Changeset 265744 in webkit for trunk/Source/JavaScriptCore/jit/JIT.cpp

Timestamp:

Aug 16, 2020, 1:40:17 PM (5 years ago)

Author:

Alexey Shvayka

Message:

Remove OpIsObjectOrNull from ClassExprNode::emitBytecode()
​https://bugs.webkit.org/show_bug.cgi?id=214525

Reviewed by Keith Miller.

Source/JavaScriptCore:

This patch:

1. Replaces OpIsObjectOrNull in ClassExprNode::emitBytecode() [1] with emitIsObject() + emitIsNull(), preventing DFG/FTL from throwing a TypeError if document.all is the value of superclass "prototype" property, which aligns JSC with V8 and SpiderMonkey. Also, tweaks error message to reflect that null is allowed.

2. Renames is_object_or_null bytecode op to typeof_is_object, fixing the confusing operationObjectIsObject() name, and aligns it with typeof_is_undefined. New name offers better semantics and clearly communicates the op should be avoided when implementing new features because of typeof behavior with IsHTMLDDA objects [2].

[1]: ​https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation (step 5.g.ii)
[2]: ​https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-typeof

• bytecode/BytecodeList.rb:
• bytecode/BytecodeUseDef.cpp:

(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEqualityOpImpl):

• bytecompiler/NodesCodegen.cpp:

(JSC::ClassExprNode::emitBytecode):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

• dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

• dfg/DFGHeapLocation.h:
• dfg/DFGNodeType.h:
• dfg/DFGOperations.cpp:
• dfg/DFGOperations.h:
• dfg/DFGPredictionPropagationPhase.cpp:
• dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileTypeOfIsObject):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull): Deleted.

• dfg/DFGSpeculativeJIT.h:
• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileTypeOfIsObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull): Deleted.

• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

• llint/LowLevelInterpreter.asm:
• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:
• runtime/Operations.cpp:

(JSC::jsTypeofIsObject):
(JSC::jsIsObjectTypeOrNull): Deleted.

• runtime/Operations.h:

LayoutTests:

New tests are added for document.all rather than makeMasquerader() since
the latter has sufficient test coverage and takes the short path as JSFunction.

• js/class-syntax-extends-expected.txt:
• js/dom/document-all-class-extends-expected.txt: Added.
• js/dom/document-all-class-extends.html: Added.
• js/dom/document-all-typeof-is-object-fold-expected.txt: Added.
• js/dom/document-all-typeof-is-object-fold.html: Added.
• js/dom/script-tests/document-all-class-extends.js: Added.
• js/dom/script-tests/document-all-typeof-is-object-fold.js: Added.
• js/script-tests/class-syntax-extends.js:

File:

• trunk/Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -287 +287 @@
         DEFINE_SLOW_OP(is_function)
         DEFINE_SLOW_OP(is_constructor)
-        DEFINE_SLOW_OP(is_object_or_null)
         DEFINE_SLOW_OP(typeof)
+        DEFINE_SLOW_OP(typeof_is_object)
         DEFINE_SLOW_OP(strcat)
         DEFINE_SLOW_OP(push_with_scope)