Ignore:
Timestamp:
Oct 10, 2014, 12:03:20 PM (11 years ago)
Author:
[email protected]
Message:

Various arguments optimisations in codegen fail to account for arguments being in lexical record
https://bugs.webkit.org/show_bug.cgi?id=137617

Reviewed by Michael Saboff.

Rework the way we track |arguments| references so that we don't try
to use the |arguments| reference on the stack if it's not safe.

To do this without nuking performance it was necessary to update
the parser to track modification of the |arguments| reference
itself.

  • bytecode/CodeBlock.cpp:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::willResolveToArguments):
(JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):
(JSC::BytecodeGenerator::emitEnumeration):
(JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister):

  • bytecompiler/NodesCodegen.cpp:

(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::getArgumentByVal):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::ArrayPatternNode::emitDirectBinding):

  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::Frame::existingArguments):

  • parser/Nodes.h:

(JSC::ScopeNode::modifiesArguments):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseInner):

  • parser/Parser.h:

(JSC::Scope::getCapturedVariables):

  • parser/ParserModes.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

    r174226 r174606  
    387387        RegisterID* property = generator.emitNode(m_subscript);
    388388        generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
    389         return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedRegisterForArguments(), property);
     389        return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister(), property);
    390390    }
    391391
     
    413413            goto nonArgumentsPath;
    414414        generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
    415         return generator.emitGetArgumentsLength(generator.finalDestination(dst), generator.uncheckedRegisterForArguments());
     415        return generator.emitGetArgumentsLength(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister());
    416416    }
    417417
     
    594594        && !generator.symbolTable().slowArguments()) {
    595595        generator.emitExpressionInfo(divot, divotStart, divotEnd);
    596         return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedRegisterForArguments(), property);
     596        return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedLocalArgumentsRegister(), property);
    597597    }
    598598    return nullptr;
     
    622622            RefPtr<RegisterID> argumentsRegister;
    623623            if (thisRegister)
    624                 argumentsRegister = generator.uncheckedRegisterForArguments();
     624                argumentsRegister = generator.uncheckedLocalArgumentsRegister();
    625625            else {
    626626                argumentsRegister = generator.emitNode(subject);
     
    750750        ArgumentListNode* args = m_args->m_listNode->m_next;
    751751        if (args->m_expr->isResolveNode() && generator.willResolveToArguments(static_cast<ResolveNode*>(args->m_expr)->identifier()) && !generator.symbolTable().slowArguments())
    752             argsRegister = generator.uncheckedRegisterForArguments();
     752            argsRegister = generator.uncheckedLocalArgumentsRegister();
    753753        else
    754754            argsRegister = generator.emitNode(args->m_expr);
     
    27222722    if (rhs->isResolveNode()
    27232723        && generator.willResolveToArguments(static_cast<ResolveNode*>(rhs)->identifier())
    2724         && !generator.symbolTable().slowArguments()) {
     2724        && generator.hasSafeLocalArgumentsRegister()&& !generator.symbolTable().slowArguments()) {
    27252725        for (size_t i = 0; i < m_targetPatterns.size(); i++) {
    27262726            auto target = m_targetPatterns[i];
     
    27302730            RefPtr<RegisterID> temp = generator.newTemporary();
    27312731            generator.emitLoad(temp.get(), jsNumber(i));
    2732             generator.emitGetArgumentByVal(temp.get(), generator.uncheckedRegisterForArguments(), temp.get());
     2732            generator.emitGetArgumentByVal(temp.get(), generator.uncheckedLocalArgumentsRegister(), temp.get());
    27332733            target->bindValue(generator, temp.get());
    27342734        }
Note: See TracChangeset for help on using the changeset viewer.