<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[199946] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/199946">199946</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2016-04-22 19:00:38 -0700 (Fri, 22 Apr 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Speed up bound functions a bit
https://bugs.webkit.org/show_bug.cgi?id=156889
Reviewed by Saam Barati.
Source/JavaScriptCore:
Bound functions are hard to optimize because JSC doesn't have a good notion of non-JS code
that does JS-ey things like make JS calls. What I mean by "non-JS code" is code that did not
originate from JS source. A bound function does a highly polymorphic call to the target
stored in the JSBoundFunction. Prior to this change, we represented it as native code that
used the generic native->JS call API. That's not cheap.
We could model bound functions using a builtin, but it's not clear that this would be easy
to grok, since so much of the code would have to access special parts of the JSBoundFunction
type. Doing it that way might solve the performance problems but it would mean extra work to
arrange for the builtin to have speedy access to the call target, the bound this, and the
bound arguments. Also, optimizing bound functions that way would mean that bound function
performance would be gated on the performance of a bunch of other things in our system. For
example, we'd want this polymorphic call to be handled like the funnel that it is: if we're
compiling the bound function's outgoing call with no context then we should compile it as
fully polymorphic but we can let it assume basic sanity like that the callee is a real
function; but if we're compiling the call with any amount of calling context then we want to
use normal call IC's.
Since the builtin path wouldn't lead to a simpler patch and since I think that the VM will
benefit in the long run from using custom handling for bound functions, I kept the native
code and just added Intrinsic/thunk support.
This just adds an Intrinsic for bound function calls where the JSBoundFunction targets a
JSFunction instance and has no bound arguments (only bound this). This intrinsic is
currently only implemented as a thunk and not yet recognized by the DFG bytecode parser.
I needed to loosen some restrictions to do this. For one, I was really tired of our bad use
of ENABLE(JIT) conditionals, which made it so that any serious client of Intrinsics would
have to have #ifdefs. Really what should happen is that if the JIT is not enabled then we
just ignore intrinsics. Also, the code was previously assuming that having a native
constructor and knowing the Intrinsic for your native call were mutually exclusive. This
change makes it possible to have a native executable that has a custom function, custom
constructor, and an Intrinsic.
This is a >4x speed-up on bound function calls with no bound arguments.
In the future, we should teach the DFG Intrinsic handling to deal with bound functions and
we should teach the inliner (and ByteCodeParser::handleCall() in general) how to deal with
the function call inside the bound function. That would be super awesome.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::timesPtr):
(JSC::AbstractMacroAssembler::Address::withOffset):
(JSC::AbstractMacroAssembler::BaseIndex::BaseIndex):
(JSC::MacroAssemblerType>::Address::indexedBy):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::storeCell):
(JSC::AssemblyHelpers::loadCell):
(JSC::AssemblyHelpers::storeValue):
(JSC::AssemblyHelpers::emitSaveCalleeSaves):
(JSC::AssemblyHelpers::emitSaveThenMaterializeTagRegisters):
(JSC::AssemblyHelpers::emitRestoreCalleeSaves):
(JSC::AssemblyHelpers::emitRestoreSavedTagRegisters):
(JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
* jit/JITThunks.cpp:
(JSC::JITThunks::ctiNativeTailCall):
(JSC::JITThunks::ctiNativeTailCallWithoutSavedTags):
(JSC::JITThunks::ctiStub):
(JSC::JITThunks::hostFunctionStub):
(JSC::JITThunks::clearHostFunctionStubs):
* jit/JITThunks.h:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):
(JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters): Deleted.
(JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters): Deleted.
* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
(JSC::nativeForGenerator):
(JSC::nativeCallGenerator):
(JSC::nativeTailCallGenerator):
(JSC::nativeTailCallWithoutSavedTagsGenerator):
(JSC::nativeConstructGenerator):
(JSC::randomThunkGenerator):
(JSC::boundThisNoArgsFunctionCallGenerator):
* jit/ThunkGenerators.h:
* runtime/Executable.cpp:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::destroy):
(JSC::NativeExecutable::createStructure):
(JSC::NativeExecutable::finishCreation):
(JSC::NativeExecutable::NativeExecutable):
(JSC::ScriptExecutable::ScriptExecutable):
* runtime/Executable.h:
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncBind):
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototypeGetterCompare):
* runtime/Intrinsic.h:
* runtime/JSBoundFunction.cpp:
(JSC::boundThisNoArgsFunctionCall):
(JSC::boundFunctionCall):
(JSC::boundThisNoArgsFunctionConstruct):
(JSC::boundFunctionConstruct):
(JSC::getBoundFunctionStructure):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::customHasInstance):
(JSC::JSBoundFunction::JSBoundFunction):
* runtime/JSBoundFunction.h:
(JSC::JSBoundFunction::targetFunction):
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):
(JSC::JSBoundFunction::offsetOfTargetFunction):
(JSC::JSBoundFunction::offsetOfBoundThis):
* runtime/JSFunction.cpp:
(JSC::JSFunction::lookUpOrCreateNativeExecutable):
(JSC::JSFunction::create):
* runtime/VM.cpp:
(JSC::thunkGeneratorForIntrinsic):
(JSC::VM::getHostFunction):
* runtime/VM.h:
(JSC::VM::getCTIStub):
(JSC::VM::exceptionOffset):
LayoutTests:
This microbenchmark speeds up by >4x with this change.
* js/regress/bound-function-call-expected.txt: Added.
* js/regress/bound-function-call.html: Added.
* js/regress/script-tests/bound-function-call.js: Added.
(foo):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreassemblerAbstractMacroAssemblerh">trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitAssemblyHelpersh">trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITThunkscpp">trunk/Source/JavaScriptCore/jit/JITThunks.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITThunksh">trunk/Source/JavaScriptCore/jit/JITThunks.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitSpecializedThunkJITh">trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitThunkGeneratorscpp">trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitThunkGeneratorsh">trunk/Source/JavaScriptCore/jit/ThunkGenerators.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutablecpp">trunk/Source/JavaScriptCore/runtime/Executable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutableh">trunk/Source/JavaScriptCore/runtime/Executable.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionPrototypecpp">trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlCollatorPrototypecpp">trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntrinsich">trunk/Source/JavaScriptCore/runtime/Intrinsic.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSBoundFunctionh">trunk/Source/JavaScriptCore/runtime/JSBoundFunction.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMcpp">trunk/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMh">trunk/Source/JavaScriptCore/runtime/VM.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsjsregressboundfunctioncallexpectedtxt">trunk/LayoutTests/js/regress/bound-function-call-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressboundfunctioncallhtml">trunk/LayoutTests/js/regress/bound-function-call.html</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsboundfunctioncalljs">trunk/LayoutTests/js/regress/script-tests/bound-function-call.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/LayoutTests/ChangeLog 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-04-22 Filip Pizlo <fpizlo@apple.com>
+
+ Speed up bound functions a bit
+ https://bugs.webkit.org/show_bug.cgi?id=156889
+
+ Reviewed by Saam Barati.
+
+ This microbenchmark speeds up by >4x with this change.
+
+ * js/regress/bound-function-call-expected.txt: Added.
+ * js/regress/bound-function-call.html: Added.
+ * js/regress/script-tests/bound-function-call.js: Added.
+ (foo):
+
</ins><span class="cx"> 2016-04-22 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Cannot access the SQLTransaction.constructor.prototype
</span></span></pre></div>
<a id="trunkLayoutTestsjsregressboundfunctioncallexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/bound-function-call-expected.txt (0 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/bound-function-call-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/bound-function-call-expected.txt 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/bound-function-call
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressboundfunctioncallhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/bound-function-call.html (0 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/bound-function-call.html (rev 0)
+++ trunk/LayoutTests/js/regress/bound-function-call.html 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="../../resources/regress-pre.js"></script>
+<script src="script-tests/bound-function-call.js"></script>
+<script src="../../resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsboundfunctioncalljs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/bound-function-call.js (0 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/bound-function-call.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/bound-function-call.js 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+function foo() {
+ return this.f;
+}
+
+var binding = foo.bind({f:42});
+
+(function() {
+ var n = 1000000;
+ var result = 0;
+ for (var i = 0; i < n; ++i) {
+ var myResult = binding();
+ result += myResult;
+ }
+ if (result != n * 42)
+ throw "Error: bad result: " + result;
+})();
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,3 +1,125 @@
</span><ins>+2016-04-22 Filip Pizlo <fpizlo@apple.com>
+
+ Speed up bound functions a bit
+ https://bugs.webkit.org/show_bug.cgi?id=156889
+
+ Reviewed by Saam Barati.
+
+ Bound functions are hard to optimize because JSC doesn't have a good notion of non-JS code
+ that does JS-ey things like make JS calls. What I mean by "non-JS code" is code that did not
+ originate from JS source. A bound function does a highly polymorphic call to the target
+ stored in the JSBoundFunction. Prior to this change, we represented it as native code that
+ used the generic native->JS call API. That's not cheap.
+
+ We could model bound functions using a builtin, but it's not clear that this would be easy
+ to grok, since so much of the code would have to access special parts of the JSBoundFunction
+ type. Doing it that way might solve the performance problems but it would mean extra work to
+ arrange for the builtin to have speedy access to the call target, the bound this, and the
+ bound arguments. Also, optimizing bound functions that way would mean that bound function
+ performance would be gated on the performance of a bunch of other things in our system. For
+ example, we'd want this polymorphic call to be handled like the funnel that it is: if we're
+ compiling the bound function's outgoing call with no context then we should compile it as
+ fully polymorphic but we can let it assume basic sanity like that the callee is a real
+ function; but if we're compiling the call with any amount of calling context then we want to
+ use normal call IC's.
+
+ Since the builtin path wouldn't lead to a simpler patch and since I think that the VM will
+ benefit in the long run from using custom handling for bound functions, I kept the native
+ code and just added Intrinsic/thunk support.
+
+ This just adds an Intrinsic for bound function calls where the JSBoundFunction targets a
+ JSFunction instance and has no bound arguments (only bound this). This intrinsic is
+ currently only implemented as a thunk and not yet recognized by the DFG bytecode parser.
+
+ I needed to loosen some restrictions to do this. For one, I was really tired of our bad use
+ of ENABLE(JIT) conditionals, which made it so that any serious client of Intrinsics would
+ have to have #ifdefs. Really what should happen is that if the JIT is not enabled then we
+ just ignore intrinsics. Also, the code was previously assuming that having a native
+ constructor and knowing the Intrinsic for your native call were mutually exclusive. This
+ change makes it possible to have a native executable that has a custom function, custom
+ constructor, and an Intrinsic.
+
+ This is a >4x speed-up on bound function calls with no bound arguments.
+
+ In the future, we should teach the DFG Intrinsic handling to deal with bound functions and
+ we should teach the inliner (and ByteCodeParser::handleCall() in general) how to deal with
+ the function call inside the bound function. That would be super awesome.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::timesPtr):
+ (JSC::AbstractMacroAssembler::Address::withOffset):
+ (JSC::AbstractMacroAssembler::BaseIndex::BaseIndex):
+ (JSC::MacroAssemblerType>::Address::indexedBy):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::storeCell):
+ (JSC::AssemblyHelpers::loadCell):
+ (JSC::AssemblyHelpers::storeValue):
+ (JSC::AssemblyHelpers::emitSaveCalleeSaves):
+ (JSC::AssemblyHelpers::emitSaveThenMaterializeTagRegisters):
+ (JSC::AssemblyHelpers::emitRestoreCalleeSaves):
+ (JSC::AssemblyHelpers::emitRestoreSavedTagRegisters):
+ (JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
+ * jit/JITThunks.cpp:
+ (JSC::JITThunks::ctiNativeTailCall):
+ (JSC::JITThunks::ctiNativeTailCallWithoutSavedTags):
+ (JSC::JITThunks::ctiStub):
+ (JSC::JITThunks::hostFunctionStub):
+ (JSC::JITThunks::clearHostFunctionStubs):
+ * jit/JITThunks.h:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
+ (JSC::SpecializedThunkJIT::tagReturnAsInt32):
+ (JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters): Deleted.
+ (JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters): Deleted.
+ * jit/ThunkGenerators.cpp:
+ (JSC::virtualThunkFor):
+ (JSC::nativeForGenerator):
+ (JSC::nativeCallGenerator):
+ (JSC::nativeTailCallGenerator):
+ (JSC::nativeTailCallWithoutSavedTagsGenerator):
+ (JSC::nativeConstructGenerator):
+ (JSC::randomThunkGenerator):
+ (JSC::boundThisNoArgsFunctionCallGenerator):
+ * jit/ThunkGenerators.h:
+ * runtime/Executable.cpp:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::destroy):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::NativeExecutable::finishCreation):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ * runtime/Executable.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncBind):
+ * runtime/IntlCollatorPrototype.cpp:
+ (JSC::IntlCollatorPrototypeGetterCompare):
+ * runtime/Intrinsic.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::boundThisNoArgsFunctionCall):
+ (JSC::boundFunctionCall):
+ (JSC::boundThisNoArgsFunctionConstruct):
+ (JSC::boundFunctionConstruct):
+ (JSC::getBoundFunctionStructure):
+ (JSC::JSBoundFunction::create):
+ (JSC::JSBoundFunction::customHasInstance):
+ (JSC::JSBoundFunction::JSBoundFunction):
+ * runtime/JSBoundFunction.h:
+ (JSC::JSBoundFunction::targetFunction):
+ (JSC::JSBoundFunction::boundThis):
+ (JSC::JSBoundFunction::boundArgs):
+ (JSC::JSBoundFunction::createStructure):
+ (JSC::JSBoundFunction::offsetOfTargetFunction):
+ (JSC::JSBoundFunction::offsetOfBoundThis):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::lookUpOrCreateNativeExecutable):
+ (JSC::JSFunction::create):
+ * runtime/VM.cpp:
+ (JSC::thunkGeneratorForIntrinsic):
+ (JSC::VM::getHostFunction):
+ * runtime/VM.h:
+ (JSC::VM::getCTIStub):
+ (JSC::VM::exceptionOffset):
+
</ins><span class="cx"> 2016-04-22 Joonghun Park <jh718.park@samsung.com>
</span><span class="cx">
</span><span class="cx"> [JSC] Fix build break since r199866
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreassemblerAbstractMacroAssemblerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -143,7 +143,9 @@
</span><span class="cx"> return TimesFour;
</span><span class="cx"> return TimesEight;
</span><span class="cx"> }
</span><del>-
</del><ins>+
+ struct BaseIndex;
+
</ins><span class="cx"> // Address:
</span><span class="cx"> //
</span><span class="cx"> // Describes a simple base-offset address.
</span><span class="lines">@@ -159,6 +161,8 @@
</span><span class="cx"> return Address(base, offset + additionalOffset);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ BaseIndex indexedBy(RegisterID index, Scale) const;
+
</ins><span class="cx"> RegisterID base;
</span><span class="cx"> int32_t offset;
</span><span class="cx"> };
</span><span class="lines">@@ -216,7 +220,7 @@
</span><span class="cx"> , offset(offset)
</span><span class="cx"> {
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> RegisterID base;
</span><span class="cx"> RegisterID index;
</span><span class="cx"> Scale scale;
</span><span class="lines">@@ -1144,6 +1148,15 @@
</span><span class="cx"> friend class LinkBuffer;
</span><span class="cx"> }; // class AbstractMacroAssembler
</span><span class="cx">
</span><ins>+template <class AssemblerType, class MacroAssemblerType>
+inline typename AbstractMacroAssembler<AssemblerType, MacroAssemblerType>::BaseIndex
+AbstractMacroAssembler<AssemblerType, MacroAssemblerType>::Address::indexedBy(
+ typename AbstractMacroAssembler<AssemblerType, MacroAssemblerType>::RegisterID index,
+ typename AbstractMacroAssembler<AssemblerType, MacroAssemblerType>::Scale scale) const
+{
+ return BaseIndex(base, index, scale, offset);
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(ASSEMBLER)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -85,6 +85,15 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void loadCell(Address address, GPRReg gpr)
+ {
+#if USE(JSVALUE64)
+ load64(address, gpr);
+#else
+ load32(address.withOffset(PayloadOffset), gpr);
+#endif
+ }
+
</ins><span class="cx"> void storeValue(JSValueRegs regs, Address address)
</span><span class="cx"> {
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="lines">@@ -274,11 +283,36 @@
</span><span class="cx"> emitSaveCalleeSavesFor(codeBlock());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void emitSaveThenMaterializeTagRegisters()
+ {
+#if USE(JSVALUE64)
+#if CPU(ARM64)
+ pushPair(GPRInfo::tagTypeNumberRegister, GPRInfo::tagMaskRegister);
+#else
+ push(GPRInfo::tagTypeNumberRegister);
+ push(GPRInfo::tagMaskRegister);
+#endif
+ emitMaterializeTagCheckRegisters();
+#endif
+ }
+
</ins><span class="cx"> void emitRestoreCalleeSaves()
</span><span class="cx"> {
</span><span class="cx"> emitRestoreCalleeSavesFor(codeBlock());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void emitRestoreSavedTagRegisters()
+ {
+#if USE(JSVALUE64)
+#if CPU(ARM64)
+ popPair(GPRInfo::tagTypeNumberRegister, GPRInfo::tagMaskRegister);
+#else
+ pop(GPRInfo::tagMaskRegister);
+ pop(GPRInfo::tagTypeNumberRegister);
+#endif
+#endif
+ }
+
</ins><span class="cx"> void copyCalleeSavesToVMCalleeSavesBuffer(const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
</span><span class="cx"> {
</span><span class="cx"> #if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITThunkscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITThunks.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITThunks.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/jit/JITThunks.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2013, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -64,6 +64,12 @@
</span><span class="cx"> return ctiStub(vm, nativeTailCallGenerator).code();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+MacroAssemblerCodePtr JITThunks::ctiNativeTailCallWithoutSavedTags(VM* vm)
+{
+ ASSERT(vm->canUseJIT());
+ return ctiStub(vm, nativeTailCallWithoutSavedTagsGenerator).code();
+}
+
</ins><span class="cx"> MacroAssemblerCodeRef JITThunks::ctiStub(VM* vm, ThunkGenerator generator)
</span><span class="cx"> {
</span><span class="cx"> LockHolder locker(m_lock);
</span><span class="lines">@@ -84,27 +90,15 @@
</span><span class="cx">
</span><span class="cx"> NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, NativeFunction constructor, const String& name)
</span><span class="cx"> {
</span><del>- ASSERT(!isCompilationThread());
-
- if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(std::make_tuple(function, constructor, name)))
- return nativeExecutable;
-
- NativeExecutable* nativeExecutable = NativeExecutable::create(
- *vm,
- adoptRef(new NativeJITCode(JIT::compileCTINativeCall(vm, function), JITCode::HostCallThunk)),
- function,
- adoptRef(new NativeJITCode(MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct(vm)), JITCode::HostCallThunk)),
- constructor, NoIntrinsic, name);
- weakAdd(*m_hostFunctionStubMap, std::make_tuple(function, constructor, name), Weak<NativeExecutable>(nativeExecutable, this));
- return nativeExecutable;
</del><ins>+ return hostFunctionStub(vm, function, constructor, nullptr, NoIntrinsic, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, ThunkGenerator generator, Intrinsic intrinsic, const String& name)
</del><ins>+NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, NativeFunction constructor, ThunkGenerator generator, Intrinsic intrinsic, const String& name)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!isCompilationThread());
</span><span class="cx"> ASSERT(vm->canUseJIT());
</span><span class="cx">
</span><del>- if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(std::make_tuple(function, &callHostFunctionAsConstructor, name)))
</del><ins>+ if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(std::make_tuple(function, constructor, name)))
</ins><span class="cx"> return nativeExecutable;
</span><span class="cx">
</span><span class="cx"> RefPtr<JITCode> forCall;
</span><span class="lines">@@ -116,11 +110,16 @@
</span><span class="cx">
</span><span class="cx"> RefPtr<JITCode> forConstruct = adoptRef(new NativeJITCode(MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct(vm)), JITCode::HostCallThunk));
</span><span class="cx">
</span><del>- NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, forCall, function, forConstruct, callHostFunctionAsConstructor, intrinsic, name);
- weakAdd(*m_hostFunctionStubMap, std::make_tuple(function, &callHostFunctionAsConstructor, name), Weak<NativeExecutable>(nativeExecutable, this));
</del><ins>+ NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, forCall, function, forConstruct, constructor, intrinsic, name);
+ weakAdd(*m_hostFunctionStubMap, std::make_tuple(function, constructor, name), Weak<NativeExecutable>(nativeExecutable, this));
</ins><span class="cx"> return nativeExecutable;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, ThunkGenerator generator, Intrinsic intrinsic, const String& name)
+{
+ return hostFunctionStub(vm, function, callHostFunctionAsConstructor, generator, intrinsic, name);
+}
+
</ins><span class="cx"> void JITThunks::clearHostFunctionStubs()
</span><span class="cx"> {
</span><span class="cx"> m_hostFunctionStubMap = nullptr;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITThunksh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITThunks.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITThunks.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/jit/JITThunks.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -55,10 +55,12 @@
</span><span class="cx"> MacroAssemblerCodePtr ctiNativeCall(VM*);
</span><span class="cx"> MacroAssemblerCodePtr ctiNativeConstruct(VM*);
</span><span class="cx"> MacroAssemblerCodePtr ctiNativeTailCall(VM*);
</span><ins>+ MacroAssemblerCodePtr ctiNativeTailCallWithoutSavedTags(VM*);
</ins><span class="cx">
</span><span class="cx"> MacroAssemblerCodeRef ctiStub(VM*, ThunkGenerator);
</span><span class="cx">
</span><span class="cx"> NativeExecutable* hostFunctionStub(VM*, NativeFunction, NativeFunction constructor, const String& name);
</span><ins>+ NativeExecutable* hostFunctionStub(VM*, NativeFunction, NativeFunction constructor, ThunkGenerator, Intrinsic, const String& name);
</ins><span class="cx"> NativeExecutable* hostFunctionStub(VM*, NativeFunction, ThunkGenerator, Intrinsic, const String& name);
</span><span class="cx">
</span><span class="cx"> void clearHostFunctionStubs();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitSpecializedThunkJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -193,31 +193,6 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- void emitSaveThenMaterializeTagRegisters()
- {
-#if USE(JSVALUE64)
-#if CPU(ARM64)
- pushPair(tagTypeNumberRegister, tagMaskRegister);
-#else
- push(tagTypeNumberRegister);
- push(tagMaskRegister);
-#endif
- emitMaterializeTagCheckRegisters();
-#endif
- }
-
- void emitRestoreSavedTagRegisters()
- {
-#if USE(JSVALUE64)
-#if CPU(ARM64)
- popPair(tagTypeNumberRegister, tagMaskRegister);
-#else
- pop(tagMaskRegister);
- pop(tagTypeNumberRegister);
-#endif
-#endif
- }
-
</del><span class="cx"> void tagReturnAsInt32()
</span><span class="cx"> {
</span><span class="cx"> #if USE(JSVALUE64)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitThunkGeneratorscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2010, 2012, 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2010, 2012, 2013, 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -31,6 +31,7 @@
</span><span class="cx"> #include "JITOperations.h"
</span><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSArrayIterator.h"
</span><ins>+#include "JSBoundFunction.h"
</ins><span class="cx"> #include "JSStack.h"
</span><span class="cx"> #include "MathCommon.h"
</span><span class="cx"> #include "MaxFrameExtentForSlowPathCall.h"
</span><span class="lines">@@ -227,7 +228,7 @@
</span><span class="cx"> callLinkInfo.callMode() == CallMode::Regular ? "call" : callLinkInfo.callMode() == CallMode::Tail ? "tail call" : "construct"));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-enum ThunkEntryType { EnterViaCall, EnterViaJump };
</del><ins>+enum ThunkEntryType { EnterViaCall, EnterViaJumpWithSavedTags, EnterViaJumpWithoutSavedTags };
</ins><span class="cx">
</span><span class="cx"> static MacroAssemblerCodeRef nativeForGenerator(VM* vm, CodeSpecializationKind kind, ThunkEntryType entryType = EnterViaCall)
</span><span class="cx"> {
</span><span class="lines">@@ -238,10 +239,12 @@
</span><span class="cx">
</span><span class="cx"> JSInterfaceJIT jit(vm);
</span><span class="cx">
</span><del>- if (entryType == EnterViaCall)
</del><ins>+ switch (entryType) {
+ case EnterViaCall:
</ins><span class="cx"> jit.emitFunctionPrologue();
</span><ins>+ break;
+ case EnterViaJumpWithSavedTags:
</ins><span class="cx"> #if USE(JSVALUE64)
</span><del>- else if (entryType == EnterViaJump) {
</del><span class="cx"> // We're coming from a specialized thunk that has saved the prior tag registers' contents.
</span><span class="cx"> // Restore them now.
</span><span class="cx"> #if CPU(ARM64)
</span><span class="lines">@@ -250,8 +253,12 @@
</span><span class="cx"> jit.pop(JSInterfaceJIT::tagMaskRegister);
</span><span class="cx"> jit.pop(JSInterfaceJIT::tagTypeNumberRegister);
</span><span class="cx"> #endif
</span><ins>+#endif
+ break;
+ case EnterViaJumpWithoutSavedTags:
+ jit.move(JSInterfaceJIT::framePointerRegister, JSInterfaceJIT::stackPointerRegister);
+ break;
</ins><span class="cx"> }
</span><del>-#endif
</del><span class="cx">
</span><span class="cx"> jit.emitPutToCallFrameHeader(0, JSStack::CodeBlock);
</span><span class="cx"> jit.storePtr(JSInterfaceJIT::callFrameRegister, &vm->topCallFrame);
</span><span class="lines">@@ -374,7 +381,7 @@
</span><span class="cx"> jit.jumpToExceptionHandler();
</span><span class="cx">
</span><span class="cx"> LinkBuffer patchBuffer(*vm, jit, GLOBAL_THUNK_ID);
</span><del>- return FINALIZE_CODE(patchBuffer, ("native %s%s trampoline", entryType == EnterViaJump ? "Tail " : "", toCString(kind).data()));
</del><ins>+ return FINALIZE_CODE(patchBuffer, ("native %s%s trampoline", entryType == EnterViaJumpWithSavedTags ? "Tail With Saved Tags " : entryType == EnterViaJumpWithoutSavedTags ? "Tail Without Saved Tags " : "", toCString(kind).data()));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> MacroAssemblerCodeRef nativeCallGenerator(VM* vm)
</span><span class="lines">@@ -384,9 +391,14 @@
</span><span class="cx">
</span><span class="cx"> MacroAssemblerCodeRef nativeTailCallGenerator(VM* vm)
</span><span class="cx"> {
</span><del>- return nativeForGenerator(vm, CodeForCall, EnterViaJump);
</del><ins>+ return nativeForGenerator(vm, CodeForCall, EnterViaJumpWithSavedTags);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+MacroAssemblerCodeRef nativeTailCallWithoutSavedTagsGenerator(VM* vm)
+{
+ return nativeForGenerator(vm, CodeForCall, EnterViaJumpWithoutSavedTags);
+}
+
</ins><span class="cx"> MacroAssemblerCodeRef nativeConstructGenerator(VM* vm)
</span><span class="cx"> {
</span><span class="cx"> return nativeForGenerator(vm, CodeForConstruct);
</span><span class="lines">@@ -1079,6 +1091,97 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+MacroAssemblerCodeRef boundThisNoArgsFunctionCallGenerator(VM* vm)
+{
+ CCallHelpers jit(vm);
+
+ jit.emitFunctionPrologue();
+
+ // Set up our call frame.
+ jit.storePtr(CCallHelpers::TrustedImmPtr(nullptr), CCallHelpers::addressFor(JSStack::CodeBlock));
+ jit.store32(CCallHelpers::TrustedImm32(0), CCallHelpers::tagFor(JSStack::ArgumentCount));
+
+ unsigned extraStackNeeded = 0;
+ if (unsigned stackMisalignment = sizeof(CallerFrameAndPC) % stackAlignmentBytes())
+ extraStackNeeded = stackAlignmentBytes() - stackMisalignment;
+
+ // We need to forward all of the arguments that we were passed. We aren't allowed to do a tail
+ // call here as far as I can tell. At least not so long as the generic path doesn't do a tail
+ // call, since that would be way too weird.
+
+ // The formula for the number of stack bytes needed given some number of parameters (including
+ // this) is:
+ //
+ // stackAlign((numParams + CallFrameHeaderSize) * sizeof(Register) - sizeof(CallerFrameAndPC))
+ //
+ // Probably we want to write this as:
+ //
+ // stackAlign((numParams + (CallFrameHeaderSize - CallerFrameAndPCSize)) * sizeof(Register))
+ //
+ // That's really all there is to this. We have all the registers we need to do it.
+
+ jit.load32(CCallHelpers::payloadFor(JSStack::ArgumentCount), GPRInfo::regT1);
+ jit.add32(CCallHelpers::TrustedImm32(JSStack::CallFrameHeaderSize - JSStack::CallerFrameAndPCSize), GPRInfo::regT1, GPRInfo::regT2);
+ jit.lshift32(CCallHelpers::TrustedImm32(3), GPRInfo::regT2);
+ jit.add32(CCallHelpers::TrustedImm32(stackAlignmentBytes() - 1), GPRInfo::regT2);
+ jit.and32(CCallHelpers::TrustedImm32(-stackAlignmentBytes()), GPRInfo::regT2);
+
+ if (extraStackNeeded)
+ jit.add32(CCallHelpers::TrustedImm32(extraStackNeeded), GPRInfo::regT2);
+
+ // At this point regT1 has the actual argument count and regT2 has the amount of stack we will
+ // need.
+
+ jit.subPtr(GPRInfo::regT2, CCallHelpers::stackPointerRegister);
+
+ // Do basic callee frame setup, including 'this'.
+
+ jit.loadCell(CCallHelpers::addressFor(JSStack::Callee), GPRInfo::regT3);
+
+ jit.store32(GPRInfo::regT1, CCallHelpers::calleeFramePayloadSlot(JSStack::ArgumentCount));
+
+ JSValueRegs valueRegs = JSValueRegs::withTwoAvailableRegs(GPRInfo::regT0, GPRInfo::regT2);
+ jit.loadValue(CCallHelpers::Address(GPRInfo::regT3, JSBoundFunction::offsetOfBoundThis()), valueRegs);
+ jit.storeValue(valueRegs, CCallHelpers::calleeArgumentSlot(0));
+
+ jit.loadPtr(CCallHelpers::Address(GPRInfo::regT3, JSBoundFunction::offsetOfTargetFunction()), GPRInfo::regT3);
+ jit.storeCell(GPRInfo::regT3, CCallHelpers::calleeFrameSlot(JSStack::Callee));
+
+ // OK, now we can start copying. This is a simple matter of copying parameters from the caller's
+ // frame to the callee's frame. Note that we know that regT1 (the argument count) must be at
+ // least 1.
+ jit.sub32(CCallHelpers::TrustedImm32(1), GPRInfo::regT1);
+ CCallHelpers::Jump done = jit.branchTest32(CCallHelpers::Zero, GPRInfo::regT1);
+
+ CCallHelpers::Label loop = jit.label();
+ jit.sub32(CCallHelpers::TrustedImm32(1), GPRInfo::regT1);
+ jit.loadValue(CCallHelpers::addressFor(virtualRegisterForArgument(1)).indexedBy(GPRInfo::regT1, CCallHelpers::TimesEight), valueRegs);
+ jit.storeValue(valueRegs, CCallHelpers::calleeArgumentSlot(1).indexedBy(GPRInfo::regT1, CCallHelpers::TimesEight));
+ jit.branchTest32(CCallHelpers::NonZero, GPRInfo::regT1).linkTo(loop, &jit);
+
+ done.link(&jit);
+
+ jit.loadPtr(
+ CCallHelpers::Address(GPRInfo::regT3, JSFunction::offsetOfExecutable()),
+ GPRInfo::regT0);
+ jit.loadPtr(
+ CCallHelpers::Address(
+ GPRInfo::regT0, ExecutableBase::offsetOfJITCodeWithArityCheckFor(CodeForCall)),
+ GPRInfo::regT0);
+ CCallHelpers::Jump noCode = jit.branchTestPtr(CCallHelpers::Zero, GPRInfo::regT0);
+
+ emitPointerValidation(jit, GPRInfo::regT0);
+ jit.call(GPRInfo::regT0);
+
+ jit.emitFunctionEpilogue();
+ jit.ret();
+
+ LinkBuffer linkBuffer(*vm, jit, GLOBAL_THUNK_ID);
+ linkBuffer.link(noCode, CodeLocationLabel(vm->jitStubs->ctiNativeTailCallWithoutSavedTags(vm)));
+ return FINALIZE_CODE(
+ linkBuffer, ("Specialized thunk for bound function calls with no arguments"));
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+} // namespace JSC
+
</ins><span class="cx"> #endif // ENABLE(JIT)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitThunkGeneratorsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/ThunkGenerators.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/ThunkGenerators.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/jit/ThunkGenerators.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -46,6 +46,7 @@
</span><span class="cx"> MacroAssemblerCodeRef nativeCallGenerator(VM*);
</span><span class="cx"> MacroAssemblerCodeRef nativeConstructGenerator(VM*);
</span><span class="cx"> MacroAssemblerCodeRef nativeTailCallGenerator(VM*);
</span><ins>+MacroAssemblerCodeRef nativeTailCallWithoutSavedTagsGenerator(VM*);
</ins><span class="cx"> MacroAssemblerCodeRef arityFixupGenerator(VM*);
</span><span class="cx"> MacroAssemblerCodeRef unreachableGenerator(VM*);
</span><span class="cx">
</span><span class="lines">@@ -65,6 +66,8 @@
</span><span class="cx"> MacroAssemblerCodeRef randomThunkGenerator(VM*);
</span><span class="cx"> MacroAssemblerCodeRef truncThunkGenerator(VM*);
</span><span class="cx">
</span><ins>+MacroAssemblerCodeRef boundThisNoArgsFunctionCallGenerator(VM* vm);
+
</ins><span class="cx"> }
</span><span class="cx"> #endif // ENABLE(JIT)
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Executable.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Executable.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/Executable.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -103,11 +103,41 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo NativeExecutable::s_info = { "NativeExecutable", &ExecutableBase::s_info, 0, CREATE_METHOD_TABLE(NativeExecutable) };
</span><span class="cx">
</span><ins>+NativeExecutable* NativeExecutable::create(VM& vm, PassRefPtr<JITCode> callThunk, NativeFunction function, PassRefPtr<JITCode> constructThunk, NativeFunction constructor, Intrinsic intrinsic, const String& name)
+{
+ NativeExecutable* executable;
+ executable = new (NotNull, allocateCell<NativeExecutable>(vm.heap)) NativeExecutable(vm, function, constructor, intrinsic);
+ executable->finishCreation(vm, callThunk, constructThunk, name);
+ return executable;
+}
+
</ins><span class="cx"> void NativeExecutable::destroy(JSCell* cell)
</span><span class="cx"> {
</span><span class="cx"> static_cast<NativeExecutable*>(cell)->NativeExecutable::~NativeExecutable();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+Structure* NativeExecutable::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
+{
+ return Structure::create(vm, globalObject, proto, TypeInfo(CellType, StructureFlags), info());
+}
+
+void NativeExecutable::finishCreation(VM& vm, PassRefPtr<JITCode> callThunk, PassRefPtr<JITCode> constructThunk, const String& name)
+{
+ Base::finishCreation(vm);
+ m_jitCodeForCall = callThunk;
+ m_jitCodeForConstruct = constructThunk;
+ m_jitCodeForCallWithArityCheck = m_jitCodeForCall->addressForCall(MustCheckArity);
+ m_jitCodeForConstructWithArityCheck = m_jitCodeForConstruct->addressForCall(MustCheckArity);
+ m_name = name;
+}
+
+NativeExecutable::NativeExecutable(VM& vm, NativeFunction function, NativeFunction constructor, Intrinsic intrinsic)
+ : ExecutableBase(vm, vm.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST, intrinsic)
+ , m_function(function)
+ , m_constructor(constructor)
+{
+}
+
</ins><span class="cx"> const ClassInfo ScriptExecutable::s_info = { "ScriptExecutable", &ExecutableBase::s_info, 0, CREATE_METHOD_TABLE(ScriptExecutable) };
</span><span class="cx">
</span><span class="cx"> ScriptExecutable::ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext, DerivedContextType derivedContextType, bool isInArrowFunctionContext, EvalContextType evalContextType, Intrinsic intrinsic)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutableh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Executable.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Executable.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/Executable.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -258,13 +258,7 @@
</span><span class="cx"> typedef ExecutableBase Base;
</span><span class="cx"> static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
</span><span class="cx">
</span><del>- static NativeExecutable* create(VM& vm, PassRefPtr<JITCode> callThunk, NativeFunction function, PassRefPtr<JITCode> constructThunk, NativeFunction constructor, Intrinsic intrinsic, const String& name)
- {
- NativeExecutable* executable;
- executable = new (NotNull, allocateCell<NativeExecutable>(vm.heap)) NativeExecutable(vm, function, constructor, intrinsic);
- executable->finishCreation(vm, callThunk, constructThunk, name);
- return executable;
- }
</del><ins>+ static NativeExecutable* create(VM& vm, PassRefPtr<JITCode> callThunk, NativeFunction function, PassRefPtr<JITCode> constructThunk, NativeFunction constructor, Intrinsic intrinsic, const String& name);
</ins><span class="cx">
</span><span class="cx"> static void destroy(JSCell*);
</span><span class="cx">
</span><span class="lines">@@ -289,7 +283,7 @@
</span><span class="cx"> return OBJECT_OFFSETOF(NativeExecutable, m_constructor);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto) { return Structure::create(vm, globalObject, proto, TypeInfo(CellType, StructureFlags), info()); }
</del><ins>+ static Structure* createStructure(VM&, JSGlobalObject*, JSValue proto);
</ins><span class="cx">
</span><span class="cx"> DECLARE_INFO;
</span><span class="cx">
</span><span class="lines">@@ -298,23 +292,12 @@
</span><span class="cx"> const String& name() const { return m_name; }
</span><span class="cx">
</span><span class="cx"> protected:
</span><del>- void finishCreation(VM& vm, PassRefPtr<JITCode> callThunk, PassRefPtr<JITCode> constructThunk, const String& name)
- {
- Base::finishCreation(vm);
- m_jitCodeForCall = callThunk;
- m_jitCodeForConstruct = constructThunk;
- m_name = name;
- }
</del><ins>+ void finishCreation(VM&, PassRefPtr<JITCode> callThunk, PassRefPtr<JITCode> constructThunk, const String& name);
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> friend class ExecutableBase;
</span><span class="cx">
</span><del>- NativeExecutable(VM& vm, NativeFunction function, NativeFunction constructor, Intrinsic intrinsic)
- : ExecutableBase(vm, vm.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST, intrinsic)
- , m_function(function)
- , m_constructor(constructor)
- {
- }
</del><ins>+ NativeExecutable(VM&, NativeFunction function, NativeFunction constructor, Intrinsic);
</ins><span class="cx">
</span><span class="cx"> NativeFunction m_function;
</span><span class="cx"> NativeFunction m_constructor;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -141,13 +141,17 @@
</span><span class="cx">
</span><span class="cx"> // Let A be a new (possibly empty) internal list of all of the argument values provided after thisArg (arg1, arg2 etc), in order.
</span><span class="cx"> size_t numBoundArgs = exec->argumentCount() > 1 ? exec->argumentCount() - 1 : 0;
</span><del>- JSArray* boundArgs = JSArray::tryCreateUninitialized(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), numBoundArgs);
- if (!boundArgs)
- return JSValue::encode(throwOutOfMemoryError(exec));
</del><ins>+ JSArray* boundArgs;
+ if (numBoundArgs) {
+ boundArgs = JSArray::tryCreateUninitialized(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous), numBoundArgs);
+ if (!boundArgs)
+ return JSValue::encode(throwOutOfMemoryError(exec));
+
+ for (size_t i = 0; i < numBoundArgs; ++i)
+ boundArgs->initializeIndex(vm, i, exec->argument(i + 1));
+ } else
+ boundArgs = nullptr;
</ins><span class="cx">
</span><del>- for (size_t i = 0; i < numBoundArgs; ++i)
- boundArgs->initializeIndex(vm, i, exec->argument(i + 1));
-
</del><span class="cx"> // If the [[Class]] internal property of Target is "Function", then ...
</span><span class="cx"> // Else set the length own property of F to 0.
</span><span class="cx"> unsigned length = 0;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlCollatorPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2015 Andy VanWagoner (thetalecrafter@gmail.com)
</span><ins>+ * Copyright (C) 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -124,12 +125,9 @@
</span><span class="cx"> // a. Let F be a new built-in function object as defined in 11.3.4.
</span><span class="cx"> // b. The value of F’s length property is 2.
</span><span class="cx"> JSFunction* targetObject = JSFunction::create(vm, globalObject, 2, ASCIILiteral("compare"), IntlCollatorFuncCompare, NoIntrinsic);
</span><del>- JSArray* boundArgs = JSArray::tryCreateUninitialized(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), 0);
- if (!boundArgs)
- return JSValue::encode(throwOutOfMemoryError(state));
</del><span class="cx">
</span><span class="cx"> // c. Let bc be BoundFunctionCreate(F, «this value»).
</span><del>- boundCompare = JSBoundFunction::create(vm, state, globalObject, targetObject, collator, boundArgs, 2, ASCIILiteral("compare"));
</del><ins>+ boundCompare = JSBoundFunction::create(vm, state, globalObject, targetObject, collator, nullptr, 2, ASCIILiteral("compare"));
</ins><span class="cx"> if (vm.exception())
</span><span class="cx"> return JSValue::encode(JSValue());
</span><span class="cx"> // d. Set collator.[[boundCompare]] to bc.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntrinsich"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Intrinsic.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Intrinsic.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/Intrinsic.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -61,6 +61,7 @@
</span><span class="cx"> IsArrayConstructorIntrinsic,
</span><span class="cx"> IsJSArrayIntrinsic,
</span><span class="cx"> IsRegExpObjectIntrinsic,
</span><ins>+ BoundThisNoArgsFunctionCallIntrinsic,
</ins><span class="cx">
</span><span class="cx"> // Getter intrinsics.
</span><span class="cx"> TypedArrayLengthIntrinsic,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -34,16 +34,37 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo JSBoundFunction::s_info = { "Function", &Base::s_info, 0, CREATE_METHOD_TABLE(JSBoundFunction) };
</span><span class="cx">
</span><ins>+EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionCall(ExecState* exec)
+{
+ JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->callee());
+
+ MarkedArgumentBuffer args;
+ for (unsigned i = 0; i < exec->argumentCount(); ++i)
+ args.append(exec->uncheckedArgument(i));
+
+ JSFunction* targetFunction = jsCast<JSFunction*>(boundFunction->targetFunction());
+ ExecutableBase* executable = targetFunction->executable();
+ if (executable->hasJITCodeForCall()) {
+ // Force the executable to cache its arity entrypoint.
+ executable->entrypointFor(CodeForCall, MustCheckArity);
+ }
+ CallData callData;
+ CallType callType = getCallData(targetFunction, callData);
+ ASSERT(callType != CallType::None);
+ return JSValue::encode(call(exec, targetFunction, callType, callData, boundFunction->boundThis(), args));
+}
+
</ins><span class="cx"> EncodedJSValue JSC_HOST_CALL boundFunctionCall(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->callee());
</span><span class="cx">
</span><del>- ASSERT(isJSArray(boundFunction->boundArgs())); // Currently this is true!
- JSArray* boundArgs = asArray(boundFunction->boundArgs());
</del><ins>+ JSArray* boundArgs = boundFunction->boundArgs();
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer args;
</span><del>- for (unsigned i = 0; i < boundArgs->length(); ++i)
- args.append(boundArgs->getIndexQuickly(i));
</del><ins>+ if (boundArgs) {
+ for (unsigned i = 0; i < boundArgs->length(); ++i)
+ args.append(boundArgs->getIndexQuickly(i));
+ }
</ins><span class="cx"> for (unsigned i = 0; i < exec->argumentCount(); ++i)
</span><span class="cx"> args.append(exec->uncheckedArgument(i));
</span><span class="cx">
</span><span class="lines">@@ -54,16 +75,32 @@
</span><span class="cx"> return JSValue::encode(call(exec, targetFunction, callType, callData, boundFunction->boundThis(), args));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionConstruct(ExecState* exec)
+{
+ JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->callee());
+
+ MarkedArgumentBuffer args;
+ for (unsigned i = 0; i < exec->argumentCount(); ++i)
+ args.append(exec->uncheckedArgument(i));
+
+ JSFunction* targetFunction = jsCast<JSFunction*>(boundFunction->targetFunction());
+ ConstructData constructData;
+ ConstructType constructType = getConstructData(targetFunction, constructData);
+ ASSERT(constructType != ConstructType::None);
+ return JSValue::encode(construct(exec, targetFunction, constructType, constructData, args));
+}
+
</ins><span class="cx"> EncodedJSValue JSC_HOST_CALL boundFunctionConstruct(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> JSBoundFunction* boundFunction = jsCast<JSBoundFunction*>(exec->callee());
</span><span class="cx">
</span><del>- ASSERT(isJSArray(boundFunction->boundArgs())); // Currently this is true!
- JSArray* boundArgs = asArray(boundFunction->boundArgs());
</del><ins>+ JSArray* boundArgs = boundFunction->boundArgs();
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer args;
</span><del>- for (unsigned i = 0; i < boundArgs->length(); ++i)
- args.append(boundArgs->getIndexQuickly(i));
</del><ins>+ if (boundArgs) {
+ for (unsigned i = 0; i < boundArgs->length(); ++i)
+ args.append(boundArgs->getIndexQuickly(i));
+ }
</ins><span class="cx"> for (unsigned i = 0; i < exec->argumentCount(); ++i)
</span><span class="cx"> args.append(exec->uncheckedArgument(i));
</span><span class="cx">
</span><span class="lines">@@ -119,12 +156,19 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSBoundFunction* JSBoundFunction::create(VM& vm, ExecState* exec, JSGlobalObject* globalObject, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int length, const String& name)
</del><ins>+JSBoundFunction* JSBoundFunction::create(VM& vm, ExecState* exec, JSGlobalObject* globalObject, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs, int length, const String& name)
</ins><span class="cx"> {
</span><span class="cx"> ConstructData constructData;
</span><span class="cx"> ConstructType constructType = JSC::getConstructData(targetFunction, constructData);
</span><span class="cx"> bool canConstruct = constructType != ConstructType::None;
</span><del>- NativeExecutable* executable = vm.getHostFunction(boundFunctionCall, canConstruct ? boundFunctionConstruct : callHostFunctionAsConstructor, name);
</del><ins>+
+ bool slowCase = boundArgs || !getJSFunction(targetFunction);
+
+ NativeExecutable* executable = vm.getHostFunction(
+ slowCase ? boundFunctionCall : boundThisNoArgsFunctionCall,
+ slowCase ? NoIntrinsic : BoundThisNoArgsFunctionCallIntrinsic,
+ canConstruct ? (slowCase ? boundFunctionConstruct : boundThisNoArgsFunctionConstruct) : callHostFunctionAsConstructor,
+ name);
</ins><span class="cx"> Structure* structure = getBoundFunctionStructure(vm, exec, globalObject, targetFunction);
</span><span class="cx"> if (UNLIKELY(vm.exception()))
</span><span class="cx"> return nullptr;
</span><span class="lines">@@ -139,11 +183,11 @@
</span><span class="cx"> return jsCast<JSBoundFunction*>(object)->m_targetFunction->hasInstance(exec, value);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSBoundFunction::JSBoundFunction(VM& vm, JSGlobalObject* globalObject, Structure* structure, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs)
</del><ins>+JSBoundFunction::JSBoundFunction(VM& vm, JSGlobalObject* globalObject, Structure* structure, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs)
</ins><span class="cx"> : Base(vm, globalObject, structure)
</span><span class="cx"> , m_targetFunction(vm, this, targetFunction)
</span><span class="cx"> , m_boundThis(vm, this, boundThis)
</span><del>- , m_boundArgs(vm, this, boundArgs)
</del><ins>+ , m_boundArgs(vm, this, boundArgs, WriteBarrier<JSArray>::MayBeNull)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSBoundFunctionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSBoundFunction.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSBoundFunction.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/JSBoundFunction.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -30,7 +30,9 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionCall(ExecState*);
</ins><span class="cx"> EncodedJSValue JSC_HOST_CALL boundFunctionCall(ExecState*);
</span><ins>+EncodedJSValue JSC_HOST_CALL boundThisNoArgsFunctionConstruct(ExecState*);
</ins><span class="cx"> EncodedJSValue JSC_HOST_CALL boundFunctionConstruct(ExecState*);
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL isBoundFunction(ExecState*);
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL hasInstanceBoundFunction(ExecState*);
</span><span class="lines">@@ -40,19 +42,22 @@
</span><span class="cx"> typedef JSFunction Base;
</span><span class="cx"> const static unsigned StructureFlags = ~ImplementsDefaultHasInstance & Base::StructureFlags;
</span><span class="cx">
</span><del>- static JSBoundFunction* create(VM&, ExecState*, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int, const String& name);
</del><ins>+ static JSBoundFunction* create(VM&, ExecState*, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs, int, const String& name);
</ins><span class="cx">
</span><span class="cx"> static bool customHasInstance(JSObject*, ExecState*, JSValue);
</span><span class="cx">
</span><span class="cx"> JSObject* targetFunction() { return m_targetFunction.get(); }
</span><span class="cx"> JSValue boundThis() { return m_boundThis.get(); }
</span><del>- JSValue boundArgs() { return m_boundArgs.get(); }
</del><ins>+ JSArray* boundArgs() { return m_boundArgs.get(); }
</ins><span class="cx">
</span><span class="cx"> static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(globalObject);
</span><span class="cx"> return Structure::create(vm, globalObject, prototype, TypeInfo(JSFunctionType, StructureFlags), info());
</span><span class="cx"> }
</span><ins>+
+ static ptrdiff_t offsetOfTargetFunction() { return OBJECT_OFFSETOF(JSBoundFunction, m_targetFunction); }
+ static ptrdiff_t offsetOfBoundThis() { return OBJECT_OFFSETOF(JSBoundFunction, m_boundThis); }
</ins><span class="cx">
</span><span class="cx"> DECLARE_INFO;
</span><span class="cx">
</span><span class="lines">@@ -60,13 +65,13 @@
</span><span class="cx"> static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- JSBoundFunction(VM&, JSGlobalObject*, Structure*, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs);
</del><ins>+ JSBoundFunction(VM&, JSGlobalObject*, Structure*, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs);
</ins><span class="cx">
</span><span class="cx"> void finishCreation(VM&, NativeExecutable*, int length, const String& name);
</span><span class="cx">
</span><span class="cx"> WriteBarrier<JSObject> m_targetFunction;
</span><span class="cx"> WriteBarrier<Unknown> m_boundThis;
</span><del>- WriteBarrier<Unknown> m_boundArgs;
</del><ins>+ WriteBarrier<JSArray> m_boundArgs;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSFunction.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -84,15 +84,7 @@
</span><span class="cx">
</span><span class="cx"> NativeExecutable* JSFunction::lookUpOrCreateNativeExecutable(VM& vm, NativeFunction nativeFunction, Intrinsic intrinsic, NativeFunction nativeConstructor, const String& name)
</span><span class="cx"> {
</span><del>-#if !ENABLE(JIT)
- UNUSED_PARAM(intrinsic);
-#else
- if (intrinsic != NoIntrinsic && vm.canUseJIT()) {
- ASSERT(nativeConstructor == callHostFunctionAsConstructor);
- return vm.getHostFunction(nativeFunction, intrinsic, name);
- }
-#endif
- return vm.getHostFunction(nativeFunction, nativeConstructor, name);
</del><ins>+ return vm.getHostFunction(nativeFunction, intrinsic, nativeConstructor, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSFunction* JSFunction::create(VM& vm, JSGlobalObject* globalObject, int length, const String& name, NativeFunction nativeFunction, Intrinsic intrinsic, NativeFunction nativeConstructor)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.cpp (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.cpp 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/VM.cpp 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -495,33 +495,34 @@
</span><span class="cx"> return imulThunkGenerator;
</span><span class="cx"> case RandomIntrinsic:
</span><span class="cx"> return randomThunkGenerator;
</span><ins>+ case BoundThisNoArgsFunctionCallIntrinsic:
+ return boundThisNoArgsFunctionCallGenerator;
</ins><span class="cx"> default:
</span><del>- return 0;
</del><ins>+ return nullptr;
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+#endif // !ENABLE(JIT)
+
</ins><span class="cx"> NativeExecutable* VM::getHostFunction(NativeFunction function, NativeFunction constructor, const String& name)
</span><span class="cx"> {
</span><del>- return jitStubs->hostFunctionStub(this, function, constructor, name);
</del><ins>+ return getHostFunction(function, NoIntrinsic, constructor, name);
</ins><span class="cx"> }
</span><del>-NativeExecutable* VM::getHostFunction(NativeFunction function, Intrinsic intrinsic, const String& name)
-{
- ASSERT(canUseJIT());
- return jitStubs->hostFunctionStub(this, function, intrinsic != NoIntrinsic ? thunkGeneratorForIntrinsic(intrinsic) : 0, intrinsic, name);
-}
</del><span class="cx">
</span><del>-#else // !ENABLE(JIT)
-
-NativeExecutable* VM::getHostFunction(NativeFunction function, NativeFunction constructor, const String& name)
</del><ins>+NativeExecutable* VM::getHostFunction(NativeFunction function, Intrinsic intrinsic, NativeFunction constructor, const String& name)
</ins><span class="cx"> {
</span><ins>+ if (canUseJIT()) {
+ return jitStubs->hostFunctionStub(
+ this, function, constructor,
+ intrinsic != NoIntrinsic ? thunkGeneratorForIntrinsic(intrinsic) : 0,
+ intrinsic, name);
+ }
</ins><span class="cx"> return NativeExecutable::create(*this,
</span><span class="cx"> adoptRef(new NativeJITCode(MacroAssemblerCodeRef::createLLIntCodeRef(llint_native_call_trampoline), JITCode::HostCallThunk)), function,
</span><span class="cx"> adoptRef(new NativeJITCode(MacroAssemblerCodeRef::createLLIntCodeRef(llint_native_construct_trampoline), JITCode::HostCallThunk)), constructor,
</span><span class="cx"> NoIntrinsic, name);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-#endif // !ENABLE(JIT)
-
</del><span class="cx"> VM::ClientData::~ClientData()
</span><span class="cx"> {
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.h (199945 => 199946)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.h 2016-04-23 01:14:02 UTC (rev 199945)
+++ trunk/Source/JavaScriptCore/runtime/VM.h 2016-04-23 02:00:38 UTC (rev 199946)
</span><span class="lines">@@ -399,7 +399,6 @@
</span><span class="cx"> {
</span><span class="cx"> return jitStubs->ctiStub(this, generator);
</span><span class="cx"> }
</span><del>- NativeExecutable* getHostFunction(NativeFunction, Intrinsic, const String& name);
</del><span class="cx">
</span><span class="cx"> std::unique_ptr<RegisterAtOffsetList> allCalleeSaveRegisterOffsets;
</span><span class="cx">
</span><span class="lines">@@ -411,6 +410,7 @@
</span><span class="cx"> std::unique_ptr<FTL::Thunks> ftlThunks;
</span><span class="cx"> #endif
</span><span class="cx"> NativeExecutable* getHostFunction(NativeFunction, NativeFunction constructor, const String& name);
</span><ins>+ NativeExecutable* getHostFunction(NativeFunction, Intrinsic intrinsic, NativeFunction constructor, const String& name);
</ins><span class="cx">
</span><span class="cx"> static ptrdiff_t exceptionOffset()
</span><span class="cx"> {
</span></span></pre>
</div>
</div>
</body>
</html>