Changeset 164630 in webkit for trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

Timestamp:

Feb 24, 2014, 10:59:38 PM (12 years ago)

Author:

[email protected]

Message:

Spread operator has a bad time when applied to call function
​https://bugs.webkit.org/show_bug.cgi?id=128853

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Follow on from the previous patch the added an extra slot to
op_call_varargs (and _call, _call_eval, _construct). We now
use the slot as an offset to in effect act as a 'slice' on
the spread subject. This allows us to automatically retain
all our existing argument and array optimisatons. Most of
this patch is simply threading the offset around.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargs):

• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp:

(JSC::getArgumentByVal):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):

• interpreter/Interpreter.cpp:

(JSC::sizeFrameForVarargs):
(JSC::loadVarargs):

• interpreter/Interpreter.h:
• jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

• jit/JIT.h:
• jit/JITCall.cpp:

(JSC::JIT::compileLoadVarargs):

• jit/JITInlines.h:

(JSC::JIT::callOperation):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• runtime/Arguments.cpp:

(JSC::Arguments::copyToArguments):

• runtime/Arguments.h:
• runtime/JSArray.cpp:

(JSC::JSArray::copyToArguments):

• runtime/JSArray.h:

LayoutTests:

Test case all the things!

• js/regress/call-spread-call-expected.txt: Added.
• js/regress/call-spread-call.html: Added.
• js/regress/script-tests/call-spread-call.js: Added.

(testFunction):
(test2):
(test3):

File:

• trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (4 diffs)

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -530 +530 @@
 }
 
+static RegisterID* getArgumentByVal(BytecodeGenerator& generator, ExpressionNode* base, RegisterID* property, RegisterID* dst, JSTextPosition divot, JSTextPosition divotStart, JSTextPosition divotEnd)
+{
+    if (base->isResolveNode()
+        && generator.willResolveToArguments(static_cast<ResolveNode*>(base)->identifier())
+        && !generator.symbolTable().slowArguments()) {
+        generator.emitExpressionInfo(divot, divotStart, divotEnd);
+        return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedRegisterForArguments(), property);
+    }
+    return nullptr;
+}
+
 RegisterID* CallFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
 {
@@ -536 +547 @@
     RefPtr<RegisterID> base = generator.emitNode(m_base);
     generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd());
-    RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), generator.propertyNames().call);
-    RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get());
+    RefPtr<RegisterID> function;
     bool emitCallCheck = !generator.isBuiltinFunction();
-    if (emitCallCheck)
+    if (emitCallCheck) {
+        function = generator.emitGetById(generator.tempDestination(dst), base.get(), generator.propertyNames().call);
         generator.emitJumpIfNotFunctionCall(function.get(), realCall.get());
-
+    }
+    RefPtr<RegisterID> returnValue = generator.finalDestination(dst);
     {
-        if (m_args->m_listNode && m_args->m_listNode->m_expr) {
+        if (m_args->m_listNode && m_args->m_listNode->m_expr && m_args->m_listNode->m_expr->isSpreadExpression()) {
+            RefPtr<RegisterID> profileHookRegister;
+            if (generator.shouldEmitProfileHooks())
+                profileHookRegister = generator.newTemporary();
+            SpreadExpressionNode* spread = static_cast<SpreadExpressionNode*>(m_args->m_listNode->m_expr);
+            ExpressionNode* subject = spread->expression();
+            RefPtr<RegisterID> thisRegister = getArgumentByVal(generator, subject, generator.emitLoad(0, jsNumber(0)), 0, spread->divot(), spread->divotStart(), spread->divotEnd());
+            RefPtr<RegisterID> argumentsRegister;
+            if (thisRegister)
+                argumentsRegister = generator.uncheckedRegisterForArguments();
+            else {
+                argumentsRegister = generator.emitNode(subject);
+                generator.emitExpressionInfo(spread->divot(), spread->divotStart(), spread->divotEnd());
+                thisRegister = generator.emitGetByVal(generator.newTemporary(), argumentsRegister.get(), generator.emitLoad(0, jsNumber(0)));
+            }
+            generator.emitCallVarargs(returnValue.get(), base.get(), thisRegister.get(), argumentsRegister.get(), generator.newTemporary(), 1, profileHookRegister.get(), divot(), divotStart(), divotEnd());
+        } else if (m_args->m_listNode && m_args->m_listNode->m_expr) {
             ArgumentListNode* oldList = m_args->m_listNode;
             m_args->m_listNode = m_args->m_listNode->m_next;
@@ -630 +658 @@
         RefPtr<RegisterID> argsRegister;
         ArgumentListNode* args = m_args->m_listNode->m_next;
-        if (args->m_expr->isResolveNode() && generator.willResolveToArguments(static_cast<ResolveNode*>(args->m_expr)->identifier()))
+        if (args->m_expr->isResolveNode() && generator.willResolveToArguments(static_cast<ResolveNode*>(args->m_expr)->identifier()) && !generator.symbolTable().slowArguments())
             argsRegister = generator.uncheckedRegisterForArguments();
         else
@@ -640 +668 @@
             generator.emitNode(args->m_expr);
 
-        generator.emitCallVarargs(returnValue.get(), realFunction.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), profileHookRegister.get(), divot(), divotStart(), divotEnd());
+        generator.emitCallVarargs(returnValue.get(), realFunction.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), 0, profileHookRegister.get(), divot(), divotStart(), divotEnd());
     }
     if (emitCallCheck) {