Remove OpIsObjectOrNull from ClassExprNode::emitBytecode()
https://bugs.webkit.org/show_bug.cgi?id=214525
Reviewed by Keith Miller.
Source/JavaScriptCore:
This patch:
- Replaces OpIsObjectOrNull in ClassExprNode::emitBytecode() [1] with emitIsObject() +
emitIsNull(), preventing DFG/FTL from throwing a TypeError if
document.all is the
value of superclass "prototype" property, which aligns JSC with V8 and SpiderMonkey.
Also, tweaks error message to reflect that null is allowed.
- Renames is_object_or_null bytecode op to typeof_is_object, fixing the confusing
operationObjectIsObject() name, and aligns it with typeof_is_undefined.
New name offers better semantics and clearly communicates the op should be avoided when
implementing new features because of
typeof behavior with IsHTMLDDA objects [2].
[1]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation (step 5.g.ii)
[2]: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-typeof
- bytecode/BytecodeList.rb:
- bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):
- bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitEqualityOpImpl):
- bytecompiler/NodesCodegen.cpp:
(JSC::ClassExprNode::emitBytecode):
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::capabilityLevel):
(JSC::DFG::clobberize):
(JSC::DFG::doesGC):
(JSC::DFG::FixupPhase::fixupNode):
(WTF::printInternal):
- dfg/DFGHeapLocation.h:
- dfg/DFGNodeType.h:
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGPredictionPropagationPhase.cpp:
- dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileTypeOfIsObject):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull): Deleted.
- dfg/DFGSpeculativeJIT.h:
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::FTL::canCompile):
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileTypeOfIsObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull): Deleted.
(JSC::JIT::privateCompileMainPass):
- llint/LowLevelInterpreter.asm:
- runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
- runtime/CommonSlowPaths.h:
- runtime/Operations.cpp:
(JSC::jsTypeofIsObject):
(JSC::jsIsObjectTypeOrNull): Deleted.
LayoutTests:
New tests are added for document.all rather than makeMasquerader() since
the latter has sufficient test coverage and takes the short path as JSFunction.
- js/class-syntax-extends-expected.txt:
- js/dom/document-all-class-extends-expected.txt: Added.
- js/dom/document-all-class-extends.html: Added.
- js/dom/document-all-typeof-is-object-fold-expected.txt: Added.
- js/dom/document-all-typeof-is-object-fold.html: Added.
- js/dom/script-tests/document-all-class-extends.js: Added.
- js/dom/script-tests/document-all-typeof-is-object-fold.js: Added.
- js/script-tests/class-syntax-extends.js:
