Changeset 38330 in webkit for trunk/JavaScriptCore

Timestamp:

Nov 12, 2008, 1:34:22 AM (17 years ago)

Author:

[email protected]

Message:

2008-11-12 Cameron Zwarich <​[email protected]>

Rubber-stamped by Mark Rowe.

Roll out r38322 due to test failures on the bots.

JavaScriptCore:

• VM/CTI.cpp: (JSC::CTI::compileOpCallSetupArgs): (JSC::CTI::compileOpCall): (JSC::CTI::privateCompileMainPass): (JSC::CTI::privateCompileSlowCases):
• VM/CTI.h:
• VM/CodeBlock.cpp: (JSC::CodeBlock::dump):
• VM/Machine.cpp: (JSC::Machine::callEval): (JSC::Machine::dumpCallFrame): (JSC::Machine::dumpRegisters): (JSC::Machine::execute): (JSC::Machine::privateExecute): (JSC::Machine::throwStackOverflowPreviousFrame): (JSC::Machine::cti_register_file_check): (JSC::Machine::cti_op_call_arityCheck): (JSC::Machine::cti_op_call_NotJSFunction): (JSC::Machine::cti_op_construct_JSConstruct): (JSC::Machine::cti_op_construct_NotJSConstruct): (JSC::Machine::cti_op_call_eval): (JSC::Machine::cti_vm_throw):
• VM/Machine.h:
• bytecompiler/CodeGenerator.cpp: (JSC::CodeGenerator::emitCall): (JSC::CodeGenerator::emitCallEval): (JSC::CodeGenerator::emitConstruct):
• bytecompiler/CodeGenerator.h:
• parser/Nodes.cpp: (JSC::EvalFunctionCallNode::emitCode): (JSC::FunctionCallValueNode::emitCode): (JSC::FunctionCallResolveNode::emitCode): (JSC::FunctionCallBracketNode::emitCode): (JSC::FunctionCallDotNode::emitCode):
• parser/Nodes.h: (JSC::ScopeNode::neededConstants):

LayoutTests:

• fast/js/global-recursion-on-full-stack-expected.txt:

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• VM/CTI.cpp (modified) (12 diffs)
• VM/CTI.h (modified) (1 diff)
• VM/CodeBlock.cpp (modified) (2 diffs)
• VM/Machine.cpp (modified) (31 diffs)
• VM/Machine.h (modified) (3 diffs)
• bytecompiler/CodeGenerator.cpp (modified) (3 diffs)
• bytecompiler/CodeGenerator.h (modified) (2 diffs)
• parser/Nodes.cpp (modified) (6 diffs)
• parser/Nodes.h (modified) (1 diff)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2008-11-12  Cameron Zwarich  <[email protected]>
+
+        Rubber-stamped by Mark Rowe.
+
+        Roll out r38322 due to test failures on the bots.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCallSetupArgs):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/Machine.cpp:
+        (JSC::Machine::callEval):
+        (JSC::Machine::dumpCallFrame):
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::execute):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::throwStackOverflowPreviousFrame):
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_call_arityCheck):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitCallEval):
+        (JSC::CodeGenerator::emitConstruct):
+        * bytecompiler/CodeGenerator.h:
+        * parser/Nodes.cpp:
+        (JSC::EvalFunctionCallNode::emitCode):
+        (JSC::FunctionCallValueNode::emitCode):
+        (JSC::FunctionCallResolveNode::emitCode):
+        (JSC::FunctionCallBracketNode::emitCode):
+        (JSC::FunctionCallDotNode::emitCode):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::neededConstants):
+
 2008-11-11  Geoffrey Garen  <[email protected]>
 

trunk/JavaScriptCore/VM/CTI.cpp

@@ -588 +588 @@
 }
 
-void CTI::compileOpCallSetupArgs(Instruction* instruction)
-{
-    int argCount = instruction[3].u.operand;
-    int registerOffset = instruction[4].u.operand;
-
-    // ecx holds func
+void CTI::compileOpCallSetupArgs(Instruction* instruction, bool isConstruct, bool isEval)
+{
+    int firstArg = instruction[4].u.operand;
+    int argCount = instruction[5].u.operand;
+    int registerOffset = instruction[6].u.operand;
+
     emitPutArg(X86::ecx, 0);
     emitPutArgConstant(registerOffset, 4);
     emitPutArgConstant(argCount, 8);
     emitPutArgConstant(reinterpret_cast<unsigned>(instruction), 12);
-}
-
-void CTI::compileOpCallEvalSetupArgs(Instruction* instruction)
-{
-    int argCount = instruction[3].u.operand;
-    int registerOffset = instruction[4].u.operand;
-
-    // ecx holds func
-    emitPutArg(X86::ecx, 0);
-    emitPutArgConstant(registerOffset, 4);
-    emitPutArgConstant(argCount, 8);
-    emitPutArgConstant(reinterpret_cast<unsigned>(instruction), 12);
-}
-
-void CTI::compileOpConstructSetupArgs(Instruction* instruction)
-{
-    int argCount = instruction[3].u.operand;
-    int registerOffset = instruction[4].u.operand;
-    int proto = instruction[5].u.operand;
-    int thisRegister = instruction[6].u.operand;
-
-    // ecx holds func
-    emitPutArg(X86::ecx, 0);
-    emitPutArgConstant(registerOffset, 4);
-    emitPutArgConstant(argCount, 8);
-    emitGetPutArg(proto, 12, X86::eax);
-    emitPutArgConstant(thisRegister, 16);
-    emitPutArgConstant(reinterpret_cast<unsigned>(instruction), 20);
+    if (isConstruct) {
+        emitGetPutArg(instruction[3].u.operand, 16, X86::eax);
+        emitPutArgConstant(firstArg, 20);
+    } else if (isEval)
+        emitGetPutArg(instruction[3].u.operand, 16, X86::eax);
 }
 
@@ -632 +609 @@
     int dst = instruction[1].u.operand;
     int callee = instruction[2].u.operand;
-    int argCount = instruction[3].u.operand;
-    int registerOffset = instruction[4].u.operand;
+    int firstArg = instruction[4].u.operand;
+    int argCount = instruction[5].u.operand;
+    int registerOffset = instruction[6].u.operand;
+
+    // Setup this value as the first argument (does not apply to constructors)
+    if (opcodeID != op_construct) {
+        int thisVal = instruction[3].u.operand;
+        if (thisVal == missingThisObjectMarker())
+            m_jit.movl_i32m(asInteger(jsNull()), firstArg * sizeof(Register), X86::edi);
+        else {
+            emitGetArg(thisVal, X86::eax);
+            emitPutResult(firstArg);
+        }
+    }
 
     // Handle eval
@@ -639 +628 @@
     if (opcodeID == op_call_eval) {
         emitGetArg(callee, X86::ecx);
-        compileOpCallEvalSetupArgs(instruction);
+        compileOpCallSetupArgs(instruction, false, true);
 
         emitCTICall(instruction, i, Machine::cti_op_call_eval);
@@ -659 +648 @@
     // In the case of OpConstruct, call out to a cti_ function to create the new object.
     if (opcodeID == op_construct) {
-        int proto = instruction[5].u.operand;
-        int thisRegister = instruction[6].u.operand;
-
         emitPutArg(X86::ecx, 0);
-        emitGetPutArg(proto, 12, X86::eax);
+        emitGetPutArg(instruction[3].u.operand, 16, X86::eax);
         emitCTICall(instruction, i, Machine::cti_op_construct_JSConstruct);
-        emitPutResult(thisRegister);
+        emitPutResult(firstArg);
         emitGetArg(callee, X86::ecx);
     }
@@ -1300 +1286 @@
             break;
         }
-        case op_call:
-        case op_call_eval:
-        case op_construct: {
+        case op_call: {
             compileOpCall(opcodeID, instruction + i, i, callLinkInfoIndex++);
-            i += (opcodeID == op_construct ? 7 : 5);
+            i += 7;
             break;
         }
@@ -1396 +1380 @@
             emitPutResult(instruction[i + 1].u.operand);
             i += 3;
+            break;
+        }
+        case op_construct: {
+            compileOpCall(opcodeID, instruction + i, i, callLinkInfoIndex++);
+            i += 7;
             break;
         }
@@ -1923 +1912 @@
             emitPutResult(instruction[i + 1].u.operand);
             i += 5;
+            break;
+        }
+        case op_call_eval: {
+            compileOpCall(opcodeID, instruction + i, i, callLinkInfoIndex++);
+            i += 7;
             break;
         }
@@ -2774 +2768 @@
             int dst = instruction[i + 1].u.operand;
             int callee = instruction[i + 2].u.operand;
-            int argCount = instruction[i + 3].u.operand;
-            int registerOffset = instruction[i + 4].u.operand;
+            int firstArg = instruction[i + 4].u.operand;
+            int argCount = instruction[i + 5].u.operand;
+            int registerOffset = instruction[i + 6].u.operand;
 
             m_jit.link(iter->from, m_jit.label());
 
             // The arguments have been set up on the hot path for op_call_eval
-            if (opcodeID == op_call)
-                compileOpCallSetupArgs(instruction + i);
-            else if (opcodeID == op_construct)
-                compileOpConstructSetupArgs(instruction + i);
+            if (opcodeID != op_call_eval)
+                compileOpCallSetupArgs(instruction + i, (opcodeID == op_construct), false);
 
             // Fast check for JS function.
@@ -2791 +2784 @@
             X86Assembler::JmpSrc callLinkFailNotJSFunction = m_jit.emitUnlinkedJne();
 
-            // First, in the case of a construct, allocate the new object.
+            // First, in the cale of a construct, allocate the new object.
             if (opcodeID == op_construct) {
                 emitCTICall(instruction, i, Machine::cti_op_construct_JSConstruct);
-                emitPutResult(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+                emitPutResult(firstArg);
                 emitGetArg(callee, X86::ecx);
             }
@@ -2835 +2828 @@
 
             // The arguments have been set up on the hot path for op_call_eval
-            if (opcodeID == op_call)
-                compileOpCallSetupArgs(instruction + i);
-            else if (opcodeID == op_construct)
-                compileOpConstructSetupArgs(instruction + i);
+            if (opcodeID != op_call_eval)
+                compileOpCallSetupArgs(instruction + i, (opcodeID == op_construct), false);
 
             // Check for JSFunctions.
@@ -2857 +2848 @@
             m_jit.link(isJSFunction, m_jit.label());
 
-            // First, in the case of a construct, allocate the new object.
+            // First, in the cale of a construct, allocate the new object.
             if (opcodeID == op_construct) {
                 emitCTICall(instruction, i, Machine::cti_op_construct_JSConstruct);
-                emitPutResult(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+                emitPutResult(firstArg);
                 emitGetArg(callee, X86::ecx);
             }
@@ -2905 +2896 @@
             ++callLinkInfoIndex;
 
-            i += (opcodeID == op_construct ? 7 : 5);
+            i += 7;
             break;
         }

trunk/JavaScriptCore/VM/CTI.h

@@ -366 +366 @@
         void compileOpCall(OpcodeID, Instruction* instruction, unsigned i, unsigned callLinkInfoIndex);
         void compileOpCallInitializeCallFrame(unsigned callee, unsigned argCount);
-        void compileOpCallSetupArgs(Instruction*);
-        void compileOpCallEvalSetupArgs(Instruction*);
-        void compileOpConstructSetupArgs(Instruction*);
+        void compileOpCallSetupArgs(Instruction* instruction, bool isConstruct, bool isEval);
         enum CompileOpStrictEqType { OpStrictEq, OpNStrictEq };
         void compileOpStrictEq(Instruction* instruction, unsigned i, CompileOpStrictEqType type);

trunk/JavaScriptCore/VM/CodeBlock.cpp

@@ -813 +813 @@
         }
         case op_call: {
-            int dst = (++it)->u.operand;
-            int func = (++it)->u.operand;
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            int tempCount = (++it)->u.operand;
             int argCount = (++it)->u.operand;
             int registerOffset = (++it)->u.operand;
-            printf("[%4d] call\t\t %s, %s, %d, %d\n", location, registerName(dst).c_str(), registerName(func).c_str(), argCount, registerOffset);
+            printf("[%4d] call\t\t %s, %s, %s, %d, %d, %d\n", location, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str(), tempCount, argCount, registerOffset);
             break;
         }
         case op_call_eval: {
-            int dst = (++it)->u.operand;
-            int func = (++it)->u.operand;
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            int tempCount = (++it)->u.operand;
             int argCount = (++it)->u.operand;
             int registerOffset = (++it)->u.operand;
-            printf("[%4d] call_eval\t %s, %s, %d, %d\n", location, registerName(dst).c_str(), registerName(func).c_str(), argCount, registerOffset);
+            printf("[%4d] call_eval\t\t %s, %s, %s, %d, %d, %d\n", location, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str(), tempCount, argCount, registerOffset);
             break;
         }
@@ -843 +847 @@
         }
         case op_construct: {
-            int dst = (++it)->u.operand;
-            int func = (++it)->u.operand;
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            int tempCount = (++it)->u.operand;
             int argCount = (++it)->u.operand;
             int registerOffset = (++it)->u.operand;
-            int proto = (++it)->u.operand;
-            int thisRegister = (++it)->u.operand;
-            printf("[%4d] construct\t %s, %s, %d, %d, %s, %s\n", location, registerName(dst).c_str(), registerName(func).c_str(), argCount, registerOffset, registerName(proto).c_str(), registerName(thisRegister).c_str());
+            printf("[%4d] construct\t %s, %s, %s, %d, %d, %d\n", location, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str(), tempCount, argCount, registerOffset);
             break;
         }

trunk/JavaScriptCore/VM/Machine.cpp

@@ -581 +581 @@
 }
 
-NEVER_INLINE JSValue* Machine::callEval(CallFrame* callFrame, RegisterFile* registerFile, Register* argv, int argc, int registerOffset, JSValue*& exceptionValue)
+NEVER_INLINE JSValue* Machine::callEval(CallFrame* callFrame, JSObject* thisObj, ScopeChainNode* scopeChain, RegisterFile* registerFile, int argv, int argc, JSValue*& exceptionValue)
 {
     if (argc < 2)
         return jsUndefined();
 
-    JSValue* program = argv[1].jsValue(callFrame);
+    JSValue* program = callFrame[argv + 1].jsValue(callFrame);
 
     if (!program->isString())
@@ -593 +593 @@
     UString programSource = asString(program)->value();
 
-    ScopeChainNode* scopeChain = callFrame->scopeChain();
     CodeBlock* codeBlock = callFrame->codeBlock();
     RefPtr<EvalNode> evalNode = codeBlock->evalCodeCache.get(callFrame, programSource, scopeChain, exceptionValue);
@@ -599 +598 @@
     JSValue* result = jsUndefined();
     if (evalNode)
-        result = callFrame->globalData().machine->execute(evalNode.get(), callFrame, callFrame->thisValue()->toThisObject(callFrame), callFrame->registers() - registerFile->start() + registerOffset, scopeChain, &exceptionValue);
+        result = callFrame->globalData().machine->execute(evalNode.get(), callFrame, thisObj, callFrame->registers() - registerFile->start() + argv + 1 + RegisterFile::CallFrameHeaderSize, scopeChain, &exceptionValue);
 
     return result;
@@ -657 +656 @@
 #ifndef NDEBUG
 
-void Machine::dumpCallFrame(CallFrame* callFrame)
-{
-    callFrame->codeBlock()->dump(callFrame);
-    dumpRegisters(callFrame);
-}
-
-void Machine::dumpRegisters(CallFrame* callFrame)
+void Machine::dumpCallFrame(const RegisterFile* registerFile, CallFrame* callFrame)
+{
+    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    codeBlock->dump(globalObject->globalExec());
+
+    dumpRegisters(registerFile, callFrame);
+}
+
+void Machine::dumpRegisters(const RegisterFile* registerFile, CallFrame* callFrame)
 {
     printf("Register frame: \n\n");
@@ -671 +674 @@
 
     CodeBlock* codeBlock = callFrame->codeBlock();
-    RegisterFile* registerFile = &callFrame->scopeChain()->globalObject()->globalData()->machine->registerFile();
     const Register* it;
     const Register* end;
@@ -1022 +1024 @@
 }
 
-JSValue* Machine::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, int globalRegisterOffset, ScopeChainNode* scopeChain, JSValue** exception)
+JSValue* Machine::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, int registerOffset, ScopeChainNode* scopeChain, JSValue** exception)
 {
     ASSERT(!scopeChain->globalData->exception);
@@ -1068 +1070 @@
 
     Register* oldEnd = m_registerFile.end();
-    Register* newEnd = m_registerFile.start() + globalRegisterOffset + codeBlock->numCalleeRegisters;
+    Register* newEnd = m_registerFile.start() + registerOffset + codeBlock->numCalleeRegisters;
     if (!m_registerFile.grow(newEnd)) {
         *exception = createStackOverflowError(callFrame);
@@ -1074 +1076 @@
     }
 
-    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + globalRegisterOffset);
+    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + registerOffset);
 
     // a 0 codeBlock indicates a built-in caller
@@ -3263 +3265 @@
     }
     BEGIN_OPCODE(op_call_eval) {
-        /* call_eval dst(r) func(r) argCount(n) registerOffset(n)
+        /* call_eval dst(r) func(r) thisVal(r) firstArg(r) argCount(n)
 
            Call a function named "eval" with no explicit "this" value
@@ -3276 +3278 @@
         int dst = vPC[1].u.operand;
         int func = vPC[2].u.operand;
-        int argCount = vPC[3].u.operand;
-        int registerOffset = vPC[4].u.operand;
+        int thisVal = vPC[3].u.operand;
+        int firstArg = vPC[4].u.operand;
+        int argCount = vPC[5].u.operand;
 
         JSValue* funcVal = callFrame[func].jsValue(callFrame);
-
-        Register* newCallFrame = callFrame->registers() + registerOffset;
-        Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
-        JSValue* thisValue = argv[0].jsValue(callFrame);
-        JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
-
-        if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
-            JSValue* result = callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
+        JSValue* baseVal = callFrame[thisVal].jsValue(callFrame);
+
+        ScopeChainNode* scopeChain = callFrame->scopeChain();
+        if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
+            JSObject* thisObject = asObject(callFrame[callFrame->codeBlock()->thisRegister].jsValue(callFrame));
+            JSValue* result = callEval(callFrame, thisObject, scopeChain, registerFile, firstArg, argCount, exceptionValue);
             if (exceptionValue)
                 goto vm_throw;
+
             callFrame[dst] = result;
 
-            vPC += 5;
+            vPC += 7;
             NEXT_OPCODE;
         }
 
-        // We didn't find the blessed version of eval, so process this
-        // instruction as a normal function call.
+        // We didn't find the blessed version of eval, so reset vPC and process
+        // this instruction as a normal function call, supplying the proper 'this'
+        // value.
+        callFrame[thisVal] = baseVal->toThisObject(callFrame);
 
 #if HAVE(COMPUTED_GOTO)
@@ -3308 +3312 @@
     }
     BEGIN_OPCODE(op_call) {
-        /* call dst(r) func(r) argCount(n) registerOffset(n)
-
-           Perform a function call.
-           
-           registerOffset is the distance the callFrame pointer should move
-           before the VM initializes the new call frame's header.
-           
-           dst is where op_ret should store its result.
+        /* call dst(r) func(r) thisVal(r) firstArg(r) argCount(n) registerOffset(n)
+
+           Perform a function call. Specifically, call register func
+           with a "this" value of register thisVal, and put the result
+           in register dst.
+
+           The arguments start at register firstArg and go up to
+           argCount, but the "this" value is considered an implicit
+           first argument, so the argCount should be one greater than
+           the number of explicit arguments passed, and the register
+           after firstArg should contain the actual first
+           argument. This opcode will copy from the thisVal register
+           to the firstArg register, unless the register index of
+           thisVal is the special missing this object marker, which is
+           2^31-1; in that case, the global object will be used as the
+           "this" value.
+
+           If func is a native code function, then this opcode calls
+           it and returns the value immediately. 
+
+           But if it is a JS function, then the current scope chain
+           and code block is set to the function's, and we slide the
+           register window so that the arguments would form the first
+           few local registers of the called function's register
+           window. In addition, a call frame header is written
+           immediately before the arguments; see the call frame
+           documentation for an explanation of how many registers a
+           call frame takes and what they contain. That many registers
+           before the firstArg register will be overwritten by the
+           call. In addition, any registers higher than firstArg +
+           argCount may be overwritten. Once this setup is complete,
+           execution continues from the called function's first
+           argument, and does not return until a "ret" opcode is
+           encountered.
          */
 
         int dst = vPC[1].u.operand;
         int func = vPC[2].u.operand;
-        int argCount = vPC[3].u.operand;
-        int registerOffset = vPC[4].u.operand;
+        int thisVal = vPC[3].u.operand;
+        int firstArg = vPC[4].u.operand;
+        int argCount = vPC[5].u.operand;
+        int registerOffset = vPC[6].u.operand;
 
         JSValue* v = callFrame[func].jsValue(callFrame);
@@ -3333 +3365 @@
             CodeBlock* newCodeBlock = &functionBodyNode->byteCode(callDataScopeChain);
 
+            callFrame[firstArg] = thisVal == missingThisObjectMarker() ? callFrame->globalThisValue() : callFrame[thisVal].jsValue(callFrame);
+            
             CallFrame* previousCallFrame = callFrame;
 
@@ -3342 +3376 @@
             }
 
-            callFrame->init(newCodeBlock, vPC + 5, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
+            callFrame->init(newCodeBlock, vPC + 7, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
             vPC = newCodeBlock->instructions.begin();
 
@@ -3353 +3387 @@
 
         if (callType == CallTypeHost) {
+            JSValue* thisValue = thisVal == missingThisObjectMarker() ? callFrame->globalThisValue() : callFrame[thisVal].jsValue(callFrame);
+            ArgList args(callFrame->registers() + firstArg + 1, argCount - 1);
+
             ScopeChainNode* scopeChain = callFrame->scopeChain();
             CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
-            newCallFrame->init(0, vPC + 5, scopeChain, callFrame, dst, argCount, 0);
-
-            Register* thisRegister = newCallFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
-            ArgList args(thisRegister + 1, argCount - 1);
-
-            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
-            JSValue* thisValue = thisRegister->jsValue(callFrame);
-            if (thisValue == jsNull())
-                thisValue = callFrame->globalThisValue();
+            newCallFrame->init(0, vPC + 7, scopeChain, callFrame, dst, argCount, 0);
 
             JSValue* returnValue;
@@ -3374 +3403 @@
             callFrame[dst] = returnValue;
 
-            vPC += 5;
+            vPC += 7;
             NEXT_OPCODE;
         }
@@ -3544 +3573 @@
     }
     BEGIN_OPCODE(op_construct) {
-        /* construct dst(r) func(r) argCount(n) registerOffset(n) proto(r) thisRegister(r)
-
-           Invoke register "func" as a constructor. For JS
+        /* construct dst(r) constr(r) constrProto(r) firstArg(r) argCount(n) registerOffset(n)
+
+           Invoke register "constr" as a constructor. For JS
            functions, the calling convention is exactly as for the
            "call" opcode, except that the "this" value is a newly
-           created Object. For native constructors, no "this"
-           value is passed. In either case, the argCount and registerOffset
+           created Object. For native constructors, a null "this"
+           value is passed. In either case, the firstArg and argCount
            registers are interpreted as for the "call" opcode.
 
-           Register proto must contain the prototype property of
-           register func. This is to enable polymorphic inline
+           Register constrProto must contain the prototype property of
+           register constsr. This is to enable polymorphic inline
            caching of this lookup.
         */
 
         int dst = vPC[1].u.operand;
-        int func = vPC[2].u.operand;
-        int argCount = vPC[3].u.operand;
-        int registerOffset = vPC[4].u.operand;
-        int proto = vPC[5].u.operand;
-        int thisRegister = vPC[6].u.operand;
-
-        JSValue* v = callFrame[func].jsValue(callFrame);
+        int constr = vPC[2].u.operand;
+        int constrProto = vPC[3].u.operand;
+        int firstArg = vPC[4].u.operand;
+        int argCount = vPC[5].u.operand;
+        int registerOffset = vPC[6].u.operand;
+
+        JSValue* v = callFrame[constr].jsValue(callFrame);
 
         ConstructData constructData;
@@ -3576 +3605 @@
 
             StructureID* structure;
-            JSValue* prototype = callFrame[proto].jsValue(callFrame);
+            JSValue* prototype = callFrame[constrProto].jsValue(callFrame);
             if (prototype->isObject())
                 structure = asObject(prototype)->inheritorID();
@@ -3583 +3612 @@
             JSObject* newObject = new (globalData) JSObject(structure);
 
-            callFrame[thisRegister] = newObject; // "this" value
+            callFrame[firstArg] = newObject; // "this" value
 
             CallFrame* previousCallFrame = callFrame;
@@ -3605 +3634 @@
 
         if (constructType == ConstructTypeHost) {
-            ArgList args(callFrame->registers() + thisRegister + 1, argCount - 1);
+            ArgList args(callFrame->registers() + firstArg + 1, argCount - 1);
 
             ScopeChainNode* scopeChain = callFrame->scopeChain();
@@ -4336 +4365 @@
     } while (0)
 
-// This macro rewinds to the previous call frame because CTI functions that
-// throw stack overflow exceptions execute after the call frame has
-// optimistically moved forward.
-#define CTI_THROW_STACK_OVERFLOW() do { \
-    CallFrame* oldCallFrame = ARG_callFrame->callerFrame(); \
-    JSGlobalData* globalData = ARG_globalData; \
-    globalData->exception = createStackOverflowError(oldCallFrame); \
-    globalData->throwReturnAddress = CTI_RETURN_ADDRESS; \
-    ARG_setCallFrame(oldCallFrame); \
-    CTI_SET_RETURN_ADDRESS(reinterpret_cast<void*>(ctiVMThrowTrampoline)); \
-} while (0);
-
 JSObject* Machine::cti_op_convert_this(CTI_ARGS)
 {
@@ -4436 +4453 @@
 }
 
+NEVER_INLINE void Machine::throwStackOverflowPreviousFrame(CallFrame* callFrame, JSGlobalData* globalData, void*& returnAddress)
+{
+    globalData->exception = createStackOverflowError(callFrame->callerFrame());
+    globalData->throwReturnAddress = callFrame->returnPC();
+    ctiSetReturnAddress(&returnAddress, reinterpret_cast<void*>(ctiVMThrowTrampoline));
+}
+
 void Machine::cti_register_file_check(CTI_ARGS)
 {
@@ -4443 +4467 @@
         return;
 
-    CTI_THROW_STACK_OVERFLOW();
+    ARG_setCallFrame(ARG_callFrame->callerFrame());
+    throwStackOverflowPreviousFrame(ARG_callFrame, ARG_globalData, CTI_RETURN_ADDRESS);
 }
 
@@ -4720 +4745 @@
         Register* newEnd = r + newCodeBlock->numCalleeRegisters;
         if (!ARG_registerFile->grow(newEnd)) {
-            CTI_THROW_STACK_OVERFLOW();
-            VoidPtrPairValue pair = {{ 0, 0 }};
-            return pair.i;
+            ARG_globalData->exception = createStackOverflowError(oldCallFrame);
+            VM_THROW_EXCEPTION_2();
         }
 
@@ -4787 +4811 @@
             SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
 
-            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
+            // All host methods should be calling toThisObject, but this is not presently the case.
             JSValue* thisValue = argv[0].jsValue(callFrame);
             if (thisValue == jsNull())
@@ -4911 +4935 @@
 
     StructureID* structure;
-    if (ARG_src4->isObject())
-        structure = asObject(ARG_src4)->inheritorID();
+    if (ARG_src5->isObject())
+        structure = asObject(ARG_src5)->inheritorID();
     else
         structure = asFunction(ARG_src1)->m_scopeChain.node()->globalObject()->emptyObjectStructure();
@@ -4926 +4950 @@
     JSValue* constrVal = ARG_src1;
     int argCount = ARG_int3;
-    int thisRegister = ARG_int5;
+    int firstArg = ARG_int6;
 
     ConstructData constructData;
@@ -4932 +4956 @@
 
     if (constructType == ConstructTypeHost) {
-        ArgList argList(callFrame->registers() + thisRegister + 1, argCount - 1);
+        ArgList argList(callFrame->registers() + firstArg + 1, argCount - 1);
 
         JSValue* returnValue;
@@ -4946 +4970 @@
     ASSERT(constructType == ConstructTypeNone);
 
-    ARG_globalData->exception = createNotAConstructorError(callFrame, constrVal, ARG_instr6, callFrame->codeBlock());
+    ARG_globalData->exception = createNotAConstructorError(callFrame, constrVal, ARG_instr4, callFrame->codeBlock());
     VM_THROW_EXCEPTION();
 }
@@ -5545 +5569 @@
     CallFrame* callFrame = ARG_callFrame;
     RegisterFile* registerFile = ARG_registerFile;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
 
     Machine* machine = ARG_globalData->machine;
@@ -5551 +5577 @@
     int registerOffset = ARG_int2;
     int argCount = ARG_int3;
-
-    Register* newCallFrame = callFrame->registers() + registerOffset;
-    Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
-    JSValue* thisValue = argv[0].jsValue(callFrame);
-    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
-
-    if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
+    JSValue* baseVal = ARG_src5;
+
+    if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
+        JSObject* thisObject = callFrame[codeBlock->thisRegister].jsValue(callFrame)->toThisObject(callFrame);
         JSValue* exceptionValue = noValue();
-        JSValue* result = machine->callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
+        JSValue* result = machine->callEval(callFrame, thisObject, scopeChain, registerFile, registerOffset - RegisterFile::CallFrameHeaderSize - argCount, argCount, exceptionValue);
         if (UNLIKELY(exceptionValue != noValue())) {
             ARG_globalData->exception = exceptionValue;
@@ -5922 +5945 @@
     CallFrame* callFrame = ARG_callFrame;
     CodeBlock* codeBlock = callFrame->codeBlock();
-    JSGlobalData* globalData = ARG_globalData;
-
-    ASSERT(codeBlock->ctiReturnAddressVPCMap.contains(globalData->throwReturnAddress));
-    unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(globalData->throwReturnAddress);
-
-    JSValue* exceptionValue = globalData->exception;
+
+    ASSERT(codeBlock->ctiReturnAddressVPCMap.contains(ARG_globalData->throwReturnAddress));
+    unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(ARG_globalData->throwReturnAddress);
+
+    JSValue* exceptionValue = ARG_globalData->exception;
     ASSERT(exceptionValue);
-    globalData->exception = noValue();
-
-    Instruction* handlerVPC = globalData->machine->throwException(callFrame, exceptionValue, codeBlock->instructions.begin() + vPCIndex, false);
+    ARG_globalData->exception = noValue();
+
+    Instruction* handlerVPC = ARG_globalData->machine->throwException(callFrame, exceptionValue, codeBlock->instructions.begin() + vPCIndex, false);
 
     if (!handlerVPC) {

trunk/JavaScriptCore/VM/Machine.h

@@ -285 +285 @@
         enum ExecutionFlag { Normal, InitializeAndReturn };
 
-        NEVER_INLINE JSValue* callEval(CallFrame*, RegisterFile*, Register* argv, int argc, int registerOffset, JSValue*& exceptionValue);
-        JSValue* execute(EvalNode*, CallFrame*, JSObject* thisObject, int globalRegisterOffset, ScopeChainNode*, JSValue** exception);
+        NEVER_INLINE JSValue* callEval(CallFrame*, JSObject* thisObject, ScopeChainNode*, RegisterFile*, int argv, int argc, JSValue*& exceptionValue);
+        JSValue* execute(EvalNode*, CallFrame*, JSObject* thisObject, int registerOffset, ScopeChainNode*, JSValue** exception);
 
         NEVER_INLINE void debug(CallFrame*, DebugHookID, int firstLine, int lastLine);
@@ -307 +307 @@
         JSValue* privateExecute(ExecutionFlag, RegisterFile*, CallFrame*, JSValue** exception);
 
-        void dumpCallFrame(CallFrame*);
-        void dumpRegisters(CallFrame*);
+        void dumpCallFrame(const RegisterFile*, CallFrame*);
+        void dumpRegisters(const RegisterFile*, CallFrame*);
 
         JSValue* checkTimeout(JSGlobalObject*);
@@ -321 +321 @@
 
 #if ENABLE(CTI)
-        static void throwStackOverflowPreviousFrame(CallFrame**, JSGlobalData*, void*& returnAddress);
+        static void throwStackOverflowPreviousFrame(CallFrame*, JSGlobalData*, void*& returnAddress);
 
         void tryCTICacheGetByID(CallFrame*, CodeBlock*, void* returnAddress, JSValue* baseValue, const Identifier& propertyName, const PropertySlot&);

trunk/JavaScriptCore/bytecompiler/CodeGenerator.cpp

@@ -1220 +1220 @@
 }
 
-RegisterID* CodeGenerator::emitCall(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
-{
-    return emitCall(op_call, dst, func, thisRegister, argumentsNode, divot, startOffset, endOffset);
-}
-
-RegisterID* CodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
-{
-    return emitCall(op_call_eval, dst, func, thisRegister, argumentsNode, divot, startOffset, endOffset);
-}
-
-RegisterID* CodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
+RegisterID* CodeGenerator::emitCall(RegisterID* dst, RegisterID* func, RegisterID* base, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
+{
+    return emitCall(op_call, dst, func, base, argumentsNode, divot, startOffset, endOffset);
+}
+
+RegisterID* CodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, RegisterID* base, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
+{
+    return emitCall(op_call_eval, dst, func, base, argumentsNode, divot, startOffset, endOffset);
+}
+
+RegisterID* CodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, RegisterID* base, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
 {
     ASSERT(opcodeID == op_call || opcodeID == op_call_eval);
     ASSERT(func->refCount());
+    ASSERT(!base || base->refCount());
     
     // Generate code for arguments.
     Vector<RefPtr<RegisterID>, 16> argv;
-    argv.append(thisRegister);
+    argv.append(newTemporary()); // reserve space for "this"
     for (ArgumentListNode* n = argumentsNode->m_listNode.get(); n; n = n->m_next.get()) {
         argv.append(newTemporary());
@@ -1255 +1256 @@
     emitExpressionInfo(divot, startOffset, endOffset);
     m_codeBlock->callLinkInfos.append(CallLinkInfo());
-
-    // Emit call.
     emitOpcode(opcodeID);
-    instructions().append(dst->index()); // dst
-    instructions().append(func->index()); // func
-    instructions().append(argv.size()); // argCount
+    instructions().append(dst->index());
+    instructions().append(func->index());
+    instructions().append(base ? base->index() : missingThisObjectMarker()); // We encode the "this" value in the instruction stream, to avoid an explicit instruction for copying or loading it.
+    instructions().append(argv[0]->index()); // argv
+    instructions().append(argv.size()); // argc
     instructions().append(argv[0]->index() + argv.size() + RegisterFile::CallFrameHeaderSize); // registerOffset
 
@@ -1319 +1320 @@
     emitExpressionInfo(divot, startOffset, endOffset);
     m_codeBlock->callLinkInfos.append(CallLinkInfo());
-
     emitOpcode(op_construct);
-    instructions().append(dst->index()); // dst
-    instructions().append(func->index()); // func
-    instructions().append(argv.size()); // argCount
+    instructions().append(dst->index());
+    instructions().append(func->index());
+    instructions().append(funcProto->index());
+    instructions().append(argv[0]->index()); // argv
+    instructions().append(argv.size()); // argc
     instructions().append(argv[0]->index() + argv.size() + RegisterFile::CallFrameHeaderSize); // registerOffset
-    instructions().append(funcProto->index()); // proto
-    instructions().append(argv[0]->index()); // thisRegister
 
     emitOpcode(op_construct_verify);

trunk/JavaScriptCore/bytecompiler/CodeGenerator.h

@@ -274 +274 @@
         RegisterID* emitPutSetter(RegisterID* base, const Identifier& property, RegisterID* value);
 
-        RegisterID* emitCall(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
-        RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitCall(RegisterID* dst, RegisterID* func, RegisterID* base, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, RegisterID* base, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
 
         RegisterID* emitReturn(RegisterID* src);
@@ -346 +346 @@
         typedef HashMap<UString::Rep*, JSString*, IdentifierRepHash> IdentifierStringMap;
 
-        RegisterID* emitCall(OpcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitCall(OpcodeID, RegisterID*, RegisterID*, RegisterID*, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
         
         RegisterID* newRegister();

trunk/JavaScriptCore/parser/Nodes.cpp

@@ -586 +586 @@
 RegisterID* EvalFunctionCallNode::emitCode(CodeGenerator& generator, RegisterID* dst)
 {
-    RefPtr<RegisterID> func = generator.tempDestination(dst);
-    RefPtr<RegisterID> thisRegister = generator.newTemporary();
-    generator.emitResolveWithBase(thisRegister.get(), func.get(), generator.propertyNames().eval);
-    return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+    RefPtr<RegisterID> base = generator.tempDestination(dst);
+    RefPtr<RegisterID> func = generator.newTemporary();
+    generator.emitResolveWithBase(base.get(), func.get(), generator.propertyNames().eval);
+    return generator.emitCallEval(generator.finalDestination(dst, base.get()), func.get(), base.get(), m_args.get(), divot(), startOffset(), endOffset());
 }
 
@@ -608 +608 @@
 {
     RefPtr<RegisterID> func = generator.emitNode(m_expr.get());
-    RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsNull());
-    return generator.emitCall(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+    return generator.emitCall(generator.finalDestination(dst), func.get(), 0, m_args.get(), divot(), startOffset(), endOffset());
 }
 
@@ -626 +625 @@
 RegisterID* FunctionCallResolveNode::emitCode(CodeGenerator& generator, RegisterID* dst)
 {
-    if (RefPtr<RegisterID> local = generator.registerFor(m_ident)) {
-        RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsNull());
-        return generator.emitCall(generator.finalDestination(dst, thisRegister.get()), local.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
-    }
+    if (RefPtr<RegisterID> local = generator.registerFor(m_ident))
+        return generator.emitCall(generator.finalDestination(dst), local.get(), 0, m_args.get(), divot(), startOffset(), endOffset());
 
     int index = 0;
@@ -636 +633 @@
     if (generator.findScopedProperty(m_ident, index, depth, false, globalObject) && index != missingSymbolMarker()) {
         RefPtr<RegisterID> func = generator.emitGetScopedVar(generator.newTemporary(), depth, index, globalObject);
-        RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsNull());
-        return generator.emitCall(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
-    }
-
-    RefPtr<RegisterID> func = generator.tempDestination(dst);
-    RefPtr<RegisterID> thisRegister = generator.newTemporary();
+        return generator.emitCall(generator.finalDestination(dst), func.get(), 0, m_args.get(), divot(), startOffset(), endOffset());
+    }
+
+    RefPtr<RegisterID> base = generator.tempDestination(dst);
+    RefPtr<RegisterID> func = generator.newTemporary();
     int identifierStart = divot() - startOffset();
     generator.emitExpressionInfo(identifierStart + m_ident.size(), m_ident.size(), 0);
-    generator.emitResolveFunction(thisRegister.get(), func.get(), m_ident);
-    return generator.emitCall(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+    generator.emitResolveFunction(base.get(), func.get(), m_ident);
+    return generator.emitCall(generator.finalDestination(dst, base.get()), func.get(), base.get(), m_args.get(), divot(), startOffset(), endOffset());
 }
 
@@ -667 +663 @@
     RegisterID* property = generator.emitNode(m_subscript.get());
     generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
-    RefPtr<RegisterID> function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property);
-    RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
-    return generator.emitCall(generator.finalDestination(dst, function.get()), function.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+    RefPtr<RegisterID> function = generator.emitGetByVal(generator.newTemporary(), base.get(), property);
+    return generator.emitCall(generator.finalDestination(dst, base.get()), function.get(), base.get(), m_args.get(), divot(), startOffset(), endOffset());
 }
 
@@ -689 +684 @@
     RefPtr<RegisterID> base = generator.emitNode(m_base.get());
     generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
-    RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident);
-    RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
-    return generator.emitCall(generator.finalDestination(dst, function.get()), function.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+    RefPtr<RegisterID> function = generator.emitGetById(generator.newTemporary(), base.get(), m_ident);
+    return generator.emitCall(generator.finalDestination(dst, base.get()), function.get(), base.get(), m_args.get(), divot(), startOffset(), endOffset());
 }
 

trunk/JavaScriptCore/parser/Nodes.h

@@ -2079 +2079 @@
         int neededConstants()
         {
-            // We may need 2 more constants than the count given by the parser,
-            // because of the various uses of jsUndefined() and jsNull().
-            return m_numConstants + 2;
+            // We may need 1 more constant than the count given by the parser,
+            // because of the various uses of jsUndefined().
+            return m_numConstants + 1;
         }