<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[208320] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/208320">208320</a></dd>
<dt>Author</dt> <dd>utatane.tea@gmail.com</dd>
<dt>Date</dt> <dd>2016-11-02 20:20:53 -0700 (Wed, 02 Nov 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>[DOMJIT] Add DOMJIT::Signature
https://bugs.webkit.org/show_bug.cgi?id=162980
Reviewed by Saam Barati and Sam Weinig.
Source/JavaScriptCore:
This patch introduces a new mechanism called DOMJIT::Signature. We can annotate the function with DOMJIT::Signature.
DOMJIT::Signature has type information of that function. And it also maintains the effect of the function and the
pointer to the unsafe function. The unsafe function means the function without type and argument count checks.
By using these information, we can separate type and argument count checks from the function. And we can emit
these things as DFG checks and convert the function call itself to CallDOM node. CallDOM node can call the unsafe
function directly without any checks. Furthermore, this CallDOM node can represent its own clobberizing rules based
on DOMJIT::Effect maintained by DOMJIT::Signature. It allows us to make opaque Call node to a CallDOM node that
merely reads some part of heap. These changes (1) can drop duplicate type checks in DFG, (2) offer ability to move
CallDOM node to somewhere, and (3) track more detailed heap reads and writes of CallDOM nodes.
We first emit Call node with DOMJIT::Signature in DFGByteCodeParser. And in the fixup phase, we attempt to lower
Call node to CallDOM node with checks & edge filters. This is because we do not know the type predictions in
DFGByteCodeParser phase. If we always emit CallDOM node in DFGByteCodeParser, if we evaluate `div.getAttribute(true)`
thingy, the Uncountable OSR exits repeatedly happen because AI figures out the abstract value is cleared.
Currently, DOMJIT signature only allows the types that can reside in GPR. This is because the types of the unsafe
function arguments are represented as the sequence of void*. In the future, we will extend to accept other types like
float, double etc.
We annotate several functions in Element. In particular, we annotate Element::getAttribute. This allows us to perform
LICM in Dromaeo dom-attr test. In the Dromaeo dom-attr getAttribute test, we can see 32x improvement. (134974.8 v.s. 4203.4)
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CallVariant.h:
(JSC::CallVariant::functionExecutable):
(JSC::CallVariant::nativeExecutable):
(JSC::CallVariant::signatureFor):
* bytecode/SpeculatedType.h:
(JSC::isNotStringSpeculation):
(JSC::isNotInt32Speculation):
(JSC::isNotBooleanSpeculation):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::attemptToInlineCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::handleDOMJITCall):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeCallDOM):
(JSC::DFG::FixupPhase::fixupCheckDOM):
(JSC::DFG::FixupPhase::fixupCallDOM):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToCallDOM):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::shouldSpeculateNotInt32):
(JSC::DFG::Node::shouldSpeculateNotBoolean):
(JSC::DFG::Node::shouldSpeculateNotString):
(JSC::DFG::Node::hasSignature):
(JSC::DFG::Node::signature):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCallDOM):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* domjit/DOMJITEffect.h:
(JSC::DOMJIT::Effect::Effect):
(JSC::DOMJIT::Effect::forWrite):
(JSC::DOMJIT::Effect::forRead):
(JSC::DOMJIT::Effect::forReadWrite):
(JSC::DOMJIT::Effect::forPure):
(JSC::DOMJIT::Effect::forDef):
(JSC::DOMJIT::Effect::mustGenerate):
In clang, we cannot make this Effect constructor constexpr if we use Optional<HeapRange>.
So we use HeapRange::top() for Nullopt def now.
* domjit/DOMJITHeapRange.h:
(JSC::DOMJIT::HeapRange::fromRaw):
(JSC::DOMJIT::HeapRange::operator bool):
(JSC::DOMJIT::HeapRange::operator==):
(JSC::DOMJIT::HeapRange::operator!=):
(JSC::DOMJIT::HeapRange::fromConstant):
* domjit/DOMJITSignature.h: Copied from Source/JavaScriptCore/domjit/DOMJITEffect.h.
(JSC::DOMJIT::Signature::Signature):
(JSC::DOMJIT::Signature::argumentCount):
(JSC::DOMJIT::Signature::checkDOM):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):
* jit/JITOperations.h:
* jit/JITThunks.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/JITThunks.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::create):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::create):
* runtime/JSFunction.h:
* runtime/JSNativeStdFunction.cpp:
(JSC::JSNativeStdFunction::create):
* runtime/JSObject.cpp:
(JSC::JSObject::putDirectNativeFunction):
* runtime/JSObject.h:
* runtime/Lookup.h:
(JSC::HashTableValue::functionLength):
(JSC::HashTableValue::signature):
(JSC::reifyStaticProperty):
* runtime/NativeExecutable.cpp:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::NativeExecutable):
* runtime/NativeExecutable.h:
* runtime/PropertySlot.h:
* runtime/VM.cpp:
(JSC::VM::getHostFunction):
* runtime/VM.h:
Source/WebCore:
We introduce DOMJIT::Signature. This signature object is automatically generated by IDL code generator.
It holds (1) types, (2) pointer to the unsafe function (the function without checks), and (3) the effect
of the function. We use constexpr to initialize DOMJIT::Signature without invoking global constructors.
Thus the content is embedded into the binary as the constant values.
We also clean up the IDL code generator related to DOMJIT part. Instead of switching things inside IDL
code generator, we use C++ template to dispatch things at compile time. This template meta programming
is highly utilized in IDL these days.
To make DOMJIT::Signature constexpr, we also need to define DOMJIT abstract heap things in the build time.
To do so, we introduce a tiny Ruby script to calculate the range of abstract heaps. We can offer the abstract
heap tree as YAML format and the script will produce a C++ header holding the calculated abstract heap ranges
* CMakeLists.txt:
* DerivedSources.make:
* ForwardingHeaders/bytecode/SpeculatedType.h: Renamed from Source/WebCore/domjit/DOMJITAbstractHeapRepository.h.
* ForwardingHeaders/domjit/DOMJITSignature.h: Renamed from Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp.
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMGlobalObject.h:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GeneratePropertiesHashTable):
(GetUnsafeArgumentType):
(GetArgumentTypeFilter):
(GetResultTypeFilter):
(GenerateImplementation):
(UnsafeToNative):
(GenerateHashTableValueArray):
(ComputeFunctionSpecial):
* bindings/scripts/IDLAttributes.txt:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
(WebCore::BindingCaller<JSTestDOMJIT>::castForOperation):
(WebCore::TestDOMJITAnyAttrDOMJIT::TestDOMJITAnyAttrDOMJIT):
(WebCore::TestDOMJITBooleanAttrDOMJIT::TestDOMJITBooleanAttrDOMJIT):
(WebCore::TestDOMJITByteAttrDOMJIT::TestDOMJITByteAttrDOMJIT):
(WebCore::TestDOMJITOctetAttrDOMJIT::TestDOMJITOctetAttrDOMJIT):
(WebCore::TestDOMJITShortAttrDOMJIT::TestDOMJITShortAttrDOMJIT):
(WebCore::TestDOMJITUnsignedShortAttrDOMJIT::TestDOMJITUnsignedShortAttrDOMJIT):
(WebCore::TestDOMJITLongAttrDOMJIT::TestDOMJITLongAttrDOMJIT):
(WebCore::TestDOMJITUnsignedLongAttrDOMJIT::TestDOMJITUnsignedLongAttrDOMJIT):
(WebCore::TestDOMJITLongLongAttrDOMJIT::TestDOMJITLongLongAttrDOMJIT):
(WebCore::TestDOMJITUnsignedLongLongAttrDOMJIT::TestDOMJITUnsignedLongLongAttrDOMJIT):
(WebCore::TestDOMJITFloatAttrDOMJIT::TestDOMJITFloatAttrDOMJIT):
(WebCore::TestDOMJITUnrestrictedFloatAttrDOMJIT::TestDOMJITUnrestrictedFloatAttrDOMJIT):
(WebCore::TestDOMJITDoubleAttrDOMJIT::TestDOMJITDoubleAttrDOMJIT):
(WebCore::TestDOMJITUnrestrictedDoubleAttrDOMJIT::TestDOMJITUnrestrictedDoubleAttrDOMJIT):
(WebCore::TestDOMJITDomStringAttrDOMJIT::TestDOMJITDomStringAttrDOMJIT):
(WebCore::TestDOMJITByteStringAttrDOMJIT::TestDOMJITByteStringAttrDOMJIT):
(WebCore::TestDOMJITUsvStringAttrDOMJIT::TestDOMJITUsvStringAttrDOMJIT):
(WebCore::TestDOMJITNodeAttrDOMJIT::TestDOMJITNodeAttrDOMJIT):
(WebCore::TestDOMJITBooleanNullableAttrDOMJIT::TestDOMJITBooleanNullableAttrDOMJIT):
(WebCore::TestDOMJITByteNullableAttrDOMJIT::TestDOMJITByteNullableAttrDOMJIT):
(WebCore::TestDOMJITOctetNullableAttrDOMJIT::TestDOMJITOctetNullableAttrDOMJIT):
(WebCore::TestDOMJITShortNullableAttrDOMJIT::TestDOMJITShortNullableAttrDOMJIT):
(WebCore::TestDOMJITUnsignedShortNullableAttrDOMJIT::TestDOMJITUnsignedShortNullableAttrDOMJIT):
(WebCore::TestDOMJITLongNullableAttrDOMJIT::TestDOMJITLongNullableAttrDOMJIT):
(WebCore::TestDOMJITUnsignedLongNullableAttrDOMJIT::TestDOMJITUnsignedLongNullableAttrDOMJIT):
(WebCore::TestDOMJITLongLongNullableAttrDOMJIT::TestDOMJITLongLongNullableAttrDOMJIT):
(WebCore::TestDOMJITUnsignedLongLongNullableAttrDOMJIT::TestDOMJITUnsignedLongLongNullableAttrDOMJIT):
(WebCore::TestDOMJITFloatNullableAttrDOMJIT::TestDOMJITFloatNullableAttrDOMJIT):
(WebCore::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT):
(WebCore::TestDOMJITDoubleNullableAttrDOMJIT::TestDOMJITDoubleNullableAttrDOMJIT):
(WebCore::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT):
(WebCore::TestDOMJITDomStringNullableAttrDOMJIT::TestDOMJITDomStringNullableAttrDOMJIT):
(WebCore::TestDOMJITByteStringNullableAttrDOMJIT::TestDOMJITByteStringNullableAttrDOMJIT):
(WebCore::TestDOMJITUsvStringNullableAttrDOMJIT::TestDOMJITUsvStringNullableAttrDOMJIT):
(WebCore::TestDOMJITNodeNullableAttrDOMJIT::TestDOMJITNodeNullableAttrDOMJIT):
(WebCore::jsTestDOMJITPrototypeFunctionGetAttribute):
(WebCore::jsTestDOMJITPrototypeFunctionGetAttributeCaller):
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetAttribute):
(WebCore::jsTestDOMJITPrototypeFunctionItem):
(WebCore::jsTestDOMJITPrototypeFunctionItemCaller):
(WebCore::unsafeJsTestDOMJITPrototypeFunctionItem):
(WebCore::jsTestDOMJITPrototypeFunctionHasAttribute):
(WebCore::jsTestDOMJITPrototypeFunctionHasAttributeCaller):
(WebCore::unsafeJsTestDOMJITPrototypeFunctionHasAttribute):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementById):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementByIdCaller):
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementById):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementsByName):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementsByNameCaller):
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementsByName):
* bindings/scripts/test/TestDOMJIT.idl:
* dom/Element.idl:
* domjit/DOMJITAbstractHeapRepository.yaml: Added.
* domjit/DOMJITIDLConvert.h: Added.
(WebCore::DOMJIT::DirectConverter<IDLDOMString>::directConvert<StringConversionConfiguration::Normal>):
* domjit/DOMJITIDLType.h: Added.
* domjit/DOMJITIDLTypeFilter.h: Added.
* domjit/JSDocumentDOMJIT.cpp:
(WebCore::DocumentDocumentElementDOMJIT::callDOMGetter):
* domjit/JSNodeDOMJIT.cpp:
(WebCore::NodeFirstChildDOMJIT::callDOMGetter):
(WebCore::NodeLastChildDOMJIT::callDOMGetter):
(WebCore::NodeNextSiblingDOMJIT::callDOMGetter):
(WebCore::NodePreviousSiblingDOMJIT::callDOMGetter):
(WebCore::NodeParentNodeDOMJIT::callDOMGetter):
(WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter):
* domjit/generate-abstract-heap.rb: Added.
LayoutTests:
* js/dom/domjit-accessor-licm.html:
* js/dom/domjit-function-effect-should-overlap-with-call-expected.txt: Added.
* js/dom/domjit-function-effect-should-overlap-with-call.html: Added.
* js/dom/domjit-function-expected.txt: Added.
* js/dom/domjit-function-licm-expected.txt: Added.
* js/dom/domjit-function-licm.html: Copied from LayoutTests/js/dom/domjit-accessor-licm.html.
* js/dom/domjit-function-type-contradiction-expected.txt: Added.
* js/dom/domjit-function-type-contradiction.html: Copied from LayoutTests/js/dom/domjit-accessor-licm.html.
* js/dom/domjit-function-type-failure-expected.txt: Added.
* js/dom/domjit-function-type-failure.html: Copied from LayoutTests/js/dom/domjit-accessor-licm.html.
* js/dom/domjit-function.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitaccessorlicmhtml">trunk/LayoutTests/js/dom/domjit-accessor-licm.html</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCallVarianth">trunk/Source/JavaScriptCore/bytecode/CallVariant.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeSpeculatedTypeh">trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh">trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDoesGCcpp">trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFixupPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodecpp">trunk/Source/JavaScriptCore/dfg/DFGNode.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeh">trunk/Source/JavaScriptCore/dfg/DFGNode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeTypeh">trunk/Source/JavaScriptCore/dfg/DFGNodeType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSafeToExecuteh">trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITh">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredomjitDOMJITEffecth">trunk/Source/JavaScriptCore/domjit/DOMJITEffect.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredomjitDOMJITHeapRangeh">trunk/Source/JavaScriptCore/domjit/DOMJITHeapRange.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCapabilitiescpp">trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationsh">trunk/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITThunkscpp">trunk/Source/JavaScriptCore/jit/JITThunks.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITThunksh">trunk/Source/JavaScriptCore/jit/JITThunks.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSCellh">trunk/Source/JavaScriptCore/runtime/JSCell.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSFunctionh">trunk/Source/JavaScriptCore/runtime/JSFunction.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSNativeStdFunctioncpp">trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSObjectcpp">trunk/Source/JavaScriptCore/runtime/JSObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSObjecth">trunk/Source/JavaScriptCore/runtime/JSObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLookuph">trunk/Source/JavaScriptCore/runtime/Lookup.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeNativeExecutablecpp">trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeNativeExecutableh">trunk/Source/JavaScriptCore/runtime/NativeExecutable.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimePropertySloth">trunk/Source/JavaScriptCore/runtime/PropertySlot.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMcpp">trunk/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMh">trunk/Source/JavaScriptCore/runtime/VM.h</a></li>
<li><a href="#trunkSourceWebCoreCMakeListstxt">trunk/Source/WebCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreDerivedSourcesmake">trunk/Source/WebCore/DerivedSources.make</a></li>
<li><a href="#trunkSourceWebCoreWebCorexcodeprojprojectpbxproj">trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMGlobalObjecth">trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h</a></li>
<li><a href="#trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm">trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm</a></li>
<li><a href="#trunkSourceWebCorebindingsscriptsIDLAttributestxt">trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt</a></li>
<li><a href="#trunkSourceWebCorebindingsscriptstestJSJSTestDOMJITcpp">trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsscriptstestTestDOMJITidl">trunk/Source/WebCore/bindings/scripts/test/TestDOMJIT.idl</a></li>
<li><a href="#trunkSourceWebCoredomElementidl">trunk/Source/WebCore/dom/Element.idl</a></li>
<li><a href="#trunkSourceWebCoredomjitJSDocumentDOMJITcpp">trunk/Source/WebCore/domjit/JSDocumentDOMJIT.cpp</a></li>
<li><a href="#trunkSourceWebCoredomjitJSNodeDOMJITcpp">trunk/Source/WebCore/domjit/JSNodeDOMJIT.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctioneffectshouldoverlapwithcallexpectedtxt">trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctioneffectshouldoverlapwithcallhtml">trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call.html</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctionexpectedtxt">trunk/LayoutTests/js/dom/domjit-function-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctionlicmexpectedtxt">trunk/LayoutTests/js/dom/domjit-function-licm-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctionlicmhtml">trunk/LayoutTests/js/dom/domjit-function-licm.html</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctiontypecontradictionexpectedtxt">trunk/LayoutTests/js/dom/domjit-function-type-contradiction-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctiontypecontradictionhtml">trunk/LayoutTests/js/dom/domjit-function-type-contradiction.html</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctiontypefailureexpectedtxt">trunk/LayoutTests/js/dom/domjit-function-type-failure-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctiontypefailurehtml">trunk/LayoutTests/js/dom/domjit-function-type-failure.html</a></li>
<li><a href="#trunkLayoutTestsjsdomdomjitfunctionhtml">trunk/LayoutTests/js/dom/domjit-function.html</a></li>
<li><a href="#trunkSourceJavaScriptCoredomjitDOMJITSignatureh">trunk/Source/JavaScriptCore/domjit/DOMJITSignature.h</a></li>
<li><a href="#trunkSourceWebCoreForwardingHeadersbytecodeSpeculatedTypeh">trunk/Source/WebCore/ForwardingHeaders/bytecode/SpeculatedType.h</a></li>
<li><a href="#trunkSourceWebCoreForwardingHeadersdomjitDOMJITSignatureh">trunk/Source/WebCore/ForwardingHeaders/domjit/DOMJITSignature.h</a></li>
<li><a href="#trunkSourceWebCoredomjitDOMJITAbstractHeapRepositoryyaml">trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.yaml</a></li>
<li><a href="#trunkSourceWebCoredomjitDOMJITIDLConverth">trunk/Source/WebCore/domjit/DOMJITIDLConvert.h</a></li>
<li><a href="#trunkSourceWebCoredomjitDOMJITIDLTypeh">trunk/Source/WebCore/domjit/DOMJITIDLType.h</a></li>
<li><a href="#trunkSourceWebCoredomjitDOMJITIDLTypeFilterh">trunk/Source/WebCore/domjit/DOMJITIDLTypeFilter.h</a></li>
<li><a href="#trunkSourceWebCoredomjitgenerateabstractheaprb">trunk/Source/WebCore/domjit/generate-abstract-heap.rb</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoredomjitDOMJITAbstractHeapRepositorycpp">trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp</a></li>
<li><a href="#trunkSourceWebCoredomjitDOMJITAbstractHeapRepositoryh">trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/LayoutTests/ChangeLog 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2016-11-02 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [DOMJIT] Add DOMJIT::Signature
+ https://bugs.webkit.org/show_bug.cgi?id=162980
+
+ Reviewed by Saam Barati and Sam Weinig.
+
+ * js/dom/domjit-accessor-licm.html:
+ * js/dom/domjit-function-effect-should-overlap-with-call-expected.txt: Added.
+ * js/dom/domjit-function-effect-should-overlap-with-call.html: Added.
+ * js/dom/domjit-function-expected.txt: Added.
+ * js/dom/domjit-function-licm-expected.txt: Added.
+ * js/dom/domjit-function-licm.html: Copied from LayoutTests/js/dom/domjit-accessor-licm.html.
+ * js/dom/domjit-function-type-contradiction-expected.txt: Added.
+ * js/dom/domjit-function-type-contradiction.html: Copied from LayoutTests/js/dom/domjit-accessor-licm.html.
+ * js/dom/domjit-function-type-failure-expected.txt: Added.
+ * js/dom/domjit-function-type-failure.html: Copied from LayoutTests/js/dom/domjit-accessor-licm.html.
+ * js/dom/domjit-function.html: Added.
+
</ins><span class="cx"> 2016-11-02 Ryan Haddad <ryanhaddad@apple.com>
</span><span class="cx">
</span><span class="cx"> Marking imported/mozilla/svg/paint-order-01.svg and imported/mozilla/svg/paint-order-02.svg as flaky.
</span></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitaccessorlicmhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/dom/domjit-accessor-licm.html (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-accessor-licm.html 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/LayoutTests/js/dom/domjit-accessor-licm.html 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1,14 +1,3 @@
</span><del>-<!DOCTYPE HTML>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-</head>
-<body>
-<script>
-
-</script>
-</body>
-</html>
</del><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctioneffectshouldoverlapwithcallexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call-expected.txt (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call-expected.txt 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+Test function calls should overlap with effects of DOMJIT functions.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS test() is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctioneffectshouldoverlapwithcallhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call.html (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call.html (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-effect-should-overlap-with-call.html 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,33 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="target"></div>
+</div>
+
+<script>
+description('Test function calls should overlap with effects of DOMJIT functions.');
+
+function test()
+{
+ var target = document.getElementById('target');
+ target.setAttribute("cocoa", "0");
+ for (var i = 0; i < 1e4; ++i) {
+ var ret = target.getAttribute("cocoa");
+ if (ret !== String(i))
+ return false;
+ target.setAttribute("cocoa", String(i + 1));
+ var ret = target.getAttribute("cocoa");
+ if (ret === String(i))
+ return false;
+ }
+ return true;
+}
+
+shouldBeTrue(`test()`);
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctionexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/domjit-function-expected.txt (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-expected.txt 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+Test DOMJIT functions work.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS All tests passed.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctionlicmexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/domjit-function-licm-expected.txt (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-licm-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-licm-expected.txt 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+Test DOMJIT function will be LICM-ed.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctionlicmhtmlfromrev208319trunkLayoutTestsjsdomdomjitaccessorlicmhtml"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/js/dom/domjit-function-licm.html (from rev 208319, trunk/LayoutTests/js/dom/domjit-accessor-licm.html) (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-licm.html (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-licm.html 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+
+<div id="parentNode">
+<div id="previousSibling"></div><div id="target"><div id="firstChild"></div><div id="lastChild"></div></div><div id="nextSibling"></div>
+</div>
+
+<script>
+description('Test DOMJIT function will be LICM-ed.');
+
+function test() {
+ var div = document.createElement('div');
+ var ret = "invalid";
+ div.setAttribute("cocoa", "Cocoa");
+ for (var i = 0; i < 1e4; ++i)
+ ret = div.getAttribute("cocoa");
+ return ret;
+}
+var result;
+(function () {
+ for (var i = 0; i < 100; ++i) {
+ result = test();
+ shouldBe(`result`, `"Cocoa"`, true);
+ }
+}());
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctiontypecontradictionexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/domjit-function-type-contradiction-expected.txt (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-type-contradiction-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-type-contradiction-expected.txt 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+Test DOMJIT function will cause type contradiction giving up.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctiontypecontradictionhtmlfromrev208319trunkLayoutTestsjsdomdomjitaccessorlicmhtml"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/js/dom/domjit-function-type-contradiction.html (from rev 208319, trunk/LayoutTests/js/dom/domjit-accessor-licm.html) (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-type-contradiction.html (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-type-contradiction.html 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+
+<div id="parentNode">
+<div id="previousSibling"></div><div id="target"><div id="firstChild"></div><div id="lastChild"></div></div><div id="nextSibling"></div>
+</div>
+
+<script>
+description('Test DOMJIT function will cause type contradiction giving up.');
+
+var div = document.createElement('div');
+div.setAttribute("cocoa", "Cocoa");
+function test(div) {
+ var ret = "invalid";
+ for (var i = 0; i < 1e4; ++i)
+ ret = div.getAttribute(200);
+ return ret;
+}
+var result;
+(function () {
+ for (var i = 0; i < 100; ++i) {
+ result = test(div);
+ shouldBe(`result`, `null`, true);
+ }
+}());
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctiontypefailureexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/domjit-function-type-failure-expected.txt (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-type-failure-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-type-failure-expected.txt 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+Test DOMJIT function will cause BadType OSR exits.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctiontypefailurehtmlfromrev208319trunkLayoutTestsjsdomdomjitaccessorlicmhtml"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/js/dom/domjit-function-type-failure.html (from rev 208319, trunk/LayoutTests/js/dom/domjit-accessor-licm.html) (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function-type-failure.html (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function-type-failure.html 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,39 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+
+<div id="parentNode">
+<div id="previousSibling"></div><div id="target"><div id="firstChild"></div><div id="lastChild"></div></div><div id="nextSibling"></div>
+</div>
+
+<script>
+description('Test DOMJIT function will cause BadType OSR exits.');
+
+var div = document.createElement('div');
+div.setAttribute("cocoa", "Cocoa");
+function test(div, name) {
+ var ret = "invalid";
+ for (var i = 0; i < 1e4; ++i)
+ ret = div.getAttribute(name);
+ return ret;
+}
+var result;
+(function () {
+ for (var i = 0; i < 100; ++i) {
+ result = test(div, 'cocoa');
+ shouldBe(`result`, `"Cocoa"`, true);
+ }
+ for (var i = 0; i < 100; ++i) {
+ result = test(div, 400);
+ shouldBe(`result`, `null`, true);
+ }
+}());
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomdomjitfunctionhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/domjit-function.html (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/domjit-function.html (rev 0)
+++ trunk/LayoutTests/js/dom/domjit-function.html 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,58 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="target" cocoa="cocoa"><div id="firstChild"></div><div id="lastChild"></div></div>
+</div>
+
+<script>
+description('Test DOMJIT functions work.');
+var div;
+(function () {
+ div = document.getElementById('target');
+
+ function a()
+ {
+ return div.getAttribute('cocoa') === 'cocoa';
+ }
+
+ function b()
+ {
+ return div.getAttributeNode('cocoa').nodeType === Node.ATTRIBUTE_NODE;
+ }
+
+ function c()
+ {
+ return div.getElementsByTagName('div').length === 2;
+ }
+
+ function d()
+ {
+ return div.hasAttribute('cocoa') === true;
+ }
+
+ function main()
+ {
+ if (!a())
+ return false;
+ if (!b())
+ return false;
+ if (!c())
+ return false;
+ if (!d())
+ return false;
+ return true;
+ }
+
+ for (var i = 0; i < 1e4; ++i) {
+ if (!main())
+ throw new Error("error");
+ }
+ testPassed("All tests passed.");
+}());
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1,3 +1,134 @@
</span><ins>+2016-11-02 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [DOMJIT] Add DOMJIT::Signature
+ https://bugs.webkit.org/show_bug.cgi?id=162980
+
+ Reviewed by Saam Barati and Sam Weinig.
+
+ This patch introduces a new mechanism called DOMJIT::Signature. We can annotate the function with DOMJIT::Signature.
+ DOMJIT::Signature has type information of that function. And it also maintains the effect of the function and the
+ pointer to the unsafe function. The unsafe function means the function without type and argument count checks.
+ By using these information, we can separate type and argument count checks from the function. And we can emit
+ these things as DFG checks and convert the function call itself to CallDOM node. CallDOM node can call the unsafe
+ function directly without any checks. Furthermore, this CallDOM node can represent its own clobberizing rules based
+ on DOMJIT::Effect maintained by DOMJIT::Signature. It allows us to make opaque Call node to a CallDOM node that
+ merely reads some part of heap. These changes (1) can drop duplicate type checks in DFG, (2) offer ability to move
+ CallDOM node to somewhere, and (3) track more detailed heap reads and writes of CallDOM nodes.
+
+ We first emit Call node with DOMJIT::Signature in DFGByteCodeParser. And in the fixup phase, we attempt to lower
+ Call node to CallDOM node with checks & edge filters. This is because we do not know the type predictions in
+ DFGByteCodeParser phase. If we always emit CallDOM node in DFGByteCodeParser, if we evaluate `div.getAttribute(true)`
+ thingy, the Uncountable OSR exits repeatedly happen because AI figures out the abstract value is cleared.
+
+ Currently, DOMJIT signature only allows the types that can reside in GPR. This is because the types of the unsafe
+ function arguments are represented as the sequence of void*. In the future, we will extend to accept other types like
+ float, double etc.
+
+ We annotate several functions in Element. In particular, we annotate Element::getAttribute. This allows us to perform
+ LICM in Dromaeo dom-attr test. In the Dromaeo dom-attr getAttribute test, we can see 32x improvement. (134974.8 v.s. 4203.4)
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CallVariant.h:
+ (JSC::CallVariant::functionExecutable):
+ (JSC::CallVariant::nativeExecutable):
+ (JSC::CallVariant::signatureFor):
+ * bytecode/SpeculatedType.h:
+ (JSC::isNotStringSpeculation):
+ (JSC::isNotInt32Speculation):
+ (JSC::isNotBooleanSpeculation):
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::attemptToInlineCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::handleDOMJITCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ (JSC::DFG::FixupPhase::attemptToMakeCallDOM):
+ (JSC::DFG::FixupPhase::fixupCheckDOM):
+ (JSC::DFG::FixupPhase::fixupCallDOM):
+ * dfg/DFGNode.cpp:
+ (JSC::DFG::Node::convertToCallDOM):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasHeapPrediction):
+ (JSC::DFG::Node::shouldSpeculateNotInt32):
+ (JSC::DFG::Node::shouldSpeculateNotBoolean):
+ (JSC::DFG::Node::shouldSpeculateNotString):
+ (JSC::DFG::Node::hasSignature):
+ (JSC::DFG::Node::signature):
+ * dfg/DFGNodeType.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileCallDOM):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * domjit/DOMJITEffect.h:
+ (JSC::DOMJIT::Effect::Effect):
+ (JSC::DOMJIT::Effect::forWrite):
+ (JSC::DOMJIT::Effect::forRead):
+ (JSC::DOMJIT::Effect::forReadWrite):
+ (JSC::DOMJIT::Effect::forPure):
+ (JSC::DOMJIT::Effect::forDef):
+ (JSC::DOMJIT::Effect::mustGenerate):
+ In clang, we cannot make this Effect constructor constexpr if we use Optional<HeapRange>.
+ So we use HeapRange::top() for Nullopt def now.
+
+ * domjit/DOMJITHeapRange.h:
+ (JSC::DOMJIT::HeapRange::fromRaw):
+ (JSC::DOMJIT::HeapRange::operator bool):
+ (JSC::DOMJIT::HeapRange::operator==):
+ (JSC::DOMJIT::HeapRange::operator!=):
+ (JSC::DOMJIT::HeapRange::fromConstant):
+ * domjit/DOMJITSignature.h: Copied from Source/JavaScriptCore/domjit/DOMJITEffect.h.
+ (JSC::DOMJIT::Signature::Signature):
+ (JSC::DOMJIT::Signature::argumentCount):
+ (JSC::DOMJIT::Signature::checkDOM):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileNode):
+ (JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):
+ * jit/JITOperations.h:
+ * jit/JITThunks.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITThunks.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::create):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ * runtime/JSFunction.h:
+ * runtime/JSNativeStdFunction.cpp:
+ (JSC::JSNativeStdFunction::create):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putDirectNativeFunction):
+ * runtime/JSObject.h:
+ * runtime/Lookup.h:
+ (JSC::HashTableValue::functionLength):
+ (JSC::HashTableValue::signature):
+ (JSC::reifyStaticProperty):
+ * runtime/NativeExecutable.cpp:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::NativeExecutable):
+ * runtime/NativeExecutable.h:
+ * runtime/PropertySlot.h:
+ * runtime/VM.cpp:
+ (JSC::VM::getHostFunction):
+ * runtime/VM.h:
+
</ins><span class="cx"> 2016-11-02 Andreas Kling <akling@apple.com>
</span><span class="cx">
</span><span class="cx"> MarkedSpace should have specialized size classes for popular engine objects.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -2208,6 +2208,7 @@
</span><span class="cx"> E33F50851B8437A000413856 /* JSInternalPromiseDeferred.h in Headers */ = {isa = PBXBuildFile; fileRef = E33F50831B8437A000413856 /* JSInternalPromiseDeferred.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> E33F50871B8449EF00413856 /* JSInternalPromiseConstructor.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = E33F50861B8449EF00413856 /* JSInternalPromiseConstructor.lut.h */; };
</span><span class="cx"> E34EDBF71DB5FFC900DC87A5 /* FrameTracers.h in Headers */ = {isa = PBXBuildFile; fileRef = E34EDBF61DB5FFC100DC87A5 /* FrameTracers.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ E350708A1DC49BBF0089BCD6 /* DOMJITSignature.h in Headers */ = {isa = PBXBuildFile; fileRef = E35070891DC49BB60089BCD6 /* DOMJITSignature.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> E354622B1B6065D100545386 /* ConstructAbility.h in Headers */ = {isa = PBXBuildFile; fileRef = E354622A1B6065D100545386 /* ConstructAbility.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> E3555B8A1DAE03A500F36921 /* DOMJITCallDOMGetterPatchpoint.h in Headers */ = {isa = PBXBuildFile; fileRef = E3555B891DAE03A200F36921 /* DOMJITCallDOMGetterPatchpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> E355F3521B7DC85300C50DC5 /* ModuleLoaderPrototype.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E355F3501B7DC85300C50DC5 /* ModuleLoaderPrototype.cpp */; };
</span><span class="lines">@@ -4634,6 +4635,7 @@
</span><span class="cx"> E33F50861B8449EF00413856 /* JSInternalPromiseConstructor.lut.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSInternalPromiseConstructor.lut.h; sourceTree = "<group>"; };
</span><span class="cx"> E33F50881B844A1A00413856 /* InternalPromiseConstructor.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; path = InternalPromiseConstructor.js; sourceTree = "<group>"; };
</span><span class="cx"> E34EDBF61DB5FFC100DC87A5 /* FrameTracers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FrameTracers.h; sourceTree = "<group>"; };
</span><ins>+ E35070891DC49BB60089BCD6 /* DOMJITSignature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITSignature.h; sourceTree = "<group>"; };
</ins><span class="cx"> E354622A1B6065D100545386 /* ConstructAbility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ConstructAbility.h; sourceTree = "<group>"; };
</span><span class="cx"> E3555B891DAE03A200F36921 /* DOMJITCallDOMGetterPatchpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITCallDOMGetterPatchpoint.h; sourceTree = "<group>"; };
</span><span class="cx"> E355F3501B7DC85300C50DC5 /* ModuleLoaderPrototype.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ModuleLoaderPrototype.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -7575,6 +7577,7 @@
</span><span class="cx"> E37AD83A1DA4928000F3D412 /* DOMJITPatchpointParams.h */,
</span><span class="cx"> E37AD83B1DA4928000F3D412 /* DOMJITReg.h */,
</span><span class="cx"> E3CB1E241DA7540A00FA1E56 /* DOMJITSlowPathCalls.h */,
</span><ins>+ E35070891DC49BB60089BCD6 /* DOMJITSignature.h */,
</ins><span class="cx"> E3FFC8521DAD7D1000DEA53E /* DOMJITValue.h */,
</span><span class="cx"> );
</span><span class="cx"> path = domjit;
</span><span class="lines">@@ -8503,6 +8506,7 @@
</span><span class="cx"> 43AB26C61C1A535900D82AE6 /* B3MathExtras.h in Headers */,
</span><span class="cx"> AD2FCBF31DB58DAD00B3E736 /* WebAssemblyInstancePrototype.h in Headers */,
</span><span class="cx"> BC18C4290E16F5CD00B34460 /* JSStringRefCF.h in Headers */,
</span><ins>+ E350708A1DC49BBF0089BCD6 /* DOMJITSignature.h in Headers */,
</ins><span class="cx"> 1A28D4A8177B71C80007FA3C /* JSStringRefPrivate.h in Headers */,
</span><span class="cx"> 0F919D0D157EE0A2004A4E7D /* JSSymbolTableObject.h in Headers */,
</span><span class="cx"> 70ECA6061AFDBEA200449739 /* JSTemplateRegistryKey.h in Headers */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCallVarianth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CallVariant.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CallVariant.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/bytecode/CallVariant.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx"> #include "FunctionExecutable.h"
</span><span class="cx"> #include "JSCell.h"
</span><span class="cx"> #include "JSFunction.h"
</span><ins>+#include "NativeExecutable.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -120,6 +121,20 @@
</span><span class="cx"> return jsDynamicCast<FunctionExecutable*>(executable);
</span><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><ins>+
+ NativeExecutable* nativeExecutable() const
+ {
+ if (ExecutableBase* executable = this->executable())
+ return jsDynamicCast<NativeExecutable*>(executable);
+ return nullptr;
+ }
+
+ const DOMJIT::Signature* signatureFor(CodeSpecializationKind kind) const
+ {
+ if (NativeExecutable* nativeExecutable = this->nativeExecutable())
+ return nativeExecutable->signatureFor(kind);
+ return nullptr;
+ }
</ins><span class="cx">
</span><span class="cx"> void dump(PrintStream& out) const;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeSpeculatedTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -151,6 +151,11 @@
</span><span class="cx"> return !!value && (value & SpecString) == value;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool isNotStringSpeculation(SpeculatedType value)
+{
+ return value && !(value & SpecString);
+}
+
</ins><span class="cx"> inline bool isStringOrOtherSpeculation(SpeculatedType value)
</span><span class="cx"> {
</span><span class="cx"> return !!value && (value & (SpecString | SpecOther)) == value;
</span><span class="lines">@@ -303,6 +308,11 @@
</span><span class="cx"> return value && !(value & ~SpecInt32Only);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool isNotInt32Speculation(SpeculatedType value)
+{
+ return value && !(value & SpecInt32Only);
+}
+
</ins><span class="cx"> inline bool isInt32OrBooleanSpeculation(SpeculatedType value)
</span><span class="cx"> {
</span><span class="cx"> return value && !(value & ~(SpecBoolean | SpecInt32Only));
</span><span class="lines">@@ -388,6 +398,11 @@
</span><span class="cx"> return value == SpecBoolean;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool isNotBooleanSpeculation(SpeculatedType value)
+{
+ return value && !(value & SpecBoolean);
+}
+
</ins><span class="cx"> inline bool isOtherSpeculation(SpeculatedType value)
</span><span class="cx"> {
</span><span class="cx"> return value == SpecOther;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "DFGAbstractInterpreter.h"
</span><span class="cx"> #include "DOMJITGetterSetter.h"
</span><ins>+#include "DOMJITSignature.h"
</ins><span class="cx"> #include "GetByIdStatus.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "HashMapImpl.h"
</span><span class="lines">@@ -2303,6 +2304,13 @@
</span><span class="cx"> forNode(node).setType(m_graph, callDOMGetterData->domJIT->resultType());
</span><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+ case CallDOM: {
+ const DOMJIT::Signature* signature = node->signature();
+ if (signature->effect.writes)
+ clobberWorld(node->origin.semantic, clobberLimit);
+ forNode(node).setType(m_graph, signature->result);
+ break;
+ }
</ins><span class="cx"> case CheckArray: {
</span><span class="cx"> if (node->arrayMode().alreadyChecked(m_graph, node, forNode(node->child1()))) {
</span><span class="cx"> m_state.setFoundConstants(true);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -213,6 +213,8 @@
</span><span class="cx"> template<typename ChecksFunctor>
</span><span class="cx"> bool handleIntrinsicCall(Node* callee, int resultOperand, Intrinsic, int registerOffset, int argumentCountIncludingThis, SpeculatedType prediction, const ChecksFunctor& insertChecks);
</span><span class="cx"> template<typename ChecksFunctor>
</span><ins>+ bool handleDOMJITCall(Node* callee, int resultOperand, const DOMJIT::Signature*, int registerOffset, int argumentCountIncludingThis, SpeculatedType prediction, const ChecksFunctor& insertChecks);
+ template<typename ChecksFunctor>
</ins><span class="cx"> bool handleIntrinsicGetter(int resultOperand, const GetByIdVariant& intrinsicVariant, Node* thisNode, const ChecksFunctor& insertChecks);
</span><span class="cx"> template<typename ChecksFunctor>
</span><span class="cx"> bool handleTypedArrayConstructor(int resultOperand, InternalFunction*, int registerOffset, int argumentCountIncludingThis, TypedArrayType, const ChecksFunctor& insertChecks);
</span><span class="lines">@@ -818,18 +820,18 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Node* addCall(
</span><del>- int result, NodeType op, OpInfo opInfo, Node* callee, int argCount, int registerOffset,
</del><ins>+ int result, NodeType op, const DOMJIT::Signature* signature, Node* callee, int argCount, int registerOffset,
</ins><span class="cx"> SpeculatedType prediction)
</span><span class="cx"> {
</span><span class="cx"> if (op == TailCall) {
</span><span class="cx"> if (allInlineFramesAreTailCalls())
</span><del>- return addCallWithoutSettingResult(op, OpInfo(), callee, argCount, registerOffset, OpInfo());
</del><ins>+ return addCallWithoutSettingResult(op, OpInfo(signature), callee, argCount, registerOffset, OpInfo());
</ins><span class="cx"> op = TailCallInlinedCaller;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx">
</span><span class="cx"> Node* call = addCallWithoutSettingResult(
</span><del>- op, opInfo, callee, argCount, registerOffset, OpInfo(prediction));
</del><ins>+ op, OpInfo(signature), callee, argCount, registerOffset, OpInfo(prediction));
</ins><span class="cx"> VirtualRegister resultReg(result);
</span><span class="cx"> if (resultReg.isValid())
</span><span class="cx"> set(resultReg, call);
</span><span class="lines">@@ -1284,7 +1286,7 @@
</span><span class="cx"> // Oddly, this conflates calls that haven't executed with calls that behaved sufficiently polymorphically
</span><span class="cx"> // that we cannot optimize them.
</span><span class="cx">
</span><del>- Node* callNode = addCall(result, op, OpInfo(), callTarget, argumentCountIncludingThis, registerOffset, prediction);
</del><ins>+ Node* callNode = addCall(result, op, nullptr, callTarget, argumentCountIncludingThis, registerOffset, prediction);
</ins><span class="cx"> if (callNode->op() == TailCall)
</span><span class="cx"> return Terminal;
</span><span class="cx"> ASSERT(callNode->op() != TailCallVarargs && callNode->op() != TailCallForwardVarargs);
</span><span class="lines">@@ -1299,7 +1301,7 @@
</span><span class="cx"> return NonTerminal;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- Node* callNode = addCall(result, op, OpInfo(), callTarget, argumentCountIncludingThis, registerOffset, prediction);
</del><ins>+ Node* callNode = addCall(result, op, nullptr, callTarget, argumentCountIncludingThis, registerOffset, prediction);
</ins><span class="cx"> if (callNode->op() == TailCall)
</span><span class="cx"> return Terminal;
</span><span class="cx"> ASSERT(callNode->op() != TailCallVarargs && callNode->op() != TailCallForwardVarargs);
</span><span class="lines">@@ -1726,6 +1728,19 @@
</span><span class="cx"> RELEASE_ASSERT(!didInsertChecks);
</span><span class="cx"> // We might still try to inline the Intrinsic because it might be a builtin JS function.
</span><span class="cx"> }
</span><ins>+
+ if (Options::useDOMJIT()) {
+ if (const DOMJIT::Signature* signature = callee.signatureFor(specializationKind)) {
+ if (handleDOMJITCall(callTargetNode, resultOperand, signature, registerOffset, argumentCountIncludingThis, prediction, insertChecksWithAccounting)) {
+ RELEASE_ASSERT(didInsertChecks);
+ addToGraph(Phantom, callTargetNode);
+ emitArgumentPhantoms(registerOffset, argumentCountIncludingThis);
+ inliningBalance--;
+ return true;
+ }
+ RELEASE_ASSERT(!didInsertChecks);
+ }
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> unsigned myInliningCost = inliningCost(callee, argumentCountIncludingThis, InlineCallFrame::callModeFor(kind));
</span><span class="lines">@@ -2051,7 +2066,7 @@
</span><span class="cx"> Node* myCallTargetNode = getDirect(calleeReg);
</span><span class="cx"> if (couldTakeSlowPath) {
</span><span class="cx"> addCall(
</span><del>- resultOperand, callOp, OpInfo(), myCallTargetNode, argumentCountIncludingThis,
</del><ins>+ resultOperand, callOp, nullptr, myCallTargetNode, argumentCountIncludingThis,
</ins><span class="cx"> registerOffset, prediction);
</span><span class="cx"> } else {
</span><span class="cx"> addToGraph(CheckBadCell);
</span><span class="lines">@@ -2601,6 +2616,25 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ChecksFunctor>
</span><ins>+bool ByteCodeParser::handleDOMJITCall(Node* callTarget, int resultOperand, const DOMJIT::Signature* signature, int registerOffset, int argumentCountIncludingThis, SpeculatedType prediction, const ChecksFunctor& insertChecks)
+{
+ if (argumentCountIncludingThis != static_cast<int>(1 + signature->argumentCount))
+ return false;
+ if (m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadType))
+ return false;
+
+ // FIXME: Currently, we only support functions which arguments are up to 2.
+ // Eventually, we should extend this. But possibly, 2 or 3 can cover typical use cases.
+ // https://bugs.webkit.org/show_bug.cgi?id=164346
+ ASSERT_WITH_MESSAGE(argumentCountIncludingThis <= JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS_INCLUDING_THIS, "Currently CallDOM does not support an arbitrary length arguments.");
+
+ insertChecks();
+ addCall(resultOperand, Call, signature, callTarget, argumentCountIncludingThis, registerOffset, prediction);
+ return true;
+}
+
+
+template<typename ChecksFunctor>
</ins><span class="cx"> bool ByteCodeParser::handleIntrinsicGetter(int resultOperand, const GetByIdVariant& variant, Node* thisNode, const ChecksFunctor& insertChecks)
</span><span class="cx"> {
</span><span class="cx"> switch (variant.intrinsic()) {
</span><span class="lines">@@ -4792,7 +4826,7 @@
</span><span class="cx"> int callee = currentInstruction[2].u.operand;
</span><span class="cx"> int argumentCountIncludingThis = currentInstruction[3].u.operand;
</span><span class="cx"> int registerOffset = -currentInstruction[4].u.operand;
</span><del>- addCall(result, CallEval, OpInfo(), get(VirtualRegister(callee)), argumentCountIncludingThis, registerOffset, getPrediction());
</del><ins>+ addCall(result, CallEval, nullptr, get(VirtualRegister(callee)), argumentCountIncludingThis, registerOffset, getPrediction());
</ins><span class="cx"> NEXT_OPCODE(op_call_eval);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGClobberize.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx"> #include "DFGLazyNode.h"
</span><span class="cx"> #include "DFGPureValue.h"
</span><span class="cx"> #include "DOMJITCallDOMGetterPatchpoint.h"
</span><ins>+#include "DOMJITSignature.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC { namespace DFG {
</span><span class="cx">
</span><span class="lines">@@ -958,14 +959,13 @@
</span><span class="cx"> else
</span><span class="cx"> write(AbstractHeap(DOMState, effect.writes.rawRepresentation()));
</span><span class="cx"> }
</span><del>- if (effect.def) {
- DOMJIT::HeapRange range = effect.def.value();
</del><ins>+ if (effect.def != DOMJIT::HeapRange::top()) {
+ DOMJIT::HeapRange range = effect.def;
</ins><span class="cx"> if (range == DOMJIT::HeapRange::none())
</span><span class="cx"> def(PureValue(node, node->callDOMGetterData()->domJIT));
</span><span class="cx"> else {
</span><span class="cx"> // Def with heap location. We do not include "GlobalObject" for that since this information is included in the base node.
</span><del>- // FIXME: When supporting the other nodes like getElementById("string"), we should include the base and the id string.
- // Currently, we only see the DOMJIT getter here. So just including "base" is ok.
</del><ins>+ // We only see the DOMJIT getter here. So just including "base" is ok.
</ins><span class="cx"> def(HeapLocation(DOMStateLoc, AbstractHeap(DOMState, range.rawRepresentation()), node->child1()), LazyNode(node));
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -972,6 +972,25 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case CallDOM: {
+ const DOMJIT::Signature* signature = node->signature();
+ DOMJIT::Effect effect = signature->effect;
+ if (effect.reads) {
+ if (effect.reads == DOMJIT::HeapRange::top())
+ read(World);
+ else
+ read(AbstractHeap(DOMState, effect.reads.rawRepresentation()));
+ }
+ if (effect.writes) {
+ if (effect.writes == DOMJIT::HeapRange::top())
+ write(Heap);
+ else
+ write(AbstractHeap(DOMState, effect.writes.rawRepresentation()));
+ }
+ ASSERT_WITH_MESSAGE(effect.def == DOMJIT::HeapRange::top(), "Currently, we do not accept any def for CallDOM.");
+ return;
+ }
+
</ins><span class="cx"> case Arrayify:
</span><span class="cx"> case ArrayifyToStructure:
</span><span class="cx"> read(JSCell_structureID);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDoesGCcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -301,6 +301,7 @@
</span><span class="cx"> case CreateRest:
</span><span class="cx"> case ToLowerCase:
</span><span class="cx"> case CallDOMGetter:
</span><ins>+ case CallDOM:
</ins><span class="cx"> return true;
</span><span class="cx">
</span><span class="cx"> case MultiPutByOffset:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1708,9 +1708,10 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CheckDOM:
- fixEdge<CellUse>(node->child1());
</del><ins>+ case CheckDOM: {
+ fixupCheckDOM(node);
</ins><span class="cx"> break;
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> case CallDOMGetter: {
</span><span class="cx"> DOMJIT::CallDOMGetterPatchpoint* patchpoint = node->callDOMGetterData()->patchpoint;
</span><span class="lines">@@ -1720,6 +1721,16 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case CallDOM: {
+ fixupCallDOM(node);
+ break;
+ }
+
+ case Call: {
+ attemptToMakeCallDOM(node);
+ break;
+ }
+
</ins><span class="cx"> #if !ASSERT_DISABLED
</span><span class="cx"> // Have these no-op cases here to ensure that nobody forgets to add handlers for new opcodes.
</span><span class="cx"> case SetArgument:
</span><span class="lines">@@ -1736,7 +1747,6 @@
</span><span class="cx"> case GetGlobalVar:
</span><span class="cx"> case GetGlobalLexicalVariable:
</span><span class="cx"> case NotifyWrite:
</span><del>- case Call:
</del><span class="cx"> case DirectCall:
</span><span class="cx"> case CheckTypeInfoFlags:
</span><span class="cx"> case TailCallInlinedCaller:
</span><span class="lines">@@ -2659,6 +2669,93 @@
</span><span class="cx"> OpInfo(arrayMode.asWord()), Edge(child, KnownCellUse), Edge(storage));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool attemptToMakeCallDOM(Node* node)
+ {
+ if (m_graph.hasExitSite(node->origin.semantic, BadType))
+ return false;
+
+ const DOMJIT::Signature* signature = node->signature();
+ if (!signature)
+ return false;
+
+ {
+ unsigned index = 0;
+ bool shouldConvertToCallDOM = true;
+ m_graph.doToChildren(node, [&](Edge& edge) {
+ // Callee. Ignore this. DFGByteCodeParser already emit appropriate checks.
+ if (!index)
+ return;
+
+ if (index == 1) {
+ // DOM node case.
+ if (edge->shouldSpeculateNotCell())
+ shouldConvertToCallDOM = false;
+ } else {
+ switch (signature->arguments[index - 2]) {
+ case SpecString:
+ if (edge->shouldSpeculateNotString())
+ shouldConvertToCallDOM = false;
+ break;
+ case SpecInt32Only:
+ if (edge->shouldSpeculateNotInt32())
+ shouldConvertToCallDOM = false;
+ break;
+ case SpecBoolean:
+ if (edge->shouldSpeculateNotBoolean())
+ shouldConvertToCallDOM = false;
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+ }
+ ++index;
+ });
+ if (!shouldConvertToCallDOM)
+ return false;
+ }
+
+ Node* thisNode = m_graph.varArgChild(node, 1).node();
+ Ref<DOMJIT::Patchpoint> checkDOMPatchpoint = signature->checkDOM();
+ m_graph.m_domJITPatchpoints.append(checkDOMPatchpoint.ptr());
+ Node* checkDOM = m_insertionSet.insertNode(m_indexInBlock, SpecNone, CheckDOM, node->origin, OpInfo(checkDOMPatchpoint.ptr()), OpInfo(signature->classInfo), Edge(thisNode));
+ node->convertToCallDOM(m_graph);
+ fixupCheckDOM(checkDOM);
+ fixupCallDOM(node);
+ return true;
+ }
+
+ void fixupCheckDOM(Node* node)
+ {
+ fixEdge<CellUse>(node->child1());
+ }
+
+ void fixupCallDOM(Node* node)
+ {
+ const DOMJIT::Signature* signature = node->signature();
+ auto fixup = [&](Edge& edge, unsigned argumentIndex) {
+ if (!edge)
+ return;
+ switch (signature->arguments[argumentIndex]) {
+ case SpecString:
+ fixEdge<StringUse>(edge);
+ break;
+ case SpecInt32Only:
+ fixEdge<Int32Use>(edge);
+ break;
+ case SpecBoolean:
+ fixEdge<BooleanUse>(edge);
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+ };
+ fixEdge<CellUse>(node->child1()); // DOM.
+ fixup(node->child2(), 0);
+ fixup(node->child3(), 1);
+ }
+
</ins><span class="cx"> void fixupChecksInBlock(BasicBlock* block)
</span><span class="cx"> {
</span><span class="cx"> if (!block)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNode.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNode.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGNode.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -220,6 +220,26 @@
</span><span class="cx"> m_opInfo = executable;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Node::convertToCallDOM(Graph& graph)
+{
+ ASSERT(op() == Call);
+ ASSERT(signature());
+
+ Edge edges[3];
+ // Skip the first one. This is callee.
+ RELEASE_ASSERT(numChildren() <= 4);
+ for (unsigned i = 1; i < numChildren(); ++i)
+ edges[i - 1] = graph.varArgChild(this, i);
+
+ setOpAndDefaultFlags(CallDOM);
+ children.setChild1(edges[0]);
+ children.setChild2(edges[1]);
+ children.setChild3(edges[2]);
+
+ if (!signature()->effect.mustGenerate())
+ clearFlags(NodeMustGenerate);
+}
+
</ins><span class="cx"> String Node::tryGetString(Graph& graph)
</span><span class="cx"> {
</span><span class="cx"> if (hasConstant())
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNode.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNode.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGNode.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -62,6 +62,7 @@
</span><span class="cx"> class GetterSetter;
</span><span class="cx"> class Patchpoint;
</span><span class="cx"> class CallDOMGetterPatchpoint;
</span><ins>+class Signature;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> namespace Profiler {
</span><span class="lines">@@ -652,6 +653,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void convertToDirectCall(FrozenValue*);
</span><ins>+
+ void convertToCallDOM(Graph&);
</ins><span class="cx">
</span><span class="cx"> JSValue asJSValue()
</span><span class="cx"> {
</span><span class="lines">@@ -1464,6 +1467,7 @@
</span><span class="cx"> case ToNumber:
</span><span class="cx"> case LoadFromJSMapBucket:
</span><span class="cx"> case CallDOMGetter:
</span><ins>+ case CallDOM:
</ins><span class="cx"> return true;
</span><span class="cx"> default:
</span><span class="cx"> return false;
</span><span class="lines">@@ -1981,6 +1985,11 @@
</span><span class="cx"> {
</span><span class="cx"> return isInt32Speculation(prediction());
</span><span class="cx"> }
</span><ins>+
+ bool shouldSpeculateNotInt32()
+ {
+ return isNotInt32Speculation(prediction());
+ }
</ins><span class="cx">
</span><span class="cx"> bool sawBooleans()
</span><span class="cx"> {
</span><span class="lines">@@ -2041,6 +2050,11 @@
</span><span class="cx"> {
</span><span class="cx"> return isBooleanSpeculation(prediction());
</span><span class="cx"> }
</span><ins>+
+ bool shouldSpeculateNotBoolean()
+ {
+ return isNotBooleanSpeculation(prediction());
+ }
</ins><span class="cx">
</span><span class="cx"> bool shouldSpeculateOther()
</span><span class="cx"> {
</span><span class="lines">@@ -2066,6 +2080,11 @@
</span><span class="cx"> {
</span><span class="cx"> return isStringSpeculation(prediction());
</span><span class="cx"> }
</span><ins>+
+ bool shouldSpeculateNotString()
+ {
+ return isNotStringSpeculation(prediction());
+ }
</ins><span class="cx">
</span><span class="cx"> bool shouldSpeculateStringOrOther()
</span><span class="cx"> {
</span><span class="lines">@@ -2368,6 +2387,18 @@
</span><span class="cx"> return m_opInfo2.as<const ClassInfo*>();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool hasSignature() const
+ {
+ // Note that this does not include TailCall node types intentionally.
+ // CallDOM node types are always converted from Call.
+ return op() == Call || op() == CallDOM;
+ }
+
+ const DOMJIT::Signature* signature()
+ {
+ return m_opInfo.as<const DOMJIT::Signature*>();
+ }
+
</ins><span class="cx"> Node* replacement() const
</span><span class="cx"> {
</span><span class="cx"> return m_misc.replacement;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNodeType.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -407,6 +407,7 @@
</span><span class="cx"> /* Nodes for DOM JIT */\
</span><span class="cx"> macro(CheckDOM, NodeMustGenerate) \
</span><span class="cx"> macro(CallDOMGetter, NodeResultJS | NodeMustGenerate) \
</span><ins>+ macro(CallDOM, NodeResultJS | NodeMustGenerate) \
</ins><span class="cx">
</span><span class="cx"> // This enum generates a monotonically increasing id for all Node types,
</span><span class="cx"> // and is used by the subsequent enum to fill out the id (as accessed via the NodeIdMask).
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1020,7 +1020,8 @@
</span><span class="cx"> case GetRegExpObjectLastIndex:
</span><span class="cx"> case SetRegExpObjectLastIndex:
</span><span class="cx"> case RecordRegExpCachedResult:
</span><del>- case LazyJSConstant: {
</del><ins>+ case LazyJSConstant:
+ case CallDOM: {
</ins><span class="cx"> // This node should never be visible at this stage of compilation. It is
</span><span class="cx"> // inserted by fixup(), which follows this phase.
</span><span class="cx"> DFG_CRASH(m_graph, m_currentNode, "Unexpected node during prediction propagation");
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSafeToExecuteh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -220,6 +220,7 @@
</span><span class="cx"> case GetExecutable:
</span><span class="cx"> case GetButterfly:
</span><span class="cx"> case CallDOMGetter:
</span><ins>+ case CallDOM:
</ins><span class="cx"> case CheckDOM:
</span><span class="cx"> case CheckArray:
</span><span class="cx"> case Arrayify:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -7260,6 +7260,88 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void SpeculativeJIT::compileCallDOM(Node* node)
+{
+ const DOMJIT::Signature* signature = node->signature();
+
+ // FIXME: We should have a way to call functions with the vector of registers.
+ // https://bugs.webkit.org/show_bug.cgi?id=163099
+ Vector<Variant<SpeculateCellOperand, SpeculateInt32Operand, SpeculateBooleanOperand>, JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS_INCLUDING_THIS> operands;
+ Vector<GPRReg, JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS_INCLUDING_THIS> regs;
+
+ auto appendCell = [&](Edge& edge) {
+ SpeculateCellOperand operand(this, edge);
+ regs.append(operand.gpr());
+ operands.append(WTFMove(operand));
+ };
+
+ auto appendString = [&](Edge& edge) {
+ SpeculateCellOperand operand(this, edge);
+ GPRReg gpr = operand.gpr();
+ regs.append(gpr);
+ speculateString(edge, gpr);
+ operands.append(WTFMove(operand));
+ };
+
+ auto appendInt32 = [&](Edge& edge) {
+ SpeculateInt32Operand operand(this, edge);
+ regs.append(operand.gpr());
+ operands.append(WTFMove(operand));
+ };
+
+ auto appendBoolean = [&](Edge& edge) {
+ SpeculateBooleanOperand operand(this, edge);
+ regs.append(operand.gpr());
+ operands.append(WTFMove(operand));
+ };
+
+ unsigned index = 0;
+ m_jit.graph().doToChildren(node, [&](Edge edge) {
+ if (!index)
+ appendCell(edge);
+ else {
+ switch (signature->arguments[index - 1]) {
+ case SpecString:
+ appendString(edge);
+ break;
+ case SpecInt32Only:
+ appendInt32(edge);
+ break;
+ case SpecBoolean:
+ appendBoolean(edge);
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+ }
+ ++index;
+ });
+
+ JSValueRegsTemporary result(this);
+ JSValueRegs resultRegs = result.regs();
+
+ flushRegisters();
+ unsigned argumentCountIncludingThis = signature->argumentCount + 1;
+ switch (argumentCountIncludingThis) {
+ case 1:
+ callOperation(reinterpret_cast<J_JITOperation_EP>(signature->unsafeFunction), extractResult(resultRegs), regs[0]);
+ break;
+ case 2:
+ callOperation(reinterpret_cast<J_JITOperation_EPP>(signature->unsafeFunction), extractResult(resultRegs), regs[0], regs[1]);
+ break;
+ case 3:
+ callOperation(reinterpret_cast<J_JITOperation_EPPP>(signature->unsafeFunction), extractResult(resultRegs), regs[0], regs[1], regs[2]);
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+
+ m_jit.exceptionCheck();
+ jsValueResult(resultRegs, node);
+}
+
</ins><span class="cx"> void SpeculativeJIT::compileCallDOMGetter(Node* node)
</span><span class="cx"> {
</span><span class="cx"> DOMJIT::CallDOMGetterPatchpoint* patchpoint = node->callDOMGetterData()->patchpoint;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1651,6 +1651,11 @@
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1, arg2);
</span><span class="cx"> return appendCallSetResult(operation, result);
</span><span class="cx"> }
</span><ins>+ JITCompiler::Call callOperation(J_JITOperation_EPPP operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
+ return appendCallSetResult(operation, result);
+ }
</ins><span class="cx"> JITCompiler::Call callOperation(J_JITOperation_EGP operation, GPRReg result, GPRReg arg1, GPRReg arg2)
</span><span class="cx"> {
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1, arg2);
</span><span class="lines">@@ -1915,6 +1920,16 @@
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(pointer));
</span><span class="cx"> return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
</span><span class="cx"> }
</span><ins>+ JITCompiler::Call callOperation(J_JITOperation_EPP operation, JSValueRegs result, GPRReg arg1, GPRReg arg2)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, arg2);
+ return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
+ }
+ JITCompiler::Call callOperation(J_JITOperation_EPPP operation, JSValueRegs result, GPRReg arg1, GPRReg arg2, GPRReg arg3)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
+ return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());
+ }
</ins><span class="cx"> JITCompiler::Call callOperation(J_JITOperation_EGP operation, JSValueRegs result, GPRReg arg1, GPRReg arg2)
</span><span class="cx"> {
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1, arg2);
</span><span class="lines">@@ -2562,6 +2577,7 @@
</span><span class="cx"> void compileReallocatePropertyStorage(Node*);
</span><span class="cx"> void compileGetButterfly(Node*);
</span><span class="cx"> void compileCallDOMGetter(Node*);
</span><ins>+ void compileCallDOM(Node*);
</ins><span class="cx"> void compileCheckDOM(Node*);
</span><span class="cx">
</span><span class="cx"> #if USE(JSVALUE32_64)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -5561,6 +5561,10 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case CallDOM:
+ compileCallDOM(node);
+ break;
+
</ins><span class="cx"> case CallDOMGetter:
</span><span class="cx"> compileCallDOMGetter(node);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -5693,6 +5693,10 @@
</span><span class="cx"> compileMaterializeNewObject(node);
</span><span class="cx"> break;
</span><span class="cx">
</span><ins>+ case CallDOM:
+ compileCallDOM(node);
+ break;
+
</ins><span class="cx"> case CallDOMGetter:
</span><span class="cx"> compileCallDOMGetter(node);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredomjitDOMJITEffecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/domjit/DOMJITEffect.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/domjit/DOMJITEffect.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/domjit/DOMJITEffect.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -28,56 +28,62 @@
</span><span class="cx"> #include "DOMJITHeapRange.h"
</span><span class="cx"> #include <wtf/Optional.h>
</span><span class="cx">
</span><del>-#if ENABLE(JIT)
-
</del><span class="cx"> namespace JSC { namespace DOMJIT {
</span><span class="cx">
</span><del>-struct Effect {
</del><ins>+class Effect {
+public:
</ins><span class="cx"> HeapRange reads { HeapRange::top() };
</span><span class="cx"> HeapRange writes { HeapRange::top() };
</span><del>- Optional<HeapRange> def;
</del><ins>+ HeapRange def { HeapRange::top() };
</ins><span class="cx">
</span><del>- static Effect forReadWrite(HeapRange readRange, HeapRange writeRange)
</del><ins>+ constexpr Effect() = default;
+ constexpr Effect(HeapRange reads, HeapRange writes)
+ : reads(reads)
+ , writes(writes)
</ins><span class="cx"> {
</span><del>- Effect effect;
- effect.reads = readRange;
- effect.writes = writeRange;
- return effect;
</del><span class="cx"> }
</span><span class="cx">
</span><del>- static Effect forPure()
</del><ins>+ constexpr Effect(HeapRange reads, HeapRange writes, HeapRange def)
+ : reads(reads)
+ , writes(writes)
+ , def(def)
</ins><span class="cx"> {
</span><del>- Effect effect;
- effect.reads = HeapRange::none();
- effect.writes = HeapRange::none();
- effect.def = HeapRange::none();
- return effect;
</del><span class="cx"> }
</span><span class="cx">
</span><del>- static Effect forDef(HeapRange def)
</del><ins>+ constexpr static Effect forWrite(HeapRange writeRange)
</ins><span class="cx"> {
</span><del>- Effect effect;
- effect.reads = def;
- effect.writes = HeapRange::none();
- effect.def = def;
- return effect;
</del><ins>+ return Effect(HeapRange::none(), writeRange);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- static Effect forDef(HeapRange def, HeapRange readRange, HeapRange writeRange)
</del><ins>+ constexpr static Effect forRead(HeapRange readRange)
</ins><span class="cx"> {
</span><del>- Effect effect;
- effect.reads = readRange;
- effect.writes = writeRange;
- effect.def = def;
- return effect;
</del><ins>+ return Effect(readRange, HeapRange::none());
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- bool mustGenerate() const
</del><ins>+ constexpr static Effect forReadWrite(HeapRange readRange, HeapRange writeRange)
</ins><span class="cx"> {
</span><ins>+ return Effect(readRange, writeRange);
+ }
+
+ constexpr static Effect forPure()
+ {
+ return Effect(HeapRange::none(), HeapRange::none(), HeapRange::none());
+ }
+
+ constexpr static Effect forDef(HeapRange def)
+ {
+ return Effect(def, HeapRange::none(), def);
+ }
+
+ constexpr static Effect forDef(HeapRange def, HeapRange readRange, HeapRange writeRange)
+ {
+ return Effect(readRange, writeRange, def);
+ }
+
+ constexpr bool mustGenerate() const
+ {
</ins><span class="cx"> return !!writes;
</span><span class="cx"> }
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } }
</span><del>-
-#endif
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoredomjitDOMJITHeapRangeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/domjit/DOMJITHeapRange.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/domjit/DOMJITHeapRange.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/domjit/DOMJITHeapRange.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -28,8 +28,6 @@
</span><span class="cx"> #include <wtf/MathExtras.h>
</span><span class="cx"> #include <wtf/PrintStream.h>
</span><span class="cx">
</span><del>-#if ENABLE(JIT)
-
</del><span class="cx"> namespace JSC { namespace DOMJIT {
</span><span class="cx">
</span><span class="cx"> class HeapRange {
</span><span class="lines">@@ -47,7 +45,6 @@
</span><span class="cx"> ASSERT_WITH_MESSAGE(begin <= end, "begin <= end is the invariant of this HeapRange.");
</span><span class="cx"> }
</span><span class="cx">
</span><del>-private:
</del><span class="cx"> enum ConstExprTag { ConstExpr };
</span><span class="cx"> constexpr HeapRange(ConstExprTag, uint16_t begin, uint16_t end)
</span><span class="cx"> : m_begin(begin)
</span><span class="lines">@@ -55,14 +52,6 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- template<uint16_t begin, uint16_t end>
- static constexpr HeapRange fromConstant()
- {
- static_assert(begin <= end, "begin <= end is the invariant of this HeapRange.");
- return HeapRange(ConstExpr, begin, end);
- }
-
-public:
</del><span class="cx"> enum RawRepresentationTag { RawRepresentation };
</span><span class="cx"> explicit constexpr HeapRange(RawRepresentationTag, uint32_t value)
</span><span class="cx"> : m_raw(value)
</span><span class="lines">@@ -69,7 +58,7 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static HeapRange fromRaw(uint32_t value)
</del><ins>+ constexpr static HeapRange fromRaw(uint32_t value)
</ins><span class="cx"> {
</span><span class="cx"> return HeapRange(RawRepresentation, value);
</span><span class="cx"> }
</span><span class="lines">@@ -78,16 +67,28 @@
</span><span class="cx"> uint16_t end() const { return m_end; }
</span><span class="cx"> uint32_t rawRepresentation() { return m_raw; }
</span><span class="cx">
</span><del>- explicit operator bool() const
</del><ins>+ constexpr explicit operator bool() const
</ins><span class="cx"> {
</span><span class="cx"> return m_begin != m_end;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool operator==(const HeapRange& other) const
</del><ins>+ constexpr bool operator==(const HeapRange& other) const
</ins><span class="cx"> {
</span><span class="cx"> return m_begin == other.m_begin && m_end == other.m_end;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ constexpr bool operator!=(const HeapRange& other) const
+ {
+ return !operator==(other);
+ }
+
+ template<uint16_t begin, uint16_t end>
+ static constexpr HeapRange fromConstant()
+ {
+ static_assert(begin < end || (begin == UINT16_MAX && end == UINT16_MAX), "begin < end or the both are UINT16_MAX is the invariant of this HeapRange.");
+ return HeapRange(ConstExpr, begin, end);
+ }
+
</ins><span class="cx"> static constexpr HeapRange top() { return fromConstant<0, UINT16_MAX>(); }
</span><span class="cx"> static constexpr HeapRange none() { return fromConstant<UINT16_MAX, UINT16_MAX>(); } // Empty range.
</span><span class="cx">
</span><span class="lines">@@ -127,5 +128,3 @@
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } }
</span><del>-
-#endif
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoredomjitDOMJITSignatureh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/domjit/DOMJITSignature.h (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/domjit/DOMJITSignature.h (rev 0)
+++ trunk/Source/JavaScriptCore/domjit/DOMJITSignature.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,72 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "ClassInfo.h"
+#include "DOMJITEffect.h"
+#include "SpeculatedType.h"
+
+namespace JSC { namespace DOMJIT {
+
+// FIXME: Currently, we only support functions which arguments are up to 2.
+// Eventually, we should extend this. But possibly, 2 or 3 can cover typical use cases.
+// https://bugs.webkit.org/show_bug.cgi?id=164346
+#define JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS 2
+#define JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS_INCLUDING_THIS (1 + JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS)
+
+class Patchpoint;
+
+typedef Ref<Patchpoint> CheckDOMGeneratorFunction(void);
+
+class Signature {
+public:
+ template<typename... Arguments>
+ constexpr Signature(uintptr_t unsafeFunction, CheckDOMGeneratorFunction* checkDOMGeneratorFunction, const ClassInfo* classInfo, Effect effect, SpeculatedType result, Arguments... arguments)
+ : unsafeFunction(unsafeFunction)
+ , checkDOMGeneratorFunction(checkDOMGeneratorFunction)
+ , classInfo(classInfo)
+ , effect(effect)
+ , result(result)
+ , arguments {static_cast<SpeculatedType>(arguments)...}
+ , argumentCount(sizeof...(Arguments))
+ {
+ }
+
+ Ref<Patchpoint> checkDOM() const
+ {
+ return checkDOMGeneratorFunction();
+ }
+
+ uintptr_t unsafeFunction;
+ CheckDOMGeneratorFunction* checkDOMGeneratorFunction;
+ const ClassInfo* const classInfo;
+ const Effect effect;
+ const SpeculatedType result;
+ const SpeculatedType arguments[JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS];
+ const unsigned argumentCount;
+};
+
+} }
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -273,6 +273,7 @@
</span><span class="cx"> case DefineAccessorProperty:
</span><span class="cx"> case ToLowerCase:
</span><span class="cx"> case CheckDOM:
</span><ins>+ case CallDOM:
</ins><span class="cx"> case CallDOMGetter:
</span><span class="cx"> // These are OK.
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1060,6 +1060,9 @@
</span><span class="cx"> case CheckDOM:
</span><span class="cx"> compileCheckDOM();
</span><span class="cx"> break;
</span><ins>+ case CallDOM:
+ compileCallDOM();
+ break;
</ins><span class="cx"> case CallDOMGetter:
</span><span class="cx"> compileCallDOMGetter();
</span><span class="cx"> break;
</span><span class="lines">@@ -9100,6 +9103,57 @@
</span><span class="cx"> patchpoint->effects = Effects::forCheck();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void compileCallDOM()
+ {
+ const DOMJIT::Signature* signature = m_node->signature();
+
+ // FIXME: We should have a way to call functions with the vector of registers.
+ // https://bugs.webkit.org/show_bug.cgi?id=163099
+ Vector<LValue, JSC_DOMJIT_SIGNATURE_MAX_ARGUMENTS_INCLUDING_THIS> operands;
+
+ unsigned index = 0;
+ DFG_NODE_DO_TO_CHILDREN(m_graph, m_node, [&](Node*, Edge edge) {
+ if (!index)
+ operands.append(lowCell(edge));
+ else {
+ switch (signature->arguments[index - 1]) {
+ case SpecString:
+ operands.append(lowString(edge));
+ break;
+ case SpecInt32Only:
+ operands.append(lowInt32(edge));
+ break;
+ case SpecBoolean:
+ operands.append(lowBoolean(edge));
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+ }
+ ++index;
+ });
+
+ unsigned argumentCountIncludingThis = signature->argumentCount + 1;
+ LValue result;
+ switch (argumentCountIncludingThis) {
+ case 1:
+ result = vmCall(Int64, m_out.operation(reinterpret_cast<J_JITOperation_EP>(signature->unsafeFunction)), m_callFrame, operands[0]);
+ break;
+ case 2:
+ result = vmCall(Int64, m_out.operation(reinterpret_cast<J_JITOperation_EPP>(signature->unsafeFunction)), m_callFrame, operands[0], operands[1]);
+ break;
+ case 3:
+ result = vmCall(Int64, m_out.operation(reinterpret_cast<J_JITOperation_EPPP>(signature->unsafeFunction)), m_callFrame, operands[0], operands[1], operands[2]);
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+
+ setJSValue(result);
+ }
+
</ins><span class="cx"> void compileCallDOMGetter()
</span><span class="cx"> {
</span><span class="cx"> DOMJIT::CallDOMGetterPatchpoint* domJIT = m_node->callDOMGetterData()->patchpoint;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -158,6 +158,7 @@
</span><span class="cx"> typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EGP)(ExecState*, JSGlobalObject*, void*);
</span><span class="cx"> typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EP)(ExecState*, void*);
</span><span class="cx"> typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EPP)(ExecState*, void*, void*);
</span><ins>+typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EPPP)(ExecState*, void*, void*, void*);
</ins><span class="cx"> typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EPS)(ExecState*, void*, size_t);
</span><span class="cx"> typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EPc)(ExecState*, Instruction*);
</span><span class="cx"> typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJscC)(ExecState*, JSScope*, JSCell*);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITThunkscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITThunks.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITThunks.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/jit/JITThunks.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -90,10 +90,10 @@
</span><span class="cx">
</span><span class="cx"> NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, NativeFunction constructor, const String& name)
</span><span class="cx"> {
</span><del>- return hostFunctionStub(vm, function, constructor, nullptr, NoIntrinsic, name);
</del><ins>+ return hostFunctionStub(vm, function, constructor, nullptr, NoIntrinsic, nullptr, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, NativeFunction constructor, ThunkGenerator generator, Intrinsic intrinsic, const String& name)
</del><ins>+NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, NativeFunction constructor, ThunkGenerator generator, Intrinsic intrinsic, const DOMJIT::Signature* signature, const String& name)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!isCompilationThread());
</span><span class="cx"> ASSERT(vm->canUseJIT());
</span><span class="lines">@@ -110,7 +110,7 @@
</span><span class="cx">
</span><span class="cx"> RefPtr<JITCode> forConstruct = adoptRef(new NativeJITCode(MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct(vm)), JITCode::HostCallThunk));
</span><span class="cx">
</span><del>- NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, forCall, function, forConstruct, constructor, intrinsic, name);
</del><ins>+ NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, forCall, function, forConstruct, constructor, intrinsic, signature, name);
</ins><span class="cx"> weakAdd(*m_hostFunctionStubMap, std::make_tuple(function, constructor, name), Weak<NativeExecutable>(nativeExecutable, this));
</span><span class="cx"> return nativeExecutable;
</span><span class="cx"> }
</span><span class="lines">@@ -117,7 +117,7 @@
</span><span class="cx">
</span><span class="cx"> NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, ThunkGenerator generator, Intrinsic intrinsic, const String& name)
</span><span class="cx"> {
</span><del>- return hostFunctionStub(vm, function, callHostFunctionAsConstructor, generator, intrinsic, name);
</del><ins>+ return hostFunctionStub(vm, function, callHostFunctionAsConstructor, generator, intrinsic, nullptr, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JITThunks::clearHostFunctionStubs()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITThunksh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITThunks.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITThunks.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/jit/JITThunks.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -39,6 +39,9 @@
</span><span class="cx"> #include <wtf/text/StringHash.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><ins>+namespace DOMJIT {
+class Signature;
+}
</ins><span class="cx">
</span><span class="cx"> class VM;
</span><span class="cx"> class NativeExecutable;
</span><span class="lines">@@ -57,7 +60,7 @@
</span><span class="cx"> MacroAssemblerCodeRef ctiStub(VM*, ThunkGenerator);
</span><span class="cx">
</span><span class="cx"> NativeExecutable* hostFunctionStub(VM*, NativeFunction, NativeFunction constructor, const String& name);
</span><del>- NativeExecutable* hostFunctionStub(VM*, NativeFunction, NativeFunction constructor, ThunkGenerator, Intrinsic, const String& name);
</del><ins>+ NativeExecutable* hostFunctionStub(VM*, NativeFunction, NativeFunction constructor, ThunkGenerator, Intrinsic, const DOMJIT::Signature*, const String& name);
</ins><span class="cx"> NativeExecutable* hostFunctionStub(VM*, NativeFunction, ThunkGenerator, Intrinsic, const String& name);
</span><span class="cx">
</span><span class="cx"> void clearHostFunctionStubs();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSBoundFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -168,7 +168,7 @@
</span><span class="cx"> NativeExecutable* executable = vm.getHostFunction(
</span><span class="cx"> slowCase ? boundFunctionCall : boundThisNoArgsFunctionCall,
</span><span class="cx"> slowCase ? NoIntrinsic : BoundThisNoArgsFunctionCallIntrinsic,
</span><del>- canConstruct ? (slowCase ? boundFunctionConstruct : boundThisNoArgsFunctionConstruct) : callHostFunctionAsConstructor,
</del><ins>+ canConstruct ? (slowCase ? boundFunctionConstruct : boundThisNoArgsFunctionConstruct) : callHostFunctionAsConstructor, nullptr,
</ins><span class="cx"> name);
</span><span class="cx"> Structure* structure = getBoundFunctionStructure(vm, exec, globalObject, targetFunction);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, nullptr);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSCellh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSCell.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSCell.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/JSCell.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -56,17 +56,17 @@
</span><span class="cx"> template<typename T> void* allocateCell(Heap&, GCDeferralContext*);
</span><span class="cx"> template<typename T> void* allocateCell(Heap&, GCDeferralContext*, size_t);
</span><span class="cx">
</span><del>-#define DECLARE_EXPORT_INFO \
- protected: \
- static JS_EXPORTDATA const ::JSC::ClassInfo s_info; \
- public: \
- static const ::JSC::ClassInfo* info() { return &s_info; }
</del><ins>+#define DECLARE_EXPORT_INFO \
+ protected: \
+ static JS_EXPORTDATA const ::JSC::ClassInfo s_info; \
+ public: \
+ static constexpr const ::JSC::ClassInfo* info() { return &s_info; }
</ins><span class="cx">
</span><del>-#define DECLARE_INFO \
- protected: \
- static const ::JSC::ClassInfo s_info; \
- public: \
- static const ::JSC::ClassInfo* info() { return &s_info; }
</del><ins>+#define DECLARE_INFO \
+ protected: \
+ static const ::JSC::ClassInfo s_info; \
+ public: \
+ static constexpr const ::JSC::ClassInfo* info() { return &s_info; }
</ins><span class="cx">
</span><span class="cx"> class JSCell : public HeapCell {
</span><span class="cx"> friend class JSValue;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSFunction.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -84,9 +84,9 @@
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>-JSFunction* JSFunction::create(VM& vm, JSGlobalObject* globalObject, int length, const String& name, NativeFunction nativeFunction, Intrinsic intrinsic, NativeFunction nativeConstructor)
</del><ins>+JSFunction* JSFunction::create(VM& vm, JSGlobalObject* globalObject, int length, const String& name, NativeFunction nativeFunction, Intrinsic intrinsic, NativeFunction nativeConstructor, const DOMJIT::Signature* signature)
</ins><span class="cx"> {
</span><del>- NativeExecutable* executable = vm.getHostFunction(nativeFunction, intrinsic, nativeConstructor, name);
</del><ins>+ NativeExecutable* executable = vm.getHostFunction(nativeFunction, intrinsic, nativeConstructor, signature, name);
</ins><span class="cx"> JSFunction* function = new (NotNull, allocateCell<JSFunction>(vm.heap)) JSFunction(vm, globalObject, globalObject->functionStructure());
</span><span class="cx"> // Can't do this during initialization because getHostFunction might do a GC allocation.
</span><span class="cx"> function->finishCreation(vm, executable, length, name);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSFunctionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSFunction.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSFunction.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/JSFunction.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -46,6 +46,11 @@
</span><span class="cx"> class JITCompiler;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+namespace DOMJIT {
+class Signature;
+}
+
+
</ins><span class="cx"> JS_EXPORT_PRIVATE EncodedJSValue JSC_HOST_CALL callHostFunctionAsConstructor(ExecState*);
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE String getCalculatedDisplayName(VM&, JSObject*);
</span><span class="lines">@@ -67,7 +72,7 @@
</span><span class="cx"> return sizeof(JSFunction);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- JS_EXPORT_PRIVATE static JSFunction* create(VM&, JSGlobalObject*, int length, const String& name, NativeFunction, Intrinsic = NoIntrinsic, NativeFunction nativeConstructor = callHostFunctionAsConstructor);
</del><ins>+ JS_EXPORT_PRIVATE static JSFunction* create(VM&, JSGlobalObject*, int length, const String& name, NativeFunction, Intrinsic = NoIntrinsic, NativeFunction nativeConstructor = callHostFunctionAsConstructor, const DOMJIT::Signature* = nullptr);
</ins><span class="cx">
</span><span class="cx"> static JSFunction* createWithInvalidatedReallocationWatchpoint(VM&, FunctionExecutable*, JSScope*);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSNativeStdFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -66,7 +66,7 @@
</span><span class="cx">
</span><span class="cx"> JSNativeStdFunction* JSNativeStdFunction::create(VM& vm, JSGlobalObject* globalObject, int length, const String& name, NativeStdFunction&& nativeStdFunction, Intrinsic intrinsic, NativeFunction nativeConstructor)
</span><span class="cx"> {
</span><del>- NativeExecutable* executable = vm.getHostFunction(runStdFunction, intrinsic, nativeConstructor, name);
</del><ins>+ NativeExecutable* executable = vm.getHostFunction(runStdFunction, intrinsic, nativeConstructor, nullptr, name);
</ins><span class="cx"> NativeStdFunctionCell* functionCell = NativeStdFunctionCell::create(vm, WTFMove(nativeStdFunction));
</span><span class="cx"> Structure* structure = globalObject->nativeStdFunctionStructure();
</span><span class="cx"> JSNativeStdFunction* function = new (NotNull, allocateCell<JSNativeStdFunction>(vm.heap)) JSNativeStdFunction(vm, globalObject, structure);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSObject.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSObject.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/JSObject.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -2549,6 +2549,17 @@
</span><span class="cx"> return putDirect(vm, propertyName, function, attributes);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool JSObject::putDirectNativeFunction(VM& vm, JSGlobalObject* globalObject, const PropertyName& propertyName, unsigned functionLength, NativeFunction nativeFunction, Intrinsic intrinsic, const DOMJIT::Signature* signature, unsigned attributes)
+{
+ StringImpl* name = propertyName.publicName();
+ if (!name)
+ name = vm.propertyNames->anonymous.impl();
+ ASSERT(name);
+
+ JSFunction* function = JSFunction::create(vm, globalObject, functionLength, name, nativeFunction, intrinsic, callHostFunctionAsConstructor, signature);
+ return putDirect(vm, propertyName, function, attributes);
+}
+
</ins><span class="cx"> JSFunction* JSObject::putDirectBuiltinFunction(VM& vm, JSGlobalObject* globalObject, const PropertyName& propertyName, FunctionExecutable* functionExecutable, unsigned attributes)
</span><span class="cx"> {
</span><span class="cx"> StringImpl* name = propertyName.publicName();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSObject.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSObject.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/JSObject.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -47,6 +47,9 @@
</span><span class="cx"> #include <wtf/StdLibExtras.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><ins>+namespace DOMJIT {
+class Signature;
+}
</ins><span class="cx">
</span><span class="cx"> inline JSCell* getJSFunction(JSValue value)
</span><span class="cx"> {
</span><span class="lines">@@ -700,6 +703,7 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE bool putDirectNativeIntrinsicGetter(VM&, JSGlobalObject*, Identifier, NativeFunction, Intrinsic, unsigned attributes);
</span><span class="cx"> JS_EXPORT_PRIVATE bool putDirectNativeFunction(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
</span><ins>+ JS_EXPORT_PRIVATE bool putDirectNativeFunction(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, const DOMJIT::Signature*, unsigned attributes);
</ins><span class="cx"> JS_EXPORT_PRIVATE JSFunction* putDirectBuiltinFunction(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
</span><span class="cx"> JSFunction* putDirectBuiltinFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, FunctionExecutable*, unsigned attributes);
</span><span class="cx"> JS_EXPORT_PRIVATE void putDirectNativeFunctionWithoutTransition(VM&, JSGlobalObject*, const PropertyName&, unsigned functionLength, NativeFunction, Intrinsic, unsigned attributes);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLookuph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Lookup.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Lookup.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/Lookup.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -24,6 +24,7 @@
</span><span class="cx"> #include "CallFrame.h"
</span><span class="cx"> #include "CustomGetterSetter.h"
</span><span class="cx"> #include "DOMJITGetterSetter.h"
</span><ins>+#include "DOMJITSignature.h"
</ins><span class="cx"> #include "Identifier.h"
</span><span class="cx"> #include "IdentifierInlines.h"
</span><span class="cx"> #include "Intrinsic.h"
</span><span class="lines">@@ -75,12 +76,19 @@
</span><span class="cx"> Intrinsic intrinsic() const { ASSERT(m_attributes & Function); return m_intrinsic; }
</span><span class="cx"> BuiltinGenerator builtinGenerator() const { ASSERT(m_attributes & Builtin); return reinterpret_cast<BuiltinGenerator>(m_values.value1); }
</span><span class="cx"> NativeFunction function() const { ASSERT(m_attributes & Function); return reinterpret_cast<NativeFunction>(m_values.value1); }
</span><del>- unsigned char functionLength() const { ASSERT(m_attributes & Function); return static_cast<unsigned char>(m_values.value2); }
</del><ins>+ unsigned char functionLength() const
+ {
+ ASSERT(m_attributes & Function);
+ if (m_attributes & DOMJITFunction)
+ return signature()->argumentCount;
+ return static_cast<unsigned char>(m_values.value2);
+ }
</ins><span class="cx">
</span><span class="cx"> GetFunction propertyGetter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant)); return reinterpret_cast<GetFunction>(m_values.value1); }
</span><span class="cx"> PutFunction propertyPutter() const { ASSERT(!(m_attributes & BuiltinOrFunctionOrAccessorOrLazyPropertyOrConstant)); return reinterpret_cast<PutFunction>(m_values.value2); }
</span><span class="cx">
</span><span class="cx"> DOMJIT::GetterSetter* domJIT() const { ASSERT(m_attributes & DOMJITAttribute); return reinterpret_cast<DOMJITGetterSetterGenerator>(m_values.value1)(); }
</span><ins>+ const DOMJIT::Signature* signature() const { ASSERT(m_attributes & DOMJITFunction); return reinterpret_cast<const DOMJIT::Signature*>(m_values.value2); }
</ins><span class="cx">
</span><span class="cx"> NativeFunction accessorGetter() const { ASSERT(m_attributes & Accessor); return reinterpret_cast<NativeFunction>(m_values.value1); }
</span><span class="cx"> NativeFunction accessorSetter() const { ASSERT(m_attributes & Accessor); return reinterpret_cast<NativeFunction>(m_values.value2); }
</span><span class="lines">@@ -313,6 +321,12 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (value.attributes() & Function) {
</span><ins>+ if (value.attributes() & DOMJITFunction) {
+ thisObj.putDirectNativeFunction(
+ vm, thisObj.globalObject(), propertyName, value.functionLength(),
+ value.function(), value.intrinsic(), value.signature(), attributesForStructure(value.attributes()));
+ return;
+ }
</ins><span class="cx"> thisObj.putDirectNativeFunction(
</span><span class="cx"> vm, thisObj.globalObject(), propertyName, value.functionLength(),
</span><span class="cx"> value.function(), value.intrinsic(), attributesForStructure(value.attributes()));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeNativeExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/NativeExecutable.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -40,10 +40,10 @@
</span><span class="cx">
</span><span class="cx"> const ClassInfo NativeExecutable::s_info = { "NativeExecutable", &ExecutableBase::s_info, 0, CREATE_METHOD_TABLE(NativeExecutable) };
</span><span class="cx">
</span><del>-NativeExecutable* NativeExecutable::create(VM& vm, PassRefPtr<JITCode> callThunk, NativeFunction function, PassRefPtr<JITCode> constructThunk, NativeFunction constructor, Intrinsic intrinsic, const String& name)
</del><ins>+NativeExecutable* NativeExecutable::create(VM& vm, PassRefPtr<JITCode> callThunk, NativeFunction function, PassRefPtr<JITCode> constructThunk, NativeFunction constructor, Intrinsic intrinsic, const DOMJIT::Signature* signature, const String& name)
</ins><span class="cx"> {
</span><span class="cx"> NativeExecutable* executable;
</span><del>- executable = new (NotNull, allocateCell<NativeExecutable>(vm.heap)) NativeExecutable(vm, function, constructor, intrinsic);
</del><ins>+ executable = new (NotNull, allocateCell<NativeExecutable>(vm.heap)) NativeExecutable(vm, function, constructor, intrinsic, signature);
</ins><span class="cx"> executable->finishCreation(vm, callThunk, constructThunk, name);
</span><span class="cx"> return executable;
</span><span class="cx"> }
</span><span class="lines">@@ -68,10 +68,11 @@
</span><span class="cx"> m_name = name;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-NativeExecutable::NativeExecutable(VM& vm, NativeFunction function, NativeFunction constructor, Intrinsic intrinsic)
</del><ins>+NativeExecutable::NativeExecutable(VM& vm, NativeFunction function, NativeFunction constructor, Intrinsic intrinsic, const DOMJIT::Signature* signature)
</ins><span class="cx"> : ExecutableBase(vm, vm.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST, intrinsic)
</span><span class="cx"> , m_function(function)
</span><span class="cx"> , m_constructor(constructor)
</span><ins>+ , m_signature(signature)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeNativeExecutableh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/NativeExecutable.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/NativeExecutable.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/NativeExecutable.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -28,6 +28,9 @@
</span><span class="cx"> #include "ExecutableBase.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><ins>+namespace DOMJIT {
+class Signature;
+}
</ins><span class="cx">
</span><span class="cx"> class NativeExecutable final : public ExecutableBase {
</span><span class="cx"> friend class JIT;
</span><span class="lines">@@ -36,7 +39,7 @@
</span><span class="cx"> typedef ExecutableBase Base;
</span><span class="cx"> static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
</span><span class="cx">
</span><del>- static NativeExecutable* create(VM& vm, PassRefPtr<JITCode> callThunk, NativeFunction function, PassRefPtr<JITCode> constructThunk, NativeFunction constructor, Intrinsic intrinsic, const String& name);
</del><ins>+ static NativeExecutable* create(VM&, PassRefPtr<JITCode> callThunk, NativeFunction function, PassRefPtr<JITCode> constructThunk, NativeFunction constructor, Intrinsic, const DOMJIT::Signature*, const String& name);
</ins><span class="cx">
</span><span class="cx"> static void destroy(JSCell*);
</span><span class="cx">
</span><span class="lines">@@ -66,7 +69,15 @@
</span><span class="cx"> DECLARE_INFO;
</span><span class="cx">
</span><span class="cx"> const String& name() const { return m_name; }
</span><ins>+ const DOMJIT::Signature* signature() const { return m_signature; }
</ins><span class="cx">
</span><ins>+ const DOMJIT::Signature* signatureFor(CodeSpecializationKind kind) const
+ {
+ if (isCall(kind))
+ return signature();
+ return nullptr;
+ }
+
</ins><span class="cx"> protected:
</span><span class="cx"> void finishCreation(VM&, PassRefPtr<JITCode> callThunk, PassRefPtr<JITCode> constructThunk, const String& name);
</span><span class="cx">
</span><span class="lines">@@ -73,10 +84,11 @@
</span><span class="cx"> private:
</span><span class="cx"> friend class ExecutableBase;
</span><span class="cx">
</span><del>- NativeExecutable(VM&, NativeFunction function, NativeFunction constructor, Intrinsic);
</del><ins>+ NativeExecutable(VM&, NativeFunction function, NativeFunction constructor, Intrinsic, const DOMJIT::Signature*);
</ins><span class="cx">
</span><span class="cx"> NativeFunction m_function;
</span><span class="cx"> NativeFunction m_constructor;
</span><ins>+ const DOMJIT::Signature* m_signature;
</ins><span class="cx">
</span><span class="cx"> String m_name;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimePropertySloth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/PropertySlot.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/PropertySlot.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/PropertySlot.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -51,6 +51,7 @@
</span><span class="cx"> ClassStructure = 1 << 12, // property is a lazy class structure - only used by static hashtables
</span><span class="cx"> PropertyCallback = 1 << 13, // property that is a lazy property callback - only used by static hashtables
</span><span class="cx"> DOMJITAttribute = 1 << 14, // property is a DOM JIT attribute - only used by static hashtables
</span><ins>+ DOMJITFunction = 1 << 15, // property is a DOM JIT function - only used by static hashtables
</ins><span class="cx"> BuiltinOrFunction = Builtin | Function, // helper only used by static hashtables
</span><span class="cx"> BuiltinOrFunctionOrLazyProperty = Builtin | Function | CellProperty | ClassStructure | PropertyCallback, // helper only used by static hashtables
</span><span class="cx"> BuiltinOrFunctionOrAccessorOrLazyProperty = Builtin | Function | Accessor | CellProperty | ClassStructure | PropertyCallback, // helper only used by static hashtables
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/VM.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -516,10 +516,10 @@
</span><span class="cx">
</span><span class="cx"> NativeExecutable* VM::getHostFunction(NativeFunction function, NativeFunction constructor, const String& name)
</span><span class="cx"> {
</span><del>- return getHostFunction(function, NoIntrinsic, constructor, name);
</del><ins>+ return getHostFunction(function, NoIntrinsic, constructor, nullptr, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-NativeExecutable* VM::getHostFunction(NativeFunction function, Intrinsic intrinsic, NativeFunction constructor, const String& name)
</del><ins>+NativeExecutable* VM::getHostFunction(NativeFunction function, Intrinsic intrinsic, NativeFunction constructor, const DOMJIT::Signature* signature, const String& name)
</ins><span class="cx"> {
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> if (canUseJIT()) {
</span><span class="lines">@@ -526,7 +526,7 @@
</span><span class="cx"> return jitStubs->hostFunctionStub(
</span><span class="cx"> this, function, constructor,
</span><span class="cx"> intrinsic != NoIntrinsic ? thunkGeneratorForIntrinsic(intrinsic) : 0,
</span><del>- intrinsic, name);
</del><ins>+ intrinsic, signature, name);
</ins><span class="cx"> }
</span><span class="cx"> #else // ENABLE(JIT)
</span><span class="cx"> UNUSED_PARAM(intrinsic);
</span><span class="lines">@@ -534,7 +534,7 @@
</span><span class="cx"> return NativeExecutable::create(*this,
</span><span class="cx"> adoptRef(new NativeJITCode(MacroAssemblerCodeRef::createLLIntCodeRef(llint_native_call_trampoline), JITCode::HostCallThunk)), function,
</span><span class="cx"> adoptRef(new NativeJITCode(MacroAssemblerCodeRef::createLLIntCodeRef(llint_native_construct_trampoline), JITCode::HostCallThunk)), constructor,
</span><del>- NoIntrinsic, name);
</del><ins>+ NoIntrinsic, signature, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> VM::ClientData::~ClientData()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/JavaScriptCore/runtime/VM.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -429,7 +429,7 @@
</span><span class="cx"> std::unique_ptr<FTL::Thunks> ftlThunks;
</span><span class="cx"> #endif
</span><span class="cx"> NativeExecutable* getHostFunction(NativeFunction, NativeFunction constructor, const String& name);
</span><del>- NativeExecutable* getHostFunction(NativeFunction, Intrinsic intrinsic, NativeFunction constructor, const String& name);
</del><ins>+ NativeExecutable* getHostFunction(NativeFunction, Intrinsic, NativeFunction constructor, const DOMJIT::Signature*, const String& name);
</ins><span class="cx">
</span><span class="cx"> static ptrdiff_t exceptionOffset()
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceWebCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/CMakeLists.txt (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/CMakeLists.txt 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/CMakeLists.txt 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1537,7 +1537,6 @@
</span><span class="cx">
</span><span class="cx"> dom/default/PlatformMessagePortChannel.cpp
</span><span class="cx">
</span><del>- domjit/DOMJITAbstractHeapRepository.cpp
</del><span class="cx"> domjit/DOMJITHelpers.cpp
</span><span class="cx"> domjit/JSDocumentDOMJIT.cpp
</span><span class="cx"> domjit/JSNodeDOMJIT.cpp
</span><span class="lines">@@ -3511,6 +3510,15 @@
</span><span class="cx"> list(APPEND WebCore_DERIVED_SOURCES ${DERIVED_SOURCES_WEBCORE_DIR}/ColorData.cpp)
</span><span class="cx">
</span><span class="cx">
</span><ins>+# Generate DOMJITAbstractHeapRepository.h
+add_custom_command(
+ OUTPUT ${DERIVED_SOURCES_WEBCORE_DIR}/DOMJITAbstractHeapRepository.h
+ MAIN_DEPENDENCY domjit/DOMJITAbstractHeapRepository.yaml
+ DEPENDS ${WEBCORE_DIR}/domjit/generate-abstract-heap.rb
+ COMMAND ${RUBY_EXECUTABLE} ${WEBCORE_DIR}/domjit/generate-abstract-heap.rb ${WEBCORE_DIR}/domjit/DOMJITAbstractHeapRepository.yaml ${DERIVED_SOURCES_WEBCORE_DIR}/DOMJITAbstractHeapRepository.h
+ VERBATIM)
+list(APPEND WebCore_DERIVED_SOURCES ${DERIVED_SOURCES_WEBCORE_DIR}/DOMJITAbstractHeapRepository.h)
+
</ins><span class="cx"> # Generate XMLViewerCSS.h
</span><span class="cx"> add_custom_command(
</span><span class="cx"> OUTPUT ${DERIVED_SOURCES_WEBCORE_DIR}/XMLViewerCSS.h ${DERIVED_SOURCES_WEBCORE_DIR}/XMLViewer.min.css
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/ChangeLog 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1,3 +1,110 @@
</span><ins>+2016-11-02 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [DOMJIT] Add DOMJIT::Signature
+ https://bugs.webkit.org/show_bug.cgi?id=162980
+
+ Reviewed by Saam Barati and Sam Weinig.
+
+ We introduce DOMJIT::Signature. This signature object is automatically generated by IDL code generator.
+ It holds (1) types, (2) pointer to the unsafe function (the function without checks), and (3) the effect
+ of the function. We use constexpr to initialize DOMJIT::Signature without invoking global constructors.
+ Thus the content is embedded into the binary as the constant values.
+
+ We also clean up the IDL code generator related to DOMJIT part. Instead of switching things inside IDL
+ code generator, we use C++ template to dispatch things at compile time. This template meta programming
+ is highly utilized in IDL these days.
+
+ To make DOMJIT::Signature constexpr, we also need to define DOMJIT abstract heap things in the build time.
+ To do so, we introduce a tiny Ruby script to calculate the range of abstract heaps. We can offer the abstract
+ heap tree as YAML format and the script will produce a C++ header holding the calculated abstract heap ranges
+
+ * CMakeLists.txt:
+ * DerivedSources.make:
+ * ForwardingHeaders/bytecode/SpeculatedType.h: Renamed from Source/WebCore/domjit/DOMJITAbstractHeapRepository.h.
+ * ForwardingHeaders/domjit/DOMJITSignature.h: Renamed from Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp.
+ * WebCore.xcodeproj/project.pbxproj:
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateHeader):
+ (GeneratePropertiesHashTable):
+ (GetUnsafeArgumentType):
+ (GetArgumentTypeFilter):
+ (GetResultTypeFilter):
+ (GenerateImplementation):
+ (UnsafeToNative):
+ (GenerateHashTableValueArray):
+ (ComputeFunctionSpecial):
+ * bindings/scripts/IDLAttributes.txt:
+ * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
+ (WebCore::BindingCaller<JSTestDOMJIT>::castForOperation):
+ (WebCore::TestDOMJITAnyAttrDOMJIT::TestDOMJITAnyAttrDOMJIT):
+ (WebCore::TestDOMJITBooleanAttrDOMJIT::TestDOMJITBooleanAttrDOMJIT):
+ (WebCore::TestDOMJITByteAttrDOMJIT::TestDOMJITByteAttrDOMJIT):
+ (WebCore::TestDOMJITOctetAttrDOMJIT::TestDOMJITOctetAttrDOMJIT):
+ (WebCore::TestDOMJITShortAttrDOMJIT::TestDOMJITShortAttrDOMJIT):
+ (WebCore::TestDOMJITUnsignedShortAttrDOMJIT::TestDOMJITUnsignedShortAttrDOMJIT):
+ (WebCore::TestDOMJITLongAttrDOMJIT::TestDOMJITLongAttrDOMJIT):
+ (WebCore::TestDOMJITUnsignedLongAttrDOMJIT::TestDOMJITUnsignedLongAttrDOMJIT):
+ (WebCore::TestDOMJITLongLongAttrDOMJIT::TestDOMJITLongLongAttrDOMJIT):
+ (WebCore::TestDOMJITUnsignedLongLongAttrDOMJIT::TestDOMJITUnsignedLongLongAttrDOMJIT):
+ (WebCore::TestDOMJITFloatAttrDOMJIT::TestDOMJITFloatAttrDOMJIT):
+ (WebCore::TestDOMJITUnrestrictedFloatAttrDOMJIT::TestDOMJITUnrestrictedFloatAttrDOMJIT):
+ (WebCore::TestDOMJITDoubleAttrDOMJIT::TestDOMJITDoubleAttrDOMJIT):
+ (WebCore::TestDOMJITUnrestrictedDoubleAttrDOMJIT::TestDOMJITUnrestrictedDoubleAttrDOMJIT):
+ (WebCore::TestDOMJITDomStringAttrDOMJIT::TestDOMJITDomStringAttrDOMJIT):
+ (WebCore::TestDOMJITByteStringAttrDOMJIT::TestDOMJITByteStringAttrDOMJIT):
+ (WebCore::TestDOMJITUsvStringAttrDOMJIT::TestDOMJITUsvStringAttrDOMJIT):
+ (WebCore::TestDOMJITNodeAttrDOMJIT::TestDOMJITNodeAttrDOMJIT):
+ (WebCore::TestDOMJITBooleanNullableAttrDOMJIT::TestDOMJITBooleanNullableAttrDOMJIT):
+ (WebCore::TestDOMJITByteNullableAttrDOMJIT::TestDOMJITByteNullableAttrDOMJIT):
+ (WebCore::TestDOMJITOctetNullableAttrDOMJIT::TestDOMJITOctetNullableAttrDOMJIT):
+ (WebCore::TestDOMJITShortNullableAttrDOMJIT::TestDOMJITShortNullableAttrDOMJIT):
+ (WebCore::TestDOMJITUnsignedShortNullableAttrDOMJIT::TestDOMJITUnsignedShortNullableAttrDOMJIT):
+ (WebCore::TestDOMJITLongNullableAttrDOMJIT::TestDOMJITLongNullableAttrDOMJIT):
+ (WebCore::TestDOMJITUnsignedLongNullableAttrDOMJIT::TestDOMJITUnsignedLongNullableAttrDOMJIT):
+ (WebCore::TestDOMJITLongLongNullableAttrDOMJIT::TestDOMJITLongLongNullableAttrDOMJIT):
+ (WebCore::TestDOMJITUnsignedLongLongNullableAttrDOMJIT::TestDOMJITUnsignedLongLongNullableAttrDOMJIT):
+ (WebCore::TestDOMJITFloatNullableAttrDOMJIT::TestDOMJITFloatNullableAttrDOMJIT):
+ (WebCore::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT):
+ (WebCore::TestDOMJITDoubleNullableAttrDOMJIT::TestDOMJITDoubleNullableAttrDOMJIT):
+ (WebCore::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT):
+ (WebCore::TestDOMJITDomStringNullableAttrDOMJIT::TestDOMJITDomStringNullableAttrDOMJIT):
+ (WebCore::TestDOMJITByteStringNullableAttrDOMJIT::TestDOMJITByteStringNullableAttrDOMJIT):
+ (WebCore::TestDOMJITUsvStringNullableAttrDOMJIT::TestDOMJITUsvStringNullableAttrDOMJIT):
+ (WebCore::TestDOMJITNodeNullableAttrDOMJIT::TestDOMJITNodeNullableAttrDOMJIT):
+ (WebCore::jsTestDOMJITPrototypeFunctionGetAttribute):
+ (WebCore::jsTestDOMJITPrototypeFunctionGetAttributeCaller):
+ (WebCore::unsafeJsTestDOMJITPrototypeFunctionGetAttribute):
+ (WebCore::jsTestDOMJITPrototypeFunctionItem):
+ (WebCore::jsTestDOMJITPrototypeFunctionItemCaller):
+ (WebCore::unsafeJsTestDOMJITPrototypeFunctionItem):
+ (WebCore::jsTestDOMJITPrototypeFunctionHasAttribute):
+ (WebCore::jsTestDOMJITPrototypeFunctionHasAttributeCaller):
+ (WebCore::unsafeJsTestDOMJITPrototypeFunctionHasAttribute):
+ (WebCore::jsTestDOMJITPrototypeFunctionGetElementById):
+ (WebCore::jsTestDOMJITPrototypeFunctionGetElementByIdCaller):
+ (WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementById):
+ (WebCore::jsTestDOMJITPrototypeFunctionGetElementsByName):
+ (WebCore::jsTestDOMJITPrototypeFunctionGetElementsByNameCaller):
+ (WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementsByName):
+ * bindings/scripts/test/TestDOMJIT.idl:
+ * dom/Element.idl:
+ * domjit/DOMJITAbstractHeapRepository.yaml: Added.
+ * domjit/DOMJITIDLConvert.h: Added.
+ (WebCore::DOMJIT::DirectConverter<IDLDOMString>::directConvert<StringConversionConfiguration::Normal>):
+ * domjit/DOMJITIDLType.h: Added.
+ * domjit/DOMJITIDLTypeFilter.h: Added.
+ * domjit/JSDocumentDOMJIT.cpp:
+ (WebCore::DocumentDocumentElementDOMJIT::callDOMGetter):
+ * domjit/JSNodeDOMJIT.cpp:
+ (WebCore::NodeFirstChildDOMJIT::callDOMGetter):
+ (WebCore::NodeLastChildDOMJIT::callDOMGetter):
+ (WebCore::NodeNextSiblingDOMJIT::callDOMGetter):
+ (WebCore::NodePreviousSiblingDOMJIT::callDOMGetter):
+ (WebCore::NodeParentNodeDOMJIT::callDOMGetter):
+ (WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter):
+ * domjit/generate-abstract-heap.rb: Added.
+
</ins><span class="cx"> 2016-11-02 Simon Fraser <simon.fraser@apple.com>
</span><span class="cx">
</span><span class="cx"> Followup after r208314.
</span></span></pre></div>
<a id="trunkSourceWebCoreDerivedSourcesmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/DerivedSources.make (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/DerivedSources.make 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/DerivedSources.make 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -747,6 +747,7 @@
</span><span class="cx">
</span><span class="cx"> PYTHON = python
</span><span class="cx"> PERL = perl
</span><ins>+RUBY = ruby
</ins><span class="cx">
</span><span class="cx"> ifeq ($(OS),Windows_NT)
</span><span class="cx"> DELETE = cmd //C del
</span><span class="lines">@@ -853,6 +854,7 @@
</span><span class="cx"> CSSValueKeywords.cpp \
</span><span class="cx"> CSSValueKeywords.h \
</span><span class="cx"> ColorData.cpp \
</span><ins>+ DOMJITAbstractHeapRepository.h \
</ins><span class="cx"> EventInterfaces.h \
</span><span class="cx"> EventTargetInterfaces.h \
</span><span class="cx"> ExceptionCodeDescription.cpp \
</span><span class="lines">@@ -942,6 +944,15 @@
</span><span class="cx">
</span><span class="cx"> # --------
</span><span class="cx">
</span><ins>+# DOMJIT Abstract Heap
+
+all : DOMJITAbstractHeapRepository.h
+
+DOMJITAbstractHeapRepository.h : $(WebCore)/domjit/generate-abstract-heap.rb $(WebCore)/domjit/DOMJITAbstractHeapRepository.yaml
+ $(RUBY) "$(WebCore)/domjit/generate-abstract-heap.rb" $(WebCore)/domjit/DOMJITAbstractHeapRepository.yaml ./DOMJITAbstractHeapRepository.h
+
+# --------
+
</ins><span class="cx"> # XMLViewer CSS
</span><span class="cx">
</span><span class="cx"> all : XMLViewerCSS.h
</span></span></pre></div>
<a id="trunkSourceWebCoreForwardingHeadersbytecodeSpeculatedTypehfromrev208319trunkSourceWebCoredomjitDOMJITAbstractHeapRepositoryh"></a>
<div class="copfile"><h4>Copied: trunk/Source/WebCore/ForwardingHeaders/bytecode/SpeculatedType.h (from rev 208319, trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.h) (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ForwardingHeaders/bytecode/SpeculatedType.h (rev 0)
+++ trunk/Source/WebCore/ForwardingHeaders/bytecode/SpeculatedType.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WebCore_FWD_SpeculatedType_h
+#define WebCore_FWD_SpeculatedType_h
+#include <JavaScriptCore/SpeculatedType.h>
+#endif
</ins></span></pre></div>
<a id="trunkSourceWebCoreForwardingHeadersdomjitDOMJITSignaturehfromrev208319trunkSourceWebCoredomjitDOMJITAbstractHeapRepositorycpp"></a>
<div class="copfile"><h4>Copied: trunk/Source/WebCore/ForwardingHeaders/domjit/DOMJITSignature.h (from rev 208319, trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp) (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ForwardingHeaders/domjit/DOMJITSignature.h (rev 0)
+++ trunk/Source/WebCore/ForwardingHeaders/domjit/DOMJITSignature.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WebCore_FWD_DOMJITSignature_h
+#define WebCore_FWD_DOMJITSignature_h
+#include <JavaScriptCore/DOMJITSignature.h>
+#endif
</ins></span></pre></div>
<a id="trunkSourceWebCoreWebCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -6216,12 +6216,13 @@
</span><span class="cx"> E3150EA71DA7219300194012 /* DOMJITHelpers.h in Headers */ = {isa = PBXBuildFile; fileRef = E3150EA51DA7218D00194012 /* DOMJITHelpers.h */; };
</span><span class="cx"> E318039D1DC40099009932C2 /* JSDynamicDowncast.h in Headers */ = {isa = PBXBuildFile; fileRef = E3A5872E1DC3F52600F607A6 /* JSDynamicDowncast.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> E3565B7B1DC2D6C900217DBD /* JSEventCustom.h in Headers */ = {isa = PBXBuildFile; fileRef = E34EE49F1DC2D57500EAA9D3 /* JSEventCustom.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>- E35CA14D1DBC3A3F00F83516 /* DOMJITAbstractHeapRepository.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E35CA14B1DBC3A3C00F83516 /* DOMJITAbstractHeapRepository.cpp */; };
- E35CA14E1DBC3A4200F83516 /* DOMJITAbstractHeapRepository.h in Headers */ = {isa = PBXBuildFile; fileRef = E35CA14C1DBC3A3C00F83516 /* DOMJITAbstractHeapRepository.h */; };
</del><ins>+ E35802B61DC8435D00A9773C /* DOMJITIDLTypeFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = E35802B51DC8435800A9773C /* DOMJITIDLTypeFilter.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> E377FE4D1DADE16500CDD025 /* NodeConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = E3D049931DADC04500718F3C /* NodeConstants.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> E38838981BAD145F00D62EE3 /* ScriptModuleLoader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E38838941BAD145F00D62EE3 /* ScriptModuleLoader.cpp */; };
</span><span class="cx"> E38838991BAD145F00D62EE3 /* ScriptModuleLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = E38838951BAD145F00D62EE3 /* ScriptModuleLoader.h */; };
</span><span class="cx"> E398FC241DC32A20003C4684 /* DOMJITHelpers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E398FC231DC32A1B003C4684 /* DOMJITHelpers.cpp */; };
</span><ins>+ E3A776671DC85D2800B690D8 /* DOMJITIDLConvert.h in Headers */ = {isa = PBXBuildFile; fileRef = E3A776651DC85D2200B690D8 /* DOMJITIDLConvert.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ E3A776681DC85D2800B690D8 /* DOMJITIDLType.h in Headers */ = {isa = PBXBuildFile; fileRef = E3A776661DC85D2200B690D8 /* DOMJITIDLType.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> E3B2F0EB1D7F4C9D00B0C9D1 /* LoadableClassicScript.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E3B2F0E31D7F35EC00B0C9D1 /* LoadableClassicScript.cpp */; };
</span><span class="cx"> E3B2F0EC1D7F4CA100B0C9D1 /* LoadableScript.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E3B2F0E91D7F3D3C00B0C9D1 /* LoadableScript.cpp */; };
</span><span class="cx"> E3B2F0ED1D7F4CA300B0C9D1 /* LoadableScript.h in Headers */ = {isa = PBXBuildFile; fileRef = E3B2F0E71D7F35EC00B0C9D1 /* LoadableScript.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -14076,13 +14077,15 @@
</span><span class="cx"> E1FF8F6A180DB5BE00132674 /* CryptoAlgorithmRegistry.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptoAlgorithmRegistry.cpp; sourceTree = "<group>"; };
</span><span class="cx"> E1FF8F6B180DB5BE00132674 /* CryptoAlgorithmRegistry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmRegistry.h; sourceTree = "<group>"; };
</span><span class="cx"> E3150EA51DA7218D00194012 /* DOMJITHelpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITHelpers.h; sourceTree = "<group>"; };
</span><ins>+ E334825E1DC93AA0009C9544 /* DOMJITAbstractHeapRepository.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITAbstractHeapRepository.h; sourceTree = "<group>"; };
</ins><span class="cx"> E34EE49F1DC2D57500EAA9D3 /* JSEventCustom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSEventCustom.h; sourceTree = "<group>"; };
</span><del>- E35CA14B1DBC3A3C00F83516 /* DOMJITAbstractHeapRepository.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMJITAbstractHeapRepository.cpp; sourceTree = "<group>"; };
- E35CA14C1DBC3A3C00F83516 /* DOMJITAbstractHeapRepository.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITAbstractHeapRepository.h; sourceTree = "<group>"; };
</del><ins>+ E35802B51DC8435800A9773C /* DOMJITIDLTypeFilter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITIDLTypeFilter.h; sourceTree = "<group>"; };
</ins><span class="cx"> E38838941BAD145F00D62EE3 /* ScriptModuleLoader.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScriptModuleLoader.cpp; sourceTree = "<group>"; };
</span><span class="cx"> E38838951BAD145F00D62EE3 /* ScriptModuleLoader.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScriptModuleLoader.h; sourceTree = "<group>"; };
</span><span class="cx"> E398FC231DC32A1B003C4684 /* DOMJITHelpers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMJITHelpers.cpp; sourceTree = "<group>"; };
</span><span class="cx"> E3A5872E1DC3F52600F607A6 /* JSDynamicDowncast.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSDynamicDowncast.h; sourceTree = "<group>"; };
</span><ins>+ E3A776651DC85D2200B690D8 /* DOMJITIDLConvert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITIDLConvert.h; sourceTree = "<group>"; };
+ E3A776661DC85D2200B690D8 /* DOMJITIDLType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITIDLType.h; sourceTree = "<group>"; };
</ins><span class="cx"> E3AFA9641DA6E908002861BD /* JSNodeDOMJIT.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSNodeDOMJIT.cpp; sourceTree = "<group>"; };
</span><span class="cx"> E3B2F0E31D7F35EC00B0C9D1 /* LoadableClassicScript.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LoadableClassicScript.cpp; sourceTree = "<group>"; };
</span><span class="cx"> E3B2F0E41D7F35EC00B0C9D1 /* LoadableClassicScript.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LoadableClassicScript.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -17280,6 +17283,7 @@
</span><span class="cx"> 6565814709D13043000E61D7 /* CSSValueKeywords.gperf */,
</span><span class="cx"> 6565814809D13043000E61D7 /* CSSValueKeywords.h */,
</span><span class="cx"> 9B3A8871145632F9003AE8F5 /* DOMDOMSettableTokenList.h */,
</span><ins>+ E334825E1DC93AA0009C9544 /* DOMJITAbstractHeapRepository.h */,
</ins><span class="cx"> E1C6CFC21746D293007B87A1 /* DOMWindowConstructors.idl */,
</span><span class="cx"> 970B72A5145008EB00F00A37 /* EventHeaders.h */,
</span><span class="cx"> 970B7289144FFAC600F00A37 /* EventInterfaces.h */,
</span><span class="lines">@@ -22897,11 +22901,12 @@
</span><span class="cx"> E3AFA9631DA6E8AF002861BD /* domjit */ = {
</span><span class="cx"> isa = PBXGroup;
</span><span class="cx"> children = (
</span><del>- E35CA14B1DBC3A3C00F83516 /* DOMJITAbstractHeapRepository.cpp */,
- E35CA14C1DBC3A3C00F83516 /* DOMJITAbstractHeapRepository.h */,
</del><span class="cx"> E3C99A081DC3D41700794AD3 /* DOMJITCheckDOM.h */,
</span><span class="cx"> E398FC231DC32A1B003C4684 /* DOMJITHelpers.cpp */,
</span><span class="cx"> E3150EA51DA7218D00194012 /* DOMJITHelpers.h */,
</span><ins>+ E3A776651DC85D2200B690D8 /* DOMJITIDLConvert.h */,
+ E3A776661DC85D2200B690D8 /* DOMJITIDLType.h */,
+ E35802B51DC8435800A9773C /* DOMJITIDLTypeFilter.h */,
</ins><span class="cx"> E3B7C0621DC3415A001FB0B8 /* JSDocumentDOMJIT.cpp */,
</span><span class="cx"> E3AFA9641DA6E908002861BD /* JSNodeDOMJIT.cpp */,
</span><span class="cx"> );
</span><span class="lines">@@ -25768,6 +25773,7 @@
</span><span class="cx"> 460CBF361D4BCD0E0092E88E /* JSDOMWindowProperties.h in Headers */,
</span><span class="cx"> BCBFB53D0DCD29CF0019B3E5 /* JSDOMWindowShell.h in Headers */,
</span><span class="cx"> 65E0E9441133C89F00B4CB10 /* JSDOMWrapper.h in Headers */,
</span><ins>+ E3A776671DC85D2800B690D8 /* DOMJITIDLConvert.h in Headers */,
</ins><span class="cx"> FD7868BA136B999200D403DF /* JSDynamicsCompressorNode.h in Headers */,
</span><span class="cx"> 65DF31FA09D1CC60000BE325 /* JSElement.h in Headers */,
</span><span class="cx"> ADEC78F818EE5308001315C2 /* JSElementCustom.h in Headers */,
</span><span class="lines">@@ -27333,6 +27339,7 @@
</span><span class="cx"> 08525E631278C00100A84778 /* SVGAnimatedStaticPropertyTearOff.h in Headers */,
</span><span class="cx"> 084DB59B128008CC002A6D64 /* SVGAnimatedString.h in Headers */,
</span><span class="cx"> 08250939128BD4D800E2ED8E /* SVGAnimatedTransformList.h in Headers */,
</span><ins>+ E3A776681DC85D2800B690D8 /* DOMJITIDLType.h in Headers */,
</ins><span class="cx"> 085A15931289A8DD002710E3 /* SVGAnimatedTransformListPropertyTearOff.h in Headers */,
</span><span class="cx"> 439D334313A6911C00C20F4F /* SVGAnimatedType.h in Headers */,
</span><span class="cx"> 439D334413A6911C00C20F4F /* SVGAnimatedTypeAnimator.h in Headers */,
</span><span class="lines">@@ -27870,6 +27877,7 @@
</span><span class="cx"> 97AABD2314FA09D5007457AE /* WebSocketExtensionDispatcher.h in Headers */,
</span><span class="cx"> 4A5A2ADC161E7E00005889DD /* WebSocketExtensionParser.h in Headers */,
</span><span class="cx"> 97AABD2414FA09D5007457AE /* WebSocketExtensionProcessor.h in Headers */,
</span><ins>+ E35802B61DC8435D00A9773C /* DOMJITIDLTypeFilter.h in Headers */,
</ins><span class="cx"> 97AABD2514FA09D5007457AE /* WebSocketFrame.h in Headers */,
</span><span class="cx"> 97AABD2714FA09D5007457AE /* WebSocketHandshake.h in Headers */,
</span><span class="cx"> 31DEA4561B39F4D900F77178 /* WebSystemBackdropLayer.h in Headers */,
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMGlobalObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -81,7 +81,7 @@
</span><span class="cx"> public:
</span><span class="cx"> ~JSDOMGlobalObject();
</span><span class="cx">
</span><del>- static const JSC::ClassInfo* info() { return &s_info; }
</del><ins>+ static constexpr const JSC::ClassInfo* info() { return &s_info; }
</ins><span class="cx">
</span><span class="cx"> static JSC::Structure* createStructure(JSC::VM& vm, JSC::JSValue prototype)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1471,7 +1471,7 @@
</span><span class="cx"> push(@headerContent, "protected:\n");
</span><span class="cx"> push(@headerContent, " static const JSC::ClassInfo s_info;\n");
</span><span class="cx"> push(@headerContent, "public:\n");
</span><del>- push(@headerContent, " static const JSC::ClassInfo* info() { return &s_info; }\n\n");
</del><ins>+ push(@headerContent, " static constexpr const JSC::ClassInfo* info() { return &s_info; }\n\n");
</ins><span class="cx"> } else {
</span><span class="cx"> push(@headerContent, "\n");
</span><span class="cx"> push(@headerContent, " DECLARE_INFO;\n\n");
</span><span class="lines">@@ -1925,7 +1925,11 @@
</span><span class="cx"> # FIXME: Remove this once we can get rid of the quirk introduced in https://bugs.webkit.org/show_bug.cgi?id=163967.
</span><span class="cx"> $functionLength = 3 if $interfaceName eq "Event" and $function->name eq "initEvent";
</span><span class="cx">
</span><del>- push(@$hashValue2, $functionLength);
</del><ins>+ if ($function->extendedAttributes->{DOMJIT}) {
+ push(@$hashValue2, "&DOMJITSignatureFor" . $interface->type->name . $codeGenerator->WK_ucfirst($function->name));
+ } else {
+ push(@$hashValue2, $functionLength);
+ }
</ins><span class="cx">
</span><span class="cx"> push(@$hashSpecials, ComputeFunctionSpecial($interface, $function));
</span><span class="cx">
</span><span class="lines">@@ -2541,41 +2545,30 @@
</span><span class="cx"> push(@implContent, " putDirectWithoutTransition(vm, vm.propertyNames->unscopablesSymbol, &unscopables, DontEnum | ReadOnly);\n");
</span><span class="cx"> }
</span><span class="cx">
</span><del>-sub GetResultTypeFilter
</del><ins>+sub GetUnsafeArgumentType
</ins><span class="cx"> {
</span><del>- my ($type) = @_;
</del><ins>+ my ($interface, $type) = @_;
</ins><span class="cx">
</span><del>- my %TypeFilters = (
- "any" => "SpecHeapTop",
- "boolean" => "SpecBoolean",
- "byte" => "SpecInt32Only",
- "octet" => "SpecInt32Only",
- "short" => "SpecInt32Only",
- "unsigned short" => "SpecInt32Only",
- "long" => "SpecInt32Only",
- "unsigned long" => "SpecBytecodeNumber",
- "long long" => "SpecBytecodeNumber",
- "unsigned long long" => "SpecBytecodeNumber",
- "float" => "SpecBytecodeNumber",
- "unrestricted float" => "SpecBytecodeNumber",
- "double" => "SpecBytecodeNumber",
- "unrestricted double" => "SpecBytecodeNumber",
- "DOMString" => "SpecString",
- "ByteString" => "SpecString",
- "USVString" => "SpecString",
- );
</del><ins>+ my $IDLType = GetIDLType($interface, $type);
+ return "DOMJIT::IDLJSArgumentType<${IDLType}>";
+}
</ins><span class="cx">
</span><del>- if (exists $TypeFilters{$type->name}) {
- my $resultType = "JSC::$TypeFilters{$type->name}";
- if ($type->isNullable) {
- die "\"any\" type must not become nullable." if $type->name eq "any";
- $resultType = "($resultType | JSC::SpecOther)";
- }
- return $resultType;
- }
- return "SpecHeapTop";
</del><ins>+sub GetArgumentTypeFilter
+{
+ my ($interface, $type) = @_;
+
+ my $IDLType = GetIDLType($interface, $type);
+ return "DOMJIT::IDLArgumentTypeFilter<${IDLType}>::value";
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+sub GetResultTypeFilter
+{
+ my ($interface, $type) = @_;
+
+ my $IDLType = GetIDLType($interface, $type);
+ return "DOMJIT::IDLResultTypeFilter<${IDLType}>::value";
+}
+
</ins><span class="cx"> sub GenerateImplementation
</span><span class="cx"> {
</span><span class="cx"> my ($object, $interface, $enumerations, $dictionaries) = @_;
</span><span class="lines">@@ -2644,6 +2637,17 @@
</span><span class="cx"> push(@implContent, "#if ${conditionalString}\n") if $conditionalString;
</span><span class="cx"> my $functionName = GetFunctionName($interface, $className, $function);
</span><span class="cx"> push(@implContent, "JSC::EncodedJSValue JSC_HOST_CALL ${functionName}(JSC::ExecState*);\n");
</span><ins>+ if ($function->extendedAttributes->{DOMJIT}) {
+ $implIncludes{"DOMJITIDLType.h"} = 1;
+ my $unsafeFunctionName = "unsafe" . $codeGenerator->WK_ucfirst($functionName);
+ my $functionSignature = "JSC::EncodedJSValue JSC_HOST_CALL ${unsafeFunctionName}(JSC::ExecState*, $className*";
+ foreach my $argument (@{$function->arguments}) {
+ my $type = $argument->type;
+ my $argumentType = GetUnsafeArgumentType($interface, $type);
+ $functionSignature .= ", ${argumentType}";
+ }
+ push(@implContent, $functionSignature . ");\n");
+ }
</ins><span class="cx"> push(@implContent, "#endif\n") if $conditionalString;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2680,6 +2684,37 @@
</span><span class="cx"> push(@implContent, "\n");
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ if ($numFunctions > 0) {
+ foreach my $function (@functions) {
+ next unless $function->extendedAttributes->{DOMJIT};
+ $implIncludes{"DOMJITIDLTypeFilter.h"} = 1;
+ $implIncludes{"DOMJITCheckDOM.h"} = 1;
+ $implIncludes{"DOMJITAbstractHeapRepository.h"} = 1;
+
+ my $isOverloaded = $function->{overloads} && @{$function->{overloads}} > 1;
+ die "Overloads is not supported in DOMJIT" if $isOverloaded;
+ die "Currently ReadDOM value is only allowed" unless $codeGenerator->ExtendedAttributeContains($function->extendedAttributes->{DOMJIT}, "ReadDOM");
+
+ my $interfaceName = $interface->type->name;
+ my $functionName = GetFunctionName($interface, $className, $function);
+ my $unsafeFunctionName = "unsafe" . $codeGenerator->WK_ucfirst($functionName);
+ my $domJITSignatureName = "DOMJITSignatureFor" . $interface->type->name . $codeGenerator->WK_ucfirst($function->name);
+ my $classInfo = "JS" . $interface->type->name . "::info()";
+ my $resultType = GetResultTypeFilter($interface, $function->type);
+ my $domJITSignature = "static const JSC::DOMJIT::Signature ${domJITSignatureName}((uintptr_t)${unsafeFunctionName}, DOMJIT::checkDOM<$interfaceName>, $classInfo, JSC::DOMJIT::Effect::forRead(DOMJIT::AbstractHeapRepository::DOM), ${resultType}";
+ foreach my $argument (@{$function->arguments}) {
+ my $type = $argument->type;
+ my $argumentType = GetArgumentTypeFilter($interface, $type);
+ $domJITSignature .= ", ${argumentType}";
+ }
+ my $conditionalString = $codeGenerator->GenerateConditionalString($function);
+ push(@implContent, "#if ${conditionalString}\n") if $conditionalString;
+ push(@implContent, $domJITSignature . ");\n");
+ push(@implContent, "#endif\n") if $conditionalString;
+ push(@implContent, "\n");
+ }
+ }
+
</ins><span class="cx"> GeneratePrototypeDeclaration(\@implContent, $className, $interface) if !HeaderNeedsPrototypeDeclaration($interface);
</span><span class="cx">
</span><span class="cx"> GenerateConstructorDeclaration(\@implContent, $className, $interface) if NeedsConstructorProperty($interface);
</span><span class="lines">@@ -2776,7 +2811,11 @@
</span><span class="cx"> push(@hashValue1, $functionName);
</span><span class="cx">
</span><span class="cx"> my $functionLength = GetFunctionLength($function);
</span><del>- push(@hashValue2, $functionLength);
</del><ins>+ if ($function->extendedAttributes->{DOMJIT}) {
+ push(@hashValue2, "DOMJITFunctionFor" . $interface->type->name . $codeGenerator->WK_ucfirst($function->name));
+ } else {
+ push(@hashValue2, $functionLength);
+ }
</ins><span class="cx">
</span><span class="cx"> push(@hashSpecials, ComputeFunctionSpecial($interface, $function));
</span><span class="cx">
</span><span class="lines">@@ -3338,6 +3377,7 @@
</span><span class="cx">
</span><span class="cx"> if ($attribute->extendedAttributes->{"DOMJIT"}) {
</span><span class="cx"> $implIncludes{"<wtf/NeverDestroyed.h>"} = 1;
</span><ins>+ $implIncludes{"DOMJITIDLTypeFilter.h"} = 1;
</ins><span class="cx"> my $interfaceName = $interface->type->name;
</span><span class="cx"> my $attributeName = $attribute->name;
</span><span class="cx"> my $generatorName = $interfaceName . $codeGenerator->WK_ucfirst($attribute->name);
</span><span class="lines">@@ -3344,7 +3384,7 @@
</span><span class="cx"> my $domJITClassName = $generatorName . "DOMJIT";
</span><span class="cx"> my $getter = GetAttributeGetterName($interface, $generatorName, $attribute);
</span><span class="cx"> my $setter = IsReadonly($attribute) ? "nullptr" : GetAttributeSetterName($interface, $generatorName, $attribute);
</span><del>- my $resultType = GetResultTypeFilter($attribute->type);
</del><ins>+ my $resultType = GetResultTypeFilter($interface, $attribute->type);
</ins><span class="cx"> push(@implContent, "$domJITClassName::$domJITClassName()\n");
</span><span class="cx"> push(@implContent, " : JSC::DOMJIT::GetterSetter($getter, $setter, ${className}::info(), $resultType)\n");
</span><span class="cx"> push(@implContent, "{\n");
</span><span class="lines">@@ -3838,6 +3878,78 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> push(@implContent, "}\n\n");
</span><ins>+
+ if ($function->extendedAttributes->{DOMJIT}) {
+ $implIncludes{"<interpreter/FrameTracers.h>"} = 1;
+ my $unsafeFunctionName = "unsafe" . $codeGenerator->WK_ucfirst($functionName);
+ push(@implContent, "JSC::EncodedJSValue JSC_HOST_CALL ${unsafeFunctionName}(JSC::ExecState* state, $className* castedThis");
+ foreach my $argument (@{$function->arguments}) {
+ my $type = $argument->type;
+ my $argumentType = GetUnsafeArgumentType($interface, $type);
+ my $name = $argument->name;
+ my $encodedName = "encoded" . $codeGenerator->WK_ucfirst($name);
+ push(@implContent, ", ${argumentType} ${encodedName}");
+ }
+ push(@implContent, ")\n");
+ push(@implContent, "{\n");
+ push(@implContent, " UNUSED_PARAM(state);\n");
+ push(@implContent, " VM& vm = state->vm();\n");
+ push(@implContent, " JSC::NativeCallFrameTracer tracer(&vm, state);\n");
+ push(@implContent, " auto throwScope = DECLARE_THROW_SCOPE(vm);\n");
+ push(@implContent, " UNUSED_PARAM(throwScope);\n");
+ push(@implContent, " auto& impl = castedThis->wrapped();\n");
+ my @arguments;
+ my $implFunctionName;
+ my $implementedBy = $function->extendedAttributes->{ImplementedBy};
+
+ if ($implementedBy) {
+ AddToImplIncludes("${implementedBy}.h", $function->extendedAttributes->{Conditional});
+ unshift(@arguments, "impl") if !$function->isStatic;
+ $implFunctionName = "WebCore::${implementedBy}::${functionImplementationName}";
+ } elsif ($function->isStatic) {
+ $implFunctionName = "${interfaceName}::${functionImplementationName}";
+ } elsif ($svgPropertyOrListPropertyType and !$svgListPropertyType) {
+ $implFunctionName = "podImpl.${functionImplementationName}";
+ } else {
+ $implFunctionName = "impl.${functionImplementationName}";
+ }
+
+ foreach my $argument (@{$function->arguments}) {
+ my $value = "";
+ my $type = $argument->type;
+ my $name = $argument->name;
+ my $encodedName = "encoded" . $codeGenerator->WK_ucfirst($name);
+ my $nativeType = GetNativeType($interface, $argument->type);
+ my $isTearOff = $codeGenerator->IsSVGTypeNeedingTearOff($type) && $interfaceName !~ /List$/;
+ die "TearOff type is not allowed" if $isTearOff;
+ my $shouldPassByReference = ShouldPassWrapperByReference($argument, $interface);
+
+ if (!$shouldPassByReference && ($codeGenerator->IsWrapperType($type) || $codeGenerator->IsTypedArrayType($type))) {
+ $implIncludes{"<runtime/Error.h>"} = 1;
+ my ($nativeValue, $mayThrowException) = UnsafeToNative($interface, $argument, $encodedName, $function->extendedAttributes->{Conditional});
+ push(@implContent, " $nativeType $name = nullptr;\n");
+ push(@implContent, " $name = $nativeValue;\n");
+ push(@implContent, " RETURN_IF_EXCEPTION(throwScope, encodedJSValue());\n") if $mayThrowException;
+ $value = "WTFMove($name)";
+ } else {
+ my ($nativeValue, $mayThrowException) = UnsafeToNative($interface, $argument, $encodedName, $function->extendedAttributes->{Conditional});
+ push(@implContent, " auto $name = ${nativeValue};\n");
+ $value = "WTFMove($name)";
+ push(@implContent, " RETURN_IF_EXCEPTION(throwScope, encodedJSValue());\n") if $mayThrowException;
+ }
+
+ if ($shouldPassByReference) {
+ $value = "*$name";
+ }
+ push(@arguments, $value);
+ }
+ my $functionString = "$implFunctionName(" . join(", ", @arguments) . ")";
+ $functionString = "propagateException(*state, throwScope, $functionString)" if NeedsExplicitPropagateExceptionCall($function);
+ push(@implContent, " JSValue result = " . NativeToJSValueUsingPointers($function, 1, $interface, $functionString, "castedThis") . ";\n");
+ push(@implContent, " return JSValue::encode(result);\n");
+ push(@implContent, "}\n\n");
+ }
+
</ins><span class="cx"> push(@implContent, "#endif\n\n") if $conditional;
</span><span class="cx">
</span><span class="cx"> # Generate a function dispatching call to the rest of the overloads.
</span><span class="lines">@@ -5324,6 +5436,46 @@
</span><span class="cx"> return ("convert<$IDLType>(" . join(", ", @conversionArguments) . ")", 1);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+sub UnsafeToNative
+{
+ my ($interface, $context, $value, $conditional, $statePointer, $stateReference, $thisObjectReference) = @_;
+
+ assert("Invalid context type") if !IsValidContextForJSValueToNative($context);
+
+ my $type = $context->type;
+
+ # FIXME: Remove these 3 variables when all JSValueToNative use references.
+ $statePointer = "state" unless $statePointer;
+ $stateReference = "*state" unless $stateReference;
+ $thisObjectReference = "*castedThis" unless $thisObjectReference;
+
+ AddToImplIncludesForIDLType($type, $conditional);
+
+ # FIXME: Support more types.
+
+ if ($type->name eq "DOMString") {
+ return ("AtomicString($value->toExistingAtomicString($statePointer))", 1) if $context->extendedAttributes->{RequiresExistingAtomicString};
+ return ("$value->toAtomicString($statePointer)", 1) if $context->extendedAttributes->{AtomicString};
+ }
+
+ AddToImplIncludes("DOMJITIDLConvert.h");
+
+ my $IDLType = GetIDLType($interface, $type);
+
+ my @conversionArguments = ();
+ push(@conversionArguments, "$stateReference");
+ push(@conversionArguments, "$value");
+
+ my @conversionStaticArguments = ();
+ push(@conversionStaticArguments, GetIntegerConversionConfiguration($context)) if $codeGenerator->IsIntegerType($type);
+ push(@conversionStaticArguments, GetStringConversionConfiguration($context)) if $codeGenerator->IsStringType($type);
+
+ if (scalar(@conversionStaticArguments) > 0) {
+ return ("DOMJIT::DirectConverter<$IDLType>::directConvert<" . join(", ", @conversionStaticArguments) . ">(" . join(", ", @conversionArguments) . ")", 1);
+ }
+ return ("DOMJIT::DirectConverter<$IDLType>::directConvert(" . join(", ", @conversionArguments) . ")", 1);
+}
+
</ins><span class="cx"> sub NativeToJSValueDOMConvertNeedsState
</span><span class="cx"> {
</span><span class="cx"> my ($type) = @_;
</span><span class="lines">@@ -5508,8 +5660,11 @@
</span><span class="cx"> push(@implContent, "#if ${conditionalString}\n");
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if ("@$specials[$i]" =~ m/Function/) {
</del><ins>+ if ("@$specials[$i]" =~ m/DOMJITFunction/) {
</ins><span class="cx"> $firstTargetType = "static_cast<NativeFunction>";
</span><ins>+ $secondTargetType = "static_cast<const JSC::DOMJIT::Signature*>";
+ } elsif ("@$specials[$i]" =~ m/Function/) {
+ $firstTargetType = "static_cast<NativeFunction>";
</ins><span class="cx"> } elsif ("@$specials[$i]" =~ m/Builtin/) {
</span><span class="cx"> $firstTargetType = "static_cast<BuiltinGenerator>";
</span><span class="cx"> } elsif ("@$specials[$i]" =~ m/ConstantInteger/) {
</span><span class="lines">@@ -6106,6 +6261,9 @@
</span><span class="cx"> else {
</span><span class="cx"> push(@specials, "JSC::Function");
</span><span class="cx"> }
</span><ins>+ if ($function->extendedAttributes->{"DOMJIT"}) {
+ push(@specials, "DOMJITFunction") if $function->extendedAttributes->{DOMJIT};
+ }
</ins><span class="cx"> return (@specials > 0) ? join(" | ", @specials) : "0";
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsscriptsIDLAttributestxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -52,7 +52,7 @@
</span><span class="cx"> CustomSetPrototype
</span><span class="cx"> CustomSetter
</span><span class="cx"> CustomToJSObject
</span><del>-DOMJIT
</del><ins>+DOMJIT=|ReadDOM
</ins><span class="cx"> DoNotCheckConstants
</span><span class="cx"> DoNotCheckSecurity
</span><span class="cx"> DoNotCheckSecurityOnGetter
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsscriptstestJSJSTestDOMJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -21,10 +21,20 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSTestDOMJIT.h"
</span><span class="cx">
</span><ins>+#include "DOMJITAbstractHeapRepository.h"
+#include "DOMJITCheckDOM.h"
+#include "DOMJITIDLConvert.h"
+#include "DOMJITIDLType.h"
+#include "DOMJITIDLTypeFilter.h"
+#include "ExceptionCode.h"
</ins><span class="cx"> #include "JSByteString.h"
</span><span class="cx"> #include "JSDOMBinding.h"
</span><span class="cx"> #include "JSDOMConstructor.h"
</span><span class="cx"> #include "JSDOMConvert.h"
</span><ins>+#include "JSElement.h"
+#include "JSNodeList.h"
+#include <interpreter/FrameTracers.h>
+#include <runtime/Error.h>
</ins><span class="cx"> #include <wtf/GetPtr.h>
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span><span class="cx">
</span><span class="lines">@@ -32,6 +42,19 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><ins>+// Functions
+
+JSC::EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionGetAttribute(JSC::ExecState*);
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionGetAttribute(JSC::ExecState*, JSTestDOMJIT*, DOMJIT::IDLJSArgumentType<IDLDOMString>);
+JSC::EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionItem(JSC::ExecState*);
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionItem(JSC::ExecState*, JSTestDOMJIT*, DOMJIT::IDLJSArgumentType<IDLUnsignedShort>, DOMJIT::IDLJSArgumentType<IDLUnsignedShort>);
+JSC::EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionHasAttribute(JSC::ExecState*);
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionHasAttribute(JSC::ExecState*, JSTestDOMJIT*);
+JSC::EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionGetElementById(JSC::ExecState*);
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionGetElementById(JSC::ExecState*, JSTestDOMJIT*, DOMJIT::IDLJSArgumentType<IDLDOMString>);
+JSC::EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionGetElementsByName(JSC::ExecState*);
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionGetElementsByName(JSC::ExecState*, JSTestDOMJIT*, DOMJIT::IDLJSArgumentType<IDLDOMString>);
+
</ins><span class="cx"> // Attributes
</span><span class="cx">
</span><span class="cx"> JSC::EncodedJSValue jsTestDOMJITAnyAttr(JSC::ExecState*, JSC::EncodedJSValue, JSC::PropertyName);
</span><span class="lines">@@ -72,6 +95,16 @@
</span><span class="cx"> JSC::EncodedJSValue jsTestDOMJITConstructor(JSC::ExecState*, JSC::EncodedJSValue, JSC::PropertyName);
</span><span class="cx"> bool setJSTestDOMJITConstructor(JSC::ExecState*, JSC::EncodedJSValue, JSC::EncodedJSValue);
</span><span class="cx">
</span><ins>+static const JSC::DOMJIT::Signature DOMJITSignatureForTestDOMJITGetAttribute((uintptr_t)unsafeJsTestDOMJITPrototypeFunctionGetAttribute, DOMJIT::checkDOM<TestDOMJIT>, JSTestDOMJIT::info(), JSC::DOMJIT::Effect::forRead(DOMJIT::AbstractHeapRepository::DOM), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLDOMString>>::value, DOMJIT::IDLArgumentTypeFilter<IDLDOMString>::value);
+
+static const JSC::DOMJIT::Signature DOMJITSignatureForTestDOMJITItem((uintptr_t)unsafeJsTestDOMJITPrototypeFunctionItem, DOMJIT::checkDOM<TestDOMJIT>, JSTestDOMJIT::info(), JSC::DOMJIT::Effect::forRead(DOMJIT::AbstractHeapRepository::DOM), DOMJIT::IDLResultTypeFilter<IDLDOMString>::value, DOMJIT::IDLArgumentTypeFilter<IDLUnsignedShort>::value, DOMJIT::IDLArgumentTypeFilter<IDLUnsignedShort>::value);
+
+static const JSC::DOMJIT::Signature DOMJITSignatureForTestDOMJITHasAttribute((uintptr_t)unsafeJsTestDOMJITPrototypeFunctionHasAttribute, DOMJIT::checkDOM<TestDOMJIT>, JSTestDOMJIT::info(), JSC::DOMJIT::Effect::forRead(DOMJIT::AbstractHeapRepository::DOM), DOMJIT::IDLResultTypeFilter<IDLBoolean>::value);
+
+static const JSC::DOMJIT::Signature DOMJITSignatureForTestDOMJITGetElementById((uintptr_t)unsafeJsTestDOMJITPrototypeFunctionGetElementById, DOMJIT::checkDOM<TestDOMJIT>, JSTestDOMJIT::info(), JSC::DOMJIT::Effect::forRead(DOMJIT::AbstractHeapRepository::DOM), DOMJIT::IDLResultTypeFilter<IDLInterface<Element>>::value, DOMJIT::IDLArgumentTypeFilter<IDLDOMString>::value);
+
+static const JSC::DOMJIT::Signature DOMJITSignatureForTestDOMJITGetElementsByName((uintptr_t)unsafeJsTestDOMJITPrototypeFunctionGetElementsByName, DOMJIT::checkDOM<TestDOMJIT>, JSTestDOMJIT::info(), JSC::DOMJIT::Effect::forRead(DOMJIT::AbstractHeapRepository::DOM), DOMJIT::IDLResultTypeFilter<IDLInterface<NodeList>>::value, DOMJIT::IDLArgumentTypeFilter<IDLDOMString>::value);
+
</ins><span class="cx"> class JSTestDOMJITPrototype : public JSC::JSNonFinalObject {
</span><span class="cx"> public:
</span><span class="cx"> using Base = JSC::JSNonFinalObject;
</span><span class="lines">@@ -153,6 +186,11 @@
</span><span class="cx"> { "byteStringNullableAttr", ReadOnly | CustomAccessor | DOMJITAttribute, NoIntrinsic, { (intptr_t)static_cast<DOMJITGetterSetterGenerator>(domJITGetterSetterForTestDOMJITByteStringNullableAttr), (intptr_t) (0) } },
</span><span class="cx"> { "usvStringNullableAttr", ReadOnly | CustomAccessor | DOMJITAttribute, NoIntrinsic, { (intptr_t)static_cast<DOMJITGetterSetterGenerator>(domJITGetterSetterForTestDOMJITUsvStringNullableAttr), (intptr_t) (0) } },
</span><span class="cx"> { "nodeNullableAttr", ReadOnly | CustomAccessor | DOMJITAttribute, NoIntrinsic, { (intptr_t)static_cast<DOMJITGetterSetterGenerator>(domJITGetterSetterForTestDOMJITNodeNullableAttr), (intptr_t) (0) } },
</span><ins>+ { "getAttribute", JSC::Function | DOMJITFunction, NoIntrinsic, { (intptr_t)static_cast<NativeFunction>(jsTestDOMJITPrototypeFunctionGetAttribute), (intptr_t) static_cast<const JSC::DOMJIT::Signature*>(&DOMJITSignatureForTestDOMJITGetAttribute) } },
+ { "item", JSC::Function | DOMJITFunction, NoIntrinsic, { (intptr_t)static_cast<NativeFunction>(jsTestDOMJITPrototypeFunctionItem), (intptr_t) static_cast<const JSC::DOMJIT::Signature*>(&DOMJITSignatureForTestDOMJITItem) } },
+ { "hasAttribute", JSC::Function | DOMJITFunction, NoIntrinsic, { (intptr_t)static_cast<NativeFunction>(jsTestDOMJITPrototypeFunctionHasAttribute), (intptr_t) static_cast<const JSC::DOMJIT::Signature*>(&DOMJITSignatureForTestDOMJITHasAttribute) } },
+ { "getElementById", JSC::Function | DOMJITFunction, NoIntrinsic, { (intptr_t)static_cast<NativeFunction>(jsTestDOMJITPrototypeFunctionGetElementById), (intptr_t) static_cast<const JSC::DOMJIT::Signature*>(&DOMJITSignatureForTestDOMJITGetElementById) } },
+ { "getElementsByName", JSC::Function | DOMJITFunction, NoIntrinsic, { (intptr_t)static_cast<NativeFunction>(jsTestDOMJITPrototypeFunctionGetElementsByName), (intptr_t) static_cast<const JSC::DOMJIT::Signature*>(&DOMJITSignatureForTestDOMJITGetElementsByName) } },
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> const ClassInfo JSTestDOMJITPrototype::s_info = { "TestDOMJITPrototype", &Base::s_info, 0, CREATE_METHOD_TABLE(JSTestDOMJITPrototype) };
</span><span class="lines">@@ -185,6 +223,11 @@
</span><span class="cx"> return jsDynamicDowncast<JSTestDOMJIT*>(JSValue::decode(thisValue));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+template<> inline JSTestDOMJIT* BindingCaller<JSTestDOMJIT>::castForOperation(ExecState& state)
+{
+ return jsDynamicDowncast<JSTestDOMJIT*>(state.thisValue());
+}
+
</ins><span class="cx"> static inline JSValue jsTestDOMJITAnyAttrGetter(ExecState&, JSTestDOMJIT&, ThrowScope& throwScope);
</span><span class="cx">
</span><span class="cx"> EncodedJSValue jsTestDOMJITAnyAttr(ExecState* state, EncodedJSValue thisValue, PropertyName)
</span><span class="lines">@@ -202,7 +245,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITAnyAttrDOMJIT::TestDOMJITAnyAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITAnyAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecHeapTop)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITAnyAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLAny>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -229,7 +272,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITBooleanAttrDOMJIT::TestDOMJITBooleanAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITBooleanAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBoolean)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITBooleanAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLBoolean>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -256,7 +299,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITByteAttrDOMJIT::TestDOMJITByteAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecInt32Only)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLByte>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -283,7 +326,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITOctetAttrDOMJIT::TestDOMJITOctetAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITOctetAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecInt32Only)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITOctetAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLOctet>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -310,7 +353,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITShortAttrDOMJIT::TestDOMJITShortAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITShortAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecInt32Only)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITShortAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLShort>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -337,7 +380,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnsignedShortAttrDOMJIT::TestDOMJITUnsignedShortAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedShortAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecInt32Only)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedShortAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLUnsignedShort>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -364,7 +407,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITLongAttrDOMJIT::TestDOMJITLongAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecInt32Only)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLLong>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -391,7 +434,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnsignedLongAttrDOMJIT::TestDOMJITUnsignedLongAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBytecodeNumber)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLUnsignedLong>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -418,7 +461,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITLongLongAttrDOMJIT::TestDOMJITLongLongAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongLongAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBytecodeNumber)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongLongAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLLongLong>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -445,7 +488,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnsignedLongLongAttrDOMJIT::TestDOMJITUnsignedLongLongAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongLongAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBytecodeNumber)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongLongAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLUnsignedLongLong>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -472,7 +515,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITFloatAttrDOMJIT::TestDOMJITFloatAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITFloatAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBytecodeNumber)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITFloatAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLFloat>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -499,7 +542,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnrestrictedFloatAttrDOMJIT::TestDOMJITUnrestrictedFloatAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedFloatAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBytecodeNumber)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedFloatAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLUnrestrictedFloat>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -526,7 +569,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITDoubleAttrDOMJIT::TestDOMJITDoubleAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITDoubleAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBytecodeNumber)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITDoubleAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLDouble>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -553,7 +596,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnrestrictedDoubleAttrDOMJIT::TestDOMJITUnrestrictedDoubleAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedDoubleAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecBytecodeNumber)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedDoubleAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLUnrestrictedDouble>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -580,7 +623,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITDomStringAttrDOMJIT::TestDOMJITDomStringAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITDomStringAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecString)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITDomStringAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLDOMString>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -607,7 +650,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITByteStringAttrDOMJIT::TestDOMJITByteStringAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteStringAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecString)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteStringAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLByteString>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -634,7 +677,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUsvStringAttrDOMJIT::TestDOMJITUsvStringAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUsvStringAttr, nullptr, JSTestDOMJIT::info(), JSC::SpecString)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUsvStringAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLUSVString>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -661,7 +704,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITNodeAttrDOMJIT::TestDOMJITNodeAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITNodeAttr, nullptr, JSTestDOMJIT::info(), SpecHeapTop)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITNodeAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLInterface<Node>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -688,7 +731,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITBooleanNullableAttrDOMJIT::TestDOMJITBooleanNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITBooleanNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBoolean | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITBooleanNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLBoolean>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -715,7 +758,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITByteNullableAttrDOMJIT::TestDOMJITByteNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecInt32Only | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLByte>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -742,7 +785,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITOctetNullableAttrDOMJIT::TestDOMJITOctetNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITOctetNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecInt32Only | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITOctetNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLOctet>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -769,7 +812,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITShortNullableAttrDOMJIT::TestDOMJITShortNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITShortNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecInt32Only | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITShortNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLShort>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -796,7 +839,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnsignedShortNullableAttrDOMJIT::TestDOMJITUnsignedShortNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedShortNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecInt32Only | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedShortNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLUnsignedShort>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -823,7 +866,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITLongNullableAttrDOMJIT::TestDOMJITLongNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecInt32Only | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLLong>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -850,7 +893,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnsignedLongNullableAttrDOMJIT::TestDOMJITUnsignedLongNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBytecodeNumber | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLUnsignedLong>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -877,7 +920,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITLongLongNullableAttrDOMJIT::TestDOMJITLongLongNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongLongNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBytecodeNumber | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITLongLongNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLLongLong>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -904,7 +947,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnsignedLongLongNullableAttrDOMJIT::TestDOMJITUnsignedLongLongNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongLongNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBytecodeNumber | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnsignedLongLongNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLUnsignedLongLong>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -931,7 +974,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITFloatNullableAttrDOMJIT::TestDOMJITFloatNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITFloatNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBytecodeNumber | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITFloatNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLFloat>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -958,7 +1001,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnrestrictedFloatNullableAttrDOMJIT::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedFloatNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBytecodeNumber | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedFloatNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLUnrestrictedFloat>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -985,7 +1028,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITDoubleNullableAttrDOMJIT::TestDOMJITDoubleNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITDoubleNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBytecodeNumber | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITDoubleNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLDouble>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1012,7 +1055,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedDoubleNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecBytecodeNumber | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUnrestrictedDoubleNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLUnrestrictedDouble>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1039,7 +1082,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITDomStringNullableAttrDOMJIT::TestDOMJITDomStringNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITDomStringNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecString | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITDomStringNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLDOMString>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1066,7 +1109,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITByteStringNullableAttrDOMJIT::TestDOMJITByteStringNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteStringNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecString | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITByteStringNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLByteString>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1093,7 +1136,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITUsvStringNullableAttrDOMJIT::TestDOMJITUsvStringNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITUsvStringNullableAttr, nullptr, JSTestDOMJIT::info(), (JSC::SpecString | JSC::SpecOther))
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITUsvStringNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLUSVString>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1120,7 +1163,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TestDOMJITNodeNullableAttrDOMJIT::TestDOMJITNodeNullableAttrDOMJIT()
</span><del>- : JSC::DOMJIT::GetterSetter(jsTestDOMJITNodeNullableAttr, nullptr, JSTestDOMJIT::info(), SpecHeapTop)
</del><ins>+ : JSC::DOMJIT::GetterSetter(jsTestDOMJITNodeNullableAttr, nullptr, JSTestDOMJIT::info(), DOMJIT::IDLResultTypeFilter<IDLNullable<IDLInterface<Node>>>::value)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1159,6 +1202,174 @@
</span><span class="cx"> return getDOMConstructor<JSTestDOMJITConstructor>(vm, *jsCast<const JSDOMGlobalObject*>(globalObject));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionGetAttributeCaller(JSC::ExecState*, JSTestDOMJIT*, JSC::ThrowScope&);
+
+EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionGetAttribute(ExecState* state)
+{
+ return BindingCaller<JSTestDOMJIT>::callOperation<jsTestDOMJITPrototypeFunctionGetAttributeCaller>(state, "getAttribute");
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionGetAttributeCaller(JSC::ExecState* state, JSTestDOMJIT* castedThis, JSC::ThrowScope& throwScope)
+{
+ UNUSED_PARAM(state);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ if (UNLIKELY(state->argumentCount() < 1))
+ return throwVMError(state, throwScope, createNotEnoughArgumentsError(state));
+ auto name = convert<IDLDOMString>(*state, state->uncheckedArgument(0), StringConversionConfiguration::Normal);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLNullable<IDLDOMString>>(*state, impl.getAttribute(WTFMove(name)));
+ return JSValue::encode(result);
+}
+
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionGetAttribute(JSC::ExecState* state, JSTestDOMJIT* castedThis, DOMJIT::IDLJSArgumentType<IDLDOMString> encodedName)
+{
+ UNUSED_PARAM(state);
+ VM& vm = state->vm();
+ JSC::NativeCallFrameTracer tracer(&vm, state);
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ auto name = DOMJIT::DirectConverter<IDLDOMString>::directConvert<StringConversionConfiguration::Normal>(*state, encodedName);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLNullable<IDLDOMString>>(*state, impl.getAttribute(WTFMove(name)));
+ return JSValue::encode(result);
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionItemCaller(JSC::ExecState*, JSTestDOMJIT*, JSC::ThrowScope&);
+
+EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionItem(ExecState* state)
+{
+ return BindingCaller<JSTestDOMJIT>::callOperation<jsTestDOMJITPrototypeFunctionItemCaller>(state, "item");
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionItemCaller(JSC::ExecState* state, JSTestDOMJIT* castedThis, JSC::ThrowScope& throwScope)
+{
+ UNUSED_PARAM(state);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ if (UNLIKELY(state->argumentCount() < 2))
+ return throwVMError(state, throwScope, createNotEnoughArgumentsError(state));
+ auto x = convert<IDLUnsignedShort>(*state, state->uncheckedArgument(0), IntegerConversionConfiguration::Normal);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ auto y = convert<IDLUnsignedShort>(*state, state->uncheckedArgument(1), IntegerConversionConfiguration::Normal);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLDOMString>(*state, impl.item(WTFMove(x), WTFMove(y)));
+ return JSValue::encode(result);
+}
+
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionItem(JSC::ExecState* state, JSTestDOMJIT* castedThis, DOMJIT::IDLJSArgumentType<IDLUnsignedShort> encodedX, DOMJIT::IDLJSArgumentType<IDLUnsignedShort> encodedY)
+{
+ UNUSED_PARAM(state);
+ VM& vm = state->vm();
+ JSC::NativeCallFrameTracer tracer(&vm, state);
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ auto x = DOMJIT::DirectConverter<IDLUnsignedShort>::directConvert<IntegerConversionConfiguration::Normal>(*state, encodedX);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ auto y = DOMJIT::DirectConverter<IDLUnsignedShort>::directConvert<IntegerConversionConfiguration::Normal>(*state, encodedY);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLDOMString>(*state, impl.item(WTFMove(x), WTFMove(y)));
+ return JSValue::encode(result);
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionHasAttributeCaller(JSC::ExecState*, JSTestDOMJIT*, JSC::ThrowScope&);
+
+EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionHasAttribute(ExecState* state)
+{
+ return BindingCaller<JSTestDOMJIT>::callOperation<jsTestDOMJITPrototypeFunctionHasAttributeCaller>(state, "hasAttribute");
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionHasAttributeCaller(JSC::ExecState* state, JSTestDOMJIT* castedThis, JSC::ThrowScope& throwScope)
+{
+ UNUSED_PARAM(state);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ JSValue result = toJS<IDLBoolean>(impl.hasAttribute());
+ return JSValue::encode(result);
+}
+
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionHasAttribute(JSC::ExecState* state, JSTestDOMJIT* castedThis)
+{
+ UNUSED_PARAM(state);
+ VM& vm = state->vm();
+ JSC::NativeCallFrameTracer tracer(&vm, state);
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ JSValue result = toJS<IDLBoolean>(impl.hasAttribute());
+ return JSValue::encode(result);
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionGetElementByIdCaller(JSC::ExecState*, JSTestDOMJIT*, JSC::ThrowScope&);
+
+EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionGetElementById(ExecState* state)
+{
+ return BindingCaller<JSTestDOMJIT>::callOperation<jsTestDOMJITPrototypeFunctionGetElementByIdCaller>(state, "getElementById");
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionGetElementByIdCaller(JSC::ExecState* state, JSTestDOMJIT* castedThis, JSC::ThrowScope& throwScope)
+{
+ UNUSED_PARAM(state);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ if (UNLIKELY(state->argumentCount() < 1))
+ return throwVMError(state, throwScope, createNotEnoughArgumentsError(state));
+ auto elementId = AtomicString(state->uncheckedArgument(0).toString(state)->toExistingAtomicString(state));
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLInterface<Element>>(*state, *castedThis->globalObject(), impl.getElementById(WTFMove(elementId)));
+ return JSValue::encode(result);
+}
+
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionGetElementById(JSC::ExecState* state, JSTestDOMJIT* castedThis, DOMJIT::IDLJSArgumentType<IDLDOMString> encodedElementId)
+{
+ UNUSED_PARAM(state);
+ VM& vm = state->vm();
+ JSC::NativeCallFrameTracer tracer(&vm, state);
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ auto elementId = AtomicString(encodedElementId->toExistingAtomicString(state));
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLInterface<Element>>(*state, *castedThis->globalObject(), impl.getElementById(WTFMove(elementId)));
+ return JSValue::encode(result);
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionGetElementsByNameCaller(JSC::ExecState*, JSTestDOMJIT*, JSC::ThrowScope&);
+
+EncodedJSValue JSC_HOST_CALL jsTestDOMJITPrototypeFunctionGetElementsByName(ExecState* state)
+{
+ return BindingCaller<JSTestDOMJIT>::callOperation<jsTestDOMJITPrototypeFunctionGetElementsByNameCaller>(state, "getElementsByName");
+}
+
+static inline JSC::EncodedJSValue jsTestDOMJITPrototypeFunctionGetElementsByNameCaller(JSC::ExecState* state, JSTestDOMJIT* castedThis, JSC::ThrowScope& throwScope)
+{
+ UNUSED_PARAM(state);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ if (UNLIKELY(state->argumentCount() < 1))
+ return throwVMError(state, throwScope, createNotEnoughArgumentsError(state));
+ auto elementName = state->uncheckedArgument(0).toString(state)->toAtomicString(state);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLInterface<NodeList>>(*state, *castedThis->globalObject(), impl.getElementsByName(WTFMove(elementName)));
+ return JSValue::encode(result);
+}
+
+JSC::EncodedJSValue JSC_HOST_CALL unsafeJsTestDOMJITPrototypeFunctionGetElementsByName(JSC::ExecState* state, JSTestDOMJIT* castedThis, DOMJIT::IDLJSArgumentType<IDLDOMString> encodedElementName)
+{
+ UNUSED_PARAM(state);
+ VM& vm = state->vm();
+ JSC::NativeCallFrameTracer tracer(&vm, state);
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+ UNUSED_PARAM(throwScope);
+ auto& impl = castedThis->wrapped();
+ auto elementName = encodedElementName->toAtomicString(state);
+ RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+ JSValue result = toJS<IDLInterface<NodeList>>(*state, *castedThis->globalObject(), impl.getElementsByName(WTFMove(elementName)));
+ return JSValue::encode(result);
+}
+
</ins><span class="cx"> void JSTestDOMJIT::visitChildren(JSCell* cell, SlotVisitor& visitor)
</span><span class="cx"> {
</span><span class="cx"> auto* thisObject = jsCast<JSTestDOMJIT*>(cell);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsscriptstestTestDOMJITidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/scripts/test/TestDOMJIT.idl (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/scripts/test/TestDOMJIT.idl 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/bindings/scripts/test/TestDOMJIT.idl 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -63,4 +63,10 @@
</span><span class="cx"> [DOMJIT] readonly attribute ByteString? byteStringNullableAttr;
</span><span class="cx"> [DOMJIT] readonly attribute USVString? usvStringNullableAttr;
</span><span class="cx"> [DOMJIT] readonly attribute Node? nodeNullableAttr;
</span><ins>+
+ [DOMJIT=ReadDOM] DOMString? getAttribute(DOMString name);
+ [DOMJIT=ReadDOM] DOMString item(unsigned short x, unsigned short y);
+ [DOMJIT=ReadDOM] boolean hasAttribute();
+ [DOMJIT=ReadDOM] Element getElementById([RequiresExistingAtomicString] DOMString elementId);
+ [DOMJIT=ReadDOM] NodeList getElementsByName([AtomicString] DOMString elementName);
</ins><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebCoredomElementidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Element.idl (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Element.idl 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/dom/Element.idl 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -26,20 +26,20 @@
</span><span class="cx"> ] interface Element : Node {
</span><span class="cx"> readonly attribute DOMString? tagName;
</span><span class="cx">
</span><del>- DOMString? getAttribute(DOMString name);
</del><ins>+ [DOMJIT=ReadDOM] DOMString? getAttribute(DOMString name);
</ins><span class="cx">
</span><span class="cx"> [CEReactions, MayThrowException] void setAttribute(DOMString name, DOMString value);
</span><span class="cx">
</span><span class="cx"> [CEReactions] void removeAttribute(DOMString name);
</span><del>- Attr? getAttributeNode(DOMString name);
</del><ins>+ [DOMJIT=ReadDOM] Attr? getAttributeNode(DOMString name);
</ins><span class="cx">
</span><span class="cx"> [CEReactions, MayThrowException] Attr? setAttributeNode(Attr newAttr);
</span><span class="cx"> [CEReactions, MayThrowException] Attr removeAttributeNode(Attr oldAttr);
</span><span class="cx">
</span><del>- HTMLCollection getElementsByTagName(DOMString name);
</del><ins>+ [DOMJIT=ReadDOM] HTMLCollection getElementsByTagName(DOMString name);
</ins><span class="cx">
</span><span class="cx"> readonly attribute NamedNodeMap attributes;
</span><del>- boolean hasAttributes();
</del><ins>+ [DOMJIT=ReadDOM] boolean hasAttributes();
</ins><span class="cx">
</span><span class="cx"> DOMString? getAttributeNS(DOMString? namespaceURI, DOMString localName);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoredomjitDOMJITAbstractHeapRepositorycpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1,70 +0,0 @@
</span><del>-/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "DOMJITAbstractHeapRepository.h"
-
-#include <domjit/DOMJITAbstractHeap.h>
-#include <wtf/DataLog.h>
-#include <wtf/NeverDestroyed.h>
-
-#if ENABLE(JIT)
-
-namespace WebCore { namespace DOMJIT {
-
-static const bool verbose = false;
-
-AbstractHeapRepository::AbstractHeapRepository()
-{
- JSC::DOMJIT::AbstractHeap DOMHeap("DOM");
-#define DOMJIT_DEFINE_HEAP(name, parent) JSC::DOMJIT::AbstractHeap name##Heap(#name);
- DOMJIT_ABSTRACT_HEAP_LIST(DOMJIT_DEFINE_HEAP)
-#undef DOMJIT_DEFINE_HEAP
-
-#define DOMJIT_INITIALIZE_HEAP(name, parent) name##Heap.setParent(&parent##Heap);
- DOMJIT_ABSTRACT_HEAP_LIST(DOMJIT_INITIALIZE_HEAP)
-#undef DOMJIT_INITIALIZE_HEAP
-
- DOMHeap.compute(0);
-
-#define DOMJIT_INITIALIZE_MEMBER(name, parent) name = name##Heap.range();
- DOMJIT_ABSTRACT_HEAP_LIST(DOMJIT_INITIALIZE_MEMBER)
-#undef DOMJIT_INITIALIZE_MEMBER
-
- if (verbose) {
- dataLog("DOMJIT Heap Repository:\n");
- DOMHeap.deepDump(WTF::dataFile());
- }
-}
-
-const AbstractHeapRepository& AbstractHeapRepository::shared()
-{
- static NeverDestroyed<AbstractHeapRepository> repository;
- return repository.get();
-}
-
-} }
-
-#endif
</del></span></pre></div>
<a id="trunkSourceWebCoredomjitDOMJITAbstractHeapRepositoryh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.h (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.h 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -1,66 +0,0 @@
</span><del>-/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include <domjit/DOMJITHeapRange.h>
-#include <wtf/NeverDestroyed.h>
-#include <wtf/Noncopyable.h>
-
-#if ENABLE(JIT)
-
-namespace WebCore { namespace DOMJIT {
-
-// Describe your abstract heap hierarchy here.
-// V(AbstractHeapName, Parent)
-#define DOMJIT_ABSTRACT_HEAP_LIST(V) \
- V(Node, DOM) \
- V(Node_firstChild, Node) \
- V(Node_lastChild, Node) \
- V(Node_parentNode, Node) \
- V(Node_nextSibling, Node) \
- V(Node_previousSibling, Node) \
- V(Node_ownerDocument, Node) \
- V(Document, DOM) \
- V(Document_documentElement, Document) \
-
-
-class AbstractHeapRepository {
- WTF_MAKE_NONCOPYABLE(AbstractHeapRepository);
-public:
- static const AbstractHeapRepository& shared();
-
- JSC::DOMJIT::HeapRange DOM;
-
-#define DOMJIT_DEFINE_MEMBER(name, parent) JSC::DOMJIT::HeapRange name;
- DOMJIT_ABSTRACT_HEAP_LIST(DOMJIT_DEFINE_MEMBER)
-#undef DOMJIT_DEFINE_MEMBER
-
- AbstractHeapRepository();
-};
-
-} }
-
-#endif
</del></span></pre></div>
<a id="trunkSourceWebCoredomjitDOMJITAbstractHeapRepositoryyaml"></a>
<div class="addfile"><h4>Added: trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.yaml (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.yaml (rev 0)
+++ trunk/Source/WebCore/domjit/DOMJITAbstractHeapRepository.yaml 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+DOM:
+ Tree:
+ Node:
+ - Node_firstChild
+ - Node_lastChild
+ - Node_parentNode
+ - Node_nextSibling
+ - Node_previousSibling
+ - Node_ownerDocument
+ Document:
+ - Document_documentElement
</ins></span></pre></div>
<a id="trunkSourceWebCoredomjitDOMJITIDLConverth"></a>
<div class="addfile"><h4>Added: trunk/Source/WebCore/domjit/DOMJITIDLConvert.h (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/DOMJITIDLConvert.h (rev 0)
+++ trunk/Source/WebCore/domjit/DOMJITIDLConvert.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,49 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "IDLTypes.h"
+#include <bytecode/SpeculatedType.h>
+#include <domjit/DOMJITSignature.h>
+
+namespace WebCore { namespace DOMJIT {
+
+template<typename IDLType>
+struct DirectConverter;
+
+template<>
+struct DirectConverter<IDLDOMString> {
+ template<StringConversionConfiguration>
+ static String directConvert(JSC::ExecState&, JSC::JSString*);
+};
+
+template<>
+inline String DirectConverter<IDLDOMString>::directConvert<StringConversionConfiguration::Normal>(JSC::ExecState& state, JSC::JSString* string)
+{
+ return string->value(&state);
+}
+
+} }
</ins></span></pre></div>
<a id="trunkSourceWebCoredomjitDOMJITIDLTypeh"></a>
<div class="addfile"><h4>Added: trunk/Source/WebCore/domjit/DOMJITIDLType.h (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/DOMJITIDLType.h (rev 0)
+++ trunk/Source/WebCore/domjit/DOMJITIDLType.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,47 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "IDLTypes.h"
+#include <bytecode/SpeculatedType.h>
+
+namespace WebCore { namespace DOMJIT {
+
+template<typename IDLType>
+struct IDLJSArgumentTypeSelect;
+
+template<> struct IDLJSArgumentTypeSelect<IDLBoolean> { typedef bool type; };
+template<> struct IDLJSArgumentTypeSelect<IDLByte> { typedef int32_t type; };
+template<> struct IDLJSArgumentTypeSelect<IDLOctet> { typedef int32_t type; };
+template<> struct IDLJSArgumentTypeSelect<IDLShort> { typedef int32_t type; };
+template<> struct IDLJSArgumentTypeSelect<IDLUnsignedShort> { typedef int32_t type; };
+template<> struct IDLJSArgumentTypeSelect<IDLLong> { typedef int32_t type; };
+template<> struct IDLJSArgumentTypeSelect<IDLDOMString> { typedef JSC::JSString* type; };
+
+template<typename IDLType>
+using IDLJSArgumentType = typename IDLJSArgumentTypeSelect<IDLType>::type;
+
+} }
</ins></span></pre></div>
<a id="trunkSourceWebCoredomjitDOMJITIDLTypeFilterh"></a>
<div class="addfile"><h4>Added: trunk/Source/WebCore/domjit/DOMJITIDLTypeFilter.h (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/DOMJITIDLTypeFilter.h (rev 0)
+++ trunk/Source/WebCore/domjit/DOMJITIDLTypeFilter.h 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,71 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <bytecode/SpeculatedType.h>
+
+namespace WebCore { namespace DOMJIT {
+
+template<typename IDLType>
+struct IDLArgumentTypeFilter;
+
+template<> struct IDLArgumentTypeFilter<IDLBoolean> { static const constexpr JSC::SpeculatedType value = JSC::SpecBoolean; };
+template<> struct IDLArgumentTypeFilter<IDLByte> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLArgumentTypeFilter<IDLOctet> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLArgumentTypeFilter<IDLShort> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLArgumentTypeFilter<IDLUnsignedShort> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLArgumentTypeFilter<IDLLong> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLArgumentTypeFilter<IDLDOMString> { static const constexpr JSC::SpeculatedType value = JSC::SpecString; };
+
+template<typename IDLType>
+struct IDLResultTypeFilter {
+ static const constexpr JSC::SpeculatedType value = JSC::SpecHeapTop;
+};
+
+template<> struct IDLResultTypeFilter<IDLAny> { static const constexpr JSC::SpeculatedType value = JSC::SpecHeapTop; };
+template<> struct IDLResultTypeFilter<IDLBoolean> { static const constexpr JSC::SpeculatedType value = JSC::SpecBoolean; };
+template<> struct IDLResultTypeFilter<IDLByte> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLResultTypeFilter<IDLOctet> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLResultTypeFilter<IDLShort> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLResultTypeFilter<IDLUnsignedShort> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLResultTypeFilter<IDLLong> { static const constexpr JSC::SpeculatedType value = JSC::SpecInt32Only; };
+template<> struct IDLResultTypeFilter<IDLUnsignedLong> { static const constexpr JSC::SpeculatedType value = JSC::SpecBytecodeNumber; };
+template<> struct IDLResultTypeFilter<IDLLongLong> { static const constexpr JSC::SpeculatedType value = JSC::SpecBytecodeNumber; };
+template<> struct IDLResultTypeFilter<IDLUnsignedLongLong> { static const constexpr JSC::SpeculatedType value = JSC::SpecBytecodeNumber; };
+template<> struct IDLResultTypeFilter<IDLFloat> { static const constexpr JSC::SpeculatedType value = JSC::SpecBytecodeNumber; };
+template<> struct IDLResultTypeFilter<IDLUnrestrictedFloat> { static const constexpr JSC::SpeculatedType value = JSC::SpecBytecodeNumber; };
+template<> struct IDLResultTypeFilter<IDLDouble> { static const constexpr JSC::SpeculatedType value = JSC::SpecBytecodeNumber; };
+template<> struct IDLResultTypeFilter<IDLUnrestrictedDouble> { static const constexpr JSC::SpeculatedType value = JSC::SpecBytecodeNumber; };
+template<> struct IDLResultTypeFilter<IDLDOMString> { static const constexpr JSC::SpeculatedType value = JSC::SpecString; };
+template<> struct IDLResultTypeFilter<IDLByteString> { static const constexpr JSC::SpeculatedType value = JSC::SpecString; };
+template<> struct IDLResultTypeFilter<IDLUSVString> { static const constexpr JSC::SpeculatedType value = JSC::SpecString; };
+
+template<typename T>
+struct IDLResultTypeFilter<IDLNullable<T>> {
+ static const constexpr JSC::SpeculatedType value = JSC::SpecOther | IDLResultTypeFilter<T>::value;
+};
+
+} }
</ins></span></pre></div>
<a id="trunkSourceWebCoredomjitJSDocumentDOMJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/domjit/JSDocumentDOMJIT.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/JSDocumentDOMJIT.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/domjit/JSDocumentDOMJIT.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -48,7 +48,6 @@
</span><span class="cx">
</span><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> DocumentDocumentElementDOMJIT::callDOMGetter()
</span><span class="cx"> {
</span><del>- const auto& heap = DOMJIT::AbstractHeapRepository::shared();
</del><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> patchpoint = JSC::DOMJIT::CallDOMGetterPatchpoint::create();
</span><span class="cx"> patchpoint->numGPScratchRegisters = 1;
</span><span class="cx"> patchpoint->setGenerator([=](CCallHelpers& jit, JSC::DOMJIT::PatchpointParams& params) {
</span><span class="lines">@@ -70,7 +69,7 @@
</span><span class="cx">
</span><span class="cx"> return CCallHelpers::JumpList();
</span><span class="cx"> });
</span><del>- patchpoint->effect = JSC::DOMJIT::Effect::forDef(heap.Document_documentElement);
</del><ins>+ patchpoint->effect = JSC::DOMJIT::Effect::forDef(DOMJIT::AbstractHeapRepository::Document_documentElement);
</ins><span class="cx"> return patchpoint;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoredomjitJSNodeDOMJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/domjit/JSNodeDOMJIT.cpp (208319 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/JSNodeDOMJIT.cpp 2016-11-03 02:43:15 UTC (rev 208319)
+++ trunk/Source/WebCore/domjit/JSNodeDOMJIT.cpp 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -83,9 +83,8 @@
</span><span class="cx">
</span><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> NodeFirstChildDOMJIT::callDOMGetter()
</span><span class="cx"> {
</span><del>- const auto& heap = DOMJIT::AbstractHeapRepository::shared();
</del><span class="cx"> auto patchpoint = createCallDOMGetterForOffsetAccess<Node>(CAST_OFFSET(Node*, ContainerNode*) + ContainerNode::firstChildMemoryOffset(), IsContainerGuardRequirement::Required);
</span><del>- patchpoint->effect = JSC::DOMJIT::Effect::forDef(heap.Node_firstChild);
</del><ins>+ patchpoint->effect = JSC::DOMJIT::Effect::forDef(DOMJIT::AbstractHeapRepository::Node_firstChild);
</ins><span class="cx"> return patchpoint;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -96,9 +95,8 @@
</span><span class="cx">
</span><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> NodeLastChildDOMJIT::callDOMGetter()
</span><span class="cx"> {
</span><del>- const auto& heap = DOMJIT::AbstractHeapRepository::shared();
</del><span class="cx"> auto patchpoint = createCallDOMGetterForOffsetAccess<Node>(CAST_OFFSET(Node*, ContainerNode*) + ContainerNode::lastChildMemoryOffset(), IsContainerGuardRequirement::Required);
</span><del>- patchpoint->effect = JSC::DOMJIT::Effect::forDef(heap.Node_lastChild);
</del><ins>+ patchpoint->effect = JSC::DOMJIT::Effect::forDef(DOMJIT::AbstractHeapRepository::Node_lastChild);
</ins><span class="cx"> return patchpoint;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -109,9 +107,8 @@
</span><span class="cx">
</span><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> NodeNextSiblingDOMJIT::callDOMGetter()
</span><span class="cx"> {
</span><del>- const auto& heap = DOMJIT::AbstractHeapRepository::shared();
</del><span class="cx"> auto patchpoint = createCallDOMGetterForOffsetAccess<Node>(Node::nextSiblingMemoryOffset(), IsContainerGuardRequirement::NotRequired);
</span><del>- patchpoint->effect = JSC::DOMJIT::Effect::forDef(heap.Node_nextSibling);
</del><ins>+ patchpoint->effect = JSC::DOMJIT::Effect::forDef(DOMJIT::AbstractHeapRepository::Node_nextSibling);
</ins><span class="cx"> return patchpoint;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -122,9 +119,8 @@
</span><span class="cx">
</span><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> NodePreviousSiblingDOMJIT::callDOMGetter()
</span><span class="cx"> {
</span><del>- const auto& heap = DOMJIT::AbstractHeapRepository::shared();
</del><span class="cx"> auto patchpoint = createCallDOMGetterForOffsetAccess<Node>(Node::previousSiblingMemoryOffset(), IsContainerGuardRequirement::NotRequired);
</span><del>- patchpoint->effect = JSC::DOMJIT::Effect::forDef(heap.Node_previousSibling);
</del><ins>+ patchpoint->effect = JSC::DOMJIT::Effect::forDef(DOMJIT::AbstractHeapRepository::Node_previousSibling);
</ins><span class="cx"> return patchpoint;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -135,9 +131,8 @@
</span><span class="cx">
</span><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> NodeParentNodeDOMJIT::callDOMGetter()
</span><span class="cx"> {
</span><del>- const auto& heap = DOMJIT::AbstractHeapRepository::shared();
</del><span class="cx"> auto patchpoint = createCallDOMGetterForOffsetAccess<ContainerNode>(Node::parentNodeMemoryOffset(), IsContainerGuardRequirement::NotRequired);
</span><del>- patchpoint->effect = JSC::DOMJIT::Effect::forDef(heap.Node_parentNode);
</del><ins>+ patchpoint->effect = JSC::DOMJIT::Effect::forDef(DOMJIT::AbstractHeapRepository::Node_parentNode);
</ins><span class="cx"> return patchpoint;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -169,7 +164,6 @@
</span><span class="cx">
</span><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> NodeOwnerDocumentDOMJIT::callDOMGetter()
</span><span class="cx"> {
</span><del>- const auto& heap = DOMJIT::AbstractHeapRepository::shared();
</del><span class="cx"> Ref<JSC::DOMJIT::CallDOMGetterPatchpoint> patchpoint = JSC::DOMJIT::CallDOMGetterPatchpoint::create();
</span><span class="cx"> patchpoint->numGPScratchRegisters = 1;
</span><span class="cx"> patchpoint->setGenerator([=](CCallHelpers& jit, JSC::DOMJIT::PatchpointParams& params) {
</span><span class="lines">@@ -191,7 +185,7 @@
</span><span class="cx"> done.link(&jit);
</span><span class="cx"> return CCallHelpers::JumpList();
</span><span class="cx"> });
</span><del>- patchpoint->effect = JSC::DOMJIT::Effect::forDef(heap.Node_ownerDocument);
</del><ins>+ patchpoint->effect = JSC::DOMJIT::Effect::forDef(DOMJIT::AbstractHeapRepository::Node_ownerDocument);
</ins><span class="cx"> return patchpoint;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoredomjitgenerateabstractheaprb"></a>
<div class="addfile"><h4>Added: trunk/Source/WebCore/domjit/generate-abstract-heap.rb (0 => 208320)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/domjit/generate-abstract-heap.rb (rev 0)
+++ trunk/Source/WebCore/domjit/generate-abstract-heap.rb 2016-11-03 03:20:53 UTC (rev 208320)
</span><span class="lines">@@ -0,0 +1,165 @@
</span><ins>+#!/usr/bin/env ruby
+# -*- coding: utf-8 -*-
+# Copyright (C) 2016 Apple Inc. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+require "yaml"
+
+class HeapRange
+ attr_reader :first, :last
+ def initialize(first, last)
+ @first = first
+ @last = last
+ end
+end
+
+class AbstractHeap
+ attr_reader :range, :name, :parent
+ def initialize(name, tree)
+ @name = name
+ @parent = nil
+ if tree.nil?
+ @children = []
+ else
+ @children = tree.map {|key, value| AbstractHeap.new(key, value) }
+ end
+ @range = nil
+ end
+
+ def setParent(parent)
+ parent.children.push(self)
+ @parent = parent
+ end
+
+ def compute(start)
+ current = start
+ if @children.empty?
+ @range = HeapRange.new(start, current + 1)
+ return
+ end
+
+ @children.each {|child|
+ child.compute(current)
+ current = child.range.last
+ }
+
+ @range = HeapRange.new(start, current)
+ end
+
+ def dump output
+ shallowDump(output)
+ if @parent
+ output.print "-> "
+ @parent.dump(output)
+ end
+ end
+
+ def shallowDump(output)
+ output.print "#{@name}<#{@range.first},#{@range.last}>"
+ end
+
+ def deepDump output, indent
+ printIndent(output, indent)
+ shallowDump(output)
+ if @children.empty?
+ output.print "\n"
+ return
+ end
+
+ output.print ":\n"
+ @children.each {|child|
+ child.deepDump(output, indent + 1)
+ }
+ end
+
+ def generate output
+ output.puts "constexpr JSC::DOMJIT::HeapRange #{@name}(JSC::DOMJIT::HeapRange::ConstExpr, #{@range.first}, #{@range.last});"
+ @children.each {|child|
+ child.generate(output)
+ }
+ end
+
+private
+ def printIndent output, indent
+ indent.times {
+ output.print " "
+ }
+ end
+end
+
+header = <<-EOS
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+// Auto-generated file. Do not modify.
+
+#pragma once
+
+#include <domjit/DOMJITHeapRange.h>
+
+namespace WebCore { namespace DOMJIT { namespace AbstractHeapRepository {
+EOS
+
+footer = <<-EOS
+} } }
+EOS
+
+$inputFileName = ARGV.shift
+$outputFileName = ARGV.shift
+File.open($outputFileName, "w") {|output|
+ File.open($inputFileName, "rb") {|file|
+ tree = YAML::load(file.read())
+ heap = tree.map {|key, value|
+ AbstractHeap.new(key, value)
+ }.first
+ heap.compute(0)
+
+ output.print(header)
+ output.puts("/* DOMJIT Abstract Heap Tree.")
+ heap.deepDump(output, 0)
+ output.puts("*/")
+ heap.generate(output)
+ output.print(footer)
+ }
+}
</ins></span></pre>
</div>
</div>
</body>
</html>