +1,1014 @@
</span><ins>+2015-03-25 Filip Pizlo <fpizlo@apple.com>
+
+ Heap variables shouldn't end up in the stack frame
+ https://bugs.webkit.org/show_bug.cgi?id=141174
+
+ Reviewed by Geoffrey Garen.
+
+ This is a major change to how JavaScriptCore handles declared variables (i.e. "var"). It removes
+ any ambiguity about whether a variable should be in the heap or on the stack. A variable will no
+ longer move between heap and stack during its lifetime. This enables a bunch of optimizations and
+ simplifications:
+
+ - Accesses to variables no longer need checks or indirections to determine where the variable is
+ at that moment in time. For example, loading a closure variable now takes just one load instead
+ of two. Loading an argument by index now takes a bounds check and a load in the fastest case
+ (when no arguments object allocation is required) while previously that same operation required
+ a "did I allocate arguments yet" check, a bounds check, and then the load.
+
+ - Reasoning about the allocation of an activation or arguments object now follows the same simple
+ logic as the allocation of any other kind of object. Previously, those objects were lazily
+ allocated - so an allocation instruction wasn't the actual allocation site, since it might not
+ allocate anything at all. This made the implementation of traditional escape analyses really
+ awkward, and ultimately it meant that we missed important cases. Now, we can reason about the
+ arguments object using the usual SSA tricks which allows for more comprehensive removal.
+
+ - The allocations of arguments objects, functions, and activations are now much faster. While
+ this patch generally expands our ability to eliminate arguments object allocations, an earlier
+ version of the patch - which lacked that functionality - was a progression on some arguments-
+ and closure-happy benchmarks because although no allocations were eliminated, all allocations
+ were faster.
+
+ - There is no tear-off. The runtime no loner needs to know about where on the stack a frame keeps
+ its arguments objects or activations. The runtime doesn't have to do things to the arguments
+ objects and activations that a frame allocated, when the frame is unwound. We always had horrid
+ bugs in that code, so it's good to see it go. This removes *a ton* of machinery from the DFG,
+ FTL, CodeBlock, and other places. All of the things having to do with "captured variables" is
+ now gone. This also enables implementing block-scoping. Without this change, block-scope
+ support would require telling CodeBlock and all of the rest of the runtime about all of the
+ variables that store currently-live scopes. That would have been so disastrously hard that it
+ might as well be impossible. With this change, it's fair game for the bytecode generator to
+ simply allocate whatever activations it wants, wherever it wants, and to keep them live for
+ however long it wants. This all works, because after bytecode generation, an activation is just
+ an object and variables that refer to it are just normal variables.
+
+ - SymbolTable can now tell you explicitly where a variable lives. The answer is in the form of a
+ VarOffset object, which has methods like isStack(), isScope(), etc. VirtualRegister is never
+ used for offsets of non-stack variables anymore. We now have shiny new objects for other kinds
+ of offsets - ScopeOffset for offsets into scopes, and DirectArgumentsOffset for offsets into
+ an arguments object.
+
+ - Functions that create activations can now tier-up into the FTL. Previously they couldn't. Also,
+ using activations used to prevent inlining; now functions that use activations can be inlined
+ just fine.
+
+ This is a >1% speed-up on Octane. This is a >2% speed-up on CompressionBench. This is a tiny
+ speed-up on AsmBench (~0.4% or something). This looks like it might be a speed-up on SunSpider.
+ It's only a slow-down on very short-running microbenchmarks we had previously written for our old
+ style of tear-off-based arguments optimization. Those benchmarks are not part of any major suite.
+
+ The easiest way of understanding this change is to start by looking at the changes in runtime/,
+ and then the changes in bytecompiler/, and then sort of work your way up the compiler tiers.
+
+ * CMakeLists.txt:
+ * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/AbortReason.h:
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::BaseIndex::withOffset):
+ * bytecode/ByValInfo.h:
+ (JSC::hasOptimizableIndexingForJSType):
+ (JSC::hasOptimizableIndexing):
+ (JSC::jitArrayModeForJSType):
+ (JSC::jitArrayModePermitsPut):
+ (JSC::jitArrayModeForStructure):
+ * bytecode/BytecodeKills.h: Added.
+ (JSC::BytecodeKills::BytecodeKills):
+ (JSC::BytecodeKills::operandIsKilled):
+ (JSC::BytecodeKills::forEachOperandKilledAt):
+ (JSC::BytecodeKills::KillSet::KillSet):
+ (JSC::BytecodeKills::KillSet::add):
+ (JSC::BytecodeKills::KillSet::forEachLocal):
+ (JSC::BytecodeKills::KillSet::contains):
+ * bytecode/BytecodeList.json:
+ * bytecode/BytecodeLivenessAnalysis.cpp:
+ (JSC::isValidRegisterForLiveness):
+ (JSC::stepOverInstruction):
+ (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
+ (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset):
+ (JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset):
+ (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
+ (JSC::BytecodeLivenessAnalysis::computeKills):
+ (JSC::indexForOperand): Deleted.
+ (JSC::BytecodeLivenessAnalysis::getLivenessInfoForNonCapturedVarsAtBytecodeOffset): Deleted.
+ (JSC::getLivenessInfo): Deleted.
+ * bytecode/BytecodeLivenessAnalysis.h:
+ * bytecode/BytecodeLivenessAnalysisInlines.h:
+ (JSC::operandIsAlwaysLive):
+ (JSC::operandThatIsNotAlwaysLiveIsLive):
+ (JSC::operandIsLive):
+ * bytecode/BytecodeUseDef.h:
+ (JSC::computeUsesForBytecodeOffset):
+ (JSC::computeDefsForBytecodeOffset):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dumpBytecode):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::nameForRegister):
+ (JSC::CodeBlock::validate):
+ (JSC::CodeBlock::isCaptured): Deleted.
+ (JSC::CodeBlock::framePointerOffsetToGetActivationRegisters): Deleted.
+ (JSC::CodeBlock::machineSlowArguments): Deleted.
+ * bytecode/CodeBlock.h:
+ (JSC::unmodifiedArgumentsRegister): Deleted.
+ (JSC::CodeBlock::setArgumentsRegister): Deleted.
+ (JSC::CodeBlock::argumentsRegister): Deleted.
+ (JSC::CodeBlock::uncheckedArgumentsRegister): Deleted.
+ (JSC::CodeBlock::usesArguments): Deleted.
+ (JSC::CodeBlock::captureCount): Deleted.
+ (JSC::CodeBlock::captureStart): Deleted.
+ (JSC::CodeBlock::captureEnd): Deleted.
+ (JSC::CodeBlock::argumentIndexAfterCapture): Deleted.
+ (JSC::CodeBlock::hasSlowArguments): Deleted.
+ (JSC::ExecState::argumentAfterCapture): Deleted.
+ * bytecode/CodeOrigin.h:
+ * bytecode/DataFormat.h:
+ (JSC::dataFormatToString):
+ * bytecode/FullBytecodeLiveness.h:
+ (JSC::FullBytecodeLiveness::getLiveness):
+ (JSC::FullBytecodeLiveness::operandIsLive):
+ (JSC::FullBytecodeLiveness::FullBytecodeLiveness): Deleted.
+ (JSC::FullBytecodeLiveness::getOut): Deleted.
+ * bytecode/Instruction.h:
+ (JSC::Instruction::Instruction):
+ * bytecode/Operands.h:
+ (JSC::Operands::virtualRegisterForIndex):
+ * bytecode/SpeculatedType.cpp:
+ (JSC::dumpSpeculation):
+ (JSC::speculationToAbbreviatedString):
+ (JSC::speculationFromClassInfo):
+ * bytecode/SpeculatedType.h:
+ (JSC::isDirectArgumentsSpeculation):
+ (JSC::isScopedArgumentsSpeculation):
+ (JSC::isActionableMutableArraySpeculation):
+ (JSC::isActionableArraySpeculation):
+ (JSC::isArgumentsSpeculation): Deleted.
+ * bytecode/UnlinkedCodeBlock.cpp:
+ (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
+ * bytecode/UnlinkedCodeBlock.h:
+ (JSC::UnlinkedCodeBlock::setArgumentsRegister): Deleted.
+ (JSC::UnlinkedCodeBlock::usesArguments): Deleted.
+ (JSC::UnlinkedCodeBlock::argumentsRegister): Deleted.
+ * bytecode/ValueRecovery.cpp:
+ (JSC::ValueRecovery::dumpInContext):
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::directArgumentsThatWereNotCreated):
+ (JSC::ValueRecovery::outOfBandArgumentsThatWereNotCreated):
+ (JSC::ValueRecovery::nodeID):
+ (JSC::ValueRecovery::argumentsThatWereNotCreated): Deleted.
+ * bytecode/VirtualRegister.h:
+ (JSC::VirtualRegister::operator==):
+ (JSC::VirtualRegister::operator!=):
+ (JSC::VirtualRegister::operator<):
+ (JSC::VirtualRegister::operator>):
+ (JSC::VirtualRegister::operator<=):
+ (JSC::VirtualRegister::operator>=):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::initializeNextParameter):
+ (JSC::BytecodeGenerator::visibleNameForParameter):
+ (JSC::BytecodeGenerator::emitMove):
+ (JSC::BytecodeGenerator::variable):
+ (JSC::BytecodeGenerator::createVariable):
+ (JSC::BytecodeGenerator::emitResolveScope):
+ (JSC::BytecodeGenerator::emitGetFromScope):
+ (JSC::BytecodeGenerator::emitPutToScope):
+ (JSC::BytecodeGenerator::initializeVariable):
+ (JSC::BytecodeGenerator::emitInstanceOf):
+ (JSC::BytecodeGenerator::emitNewFunction):
+ (JSC::BytecodeGenerator::emitNewFunctionInternal):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitReturn):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::isArgumentNumber):
+ (JSC::BytecodeGenerator::emitEnumeration):
+ (JSC::BytecodeGenerator::addVar): Deleted.
+ (JSC::BytecodeGenerator::emitInitLazyRegister): Deleted.
+ (JSC::BytecodeGenerator::initializeCapturedVariable): Deleted.
+ (JSC::BytecodeGenerator::resolveCallee): Deleted.
+ (JSC::BytecodeGenerator::addCallee): Deleted.
+ (JSC::BytecodeGenerator::addParameter): Deleted.
+ (JSC::BytecodeGenerator::willResolveToArgumentsRegister): Deleted.
+ (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister): Deleted.
+ (JSC::BytecodeGenerator::createLazyRegisterIfNecessary): Deleted.
+ (JSC::BytecodeGenerator::isCaptured): Deleted.
+ (JSC::BytecodeGenerator::local): Deleted.
+ (JSC::BytecodeGenerator::constLocal): Deleted.
+ (JSC::BytecodeGenerator::emitResolveConstantLocal): Deleted.
+ (JSC::BytecodeGenerator::emitGetArgumentsLength): Deleted.
+ (JSC::BytecodeGenerator::emitGetArgumentByVal): Deleted.
+ (JSC::BytecodeGenerator::emitLazyNewFunction): Deleted.
+ (JSC::BytecodeGenerator::createArgumentsIfNecessary): Deleted.
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::Variable::Variable):
+ (JSC::Variable::isResolved):
+ (JSC::Variable::ident):
+ (JSC::Variable::offset):
+ (JSC::Variable::isLocal):
+ (JSC::Variable::local):
+ (JSC::Variable::isSpecial):
+ (JSC::BytecodeGenerator::argumentsRegister):
+ (JSC::BytecodeGenerator::emitNode):
+ (JSC::BytecodeGenerator::registerFor):
+ (JSC::Local::Local): Deleted.
+ (JSC::Local::operator bool): Deleted.
+ (JSC::Local::get): Deleted.
+ (JSC::Local::isSpecial): Deleted.
+ (JSC::ResolveScopeInfo::ResolveScopeInfo): Deleted.
+ (JSC::ResolveScopeInfo::isLocal): Deleted.
+ (JSC::ResolveScopeInfo::localIndex): Deleted.
+ (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister): Deleted.
+ (JSC::BytecodeGenerator::captureMode): Deleted.
+ (JSC::BytecodeGenerator::shouldTearOffArgumentsEagerly): Deleted.
+ (JSC::BytecodeGenerator::shouldCreateArgumentsEagerly): Deleted.
+ (JSC::BytecodeGenerator::hasWatchableVariable): Deleted.
+ (JSC::BytecodeGenerator::watchableVariableIdentifier): Deleted.
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ResolveNode::isPure):
+ (JSC::ResolveNode::emitBytecode):
+ (JSC::BracketAccessorNode::emitBytecode):
+ (JSC::DotAccessorNode::emitBytecode):
+ (JSC::EvalFunctionCallNode::emitBytecode):
+ (JSC::FunctionCallResolveNode::emitBytecode):
+ (JSC::CallFunctionCallDotNode::emitBytecode):
+ (JSC::ApplyFunctionCallDotNode::emitBytecode):
+ (JSC::PostfixNode::emitResolve):
+ (JSC::DeleteResolveNode::emitBytecode):
+ (JSC::TypeOfResolveNode::emitBytecode):
+ (JSC::PrefixNode::emitResolve):
+ (JSC::ReadModifyResolveNode::emitBytecode):
+ (JSC::AssignResolveNode::emitBytecode):
+ (JSC::ConstDeclNode::emitCodeSingle):
+ (JSC::EmptyVarExpression::emitBytecode):
+ (JSC::ForInNode::tryGetBoundLocal):
+ (JSC::ForInNode::emitLoopHeader):
+ (JSC::ForOfNode::emitBytecode):
+ (JSC::ArrayPatternNode::emitDirectBinding):
+ (JSC::BindingNode::bindValue):
+ (JSC::getArgumentByVal): Deleted.
+ * dfg/DFGAbstractHeap.h:
+ * dfg/DFGAbstractInterpreter.h:
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberWorld):
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberCapturedVars): Deleted.
+ * dfg/DFGAbstractValue.h:
+ * dfg/DFGArgumentPosition.h:
+ (JSC::DFG::ArgumentPosition::addVariable):
+ * dfg/DFGArgumentsEliminationPhase.cpp: Added.
+ (JSC::DFG::performArgumentsElimination):
+ * dfg/DFGArgumentsEliminationPhase.h: Added.
+ * dfg/DFGArgumentsSimplificationPhase.cpp: Removed.
+ * dfg/DFGArgumentsSimplificationPhase.h: Removed.
+ * dfg/DFGArgumentsUtilities.cpp: Added.
+ (JSC::DFG::argumentsInvolveStackSlot):
+ (JSC::DFG::emitCodeToGetArgumentsArrayLength):
+ * dfg/DFGArgumentsUtilities.h: Added.
+ * dfg/DFGArrayMode.cpp:
+ (JSC::DFG::ArrayMode::refine):
+ (JSC::DFG::ArrayMode::alreadyChecked):
+ (JSC::DFG::arrayTypeToString):
+ * dfg/DFGArrayMode.h:
+ (JSC::DFG::ArrayMode::canCSEStorage):
+ (JSC::DFG::ArrayMode::modeForPut):
+ * dfg/DFGAvailabilityMap.cpp:
+ (JSC::DFG::AvailabilityMap::prune):
+ * dfg/DFGAvailabilityMap.h:
+ (JSC::DFG::AvailabilityMap::closeOverNodes):
+ (JSC::DFG::AvailabilityMap::closeStartingWithLocal):
+ * dfg/DFGBackwardsPropagationPhase.cpp:
+ (JSC::DFG::BackwardsPropagationPhase::propagate):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::newVariableAccessData):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::flushDirect):
+ (JSC::DFG::ByteCodeParser::flush):
+ (JSC::DFG::ByteCodeParser::noticeArgumentsUse):
+ (JSC::DFG::ByteCodeParser::handleVarargsCall):
+ (JSC::DFG::ByteCodeParser::attemptToInlineCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ * dfg/DFGCPSRethreadingPhase.cpp:
+ (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
+ (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
+ * dfg/DFGCSEPhase.cpp:
+ * dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h: Added.
+ (JSC::DFG::CallCreateDirectArgumentsSlowPathGenerator::CallCreateDirectArgumentsSlowPathGenerator):
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::isSupportedForInlining):
+ (JSC::DFG::capabilityLevel):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGCommon.h:
+ * dfg/DFGCommonData.h:
+ (JSC::DFG::CommonData::CommonData):
+ * dfg/DFGConstantFoldingPhase.cpp:
+ (JSC::DFG::ConstantFoldingPhase::foldConstants):
+ * dfg/DFGDCEPhase.cpp:
+ (JSC::DFG::DCEPhase::cleanVariables):
+ * dfg/DFGDisassembler.h:
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGFlushFormat.cpp:
+ (WTF::printInternal):
+ * dfg/DFGFlushFormat.h:
+ (JSC::DFG::resultFor):
+ (JSC::DFG::useKindFor):
+ (JSC::DFG::dataFormatFor):
+ * dfg/DFGForAllKills.h: Added.
+ (JSC::DFG::forAllLiveNodesAtTail):
+ (JSC::DFG::forAllDirectlyKilledOperands):
+ (JSC::DFG::forAllKilledOperands):
+ (JSC::DFG::forAllKilledNodesAtNodeIndex):
+ (JSC::DFG::forAllKillsInBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::Graph):
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::substituteGetLocal):
+ (JSC::DFG::Graph::livenessFor):
+ (JSC::DFG::Graph::killsFor):
+ (JSC::DFG::Graph::tryGetConstantClosureVar):
+ (JSC::DFG::Graph::tryGetRegisters): Deleted.
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::symbolTableFor):
+ (JSC::DFG::Graph::uses):
+ (JSC::DFG::Graph::bytecodeRegisterForArgument): Deleted.
+ (JSC::DFG::Graph::capturedVarsFor): Deleted.
+ (JSC::DFG::Graph::usesArguments): Deleted.
+ (JSC::DFG::Graph::argumentsRegisterFor): Deleted.
+ (JSC::DFG::Graph::machineArgumentsRegisterFor): Deleted.
+ (JSC::DFG::Graph::uncheckedArgumentsRegisterFor): Deleted.
+ * dfg/DFGHeapLocation.cpp:
+ (WTF::printInternal):
+ * dfg/DFGHeapLocation.h:
+ * dfg/DFGInPlaceAbstractState.cpp:
+ (JSC::DFG::InPlaceAbstractState::initialize):
+ (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGMayExit.cpp:
+ (JSC::DFG::mayExit):
+ * dfg/DFGMinifiedID.h:
+ * dfg/DFGMinifiedNode.cpp:
+ (JSC::DFG::MinifiedNode::fromNode):
+ * dfg/DFGMinifiedNode.h:
+ (JSC::DFG::belongsInMinifiedGraph):
+ (JSC::DFG::MinifiedNode::hasInlineCallFrame):
+ (JSC::DFG::MinifiedNode::inlineCallFrame):
+ * dfg/DFGNode.cpp:
+ (JSC::DFG::Node::convertToIdentityOn):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasConstant):
+ (JSC::DFG::Node::constant):
+ (JSC::DFG::Node::hasScopeOffset):
+ (JSC::DFG::Node::scopeOffset):
+ (JSC::DFG::Node::hasDirectArgumentsOffset):
+ (JSC::DFG::Node::capturedArgumentsOffset):
+ (JSC::DFG::Node::variablePointer):
+ (JSC::DFG::Node::hasCallVarargsData):
+ (JSC::DFG::Node::hasLoadVarargsData):
+ (JSC::DFG::Node::hasHeapPrediction):
+ (JSC::DFG::Node::hasCellOperand):
+ (JSC::DFG::Node::objectMaterializationData):
+ (JSC::DFG::Node::isPhantomAllocation):
+ (JSC::DFG::Node::willHaveCodeGenOrOSR):
+ (JSC::DFG::Node::shouldSpeculateDirectArguments):
+ (JSC::DFG::Node::shouldSpeculateScopedArguments):
+ (JSC::DFG::Node::isPhantomArguments): Deleted.
+ (JSC::DFG::Node::hasVarNumber): Deleted.
+ (JSC::DFG::Node::varNumber): Deleted.
+ (JSC::DFG::Node::registerPointer): Deleted.
+ (JSC::DFG::Node::shouldSpeculateArguments): Deleted.
+ * dfg/DFGNodeType.h:
+ * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
+ (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
+ (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
+ * dfg/DFGOSRExitCompiler.cpp:
+ (JSC::DFG::OSRExitCompiler::emitRestoreArguments):
+ * dfg/DFGOSRExitCompiler.h:
+ (JSC::DFG::OSRExitCompiler::badIndex): Deleted.
+ (JSC::DFG::OSRExitCompiler::initializePoisoned): Deleted.
+ (JSC::DFG::OSRExitCompiler::poisonIndex): Deleted.
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompilerCommon.cpp:
+ (JSC::DFG::reifyInlinedCallFrames):
+ (JSC::DFG::ArgumentsRecoveryGenerator::ArgumentsRecoveryGenerator): Deleted.
+ (JSC::DFG::ArgumentsRecoveryGenerator::~ArgumentsRecoveryGenerator): Deleted.
+ (JSC::DFG::ArgumentsRecoveryGenerator::generateFor): Deleted.
+ * dfg/DFGOSRExitCompilerCommon.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPlan.cpp:
+ (JSC::DFG::Plan::compileInThreadImpl):
+ * dfg/DFGPreciseLocalClobberize.h:
+ (JSC::DFG::PreciseLocalClobberizeAdaptor::read):
+ (JSC::DFG::PreciseLocalClobberizeAdaptor::write):
+ (JSC::DFG::PreciseLocalClobberizeAdaptor::def):
+ (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
+ (JSC::DFG::preciseLocalClobberize):
+ (JSC::DFG::PreciseLocalClobberizeAdaptor::writeTop): Deleted.
+ (JSC::DFG::forEachLocalReadByUnwind): Deleted.
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::run):
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
+ (JSC::DFG::PredictionPropagationPhase::propagateThroughArgumentPositions):
+ * dfg/DFGPromoteHeapAccess.h:
+ (JSC::DFG::promoteHeapAccess):
+ * dfg/DFGPromotedHeapLocation.cpp:
+ (WTF::printInternal):
+ * dfg/DFGPromotedHeapLocation.h:
+ * dfg/DFGSSAConversionPhase.cpp:
+ (JSC::DFG::SSAConversionPhase::run):
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
+ (JSC::DFG::SpeculativeJIT::emitGetLength):
+ (JSC::DFG::SpeculativeJIT::emitGetCallee):
+ (JSC::DFG::SpeculativeJIT::emitGetArgumentStart):
+ (JSC::DFG::SpeculativeJIT::checkArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnScopedArguments):
+ (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
+ (JSC::DFG::SpeculativeJIT::compileNewFunction):
+ (JSC::DFG::SpeculativeJIT::compileForwardVarargs):
+ (JSC::DFG::SpeculativeJIT::compileCreateActivation):
+ (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
+ (JSC::DFG::SpeculativeJIT::compileGetFromArguments):
+ (JSC::DFG::SpeculativeJIT::compilePutToArguments):
+ (JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
+ (JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
+ (JSC::DFG::SpeculativeJIT::emitAllocateArguments): Deleted.
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): Deleted.
+ (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength): Deleted.
+ (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): Deleted.
+ (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression): Deleted.
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
+ (JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters): Deleted.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStackLayoutPhase.cpp:
+ (JSC::DFG::StackLayoutPhase::run):
+ * dfg/DFGStrengthReductionPhase.cpp:
+ (JSC::DFG::StrengthReductionPhase::handleNode):
+ * dfg/DFGStructureRegistrationPhase.cpp:
+ (JSC::DFG::StructureRegistrationPhase::run):
+ * dfg/DFGUnificationPhase.cpp:
+ (JSC::DFG::UnificationPhase::run):
+ * dfg/DFGValidate.cpp:
+ (JSC::DFG::Validate::validateCPS):
+ * dfg/DFGValueSource.cpp:
+ (JSC::DFG::ValueSource::dump):
+ * dfg/DFGValueSource.h:
+ (JSC::DFG::dataFormatToValueSourceKind):
+ (JSC::DFG::valueSourceKindToDataFormat):
+ (JSC::DFG::ValueSource::ValueSource):
+ (JSC::DFG::ValueSource::forFlushFormat):
+ (JSC::DFG::ValueSource::valueRecovery):
+ * dfg/DFGVarargsForwardingPhase.cpp: Added.
+ (JSC::DFG::performVarargsForwarding):
+ * dfg/DFGVarargsForwardingPhase.h: Added.
+ * dfg/DFGVariableAccessData.cpp:
+ (JSC::DFG::VariableAccessData::VariableAccessData):
+ (JSC::DFG::VariableAccessData::flushFormat):
+ (JSC::DFG::VariableAccessData::mergeIsCaptured): Deleted.
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::shouldNeverUnbox):
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
+ (JSC::DFG::VariableAccessData::isCaptured): Deleted.
+ (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias): Deleted.
+ (JSC::DFG::VariableAccessData::isArgumentsAlias): Deleted.
+ * dfg/DFGVariableAccessDataDump.cpp:
+ (JSC::DFG::VariableAccessDataDump::dump):
+ * dfg/DFGVariableAccessDataDump.h:
+ * dfg/DFGVariableEventStream.cpp:
+ (JSC::DFG::VariableEventStream::tryToSetConstantRecovery):
+ * dfg/DFGVariableEventStream.h:
+ * ftl/FTLAbstractHeap.cpp:
+ (JSC::FTL::AbstractHeap::dump):
+ (JSC::FTL::AbstractField::dump):
+ (JSC::FTL::IndexedAbstractHeap::dump):
+ (JSC::FTL::NumberedAbstractHeap::dump):
+ (JSC::FTL::AbsoluteAbstractHeap::dump):
+ * ftl/FTLAbstractHeap.h:
+ * ftl/FTLAbstractHeapRepository.cpp:
+ * ftl/FTLAbstractHeapRepository.h:
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLCompile.cpp:
+ (JSC::FTL::mmAllocateDataSection):
+ * ftl/FTLExitArgument.cpp:
+ (JSC::FTL::ExitArgument::dump):
+ * ftl/FTLExitPropertyValue.cpp:
+ (JSC::FTL::ExitPropertyValue::withLocalsOffset):
+ * ftl/FTLExitPropertyValue.h:
+ * ftl/FTLExitTimeObjectMaterialization.cpp:
+ (JSC::FTL::ExitTimeObjectMaterialization::ExitTimeObjectMaterialization):
+ (JSC::FTL::ExitTimeObjectMaterialization::accountForLocalsOffset):
+ * ftl/FTLExitTimeObjectMaterialization.h:
+ (JSC::FTL::ExitTimeObjectMaterialization::origin):
+ * ftl/FTLExitValue.cpp:
+ (JSC::FTL::ExitValue::withLocalsOffset):
+ (JSC::FTL::ExitValue::valueFormat):
+ (JSC::FTL::ExitValue::dumpInContext):
+ * ftl/FTLExitValue.h:
+ (JSC::FTL::ExitValue::isArgument):
+ (JSC::FTL::ExitValue::argumentsObjectThatWasNotCreated): Deleted.
+ (JSC::FTL::ExitValue::isArgumentsObjectThatWasNotCreated): Deleted.
+ (JSC::FTL::ExitValue::valueFormat): Deleted.
+ * ftl/FTLInlineCacheSize.cpp:
+ (JSC::FTL::sizeOfCallForwardVarargs):
+ (JSC::FTL::sizeOfConstructForwardVarargs):
+ (JSC::FTL::sizeOfICFor):
+ * ftl/FTLInlineCacheSize.h:
+ * ftl/FTLIntrinsicRepository.h:
+ * ftl/FTLJSCallVarargs.cpp:
+ (JSC::FTL::JSCallVarargs::JSCallVarargs):
+ (JSC::FTL::JSCallVarargs::emit):
+ * ftl/FTLJSCallVarargs.h:
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::lower):
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compilePutStack):
+ (JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
+ (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+ (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal):
+ (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
+ (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
+ (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
+ (JSC::FTL::LowerDFGToLLVM::compileCreateActivation):
+ (JSC::FTL::LowerDFGToLLVM::compileNewFunction):
+ (JSC::FTL::LowerDFGToLLVM::compileCreateDirectArguments):
+ (JSC::FTL::LowerDFGToLLVM::compileCreateScopedArguments):
+ (JSC::FTL::LowerDFGToLLVM::compileCreateClonedArguments):
+ (JSC::FTL::LowerDFGToLLVM::compileStringCharAt):
+ (JSC::FTL::LowerDFGToLLVM::compileStringCharCodeAt):
+ (JSC::FTL::LowerDFGToLLVM::compileGetGlobalVar):
+ (JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):
+ (JSC::FTL::LowerDFGToLLVM::compileGetArgumentCount):
+ (JSC::FTL::LowerDFGToLLVM::compileGetClosureVar):
+ (JSC::FTL::LowerDFGToLLVM::compilePutClosureVar):
+ (JSC::FTL::LowerDFGToLLVM::compileGetFromArguments):
+ (JSC::FTL::LowerDFGToLLVM::compilePutToArguments):
+ (JSC::FTL::LowerDFGToLLVM::compileCallOrConstructVarargs):
+ (JSC::FTL::LowerDFGToLLVM::compileForwardVarargs):
+ (JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorPname):
+ (JSC::FTL::LowerDFGToLLVM::ArgumentsLength::ArgumentsLength):
+ (JSC::FTL::LowerDFGToLLVM::getArgumentsLength):
+ (JSC::FTL::LowerDFGToLLVM::getCurrentCallee):
+ (JSC::FTL::LowerDFGToLLVM::getArgumentsStart):
+ (JSC::FTL::LowerDFGToLLVM::baseIndex):
+ (JSC::FTL::LowerDFGToLLVM::allocateObject):
+ (JSC::FTL::LowerDFGToLLVM::allocateVariableSizedObject):
+ (JSC::FTL::LowerDFGToLLVM::isArrayType):
+ (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
+ (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
+ (JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
+ (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
+ (JSC::FTL::LowerDFGToLLVM::loadStructure):
+ (JSC::FTL::LowerDFGToLLVM::compilePhantomArguments): Deleted.
+ (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength): Deleted.
+ (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters): Deleted.
+ (JSC::FTL::LowerDFGToLLVM::compileCheckArgumentsNotCreated): Deleted.
+ (JSC::FTL::LowerDFGToLLVM::checkArgumentsNotCreated): Deleted.
+ * ftl/FTLOSRExitCompiler.cpp:
+ (JSC::FTL::compileRecovery):
+ (JSC::FTL::compileStub):
+ * ftl/FTLOperations.cpp:
+ (JSC::FTL::operationMaterializeObjectInOSR):
+ * ftl/FTLOutput.h:
+ (JSC::FTL::Output::aShr):
+ (JSC::FTL::Output::lShr):
+ (JSC::FTL::Output::zeroExtPtr):
+ * heap/CopyToken.h:
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::getArgumentUnsafe):
+ * interpreter/Interpreter.cpp:
+ (JSC::sizeOfVarargs):
+ (JSC::sizeFrameForVarargs):
+ (JSC::loadVarargs):
+ (JSC::unwindCallFrame):
+ * interpreter/Interpreter.h:
+ * interpreter/StackVisitor.cpp:
+ (JSC::StackVisitor::Frame::createArguments):
+ (JSC::StackVisitor::Frame::existingArguments): Deleted.
+ * interpreter/StackVisitor.h:
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::storeValue):
+ (JSC::AssemblyHelpers::loadValue):
+ (JSC::AssemblyHelpers::storeTrustedValue):
+ (JSC::AssemblyHelpers::branchIfNotCell):
+ (JSC::AssemblyHelpers::branchIsEmpty):
+ (JSC::AssemblyHelpers::argumentsStart):
+ (JSC::AssemblyHelpers::baselineArgumentsRegisterFor): Deleted.
+ (JSC::AssemblyHelpers::offsetOfLocals): Deleted.
+ (JSC::AssemblyHelpers::offsetOfArguments): Deleted.
+ * jit/CCallHelpers.h:
+ (JSC::CCallHelpers::setupArgument):
+ * jit/GPRInfo.h:
+ (JSC::JSValueRegs::withTwoAvailableRegs):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileSetupVarargsFrame):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileSetupVarargsFrame):
+ * jit/JITInlines.h:
+ (JSC::JIT::callOperation):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_create_lexical_environment):
+ (JSC::JIT::emit_op_new_func):
+ (JSC::JIT::emit_op_create_direct_arguments):
+ (JSC::JIT::emit_op_create_scoped_arguments):
+ (JSC::JIT::emit_op_create_out_of_band_arguments):
+ (JSC::JIT::emit_op_tear_off_arguments): Deleted.
+ (JSC::JIT::emit_op_create_arguments): Deleted.
+ (JSC::JIT::emit_op_init_lazy_reg): Deleted.
+ (JSC::JIT::emit_op_get_arguments_length): Deleted.
+ (JSC::JIT::emitSlow_op_get_arguments_length): Deleted.
+ (JSC::JIT::emit_op_get_argument_by_val): Deleted.
+ (JSC::JIT::emitSlow_op_get_argument_by_val): Deleted.
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_create_lexical_environment):
+ (JSC::JIT::emit_op_tear_off_arguments): Deleted.
+ (JSC::JIT::emit_op_create_arguments): Deleted.
+ (JSC::JIT::emit_op_init_lazy_reg): Deleted.
+ (JSC::JIT::emit_op_get_arguments_length): Deleted.
+ (JSC::JIT::emitSlow_op_get_arguments_length): Deleted.
+ (JSC::JIT::emit_op_get_argument_by_val): Deleted.
+ (JSC::JIT::emitSlow_op_get_argument_by_val): Deleted.
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitGetClosureVar):
+ (JSC::JIT::emitPutClosureVar):
+ (JSC::JIT::emit_op_get_from_arguments):
+ (JSC::JIT::emit_op_put_to_arguments):
+ (JSC::JIT::emit_op_init_global_const):
+ (JSC::JIT::privateCompileGetByVal):
+ (JSC::JIT::emitDirectArgumentsGetByVal):
+ (JSC::JIT::emitScopedArgumentsGetByVal):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emitGetClosureVar):
+ (JSC::JIT::emitPutClosureVar):
+ (JSC::JIT::emit_op_get_from_arguments):
+ (JSC::JIT::emit_op_put_to_arguments):
+ (JSC::JIT::emit_op_init_global_const):
+ * jit/SetupVarargsFrame.cpp:
+ (JSC::emitSetupVarargsFrameFastCase):
+ * llint/LLIntOffsetsExtractor.cpp:
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * parser/Nodes.h:
+ (JSC::ScopeNode::captures):
+ * runtime/Arguments.cpp: Removed.
+ * runtime/Arguments.h: Removed.
+ * runtime/ArgumentsMode.h: Added.
+ * runtime/DirectArgumentsOffset.cpp: Added.
+ (JSC::DirectArgumentsOffset::dump):
+ * runtime/DirectArgumentsOffset.h: Added.
+ (JSC::DirectArgumentsOffset::DirectArgumentsOffset):
+ * runtime/CommonSlowPaths.cpp:
+ (JSC::SLOW_PATH_DECL):
+ * runtime/CommonSlowPaths.h:
+ * runtime/ConstantMode.cpp: Added.
+ (WTF::printInternal):
+ * runtime/ConstantMode.h:
+ (JSC::modeForIsConstant):
+ * runtime/DirectArguments.cpp: Added.
+ (JSC::DirectArguments::DirectArguments):
+ (JSC::DirectArguments::createUninitialized):
+ (JSC::DirectArguments::create):
+ (JSC::DirectArguments::createByCopying):
+ (JSC::DirectArguments::visitChildren):
+ (JSC::DirectArguments::copyBackingStore):
+ (JSC::DirectArguments::createStructure):
+ (JSC::DirectArguments::overrideThings):
+ (JSC::DirectArguments::overrideThingsIfNecessary):
+ (JSC::DirectArguments::overrideArgument):
+ (JSC::DirectArguments::copyToArguments):
+ (JSC::DirectArguments::overridesSize):
+ * runtime/DirectArguments.h: Added.
+ (JSC::DirectArguments::internalLength):
+ (JSC::DirectArguments::length):
+ (JSC::DirectArguments::canAccessIndexQuickly):
+ (JSC::DirectArguments::getIndexQuickly):
+ (JSC::DirectArguments::setIndexQuickly):
+ (JSC::DirectArguments::callee):
+ (JSC::DirectArguments::argument):
+ (JSC::DirectArguments::overrodeThings):
+ (JSC::DirectArguments::offsetOfCallee):
+ (JSC::DirectArguments::offsetOfLength):
+ (JSC::DirectArguments::offsetOfMinCapacity):
+ (JSC::DirectArguments::offsetOfOverrides):
+ (JSC::DirectArguments::storageOffset):
+ (JSC::DirectArguments::offsetOfSlot):
+ (JSC::DirectArguments::allocationSize):
+ (JSC::DirectArguments::storage):
+ * runtime/FunctionPrototype.cpp:
+ * runtime/GenericArguments.h: Added.
+ (JSC::GenericArguments::GenericArguments):
+ * runtime/GenericArgumentsInlines.h: Added.
+ (JSC::GenericArguments<Type>::getOwnPropertySlot):
+ (JSC::GenericArguments<Type>::getOwnPropertySlotByIndex):
+ (JSC::GenericArguments<Type>::getOwnPropertyNames):
+ (JSC::GenericArguments<Type>::put):
+ (JSC::GenericArguments<Type>::putByIndex):
+ (JSC::GenericArguments<Type>::deleteProperty):
+ (JSC::GenericArguments<Type>::deletePropertyByIndex):
+ (JSC::GenericArguments<Type>::defineOwnProperty):
+ (JSC::GenericArguments<Type>::copyToArguments):
+ * runtime/GenericOffset.h: Added.
+ (JSC::GenericOffset::GenericOffset):
+ (JSC::GenericOffset::operator!):
+ (JSC::GenericOffset::offsetUnchecked):
+ (JSC::GenericOffset::offset):
+ (JSC::GenericOffset::operator==):
+ (JSC::GenericOffset::operator!=):
+ (JSC::GenericOffset::operator<):
+ (JSC::GenericOffset::operator>):
+ (JSC::GenericOffset::operator<=):
+ (JSC::GenericOffset::operator>=):
+ (JSC::GenericOffset::operator+):
+ (JSC::GenericOffset::operator-):
+ (JSC::GenericOffset::operator+=):
+ (JSC::GenericOffset::operator-=):
+ * runtime/JSArgumentsIterator.cpp:
+ (JSC::JSArgumentsIterator::finishCreation):
+ (JSC::argumentsFuncIterator):
+ * runtime/JSArgumentsIterator.h:
+ (JSC::JSArgumentsIterator::create):
+ (JSC::JSArgumentsIterator::next):
+ * runtime/JSEnvironmentRecord.cpp:
+ (JSC::JSEnvironmentRecord::visitChildren):
+ * runtime/JSEnvironmentRecord.h:
+ (JSC::JSEnvironmentRecord::variables):
+ (JSC::JSEnvironmentRecord::isValid):
+ (JSC::JSEnvironmentRecord::variableAt):
+ (JSC::JSEnvironmentRecord::offsetOfVariables):
+ (JSC::JSEnvironmentRecord::offsetOfVariable):
+ (JSC::JSEnvironmentRecord::allocationSizeForScopeSize):
+ (JSC::JSEnvironmentRecord::allocationSize):
+ (JSC::JSEnvironmentRecord::JSEnvironmentRecord):
+ (JSC::JSEnvironmentRecord::finishCreationUninitialized):
+ (JSC::JSEnvironmentRecord::finishCreation):
+ (JSC::JSEnvironmentRecord::registers): Deleted.
+ (JSC::JSEnvironmentRecord::registerAt): Deleted.
+ (JSC::JSEnvironmentRecord::addressOfRegisters): Deleted.
+ (JSC::JSEnvironmentRecord::offsetOfRegisters): Deleted.
+ * runtime/JSFunction.cpp:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::addGlobalVar):
+ (JSC::JSGlobalObject::addFunction):
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::directArgumentsStructure):
+ (JSC::JSGlobalObject::scopedArgumentsStructure):
+ (JSC::JSGlobalObject::outOfBandArgumentsStructure):
+ (JSC::JSGlobalObject::argumentsStructure): Deleted.
+ * runtime/JSLexicalEnvironment.cpp:
+ (JSC::JSLexicalEnvironment::symbolTableGet):
+ (JSC::JSLexicalEnvironment::symbolTablePut):
+ (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
+ (JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
+ (JSC::JSLexicalEnvironment::visitChildren): Deleted.
+ * runtime/JSLexicalEnvironment.h:
+ (JSC::JSLexicalEnvironment::create):
+ (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
+ (JSC::JSLexicalEnvironment::registersOffset): Deleted.
+ (JSC::JSLexicalEnvironment::storageOffset): Deleted.
+ (JSC::JSLexicalEnvironment::storage): Deleted.
+ (JSC::JSLexicalEnvironment::allocationSize): Deleted.
+ (JSC::JSLexicalEnvironment::isValidIndex): Deleted.
+ (JSC::JSLexicalEnvironment::isValid): Deleted.
+ (JSC::JSLexicalEnvironment::registerAt): Deleted.
+ * runtime/JSNameScope.cpp:
+ (JSC::JSNameScope::visitChildren): Deleted.
+ * runtime/JSNameScope.h:
+ (JSC::JSNameScope::create):
+ (JSC::JSNameScope::value):
+ (JSC::JSNameScope::finishCreation):
+ (JSC::JSNameScope::JSNameScope):
+ * runtime/JSScope.cpp:
+ (JSC::abstractAccess):
+ * runtime/JSSegmentedVariableObject.cpp:
+ (JSC::JSSegmentedVariableObject::findVariableIndex):
+ (JSC::JSSegmentedVariableObject::addVariables):
+ (JSC::JSSegmentedVariableObject::visitChildren):
+ (JSC::JSSegmentedVariableObject::findRegisterIndex): Deleted.
+ (JSC::JSSegmentedVariableObject::addRegisters): Deleted.
+ * runtime/JSSegmentedVariableObject.h:
+ (JSC::JSSegmentedVariableObject::variableAt):
+ (JSC::JSSegmentedVariableObject::assertVariableIsInThisObject):
+ (JSC::JSSegmentedVariableObject::registerAt): Deleted.
+ (JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject): Deleted.
+ * runtime/JSSymbolTableObject.h:
+ (JSC::JSSymbolTableObject::offsetOfSymbolTable):
+ (JSC::symbolTableGet):
+ (JSC::symbolTablePut):
+ (JSC::symbolTablePutWithAttributes):
+ * runtime/JSType.h:
+ * runtime/Options.h:
+ * runtime/ClonedArguments.cpp: Added.
+ (JSC::ClonedArguments::ClonedArguments):
+ (JSC::ClonedArguments::createEmpty):
+ (JSC::ClonedArguments::createWithInlineFrame):
+ (JSC::ClonedArguments::createWithMachineFrame):
+ (JSC::ClonedArguments::createByCopyingFrom):
+ (JSC::ClonedArguments::createStructure):
+ (JSC::ClonedArguments::getOwnPropertySlot):
+ (JSC::ClonedArguments::getOwnPropertyNames):
+ (JSC::ClonedArguments::put):
+ (JSC::ClonedArguments::deleteProperty):
+ (JSC::ClonedArguments::defineOwnProperty):
+ (JSC::ClonedArguments::materializeSpecials):
+ (JSC::ClonedArguments::materializeSpecialsIfNecessary):
+ * runtime/ClonedArguments.h: Added.
+ (JSC::ClonedArguments::specialsMaterialized):
+ * runtime/ScopeOffset.cpp: Added.
+ (JSC::ScopeOffset::dump):
+ * runtime/ScopeOffset.h: Added.
+ (JSC::ScopeOffset::ScopeOffset):
+ * runtime/ScopedArguments.cpp: Added.
+ (JSC::ScopedArguments::ScopedArguments):
+ (JSC::ScopedArguments::finishCreation):
+ (JSC::ScopedArguments::createUninitialized):
+ (JSC::ScopedArguments::create):
+ (JSC::ScopedArguments::createByCopying):
+ (JSC::ScopedArguments::createByCopyingFrom):
+ (JSC::ScopedArguments::visitChildren):
+ (JSC::ScopedArguments::createStructure):
+ (JSC::ScopedArguments::overrideThings):
+ (JSC::ScopedArguments::overrideThingsIfNecessary):
+ (JSC::ScopedArguments::overrideArgument):
+ (JSC::ScopedArguments::copyToArguments):
+ * runtime/ScopedArguments.h: Added.
+ (JSC::ScopedArguments::internalLength):
+ (JSC::ScopedArguments::length):
+ (JSC::ScopedArguments::canAccessIndexQuickly):
+ (JSC::ScopedArguments::getIndexQuickly):
+ (JSC::ScopedArguments::setIndexQuickly):
+ (JSC::ScopedArguments::callee):
+ (JSC::ScopedArguments::overrodeThings):
+ (JSC::ScopedArguments::offsetOfOverrodeThings):
+ (JSC::ScopedArguments::offsetOfTotalLength):
+ (JSC::ScopedArguments::offsetOfTable):
+ (JSC::ScopedArguments::offsetOfScope):
+ (JSC::ScopedArguments::overflowStorageOffset):
+ (JSC::ScopedArguments::allocationSize):
+ (JSC::ScopedArguments::overflowStorage):
+ * runtime/ScopedArgumentsTable.cpp: Added.
+ (JSC::ScopedArgumentsTable::ScopedArgumentsTable):
+ (JSC::ScopedArgumentsTable::~ScopedArgumentsTable):
+ (JSC::ScopedArgumentsTable::destroy):
+ (JSC::ScopedArgumentsTable::create):
+ (JSC::ScopedArgumentsTable::clone):
+ (JSC::ScopedArgumentsTable::setLength):
+ (JSC::ScopedArgumentsTable::set):
+ (JSC::ScopedArgumentsTable::createStructure):
+ * runtime/ScopedArgumentsTable.h: Added.
+ (JSC::ScopedArgumentsTable::length):
+ (JSC::ScopedArgumentsTable::get):
+ (JSC::ScopedArgumentsTable::lock):
+ (JSC::ScopedArgumentsTable::offsetOfLength):
+ (JSC::ScopedArgumentsTable::offsetOfArguments):
+ (JSC::ScopedArgumentsTable::at):
+ * runtime/SymbolTable.cpp:
+ (JSC::SymbolTableEntry::prepareToWatch):
+ (JSC::SymbolTable::SymbolTable):
+ (JSC::SymbolTable::visitChildren):
+ (JSC::SymbolTable::localToEntry):
+ (JSC::SymbolTable::entryFor):
+ (JSC::SymbolTable::cloneScopePart):
+ (JSC::SymbolTable::prepareForTypeProfiling):
+ (JSC::SymbolTable::uniqueIDForOffset):
+ (JSC::SymbolTable::globalTypeSetForOffset):
+ (JSC::SymbolTable::cloneCapturedNames): Deleted.
+ (JSC::SymbolTable::uniqueIDForRegister): Deleted.
+ (JSC::SymbolTable::globalTypeSetForRegister): Deleted.
+ * runtime/SymbolTable.h:
+ (JSC::SymbolTableEntry::varOffsetFromBits):
+ (JSC::SymbolTableEntry::scopeOffsetFromBits):
+ (JSC::SymbolTableEntry::Fast::varOffset):
+ (JSC::SymbolTableEntry::Fast::scopeOffset):
+ (JSC::SymbolTableEntry::Fast::isDontEnum):
+ (JSC::SymbolTableEntry::Fast::getAttributes):
+ (JSC::SymbolTableEntry::SymbolTableEntry):
+ (JSC::SymbolTableEntry::varOffset):
+ (JSC::SymbolTableEntry::isWatchable):
+ (JSC::SymbolTableEntry::scopeOffset):
+ (JSC::SymbolTableEntry::setAttributes):
+ (JSC::SymbolTableEntry::constantMode):
+ (JSC::SymbolTableEntry::isDontEnum):
+ (JSC::SymbolTableEntry::disableWatching):
+ (JSC::SymbolTableEntry::pack):
+ (JSC::SymbolTableEntry::isValidVarOffset):
+ (JSC::SymbolTable::createNameScopeTable):
+ (JSC::SymbolTable::maxScopeOffset):
+ (JSC::SymbolTable::didUseScopeOffset):
+ (JSC::SymbolTable::didUseVarOffset):
+ (JSC::SymbolTable::scopeSize):
+ (JSC::SymbolTable::nextScopeOffset):
+ (JSC::SymbolTable::takeNextScopeOffset):
+ (JSC::SymbolTable::add):
+ (JSC::SymbolTable::set):
+ (JSC::SymbolTable::argumentsLength):
+ (JSC::SymbolTable::setArgumentsLength):
+ (JSC::SymbolTable::argumentOffset):
+ (JSC::SymbolTable::setArgumentOffset):
+ (JSC::SymbolTable::arguments):
+ (JSC::SlowArgument::SlowArgument): Deleted.
+ (JSC::SymbolTableEntry::Fast::getIndex): Deleted.
+ (JSC::SymbolTableEntry::getIndex): Deleted.
+ (JSC::SymbolTableEntry::isValidIndex): Deleted.
+ (JSC::SymbolTable::captureStart): Deleted.
+ (JSC::SymbolTable::setCaptureStart): Deleted.
+ (JSC::SymbolTable::captureEnd): Deleted.
+ (JSC::SymbolTable::setCaptureEnd): Deleted.
+ (JSC::SymbolTable::captureCount): Deleted.
+ (JSC::SymbolTable::isCaptured): Deleted.
+ (JSC::SymbolTable::parameterCount): Deleted.
+ (JSC::SymbolTable::parameterCountIncludingThis): Deleted.
+ (JSC::SymbolTable::setParameterCountIncludingThis): Deleted.
+ (JSC::SymbolTable::slowArguments): Deleted.
+ (JSC::SymbolTable::setSlowArguments): Deleted.
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+ * runtime/VarOffset.cpp: Added.
+ (JSC::VarOffset::dump):
+ (WTF::printInternal):
+ * runtime/VarOffset.h: Added.
+ (JSC::VarOffset::VarOffset):
+ (JSC::VarOffset::assemble):
+ (JSC::VarOffset::isValid):
+ (JSC::VarOffset::operator!):
+ (JSC::VarOffset::kind):
+ (JSC::VarOffset::isStack):
+ (JSC::VarOffset::isScope):
+ (JSC::VarOffset::isDirectArgument):
+ (JSC::VarOffset::stackOffsetUnchecked):
+ (JSC::VarOffset::scopeOffsetUnchecked):
+ (JSC::VarOffset::capturedArgumentsOffsetUnchecked):
+ (JSC::VarOffset::stackOffset):
+ (JSC::VarOffset::scopeOffset):
+ (JSC::VarOffset::capturedArgumentsOffset):
+ (JSC::VarOffset::rawOffset):
+ (JSC::VarOffset::checkSanity):
+ (JSC::VarOffset::operator==):
+ (JSC::VarOffset::operator!=):
+ (JSC::VarOffset::hash):
+ (JSC::VarOffset::isHashTableDeletedValue):
+ (JSC::VarOffsetHash::hash):
+ (JSC::VarOffsetHash::equal):
+ * tests/stress/arguments-exit-strict-mode.js: Added.
+ * tests/stress/arguments-exit.js: Added.
+ * tests/stress/arguments-inlined-exit-strict-mode-fixed.js: Added.
+ * tests/stress/arguments-inlined-exit-strict-mode.js: Added.
+ * tests/stress/arguments-inlined-exit.js: Added.
+ * tests/stress/arguments-interference.js: Added.
+ * tests/stress/arguments-interference-cfg.js: Added.
+ * tests/stress/dead-get-closure-var.js: Added.
+ * tests/stress/get-declared-unpassed-argument-in-direct-arguments.js: Added.
+ * tests/stress/get-declared-unpassed-argument-in-scoped-arguments.js: Added.
+ * tests/stress/varargs-closure-inlined-exit-strict-mode.js: Added.
+ * tests/stress/varargs-closure-inlined-exit.js: Added.
+ * tests/stress/varargs-exit.js: Added.
+ * tests/stress/varargs-inlined-exit.js: Added.
+ * tests/stress/varargs-inlined-simple-exit-aliasing-weird-reversed-args.js: Added.
+ * tests/stress/varargs-inlined-simple-exit-aliasing-weird.js: Added.
+ * tests/stress/varargs-inlined-simple-exit-aliasing.js: Added.
+ * tests/stress/varargs-inlined-simple-exit.js: Added.
+ * tests/stress/varargs-too-few-arguments.js: Added.
+ * tests/stress/varargs-varargs-closure-inlined-exit.js: Added.
+ * tests/stress/varargs-varargs-inlined-exit-strict-mode.js: Added.
+ * tests/stress/varargs-varargs-inlined-exit.js: Added.
+
</ins><span class="cx"> 2015-03-25 Andy Estes <aestes@apple.com>
</span><span class="cx">
</span><span class="cx"> [Cocoa] RemoteInspectorXPCConnection::deserializeMessage() leaks a NSDictionary under Objective-C GC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -362,7 +362,8 @@
</span><span class="cx"> <ClCompile Include="..\debugger\DebuggerScope.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGAbstractHeap.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGAbstractValue.cpp" />
</span><del>- <ClCompile Include="..\dfg\DFGArgumentsSimplificationPhase.cpp" />
</del><ins>+ <ClCompile Include="..\dfg\DFGArgumentsEliminationPhase.cpp" />
+ <ClCompile Include="..\dfg\DFGArgumentsUtilities.cpp" />
</ins><span class="cx"> <ClCompile Include="..\dfg\DFGArithMode.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGArrayMode.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGAtTailAbstractState.cpp" />
</span><span class="lines">@@ -478,6 +479,7 @@
</span><span class="cx"> <ClCompile Include="..\dfg\DFGValidate.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGValueSource.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGValueStrength.cpp" />
</span><ins>+ <ClCompile Include="..\dfg\DFGVarargsForwardingPhase.cpp" />
</ins><span class="cx"> <ClCompile Include="..\dfg\DFGVariableAccessData.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGVariableAccessDataDump.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGVariableEvent.cpp" />
</span><span class="lines">@@ -667,7 +669,6 @@
</span><span class="cx"> <ClCompile Include="..\profiler\ProfilerOSRExitSite.cpp" />
</span><span class="cx"> <ClCompile Include="..\profiler\ProfilerProfiledBytecodes.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\ArgList.cpp" />
</span><del>- <ClCompile Include="..\runtime\Arguments.cpp" />
</del><span class="cx"> <ClCompile Include="..\runtime\ArgumentsIteratorConstructor.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\ArgumentsIteratorPrototype.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\ArrayBuffer.cpp" />
</span><span class="lines">@@ -682,6 +683,7 @@
</span><span class="cx"> <ClCompile Include="..\runtime\BooleanObject.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\BooleanPrototype.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\CallData.cpp" />
</span><ins>+ <ClCompile Include="..\runtime\ClonedArguments.cpp" />
</ins><span class="cx"> <ClCompile Include="..\runtime\CodeCache.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\CodeSpecializationKind.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\CommonIdentifiers.cpp" />
</span><span class="lines">@@ -691,6 +693,7 @@
</span><span class="cx"> <ClCompile Include="..\runtime\Completion.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\ConsoleClient.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\ConsolePrototype.cpp" />
</span><ins>+ <ClCompile Include="..\runtime\ConstantMode.cpp" />
</ins><span class="cx"> <ClCompile Include="..\runtime\ConstructData.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\ControlFlowProfiler.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\CustomGetterSetter.cpp" />
</span><span class="lines">@@ -699,6 +702,8 @@
</span><span class="cx"> <ClCompile Include="..\runtime\DateConversion.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\DateInstance.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\DatePrototype.cpp" />
</span><ins>+ <ClCompile Include="..\runtime\DirectArguments.cpp" />
+ <ClCompile Include="..\runtime\DirectArgumentsOffset.cpp" />
</ins><span class="cx"> <ClCompile Include="..\runtime\DumpContext.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\Error.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\ErrorConstructor.cpp" />
</span><span class="lines">@@ -809,6 +814,9 @@
</span><span class="cx"> <ClCompile Include="..\runtime\SetIteratorConstructor.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\SetIteratorPrototype.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\SetPrototype.cpp" />
</span><ins>+ <ClCompile Include="..\runtime\ScopeOffset.cpp" />
+ <ClCompile Include="..\runtime\ScopedArguments.cpp" />
+ <ClCompile Include="..\runtime\ScopedArgumentsTable.cpp" />
</ins><span class="cx"> <ClCompile Include="..\runtime\SimpleTypedArrayController.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\SmallStrings.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\SparseArrayValueMap.cpp" />
</span><span class="lines">@@ -837,6 +845,7 @@
</span><span class="cx"> <ClCompile Include="..\runtime\TypeSet.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\VM.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\VMEntryScope.cpp" />
</span><ins>+ <ClCompile Include="..\runtime\VarOffset.cpp" />
</ins><span class="cx"> <ClCompile Include="..\runtime\Watchdog.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\WatchdogNone.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\WeakMapConstructor.cpp" />
</span><span class="lines">@@ -941,6 +950,7 @@
</span><span class="cx"> <ClInclude Include="..\bytecode\ArrayProfile.h" />
</span><span class="cx"> <ClInclude Include="..\bytecode\ByValInfo.h" />
</span><span class="cx"> <ClInclude Include="..\bytecode\BytecodeBasicBlock.h" />
</span><ins>+ <ClInclude Include="..\bytecode\BytecodeKills.h" />
</ins><span class="cx"> <ClInclude Include="..\bytecode\BytecodeLivenessAnalysis.h" />
</span><span class="cx"> <ClInclude Include="..\bytecode\BytecodeUseDef.h" />
</span><span class="cx"> <ClInclude Include="..\bytecode\CallEdge.h" />
</span><span class="lines">@@ -1016,7 +1026,8 @@
</span><span class="cx"> <ClInclude Include="..\dfg\DFGAllocator.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGAnalysis.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGArgumentPosition.h" />
</span><del>- <ClInclude Include="..\dfg\DFGArgumentsSimplificationPhase.h" />
</del><ins>+ <ClInclude Include="..\dfg\DFGArgumentsEliminationPhase.h" />
+ <ClInclude Include="..\dfg\DFGArgumentsUtilities.h" />
</ins><span class="cx"> <ClInclude Include="..\dfg\DFGArrayifySlowPathGenerator.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGArithMode.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGArrayMode.h" />
</span><span class="lines">@@ -1035,6 +1046,7 @@
</span><span class="cx"> <ClInclude Include="..\dfg\DFGBranchDirection.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGByteCodeParser.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGCallArrayAllocatorSlowPathGenerator.h" />
</span><ins>+ <ClInclude Include="..\dfg\DFGCallCreateDirectArgumentsSlowPathGenerator.h" />
</ins><span class="cx"> <ClInclude Include="..\dfg\DFGCapabilities.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGCCallHelpers.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGCFAPhase.h" />
</span><span class="lines">@@ -1069,6 +1081,7 @@
</span><span class="cx"> <ClInclude Include="..\dfg\DFGFixupPhase.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGFlushedAt.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGFlushFormat.h" />
</span><ins>+ <ClInclude Include="..\dfg\DFGForAllKills.h" />
</ins><span class="cx"> <ClInclude Include="..\dfg\DFGFPRInfo.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGFrozenValue.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGFunctionWhitelist.h" />
</span><span class="lines">@@ -1163,6 +1176,7 @@
</span><span class="cx"> <ClInclude Include="..\dfg\DFGValidate.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGValueSource.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGValueStrength.h" />
</span><ins>+ <ClInclude Include="..\dfg\DFGVarargsForwardingPhase.h" />
</ins><span class="cx"> <ClInclude Include="..\dfg\DFGVariableAccessData.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGVariableAccessDataDump.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGVariableEvent.h" />
</span><span class="lines">@@ -1424,7 +1438,7 @@
</span><span class="cx"> <ClInclude Include="..\profiler\ProfilerOSRExitSite.h" />
</span><span class="cx"> <ClInclude Include="..\profiler\ProfilerProfiledBytecodes.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\ArgList.h" />
</span><del>- <ClInclude Include="..\runtime\Arguments.h" />
</del><ins>+ <ClInclude Include="..\runtime\ArgumentsMode.h" />
</ins><span class="cx"> <ClInclude Include="..\runtime\ArrayBuffer.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\ArrayBufferNeuteringWatchpoint.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\ArrayBufferView.h" />
</span><span class="lines">@@ -1444,6 +1458,7 @@
</span><span class="cx"> <ClInclude Include="..\runtime\ButterflyInlines.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\CallData.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\ClassInfo.h" />
</span><ins>+ <ClInclude Include="..\runtime\ClonedArguments.h" />
</ins><span class="cx"> <ClInclude Include="..\runtime\CodeCache.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\CodeSpecializationKind.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\CommonIdentifiers.h" />
</span><span class="lines">@@ -1464,6 +1479,8 @@
</span><span class="cx"> <ClInclude Include="..\runtime\DateInstance.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\DateInstanceCache.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\DatePrototype.h" />
</span><ins>+ <ClInclude Include="..\runtime\DirectArguments.h" />
+ <ClInclude Include="..\runtime\DirectArgumentsOffset.h" />
</ins><span class="cx"> <ClInclude Include="..\runtime\DumpContext.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\EnumerationMode.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\Error.h" />
</span><span class="lines">@@ -1480,6 +1497,9 @@
</span><span class="cx"> <ClInclude Include="..\runtime\FunctionExecutableDump.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\FunctionHasExecutedCache.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\FunctionPrototype.h" />
</span><ins>+ <ClInclude Include="..\runtime\GenericArguments.h" />
+ <ClInclude Include="..\runtime\GenericArgumentsInlines.h" />
+ <ClInclude Include="..\runtime\GenericOffset.h" />
</ins><span class="cx"> <ClInclude Include="..\runtime\GenericTypedArrayView.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\GenericTypedArrayViewInlines.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\GetterSetter.h" />
</span><span class="lines">@@ -1619,6 +1639,9 @@
</span><span class="cx"> <ClInclude Include="..\runtime\RuntimeFlags.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\RuntimeType.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\SamplingCounter.h" />
</span><ins>+ <ClInclude Include="..\runtime\ScopeOffset.h" />
+ <ClInclude Include="..\runtime\ScopedArguments.h" />
+ <ClInclude Include="..\runtime\ScopedArgumentsTable.h" />
</ins><span class="cx"> <ClInclude Include="..\runtime\SetConstructor.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\SetIteratorConstructor.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\SetIteratorPrototype.h" />
</span><span class="lines">@@ -1664,6 +1687,7 @@
</span><span class="cx"> <ClInclude Include="..\runtime\Uint8Array.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\VM.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\VMEntryScope.h" />
</span><ins>+ <ClInclude Include="..\runtime\VarOffset.h" />
</ins><span class="cx"> <ClInclude Include="..\runtime\Watchdog.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\WeakGCMap.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\WeakMapConstructor.h" />
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -104,8 +104,6 @@
</span><span class="cx"> 0F13912C16771C3D009CCB07 /* ProfilerProfiledBytecodes.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F13912716771C30009CCB07 /* ProfilerProfiledBytecodes.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F13E04E16164A1F00DC8DE7 /* IndexingType.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F13E04C16164A1B00DC8DE7 /* IndexingType.cpp */; };
</span><span class="cx"> 0F15F15F14B7A73E005DE37D /* CommonSlowPaths.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>- 0F16015D156198C900C2587C /* DFGArgumentsSimplificationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F16015A156198BF00C2587C /* DFGArgumentsSimplificationPhase.cpp */; };
- 0F16015E156198C900C2587C /* DFGArgumentsSimplificationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F16015B156198BF00C2587C /* DFGArgumentsSimplificationPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx"> 0F190CAC189D82F6000AE5F0 /* ProfilerJettisonReason.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F190CAA189D82F6000AE5F0 /* ProfilerJettisonReason.cpp */; };
</span><span class="cx"> 0F190CAD189D82F6000AE5F0 /* ProfilerJettisonReason.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F190CAB189D82F6000AE5F0 /* ProfilerJettisonReason.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F1DD84A18A945BE0026F3FA /* JSCInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1DD84918A945BE0026F3FA /* JSCInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -251,6 +249,12 @@
</span><span class="cx"> 0F2D4DEC19832DC4007D4B19 /* TypeProfilerLog.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2D4DE019832D91007D4B19 /* TypeProfilerLog.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F2D4DEF19832DD3007D4B19 /* TypeSet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F2D4DE319832D91007D4B19 /* TypeSet.cpp */; };
</span><span class="cx"> 0F2D4DF019832DD6007D4B19 /* TypeSet.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2D4DE419832D91007D4B19 /* TypeSet.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0F2DD80B1AB3D85800BBB8E8 /* BytecodeKills.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2DD80A1AB3D85800BBB8E8 /* BytecodeKills.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F2DD8111AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F2DD80C1AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.cpp */; };
+ 0F2DD8121AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2DD80D1AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F2DD8131AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F2DD80E1AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.cpp */; };
+ 0F2DD8141AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2DD80F1AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F2DD8151AB3D8BE00BBB8E8 /* DFGForAllKills.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2DD8101AB3D8BE00BBB8E8 /* DFGForAllKills.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0F2E892C16D028AD009E4FD2 /* UnusedPointer.h in Headers */ = {isa = PBXBuildFile; fileRef = 65987F2F16828A7E003C2F8D /* UnusedPointer.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F2E892D16D02BAF009E4FD2 /* DFGMinifiedID.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB4B51016B3A964003F696B /* DFGMinifiedID.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F2FC77216E12F710038D976 /* DFGDCEPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F2FC77016E12F6F0038D976 /* DFGDCEPhase.cpp */; };
</span><span class="lines">@@ -441,6 +445,7 @@
</span><span class="cx"> 0F963B3813FC6FE90002D9B2 /* ValueProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F963B3613FC6FDE0002D9B2 /* ValueProfile.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F96EBB316676EF6008BADE3 /* CodeBlockWithJITType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F96EBB116676EF4008BADE3 /* CodeBlockWithJITType.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F9749711687ADE400A4FF6A /* JSCellInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F97496F1687ADE200A4FF6A /* JSCellInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0F978B3B1AAEA71D007C7369 /* ConstantMode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F978B3A1AAEA71D007C7369 /* ConstantMode.cpp */; };
</ins><span class="cx"> 0F98206016BFE38100240D02 /* PreciseJumpTargets.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F98205D16BFE37F00240D02 /* PreciseJumpTargets.cpp */; };
</span><span class="cx"> 0F98206116BFE38300240D02 /* PreciseJumpTargets.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F98205E16BFE37F00240D02 /* PreciseJumpTargets.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F9C5E5E18E35F5E00D431C3 /* FTLDWARFRegister.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F9C5E5C18E35F5E00D431C3 /* FTLDWARFRegister.cpp */; };
</span><span class="lines">@@ -498,6 +503,7 @@
</span><span class="cx"> 0FBC0AE71496C7C400D4FBDD /* DFGExitProfile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FBC0AE41496C7C100D4FBDD /* DFGExitProfile.cpp */; };
</span><span class="cx"> 0FBC0AE81496C7C700D4FBDD /* DFGExitProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FBC0AE51496C7C100D4FBDD /* DFGExitProfile.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FBD7E691447999600481315 /* CodeOrigin.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FBD7E671447998F00481315 /* CodeOrigin.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0FBDB9AD1AB0FBC6000B57E5 /* DFGCallCreateDirectArgumentsSlowPathGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FBDB9AC1AB0FBC6000B57E5 /* DFGCallCreateDirectArgumentsSlowPathGenerator.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0FBE0F7216C1DB030082C5E8 /* DFGCPSRethreadingPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FBE0F6B16C1DB010082C5E8 /* DFGCPSRethreadingPhase.cpp */; };
</span><span class="cx"> 0FBE0F7316C1DB050082C5E8 /* DFGCPSRethreadingPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FBE0F6C16C1DB010082C5E8 /* DFGCPSRethreadingPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FBE0F7416C1DB090082C5E8 /* DFGPredictionInjectionPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FBE0F6D16C1DB010082C5E8 /* DFGPredictionInjectionPhase.cpp */; };
</span><span class="lines">@@ -604,8 +610,28 @@
</span><span class="cx"> 0FDB2CEA174896C7007B3C1B /* ConcurrentJITLock.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FDB2CE9174896C7007B3C1B /* ConcurrentJITLock.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FDDBFB51666EED800C55FEF /* DFGVariableAccessDataDump.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FDDBFB21666EED500C55FEF /* DFGVariableAccessDataDump.cpp */; };
</span><span class="cx"> 0FDDBFB61666EEDA00C55FEF /* DFGVariableAccessDataDump.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FDDBFB31666EED500C55FEF /* DFGVariableAccessDataDump.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0FE050141AA9091100D33B33 /* ArgumentsMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0500C1AA9091100D33B33 /* ArgumentsMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE050151AA9091100D33B33 /* DirectArgumentsOffset.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE0500D1AA9091100D33B33 /* DirectArgumentsOffset.cpp */; };
+ 0FE050161AA9091100D33B33 /* DirectArgumentsOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0500E1AA9091100D33B33 /* DirectArgumentsOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE050171AA9091100D33B33 /* DirectArguments.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE0500F1AA9091100D33B33 /* DirectArguments.cpp */; };
+ 0FE050181AA9091100D33B33 /* DirectArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050101AA9091100D33B33 /* DirectArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE050191AA9091100D33B33 /* GenericArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050111AA9091100D33B33 /* GenericArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE0501A1AA9091100D33B33 /* GenericArgumentsInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050121AA9091100D33B33 /* GenericArgumentsInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE0501B1AA9091100D33B33 /* GenericOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050131AA9091100D33B33 /* GenericOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE050251AA9095600D33B33 /* ClonedArguments.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE0501C1AA9095600D33B33 /* ClonedArguments.cpp */; };
+ 0FE050261AA9095600D33B33 /* ClonedArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0501D1AA9095600D33B33 /* ClonedArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE050271AA9095600D33B33 /* ScopedArguments.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE0501E1AA9095600D33B33 /* ScopedArguments.cpp */; };
+ 0FE050281AA9095600D33B33 /* ScopedArguments.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE0501F1AA9095600D33B33 /* ScopedArguments.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE050291AA9095600D33B33 /* ScopedArgumentsTable.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050201AA9095600D33B33 /* ScopedArgumentsTable.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE0502A1AA9095600D33B33 /* ScopeOffset.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE050211AA9095600D33B33 /* ScopeOffset.cpp */; };
+ 0FE0502B1AA9095600D33B33 /* ScopeOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050221AA9095600D33B33 /* ScopeOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE0502C1AA9095600D33B33 /* VarOffset.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE050231AA9095600D33B33 /* VarOffset.cpp */; };
+ 0FE0502D1AA9095600D33B33 /* VarOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE050241AA9095600D33B33 /* VarOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0FE0502F1AAA806900D33B33 /* ScopedArgumentsTable.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE0502E1AAA806900D33B33 /* ScopedArgumentsTable.cpp */; };
</ins><span class="cx"> 0FE228ED1436AB2700196C48 /* Options.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE228EB1436AB2300196C48 /* Options.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FE228EE1436AB2C00196C48 /* Options.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE228EA1436AB2300196C48 /* Options.cpp */; };
</span><ins>+ 0FE254F61ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE254F41ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.cpp */; };
+ 0FE254F71ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE254F51ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0FE7211D193B9C590031F6ED /* DFGTransition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE7211B193B9C590031F6ED /* DFGTransition.cpp */; };
</span><span class="cx"> 0FE7211E193B9C590031F6ED /* DFGTransition.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FE7211C193B9C590031F6ED /* DFGTransition.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FE834171A6EF97B00D04847 /* PolymorphicCallStubRoutine.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE834151A6EF97B00D04847 /* PolymorphicCallStubRoutine.cpp */; };
</span><span class="lines">@@ -803,7 +829,6 @@
</span><span class="cx"> 147B83AC0E6DB8C9004775A4 /* BatchedTransitionOptimizer.h in Headers */ = {isa = PBXBuildFile; fileRef = 147B83AA0E6DB8C9004775A4 /* BatchedTransitionOptimizer.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 147B84630E6DE6B1004775A4 /* PutPropertySlot.h in Headers */ = {isa = PBXBuildFile; fileRef = 147B84620E6DE6B1004775A4 /* PutPropertySlot.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 147F39BD107EC37600427A48 /* ArgList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCF605110E203EF800B9A64D /* ArgList.cpp */; };
</span><del>- 147F39BE107EC37600427A48 /* Arguments.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BC257DE50E1F51C50016B6C9 /* Arguments.cpp */; };
</del><span class="cx"> 147F39BF107EC37600427A48 /* ArrayConstructor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BC7952060E15E8A800A898AB /* ArrayConstructor.cpp */; };
</span><span class="cx"> 147F39C0107EC37600427A48 /* ArrayPrototype.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F692A84D0255597D01FF60F7 /* ArrayPrototype.cpp */; };
</span><span class="cx"> 147F39C1107EC37600427A48 /* CommonIdentifiers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 65EA73620BAE35D1001BB560 /* CommonIdentifiers.cpp */; };
</span><span class="lines">@@ -1523,7 +1548,6 @@
</span><span class="cx"> BC18C5240E16FC8A00B34460 /* ArrayPrototype.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = BC18C5230E16FC8A00B34460 /* ArrayPrototype.lut.h */; };
</span><span class="cx"> BC18C52C0E16FCD200B34460 /* RegExpObject.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = BC18C52B0E16FCD200B34460 /* RegExpObject.lut.h */; };
</span><span class="cx"> BC18C52E0E16FCE100B34460 /* Lexer.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = BC18C52D0E16FCE100B34460 /* Lexer.lut.h */; };
</span><del>- BC257DE80E1F51C50016B6C9 /* Arguments.h in Headers */ = {isa = PBXBuildFile; fileRef = BC257DE60E1F51C50016B6C9 /* Arguments.h */; };
</del><span class="cx"> BC3046070E1F497F003232CF /* Error.h in Headers */ = {isa = PBXBuildFile; fileRef = BC3046060E1F497F003232CF /* Error.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> BC6AAAE50E1F426500AD87D8 /* ClassInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = BC6AAAE40E1F426500AD87D8 /* ClassInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> BC756FC90E2031B200DE7D12 /* JSGlobalObjectFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = BC756FC70E2031B200DE7D12 /* JSGlobalObjectFunctions.h */; };
</span><span class="lines">@@ -1797,8 +1821,6 @@
</span><span class="cx"> 0F13912716771C30009CCB07 /* ProfilerProfiledBytecodes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ProfilerProfiledBytecodes.h; path = profiler/ProfilerProfiledBytecodes.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F13E04C16164A1B00DC8DE7 /* IndexingType.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IndexingType.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CommonSlowPaths.h; sourceTree = "<group>"; };
</span><del>- 0F16015A156198BF00C2587C /* DFGArgumentsSimplificationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGArgumentsSimplificationPhase.cpp; path = dfg/DFGArgumentsSimplificationPhase.cpp; sourceTree = "<group>"; };
- 0F16015B156198BF00C2587C /* DFGArgumentsSimplificationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArgumentsSimplificationPhase.h; path = dfg/DFGArgumentsSimplificationPhase.h; sourceTree = "<group>"; };
</del><span class="cx"> 0F190CAA189D82F6000AE5F0 /* ProfilerJettisonReason.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ProfilerJettisonReason.cpp; path = profiler/ProfilerJettisonReason.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F190CAB189D82F6000AE5F0 /* ProfilerJettisonReason.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ProfilerJettisonReason.h; path = profiler/ProfilerJettisonReason.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F1DD84918A945BE0026F3FA /* JSCInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSCInlines.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -1945,6 +1967,12 @@
</span><span class="cx"> 0F2D4DE519832DAC007D4B19 /* ToThisStatus.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ToThisStatus.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F2D4DE619832DAC007D4B19 /* ToThisStatus.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ToThisStatus.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F2D4DE719832DAC007D4B19 /* TypeLocation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TypeLocation.h; sourceTree = "<group>"; };
</span><ins>+ 0F2DD80A1AB3D85800BBB8E8 /* BytecodeKills.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BytecodeKills.h; sourceTree = "<group>"; };
+ 0F2DD80C1AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGArgumentsEliminationPhase.cpp; path = dfg/DFGArgumentsEliminationPhase.cpp; sourceTree = "<group>"; };
+ 0F2DD80D1AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArgumentsEliminationPhase.h; path = dfg/DFGArgumentsEliminationPhase.h; sourceTree = "<group>"; };
+ 0F2DD80E1AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGArgumentsUtilities.cpp; path = dfg/DFGArgumentsUtilities.cpp; sourceTree = "<group>"; };
+ 0F2DD80F1AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArgumentsUtilities.h; path = dfg/DFGArgumentsUtilities.h; sourceTree = "<group>"; };
+ 0F2DD8101AB3D8BE00BBB8E8 /* DFGForAllKills.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGForAllKills.h; path = dfg/DFGForAllKills.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F2FC77016E12F6F0038D976 /* DFGDCEPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGDCEPhase.cpp; path = dfg/DFGDCEPhase.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F2FC77116E12F6F0038D976 /* DFGDCEPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGDCEPhase.h; path = dfg/DFGDCEPhase.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F2FCCF218A60070001A27F8 /* DFGGraphSafepoint.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGGraphSafepoint.cpp; path = dfg/DFGGraphSafepoint.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -2132,6 +2160,7 @@
</span><span class="cx"> 0F963B3613FC6FDE0002D9B2 /* ValueProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ValueProfile.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F96EBB116676EF4008BADE3 /* CodeBlockWithJITType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeBlockWithJITType.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F97496F1687ADE200A4FF6A /* JSCellInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSCellInlines.h; sourceTree = "<group>"; };
</span><ins>+ 0F978B3A1AAEA71D007C7369 /* ConstantMode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ConstantMode.cpp; sourceTree = "<group>"; };
</ins><span class="cx"> 0F98205D16BFE37F00240D02 /* PreciseJumpTargets.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PreciseJumpTargets.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F98205E16BFE37F00240D02 /* PreciseJumpTargets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PreciseJumpTargets.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F9C5E5C18E35F5E00D431C3 /* FTLDWARFRegister.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLDWARFRegister.cpp; path = ftl/FTLDWARFRegister.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -2199,6 +2228,7 @@
</span><span class="cx"> 0FBC0AE41496C7C100D4FBDD /* DFGExitProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DFGExitProfile.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FBC0AE51496C7C100D4FBDD /* DFGExitProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DFGExitProfile.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FBD7E671447998F00481315 /* CodeOrigin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeOrigin.h; sourceTree = "<group>"; };
</span><ins>+ 0FBDB9AC1AB0FBC6000B57E5 /* DFGCallCreateDirectArgumentsSlowPathGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCallCreateDirectArgumentsSlowPathGenerator.h; path = dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0FBE0F6B16C1DB010082C5E8 /* DFGCPSRethreadingPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCPSRethreadingPhase.cpp; path = dfg/DFGCPSRethreadingPhase.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FBE0F6C16C1DB010082C5E8 /* DFGCPSRethreadingPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCPSRethreadingPhase.h; path = dfg/DFGCPSRethreadingPhase.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FBE0F6D16C1DB010082C5E8 /* DFGPredictionInjectionPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGPredictionInjectionPhase.cpp; path = dfg/DFGPredictionInjectionPhase.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -2309,8 +2339,28 @@
</span><span class="cx"> 0FDB2CE9174896C7007B3C1B /* ConcurrentJITLock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ConcurrentJITLock.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FDDBFB21666EED500C55FEF /* DFGVariableAccessDataDump.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGVariableAccessDataDump.cpp; path = dfg/DFGVariableAccessDataDump.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FDDBFB31666EED500C55FEF /* DFGVariableAccessDataDump.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGVariableAccessDataDump.h; path = dfg/DFGVariableAccessDataDump.h; sourceTree = "<group>"; };
</span><ins>+ 0FE0500C1AA9091100D33B33 /* ArgumentsMode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArgumentsMode.h; sourceTree = "<group>"; };
+ 0FE0500D1AA9091100D33B33 /* DirectArgumentsOffset.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DirectArgumentsOffset.cpp; sourceTree = "<group>"; };
+ 0FE0500E1AA9091100D33B33 /* DirectArgumentsOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DirectArgumentsOffset.h; sourceTree = "<group>"; };
+ 0FE0500F1AA9091100D33B33 /* DirectArguments.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DirectArguments.cpp; sourceTree = "<group>"; };
+ 0FE050101AA9091100D33B33 /* DirectArguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DirectArguments.h; sourceTree = "<group>"; };
+ 0FE050111AA9091100D33B33 /* GenericArguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericArguments.h; sourceTree = "<group>"; };
+ 0FE050121AA9091100D33B33 /* GenericArgumentsInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericArgumentsInlines.h; sourceTree = "<group>"; };
+ 0FE050131AA9091100D33B33 /* GenericOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GenericOffset.h; sourceTree = "<group>"; };
+ 0FE0501C1AA9095600D33B33 /* ClonedArguments.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ClonedArguments.cpp; sourceTree = "<group>"; };
+ 0FE0501D1AA9095600D33B33 /* ClonedArguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClonedArguments.h; sourceTree = "<group>"; };
+ 0FE0501E1AA9095600D33B33 /* ScopedArguments.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScopedArguments.cpp; sourceTree = "<group>"; };
+ 0FE0501F1AA9095600D33B33 /* ScopedArguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScopedArguments.h; sourceTree = "<group>"; };
+ 0FE050201AA9095600D33B33 /* ScopedArgumentsTable.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScopedArgumentsTable.h; sourceTree = "<group>"; };
+ 0FE050211AA9095600D33B33 /* ScopeOffset.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScopeOffset.cpp; sourceTree = "<group>"; };
+ 0FE050221AA9095600D33B33 /* ScopeOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScopeOffset.h; sourceTree = "<group>"; };
+ 0FE050231AA9095600D33B33 /* VarOffset.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VarOffset.cpp; sourceTree = "<group>"; };
+ 0FE050241AA9095600D33B33 /* VarOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VarOffset.h; sourceTree = "<group>"; };
+ 0FE0502E1AAA806900D33B33 /* ScopedArgumentsTable.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScopedArgumentsTable.cpp; sourceTree = "<group>"; };
</ins><span class="cx"> 0FE228EA1436AB2300196C48 /* Options.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Options.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FE228EB1436AB2300196C48 /* Options.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Options.h; sourceTree = "<group>"; };
</span><ins>+ 0FE254F41ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGVarargsForwardingPhase.cpp; path = dfg/DFGVarargsForwardingPhase.cpp; sourceTree = "<group>"; };
+ 0FE254F51ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGVarargsForwardingPhase.h; path = dfg/DFGVarargsForwardingPhase.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0FE7211B193B9C590031F6ED /* DFGTransition.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGTransition.cpp; path = dfg/DFGTransition.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FE7211C193B9C590031F6ED /* DFGTransition.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGTransition.h; path = dfg/DFGTransition.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FE834151A6EF97B00D04847 /* PolymorphicCallStubRoutine.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PolymorphicCallStubRoutine.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -3198,8 +3248,6 @@
</span><span class="cx"> BC22A3980E16E14800AF21C8 /* JSObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSObject.cpp; sourceTree = "<group>"; };
</span><span class="cx"> BC22A3990E16E14800AF21C8 /* JSObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSObject.h; sourceTree = "<group>"; };
</span><span class="cx"> BC22A39A0E16E14800AF21C8 /* JSEnvironmentRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSEnvironmentRecord.cpp; sourceTree = "<group>"; };
</span><del>- BC257DE50E1F51C50016B6C9 /* Arguments.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Arguments.cpp; sourceTree = "<group>"; };
- BC257DE60E1F51C50016B6C9 /* Arguments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Arguments.h; sourceTree = "<group>"; };
</del><span class="cx"> BC2680C00E16D4E900A06E92 /* FunctionConstructor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FunctionConstructor.cpp; sourceTree = "<group>"; };
</span><span class="cx"> BC2680C10E16D4E900A06E92 /* FunctionConstructor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FunctionConstructor.h; sourceTree = "<group>"; };
</span><span class="cx"> BC2680C20E16D4E900A06E92 /* NumberConstructor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NumberConstructor.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -4234,12 +4282,11 @@
</span><span class="cx"> children = (
</span><span class="cx"> BCF605110E203EF800B9A64D /* ArgList.cpp */,
</span><span class="cx"> BCF605120E203EF800B9A64D /* ArgList.h */,
</span><del>- BC257DE50E1F51C50016B6C9 /* Arguments.cpp */,
- BC257DE60E1F51C50016B6C9 /* Arguments.h */,
</del><span class="cx"> A76140C7182982CB00750624 /* ArgumentsIteratorConstructor.cpp */,
</span><span class="cx"> A76140C8182982CB00750624 /* ArgumentsIteratorConstructor.h */,
</span><span class="cx"> A76140C9182982CB00750624 /* ArgumentsIteratorPrototype.cpp */,
</span><span class="cx"> A76140CA182982CB00750624 /* ArgumentsIteratorPrototype.h */,
</span><ins>+ 0FE0500C1AA9091100D33B33 /* ArgumentsMode.h */,
</ins><span class="cx"> 0F6B1CB71861244C00845D97 /* ArityCheckMode.h */,
</span><span class="cx"> A7A8AF2517ADB5F2005AB174 /* ArrayBuffer.cpp */,
</span><span class="cx"> A7A8AF2617ADB5F3005AB174 /* ArrayBuffer.h */,
</span><span class="lines">@@ -4274,6 +4321,8 @@
</span><span class="cx"> BCA62DFE0E2826230004F30D /* CallData.cpp */,
</span><span class="cx"> 145C507F0D9DF63B0088F6B9 /* CallData.h */,
</span><span class="cx"> BC6AAAE40E1F426500AD87D8 /* ClassInfo.h */,
</span><ins>+ 0FE0501C1AA9095600D33B33 /* ClonedArguments.cpp */,
+ 0FE0501D1AA9095600D33B33 /* ClonedArguments.h */,
</ins><span class="cx"> A77F181F164088B200640A47 /* CodeCache.cpp */,
</span><span class="cx"> A77F1820164088B200640A47 /* CodeCache.h */,
</span><span class="cx"> 0F8F943A1667631100D61971 /* CodeSpecializationKind.cpp */,
</span><span class="lines">@@ -4294,6 +4343,7 @@
</span><span class="cx"> A53CE08118BC1A5600BEDF76 /* ConsolePrototype.cpp */,
</span><span class="cx"> A53CE08218BC1A5600BEDF76 /* ConsolePrototype.h */,
</span><span class="cx"> A5FD0071189B038C00633231 /* ConsoleTypes.h */,
</span><ins>+ 0F978B3A1AAEA71D007C7369 /* ConstantMode.cpp */,
</ins><span class="cx"> 0FFC99D0184EC8AD009C10AB /* ConstantMode.h */,
</span><span class="cx"> BCA62DFF0E2826310004F30D /* ConstructData.cpp */,
</span><span class="cx"> BC8F3CCF0DAF17BA00577A80 /* ConstructData.h */,
</span><span class="lines">@@ -4312,6 +4362,10 @@
</span><span class="cx"> 14A1563010966365006FA260 /* DateInstanceCache.h */,
</span><span class="cx"> BCD203470E17135E002C7E82 /* DatePrototype.cpp */,
</span><span class="cx"> BCD203480E17135E002C7E82 /* DatePrototype.h */,
</span><ins>+ 0FE0500F1AA9091100D33B33 /* DirectArguments.cpp */,
+ 0FE050101AA9091100D33B33 /* DirectArguments.h */,
+ 0FE0500D1AA9091100D33B33 /* DirectArgumentsOffset.cpp */,
+ 0FE0500E1AA9091100D33B33 /* DirectArgumentsOffset.h */,
</ins><span class="cx"> A70447EB17A0BD7000F5898E /* DumpContext.cpp */,
</span><span class="cx"> A70447EC17A0BD7000F5898E /* DumpContext.h */,
</span><span class="cx"> 2AD2EDFA19799E38004D6478 /* EnumerationMode.h */,
</span><span class="lines">@@ -4341,6 +4395,9 @@
</span><span class="cx"> 52B310FA1974AE610080857C /* FunctionHasExecutedCache.h */,
</span><span class="cx"> F692A85C0255597D01FF60F7 /* FunctionPrototype.cpp */,
</span><span class="cx"> F692A85D0255597D01FF60F7 /* FunctionPrototype.h */,
</span><ins>+ 0FE050111AA9091100D33B33 /* GenericArguments.h */,
+ 0FE050121AA9091100D33B33 /* GenericArgumentsInlines.h */,
+ 0FE050131AA9091100D33B33 /* GenericOffset.h */,
</ins><span class="cx"> 0F2B66B217B6B5AB00A7AE3F /* GenericTypedArrayView.h */,
</span><span class="cx"> 0F2B66B317B6B5AB00A7AE3F /* GenericTypedArrayViewInlines.h */,
</span><span class="cx"> BC02E9B80E184545000F9297 /* GetterSetter.cpp */,
</span><span class="lines">@@ -4578,6 +4635,12 @@
</span><span class="cx"> 52C0611D1AA51E1B00B4ADBA /* RuntimeType.h */,
</span><span class="cx"> 0F7700911402FF280078EB39 /* SamplingCounter.cpp */,
</span><span class="cx"> 0F77008E1402FDD60078EB39 /* SamplingCounter.h */,
</span><ins>+ 0FE0501E1AA9095600D33B33 /* ScopedArguments.cpp */,
+ 0FE0501F1AA9095600D33B33 /* ScopedArguments.h */,
+ 0FE0502E1AAA806900D33B33 /* ScopedArgumentsTable.cpp */,
+ 0FE050201AA9095600D33B33 /* ScopedArgumentsTable.h */,
+ 0FE050211AA9095600D33B33 /* ScopeOffset.cpp */,
+ 0FE050221AA9095600D33B33 /* ScopeOffset.h */,
</ins><span class="cx"> A7299DA317D12858005F5FF9 /* SetConstructor.cpp */,
</span><span class="cx"> A7299DA417D12858005F5FF9 /* SetConstructor.h */,
</span><span class="cx"> A790DD65182F499700588807 /* SetIteratorConstructor.cpp */,
</span><span class="lines">@@ -4654,6 +4717,8 @@
</span><span class="cx"> A7A8AF3217ADB5F3005AB174 /* Uint16Array.h */,
</span><span class="cx"> 866739D113BFDE710023D87C /* Uint16WithFraction.h */,
</span><span class="cx"> A7A8AF3317ADB5F3005AB174 /* Uint32Array.h */,
</span><ins>+ 0FE050231AA9095600D33B33 /* VarOffset.cpp */,
+ 0FE050241AA9095600D33B33 /* VarOffset.h */,
</ins><span class="cx"> E18E3A570DF9278C00D90B34 /* VM.cpp */,
</span><span class="cx"> E18E3A560DF9278C00D90B34 /* VM.h */,
</span><span class="cx"> FE5932A5183C5A2600A1ECCC /* VMEntryScope.cpp */,
</span><span class="lines">@@ -4724,8 +4789,10 @@
</span><span class="cx"> 0FB4B51916B62772003F696B /* DFGAllocator.h */,
</span><span class="cx"> A73781091799EA2E00817533 /* DFGAnalysis.h */,
</span><span class="cx"> 0F1E3A431534CBAD000F9456 /* DFGArgumentPosition.h */,
</span><del>- 0F16015A156198BF00C2587C /* DFGArgumentsSimplificationPhase.cpp */,
- 0F16015B156198BF00C2587C /* DFGArgumentsSimplificationPhase.h */,
</del><ins>+ 0F2DD80C1AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.cpp */,
+ 0F2DD80D1AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.h */,
+ 0F2DD80E1AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.cpp */,
+ 0F2DD80F1AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.h */,
</ins><span class="cx"> 0F48531F187750560083B687 /* DFGArithMode.cpp */,
</span><span class="cx"> 0F485320187750560083B687 /* DFGArithMode.h */,
</span><span class="cx"> 0F05C3B21683CF8F00BAF45B /* DFGArrayifySlowPathGenerator.h */,
</span><span class="lines">@@ -4755,6 +4822,7 @@
</span><span class="cx"> 86EC9DB41328DF82002B2AD7 /* DFGByteCodeParser.cpp */,
</span><span class="cx"> 86EC9DB51328DF82002B2AD7 /* DFGByteCodeParser.h */,
</span><span class="cx"> 0F256C341627B0AA007F2783 /* DFGCallArrayAllocatorSlowPathGenerator.h */,
</span><ins>+ 0FBDB9AC1AB0FBC6000B57E5 /* DFGCallCreateDirectArgumentsSlowPathGenerator.h */,
</ins><span class="cx"> 0FD82E1E14172C2F00179C94 /* DFGCapabilities.cpp */,
</span><span class="cx"> 0FD82E1F14172C2F00179C94 /* DFGCapabilities.h */,
</span><span class="cx"> 0FFFC94B14EF909500C72532 /* DFGCFAPhase.cpp */,
</span><span class="lines">@@ -4817,6 +4885,7 @@
</span><span class="cx"> 0F9D339517FFC4E60073C2BC /* DFGFlushedAt.h */,
</span><span class="cx"> A7D89CE817A0B8CC00773AD8 /* DFGFlushFormat.cpp */,
</span><span class="cx"> A7D89CE917A0B8CC00773AD8 /* DFGFlushFormat.h */,
</span><ins>+ 0F2DD8101AB3D8BE00BBB8E8 /* DFGForAllKills.h */,
</ins><span class="cx"> 0F69CC86193AC60A0045759E /* DFGFrozenValue.cpp */,
</span><span class="cx"> 0F69CC87193AC60A0045759E /* DFGFrozenValue.h */,
</span><span class="cx"> 2A88067619107D5500CB0BBB /* DFGFunctionWhitelist.cpp */,
</span><span class="lines">@@ -4984,6 +5053,8 @@
</span><span class="cx"> 0F2BDC401522801700CD8910 /* DFGValueSource.h */,
</span><span class="cx"> 0F0123301944EA1B00843A0C /* DFGValueStrength.cpp */,
</span><span class="cx"> 0F0123311944EA1B00843A0C /* DFGValueStrength.h */,
</span><ins>+ 0FE254F41ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.cpp */,
+ 0FE254F51ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.h */,
</ins><span class="cx"> 0F6E845919030BEF00562741 /* DFGVariableAccessData.cpp */,
</span><span class="cx"> 0F620172143FCD2F0068B77C /* DFGVariableAccessData.h */,
</span><span class="cx"> 0FDDBFB21666EED500C55FEF /* DFGVariableAccessDataDump.cpp */,
</span><span class="lines">@@ -5105,6 +5176,7 @@
</span><span class="cx"> C2FCAE0C17A9C24E0034C735 /* BytecodeBasicBlock.cpp */,
</span><span class="cx"> C2FCAE0D17A9C24E0034C735 /* BytecodeBasicBlock.h */,
</span><span class="cx"> 0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */,
</span><ins>+ 0F2DD80A1AB3D85800BBB8E8 /* BytecodeKills.h */,
</ins><span class="cx"> 6529FB3118B2D99900C61102 /* BytecodeList.json */,
</span><span class="cx"> C2FCAE0E17A9C24E0034C735 /* BytecodeLivenessAnalysis.cpp */,
</span><span class="cx"> C2FCAE0F17A9C24E0034C735 /* BytecodeLivenessAnalysis.h */,
</span><span class="lines">@@ -5459,18 +5531,19 @@
</span><span class="cx"> files = (
</span><span class="cx"> 0FFA549816B8835300B3A982 /* A64DOpcode.h in Headers */,
</span><span class="cx"> 860161E30F3A83C100F84710 /* AbstractMacroAssembler.h in Headers */,
</span><ins>+ 0FE050291AA9095600D33B33 /* ScopedArgumentsTable.h in Headers */,
</ins><span class="cx"> 0F55F0F514D1063C00AC7649 /* AbstractPC.h in Headers */,
</span><span class="cx"> 2A48D1911772365B00C65A5F /* APICallbackFunction.h in Headers */,
</span><span class="cx"> BC18C3E50E16F5CD00B34460 /* APICast.h in Headers */,
</span><span class="cx"> BCF605140E203EF800B9A64D /* ArgList.h in Headers */,
</span><span class="cx"> 2A88067919107D5500CB0BBB /* DFGFunctionWhitelist.h in Headers */,
</span><del>- BC257DE80E1F51C50016B6C9 /* Arguments.h in Headers */,
</del><span class="cx"> A76140CE182982CB00750624 /* ArgumentsIteratorConstructor.h in Headers */,
</span><span class="cx"> A76140D0182982CB00750624 /* ArgumentsIteratorPrototype.h in Headers */,
</span><span class="cx"> 0F6B1CCA18641DF800845D97 /* ArityCheckFailReturnThunks.h in Headers */,
</span><span class="cx"> 0F6B1CB91861244C00845D97 /* ArityCheckMode.h in Headers */,
</span><span class="cx"> A1A009C11831A26E00CF8711 /* ARM64Assembler.h in Headers */,
</span><span class="cx"> 86D3B2C410156BDE002865E7 /* ARMAssembler.h in Headers */,
</span><ins>+ 0FE050281AA9095600D33B33 /* ScopedArguments.h in Headers */,
</ins><span class="cx"> 52C0611F1AA51E1C00B4ADBA /* RuntimeType.h in Headers */,
</span><span class="cx"> C442CB251A6CDB8C005D3D7C /* JSInputs.json in Headers */,
</span><span class="cx"> 52678F911A04177C006A306D /* ControlFlowProfiler.h in Headers */,
</span><span class="lines">@@ -5631,7 +5704,6 @@
</span><span class="cx"> A737810C1799EA2E00817533 /* DFGAnalysis.h in Headers */,
</span><span class="cx"> 0F1E3A461534CBAF000F9456 /* DFGArgumentPosition.h in Headers */,
</span><span class="cx"> A5C3A1A618C0490200C9593A /* JSGlobalObjectConsoleClient.h in Headers */,
</span><del>- 0F16015E156198C900C2587C /* DFGArgumentsSimplificationPhase.h in Headers */,
</del><span class="cx"> 0F485322187750560083B687 /* DFGArithMode.h in Headers */,
</span><span class="cx"> 0F05C3B41683CF9200BAF45B /* DFGArrayifySlowPathGenerator.h in Headers */,
</span><span class="cx"> 0F63948515E4811B006A597C /* DFGArrayMode.h in Headers */,
</span><span class="lines">@@ -5646,6 +5718,7 @@
</span><span class="cx"> 0F256C361627B0AD007F2783 /* DFGCallArrayAllocatorSlowPathGenerator.h in Headers */,
</span><span class="cx"> 0F7B294B14C3CD2F007C3DB1 /* DFGCapabilities.h in Headers */,
</span><span class="cx"> 0FFFC95814EF90A200C72532 /* DFGCFAPhase.h in Headers */,
</span><ins>+ 0F2DD80B1AB3D85800BBB8E8 /* BytecodeKills.h in Headers */,
</ins><span class="cx"> 0F3B3A281544C997003ED0FF /* DFGCFGSimplificationPhase.h in Headers */,
</span><span class="cx"> A77A424017A0BBFD00A8DB81 /* DFGClobberize.h in Headers */,
</span><span class="cx"> A77A424217A0BBFD00A8DB81 /* DFGClobberSet.h in Headers */,
</span><span class="lines">@@ -5735,6 +5808,7 @@
</span><span class="cx"> A77A424317A0BBFD00A8DB81 /* DFGSafeToExecute.h in Headers */,
</span><span class="cx"> A741017F179DAF80002EB8BA /* DFGSaneStringGetByValSlowPathGenerator.h in Headers */,
</span><span class="cx"> 0F2FCCFD18A60070001A27F8 /* DFGScannable.h in Headers */,
</span><ins>+ 0F2DD8141AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.h in Headers */,
</ins><span class="cx"> 86ECA3FA132DF25A002B2AD7 /* DFGScoreBoard.h in Headers */,
</span><span class="cx"> 0F1E3A67153A21E2000F9456 /* DFGSilentRegisterSavePlan.h in Headers */,
</span><span class="cx"> 0FFB921D16D02F300055A5DB /* DFGSlowPathGenerator.h in Headers */,
</span><span class="lines">@@ -5789,6 +5863,7 @@
</span><span class="cx"> 0FDB2CC9173DA520007B3C1B /* FTLAbbreviatedTypes.h in Headers */,
</span><span class="cx"> 0FEA0A08170513DB00BB722C /* FTLAbbreviations.h in Headers */,
</span><span class="cx"> A53CE08A18BC21C300BEDF76 /* ConsoleClient.h in Headers */,
</span><ins>+ 0FE050191AA9091100D33B33 /* GenericArguments.h in Headers */,
</ins><span class="cx"> 0FEA0A1D1708B00700BB722C /* FTLAbstractHeap.h in Headers */,
</span><span class="cx"> DC00039319D8BE6F00023EB0 /* DFGPreciseLocalClobberize.h in Headers */,
</span><span class="cx"> 0FEA0A1F1708B00700BB722C /* FTLAbstractHeapRepository.h in Headers */,
</span><span class="lines">@@ -5873,6 +5948,7 @@
</span><span class="cx"> C2C8D03114A3CEFC00578E65 /* HeapBlock.h in Headers */,
</span><span class="cx"> 2AD8932B17E3868F00668276 /* HeapIterationScope.h in Headers */,
</span><span class="cx"> 2A6F462617E959CE00C45C98 /* HeapOperation.h in Headers */,
</span><ins>+ 0FE050141AA9091100D33B33 /* ArgumentsMode.h in Headers */,
</ins><span class="cx"> 14F97447138C853E00DA1C67 /* HeapRootVisitor.h in Headers */,
</span><span class="cx"> C24D31E3161CD695002AA4DB /* HeapStatistics.h in Headers */,
</span><span class="cx"> C2E526BE1590EF000054E48D /* HeapTimer.h in Headers */,
</span><span class="lines">@@ -5899,6 +5975,7 @@
</span><span class="cx"> A593CF7F1840362C00BFCE27 /* InspectorAgentBase.h in Headers */,
</span><span class="cx"> 0F3E01AB19D353A500F61B7F /* DFGPrePostNumbering.h in Headers */,
</span><span class="cx"> A593CF87184038CA00BFCE27 /* InspectorAgentRegistry.h in Headers */,
</span><ins>+ 0FE050261AA9095600D33B33 /* ClonedArguments.h in Headers */,
</ins><span class="cx"> A593CF7D1840360300BFCE27 /* InspectorBackendDispatcher.h in Headers */,
</span><span class="cx"> A5FD0082189B191A00633231 /* InspectorConsoleAgent.h in Headers */,
</span><span class="cx"> A57D23E61890CEBF0031C7FA /* InspectorDebuggerAgent.h in Headers */,
</span><span class="lines">@@ -5974,6 +6051,7 @@
</span><span class="cx"> BC1167DA0E19BCC9008066DD /* JSCell.h in Headers */,
</span><span class="cx"> 0F9749711687ADE400A4FF6A /* JSCellInlines.h in Headers */,
</span><span class="cx"> 0F1DD84A18A945BE0026F3FA /* JSCInlines.h in Headers */,
</span><ins>+ 0FE0501A1AA9091100D33B33 /* GenericArgumentsInlines.h in Headers */,
</ins><span class="cx"> BC18C42B0E16F5CD00B34460 /* JSCJSValue.h in Headers */,
</span><span class="cx"> 0F64B2721A784BAF006E4E66 /* BinarySwitch.h in Headers */,
</span><span class="cx"> 865A30F1135007E100CDB49E /* JSCJSValueInlines.h in Headers */,
</span><span class="lines">@@ -6054,6 +6132,7 @@
</span><span class="cx"> 1A28D4A8177B71C80007FA3C /* JSStringRefPrivate.h in Headers */,
</span><span class="cx"> 0F919D0D157EE0A2004A4E7D /* JSSymbolTableObject.h in Headers */,
</span><span class="cx"> BC18C42A0E16F5CD00B34460 /* JSType.h in Headers */,
</span><ins>+ 0FE050161AA9091100D33B33 /* DirectArgumentsOffset.h in Headers */,
</ins><span class="cx"> 0F2B66FB17B6B5AB00A7AE3F /* JSTypedArrayConstructors.h in Headers */,
</span><span class="cx"> 0F2B66FD17B6B5AB00A7AE3F /* JSTypedArrayPrototypes.h in Headers */,
</span><span class="cx"> 0F2B66FF17B6B5AB00A7AE3F /* JSTypedArrays.h in Headers */,
</span><span class="lines">@@ -6062,6 +6141,7 @@
</span><span class="cx"> 0F2B670317B6B5AB00A7AE3F /* JSUint32Array.h in Headers */,
</span><span class="cx"> 0F2D4DF019832DD6007D4B19 /* TypeSet.h in Headers */,
</span><span class="cx"> 0F2B670017B6B5AB00A7AE3F /* JSUint8Array.h in Headers */,
</span><ins>+ 0FE0502D1AA9095600D33B33 /* VarOffset.h in Headers */,
</ins><span class="cx"> 0F2B670117B6B5AB00A7AE3F /* JSUint8ClampedArray.h in Headers */,
</span><span class="cx"> 86E3C612167BABD7006D760A /* JSValue.h in Headers */,
</span><span class="cx"> 86E3C61B167BABEE006D760A /* JSValueInternal.h in Headers */,
</span><span class="lines">@@ -6090,8 +6170,10 @@
</span><span class="cx"> A7E2EA6B0FB460CF00601F06 /* LiteralParser.h in Headers */,
</span><span class="cx"> 0F0FC45A14BD15F500B81154 /* LLIntCallLinkInfo.h in Headers */,
</span><span class="cx"> 0FC3CD0019ADA410006AC72A /* DFGBlockWorklist.h in Headers */,
</span><ins>+ 0FE050181AA9091100D33B33 /* DirectArguments.h in Headers */,
</ins><span class="cx"> FE20CE9E15F04A9500DF3430 /* LLIntCLoop.h in Headers */,
</span><span class="cx"> 0F4680CA14BBB16C00BFE272 /* LLIntCommon.h in Headers */,
</span><ins>+ 0FBDB9AD1AB0FBC6000B57E5 /* DFGCallCreateDirectArgumentsSlowPathGenerator.h in Headers */,
</ins><span class="cx"> 0F4680D314BBD16700BFE272 /* LLIntData.h in Headers */,
</span><span class="cx"> 0F38B01217CF078300B144D3 /* LLIntEntrypoint.h in Headers */,
</span><span class="cx"> 0F4680A314BA7F8D00BFE272 /* LLIntExceptions.h in Headers */,
</span><span class="lines">@@ -6164,6 +6246,7 @@
</span><span class="cx"> A70447EA17A0BD4600F5898E /* OperandsInlines.h in Headers */,
</span><span class="cx"> 0F2D4DDE19832D34007D4B19 /* DebuggerScope.h in Headers */,
</span><span class="cx"> BC18C4480E16F5CD00B34460 /* Operations.h in Headers */,
</span><ins>+ 0FE0501B1AA9091100D33B33 /* GenericOffset.h in Headers */,
</ins><span class="cx"> 0FE228ED1436AB2700196C48 /* Options.h in Headers */,
</span><span class="cx"> BC18C44B0E16F5CD00B34460 /* Parser.h in Headers */,
</span><span class="cx"> 93052C350FB792190048FDC3 /* ParserArena.h in Headers */,
</span><span class="lines">@@ -6173,6 +6256,7 @@
</span><span class="cx"> 0F34B14C16D43E0D001CDA5A /* PolymorphicAccessStructureList.h in Headers */,
</span><span class="cx"> 0F9FC8C414E1B60000D52AE0 /* PolymorphicPutByIdList.h in Headers */,
</span><span class="cx"> 0F98206116BFE38300240D02 /* PreciseJumpTargets.h in Headers */,
</span><ins>+ 0F2DD8151AB3D8BE00BBB8E8 /* DFGForAllKills.h in Headers */,
</ins><span class="cx"> 868916B0155F286300CB2B9A /* PrivateName.h in Headers */,
</span><span class="cx"> A5EA70E719F5B1010098F5EC /* AugmentableInspectorController.h in Headers */,
</span><span class="cx"> BC18C4500E16F5CD00B34460 /* Profile.h in Headers */,
</span><span class="lines">@@ -6245,6 +6329,7 @@
</span><span class="cx"> 869EBCB70E8C6D4A008722CC /* ResultType.h in Headers */,
</span><span class="cx"> C22B31B9140577D700DB475A /* SamplingCounter.h in Headers */,
</span><span class="cx"> 1429D8860ED21C3D00B89619 /* SamplingTool.h in Headers */,
</span><ins>+ 0FE254F71ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.h in Headers */,
</ins><span class="cx"> 0F24E55217EE274900ABB217 /* ScratchRegisterAllocator.h in Headers */,
</span><span class="cx"> A5FD0068189AFE9C00633231 /* ScriptArguments.h in Headers */,
</span><span class="cx"> A503FA21188EFF6800110F14 /* ScriptBreakpoint.h in Headers */,
</span><span class="lines">@@ -6324,6 +6409,7 @@
</span><span class="cx"> 0FF42749158EBE91004CB9FF /* udis86_types.h in Headers */,
</span><span class="cx"> 70B0A9D11A9B66460001306A /* RuntimeFlags.h in Headers */,
</span><span class="cx"> A7E5AB391799E4B200D2833D /* UDis86Disassembler.h in Headers */,
</span><ins>+ 0FE0502B1AA9095600D33B33 /* ScopeOffset.h in Headers */,
</ins><span class="cx"> A7A8AF4117ADB5F3005AB174 /* Uint16Array.h in Headers */,
</span><span class="cx"> 0FE834181A6EF97B00D04847 /* PolymorphicCallStubRoutine.h in Headers */,
</span><span class="cx"> 866739D313BFDE710023D87C /* Uint16WithFraction.h in Headers */,
</span><span class="lines">@@ -6348,6 +6434,7 @@
</span><span class="cx"> 14BFCE6910CDB1FC00364CCE /* WeakGCMap.h in Headers */,
</span><span class="cx"> 14F7256614EE265E00B1652B /* WeakHandleOwner.h in Headers */,
</span><span class="cx"> 14E84FA214EE1ACC00D6D5D4 /* WeakImpl.h in Headers */,
</span><ins>+ 0F2DD8121AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.h in Headers */,
</ins><span class="cx"> 14BE7D3317135CF400D1807A /* WeakInlines.h in Headers */,
</span><span class="cx"> A7CA3AE417DA41AE006538AF /* WeakMapConstructor.h in Headers */,
</span><span class="cx"> A7CA3AEC17DA5168006538AF /* WeakMapData.h in Headers */,
</span><span class="lines">@@ -6834,9 +6921,9 @@
</span><span class="cx"> 9E729408190F021E001A91B5 /* InitializeLLVMPOSIX.cpp in Sources */,
</span><span class="cx"> 9E729407190F01A5001A91B5 /* InitializeThreading.cpp in Sources */,
</span><span class="cx"> 0FFA549716B8835000B3A982 /* A64DOpcode.cpp in Sources */,
</span><ins>+ 0FE050151AA9091100D33B33 /* DirectArgumentsOffset.cpp in Sources */,
</ins><span class="cx"> 0F55F0F414D1063900AC7649 /* AbstractPC.cpp in Sources */,
</span><span class="cx"> 147F39BD107EC37600427A48 /* ArgList.cpp in Sources */,
</span><del>- 147F39BE107EC37600427A48 /* Arguments.cpp in Sources */,
</del><span class="cx"> A76140CD182982CB00750624 /* ArgumentsIteratorConstructor.cpp in Sources */,
</span><span class="cx"> A76140CF182982CB00750624 /* ArgumentsIteratorPrototype.cpp in Sources */,
</span><span class="cx"> 0F6B1CC918641DF800845D97 /* ArityCheckFailReturnThunks.cpp in Sources */,
</span><span class="lines">@@ -6884,6 +6971,7 @@
</span><span class="cx"> A709F2F217A0AC2A00512E98 /* CommonSlowPaths.cpp in Sources */,
</span><span class="cx"> 6553A33117A1F1EE008CF6F3 /* CommonSlowPathsExceptions.cpp in Sources */,
</span><span class="cx"> 0F64B2791A7957B2006E4E66 /* CallEdge.cpp in Sources */,
</span><ins>+ 0FE254F61ABDDD2200A7C6D2 /* DFGVarargsForwardingPhase.cpp in Sources */,
</ins><span class="cx"> A7E5A3A71797432D00E893C0 /* CompilationResult.cpp in Sources */,
</span><span class="cx"> 147F39C2107EC37600427A48 /* Completion.cpp in Sources */,
</span><span class="cx"> 146B16D812EB5B59001BEC1B /* ConservativeRoots.cpp in Sources */,
</span><span class="lines">@@ -6906,7 +6994,6 @@
</span><span class="cx"> 0FC712DE17CD8779008CC93C /* DeferredCompilationCallback.cpp in Sources */,
</span><span class="cx"> A77A423D17A0BBFD00A8DB81 /* DFGAbstractHeap.cpp in Sources */,
</span><span class="cx"> 0F55C19417276E4600CEABFD /* DFGAbstractValue.cpp in Sources */,
</span><del>- 0F16015D156198C900C2587C /* DFGArgumentsSimplificationPhase.cpp in Sources */,
</del><span class="cx"> 0F485321187750560083B687 /* DFGArithMode.cpp in Sources */,
</span><span class="cx"> 0F2D4DDD19832D34007D4B19 /* DebuggerScope.cpp in Sources */,
</span><span class="cx"> 0F63948415E48118006A597C /* DFGArrayMode.cpp in Sources */,
</span><span class="lines">@@ -6916,6 +7003,7 @@
</span><span class="cx"> 0F2B9CEC19D0BA7D00B1D1B5 /* DFGPromotedHeapLocation.cpp in Sources */,
</span><span class="cx"> A7D89CF217A0B8CC00773AD8 /* DFGBasicBlock.cpp in Sources */,
</span><span class="cx"> 2A88067819107D5500CB0BBB /* DFGFunctionWhitelist.cpp in Sources */,
</span><ins>+ 0F2DD8131AB3D8BE00BBB8E8 /* DFGArgumentsUtilities.cpp in Sources */,
</ins><span class="cx"> A7D89CF317A0B8CC00773AD8 /* DFGBlockInsertionSet.cpp in Sources */,
</span><span class="cx"> 86EC9DC41328DF82002B2AD7 /* DFGByteCodeParser.cpp in Sources */,
</span><span class="cx"> 0FD82E2114172CE300179C94 /* DFGCapabilities.cpp in Sources */,
</span><span class="lines">@@ -6962,6 +7050,7 @@
</span><span class="cx"> A5C3A1A518C0490200C9593A /* JSGlobalObjectConsoleClient.cpp in Sources */,
</span><span class="cx"> 0FEA0A33170D40BF00BB722C /* DFGJITCode.cpp in Sources */,
</span><span class="cx"> 86EC9DCB1328DF82002B2AD7 /* DFGJITCompiler.cpp in Sources */,
</span><ins>+ 0FE0502A1AA9095600D33B33 /* ScopeOffset.cpp in Sources */,
</ins><span class="cx"> A78A9778179738B8009DF744 /* DFGJITFinalizer.cpp in Sources */,
</span><span class="cx"> 0FC97F3F18202119002C9B26 /* DFGJumpReplacement.cpp in Sources */,
</span><span class="cx"> A73A535A1799CD5D00170C19 /* DFGLazyJSValue.cpp in Sources */,
</span><span class="lines">@@ -7040,12 +7129,15 @@
</span><span class="cx"> 86CA032E1038E8440028A609 /* Executable.cpp in Sources */,
</span><span class="cx"> A7B48F490EE8936F00DCBDB6 /* ExecutableAllocator.cpp in Sources */,
</span><span class="cx"> 86DB64640F95C6FC00D7D921 /* ExecutableAllocatorFixedVMPool.cpp in Sources */,
</span><ins>+ 0F2DD8111AB3D8BE00BBB8E8 /* DFGArgumentsEliminationPhase.cpp in Sources */,
</ins><span class="cx"> 0F56A1D515001CF4002992B1 /* ExecutionCounter.cpp in Sources */,
</span><span class="cx"> 52678F8E1A031009006A306D /* BasicBlockLocation.cpp in Sources */,
</span><span class="cx"> 0F2D4DEB19832DC4007D4B19 /* TypeProfilerLog.cpp in Sources */,
</span><span class="cx"> 0F0332C018ADFAE1005F979A /* ExitingJITType.cpp in Sources */,
</span><span class="cx"> 0FB105851675480F00F8AB6E /* ExitKind.cpp in Sources */,
</span><span class="cx"> 0FEA0A1C1708B00700BB722C /* FTLAbstractHeap.cpp in Sources */,
</span><ins>+ 0F978B3B1AAEA71D007C7369 /* ConstantMode.cpp in Sources */,
+ 0FE050251AA9095600D33B33 /* ClonedArguments.cpp in Sources */,
</ins><span class="cx"> 0F79085519A290B200F6310C /* DFGStructureRegistrationPhase.cpp in Sources */,
</span><span class="cx"> 0FEA0A1E1708B00700BB722C /* FTLAbstractHeapRepository.cpp in Sources */,
</span><span class="cx"> 0F485327187DFDEC0083B687 /* FTLAvailableRecovery.cpp in Sources */,
</span><span class="lines">@@ -7184,6 +7276,7 @@
</span><span class="cx"> 0F2B66ED17B6B5AB00A7AE3F /* JSDataViewPrototype.cpp in Sources */,
</span><span class="cx"> 0F2D4DE819832DAC007D4B19 /* ToThisStatus.cpp in Sources */,
</span><span class="cx"> 978801401471AD920041B016 /* JSDateMath.cpp in Sources */,
</span><ins>+ 0FE050171AA9091100D33B33 /* DirectArguments.cpp in Sources */,
</ins><span class="cx"> 140566D6107EC271005DBC8D /* JSFunction.cpp in Sources */,
</span><span class="cx"> 147F39D2107EC37600427A48 /* JSGlobalObject.cpp in Sources */,
</span><span class="cx"> A5FD0085189B1B7E00633231 /* JSGlobalObjectConsoleAgent.cpp in Sources */,
</span><span class="lines">@@ -7332,6 +7425,7 @@
</span><span class="cx"> 0FA7A8EB18B413C80052371D /* Reg.cpp in Sources */,
</span><span class="cx"> 14280841107EC0930013E7B2 /* RegExp.cpp in Sources */,
</span><span class="cx"> A1712B3B11C7B212007A5315 /* RegExpCache.cpp in Sources */,
</span><ins>+ 0FE0502C1AA9095600D33B33 /* VarOffset.cpp in Sources */,
</ins><span class="cx"> 8642C510151C06A90046D4EF /* RegExpCachedResult.cpp in Sources */,
</span><span class="cx"> 14280842107EC0930013E7B2 /* RegExpConstructor.cpp in Sources */,
</span><span class="cx"> 8642C512151C083D0046D4EF /* RegExpMatchesArray.cpp in Sources */,
</span><span class="lines">@@ -7425,9 +7519,11 @@
</span><span class="cx"> 14E84FA014EE1ACC00D6D5D4 /* WeakSet.cpp in Sources */,
</span><span class="cx"> 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */,
</span><span class="cx"> 0FC8150B14043C0E00CFA603 /* WriteBarrierSupport.cpp in Sources */,
</span><ins>+ 0FE050271AA9095600D33B33 /* ScopedArguments.cpp in Sources */,
</ins><span class="cx"> 0F3B7E2A19A11B8000D9BC56 /* CallVariant.cpp in Sources */,
</span><span class="cx"> A7E5AB3A1799E4B200D2833D /* X86Disassembler.cpp in Sources */,
</span><span class="cx"> 863C6D9C1521111A00585E4E /* YarrCanonicalizeUCS2.cpp in Sources */,
</span><ins>+ 0FE0502F1AAA806900D33B33 /* ScopedArgumentsTable.cpp in Sources */,
</ins><span class="cx"> 86704B8412DBA33700A9FE7B /* YarrInterpreter.cpp in Sources */,
</span><span class="cx"> 86704B8612DBA33700A9FE7B /* YarrJIT.cpp in Sources */,
</span><span class="cx"> 86704B8912DBA33700A9FE7B /* YarrPattern.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreassemblerAbortReasonh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/assembler/AbortReason.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/assembler/AbortReason.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/assembler/AbortReason.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -57,6 +57,7 @@
</span><span class="cx"> DFGSlowPathGeneratorFellThrough = 210,
</span><span class="cx"> DFGUnreachableBasicBlock = 220,
</span><span class="cx"> DFGUnreasonableOSREntryJumpDestination = 230,
</span><ins>+ DFGVarargsThrowingPathDidNotThrow = 235,
</ins><span class="cx"> JITDivOperandsAreNotNumbers = 240,
</span><span class="cx"> JITGetByValResultIsNotEmpty = 250,
</span><span class="cx"> JITNotSupported = 260,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreassemblerAbstractMacroAssemblerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2012, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2012, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -205,6 +205,11 @@
</span><span class="cx"> RegisterID index;
</span><span class="cx"> Scale scale;
</span><span class="cx"> int32_t offset;
</span><ins>+
+ BaseIndex withOffset(int32_t additionalOffset)
+ {
+ return BaseIndex(base, index, scale, offset + additionalOffset);
+ }
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> // AbsoluteAddress:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeByValInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ByValInfo.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ByValInfo.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/ByValInfo.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -41,6 +41,8 @@
</span><span class="cx"> JITDouble,
</span><span class="cx"> JITContiguous,
</span><span class="cx"> JITArrayStorage,
</span><ins>+ JITDirectArguments,
+ JITScopedArguments,
</ins><span class="cx"> JITInt8Array,
</span><span class="cx"> JITInt16Array,
</span><span class="cx"> JITInt32Array,
</span><span class="lines">@@ -65,6 +67,17 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool hasOptimizableIndexingForJSType(JSType type)
+{
+ switch (type) {
+ case DirectArgumentsType:
+ case ScopedArgumentsType:
+ return true;
+ default:
+ return false;
+ }
+}
+
</ins><span class="cx"> inline bool hasOptimizableIndexingForClassInfo(const ClassInfo* classInfo)
</span><span class="cx"> {
</span><span class="cx"> return isTypedView(classInfo->typedArrayStorageType);
</span><span class="lines">@@ -73,6 +86,7 @@
</span><span class="cx"> inline bool hasOptimizableIndexing(Structure* structure)
</span><span class="cx"> {
</span><span class="cx"> return isOptimizableIndexingType(structure->indexingType())
</span><ins>+ || hasOptimizableIndexingForJSType(structure->typeInfo().type())
</ins><span class="cx"> || hasOptimizableIndexingForClassInfo(structure->classInfo());
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -93,6 +107,19 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline JITArrayMode jitArrayModeForJSType(JSType type)
+{
+ switch (type) {
+ case DirectArgumentsType:
+ return JITDirectArguments;
+ case ScopedArgumentsType:
+ return JITScopedArguments;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ return JITContiguous;
+ }
+}
+
</ins><span class="cx"> inline JITArrayMode jitArrayModeForClassInfo(const ClassInfo* classInfo)
</span><span class="cx"> {
</span><span class="cx"> switch (classInfo->typedArrayStorageType) {
</span><span class="lines">@@ -120,6 +147,19 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool jitArrayModePermitsPut(JITArrayMode mode)
+{
+ switch (mode) {
+ case JITDirectArguments:
+ case JITScopedArguments:
+ // We could support put_by_val on these at some point, but it's just not that profitable
+ // at the moment.
+ return false;
+ default:
+ return true;
+ }
+}
+
</ins><span class="cx"> inline TypedArrayType typedArrayTypeForJITArrayMode(JITArrayMode mode)
</span><span class="cx"> {
</span><span class="cx"> switch (mode) {
</span><span class="lines">@@ -152,6 +192,9 @@
</span><span class="cx"> if (isOptimizableIndexingType(structure->indexingType()))
</span><span class="cx"> return jitArrayModeForIndexingType(structure->indexingType());
</span><span class="cx">
</span><ins>+ if (hasOptimizableIndexingForJSType(structure->typeInfo().type()))
+ return jitArrayModeForJSType(structure->typeInfo().type());
+
</ins><span class="cx"> ASSERT(hasOptimizableIndexingForClassInfo(structure->classInfo()));
</span><span class="cx"> return jitArrayModeForClassInfo(structure->classInfo());
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeBytecodeKillsh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/bytecode/BytecodeKills.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/BytecodeKills.h (rev 0)
+++ trunk/Source/JavaScriptCore/bytecode/BytecodeKills.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,180 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BytecodeKills_h
+#define BytecodeKills_h
+
+#include "CodeBlock.h"
+#include <wtf/FastBitVector.h>
+
+namespace JSC {
+
+class BytecodeLivenessAnalysis;
+
+class BytecodeKills {
+public:
+ BytecodeKills()
+ : m_codeBlock(nullptr)
+ {
+ }
+
+ // By convention, we say that non-local operands are never killed.
+ bool operandIsKilled(unsigned bytecodeIndex, int operand) const
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(bytecodeIndex < m_codeBlock->instructions().size());
+ VirtualRegister reg(operand);
+ if (reg.isLocal())
+ return m_killSets[bytecodeIndex].contains(operand);
+ return false;
+ }
+
+ bool operandIsKilled(Instruction* instruction, int operand) const
+ {
+ return operandIsKilled(instruction - m_codeBlock->instructions().begin(), operand);
+ }
+
+ template<typename Functor>
+ void forEachOperandKilledAt(unsigned bytecodeIndex, const Functor& functor) const
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(bytecodeIndex < m_codeBlock->instructions().size());
+ m_killSets[bytecodeIndex].forEachLocal(
+ [&] (unsigned local) {
+ functor(virtualRegisterForLocal(local));
+ });
+ }
+
+ template<typename Functor>
+ void forEachOperandKilledAt(Instruction* pc, const Functor& functor) const
+ {
+ forEachOperandKilledAt(pc - m_codeBlock->instructions().begin(), functor);
+ }
+
+private:
+ friend class BytecodeLivenessAnalysis;
+
+ class KillSet {
+ public:
+ KillSet()
+ : m_word(0)
+ {
+ }
+
+ ~KillSet()
+ {
+ if (hasVector())
+ delete vector();
+ }
+
+ void add(unsigned local)
+ {
+ if (isEmpty()) {
+ setOneItem(local);
+ return;
+ }
+ if (hasOneItem()) {
+ ASSERT(oneItem() != local);
+ Vector<unsigned>* vector = new Vector<unsigned>();
+ vector->append(oneItem());
+ vector->append(local);
+ setVector(vector);
+ return;
+ }
+ ASSERT(!vector()->contains(local));
+ vector()->append(local);
+ }
+
+ template<typename Functor>
+ void forEachLocal(const Functor& functor)
+ {
+ if (isEmpty())
+ return;
+ if (hasOneItem()) {
+ functor(oneItem());
+ return;
+ }
+ for (unsigned local : *vector())
+ functor(local);
+ }
+
+ bool contains(unsigned expectedLocal)
+ {
+ if (isEmpty())
+ return false;
+ if (hasOneItem())
+ return oneItem() == expectedLocal;
+ for (unsigned local : *vector()) {
+ if (local == expectedLocal)
+ return true;
+ }
+ return false;
+ }
+
+ private:
+ bool isEmpty() const
+ {
+ return !m_word;
+ }
+
+ bool hasOneItem() const
+ {
+ return m_word & 1;
+ }
+
+ unsigned oneItem() const
+ {
+ return m_word >> 1;
+ }
+
+ void setOneItem(unsigned value)
+ {
+ m_word = (value << 1) | 1;
+ }
+
+ bool hasVector() const
+ {
+ return !isEmpty() && !hasOneItem();
+ }
+
+ Vector<unsigned>* vector()
+ {
+ return bitwise_cast<Vector<unsigned>*>(m_word);
+ }
+
+ void setVector(Vector<unsigned>* value)
+ {
+ m_word = bitwise_cast<uintptr_t>(value);
+ }
+
+ uintptr_t m_word;
+ };
+
+ CodeBlock* m_codeBlock;
+ std::unique_ptr<KillSet[]> m_killSets;
+};
+
+} // namespace JSC
+
+#endif // BytecodeKills_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeBytecodeListjson"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/BytecodeList.json (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/BytecodeList.json 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/BytecodeList.json 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -7,8 +7,9 @@
</span><span class="cx"> { "name" : "op_create_lexical_environment", "length" : 3 },
</span><span class="cx"> { "name" : "op_get_scope", "length" : 2 },
</span><span class="cx"> { "name" : "op_touch_entry", "length" : 1 },
</span><del>- { "name" : "op_init_lazy_reg", "length" : 2 },
- { "name" : "op_create_arguments", "length" : 3 },
</del><ins>+ { "name" : "op_create_direct_arguments", "length" : 2 },
+ { "name" : "op_create_scoped_arguments", "length" : 3 },
+ { "name" : "op_create_out_of_band_arguments", "length" : 2 },
</ins><span class="cx"> { "name" : "op_create_this", "length" : 4 },
</span><span class="cx"> { "name" : "op_to_this", "length" : 4 },
</span><span class="cx"> { "name" : "op_check_tdz", "length" : 2 },
</span><span class="lines">@@ -61,7 +62,6 @@
</span><span class="cx"> { "name" : "op_get_by_id", "length" : 9 },
</span><span class="cx"> { "name" : "op_get_by_id_out_of_line", "length" : 9 },
</span><span class="cx"> { "name" : "op_get_array_length", "length" : 9 },
</span><del>- { "name" : "op_get_arguments_length", "length" : 4 },
</del><span class="cx"> { "name" : "op_put_by_id", "length" : 9 },
</span><span class="cx"> { "name" : "op_put_by_id_out_of_line", "length" : 9 },
</span><span class="cx"> { "name" : "op_put_by_id_transition_direct", "length" : 9 },
</span><span class="lines">@@ -70,7 +70,6 @@
</span><span class="cx"> { "name" : "op_put_by_id_transition_normal_out_of_line", "length" : 9 },
</span><span class="cx"> { "name" : "op_del_by_id", "length" : 4 },
</span><span class="cx"> { "name" : "op_get_by_val", "length" : 6 },
</span><del>- { "name" : "op_get_argument_by_val", "length" : 7 },
</del><span class="cx"> { "name" : "op_put_by_val", "length" : 5 },
</span><span class="cx"> { "name" : "op_put_by_val_direct", "length" : 5 },
</span><span class="cx"> { "name" : "op_del_by_val", "length" : 4 },
</span><span class="lines">@@ -94,12 +93,11 @@
</span><span class="cx"> { "name" : "op_switch_imm", "length" : 4 },
</span><span class="cx"> { "name" : "op_switch_char", "length" : 4 },
</span><span class="cx"> { "name" : "op_switch_string", "length" : 4 },
</span><del>- { "name" : "op_new_func", "length" : 5 },
</del><ins>+ { "name" : "op_new_func", "length" : 4 },
</ins><span class="cx"> { "name" : "op_new_func_exp", "length" : 4 },
</span><span class="cx"> { "name" : "op_call", "length" : 9 },
</span><span class="cx"> { "name" : "op_call_eval", "length" : 9 },
</span><span class="cx"> { "name" : "op_call_varargs", "length" : 9 },
</span><del>- { "name" : "op_tear_off_arguments", "length" : 3 },
</del><span class="cx"> { "name" : "op_ret", "length" : 2 },
</span><span class="cx"> { "name" : "op_construct", "length" : 9 },
</span><span class="cx"> { "name" : "op_construct_varargs", "length" : 9 },
</span><span class="lines">@@ -108,6 +106,8 @@
</span><span class="cx"> { "name" : "op_resolve_scope", "length" : 7 },
</span><span class="cx"> { "name" : "op_get_from_scope", "length" : 8 },
</span><span class="cx"> { "name" : "op_put_to_scope", "length" : 7 },
</span><ins>+ { "name" : "op_get_from_arguments", "length" : 5 },
+ { "name" : "op_put_to_arguments", "length" : 4 },
</ins><span class="cx"> { "name" : "op_push_with_scope", "length" : 3 },
</span><span class="cx"> { "name" : "op_pop_scope", "length" : 2 },
</span><span class="cx"> { "name" : "op_push_name_scope", "length" : 5 },
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeBytecodeLivenessAnalysiscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "BytecodeLivenessAnalysis.h"
</span><span class="cx">
</span><ins>+#include "BytecodeKills.h"
</ins><span class="cx"> #include "BytecodeLivenessAnalysisInlines.h"
</span><span class="cx"> #include "BytecodeUseDef.h"
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="lines">@@ -47,26 +48,9 @@
</span><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> VirtualRegister virtualReg(operand);
</span><del>- if (!virtualReg.isLocal())
- return false;
-
- if (codeBlock->captureCount()
- && operand <= codeBlock->captureStart()
- && operand > codeBlock->captureEnd())
- return false;
-
- return true;
</del><ins>+ return virtualReg.isLocal();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-static unsigned indexForOperand(CodeBlock* codeBlock, int operand)
-{
- ASSERT(isValidRegisterForLiveness(codeBlock, operand));
- VirtualRegister virtualReg(operand);
- if (virtualReg.offset() > codeBlock->captureStart())
- return virtualReg.toLocal();
- return virtualReg.toLocal() - codeBlock->captureCount();
-}
-
</del><span class="cx"> static unsigned getLeaderOffsetForBasicBlock(RefPtr<BytecodeBasicBlock>* basicBlock)
</span><span class="cx"> {
</span><span class="cx"> return (*basicBlock)->leaderBytecodeOffset();
</span><span class="lines">@@ -135,14 +119,14 @@
</span><span class="cx"> codeBlock, bytecodeOffset,
</span><span class="cx"> [&] (CodeBlock* codeBlock, Instruction*, OpcodeID, int operand) {
</span><span class="cx"> if (isValidRegisterForLiveness(codeBlock, operand))
</span><del>- def(indexForOperand(codeBlock, operand));
</del><ins>+ def(VirtualRegister(operand).toLocal());
</ins><span class="cx"> });
</span><del>-
</del><ins>+
</ins><span class="cx"> computeUsesForBytecodeOffset(
</span><span class="cx"> codeBlock, bytecodeOffset,
</span><span class="cx"> [&] (CodeBlock* codeBlock, Instruction*, OpcodeID, int operand) {
</span><span class="cx"> if (isValidRegisterForLiveness(codeBlock, operand))
</span><del>- use(indexForOperand(codeBlock, operand));
</del><ins>+ use(VirtualRegister(operand).toLocal());
</ins><span class="cx"> });
</span><span class="cx">
</span><span class="cx"> // If we have an exception handler, we want the live-in variables of the
</span><span class="lines">@@ -196,8 +180,7 @@
</span><span class="cx"> void BytecodeLivenessAnalysis::runLivenessFixpoint()
</span><span class="cx"> {
</span><span class="cx"> UnlinkedCodeBlock* unlinkedCodeBlock = m_codeBlock->unlinkedCodeBlock();
</span><del>- unsigned numberOfVariables =
- unlinkedCodeBlock->m_numCalleeRegisters - m_codeBlock->captureCount();
</del><ins>+ unsigned numberOfVariables = unlinkedCodeBlock->m_numCalleeRegisters;
</ins><span class="cx">
</span><span class="cx"> for (unsigned i = 0; i < m_basicBlocks.size(); i++) {
</span><span class="cx"> BytecodeBasicBlock* block = m_basicBlocks[i].get();
</span><span class="lines">@@ -212,7 +195,7 @@
</span><span class="cx"> newOut.resize(m_basicBlocks.last()->out().numBits());
</span><span class="cx"> do {
</span><span class="cx"> changed = false;
</span><del>- for (int i = m_basicBlocks.size() - 2; i >= 0; i--) {
</del><ins>+ for (unsigned i = m_basicBlocks.size() - 1; i--;) {
</ins><span class="cx"> BytecodeBasicBlock* block = m_basicBlocks[i].get();
</span><span class="cx"> newOut.clearAll();
</span><span class="cx"> for (unsigned j = 0; j < block->successors().size(); j++)
</span><span class="lines">@@ -224,7 +207,7 @@
</span><span class="cx"> } while (changed);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void BytecodeLivenessAnalysis::getLivenessInfoForNonCapturedVarsAtBytecodeOffset(unsigned bytecodeOffset, FastBitVector& result)
</del><ins>+void BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset(unsigned bytecodeOffset, FastBitVector& result)
</ins><span class="cx"> {
</span><span class="cx"> BytecodeBasicBlock* block = findBasicBlockForBytecodeOffset(m_basicBlocks, bytecodeOffset);
</span><span class="cx"> ASSERT(block);
</span><span class="lines">@@ -236,57 +219,24 @@
</span><span class="cx">
</span><span class="cx"> bool BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset(int operand, unsigned bytecodeOffset)
</span><span class="cx"> {
</span><del>- if (operandIsAlwaysLive(m_codeBlock, operand))
</del><ins>+ if (operandIsAlwaysLive(operand))
</ins><span class="cx"> return true;
</span><span class="cx"> FastBitVector result;
</span><del>- getLivenessInfoForNonCapturedVarsAtBytecodeOffset(bytecodeOffset, result);
- return operandThatIsNotAlwaysLiveIsLive(m_codeBlock, result, operand);
</del><ins>+ getLivenessInfoAtBytecodeOffset(bytecodeOffset, result);
+ return operandThatIsNotAlwaysLiveIsLive(result, operand);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-FastBitVector getLivenessInfo(CodeBlock* codeBlock, const FastBitVector& out)
-{
- FastBitVector result;
-
- unsigned numCapturedVars = codeBlock->captureCount();
- if (numCapturedVars) {
- int firstCapturedLocal = VirtualRegister(codeBlock->captureStart()).toLocal();
- result.resize(out.numBits() + numCapturedVars);
- for (unsigned i = 0; i < numCapturedVars; ++i)
- result.set(firstCapturedLocal + i);
- } else
- result.resize(out.numBits());
-
- int outLength = out.numBits();
- ASSERT(outLength >= 0);
- for (int i = 0; i < outLength; i++) {
- if (!out.get(i))
- continue;
-
- if (!numCapturedVars) {
- result.set(i);
- continue;
- }
-
- if (virtualRegisterForLocal(i).offset() > codeBlock->captureStart())
- result.set(i);
- else
- result.set(numCapturedVars + i);
- }
- return result;
-}
-
</del><span class="cx"> FastBitVector BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset(unsigned bytecodeOffset)
</span><span class="cx"> {
</span><span class="cx"> FastBitVector out;
</span><del>- getLivenessInfoForNonCapturedVarsAtBytecodeOffset(bytecodeOffset, out);
- return getLivenessInfo(m_codeBlock, out);
</del><ins>+ getLivenessInfoAtBytecodeOffset(bytecodeOffset, out);
+ return out;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void BytecodeLivenessAnalysis::computeFullLiveness(FullBytecodeLiveness& result)
</span><span class="cx"> {
</span><span class="cx"> FastBitVector out;
</span><span class="cx">
</span><del>- result.m_codeBlock = m_codeBlock;
</del><span class="cx"> result.m_map.clear();
</span><span class="cx">
</span><span class="cx"> for (unsigned i = m_basicBlocks.size(); i--;) {
</span><span class="lines">@@ -304,6 +254,39 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void BytecodeLivenessAnalysis::computeKills(BytecodeKills& result)
+{
+ FastBitVector out;
+
+ result.m_codeBlock = m_codeBlock;
+ result.m_killSets = std::make_unique<BytecodeKills::KillSet[]>(m_codeBlock->instructions().size());
+
+ for (unsigned i = m_basicBlocks.size(); i--;) {
+ BytecodeBasicBlock* block = m_basicBlocks[i].get();
+ if (block->isEntryBlock() || block->isExitBlock())
+ continue;
+
+ out = block->out();
+
+ for (unsigned i = block->bytecodeOffsets().size(); i--;) {
+ unsigned bytecodeOffset = block->bytecodeOffsets()[i];
+ stepOverInstruction(
+ m_codeBlock, m_basicBlocks, bytecodeOffset,
+ [&] (unsigned index) {
+ // This is for uses.
+ if (out.get(index))
+ return;
+ result.m_killSets[bytecodeOffset].add(index);
+ out.set(index);
+ },
+ [&] (unsigned index) {
+ // This is for defs.
+ out.clear(index);
+ });
+ }
+ }
+}
+
</ins><span class="cx"> void BytecodeLivenessAnalysis::dumpResults()
</span><span class="cx"> {
</span><span class="cx"> Interpreter* interpreter = m_codeBlock->vm()->interpreter;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeBytecodeLivenessAnalysish"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+class BytecodeKills;
</ins><span class="cx"> class CodeBlock;
</span><span class="cx"> class FullBytecodeLiveness;
</span><span class="cx">
</span><span class="lines">@@ -44,24 +45,23 @@
</span><span class="cx"> FastBitVector getLivenessInfoAtBytecodeOffset(unsigned bytecodeOffset);
</span><span class="cx">
</span><span class="cx"> void computeFullLiveness(FullBytecodeLiveness& result);
</span><ins>+ void computeKills(BytecodeKills& result);
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> void compute();
</span><span class="cx"> void runLivenessFixpoint();
</span><span class="cx"> void dumpResults();
</span><span class="cx">
</span><del>- void getLivenessInfoForNonCapturedVarsAtBytecodeOffset(unsigned bytecodeOffset, FastBitVector&);
</del><ins>+ void getLivenessInfoAtBytecodeOffset(unsigned bytecodeOffset, FastBitVector&);
</ins><span class="cx">
</span><span class="cx"> CodeBlock* m_codeBlock;
</span><span class="cx"> Vector<RefPtr<BytecodeBasicBlock> > m_basicBlocks;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-inline bool operandIsAlwaysLive(CodeBlock*, int operand);
-inline bool operandThatIsNotAlwaysLiveIsLive(CodeBlock*, const FastBitVector& out, int operand);
-inline bool operandIsLive(CodeBlock*, const FastBitVector& out, int operand);
</del><ins>+inline bool operandIsAlwaysLive(int operand);
+inline bool operandThatIsNotAlwaysLiveIsLive(const FastBitVector& out, int operand);
+inline bool operandIsLive(const FastBitVector& out, int operand);
</ins><span class="cx">
</span><del>-FastBitVector getLivenessInfo(CodeBlock*, const FastBitVector& out);
-
</del><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // BytecodeLivenessAnalysis_h
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeBytecodeLivenessAnalysisInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysisInlines.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysisInlines.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysisInlines.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,27 +32,22 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-inline bool operandIsAlwaysLive(CodeBlock* codeBlock, int operand)
</del><ins>+inline bool operandIsAlwaysLive(int operand)
</ins><span class="cx"> {
</span><del>- if (VirtualRegister(operand).isArgument())
- return true;
- return operand <= codeBlock->captureStart() && operand > codeBlock->captureEnd();
</del><ins>+ return !VirtualRegister(operand).isLocal();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool operandThatIsNotAlwaysLiveIsLive(CodeBlock* codeBlock, const FastBitVector& out, int operand)
</del><ins>+inline bool operandThatIsNotAlwaysLiveIsLive(const FastBitVector& out, int operand)
</ins><span class="cx"> {
</span><del>- VirtualRegister virtualReg(operand);
- if (virtualReg.offset() > codeBlock->captureStart())
- return out.get(virtualReg.toLocal());
- size_t index = virtualReg.toLocal() - codeBlock->captureCount();
- if (index >= out.numBits())
</del><ins>+ unsigned local = VirtualRegister(operand).toLocal();
+ if (local >= out.numBits())
</ins><span class="cx"> return false;
</span><del>- return out.get(index);
</del><ins>+ return out.get(local);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool operandIsLive(CodeBlock* codeBlock, const FastBitVector& out, int operand)
</del><ins>+inline bool operandIsLive(const FastBitVector& out, int operand)
</ins><span class="cx"> {
</span><del>- return operandIsAlwaysLive(codeBlock, operand) || operandThatIsNotAlwaysLiveIsLive(codeBlock, out, operand);
</del><ins>+ return operandIsAlwaysLive(operand) || operandThatIsNotAlwaysLiveIsLive(out, operand);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeBytecodeUseDefh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -48,11 +48,12 @@
</span><span class="cx"> case op_loop_hint:
</span><span class="cx"> case op_jmp:
</span><span class="cx"> case op_new_object:
</span><del>- case op_init_lazy_reg:
</del><span class="cx"> case op_enter:
</span><span class="cx"> case op_catch:
</span><span class="cx"> case op_touch_entry:
</span><span class="cx"> case op_profile_control_flow:
</span><ins>+ case op_create_direct_arguments:
+ case op_create_out_of_band_arguments:
</ins><span class="cx"> return;
</span><span class="cx"> case op_get_scope:
</span><span class="cx"> case op_to_this:
</span><span class="lines">@@ -73,8 +74,6 @@
</span><span class="cx"> functor(codeBlock, instruction, opcodeID, instruction[1].u.operand);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- case op_create_arguments:
- case op_new_func:
</del><span class="cx"> case op_jlesseq:
</span><span class="cx"> case op_jgreater:
</span><span class="cx"> case op_jgreatereq:
</span><span class="lines">@@ -101,7 +100,8 @@
</span><span class="cx"> case op_put_by_id_transition_normal_out_of_line:
</span><span class="cx"> case op_put_by_id_out_of_line:
</span><span class="cx"> case op_put_by_id:
</span><del>- case op_put_to_scope: {
</del><ins>+ case op_put_to_scope:
+ case op_put_to_arguments: {
</ins><span class="cx"> functor(codeBlock, instruction, opcodeID, instruction[1].u.operand);
</span><span class="cx"> functor(codeBlock, instruction, opcodeID, instruction[3].u.operand);
</span><span class="cx"> return;
</span><span class="lines">@@ -127,7 +127,6 @@
</span><span class="cx"> case op_get_by_id:
</span><span class="cx"> case op_get_by_id_out_of_line:
</span><span class="cx"> case op_get_array_length:
</span><del>- case op_get_arguments_length:
</del><span class="cx"> case op_typeof:
</span><span class="cx"> case op_is_undefined:
</span><span class="cx"> case op_is_boolean:
</span><span class="lines">@@ -145,7 +144,10 @@
</span><span class="cx"> case op_new_array_with_size:
</span><span class="cx"> case op_create_this:
</span><span class="cx"> case op_del_by_id:
</span><del>- case op_unsigned: {
</del><ins>+ case op_unsigned:
+ case op_new_func:
+ case op_create_scoped_arguments:
+ case op_get_from_arguments: {
</ins><span class="cx"> functor(codeBlock, instruction, opcodeID, instruction[2].u.operand);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="lines">@@ -182,7 +184,6 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> case op_has_structure_property:
</span><del>- case op_get_argument_by_val:
</del><span class="cx"> case op_construct_varargs:
</span><span class="cx"> case op_call_varargs: {
</span><span class="cx"> functor(codeBlock, instruction, opcodeID, instruction[2].u.operand);
</span><span class="lines">@@ -222,12 +223,6 @@
</span><span class="cx"> functor(codeBlock, instruction, opcodeID, lastArg + i);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- case op_tear_off_arguments: {
- functor(codeBlock, instruction, opcodeID, instruction[1].u.operand);
- functor(codeBlock, instruction, opcodeID, unmodifiedArgumentsRegister(VirtualRegister(instruction[1].u.operand)).offset());
- functor(codeBlock, instruction, opcodeID, instruction[2].u.operand);
- return;
- }
</del><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> break;
</span><span class="lines">@@ -281,10 +276,10 @@
</span><span class="cx"> case op_put_by_val:
</span><span class="cx"> case op_put_by_val_direct:
</span><span class="cx"> case op_put_by_index:
</span><del>- case op_tear_off_arguments:
</del><span class="cx"> case op_profile_type:
</span><span class="cx"> case op_profile_control_flow:
</span><span class="cx"> case op_touch_entry:
</span><ins>+ case op_put_to_arguments:
</ins><span class="cx"> #define LLINT_HELPER_OPCODES(opcode, length) case opcode:
</span><span class="cx"> FOR_EACH_LLINT_OPCODE_EXTENSION(LLINT_HELPER_OPCODES);
</span><span class="cx"> #undef LLINT_HELPER_OPCODES
</span><span class="lines">@@ -325,8 +320,6 @@
</span><span class="cx"> case op_check_has_instance:
</span><span class="cx"> case op_instanceof:
</span><span class="cx"> case op_get_by_val:
</span><del>- case op_get_argument_by_val:
- case op_get_arguments_length:
</del><span class="cx"> case op_typeof:
</span><span class="cx"> case op_is_undefined:
</span><span class="cx"> case op_is_boolean:
</span><span class="lines">@@ -366,12 +359,14 @@
</span><span class="cx"> case op_new_object:
</span><span class="cx"> case op_to_this:
</span><span class="cx"> case op_check_tdz:
</span><del>- case op_init_lazy_reg:
</del><span class="cx"> case op_get_scope:
</span><del>- case op_create_arguments:
</del><ins>+ case op_create_direct_arguments:
+ case op_create_scoped_arguments:
+ case op_create_out_of_band_arguments:
</ins><span class="cx"> case op_del_by_id:
</span><span class="cx"> case op_del_by_val:
</span><del>- case op_unsigned: {
</del><ins>+ case op_unsigned:
+ case op_get_from_arguments: {
</ins><span class="cx"> functor(codeBlock, instruction, opcodeID, instruction[1].u.operand);
</span><span class="cx"> return;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -569,17 +569,6 @@
</span><span class="cx"> static_cast<unsigned long>(instructions().size()),
</span><span class="cx"> static_cast<unsigned long>(instructions().size() * sizeof(Instruction)),
</span><span class="cx"> m_numParameters, m_numCalleeRegisters, m_numVars);
</span><del>- if (symbolTable() && symbolTable()->captureCount()) {
- out.printf(
- "; %d captured var(s) (from r%d to r%d, inclusive)",
- symbolTable()->captureCount(), symbolTable()->captureStart(), symbolTable()->captureEnd() + 1);
- }
- if (usesArguments()) {
- out.printf(
- "; uses arguments, in r%d, r%d",
- argumentsRegister().offset(),
- unmodifiedArgumentsRegister(argumentsRegister()).offset());
- }
</del><span class="cx"> if (needsActivation() && codeType() == FunctionCode)
</span><span class="cx"> out.printf("; lexical environment in r%d", activationRegister().offset());
</span><span class="cx"> out.printf("\n");
</span><span class="lines">@@ -752,7 +741,7 @@
</span><span class="cx"> int r0 = (++it)->u.operand;
</span><span class="cx"> int r1 = (++it)->u.operand;
</span><span class="cx"> printLocationAndOp(out, exec, location, it, "create_lexical_environment");
</span><del>- out.printf("%s %s", registerName(r0).data(), registerName(r1).data());
</del><ins>+ out.printf("%s, %s", registerName(r0).data(), registerName(r1).data());
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case op_get_scope: {
</span><span class="lines">@@ -760,16 +749,23 @@
</span><span class="cx"> printLocationOpAndRegisterOperand(out, exec, location, it, "get_scope", r0);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>- case op_create_arguments: {
</del><ins>+ case op_create_direct_arguments: {
</ins><span class="cx"> int r0 = (++it)->u.operand;
</span><ins>+ printLocationAndOp(out, exec, location, it, "create_direct_arguments");
+ out.printf("%s", registerName(r0).data());
+ break;
+ }
+ case op_create_scoped_arguments: {
+ int r0 = (++it)->u.operand;
</ins><span class="cx"> int r1 = (++it)->u.operand;
</span><del>- printLocationAndOp(out, exec, location, it, "create_arguments");
- out.printf("%s %s", registerName(r0).data(), registerName(r1).data());
</del><ins>+ printLocationAndOp(out, exec, location, it, "create_scoped_arguments");
+ out.printf("%s, %s", registerName(r0).data(), registerName(r1).data());
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><del>- case op_init_lazy_reg: {
</del><ins>+ case op_create_out_of_band_arguments: {
</ins><span class="cx"> int r0 = (++it)->u.operand;
</span><del>- printLocationOpAndRegisterOperand(out, exec, location, it, "init_lazy_reg", r0);
</del><ins>+ printLocationAndOp(out, exec, location, it, "create_out_of_band_arguments");
+ out.printf("%s", registerName(r0).data());
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case op_create_this: {
</span><span class="lines">@@ -785,8 +781,8 @@
</span><span class="cx"> printLocationOpAndRegisterOperand(out, exec, location, it, "to_this", r0);
</span><span class="cx"> Structure* structure = (++it)->u.structure.get();
</span><span class="cx"> if (structure)
</span><del>- out.print(" cache(struct = ", RawPointer(structure), ")");
- out.print(" ", (++it)->u.toThisStatus);
</del><ins>+ out.print(", cache(struct = ", RawPointer(structure), ")");
+ out.print(", ", (++it)->u.toThisStatus);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case op_check_tdz: {
</span><span class="lines">@@ -1041,10 +1037,10 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case op_init_global_const: {
</span><del>- WriteBarrier<Unknown>* registerPointer = (++it)->u.registerPointer;
</del><ins>+ WriteBarrier<Unknown>* variablePointer = (++it)->u.variablePointer;
</ins><span class="cx"> int r0 = (++it)->u.operand;
</span><span class="cx"> printLocationAndOp(out, exec, location, it, "init_global_const");
</span><del>- out.printf("g%d(%p), %s", m_globalObject->findRegisterIndex(registerPointer), registerPointer, registerName(r0).data());
</del><ins>+ out.printf("g%d(%p), %s", m_globalObject->findVariableIndex(variablePointer).offset(), variablePointer, registerName(r0).data());
</ins><span class="cx"> it++;
</span><span class="cx"> it++;
</span><span class="cx"> break;
</span><span class="lines">@@ -1057,11 +1053,6 @@
</span><span class="cx"> dumpValueProfiling(out, it, hasPrintedProfiling);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>- case op_get_arguments_length: {
- printUnaryOp(out, exec, location, it, "get_arguments_length");
- it++;
- break;
- }
</del><span class="cx"> case op_put_by_id: {
</span><span class="cx"> printPutByIdOp(out, exec, location, it, "put_by_id");
</span><span class="cx"> printPutByIdCacheStatus(out, exec, location, stubInfos);
</span><span class="lines">@@ -1119,17 +1110,6 @@
</span><span class="cx"> dumpValueProfiling(out, it, hasPrintedProfiling);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>- case op_get_argument_by_val: {
- int r0 = (++it)->u.operand;
- int r1 = (++it)->u.operand;
- int r2 = (++it)->u.operand;
- int r3 = (++it)->u.operand;
- printLocationAndOp(out, exec, location, it, "get_argument_by_val");
- out.printf("%s, %s, %s, %s", registerName(r0).data(), registerName(r1).data(), registerName(r2).data(), registerName(r3).data());
- ++it;
- dumpValueProfiling(out, it, hasPrintedProfiling);
- break;
- }
</del><span class="cx"> case op_put_by_val: {
</span><span class="cx"> int r0 = (++it)->u.operand;
</span><span class="cx"> int r1 = (++it)->u.operand;
</span><span class="lines">@@ -1290,9 +1270,8 @@
</span><span class="cx"> int r0 = (++it)->u.operand;
</span><span class="cx"> int r1 = (++it)->u.operand;
</span><span class="cx"> int f0 = (++it)->u.operand;
</span><del>- int shouldCheck = (++it)->u.operand;
</del><span class="cx"> printLocationAndOp(out, exec, location, it, "new_func");
</span><del>- out.printf("%s, %s, f%d, %s", registerName(r0).data(), registerName(r1).data(), f0, shouldCheck ? "<Checked>" : "<Unchecked>");
</del><ins>+ out.printf("%s, %s, f%d", registerName(r0).data(), registerName(r1).data(), f0);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case op_new_func_exp: {
</span><span class="lines">@@ -1327,13 +1306,6 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case op_tear_off_arguments: {
- int r0 = (++it)->u.operand;
- int r1 = (++it)->u.operand;
- printLocationAndOp(out, exec, location, it, "tear_off_arguments");
- out.printf("%s, %s", registerName(r0).data(), registerName(r1).data());
- break;
- }
</del><span class="cx"> case op_ret: {
</span><span class="cx"> int r0 = (++it)->u.operand;
</span><span class="cx"> printLocationOpAndRegisterOperand(out, exec, location, it, "ret", r0);
</span><span class="lines">@@ -1522,12 +1494,14 @@
</span><span class="cx"> ResolveModeAndType modeAndType = ResolveModeAndType((++it)->u.operand);
</span><span class="cx"> ++it; // Structure
</span><span class="cx"> int operand = (++it)->u.operand; // Operand
</span><del>- ++it; // Skip value profile.
</del><span class="cx"> printLocationAndOp(out, exec, location, it, "get_from_scope");
</span><del>- out.printf("%s, %s, %s, %u<%s|%s>, <structure>, %d",
- registerName(r0).data(), registerName(r1).data(), idName(id0, identifier(id0)).data(),
- modeAndType.operand(), resolveModeName(modeAndType.mode()), resolveTypeName(modeAndType.type()),
- operand);
</del><ins>+ out.print(registerName(r0), ", ", registerName(r1));
+ if (static_cast<unsigned>(id0) == UINT_MAX)
+ out.print(", anonymous");
+ else
+ out.print(", ", idName(id0, identifier(id0)));
+ out.print(", ", modeAndType.operand(), "<", resolveModeName(modeAndType.mode()), "|", resolveTypeName(modeAndType.type()), ">, ", operand);
+ dumpValueProfiling(out, it, hasPrintedProfiling);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case op_put_to_scope: {
</span><span class="lines">@@ -1538,12 +1512,31 @@
</span><span class="cx"> ++it; // Structure
</span><span class="cx"> int operand = (++it)->u.operand; // Operand
</span><span class="cx"> printLocationAndOp(out, exec, location, it, "put_to_scope");
</span><del>- out.printf("%s, %s, %s, %u<%s|%s>, <structure>, %d",
- registerName(r0).data(), idName(id0, identifier(id0)).data(), registerName(r1).data(),
- modeAndType.operand(), resolveModeName(modeAndType.mode()), resolveTypeName(modeAndType.type()),
- operand);
</del><ins>+ out.print(registerName(r0));
+ if (static_cast<unsigned>(id0) == UINT_MAX)
+ out.print(", anonymous");
+ else
+ out.print(", ", idName(id0, identifier(id0)));
+ out.print(", ", registerName(r1), ", ", modeAndType.operand(), "<", resolveModeName(modeAndType.mode()), "|", resolveTypeName(modeAndType.type()), ">, <structure>, ", operand);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+ case op_get_from_arguments: {
+ int r0 = (++it)->u.operand;
+ int r1 = (++it)->u.operand;
+ int offset = (++it)->u.operand;
+ printLocationAndOp(out, exec, location, it, "get_from_arguments");
+ out.printf("%s, %s, %d", registerName(r0).data(), registerName(r1).data(), offset);
+ dumpValueProfiling(out, it, hasPrintedProfiling);
+ break;
+ }
+ case op_put_to_arguments: {
+ int r0 = (++it)->u.operand;
+ int offset = (++it)->u.operand;
+ int r1 = (++it)->u.operand;
+ printLocationAndOp(out, exec, location, it, "put_to_arguments");
+ out.printf("%s, %d, %s", registerName(r0).data(), offset, registerName(r1).data());
+ break;
+ }
</ins><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> }
</span><span class="lines">@@ -1639,7 +1632,6 @@
</span><span class="cx"> , m_instructions(other.m_instructions)
</span><span class="cx"> , m_thisRegister(other.m_thisRegister)
</span><span class="cx"> , m_scopeRegister(other.m_scopeRegister)
</span><del>- , m_argumentsRegister(other.m_argumentsRegister)
</del><span class="cx"> , m_lexicalEnvironmentRegister(other.m_lexicalEnvironmentRegister)
</span><span class="cx"> , m_isStrictMode(other.m_isStrictMode)
</span><span class="cx"> , m_needsActivation(other.m_needsActivation)
</span><span class="lines">@@ -1702,7 +1694,6 @@
</span><span class="cx"> , m_vm(unlinkedCodeBlock->vm())
</span><span class="cx"> , m_thisRegister(unlinkedCodeBlock->thisRegister())
</span><span class="cx"> , m_scopeRegister(unlinkedCodeBlock->scopeRegister())
</span><del>- , m_argumentsRegister(unlinkedCodeBlock->argumentsRegister())
</del><span class="cx"> , m_lexicalEnvironmentRegister(unlinkedCodeBlock->activationRegister())
</span><span class="cx"> , m_isStrictMode(unlinkedCodeBlock->isStrictMode())
</span><span class="cx"> , m_needsActivation(unlinkedCodeBlock->hasActivationRegister() && unlinkedCodeBlock->codeType() == FunctionCode)
</span><span class="lines">@@ -1731,8 +1722,8 @@
</span><span class="cx"> symbolTable->prepareForTypeProfiling(locker);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (codeType() == FunctionCode && symbolTable->captureCount()) {
- m_symbolTable.set(*m_vm, m_ownerExecutable.get(), symbolTable->cloneCapturedNames(*m_vm));
</del><ins>+ if (codeType() == FunctionCode && symbolTable->scopeSize()) {
+ m_symbolTable.set(*m_vm, m_ownerExecutable.get(), symbolTable->cloneScopePart(*m_vm));
</ins><span class="cx"> didCloneSymbolTable = true;
</span><span class="cx"> } else
</span><span class="cx"> m_symbolTable.set(*m_vm, m_ownerExecutable.get(), symbolTable);
</span><span class="lines">@@ -1849,8 +1840,7 @@
</span><span class="cx"> }
</span><span class="cx"> case op_call_varargs:
</span><span class="cx"> case op_construct_varargs:
</span><del>- case op_get_by_val:
- case op_get_argument_by_val: {
</del><ins>+ case op_get_by_val: {
</ins><span class="cx"> int arrayProfileIndex = pc[opLength - 2].u.operand;
</span><span class="cx"> m_arrayProfiles[arrayProfileIndex] = ArrayProfile(i);
</span><span class="cx">
</span><span class="lines">@@ -1858,7 +1848,8 @@
</span><span class="cx"> FALLTHROUGH;
</span><span class="cx"> }
</span><span class="cx"> case op_get_direct_pname:
</span><del>- case op_get_by_id: {
</del><ins>+ case op_get_by_id:
+ case op_get_from_arguments: {
</ins><span class="cx"> ValueProfile* profile = &m_valueProfiles[pc[opLength - 1].u.operand];
</span><span class="cx"> ASSERT(profile->m_bytecodeOffset == -1);
</span><span class="cx"> profile->m_bytecodeOffset = i;
</span><span class="lines">@@ -1928,7 +1919,7 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> instructions[i + 0] = vm()->interpreter->getOpcode(op_init_global_const);
</span><del>- instructions[i + 1] = &m_globalObject->registerAt(entry.getIndex());
</del><ins>+ instructions[i + 1] = &m_globalObject->variableAt(entry.varOffset().scopeOffset());
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1953,13 +1944,14 @@
</span><span class="cx">
</span><span class="cx"> // get_from_scope dst, scope, id, ResolveModeAndType, Structure, Operand
</span><span class="cx">
</span><del>- const Identifier& ident = identifier(pc[3].u.operand);
</del><span class="cx"> ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand);
</span><span class="cx"> if (modeAndType.type() == LocalClosureVar) {
</span><span class="cx"> instructions[i + 4] = ResolveModeAndType(modeAndType.mode(), ClosureVar).operand();
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ const Identifier& ident = identifier(pc[3].u.operand);
+
</ins><span class="cx"> ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), needsActivation(), scope, ident, Get, modeAndType.type());
</span><span class="cx">
</span><span class="cx"> instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand();
</span><span class="lines">@@ -1974,18 +1966,13 @@
</span><span class="cx">
</span><span class="cx"> case op_put_to_scope: {
</span><span class="cx"> // put_to_scope scope, id, value, ResolveModeAndType, Structure, Operand
</span><del>- const Identifier& ident = identifier(pc[2].u.operand);
-
</del><span class="cx"> ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand);
</span><span class="cx"> if (modeAndType.type() == LocalClosureVar) {
</span><del>- bool isWatchableVariable = pc[5].u.operand;
- if (!isWatchableVariable) {
- instructions[i + 5].u.watchpointSet = nullptr;
- break;
- }
- StringImpl* uid = ident.impl();
- RELEASE_ASSERT(didCloneSymbolTable);
- if (ident != m_vm->propertyNames->arguments) {
</del><ins>+ // Only do watching if the property we're putting to is not anonymous.
+ if (static_cast<unsigned>(pc[2].u.operand) != UINT_MAX) {
+ RELEASE_ASSERT(didCloneSymbolTable);
+ const Identifier& ident = identifier(pc[2].u.operand);
+ StringImpl* uid = ident.impl();
</ins><span class="cx"> ConcurrentJITLocker locker(m_symbolTable->m_lock);
</span><span class="cx"> SymbolTable::Map::iterator iter = m_symbolTable->find(locker, uid);
</span><span class="cx"> ASSERT(iter != m_symbolTable->end(locker));
</span><span class="lines">@@ -1996,6 +1983,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ const Identifier& ident = identifier(pc[2].u.operand);
+
</ins><span class="cx"> ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), needsActivation(), scope, ident, Put, modeAndType.type());
</span><span class="cx">
</span><span class="cx"> instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand();
</span><span class="lines">@@ -2064,8 +2053,8 @@
</span><span class="cx"> case ProfileTypeBytecodeHasGlobalID: {
</span><span class="cx"> symbolTable = m_symbolTable.get();
</span><span class="cx"> ConcurrentJITLocker locker(symbolTable->m_lock);
</span><del>- globalVariableID = symbolTable->uniqueIDForRegister(locker, profileRegister.offset(), *vm());
- globalTypeSet = symbolTable->globalTypeSetForRegister(locker, profileRegister.offset(), *vm());
</del><ins>+ globalVariableID = symbolTable->uniqueIDForOffset(locker, VarOffset(profileRegister), *vm());
+ globalTypeSet = symbolTable->globalTypeSetForOffset(locker, VarOffset(profileRegister), *vm());
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case ProfileTypeBytecodeDoesNotHaveGlobalID:
</span><span class="lines">@@ -2821,63 +2810,6 @@
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>-bool CodeBlock::isCaptured(VirtualRegister operand, InlineCallFrame* inlineCallFrame) const
-{
- if (operand.isArgument())
- return operand.toArgument() && usesArguments();
-
- if (inlineCallFrame)
- return inlineCallFrame->capturedVars.get(operand.toLocal());
-
- // The lexical environment object isn't in the captured region, but it's "captured"
- // in the sense that stores to its location can be observed indirectly.
- if (needsActivation() && operand == activationRegister())
- return true;
-
- // Ditto for the arguments object.
- if (usesArguments() && operand == argumentsRegister())
- return true;
- if (usesArguments() && operand == unmodifiedArgumentsRegister(argumentsRegister()))
- return true;
-
- // We're in global code so there are no locals to capture
- if (!symbolTable())
- return false;
-
- return symbolTable()->isCaptured(operand.offset());
-}
-
-int CodeBlock::framePointerOffsetToGetActivationRegisters(int machineCaptureStart)
-{
- // We'll be adding this to the stack pointer to get a registers pointer that looks
- // like it would have looked in the baseline engine. For example, if bytecode would
- // have put the first captured variable at offset -5 but we put it at offset -1, then
- // we'll have an offset of 4.
- int32_t offset = 0;
-
- // Compute where we put the captured variables. This offset will point the registers
- // pointer directly at the first captured var.
- offset += machineCaptureStart;
-
- // Now compute the offset needed to make the runtime see the captured variables at the
- // same offset that the bytecode would have used.
- offset -= symbolTable()->captureStart();
-
- return offset;
-}
-
-int CodeBlock::framePointerOffsetToGetActivationRegisters()
-{
- if (!JITCode::isOptimizingJIT(jitType()))
- return 0;
-#if ENABLE(DFG_JIT)
- return framePointerOffsetToGetActivationRegisters(jitCode()->dfgCommon()->machineCaptureStart);
-#else
- RELEASE_ASSERT_NOT_REACHED();
- return 0;
-#endif
-}
-
</del><span class="cx"> HandlerInfo* CodeBlock::handlerForBytecodeOffset(unsigned bytecodeOffset)
</span><span class="cx"> {
</span><span class="cx"> RELEASE_ASSERT(bytecodeOffset < instructions().size());
</span><span class="lines">@@ -3062,18 +2994,6 @@
</span><span class="cx"> return ownerExecutable()->newReplacementCodeBlockFor(specializationKind());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-const SlowArgument* CodeBlock::machineSlowArguments()
-{
- if (!JITCode::isOptimizingJIT(jitType()))
- return symbolTable()->slowArguments();
-
-#if ENABLE(DFG_JIT)
- return jitCode()->dfgCommon()->slowArguments.get();
-#else // ENABLE(DFG_JIT)
- return 0;
-#endif // ENABLE(DFG_JIT)
-}
-
</del><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> CodeBlock* ProgramCodeBlock::replacement()
</span><span class="cx"> {
</span><span class="lines">@@ -3856,73 +3776,20 @@
</span><span class="cx"> ConcurrentJITLocker locker(symbolTable()->m_lock);
</span><span class="cx"> SymbolTable::Map::iterator end = symbolTable()->end(locker);
</span><span class="cx"> for (SymbolTable::Map::iterator ptr = symbolTable()->begin(locker); ptr != end; ++ptr) {
</span><del>- if (ptr->value.getIndex() == virtualRegister.offset()) {
</del><ins>+ if (ptr->value.varOffset() == VarOffset(virtualRegister)) {
</ins><span class="cx"> // FIXME: This won't work from the compilation thread.
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=115300
</span><span class="cx"> return String(ptr->key);
</span><span class="cx"> }
</span><span class="cx"> }
</span><del>- if (needsActivation() && virtualRegister == activationRegister())
- return ASCIILiteral("lexical environment");
</del><span class="cx"> if (virtualRegister == thisRegister())
</span><span class="cx"> return ASCIILiteral("this");
</span><del>- if (usesArguments()) {
- if (virtualRegister == argumentsRegister())
- return ASCIILiteral("arguments");
- if (unmodifiedArgumentsRegister(argumentsRegister()) == virtualRegister)
- return ASCIILiteral("real arguments");
- }
</del><span class="cx"> if (virtualRegister.isArgument())
</span><span class="cx"> return String::format("arguments[%3d]", virtualRegister.toArgument());
</span><span class="cx">
</span><span class="cx"> return "";
</span><span class="cx"> }
</span><span class="cx">
</span><del>-namespace {
-
-struct VerifyCapturedDef {
- void operator()(CodeBlock* codeBlock, Instruction* instruction, OpcodeID opcodeID, int operand) const
- {
- unsigned bytecodeOffset = instruction - codeBlock->instructions().begin();
-
- if (codeBlock->isConstantRegisterIndex(operand)) {
- codeBlock->beginValidationDidFail();
- dataLog(" At bc#", bytecodeOffset, " encountered a definition of a constant.\n");
- codeBlock->endValidationDidFail();
- return;
- }
-
- switch (opcodeID) {
- case op_enter:
- case op_init_lazy_reg:
- case op_create_arguments:
- return;
- default:
- break;
- }
-
- VirtualRegister virtualReg(operand);
- if (!virtualReg.isLocal())
- return;
-
- if (codeBlock->usesArguments() && virtualReg == codeBlock->argumentsRegister())
- return;
- if (codeBlock->usesArguments() && virtualReg == unmodifiedArgumentsRegister(codeBlock->argumentsRegister()))
- return;
-
- if (codeBlock->captureCount() && codeBlock->symbolTable()->isCaptured(operand)) {
- codeBlock->beginValidationDidFail();
- dataLog(" At bc#", bytecodeOffset, " encountered invalid assignment to captured variable ", virtualReg, ".\n");
- codeBlock->endValidationDidFail();
- return;
- }
-
- return;
- }
-};
-
-} // anonymous namespace
-
</del><span class="cx"> void CodeBlock::validate()
</span><span class="cx"> {
</span><span class="cx"> BytecodeLivenessAnalysis liveness(this); // Compute directly from scratch so it doesn't effect CodeBlock footprint.
</span><span class="lines">@@ -3938,38 +3805,15 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> for (unsigned i = m_numCalleeRegisters; i--;) {
</span><del>- bool isCaptured = false;
</del><span class="cx"> VirtualRegister reg = virtualRegisterForLocal(i);
</span><span class="cx">
</span><del>- if (captureCount())
- isCaptured = reg.offset() <= captureStart() && reg.offset() > captureEnd();
-
- if (isCaptured) {
- if (!liveAtHead.get(i)) {
- beginValidationDidFail();
- dataLog(" Variable loc", i, " is expected to be live because it is captured, but it isn't live.\n");
- dataLog(" Result: ", liveAtHead, "\n");
- endValidationDidFail();
- }
- } else {
- if (liveAtHead.get(i)) {
- beginValidationDidFail();
- dataLog(" Variable loc", i, " is expected to be dead.\n");
- dataLog(" Result: ", liveAtHead, "\n");
- endValidationDidFail();
- }
</del><ins>+ if (liveAtHead.get(i)) {
+ beginValidationDidFail();
+ dataLog(" Variable ", reg, " is expected to be dead.\n");
+ dataLog(" Result: ", liveAtHead, "\n");
+ endValidationDidFail();
</ins><span class="cx"> }
</span><span class="cx"> }
</span><del>-
- for (unsigned bytecodeOffset = 0; bytecodeOffset < instructions().size();) {
- Instruction* currentInstruction = instructions().begin() + bytecodeOffset;
- OpcodeID opcodeID = m_vm->interpreter->getOpcodeID(currentInstruction->u.opcode);
-
- VerifyCapturedDef verifyCapturedDef;
- computeDefsForBytecodeOffset(this, bytecodeOffset, verifyCapturedDef);
-
- bytecodeOffset += opcodeLength(opcodeID);
- }
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void CodeBlock::beginValidationDidFail()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -83,8 +83,6 @@
</span><span class="cx"> class RepatchBuffer;
</span><span class="cx"> class TypeLocation;
</span><span class="cx">
</span><del>-inline VirtualRegister unmodifiedArgumentsRegister(VirtualRegister argumentsRegister) { return VirtualRegister(argumentsRegister.offset() + 1); }
-
</del><span class="cx"> enum ReoptimizationMode { DontCountReoptimization, CountReoptimization };
</span><span class="cx">
</span><span class="cx"> class CodeBlock : public ThreadSafeRefCounted<CodeBlock>, public UnconditionalFinalizer, public WeakReferenceHarvester {
</span><span class="lines">@@ -259,11 +257,6 @@
</span><span class="cx">
</span><span class="cx"> unsigned instructionCount() const { return m_instructions.size(); }
</span><span class="cx">
</span><del>- int argumentIndexAfterCapture(size_t argument);
-
- bool hasSlowArguments();
- const SlowArgument* machineSlowArguments();
-
</del><span class="cx"> // Exactly equivalent to codeBlock->ownerExecutable()->installCode(codeBlock);
</span><span class="cx"> void install();
</span><span class="cx">
</span><span class="lines">@@ -327,24 +320,6 @@
</span><span class="cx"> return m_scopeRegister;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void setArgumentsRegister(VirtualRegister argumentsRegister)
- {
- ASSERT(argumentsRegister.isValid());
- m_argumentsRegister = argumentsRegister;
- ASSERT(usesArguments());
- }
- VirtualRegister argumentsRegister() const
- {
- ASSERT(usesArguments());
- return m_argumentsRegister;
- }
- VirtualRegister uncheckedArgumentsRegister()
- {
- if (!usesArguments())
- return VirtualRegister();
- return argumentsRegister();
- }
-
</del><span class="cx"> void setActivationRegister(VirtualRegister activationRegister)
</span><span class="cx"> {
</span><span class="cx"> m_lexicalEnvironmentRegister = activationRegister;
</span><span class="lines">@@ -361,40 +336,12 @@
</span><span class="cx"> return m_lexicalEnvironmentRegister;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool usesArguments() const { return m_argumentsRegister.isValid(); }
-
</del><span class="cx"> bool needsActivation() const
</span><span class="cx"> {
</span><span class="cx"> ASSERT(m_lexicalEnvironmentRegister.isValid() == m_needsActivation);
</span><span class="cx"> return m_needsActivation;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- unsigned captureCount() const
- {
- if (!symbolTable())
- return 0;
- return symbolTable()->captureCount();
- }
-
- int captureStart() const
- {
- if (!symbolTable())
- return 0;
- return symbolTable()->captureStart();
- }
-
- int captureEnd() const
- {
- if (!symbolTable())
- return 0;
- return symbolTable()->captureEnd();
- }
-
- bool isCaptured(VirtualRegister operand, InlineCallFrame* = 0) const;
-
- int framePointerOffsetToGetActivationRegisters(int machineCaptureStart);
- int framePointerOffsetToGetActivationRegisters();
-
</del><span class="cx"> CodeType codeType() const { return m_unlinkedCode->codeType(); }
</span><span class="cx"> PutPropertySlot::Context putByIdContext() const
</span><span class="cx"> {
</span><span class="lines">@@ -1059,7 +1006,6 @@
</span><span class="cx"> WriteBarrier<SymbolTable> m_symbolTable;
</span><span class="cx"> VirtualRegister m_thisRegister;
</span><span class="cx"> VirtualRegister m_scopeRegister;
</span><del>- VirtualRegister m_argumentsRegister;
</del><span class="cx"> VirtualRegister m_lexicalEnvironmentRegister;
</span><span class="cx">
</span><span class="cx"> bool m_isStrictMode;
</span><span class="lines">@@ -1220,24 +1166,6 @@
</span><span class="cx"> return baselineCodeBlock;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline int CodeBlock::argumentIndexAfterCapture(size_t argument)
-{
- if (argument >= static_cast<size_t>(symbolTable()->parameterCount()))
- return CallFrame::argumentOffset(argument);
-
- const SlowArgument* slowArguments = symbolTable()->slowArguments();
- if (!slowArguments || slowArguments[argument].status == SlowArgument::Normal)
- return CallFrame::argumentOffset(argument);
-
- ASSERT(slowArguments[argument].status == SlowArgument::Captured);
- return slowArguments[argument].index;
-}
-
-inline bool CodeBlock::hasSlowArguments()
-{
- return !!symbolTable()->slowArguments();
-}
-
</del><span class="cx"> inline Register& ExecState::r(int index)
</span><span class="cx"> {
</span><span class="cx"> CodeBlock* codeBlock = this->codeBlock();
</span><span class="lines">@@ -1262,17 +1190,6 @@
</span><span class="cx"> return uncheckedR(reg.offset());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline JSValue ExecState::argumentAfterCapture(size_t argument)
-{
- if (argument >= argumentCount())
- return jsUndefined();
-
- if (!codeBlock())
- return this[argumentOffset(argument)].jsValue();
-
- return this[codeBlock()->argumentIndexAfterCapture(argument)].jsValue();
-}
-
</del><span class="cx"> inline void CodeBlockSet::mark(void* candidateCodeBlock)
</span><span class="cx"> {
</span><span class="cx"> // We have to check for 0 and -1 because those are used by the HashMap as markers.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeOriginh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -189,12 +189,10 @@
</span><span class="cx"> WriteBarrier<ScriptExecutable> executable;
</span><span class="cx"> ValueRecovery calleeRecovery;
</span><span class="cx"> CodeOrigin caller;
</span><del>- BitVector capturedVars; // Indexed by the machine call frame's variable numbering.
</del><span class="cx">
</span><span class="cx"> signed stackOffset : 28;
</span><span class="cx"> unsigned kind : 3; // real type is Kind
</span><span class="cx"> bool isClosureCall : 1; // If false then we know that callee/scope are constants and the DFG won't treat them as variables, i.e. they have to be recovered manually.
</span><del>- VirtualRegister argumentsRegister; // This is only set if the code uses arguments. The unmodified arguments register follows the unmodifiedArgumentsRegister() convention (see CodeBlock.h).
</del><span class="cx"> VirtualRegister argumentCountRegister; // Only set when we inline a varargs call.
</span><span class="cx">
</span><span class="cx"> // There is really no good notion of a "default" set of values for
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeDataFormath"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/DataFormat.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/DataFormat.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/DataFormat.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -56,7 +56,6 @@
</span><span class="cx">
</span><span class="cx"> // Special data formats used only for OSR.
</span><span class="cx"> DataFormatDead = 33, // Implies jsUndefined().
</span><del>- DataFormatArguments = 34 // Implies that the arguments object must be reified.
</del><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> inline const char* dataFormatToString(DataFormat dataFormat)
</span><span class="lines">@@ -90,8 +89,6 @@
</span><span class="cx"> return "JSBoolean";
</span><span class="cx"> case DataFormatDead:
</span><span class="cx"> return "Dead";
</span><del>- case DataFormatArguments:
- return "Arguments";
</del><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return "Unknown";
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeFullBytecodeLivenessh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/FullBytecodeLiveness.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/FullBytecodeLiveness.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/FullBytecodeLiveness.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -36,11 +36,7 @@
</span><span class="cx">
</span><span class="cx"> class FullBytecodeLiveness {
</span><span class="cx"> public:
</span><del>- FullBytecodeLiveness() : m_codeBlock(0) { }
-
- // We say "out" to refer to the bitvector that contains raw results for a bytecode
- // instruction.
- const FastBitVector& getOut(unsigned bytecodeIndex) const
</del><ins>+ const FastBitVector& getLiveness(unsigned bytecodeIndex) const
</ins><span class="cx"> {
</span><span class="cx"> BytecodeToBitmapMap::const_iterator iter = m_map.find(bytecodeIndex);
</span><span class="cx"> ASSERT(iter != m_map.end());
</span><span class="lines">@@ -49,18 +45,12 @@
</span><span class="cx">
</span><span class="cx"> bool operandIsLive(int operand, unsigned bytecodeIndex) const
</span><span class="cx"> {
</span><del>- return operandIsAlwaysLive(m_codeBlock, operand) || operandThatIsNotAlwaysLiveIsLive(m_codeBlock, getOut(bytecodeIndex), operand);
</del><ins>+ return operandIsAlwaysLive(operand) || operandThatIsNotAlwaysLiveIsLive(getLiveness(bytecodeIndex), operand);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- FastBitVector getLiveness(unsigned bytecodeIndex) const
- {
- return getLivenessInfo(m_codeBlock, getOut(bytecodeIndex));
- }
-
</del><span class="cx"> private:
</span><span class="cx"> friend class BytecodeLivenessAnalysis;
</span><span class="cx">
</span><del>- CodeBlock* m_codeBlock;
</del><span class="cx"> BytecodeToBitmapMap m_map;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeInstructionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/Instruction.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/Instruction.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/Instruction.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2012-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -97,7 +97,7 @@
</span><span class="cx"> Instruction(ArrayProfile* profile) { u.arrayProfile = profile; }
</span><span class="cx"> Instruction(ArrayAllocationProfile* profile) { u.arrayAllocationProfile = profile; }
</span><span class="cx"> Instruction(ObjectAllocationProfile* profile) { u.objectAllocationProfile = profile; }
</span><del>- Instruction(WriteBarrier<Unknown>* registerPointer) { u.registerPointer = registerPointer; }
</del><ins>+ Instruction(WriteBarrier<Unknown>* variablePointer) { u.variablePointer = variablePointer; }
</ins><span class="cx"> Instruction(Special::Pointer pointer) { u.specialPointer = pointer; }
</span><span class="cx"> Instruction(StringImpl* uid) { u.uid = uid; }
</span><span class="cx"> Instruction(bool* predicatePointer) { u.predicatePointer = predicatePointer; }
</span><span class="lines">@@ -108,7 +108,7 @@
</span><span class="cx"> WriteBarrierBase<Structure> structure;
</span><span class="cx"> WriteBarrierBase<StructureChain> structureChain;
</span><span class="cx"> WriteBarrierBase<JSCell> jsCell;
</span><del>- WriteBarrier<Unknown>* registerPointer;
</del><ins>+ WriteBarrier<Unknown>* variablePointer;
</ins><span class="cx"> Special::Pointer specialPointer;
</span><span class="cx"> PropertySlot::GetValueFunc getterFunc;
</span><span class="cx"> LLIntCallLinkInfo* callLinkInfo;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeOperandsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/Operands.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/Operands.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/Operands.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -209,6 +209,10 @@
</span><span class="cx"> return virtualRegisterForArgument(index).offset();
</span><span class="cx"> return virtualRegisterForLocal(index - numberOfArguments()).offset();
</span><span class="cx"> }
</span><ins>+ VirtualRegister virtualRegisterForIndex(size_t index) const
+ {
+ return VirtualRegister(operandForIndex(index));
+ }
</ins><span class="cx"> size_t indexForOperand(int operand) const
</span><span class="cx"> {
</span><span class="cx"> if (operandIsArgument(operand))
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeSpeculatedTypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/SpeculatedType.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/SpeculatedType.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/SpeculatedType.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2012, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,10 +29,11 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "SpeculatedType.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "ScopedArguments.h"
</ins><span class="cx"> #include "StringObject.h"
</span><span class="cx"> #include "ValueProfile.h"
</span><span class="cx"> #include <wtf/BoundsCheckedPointer.h>
</span><span class="lines">@@ -127,11 +128,16 @@
</span><span class="cx"> else
</span><span class="cx"> isTop = false;
</span><span class="cx">
</span><del>- if (value & SpecArguments)
- myOut.print("Arguments");
</del><ins>+ if (value & SpecDirectArguments)
+ myOut.print("Directarguments");
</ins><span class="cx"> else
</span><span class="cx"> isTop = false;
</span><span class="cx">
</span><ins>+ if (value & SpecScopedArguments)
+ myOut.print("Scopedarguments");
+ else
+ isTop = false;
+
</ins><span class="cx"> if (value & SpecStringObject)
</span><span class="cx"> myOut.print("Stringobject");
</span><span class="cx"> else
</span><span class="lines">@@ -232,8 +238,10 @@
</span><span class="cx"> return "<Float32array>";
</span><span class="cx"> if (isFloat64ArraySpeculation(prediction))
</span><span class="cx"> return "<Float64array>";
</span><del>- if (isArgumentsSpeculation(prediction))
- return "<Arguments>";
</del><ins>+ if (isDirectArgumentsSpeculation(prediction))
+ return "<DirectArguments>";
+ if (isScopedArgumentsSpeculation(prediction))
+ return "<ScopedArguments>";
</ins><span class="cx"> if (isStringObjectSpeculation(prediction))
</span><span class="cx"> return "<StringObject>";
</span><span class="cx"> if (isStringOrStringObjectSpeculation(prediction))
</span><span class="lines">@@ -305,9 +313,12 @@
</span><span class="cx"> if (classInfo == JSArray::info())
</span><span class="cx"> return SpecArray;
</span><span class="cx">
</span><del>- if (classInfo == Arguments::info())
- return SpecArguments;
</del><ins>+ if (classInfo == DirectArguments::info())
+ return SpecDirectArguments;
</ins><span class="cx">
</span><ins>+ if (classInfo == ScopedArguments::info())
+ return SpecScopedArguments;
+
</ins><span class="cx"> if (classInfo == StringObject::info())
</span><span class="cx"> return SpecStringObject;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeSpeculatedTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011-2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -52,8 +52,9 @@
</span><span class="cx"> static const SpeculatedType SpecFloat32Array = 0x00000400; // It's definitely an Uint16Array or one of its subclasses.
</span><span class="cx"> static const SpeculatedType SpecFloat64Array = 0x00000800; // It's definitely an Uint16Array or one of its subclasses.
</span><span class="cx"> static const SpeculatedType SpecTypedArrayView = SpecInt8Array | SpecInt16Array | SpecInt32Array | SpecUint8Array | SpecUint8ClampedArray | SpecUint16Array | SpecUint32Array | SpecFloat32Array | SpecFloat64Array;
</span><del>-static const SpeculatedType SpecArguments = 0x00001000; // It's definitely an Arguments object.
-static const SpeculatedType SpecStringObject = 0x00002000; // It's definitely a StringObject.
</del><ins>+static const SpeculatedType SpecDirectArguments = 0x00001000; // It's definitely a DirectArguments object.
+static const SpeculatedType SpecScopedArguments = 0x00002000; // It's definitely a ScopedArguments object.
+static const SpeculatedType SpecStringObject = 0x00004000; // It's definitely a StringObject.
</ins><span class="cx"> static const SpeculatedType SpecObjectOther = 0x00008000; // It's definitely an object but not JSFinalObject, JSArray, or JSFunction.
</span><span class="cx"> static const SpeculatedType SpecObject = 0x0000ffff; // Bitmask used for testing for any kind of object prediction.
</span><span class="cx"> static const SpeculatedType SpecStringIdent = 0x00010000; // It's definitely a JSString, and it's an identifier.
</span><span class="lines">@@ -193,11 +194,16 @@
</span><span class="cx"> return value == SpecFloat64Array;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool isArgumentsSpeculation(SpeculatedType value)
</del><ins>+inline bool isDirectArgumentsSpeculation(SpeculatedType value)
</ins><span class="cx"> {
</span><del>- return !!value && (value & SpecArguments) == value;
</del><ins>+ return value == SpecDirectArguments;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool isScopedArgumentsSpeculation(SpeculatedType value)
+{
+ return value == SpecScopedArguments;
+}
+
</ins><span class="cx"> inline bool isActionableIntMutableArraySpeculation(SpeculatedType value)
</span><span class="cx"> {
</span><span class="cx"> return isInt8ArraySpeculation(value)
</span><span class="lines">@@ -224,13 +230,14 @@
</span><span class="cx"> inline bool isActionableMutableArraySpeculation(SpeculatedType value)
</span><span class="cx"> {
</span><span class="cx"> return isArraySpeculation(value)
</span><del>- || isArgumentsSpeculation(value)
</del><span class="cx"> || isActionableTypedMutableArraySpeculation(value);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline bool isActionableArraySpeculation(SpeculatedType value)
</span><span class="cx"> {
</span><span class="cx"> return isStringSpeculation(value)
</span><ins>+ || isDirectArgumentsSpeculation(value)
+ || isScopedArgumentsSpeculation(value)
</ins><span class="cx"> || isActionableMutableArraySpeculation(value);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2012, 2013, 2015 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -209,7 +209,6 @@
</span><span class="cx"> , m_numCalleeRegisters(0)
</span><span class="cx"> , m_numParameters(0)
</span><span class="cx"> , m_vm(vm)
</span><del>- , m_argumentsRegister(VirtualRegister())
</del><span class="cx"> , m_globalObjectRegister(VirtualRegister())
</span><span class="cx"> , m_needsFullScopeChain(info.needsActivation())
</span><span class="cx"> , m_usesEval(info.usesEval())
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2014 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2012-2015 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -287,11 +287,6 @@
</span><span class="cx"> void setScopeRegister(VirtualRegister scopeRegister) { m_scopeRegister = scopeRegister; }
</span><span class="cx"> void setActivationRegister(VirtualRegister activationRegister) { m_lexicalEnvironmentRegister = activationRegister; }
</span><span class="cx">
</span><del>- void setArgumentsRegister(VirtualRegister argumentsRegister) { m_argumentsRegister = argumentsRegister; }
- bool usesArguments() const { return m_argumentsRegister.isValid(); }
- VirtualRegister argumentsRegister() const { return m_argumentsRegister; }
-
-
</del><span class="cx"> bool usesGlobalObject() const { return m_globalObjectRegister.isValid(); }
</span><span class="cx"> void setGlobalObjectRegister(VirtualRegister globalObjectRegister) { m_globalObjectRegister = globalObjectRegister; }
</span><span class="cx"> VirtualRegister globalObjectRegister() const { return m_globalObjectRegister; }
</span><span class="lines">@@ -531,7 +526,6 @@
</span><span class="cx"> VM* m_vm;
</span><span class="cx">
</span><span class="cx"> VirtualRegister m_thisRegister;
</span><del>- VirtualRegister m_argumentsRegister;
</del><span class="cx"> VirtualRegister m_scopeRegister;
</span><span class="cx"> VirtualRegister m_lexicalEnvironmentRegister;
</span><span class="cx"> VirtualRegister m_globalObjectRegister;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeValueRecoverycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ValueRecovery.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ValueRecovery.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/ValueRecovery.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -112,9 +112,12 @@
</span><span class="cx"> case BooleanDisplacedInJSStack:
</span><span class="cx"> out.print("*bool(", virtualRegister(), ")");
</span><span class="cx"> return;
</span><del>- case ArgumentsThatWereNotCreated:
- out.printf("arguments");
</del><ins>+ case DirectArgumentsThatWereNotCreated:
+ out.print("DirectArguments(", nodeID(), ")");
</ins><span class="cx"> return;
</span><ins>+ case ClonedArgumentsThatWereNotCreated:
+ out.print("ClonedArguments(", nodeID(), ")");
+ return;
</ins><span class="cx"> case Constant:
</span><span class="cx"> out.print("[", inContext(constant(), context), "]");
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeValueRecoveryh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #ifndef ValueRecovery_h
</span><span class="cx"> #define ValueRecovery_h
</span><span class="cx">
</span><ins>+#include "DFGMinifiedID.h"
</ins><span class="cx"> #include "DataFormat.h"
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> #include "GPRInfo.h"
</span><span class="lines">@@ -38,6 +39,7 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> struct DumpContext;
</span><ins>+struct InlineCallFrame;
</ins><span class="cx">
</span><span class="cx"> // Describes how to recover a given bytecode virtual register at a given
</span><span class="cx"> // code point.
</span><span class="lines">@@ -62,8 +64,9 @@
</span><span class="cx"> DoubleDisplacedInJSStack,
</span><span class="cx"> CellDisplacedInJSStack,
</span><span class="cx"> BooleanDisplacedInJSStack,
</span><del>- // It's an Arguments object.
- ArgumentsThatWereNotCreated,
</del><ins>+ // It's an Arguments object. This arises because of the simplified arguments simplification done by the DFG.
+ DirectArgumentsThatWereNotCreated,
+ ClonedArgumentsThatWereNotCreated,
</ins><span class="cx"> // It's a constant.
</span><span class="cx"> Constant,
</span><span class="cx"> // Don't know how to recover it.
</span><span class="lines">@@ -167,13 +170,22 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static ValueRecovery argumentsThatWereNotCreated()
</del><ins>+ static ValueRecovery directArgumentsThatWereNotCreated(DFG::MinifiedID id)
</ins><span class="cx"> {
</span><span class="cx"> ValueRecovery result;
</span><del>- result.m_technique = ArgumentsThatWereNotCreated;
</del><ins>+ result.m_technique = DirectArgumentsThatWereNotCreated;
+ result.m_source.nodeID = id.bits();
</ins><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ static ValueRecovery outOfBandArgumentsThatWereNotCreated(DFG::MinifiedID id)
+ {
+ ValueRecovery result;
+ result.m_technique = ClonedArgumentsThatWereNotCreated;
+ result.m_source.nodeID = id.bits();
+ return result;
+ }
+
</ins><span class="cx"> ValueRecoveryTechnique technique() const { return m_technique; }
</span><span class="cx">
</span><span class="cx"> bool isConstant() const { return m_technique == Constant; }
</span><span class="lines">@@ -256,6 +268,12 @@
</span><span class="cx"> return JSValue::decode(m_source.constant);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ DFG::MinifiedID nodeID() const
+ {
+ ASSERT(m_technique == DirectArgumentsThatWereNotCreated || m_technique == ClonedArgumentsThatWereNotCreated);
+ return DFG::MinifiedID::fromBits(m_source.nodeID);
+ }
+
</ins><span class="cx"> JSValue recover(ExecState*) const;
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="lines">@@ -276,6 +294,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> int virtualReg;
</span><span class="cx"> EncodedJSValue constant;
</span><ins>+ uintptr_t nodeID;
</ins><span class="cx"> } m_source;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeVirtualRegisterh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -67,8 +67,12 @@
</span><span class="cx"> int offset() const { return m_virtualRegister; }
</span><span class="cx"> int offsetInBytes() const { return m_virtualRegister * sizeof(Register); }
</span><span class="cx">
</span><del>- bool operator==(const VirtualRegister other) const { return m_virtualRegister == other.m_virtualRegister; }
- bool operator!=(const VirtualRegister other) const { return m_virtualRegister != other.m_virtualRegister; }
</del><ins>+ bool operator==(VirtualRegister other) const { return m_virtualRegister == other.m_virtualRegister; }
+ bool operator!=(VirtualRegister other) const { return m_virtualRegister != other.m_virtualRegister; }
+ bool operator<(VirtualRegister other) const { return m_virtualRegister < other.m_virtualRegister; }
+ bool operator>(VirtualRegister other) const { return m_virtualRegister > other.m_virtualRegister; }
+ bool operator<=(VirtualRegister other) const { return m_virtualRegister <= other.m_virtualRegister; }
+ bool operator>=(VirtualRegister other) const { return m_virtualRegister >= other.m_virtualRegister; }
</ins><span class="cx">
</span><span class="cx"> VirtualRegister operator+(int value) const
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -64,6 +64,20 @@
</span><span class="cx"> SamplingRegion samplingRegion("Bytecode Generation");
</span><span class="cx">
</span><span class="cx"> m_codeBlock->setThisRegister(m_thisRegister.virtualRegister());
</span><ins>+
+ // If we have declared a variable named "arguments" and we are using arguments then we should
+ // perform that assignment now.
+ if (m_needToInitializeArguments)
+ initializeVariable(variable(propertyNames().arguments), m_argumentsRegister);
+
+ {
+ RefPtr<RegisterID> temp = newTemporary();
+ for (FunctionBodyNode* functionBody : m_functionsToInitialize) {
+ emitNewFunction(temp.get(), functionBody);
+ initializeVariable(variable(functionBody->ident()), temp.get());
+ }
+ }
+
</ins><span class="cx"> for (size_t i = 0; i < m_deconstructedParameters.size(); i++) {
</span><span class="cx"> auto& entry = m_deconstructedParameters[i];
</span><span class="cx"> entry.second->bindValue(*this, entry.first.get());
</span><span class="lines">@@ -119,38 +133,13 @@
</span><span class="cx"> m_codeBlock->shrinkToFit();
</span><span class="cx">
</span><span class="cx"> if (m_codeBlock->symbolTable() && !m_codeBlock->vm()->typeProfiler())
</span><del>- m_codeBlock->setSymbolTable(m_codeBlock->symbolTable()->cloneCapturedNames(*m_codeBlock->vm()));
</del><ins>+ m_codeBlock->setSymbolTable(m_codeBlock->symbolTable()->cloneScopePart(*m_codeBlock->vm()));
</ins><span class="cx">
</span><span class="cx"> if (m_expressionTooDeep)
</span><span class="cx"> return ParserError(ParserError::OutOfMemory);
</span><span class="cx"> return ParserError(ParserError::ErrorNone);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::addVar(
- const Identifier& ident, ConstantMode constantMode, WatchMode watchMode)
-{
- ASSERT(static_cast<size_t>(m_codeBlock->m_numVars) == m_calleeRegisters.size());
-
- ConcurrentJITLocker locker(symbolTable().m_lock);
- int index = virtualRegisterForLocal(m_calleeRegisters.size()).offset();
- SymbolTableEntry newEntry(index, constantMode == IsConstant ? ReadOnly : 0);
- SymbolTable::Map::AddResult result = symbolTable().add(locker, ident.impl(), newEntry);
-
- if (!result.isNewEntry)
- return &registerFor(result.iterator->value.getIndex());
-
- if (watchMode == IsWatchable) {
- while (m_watchableVariables.size() < static_cast<size_t>(m_codeBlock->m_numVars))
- m_watchableVariables.append(Identifier());
- m_watchableVariables.append(ident);
- }
-
- RegisterID* regID = addVar();
- ASSERT(watchMode == NotWatchable || static_cast<size_t>(m_codeBlock->m_numVars) == m_watchableVariables.size());
-
- return regID;
-}
-
</del><span class="cx"> BytecodeGenerator::BytecodeGenerator(VM& vm, ProgramNode* programNode, UnlinkedProgramCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode)
</span><span class="cx"> : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn)
</span><span class="cx"> , m_shouldEmitProfileHooks(Options::forceProfilerBytecodeGeneration() || profilerMode == ProfilerOn)
</span><span class="lines">@@ -192,7 +181,7 @@
</span><span class="cx"> {
</span><span class="cx"> if (m_isBuiltinFunction)
</span><span class="cx"> m_shouldEmitDebugHooks = false;
</span><del>-
</del><ins>+
</ins><span class="cx"> m_symbolTable->setUsesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode());
</span><span class="cx"> Vector<Identifier> boundParameterProperties;
</span><span class="cx"> FunctionParameters& parameters = *functionNode->parameters();
</span><span class="lines">@@ -203,12 +192,35 @@
</span><span class="cx"> pattern->collectBoundIdentifiers(boundParameterProperties);
</span><span class="cx"> continue;
</span><span class="cx"> }
</span><del>- m_symbolTable->setParameterCountIncludingThis(functionNode->parameters()->size() + 1);
</del><span class="cx">
</span><ins>+ bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || m_codeBlock->needsFullScopeChain();
+ bool shouldCaptureAllOfTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval();
+ bool needsArguments = functionNode->usesArguments() || codeBlock->usesEval();
+
+ auto captures = [&] (StringImpl* uid) -> bool {
+ if (shouldCaptureAllOfTheThings)
+ return true;
+ if (!shouldCaptureSomeOfTheThings)
+ return false;
+ if (needsArguments && uid == propertyNames().arguments.impl()) {
+ // Actually, we only need to capture the arguments object when we "need full activation"
+ // because of name scopes. But historically we did it this way, so for now we just preserve
+ // the old behavior.
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=143072
+ return true;
+ }
+ return functionNode->captures(uid);
+ };
+ auto varKind = [&] (StringImpl* uid) -> VarKind {
+ return captures(uid) ? VarKind::Scope : VarKind::Stack;
+ };
+
</ins><span class="cx"> emitOpcode(op_enter);
</span><span class="cx">
</span><span class="cx"> allocateAndEmitScope();
</span><span class="cx">
</span><ins>+ m_calleeRegister.setIndex(JSStack::Callee);
+
</ins><span class="cx"> if (functionNameIsInScope(functionNode->ident(), functionNode->functionMode())
</span><span class="cx"> && functionNameScopeIsDynamic(codeBlock->usesEval(), codeBlock->isStrictMode())) {
</span><span class="cx"> // When we do this, we should make our local scope stack know about the function name symbol
</span><span class="lines">@@ -217,192 +229,246 @@
</span><span class="cx"> // Also, we could create the scope once per JSFunction instance that needs it. That wouldn't
</span><span class="cx"> // be any more correct, but it would be more performant.
</span><span class="cx"> // FIXME: https://bugs.webkit.org/show_bug.cgi?id=141887
</span><del>- RegisterID calleeRegister;
- calleeRegister.setIndex(JSStack::Callee);
- emitPushFunctionNameScope(m_scopeRegister, functionNode->ident(), &calleeRegister, ReadOnly | DontDelete);
</del><ins>+ emitPushFunctionNameScope(m_scopeRegister, functionNode->ident(), &m_calleeRegister, ReadOnly | DontDelete);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- if (m_codeBlock->needsFullScopeChain() || m_shouldEmitDebugHooks) {
</del><ins>+ if (shouldCaptureSomeOfTheThings) {
</ins><span class="cx"> m_lexicalEnvironmentRegister = addVar();
</span><span class="cx"> m_codeBlock->setActivationRegister(m_lexicalEnvironmentRegister->virtualRegister());
</span><span class="cx"> emitOpcode(op_create_lexical_environment);
</span><span class="cx"> instructions().append(m_lexicalEnvironmentRegister->index());
</span><span class="cx"> instructions().append(scopeRegister()->index());
</span><ins>+ emitOpcode(op_mov);
+ instructions().append(scopeRegister()->index());
+ instructions().append(m_lexicalEnvironmentRegister->index());
</ins><span class="cx"> }
</span><del>- RegisterID* localArgumentsRegister = nullptr;
- RegisterID* scratch = addVar();
- m_symbolTable->setCaptureStart(virtualRegisterForLocal(m_codeBlock->m_numVars).offset());
-
- if (functionNode->usesArguments() || codeBlock->usesEval()) { // May reify arguments object.
- RegisterID* unmodifiedArgumentsRegister = addVar(); // Anonymous, so it can't be modified by user code.
- RegisterID* argumentsRegister = addVar(propertyNames().arguments, IsVariable, NotWatchable); // Can be changed by assigning to 'arguments'.
-
- localArgumentsRegister = argumentsRegister;
-
- // We can save a little space by hard-coding the knowledge that the two
- // 'arguments' values are stored in consecutive registers, and storing
- // only the index of the assignable one.
- codeBlock->setArgumentsRegister(argumentsRegister->virtualRegister());
- ASSERT_UNUSED(unmodifiedArgumentsRegister, unmodifiedArgumentsRegister->virtualRegister() == JSC::unmodifiedArgumentsRegister(codeBlock->argumentsRegister()));
-
- emitInitLazyRegister(argumentsRegister);
- emitInitLazyRegister(unmodifiedArgumentsRegister);
-
- if (shouldCreateArgumentsEagerly() || shouldTearOffArgumentsEagerly()) {
- emitOpcode(op_create_arguments);
- instructions().append(argumentsRegister->index());
- instructions().append(m_codeBlock->activationRegister().offset());
-
- if (m_codeBlock->hasActivationRegister()) {
- RegisterID* argumentsRegister = &registerFor(m_codeBlock->argumentsRegister().offset());
- initializeCapturedVariable(argumentsRegister, propertyNames().arguments, argumentsRegister);
- RegisterID* uncheckedArgumentsRegister = &registerFor(JSC::unmodifiedArgumentsRegister(m_codeBlock->argumentsRegister()).offset());
- initializeCapturedVariable(uncheckedArgumentsRegister, propertyNames().arguments, uncheckedArgumentsRegister);
- if (functionNode->modifiesArguments()) {
- emitOpcode(op_mov);
- instructions().append(argumentsRegister->index());
- instructions().append(addConstantValue(jsUndefined())->index());
- emitOpcode(op_mov);
- instructions().append(uncheckedArgumentsRegister->index());
- instructions().append(addConstantValue(jsUndefined())->index());
- localArgumentsRegister = nullptr;
- }
- }
- }
</del><ins>+
+ // Make sure the code block knows about all of our parameters, and make sure that parameters
+ // needing deconstruction are noted.
+ m_parameters.grow(parameters.size() + 1); // reserve space for "this"
+ m_thisRegister.setIndex(initializeNextParameter()->index()); // this
+ for (unsigned i = 0; i < parameters.size(); ++i) {
+ auto pattern = parameters.at(i);
+ RegisterID* reg = initializeNextParameter();
+ if (!pattern->isBindingNode())
+ m_deconstructedParameters.append(std::make_pair(reg, pattern));
</ins><span class="cx"> }
</span><del>-
- bool shouldCaptureAllTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval();
-
</del><ins>+
+ // Figure out some interesting facts about our arguments.
</ins><span class="cx"> bool capturesAnyArgumentByName = false;
</span><del>- Vector<RegisterID*, 0, UnsafeVectorOverflow> capturedArguments;
- if (functionNode->hasCapturedVariables() || shouldCaptureAllTheThings) {
</del><ins>+ if (functionNode->hasCapturedVariables()) {
</ins><span class="cx"> FunctionParameters& parameters = *functionNode->parameters();
</span><del>- capturedArguments.resize(parameters.size());
</del><span class="cx"> for (size_t i = 0; i < parameters.size(); ++i) {
</span><del>- capturedArguments[i] = 0;
</del><span class="cx"> auto pattern = parameters.at(i);
</span><span class="cx"> if (!pattern->isBindingNode())
</span><span class="cx"> continue;
</span><span class="cx"> const Identifier& ident = static_cast<const BindingNode*>(pattern)->boundProperty();
</span><del>- if (!functionNode->captures(ident) && !shouldCaptureAllTheThings)
- continue;
- capturesAnyArgumentByName = true;
- capturedArguments[i] = addVar(ident, IsVariable, IsWatchable);
</del><ins>+ capturesAnyArgumentByName |= captures(ident.impl());
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (capturesAnyArgumentByName && !shouldTearOffArgumentsEagerly()) {
- size_t parameterCount = m_symbolTable->parameterCount();
- auto slowArguments = std::make_unique<SlowArgument[]>(parameterCount);
- for (size_t i = 0; i < parameterCount; ++i) {
- if (!capturedArguments[i]) {
- ASSERT(slowArguments[i].status == SlowArgument::Normal);
- slowArguments[i].index = CallFrame::argumentOffset(i);
</del><ins>+ if (capturesAnyArgumentByName)
+ ASSERT(m_lexicalEnvironmentRegister);
+
+ // Need to know what our functions are called. Parameters have some goofy behaviors when it
+ // comes to functions of the same name.
+ for (FunctionBodyNode* function : functionNode->functionStack())
+ m_functions.add(function->ident().impl());
+
+ if (needsArguments) {
+ // Create the arguments object now. We may put the arguments object into the activation if
+ // it is captured. Either way, we create two arguments object variables: one is our
+ // private variable that is immutable, and another that is the user-visible variable. The
+ // immutable one is only used here, or during formal parameter resolutions if we opt for
+ // DirectArguments.
+
+ m_argumentsRegister = addVar();
+ m_argumentsRegister->ref();
+ }
+
+ if (needsArguments && !codeBlock->isStrictMode()) {
+ // If we captured any formal parameter by name, then we use ScopedArguments. Otherwise we
+ // use DirectArguments. With ScopedArguments, we lift all of our arguments into the
+ // activation.
+
+ if (capturesAnyArgumentByName) {
+ m_symbolTable->setArgumentsLength(vm, parameters.size());
+
+ // For each parameter, we have two possibilities:
+ // Either it's a binding node with no function overlap, in which case it gets a name
+ // in the symbol table - or it just gets space reserved in the symbol table. Either
+ // way we lift the value into the scope.
+ for (unsigned i = 0; i < parameters.size(); ++i) {
+ ScopeOffset offset = m_symbolTable->takeNextScopeOffset();
+ m_symbolTable->setArgumentOffset(vm, i, offset);
+ if (StringImpl* name = visibleNameForParameter(parameters.at(i))) {
+ VarOffset varOffset(offset);
+ SymbolTableEntry entry(varOffset);
+ // Stores to these variables via the ScopedArguments object will not do
+ // notifyWrite(), since that would be cumbersome. Also, watching formal
+ // parameters when "arguments" is in play is unlikely to be super profitable.
+ // So, we just disable it.
+ entry.disableWatching();
+ m_symbolTable->set(name, entry);
+ }
+ emitOpcode(op_put_to_scope);
+ instructions().append(m_lexicalEnvironmentRegister->index());
+ instructions().append(UINT_MAX);
+ instructions().append(virtualRegisterForArgument(1 + i).offset());
+ instructions().append(ResolveModeAndType(ThrowIfNotFound, LocalClosureVar).operand());
+ instructions().append(0);
+ instructions().append(offset.offset());
+ }
+
+ // This creates a scoped arguments object and copies the overflow arguments into the
+ // scope. It's the equivalent of calling ScopedArguments::createByCopying().
+ emitOpcode(op_create_scoped_arguments);
+ instructions().append(m_argumentsRegister->index());
+ instructions().append(m_lexicalEnvironmentRegister->index());
+ } else {
+ // We're going to put all parameters into the DirectArguments object. First ensure
+ // that the symbol table knows that this is happening.
+ for (unsigned i = 0; i < parameters.size(); ++i) {
+ if (StringImpl* name = visibleNameForParameter(parameters.at(i)))
+ m_symbolTable->set(name, SymbolTableEntry(VarOffset(DirectArgumentsOffset(i))));
+ }
+
+ emitOpcode(op_create_direct_arguments);
+ instructions().append(m_argumentsRegister->index());
+ }
+ } else {
+ // Create the formal parameters the normal way. Any of them could be captured, or not. If
+ // captured, lift them into the scope.
+ for (unsigned i = 0; i < parameters.size(); ++i) {
+ StringImpl* name = visibleNameForParameter(parameters.at(i));
+ if (!name)
</ins><span class="cx"> continue;
</span><ins>+
+ if (!captures(name)) {
+ // This is the easy case - just tell the symbol table about the argument. It will
+ // be accessed directly.
+ m_symbolTable->set(name, SymbolTableEntry(VarOffset(virtualRegisterForArgument(1 + i))));
+ continue;
</ins><span class="cx"> }
</span><del>- slowArguments[i].status = SlowArgument::Captured;
- slowArguments[i].index = capturedArguments[i]->index();
</del><ins>+
+ ScopeOffset offset = m_symbolTable->takeNextScopeOffset();
+ const Identifier& ident =
+ static_cast<const BindingNode*>(parameters.at(i))->boundProperty();
+ m_symbolTable->set(name, SymbolTableEntry(VarOffset(offset)));
+
+ emitOpcode(op_put_to_scope);
+ instructions().append(m_lexicalEnvironmentRegister->index());
+ instructions().append(addConstant(ident));
+ instructions().append(virtualRegisterForArgument(1 + i).offset());
+ instructions().append(ResolveModeAndType(ThrowIfNotFound, LocalClosureVar).operand());
+ instructions().append(0);
+ instructions().append(offset.offset());
</ins><span class="cx"> }
</span><del>- m_symbolTable->setSlowArguments(WTF::move(slowArguments));
</del><span class="cx"> }
</span><del>-
- RegisterID* calleeRegister = resolveCallee(functionNode); // May push to the scope chain and/or add a captured var.
-
- const DeclarationStacks::FunctionStack& functionStack = functionNode->functionStack();
- const DeclarationStacks::VarStack& varStack = functionNode->varStack();
- IdentifierSet test;
-
- // Captured variables and functions go first so that activations don't have
- // to step over the non-captured locals to mark them.
- if (functionNode->hasCapturedVariables() || shouldCaptureAllTheThings) {
- for (size_t i = 0; i < boundParameterProperties.size(); i++) {
- const Identifier& ident = boundParameterProperties[i];
- if (functionNode->captures(ident) || shouldCaptureAllTheThings)
- addVar(ident, IsVariable, IsWatchable);
- }
- for (size_t i = 0; i < functionStack.size(); ++i) {
- FunctionBodyNode* function = functionStack[i];
- const Identifier& ident = function->ident();
- if (functionNode->captures(ident) || shouldCaptureAllTheThings) {
- m_functions.add(ident.impl());
- emitNewFunction(scratch, function);
- initializeCapturedVariable(addVar(ident, IsVariable, IsWatchable), ident, scratch);
</del><ins>+
+ if (needsArguments && codeBlock->isStrictMode()) {
+ // Allocate an out-of-bands arguments object.
+ emitOpcode(op_create_out_of_band_arguments);
+ instructions().append(m_argumentsRegister->index());
+ }
+
+ // Now declare all variables.
+ for (const Identifier& ident : boundParameterProperties)
+ createVariable(ident, varKind(ident.impl()), IsVariable);
+ for (FunctionBodyNode* function : functionNode->functionStack()) {
+ const Identifier& ident = function->ident();
+ createVariable(ident, varKind(ident.impl()), IsVariable);
+ m_functionsToInitialize.append(function);
+ }
+ for (auto& entry : functionNode->varStack()) {
+ ConstantMode constantMode = modeForIsConstant(entry.second & DeclarationStacks::IsConstant);
+ // Variables named "arguments" are never const.
+ if (entry.first == propertyNames().arguments)
+ constantMode = IsVariable;
+ createVariable(entry.first, varKind(entry.first.impl()), constantMode, IgnoreExisting);
+ }
+
+ // There are some variables that need to be preinitialized to something other than Undefined:
+ //
+ // - "arguments": unless it's used as a function or parameter, this should refer to the
+ // arguments object.
+ //
+ // - callee: unless it's used as a var, function, or parameter, this should refer to the
+ // callee (i.e. our function).
+ //
+ // - functions: these always override everything else.
+ //
+ // The most logical way to do all of this is to initialize none of the variables until now,
+ // and then initialize them in BytecodeGenerator::generate() in such an order that the rules
+ // for how these things override each other end up holding. We would initialize the callee
+ // first, then "arguments", then all arguments, then the functions.
+ //
+ // But some arguments are already initialized by default, since if they aren't captured and we
+ // don't have "arguments" then we just point the symbol table at the stack slot of those
+ // arguments. We end up initializing the rest of the arguments that have an uncomplicated
+ // binding (i.e. don't involve deconstruction) above when figuring out how to lay them out,
+ // because that's just the simplest thing. This means that when we initialize them, we have to
+ // watch out for the things that override arguments (namely, functions).
+ //
+ // We also initialize callee here as well, just because it's so weird. We know whether we want
+ // to do this because we can just check if it's in the symbol table.
+ if (functionNameIsInScope(functionNode->ident(), functionNode->functionMode())
+ && !functionNameScopeIsDynamic(codeBlock->usesEval(), codeBlock->isStrictMode())
+ && m_symbolTable->get(functionNode->ident().impl()).isNull()) {
+ if (captures(functionNode->ident().impl())) {
+ ScopeOffset offset;
+ {
+ ConcurrentJITLocker locker(m_symbolTable->m_lock);
+ offset = m_symbolTable->takeNextScopeOffset(locker);
+ m_symbolTable->add(
+ locker, functionNode->ident().impl(),
+ SymbolTableEntry(VarOffset(offset), ReadOnly));
</ins><span class="cx"> }
</span><ins>+
+ emitOpcode(op_put_to_scope);
+ instructions().append(m_lexicalEnvironmentRegister->index());
+ instructions().append(addConstant(functionNode->ident()));
+ instructions().append(m_calleeRegister.index());
+ instructions().append(ResolveModeAndType(ThrowIfNotFound, LocalClosureVar).operand());
+ instructions().append(0);
+ instructions().append(offset.offset());
+ } else {
+ m_symbolTable->add(
+ functionNode->ident().impl(),
+ SymbolTableEntry(VarOffset(m_calleeRegister.virtualRegister()), ReadOnly));
</ins><span class="cx"> }
</span><del>- for (size_t i = 0; i < varStack.size(); ++i) {
- const Identifier& ident = varStack[i].first;
- if (functionNode->captures(ident) || shouldCaptureAllTheThings)
- addVar(ident, (varStack[i].second & DeclarationStacks::IsConstant) ? IsConstant : IsVariable, IsWatchable);
- }
</del><span class="cx"> }
</span><del>-
- m_symbolTable->setCaptureEnd(virtualRegisterForLocal(codeBlock->m_numVars).offset());
-
- bool canLazilyCreateFunctions = !functionNode->needsActivationForMoreThanVariables() && !m_shouldEmitDebugHooks && !m_vm->typeProfiler() && !m_vm->controlFlowProfiler();
- m_firstLazyFunction = codeBlock->m_numVars;
- if (!shouldCaptureAllTheThings) {
- for (size_t i = 0; i < functionStack.size(); ++i) {
- FunctionBodyNode* function = functionStack[i];
- const Identifier& ident = function->ident();
- if (!functionNode->captures(ident)) {
- m_functions.add(ident.impl());
- RefPtr<RegisterID> reg = addVar(ident, IsVariable, NotWatchable);
- // Don't lazily create functions that override the name 'arguments'
- // as this would complicate lazy instantiation of actual arguments.
- if (!canLazilyCreateFunctions || ident == propertyNames().arguments)
- emitNewFunction(reg.get(), function);
- else {
- emitInitLazyRegister(reg.get());
- m_lazyFunctions.set(reg->virtualRegister().toLocal(), function);
- }
</del><ins>+
+ // This is our final act of weirdness. "arguments" is overridden by everything except the
+ // callee. We add it to the symbol table if it's not already there and it's not an argument.
+ if (needsArguments) {
+ // If "arguments" is overridden by a function or deconstructed parameter name, then it's
+ // OK for us to call createVariable() because it won't change anything. It's also OK for
+ // us to them tell BytecodeGenerator::generate() to write to it because it will do so
+ // before it initializes functions and deconstructed parameters. But if "arguments" is
+ // overridden by a "simple" function parameter, then we have to bail: createVariable()
+ // would assert and BytecodeGenerator::generate() would write the "arguments" after the
+ // argument value had already been properly initialized.
+
+ bool haveParameterNamedArguments = false;
+ for (unsigned i = 0; i < parameters.size(); ++i) {
+ StringImpl* name = visibleNameForParameter(parameters.at(i));
+ if (name == propertyNames().arguments.impl()) {
+ haveParameterNamedArguments = true;
+ break;
</ins><span class="cx"> }
</span><span class="cx"> }
</span><del>- m_lastLazyFunction = canLazilyCreateFunctions ? codeBlock->m_numVars : m_firstLazyFunction;
- for (size_t i = 0; i < boundParameterProperties.size(); i++) {
- const Identifier& ident = boundParameterProperties[i];
- if (!functionNode->captures(ident))
- addVar(ident, IsVariable, IsWatchable);
</del><ins>+
+ if (!haveParameterNamedArguments) {
+ createVariable(
+ propertyNames().arguments, varKind(propertyNames().arguments.impl()), IsVariable);
+ m_needToInitializeArguments = true;
</ins><span class="cx"> }
</span><del>- for (size_t i = 0; i < varStack.size(); ++i) {
- const Identifier& ident = varStack[i].first;
- if (!functionNode->captures(ident))
- addVar(ident, (varStack[i].second & DeclarationStacks::IsConstant) ? IsConstant : IsVariable, NotWatchable);
- }
</del><span class="cx"> }
</span><del>-
- if (m_symbolTable->captureCount())
- emitOpcode(op_touch_entry);
</del><span class="cx">
</span><del>- m_parameters.grow(parameters.size() + 1); // reserve space for "this"
</del><ins>+ if (m_symbolTable->scopeSize())
+ emitOpcode(op_touch_entry);
</ins><span class="cx">
</span><del>- // Add "this" as a parameter
- int nextParameterIndex = CallFrame::thisArgumentOffset();
- m_thisRegister.setIndex(nextParameterIndex++);
- m_codeBlock->addParameter();
-
- for (size_t i = 0; i < parameters.size(); ++i, ++nextParameterIndex) {
- int index = nextParameterIndex;
- auto pattern = parameters.at(i);
- if (!pattern->isBindingNode()) {
- m_codeBlock->addParameter();
- RegisterID& parameter = registerFor(index);
- parameter.setIndex(index);
- m_deconstructedParameters.append(std::make_pair(&parameter, pattern));
- continue;
- }
- auto simpleParameter = static_cast<const BindingNode*>(pattern);
- if (capturedArguments.size() && capturedArguments[i] && !m_functions.contains(simpleParameter->boundProperty().impl())) {
- ASSERT((functionNode->hasCapturedVariables() && functionNode->captures(simpleParameter->boundProperty())) || shouldCaptureAllTheThings);
- index = capturedArguments[i]->index();
- RegisterID original(nextParameterIndex);
- initializeCapturedVariable(capturedArguments[i], simpleParameter->boundProperty(), &original);
- }
- addParameter(simpleParameter->boundProperty(), index);
- }
-
- // We declare the callee's name last because it should lose to a var, function, and/or parameter declaration.
- addCallee(functionNode, calleeRegister);
-
</del><span class="cx"> if (isConstructor()) {
</span><span class="cx"> if (constructorKind() == ConstructorKind::Derived) {
</span><span class="cx"> m_newTargetRegister = addVar();
</span><span class="lines">@@ -419,7 +485,6 @@
</span><span class="cx"> instructions().append(0);
</span><span class="cx"> instructions().append(0);
</span><span class="cx"> }
</span><del>- m_localArgumentsRegister = localArgumentsRegister;
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> BytecodeGenerator::BytecodeGenerator(VM& vm, EvalNode* evalNode, UnlinkedEvalCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode)
</span><span class="lines">@@ -458,110 +523,25 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::emitInitLazyRegister(RegisterID* reg)
</del><ins>+RegisterID* BytecodeGenerator::initializeNextParameter()
</ins><span class="cx"> {
</span><del>- emitOpcode(op_init_lazy_reg);
- instructions().append(reg->index());
- ASSERT(!hasWatchableVariable(reg->index()));
- return reg;
</del><ins>+ VirtualRegister reg = virtualRegisterForArgument(m_codeBlock->numParameters());
+ RegisterID& parameter = registerFor(reg);
+ parameter.setIndex(reg.offset());
+ m_codeBlock->addParameter();
+ return &parameter;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::initializeCapturedVariable(RegisterID* dst, const Identifier& propertyName, RegisterID* value)
</del><ins>+StringImpl* BytecodeGenerator::visibleNameForParameter(DeconstructionPatternNode* pattern)
</ins><span class="cx"> {
</span><del>-
- m_codeBlock->addPropertyAccessInstruction(instructions().size());
- emitOpcode(op_put_to_scope);
- instructions().append(m_lexicalEnvironmentRegister->index());
- instructions().append(addConstant(propertyName));
- instructions().append(value->index());
- instructions().append(ResolveModeAndType(ThrowIfNotFound, LocalClosureVar).operand());
- int operand = registerFor(dst->index()).index();
- bool isWatchableVariable = hasWatchableVariable(operand);
- ASSERT(!isWatchableVariable || watchableVariableIdentifier(operand) == propertyName);
- instructions().append(isWatchableVariable);
- instructions().append(dst->index());
- return dst;
-}
-
-RegisterID* BytecodeGenerator::resolveCallee(FunctionNode* functionNode)
-{
- if (!functionNameIsInScope(functionNode->ident(), functionNode->functionMode()))
- return 0;
-
- if (functionNameScopeIsDynamic(m_codeBlock->usesEval(), m_codeBlock->isStrictMode()))
- return 0;
-
- m_calleeRegister.setIndex(JSStack::Callee);
- if (functionNode->captures(functionNode->ident()))
- return initializeCapturedVariable(addVar(), functionNode->ident(), &m_calleeRegister);
-
- return &m_calleeRegister;
-}
-
-void BytecodeGenerator::addCallee(FunctionNode* functionNode, RegisterID* calleeRegister)
-{
- if (!calleeRegister)
- return;
-
- symbolTable().add(functionNode->ident().impl(), SymbolTableEntry(calleeRegister->index(), ReadOnly));
-}
-
-void BytecodeGenerator::addParameter(const Identifier& ident, int parameterIndex)
-{
- // Parameters overwrite var declarations, but not function declarations.
- StringImpl* rep = ident.impl();
- if (!m_functions.contains(rep)) {
- symbolTable().set(rep, parameterIndex);
- RegisterID& parameter = registerFor(parameterIndex);
- parameter.setIndex(parameterIndex);
</del><ins>+ if (pattern->isBindingNode()) {
+ const Identifier& ident = static_cast<const BindingNode*>(pattern)->boundProperty();
+ if (!m_functions.contains(ident.impl()))
+ return ident.impl();
</ins><span class="cx"> }
</span><del>-
- // To maintain the calling convention, we have to allocate unique space for
- // each parameter, even if the parameter doesn't make it into the symbol table.
- m_codeBlock->addParameter();
</del><ins>+ return nullptr;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool BytecodeGenerator::willResolveToArgumentsRegister(const Identifier& ident)
-{
- if (ident != propertyNames().arguments)
- return false;
-
- if (!shouldOptimizeLocals())
- return false;
-
- SymbolTableEntry entry = symbolTable().get(ident.impl());
- if (entry.isNull())
- return false;
-
- if (m_localArgumentsRegister && isCaptured(m_localArgumentsRegister->index()) && m_lexicalEnvironmentRegister)
- return false;
-
- if (m_codeBlock->usesArguments() && m_codeType == FunctionCode && m_localArgumentsRegister)
- return true;
-
- return false;
-}
-
-RegisterID* BytecodeGenerator::uncheckedLocalArgumentsRegister()
-{
- ASSERT(willResolveToArgumentsRegister(propertyNames().arguments));
- ASSERT(m_localArgumentsRegister);
- return m_localArgumentsRegister;
-}
-
-RegisterID* BytecodeGenerator::createLazyRegisterIfNecessary(RegisterID* reg)
-{
- if (!reg->virtualRegister().isLocal())
- return reg;
-
- int localVariableNumber = reg->virtualRegister().toLocal();
-
- if (m_lastLazyFunction <= localVariableNumber || localVariableNumber < m_firstLazyFunction)
- return reg;
- emitLazyNewFunction(reg, m_lazyFunctions.get(localVariableNumber));
- return reg;
-}
-
</del><span class="cx"> RegisterID* BytecodeGenerator::newRegister()
</span><span class="cx"> {
</span><span class="cx"> m_calleeRegisters.append(virtualRegisterForLocal(m_calleeRegisters.size()));
</span><span class="lines">@@ -964,7 +944,7 @@
</span><span class="cx"> StringImpl* rep = ident.impl();
</span><span class="cx"> return m_identifierMap.contains(rep);
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> unsigned BytecodeGenerator::addConstant(const Identifier& ident)
</span><span class="cx"> {
</span><span class="cx"> StringImpl* rep = ident.impl();
</span><span class="lines">@@ -1015,7 +995,6 @@
</span><span class="cx"> RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, RegisterID* src)
</span><span class="cx"> {
</span><span class="cx"> m_staticPropertyAnalyzer.mov(dst->index(), src->index());
</span><del>- ASSERT(dst->virtualRegister() == m_codeBlock->argumentsRegister() || !isCaptured(dst->index()));
</del><span class="cx"> emitOpcode(op_mov);
</span><span class="cx"> instructions().append(dst->index());
</span><span class="cx"> instructions().append(src->index());
</span><span class="lines">@@ -1197,51 +1176,96 @@
</span><span class="cx"> return m_globalObjectRegister;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool BytecodeGenerator::isCaptured(int operand)
</del><ins>+Variable BytecodeGenerator::variable(const Identifier& property)
</ins><span class="cx"> {
</span><del>- return m_symbolTable && m_symbolTable->isCaptured(operand);
-}
-
-Local BytecodeGenerator::local(const Identifier& property)
-{
- if (property == propertyNames().thisIdentifier)
- return Local(thisRegister(), ReadOnly, Local::SpecialLocal);
- bool isArguments = property == propertyNames().arguments;
- if (isArguments)
- createArgumentsIfNecessary();
-
</del><ins>+ if (property == propertyNames().thisIdentifier) {
+ return Variable(
+ property, VarOffset(thisRegister()->virtualRegister()), thisRegister(),
+ ReadOnly, Variable::SpecialVariable);
+ }
+
</ins><span class="cx"> if (!shouldOptimizeLocals())
</span><del>- return Local();
-
</del><ins>+ return Variable(property);
+
</ins><span class="cx"> SymbolTableEntry entry = symbolTable().get(property.impl());
</span><span class="cx"> if (entry.isNull())
</span><del>- return Local();
-
-
- RegisterID* local = createLazyRegisterIfNecessary(&registerFor(entry.getIndex()));
-
- if (isCaptured(local->index()) && m_lexicalEnvironmentRegister)
- return Local();
-
- return Local(local, entry.getAttributes(), isArguments ? Local::SpecialLocal : Local::NormalLocal);
</del><ins>+ return Variable(property);
+
+ if (entry.varOffset().isScope() && m_localScopeDepth) {
+ // FIXME: We should be able to statically resolve through our local scopes.
+ // https://bugs.webkit.org/show_bug.cgi?id=141885
+ return Variable(property);
+ }
+
+ return variableForLocalEntry(property, entry);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-Local BytecodeGenerator::constLocal(const Identifier& property)
</del><ins>+Variable BytecodeGenerator::variablePerSymbolTable(const Identifier& property)
</ins><span class="cx"> {
</span><del>- if (m_codeType != FunctionCode)
- return Local();
-
</del><span class="cx"> SymbolTableEntry entry = symbolTable().get(property.impl());
</span><span class="cx"> if (entry.isNull())
</span><del>- return Local();
</del><ins>+ return Variable(property);
+
+ return variableForLocalEntry(property, entry);
+}
</ins><span class="cx">
</span><del>- RegisterID* local = createLazyRegisterIfNecessary(&registerFor(entry.getIndex()));
</del><ins>+Variable BytecodeGenerator::variableForLocalEntry(
+ const Identifier& property, const SymbolTableEntry& entry)
+{
+ VarOffset offset = entry.varOffset();
+
+ RegisterID* local;
+ if (offset.isStack())
+ local = &registerFor(offset.stackOffset());
+ else
+ local = nullptr;
+
+ return Variable(property, offset, local, entry.getAttributes(), Variable::NormalVariable);
+}
</ins><span class="cx">
</span><del>- bool isArguments = property == propertyNames().arguments;
- if (isCaptured(local->index()) && m_lexicalEnvironmentRegister)
- return Local();
</del><ins>+void BytecodeGenerator::createVariable(
+ const Identifier& property, VarKind varKind, ConstantMode constantMode,
+ ExistingVariableMode existingVariableMode)
+{
+ ASSERT(property != propertyNames().thisIdentifier);
+
+ ConcurrentJITLocker locker(symbolTable().m_lock);
+ SymbolTableEntry entry = symbolTable().get(locker, property.impl());
+
+ if (!entry.isNull()) {
+ if (existingVariableMode == IgnoreExisting)
+ return;
+
+ // Do some checks to ensure that the variable we're being asked to create is sufficiently
+ // compatible with the one we have already created.
</ins><span class="cx">
</span><del>- return Local(local, entry.getAttributes(), isArguments ? Local::SpecialLocal : Local::NormalLocal);
</del><ins>+ VarOffset offset = entry.varOffset();
+
+ // We can't change our minds about whether it's captured.
+ if (offset.kind() != varKind || constantMode != entry.constantMode()) {
+ dataLog(
+ "Trying to add variable called ", property, " as ", varKind, "/", constantMode,
+ " but it was already added as ", offset, "/", entry.constantMode(), ".\n");
+ RELEASE_ASSERT_NOT_REACHED();
+ }
+
+ return;
+ }
+
+ VarOffset varOffset;
+ if (varKind == VarKind::Scope)
+ varOffset = VarOffset(symbolTable().takeNextScopeOffset(locker));
+ else {
+ ASSERT(varKind == VarKind::Stack);
+ varOffset = VarOffset(virtualRegisterForLocal(m_calleeRegisters.size()));
+ }
+ SymbolTableEntry newEntry(varOffset, constantMode == IsConstant ? ReadOnly : 0);
+ symbolTable().add(locker, property.impl(), newEntry);
+
+ if (varKind == VarKind::Stack) {
+ RegisterID* local = addVar();
+ RELEASE_ASSERT(local->index() == varOffset.stackOffset().offset());
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void BytecodeGenerator::emitCheckHasInstance(RegisterID* dst, RegisterID* value, RegisterID* base, Label* target)
</span><span class="lines">@@ -1265,88 +1289,147 @@
</span><span class="cx"> return GlobalProperty;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Identifier& identifier, ResolveScopeInfo& info)
</del><ins>+RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Variable& variable)
</ins><span class="cx"> {
</span><del>- if (m_symbolTable && m_codeType == FunctionCode && !m_localScopeDepth) {
- SymbolTableEntry entry = m_symbolTable->get(identifier.impl());
- if (!entry.isNull()) {
- info = ResolveScopeInfo(entry.getIndex());
- return scopeRegister();
- }
</del><ins>+ switch (variable.offset().kind()) {
+ case VarKind::Stack:
+ return nullptr;
+
+ case VarKind::DirectArgument:
+ return argumentsRegister();
+
+ case VarKind::Scope:
+ // This always refers to the activation that *we* allocated, and not the current scope that code
+ // lives in. Note that this will change once we have proper support for block scoping. Once that
+ // changes, it will be correct for this code to return scopeRegister(). The only reason why we
+ // don't do that already is that m_lexicalEnvironment is required by ConstDeclNode. ConstDeclNode
+ // requires weird things because it is a shameful pile of nonsense, but block scoping would make
+ // that code sensible and obviate the need for us to do bad things.
+ return m_lexicalEnvironmentRegister;
+
+ case VarKind::Invalid:
+ // Indicates non-local resolution.
+
+ ASSERT(!m_symbolTable || !m_symbolTable->contains(variable.ident().impl()) || resolveType() == Dynamic);
+
+ m_codeBlock->addPropertyAccessInstruction(instructions().size());
+
+ // resolve_scope dst, id, ResolveType, depth
+ emitOpcode(op_resolve_scope);
+ dst = tempDestination(dst);
+ instructions().append(kill(dst));
+ instructions().append(scopeRegister()->index());
+ instructions().append(addConstant(variable.ident()));
+ instructions().append(resolveType());
+ instructions().append(0);
+ instructions().append(0);
+ return dst;
</ins><span class="cx"> }
</span><del>-
- ASSERT(!m_symbolTable || !m_symbolTable->contains(identifier.impl()) || resolveType() == Dynamic);
-
- m_codeBlock->addPropertyAccessInstruction(instructions().size());
-
- // resolve_scope dst, id, ResolveType, depth
- emitOpcode(op_resolve_scope);
- dst = tempDestination(dst);
- instructions().append(kill(dst));
- instructions().append(scopeRegister()->index());
- instructions().append(addConstant(identifier));
- instructions().append(resolveType());
- instructions().append(0);
- instructions().append(0);
- return dst;
</del><ins>+
+ RELEASE_ASSERT_NOT_REACHED();
+ return nullptr;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-
-RegisterID* BytecodeGenerator::emitResolveConstantLocal(RegisterID* dst, const Identifier& identifier, ResolveScopeInfo& info)
</del><ins>+RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Variable& variable, ResolveMode resolveMode)
</ins><span class="cx"> {
</span><del>- if (!m_symbolTable || m_codeType != FunctionCode)
- return nullptr;
-
- SymbolTableEntry entry = m_symbolTable->get(identifier.impl());
- if (entry.isNull())
- return nullptr;
- info = ResolveScopeInfo(entry.getIndex());
- return emitMove(dst, m_lexicalEnvironmentRegister);
-
</del><ins>+ switch (variable.offset().kind()) {
+ case VarKind::Stack:
+ return emitMove(dst, variable.local());
+
+ case VarKind::DirectArgument: {
+ UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_arguments);
+ instructions().append(kill(dst));
+ instructions().append(scope->index());
+ instructions().append(variable.offset().capturedArgumentsOffset().offset());
+ instructions().append(profile);
+ return dst;
+ }
+
+ case VarKind::Scope:
+ case VarKind::Invalid: {
+ m_codeBlock->addPropertyAccessInstruction(instructions().size());
+
+ // get_from_scope dst, scope, id, ResolveModeAndType, Structure, Operand
+ UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_scope);
+ instructions().append(kill(dst));
+ instructions().append(scope->index());
+ instructions().append(addConstant(variable.ident()));
+ instructions().append(ResolveModeAndType(resolveMode, variable.offset().isScope() ? LocalClosureVar : resolveType()).operand());
+ instructions().append(0);
+ instructions().append(variable.offset().isScope() ? variable.offset().scopeOffset().offset() : 0);
+ instructions().append(profile);
+ return dst;
+ } }
+
+ RELEASE_ASSERT_NOT_REACHED();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier& identifier, ResolveMode resolveMode, const ResolveScopeInfo& info)
</del><ins>+RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Variable& variable, RegisterID* value, ResolveMode resolveMode)
</ins><span class="cx"> {
</span><del>- m_codeBlock->addPropertyAccessInstruction(instructions().size());
-
- // get_from_scope dst, scope, id, ResolveModeAndType, Structure, Operand
- UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_scope);
- instructions().append(kill(dst));
- instructions().append(scope->index());
- instructions().append(addConstant(identifier));
- instructions().append(ResolveModeAndType(resolveMode, info.isLocal() ? LocalClosureVar : resolveType()).operand());
- instructions().append(0);
- instructions().append(info.localIndex());
- instructions().append(profile);
- return dst;
</del><ins>+ switch (variable.offset().kind()) {
+ case VarKind::Stack:
+ emitMove(variable.local(), value);
+ return value;
+
+ case VarKind::DirectArgument:
+ emitOpcode(op_put_to_arguments);
+ instructions().append(scope->index());
+ instructions().append(variable.offset().capturedArgumentsOffset().offset());
+ instructions().append(value->index());
+ return value;
+
+ case VarKind::Scope:
+ case VarKind::Invalid: {
+ m_codeBlock->addPropertyAccessInstruction(instructions().size());
+
+ // put_to_scope scope, id, value, ResolveModeAndType, Structure, Operand
+ emitOpcode(op_put_to_scope);
+ instructions().append(scope->index());
+ instructions().append(addConstant(variable.ident()));
+ instructions().append(value->index());
+ ScopeOffset offset;
+ if (variable.offset().isScope()) {
+ offset = variable.offset().scopeOffset();
+ instructions().append(ResolveModeAndType(resolveMode, LocalClosureVar).operand());
+ } else {
+ ASSERT(resolveType() != LocalClosureVar);
+ instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand());
+ }
+ instructions().append(0);
+ instructions().append(!!offset ? offset.offset() : 0);
+ return value;
+ } }
+
+ RELEASE_ASSERT_NOT_REACHED();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Identifier& identifier, RegisterID* value, ResolveMode resolveMode, const ResolveScopeInfo& info)
</del><ins>+RegisterID* BytecodeGenerator::initializeVariable(const Variable& variable, RegisterID* value)
</ins><span class="cx"> {
</span><del>- m_codeBlock->addPropertyAccessInstruction(instructions().size());
-
- // put_to_scope scope, id, value, ResolveModeAndType, Structure, Operand
- emitOpcode(op_put_to_scope);
- instructions().append(scope->index());
- instructions().append(addConstant(identifier));
- instructions().append(value->index());
- if (info.isLocal()) {
- instructions().append(ResolveModeAndType(resolveMode, LocalClosureVar).operand());
- int operand = registerFor(info.localIndex()).index();
- bool isWatchableVariable = hasWatchableVariable(operand);
- ASSERT(!isWatchableVariable || watchableVariableIdentifier(operand) == identifier);
- instructions().append(isWatchableVariable);
- } else {
- ASSERT(resolveType() != LocalClosureVar);
- instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand());
- instructions().append(false);
</del><ins>+ RegisterID* scope;
+ switch (variable.offset().kind()) {
+ case VarKind::Stack:
+ scope = nullptr;
+ break;
+
+ case VarKind::DirectArgument:
+ scope = argumentsRegister();
+ break;
+
+ case VarKind::Scope:
+ scope = scopeRegister();
+ break;
+
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ scope = nullptr;
+ break;
</ins><span class="cx"> }
</span><del>- instructions().append(info.localIndex());
- return value;
</del><ins>+
+ return emitPutToScope(scope, variable, value, ThrowIfNotFound);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RegisterID* BytecodeGenerator::emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* basePrototype)
</span><del>-{
</del><ins>+{
</ins><span class="cx"> emitOpcode(op_instanceof);
</span><span class="cx"> instructions().append(dst->index());
</span><span class="cx"> instructions().append(value->index());
</span><span class="lines">@@ -1381,16 +1464,6 @@
</span><span class="cx"> return dst;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::emitGetArgumentsLength(RegisterID* dst, RegisterID* base)
-{
- emitOpcode(op_get_arguments_length);
- instructions().append(dst->index());
- ASSERT(base->virtualRegister() == m_codeBlock->argumentsRegister());
- instructions().append(base->index());
- instructions().append(addConstant(propertyNames().length));
- return dst;
-}
-
</del><span class="cx"> RegisterID* BytecodeGenerator::emitPutById(RegisterID* base, const Identifier& property, RegisterID* value)
</span><span class="cx"> {
</span><span class="cx"> unsigned propertyIndex = addConstant(property);
</span><span class="lines">@@ -1454,20 +1527,6 @@
</span><span class="cx"> return dst;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::emitGetArgumentByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
-{
- UnlinkedArrayProfile arrayProfile = newArrayProfile();
- UnlinkedValueProfile profile = emitProfiledOpcode(op_get_argument_by_val);
- instructions().append(kill(dst));
- ASSERT(base->virtualRegister() == m_codeBlock->argumentsRegister());
- instructions().append(base->index());
- instructions().append(property->index());
- instructions().append(m_codeBlock->activationRegister().offset());
- instructions().append(arrayProfile);
- instructions().append(profile);
- return dst;
-}
-
</del><span class="cx"> RegisterID* BytecodeGenerator::emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
</span><span class="cx"> {
</span><span class="cx"> for (size_t i = m_forInContextStack.size(); i > 0; i--) {
</span><span class="lines">@@ -1652,24 +1711,15 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* BytecodeGenerator::emitNewFunction(RegisterID* dst, FunctionBodyNode* function)
</span><span class="cx"> {
</span><del>- return emitNewFunctionInternal(dst, m_codeBlock->addFunctionDecl(makeFunction(function)), false);
</del><ins>+ return emitNewFunctionInternal(dst, m_codeBlock->addFunctionDecl(makeFunction(function)));
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-RegisterID* BytecodeGenerator::emitLazyNewFunction(RegisterID* dst, FunctionBodyNode* function)
</del><ins>+RegisterID* BytecodeGenerator::emitNewFunctionInternal(RegisterID* dst, unsigned index)
</ins><span class="cx"> {
</span><del>- FunctionOffsetMap::AddResult ptr = m_functionOffsets.add(function, 0);
- if (ptr.isNewEntry)
- ptr.iterator->value = m_codeBlock->addFunctionDecl(makeFunction(function));
- return emitNewFunctionInternal(dst, ptr.iterator->value, true);
-}
-
-RegisterID* BytecodeGenerator::emitNewFunctionInternal(RegisterID* dst, unsigned index, bool doNullCheck)
-{
</del><span class="cx"> emitOpcode(op_new_func);
</span><span class="cx"> instructions().append(dst->index());
</span><span class="cx"> instructions().append(scopeRegister()->index());
</span><span class="cx"> instructions().append(index);
</span><del>- instructions().append(doNullCheck);
</del><span class="cx"> return dst;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1711,23 +1761,6 @@
</span><span class="cx"> return emitCall(op_call, dst, func, expectedFunction, callArguments, divot, divotStart, divotEnd);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void BytecodeGenerator::createArgumentsIfNecessary()
-{
- if (m_codeType != FunctionCode)
- return;
-
- if (!m_codeBlock->usesArguments())
- return;
-
- if (shouldTearOffArgumentsEagerly() || shouldCreateArgumentsEagerly())
- return;
-
- emitOpcode(op_create_arguments);
- instructions().append(m_codeBlock->argumentsRegister().offset());
- ASSERT(!hasWatchableVariable(m_codeBlock->argumentsRegister().offset()));
- instructions().append(m_codeBlock->activationRegister().offset());
-}
-
</del><span class="cx"> RegisterID* BytecodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
</span><span class="cx"> {
</span><span class="cx"> return emitCall(op_call_eval, dst, func, NoExpectedFunction, callArguments, divot, divotStart, divotEnd);
</span><span class="lines">@@ -1824,10 +1857,7 @@
</span><span class="cx"> RELEASE_ASSERT(!n->m_next);
</span><span class="cx"> auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression();
</span><span class="cx"> RefPtr<RegisterID> argumentRegister;
</span><del>- if (expression->isResolveNode() && willResolveToArgumentsRegister(static_cast<ResolveNode*>(expression)->identifier()) && !symbolTable().slowArguments())
- argumentRegister = uncheckedLocalArgumentsRegister();
- else
- argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
</del><ins>+ argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
</ins><span class="cx"> RefPtr<RegisterID> thisRegister = emitMove(newTemporary(), callArguments.thisRegister());
</span><span class="cx"> return emitCallVarargs(dst, func, callArguments.thisRegister(), argumentRegister.get(), newTemporary(), 0, callArguments.profileHookRegister(), divot, divotStart, divotEnd);
</span><span class="cx"> }
</span><span class="lines">@@ -1916,20 +1946,6 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* BytecodeGenerator::emitReturn(RegisterID* src)
</span><span class="cx"> {
</span><del>- if (m_codeBlock->usesArguments() && m_codeBlock->numParameters() != 1 && !isStrictMode()) {
- RefPtr<RegisterID> scratchRegister;
- int argumentsIndex = unmodifiedArgumentsRegister(m_codeBlock->argumentsRegister()).offset();
- if (m_lexicalEnvironmentRegister && m_codeType == FunctionCode) {
- scratchRegister = newTemporary();
- ResolveScopeInfo scopeInfo(unmodifiedArgumentsRegister(m_codeBlock->argumentsRegister()).offset());
- emitGetFromScope(scratchRegister.get(), scopeRegister(), propertyNames().arguments, ThrowIfNotFound, scopeInfo);
- argumentsIndex = scratchRegister->index();
- }
- emitOpcode(op_tear_off_arguments);
- instructions().append(argumentsIndex);
- instructions().append(m_lexicalEnvironmentRegister ? m_lexicalEnvironmentRegister->index() : emitLoad(0, JSValue())->index());
- }
-
</del><span class="cx"> if (isConstructor()) {
</span><span class="cx"> bool derived = constructorKind() == ConstructorKind::Derived;
</span><span class="cx"> if (derived && src->index() == m_thisRegister.index())
</span><span class="lines">@@ -1978,10 +1994,7 @@
</span><span class="cx"> RELEASE_ASSERT(!n->m_next);
</span><span class="cx"> auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression();
</span><span class="cx"> RefPtr<RegisterID> argumentRegister;
</span><del>- if (expression->isResolveNode() && willResolveToArgumentsRegister(static_cast<ResolveNode*>(expression)->identifier()) && !symbolTable().slowArguments())
- argumentRegister = uncheckedLocalArgumentsRegister();
- else
- argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
</del><ins>+ argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
</ins><span class="cx"> return emitConstructVarargs(dst, func, callArguments.thisRegister(), argumentRegister.get(), newTemporary(), 0, callArguments.profileHookRegister(), divot, divotStart, divotEnd);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2543,9 +2556,9 @@
</span><span class="cx">
</span><span class="cx"> bool BytecodeGenerator::isArgumentNumber(const Identifier& ident, int argumentNumber)
</span><span class="cx"> {
</span><del>- RegisterID* registerID = local(ident).get();
- if (!registerID || registerID->index() >= 0)
- return 0;
</del><ins>+ RegisterID* registerID = variable(ident).local();
+ if (!registerID)
+ return false;
</ins><span class="cx"> return registerID->index() == CallFrame::argumentOffset(argumentNumber);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2560,31 +2573,6 @@
</span><span class="cx">
</span><span class="cx"> void BytecodeGenerator::emitEnumeration(ThrowableExpressionData* node, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack)
</span><span class="cx"> {
</span><del>- if (subjectNode->isResolveNode()
- && willResolveToArgumentsRegister(static_cast<ResolveNode*>(subjectNode)->identifier())
- && !symbolTable().slowArguments()) {
- RefPtr<RegisterID> index = emitLoad(newTemporary(), jsNumber(0));
-
- LabelScopePtr scope = newLabelScope(LabelScope::Loop);
- RefPtr<RegisterID> value = emitLoad(newTemporary(), jsUndefined());
-
- RefPtr<Label> loopCondition = newLabel();
- RefPtr<Label> loopStart = newLabel();
- emitJump(loopCondition.get());
- emitLabel(loopStart.get());
- emitLoopHint();
- emitGetArgumentByVal(value.get(), uncheckedLocalArgumentsRegister(), index.get());
- callBack(*this, value.get());
-
- emitLabel(scope->continueTarget());
- emitInc(index.get());
- emitLabel(loopCondition.get());
- RefPtr<RegisterID> length = emitGetArgumentsLength(newTemporary(), uncheckedLocalArgumentsRegister());
- emitJumpIfTrue(emitEqualityOp(op_less, newTemporary(), index.get(), length.get()), loopStart.get());
- emitLabel(scope->breakTarget());
- return;
- }
-
</del><span class="cx"> LabelScopePtr scope = newLabelScope(LabelScope::Loop);
</span><span class="cx"> RefPtr<RegisterID> subject = newTemporary();
</span><span class="cx"> emitNode(subject.get(), subjectNode);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2009, 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2009, 2012-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
</span><span class="cx"> * Copyright (C) 2012 Igalia, S.L.
</span><span class="cx"> *
</span><span class="lines">@@ -178,63 +178,57 @@
</span><span class="cx"> TryData* tryData;
</span><span class="cx"> };
</span><span class="cx">
</span><del>- enum CaptureMode {
- NotCaptured,
- IsCaptured
- };
-
- class Local {
</del><ins>+ class Variable {
</ins><span class="cx"> public:
</span><del>- Local()
- : m_local(0)
</del><ins>+ enum VariableKind { NormalVariable, SpecialVariable };
+
+ Variable()
+ : m_offset()
+ , m_local(nullptr)
</ins><span class="cx"> , m_attributes(0)
</span><del>- , m_kind(NormalLocal)
</del><ins>+ , m_kind(NormalVariable)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><ins>+
+ Variable(const Identifier& ident)
+ : m_ident(ident)
+ , m_local(nullptr)
+ , m_attributes(0)
+ , m_kind(NormalVariable) // This is somewhat meaningless here for this kind of Variable.
+ {
+ }
</ins><span class="cx">
</span><del>- enum LocalKind { NormalLocal, SpecialLocal };
-
- Local(RegisterID* local, unsigned attributes, LocalKind kind)
- : m_local(local)
</del><ins>+ Variable(const Identifier& ident, VarOffset offset, RegisterID* local, unsigned attributes, VariableKind kind)
+ : m_ident(ident)
+ , m_offset(offset)
+ , m_local(local)
</ins><span class="cx"> , m_attributes(attributes)
</span><span class="cx"> , m_kind(kind)
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- operator bool() const { return m_local; }
</del><ins>+ // If it's unset, then it is a non-locally-scoped variable. If it is set, then it could be
+ // a stack variable, a scoped variable in the local scope, or a variable captured in the
+ // direct arguments object.
+ bool isResolved() const { return !!m_offset; }
+
+ const Identifier& ident() const { return m_ident; }
+
+ VarOffset offset() const { return m_offset; }
+ bool isLocal() const { return m_offset.isStack(); }
+ RegisterID* local() const { return m_local; }
</ins><span class="cx">
</span><del>- RegisterID* get() const { return m_local; }
-
</del><span class="cx"> bool isReadOnly() const { return m_attributes & ReadOnly; }
</span><del>- bool isSpecial() const { return m_kind != NormalLocal; }
</del><ins>+ bool isSpecial() const { return m_kind != NormalVariable; }
</ins><span class="cx">
</span><span class="cx"> private:
</span><ins>+ Identifier m_ident;
+ VarOffset m_offset;
</ins><span class="cx"> RegisterID* m_local;
</span><span class="cx"> unsigned m_attributes;
</span><del>- LocalKind m_kind;
</del><ins>+ VariableKind m_kind;
</ins><span class="cx"> };
</span><span class="cx">
</span><del>- struct ResolveScopeInfo {
- ResolveScopeInfo()
- : m_localIndex(0)
- , m_resolveScopeKind(NonLocalScope)
- {
- }
-
- ResolveScopeInfo(int index)
- : m_localIndex(index)
- , m_resolveScopeKind(LocalScope)
- {
- }
-
- bool isLocal() const { return m_resolveScopeKind == LocalScope; }
- int localIndex() const { return m_localIndex; }
-
- private:
- int m_localIndex;
- enum { LocalScope, NonLocalScope } m_resolveScopeKind;
- };
-
</del><span class="cx"> struct TryRange {
</span><span class="cx"> RefPtr<Label> start;
</span><span class="cx"> RefPtr<Label> end;
</span><span class="lines">@@ -282,19 +276,17 @@
</span><span class="cx">
</span><span class="cx"> void setIsNumericCompareFunction(bool isNumericCompareFunction);
</span><span class="cx">
</span><del>- bool willResolveToArgumentsRegister(const Identifier&);
-
- bool hasSafeLocalArgumentsRegister() { return m_localArgumentsRegister; }
- RegisterID* uncheckedLocalArgumentsRegister();
-
- bool isCaptured(int operand);
- CaptureMode captureMode(int operand) { return isCaptured(operand) ? IsCaptured : NotCaptured; }
</del><ins>+ Variable variable(const Identifier&);
</ins><span class="cx">
</span><del>- Local local(const Identifier&);
- Local constLocal(const Identifier&);
-
</del><ins>+ // Ignores the possibility of intervening scopes.
+ Variable variablePerSymbolTable(const Identifier&);
+
+ enum ExistingVariableMode { VerifyExisting, IgnoreExisting };
+ void createVariable(const Identifier&, VarKind, ConstantMode, ExistingVariableMode = VerifyExisting); // Creates the variable, or asserts that the already-created variable is sufficiently compatible.
+
</ins><span class="cx"> // Returns the register storing "this"
</span><span class="cx"> RegisterID* thisRegister() { return &m_thisRegister; }
</span><ins>+ RegisterID* argumentsRegister() { return m_argumentsRegister; }
</ins><span class="cx"> RegisterID* newTarget() { return m_newTargetRegister; }
</span><span class="cx">
</span><span class="cx"> RegisterID* scopeRegister() { return m_scopeRegister; }
</span><span class="lines">@@ -353,8 +345,6 @@
</span><span class="cx"> {
</span><span class="cx"> // Node::emitCode assumes that dst, if provided, is either a local or a referenced temporary.
</span><span class="cx"> ASSERT(!dst || dst == ignoredResult() || !dst->isTemporary() || dst->refCount());
</span><del>- // Should never store directly into a captured variable.
- ASSERT(!dst || dst == ignoredResult() || !isCaptured(dst->index()));
</del><span class="cx"> if (!m_vm->isSafeToRecurse()) {
</span><span class="cx"> emitThrowExpressionTooDeepException();
</span><span class="cx"> return;
</span><span class="lines">@@ -371,8 +361,6 @@
</span><span class="cx"> {
</span><span class="cx"> // Node::emitCode assumes that dst, if provided, is either a local or a referenced temporary.
</span><span class="cx"> ASSERT(!dst || dst == ignoredResult() || !dst->isTemporary() || dst->refCount());
</span><del>- // Should never store directly into a captured variable.
- ASSERT(!dst || dst == ignoredResult() || !isCaptured(dst->index()));
</del><span class="cx"> if (!m_vm->isSafeToRecurse())
</span><span class="cx"> return emitThrowExpressionTooDeepException();
</span><span class="cx"> return n->emitBytecode(*this, dst);
</span><span class="lines">@@ -463,8 +451,7 @@
</span><span class="cx"> RegisterID* emitNewArray(RegisterID* dst, ElementNode*, unsigned length); // stops at first elision
</span><span class="cx">
</span><span class="cx"> RegisterID* emitNewFunction(RegisterID* dst, FunctionBodyNode*);
</span><del>- RegisterID* emitLazyNewFunction(RegisterID* dst, FunctionBodyNode* body);
- RegisterID* emitNewFunctionInternal(RegisterID* dst, unsigned index, bool shouldNullCheck);
</del><ins>+ RegisterID* emitNewFunctionInternal(RegisterID* dst, unsigned index);
</ins><span class="cx"> RegisterID* emitNewFunctionExpression(RegisterID* dst, FuncExprNode* func);
</span><span class="cx"> RegisterID* emitNewDefaultConstructor(RegisterID* dst, ConstructorKind, const Identifier& name);
</span><span class="cx"> RegisterID* emitNewRegExp(RegisterID* dst, RegExp*);
</span><span class="lines">@@ -483,7 +470,6 @@
</span><span class="cx"> RegisterID* emitInitGlobalConst(const Identifier&, RegisterID* value);
</span><span class="cx">
</span><span class="cx"> RegisterID* emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property);
</span><del>- RegisterID* emitGetArgumentsLength(RegisterID* dst, RegisterID* base);
</del><span class="cx"> RegisterID* emitPutById(RegisterID* base, const Identifier& property, RegisterID* value);
</span><span class="cx"> RegisterID* emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value, PropertyNode::PutType);
</span><span class="cx"> RegisterID* emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier&);
</span><span class="lines">@@ -510,14 +496,11 @@
</span><span class="cx"> void emitToPrimitive(RegisterID* dst, RegisterID* src);
</span><span class="cx">
</span><span class="cx"> ResolveType resolveType();
</span><del>- RegisterID* emitResolveConstantLocal(RegisterID* dst, const Identifier&, ResolveScopeInfo&);
- // Calls tempDestination(dst), so it's safe to pass nullptr. It's also redundant to call
- // tempDestination(dst) on the thing you pass as the destination. The reason why this
- // calls tempDestination() for you is that it may not need a spare register. It may return
- // scopeRegister() directly. So, you cannot rely on this storing to dst.
- RegisterID* emitResolveScope(RegisterID* dst, const Identifier&, ResolveScopeInfo&);
- RegisterID* emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier&, ResolveMode, const ResolveScopeInfo&);
- RegisterID* emitPutToScope(RegisterID* scope, const Identifier&, RegisterID* value, ResolveMode, const ResolveScopeInfo&);
</del><ins>+ RegisterID* emitResolveConstantLocal(RegisterID* dst, const Variable&);
+ RegisterID* emitResolveScope(RegisterID* dst, const Variable&);
+ RegisterID* emitGetFromScope(RegisterID* dst, RegisterID* scope, const Variable&, ResolveMode);
+ RegisterID* emitPutToScope(RegisterID* scope, const Variable&, RegisterID* value, ResolveMode);
+ RegisterID* initializeVariable(const Variable&, RegisterID* value);
</ins><span class="cx">
</span><span class="cx"> PassRefPtr<Label> emitLabel(Label*);
</span><span class="cx"> void emitLoopHint();
</span><span class="lines">@@ -597,6 +580,8 @@
</span><span class="cx"> OpcodeID lastOpcodeID() const { return m_lastOpcodeID; }
</span><span class="cx">
</span><span class="cx"> private:
</span><ins>+ Variable variableForLocalEntry(const Identifier&, const SymbolTableEntry&);
+
</ins><span class="cx"> void emitOpcode(OpcodeID);
</span><span class="cx"> UnlinkedArrayAllocationProfile newArrayAllocationProfile();
</span><span class="cx"> UnlinkedObjectAllocationProfile newObjectAllocationProfile();
</span><span class="lines">@@ -629,11 +614,7 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* newRegister();
</span><span class="cx">
</span><del>- // Adds a var slot and maps it to the name ident in symbolTable().
- enum WatchMode { IsWatchable, NotWatchable };
- RegisterID* addVar(const Identifier&, ConstantMode, WatchMode);
-
- // Adds an anonymous var slot. To give this slot a name, add it to symbolTable().
</del><ins>+ // Adds an anonymous local var slot. To give this slot a name, add it to symbolTable().
</ins><span class="cx"> RegisterID* addVar()
</span><span class="cx"> {
</span><span class="cx"> ++m_codeBlock->m_numVars;
</span><span class="lines">@@ -643,23 +624,20 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // Returns the index of the added var.
- void addParameter(const Identifier&, int parameterIndex);
- RegisterID* resolveCallee(FunctionNode*);
- void addCallee(FunctionNode*, RegisterID*);
-
- void preserveLastVar();
-
- RegisterID& registerFor(int index)
</del><ins>+ // Initializes the stack form the parameter; does nothing for the symbol table.
+ RegisterID* initializeNextParameter();
+ StringImpl* visibleNameForParameter(DeconstructionPatternNode*);
+
+ RegisterID& registerFor(VirtualRegister reg)
</ins><span class="cx"> {
</span><del>- if (operandIsLocal(index))
- return m_calleeRegisters[VirtualRegister(index).toLocal()];
</del><ins>+ if (reg.isLocal())
+ return m_calleeRegisters[reg.toLocal()];
</ins><span class="cx">
</span><del>- if (index == JSStack::Callee)
</del><ins>+ if (reg.offset() == JSStack::Callee)
</ins><span class="cx"> return m_calleeRegister;
</span><span class="cx">
</span><span class="cx"> ASSERT(m_parameters.size());
</span><del>- return m_parameters[VirtualRegister(index).toArgument()];
</del><ins>+ return m_parameters[reg.toArgument()];
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool hasConstant(const Identifier&) const;
</span><span class="lines">@@ -675,11 +653,8 @@
</span><span class="cx"> return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), body, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- RegisterID* emitInitLazyRegister(RegisterID*);
-
</del><span class="cx"> RegisterID* emitConstructVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd);
</span><span class="cx"> RegisterID* emitCallVarargs(OpcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd);
</span><del>- RegisterID* initializeCapturedVariable(RegisterID* dst, const Identifier&, RegisterID*);
</del><span class="cx">
</span><span class="cx"> public:
</span><span class="cx"> JSString* addStringConstant(const Identifier&);
</span><span class="lines">@@ -713,44 +688,8 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool shouldTearOffArgumentsEagerly()
- {
- return m_codeType == FunctionCode && isStrictMode() && m_scopeNode->modifiesParameter();
- }
-
- bool shouldCreateArgumentsEagerly()
- {
- if (m_codeType != FunctionCode)
- return false;
- return m_lexicalEnvironmentRegister && m_codeBlock->usesArguments();
- }
-
</del><span class="cx"> RegisterID* emitThrowExpressionTooDeepException();
</span><span class="cx">
</span><del>- void createArgumentsIfNecessary();
- RegisterID* createLazyRegisterIfNecessary(RegisterID*);
-
- bool hasWatchableVariable(int operand) const
- {
- VirtualRegister reg(operand);
- if (!reg.isLocal())
- return false;
- if (static_cast<size_t>(reg.toLocal()) >= m_watchableVariables.size())
- return false;
- const Identifier& ident = m_watchableVariables[reg.toLocal()];
- if (ident.isNull())
- return false;
- ASSERT(hasConstant(ident)); // Should have already been added.
- return true;
- }
-
- const Identifier& watchableVariableIdentifier(int operand) const
- {
- ASSERT(hasWatchableVariable(operand));
- VirtualRegister reg(operand);
- return m_watchableVariables[reg.toLocal()];
- }
-
</del><span class="cx"> private:
</span><span class="cx"> Vector<UnlinkedInstruction, 0, UnsafeVectorOverflow> m_instructions;
</span><span class="cx">
</span><span class="lines">@@ -769,13 +708,12 @@
</span><span class="cx"> RegisterID m_thisRegister;
</span><span class="cx"> RegisterID m_calleeRegister;
</span><span class="cx"> RegisterID* m_scopeRegister { nullptr };
</span><ins>+ RegisterID* m_argumentsRegister { nullptr };
</ins><span class="cx"> RegisterID* m_lexicalEnvironmentRegister { nullptr };
</span><span class="cx"> RegisterID* m_emptyValueRegister { nullptr };
</span><span class="cx"> RegisterID* m_globalObjectRegister { nullptr };
</span><del>- RegisterID* m_localArgumentsRegister { nullptr };
</del><span class="cx"> RegisterID* m_newTargetRegister { nullptr };
</span><span class="cx">
</span><del>- Vector<Identifier, 16> m_watchableVariables;
</del><span class="cx"> SegmentedVector<RegisterID, 32> m_constantPoolRegisters;
</span><span class="cx"> SegmentedVector<RegisterID, 32> m_calleeRegisters;
</span><span class="cx"> SegmentedVector<RegisterID, 32> m_parameters;
</span><span class="lines">@@ -790,15 +728,14 @@
</span><span class="cx"> Vector<std::unique_ptr<ForInContext>> m_forInContextStack;
</span><span class="cx"> Vector<TryContext> m_tryContextStack;
</span><span class="cx"> Vector<std::pair<RefPtr<RegisterID>, const DeconstructionPatternNode*>> m_deconstructedParameters;
</span><ins>+ Vector<FunctionBodyNode*> m_functionsToInitialize;
+ bool m_needToInitializeArguments { false };
</ins><span class="cx">
</span><span class="cx"> Vector<TryRange> m_tryRanges;
</span><span class="cx"> SegmentedVector<TryData, 8> m_tryData;
</span><span class="cx">
</span><span class="cx"> int m_nextConstantOffset { 0 };
</span><span class="cx">
</span><del>- int m_firstLazyFunction { 0 };
- int m_lastLazyFunction { 0 };
- HashMap<unsigned int, FunctionBodyNode*, WTF::IntHash<unsigned int>, WTF::UnsignedWithZeroKeyHashTraits<unsigned int>> m_lazyFunctions;
</del><span class="cx"> typedef HashMap<FunctionBodyNode*, unsigned> FunctionOffsetMap;
</span><span class="cx"> FunctionOffsetMap m_functionOffsets;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerNodesCodegencpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
</span><span class="cx"> * Copyright (C) 2001 Peter Kelly (pmk@post.com)
</span><del>-* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2012, 2013 Apple Inc. All rights reserved.
</del><ins>+* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2012, 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
</span><span class="cx"> * Copyright (C) 2007 Maks Orlovich
</span><span class="cx"> * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
</span><span class="lines">@@ -187,29 +187,29 @@
</span><span class="cx">
</span><span class="cx"> bool ResolveNode::isPure(BytecodeGenerator& generator) const
</span><span class="cx"> {
</span><del>- return generator.local(m_ident).get();
</del><ins>+ return generator.variable(m_ident).offset().isStack();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RegisterID* ResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><del>- if (Local local = generator.local(m_ident)) {
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (RegisterID* local = var.local()) {
</ins><span class="cx"> if (dst == generator.ignoredResult())
</span><del>- return 0;
</del><ins>+ return nullptr;
</ins><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><del>- generator.emitProfileType(local.get(), ProfileTypeBytecodeHasGlobalID, nullptr);
</del><ins>+ generator.emitProfileType(local, ProfileTypeBytecodeHasGlobalID, nullptr);
</ins><span class="cx"> generator.emitTypeProfilerExpressionInfo(m_position, JSTextPosition(-1, m_position.offset + m_ident.length(), -1));
</span><span class="cx"> }
</span><del>- return generator.moveToDestinationIfNeeded(dst, local.get());
</del><ins>+ return generator.moveToDestinationIfNeeded(dst, local);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSTextPosition divot = m_start + m_ident.length();
</span><span class="cx"> generator.emitExpressionInfo(divot, m_start, divot);
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(dst, m_ident, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var);
</ins><span class="cx"> RegisterID* finalDest = generator.finalDestination(dst);
</span><del>- RegisterID* result = generator.emitGetFromScope(finalDest, scope.get(), m_ident, ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RegisterID* result = generator.emitGetFromScope(finalDest, scope.get(), var, ThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><del>- generator.emitProfileType(finalDest, resolveScopeInfo.isLocal() ? ProfileTypeBytecodeGetFromLocalScope : ProfileTypeBytecodeGetFromScope, &m_ident);
</del><ins>+ generator.emitProfileType(finalDest, var.isResolved() ? ProfileTypeBytecodeGetFromLocalScope : ProfileTypeBytecodeGetFromScope, &m_ident);
</ins><span class="cx"> generator.emitTypeProfilerExpressionInfo(m_position, JSTextPosition(-1, m_position.offset + m_ident.length(), -1));
</span><span class="cx"> }
</span><span class="cx"> return result;
</span><span class="lines">@@ -439,14 +439,6 @@
</span><span class="cx"> return generator.emitGetByVal(generator.finalDestination(dst), emitSuperBaseForCallee(generator), generator.emitNode(m_subscript));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (m_base->isResolveNode()
- && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(m_base)->identifier())
- && !generator.symbolTable().slowArguments()) {
- RefPtr<RegisterID> property = generator.emitNode(m_subscript);
- generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
- return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister(), property.get());
- }
-
</del><span class="cx"> RegisterID* ret;
</span><span class="cx"> RegisterID* finalDest = generator.finalDestination(dst);
</span><span class="cx">
</span><span class="lines">@@ -472,17 +464,6 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* DotAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><del>- if (m_ident == generator.propertyNames().length) {
- if (!m_base->isResolveNode())
- goto nonArgumentsPath;
- ResolveNode* resolveNode = static_cast<ResolveNode*>(m_base);
- if (!generator.willResolveToArgumentsRegister(resolveNode->identifier()))
- goto nonArgumentsPath;
- generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
- return generator.emitGetArgumentsLength(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister());
- }
-
-nonArgumentsPath:
</del><span class="cx"> RefPtr<RegisterID> base = m_base->isSuperNode() ? emitSuperBaseForCallee(generator) : generator.emitNode(m_base);
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><span class="cx"> RegisterID* finalDest = generator.finalDestination(dst);
</span><span class="lines">@@ -547,8 +528,9 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* EvalFunctionCallNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><del>- if (Local local = generator.local(generator.propertyNames().eval)) {
- RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local.get());
</del><ins>+ Variable var = generator.variable(generator.propertyNames().eval);
+ if (RegisterID* local = var.local()) {
+ RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local);
</ins><span class="cx"> CallArguments callArguments(generator, m_args);
</span><span class="cx"> generator.emitLoad(callArguments.thisRegister(), jsUndefined());
</span><span class="cx"> return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd());
</span><span class="lines">@@ -558,11 +540,10 @@
</span><span class="cx"> CallArguments callArguments(generator, m_args);
</span><span class="cx"> JSTextPosition newDivot = divotStart() + 4;
</span><span class="cx"> generator.emitExpressionInfo(newDivot, divotStart(), newDivot);
</span><del>- ResolveScopeInfo resolveScopeInfo;
</del><span class="cx"> generator.moveToDestinationIfNeeded(
</span><span class="cx"> callArguments.thisRegister(),
</span><del>- generator.emitResolveScope(callArguments.thisRegister(), generator.propertyNames().eval, resolveScopeInfo));
- generator.emitGetFromScope(func.get(), callArguments.thisRegister(), generator.propertyNames().eval, ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ generator.emitResolveScope(callArguments.thisRegister(), var));
+ generator.emitGetFromScope(func.get(), callArguments.thisRegister(), var, ThrowIfNotFound);
</ins><span class="cx"> return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd());
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -596,8 +577,9 @@
</span><span class="cx"> {
</span><span class="cx"> ExpectedFunction expectedFunction = generator.expectedFunctionForIdentifier(m_ident);
</span><span class="cx">
</span><del>- if (Local local = generator.local(m_ident)) {
- RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local.get());
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (RegisterID* local = var.local()) {
+ RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local);
</ins><span class="cx"> RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get());
</span><span class="cx"> CallArguments callArguments(generator, m_args);
</span><span class="cx"> generator.emitLoad(callArguments.thisRegister(), jsUndefined());
</span><span class="lines">@@ -617,11 +599,10 @@
</span><span class="cx">
</span><span class="cx"> JSTextPosition newDivot = divotStart() + m_ident.length();
</span><span class="cx"> generator.emitExpressionInfo(newDivot, divotStart(), newDivot);
</span><del>- ResolveScopeInfo resolveScopeInfo;
</del><span class="cx"> generator.moveToDestinationIfNeeded(
</span><span class="cx"> callArguments.thisRegister(),
</span><del>- generator.emitResolveScope(callArguments.thisRegister(), m_ident, resolveScopeInfo));
- generator.emitGetFromScope(func.get(), callArguments.thisRegister(), m_ident, ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ generator.emitResolveScope(callArguments.thisRegister(), var));
+ generator.emitGetFromScope(func.get(), callArguments.thisRegister(), var, ThrowIfNotFound);
</ins><span class="cx"> RegisterID* ret = generator.emitCall(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd());
</span><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><span class="cx"> generator.emitProfileType(returnValue.get(), ProfileTypeBytecodeDoesNotHaveGlobalID, nullptr);
</span><span class="lines">@@ -675,17 +656,6 @@
</span><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static RegisterID* getArgumentByVal(BytecodeGenerator& generator, ExpressionNode* base, RegisterID* property, RegisterID* dst, JSTextPosition divot, JSTextPosition divotStart, JSTextPosition divotEnd)
-{
- if (base->isResolveNode()
- && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(base)->identifier())
- && !generator.symbolTable().slowArguments()) {
- generator.emitExpressionInfo(divot, divotStart, divotEnd);
- return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister(), property);
- }
- return nullptr;
-}
-
</del><span class="cx"> RegisterID* CallFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><span class="cx"> RefPtr<Label> realCall = generator.newLabel();
</span><span class="lines">@@ -706,15 +676,10 @@
</span><span class="cx"> profileHookRegister = generator.newTemporary();
</span><span class="cx"> SpreadExpressionNode* spread = static_cast<SpreadExpressionNode*>(m_args->m_listNode->m_expr);
</span><span class="cx"> ExpressionNode* subject = spread->expression();
</span><del>- RefPtr<RegisterID> thisRegister = getArgumentByVal(generator, subject, generator.emitLoad(0, jsNumber(0)), 0, spread->divot(), spread->divotStart(), spread->divotEnd());
</del><span class="cx"> RefPtr<RegisterID> argumentsRegister;
</span><del>- if (thisRegister)
- argumentsRegister = generator.uncheckedLocalArgumentsRegister();
- else {
- argumentsRegister = generator.emitNode(subject);
- generator.emitExpressionInfo(spread->divot(), spread->divotStart(), spread->divotEnd());
- thisRegister = generator.emitGetByVal(generator.newTemporary(), argumentsRegister.get(), generator.emitLoad(0, jsNumber(0)));
- }
</del><ins>+ argumentsRegister = generator.emitNode(subject);
+ generator.emitExpressionInfo(spread->divot(), spread->divotStart(), spread->divotEnd());
+ RefPtr<RegisterID> thisRegister = generator.emitGetByVal(generator.newTemporary(), argumentsRegister.get(), generator.emitLoad(0, jsNumber(0)));
</ins><span class="cx"> generator.emitCallVarargs(returnValue.get(), base.get(), thisRegister.get(), argumentsRegister.get(), generator.newTemporary(), 1, profileHookRegister.get(), divot(), divotStart(), divotEnd());
</span><span class="cx"> } else if (m_args->m_listNode && m_args->m_listNode->m_expr) {
</span><span class="cx"> ArgumentListNode* oldList = m_args->m_listNode;
</span><span class="lines">@@ -836,10 +801,7 @@
</span><span class="cx"> RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr);
</span><span class="cx"> RefPtr<RegisterID> argsRegister;
</span><span class="cx"> ArgumentListNode* args = m_args->m_listNode->m_next;
</span><del>- if (args->m_expr->isResolveNode() && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(args->m_expr)->identifier()) && !generator.symbolTable().slowArguments())
- argsRegister = generator.uncheckedLocalArgumentsRegister();
- else
- argsRegister = generator.emitNode(args->m_expr);
</del><ins>+ argsRegister = generator.emitNode(args->m_expr);
</ins><span class="cx">
</span><span class="cx"> // Function.prototype.apply ignores extra arguments, but we still
</span><span class="cx"> // need to evaluate them for side effects.
</span><span class="lines">@@ -888,11 +850,12 @@
</span><span class="cx"> ResolveNode* resolve = static_cast<ResolveNode*>(m_expr);
</span><span class="cx"> const Identifier& ident = resolve->identifier();
</span><span class="cx">
</span><del>- if (Local local = generator.local(ident)) {
- RefPtr<RegisterID> localReg = local.get();
- if (local.isReadOnly()) {
</del><ins>+ Variable var = generator.variable(ident);
+ if (RegisterID* local = var.local()) {
+ RefPtr<RegisterID> localReg = local;
+ if (var.isReadOnly()) {
</ins><span class="cx"> generator.emitReadOnlyExceptionIfNeeded();
</span><del>- localReg = generator.emitMove(generator.tempDestination(dst), localReg.get());
</del><ins>+ localReg = generator.emitMove(generator.tempDestination(dst), local);
</ins><span class="cx"> } else if (generator.vm()->typeProfiler()) {
</span><span class="cx"> RefPtr<RegisterID> tempDst = generator.finalDestination(dst);
</span><span class="cx"> ASSERT(dst != localReg);
</span><span class="lines">@@ -909,13 +872,12 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, ident, resolveScopeInfo);
- RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
+ RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound);
</ins><span class="cx"> RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), value.get(), m_operator);
</span><del>- generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><del>- generator.emitProfileType(value.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</del><ins>+ generator.emitProfileType(value.get(), var.isResolved() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</ins><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -991,12 +953,12 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* DeleteResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><del>- if (generator.local(m_ident).get())
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (var.local())
</ins><span class="cx"> return generator.emitLoad(generator.finalDestination(dst), false);
</span><span class="cx">
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> base = generator.emitResolveScope(dst, m_ident, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> base = generator.emitResolveScope(dst, var);
</ins><span class="cx"> return generator.emitDeleteById(generator.finalDestination(dst, base.get()), base.get(), m_ident);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1047,19 +1009,19 @@
</span><span class="cx"> return generator.emitLoad(dst, jsUndefined());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-// ------------------------------ TypeOfValueNode -----------------------------------
</del><ins>+// ------------------------------ TypeOfResolveNode -----------------------------------
</ins><span class="cx">
</span><span class="cx"> RegisterID* TypeOfResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><del>- if (Local local = generator.local(m_ident)) {
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (RegisterID* local = var.local()) {
</ins><span class="cx"> if (dst == generator.ignoredResult())
</span><span class="cx"> return 0;
</span><del>- return generator.emitTypeOf(generator.finalDestination(dst), local.get());
</del><ins>+ return generator.emitTypeOf(generator.finalDestination(dst), local);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(dst, m_ident, resolveScopeInfo);
- RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var);
+ RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, DoNotThrowIfNotFound);
</ins><span class="cx"> if (dst == generator.ignoredResult())
</span><span class="cx"> return 0;
</span><span class="cx"> return generator.emitTypeOf(generator.finalDestination(dst, scope.get()), value.get());
</span><span class="lines">@@ -1085,9 +1047,10 @@
</span><span class="cx"> ResolveNode* resolve = static_cast<ResolveNode*>(m_expr);
</span><span class="cx"> const Identifier& ident = resolve->identifier();
</span><span class="cx">
</span><del>- if (Local local = generator.local(ident)) {
- RefPtr<RegisterID> localReg = local.get();
- if (local.isReadOnly()) {
</del><ins>+ Variable var = generator.variable(ident);
+ if (RegisterID* local = var.local()) {
+ RefPtr<RegisterID> localReg = local;
+ if (var.isReadOnly()) {
</ins><span class="cx"> generator.emitReadOnlyExceptionIfNeeded();
</span><span class="cx"> localReg = generator.emitMove(generator.tempDestination(dst), localReg.get());
</span><span class="cx"> } else if (generator.vm()->typeProfiler()) {
</span><span class="lines">@@ -1104,13 +1067,12 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(dst, ident, resolveScopeInfo);
- RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var);
+ RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound);
</ins><span class="cx"> emitIncOrDec(generator, value.get(), m_operator);
</span><del>- generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><del>- generator.emitProfileType(value.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</del><ins>+ generator.emitProfileType(value.get(), var.isResolved() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</ins><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> }
</span><span class="cx"> return generator.moveToDestinationIfNeeded(dst, value.get());
</span><span class="lines">@@ -1602,37 +1564,37 @@
</span><span class="cx"> RegisterID* ReadModifyResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><span class="cx"> JSTextPosition newDivot = divotStart() + m_ident.length();
</span><del>- if (Local local = generator.local(m_ident)) {
- if (local.isReadOnly()) {
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (RegisterID* local = var.local()) {
+ if (var.isReadOnly()) {
</ins><span class="cx"> generator.emitReadOnlyExceptionIfNeeded();
</span><del>- return emitReadModifyAssignment(generator, generator.finalDestination(dst), local.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
</del><ins>+ return emitReadModifyAssignment(generator, generator.finalDestination(dst), local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (generator.vm()->typeProfiler()
</span><span class="cx"> || generator.leftHandSideNeedsCopy(m_rightHasAssignments, m_right->isPure(generator))) {
</span><span class="cx"> RefPtr<RegisterID> result = generator.newTemporary();
</span><del>- generator.emitMove(result.get(), local.get());
</del><ins>+ generator.emitMove(result.get(), local);
</ins><span class="cx"> emitReadModifyAssignment(generator, result.get(), result.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
</span><del>- generator.emitMove(local.get(), result.get());
- generator.invalidateForInContextForLocal(local.get());
</del><ins>+ generator.emitMove(local, result.get());
+ generator.invalidateForInContextForLocal(local);
</ins><span class="cx"> if (generator.vm()->typeProfiler())
</span><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> return generator.moveToDestinationIfNeeded(dst, result.get());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- RegisterID* result = emitReadModifyAssignment(generator, local.get(), local.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
- generator.invalidateForInContextForLocal(local.get());
</del><ins>+ RegisterID* result = emitReadModifyAssignment(generator, local, local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
+ generator.invalidateForInContextForLocal(local);
</ins><span class="cx"> return generator.moveToDestinationIfNeeded(dst, result);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> generator.emitExpressionInfo(newDivot, divotStart(), newDivot);
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, m_ident, resolveScopeInfo);
- RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
+ RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound);
</ins><span class="cx"> RefPtr<RegisterID> result = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()), this);
</span><del>- RegisterID* returnResult = generator.emitPutToScope(scope.get(), m_ident, result.get(), ThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RegisterID* returnResult = generator.emitPutToScope(scope.get(), var, result.get(), ThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><del>- generator.emitProfileType(result.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_ident);
</del><ins>+ generator.emitProfileType(result.get(), var.isResolved() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_ident);
</ins><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> }
</span><span class="cx"> return returnResult;
</span><span class="lines">@@ -1642,36 +1604,36 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* AssignResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
</span><span class="cx"> {
</span><del>- if (Local local = generator.local(m_ident)) {
- if (local.isReadOnly()) {
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (RegisterID* local = var.local()) {
+ if (var.isReadOnly()) {
</ins><span class="cx"> generator.emitReadOnlyExceptionIfNeeded();
</span><span class="cx"> return generator.emitNode(dst, m_right);
</span><span class="cx"> }
</span><del>- if (local.isSpecial() || generator.vm()->typeProfiler()) {
</del><ins>+ if (var.isSpecial() || generator.vm()->typeProfiler()) {
</ins><span class="cx"> RefPtr<RegisterID> tempDst = generator.tempDestination(dst);
</span><span class="cx"> generator.emitNode(tempDst.get(), m_right);
</span><del>- generator.emitMove(local.get(), tempDst.get());
- generator.invalidateForInContextForLocal(local.get());
</del><ins>+ generator.emitMove(local, tempDst.get());
+ generator.invalidateForInContextForLocal(local);
</ins><span class="cx"> if (generator.vm()->typeProfiler())
</span><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> return generator.moveToDestinationIfNeeded(dst, tempDst.get());
</span><span class="cx"> }
</span><del>- RegisterID* result = generator.emitNode(local.get(), m_right);
- generator.invalidateForInContextForLocal(local.get());
</del><ins>+ RegisterID* result = generator.emitNode(local, m_right);
+ generator.invalidateForInContextForLocal(local);
</ins><span class="cx"> return generator.moveToDestinationIfNeeded(dst, result);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (generator.isStrictMode())
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, m_ident, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
</ins><span class="cx"> if (dst == generator.ignoredResult())
</span><span class="cx"> dst = 0;
</span><span class="cx"> RefPtr<RegisterID> result = generator.emitNode(dst, m_right);
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- RegisterID* returnResult = generator.emitPutToScope(scope.get(), m_ident, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RegisterID* returnResult = generator.emitPutToScope(scope.get(), var, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><del>- generator.emitProfileType(result.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_ident);
</del><ins>+ generator.emitProfileType(result.get(), var.isResolved() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_ident);
</ins><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> }
</span><span class="cx"> return returnResult;
</span><span class="lines">@@ -1780,18 +1742,19 @@
</span><span class="cx"> RegisterID* ConstDeclNode::emitCodeSingle(BytecodeGenerator& generator)
</span><span class="cx"> {
</span><span class="cx"> // FIXME: This code does not match the behavior of const in Firefox.
</span><del>- if (Local local = generator.constLocal(m_ident)) {
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (RegisterID* local = var.local()) {
</ins><span class="cx"> if (!m_init)
</span><del>- return local.get();
</del><ins>+ return local;
</ins><span class="cx">
</span><span class="cx"> // FIXME: Maybe call emitExpressionInfo here.
</span><del>- if (local.isSpecial() || generator.vm()->typeProfiler()) {
</del><ins>+ if (var.isSpecial() || generator.vm()->typeProfiler()) {
</ins><span class="cx"> RefPtr<RegisterID> tempDst = generator.newTemporary();
</span><span class="cx"> generator.emitNode(tempDst.get(), m_init);
</span><del>- return generator.emitMove(local.get(), tempDst.get());
</del><ins>+ return generator.emitMove(local, tempDst.get());
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- return generator.emitNode(local.get(), m_init);
</del><ins>+ return generator.emitNode(local, m_init);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RefPtr<RegisterID> value = m_init ? generator.emitNode(m_init) : generator.emitLoad(0, jsUndefined());
</span><span class="lines">@@ -1800,18 +1763,23 @@
</span><span class="cx"> return generator.emitInitGlobalConst(m_ident, value.get());
</span><span class="cx">
</span><span class="cx"> if (generator.codeType() != EvalCode) {
</span><del>-
- ResolveScopeInfo resolveScopeInfo;
- if (RefPtr<RegisterID> scope = generator.emitResolveConstantLocal(generator.newTemporary(), m_ident, resolveScopeInfo))
- return generator.emitPutToScope(scope.get(), m_ident, value.get(), DoNotThrowIfNotFound, resolveScopeInfo);
-
- return value.get();
</del><ins>+ // Do a special kind of resolution. If anything fails, then don't perform the assignment. This is
+ // pretty shady - particularly how negligent it is with inteleaving scopes - but it's the
+ // behavior that JSC has had for a long time.
+
+ ASSERT(generator.codeType() == FunctinCode);
+
+ var = generator.variablePerSymbolTable(m_ident);
+ if (!var.isResolved())
+ return value.get();
+
+ RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), var);
+ return generator.emitPutToScope(scope.get(), var, value.get(), DoNotThrowIfNotFound);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // FIXME: This will result in incorrect assignment if m_ident exists in an intervening with scope.
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, m_ident, resolveScopeInfo);
- return generator.emitPutToScope(scope.get(), m_ident, value.get(), DoNotThrowIfNotFound, resolveScopeInfo);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
+ return generator.emitPutToScope(scope.get(), var, value.get(), DoNotThrowIfNotFound);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RegisterID* ConstDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
</span><span class="lines">@@ -1903,13 +1871,13 @@
</span><span class="cx"> if (!generator.vm()->typeProfiler())
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span><del>- if (Local local = generator.local(m_ident))
- generator.emitProfileType(local.get(), ProfileTypeBytecodeHasGlobalID, nullptr);
</del><ins>+ Variable var = generator.variable(m_ident);
+ if (RegisterID* local = var.local())
+ generator.emitProfileType(local, ProfileTypeBytecodeHasGlobalID, nullptr);
</ins><span class="cx"> else {
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, m_ident, resolveScopeInfo);
- RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound, resolveScopeInfo);
- generator.emitProfileType(value.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodeGetFromLocalScope : ProfileTypeBytecodeGetFromScope, &m_ident);
</del><ins>+ RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
+ RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, DoNotThrowIfNotFound);
+ generator.emitProfileType(value.get(), var.isResolved() ? ProfileTypeBytecodeGetFromLocalScope : ProfileTypeBytecodeGetFromScope, &m_ident);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> generator.emitTypeProfilerExpressionInfo(position(), JSTextPosition(-1, position().offset + m_ident.length(), -1));
</span><span class="lines">@@ -2079,8 +2047,7 @@
</span><span class="cx"> {
</span><span class="cx"> if (m_lexpr->isResolveNode()) {
</span><span class="cx"> const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier();
</span><del>- Local local = generator.local(ident);
- return local.get();
</del><ins>+ return generator.variable(ident).local();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (m_lexpr->isDeconstructionNode()) {
</span><span class="lines">@@ -2091,10 +2058,10 @@
</span><span class="cx">
</span><span class="cx"> auto simpleBinding = static_cast<BindingNode*>(binding);
</span><span class="cx"> const Identifier& ident = simpleBinding->boundProperty();
</span><del>- Local local = generator.local(ident);
- if (local.isSpecial())
</del><ins>+ Variable var = generator.variable(ident);
+ if (var.isSpecial())
</ins><span class="cx"> return nullptr;
</span><del>- return local.get();
</del><ins>+ return var.local();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> return nullptr;
</span><span class="lines">@@ -2104,18 +2071,17 @@
</span><span class="cx"> {
</span><span class="cx"> if (m_lexpr->isResolveNode()) {
</span><span class="cx"> const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier();
</span><del>- Local local = generator.local(ident);
- if (local.get())
- generator.emitMove(local.get(), propertyName);
</del><ins>+ Variable var = generator.variable(ident);
+ if (RegisterID* local = var.local())
+ generator.emitMove(local, propertyName);
</ins><span class="cx"> else {
</span><span class="cx"> if (generator.isStrictMode())
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RegisterID* scope = generator.emitResolveScope(nullptr, ident, resolveScopeInfo);
</del><ins>+ RegisterID* scope = generator.emitResolveScope(nullptr, var);
</ins><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- generator.emitPutToScope(scope, ident, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
</del><ins>+ generator.emitPutToScope(scope, var, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler())
</span><del>- generator.emitProfileType(propertyName, resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</del><ins>+ generator.emitProfileType(propertyName, var.isResolved() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</ins><span class="cx"> }
</span><span class="cx"> if (generator.vm()->typeProfiler())
</span><span class="cx"> generator.emitTypeProfilerExpressionInfo(m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1));
</span><span class="lines">@@ -2156,12 +2122,12 @@
</span><span class="cx">
</span><span class="cx"> auto simpleBinding = static_cast<BindingNode*>(binding);
</span><span class="cx"> const Identifier& ident = simpleBinding->boundProperty();
</span><del>- Local local = generator.local(ident);
- if (!local.get() || local.isSpecial()) {
</del><ins>+ Variable var = generator.variable(ident);
+ if (!var.local() || var.isSpecial()) {
</ins><span class="cx"> assignNode->bindings()->bindValue(generator, propertyName);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- generator.emitMove(local.get(), propertyName);
</del><ins>+ generator.emitMove(var.local(), propertyName);
</ins><span class="cx"> if (generator.vm()->typeProfiler())
</span><span class="cx"> generator.emitTypeProfilerExpressionInfo(simpleBinding->divotStart(), simpleBinding->divotEnd());
</span><span class="cx"> return;
</span><span class="lines">@@ -2329,17 +2295,17 @@
</span><span class="cx"> {
</span><span class="cx"> if (m_lexpr->isResolveNode()) {
</span><span class="cx"> const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier();
</span><del>- if (Local local = generator.local(ident))
- generator.emitMove(local.get(), value);
</del><ins>+ Variable var = generator.variable(ident);
+ if (RegisterID* local = var.local())
+ generator.emitMove(local, value);
</ins><span class="cx"> else {
</span><span class="cx"> if (generator.isStrictMode())
</span><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RegisterID* scope = generator.emitResolveScope(nullptr, ident, resolveScopeInfo);
</del><ins>+ RegisterID* scope = generator.emitResolveScope(nullptr, var);
</ins><span class="cx"> generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
</span><del>- generator.emitPutToScope(scope, ident, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
</del><ins>+ generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler())
</span><del>- generator.emitProfileType(value, resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</del><ins>+ generator.emitProfileType(value, var.isResolved() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
</ins><span class="cx"> }
</span><span class="cx"> if (generator.vm()->typeProfiler())
</span><span class="cx"> generator.emitTypeProfilerExpressionInfo(m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1));
</span><span class="lines">@@ -2964,24 +2930,6 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* ArrayPatternNode::emitDirectBinding(BytecodeGenerator& generator, RegisterID* dst, ExpressionNode* rhs)
</span><span class="cx"> {
</span><del>- if (rhs->isResolveNode()
- && generator.willResolveToArgumentsRegister(static_cast<ResolveNode*>(rhs)->identifier())
- && generator.hasSafeLocalArgumentsRegister()&& !generator.symbolTable().slowArguments()) {
- for (size_t i = 0; i < m_targetPatterns.size(); i++) {
- auto target = m_targetPatterns[i];
- if (!target)
- continue;
-
- RefPtr<RegisterID> temp = generator.newTemporary();
- generator.emitLoad(temp.get(), jsNumber(i));
- generator.emitGetArgumentByVal(temp.get(), generator.uncheckedLocalArgumentsRegister(), temp.get());
- target->bindValue(generator, temp.get());
- }
- if (dst == generator.ignoredResult() || !dst)
- return generator.emitLoad(generator.finalDestination(dst), jsUndefined());
- Local local = generator.local(generator.vm()->propertyNames->arguments);
- return generator.moveToDestinationIfNeeded(dst, local.get());
- }
</del><span class="cx"> if (!rhs->isSimpleArray())
</span><span class="cx"> return 0;
</span><span class="cx">
</span><span class="lines">@@ -3069,24 +3017,24 @@
</span><span class="cx">
</span><span class="cx"> void BindingNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const
</span><span class="cx"> {
</span><del>- if (Local local = generator.local(m_boundProperty)) {
- if (local.isReadOnly()) {
</del><ins>+ Variable var = generator.variable(m_boundProperty);
+ if (RegisterID* local = var.local()) {
+ if (var.isReadOnly()) {
</ins><span class="cx"> generator.emitReadOnlyExceptionIfNeeded();
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- generator.emitMove(local.get(), value);
</del><ins>+ generator.emitMove(local, value);
</ins><span class="cx"> if (generator.vm()->typeProfiler())
</span><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> if (generator.isStrictMode())
</span><span class="cx"> generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd());
</span><del>- ResolveScopeInfo resolveScopeInfo;
- RegisterID* scope = generator.emitResolveScope(nullptr, m_boundProperty, resolveScopeInfo);
</del><ins>+ RegisterID* scope = generator.emitResolveScope(nullptr, var);
</ins><span class="cx"> generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd());
</span><del>- generator.emitPutToScope(scope, m_boundProperty, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
</del><ins>+ generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
</ins><span class="cx"> if (generator.vm()->typeProfiler()) {
</span><del>- generator.emitProfileType(value, resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_boundProperty);
</del><ins>+ generator.emitProfileType(value, var.isResolved() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_boundProperty);
</ins><span class="cx"> generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
</span><span class="cx"> }
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractHeaph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractHeap.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractHeap.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractHeap.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -47,7 +47,6 @@
</span><span class="cx"> macro(World) \
</span><span class="cx"> macro(Stack) \
</span><span class="cx"> macro(Heap) \
</span><del>- macro(Arguments_registers) \
</del><span class="cx"> macro(Butterfly_publicLength) \
</span><span class="cx"> macro(Butterfly_vectorLength) \
</span><span class="cx"> macro(GetterSetter_getter) \
</span><span class="lines">@@ -57,7 +56,6 @@
</span><span class="cx"> macro(JSCell_typeInfoFlags) \
</span><span class="cx"> macro(JSCell_typeInfoType) \
</span><span class="cx"> macro(JSObject_butterfly) \
</span><del>- macro(JSEnvironmentRecord_registers) \
</del><span class="cx"> macro(JSPropertyNameEnumerator_cachedPropertyNames) \
</span><span class="cx"> macro(NamedProperties) \
</span><span class="cx"> macro(IndexedInt32Properties) \
</span><span class="lines">@@ -65,7 +63,8 @@
</span><span class="cx"> macro(IndexedContiguousProperties) \
</span><span class="cx"> macro(IndexedArrayStorageProperties) \
</span><span class="cx"> macro(ArrayStorageProperties) \
</span><del>- macro(Variables) \
</del><ins>+ macro(DirectArgumentsProperties) \
+ macro(ScopeProperties) \
</ins><span class="cx"> macro(TypedArrayProperties) \
</span><span class="cx"> macro(HeapObjectCount) /* Used to reflect the fact that some allocations reveal object identity */\
</span><span class="cx"> macro(RegExpState) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractInterpreterh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -148,7 +148,6 @@
</span><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> void clobberWorld(const CodeOrigin&, unsigned indexInBlock);
</span><del>- void clobberCapturedVars(const CodeOrigin&);
</del><span class="cx">
</span><span class="cx"> template<typename Functor>
</span><span class="cx"> void forAllValues(unsigned indexInBlock, Functor&);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -131,14 +131,15 @@
</span><span class="cx"> switch (node->op()) {
</span><span class="cx"> case JSConstant:
</span><span class="cx"> case DoubleConstant:
</span><del>- case Int52Constant:
- case PhantomArguments: {
</del><ins>+ case Int52Constant: {
</ins><span class="cx"> setBuiltInConstant(node, *node->constant());
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case Identity: {
</span><span class="cx"> forNode(node) = forNode(node->child1());
</span><ins>+ if (forNode(node).value())
+ m_state.setFoundConstants(true);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -207,7 +208,11 @@
</span><span class="cx"> ASSERT(!m_state.variables().operand(node->local()).isClear());
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case LoadVarargs: {
</del><ins>+ case LoadVarargs:
+ case ForwardVarargs: {
+ // FIXME: ForwardVarargs should check if the count becomes known, and if it does, it should turn
+ // itself into a straight-line sequence of GetStack/PutStack.
+ // https://bugs.webkit.org/show_bug.cgi?id=143071
</ins><span class="cx"> clobberWorld(node->origin.semantic, clobberLimit);
</span><span class="cx"> LoadVarargsData* data = node->loadVarargsData();
</span><span class="cx"> m_state.variables().operand(data->count).setType(SpecInt32);
</span><span class="lines">@@ -879,7 +884,7 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (isFinalObjectSpeculation(abstractChild.m_type) || isArraySpeculation(abstractChild.m_type) || isArgumentsSpeculation(abstractChild.m_type)) {
</del><ins>+ if (isFinalObjectSpeculation(abstractChild.m_type) || isArraySpeculation(abstractChild.m_type) || isDirectArgumentsSpeculation(abstractChild.m_type) || isScopedArgumentsSpeculation(abstractChild.m_type)) {
</ins><span class="cx"> setConstant(node, *m_graph.freeze(vm->smallStrings.objectString()));
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -1031,7 +1036,8 @@
</span><span class="cx"> } else
</span><span class="cx"> forNode(node).set(m_graph, m_graph.m_vm.stringStructure.get());
</span><span class="cx"> break;
</span><del>- case Array::Arguments:
</del><ins>+ case Array::DirectArguments:
+ case Array::ScopedArguments:
</ins><span class="cx"> forNode(node).makeHeapTop();
</span><span class="cx"> break;
</span><span class="cx"> case Array::Int32:
</span><span class="lines">@@ -1138,7 +1144,52 @@
</span><span class="cx"> clobberWorld(node->origin.semantic, clobberLimit);
</span><span class="cx"> forNode(node).makeHeapTop();
</span><span class="cx"> break;
</span><ins>+
+ case GetMyArgumentByVal: {
+ JSValue index = forNode(node->child2()).m_value;
+ InlineCallFrame* inlineCallFrame = node->child1()->origin.semantic.inlineCallFrame;
+
+ if (index && index.isInt32()) {
+ // This pretends to return TOP for accesses that are actually proven out-of-bounds because
+ // that's the conservative thing to do. Otherwise we'd need to write more code to mark such
+ // paths as unreachable, and it's almost certainly not worth the effort.
</ins><span class="cx">
</span><ins>+ if (inlineCallFrame) {
+ if (index.asUInt32() < inlineCallFrame->arguments.size() - 1) {
+ forNode(node) = m_state.variables().operand(
+ virtualRegisterForArgument(index.asInt32() + 1) + inlineCallFrame->stackOffset);
+ m_state.setFoundConstants(true);
+ break;
+ }
+ } else {
+ if (index.asUInt32() < m_state.variables().numberOfArguments() - 1) {
+ forNode(node) = m_state.variables().argument(index.asInt32() + 1);
+ m_state.setFoundConstants(true);
+ break;
+ }
+ }
+ }
+
+ if (inlineCallFrame) {
+ // We have a bound on the types even though it's random access. Take advantage of this.
+
+ AbstractValue result;
+ for (unsigned i = inlineCallFrame->arguments.size(); i-- > 1;) {
+ result.merge(
+ m_state.variables().operand(
+ virtualRegisterForArgument(i) + inlineCallFrame->stackOffset));
+ }
+
+ if (result.value())
+ m_state.setFoundConstants(true);
+ forNode(node) = result;
+ break;
+ }
+
+ forNode(node).makeHeapTop();
+ break;
+ }
+
</ins><span class="cx"> case RegExpExec:
</span><span class="cx"> forNode(node).makeHeapTop();
</span><span class="cx"> break;
</span><span class="lines">@@ -1303,6 +1354,8 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case PhantomNewObject:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
</ins><span class="cx"> case BottomValue:
</span><span class="cx"> m_state.setDidClobber(true); // Prevent constant folding.
</span><span class="cx"> // This claims to return bottom.
</span><span class="lines">@@ -1332,87 +1385,19 @@
</span><span class="cx"> case TypedArrayWatchpoint:
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case CreateArguments:
- forNode(node) = forNode(node->child1());
- forNode(node).filter(~SpecEmpty);
- forNode(node).merge(SpecArguments);
</del><ins>+ case CreateDirectArguments:
+ forNode(node).set(m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->directArgumentsStructure());
</ins><span class="cx"> break;
</span><span class="cx">
</span><del>- case TearOffArguments:
- // Does nothing that is user-visible.
</del><ins>+ case CreateScopedArguments:
+ forNode(node).set(m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->scopedArgumentsStructure());
</ins><span class="cx"> break;
</span><del>-
- case CheckArgumentsNotCreated:
- if (isEmptySpeculation(
- m_state.variables().operand(
- m_graph.argumentsRegisterFor(node->origin.semantic).offset()).m_type))
- m_state.setFoundConstants(true);
- break;
</del><span class="cx">
</span><del>- case GetMyArgumentsLength:
- // We know that this executable does not escape its arguments, so we can optimize
- // the arguments a bit. Note that this is not sufficient to force constant folding
- // of GetMyArgumentsLength, because GetMyArgumentsLength is a clobbering operation.
- // We perform further optimizations on this later on.
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- setConstant(
- node, jsNumber(node->origin.semantic.inlineCallFrame->arguments.size() - 1));
- m_state.setDidClobber(true); // Pretend that we clobbered to prevent constant folding.
- } else
- forNode(node).setType(SpecInt32);
</del><ins>+ case CreateClonedArguments:
+ forNode(node).setType(SpecObjectOther);
</ins><span class="cx"> break;
</span><span class="cx">
</span><del>- case GetMyArgumentsLengthSafe:
- // This potentially clobbers all structures if the arguments object had a getter
- // installed on the length property.
- clobberWorld(node->origin.semantic, clobberLimit);
- // We currently make no guarantee about what this returns because it does not
- // speculate that the length property is actually a length.
- forNode(node).makeHeapTop();
- break;
-
- case GetMyArgumentByVal: {
- InlineCallFrame* inlineCallFrame = node->origin.semantic.inlineCallFrame;
- JSValue value = forNode(node->child1()).m_value;
- if (inlineCallFrame && value && value.isInt32()) {
- int32_t index = value.asInt32();
- if (index >= 0
- && static_cast<size_t>(index + 1) < inlineCallFrame->arguments.size()) {
- forNode(node) = m_state.variables().operand(
- inlineCallFrame->stackOffset +
- m_graph.baselineCodeBlockFor(inlineCallFrame)->argumentIndexAfterCapture(index));
- m_state.setFoundConstants(true);
- break;
- }
- }
- forNode(node).makeHeapTop();
- break;
- }
-
- case GetMyArgumentByValSafe:
- // This potentially clobbers all structures if the property we're accessing has
- // a getter. We don't speculate against this.
- clobberWorld(node->origin.semantic, clobberLimit);
- // And the result is unknown.
- forNode(node).makeHeapTop();
- break;
-
- case NewFunction: {
- AbstractValue& value = forNode(node);
- value = forNode(node->child1());
-
- if (!(value.m_type & SpecEmpty)) {
- m_state.setFoundConstants(true);
- break;
- }
-
- value.setType((value.m_type & ~SpecEmpty) | SpecFunction);
- break;
- }
-
- case NewFunctionExpression:
- case NewFunctionNoCheck:
</del><ins>+ case NewFunction:
</ins><span class="cx"> forNode(node).set(
</span><span class="cx"> m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->functionStructure());
</span><span class="cx"> break;
</span><span class="lines">@@ -1421,6 +1406,10 @@
</span><span class="cx"> forNode(node).setType(SpecFunction);
</span><span class="cx"> break;
</span><span class="cx">
</span><ins>+ case GetArgumentCount:
+ forNode(node).setType(SpecInt32);
+ break;
+
</ins><span class="cx"> case GetGetter: {
</span><span class="cx"> JSValue base = forNode(node->child1()).m_value;
</span><span class="cx"> if (base) {
</span><span class="lines">@@ -1469,12 +1458,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetClosureRegisters:
- forNode(node).clear(); // The result is not a JS value.
- break;
-
</del><span class="cx"> case GetClosureVar:
</span><del>- if (JSValue value = m_graph.tryGetConstantClosureVar(forNode(node->child1()), VirtualRegister(node->varNumber()))) {
</del><ins>+ if (JSValue value = m_graph.tryGetConstantClosureVar(forNode(node->child1()), node->scopeOffset())) {
</ins><span class="cx"> setConstant(node, *m_graph.freeze(value));
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -1482,8 +1467,14 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case PutClosureVar:
</span><del>- clobberCapturedVars(node->origin.semantic);
</del><span class="cx"> break;
</span><ins>+
+ case GetFromArguments:
+ forNode(node).makeHeapTop();
+ break;
+
+ case PutToArguments:
+ break;
</ins><span class="cx">
</span><span class="cx"> case GetById:
</span><span class="cx"> case GetByIdFlush: {
</span><span class="lines">@@ -1626,9 +1617,12 @@
</span><span class="cx"> case Array::ArrayStorage:
</span><span class="cx"> case Array::SlowPutArrayStorage:
</span><span class="cx"> break;
</span><del>- case Array::Arguments:
- filter(node->child1(), SpecArguments);
</del><ins>+ case Array::DirectArguments:
+ filter(node->child1(), SpecDirectArguments);
</ins><span class="cx"> break;
</span><ins>+ case Array::ScopedArguments:
+ filter(node->child1(), SpecScopedArguments);
+ break;
</ins><span class="cx"> case Array::Int8Array:
</span><span class="cx"> filter(node->child1(), SpecInt8Array);
</span><span class="cx"> break;
</span><span class="lines">@@ -2026,6 +2020,7 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> clobberWorld(node->origin.semantic, clobberLimit);
</span><span class="cx"> forNode(node).makeHeapTop();
</span><span class="cx"> break;
</span><span class="lines">@@ -2120,37 +2115,12 @@
</span><span class="cx">
</span><span class="cx"> template<typename AbstractStateType>
</span><span class="cx"> void AbstractInterpreter<AbstractStateType>::clobberWorld(
</span><del>- const CodeOrigin& codeOrigin, unsigned clobberLimit)
</del><ins>+ const CodeOrigin&, unsigned clobberLimit)
</ins><span class="cx"> {
</span><del>- clobberCapturedVars(codeOrigin);
</del><span class="cx"> clobberStructures(clobberLimit);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename AbstractStateType>
</span><del>-void AbstractInterpreter<AbstractStateType>::clobberCapturedVars(const CodeOrigin& codeOrigin)
-{
- SamplingRegion samplingRegion("DFG AI Clobber Captured Vars");
- if (codeOrigin.inlineCallFrame) {
- const BitVector& capturedVars = codeOrigin.inlineCallFrame->capturedVars;
- for (size_t i = capturedVars.size(); i--;) {
- if (!capturedVars.quickGet(i))
- continue;
- m_state.variables().local(i).makeHeapTop();
- }
- } else {
- for (size_t i = m_codeBlock->m_numVars; i--;) {
- if (m_codeBlock->isCaptured(virtualRegisterForLocal(i)))
- m_state.variables().local(i).makeHeapTop();
- }
- }
-
- for (size_t i = m_state.variables().numberOfArguments(); i--;) {
- if (m_codeBlock->isCaptured(virtualRegisterForArgument(i)))
- m_state.variables().argument(i).makeHeapTop();
- }
-}
-
-template<typename AbstractStateType>
</del><span class="cx"> template<typename Functor>
</span><span class="cx"> void AbstractInterpreter<AbstractStateType>::forAllValues(
</span><span class="cx"> unsigned clobberLimit, Functor& functor)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractValueh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -346,18 +346,16 @@
</span><span class="cx">
</span><span class="cx"> // This is a proven constraint on the possible types that this value can have
</span><span class="cx"> // now or any time in the future, unless it is reassigned. This field is
</span><del>- // impervious to side-effects unless the side-effect can reassign the value
- // (for example if we're talking about a captured variable). The relationship
- // between this field, and the structure fields above, is as follows. The
- // fields above constraint the structures that a cell may have, but they say
- // nothing about whether or not the value is known to be a cell. More formally,
- // the m_structure is itself an abstract value that consists of the
- // union of the set of all non-cell values and the set of cell values that have
- // the given structure. This abstract value is then the intersection of the
- // m_structure and the set of values whose type is m_type. So, for
- // example if m_type is SpecFinal|SpecInt32 and m_structure is
- // [0x12345] then this abstract value corresponds to the set of all integers
- // unified with the set of all objects with structure 0x12345.
</del><ins>+ // impervious to side-effects. The relationship between this field, and the
+ // structure fields above, is as follows. The fields above constraint the
+ // structures that a cell may have, but they say nothing about whether or not
+ // the value is known to be a cell. More formally, the m_structure is itself an
+ // abstract value that consists of the union of the set of all non-cell values
+ // and the set of cell values that have the given structure. This abstract
+ // value is then the intersection of the m_structure and the set of values
+ // whose type is m_type. So, for example if m_type is SpecFinal|SpecInt32 and
+ // m_structure is [0x12345] then this abstract value corresponds to the set of
+ // all integers unified with the set of all objects with structure 0x12345.
</ins><span class="cx"> SpeculatedType m_type;
</span><span class="cx">
</span><span class="cx"> // This is a proven constraint on the possible indexing types that this value
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentPositionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGArgumentPosition.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentPosition.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentPosition.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -46,6 +46,9 @@
</span><span class="cx"> void addVariable(VariableAccessData* variable)
</span><span class="cx"> {
</span><span class="cx"> m_variables.append(variable);
</span><ins>+
+ // We may set this early. Merging it here saves us time in prediction propagation.
+ variable->mergeShouldNeverUnbox(m_shouldNeverUnbox);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> VariableAccessData* someVariable() const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsEliminationPhasecpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,566 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGArgumentsEliminationPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "BytecodeLivenessAnalysisInlines.h"
+#include "DFGArgumentsUtilities.h"
+#include "DFGBasicBlockInlines.h"
+#include "DFGBlockMapInlines.h"
+#include "DFGClobberize.h"
+#include "DFGForAllKills.h"
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+#include "DFGLivenessAnalysisPhase.h"
+#include "DFGOSRAvailabilityAnalysisPhase.h"
+#include "DFGPhase.h"
+#include "JSCInlines.h"
+#include <wtf/HashMap.h>
+#include <wtf/HashSet.h>
+
+namespace JSC { namespace DFG {
+
+namespace {
+
+class ArgumentsEliminationPhase : public Phase {
+public:
+ ArgumentsEliminationPhase(Graph& graph)
+ : Phase(graph, "arguments elimination")
+ {
+ }
+
+ bool run()
+ {
+ // For now this phase only works on SSA. This could be changed; we could have a block-local
+ // version over LoadStore.
+ DFG_ASSERT(m_graph, nullptr, m_graph.m_form == SSA);
+
+ identifyCandidates();
+ if (m_candidates.isEmpty())
+ return false;
+
+ eliminateCandidatesThatEscape();
+ if (m_candidates.isEmpty())
+ return false;
+
+ eliminateCandidatesThatInterfere();
+ if (m_candidates.isEmpty())
+ return false;
+
+ transform();
+
+ return true;
+ }
+
+private:
+ // Just finds nodes that we know how to work with.
+ void identifyCandidates()
+ {
+ for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
+ for (Node* node : *block) {
+ switch (node->op()) {
+ case CreateDirectArguments:
+ case CreateClonedArguments:
+ m_candidates.add(node);
+ break;
+
+ case CreateScopedArguments:
+ // FIXME: We could handle this if it wasn't for the fact that scoped arguments are
+ // always stored into the activation.
+ // https://bugs.webkit.org/show_bug.cgi?id=143072 and
+ // https://bugs.webkit.org/show_bug.cgi?id=143073
+ break;
+
+ default:
+ break;
+ }
+ }
+ }
+ }
+
+ // Look for escaping sites, and remove from the candidates set if we see an escape.
+ void eliminateCandidatesThatEscape()
+ {
+ auto escape = [&] (Edge edge) {
+ if (!edge)
+ return;
+ m_candidates.remove(edge.node());
+ };
+
+ auto escapeBasedOnArrayMode = [&] (ArrayMode mode, Edge edge) {
+ switch (mode.type()) {
+ case Array::DirectArguments:
+ if (edge->op() != CreateDirectArguments)
+ escape(edge);
+ break;
+
+ case Array::Int32:
+ case Array::Double:
+ case Array::Contiguous:
+ if (edge->op() != CreateClonedArguments)
+ escape(edge);
+ break;
+
+ default:
+ escape(edge);
+ break;
+ }
+ };
+
+ for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
+ for (Node* node : *block) {
+ switch (node->op()) {
+ case GetFromArguments:
+ DFG_ASSERT(m_graph, node, node->child1()->op() == CreateDirectArguments);
+ break;
+
+ case GetByVal:
+ escapeBasedOnArrayMode(node->arrayMode(), node->child1());
+ escape(node->child2());
+ escape(node->child3());
+ break;
+
+ case GetArrayLength:
+ escapeBasedOnArrayMode(node->arrayMode(), node->child1());
+ escape(node->child2());
+ break;
+
+ case LoadVarargs:
+ break;
+
+ case CallVarargs:
+ case ConstructVarargs:
+ escape(node->child1());
+ escape(node->child3());
+ break;
+
+ case Phantom:
+ case Check:
+ case HardPhantom:
+ case MovHint:
+ case PutHint:
+ break;
+
+ case GetButterfly:
+ // This barely works. The danger is that the GetButterfly is used by something that
+ // does something escaping to a candidate. Fortunately, the only butterfly-using ops
+ // that we exempt here also use the candidate directly. If there ever was a
+ // butterfly-using op that we wanted to exempt, then we'd have to look at the
+ // butterfly's child and check if it's a candidate.
+ break;
+
+ case CheckArray:
+ escapeBasedOnArrayMode(node->arrayMode(), node->child1());
+ break;
+
+ // FIXME: For cloned arguments, we'd like to allow GetByOffset on length to not be
+ // an escape.
+ // https://bugs.webkit.org/show_bug.cgi?id=143074
+
+ // FIXME: We should be able to handle GetById/GetByOffset on callee.
+ // https://bugs.webkit.org/show_bug.cgi?id=143075
+
+ default:
+ m_graph.doToChildren(node, escape);
+ break;
+ }
+ }
+ }
+ }
+
+ // Anywhere that a candidate is live (in bytecode or in DFG), check if there is a chance of
+ // interference between the stack area that the arguments object copies from and the arguments
+ // object's payload. Conservatively this means that the stack region doesn't get stored to.
+ void eliminateCandidatesThatInterfere()
+ {
+ performLivenessAnalysis(m_graph);
+ performOSRAvailabilityAnalysis(m_graph);
+ m_graph.initializeNodeOwners();
+
+ BlockMap<Operands<bool>> clobberedByBlock(m_graph);
+ for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
+ Operands<bool>& clobberedByThisBlock = clobberedByBlock[block];
+ clobberedByThisBlock = Operands<bool>(OperandsLike, m_graph.block(0)->variablesAtHead);
+ for (Node* node : *block) {
+ clobberize(
+ m_graph, node, NoOpClobberize(),
+ [&] (AbstractHeap heap) {
+ if (heap.kind() != Stack) {
+ ASSERT(!heap.overlaps(Stack));
+ return;
+ }
+ ASSERT(!heap.payload().isTop());
+ VirtualRegister reg(heap.payload().value32());
+ clobberedByThisBlock.operand(reg) = true;
+ },
+ NoOpClobberize());
+ }
+ }
+
+ for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
+ // Stop if we've already removed all candidates.
+ if (m_candidates.isEmpty())
+ return;
+
+ // Ignore blocks that don't write to the stack.
+ bool writesToStack = false;
+ for (unsigned i = clobberedByBlock[block].size(); i--;) {
+ if (clobberedByBlock[block][i]) {
+ writesToStack = true;
+ break;
+ }
+ }
+ if (!writesToStack)
+ continue;
+
+ forAllKillsInBlock(
+ m_graph, block,
+ [&] (unsigned nodeIndex, Node* candidate) {
+ if (!m_candidates.contains(candidate))
+ return;
+
+ // Check if this block has any clobbers that affect this candidate. This is a fairly
+ // fast check.
+ bool isClobberedByBlock = false;
+ Operands<bool>& clobberedByThisBlock = clobberedByBlock[block];
+
+ if (InlineCallFrame* inlineCallFrame = candidate->origin.semantic.inlineCallFrame) {
+ if (inlineCallFrame->isVarargs()) {
+ isClobberedByBlock |= clobberedByThisBlock.operand(
+ inlineCallFrame->stackOffset + JSStack::ArgumentCount);
+ }
+
+ if (!isClobberedByBlock || inlineCallFrame->isClosureCall) {
+ isClobberedByBlock |= clobberedByThisBlock.operand(
+ inlineCallFrame->stackOffset + JSStack::Callee);
+ }
+
+ if (!isClobberedByBlock) {
+ for (unsigned i = 0; i < inlineCallFrame->arguments.size() - 1; ++i) {
+ VirtualRegister reg =
+ VirtualRegister(inlineCallFrame->stackOffset) +
+ CallFrame::argumentOffset(i);
+ if (clobberedByThisBlock.operand(reg)) {
+ isClobberedByBlock = true;
+ break;
+ }
+ }
+ }
+ } else {
+ // We don't include the ArgumentCount or Callee in this case because we can be
+ // damn sure that this won't be clobbered.
+ for (unsigned i = 1; i < static_cast<unsigned>(codeBlock()->numParameters()); ++i) {
+ if (clobberedByThisBlock.argument(i)) {
+ isClobberedByBlock = true;
+ break;
+ }
+ }
+ }
+
+ if (!isClobberedByBlock)
+ return;
+
+ // Check if we can immediately eliminate this candidate. If the block has a clobber
+ // for this arguments allocation, and we'd have to examine every node in the block,
+ // then we can just eliminate the candidate.
+ if (nodeIndex == block->size() && candidate->owner != block) {
+ m_candidates.remove(candidate);
+ return;
+ }
+
+ while (nodeIndex--) {
+ Node* node = block->at(nodeIndex);
+ if (node == candidate)
+ break;
+
+ bool found = false;
+ clobberize(
+ m_graph, node, NoOpClobberize(),
+ [&] (AbstractHeap heap) {
+ if (heap.kind() == Stack && !heap.payload().isTop()) {
+ if (argumentsInvolveStackSlot(candidate, VirtualRegister(heap.payload().value32())))
+ found = true;
+ return;
+ }
+ if (heap.overlaps(Stack))
+ found = true;
+ },
+ NoOpClobberize());
+
+ if (found) {
+ m_candidates.remove(candidate);
+ return;
+ }
+ }
+ });
+ }
+
+ // Q: How do we handle OSR exit with a live PhantomArguments at a point where the inline call
+ // frame is dead? A: Naively we could say that PhantomArguments must escape the stack slots. But
+ // that would break PutStack sinking, which in turn would break object allocation sinking, in
+ // cases where we have a varargs call to an otherwise pure method. So, we need something smarter.
+ // For the outermost arguments, we just have a PhantomArguments that magically knows that it
+ // should load the arguments from the call frame. For the inline arguments, we have the heap map
+ // in the availabiltiy map track each possible inline argument as a promoted heap location. If the
+ // PutStacks for those arguments aren't sunk, those heap locations will map to very trivial
+ // availabilities (they will be flush availabilities). But if sinking happens then those
+ // availabilities may become whatever. OSR exit should be able to handle this quite naturally,
+ // since those availabilities speak of the stack before the optimizing compiler stack frame is
+ // torn down.
+ }
+
+ void transform()
+ {
+ InsertionSet insertionSet(m_graph);
+
+ for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
+ for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex) {
+ Node* node = block->at(nodeIndex);
+
+ auto getArrayLength = [&] (Node* candidate) -> Node* {
+ return emitCodeToGetArgumentsArrayLength(
+ insertionSet, candidate, nodeIndex, node->origin);
+ };
+
+ switch (node->op()) {
+ case CreateDirectArguments:
+ if (!m_candidates.contains(node))
+ break;
+
+ node->setOpAndDefaultFlags(PhantomDirectArguments);
+ insertionSet.insertNode(nodeIndex + 1, SpecNone, Phantom, node->origin, Edge(node));
+ break;
+
+ case CreateClonedArguments:
+ if (!m_candidates.contains(node))
+ break;
+
+ node->setOpAndDefaultFlags(PhantomClonedArguments);
+ insertionSet.insertNode(nodeIndex + 1, SpecNone, Phantom, node->origin, Edge(node));
+ break;
+
+ case GetFromArguments: {
+ Node* candidate = node->child1().node();
+ if (!m_candidates.contains(candidate))
+ break;
+
+ DFG_ASSERT(
+ m_graph, node,
+ node->child1()->op() == CreateDirectArguments
+ || node->child1()->op() == PhantomDirectArguments);
+ VirtualRegister reg =
+ virtualRegisterForArgument(node->capturedArgumentsOffset().offset() + 1) +
+ node->origin.semantic.stackOffset();
+ StackAccessData* data = m_graph.m_stackAccessData.add(reg, FlushedJSValue);
+ node->convertToGetStack(data);
+ break;
+ }
+
+ case GetArrayLength: {
+ Node* candidate = node->child1().node();
+ if (!m_candidates.contains(candidate))
+ break;
+
+ // Meh, this is kind of hackish - we use an Identity so that we can reuse the
+ // getArrayLength() helper.
+ node->convertToIdentityOn(getArrayLength(candidate));
+ break;
+ }
+
+ case GetByVal: {
+ // FIXME: For ClonedArguments, we would have already done a separate bounds check.
+ // This code will cause us to have two bounds checks - the original one that we
+ // already factored out in SSALoweringPhase, and the new one we insert here, which is
+ // often implicitly part of GetMyArgumentByVal. LLVM will probably eliminate the
+ // second bounds check, but still - that's just silly.
+ // https://bugs.webkit.org/show_bug.cgi?id=143076
+
+ Node* candidate = node->child1().node();
+ if (!m_candidates.contains(candidate))
+ break;
+
+ Node* result = nullptr;
+ if (node->child2()->isInt32Constant()) {
+ unsigned index = node->child2()->asUInt32();
+ InlineCallFrame* inlineCallFrame = candidate->origin.semantic.inlineCallFrame;
+
+ bool safeToGetStack;
+ if (inlineCallFrame)
+ safeToGetStack = index < inlineCallFrame->arguments.size() - 1;
+ else {
+ safeToGetStack =
+ index < static_cast<unsigned>(codeBlock()->numParameters()) - 1;
+ }
+ if (safeToGetStack) {
+ StackAccessData* data;
+ VirtualRegister arg = virtualRegisterForArgument(index + 1);
+ if (inlineCallFrame)
+ arg += inlineCallFrame->stackOffset;
+ data = m_graph.m_stackAccessData.add(arg, FlushedJSValue);
+
+ if (!inlineCallFrame || inlineCallFrame->isVarargs()
+ || index >= inlineCallFrame->arguments.size() - 1) {
+ insertionSet.insertNode(
+ nodeIndex, SpecNone, CheckInBounds, node->origin,
+ node->child2(), Edge(getArrayLength(candidate), Int32Use));
+ }
+
+ result = insertionSet.insertNode(
+ nodeIndex, node->prediction(), GetStack, node->origin, OpInfo(data));
+ }
+ }
+
+ if (!result) {
+ result = insertionSet.insertNode(
+ nodeIndex, node->prediction(), GetMyArgumentByVal, node->origin,
+ node->child1(), node->child2());
+ }
+
+ // Need to do this because we may have a data format conversion here.
+ node->convertToIdentityOn(result);
+ break;
+ }
+
+ case LoadVarargs: {
+ Node* candidate = node->child1().node();
+ if (!m_candidates.contains(candidate))
+ break;
+
+ LoadVarargsData* varargsData = node->loadVarargsData();
+ InlineCallFrame* inlineCallFrame = candidate->origin.semantic.inlineCallFrame;
+ if (inlineCallFrame && !inlineCallFrame->isVarargs()) {
+ Node* argumentCount = insertionSet.insertConstant(
+ nodeIndex, node->origin,
+ jsNumber(inlineCallFrame->arguments.size() - varargsData->offset));
+ insertionSet.insertNode(
+ nodeIndex, SpecNone, MovHint, node->origin,
+ OpInfo(varargsData->count.offset()), Edge(argumentCount));
+ insertionSet.insertNode(
+ nodeIndex, SpecNone, PutStack, node->origin,
+ OpInfo(m_graph.m_stackAccessData.add(varargsData->count, FlushedInt32)),
+ Edge(argumentCount, Int32Use));
+
+ for (unsigned i = 1 + varargsData->offset; i < inlineCallFrame->arguments.size(); ++i) {
+ StackAccessData* data = m_graph.m_stackAccessData.add(
+ virtualRegisterForArgument(i) + inlineCallFrame->stackOffset,
+ FlushedJSValue);
+
+ Node* value = insertionSet.insertNode(
+ nodeIndex, SpecNone, GetStack, node->origin, OpInfo(data));
+
+ VirtualRegister reg = varargsData->start + i - 1 - varargsData->offset;
+
+ insertionSet.insertNode(
+ nodeIndex, SpecNone, MovHint, node->origin, OpInfo(reg.offset()),
+ Edge(value));
+
+ data = m_graph.m_stackAccessData.add(reg, FlushedJSValue);
+
+ insertionSet.insertNode(
+ nodeIndex, SpecNone, PutStack, node->origin, OpInfo(data), Edge(value));
+ }
+
+ node->convertToPhantom();
+ break;
+ }
+
+ node->setOpAndDefaultFlags(ForwardVarargs);
+ break;
+ }
+
+ case CallVarargs:
+ case ConstructVarargs: {
+ Node* candidate = node->child2().node();
+ if (!m_candidates.contains(candidate))
+ break;
+
+ CallVarargsData* varargsData = node->callVarargsData();
+ InlineCallFrame* inlineCallFrame = candidate->origin.semantic.inlineCallFrame;
+ if (inlineCallFrame && !inlineCallFrame->isVarargs()) {
+ Vector<Node*> arguments;
+ for (unsigned i = 1 + varargsData->firstVarArgOffset; i < inlineCallFrame->arguments.size(); ++i) {
+ StackAccessData* data = m_graph.m_stackAccessData.add(
+ virtualRegisterForArgument(i) + inlineCallFrame->stackOffset,
+ FlushedJSValue);
+
+ Node* value = insertionSet.insertNode(
+ nodeIndex, SpecNone, GetStack, node->origin, OpInfo(data));
+
+ arguments.append(value);
+ }
+
+ unsigned firstChild = m_graph.m_varArgChildren.size();
+ m_graph.m_varArgChildren.append(node->child1());
+ m_graph.m_varArgChildren.append(node->child3());
+ for (Node* argument : arguments)
+ m_graph.m_varArgChildren.append(Edge(argument));
+ node->setOpAndDefaultFlags(
+ node->op() == CallVarargs ? Call : Construct);
+ node->children = AdjacencyList(
+ AdjacencyList::Variable,
+ firstChild, m_graph.m_varArgChildren.size() - firstChild);
+ break;
+ }
+
+ node->setOpAndDefaultFlags(
+ node->op() == CallVarargs ? CallForwardVarargs : ConstructForwardVarargs);
+ break;
+ }
+
+ case CheckArray:
+ case GetButterfly: {
+ if (!m_candidates.contains(node->child1().node()))
+ break;
+ node->convertToPhantom();
+ break;
+ }
+
+ default:
+ break;
+ }
+ }
+
+ insertionSet.execute(block);
+ }
+ }
+
+ HashSet<Node*> m_candidates;
+};
+
+} // anonymous namespace
+
+bool performArgumentsElimination(Graph& graph)
+{
+ SamplingRegion samplingRegion("DFG Arguments Elimination Phase");
+ return runPhase<ArgumentsEliminationPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsEliminationPhaseh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.h (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,45 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGArgumentsEliminationPhase_h
+#define DFGArgumentsEliminationPhase_h
+
+#if ENABLE(DFG_JIT)
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+// Eliminates allocations of the Arguments-class objects when it can prove that the object doesn't escape
+// and none of the arguments are mutated (either via the object or via the stack).
+
+bool performArgumentsElimination(Graph&);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGArgumentsEliminationPhase_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsSimplificationPhasecpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,794 +0,0 @@
</span><del>-/*
- * Copyright (C) 2012, 2013, 2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "DFGArgumentsSimplificationPhase.h"
-
-#if ENABLE(DFG_JIT)
-
-#include "DFGBasicBlock.h"
-#include "DFGGraph.h"
-#include "DFGInsertionSet.h"
-#include "DFGPhase.h"
-#include "DFGValidate.h"
-#include "DFGVariableAccessDataDump.h"
-#include "JSCInlines.h"
-#include <wtf/HashSet.h>
-#include <wtf/HashMap.h>
-
-namespace JSC { namespace DFG {
-
-namespace {
-
-struct ArgumentsAliasingData {
- InlineCallFrame* callContext;
- bool callContextSet;
- bool multipleCallContexts;
-
- bool assignedFromArguments;
- bool assignedFromManyThings;
-
- bool escapes;
-
- ArgumentsAliasingData()
- : callContext(0)
- , callContextSet(false)
- , multipleCallContexts(false)
- , assignedFromArguments(false)
- , assignedFromManyThings(false)
- , escapes(false)
- {
- }
-
- void mergeCallContext(InlineCallFrame* newCallContext)
- {
- if (multipleCallContexts)
- return;
-
- if (!callContextSet) {
- callContext = newCallContext;
- callContextSet = true;
- return;
- }
-
- if (callContext == newCallContext)
- return;
-
- multipleCallContexts = true;
- }
-
- bool callContextIsValid()
- {
- return callContextSet && !multipleCallContexts;
- }
-
- void mergeArgumentsAssignment()
- {
- assignedFromArguments = true;
- }
-
- void mergeNonArgumentsAssignment()
- {
- assignedFromManyThings = true;
- }
-
- bool argumentsAssignmentIsValid()
- {
- return assignedFromArguments && !assignedFromManyThings;
- }
-
- bool isValid()
- {
- return callContextIsValid() && argumentsAssignmentIsValid() && !escapes;
- }
-};
-
-} // end anonymous namespace
-
-class ArgumentsSimplificationPhase : public Phase {
-public:
- ArgumentsSimplificationPhase(Graph& graph)
- : Phase(graph, "arguments simplification")
- {
- }
-
- bool run()
- {
- if (!m_graph.m_hasArguments)
- return false;
-
- bool changed = false;
-
- // Record which arguments are known to escape no matter what.
- for (InlineCallFrameSet::iterator iter = m_graph.m_plan.inlineCallFrames->begin(); !!iter; ++iter)
- pruneObviousArgumentCreations(*iter);
- pruneObviousArgumentCreations(0); // the machine call frame.
-
- // Create data for variable access datas that we will want to analyze.
- for (unsigned i = m_graph.m_variableAccessData.size(); i--;) {
- VariableAccessData* variableAccessData = &m_graph.m_variableAccessData[i];
- if (!variableAccessData->isRoot())
- continue;
- if (variableAccessData->isCaptured())
- continue;
- m_argumentsAliasing.add(variableAccessData, ArgumentsAliasingData());
- }
-
- // Figure out which variables are live, using a conservative approximation of
- // liveness.
- for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
- BasicBlock* block = m_graph.block(blockIndex);
- if (!block)
- continue;
- for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
- Node* node = block->at(indexInBlock);
- switch (node->op()) {
- case GetLocal:
- case Flush:
- case PhantomLocal:
- m_isLive.add(node->variableAccessData());
- break;
- default:
- break;
- }
- }
- }
-
- // Figure out which variables alias the arguments and nothing else, and are
- // used only for GetByVal and GetArrayLength accesses. At the same time,
- // identify uses of CreateArguments that are not consistent with the arguments
- // being aliased only to variables that satisfy these constraints.
- for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
- BasicBlock* block = m_graph.block(blockIndex);
- if (!block)
- continue;
- for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
- Node* node = block->at(indexInBlock);
- switch (node->op()) {
- case CreateArguments: {
- // Ignore this op. If we see a lone CreateArguments then we want to
- // completely ignore it because:
- // 1) The default would be to see that the child is a GetLocal on the
- // arguments register and conclude that we have an arguments escape.
- // 2) The fact that a CreateArguments exists does not mean that it
- // will continue to exist after we're done with this phase. As far
- // as this phase is concerned, a CreateArguments only "exists" if it
- // is used in a manner that necessitates its existance.
- break;
- }
-
- case TearOffArguments: {
- // Ignore arguments tear off, because it's only relevant if we actually
- // need to create the arguments.
- break;
- }
-
- case SetLocal: {
- Node* source = node->child1().node();
- VariableAccessData* variableAccessData = node->variableAccessData();
- VirtualRegister argumentsRegister =
- m_graph.uncheckedArgumentsRegisterFor(node->origin.semantic);
- if (source->op() != CreateArguments && source->op() != PhantomArguments) {
- // Make sure that the source of the SetLocal knows that if it's
- // a variable that we think is aliased to the arguments, then it
- // may escape at this point. In future, we could track transitive
- // aliasing. But not yet.
- observeBadArgumentsUse(source);
-
- // If this is an assignment to the arguments register, then
- // pretend as if the arguments were created. We don't want to
- // optimize code that explicitly assigns to the arguments,
- // because that seems too ugly.
-
- // But, before getting rid of CreateArguments, we will have
- // an assignment to the arguments registers with JSValue().
- // That's because CSE will refuse to get rid of the
- // init_lazy_reg since it treats CreateArguments as reading
- // local variables. That could be fixed, but it's easier to
- // work around this here.
- if (source->op() == JSConstant && !*source->constant())
- break;
-
- // If the variable is totally dead, then ignore it.
- if (!m_isLive.contains(variableAccessData))
- break;
-
- if (argumentsRegister.isValid()
- && (variableAccessData->local() == argumentsRegister
- || variableAccessData->local() == unmodifiedArgumentsRegister(argumentsRegister))) {
- m_createsArguments.add(node->origin.semantic.inlineCallFrame);
- break;
- }
-
- if (variableAccessData->isCaptured())
- break;
-
- // Make sure that if it's a variable that we think is aliased to
- // the arguments, that we know that it might actually not be.
- ArgumentsAliasingData& data =
- m_argumentsAliasing.find(variableAccessData)->value;
- data.mergeNonArgumentsAssignment();
- data.mergeCallContext(node->origin.semantic.inlineCallFrame);
- break;
- }
- if (argumentsRegister.isValid()
- && (variableAccessData->local() == argumentsRegister
- || variableAccessData->local() == unmodifiedArgumentsRegister(argumentsRegister))) {
- if (node->origin.semantic.inlineCallFrame == source->origin.semantic.inlineCallFrame)
- break;
- m_createsArguments.add(source->origin.semantic.inlineCallFrame);
- break;
- }
- if (variableAccessData->isCaptured()) {
- m_createsArguments.add(source->origin.semantic.inlineCallFrame);
- break;
- }
- ArgumentsAliasingData& data =
- m_argumentsAliasing.find(variableAccessData)->value;
- data.mergeArgumentsAssignment();
- // This ensures that the variable's uses are in the same context as
- // the arguments it is aliasing.
- data.mergeCallContext(node->origin.semantic.inlineCallFrame);
- data.mergeCallContext(source->origin.semantic.inlineCallFrame);
- break;
- }
-
- case GetLocal:
- case Phi: /* FIXME: https://bugs.webkit.org/show_bug.cgi?id=108555 */ {
- VariableAccessData* variableAccessData = node->variableAccessData();
- if (variableAccessData->isCaptured())
- break;
- ArgumentsAliasingData& data =
- m_argumentsAliasing.find(variableAccessData)->value;
- data.mergeCallContext(node->origin.semantic.inlineCallFrame);
- break;
- }
-
- case Flush: {
- VariableAccessData* variableAccessData = node->variableAccessData();
- if (variableAccessData->isCaptured())
- break;
- ArgumentsAliasingData& data =
- m_argumentsAliasing.find(variableAccessData)->value;
- data.mergeCallContext(node->origin.semantic.inlineCallFrame);
-
- // If a variable is used in a flush then by definition it escapes.
- data.escapes = true;
- break;
- }
-
- case SetArgument: {
- VariableAccessData* variableAccessData = node->variableAccessData();
- if (variableAccessData->isCaptured())
- break;
- ArgumentsAliasingData& data =
- m_argumentsAliasing.find(variableAccessData)->value;
- data.mergeNonArgumentsAssignment();
- data.mergeCallContext(node->origin.semantic.inlineCallFrame);
- break;
- }
-
- case GetByVal: {
- if (node->arrayMode().type() != Array::Arguments) {
- observeBadArgumentsUses(node);
- break;
- }
-
- // That's so awful and pretty much impossible since it would
- // imply that the arguments were predicted integer, but it's
- // good to be defensive and thorough.
- observeBadArgumentsUse(node->child2().node());
- observeProperArgumentsUse(node, node->child1());
- break;
- }
-
- case GetArrayLength: {
- if (node->arrayMode().type() != Array::Arguments) {
- observeBadArgumentsUses(node);
- break;
- }
-
- observeProperArgumentsUse(node, node->child1());
- break;
- }
-
- case Phantom:
- case HardPhantom:
- // We don't care about phantom uses, since phantom uses are all about
- // just keeping things alive for OSR exit. If something - like the
- // CreateArguments - is just being kept alive, then this transformation
- // will not break this, since the Phantom will now just keep alive a
- // PhantomArguments and OSR exit will still do the right things.
- break;
-
- case CheckStructure:
- case CheckArray:
- // We don't care about these because if we get uses of the relevant
- // variable then we can safely get rid of these, too. This of course
- // relies on there not being any information transferred by the CFA
- // from a CheckStructure on one variable to the information about the
- // structures of another variable.
- break;
-
- case MovHint:
- // We don't care about MovHints at all, since they represent what happens
- // in bytecode. We rematerialize arguments objects on OSR exit anyway.
- break;
-
- default:
- observeBadArgumentsUses(node);
- break;
- }
- }
- }
-
- // Now we know which variables are aliased to arguments. But if any of them are
- // found to have escaped, or were otherwise invalidated, then we need to mark
- // the arguments as requiring creation. This is a property of SetLocals to
- // variables that are neither the correct arguments register nor are marked as
- // being arguments-aliased.
- for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
- BasicBlock* block = m_graph.block(blockIndex);
- if (!block)
- continue;
- for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
- Node* node = block->at(indexInBlock);
- if (node->op() != SetLocal)
- continue;
- Node* source = node->child1().node();
- if (source->op() != CreateArguments)
- continue;
- VariableAccessData* variableAccessData = node->variableAccessData();
- if (variableAccessData->isCaptured()) {
- // The captured case would have already been taken care of in the
- // previous pass.
- continue;
- }
-
- ArgumentsAliasingData& data =
- m_argumentsAliasing.find(variableAccessData)->value;
- if (data.isValid())
- continue;
-
- m_createsArguments.add(source->origin.semantic.inlineCallFrame);
- }
- }
-
- InsertionSet insertionSet(m_graph);
-
- for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
- BasicBlock* block = m_graph.block(blockIndex);
- if (!block)
- continue;
- for (unsigned indexInBlock = 0; indexInBlock < block->size(); indexInBlock++) {
- Node* node = block->at(indexInBlock);
- switch (node->op()) {
- case SetLocal: {
- Node* source = node->child1().node();
- if (source->op() != CreateArguments)
- break;
-
- if (m_createsArguments.contains(source->origin.semantic.inlineCallFrame))
- break;
-
- VariableAccessData* variableAccessData = node->variableAccessData();
-
- if (variableAccessData->mergeIsArgumentsAlias(true)) {
- changed = true;
-
- // Make sure that the variable knows, that it may now hold non-cell values.
- variableAccessData->predict(SpecEmpty);
- }
-
- // Make sure that the SetLocal doesn't check that the input is a Cell.
- if (node->child1().useKind() != UntypedUse) {
- node->child1().setUseKind(UntypedUse);
- changed = true;
- }
- break;
- }
-
- case Flush: {
- VariableAccessData* variableAccessData = node->variableAccessData();
-
- if (variableAccessData->isCaptured()
- || !m_argumentsAliasing.find(variableAccessData)->value.isValid()
- || m_createsArguments.contains(node->origin.semantic.inlineCallFrame))
- break;
-
- RELEASE_ASSERT_NOT_REACHED();
- break;
- }
-
- case Phantom:
- case HardPhantom: {
- // It's highly likely that we will have a Phantom referencing either
- // CreateArguments, or a local op for the arguments register, or a
- // local op for an arguments-aliased variable. In any of those cases,
- // we should remove the phantom reference, since:
- // 1) Phantoms only exist to aid OSR exit. But arguments simplification
- // has its own OSR exit story, which is to inform OSR exit to reify
- // the arguments as necessary.
- // 2) The Phantom may keep the CreateArguments node alive, which is
- // precisely what we don't want.
- for (unsigned i = 0; i < AdjacencyList::Size; ++i)
- detypeArgumentsReferencingPhantomChild(node, i);
- break;
- }
-
- case CheckStructure:
- case CheckArray: {
- // We can just get rid of this node, if it references a phantom argument.
- if (!isOKToOptimize(node->child1().node()))
- break;
- node->convertToPhantom();
- break;
- }
-
- case GetByVal: {
- if (node->arrayMode().type() != Array::Arguments)
- break;
-
- // This can be simplified to GetMyArgumentByVal if we know that
- // it satisfies either condition (1) or (2):
- // 1) Its first child is a valid ArgumentsAliasingData and the
- // InlineCallFrame* is not marked as creating arguments.
- // 2) Its first child is CreateArguments and its InlineCallFrame*
- // is not marked as creating arguments.
-
- if (!isOKToOptimize(node->child1().node()))
- break;
-
- insertionSet.insertNode(
- indexInBlock, SpecNone, Phantom, node->origin, node->child1());
-
- node->child1() = node->child2();
- node->child2() = Edge();
- node->setOpAndDefaultFlags(GetMyArgumentByVal);
- changed = true;
- --indexInBlock; // Force reconsideration of this op now that it's a GetMyArgumentByVal.
- break;
- }
-
- case GetArrayLength: {
- if (node->arrayMode().type() != Array::Arguments)
- break;
-
- if (!isOKToOptimize(node->child1().node()))
- break;
-
- insertionSet.insertNode(
- indexInBlock, SpecNone, Phantom, node->origin, node->child1());
-
- node->child1() = Edge();
- node->setOpAndDefaultFlags(GetMyArgumentsLength);
- changed = true;
- --indexInBlock; // Force reconsideration of this op noew that it's a GetMyArgumentsLength.
- break;
- }
-
- case GetMyArgumentsLength:
- case GetMyArgumentsLengthSafe: {
- if (m_createsArguments.contains(node->origin.semantic.inlineCallFrame)) {
- ASSERT(node->op() == GetMyArgumentsLengthSafe);
- break;
- }
- if (node->op() == GetMyArgumentsLengthSafe) {
- node->setOp(GetMyArgumentsLength);
- changed = true;
- }
-
- NodeOrigin origin = node->origin;
- if (!origin.semantic.inlineCallFrame)
- break;
- if (origin.semantic.inlineCallFrame->isVarargs())
- break;
-
- // We know exactly what this will return. But only after we have checked
- // that nobody has escaped our arguments.
- insertionSet.insertNode(
- indexInBlock, SpecNone, CheckArgumentsNotCreated, origin);
-
- m_graph.convertToConstant(
- node, m_graph.freeze(
- jsNumber(origin.semantic.inlineCallFrame->arguments.size() - 1)));
- changed = true;
- break;
- }
-
- case GetMyArgumentByVal:
- case GetMyArgumentByValSafe: {
- if (m_createsArguments.contains(node->origin.semantic.inlineCallFrame)) {
- ASSERT(node->op() == GetMyArgumentByValSafe);
- break;
- }
- if (node->op() == GetMyArgumentByValSafe) {
- node->setOp(GetMyArgumentByVal);
- changed = true;
- }
- if (!node->origin.semantic.inlineCallFrame)
- break;
- if (!node->child1()->isInt32Constant())
- break;
- int32_t index = node->child1()->asInt32();
- if (index < 0
- || static_cast<size_t>(index + 1) >=
- node->origin.semantic.inlineCallFrame->arguments.size())
- break;
-
- // We know which argument this is accessing. But only after we have checked
- // that nobody has escaped our arguments. We also need to ensure that the
- // index is kept alive. That's somewhat pointless since it's a constant, but
- // it's important because this is one of those invariants that we like to
- // have in the DFG. Note finally that we use the GetLocalUnlinked opcode
- // here, since this is being done _after_ the prediction propagation phase
- // has run - therefore it makes little sense to link the GetLocal operation
- // into the VariableAccessData and Phi graphs.
-
- NodeOrigin origin = node->origin;
- AdjacencyList children = node->children;
-
- node->convertToGetLocalUnlinked(
- VirtualRegister(
- origin.semantic.inlineCallFrame->stackOffset +
- m_graph.baselineCodeBlockFor(origin.semantic)->argumentIndexAfterCapture(index)));
-
- insertionSet.insertNode(
- indexInBlock, SpecNone, CheckArgumentsNotCreated, origin);
- insertionSet.insertNode(
- indexInBlock, SpecNone, Phantom, origin, children);
-
- changed = true;
- break;
- }
-
- case TearOffArguments: {
- if (m_createsArguments.contains(node->origin.semantic.inlineCallFrame))
- continue;
-
- node->convertToPhantom();
- break;
- }
-
- default:
- break;
- }
- }
- insertionSet.execute(block);
- }
-
- for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
- BasicBlock* block = m_graph.block(blockIndex);
- if (!block)
- continue;
- for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
- Node* node = block->at(indexInBlock);
- if (node->op() != CreateArguments)
- continue;
- // If this is a CreateArguments for an InlineCallFrame* that does
- // not create arguments, then replace it with a PhantomArguments.
- // PhantomArguments is a non-executing node that just indicates
- // that the node should be reified as an arguments object on OSR
- // exit.
- if (m_createsArguments.contains(node->origin.semantic.inlineCallFrame))
- continue;
- insertionSet.insertNode(
- indexInBlock, SpecNone, Phantom, node->origin, node->children);
- node->setOpAndDefaultFlags(PhantomArguments);
- node->children.reset();
- changed = true;
- }
- insertionSet.execute(block);
- }
-
- for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
- BasicBlock* block = m_graph.block(blockIndex);
- if (!block)
- continue;
- for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
- Node* node = block->at(indexInBlock);
- if (node->op() != Phantom)
- continue;
- for (unsigned i = 0; i < AdjacencyList::Size; ++i)
- detypeArgumentsReferencingPhantomChild(node, i);
- }
- }
-
- if (changed) {
- m_graph.dethread();
- m_graph.m_form = LoadStore;
- }
-
- return changed;
- }
-
-private:
- HashSet<InlineCallFrame*,
- DefaultHash<InlineCallFrame*>::Hash,
- NullableHashTraits<InlineCallFrame*>> m_createsArguments;
- HashMap<VariableAccessData*, ArgumentsAliasingData,
- DefaultHash<VariableAccessData*>::Hash,
- NullableHashTraits<VariableAccessData*>> m_argumentsAliasing;
- HashSet<VariableAccessData*> m_isLive;
-
- void pruneObviousArgumentCreations(InlineCallFrame* inlineCallFrame)
- {
- ScriptExecutable* executable = m_graph.executableFor(inlineCallFrame);
- if (m_graph.m_executablesWhoseArgumentsEscaped.contains(executable)
- || executable->isStrictMode())
- m_createsArguments.add(inlineCallFrame);
- }
-
- void observeBadArgumentsUse(Node* node)
- {
- if (!node)
- return;
-
- switch (node->op()) {
- case CreateArguments: {
- m_createsArguments.add(node->origin.semantic.inlineCallFrame);
- break;
- }
-
- case GetLocal: {
- VirtualRegister argumentsRegister =
- m_graph.uncheckedArgumentsRegisterFor(node->origin.semantic);
- if (argumentsRegister.isValid()
- && (node->local() == argumentsRegister
- || node->local() == unmodifiedArgumentsRegister(argumentsRegister))) {
- m_createsArguments.add(node->origin.semantic.inlineCallFrame);
- break;
- }
-
- VariableAccessData* variableAccessData = node->variableAccessData();
- if (variableAccessData->isCaptured())
- break;
-
- ArgumentsAliasingData& data = m_argumentsAliasing.find(variableAccessData)->value;
- data.escapes = true;
- break;
- }
-
- default:
- break;
- }
- }
-
- void observeBadArgumentsUses(Node* node)
- {
- for (unsigned i = m_graph.numChildren(node); i--;)
- observeBadArgumentsUse(m_graph.child(node, i).node());
- }
-
- void observeProperArgumentsUse(Node* node, Edge edge)
- {
- if (edge->op() != GetLocal) {
- // When can this happen? At least two cases that I can think
- // of:
- //
- // 1) Aliased use of arguments in the same basic block,
- // like:
- //
- // var a = arguments;
- // var x = arguments[i];
- //
- // 2) If we're accessing arguments we got from the heap!
-
- if (edge->op() == CreateArguments
- && node->origin.semantic.inlineCallFrame
- != edge->origin.semantic.inlineCallFrame)
- m_createsArguments.add(edge->origin.semantic.inlineCallFrame);
-
- return;
- }
-
- VariableAccessData* variableAccessData = edge->variableAccessData();
- if (edge->local() == m_graph.uncheckedArgumentsRegisterFor(edge->origin.semantic)
- && node->origin.semantic.inlineCallFrame != edge->origin.semantic.inlineCallFrame) {
- m_createsArguments.add(edge->origin.semantic.inlineCallFrame);
- return;
- }
-
- if (variableAccessData->isCaptured())
- return;
-
- ArgumentsAliasingData& data = m_argumentsAliasing.find(variableAccessData)->value;
- data.mergeCallContext(node->origin.semantic.inlineCallFrame);
- }
-
- bool isOKToOptimize(Node* source)
- {
- if (m_createsArguments.contains(source->origin.semantic.inlineCallFrame))
- return false;
-
- switch (source->op()) {
- case GetLocal: {
- VariableAccessData* variableAccessData = source->variableAccessData();
- VirtualRegister argumentsRegister =
- m_graph.uncheckedArgumentsRegisterFor(source->origin.semantic);
- if (!argumentsRegister.isValid())
- break;
- if (argumentsRegister == variableAccessData->local())
- return true;
- if (unmodifiedArgumentsRegister(argumentsRegister) == variableAccessData->local())
- return true;
- if (variableAccessData->isCaptured())
- break;
- ArgumentsAliasingData& data =
- m_argumentsAliasing.find(variableAccessData)->value;
- if (!data.isValid())
- break;
-
- return true;
- }
-
- case CreateArguments: {
- return true;
- }
-
- default:
- break;
- }
-
- return false;
- }
-
- void detypeArgumentsReferencingPhantomChild(Node* node, unsigned edgeIndex)
- {
- Edge edge = node->children.child(edgeIndex);
- if (!edge)
- return;
-
- switch (edge->op()) {
- case GetLocal: {
- VariableAccessData* variableAccessData = edge->variableAccessData();
- if (!variableAccessData->isArgumentsAlias())
- break;
- node->children.child(edgeIndex).setUseKind(UntypedUse);
- break;
- }
-
- case PhantomArguments: {
- node->children.child(edgeIndex).setUseKind(UntypedUse);
- break;
- }
-
- default:
- break;
- }
- }
-};
-
-bool performArgumentsSimplification(Graph& graph)
-{
- SamplingRegion samplingRegion("DFG Arguments Simplification Phase");
- return runPhase<ArgumentsSimplificationPhase>(graph);
-}
-
-} } // namespace JSC::DFG
-
-#endif // ENABLE(DFG_JIT)
-
-
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsSimplificationPhaseh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,47 +0,0 @@
</span><del>-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef DFGArgumentsSimplificationPhase_h
-#define DFGArgumentsSimplificationPhase_h
-
-#if ENABLE(DFG_JIT)
-
-namespace JSC { namespace DFG {
-
-class Graph;
-
-// Simplifies reflective uses of the Arguments object:
-//
-// Inlined arguments.length -> constant
-// Inlined arguments[constant] -> GetLocalUnlinked
-
-bool performArgumentsSimplification(Graph&);
-
-} } // namespace JSC::DFG
-
-#endif // ENABLE(DFG_JIT)
-
-#endif // DFGArgumentsSimplificationPhase_h
-
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsUtilitiescpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,98 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGArgumentsUtilities.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "JSCInlines.h"
+
+namespace JSC { namespace DFG {
+
+bool argumentsInvolveStackSlot(InlineCallFrame* inlineCallFrame, VirtualRegister reg)
+{
+ if (!inlineCallFrame)
+ return (reg.isArgument() && reg.toArgument()) || reg.isHeader();
+
+ if (inlineCallFrame->isClosureCall
+ && reg == VirtualRegister(inlineCallFrame->stackOffset + JSStack::Callee))
+ return true;
+
+ if (inlineCallFrame->isVarargs()
+ && reg == VirtualRegister(inlineCallFrame->stackOffset + JSStack::ArgumentCount))
+ return true;
+
+ unsigned numArguments = inlineCallFrame->arguments.size() - 1;
+ VirtualRegister argumentStart =
+ VirtualRegister(inlineCallFrame->stackOffset) + CallFrame::argumentOffset(0);
+ return reg >= argumentStart && reg < argumentStart + numArguments;
+}
+
+bool argumentsInvolveStackSlot(Node* candidate, VirtualRegister reg)
+{
+ return argumentsInvolveStackSlot(candidate->origin.semantic.inlineCallFrame, reg);
+}
+
+Node* emitCodeToGetArgumentsArrayLength(
+ InsertionSet& insertionSet, Node* arguments, unsigned nodeIndex, NodeOrigin origin)
+{
+ Graph& graph = insertionSet.graph();
+
+ DFG_ASSERT(
+ graph, arguments,
+ arguments->op() == CreateDirectArguments || arguments->op() == CreateScopedArguments
+ || arguments->op() == CreateClonedArguments || arguments->op() == PhantomDirectArguments
+ || arguments->op() == PhantomClonedArguments);
+
+ InlineCallFrame* inlineCallFrame = arguments->origin.semantic.inlineCallFrame;
+
+ if (inlineCallFrame && !inlineCallFrame->isVarargs()) {
+ return insertionSet.insertConstant(
+ nodeIndex, origin, jsNumber(inlineCallFrame->arguments.size() - 1));
+ }
+
+ Node* argumentCount;
+ if (!inlineCallFrame)
+ argumentCount = insertionSet.insertNode(nodeIndex, SpecInt32, GetArgumentCount, origin);
+ else {
+ VirtualRegister argumentCountRegister(inlineCallFrame->stackOffset + JSStack::ArgumentCount);
+
+ argumentCount = insertionSet.insertNode(
+ nodeIndex, SpecInt32, GetStack, origin,
+ OpInfo(graph.m_stackAccessData.add(argumentCountRegister, FlushedInt32)));
+ }
+
+ return insertionSet.insertNode(
+ nodeIndex, SpecInt32, ArithSub, origin, OpInfo(Arith::Unchecked),
+ Edge(argumentCount, Int32Use),
+ insertionSet.insertConstantForUse(
+ nodeIndex, origin, jsNumber(1), Int32Use));
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsUtilitiesh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.h (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,47 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGArgumentsUtilities_h
+#define DFGArgumentsUtilities_h
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+
+namespace JSC { namespace DFG {
+
+bool argumentsInvolveStackSlot(InlineCallFrame*, VirtualRegister);
+bool argumentsInvolveStackSlot(Node* candidate, VirtualRegister);
+
+Node* emitCodeToGetArgumentsArrayLength(
+ InsertionSet&, Node* arguments, unsigned nodeIndex, NodeOrigin);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGArgumentsUtilities_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArrayModecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -197,8 +197,15 @@
</span><span class="cx"> if (isStringSpeculation(base))
</span><span class="cx"> return withType(Array::String);
</span><span class="cx">
</span><del>- if (isArgumentsSpeculation(base))
- return withType(Array::Arguments);
</del><ins>+ if (isDirectArgumentsSpeculation(base) || isScopedArgumentsSpeculation(base)) {
+ // Handle out-of-bounds accesses as generic accesses.
+ if (graph.hasExitSite(node->origin.semantic, OutOfBounds) || !isInBounds())
+ return ArrayMode(Array::Generic);
+
+ if (isDirectArgumentsSpeculation(base))
+ return withType(Array::DirectArguments);
+ return withType(Array::ScopedArguments);
+ }
</ins><span class="cx">
</span><span class="cx"> ArrayMode result;
</span><span class="cx"> switch (node->op()) {
</span><span class="lines">@@ -396,9 +403,12 @@
</span><span class="cx"> return true;
</span><span class="cx"> } }
</span><span class="cx">
</span><del>- case Array::Arguments:
- return speculationChecked(value.m_type, SpecArguments);
</del><ins>+ case Array::DirectArguments:
+ return speculationChecked(value.m_type, SpecDirectArguments);
</ins><span class="cx">
</span><ins>+ case Array::ScopedArguments:
+ return speculationChecked(value.m_type, SpecScopedArguments);
+
</ins><span class="cx"> case Array::Int8Array:
</span><span class="cx"> return speculationChecked(value.m_type, SpecInt8Array);
</span><span class="cx">
</span><span class="lines">@@ -461,8 +471,10 @@
</span><span class="cx"> return "ArrayStorage";
</span><span class="cx"> case Array::SlowPutArrayStorage:
</span><span class="cx"> return "SlowPutArrayStorage";
</span><del>- case Array::Arguments:
- return "Arguments";
</del><ins>+ case Array::DirectArguments:
+ return "DirectArguments";
+ case Array::ScopedArguments:
+ return "ScopedArguments";
</ins><span class="cx"> case Array::Int8Array:
</span><span class="cx"> return "Int8Array";
</span><span class="cx"> case Array::Int16Array:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArrayModeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGArrayMode.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArrayMode.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGArrayMode.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -65,7 +65,9 @@
</span><span class="cx"> ArrayStorage,
</span><span class="cx"> SlowPutArrayStorage,
</span><span class="cx">
</span><del>- Arguments,
</del><ins>+ DirectArguments,
+ ScopedArguments,
+
</ins><span class="cx"> Int8Array,
</span><span class="cx"> Int16Array,
</span><span class="cx"> Int32Array,
</span><span class="lines">@@ -294,7 +296,8 @@
</span><span class="cx"> case Array::Unprofiled:
</span><span class="cx"> case Array::ForceExit:
</span><span class="cx"> case Array::Generic:
</span><del>- case Array::Arguments:
</del><ins>+ case Array::DirectArguments:
+ case Array::ScopedArguments:
</ins><span class="cx"> return false;
</span><span class="cx"> default:
</span><span class="cx"> return true;
</span><span class="lines">@@ -320,11 +323,9 @@
</span><span class="cx"> {
</span><span class="cx"> switch (type()) {
</span><span class="cx"> case Array::String:
</span><ins>+ case Array::DirectArguments:
+ case Array::ScopedArguments:
</ins><span class="cx"> return ArrayMode(Array::Generic);
</span><del>-#if USE(JSVALUE32_64)
- case Array::Arguments:
- return ArrayMode(Array::Generic);
-#endif
</del><span class="cx"> default:
</span><span class="cx"> return *this;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAvailabilityMapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -45,14 +45,13 @@
</span><span class="cx"> possibleNodes.add(m_locals[i].node());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- unsigned oldPossibleNodesSize;
- do {
- oldPossibleNodesSize = possibleNodes.size();
- for (auto pair : m_heap) {
- if (pair.value.hasNode() && possibleNodes.contains(pair.key.base()))
- possibleNodes.add(pair.value.node());
- }
- } while (oldPossibleNodesSize != possibleNodes.size());
</del><ins>+ closeOverNodes(
+ [&] (Node* node) -> bool {
+ return possibleNodes.contains(node);
+ },
+ [&] (Node* node) -> bool {
+ return possibleNodes.add(node).isNewEntry;
+ });
</ins><span class="cx">
</span><span class="cx"> HashMap<PromotedHeapLocation, Availability> newHeap;
</span><span class="cx"> for (auto pair : m_heap) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAvailabilityMaph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGAvailabilityMap.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -52,6 +52,32 @@
</span><span class="cx"> functor(pair.value);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ template<typename HasFunctor, typename AddFunctor>
+ void closeOverNodes(const HasFunctor& has, const AddFunctor& add)
+ {
+ bool changed;
+ do {
+ changed = false;
+ for (auto pair : m_heap) {
+ if (pair.value.hasNode() && has(pair.key.base()))
+ changed |= add(pair.value.node());
+ }
+ } while (changed);
+ }
+
+ template<typename HasFunctor, typename AddFunctor>
+ void closeStartingWithLocal(VirtualRegister reg, const HasFunctor& has, const AddFunctor& add)
+ {
+ Availability availability = m_locals.operand(reg);
+ if (!availability.hasNode())
+ return;
+
+ if (!add(availability.node()))
+ return;
+
+ closeOverNodes(has, add);
+ }
+
</ins><span class="cx"> Operands<Availability> m_locals;
</span><span class="cx"> HashMap<PromotedHeapLocation, Availability> m_heap;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGBackwardsPropagationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -326,11 +326,6 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentByValSafe: {
- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
- break;
- }
-
</del><span class="cx"> case NewArrayWithSize: {
</span><span class="cx"> node->child1()->mergeFlags(NodeBytecodeUsesAsValue | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -225,11 +225,11 @@
</span><span class="cx"> void linkBlock(BasicBlock*, Vector<BasicBlock*>& possibleTargets);
</span><span class="cx"> void linkBlocks(Vector<UnlinkedBlock>& unlinkedBlocks, Vector<BasicBlock*>& possibleTargets);
</span><span class="cx">
</span><del>- VariableAccessData* newVariableAccessData(VirtualRegister operand, bool isCaptured)
</del><ins>+ VariableAccessData* newVariableAccessData(VirtualRegister operand)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!operand.isConstant());
</span><span class="cx">
</span><del>- m_graph.m_variableAccessData.append(VariableAccessData(operand, isCaptured));
</del><ins>+ m_graph.m_variableAccessData.append(VariableAccessData(operand));
</ins><span class="cx"> return &m_graph.m_variableAccessData.last();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -346,7 +346,6 @@
</span><span class="cx"> unsigned local = operand.toLocal();
</span><span class="cx">
</span><span class="cx"> Node* node = m_currentBlock->variablesAtTail.local(local);
</span><del>- bool isCaptured = m_codeBlock->isCaptured(operand, inlineCallFrame());
</del><span class="cx">
</span><span class="cx"> // This has two goals: 1) link together variable access datas, and 2)
</span><span class="cx"> // try to avoid creating redundant GetLocals. (1) is required for
</span><span class="lines">@@ -358,20 +357,17 @@
</span><span class="cx">
</span><span class="cx"> if (node) {
</span><span class="cx"> variable = node->variableAccessData();
</span><del>- variable->mergeIsCaptured(isCaptured);
</del><span class="cx">
</span><del>- if (!isCaptured) {
- switch (node->op()) {
- case GetLocal:
- return node;
- case SetLocal:
- return node->child1().node();
- default:
- break;
- }
</del><ins>+ switch (node->op()) {
+ case GetLocal:
+ return node;
+ case SetLocal:
+ return node->child1().node();
+ default:
+ break;
</ins><span class="cx"> }
</span><span class="cx"> } else
</span><del>- variable = newVariableAccessData(operand, isCaptured);
</del><ins>+ variable = newVariableAccessData(operand);
</ins><span class="cx">
</span><span class="cx"> node = injectLazyOperandSpeculation(addToGraph(GetLocal, OpInfo(variable)));
</span><span class="cx"> m_currentBlock->variablesAtTail.local(local) = node;
</span><span class="lines">@@ -384,15 +380,14 @@
</span><span class="cx"> m_currentSemanticOrigin = semanticOrigin;
</span><span class="cx">
</span><span class="cx"> unsigned local = operand.toLocal();
</span><del>- bool isCaptured = m_codeBlock->isCaptured(operand, inlineCallFrame());
</del><span class="cx">
</span><span class="cx"> if (setMode != ImmediateNakedSet) {
</span><span class="cx"> ArgumentPosition* argumentPosition = findArgumentPositionForLocal(operand);
</span><del>- if (isCaptured || argumentPosition)
</del><ins>+ if (argumentPosition)
</ins><span class="cx"> flushDirect(operand, argumentPosition);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- VariableAccessData* variableAccessData = newVariableAccessData(operand, isCaptured);
</del><ins>+ VariableAccessData* variableAccessData = newVariableAccessData(operand);
</ins><span class="cx"> variableAccessData->mergeStructureCheckHoistingFailed(
</span><span class="cx"> m_inlineStackTop->m_exitProfile.hasExitSite(semanticOrigin.bytecodeIndex, BadCache));
</span><span class="cx"> variableAccessData->mergeCheckArrayHoistingFailed(
</span><span class="lines">@@ -411,26 +406,22 @@
</span><span class="cx"> ASSERT(argument < m_numArguments);
</span><span class="cx">
</span><span class="cx"> Node* node = m_currentBlock->variablesAtTail.argument(argument);
</span><del>- bool isCaptured = m_codeBlock->isCaptured(operand);
</del><span class="cx">
</span><span class="cx"> VariableAccessData* variable;
</span><span class="cx">
</span><span class="cx"> if (node) {
</span><span class="cx"> variable = node->variableAccessData();
</span><del>- variable->mergeIsCaptured(isCaptured);
</del><span class="cx">
</span><del>- if (!isCaptured) {
- switch (node->op()) {
- case GetLocal:
- return node;
- case SetLocal:
- return node->child1().node();
- default:
- break;
- }
</del><ins>+ switch (node->op()) {
+ case GetLocal:
+ return node;
+ case SetLocal:
+ return node->child1().node();
+ default:
+ break;
</ins><span class="cx"> }
</span><span class="cx"> } else
</span><del>- variable = newVariableAccessData(operand, isCaptured);
</del><ins>+ variable = newVariableAccessData(operand);
</ins><span class="cx">
</span><span class="cx"> node = injectLazyOperandSpeculation(addToGraph(GetLocal, OpInfo(variable)));
</span><span class="cx"> m_currentBlock->variablesAtTail.argument(argument) = node;
</span><span class="lines">@@ -444,10 +435,8 @@
</span><span class="cx"> unsigned argument = operand.toArgument();
</span><span class="cx"> ASSERT(argument < m_numArguments);
</span><span class="cx">
</span><del>- bool isCaptured = m_codeBlock->isCaptured(operand);
</del><ins>+ VariableAccessData* variableAccessData = newVariableAccessData(operand);
</ins><span class="cx">
</span><del>- VariableAccessData* variableAccessData = newVariableAccessData(operand, isCaptured);
-
</del><span class="cx"> // Always flush arguments, except for 'this'. If 'this' is created by us,
</span><span class="cx"> // then make sure that it's never unboxed.
</span><span class="cx"> if (argument) {
</span><span class="lines">@@ -512,19 +501,16 @@
</span><span class="cx">
</span><span class="cx"> void flushDirect(VirtualRegister operand, ArgumentPosition* argumentPosition)
</span><span class="cx"> {
</span><del>- bool isCaptured = m_codeBlock->isCaptured(operand, inlineCallFrame());
-
</del><span class="cx"> ASSERT(!operand.isConstant());
</span><span class="cx">
</span><span class="cx"> Node* node = m_currentBlock->variablesAtTail.operand(operand);
</span><span class="cx">
</span><span class="cx"> VariableAccessData* variable;
</span><span class="cx">
</span><del>- if (node) {
</del><ins>+ if (node)
</ins><span class="cx"> variable = node->variableAccessData();
</span><del>- variable->mergeIsCaptured(isCaptured);
- } else
- variable = newVariableAccessData(operand, isCaptured);
</del><ins>+ else
+ variable = newVariableAccessData(operand);
</ins><span class="cx">
</span><span class="cx"> node = addToGraph(Flush, OpInfo(variable));
</span><span class="cx"> m_currentBlock->variablesAtTail.operand(operand) = node;
</span><span class="lines">@@ -545,11 +531,6 @@
</span><span class="cx"> numArguments = inlineStackEntry->m_codeBlock->numParameters();
</span><span class="cx"> for (unsigned argument = numArguments; argument-- > 1;)
</span><span class="cx"> flushDirect(inlineStackEntry->remapOperand(virtualRegisterForArgument(argument)));
</span><del>- for (int local = 0; local < inlineStackEntry->m_codeBlock->m_numVars; ++local) {
- if (!inlineStackEntry->m_codeBlock->isCaptured(virtualRegisterForLocal(local)))
- continue;
- flushDirect(inlineStackEntry->remapOperand(virtualRegisterForLocal(local)));
- }
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void flushForTerminal()
</span><span class="lines">@@ -844,6 +825,16 @@
</span><span class="cx"> return node;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void noticeArgumentsUse()
+ {
+ // All of the arguments in this function need to be formatted as JSValues because we will
+ // load from them in a random-access fashion and we don't want to have to switch on
+ // format.
+
+ for (ArgumentPosition* argument : m_inlineStackTop->m_argumentPositions)
+ argument->mergeShouldNeverUnbox(true);
+ }
+
</ins><span class="cx"> void buildOperandMapsIfNecessary();
</span><span class="cx">
</span><span class="cx"> VM* m_vm;
</span><span class="lines">@@ -1123,6 +1114,9 @@
</span><span class="cx"> if (callTarget->isCellConstant())
</span><span class="cx"> callLinkStatus.setProvenConstantCallee(CallVariant(callTarget->asCell()));
</span><span class="cx">
</span><ins>+ if (Options::verboseDFGByteCodeParsing())
+ dataLog(" Varargs call link status at ", currentCodeOrigin(), ": ", callLinkStatus, "\n");
+
</ins><span class="cx"> if (callLinkStatus.canOptimize()
</span><span class="cx"> && handleInlining(callTarget, result, callLinkStatus, firstFreeReg, VirtualRegister(thisReg), VirtualRegister(arguments), firstVarArgOffset, 0, m_currentIndex + OPCODE_LENGTH(op_call_varargs), op, InlineCallFrame::varargsKindFor(kind), prediction)) {
</span><span class="cx"> if (m_graph.compilation())
</span><span class="lines">@@ -1431,29 +1425,38 @@
</span><span class="cx"> if (verbose)
</span><span class="cx"> dataLog(" Considering callee ", callee, "\n");
</span><span class="cx">
</span><del>- if (InternalFunction* function = callee.internalFunction()) {
- if (handleConstantInternalFunction(resultOperand, function, registerOffset, argumentCountIncludingThis, specializationKind, insertChecksWithAccounting)) {
- RELEASE_ASSERT(didInsertChecks);
- addToGraph(Phantom, callTargetNode);
- emitArgumentPhantoms(registerOffset, argumentCountIncludingThis);
- inliningBalance--;
- return true;
</del><ins>+ // Intrinsics and internal functions can only be inlined if we're not doing varargs. This is because
+ // we currently don't have any way of getting profiling information for arguments to non-JS varargs
+ // calls. The prediction propagator won't be of any help because LoadVarargs obscures the data flow,
+ // and there are no callsite value profiles and native function won't have callee value profiles for
+ // those arguments. Even worse, if the intrinsic decides to exit, it won't really have anywhere to
+ // exit to: LoadVarargs is effectful and it's part of the op_call_varargs, so we can't exit without
+ // calling LoadVarargs twice.
+ if (!InlineCallFrame::isVarargs(kind)) {
+ if (InternalFunction* function = callee.internalFunction()) {
+ if (handleConstantInternalFunction(resultOperand, function, registerOffset, argumentCountIncludingThis, specializationKind, insertChecksWithAccounting)) {
+ RELEASE_ASSERT(didInsertChecks);
+ addToGraph(Phantom, callTargetNode);
+ emitArgumentPhantoms(registerOffset, argumentCountIncludingThis);
+ inliningBalance--;
+ return true;
+ }
+ RELEASE_ASSERT(!didInsertChecks);
+ return false;
</ins><span class="cx"> }
</span><del>- RELEASE_ASSERT(!didInsertChecks);
- return false;
- }
</del><span class="cx">
</span><del>- Intrinsic intrinsic = callee.intrinsicFor(specializationKind);
- if (intrinsic != NoIntrinsic) {
- if (handleIntrinsic(resultOperand, intrinsic, registerOffset, argumentCountIncludingThis, prediction, insertChecksWithAccounting)) {
- RELEASE_ASSERT(didInsertChecks);
- addToGraph(Phantom, callTargetNode);
- emitArgumentPhantoms(registerOffset, argumentCountIncludingThis);
- inliningBalance--;
- return true;
</del><ins>+ Intrinsic intrinsic = callee.intrinsicFor(specializationKind);
+ if (intrinsic != NoIntrinsic) {
+ if (handleIntrinsic(resultOperand, intrinsic, registerOffset, argumentCountIncludingThis, prediction, insertChecksWithAccounting)) {
+ RELEASE_ASSERT(didInsertChecks);
+ addToGraph(Phantom, callTargetNode);
+ emitArgumentPhantoms(registerOffset, argumentCountIncludingThis);
+ inliningBalance--;
+ return true;
+ }
+ RELEASE_ASSERT(!didInsertChecks);
+ return false;
</ins><span class="cx"> }
</span><del>- RELEASE_ASSERT(!didInsertChecks);
- return false;
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> unsigned myInliningCost = inliningCost(callee, argumentCountIncludingThis, specializationKind);
</span><span class="lines">@@ -1540,6 +1543,8 @@
</span><span class="cx"> int remappedRegisterOffset =
</span><span class="cx"> m_inlineStackTop->remapOperand(VirtualRegister(registerOffset)).offset();
</span><span class="cx">
</span><ins>+ ensureLocals(VirtualRegister(remappedRegisterOffset).toLocal());
+
</ins><span class="cx"> int argumentStart = registerOffset + JSStack::CallFrameHeaderSize;
</span><span class="cx"> int remappedArgumentStart =
</span><span class="cx"> m_inlineStackTop->remapOperand(VirtualRegister(argumentStart)).offset();
</span><span class="lines">@@ -1559,7 +1564,7 @@
</span><span class="cx"> // before SSA.
</span><span class="cx">
</span><span class="cx"> VariableAccessData* countVariable = newVariableAccessData(
</span><del>- VirtualRegister(remappedRegisterOffset + JSStack::ArgumentCount), false);
</del><ins>+ VirtualRegister(remappedRegisterOffset + JSStack::ArgumentCount));
</ins><span class="cx"> // This is pretty lame, but it will force the count to be flushed as an int. This doesn't
</span><span class="cx"> // matter very much, since our use of a SetArgument and Flushes for this local slot is
</span><span class="cx"> // mostly just a formality.
</span><span class="lines">@@ -1571,7 +1576,7 @@
</span><span class="cx"> set(VirtualRegister(argumentStart), get(thisArgument), ImmediateNakedSet);
</span><span class="cx"> for (unsigned argument = 1; argument < maxNumArguments; ++argument) {
</span><span class="cx"> VariableAccessData* variable = newVariableAccessData(
</span><del>- VirtualRegister(remappedArgumentStart + argument), false);
</del><ins>+ VirtualRegister(remappedArgumentStart + argument));
</ins><span class="cx"> variable->mergeShouldNeverUnbox(true); // We currently have nowhere to put the type check on the LoadVarargs. LoadVarargs is effectful, so after it finishes, we cannot exit.
</span><span class="cx">
</span><span class="cx"> // For a while it had been my intention to do things like this inside the
</span><span class="lines">@@ -2534,7 +2539,7 @@
</span><span class="cx"> m_graph.m_arguments.resize(m_numArguments);
</span><span class="cx"> for (unsigned argument = 0; argument < m_numArguments; ++argument) {
</span><span class="cx"> VariableAccessData* variable = newVariableAccessData(
</span><del>- virtualRegisterForArgument(argument), m_codeBlock->isCaptured(virtualRegisterForArgument(argument)));
</del><ins>+ virtualRegisterForArgument(argument));
</ins><span class="cx"> variable->mergeStructureCheckHoistingFailed(
</span><span class="cx"> m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCache));
</span><span class="cx"> variable->mergeCheckArrayHoistingFailed(
</span><span class="lines">@@ -3084,7 +3089,7 @@
</span><span class="cx"> Node* value = get(VirtualRegister(currentInstruction[2].u.operand));
</span><span class="cx"> addToGraph(
</span><span class="cx"> PutGlobalVar,
</span><del>- OpInfo(m_inlineStackTop->m_codeBlock->globalObject()->assertRegisterIsInThisObject(currentInstruction[1].u.registerPointer)),
</del><ins>+ OpInfo(m_inlineStackTop->m_codeBlock->globalObject()->assertVariableIsInThisObject(currentInstruction[1].u.variablePointer)),
</ins><span class="cx"> value);
</span><span class="cx"> NEXT_OPCODE(op_init_global_const);
</span><span class="cx"> }
</span><span class="lines">@@ -3327,66 +3332,6 @@
</span><span class="cx"> NEXT_OPCODE(op_construct);
</span><span class="cx">
</span><span class="cx"> case op_call_varargs: {
</span><del>- int result = currentInstruction[1].u.operand;
- int callee = currentInstruction[2].u.operand;
- int thisReg = currentInstruction[3].u.operand;
- int arguments = currentInstruction[4].u.operand;
- int firstFreeReg = currentInstruction[5].u.operand;
- int firstVarArgOffset = currentInstruction[6].u.operand;
-
- if (arguments == m_inlineStackTop->m_codeBlock->uncheckedArgumentsRegister().offset()
- && !m_inlineStackTop->m_codeBlock->symbolTable()->slowArguments()) {
- if (inlineCallFrame()
- && !inlineCallFrame()->isVarargs()
- && !firstVarArgOffset) {
- addToGraph(CheckArgumentsNotCreated);
-
- unsigned argCount = inlineCallFrame()->arguments.size();
-
- // Let's compute the register offset. We start with the last used register, and
- // then adjust for the things we want in the call frame.
- int registerOffset = firstFreeReg + 1;
- registerOffset -= argCount; // We will be passing some arguments.
- registerOffset -= JSStack::CallFrameHeaderSize; // We will pretend to have a call frame header.
-
- // Get the alignment right.
- registerOffset = -WTF::roundUpToMultipleOf(
- stackAlignmentRegisters(),
- -registerOffset);
-
- ensureLocals(
- m_inlineStackTop->remapOperand(
- VirtualRegister(registerOffset)).toLocal());
-
- // The bytecode wouldn't have set up the arguments. But we'll do it and make it
- // look like the bytecode had done it.
- int nextRegister = registerOffset + JSStack::CallFrameHeaderSize;
- set(VirtualRegister(nextRegister++), get(VirtualRegister(thisReg)), ImmediateNakedSet);
- for (unsigned argument = 1; argument < argCount; ++argument)
- set(VirtualRegister(nextRegister++), get(virtualRegisterForArgument(argument)), ImmediateNakedSet);
-
- handleCall(
- result, Call, CodeForCall, OPCODE_LENGTH(op_call_varargs),
- callee, argCount, registerOffset);
- NEXT_OPCODE(op_call_varargs);
- }
-
- // Emit CallForwardVarargs
- // FIXME: This means we cannot inline forwarded varargs calls inside a varargs
- // call frame. We will probably fix that once we finally get rid of the
- // arguments object special-casing.
- CallVarargsData* data = m_graph.m_callVarargsData.add();
- data->firstVarArgOffset = firstVarArgOffset;
-
- Node* call = addToGraph(
- CallForwardVarargs, OpInfo(data), OpInfo(getPrediction()),
- get(VirtualRegister(callee)), get(VirtualRegister(thisReg)));
- VirtualRegister resultReg(result);
- if (resultReg.isValid())
- set(resultReg, call);
- NEXT_OPCODE(op_call_varargs);
- }
-
</del><span class="cx"> handleVarargsCall(currentInstruction, CallVarargs, CodeForCall);
</span><span class="cx"> NEXT_OPCODE(op_call_varargs);
</span><span class="cx"> }
</span><span class="lines">@@ -3511,16 +3456,23 @@
</span><span class="cx"> case ClosureVar:
</span><span class="cx"> case ClosureVarWithVarInjectionChecks: {
</span><span class="cx"> Node* scopeNode = get(VirtualRegister(scope));
</span><del>- if (JSValue value = m_graph.tryGetConstantClosureVar(scopeNode, VirtualRegister(operand))) {
- addToGraph(Phantom, scopeNode);
</del><ins>+
+ // Ideally we wouldn't have to do this Phantom. But:
+ //
+ // For the constant case: we must do it because otherwise we would have no way of knowing
+ // that the scope is live at OSR here.
+ //
+ // For the non-constant case: GetClosureVar could be DCE'd, but baseline's implementation
+ // won't be able to handle an Undefined scope.
+ addToGraph(Phantom, scopeNode);
+
+ if (JSValue value = m_graph.tryGetConstantClosureVar(scopeNode, ScopeOffset(operand))) {
</ins><span class="cx"> set(VirtualRegister(dst), weakJSConstant(value));
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> SpeculatedType prediction = getPrediction();
</span><span class="cx"> set(VirtualRegister(dst),
</span><del>- addToGraph(
- GetClosureVar, OpInfo(operand), OpInfo(prediction),
- scopeNode, addToGraph(GetClosureRegisters, scopeNode)));
</del><ins>+ addToGraph(GetClosureVar, OpInfo(operand), OpInfo(prediction), scopeNode));
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case Dynamic:
</span><span class="lines">@@ -3532,13 +3484,19 @@
</span><span class="cx">
</span><span class="cx"> case op_put_to_scope: {
</span><span class="cx"> unsigned scope = currentInstruction[1].u.operand;
</span><del>- unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[currentInstruction[2].u.operand];
</del><ins>+ unsigned identifierNumber = currentInstruction[2].u.operand;
+ if (identifierNumber != UINT_MAX)
+ identifierNumber = m_inlineStackTop->m_identifierRemap[identifierNumber];
</ins><span class="cx"> unsigned value = currentInstruction[3].u.operand;
</span><span class="cx"> ResolveType resolveType = ResolveModeAndType(currentInstruction[4].u.operand).type();
</span><del>- AtomicStringImpl* uid = m_graph.identifiers()[identifierNumber];
-
- Structure* structure = 0;
- VariableWatchpointSet* watchpoints = 0;
</del><ins>+ AtomicStringImpl* uid;
+ if (identifierNumber != UINT_MAX)
+ uid = m_graph.identifiers()[identifierNumber];
+ else
+ uid = nullptr;
+
+ Structure* structure = nullptr;
+ VariableWatchpointSet* watchpoints = nullptr;
</ins><span class="cx"> uintptr_t operand;
</span><span class="cx"> {
</span><span class="cx"> ConcurrentJITLocker locker(m_inlineStackTop->m_profiledBlock->m_lock);
</span><span class="lines">@@ -3554,7 +3512,11 @@
</span><span class="cx"> switch (resolveType) {
</span><span class="cx"> case GlobalProperty:
</span><span class="cx"> case GlobalPropertyWithVarInjectionChecks: {
</span><del>- PutByIdStatus status = PutByIdStatus::computeFor(globalObject, structure, uid, false);
</del><ins>+ PutByIdStatus status;
+ if (uid)
+ status = PutByIdStatus::computeFor(globalObject, structure, uid, false);
+ else
+ status = PutByIdStatus(PutByIdStatus::TakesSlowPath);
</ins><span class="cx"> if (status.numVariants() != 1
</span><span class="cx"> || status[0].kind() != PutByIdVariant::Replace
</span><span class="cx"> || status[0].structure().size() != 1) {
</span><span class="lines">@@ -3571,11 +3533,13 @@
</span><span class="cx"> }
</span><span class="cx"> case GlobalVar:
</span><span class="cx"> case GlobalVarWithVarInjectionChecks: {
</span><del>- SymbolTableEntry entry = globalObject->symbolTable()->get(uid);
- ASSERT(watchpoints == entry.watchpointSet());
</del><ins>+ if (watchpoints) {
+ SymbolTableEntry entry = globalObject->symbolTable()->get(uid);
+ ASSERT_UNUSED(entry, watchpoints == entry.watchpointSet());
+ }
</ins><span class="cx"> Node* valueNode = get(VirtualRegister(value));
</span><span class="cx"> addToGraph(PutGlobalVar, OpInfo(operand), valueNode);
</span><del>- if (watchpoints->state() != IsInvalidated)
</del><ins>+ if (watchpoints && watchpoints->state() != IsInvalidated)
</ins><span class="cx"> addToGraph(NotifyWrite, OpInfo(watchpoints), valueNode);
</span><span class="cx"> // Keep scope alive until after put.
</span><span class="cx"> addToGraph(Phantom, get(VirtualRegister(scope)));
</span><span class="lines">@@ -3585,13 +3549,12 @@
</span><span class="cx"> case ClosureVar:
</span><span class="cx"> case ClosureVarWithVarInjectionChecks: {
</span><span class="cx"> Node* scopeNode = get(VirtualRegister(scope));
</span><del>- Node* scopeRegisters = addToGraph(GetClosureRegisters, scopeNode);
</del><span class="cx"> Node* valueNode = get(VirtualRegister(value));
</span><span class="cx">
</span><span class="cx"> if (watchpoints && watchpoints->state() != IsInvalidated)
</span><span class="cx"> addToGraph(NotifyWrite, OpInfo(watchpoints), valueNode);
</span><span class="cx">
</span><del>- addToGraph(PutClosureVar, OpInfo(operand), scopeNode, scopeRegisters, valueNode);
</del><ins>+ addToGraph(PutClosureVar, OpInfo(operand), scopeNode, valueNode);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case Dynamic:
</span><span class="lines">@@ -3621,15 +3584,8 @@
</span><span class="cx"> NEXT_OPCODE(op_loop_hint);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case op_init_lazy_reg: {
- set(VirtualRegister(currentInstruction[1].u.operand), jsConstant(JSValue()));
- ASSERT(operandIsLocal(currentInstruction[1].u.operand));
- m_graph.m_lazyVars.set(VirtualRegister(currentInstruction[1].u.operand).toLocal());
- NEXT_OPCODE(op_init_lazy_reg);
- }
-
</del><span class="cx"> case op_create_lexical_environment: {
</span><del>- Node* lexicalEnvironment = addToGraph(CreateActivation, get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand)));
</del><ins>+ Node* lexicalEnvironment = addToGraph(CreateActivation, get(VirtualRegister(currentInstruction[2].u.operand)));
</ins><span class="cx"> set(VirtualRegister(currentInstruction[1].u.operand), lexicalEnvironment);
</span><span class="cx"> set(VirtualRegister(currentInstruction[2].u.operand), lexicalEnvironment);
</span><span class="cx"> NEXT_OPCODE(op_create_lexical_environment);
</span><span class="lines">@@ -3650,48 +3606,51 @@
</span><span class="cx"> NEXT_OPCODE(op_get_scope);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case op_create_arguments: {
- m_graph.m_hasArguments = true;
- Node* createArguments = addToGraph(CreateArguments, get(VirtualRegister(currentInstruction[1].u.operand)));
</del><ins>+ case op_create_direct_arguments: {
+ noticeArgumentsUse();
+ Node* createArguments = addToGraph(CreateDirectArguments);
</ins><span class="cx"> set(VirtualRegister(currentInstruction[1].u.operand), createArguments);
</span><del>- set(unmodifiedArgumentsRegister(VirtualRegister(currentInstruction[1].u.operand)), createArguments);
- NEXT_OPCODE(op_create_arguments);
</del><ins>+ NEXT_OPCODE(op_create_direct_arguments);
</ins><span class="cx"> }
</span><ins>+
+ case op_create_scoped_arguments: {
+ noticeArgumentsUse();
+ Node* createArguments = addToGraph(CreateScopedArguments, get(VirtualRegister(currentInstruction[2].u.operand)));
+ set(VirtualRegister(currentInstruction[1].u.operand), createArguments);
+ NEXT_OPCODE(op_create_scoped_arguments);
+ }
</ins><span class="cx">
</span><del>- case op_tear_off_arguments: {
- m_graph.m_hasArguments = true;
- addToGraph(TearOffArguments, get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand)));
- NEXT_OPCODE(op_tear_off_arguments);
</del><ins>+ case op_create_out_of_band_arguments: {
+ noticeArgumentsUse();
+ Node* createArguments = addToGraph(CreateClonedArguments);
+ set(VirtualRegister(currentInstruction[1].u.operand), createArguments);
+ NEXT_OPCODE(op_create_out_of_band_arguments);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- case op_get_arguments_length: {
- m_graph.m_hasArguments = true;
- set(VirtualRegister(currentInstruction[1].u.operand), addToGraph(GetMyArgumentsLengthSafe));
- NEXT_OPCODE(op_get_arguments_length);
- }
-
- case op_get_argument_by_val: {
- m_graph.m_hasArguments = true;
</del><ins>+ case op_get_from_arguments: {
</ins><span class="cx"> set(VirtualRegister(currentInstruction[1].u.operand),
</span><span class="cx"> addToGraph(
</span><del>- GetMyArgumentByValSafe, OpInfo(0), OpInfo(getPrediction()),
- get(VirtualRegister(currentInstruction[3].u.operand))));
- NEXT_OPCODE(op_get_argument_by_val);
</del><ins>+ GetFromArguments,
+ OpInfo(currentInstruction[3].u.operand),
+ OpInfo(getPrediction()),
+ get(VirtualRegister(currentInstruction[2].u.operand))));
+ NEXT_OPCODE(op_get_from_arguments);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ case op_put_to_arguments: {
+ addToGraph(
+ PutToArguments,
+ OpInfo(currentInstruction[2].u.operand),
+ get(VirtualRegister(currentInstruction[1].u.operand)),
+ get(VirtualRegister(currentInstruction[3].u.operand)));
+ NEXT_OPCODE(op_put_to_arguments);
+ }
+
</ins><span class="cx"> case op_new_func: {
</span><span class="cx"> FunctionExecutable* decl = m_inlineStackTop->m_profiledBlock->functionDecl(currentInstruction[3].u.operand);
</span><span class="cx"> FrozenValue* frozen = m_graph.freezeStrong(decl);
</span><del>- if (!currentInstruction[4].u.operand) {
- set(VirtualRegister(currentInstruction[1].u.operand),
- addToGraph(NewFunctionNoCheck, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
- } else {
- set(VirtualRegister(currentInstruction[1].u.operand),
- addToGraph(
- NewFunction,
- OpInfo(frozen),
- get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand))));
- }
</del><ins>+ set(VirtualRegister(currentInstruction[1].u.operand),
+ addToGraph(NewFunction, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
</ins><span class="cx"> NEXT_OPCODE(op_new_func);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -3699,7 +3658,7 @@
</span><span class="cx"> FunctionExecutable* expr = m_inlineStackTop->m_profiledBlock->functionExpr(currentInstruction[3].u.operand);
</span><span class="cx"> FrozenValue* frozen = m_graph.freezeStrong(expr);
</span><span class="cx"> set(VirtualRegister(currentInstruction[1].u.operand),
</span><del>- addToGraph(NewFunctionExpression, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
</del><ins>+ addToGraph(NewFunction, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
</ins><span class="cx"> NEXT_OPCODE(op_new_func_exp);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -3906,12 +3865,6 @@
</span><span class="cx"> m_argumentPositions[i] = argumentPosition;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // Track the code-block-global exit sites.
- if (m_exitProfile.hasExitSite(ArgumentsEscaped)) {
- byteCodeParser->m_graph.m_executablesWhoseArgumentsEscaped.add(
- codeBlock->ownerExecutable());
- }
-
</del><span class="cx"> if (m_caller) {
</span><span class="cx"> // Inline case.
</span><span class="cx"> ASSERT(codeBlock != byteCodeParser->m_codeBlock);
</span><span class="lines">@@ -3936,22 +3889,6 @@
</span><span class="cx"> m_inlineCallFrame->arguments.resize(argumentCountIncludingThis); // Set the number of arguments including this, but don't configure the value recoveries, yet.
</span><span class="cx"> m_inlineCallFrame->kind = kind;
</span><span class="cx">
</span><del>- if (m_inlineCallFrame->caller.inlineCallFrame)
- m_inlineCallFrame->capturedVars = m_inlineCallFrame->caller.inlineCallFrame->capturedVars;
- else
- m_inlineCallFrame->capturedVars = byteCodeParser->m_graph.m_outermostCapturedVars;
-
- for (int i = argumentCountIncludingThis; i--;) {
- VirtualRegister argument = virtualRegisterForArgument(i);
- if (codeBlock->isCaptured(argument))
- m_inlineCallFrame->capturedVars.set(VirtualRegister(argument.offset() + m_inlineCallFrame->stackOffset).toLocal());
- }
- for (size_t i = codeBlock->m_numVars; i--;) {
- VirtualRegister local = virtualRegisterForLocal(i);
- if (codeBlock->isCaptured(local))
- m_inlineCallFrame->capturedVars.set(VirtualRegister(local.offset() + m_inlineCallFrame->stackOffset).toLocal());
- }
-
</del><span class="cx"> byteCodeParser->buildOperandMapsIfNecessary();
</span><span class="cx">
</span><span class="cx"> m_identifierRemap.resize(codeBlock->numberOfIdentifiers());
</span><span class="lines">@@ -4029,8 +3966,7 @@
</span><span class="cx"> " ", inlineCallFrame()->caller);
</span><span class="cx"> }
</span><span class="cx"> dataLog(
</span><del>- ": captureCount = ", codeBlock->symbolTable() ? codeBlock->symbolTable()->captureCount() : 0,
- ", needsActivation = ", codeBlock->needsActivation(),
</del><ins>+ ": needsActivation = ", codeBlock->needsActivation(),
</ins><span class="cx"> ", isStrictMode = ", codeBlock->ownerExecutable()->isStrictMode(), "\n");
</span><span class="cx"> codeBlock->baselineVersion()->dumpBytecode();
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCPSRethreadingPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -192,21 +192,6 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (variable->isCaptured()) {
- variable->setIsLoadedFrom(true);
- if (otherNode->op() == GetLocal)
- otherNode = otherNode->child1().node();
- else
- ASSERT(otherNode->op() == SetLocal || otherNode->op() == SetArgument);
-
- ASSERT(otherNode->op() == Phi || otherNode->op() == SetLocal || otherNode->op() == SetArgument);
-
- // Keep this GetLocal but link it to the prior ones.
- node->children.setChild1(Edge(otherNode));
- m_block->variablesAtTail.atFor<operandKind>(idx) = node;
- return;
- }
-
</del><span class="cx"> if (otherNode->op() == GetLocal) {
</span><span class="cx"> // Replace all references to this GetLocal with otherNode.
</span><span class="cx"> node->replacement = otherNode;
</span><span class="lines">@@ -335,10 +320,8 @@
</span><span class="cx"> // there ever was a SetLocal and it was followed by Flushes, then the tail
</span><span class="cx"> // variable will be a SetLocal and not those subsequent Flushes.
</span><span class="cx"> //
</span><del>- // Child of GetLocal: the operation that the GetLocal keeps alive. For
- // uncaptured locals, it may be a Phi from the current block. For arguments,
- // it may be a SetArgument. For captured locals and arguments it may also be
- // a SetLocal.
</del><ins>+ // Child of GetLocal: the operation that the GetLocal keeps alive. It may be
+ // a Phi from the current block. For arguments, it may be a SetArgument.
</ins><span class="cx"> //
</span><span class="cx"> // Child of SetLocal: must be a value producing node.
</span><span class="cx"> //
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCSEPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -326,8 +326,8 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> if (m_node->op() == GetLocal) {
</span><del>- // For uncaptured locals, usually the CPS rethreading phase does this. But it's OK
- // for us to mess with locals - regardless of their capturedness - so long as:
</del><ins>+ // Usually the CPS rethreading phase does this. But it's OK for us to mess with
+ // locals so long as:
</ins><span class="cx"> //
</span><span class="cx"> // - We dethread the graph. Any changes we make may invalidate the assumptions of
</span><span class="cx"> // our CPS form, particularly if this GetLocal is linked to the variablesAtTail.
</span><span class="lines">@@ -466,7 +466,7 @@
</span><span class="cx"> // clobbering the value. So, we just search for all of the like values that have been
</span><span class="cx"> // computed. We pick one that is in a block that dominates ours. Note that this means that
</span><span class="cx"> // a PureValue will map to a list of nodes, since there may be many places in the control
</span><del>- // flow graph that compute a value but only one of them that dominates us. we may build up
</del><ins>+ // flow graph that compute a value but only one of them that dominates us. We may build up
</ins><span class="cx"> // a large list of nodes that compute some value in the case of gnarly control flow. This
</span><span class="cx"> // is probably OK.
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCallCreateDirectArgumentsSlowPathGeneratorh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,83 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGCallCreateDirectArgumentsSlowPathGenerator_h
+#define DFGCallCreateDirectArgumentsSlowPathGenerator_h
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGCommon.h"
+#include "DFGOperations.h"
+#include "DFGSlowPathGenerator.h"
+#include "DFGSpeculativeJIT.h"
+#include "DirectArguments.h"
+
+namespace JSC { namespace DFG {
+
+// This calls operationCreateDirectArguments but then restores the value of lengthGPR.
+class CallCreateDirectArgumentsSlowPathGenerator : public JumpingSlowPathGenerator<MacroAssembler::JumpList> {
+public:
+ CallCreateDirectArgumentsSlowPathGenerator(
+ MacroAssembler::JumpList from, SpeculativeJIT* jit, GPRReg resultGPR, Structure* structure,
+ GPRReg lengthGPR, unsigned minCapacity)
+ : JumpingSlowPathGenerator<MacroAssembler::JumpList>(from, jit)
+ , m_resultGPR(resultGPR)
+ , m_structure(structure)
+ , m_lengthGPR(lengthGPR)
+ , m_minCapacity(minCapacity)
+ {
+ jit->silentSpillAllRegistersImpl(false, m_plans, resultGPR);
+ }
+
+protected:
+ void generateInternal(SpeculativeJIT* jit) override
+ {
+ linkFrom(jit);
+ for (unsigned i = 0; i < m_plans.size(); ++i)
+ jit->silentSpill(m_plans[i]);
+ jit->callOperation(
+ operationCreateDirectArguments, m_resultGPR, m_structure, m_lengthGPR, m_minCapacity);
+ GPRReg canTrample = SpeculativeJIT::pickCanTrample(m_resultGPR);
+ for (unsigned i = m_plans.size(); i--;)
+ jit->silentFill(m_plans[i], canTrample);
+ jit->m_jit.loadPtr(
+ MacroAssembler::Address(m_resultGPR, DirectArguments::offsetOfLength()), m_lengthGPR);
+ jumpTo(jit);
+ }
+
+private:
+ GPRReg m_resultGPR;
+ Structure* m_structure;
+ GPRReg m_lengthGPR;
+ unsigned m_minCapacity;
+ Vector<SilentRegisterSavePlan, 2> m_plans;
+};
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGCallCreateDirectArgumentsSlowPathGenerator_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -44,8 +44,7 @@
</span><span class="cx">
</span><span class="cx"> bool isSupportedForInlining(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>- return !codeBlock->ownerExecutable()->needsActivation()
- && codeBlock->ownerExecutable()->isInliningCandidate();
</del><ins>+ return codeBlock->ownerExecutable()->isInliningCandidate();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool mightCompileEval(CodeBlock* codeBlock)
</span><span class="lines">@@ -184,11 +183,11 @@
</span><span class="cx"> case op_construct:
</span><span class="cx"> case op_call_varargs:
</span><span class="cx"> case op_construct_varargs:
</span><del>- case op_init_lazy_reg:
- case op_create_arguments:
- case op_tear_off_arguments:
- case op_get_argument_by_val:
- case op_get_arguments_length:
</del><ins>+ case op_create_direct_arguments:
+ case op_create_scoped_arguments:
+ case op_create_out_of_band_arguments:
+ case op_get_from_arguments:
+ case op_put_to_arguments:
</ins><span class="cx"> case op_jneq_ptr:
</span><span class="cx"> case op_typeof:
</span><span class="cx"> case op_to_number:
</span><span class="lines">@@ -208,6 +207,7 @@
</span><span class="cx"> case op_to_index_string:
</span><span class="cx"> case op_new_func:
</span><span class="cx"> case op_new_func_exp:
</span><ins>+ case op_create_lexical_environment:
</ins><span class="cx"> return CanCompileAndInline;
</span><span class="cx">
</span><span class="cx"> case op_put_to_scope: {
</span><span class="lines">@@ -227,8 +227,7 @@
</span><span class="cx"> return CanCompileAndInline;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case op_new_regexp:
- case op_create_lexical_environment:
</del><ins>+ case op_new_regexp:
</ins><span class="cx"> case op_switch_string: // Don't inline because we don't want to copy string tables in the concurrent JIT.
</span><span class="cx"> return CanCompile;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGClobberize.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -270,7 +270,6 @@
</span><span class="cx"> case Phi:
</span><span class="cx"> case PhantomLocal:
</span><span class="cx"> case SetArgument:
</span><del>- case PhantomArguments:
</del><span class="cx"> case Jump:
</span><span class="cx"> case Branch:
</span><span class="cx"> case Switch:
</span><span class="lines">@@ -300,7 +299,7 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case Flush:
</span><del>- read(AbstractHeap(Variables, node->local()));
</del><ins>+ read(AbstractHeap(Stack, node->local()));
</ins><span class="cx"> write(SideState);
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -317,18 +316,28 @@
</span><span class="cx"> case CreateActivation:
</span><span class="cx"> read(HeapObjectCount);
</span><span class="cx"> write(HeapObjectCount);
</span><del>- write(SideState);
- write(Watchpoint_fire);
</del><span class="cx"> return;
</span><span class="cx">
</span><del>- case CreateArguments:
- read(Variables);
</del><ins>+ case CreateDirectArguments:
+ case CreateScopedArguments:
+ case CreateClonedArguments:
+ read(Stack);
</ins><span class="cx"> read(HeapObjectCount);
</span><span class="cx"> write(HeapObjectCount);
</span><del>- write(SideState);
- write(Watchpoint_fire);
</del><span class="cx"> return;
</span><span class="cx">
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ // DFG backend requires that the locals that this reads are flushed. FTL backend can handle those
+ // locals being promoted.
+ if (!isFTL(graph.m_plan.mode))
+ read(Stack);
+
+ // Even though it's phantom, it still has the property that one can't be replaced with another.
+ read(HeapObjectCount);
+ write(HeapObjectCount);
+ return;
+
</ins><span class="cx"> case ToThis:
</span><span class="cx"> case CreateThis:
</span><span class="cx"> read(MiscFields);
</span><span class="lines">@@ -375,10 +384,9 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> case ToPrimitive:
</span><span class="cx"> case In:
</span><del>- case GetMyArgumentsLengthSafe:
- case GetMyArgumentByValSafe:
</del><span class="cx"> case ValueAdd:
</span><span class="cx"> read(World);
</span><span class="cx"> write(Heap);
</span><span class="lines">@@ -395,44 +403,63 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case GetCallee:
</span><del>- read(AbstractHeap(Variables, JSStack::Callee));
- def(HeapLocation(VariableLoc, AbstractHeap(Variables, JSStack::Callee)), node);
</del><ins>+ read(AbstractHeap(Stack, JSStack::Callee));
+ def(HeapLocation(StackLoc, AbstractHeap(Stack, JSStack::Callee)), node);
</ins><span class="cx"> return;
</span><span class="cx">
</span><ins>+ case GetArgumentCount:
+ read(AbstractHeap(Stack, JSStack::ArgumentCount));
+ def(HeapLocation(StackPayloadLoc, AbstractHeap(Stack, JSStack::ArgumentCount)), node);
+ return;
+
</ins><span class="cx"> case GetLocal:
</span><del>- read(AbstractHeap(Variables, node->local()));
- def(HeapLocation(VariableLoc, AbstractHeap(Variables, node->local())), node);
</del><ins>+ read(AbstractHeap(Stack, node->local()));
+ def(HeapLocation(StackLoc, AbstractHeap(Stack, node->local())), node);
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case SetLocal:
</span><del>- write(AbstractHeap(Variables, node->local()));
- def(HeapLocation(VariableLoc, AbstractHeap(Variables, node->local())), node->child1().node());
</del><ins>+ write(AbstractHeap(Stack, node->local()));
+ def(HeapLocation(StackLoc, AbstractHeap(Stack, node->local())), node->child1().node());
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case GetStack: {
</span><del>- AbstractHeap heap(Variables, node->stackAccessData()->local);
</del><ins>+ AbstractHeap heap(Stack, node->stackAccessData()->local);
</ins><span class="cx"> read(heap);
</span><del>- def(HeapLocation(VariableLoc, heap), node);
</del><ins>+ def(HeapLocation(StackLoc, heap), node);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case PutStack: {
</span><del>- AbstractHeap heap(Variables, node->stackAccessData()->local);
</del><ins>+ AbstractHeap heap(Stack, node->stackAccessData()->local);
</ins><span class="cx"> write(heap);
</span><del>- def(HeapLocation(VariableLoc, heap), node->child1().node());
</del><ins>+ def(HeapLocation(StackLoc, heap), node->child1().node());
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case LoadVarargs:
- // This actually writes to local variables as well. But when it reads the array, it does
- // so in a way that may trigger getters or various traps.
</del><ins>+ case LoadVarargs: {
</ins><span class="cx"> read(World);
</span><del>- write(World);
</del><ins>+ write(Heap);
+ LoadVarargsData* data = node->loadVarargsData();
+ write(AbstractHeap(Stack, data->count.offset()));
+ for (unsigned i = data->limit; i--;)
+ write(AbstractHeap(Stack, data->start.offset() + static_cast<int>(i)));
</ins><span class="cx"> return;
</span><ins>+ }
</ins><span class="cx">
</span><ins>+ case ForwardVarargs: {
+ // We could be way more precise here.
+ read(Stack);
+
+ LoadVarargsData* data = node->loadVarargsData();
+ write(AbstractHeap(Stack, data->count.offset()));
+ for (unsigned i = data->limit; i--;)
+ write(AbstractHeap(Stack, data->start.offset() + static_cast<int>(i)));
+ return;
+ }
+
</ins><span class="cx"> case GetLocalUnlinked:
</span><del>- read(AbstractHeap(Variables, node->unlinkedLocal()));
- def(HeapLocation(VariableLoc, AbstractHeap(Variables, node->unlinkedLocal())), node);
</del><ins>+ read(AbstractHeap(Stack, node->unlinkedLocal()));
+ def(HeapLocation(StackLoc, AbstractHeap(Stack, node->unlinkedLocal())), node);
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case GetByVal: {
</span><span class="lines">@@ -465,12 +492,16 @@
</span><span class="cx"> def(PureValue(node, mode.asWord()));
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- case Array::Arguments:
- read(Arguments_registers);
- read(Variables);
- def(HeapLocation(IndexedPropertyLoc, Variables, node->child1(), node->child2()), node);
</del><ins>+ case Array::DirectArguments:
+ read(DirectArgumentsProperties);
+ def(HeapLocation(IndexedPropertyLoc, DirectArgumentsProperties, node->child1(), node->child2()), node);
</ins><span class="cx"> return;
</span><span class="cx">
</span><ins>+ case Array::ScopedArguments:
+ read(ScopeProperties);
+ def(HeapLocation(IndexedPropertyLoc, ScopeProperties, node->child1(), node->child2()), node);
+ return;
+
</ins><span class="cx"> case Array::Int32:
</span><span class="cx"> if (mode.isInBounds()) {
</span><span class="cx"> read(Butterfly_publicLength);
</span><span class="lines">@@ -532,6 +563,13 @@
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return;
</span><span class="cx"> }
</span><ins>+
+ case GetMyArgumentByVal: {
+ read(Stack);
+ // FIXME: It would be trivial to have a def here.
+ // https://bugs.webkit.org/show_bug.cgi?id=143077
+ return;
+ }
</ins><span class="cx">
</span><span class="cx"> case PutByValDirect:
</span><span class="cx"> case PutByVal:
</span><span class="lines">@@ -544,7 +582,6 @@
</span><span class="cx"> case Array::SelectUsingPredictions:
</span><span class="cx"> case Array::Unprofiled:
</span><span class="cx"> case Array::Undecided:
</span><del>- case Array::String:
</del><span class="cx"> // Assume the worst since we don't have profiling yet.
</span><span class="cx"> read(World);
</span><span class="cx"> write(Heap);
</span><span class="lines">@@ -559,13 +596,6 @@
</span><span class="cx"> write(Heap);
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- case Array::Arguments:
- read(Arguments_registers);
- read(MiscFields);
- write(Variables);
- def(HeapLocation(IndexedPropertyLoc, Variables, base, index), value);
- return;
-
</del><span class="cx"> case Array::Int32:
</span><span class="cx"> if (node->arrayMode().isOutOfBounds()) {
</span><span class="cx"> read(World);
</span><span class="lines">@@ -632,6 +662,11 @@
</span><span class="cx"> // FIXME: We can't def() anything here because these operations truncate their inputs.
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=134737
</span><span class="cx"> return;
</span><ins>+ case Array::String:
+ case Array::DirectArguments:
+ case Array::ScopedArguments:
+ DFG_CRASH(graph, node, "impossible array mode for put");
+ return;
</ins><span class="cx"> }
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return;
</span><span class="lines">@@ -760,7 +795,8 @@
</span><span class="cx"> def(PureValue(node, mode.asWord()));
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- case Array::Arguments:
</del><ins>+ case Array::DirectArguments:
+ case Array::ScopedArguments:
</ins><span class="cx"> read(MiscFields);
</span><span class="cx"> def(HeapLocation(ArrayLengthLoc, MiscFields, node->child1()), node);
</span><span class="cx"> return;
</span><span class="lines">@@ -773,29 +809,38 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetClosureRegisters:
- read(JSEnvironmentRecord_registers);
- def(HeapLocation(ClosureRegistersLoc, JSEnvironmentRecord_registers, node->child1()), node);
- return;
-
</del><span class="cx"> case GetClosureVar:
</span><del>- read(AbstractHeap(Variables, node->varNumber()));
- def(HeapLocation(ClosureVariableLoc, AbstractHeap(Variables, node->varNumber()), node->child1()), node);
</del><ins>+ read(AbstractHeap(ScopeProperties, node->scopeOffset().offset()));
+ def(HeapLocation(ClosureVariableLoc, AbstractHeap(ScopeProperties, node->scopeOffset().offset()), node->child1()), node);
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case PutClosureVar:
</span><del>- write(AbstractHeap(Variables, node->varNumber()));
- def(HeapLocation(ClosureVariableLoc, AbstractHeap(Variables, node->varNumber()), node->child1()), node->child3().node());
</del><ins>+ write(AbstractHeap(ScopeProperties, node->scopeOffset().offset()));
+ def(HeapLocation(ClosureVariableLoc, AbstractHeap(ScopeProperties, node->scopeOffset().offset()), node->child2()), node->child2().node());
</ins><span class="cx"> return;
</span><span class="cx">
</span><ins>+ case GetFromArguments: {
+ AbstractHeap heap(DirectArgumentsProperties, node->capturedArgumentsOffset().offset());
+ read(heap);
+ def(HeapLocation(DirectArgumentsLoc, heap), node);
+ return;
+ }
+
+ case PutToArguments: {
+ AbstractHeap heap(DirectArgumentsProperties, node->capturedArgumentsOffset().offset());
+ write(heap);
+ def(HeapLocation(DirectArgumentsLoc, heap), node->child2().node());
+ return;
+ }
+
</ins><span class="cx"> case GetGlobalVar:
</span><del>- read(AbstractHeap(Absolute, node->registerPointer()));
- def(HeapLocation(GlobalVariableLoc, AbstractHeap(Absolute, node->registerPointer())), node);
</del><ins>+ read(AbstractHeap(Absolute, node->variablePointer()));
+ def(HeapLocation(GlobalVariableLoc, AbstractHeap(Absolute, node->variablePointer())), node);
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case PutGlobalVar:
</span><del>- write(AbstractHeap(Absolute, node->registerPointer()));
- def(HeapLocation(GlobalVariableLoc, AbstractHeap(Absolute, node->registerPointer())), node->child1().node());
</del><ins>+ write(AbstractHeap(Absolute, node->variablePointer()));
+ def(HeapLocation(GlobalVariableLoc, AbstractHeap(Absolute, node->variablePointer())), node->child1().node());
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case NewArray:
</span><span class="lines">@@ -815,9 +860,7 @@
</span><span class="cx"> case NewStringObject:
</span><span class="cx"> case PhantomNewObject:
</span><span class="cx"> case MaterializeNewObject:
</span><del>- case NewFunctionNoCheck:
</del><span class="cx"> case NewFunction:
</span><del>- case NewFunctionExpression:
</del><span class="cx"> read(HeapObjectCount);
</span><span class="cx"> write(HeapObjectCount);
</span><span class="cx"> return;
</span><span class="lines">@@ -869,30 +912,6 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case TearOffArguments:
- read(Variables);
- write(Arguments_registers);
- return;
-
- case GetMyArgumentsLength:
- read(AbstractHeap(Variables, graph.argumentsRegisterFor(node->origin.semantic)));
- read(AbstractHeap(Variables, JSStack::ArgumentCount));
- // FIXME: We could def() this by specifying the code origin as a kind of m_info, like we
- // have for PureValue.
- // https://bugs.webkit.org/show_bug.cgi?id=134797
- return;
-
- case GetMyArgumentByVal:
- read(Variables);
- // FIXME: We could def() this by specifying the code origin as a kind of m_info, like we
- // have for PureValue.
- // https://bugs.webkit.org/show_bug.cgi?id=134797
- return;
-
- case CheckArgumentsNotCreated:
- read(AbstractHeap(Variables, graph.argumentsRegisterFor(node->origin.semantic)));
- return;
-
</del><span class="cx"> case ThrowReferenceError:
</span><span class="cx"> write(SideState);
</span><span class="cx"> read(HeapObjectCount);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCommonh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCommon.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCommon.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGCommon.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -30,7 +30,6 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><del>-#include "CodeOrigin.h"
</del><span class="cx"> #include "Options.h"
</span><span class="cx"> #include "VirtualRegister.h"
</span><span class="cx">
</span><span class="lines">@@ -193,12 +192,10 @@
</span><span class="cx"> // expect to be live at the head, and which locals they make available at the
</span><span class="cx"> // tail. ThreadedCPS form also implies that:
</span><span class="cx"> //
</span><del>- // - GetLocals and SetLocals to uncaptured variables are not redundant within
- // a basic block.
</del><ins>+ // - GetLocals and SetLocals are not redundant within a basic block.
</ins><span class="cx"> //
</span><span class="cx"> // - All GetLocals and Flushes are linked directly to the last access point
</span><del>- // of the variable, which must not be another GetLocal if the variable is
- // uncaptured.
</del><ins>+ // of the variable, which must not be another GetLocal.
</ins><span class="cx"> //
</span><span class="cx"> // - Phantom(Phi) is not legal, but PhantomLocal is.
</span><span class="cx"> //
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCommonDatah"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCommonData.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCommonData.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGCommonData.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -71,7 +71,6 @@
</span><span class="cx"> public:
</span><span class="cx"> CommonData()
</span><span class="cx"> : isStillValid(true)
</span><del>- , machineCaptureStart(std::numeric_limits<int>::max())
</del><span class="cx"> , frameRegisterCount(std::numeric_limits<unsigned>::max())
</span><span class="cx"> , requiredRegisterCountForExit(std::numeric_limits<unsigned>::max())
</span><span class="cx"> { }
</span><span class="lines">@@ -103,9 +102,6 @@
</span><span class="cx"> bool allTransitionsHaveBeenMarked; // Initialized and used on every GC.
</span><span class="cx"> bool isStillValid;
</span><span class="cx">
</span><del>- int machineCaptureStart;
- std::unique_ptr<SlowArgument[]> slowArguments;
-
</del><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> std::unique_ptr<Bag<double>> doubleConstants;
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGConstantFoldingPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><span class="cx"> #include "DFGAbstractInterpreterInlines.h"
</span><ins>+#include "DFGArgumentsUtilities.h"
</ins><span class="cx"> #include "DFGBasicBlock.h"
</span><span class="cx"> #include "DFGGraph.h"
</span><span class="cx"> #include "DFGInPlaceAbstractState.h"
</span><span class="lines">@@ -97,16 +98,6 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CheckArgumentsNotCreated: {
- if (!isEmptySpeculation(
- m_state.variables().operand(
- m_graph.argumentsRegisterFor(node->origin.semantic)).m_type))
- break;
- node->convertToPhantom();
- eliminated = true;
- break;
- }
-
</del><span class="cx"> case CheckStructure:
</span><span class="cx"> case ArrayifyToStructure: {
</span><span class="cx"> AbstractValue& value = m_state.forNode(node->child1());
</span><span class="lines">@@ -207,6 +198,63 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case GetMyArgumentByVal: {
+ JSValue index = m_state.forNode(node->child2()).value();
+ if (!index || !index.isInt32())
+ break;
+
+ Node* arguments = node->child1().node();
+ InlineCallFrame* inlineCallFrame = arguments->origin.semantic.inlineCallFrame;
+
+ // Don't try to do anything if the index is known to be outside our static bounds. Note
+ // that our static bounds are usually strictly larger than the dynamic bounds. The
+ // exception is something like this, assuming foo() is not inlined:
+ //
+ // function foo() { return arguments[5]; }
+ //
+ // Here the static bound on number of arguments is 0, and we're accessing index 5. We
+ // will not strength-reduce this to GetStack because GetStack is otherwise assumed by the
+ // compiler to access those variables that are statically accounted for; for example if
+ // we emitted a GetStack on arg6 we would have out-of-bounds access crashes anywhere that
+ // uses an Operands<> map. There is not much cost to continuing to use a
+ // GetMyArgumentByVal in such statically-out-of-bounds accesses; we just lose CFA unless
+ // GCSE removes the access entirely.
+ if (inlineCallFrame) {
+ if (index.isUInt32() >= inlineCallFrame->arguments.size() - 1)
+ break;
+ } else {
+ if (index.isUInt32() >= m_state.variables().numberOfArguments() - 1)
+ break;
+ }
+
+ m_interpreter.execute(indexInBlock); // Push CFA over this node after we get the state before.
+
+ StackAccessData* data;
+ if (inlineCallFrame) {
+ data = m_graph.m_stackAccessData.add(
+ inlineCallFrame->arguments[index.asInt32() + 1].virtualRegister(), FlushedJSValue);
+ } else {
+ data = m_graph.m_stackAccessData.add(
+ virtualRegisterForArgument(index.asInt32() + 1), FlushedJSValue);
+ }
+
+ if (inlineCallFrame && !inlineCallFrame->isVarargs()
+ && index.asUInt32() < inlineCallFrame->arguments.size() - 1) {
+ node->convertToGetStack(data);
+ eliminated = true;
+ break;
+ }
+
+ Node* length = emitCodeToGetArgumentsArrayLength(
+ m_insertionSet, arguments, indexInBlock, node->origin);
+ m_insertionSet.insertNode(
+ indexInBlock, SpecNone, CheckInBounds, node->origin,
+ node->child2(), Edge(length, Int32Use));
+ node->convertToGetStack(data);
+ eliminated = true;
+ break;
+ }
+
</ins><span class="cx"> case MultiGetByOffset: {
</span><span class="cx"> Edge baseEdge = node->child1();
</span><span class="cx"> Node* base = baseEdge.node();
</span><span class="lines">@@ -385,37 +433,6 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentByVal: {
- InlineCallFrame* inlineCallFrame = node->origin.semantic.inlineCallFrame;
- JSValue value = m_state.forNode(node->child1()).m_value;
- if (inlineCallFrame && value && value.isInt32()) {
- int32_t index = value.asInt32();
- if (index >= 0
- && static_cast<size_t>(index + 1) < inlineCallFrame->arguments.size()) {
- // Roll the interpreter over this.
- m_interpreter.execute(indexInBlock);
- eliminated = true;
-
- int operand =
- inlineCallFrame->stackOffset +
- m_graph.baselineCodeBlockFor(inlineCallFrame)->argumentIndexAfterCapture(index);
-
- m_insertionSet.insertNode(
- indexInBlock, SpecNone, CheckArgumentsNotCreated, node->origin);
- m_insertionSet.insertNode(
- indexInBlock, SpecNone, Phantom, node->origin, node->children);
-
- if (m_graph.m_form == SSA)
- node->convertToGetStack(m_graph.m_stackAccessData.add(VirtualRegister(operand), FlushedJSValue));
- else
- node->convertToGetLocalUnlinked(VirtualRegister(operand));
- break;
- }
- }
-
- break;
- }
-
</del><span class="cx"> case Check: {
</span><span class="cx"> alreadyHandled = true;
</span><span class="cx"> m_interpreter.execute(indexInBlock);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDCEPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDCEPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDCEPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGDCEPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -205,37 +205,7 @@
</span><span class="cx"> if (node->op() == GetLocal) {
</span><span class="cx"> node = node->child1().node();
</span><span class="cx">
</span><del>- // FIXME: In the case that the variable is captured, we really want to be able
- // to replace the variable-at-tail with the last use of the variable in the same
- // way that CPS rethreading would do. The child of the GetLocal isn't necessarily
- // the same as what CPS rethreading would do. For example, we may have:
- //
- // a: SetLocal(...) // live
- // b: GetLocal(@a) // live
- // c: GetLocal(@a) // dead
- //
- // When killing @c, the code below will set the variable-at-tail to @a, while CPS
- // rethreading would have set @b. This is a benign bug, since all clients of CPS
- // only use the variable-at-tail of captured variables to get the
- // VariableAccessData and observe that it is in fact captured. But, this feels
- // like it could cause bugs in the future.
- //
- // It's tempting to just dethread and then invoke CPS rethreading, but CPS
- // rethreading fails to preserve exact ref-counts. So we would need a fixpoint.
- // It's probably the case that this fixpoint will be guaranteed to converge after
- // the second iteration (i.e. the second run of DCE will not kill anything and so
- // will not need to dethread), but for now the safest approach is probably just to
- // allow for this tiny bit of sloppiness.
- //
- // Another possible solution would be to simply say that DCE dethreads but then
- // we never rethread before going to the backend. That feels intuitively right
- // because it's unlikely that any of the phases after DCE in the backend rely on
- // ThreadedCPS.
- //
- // https://bugs.webkit.org/show_bug.cgi?id=130115
- ASSERT(
- node->op() == Phi || node->op() == SetArgument
- || node->variableAccessData()->isCaptured());
</del><ins>+ ASSERT(node->op() == Phi || node->op() == SetArgument);
</ins><span class="cx">
</span><span class="cx"> if (node->shouldGenerate()) {
</span><span class="cx"> variables[i] = node;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDisassemblerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDisassembler.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDisassembler.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGDisassembler.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><ins>+#include "CodeOrigin.h"
</ins><span class="cx"> #include "DFGCommon.h"
</span><span class="cx"> #include "DumpContext.h"
</span><span class="cx"> #include "MacroAssembler.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDoesGCcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -49,6 +49,7 @@
</span><span class="cx"> case Int52Constant:
</span><span class="cx"> case Identity:
</span><span class="cx"> case GetCallee:
</span><ins>+ case GetArgumentCount:
</ins><span class="cx"> case GetLocal:
</span><span class="cx"> case SetLocal:
</span><span class="cx"> case MovHint:
</span><span class="lines">@@ -98,7 +99,6 @@
</span><span class="cx"> case CheckArray:
</span><span class="cx"> case GetScope:
</span><span class="cx"> case SkipScope:
</span><del>- case GetClosureRegisters:
</del><span class="cx"> case GetClosureVar:
</span><span class="cx"> case PutClosureVar:
</span><span class="cx"> case GetGlobalVar:
</span><span class="lines">@@ -122,6 +122,7 @@
</span><span class="cx"> case ConstructVarargs:
</span><span class="cx"> case LoadVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> case NativeCall:
</span><span class="cx"> case NativeConstruct:
</span><span class="cx"> case Breakpoint:
</span><span class="lines">@@ -143,13 +144,6 @@
</span><span class="cx"> case ToPrimitive:
</span><span class="cx"> case ToString:
</span><span class="cx"> case In:
</span><del>- case PhantomArguments:
- case TearOffArguments:
- case GetMyArgumentsLength:
- case GetMyArgumentByVal:
- case GetMyArgumentsLengthSafe:
- case GetMyArgumentByValSafe:
- case CheckArgumentsNotCreated:
</del><span class="cx"> case Jump:
</span><span class="cx"> case Branch:
</span><span class="cx"> case Switch:
</span><span class="lines">@@ -204,15 +198,23 @@
</span><span class="cx"> case CheckBadCell:
</span><span class="cx"> case BottomValue:
</span><span class="cx"> case PhantomNewObject:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ case GetMyArgumentByVal:
+ case ForwardVarargs:
</ins><span class="cx"> case PutHint:
</span><span class="cx"> case CheckStructureImmediate:
</span><span class="cx"> case PutStack:
</span><span class="cx"> case KillStack:
</span><span class="cx"> case GetStack:
</span><ins>+ case GetFromArguments:
+ case PutToArguments:
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> case CreateActivation:
</span><del>- case CreateArguments:
</del><ins>+ case CreateDirectArguments:
+ case CreateScopedArguments:
+ case CreateClonedArguments:
</ins><span class="cx"> case ToThis:
</span><span class="cx"> case CreateThis:
</span><span class="cx"> case AllocatePropertyStorage:
</span><span class="lines">@@ -226,9 +228,7 @@
</span><span class="cx"> case NewRegexp:
</span><span class="cx"> case NewStringObject:
</span><span class="cx"> case MakeRope:
</span><del>- case NewFunctionNoCheck:
</del><span class="cx"> case NewFunction:
</span><del>- case NewFunctionExpression:
</del><span class="cx"> case NewTypedArray:
</span><span class="cx"> case ThrowReferenceError:
</span><span class="cx"> case GetPropertyEnumerator:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -658,7 +658,6 @@
</span><span class="cx"> case Array::Contiguous:
</span><span class="cx"> case Array::ArrayStorage:
</span><span class="cx"> case Array::SlowPutArrayStorage:
</span><del>- case Array::Arguments:
</del><span class="cx"> fixEdge<KnownCellUse>(child1);
</span><span class="cx"> fixEdge<Int32Use>(child2);
</span><span class="cx"> insertStoreBarrier(m_indexInBlock, child1, child3);
</span><span class="lines">@@ -857,30 +856,25 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentByVal:
- case GetMyArgumentByValSafe: {
- fixEdge<Int32Use>(node->child1());
- break;
- }
-
</del><span class="cx"> case PutStructure: {
</span><span class="cx"> fixEdge<KnownCellUse>(node->child1());
</span><span class="cx"> insertStoreBarrier(m_indexInBlock, node->child1());
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>-
- case GetClosureVar: {
</del><ins>+
+ case GetClosureVar:
+ case GetFromArguments: {
</ins><span class="cx"> fixEdge<KnownCellUse>(node->child1());
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case PutClosureVar: {
</del><ins>+ case PutClosureVar:
+ case PutToArguments: {
</ins><span class="cx"> fixEdge<KnownCellUse>(node->child1());
</span><del>- insertStoreBarrier(m_indexInBlock, node->child1(), node->child3());
</del><ins>+ insertStoreBarrier(m_indexInBlock, node->child1(), node->child2());
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><del>-
- case GetClosureRegisters:
</del><ins>+
</ins><span class="cx"> case SkipScope:
</span><span class="cx"> case GetScope:
</span><span class="cx"> case GetGetter:
</span><span class="lines">@@ -1041,6 +1035,10 @@
</span><span class="cx"> case Identity: // This should have been cleaned up.
</span><span class="cx"> case BooleanToNumber:
</span><span class="cx"> case PhantomNewObject:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ case ForwardVarargs:
+ case GetMyArgumentByVal:
</ins><span class="cx"> case PutHint:
</span><span class="cx"> case CheckStructureImmediate:
</span><span class="cx"> case MaterializeNewObject:
</span><span class="lines">@@ -1180,14 +1178,9 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case CreateScopedArguments:
</ins><span class="cx"> case CreateActivation:
</span><span class="cx"> case NewFunction: {
</span><del>- fixEdge<CellUse>(node->child2());
- break;
- }
-
- case NewFunctionNoCheck:
- case NewFunctionExpression: {
</del><span class="cx"> fixEdge<CellUse>(node->child1());
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -1199,6 +1192,7 @@
</span><span class="cx"> case DoubleConstant:
</span><span class="cx"> case GetLocal:
</span><span class="cx"> case GetCallee:
</span><ins>+ case GetArgumentCount:
</ins><span class="cx"> case Flush:
</span><span class="cx"> case PhantomLocal:
</span><span class="cx"> case GetLocalUnlinked:
</span><span class="lines">@@ -1211,6 +1205,7 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> case LoadVarargs:
</span><span class="cx"> case ProfileControlFlow:
</span><span class="cx"> case NativeCall:
</span><span class="lines">@@ -1226,12 +1221,8 @@
</span><span class="cx"> case IsNumber:
</span><span class="cx"> case IsObjectOrNull:
</span><span class="cx"> case IsFunction:
</span><del>- case CreateArguments:
- case PhantomArguments:
- case TearOffArguments:
- case GetMyArgumentsLength:
- case GetMyArgumentsLengthSafe:
- case CheckArgumentsNotCreated:
</del><ins>+ case CreateDirectArguments:
+ case CreateClonedArguments:
</ins><span class="cx"> case Jump:
</span><span class="cx"> case Return:
</span><span class="cx"> case Throw:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFlushFormatcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -58,9 +58,6 @@
</span><span class="cx"> case FlushedJSValue:
</span><span class="cx"> out.print("FlushedJSValue");
</span><span class="cx"> return;
</span><del>- case FlushedArguments:
- out.print("FlushedArguments");
- return;
</del><span class="cx"> case ConflictingFlush:
</span><span class="cx"> out.print("ConflictingFlush");
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFlushFormath"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGFlushFormat.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -44,7 +44,6 @@
</span><span class="cx"> FlushedCell,
</span><span class="cx"> FlushedBoolean,
</span><span class="cx"> FlushedJSValue,
</span><del>- FlushedArguments,
</del><span class="cx"> ConflictingFlush
</span><span class="cx"> };
</span><span class="cx">
</span><span class="lines">@@ -55,7 +54,6 @@
</span><span class="cx"> case FlushedJSValue:
</span><span class="cx"> case FlushedCell:
</span><span class="cx"> case ConflictingFlush:
</span><del>- case FlushedArguments:
</del><span class="cx"> return NodeResultJS;
</span><span class="cx"> case FlushedInt32:
</span><span class="cx"> return NodeResultInt32;
</span><span class="lines">@@ -76,7 +74,6 @@
</span><span class="cx"> case DeadFlush:
</span><span class="cx"> case FlushedJSValue:
</span><span class="cx"> case ConflictingFlush:
</span><del>- case FlushedArguments:
</del><span class="cx"> return UntypedUse;
</span><span class="cx"> case FlushedCell:
</span><span class="cx"> return CellUse;
</span><span class="lines">@@ -116,8 +113,6 @@
</span><span class="cx"> return DataFormatCell;
</span><span class="cx"> case FlushedBoolean:
</span><span class="cx"> return DataFormatBoolean;
</span><del>- case FlushedArguments:
- return DataFormatArguments;
</del><span class="cx"> }
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return DataFormatDead;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGForAllKillsh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGForAllKills.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGForAllKills.h (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGForAllKills.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,217 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGForAllKills_h
+#define DFGForAllKills_h
+
+#include "BytecodeKills.h"
+#include "DFGGraph.h"
+#include "DFGOSRAvailabilityAnalysisPhase.h"
+#include "FullBytecodeLiveness.h"
+
+namespace JSC { namespace DFG {
+
+// Utilities for finding the last points where a node is live in DFG SSA. This accounts for liveness due
+// to OSR exit. This is usually used for enumerating over all of the program points where a node is live,
+// by exploring all blocks where the node is live at tail and then exploring all program points where the
+// node is killed. A prerequisite to using these utilities is having liveness and OSR availability
+// computed.
+
+template<typename Functor>
+void forAllLiveNodesAtTail(Graph& graph, BasicBlock* block, const Functor& functor)
+{
+ HashSet<Node*> seen;
+ for (Node* node : block->ssa->liveAtTail) {
+ if (seen.add(node).isNewEntry)
+ functor(node);
+ }
+
+ DFG_ASSERT(graph, block->last(), block->last()->origin.forExit.isSet());
+
+ AvailabilityMap& availabilityMap = block->ssa->availabilityAtTail;
+ for (unsigned i = availabilityMap.m_locals.size(); i--;) {
+ VirtualRegister reg = availabilityMap.m_locals.virtualRegisterForIndex(i);
+
+ if (!graph.isLiveInBytecode(reg, block->last()->origin.forExit))
+ continue;
+
+ availabilityMap.closeStartingWithLocal(
+ reg,
+ [&] (Node* node) -> bool {
+ return seen.contains(node);
+ },
+ [&] (Node* node) -> bool {
+ if (!seen.add(node).isNewEntry)
+ return false;
+ functor(node);
+ return true;
+ });
+ }
+}
+
+template<typename Functor>
+void forAllDirectlyKilledOperands(Graph& graph, CodeOrigin origin, const Functor& functor)
+{
+ graph.killsFor(origin.inlineCallFrame).forEachOperandKilledAt(origin.bytecodeIndex, functor);
+}
+
+template<typename Functor>
+void forAllKilledOperands(Graph& graph, CodeOrigin before, CodeOrigin after, const Functor& functor)
+{
+ // The philosophy here is that if we're on the boundary between exiting to origin A and exiting
+ // to origin B, then we note the kills for A. Kills for A are the bytecode kills plus the things
+ // that were live at whatever callsites are popped between A and B. It's legal to conservatively
+ // just consider everything live at A.
+
+ if (!before) {
+ if (!after)
+ return;
+ // The true before-origin is the origin at predecessors that jump to us. But there can be
+ // many such predecessors and they will likely all have a different origin. So, it's better
+ // to do the conservative thing.
+ for (unsigned i = graph.block(0)->variablesAtHead.numberOfLocals(); i--;) {
+ VirtualRegister reg = virtualRegisterForLocal(i);
+ if (graph.isLiveInBytecode(reg, after))
+ functor(reg);
+ }
+ return;
+ }
+
+ if (before == after)
+ return;
+
+ // before could be unset even if after is, but the opposite cannot happen.
+ ASSERT(!!after);
+
+ if (before.inlineCallFrame != after.inlineCallFrame) {
+ // Is before deeper than after?
+ bool beforeIsDeeper;
+ if (!after.inlineCallFrame)
+ beforeIsDeeper = true;
+ else {
+ beforeIsDeeper = false;
+ for (InlineCallFrame* current = before.inlineCallFrame; current; current = current->caller.inlineCallFrame) {
+ if (current == after.inlineCallFrame) {
+ beforeIsDeeper = true;
+ break;
+ }
+ }
+ }
+ if (beforeIsDeeper) {
+ ASSERT(before.inlineCallFrame);
+ for (CodeOrigin current = before; current.inlineCallFrame != after.inlineCallFrame; current = current.inlineCallFrame->caller) {
+ ASSERT(current.inlineCallFrame);
+ CodeBlock* codeBlock = graph.baselineCodeBlockFor(current.inlineCallFrame);
+ FullBytecodeLiveness& liveness = graph.livenessFor(codeBlock);
+ for (unsigned i = codeBlock->m_numCalleeRegisters; i--;) {
+ VirtualRegister reg = virtualRegisterForLocal(i);
+ if (liveness.operandIsLive(reg.offset(), current.bytecodeIndex))
+ functor(reg + current.inlineCallFrame->stackOffset);
+ }
+ forAllDirectlyKilledOperands(graph, current.inlineCallFrame->caller, functor);
+ }
+ }
+ }
+
+ forAllDirectlyKilledOperands(graph, before, functor);
+}
+
+// Tells you all of the nodes that would no longer be live across the node at this nodeIndex.
+template<typename Functor>
+void forAllKilledNodesAtNodeIndex(
+ Graph& graph, AvailabilityMap& availabilityMap, BasicBlock* block, unsigned nodeIndex,
+ const Functor& functor)
+{
+ static const unsigned seenInClosureFlag = 1;
+ static const unsigned calledFunctorFlag = 2;
+ HashMap<Node*, unsigned> flags;
+
+ Node* node = block->at(nodeIndex);
+
+ graph.doToChildren(
+ node,
+ [&] (Edge edge) {
+ if (edge.doesKill()) {
+ auto& result = flags.add(edge.node(), 0).iterator->value;
+ if (!(result & calledFunctorFlag)) {
+ functor(edge.node());
+ result |= calledFunctorFlag;
+ }
+ }
+ });
+
+ CodeOrigin before;
+ if (nodeIndex)
+ before = block->at(nodeIndex - 1)->origin.forExit;
+
+ forAllKilledOperands(
+ graph, before, node->origin.forExit,
+ [&] (VirtualRegister reg) {
+ availabilityMap.closeStartingWithLocal(
+ reg,
+ [&] (Node* node) -> bool {
+ return flags.get(node) & seenInClosureFlag;
+ },
+ [&] (Node* node) -> bool {
+ auto& resultFlags = flags.add(node, 0).iterator->value;
+ bool result = resultFlags & seenInClosureFlag;
+ if (!(resultFlags & calledFunctorFlag))
+ functor(node);
+ resultFlags |= seenInClosureFlag | calledFunctorFlag;
+ return result;
+ });
+ });
+}
+
+// Tells you all of the places to start searching from in a basic block. Gives you the node index at which
+// the value is either no longer live. This pretends that nodes are dead at the end of the block, so that
+// you can use this to do per-basic-block analyses.
+template<typename Functor>
+void forAllKillsInBlock(Graph& graph, BasicBlock* block, const Functor& functor)
+{
+ forAllLiveNodesAtTail(
+ graph, block,
+ [&] (Node* node) {
+ functor(block->size(), node);
+ });
+
+ LocalOSRAvailabilityCalculator localAvailability;
+ localAvailability.beginBlock(block);
+ // Start at the second node, because the functor is expected to only inspect nodes from the start of
+ // the block up to nodeIndex (exclusive), so if nodeIndex is zero then the functor has nothing to do.
+ for (unsigned nodeIndex = 1; nodeIndex < block->size(); ++nodeIndex) {
+ forAllKilledNodesAtNodeIndex(
+ graph, localAvailability.m_availability, block, nodeIndex,
+ [&] (Node* node) {
+ functor(nodeIndex, node);
+ });
+ localAvailability.executeNode(block->at(nodeIndex));
+ }
+}
+
+} } // namespace JSC::DFG
+
+#endif // DFGForAllKills_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><ins>+#include "BytecodeKills.h"
</ins><span class="cx"> #include "BytecodeLivenessAnalysisInlines.h"
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CodeBlockWithJITType.h"
</span><span class="lines">@@ -62,9 +63,7 @@
</span><span class="cx"> , m_profiledBlock(m_codeBlock->alternative())
</span><span class="cx"> , m_allocator(longLivedState.m_allocator)
</span><span class="cx"> , m_mustHandleValues(OperandsLike, plan.mustHandleValues)
</span><del>- , m_hasArguments(false)
</del><span class="cx"> , m_nextMachineLocal(0)
</span><del>- , m_machineCaptureStart(std::numeric_limits<int>::max())
</del><span class="cx"> , m_fixpointState(BeforeFixpoint)
</span><span class="cx"> , m_structureRegistrationState(HaveNotStartedRegistering)
</span><span class="cx"> , m_form(LoadStore)
</span><span class="lines">@@ -75,11 +74,6 @@
</span><span class="cx">
</span><span class="cx"> for (unsigned i = m_mustHandleValues.size(); i--;)
</span><span class="cx"> m_mustHandleValues[i] = freezeFragile(plan.mustHandleValues[i]);
</span><del>-
- for (unsigned i = m_codeBlock->m_numVars; i--;) {
- if (m_codeBlock->isCaptured(virtualRegisterForLocal(i)))
- m_outermostCapturedVars.set(i);
- }
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Graph::~Graph()
</span><span class="lines">@@ -216,10 +210,12 @@
</span><span class="cx"> out.print(comma, node->arrayMode());
</span><span class="cx"> if (node->hasArithMode())
</span><span class="cx"> out.print(comma, node->arithMode());
</span><del>- if (node->hasVarNumber())
- out.print(comma, node->varNumber());
</del><ins>+ if (node->hasScopeOffset())
+ out.print(comma, node->scopeOffset());
+ if (node->hasDirectArgumentsOffset())
+ out.print(comma, node->capturedArgumentsOffset());
</ins><span class="cx"> if (node->hasRegisterPointer())
</span><del>- out.print(comma, "global", globalObjectFor(node->origin.semantic)->findRegisterIndex(node->registerPointer()), "(", RawPointer(node->registerPointer()), ")");
</del><ins>+ out.print(comma, "global", globalObjectFor(node->origin.semantic)->findVariableIndex(node->variablePointer()), "(", RawPointer(node->variablePointer()), ")");
</ins><span class="cx"> if (node->hasIdentifier())
</span><span class="cx"> out.print(comma, "id", node->identifierNumber(), "{", identifiers()[node->identifierNumber()], "}");
</span><span class="cx"> if (node->hasPromotedLocationDescriptor())
</span><span class="lines">@@ -228,8 +224,14 @@
</span><span class="cx"> out.print(comma, inContext(node->structureSet(), context));
</span><span class="cx"> if (node->hasStructure())
</span><span class="cx"> out.print(comma, inContext(*node->structure(), context));
</span><del>- if (node->hasTransition())
</del><ins>+ if (node->hasTransition()) {
</ins><span class="cx"> out.print(comma, pointerDumpInContext(node->transition(), context));
</span><ins>+#if USE(JSVALUE64)
+ out.print(", ID:", node->transition()->next->id());
+#else
+ out.print(", ID:", RawPointer(node->transition()->next));
+#endif
+ }
</ins><span class="cx"> if (node->hasCellOperand()) {
</span><span class="cx"> if (!node->cellOperand()->value() || !node->cellOperand()->value().isCell())
</span><span class="cx"> out.print(comma, "invalid cell operand: ", node->cellOperand()->value());
</span><span class="lines">@@ -748,10 +750,6 @@
</span><span class="cx">
</span><span class="cx"> void Graph::substituteGetLocal(BasicBlock& block, unsigned startIndexInBlock, VariableAccessData* variableAccessData, Node* newGetLocal)
</span><span class="cx"> {
</span><del>- if (variableAccessData->isCaptured()) {
- // Let CSE worry about this one.
- return;
- }
</del><span class="cx"> for (unsigned indexInBlock = startIndexInBlock; indexInBlock < block.size(); ++indexInBlock) {
</span><span class="cx"> Node* node = block[indexInBlock];
</span><span class="cx"> bool shouldContinue = true;
</span><span class="lines">@@ -871,6 +869,24 @@
</span><span class="cx"> return livenessFor(baselineCodeBlockFor(inlineCallFrame));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+BytecodeKills& Graph::killsFor(CodeBlock* codeBlock)
+{
+ HashMap<CodeBlock*, std::unique_ptr<BytecodeKills>>::iterator iter = m_bytecodeKills.find(codeBlock);
+ if (iter != m_bytecodeKills.end())
+ return *iter->value;
+
+ std::unique_ptr<BytecodeKills> kills = std::make_unique<BytecodeKills>();
+ codeBlock->livenessAnalysis().computeKills(*kills);
+ BytecodeKills& result = *kills;
+ m_bytecodeKills.add(codeBlock, WTF::move(kills));
+ return result;
+}
+
+BytecodeKills& Graph::killsFor(InlineCallFrame* inlineCallFrame)
+{
+ return killsFor(baselineCodeBlockFor(inlineCallFrame));
+}
+
</ins><span class="cx"> bool Graph::isLiveInBytecode(VirtualRegister operand, CodeOrigin codeOrigin)
</span><span class="cx"> {
</span><span class="cx"> for (;;) {
</span><span class="lines">@@ -1007,7 +1023,7 @@
</span><span class="cx"> return tryGetConstantProperty(base.m_value, base.m_structure, offset);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSValue Graph::tryGetConstantClosureVar(JSValue base, VirtualRegister reg)
</del><ins>+JSValue Graph::tryGetConstantClosureVar(JSValue base, ScopeOffset offset)
</ins><span class="cx"> {
</span><span class="cx"> if (!base)
</span><span class="cx"> return JSValue();
</span><span class="lines">@@ -1022,7 +1038,7 @@
</span><span class="cx"> if (symbolTable->m_functionEnteredOnce.hasBeenInvalidated())
</span><span class="cx"> return JSValue();
</span><span class="cx">
</span><del>- SymbolTableEntry* entry = symbolTable->entryFor(locker, reg);
</del><ins>+ SymbolTableEntry* entry = symbolTable->entryFor(locker, offset);
</ins><span class="cx"> if (!entry)
</span><span class="cx"> return JSValue();
</span><span class="cx">
</span><span class="lines">@@ -1040,26 +1056,18 @@
</span><span class="cx"> return value;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSValue Graph::tryGetConstantClosureVar(const AbstractValue& value, VirtualRegister reg)
</del><ins>+JSValue Graph::tryGetConstantClosureVar(const AbstractValue& value, ScopeOffset offset)
</ins><span class="cx"> {
</span><del>- return tryGetConstantClosureVar(value.m_value, reg);
</del><ins>+ return tryGetConstantClosureVar(value.m_value, offset);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-JSValue Graph::tryGetConstantClosureVar(Node* node, VirtualRegister reg)
</del><ins>+JSValue Graph::tryGetConstantClosureVar(Node* node, ScopeOffset offset)
</ins><span class="cx"> {
</span><span class="cx"> if (!node->hasConstant())
</span><span class="cx"> return JSValue();
</span><del>- return tryGetConstantClosureVar(node->asJSValue(), reg);
</del><ins>+ return tryGetConstantClosureVar(node->asJSValue(), offset);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-WriteBarrierBase<Unknown>* Graph::tryGetRegisters(Node* node)
-{
- JSLexicalEnvironment* lexicalEnvironment = node->dynamicCastConstant<JSLexicalEnvironment*>();
- if (!lexicalEnvironment)
- return 0;
- return lexicalEnvironment->registers();
-}
-
</del><span class="cx"> JSArrayBufferView* Graph::tryGetFoldableView(Node* node)
</span><span class="cx"> {
</span><span class="cx"> JSArrayBufferView* view = node->dynamicCastConstant<JSArrayBufferView*>();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -315,13 +315,6 @@
</span><span class="cx"> && negate->canSpeculateInt52(pass);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- VirtualRegister bytecodeRegisterForArgument(CodeOrigin codeOrigin, int argument)
- {
- return VirtualRegister(
- codeOrigin.inlineCallFrame->stackOffset +
- baselineCodeBlockFor(codeOrigin)->argumentIndexAfterCapture(argument));
- }
-
</del><span class="cx"> static const char *opName(NodeType);
</span><span class="cx">
</span><span class="cx"> StructureSet* addStructureSet(const StructureSet& structureSet)
</span><span class="lines">@@ -367,13 +360,16 @@
</span><span class="cx"> return baselineCodeBlockForOriginAndBaselineCodeBlock(codeOrigin, m_profiledBlock);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- const BitVector& capturedVarsFor(InlineCallFrame* inlineCallFrame)
</del><ins>+ SymbolTable* symbolTableFor(InlineCallFrame* inlineCallFrame)
</ins><span class="cx"> {
</span><del>- if (!inlineCallFrame)
- return m_outermostCapturedVars;
- return inlineCallFrame->capturedVars;
</del><ins>+ return baselineCodeBlockFor(inlineCallFrame)->symbolTable();
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ SymbolTable* symbolTableFor(const CodeOrigin& codeOrigin)
+ {
+ return symbolTableFor(codeOrigin.inlineCallFrame);
+ }
+
</ins><span class="cx"> bool isStrictModeFor(CodeOrigin codeOrigin)
</span><span class="cx"> {
</span><span class="cx"> if (!codeOrigin.inlineCallFrame)
</span><span class="lines">@@ -406,60 +402,6 @@
</span><span class="cx"> return hasExitSite(node->origin.semantic, exitKind);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool usesArguments(InlineCallFrame* inlineCallFrame)
- {
- if (!inlineCallFrame)
- return m_profiledBlock->usesArguments();
-
- return baselineCodeBlockForInlineCallFrame(inlineCallFrame)->usesArguments();
- }
-
- VirtualRegister argumentsRegisterFor(InlineCallFrame* inlineCallFrame)
- {
- if (!inlineCallFrame)
- return m_profiledBlock->argumentsRegister();
-
- return VirtualRegister(baselineCodeBlockForInlineCallFrame(
- inlineCallFrame)->argumentsRegister().offset() +
- inlineCallFrame->stackOffset);
- }
-
- VirtualRegister argumentsRegisterFor(const CodeOrigin& codeOrigin)
- {
- return argumentsRegisterFor(codeOrigin.inlineCallFrame);
- }
-
- VirtualRegister machineArgumentsRegisterFor(InlineCallFrame* inlineCallFrame)
- {
- if (!inlineCallFrame)
- return m_codeBlock->argumentsRegister();
-
- return inlineCallFrame->argumentsRegister;
- }
-
- VirtualRegister machineArgumentsRegisterFor(const CodeOrigin& codeOrigin)
- {
- return machineArgumentsRegisterFor(codeOrigin.inlineCallFrame);
- }
-
- VirtualRegister uncheckedArgumentsRegisterFor(InlineCallFrame* inlineCallFrame)
- {
- if (!inlineCallFrame)
- return m_profiledBlock->uncheckedArgumentsRegister();
-
- CodeBlock* codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame);
- if (!codeBlock->usesArguments())
- return VirtualRegister();
-
- return VirtualRegister(codeBlock->argumentsRegister().offset() +
- inlineCallFrame->stackOffset);
- }
-
- VirtualRegister uncheckedArgumentsRegisterFor(const CodeOrigin& codeOrigin)
- {
- return uncheckedArgumentsRegisterFor(codeOrigin.inlineCallFrame);
- }
-
</del><span class="cx"> VirtualRegister activationRegister()
</span><span class="cx"> {
</span><span class="cx"> return m_profiledBlock->activationRegister();
</span><span class="lines">@@ -483,11 +425,6 @@
</span><span class="cx"> ValueProfile* valueProfileFor(Node*);
</span><span class="cx"> MethodOfGettingAValueProfile methodOfGettingAValueProfileFor(Node*);
</span><span class="cx">
</span><del>- bool usesArguments() const
- {
- return m_codeBlock->usesArguments();
- }
-
</del><span class="cx"> BlockIndex numBlocks() const { return m_blocks.size(); }
</span><span class="cx"> BasicBlock* block(BlockIndex blockIndex) const { return m_blocks[blockIndex].get(); }
</span><span class="cx"> BasicBlock* lastBlock() const { return block(numBlocks() - 1); }
</span><span class="lines">@@ -722,6 +659,13 @@
</span><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool uses(Node* node, Node* child)
+ {
+ bool result = false;
+ doToChildren(node, [&] (Edge edge) { result |= edge == child; });
+ return result;
+ }
+
</ins><span class="cx"> Profiler::Compilation* compilation() { return m_plan.compilation.get(); }
</span><span class="cx">
</span><span class="cx"> DesiredIdentifiers& identifiers() { return m_plan.identifiers; }
</span><span class="lines">@@ -731,6 +675,9 @@
</span><span class="cx"> FullBytecodeLiveness& livenessFor(InlineCallFrame*);
</span><span class="cx"> bool isLiveInBytecode(VirtualRegister, CodeOrigin);
</span><span class="cx">
</span><ins>+ BytecodeKills& killsFor(CodeBlock*);
+ BytecodeKills& killsFor(InlineCallFrame*);
+
</ins><span class="cx"> unsigned frameRegisterCount();
</span><span class="cx"> unsigned stackPointerOffset();
</span><span class="cx"> unsigned requiredRegisterCountForExit();
</span><span class="lines">@@ -741,10 +688,9 @@
</span><span class="cx"> JSValue tryGetConstantProperty(JSValue base, const StructureAbstractValue&, PropertyOffset);
</span><span class="cx"> JSValue tryGetConstantProperty(const AbstractValue&, PropertyOffset);
</span><span class="cx">
</span><del>- JSValue tryGetConstantClosureVar(JSValue base, VirtualRegister);
- JSValue tryGetConstantClosureVar(const AbstractValue&, VirtualRegister);
- JSValue tryGetConstantClosureVar(Node*, VirtualRegister);
- WriteBarrierBase<Unknown>* tryGetRegisters(Node*);
</del><ins>+ JSValue tryGetConstantClosureVar(JSValue base, ScopeOffset);
+ JSValue tryGetConstantClosureVar(const AbstractValue&, ScopeOffset);
+ JSValue tryGetConstantClosureVar(Node*, ScopeOffset);
</ins><span class="cx">
</span><span class="cx"> JSArrayBufferView* tryGetFoldableView(Node*);
</span><span class="cx"> JSArrayBufferView* tryGetFoldableView(Node*, ArrayMode);
</span><span class="lines">@@ -826,18 +772,13 @@
</span><span class="cx"> Bag<StackAccessData> m_stackAccessData;
</span><span class="cx"> Vector<InlineVariableData, 4> m_inlineVariableData;
</span><span class="cx"> HashMap<CodeBlock*, std::unique_ptr<FullBytecodeLiveness>> m_bytecodeLiveness;
</span><del>- bool m_hasArguments;
- HashSet<ExecutableBase*> m_executablesWhoseArgumentsEscaped;
- BitVector m_lazyVars;
</del><ins>+ HashMap<CodeBlock*, std::unique_ptr<BytecodeKills>> m_bytecodeKills;
</ins><span class="cx"> Dominators m_dominators;
</span><span class="cx"> PrePostNumbering m_prePostNumbering;
</span><span class="cx"> NaturalLoops m_naturalLoops;
</span><span class="cx"> unsigned m_localVars;
</span><span class="cx"> unsigned m_nextMachineLocal;
</span><span class="cx"> unsigned m_parameterSlots;
</span><del>- int m_machineCaptureStart;
- std::unique_ptr<SlowArgument[]> m_slowArguments;
- BitVector m_outermostCapturedVars;
</del><span class="cx">
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> std::unordered_map<int64_t, double*> m_doubleConstantsMap;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGHeapLocationcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -80,10 +80,14 @@
</span><span class="cx"> out.print("SetterLoc");
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- case VariableLoc:
- out.print("VariableLoc");
</del><ins>+ case StackLoc:
+ out.print("StackLoc");
</ins><span class="cx"> return;
</span><span class="cx">
</span><ins>+ case StackPayloadLoc:
+ out.print("StackPayloadLoc");
+ return;
+
</ins><span class="cx"> case ArrayLengthLoc:
</span><span class="cx"> out.print("ArrayLengthLoc");
</span><span class="cx"> return;
</span><span class="lines">@@ -96,14 +100,14 @@
</span><span class="cx"> out.print("CheckHasInstanceLoc");
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- case ClosureRegistersLoc:
- out.print("ClosureRegistersLoc");
- return;
-
</del><span class="cx"> case ClosureVariableLoc:
</span><span class="cx"> out.print("ClosureVariableLoc");
</span><span class="cx"> return;
</span><span class="cx">
</span><ins>+ case DirectArgumentsLoc:
+ out.print("DirectArgumentsLoc");
+ return;
+
</ins><span class="cx"> case GlobalVariableLoc:
</span><span class="cx"> out.print("GlobalVariableLoc");
</span><span class="cx"> return;
</span><span class="lines">@@ -124,14 +128,6 @@
</span><span class="cx"> out.print("InstanceOfLoc");
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- case MyArgumentByValLoc:
- out.print("MyArgumentByValLoc");
- return;
-
- case MyArgumentsLengthLoc:
- out.print("MyArgumentsLengthLoc");
- return;
-
</del><span class="cx"> case NamedPropertyLoc:
</span><span class="cx"> out.print("NamedPropertyLoc");
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGHeapLocationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGHeapLocation.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -40,8 +40,8 @@
</span><span class="cx"> ArrayLengthLoc,
</span><span class="cx"> ButterflyLoc,
</span><span class="cx"> CheckHasInstanceLoc,
</span><del>- ClosureRegistersLoc,
</del><span class="cx"> ClosureVariableLoc,
</span><ins>+ DirectArgumentsLoc,
</ins><span class="cx"> GetterLoc,
</span><span class="cx"> GlobalVariableLoc,
</span><span class="cx"> HasIndexedPropertyLoc,
</span><span class="lines">@@ -51,15 +51,14 @@
</span><span class="cx"> InvalidationPointLoc,
</span><span class="cx"> IsFunctionLoc,
</span><span class="cx"> IsObjectOrNullLoc,
</span><del>- MyArgumentByValLoc,
- MyArgumentsLengthLoc,
</del><span class="cx"> NamedPropertyLoc,
</span><span class="cx"> SetterLoc,
</span><span class="cx"> StructureLoc,
</span><span class="cx"> TypeOfLoc,
</span><span class="cx"> TypedArrayByteOffsetLoc,
</span><span class="cx"> VarInjectionWatchpointLoc,
</span><del>- VariableLoc
</del><ins>+ StackLoc,
+ StackPayloadLoc
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> class HeapLocation {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGInPlaceAbstractStatecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -129,11 +129,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> for (size_t i = 0; i < root->valuesAtHead.numberOfLocals(); ++i) {
</span><del>- Node* node = root->variablesAtHead.local(i);
- if (node && node->variableAccessData()->isCaptured())
- root->valuesAtHead.local(i).makeHeapTop();
- else
- root->valuesAtHead.local(i).clear();
</del><ins>+ root->valuesAtHead.local(i).clear();
</ins><span class="cx"> root->valuesAtTail.local(i).clear();
</span><span class="cx"> }
</span><span class="cx"> for (BlockIndex blockIndex = 1 ; blockIndex < m_graph.numBlocks(); ++blockIndex) {
</span><span class="lines">@@ -263,40 +259,31 @@
</span><span class="cx">
</span><span class="cx"> AbstractValue source;
</span><span class="cx">
</span><del>- if (node->variableAccessData()->isCaptured()) {
- // If it's captured then we know that whatever value was stored into the variable last is the
- // one we care about. This is true even if the variable at tail is dead, which might happen if
- // the last thing we did to the variable was a GetLocal and then ended up not using the
- // GetLocal's result.
-
</del><ins>+ switch (node->op()) {
+ case Phi:
+ case SetArgument:
+ case PhantomLocal:
+ case Flush:
+ // The block transfers the value from head to tail.
</ins><span class="cx"> source = inVariable;
</span><del>- } else {
- switch (node->op()) {
- case Phi:
- case SetArgument:
- case PhantomLocal:
- case Flush:
- // The block transfers the value from head to tail.
- source = inVariable;
- break;
</del><ins>+ break;
</ins><span class="cx">
</span><del>- case GetLocal:
- // The block refines the value with additional speculations.
- source = forNode(node);
- break;
</del><ins>+ case GetLocal:
+ // The block refines the value with additional speculations.
+ source = forNode(node);
+ break;
</ins><span class="cx">
</span><del>- case SetLocal:
- // The block sets the variable, and potentially refines it, both
- // before and after setting it.
- source = forNode(node->child1());
- if (node->variableAccessData()->flushFormat() == FlushedDouble)
- RELEASE_ASSERT(!(source.m_type & ~SpecFullDouble));
- break;
</del><ins>+ case SetLocal:
+ // The block sets the variable, and potentially refines it, both
+ // before and after setting it.
+ source = forNode(node->child1());
+ if (node->variableAccessData()->flushFormat() == FlushedDouble)
+ RELEASE_ASSERT(!(source.m_type & ~SpecFullDouble));
+ break;
</ins><span class="cx">
</span><del>- default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
- }
</del><ins>+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (destination == source) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGJITCompilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -161,9 +161,6 @@
</span><span class="cx"> if (!m_graph.m_plan.inlineCallFrames->isEmpty())
</span><span class="cx"> m_jitCode->common.inlineCallFrames = m_graph.m_plan.inlineCallFrames;
</span><span class="cx">
</span><del>- m_jitCode->common.machineCaptureStart = m_graph.m_machineCaptureStart;
- m_jitCode->common.slowArguments = WTF::move(m_graph.m_slowArguments);
-
</del><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> m_jitCode->common.doubleConstants = WTF::move(m_graph.m_doubleConstants);
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGMayExitcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGMayExit.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGMayExit.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGMayExit.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -71,7 +71,6 @@
</span><span class="cx"> case HardPhantom:
</span><span class="cx"> case GetLocal:
</span><span class="cx"> case LoopHint:
</span><del>- case PhantomArguments:
</del><span class="cx"> case Phi:
</span><span class="cx"> case Upsilon:
</span><span class="cx"> case ZombieHint:
</span><span class="lines">@@ -82,6 +81,7 @@
</span><span class="cx"> case KillStack:
</span><span class="cx"> case GetStack:
</span><span class="cx"> case GetCallee:
</span><ins>+ case GetArgumentCount:
</ins><span class="cx"> case GetScope:
</span><span class="cx"> case PhantomLocal:
</span><span class="cx"> case CountExecution:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGMinifiedIDh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGMinifiedID.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGMinifiedID.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGMinifiedID.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -37,6 +37,7 @@
</span><span class="cx"> class Graph;
</span><span class="cx"> class MinifiedNode;
</span><span class="cx"> class ValueSource;
</span><ins>+struct Node;
</ins><span class="cx">
</span><span class="cx"> class MinifiedID {
</span><span class="cx"> public:
</span><span class="lines">@@ -98,7 +99,9 @@
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> template<typename T> struct HashTraits;
</span><del>-template<> struct HashTraits<JSC::DFG::MinifiedID> : SimpleClassHashTraits<JSC::DFG::MinifiedID> { };
</del><ins>+template<> struct HashTraits<JSC::DFG::MinifiedID> : SimpleClassHashTraits<JSC::DFG::MinifiedID> {
+ static const bool emptyValueIsZero = false;
+};
</ins><span class="cx">
</span><span class="cx"> } // namespace WTF
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGMinifiedNodecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -42,8 +42,8 @@
</span><span class="cx"> if (hasConstant(node->op()))
</span><span class="cx"> result.m_info = JSValue::encode(node->asJSValue());
</span><span class="cx"> else {
</span><del>- ASSERT(node->op() == PhantomArguments);
- result.m_info = 0;
</del><ins>+ ASSERT(node->op() == PhantomDirectArguments || node->op() == PhantomClonedArguments);
+ result.m_info = bitwise_cast<uintptr_t>(node->origin.semantic.inlineCallFrame);
</ins><span class="cx"> }
</span><span class="cx"> return result;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGMinifiedNodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -42,7 +42,8 @@
</span><span class="cx"> case JSConstant:
</span><span class="cx"> case Int52Constant:
</span><span class="cx"> case DoubleConstant:
</span><del>- case PhantomArguments:
</del><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
</ins><span class="cx"> return true;
</span><span class="cx"> default:
</span><span class="cx"> return false;
</span><span class="lines">@@ -65,6 +66,13 @@
</span><span class="cx"> return JSValue::decode(bitwise_cast<EncodedJSValue>(m_info));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool hasInlineCallFrame() const { return hasInlineCallFrame(m_op); }
+
+ InlineCallFrame* inlineCallFrame() const
+ {
+ return bitwise_cast<InlineCallFrame*>(static_cast<uintptr_t>(m_info));
+ }
+
</ins><span class="cx"> static MinifiedID getID(MinifiedNode* node) { return node->id(); }
</span><span class="cx"> static bool compareByNodeIndex(const MinifiedNode& a, const MinifiedNode& b)
</span><span class="cx"> {
</span><span class="lines">@@ -77,6 +85,11 @@
</span><span class="cx"> return type == JSConstant || type == Int52Constant || type == DoubleConstant;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ static bool hasInlineCallFrame(NodeType type)
+ {
+ return type == PhantomDirectArguments || type == PhantomClonedArguments;
+ }
+
</ins><span class="cx"> MinifiedID m_id;
</span><span class="cx"> uint64_t m_info;
</span><span class="cx"> NodeType m_op;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNode.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNode.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGNode.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -94,6 +94,36 @@
</span><span class="cx"> setResult(result);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Node::convertToIdentityOn(Node* child)
+{
+ children.reset();
+ child1() = child->defaultEdge();
+ NodeFlags output = canonicalResultRepresentation(this->result());
+ NodeFlags input = canonicalResultRepresentation(child->result());
+ if (output == input) {
+ setOpAndDefaultFlags(Identity);
+ setResult(output);
+ return;
+ }
+ switch (output) {
+ case NodeResultDouble:
+ RELEASE_ASSERT(input == NodeResultInt52 || input == NodeResultJS);
+ setOpAndDefaultFlags(DoubleRep);
+ return;
+ case NodeResultInt52:
+ RELEASE_ASSERT(input == NodeResultDouble || input == NodeResultJS);
+ setOpAndDefaultFlags(Int52Rep);
+ return;
+ case NodeResultJS:
+ RELEASE_ASSERT(input == NodeResultDouble || input == NodeResultInt52);
+ setOpAndDefaultFlags(ValueRep);
+ return;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ return;
+ }
+}
+
</ins><span class="cx"> void Node::convertToPutHint(const PromotedLocationDescriptor& descriptor, Node* base, Node* value)
</span><span class="cx"> {
</span><span class="cx"> m_op = PutHint;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNode.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNode.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGNode.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -429,6 +429,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void convertToIdentity();
</span><ins>+ void convertToIdentityOn(Node*);
</ins><span class="cx">
</span><span class="cx"> bool mustGenerate()
</span><span class="cx"> {
</span><span class="lines">@@ -447,19 +448,20 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool isPhantomArguments()
- {
- return op() == PhantomArguments;
- }
-
</del><span class="cx"> bool hasConstant()
</span><span class="cx"> {
</span><span class="cx"> switch (op()) {
</span><span class="cx"> case JSConstant:
</span><span class="cx"> case DoubleConstant:
</span><span class="cx"> case Int52Constant:
</span><del>- case PhantomArguments:
</del><span class="cx"> return true;
</span><ins>+
+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ // These pretend to be the empty value constant for the benefit of the DFG backend, which
+ // otherwise wouldn't take kindly to a node that doesn't compute a value.
+ return true;
+
</ins><span class="cx"> default:
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="lines">@@ -468,8 +470,13 @@
</span><span class="cx"> FrozenValue* constant()
</span><span class="cx"> {
</span><span class="cx"> ASSERT(hasConstant());
</span><del>- if (op() == PhantomArguments)
</del><ins>+
+ if (op() == PhantomDirectArguments || op() == PhantomClonedArguments) {
+ // These pretend to be the empty value constant for the benefit of the DFG backend, which
+ // otherwise wouldn't take kindly to a node that doesn't compute a value.
</ins><span class="cx"> return FrozenValue::emptySingleton();
</span><ins>+ }
+
</ins><span class="cx"> return bitwise_cast<FrozenValue*>(m_opInfo);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -934,23 +941,34 @@
</span><span class="cx"> return m_opInfo;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool hasVarNumber()
</del><ins>+ bool hasScopeOffset()
</ins><span class="cx"> {
</span><span class="cx"> return op() == GetClosureVar || op() == PutClosureVar;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- int varNumber()
</del><ins>+ ScopeOffset scopeOffset()
</ins><span class="cx"> {
</span><del>- ASSERT(hasVarNumber());
- return m_opInfo;
</del><ins>+ ASSERT(hasScopeOffset());
+ return ScopeOffset(m_opInfo);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool hasDirectArgumentsOffset()
+ {
+ return op() == GetFromArguments || op() == PutToArguments;
+ }
+
+ DirectArgumentsOffset capturedArgumentsOffset()
+ {
+ ASSERT(hasDirectArgumentsOffset());
+ return DirectArgumentsOffset(m_opInfo);
+ }
+
</ins><span class="cx"> bool hasRegisterPointer()
</span><span class="cx"> {
</span><span class="cx"> return op() == GetGlobalVar || op() == PutGlobalVar;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- WriteBarrier<Unknown>* registerPointer()
</del><ins>+ WriteBarrier<Unknown>* variablePointer()
</ins><span class="cx"> {
</span><span class="cx"> return bitwise_cast<WriteBarrier<Unknown>*>(m_opInfo);
</span><span class="cx"> }
</span><span class="lines">@@ -961,6 +979,7 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> return true;
</span><span class="cx"> default:
</span><span class="cx"> return false;
</span><span class="lines">@@ -975,7 +994,7 @@
</span><span class="cx">
</span><span class="cx"> bool hasLoadVarargsData()
</span><span class="cx"> {
</span><del>- return op() == LoadVarargs;
</del><ins>+ return op() == LoadVarargs || op() == ForwardVarargs;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LoadVarargsData* loadVarargsData()
</span><span class="lines">@@ -1134,8 +1153,6 @@
</span><span class="cx"> case GetById:
</span><span class="cx"> case GetByIdFlush:
</span><span class="cx"> case GetByVal:
</span><del>- case GetMyArgumentByVal:
- case GetMyArgumentByValSafe:
</del><span class="cx"> case Call:
</span><span class="cx"> case Construct:
</span><span class="cx"> case CallVarargs:
</span><span class="lines">@@ -1146,6 +1163,7 @@
</span><span class="cx"> case GetByOffset:
</span><span class="cx"> case MultiGetByOffset:
</span><span class="cx"> case GetClosureVar:
</span><ins>+ case GetFromArguments:
</ins><span class="cx"> case ArrayPop:
</span><span class="cx"> case ArrayPush:
</span><span class="cx"> case RegExpExec:
</span><span class="lines">@@ -1176,9 +1194,7 @@
</span><span class="cx"> case CheckCell:
</span><span class="cx"> case NativeConstruct:
</span><span class="cx"> case NativeCall:
</span><del>- case NewFunctionNoCheck:
</del><span class="cx"> case NewFunction:
</span><del>- case NewFunctionExpression:
</del><span class="cx"> return true;
</span><span class="cx"> default:
</span><span class="cx"> return false;
</span><span class="lines">@@ -1330,6 +1346,7 @@
</span><span class="cx">
</span><span class="cx"> ObjectMaterializationData& objectMaterializationData()
</span><span class="cx"> {
</span><ins>+ ASSERT(hasObjectMaterializationData());
</ins><span class="cx"> return *reinterpret_cast<ObjectMaterializationData*>(m_opInfo);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1343,6 +1360,18 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool isPhantomAllocation()
+ {
+ switch (op()) {
+ case PhantomNewObject:
+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ return true;
+ default:
+ return false;
+ }
+ }
+
</ins><span class="cx"> bool hasArrayMode()
</span><span class="cx"> {
</span><span class="cx"> switch (op()) {
</span><span class="lines">@@ -1451,7 +1480,6 @@
</span><span class="cx"> case SetLocal:
</span><span class="cx"> case MovHint:
</span><span class="cx"> case ZombieHint:
</span><del>- case PhantomArguments:
</del><span class="cx"> return true;
</span><span class="cx"> case Phantom:
</span><span class="cx"> case HardPhantom:
</span><span class="lines">@@ -1671,11 +1699,16 @@
</span><span class="cx"> return isArraySpeculation(prediction());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool shouldSpeculateArguments()
</del><ins>+ bool shouldSpeculateDirectArguments()
</ins><span class="cx"> {
</span><del>- return isArgumentsSpeculation(prediction());
</del><ins>+ return isDirectArgumentsSpeculation(prediction());
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool shouldSpeculateScopedArguments()
+ {
+ return isScopedArgumentsSpeculation(prediction());
+ }
+
</ins><span class="cx"> bool shouldSpeculateInt8Array()
</span><span class="cx"> {
</span><span class="cx"> return isInt8ArraySpeculation(prediction());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNodeType.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -50,6 +50,7 @@
</span><span class="cx"> macro(ToThis, NodeResultJS) \
</span><span class="cx"> macro(CreateThis, NodeResultJS) /* Note this is not MustGenerate since we're returning it anyway. */ \
</span><span class="cx"> macro(GetCallee, NodeResultJS) \
</span><ins>+ macro(GetArgumentCount, NodeResultInt32) \
</ins><span class="cx"> \
</span><span class="cx"> /* Nodes for local variable access. These nodes are linked together using Phi nodes. */\
</span><span class="cx"> /* Any two nodes that are part of the same Phi graph will share the same */\
</span><span class="lines">@@ -151,7 +152,9 @@
</span><span class="cx"> /* this must be the directly subsequent property put. Note that PutByVal */\
</span><span class="cx"> /* opcodes use VarArgs beause they may have up to 4 children. */\
</span><span class="cx"> macro(GetByVal, NodeResultJS | NodeMustGenerate) \
</span><ins>+ macro(GetMyArgumentByVal, NodeResultJS | NodeMustGenerate) \
</ins><span class="cx"> macro(LoadVarargs, NodeMustGenerate) \
</span><ins>+ macro(ForwardVarargs, NodeMustGenerate) \
</ins><span class="cx"> macro(PutByValDirect, NodeMustGenerate | NodeHasVarArgs) \
</span><span class="cx"> macro(PutByVal, NodeMustGenerate | NodeHasVarArgs) \
</span><span class="cx"> macro(PutByValAlias, NodeMustGenerate | NodeHasVarArgs) \
</span><span class="lines">@@ -183,7 +186,6 @@
</span><span class="cx"> macro(GetTypedArrayByteOffset, NodeResultInt32) \
</span><span class="cx"> macro(GetScope, NodeResultJS) \
</span><span class="cx"> macro(SkipScope, NodeResultJS) \
</span><del>- macro(GetClosureRegisters, NodeResultStorage) \
</del><span class="cx"> macro(GetClosureVar, NodeResultJS) \
</span><span class="cx"> macro(PutClosureVar, NodeMustGenerate) \
</span><span class="cx"> macro(GetGlobalVar, NodeResultJS) \
</span><span class="lines">@@ -224,6 +226,7 @@
</span><span class="cx"> macro(CallVarargs, NodeResultJS | NodeMustGenerate) \
</span><span class="cx"> macro(CallForwardVarargs, NodeResultJS | NodeMustGenerate) \
</span><span class="cx"> macro(ConstructVarargs, NodeResultJS | NodeMustGenerate) \
</span><ins>+ macro(ConstructForwardVarargs, NodeResultJS | NodeMustGenerate) \
</ins><span class="cx"> macro(NativeCall, NodeResultJS | NodeMustGenerate | NodeHasVarArgs) \
</span><span class="cx"> macro(NativeConstruct, NodeResultJS | NodeMustGenerate | NodeHasVarArgs) \
</span><span class="cx"> \
</span><span class="lines">@@ -264,26 +267,17 @@
</span><span class="cx"> macro(ProfileType, NodeMustGenerate) \
</span><span class="cx"> macro(ProfileControlFlow, NodeMustGenerate) \
</span><span class="cx"> \
</span><del>- /* Nodes used for activations. Activation support works by having it anchored at */\
- /* epilgoues via TearOffActivation, and all CreateActivation nodes kept alive by */\
- /* being threaded with each other. */\
</del><span class="cx"> macro(CreateActivation, NodeResultJS) \
</span><span class="cx"> \
</span><del>- /* Nodes used for arguments. Similar to lexical environment support, only it makes even less */\
- /* sense. */\
- macro(CreateArguments, NodeResultJS) \
- macro(PhantomArguments, NodeResultJS) \
- macro(TearOffArguments, NodeMustGenerate) \
- macro(GetMyArgumentsLength, NodeResultJS | NodeMustGenerate) \
- macro(GetMyArgumentByVal, NodeResultJS | NodeMustGenerate) \
- macro(GetMyArgumentsLengthSafe, NodeResultJS | NodeMustGenerate) \
- macro(GetMyArgumentByValSafe, NodeResultJS | NodeMustGenerate) \
- macro(CheckArgumentsNotCreated, NodeMustGenerate) \
</del><ins>+ macro(CreateDirectArguments, NodeResultJS) \
+ macro(PhantomDirectArguments, NodeResultJS) \
+ macro(CreateScopedArguments, NodeResultJS) \
+ macro(CreateClonedArguments, NodeResultJS) \
+ macro(PhantomClonedArguments, NodeResultJS) \
+ macro(GetFromArguments, NodeResultJS) \
+ macro(PutToArguments, NodeMustGenerate) \
</ins><span class="cx"> \
</span><del>- /* Nodes for creating functions. */\
- macro(NewFunctionNoCheck, NodeResultJS) \
</del><span class="cx"> macro(NewFunction, NodeResultJS) \
</span><del>- macro(NewFunctionExpression, NodeResultJS) \
</del><span class="cx"> \
</span><span class="cx"> /* These aren't terminals but always exit */ \
</span><span class="cx"> macro(Throw, NodeMustGenerate) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRAvailabilityAnalysisPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -82,8 +82,10 @@
</span><span class="cx"> for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex)
</span><span class="cx"> calculator.executeNode(block->at(nodeIndex));
</span><span class="cx">
</span><ins>+ // FIXME: we should probably prune by liveness here.
+ // https://bugs.webkit.org/show_bug.cgi?id=143078
</ins><span class="cx"> calculator.m_availability.prune();
</span><del>-
</del><ins>+
</ins><span class="cx"> if (calculator.m_availability == block->ssa->availabilityAtTail)
</span><span class="cx"> continue;
</span><span class="cx">
</span><span class="lines">@@ -155,7 +157,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case LoadVarargs: {
</del><ins>+ case LoadVarargs:
+ case ForwardVarargs: {
</ins><span class="cx"> LoadVarargsData* data = node->loadVarargsData();
</span><span class="cx"> m_availability.m_locals.operand(data->count) =
</span><span class="cx"> Availability(FlushedAt(FlushedInt32, data->machineCount));
</span><span class="lines">@@ -166,6 +169,38 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments: {
+ InlineCallFrame* inlineCallFrame = node->origin.semantic.inlineCallFrame;
+ if (!inlineCallFrame) {
+ // We don't need to record anything about how the arguments are to be recovered. It's just a
+ // given that we can read them from the stack.
+ break;
+ }
+
+ if (inlineCallFrame->isVarargs()) {
+ // Record how to read each argument and the argument count.
+ Availability argumentCount =
+ m_availability.m_locals.operand(inlineCallFrame->stackOffset + JSStack::ArgumentCount);
+
+ m_availability.m_heap.set(PromotedHeapLocation(ArgumentCountPLoc, node), argumentCount);
+ }
+
+ if (inlineCallFrame->isClosureCall) {
+ Availability callee = m_availability.m_locals.operand(
+ inlineCallFrame->stackOffset + JSStack::Callee);
+ m_availability.m_heap.set(PromotedHeapLocation(ArgumentsCalleePLoc, node), callee);
+ }
+
+ for (unsigned i = 0; i < inlineCallFrame->arguments.size() - 1; ++i) {
+ Availability argument = m_availability.m_locals.operand(
+ inlineCallFrame->stackOffset + CallFrame::argumentOffset(i));
+
+ m_availability.m_heap.set(PromotedHeapLocation(ArgumentPLoc, node, i), argument);
+ }
+ break;
+ }
+
</ins><span class="cx"> case PutHint: {
</span><span class="cx"> m_availability.m_heap.set(
</span><span class="cx"> PromotedHeapLocation(node->child1().node(), node->promotedLocationDescriptor()),
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2012, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -40,6 +40,75 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace DFG {
</span><span class="cx">
</span><ins>+void OSRExitCompiler::emitRestoreArguments(const Operands<ValueRecovery>& operands)
+{
+ HashMap<MinifiedID, int> alreadyAllocatedArguments; // Maps phantom arguments node ID to operand.
+ for (size_t index = 0; index < operands.size(); ++index) {
+ const ValueRecovery& recovery = operands[index];
+ int operand = operands.operandForIndex(index);
+
+ if (recovery.technique() != DirectArgumentsThatWereNotCreated
+ && recovery.technique() != ClonedArgumentsThatWereNotCreated)
+ continue;
+
+ MinifiedID id = recovery.nodeID();
+ auto iter = alreadyAllocatedArguments.find(id);
+ if (iter != alreadyAllocatedArguments.end()) {
+ JSValueRegs regs = JSValueRegs::withTwoAvailableRegs(GPRInfo::regT0, GPRInfo::regT1);
+ m_jit.loadValue(CCallHelpers::addressFor(iter->value), regs);
+ m_jit.storeValue(regs, CCallHelpers::addressFor(operand));
+ continue;
+ }
+
+ InlineCallFrame* inlineCallFrame =
+ m_jit.codeBlock()->jitCode()->dfg()->minifiedDFG.at(id)->inlineCallFrame();
+
+ int stackOffset;
+ if (inlineCallFrame)
+ stackOffset = inlineCallFrame->stackOffset;
+ else
+ stackOffset = 0;
+
+ if (!inlineCallFrame || inlineCallFrame->isClosureCall) {
+ m_jit.loadPtr(
+ AssemblyHelpers::addressFor(stackOffset + JSStack::Callee),
+ GPRInfo::regT0);
+ } else {
+ m_jit.move(
+ AssemblyHelpers::TrustedImmPtr(inlineCallFrame->calleeRecovery.constant().asCell()),
+ GPRInfo::regT0);
+ }
+
+ if (!inlineCallFrame || inlineCallFrame->isVarargs()) {
+ m_jit.load32(
+ AssemblyHelpers::payloadFor(stackOffset + JSStack::ArgumentCount),
+ GPRInfo::regT1);
+ } else {
+ m_jit.move(
+ AssemblyHelpers::TrustedImm32(inlineCallFrame->arguments.size()),
+ GPRInfo::regT1);
+ }
+
+ m_jit.setupArgumentsWithExecState(
+ AssemblyHelpers::TrustedImmPtr(inlineCallFrame), GPRInfo::regT0, GPRInfo::regT1);
+ switch (recovery.technique()) {
+ case DirectArgumentsThatWereNotCreated:
+ m_jit.move(AssemblyHelpers::TrustedImmPtr(bitwise_cast<void*>(operationCreateDirectArgumentsDuringExit)), GPRInfo::nonArgGPR0);
+ break;
+ case ClonedArgumentsThatWereNotCreated:
+ m_jit.move(AssemblyHelpers::TrustedImmPtr(bitwise_cast<void*>(operationCreateClonedArgumentsDuringExit)), GPRInfo::nonArgGPR0);
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+ m_jit.call(GPRInfo::nonArgGPR0);
+ m_jit.storeCell(GPRInfo::returnValueGPR, AssemblyHelpers::addressFor(operand));
+
+ alreadyAllocatedArguments.add(id, operand);
+ }
+}
+
</ins><span class="cx"> extern "C" {
</span><span class="cx">
</span><span class="cx"> void compileOSRExit(ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -49,28 +49,9 @@
</span><span class="cx"> void compileExit(const OSRExit&, const Operands<ValueRecovery>&, SpeculationRecovery*);
</span><span class="cx">
</span><span class="cx"> private:
</span><del>-#if !ASSERT_DISABLED
- static unsigned badIndex() { return static_cast<unsigned>(-1); };
-#endif
</del><ins>+ void emitRestoreArguments(const Operands<ValueRecovery>&);
</ins><span class="cx">
</span><del>- void initializePoisoned(unsigned size)
- {
-#if ASSERT_DISABLED
- m_poisonScratchIndices.resize(size);
-#else
- m_poisonScratchIndices.fill(badIndex(), size);
-#endif
- }
-
- unsigned poisonIndex(unsigned index)
- {
- unsigned result = m_poisonScratchIndices[index];
- ASSERT(result != badIndex());
- return result;
- }
-
</del><span class="cx"> CCallHelpers& m_jit;
</span><del>- Vector<unsigned> m_poisonScratchIndices;
</del><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> extern "C" {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompiler32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -38,7 +38,7 @@
</span><span class="cx">
</span><span class="cx"> void OSRExitCompiler::compileExit(const OSRExit& exit, const Operands<ValueRecovery>& operands, SpeculationRecovery* recovery)
</span><span class="cx"> {
</span><del>- // 1) Pro-forma stuff.
</del><ins>+ // Pro-forma stuff.
</ins><span class="cx"> if (Options::printEachOSRExit()) {
</span><span class="cx"> SpeculationFailureDebugInfo* debugInfo = new SpeculationFailureDebugInfo;
</span><span class="cx"> debugInfo->codeBlock = m_jit.codeBlock();
</span><span class="lines">@@ -48,8 +48,8 @@
</span><span class="cx"> m_jit.debugCall(debugOperationPrintSpeculationFailure, debugInfo);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // 2) Perform speculation recovery. This only comes into play when an operation
- // starts mutating state before verifying the speculation it has already made.
</del><ins>+ // Perform speculation recovery. This only comes into play when an operation
+ // starts mutating state before verifying the speculation it has already made.
</ins><span class="cx">
</span><span class="cx"> if (recovery) {
</span><span class="cx"> switch (recovery->type()) {
</span><span class="lines">@@ -65,7 +65,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // 3) Refine some value profile, if appropriate.
</del><ins>+ // Refine some value profile, if appropriate.
</ins><span class="cx">
</span><span class="cx"> if (!!exit.m_jsValueSource) {
</span><span class="cx"> if (exit.m_kind == BadCache || exit.m_kind == BadIndexingType) {
</span><span class="lines">@@ -102,13 +102,8 @@
</span><span class="cx"> scratch1 = AssemblyHelpers::selectScratchGPR(usedRegister1, usedRegister2);
</span><span class="cx"> scratch2 = AssemblyHelpers::selectScratchGPR(usedRegister1, usedRegister2, scratch1);
</span><span class="cx">
</span><del>-#if CPU(ARM64)
- m_jit.pushToSave(scratch1);
- m_jit.pushToSave(scratch2);
-#else
</del><span class="cx"> m_jit.push(scratch1);
</span><span class="cx"> m_jit.push(scratch2);
</span><del>-#endif
</del><span class="cx">
</span><span class="cx"> GPRReg value;
</span><span class="cx"> if (exit.m_jsValueSource.isAddress()) {
</span><span class="lines">@@ -124,13 +119,8 @@
</span><span class="cx"> m_jit.lshift32(scratch1, scratch2);
</span><span class="cx"> m_jit.or32(scratch2, AssemblyHelpers::AbsoluteAddress(arrayProfile->addressOfArrayModes()));
</span><span class="cx">
</span><del>-#if CPU(ARM64)
- m_jit.popToRestore(scratch2);
- m_jit.popToRestore(scratch1);
-#else
</del><span class="cx"> m_jit.pop(scratch2);
</span><span class="cx"> m_jit.pop(scratch1);
</span><del>-#endif
</del><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -141,22 +131,14 @@
</span><span class="cx"> // Save a register so we can use it.
</span><span class="cx"> GPRReg scratch = AssemblyHelpers::selectScratchGPR(exit.m_jsValueSource.base());
</span><span class="cx">
</span><del>-#if CPU(ARM64)
- m_jit.pushToSave(scratch);
-#else
</del><span class="cx"> m_jit.push(scratch);
</span><del>-#endif
</del><span class="cx">
</span><span class="cx"> m_jit.load32(exit.m_jsValueSource.asAddress(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), scratch);
</span><span class="cx"> m_jit.store32(scratch, &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.tag);
</span><span class="cx"> m_jit.load32(exit.m_jsValueSource.asAddress(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), scratch);
</span><span class="cx"> m_jit.store32(scratch, &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.payload);
</span><span class="cx">
</span><del>-#if CPU(ARM64)
- m_jit.popToRestore(scratch);
-#else
</del><span class="cx"> m_jit.pop(scratch);
</span><del>-#endif
</del><span class="cx"> } else if (exit.m_jsValueSource.hasKnownTag()) {
</span><span class="cx"> m_jit.store32(AssemblyHelpers::TrustedImm32(exit.m_jsValueSource.tag()), &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.tag);
</span><span class="cx"> m_jit.store32(exit.m_jsValueSource.payloadGPR(), &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.payload);
</span><span class="lines">@@ -170,7 +152,7 @@
</span><span class="cx"> // Do a simplified OSR exit. See DFGOSRExitCompiler64.cpp's comment regarding how and wny we
</span><span class="cx"> // do this simple approach.
</span><span class="cx">
</span><del>- // 4) Save all state from GPRs into the scratch buffer.
</del><ins>+ // Save all state from GPRs into the scratch buffer.
</ins><span class="cx">
</span><span class="cx"> ScratchBuffer* scratchBuffer = m_jit.vm()->scratchBufferForSize(sizeof(EncodedJSValue) * operands.size());
</span><span class="cx"> EncodedJSValue* scratch = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
</span><span class="lines">@@ -203,7 +185,7 @@
</span><span class="cx">
</span><span class="cx"> // Now all GPRs are free to reuse.
</span><span class="cx">
</span><del>- // 5) Save all state from FPRs into the scratch buffer.
</del><ins>+ // Save all state from FPRs into the scratch buffer.
</ins><span class="cx">
</span><span class="cx"> for (size_t index = 0; index < operands.size(); ++index) {
</span><span class="cx"> const ValueRecovery& recovery = operands[index];
</span><span class="lines">@@ -221,9 +203,9 @@
</span><span class="cx">
</span><span class="cx"> // Now all FPRs are free to reuse.
</span><span class="cx">
</span><del>- // 6) Save all state from the stack into the scratch buffer. For simplicity we
- // do this even for state that's already in the right place on the stack.
- // It makes things simpler later.
</del><ins>+ // Save all state from the stack into the scratch buffer. For simplicity we
+ // do this even for state that's already in the right place on the stack.
+ // It makes things simpler later.
</ins><span class="cx">
</span><span class="cx"> for (size_t index = 0; index < operands.size(); ++index) {
</span><span class="cx"> const ValueRecovery& recovery = operands[index];
</span><span class="lines">@@ -261,10 +243,8 @@
</span><span class="cx"> -m_jit.codeBlock()->jitCode()->dfgCommon()->requiredRegisterCountForExit * sizeof(Register)),
</span><span class="cx"> CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
</span><span class="cx">
</span><del>- // 7) Do all data format conversions and store the results into the stack.
</del><ins>+ // Do all data format conversions and store the results into the stack.
</ins><span class="cx">
</span><del>- bool haveArguments = false;
-
</del><span class="cx"> for (size_t index = 0; index < operands.size(); ++index) {
</span><span class="cx"> const ValueRecovery& recovery = operands[index];
</span><span class="cx"> int operand = operands.operandForIndex(index);
</span><span class="lines">@@ -342,14 +322,9 @@
</span><span class="cx"> AssemblyHelpers::payloadFor(operand));
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case ArgumentsThatWereNotCreated:
- haveArguments = true;
- m_jit.store32(
- AssemblyHelpers::TrustedImm32(JSValue().tag()),
- AssemblyHelpers::tagFor(operand));
- m_jit.store32(
- AssemblyHelpers::TrustedImm32(JSValue().payload()),
- AssemblyHelpers::payloadFor(operand));
</del><ins>+ case DirectArgumentsThatWereNotCreated:
+ case ClonedArgumentsThatWereNotCreated:
+ // Don't do this, yet.
</ins><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> default:
</span><span class="lines">@@ -357,64 +332,57 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // 8) Adjust the old JIT's execute counter. Since we are exiting OSR, we know
- // that all new calls into this code will go to the new JIT, so the execute
- // counter only affects call frames that performed OSR exit and call frames
- // that were still executing the old JIT at the time of another call frame's
- // OSR exit. We want to ensure that the following is true:
</del><ins>+ // Now that things on the stack are recovered, do the arguments recovery. We assume that arguments
+ // recoveries don't recursively refer to each other. But, we don't try to assume that they only
+ // refer to certain ranges of locals. Hence why we need to do this here, once the stack is sensible.
+ // Note that we also roughly assume that the arguments might still be materialized outside of its
+ // inline call frame scope - but for now the DFG wouldn't do that.
+
+ emitRestoreArguments(operands);
+
+ // Adjust the old JIT's execute counter. Since we are exiting OSR, we know
+ // that all new calls into this code will go to the new JIT, so the execute
+ // counter only affects call frames that performed OSR exit and call frames
+ // that were still executing the old JIT at the time of another call frame's
+ // OSR exit. We want to ensure that the following is true:
</ins><span class="cx"> //
</span><del>- // (a) Code the performs an OSR exit gets a chance to reenter optimized
- // code eventually, since optimized code is faster. But we don't
- // want to do such reentery too aggressively (see (c) below).
</del><ins>+ // (a) Code the performs an OSR exit gets a chance to reenter optimized
+ // code eventually, since optimized code is faster. But we don't
+ // want to do such reentery too aggressively (see (c) below).
</ins><span class="cx"> //
</span><del>- // (b) If there is code on the call stack that is still running the old
- // JIT's code and has never OSR'd, then it should get a chance to
- // perform OSR entry despite the fact that we've exited.
</del><ins>+ // (b) If there is code on the call stack that is still running the old
+ // JIT's code and has never OSR'd, then it should get a chance to
+ // perform OSR entry despite the fact that we've exited.
</ins><span class="cx"> //
</span><del>- // (c) Code the performs an OSR exit should not immediately retry OSR
- // entry, since both forms of OSR are expensive. OSR entry is
- // particularly expensive.
</del><ins>+ // (c) Code the performs an OSR exit should not immediately retry OSR
+ // entry, since both forms of OSR are expensive. OSR entry is
+ // particularly expensive.
</ins><span class="cx"> //
</span><del>- // (d) Frequent OSR failures, even those that do not result in the code
- // running in a hot loop, result in recompilation getting triggered.
</del><ins>+ // (d) Frequent OSR failures, even those that do not result in the code
+ // running in a hot loop, result in recompilation getting triggered.
</ins><span class="cx"> //
</span><del>- // To ensure (c), we'd like to set the execute counter to
- // counterValueForOptimizeAfterWarmUp(). This seems like it would endanger
- // (a) and (b), since then every OSR exit would delay the opportunity for
- // every call frame to perform OSR entry. Essentially, if OSR exit happens
- // frequently and the function has few loops, then the counter will never
- // become non-negative and OSR entry will never be triggered. OSR entry
- // will only happen if a loop gets hot in the old JIT, which does a pretty
- // good job of ensuring (a) and (b). But that doesn't take care of (d),
- // since each speculation failure would reset the execute counter.
- // So we check here if the number of speculation failures is significantly
- // larger than the number of successes (we want 90% success rate), and if
- // there have been a large enough number of failures. If so, we set the
- // counter to 0; otherwise we set the counter to
- // counterValueForOptimizeAfterWarmUp().
</del><ins>+ // To ensure (c), we'd like to set the execute counter to
+ // counterValueForOptimizeAfterWarmUp(). This seems like it would endanger
+ // (a) and (b), since then every OSR exit would delay the opportunity for
+ // every call frame to perform OSR entry. Essentially, if OSR exit happens
+ // frequently and the function has few loops, then the counter will never
+ // become non-negative and OSR entry will never be triggered. OSR entry
+ // will only happen if a loop gets hot in the old JIT, which does a pretty
+ // good job of ensuring (a) and (b). But that doesn't take care of (d),
+ // since each speculation failure would reset the execute counter.
+ // So we check here if the number of speculation failures is significantly
+ // larger than the number of successes (we want 90% success rate), and if
+ // there have been a large enough number of failures. If so, we set the
+ // counter to 0; otherwise we set the counter to
+ // counterValueForOptimizeAfterWarmUp().
</ins><span class="cx">
</span><span class="cx"> handleExitCounts(m_jit, exit);
</span><span class="cx">
</span><del>- // 9) Reify inlined call frames.
</del><ins>+ // Reify inlined call frames.
</ins><span class="cx">
</span><span class="cx"> reifyInlinedCallFrames(m_jit, exit);
</span><span class="cx">
</span><del>- // 10) Create arguments if necessary and place them into the appropriate aliased
- // registers.
-
- if (haveArguments) {
- ArgumentsRecoveryGenerator argumentsRecovery;
-
- for (size_t index = 0; index < operands.size(); ++index) {
- const ValueRecovery& recovery = operands[index];
- if (recovery.technique() != ArgumentsThatWereNotCreated)
- continue;
- argumentsRecovery.generateFor(
- operands.operandForIndex(index), exit.m_codeOrigin, m_jit);
- }
- }
-
- // 12) And finish.
</del><ins>+ // And finish.
</ins><span class="cx"> adjustAndJumpToTarget(m_jit, exit);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompiler64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -42,7 +42,7 @@
</span><span class="cx"> {
</span><span class="cx"> m_jit.jitAssertTagsInPlace();
</span><span class="cx">
</span><del>- // 1) Pro-forma stuff.
</del><ins>+ // Pro-forma stuff.
</ins><span class="cx"> if (Options::printEachOSRExit()) {
</span><span class="cx"> SpeculationFailureDebugInfo* debugInfo = new SpeculationFailureDebugInfo;
</span><span class="cx"> debugInfo->codeBlock = m_jit.codeBlock();
</span><span class="lines">@@ -52,8 +52,8 @@
</span><span class="cx"> m_jit.debugCall(debugOperationPrintSpeculationFailure, debugInfo);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // 2) Perform speculation recovery. This only comes into play when an operation
- // starts mutating state before verifying the speculation it has already made.
</del><ins>+ // Perform speculation recovery. This only comes into play when an operation
+ // starts mutating state before verifying the speculation it has already made.
</ins><span class="cx">
</span><span class="cx"> if (recovery) {
</span><span class="cx"> switch (recovery->type()) {
</span><span class="lines">@@ -71,7 +71,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // 3) Refine some array and/or value profile, if appropriate.
</del><ins>+ // Refine some array and/or value profile, if appropriate.
</ins><span class="cx">
</span><span class="cx"> if (!!exit.m_jsValueSource) {
</span><span class="cx"> if (exit.m_kind == BadCache || exit.m_kind == BadIndexingType) {
</span><span class="lines">@@ -97,13 +97,13 @@
</span><span class="cx"> scratch1 = AssemblyHelpers::selectScratchGPR(usedRegister);
</span><span class="cx"> scratch2 = AssemblyHelpers::selectScratchGPR(usedRegister, scratch1);
</span><span class="cx">
</span><del>-#if CPU(ARM64)
- m_jit.pushToSave(scratch1);
- m_jit.pushToSave(scratch2);
-#else
- m_jit.push(scratch1);
- m_jit.push(scratch2);
-#endif
</del><ins>+ if (isARM64()) {
+ m_jit.pushToSave(scratch1);
+ m_jit.pushToSave(scratch2);
+ } else {
+ m_jit.push(scratch1);
+ m_jit.push(scratch2);
+ }
</ins><span class="cx">
</span><span class="cx"> GPRReg value;
</span><span class="cx"> if (exit.m_jsValueSource.isAddress()) {
</span><span class="lines">@@ -119,13 +119,13 @@
</span><span class="cx"> m_jit.lshift32(scratch1, scratch2);
</span><span class="cx"> m_jit.or32(scratch2, AssemblyHelpers::AbsoluteAddress(arrayProfile->addressOfArrayModes()));
</span><span class="cx">
</span><del>-#if CPU(ARM64)
- m_jit.popToRestore(scratch2);
- m_jit.popToRestore(scratch1);
-#else
- m_jit.pop(scratch2);
- m_jit.pop(scratch1);
-#endif
</del><ins>+ if (isARM64()) {
+ m_jit.popToRestore(scratch2);
+ m_jit.popToRestore(scratch1);
+ } else {
+ m_jit.pop(scratch2);
+ m_jit.pop(scratch1);
+ }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -179,7 +179,7 @@
</span><span class="cx"> // variable" from "how was it represented", which will make it more difficult to add
</span><span class="cx"> // features in the future and it will make it harder to reason about bugs.
</span><span class="cx">
</span><del>- // 4) Save all state from GPRs into the scratch buffer.
</del><ins>+ // Save all state from GPRs into the scratch buffer.
</ins><span class="cx">
</span><span class="cx"> ScratchBuffer* scratchBuffer = m_jit.vm()->scratchBufferForSize(sizeof(EncodedJSValue) * operands.size());
</span><span class="cx"> EncodedJSValue* scratch = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
</span><span class="lines">@@ -203,7 +203,7 @@
</span><span class="cx">
</span><span class="cx"> // And voila, all GPRs are free to reuse.
</span><span class="cx">
</span><del>- // 5) Save all state from FPRs into the scratch buffer.
</del><ins>+ // Save all state from FPRs into the scratch buffer.
</ins><span class="cx">
</span><span class="cx"> for (size_t index = 0; index < operands.size(); ++index) {
</span><span class="cx"> const ValueRecovery& recovery = operands[index];
</span><span class="lines">@@ -221,9 +221,9 @@
</span><span class="cx">
</span><span class="cx"> // Now, all FPRs are also free.
</span><span class="cx">
</span><del>- // 6) Save all state from the stack into the scratch buffer. For simplicity we
- // do this even for state that's already in the right place on the stack.
- // It makes things simpler later.
</del><ins>+ // Save all state from the stack into the scratch buffer. For simplicity we
+ // do this even for state that's already in the right place on the stack.
+ // It makes things simpler later.
</ins><span class="cx">
</span><span class="cx"> for (size_t index = 0; index < operands.size(); ++index) {
</span><span class="cx"> const ValueRecovery& recovery = operands[index];
</span><span class="lines">@@ -253,10 +253,8 @@
</span><span class="cx"> -m_jit.codeBlock()->jitCode()->dfgCommon()->requiredRegisterCountForExit * sizeof(Register)),
</span><span class="cx"> CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
</span><span class="cx">
</span><del>- // 7) Do all data format conversions and store the results into the stack.
</del><ins>+ // Do all data format conversions and store the results into the stack.
</ins><span class="cx">
</span><del>- bool haveArguments = false;
-
</del><span class="cx"> for (size_t index = 0; index < operands.size(); ++index) {
</span><span class="cx"> const ValueRecovery& recovery = operands[index];
</span><span class="cx"> int operand = operands.operandForIndex(index);
</span><span class="lines">@@ -310,78 +308,68 @@
</span><span class="cx"> AssemblyHelpers::addressFor(operand));
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case ArgumentsThatWereNotCreated:
- haveArguments = true;
- // We can't restore this yet but we can make sure that the stack appears
- // sane.
- m_jit.store64(
- AssemblyHelpers::TrustedImm64(JSValue::encode(JSValue())),
- AssemblyHelpers::addressFor(operand));
</del><ins>+ case DirectArgumentsThatWereNotCreated:
+ case ClonedArgumentsThatWereNotCreated:
+ // Don't do this, yet.
</ins><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> default:
</span><ins>+ RELEASE_ASSERT_NOT_REACHED();
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // 8) Adjust the old JIT's execute counter. Since we are exiting OSR, we know
- // that all new calls into this code will go to the new JIT, so the execute
- // counter only affects call frames that performed OSR exit and call frames
- // that were still executing the old JIT at the time of another call frame's
- // OSR exit. We want to ensure that the following is true:
</del><ins>+ // Now that things on the stack are recovered, do the arguments recovery. We assume that arguments
+ // recoveries don't recursively refer to each other. But, we don't try to assume that they only
+ // refer to certain ranges of locals. Hence why we need to do this here, once the stack is sensible.
+ // Note that we also roughly assume that the arguments might still be materialized outside of its
+ // inline call frame scope - but for now the DFG wouldn't do that.
+
+ emitRestoreArguments(operands);
+
+ // Adjust the old JIT's execute counter. Since we are exiting OSR, we know
+ // that all new calls into this code will go to the new JIT, so the execute
+ // counter only affects call frames that performed OSR exit and call frames
+ // that were still executing the old JIT at the time of another call frame's
+ // OSR exit. We want to ensure that the following is true:
</ins><span class="cx"> //
</span><del>- // (a) Code the performs an OSR exit gets a chance to reenter optimized
- // code eventually, since optimized code is faster. But we don't
- // want to do such reentery too aggressively (see (c) below).
</del><ins>+ // (a) Code the performs an OSR exit gets a chance to reenter optimized
+ // code eventually, since optimized code is faster. But we don't
+ // want to do such reentery too aggressively (see (c) below).
</ins><span class="cx"> //
</span><del>- // (b) If there is code on the call stack that is still running the old
- // JIT's code and has never OSR'd, then it should get a chance to
- // perform OSR entry despite the fact that we've exited.
</del><ins>+ // (b) If there is code on the call stack that is still running the old
+ // JIT's code and has never OSR'd, then it should get a chance to
+ // perform OSR entry despite the fact that we've exited.
</ins><span class="cx"> //
</span><del>- // (c) Code the performs an OSR exit should not immediately retry OSR
- // entry, since both forms of OSR are expensive. OSR entry is
- // particularly expensive.
</del><ins>+ // (c) Code the performs an OSR exit should not immediately retry OSR
+ // entry, since both forms of OSR are expensive. OSR entry is
+ // particularly expensive.
</ins><span class="cx"> //
</span><del>- // (d) Frequent OSR failures, even those that do not result in the code
- // running in a hot loop, result in recompilation getting triggered.
</del><ins>+ // (d) Frequent OSR failures, even those that do not result in the code
+ // running in a hot loop, result in recompilation getting triggered.
</ins><span class="cx"> //
</span><del>- // To ensure (c), we'd like to set the execute counter to
- // counterValueForOptimizeAfterWarmUp(). This seems like it would endanger
- // (a) and (b), since then every OSR exit would delay the opportunity for
- // every call frame to perform OSR entry. Essentially, if OSR exit happens
- // frequently and the function has few loops, then the counter will never
- // become non-negative and OSR entry will never be triggered. OSR entry
- // will only happen if a loop gets hot in the old JIT, which does a pretty
- // good job of ensuring (a) and (b). But that doesn't take care of (d),
- // since each speculation failure would reset the execute counter.
- // So we check here if the number of speculation failures is significantly
- // larger than the number of successes (we want 90% success rate), and if
- // there have been a large enough number of failures. If so, we set the
- // counter to 0; otherwise we set the counter to
- // counterValueForOptimizeAfterWarmUp().
</del><ins>+ // To ensure (c), we'd like to set the execute counter to
+ // counterValueForOptimizeAfterWarmUp(). This seems like it would endanger
+ // (a) and (b), since then every OSR exit would delay the opportunity for
+ // every call frame to perform OSR entry. Essentially, if OSR exit happens
+ // frequently and the function has few loops, then the counter will never
+ // become non-negative and OSR entry will never be triggered. OSR entry
+ // will only happen if a loop gets hot in the old JIT, which does a pretty
+ // good job of ensuring (a) and (b). But that doesn't take care of (d),
+ // since each speculation failure would reset the execute counter.
+ // So we check here if the number of speculation failures is significantly
+ // larger than the number of successes (we want 90% success rate), and if
+ // there have been a large enough number of failures. If so, we set the
+ // counter to 0; otherwise we set the counter to
+ // counterValueForOptimizeAfterWarmUp().
</ins><span class="cx">
</span><span class="cx"> handleExitCounts(m_jit, exit);
</span><span class="cx">
</span><del>- // 9) Reify inlined call frames.
</del><ins>+ // Reify inlined call frames.
</ins><span class="cx">
</span><span class="cx"> reifyInlinedCallFrames(m_jit, exit);
</span><span class="cx">
</span><del>- // 10) Create arguments if necessary and place them into the appropriate aliased
- // registers.
-
- if (haveArguments) {
- ArgumentsRecoveryGenerator argumentsRecovery;
-
- for (size_t index = 0; index < operands.size(); ++index) {
- const ValueRecovery& recovery = operands[index];
- if (recovery.technique() != ArgumentsThatWereNotCreated)
- continue;
- argumentsRecovery.generateFor(
- operands.operandForIndex(index), exit.m_codeOrigin, m_jit);
- }
- }
-
- // 12) And finish.
</del><ins>+ // And finish.
</ins><span class="cx"> adjustAndJumpToTarget(m_jit, exit);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "DFGJITCode.h"
</span><span class="cx"> #include "DFGOperations.h"
</span><span class="cx"> #include "JIT.h"
</span><span class="lines">@@ -206,10 +205,6 @@
</span><span class="cx"> jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::ArgumentCount)));
</span><span class="cx"> if (!inlineCallFrame->isClosureCall)
</span><span class="cx"> jit.store64(AssemblyHelpers::TrustedImm64(JSValue::encode(JSValue(inlineCallFrame->calleeConstant()))), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::Callee)));
</span><del>-
- // Leave the captured arguments in regT3.
- if (baselineCodeBlock->usesArguments())
- jit.loadPtr(AssemblyHelpers::addressFor(VirtualRegister(inlineCallFrame->stackOffset + unmodifiedArgumentsRegister(baselineCodeBlock->argumentsRegister()).offset())), GPRInfo::regT3);
</del><span class="cx"> #else // USE(JSVALUE64) // so this is the 32-bit part
</span><span class="cx"> jit.storePtr(callerFrameGPR, AssemblyHelpers::addressForByteOffset(inlineCallFrame->callerFrameOffset()));
</span><span class="cx"> Instruction* instruction = baselineCodeBlock->instructions().begin() + codeOrigin.bytecodeIndex;
</span><span class="lines">@@ -218,18 +213,7 @@
</span><span class="cx"> jit.store32(AssemblyHelpers::TrustedImm32(JSValue::CellTag), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::Callee)));
</span><span class="cx"> if (!inlineCallFrame->isClosureCall)
</span><span class="cx"> jit.storePtr(AssemblyHelpers::TrustedImmPtr(inlineCallFrame->calleeConstant()), AssemblyHelpers::payloadFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::Callee)));
</span><del>-
- // Leave the captured arguments in regT3.
- if (baselineCodeBlock->usesArguments())
- jit.loadPtr(AssemblyHelpers::payloadFor(VirtualRegister(inlineCallFrame->stackOffset + unmodifiedArgumentsRegister(baselineCodeBlock->argumentsRegister()).offset())), GPRInfo::regT3);
</del><span class="cx"> #endif // USE(JSVALUE64) // ending the #else part, so directly above is the 32-bit part
</span><del>-
- if (baselineCodeBlock->usesArguments()) {
- AssemblyHelpers::Jump noArguments = jit.branchTestPtr(AssemblyHelpers::Zero, GPRInfo::regT3);
- jit.addPtr(AssemblyHelpers::TrustedImm32(inlineCallFrame->stackOffset * sizeof(EncodedJSValue)), GPRInfo::callFrameRegister, GPRInfo::regT0);
- jit.storePtr(GPRInfo::regT0, AssemblyHelpers::Address(GPRInfo::regT3, Arguments::offsetOfRegisters()));
- noArguments.link(&jit);
- }
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="lines">@@ -299,75 +283,6 @@
</span><span class="cx"> jit.jump(GPRInfo::regT2);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-ArgumentsRecoveryGenerator::ArgumentsRecoveryGenerator() { }
-ArgumentsRecoveryGenerator::~ArgumentsRecoveryGenerator() { }
-
-void ArgumentsRecoveryGenerator::generateFor(
- int operand, CodeOrigin codeOrigin, CCallHelpers& jit)
-{
- // Find the right inline call frame.
- InlineCallFrame* inlineCallFrame = 0;
- for (InlineCallFrame* current = codeOrigin.inlineCallFrame;
- current;
- current = current->caller.inlineCallFrame) {
- if (current->stackOffset >= operand) {
- inlineCallFrame = current;
- break;
- }
- }
-
- if (!jit.baselineCodeBlockFor(inlineCallFrame)->usesArguments())
- return;
- VirtualRegister argumentsRegister = jit.baselineArgumentsRegisterFor(inlineCallFrame);
- if (m_didCreateArgumentsObject.add(inlineCallFrame).isNewEntry) {
- // We know this call frame optimized out an arguments object that
- // the baseline JIT would have created. Do that creation now.
- if (inlineCallFrame) {
- jit.addPtr(AssemblyHelpers::TrustedImm32(inlineCallFrame->stackOffset * sizeof(EncodedJSValue)), GPRInfo::callFrameRegister, GPRInfo::regT0);
- jit.setupArguments(GPRInfo::regT0);
- } else
- jit.setupArgumentsExecState();
- jit.move(
- AssemblyHelpers::TrustedImmPtr(
- bitwise_cast<void*>(operationCreateArgumentsDuringOSRExit)),
- GPRInfo::nonArgGPR0);
-#if USE(JSVALUE64)
- jit.call(GPRInfo::nonArgGPR0);
- jit.store64(GPRInfo::returnValueGPR, AssemblyHelpers::addressFor(argumentsRegister));
- jit.store64(
- GPRInfo::returnValueGPR,
- AssemblyHelpers::addressFor(unmodifiedArgumentsRegister(argumentsRegister)));
- jit.move(GPRInfo::returnValueGPR, GPRInfo::regT0); // no-op move on almost all platforms.
-#else // USE(JSVALUE64) -> so the 32_64 part
- jit.call(GPRInfo::nonArgGPR0);
- jit.store32(
- AssemblyHelpers::TrustedImm32(JSValue::CellTag),
- AssemblyHelpers::tagFor(argumentsRegister));
- jit.store32(
- GPRInfo::returnValueGPR,
- AssemblyHelpers::payloadFor(argumentsRegister));
- jit.store32(
- AssemblyHelpers::TrustedImm32(JSValue::CellTag),
- AssemblyHelpers::tagFor(unmodifiedArgumentsRegister(argumentsRegister)));
- jit.store32(
- GPRInfo::returnValueGPR,
- AssemblyHelpers::payloadFor(unmodifiedArgumentsRegister(argumentsRegister)));
- jit.move(GPRInfo::returnValueGPR, GPRInfo::regT0); // no-op move on almost all platforms.
-#endif // USE(JSVALUE64)
- }
-
-#if USE(JSVALUE64)
- jit.load64(AssemblyHelpers::addressFor(argumentsRegister), GPRInfo::regT0);
- jit.store64(GPRInfo::regT0, AssemblyHelpers::addressFor(operand));
-#else // USE(JSVALUE64) -> so the 32_64 part
- jit.load32(AssemblyHelpers::payloadFor(argumentsRegister), GPRInfo::regT0);
- jit.store32(
- AssemblyHelpers::TrustedImm32(JSValue::CellTag),
- AssemblyHelpers::tagFor(operand));
- jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor(operand));
-#endif // USE(JSVALUE64)
-}
-
</del><span class="cx"> } } // namespace JSC::DFG
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(DFG_JIT)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommonh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -37,18 +37,6 @@
</span><span class="cx"> void reifyInlinedCallFrames(CCallHelpers&, const OSRExitBase&);
</span><span class="cx"> void adjustAndJumpToTarget(CCallHelpers&, const OSRExitBase&);
</span><span class="cx">
</span><del>-class ArgumentsRecoveryGenerator {
-public:
- ArgumentsRecoveryGenerator();
- ~ArgumentsRecoveryGenerator();
-
- void generateFor(int operand, CodeOrigin, CCallHelpers&);
-
-private:
- HashSet<InlineCallFrame*, DefaultHash<InlineCallFrame*>::Hash,
- NullableHashTraits<InlineCallFrame*>> m_didCreateArgumentsObject;
-};
-
</del><span class="cx"> } } // namespace JSC::DFG
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(DFG_JIT)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -26,8 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "DFGOperations.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "ButterflyInlines.h"
</span><ins>+#include "ClonedArguments.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CommonSlowPaths.h"
</span><span class="cx"> #include "CopiedSpaceInlines.h"
</span><span class="lines">@@ -38,6 +38,7 @@
</span><span class="cx"> #include "DFGToFTLDeferredCompilationCallback.h"
</span><span class="cx"> #include "DFGToFTLForOSREntryDeferredCompilationCallback.h"
</span><span class="cx"> #include "DFGWorklist.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "FTLForOSREntryJITCode.h"
</span><span class="cx"> #include "FTLOSREntry.h"
</span><span class="cx"> #include "HostCallReturnValue.h"
</span><span class="lines">@@ -45,16 +46,17 @@
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JIT.h"
</span><span class="cx"> #include "JITExceptions.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSLexicalEnvironment.h"
</span><del>-#include "VM.h"
</del><span class="cx"> #include "JSNameScope.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><del>-#include "JSCInlines.h"
</del><span class="cx"> #include "Repatch.h"
</span><ins>+#include "ScopedArguments.h"
</ins><span class="cx"> #include "StringConstructor.h"
</span><span class="cx"> #include "Symbol.h"
</span><span class="cx"> #include "TypeProfilerLog.h"
</span><span class="cx"> #include "TypedArrayInlines.h"
</span><ins>+#include "VM.h"
</ins><span class="cx"> #include <wtf/InlineASM.h>
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="lines">@@ -746,66 +748,102 @@
</span><span class="cx"> return newTypedArrayWithOneArgument<JSFloat64Array>(exec, structure, encodedValue);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationCreateInlinedArguments(
- ExecState* exec, InlineCallFrame* inlineCallFrame)
</del><ins>+JSCell* JIT_OPERATION operationCreateActivationDirect(ExecState* exec, Structure* structure, JSScope* scope, SymbolTable* table)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><del>- // NB: This needs to be exceedingly careful with top call frame tracking, since it
- // may be called from OSR exit, while the state of the call stack is bizarre.
- Arguments* result = Arguments::create(vm, exec, inlineCallFrame);
- ASSERT(!vm.exception());
- return result;
</del><ins>+ return JSLexicalEnvironment::create(vm, structure, scope, table);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT_OPERATION operationTearOffInlinedArguments(
- ExecState* exec, JSCell* argumentsCell, JSCell* activationCell, InlineCallFrame* inlineCallFrame)
</del><ins>+JSCell* JIT_OPERATION operationCreateDirectArguments(ExecState* exec, Structure* structure, int32_t length, int32_t minCapacity)
</ins><span class="cx"> {
</span><del>- ASSERT_UNUSED(activationCell, !activationCell); // Currently, we don't inline functions with activations.
- jsCast<Arguments*>(argumentsCell)->tearOff(exec, inlineCallFrame);
</del><ins>+ VM& vm = exec->vm();
+ NativeCallFrameTracer target(&vm, exec);
+ DirectArguments* result = DirectArguments::create(
+ vm, structure, length, std::max(length, minCapacity));
+ // The caller will store to this object without barriers. Most likely, at this point, this is
+ // still a young object and so no barriers are needed. But it's good to be careful anyway,
+ // since the GC should be allowed to do crazy (like pretenuring, for example).
+ vm.heap.writeBarrier(result);
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-EncodedJSValue JIT_OPERATION operationGetArgumentByVal(ExecState* exec, int32_t argumentsRegister, int32_t index)
</del><ins>+JSCell* JIT_OPERATION operationCreateScopedArguments(ExecState* exec, Structure* structure, Register* argumentStart, int32_t length, JSFunction* callee, JSLexicalEnvironment* scope)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><del>- NativeCallFrameTracer tracer(&vm, exec);
-
- JSValue argumentsValue = exec->uncheckedR(argumentsRegister).jsValue();
</del><ins>+ NativeCallFrameTracer target(&vm, exec);
</ins><span class="cx">
</span><del>- // If there are no arguments, and we're accessing out of bounds, then we have to create the
- // arguments in case someone has installed a getter on a numeric property.
- if (!argumentsValue) {
- JSLexicalEnvironment* lexicalEnvironment = exec->lexicalEnvironmentOrNullptr();
- exec->uncheckedR(argumentsRegister) = argumentsValue = Arguments::create(exec->vm(), exec, lexicalEnvironment);
- }
</del><ins>+ // We could pass the ScopedArgumentsTable* as an argument. We currently don't because I
+ // didn't feel like changing the max number of arguments for a slow path call from 6 to 7.
+ ScopedArgumentsTable* table = scope->symbolTable()->arguments();
</ins><span class="cx">
</span><del>- return JSValue::encode(argumentsValue.get(exec, index));
</del><ins>+ return ScopedArguments::createByCopyingFrom(
+ vm, structure, argumentStart, length, callee, table, scope);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-EncodedJSValue JIT_OPERATION operationGetInlinedArgumentByVal(
- ExecState* exec, int32_t argumentsRegister, InlineCallFrame* inlineCallFrame, int32_t index)
</del><ins>+JSCell* JIT_OPERATION operationCreateClonedArguments(ExecState* exec, Structure* structure, Register* argumentStart, int32_t length, JSFunction* callee)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><del>- NativeCallFrameTracer tracer(&vm, exec);
</del><ins>+ NativeCallFrameTracer target(&vm, exec);
+ return ClonedArguments::createByCopyingFrom(
+ exec, structure, argumentStart, length, callee);
+}
</ins><span class="cx">
</span><del>- JSValue argumentsValue = exec->uncheckedR(argumentsRegister).jsValue();
</del><ins>+JSCell* JIT_OPERATION operationCreateDirectArgumentsDuringExit(ExecState* exec, InlineCallFrame* inlineCallFrame, JSFunction* callee, int32_t argumentCount)
+{
+ VM& vm = exec->vm();
+ NativeCallFrameTracer target(&vm, exec);
</ins><span class="cx">
</span><del>- // If there are no arguments, and we're accessing out of bounds, then we have to create the
- // arguments in case someone has installed a getter on a numeric property.
- if (!argumentsValue) {
- exec->uncheckedR(argumentsRegister) = argumentsValue =
- Arguments::create(exec->vm(), exec, inlineCallFrame);
- }
</del><ins>+ DeferGCForAWhile deferGC(vm.heap);
</ins><span class="cx">
</span><del>- return JSValue::encode(argumentsValue.get(exec, index));
</del><ins>+ CodeBlock* codeBlock;
+ if (inlineCallFrame)
+ codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame);
+ else
+ codeBlock = exec->codeBlock();
+
+ unsigned length = argumentCount - 1;
+ unsigned capacity = std::max(length, static_cast<unsigned>(codeBlock->numParameters() - 1));
+ DirectArguments* result = DirectArguments::create(
+ vm, codeBlock->globalObject()->directArgumentsStructure(), length, capacity);
+
+ result->callee().set(vm, result, callee);
+
+ Register* arguments =
+ exec->registers() + (inlineCallFrame ? inlineCallFrame->stackOffset : 0) +
+ CallFrame::argumentOffset(0);
+ for (unsigned i = length; i--;)
+ result->setIndexQuickly(vm, i, arguments[i].jsValue());
+
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationNewFunctionNoCheck(ExecState* exec, JSScope* scope, JSCell* functionExecutable)
</del><ins>+JSCell* JIT_OPERATION operationCreateClonedArgumentsDuringExit(ExecState* exec, InlineCallFrame* inlineCallFrame, JSFunction* callee, int32_t argumentCount)
</ins><span class="cx"> {
</span><del>- ASSERT(functionExecutable->inherits(FunctionExecutable::info()));
</del><span class="cx"> VM& vm = exec->vm();
</span><del>- NativeCallFrameTracer tracer(&vm, exec);
- return JSFunction::create(vm, static_cast<FunctionExecutable*>(functionExecutable), scope);
</del><ins>+ NativeCallFrameTracer target(&vm, exec);
+
+ DeferGCForAWhile deferGC(vm.heap);
+
+ CodeBlock* codeBlock;
+ if (inlineCallFrame)
+ codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame);
+ else
+ codeBlock = exec->codeBlock();
+
+ unsigned length = argumentCount - 1;
+ ClonedArguments* result = ClonedArguments::createEmpty(
+ vm, codeBlock->globalObject()->outOfBandArgumentsStructure(), callee);
+
+ Register* arguments =
+ exec->registers() + (inlineCallFrame ? inlineCallFrame->stackOffset : 0) +
+ CallFrame::argumentOffset(0);
+ for (unsigned i = length; i--;)
+ result->putDirectIndex(exec, i, arguments[i].jsValue());
+
+ result->putDirect(vm, vm.propertyNames->length, jsNumber(length));
+
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> size_t JIT_OPERATION operationIsObjectOrNull(ExecState* exec, EncodedJSValue value)
</span><span class="lines">@@ -1018,6 +1056,13 @@
</span><span class="cx"> set->notifyWrite(vm, value, "Executed NotifyWrite");
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void JIT_OPERATION operationThrowStackOverflowForVarargs(ExecState* exec)
+{
+ VM& vm = exec->vm();
+ NativeCallFrameTracer tracer(&vm, exec);
+ throwStackOverflowError(exec);
+}
+
</ins><span class="cx"> int32_t JIT_OPERATION operationSizeOfVarargs(ExecState* exec, EncodedJSValue encodedArguments, int32_t firstVarArgOffset)
</span><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOperations.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOperations.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGOperations.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -96,11 +96,12 @@
</span><span class="cx"> size_t JIT_OPERATION operationRegExpTest(ExecState*, JSCell*, JSCell*) WTF_INTERNAL;
</span><span class="cx"> size_t JIT_OPERATION operationCompareStrictEqCell(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
</span><span class="cx"> size_t JIT_OPERATION operationCompareStrictEq(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
</span><del>-JSCell* JIT_OPERATION operationCreateInlinedArguments(ExecState*, InlineCallFrame*) WTF_INTERNAL;
-void JIT_OPERATION operationTearOffInlinedArguments(ExecState*, JSCell*, JSCell*, InlineCallFrame*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationGetInlinedArgumentByVal(ExecState*, int32_t, InlineCallFrame*, int32_t) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationGetArgumentByVal(ExecState*, int32_t, int32_t) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationNewFunctionNoCheck(ExecState*, JSScope*, JSCell*) WTF_INTERNAL;
</del><ins>+JSCell* JIT_OPERATION operationCreateActivationDirect(ExecState*, Structure*, JSScope*, SymbolTable*);
+JSCell* JIT_OPERATION operationCreateDirectArguments(ExecState*, Structure*, int32_t length, int32_t minCapacity);
+JSCell* JIT_OPERATION operationCreateDirectArgumentsDuringExit(ExecState*, InlineCallFrame*, JSFunction*, int32_t argumentCount);
+JSCell* JIT_OPERATION operationCreateScopedArguments(ExecState*, Structure*, Register* argumentStart, int32_t length, JSFunction* callee, JSLexicalEnvironment*);
+JSCell* JIT_OPERATION operationCreateClonedArgumentsDuringExit(ExecState*, InlineCallFrame*, JSFunction*, int32_t argumentCount);
+JSCell* JIT_OPERATION operationCreateClonedArguments(ExecState*, Structure*, Register* argumentStart, int32_t length, JSFunction* callee);
</ins><span class="cx"> double JIT_OPERATION operationFModOnInts(int32_t, int32_t) WTF_INTERNAL;
</span><span class="cx"> size_t JIT_OPERATION operationIsObjectOrNull(ExecState*, EncodedJSValue) WTF_INTERNAL;
</span><span class="cx"> size_t JIT_OPERATION operationIsFunction(EncodedJSValue) WTF_INTERNAL;
</span><span class="lines">@@ -125,6 +126,7 @@
</span><span class="cx"> char* JIT_OPERATION operationFindSwitchImmTargetForDouble(ExecState*, EncodedJSValue, size_t tableIndex);
</span><span class="cx"> char* JIT_OPERATION operationSwitchString(ExecState*, size_t tableIndex, JSString*);
</span><span class="cx"> void JIT_OPERATION operationNotifyWrite(ExecState*, VariableWatchpointSet*, EncodedJSValue);
</span><ins>+void JIT_OPERATION operationThrowStackOverflowForVarargs(ExecState*) WTF_INTERNAL;
</ins><span class="cx"> int32_t JIT_OPERATION operationSizeOfVarargs(ExecState*, EncodedJSValue arguments, int32_t firstVarArgOffset);
</span><span class="cx"> void JIT_OPERATION operationLoadVarargs(ExecState*, int32_t firstElementDest, EncodedJSValue arguments, int32_t offset, int32_t length, int32_t mandatoryMinimum);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPlancpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><del>-#include "DFGArgumentsSimplificationPhase.h"
</del><ins>+#include "DFGArgumentsEliminationPhase.h"
</ins><span class="cx"> #include "DFGBackwardsPropagationPhase.h"
</span><span class="cx"> #include "DFGByteCodeParser.h"
</span><span class="cx"> #include "DFGCFAPhase.h"
</span><span class="lines">@@ -67,6 +67,7 @@
</span><span class="cx"> #include "DFGTypeCheckHoistingPhase.h"
</span><span class="cx"> #include "DFGUnificationPhase.h"
</span><span class="cx"> #include "DFGValidate.h"
</span><ins>+#include "DFGVarargsForwardingPhase.h"
</ins><span class="cx"> #include "DFGVirtualRegisterAllocationPhase.h"
</span><span class="cx"> #include "DFGWatchpointCollectionPhase.h"
</span><span class="cx"> #include "Debugger.h"
</span><span class="lines">@@ -220,6 +221,11 @@
</span><span class="cx"> if (validationEnabled())
</span><span class="cx"> validate(dfg);
</span><span class="cx">
</span><ins>+ if (Options::dumpGraphAfterParsing()) {
+ dataLog("Graph after parsing:\n");
+ dfg.dump();
+ }
+
</ins><span class="cx"> performCPSRethreading(dfg);
</span><span class="cx"> performUnification(dfg);
</span><span class="cx"> performPredictionInjection(dfg);
</span><span class="lines">@@ -257,9 +263,7 @@
</span><span class="cx">
</span><span class="cx"> performStrengthReduction(dfg);
</span><span class="cx"> performLocalCSE(dfg);
</span><del>- performCPSRethreading(dfg); // Canonicalize PhantomLocal to Phantom
- performArgumentsSimplification(dfg);
- performCPSRethreading(dfg); // This should do nothing, if arguments simplification did nothing.
</del><ins>+ performCPSRethreading(dfg);
</ins><span class="cx"> performCFA(dfg);
</span><span class="cx"> performConstantFolding(dfg);
</span><span class="cx"> bool changed = false;
</span><span class="lines">@@ -270,6 +274,28 @@
</span><span class="cx"> validate(dfg);
</span><span class="cx">
</span><span class="cx"> performCPSRethreading(dfg);
</span><ins>+ if (!isFTL(mode)) {
+ // Only run this if we're not FTLing, because currently for a LoadVarargs that is forwardable and
+ // in a non-varargs inlined call frame, this will generate ForwardVarargs while the FTL
+ // ArgumentsEliminationPhase will create a sequence of GetStack+PutStacks. The GetStack+PutStack
+ // sequence then gets sunk, eliminating anything that looks like an escape for subsequent phases,
+ // while the ForwardVarargs doesn't get simplified until later (or not at all) and looks like an
+ // escape for all of the arguments. This then disables object allocation sinking.
+ //
+ // So, for now, we just disable this phase for the FTL.
+ //
+ // If we wanted to enable it, we'd have to do any of the following:
+ // - Enable ForwardVarargs->GetStack+PutStack strength reduction, and have that run before
+ // PutStack sinking and object allocation sinking.
+ // - Make VarargsForwarding emit a GetLocal+SetLocal sequence, that we can later turn into
+ // GetStack+PutStack.
+ //
+ // But, it's not super valuable to enable those optimizations, since the FTL
+ // ArgumentsEliminationPhase does everything that this phase does, and it doesn't introduce this
+ // pathology.
+
+ changed |= performVarargsForwarding(dfg); // Do this after CFG simplification and CPS rethreading.
+ }
</ins><span class="cx"> if (changed) {
</span><span class="cx"> performCFA(dfg);
</span><span class="cx"> performConstantFolding(dfg);
</span><span class="lines">@@ -321,7 +347,11 @@
</span><span class="cx"> performCPSRethreading(dfg);
</span><span class="cx"> performSSAConversion(dfg);
</span><span class="cx"> performSSALowering(dfg);
</span><ins>+
+ // Ideally, these would be run to fixpoint with the object allocation sinking phase.
+ performArgumentsElimination(dfg);
</ins><span class="cx"> performPutStackSinking(dfg);
</span><ins>+
</ins><span class="cx"> performGlobalCSE(dfg);
</span><span class="cx"> performLivenessAnalysis(dfg);
</span><span class="cx"> performCFA(dfg);
</span><span class="lines">@@ -340,7 +370,14 @@
</span><span class="cx"> performCFA(dfg);
</span><span class="cx"> performConstantFolding(dfg);
</span><span class="cx"> }
</span><ins>+
+ // Currently, this relies on pre-headers still being valid. That precludes running CFG
+ // simplification before it, unless we re-created the pre-headers. There wouldn't be anything
+ // wrong with running LICM earlier, if we wanted to put other CFG transforms above this point.
+ // Alternatively, we could run loop pre-header creation after SSA conversion - but if we did that
+ // then we'd need to do some simple SSA fix-up.
</ins><span class="cx"> performLICM(dfg);
</span><ins>+
</ins><span class="cx"> performPhantomCanonicalization(dfg);
</span><span class="cx"> performIntegerCheckCombining(dfg);
</span><span class="cx"> performGlobalCSE(dfg);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPreciseLocalClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -49,7 +49,7 @@
</span><span class="cx">
</span><span class="cx"> void read(AbstractHeap heap)
</span><span class="cx"> {
</span><del>- if (heap.kind() == Variables) {
</del><ins>+ if (heap.kind() == Stack) {
</ins><span class="cx"> if (heap.payload().isTop()) {
</span><span class="cx"> readTop();
</span><span class="cx"> return;
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (heap.overlaps(Variables)) {
</del><ins>+ if (heap.overlaps(Stack)) {
</ins><span class="cx"> readTop();
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="lines">@@ -67,20 +67,14 @@
</span><span class="cx">
</span><span class="cx"> void write(AbstractHeap heap)
</span><span class="cx"> {
</span><del>- if (heap.kind() == Variables) {
- if (heap.payload().isTop()) {
- writeTop();
- return;
- }
-
</del><ins>+ // We expect stack writes to already be precisely characterized by DFG::clobberize().
+ if (heap.kind() == Stack) {
+ RELEASE_ASSERT(!heap.payload().isTop());
</ins><span class="cx"> callIfAppropriate(m_write, VirtualRegister(heap.payload().value32()));
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (heap.overlaps(Variables)) {
- writeTop();
- return;
- }
</del><ins>+ RELEASE_ASSERT(!heap.overlaps(Stack));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void def(PureValue)
</span><span class="lines">@@ -90,10 +84,10 @@
</span><span class="cx">
</span><span class="cx"> void def(HeapLocation location, Node* node)
</span><span class="cx"> {
</span><del>- if (location.kind() != VariableLoc)
</del><ins>+ if (location.kind() != StackLoc)
</ins><span class="cx"> return;
</span><span class="cx">
</span><del>- RELEASE_ASSERT(location.heap().kind() == Variables);
</del><ins>+ RELEASE_ASSERT(location.heap().kind() == Stack);
</ins><span class="cx">
</span><span class="cx"> m_def(VirtualRegister(location.heap().payload().value32()), node);
</span><span class="cx"> }
</span><span class="lines">@@ -121,12 +115,6 @@
</span><span class="cx"> for (unsigned i = 0; i < JSStack::ThisArgument; ++i)
</span><span class="cx"> m_read(VirtualRegister(i));
</span><span class="cx">
</span><del>- // Read all of the captured variables.
- const BitVector& capturedVars =
- m_graph.capturedVarsFor(m_node->origin.semantic.inlineCallFrame);
- for (unsigned i : capturedVars.setBits())
- m_read(virtualRegisterForLocal(i));
-
</del><span class="cx"> // Read all of the inline arguments and call frame headers that we didn't already capture.
</span><span class="cx"> for (InlineCallFrame* inlineCallFrame = m_node->origin.semantic.inlineCallFrame; inlineCallFrame; inlineCallFrame = inlineCallFrame->caller.inlineCallFrame) {
</span><span class="cx"> for (unsigned i = inlineCallFrame->arguments.size(); i-- > 1;)
</span><span class="lines">@@ -136,31 +124,9 @@
</span><span class="cx"> if (inlineCallFrame->isVarargs())
</span><span class="cx"> m_read(VirtualRegister(inlineCallFrame->stackOffset + JSStack::ArgumentCount));
</span><span class="cx"> }
</span><del>- }
-
- void writeTop()
- {
- if (m_node->op() == LoadVarargs) {
- // Make sure we note the writes to the locals that will store the array elements and
- // count.
- LoadVarargsData* data = m_node->loadVarargsData();
- m_write(data->count);
- for (unsigned i = data->limit; i--;)
- m_write(VirtualRegister(data->start.offset() + i));
- }
-
</del><ins>+
</ins><span class="cx"> // Note that we don't need to do anything special for CallForwardVarargs, since it reads
</span><span class="cx"> // our arguments the same way that any effectful thing might.
</span><del>-
- if (m_graph.m_codeBlock->usesArguments()) {
- for (unsigned i = m_graph.m_codeBlock->numParameters(); i-- > 1;)
- m_write(virtualRegisterForArgument(i));
- }
-
- const BitVector& capturedVars =
- m_graph.capturedVarsFor(m_node->origin.semantic.inlineCallFrame);
- for (unsigned i : capturedVars.setBits())
- m_write(virtualRegisterForLocal(i));
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Graph& m_graph;
</span><span class="lines">@@ -170,20 +136,6 @@
</span><span class="cx"> const DefFunctor& m_def;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-template<typename ReadFunctor>
-void forEachLocalReadByUnwind(Graph& graph, CodeOrigin codeOrigin, const ReadFunctor& read)
-{
- if (graph.uncheckedActivationRegister().isValid())
- read(graph.activationRegister());
- if (graph.m_codeBlock->usesArguments())
- read(unmodifiedArgumentsRegister(graph.argumentsRegisterFor(nullptr)));
-
- for (InlineCallFrame* inlineCallFrame = codeOrigin.inlineCallFrame; inlineCallFrame; inlineCallFrame = inlineCallFrame->caller.inlineCallFrame) {
- if (inlineCallFrame->executable->usesArguments())
- read(unmodifiedArgumentsRegister(graph.argumentsRegisterFor(inlineCallFrame)));
- }
-}
-
</del><span class="cx"> template<typename ReadFunctor, typename WriteFunctor, typename DefFunctor>
</span><span class="cx"> void preciseLocalClobberize(
</span><span class="cx"> Graph& graph, Node* node,
</span><span class="lines">@@ -192,8 +144,6 @@
</span><span class="cx"> PreciseLocalClobberizeAdaptor<ReadFunctor, WriteFunctor, DefFunctor>
</span><span class="cx"> adaptor(graph, node, read, write, def);
</span><span class="cx"> clobberize(graph, node, adaptor);
</span><del>- if (mayExit(graph, node))
- forEachLocalReadByUnwind(graph, node->origin.forExit, read);
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } } // namespace JSC::DFG
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -57,6 +57,8 @@
</span><span class="cx"> ASSERT(m_graph.m_form == ThreadedCPS);
</span><span class="cx"> ASSERT(m_graph.m_unificationState == GloballyUnified);
</span><span class="cx">
</span><ins>+ propagateThroughArgumentPositions();
+
</ins><span class="cx"> m_pass = PrimaryPass;
</span><span class="cx"> propagateToFixpoint();
</span><span class="cx">
</span><span class="lines">@@ -187,7 +189,6 @@
</span><span class="cx"> case RegExpTest:
</span><span class="cx"> case GetById:
</span><span class="cx"> case GetByIdFlush:
</span><del>- case GetMyArgumentByValSafe:
</del><span class="cx"> case GetByOffset:
</span><span class="cx"> case MultiGetByOffset:
</span><span class="cx"> case GetDirectPname:
</span><span class="lines">@@ -196,10 +197,12 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> case NativeCall:
</span><span class="cx"> case NativeConstruct:
</span><span class="cx"> case GetGlobalVar:
</span><del>- case GetClosureVar: {
</del><ins>+ case GetClosureVar:
+ case GetFromArguments: {
</ins><span class="cx"> changed |= setPrediction(node->getHeapPrediction());
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -213,11 +216,15 @@
</span><span class="cx"> case GetGetter:
</span><span class="cx"> case GetSetter:
</span><span class="cx"> case GetCallee:
</span><del>- case NewFunctionNoCheck:
- case NewFunctionExpression: {
</del><ins>+ case NewFunction: {
</ins><span class="cx"> changed |= setPrediction(SpecFunction);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+
+ case GetArgumentCount: {
+ changed |= setPrediction(SpecInt32);
+ break;
+ }
</ins><span class="cx">
</span><span class="cx"> case StringCharCodeAt: {
</span><span class="cx"> changed |= setPrediction(SpecInt32);
</span><span class="lines">@@ -418,12 +425,6 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentsLengthSafe: {
- changed |= setPrediction(SpecInt32);
- break;
- }
-
- case GetClosureRegisters:
</del><span class="cx"> case GetButterfly:
</span><span class="cx"> case GetIndexedPropertyStorage:
</span><span class="cx"> case AllocatePropertyStorage:
</span><span class="lines">@@ -497,20 +498,21 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CreateArguments: {
- changed |= setPrediction(SpecArguments);
</del><ins>+ case CreateDirectArguments: {
+ changed |= setPrediction(SpecDirectArguments);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case NewFunction: {
- SpeculatedType child = node->child1()->prediction();
- if (child & SpecEmpty)
- changed |= mergePrediction((child & ~SpecEmpty) | SpecFunction);
- else
- changed |= mergePrediction(child);
</del><ins>+ case CreateScopedArguments: {
+ changed |= setPrediction(SpecScopedArguments);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case CreateClonedArguments: {
+ changed |= setPrediction(SpecObjectOther);
+ break;
+ }
+
</ins><span class="cx"> case FiatInt52: {
</span><span class="cx"> RELEASE_ASSERT(enableInt52());
</span><span class="cx"> changed |= setPrediction(SpecMachineInt);
</span><span class="lines">@@ -522,9 +524,6 @@
</span><span class="cx"> case GetTypedArrayByteOffset:
</span><span class="cx"> case DoubleAsInt32:
</span><span class="cx"> case GetLocalUnlinked:
</span><del>- case GetMyArgumentsLength:
- case GetMyArgumentByVal:
- case PhantomArguments:
</del><span class="cx"> case CheckArray:
</span><span class="cx"> case Arrayify:
</span><span class="cx"> case ArrayifyToStructure:
</span><span class="lines">@@ -542,6 +541,10 @@
</span><span class="cx"> case Identity:
</span><span class="cx"> case BooleanToNumber:
</span><span class="cx"> case PhantomNewObject:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ case GetMyArgumentByVal:
+ case ForwardVarargs:
</ins><span class="cx"> case PutHint:
</span><span class="cx"> case CheckStructureImmediate:
</span><span class="cx"> case MaterializeNewObject:
</span><span class="lines">@@ -607,6 +610,7 @@
</span><span class="cx"> case PutByValDirect:
</span><span class="cx"> case PutByVal:
</span><span class="cx"> case PutClosureVar:
</span><ins>+ case PutToArguments:
</ins><span class="cx"> case Return:
</span><span class="cx"> case Throw:
</span><span class="cx"> case PutById:
</span><span class="lines">@@ -631,8 +635,6 @@
</span><span class="cx"> case CheckNotEmpty:
</span><span class="cx"> case CheckBadCell:
</span><span class="cx"> case PutStructure:
</span><del>- case TearOffArguments:
- case CheckArgumentsNotCreated:
</del><span class="cx"> case VarInjectionWatchpoint:
</span><span class="cx"> case AllocationProfileWatchpoint:
</span><span class="cx"> case Phantom:
</span><span class="lines">@@ -854,8 +856,7 @@
</span><span class="cx"> continue;
</span><span class="cx"> m_changed |= variableAccessData->tallyVotesForShouldUseDoubleFormat();
</span><span class="cx"> }
</span><del>- for (unsigned i = 0; i < m_graph.m_argumentPositions.size(); ++i)
- m_changed |= m_graph.m_argumentPositions[i].mergeArgumentPredictionAwareness();
</del><ins>+ propagateThroughArgumentPositions();
</ins><span class="cx"> for (unsigned i = 0; i < m_graph.m_variableAccessData.size(); ++i) {
</span><span class="cx"> VariableAccessData* variableAccessData = &m_graph.m_variableAccessData[i];
</span><span class="cx"> if (!variableAccessData->isRoot())
</span><span class="lines">@@ -864,6 +865,12 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void propagateThroughArgumentPositions()
+ {
+ for (unsigned i = 0; i < m_graph.m_argumentPositions.size(); ++i)
+ m_changed |= m_graph.m_argumentPositions[i].mergeArgumentPredictionAwareness();
+ }
+
</ins><span class="cx"> Node* m_currentNode;
</span><span class="cx"> bool m_changed;
</span><span class="cx"> PredictionPass m_pass; // We use different logic for considering predictions depending on how far along we are in propagation.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPromoteHeapAccessh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPromoteHeapAccess.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPromoteHeapAccess.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGPromoteHeapAccess.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -61,7 +61,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case PutHint: {
</span><del>- ASSERT(node->child1()->isPhantomObjectAllocation());
</del><ins>+ ASSERT(node->child1()->isPhantomAllocation());
</ins><span class="cx"> write(
</span><span class="cx"> PromotedHeapLocation(node->child1().node(), node->promotedLocationDescriptor()),
</span><span class="cx"> node->child2());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPromotedHeapLocationcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -70,6 +70,18 @@
</span><span class="cx"> case NamedPropertyPLoc:
</span><span class="cx"> out.print("NamedPropertyPLoc");
</span><span class="cx"> return;
</span><ins>+
+ case ArgumentPLoc:
+ out.print("ArgumentPLoc");
+ return;
+
+ case ArgumentCountPLoc:
+ out.print("ArgumentCountPLoc");
+ return;
+
+ case ArgumentsCalleePLoc:
+ out.print("ArgumentsCalleePLoc");
+ return;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPromotedHeapLocationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -37,7 +37,10 @@
</span><span class="cx"> InvalidPromotedLocationKind,
</span><span class="cx">
</span><span class="cx"> StructurePLoc,
</span><del>- NamedPropertyPLoc
</del><ins>+ NamedPropertyPLoc,
+ ArgumentPLoc,
+ ArgumentCountPLoc,
+ ArgumentsCalleePLoc
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> class PromotedLocationDescriptor {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSSAConversionPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -63,7 +63,7 @@
</span><span class="cx">
</span><span class="cx"> // Create a SSACalculator::Variable for every root VariableAccessData.
</span><span class="cx"> for (VariableAccessData& variable : m_graph.m_variableAccessData) {
</span><del>- if (!variable.isRoot() || variable.isCaptured())
</del><ins>+ if (!variable.isRoot())
</ins><span class="cx"> continue;
</span><span class="cx">
</span><span class="cx"> SSACalculator::Variable* ssaVariable = m_calculator.newVariable();
</span><span class="lines">@@ -87,8 +87,6 @@
</span><span class="cx"> continue;
</span><span class="cx">
</span><span class="cx"> VariableAccessData* variable = node->variableAccessData();
</span><del>- if (variable->isCaptured())
- continue;
</del><span class="cx">
</span><span class="cx"> Node* childNode;
</span><span class="cx"> if (node->op() == SetLocal)
</span><span class="lines">@@ -190,11 +188,9 @@
</span><span class="cx"> //
</span><span class="cx"> // - MovHint has KillLocal prepended to it.
</span><span class="cx"> //
</span><del>- // - GetLocal over captured variables lose their phis and become GetStack.
</del><ins>+ // - GetLocal die and get replaced with references to the node specified by
+ // valueForOperand.
</ins><span class="cx"> //
</span><del>- // - GetLocal over uncaptured variables die and get replaced with references to the node
- // specified by valueForOperand.
- //
</del><span class="cx"> // - SetLocal turns into PutStack if it's flushed, or turns into a Check otherwise.
</span><span class="cx"> //
</span><span class="cx"> // - Flush loses its children and turns into a Phantom.
</span><span class="lines">@@ -218,8 +214,6 @@
</span><span class="cx"> continue;
</span><span class="cx">
</span><span class="cx"> VariableAccessData* variable = nodeAtHead->variableAccessData();
</span><del>- if (variable->isCaptured())
- continue;
</del><span class="cx">
</span><span class="cx"> if (verbose)
</span><span class="cx"> dataLog("Considering live variable ", VariableAccessDataDump(m_graph, variable), " at head of block ", *block, "\n");
</span><span class="lines">@@ -283,18 +277,16 @@
</span><span class="cx"> case SetLocal: {
</span><span class="cx"> VariableAccessData* variable = node->variableAccessData();
</span><span class="cx">
</span><del>- if (variable->isCaptured() || !!(node->flags() & NodeIsFlushed)) {
</del><ins>+ if (!!(node->flags() & NodeIsFlushed)) {
</ins><span class="cx"> node->convertToPutStack(
</span><span class="cx"> m_graph.m_stackAccessData.add(
</span><span class="cx"> variable->local(), variable->flushFormat()));
</span><span class="cx"> } else
</span><span class="cx"> node->setOpAndDefaultFlags(Check);
</span><span class="cx">
</span><del>- if (!variable->isCaptured()) {
- if (verbose)
- dataLog("Mapping: ", variable->local(), " -> ", node->child1().node(), "\n");
- valueForOperand.operand(variable->local()) = node->child1().node();
- }
</del><ins>+ if (verbose)
+ dataLog("Mapping: ", variable->local(), " -> ", node->child1().node(), "\n");
+ valueForOperand.operand(variable->local()) = node->child1().node();
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -308,11 +300,6 @@
</span><span class="cx"> VariableAccessData* variable = node->variableAccessData();
</span><span class="cx"> node->children.reset();
</span><span class="cx">
</span><del>- if (variable->isCaptured()) {
- node->convertToGetStack(m_graph.m_stackAccessData.add(variable->local(), variable->flushFormat()));
- break;
- }
-
</del><span class="cx"> node->convertToPhantom();
</span><span class="cx"> if (verbose)
</span><span class="cx"> dataLog("Replacing node ", node, " with ", valueForOperand.operand(variable->local()), "\n");
</span><span class="lines">@@ -329,19 +316,7 @@
</span><span class="cx"> case PhantomLocal: {
</span><span class="cx"> ASSERT(node->child1().useKind() == UntypedUse);
</span><span class="cx"> VariableAccessData* variable = node->variableAccessData();
</span><del>- if (variable->isCaptured()) {
- // This is a fun case. We could have a captured variable that had some
- // or all of its uses strength reduced to phantoms rather than flushes.
- // SSA conversion will currently still treat it as flushed, in the sense
- // that it will just keep the SetLocal. Therefore, there is nothing that
- // needs to be done here: we don't need to also keep the source value
- // alive. And even if we did want to keep the source value alive, we
- // wouldn't be able to, because the variablesAtHead value for a captured
- // local wouldn't have been computed by the Phi reduction algorithm
- // above.
- node->children.reset();
- } else
- node->child1() = valueForOperand.operand(variable->local())->defaultEdge();
</del><ins>+ node->child1() = valueForOperand.operand(variable->local())->defaultEdge();
</ins><span class="cx"> node->convertToPhantom();
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -402,13 +377,10 @@
</span><span class="cx"> FlushFormat format = FlushedJSValue;
</span><span class="cx">
</span><span class="cx"> Node* node = m_argumentMapping.get(m_graph.m_arguments[i]);
</span><del>-
- // m_argumentMapping.get could return null for a captured local. That's fine. We only
- // track the argument loads of those arguments for which we speculate type. We don't
- // speculate type for captured arguments.
- if (node)
- format = node->stackAccessData()->format;
</del><span class="cx">
</span><ins>+ RELEASE_ASSERT(node);
+ format = node->stackAccessData()->format;
+
</ins><span class="cx"> m_graph.m_argumentFormats[i] = format;
</span><span class="cx"> m_graph.m_arguments[i] = node; // Record the load that loads the arguments for the benefit of exit profiling.
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSafeToExecuteh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -116,6 +116,7 @@
</span><span class="cx"> case ToThis:
</span><span class="cx"> case CreateThis:
</span><span class="cx"> case GetCallee:
</span><ins>+ case GetArgumentCount:
</ins><span class="cx"> case GetLocal:
</span><span class="cx"> case SetLocal:
</span><span class="cx"> case PutStack:
</span><span class="lines">@@ -170,7 +171,6 @@
</span><span class="cx"> case ArrayifyToStructure:
</span><span class="cx"> case GetScope:
</span><span class="cx"> case SkipScope:
</span><del>- case GetClosureRegisters:
</del><span class="cx"> case GetClosureVar:
</span><span class="cx"> case PutClosureVar:
</span><span class="cx"> case GetGlobalVar:
</span><span class="lines">@@ -195,6 +195,7 @@
</span><span class="cx"> case ConstructVarargs:
</span><span class="cx"> case LoadVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> case NewObject:
</span><span class="cx"> case NewArray:
</span><span class="cx"> case NewArrayWithSize:
</span><span class="lines">@@ -222,17 +223,12 @@
</span><span class="cx"> case MakeRope:
</span><span class="cx"> case In:
</span><span class="cx"> case CreateActivation:
</span><del>- case CreateArguments:
- case PhantomArguments:
- case TearOffArguments:
- case GetMyArgumentsLength:
- case GetMyArgumentByVal:
- case GetMyArgumentsLengthSafe:
- case GetMyArgumentByValSafe:
- case CheckArgumentsNotCreated:
- case NewFunctionNoCheck:
</del><ins>+ case CreateDirectArguments:
+ case CreateScopedArguments:
+ case CreateClonedArguments:
+ case GetFromArguments:
+ case PutToArguments:
</ins><span class="cx"> case NewFunction:
</span><del>- case NewFunctionExpression:
</del><span class="cx"> case Jump:
</span><span class="cx"> case Branch:
</span><span class="cx"> case Switch:
</span><span class="lines">@@ -280,6 +276,10 @@
</span><span class="cx"> case PutHint:
</span><span class="cx"> case CheckStructureImmediate:
</span><span class="cx"> case MaterializeNewObject:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ case GetMyArgumentByVal:
+ case ForwardVarargs:
</ins><span class="cx"> return true;
</span><span class="cx">
</span><span class="cx"> case NativeCall:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,16 +28,20 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "BinarySwitch.h"
</span><span class="cx"> #include "DFGAbstractInterpreterInlines.h"
</span><span class="cx"> #include "DFGArrayifySlowPathGenerator.h"
</span><span class="cx"> #include "DFGCallArrayAllocatorSlowPathGenerator.h"
</span><ins>+#include "DFGCallCreateDirectArgumentsSlowPathGenerator.h"
</ins><span class="cx"> #include "DFGMayExit.h"
</span><span class="cx"> #include "DFGSaneStringGetByValSlowPathGenerator.h"
</span><span class="cx"> #include "DFGSlowPathGenerator.h"
</span><ins>+#include "DirectArguments.h"
+#include "JSCInlines.h"
+#include "JSEnvironmentRecord.h"
+#include "JSLexicalEnvironment.h"
</ins><span class="cx"> #include "LinkBuffer.h"
</span><del>-#include "JSCInlines.h"
</del><ins>+#include "ScopedArguments.h"
</ins><span class="cx"> #include "ScratchRegisterAllocator.h"
</span><span class="cx"> #include "WriteBarrierBuffer.h"
</span><span class="cx"> #include <wtf/MathExtras.h>
</span><span class="lines">@@ -103,35 +107,53 @@
</span><span class="cx"> // what this custom CallArrayAllocatorSlowPathGenerator gives me. It's a lot
</span><span class="cx"> // of work for a very small piece of functionality. :-/
</span><span class="cx"> addSlowPathGenerator(std::make_unique<CallArrayAllocatorSlowPathGenerator>(
</span><del>- slowCases, this, operationNewArrayWithSize, resultGPR, storageGPR,
- structure, numElements));
</del><ins>+ slowCases, this, operationNewArrayWithSize, resultGPR, storageGPR,
+ structure, numElements));
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void SpeculativeJIT::emitAllocateArguments(GPRReg resultGPR, GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)
</del><ins>+void SpeculativeJIT::emitGetLength(InlineCallFrame* inlineCallFrame, GPRReg lengthGPR, bool includeThis)
</ins><span class="cx"> {
</span><del>- Structure* structure = m_jit.graph().globalObjectFor(m_currentNode->origin.semantic)->argumentsStructure();
</del><ins>+ if (inlineCallFrame && !inlineCallFrame->isVarargs())
+ m_jit.move(TrustedImm32(inlineCallFrame->arguments.size() - !includeThis), lengthGPR);
+ else {
+ VirtualRegister argumentCountRegister;
+ if (!inlineCallFrame)
+ argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
+ else
+ argumentCountRegister = inlineCallFrame->argumentCountRegister;
+ m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), lengthGPR);
+ if (!includeThis)
+ m_jit.sub32(TrustedImm32(1), lengthGPR);
+ }
+}
</ins><span class="cx">
</span><del>- m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), scratchGPR1);
- m_jit.lshift32(TrustedImm32(3), scratchGPR1);
- m_jit.add32(TrustedImm32(Arguments::offsetOfInlineRegisterArray()), scratchGPR1);
- emitAllocateVariableSizedJSObject<Arguments>(resultGPR, TrustedImmPtr(structure), scratchGPR1, scratchGPR1, scratchGPR2, slowPath);
</del><ins>+void SpeculativeJIT::emitGetLength(CodeOrigin origin, GPRReg lengthGPR, bool includeThis)
+{
+ emitGetLength(origin.inlineCallFrame, lengthGPR, includeThis);
+}
</ins><span class="cx">
</span><del>- m_jit.storePtr(TrustedImmPtr(0), MacroAssembler::Address(resultGPR, Arguments::offsetOfActivation()));
</del><ins>+void SpeculativeJIT::emitGetCallee(CodeOrigin origin, GPRReg calleeGPR)
+{
+ if (origin.inlineCallFrame) {
+ if (origin.inlineCallFrame->isClosureCall) {
+ m_jit.loadPtr(
+ JITCompiler::addressFor(origin.inlineCallFrame->calleeRecovery.virtualRegister()),
+ calleeGPR);
+ } else {
+ m_jit.move(
+ TrustedImmPtr(origin.inlineCallFrame->calleeRecovery.constant().asCell()),
+ calleeGPR);
+ }
+ } else
+ m_jit.loadPtr(JITCompiler::addressFor(JSStack::Callee), calleeGPR);
+}
</ins><span class="cx">
</span><del>- m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), scratchGPR1);
- m_jit.sub32(TrustedImm32(1), scratchGPR1);
- m_jit.store32(scratchGPR1, MacroAssembler::Address(resultGPR, Arguments::offsetOfNumArguments()));
-
- m_jit.store32(TrustedImm32(0), MacroAssembler::Address(resultGPR, Arguments::offsetOfOverrodeLength()));
- if (m_jit.isStrictModeFor(m_currentNode->origin.semantic))
- m_jit.store8(TrustedImm32(1), MacroAssembler::Address(resultGPR, Arguments::offsetOfIsStrictMode()));
-
- m_jit.storePtr(GPRInfo::callFrameRegister, MacroAssembler::Address(resultGPR, Arguments::offsetOfRegisters()));
- m_jit.storePtr(TrustedImmPtr(0), MacroAssembler::Address(resultGPR, Arguments::offsetOfSlowArgumentData()));
-
- m_jit.loadPtr(JITCompiler::addressFor(JSStack::Callee), scratchGPR1);
- m_jit.storePtr(scratchGPR1, MacroAssembler::Address(resultGPR, Arguments::offsetOfCallee()));
-
</del><ins>+void SpeculativeJIT::emitGetArgumentStart(CodeOrigin origin, GPRReg startGPR)
+{
+ m_jit.addPtr(
+ TrustedImm32(
+ JITCompiler::argumentsStart(origin).offset() * static_cast<int>(sizeof(Register))),
+ GPRInfo::callFrameRegister, startGPR);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SpeculativeJIT::speculationCheck(ExitKind kind, JSValueSource jsValueSource, Node* node, MacroAssembler::Jump jumpToFail)
</span><span class="lines">@@ -722,11 +744,14 @@
</span><span class="cx"> noResult(m_currentNode);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- case Array::Arguments:
- speculateCellTypeWithoutTypeFiltering(node->child1(), baseReg, ArgumentsType);
-
</del><ins>+ case Array::DirectArguments:
+ speculateCellTypeWithoutTypeFiltering(node->child1(), baseReg, DirectArgumentsType);
</ins><span class="cx"> noResult(m_currentNode);
</span><span class="cx"> return;
</span><ins>+ case Array::ScopedArguments:
+ speculateCellTypeWithoutTypeFiltering(node->child1(), baseReg, ScopedArgumentsType);
+ noResult(m_currentNode);
+ return;
</ins><span class="cx"> default:
</span><span class="cx"> speculateCellTypeWithoutTypeFiltering(
</span><span class="cx"> node->child1(), baseReg,
</span><span class="lines">@@ -4098,7 +4123,7 @@
</span><span class="cx"> int32Result(vectorGPR, node);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void SpeculativeJIT::compileGetByValOnArguments(Node* node)
</del><ins>+void SpeculativeJIT::compileGetByValOnDirectArguments(Node* node)
</ins><span class="cx"> {
</span><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span><span class="cx"> SpeculateStrictInt32Operand property(this, node->child2());
</span><span class="lines">@@ -4106,87 +4131,118 @@
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> GPRTemporary resultTag(this);
</span><span class="cx"> #endif
</span><del>- GPRTemporary scratch(this);
</del><span class="cx">
</span><span class="cx"> GPRReg baseReg = base.gpr();
</span><span class="cx"> GPRReg propertyReg = property.gpr();
</span><span class="cx"> GPRReg resultReg = result.gpr();
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> GPRReg resultTagReg = resultTag.gpr();
</span><ins>+ JSValueRegs resultRegs = JSValueRegs(resultTagReg, resultReg);
+#else
+ JSValueRegs resultRegs = JSValueRegs(resultReg);
</ins><span class="cx"> #endif
</span><del>- GPRReg scratchReg = scratch.gpr();
</del><span class="cx">
</span><span class="cx"> if (!m_compileOkay)
</span><span class="cx"> return;
</span><del>-
- ASSERT(ArrayMode(Array::Arguments).alreadyChecked(m_jit.graph(), node, m_state.forNode(node->child1())));
</del><span class="cx">
</span><del>- // Two really lame checks.
</del><ins>+ ASSERT(ArrayMode(Array::DirectArguments).alreadyChecked(m_jit.graph(), node, m_state.forNode(node->child1())));
+
</ins><span class="cx"> speculationCheck(
</span><span class="cx"> ExoticObjectMode, JSValueSource(), 0,
</span><ins>+ m_jit.branchTestPtr(
+ MacroAssembler::NonZero,
+ MacroAssembler::Address(baseReg, DirectArguments::offsetOfOverrides())));
+ speculationCheck(
+ ExoticObjectMode, JSValueSource(), 0,
</ins><span class="cx"> m_jit.branch32(
</span><span class="cx"> MacroAssembler::AboveOrEqual, propertyReg,
</span><del>- MacroAssembler::Address(baseReg, Arguments::offsetOfNumArguments())));
- speculationCheck(
- ExoticObjectMode, JSValueSource(), 0,
- m_jit.branchTestPtr(
- MacroAssembler::NonZero,
- MacroAssembler::Address(
- baseReg, Arguments::offsetOfSlowArgumentData())));
</del><ins>+ MacroAssembler::Address(baseReg, DirectArguments::offsetOfLength())));
</ins><span class="cx">
</span><del>- m_jit.move(propertyReg, resultReg);
- m_jit.signExtend32ToPtr(resultReg, resultReg);
- m_jit.loadPtr(
- MacroAssembler::Address(baseReg, Arguments::offsetOfRegisters()),
- scratchReg);
</del><ins>+ m_jit.loadValue(
+ MacroAssembler::BaseIndex(
+ baseReg, propertyReg, MacroAssembler::TimesEight, DirectArguments::storageOffset()),
+ resultRegs);
</ins><span class="cx">
</span><del>-#if USE(JSVALUE32_64)
- m_jit.load32(
- MacroAssembler::BaseIndex(
- scratchReg, resultReg, MacroAssembler::TimesEight,
- CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register) +
- OBJECT_OFFSETOF(JSValue, u.asBits.tag)),
- resultTagReg);
- m_jit.load32(
- MacroAssembler::BaseIndex(
- scratchReg, resultReg, MacroAssembler::TimesEight,
- CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register) +
- OBJECT_OFFSETOF(JSValue, u.asBits.payload)),
- resultReg);
- jsValueResult(resultTagReg, resultReg, node);
-#else
- m_jit.load64(
- MacroAssembler::BaseIndex(
- scratchReg, resultReg, MacroAssembler::TimesEight,
- CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register)),
- resultReg);
- jsValueResult(resultReg, node);
-#endif
</del><ins>+ jsValueResult(resultRegs, node);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void SpeculativeJIT::compileGetArgumentsLength(Node* node)
</del><ins>+void SpeculativeJIT::compileGetByValOnScopedArguments(Node* node)
</ins><span class="cx"> {
</span><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span><del>- GPRTemporary result(this, Reuse, base);
</del><ins>+ SpeculateStrictInt32Operand property(this, node->child2());
+ GPRTemporary result(this);
+#if USE(JSVALUE32_64)
+ GPRTemporary resultTag(this);
+#endif
+ GPRTemporary scratch(this);
+ GPRTemporary scratch2(this);
</ins><span class="cx">
</span><span class="cx"> GPRReg baseReg = base.gpr();
</span><ins>+ GPRReg propertyReg = property.gpr();
</ins><span class="cx"> GPRReg resultReg = result.gpr();
</span><ins>+#if USE(JSVALUE32_64)
+ GPRReg resultTagReg = resultTag.gpr();
+ JSValueRegs resultRegs = JSValueRegs(resultTagReg, resultReg);
+#else
+ JSValueRegs resultRegs = JSValueRegs(resultReg);
+#endif
+ GPRReg scratchReg = scratch.gpr();
+ GPRReg scratch2Reg = scratch2.gpr();
</ins><span class="cx">
</span><span class="cx"> if (!m_compileOkay)
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- ASSERT(ArrayMode(Array::Arguments).alreadyChecked(m_jit.graph(), node, m_state.forNode(node->child1())));
</del><ins>+ ASSERT(ArrayMode(Array::ScopedArguments).alreadyChecked(m_jit.graph(), node, m_state.forNode(node->child1())));
</ins><span class="cx">
</span><span class="cx"> speculationCheck(
</span><del>- ExoticObjectMode, JSValueSource(), 0,
- m_jit.branchTest8(
- MacroAssembler::NonZero,
- MacroAssembler::Address(baseReg, Arguments::offsetOfOverrodeLength())));
</del><ins>+ ExoticObjectMode, JSValueSource(), nullptr,
+ m_jit.branch32(
+ MacroAssembler::AboveOrEqual, propertyReg,
+ MacroAssembler::Address(baseReg, ScopedArguments::offsetOfTotalLength())));
</ins><span class="cx">
</span><ins>+ m_jit.loadPtr(MacroAssembler::Address(baseReg, ScopedArguments::offsetOfTable()), scratchReg);
</ins><span class="cx"> m_jit.load32(
</span><del>- MacroAssembler::Address(baseReg, Arguments::offsetOfNumArguments()),
- resultReg);
- int32Result(resultReg, node);
</del><ins>+ MacroAssembler::Address(scratchReg, ScopedArgumentsTable::offsetOfLength()), scratch2Reg);
+
+ MacroAssembler::Jump overflowArgument = m_jit.branch32(
+ MacroAssembler::AboveOrEqual, propertyReg, scratch2Reg);
+
+ m_jit.loadPtr(MacroAssembler::Address(baseReg, ScopedArguments::offsetOfScope()), scratch2Reg);
+
+ m_jit.loadPtr(
+ MacroAssembler::Address(scratchReg, ScopedArgumentsTable::offsetOfArguments()),
+ scratchReg);
+ m_jit.load32(
+ MacroAssembler::BaseIndex(scratchReg, propertyReg, MacroAssembler::TimesFour),
+ scratchReg);
+
+ speculationCheck(
+ ExoticObjectMode, JSValueSource(), nullptr,
+ m_jit.branch32(
+ MacroAssembler::Equal, scratchReg, TrustedImm32(ScopeOffset::invalidOffset)));
+
+ m_jit.loadValue(
+ MacroAssembler::BaseIndex(
+ scratch2Reg, propertyReg, MacroAssembler::TimesEight,
+ JSEnvironmentRecord::offsetOfVariables()),
+ resultRegs);
+
+ MacroAssembler::Jump done = m_jit.jump();
+ overflowArgument.link(&m_jit);
+
+ m_jit.sub32(propertyReg, scratch2Reg);
+ m_jit.neg32(scratch2Reg);
+
+ m_jit.loadValue(
+ MacroAssembler::BaseIndex(
+ baseReg, scratch2Reg, MacroAssembler::TimesEight,
+ ScopedArguments::overflowStorageOffset()),
+ resultRegs);
+ speculationCheck(ExoticObjectMode, JSValueSource(), nullptr, m_jit.branchIsEmpty(resultRegs));
+
+ done.link(&m_jit);
+
+ jsValueResult(resultRegs, node);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SpeculativeJIT::compileGetScope(Node* node)
</span><span class="lines">@@ -4242,10 +4298,54 @@
</span><span class="cx"> int32Result(resultGPR, node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>- case Array::Arguments: {
- compileGetArgumentsLength(node);
</del><ins>+ case Array::DirectArguments: {
+ SpeculateCellOperand base(this, node->child1());
+ GPRTemporary result(this, Reuse, base);
+
+ GPRReg baseReg = base.gpr();
+ GPRReg resultReg = result.gpr();
+
+ if (!m_compileOkay)
+ return;
+
+ ASSERT(ArrayMode(Array::DirectArguments).alreadyChecked(m_jit.graph(), node, m_state.forNode(node->child1())));
+
+ speculationCheck(
+ ExoticObjectMode, JSValueSource(), 0,
+ m_jit.branchTestPtr(
+ MacroAssembler::NonZero,
+ MacroAssembler::Address(baseReg, DirectArguments::offsetOfOverrides())));
+
+ m_jit.load32(
+ MacroAssembler::Address(baseReg, DirectArguments::offsetOfLength()), resultReg);
+
+ int32Result(resultReg, node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+ case Array::ScopedArguments: {
+ SpeculateCellOperand base(this, node->child1());
+ GPRTemporary result(this, Reuse, base);
+
+ GPRReg baseReg = base.gpr();
+ GPRReg resultReg = result.gpr();
+
+ if (!m_compileOkay)
+ return;
+
+ ASSERT(ArrayMode(Array::ScopedArguments).alreadyChecked(m_jit.graph(), node, m_state.forNode(node->child1())));
+
+ speculationCheck(
+ ExoticObjectMode, JSValueSource(), 0,
+ m_jit.branchTest8(
+ MacroAssembler::NonZero,
+ MacroAssembler::Address(baseReg, ScopedArguments::offsetOfOverrodeThings())));
+
+ m_jit.load32(
+ MacroAssembler::Address(baseReg, ScopedArguments::offsetOfTotalLength()), resultReg);
+
+ int32Result(resultReg, node);
+ break;
+ }
</ins><span class="cx"> default: {
</span><span class="cx"> ASSERT(isTypedView(node->arrayMode().typedArrayType()));
</span><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span><span class="lines">@@ -4258,7 +4358,7 @@
</span><span class="cx"> } }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void SpeculativeJIT::compileNewFunctionNoCheck(Node* node)
</del><ins>+void SpeculativeJIT::compileNewFunction(Node* node)
</ins><span class="cx"> {
</span><span class="cx"> GPRFlushedCallResult result(this);
</span><span class="cx"> GPRReg resultGPR = result.gpr();
</span><span class="lines">@@ -4266,24 +4366,352 @@
</span><span class="cx"> GPRReg scopeGPR = scope.gpr();
</span><span class="cx"> flushRegisters();
</span><span class="cx"> callOperation(
</span><del>- operationNewFunctionNoCheck, resultGPR, scopeGPR,
- node->castOperand<FunctionExecutable*>());
</del><ins>+ operationNewFunction, resultGPR, scopeGPR, node->castOperand<FunctionExecutable*>());
</ins><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void SpeculativeJIT::compileNewFunctionExpression(Node* node)
</del><ins>+void SpeculativeJIT::compileForwardVarargs(Node* node)
</ins><span class="cx"> {
</span><del>- GPRFlushedCallResult result(this);
</del><ins>+ LoadVarargsData* data = node->loadVarargsData();
+ InlineCallFrame* inlineCallFrame = node->child1()->origin.semantic.inlineCallFrame;
+
+ GPRTemporary length(this);
+ JSValueRegsTemporary temp(this);
+ GPRReg lengthGPR = length.gpr();
+ JSValueRegs tempRegs = temp.regs();
+
+ emitGetLength(inlineCallFrame, lengthGPR, /* includeThis = */ true);
+ if (data->offset)
+ m_jit.sub32(TrustedImm32(data->offset), lengthGPR);
+
+ speculationCheck(
+ VarargsOverflow, JSValueSource(), Edge(), m_jit.branch32(
+ MacroAssembler::Above,
+ lengthGPR, TrustedImm32(data->limit)));
+
+ m_jit.store32(lengthGPR, JITCompiler::payloadFor(data->machineCount));
+
+ VirtualRegister sourceStart = JITCompiler::argumentsStart(inlineCallFrame) + data->offset;
+ VirtualRegister targetStart = data->machineStart;
+
+ m_jit.sub32(TrustedImm32(1), lengthGPR);
+
+ // First have a loop that fills in the undefined slots in case of an arity check failure.
+ m_jit.move(TrustedImm32(data->mandatoryMinimum), tempRegs.payloadGPR());
+ JITCompiler::Jump done = m_jit.branch32(JITCompiler::BelowOrEqual, tempRegs.payloadGPR(), lengthGPR);
+
+ JITCompiler::Label loop = m_jit.label();
+ m_jit.sub32(TrustedImm32(1), tempRegs.payloadGPR());
+ m_jit.storeTrustedValue(
+ jsUndefined(),
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, tempRegs.payloadGPR(), JITCompiler::TimesEight,
+ targetStart.offset() * sizeof(EncodedJSValue)));
+ m_jit.branch32(JITCompiler::Above, tempRegs.payloadGPR(), lengthGPR).linkTo(loop, &m_jit);
+ done.link(&m_jit);
+
+ // And then fill in the actual argument values.
+ done = m_jit.branchTest32(JITCompiler::Zero, lengthGPR);
+
+ loop = m_jit.label();
+ m_jit.sub32(TrustedImm32(1), lengthGPR);
+ m_jit.loadValue(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, lengthGPR, JITCompiler::TimesEight,
+ sourceStart.offset() * sizeof(EncodedJSValue)),
+ tempRegs);
+ m_jit.storeValue(
+ tempRegs,
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, lengthGPR, JITCompiler::TimesEight,
+ targetStart.offset() * sizeof(EncodedJSValue)));
+ m_jit.branchTest32(JITCompiler::NonZero, lengthGPR).linkTo(loop, &m_jit);
+
+ done.link(&m_jit);
+
+ noResult(node);
+}
+
+void SpeculativeJIT::compileCreateActivation(Node* node)
+{
+ SpeculateCellOperand scope(this, node->child1());
+ GPRTemporary result(this);
+ GPRTemporary scratch1(this);
+ GPRTemporary scratch2(this);
+ GPRReg scopeGPR = scope.gpr();
</ins><span class="cx"> GPRReg resultGPR = result.gpr();
</span><ins>+ GPRReg scratch1GPR = scratch1.gpr();
+ GPRReg scratch2GPR = scratch2.gpr();
+
+ SymbolTable* table = m_jit.graph().symbolTableFor(node->origin.semantic);
+ Structure* structure = m_jit.graph().globalObjectFor(
+ node->origin.semantic)->activationStructure();
+
+ JITCompiler::JumpList slowPath;
+ emitAllocateJSObjectWithKnownSize<JSLexicalEnvironment>(
+ resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratch1GPR, scratch2GPR,
+ slowPath, JSLexicalEnvironment::allocationSize(table));
+
+ // Don't need a memory barriers since we just fast-created the activation, so the
+ // activation must be young.
+ m_jit.storePtr(scopeGPR, JITCompiler::Address(resultGPR, JSScope::offsetOfNext()));
+ m_jit.storePtr(
+ TrustedImmPtr(table),
+ JITCompiler::Address(resultGPR, JSLexicalEnvironment::offsetOfSymbolTable()));
+
+ // Must initialize all members to undefined.
+ for (unsigned i = 0; i < table->scopeSize(); ++i) {
+ m_jit.storeTrustedValue(
+ jsUndefined(),
+ JITCompiler::Address(
+ resultGPR, JSLexicalEnvironment::offsetOfVariable(ScopeOffset(i))));
+ }
+
+ addSlowPathGenerator(
+ slowPathCall(
+ slowPath, this, operationCreateActivationDirect, resultGPR, structure, scopeGPR, table));
+
+ cellResult(resultGPR, node);
+}
+
+void SpeculativeJIT::compileCreateDirectArguments(Node* node)
+{
+ // FIXME: A more effective way of dealing with the argument count and callee is to have
+ // them be explicit arguments to this node.
+ // https://bugs.webkit.org/show_bug.cgi?id=142207
+
+ GPRTemporary result(this);
+ GPRTemporary scratch1(this);
+ GPRTemporary scratch2(this);
+ GPRTemporary length;
+ GPRReg resultGPR = result.gpr();
+ GPRReg scratch1GPR = scratch1.gpr();
+ GPRReg scratch2GPR = scratch2.gpr();
+ GPRReg lengthGPR = InvalidGPRReg;
+ JSValueRegs valueRegs = JSValueRegs::withTwoAvailableRegs(scratch1GPR, scratch2GPR);
+
+ unsigned minCapacity = m_jit.graph().baselineCodeBlockFor(node->origin.semantic)->numParameters() - 1;
+
+ unsigned knownLength;
+ bool lengthIsKnown; // if false, lengthGPR will have the length.
+ if (node->origin.semantic.inlineCallFrame
+ && !node->origin.semantic.inlineCallFrame->isVarargs()) {
+ knownLength = node->origin.semantic.inlineCallFrame->arguments.size() - 1;
+ lengthIsKnown = true;
+ } else {
+ knownLength = UINT_MAX;
+ lengthIsKnown = false;
+
+ GPRTemporary realLength(this);
+ length.adopt(realLength);
+ lengthGPR = length.gpr();
+
+ VirtualRegister argumentCountRegister;
+ if (!node->origin.semantic.inlineCallFrame)
+ argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
+ else
+ argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
+ m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), lengthGPR);
+ m_jit.sub32(TrustedImm32(1), lengthGPR);
+ }
+
+ Structure* structure =
+ m_jit.graph().globalObjectFor(node->origin.semantic)->directArgumentsStructure();
+
+ // Use a different strategy for allocating the object depending on whether we know its
+ // size statically.
+ JITCompiler::JumpList slowPath;
+ if (lengthIsKnown) {
+ emitAllocateJSObjectWithKnownSize<DirectArguments>(
+ resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratch1GPR, scratch2GPR,
+ slowPath, DirectArguments::allocationSize(std::max(knownLength, minCapacity)));
+
+ m_jit.store32(
+ TrustedImm32(knownLength),
+ JITCompiler::Address(resultGPR, DirectArguments::offsetOfLength()));
+ } else {
+ JITCompiler::Jump tooFewArguments;
+ if (minCapacity) {
+ tooFewArguments =
+ m_jit.branch32(JITCompiler::Below, lengthGPR, TrustedImm32(minCapacity));
+ }
+ m_jit.lshift32(lengthGPR, TrustedImm32(3), scratch1GPR);
+ m_jit.add32(TrustedImm32(DirectArguments::storageOffset()), scratch1GPR);
+ if (minCapacity) {
+ JITCompiler::Jump done = m_jit.jump();
+ tooFewArguments.link(&m_jit);
+ m_jit.move(TrustedImm32(DirectArguments::allocationSize(minCapacity)), scratch1GPR);
+ done.link(&m_jit);
+ }
+
+ emitAllocateVariableSizedJSObject<DirectArguments>(
+ resultGPR, TrustedImmPtr(structure), scratch1GPR, scratch1GPR, scratch2GPR,
+ slowPath);
+
+ m_jit.store32(
+ lengthGPR, JITCompiler::Address(resultGPR, DirectArguments::offsetOfLength()));
+ }
+
+ m_jit.store32(
+ TrustedImm32(minCapacity),
+ JITCompiler::Address(resultGPR, DirectArguments::offsetOfMinCapacity()));
+
+ m_jit.storePtr(
+ TrustedImmPtr(0), JITCompiler::Address(resultGPR, DirectArguments::offsetOfOverrides()));
+
+ if (lengthIsKnown) {
+ addSlowPathGenerator(
+ slowPathCall(
+ slowPath, this, operationCreateDirectArguments, resultGPR, structure,
+ knownLength, minCapacity));
+ } else {
+ auto generator = std::make_unique<CallCreateDirectArgumentsSlowPathGenerator>(
+ slowPath, this, resultGPR, structure, lengthGPR, minCapacity);
+ addSlowPathGenerator(WTF::move(generator));
+ }
+
+ if (node->origin.semantic.inlineCallFrame) {
+ if (node->origin.semantic.inlineCallFrame->isClosureCall) {
+ m_jit.loadPtr(
+ JITCompiler::addressFor(
+ node->origin.semantic.inlineCallFrame->calleeRecovery.virtualRegister()),
+ scratch1GPR);
+ } else {
+ m_jit.move(
+ TrustedImmPtr(
+ node->origin.semantic.inlineCallFrame->calleeRecovery.constant().asCell()),
+ scratch1GPR);
+ }
+ } else
+ m_jit.loadPtr(JITCompiler::addressFor(JSStack::Callee), scratch1GPR);
+
+ // Don't need a memory barriers since we just fast-created the activation, so the
+ // activation must be young.
+ m_jit.storePtr(
+ scratch1GPR, JITCompiler::Address(resultGPR, DirectArguments::offsetOfCallee()));
+
+ VirtualRegister start = m_jit.argumentsStart(node->origin.semantic);
+ if (lengthIsKnown) {
+ for (unsigned i = 0; i < std::max(knownLength, minCapacity); ++i) {
+ m_jit.loadValue(JITCompiler::addressFor(start + i), valueRegs);
+ m_jit.storeValue(
+ valueRegs, JITCompiler::Address(resultGPR, DirectArguments::offsetOfSlot(i)));
+ }
+ } else {
+ JITCompiler::Jump done;
+ if (minCapacity) {
+ JITCompiler::Jump startLoop = m_jit.branch32(
+ JITCompiler::AboveOrEqual, lengthGPR, TrustedImm32(minCapacity));
+ m_jit.move(TrustedImm32(minCapacity), lengthGPR);
+ startLoop.link(&m_jit);
+ } else
+ done = m_jit.branchTest32(MacroAssembler::Zero, lengthGPR);
+ JITCompiler::Label loop = m_jit.label();
+ m_jit.sub32(TrustedImm32(1), lengthGPR);
+ m_jit.loadValue(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, lengthGPR, JITCompiler::TimesEight,
+ start.offset() * static_cast<int>(sizeof(Register))),
+ valueRegs);
+ m_jit.storeValue(
+ valueRegs,
+ JITCompiler::BaseIndex(
+ resultGPR, lengthGPR, JITCompiler::TimesEight,
+ DirectArguments::storageOffset()));
+ m_jit.branchTest32(MacroAssembler::NonZero, lengthGPR).linkTo(loop, &m_jit);
+ if (done.isSet())
+ done.link(&m_jit);
+ }
+
+ cellResult(resultGPR, node);
+}
+
+void SpeculativeJIT::compileGetFromArguments(Node* node)
+{
+ SpeculateCellOperand arguments(this, node->child1());
+ JSValueRegsTemporary result(this);
+
+ GPRReg argumentsGPR = arguments.gpr();
+ JSValueRegs resultRegs = result.regs();
+
+ m_jit.loadValue(JITCompiler::Address(argumentsGPR, DirectArguments::offsetOfSlot(node->capturedArgumentsOffset().offset())), resultRegs);
+ jsValueResult(resultRegs, node);
+}
+
+void SpeculativeJIT::compilePutToArguments(Node* node)
+{
+ SpeculateCellOperand arguments(this, node->child1());
+ JSValueOperand value(this, node->child2());
+
+ GPRReg argumentsGPR = arguments.gpr();
+ JSValueRegs valueRegs = value.jsValueRegs();
+
+ m_jit.storeValue(valueRegs, JITCompiler::Address(argumentsGPR, DirectArguments::offsetOfSlot(node->capturedArgumentsOffset().offset())));
+ noResult(node);
+}
+
+void SpeculativeJIT::compileCreateScopedArguments(Node* node)
+{
</ins><span class="cx"> SpeculateCellOperand scope(this, node->child1());
</span><span class="cx"> GPRReg scopeGPR = scope.gpr();
</span><ins>+
+ GPRFlushedCallResult result(this);
+ GPRReg resultGPR = result.gpr();
</ins><span class="cx"> flushRegisters();
</span><del>- callOperation(
- operationNewFunctionNoCheck,
- resultGPR, scopeGPR, node->castOperand<FunctionExecutable*>());
</del><ins>+
+ // We set up the arguments ourselves, because we have the whole register file and we can
+ // set them up directly into the argument registers. This also means that we don't have to
+ // invent a four-argument-register shuffle.
+
+ // Arguments: 0:exec, 1:structure, 2:start, 3:length, 4:callee, 5:scope
+
+ // Do the scopeGPR first, since it might alias an argument register.
+ m_jit.setupArgument(5, [&] (GPRReg destGPR) { m_jit.move(scopeGPR, destGPR); });
+
+ // These other things could be done in any order.
+ m_jit.setupArgument(4, [&] (GPRReg destGPR) { emitGetCallee(node->origin.semantic, destGPR); });
+ m_jit.setupArgument(3, [&] (GPRReg destGPR) { emitGetLength(node->origin.semantic, destGPR); });
+ m_jit.setupArgument(2, [&] (GPRReg destGPR) { emitGetArgumentStart(node->origin.semantic, destGPR); });
+ m_jit.setupArgument(
+ 1, [&] (GPRReg destGPR) {
+ m_jit.move(
+ TrustedImmPtr(m_jit.globalObjectFor(node->origin.semantic)->scopedArgumentsStructure()),
+ destGPR);
+ });
+ m_jit.setupArgument(0, [&] (GPRReg destGPR) { m_jit.move(GPRInfo::callFrameRegister, destGPR); });
+
+ appendCallWithExceptionCheckSetResult(operationCreateScopedArguments, resultGPR);
+
</ins><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void SpeculativeJIT::compileCreateClonedArguments(Node* node)
+{
+ GPRFlushedCallResult result(this);
+ GPRReg resultGPR = result.gpr();
+ flushRegisters();
+
+ // We set up the arguments ourselves, because we have the whole register file and we can
+ // set them up directly into the argument registers.
+
+ // Arguments: 0:exec, 1:structure, 2:start, 3:length, 4:callee
+ m_jit.setupArgument(4, [&] (GPRReg destGPR) { emitGetCallee(node->origin.semantic, destGPR); });
+ m_jit.setupArgument(3, [&] (GPRReg destGPR) { emitGetLength(node->origin.semantic, destGPR); });
+ m_jit.setupArgument(2, [&] (GPRReg destGPR) { emitGetArgumentStart(node->origin.semantic, destGPR); });
+ m_jit.setupArgument(
+ 1, [&] (GPRReg destGPR) {
+ m_jit.move(
+ TrustedImmPtr(
+ m_jit.globalObjectFor(node->origin.semantic)->outOfBandArgumentsStructure()),
+ destGPR);
+ });
+ m_jit.setupArgument(0, [&] (GPRReg destGPR) { m_jit.move(GPRInfo::callFrameRegister, destGPR); });
+
+ appendCallWithExceptionCheckSetResult(operationCreateClonedArguments, resultGPR);
+
+ cellResult(resultGPR, node);
+}
+
</ins><span class="cx"> bool SpeculativeJIT::compileRegExpExec(Node* node)
</span><span class="cx"> {
</span><span class="cx"> unsigned branchIndexInBlock = detectPeepHoleBranch();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -717,12 +717,6 @@
</span><span class="cx">
</span><span class="cx"> void emitCall(Node*);
</span><span class="cx">
</span><del>- int32_t framePointerOffsetToGetActivationRegisters()
- {
- return m_jit.codeBlock()->framePointerOffsetToGetActivationRegisters(
- m_jit.graph().m_machineCaptureStart);
- }
-
</del><span class="cx"> // Called once a node has completed code generation but prior to setting
</span><span class="cx"> // its result, to free up its children. (This must happen prior to setting
</span><span class="cx"> // the nodes result, since the node may have the same VirtualRegister as
</span><span class="lines">@@ -902,7 +896,7 @@
</span><span class="cx"> JITCompiler::Call callOperation(V_JITOperation_E operation)
</span><span class="cx"> {
</span><span class="cx"> m_jit.setupArgumentsExecState();
</span><del>- return appendCall(operation);
</del><ins>+ return appendCallWithExceptionCheck(operation);
</ins><span class="cx"> }
</span><span class="cx"> JITCompiler::Call callOperation(P_JITOperation_E operation, GPRReg result)
</span><span class="cx"> {
</span><span class="lines">@@ -1019,6 +1013,31 @@
</span><span class="cx"> m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure));
</span><span class="cx"> return appendCallWithExceptionCheckSetResult(operation, result);
</span><span class="cx"> }
</span><ins>+ JITCompiler::Call callOperation(C_JITOperation_EStJscSymtab operation, GPRReg result, Structure* structure, GPRReg scope, SymbolTable* table)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), scope, TrustedImmPtr(table));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(C_JITOperation_EStZ operation, GPRReg result, Structure* structure, unsigned knownLength)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImm32(knownLength));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(C_JITOperation_EStZZ operation, GPRReg result, Structure* structure, unsigned knownLength, unsigned minCapacity)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImm32(knownLength), TrustedImm32(minCapacity));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(C_JITOperation_EStZ operation, GPRReg result, Structure* structure, GPRReg length)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), length);
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(C_JITOperation_EStZZ operation, GPRReg result, Structure* structure, GPRReg length, unsigned minCapacity)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), length, TrustedImm32(minCapacity));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
</ins><span class="cx"> JITCompiler::Call callOperation(C_JITOperation_EJssSt operation, GPRReg result, GPRReg arg1, Structure* structure)
</span><span class="cx"> {
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(structure));
</span><span class="lines">@@ -1175,6 +1194,12 @@
</span><span class="cx"> return appendCallWithExceptionCheckSetResult(operation, result);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ JITCompiler::Call callOperation(J_JITOperation_EJscC operation, GPRReg result, GPRReg arg1, JSCell* cell)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(cell));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
+
</ins><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx"> JITCompiler::Call callOperation(J_JITOperation_E operation, GPRReg result)
</span><span class="cx"> {
</span><span class="lines">@@ -1248,11 +1273,6 @@
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1, arg2);
</span><span class="cx"> return appendCallWithExceptionCheckSetResult(operation, result);
</span><span class="cx"> }
</span><del>- JITCompiler::Call callOperation(J_JITOperation_EJscC operation, GPRReg result, GPRReg arg1, JSCell* cell)
- {
- m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(cell));
- return appendCallWithExceptionCheckSetResult(operation, result);
- }
</del><span class="cx"> JITCompiler::Call callOperation(J_JITOperation_ESsiCI operation, GPRReg result, StructureStubInfo* stubInfo, GPRReg arg1, const StringImpl* uid)
</span><span class="cx"> {
</span><span class="cx"> m_jit.setupArgumentsWithExecState(TrustedImmPtr(stubInfo), arg1, TrustedImmPtr(uid));
</span><span class="lines">@@ -2152,8 +2172,9 @@
</span><span class="cx"> void compileGetByValOnString(Node*);
</span><span class="cx"> void compileFromCharCode(Node*);
</span><span class="cx">
</span><del>- void compileGetByValOnArguments(Node*);
- void compileGetArgumentsLength(Node*);
</del><ins>+ void compileGetByValOnDirectArguments(Node*);
+ void compileGetByValOnScopedArguments(Node*);
+
</ins><span class="cx"> void compileGetScope(Node*);
</span><span class="cx"> void compileSkipScope(Node*);
</span><span class="cx">
</span><span class="lines">@@ -2184,8 +2205,14 @@
</span><span class="cx"> void compilePutByValForIntTypedArray(GPRReg base, GPRReg property, Node*, TypedArrayType);
</span><span class="cx"> void compileGetByValOnFloatTypedArray(Node*, TypedArrayType);
</span><span class="cx"> void compilePutByValForFloatTypedArray(GPRReg base, GPRReg property, Node*, TypedArrayType);
</span><del>- void compileNewFunctionNoCheck(Node*);
- void compileNewFunctionExpression(Node*);
</del><ins>+ void compileNewFunction(Node*);
+ void compileForwardVarargs(Node*);
+ void compileCreateActivation(Node*);
+ void compileCreateDirectArguments(Node*);
+ void compileGetFromArguments(Node*);
+ void compilePutToArguments(Node*);
+ void compileCreateScopedArguments(Node*);
+ void compileCreateClonedArguments(Node*);
</ins><span class="cx"> bool compileRegExpExec(Node*);
</span><span class="cx">
</span><span class="cx"> JITCompiler::Jump branchIsCell(JSValueRegs);
</span><span class="lines">@@ -2254,17 +2281,26 @@
</span><span class="cx"> m_jit.storePtr(storage, MacroAssembler::Address(resultGPR, JSObject::butterflyOffset()));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // Convenience allocator for a built-in object.
</del><span class="cx"> template <typename ClassType, typename StructureType, typename StorageType> // StructureType and StorageType can be GPR or ImmPtr.
</span><del>- void emitAllocateJSObject(GPRReg resultGPR, StructureType structure, StorageType storage,
- GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)
</del><ins>+ void emitAllocateJSObjectWithKnownSize(
+ GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1,
+ GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath, size_t size)
</ins><span class="cx"> {
</span><del>- size_t size = ClassType::allocationSize(0);
</del><span class="cx"> MarkedAllocator* allocator = &m_jit.vm()->heap.allocatorForObjectOfType<ClassType>(size);
</span><span class="cx"> m_jit.move(TrustedImmPtr(allocator), scratchGPR1);
</span><span class="cx"> emitAllocateJSObject(resultGPR, scratchGPR1, structure, storage, scratchGPR2, slowPath);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Convenience allocator for a built-in object.
+ template <typename ClassType, typename StructureType, typename StorageType> // StructureType and StorageType can be GPR or ImmPtr.
+ void emitAllocateJSObject(GPRReg resultGPR, StructureType structure, StorageType storage,
+ GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)
+ {
+ emitAllocateJSObjectWithKnownSize<ClassType>(
+ resultGPR, structure, storage, scratchGPR1, scratchGPR2, slowPath,
+ ClassType::allocationSize(0));
+ }
+
</ins><span class="cx"> template <typename ClassType, typename StructureType> // StructureType and StorageType can be GPR or ImmPtr.
</span><span class="cx"> void emitAllocateVariableSizedJSObject(GPRReg resultGPR, StructureType structure, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><span class="lines">@@ -2299,8 +2335,12 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void emitAllocateJSArray(GPRReg resultGPR, Structure*, GPRReg storageGPR, unsigned numElements);
</span><del>- void emitAllocateArguments(GPRReg resultGPR, GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList& slowPath);
-
</del><ins>+
+ void emitGetLength(InlineCallFrame*, GPRReg lengthGPR, bool includeThis = false);
+ void emitGetLength(CodeOrigin, GPRReg lengthGPR, bool includeThis = false);
+ void emitGetCallee(CodeOrigin, GPRReg calleeGPR);
+ void emitGetArgumentStart(CodeOrigin, GPRReg startGPR);
+
</ins><span class="cx"> // Add a speculation check.
</span><span class="cx"> void speculationCheck(ExitKind, JSValueSource, Node*, MacroAssembler::Jump jumpToFail);
</span><span class="cx"> void speculationCheck(ExitKind, JSValueSource, Node*, const MacroAssembler::JumpList& jumpsToFail);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -35,7 +35,9 @@
</span><span class="cx"> #include "DFGOperations.h"
</span><span class="cx"> #include "DFGSlowPathGenerator.h"
</span><span class="cx"> #include "Debugger.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "GetterSetter.h"
</span><ins>+#include "JSEnvironmentRecord.h"
</ins><span class="cx"> #include "JSLexicalEnvironment.h"
</span><span class="cx"> #include "JSPropertyNameEnumerator.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><span class="lines">@@ -640,18 +642,16 @@
</span><span class="cx"> void SpeculativeJIT::emitCall(Node* node)
</span><span class="cx"> {
</span><span class="cx"> CallLinkInfo::CallType callType;
</span><del>- bool isVarargs;
</del><ins>+ bool isVarargs = false;
+ bool isForwardVarargs = false;
</ins><span class="cx"> switch (node->op()) {
</span><span class="cx"> case Call:
</span><span class="cx"> callType = CallLinkInfo::Call;
</span><del>- isVarargs = false;
</del><span class="cx"> break;
</span><span class="cx"> case Construct:
</span><span class="cx"> callType = CallLinkInfo::Construct;
</span><del>- isVarargs = false;
</del><span class="cx"> break;
</span><span class="cx"> case CallVarargs:
</span><del>- case CallForwardVarargs:
</del><span class="cx"> callType = CallLinkInfo::CallVarargs;
</span><span class="cx"> isVarargs = true;
</span><span class="cx"> break;
</span><span class="lines">@@ -659,6 +659,14 @@
</span><span class="cx"> callType = CallLinkInfo::ConstructVarargs;
</span><span class="cx"> isVarargs = true;
</span><span class="cx"> break;
</span><ins>+ case CallForwardVarargs:
+ callType = CallLinkInfo::CallVarargs;
+ isForwardVarargs = true;
+ break;
+ case ConstructForwardVarargs:
+ callType = CallLinkInfo::ConstructVarargs;
+ isForwardVarargs = true;
+ break;
</ins><span class="cx"> default:
</span><span class="cx"> DFG_CRASH(m_jit.graph(), node, "bad node type");
</span><span class="cx"> break;
</span><span class="lines">@@ -667,33 +675,41 @@
</span><span class="cx"> Edge calleeEdge = m_jit.graph().child(node, 0);
</span><span class="cx">
</span><span class="cx"> // Gotta load the arguments somehow. Varargs is trickier.
</span><del>- if (isVarargs) {
</del><ins>+ if (isVarargs || isForwardVarargs) {
</ins><span class="cx"> CallVarargsData* data = node->callVarargsData();
</span><span class="cx">
</span><del>- GPRReg argumentsPayloadGPR;
- GPRReg argumentsTagGPR;
- GPRReg scratchGPR1;
- GPRReg scratchGPR2;
- GPRReg scratchGPR3;
</del><ins>+ GPRReg resultGPR;
+ unsigned numUsedStackSlots = m_jit.graph().m_nextMachineLocal;
</ins><span class="cx">
</span><del>- if (node->op() == CallForwardVarargs) {
- // We avoid calling flushRegisters() inside the control flow of CallForwardVarargs.
</del><ins>+ if (isForwardVarargs) {
</ins><span class="cx"> flushRegisters();
</span><del>- }
</del><ins>+ use(node->child2());
+
+ GPRReg scratchGPR1;
+ GPRReg scratchGPR2;
+ GPRReg scratchGPR3;
+
+ scratchGPR1 = JITCompiler::selectScratchGPR();
+ scratchGPR2 = JITCompiler::selectScratchGPR(scratchGPR1);
+ scratchGPR3 = JITCompiler::selectScratchGPR(scratchGPR1, scratchGPR2);
+
+ m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR2);
+ JITCompiler::JumpList slowCase;
+ emitSetupVarargsFrameFastCase(m_jit, scratchGPR2, scratchGPR1, scratchGPR2, scratchGPR3, node->child2()->origin.semantic.inlineCallFrame, data->firstVarArgOffset, slowCase);
+ JITCompiler::Jump done = m_jit.jump();
+ slowCase.link(&m_jit);
+ callOperation(operationThrowStackOverflowForVarargs);
+ m_jit.abortWithReason(DFGVarargsThrowingPathDidNotThrow);
+ done.link(&m_jit);
+ resultGPR = scratchGPR2;
+ } else {
+ GPRReg argumentsPayloadGPR;
+ GPRReg argumentsTagGPR;
+ GPRReg scratchGPR1;
+ GPRReg scratchGPR2;
+ GPRReg scratchGPR3;
</ins><span class="cx">
</span><del>- auto loadArgumentsGPR = [&] (GPRReg reservedGPR) {
- if (node->op() == CallForwardVarargs) {
- argumentsTagGPR = JITCompiler::selectScratchGPR(reservedGPR);
- argumentsPayloadGPR = JITCompiler::selectScratchGPR(reservedGPR, argumentsTagGPR);
- m_jit.load32(
- JITCompiler::tagFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- argumentsTagGPR);
- m_jit.load32(
- JITCompiler::payloadFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- argumentsPayloadGPR);
- } else {
</del><ins>+ auto loadArgumentsGPR = [&] (GPRReg reservedGPR) {
</ins><span class="cx"> if (reservedGPR != InvalidGPRReg)
</span><span class="cx"> lock(reservedGPR);
</span><span class="cx"> JSValueOperand arguments(this, node->child2());
</span><span class="lines">@@ -702,72 +718,37 @@
</span><span class="cx"> if (reservedGPR != InvalidGPRReg)
</span><span class="cx"> unlock(reservedGPR);
</span><span class="cx"> flushRegisters();
</span><del>- }
</del><ins>+
+ scratchGPR1 = JITCompiler::selectScratchGPR(argumentsPayloadGPR, argumentsTagGPR, reservedGPR);
+ scratchGPR2 = JITCompiler::selectScratchGPR(argumentsPayloadGPR, argumentsTagGPR, scratchGPR1, reservedGPR);
+ scratchGPR3 = JITCompiler::selectScratchGPR(argumentsPayloadGPR, argumentsTagGPR, scratchGPR1, scratchGPR2, reservedGPR);
+ };
</ins><span class="cx">
</span><del>- scratchGPR1 = JITCompiler::selectScratchGPR(argumentsPayloadGPR, argumentsTagGPR, reservedGPR);
- scratchGPR2 = JITCompiler::selectScratchGPR(argumentsPayloadGPR, argumentsTagGPR, scratchGPR1, reservedGPR);
- scratchGPR3 = JITCompiler::selectScratchGPR(argumentsPayloadGPR, argumentsTagGPR, scratchGPR1, scratchGPR2, reservedGPR);
- };
</del><ins>+ loadArgumentsGPR(InvalidGPRReg);
</ins><span class="cx">
</span><del>- loadArgumentsGPR(InvalidGPRReg);
-
- // At this point we have the whole register file to ourselves, and argumentsGPR has the
- // arguments register. Select some scratch registers.
-
- // We will use scratchGPR2 to point to our stack frame.
-
- unsigned numUsedStackSlots = m_jit.graph().m_nextMachineLocal;
-
- JITCompiler::Jump haveArguments;
- GPRReg resultGPR = GPRInfo::regT0;
- if (node->op() == CallForwardVarargs) {
- // Do the horrific foo.apply(this, arguments) optimization.
- // FIXME: do this optimization at the IR level instead of dynamically by testing the
- // arguments register. This will happen once we get rid of the arguments lazy creation and
- // lazy tear-off.
</del><ins>+ DFG_ASSERT(m_jit.graph(), node, isFlushed());
+
+ // Right now, arguments is in argumentsTagGPR/argumentsPayloadGPR and the register file is
+ // flushed.
+ callOperation(operationSizeFrameForVarargs, GPRInfo::returnValueGPR, argumentsTagGPR, argumentsPayloadGPR, numUsedStackSlots, data->firstVarArgOffset);
</ins><span class="cx">
</span><del>- JITCompiler::JumpList slowCase;
- slowCase.append(
- m_jit.branch32(
- JITCompiler::NotEqual,
- argumentsTagGPR, TrustedImm32(JSValue::EmptyValueTag)));
</del><ins>+ // Now we have the argument count of the callee frame, but we've lost the arguments operand.
+ // Reconstruct the arguments operand while preserving the callee frame.
+ loadArgumentsGPR(GPRInfo::returnValueGPR);
+ m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR1);
+ emitSetVarargsFrame(m_jit, GPRInfo::returnValueGPR, false, scratchGPR1, scratchGPR1);
+ m_jit.addPtr(TrustedImm32(-(sizeof(CallerFrameAndPC) + WTF::roundUpToMultipleOf(stackAlignmentBytes(), 6 * sizeof(void*)))), scratchGPR1, JITCompiler::stackPointerRegister);
</ins><span class="cx">
</span><del>- m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR2);
- emitSetupVarargsFrameFastCase(m_jit, scratchGPR2, scratchGPR1, scratchGPR2, scratchGPR3, node->origin.semantic.inlineCallFrame, data->firstVarArgOffset, slowCase);
- resultGPR = scratchGPR2;
-
- haveArguments = m_jit.jump();
- slowCase.link(&m_jit);
</del><ins>+ callOperation(operationSetupVarargsFrame, GPRInfo::returnValueGPR, scratchGPR1, argumentsTagGPR, argumentsPayloadGPR, data->firstVarArgOffset, GPRInfo::returnValueGPR);
+ resultGPR = GPRInfo::returnValueGPR;
</ins><span class="cx"> }
</span><del>-
- DFG_ASSERT(m_jit.graph(), node, isFlushed());
-
- // Right now, arguments is in argumentsTagGPR/argumentsPayloadGPR and the register file is
- // flushed.
- callOperation(operationSizeFrameForVarargs, GPRInfo::returnValueGPR, argumentsTagGPR, argumentsPayloadGPR, numUsedStackSlots, data->firstVarArgOffset);
-
- // Now we have the argument count of the callee frame, but we've lost the arguments operand.
- // Reconstruct the arguments operand while preserving the callee frame.
- loadArgumentsGPR(GPRInfo::returnValueGPR);
- m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR1);
- emitSetVarargsFrame(m_jit, GPRInfo::returnValueGPR, false, scratchGPR1, scratchGPR1);
- m_jit.addPtr(TrustedImm32(-(sizeof(CallerFrameAndPC) + WTF::roundUpToMultipleOf(stackAlignmentBytes(), 6 * sizeof(void*)))), scratchGPR1, JITCompiler::stackPointerRegister);
-
- callOperation(operationSetupVarargsFrame, GPRInfo::returnValueGPR, scratchGPR1, argumentsTagGPR, argumentsPayloadGPR, data->firstVarArgOffset, GPRInfo::returnValueGPR);
- m_jit.move(GPRInfo::returnValueGPR, resultGPR);
-
- if (node->op() == CallForwardVarargs)
- haveArguments.link(&m_jit);
-
</del><ins>+
</ins><span class="cx"> m_jit.addPtr(TrustedImm32(sizeof(CallerFrameAndPC)), resultGPR, JITCompiler::stackPointerRegister);
</span><span class="cx">
</span><span class="cx"> DFG_ASSERT(m_jit.graph(), node, isFlushed());
</span><span class="cx">
</span><del>- if (node->op() != CallForwardVarargs)
- use(node->child2());
-
</del><span class="cx"> // Now set up the "this" argument.
</span><del>- JSValueOperand thisArgument(this, node->op() == CallForwardVarargs ? node->child2() : node->child3());
</del><ins>+ JSValueOperand thisArgument(this, node->child3());
</ins><span class="cx"> GPRReg thisArgumentTagGPR = thisArgument.tagGPR();
</span><span class="cx"> GPRReg thisArgumentPayloadGPR = thisArgument.payloadGPR();
</span><span class="cx"> thisArgument.use();
</span><span class="lines">@@ -1753,13 +1734,11 @@
</span><span class="cx"> switch (op) {
</span><span class="cx"> case JSConstant:
</span><span class="cx"> case DoubleConstant:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
</ins><span class="cx"> initConstantInfo(node);
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case PhantomArguments:
- initConstantInfo(node);
- break;
-
</del><span class="cx"> case Identity: {
</span><span class="cx"> speculate(node, node->child1());
</span><span class="cx"> switch (node->child1().useKind()) {
</span><span class="lines">@@ -1840,8 +1819,7 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case FlushedJSValue:
- case FlushedArguments: {
</del><ins>+ case FlushedJSValue: {
</ins><span class="cx"> GPRTemporary result(this);
</span><span class="cx"> GPRTemporary tag(this);
</span><span class="cx"> m_jit.load32(JITCompiler::payloadFor(node->machineLocal()), result.gpr());
</span><span class="lines">@@ -1916,8 +1894,7 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case FlushedJSValue:
- case FlushedArguments: {
</del><ins>+ case FlushedJSValue: {
</ins><span class="cx"> JSValueOperand value(this, node->child1());
</span><span class="cx"> m_jit.store32(value.payloadGPR(), JITCompiler::payloadFor(node->machineLocal()));
</span><span class="cx"> m_jit.store32(value.tagGPR(), JITCompiler::tagFor(node->machineLocal()));
</span><span class="lines">@@ -2500,9 +2477,12 @@
</span><span class="cx"> case Array::String:
</span><span class="cx"> compileGetByValOnString(node);
</span><span class="cx"> break;
</span><del>- case Array::Arguments:
- compileGetByValOnArguments(node);
</del><ins>+ case Array::DirectArguments:
+ compileGetByValOnDirectArguments(node);
</ins><span class="cx"> break;
</span><ins>+ case Array::ScopedArguments:
+ compileGetByValOnScopedArguments(node);
+ break;
</ins><span class="cx"> default: {
</span><span class="cx"> TypedArrayType type = node->arrayMode().typedArrayType();
</span><span class="cx"> if (isInt(type))
</span><span class="lines">@@ -2680,12 +2660,6 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case Array::Arguments:
- // FIXME: we could at some point make this work. Right now we're assuming that the register
- // pressure would be too great.
- RELEASE_ASSERT_NOT_REACHED();
- break;
-
</del><span class="cx"> default: {
</span><span class="cx"> TypedArrayType type = arrayMode.typedArrayType();
</span><span class="cx"> if (isInt(type))
</span><span class="lines">@@ -3586,6 +3560,13 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case GetArgumentCount: {
+ GPRTemporary result(this);
+ m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), result.gpr());
+ int32Result(result.gpr(), node);
+ break;
+ }
+
</ins><span class="cx"> case GetScope:
</span><span class="cx"> compileGetScope(node);
</span><span class="cx"> break;
</span><span class="lines">@@ -3594,51 +3575,29 @@
</span><span class="cx"> compileSkipScope(node);
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case GetClosureRegisters: {
- if (WriteBarrierBase<Unknown>* registers = m_jit.graph().tryGetRegisters(node->child1().node())) {
- GPRTemporary result(this);
- GPRReg resultGPR = result.gpr();
- m_jit.move(TrustedImmPtr(registers), resultGPR);
- storageResult(resultGPR, node);
- break;
- }
-
- SpeculateCellOperand scope(this, node->child1());
- GPRTemporary result(this);
- GPRReg scopeGPR = scope.gpr();
- GPRReg resultGPR = result.gpr();
-
- m_jit.loadPtr(JITCompiler::Address(scopeGPR, JSEnvironmentRecord::offsetOfRegisters()), resultGPR);
- storageResult(resultGPR, node);
- break;
- }
</del><span class="cx"> case GetClosureVar: {
</span><del>- speculate(node, node->child1());
-
- StorageOperand registers(this, node->child2());
</del><ins>+ SpeculateCellOperand base(this, node->child1());
</ins><span class="cx"> GPRTemporary resultTag(this);
</span><span class="cx"> GPRTemporary resultPayload(this);
</span><del>- GPRReg registersGPR = registers.gpr();
</del><ins>+ GPRReg baseGPR = base.gpr();
</ins><span class="cx"> GPRReg resultTagGPR = resultTag.gpr();
</span><span class="cx"> GPRReg resultPayloadGPR = resultPayload.gpr();
</span><del>- m_jit.load32(JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), resultTagGPR);
- m_jit.load32(JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), resultPayloadGPR);
</del><ins>+ m_jit.load32(JITCompiler::Address(baseGPR, JSEnvironmentRecord::offsetOfVariable(node->scopeOffset()) + TagOffset), resultTagGPR);
+ m_jit.load32(JITCompiler::Address(baseGPR, JSEnvironmentRecord::offsetOfVariable(node->scopeOffset()) + PayloadOffset), resultPayloadGPR);
</ins><span class="cx"> jsValueResult(resultTagGPR, resultPayloadGPR, node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+
</ins><span class="cx"> case PutClosureVar: {
</span><del>- speculate(node, node->child1());
</del><ins>+ SpeculateCellOperand base(this, node->child1());
+ JSValueOperand value(this, node->child2());
</ins><span class="cx">
</span><del>- StorageOperand registers(this, node->child2());
- JSValueOperand value(this, node->child3());
- GPRTemporary scratchRegister(this);
-
- GPRReg registersGPR = registers.gpr();
</del><ins>+ GPRReg baseGPR = base.gpr();
</ins><span class="cx"> GPRReg valueTagGPR = value.tagGPR();
</span><span class="cx"> GPRReg valuePayloadGPR = value.payloadGPR();
</span><span class="cx">
</span><del>- m_jit.store32(valueTagGPR, JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
- m_jit.store32(valuePayloadGPR, JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
</del><ins>+ m_jit.store32(valueTagGPR, JITCompiler::Address(baseGPR, JSEnvironmentRecord::offsetOfVariable(node->scopeOffset()) + TagOffset));
+ m_jit.store32(valuePayloadGPR, JITCompiler::Address(baseGPR, JSEnvironmentRecord::offsetOfVariable(node->scopeOffset()) + PayloadOffset));
</ins><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -3996,7 +3955,7 @@
</span><span class="cx"> GPRTemporary resultPayload(this);
</span><span class="cx"> GPRTemporary resultTag(this);
</span><span class="cx">
</span><del>- m_jit.move(TrustedImmPtr(node->registerPointer()), resultPayload.gpr());
</del><ins>+ m_jit.move(TrustedImmPtr(node->variablePointer()), resultPayload.gpr());
</ins><span class="cx"> m_jit.load32(JITCompiler::Address(resultPayload.gpr(), OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), resultTag.gpr());
</span><span class="cx"> m_jit.load32(JITCompiler::Address(resultPayload.gpr(), OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), resultPayload.gpr());
</span><span class="cx">
</span><span class="lines">@@ -4011,8 +3970,8 @@
</span><span class="cx"> // a spare register - a good optimization would be to put the register pointer into
</span><span class="cx"> // a register and then do a zero offset store followed by a four-offset store (or
</span><span class="cx"> // vice-versa depending on endianness).
</span><del>- m_jit.store32(value.tagGPR(), node->registerPointer()->tagPointer());
- m_jit.store32(value.payloadGPR(), node->registerPointer()->payloadPointer());
</del><ins>+ m_jit.store32(value.tagGPR(), node->variablePointer()->tagPointer());
+ m_jit.store32(value.payloadGPR(), node->variablePointer()->payloadPointer());
</ins><span class="cx">
</span><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="lines">@@ -4262,6 +4221,7 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> emitCall(node);
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="lines">@@ -4312,398 +4272,45 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CreateActivation: {
- GPRTemporary result(this);
- GPRReg resultGPR = result.gpr();
- SpeculateCellOperand scope(this, node->child2());
- GPRReg scopeGPR = scope.gpr();
-
- flushRegisters();
- callOperation(operationCreateActivation, resultGPR, scopeGPR, framePointerOffsetToGetActivationRegisters());
-
- cellResult(resultGPR, node);
</del><ins>+ case ForwardVarargs: {
+ compileForwardVarargs(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CreateArguments: {
- JSValueOperand value(this, node->child1());
- GPRTemporary scratch1(this);
- GPRTemporary scratch2(this);
- GPRTemporary result(this, Reuse, value, PayloadWord);
-
- GPRReg valueTagGPR = value.tagGPR();
- GPRReg valuePayloadGPR = value.payloadGPR();
- GPRReg scratch1GPR = scratch1.gpr();
- GPRReg scratch2GPR = scratch2.gpr();
- GPRReg resultGPR = result.gpr();
-
- m_jit.move(valuePayloadGPR, resultGPR);
-
- if (node->origin.semantic.inlineCallFrame) {
- JITCompiler::Jump notCreated = m_jit.branch32(JITCompiler::Equal, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
- addSlowPathGenerator(
- slowPathCall(
- notCreated, this, operationCreateInlinedArguments, resultGPR,
- node->origin.semantic.inlineCallFrame));
- cellResult(resultGPR, node);
- break;
- }
-
- FunctionExecutable* executable = jsCast<FunctionExecutable*>(m_jit.graph().executableFor(node->origin.semantic));
- if (m_jit.codeBlock()->hasSlowArguments()
- || executable->isStrictMode()
- || !executable->parameterCount()) {
- JITCompiler::Jump notCreated = m_jit.branch32(JITCompiler::Equal, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
- addSlowPathGenerator(
- slowPathCall(notCreated, this, operationCreateArgumentsForDFG, resultGPR));
- cellResult(resultGPR, node);
- break;
- }
-
- JITCompiler::Jump alreadyCreated = m_jit.branch32(JITCompiler::NotEqual, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
-
- MacroAssembler::JumpList slowPaths;
- emitAllocateArguments(resultGPR, scratch1GPR, scratch2GPR, slowPaths);
- addSlowPathGenerator(
- slowPathCall(slowPaths, this, operationCreateArgumentsForDFG, resultGPR));
-
- alreadyCreated.link(&m_jit);
- cellResult(resultGPR, node);
</del><ins>+ case CreateActivation: {
+ compileCreateActivation(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case TearOffArguments: {
- JSValueOperand unmodifiedArgumentsValue(this, node->child1());
- JSValueOperand activationValue(this, node->child2());
- GPRReg unmodifiedArgumentsValuePayloadGPR = unmodifiedArgumentsValue.payloadGPR();
- GPRReg activationValuePayloadGPR = activationValue.payloadGPR();
-
- JITCompiler::Jump created = m_jit.branchTest32(
- JITCompiler::NonZero, unmodifiedArgumentsValuePayloadGPR);
-
- if (node->origin.semantic.inlineCallFrame) {
- addSlowPathGenerator(
- slowPathCall(
- created, this, operationTearOffInlinedArguments, NoResult,
- unmodifiedArgumentsValuePayloadGPR, activationValuePayloadGPR, node->origin.semantic.inlineCallFrame));
- } else {
- addSlowPathGenerator(
- slowPathCall(
- created, this, operationTearOffArguments, NoResult,
- unmodifiedArgumentsValuePayloadGPR, activationValuePayloadGPR));
- }
-
- noResult(node);
</del><ins>+ case CreateDirectArguments: {
+ compileCreateDirectArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CheckArgumentsNotCreated: {
- ASSERT(!isEmptySpeculation(
- m_state.variables().operand(
- m_jit.graph().argumentsRegisterFor(node->origin.semantic)).m_type));
- speculationCheck(
- Uncountable, JSValueRegs(), 0,
- m_jit.branch32(
- JITCompiler::NotEqual,
- JITCompiler::tagFor(m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- TrustedImm32(JSValue::EmptyValueTag)));
- noResult(node);
</del><ins>+ case GetFromArguments: {
+ compileGetFromArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentsLength: {
- GPRTemporary result(this);
- GPRReg resultGPR = result.gpr();
-
- if (!isEmptySpeculation(
- m_state.variables().operand(
- m_jit.graph().argumentsRegisterFor(node->origin.semantic)).m_type)) {
- speculationCheck(
- ArgumentsEscaped, JSValueRegs(), 0,
- m_jit.branch32(
- JITCompiler::NotEqual,
- JITCompiler::tagFor(m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- TrustedImm32(JSValue::EmptyValueTag)));
- }
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- m_jit.move(
- TrustedImm32(node->origin.semantic.inlineCallFrame->arguments.size() - 1),
- resultGPR);
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultGPR);
- m_jit.sub32(TrustedImm32(1), resultGPR);
- }
- int32Result(resultGPR, node);
</del><ins>+ case PutToArguments: {
+ compilePutToArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentsLengthSafe: {
- GPRTemporary resultPayload(this);
- GPRTemporary resultTag(this);
- GPRReg resultPayloadGPR = resultPayload.gpr();
- GPRReg resultTagGPR = resultTag.gpr();
-
- JITCompiler::Jump created = m_jit.branch32(
- JITCompiler::NotEqual,
- JITCompiler::tagFor(m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- TrustedImm32(JSValue::EmptyValueTag));
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- m_jit.move(
- TrustedImm32(node->origin.semantic.inlineCallFrame->arguments.size() - 1),
- resultPayloadGPR);
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultPayloadGPR);
- m_jit.sub32(TrustedImm32(1), resultPayloadGPR);
- }
-
- m_jit.move(TrustedImm32(JSValue::Int32Tag), resultTagGPR);
-
- // FIXME: the slow path generator should perform a forward speculation that the
- // result is an integer. For now we postpone the speculation by having this return
- // a JSValue.
-
- addSlowPathGenerator(
- slowPathCall(
- created, this, operationGetArgumentsLength,
- JSValueRegs(resultTagGPR, resultPayloadGPR),
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic).offset()));
-
- jsValueResult(resultTagGPR, resultPayloadGPR, node);
</del><ins>+ case CreateScopedArguments: {
+ compileCreateScopedArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentByVal: {
- SpeculateStrictInt32Operand index(this, node->child1());
- GPRTemporary resultPayload(this);
- GPRTemporary resultTag(this);
- GPRReg indexGPR = index.gpr();
- GPRReg resultPayloadGPR = resultPayload.gpr();
- GPRReg resultTagGPR = resultTag.gpr();
-
- if (!isEmptySpeculation(
- m_state.variables().operand(
- m_jit.graph().argumentsRegisterFor(node->origin.semantic)).m_type)) {
- speculationCheck(
- ArgumentsEscaped, JSValueRegs(), 0,
- m_jit.branch32(
- JITCompiler::NotEqual,
- JITCompiler::tagFor(m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- TrustedImm32(JSValue::EmptyValueTag)));
- }
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- speculationCheck(
- Uncountable, JSValueRegs(), 0,
- m_jit.branch32(
- JITCompiler::AboveOrEqual,
- indexGPR,
- Imm32(node->origin.semantic.inlineCallFrame->arguments.size() - 1)));
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultPayloadGPR);
- m_jit.sub32(TrustedImm32(1), resultPayloadGPR);
- speculationCheck(
- Uncountable, JSValueRegs(), 0,
- m_jit.branch32(JITCompiler::AboveOrEqual, indexGPR, resultPayloadGPR));
- }
-
- JITCompiler::JumpList slowArgument;
- JITCompiler::JumpList slowArgumentOutOfBounds;
- if (m_jit.symbolTableFor(node->origin.semantic)->slowArguments()) {
- RELEASE_ASSERT(!node->origin.semantic.inlineCallFrame);
- const SlowArgument* slowArguments = m_jit.graph().m_slowArguments.get();
- slowArgumentOutOfBounds.append(
- m_jit.branch32(
- JITCompiler::AboveOrEqual, indexGPR,
- Imm32(m_jit.symbolTableFor(node->origin.semantic)->parameterCount())));
-
- COMPILE_ASSERT(sizeof(SlowArgument) == 8, SlowArgument_size_is_eight_bytes);
- m_jit.move(ImmPtr(slowArguments), resultPayloadGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- resultPayloadGPR, indexGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(SlowArgument, index)),
- resultPayloadGPR);
-
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)),
- resultTagGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)),
- resultPayloadGPR);
- slowArgument.append(m_jit.jump());
- }
- slowArgumentOutOfBounds.link(&m_jit);
-
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, indexGPR, JITCompiler::TimesEight,
- m_jit.offsetOfArguments(node->origin.semantic) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)),
- resultTagGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, indexGPR, JITCompiler::TimesEight,
- m_jit.offsetOfArguments(node->origin.semantic) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)),
- resultPayloadGPR);
-
- slowArgument.link(&m_jit);
- jsValueResult(resultTagGPR, resultPayloadGPR, node);
</del><ins>+ case CreateClonedArguments: {
+ compileCreateClonedArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><del>- case GetMyArgumentByValSafe: {
- SpeculateStrictInt32Operand index(this, node->child1());
- GPRTemporary resultPayload(this);
- GPRTemporary resultTag(this);
- GPRReg indexGPR = index.gpr();
- GPRReg resultPayloadGPR = resultPayload.gpr();
- GPRReg resultTagGPR = resultTag.gpr();
</del><span class="cx">
</span><del>- JITCompiler::JumpList slowPath;
- slowPath.append(
- m_jit.branch32(
- JITCompiler::NotEqual,
- JITCompiler::tagFor(m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- TrustedImm32(JSValue::EmptyValueTag)));
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- slowPath.append(
- m_jit.branch32(
- JITCompiler::AboveOrEqual,
- indexGPR,
- Imm32(node->origin.semantic.inlineCallFrame->arguments.size() - 1)));
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultPayloadGPR);
- m_jit.sub32(TrustedImm32(1), resultPayloadGPR);
- slowPath.append(
- m_jit.branch32(JITCompiler::AboveOrEqual, indexGPR, resultPayloadGPR));
- }
-
- JITCompiler::JumpList slowArgument;
- JITCompiler::JumpList slowArgumentOutOfBounds;
- if (m_jit.symbolTableFor(node->origin.semantic)->slowArguments()) {
- RELEASE_ASSERT(!node->origin.semantic.inlineCallFrame);
- const SlowArgument* slowArguments = m_jit.graph().m_slowArguments.get();
- slowArgumentOutOfBounds.append(
- m_jit.branch32(
- JITCompiler::AboveOrEqual, indexGPR,
- Imm32(m_jit.symbolTableFor(node->origin.semantic)->parameterCount())));
-
- COMPILE_ASSERT(sizeof(SlowArgument) == 8, SlowArgument_size_is_eight_bytes);
- m_jit.move(ImmPtr(slowArguments), resultPayloadGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- resultPayloadGPR, indexGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(SlowArgument, index)),
- resultPayloadGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)),
- resultTagGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)),
- resultPayloadGPR);
- slowArgument.append(m_jit.jump());
- }
- slowArgumentOutOfBounds.link(&m_jit);
-
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, indexGPR, JITCompiler::TimesEight,
- m_jit.offsetOfArguments(node->origin.semantic) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)),
- resultTagGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, indexGPR, JITCompiler::TimesEight,
- m_jit.offsetOfArguments(node->origin.semantic) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)),
- resultPayloadGPR);
-
- if (node->origin.semantic.inlineCallFrame) {
- addSlowPathGenerator(
- slowPathCall(
- slowPath, this, operationGetInlinedArgumentByVal,
- JSValueRegs(resultTagGPR, resultPayloadGPR),
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic).offset(),
- node->origin.semantic.inlineCallFrame, indexGPR));
- } else {
- addSlowPathGenerator(
- slowPathCall(
- slowPath, this, operationGetArgumentByVal,
- JSValueRegs(resultTagGPR, resultPayloadGPR),
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic).offset(),
- indexGPR));
- }
-
- slowArgument.link(&m_jit);
- jsValueResult(resultTagGPR, resultPayloadGPR, node);
</del><ins>+ case NewFunction:
+ compileNewFunction(node);
</ins><span class="cx"> break;
</span><del>- }
</del><span class="cx">
</span><del>- case NewFunctionNoCheck:
- compileNewFunctionNoCheck(node);
- break;
-
- case NewFunction: {
- JSValueOperand value(this, node->child1());
- GPRTemporary resultTag(this, Reuse, value, TagWord);
- GPRTemporary resultPayload(this, Reuse, value, PayloadWord);
-
- GPRReg valueTagGPR = value.tagGPR();
- GPRReg valuePayloadGPR = value.payloadGPR();
- GPRReg resultTagGPR = resultTag.gpr();
- GPRReg resultPayloadGPR = resultPayload.gpr();
- SpeculateCellOperand scope(this, node->child2());
- GPRReg scopeGPR = scope.gpr();
-
- m_jit.move(valuePayloadGPR, resultPayloadGPR);
- m_jit.move(valueTagGPR, resultTagGPR);
-
- JITCompiler::Jump notCreated = m_jit.branch32(JITCompiler::Equal, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
-
- addSlowPathGenerator(
- slowPathCall(
- notCreated, this, operationNewFunction, JSValueRegs(resultTagGPR, resultPayloadGPR), scopeGPR,
- node->castOperand<FunctionExecutable*>()));
-
- jsValueResult(resultTagGPR, resultPayloadGPR, node);
- break;
- }
-
- case NewFunctionExpression:
- compileNewFunctionExpression(node);
- break;
-
</del><span class="cx"> case In:
</span><span class="cx"> compileIn(node);
</span><span class="cx"> break;
</span><span class="lines">@@ -5087,7 +4694,8 @@
</span><span class="cx"> case PutStack:
</span><span class="cx"> case KillStack:
</span><span class="cx"> case GetStack:
</span><del>- RELEASE_ASSERT_NOT_REACHED();
</del><ins>+ case GetMyArgumentByVal:
+ DFG_CRASH(m_jit.graph(), node, "unexpected node in DFG backend");
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,15 +28,17 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "ArrayPrototype.h"
</span><span class="cx"> #include "DFGAbstractInterpreterInlines.h"
</span><span class="cx"> #include "DFGCallArrayAllocatorSlowPathGenerator.h"
</span><span class="cx"> #include "DFGOperations.h"
</span><span class="cx"> #include "DFGSlowPathGenerator.h"
</span><span class="cx"> #include "Debugger.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "JSEnvironmentRecord.h"
+#include "JSLexicalEnvironment.h"
</ins><span class="cx"> #include "JSPropertyNameEnumerator.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><span class="cx"> #include "SetupVarargsFrame.h"
</span><span class="lines">@@ -626,18 +628,16 @@
</span><span class="cx"> void SpeculativeJIT::emitCall(Node* node)
</span><span class="cx"> {
</span><span class="cx"> CallLinkInfo::CallType callType;
</span><del>- bool isVarargs;
</del><ins>+ bool isVarargs = false;
+ bool isForwardVarargs = false;
</ins><span class="cx"> switch (node->op()) {
</span><span class="cx"> case Call:
</span><span class="cx"> callType = CallLinkInfo::Call;
</span><del>- isVarargs = false;
</del><span class="cx"> break;
</span><span class="cx"> case Construct:
</span><span class="cx"> callType = CallLinkInfo::Construct;
</span><del>- isVarargs = false;
</del><span class="cx"> break;
</span><span class="cx"> case CallVarargs:
</span><del>- case CallForwardVarargs:
</del><span class="cx"> callType = CallLinkInfo::CallVarargs;
</span><span class="cx"> isVarargs = true;
</span><span class="cx"> break;
</span><span class="lines">@@ -645,6 +645,14 @@
</span><span class="cx"> callType = CallLinkInfo::ConstructVarargs;
</span><span class="cx"> isVarargs = true;
</span><span class="cx"> break;
</span><ins>+ case CallForwardVarargs:
+ callType = CallLinkInfo::CallVarargs;
+ isForwardVarargs = true;
+ break;
+ case ConstructForwardVarargs:
+ callType = CallLinkInfo::ConstructVarargs;
+ isForwardVarargs = true;
+ break;
</ins><span class="cx"> default:
</span><span class="cx"> DFG_CRASH(m_jit.graph(), node, "bad node type");
</span><span class="cx"> break;
</span><span class="lines">@@ -653,27 +661,40 @@
</span><span class="cx"> Edge calleeEdge = m_jit.graph().child(node, 0);
</span><span class="cx">
</span><span class="cx"> // Gotta load the arguments somehow. Varargs is trickier.
</span><del>- if (isVarargs) {
</del><ins>+ if (isVarargs || isForwardVarargs) {
</ins><span class="cx"> CallVarargsData* data = node->callVarargsData();
</span><span class="cx">
</span><del>- GPRReg argumentsGPR;
- GPRReg scratchGPR1;
- GPRReg scratchGPR2;
- GPRReg scratchGPR3;
</del><ins>+ GPRReg resultGPR;
+ unsigned numUsedStackSlots = m_jit.graph().m_nextMachineLocal;
</ins><span class="cx">
</span><del>- if (node->op() == CallForwardVarargs) {
- // We avoid calling flushRegisters() inside the control flow of CallForwardVarargs.
</del><ins>+ if (isForwardVarargs) {
</ins><span class="cx"> flushRegisters();
</span><del>- }
-
- auto loadArgumentsGPR = [&] (GPRReg reservedGPR) {
- if (node->op() == CallForwardVarargs) {
- argumentsGPR = JITCompiler::selectScratchGPR(reservedGPR);
- m_jit.load64(
- JITCompiler::addressFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)),
- argumentsGPR);
- } else {
</del><ins>+ use(node->child2());
+
+ GPRReg scratchGPR1;
+ GPRReg scratchGPR2;
+ GPRReg scratchGPR3;
+
+ scratchGPR1 = JITCompiler::selectScratchGPR();
+ scratchGPR2 = JITCompiler::selectScratchGPR(scratchGPR1);
+ scratchGPR3 = JITCompiler::selectScratchGPR(scratchGPR1, scratchGPR2);
+
+ m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR2);
+ JITCompiler::JumpList slowCase;
+ emitSetupVarargsFrameFastCase(m_jit, scratchGPR2, scratchGPR1, scratchGPR2, scratchGPR3, node->child2()->origin.semantic.inlineCallFrame, data->firstVarArgOffset, slowCase);
+ JITCompiler::Jump done = m_jit.jump();
+ slowCase.link(&m_jit);
+ callOperation(operationThrowStackOverflowForVarargs);
+ m_jit.abortWithReason(DFGVarargsThrowingPathDidNotThrow);
+ done.link(&m_jit);
+ resultGPR = scratchGPR2;
+ } else {
+ GPRReg argumentsGPR;
+ GPRReg scratchGPR1;
+ GPRReg scratchGPR2;
+ GPRReg scratchGPR3;
+
+ auto loadArgumentsGPR = [&] (GPRReg reservedGPR) {
</ins><span class="cx"> if (reservedGPR != InvalidGPRReg)
</span><span class="cx"> lock(reservedGPR);
</span><span class="cx"> JSValueOperand arguments(this, node->child2());
</span><span class="lines">@@ -681,69 +702,40 @@
</span><span class="cx"> if (reservedGPR != InvalidGPRReg)
</span><span class="cx"> unlock(reservedGPR);
</span><span class="cx"> flushRegisters();
</span><del>- }
</del><ins>+
+ scratchGPR1 = JITCompiler::selectScratchGPR(argumentsGPR, reservedGPR);
+ scratchGPR2 = JITCompiler::selectScratchGPR(argumentsGPR, scratchGPR1, reservedGPR);
+ scratchGPR3 = JITCompiler::selectScratchGPR(argumentsGPR, scratchGPR1, scratchGPR2, reservedGPR);
+ };
</ins><span class="cx">
</span><del>- scratchGPR1 = JITCompiler::selectScratchGPR(argumentsGPR, reservedGPR);
- scratchGPR2 = JITCompiler::selectScratchGPR(argumentsGPR, scratchGPR1, reservedGPR);
- scratchGPR3 = JITCompiler::selectScratchGPR(argumentsGPR, scratchGPR1, scratchGPR2, reservedGPR);
- };
-
- loadArgumentsGPR(InvalidGPRReg);
-
- // At this point we have the whole register file to ourselves, and argumentsGPR has the
- // arguments register. Select some scratch registers.
-
- // We will use scratchGPR2 to point to our stack frame.
-
- unsigned numUsedStackSlots = m_jit.graph().m_nextMachineLocal;
-
- JITCompiler::Jump haveArguments;
- GPRReg resultGPR = GPRInfo::regT0;
- if (node->op() == CallForwardVarargs) {
- // Do the horrific foo.apply(this, arguments) optimization.
- // FIXME: do this optimization at the IR level instead of dynamically by testing the
- // arguments register. This will happen once we get rid of the arguments lazy creation and
- // lazy tear-off.
</del><ins>+ loadArgumentsGPR(InvalidGPRReg);
</ins><span class="cx">
</span><del>- JITCompiler::JumpList slowCase;
- slowCase.append(m_jit.branchTest64(JITCompiler::NonZero, argumentsGPR));
</del><ins>+ DFG_ASSERT(m_jit.graph(), node, isFlushed());
</ins><span class="cx">
</span><del>- m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR2);
- emitSetupVarargsFrameFastCase(m_jit, scratchGPR2, scratchGPR1, scratchGPR2, scratchGPR3, node->origin.semantic.inlineCallFrame, data->firstVarArgOffset, slowCase);
- resultGPR = scratchGPR2;
</del><ins>+ // Right now, arguments is in argumentsGPR and the register file is flushed.
+ callOperation(operationSizeFrameForVarargs, GPRInfo::returnValueGPR, argumentsGPR, numUsedStackSlots, data->firstVarArgOffset);
</ins><span class="cx">
</span><del>- haveArguments = m_jit.jump();
- slowCase.link(&m_jit);
</del><ins>+ // Now we have the argument count of the callee frame, but we've lost the arguments operand.
+ // Reconstruct the arguments operand while preserving the callee frame.
+ loadArgumentsGPR(GPRInfo::returnValueGPR);
+ m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR1);
+ emitSetVarargsFrame(m_jit, GPRInfo::returnValueGPR, false, scratchGPR1, scratchGPR1);
+ m_jit.addPtr(TrustedImm32(-(sizeof(CallerFrameAndPC) + WTF::roundUpToMultipleOf(stackAlignmentBytes(), 5 * sizeof(void*)))), scratchGPR1, JITCompiler::stackPointerRegister);
+
+ callOperation(operationSetupVarargsFrame, GPRInfo::returnValueGPR, scratchGPR1, argumentsGPR, data->firstVarArgOffset, GPRInfo::returnValueGPR);
+ resultGPR = GPRInfo::returnValueGPR;
</ins><span class="cx"> }
</span><del>-
- DFG_ASSERT(m_jit.graph(), node, isFlushed());
</del><span class="cx">
</span><del>- // Right now, arguments is in argumentsGPR and the register file is flushed.
- callOperation(operationSizeFrameForVarargs, GPRInfo::returnValueGPR, argumentsGPR, numUsedStackSlots, data->firstVarArgOffset);
-
- // Now we have the argument count of the callee frame, but we've lost the arguments operand.
- // Reconstruct the arguments operand while preserving the callee frame.
- loadArgumentsGPR(GPRInfo::returnValueGPR);
- m_jit.move(TrustedImm32(numUsedStackSlots), scratchGPR1);
- emitSetVarargsFrame(m_jit, GPRInfo::returnValueGPR, false, scratchGPR1, scratchGPR1);
- m_jit.addPtr(TrustedImm32(-(sizeof(CallerFrameAndPC) + WTF::roundUpToMultipleOf(stackAlignmentBytes(), 5 * sizeof(void*)))), scratchGPR1, JITCompiler::stackPointerRegister);
-
- callOperation(operationSetupVarargsFrame, GPRInfo::returnValueGPR, scratchGPR1, argumentsGPR, data->firstVarArgOffset, GPRInfo::returnValueGPR);
- m_jit.move(GPRInfo::returnValueGPR, resultGPR);
-
- if (node->op() == CallForwardVarargs)
- haveArguments.link(&m_jit);
-
</del><span class="cx"> m_jit.addPtr(TrustedImm32(sizeof(CallerFrameAndPC)), resultGPR, JITCompiler::stackPointerRegister);
</span><span class="cx">
</span><span class="cx"> DFG_ASSERT(m_jit.graph(), node, isFlushed());
</span><span class="cx">
</span><span class="cx"> // We don't need the arguments array anymore.
</span><del>- if (node->op() != CallForwardVarargs)
</del><ins>+ if (isVarargs)
</ins><span class="cx"> use(node->child2());
</span><span class="cx">
</span><span class="cx"> // Now set up the "this" argument.
</span><del>- JSValueOperand thisArgument(this, node->op() == CallForwardVarargs ? node->child2() : node->child3());
</del><ins>+ JSValueOperand thisArgument(this, node->child3());
</ins><span class="cx"> GPRReg thisArgumentGPR = thisArgument.gpr();
</span><span class="cx"> thisArgument.use();
</span><span class="cx">
</span><span class="lines">@@ -1846,13 +1838,11 @@
</span><span class="cx"> case JSConstant:
</span><span class="cx"> case DoubleConstant:
</span><span class="cx"> case Int52Constant:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
</ins><span class="cx"> initConstantInfo(node);
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case PhantomArguments:
- initConstantInfo(node);
- break;
-
</del><span class="cx"> case Identity: {
</span><span class="cx"> speculate(node, node->child1());
</span><span class="cx"> switch (node->child1().useKind()) {
</span><span class="lines">@@ -2009,8 +1999,7 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case FlushedJSValue:
- case FlushedArguments: {
</del><ins>+ case FlushedJSValue: {
</ins><span class="cx"> JSValueOperand value(this, node->child1());
</span><span class="cx"> m_jit.store64(value.gpr(), JITCompiler::addressFor(node->machineLocal()));
</span><span class="cx"> noResult(node);
</span><span class="lines">@@ -2602,9 +2591,12 @@
</span><span class="cx"> case Array::String:
</span><span class="cx"> compileGetByValOnString(node);
</span><span class="cx"> break;
</span><del>- case Array::Arguments:
- compileGetByValOnArguments(node);
</del><ins>+ case Array::DirectArguments:
+ compileGetByValOnDirectArguments(node);
</ins><span class="cx"> break;
</span><ins>+ case Array::ScopedArguments:
+ compileGetByValOnScopedArguments(node);
+ break;
</ins><span class="cx"> default: {
</span><span class="cx"> TypedArrayType type = node->arrayMode().typedArrayType();
</span><span class="cx"> if (isInt(type))
</span><span class="lines">@@ -2833,47 +2825,6 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case Array::Arguments: {
- JSValueOperand value(this, child3);
- GPRTemporary scratch(this);
- GPRTemporary scratch2(this);
-
- GPRReg valueReg = value.gpr();
- GPRReg scratchReg = scratch.gpr();
- GPRReg scratch2Reg = scratch2.gpr();
-
- if (!m_compileOkay)
- return;
-
- // Two really lame checks.
- speculationCheck(
- Uncountable, JSValueSource(), 0,
- m_jit.branch32(
- MacroAssembler::AboveOrEqual, propertyReg,
- MacroAssembler::Address(baseReg, Arguments::offsetOfNumArguments())));
- speculationCheck(
- Uncountable, JSValueSource(), 0,
- m_jit.branchTestPtr(
- MacroAssembler::NonZero,
- MacroAssembler::Address(
- baseReg, Arguments::offsetOfSlowArgumentData())));
-
- m_jit.move(propertyReg, scratch2Reg);
- m_jit.signExtend32ToPtr(scratch2Reg, scratch2Reg);
- m_jit.loadPtr(
- MacroAssembler::Address(baseReg, Arguments::offsetOfRegisters()),
- scratchReg);
-
- m_jit.store64(
- valueReg,
- MacroAssembler::BaseIndex(
- scratchReg, scratch2Reg, MacroAssembler::TimesEight,
- CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register)));
-
- noResult(node);
- break;
- }
-
</del><span class="cx"> default: {
</span><span class="cx"> TypedArrayType type = arrayMode.typedArrayType();
</span><span class="cx"> if (isInt(type))
</span><span class="lines">@@ -3639,7 +3590,7 @@
</span><span class="cx"> GPRReg scratchGPR = scratch.gpr();
</span><span class="cx">
</span><span class="cx"> MacroAssembler::JumpList slowPath;
</span><del>-
</del><ins>+
</ins><span class="cx"> m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR);
</span><span class="cx"> m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR);
</span><span class="cx"> slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, allocatorGPR));
</span><span class="lines">@@ -3688,6 +3639,13 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case GetArgumentCount: {
+ GPRTemporary result(this);
+ m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), result.gpr());
+ int32Result(result.gpr(), node);
+ break;
+ }
+
</ins><span class="cx"> case GetScope:
</span><span class="cx"> compileGetScope(node);
</span><span class="cx"> break;
</span><span class="lines">@@ -3696,46 +3654,24 @@
</span><span class="cx"> compileSkipScope(node);
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case GetClosureRegisters: {
- if (WriteBarrierBase<Unknown>* registers = m_jit.graph().tryGetRegisters(node->child1().node())) {
- GPRTemporary result(this);
- GPRReg resultGPR = result.gpr();
- m_jit.move(TrustedImmPtr(registers), resultGPR);
- storageResult(resultGPR, node);
- break;
- }
-
- SpeculateCellOperand scope(this, node->child1());
- GPRTemporary result(this);
- GPRReg scopeGPR = scope.gpr();
- GPRReg resultGPR = result.gpr();
-
- m_jit.loadPtr(JITCompiler::Address(scopeGPR, JSEnvironmentRecord::offsetOfRegisters()), resultGPR);
- storageResult(resultGPR, node);
- break;
- }
</del><span class="cx"> case GetClosureVar: {
</span><del>- speculate(node, node->child1());
-
- StorageOperand registers(this, node->child2());
</del><ins>+ SpeculateCellOperand base(this, node->child1());
</ins><span class="cx"> GPRTemporary result(this);
</span><del>- GPRReg registersGPR = registers.gpr();
</del><ins>+ GPRReg baseGPR = base.gpr();
</ins><span class="cx"> GPRReg resultGPR = result.gpr();
</span><span class="cx">
</span><del>- m_jit.load64(JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register)), resultGPR);
</del><ins>+ m_jit.load64(JITCompiler::Address(baseGPR, JSEnvironmentRecord::offsetOfVariable(node->scopeOffset())), resultGPR);
</ins><span class="cx"> jsValueResult(resultGPR, node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case PutClosureVar: {
</span><del>- speculate(node, node->child1());
</del><ins>+ SpeculateCellOperand base(this, node->child1());
+ JSValueOperand value(this, node->child2());
</ins><span class="cx">
</span><del>- StorageOperand registers(this, node->child2());
- JSValueOperand value(this, node->child3());
-
- GPRReg registersGPR = registers.gpr();
</del><ins>+ GPRReg baseGPR = base.gpr();
</ins><span class="cx"> GPRReg valueGPR = value.gpr();
</span><span class="cx">
</span><del>- m_jit.store64(valueGPR, JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register)));
</del><ins>+ m_jit.store64(valueGPR, JITCompiler::Address(baseGPR, JSEnvironmentRecord::offsetOfVariable(node->scopeOffset())));
</ins><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -4062,7 +3998,7 @@
</span><span class="cx"> case GetGlobalVar: {
</span><span class="cx"> GPRTemporary result(this);
</span><span class="cx">
</span><del>- m_jit.load64(node->registerPointer(), result.gpr());
</del><ins>+ m_jit.load64(node->variablePointer(), result.gpr());
</ins><span class="cx">
</span><span class="cx"> jsValueResult(result.gpr(), node);
</span><span class="cx"> break;
</span><span class="lines">@@ -4071,7 +4007,7 @@
</span><span class="cx"> case PutGlobalVar: {
</span><span class="cx"> JSValueOperand value(this, node->child1());
</span><span class="cx">
</span><del>- m_jit.store64(value.gpr(), node->registerPointer());
</del><ins>+ m_jit.store64(value.gpr(), node->variablePointer());
</ins><span class="cx">
</span><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="lines">@@ -4318,6 +4254,7 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> emitCall(node);
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="lines">@@ -4365,360 +4302,45 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CreateActivation: {
- DFG_ASSERT(m_jit.graph(), node, !node->origin.semantic.inlineCallFrame);
-
- GPRTemporary result(this);
- GPRReg resultGPR = result.gpr();
- SpeculateCellOperand scope(this, node->child2());
- GPRReg scopeGPR = scope.gpr();
-
- flushRegisters();
- callOperation(operationCreateActivation, resultGPR, scopeGPR, framePointerOffsetToGetActivationRegisters());
-
- cellResult(resultGPR, node);
</del><ins>+ case ForwardVarargs: {
+ compileForwardVarargs(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CreateArguments: {
- JSValueOperand value(this, node->child1());
- GPRTemporary scratch1(this);
- GPRTemporary scratch2(this);
- GPRTemporary result(this, Reuse, value);
-
- GPRReg valueGPR = value.gpr();
- GPRReg scratchGPR1 = scratch1.gpr();
- GPRReg scratchGPR2 = scratch2.gpr();
- GPRReg resultGPR = result.gpr();
-
- m_jit.move(valueGPR, resultGPR);
-
- if (node->origin.semantic.inlineCallFrame) {
- JITCompiler::Jump notCreated = m_jit.branchTest64(JITCompiler::Zero, resultGPR);
- addSlowPathGenerator(
- slowPathCall(
- notCreated, this, operationCreateInlinedArguments, resultGPR,
- node->origin.semantic.inlineCallFrame));
- cellResult(resultGPR, node);
- break;
- }
-
- FunctionExecutable* executable = jsCast<FunctionExecutable*>(m_jit.graph().executableFor(node->origin.semantic));
- if (m_jit.codeBlock()->hasSlowArguments()
- || executable->isStrictMode()
- || !executable->parameterCount()) {
- JITCompiler::Jump notCreated = m_jit.branchTest64(JITCompiler::Zero, resultGPR);
- addSlowPathGenerator(
- slowPathCall(notCreated, this, operationCreateArgumentsForDFG, resultGPR));
- cellResult(resultGPR, node);
- break;
- }
-
- JITCompiler::Jump alreadyCreated = m_jit.branchTest64(JITCompiler::NonZero, resultGPR);
-
- MacroAssembler::JumpList slowPaths;
- emitAllocateArguments(resultGPR, scratchGPR1, scratchGPR2, slowPaths);
- addSlowPathGenerator(
- slowPathCall(slowPaths, this, operationCreateArgumentsForDFG, resultGPR));
-
- alreadyCreated.link(&m_jit);
- cellResult(resultGPR, node);
</del><ins>+ case CreateActivation: {
+ compileCreateActivation(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><del>-
- case TearOffArguments: {
- JSValueOperand unmodifiedArgumentsValue(this, node->child1());
- JSValueOperand activationValue(this, node->child2());
- GPRReg unmodifiedArgumentsValueGPR = unmodifiedArgumentsValue.gpr();
- GPRReg activationValueGPR = activationValue.gpr();
-
- JITCompiler::Jump created = m_jit.branchTest64(JITCompiler::NonZero, unmodifiedArgumentsValueGPR);
-
- if (node->origin.semantic.inlineCallFrame) {
- addSlowPathGenerator(
- slowPathCall(
- created, this, operationTearOffInlinedArguments, NoResult,
- unmodifiedArgumentsValueGPR, activationValueGPR, node->origin.semantic.inlineCallFrame));
- } else {
- addSlowPathGenerator(
- slowPathCall(
- created, this, operationTearOffArguments, NoResult, unmodifiedArgumentsValueGPR, activationValueGPR));
- }
</del><span class="cx">
</span><del>- noResult(node);
</del><ins>+ case CreateDirectArguments: {
+ compileCreateDirectArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentsLength: {
- GPRTemporary result(this);
- GPRReg resultGPR = result.gpr();
-
- if (!isEmptySpeculation(
- m_state.variables().operand(
- m_jit.graph().argumentsRegisterFor(node->origin.semantic)).m_type)) {
- speculationCheck(
- ArgumentsEscaped, JSValueRegs(), 0,
- m_jit.branchTest64(
- JITCompiler::NonZero,
- JITCompiler::addressFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic))));
- }
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- m_jit.move(
- TrustedImm32(node->origin.semantic.inlineCallFrame->arguments.size() - 1),
- resultGPR);
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultGPR);
- m_jit.sub32(TrustedImm32(1), resultGPR);
- }
- int32Result(resultGPR, node);
</del><ins>+ case GetFromArguments: {
+ compileGetFromArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentsLengthSafe: {
- GPRTemporary result(this);
- GPRReg resultGPR = result.gpr();
-
- JITCompiler::Jump created = m_jit.branchTest64(
- JITCompiler::NonZero,
- JITCompiler::addressFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic)));
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- m_jit.move(
- Imm64(JSValue::encode(jsNumber(node->origin.semantic.inlineCallFrame->arguments.size() - 1))),
- resultGPR);
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultGPR);
- m_jit.sub32(TrustedImm32(1), resultGPR);
- m_jit.or64(GPRInfo::tagTypeNumberRegister, resultGPR);
- }
-
- addSlowPathGenerator(
- slowPathCall(
- created, this, operationGetArgumentsLength, resultGPR,
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic).offset()));
-
- jsValueResult(resultGPR, node);
</del><ins>+ case PutToArguments: {
+ compilePutToArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentByVal: {
- SpeculateStrictInt32Operand index(this, node->child1());
- GPRTemporary result(this);
- GPRReg indexGPR = index.gpr();
- GPRReg resultGPR = result.gpr();
-
- if (!isEmptySpeculation(
- m_state.variables().operand(
- m_jit.graph().argumentsRegisterFor(node->origin.semantic)).m_type)) {
- speculationCheck(
- ArgumentsEscaped, JSValueRegs(), 0,
- m_jit.branchTest64(
- JITCompiler::NonZero,
- JITCompiler::addressFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic))));
- }
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- speculationCheck(
- Uncountable, JSValueRegs(), 0,
- m_jit.branch32(
- JITCompiler::AboveOrEqual,
- indexGPR,
- Imm32(node->origin.semantic.inlineCallFrame->arguments.size() - 1)));
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultGPR);
- m_jit.sub32(TrustedImm32(1), resultGPR);
- speculationCheck(
- Uncountable, JSValueRegs(), 0,
- m_jit.branch32(JITCompiler::AboveOrEqual, indexGPR, resultGPR));
- }
-
- JITCompiler::JumpList slowArgument;
- JITCompiler::JumpList slowArgumentOutOfBounds;
- if (m_jit.symbolTableFor(node->origin.semantic)->slowArguments()) {
- DFG_ASSERT(m_jit.graph(), node, !node->origin.semantic.inlineCallFrame);
- const SlowArgument* slowArguments = m_jit.graph().m_slowArguments.get();
-
- slowArgumentOutOfBounds.append(
- m_jit.branch32(
- JITCompiler::AboveOrEqual, indexGPR,
- Imm32(m_jit.symbolTableFor(node->origin.semantic)->parameterCount())));
-
- COMPILE_ASSERT(sizeof(SlowArgument) == 8, SlowArgument_size_is_eight_bytes);
- m_jit.move(ImmPtr(slowArguments), resultGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- resultGPR, indexGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(SlowArgument, index)),
- resultGPR);
- m_jit.signExtend32ToPtr(resultGPR, resultGPR);
- m_jit.load64(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, resultGPR, JITCompiler::TimesEight),
- resultGPR);
- slowArgument.append(m_jit.jump());
- }
- slowArgumentOutOfBounds.link(&m_jit);
-
- m_jit.load64(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, indexGPR, JITCompiler::TimesEight, m_jit.offsetOfArguments(node->origin.semantic)),
- resultGPR);
-
- slowArgument.link(&m_jit);
- jsValueResult(resultGPR, node);
</del><ins>+ case CreateScopedArguments: {
+ compileCreateScopedArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetMyArgumentByValSafe: {
- SpeculateStrictInt32Operand index(this, node->child1());
- GPRTemporary result(this);
- GPRReg indexGPR = index.gpr();
- GPRReg resultGPR = result.gpr();
-
- JITCompiler::JumpList slowPath;
- slowPath.append(
- m_jit.branchTest64(
- JITCompiler::NonZero,
- JITCompiler::addressFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic))));
-
- if (node->origin.semantic.inlineCallFrame
- && !node->origin.semantic.inlineCallFrame->isVarargs()) {
- slowPath.append(
- m_jit.branch32(
- JITCompiler::AboveOrEqual,
- resultGPR,
- Imm32(node->origin.semantic.inlineCallFrame->arguments.size() - 1)));
- } else {
- VirtualRegister argumentCountRegister;
- if (!node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = node->origin.semantic.inlineCallFrame->argumentCountRegister;
- m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), resultGPR);
- m_jit.sub32(TrustedImm32(1), resultGPR);
- slowPath.append(
- m_jit.branch32(JITCompiler::AboveOrEqual, indexGPR, resultGPR));
- }
-
- JITCompiler::JumpList slowArgument;
- JITCompiler::JumpList slowArgumentOutOfBounds;
- if (m_jit.symbolTableFor(node->origin.semantic)->slowArguments()) {
- DFG_ASSERT(m_jit.graph(), node, !node->origin.semantic.inlineCallFrame);
- const SlowArgument* slowArguments = m_jit.graph().m_slowArguments.get();
-
- slowArgumentOutOfBounds.append(
- m_jit.branch32(
- JITCompiler::AboveOrEqual, indexGPR,
- Imm32(m_jit.symbolTableFor(node->origin.semantic)->parameterCount())));
-
- COMPILE_ASSERT(sizeof(SlowArgument) == 8, SlowArgument_size_is_eight_bytes);
- m_jit.move(ImmPtr(slowArguments), resultGPR);
- m_jit.load32(
- JITCompiler::BaseIndex(
- resultGPR, indexGPR, JITCompiler::TimesEight,
- OBJECT_OFFSETOF(SlowArgument, index)),
- resultGPR);
- m_jit.signExtend32ToPtr(resultGPR, resultGPR);
- m_jit.load64(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, resultGPR, JITCompiler::TimesEight),
- resultGPR);
- slowArgument.append(m_jit.jump());
- }
- slowArgumentOutOfBounds.link(&m_jit);
-
- m_jit.load64(
- JITCompiler::BaseIndex(
- GPRInfo::callFrameRegister, indexGPR, JITCompiler::TimesEight, m_jit.offsetOfArguments(node->origin.semantic)),
- resultGPR);
-
- if (node->origin.semantic.inlineCallFrame) {
- addSlowPathGenerator(
- slowPathCall(
- slowPath, this, operationGetInlinedArgumentByVal, resultGPR,
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic).offset(),
- node->origin.semantic.inlineCallFrame,
- indexGPR));
- } else {
- addSlowPathGenerator(
- slowPathCall(
- slowPath, this, operationGetArgumentByVal, resultGPR,
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic).offset(),
- indexGPR));
- }
-
- slowArgument.link(&m_jit);
- jsValueResult(resultGPR, node);
</del><ins>+ case CreateClonedArguments: {
+ compileCreateClonedArguments(node);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CheckArgumentsNotCreated: {
- ASSERT(!isEmptySpeculation(
- m_state.variables().operand(
- m_jit.graph().argumentsRegisterFor(node->origin.semantic)).m_type));
- speculationCheck(
- ArgumentsEscaped, JSValueRegs(), 0,
- m_jit.branchTest64(
- JITCompiler::NonZero,
- JITCompiler::addressFor(
- m_jit.graph().machineArgumentsRegisterFor(node->origin.semantic))));
- noResult(node);
</del><ins>+ case NewFunction:
+ compileNewFunction(node);
</ins><span class="cx"> break;
</span><del>- }
</del><span class="cx">
</span><del>- case NewFunctionNoCheck:
- compileNewFunctionNoCheck(node);
- break;
-
- case NewFunction: {
- JSValueOperand value(this, node->child1());
- GPRTemporary result(this, Reuse, value);
- SpeculateCellOperand scope(this, node->child2());
- GPRReg scopeGPR = scope.gpr();
-
- GPRReg valueGPR = value.gpr();
- GPRReg resultGPR = result.gpr();
-
- m_jit.move(valueGPR, resultGPR);
-
- JITCompiler::Jump notCreated = m_jit.branchTest64(JITCompiler::Zero, resultGPR);
-
- addSlowPathGenerator(
- slowPathCall(
- notCreated, this, operationNewFunction,
- resultGPR, scopeGPR, node->castOperand<FunctionExecutable*>()));
-
- jsValueResult(resultGPR, node);
- break;
- }
-
- case NewFunctionExpression:
- compileNewFunctionExpression(node);
- break;
-
</del><span class="cx"> case In:
</span><span class="cx"> compileIn(node);
</span><span class="cx"> break;
</span><span class="lines">@@ -5152,6 +4774,7 @@
</span><span class="cx"> case CheckBadCell:
</span><span class="cx"> case BottomValue:
</span><span class="cx"> case PhantomNewObject:
</span><ins>+ case GetMyArgumentByVal:
</ins><span class="cx"> case PutHint:
</span><span class="cx"> case CheckStructureImmediate:
</span><span class="cx"> case MaterializeNewObject:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGStackLayoutPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -46,8 +46,6 @@
</span><span class="cx">
</span><span class="cx"> bool run()
</span><span class="cx"> {
</span><del>- SymbolTable* symbolTable = codeBlock()->symbolTable();
-
</del><span class="cx"> // This enumerates the locals that we actually care about and packs them. So for example
</span><span class="cx"> // if we use local 1, 3, 4, 5, 7, then we remap them: 1->0, 3->1, 4->2, 5->3, 7->4. We
</span><span class="cx"> // treat a variable as being "used" if there exists an access to it (SetLocal, GetLocal,
</span><span class="lines">@@ -84,7 +82,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case LoadVarargs: {
</del><ins>+ case LoadVarargs:
+ case ForwardVarargs: {
</ins><span class="cx"> LoadVarargsData* data = node->loadVarargsData();
</span><span class="cx"> if (data->count.isLocal())
</span><span class="cx"> usedLocals.set(data->count.toLocal());
</span><span class="lines">@@ -114,28 +113,9 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // Ensure that captured variables and captured inline arguments are pinned down.
- // They should have been because of flushes, except that the flushes can be optimized
- // away.
- if (symbolTable) {
- for (int i = symbolTable->captureStart(); i > symbolTable->captureEnd(); i--)
- usedLocals.set(VirtualRegister(i).toLocal());
- }
- if (codeBlock()->usesArguments()) {
- usedLocals.set(codeBlock()->argumentsRegister().toLocal());
- usedLocals.set(unmodifiedArgumentsRegister(codeBlock()->argumentsRegister()).toLocal());
- }
- if (codeBlock()->uncheckedActivationRegister().isValid())
- usedLocals.set(codeBlock()->activationRegister().toLocal());
</del><span class="cx"> for (InlineCallFrameSet::iterator iter = m_graph.m_plan.inlineCallFrames->begin(); !!iter; ++iter) {
</span><span class="cx"> InlineCallFrame* inlineCallFrame = *iter;
</span><del>- if (!m_graph.usesArguments(inlineCallFrame))
- continue;
</del><span class="cx">
</span><del>- VirtualRegister argumentsRegister = m_graph.argumentsRegisterFor(inlineCallFrame);
- usedLocals.set(argumentsRegister.toLocal());
- usedLocals.set(unmodifiedArgumentsRegister(argumentsRegister).toLocal());
-
</del><span class="cx"> if (inlineCallFrame->isVarargs()) {
</span><span class="cx"> usedLocals.set(VirtualRegister(
</span><span class="cx"> JSStack::ArgumentCount + inlineCallFrame->stackOffset).toLocal());
</span><span class="lines">@@ -193,36 +173,14 @@
</span><span class="cx"> data->machineLocal = assign(allocation, data->local);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (codeBlock()->usesArguments()) {
- VirtualRegister argumentsRegister =
- assign(allocation, codeBlock()->argumentsRegister());
- RELEASE_ASSERT(
- assign(allocation, unmodifiedArgumentsRegister(codeBlock()->argumentsRegister()))
- == unmodifiedArgumentsRegister(argumentsRegister));
- codeBlock()->setArgumentsRegister(argumentsRegister);
- }
-
- if (codeBlock()->uncheckedActivationRegister().isValid()) {
- codeBlock()->setActivationRegister(
- assign(allocation, codeBlock()->activationRegister()));
- }
-
</del><span class="cx"> // This register is never valid for DFG code blocks.
</span><ins>+ codeBlock()->setActivationRegister(VirtualRegister());
</ins><span class="cx"> codeBlock()->setScopeRegister(VirtualRegister());
</span><span class="cx">
</span><span class="cx"> for (unsigned i = m_graph.m_inlineVariableData.size(); i--;) {
</span><span class="cx"> InlineVariableData data = m_graph.m_inlineVariableData[i];
</span><span class="cx"> InlineCallFrame* inlineCallFrame = data.inlineCallFrame;
</span><span class="cx">
</span><del>- if (m_graph.usesArguments(inlineCallFrame)) {
- inlineCallFrame->argumentsRegister = assign(
- allocation, m_graph.argumentsRegisterFor(inlineCallFrame));
-
- RELEASE_ASSERT(
- assign(allocation, unmodifiedArgumentsRegister(m_graph.argumentsRegisterFor(inlineCallFrame)))
- == unmodifiedArgumentsRegister(inlineCallFrame->argumentsRegister));
- }
-
</del><span class="cx"> if (inlineCallFrame->isVarargs()) {
</span><span class="cx"> inlineCallFrame->argumentCountRegister = assign(
</span><span class="cx"> allocation, VirtualRegister(inlineCallFrame->stackOffset + JSStack::ArgumentCount));
</span><span class="lines">@@ -253,30 +211,6 @@
</span><span class="cx"> RELEASE_ASSERT(inlineCallFrame->calleeRecovery.isConstant());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (symbolTable) {
- if (symbolTable->captureCount()) {
- unsigned captureStartLocal = allocation[
- VirtualRegister(codeBlock()->symbolTable()->captureStart()).toLocal()];
- ASSERT(captureStartLocal != UINT_MAX);
- m_graph.m_machineCaptureStart = virtualRegisterForLocal(captureStartLocal).offset();
- } else
- m_graph.m_machineCaptureStart = virtualRegisterForLocal(0).offset();
-
- // This is an abomination. If we had captured an argument then the argument ends
- // up being "slow", meaning that loads of the argument go through an extra lookup
- // table.
- if (const SlowArgument* slowArguments = symbolTable->slowArguments()) {
- auto newSlowArguments = std::make_unique<SlowArgument[]>(
- symbolTable->parameterCount());
- for (size_t i = symbolTable->parameterCount(); i--;) {
- newSlowArguments[i] = slowArguments[i];
- newSlowArguments[i].index = assign(allocation, VirtualRegister(slowArguments[i].index)).offset();
- }
-
- m_graph.m_slowArguments = WTF::move(newSlowArguments);
- }
- }
-
</del><span class="cx"> // Fix GetLocalUnlinked's variable references.
</span><span class="cx"> if (hasNodesThatNeedFixup) {
</span><span class="cx"> for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) {
</span><span class="lines">@@ -291,7 +225,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case LoadVarargs: {
</del><ins>+ case LoadVarargs:
+ case ForwardVarargs: {
</ins><span class="cx"> LoadVarargsData* data = node->loadVarargsData();
</span><span class="cx"> data->machineCount = assign(allocation, data->count);
</span><span class="cx"> data->machineStart = assign(allocation, data->start);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGStrengthReductionPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -237,60 +237,14 @@
</span><span class="cx"> Node* setLocal = nullptr;
</span><span class="cx"> VirtualRegister local = m_node->local();
</span><span class="cx">
</span><del>- if (m_node->variableAccessData()->isCaptured()) {
- for (unsigned i = m_nodeIndex; i--;) {
- Node* node = m_block->at(i);
- bool done = false;
- switch (node->op()) {
- case GetLocal:
- case Flush:
- if (node->local() == local)
- done = true;
- break;
-
- case GetLocalUnlinked:
- if (node->unlinkedLocal() == local)
- done = true;
- break;
-
- case SetLocal: {
- if (node->local() != local)
- break;
- setLocal = node;
- done = true;
- break;
- }
-
- case Phantom:
- case Check:
- case HardPhantom:
- case MovHint:
- case JSConstant:
- case DoubleConstant:
- case Int52Constant:
- case GetScope:
- case PhantomLocal:
- case GetCallee:
- case CountExecution:
- break;
-
- default:
- done = true;
- break;
- }
- if (done)
- break;
</del><ins>+ for (unsigned i = m_nodeIndex; i--;) {
+ Node* node = m_block->at(i);
+ if (node->op() == SetLocal && node->local() == local) {
+ setLocal = node;
+ break;
</ins><span class="cx"> }
</span><del>- } else {
- for (unsigned i = m_nodeIndex; i--;) {
- Node* node = m_block->at(i);
- if (node->op() == SetLocal && node->local() == local) {
- setLocal = node;
- break;
- }
- if (accessesOverlap(m_graph, node, AbstractHeap(Variables, local)))
- break;
- }
</del><ins>+ if (accessesOverlap(m_graph, node, AbstractHeap(Stack, local)))
+ break;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!setLocal)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGStructureRegistrationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -118,12 +118,19 @@
</span><span class="cx"> registerStructure(m_graph.globalObjectFor(node->origin.semantic)->activationStructure());
</span><span class="cx"> break;
</span><span class="cx">
</span><ins>+ case CreateDirectArguments:
+ registerStructure(m_graph.globalObjectFor(node->origin.semantic)->directArgumentsStructure());
+ break;
+
+ case CreateScopedArguments:
+ registerStructure(m_graph.globalObjectFor(node->origin.semantic)->scopedArgumentsStructure());
+ break;
+
</ins><span class="cx"> case NewRegexp:
</span><span class="cx"> registerStructure(m_graph.globalObjectFor(node->origin.semantic)->regExpStructure());
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case NewFunctionExpression:
- case NewFunctionNoCheck:
</del><ins>+ case NewFunction:
</ins><span class="cx"> registerStructure(m_graph.globalObjectFor(node->origin.semantic)->functionStructure());
</span><span class="cx"> break;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGUnificationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGUnificationPhase.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGUnificationPhase.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGUnificationPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -70,7 +70,6 @@
</span><span class="cx"> for (unsigned i = 0; i < m_graph.m_variableAccessData.size(); ++i) {
</span><span class="cx"> VariableAccessData* data = &m_graph.m_variableAccessData[i];
</span><span class="cx"> data->find()->predict(data->nonUnifiedPrediction());
</span><del>- data->find()->mergeIsCaptured(data->isCaptured());
</del><span class="cx"> data->find()->mergeStructureCheckHoistingFailed(data->structureCheckHoistingFailed());
</span><span class="cx"> data->find()->mergeCheckArrayHoistingFailed(data->checkArrayHoistingFailed());
</span><span class="cx"> data->find()->mergeShouldNeverUnbox(data->shouldNeverUnbox());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGValidatecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGValidate.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGValidate.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGValidate.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -438,6 +438,7 @@
</span><span class="cx"> case Upsilon:
</span><span class="cx"> case CheckInBounds:
</span><span class="cx"> case PhantomNewObject:
</span><ins>+ case GetMyArgumentByVal:
</ins><span class="cx"> case PutHint:
</span><span class="cx"> case CheckStructureImmediate:
</span><span class="cx"> case MaterializeNewObject:
</span><span class="lines">@@ -454,8 +455,6 @@
</span><span class="cx"> continue;
</span><span class="cx"> switch (node->op()) {
</span><span class="cx"> case GetLocal:
</span><del>- if (node->variableAccessData()->isCaptured())
- break;
</del><span class="cx"> // Ignore GetLocal's that we know to be dead, but that the graph
</span><span class="cx"> // doesn't yet know to be dead.
</span><span class="cx"> if (!m_myRefCounts.get(node))
</span><span class="lines">@@ -465,8 +464,6 @@
</span><span class="cx"> getLocalPositions.operand(node->local()) = i;
</span><span class="cx"> break;
</span><span class="cx"> case SetLocal:
</span><del>- if (node->variableAccessData()->isCaptured())
- break;
</del><span class="cx"> // Only record the first SetLocal. There may be multiple SetLocals
</span><span class="cx"> // because of flushing.
</span><span class="cx"> if (setLocalPositions.operand(node->local()) != notSet)
</span><span class="lines">@@ -474,8 +471,6 @@
</span><span class="cx"> setLocalPositions.operand(node->local()) = i;
</span><span class="cx"> break;
</span><span class="cx"> case SetArgument:
</span><del>- if (node->variableAccessData()->isCaptured())
- break;
</del><span class="cx"> // This acts like a reset. It's ok to have a second GetLocal for a local in the same
</span><span class="cx"> // block if we had a SetArgument for that local.
</span><span class="cx"> getLocalPositions.operand(node->local()) = notSet;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGValueSourcecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGValueSource.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGValueSource.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGValueSource.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -59,9 +59,6 @@
</span><span class="cx"> case DoubleInJSStack:
</span><span class="cx"> out.print("Double:", virtualRegister());
</span><span class="cx"> break;
</span><del>- case ArgumentsSource:
- out.print("Arguments");
- break;
</del><span class="cx"> case HaveNode:
</span><span class="cx"> out.print("Node(", m_value, ")");
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGValueSourceh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGValueSource.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGValueSource.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGValueSource.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -45,7 +45,6 @@
</span><span class="cx"> CellInJSStack,
</span><span class="cx"> BooleanInJSStack,
</span><span class="cx"> DoubleInJSStack,
</span><del>- ArgumentsSource,
</del><span class="cx"> SourceIsDead,
</span><span class="cx"> HaveNode
</span><span class="cx"> };
</span><span class="lines">@@ -65,8 +64,6 @@
</span><span class="cx"> return CellInJSStack;
</span><span class="cx"> case DataFormatDead:
</span><span class="cx"> return SourceIsDead;
</span><del>- case DataFormatArguments:
- return ArgumentsSource;
</del><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT(dataFormat & DataFormatJS);
</span><span class="cx"> return ValueInJSStack;
</span><span class="lines">@@ -88,8 +85,6 @@
</span><span class="cx"> return DataFormatBoolean;
</span><span class="cx"> case DoubleInJSStack:
</span><span class="cx"> return DataFormatDouble;
</span><del>- case ArgumentsSource:
- return DataFormatArguments;
</del><span class="cx"> case SourceIsDead:
</span><span class="cx"> return DataFormatDead;
</span><span class="cx"> default:
</span><span class="lines">@@ -120,7 +115,7 @@
</span><span class="cx"> explicit ValueSource(ValueSourceKind valueSourceKind)
</span><span class="cx"> : m_kind(valueSourceKind)
</span><span class="cx"> {
</span><del>- ASSERT(kind() == ArgumentsSource || kind() == SourceIsDead || kind() == ArgumentsSource);
</del><ins>+ ASSERT(kind() == SourceIsDead);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> explicit ValueSource(MinifiedID id)
</span><span class="lines">@@ -157,8 +152,6 @@
</span><span class="cx"> return ValueSource(CellInJSStack, where);
</span><span class="cx"> case FlushedBoolean:
</span><span class="cx"> return ValueSource(BooleanInJSStack, where);
</span><del>- case FlushedArguments:
- return ValueSource(ArgumentsSource);
</del><span class="cx"> }
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return ValueSource();
</span><span class="lines">@@ -196,9 +189,6 @@
</span><span class="cx"> case SourceIsDead:
</span><span class="cx"> return ValueRecovery::constant(jsUndefined());
</span><span class="cx">
</span><del>- case ArgumentsSource:
- return ValueRecovery::argumentsThatWereNotCreated();
-
</del><span class="cx"> default:
</span><span class="cx"> return ValueRecovery::displacedInJSStack(virtualRegister(), dataFormat());
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVarargsForwardingPhasecpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,275 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGVarargsForwardingPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGArgumentsUtilities.h"
+#include "DFGClobberize.h"
+#include "DFGGraph.h"
+#include "DFGPhase.h"
+
+namespace JSC { namespace DFG {
+
+namespace {
+
+bool verbose = false;
+
+class VarargsForwardingPhase : public Phase {
+public:
+ VarargsForwardingPhase(Graph& graph)
+ : Phase(graph, "varargs forwarding")
+ {
+ }
+
+ bool run()
+ {
+ if (verbose) {
+ dataLog("Graph before varargs forwarding:\n");
+ m_graph.dump();
+ }
+
+ m_changed = false;
+ for (BasicBlock* block : m_graph.blocksInNaturalOrder())
+ handleBlock(block);
+ return m_changed;
+ }
+
+private:
+ void handleBlock(BasicBlock* block)
+ {
+ for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex) {
+ Node* node = block->at(nodeIndex);
+ switch (node->op()) {
+ case CreateDirectArguments:
+ case CreateClonedArguments:
+ handleCandidate(block, nodeIndex);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ void handleCandidate(BasicBlock* block, unsigned candidateNodeIndex)
+ {
+ // We expect calls into this function to be rare. So, this is written in a simple O(n) manner.
+
+ Node* candidate = block->at(candidateNodeIndex);
+ if (verbose)
+ dataLog("Handling candidate ", candidate, "\n");
+
+ // Find the index of the last node in this block to use the candidate, and look for escaping
+ // sites.
+ unsigned lastUserIndex = candidateNodeIndex;
+ for (unsigned nodeIndex = candidateNodeIndex + 1; nodeIndex < block->size(); ++nodeIndex) {
+ Node* node = block->at(nodeIndex);
+ switch (node->op()) {
+ case Phantom:
+ case Check:
+ case HardPhantom:
+ case MovHint:
+ case PutHint:
+ case LoadVarargs:
+ if (m_graph.uses(node, candidate))
+ lastUserIndex = nodeIndex;
+ break;
+
+ case CallVarargs:
+ case ConstructVarargs:
+ if (node->child1() == candidate || node->child3() == candidate) {
+ if (verbose)
+ dataLog(" Escape at ", node, "\n");
+ return;
+ }
+ if (node->child2() == candidate)
+ lastUserIndex = nodeIndex;
+ break;
+
+ case SetLocal:
+ if (node->child1() == candidate && node->variableAccessData()->isLoadedFrom()) {
+ if (verbose)
+ dataLog(" Escape at ", node, "\n");
+ return;
+ }
+ break;
+
+ default:
+ if (m_graph.uses(node, candidate)) {
+ if (verbose)
+ dataLog(" Escape at ", node, "\n");
+ return;
+ }
+ }
+ }
+ if (verbose)
+ dataLog("Selected lastUserIndex = ", lastUserIndex, ", ", block->at(lastUserIndex), "\n");
+
+ // We're still in business. Determine if between the candidate and the last user there is any
+ // effect that could interfere with sinking.
+ for (unsigned nodeIndex = candidateNodeIndex + 1; nodeIndex <= lastUserIndex; ++nodeIndex) {
+ Node* node = block->at(nodeIndex);
+
+ // We have our own custom switch to detect some interferences that clobberize() wouldn't know
+ // about, and also some of the common ones, too. In particular, clobberize() doesn't know
+ // that Flush, MovHint, ZombieHint, and KillStack are bad because it's not worried about
+ // what gets read on OSR exit.
+ switch (node->op()) {
+ case MovHint:
+ case ZombieHint:
+ case KillStack:
+ if (argumentsInvolveStackSlot(candidate, node->unlinkedLocal())) {
+ if (verbose)
+ dataLog(" Interference at ", node, "\n");
+ return;
+ }
+ break;
+
+ case PutStack:
+ if (argumentsInvolveStackSlot(candidate, node->stackAccessData()->local)) {
+ if (verbose)
+ dataLog(" Interference at ", node, "\n");
+ return;
+ }
+ break;
+
+ case SetLocal:
+ case Flush:
+ if (argumentsInvolveStackSlot(candidate, node->local())) {
+ if (verbose)
+ dataLog(" Interference at ", node, "\n");
+ return;
+ }
+ break;
+
+ default: {
+ bool doesInterfere = false;
+ clobberize(
+ m_graph, node, NoOpClobberize(),
+ [&] (AbstractHeap heap) {
+ if (heap.kind() != Stack) {
+ ASSERT(!heap.overlaps(Stack));
+ return;
+ }
+ ASSERT(!heap.payload().isTop());
+ VirtualRegister reg(heap.payload().value32());
+ if (argumentsInvolveStackSlot(candidate, reg))
+ doesInterfere = true;
+ },
+ NoOpClobberize());
+ if (doesInterfere) {
+ if (verbose)
+ dataLog(" Interference at ", node, "\n");
+ return;
+ }
+ } }
+ }
+
+ // We can make this work.
+ if (verbose)
+ dataLog(" Will do forwarding!\n");
+ m_changed = true;
+
+ // Transform the program.
+ switch (candidate->op()) {
+ case CreateDirectArguments:
+ candidate->setOpAndDefaultFlags(PhantomDirectArguments);
+ break;
+
+ case CreateClonedArguments:
+ candidate->setOpAndDefaultFlags(PhantomClonedArguments);
+ break;
+
+ default:
+ DFG_CRASH(m_graph, candidate, "bad node type");
+ break;
+ }
+ for (unsigned nodeIndex = candidateNodeIndex + 1; nodeIndex <= lastUserIndex; ++nodeIndex) {
+ Node* node = block->at(nodeIndex);
+ switch (node->op()) {
+ case Phantom:
+ case Check:
+ case HardPhantom:
+ case MovHint:
+ case PutHint:
+ // We don't need to change anything with these.
+ break;
+
+ case LoadVarargs:
+ if (node->child1() != candidate)
+ break;
+ node->setOpAndDefaultFlags(ForwardVarargs);
+ break;
+
+ case CallVarargs:
+ if (node->child2() != candidate)
+ break;
+ node->setOpAndDefaultFlags(CallForwardVarargs);
+ break;
+
+ case ConstructVarargs:
+ if (node->child2() != candidate)
+ break;
+ node->setOpAndDefaultFlags(ConstructForwardVarargs);
+ break;
+
+ case SetLocal:
+ // This is super odd. We don't have to do anything here, since in DFG IR, the phantom
+ // arguments nodes do produce a JSValue. Also, we know that if this SetLocal referenecs a
+ // candidate then the SetLocal - along with all of its references - will die off pretty
+ // soon, since it has no real users. DCE will surely kill it. If we make it to SSA, then
+ // SSA conversion will kill it.
+ break;
+
+ default:
+ if (ASSERT_DISABLED)
+ break;
+ m_graph.doToChildren(
+ node,
+ [&] (Edge edge) {
+ DFG_ASSERT(m_graph, node, edge != candidate);
+ });
+ break;
+ }
+ }
+ }
+
+ bool m_changed;
+};
+
+} // anonymous namespace
+
+bool performVarargsForwarding(Graph& graph)
+{
+ SamplingRegion samplingRegion("DFG Varargs Forwarding Phase");
+ return runPhase<VarargsForwardingPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVarargsForwardingPhaseh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.h (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,45 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGVarargsForwardingPhase_h
+#define DFGVarargsForwardingPhase_h
+
+#if ENABLE(DFG_JIT)
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+// Eliminates allocations of Arguments-class objects when they flow into CallVarargs, ConstructVarargs,
+// or LoadVarargs.
+
+bool performVarargsForwarding(Graph&);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGVarargsForwardingPhase_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVariableAccessDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -35,9 +35,7 @@
</span><span class="cx"> , m_prediction(SpecNone)
</span><span class="cx"> , m_argumentAwarePrediction(SpecNone)
</span><span class="cx"> , m_flags(0)
</span><del>- , m_isCaptured(false)
</del><span class="cx"> , m_shouldNeverUnbox(false)
</span><del>- , m_isArgumentsAlias(false)
</del><span class="cx"> , m_structureCheckHoistingFailed(false)
</span><span class="cx"> , m_checkArrayHoistingFailed(false)
</span><span class="cx"> , m_isProfitableToUnbox(false)
</span><span class="lines">@@ -47,14 +45,12 @@
</span><span class="cx"> clearVotes();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-VariableAccessData::VariableAccessData(VirtualRegister local, bool isCaptured)
</del><ins>+VariableAccessData::VariableAccessData(VirtualRegister local)
</ins><span class="cx"> : m_local(local)
</span><span class="cx"> , m_prediction(SpecNone)
</span><span class="cx"> , m_argumentAwarePrediction(SpecNone)
</span><span class="cx"> , m_flags(0)
</span><del>- , m_isCaptured(isCaptured)
- , m_shouldNeverUnbox(isCaptured)
- , m_isArgumentsAlias(false)
</del><ins>+ , m_shouldNeverUnbox(false)
</ins><span class="cx"> , m_structureCheckHoistingFailed(false)
</span><span class="cx"> , m_checkArrayHoistingFailed(false)
</span><span class="cx"> , m_isProfitableToUnbox(false)
</span><span class="lines">@@ -64,12 +60,6 @@
</span><span class="cx"> clearVotes();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool VariableAccessData::mergeIsCaptured(bool isCaptured)
-{
- return checkAndSet(m_shouldNeverUnbox, m_shouldNeverUnbox || isCaptured)
- | checkAndSet(m_isCaptured, m_isCaptured || isCaptured);
-}
-
</del><span class="cx"> bool VariableAccessData::mergeShouldNeverUnbox(bool shouldNeverUnbox)
</span><span class="cx"> {
</span><span class="cx"> bool newShouldNeverUnbox = m_shouldNeverUnbox | shouldNeverUnbox;
</span><span class="lines">@@ -198,9 +188,6 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(find() == this);
</span><span class="cx">
</span><del>- if (isArgumentsAlias())
- return FlushedArguments;
-
</del><span class="cx"> if (!shouldUnboxIfPossible())
</span><span class="cx"> return FlushedJSValue;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVariableAccessDatah"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGVariableAccessData.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011-2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -48,7 +48,7 @@
</span><span class="cx"> class VariableAccessData : public UnionFind<VariableAccessData> {
</span><span class="cx"> public:
</span><span class="cx"> VariableAccessData();
</span><del>- VariableAccessData(VirtualRegister local, bool isCaptured);
</del><ins>+ VariableAccessData(VirtualRegister local);
</ins><span class="cx">
</span><span class="cx"> VirtualRegister local()
</span><span class="cx"> {
</span><span class="lines">@@ -62,13 +62,6 @@
</span><span class="cx"> return m_machineLocal;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool mergeIsCaptured(bool isCaptured);
-
- bool isCaptured()
- {
- return m_isCaptured;
- }
-
</del><span class="cx"> bool mergeIsProfitableToUnbox(bool isProfitableToUnbox)
</span><span class="cx"> {
</span><span class="cx"> return checkAndSet(m_isProfitableToUnbox, m_isProfitableToUnbox || isProfitableToUnbox);
</span><span class="lines">@@ -86,7 +79,6 @@
</span><span class="cx"> // mean that we have actually done so.
</span><span class="cx"> bool shouldNeverUnbox()
</span><span class="cx"> {
</span><del>- ASSERT(!(m_isCaptured && !m_shouldNeverUnbox));
</del><span class="cx"> return m_shouldNeverUnbox;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -118,16 +110,6 @@
</span><span class="cx"> return m_checkArrayHoistingFailed;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool mergeIsArgumentsAlias(bool isArgumentsAlias)
- {
- return checkAndSet(m_isArgumentsAlias, m_isArgumentsAlias || isArgumentsAlias);
- }
-
- bool isArgumentsAlias()
- {
- return m_isArgumentsAlias;
- }
-
</del><span class="cx"> bool mergeIsLoadedFrom(bool isLoadedFrom)
</span><span class="cx"> {
</span><span class="cx"> return checkAndSet(m_isLoadedFrom, m_isLoadedFrom || isLoadedFrom);
</span><span class="lines">@@ -193,7 +175,6 @@
</span><span class="cx"> ASSERT(isRoot());
</span><span class="cx"> bool doubleState = m_doubleFormatState == UsingDoubleFormat;
</span><span class="cx"> ASSERT(!(doubleState && shouldNeverUnbox()));
</span><del>- ASSERT(!(doubleState && isCaptured()));
</del><span class="cx"> return doubleState && isProfitableToUnbox();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -233,9 +214,7 @@
</span><span class="cx"> SpeculatedType m_argumentAwarePrediction;
</span><span class="cx"> NodeFlags m_flags;
</span><span class="cx">
</span><del>- bool m_isCaptured;
</del><span class="cx"> bool m_shouldNeverUnbox;
</span><del>- bool m_isArgumentsAlias;
</del><span class="cx"> bool m_structureCheckHoistingFailed;
</span><span class="cx"> bool m_checkArrayHoistingFailed;
</span><span class="cx"> bool m_isProfitableToUnbox;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVariableAccessDataDumpcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -62,9 +62,7 @@
</span><span class="cx"> index /= 26;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (m_data->isCaptured())
- out.print("*");
- else if (m_data->shouldNeverUnbox())
</del><ins>+ if (m_data->shouldNeverUnbox())
</ins><span class="cx"> out.print("!");
</span><span class="cx"> else if (!m_data->shouldUnboxIfPossible())
</span><span class="cx"> out.print("~");
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVariableAccessDataDumph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGVariableAccessDataDump.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVariableEventStreamcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -91,11 +91,16 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (node->op() == PhantomArguments) {
- recovery = ValueRecovery::argumentsThatWereNotCreated();
</del><ins>+ if (node->op() == PhantomDirectArguments) {
+ recovery = ValueRecovery::directArgumentsThatWereNotCreated(node->id());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ if (node->op() == PhantomClonedArguments) {
+ recovery = ValueRecovery::outOfBandArgumentsThatWereNotCreated(node->id());
+ return true;
+ }
+
</ins><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGVariableEventStreamh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "DFGMinifiedGraph.h"
</span><span class="cx"> #include "DFGVariableEvent.h"
</span><span class="cx"> #include "Operands.h"
</span><ins>+#include "ValueRecovery.h"
</ins><span class="cx"> #include <wtf/Vector.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace DFG {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLAbstractHeapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -53,6 +53,20 @@
</span><span class="cx"> setMetadata(instruction, repository.m_tbaaKind, tbaaMetadata(repository));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void AbstractHeap::dump(PrintStream& out) const
+{
+ out.print(heapName());
+ if (m_parent)
+ out.print("->", *m_parent);
+}
+
+void AbstractField::dump(PrintStream& out) const
+{
+ out.print(heapName(), "(", m_offset, ")");
+ if (parent())
+ out.print("->", *parent());
+}
+
</ins><span class="cx"> IndexedAbstractHeap::IndexedAbstractHeap(LContext context, AbstractHeap* parent, const char* heapName, ptrdiff_t offset, size_t elementSize)
</span><span class="cx"> : m_heapForAnyIndex(parent, heapName)
</span><span class="cx"> , m_heapNameLength(strlen(heapName))
</span><span class="lines">@@ -176,6 +190,11 @@
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void IndexedAbstractHeap::dump(PrintStream& out) const
+{
+ out.print("Indexed:", atAnyIndex());
+}
+
</ins><span class="cx"> NumberedAbstractHeap::NumberedAbstractHeap(LContext context, AbstractHeap* heap, const char* heapName)
</span><span class="cx"> : m_indexedHeap(context, heap, heapName, 0, 1)
</span><span class="cx"> {
</span><span class="lines">@@ -185,6 +204,11 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void NumberedAbstractHeap::dump(PrintStream& out) const
+{
+ out.print("Numbered: ", atAnyNumber());
+}
+
</ins><span class="cx"> AbsoluteAbstractHeap::AbsoluteAbstractHeap(LContext context, AbstractHeap* heap, const char* heapName)
</span><span class="cx"> : m_indexedHeap(context, heap, heapName, 0, 1)
</span><span class="cx"> {
</span><span class="lines">@@ -194,6 +218,11 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void AbsoluteAbstractHeap::dump(PrintStream& out) const
+{
+ out.print("Absolute:", atAnyAddress());
+}
+
</ins><span class="cx"> } } // namespace JSC::FTL
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(FTL_JIT)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLAbstractHeaph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLAbstractHeap.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -99,6 +99,8 @@
</span><span class="cx">
</span><span class="cx"> void decorateInstruction(LValue instruction, const AbstractHeapRepository&) const;
</span><span class="cx">
</span><ins>+ void dump(PrintStream&) const;
+
</ins><span class="cx"> private:
</span><span class="cx"> friend class AbstractHeapRepository;
</span><span class="cx">
</span><span class="lines">@@ -135,6 +137,8 @@
</span><span class="cx"> return m_offset;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void dump(PrintStream&) const;
+
</ins><span class="cx"> private:
</span><span class="cx"> ptrdiff_t m_offset;
</span><span class="cx"> };
</span><span class="lines">@@ -157,6 +161,8 @@
</span><span class="cx">
</span><span class="cx"> TypedPointer baseIndex(Output& out, LValue base, LValue index, JSValue indexAsConstant = JSValue(), ptrdiff_t offset = 0);
</span><span class="cx">
</span><ins>+ void dump(PrintStream&) const;
+
</ins><span class="cx"> private:
</span><span class="cx"> const AbstractField& returnInitialized(AbstractField& field, ptrdiff_t index)
</span><span class="cx"> {
</span><span class="lines">@@ -201,6 +207,8 @@
</span><span class="cx"> const AbstractHeap& at(unsigned number) { return m_indexedHeap.at(number); }
</span><span class="cx"> const AbstractHeap& operator[](unsigned number) { return at(number); }
</span><span class="cx">
</span><ins>+ void dump(PrintStream&) const;
+
</ins><span class="cx"> private:
</span><span class="cx">
</span><span class="cx"> // We use the fact that the indexed heap already has a superset of the
</span><span class="lines">@@ -222,6 +230,8 @@
</span><span class="cx">
</span><span class="cx"> const AbstractHeap& operator[](void* address) { return at(address); }
</span><span class="cx">
</span><ins>+ void dump(PrintStream&) const;
+
</ins><span class="cx"> private:
</span><span class="cx"> // The trick here is that the indexed heap is "indexed" by a pointer-width
</span><span class="cx"> // integer. Pointers are themselves pointer-width integers. So we can reuse
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLAbstractHeapRepositorycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,11 +28,14 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx">
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "JSEnvironmentRecord.h"
</span><span class="cx"> #include "JSPropertyNameEnumerator.h"
</span><span class="cx"> #include "JSScope.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "ScopedArguments.h"
+#include "ScopedArgumentsTable.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC { namespace FTL {
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLAbstractHeapRepositoryh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -35,10 +35,7 @@
</span><span class="cx"> namespace JSC { namespace FTL {
</span><span class="cx">
</span><span class="cx"> #define FOR_EACH_ABSTRACT_HEAP(macro) \
</span><del>- macro(length) \
- macro(structureTable) \
- macro(typedArrayProperties) \
- macro(WriteBarrierBuffer_bufferContents)
</del><ins>+ macro(typedArrayProperties)
</ins><span class="cx">
</span><span class="cx"> #define FOR_EACH_ABSTRACT_FIELD(macro) \
</span><span class="cx"> macro(ArrayBuffer_data, ArrayBuffer::offsetOfData()) \
</span><span class="lines">@@ -46,6 +43,10 @@
</span><span class="cx"> macro(Butterfly_publicLength, Butterfly::offsetOfPublicLength()) \
</span><span class="cx"> macro(Butterfly_vectorLength, Butterfly::offsetOfVectorLength()) \
</span><span class="cx"> macro(CallFrame_callerFrame, CallFrame::callerFrameOffset()) \
</span><ins>+ macro(DirectArguments_callee, DirectArguments::offsetOfCallee()) \
+ macro(DirectArguments_length, DirectArguments::offsetOfLength()) \
+ macro(DirectArguments_minCapacity, DirectArguments::offsetOfMinCapacity()) \
+ macro(DirectArguments_overrides, DirectArguments::offsetOfOverrides()) \
</ins><span class="cx"> macro(GetterSetter_getter, GetterSetter::offsetOfGetter()) \
</span><span class="cx"> macro(GetterSetter_setter, GetterSetter::offsetOfSetter()) \
</span><span class="cx"> macro(JSArrayBufferView_length, JSArrayBufferView::offsetOfLength()) \
</span><span class="lines">@@ -70,10 +71,16 @@
</span><span class="cx"> macro(JSString_flags, JSString::offsetOfFlags()) \
</span><span class="cx"> macro(JSString_length, JSString::offsetOfLength()) \
</span><span class="cx"> macro(JSString_value, JSString::offsetOfValue()) \
</span><del>- macro(JSEnvironmentRecord_registers, JSEnvironmentRecord::offsetOfRegisters()) \
</del><ins>+ macro(JSSymbolTableObject_symbolTable, JSSymbolTableObject::offsetOfSymbolTable()) \
</ins><span class="cx"> macro(JSWrapperObject_internalValue, JSWrapperObject::internalValueOffset()) \
</span><span class="cx"> macro(MarkedAllocator_freeListHead, MarkedAllocator::offsetOfFreeListHead()) \
</span><span class="cx"> macro(MarkedBlock_markBits, MarkedBlock::offsetOfMarks()) \
</span><ins>+ macro(ScopedArguments_overrodeThings, ScopedArguments::offsetOfOverrodeThings()) \
+ macro(ScopedArguments_scope, ScopedArguments::offsetOfScope()) \
+ macro(ScopedArguments_table, ScopedArguments::offsetOfTable()) \
+ macro(ScopedArguments_totalLength, ScopedArguments::offsetOfTotalLength()) \
+ macro(ScopedArgumentsTable_arguments, ScopedArgumentsTable::offsetOfArguments()) \
+ macro(ScopedArgumentsTable_length, ScopedArgumentsTable::offsetOfLength()) \
</ins><span class="cx"> macro(StringImpl_data, StringImpl::dataOffset()) \
</span><span class="cx"> macro(StringImpl_hashAndFlags, StringImpl::flagsOffset()) \
</span><span class="cx"> macro(Structure_classInfo, Structure::classInfoOffset()) \
</span><span class="lines">@@ -82,14 +89,23 @@
</span><span class="cx"> macro(Structure_structureID, Structure::structureIDOffset())
</span><span class="cx">
</span><span class="cx"> #define FOR_EACH_INDEXED_ABSTRACT_HEAP(macro) \
</span><ins>+ macro(DirectArguments_storage, DirectArguments::storageOffset(), sizeof(EncodedJSValue)) \
+ macro(JSEnvironmentRecord_variables, JSEnvironmentRecord::offsetOfVariables(), sizeof(EncodedJSValue)) \
+ macro(JSPropertyNameEnumerator_cachedPropertyNamesVectorContents, 0, sizeof(WriteBarrier<JSString>)) \
</ins><span class="cx"> macro(JSRopeString_fibers, JSRopeString::offsetOfFibers(), sizeof(WriteBarrier<JSString>)) \
</span><ins>+ macro(MarkedSpace_Subspace_impreciseAllocators, OBJECT_OFFSETOF(MarkedSpace::Subspace, impreciseAllocators), sizeof(MarkedAllocator)) \
+ macro(MarkedSpace_Subspace_preciseAllocators, OBJECT_OFFSETOF(MarkedSpace::Subspace, preciseAllocators), sizeof(MarkedAllocator)) \
+ macro(ScopedArguments_overflowStorage, ScopedArguments::overflowStorageOffset(), sizeof(EncodedJSValue)) \
+ macro(WriteBarrierBuffer_bufferContents, 0, sizeof(JSCell*)) \
</ins><span class="cx"> macro(characters8, 0, sizeof(LChar)) \
</span><span class="cx"> macro(characters16, 0, sizeof(UChar)) \
</span><span class="cx"> macro(indexedInt32Properties, 0, sizeof(EncodedJSValue)) \
</span><span class="cx"> macro(indexedDoubleProperties, 0, sizeof(double)) \
</span><span class="cx"> macro(indexedContiguousProperties, 0, sizeof(EncodedJSValue)) \
</span><span class="cx"> macro(indexedArrayStorageProperties, 0, sizeof(EncodedJSValue)) \
</span><ins>+ macro(scopedArgumentsTableArguments, 0, sizeof(int32_t)) \
</ins><span class="cx"> macro(singleCharacterStrings, 0, sizeof(JSString*)) \
</span><ins>+ macro(structureTable, 0, sizeof(Structure*)) \
</ins><span class="cx"> macro(variables, 0, sizeof(Register))
</span><span class="cx">
</span><span class="cx"> #define FOR_EACH_NUMBERED_ABSTRACT_HEAP(macro) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -44,7 +44,6 @@
</span><span class="cx">
</span><span class="cx"> switch (node->op()) {
</span><span class="cx"> case JSConstant:
</span><del>- case GetMyArgumentsLength:
</del><span class="cx"> case GetLocal:
</span><span class="cx"> case SetLocal:
</span><span class="cx"> case PutStack:
</span><span class="lines">@@ -103,9 +102,15 @@
</span><span class="cx"> case ExtractOSREntryLocal:
</span><span class="cx"> case LoopHint:
</span><span class="cx"> case SkipScope:
</span><del>- case GetClosureRegisters:
</del><ins>+ case CreateActivation:
+ case NewFunction:
</ins><span class="cx"> case GetClosureVar:
</span><span class="cx"> case PutClosureVar:
</span><ins>+ case CreateDirectArguments:
+ case CreateScopedArguments:
+ case CreateClonedArguments:
+ case GetFromArguments:
+ case PutToArguments:
</ins><span class="cx"> case InvalidationPoint:
</span><span class="cx"> case StringCharAt:
</span><span class="cx"> case CheckCell:
</span><span class="lines">@@ -124,6 +129,7 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> case LoadVarargs:
</span><span class="cx"> case NativeCall:
</span><span class="cx"> case NativeConstruct:
</span><span class="lines">@@ -137,8 +143,8 @@
</span><span class="cx"> case GetExecutable:
</span><span class="cx"> case GetScope:
</span><span class="cx"> case AllocationProfileWatchpoint:
</span><del>- case CheckArgumentsNotCreated:
</del><span class="cx"> case GetCallee:
</span><ins>+ case GetArgumentCount:
</ins><span class="cx"> case ToString:
</span><span class="cx"> case MakeRope:
</span><span class="cx"> case NewArrayWithSize:
</span><span class="lines">@@ -147,11 +153,9 @@
</span><span class="cx"> case MultiGetByOffset:
</span><span class="cx"> case MultiPutByOffset:
</span><span class="cx"> case ToPrimitive:
</span><del>- case PhantomArguments:
</del><span class="cx"> case Throw:
</span><span class="cx"> case ThrowReferenceError:
</span><span class="cx"> case Unreachable:
</span><del>- case GetMyArgumentByVal:
</del><span class="cx"> case IsUndefined:
</span><span class="cx"> case IsBoolean:
</span><span class="cx"> case IsNumber:
</span><span class="lines">@@ -180,6 +184,10 @@
</span><span class="cx"> case PutHint:
</span><span class="cx"> case CheckStructureImmediate:
</span><span class="cx"> case MaterializeNewObject:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
+ case GetMyArgumentByVal:
+ case ForwardVarargs:
</ins><span class="cx"> // These are OK.
</span><span class="cx"> break;
</span><span class="cx"> case Identity:
</span><span class="lines">@@ -208,6 +216,8 @@
</span><span class="cx"> case Array::Int32:
</span><span class="cx"> case Array::Double:
</span><span class="cx"> case Array::Contiguous:
</span><ins>+ case Array::DirectArguments:
+ case Array::ScopedArguments:
</ins><span class="cx"> break;
</span><span class="cx"> default:
</span><span class="cx"> if (isTypedView(node->arrayMode().typedArrayType()))
</span><span class="lines">@@ -221,6 +231,8 @@
</span><span class="cx"> case Array::Double:
</span><span class="cx"> case Array::Contiguous:
</span><span class="cx"> case Array::String:
</span><ins>+ case Array::DirectArguments:
+ case Array::ScopedArguments:
</ins><span class="cx"> break;
</span><span class="cx"> default:
</span><span class="cx"> if (isTypedView(node->arrayMode().typedArrayType()))
</span><span class="lines">@@ -247,6 +259,8 @@
</span><span class="cx"> case Array::Int32:
</span><span class="cx"> case Array::Double:
</span><span class="cx"> case Array::Contiguous:
</span><ins>+ case Array::DirectArguments:
+ case Array::ScopedArguments:
</ins><span class="cx"> break;
</span><span class="cx"> default:
</span><span class="cx"> if (isTypedView(node->arrayMode().typedArrayType()))
</span><span class="lines">@@ -367,17 +381,6 @@
</span><span class="cx"> return CannotCompile;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (graph.m_codeBlock->needsActivation()) {
- // Need this because although we also don't support
- // CreateActivation, we might not see those nodes in case of
- // OSR entry.
- // FIXME: Support activations.
- // https://bugs.webkit.org/show_bug.cgi?id=129576
- if (verboseCapabilities())
- dataLog("FTL rejecting ", *graph.m_codeBlock, " because it uses activations.\n");
- return CannotCompile;
- }
-
</del><span class="cx"> CapabilityLevel result = CanCompileAndOSREnter;
</span><span class="cx">
</span><span class="cx"> for (BlockIndex blockIndex = graph.numBlocks(); blockIndex--;) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -140,6 +140,9 @@
</span><span class="cx">
</span><span class="cx"> static int offsetOfStackRegion(StackMaps::RecordMap& recordMap, uint32_t stackmapID)
</span><span class="cx"> {
</span><ins>+ if (stackmapID == UINT_MAX)
+ return 0;
+
</ins><span class="cx"> StackMaps::RecordMap::iterator iter = recordMap.find(stackmapID);
</span><span class="cx"> RELEASE_ASSERT(iter != recordMap.end());
</span><span class="cx"> RELEASE_ASSERT(iter->value.size() == 1);
</span><span class="lines">@@ -301,21 +304,12 @@
</span><span class="cx"> VM& vm = graph.m_vm;
</span><span class="cx"> StackMaps stackmaps = jitCode->stackmaps;
</span><span class="cx">
</span><del>- int localsOffset =
- offsetOfStackRegion(recordMap, state.capturedStackmapID) + graph.m_nextMachineLocal;
</del><ins>+ int localsOffset = offsetOfStackRegion(recordMap, state.capturedStackmapID) + graph.m_nextMachineLocal;
+ int varargsSpillSlotsOffset = offsetOfStackRegion(recordMap, state.varargsSpillSlotsStackmapID);
</ins><span class="cx">
</span><del>- int varargsSpillSlotsOffset;
- if (state.varargsSpillSlotsStackmapID != UINT_MAX)
- varargsSpillSlotsOffset = offsetOfStackRegion(recordMap, state.varargsSpillSlotsStackmapID);
- else
- varargsSpillSlotsOffset = 0;
-
</del><span class="cx"> for (unsigned i = graph.m_inlineVariableData.size(); i--;) {
</span><span class="cx"> InlineCallFrame* inlineCallFrame = graph.m_inlineVariableData[i].inlineCallFrame;
</span><span class="cx">
</span><del>- if (inlineCallFrame->argumentsRegister.isValid())
- inlineCallFrame->argumentsRegister += localsOffset;
-
</del><span class="cx"> if (inlineCallFrame->argumentCountRegister.isValid())
</span><span class="cx"> inlineCallFrame->argumentCountRegister += localsOffset;
</span><span class="cx">
</span><span class="lines">@@ -330,11 +324,6 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (codeBlock->usesArguments()) {
- codeBlock->setArgumentsRegister(
- VirtualRegister(codeBlock->argumentsRegister().offset() + localsOffset));
- }
-
</del><span class="cx"> MacroAssembler::Label stackOverflowException;
</span><span class="cx">
</span><span class="cx"> {
</span><span class="lines">@@ -396,15 +385,10 @@
</span><span class="cx"> info.m_thunkAddress = linkBuffer->locationOf(info.m_thunkLabel);
</span><span class="cx"> exit.m_patchableCodeOffset = linkBuffer->offsetOf(info.m_thunkJump);
</span><span class="cx">
</span><del>- for (unsigned j = exit.m_values.size(); j--;) {
- ExitValue value = exit.m_values[j];
- if (!value.isInJSStackSomehow())
- continue;
- if (!value.virtualRegister().isLocal())
- continue;
- exit.m_values[j] = value.withVirtualRegister(
- VirtualRegister(value.virtualRegister().offset() + localsOffset));
- }
</del><ins>+ for (unsigned j = exit.m_values.size(); j--;)
+ exit.m_values[j] = exit.m_values[j].withLocalsOffset(localsOffset);
+ for (ExitTimeObjectMaterialization* materialization : exit.m_materializations)
+ materialization->accountForLocalsOffset(localsOffset);
</ins><span class="cx">
</span><span class="cx"> if (verboseCompilationEnabled()) {
</span><span class="cx"> DumpContext context;
</span><span class="lines">@@ -588,7 +572,7 @@
</span><span class="cx"> JSCallVarargs& call = state.jsCallVarargses[i];
</span><span class="cx">
</span><span class="cx"> CCallHelpers fastPathJIT(&vm, codeBlock);
</span><del>- call.emit(fastPathJIT, graph, varargsSpillSlotsOffset);
</del><ins>+ call.emit(fastPathJIT, varargsSpillSlotsOffset);
</ins><span class="cx">
</span><span class="cx"> char* startOfIC = bitwise_cast<char*>(generatedFunction) + call.m_instructionOffset;
</span><span class="cx"> size_t sizeOfIC = sizeOfICFor(call.node());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitArgumentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitArgument.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitArgument.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitArgument.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -32,7 +32,7 @@
</span><span class="cx">
</span><span class="cx"> void ExitArgument::dump(PrintStream& out) const
</span><span class="cx"> {
</span><del>- out.print("arg", argument(), " as ", format());
</del><ins>+ out.print("#", argument(), " as ", format());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } } // namespace JSC::FTL
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitPropertyValuecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -30,6 +30,11 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace FTL {
</span><span class="cx">
</span><ins>+ExitPropertyValue ExitPropertyValue::withLocalsOffset(int offset) const
+{
+ return ExitPropertyValue(m_location, m_value.withLocalsOffset(offset));
+}
+
</ins><span class="cx"> void ExitPropertyValue::dump(PrintStream& out) const
</span><span class="cx"> {
</span><span class="cx"> out.print(m_location, " => ", m_value);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitPropertyValueh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitPropertyValue.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -51,6 +51,8 @@
</span><span class="cx"> DFG::PromotedLocationDescriptor location() const { return m_location; }
</span><span class="cx"> const ExitValue& value() const { return m_value; }
</span><span class="cx">
</span><ins>+ ExitPropertyValue withLocalsOffset(int offset) const;
+
</ins><span class="cx"> void dump(PrintStream& out) const;
</span><span class="cx">
</span><span class="cx"> private:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitTimeObjectMaterializationcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -34,8 +34,9 @@
</span><span class="cx">
</span><span class="cx"> using namespace JSC::DFG;
</span><span class="cx">
</span><del>-ExitTimeObjectMaterialization::ExitTimeObjectMaterialization(NodeType type)
</del><ins>+ExitTimeObjectMaterialization::ExitTimeObjectMaterialization(NodeType type, CodeOrigin codeOrigin)
</ins><span class="cx"> : m_type(type)
</span><ins>+ , m_origin(codeOrigin)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -58,6 +59,12 @@
</span><span class="cx"> return ExitValue();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void ExitTimeObjectMaterialization::accountForLocalsOffset(int offset)
+{
+ for (ExitPropertyValue& property : m_properties)
+ property = property.withLocalsOffset(offset);
+}
+
</ins><span class="cx"> void ExitTimeObjectMaterialization::dump(PrintStream& out) const
</span><span class="cx"> {
</span><span class="cx"> out.print(RawPointer(this), ":", Graph::opName(m_type), "(", listDump(m_properties), ")");
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitTimeObjectMaterializationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitTimeObjectMaterialization.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -38,20 +38,24 @@
</span><span class="cx"> class ExitTimeObjectMaterialization {
</span><span class="cx"> WTF_MAKE_NONCOPYABLE(ExitTimeObjectMaterialization)
</span><span class="cx"> public:
</span><del>- ExitTimeObjectMaterialization(DFG::NodeType);
</del><ins>+ ExitTimeObjectMaterialization(DFG::NodeType, CodeOrigin);
</ins><span class="cx"> ~ExitTimeObjectMaterialization();
</span><span class="cx">
</span><span class="cx"> void add(DFG::PromotedLocationDescriptor, const ExitValue&);
</span><span class="cx">
</span><span class="cx"> DFG::NodeType type() const { return m_type; }
</span><ins>+ CodeOrigin origin() const { return m_origin; }
</ins><span class="cx">
</span><span class="cx"> ExitValue get(DFG::PromotedLocationDescriptor) const;
</span><span class="cx"> const Vector<ExitPropertyValue>& properties() const { return m_properties; }
</span><span class="cx">
</span><ins>+ void accountForLocalsOffset(int offset);
+
</ins><span class="cx"> void dump(PrintStream& out) const;
</span><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> DFG::NodeType m_type;
</span><ins>+ CodeOrigin m_origin;
</ins><span class="cx"> Vector<ExitPropertyValue> m_properties;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitValuecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -41,6 +41,48 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ExitValue ExitValue::withLocalsOffset(int offset) const
+{
+ if (!isInJSStackSomehow())
+ return *this;
+ if (!virtualRegister().isLocal())
+ return *this;
+ return withVirtualRegister(virtualRegister() + offset);
+}
+
+ValueFormat ExitValue::valueFormat() const
+{
+ switch (kind()) {
+ case InvalidExitValue:
+ RELEASE_ASSERT_NOT_REACHED();
+ return InvalidValueFormat;
+
+ case ExitValueDead:
+ case ExitValueConstant:
+ case ExitValueInJSStack:
+ case ExitValueMaterializeNewObject:
+ return ValueFormatJSValue;
+
+ case ExitValueArgument:
+ return exitArgument().format();
+
+ case ExitValueInJSStackAsInt32:
+ return ValueFormatInt32;
+
+ case ExitValueInJSStackAsInt52:
+ return ValueFormatInt52;
+
+ case ExitValueInJSStackAsDouble:
+ return ValueFormatDouble;
+
+ case ExitValueRecovery:
+ return recoveryFormat();
+ }
+
+ RELEASE_ASSERT_NOT_REACHED();
+ return InvalidValueFormat;
+}
+
</ins><span class="cx"> void ExitValue::dumpInContext(PrintStream& out, DumpContext* context) const
</span><span class="cx"> {
</span><span class="cx"> switch (kind()) {
</span><span class="lines">@@ -68,9 +110,6 @@
</span><span class="cx"> case ExitValueInJSStackAsDouble:
</span><span class="cx"> out.print("InJSStackAsDouble:", virtualRegister());
</span><span class="cx"> return;
</span><del>- case ExitValueArgumentsObjectThatWasNotCreated:
- out.print("ArgumentsObjectThatWasNotCreated");
- return;
</del><span class="cx"> case ExitValueRecovery:
</span><span class="cx"> out.print("Recovery(", recoveryOpcode(), ", arg", leftRecoveryArgument(), ", arg", rightRecoveryArgument(), ", ", recoveryFormat(), ")");
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitValueh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitValue.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitValue.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitValue.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -51,7 +51,6 @@
</span><span class="cx"> ExitValueInJSStackAsInt32,
</span><span class="cx"> ExitValueInJSStackAsInt52,
</span><span class="cx"> ExitValueInJSStackAsDouble,
</span><del>- ExitValueArgumentsObjectThatWasNotCreated,
</del><span class="cx"> ExitValueRecovery,
</span><span class="cx"> ExitValueMaterializeNewObject
</span><span class="cx"> };
</span><span class="lines">@@ -122,13 +121,6 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static ExitValue argumentsObjectThatWasNotCreated()
- {
- ExitValue result;
- result.m_kind = ExitValueArgumentsObjectThatWasNotCreated;
- return result;
- }
-
</del><span class="cx"> static ExitValue recovery(RecoveryOpcode opcode, unsigned leftArgument, unsigned rightArgument, ValueFormat format)
</span><span class="cx"> {
</span><span class="cx"> ExitValue result;
</span><span class="lines">@@ -159,7 +151,6 @@
</span><span class="cx"> }
</span><span class="cx"> bool isConstant() const { return kind() == ExitValueConstant; }
</span><span class="cx"> bool isArgument() const { return kind() == ExitValueArgument; }
</span><del>- bool isArgumentsObjectThatWasNotCreated() const { return kind() == ExitValueArgumentsObjectThatWasNotCreated; }
</del><span class="cx"> bool isRecovery() const { return kind() == ExitValueRecovery; }
</span><span class="cx"> bool isObjectMaterialization() const { return kind() == ExitValueMaterializeNewObject; }
</span><span class="cx">
</span><span class="lines">@@ -220,43 +211,13 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ExitValue withLocalsOffset(int offset) const;
+
</ins><span class="cx"> // If it's in the JSStack somehow, this will tell you what format it's in, in a manner
</span><span class="cx"> // that is compatible with exitArgument().format(). If it's a constant or it's dead, it
</span><span class="cx"> // will claim to be a JSValue. If it's an argument then it will tell you the argument's
</span><span class="cx"> // format.
</span><del>- ValueFormat valueFormat() const
- {
- switch (kind()) {
- case InvalidExitValue:
- RELEASE_ASSERT_NOT_REACHED();
- return InvalidValueFormat;
-
- case ExitValueDead:
- case ExitValueConstant:
- case ExitValueInJSStack:
- case ExitValueArgumentsObjectThatWasNotCreated:
- case ExitValueMaterializeNewObject:
- return ValueFormatJSValue;
-
- case ExitValueArgument:
- return exitArgument().format();
-
- case ExitValueInJSStackAsInt32:
- return ValueFormatInt32;
-
- case ExitValueInJSStackAsInt52:
- return ValueFormatInt52;
-
- case ExitValueInJSStackAsDouble:
- return ValueFormatDouble;
-
- case ExitValueRecovery:
- return recoveryFormat();
- }
-
- RELEASE_ASSERT_NOT_REACHED();
- return InvalidValueFormat;
- }
</del><ins>+ ValueFormat valueFormat() const;
</ins><span class="cx">
</span><span class="cx"> void dump(PrintStream&) const;
</span><span class="cx"> void dumpInContext(PrintStream&, DumpContext*) const;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLInlineCacheSizecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -85,21 +85,30 @@
</span><span class="cx"> size_t sizeOfCallForwardVarargs()
</span><span class="cx"> {
</span><span class="cx"> #if CPU(ARM64)
</span><del>- return 460;
</del><ins>+ return 312;
</ins><span class="cx"> #else
</span><del>- return 372;
</del><ins>+ return 250;
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> size_t sizeOfConstructVarargs()
</span><span class="cx"> {
</span><span class="cx"> #if CPU(ARM64)
</span><del>- return 300;
</del><ins>+ return 332;
</ins><span class="cx"> #else
</span><span class="cx"> return 275;
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+size_t sizeOfConstructForwardVarargs()
+{
+#if CPU(ARM64)
+ return 312;
+#else
+ return 250;
+#endif
+}
+
</ins><span class="cx"> size_t sizeOfIn()
</span><span class="cx"> {
</span><span class="cx"> #if CPU(ARM64)
</span><span class="lines">@@ -125,6 +134,8 @@
</span><span class="cx"> return sizeOfCallForwardVarargs();
</span><span class="cx"> case ConstructVarargs:
</span><span class="cx"> return sizeOfConstructVarargs();
</span><ins>+ case ConstructForwardVarargs:
+ return sizeOfConstructForwardVarargs();
</ins><span class="cx"> case In:
</span><span class="cx"> return sizeOfIn();
</span><span class="cx"> default:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLInlineCacheSizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -42,6 +42,7 @@
</span><span class="cx"> size_t sizeOfCallVarargs();
</span><span class="cx"> size_t sizeOfCallForwardVarargs();
</span><span class="cx"> size_t sizeOfConstructVarargs();
</span><ins>+size_t sizeOfConstructForwardVarargs();
</ins><span class="cx"> size_t sizeOfIn();
</span><span class="cx">
</span><span class="cx"> size_t sizeOfICFor(DFG::Node*);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLIntrinsicRepositoryh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -63,6 +63,11 @@
</span><span class="cx"> macro(C_JITOperation_EJssJss, functionType(intPtr, intPtr, intPtr, intPtr)) \
</span><span class="cx"> macro(C_JITOperation_EJssJssJss, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \
</span><span class="cx"> macro(C_JITOperation_ESt, functionType(intPtr, intPtr, intPtr)) \
</span><ins>+ macro(C_JITOperation_EStJscSymtab, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \
+ macro(C_JITOperation_EStRZJsf, functionType(intPtr, intPtr, intPtr, intPtr, int32, intPtr)) \
+ macro(C_JITOperation_EStRZJsfL, functionType(intPtr, intPtr, intPtr, intPtr, int32, intPtr, intPtr)) \
+ macro(C_JITOperation_EStZ, functionType(intPtr, intPtr, intPtr, int32)) \
+ macro(C_JITOperation_EStZZ, functionType(intPtr, intPtr, intPtr, int32, int32)) \
</ins><span class="cx"> macro(C_JITOperation_EZ, functionType(intPtr, intPtr, int32)) \
</span><span class="cx"> macro(D_JITOperation_D, functionType(doubleType, doubleType)) \
</span><span class="cx"> macro(I_JITOperation_EJss, functionType(intPtr, intPtr, intPtr)) \
</span><span class="lines">@@ -76,6 +81,7 @@
</span><span class="cx"> macro(J_JITOperation_EJA, functionType(int64, intPtr, int64, intPtr)) \
</span><span class="cx"> macro(J_JITOperation_EJC, functionType(int64, intPtr, int64, intPtr)) \
</span><span class="cx"> macro(J_JITOperation_EJJ, functionType(int64, intPtr, int64, int64)) \
</span><ins>+ macro(J_JITOperation_EJscC, functionType(intPtr, intPtr, intPtr, intPtr)) \
</ins><span class="cx"> macro(J_JITOperation_EJssZ, functionType(int64, intPtr, intPtr, int32)) \
</span><span class="cx"> macro(J_JITOperation_ESsiJI, functionType(int64, intPtr, intPtr, int64, intPtr)) \
</span><span class="cx"> macro(Jss_JITOperation_EZ, functionType(intPtr, intPtr, int32)) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLJSCallVarargscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx">
</span><del>-#include "DFGGraph.h"
</del><span class="cx"> #include "DFGNode.h"
</span><span class="cx"> #include "DFGOperations.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="lines">@@ -51,11 +50,14 @@
</span><span class="cx"> : m_stackmapID(stackmapID)
</span><span class="cx"> , m_node(node)
</span><span class="cx"> , m_callBase(
</span><del>- node->op() == ConstructVarargs ? CallLinkInfo::ConstructVarargs : CallLinkInfo::CallVarargs,
</del><ins>+ (node->op() == ConstructVarargs || node->op() == ConstructForwardVarargs)
+ ? CallLinkInfo::ConstructVarargs : CallLinkInfo::CallVarargs,
</ins><span class="cx"> node->origin.semantic)
</span><span class="cx"> , m_instructionOffset(0)
</span><span class="cx"> {
</span><del>- ASSERT(node->op() == CallVarargs || node->op() == CallForwardVarargs || node->op() == ConstructVarargs);
</del><ins>+ ASSERT(
+ node->op() == CallVarargs || node->op() == CallForwardVarargs
+ || node->op() == ConstructVarargs || node->op() == ConstructForwardVarargs);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> unsigned JSCallVarargs::numSpillSlotsNeeded()
</span><span class="lines">@@ -63,11 +65,11 @@
</span><span class="cx"> return 4;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JSCallVarargs::emit(CCallHelpers& jit, Graph& graph, int32_t spillSlotsOffset)
</del><ins>+void JSCallVarargs::emit(CCallHelpers& jit, int32_t spillSlotsOffset)
</ins><span class="cx"> {
</span><span class="cx"> // We are passed three pieces of information:
</span><span class="cx"> // - The callee.
</span><del>- // - The arguments object.
</del><ins>+ // - The arguments object, if it's not a forwarding call.
</ins><span class="cx"> // - The "this" value, if it's a constructor call.
</span><span class="cx">
</span><span class="cx"> CallVarargsData* data = m_node->callVarargsData();
</span><span class="lines">@@ -76,21 +78,20 @@
</span><span class="cx">
</span><span class="cx"> GPRReg argumentsGPR = InvalidGPRReg;
</span><span class="cx"> GPRReg thisGPR = InvalidGPRReg;
</span><del>- bool argumentsOnStack = false;
</del><span class="cx">
</span><ins>+ bool forwarding = false;
+
</ins><span class="cx"> switch (m_node->op()) {
</span><span class="cx"> case CallVarargs:
</span><ins>+ case ConstructVarargs:
</ins><span class="cx"> argumentsGPR = GPRInfo::argumentGPR1;
</span><span class="cx"> thisGPR = GPRInfo::argumentGPR2;
</span><span class="cx"> break;
</span><span class="cx"> case CallForwardVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> thisGPR = GPRInfo::argumentGPR1;
</span><del>- argumentsOnStack = true;
</del><ins>+ forwarding = true;
</ins><span class="cx"> break;
</span><del>- case ConstructVarargs:
- argumentsGPR = GPRInfo::argumentGPR1;
- thisGPR = GPRInfo::argumentGPR2;
- break;
</del><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> break;
</span><span class="lines">@@ -115,21 +116,9 @@
</span><span class="cx"> GPRReg scratchGPR1 = allocator.allocateScratchGPR();
</span><span class="cx"> GPRReg scratchGPR2 = allocator.allocateScratchGPR();
</span><span class="cx"> GPRReg scratchGPR3 = allocator.allocateScratchGPR();
</span><del>- if (argumentsOnStack)
- argumentsGPR = allocator.allocateScratchGPR();
</del><ins>+
</ins><span class="cx"> RELEASE_ASSERT(!allocator.numberOfReusedRegisters());
</span><span class="cx">
</span><del>- auto loadArguments = [&] (bool clobbered) {
- if (argumentsOnStack) {
- jit.load64(
- CCallHelpers::addressFor(graph.machineArgumentsRegisterFor(m_node->origin.semantic)),
- argumentsGPR);
- } else if (clobbered) {
- jit.load64(
- CCallHelpers::addressFor(spillSlotsOffset + argumentsSpillSlot), argumentsGPR);
- }
- };
-
</del><span class="cx"> auto computeUsedStack = [&] (GPRReg targetGPR, unsigned extra) {
</span><span class="cx"> if (isARM64()) {
</span><span class="cx"> // Have to do this the weird way because $sp on ARM64 means zero when used in a subtraction.
</span><span class="lines">@@ -151,61 +140,55 @@
</span><span class="cx"> m_exceptions.append(jit.emitExceptionCheck(AssemblyHelpers::NormalExceptionCheck, AssemblyHelpers::FarJumpWidth));
</span><span class="cx"> };
</span><span class="cx">
</span><del>- loadArguments(false);
-
</del><span class="cx"> if (isARM64()) {
</span><span class="cx"> jit.move(CCallHelpers::stackPointerRegister, scratchGPR1);
</span><span class="cx"> jit.storePtr(scratchGPR1, CCallHelpers::addressFor(spillSlotsOffset + stackPointerSpillSlot));
</span><span class="cx"> } else
</span><span class="cx"> jit.storePtr(CCallHelpers::stackPointerRegister, CCallHelpers::addressFor(spillSlotsOffset + stackPointerSpillSlot));
</span><del>-
- // Attempt the forwarding fast path, if it's been requested.
- CCallHelpers::Jump haveArguments;
- if (m_node->op() == CallForwardVarargs) {
- // Do the horrific foo.apply(this, arguments) optimization.
- // FIXME: do this optimization at the IR level.
-
</del><ins>+
+ unsigned extraStack = sizeof(CallerFrameAndPC) +
+ WTF::roundUpToMultipleOf(stackAlignmentBytes(), 5 * sizeof(void*));
+
+ if (forwarding) {
</ins><span class="cx"> CCallHelpers::JumpList slowCase;
</span><del>- slowCase.append(jit.branchTest64(CCallHelpers::NonZero, argumentsGPR));
-
</del><span class="cx"> computeUsedStack(scratchGPR2, 0);
</span><del>- emitSetupVarargsFrameFastCase(jit, scratchGPR2, scratchGPR1, scratchGPR2, scratchGPR3, m_node->origin.semantic.inlineCallFrame, data->firstVarArgOffset, slowCase);
</del><ins>+ emitSetupVarargsFrameFastCase(jit, scratchGPR2, scratchGPR1, scratchGPR2, scratchGPR3, m_node->child2()->origin.semantic.inlineCallFrame, data->firstVarArgOffset, slowCase);
</ins><span class="cx">
</span><del>- jit.move(calleeGPR, GPRInfo::regT0);
- haveArguments = jit.jump();
</del><ins>+ CCallHelpers::Jump done = jit.jump();
</ins><span class="cx"> slowCase.link(&jit);
</span><del>- }
-
- // Gotta spill the callee, arguments, and this because we will need them later and we will have some
- // calls that clobber them.
- jit.store64(calleeGPR, CCallHelpers::addressFor(spillSlotsOffset + calleeSpillSlot));
- if (!argumentsOnStack)
</del><ins>+ jit.subPtr(CCallHelpers::TrustedImm32(extraStack), CCallHelpers::stackPointerRegister);
+ jit.setupArgumentsExecState();
+ callWithExceptionCheck(bitwise_cast<void*>(operationThrowStackOverflowForVarargs));
+ jit.abortWithReason(DFGVarargsThrowingPathDidNotThrow);
+
+ done.link(&jit);
+ jit.move(calleeGPR, GPRInfo::regT0);
+ } else {
+ // Gotta spill the callee, arguments, and this because we will need them later and we will have some
+ // calls that clobber them.
+ jit.store64(calleeGPR, CCallHelpers::addressFor(spillSlotsOffset + calleeSpillSlot));
</ins><span class="cx"> jit.store64(argumentsGPR, CCallHelpers::addressFor(spillSlotsOffset + argumentsSpillSlot));
</span><del>- jit.store64(thisGPR, CCallHelpers::addressFor(spillSlotsOffset + thisSpillSlot));
</del><ins>+ jit.store64(thisGPR, CCallHelpers::addressFor(spillSlotsOffset + thisSpillSlot));
</ins><span class="cx">
</span><del>- unsigned extraStack = sizeof(CallerFrameAndPC) +
- WTF::roundUpToMultipleOf(stackAlignmentBytes(), 5 * sizeof(void*));
- computeUsedStack(scratchGPR1, 0);
- jit.subPtr(CCallHelpers::TrustedImm32(extraStack), CCallHelpers::stackPointerRegister);
- jit.setupArgumentsWithExecState(argumentsGPR, scratchGPR1, CCallHelpers::TrustedImm32(data->firstVarArgOffset));
- callWithExceptionCheck(bitwise_cast<void*>(operationSizeFrameForVarargs));
</del><ins>+ computeUsedStack(scratchGPR1, 0);
+ jit.subPtr(CCallHelpers::TrustedImm32(extraStack), CCallHelpers::stackPointerRegister);
+ jit.setupArgumentsWithExecState(argumentsGPR, scratchGPR1, CCallHelpers::TrustedImm32(data->firstVarArgOffset));
+ callWithExceptionCheck(bitwise_cast<void*>(operationSizeFrameForVarargs));
</ins><span class="cx">
</span><del>- jit.move(GPRInfo::returnValueGPR, scratchGPR1);
- computeUsedStack(scratchGPR2, extraStack);
- loadArguments(true);
- emitSetVarargsFrame(jit, scratchGPR1, false, scratchGPR2, scratchGPR2);
- jit.addPtr(CCallHelpers::TrustedImm32(-extraStack), scratchGPR2, CCallHelpers::stackPointerRegister);
- jit.setupArgumentsWithExecState(scratchGPR2, argumentsGPR, CCallHelpers::TrustedImm32(data->firstVarArgOffset), scratchGPR1);
- callWithExceptionCheck(bitwise_cast<void*>(operationSetupVarargsFrame));
</del><ins>+ jit.move(GPRInfo::returnValueGPR, scratchGPR1);
+ computeUsedStack(scratchGPR2, extraStack);
+ jit.load64(CCallHelpers::addressFor(spillSlotsOffset + argumentsSpillSlot), argumentsGPR);
+ emitSetVarargsFrame(jit, scratchGPR1, false, scratchGPR2, scratchGPR2);
+ jit.addPtr(CCallHelpers::TrustedImm32(-extraStack), scratchGPR2, CCallHelpers::stackPointerRegister);
+ jit.setupArgumentsWithExecState(scratchGPR2, argumentsGPR, CCallHelpers::TrustedImm32(data->firstVarArgOffset), scratchGPR1);
+ callWithExceptionCheck(bitwise_cast<void*>(operationSetupVarargsFrame));
</ins><span class="cx">
</span><del>- jit.move(GPRInfo::returnValueGPR, scratchGPR2);
</del><ins>+ jit.move(GPRInfo::returnValueGPR, scratchGPR2);
</ins><span class="cx">
</span><del>- jit.load64(CCallHelpers::addressFor(spillSlotsOffset + thisSpillSlot), thisGPR);
- jit.load64(CCallHelpers::addressFor(spillSlotsOffset + calleeSpillSlot), GPRInfo::regT0);
</del><ins>+ jit.load64(CCallHelpers::addressFor(spillSlotsOffset + thisSpillSlot), thisGPR);
+ jit.load64(CCallHelpers::addressFor(spillSlotsOffset + calleeSpillSlot), GPRInfo::regT0);
+ }
</ins><span class="cx">
</span><del>- if (m_node->op() == CallForwardVarargs)
- haveArguments.link(&jit);
-
</del><span class="cx"> jit.addPtr(CCallHelpers::TrustedImm32(sizeof(CallerFrameAndPC)), scratchGPR2, CCallHelpers::stackPointerRegister);
</span><span class="cx">
</span><span class="cx"> jit.store64(thisGPR, CCallHelpers::calleeArgumentSlot(0));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLJSCallVarargsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLJSCallVarargs.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -35,7 +35,6 @@
</span><span class="cx"> class LinkBuffer;
</span><span class="cx">
</span><span class="cx"> namespace DFG {
</span><del>-class Graph;
</del><span class="cx"> struct Node;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -50,7 +49,7 @@
</span><span class="cx">
</span><span class="cx"> static unsigned numSpillSlotsNeeded();
</span><span class="cx">
</span><del>- void emit(CCallHelpers&, DFG::Graph&, int32_t spillSlotsOffset);
</del><ins>+ void emit(CCallHelpers&, int32_t spillSlotsOffset);
</ins><span class="cx"> void link(VM&, LinkBuffer&, CodeLocationLabel exceptionHandler);
</span><span class="cx">
</span><span class="cx"> unsigned stackmapID() const { return m_stackmapID; }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "DFGAbstractInterpreterInlines.h"
</span><span class="cx"> #include "DFGInPlaceAbstractState.h"
</span><span class="cx"> #include "DFGOSRAvailabilityAnalysisPhase.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "FTLAbstractHeapRepository.h"
</span><span class="cx"> #include "FTLAvailableRecovery.h"
</span><span class="cx"> #include "FTLForOSREntryJITCode.h"
</span><span class="lines">@@ -43,7 +44,10 @@
</span><span class="cx"> #include "FTLThunks.h"
</span><span class="cx"> #include "FTLWeightedTarget.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "JSLexicalEnvironment.h"
</ins><span class="cx"> #include "OperandsInlines.h"
</span><ins>+#include "ScopedArguments.h"
+#include "ScopedArgumentsTable.h"
</ins><span class="cx"> #include "VirtualRegister.h"
</span><span class="cx"> #include <atomic>
</span><span class="cx"> #include <dlfcn.h>
</span><span class="lines">@@ -167,21 +171,18 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span><del>-
- LValue capturedAlloca = m_out.alloca(arrayType(m_out.int64, m_graph.m_nextMachineLocal));
-
</del><ins>+
</ins><span class="cx"> if (maxNumberOfArguments >= 0) {
</span><span class="cx"> m_execState = m_out.alloca(arrayType(m_out.int64, JSStack::CallFrameHeaderSize + maxNumberOfArguments));
</span><span class="cx"> m_execStorage = m_out.ptrToInt(m_execState, m_out.intPtr);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ LValue capturedAlloca = m_out.alloca(arrayType(m_out.int64, m_graph.m_nextMachineLocal));
+
</ins><span class="cx"> m_captured = m_out.add(
</span><span class="cx"> m_out.ptrToInt(capturedAlloca, m_out.intPtr),
</span><span class="cx"> m_out.constIntPtr(m_graph.m_nextMachineLocal * sizeof(Register)));
</span><span class="cx">
</span><del>- // We should not create any alloca's after this point, since they will cease to
- // be mem2reg candidates.
-
</del><span class="cx"> m_ftlState.capturedStackmapID = m_stackmapIDs++;
</span><span class="cx"> m_out.call(
</span><span class="cx"> m_out.stackmapIntrinsic(), m_out.constInt64(m_ftlState.capturedStackmapID),
</span><span class="lines">@@ -195,6 +196,7 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> hasVarargs = true;
</span><span class="cx"> break;
</span><span class="cx"> default:
</span><span class="lines">@@ -211,6 +213,9 @@
</span><span class="cx"> m_out.int32Zero, varargsSpillSlots);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // We should not create any alloca's after this point, since they will cease to
+ // be mem2reg candidates.
+
</ins><span class="cx"> m_callFrame = m_out.ptrToInt(
</span><span class="cx"> m_out.call(m_out.frameAddressIntrinsic(), m_out.int32Zero), m_out.intPtr);
</span><span class="cx"> m_tagTypeNumber = m_out.constInt64(TagTypeNumber);
</span><span class="lines">@@ -434,9 +439,6 @@
</span><span class="cx"> case Int52Constant:
</span><span class="cx"> compileInt52Constant();
</span><span class="cx"> break;
</span><del>- case PhantomArguments:
- compilePhantomArguments();
- break;
</del><span class="cx"> case DoubleRep:
</span><span class="cx"> compileDoubleRep();
</span><span class="cx"> break;
</span><span class="lines">@@ -461,12 +463,6 @@
</span><span class="cx"> case PutStack:
</span><span class="cx"> compilePutStack();
</span><span class="cx"> break;
</span><del>- case GetMyArgumentsLength:
- compileGetMyArgumentsLength();
- break;
- case GetMyArgumentByVal:
- compileGetMyArgumentByVal();
- break;
</del><span class="cx"> case Phantom:
</span><span class="cx"> case HardPhantom:
</span><span class="cx"> case Check:
</span><span class="lines">@@ -592,6 +588,9 @@
</span><span class="cx"> case GetByVal:
</span><span class="cx"> compileGetByVal();
</span><span class="cx"> break;
</span><ins>+ case GetMyArgumentByVal:
+ compileGetMyArgumentByVal();
+ break;
</ins><span class="cx"> case PutByVal:
</span><span class="cx"> case PutByValAlias:
</span><span class="cx"> case PutByValDirect:
</span><span class="lines">@@ -603,6 +602,21 @@
</span><span class="cx"> case ArrayPop:
</span><span class="cx"> compileArrayPop();
</span><span class="cx"> break;
</span><ins>+ case CreateActivation:
+ compileCreateActivation();
+ break;
+ case NewFunction:
+ compileNewFunction();
+ break;
+ case CreateDirectArguments:
+ compileCreateDirectArguments();
+ break;
+ case CreateScopedArguments:
+ compileCreateScopedArguments();
+ break;
+ case CreateClonedArguments:
+ compileCreateClonedArguments();
+ break;
</ins><span class="cx"> case NewObject:
</span><span class="cx"> compileNewObject();
</span><span class="cx"> break;
</span><span class="lines">@@ -670,21 +684,27 @@
</span><span class="cx"> case GetCallee:
</span><span class="cx"> compileGetCallee();
</span><span class="cx"> break;
</span><ins>+ case GetArgumentCount:
+ compileGetArgumentCount();
+ break;
</ins><span class="cx"> case GetScope:
</span><span class="cx"> compileGetScope();
</span><span class="cx"> break;
</span><span class="cx"> case SkipScope:
</span><span class="cx"> compileSkipScope();
</span><span class="cx"> break;
</span><del>- case GetClosureRegisters:
- compileGetClosureRegisters();
- break;
</del><span class="cx"> case GetClosureVar:
</span><span class="cx"> compileGetClosureVar();
</span><span class="cx"> break;
</span><span class="cx"> case PutClosureVar:
</span><span class="cx"> compilePutClosureVar();
</span><span class="cx"> break;
</span><ins>+ case GetFromArguments:
+ compileGetFromArguments();
+ break;
+ case PutToArguments:
+ compilePutToArguments();
+ break;
</ins><span class="cx"> case CompareEq:
</span><span class="cx"> compileCompareEq();
</span><span class="cx"> break;
</span><span class="lines">@@ -716,11 +736,15 @@
</span><span class="cx"> case CallVarargs:
</span><span class="cx"> case CallForwardVarargs:
</span><span class="cx"> case ConstructVarargs:
</span><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> compileCallOrConstructVarargs();
</span><span class="cx"> break;
</span><span class="cx"> case LoadVarargs:
</span><span class="cx"> compileLoadVarargs();
</span><span class="cx"> break;
</span><ins>+ case ForwardVarargs:
+ compileForwardVarargs();
+ break;
</ins><span class="cx"> #if ENABLE(FTL_NATIVE_CALL_INLINING)
</span><span class="cx"> case NativeCall:
</span><span class="cx"> case NativeConstruct:
</span><span class="lines">@@ -749,9 +773,6 @@
</span><span class="cx"> case InvalidationPoint:
</span><span class="cx"> compileInvalidationPoint();
</span><span class="cx"> break;
</span><del>- case CheckArgumentsNotCreated:
- compileCheckArgumentsNotCreated();
- break;
</del><span class="cx"> case IsUndefined:
</span><span class="cx"> compileIsUndefined();
</span><span class="cx"> break;
</span><span class="lines">@@ -829,6 +850,8 @@
</span><span class="cx"> case MovHint:
</span><span class="cx"> case ZombieHint:
</span><span class="cx"> case PhantomNewObject:
</span><ins>+ case PhantomDirectArguments:
+ case PhantomClonedArguments:
</ins><span class="cx"> case PutHint:
</span><span class="cx"> case BottomValue:
</span><span class="cx"> case KillStack:
</span><span class="lines">@@ -838,7 +861,7 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (!m_state.isValid()) {
</del><ins>+ if (!m_state.isValid() && !m_node->isTerminal()) {
</ins><span class="cx"> safelyInvalidateAfterTermination();
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="lines">@@ -917,11 +940,6 @@
</span><span class="cx"> setStrictInt52(m_out.constInt64(value));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void compilePhantomArguments()
- {
- setJSValue(m_out.constInt64(JSValue::encode(JSValue())));
- }
-
</del><span class="cx"> void compileDoubleRep()
</span><span class="cx"> {
</span><span class="cx"> switch (m_node->child1().useKind()) {
</span><span class="lines">@@ -1095,8 +1113,7 @@
</span><span class="cx"> {
</span><span class="cx"> StackAccessData* data = m_node->stackAccessData();
</span><span class="cx"> switch (data->format) {
</span><del>- case FlushedJSValue:
- case FlushedArguments: {
</del><ins>+ case FlushedJSValue: {
</ins><span class="cx"> LValue value = lowJSValue(m_node->child1());
</span><span class="cx"> m_out.store64(value, addressFor(data->machineLocal));
</span><span class="cx"> break;
</span><span class="lines">@@ -2116,79 +2133,6 @@
</span><span class="cx"> setInt32(m_out.castToInt32(m_out.phi(m_out.intPtr, simpleOut, wastefulOut)));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void compileGetMyArgumentsLength()
- {
- checkArgumentsNotCreated();
-
- if (m_node->origin.semantic.inlineCallFrame
- && !m_node->origin.semantic.inlineCallFrame->isVarargs()) {
- setInt32(
- m_out.constInt32(
- m_node->origin.semantic.inlineCallFrame->arguments.size() - 1));
- } else {
- VirtualRegister argumentCountRegister;
- if (!m_node->origin.semantic.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = m_node->origin.semantic.inlineCallFrame->argumentCountRegister;
- setInt32(
- m_out.add(
- m_out.load32NonNegative(payloadFor(argumentCountRegister)),
- m_out.constInt32(-1)));
- }
- }
-
- void compileGetMyArgumentByVal()
- {
- checkArgumentsNotCreated();
-
- CodeOrigin codeOrigin = m_node->origin.semantic;
-
- LValue index = lowInt32(m_node->child1());
-
- LValue limit;
- if (codeOrigin.inlineCallFrame
- && !codeOrigin.inlineCallFrame->isVarargs())
- limit = m_out.constInt32(codeOrigin.inlineCallFrame->arguments.size() - 1);
- else {
- VirtualRegister argumentCountRegister;
- if (!codeOrigin.inlineCallFrame)
- argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
- else
- argumentCountRegister = codeOrigin.inlineCallFrame->argumentCountRegister;
- limit = m_out.sub(m_out.load32(payloadFor(argumentCountRegister)), m_out.int32One);
- }
-
- speculate(Uncountable, noValue(), 0, m_out.aboveOrEqual(index, limit));
-
- SymbolTable* symbolTable = m_graph.baselineCodeBlockFor(codeOrigin)->symbolTable();
- if (symbolTable->slowArguments()) {
- // FIXME: FTL should support activations.
- // https://bugs.webkit.org/show_bug.cgi?id=129576
-
- DFG_CRASH(m_graph, m_node, "Unimplemented");
- }
-
- TypedPointer base;
- if (codeOrigin.inlineCallFrame) {
- if (codeOrigin.inlineCallFrame->arguments.size() <= 1) {
- // We should have already exited due to the bounds check, above. Just tell the
- // compiler that anything dominated by this instruction is not reachable, so
- // that we don't waste time generating such code. This will also plant some
- // kind of crashing instruction so that if by some fluke the bounds check didn't
- // work, we'll crash in an easy-to-see way.
- didAlreadyTerminate();
- return;
- }
- base = addressFor(codeOrigin.inlineCallFrame->arguments[1].virtualRegister());
- } else
- base = addressFor(virtualRegisterForArgument(1));
-
- LValue pointer = m_out.baseIndex(
- base.value(), m_out.zeroExt(index, m_out.intPtr), ScaleEight);
- setJSValue(m_out.load64(TypedPointer(m_heaps.variables.atAnyIndex(), pointer)));
- }
-
</del><span class="cx"> void compileGetArrayLength()
</span><span class="cx"> {
</span><span class="cx"> switch (m_node->arrayMode().type()) {
</span><span class="lines">@@ -2205,6 +2149,24 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case Array::DirectArguments: {
+ LValue arguments = lowCell(m_node->child1());
+ speculate(
+ ExoticObjectMode, noValue(), nullptr,
+ m_out.notNull(m_out.loadPtr(arguments, m_heaps.DirectArguments_overrides)));
+ setInt32(m_out.load32NonNegative(arguments, m_heaps.DirectArguments_length));
+ return;
+ }
+
+ case Array::ScopedArguments: {
+ LValue arguments = lowCell(m_node->child1());
+ speculate(
+ ExoticObjectMode, noValue(), nullptr,
+ m_out.notZero8(m_out.loadPtr(arguments, m_heaps.ScopedArguments_overrodeThings)));
+ setInt32(m_out.load32NonNegative(arguments, m_heaps.ScopedArguments_totalLength));
+ return;
+ }
+
</ins><span class="cx"> default:
</span><span class="cx"> if (isTypedView(m_node->arrayMode().typedArrayType())) {
</span><span class="cx"> setInt32(
</span><span class="lines">@@ -2322,6 +2284,78 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case Array::DirectArguments: {
+ LValue base = lowCell(m_node->child1());
+ LValue index = lowInt32(m_node->child2());
+
+ speculate(
+ ExoticObjectMode, noValue(), nullptr,
+ m_out.notNull(m_out.loadPtr(base, m_heaps.DirectArguments_overrides)));
+ speculate(
+ ExoticObjectMode, noValue(), nullptr,
+ m_out.aboveOrEqual(
+ index,
+ m_out.load32NonNegative(base, m_heaps.DirectArguments_length)));
+
+ TypedPointer address = m_out.baseIndex(
+ m_heaps.DirectArguments_storage, base, m_out.zeroExtPtr(index));
+ setJSValue(m_out.load64(address));
+ return;
+ }
+
+ case Array::ScopedArguments: {
+ LValue base = lowCell(m_node->child1());
+ LValue index = lowInt32(m_node->child2());
+
+ speculate(
+ ExoticObjectMode, noValue(), nullptr,
+ m_out.aboveOrEqual(
+ index,
+ m_out.load32NonNegative(base, m_heaps.ScopedArguments_totalLength)));
+
+ LValue table = m_out.loadPtr(base, m_heaps.ScopedArguments_table);
+ LValue namedLength = m_out.load32(table, m_heaps.ScopedArgumentsTable_length);
+
+ LBasicBlock namedCase = FTL_NEW_BLOCK(m_out, ("GetByVal ScopedArguments named case"));
+ LBasicBlock overflowCase = FTL_NEW_BLOCK(m_out, ("GetByVal ScopedArguments overflow case"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("GetByVal ScopedArguments continuation"));
+
+ m_out.branch(
+ m_out.aboveOrEqual(index, namedLength), unsure(overflowCase), unsure(namedCase));
+
+ LBasicBlock lastNext = m_out.appendTo(namedCase, overflowCase);
+
+ LValue scope = m_out.loadPtr(base, m_heaps.ScopedArguments_scope);
+ LValue arguments = m_out.loadPtr(table, m_heaps.ScopedArgumentsTable_arguments);
+
+ TypedPointer address = m_out.baseIndex(
+ m_heaps.scopedArgumentsTableArguments, arguments, m_out.zeroExtPtr(index));
+ LValue scopeOffset = m_out.load32(address);
+
+ speculate(
+ ExoticObjectMode, noValue(), nullptr,
+ m_out.equal(scopeOffset, m_out.constInt32(ScopeOffset::invalidOffset)));
+
+ address = m_out.baseIndex(
+ m_heaps.JSEnvironmentRecord_variables, scope, m_out.zeroExtPtr(scopeOffset));
+ ValueFromBlock namedResult = m_out.anchor(m_out.load64(address));
+ m_out.jump(continuation);
+
+ m_out.appendTo(overflowCase, continuation);
+
+ address = m_out.baseIndex(
+ m_heaps.ScopedArguments_overflowStorage, base,
+ m_out.zeroExtPtr(m_out.sub(index, namedLength)));
+ LValue overflowValue = m_out.load64(address);
+ speculate(ExoticObjectMode, noValue(), nullptr, m_out.isZero64(overflowValue));
+ ValueFromBlock overflowResult = m_out.anchor(overflowValue);
+ m_out.jump(continuation);
+
+ m_out.appendTo(continuation, lastNext);
+ setJSValue(m_out.phi(m_out.int64, namedResult, overflowResult));
+ return;
+ }
+
</ins><span class="cx"> case Array::Generic: {
</span><span class="cx"> setJSValue(vmCall(
</span><span class="cx"> m_out.operation(operationGetByVal), m_callFrame,
</span><span class="lines">@@ -2346,7 +2380,7 @@
</span><span class="cx"> m_out.add(
</span><span class="cx"> storage,
</span><span class="cx"> m_out.shl(
</span><del>- m_out.zeroExt(index, m_out.intPtr),
</del><ins>+ m_out.zeroExtPtr(index),
</ins><span class="cx"> m_out.constIntPtr(logElementSize(type)))));
</span><span class="cx">
</span><span class="cx"> if (isInt(type)) {
</span><span class="lines">@@ -2418,6 +2452,46 @@
</span><span class="cx"> } }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void compileGetMyArgumentByVal()
+ {
+ InlineCallFrame* inlineCallFrame = m_node->child1()->origin.semantic.inlineCallFrame;
+
+ LValue index = lowInt32(m_node->child2());
+
+ LValue limit;
+ if (inlineCallFrame && !inlineCallFrame->isVarargs())
+ limit = m_out.constInt32(inlineCallFrame->arguments.size() - 1);
+ else {
+ VirtualRegister argumentCountRegister;
+ if (!inlineCallFrame)
+ argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
+ else
+ argumentCountRegister = inlineCallFrame->argumentCountRegister;
+ limit = m_out.sub(m_out.load32(payloadFor(argumentCountRegister)), m_out.int32One);
+ }
+
+ speculate(ExoticObjectMode, noValue(), 0, m_out.aboveOrEqual(index, limit));
+
+ TypedPointer base;
+ if (inlineCallFrame) {
+ if (inlineCallFrame->arguments.size() <= 1) {
+ // We should have already exited due to the bounds check, above. Just tell the
+ // compiler that anything dominated by this instruction is not reachable, so
+ // that we don't waste time generating such code. This will also plant some
+ // kind of crashing instruction so that if by some fluke the bounds check didn't
+ // work, we'll crash in an easy-to-see way.
+ didAlreadyTerminate();
+ return;
+ }
+ base = addressFor(inlineCallFrame->arguments[1].virtualRegister());
+ } else
+ base = addressFor(virtualRegisterForArgument(1));
+
+ LValue pointer = m_out.baseIndex(
+ base.value(), m_out.zeroExt(index, m_out.intPtr), ScaleEight);
+ setJSValue(m_out.load64(TypedPointer(m_heaps.variables.atAnyIndex(), pointer)));
+ }
+
</ins><span class="cx"> void compilePutByVal()
</span><span class="cx"> {
</span><span class="cx"> Edge child1 = m_graph.varArgChild(m_node, 0);
</span><span class="lines">@@ -2473,8 +2547,7 @@
</span><span class="cx"> TypedPointer elementPointer = m_out.baseIndex(
</span><span class="cx"> m_node->arrayMode().type() == Array::Int32 ?
</span><span class="cx"> m_heaps.indexedInt32Properties : m_heaps.indexedContiguousProperties,
</span><del>- storage, m_out.zeroExt(index, m_out.intPtr),
- m_state.forNode(child2).m_value);
</del><ins>+ storage, m_out.zeroExtPtr(index), m_state.forNode(child2).m_value);
</ins><span class="cx">
</span><span class="cx"> if (m_node->op() == PutByValAlias) {
</span><span class="cx"> m_out.store64(value, elementPointer);
</span><span class="lines">@@ -2499,8 +2572,7 @@
</span><span class="cx"> m_out.doubleNotEqualOrUnordered(value, value));
</span><span class="cx">
</span><span class="cx"> TypedPointer elementPointer = m_out.baseIndex(
</span><del>- m_heaps.indexedDoubleProperties,
- storage, m_out.zeroExt(index, m_out.intPtr),
</del><ins>+ m_heaps.indexedDoubleProperties, storage, m_out.zeroExtPtr(index),
</ins><span class="cx"> m_state.forNode(child2).m_value);
</span><span class="cx">
</span><span class="cx"> if (m_node->op() == PutByValAlias) {
</span><span class="lines">@@ -2714,9 +2786,7 @@
</span><span class="cx">
</span><span class="cx"> LBasicBlock lastNext = m_out.appendTo(fastPath, slowPath);
</span><span class="cx"> m_out.store(
</span><del>- value,
- m_out.baseIndex(heap, storage, m_out.zeroExt(prevLength, m_out.intPtr)),
- refType);
</del><ins>+ value, m_out.baseIndex(heap, storage, m_out.zeroExtPtr(prevLength)), refType);
</ins><span class="cx"> LValue newLength = m_out.add(prevLength, m_out.int32One);
</span><span class="cx"> m_out.store32(newLength, storage, m_heaps.Butterfly_publicLength);
</span><span class="cx">
</span><span class="lines">@@ -2769,8 +2839,7 @@
</span><span class="cx"> LBasicBlock lastNext = m_out.appendTo(fastCase, slowCase);
</span><span class="cx"> LValue newLength = m_out.sub(prevLength, m_out.int32One);
</span><span class="cx"> m_out.store32(newLength, storage, m_heaps.Butterfly_publicLength);
</span><del>- TypedPointer pointer = m_out.baseIndex(
- heap, storage, m_out.zeroExt(newLength, m_out.intPtr));
</del><ins>+ TypedPointer pointer = m_out.baseIndex(heap, storage, m_out.zeroExtPtr(newLength));
</ins><span class="cx"> if (m_node->arrayMode().type() != Array::Double) {
</span><span class="cx"> LValue result = m_out.load64(pointer);
</span><span class="cx"> m_out.store64(m_out.int64Zero, pointer);
</span><span class="lines">@@ -2802,6 +2871,173 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void compileCreateActivation()
+ {
+ LValue scope = lowCell(m_node->child1());
+ SymbolTable* table = m_graph.symbolTableFor(m_node->origin.semantic);
+ Structure* structure = m_graph.globalObjectFor(m_node->origin.semantic)->activationStructure();
+
+ LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("CreateActivation slow path"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("CreateActivation continuation"));
+
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
+
+ LValue fastObject = allocateObject<JSLexicalEnvironment>(
+ JSLexicalEnvironment::allocationSize(table), structure, m_out.intPtrZero, slowPath);
+
+ // We don't need memory barriers since we just fast-created the activation, so the
+ // activation must be young.
+ m_out.storePtr(scope, fastObject, m_heaps.JSScope_next);
+ m_out.storePtr(weakPointer(table), fastObject, m_heaps.JSSymbolTableObject_symbolTable);
+
+ for (unsigned i = 0; i < table->scopeSize(); ++i) {
+ m_out.store64(
+ m_out.constInt64(JSValue::encode(jsUndefined())),
+ fastObject, m_heaps.JSEnvironmentRecord_variables[i]);
+ }
+
+ ValueFromBlock fastResult = m_out.anchor(fastObject);
+ m_out.jump(continuation);
+
+ m_out.appendTo(slowPath, continuation);
+ LValue callResult = vmCall(
+ m_out.operation(operationCreateActivationDirect), m_callFrame, weakPointer(structure),
+ scope, weakPointer(table));
+ ValueFromBlock slowResult = m_out.anchor(callResult);
+ m_out.jump(continuation);
+
+ m_out.appendTo(continuation, lastNext);
+ setJSValue(m_out.phi(m_out.intPtr, fastResult, slowResult));
+ }
+
+ void compileNewFunction()
+ {
+ LValue result = vmCall(
+ m_out.operation(operationNewFunction), m_callFrame,
+ lowCell(m_node->child1()), weakPointer(m_node->castOperand<FunctionExecutable*>()));
+ setJSValue(result);
+ }
+
+ void compileCreateDirectArguments()
+ {
+ // FIXME: A more effective way of dealing with the argument count and callee is to have
+ // them be explicit arguments to this node.
+ // https://bugs.webkit.org/show_bug.cgi?id=142207
+
+ Structure* structure =
+ m_graph.globalObjectFor(m_node->origin.semantic)->directArgumentsStructure();
+
+ unsigned minCapacity = m_graph.baselineCodeBlockFor(m_node->origin.semantic)->numParameters() - 1;
+
+ LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("CreateDirectArguments slow path"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("CreateDirectArguments continuation"));
+
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
+
+ ArgumentsLength length = getArgumentsLength();
+
+ LValue fastObject;
+ if (length.isKnown) {
+ fastObject = allocateObject<DirectArguments>(
+ DirectArguments::allocationSize(std::max(length.known, minCapacity)), structure,
+ m_out.intPtrZero, slowPath);
+ } else {
+ LValue size = m_out.add(
+ m_out.shl(length.value, m_out.constInt32(3)),
+ m_out.constInt32(DirectArguments::storageOffset()));
+
+ size = m_out.select(
+ m_out.aboveOrEqual(length.value, m_out.constInt32(minCapacity)),
+ size, m_out.constInt32(DirectArguments::allocationSize(minCapacity)));
+
+ fastObject = allocateVariableSizedObject<DirectArguments>(
+ size, structure, m_out.intPtrZero, slowPath);
+ }
+
+ m_out.store32(length.value, fastObject, m_heaps.DirectArguments_length);
+ m_out.store32(m_out.constInt32(minCapacity), fastObject, m_heaps.DirectArguments_minCapacity);
+ m_out.storePtr(m_out.intPtrZero, fastObject, m_heaps.DirectArguments_overrides);
+ m_out.storePtr(getCurrentCallee(), fastObject, m_heaps.DirectArguments_callee);
+
+ ValueFromBlock fastResult = m_out.anchor(fastObject);
+ m_out.jump(continuation);
+
+ m_out.appendTo(slowPath, continuation);
+ LValue callResult = vmCall(
+ m_out.operation(operationCreateDirectArguments), m_callFrame, weakPointer(structure),
+ length.value, m_out.constInt32(minCapacity));
+ ValueFromBlock slowResult = m_out.anchor(callResult);
+ m_out.jump(continuation);
+
+ m_out.appendTo(continuation, lastNext);
+ LValue result = m_out.phi(m_out.intPtr, fastResult, slowResult);
+
+ if (length.isKnown) {
+ VirtualRegister start = AssemblyHelpers::argumentsStart(m_node->origin.semantic);
+ for (unsigned i = 0; i < std::max(length.known, minCapacity); ++i) {
+ m_out.store64(
+ m_out.load64(addressFor(start + i)),
+ result, m_heaps.DirectArguments_storage[i]);
+ }
+ } else {
+ LValue stackBase = getArgumentsStart();
+
+ LBasicBlock loop = FTL_NEW_BLOCK(m_out, ("CreateDirectArguments loop body"));
+ LBasicBlock end = FTL_NEW_BLOCK(m_out, ("CreateDirectArguments loop end"));
+
+ ValueFromBlock originalLength;
+ if (minCapacity) {
+ LValue capacity = m_out.select(
+ m_out.aboveOrEqual(length.value, m_out.constInt32(minCapacity)),
+ length.value,
+ m_out.constInt32(minCapacity));
+ originalLength = m_out.anchor(m_out.zeroExtPtr(capacity));
+ m_out.jump(loop);
+ } else {
+ originalLength = m_out.anchor(m_out.zeroExtPtr(length.value));
+ m_out.branch(m_out.isNull(originalLength.value()), unsure(end), unsure(loop));
+ }
+
+ lastNext = m_out.appendTo(loop, end);
+ LValue previousIndex = m_out.phi(m_out.intPtr, originalLength);
+ LValue index = m_out.sub(previousIndex, m_out.intPtrOne);
+ m_out.store64(
+ m_out.load64(m_out.baseIndex(m_heaps.variables, stackBase, index)),
+ m_out.baseIndex(m_heaps.DirectArguments_storage, result, index));
+ ValueFromBlock nextIndex = m_out.anchor(index);
+ addIncoming(previousIndex, nextIndex);
+ m_out.branch(m_out.isNull(index), unsure(end), unsure(loop));
+
+ m_out.appendTo(end, lastNext);
+ }
+
+ setJSValue(result);
+ }
+
+ void compileCreateScopedArguments()
+ {
+ LValue scope = lowCell(m_node->child1());
+
+ LValue result = vmCall(
+ m_out.operation(operationCreateScopedArguments), m_callFrame,
+ weakPointer(
+ m_graph.globalObjectFor(m_node->origin.semantic)->scopedArgumentsStructure()),
+ getArgumentsStart(), getArgumentsLength().value, getCurrentCallee(), scope);
+
+ setJSValue(result);
+ }
+
+ void compileCreateClonedArguments()
+ {
+ LValue result = vmCall(
+ m_out.operation(operationCreateClonedArguments), m_callFrame,
+ weakPointer(
+ m_graph.globalObjectFor(m_node->origin.semantic)->outOfBandArgumentsStructure()),
+ getArgumentsStart(), getArgumentsLength().value, getCurrentCallee());
+
+ setJSValue(result);
+ }
+
</ins><span class="cx"> void compileNewObject()
</span><span class="cx"> {
</span><span class="cx"> setJSValue(allocateObject(m_node->structure()));
</span><span class="lines">@@ -3267,8 +3503,7 @@
</span><span class="cx">
</span><span class="cx"> ValueFromBlock char8Bit = m_out.anchor(m_out.zeroExt(
</span><span class="cx"> m_out.load8(m_out.baseIndex(
</span><del>- m_heaps.characters8,
- storage, m_out.zeroExt(index, m_out.intPtr),
</del><ins>+ m_heaps.characters8, storage, m_out.zeroExtPtr(index),
</ins><span class="cx"> m_state.forNode(m_node->child2()).m_value)),
</span><span class="cx"> m_out.int32));
</span><span class="cx"> m_out.jump(bitsContinuation);
</span><span class="lines">@@ -3277,8 +3512,7 @@
</span><span class="cx">
</span><span class="cx"> ValueFromBlock char16Bit = m_out.anchor(m_out.zeroExt(
</span><span class="cx"> m_out.load16(m_out.baseIndex(
</span><del>- m_heaps.characters16,
- storage, m_out.zeroExt(index, m_out.intPtr),
</del><ins>+ m_heaps.characters16, storage, m_out.zeroExtPtr(index),
</ins><span class="cx"> m_state.forNode(m_node->child2()).m_value)),
</span><span class="cx"> m_out.int32));
</span><span class="cx"> m_out.branch(
</span><span class="lines">@@ -3300,8 +3534,7 @@
</span><span class="cx"> LValue smallStrings = m_out.constIntPtr(vm().smallStrings.singleCharacterStrings());
</span><span class="cx">
</span><span class="cx"> results.append(m_out.anchor(m_out.loadPtr(m_out.baseIndex(
</span><del>- m_heaps.singleCharacterStrings, smallStrings,
- m_out.zeroExt(character, m_out.intPtr)))));
</del><ins>+ m_heaps.singleCharacterStrings, smallStrings, m_out.zeroExtPtr(character)))));
</ins><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(slowPath, continuation);
</span><span class="lines">@@ -3360,8 +3593,7 @@
</span><span class="cx">
</span><span class="cx"> ValueFromBlock char8Bit = m_out.anchor(m_out.zeroExt(
</span><span class="cx"> m_out.load8(m_out.baseIndex(
</span><del>- m_heaps.characters8,
- storage, m_out.zeroExt(index, m_out.intPtr),
</del><ins>+ m_heaps.characters8, storage, m_out.zeroExtPtr(index),
</ins><span class="cx"> m_state.forNode(m_node->child2()).m_value)),
</span><span class="cx"> m_out.int32));
</span><span class="cx"> m_out.jump(continuation);
</span><span class="lines">@@ -3370,8 +3602,7 @@
</span><span class="cx">
</span><span class="cx"> ValueFromBlock char16Bit = m_out.anchor(m_out.zeroExt(
</span><span class="cx"> m_out.load16(m_out.baseIndex(
</span><del>- m_heaps.characters16,
- storage, m_out.zeroExt(index, m_out.intPtr),
</del><ins>+ m_heaps.characters16, storage, m_out.zeroExtPtr(index),
</ins><span class="cx"> m_state.forNode(m_node->child2()).m_value)),
</span><span class="cx"> m_out.int32));
</span><span class="cx"> m_out.jump(continuation);
</span><span class="lines">@@ -3541,13 +3772,13 @@
</span><span class="cx">
</span><span class="cx"> void compileGetGlobalVar()
</span><span class="cx"> {
</span><del>- setJSValue(m_out.load64(m_out.absolute(m_node->registerPointer())));
</del><ins>+ setJSValue(m_out.load64(m_out.absolute(m_node->variablePointer())));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void compilePutGlobalVar()
</span><span class="cx"> {
</span><span class="cx"> m_out.store64(
</span><del>- lowJSValue(m_node->child1()), m_out.absolute(m_node->registerPointer()));
</del><ins>+ lowJSValue(m_node->child1()), m_out.absolute(m_node->variablePointer()));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void compileNotifyWrite()
</span><span class="lines">@@ -3585,6 +3816,11 @@
</span><span class="cx"> setJSValue(m_out.loadPtr(addressFor(JSStack::Callee)));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void compileGetArgumentCount()
+ {
+ setInt32(m_out.load32(payloadFor(JSStack::ArgumentCount)));
+ }
+
</ins><span class="cx"> void compileGetScope()
</span><span class="cx"> {
</span><span class="cx"> setJSValue(m_out.loadPtr(lowCell(m_node->child1()), m_heaps.JSFunction_scope));
</span><span class="lines">@@ -3595,28 +3831,36 @@
</span><span class="cx"> setJSValue(m_out.loadPtr(lowCell(m_node->child1()), m_heaps.JSScope_next));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void compileGetClosureRegisters()
</del><ins>+ void compileGetClosureVar()
</ins><span class="cx"> {
</span><del>- if (WriteBarrierBase<Unknown>* registers = m_graph.tryGetRegisters(m_node->child1().node())) {
- setStorage(m_out.constIntPtr(registers));
- return;
- }
-
- setStorage(m_out.loadPtr(
- lowCell(m_node->child1()), m_heaps.JSEnvironmentRecord_registers));
</del><ins>+ setJSValue(
+ m_out.load64(
+ lowCell(m_node->child1()),
+ m_heaps.JSEnvironmentRecord_variables[m_node->scopeOffset().offset()]));
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- void compileGetClosureVar()
</del><ins>+ void compilePutClosureVar()
</ins><span class="cx"> {
</span><del>- setJSValue(m_out.load64(
- addressFor(lowStorage(m_node->child2()), m_node->varNumber())));
</del><ins>+ m_out.store64(
+ lowJSValue(m_node->child2()),
+ lowCell(m_node->child1()),
+ m_heaps.JSEnvironmentRecord_variables[m_node->scopeOffset().offset()]);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- void compilePutClosureVar()
</del><ins>+ void compileGetFromArguments()
</ins><span class="cx"> {
</span><ins>+ setJSValue(
+ m_out.load64(
+ lowCell(m_node->child1()),
+ m_heaps.DirectArguments_storage[m_node->capturedArgumentsOffset().offset()]));
+ }
+
+ void compilePutToArguments()
+ {
</ins><span class="cx"> m_out.store64(
</span><del>- lowJSValue(m_node->child3()),
- addressFor(lowStorage(m_node->child2()), m_node->varNumber()));
</del><ins>+ lowJSValue(m_node->child2()),
+ lowCell(m_node->child1()),
+ m_heaps.DirectArguments_storage[m_node->capturedArgumentsOffset().offset()]);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void compileCompareEq()
</span><span class="lines">@@ -3858,22 +4102,18 @@
</span><span class="cx"> void compileCallOrConstructVarargs()
</span><span class="cx"> {
</span><span class="cx"> LValue jsCallee = lowJSValue(m_node->child1());
</span><ins>+ LValue thisArg = lowJSValue(m_node->child3());
</ins><span class="cx">
</span><span class="cx"> LValue jsArguments = nullptr;
</span><del>- LValue thisArg = nullptr;
</del><span class="cx">
</span><span class="cx"> switch (m_node->op()) {
</span><span class="cx"> case CallVarargs:
</span><ins>+ case ConstructVarargs:
</ins><span class="cx"> jsArguments = lowJSValue(m_node->child2());
</span><del>- thisArg = lowJSValue(m_node->child3());
</del><span class="cx"> break;
</span><span class="cx"> case CallForwardVarargs:
</span><del>- thisArg = lowJSValue(m_node->child2());
</del><ins>+ case ConstructForwardVarargs:
</ins><span class="cx"> break;
</span><del>- case ConstructVarargs:
- jsArguments = lowJSValue(m_node->child2());
- thisArg = lowJSValue(m_node->child3());
- break;
</del><span class="cx"> default:
</span><span class="cx"> DFG_CRASH(m_graph, m_node, "bad node type");
</span><span class="cx"> break;
</span><span class="lines">@@ -3936,7 +4176,64 @@
</span><span class="cx"> m_out.castToInt32(machineStart), jsArguments, m_out.constInt32(data->offset),
</span><span class="cx"> length, m_out.constInt32(data->mandatoryMinimum));
</span><span class="cx"> }
</span><ins>+
+ void compileForwardVarargs()
+ {
+ LoadVarargsData* data = m_node->loadVarargsData();
+ InlineCallFrame* inlineCallFrame = m_node->child1()->origin.semantic.inlineCallFrame;
+
+ LValue length = getArgumentsLength(inlineCallFrame).value;
+ LValue lengthIncludingThis = m_out.add(length, m_out.constInt32(1 - data->offset));
+
+ speculate(
+ VarargsOverflow, noValue(), nullptr,
+ m_out.above(lengthIncludingThis, m_out.constInt32(data->limit)));
+
+ m_out.store32(lengthIncludingThis, payloadFor(data->machineCount));
+
+ LValue sourceStart = getArgumentsStart(inlineCallFrame);
+ LValue targetStart = addressFor(data->machineStart).value();
</ins><span class="cx">
</span><ins>+ LBasicBlock undefinedLoop = FTL_NEW_BLOCK(m_out, ("ForwardVarargs undefined loop body"));
+ LBasicBlock mainLoopEntry = FTL_NEW_BLOCK(m_out, ("ForwardVarargs main loop entry"));
+ LBasicBlock mainLoop = FTL_NEW_BLOCK(m_out, ("ForwardVarargs main loop body"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("ForwardVarargs continuation"));
+
+ LValue lengthAsPtr = m_out.zeroExtPtr(length);
+ ValueFromBlock loopBound = m_out.anchor(m_out.constIntPtr(data->mandatoryMinimum));
+ m_out.branch(
+ m_out.above(loopBound.value(), lengthAsPtr), unsure(undefinedLoop), unsure(mainLoopEntry));
+
+ LBasicBlock lastNext = m_out.appendTo(undefinedLoop, mainLoopEntry);
+ LValue previousIndex = m_out.phi(m_out.intPtr, loopBound);
+ LValue currentIndex = m_out.sub(previousIndex, m_out.intPtrOne);
+ m_out.store64(
+ m_out.constInt64(JSValue::encode(jsUndefined())),
+ m_out.baseIndex(m_heaps.variables, targetStart, currentIndex));
+ ValueFromBlock nextIndex = m_out.anchor(currentIndex);
+ addIncoming(previousIndex, nextIndex);
+ m_out.branch(
+ m_out.above(currentIndex, lengthAsPtr), unsure(undefinedLoop), unsure(mainLoopEntry));
+
+ m_out.appendTo(mainLoopEntry, mainLoop);
+ loopBound = m_out.anchor(lengthAsPtr);
+ m_out.branch(m_out.notNull(loopBound.value()), unsure(mainLoop), unsure(continuation));
+
+ m_out.appendTo(mainLoop, continuation);
+ previousIndex = m_out.phi(m_out.intPtr, loopBound);
+ currentIndex = m_out.sub(previousIndex, m_out.intPtrOne);
+ LValue value = m_out.load64(
+ m_out.baseIndex(
+ m_heaps.variables, sourceStart,
+ m_out.add(currentIndex, m_out.constIntPtr(data->offset))));
+ m_out.store64(value, m_out.baseIndex(m_heaps.variables, targetStart, currentIndex));
+ nextIndex = m_out.anchor(currentIndex);
+ addIncoming(previousIndex, nextIndex);
+ m_out.branch(m_out.isNull(currentIndex), unsure(continuation), unsure(mainLoop));
+
+ m_out.appendTo(continuation, lastNext);
+ }
+
</ins><span class="cx"> void compileJump()
</span><span class="cx"> {
</span><span class="cx"> m_out.jump(lowBlock(m_node->targetBlock()));
</span><span class="lines">@@ -4171,15 +4468,6 @@
</span><span class="cx"> info.m_isInvalidationPoint = true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void compileCheckArgumentsNotCreated()
- {
- ASSERT(!isEmptySpeculation(
- m_state.variables().operand(
- m_graph.argumentsRegisterFor(m_node->origin.semantic)).m_type));
-
- checkArgumentsNotCreated();
- }
-
</del><span class="cx"> void compileIsUndefined()
</span><span class="cx"> {
</span><span class="cx"> setBoolean(equalNullOrUndefined(m_node->child1(), AllCellsAreFalse, EqualUndefined));
</span><span class="lines">@@ -4551,8 +4839,7 @@
</span><span class="cx"> LBasicBlock lastNext = m_out.appendTo(inBounds, outOfBounds);
</span><span class="cx"> LValue storage = m_out.loadPtr(enumerator, m_heaps.JSPropertyNameEnumerator_cachedPropertyNamesVector);
</span><span class="cx"> ValueFromBlock inBoundsResult = m_out.anchor(
</span><del>- m_out.load64(m_out.baseIndex(m_heaps.JSPropertyNameEnumerator_cachedPropertyNamesVector,
- storage, m_out.signExt(index, m_out.int64), ScaleEight)));
</del><ins>+ m_out.loadPtr(m_out.baseIndex(m_heaps.JSPropertyNameEnumerator_cachedPropertyNamesVectorContents, storage, m_out.zeroExtPtr(index))));
</ins><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(outOfBounds, continuation);
</span><span class="lines">@@ -4578,8 +4865,7 @@
</span><span class="cx"> LBasicBlock lastNext = m_out.appendTo(inBounds, outOfBounds);
</span><span class="cx"> LValue storage = m_out.loadPtr(enumerator, m_heaps.JSPropertyNameEnumerator_cachedPropertyNamesVector);
</span><span class="cx"> ValueFromBlock inBoundsResult = m_out.anchor(
</span><del>- m_out.load64(m_out.baseIndex(m_heaps.JSPropertyNameEnumerator_cachedPropertyNamesVector,
- storage, m_out.signExt(index, m_out.int64), ScaleEight)));
</del><ins>+ m_out.loadPtr(m_out.baseIndex(m_heaps.JSPropertyNameEnumerator_cachedPropertyNamesVectorContents, storage, m_out.zeroExtPtr(index))));
</ins><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(outOfBounds, continuation);
</span><span class="lines">@@ -4878,6 +5164,67 @@
</span><span class="cx"> return m_out.booleanFalse;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ struct ArgumentsLength {
+ ArgumentsLength()
+ : isKnown(false)
+ , known(UINT_MAX)
+ , value(nullptr)
+ {
+ }
+
+ bool isKnown;
+ unsigned known;
+ LValue value;
+ };
+ ArgumentsLength getArgumentsLength(InlineCallFrame* inlineCallFrame)
+ {
+ ArgumentsLength length;
+
+ if (inlineCallFrame && !inlineCallFrame->isVarargs()) {
+ length.known = inlineCallFrame->arguments.size() - 1;
+ length.isKnown = true;
+ length.value = m_out.constInt32(length.known);
+ } else {
+ length.known = UINT_MAX;
+ length.isKnown = false;
+
+ VirtualRegister argumentCountRegister;
+ if (!inlineCallFrame)
+ argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
+ else
+ argumentCountRegister = inlineCallFrame->argumentCountRegister;
+ length.value = m_out.sub(m_out.load32(payloadFor(argumentCountRegister)), m_out.int32One);
+ }
+
+ return length;
+ }
+
+ ArgumentsLength getArgumentsLength()
+ {
+ return getArgumentsLength(m_node->origin.semantic.inlineCallFrame);
+ }
+
+ LValue getCurrentCallee()
+ {
+ if (InlineCallFrame* frame = m_node->origin.semantic.inlineCallFrame) {
+ if (frame->isClosureCall)
+ return m_out.loadPtr(addressFor(frame->calleeRecovery.virtualRegister()));
+ return weakPointer(frame->calleeRecovery.constant().asCell());
+ }
+ return m_out.loadPtr(addressFor(JSStack::Callee));
+ }
+
+ LValue getArgumentsStart(InlineCallFrame* inlineCallFrame)
+ {
+ VirtualRegister start = AssemblyHelpers::argumentsStart(inlineCallFrame);
+ return addressFor(start).value();
+ }
+
+ LValue getArgumentsStart()
+ {
+ return getArgumentsStart(m_node->origin.semantic.inlineCallFrame);
+ }
+
</ins><span class="cx"> void checkStructure(
</span><span class="cx"> LValue structureID, const FormattedValue& formattedValue, ExitKind exitKind,
</span><span class="cx"> const StructureSet& set)
</span><span class="lines">@@ -5098,11 +5445,10 @@
</span><span class="cx"> return call;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- TypedPointer baseIndex(IndexedAbstractHeap& heap, LValue storage, LValue index, Edge edge)
</del><ins>+ TypedPointer baseIndex(IndexedAbstractHeap& heap, LValue storage, LValue index, Edge edge, ptrdiff_t offset = 0)
</ins><span class="cx"> {
</span><span class="cx"> return m_out.baseIndex(
</span><del>- heap, storage, m_out.zeroExt(index, m_out.intPtr),
- m_state.forNode(edge).m_value);
</del><ins>+ heap, storage, m_out.zeroExtPtr(index), m_state.forNode(edge).m_value, offset);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void compare(
</span><span class="lines">@@ -5253,13 +5599,63 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ClassType>
</span><del>- LValue allocateObject(Structure* structure, LValue butterfly, LBasicBlock slowPath)
</del><ins>+ LValue allocateObject(
+ size_t size, Structure* structure, LValue butterfly, LBasicBlock slowPath)
</ins><span class="cx"> {
</span><del>- size_t size = ClassType::allocationSize(0);
</del><span class="cx"> MarkedAllocator* allocator = &vm().heap.allocatorForObjectOfType<ClassType>(size);
</span><span class="cx"> return allocateObject(m_out.constIntPtr(allocator), structure, butterfly, slowPath);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ template<typename ClassType>
+ LValue allocateObject(Structure* structure, LValue butterfly, LBasicBlock slowPath)
+ {
+ return allocateObject<ClassType>(
+ ClassType::allocationSize(0), structure, butterfly, slowPath);
+ }
+
+ template<typename ClassType>
+ LValue allocateVariableSizedObject(
+ LValue size, Structure* structure, LValue butterfly, LBasicBlock slowPath)
+ {
+ static_assert(!(MarkedSpace::preciseStep & (MarkedSpace::preciseStep - 1)), "MarkedSpace::preciseStep must be a power of two.");
+ static_assert(!(MarkedSpace::impreciseStep & (MarkedSpace::impreciseStep - 1)), "MarkedSpace::impreciseStep must be a power of two.");
+
+ LValue subspace = m_out.constIntPtr(&vm().heap.subspaceForObjectOfType<ClassType>());
+
+ LBasicBlock smallCaseBlock = FTL_NEW_BLOCK(m_out, ("allocateVariableSizedObject small case"));
+ LBasicBlock largeOrOversizeCaseBlock = FTL_NEW_BLOCK(m_out, ("allocateVariableSizedObject large or oversize case"));
+ LBasicBlock largeCaseBlock = FTL_NEW_BLOCK(m_out, ("allocateVariableSizedObject large case"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("allocateVariableSizedObject continuation"));
+
+ LValue uproundedSize = m_out.add(size, m_out.constInt32(MarkedSpace::preciseStep - 1));
+ LValue isSmall = m_out.below(uproundedSize, m_out.constInt32(MarkedSpace::preciseCutoff));
+ m_out.branch(isSmall, unsure(smallCaseBlock), unsure(largeOrOversizeCaseBlock));
+
+ LBasicBlock lastNext = m_out.appendTo(smallCaseBlock, largeOrOversizeCaseBlock);
+ TypedPointer address = m_out.baseIndex(
+ m_heaps.MarkedSpace_Subspace_preciseAllocators, subspace,
+ m_out.zeroExtPtr(m_out.lShr(uproundedSize, m_out.constInt32(getLSBSet(MarkedSpace::preciseStep)))));
+ ValueFromBlock smallAllocator = m_out.anchor(address.value());
+ m_out.jump(continuation);
+
+ m_out.appendTo(largeOrOversizeCaseBlock, largeCaseBlock);
+ m_out.branch(
+ m_out.below(uproundedSize, m_out.constInt32(MarkedSpace::impreciseCutoff)),
+ usually(largeCaseBlock), rarely(slowPath));
+
+ m_out.appendTo(largeCaseBlock, continuation);
+ address = m_out.baseIndex(
+ m_heaps.MarkedSpace_Subspace_impreciseAllocators, subspace,
+ m_out.zeroExtPtr(m_out.lShr(uproundedSize, m_out.constInt32(getLSBSet(MarkedSpace::impreciseStep)))));
+ ValueFromBlock largeAllocator = m_out.anchor(address.value());
+ m_out.jump(continuation);
+
+ m_out.appendTo(continuation, lastNext);
+ LValue allocator = m_out.phi(m_out.intPtr, smallAllocator, largeAllocator);
+
+ return allocateObject(allocator, structure, butterfly, slowPath);
+ }
+
</ins><span class="cx"> // Returns a pointer to the end of the allocation.
</span><span class="cx"> LValue allocateBasicStorageAndGetEnd(LValue size, LBasicBlock slowPath)
</span><span class="cx"> {
</span><span class="lines">@@ -5663,19 +6059,6 @@
</span><span class="cx"> return m_out.phi(m_out.int32, fastResult, slowResult);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void checkArgumentsNotCreated()
- {
- CodeOrigin codeOrigin = m_node->origin.semantic;
- VirtualRegister argumentsRegister = m_graph.argumentsRegisterFor(codeOrigin);
- if (isEmptySpeculation(m_state.variables().operand(argumentsRegister).m_type))
- return;
-
- VirtualRegister argsReg = m_graph.machineArgumentsRegisterFor(codeOrigin);
- speculate(
- ArgumentsEscaped, noValue(), 0,
- m_out.notZero64(m_out.load64(addressFor(argsReg))));
- }
-
</del><span class="cx"> void speculate(
</span><span class="cx"> ExitKind kind, FormattedValue lowValue, Node* highValue, LValue failCondition)
</span><span class="cx"> {
</span><span class="lines">@@ -6363,6 +6746,16 @@
</span><span class="cx"> DFG_CRASH(m_graph, m_node, "Corrupt array class");
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case Array::DirectArguments:
+ return m_out.equal(
+ m_out.load8(cell, m_heaps.JSCell_typeInfoType),
+ m_out.constInt8(DirectArgumentsType));
+
+ case Array::ScopedArguments:
+ return m_out.equal(
+ m_out.load8(cell, m_heaps.JSCell_typeInfoType),
+ m_out.constInt8(ScopedArgumentsType));
+
</ins><span class="cx"> default:
</span><span class="cx"> return m_out.equal(
</span><span class="cx"> m_out.load8(cell, m_heaps.JSCell_typeInfoType),
</span><span class="lines">@@ -6651,7 +7044,7 @@
</span><span class="cx"> // Buffer has space, store to it.
</span><span class="cx"> m_out.appendTo(bufferHasSpace, bufferIsFull);
</span><span class="cx"> LValue writeBarrierBufferBase = m_out.loadPtr(m_out.absolute(&vm().heap.writeBarrierBuffer().m_buffer));
</span><del>- m_out.storePtr(base, m_out.baseIndex(m_heaps.WriteBarrierBuffer_bufferContents, writeBarrierBufferBase, m_out.zeroExt(currentBufferIndex, m_out.intPtr), ScalePtr));
</del><ins>+ m_out.storePtr(base, m_out.baseIndex(m_heaps.WriteBarrierBuffer_bufferContents, writeBarrierBufferBase, m_out.zeroExtPtr(currentBufferIndex)));
</ins><span class="cx"> m_out.store32(m_out.add(currentBufferIndex, m_out.constInt32(1)), m_out.absolute(&vm().heap.writeBarrierBuffer().m_currentIndex));
</span><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="lines">@@ -6789,12 +7182,14 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> Node* node = availability.node();
</span><del>- if (!node->isPhantomObjectAllocation())
</del><ins>+ if (!node->isPhantomAllocation())
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> auto result = map.add(node, nullptr);
</span><del>- if (result.isNewEntry)
- result.iterator->value = exit.m_materializations.add(node->op());
</del><ins>+ if (result.isNewEntry) {
+ result.iterator->value =
+ exit.m_materializations.add(node->op(), node->origin.semantic);
+ }
</ins><span class="cx"> });
</span><span class="cx">
</span><span class="cx"> for (unsigned i = 0; i < exit.m_values.size(); ++i) {
</span><span class="lines">@@ -6861,9 +7256,6 @@
</span><span class="cx">
</span><span class="cx"> case FlushedDouble:
</span><span class="cx"> return ExitValue::inJSStackAsDouble(flush.virtualRegister());
</span><del>-
- case FlushedArguments:
- return ExitValue::argumentsObjectThatWasNotCreated();
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> DFG_CRASH(m_graph, m_node, "Invalid flush format");
</span><span class="lines">@@ -6889,13 +7281,9 @@
</span><span class="cx"> case DoubleConstant:
</span><span class="cx"> return ExitValue::constant(node->asJSValue());
</span><span class="cx">
</span><del>- case PhantomArguments:
- return ExitValue::argumentsObjectThatWasNotCreated();
-
- case PhantomNewObject:
- return ExitValue::materializeNewObject(map.get(node));
-
</del><span class="cx"> default:
</span><ins>+ if (node->isPhantomAllocation())
+ return ExitValue::materializeNewObject(map.get(node));
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -7068,9 +7456,9 @@
</span><span class="cx"> LValue tableIndex = m_out.load32(value, m_heaps.JSCell_structureID);
</span><span class="cx"> LValue tableBase = m_out.loadPtr(
</span><span class="cx"> m_out.absolute(vm().heap.structureIDTable().base()));
</span><del>- LValue pointerIntoTable = m_out.baseIndex(
- tableBase, m_out.zeroExt(tableIndex, m_out.intPtr), ScaleEight);
- return m_out.loadPtr(TypedPointer(m_heaps.structureTable, pointerIntoTable));
</del><ins>+ TypedPointer address = m_out.baseIndex(
+ m_heaps.structureTable, tableBase, m_out.zeroExtPtr(tableIndex));
+ return m_out.loadPtr(address);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue weakPointer(JSCell* pointer)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLOSRExitCompilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -73,10 +73,6 @@
</span><span class="cx"> jit.load64(AssemblyHelpers::addressFor(value.virtualRegister()), GPRInfo::regT0);
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case ExitValueArgumentsObjectThatWasNotCreated:
- jit.move(MacroAssembler::TrustedImm64(JSValue::encode(JSValue())), GPRInfo::regT0);
- break;
-
</del><span class="cx"> case ExitValueRecovery:
</span><span class="cx"> record->locations[value.rightRecoveryArgument()].restoreInto(
</span><span class="cx"> jit, stackmaps, registerScratch, GPRInfo::regT1);
</span><span class="lines">@@ -230,7 +226,11 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Materialize all objects. Don't materialize an object until all of the objects it needs
</span><del>- // have been materialized.
</del><ins>+ // have been materialized. Curiously, this is the only place that we have an algorithm that prevents
+ // OSR exit from handling cyclic object materializations. Of course, object allocation sinking
+ // currently wouldn't recognize a cycle as being sinkable - but if it did then the only thing that
+ // would ahve to change is this fixpoint. Instead we would allocate the objects first and populate
+ // them with data later.
</ins><span class="cx"> HashSet<ExitTimeObjectMaterialization*> toMaterialize;
</span><span class="cx"> for (ExitTimeObjectMaterialization* materialization : exit.m_materializations)
</span><span class="cx"> toMaterialize.add(materialization);
</span><span class="lines">@@ -443,15 +443,6 @@
</span><span class="cx">
</span><span class="cx"> handleExitCounts(jit, exit);
</span><span class="cx"> reifyInlinedCallFrames(jit, exit);
</span><del>-
- ArgumentsRecoveryGenerator argumentsRecovery;
- for (unsigned index = exit.m_values.size(); index--;) {
- if (!exit.m_values[index].isArgumentsObjectThatWasNotCreated())
- continue;
- int operand = exit.m_values.operandForIndex(index);
- argumentsRecovery.generateFor(operand, exit.m_codeOrigin, jit);
- }
-
</del><span class="cx"> adjustAndJumpToTarget(jit, exit);
</span><span class="cx">
</span><span class="cx"> LinkBuffer patchBuffer(*vm, jit, codeBlock);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,6 +28,8 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx">
</span><ins>+#include "ClonedArguments.h"
+#include "DirectArguments.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace FTL {
</span><span class="lines">@@ -54,42 +56,139 @@
</span><span class="cx"> // We cannot GC. We've got pointers in evil places.
</span><span class="cx"> DeferGCForAWhile deferGC(vm.heap);
</span><span class="cx">
</span><del>- // In the future, we may have many different kinds of materializations. For now we just
- // materialize NewObject.
- RELEASE_ASSERT(materialization->type() == PhantomNewObject);
-
- // First figure out what the structure is.
- Structure* structure = nullptr;
- for (unsigned i = materialization->properties().size(); i--;) {
- const ExitPropertyValue& property = materialization->properties()[i];
- if (property.location() != PromotedLocationDescriptor(StructurePLoc))
- continue;
</del><ins>+ switch (materialization->type()) {
+ case PhantomNewObject: {
+ // First figure out what the structure is.
+ Structure* structure = nullptr;
+ for (unsigned i = materialization->properties().size(); i--;) {
+ const ExitPropertyValue& property = materialization->properties()[i];
+ if (property.location() != PromotedLocationDescriptor(StructurePLoc))
+ continue;
</ins><span class="cx">
</span><del>- structure = jsCast<Structure*>(JSValue::decode(values[i]));
- }
- RELEASE_ASSERT(structure);
</del><ins>+ structure = jsCast<Structure*>(JSValue::decode(values[i]));
+ break;
+ }
+ RELEASE_ASSERT(structure);
</ins><span class="cx">
</span><del>- // Let's create that object!
- JSFinalObject* result = JSFinalObject::create(vm, structure);
</del><ins>+ // Let's create that object!
+ JSFinalObject* result = JSFinalObject::create(vm, structure);
</ins><span class="cx">
</span><del>- // Now figure out what the heck to populate the object with. Use getPropertiesConcurrently()
- // because that happens to be lower-level and more convenient. It doesn't change the
- // materialization of the property table. We want to have minimal visible effects on the
- // system. Also, don't mind that this is O(n^2). It doesn't matter. We only get here from OSR
- // exit.
- for (PropertyMapEntry entry : structure->getPropertiesConcurrently()) {
- for (unsigned i = materialization->properties().size(); i--;) {
- const ExitPropertyValue& property = materialization->properties()[i];
- if (property.location().kind() != NamedPropertyPLoc)
- continue;
- if (codeBlock->identifier(property.location().info()).impl() != entry.key)
- continue;
</del><ins>+ // Now figure out what the heck to populate the object with. Use getPropertiesConcurrently()
+ // because that happens to be lower-level and more convenient. It doesn't change the
+ // materialization of the property table. We want to have minimal visible effects on the
+ // system. Also, don't mind that this is O(n^2). It doesn't matter. We only get here from OSR
+ // exit.
+ for (PropertyMapEntry entry : structure->getPropertiesConcurrently()) {
+ for (unsigned i = materialization->properties().size(); i--;) {
+ const ExitPropertyValue& property = materialization->properties()[i];
+ if (property.location().kind() != NamedPropertyPLoc)
+ continue;
+ if (codeBlock->identifier(property.location().info()).impl() != entry.key)
+ continue;
</ins><span class="cx">
</span><del>- result->putDirect(vm, entry.offset, JSValue::decode(values[i]));
</del><ins>+ result->putDirect(vm, entry.offset, JSValue::decode(values[i]));
+ }
</ins><span class="cx"> }
</span><ins>+
+ return result;
</ins><span class="cx"> }
</span><del>-
- return result;
</del><ins>+
+ case PhantomDirectArguments:
+ case PhantomClonedArguments: {
+ if (!materialization->origin().inlineCallFrame) {
+ switch (materialization->type()) {
+ case PhantomDirectArguments:
+ return DirectArguments::createByCopying(exec);
+ case PhantomClonedArguments:
+ return ClonedArguments::createWithMachineFrame(exec, exec, ArgumentsMode::Cloned);
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ return nullptr;
+ }
+ }
+
+ // First figure out the argument count. If there isn't one then we represent the machine frame.
+ unsigned argumentCount = 0;
+ if (materialization->origin().inlineCallFrame->isVarargs()) {
+ for (unsigned i = materialization->properties().size(); i--;) {
+ const ExitPropertyValue& property = materialization->properties()[i];
+ if (property.location() != PromotedLocationDescriptor(ArgumentCountPLoc))
+ continue;
+
+ argumentCount = JSValue::decode(values[i]).asUInt32();
+ RELEASE_ASSERT(argumentCount);
+ break;
+ }
+ RELEASE_ASSERT(argumentCount);
+ } else
+ argumentCount = materialization->origin().inlineCallFrame->arguments.size();
+
+ JSFunction* callee = nullptr;
+ if (materialization->origin().inlineCallFrame->isClosureCall) {
+ for (unsigned i = materialization->properties().size(); i--;) {
+ const ExitPropertyValue& property = materialization->properties()[i];
+ if (property.location() != PromotedLocationDescriptor(ArgumentsCalleePLoc))
+ continue;
+
+ callee = jsCast<JSFunction*>(JSValue::decode(values[i]));
+ break;
+ }
+ } else
+ callee = materialization->origin().inlineCallFrame->calleeConstant();
+ RELEASE_ASSERT(callee);
+
+ CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(
+ materialization->origin(), exec->codeBlock());
+
+ // We have an inline frame and we have all of the data we need to recreate it.
+ switch (materialization->type()) {
+ case PhantomDirectArguments: {
+ unsigned length = argumentCount - 1;
+ unsigned capacity = std::max(length, static_cast<unsigned>(codeBlock->numParameters() - 1));
+ DirectArguments* result = DirectArguments::create(
+ vm, codeBlock->globalObject()->directArgumentsStructure(), length, capacity);
+ result->callee().set(vm, result, callee);
+ for (unsigned i = materialization->properties().size(); i--;) {
+ const ExitPropertyValue& property = materialization->properties()[i];
+ if (property.location().kind() != ArgumentPLoc)
+ continue;
+
+ unsigned index = property.location().info();
+ if (index >= capacity)
+ continue;
+ result->setIndexQuickly(vm, index, JSValue::decode(values[i]));
+ }
+ return result;
+ }
+ case PhantomClonedArguments: {
+ unsigned length = argumentCount - 1;
+ ClonedArguments* result = ClonedArguments::createEmpty(
+ vm, codeBlock->globalObject()->outOfBandArgumentsStructure(), callee);
+
+ for (unsigned i = materialization->properties().size(); i--;) {
+ const ExitPropertyValue& property = materialization->properties()[i];
+ if (property.location().kind() != ArgumentPLoc)
+ continue;
+
+ unsigned index = property.location().info();
+ if (index >= length)
+ continue;
+ result->putDirectIndex(exec, index, JSValue::decode(values[i]));
+ }
+
+ result->putDirect(vm, vm.propertyNames->length, jsNumber(length));
+ return result;
+ }
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ return nullptr;
+ }
+ }
+
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ return nullptr;
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } } // namespace JSC::FTL
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLOutputh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLOutput.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLOutput.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/ftl/FTLOutput.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -133,8 +133,8 @@
</span><span class="cx"> LValue bitOr(LValue left, LValue right) { return buildOr(m_builder, left, right); }
</span><span class="cx"> LValue bitXor(LValue left, LValue right) { return buildXor(m_builder, left, right); }
</span><span class="cx"> LValue shl(LValue left, LValue right) { return buildShl(m_builder, left, right); }
</span><del>- LValue aShr(LValue left, LValue right) { return buildAShr(m_builder, left, right); }
- LValue lShr(LValue left, LValue right) { return buildLShr(m_builder, left, right); }
</del><ins>+ LValue aShr(LValue left, LValue right) { return buildAShr(m_builder, left, right); } // arithmetic = signed
+ LValue lShr(LValue left, LValue right) { return buildLShr(m_builder, left, right); } // logical = unsigned
</ins><span class="cx"> LValue bitNot(LValue value) { return buildNot(m_builder, value); }
</span><span class="cx">
</span><span class="cx"> LValue insertElement(LValue vector, LValue element, LValue index) { return buildInsertElement(m_builder, vector, element, index); }
</span><span class="lines">@@ -202,6 +202,7 @@
</span><span class="cx">
</span><span class="cx"> LValue signExt(LValue value, LType type) { return buildSExt(m_builder, value, type); }
</span><span class="cx"> LValue zeroExt(LValue value, LType type) { return buildZExt(m_builder, value, type); }
</span><ins>+ LValue zeroExtPtr(LValue value) { return zeroExt(value, intPtr); }
</ins><span class="cx"> LValue fpToInt(LValue value, LType type) { return buildFPToSI(m_builder, value, type); }
</span><span class="cx"> LValue fpToUInt(LValue value, LType type) { return buildFPToUI(m_builder, value, type); }
</span><span class="cx"> LValue fpToInt32(LValue value) { return fpToInt(value, int32); }
</span><span class="lines">@@ -217,6 +218,8 @@
</span><span class="cx"> LValue ptrToInt(LValue value, LType type) { return buildPtrToInt(m_builder, value, type); }
</span><span class="cx"> LValue bitCast(LValue value, LType type) { return buildBitCast(m_builder, value, type); }
</span><span class="cx">
</span><ins>+ // Hilariously, the #define machinery in the stdlib means that this method is actually called
+ // __builtin_alloca. So far this appears benign. :-|
</ins><span class="cx"> LValue alloca(LType type) { return buildAlloca(m_builder, type); }
</span><span class="cx">
</span><span class="cx"> // Access the value of an alloca. Also used as a low-level implementation primitive for
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapCopyTokenh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/CopyToken.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/CopyToken.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/heap/CopyToken.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,7 +32,7 @@
</span><span class="cx"> ButterflyCopyToken,
</span><span class="cx"> TypedArrayVectorCopyToken,
</span><span class="cx"> MapBackingStoreCopyToken,
</span><del>- ArgumentsSlowArgumentDataCopyToken
</del><ins>+ DirectArgumentsOverridesCopyToken
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterCallFrameh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/CallFrame.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/CallFrame.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/interpreter/CallFrame.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -239,6 +239,15 @@
</span><span class="cx"> this[argumentOffset(argument)] = value;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ JSValue getArgumentUnsafe(size_t argIndex)
+ {
+ // User beware! This method does not verify that there is a valid
+ // argument at the specified argIndex. This is used for debugging
+ // and verification code only. The caller is expected to know what
+ // he/she is doing when calling this method.
+ return this[argumentOffset(argIndex)].jsValue();
+ }
+
</ins><span class="cx"> static int thisArgumentOffset() { return argumentOffsetIncludingThis(0); }
</span><span class="cx"> JSValue thisValue() { return this[thisArgumentOffset()].jsValue(); }
</span><span class="cx"> void setThisValue(JSValue value) { this[thisArgumentOffset()] = value; }
</span><span class="lines">@@ -295,15 +304,6 @@
</span><span class="cx"> return argIndex;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- JSValue getArgumentUnsafe(size_t argIndex)
- {
- // User beware! This method does not verify that there is a valid
- // argument at the specified argIndex. This is used for debugging
- // and verification code only. The caller is expected to know what
- // he/she is doing when calling this method.
- return this[argumentOffset(argIndex)].jsValue();
- }
-
</del><span class="cx"> void* callerFrameOrVMEntryFrame() const { return callerFrameAndPC().callerFrame; }
</span><span class="cx">
</span><span class="cx"> CallerFrameAndPC& callerFrameAndPC() { return *reinterpret_cast<CallerFrameAndPC*>(this); }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -30,11 +30,12 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "BatchedTransitionOptimizer.h"
</span><span class="cx"> #include "CallFrameClosure.h"
</span><span class="cx"> #include "CallFrameInlines.h"
</span><ins>+#include "ClonedArguments.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "Debugger.h"
</span><span class="cx"> #include "DebuggerCallFrame.h"
</span><span class="lines">@@ -44,6 +45,7 @@
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSLexicalEnvironment.h"
</span><span class="cx"> #include "JSNameScope.h"
</span><span class="cx"> #include "JSNotAnObject.h"
</span><span class="lines">@@ -55,13 +57,13 @@
</span><span class="cx"> #include "LegacyProfiler.h"
</span><span class="cx"> #include "LiteralParser.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><del>-#include "JSCInlines.h"
</del><span class="cx"> #include "Parser.h"
</span><span class="cx"> #include "ProtoCallFrame.h"
</span><span class="cx"> #include "RegExpObject.h"
</span><span class="cx"> #include "RegExpPrototype.h"
</span><span class="cx"> #include "Register.h"
</span><span class="cx"> #include "SamplingTool.h"
</span><ins>+#include "ScopedArguments.h"
</ins><span class="cx"> #include "StackAlignment.h"
</span><span class="cx"> #include "StackVisitor.h"
</span><span class="cx"> #include "StrictEvalActivation.h"
</span><span class="lines">@@ -136,20 +138,34 @@
</span><span class="cx">
</span><span class="cx"> unsigned sizeOfVarargs(CallFrame* callFrame, JSValue arguments, uint32_t firstVarArgOffset)
</span><span class="cx"> {
</span><ins>+ if (UNLIKELY(!arguments.isCell())) {
+ if (arguments.isUndefinedOrNull())
+ return 0;
+
+ callFrame->vm().throwException(callFrame, createInvalidFunctionApplyParameterError(callFrame, arguments));
+ return 0;
+ }
+
+ JSCell* cell = arguments.asCell();
</ins><span class="cx"> unsigned length;
</span><del>- if (!arguments)
- length = callFrame->argumentCount();
- else if (arguments.isUndefinedOrNull())
- length = 0;
- else if (!arguments.isObject()) {
</del><ins>+ switch (cell->type()) {
+ case DirectArgumentsType:
+ length = jsCast<DirectArguments*>(cell)->length(callFrame);
+ break;
+ case ScopedArgumentsType:
+ length =jsCast<ScopedArguments*>(cell)->length(callFrame);
+ break;
+ case StringType:
</ins><span class="cx"> callFrame->vm().throwException(callFrame, createInvalidFunctionApplyParameterError(callFrame, arguments));
</span><span class="cx"> return 0;
</span><del>- } else if (asObject(arguments)->classInfo() == Arguments::info())
- length = asArguments(arguments)->length(callFrame);
- else if (isJSArray(arguments))
- length = asArray(arguments)->length();
- else
- length = asObject(arguments)->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
</del><ins>+ default:
+ ASSERT(arguments.isObject());
+ if (isJSArray(cell))
+ length = jsCast<JSArray*>(cell)->length();
+ else
+ length = jsCast<JSObject*>(cell)->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
+ break;
+ }
</ins><span class="cx">
</span><span class="cx"> if (length >= firstVarArgOffset)
</span><span class="cx"> length -= firstVarArgOffset;
</span><span class="lines">@@ -164,7 +180,7 @@
</span><span class="cx"> unsigned length = sizeOfVarargs(callFrame, arguments, firstVarArgOffset);
</span><span class="cx">
</span><span class="cx"> CallFrame* calleeFrame = calleeFrameForVarargs(callFrame, numUsedStackSlots, length + 1);
</span><del>- if (length > Arguments::MaxArguments || !stack->ensureCapacityFor(calleeFrame->registers())) {
</del><ins>+ if (length > maxArguments || !stack->ensureCapacityFor(calleeFrame->registers())) {
</ins><span class="cx"> throwStackOverflowError(callFrame);
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="lines">@@ -174,30 +190,31 @@
</span><span class="cx">
</span><span class="cx"> void loadVarargs(CallFrame* callFrame, VirtualRegister firstElementDest, JSValue arguments, uint32_t offset, uint32_t length)
</span><span class="cx"> {
</span><del>- if (!arguments) { // f.apply(x, arguments), with arguments unmodified.
- for (size_t i = 0; i < length; ++i)
- callFrame->r(firstElementDest + i) = callFrame->argumentAfterCapture(i + offset);
</del><ins>+ if (UNLIKELY(!arguments.isCell()))
</ins><span class="cx"> return;
</span><del>- }
</del><span class="cx">
</span><del>- if (arguments.isUndefinedOrNull())
</del><ins>+ JSCell* cell = arguments.asCell();
+ switch (cell->type()) {
+ case DirectArgumentsType:
+ jsCast<DirectArguments*>(cell)->copyToArguments(callFrame, firstElementDest, offset, length);
</ins><span class="cx"> return;
</span><del>-
- if (asObject(arguments)->classInfo() == Arguments::info()) {
- asArguments(arguments)->copyToArguments(callFrame, firstElementDest, offset, length);
</del><ins>+ case ScopedArgumentsType:
+ jsCast<ScopedArguments*>(cell)->copyToArguments(callFrame, firstElementDest, offset, length);
</ins><span class="cx"> return;
</span><del>- }
-
- if (isJSArray(arguments)) {
- asArray(arguments)->copyToArguments(callFrame, firstElementDest, offset, length);
- return;
- }
-
- for (unsigned i = 0; i < length; ++i) {
- callFrame->r(firstElementDest + i) = asObject(arguments)->get(callFrame, i + offset);
- if (UNLIKELY(callFrame->vm().exception()))
</del><ins>+ default: {
+ ASSERT(arguments.isObject());
+ JSObject* object = jsCast<JSObject*>(cell);
+ if (isJSArray(object)) {
+ jsCast<JSArray*>(object)->copyToArguments(callFrame, firstElementDest, offset, length);
</ins><span class="cx"> return;
</span><del>- }
</del><ins>+ }
+ unsigned i;
+ for (i = 0; i < length && object->canGetIndexQuickly(i + offset); ++i)
+ callFrame->r(firstElementDest + i) = object->getIndexQuickly(i + offset);
+ for (; i < length; ++i)
+ callFrame->r(firstElementDest + i) = object->get(callFrame, i + offset);
+ return;
+ } }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void setupVarargsFrame(CallFrame* callFrame, CallFrame* newCallFrame, JSValue arguments, uint32_t offset, uint32_t length)
</span><span class="lines">@@ -386,25 +403,6 @@
</span><span class="cx"> ASSERT(!callFrame->hadException());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (CodeBlock* codeBlock = visitor->codeBlock()) {
- if (codeBlock->codeType() == FunctionCode && codeBlock->needsActivation()) {
-#if ENABLE(DFG_JIT)
- RELEASE_ASSERT(!visitor->isInlinedFrame());
-#endif
- }
-
- if (codeBlock->codeType() == FunctionCode && codeBlock->usesArguments()) {
- if (Arguments* arguments = visitor->existingArguments()) {
-#if ENABLE(DFG_JIT)
- if (visitor->isInlinedFrame())
- arguments->tearOff(callFrame, visitor->inlineCallFrame());
- else
-#endif
- arguments->tearOff(callFrame);
- }
- }
- }
-
</del><span class="cx"> return !visitor->callerIsVMEntryFrame();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpreterh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -309,6 +309,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> unsigned sizeOfVarargs(CallFrame* exec, JSValue arguments, uint32_t firstVarArgOffset);
</span><ins>+ static const unsigned maxArguments = 0x10000;
</ins><span class="cx"> unsigned sizeFrameForVarargs(CallFrame* exec, JSStack*, JSValue arguments, unsigned numUsedStackSlots, uint32_t firstVarArgOffset);
</span><span class="cx"> void loadVarargs(CallFrame* execCaller, VirtualRegister firstElementDest, JSValue source, uint32_t offset, uint32_t length);
</span><span class="cx"> void setupVarargsFrame(CallFrame* execCaller, CallFrame* execCallee, JSValue arguments, uint32_t firstVarArgOffset, uint32_t length);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterStackVisitorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -26,8 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "StackVisitor.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "CallFrameInlines.h"
</span><ins>+#include "ClonedArguments.h"
</ins><span class="cx"> #include "Executable.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="lines">@@ -255,65 +255,26 @@
</span><span class="cx"> return traceBuild.toString().impl();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-Arguments* StackVisitor::Frame::createArguments()
</del><ins>+ClonedArguments* StackVisitor::Frame::createArguments()
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(m_callFrame);
</span><span class="cx"> CallFrame* physicalFrame = m_callFrame;
</span><del>- VM& vm = physicalFrame->vm();
- Arguments* arguments;
</del><ins>+ ClonedArguments* arguments;
</ins><span class="cx"> ArgumentsMode mode;
</span><span class="cx"> if (Options::enableFunctionDotArguments())
</span><del>- mode = ClonedArgumentsCreationMode;
</del><ins>+ mode = ArgumentsMode::Cloned;
</ins><span class="cx"> else
</span><del>- mode = FakeArgumentValuesCreationMode;
</del><ins>+ mode = ArgumentsMode::FakeValues;
</ins><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx"> if (isInlinedFrame()) {
</span><span class="cx"> ASSERT(m_inlineCallFrame);
</span><del>- arguments = Arguments::create(vm, physicalFrame, m_inlineCallFrame, mode);
- arguments->tearOff(physicalFrame, m_inlineCallFrame);
- jsCast<Arguments*>((JSCell*)arguments);
</del><ins>+ arguments = ClonedArguments::createWithInlineFrame(physicalFrame, physicalFrame, m_inlineCallFrame, mode);
</ins><span class="cx"> } else
</span><span class="cx"> #endif
</span><del>- {
- JSLexicalEnvironment* lexicalEnvironment = nullptr;
- arguments = Arguments::create(vm, physicalFrame, lexicalEnvironment, mode);
- arguments->tearOff(physicalFrame);
- }
</del><ins>+ arguments = ClonedArguments::createWithMachineFrame(physicalFrame, physicalFrame, mode);
</ins><span class="cx"> return arguments;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-Arguments* StackVisitor::Frame::existingArguments()
-{
- if (codeBlock()->codeType() != FunctionCode)
- return 0;
- if (!codeBlock()->usesArguments())
- return 0;
-
- VirtualRegister reg;
-
-#if ENABLE(DFG_JIT)
- if (isInlinedFrame())
- reg = inlineCallFrame()->argumentsRegister;
- else
-#endif // ENABLE(DFG_JIT)
- reg = codeBlock()->argumentsRegister();
-
- // Care should be taken here since exception fuzzing may raise exceptions in
- // places where they would be otherwise impossible. Therefore, callFrame may
- // lack activation even if the codeBlock signals need of activation. Also,
- // even if codeBlock signals the use of arguments, the
- // unmodifiedArgumentsRegister may not be initialized yet (neither locally
- // nor in lexicalEnvironment).
- JSValue result = jsUndefined();
- if (codeBlock()->needsActivation() && callFrame()->hasActivation())
- result = callFrame()->lexicalEnvironment()->registerAt(unmodifiedArgumentsRegister(reg).offset()).get();
- if (!result || !result.isCell()) // Try local unmodifiedArgumentsRegister if lexicalEnvironment is not present (generally possible) or has not set up registers yet (only possible if fuzzing exceptions).
- result = callFrame()->r(unmodifiedArgumentsRegister(reg).offset()).jsValue();
- if (!result || !result.isCell()) // Protect against the case when exception fuzzing throws when unmodifiedArgumentsRegister is not set up yet (e.g., in op_enter).
- return 0;
- return jsCast<Arguments*>(result);
-}
-
</del><span class="cx"> void StackVisitor::Frame::computeLineAndColumn(unsigned& line, unsigned& column)
</span><span class="cx"> {
</span><span class="cx"> CodeBlock* codeBlock = this->codeBlock();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterStackVisitorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/StackVisitor.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/StackVisitor.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/interpreter/StackVisitor.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -34,12 +34,12 @@
</span><span class="cx"> struct CodeOrigin;
</span><span class="cx"> struct InlineCallFrame;
</span><span class="cx">
</span><del>-class Arguments;
</del><span class="cx"> class CodeBlock;
</span><span class="cx"> class ExecState;
</span><span class="cx"> class JSFunction;
</span><span class="cx"> class JSObject;
</span><span class="cx"> class JSScope;
</span><ins>+class ClonedArguments;
</ins><span class="cx"> class Register;
</span><span class="cx">
</span><span class="cx"> typedef ExecState CallFrame;
</span><span class="lines">@@ -78,8 +78,7 @@
</span><span class="cx"> CodeType codeType() const;
</span><span class="cx"> JS_EXPORT_PRIVATE void computeLineAndColumn(unsigned& line, unsigned& column);
</span><span class="cx">
</span><del>- Arguments* createArguments();
- Arguments* existingArguments();
</del><ins>+ ClonedArguments* createArguments();
</ins><span class="cx"> VMEntryFrame* vmEntryFrame() const { return m_VMEntryFrame; }
</span><span class="cx"> CallFrame* callFrame() const { return m_callFrame; }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -88,6 +88,16 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void storeValue(JSValueRegs regs, BaseIndex address)
+ {
+#if USE(JSVALUE64)
+ store64(regs.gpr(), address);
+#else
+ store32(regs.payloadGPR(), address.withOffset(PayloadOffset));
+ store32(regs.tagGPR(), address.withOffset(TagOffset));
+#endif
+ }
+
</ins><span class="cx"> void storeValue(JSValueRegs regs, void* address)
</span><span class="cx"> {
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="lines">@@ -113,6 +123,26 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void loadValue(BaseIndex address, JSValueRegs regs)
+ {
+#if USE(JSVALUE64)
+ load64(address, regs.gpr());
+#else
+ if (address.base == regs.payloadGPR() || address.index == regs.payloadGPR()) {
+ // We actually could handle the case where the registers are aliased to both
+ // tag and payload, but we don't for now.
+ RELEASE_ASSERT(address.base != regs.tagGPR());
+ RELEASE_ASSERT(address.index != regs.tagGPR());
+
+ load32(address.withOffset(TagOffset), regs.tagGPR());
+ load32(address.withOffset(PayloadOffset), regs.payloadGPR());
+ } else {
+ load32(address.withOffset(PayloadOffset), regs.payloadGPR());
+ load32(address.withOffset(TagOffset), regs.tagGPR());
+ }
+#endif
+ }
+
</ins><span class="cx"> void moveTrustedValue(JSValue value, JSValueRegs regs)
</span><span class="cx"> {
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="lines">@@ -122,7 +152,27 @@
</span><span class="cx"> move(TrustedImm32(value.payload()), regs.payloadGPR());
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><ins>+
+ void storeTrustedValue(JSValue value, Address address)
+ {
+#if USE(JSVALUE64)
+ store64(TrustedImm64(JSValue::encode(value)), address);
+#else
+ store32(TrustedImm32(value.tag()), address.withOffset(TagOffset));
+ store32(TrustedImm32(value.payload()), address.withOffset(PayloadOffset));
+#endif
+ }
</ins><span class="cx">
</span><ins>+ void storeTrustedValue(JSValue value, BaseIndex address)
+ {
+#if USE(JSVALUE64)
+ store64(TrustedImm64(JSValue::encode(value)), address);
+#else
+ store32(TrustedImm32(value.tag()), address.withOffset(TagOffset));
+ store32(TrustedImm32(value.payload()), address.withOffset(PayloadOffset));
+#endif
+ }
+
</ins><span class="cx"> #if CPU(X86_64) || CPU(X86)
</span><span class="cx"> static size_t prologueStackPointerDelta()
</span><span class="cx"> {
</span><span class="lines">@@ -326,7 +376,24 @@
</span><span class="cx"> return branch32(MacroAssembler::NotEqual, reg, TrustedImm32(JSValue::CellTag));
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><ins>+ Jump branchIfNotCell(JSValueRegs regs)
+ {
+#if USE(JSVALUE64)
+ return branchIfNotCell(regs.gpr());
+#else
+ return branchIfNotCell(regs.tagGPR());
+#endif
+ }
</ins><span class="cx">
</span><ins>+ Jump branchIsEmpty(JSValueRegs regs)
+ {
+#if USE(JSVALUE64)
+ return branchTest64(Zero, regs.gpr());
+#else
+ return branch32(Equal, regs.tagGPR(), TrustedImm32(JSValue::EmptyValueTag));
+#endif
+ }
+
</ins><span class="cx"> static Address addressForByteOffset(ptrdiff_t byteOffset)
</span><span class="cx"> {
</span><span class="cx"> return Address(GPRInfo::callFrameRegister, byteOffset);
</span><span class="lines">@@ -634,46 +701,25 @@
</span><span class="cx"> return m_baselineCodeBlock;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- VirtualRegister baselineArgumentsRegisterFor(InlineCallFrame* inlineCallFrame)
- {
- if (!inlineCallFrame)
- return baselineCodeBlock()->argumentsRegister();
-
- return VirtualRegister(baselineCodeBlockForInlineCallFrame(
- inlineCallFrame)->argumentsRegister().offset() + inlineCallFrame->stackOffset);
- }
-
- VirtualRegister baselineArgumentsRegisterFor(const CodeOrigin& codeOrigin)
- {
- return baselineArgumentsRegisterFor(codeOrigin.inlineCallFrame);
- }
-
</del><span class="cx"> SymbolTable* symbolTableFor(const CodeOrigin& codeOrigin)
</span><span class="cx"> {
</span><span class="cx"> return baselineCodeBlockFor(codeOrigin)->symbolTable();
</span><span class="cx"> }
</span><span class="cx">
</span><del>- int offsetOfLocals(const CodeOrigin& codeOrigin)
</del><ins>+ static VirtualRegister argumentsStart(InlineCallFrame* inlineCallFrame)
</ins><span class="cx"> {
</span><del>- if (!codeOrigin.inlineCallFrame)
- return 0;
- return codeOrigin.inlineCallFrame->stackOffset * sizeof(Register);
- }
-
- int offsetOfArguments(InlineCallFrame* inlineCallFrame)
- {
</del><span class="cx"> if (!inlineCallFrame)
</span><del>- return CallFrame::argumentOffset(0) * sizeof(Register);
</del><ins>+ return VirtualRegister(CallFrame::argumentOffset(0));
</ins><span class="cx"> if (inlineCallFrame->arguments.size() <= 1)
</span><del>- return 0;
</del><ins>+ return virtualRegisterForLocal(0);
</ins><span class="cx"> ValueRecovery recovery = inlineCallFrame->arguments[1];
</span><span class="cx"> RELEASE_ASSERT(recovery.technique() == DisplacedInJSStack);
</span><del>- return recovery.virtualRegister().offset() * sizeof(Register);
</del><ins>+ return recovery.virtualRegister();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- int offsetOfArguments(const CodeOrigin& codeOrigin)
</del><ins>+ static VirtualRegister argumentsStart(const CodeOrigin& codeOrigin)
</ins><span class="cx"> {
</span><del>- return offsetOfArguments(codeOrigin.inlineCallFrame);
</del><ins>+ return argumentsStart(codeOrigin.inlineCallFrame);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void emitLoadStructure(RegisterID source, RegisterID dest, RegisterID scratch)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCCallHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CCallHelpers.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CCallHelpers.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/CCallHelpers.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -33,12 +33,34 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+#if CPU(MIPS) || (OS(WINDOWS) && CPU(X86_64))
+#define POKE_ARGUMENT_OFFSET 4
+#else
+#define POKE_ARGUMENT_OFFSET 0
+#endif
+
</ins><span class="cx"> class CCallHelpers : public AssemblyHelpers {
</span><span class="cx"> public:
</span><span class="cx"> CCallHelpers(VM* vm, CodeBlock* codeBlock = 0)
</span><span class="cx"> : AssemblyHelpers(vm, codeBlock)
</span><span class="cx"> {
</span><span class="cx"> }
</span><ins>+
+ // The most general helper for setting arguments that fit in a GPR, if you can compute each
+ // argument without using any argument registers. You usually want one of the setupArguments*()
+ // methods below instead of this. This thing is most useful if you have *a lot* of arguments.
+ template<typename Functor>
+ void setupArgument(unsigned argumentIndex, const Functor& functor)
+ {
+ unsigned numberOfRegs = GPRInfo::numberOfArgumentRegisters; // Disguise the constant from clang's tautological compare warning.
+ if (argumentIndex < numberOfRegs) {
+ functor(GPRInfo::toArgumentRegister(argumentIndex));
+ return;
+ }
+
+ functor(GPRInfo::nonArgGPR0);
+ poke(GPRInfo::nonArgGPR0, POKE_ARGUMENT_OFFSET + argumentIndex - GPRInfo::numberOfArgumentRegisters);
+ }
</ins><span class="cx">
</span><span class="cx"> // These methods used to sort arguments into the correct registers.
</span><span class="cx"> // On X86 we use cdecl calling conventions, which pass all arguments on the
</span><span class="lines">@@ -863,12 +885,6 @@
</span><span class="cx"> setupThreeStubArgsGPR<GPRInfo::argumentGPR1, GPRInfo::argumentGPR2, GPRInfo::argumentGPR3>(arg1, arg2, arg3);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-#if CPU(MIPS) || (OS(WINDOWS) && CPU(X86_64))
-#define POKE_ARGUMENT_OFFSET 4
-#else
-#define POKE_ARGUMENT_OFFSET 0
-#endif
-
</del><span class="cx"> #if CPU(X86_64) || CPU(ARM64)
</span><span class="cx"> ALWAYS_INLINE void setupArguments(FPRReg arg1)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitGPRInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/GPRInfo.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/GPRInfo.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/GPRInfo.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -54,6 +54,11 @@
</span><span class="cx"> return JSValueRegs(gpr);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ static JSValueRegs withTwoAvailableRegs(GPRReg gpr, GPRReg)
+ {
+ return JSValueRegs(gpr);
+ }
+
</ins><span class="cx"> bool operator!() const { return m_gpr == InvalidGPRReg; }
</span><span class="cx">
</span><span class="cx"> GPRReg gpr() const { return m_gpr; }
</span><span class="lines">@@ -146,6 +151,11 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ static JSValueRegs withTwoAvailableRegs(GPRReg gpr1, GPRReg gpr2)
+ {
+ return JSValueRegs(gpr1, gpr2);
+ }
+
</ins><span class="cx"> static JSValueRegs payloadOnly(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> return JSValueRegs(InvalidGPRReg, gpr);
</span><span class="lines">@@ -325,6 +335,12 @@
</span><span class="cx"> return registerForIndex[index];
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ static GPRReg toArgumentRegister(unsigned)
+ {
+ UNREACHABLE_FOR_PLATFORM();
+ return InvalidGPRReg;
+ }
+
</ins><span class="cx"> static unsigned toIndex(GPRReg reg)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(reg != InvalidGPRReg);
</span><span class="lines">@@ -497,6 +513,13 @@
</span><span class="cx"> return registerForIndex[index];
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ static GPRReg toArgumentRegister(unsigned index)
+ {
+ ASSERT(index < numberOfArgumentRegisters);
+ static const GPRReg registerForIndex[numberOfArgumentRegisters] = { argumentGPR0, argumentGPR1, argumentGPR2, argumentGPR3 };
+ return registerForIndex[index];
+ }
+
</ins><span class="cx"> static unsigned toIndex(GPRReg reg)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(reg != InvalidGPRReg);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JIT.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -202,9 +202,10 @@
</span><span class="cx"> DEFINE_OP(op_construct)
</span><span class="cx"> DEFINE_OP(op_create_this)
</span><span class="cx"> DEFINE_OP(op_to_this)
</span><ins>+ DEFINE_OP(op_create_direct_arguments)
+ DEFINE_OP(op_create_scoped_arguments)
+ DEFINE_OP(op_create_out_of_band_arguments)
</ins><span class="cx"> DEFINE_OP(op_check_tdz)
</span><del>- DEFINE_OP(op_init_lazy_reg)
- DEFINE_OP(op_create_arguments)
</del><span class="cx"> DEFINE_OP(op_debug)
</span><span class="cx"> DEFINE_OP(op_del_by_id)
</span><span class="cx"> DEFINE_OP(op_div)
</span><span class="lines">@@ -217,9 +218,7 @@
</span><span class="cx"> case op_get_by_id_out_of_line:
</span><span class="cx"> case op_get_array_length:
</span><span class="cx"> DEFINE_OP(op_get_by_id)
</span><del>- DEFINE_OP(op_get_arguments_length)
</del><span class="cx"> DEFINE_OP(op_get_by_val)
</span><del>- DEFINE_OP(op_get_argument_by_val)
</del><span class="cx"> DEFINE_OP(op_check_has_instance)
</span><span class="cx"> DEFINE_OP(op_instanceof)
</span><span class="cx"> DEFINE_OP(op_is_undefined)
</span><span class="lines">@@ -291,7 +290,6 @@
</span><span class="cx"> DEFINE_OP(op_switch_char)
</span><span class="cx"> DEFINE_OP(op_switch_imm)
</span><span class="cx"> DEFINE_OP(op_switch_string)
</span><del>- DEFINE_OP(op_tear_off_arguments)
</del><span class="cx"> DEFINE_OP(op_throw)
</span><span class="cx"> DEFINE_OP(op_throw_static_error)
</span><span class="cx"> DEFINE_OP(op_to_number)
</span><span class="lines">@@ -300,6 +298,8 @@
</span><span class="cx"> DEFINE_OP(op_resolve_scope)
</span><span class="cx"> DEFINE_OP(op_get_from_scope)
</span><span class="cx"> DEFINE_OP(op_put_to_scope)
</span><ins>+ DEFINE_OP(op_get_from_arguments)
+ DEFINE_OP(op_put_to_arguments)
</ins><span class="cx">
</span><span class="cx"> DEFINE_OP(op_get_enumerable_length)
</span><span class="cx"> DEFINE_OP(op_has_generic_property)
</span><span class="lines">@@ -384,9 +384,7 @@
</span><span class="cx"> case op_get_by_id_out_of_line:
</span><span class="cx"> case op_get_array_length:
</span><span class="cx"> DEFINE_SLOWCASE_OP(op_get_by_id)
</span><del>- DEFINE_SLOWCASE_OP(op_get_arguments_length)
</del><span class="cx"> DEFINE_SLOWCASE_OP(op_get_by_val)
</span><del>- DEFINE_SLOWCASE_OP(op_get_argument_by_val)
</del><span class="cx"> DEFINE_SLOWCASE_OP(op_check_has_instance)
</span><span class="cx"> DEFINE_SLOWCASE_OP(op_instanceof)
</span><span class="cx"> DEFINE_SLOWCASE_OP(op_jfalse)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JIT.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -346,6 +346,8 @@
</span><span class="cx"> JumpList emitDoubleGetByVal(Instruction*, PatchableJump& badType);
</span><span class="cx"> JumpList emitContiguousGetByVal(Instruction*, PatchableJump& badType, IndexingType expectedShape = ContiguousShape);
</span><span class="cx"> JumpList emitArrayStorageGetByVal(Instruction*, PatchableJump& badType);
</span><ins>+ JumpList emitDirectArgumentsGetByVal(Instruction*, PatchableJump& badType);
+ JumpList emitScopedArgumentsGetByVal(Instruction*, PatchableJump& badType);
</ins><span class="cx"> JumpList emitIntTypedArrayGetByVal(Instruction*, PatchableJump& badType, TypedArrayType);
</span><span class="cx"> JumpList emitFloatTypedArrayGetByVal(Instruction*, PatchableJump& badType, TypedArrayType);
</span><span class="cx">
</span><span class="lines">@@ -468,8 +470,10 @@
</span><span class="cx"> void emit_op_construct(Instruction*);
</span><span class="cx"> void emit_op_create_this(Instruction*);
</span><span class="cx"> void emit_op_to_this(Instruction*);
</span><ins>+ void emit_op_create_direct_arguments(Instruction*);
+ void emit_op_create_scoped_arguments(Instruction*);
+ void emit_op_create_out_of_band_arguments(Instruction*);
</ins><span class="cx"> void emit_op_check_tdz(Instruction*);
</span><del>- void emit_op_create_arguments(Instruction*);
</del><span class="cx"> void emit_op_debug(Instruction*);
</span><span class="cx"> void emit_op_del_by_id(Instruction*);
</span><span class="cx"> void emit_op_div(Instruction*);
</span><span class="lines">@@ -620,6 +624,8 @@
</span><span class="cx"> void emit_op_resolve_scope(Instruction*);
</span><span class="cx"> void emit_op_get_from_scope(Instruction*);
</span><span class="cx"> void emit_op_put_to_scope(Instruction*);
</span><ins>+ void emit_op_get_from_arguments(Instruction*);
+ void emit_op_put_to_arguments(Instruction*);
</ins><span class="cx"> void emitSlow_op_resolve_scope(Instruction*, Vector<SlowCaseEntry>::iterator&);
</span><span class="cx"> void emitSlow_op_get_from_scope(Instruction*, Vector<SlowCaseEntry>::iterator&);
</span><span class="cx"> void emitSlow_op_put_to_scope(Instruction*, Vector<SlowCaseEntry>::iterator&);
</span><span class="lines">@@ -697,6 +703,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> MacroAssembler::Call callOperation(J_JITOperation_EJIdc, int, GPRReg, const Identifier*);
</span><span class="cx"> MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg);
</span><ins>+ MacroAssembler::Call callOperation(C_JITOperation_EJsc, GPRReg);
</ins><span class="cx"> MacroAssembler::Call callOperation(J_JITOperation_EJscC, int, GPRReg, JSCell*);
</span><span class="cx"> MacroAssembler::Call callOperation(C_JITOperation_EJscZ, GPRReg, int32_t);
</span><span class="cx"> MacroAssembler::Call callOperation(C_JITOperation_EJscZ, int, GPRReg, int32_t);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCallcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCall.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCall.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITCall.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx"> #include "JIT.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "JITInlines.h"
</span><span class="cx"> #include "JSArray.h"
</span><span class="lines">@@ -62,22 +61,6 @@
</span><span class="cx"> int firstFreeRegister = instruction[5].u.operand;
</span><span class="cx"> int firstVarArgOffset = instruction[6].u.operand;
</span><span class="cx">
</span><del>- JumpList slowCase;
- JumpList end;
- bool canOptimize = m_codeBlock->usesArguments()
- && arguments == m_codeBlock->argumentsRegister().offset()
- && !m_codeBlock->symbolTable()->slowArguments();
-
- if (canOptimize) {
- emitGetVirtualRegister(arguments, regT0);
- slowCase.append(branch64(NotEqual, regT0, TrustedImm64(JSValue::encode(JSValue()))));
-
- move(TrustedImm32(-firstFreeRegister), regT1);
- emitSetupVarargsFrameFastCase(*this, regT1, regT0, regT1, regT2, firstVarArgOffset, slowCase);
- end.append(jump());
- slowCase.link(this);
- }
-
</del><span class="cx"> emitGetVirtualRegister(arguments, regT1);
</span><span class="cx"> callOperation(operationSizeFrameForVarargs, regT1, -firstFreeRegister, firstVarArgOffset);
</span><span class="cx"> move(TrustedImm32(-firstFreeRegister), regT1);
</span><span class="lines">@@ -87,9 +70,6 @@
</span><span class="cx"> callOperation(operationSetupVarargsFrame, regT1, regT2, firstVarArgOffset, regT0);
</span><span class="cx"> move(returnValueGPR, regT1);
</span><span class="cx">
</span><del>- if (canOptimize)
- end.link(this);
-
</del><span class="cx"> // Profile the argument count.
</span><span class="cx"> load32(Address(regT1, JSStack::ArgumentCount * static_cast<int>(sizeof(Register)) + PayloadOffset), regT2);
</span><span class="cx"> load8(&info->maxNumArguments, regT0);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCall32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> #include "JIT.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JITInlines.h"
</span><span class="lines">@@ -122,22 +121,6 @@
</span><span class="cx"> int firstFreeRegister = instruction[5].u.operand;
</span><span class="cx"> int firstVarArgOffset = instruction[6].u.operand;
</span><span class="cx">
</span><del>- JumpList slowCase;
- JumpList end;
- bool canOptimize = m_codeBlock->usesArguments()
- && VirtualRegister(arguments) == m_codeBlock->argumentsRegister()
- && !m_codeBlock->symbolTable()->slowArguments();
-
- if (canOptimize) {
- emitLoadTag(arguments, regT1);
- slowCase.append(branch32(NotEqual, regT1, TrustedImm32(JSValue::EmptyValueTag)));
-
- move(TrustedImm32(-firstFreeRegister), regT1);
- emitSetupVarargsFrameFastCase(*this, regT1, regT0, regT1, regT2, firstVarArgOffset, slowCase);
- end.append(jump());
- slowCase.link(this);
- }
-
</del><span class="cx"> emitLoad(arguments, regT1, regT0);
</span><span class="cx"> callOperation(operationSizeFrameForVarargs, regT1, regT0, -firstFreeRegister, firstVarArgOffset);
</span><span class="cx"> move(TrustedImm32(-firstFreeRegister), regT1);
</span><span class="lines">@@ -147,9 +130,6 @@
</span><span class="cx"> callOperation(operationSetupVarargsFrame, regT1, regT2, regT4, firstVarArgOffset, regT0);
</span><span class="cx"> move(returnValueGPR, regT1);
</span><span class="cx">
</span><del>- if (canOptimize)
- end.link(this);
-
</del><span class="cx"> // Profile the argument count.
</span><span class="cx"> load32(Address(regT1, JSStack::ArgumentCount * static_cast<int>(sizeof(Register)) + PayloadOffset), regT2);
</span><span class="cx"> load8(&info->maxNumArguments, regT0);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlines.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlines.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITInlines.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -193,6 +193,12 @@
</span><span class="cx"> return appendCallWithExceptionCheck(operation);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EJsc operation, GPRReg arg1)
+{
+ setupArgumentsWithExecState(arg1);
+ return appendCallWithExceptionCheck(operation);
+}
+
</ins><span class="cx"> ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EJscZ operation, GPRReg arg1, int32_t arg2)
</span><span class="cx"> {
</span><span class="cx"> setupArgumentsWithExecState(arg1, TrustedImm32(arg2));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> #include "JIT.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "BasicBlockLocation.h"
</span><span class="cx"> #include "CopiedSpaceInlines.h"
</span><span class="cx"> #include "Debugger.h"
</span><span class="lines">@@ -245,18 +244,6 @@
</span><span class="cx"> emitPutVirtualRegister(dst);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emit_op_tear_off_arguments(Instruction* currentInstruction)
-{
- int arguments = currentInstruction[1].u.operand;
- int lexicalEnvironment = currentInstruction[2].u.operand;
-
- Jump argsNotCreated = branchTest64(Zero, Address(callFrameRegister, sizeof(Register) * (VirtualRegister(arguments).offset())));
- emitGetVirtualRegister(VirtualRegister(arguments).offset(), regT0);
- emitGetVirtualRegister(lexicalEnvironment, regT1);
- callOperation(operationTearOffArguments, regT0, regT1);
- argsNotCreated.link(this);
-}
-
</del><span class="cx"> void JIT::emit_op_ret(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(callFrameRegister != regT1);
</span><span class="lines">@@ -677,7 +664,7 @@
</span><span class="cx"> int scope = currentInstruction[2].u.operand;
</span><span class="cx">
</span><span class="cx"> emitGetVirtualRegister(scope, regT0);
</span><del>- callOperation(operationCreateActivation, regT0, 0);
</del><ins>+ callOperation(operationCreateActivation, regT0);
</ins><span class="cx"> emitStoreCell(dst, returnValueGPR);
</span><span class="cx"> emitStoreCell(scope, returnValueGPR);
</span><span class="cx"> }
</span><span class="lines">@@ -690,31 +677,6 @@
</span><span class="cx"> emitStoreCell(dst, regT0);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emit_op_create_arguments(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
- int lexicalEnvironment = currentInstruction[2].u.operand;
-
- Jump argsCreated = branchTest64(NonZero, Address(callFrameRegister, sizeof(Register) * dst));
-
- if (VirtualRegister(lexicalEnvironment).isValid()) {
- emitGetVirtualRegister(lexicalEnvironment, regT0);
- callOperation(operationCreateArguments, regT0);
- } else
- callOperation(operationCreateArguments, TrustedImmPtr(nullptr));
- emitStoreCell(dst, returnValueGPR);
- emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(dst)), returnValueGPR);
-
- argsCreated.link(this);
-}
-
-void JIT::emit_op_init_lazy_reg(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
-
- store64(TrustedImm64((int64_t)0), Address(callFrameRegister, sizeof(Register) * dst));
-}
-
</del><span class="cx"> void JIT::emit_op_to_this(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx"> WriteBarrierBase<Structure>* cachedStructure = &currentInstruction[2].u.structure;
</span><span class="lines">@@ -915,69 +877,6 @@
</span><span class="cx"> slowPathCall.call();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emit_op_get_arguments_length(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
- int argumentsRegister = currentInstruction[2].u.operand;
- addSlowCase(branchTest64(NonZero, addressFor(argumentsRegister)));
- emitGetFromCallFrameHeader32(JSStack::ArgumentCount, regT0);
- sub32(TrustedImm32(1), regT0);
- emitFastArithReTagImmediate(regT0, regT0);
- emitPutVirtualRegister(dst, regT0);
-}
-
-void JIT::emitSlow_op_get_arguments_length(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
- linkSlowCase(iter);
- int dst = currentInstruction[1].u.operand;
- int base = currentInstruction[2].u.operand;
- callOperation(operationGetArgumentsLength, dst, base);
-}
-
-void JIT::emit_op_get_argument_by_val(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
- int argumentsRegister = currentInstruction[2].u.operand;
- int property = currentInstruction[3].u.operand;
- addSlowCase(branchTest64(NonZero, addressFor(argumentsRegister)));
- emitGetVirtualRegister(property, regT1);
- addSlowCase(emitJumpIfNotImmediateInteger(regT1));
- emitGetFromCallFrameHeader32(JSStack::ArgumentCount, regT2);
- sub32(TrustedImm32(1), regT2);
- addSlowCase(branch32(AboveOrEqual, regT1, regT2));
-
- signExtend32ToPtr(regT1, regT1);
- load64(BaseIndex(callFrameRegister, regT1, TimesEight, CallFrame::argumentOffset(0) * static_cast<int>(sizeof(Register))), regT0);
- emitValueProfilingSite();
- emitPutVirtualRegister(dst, regT0);
-}
-
-void JIT::emitSlow_op_get_argument_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
- int dst = currentInstruction[1].u.operand;
- int arguments = currentInstruction[2].u.operand;
- int property = currentInstruction[3].u.operand;
- int lexicalEnvironment = currentInstruction[4].u.operand;
-
- linkSlowCase(iter);
- Jump skipArgumentsCreation = jump();
-
- linkSlowCase(iter);
- linkSlowCase(iter);
- if (VirtualRegister(lexicalEnvironment).isValid()) {
- emitGetVirtualRegister(lexicalEnvironment, regT0);
- callOperation(operationCreateArguments, regT0);
- } else
- callOperation(operationCreateArguments, TrustedImmPtr(nullptr));
- emitStoreCell(arguments, returnValueGPR);
- emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(arguments)), returnValueGPR);
-
- skipArgumentsCreation.link(this);
- emitGetVirtualRegister(arguments, regT0);
- emitGetVirtualRegister(property, regT1);
- callOperation(WithProfile, operationGetByValGeneric, dst, regT0, regT1);
-}
-
</del><span class="cx"> #endif // USE(JSVALUE64)
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_touch_entry(Instruction* currentInstruction)
</span><span class="lines">@@ -1042,13 +941,6 @@
</span><span class="cx"> {
</span><span class="cx"> Jump lazyJump;
</span><span class="cx"> int dst = currentInstruction[1].u.operand;
</span><del>- if (currentInstruction[4].u.operand) {
-#if USE(JSVALUE32_64)
- lazyJump = branch32(NotEqual, tagFor(dst), TrustedImm32(JSValue::EmptyValueTag));
-#else
- lazyJump = branchTest64(NonZero, addressFor(dst));
-#endif
- }
</del><span class="cx">
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx"> emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
</span><span class="lines">@@ -1057,9 +949,6 @@
</span><span class="cx"> #endif
</span><span class="cx"> FunctionExecutable* funcExec = m_codeBlock->functionDecl(currentInstruction[3].u.operand);
</span><span class="cx"> callOperation(operationNewFunction, dst, regT0, funcExec);
</span><del>-
- if (currentInstruction[4].u.operand)
- lazyJump.link(this);
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_new_func_exp(Instruction* currentInstruction)
</span><span class="lines">@@ -1434,6 +1323,24 @@
</span><span class="cx"> basicBlockLocation->emitExecuteCode(*this, regT1);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void JIT::emit_op_create_direct_arguments(Instruction* currentInstruction)
+{
+ JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_create_direct_arguments);
+ slowPathCall.call();
+}
+
+void JIT::emit_op_create_scoped_arguments(Instruction* currentInstruction)
+{
+ JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_create_scoped_arguments);
+ slowPathCall.call();
+}
+
+void JIT::emit_op_create_out_of_band_arguments(Instruction* currentInstruction)
+{
+ JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_create_out_of_band_arguments);
+ slowPathCall.call();
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(JIT)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -349,18 +349,6 @@
</span><span class="cx"> emitStoreBool(dst, regT0);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emit_op_tear_off_arguments(Instruction* currentInstruction)
-{
- VirtualRegister arguments = VirtualRegister(currentInstruction[1].u.operand);
- int lexicalEnvironment = currentInstruction[2].u.operand;
-
- Jump argsNotCreated = branch32(Equal, tagFor(arguments.offset()), TrustedImm32(JSValue::EmptyValueTag));
- emitLoadPayload(arguments.offset(), regT0);
- emitLoadPayload(lexicalEnvironment, regT1);
- callOperation(operationTearOffArguments, regT0, regT1);
- argsNotCreated.link(this);
-}
-
</del><span class="cx"> void JIT::emit_op_to_primitive(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx"> int dst = currentInstruction[1].u.operand;
</span><span class="lines">@@ -909,7 +897,7 @@
</span><span class="cx"> int scope = currentInstruction[2].u.operand;
</span><span class="cx">
</span><span class="cx"> emitLoadPayload(currentInstruction[2].u.operand, regT0);
</span><del>- callOperation(operationCreateActivation, regT0, 0);
</del><ins>+ callOperation(operationCreateActivation, regT0);
</ins><span class="cx"> emitStoreCell(lexicalEnvironment, returnValueGPR);
</span><span class="cx"> emitStoreCell(scope, returnValueGPR);
</span><span class="cx"> }
</span><span class="lines">@@ -922,31 +910,6 @@
</span><span class="cx"> emitStoreCell(dst, regT0);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emit_op_create_arguments(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
- int lexicalEnvironment = currentInstruction[2].u.operand;
-
- Jump argsCreated = branch32(NotEqual, tagFor(dst), TrustedImm32(JSValue::EmptyValueTag));
-
- if (VirtualRegister(lexicalEnvironment).isValid()) {
- emitLoadPayload(lexicalEnvironment, regT0);
- callOperation(operationCreateArguments, regT0);
- } else
- callOperation(operationCreateArguments, TrustedImmPtr(nullptr));
- emitStoreCell(dst, returnValueGPR);
- emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(dst)).offset(), returnValueGPR);
-
- argsCreated.link(this);
-}
-
-void JIT::emit_op_init_lazy_reg(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
-
- emitStore(dst, JSValue());
-}
-
</del><span class="cx"> void JIT::emit_op_create_this(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx"> int callee = currentInstruction[2].u.operand;
</span><span class="lines">@@ -1028,70 +991,6 @@
</span><span class="cx"> profilerDone.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emit_op_get_arguments_length(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
- int argumentsRegister = currentInstruction[2].u.operand;
- addSlowCase(branch32(NotEqual, tagFor(argumentsRegister), TrustedImm32(JSValue::EmptyValueTag)));
- load32(payloadFor(JSStack::ArgumentCount), regT0);
- sub32(TrustedImm32(1), regT0);
- emitStoreInt32(dst, regT0);
-}
-
-void JIT::emitSlow_op_get_arguments_length(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
- linkSlowCase(iter);
- int dst = currentInstruction[1].u.operand;
- int base = currentInstruction[2].u.operand;
- callOperation(operationGetArgumentsLength, dst, base);
-}
-
-void JIT::emit_op_get_argument_by_val(Instruction* currentInstruction)
-{
- int dst = currentInstruction[1].u.operand;
- int argumentsRegister = currentInstruction[2].u.operand;
- int property = currentInstruction[3].u.operand;
- addSlowCase(branch32(NotEqual, tagFor(argumentsRegister), TrustedImm32(JSValue::EmptyValueTag)));
- emitLoad(property, regT1, regT2);
- addSlowCase(branch32(NotEqual, regT1, TrustedImm32(JSValue::Int32Tag)));
- // regT2 now contains the integer index of the argument we want, including this
- load32(payloadFor(JSStack::ArgumentCount), regT3);
- sub32(TrustedImm32(1), regT3);
- addSlowCase(branch32(AboveOrEqual, regT2, regT3));
-
- loadPtr(BaseIndex(callFrameRegister, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload) + CallFrame::argumentOffset(0) * static_cast<int>(sizeof(Register))), regT0);
- loadPtr(BaseIndex(callFrameRegister, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag) + CallFrame::argumentOffset(0) * static_cast<int>(sizeof(Register))), regT1);
- emitValueProfilingSite();
- emitStore(dst, regT1, regT0);
-}
-
-void JIT::emitSlow_op_get_argument_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
- int dst = currentInstruction[1].u.operand;
- int arguments = currentInstruction[2].u.operand;
- int property = currentInstruction[3].u.operand;
- int lexicalEnvironment = currentInstruction[4].u.operand;
-
- linkSlowCase(iter);
- Jump skipArgumentsCreation = jump();
-
- linkSlowCase(iter);
- linkSlowCase(iter);
-
- if (VirtualRegister(lexicalEnvironment).isValid()) {
- emitLoadPayload(lexicalEnvironment, regT0);
- callOperation(operationCreateArguments, regT0);
- } else
- callOperation(operationCreateArguments, TrustedImmPtr(nullptr));
- emitStoreCell(arguments, returnValueGPR);
- emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset(), returnValueGPR);
-
- skipArgumentsCreation.link(this);
- emitLoad(arguments, regT1, regT0);
- emitLoad(property, regT3, regT2);
- callOperation(WithProfile, operationGetByValGeneric, dst, regT1, regT0, regT3, regT2);
-}
-
</del><span class="cx"> void JIT::emit_op_has_structure_property(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx"> int dst = currentInstruction[1].u.operand;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "DFGCompilationMode.h"
</span><span class="cx"> #include "DFGDriver.h"
</span><span class="lines">@@ -47,6 +46,7 @@
</span><span class="cx"> #include "JSCatchScope.h"
</span><span class="cx"> #include "JSFunctionNameScope.h"
</span><span class="cx"> #include "JSGlobalObjectFunctions.h"
</span><ins>+#include "JSLexicalEnvironment.h"
</ins><span class="cx"> #include "JSNameScope.h"
</span><span class="cx"> #include "JSPropertyNameEnumerator.h"
</span><span class="cx"> #include "JSStackInlines.h"
</span><span class="lines">@@ -530,7 +530,7 @@
</span><span class="cx"> if (hasOptimizableIndexing(object->structure(vm))) {
</span><span class="cx"> // Attempt to optimize.
</span><span class="cx"> JITArrayMode arrayMode = jitArrayModeForStructure(object->structure(vm));
</span><del>- if (arrayMode != byValInfo.arrayMode) {
</del><ins>+ if (jitArrayModePermitsPut(arrayMode) && arrayMode != byValInfo.arrayMode) {
</ins><span class="cx"> JIT::compilePutByVal(&vm, exec->codeBlock(), &byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode);
</span><span class="cx"> didOptimize = true;
</span><span class="cx"> }
</span><span class="lines">@@ -575,7 +575,7 @@
</span><span class="cx"> if (hasOptimizableIndexing(object->structure(vm))) {
</span><span class="cx"> // Attempt to optimize.
</span><span class="cx"> JITArrayMode arrayMode = jitArrayModeForStructure(object->structure(vm));
</span><del>- if (arrayMode != byValInfo.arrayMode) {
</del><ins>+ if (jitArrayModePermitsPut(arrayMode) && arrayMode != byValInfo.arrayMode) {
</ins><span class="cx"> JIT::compileDirectPutByVal(&vm, callFrame->codeBlock(), &byValInfo, ReturnAddressPtr(OUR_RETURN_ADDRESS), arrayMode);
</span><span class="cx"> didOptimize = true;
</span><span class="cx"> }
</span><span class="lines">@@ -732,6 +732,7 @@
</span><span class="cx"> callLinkInfo->setSeen();
</span><span class="cx"> else
</span><span class="cx"> linkFor(execCallee, *callLinkInfo, codeBlock, callee, codePtr, kind, registers);
</span><ins>+
</ins><span class="cx"> return reinterpret_cast<char*>(codePtr.executableAddress());
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1353,53 +1354,16 @@
</span><span class="cx"> return JSValue::encode(JSValue());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, JSScope* currentScope, int32_t offset)
</del><ins>+JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, JSScope* currentScope)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><del>- JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->registers() + offset, currentScope, exec->codeBlock());
</del><ins>+ JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, currentScope, exec->codeBlock());
</ins><span class="cx"> return lexicalEnvironment;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-// FIXME: This is a temporary thunk for the DFG until we add the lexicalEnvironment operand to the DFG CreateArguments node.
-JSCell* JIT_OPERATION operationCreateArgumentsForDFG(ExecState* exec)
-{
- JSLexicalEnvironment* lexicalEnvironment = exec->lexicalEnvironmentOrNullptr();
- return operationCreateArguments(exec, lexicalEnvironment);
</del><span class="cx"> }
</span><del>-
-JSCell* JIT_OPERATION operationCreateArguments(ExecState* exec, JSLexicalEnvironment* lexicalEnvironment)
-{
- VM& vm = exec->vm();
- NativeCallFrameTracer tracer(&vm, exec);
- // NB: This needs to be exceedingly careful with top call frame tracking, since it
- // may be called from OSR exit, while the state of the call stack is bizarre.
- Arguments* result = Arguments::create(vm, exec, lexicalEnvironment);
- ASSERT(!vm.exception());
- return result;
-}
</del><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationCreateArgumentsDuringOSRExit(ExecState* exec)
-{
- DeferGCForAWhile(exec->vm().heap);
- JSLexicalEnvironment* lexicalEnvironment = exec->lexicalEnvironmentOrNullptr();
- return operationCreateArguments(exec, lexicalEnvironment);
-}
-
-EncodedJSValue JIT_OPERATION operationGetArgumentsLength(ExecState* exec, int32_t argumentsRegister)
-{
- VM& vm = exec->vm();
- NativeCallFrameTracer tracer(&vm, exec);
- // Here we can assume that the argumernts were created. Because otherwise the JIT code would
- // have not made this call.
- Identifier ident(&vm, "length");
- JSValue baseValue = exec->uncheckedR(argumentsRegister).jsValue();
- PropertySlot slot(baseValue);
- return JSValue::encode(baseValue.get(exec, ident, slot));
-}
-
-}
-
</del><span class="cx"> static JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript, ReturnAddressPtr returnAddress)
</span><span class="cx"> {
</span><span class="cx"> if (LIKELY(baseValue.isCell() && subscript.isString())) {
</span><span class="lines">@@ -1565,12 +1529,6 @@
</span><span class="cx"> return JSValue::encode(result);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT_OPERATION operationTearOffArguments(ExecState* exec, JSCell* argumentsCell, JSCell*)
-{
- ASSERT(exec->codeBlock()->usesArguments());
- jsCast<Arguments*>(argumentsCell)->tearOff(exec);
-}
-
</del><span class="cx"> EncodedJSValue JIT_OPERATION operationDeleteById(ExecState* exec, EncodedJSValue encodedBase, const Identifier* identifier)
</span><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="lines">@@ -1734,7 +1692,7 @@
</span><span class="cx"> ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand);
</span><span class="cx"> if (modeAndType.type() == LocalClosureVar) {
</span><span class="cx"> JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
</span><del>- environment->registerAt(pc[6].u.operand).set(vm, environment, value);
</del><ins>+ environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
</ins><span class="cx"> if (VariableWatchpointSet* set = pc[5].u.watchpointSet)
</span><span class="cx"> set->notifyWrite(vm, value, "Executed op_put_scope<LocalClosureVar>");
</span><span class="cx"> return;
</span><span class="lines">@@ -1795,7 +1753,7 @@
</span><span class="cx"> NativeCallFrameTracer tracer(vm, exec);
</span><span class="cx">
</span><span class="cx"> JSValue value = exec->r(pc[2].u.operand).jsValue();
</span><del>- pc[1].u.registerPointer->set(*vm, exec->codeBlock()->globalObject(), value);
</del><ins>+ pc[1].u.variablePointer->set(*vm, exec->codeBlock()->globalObject(), value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT_OPERATION lookupExceptionHandler(VM* vm, ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -65,11 +65,12 @@
</span><span class="cx"> E: ExecState*
</span><span class="cx"> F: CallFrame*
</span><span class="cx"> I: StringImpl*
</span><del>- Icf: InlineCalLFrame*
</del><ins>+ Icf: InlineCallFrame*
</ins><span class="cx"> Idc: const Identifier*
</span><span class="cx"> J: EncodedJSValue
</span><span class="cx"> Jcp: const JSValue*
</span><span class="cx"> Jsc: JSScope*
</span><ins>+ Jsf: JSFunction*
</ins><span class="cx"> Jss: JSString*
</span><span class="cx"> L: JSLexicalEnvironment*
</span><span class="cx"> O: JSObject*
</span><span class="lines">@@ -129,6 +130,7 @@
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_ECC)(ExecState*, JSCell*, JSCell*);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EIcf)(ExecState*, InlineCallFrame*);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJ)(ExecState*, EncodedJSValue);
</span><ins>+typedef JSCell* JIT_OPERATION (*C_JITOperation_EJsc)(ExecState*, JSScope*);
</ins><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJscC)(ExecState*, JSScope*, JSCell*);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJZ)(ExecState*, EncodedJSValue, int32_t);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EJZC)(ExecState*, EncodedJSValue, int32_t, JSCell*);
</span><span class="lines">@@ -141,6 +143,11 @@
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EO)(ExecState*, JSObject*);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EOZ)(ExecState*, JSObject*, int32_t);
</span><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_ESt)(ExecState*, Structure*);
</span><ins>+typedef JSCell* JIT_OPERATION (*C_JITOperation_EStJscSymtab)(ExecState*, Structure*, JSScope*, SymbolTable*);
+typedef JSCell* JIT_OPERATION (*C_JITOperation_EStRZJsfL)(ExecState*, Structure*, Register*, int32_t, JSFunction*, JSLexicalEnvironment*);
+typedef JSCell* JIT_OPERATION (*C_JITOperation_EStRZJsf)(ExecState*, Structure*, Register*, int32_t, JSFunction*);
+typedef JSCell* JIT_OPERATION (*C_JITOperation_EStZ)(ExecState*, Structure*, int32_t);
+typedef JSCell* JIT_OPERATION (*C_JITOperation_EStZZ)(ExecState*, Structure*, int32_t, int32_t);
</ins><span class="cx"> typedef JSCell* JIT_OPERATION (*C_JITOperation_EZ)(ExecState*, int32_t);
</span><span class="cx"> typedef double JIT_OPERATION (*D_JITOperation_D)(double);
</span><span class="cx"> typedef double JIT_OPERATION (*D_JITOperation_DD)(double, double);
</span><span class="lines">@@ -293,17 +300,12 @@
</span><span class="cx"> void JIT_OPERATION operationProfileDidCall(ExecState*, EncodedJSValue) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationProfileWillCall(ExecState*, EncodedJSValue) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationCheckHasInstance(ExecState*, EncodedJSValue, EncodedJSValue baseVal) WTF_INTERNAL;
</span><del>-JSCell* JIT_OPERATION operationCreateActivation(ExecState*, JSScope* currentScope, int32_t offset) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationCreateArgumentsForDFG(ExecState*) WTF_INTERNAL; // FIXME: This is a temporary thunk for the DFG until we add the lexicalEnvironment operand to the DFG CreateArguments node.
-JSCell* JIT_OPERATION operationCreateArguments(ExecState*, JSLexicalEnvironment*) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationCreateArgumentsDuringOSRExit(ExecState*) WTF_INTERNAL;
-EncodedJSValue JIT_OPERATION operationGetArgumentsLength(ExecState*, int32_t) WTF_INTERNAL;
</del><ins>+JSCell* JIT_OPERATION operationCreateActivation(ExecState*, JSScope* currentScope) WTF_INTERNAL;
</ins><span class="cx"> EncodedJSValue JIT_OPERATION operationGetByValDefault(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationGetByValGeneric(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationGetByValString(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationHasIndexedPropertyDefault(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationHasIndexedPropertyGeneric(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL;
</span><del>-void JIT_OPERATION operationTearOffArguments(ExecState*, JSCell*, JSCell*) WTF_INTERNAL;
</del><span class="cx"> EncodedJSValue JIT_OPERATION operationDeleteById(ExecState*, EncodedJSValue base, const Identifier*) WTF_INTERNAL;
</span><span class="cx"> JSCell* JIT_OPERATION operationGetPNames(ExecState*, JSObject*) WTF_INTERNAL;
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationInstanceOf(ExecState*, EncodedJSValue, EncodedJSValue proto) WTF_INTERNAL;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2009, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2009, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "JIT.h"
</span><span class="cx">
</span><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "GCAwareJITStubRoutine.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="lines">@@ -40,6 +41,8 @@
</span><span class="cx"> #include "RepatchBuffer.h"
</span><span class="cx"> #include "ResultType.h"
</span><span class="cx"> #include "SamplingTool.h"
</span><ins>+#include "ScopedArguments.h"
+#include "ScopedArgumentsTable.h"
</ins><span class="cx"> #include <wtf/StringPrintStream.h>
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -664,8 +667,7 @@
</span><span class="cx"> void JIT::emitGetClosureVar(int scope, uintptr_t operand)
</span><span class="cx"> {
</span><span class="cx"> emitGetVirtualRegister(scope, regT0);
</span><del>- loadPtr(Address(regT0, JSEnvironmentRecord::offsetOfRegisters()), regT0);
- loadPtr(Address(regT0, operand * sizeof(Register)), regT0);
</del><ins>+ loadPtr(Address(regT0, JSEnvironmentRecord::offsetOfVariables() + operand * sizeof(Register)), regT0);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_get_from_scope(Instruction* currentInstruction)
</span><span class="lines">@@ -748,9 +750,8 @@
</span><span class="cx"> {
</span><span class="cx"> emitGetVirtualRegister(value, regT1);
</span><span class="cx"> emitGetVirtualRegister(scope, regT0);
</span><del>- loadPtr(Address(regT0, JSEnvironmentRecord::offsetOfRegisters()), regT0);
</del><span class="cx"> emitNotifyWrite(regT1, regT2, set);
</span><del>- storePtr(regT1, Address(regT0, operand * sizeof(Register)));
</del><ins>+ storePtr(regT1, Address(regT0, JSEnvironmentRecord::offsetOfVariables() + operand * sizeof(Register)));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_put_to_scope(Instruction* currentInstruction)
</span><span class="lines">@@ -805,12 +806,37 @@
</span><span class="cx"> callOperation(operationPutToScope, currentInstruction);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void JIT::emit_op_get_from_arguments(Instruction* currentInstruction)
+{
+ int dst = currentInstruction[1].u.operand;
+ int arguments = currentInstruction[2].u.operand;
+ int index = currentInstruction[3].u.operand;
+
+ emitGetVirtualRegister(arguments, regT0);
+ load64(Address(regT0, DirectArguments::storageOffset() + index * sizeof(WriteBarrier<Unknown>)), regT0);
+ emitValueProfilingSite();
+ emitPutVirtualRegister(dst);
+}
+
+void JIT::emit_op_put_to_arguments(Instruction* currentInstruction)
+{
+ int arguments = currentInstruction[1].u.operand;
+ int index = currentInstruction[2].u.operand;
+ int value = currentInstruction[3].u.operand;
+
+ emitWriteBarrier(arguments, value, ShouldFilterValue);
+
+ emitGetVirtualRegister(arguments, regT0);
+ emitGetVirtualRegister(value, regT1);
+ store64(regT1, Address(regT0, DirectArguments::storageOffset() + index * sizeof(WriteBarrier<Unknown>)));
+}
+
</ins><span class="cx"> void JIT::emit_op_init_global_const(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx"> JSGlobalObject* globalObject = m_codeBlock->globalObject();
</span><span class="cx"> emitWriteBarrier(globalObject, currentInstruction[2].u.operand, ShouldFilterValue);
</span><span class="cx"> emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
</span><del>- store64(regT0, currentInstruction[1].u.registerPointer);
</del><ins>+ store64(regT0, currentInstruction[1].u.variablePointer);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #endif // USE(JSVALUE64)
</span><span class="lines">@@ -951,6 +977,12 @@
</span><span class="cx"> case JITArrayStorage:
</span><span class="cx"> slowCases = emitArrayStorageGetByVal(currentInstruction, badType);
</span><span class="cx"> break;
</span><ins>+ case JITDirectArguments:
+ slowCases = emitDirectArgumentsGetByVal(currentInstruction, badType);
+ break;
+ case JITScopedArguments:
+ slowCases = emitScopedArgumentsGetByVal(currentInstruction, badType);
+ break;
</ins><span class="cx"> default:
</span><span class="cx"> TypedArrayType type = typedArrayTypeForJITArrayMode(arrayMode);
</span><span class="cx"> if (isInt(type))
</span><span class="lines">@@ -1046,6 +1078,75 @@
</span><span class="cx"> repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(isDirect ? operationDirectPutByValGeneric : operationPutByValGeneric));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+JIT::JumpList JIT::emitDirectArgumentsGetByVal(Instruction*, PatchableJump& badType)
+{
+ JumpList slowCases;
+
+#if USE(JSVALUE64)
+ RegisterID base = regT0;
+ RegisterID property = regT1;
+ JSValueRegs result = JSValueRegs(regT0);
+ RegisterID scratch = regT3;
+#else
+ RegisterID base = regT0;
+ RegisterID property = regT2;
+ JSValueRegs result = JSValueRegs(regT1, regT0);
+ RegisterID scratch = regT3;
+#endif
+
+ load8(Address(base, JSCell::typeInfoTypeOffset()), scratch);
+ badType = patchableBranch32(NotEqual, scratch, TrustedImm32(DirectArgumentsType));
+
+ slowCases.append(branch32(AboveOrEqual, property, Address(base, DirectArguments::offsetOfLength())));
+ slowCases.append(branchTestPtr(NonZero, Address(base, DirectArguments::offsetOfOverrides())));
+
+ zeroExtend32ToPtr(property, scratch);
+ loadValue(BaseIndex(base, scratch, TimesEight, DirectArguments::storageOffset()), result);
+
+ return slowCases;
+}
+
+JIT::JumpList JIT::emitScopedArgumentsGetByVal(Instruction*, PatchableJump& badType)
+{
+ JumpList slowCases;
+
+#if USE(JSVALUE64)
+ RegisterID base = regT0;
+ RegisterID property = regT1;
+ JSValueRegs result = JSValueRegs(regT0);
+ RegisterID scratch = regT3;
+ RegisterID scratch2 = regT4;
+#else
+ RegisterID base = regT0;
+ RegisterID property = regT2;
+ JSValueRegs result = JSValueRegs(regT1, regT0);
+ RegisterID scratch = regT3;
+ RegisterID scratch2 = regT4;
+#endif
+
+ load8(Address(base, JSCell::typeInfoTypeOffset()), scratch);
+ badType = patchableBranch32(NotEqual, scratch, TrustedImm32(DirectArgumentsType));
+ slowCases.append(branch32(AboveOrEqual, property, Address(base, ScopedArguments::offsetOfTotalLength())));
+
+ loadPtr(Address(base, ScopedArguments::offsetOfTable()), scratch);
+ load32(Address(scratch, ScopedArgumentsTable::offsetOfLength()), scratch2);
+ Jump overflowCase = branch32(AboveOrEqual, property, scratch2);
+ loadPtr(Address(base, ScopedArguments::offsetOfScope()), scratch2);
+ loadPtr(Address(scratch, ScopedArgumentsTable::offsetOfArguments()), scratch);
+ load32(BaseIndex(scratch, property, TimesFour), scratch);
+ slowCases.append(branch32(Equal, scratch, TrustedImm32(ScopeOffset::invalidOffset)));
+ loadValue(BaseIndex(scratch2, scratch, TimesEight, JSEnvironmentRecord::offsetOfVariables()), result);
+ Jump done = jump();
+ overflowCase.link(this);
+ sub32(property, scratch2);
+ neg32(scratch2);
+ loadValue(BaseIndex(base, scratch2, TimesEight, ScopedArguments::overflowStorageOffset()), result);
+ slowCases.append(branchIsEmpty(result));
+ done.link(this);
+
+ return slowCases;
+}
+
</ins><span class="cx"> JIT::JumpList JIT::emitIntTypedArrayGetByVal(Instruction*, PatchableJump& badType, TypedArrayType type)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(isInt(type));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2009, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2009, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx"> #include "JIT.h"
</span><span class="cx">
</span><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "GCAwareJITStubRoutine.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JITInlines.h"
</span><span class="lines">@@ -688,9 +689,8 @@
</span><span class="cx"> void JIT::emitGetClosureVar(int scope, uintptr_t operand)
</span><span class="cx"> {
</span><span class="cx"> emitLoad(scope, regT1, regT0);
</span><del>- loadPtr(Address(regT0, JSEnvironmentRecord::offsetOfRegisters()), regT0);
- load32(Address(regT0, operand * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), regT1);
- load32(Address(regT0, operand * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), regT0);
</del><ins>+ load32(Address(regT0, JSEnvironmentRecord::offsetOfVariables() + operand * sizeof(Register) + TagOffset), regT1);
+ load32(Address(regT0, JSEnvironmentRecord::offsetOfVariables() + operand * sizeof(Register) + PayloadOffset), regT0);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_get_from_scope(Instruction* currentInstruction)
</span><span class="lines">@@ -780,9 +780,8 @@
</span><span class="cx"> emitLoad(value, regT3, regT2);
</span><span class="cx"> emitLoad(scope, regT1, regT0);
</span><span class="cx"> emitNotifyWrite(regT3, regT2, regT4, set);
</span><del>- loadPtr(Address(regT0, JSEnvironmentRecord::offsetOfRegisters()), regT0);
- store32(regT3, Address(regT0, operand * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
- store32(regT2, Address(regT0, operand * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
</del><ins>+ store32(regT3, Address(regT0, JSEnvironmentRecord::offsetOfVariables() + operand * sizeof(Register) + TagOffset));
+ store32(regT2, Address(regT0, JSEnvironmentRecord::offsetOfVariables() + operand * sizeof(Register) + PayloadOffset));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_put_to_scope(Instruction* currentInstruction)
</span><span class="lines">@@ -835,9 +834,36 @@
</span><span class="cx"> callOperation(operationPutToScope, currentInstruction);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void JIT::emit_op_get_from_arguments(Instruction* currentInstruction)
+{
+ int dst = currentInstruction[1].u.operand;
+ int arguments = currentInstruction[2].u.operand;
+ int index = currentInstruction[3].u.operand;
+
+ emitLoadPayload(arguments, regT0);
+ load32(Address(regT0, DirectArguments::storageOffset() + index * sizeof(WriteBarrier<Unknown>) + TagOffset), regT1);
+ load32(Address(regT0, DirectArguments::storageOffset() + index * sizeof(WriteBarrier<Unknown>) + PayloadOffset), regT0);
+ emitValueProfilingSite();
+ emitStore(dst, regT1, regT0);
+}
+
+void JIT::emit_op_put_to_arguments(Instruction* currentInstruction)
+{
+ int arguments = currentInstruction[1].u.operand;
+ int index = currentInstruction[2].u.operand;
+ int value = currentInstruction[3].u.operand;
+
+ emitWriteBarrier(arguments, value, ShouldFilterValue);
+
+ emitLoadPayload(arguments, regT0);
+ emitLoad(value, regT1, regT2);
+ store32(regT1, Address(regT0, DirectArguments::storageOffset() + index * sizeof(WriteBarrier<Unknown>) + TagOffset));
+ store32(regT2, Address(regT0, DirectArguments::storageOffset() + index * sizeof(WriteBarrier<Unknown>) + PayloadOffset));
+}
+
</ins><span class="cx"> void JIT::emit_op_init_global_const(Instruction* currentInstruction)
</span><span class="cx"> {
</span><del>- WriteBarrier<Unknown>* registerPointer = currentInstruction[1].u.registerPointer;
</del><ins>+ WriteBarrier<Unknown>* variablePointer = currentInstruction[1].u.variablePointer;
</ins><span class="cx"> int value = currentInstruction[2].u.operand;
</span><span class="cx">
</span><span class="cx"> JSGlobalObject* globalObject = m_codeBlock->globalObject();
</span><span class="lines">@@ -846,8 +872,8 @@
</span><span class="cx">
</span><span class="cx"> emitLoad(value, regT1, regT0);
</span><span class="cx">
</span><del>- store32(regT1, registerPointer->tagPointer());
- store32(regT0, registerPointer->payloadPointer());
</del><ins>+ store32(regT1, variablePointer->tagPointer());
+ store32(regT0, variablePointer->payloadPointer());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitSetupVarargsFramecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "StackAlignment.h"
</span><span class="cx">
</span><span class="lines">@@ -69,7 +69,7 @@
</span><span class="cx"> jit.sub32(CCallHelpers::TrustedImm32(firstVarArgOffset), scratchGPR1);
</span><span class="cx"> endVarArgs.link(&jit);
</span><span class="cx"> }
</span><del>- slowCase.append(jit.branch32(CCallHelpers::Above, scratchGPR1, CCallHelpers::TrustedImm32(Arguments::MaxArguments + 1)));
</del><ins>+ slowCase.append(jit.branch32(CCallHelpers::Above, scratchGPR1, CCallHelpers::TrustedImm32(maxArguments + 1)));
</ins><span class="cx">
</span><span class="cx"> emitSetVarargsFrame(jit, scratchGPR1, true, numUsedSlotsGPR, scratchGPR2);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntOffsetsExtractorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CommonSlowPaths.h"
</span><span class="cx"> #include "Debugger.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "Executable.h"
</span><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "Interpreter.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -26,11 +26,11 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "LLIntSlowPaths.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "CallFrame.h"
</span><span class="cx"> #include "CommonSlowPaths.h"
</span><span class="cx"> #include "CommonSlowPathsExceptions.h"
</span><ins>+#include "Error.h"
</ins><span class="cx"> #include "ErrorHandlingScope.h"
</span><span class="cx"> #include "ExceptionFuzz.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="lines">@@ -254,12 +254,11 @@
</span><span class="cx">
</span><span class="cx"> LLINT_SLOW_PATH_DECL(trace)
</span><span class="cx"> {
</span><del>- dataLogF("%p / %p: executing bc#%zu, %s, scope %p, pc = %p\n",
</del><ins>+ dataLogF("%p / %p: executing bc#%zu, %s, pc = %p\n",
</ins><span class="cx"> exec->codeBlock(),
</span><span class="cx"> exec,
</span><span class="cx"> static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
</span><del>- opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)],
- exec->uncheckedR(exec->codeBlock()->scopeRegister().offset()).Register::scope(), pc);
</del><ins>+ opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], pc);
</ins><span class="cx"> if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
</span><span class="cx"> dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
</span><span class="cx"> *bitwise_cast<volatile char*>(exec->returnPC().value());
</span><span class="lines">@@ -507,7 +506,6 @@
</span><span class="cx"> int scopeReg = pc[2].u.operand;
</span><span class="cx"> JSScope* scope = exec->uncheckedR(scopeReg).Register::scope();
</span><span class="cx"> JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, scope, exec->codeBlock());
</span><del>- exec->uncheckedR(pc[2].u.operand) = lexicalEnvironment;
</del><span class="cx"> LLINT_RETURN(JSValue(lexicalEnvironment));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -755,24 +753,6 @@
</span><span class="cx"> LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-LLINT_SLOW_PATH_DECL(slow_path_get_argument_by_val)
-{
- LLINT_BEGIN();
- JSValue arguments = LLINT_OP(2).jsValue();
- if (!arguments) {
- int lexicalEnvironmentReg = pc[4].u.operand;
- JSLexicalEnvironment* lexicalEnvironment = VirtualRegister(lexicalEnvironmentReg).isValid() ?
- exec->uncheckedR(lexicalEnvironmentReg).lexicalEnvironment() : nullptr;
- arguments = JSValue(Arguments::create(vm, exec, lexicalEnvironment));
-
- LLINT_CHECK_EXCEPTION();
- LLINT_OP(2) = arguments;
- exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[2].u.operand)).offset()) = arguments;
- }
-
- LLINT_RETURN_PROFILED(op_get_argument_by_val, getByVal(exec, arguments, LLINT_OP_C(3).jsValue()));
-}
-
</del><span class="cx"> LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
</span><span class="cx"> {
</span><span class="cx"> LLINT_BEGIN();
</span><span class="lines">@@ -1239,15 +1219,6 @@
</span><span class="cx"> LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-LLINT_SLOW_PATH_DECL(slow_path_tear_off_arguments)
-{
- LLINT_BEGIN();
- ASSERT(exec->codeBlock()->usesArguments());
- Arguments* arguments = jsCast<Arguments*>(exec->uncheckedR(VirtualRegister(pc[1].u.operand).offset()).jsValue());
- arguments->tearOff(exec);
- LLINT_END();
-}
-
</del><span class="cx"> LLINT_SLOW_PATH_DECL(slow_path_strcat)
</span><span class="cx"> {
</span><span class="cx"> LLINT_BEGIN();
</span><span class="lines">@@ -1407,7 +1378,7 @@
</span><span class="cx"> ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand);
</span><span class="cx"> if (modeAndType.type() == LocalClosureVar) {
</span><span class="cx"> JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
</span><del>- environment->registerAt(pc[6].u.operand).set(vm, environment, value);
</del><ins>+ environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
</ins><span class="cx"> if (VariableWatchpointSet* set = pc[5].u.watchpointSet)
</span><span class="cx"> set->notifyWrite(vm, value, "Executed op_put_scope<LocalClosureVar>");
</span><span class="cx"> LLINT_END();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreterasm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -42,6 +42,9 @@
</span><span class="cx"> end
</span><span class="cx"> const SlotSize = 8
</span><span class="cx">
</span><ins>+const JSEnvironmentRecord_variables = (sizeof JSEnvironmentRecord + SlotSize - 1) & ~(SlotSize - 1)
+const DirectArguments_storage = (sizeof DirectArguments + SlotSize - 1) & ~(SlotSize - 1)
+
</ins><span class="cx"> const StackAlignment = 16
</span><span class="cx"> const StackAlignmentMask = StackAlignment - 1
</span><span class="cx">
</span><span class="lines">@@ -923,6 +926,30 @@
</span><span class="cx"> dispatch(1)
</span><span class="cx">
</span><span class="cx">
</span><ins>+_llint_op_create_direct_arguments:
+ traceExecution()
+ callSlowPath(_slow_path_create_direct_arguments)
+ dispatch(2)
+
+
+_llint_op_create_scoped_arguments:
+ traceExecution()
+ callSlowPath(_slow_path_create_scoped_arguments)
+ dispatch(3)
+
+
+_llint_op_create_out_of_band_arguments:
+ traceExecution()
+ callSlowPath(_slow_path_create_out_of_band_arguments)
+ dispatch(2)
+
+
+_llint_op_new_func:
+ traceExecution()
+ callSlowPath(_llint_slow_path_new_func)
+ dispatch(4)
+
+
</ins><span class="cx"> _llint_op_new_array:
</span><span class="cx"> traceExecution()
</span><span class="cx"> callSlowPath(_llint_slow_path_new_array)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -722,7 +722,6 @@
</span><span class="cx">
</span><span class="cx"> _llint_op_create_lexical_environment:
</span><span class="cx"> traceExecution()
</span><del>- loadi 4[PC], t0
</del><span class="cx"> callSlowPath(_llint_slow_path_create_lexical_environment)
</span><span class="cx"> dispatch(3)
</span><span class="cx">
</span><span class="lines">@@ -737,23 +736,6 @@
</span><span class="cx"> dispatch(2)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_init_lazy_reg:
- traceExecution()
- loadi 4[PC], t0
- storei EmptyValueTag, TagOffset[cfr, t0, 8]
- storei 0, PayloadOffset[cfr, t0, 8]
- dispatch(2)
-
-
-_llint_op_create_arguments:
- traceExecution()
- loadi 4[PC], t0
- bineq TagOffset[cfr, t0, 8], EmptyValueTag, .opCreateArgumentsDone
- callSlowPath(_slow_path_create_arguments)
-.opCreateArgumentsDone:
- dispatch(3)
-
-
</del><span class="cx"> _llint_op_create_this:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadi 8[PC], t0
</span><span class="lines">@@ -1450,22 +1432,6 @@
</span><span class="cx"> dispatch(9)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_get_arguments_length:
- traceExecution()
- loadi 8[PC], t0
- loadi 4[PC], t1
- bineq TagOffset[cfr, t0, 8], EmptyValueTag, .opGetArgumentsLengthSlow
- loadi ArgumentCount + PayloadOffset[cfr], t2
- subi 1, t2
- storei Int32Tag, TagOffset[cfr, t1, 8]
- storei t2, PayloadOffset[cfr, t1, 8]
- dispatch(4)
-
-.opGetArgumentsLengthSlow:
- callSlowPath(_llint_slow_path_get_arguments_length)
- dispatch(4)
-
-
</del><span class="cx"> macro putById(getPropertyStorage)
</span><span class="cx"> traceExecution()
</span><span class="cx"> writeBarrierOnOperands(1, 3)
</span><span class="lines">@@ -1616,30 +1582,6 @@
</span><span class="cx"> dispatch(6)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_get_argument_by_val:
- # FIXME: At some point we should array profile this. Right now it isn't necessary
- # since the DFG will never turn a get_argument_by_val into a GetByVal.
- traceExecution()
- loadi 8[PC], t0
- loadi 12[PC], t1
- bineq TagOffset[cfr, t0, 8], EmptyValueTag, .opGetArgumentByValSlow
- loadConstantOrVariablePayload(t1, Int32Tag, t2, .opGetArgumentByValSlow)
- loadi ArgumentCount + PayloadOffset[cfr], t1
- subi 1, t1
- biaeq t2, t1, .opGetArgumentByValSlow
- loadi 4[PC], t3
- loadi FirstArgumentOffset + TagOffset[cfr, t2, 8], t0
- loadi FirstArgumentOffset + PayloadOffset[cfr, t2, 8], t1
- storei t0, TagOffset[cfr, t3, 8]
- storei t1, PayloadOffset[cfr, t3, 8]
- valueProfile(t0, t1, 24, t2)
- dispatch(7)
-
-.opGetArgumentByValSlow:
- callSlowPath(_llint_slow_path_get_argument_by_val)
- dispatch(7)
-
-
</del><span class="cx"> macro contiguousPutByVal(storeCallback)
</span><span class="cx"> biaeq t3, -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], .outOfBounds
</span><span class="cx"> .storeResult:
</span><span class="lines">@@ -1921,16 +1863,6 @@
</span><span class="cx"> dispatch(0)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_new_func:
- traceExecution()
- btiz 16[PC], .opNewFuncUnchecked
- loadi 4[PC], t1
- bineq TagOffset[cfr, t1, 8], EmptyValueTag, .opNewFuncDone
-.opNewFuncUnchecked:
- callSlowPath(_llint_slow_path_new_func)
-.opNewFuncDone:
- dispatch(5)
-
</del><span class="cx"> macro arrayProfileForCall()
</span><span class="cx"> loadi 16[PC], t3
</span><span class="cx"> negi t3
</span><span class="lines">@@ -1964,15 +1896,7 @@
</span><span class="cx"> slowPathForCall(slowPath)
</span><span class="cx"> end
</span><span class="cx">
</span><del>-_llint_op_tear_off_arguments:
- traceExecution()
- loadi 4[PC], t0
- bieq TagOffset[cfr, t0, 8], EmptyValueTag, .opTearOffArgumentsNotCreated
- callSlowPath(_llint_slow_path_tear_off_arguments)
-.opTearOffArgumentsNotCreated:
- dispatch(3)
</del><span class="cx">
</span><del>-
</del><span class="cx"> _llint_op_ret:
</span><span class="cx"> traceExecution()
</span><span class="cx"> checkSwitchToJITForEpilogue()
</span><span class="lines">@@ -2213,10 +2137,9 @@
</span><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> macro getClosureVar()
</span><del>- loadp JSEnvironmentRecord::m_registers[t0], t0
</del><span class="cx"> loadisFromInstruction(6, t3)
</span><del>- loadp TagOffset[t0, t3, 8], t1
- loadp PayloadOffset[t0, t3, 8], t2
</del><ins>+ loadp JSEnvironmentRecord_variables + TagOffset[t0, t3, 8], t1
+ loadp JSEnvironmentRecord_variables + PayloadOffset[t0, t3, 8], t2
</ins><span class="cx"> valueProfile(t1, t2, 28, t0)
</span><span class="cx"> loadisFromInstruction(1, t0)
</span><span class="cx"> storei t1, TagOffset[cfr, t0, 8]
</span><span class="lines">@@ -2290,10 +2213,9 @@
</span><span class="cx"> macro putClosureVar()
</span><span class="cx"> loadisFromInstruction(3, t1)
</span><span class="cx"> loadConstantOrVariable(t1, t2, t3)
</span><del>- loadp JSEnvironmentRecord::m_registers[t0], t0
</del><span class="cx"> loadisFromInstruction(6, t1)
</span><del>- storei t2, TagOffset[t0, t1, 8]
- storei t3, PayloadOffset[t0, t1, 8]
</del><ins>+ storei t2, JSEnvironmentRecord_variables + TagOffset[t0, t1, 8]
+ storei t3, JSEnvironmentRecord_variables + PayloadOffset[t0, t1, 8]
</ins><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> macro putLocalClosureVar()
</span><span class="lines">@@ -2303,10 +2225,9 @@
</span><span class="cx"> btpz t4, .noVariableWatchpointSet
</span><span class="cx"> notifyWrite(t4, t2, t3, t1, .pDynamic)
</span><span class="cx"> .noVariableWatchpointSet:
</span><del>- loadp JSEnvironmentRecord::m_registers[t0], t0
</del><span class="cx"> loadisFromInstruction(6, t1)
</span><del>- storei t2, TagOffset[t0, t1, 8]
- storei t3, PayloadOffset[t0, t1, 8]
</del><ins>+ storei t2, JSEnvironmentRecord_variables + TagOffset[t0, t1, 8]
+ storei t3, JSEnvironmentRecord_variables + PayloadOffset[t0, t1, 8]
</ins><span class="cx"> end
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -2368,6 +2289,34 @@
</span><span class="cx"> callSlowPath(_llint_slow_path_put_to_scope)
</span><span class="cx"> dispatch(7)
</span><span class="cx">
</span><ins>+
+_llint_op_get_from_arguments:
+ traceExecution()
+ loadisFromInstruction(2, t0)
+ loadi PayloadOffset[cfr, t0, 8], t0
+ loadi 12[PC], t1
+ loadi DirectArguments_storage + TagOffset[t0, t1, 8], t2
+ loadi DirectArguments_storage + PayloadOffset[t0, t1, 8], t3
+ loadisFromInstruction(1, t1)
+ valueProfile(t2, t3, 16, t0)
+ storei t2, TagOffset[cfr, t1, 8]
+ storei t3, PayloadOffset[cfr, t1, 8]
+ dispatch(5)
+
+
+_llint_op_put_to_arguments:
+ traceExecution()
+ writeBarrierOnOperands(1, 3)
+ loadisFromInstruction(1, t0)
+ loadi PayloadOffset[cfr, t0, 8], t0
+ loadisFromInstruction(3, t1)
+ loadConstantOrVariable(t1, t2, t3)
+ loadi 8[PC], t1
+ storei t2, DirectArguments_storage + TagOffset[t0, t1, 8]
+ storei t3, DirectArguments_storage + PayloadOffset[t0, t1, 8]
+ dispatch(4)
+
+
</ins><span class="cx"> _llint_op_profile_type:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadp CodeBlock[cfr], t1
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreter64asm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -609,7 +609,6 @@
</span><span class="cx">
</span><span class="cx"> _llint_op_create_lexical_environment:
</span><span class="cx"> traceExecution()
</span><del>- loadisFromInstruction(1, t0)
</del><span class="cx"> callSlowPath(_llint_slow_path_create_lexical_environment)
</span><span class="cx"> dispatch(3)
</span><span class="cx">
</span><span class="lines">@@ -623,22 +622,6 @@
</span><span class="cx"> dispatch(2)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_init_lazy_reg:
- traceExecution()
- loadisFromInstruction(1, t0)
- storeq ValueEmpty, [cfr, t0, 8]
- dispatch(2)
-
-
-_llint_op_create_arguments:
- traceExecution()
- loadisFromInstruction(1, t0)
- bqneq [cfr, t0, 8], ValueEmpty, .opCreateArgumentsDone
- callSlowPath(_slow_path_create_arguments)
-.opCreateArgumentsDone:
- dispatch(3)
-
-
</del><span class="cx"> _llint_op_create_this:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadisFromInstruction(2, t0)
</span><span class="lines">@@ -1314,22 +1297,6 @@
</span><span class="cx"> dispatch(9)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_get_arguments_length:
- traceExecution()
- loadisFromInstruction(2, t0)
- loadisFromInstruction(1, t1)
- btqnz [cfr, t0, 8], .opGetArgumentsLengthSlow
- loadi ArgumentCount + PayloadOffset[cfr], t2
- subi 1, t2
- orq tagTypeNumber, t2
- storeq t2, [cfr, t1, 8]
- dispatch(4)
-
-.opGetArgumentsLengthSlow:
- callSlowPath(_llint_slow_path_get_arguments_length)
- dispatch(4)
-
-
</del><span class="cx"> macro putById(getPropertyStorage)
</span><span class="cx"> traceExecution()
</span><span class="cx"> writeBarrierOnOperands(1, 3)
</span><span class="lines">@@ -1476,30 +1443,6 @@
</span><span class="cx"> dispatch(6)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_get_argument_by_val:
- # FIXME: At some point we should array profile this. Right now it isn't necessary
- # since the DFG will never turn a get_argument_by_val into a GetByVal.
- traceExecution()
- loadisFromInstruction(2, t0)
- loadisFromInstruction(3, t1)
- btqnz [cfr, t0, 8], .opGetArgumentByValSlow
- loadConstantOrVariableInt32(t1, t2, .opGetArgumentByValSlow)
- loadi ArgumentCount + PayloadOffset[cfr], t1
- sxi2q t2, t2
- subi 1, t1
- biaeq t2, t1, .opGetArgumentByValSlow
- loadisFromInstruction(1, t3)
- loadpFromInstruction(6, t1)
- loadq FirstArgumentOffset[cfr, t2, 8], t0
- storeq t0, [cfr, t3, 8]
- valueProfile(t0, 6, t1)
- dispatch(7)
-
-.opGetArgumentByValSlow:
- callSlowPath(_llint_slow_path_get_argument_by_val)
- dispatch(7)
-
-
</del><span class="cx"> macro contiguousPutByVal(storeCallback)
</span><span class="cx"> biaeq t3, -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], .outOfBounds
</span><span class="cx"> .storeResult:
</span><span class="lines">@@ -1781,17 +1724,6 @@
</span><span class="cx"> dispatch(0)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_new_func:
- traceExecution()
- loadisFromInstruction(4, t2)
- btiz t2, .opNewFuncUnchecked
- loadisFromInstruction(1, t1)
- btqnz [cfr, t1, 8], .opNewFuncDone
-.opNewFuncUnchecked:
- callSlowPath(_llint_slow_path_new_func)
-.opNewFuncDone:
- dispatch(5)
-
</del><span class="cx"> macro arrayProfileForCall()
</span><span class="cx"> loadisFromInstruction(4, t3)
</span><span class="cx"> negp t3
</span><span class="lines">@@ -1824,15 +1756,7 @@
</span><span class="cx"> slowPathForCall(slowPath)
</span><span class="cx"> end
</span><span class="cx">
</span><del>-_llint_op_tear_off_arguments:
- traceExecution()
- loadisFromInstruction(1, t0)
- btqz [cfr, t0, 8], .opTearOffArgumentsNotCreated
- callSlowPath(_llint_slow_path_tear_off_arguments)
-.opTearOffArgumentsNotCreated:
- dispatch(3)
</del><span class="cx">
</span><del>-
</del><span class="cx"> _llint_op_ret:
</span><span class="cx"> traceExecution()
</span><span class="cx"> checkSwitchToJITForEpilogue()
</span><span class="lines">@@ -2080,9 +2004,8 @@
</span><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> macro getClosureVar()
</span><del>- loadp JSEnvironmentRecord::m_registers[t0], t0
</del><span class="cx"> loadisFromInstruction(6, t1)
</span><del>- loadq [t0, t1, 8], t0
</del><ins>+ loadq JSEnvironmentRecord_variables[t0, t1, 8], t0
</ins><span class="cx"> valueProfile(t0, 7, t1)
</span><span class="cx"> loadisFromInstruction(1, t1)
</span><span class="cx"> storeq t0, [cfr, t1, 8]
</span><span class="lines">@@ -2154,9 +2077,8 @@
</span><span class="cx"> macro putClosureVar()
</span><span class="cx"> loadisFromInstruction(3, t1)
</span><span class="cx"> loadConstantOrVariable(t1, t2)
</span><del>- loadp JSEnvironmentRecord::m_registers[t0], t0
</del><span class="cx"> loadisFromInstruction(6, t1)
</span><del>- storeq t2, [t0, t1, 8]
</del><ins>+ storeq t2, JSEnvironmentRecord_variables[t0, t1, 8]
</ins><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> macro putLocalClosureVar()
</span><span class="lines">@@ -2166,9 +2088,8 @@
</span><span class="cx"> btpz t3, .noVariableWatchpointSet
</span><span class="cx"> notifyWrite(t3, t2, t1, .pDynamic)
</span><span class="cx"> .noVariableWatchpointSet:
</span><del>- loadp JSEnvironmentRecord::m_registers[t0], t0
</del><span class="cx"> loadisFromInstruction(6, t1)
</span><del>- storeq t2, [t0, t1, 8]
</del><ins>+ storeq t2, JSEnvironmentRecord_variables[t0, t1, 8]
</ins><span class="cx"> end
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -2230,6 +2151,29 @@
</span><span class="cx"> callSlowPath(_llint_slow_path_put_to_scope)
</span><span class="cx"> dispatch(7)
</span><span class="cx">
</span><ins>+
+_llint_op_get_from_arguments:
+ traceExecution()
+ loadVariable(2, t0)
+ loadi 24[PB, PC, 8], t1
+ loadq DirectArguments_storage[t0, t1, 8], t0
+ valueProfile(t0, 4, t1)
+ loadisFromInstruction(1, t1)
+ storeq t0, [cfr, t1, 8]
+ dispatch(5)
+
+
+_llint_op_put_to_arguments:
+ traceExecution()
+ writeBarrierOnOperands(1, 3)
+ loadVariable(1, t0)
+ loadi 16[PB, PC, 8], t1
+ loadisFromInstruction(3, t3)
+ loadConstantOrVariable(t3, t2)
+ storeq t2, DirectArguments_storage[t0, t1, 8]
+ dispatch(4)
+
+
</ins><span class="cx"> _llint_op_profile_type:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadp CodeBlock[cfr], t1
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreparserNodesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/parser/Nodes.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/parser/Nodes.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/parser/Nodes.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
</span><span class="cx"> * Copyright (C) 2001 Peter Kelly (pmk@post.com)
</span><del>- * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
</span><span class="cx"> * Copyright (C) 2007 Maks Orlovich
</span><span class="cx"> * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
</span><span class="lines">@@ -1470,7 +1470,8 @@
</span><span class="cx"> bool hasCapturedVariables() const { return !!m_capturedVariables.size(); }
</span><span class="cx"> size_t capturedVariableCount() const { return m_capturedVariables.size(); }
</span><span class="cx"> const IdentifierSet& capturedVariables() const { return m_capturedVariables; }
</span><del>- bool captures(const Identifier& ident) { return m_capturedVariables.contains(ident.impl()); }
</del><ins>+ bool captures(StringImpl* uid) { return m_capturedVariables.contains(uid); }
+ bool captures(const Identifier& ident) { return captures(ident.impl()); }
</ins><span class="cx">
</span><span class="cx"> VarStack& varStack() { return m_varStack; }
</span><span class="cx"> FunctionStack& functionStack() { return m_functionStack; }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArgumentscpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/runtime/Arguments.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Arguments.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/Arguments.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,422 +0,0 @@
</span><del>-/*
- * Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
- * Copyright (C) 2001 Peter Kelly (pmk@post.com)
- * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2015 Apple Inc. All rights reserved.
- * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
- * Copyright (C) 2007 Maks Orlovich
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Library General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public License
- * along with this library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- * Boston, MA 02110-1301, USA.
- *
- */
-
-#include "config.h"
-#include "Arguments.h"
-
-#include "CopyVisitorInlines.h"
-#include "JSArgumentsIterator.h"
-#include "JSFunction.h"
-#include "JSGlobalObject.h"
-#include "JSCInlines.h"
-#include "JSLexicalEnvironment.h"
-
-using namespace std;
-
-namespace JSC {
-
-STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(Arguments);
-
-const ClassInfo Arguments::s_info = { "Arguments", &Base::s_info, 0, CREATE_METHOD_TABLE(Arguments) };
-
-void Arguments::visitChildren(JSCell* cell, SlotVisitor& visitor)
-{
- Arguments* thisObject = jsCast<Arguments*>(cell);
-
- ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- JSObject::visitChildren(thisObject, visitor);
-
- if (thisObject->isTornOff())
- visitor.appendValues(&thisObject->registerArray(), thisObject->m_numArguments);
-
- if (thisObject->m_slowArgumentData) {
- visitor.copyLater(thisObject, ArgumentsSlowArgumentDataCopyToken,
- thisObject->m_slowArgumentData.get(), SlowArgumentData::sizeForNumArguments(thisObject->m_numArguments));
- }
- visitor.append(&thisObject->m_callee);
- visitor.append(&thisObject->m_lexicalEnvironment);
-}
-
-void Arguments::copyBackingStore(JSCell* cell, CopyVisitor& visitor, CopyToken token)
-{
- Arguments* thisObject = jsCast<Arguments*>(cell);
- ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-
-
- switch (token) {
- case ArgumentsSlowArgumentDataCopyToken: {
- SlowArgumentData* slowArgumentData = thisObject->m_slowArgumentData.get();
- if (!slowArgumentData)
- return;
-
- if (visitor.checkIfShouldCopy(slowArgumentData)) {
- size_t bytes = SlowArgumentData::sizeForNumArguments(thisObject->m_numArguments);
- SlowArgumentData* newSlowArgumentData = static_cast<SlowArgumentData*>(visitor.allocateNewSpace(bytes));
- memcpy(newSlowArgumentData, slowArgumentData, bytes);
- thisObject->m_slowArgumentData.setWithoutWriteBarrier(newSlowArgumentData);
- visitor.didCopy(slowArgumentData, bytes);
- }
- return;
- }
-
- default:
- RELEASE_ASSERT_NOT_REACHED();
- }
-}
-
-static EncodedJSValue JSC_HOST_CALL argumentsFuncIterator(ExecState*);
-
-void Arguments::copyToArguments(ExecState* exec, VirtualRegister firstElementDest, unsigned offset, unsigned length)
-{
- for (unsigned i = 0; i < length; ++i) {
- if (JSValue value = tryGetArgument(i + offset))
- exec->r(firstElementDest + i) = value;
- else {
- exec->r(firstElementDest + i) = get(exec, i + offset);
- if (UNLIKELY(exec->vm().exception()))
- return;
- }
- }
-}
-
-void Arguments::fillArgList(ExecState* exec, MarkedArgumentBuffer& args)
-{
- if (UNLIKELY(m_overrodeLength)) {
- unsigned length = get(exec, exec->propertyNames().length).toUInt32(exec);
- for (unsigned i = 0; i < length; i++)
- args.append(get(exec, i));
- return;
- }
- uint32_t length = this->length(exec);
- for (size_t i = 0; i < length; ++i) {
- if (JSValue value = tryGetArgument(i))
- args.append(value);
- else
- args.append(get(exec, i));
- }
-}
-
-bool Arguments::getOwnPropertySlotByIndex(JSObject* object, ExecState* exec, unsigned i, PropertySlot& slot)
-{
- Arguments* thisObject = jsCast<Arguments*>(object);
- if (JSValue value = thisObject->tryGetArgument(i)) {
- slot.setValue(thisObject, None, value);
- return true;
- }
-
- return JSObject::getOwnPropertySlot(thisObject, exec, Identifier::from(exec, i), slot);
-}
-
-void Arguments::createStrictModeCallerIfNecessary(ExecState* exec)
-{
- if (m_overrodeCaller)
- return;
-
- VM& vm = exec->vm();
- m_overrodeCaller = true;
- PropertyDescriptor descriptor;
- descriptor.setAccessorDescriptor(globalObject()->throwTypeErrorGetterSetter(vm), DontEnum | DontDelete | Accessor);
- methodTable(exec->vm())->defineOwnProperty(this, exec, vm.propertyNames->caller, descriptor, false);
-}
-
-void Arguments::createStrictModeCalleeIfNecessary(ExecState* exec)
-{
- if (m_overrodeCallee)
- return;
-
- VM& vm = exec->vm();
- m_overrodeCallee = true;
- PropertyDescriptor descriptor;
- descriptor.setAccessorDescriptor(globalObject()->throwTypeErrorGetterSetter(vm), DontEnum | DontDelete | Accessor);
- methodTable(exec->vm())->defineOwnProperty(this, exec, vm.propertyNames->callee, descriptor, false);
-}
-
-bool Arguments::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
-{
- Arguments* thisObject = jsCast<Arguments*>(object);
- unsigned i = propertyName.asIndex();
- if (JSValue value = thisObject->tryGetArgument(i)) {
- RELEASE_ASSERT(i < PropertyName::NotAnIndex);
- slot.setValue(thisObject, None, value);
- return true;
- }
-
- if (propertyName == exec->propertyNames().length && LIKELY(!thisObject->m_overrodeLength)) {
- slot.setValue(thisObject, DontEnum, jsNumber(thisObject->m_numArguments));
- return true;
- }
-
- if (propertyName == exec->propertyNames().callee && LIKELY(!thisObject->m_overrodeCallee)) {
- if (!thisObject->m_isStrictMode) {
- slot.setValue(thisObject, DontEnum, thisObject->m_callee.get());
- return true;
- }
- thisObject->createStrictModeCalleeIfNecessary(exec);
- }
-
- if (propertyName == exec->propertyNames().caller && thisObject->m_isStrictMode)
- thisObject->createStrictModeCallerIfNecessary(exec);
-
- if (JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot))
- return true;
- if (propertyName == exec->propertyNames().iteratorPrivateName) {
- VM& vm = exec->vm();
- JSGlobalObject* globalObject = exec->lexicalGlobalObject();
- thisObject->JSC_NATIVE_FUNCTION(exec->propertyNames().iteratorPrivateName, argumentsFuncIterator, DontEnum, 0);
- if (JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot))
- return true;
- }
- return false;
-}
-
-void Arguments::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
-{
- Arguments* thisObject = jsCast<Arguments*>(object);
- for (unsigned i = 0; i < thisObject->m_numArguments; ++i) {
- if (!thisObject->isArgument(i))
- continue;
- propertyNames.add(Identifier::from(exec, i));
- }
- if (shouldIncludeDontEnumProperties(mode)) {
- propertyNames.add(exec->propertyNames().callee);
- propertyNames.add(exec->propertyNames().length);
- }
- JSObject::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
-}
-
-void Arguments::putByIndex(JSCell* cell, ExecState* exec, unsigned i, JSValue value, bool shouldThrow)
-{
- Arguments* thisObject = jsCast<Arguments*>(cell);
- if (thisObject->trySetArgument(exec->vm(), i, value))
- return;
-
- PutPropertySlot slot(thisObject, shouldThrow);
- JSObject::put(thisObject, exec, Identifier::from(exec, i), value, slot);
-}
-
-void Arguments::put(JSCell* cell, ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
-{
- Arguments* thisObject = jsCast<Arguments*>(cell);
- unsigned i = propertyName.asIndex();
- if (thisObject->trySetArgument(exec->vm(), i, value))
- return;
-
- if (propertyName == exec->propertyNames().length && !thisObject->m_overrodeLength) {
- thisObject->m_overrodeLength = true;
- thisObject->putDirect(exec->vm(), propertyName, value, DontEnum);
- return;
- }
-
- if (propertyName == exec->propertyNames().callee && !thisObject->m_overrodeCallee) {
- if (!thisObject->m_isStrictMode) {
- thisObject->m_overrodeCallee = true;
- thisObject->putDirect(exec->vm(), propertyName, value, DontEnum);
- return;
- }
- thisObject->createStrictModeCalleeIfNecessary(exec);
- }
-
- if (propertyName == exec->propertyNames().caller && thisObject->m_isStrictMode)
- thisObject->createStrictModeCallerIfNecessary(exec);
-
- JSObject::put(thisObject, exec, propertyName, value, slot);
-}
-
-bool Arguments::deletePropertyByIndex(JSCell* cell, ExecState* exec, unsigned i)
-{
- Arguments* thisObject = jsCast<Arguments*>(cell);
- if (i < thisObject->m_numArguments) {
- if (!Base::deletePropertyByIndex(cell, exec, i))
- return false;
- if (thisObject->tryDeleteArgument(exec->vm(), i))
- return true;
- }
- return JSObject::deletePropertyByIndex(thisObject, exec, i);
-}
-
-bool Arguments::deleteProperty(JSCell* cell, ExecState* exec, PropertyName propertyName)
-{
- if (exec->vm().isInDefineOwnProperty())
- return Base::deleteProperty(cell, exec, propertyName);
-
- Arguments* thisObject = jsCast<Arguments*>(cell);
- unsigned i = propertyName.asIndex();
- if (i < thisObject->m_numArguments) {
- RELEASE_ASSERT(i < PropertyName::NotAnIndex);
- if (!Base::deleteProperty(cell, exec, propertyName))
- return false;
- if (thisObject->tryDeleteArgument(exec->vm(), i))
- return true;
- }
-
- if (propertyName == exec->propertyNames().length && !thisObject->m_overrodeLength) {
- thisObject->m_overrodeLength = true;
- return true;
- }
-
- if (propertyName == exec->propertyNames().callee && !thisObject->m_overrodeCallee) {
- if (!thisObject->m_isStrictMode) {
- thisObject->m_overrodeCallee = true;
- return true;
- }
- thisObject->createStrictModeCalleeIfNecessary(exec);
- }
-
- if (propertyName == exec->propertyNames().caller && thisObject->m_isStrictMode)
- thisObject->createStrictModeCallerIfNecessary(exec);
-
- return JSObject::deleteProperty(thisObject, exec, propertyName);
-}
-
-bool Arguments::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName propertyName, const PropertyDescriptor& descriptor, bool shouldThrow)
-{
- Arguments* thisObject = jsCast<Arguments*>(object);
- unsigned i = propertyName.asIndex();
- if (i < thisObject->m_numArguments) {
- RELEASE_ASSERT(i < PropertyName::NotAnIndex);
-
- if (thisObject->isArgument(i)) {
- if (!descriptor.isAccessorDescriptor()) {
- // If the property is not deleted and we are using a non-accessor descriptor, then
- // make sure that the aliased argument sees the value.
- if (descriptor.value())
- thisObject->trySetArgument(exec->vm(), i, descriptor.value());
-
- // If the property is not deleted and we are using a non-accessor, writable
- // descriptor, then we are done. The argument continues to be aliased. Note that we
- // ignore the request to change enumerability. We appear to have always done so, in
- // cases where the argument was still aliased.
- // FIXME: https://bugs.webkit.org/show_bug.cgi?id=141952
- if (descriptor.writable())
- return true;
- }
-
- // If the property is a non-deleted argument, then move it into the base object and then
- // delete it.
- JSValue value = thisObject->tryGetArgument(i);
- ASSERT(value);
- object->putDirectMayBeIndex(exec, propertyName, value);
- thisObject->tryDeleteArgument(exec->vm(), i);
- }
-
- // Now just let the normal object machinery do its thing.
- return Base::defineOwnProperty(object, exec, propertyName, descriptor, shouldThrow);
- }
-
- if (propertyName == exec->propertyNames().length && !thisObject->m_overrodeLength) {
- thisObject->putDirect(exec->vm(), propertyName, jsNumber(thisObject->m_numArguments), DontEnum);
- thisObject->m_overrodeLength = true;
- } else if (propertyName == exec->propertyNames().callee && !thisObject->m_overrodeCallee) {
- thisObject->putDirect(exec->vm(), propertyName, thisObject->m_callee.get(), DontEnum);
- thisObject->m_overrodeCallee = true;
- } else if (propertyName == exec->propertyNames().caller && thisObject->m_isStrictMode)
- thisObject->createStrictModeCallerIfNecessary(exec);
-
- return Base::defineOwnProperty(object, exec, propertyName, descriptor, shouldThrow);
-}
-
-void Arguments::tearOff(CallFrame* callFrame)
-{
- if (isTornOff())
- return;
-
- if (!m_numArguments)
- return;
-
- // Must be called for the same call frame from which it was created.
- ASSERT(bitwise_cast<WriteBarrier<Unknown>*>(callFrame) == m_registers);
-
- m_registers = &registerArray() - CallFrame::offsetFor(1) - 1;
-
- for (size_t i = 0; i < m_numArguments; ++i) {
- if (m_slowArgumentData && m_slowArgumentData->slowArguments()[i].status == SlowArgument::Captured) {
- m_registers[CallFrame::argumentOffset(i)].setUndefined();
- continue;
- }
- trySetArgument(callFrame->vm(), i, callFrame->argumentAfterCapture(i));
- }
-}
-
-void Arguments::tearOff(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
-{
- RELEASE_ASSERT(!inlineCallFrame->baselineCodeBlock()->needsActivation());
- if (isTornOff())
- return;
-
- if (!m_numArguments)
- return;
-
- m_registers = &registerArray() - CallFrame::offsetFor(1) - 1;
-
- for (size_t i = 0; i < m_numArguments; ++i) {
- ValueRecovery& recovery = inlineCallFrame->arguments[i + 1];
- trySetArgument(callFrame->vm(), i, recovery.recover(callFrame));
- }
-}
-
-void Arguments::tearOffForCloning(CallFrame* callFrame)
-{
- ASSERT(!isTornOff());
-
- if (!m_numArguments)
- return;
-
- // Must be called for the same call frame from which it was created.
- ASSERT(bitwise_cast<WriteBarrier<Unknown>*>(callFrame) == m_registers);
-
- m_registers = &registerArray() - CallFrame::offsetFor(1) - 1;
-
- ASSERT(!m_slowArgumentData);
- for (size_t i = 0; i < m_numArguments; ++i)
- m_registers[CallFrame::argumentOffset(i)].set(callFrame->vm(), this, callFrame->argument(i));
-}
-
-void Arguments::tearOffForCloning(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
-{
- RELEASE_ASSERT(!inlineCallFrame->baselineCodeBlock()->needsActivation());
- ASSERT(!isTornOff());
-
- if (!m_numArguments)
- return;
-
- m_registers = &registerArray() - CallFrame::offsetFor(1) - 1;
-
- ASSERT(!m_slowArgumentData);
- for (size_t i = 0; i < m_numArguments; ++i) {
- ValueRecovery& recovery = inlineCallFrame->arguments[i + 1];
- m_registers[CallFrame::argumentOffset(i)].set(callFrame->vm(), this, recovery.recover(callFrame));
- }
-}
-
-EncodedJSValue JSC_HOST_CALL argumentsFuncIterator(ExecState* exec)
-{
- JSObject* thisObj = exec->thisValue().toThis(exec, StrictMode).toObject(exec);
- Arguments* arguments = jsDynamicCast<Arguments*>(thisObj);
- if (!arguments)
- return JSValue::encode(throwTypeError(exec, ASCIILiteral("Attempted to use Arguments iterator on non-Arguments object")));
- return JSValue::encode(JSArgumentsIterator::create(exec->vm(), exec->callee()->globalObject()->argumentsIteratorStructure(), arguments));
-}
-
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArgumentsh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/runtime/Arguments.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Arguments.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/Arguments.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,398 +0,0 @@
</span><del>-/*
- * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2014, 2015 Apple Inc. All rights reserved.
- * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
- * Copyright (C) 2007 Maks Orlovich
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Library General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public License
- * along with this library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- * Boston, MA 02110-1301, USA.
- *
- */
-
-#ifndef Arguments_h
-#define Arguments_h
-
-#include "CodeOrigin.h"
-#include "JSFunction.h"
-#include "JSGlobalObject.h"
-#include "JSLexicalEnvironment.h"
-#include "Interpreter.h"
-#include "ObjectConstructor.h"
-#include "WriteBarrierInlines.h"
-#include <wtf/StdLibExtras.h>
-
-namespace JSC {
-
-enum ArgumentsMode {
- NormalArgumentsCreationMode,
- ClonedArgumentsCreationMode,
- FakeArgumentValuesCreationMode
-};
-
-class Arguments : public JSNonFinalObject {
- friend class JIT;
- friend class JSArgumentsIterator;
-public:
- typedef JSNonFinalObject Base;
-
- static Arguments* create(VM& vm, CallFrame* callFrame, JSLexicalEnvironment* lexicalEnvironment, ArgumentsMode mode = NormalArgumentsCreationMode)
- {
- Arguments* arguments = new (NotNull, allocateCell<Arguments>(vm.heap, offsetOfInlineRegisterArray() + registerArraySizeInBytes(callFrame))) Arguments(callFrame);
- arguments->finishCreation(callFrame, lexicalEnvironment, mode);
- return arguments;
- }
-
- static Arguments* create(VM& vm, CallFrame* callFrame, InlineCallFrame* inlineCallFrame, ArgumentsMode mode = NormalArgumentsCreationMode)
- {
- Arguments* arguments = new (NotNull, allocateCell<Arguments>(vm.heap, offsetOfInlineRegisterArray() + registerArraySizeInBytes(callFrame, inlineCallFrame))) Arguments(callFrame);
- arguments->finishCreation(callFrame, inlineCallFrame, mode);
- return arguments;
- }
-
- enum { MaxArguments = 0x10000 };
-
-private:
- enum NoParametersType { NoParameters };
-
- Arguments(CallFrame*);
- Arguments(CallFrame*, NoParametersType);
-
-public:
- DECLARE_INFO;
-
- static void visitChildren(JSCell*, SlotVisitor&);
- static void copyBackingStore(JSCell*, CopyVisitor&, CopyToken);
-
- void fillArgList(ExecState*, MarkedArgumentBuffer&);
-
- uint32_t length(ExecState* exec) const
- {
- if (UNLIKELY(m_overrodeLength))
- return get(exec, exec->propertyNames().length).toUInt32(exec);
- return m_numArguments;
- }
-
- void copyToArguments(ExecState*, VirtualRegister firstElementDest, unsigned offset, unsigned length);
- void tearOff(CallFrame*);
- void tearOff(CallFrame*, InlineCallFrame*);
- void tearOffForCloning(CallFrame*);
- void tearOffForCloning(CallFrame*, InlineCallFrame*);
- bool isTornOff() const { return m_registers == (&registerArray() - CallFrame::offsetFor(1) - 1); }
-
- static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
- {
- return Structure::create(vm, globalObject, prototype, TypeInfo(ArgumentsType, StructureFlags), info());
- }
-
- static ptrdiff_t offsetOfActivation() { return OBJECT_OFFSETOF(Arguments, m_lexicalEnvironment); }
- static ptrdiff_t offsetOfNumArguments() { return OBJECT_OFFSETOF(Arguments, m_numArguments); }
- static ptrdiff_t offsetOfOverrodeLength() { return OBJECT_OFFSETOF(Arguments, m_overrodeLength); }
- static ptrdiff_t offsetOfIsStrictMode() { return OBJECT_OFFSETOF(Arguments, m_isStrictMode); }
- static ptrdiff_t offsetOfRegisters() { return OBJECT_OFFSETOF(Arguments, m_registers); }
- static ptrdiff_t offsetOfInlineRegisterArray() { return WTF::roundUpToMultipleOf<8>(sizeof(Arguments)); }
- static ptrdiff_t offsetOfSlowArgumentData() { return OBJECT_OFFSETOF(Arguments, m_slowArgumentData); }
- static ptrdiff_t offsetOfCallee() { return OBJECT_OFFSETOF(Arguments, m_callee); }
-
-protected:
- static const unsigned StructureFlags = OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | JSObject::StructureFlags;
-
- void finishCreation(CallFrame*, JSLexicalEnvironment*, ArgumentsMode);
- void finishCreation(CallFrame*, InlineCallFrame*, ArgumentsMode);
-
-private:
- static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
- static bool getOwnPropertySlotByIndex(JSObject*, ExecState*, unsigned propertyName, PropertySlot&);
- static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
- static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
- static void putByIndex(JSCell*, ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
- static bool deleteProperty(JSCell*, ExecState*, PropertyName);
- static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned propertyName);
- static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
- void createStrictModeCallerIfNecessary(ExecState*);
- void createStrictModeCalleeIfNecessary(ExecState*);
-
- static size_t registerArraySizeInBytes(CallFrame* callFrame) { return sizeof(WriteBarrier<Unknown>) * callFrame->argumentCount(); }
- static size_t registerArraySizeInBytes(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
- {
- unsigned argumentCountIncludingThis;
- if (inlineCallFrame->argumentCountRegister.isValid())
- argumentCountIncludingThis = callFrame->r(inlineCallFrame->argumentCountRegister.offset()).unboxedInt32();
- else
- argumentCountIncludingThis = inlineCallFrame->arguments.size();
- return sizeof(WriteBarrier<Unknown>) * (argumentCountIncludingThis - 1);
- }
- bool isArgument(size_t);
- bool trySetArgument(VM&, size_t argument, JSValue);
- JSValue tryGetArgument(size_t argument);
- bool isDeletedArgument(size_t);
- bool tryDeleteArgument(VM&, size_t);
- WriteBarrierBase<Unknown>& argument(size_t);
- void allocateSlowArguments(VM&);
-
- void init(CallFrame*);
-
- WriteBarrier<JSLexicalEnvironment> m_lexicalEnvironment;
-
- unsigned m_numArguments;
-
- // We make these full byte booleans to make them easy to test from the JIT,
- // and because even if they were single-bit booleans we still wouldn't save
- // any space.
- bool m_overrodeLength;
- bool m_overrodeCallee;
- bool m_overrodeCaller;
- bool m_isStrictMode;
-
- WriteBarrierBase<Unknown>* m_registers;
- WriteBarrier<Unknown>& registerArray() { return *reinterpret_cast<WriteBarrier<Unknown>*>(reinterpret_cast<char*>(this) + offsetOfInlineRegisterArray()); }
- const WriteBarrier<Unknown>& registerArray() const { return *reinterpret_cast<const WriteBarrier<Unknown>*>(reinterpret_cast<const char*>(this) + offsetOfInlineRegisterArray()); }
-
-public:
- struct SlowArgumentData {
- public:
- SlowArgumentData()
- : m_bytecodeToMachineCaptureOffset(0)
- {
- }
-
- SlowArgument* slowArguments()
- {
- return reinterpret_cast<SlowArgument*>(WTF::roundUpToMultipleOf<8>(reinterpret_cast<size_t>(this + 1)));
- }
-
- int bytecodeToMachineCaptureOffset() const { return m_bytecodeToMachineCaptureOffset; }
- void setBytecodeToMachineCaptureOffset(int newOffset) { m_bytecodeToMachineCaptureOffset = newOffset; }
-
- static size_t sizeForNumArguments(unsigned numArguments)
- {
- return WTF::roundUpToMultipleOf<8>(sizeof(SlowArgumentData)) + sizeof(SlowArgument) * numArguments;
- }
-
- private:
- int m_bytecodeToMachineCaptureOffset; // Add this if you have a bytecode offset into captured registers and you want the machine offset instead. Subtract if you want to do the opposite.
- };
-
-private:
- CopyWriteBarrier<SlowArgumentData> m_slowArgumentData;
-
- WriteBarrier<JSFunction> m_callee;
-};
-
-Arguments* asArguments(JSValue);
-
-inline Arguments* asArguments(JSValue value)
-{
- ASSERT(asObject(value)->inherits(Arguments::info()));
- return static_cast<Arguments*>(asObject(value));
-}
-
-inline Arguments::Arguments(CallFrame* callFrame)
- : Base(callFrame->vm(), callFrame->lexicalGlobalObject()->argumentsStructure())
-{
-}
-
-inline Arguments::Arguments(CallFrame* callFrame, NoParametersType)
- : Base(callFrame->vm(), callFrame->lexicalGlobalObject()->argumentsStructure())
-{
-}
-
-inline void Arguments::allocateSlowArguments(VM& vm)
-{
- if (!!m_slowArgumentData)
- return;
-
- void* backingStore;
- if (!vm.heap.tryAllocateStorage(this, SlowArgumentData::sizeForNumArguments(m_numArguments), &backingStore))
- RELEASE_ASSERT_NOT_REACHED();
- m_slowArgumentData.set(vm, this, static_cast<SlowArgumentData*>(backingStore));
-
- for (size_t i = 0; i < m_numArguments; ++i) {
- ASSERT(m_slowArgumentData->slowArguments()[i].status == SlowArgument::Normal);
- m_slowArgumentData->slowArguments()[i].index = CallFrame::argumentOffset(i);
- }
-}
-
-inline bool Arguments::tryDeleteArgument(VM& vm, size_t argument)
-{
- if (!isArgument(argument))
- return false;
- allocateSlowArguments(vm);
- m_slowArgumentData->slowArguments()[argument].status = SlowArgument::Deleted;
- return true;
-}
-
-inline bool Arguments::trySetArgument(VM& vm, size_t argument, JSValue value)
-{
- if (!isArgument(argument))
- return false;
- this->argument(argument).set(vm, this, value);
- return true;
-}
-
-inline JSValue Arguments::tryGetArgument(size_t argument)
-{
- if (!isArgument(argument))
- return JSValue();
- return this->argument(argument).get();
-}
-
-inline bool Arguments::isDeletedArgument(size_t argument)
-{
- if (argument >= m_numArguments)
- return false;
- if (!m_slowArgumentData)
- return false;
- if (m_slowArgumentData->slowArguments()[argument].status != SlowArgument::Deleted)
- return false;
- return true;
-}
-
-inline bool Arguments::isArgument(size_t argument)
-{
- if (argument >= m_numArguments)
- return false;
- if (m_slowArgumentData && m_slowArgumentData->slowArguments()[argument].status == SlowArgument::Deleted)
- return false;
- return true;
-}
-
-inline WriteBarrierBase<Unknown>& Arguments::argument(size_t argument)
-{
- ASSERT(isArgument(argument));
- if (!m_slowArgumentData)
- return m_registers[CallFrame::argumentOffset(argument)];
-
- int index = m_slowArgumentData->slowArguments()[argument].index;
- if (m_slowArgumentData->slowArguments()[argument].status != SlowArgument::Captured)
- return m_registers[index];
-
- RELEASE_ASSERT(m_lexicalEnvironment);
- return m_lexicalEnvironment->registerAt(index - m_slowArgumentData->bytecodeToMachineCaptureOffset());
-}
-
-inline void Arguments::finishCreation(CallFrame* callFrame, JSLexicalEnvironment* lexicalEnvironment, ArgumentsMode mode)
-{
- Base::finishCreation(callFrame->vm());
- ASSERT(inherits(info()));
-
- JSFunction* callee = jsCast<JSFunction*>(callFrame->callee());
- m_callee.set(callFrame->vm(), this, callee);
- m_overrodeLength = false;
- m_overrodeCallee = false;
- m_overrodeCaller = false;
- m_isStrictMode = callFrame->codeBlock()->isStrictMode();
-
- switch (mode) {
- case NormalArgumentsCreationMode: {
- m_numArguments = callFrame->argumentCount();
- m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers());
-
- CodeBlock* codeBlock = callFrame->codeBlock();
- if (codeBlock->hasSlowArguments()) {
- SymbolTable* symbolTable = codeBlock->symbolTable();
- const SlowArgument* slowArguments = codeBlock->machineSlowArguments();
- allocateSlowArguments(callFrame->vm());
- size_t count = std::min<unsigned>(m_numArguments, symbolTable->parameterCount());
- for (size_t i = 0; i < count; ++i)
- m_slowArgumentData->slowArguments()[i] = slowArguments[i];
- m_slowArgumentData->setBytecodeToMachineCaptureOffset(
- codeBlock->framePointerOffsetToGetActivationRegisters());
- }
- if (codeBlock->needsActivation()) {
- RELEASE_ASSERT(lexicalEnvironment && lexicalEnvironment == callFrame->lexicalEnvironment());
- m_lexicalEnvironment.set(callFrame->vm(), this, lexicalEnvironment);
- }
- // The bytecode generator omits op_tear_off_lexical_environment in cases of no
- // declared parameters, so we need to tear off immediately.
- if (m_isStrictMode || !callee->jsExecutable()->parameterCount())
- tearOff(callFrame);
- break;
- }
-
- case ClonedArgumentsCreationMode: {
- m_numArguments = callFrame->argumentCount();
- m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers());
- tearOffForCloning(callFrame);
- break;
- }
-
- case FakeArgumentValuesCreationMode: {
- m_numArguments = 0;
- m_registers = nullptr;
- tearOff(callFrame);
- break;
- }
- }
-}
-
-inline void Arguments::finishCreation(CallFrame* callFrame, InlineCallFrame* inlineCallFrame, ArgumentsMode mode)
-{
- Base::finishCreation(callFrame->vm());
- ASSERT(inherits(info()));
-
- JSFunction* callee = inlineCallFrame->calleeForCallFrame(callFrame);
- m_callee.set(callFrame->vm(), this, callee);
- m_overrodeLength = false;
- m_overrodeCallee = false;
- m_overrodeCaller = false;
- m_isStrictMode = jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->isStrictMode();
-
- if (inlineCallFrame->argumentCountRegister.isValid())
- m_numArguments = callFrame->r(inlineCallFrame->argumentCountRegister.offset()).unboxedInt32();
- else
- m_numArguments = inlineCallFrame->arguments.size();
- m_numArguments--;
-
- switch (mode) {
- case NormalArgumentsCreationMode: {
- if (m_numArguments) {
- int offsetForArgumentOne = inlineCallFrame->arguments[1].virtualRegister().offset();
- m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers()) + offsetForArgumentOne - virtualRegisterForArgument(1).offset();
- } else
- m_registers = 0;
-
- ASSERT(!jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->symbolTable(inlineCallFrame->specializationKind())->slowArguments());
-
- // The bytecode generator omits op_tear_off_lexical_environment in cases of no
- // declared parameters, so we need to tear off immediately.
- if (m_isStrictMode || !callee->jsExecutable()->parameterCount())
- tearOff(callFrame, inlineCallFrame);
- break;
- }
-
- case ClonedArgumentsCreationMode: {
- if (m_numArguments) {
- int offsetForArgumentOne = inlineCallFrame->arguments[1].virtualRegister().offset();
- m_registers = reinterpret_cast<WriteBarrierBase<Unknown>*>(callFrame->registers()) + offsetForArgumentOne - virtualRegisterForArgument(1).offset();
- } else
- m_registers = 0;
-
- ASSERT(!jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->symbolTable(inlineCallFrame->specializationKind())->slowArguments());
-
- tearOffForCloning(callFrame, inlineCallFrame);
- break;
- }
-
- case FakeArgumentValuesCreationMode: {
- m_numArguments = 0;
- m_registers = nullptr;
- tearOff(callFrame);
- break;
- } }
-}
-
-} // namespace JSC
-
-#endif // Arguments_h
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArgumentsModeh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ArgumentsMode.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArgumentsMode.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ArgumentsMode.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,39 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ArgumentsMode_h
+#define ArgumentsMode_h
+
+namespace JSC {
+
+enum class ArgumentsMode {
+ Cloned,
+ FakeValues
+};
+
+} // namespace JSC
+
+#endif // ArgumentsMode_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeClonedArgumentscpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,224 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ClonedArguments.h"
+
+#include "GetterSetter.h"
+#include "JSArgumentsIterator.h"
+#include "JSCInlines.h"
+
+namespace JSC {
+
+STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(ClonedArguments);
+
+const ClassInfo ClonedArguments::s_info = { "Arguments", &Base::s_info, 0, CREATE_METHOD_TABLE(ClonedArguments) };
+
+ClonedArguments::ClonedArguments(VM& vm, Structure* structure)
+ : Base(vm, structure, nullptr)
+{
+}
+
+ClonedArguments* ClonedArguments::createEmpty(
+ VM& vm, Structure* structure, JSFunction* callee)
+{
+ ClonedArguments* result =
+ new (NotNull, allocateCell<ClonedArguments>(vm.heap))
+ ClonedArguments(vm, structure);
+ result->finishCreation(vm);
+ result->m_callee.set(vm, result, callee);
+ return result;
+}
+
+ClonedArguments* ClonedArguments::createEmpty(ExecState* exec, JSFunction* callee)
+{
+ // NB. Some clients might expect that the global object of of this object is the global object
+ // of the callee. We don't do this for now, but maybe we should.
+ return createEmpty(
+ exec->vm(), exec->lexicalGlobalObject()->outOfBandArgumentsStructure(), callee);
+}
+
+ClonedArguments* ClonedArguments::createWithInlineFrame(ExecState* myFrame, ExecState* targetFrame, InlineCallFrame* inlineCallFrame, ArgumentsMode mode)
+{
+ VM& vm = myFrame->vm();
+
+ JSFunction* callee;
+
+ if (inlineCallFrame)
+ callee = jsCast<JSFunction*>(inlineCallFrame->calleeRecovery.recover(targetFrame));
+ else
+ callee = jsCast<JSFunction*>(targetFrame->callee());
+
+ ClonedArguments* result = createEmpty(myFrame, callee);
+
+ unsigned length;
+ switch (mode) {
+ case ArgumentsMode::Cloned: {
+ if (inlineCallFrame) {
+ if (inlineCallFrame->argumentCountRegister.isValid())
+ length = targetFrame->r(inlineCallFrame->argumentCountRegister).unboxedInt32();
+ else
+ length = inlineCallFrame->arguments.size();
+ length--;
+
+ for (unsigned i = length; i--;)
+ result->putDirectIndex(myFrame, i, inlineCallFrame->arguments[i + 1].recover(targetFrame));
+ } else {
+ length = targetFrame->argumentCount();
+
+ for (unsigned i = length; i--;)
+ result->putDirectIndex(myFrame, i, targetFrame->uncheckedArgument(i));
+ }
+ break;
+ }
+
+ case ArgumentsMode::FakeValues: {
+ length = 0;
+ break;
+ } }
+
+ result->putDirect(vm, vm.propertyNames->length, jsNumber(length));
+
+ return result;
+}
+
+ClonedArguments* ClonedArguments::createWithMachineFrame(ExecState* myFrame, ExecState* targetFrame, ArgumentsMode mode)
+{
+ return createWithInlineFrame(myFrame, targetFrame, nullptr, mode);
+}
+
+ClonedArguments* ClonedArguments::createByCopyingFrom(
+ ExecState* exec, Structure* structure, Register* argumentStart, unsigned length,
+ JSFunction* callee)
+{
+ VM& vm = exec->vm();
+ ClonedArguments* result = createEmpty(vm, structure, callee);
+
+ for (unsigned i = length; i--;)
+ result->putDirectIndex(exec, i, argumentStart[i].jsValue());
+
+ result->putDirect(vm, vm.propertyNames->length, jsNumber(length));
+ return result;
+}
+
+Structure* ClonedArguments::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+{
+ return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+}
+
+bool ClonedArguments::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName ident, PropertySlot& slot)
+{
+ ClonedArguments* thisObject = jsCast<ClonedArguments*>(object);
+ VM& vm = exec->vm();
+
+ if (ident == vm.propertyNames->caller
+ || ident == vm.propertyNames->callee)
+ thisObject->materializeSpecialsIfNecessary(exec);
+
+ if (Base::getOwnPropertySlot(thisObject, exec, ident, slot))
+ return true;
+
+ if (ident == vm.propertyNames->iteratorPrivateName) {
+ JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+ thisObject->JSC_NATIVE_FUNCTION(vm.propertyNames->iteratorPrivateName, argumentsFuncIterator, DontEnum, 0);
+ if (JSObject::getOwnPropertySlot(thisObject, exec, ident, slot))
+ return true;
+ }
+
+ return false;
+}
+
+void ClonedArguments::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& array, EnumerationMode mode)
+{
+ ClonedArguments* thisObject = jsCast<ClonedArguments*>(object);
+ thisObject->materializeSpecialsIfNecessary(exec);
+ Base::getOwnPropertyNames(thisObject, exec, array, mode);
+}
+
+void ClonedArguments::put(JSCell* cell, ExecState* exec, PropertyName ident, JSValue value, PutPropertySlot& slot)
+{
+ ClonedArguments* thisObject = jsCast<ClonedArguments*>(cell);
+ VM& vm = exec->vm();
+
+ if (ident == vm.propertyNames->callee
+ || ident == vm.propertyNames->caller) {
+ thisObject->materializeSpecialsIfNecessary(exec);
+ PutPropertySlot dummy = slot; // Shadow the given PutPropertySlot to prevent caching.
+ Base::put(thisObject, exec, ident, value, dummy);
+ return;
+ }
+
+ Base::put(thisObject, exec, ident, value, slot);
+}
+
+bool ClonedArguments::deleteProperty(JSCell* cell, ExecState* exec, PropertyName ident)
+{
+ ClonedArguments* thisObject = jsCast<ClonedArguments*>(cell);
+ VM& vm = exec->vm();
+
+ if (ident == vm.propertyNames->callee
+ || ident == vm.propertyNames->caller)
+ thisObject->materializeSpecialsIfNecessary(exec);
+
+ return Base::deleteProperty(thisObject, exec, ident);
+}
+
+bool ClonedArguments::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName ident, const PropertyDescriptor& descriptor, bool shouldThrow)
+{
+ ClonedArguments* thisObject = jsCast<ClonedArguments*>(object);
+ VM& vm = exec->vm();
+
+ if (ident == vm.propertyNames->callee
+ || ident == vm.propertyNames->caller)
+ thisObject->materializeSpecialsIfNecessary(exec);
+
+ return Base::defineOwnProperty(object, exec, ident, descriptor, shouldThrow);
+}
+
+void ClonedArguments::materializeSpecials(ExecState* exec)
+{
+ RELEASE_ASSERT(!specialsMaterialized());
+ VM& vm = exec->vm();
+
+ FunctionExecutable* executable = jsCast<FunctionExecutable*>(m_callee->executable());
+ bool isStrictMode = executable->isStrictMode();
+
+ if (isStrictMode) {
+ putDirectAccessor(exec, vm.propertyNames->callee, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
+ putDirectAccessor(exec, vm.propertyNames->caller, globalObject()->throwTypeErrorGetterSetter(vm), DontDelete | DontEnum | Accessor);
+ } else
+ putDirect(vm, vm.propertyNames->callee, JSValue(m_callee.get()));
+
+ m_callee.clear();
+}
+
+void ClonedArguments::materializeSpecialsIfNecessary(ExecState* exec)
+{
+ if (!specialsMaterialized())
+ materializeSpecials(exec);
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeClonedArgumentsh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ClonedArguments.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ClonedArguments.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ClonedArguments.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,78 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ClonedArguments_h
+#define ClonedArguments_h
+
+#include "ArgumentsMode.h"
+#include "JSObject.h"
+
+namespace JSC {
+
+// This is an Arguments-class object that we create when you do function.arguments, or you say
+// "arguments" inside a function in strict mode. It behaves almpst entirely like an ordinary
+// JavaScript object. All of the arguments values are simply copied from the stack (possibly via
+// some sophisticated ValueRecovery's if an optimizing compiler is in play) and the appropriate
+// properties of the object are populated. The only reason why we need a special class is to make
+// the object claim to be "Arguments" from a toString standpoint, and to avoid materializing the
+// caller/callee properties unless someone asks for them.
+class ClonedArguments : public JSNonFinalObject {
+public:
+ typedef JSNonFinalObject Base;
+
+private:
+ ClonedArguments(VM&, Structure*);
+
+public:
+ static ClonedArguments* createEmpty(VM&, Structure*, JSFunction* callee);
+ static ClonedArguments* createEmpty(ExecState*, JSFunction* callee);
+ static ClonedArguments* createWithInlineFrame(ExecState* myFrame, ExecState* targetFrame, InlineCallFrame*, ArgumentsMode);
+ static ClonedArguments* createWithMachineFrame(ExecState* myFrame, ExecState* targetFrame, ArgumentsMode);
+ static ClonedArguments* createByCopyingFrom(ExecState*, Structure*, Register* argumentsStart, unsigned length, JSFunction* callee);
+
+ static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
+
+ static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesGetPropertyNames | JSObject::StructureFlags;
+
+ DECLARE_INFO;
+
+private:
+ static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
+ static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
+ static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
+ static bool deleteProperty(JSCell*, ExecState*, PropertyName);
+ static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
+
+ bool specialsMaterialized() const { return !m_callee; }
+ void materializeSpecials(ExecState*);
+ void materializeSpecialsIfNecessary(ExecState*);
+
+ WriteBarrier<JSFunction> m_callee; // Set to nullptr when we materialize all of our special properties.
+};
+
+} // namespace JSC
+
+#endif // ClonedArguments_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeCommonSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -25,12 +25,14 @@
</span><span class="cx">
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "CommonSlowPaths.h"
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "ArityCheckFailReturnThunks.h"
</span><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "CallFrame.h"
</span><ins>+#include "ClonedArguments.h"
</ins><span class="cx"> #include "CodeProfiling.h"
</span><span class="cx"> #include "CommonSlowPathsExceptions.h"
</span><ins>+#include "DirectArguments.h"
+#include "Error.h"
</ins><span class="cx"> #include "ErrorHandlingScope.h"
</span><span class="cx"> #include "ExceptionFuzz.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="lines">@@ -38,6 +40,7 @@
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JIT.h"
</span><span class="cx"> #include "JITStubs.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSCJSValue.h"
</span><span class="cx"> #include "JSGlobalObjectFunctions.h"
</span><span class="cx"> #include "JSLexicalEnvironment.h"
</span><span class="lines">@@ -49,7 +52,7 @@
</span><span class="cx"> #include "LLIntExceptions.h"
</span><span class="cx"> #include "LowLevelInterpreter.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><del>-#include "JSCInlines.h"
</del><ins>+#include "ScopedArguments.h"
</ins><span class="cx"> #include "StructureRareDataInlines.h"
</span><span class="cx"> #include "TypeProfilerLog.h"
</span><span class="cx"> #include "VariableWatchpointSetInlines.h"
</span><span class="lines">@@ -210,19 +213,26 @@
</span><span class="cx"> END();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-SLOW_PATH_DECL(slow_path_create_arguments)
</del><ins>+SLOW_PATH_DECL(slow_path_create_direct_arguments)
</ins><span class="cx"> {
</span><span class="cx"> BEGIN();
</span><del>- int lexicalEnvironmentReg = pc[2].u.operand;
- JSLexicalEnvironment* lexicalEnvironment = VirtualRegister(lexicalEnvironmentReg).isValid() ?
- exec->uncheckedR(lexicalEnvironmentReg).lexicalEnvironment() : nullptr;
- JSValue arguments = JSValue(Arguments::create(vm, exec, lexicalEnvironment));
- CHECK_EXCEPTION();
- exec->uncheckedR(pc[1].u.operand) = arguments;
- exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[1].u.operand)).offset()) = arguments;
- END();
</del><ins>+ RETURN(DirectArguments::createByCopying(exec));
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+SLOW_PATH_DECL(slow_path_create_scoped_arguments)
+{
+ BEGIN();
+ JSLexicalEnvironment* scope = jsCast<JSLexicalEnvironment*>(OP(2).jsValue());
+ ScopedArgumentsTable* table = exec->codeBlock()->symbolTable()->arguments();
+ RETURN(ScopedArguments::createByCopying(exec, table, scope));
+}
+
+SLOW_PATH_DECL(slow_path_create_out_of_band_arguments)
+{
+ BEGIN();
+ RETURN(ClonedArguments::createWithMachineFrame(exec, exec, ArgumentsMode::Cloned));
+}
+
</ins><span class="cx"> SLOW_PATH_DECL(slow_path_create_this)
</span><span class="cx"> {
</span><span class="cx"> BEGIN();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeCommonSlowPathsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2012, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -182,7 +182,9 @@
</span><span class="cx"> SLOW_PATH_HIDDEN_DECL(slow_path_call_arityCheck);
</span><span class="cx"> SLOW_PATH_HIDDEN_DECL(slow_path_construct_arityCheck);
</span><span class="cx"> SLOW_PATH_HIDDEN_DECL(slow_path_touch_entry);
</span><del>-SLOW_PATH_HIDDEN_DECL(slow_path_create_arguments);
</del><ins>+SLOW_PATH_HIDDEN_DECL(slow_path_create_direct_arguments);
+SLOW_PATH_HIDDEN_DECL(slow_path_create_scoped_arguments);
+SLOW_PATH_HIDDEN_DECL(slow_path_create_out_of_band_arguments);
</ins><span class="cx"> SLOW_PATH_HIDDEN_DECL(slow_path_create_this);
</span><span class="cx"> SLOW_PATH_HIDDEN_DECL(slow_path_enter);
</span><span class="cx"> SLOW_PATH_HIDDEN_DECL(slow_path_get_callee);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeConstantModecpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ConstantMode.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ConstantMode.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ConstantMode.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,46 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ConstantMode.h"
+
+namespace WTF {
+
+using namespace JSC;
+
+void printInternal(PrintStream& out, ConstantMode mode)
+{
+ switch (mode) {
+ case IsConstant:
+ out.print("Constant");
+ return;
+ case IsVariable:
+ out.print("Variable");
+ return;
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+}
+
+} // namespace WTF
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeConstantModeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ConstantMode.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ConstantMode.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/ConstantMode.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,11 +26,24 @@
</span><span class="cx"> #ifndef ConstantMode_h
</span><span class="cx"> #define ConstantMode_h
</span><span class="cx">
</span><ins>+#include <wtf/PrintStream.h>
+
</ins><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> enum ConstantMode { IsConstant, IsVariable };
</span><span class="cx">
</span><ins>+inline ConstantMode modeForIsConstant(bool isConstant)
+{
+ return isConstant ? IsConstant : IsVariable;
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><ins>+namespace WTF {
+
+void printInternal(PrintStream&, JSC::ConstantMode);
+
+} // namespace WTF
+
</ins><span class="cx"> #endif // ConstantMode_h
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeDirectArgumentscpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,178 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DirectArguments.h"
+
+#include "CopyVisitorInlines.h"
+#include "GenericArgumentsInlines.h"
+#include "JSArgumentsIterator.h"
+#include "JSCInlines.h"
+
+namespace JSC {
+
+STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(DirectArguments);
+
+const ClassInfo DirectArguments::s_info = { "Arguments", &Base::s_info, 0, CREATE_METHOD_TABLE(DirectArguments) };
+
+DirectArguments::DirectArguments(VM& vm, Structure* structure, unsigned length, unsigned capacity)
+ : GenericArguments(vm, structure)
+ , m_length(length)
+ , m_minCapacity(capacity)
+{
+ // When we construct the object from C++ code, we expect the capacity to be at least as large as
+ // length. JIT-allocated DirectArguments objects play evil tricks, though.
+ ASSERT(capacity >= length);
+}
+
+DirectArguments* DirectArguments::createUninitialized(
+ VM& vm, Structure* structure, unsigned length, unsigned capacity)
+{
+ DirectArguments* result =
+ new (NotNull, allocateCell<DirectArguments>(vm.heap, allocationSize(capacity)))
+ DirectArguments(vm, structure, length, capacity);
+ result->finishCreation(vm);
+ return result;
+}
+
+DirectArguments* DirectArguments::create(VM& vm, Structure* structure, unsigned length, unsigned capacity)
+{
+ DirectArguments* result = createUninitialized(vm, structure, length, capacity);
+
+ for (unsigned i = capacity; i--;)
+ result->storage()[i].clear();
+
+ return result;
+}
+
+DirectArguments* DirectArguments::createByCopying(ExecState* exec)
+{
+ VM& vm = exec->vm();
+
+ unsigned length = exec->argumentCount();
+ unsigned capacity = std::max(length, static_cast<unsigned>(exec->codeBlock()->numParameters() - 1));
+ DirectArguments* result = createUninitialized(
+ vm, exec->lexicalGlobalObject()->directArgumentsStructure(), length, capacity);
+
+ for (unsigned i = capacity; i--;)
+ result->storage()[i].set(vm, result, exec->getArgumentUnsafe(i));
+
+ result->callee().set(vm, result, jsCast<JSFunction*>(exec->callee()));
+
+ return result;
+}
+
+void DirectArguments::visitChildren(JSCell* thisCell, SlotVisitor& visitor)
+{
+ DirectArguments* thisObject = static_cast<DirectArguments*>(thisCell);
+ ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+ Base::visitChildren(thisObject, visitor);
+
+ visitor.appendValues(thisObject->storage(), std::max(thisObject->m_length, thisObject->m_minCapacity));
+ visitor.append(&thisObject->m_callee);
+
+ if (thisObject->m_overrides) {
+ visitor.copyLater(
+ thisObject, DirectArgumentsOverridesCopyToken,
+ thisObject->m_overrides.get(), thisObject->overridesSize());
+ }
+}
+
+void DirectArguments::copyBackingStore(JSCell* thisCell, CopyVisitor& visitor, CopyToken token)
+{
+ DirectArguments* thisObject = static_cast<DirectArguments*>(thisCell);
+ ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+
+ RELEASE_ASSERT(token == DirectArgumentsOverridesCopyToken);
+
+ bool* oldOverrides = thisObject->m_overrides.get();
+ if (!oldOverrides)
+ return;
+
+ if (visitor.checkIfShouldCopy(oldOverrides)) {
+ bool* newOverrides = static_cast<bool*>(visitor.allocateNewSpace(thisObject->overridesSize()));
+ memcpy(newOverrides, oldOverrides, thisObject->m_length);
+ thisObject->m_overrides.setWithoutWriteBarrier(newOverrides);
+ visitor.didCopy(oldOverrides, thisObject->overridesSize());
+ }
+}
+
+Structure* DirectArguments::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+{
+ return Structure::create(vm, globalObject, prototype, TypeInfo(DirectArgumentsType, StructureFlags), info());
+}
+
+void DirectArguments::overrideThings(VM& vm)
+{
+ RELEASE_ASSERT(!m_overrides);
+
+ putDirect(vm, vm.propertyNames->length, jsNumber(m_length), DontEnum);
+ putDirect(vm, vm.propertyNames->callee, m_callee.get(), DontEnum);
+
+ void* backingStore;
+ RELEASE_ASSERT(vm.heap.tryAllocateStorage(this, overridesSize(), &backingStore));
+ m_overrides.set(vm, this, static_cast<bool*>(backingStore));
+ for (unsigned i = m_length; i--;)
+ m_overrides.get()[i] = false;
+}
+
+void DirectArguments::overrideThingsIfNecessary(VM& vm)
+{
+ if (!m_overrides)
+ overrideThings(vm);
+}
+
+void DirectArguments::overrideArgument(VM& vm, unsigned index)
+{
+ overrideThingsIfNecessary(vm);
+ m_overrides.get()[index] = true;
+}
+
+void DirectArguments::copyToArguments(ExecState* exec, VirtualRegister firstElementDest, unsigned offset, unsigned length)
+{
+ if (!m_overrides) {
+ unsigned limit = std::min(length + offset, m_length);
+ unsigned i;
+ VirtualRegister start = firstElementDest - offset;
+ for (i = offset; i < limit; ++i)
+ exec->r(start + i) = storage()[i].get();
+ for (; i < length; ++i)
+ exec->r(start + i) = get(exec, i);
+ return;
+ }
+
+ GenericArguments::copyToArguments(exec, firstElementDest, offset, length);
+}
+
+unsigned DirectArguments::overridesSize()
+{
+ // We always allocate something; in the relatively uncommon case of overriding an empty argument we
+ // still allocate so that m_overrides is non-null. We use that to indicate that the other properties
+ // (length, etc) are overridden.
+ return WTF::roundUpToMultipleOf<8>(m_length ? m_length : 1);
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeDirectArgumentsh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/DirectArguments.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/DirectArguments.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/DirectArguments.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,152 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DirectArguments_h
+#define DirectArguments_h
+
+#include "DirectArgumentsOffset.h"
+#include "GenericArguments.h"
+
+namespace JSC {
+
+// This is an Arguments-class object that we create when you say "arguments" inside a function,
+// and none of the arguments are captured in the function's activation. The function will copy all
+// of its arguments into this object, and all subsequent accesses to the arguments will go through
+// this object thereafter. Special support is in place for mischevious events like the arguments
+// being deleted (something like "delete arguments[0]") or reconfigured (broadly, we say deletions
+// and reconfigurations mean that the respective argument was "overridden").
+//
+// To speed allocation, this object will hold all of the arguments in-place. The arguments as well
+// as a table of flags saying which arguments were overridden.
+class DirectArguments : public GenericArguments<DirectArguments> {
+private:
+ DirectArguments(VM&, Structure*, unsigned length, unsigned capacity);
+
+public:
+ // Creates an arguments object but leaves it uninitialized. This is dangerous if we GC right
+ // after allocation.
+ static DirectArguments* createUninitialized(VM&, Structure*, unsigned length, unsigned capacity);
+
+ // Creates an arguments object and initializes everything to the empty value. Use this if you
+ // cannot guarantee that you'll immediately initialize all of the elements.
+ static DirectArguments* create(VM&, Structure*, unsigned length, unsigned capacity);
+
+ // Creates an arguments object by copying the argumnets from the stack.
+ static DirectArguments* createByCopying(ExecState*);
+
+ static void visitChildren(JSCell*, SlotVisitor&);
+ static void copyBackingStore(JSCell*, CopyVisitor&, CopyToken);
+
+ uint32_t internalLength() const
+ {
+ return m_length;
+ }
+
+ uint32_t length(ExecState* exec) const
+ {
+ if (UNLIKELY(m_overrides))
+ return get(exec, exec->propertyNames().length).toUInt32(exec);
+ return m_length;
+ }
+
+ bool canAccessIndexQuickly(uint32_t i) const
+ {
+ return i < m_length && (!m_overrides || !m_overrides.get()[i]);
+ }
+
+ JSValue getIndexQuickly(uint32_t i) const
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(canAccessIndexQuickly(i));
+ return const_cast<DirectArguments*>(this)->storage()[i].get();
+ }
+
+ void setIndexQuickly(VM& vm, uint32_t i, JSValue value)
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(canAccessIndexQuickly(i));
+ storage()[i].set(vm, this, value);
+ }
+
+ WriteBarrier<JSFunction>& callee()
+ {
+ return m_callee;
+ }
+
+ WriteBarrier<Unknown>& argument(DirectArgumentsOffset offset)
+ {
+ ASSERT(offset);
+ ASSERT_WITH_SECURITY_IMPLICATION(offset.offset() < std::max(m_length, m_minCapacity));
+ return storage()[offset.offset()];
+ }
+
+ // Methods intended for use by the GenericArguments mixin.
+ bool overrodeThings() const { return !!m_overrides; }
+ void overrideThings(VM&);
+ void overrideThingsIfNecessary(VM&);
+ void overrideArgument(VM&, unsigned index);
+
+ void copyToArguments(ExecState*, VirtualRegister firstElementDest, unsigned offset, unsigned length);
+
+ DECLARE_INFO;
+
+ static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
+
+ static ptrdiff_t offsetOfCallee() { return OBJECT_OFFSETOF(DirectArguments, m_callee); }
+ static ptrdiff_t offsetOfLength() { return OBJECT_OFFSETOF(DirectArguments, m_length); }
+ static ptrdiff_t offsetOfMinCapacity() { return OBJECT_OFFSETOF(DirectArguments, m_minCapacity); }
+ static ptrdiff_t offsetOfOverrides() { return OBJECT_OFFSETOF(DirectArguments, m_overrides); }
+
+ static size_t storageOffset()
+ {
+ return WTF::roundUpToMultipleOf<sizeof(WriteBarrier<Unknown>)>(sizeof(DirectArguments));
+ }
+
+ static size_t offsetOfSlot(uint32_t index)
+ {
+ return storageOffset() + sizeof(WriteBarrier<Unknown>) * index;
+ }
+
+ static size_t allocationSize(uint32_t capacity)
+ {
+ return offsetOfSlot(capacity);
+ }
+
+private:
+ WriteBarrier<Unknown>* storage()
+ {
+ return bitwise_cast<WriteBarrier<Unknown>*>(bitwise_cast<char*>(this) + storageOffset());
+ }
+
+ unsigned overridesSize();
+
+ WriteBarrier<JSFunction> m_callee;
+ uint32_t m_length; // Always the actual length of captured arguments and never what was stored into the length property.
+ uint32_t m_minCapacity; // The max of this and length determines the capacity of this object. It may be the actual capacity, or maybe something smaller. We arrange it this way to be kind to the JITs.
+ CopyWriteBarrier<bool> m_overrides; // If non-null, it means that length, callee, and caller are fully materialized properties.
+};
+
+} // namespace JSC
+
+#endif // DirectArguments_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeDirectArgumentsOffsetcpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,42 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DirectArgumentsOffset.h"
+
+namespace JSC {
+
+void DirectArgumentsOffset::dump(PrintStream& out) const
+{
+ if (!*this) {
+ out.print("capturedArgumentInvalid");
+ return;
+ }
+
+ out.print("capturedArgument", offset());
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeDirectArgumentsOffseth"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/DirectArgumentsOffset.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,53 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DirectArgumentsOffset_h
+#define DirectArgumentsOffset_h
+
+#include "GenericOffset.h"
+#include <wtf/PrintStream.h>
+
+namespace JSC {
+
+// This is an offset into the special arguments object, which captures the arguments to a
+// function. It only comes into play it the arguments aren't also lifted into the activation.
+// If they were then accesses to the arguments would resolve to a ScopeOffset and not a
+// DirectArgumentsOffset.
+class DirectArgumentsOffset : public GenericOffset<DirectArgumentsOffset> {
+public:
+ DirectArgumentsOffset() { }
+
+ explicit DirectArgumentsOffset(unsigned offset)
+ : GenericOffset(offset)
+ {
+ }
+
+ void dump(PrintStream&) const;
+};
+
+} // namespace JSC
+
+#endif // DirectArgumentsOffset_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
</span><del>- * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -21,9 +21,9 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "FunctionPrototype.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "BuiltinExecutables.h"
</span><span class="cx"> #include "BuiltinNames.h"
</span><ins>+#include "Error.h"
</ins><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><span class="cx"> #include "JSFunction.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeGenericArgumentsh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/GenericArguments.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/GenericArguments.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/GenericArguments.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,63 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GenericArguments_h
+#define GenericArguments_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+// This is a mixin for the two kinds of Arguments-class objects that arise when you say
+// "arguments" inside a function. This class doesn't show up in the JSCell inheritance hierarchy.
+template<typename Type>
+class GenericArguments : public JSNonFinalObject {
+public:
+ typedef JSNonFinalObject Base;
+
+ static const unsigned StructureFlags = OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | JSObject::StructureFlags;
+
+protected:
+ GenericArguments(VM& vm, Structure* structure)
+ : Base(vm, structure)
+ {
+ }
+
+ static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
+ static bool getOwnPropertySlotByIndex(JSObject*, ExecState*, unsigned propertyName, PropertySlot&);
+ static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
+ static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
+ static void putByIndex(JSCell*, ExecState*, unsigned propertyName, JSValue, bool shouldThrow);
+ static bool deleteProperty(JSCell*, ExecState*, PropertyName);
+ static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned propertyName);
+ static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
+
+ void copyToArguments(ExecState*, VirtualRegister firstElementDest, unsigned offset, unsigned length);
+};
+
+} // namespace JSC
+
+#endif // GenericArguments_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeGenericArgumentsInlinesh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,231 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GenericArgumentsInlines_h
+#define GenericArgumentsInlines_h
+
+#include "GenericArguments.h"
+#include "JSArgumentsIterator.h"
+#include "JSCInlines.h"
+
+namespace JSC {
+
+template<typename Type>
+bool GenericArguments<Type>::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName ident, PropertySlot& slot)
+{
+ Type* thisObject = jsCast<Type*>(object);
+ VM& vm = exec->vm();
+
+ if (!thisObject->overrodeThings()) {
+ if (ident == vm.propertyNames->length) {
+ slot.setValue(thisObject, DontEnum, jsNumber(thisObject->internalLength()));
+ return true;
+ }
+ if (ident == vm.propertyNames->callee) {
+ slot.setValue(thisObject, DontEnum, thisObject->callee().get());
+ return true;
+ }
+ }
+
+ unsigned index = ident.asIndex();
+ if (thisObject->canAccessIndexQuickly(index)) {
+ slot.setValue(thisObject, None, thisObject->getIndexQuickly(index));
+ return true;
+ }
+
+ if (Base::getOwnPropertySlot(thisObject, exec, ident, slot))
+ return true;
+
+ if (ident == vm.propertyNames->iteratorPrivateName) {
+ JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+ thisObject->JSC_NATIVE_FUNCTION(vm.propertyNames->iteratorPrivateName, argumentsFuncIterator, DontEnum, 0);
+ if (JSObject::getOwnPropertySlot(thisObject, exec, ident, slot))
+ return true;
+ }
+
+ return false;
+}
+
+template<typename Type>
+bool GenericArguments<Type>::getOwnPropertySlotByIndex(JSObject* object, ExecState* exec, unsigned index, PropertySlot& slot)
+{
+ Type* thisObject = jsCast<Type*>(object);
+
+ if (thisObject->canAccessIndexQuickly(index)) {
+ slot.setValue(thisObject, None, thisObject->getIndexQuickly(index));
+ return true;
+ }
+
+ return Base::getOwnPropertySlotByIndex(object, exec, index, slot);
+}
+
+template<typename Type>
+void GenericArguments<Type>::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& array, EnumerationMode mode)
+{
+ Type* thisObject = jsCast<Type*>(object);
+
+ for (unsigned i = 0; i < thisObject->internalLength(); ++i) {
+ if (!thisObject->canAccessIndexQuickly(i))
+ continue;
+ array.add(Identifier::from(exec, i));
+ }
+ if (shouldIncludeDontEnumProperties(mode) && !thisObject->overrodeThings()) {
+ array.add(exec->propertyNames().callee);
+ array.add(exec->propertyNames().length);
+ }
+ Base::getOwnPropertyNames(thisObject, exec, array, mode);
+}
+
+template<typename Type>
+void GenericArguments<Type>::put(JSCell* cell, ExecState* exec, PropertyName ident, JSValue value, PutPropertySlot& slot)
+{
+ Type* thisObject = jsCast<Type*>(cell);
+ VM& vm = exec->vm();
+
+ if (!thisObject->overrodeThings()
+ && (ident == vm.propertyNames->length
+ || ident == vm.propertyNames->callee)) {
+ thisObject->overrideThings(vm);
+ PutPropertySlot dummy = slot; // This put is not cacheable, so we shadow the slot that was given to us.
+ Base::put(thisObject, exec, ident, value, dummy);
+ return;
+ }
+
+ unsigned index = ident.asIndex();
+ if (thisObject->canAccessIndexQuickly(index)) {
+ thisObject->setIndexQuickly(vm, index, value);
+ return;
+ }
+
+ Base::put(thisObject, exec, ident, value, slot);
+}
+
+template<typename Type>
+void GenericArguments<Type>::putByIndex(JSCell* cell, ExecState* exec, unsigned index, JSValue value, bool shouldThrow)
+{
+ Type* thisObject = jsCast<Type*>(cell);
+ VM& vm = exec->vm();
+
+ if (thisObject->canAccessIndexQuickly(index)) {
+ thisObject->setIndexQuickly(vm, index, value);
+ return;
+ }
+
+ return Base::putByIndex(cell, exec, index, value, shouldThrow);
+}
+
+template<typename Type>
+bool GenericArguments<Type>::deleteProperty(JSCell* cell, ExecState* exec, PropertyName ident)
+{
+ Type* thisObject = jsCast<Type*>(cell);
+ VM& vm = exec->vm();
+
+ if (!thisObject->overrodeThings()
+ && (ident == vm.propertyNames->length
+ || ident == vm.propertyNames->callee))
+ thisObject->overrideThings(vm);
+
+ unsigned index = ident.asIndex();
+ if (thisObject->canAccessIndexQuickly(index)) {
+ thisObject->overrideArgument(vm, index);
+ return true;
+ }
+
+ return Base::deleteProperty(thisObject, exec, ident);
+}
+
+template<typename Type>
+bool GenericArguments<Type>::deletePropertyByIndex(JSCell* cell, ExecState* exec, unsigned index)
+{
+ Type* thisObject = jsCast<Type*>(cell);
+ VM& vm = exec->vm();
+
+ if (thisObject->canAccessIndexQuickly(index)) {
+ thisObject->overrideArgument(vm, index);
+ return true;
+ }
+
+ return Base::deletePropertyByIndex(cell, exec, index);
+}
+
+template<typename Type>
+bool GenericArguments<Type>::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName ident, const PropertyDescriptor& descriptor, bool shouldThrow)
+{
+ Type* thisObject = jsCast<Type*>(object);
+ VM& vm = exec->vm();
+
+ if (ident == vm.propertyNames->length
+ || ident == vm.propertyNames->callee)
+ thisObject->overrideThingsIfNecessary(vm);
+ else {
+ unsigned index = ident.asIndex();
+ if (thisObject->canAccessIndexQuickly(index)) {
+ if (!descriptor.isAccessorDescriptor()) {
+ // If the property is not deleted and we are using a non-accessor descriptor, then
+ // make sure that the aliased argument sees the value.
+ if (descriptor.value())
+ thisObject->setIndexQuickly(vm, index, descriptor.value());
+
+ // If the property is not deleted and we are using a non-accessor, writable
+ // descriptor, then we are done. The argument continues to be aliased. Note that we
+ // ignore the request to change enumerability. We appear to have always done so, in
+ // cases where the argument was still aliased.
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=141952
+ if (descriptor.writable())
+ return true;
+ }
+
+ // If the property is a non-deleted argument, then move it into the base object and
+ // then delete it.
+ JSValue value = thisObject->getIndexQuickly(index);
+ ASSERT(value);
+ object->putDirectMayBeIndex(exec, ident, value);
+ thisObject->overrideArgument(vm, index);
+ }
+ }
+
+ // Now just let the normal object machinery do its thing.
+ return Base::defineOwnProperty(object, exec, ident, descriptor, shouldThrow);
+}
+
+template<typename Type>
+void GenericArguments<Type>::copyToArguments(ExecState* exec, VirtualRegister firstElementDest, unsigned offset, unsigned length)
+{
+ Type* thisObject = static_cast<Type*>(this);
+ for (unsigned i = 0; i < length; ++i) {
+ if (thisObject->canAccessIndexQuickly(i + offset))
+ exec->r(firstElementDest + i) = thisObject->getIndexQuickly(i + offset);
+ else {
+ exec->r(firstElementDest + i) = get(exec, i + offset);
+ if (UNLIKELY(exec->vm().exception()))
+ return;
+ }
+ }
+}
+
+} // namespace JSC
+
+#endif // GenericArgumentsInlines_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeGenericOffseth"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/GenericOffset.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/GenericOffset.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/GenericOffset.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,112 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GenericOffset_h
+#define GenericOffset_h
+
+#include <limits.h>
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+// A mixin for creating the various kinds of variable offsets that our engine supports.
+template<typename T>
+class GenericOffset {
+public:
+ static const unsigned invalidOffset = UINT_MAX;
+
+ GenericOffset()
+ : m_offset(invalidOffset)
+ {
+ }
+
+ explicit GenericOffset(unsigned offset)
+ : m_offset(offset)
+ {
+ }
+
+ bool operator!() const { return m_offset == invalidOffset; }
+
+ unsigned offsetUnchecked() const
+ {
+ return m_offset;
+ }
+
+ unsigned offset() const
+ {
+ ASSERT(m_offset != invalidOffset);
+ return m_offset;
+ }
+
+ bool operator==(const T& other) const
+ {
+ return m_offset == other.offsetUnchecked();
+ }
+ bool operator!=(const T& other) const
+ {
+ return m_offset != other.offsetUnchecked();
+ }
+ bool operator<(const T& other) const
+ {
+ return m_offset < other.offsetUnchecked();
+ }
+ bool operator>(const T& other) const
+ {
+ return m_offset > other.offsetUnchecked();
+ }
+ bool operator<=(const T& other) const
+ {
+ return m_offset <= other.offsetUnchecked();
+ }
+ bool operator>=(const T& other) const
+ {
+ return m_offset >= other.offsetUnchecked();
+ }
+
+ T operator+(int value) const
+ {
+ return T(offset() + value);
+ }
+ T operator-(int value) const
+ {
+ return T(offset() - value);
+ }
+ T& operator+=(int value)
+ {
+ return *this = *this + value;
+ }
+ T& operator-=(int value)
+ {
+ return *this = *this - value;
+ }
+
+private:
+ unsigned m_offset;
+};
+
+} // namespace JSC
+
+#endif // GenericOffset_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArgumentsIteratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,14 +26,16 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSArgumentsIterator.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><ins>+#include "ClonedArguments.h"
+#include "DirectArguments.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "ScopedArguments.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> const ClassInfo JSArgumentsIterator::s_info = { "ArgumentsIterator", &Base::s_info, 0, CREATE_METHOD_TABLE(JSArgumentsIterator) };
</span><span class="cx">
</span><del>-void JSArgumentsIterator::finishCreation(VM& vm, Arguments* arguments)
</del><ins>+void JSArgumentsIterator::finishCreation(VM& vm, JSObject* arguments)
</ins><span class="cx"> {
</span><span class="cx"> Base::finishCreation(vm);
</span><span class="cx"> m_arguments.set(vm, this, arguments);
</span><span class="lines">@@ -46,4 +48,12 @@
</span><span class="cx"> return clone;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+EncodedJSValue JSC_HOST_CALL argumentsFuncIterator(ExecState* exec)
+{
+ JSObject* thisObj = exec->thisValue().toThis(exec, StrictMode).toObject(exec);
+ if (!thisObj->inherits(DirectArguments::info()) && !thisObj->inherits(ScopedArguments::info()) && !thisObj->inherits(ClonedArguments::info()))
+ return JSValue::encode(throwTypeError(exec, ASCIILiteral("Attempted to use Arguments iterator on non-Arguments object")));
+ return JSValue::encode(JSArgumentsIterator::create(exec->vm(), exec->callee()->globalObject()->argumentsIteratorStructure(), thisObj));
</ins><span class="cx"> }
</span><ins>+
+}
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArgumentsIteratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSArgumentsIterator.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,7 +26,7 @@
</span><span class="cx"> #ifndef JSArgumentsIterator_h
</span><span class="cx"> #define JSArgumentsIterator_h
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><ins>+#include "JSObject.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -41,7 +41,7 @@
</span><span class="cx"> return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static JSArgumentsIterator* create(VM& vm, Structure* structure, Arguments* arguments)
</del><ins>+ static JSArgumentsIterator* create(VM& vm, Structure* structure, JSObject* arguments)
</ins><span class="cx"> {
</span><span class="cx"> JSArgumentsIterator* instance = new (NotNull, allocateCell<JSArgumentsIterator>(vm.heap)) JSArgumentsIterator(vm, structure);
</span><span class="cx"> instance->finishCreation(vm, arguments);
</span><span class="lines">@@ -50,11 +50,11 @@
</span><span class="cx">
</span><span class="cx"> bool next(CallFrame* callFrame, JSValue& value)
</span><span class="cx"> {
</span><del>- if (m_nextIndex >= m_arguments->length(callFrame))
</del><ins>+ unsigned length =
+ m_arguments->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
+ if (m_nextIndex >= length)
</ins><span class="cx"> return false;
</span><del>- value = m_arguments->tryGetArgument(m_nextIndex++);
- if (!value)
- value = jsUndefined();
</del><ins>+ value = m_arguments->getIndex(callFrame, m_nextIndex++);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -71,12 +71,14 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void finishCreation(VM&, Arguments*);
</del><ins>+ void finishCreation(VM&, JSObject*);
</ins><span class="cx">
</span><del>- WriteBarrier<Arguments> m_arguments;
</del><ins>+ WriteBarrier<JSObject> m_arguments;
</ins><span class="cx"> size_t m_nextIndex;
</span><span class="cx"> };
</span><span class="cx">
</span><ins>+EncodedJSValue JSC_HOST_CALL argumentsFuncIterator(ExecState*);
+
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #endif // !defined(JSArgumentsIterator_h)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSEnvironmentRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007, 2008, 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007, 2008, 2012, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -35,4 +35,12 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo JSEnvironmentRecord::s_info = { "EnvironmentRecord", &Base::s_info, 0, CREATE_METHOD_TABLE(JSEnvironmentRecord) };
</span><span class="cx">
</span><ins>+void JSEnvironmentRecord::visitChildren(JSCell* cell, SlotVisitor& visitor)
+{
+ JSEnvironmentRecord* thisObject = jsCast<JSEnvironmentRecord*>(cell);
+ ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+ Base::visitChildren(thisObject, visitor);
+ visitor.appendValues(thisObject->variables(), thisObject->m_symbolTable->scopeSize());
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSEnvironmentRecordh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSEnvironmentRecord.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -46,29 +46,71 @@
</span><span class="cx"> public:
</span><span class="cx"> typedef JSSymbolTableObject Base;
</span><span class="cx">
</span><del>- WriteBarrierBase<Unknown>* registers() { return m_registers; }
- WriteBarrierBase<Unknown>& registerAt(int index) const { return m_registers[index]; }
</del><ins>+ WriteBarrierBase<Unknown>* variables()
+ {
+ return bitwise_cast<WriteBarrierBase<Unknown>*>(bitwise_cast<char*>(this) + offsetOfVariables());
+ }
+
+ bool isValid(ScopeOffset offset)
+ {
+ return !!offset && offset.offset() < m_symbolTable->scopeSize();
+ }
+
+ WriteBarrierBase<Unknown>& variableAt(ScopeOffset offset)
+ {
+ ASSERT(isValid(offset));
+ return variables()[offset.offset()];
+ }
</ins><span class="cx">
</span><del>- WriteBarrierBase<Unknown>* const * addressOfRegisters() const { return &m_registers; }
- static size_t offsetOfRegisters() { return OBJECT_OFFSETOF(JSEnvironmentRecord, m_registers); }
</del><ins>+ static size_t offsetOfVariables()
+ {
+ return WTF::roundUpToMultipleOf<sizeof(WriteBarrier<Unknown>)>(sizeof(JSEnvironmentRecord));
+ }
+
+ static ptrdiff_t offsetOfVariable(ScopeOffset offset)
+ {
+ return offsetOfVariables() + offset.offset() * sizeof(WriteBarrier<Unknown>);
+ }
</ins><span class="cx">
</span><span class="cx"> DECLARE_INFO;
</span><span class="cx">
</span><ins>+ static size_t allocationSizeForScopeSize(unsigned scopeSize)
+ {
+ return offsetOfVariables() + scopeSize * sizeof(WriteBarrier<Unknown>);
+ }
+
+ static size_t allocationSize(SymbolTable* symbolTable)
+ {
+ return allocationSizeForScopeSize(symbolTable->scopeSize());
+ }
+
</ins><span class="cx"> protected:
</span><span class="cx"> static const unsigned StructureFlags = Base::StructureFlags;
</span><span class="cx">
</span><span class="cx"> JSEnvironmentRecord(
</span><span class="cx"> VM& vm,
</span><span class="cx"> Structure* structure,
</span><del>- Register* registers,
</del><span class="cx"> JSScope* scope,
</span><span class="cx"> SymbolTable* symbolTable)
</span><span class="cx"> : Base(vm, structure, scope, symbolTable)
</span><del>- , m_registers(reinterpret_cast<WriteBarrierBase<Unknown>*>(registers))
</del><span class="cx"> {
</span><span class="cx"> }
</span><ins>+
+ void finishCreationUninitialized(VM& vm)
+ {
+ Base::finishCreation(vm);
+ }
+
+ void finishCreation(VM& vm)
+ {
+ finishCreationUninitialized(vm);
+ for (unsigned i = m_symbolTable->scopeSize(); i--;) {
+ // Filling this with undefined is useful because that's what variables start out as.
+ variableAt(ScopeOffset(i)).setUndefined();
+ }
+ }
</ins><span class="cx">
</span><del>- WriteBarrierBase<Unknown>* m_registers; // "r" in the stack.
</del><ins>+ static void visitChildren(JSCell*, SlotVisitor&);
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSFunction.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -25,7 +25,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSFunction.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><ins>+#include "ClonedArguments.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CommonIdentifiers.h"
</span><span class="cx"> #include "CallFrame.h"
</span><span class="lines">@@ -34,13 +34,13 @@
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSFunctionInlines.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSNotAnObject.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><del>-#include "JSCInlines.h"
</del><span class="cx"> #include "Parser.h"
</span><span class="cx"> #include "PropertyNameArray.h"
</span><span class="cx"> #include "StackVisitor.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007, 2008, 2009, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007, 2008, 2009, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2008 Cameron Zwarich (cwzwarich@uwaterloo.ca)
</span><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -30,7 +30,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "ArgumentsIteratorConstructor.h"
</span><span class="cx"> #include "ArgumentsIteratorPrototype.h"
</span><span class="cx"> #include "ArrayConstructor.h"
</span><span class="lines">@@ -39,6 +38,7 @@
</span><span class="cx"> #include "ArrayPrototype.h"
</span><span class="cx"> #include "BooleanConstructor.h"
</span><span class="cx"> #include "BooleanPrototype.h"
</span><ins>+#include "ClonedArguments.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CodeCache.h"
</span><span class="cx"> #include "ConsolePrototype.h"
</span><span class="lines">@@ -46,6 +46,7 @@
</span><span class="cx"> #include "DatePrototype.h"
</span><span class="cx"> #include "Debugger.h"
</span><span class="cx"> #include "DebuggerScope.h"
</span><ins>+#include "DirectArguments.h"
</ins><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "ErrorConstructor.h"
</span><span class="cx"> #include "ErrorPrototype.h"
</span><span class="lines">@@ -110,6 +111,7 @@
</span><span class="cx"> #include "RegExpMatchesArray.h"
</span><span class="cx"> #include "RegExpObject.h"
</span><span class="cx"> #include "RegExpPrototype.h"
</span><ins>+#include "ScopedArguments.h"
</ins><span class="cx"> #include "SetConstructor.h"
</span><span class="cx"> #include "SetIteratorConstructor.h"
</span><span class="cx"> #include "SetIteratorPrototype.h"
</span><span class="lines">@@ -280,7 +282,9 @@
</span><span class="cx"> m_nullPrototypeObjectStructure.set(vm, this, JSFinalObject::createStructure(vm, this, jsNull(), JSFinalObject::defaultInlineCapacity()));
</span><span class="cx">
</span><span class="cx"> m_callbackFunctionStructure.set(vm, this, JSCallbackFunction::createStructure(vm, this, m_functionPrototype.get()));
</span><del>- m_argumentsStructure.set(vm, this, Arguments::createStructure(vm, this, m_objectPrototype.get()));
</del><ins>+ m_directArgumentsStructure.set(vm, this, DirectArguments::createStructure(vm, this, m_objectPrototype.get()));
+ m_scopedArgumentsStructure.set(vm, this, ScopedArguments::createStructure(vm, this, m_objectPrototype.get()));
+ m_outOfBandArgumentsStructure.set(vm, this, ClonedArguments::createStructure(vm, this, m_objectPrototype.get()));
</ins><span class="cx"> m_callbackConstructorStructure.set(vm, this, JSCallbackConstructor::createStructure(vm, this, m_objectPrototype.get()));
</span><span class="cx"> m_callbackObjectStructure.set(vm, this, JSCallbackObject<JSDestructibleObject>::createStructure(vm, this, m_objectPrototype.get()));
</span><span class="cx"> #if JSC_OBJC_API_ENABLED
</span><span class="lines">@@ -474,18 +478,28 @@
</span><span class="cx"> JSGlobalObject::NewGlobalVar JSGlobalObject::addGlobalVar(const Identifier& ident, ConstantMode constantMode)
</span><span class="cx"> {
</span><span class="cx"> ConcurrentJITLocker locker(symbolTable()->m_lock);
</span><del>- int index = symbolTable()->size(locker);
- SymbolTableEntry newEntry(index, (constantMode == IsConstant) ? ReadOnly : 0);
</del><ins>+ SymbolTableEntry entry = symbolTable()->get(locker, ident.impl());
+ if (!entry.isNull()) {
+ NewGlobalVar result;
+ result.offset = entry.scopeOffset();
+ result.set = entry.watchpointSet();
+ return result;
+ }
+
+ ScopeOffset offset = symbolTable()->takeNextScopeOffset(locker);
+ SymbolTableEntry newEntry(VarOffset(offset), (constantMode == IsConstant) ? ReadOnly : 0);
</ins><span class="cx"> if (constantMode == IsVariable)
</span><span class="cx"> newEntry.prepareToWatch(symbolTable());
</span><del>- SymbolTable::Map::AddResult result = symbolTable()->add(locker, ident.impl(), newEntry);
- if (result.isNewEntry)
- addRegisters(1);
</del><span class="cx"> else
</span><del>- index = result.iterator->value.getIndex();
</del><ins>+ newEntry.disableWatching();
+ symbolTable()->add(locker, ident.impl(), newEntry);
+
+ ScopeOffset offsetForAssert = addVariables(1);
+ RELEASE_ASSERT(offsetForAssert == offset);
+
</ins><span class="cx"> NewGlobalVar var;
</span><del>- var.registerNumber = index;
- var.set = result.iterator->value.watchpointSet();
</del><ins>+ var.offset = offset;
+ var.set = newEntry.watchpointSet();
</ins><span class="cx"> return var;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -494,7 +508,7 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> removeDirect(vm, propertyName); // Newly declared functions overwrite existing properties.
</span><span class="cx"> NewGlobalVar var = addGlobalVar(propertyName, IsVariable);
</span><del>- registerAt(var.registerNumber).set(exec->vm(), this, value);
</del><ins>+ variableAt(var.offset).set(exec->vm(), this, value);
</ins><span class="cx"> if (var.set)
</span><span class="cx"> var.set->notifyWrite(vm, value, VariableWriteFireDetail(this, propertyName));
</span><span class="cx"> }
</span><span class="lines">@@ -691,7 +705,9 @@
</span><span class="cx"> visitor.append(&thisObject->m_lexicalEnvironmentStructure);
</span><span class="cx"> visitor.append(&thisObject->m_catchScopeStructure);
</span><span class="cx"> visitor.append(&thisObject->m_functionNameScopeStructure);
</span><del>- visitor.append(&thisObject->m_argumentsStructure);
</del><ins>+ visitor.append(&thisObject->m_directArgumentsStructure);
+ visitor.append(&thisObject->m_scopedArgumentsStructure);
+ visitor.append(&thisObject->m_outOfBandArgumentsStructure);
</ins><span class="cx"> for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
</span><span class="cx"> visitor.append(&thisObject->m_originalArrayStructureForIndexingShape[i]);
</span><span class="cx"> for (unsigned i = 0; i < NumberOfIndexingShapes; ++i)
</span><span class="lines">@@ -748,16 +764,21 @@
</span><span class="cx">
</span><span class="cx"> void JSGlobalObject::addStaticGlobals(GlobalPropertyInfo* globals, int count)
</span><span class="cx"> {
</span><del>- addRegisters(count);
</del><ins>+ ScopeOffset startOffset = addVariables(count);
</ins><span class="cx">
</span><span class="cx"> for (int i = 0; i < count; ++i) {
</span><span class="cx"> GlobalPropertyInfo& global = globals[i];
</span><span class="cx"> ASSERT(global.attributes & DontDelete);
</span><span class="cx">
</span><del>- int index = symbolTable()->size();
- SymbolTableEntry newEntry(index, global.attributes);
- symbolTable()->add(global.identifier.impl(), newEntry);
- registerAt(index).set(vm(), this, global.value);
</del><ins>+ ScopeOffset offset;
+ {
+ ConcurrentJITLocker locker(symbolTable()->m_lock);
+ offset = symbolTable()->takeNextScopeOffset(locker);
+ RELEASE_ASSERT(offset = startOffset + i);
+ SymbolTableEntry newEntry(VarOffset(offset), global.attributes);
+ symbolTable()->add(locker, global.identifier.impl(), newEntry);
+ }
+ variableAt(offset).set(vm(), this, global.value);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
</span><del>- * Copyright (C) 2007, 2008, 2009, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007, 2008, 2009, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Library General Public
</span><span class="lines">@@ -204,7 +204,9 @@
</span><span class="cx"> WriteBarrier<Structure> m_lexicalEnvironmentStructure;
</span><span class="cx"> WriteBarrier<Structure> m_catchScopeStructure;
</span><span class="cx"> WriteBarrier<Structure> m_functionNameScopeStructure;
</span><del>- WriteBarrier<Structure> m_argumentsStructure;
</del><ins>+ WriteBarrier<Structure> m_directArgumentsStructure;
+ WriteBarrier<Structure> m_scopedArgumentsStructure;
+ WriteBarrier<Structure> m_outOfBandArgumentsStructure;
</ins><span class="cx">
</span><span class="cx"> // Lists the actual structures used for having these particular indexing shapes.
</span><span class="cx"> WriteBarrier<Structure> m_originalArrayStructureForIndexingShape[NumberOfIndexingShapes];
</span><span class="lines">@@ -329,7 +331,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> struct NewGlobalVar {
</span><del>- int registerNumber;
</del><ins>+ ScopeOffset offset;
</ins><span class="cx"> VariableWatchpointSet* set;
</span><span class="cx"> };
</span><span class="cx"> NewGlobalVar addGlobalVar(const Identifier&, ConstantMode);
</span><span class="lines">@@ -416,7 +418,9 @@
</span><span class="cx"> Structure* activationStructure() const { return m_lexicalEnvironmentStructure.get(); }
</span><span class="cx"> Structure* catchScopeStructure() const { return m_catchScopeStructure.get(); }
</span><span class="cx"> Structure* functionNameScopeStructure() const { return m_functionNameScopeStructure.get(); }
</span><del>- Structure* argumentsStructure() const { return m_argumentsStructure.get(); }
</del><ins>+ Structure* directArgumentsStructure() const { return m_directArgumentsStructure.get(); }
+ Structure* scopedArgumentsStructure() const { return m_scopedArgumentsStructure.get(); }
+ Structure* outOfBandArgumentsStructure() const { return m_outOfBandArgumentsStructure.get(); }
</ins><span class="cx"> Structure* originalArrayStructureForIndexingType(IndexingType indexingType) const
</span><span class="cx"> {
</span><span class="cx"> ASSERT(indexingType & IsArray);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSLexicalEnvironmentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2009, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2009, 2014, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSLexicalEnvironment.h"
</span><span class="cx">
</span><del>-#include "Arguments.h"
</del><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="lines">@@ -40,27 +39,19 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo JSLexicalEnvironment::s_info = { "JSLexicalEnvironment", &Base::s_info, 0, CREATE_METHOD_TABLE(JSLexicalEnvironment) };
</span><span class="cx">
</span><del>-void JSLexicalEnvironment::visitChildren(JSCell* cell, SlotVisitor& visitor)
-{
- JSLexicalEnvironment* thisObject = jsCast<JSLexicalEnvironment*>(cell);
- ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- Base::visitChildren(thisObject, visitor);
-
- for (int i = 0; i < thisObject->symbolTable()->captureCount(); ++i)
- visitor.append(&thisObject->storage()[i]);
-}
-
</del><span class="cx"> inline bool JSLexicalEnvironment::symbolTableGet(PropertyName propertyName, PropertySlot& slot)
</span><span class="cx"> {
</span><span class="cx"> SymbolTableEntry entry = symbolTable()->inlineGet(propertyName.uid());
</span><span class="cx"> if (entry.isNull())
</span><span class="cx"> return false;
</span><span class="cx">
</span><ins>+ ScopeOffset offset = entry.scopeOffset();
+
</ins><span class="cx"> // Defend against the inspector asking for a var after it has been optimized out.
</span><del>- if (!isValid(entry))
</del><ins>+ if (!isValid(offset))
</ins><span class="cx"> return false;
</span><span class="cx">
</span><del>- slot.setValue(this, DontEnum, registerAt(entry.getIndex()).get());
</del><ins>+ slot.setValue(this, DontEnum, variableAt(offset).get());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -70,11 +61,13 @@
</span><span class="cx"> if (entry.isNull())
</span><span class="cx"> return false;
</span><span class="cx">
</span><ins>+ ScopeOffset offset = entry.scopeOffset();
+
</ins><span class="cx"> // Defend against the inspector asking for a var after it has been optimized out.
</span><del>- if (!isValid(entry))
</del><ins>+ if (!isValid(offset))
</ins><span class="cx"> return false;
</span><span class="cx">
</span><del>- descriptor.setDescriptor(registerAt(entry.getIndex()).get(), entry.getAttributes());
</del><ins>+ descriptor.setDescriptor(variableAt(offset).get(), entry.getAttributes());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -95,12 +88,13 @@
</span><span class="cx"> throwTypeError(exec, StrictModeReadonlyPropertyWriteError);
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><ins>+ ScopeOffset offset = iter->value.scopeOffset();
</ins><span class="cx"> // Defend against the inspector asking for a var after it has been optimized out.
</span><del>- if (!isValid(iter->value))
</del><ins>+ if (!isValid(offset))
</ins><span class="cx"> return false;
</span><span class="cx"> if (VariableWatchpointSet* set = iter->value.watchpointSet())
</span><del>- set->invalidate(VariableWriteFireDetail(this, propertyName)); // Don't mess around - if we had found this statically, we would have invcalidated it.
- reg = &registerAt(iter->value.getIndex());
</del><ins>+ set->invalidate(VariableWriteFireDetail(this, propertyName)); // Don't mess around - if we had found this statically, we would have invalidated it.
+ reg = &variableAt(offset);
</ins><span class="cx"> }
</span><span class="cx"> reg->set(vm, this, value);
</span><span class="cx"> return true;
</span><span class="lines">@@ -116,7 +110,7 @@
</span><span class="cx"> for (SymbolTable::Map::iterator it = thisObject->symbolTable()->begin(locker); it != end; ++it) {
</span><span class="cx"> if (it->value.getAttributes() & DontEnum && !shouldIncludeDontEnumProperties(mode))
</span><span class="cx"> continue;
</span><del>- if (!thisObject->isValid(it->value))
</del><ins>+ if (!thisObject->isValid(it->value.scopeOffset()))
</ins><span class="cx"> continue;
</span><span class="cx"> propertyNames.add(Identifier(exec, it->key.get()));
</span><span class="cx"> }
</span><span class="lines">@@ -137,11 +131,13 @@
</span><span class="cx"> return false;
</span><span class="cx"> SymbolTableEntry& entry = iter->value;
</span><span class="cx"> ASSERT(!entry.isNull());
</span><del>- if (!isValid(entry))
</del><ins>+
+ ScopeOffset offset = entry.scopeOffset();
+ if (!isValid(offset))
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> entry.setAttributes(attributes);
</span><del>- reg = &registerAt(entry.getIndex());
</del><ins>+ reg = &variableAt(offset);
</ins><span class="cx"> }
</span><span class="cx"> reg->set(vm, this, value);
</span><span class="cx"> return true;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSLexicalEnvironmenth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2009, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2009, 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,7 +32,6 @@
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CopiedSpaceInlines.h"
</span><span class="cx"> #include "JSEnvironmentRecord.h"
</span><del>-#include "Nodes.h"
</del><span class="cx"> #include "SymbolTable.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -41,33 +40,31 @@
</span><span class="cx">
</span><span class="cx"> class JSLexicalEnvironment : public JSEnvironmentRecord {
</span><span class="cx"> private:
</span><del>- JSLexicalEnvironment(VM&, CallFrame*, Register*, JSScope*, CodeBlock*);
</del><ins>+ JSLexicalEnvironment(VM&, Structure*, JSScope*, SymbolTable*);
</ins><span class="cx">
</span><span class="cx"> public:
</span><span class="cx"> typedef JSEnvironmentRecord Base;
</span><span class="cx">
</span><del>- static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, Register* registers, JSScope* currentScope, CodeBlock* codeBlock)
</del><ins>+ static JSLexicalEnvironment* create(
+ VM& vm, Structure* structure, JSScope* currentScope, SymbolTable* symbolTable)
</ins><span class="cx"> {
</span><del>- SymbolTable* symbolTable = codeBlock->symbolTable();
- ASSERT(codeBlock->codeType() == FunctionCode);
- JSLexicalEnvironment* lexicalEnvironment = new (
- NotNull,
- allocateCell<JSLexicalEnvironment>(
- vm.heap,
- allocationSize(symbolTable)
- )
- ) JSLexicalEnvironment(vm, callFrame, registers, currentScope, codeBlock);
- lexicalEnvironment->finishCreation(vm);
- return lexicalEnvironment;
</del><ins>+ JSLexicalEnvironment* result =
+ new (
+ NotNull,
+ allocateCell<JSLexicalEnvironment>(vm.heap, allocationSize(symbolTable)))
+ JSLexicalEnvironment(vm, structure, currentScope, symbolTable);
+ result->finishCreation(vm);
+ return result;
</ins><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, JSScope* currentScope, CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>- return create(vm, callFrame, callFrame->registers() + codeBlock->framePointerOffsetToGetActivationRegisters(), currentScope, codeBlock);
</del><ins>+ JSGlobalObject* globalObject = callFrame->lexicalGlobalObject();
+ Structure* structure = globalObject->activationStructure();
+ SymbolTable* symbolTable = codeBlock->symbolTable();
+ return create(vm, structure, currentScope, symbolTable);
</ins><span class="cx"> }
</span><del>-
- static void visitChildren(JSCell*, SlotVisitor&);
-
</del><ins>+
</ins><span class="cx"> static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
</span><span class="cx"> static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
</span><span class="cx">
</span><span class="lines">@@ -81,12 +78,6 @@
</span><span class="cx">
</span><span class="cx"> static Structure* createStructure(VM& vm, JSGlobalObject* globalObject) { return Structure::create(vm, globalObject, jsNull(), TypeInfo(ActivationObjectType, StructureFlags), info()); }
</span><span class="cx">
</span><del>- WriteBarrierBase<Unknown>& registerAt(int) const;
- bool isValidIndex(int) const;
- bool isValid(const SymbolTableEntry&) const;
- int registersOffset();
- static int registersOffset(SymbolTable*);
-
</del><span class="cx"> protected:
</span><span class="cx"> static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesGetPropertyNames | Base::StructureFlags;
</span><span class="cx">
</span><span class="lines">@@ -96,32 +87,13 @@
</span><span class="cx"> bool symbolTableGet(PropertyName, PropertySlot&, bool& slotIsWriteable);
</span><span class="cx"> bool symbolTablePut(ExecState*, PropertyName, JSValue, bool shouldThrow);
</span><span class="cx"> bool symbolTablePutWithAttributes(VM&, PropertyName, JSValue, unsigned attributes);
</span><del>-
- static size_t allocationSize(SymbolTable*);
- static size_t storageOffset();
-
- WriteBarrier<Unknown>* storage(); // captureCount() number of registers.
</del><span class="cx"> };
</span><span class="cx">
</span><del>-inline JSLexicalEnvironment::JSLexicalEnvironment(VM& vm, CallFrame* callFrame, Register* registers, JSScope* currentScope, CodeBlock* codeBlock)
- : Base(
- vm,
- callFrame->lexicalGlobalObject()->activationStructure(),
- registers,
- currentScope,
- codeBlock->symbolTable())
</del><ins>+inline JSLexicalEnvironment::JSLexicalEnvironment(VM& vm, Structure* structure, JSScope* currentScope, SymbolTable* symbolTable)
+ : Base(vm, structure, currentScope, symbolTable)
</ins><span class="cx"> {
</span><del>- SymbolTable* symbolTable = codeBlock->symbolTable();
- WriteBarrier<Unknown>* storage = this->storage();
- size_t captureCount = symbolTable->captureCount();
- for (size_t i = 0; i < captureCount; ++i)
- new (NotNull, &storage[i]) WriteBarrier<Unknown>(UndefinedWriteBarrierTag);
- m_registers = reinterpret_cast_ptr<WriteBarrierBase<Unknown>*>(
- reinterpret_cast<char*>(this) + registersOffset(symbolTable));
</del><span class="cx"> }
</span><span class="cx">
</span><del>-JSLexicalEnvironment* asActivation(JSValue);
-
</del><span class="cx"> inline JSLexicalEnvironment* asActivation(JSValue value)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(asObject(value)->inherits(JSLexicalEnvironment::info()));
</span><span class="lines">@@ -133,49 +105,6 @@
</span><span class="cx"> return asActivation(jsValue());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline int JSLexicalEnvironment::registersOffset(SymbolTable* symbolTable)
-{
- return storageOffset() + ((symbolTable->captureCount() - symbolTable->captureStart() - 1) * sizeof(WriteBarrier<Unknown>));
-}
-
-inline size_t JSLexicalEnvironment::storageOffset()
-{
- return WTF::roundUpToMultipleOf<sizeof(WriteBarrier<Unknown>)>(sizeof(JSLexicalEnvironment));
-}
-
-inline WriteBarrier<Unknown>* JSLexicalEnvironment::storage()
-{
- return reinterpret_cast_ptr<WriteBarrier<Unknown>*>(
- reinterpret_cast<char*>(this) + storageOffset());
-}
-
-inline size_t JSLexicalEnvironment::allocationSize(SymbolTable* symbolTable)
-{
- size_t objectSizeInBytes = WTF::roundUpToMultipleOf<sizeof(WriteBarrier<Unknown>)>(sizeof(JSLexicalEnvironment));
- size_t storageSizeInBytes = symbolTable->captureCount() * sizeof(WriteBarrier<Unknown>);
- return objectSizeInBytes + storageSizeInBytes;
-}
-
-inline bool JSLexicalEnvironment::isValidIndex(int index) const
-{
- if (index > symbolTable()->captureStart())
- return false;
- if (index <= symbolTable()->captureEnd())
- return false;
- return true;
-}
-
-inline bool JSLexicalEnvironment::isValid(const SymbolTableEntry& entry) const
-{
- return isValidIndex(entry.getIndex());
-}
-
-inline WriteBarrierBase<Unknown>& JSLexicalEnvironment::registerAt(int index) const
-{
- ASSERT(isValidIndex(index));
- return Base::registerAt(index);
-}
-
</del><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // JSLexicalEnvironment_h
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSNameScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSNameScope.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSNameScope.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSNameScope.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -47,14 +47,6 @@
</span><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JSNameScope::visitChildren(JSCell* cell, SlotVisitor& visitor)
-{
- JSNameScope* thisObject = jsCast<JSNameScope*>(cell);
- ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- Base::visitChildren(thisObject, visitor);
- visitor.append(&thisObject->m_registerStore);
-}
-
</del><span class="cx"> JSValue JSNameScope::toThis(JSCell*, ExecState* exec, ECMAMode ecmaMode)
</span><span class="cx"> {
</span><span class="cx"> if (ecmaMode == StrictMode)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSNameScopeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSNameScope.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSNameScope.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSNameScope.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -44,38 +44,37 @@
</span><span class="cx"> template<typename T>
</span><span class="cx"> static T* create(VM& vm, JSGlobalObject* globalObject, JSScope* currentScope, SymbolTable* symbolTable, JSValue value)
</span><span class="cx"> {
</span><del>- T* scopeObject = new (NotNull, allocateCell<T>(vm.heap)) T(vm, globalObject, currentScope, symbolTable);
</del><ins>+ T* scopeObject = new (
+ NotNull, allocateCell<T>(vm.heap, allocationSizeForScopeSize(1)))
+ T(vm, globalObject, currentScope, symbolTable);
</ins><span class="cx"> scopeObject->finishCreation(vm, value);
</span><span class="cx"> return scopeObject;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static JSNameScope* create(VM&, JSGlobalObject*, JSScope* currentScope, SymbolTable*, JSValue, Type);
</span><span class="cx">
</span><del>- static void visitChildren(JSCell*, SlotVisitor&);
</del><span class="cx"> static JSValue toThis(JSCell*, ExecState*, ECMAMode);
</span><span class="cx"> static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
</span><span class="cx"> static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
</span><span class="cx">
</span><span class="cx"> DECLARE_INFO;
</span><span class="cx">
</span><del>- JSValue value() const { return m_registerStore.get(); }
</del><ins>+ JSValue value() { return variableAt(ScopeOffset(0)).get(); }
</ins><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> void finishCreation(VM& vm, JSValue value)
</span><span class="cx"> {
</span><del>- Base::finishCreation(vm);
- m_registerStore.set(vm, this, value);
</del><ins>+ Base::finishCreationUninitialized(vm);
+ variableAt(ScopeOffset(0)).set(vm, this, value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static const unsigned StructureFlags = OverridesGetOwnPropertySlot | Base::StructureFlags;
</span><span class="cx">
</span><span class="cx"> JSNameScope(VM& vm, Structure* structure, JSScope* next, SymbolTable* symbolTable)
</span><del>- : Base(vm, structure, reinterpret_cast<Register*>(&m_registerStore + 1), next, symbolTable)
</del><ins>+ : Base(vm, structure, next, symbolTable)
</ins><span class="cx"> {
</span><ins>+ ASSERT(symbolTable->scopeSize() == 1);
</ins><span class="cx"> }
</span><del>-
-private:
- WriteBarrier<Unknown> m_registerStore;
</del><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSScope.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSScope.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSScope.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2014 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2012-2015 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -62,7 +62,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!entry.isNull()) {
</span><del>- op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, 0, lexicalEnvironment, entry.watchpointSet(), entry.getIndex());
</del><ins>+ op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, 0, lexicalEnvironment, entry.watchpointSet(), entry.scopeOffset().offset());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -82,7 +82,7 @@
</span><span class="cx">
</span><span class="cx"> op = ResolveOp(
</span><span class="cx"> makeType(GlobalVar, needsVarInjectionChecks), depth, 0, 0, entry.watchpointSet(),
</span><del>- reinterpret_cast<uintptr_t>(globalObject->registerAt(entry.getIndex()).slot()));
</del><ins>+ reinterpret_cast<uintptr_t>(globalObject->variableAt(entry.scopeOffset()).slot()));
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2013, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -33,32 +33,30 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-int JSSegmentedVariableObject::findRegisterIndex(void* registerAddress)
</del><ins>+ScopeOffset JSSegmentedVariableObject::findVariableIndex(void* variableAddress)
</ins><span class="cx"> {
</span><span class="cx"> ConcurrentJITLocker locker(m_lock);
</span><span class="cx">
</span><del>- for (int i = m_registers.size(); i--;) {
- if (&m_registers[i] != registerAddress)
</del><ins>+ for (unsigned i = m_variables.size(); i--;) {
+ if (&m_variables[i] != variableAddress)
</ins><span class="cx"> continue;
</span><del>- return i;
</del><ins>+ return ScopeOffset(i);
</ins><span class="cx"> }
</span><span class="cx"> CRASH();
</span><del>- return -1;
</del><ins>+ return ScopeOffset();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-int JSSegmentedVariableObject::addRegisters(int numberOfRegistersToAdd)
</del><ins>+ScopeOffset JSSegmentedVariableObject::addVariables(unsigned numberOfVariablesToAdd)
</ins><span class="cx"> {
</span><span class="cx"> ConcurrentJITLocker locker(m_lock);
</span><span class="cx">
</span><del>- ASSERT(numberOfRegistersToAdd >= 0);
</del><ins>+ size_t oldSize = m_variables.size();
+ m_variables.grow(oldSize + numberOfVariablesToAdd);
</ins><span class="cx">
</span><del>- size_t oldSize = m_registers.size();
- m_registers.grow(oldSize + numberOfRegistersToAdd);
</del><ins>+ for (size_t i = numberOfVariablesToAdd; i--;)
+ m_variables[oldSize + i].setWithoutWriteBarrier(jsUndefined());
</ins><span class="cx">
</span><del>- for (size_t i = numberOfRegistersToAdd; i--;)
- m_registers[oldSize + i].setWithoutWriteBarrier(jsUndefined());
-
- return static_cast<int>(oldSize);
</del><ins>+ return ScopeOffset(oldSize);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JSSegmentedVariableObject::visitChildren(JSCell* cell, SlotVisitor& slotVisitor)
</span><span class="lines">@@ -67,8 +65,8 @@
</span><span class="cx"> ASSERT_GC_OBJECT_INHERITS(thisObject, info());
</span><span class="cx"> JSSymbolTableObject::visitChildren(thisObject, slotVisitor);
</span><span class="cx">
</span><del>- for (unsigned i = thisObject->m_registers.size(); i--;)
- slotVisitor.append(&thisObject->m_registers[i]);
</del><ins>+ for (unsigned i = thisObject->m_variables.size(); i--;)
+ slotVisitor.append(&thisObject->m_variables[i]);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSegmentedVariableObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -57,24 +57,23 @@
</span><span class="cx"> public:
</span><span class="cx"> typedef JSSymbolTableObject Base;
</span><span class="cx">
</span><del>- WriteBarrier<Unknown>& registerAt(int index) { return m_registers[index]; }
</del><ins>+ WriteBarrier<Unknown>& variableAt(ScopeOffset offset) { return m_variables[offset.offset()]; }
</ins><span class="cx">
</span><span class="cx"> // This is a slow method call, which searches the register bank to find the index
</span><span class="cx"> // given a pointer. It will CRASH() if it does not find the register. Only use this
</span><span class="cx"> // in debug code (like bytecode dumping).
</span><del>- JS_EXPORT_PRIVATE int findRegisterIndex(void*);
</del><ins>+ JS_EXPORT_PRIVATE ScopeOffset findVariableIndex(void*);
</ins><span class="cx">
</span><del>- WriteBarrier<Unknown>* assertRegisterIsInThisObject(WriteBarrier<Unknown>* registerPointer)
</del><ins>+ WriteBarrier<Unknown>* assertVariableIsInThisObject(WriteBarrier<Unknown>* variablePointer)
</ins><span class="cx"> {
</span><del>-#if !ASSERT_DISABLED
- findRegisterIndex(registerPointer);
-#endif
- return registerPointer;
</del><ins>+ if (!ASSERT_DISABLED)
+ findVariableIndex(variablePointer);
+ return variablePointer;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Adds numberOfRegistersToAdd registers, initializes them to Undefined, and returns
</span><span class="cx"> // the index of the first one added.
</span><del>- JS_EXPORT_PRIVATE int addRegisters(int numberOfRegistersToAdd);
</del><ins>+ JS_EXPORT_PRIVATE ScopeOffset addVariables(unsigned numberOfVariablesToAdd);
</ins><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="cx">
</span><span class="lines">@@ -90,7 +89,7 @@
</span><span class="cx"> m_symbolTable.set(vm, this, SymbolTable::create(vm));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- SegmentedVector<WriteBarrier<Unknown>, 16> m_registers;
</del><ins>+ SegmentedVector<WriteBarrier<Unknown>, 16> m_variables;
</ins><span class="cx"> ConcurrentJITLock m_lock;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSymbolTableObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -47,6 +47,8 @@
</span><span class="cx"> JS_EXPORT_PRIVATE static bool deleteProperty(JSCell*, ExecState*, PropertyName);
</span><span class="cx"> JS_EXPORT_PRIVATE static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
</span><span class="cx">
</span><ins>+ static ptrdiff_t offsetOfSymbolTable() { return OBJECT_OFFSETOF(JSSymbolTableObject, m_symbolTable); }
+
</ins><span class="cx"> protected:
</span><span class="cx"> static const unsigned StructureFlags = IsEnvironmentRecord | OverridesGetPropertyNames | Base::StructureFlags;
</span><span class="cx">
</span><span class="lines">@@ -78,7 +80,7 @@
</span><span class="cx"> return false;
</span><span class="cx"> SymbolTableEntry::Fast entry = iter->value;
</span><span class="cx"> ASSERT(!entry.isNull());
</span><del>- slot.setValue(object, entry.getAttributes() | DontDelete, object->registerAt(entry.getIndex()).get());
</del><ins>+ slot.setValue(object, entry.getAttributes() | DontDelete, object->variableAt(entry.scopeOffset()).get());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -94,7 +96,7 @@
</span><span class="cx"> SymbolTableEntry::Fast entry = iter->value;
</span><span class="cx"> ASSERT(!entry.isNull());
</span><span class="cx"> descriptor.setDescriptor(
</span><del>- object->registerAt(entry.getIndex()).get(), entry.getAttributes() | DontDelete);
</del><ins>+ object->variableAt(entry.scopeOffset()).get(), entry.getAttributes() | DontDelete);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -110,7 +112,7 @@
</span><span class="cx"> return false;
</span><span class="cx"> SymbolTableEntry::Fast entry = iter->value;
</span><span class="cx"> ASSERT(!entry.isNull());
</span><del>- slot.setValue(object, entry.getAttributes() | DontDelete, object->registerAt(entry.getIndex()).get());
</del><ins>+ slot.setValue(object, entry.getAttributes() | DontDelete, object->variableAt(entry.scopeOffset()).get());
</ins><span class="cx"> slotIsWriteable = !entry.isReadOnly();
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="lines">@@ -145,7 +147,7 @@
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=134601
</span><span class="cx"> set->notifyWrite(vm, value, object, propertyName);
</span><span class="cx"> }
</span><del>- reg = &object->registerAt(fastEntry.getIndex());
</del><ins>+ reg = &object->variableAt(fastEntry.scopeOffset());
</ins><span class="cx"> }
</span><span class="cx"> // I'd prefer we not hold lock while executing barriers, since I prefer to reserve
</span><span class="cx"> // the right for barriers to be able to trigger GC. And I don't want to hold VM
</span><span class="lines">@@ -173,7 +175,7 @@
</span><span class="cx"> if (VariableWatchpointSet* set = entry.watchpointSet())
</span><span class="cx"> set->notifyWrite(vm, value, object, propertyName);
</span><span class="cx"> entry.setAttributes(attributes);
</span><del>- reg = &object->registerAt(entry.getIndex());
</del><ins>+ reg = &object->variableAt(entry.scopeOffset());
</ins><span class="cx"> }
</span><span class="cx"> reg->set(vm, object, value);
</span><span class="cx"> return true;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSType.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSType.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/JSType.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Library General Public
</span><span class="lines">@@ -58,7 +58,8 @@
</span><span class="cx"> PureForwardingProxyType,
</span><span class="cx"> ImpureProxyType,
</span><span class="cx"> WithScopeType,
</span><del>- ArgumentsType,
</del><ins>+ DirectArgumentsType,
+ ScopedArgumentsType,
</ins><span class="cx">
</span><span class="cx"> Int8ArrayType,
</span><span class="cx"> Int16ArrayType,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeOptionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Options.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Options.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/Options.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -125,6 +125,7 @@
</span><span class="cx"> v(optionRange, bytecodeRangeToDFGCompile, 0) \
</span><span class="cx"> v(optionString, dfgFunctionWhitelistFile, nullptr) \
</span><span class="cx"> v(bool, dumpBytecodeAtDFGTime, false) \
</span><ins>+ v(bool, dumpGraphAfterParsing, false) \
</ins><span class="cx"> v(bool, dumpGraphAtEachPhase, false) \
</span><span class="cx"> v(bool, verboseDFGByteCodeParsing, false) \
</span><span class="cx"> v(bool, verboseCompilation, false) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScopeOffsetcpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ScopeOffset.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScopeOffset.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ScopeOffset.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,42 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ScopeOffset.h"
+
+namespace JSC {
+
+void ScopeOffset::dump(PrintStream& out) const
+{
+ if (!*this) {
+ out.print("scopeInvalid");
+ return;
+ }
+
+ out.print("scope", offset());
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScopeOffseth"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ScopeOffset.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScopeOffset.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ScopeOffset.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,51 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ScopeOffset_h
+#define ScopeOffset_h
+
+#include "GenericOffset.h"
+#include <wtf/PrintStream.h>
+
+namespace JSC {
+
+// This is an offset into a scope of some kind. It could be an activation scope or it could be a
+// global object.
+class ScopeOffset : public GenericOffset<ScopeOffset> {
+public:
+ ScopeOffset() { }
+
+ explicit ScopeOffset(unsigned offset)
+ : GenericOffset(offset)
+ {
+ }
+
+ void dump(PrintStream&) const;
+};
+
+} // namespace JSC
+
+#endif // ScopeOffset_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScopedArgumentscpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ScopedArguments.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,154 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ScopedArguments.h"
+
+#include "GenericArgumentsInlines.h"
+#include "JSArgumentsIterator.h"
+#include "JSCInlines.h"
+
+namespace JSC {
+
+STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(ScopedArguments);
+
+const ClassInfo ScopedArguments::s_info = { "Arguments", &Base::s_info, 0, CREATE_METHOD_TABLE(ScopedArguments) };
+
+ScopedArguments::ScopedArguments(VM& vm, Structure* structure, unsigned totalLength)
+ : GenericArguments(vm, structure)
+ , m_overrodeThings(false)
+ , m_totalLength(totalLength)
+{
+}
+
+void ScopedArguments::finishCreation(VM& vm, JSFunction* callee, ScopedArgumentsTable* table, JSLexicalEnvironment* scope)
+{
+ Base::finishCreation(vm);
+ m_callee.set(vm, this, callee);
+ m_table.set(vm, this, table);
+ m_scope.set(vm, this, scope);
+}
+
+ScopedArguments* ScopedArguments::createUninitialized(VM& vm, Structure* structure, JSFunction* callee, ScopedArgumentsTable* table, JSLexicalEnvironment* scope, unsigned totalLength)
+{
+ unsigned overflowLength;
+ if (totalLength > table->length())
+ overflowLength = totalLength - table->length();
+ else
+ overflowLength = 0;
+ ScopedArguments* result = new (
+ NotNull,
+ allocateCell<ScopedArguments>(vm.heap, allocationSize(overflowLength)))
+ ScopedArguments(vm, structure, totalLength);
+ result->finishCreation(vm, callee, table, scope);
+ return result;
+}
+
+ScopedArguments* ScopedArguments::create(VM& vm, Structure* structure, JSFunction* callee, ScopedArgumentsTable* table, JSLexicalEnvironment* scope, unsigned totalLength)
+{
+ ScopedArguments* result =
+ createUninitialized(vm, structure, callee, table, scope, totalLength);
+
+ unsigned namedLength = table->length();
+ for (unsigned i = namedLength; i < totalLength; ++i)
+ result->overflowStorage()[i - namedLength].clear();
+
+ return result;
+}
+
+ScopedArguments* ScopedArguments::createByCopying(ExecState* exec, ScopedArgumentsTable* table, JSLexicalEnvironment* scope)
+{
+ return createByCopyingFrom(
+ exec->vm(), exec->lexicalGlobalObject()->scopedArgumentsStructure(),
+ exec->registers() + CallFrame::argumentOffset(0), exec->argumentCount(),
+ jsCast<JSFunction*>(exec->callee()), table, scope);
+}
+
+ScopedArguments* ScopedArguments::createByCopyingFrom(VM& vm, Structure* structure, Register* argumentsStart, unsigned totalLength, JSFunction* callee, ScopedArgumentsTable* table, JSLexicalEnvironment* scope)
+{
+ ScopedArguments* result =
+ createUninitialized(vm, structure, callee, table, scope, totalLength);
+
+ unsigned namedLength = table->length();
+ for (unsigned i = namedLength; i < totalLength; ++i)
+ result->overflowStorage()[i - namedLength].set(vm, result, argumentsStart[i].jsValue());
+
+ return result;
+}
+
+void ScopedArguments::visitChildren(JSCell* cell, SlotVisitor& visitor)
+{
+ ScopedArguments* thisObject = static_cast<ScopedArguments*>(cell);
+ ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+ Base::visitChildren(thisObject, visitor);
+
+ visitor.append(&thisObject->m_callee);
+ visitor.append(&thisObject->m_table);
+ visitor.append(&thisObject->m_scope);
+
+ if (thisObject->m_totalLength > thisObject->m_table->length()) {
+ visitor.appendValues(
+ thisObject->overflowStorage(), thisObject->m_totalLength - thisObject->m_table->length());
+ }
+}
+
+Structure* ScopedArguments::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+{
+ return Structure::create(vm, globalObject, prototype, TypeInfo(ScopedArgumentsType, StructureFlags), info());
+}
+
+void ScopedArguments::overrideThings(VM& vm)
+{
+ RELEASE_ASSERT(!m_overrodeThings);
+
+ putDirect(vm, vm.propertyNames->length, jsNumber(m_table->length()), DontEnum);
+ putDirect(vm, vm.propertyNames->callee, m_callee.get(), DontEnum);
+
+ m_overrodeThings = true;
+}
+
+void ScopedArguments::overrideThingsIfNecessary(VM& vm)
+{
+ if (!m_overrodeThings)
+ overrideThings(vm);
+}
+
+void ScopedArguments::overrideArgument(VM& vm, uint32_t i)
+{
+ ASSERT_WITH_SECURITY_IMPLICATION(i < m_totalLength);
+ unsigned namedLength = m_table->length();
+ if (i < namedLength)
+ m_table.set(vm, this, m_table->set(vm, i, ScopeOffset()));
+ else
+ overflowStorage()[i - namedLength].clear();
+}
+
+void ScopedArguments::copyToArguments(ExecState* exec, VirtualRegister firstElementDest, unsigned offset, unsigned length)
+{
+ GenericArguments::copyToArguments(exec, firstElementDest, offset, length);
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScopedArgumentsh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ScopedArguments.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScopedArguments.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ScopedArguments.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,152 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ScopedArguments_h
+#define ScopedArguments_h
+
+#include "GenericArguments.h"
+#include "JSLexicalEnvironment.h"
+
+namespace JSC {
+
+// This is an Arguments-class object that we create when you say "arguments" inside a function,
+// and one or more of the arguments may be captured in the function's activation. The function
+// will copy its formally declared arguments into the activation and then create this object. This
+// object will store the overflow arguments, if there are any. This object will use the symbol
+// table's ScopedArgumentsTable and the activation, or its overflow storage, to handle all indexed
+// lookups.
+class ScopedArguments : public GenericArguments<ScopedArguments> {
+private:
+ ScopedArguments(VM&, Structure*, unsigned totalLength);
+ void finishCreation(VM&, JSFunction* callee, ScopedArgumentsTable*, JSLexicalEnvironment*);
+
+public:
+ // Creates an arguments object but leaves it uninitialized. This is dangerous if we GC right
+ // after allocation.
+ static ScopedArguments* createUninitialized(VM&, Structure*, JSFunction* callee, ScopedArgumentsTable*, JSLexicalEnvironment*, unsigned totalLength);
+
+ // Creates an arguments object and initializes everything to the empty value. Use this if you
+ // cannot guarantee that you'll immediately initialize all of the elements.
+ static ScopedArguments* create(VM&, Structure*, JSFunction* callee, ScopedArgumentsTable*, JSLexicalEnvironment*, unsigned totalLength);
+
+ // Creates an arguments object by copying the arguments from the stack.
+ static ScopedArguments* createByCopying(ExecState*, ScopedArgumentsTable*, JSLexicalEnvironment*);
+
+ // Creates an arguments object by copying the arguments from a well-defined stack location.
+ static ScopedArguments* createByCopyingFrom(VM&, Structure*, Register* argumentsStart, unsigned totalLength, JSFunction* callee, ScopedArgumentsTable*, JSLexicalEnvironment*);
+
+ static void visitChildren(JSCell*, SlotVisitor&);
+
+ uint32_t internalLength() const
+ {
+ return m_totalLength;
+ }
+
+ uint32_t length(ExecState* exec) const
+ {
+ if (UNLIKELY(m_overrodeThings))
+ return get(exec, exec->propertyNames().length).toUInt32(exec);
+ return internalLength();
+ }
+
+ bool canAccessIndexQuickly(uint32_t i) const
+ {
+ if (i >= m_totalLength)
+ return false;
+ unsigned namedLength = m_table->length();
+ if (i < namedLength)
+ return !!m_table->get(i);
+ return !!overflowStorage()[i - namedLength].get();
+ }
+
+ JSValue getIndexQuickly(uint32_t i) const
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(canAccessIndexQuickly(i));
+ unsigned namedLength = m_table->length();
+ if (i < namedLength)
+ return m_scope->variableAt(m_table->get(i)).get();
+ return overflowStorage()[i - namedLength].get();
+ }
+
+ void setIndexQuickly(VM& vm, uint32_t i, JSValue value)
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(canAccessIndexQuickly(i));
+ unsigned namedLength = m_table->length();
+ if (i < namedLength)
+ m_scope->variableAt(m_table->get(i)).set(vm, this, value);
+ else
+ overflowStorage()[i - namedLength].set(vm, this, value);
+ }
+
+ WriteBarrier<JSFunction>& callee()
+ {
+ return m_callee;
+ }
+
+ bool overrodeThings() const { return m_overrodeThings; }
+ void overrideThings(VM&);
+ void overrideThingsIfNecessary(VM&);
+ void overrideArgument(VM&, uint32_t index);
+
+ void copyToArguments(ExecState*, VirtualRegister firstElementDest, unsigned offset, unsigned length);
+
+ DECLARE_INFO;
+
+ static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
+
+ static ptrdiff_t offsetOfOverrodeThings() { return OBJECT_OFFSETOF(ScopedArguments, m_overrodeThings); }
+ static ptrdiff_t offsetOfTotalLength() { return OBJECT_OFFSETOF(ScopedArguments, m_totalLength); }
+ static ptrdiff_t offsetOfTable() { return OBJECT_OFFSETOF(ScopedArguments, m_table); }
+ static ptrdiff_t offsetOfScope() { return OBJECT_OFFSETOF(ScopedArguments, m_scope); }
+
+ static size_t overflowStorageOffset()
+ {
+ return WTF::roundUpToMultipleOf<sizeof(WriteBarrier<Unknown>)>(sizeof(ScopedArguments));
+ }
+
+ static size_t allocationSize(unsigned overflowArgumentsLength)
+ {
+ return overflowStorageOffset() + sizeof(WriteBarrier<Unknown>) * overflowArgumentsLength;
+ }
+
+private:
+ WriteBarrier<Unknown>* overflowStorage() const
+ {
+ return bitwise_cast<WriteBarrier<Unknown>*>(
+ bitwise_cast<char*>(this) + overflowStorageOffset());
+ }
+
+
+ bool m_overrodeThings; // True if length, callee, and caller are fully materialized in the object.
+ unsigned m_totalLength; // The length of declared plus overflow arguments.
+ WriteBarrier<JSFunction> m_callee;
+ WriteBarrier<ScopedArgumentsTable> m_table;
+ WriteBarrier<JSLexicalEnvironment> m_scope;
+};
+
+} // namespace JSC
+
+#endif // ScopedArguments_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScopedArgumentsTablecpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,109 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ScopedArgumentsTable.h"
+
+#include "JSCInlines.h"
+
+namespace JSC {
+
+const ClassInfo ScopedArgumentsTable::s_info = { "ScopedArgumentsTable", 0, 0, CREATE_METHOD_TABLE(ScopedArgumentsTable) };
+
+ScopedArgumentsTable::ScopedArgumentsTable(VM& vm)
+ : Base(vm, vm.scopedArgumentsTableStructure.get())
+ , m_length(0)
+ , m_locked(false)
+{
+}
+
+ScopedArgumentsTable::~ScopedArgumentsTable()
+{
+}
+
+void ScopedArgumentsTable::destroy(JSCell* cell)
+{
+ static_cast<ScopedArgumentsTable*>(cell)->ScopedArgumentsTable::~ScopedArgumentsTable();
+}
+
+ScopedArgumentsTable* ScopedArgumentsTable::create(VM& vm)
+{
+ ScopedArgumentsTable* result =
+ new (NotNull, allocateCell<ScopedArgumentsTable>(vm.heap)) ScopedArgumentsTable(vm);
+ result->finishCreation(vm);
+ return result;
+}
+
+ScopedArgumentsTable* ScopedArgumentsTable::create(VM& vm, uint32_t length)
+{
+ ScopedArgumentsTable* result = create(vm);
+ result->m_length = length;
+ result->m_arguments = std::make_unique<ScopeOffset[]>(length);
+ return result;
+}
+
+ScopedArgumentsTable* ScopedArgumentsTable::clone(VM& vm)
+{
+ ScopedArgumentsTable* result = create(vm, m_length);
+ for (unsigned i = m_length; i--;)
+ result->m_arguments[i] = m_arguments[i];
+ return result;
+}
+
+ScopedArgumentsTable* ScopedArgumentsTable::setLength(VM& vm, uint32_t newLength)
+{
+ if (LIKELY(!m_locked)) {
+ std::unique_ptr<ScopeOffset[]> newArguments = std::make_unique<ScopeOffset[]>(newLength);
+ for (unsigned i = std::min(m_length, newLength); i--;)
+ newArguments[i] = m_arguments[i];
+ m_length = newLength;
+ m_arguments = WTF::move(newArguments);
+ return this;
+ }
+
+ ScopedArgumentsTable* result = create(vm, newLength);
+ for (unsigned i = std::min(m_length, newLength); i--;)
+ result->m_arguments[i] = m_arguments[i];
+ return result;
+}
+
+ScopedArgumentsTable* ScopedArgumentsTable::set(VM& vm, uint32_t i, ScopeOffset value)
+{
+ ScopedArgumentsTable* result;
+ if (UNLIKELY(m_locked))
+ result = clone(vm);
+ else
+ result = this;
+ result->at(i) = value;
+ return result;
+}
+
+Structure* ScopedArgumentsTable::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+{
+ return Structure::create(vm, globalObject, prototype, TypeInfo(CellType, StructureFlags), info());
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeScopedArgumentsTableh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ScopedArgumentsTable.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,98 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ScopedArgumentsTable_h
+#define ScopedArgumentsTable_h
+
+#include "JSCell.h"
+#include "ScopeOffset.h"
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+// This class's only job is to hold onto the list of ScopeOffsets for each argument that a
+// function has. Most of the time, the BytecodeGenerator will create one of these and it will
+// never be modified subsequently. There is a rare case where a ScopedArguments object is created
+// and aliases one of these and then decides to modify it; in that case we do copy-on-write. This
+// makes sense because such modifications are so uncommon. You'd have to do something crazy like
+// "delete arguments[i]" or some variant of defineOwnProperty.
+class ScopedArgumentsTable : public JSCell {
+public:
+ typedef JSCell Base;
+
+private:
+ ScopedArgumentsTable(VM&);
+ ~ScopedArgumentsTable();
+
+public:
+ static ScopedArgumentsTable* create(VM&);
+ static ScopedArgumentsTable* create(VM&, uint32_t length);
+
+ static const bool needsDestruction = true;
+ static const bool hasImmortalStructure = true;
+ static void destroy(JSCell*);
+
+ ScopedArgumentsTable* clone(VM&);
+
+ uint32_t length() const { return m_length; }
+ ScopedArgumentsTable* setLength(VM&, uint32_t newLength);
+
+ ScopeOffset get(uint32_t i) const
+ {
+ return const_cast<ScopedArgumentsTable*>(this)->at(i);
+ }
+
+ void lock()
+ {
+ m_locked = true;
+ }
+
+ ScopedArgumentsTable* set(VM&, uint32_t index, ScopeOffset);
+
+ DECLARE_INFO;
+
+ static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
+
+ static ptrdiff_t offsetOfLength() { return OBJECT_OFFSETOF(ScopedArgumentsTable, m_length); }
+ static ptrdiff_t offsetOfArguments() { return OBJECT_OFFSETOF(ScopedArgumentsTable, m_arguments); }
+
+private:
+ static const unsigned StructureFlags = StructureIsImmortal | Base::StructureFlags;
+
+ ScopeOffset& at(uint32_t i)
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(i < m_length);
+ return m_arguments[i];
+ }
+
+ uint32_t m_length;
+ bool m_locked; // Being locked means that there are multiple references to this object and none of them expect to see the others' modifications. This means that modifications need to make a copy first.
+ std::unique_ptr<ScopeOffset[]> m_arguments;
+};
+
+} // namespace JSC
+
+#endif // ScopedArgumentsTable_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSymbolTablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -69,6 +69,8 @@
</span><span class="cx">
</span><span class="cx"> void SymbolTableEntry::prepareToWatch(SymbolTable* symbolTable)
</span><span class="cx"> {
</span><ins>+ if (!isWatchable())
+ return;
</ins><span class="cx"> FatEntry* entry = inflate();
</span><span class="cx"> if (entry->m_watchpoints)
</span><span class="cx"> return;
</span><span class="lines">@@ -98,10 +100,7 @@
</span><span class="cx">
</span><span class="cx"> SymbolTable::SymbolTable(VM& vm)
</span><span class="cx"> : JSCell(vm, vm.symbolTableStructure.get())
</span><del>- , m_parameterCountIncludingThis(0)
</del><span class="cx"> , m_usesNonStrictEval(false)
</span><del>- , m_captureStart(0)
- , m_captureEnd(0)
</del><span class="cx"> , m_functionEnteredOnce(ClearWatchpoint)
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="lines">@@ -111,6 +110,9 @@
</span><span class="cx"> void SymbolTable::visitChildren(JSCell* thisCell, SlotVisitor& visitor)
</span><span class="cx"> {
</span><span class="cx"> SymbolTable* thisSymbolTable = jsCast<SymbolTable*>(thisCell);
</span><ins>+
+ visitor.append(&thisSymbolTable->m_arguments);
+
</ins><span class="cx"> if (!thisSymbolTable->m_watchpointCleanup) {
</span><span class="cx"> thisSymbolTable->m_watchpointCleanup =
</span><span class="cx"> std::make_unique<WatchpointCleanup>(thisSymbolTable);
</span><span class="lines">@@ -146,52 +148,46 @@
</span><span class="cx"> if (UNLIKELY(!m_localToEntry)) {
</span><span class="cx"> unsigned size = 0;
</span><span class="cx"> for (auto& entry : m_map) {
</span><del>- VirtualRegister reg(entry.value.getIndex());
- if (reg.isLocal())
- size = std::max(size, static_cast<unsigned>(reg.toLocal()) + 1);
</del><ins>+ VarOffset offset = entry.value.varOffset();
+ if (offset.isScope())
+ size = std::max(size, offset.scopeOffset().offset() + 1);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> m_localToEntry = std::make_unique<LocalToEntryVec>(size, nullptr);
</span><span class="cx"> for (auto& entry : m_map) {
</span><del>- VirtualRegister reg(entry.value.getIndex());
- if (reg.isLocal())
- m_localToEntry->at(reg.toLocal()) = &entry.value;
</del><ins>+ VarOffset offset = entry.value.varOffset();
+ if (offset.isScope())
+ m_localToEntry->at(offset.scopeOffset().offset()) = &entry.value;
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> return *m_localToEntry;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-SymbolTableEntry* SymbolTable::entryFor(const ConcurrentJITLocker& locker, VirtualRegister reg)
</del><ins>+SymbolTableEntry* SymbolTable::entryFor(const ConcurrentJITLocker& locker, ScopeOffset offset)
</ins><span class="cx"> {
</span><del>- if (!reg.isLocal())
- return nullptr;
- return localToEntry(locker)[reg.toLocal()];
</del><ins>+ return localToEntry(locker)[offset.offset()];
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-SymbolTable* SymbolTable::cloneCapturedNames(VM& vm)
</del><ins>+SymbolTable* SymbolTable::cloneScopePart(VM& vm)
</ins><span class="cx"> {
</span><span class="cx"> SymbolTable* result = SymbolTable::create(vm);
</span><span class="cx">
</span><del>- result->m_parameterCountIncludingThis = m_parameterCountIncludingThis;
</del><span class="cx"> result->m_usesNonStrictEval = m_usesNonStrictEval;
</span><del>- result->m_captureStart = m_captureStart;
- result->m_captureEnd = m_captureEnd;
</del><span class="cx">
</span><span class="cx"> for (auto iter = m_map.begin(), end = m_map.end(); iter != end; ++iter) {
</span><del>- if (!isCaptured(iter->value.getIndex()))
</del><ins>+ if (!iter->value.varOffset().isScope())
</ins><span class="cx"> continue;
</span><span class="cx"> result->m_map.add(
</span><span class="cx"> iter->key,
</span><del>- SymbolTableEntry(iter->value.getIndex(), iter->value.getAttributes()));
</del><ins>+ SymbolTableEntry(iter->value.varOffset(), iter->value.getAttributes()));
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- if (m_slowArguments) {
- result->m_slowArguments = std::make_unique<SlowArgument[]>(parameterCount());
- for (unsigned i = parameterCount(); i--;)
- result->m_slowArguments[i] = m_slowArguments[i];
- }
-
</del><ins>+ result->m_maxScopeOffset = m_maxScopeOffset;
+
+ if (ScopedArgumentsTable* arguments = this->arguments())
+ result->m_arguments.set(vm, result, arguments);
+
</ins><span class="cx"> if (m_typeProfilingRareData) {
</span><span class="cx"> result->m_typeProfilingRareData = std::make_unique<TypeProfilingRareData>();
</span><span class="cx">
</span><span class="lines">@@ -203,10 +199,10 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> {
</span><del>- auto iter = m_typeProfilingRareData->m_registerToVariableMap.begin();
- auto end = m_typeProfilingRareData->m_registerToVariableMap.end();
</del><ins>+ auto iter = m_typeProfilingRareData->m_offsetToVariableMap.begin();
+ auto end = m_typeProfilingRareData->m_offsetToVariableMap.end();
</ins><span class="cx"> for (; iter != end; ++iter)
</span><del>- result->m_typeProfilingRareData->m_registerToVariableMap.set(iter->key, iter->value);
</del><ins>+ result->m_typeProfilingRareData->m_offsetToVariableMap.set(iter->key, iter->value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> {
</span><span class="lines">@@ -229,7 +225,7 @@
</span><span class="cx">
</span><span class="cx"> for (auto iter = m_map.begin(), end = m_map.end(); iter != end; ++iter) {
</span><span class="cx"> m_typeProfilingRareData->m_uniqueIDMap.set(iter->key, TypeProfilerNeedsUniqueIDGeneration);
</span><del>- m_typeProfilingRareData->m_registerToVariableMap.set(iter->value.getIndex(), iter->key);
</del><ins>+ m_typeProfilingRareData->m_offsetToVariableMap.set(iter->value.varOffset(), iter->key);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -252,26 +248,26 @@
</span><span class="cx"> return id;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-GlobalVariableID SymbolTable::uniqueIDForRegister(const ConcurrentJITLocker& locker, int registerIndex, VM& vm)
</del><ins>+GlobalVariableID SymbolTable::uniqueIDForOffset(const ConcurrentJITLocker& locker, VarOffset offset, VM& vm)
</ins><span class="cx"> {
</span><span class="cx"> RELEASE_ASSERT(m_typeProfilingRareData);
</span><span class="cx">
</span><del>- auto iter = m_typeProfilingRareData->m_registerToVariableMap.find(registerIndex);
- auto end = m_typeProfilingRareData->m_registerToVariableMap.end();
</del><ins>+ auto iter = m_typeProfilingRareData->m_offsetToVariableMap.find(offset);
+ auto end = m_typeProfilingRareData->m_offsetToVariableMap.end();
</ins><span class="cx"> if (iter == end)
</span><span class="cx"> return TypeProfilerNoGlobalIDExists;
</span><span class="cx">
</span><span class="cx"> return uniqueIDForVariable(locker, iter->value.get(), vm);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-RefPtr<TypeSet> SymbolTable::globalTypeSetForRegister(const ConcurrentJITLocker& locker, int registerIndex, VM& vm)
</del><ins>+RefPtr<TypeSet> SymbolTable::globalTypeSetForOffset(const ConcurrentJITLocker& locker, VarOffset offset, VM& vm)
</ins><span class="cx"> {
</span><span class="cx"> RELEASE_ASSERT(m_typeProfilingRareData);
</span><span class="cx">
</span><del>- uniqueIDForRegister(locker, registerIndex, vm); // Lazily create the TypeSet if necessary.
</del><ins>+ uniqueIDForOffset(locker, offset, vm); // Lazily create the TypeSet if necessary.
</ins><span class="cx">
</span><del>- auto iter = m_typeProfilingRareData->m_registerToVariableMap.find(registerIndex);
- auto end = m_typeProfilingRareData->m_registerToVariableMap.end();
</del><ins>+ auto iter = m_typeProfilingRareData->m_offsetToVariableMap.find(offset);
+ auto end = m_typeProfilingRareData->m_offsetToVariableMap.end();
</ins><span class="cx"> if (iter == end)
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSymbolTableh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SymbolTable.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SymbolTable.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/SymbolTable.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -30,8 +30,11 @@
</span><span class="cx"> #define SymbolTable_h
</span><span class="cx">
</span><span class="cx"> #include "ConcurrentJITLock.h"
</span><ins>+#include "ConstantMode.h"
</ins><span class="cx"> #include "JSObject.h"
</span><ins>+#include "ScopedArgumentsTable.h"
</ins><span class="cx"> #include "TypeLocation.h"
</span><ins>+#include "VarOffset.h"
</ins><span class="cx"> #include "VariableWatchpointSet.h"
</span><span class="cx"> #include <memory>
</span><span class="cx"> #include <wtf/HashTraits.h>
</span><span class="lines">@@ -39,24 +42,6 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-struct SlowArgument {
-public:
- enum Status {
- Normal = 0,
- Captured = 1,
- Deleted = 2
- };
-
- SlowArgument()
- : status(Normal)
- , index(0)
- {
- }
-
- Status status;
- int index; // If status is 'Deleted', index is bogus.
-};
-
</del><span class="cx"> static ALWAYS_INLINE int missingSymbolMarker() { return std::numeric_limits<int>::max(); }
</span><span class="cx">
</span><span class="cx"> // The bit twiddling in this class assumes that every register index is a
</span><span class="lines">@@ -86,6 +71,28 @@
</span><span class="cx"> // copy: SymbolTableEntry --> FatEntry -----^
</span><span class="cx">
</span><span class="cx"> struct SymbolTableEntry {
</span><ins>+private:
+ static VarOffset varOffsetFromBits(intptr_t bits)
+ {
+ VarKind kind;
+ intptr_t kindBits = bits & KindBitsMask;
+ if (kindBits <= UnwatchableScopeKindBits)
+ kind = VarKind::Scope;
+ else if (kindBits == StackKindBits)
+ kind = VarKind::Stack;
+ else
+ kind = VarKind::DirectArgument;
+ return VarOffset::assemble(kind, static_cast<int>(bits >> FlagBits));
+ }
+
+ static ScopeOffset scopeOffsetFromBits(intptr_t bits)
+ {
+ ASSERT((bits & KindBitsMask) <= UnwatchableScopeKindBits);
+ return ScopeOffset(static_cast<int>(bits >> FlagBits));
+ }
+
+public:
+
</ins><span class="cx"> // Use the SymbolTableEntry::Fast class, either via implicit cast or by calling
</span><span class="cx"> // getFast(), when you (1) only care about isNull(), getIndex(), and isReadOnly(),
</span><span class="cx"> // and (2) you are in a hot path where you need to minimize the number of times
</span><span class="lines">@@ -107,22 +114,35 @@
</span><span class="cx"> return !(m_bits & ~SlimFlag);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- int getIndex() const
</del><ins>+ VarOffset varOffset() const
</ins><span class="cx"> {
</span><del>- return static_cast<int>(m_bits >> FlagBits);
</del><ins>+ return varOffsetFromBits(m_bits);
</ins><span class="cx"> }
</span><del>-
</del><ins>+
+ // Asserts if the offset is anything but a scope offset. This structures the assertions
+ // in a way that may result in better code, even in release, than doing
+ // varOffset().scopeOffset().
+ ScopeOffset scopeOffset() const
+ {
+ return scopeOffsetFromBits(m_bits);
+ }
+
</ins><span class="cx"> bool isReadOnly() const
</span><span class="cx"> {
</span><span class="cx"> return m_bits & ReadOnlyFlag;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool isDontEnum() const
+ {
+ return m_bits & DontEnumFlag;
+ }
+
</ins><span class="cx"> unsigned getAttributes() const
</span><span class="cx"> {
</span><span class="cx"> unsigned attributes = 0;
</span><del>- if (m_bits & ReadOnlyFlag)
</del><ins>+ if (isReadOnly())
</ins><span class="cx"> attributes |= ReadOnly;
</span><del>- if (m_bits & DontEnumFlag)
</del><ins>+ if (isDontEnum())
</ins><span class="cx"> attributes |= DontEnum;
</span><span class="cx"> return attributes;
</span><span class="cx"> }
</span><span class="lines">@@ -142,18 +162,18 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- SymbolTableEntry(int index)
</del><ins>+ SymbolTableEntry(VarOffset offset)
</ins><span class="cx"> : m_bits(SlimFlag)
</span><span class="cx"> {
</span><del>- ASSERT(isValidIndex(index));
- pack(index, false, false);
</del><ins>+ ASSERT(isValidVarOffset(offset));
+ pack(offset, true, false, false);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- SymbolTableEntry(int index, unsigned attributes)
</del><ins>+ SymbolTableEntry(VarOffset offset, unsigned attributes)
</ins><span class="cx"> : m_bits(SlimFlag)
</span><span class="cx"> {
</span><del>- ASSERT(isValidIndex(index));
- pack(index, attributes & ReadOnly, attributes & DontEnum);
</del><ins>+ ASSERT(isValidVarOffset(offset));
+ pack(offset, true, attributes & ReadOnly, attributes & DontEnum);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ~SymbolTableEntry()
</span><span class="lines">@@ -181,11 +201,24 @@
</span><span class="cx"> return !(bits() & ~SlimFlag);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- int getIndex() const
</del><ins>+ VarOffset varOffset() const
</ins><span class="cx"> {
</span><del>- return static_cast<int>(bits() >> FlagBits);
</del><ins>+ return varOffsetFromBits(bits());
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool isWatchable() const
+ {
+ return (m_bits & KindBitsMask) == ScopeKindBits;
+ }
+
+ // Asserts if the offset is anything but a scope offset. This structures the assertions
+ // in a way that may result in better code, even in release, than doing
+ // varOffset().scopeOffset().
+ ScopeOffset scopeOffset() const
+ {
+ return scopeOffsetFromBits(bits());
+ }
+
</ins><span class="cx"> ALWAYS_INLINE Fast getFast() const
</span><span class="cx"> {
</span><span class="cx"> return Fast(*this);
</span><span class="lines">@@ -206,10 +239,10 @@
</span><span class="cx"> {
</span><span class="cx"> return getFast().getAttributes();
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> void setAttributes(unsigned attributes)
</span><span class="cx"> {
</span><del>- pack(getIndex(), attributes & ReadOnly, attributes & DontEnum);
</del><ins>+ pack(varOffset(), isWatchable(), attributes & ReadOnly, attributes & DontEnum);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool isReadOnly() const
</span><span class="lines">@@ -217,7 +250,23 @@
</span><span class="cx"> return bits() & ReadOnlyFlag;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ConstantMode constantMode() const
+ {
+ return modeForIsConstant(isReadOnly());
+ }
+
+ bool isDontEnum() const
+ {
+ return bits() & DontEnumFlag;
+ }
+
</ins><span class="cx"> JSValue inferredValue();
</span><ins>+
+ void disableWatching()
+ {
+ if (varOffset().isScope())
+ pack(varOffset(), false, isReadOnly(), isDontEnum());
+ }
</ins><span class="cx">
</span><span class="cx"> void prepareToWatch(SymbolTable*);
</span><span class="cx">
</span><span class="lines">@@ -242,7 +291,12 @@
</span><span class="cx"> static const intptr_t ReadOnlyFlag = 0x2;
</span><span class="cx"> static const intptr_t DontEnumFlag = 0x4;
</span><span class="cx"> static const intptr_t NotNullFlag = 0x8;
</span><del>- static const intptr_t FlagBits = 4;
</del><ins>+ static const intptr_t KindBitsMask = 0x30;
+ static const intptr_t ScopeKindBits = 0x00;
+ static const intptr_t UnwatchableScopeKindBits = 0x10;
+ static const intptr_t StackKindBits = 0x20;
+ static const intptr_t DirectArgumentKindBits = 0x30;
+ static const intptr_t FlagBits = 6;
</ins><span class="cx">
</span><span class="cx"> class FatEntry {
</span><span class="cx"> WTF_MAKE_FAST_ALLOCATED;
</span><span class="lines">@@ -309,20 +363,38 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE void freeFatEntrySlow();
</span><span class="cx">
</span><del>- void pack(int index, bool readOnly, bool dontEnum)
</del><ins>+ void pack(VarOffset offset, bool isWatchable, bool readOnly, bool dontEnum)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!isFat());
</span><span class="cx"> intptr_t& bitsRef = bits();
</span><del>- bitsRef = (static_cast<intptr_t>(index) << FlagBits) | NotNullFlag | SlimFlag;
</del><ins>+ bitsRef =
+ (static_cast<intptr_t>(offset.rawOffset()) << FlagBits) | NotNullFlag | SlimFlag;
</ins><span class="cx"> if (readOnly)
</span><span class="cx"> bitsRef |= ReadOnlyFlag;
</span><span class="cx"> if (dontEnum)
</span><span class="cx"> bitsRef |= DontEnumFlag;
</span><ins>+ switch (offset.kind()) {
+ case VarKind::Scope:
+ if (isWatchable)
+ bitsRef |= ScopeKindBits;
+ else
+ bitsRef |= UnwatchableScopeKindBits;
+ break;
+ case VarKind::Stack:
+ bitsRef |= StackKindBits;
+ break;
+ case VarKind::DirectArgument:
+ bitsRef |= DirectArgumentKindBits;
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- bool isValidIndex(int index)
</del><ins>+ static bool isValidVarOffset(VarOffset offset)
</ins><span class="cx"> {
</span><del>- return ((static_cast<intptr_t>(index) << FlagBits) >> FlagBits) == static_cast<intptr_t>(index);
</del><ins>+ return ((static_cast<intptr_t>(offset.rawOffset()) << FlagBits) >> FlagBits) == static_cast<intptr_t>(offset.rawOffset());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> intptr_t m_bits;
</span><span class="lines">@@ -339,7 +411,7 @@
</span><span class="cx"> typedef HashMap<RefPtr<StringImpl>, SymbolTableEntry, IdentifierRepHash, HashTraits<RefPtr<StringImpl>>, SymbolTableIndexHashTraits> Map;
</span><span class="cx"> typedef HashMap<RefPtr<StringImpl>, GlobalVariableID> UniqueIDMap;
</span><span class="cx"> typedef HashMap<RefPtr<StringImpl>, RefPtr<TypeSet>> UniqueTypeSetMap;
</span><del>- typedef HashMap<int, RefPtr<StringImpl>, WTF::IntHash<int>, WTF::UnsignedWithZeroKeyHashTraits<int>> RegisterToVariableMap;
</del><ins>+ typedef HashMap<VarOffset, RefPtr<StringImpl>> OffsetToVariableMap;
</ins><span class="cx"> typedef Vector<SymbolTableEntry*> LocalToEntryVec;
</span><span class="cx">
</span><span class="cx"> static SymbolTable* create(VM& vm)
</span><span class="lines">@@ -352,7 +424,7 @@
</span><span class="cx"> static SymbolTable* createNameScopeTable(VM& vm, const Identifier& ident, unsigned attributes)
</span><span class="cx"> {
</span><span class="cx"> SymbolTable* result = create(vm);
</span><del>- result->add(ident.impl(), SymbolTableEntry(-1, attributes));
</del><ins>+ result->add(ident.impl(), SymbolTableEntry(VarOffset(ScopeOffset(0)), attributes));
</ins><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -424,10 +496,60 @@
</span><span class="cx"> return size(locker);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- Map::AddResult add(const ConcurrentJITLocker&, StringImpl* key, const SymbolTableEntry& entry)
</del><ins>+ ScopeOffset maxScopeOffset() const
</ins><span class="cx"> {
</span><ins>+ return m_maxScopeOffset;
+ }
+
+ void didUseScopeOffset(ScopeOffset offset)
+ {
+ if (!m_maxScopeOffset || m_maxScopeOffset < offset)
+ m_maxScopeOffset = offset;
+ }
+
+ void didUseVarOffset(VarOffset offset)
+ {
+ if (offset.isScope())
+ didUseScopeOffset(offset.scopeOffset());
+ }
+
+ unsigned scopeSize() const
+ {
+ ScopeOffset maxScopeOffset = this->maxScopeOffset();
+
+ // Do some calculation that relies on invalid scope offset plus one being zero.
+ unsigned fastResult = maxScopeOffset.offsetUnchecked() + 1;
+
+ // Assert that this works.
+ ASSERT(fastResult == (!maxScopeOffset ? 0 : maxScopeOffset.offset() + 1));
+
+ return fastResult;
+ }
+
+ ScopeOffset nextScopeOffset() const
+ {
+ return ScopeOffset(scopeSize());
+ }
+
+ ScopeOffset takeNextScopeOffset(const ConcurrentJITLocker&)
+ {
+ ScopeOffset result = nextScopeOffset();
+ m_maxScopeOffset = result;
+ return result;
+ }
+
+ ScopeOffset takeNextScopeOffset()
+ {
+ ConcurrentJITLocker locker(m_lock);
+ return takeNextScopeOffset(locker);
+ }
+
+ void add(const ConcurrentJITLocker&, StringImpl* key, const SymbolTableEntry& entry)
+ {
</ins><span class="cx"> RELEASE_ASSERT(!m_localToEntry);
</span><del>- return m_map.add(key, entry);
</del><ins>+ didUseVarOffset(entry.varOffset());
+ Map::AddResult result = m_map.add(key, entry);
+ ASSERT_UNUSED(result, result.isNewEntry);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void add(StringImpl* key, const SymbolTableEntry& entry)
</span><span class="lines">@@ -436,10 +558,11 @@
</span><span class="cx"> add(locker, key, entry);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- Map::AddResult set(const ConcurrentJITLocker&, StringImpl* key, const SymbolTableEntry& entry)
</del><ins>+ void set(const ConcurrentJITLocker&, StringImpl* key, const SymbolTableEntry& entry)
</ins><span class="cx"> {
</span><span class="cx"> RELEASE_ASSERT(!m_localToEntry);
</span><del>- return m_map.set(key, entry);
</del><ins>+ didUseVarOffset(entry.varOffset());
+ m_map.set(key, entry);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void set(StringImpl* key, const SymbolTableEntry& entry)
</span><span class="lines">@@ -459,40 +582,60 @@
</span><span class="cx"> return contains(locker, key);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // The principle behind ScopedArgumentsTable modifications is that we will create one and
+ // leave it unlocked - thereby allowing in-place changes - until someone asks for a pointer to
+ // the table. Then, we will lock it. Then both our future changes and their future changes
+ // will first have to make a copy. This discipline means that usually when we create a
+ // ScopedArguments object, we don't have to make a copy of the ScopedArgumentsTable - instead
+ // we just take a reference to one that we already have.
+
+ uint32_t argumentsLength() const
+ {
+ if (!m_arguments)
+ return 0;
+ return m_arguments->length();
+ }
+
+ void setArgumentsLength(VM& vm, uint32_t length)
+ {
+ if (UNLIKELY(!m_arguments))
+ m_arguments.set(vm, this, ScopedArgumentsTable::create(vm));
+ m_arguments.set(vm, this, m_arguments->setLength(vm, length));
+ }
+
+ ScopeOffset argumentOffset(uint32_t i) const
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(m_arguments);
+ return m_arguments->get(i);
+ }
+
+ void setArgumentOffset(VM& vm, uint32_t i, ScopeOffset offset)
+ {
+ ASSERT_WITH_SECURITY_IMPLICATION(m_arguments);
+ m_arguments.set(vm, this, m_arguments->set(vm, i, offset));
+ }
+
+ ScopedArgumentsTable* arguments() const
+ {
+ if (!m_arguments)
+ return nullptr;
+ m_arguments->lock();
+ return m_arguments.get();
+ }
+
</ins><span class="cx"> const LocalToEntryVec& localToEntry(const ConcurrentJITLocker&);
</span><del>- SymbolTableEntry* entryFor(const ConcurrentJITLocker&, VirtualRegister);
</del><ins>+ SymbolTableEntry* entryFor(const ConcurrentJITLocker&, ScopeOffset);
</ins><span class="cx">
</span><del>- GlobalVariableID uniqueIDForVariable(const ConcurrentJITLocker&, StringImpl* key, VM& vm);
- GlobalVariableID uniqueIDForRegister(const ConcurrentJITLocker& locker, int registerIndex, VM& vm);
- RefPtr<TypeSet> globalTypeSetForRegister(const ConcurrentJITLocker& locker, int registerIndex, VM& vm);
- RefPtr<TypeSet> globalTypeSetForVariable(const ConcurrentJITLocker& locker, StringImpl* key, VM& vm);
</del><ins>+ GlobalVariableID uniqueIDForVariable(const ConcurrentJITLocker&, StringImpl* key, VM&);
+ GlobalVariableID uniqueIDForOffset(const ConcurrentJITLocker&, VarOffset, VM&);
+ RefPtr<TypeSet> globalTypeSetForOffset(const ConcurrentJITLocker&, VarOffset, VM&);
+ RefPtr<TypeSet> globalTypeSetForVariable(const ConcurrentJITLocker&, StringImpl* key, VM&);
</ins><span class="cx">
</span><span class="cx"> bool usesNonStrictEval() { return m_usesNonStrictEval; }
</span><span class="cx"> void setUsesNonStrictEval(bool usesNonStrictEval) { m_usesNonStrictEval = usesNonStrictEval; }
</span><span class="cx">
</span><del>- int captureStart() const { return m_captureStart; }
- void setCaptureStart(int captureStart) { m_captureStart = captureStart; }
</del><ins>+ SymbolTable* cloneScopePart(VM&);
</ins><span class="cx">
</span><del>- int captureEnd() const { return m_captureEnd; }
- void setCaptureEnd(int captureEnd) { m_captureEnd = captureEnd; }
-
- int captureCount() const { return -(m_captureEnd - m_captureStart); }
-
- bool isCaptured(int operand)
- {
- return operand <= captureStart() && operand > captureEnd();
- }
-
- int parameterCount() { return m_parameterCountIncludingThis - 1; }
- int parameterCountIncludingThis() { return m_parameterCountIncludingThis; }
- void setParameterCountIncludingThis(int parameterCountIncludingThis) { m_parameterCountIncludingThis = parameterCountIncludingThis; }
-
- // 0 if we don't capture any arguments; parameterCount() in length if we do.
- const SlowArgument* slowArguments() { return m_slowArguments.get(); }
- void setSlowArguments(std::unique_ptr<SlowArgument[]> slowArguments) { m_slowArguments = WTF::move(slowArguments); }
-
- SymbolTable* cloneCapturedNames(VM&);
-
</del><span class="cx"> void prepareForTypeProfiling(const ConcurrentJITLocker&);
</span><span class="cx">
</span><span class="cx"> static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="lines">@@ -519,21 +662,19 @@
</span><span class="cx"> ~SymbolTable();
</span><span class="cx">
</span><span class="cx"> Map m_map;
</span><ins>+ ScopeOffset m_maxScopeOffset;
+
</ins><span class="cx"> struct TypeProfilingRareData {
</span><span class="cx"> UniqueIDMap m_uniqueIDMap;
</span><del>- RegisterToVariableMap m_registerToVariableMap;
</del><ins>+ OffsetToVariableMap m_offsetToVariableMap;
</ins><span class="cx"> UniqueTypeSetMap m_uniqueTypeSetMap;
</span><span class="cx"> };
</span><span class="cx"> std::unique_ptr<TypeProfilingRareData> m_typeProfilingRareData;
</span><span class="cx">
</span><del>- int m_parameterCountIncludingThis;
</del><span class="cx"> bool m_usesNonStrictEval;
</span><del>-
- int m_captureStart;
- int m_captureEnd;
-
- std::unique_ptr<SlowArgument[]> m_slowArguments;
</del><span class="cx">
</span><ins>+ WriteBarrier<ScopedArgumentsTable> m_arguments;
+
</ins><span class="cx"> std::unique_ptr<WatchpointCleanup> m_watchpointCleanup;
</span><span class="cx"> std::unique_ptr<LocalToEntryVec> m_localToEntry;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.cpp (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.cpp 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/VM.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -217,6 +217,7 @@
</span><span class="cx"> propertyNameEnumeratorStructure.set(*this, JSPropertyNameEnumerator::createStructure(*this, 0, jsNull()));
</span><span class="cx"> getterSetterStructure.set(*this, GetterSetter::createStructure(*this, 0, jsNull()));
</span><span class="cx"> customGetterSetterStructure.set(*this, CustomGetterSetter::createStructure(*this, 0, jsNull()));
</span><ins>+ scopedArgumentsTableStructure.set(*this, ScopedArgumentsTable::createStructure(*this, 0, jsNull()));
</ins><span class="cx"> apiWrapperStructure.set(*this, JSAPIValueWrapper::createStructure(*this, 0, jsNull()));
</span><span class="cx"> JSScopeStructure.set(*this, JSScope::createStructure(*this, 0, jsNull()));
</span><span class="cx"> executableStructure.set(*this, ExecutableBase::createStructure(*this, 0, jsNull()));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/JavaScriptCore/runtime/VM.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2009, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2009, 2013-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -250,6 +250,7 @@
</span><span class="cx"> Strong<Structure> propertyNameEnumeratorStructure;
</span><span class="cx"> Strong<Structure> getterSetterStructure;
</span><span class="cx"> Strong<Structure> customGetterSetterStructure;
</span><ins>+ Strong<Structure> scopedArgumentsTableStructure;
</ins><span class="cx"> Strong<Structure> apiWrapperStructure;
</span><span class="cx"> Strong<Structure> JSScopeStructure;
</span><span class="cx"> Strong<Structure> executableStructure;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVarOffsetcpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/VarOffset.cpp (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VarOffset.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/VarOffset.cpp 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,76 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "VarOffset.h"
+
+namespace JSC {
+
+void VarOffset::dump(PrintStream& out) const
+{
+ switch (m_kind) {
+ case VarKind::Invalid:
+ out.print("invalid");
+ return;
+ case VarKind::Scope:
+ out.print(scopeOffset());
+ return;
+ case VarKind::Stack:
+ out.print(stackOffset());
+ return;
+ case VarKind::DirectArgument:
+ out.print(capturedArgumentsOffset());
+ return;
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+}
+
+} // namespace JSC
+
+namespace WTF {
+
+using namespace JSC;
+
+void printInternal(PrintStream& out, VarKind varKind)
+{
+ switch (varKind) {
+ case VarKind::Invalid:
+ out.print("Invalid");
+ return;
+ case VarKind::Scope:
+ out.print("Scope");
+ return;
+ case VarKind::Stack:
+ out.print("Stack");
+ return;
+ case VarKind::DirectArgument:
+ out.print("DirectArgument");
+ return;
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+}
+
+} // namespace WTF
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVarOffseth"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/VarOffset.h (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VarOffset.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/VarOffset.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,247 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef VarOffset_h
+#define VarOffset_h
+
+#include "DirectArgumentsOffset.h"
+#include "ScopeOffset.h"
+#include "VirtualRegister.h"
+#include <wtf/HashMap.h>
+
+namespace JSC {
+
+enum class VarKind : uint8_t {
+ Invalid,
+ Scope,
+ Stack,
+ DirectArgument
+};
+
+class VarOffset {
+public:
+ VarOffset()
+ : m_kind(VarKind::Invalid)
+ , m_offset(UINT_MAX)
+ {
+ }
+
+ VarOffset(WTF::HashTableDeletedValueType)
+ : m_kind(VarKind::Invalid)
+ , m_offset(0)
+ {
+ }
+
+ explicit VarOffset(VirtualRegister stackOffset)
+ {
+ if (!stackOffset.isValid()) {
+ m_kind = VarKind::Invalid;
+ m_offset = UINT_MAX;
+ } else {
+ m_kind = VarKind::Stack;
+ m_offset = stackOffset.offset();
+ }
+ }
+
+ explicit VarOffset(ScopeOffset scopeOffset)
+ {
+ if (!scopeOffset) {
+ m_kind = VarKind::Invalid;
+ m_offset = UINT_MAX;
+ } else {
+ m_kind = VarKind::Scope;
+ m_offset = scopeOffset.offset();
+ }
+ }
+
+ explicit VarOffset(DirectArgumentsOffset capturedArgumentsOffset)
+ {
+ if (!capturedArgumentsOffset) {
+ m_kind = VarKind::Invalid;
+ m_offset = UINT_MAX;
+ } else {
+ m_kind = VarKind::DirectArgument;
+ m_offset = capturedArgumentsOffset.offset();
+ }
+ }
+
+ static VarOffset assemble(VarKind kind, unsigned offset)
+ {
+ VarOffset result;
+ result.m_kind = kind;
+ result.m_offset = offset;
+ result.checkSanity();
+ return result;
+ }
+
+ bool isValid() const
+ {
+ return m_kind != VarKind::Invalid;
+ }
+
+ bool operator!() const
+ {
+ return !isValid();
+ }
+
+ VarKind kind() const { return m_kind; }
+
+ bool isStack() const
+ {
+ return m_kind == VarKind::Stack;
+ }
+
+ bool isScope() const
+ {
+ return m_kind == VarKind::Scope;
+ }
+
+ bool isDirectArgument() const
+ {
+ return m_kind == VarKind::DirectArgument;
+ }
+
+ VirtualRegister stackOffsetUnchecked() const
+ {
+ if (!isStack())
+ return VirtualRegister();
+ return VirtualRegister(m_offset);
+ }
+
+ ScopeOffset scopeOffsetUnchecked() const
+ {
+ if (!isScope())
+ return ScopeOffset();
+ return ScopeOffset(m_offset);
+ }
+
+ DirectArgumentsOffset capturedArgumentsOffsetUnchecked() const
+ {
+ if (!isDirectArgument())
+ return DirectArgumentsOffset();
+ return DirectArgumentsOffset(m_offset);
+ }
+
+ VirtualRegister stackOffset() const
+ {
+ ASSERT(isStack());
+ return VirtualRegister(m_offset);
+ }
+
+ ScopeOffset scopeOffset() const
+ {
+ ASSERT(isScope());
+ return ScopeOffset(m_offset);
+ }
+
+ DirectArgumentsOffset capturedArgumentsOffset() const
+ {
+ ASSERT(isDirectArgument());
+ return DirectArgumentsOffset(m_offset);
+ }
+
+ unsigned rawOffset() const
+ {
+ ASSERT(isValid());
+ return m_offset;
+ }
+
+ void checkSanity() const
+ {
+ if (ASSERT_DISABLED)
+ return;
+
+ switch (m_kind) {
+ case VarKind::Invalid:
+ ASSERT(m_offset == UINT_MAX);
+ return;
+ case VarKind::Scope:
+ ASSERT(scopeOffset());
+ return;
+ case VarKind::Stack:
+ ASSERT(stackOffset().isValid());
+ return;
+ case VarKind::DirectArgument:
+ ASSERT(capturedArgumentsOffset());
+ return;
+ }
+
+ ASSERT_NOT_REACHED();
+ }
+
+ bool operator==(const VarOffset& other) const
+ {
+ return m_kind == other.m_kind
+ && m_offset == other.m_offset;
+ }
+
+ bool operator!=(const VarOffset& other) const
+ {
+ return !(*this == other);
+ }
+
+ unsigned hash() const
+ {
+ return WTF::IntHash<unsigned>::hash((static_cast<unsigned>(m_kind) << 20) + m_offset);
+ }
+
+ bool isHashTableDeletedValue() const
+ {
+ return m_kind == VarKind::Invalid && !m_offset;
+ }
+
+ void dump(PrintStream&) const;
+
+private:
+ VarKind m_kind;
+ unsigned m_offset;
+};
+
+struct VarOffsetHash {
+ static unsigned hash(const VarOffset& key) { return key.hash(); }
+ static bool equal(const VarOffset& a, const VarOffset& b) { return a == b; }
+ static const bool safeToCompareToEmptyOrDeleted = true;
+};
+
+} // namespace JSC
+
+namespace WTF {
+
+void printInternal(PrintStream&, JSC::VarKind);
+
+template<typename T> struct DefaultHash;
+template<> struct DefaultHash<JSC::VarOffset> {
+ typedef JSC::VarOffsetHash Hash;
+};
+
+template<typename T> struct HashTraits;
+template<> struct HashTraits<JSC::VarOffset> : SimpleClassHashTraits<JSC::VarOffset> {
+ static const bool emptyValueIsZero = false;
+};
+
+} // namespace WTF
+
+#endif // VarOffset_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsexitfixedjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-exit-fixed.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-exit-fixed.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-exit-fixed.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+function foo(x) {
+ var tmp = x.f + 1;
+ return tmp + arguments[0].f;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo({f:i});
+ if (result != i + i + 1)
+ throw "Error: bad result: " + result;
+}
+
+var result = foo({f:4.5});
+if (result != 4.5 + 4.5 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsexitstrictmodefixedjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode-fixed.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode-fixed.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode-fixed.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+"use strict";
+
+function foo(x) {
+ var tmp = x.f + 1;
+ return tmp + arguments[0].f;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo({f:i});
+ if (result != i + i + 1)
+ throw "Error: bad result: " + result;
+}
+
+var result = foo({f:4.5});
+if (result != 4.5 + 4.5 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsexitstrictmodejs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-exit-strict-mode.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+"use strict";
+
+function foo(x) {
+ var tmp = x + 1;
+ return tmp + arguments[0];
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo(i);
+ if (result != i + i + 1)
+ throw "Error: bad result: " + result;
+}
+
+var result = foo(4.5);
+if (result != 4.5 + 4.5 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+function foo(x) {
+ var tmp = x + 1;
+ return tmp + arguments[0];
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo(i);
+ if (result != i + i + 1)
+ throw "Error: bad result: " + result;
+}
+
+var result = foo(4.5);
+if (result != 4.5 + 4.5 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsinlinedexitstrictmodefixedjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode-fixed.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode-fixed.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode-fixed.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+"use strict";
+
+function foo(x) {
+ var tmp = x.f + 1;
+ return tmp + arguments[0].f;
+}
+
+function bar(x) {
+ return foo(x);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = bar({f:i});
+ if (result != i + i + 1)
+ throw "Error: bad result: " + result;
+}
+
+var result = bar({f:4.5});
+if (result != 4.5 + 4.5 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsinlinedexitstrictmodejs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit-strict-mode.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+"use strict";
+
+function foo(x) {
+ var tmp = x + 1;
+ return tmp + arguments[0];
+}
+
+function bar(x) {
+ return foo(x);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = bar(i);
+ if (result != i + i + 1)
+ throw "Error: bad result: " + result;
+}
+
+var result = bar(4.5);
+if (result != 4.5 + 4.5 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsinlinedexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-inlined-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,20 @@
</span><ins>+function foo(x) {
+ var tmp = x + 1;
+ return tmp + arguments[0];
+}
+
+function bar(x) {
+ return foo(x);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = bar(i);
+ if (result != i + i + 1)
+ throw "Error: bad result: " + result;
+}
+
+var result = bar(4.5);
+if (result != 4.5 + 4.5 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsinterferencecfgjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-interference-cfg.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-interference-cfg.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-interference-cfg.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,24 @@
</span><ins>+function bar() {
+ return arguments;
+}
+
+function foo(p) {
+ var a = bar(1, 2, 3);
+ var b;
+ if (p)
+ b = bar(4, 5, 6);
+ else
+ b = [7, 8, 9];
+ return (a[0] << 0) + (a[1] << 1) + (a[2] << 2) + (b[0] << 3) + (b[1] << 4) + (b[2] << 5);
+}
+
+noInline(foo);
+
+for (var i = 0; i < 20000; ++i) {
+ var p = i & 1;
+ var q = (!p) * 3;
+ var result = foo(p);
+ if (result != (1 << 0) + (2 << 1) + (3 << 2) + ((4 + q) << 3) + ((5 + q) << 4) + ((6 + q) << 5))
+ throw "Error: bad result: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressargumentsinterferencejs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/arguments-interference.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/arguments-interference.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/arguments-interference.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+function bar() {
+ return arguments;
+}
+
+function foo() {
+ var a = bar(1, 2, 3);
+ var b = bar(4, 5, 6);
+ return (a[0] << 0) + (a[1] << 1) + (a[2] << 2) + (b[0] << 3) + (b[1] << 4) + (b[2] << 5);
+}
+
+noInline(foo);
+
+for (var i = 0; i < 20000; ++i) {
+ var result = foo();
+ if (result != (1 << 0) + (2 << 1) + (3 << 2) + (4 << 3) + (5 << 4) + (6 << 5))
+ throw "Error: bad result: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressdeadgetclosurevarjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/dead-get-closure-var.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/dead-get-closure-var.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/dead-get-closure-var.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,23 @@
</span><ins>+var global;
+
+function foo(a) {
+ var x = a.f;
+ var f = function() { global = x; };
+ noInline(f);
+ f();
+ var tmp1 = a.g + 1;
+ var tmp2 = x;
+ return global;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo({f:i, g:i + 1});
+ if (result != i)
+ throw "Error: bad result: " + result;
+}
+
+var result = foo({f:42, g:4.2});
+if (result != 42)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressgetdeclaredunpassedargumentindirectargumentsjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-direct-arguments.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-direct-arguments.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-direct-arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+function foo(a) {
+ if (!effectful42())
+ return arguments;
+ return a;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo();
+ if (result !== void 0)
+ throw "Error: bad result: " + result;
+}
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressgetdeclaredunpassedargumentinscopedargumentsjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-scoped-arguments.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-scoped-arguments.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/get-declared-unpassed-argument-in-scoped-arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+function foo(a) {
+ if (!effectful42()) {
+ (function() { a = 43; })();
+ return arguments;
+ }
+ return a;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo();
+ if (result !== void 0)
+ throw "Error: bad result: " + result;
+}
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsclosureinlinedexitstrictmodejs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit-strict-mode.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit-strict-mode.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit-strict-mode.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,26 @@
</span><ins>+"use strict";
+
+function foo(a, b) {
+ return a + b;
+}
+
+function baz(a, b) {
+ function bar() {
+ var a = arguments;
+ var tmp = arguments[0] + 1;
+ return tmp + foo.apply(null, a);
+ }
+ return bar(a, b);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = baz(1, 2);
+ if (result != 1 + 1 + 3)
+ throw "Error: bad result: " + result;
+}
+
+var result = baz(1.5, 2);
+if (result != 1.5 + 1 + 3.5)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsclosureinlinedexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-closure-inlined-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,24 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function baz(a, b) {
+ function bar() {
+ var a = arguments;
+ var tmp = arguments[0] + 1;
+ return tmp + foo.apply(null, a);
+ }
+ return bar(a, b);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = baz(1, 2);
+ if (result != 1 + 1 + 3)
+ throw "Error: bad result: " + result;
+}
+
+var result = baz(1.5, 2);
+if (result != 1.5 + 1 + 3.5)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function bar() {
+ var a = arguments;
+ var tmp = arguments[0] + 1;
+ return tmp + foo.apply(null, a);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = bar(1, 2);
+ if (result != 1 + 1 + 3)
+ throw "Error: bad result: " + result;
+}
+
+var result = bar(1.5, 2);
+if (result != 1.5 + 1 + 3.5)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsinlinedexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function bar() {
+ var a = arguments;
+ var tmp = arguments[0] + 1;
+ return tmp + foo.apply(null, a);
+}
+
+function baz(a, b) {
+ return bar(a, b);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = baz(1, 2);
+ if (result != 1 + 1 + 3)
+ throw "Error: bad result: " + result;
+}
+
+var result = baz(1.5, 2);
+if (result != 1.5 + 1 + 3.5)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitaliasingweirdreversedargsjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird-reversed-args.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird-reversed-args.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird-reversed-args.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,42 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function verify(a, b) {
+ if (a !== b)
+ throw "Error: the two arguments objects aren't identical.";
+}
+
+noInline(verify);
+
+function bar() {
+ var a = arguments;
+ this.verify(arguments, a);
+ return foo.apply(null, a);
+}
+
+function baz(a, b) {
+ return this.bar(a + 1, b + 1);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 20000; ++i) {
+ var o = {
+ baz: baz,
+ bar: bar,
+ verify: function() { }
+ };
+ var result = o.baz(1, 2);
+ if (result != 1 + 1 + 2 + 1)
+ throw "Error: bad result: " + result;
+}
+
+var o = {
+ baz: baz,
+ bar: bar,
+ verify: verify
+};
+var result = o.baz(1, 2);
+if (result != 1 + 1 + 2 + 1)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitaliasingweirdjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing-weird.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,42 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function verify(a, b) {
+ if (a !== b)
+ throw "Error: the two arguments objects aren't identical.";
+}
+
+noInline(verify);
+
+function bar() {
+ var a = arguments;
+ this.verify(arguments, a);
+ return foo.apply(null, a);
+}
+
+function baz(a, b) {
+ return this.bar(a, b);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 20000; ++i) {
+ var o = {
+ baz: baz,
+ bar: bar,
+ verify: function() { }
+ };
+ var result = o.baz(1, 2);
+ if (result != 1 + 2)
+ throw "Error: bad result: " + result;
+}
+
+var o = {
+ baz: baz,
+ bar: bar,
+ verify: verify
+};
+var result = o.baz(1, 2);
+if (result != 1 + 2)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitaliasingjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit-aliasing.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,41 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function verify(a, b) {
+ if (a !== b)
+ throw "Error: the two arguments objects aren't identical.";
+ if (a[0] !== 42)
+ throw "Error: the first argument isn't 42 (a).";
+ if (b[0] !== 42)
+ throw "Error: the first argument isn't 42 (b).";
+}
+
+noInline(verify);
+
+var global = false;
+function bar(x) {
+ var a = arguments;
+ if (global) {
+ x = 42;
+ verify(arguments, a);
+ }
+ return foo.apply(null, a);
+}
+
+function baz(a, b) {
+ return bar(a, b);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = baz(1, 2);
+ if (result != 1 + 2)
+ throw "Error: bad result: " + result;
+}
+
+global = true;
+var result = baz(1, 2);
+if (result != 42 + 2)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsinlinedsimpleexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-inlined-simple-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,28 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+var global;
+function bar() {
+ var a = arguments;
+ var tmp = global + 1;
+ return tmp + foo.apply(null, a);
+}
+
+function baz(a, b) {
+ return bar(a, b);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ global = i;
+ var result = baz(1, 2);
+ if (result != i + 1 + 1 + 2)
+ throw "Error: bad result: " + result;
+}
+
+global = 1.5;
+var result = baz(1, 2);
+if (result != 1.5 + 1 + 1 + 2)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargstoofewargumentsjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-too-few-arguments.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-too-few-arguments.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-too-few-arguments.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+function foo(a, b) {
+ return [a, b];
+}
+
+function bar() {
+ return foo.apply(null, arguments);
+}
+
+noInline(bar);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = bar(1);
+ if ("" + result != "1,")
+ throw "Error: bad result: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsvarargsclosureinlinedexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-closure-inlined-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-closure-inlined-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-closure-inlined-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,24 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function baz() {
+ function bar() {
+ var a = arguments;
+ var tmp = arguments[0] + 1;
+ return tmp + foo.apply(null, a);
+ }
+ return bar.apply(null, arguments);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = baz(1, 2);
+ if (result != 1 + 1 + 3)
+ throw "Error: bad result: " + result;
+}
+
+var result = baz(1.5, 2);
+if (result != 1.5 + 1 + 3.5)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsvarargsinlinedexitstrictmodejs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit-strict-mode.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit-strict-mode.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit-strict-mode.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+"use strict";
+
+function foo(a, b) {
+ return a + b;
+}
+
+function bar() {
+ var a = arguments;
+ var tmp = arguments[0] + 1;
+ return tmp + foo.apply(null, a);
+}
+
+function baz() {
+ return bar.apply(this, arguments);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = baz(1, 2);
+ if (result != 1 + 1 + 3)
+ throw "Error: bad result: " + result;
+}
+
+var result = baz(1.5, 2);
+if (result != 1.5 + 1 + 3.5)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressvarargsvarargsinlinedexitjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit.js (0 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/varargs-varargs-inlined-exit.js 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+function foo(a, b) {
+ return a + b;
+}
+
+function bar() {
+ var a = arguments;
+ var tmp = arguments[0] + 1;
+ return tmp + foo.apply(null, a);
+}
+
+function baz() {
+ return bar.apply(this, arguments);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = baz(1, 2);
+ if (result != 1 + 1 + 3)
+ throw "Error: bad result: " + result;
+}
+
+var result = baz(1.5, 2);
+if (result != 1.5 + 1 + 3.5)
+ throw "Error: bad result at end: " + result;
</ins></span></pre></div>
<a id="trunkSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/ChangeLog (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/ChangeLog 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/WTF/ChangeLog 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -1,5 +1,15 @@
</span><span class="cx"> 2015-03-25 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><ins>+ Heap variables shouldn't end up in the stack frame
+ https://bugs.webkit.org/show_bug.cgi?id=141174
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/FastBitVector.h:
+ (WTF::FastBitVector::resize): Small change: don't resize if you don't have to resize.
+
+2015-03-25 Filip Pizlo <fpizlo@apple.com>
+
</ins><span class="cx"> Change Atomic methods from using the_wrong_naming_conventions to using theRightNamingConventions. Also make seq_cst the default.
</span><span class="cx">
</span><span class="cx"> Rubber stamped by Geoffrey Garen.
</span></span></pre></div>
<a id="trunkSourceWTFwtfFastBitVectorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/FastBitVector.h (181992 => 181993)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/FastBitVector.h 2015-03-26 03:11:04 UTC (rev 181992)
+++ trunk/Source/WTF/wtf/FastBitVector.h 2015-03-26 04:28:43 UTC (rev 181993)
</span><span class="lines">@@ -71,6 +71,9 @@
</span><span class="cx">
</span><span class="cx"> void resize(size_t numBits)
</span><span class="cx"> {
</span><ins>+ if (numBits == m_numBits)
+ return;
+
</ins><span class="cx"> // Use fastCalloc instead of fastRealloc because we expect the common
</span><span class="cx"> // use case for this method to be initializing the size of the bitvector.
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>