Context Navigation

← Previous Change
Next Change →

JSScope.cpp

Timestamp:

Jul 24, 2013, 9:02:40 PM (12 years ago)

Author:

Message:

fourthTier: Re-worked non-local variable resolution
https://bugs.webkit.org/show_bug.cgi?id=117375

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch has two goals:

(1) Simplicity.

Net removes 15 opcodes.
Net removes 2,000 lines of code.
Removes setPair() from the DFG: All DFG nodes have 1 result register now.

(2) Performance.

2%-3% speedup on SunSpider (20% in LLInt and Baseline JIT)
2% speedup on v8-spider
10% speedup on js-regress-hashmap*
Amusing 2X speedup on js-regress-poly-stricteq

The bytecode now separates the scope chain resolution opcode from the
scope access opcode.

OLD:

get_scoped_var r0, 1, 0
inc r0
put_scoped_var 1, 0, r0

NEW:

resolve_scope r0, x(@id0)
get_from_scope r1, r0, x(@id0)
inc r1
put_to_scope r0, x(@id0), r1

Also, we link non-local variable resolution opcodes at CodeBlock link
time instead of time of first opcode execution.

This means that we can represent all possible non-local variable
resolutions using just three opcodes, and any optimizations in these
opcodes naturally apply across-the-board.

API/JSCTestRunnerUtils.cpp:

(JSC::numberOfDFGCompiles):

GNUmakefile.list.am:
JavaScriptCore.gypi:
JavaScriptCore.order:
JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
Target.pri: Build!

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode): Updated for removed things.

(JSC::CodeBlock::CodeBlock): Always provide the full scope chain when
creating a CodeBlock, so we can perform non-local variable resolution.

Added code to perform linking for these opcodes. This is where we figure
out which non-local variable resolutions are optimizable, and how.

(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::noticeIncomingCall):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::optimizeAfterLongWarmUp):
(JSC::CodeBlock::optimizeSoon): Updated for removed things.

bytecode/CodeBlock.h:

(JSC::CodeBlock::needsActivation):
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ProgramCodeBlock::ProgramCodeBlock):
(JSC::EvalCodeBlock::EvalCodeBlock):
(JSC::FunctionCodeBlock::FunctionCodeBlock):

bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::getSlow): Updated for interface changes.

bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFor): Treat global object access as
optimizable even though the global object has a custom property access
callback. This is what we've always done since, otherwise, we can't
optimize globals. (In future, we probably want to figure out a more
targeted policy than "any property access callback means no
optimization".)

bytecode/GlobalResolveInfo.h: Removed.
bytecode/Instruction.h:
bytecode/Opcode.h:

(JSC::padOpcodeName):

bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFor): Like GetByIdStatus.

bytecode/ResolveGlobalStatus.cpp: Removed.
bytecode/ResolveGlobalStatus.h: Removed.
bytecode/ResolveOperation.h: Removed.

bytecode/UnlinkedCodeBlock.cpp:

(JSC::generateFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::codeBlockFor):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

bytecode/UnlinkedCodeBlock.h: Don't provide a scope chain to unlinked

code blocks. Giving a scope to an unscoped compilation unit invites
programming errors.

bytecode/Watchpoint.h:

(JSC::WatchpointSet::addressOfIsInvalidated):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::resolveCallee):
(JSC::BytecodeGenerator::local):
(JSC::BytecodeGenerator::constLocal):
(JSC::BytecodeGenerator::resolveType):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::emitInstanceOf):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitPopScope):
(JSC::BytecodeGenerator::pushFinallyContext):
(JSC::BytecodeGenerator::emitComplexPopScopes):
(JSC::BytecodeGenerator::popTryAndEmitCatch):
(JSC::BytecodeGenerator::emitPushNameScope):
(JSC::BytecodeGenerator::isArgumentNumber):

bytecompiler/BytecodeGenerator.h:

(JSC::Local::Local):
(JSC::Local::operator bool):
(JSC::Local::get):
(JSC::Local::isReadOnly):
(JSC::BytecodeGenerator::scopeDepth):
(JSC::BytecodeGenerator::shouldOptimizeLocals):
(JSC::BytecodeGenerator::canOptimizeNonLocals): Refactored the bytecode
generator to resolve all variables within local scope, as if there
were no non-local scope. This helps provide a separation of concerns:
unlinked bytecode is always scope-free, and the linking stage links
in the provided scope.

bytecompiler/NodesCodegen.cpp:

(JSC::ResolveNode::isPure):
(JSC::ResolveNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::ForInNode::emitBytecode): A bunch of this codegen is no longer
necessary, since it's redundant with the linking stage.

dfg/DFGAbstractState.cpp:

(JSC::DFG::AbstractState::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
(JSC::DFG::ByteCodeParser::handlePutByOffset):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseBlock): Updated for interface changes.
Notably, we can reuse existing DFG nodes -- but the mapping between
bytecode and DFG nodes has changed, and some nodes and corner cases have
been removed.

dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::scopedVarLoadElimination):
(JSC::DFG::CSEPhase::varInjectionWatchpointElimination):
(JSC::DFG::CSEPhase::globalVarStoreElimination):
(JSC::DFG::CSEPhase::scopedVarStoreElimination):
(JSC::DFG::CSEPhase::getLocalLoadElimination):
(JSC::DFG::CSEPhase::setLocalStoreElimination):
(JSC::DFG::CSEPhase::performNodeCSE): Added CSE for var injection
watchpoints. Even though watchpoints are "free", they're quite common
inside code that's subject to var injection, so I figured we'd save a
little memory.

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

dfg/DFGCapabilities.h: Removed detection for old forms.

dfg/DFGDriver.h:

(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGGraph.h:
dfg/DFGJITCode.cpp:
dfg/DFGNode.h:

(JSC::DFG::Node::convertToStructureTransitionWatchpoint):
(JSC::DFG::Node::hasVarNumber):
(JSC::DFG::Node::hasIdentifierNumberForCheck):
(JSC::DFG::Node::hasRegisterPointer):
(JSC::DFG::Node::hasHeapPrediction):

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGRepatch.h:

(JSC::DFG::dfgResetGetByID):
(JSC::DFG::dfgResetPutByID):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation): Removed some unneeded things,
and updated for renames.

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile): The two primary changes here are:

(1) Use a watchpoint for var injection instead of looping over the scope
chain and checking. This is more efficient and much easier to model in
code generation.

(2) I've eliminated the notion of an optimized global assignment that
needs to check for whether it should fire a watchpiont. Instead, we
fire pre-emptively at the point of optimization. This removes a bunch
of edge cases, and it seems like a more honest representation of
the fact that our new optimization contradicts our old one.

dfg/DFGTypeCheckHoistingPhase.cpp:

(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):

heap/DFGCodeBlocks.cpp:

(JSC::DFGCodeBlocks::jettison):

interpreter/CallFrame.h:

(JSC::ExecState::trueCallFrame): Removed stuff that's unused now, and
fixed the build.

interpreter/Interpreter.cpp:

(JSC::eval):
(JSC::getBytecodeOffsetForCallFrame):
(JSC::getCallerInfo):
(JSC::Interpreter::throwException): Updated exception scope tracking
to match the rest of our linking strategy: The unlinked bytecode compiles
exception scope as if non-local scope did not exist, and we add in
non-local scope at link time. This means that we can restore the right
scope depth based on a simple number, without checking the contents of
the scope chain.

(JSC::Interpreter::execute): Make sure to establish the full scope chain
before linking eval code. We now require the full scope chain at link
time, in order to link non-local variable resolution opcodes.

jit/JIT.cpp:

(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

jit/JIT.h:
jit/JITArithmetic.cpp:

(JSC::JIT::emit_op_add):

jit/JITCode.cpp:
jit/JITOpcodes.cpp:

(JSC::JIT::emitSlow_op_bitxor):
(JSC::JIT::emitSlow_op_bitor):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emitSlow_op_to_primitive):
(JSC::JIT::emit_op_strcat):
(JSC::JIT::emitSlow_op_create_this):
(JSC::JIT::emitSlow_op_to_this):

jit/JITPropertyAccess.cpp:

(JSC::JIT::emitVarInjectionCheck):
(JSC::JIT::emitResolveClosure):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitLoadWithStructureCheck):
(JSC::JIT::emitGetGlobalProperty):
(JSC::JIT::emitGetGlobalVar):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_init_global_const):

jit/JITPropertyAccess32_64.cpp:

jit/JITStubs.cpp:

(JSC::DEFINE_STUB_FUNCTION):

jit/JITStubs.h: Re-wrote baseline JIT codegen for our new variable

resolution model.

llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

llint/LLIntSlowPaths.cpp:
llint/LLIntSlowPaths.h:
llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter.cpp:

(JSC::CLoop::execute):

llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm: Ditto for LLInt.

offlineasm/x86.rb: Fixed a pre-existing encoding bug for a syntactic

form that we never used before.

runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.

These functions need to invoke toThis() because they observe the 'this'
value. Also, toLocaleString() is specified to accept non-array 'this'
values.

(Most other host functions don't need this fix because they perform
strict 'this' checking, which never coerces unexpected types.)

runtime/CodeCache.cpp:

(JSC::CodeCache::getCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):

runtime/CodeCache.h: Don't supply a scope to the unlinked code cache.

Unlinked code is supposed to be scope-free, so let's have the compiler
help verify that.

runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/CommonSlowPaths.h:
runtime/Executable.cpp:

(JSC::EvalExecutable::create):
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):

runtime/Executable.h:

(JSC::EvalExecutable::numVariables):
(JSC::EvalExecutable::numberOfFunctionDecls):

runtime/ExecutionHarness.h:

(JSC::prepareForExecutionImpl):
(JSC::prepareFunctionForExecutionImpl):
(JSC::installOptimizedCode): Fiddled with executable initialization so
that we can always generate a full scope chain before we go to link a
code block. We need this because code block linking now depends on the
scope chain to link non-local variable resolution opcodes.

runtime/JSActivation.h:
runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::createEvalCodeBlock):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::varInjectionWatchpoint):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

runtime/JSNameScope.h:
runtime/JSScope.cpp:

(JSC::abstractAccess):
(JSC::JSScope::objectAtScope):
(JSC::JSScope::depth):
(JSC::JSScope::resolve):
(JSC::JSScope::abstractResolve): Updated to match changes explained above.

runtime/JSScope.h:

(JSC::makeType):
(JSC::needsVarInjectionChecks):
(JSC::ResolveOp::ResolveOp):
(JSC::ResolveModeAndType::ResolveModeAndType):
(JSC::ResolveModeAndType::mode):
(JSC::ResolveModeAndType::type):
(JSC::ResolveModeAndType::operand): Removed the old variable resolution
state machine, since it's unused now. Added logic for performing abstract
variable resolution at link time. This is used by codeblock linking.

runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncDefineGetter):
(JSC::objectProtoFuncDefineSetter):
(JSC::objectProtoFuncLookupGetter):
(JSC::objectProtoFuncLookupSetter):
(JSC::objectProtoFuncPropertyIsEnumerable):
(JSC::objectProtoFuncToLocaleString):
(JSC::objectProtoFuncToString): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.

These functions need to invoke toThis() because they observe the 'this'
value.

runtime/StringPrototype.cpp:

(JSC::checkObjectCoercible):
(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncConcat):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncLastIndexOf):
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):
(JSC::stringProtoFuncLocaleCompare):
(JSC::stringProtoFuncBig):
(JSC::stringProtoFuncSmall):
(JSC::stringProtoFuncBlink):
(JSC::stringProtoFuncBold):
(JSC::stringProtoFuncFixed):
(JSC::stringProtoFuncItalics):
(JSC::stringProtoFuncStrike):
(JSC::stringProtoFuncSub):
(JSC::stringProtoFuncSup):
(JSC::stringProtoFuncFontcolor):
(JSC::stringProtoFuncFontsize):
(JSC::stringProtoFuncAnchor):
(JSC::stringProtoFuncLink):
(JSC::trimString): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.

These functions need to invoke toThis() because they observe the 'this'
value.

runtime/StructureRareData.cpp:
runtime/VM.cpp:

(JSC::VM::~VM):

runtime/WriteBarrier.h:

(JSC::WriteBarrierBase::slot): Modified to reduce casting in client code.

LayoutTests:

This patch removed special-case 'this' resolution from bytecode, making
some pre-existing edge cases in 'this' value treatment much more common.

I updated the test results below, and added some tests, to match bug
fixes for these cases.

fast/js/script-tests/array-functions-non-arrays.js:
fast/js/array-functions-non-arrays-expected.txt: As specified, it's

not an error to pass a non-array to toLocaleString. Our new result
matches Firefox and Chrome.

fast/js/array-prototype-properties-expected.txt: Updated for slightly

clearer error message.

fast/js/basic-strict-mode-expected.txt: Updated for slightly more

standard error message.

fast/js/object-prototype-toString-expected.txt: Added.
fast/js/object-prototype-toString.html: Added. This test demonstrates

why we now fail a Sputnik test below, while Firefox and Chrome pass it.
(The test doesn't test what it thinks it tests, and this test verifies
that we get right what it does think it tests.)

fast/js/string-prototype-function-this-expected.txt: Added.
fast/js/string-prototype-function-this.html: Added. This test shows

that we CheckObjectCoercible in string prototype functions. (We used
to get this wrong, but Sputnik tests made it seem like we got it right
because they didn't test the dynamic scope case.)

sputnik/Conformance/11_Expressions/11.1_Primary_Expressions/11.1.1_The_this_Keyword/S11.1.1_A2-expected.txt:
sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.3_Array_prototype_toLocaleString/S15.4.4.3_A2_T1-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.6_String.prototype.concat/S15.5.4.6_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A1_T3-expected.txt:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A1_T3-expected.txt:

Updated to show failing results. Firefox and Chrome also fail these
tests, and the ES5 spec seems to mandate failure. Because these tests
resolve a String.prototype function at global scope, the 'this' value
for the call is an environment record. Logically, an environment record
converts to 'undefined' at the call site, and should then fail the
CheckObjectCoercible test.

File:

: 1 edited

trunk/Source/JavaScriptCore/runtime/JSScope.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/runtime/JSScope.cpp

-              r153170
+              r153221
+}
+bool JSScope::isDynamicScope(bool& requiresDynamicChecks) const
+// Returns true if we found enough information to terminate optimization.
+static inline bool abstractAccess(ExecState* exec, JSScope* scope, const Identifier& ident, GetOrPut getOrPut, size_t depth, bool& needsVarInjectionChecks, ResolveOp& op)
+{
+    switch (structure()->typeInfo().type()) {
+    case GlobalObjectType:
+        return static_cast<const JSGlobalObject*>(this)->isDynamicScope(requiresDynamicChecks);
+    case ActivationObjectType:
+        return static_cast<const JSActivation*>(this)->isDynamicScope(requiresDynamicChecks);
+    case NameScopeObjectType:
+        return static_cast<const JSNameScope*>(this)->isDynamicScope(requiresDynamicChecks);
+    default:
+        RELEASE_ASSERT_NOT_REACHED();
+        break;
+    if (JSActivation* activation = jsDynamicCast<JSActivation*>(scope)) {
+        if (ident == exec->propertyNames().arguments) {
+            // We know the property will be at this activation scope, but we don't know how to cache it.
+            op = ResolveOp(Dynamic, 0, 0, 0);
+            return true;
+        }
+        SymbolTableEntry entry = activation->symbolTable()->get(ident.impl());
+        if (entry.isReadOnly() && getOrPut == Put) {
+            // We know the property will be at this activation scope, but we don't know how to cache it.
+            op = ResolveOp(Dynamic, 0, 0, 0);
+            return true;
+        }
+        if (!entry.isNull()) {
+            op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, activation->structure(), entry.getIndex());
+            return true;
+        }
+        if (activation->symbolTable()->usesNonStrictEval())
+            needsVarInjectionChecks = true;
+        return false;
+    }
+    return false;
+    if (JSGlobalObject* globalObject = jsDynamicCast<JSGlobalObject*>(scope)) {
+        SymbolTableEntry entry = globalObject->symbolTable()->get(ident.impl());
+        if (!entry.isNull()) {
+            if (getOrPut == Put) {
+                if (entry.isReadOnly()) {
+                    // We know the property will be at global scope, but we don't know how to cache it.
+                    op = ResolveOp(Dynamic, 0, 0, 0);
+                    return true;
+                }
+                // It's likely that we'll write to this var, so notify now and avoid the overhead of doing so at runtime.
+                entry.notifyWrite();
+            }
+            op = ResolveOp(makeType(GlobalVar, needsVarInjectionChecks), depth, globalObject->structure(),
+                reinterpret_cast<uintptr_t>(globalObject->registerAt(entry.getIndex()).slot()));
+            return true;
+        }
+        PropertySlot slot(globalObject);
+        if (!globalObject->getOwnPropertySlot(globalObject, exec, ident, slot)
+            || !slot.isCacheableValue()
+            || !globalObject->structure()->propertyAccessesAreCacheable()
+            || (globalObject->structure()->hasReadOnlyOrGetterSetterPropertiesExcludingProto() && getOrPut == Put)) {
+            // We know the property will be at global scope, but we don't know how to cache it.
+            ASSERT(!scope->next());
+            op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0);
+            return true;
+        }
+        op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), slot.cachedOffset());
+        return true;
+    }
+    op = ResolveOp(Dynamic, 0, 0, 0);
+    return true;
+}
 …
+}
 int JSScope::localDepth()
+int JSScope::depth()
+{
+    int scopeDepth = 0;
+    ScopeChainIterator iter = this->begin();
+    ScopeChainIterator end = this->end();
+    while (!iter->inherits(&JSActivation::s_info)) {
+        ++iter;
+        if (iter == end)
+            break;
+        ++scopeDepth;
+    }
+    return scopeDepth;
+    int depth = 0;
+    for (JSScope* scope = this; scope; scope = scope->next())
+        ++depth;
+    return depth;
+}
+struct LookupResult {
+    JSValue base() const { return m_base; }
+    JSValue value() const { return m_value; }
+    void setBase(JSValue base) { ASSERT(base); m_base = base; }
+    void setValue(JSValue value) { ASSERT(value); m_value = value; }
+JSValue JSScope::resolve(ExecState* exec, JSScope* scope, const Identifier& ident)
+{
+    ScopeChainIterator end = scope->end();
+    ScopeChainIterator it = scope->begin();
+    while (1) {
+        JSObject* object = it.get();
+private:
+    JSValue m_base;
+    JSValue m_value;
+};
+        if (++it == end) // Global scope.
+            return object;
+static void setPutPropertyAccessOffset(PutToBaseOperation* operation, PropertyOffset offset)
+{
+    ASSERT(isOutOfLineOffset(offset));
+    operation->m_offset = offset;
+    operation->m_offsetInButterfly = offsetInButterfly(offset);
+}
+static bool executeResolveOperations(CallFrame* callFrame, JSScope* scope, const Identifier& propertyName, ResolveOperation* pc, LookupResult& result)
+{
+    while (true) {
+        switch (pc->m_operation) {
+        case ResolveOperation::Fail:
+            return false;
+        case ResolveOperation::CheckForDynamicEntriesBeforeGlobalScope: {
+            while (JSScope* nextScope = scope->next()) {
+                if (scope->isActivationObject() && scope->structure() != scope->globalObject()->activationStructure())
+                    return false;
+                ASSERT(scope->isNameScopeObject() || scope->isVariableObject() || scope->isGlobalObject());
+                scope = nextScope;
+            }
+            pc++;
+            break;
+        }
+        case ResolveOperation::SetBaseToUndefined:
+            result.setBase(jsUndefined());
+            pc++;
+            continue;
+        case ResolveOperation::SetBaseToScope:
+            result.setBase(scope);
+            pc++;
+            continue;
+        case ResolveOperation::ReturnScopeAsBase:
+            result.setBase(scope);
+            return true;
+        case ResolveOperation::SetBaseToGlobal:
+            result.setBase(scope->globalObject());
+            pc++;
+            continue;
+        case ResolveOperation::SkipScopes: {
+            int count = pc->m_scopesToSkip;
+            while (count--)
+                scope = scope->next();
+            ASSERT(scope);
+            pc++;
+            continue;
+        }
+        case ResolveOperation::SkipTopScopeNode:
+            if (callFrame->r(pc->m_activationRegister).jsValue())
+                scope = scope->next();
+            ASSERT(scope);
+            pc++;
+            continue;
+        case ResolveOperation::GetAndReturnScopedVar:
+            ASSERT(jsCast<JSVariableObject*>(scope)->registerAt(pc->m_offset).get());
+            result.setValue(jsCast<JSVariableObject*>(scope)->registerAt(pc->m_offset).get());
+            return true;
+        case ResolveOperation::GetAndReturnGlobalVar:
+            result.setValue(pc->m_registerAddress->get());
+            return true;
+        case ResolveOperation::GetAndReturnGlobalVarWatchable:
+            result.setValue(pc->m_registerAddress->get());
+            return true;
+        case ResolveOperation::ReturnGlobalObjectAsBase:
+            result.setBase(callFrame->lexicalGlobalObject());
+            return true;
+        case ResolveOperation::GetAndReturnGlobalProperty: {
+            JSGlobalObject* globalObject = scope->globalObject();
+            if (globalObject->structure() == pc->m_structure.get()) {
+                result.setValue(globalObject->getDirect(pc->m_offset));
+                return true;
+            }
+            PropertySlot slot(globalObject);
+            if (!globalObject->getPropertySlot(callFrame, propertyName, slot))
+                return false;
+            JSValue value = slot.getValue(callFrame, propertyName);
+            if (callFrame->hadException())
+                return false;
+            Structure* structure = globalObject->structure();
+            // Don't try to cache prototype lookups
+            if (globalObject != slot.slotBase() || !slot.isCacheableValue() || !structure->propertyAccessesAreCacheable()) {
+                result.setValue(value);
+                return true;
+            }
+            pc->m_structure.set(callFrame->vm(), callFrame->codeBlock()->ownerExecutable(), structure);
+            pc->m_offset = slot.cachedOffset();
+            result.setValue(value);
+            return true;
+        }
+        }
+        if (object->hasProperty(exec, ident))
+            return object;
+    }
+}
 template <JSScope::LookupMode mode, JSScope::ReturnValues returnValues> JSObject* JSScope::resolveContainingScopeInternal(CallFrame* callFrame, const Identifier& identifier, PropertySlot& slot, ResolveOperations* operations, PutToBaseOperation* putToBaseOperation, bool )
+ResolveOp JSScope::abstractResolve(ExecState* exec, JSScope* scope, const Identifier& ident, GetOrPut getOrPut, ResolveType unlinkedType)
+{
+    JSScope* scope = callFrame->scope();
+    ASSERT(scope);
+    int scopeCount = 0;
+    bool seenGenericObjectScope = false;
+    bool requiresDynamicChecks = false;
+    bool skipTopScopeNode = false;
+    int activationRegister = 0;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    if (mode == UnknownResolve) {
+        ASSERT(operations->isEmpty());
+        if (codeBlock->codeType() == FunctionCode && codeBlock->needsActivation()) {
+            activationRegister = codeBlock->activationRegister();
+            JSValue activation = callFrame->r(activationRegister).jsValue();
+            // If the activation register doesn't match our actual scope, a dynamic
+            // scope has been inserted so we shouldn't skip the top scope node.
+            if (activation == scope) {
+                jsCast<JSActivation*>(activation.asCell())->isDynamicScope(requiresDynamicChecks);
+                if (!requiresDynamicChecks) {
+                    ASSERT(jsCast<JSActivation*>(activation.asCell())->symbolTable()->get(identifier.impl()).isNull());
+                    scope = scope->next();
+                    ASSERT(scope);
+                    skipTopScopeNode = true;
+                }
+            } else if (!activation)
+                skipTopScopeNode = true;
+        }
+    } else
+        ASSERT(operations->size());
+    ResolveOp op(Dynamic, 0, 0, 0);
+    if (unlinkedType == Dynamic)
+        return op;
+    if (codeBlock->codeType() == EvalCode && scope->next())
+        requiresDynamicChecks = true;
+    size_t depth = 0;
+    bool needsVarInjectionChecks = JSC::needsVarInjectionChecks(unlinkedType);
+    for (; scope; scope = scope->next()) {
+        if (abstractAccess(exec, scope, ident, getOrPut, depth, needsVarInjectionChecks, op))
+            break;
+        ++depth;
+    }
+    if (mode == UnknownResolve && putToBaseOperation)
+        putToBaseOperation->m_kind = PutToBaseOperation::Generic;
+    do {
+        JSObject* object = JSScope::objectAtScope(scope);
+        slot = PropertySlot(object);
+        bool currentScopeNeedsDynamicChecks = false;
+        if (!(scope->isVariableObject() || scope->isNameScopeObject()) || (scope->next() && scope->isDynamicScope(currentScopeNeedsDynamicChecks)))
+            seenGenericObjectScope = true;
+        requiresDynamicChecks = requiresDynamicChecks || currentScopeNeedsDynamicChecks;
+        if (object->getPropertySlot(callFrame, identifier, slot)) {
+            if (mode == UnknownResolve) {
+                if (seenGenericObjectScope)
+                    goto fail;
+                if (putToBaseOperation)
+                    putToBaseOperation->m_isDynamic = requiresDynamicChecks;
+                if (!scope->next()) {
+                    // Global lookup of some kind
+                    JSGlobalObject* globalObject = jsCast<JSGlobalObject*>(scope);
+                    SymbolTableEntry entry = globalObject->symbolTable()->get(identifier.impl());
+                    if (!entry.isNull()) {
+                        if (requiresDynamicChecks)
+                            operations->append(ResolveOperation::checkForDynamicEntriesBeforeGlobalScope());
+                        if (putToBaseOperation) {
+                            putToBaseOperation->m_isDynamic = requiresDynamicChecks;
+                            if (entry.isReadOnly())
+                                putToBaseOperation->m_kind = PutToBaseOperation::Readonly;
+                            else if (entry.couldBeWatched()) {
+                                putToBaseOperation->m_kind = PutToBaseOperation::GlobalVariablePutChecked;
+                                putToBaseOperation->m_predicatePointer = entry.addressOfIsWatched();
+                            } else
+                                putToBaseOperation->m_kind = PutToBaseOperation::GlobalVariablePut;
+                            putToBaseOperation->m_registerAddress = &globalObject->registerAt(entry.getIndex());
+                        }
+                        // Override custom accessor behaviour that the DOM introduces for some
+                        // event handlers declared on function declarations.
+                        if (!requiresDynamicChecks)
+                            slot.setValue(globalObject, globalObject->registerAt(entry.getIndex()).get());
+                        switch (returnValues) {
+                        case ReturnValue:
+                            ASSERT(!putToBaseOperation);
+                            operations->append(ResolveOperation::getAndReturnGlobalVar(&globalObject->registerAt(entry.getIndex()), entry.couldBeWatched()));
+                            break;
+                        case ReturnBase:
+                            ASSERT(putToBaseOperation);
+                            operations->append(ResolveOperation::returnGlobalObjectAsBase());
+                            break;
+                        case ReturnBaseAndValue:
+                            ASSERT(putToBaseOperation);
+                            operations->append(ResolveOperation::setBaseToGlobal());
+                            operations->append(ResolveOperation::getAndReturnGlobalVar(&globalObject->registerAt(entry.getIndex()), entry.couldBeWatched()));
+                            break;
+                        case ReturnThisAndValue:
+                            ASSERT(!putToBaseOperation);
+                            operations->append(ResolveOperation::setBaseToUndefined());
+                            operations->append(ResolveOperation::getAndReturnGlobalVar(&globalObject->registerAt(entry.getIndex()), entry.couldBeWatched()));
+                            break;
+                        }
+                    } else {
+                        if (!slot.isCacheableValue() || slot.slotBase() != globalObject)
+                            goto fail;
+                        if (requiresDynamicChecks)
+                            operations->append(ResolveOperation::checkForDynamicEntriesBeforeGlobalScope());
+                        if (putToBaseOperation) {
+                            ConcurrentJITLocker locker(callFrame->codeBlock()->m_lock);
+                            putToBaseOperation->m_isDynamic = requiresDynamicChecks;
+                            putToBaseOperation->m_kind = PutToBaseOperation::GlobalPropertyPut;
+                            putToBaseOperation->m_structure.set(callFrame->vm(), callFrame->codeBlock()->ownerExecutable(), globalObject->structure());
+                            setPutPropertyAccessOffset(putToBaseOperation, slot.cachedOffset());
+                        }
+                        switch (returnValues) {
+                        case ReturnValue:
+                            ASSERT(!putToBaseOperation);
+                            operations->append(ResolveOperation::getAndReturnGlobalProperty());
+                            break;
+                        case ReturnBase:
+                            ASSERT(putToBaseOperation);
+                            operations->append(ResolveOperation::returnGlobalObjectAsBase());
+                            break;
+                        case ReturnBaseAndValue:
+                            ASSERT(putToBaseOperation);
+                            operations->append(ResolveOperation::setBaseToGlobal());
+                            operations->append(ResolveOperation::getAndReturnGlobalProperty());
+                            break;
+                        case ReturnThisAndValue:
+                            ASSERT(!putToBaseOperation);
+                            operations->append(ResolveOperation::setBaseToUndefined());
+                            operations->append(ResolveOperation::getAndReturnGlobalProperty());
+                            break;
+                        }
+                    }
+                    return object;
+                }
+                if (!requiresDynamicChecks) {
+                    // Normal lexical lookup
+                    JSVariableObject* variableObject = jsCast<JSVariableObject*>(scope);
+                    ASSERT(variableObject);
+                    ASSERT(variableObject->symbolTable());
+                    SymbolTableEntry entry = variableObject->symbolTable()->get(identifier.impl());
+                    // Defend against the variable being actually inserted by eval.
+                    if (entry.isNull()) {
+                        ASSERT(!jsDynamicCast<JSNameScope*>(variableObject));
+                        goto fail;
+                    }
+                    // If we're getting the 'arguments' then give up on life.
+                    if (identifier == callFrame->propertyNames().arguments)
+                        goto fail;
+                    if (putToBaseOperation) {
+                        ConcurrentJITLocker locker(callFrame->codeBlock()->m_lock);
+                        putToBaseOperation->m_kind = entry.isReadOnly() ? PutToBaseOperation::Readonly : PutToBaseOperation::VariablePut;
+                        putToBaseOperation->m_structure.set(callFrame->vm(), callFrame->codeBlock()->ownerExecutable(), callFrame->lexicalGlobalObject()->activationStructure());
+                        putToBaseOperation->m_offset = entry.getIndex();
+                        putToBaseOperation->m_scopeDepth = (skipTopScopeNode ? 1 : 0) + scopeCount;
+                    }
+                    if (skipTopScopeNode)
+                        operations->append(ResolveOperation::skipTopScopeNode(activationRegister));
+                    operations->append(ResolveOperation::skipScopes(scopeCount));
+                    switch (returnValues) {
+                    case ReturnBaseAndValue:
+                        operations->append(ResolveOperation::setBaseToScope());
+                        operations->append(ResolveOperation::getAndReturnScopedVar(entry.getIndex()));
+                        break;
+                    case ReturnBase:
+                        operations->append(ResolveOperation::returnScopeAsBase());
+                        break;
+                    case ReturnThisAndValue:
+                        operations->append(ResolveOperation::setBaseToUndefined());
+                        // fallthrough
+                    case ReturnValue:
+                        operations->append(ResolveOperation::getAndReturnScopedVar(entry.getIndex()));
+                        break;
+                    }
+                    return object;
+                }
+            fail:
+                if (!operations->size())
+                    operations->append(ResolveOperation::resolveFail());
+            }
+            return object;
+        }
+        scopeCount++;
+    } while ((scope = scope->next()));
+    if (mode == UnknownResolve) {
+        ASSERT(operations->isEmpty());
+        if (seenGenericObjectScope) {
+            operations->append(ResolveOperation::resolveFail());
+            return 0;
+        }
+        if (putToBaseOperation) {
+            putToBaseOperation->m_isDynamic = requiresDynamicChecks;
+            putToBaseOperation->m_kind = PutToBaseOperation::GlobalPropertyPut;
+            putToBaseOperation->m_structure.clear();
+            putToBaseOperation->m_offset = -1;
+        }
+        if (requiresDynamicChecks)
+            operations->append(ResolveOperation::checkForDynamicEntriesBeforeGlobalScope());
+        switch (returnValues) {
+        case ReturnValue:
+            ASSERT(!putToBaseOperation);
+            operations->append(ResolveOperation::getAndReturnGlobalProperty());
+            break;
+        case ReturnBase:
+            ASSERT(putToBaseOperation);
+            operations->append(ResolveOperation::returnGlobalObjectAsBase());
+            break;
+        case ReturnBaseAndValue:
+            ASSERT(putToBaseOperation);
+            operations->append(ResolveOperation::setBaseToGlobal());
+            operations->append(ResolveOperation::getAndReturnGlobalProperty());
+            break;
+        case ReturnThisAndValue:
+            ASSERT(!putToBaseOperation);
+            operations->append(ResolveOperation::setBaseToUndefined());
+            operations->append(ResolveOperation::getAndReturnGlobalProperty());
+            break;
+        }
+    }
+    return 0;
+    return op;
+}
-template <JSScope::ReturnValues returnValues> JSObject* JSScope::resolveContainingScope(CallFrame* callFrame, const Identifier& identifier, PropertySlot& slot, ResolveOperations* operations, PutToBaseOperation* putToBaseOperation, bool isStrict)
+{
-    if (operations->size())
-        return resolveContainingScopeInternal<KnownResolve, returnValues>(callFrame, identifier, slot, operations, putToBaseOperation, isStrict);
-    JSObject* result = resolveContainingScopeInternal<UnknownResolve, returnValues>(callFrame, identifier, slot, operations, putToBaseOperation, isStrict);
-    operations->shrinkToFit();
-    return result;
+}
-JSValue JSScope::resolve(CallFrame* callFrame, const Identifier& identifier, ResolveOperations* operations)
+{
-    ASSERT(operations);
-    LookupResult fastResult;
-    if (operations->size() && executeResolveOperations(callFrame, callFrame->scope(), identifier, operations->data(), fastResult)) {
-        ASSERT(fastResult.value());
-        ASSERT(!callFrame->hadException());
-        return fastResult.value();
+    }
-    if (callFrame->hadException())
-        return JSValue();
-    PropertySlot slot;
-    if (JSScope::resolveContainingScope<ReturnValue>(callFrame, identifier, slot, operations, 0, false)) {
-        ASSERT(operations->size());
-        return slot.getValue(callFrame, identifier);
+    }
-    ASSERT(operations->size());
-    return throwError(callFrame, createUndefinedVariableError(callFrame, identifier));
+}
-JSValue JSScope::resolveBase(CallFrame* callFrame, const Identifier& identifier, bool isStrict, ResolveOperations* operations, PutToBaseOperation* putToBaseOperations)
+{
-    ASSERT(operations);
-    ASSERT_UNUSED(putToBaseOperations, putToBaseOperations);
-    LookupResult fastResult;
-    if (operations->size() && executeResolveOperations(callFrame, callFrame->scope(), identifier, operations->data(), fastResult)) {
-        ASSERT(fastResult.base());
-        ASSERT(!callFrame->hadException());
-        return fastResult.base();
+    }
-    if (callFrame->hadException())
-        return JSValue();
-    PropertySlot slot;
-    if (JSObject* base = JSScope::resolveContainingScope<ReturnBase>(callFrame, identifier, slot, operations, putToBaseOperations, isStrict)) {
-        ASSERT(operations->size());
-        return base;
+    }
-    if (!isStrict)
-        return callFrame->lexicalGlobalObject();
-    return throwError(callFrame, createErrorForInvalidGlobalAssignment(callFrame, identifier.string()));
+}
-JSValue JSScope::resolveWithBase(CallFrame* callFrame, const Identifier& identifier, Register* base, ResolveOperations* operations, PutToBaseOperation* putToBaseOperations)
+{
-    ASSERT(operations);
-    ASSERT_UNUSED(putToBaseOperations, putToBaseOperations);
-    LookupResult fastResult;
-    if (operations->size() && executeResolveOperations(callFrame, callFrame->scope(), identifier, operations->data(), fastResult)) {
-        ASSERT(fastResult.base());
-        ASSERT(fastResult.value());
-        ASSERT(!callFrame->hadException());
-        *base = fastResult.base();
-        return fastResult.value();
+    }
-    if (callFrame->hadException())
-        return JSValue();
-    PropertySlot slot;
-    if (JSObject* propertyBase = JSScope::resolveContainingScope<ReturnBaseAndValue>(callFrame, identifier, slot, operations, putToBaseOperations, false)) {
-        ASSERT(operations->size());
-        JSValue value = slot.getValue(callFrame, identifier);
-        if (callFrame->vm().exception)
-            return JSValue();
-        *base = propertyBase;
-        return value;
+    }
-    ASSERT(operations->size());
-    return throwError(callFrame, createUndefinedVariableError(callFrame, identifier));
+}
-JSValue JSScope::resolveWithThis(CallFrame* callFrame, const Identifier& identifier, Register* base, ResolveOperations* operations)
+{
-    ASSERT(operations);
-    LookupResult fastResult;
-    if (operations->size() && executeResolveOperations(callFrame, callFrame->scope(), identifier, operations->data(), fastResult)) {
-        ASSERT(fastResult.base());
-        ASSERT(fastResult.value());
-        ASSERT(!callFrame->hadException());
-        *base = fastResult.base();
-        return fastResult.value();
+    }
-    if (callFrame->hadException())
-        return JSValue();
-    PropertySlot slot;
-    if (JSObject* propertyBase = JSScope::resolveContainingScope<ReturnThisAndValue>(callFrame, identifier, slot, operations, 0, false)) {
-        ASSERT(operations->size());
-        JSValue value = slot.getValue(callFrame, identifier);
-        if (callFrame->vm().exception)
-            return JSValue();
-        ASSERT(value);
-        *base = JSValue(propertyBase);
-        return value;
+    }
-    ASSERT(operations->size());
-    return throwError(callFrame, createUndefinedVariableError(callFrame, identifier));
+}
-void JSScope::resolvePut(CallFrame* callFrame, JSValue base, const Identifier& property, JSValue value, PutToBaseOperation* operation)
+{
-    ASSERT_UNUSED(operation, operation);
-    ASSERT(base);
-    ASSERT(value);
-    switch (operation->m_kind) {
-    case PutToBaseOperation::Uninitialised:
-        CRASH();
-    case PutToBaseOperation::Readonly:
-        return;
-    case PutToBaseOperation::GlobalVariablePutChecked:
-        if (*operation->m_predicatePointer)
-            goto genericHandler;
-    case PutToBaseOperation::GlobalVariablePut:
-        if (operation->m_isDynamic) {
-            JSObject* baseObject = jsCast<JSObject*>(base);
-            if (baseObject != callFrame->lexicalGlobalObject()) {
-                if (baseObject->isGlobalObject())
-                    ASSERT(!jsCast<JSGlobalObject*>(baseObject)->assertRegisterIsInThisObject(operation->m_registerAddress));
-                goto genericHandler;
+            }
+        }
-        operation->m_registerAddress->set(callFrame->vm(), base.asCell(), value);
-        return;
-    case PutToBaseOperation::VariablePut: {
-        if (operation->m_isDynamic) {
-            JSObject* baseObject = jsCast<JSObject*>(base);
-            if (baseObject->structure() != operation->m_structure.get())
-                goto genericHandler;
+        }
-        JSVariableObject* variableObject = jsCast<JSVariableObject*>(base);
-        variableObject->registerAt(operation->m_offset).set(callFrame->vm(), variableObject, value);
-        return;
+    }
-    case PutToBaseOperation::GlobalPropertyPut: {
-        JSObject* object = jsCast<JSObject*>(base);
-        if (operation->m_structure.get() != object->structure())
-            break;
-        object->putDirect(callFrame->vm(), operation->m_offset, value);
-        return;
+    }
-    genericHandler:
-    case PutToBaseOperation::Generic:
-        PutPropertySlot slot(operation->m_isStrict);
-        base.put(callFrame, property, value, slot);
-        return;
+    }
-    ASSERT(operation->m_kind == PutToBaseOperation::GlobalPropertyPut);
-    PutPropertySlot slot(operation->m_isStrict);
-    base.put(callFrame, property, value, slot);
-    if (!slot.isCacheable())
-        return;
-    if (callFrame->hadException())
-        return;
-    JSObject* baseObject = jsCast<JSObject*>(base);
-    if (!baseObject->structure()->propertyAccessesAreCacheable())
-        return;
-    if (slot.base() != callFrame->lexicalGlobalObject())
-        return;
-    if (slot.base() != baseObject)
-        return;
-    ASSERT(!baseObject->hasInlineStorage());
-    ConcurrentJITLocker locker(callFrame->codeBlock()->m_lock);
-    operation->m_structure.set(callFrame->vm(), callFrame->codeBlock()->ownerExecutable(), baseObject->structure());
-    setPutPropertyAccessOffset(operation, slot.cachedOffset());
-    return;
+}
-JSValue JSScope::resolveGlobal(CallFrame* callFrame, const Identifier& identifier, JSGlobalObject* globalObject, ResolveOperation* resolveOperation)
+{
-    ASSERT(resolveOperation);
-    ASSERT(resolveOperation->m_operation == ResolveOperation::GetAndReturnGlobalProperty);
-    ASSERT_UNUSED(globalObject, callFrame->lexicalGlobalObject() == globalObject);
-    LookupResult fastResult;
-    if (executeResolveOperations(callFrame, callFrame->scope(), identifier, resolveOperation, fastResult)) {
-        ASSERT(fastResult.value());
-        ASSERT(!callFrame->hadException());
-        return fastResult.value();
+    }
-    if (callFrame->hadException())
-        return JSValue();
-    return throwError(callFrame, createUndefinedVariableError(callFrame, identifier));
+}
 } // namespace JSC

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 153221 in webkit for trunk/Source/JavaScriptCore/runtime/JSScope.cpp

Legend:

trunk/Source/JavaScriptCore/runtime/JSScope.cpp

Download in other formats: