Ignore:
Timestamp:
May 12, 2020, 11:41:34 PM (5 years ago)
Author:
Alexey Shvayka
Message:

Implement @isConstructor bytecode intrinsic and bytecode for that
https://bugs.webkit.org/show_bug.cgi?id=144093

Reviewed by Keith Miller.

JSTests:

  • microbenchmarks/is-constructor.js: Added.
  • stress/async-arrow-function-in-class-heritage.js:
  • stress/is-constructor.js:
  • test262/expectations.yaml: Mark 2 test cases as passing.

LayoutTests/imported/w3c:

Tests for unsupported customized built-in elements now fail early
since interfaces they extend lack Constructor WebIDL attribute.

  • web-platform-tests/custom-elements/Document-createElement-expected.txt:
  • web-platform-tests/custom-elements/Document-createElementNS-expected.txt:
  • web-platform-tests/custom-elements/HTMLElement-constructor-expected.txt:
  • web-platform-tests/custom-elements/builtin-coverage-expected.txt:
  • web-platform-tests/custom-elements/htmlconstructor/newtarget-expected.txt:
  • web-platform-tests/custom-elements/parser/serializing-html-fragments-expected.txt:
  • web-platform-tests/custom-elements/upgrading/Document-importNode-expected.txt:
  • web-platform-tests/custom-elements/upgrading/Node-cloneNode-expected.txt:
  • web-platform-tests/shadow-dom/Element-interface-attachShadow-custom-element-expected.txt:

Source/JavaScriptCore:

This change replaces @isConstructor link-time-constant with bytecode intrinsic and utilizes it
in ClassExprNode::emitBytecode() according to the spec [1], aligning JSC with V8 and SpiderMonkey.

Before this patch, we checked if "prototype" of superclass is an object, which is incorrect for
generators and bound non-constructor functions with own "prototype".

OpIsConstructor's fast path can't be easily compiled, and it's not a hot code anyway, so instead
we reduce code bloat by just calling slow ops from DFG and FTL (if we bail out, we slow down all
@isConstructor call sites). This advances microbenchmarks/is-constructor.js by ~35%.

[1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation (step 5.f)

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • builtins/BuiltinNames.h:
  • bytecode/BytecodeIntrinsicRegistry.h:
  • bytecode/BytecodeList.rb:
  • bytecode/BytecodeUseDef.cpp:

(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitIsConstructor):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::ClassExprNode::emitBytecode):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGNodeType.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPredictionPropagationPhase.cpp:
  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileIsConstructor):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileIsConstructor):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • llint/LowLevelInterpreter.asm:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:
  • runtime/ECMAScriptSpecInternalFunctions.cpp: Removed.
  • runtime/ECMAScriptSpecInternalFunctions.h: Removed.
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

LayoutTests:

Tests for unsupported customized built-in elements now fail early
since interfaces they extend lack Constructor WebIDL attribute.

  • js/class-syntax-extends-expected.txt:
  • js/script-tests/class-syntax-extends.js:
  • platform/gtk/imported/w3c/web-platform-tests/custom-elements/builtin-coverage-expected.txt:
  • platform/ios-wk2/imported/w3c/web-platform-tests/custom-elements/builtin-coverage-expected.txt:
  • platform/mac-wk2/imported/w3c/web-platform-tests/custom-elements/builtin-coverage-expected.txt:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jit/JIT.cpp

    r260331 r261600  
    293293        DEFINE_SLOW_OP(greatereq)
    294294        DEFINE_SLOW_OP(is_function)
     295        DEFINE_SLOW_OP(is_constructor)
    295296        DEFINE_SLOW_OP(is_object_or_null)
    296297        DEFINE_SLOW_OP(typeof)
Note: See TracChangeset for help on using the changeset viewer.