Changeset 210007 in webkit

Timestamp:

Dec 19, 2016, 5:48:52 PM (8 years ago)

Author:

mark.lam@apple.com

Message:

Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 1: Rollout r209974.
​https://bugs.webkit.org/show_bug.cgi?id=166049

Not reviewed.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEnumeration):
(JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
(JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
(JSC::BytecodeGenerator::emitFinallyCompletion):
(JSC::BytecodeGenerator::allocateFinallyRegisters):
(JSC::BytecodeGenerator::releaseFinallyRegisters):
(JSC::BytecodeGenerator::emitCompareFinallyActionAndJumpIf):
(JSC::BytecodeGenerator::allocateCompletionRecordRegisters): Deleted.
(JSC::BytecodeGenerator::releaseCompletionRecordRegisters): Deleted.
(JSC::BytecodeGenerator::emitJumpIfCompletionType): Deleted.

• bytecompiler/BytecodeGenerator.h:

(JSC::FinallyJump::FinallyJump):
(JSC::FinallyContext::registerJump):
(JSC::BytecodeGenerator::FinallyRegistersScope::FinallyRegistersScope):
(JSC::BytecodeGenerator::FinallyRegistersScope::~FinallyRegistersScope):
(JSC::BytecodeGenerator::finallyActionRegister):
(JSC::BytecodeGenerator::finallyReturnValueRegister):
(JSC::BytecodeGenerator::emitSetFinallyActionToNormalCompletion):
(JSC::BytecodeGenerator::emitSetFinallyActionToReturnCompletion):
(JSC::BytecodeGenerator::emitSetFinallyActionToJumpID):
(JSC::BytecodeGenerator::emitSetFinallyReturnValueRegister):
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNormalCompletion):
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotJump):
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsReturnCompletion):
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotReturnCompletion):
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotThrowCompletion):
(JSC::BytecodeGenerator::emitJumpIfCompletionTypeIsThrow):
(JSC::BytecodeGenerator::bytecodeOffsetToJumpID):
(JSC::bytecodeOffsetToJumpID): Deleted.
(JSC::BytecodeGenerator::CompletionRecordScope::CompletionRecordScope): Deleted.
(JSC::BytecodeGenerator::CompletionRecordScope::~CompletionRecordScope): Deleted.
(JSC::BytecodeGenerator::completionTypeRegister): Deleted.
(JSC::BytecodeGenerator::completionValueRegister): Deleted.
(JSC::BytecodeGenerator::emitSetCompletionType): Deleted.
(JSC::BytecodeGenerator::emitSetCompletionValue): Deleted.

• bytecompiler/NodesCodegen.cpp:

(JSC::TryNode::emitBytecode):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecompiler/BytecodeGenerator.cpp (modified) (12 diffs)
• bytecompiler/BytecodeGenerator.h (modified) (8 diffs)
• bytecompiler/NodesCodegen.cpp (modified) (4 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2016-12-19  Mark Lam  <mark.lam@apple.com>
+
+        Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 1: Rollout r209974.
+        https://bugs.webkit.org/show_bug.cgi?id=166049
+
+        Not reviewed.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitEnumeration):
+        (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
+        (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
+        (JSC::BytecodeGenerator::emitFinallyCompletion):
+        (JSC::BytecodeGenerator::allocateFinallyRegisters):
+        (JSC::BytecodeGenerator::releaseFinallyRegisters):
+        (JSC::BytecodeGenerator::emitCompareFinallyActionAndJumpIf):
+        (JSC::BytecodeGenerator::allocateCompletionRecordRegisters): Deleted.
+        (JSC::BytecodeGenerator::releaseCompletionRecordRegisters): Deleted.
+        (JSC::BytecodeGenerator::emitJumpIfCompletionType): Deleted.
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::FinallyJump::FinallyJump):
+        (JSC::FinallyContext::registerJump):
+        (JSC::BytecodeGenerator::FinallyRegistersScope::FinallyRegistersScope):
+        (JSC::BytecodeGenerator::FinallyRegistersScope::~FinallyRegistersScope):
+        (JSC::BytecodeGenerator::finallyActionRegister):
+        (JSC::BytecodeGenerator::finallyReturnValueRegister):
+        (JSC::BytecodeGenerator::emitSetFinallyActionToNormalCompletion):
+        (JSC::BytecodeGenerator::emitSetFinallyActionToReturnCompletion):
+        (JSC::BytecodeGenerator::emitSetFinallyActionToJumpID):
+        (JSC::BytecodeGenerator::emitSetFinallyReturnValueRegister):
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNormalCompletion):
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotJump):
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsReturnCompletion):
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotReturnCompletion):
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotThrowCompletion):
+        (JSC::BytecodeGenerator::emitJumpIfCompletionTypeIsThrow):
+        (JSC::BytecodeGenerator::bytecodeOffsetToJumpID):
+        (JSC::bytecodeOffsetToJumpID): Deleted.
+        (JSC::BytecodeGenerator::CompletionRecordScope::CompletionRecordScope): Deleted.
+        (JSC::BytecodeGenerator::CompletionRecordScope::~CompletionRecordScope): Deleted.
+        (JSC::BytecodeGenerator::completionTypeRegister): Deleted.
+        (JSC::BytecodeGenerator::completionValueRegister): Deleted.
+        (JSC::BytecodeGenerator::emitSetCompletionType): Deleted.
+        (JSC::BytecodeGenerator::emitSetCompletionValue): Deleted.
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::TryNode::emitBytecode):
+
 2016-12-19  Joseph Pecoraro  <pecoraro@apple.com>
 

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -4127 +4127 @@
 void BytecodeGenerator::emitEnumeration(ThrowableExpressionData* node, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack, ForOfNode* forLoopNode, RegisterID* forLoopSymbolTable)
 {
-    CompletionRecordScope completionRecordScope(*this);
+    FinallyRegistersScope finallyRegistersScope(*this);
 
     RefPtr<RegisterID> subject = newTemporary();
@@ -4170 +4170 @@
             popTry(tryData, finallyViaThrowLabel.get());
 
-            RefPtr<Label> finallyBodyLabel = newLabel();
-            RefPtr<RegisterID> finallyExceptionRegister = newTemporary();
             RegisterID* unused = newTemporary();
-
-            emitCatch(completionValueRegister(), unused);
-            emitSetCompletionType(CompletionType::Throw);
-            emitMove(finallyExceptionRegister.get(), completionValueRegister());
-            emitJump(finallyBodyLabel.get());
+            emitCatch(finallyActionRegister(), unused);
+            // Setting the finallyActionRegister to the caught exception here implies CompletionType::Throw.
 
             emitLabel(finallyLabel.get());
-            emitMoveEmptyValue(finallyExceptionRegister.get());
-
-            emitLabel(finallyBodyLabel.get());
             restoreScopeRegister();
 
@@ -4189 +4181 @@
             RefPtr<RegisterID> returnMethod = emitGetById(newTemporary(), iterator.get(), propertyNames().returnKeyword);
             emitJumpIfTrue(emitIsUndefined(newTemporary(), returnMethod.get()), finallyDone.get());
+
+            RefPtr<RegisterID> originalFinallyActionRegister = newTemporary();
+            emitMove(originalFinallyActionRegister.get(), finallyActionRegister());
 
             RefPtr<Label> returnCallTryStart = newLabel();
@@ -4215 +4210 @@
                 RegisterID* unused = newTemporary();
                 emitCatch(exceptionRegister.get(), unused);
-                // Since this is a synthesized catch block and we're guaranteed to never need
-                // to resolve any symbols from the scope, we can skip restoring the scope
-                // register here.
+                restoreScopeRegister();
 
                 RefPtr<Label> throwLabel = newLabel();
-                emitJumpIfTrue(emitIsEmpty(newTemporary(), finallyExceptionRegister.get()), throwLabel.get());
-                emitMove(exceptionRegister.get(), finallyExceptionRegister.get());
+                emitJumpIfCompletionTypeIsThrow(originalFinallyActionRegister.get(), throwLabel.get());
+                emitMove(originalFinallyActionRegister.get(), exceptionRegister.get());
 
                 emitLabel(throwLabel.get());
-                emitThrow(exceptionRegister.get());
+                emitThrow(originalFinallyActionRegister.get());
 
                 emitLabel(endCatchLabel.get());
@@ -4827 +4820 @@
         return false; // No finallys to thread through.
 
-    auto jumpID = bytecodeOffsetToJumpID(instructions().size());
+    int jumpID = bytecodeOffsetToJumpID(instructions().size());
     int lexicalScopeIndex = labelScopeDepthToLexicalScopeIndex(targetLabelScopeDepth);
     outermostFinallyContext->registerJump(jumpID, lexicalScopeIndex, jumpTarget);
 
-    emitSetCompletionType(jumpID);
+    emitSetFinallyActionToJumpID(jumpID);
     emitJump(innermostFinallyContext->finallyLabel());
     return true; // We'll be jumping to a finally block.
@@ -4857 +4850 @@
         return false; // No finallys to thread through.
 
-    emitSetCompletionType(CompletionType::Return);
-    emitSetCompletionValue(returnRegister);
+    emitSetFinallyActionToReturnCompletion();
+    emitSetFinallyReturnValueRegister(returnRegister);
     emitJump(innermostFinallyContext->finallyLabel());
     return true; // We'll be jumping to a finally block.
@@ -4865 +4858 @@
 void BytecodeGenerator::emitFinallyCompletion(FinallyContext& context, Label* normalCompletionLabel)
 {
-    emitJumpIfCompletionType(op_stricteq, CompletionType::Normal, normalCompletionLabel);
+    // FIXME: switch the finallyActionRegister to only store int values for all CompletionTypes. This is more optimal for JIT type speculation.
+    // https://bugs.webkit.org/show_bug.cgi?id=165979
+    emitJumpIfFinallyActionIsNormalCompletion(normalCompletionLabel);
 
     if (context.numberOfBreaksOrContinues() || context.handlesReturns()) {
@@ -4875 +4870 @@
                 RefPtr<Label> nextLabel = newLabel();
                 auto& jump = context.jumps(i);
-                emitJumpIfCompletionType(op_nstricteq, jump.jumpID, nextLabel.get());
+                emitJumpIfFinallyActionIsNotJump(jump.jumpID, nextLabel.get());
 
                 restoreScopeRegister(jump.targetLexicalScopeIndex);
-                emitSetCompletionType(CompletionType::Normal);
+                emitSetFinallyActionToNormalCompletion();
                 emitJump(jump.targetLabel.get());
 
@@ -4886 +4881 @@
             bool hasBreaksOrContinuesNotCoveredByJumps = context.numberOfBreaksOrContinues() > numberOfJumps;
             if (hasBreaksOrContinuesNotCoveredByJumps || context.handlesReturns())
-                emitJumpIfCompletionType(op_nstricteq, CompletionType::Throw, outerContext->finallyLabel());
+                emitJumpIfFinallyActionIsNotThrowCompletion(outerContext->finallyLabel());
 
         } else {
@@ -4896 +4891 @@
                 RefPtr<Label> nextLabel = newLabel();
                 auto& jump = context.jumps(i);
-                emitJumpIfCompletionType(op_nstricteq, jump.jumpID, nextLabel.get());
+                emitJumpIfFinallyActionIsNotJump(jump.jumpID, nextLabel.get());
 
                 restoreScopeRegister(jump.targetLexicalScopeIndex);
-                emitSetCompletionType(CompletionType::Normal);
+                emitSetFinallyActionToNormalCompletion();
                 emitJump(jump.targetLabel.get());
 
@@ -4907 +4902 @@
             if (context.handlesReturns()) {
                 RefPtr<Label> notReturnLabel = newLabel();
-                emitJumpIfCompletionType(op_nstricteq, CompletionType::Return, notReturnLabel.get());
+                emitJumpIfFinallyActionIsNotReturnCompletion(notReturnLabel.get());
 
                 emitWillLeaveCallFrameDebugHook();
-                emitReturn(completionValueRegister(), ReturnFrom::Finally);
+                emitReturn(finallyReturnValueRegister(), ReturnFrom::Finally);
                 
                 emitLabel(notReturnLabel.get());
@@ -4916 +4911 @@
         }
     }
-    emitThrow(completionValueRegister());
-}
-
-bool BytecodeGenerator::allocateCompletionRecordRegisters()
-{
-    if (m_completionTypeRegister)
+    emitThrow(finallyActionRegister());
+}
+
+bool BytecodeGenerator::allocateFinallyRegisters()
+{
+    if (m_finallyActionRegister)
         return false;
 
-    ASSERT(!m_completionValueRegister);
-    m_completionTypeRegister = newTemporary();
-    m_completionValueRegister = newTemporary();
-
-    emitSetCompletionType(CompletionType::Normal);
-    emitMoveEmptyValue(m_completionValueRegister.get());
+    ASSERT(!m_finallyReturnValueRegister);
+    m_finallyActionRegister = newTemporary();
+    m_finallyReturnValueRegister = newTemporary();
+
+    emitSetFinallyActionToNormalCompletion();
+    emitMoveEmptyValue(m_finallyReturnValueRegister.get());
     return true;
 }
 
-void BytecodeGenerator::releaseCompletionRecordRegisters()
-{
-    ASSERT(m_completionTypeRegister && m_completionValueRegister);
-    m_completionTypeRegister = nullptr;
-    m_completionValueRegister = nullptr;
-}
-
-void BytecodeGenerator::emitJumpIfCompletionType(OpcodeID compareOpcode, CompletionType type, Label* jumpTarget)
+void BytecodeGenerator::releaseFinallyRegisters()
+{
+    ASSERT(m_finallyActionRegister && m_finallyReturnValueRegister);
+    m_finallyActionRegister = nullptr;
+    m_finallyReturnValueRegister = nullptr;
+}
+
+void BytecodeGenerator::emitCompareFinallyActionAndJumpIf(OpcodeID compareOpcode, int value, Label* jumpTarget)
 {
     RefPtr<RegisterID> tempRegister = newTemporary();
-    RegisterID* valueConstant = addConstantValue(JSValue(static_cast<int>(type)));
+    RegisterID* valueConstant = addConstantValue(JSValue(value));
     OperandTypes operandTypes = OperandTypes(ResultType::numberTypeIsInt32(), ResultType::unknownType());
 
-    auto equivalenceResult = emitBinaryOp(compareOpcode, tempRegister.get(), valueConstant, completionTypeRegister(), operandTypes);
+    auto equivalenceResult = emitBinaryOp(compareOpcode, tempRegister.get(), valueConstant, finallyActionRegister(), operandTypes);
     emitJumpIfTrue(equivalenceResult, jumpTarget);
 }

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -81 +81 @@
     };
 
-    // https://tc39.github.io/ecma262/#sec-completion-record-specification-type
-    //
-    // For the Break and Continue cases, instead of using the Break and Continue enum values
-    // below, we use the unique jumpID of the break and continue statement as the encoding
-    // for the CompletionType value. emitFinallyCompletion() uses this jumpID value later
-    // to determine the appropriate jump target to jump to after executing the relevant finally
-    // blocks. The jumpID is computed as:
-    //     jumpID = bytecodeOffset (of the break/continue node) + CompletionType::NumberOfTypes.
-    // Hence, there won't be any collision between jumpIDs and CompletionType enums.
-    enum class CompletionType : int {
-        Normal,
-        Break,
-        Continue,
-        Return,
-        Throw,
-        
-        NumberOfTypes
-    };
-
-    inline CompletionType bytecodeOffsetToJumpID(unsigned offset)
-    {
-        int jumpIDAsInt = offset + static_cast<int>(CompletionType::NumberOfTypes);
-        ASSERT(jumpIDAsInt >= static_cast<int>(CompletionType::NumberOfTypes));
-        return static_cast<CompletionType>(jumpIDAsInt);
-    }
-
     struct FinallyJump {
-        FinallyJump(CompletionType jumpID, int targetLexicalScopeIndex, Label* targetLabel)
+        FinallyJump(int jumpID, int targetLexicalScopeIndex, Label* targetLabel)
             : jumpID(jumpID)
             , targetLexicalScopeIndex(targetLexicalScopeIndex)
@@ -114 +88 @@
         { }
 
-        CompletionType jumpID;
-        int targetLexicalScopeIndex;
+        int jumpID { 0 };
+        int targetLexicalScopeIndex { 0 };
         RefPtr<Label> targetLabel;
     };
@@ -143 +117 @@
         void setHandlesReturns() { m_handlesReturns = true; }
 
-        void registerJump(CompletionType jumpID, int lexicalScopeIndex, Label* targetLabel)
+        void registerJump(int jumpID, int lexicalScopeIndex, Label* targetLabel)
         {
             if (!m_jumps)
@@ -802 +776 @@
         void emitWillLeaveCallFrameDebugHook();
 
-        class CompletionRecordScope {
+        class FinallyRegistersScope {
         public:
-            CompletionRecordScope(BytecodeGenerator& generator, bool needCompletionRecordRegisters = true)
+            FinallyRegistersScope(BytecodeGenerator& generator, bool needFinallyRegisters = true)
                 : m_generator(generator)
             {
-                if (needCompletionRecordRegisters && m_generator.allocateCompletionRecordRegisters())
+                if (needFinallyRegisters && m_generator.allocateFinallyRegisters())
                     m_needToReleaseOnDestruction = true;
             }
-            ~CompletionRecordScope()
+            ~FinallyRegistersScope()
             {
                 if (m_needToReleaseOnDestruction)
-                    m_generator.releaseCompletionRecordRegisters();
+                    m_generator.releaseFinallyRegisters();
             }
 
@@ -821 +795 @@
         };
 
-        RegisterID* completionTypeRegister() const
-        {
-            ASSERT(m_completionTypeRegister);
-            return m_completionTypeRegister.get();
-        }
-        RegisterID* completionValueRegister() const
-        {
-            ASSERT(m_completionValueRegister);
-            return m_completionValueRegister.get();
-        }
-
-        void emitSetCompletionType(CompletionType type)
-        {
-            emitLoad(completionTypeRegister(), JSValue(static_cast<int>(type)));
-        }
-        void emitSetCompletionValue(RegisterID* reg)
-        {
-            emitMove(completionValueRegister(), reg);
-        }
-
-        void emitJumpIfCompletionType(OpcodeID compareOpcode, CompletionType, Label* jumpTarget);
+        RegisterID* finallyActionRegister() const
+        {
+            ASSERT(m_finallyActionRegister);
+            return m_finallyActionRegister.get();
+        }
+        RegisterID* finallyReturnValueRegister() const
+        {
+            ASSERT(m_finallyReturnValueRegister);
+            return m_finallyReturnValueRegister.get();
+        }
+
+        void emitSetFinallyActionToNormalCompletion()
+        {
+            emitMoveEmptyValue(m_finallyActionRegister.get());
+        }
+        void emitSetFinallyActionToReturnCompletion()
+        {
+            emitLoad(finallyActionRegister(), JSValue(static_cast<int>(CompletionType::Return)));
+        }
+        void emitSetFinallyActionToJumpID(int jumpID)
+        {
+            emitLoad(finallyActionRegister(), JSValue(jumpID));
+        }
+        void emitSetFinallyReturnValueRegister(RegisterID* reg)
+        {
+            emitMove(finallyReturnValueRegister(), reg);
+        }
+
+        void emitJumpIfFinallyActionIsNormalCompletion(Label* jumpTarget)
+        {
+            emitJumpIfTrue(emitIsEmpty(newTemporary(), finallyActionRegister()), jumpTarget);
+        }
+
+        void emitJumpIfFinallyActionIsNotJump(int jumpID, Label* jumpTarget)
+        {
+            emitCompareFinallyActionAndJumpIf(op_nstricteq, jumpID, jumpTarget);
+        }
+
+        void emitJumpIfFinallyActionIsReturnCompletion(Label* jumpTarget)
+        {
+            emitCompareFinallyActionAndJumpIf(op_stricteq, static_cast<int>(CompletionType::Return), jumpTarget);
+        }
+        void emitJumpIfFinallyActionIsNotReturnCompletion(Label* jumpTarget)
+        {
+            emitCompareFinallyActionAndJumpIf(op_nstricteq, static_cast<int>(CompletionType::Return), jumpTarget);
+        }
+
+        void emitJumpIfFinallyActionIsNotThrowCompletion(Label* jumpTarget)
+        {
+            emitJumpIfTrue(emitIsNumber(newTemporary(), finallyActionRegister()), jumpTarget);
+        }
+        void emitJumpIfCompletionTypeIsThrow(RegisterID* reg, Label* jumpTarget)
+        {
+            emitJumpIfFalse(emitIsNumber(newTemporary(), reg), jumpTarget);
+        }
 
         bool emitJumpViaFinallyIfNeeded(int targetLabelScopeDepth, Label* jumpTarget);
@@ -848 +856 @@
 
     private:
-        bool allocateCompletionRecordRegisters();
-        void releaseCompletionRecordRegisters();
+        void emitCompareFinallyActionAndJumpIf(OpcodeID compareOpcode, int value, Label* jumpTarget);
+
+        int bytecodeOffsetToJumpID(unsigned offset)
+        {
+            int jumpID = offset + static_cast<int>(CompletionType::NumberOfTypes);
+            ASSERT(jumpID >= static_cast<int>(CompletionType::NumberOfTypes));
+            return jumpID;
+        }
+
+        bool allocateFinallyRegisters();
+        void releaseFinallyRegisters();
 
     public:
@@ -1084 +1101 @@
         RegisterID* m_promiseCapabilityRegister { nullptr };
 
-        RefPtr<RegisterID> m_completionTypeRegister;
-        RefPtr<RegisterID> m_completionValueRegister;
+        // The spec at https://tc39.github.io/ecma262/#sec-completion-record-specification-type says
+        // that there are 5 types of completions. Conceptually, we'll set m_finallyActionRegister
+        // to one of these completion types. However, to optimize our implementation, we'll encode
+        // these type info as follows:
+        //
+        //     CompletionType::Normal   - m_finallyActionRegister is empty.
+        //     CompletionType::Break    - m_finallyActionRegister is an int JSValue jumpID.
+        //     CompletionType::Continue - m_finallyActionRegister is an int JSValue jumpID.
+        //     CompletionType::Return   - m_finallyActionRegister is the Return enum as an int JSValue.
+        //     CompletionType::Throw    - m_finallyActionRegister is the Exception object to rethrow.
+        //
+        // Hence, of the 5 completion types, only the CompletionType::Return enum value is used in
+        // our implementation. The rest are just provided for completeness.
+
+        enum class CompletionType : int {
+            Normal,
+            Break,
+            Continue,
+            Return,
+            Throw,
+
+            NumberOfTypes
+        };
+
+        RefPtr<RegisterID> m_finallyActionRegister;
+        RefPtr<RegisterID> m_finallyReturnValueRegister;
 
         FinallyContext* m_currentFinallyContext { nullptr };
@@ -1103 +1144 @@
         void popLocalControlFlowScope();
 
-        // FIXME: Restore overflow checking with UnsafeVectorOverflow once SegmentVector supports it.
+        // FIXME: Restore overflow checking with UnsafeVectorOverflow once SegmentVector supports it. 
         // https://bugs.webkit.org/show_bug.cgi?id=165980
         SegmentedVector<ControlFlowScope, 16> m_controlFlowScopeStack;

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -3288 +3288 @@
 
     ASSERT(m_catchBlock || m_finallyBlock);
-    BytecodeGenerator::CompletionRecordScope completionRecordScope(generator, m_finallyBlock);
+    BytecodeGenerator::FinallyRegistersScope finallyRegistersScope(generator, m_finallyBlock);
 
     RefPtr<Label> catchLabel;
@@ -3317 +3317 @@
     generator.emitNode(dst, m_tryBlock);
 
+    // The finallyActionRegister is an empty value by default, which implies CompletionType::Normal.
     if (m_finallyBlock)
         generator.emitJump(finallyLabel.get());
@@ -3351 +3352 @@
 
         if (m_finallyBlock) {
-            generator.emitSetCompletionType(CompletionType::Normal);
+            generator.emitSetFinallyActionToNormalCompletion();
             generator.emitJump(finallyLabel.get());
             generator.popTry(tryData, finallyViaThrowLabel.get());
@@ -3366 +3367 @@
         generator.emitLabel(finallyViaThrowLabel.get());
         RegisterID* unused = generator.newTemporary();
-        generator.emitCatch(generator.completionValueRegister(), unused);
-        generator.emitSetCompletionType(CompletionType::Throw);
+        generator.emitCatch(generator.finallyActionRegister(), unused);
+        // Setting the finallyActionRegister to the caught exception here implies CompletionType::Throw.
 
         // Entry to the finally block for CompletionTypes other than Throw.