Context Navigation

← Previous Change
Next Change →

bytecompiler

Timestamp:

Oct 2, 2014, 1:35:58 PM (11 years ago)

Author:

Message:

Do all closed variable access through the local lexical object
https://bugs.webkit.org/show_bug.cgi?id=136869

Reviewed by Filip Pizlo.

This patch makes all reads and writes from captured registers
go through the lexical record, and by doing so removes the
need for record tearoff.

To keep the patch simple we still number variables as though
they are local stack allocated registers, but ::local() will
fail. When local fails we perform a generic resolve, and in
that resolve we now use a ResolveScopeInfo struct to pass
around information about whether a lookup is a statically
known captured variable, and its location in the activation.
To ensure correct behaviour during codeblock linking we also
add a LocalClosureVariable resolution type.

To ensure correct semantics for the Arguments object, we now
have to eagerly create the Arguments object for any function
that uses both the Arguments object and requires a lexical
record.

bytecode/BytecodeList.json:
bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeCapturedVariable):

During the entry to a function we are not yet in a position
to allocate temporaries so we directly use the lexical
environment register.

(JSC::BytecodeGenerator::resolveCallee):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::local):
(JSC::BytecodeGenerator::constLocal):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitResolveConstantLocal):

The two resolve scope operations could technically skip
the op_resolve_scope, and simply perform

op_mov dst, recordRegister

but for now it seemed best to maintain the same basic
behaviour.

(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::createArgumentsIfNecessary):

If we have an environment we've already created Arguments
so no need to check again.

(JSC::BytecodeGenerator::emitReturn):

Don't need to emit tearoff_environment

bytecompiler/BytecodeGenerator.h:

(JSC::Local::Local):
(JSC::Local::operator bool):
(JSC::Local::get):
(JSC::Local::isReadOnly):
(JSC::Local::isSpecial):
(JSC::ResolveScopeInfo::ResolveScopeInfo):
(JSC::ResolveScopeInfo::isLocal):
(JSC::ResolveScopeInfo::localIndex):
(JSC::BytecodeGenerator::shouldCreateArgumentsEagerly):
(JSC::Local::isCaptured): Deleted.
(JSC::Local::captureMode): Deleted.

bytecompiler/NodesCodegen.cpp:

(JSC::ResolveNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::EmptyVarExpression::emitBytecode):
(JSC::ForInNode::tryGetBoundLocal):
(JSC::ForInNode::emitLoopHeader):
(JSC::ForOfNode::emitBytecode):
(JSC::BindingNode::bindValue):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::tryGetRegisters):

dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

interpreter/Interpreter.cpp:

(JSC::unwindCallFrame):

jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

jit/JIT.h:
jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_captured_mov): Deleted.
(JSC::JIT::emit_op_tear_off_lexical_environment): Deleted.
(JSC::JIT::emitSlow_op_captured_mov): Deleted.

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_captured_mov): Deleted.
(JSC::JIT::emit_op_tear_off_lexical_environment): Deleted.

jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):

llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

llint/LLIntSlowPaths.h:
llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/Arguments.cpp:

(JSC::Arguments::tearOff):

runtime/Arguments.h:

(JSC::Arguments::argument):

runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL): Deleted.

runtime/CommonSlowPaths.h:
runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::visitChildren):
(JSC::JSLexicalEnvironment::symbolTableGet):
(JSC::JSLexicalEnvironment::symbolTablePut):
(JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
(JSC::JSLexicalEnvironment::getOwnPropertySlot):
(JSC::JSLexicalEnvironment::argumentsGetter):

runtime/JSLexicalEnvironment.h:

(JSC::JSLexicalEnvironment::create):
(JSC::JSLexicalEnvironment::JSLexicalEnvironment):
(JSC::JSLexicalEnvironment::tearOff): Deleted.
(JSC::JSLexicalEnvironment::isTornOff): Deleted.

runtime/JSScope.cpp:

(JSC::resolveTypeName):

runtime/JSScope.h:

(JSC::makeType):
(JSC::needsVarInjectionChecks):

runtime/WriteBarrier.h:

(JSC::WriteBarrier<Unknown>::WriteBarrier):

Location:

trunk/Source/JavaScriptCore/bytecompiler

Files:

: 3 edited

BytecodeGenerator.cpp (modified) (19 diffs)
BytecodeGenerator.h (modified) (6 diffs)
NodesCodegen.cpp (modified) (22 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

-              r174216
+              r174226
     if (m_codeBlock->needsFullScopeChain() || m_shouldEmitDebugHooks) {
         m_lexicalEnvironmentRegister = addVar();
-        emitInitLazyRegister(m_lexicalEnvironmentRegister);
         m_codeBlock->setActivationRegister(m_lexicalEnvironmentRegister->virtualRegister());
         emitOpcode(op_create_lexical_environment);
 …
         emitInitLazyRegister(unmodifiedArgumentsRegister);
         if (shouldTearOffArgumentsEagerly()) {
+        if (shouldCreateArgumentsEagerly() || shouldTearOffArgumentsEagerly()) {
             emitOpcode(op_create_arguments);
             instructions().append(argumentsRegister->index());
+            if (m_codeBlock->hasActivationRegister()) {
+                RegisterID* argumentsRegister = &registerFor(m_codeBlock->argumentsRegister().offset());
+                initializeCapturedVariable(argumentsRegister, propertyNames().arguments, argumentsRegister);
+                RegisterID* uncheckedArgumentsRegister = &registerFor(JSC::unmodifiedArgumentsRegister(m_codeBlock->argumentsRegister()).offset());
+                initializeCapturedVariable(uncheckedArgumentsRegister, propertyNames().arguments, uncheckedArgumentsRegister);
+            }
+        }
+    }
 …
     // Captured variables and functions go first so that activations don't have
     // to step over the non-captured locals to mark them.
     if (functionBody->hasCapturedVariables()) {
+    if (functionBody->hasCapturedVariables() || shouldCaptureAllTheThings) {
         for (size_t i = 0; i < boundParameterProperties.size(); i++) {
             const Identifier& ident = boundParameterProperties[i];
             if (functionBody->captures(ident))
+            if (functionBody->captures(ident) || shouldCaptureAllTheThings)
                 addVar(ident, IsVariable, IsWatchable);
+        }
 …
             FunctionBodyNode* function = functionStack[i];
             const Identifier& ident = function->ident();
             if (functionBody->captures(ident)) {
+            if (functionBody->captures(ident) || shouldCaptureAllTheThings) {
                 m_functions.add(ident.impl());
+                emitNewFunction(addVar(ident, IsVariable, IsWatchable), IsCaptured, function);
+                // We rely on still allocating stack space for captured variables
+                // here.
+                RegisterID* newFunction = emitNewFunction(addVar(ident, IsVariable, IsWatchable), IsCaptured, function);
+                initializeCapturedVariable(newFunction, ident, newFunction);
+            }
+        }
         for (size_t i = 0; i < varStack.size(); ++i) {
             const Identifier& ident = varStack[i].first;
             if (functionBody->captures(ident))
+            if (functionBody->captures(ident) || shouldCaptureAllTheThings)
                 addVar(ident, (varStack[i].second & DeclarationStacks::IsConstant) ? IsConstant : IsVariable, IsWatchable);
+        }
 …
     bool canLazilyCreateFunctions = !functionBody->needsActivationForMoreThanVariables() && !m_shouldEmitDebugHooks && !m_vm->typeProfiler();
     m_firstLazyFunction = codeBlock->m_numVars;
+    for (size_t i = 0; i < functionStack.size(); ++i) {
+        FunctionBodyNode* function = functionStack[i];
+        const Identifier& ident = function->ident();
+        if (!functionBody->captures(ident)) {
+            m_functions.add(ident.impl());
+            RefPtr<RegisterID> reg = addVar(ident, IsVariable, NotWatchable);
+            // Don't lazily create functions that override the name 'arguments'
+            // as this would complicate lazy instantiation of actual arguments.
+            if (!canLazilyCreateFunctions || ident == propertyNames().arguments)
+                emitNewFunction(reg.get(), NotCaptured, function);
+            else {
+                emitInitLazyRegister(reg.get());
+                m_lazyFunctions.set(reg->virtualRegister().toLocal(), function);
+    if (!shouldCaptureAllTheThings) {
+        for (size_t i = 0; i < functionStack.size(); ++i) {
+            FunctionBodyNode* function = functionStack[i];
+            const Identifier& ident = function->ident();
+            if (!functionBody->captures(ident)) {
+                m_functions.add(ident.impl());
+                RefPtr<RegisterID> reg = addVar(ident, IsVariable, NotWatchable);
+                // Don't lazily create functions that override the name 'arguments'
+                // as this would complicate lazy instantiation of actual arguments.
+                if (!canLazilyCreateFunctions || ident == propertyNames().arguments)
+                    emitNewFunction(reg.get(), NotCaptured, function);
+                else {
+                    emitInitLazyRegister(reg.get());
+                    m_lazyFunctions.set(reg->virtualRegister().toLocal(), function);
+                }
+            }
+        }
+    }
+    m_lastLazyFunction = canLazilyCreateFunctions ? codeBlock->m_numVars : m_firstLazyFunction;
+    for (size_t i = 0; i < boundParameterProperties.size(); i++) {
+        const Identifier& ident = boundParameterProperties[i];
+        if (!functionBody->captures(ident))
+            addVar(ident, IsVariable, IsWatchable);
+    }
+    for (size_t i = 0; i < varStack.size(); ++i) {
+        const Identifier& ident = varStack[i].first;
+        if (!functionBody->captures(ident))
+            addVar(ident, (varStack[i].second & DeclarationStacks::IsConstant) ? IsConstant : IsVariable, NotWatchable);
+    }
+    if (shouldCaptureAllTheThings)
+        m_symbolTable->setCaptureEnd(virtualRegisterForLocal(codeBlock->m_numVars).offset());
+        m_lastLazyFunction = canLazilyCreateFunctions ? codeBlock->m_numVars : m_firstLazyFunction;
+        for (size_t i = 0; i < boundParameterProperties.size(); i++) {
+            const Identifier& ident = boundParameterProperties[i];
+            if (!functionBody->captures(ident))
+                addVar(ident, IsVariable, IsWatchable);
+        }
+        for (size_t i = 0; i < varStack.size(); ++i) {
+            const Identifier& ident = varStack[i].first;
+            if (!functionBody->captures(ident))
+                addVar(ident, (varStack[i].second & DeclarationStacks::IsConstant) ? IsConstant : IsVariable, NotWatchable);
+        }
+    }
     if (m_symbolTable->captureCount())
 …
             index = capturedArguments[i]->index();
             RegisterID original(nextParameterIndex);
             emitMove(capturedArguments[i], &original);
+            initializeCapturedVariable(capturedArguments[i], simpleParameter->boundProperty(), &original);
+        }
         addParameter(simpleParameter->boundProperty(), index);
 …
+}
+RegisterID* BytecodeGenerator::initializeCapturedVariable(RegisterID* dst, const Identifier& propertyName, RegisterID* value)
+{
+    m_codeBlock->addPropertyAccessInstruction(instructions().size());
+    emitOpcode(op_put_to_scope);
+    instructions().append(m_lexicalEnvironmentRegister->index());
+    instructions().append(addConstant(propertyName));
+    instructions().append(value->index());
+    instructions().append(ResolveModeAndType(ThrowIfNotFound, LocalClosureVar).operand());
+    instructions().append(0);
+    instructions().append(dst->index());
+    return dst;
+}
 RegisterID* BytecodeGenerator::resolveCallee(FunctionBodyNode* functionBodyNode)
+{
 …
     m_calleeRegister.setIndex(JSStack::Callee);
     if (functionBodyNode->captures(functionBodyNode->ident()))
         return emitMove(addVar(), IsCaptured, &m_calleeRegister);
+        return initializeCapturedVariable(addVar(), functionBodyNode->ident(), &m_calleeRegister);
     return &m_calleeRegister;
 …
+}
 RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, CaptureMode captureMode, RegisterID* src)
+RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, RegisterID* src)
+{
     m_staticPropertyAnalyzer.mov(dst->index(), src->index());
     emitOpcode(captureMode == IsCaptured ? op_captured_mov : op_mov);
+    ASSERT(dst->virtualRegister() == m_codeBlock->argumentsRegister() || !isCaptured(dst->index()));
+    emitOpcode(op_mov);
     instructions().append(dst->index());
     instructions().append(src->index());
-    if (captureMode == IsCaptured)
-        instructions().append(watchableVariable(dst->index()));
     if (!dst->isTemporary() && vm()->typeProfiler())
 …
     return dst;
+}
-RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, RegisterID* src)
+{
-    return emitMove(dst, captureMode(dst->index()), src);
+}
 …
+{
     if (property == propertyNames().thisIdentifier)
         return Local(thisRegister(), ReadOnly, NotCaptured);
     if (property == propertyNames().arguments)
+        return Local(thisRegister(), ReadOnly, Local::SpecialLocal);
+    bool isArguments = property == propertyNames().arguments;
+    if (isArguments)
         createArgumentsIfNecessary();
 …
         return Local();
     RegisterID* local = createLazyRegisterIfNecessary(&registerFor(entry.getIndex()));
+    return Local(local, entry.getAttributes(), captureMode(local->index()));
+    if (isCaptured(local->index()) && m_lexicalEnvironmentRegister)
+        return Local();
+    return Local(local, entry.getAttributes(), isArguments ? Local::SpecialLocal : Local::NormalLocal);
+}
 …
     RegisterID* local = createLazyRegisterIfNecessary(&registerFor(entry.getIndex()));
+    return Local(local, entry.getAttributes(), captureMode(local->index()));
+    bool isArguments = property == propertyNames().arguments;
+    if (isCaptured(local->index()) && m_lexicalEnvironmentRegister)
+        return Local();
+    return Local(local, entry.getAttributes(), isArguments ? Local::SpecialLocal : Local::NormalLocal);
+}
 …
+}
 RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Identifier& identifier)
+RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Identifier& identifier, ResolveScopeInfo& info)
+{
     m_codeBlock->addPropertyAccessInstruction(instructions().size());
+    if (m_symbolTable && m_codeType == FunctionCode && !m_localScopeDepth) {
+        SymbolTableEntry entry = m_symbolTable->get(identifier.impl());
+        if (!entry.isNull()) {
+            emitOpcode(op_resolve_scope);
+            instructions().append(kill(dst));
+            instructions().append(addConstant(identifier));
+            instructions().append(LocalClosureVar);
+            instructions().append(0);
+            instructions().append(0);
+            info = ResolveScopeInfo(entry.getIndex());
+            return dst;
+        }
+    }
     ASSERT(!m_symbolTable || !m_symbolTable->contains(identifier.impl()) || resolveType() == Dynamic);
 …
+}
+RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier& identifier, ResolveMode resolveMode)
+RegisterID* BytecodeGenerator::emitResolveConstantLocal(RegisterID* dst, const Identifier& identifier, ResolveScopeInfo& info)
+{
+    if (!m_symbolTable || m_codeType != FunctionCode)
+        return nullptr;
+    SymbolTableEntry entry = m_symbolTable->get(identifier.impl());
+    if (entry.isNull())
+        return nullptr;
+    info = ResolveScopeInfo(entry.getIndex());
+    return emitMove(dst, m_lexicalEnvironmentRegister);
+}
+RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier& identifier, ResolveMode resolveMode, const ResolveScopeInfo& info)
+{
     m_codeBlock->addPropertyAccessInstruction(instructions().size());
 …
     instructions().append(scope->index());
     instructions().append(addConstant(identifier));
     instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand());
+    instructions().append(ResolveModeAndType(resolveMode, info.isLocal() ? LocalClosureVar : resolveType()).operand());
     instructions().append(0);
     instructions().append(0);
+    instructions().append(info.localIndex());
     instructions().append(profile);
     return dst;
+}
 RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Identifier& identifier, RegisterID* value, ResolveMode resolveMode)
+RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Identifier& identifier, RegisterID* value, ResolveMode resolveMode, const ResolveScopeInfo& info)
+{
     m_codeBlock->addPropertyAccessInstruction(instructions().size());
 …
     instructions().append(addConstant(identifier));
     instructions().append(value->index());
+    instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand());
+    instructions().append(0);
+    instructions().append(0);
+    if (info.isLocal()) {
+        instructions().append(ResolveModeAndType(resolveMode, LocalClosureVar).operand());
+        instructions().append(watchableVariable(registerFor(info.localIndex()).index()));
+    } else {
+        instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand());
+        instructions().append(0);
+    }
+    instructions().append(info.localIndex());
     return value;
+}
 …
         return;
     if (shouldTearOffArgumentsEagerly())
+    if (shouldTearOffArgumentsEagerly() || shouldCreateArgumentsEagerly())
         return;
 …
 RegisterID* BytecodeGenerator::emitReturn(RegisterID* src)
+{
-    if (m_lexicalEnvironmentRegister) {
-        emitOpcode(op_tear_off_lexical_environment);
-        instructions().append(m_lexicalEnvironmentRegister->index());
+    }
     if (m_codeBlock->usesArguments() && m_codeBlock->numParameters() != 1 && !isStrictMode()) {
         emitOpcode(op_tear_off_arguments);

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

-              r173517
+              r174226
             : m_local(0)
             , m_attributes(0)
+        {
+        }
+        Local(RegisterID* local, unsigned attributes, CaptureMode captureMode)
+            , m_kind(NormalLocal)
+        {
+        }
+        enum LocalKind { NormalLocal, SpecialLocal };
+        Local(RegisterID* local, unsigned attributes, LocalKind kind)
             : m_local(local)
             , m_attributes(attributes)
+            , m_isCaptured(captureMode == IsCaptured)
+        {
+        }
+        operator bool() { return m_local; }
+        RegisterID* get() { return m_local; }
+        bool isReadOnly() { return m_attributes & ReadOnly; }
+        bool isCaptured() { return m_isCaptured; }
+        CaptureMode captureMode() { return isCaptured() ? IsCaptured : NotCaptured; }
+            , m_kind(kind)
+        {
+        }
+        operator bool() const { return m_local; }
+        RegisterID* get() const { return m_local; }
+        bool isReadOnly() const { return m_attributes & ReadOnly; }
+        bool isSpecial() const { return m_kind != NormalLocal; }
     private:
         RegisterID* m_local;
         unsigned m_attributes;
+        bool m_isCaptured;
+        LocalKind m_kind;
+    };
+    struct ResolveScopeInfo {
+        ResolveScopeInfo()
+            : m_localIndex(0)
+            , m_resolveScopeKind(NonLocalScope)
+        {
+        }
+        ResolveScopeInfo(int index)
+            : m_localIndex(index)
+            , m_resolveScopeKind(LocalScope)
+        {
+        }
+        bool isLocal() const { return m_resolveScopeKind == LocalScope; }
+        int localIndex() const { return m_localIndex; }
+    private:
+        int m_localIndex;
+        enum { LocalScope, NonLocalScope } m_resolveScopeKind;
     };
 …
         ProfileTypeBytecodePutToScope,
         ProfileTypeBytecodeGetFromScope,
+        ProfileTypeBytecodePutToLocalScope,
+        ProfileTypeBytecodeGetFromLocalScope,
         ProfileTypeBytecodeHasGlobalID,
         ProfileTypeBytecodeDoesNotHaveGlobalID,
 …
         RegisterID* emitNewRegExp(RegisterID* dst, RegExp*);
-        RegisterID* emitMove(RegisterID* dst, CaptureMode, RegisterID* src);
         RegisterID* emitMove(RegisterID* dst, RegisterID* src);
 …
         ResolveType resolveType();
+        RegisterID* emitResolveScope(RegisterID* dst, const Identifier&);
+        RegisterID* emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier&, ResolveMode);
+        RegisterID* emitPutToScope(RegisterID* scope, const Identifier&, RegisterID* value, ResolveMode);
+        RegisterID* emitResolveConstantLocal(RegisterID* dst, const Identifier&, ResolveScopeInfo&);
+        RegisterID* emitResolveScope(RegisterID* dst, const Identifier&, ResolveScopeInfo&);
+        RegisterID* emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier&, ResolveMode, const ResolveScopeInfo&);
+        RegisterID* emitPutToScope(RegisterID* scope, const Identifier&, RegisterID* value, ResolveMode, const ResolveScopeInfo&);
         PassRefPtr<Label> emitLabel(Label*);
 …
         RegisterID* emitConstructVarargs(RegisterID* dst, RegisterID* func, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd);
         RegisterID* emitCallVarargs(OpcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd);
+        RegisterID* initializeCapturedVariable(RegisterID* dst, const Identifier&, RegisterID*);
     public:
         JSString* addStringConstant(const Identifier&);
 …
+        {
             return m_codeType == FunctionCode && isStrictMode() && m_scopeNode->modifiesParameter();
+        }
+        bool shouldCreateArgumentsEagerly()
+        {
+            if (m_codeType != FunctionCode)
+                return false;
+            return m_lexicalEnvironmentRegister && m_codeBlock->usesArguments();
+        }

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

-              r173125
+              r174226
     JSTextPosition divot = m_start + m_ident.length();
     generator.emitExpressionInfo(divot, m_start, divot);
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident, resolveScopeInfo);
     RegisterID* finalDest = generator.finalDestination(dst);
     RegisterID* result = generator.emitGetFromScope(finalDest, scope.get(), m_ident, ThrowIfNotFound);
+    RegisterID* result = generator.emitGetFromScope(finalDest, scope.get(), m_ident, ThrowIfNotFound, resolveScopeInfo);
     if (generator.vm()->typeProfiler()) {
         generator.emitProfileType(finalDest, ProfileTypeBytecodeGetFromScope, &m_ident);
+        generator.emitProfileType(finalDest, resolveScopeInfo.isLocal() ? ProfileTypeBytecodeGetFromLocalScope : ProfileTypeBytecodeGetFromScope, &m_ident);
         generator.emitTypeProfilerExpressionInfo(m_position, JSTextPosition(-1, m_position.offset + m_ident.length(), -1));
+    }
 …
     JSTextPosition newDivot = divotStart() + 4;
     generator.emitExpressionInfo(newDivot, divotStart(), newDivot);
+    generator.emitResolveScope(callArguments.thisRegister(), generator.propertyNames().eval);
+    generator.emitGetFromScope(func.get(), callArguments.thisRegister(), generator.propertyNames().eval, ThrowIfNotFound);
+    ResolveScopeInfo resolveScopeInfo;
+    generator.emitResolveScope(callArguments.thisRegister(), generator.propertyNames().eval, resolveScopeInfo);
+    generator.emitGetFromScope(func.get(), callArguments.thisRegister(), generator.propertyNames().eval, ThrowIfNotFound, resolveScopeInfo);
     return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd());
+}
 …
     JSTextPosition newDivot = divotStart() + m_ident.length();
     generator.emitExpressionInfo(newDivot, divotStart(), newDivot);
+    generator.emitResolveScope(callArguments.thisRegister(), m_ident);
+    generator.emitGetFromScope(func.get(), callArguments.thisRegister(), m_ident, ThrowIfNotFound);
+    ResolveScopeInfo resolveScopeInfo;
+    generator.emitResolveScope(callArguments.thisRegister(), m_ident, resolveScopeInfo);
+    generator.emitGetFromScope(func.get(), callArguments.thisRegister(), m_ident, ThrowIfNotFound, resolveScopeInfo);
     RegisterID* ret = generator.emitCall(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd());
     if (generator.vm()->typeProfiler()) {
 …
             generator.emitReadOnlyExceptionIfNeeded();
             localReg = generator.emitMove(generator.tempDestination(dst), localReg);
         } else if (local.isCaptured() || generator.vm()->typeProfiler()) {
+        } else if (generator.vm()->typeProfiler()) {
             RefPtr<RegisterID> tempDst = generator.finalDestination(dst);
             ASSERT(dst != localReg);
 …
     generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), ident);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), ident, resolveScopeInfo);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound, resolveScopeInfo);
     RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), value.get(), m_operator);
     generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound);
+    generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound, resolveScopeInfo);
     if (generator.vm()->typeProfiler()) {
         generator.emitProfileType(value.get(), ProfileTypeBytecodePutToScope, &ident);
+        generator.emitProfileType(value.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
         generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
+    }
 …
     generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
+    RefPtr<RegisterID> base = generator.emitResolveScope(generator.tempDestination(dst), m_ident);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> base = generator.emitResolveScope(generator.tempDestination(dst), m_ident, resolveScopeInfo);
     return generator.emitDeleteById(generator.finalDestination(dst, base.get()), base.get(), m_ident);
+}
 …
+    }
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident, resolveScopeInfo);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound, resolveScopeInfo);
     if (dst == generator.ignoredResult())
         return 0;
 …
             generator.emitReadOnlyExceptionIfNeeded();
             localReg = generator.emitMove(generator.tempDestination(dst), localReg);
         } else if (local.isCaptured() || generator.vm()->typeProfiler()) {
+        } else if (generator.vm()->typeProfiler()) {
             RefPtr<RegisterID> tempDst = generator.tempDestination(dst);
             generator.emitMove(tempDst.get(), localReg);
 …
     generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), ident);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), ident, resolveScopeInfo);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound, resolveScopeInfo);
     emitIncOrDec(generator, value.get(), m_operator);
     generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound);
+    generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound, resolveScopeInfo);
     if (generator.vm()->typeProfiler()) {
         generator.emitProfileType(value.get(), ProfileTypeBytecodePutToScope, &ident);
+        generator.emitProfileType(value.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &ident);
         generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
+    }
 …
+        }
+        if (local.isCaptured()
+            || generator.vm()->typeProfiler()
+        if (generator.vm()->typeProfiler()
             || generator.leftHandSideNeedsCopy(m_rightHasAssignments, m_right->isPure(generator))) {
             RefPtr<RegisterID> result = generator.newTemporary();
 …
     generator.emitExpressionInfo(newDivot, divotStart(), newDivot);
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, ThrowIfNotFound);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident, resolveScopeInfo);
+    RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, ThrowIfNotFound, resolveScopeInfo);
     RefPtr<RegisterID> result = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()), this);
     RegisterID* returnResult = generator.emitPutToScope(scope.get(), m_ident, result.get(), ThrowIfNotFound);
+    RegisterID* returnResult = generator.emitPutToScope(scope.get(), m_ident, result.get(), ThrowIfNotFound, resolveScopeInfo);
     if (generator.vm()->typeProfiler()) {
         generator.emitProfileType(result.get(), ProfileTypeBytecodePutToScope, &m_ident);
+        generator.emitProfileType(result.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_ident);
         generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
+    }
 …
             return generator.emitNode(dst, m_right);
+        }
         if (local.isCaptured() || generator.vm()->typeProfiler()) {
+        if (local.isSpecial() || generator.vm()->typeProfiler()) {
             RefPtr<RegisterID> tempDst = generator.tempDestination(dst);
             generator.emitNode(tempDst.get(), m_right);
 …
     if (generator.isStrictMode())
         generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident, resolveScopeInfo);
     if (dst == generator.ignoredResult())
         dst = 0;
     RefPtr<RegisterID> result = generator.emitNode(dst, m_right);
     generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
     RegisterID* returnResult = generator.emitPutToScope(scope.get(), m_ident, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
+    RegisterID* returnResult = generator.emitPutToScope(scope.get(), m_ident, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
     if (generator.vm()->typeProfiler()) {
         generator.emitProfileType(result.get(), ProfileTypeBytecodePutToScope, &m_ident);
+        generator.emitProfileType(result.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_ident);
         generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
+    }
 …
         // FIXME: Maybe call emitExpressionInfo here.
         if (local.isCaptured() || generator.vm()->typeProfiler()) {
+        if (local.isSpecial() || generator.vm()->typeProfiler()) {
             RefPtr<RegisterID> tempDst = generator.newTemporary();
             generator.emitNode(tempDst.get(), m_init);
 …
         return generator.emitInitGlobalConst(m_ident, value.get());
+    if (generator.codeType() != EvalCode)
+    if (generator.codeType() != EvalCode) {
+        ResolveScopeInfo resolveScopeInfo;
+        if (RefPtr<RegisterID> scope = generator.emitResolveConstantLocal(generator.newTemporary(), m_ident, resolveScopeInfo))
+            return generator.emitPutToScope(scope.get(), m_ident, value.get(), DoNotThrowIfNotFound, resolveScopeInfo);
         return value.get();
+    }
     // FIXME: This will result in incorrect assignment if m_ident exists in an intervening with scope.
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident);
+    return generator.emitPutToScope(scope.get(), m_ident, value.get(), DoNotThrowIfNotFound);
+    ResolveScopeInfo resolveScopeInfo;
+    RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident, resolveScopeInfo);
+    return generator.emitPutToScope(scope.get(), m_ident, value.get(), DoNotThrowIfNotFound, resolveScopeInfo);
+}
 …
         generator.emitProfileType(local.get(), ProfileTypeBytecodeHasGlobalID, nullptr);
     else {
+        RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident);
+        RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound);
+        generator.emitProfileType(value.get(), ProfileTypeBytecodeGetFromScope, &m_ident);
+        ResolveScopeInfo resolveScopeInfo;
+        RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident, resolveScopeInfo);
+        RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound, resolveScopeInfo);
+        generator.emitProfileType(value.get(), resolveScopeInfo.isLocal() ? ProfileTypeBytecodeGetFromLocalScope : ProfileTypeBytecodeGetFromScope, &m_ident);
+    }
 …
         const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier();
         Local local = generator.local(ident);
-        if (local.isCaptured())
-            return nullptr;
         return local.get();
+    }
 …
         const Identifier& ident = simpleBinding->boundProperty();
         Local local = generator.local(ident);
         if (local.isCaptured())
+        if (local.isSpecial())
             return nullptr;
         return local.get();
 …
             if (generator.isStrictMode())
                 generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
+            RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident);
+            ResolveScopeInfo resolveScopeInfo;
+            RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident, resolveScopeInfo);
             generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
             generator.emitPutToScope(scope, ident, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
+            generator.emitPutToScope(scope, ident, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
+        }
         return;
 …
         const Identifier& ident = simpleBinding->boundProperty();
         Local local = generator.local(ident);
         if (!local.get() || local.isCaptured()) {
+        if (!local.get() || local.isSpecial()) {
             assignNode->bindings()->bindValue(generator, propertyName);
             return;
 …
                 if (generator.isStrictMode())
                     generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
+                RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident);
+                ResolveScopeInfo resolveScopeInfo;
+                RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident, resolveScopeInfo);
                 generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
                 generator.emitPutToScope(scope, ident, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
+                generator.emitPutToScope(scope, ident, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
+            }
         } else if (m_lexpr->isDotAccessorNode()) {
 …
     if (generator.isStrictMode())
         generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd());
+    RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), m_boundProperty);
+    ResolveScopeInfo resolveScopeInfo;
+    RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), m_boundProperty, resolveScopeInfo);
     generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd());
     generator.emitPutToScope(scope, m_boundProperty, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound);
+    generator.emitPutToScope(scope, m_boundProperty, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, resolveScopeInfo);
     if (generator.vm()->typeProfiler()) {
         generator.emitProfileType(value, ProfileTypeBytecodePutToScope, &m_boundProperty);
+        generator.emitProfileType(value, resolveScopeInfo.isLocal() ? ProfileTypeBytecodePutToLocalScope : ProfileTypeBytecodePutToScope, &m_boundProperty);
         generator.emitTypeProfilerExpressionInfo(divotStart(), divotEnd());
+    }

Note: See TracChangeset for help on using the changeset viewer.