Changeset 210010 in webkit

Timestamp:

Dec 19, 2016, 6:03:02 PM (8 years ago)

Author:

mark.lam@apple.com

Message:

Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 2: Rollout r209952.
​https://bugs.webkit.org/show_bug.cgi?id=166049

Not reviewed.

JSTests:

• stress/deeply-nested-finallys.js: Removed.
• stress/test-finally.js: Removed.

Source/JavaScriptCore:

• bytecode/HandlerInfo.h:

(JSC::HandlerInfoBase::typeName):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitReturn):
(JSC::BytecodeGenerator::pushFinallyControlFlowScope):
(JSC::BytecodeGenerator::pushIteratorCloseControlFlowScope):
(JSC::BytecodeGenerator::popFinallyControlFlowScope):
(JSC::BytecodeGenerator::popIteratorCloseControlFlowScope):
(JSC::BytecodeGenerator::emitComplexPopScopes):
(JSC::BytecodeGenerator::emitPopScopes):
(JSC::BytecodeGenerator::pushTry):
(JSC::BytecodeGenerator::popTryAndEmitCatch):
(JSC::BytecodeGenerator::labelScopeDepth):
(JSC::BytecodeGenerator::pushLocalControlFlowScope):
(JSC::BytecodeGenerator::popLocalControlFlowScope):
(JSC::BytecodeGenerator::emitEnumeration):
(JSC::BytecodeGenerator::emitYield):
(JSC::BytecodeGenerator::emitDelegateYield):
(JSC::BytecodeGenerator::popTry): Deleted.
(JSC::BytecodeGenerator::emitCatch): Deleted.
(JSC::BytecodeGenerator::restoreScopeRegister): Deleted.
(JSC::BytecodeGenerator::labelScopeDepthToLexicalScopeIndex): Deleted.
(JSC::BytecodeGenerator::emitIsNumber): Deleted.
(JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded): Deleted.
(JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded): Deleted.
(JSC::BytecodeGenerator::emitFinallyCompletion): Deleted.
(JSC::BytecodeGenerator::allocateFinallyRegisters): Deleted.
(JSC::BytecodeGenerator::releaseFinallyRegisters): Deleted.
(JSC::BytecodeGenerator::emitCompareFinallyActionAndJumpIf): Deleted.

• bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::isInFinallyBlock):
(JSC::FinallyJump::FinallyJump): Deleted.
(JSC::FinallyContext::FinallyContext): Deleted.
(JSC::FinallyContext::outerContext): Deleted.
(JSC::FinallyContext::finallyLabel): Deleted.
(JSC::FinallyContext::depth): Deleted.
(JSC::FinallyContext::numberOfBreaksOrContinues): Deleted.
(JSC::FinallyContext::incNumberOfBreaksOrContinues): Deleted.
(JSC::FinallyContext::handlesReturns): Deleted.
(JSC::FinallyContext::setHandlesReturns): Deleted.
(JSC::FinallyContext::registerJump): Deleted.
(JSC::FinallyContext::numberOfJumps): Deleted.
(JSC::FinallyContext::jumps): Deleted.
(JSC::ControlFlowScope::ControlFlowScope): Deleted.
(JSC::ControlFlowScope::isLabelScope): Deleted.
(JSC::ControlFlowScope::isFinallyScope): Deleted.
(JSC::BytecodeGenerator::currentLexicalScopeIndex): Deleted.
(JSC::BytecodeGenerator::FinallyRegistersScope::FinallyRegistersScope): Deleted.
(JSC::BytecodeGenerator::FinallyRegistersScope::~FinallyRegistersScope): Deleted.
(JSC::BytecodeGenerator::finallyActionRegister): Deleted.
(JSC::BytecodeGenerator::finallyReturnValueRegister): Deleted.
(JSC::BytecodeGenerator::emitSetFinallyActionToNormalCompletion): Deleted.
(JSC::BytecodeGenerator::emitSetFinallyActionToReturnCompletion): Deleted.
(JSC::BytecodeGenerator::emitSetFinallyActionToJumpID): Deleted.
(JSC::BytecodeGenerator::emitSetFinallyReturnValueRegister): Deleted.
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNormalCompletion): Deleted.
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotJump): Deleted.
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsReturnCompletion): Deleted.
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotReturnCompletion): Deleted.
(JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotThrowCompletion): Deleted.
(JSC::BytecodeGenerator::emitJumpIfCompletionTypeIsThrow): Deleted.
(JSC::BytecodeGenerator::bytecodeOffsetToJumpID): Deleted.

• bytecompiler/NodesCodegen.cpp:

(JSC::ContinueNode::emitBytecode):
(JSC::BreakNode::emitBytecode):
(JSC::ReturnNode::emitBytecode):
(JSC::TryNode::emitBytecode):

Source/WTF:

• wtf/SegmentedVector.h:

(WTF::SegmentedVector::last):
(WTF::SegmentedVector::first): Deleted.
(WTF::SegmentedVector::takeLast): Deleted.

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/deeply-nested-finallys.js (deleted)
• JSTests/stress/test-finally.js (deleted)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/bytecode/HandlerInfo.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (20 diffs)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (modified) (9 diffs)
• Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (5 diffs)
• Source/WTF/ChangeLog (modified) (1 diff)
• Source/WTF/wtf/SegmentedVector.h (modified) (1 diff)

trunk/JSTests/ChangeLog

@@ +1 @@
+2016-12-19  Mark Lam  <mark.lam@apple.com>
+
+        Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 2: Rollout r209952.
+        https://bugs.webkit.org/show_bug.cgi?id=166049
+
+        Not reviewed.
+
+        * stress/deeply-nested-finallys.js: Removed.
+        * stress/test-finally.js: Removed.
+
 2016-12-19  Saam Barati  <sbarati@apple.com>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2016-12-19  Mark Lam  <mark.lam@apple.com>
+
+        Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 2: Rollout r209952.
+        https://bugs.webkit.org/show_bug.cgi?id=166049
+
+        Not reviewed.
+
+        * bytecode/HandlerInfo.h:
+        (JSC::HandlerInfoBase::typeName):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitReturn):
+        (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
+        (JSC::BytecodeGenerator::pushIteratorCloseControlFlowScope):
+        (JSC::BytecodeGenerator::popFinallyControlFlowScope):
+        (JSC::BytecodeGenerator::popIteratorCloseControlFlowScope):
+        (JSC::BytecodeGenerator::emitComplexPopScopes):
+        (JSC::BytecodeGenerator::emitPopScopes):
+        (JSC::BytecodeGenerator::pushTry):
+        (JSC::BytecodeGenerator::popTryAndEmitCatch):
+        (JSC::BytecodeGenerator::labelScopeDepth):
+        (JSC::BytecodeGenerator::pushLocalControlFlowScope):
+        (JSC::BytecodeGenerator::popLocalControlFlowScope):
+        (JSC::BytecodeGenerator::emitEnumeration):
+        (JSC::BytecodeGenerator::emitYield):
+        (JSC::BytecodeGenerator::emitDelegateYield):
+        (JSC::BytecodeGenerator::popTry): Deleted.
+        (JSC::BytecodeGenerator::emitCatch): Deleted.
+        (JSC::BytecodeGenerator::restoreScopeRegister): Deleted.
+        (JSC::BytecodeGenerator::labelScopeDepthToLexicalScopeIndex): Deleted.
+        (JSC::BytecodeGenerator::emitIsNumber): Deleted.
+        (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded): Deleted.
+        (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded): Deleted.
+        (JSC::BytecodeGenerator::emitFinallyCompletion): Deleted.
+        (JSC::BytecodeGenerator::allocateFinallyRegisters): Deleted.
+        (JSC::BytecodeGenerator::releaseFinallyRegisters): Deleted.
+        (JSC::BytecodeGenerator::emitCompareFinallyActionAndJumpIf): Deleted.
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::isInFinallyBlock):
+        (JSC::FinallyJump::FinallyJump): Deleted.
+        (JSC::FinallyContext::FinallyContext): Deleted.
+        (JSC::FinallyContext::outerContext): Deleted.
+        (JSC::FinallyContext::finallyLabel): Deleted.
+        (JSC::FinallyContext::depth): Deleted.
+        (JSC::FinallyContext::numberOfBreaksOrContinues): Deleted.
+        (JSC::FinallyContext::incNumberOfBreaksOrContinues): Deleted.
+        (JSC::FinallyContext::handlesReturns): Deleted.
+        (JSC::FinallyContext::setHandlesReturns): Deleted.
+        (JSC::FinallyContext::registerJump): Deleted.
+        (JSC::FinallyContext::numberOfJumps): Deleted.
+        (JSC::FinallyContext::jumps): Deleted.
+        (JSC::ControlFlowScope::ControlFlowScope): Deleted.
+        (JSC::ControlFlowScope::isLabelScope): Deleted.
+        (JSC::ControlFlowScope::isFinallyScope): Deleted.
+        (JSC::BytecodeGenerator::currentLexicalScopeIndex): Deleted.
+        (JSC::BytecodeGenerator::FinallyRegistersScope::FinallyRegistersScope): Deleted.
+        (JSC::BytecodeGenerator::FinallyRegistersScope::~FinallyRegistersScope): Deleted.
+        (JSC::BytecodeGenerator::finallyActionRegister): Deleted.
+        (JSC::BytecodeGenerator::finallyReturnValueRegister): Deleted.
+        (JSC::BytecodeGenerator::emitSetFinallyActionToNormalCompletion): Deleted.
+        (JSC::BytecodeGenerator::emitSetFinallyActionToReturnCompletion): Deleted.
+        (JSC::BytecodeGenerator::emitSetFinallyActionToJumpID): Deleted.
+        (JSC::BytecodeGenerator::emitSetFinallyReturnValueRegister): Deleted.
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNormalCompletion): Deleted.
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotJump): Deleted.
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsReturnCompletion): Deleted.
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotReturnCompletion): Deleted.
+        (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotThrowCompletion): Deleted.
+        (JSC::BytecodeGenerator::emitJumpIfCompletionTypeIsThrow): Deleted.
+        (JSC::BytecodeGenerator::bytecodeOffsetToJumpID): Deleted.
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::ContinueNode::emitBytecode):
+        (JSC::BreakNode::emitBytecode):
+        (JSC::ReturnNode::emitBytecode):
+        (JSC::TryNode::emitBytecode):
+
 2016-12-19  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/HandlerInfo.h

@@ -32 +32 @@
 
 enum class HandlerType {
-    Catch = 0,
-    Finally = 1,
-    SynthesizedCatch = 2,
+    Illegal = 0,
+    Catch = 1,
+    Finally = 2,
     SynthesizedFinally = 3
 };
@@ -54 +54 @@
         case HandlerType::Finally:
             return "finally";
-        case HandlerType::SynthesizedCatch:
-            return "synthesized catch";
         case HandlerType::SynthesizedFinally:
             return "synthesized finally";

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -157 +157 @@
             continue;
         
+        ASSERT(range.tryData->handlerType != HandlerType::Illegal);
         UnlinkedHandlerInfo info(static_cast<uint32_t>(start), static_cast<uint32_t>(end),
             static_cast<uint32_t>(range.tryData->target->bind()), range.tryData->handlerType);
@@ -680 +681 @@
     pushTDZVariables(*parentScopeTDZVariables, TDZCheckOptimization::DoNotOptimize, TDZRequirement::UnderTDZ);
 
-    RefPtr<Label> catchLabel = newLabel();
     TryData* tryFormalParametersData = nullptr;
-    bool needTryCatch = isAsyncFunctionWrapperParseMode(parseMode) && !isSimpleParameterList;
-    if (needTryCatch) {
+    if (isAsyncFunctionWrapperParseMode(parseMode) && !isSimpleParameterList) {
         RefPtr<Label> tryFormalParametersStart = emitLabel(newLabel().get());
-        tryFormalParametersData = pushTry(tryFormalParametersStart.get(), catchLabel.get(), HandlerType::SynthesizedCatch);
+        tryFormalParametersData = pushTry(tryFormalParametersStart.get());
     }
 
     initializeDefaultParameterValuesAndSetupFunctionScopeStack(parameters, isSimpleParameterList, functionNode, functionSymbolTable, symbolTableConstantIndex, captures, shouldCreateArgumentsVariableInParameterScope);
 
-    if (needTryCatch) {
+    if (isAsyncFunctionWrapperParseMode(parseMode) && !isSimpleParameterList) {
         RefPtr<Label> didNotThrow = newLabel();
         emitJump(didNotThrow.get());
-        emitLabel(catchLabel.get());
-        popTry(tryFormalParametersData, catchLabel.get());
-
+        RefPtr<RegisterID> exception = newTemporary();
         RefPtr<RegisterID> thrownValue = newTemporary();
-        RegisterID* unused = newTemporary();
-        emitCatch(unused, thrownValue.get());
+        RefPtr<Label> catchHere = emitLabel(newLabel().get());
+        popTryAndEmitCatch(tryFormalParametersData, exception.get(), thrownValue.get(), catchHere.get(), HandlerType::Catch);
 
         // return promiseCapability.@reject(thrownValue)
@@ -3497 +3494 @@
 }
 
-RegisterID* BytecodeGenerator::emitReturn(RegisterID* src, ReturnFrom from)
+RegisterID* BytecodeGenerator::emitReturn(RegisterID* src)
 {
     if (isConstructor()) {
@@ -3503 +3500 @@
         bool srcIsThis = src->index() == m_thisRegister.index();
 
-        if (mightBeDerived && (srcIsThis || from == ReturnFrom::Finally))
+        if (mightBeDerived && srcIsThis)
             emitTDZCheck(src);
 
-        if (!srcIsThis || from == ReturnFrom::Finally) {
+        if (!srcIsThis) {
             RefPtr<Label> isObjectLabel = newLabel();
             emitJumpIfTrue(emitIsObject(newTemporary(), src), isObjectLabel.get());
@@ -3684 +3681 @@
 }
 
-FinallyContext* BytecodeGenerator::pushFinallyControlFlowScope(Label* finallyLabel)
+void BytecodeGenerator::pushFinallyControlFlowScope(StatementNode* finallyBlock)
 {
     // Reclaim free label scopes.
@@ -3690 +3687 @@
         m_labelScopes.removeLast();
 
-    ControlFlowScope scope(ControlFlowScope::Finally, currentLexicalScopeIndex(), FinallyContext(m_currentFinallyContext, finallyLabel, m_finallyDepth));
-    m_controlFlowScopeStack.append(WTFMove(scope));
-
+    ControlFlowScope scope;
+    scope.isFinallyBlock = true;
+    FinallyContext context = {
+        finallyBlock,
+        nullptr,
+        nullptr,
+        static_cast<unsigned>(m_controlFlowScopeStack.size()),
+        static_cast<unsigned>(m_switchContextStack.size()),
+        static_cast<unsigned>(m_forInContextStack.size()),
+        static_cast<unsigned>(m_tryContextStack.size()),
+        static_cast<unsigned>(m_labelScopes.size()),
+        static_cast<unsigned>(m_lexicalScopeStack.size()),
+        m_finallyDepth,
+        m_localScopeDepth
+    };
+    scope.finallyContext = context;
+    m_controlFlowScopeStack.append(scope);
     m_finallyDepth++;
-    m_currentFinallyContext = &m_controlFlowScopeStack.last().finallyContext;
-    return m_currentFinallyContext;
-}
-
-FinallyContext BytecodeGenerator::popFinallyControlFlowScope()
+}
+
+void BytecodeGenerator::pushIteratorCloseControlFlowScope(RegisterID* iterator, ThrowableExpressionData* node)
+{
+    // Reclaim free label scopes.
+    while (m_labelScopes.size() && !m_labelScopes.last().refCount())
+        m_labelScopes.removeLast();
+
+    ControlFlowScope scope;
+    scope.isFinallyBlock = true;
+    FinallyContext context = {
+        nullptr,
+        iterator,
+        node,
+        static_cast<unsigned>(m_controlFlowScopeStack.size()),
+        static_cast<unsigned>(m_switchContextStack.size()),
+        static_cast<unsigned>(m_forInContextStack.size()),
+        static_cast<unsigned>(m_tryContextStack.size()),
+        static_cast<unsigned>(m_labelScopes.size()),
+        static_cast<unsigned>(m_lexicalScopeStack.size()),
+        m_finallyDepth,
+        m_localScopeDepth
+    };
+    scope.finallyContext = context;
+    m_controlFlowScopeStack.append(scope);
+    m_finallyDepth++;
+}
+
+void BytecodeGenerator::popFinallyControlFlowScope()
 {
     ASSERT(m_controlFlowScopeStack.size());
-    ASSERT(m_controlFlowScopeStack.last().isFinallyScope());
+    ASSERT(m_controlFlowScopeStack.last().isFinallyBlock);
+    ASSERT(m_controlFlowScopeStack.last().finallyContext.finallyBlock);
+    ASSERT(!m_controlFlowScopeStack.last().finallyContext.iterator);
+    ASSERT(!m_controlFlowScopeStack.last().finallyContext.enumerationNode);
     ASSERT(m_finallyDepth > 0);
-    ASSERT(m_currentFinallyContext);
-    m_currentFinallyContext = m_currentFinallyContext->outerContext();
+    m_controlFlowScopeStack.removeLast();
     m_finallyDepth--;
-    return m_controlFlowScopeStack.takeLast().finallyContext;
+}
+
+void BytecodeGenerator::popIteratorCloseControlFlowScope()
+{
+    ASSERT(m_controlFlowScopeStack.size());
+    ASSERT(m_controlFlowScopeStack.last().isFinallyBlock);
+    ASSERT(!m_controlFlowScopeStack.last().finallyContext.finallyBlock);
+    ASSERT(m_controlFlowScopeStack.last().finallyContext.iterator);
+    ASSERT(m_controlFlowScopeStack.last().finallyContext.enumerationNode);
+    ASSERT(m_finallyDepth > 0);
+    m_controlFlowScopeStack.removeLast();
+    m_finallyDepth--;
 }
 
@@ -3806 +3854 @@
     emitMove(m_topMostScope, scopeRegister());
 }
-
-TryData* BytecodeGenerator::pushTry(Label* start, Label* handlerLabel, HandlerType handlerType)
+    
+void BytecodeGenerator::emitComplexPopScopes(RegisterID* scope, ControlFlowScope* topScope, ControlFlowScope* bottomScope)
+{
+    while (topScope > bottomScope) {
+        // First we count the number of dynamic scopes we need to remove to get
+        // to a finally block.
+        int numberOfNormalScopes = 0;
+        while (topScope > bottomScope) {
+            if (topScope->isFinallyBlock)
+                break;
+            ++numberOfNormalScopes;
+            --topScope;
+        }
+
+        if (numberOfNormalScopes) {
+            // We need to remove a number of dynamic scopes to get to the next
+            // finally block
+            RefPtr<RegisterID> parentScope = newTemporary();
+            while (numberOfNormalScopes--) {
+                parentScope = emitGetParentScope(parentScope.get(), scope);
+                emitMove(scope, parentScope.get());
+            }
+
+            // If topScope == bottomScope then there isn't a finally block left to emit.
+            if (topScope == bottomScope)
+                return;
+        }
+        
+        Vector<ControlFlowScope> savedControlFlowScopeStack;
+        Vector<SwitchInfo> savedSwitchContextStack;
+        Vector<RefPtr<ForInContext>> savedForInContextStack;
+        Vector<TryContext> poppedTryContexts;
+        Vector<LexicalScopeStackEntry> savedLexicalScopeStack;
+        LabelScopeStore savedLabelScopes;
+        while (topScope > bottomScope && topScope->isFinallyBlock) {
+            RefPtr<Label> beforeFinally = emitLabel(newLabel().get());
+            
+            // Save the current state of the world while instating the state of the world
+            // for the finally block.
+            FinallyContext finallyContext = topScope->finallyContext;
+            bool flipScopes = finallyContext.controlFlowScopeStackSize != m_controlFlowScopeStack.size();
+            bool flipSwitches = finallyContext.switchContextStackSize != m_switchContextStack.size();
+            bool flipForIns = finallyContext.forInContextStackSize != m_forInContextStack.size();
+            bool flipTries = finallyContext.tryContextStackSize != m_tryContextStack.size();
+            bool flipLabelScopes = finallyContext.labelScopesSize != m_labelScopes.size();
+            bool flipLexicalScopeStack = finallyContext.lexicalScopeStackSize != m_lexicalScopeStack.size();
+            int topScopeIndex = -1;
+            int bottomScopeIndex = -1;
+            if (flipScopes) {
+                topScopeIndex = topScope - m_controlFlowScopeStack.begin();
+                bottomScopeIndex = bottomScope - m_controlFlowScopeStack.begin();
+                savedControlFlowScopeStack = m_controlFlowScopeStack;
+                m_controlFlowScopeStack.shrink(finallyContext.controlFlowScopeStackSize);
+            }
+            if (flipSwitches) {
+                savedSwitchContextStack = m_switchContextStack;
+                m_switchContextStack.shrink(finallyContext.switchContextStackSize);
+            }
+            if (flipForIns) {
+                savedForInContextStack = m_forInContextStack;
+                m_forInContextStack.shrink(finallyContext.forInContextStackSize);
+            }
+            if (flipTries) {
+                while (m_tryContextStack.size() != finallyContext.tryContextStackSize) {
+                    ASSERT(m_tryContextStack.size() > finallyContext.tryContextStackSize);
+                    TryContext context = m_tryContextStack.takeLast();
+                    TryRange range;
+                    range.start = context.start;
+                    range.end = beforeFinally;
+                    range.tryData = context.tryData;
+                    m_tryRanges.append(range);
+                    poppedTryContexts.append(context);
+                }
+            }
+            if (flipLabelScopes) {
+                savedLabelScopes = m_labelScopes;
+                while (m_labelScopes.size() > finallyContext.labelScopesSize)
+                    m_labelScopes.removeLast();
+            }
+            if (flipLexicalScopeStack) {
+                savedLexicalScopeStack = m_lexicalScopeStack;
+                m_lexicalScopeStack.shrink(finallyContext.lexicalScopeStackSize);
+            }
+            int savedFinallyDepth = m_finallyDepth;
+            m_finallyDepth = finallyContext.finallyDepth;
+            int savedDynamicScopeDepth = m_localScopeDepth;
+            m_localScopeDepth = finallyContext.dynamicScopeDepth;
+            
+            if (finallyContext.finallyBlock) {
+                // Emit the finally block.
+                emitNode(finallyContext.finallyBlock);
+            } else {
+                // Emit the IteratorClose block.
+                ASSERT(finallyContext.iterator);
+                emitIteratorClose(finallyContext.iterator, finallyContext.enumerationNode);
+            }
+
+            RefPtr<Label> afterFinally = emitLabel(newLabel().get());
+            
+            // Restore the state of the world.
+            if (flipScopes) {
+                m_controlFlowScopeStack = savedControlFlowScopeStack;
+                topScope = &m_controlFlowScopeStack[topScopeIndex]; // assert it's within bounds
+                bottomScope = m_controlFlowScopeStack.begin() + bottomScopeIndex; // don't assert, since it the index might be -1.
+            }
+            if (flipSwitches)
+                m_switchContextStack = savedSwitchContextStack;
+            if (flipForIns)
+                m_forInContextStack = savedForInContextStack;
+            if (flipTries) {
+                ASSERT(m_tryContextStack.size() == finallyContext.tryContextStackSize);
+                for (unsigned i = poppedTryContexts.size(); i--;) {
+                    TryContext context = poppedTryContexts[i];
+                    context.start = afterFinally;
+                    m_tryContextStack.append(context);
+                }
+                poppedTryContexts.clear();
+            }
+            if (flipLabelScopes)
+                m_labelScopes = savedLabelScopes;
+            if (flipLexicalScopeStack)
+                m_lexicalScopeStack = savedLexicalScopeStack;
+            m_finallyDepth = savedFinallyDepth;
+            m_localScopeDepth = savedDynamicScopeDepth;
+            
+            --topScope;
+        }
+    }
+}
+
+void BytecodeGenerator::emitPopScopes(RegisterID* scope, int targetScopeDepth)
+{
+    ASSERT(labelScopeDepth() - targetScopeDepth >= 0);
+
+    size_t scopeDelta = labelScopeDepth() - targetScopeDepth;
+    ASSERT(scopeDelta <= m_controlFlowScopeStack.size());
+    if (!scopeDelta)
+        return;
+
+    if (!m_finallyDepth) {
+        RefPtr<RegisterID> parentScope = newTemporary();
+        while (scopeDelta--) {
+            parentScope = emitGetParentScope(parentScope.get(), scope);
+            emitMove(scope, parentScope.get());
+        }
+        return;
+    }
+
+    emitComplexPopScopes(scope, &m_controlFlowScopeStack.last(), &m_controlFlowScopeStack.last() - scopeDelta);
+}
+
+TryData* BytecodeGenerator::pushTry(Label* start)
 {
     TryData tryData;
-    tryData.target = handlerLabel;
-    tryData.handlerType = handlerType;
+    tryData.target = newLabel();
+    tryData.handlerType = HandlerType::Illegal;
     m_tryData.append(tryData);
     TryData* result = &m_tryData.last();
@@ -3824 +4022 @@
 }
 
-void BytecodeGenerator::popTry(TryData* tryData, Label* end)
+void BytecodeGenerator::popTryAndEmitCatch(TryData* tryData, RegisterID* exceptionRegister, RegisterID* thrownValueRegister, Label* end, HandlerType handlerType)
 {
     m_usesExceptions = true;
@@ -3836 +4034 @@
     m_tryRanges.append(tryRange);
     m_tryContextStack.removeLast();
-}
-
-void BytecodeGenerator::emitCatch(RegisterID* exceptionRegister, RegisterID* thrownValueRegister)
-{
+    
+    emitLabel(tryRange.tryData->target.get());
+    tryRange.tryData->handlerType = handlerType;
+
     emitOpcode(op_catch);
     instructions().append(exceptionRegister->index());
     instructions().append(thrownValueRegister->index());
-}
-
-void BytecodeGenerator::restoreScopeRegister(int lexicalScopeIndex)
-{
-    if (lexicalScopeIndex == CurrentLexicalScopeIndex)
-        return; // No change needed.
-
-    if (lexicalScopeIndex != OutermostLexicalScopeIndex) {
-        ASSERT(lexicalScopeIndex < static_cast<int>(m_lexicalScopeStack.size()));
-        int endIndex = lexicalScopeIndex + 1;
-        for (size_t i = endIndex; i--; ) {
-            if (m_lexicalScopeStack[i].m_scope) {
-                emitMove(scopeRegister(), m_lexicalScopeStack[i].m_scope);
-                return;
-            }
-        }
-    }
-    // Note that if we don't find a local scope in the current function/program,
-    // we must grab the outer-most scope of this bytecode generation.
-    emitMove(scopeRegister(), m_topMostScope);
-}
-
-void BytecodeGenerator::restoreScopeRegister()
-{
-    restoreScopeRegister(currentLexicalScopeIndex());
-}
-
-int BytecodeGenerator::labelScopeDepthToLexicalScopeIndex(int targetLabelScopeDepth)
-{
-    ASSERT(labelScopeDepth() - targetLabelScopeDepth >= 0);
-    size_t scopeDelta = labelScopeDepth() - targetLabelScopeDepth;
-    ASSERT(scopeDelta <= m_controlFlowScopeStack.size());
-    if (!scopeDelta)
-        return CurrentLexicalScopeIndex;
-
-    ControlFlowScope& targetScope = m_controlFlowScopeStack[targetLabelScopeDepth];
-    return targetScope.lexicalScopeIndex;
+
+    bool foundLocalScope = false;
+    for (unsigned i = m_lexicalScopeStack.size(); i--; ) {
+        // Note that if we don't find a local scope in the current function/program, 
+        // we must grab the outer-most scope of this bytecode generation.
+        if (m_lexicalScopeStack[i].m_scope) {
+            foundLocalScope = true;
+            emitMove(scopeRegister(), m_lexicalScopeStack[i].m_scope);
+            break;
+        }
+    }
+    if (!foundLocalScope)
+        emitMove(scopeRegister(), m_topMostScope);
 }
 
@@ -3888 +4062 @@
 
 int BytecodeGenerator::labelScopeDepth() const
-{
-    int depth = localScopeDepth() + m_finallyDepth;
-    ASSERT(depth == static_cast<int>(m_controlFlowScopeStack.size()));
-    return depth;
+{ 
+    return localScopeDepth() + m_finallyDepth;
 }
 
@@ -3961 +4133 @@
 void BytecodeGenerator::pushLocalControlFlowScope()
 {
-    ControlFlowScope scope(ControlFlowScope::Label, currentLexicalScopeIndex());
-    m_controlFlowScopeStack.append(WTFMove(scope));
+    ControlFlowScope scope;
+    scope.isFinallyBlock = false;
+    m_controlFlowScopeStack.append(scope);
     m_localScopeDepth++;
 }
@@ -3969 +4142 @@
 {
     ASSERT(m_controlFlowScopeStack.size());
-    ASSERT(!m_controlFlowScopeStack.last().isFinallyScope());
+    ASSERT(!m_controlFlowScopeStack.last().isFinallyBlock);
     m_controlFlowScopeStack.removeLast();
     m_localScopeDepth--;
@@ -4124 +4297 @@
     return false;
 }
-
+    
 void BytecodeGenerator::emitEnumeration(ThrowableExpressionData* node, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack, ForOfNode* forLoopNode, RegisterID* forLoopSymbolTable)
 {
-    FinallyRegistersScope finallyRegistersScope(*this);
-
     RefPtr<RegisterID> subject = newTemporary();
     emitNode(subject.get(), subjectNode);
@@ -4139 +4310 @@
 
     RefPtr<Label> loopDone = newLabel();
-    RefPtr<Label> tryStartLabel = newLabel();
-    RefPtr<Label> finallyViaThrowLabel = newLabel();
-    RefPtr<Label> finallyLabel = newLabel();
-    RefPtr<Label> catchLabel = newLabel();
-    RefPtr<Label> endCatchLabel = newLabel();
-
     // RefPtr<Register> iterator's lifetime must be longer than IteratorCloseContext.
-    FinallyContext* finallyContext = pushFinallyControlFlowScope(finallyLabel.get());
-
+    pushIteratorCloseControlFlowScope(iterator.get(), node);
     {
         LabelScopePtr scope = newLabelScope(LabelScope::Loop);
@@ -4159 +4323 @@
         emitLoopHint();
 
+        RefPtr<Label> tryStartLabel = newLabel();
         emitLabel(tryStartLabel.get());
-        TryData* tryData = pushTry(tryStartLabel.get(), finallyViaThrowLabel.get(), HandlerType::SynthesizedFinally);
+        TryData* tryData = pushTry(tryStartLabel.get());
         callBack(*this, value.get());
         emitJump(scope->continueTarget());
 
-        // IteratorClose sequence for abrupt completions.
+        // IteratorClose sequence for throw-ed control flow.
         {
-            // Finally block for the enumeration.
-            emitLabel(finallyViaThrowLabel.get());
-            popTry(tryData, finallyViaThrowLabel.get());
-
-            RegisterID* unused = newTemporary();
-            emitCatch(finallyActionRegister(), unused);
-            // Setting the finallyActionRegister to the caught exception here implies CompletionType::Throw.
-
-            emitLabel(finallyLabel.get());
-            restoreScopeRegister();
-
-            RefPtr<Label> finallyDone = newLabel();
+            RefPtr<Label> catchHere = emitLabel(newLabel().get());
+            RefPtr<RegisterID> exceptionRegister = newTemporary();
+            RefPtr<RegisterID> thrownValueRegister = newTemporary();
+            popTryAndEmitCatch(tryData, exceptionRegister.get(),
+                thrownValueRegister.get(), catchHere.get(), HandlerType::SynthesizedFinally);
+
+            RefPtr<Label> catchDone = newLabel();
 
             RefPtr<RegisterID> returnMethod = emitGetById(newTemporary(), iterator.get(), propertyNames().returnKeyword);
-            emitJumpIfTrue(emitIsUndefined(newTemporary(), returnMethod.get()), finallyDone.get());
-
-            RefPtr<RegisterID> originalFinallyActionRegister = newTemporary();
-            emitMove(originalFinallyActionRegister.get(), finallyActionRegister());
+            emitJumpIfTrue(emitIsUndefined(newTemporary(), returnMethod.get()), catchDone.get());
 
             RefPtr<Label> returnCallTryStart = newLabel();
             emitLabel(returnCallTryStart.get());
-            TryData* returnCallTryData = pushTry(returnCallTryStart.get(), catchLabel.get(), HandlerType::SynthesizedCatch);
+            TryData* returnCallTryData = pushTry(returnCallTryStart.get());
 
             CallArguments returnArguments(*this, nullptr);
             emitMove(returnArguments.thisRegister(), iterator.get());
             emitCall(value.get(), returnMethod.get(), NoExpectedFunction, returnArguments, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No);
-            emitJumpIfTrue(emitIsObject(newTemporary(), value.get()), finallyDone.get());
-            emitThrowTypeError(ASCIILiteral("Iterator result interface is not an object."));
-
-            emitLabel(finallyDone.get());
-            emitFinallyCompletion(*finallyContext, endCatchLabel.get());
-
-            popTry(returnCallTryData, finallyDone.get());
-
-            // Catch block for exceptions that may be thrown while calling the return
-            // handler in the enumeration finally block. The only reason we need this
-            // catch block is because if entered the above finally block due to a thrown
-            // exception, then we want to re-throw the original exception on exiting
-            // the finally block. Otherwise, we'll let any new exception pass through.
-            {
-                emitLabel(catchLabel.get());
-                RefPtr<RegisterID> exceptionRegister = newTemporary();
-                RegisterID* unused = newTemporary();
-                emitCatch(exceptionRegister.get(), unused);
-                restoreScopeRegister();
-
-                RefPtr<Label> throwLabel = newLabel();
-                emitJumpIfCompletionTypeIsThrow(originalFinallyActionRegister.get(), throwLabel.get());
-                emitMove(originalFinallyActionRegister.get(), exceptionRegister.get());
-
-                emitLabel(throwLabel.get());
-                emitThrow(originalFinallyActionRegister.get());
-
-                emitLabel(endCatchLabel.get());
-            }
+
+            emitLabel(catchDone.get());
+            emitThrow(exceptionRegister.get());
+
+            // Absorb exception.
+            popTryAndEmitCatch(returnCallTryData, newTemporary(),
+                newTemporary(), catchDone.get(), HandlerType::SynthesizedFinally);
+            emitThrow(exceptionRegister.get());
         }
 
@@ -4241 +4377 @@
 
     // IteratorClose sequence for break-ed control flow.
-    popFinallyControlFlowScope();
+    popIteratorCloseControlFlowScope();
     emitIteratorClose(iterator.get(), node);
     emitLabel(loopDone.get());
@@ -4357 +4493 @@
 {
     emitOpcode(op_is_object);
-    instructions().append(dst->index());
-    instructions().append(src->index());
-    return dst;
-}
-
-RegisterID* BytecodeGenerator::emitIsNumber(RegisterID* dst, RegisterID* src)
-{
-    emitOpcode(op_is_number);
     instructions().append(dst->index());
     instructions().append(src->index());
@@ -4657 +4785 @@
     {
         RefPtr<RegisterID> returnRegister = generatorValueRegister();
-        bool hasFinally = emitReturnViaFinallyIfNeeded(returnRegister.get());
-        if (!hasFinally)
-            emitReturn(returnRegister.get());
+        if (isInFinallyBlock()) {
+            returnRegister = emitMove(newTemporary(), returnRegister.get());
+            emitPopScopes(scopeRegister(), 0);
+        }
+        emitReturn(returnRegister.get());
     }
 
@@ -4762 +4892 @@
 
                     emitLabel(returnSequence.get());
-                    bool hasFinally = emitReturnViaFinallyIfNeeded(value.get());
-                    if (!hasFinally)
-                        emitReturn(value.get());
+                    if (isInFinallyBlock())
+                        emitPopScopes(scopeRegister(), 0);
+                    emitReturn(value.get());
                 }
 
@@ -4792 +4922 @@
     RegisterID* completedState = emitLoad(nullptr, jsNumber(state));
     emitPutById(generatorRegister(), propertyNames().builtinNames().generatorStatePrivateName(), completedState);
-}
-
-bool BytecodeGenerator::emitJumpViaFinallyIfNeeded(int targetLabelScopeDepth, Label* jumpTarget)
-{
-    ASSERT(labelScopeDepth() - targetLabelScopeDepth >= 0);
-    size_t scopeDelta = labelScopeDepth() - targetLabelScopeDepth;
-    ASSERT(scopeDelta <= m_controlFlowScopeStack.size());
-    if (!scopeDelta)
-        return false; // No finallys to thread through.
-
-    ControlFlowScope* topScope = &m_controlFlowScopeStack.last();
-    ControlFlowScope* bottomScope = &m_controlFlowScopeStack.last() - scopeDelta;
-
-    FinallyContext* innermostFinallyContext = nullptr;
-    FinallyContext* outermostFinallyContext = nullptr;
-    while (topScope > bottomScope) {
-        if (topScope->isFinallyScope()) {
-            FinallyContext* finallyContext = &topScope->finallyContext;
-            if (!innermostFinallyContext)
-                innermostFinallyContext = finallyContext;
-            outermostFinallyContext = finallyContext;
-            finallyContext->incNumberOfBreaksOrContinues();
-        }
-        --topScope;
-    }
-    if (!outermostFinallyContext)
-        return false; // No finallys to thread through.
-
-    int jumpID = bytecodeOffsetToJumpID(instructions().size());
-    int lexicalScopeIndex = labelScopeDepthToLexicalScopeIndex(targetLabelScopeDepth);
-    outermostFinallyContext->registerJump(jumpID, lexicalScopeIndex, jumpTarget);
-
-    emitSetFinallyActionToJumpID(jumpID);
-    emitJump(innermostFinallyContext->finallyLabel());
-    return true; // We'll be jumping to a finally block.
-}
-
-bool BytecodeGenerator::emitReturnViaFinallyIfNeeded(RegisterID* returnRegister)
-{
-    if (!m_controlFlowScopeStack.size())
-        return false; // No finallys to thread through.
-
-    ControlFlowScope* topScope = &m_controlFlowScopeStack.last();
-    ControlFlowScope* bottomScope = &m_controlFlowScopeStack.first();
-
-    FinallyContext* innermostFinallyContext = nullptr;
-    while (topScope >= bottomScope) {
-        if (topScope->isFinallyScope()) {
-            FinallyContext* finallyContext = &topScope->finallyContext;
-            if (!innermostFinallyContext)
-                innermostFinallyContext = finallyContext;
-            finallyContext->setHandlesReturns();
-        }
-        --topScope;
-    }
-    if (!innermostFinallyContext)
-        return false; // No finallys to thread through.
-
-    emitSetFinallyActionToReturnCompletion();
-    emitSetFinallyReturnValueRegister(returnRegister);
-    emitJump(innermostFinallyContext->finallyLabel());
-    return true; // We'll be jumping to a finally block.
-}
-
-void BytecodeGenerator::emitFinallyCompletion(FinallyContext& context, Label* normalCompletionLabel)
-{
-    // FIXME: switch the finallyActionRegister to only store int values for all CompletionTypes. This is more optimal for JIT type speculation.
-    // https://bugs.webkit.org/show_bug.cgi?id=165979
-    emitJumpIfFinallyActionIsNormalCompletion(normalCompletionLabel);
-
-    if (context.numberOfBreaksOrContinues() || context.handlesReturns()) {
-        FinallyContext* outerContext = context.outerContext();
-        if (outerContext) {
-            // We are not the outermost finally.
-            size_t numberOfJumps = context.numberOfJumps();
-            for (size_t i = 0; i < numberOfJumps; i++) {
-                RefPtr<Label> nextLabel = newLabel();
-                auto& jump = context.jumps(i);
-                emitJumpIfFinallyActionIsNotJump(jump.jumpID, nextLabel.get());
-
-                restoreScopeRegister(jump.targetLexicalScopeIndex);
-                emitSetFinallyActionToNormalCompletion();
-                emitJump(jump.targetLabel.get());
-
-                emitLabel(nextLabel.get());
-            }
-
-            bool hasBreaksOrContinuesNotCoveredByJumps = context.numberOfBreaksOrContinues() > numberOfJumps;
-            if (hasBreaksOrContinuesNotCoveredByJumps || context.handlesReturns())
-                emitJumpIfFinallyActionIsNotThrowCompletion(outerContext->finallyLabel());
-
-        } else {
-            // We are the outermost finally.
-            size_t numberOfJumps = context.numberOfJumps();
-            ASSERT(numberOfJumps == context.numberOfBreaksOrContinues());
-
-            for (size_t i = 0; i < numberOfJumps; i++) {
-                RefPtr<Label> nextLabel = newLabel();
-                auto& jump = context.jumps(i);
-                emitJumpIfFinallyActionIsNotJump(jump.jumpID, nextLabel.get());
-
-                restoreScopeRegister(jump.targetLexicalScopeIndex);
-                emitSetFinallyActionToNormalCompletion();
-                emitJump(jump.targetLabel.get());
-
-                emitLabel(nextLabel.get());
-            }
-
-            if (context.handlesReturns()) {
-                RefPtr<Label> notReturnLabel = newLabel();
-                emitJumpIfFinallyActionIsNotReturnCompletion(notReturnLabel.get());
-
-                emitWillLeaveCallFrameDebugHook();
-                emitReturn(finallyReturnValueRegister(), ReturnFrom::Finally);
-                
-                emitLabel(notReturnLabel.get());
-            }
-        }
-    }
-    emitThrow(finallyActionRegister());
-}
-
-bool BytecodeGenerator::allocateFinallyRegisters()
-{
-    if (m_finallyActionRegister)
-        return false;
-
-    ASSERT(!m_finallyReturnValueRegister);
-    m_finallyActionRegister = newTemporary();
-    m_finallyReturnValueRegister = newTemporary();
-
-    emitSetFinallyActionToNormalCompletion();
-    emitMoveEmptyValue(m_finallyReturnValueRegister.get());
-    return true;
-}
-
-void BytecodeGenerator::releaseFinallyRegisters()
-{
-    ASSERT(m_finallyActionRegister && m_finallyReturnValueRegister);
-    m_finallyActionRegister = nullptr;
-    m_finallyReturnValueRegister = nullptr;
-}
-
-void BytecodeGenerator::emitCompareFinallyActionAndJumpIf(OpcodeID compareOpcode, int value, Label* jumpTarget)
-{
-    RefPtr<RegisterID> tempRegister = newTemporary();
-    RegisterID* valueConstant = addConstantValue(JSValue(value));
-    OperandTypes operandTypes = OperandTypes(ResultType::numberTypeIsInt32(), ResultType::unknownType());
-
-    auto equivalenceResult = emitBinaryOp(compareOpcode, tempRegister.get(), valueConstant, finallyActionRegister(), operandTypes);
-    emitJumpIfTrue(equivalenceResult, jumpTarget);
 }
 

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -81 +81 @@
     };
 
-    struct FinallyJump {
-        FinallyJump(int jumpID, int targetLexicalScopeIndex, Label* targetLabel)
-            : jumpID(jumpID)
-            , targetLexicalScopeIndex(targetLexicalScopeIndex)
-            , targetLabel(targetLabel)
-        { }
-
-        int jumpID { 0 };
-        int targetLexicalScopeIndex { 0 };
-        RefPtr<Label> targetLabel;
-    };
-
     struct FinallyContext {
-        FinallyContext() { }
-        FinallyContext(FinallyContext* outerContext, Label* finallyLabel, int finallyDepth)
-            : m_outerContext(outerContext)
-            , m_finallyLabel(finallyLabel)
-            , m_finallyDepth(finallyDepth)
-        {
-            ASSERT(!m_jumps || m_jumps->isEmpty());
-        }
-
-        FinallyContext* outerContext() const { return m_outerContext; }
-        Label* finallyLabel() const { return m_finallyLabel; }
-        int depth() const { return m_finallyDepth; }
-
-        unsigned numberOfBreaksOrContinues() const { return m_numberOfBreaksOrContinues; }
-        void incNumberOfBreaksOrContinues()
-        {
-            ASSERT(m_numberOfBreaksOrContinues < INT_MAX);
-            m_numberOfBreaksOrContinues++;
-        }
-
-        bool handlesReturns() const { return m_handlesReturns; }
-        void setHandlesReturns() { m_handlesReturns = true; }
-
-        void registerJump(int jumpID, int lexicalScopeIndex, Label* targetLabel)
-        {
-            if (!m_jumps)
-                m_jumps = std::make_unique<Vector<FinallyJump>>();
-            m_jumps->append(FinallyJump(jumpID, lexicalScopeIndex, targetLabel));
-        }
-
-        size_t numberOfJumps() const { return m_jumps ? m_jumps->size() : 0; }
-        FinallyJump& jumps(size_t i) { return (*m_jumps)[i]; }
-
-    private:
-        FinallyContext* m_outerContext { nullptr };
-        Label* m_finallyLabel { nullptr };
-        int m_finallyDepth { 0 };
-        unsigned m_numberOfBreaksOrContinues { 0 };
-        bool m_handlesReturns { false };
-        std::unique_ptr<Vector<FinallyJump>> m_jumps;
+        StatementNode* finallyBlock;
+        RegisterID* iterator;
+        ThrowableExpressionData* enumerationNode;
+        unsigned controlFlowScopeStackSize;
+        unsigned switchContextStackSize;
+        unsigned forInContextStackSize;
+        unsigned tryContextStackSize;
+        unsigned labelScopesSize;
+        unsigned lexicalScopeStackSize;
+        int finallyDepth;
+        int dynamicScopeDepth;
     };
 
     struct ControlFlowScope {
-        typedef uint8_t Type;
-        enum {
-            Label,
-            Finally
-        };
-        ControlFlowScope(Type type, int lexicalScopeIndex, FinallyContext&& finallyContext = FinallyContext())
-            : type(type)
-            , lexicalScopeIndex(lexicalScopeIndex)
-            , finallyContext(std::forward<FinallyContext>(finallyContext))
-        { }
-
-        bool isLabelScope() const { return type == Label; }
-        bool isFinallyScope() const { return type == Finally; }
-
-        Type type;
-        int lexicalScopeIndex;
+        bool isFinallyBlock;
         FinallyContext finallyContext;
     };
@@ -662 +606 @@
         RegisterID* emitGetTemplateObject(RegisterID* dst, TaggedTemplateNode*);
 
-        enum class ReturnFrom { Normal, Finally };
-        RegisterID* emitReturn(RegisterID* src, ReturnFrom = ReturnFrom::Normal);
+        RegisterID* emitReturn(RegisterID* src);
         RegisterID* emitEnd(RegisterID* src) { return emitUnaryNoDstOp(op_end, src); }
 
@@ -684 +627 @@
         PassRefPtr<Label> emitJumpIfNotFunctionCall(RegisterID* cond, Label* target);
         PassRefPtr<Label> emitJumpIfNotFunctionApply(RegisterID* cond, Label* target);
+        void emitPopScopes(RegisterID* srcDst, int targetScopeDepth);
 
         void emitEnter();
@@ -706 +650 @@
         RegisterID* emitIsSet(RegisterID* dst, RegisterID* src) { return emitIsCellWithType(dst, src, JSSetType); }
         RegisterID* emitIsObject(RegisterID* dst, RegisterID* src);
-        RegisterID* emitIsNumber(RegisterID* dst, RegisterID* src);
         RegisterID* emitIsUndefined(RegisterID* dst, RegisterID* src);
         RegisterID* emitIsEmpty(RegisterID* dst, RegisterID* src);
@@ -721 +664 @@
 
         // Start a try block. 'start' must have been emitted.
-        TryData* pushTry(Label* start, Label* handlerLabel, HandlerType);
+        TryData* pushTry(Label* start);
         // End a try block. 'end' must have been emitted.
-        void popTry(TryData*, Label* end);
-        void emitCatch(RegisterID* exceptionRegister, RegisterID* thrownValueRegister);
-
-    private:
-        static const int CurrentLexicalScopeIndex = -2;
-        static const int OutermostLexicalScopeIndex = -1;
-
-    public:
-        void restoreScopeRegister();
-        void restoreScopeRegister(int lexicalScopeIndex);
-
-        int currentLexicalScopeIndex() const
-        {
-            int size = static_cast<int>(m_lexicalScopeStack.size());
-            ASSERT(static_cast<size_t>(size) == m_lexicalScopeStack.size());
-            ASSERT(size >= 0);
-            int index = size - 1;
-            return index;
-        }
-
-        int labelScopeDepthToLexicalScopeIndex(int labelScopeDepth);
+        void popTryAndEmitCatch(TryData*, RegisterID* exceptionRegister, RegisterID* thrownValueRegister, Label* end, HandlerType);
 
         void emitThrow(RegisterID* exc)
@@ -776 +699 @@
         void emitWillLeaveCallFrameDebugHook();
 
-        class FinallyRegistersScope {
-        public:
-            FinallyRegistersScope(BytecodeGenerator& generator, bool needFinallyRegisters = true)
-                : m_generator(generator)
-            {
-                if (needFinallyRegisters && m_generator.allocateFinallyRegisters())
-                    m_needToReleaseOnDestruction = true;
-            }
-            ~FinallyRegistersScope()
-            {
-                if (m_needToReleaseOnDestruction)
-                    m_generator.releaseFinallyRegisters();
-            }
-
-        private:
-            BytecodeGenerator& m_generator;
-            bool m_needToReleaseOnDestruction { false };
-        };
-
-        RegisterID* finallyActionRegister() const
-        {
-            ASSERT(m_finallyActionRegister);
-            return m_finallyActionRegister.get();
-        }
-        RegisterID* finallyReturnValueRegister() const
-        {
-            ASSERT(m_finallyReturnValueRegister);
-            return m_finallyReturnValueRegister.get();
-        }
-
-        void emitSetFinallyActionToNormalCompletion()
-        {
-            emitMoveEmptyValue(m_finallyActionRegister.get());
-        }
-        void emitSetFinallyActionToReturnCompletion()
-        {
-            emitLoad(finallyActionRegister(), JSValue(static_cast<int>(CompletionType::Return)));
-        }
-        void emitSetFinallyActionToJumpID(int jumpID)
-        {
-            emitLoad(finallyActionRegister(), JSValue(jumpID));
-        }
-        void emitSetFinallyReturnValueRegister(RegisterID* reg)
-        {
-            emitMove(finallyReturnValueRegister(), reg);
-        }
-
-        void emitJumpIfFinallyActionIsNormalCompletion(Label* jumpTarget)
-        {
-            emitJumpIfTrue(emitIsEmpty(newTemporary(), finallyActionRegister()), jumpTarget);
-        }
-
-        void emitJumpIfFinallyActionIsNotJump(int jumpID, Label* jumpTarget)
-        {
-            emitCompareFinallyActionAndJumpIf(op_nstricteq, jumpID, jumpTarget);
-        }
-
-        void emitJumpIfFinallyActionIsReturnCompletion(Label* jumpTarget)
-        {
-            emitCompareFinallyActionAndJumpIf(op_stricteq, static_cast<int>(CompletionType::Return), jumpTarget);
-        }
-        void emitJumpIfFinallyActionIsNotReturnCompletion(Label* jumpTarget)
-        {
-            emitCompareFinallyActionAndJumpIf(op_nstricteq, static_cast<int>(CompletionType::Return), jumpTarget);
-        }
-
-        void emitJumpIfFinallyActionIsNotThrowCompletion(Label* jumpTarget)
-        {
-            emitJumpIfTrue(emitIsNumber(newTemporary(), finallyActionRegister()), jumpTarget);
-        }
-        void emitJumpIfCompletionTypeIsThrow(RegisterID* reg, Label* jumpTarget)
-        {
-            emitJumpIfFalse(emitIsNumber(newTemporary(), reg), jumpTarget);
-        }
-
-        bool emitJumpViaFinallyIfNeeded(int targetLabelScopeDepth, Label* jumpTarget);
-        bool emitReturnViaFinallyIfNeeded(RegisterID* returnRegister);
-        void emitFinallyCompletion(FinallyContext&, Label* normalCompletionLabel);
-
-    private:
-        void emitCompareFinallyActionAndJumpIf(OpcodeID compareOpcode, int value, Label* jumpTarget);
-
-        int bytecodeOffsetToJumpID(unsigned offset)
-        {
-            int jumpID = offset + static_cast<int>(CompletionType::NumberOfTypes);
-            ASSERT(jumpID >= static_cast<int>(CompletionType::NumberOfTypes));
-            return jumpID;
-        }
-
-        bool allocateFinallyRegisters();
-        void releaseFinallyRegisters();
-
-    public:
-        FinallyContext* pushFinallyControlFlowScope(Label* finallyLabel);
-        FinallyContext popFinallyControlFlowScope();
+        bool isInFinallyBlock() { return m_finallyDepth > 0; }
+
+        void pushFinallyControlFlowScope(StatementNode* finallyBlock);
+        void popFinallyControlFlowScope();
+        void pushIteratorCloseControlFlowScope(RegisterID* iterator, ThrowableExpressionData* enumerationNode);
+        void popIteratorCloseControlFlowScope();
 
         void pushIndexedForInScope(RegisterID* local, RegisterID* index);
@@ -964 +798 @@
         void allocateCalleeSaveSpace();
         void allocateAndEmitScope();
+        void emitComplexPopScopes(RegisterID*, ControlFlowScope* topScope, ControlFlowScope* bottomScope);
 
         typedef HashMap<double, JSValue> NumberMap;
@@ -1101 +936 @@
         RegisterID* m_promiseCapabilityRegister { nullptr };
 
-        // The spec at https://tc39.github.io/ecma262/#sec-completion-record-specification-type says
-        // that there are 5 types of completions. Conceptually, we'll set m_finallyActionRegister
-        // to one of these completion types. However, to optimize our implementation, we'll encode
-        // these type info as follows:
-        //
-        //     CompletionType::Normal   - m_finallyActionRegister is empty.
-        //     CompletionType::Break    - m_finallyActionRegister is an int JSValue jumpID.
-        //     CompletionType::Continue - m_finallyActionRegister is an int JSValue jumpID.
-        //     CompletionType::Return   - m_finallyActionRegister is the Return enum as an int JSValue.
-        //     CompletionType::Throw    - m_finallyActionRegister is the Exception object to rethrow.
-        //
-        // Hence, of the 5 completion types, only the CompletionType::Return enum value is used in
-        // our implementation. The rest are just provided for completeness.
-
-        enum class CompletionType : int {
-            Normal,
-            Break,
-            Continue,
-            Return,
-            Throw,
-
-            NumberOfTypes
-        };
-
-        RefPtr<RegisterID> m_finallyActionRegister;
-        RefPtr<RegisterID> m_finallyReturnValueRegister;
-
-        FinallyContext* m_currentFinallyContext { nullptr };
-
         SegmentedVector<RegisterID*, 16> m_localRegistersForCalleeSaveRegisters;
         SegmentedVector<RegisterID, 32> m_constantPoolRegisters;
@@ -1144 +950 @@
         void popLocalControlFlowScope();
 
-        // FIXME: Restore overflow checking with UnsafeVectorOverflow once SegmentVector supports it. 
-        // https://bugs.webkit.org/show_bug.cgi?id=165980
-        SegmentedVector<ControlFlowScope, 16> m_controlFlowScopeStack;
+        Vector<ControlFlowScope, 0, UnsafeVectorOverflow> m_controlFlowScopeStack;
         Vector<SwitchInfo> m_switchContextStack;
         Vector<RefPtr<ForInContext>> m_forInContextStack;

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -2999 +2999 @@
     ASSERT(scope);
 
-    bool hasFinally = generator.emitJumpViaFinallyIfNeeded(scope->scopeDepth(), scope->continueTarget());
-    if (!hasFinally) {
-        int lexicalScopeIndex = generator.labelScopeDepthToLexicalScopeIndex(scope->scopeDepth());
-        generator.restoreScopeRegister(lexicalScopeIndex);
-        generator.emitJump(scope->continueTarget());
-    }
+    generator.emitPopScopes(generator.scopeRegister(), scope->scopeDepth());
+    generator.emitJump(scope->continueTarget());
 
     generator.emitProfileControlFlow(endOffset());
@@ -3030 +3026 @@
     ASSERT(scope);
 
-    bool hasFinally = generator.emitJumpViaFinallyIfNeeded(scope->scopeDepth(), scope->breakTarget());
-    if (!hasFinally) {
-        int lexicalScopeIndex = generator.labelScopeDepthToLexicalScopeIndex(scope->scopeDepth());
-        generator.restoreScopeRegister(lexicalScopeIndex);
-        generator.emitJump(scope->breakTarget());
-    }
+    generator.emitPopScopes(generator.scopeRegister(), scope->scopeDepth());
+    generator.emitJump(scope->breakTarget());
 
     generator.emitProfileControlFlow(endOffset());
@@ -3052 +3044 @@
 
     generator.emitProfileType(returnRegister.get(), ProfileTypeBytecodeFunctionReturnStatement, divotStart(), divotEnd());
-
-    bool hasFinally = generator.emitReturnViaFinallyIfNeeded(returnRegister.get());
-    if (!hasFinally) {
-        generator.emitWillLeaveCallFrameDebugHook();
-        generator.emitReturn(returnRegister.get());
-    }
-
-    generator.emitProfileControlFlow(endOffset());
+    if (generator.isInFinallyBlock()) {
+        returnRegister = generator.emitMove(generator.newTemporary(), returnRegister.get());
+        generator.emitPopScopes(generator.scopeRegister(), 0);
+    }
+
+    generator.emitWillLeaveCallFrameDebugHook();
+    generator.emitReturn(returnRegister.get());
+    generator.emitProfileControlFlow(endOffset()); 
     // Emitting an unreachable return here is needed in case this op_profile_control_flow is the 
     // last opcode in a CodeBlock because a CodeBlock's instructions must end with a terminal opcode.
@@ -3288 +3280 @@
 
     ASSERT(m_catchBlock || m_finallyBlock);
-    BytecodeGenerator::FinallyRegistersScope finallyRegistersScope(generator, m_finallyBlock);
-
-    RefPtr<Label> catchLabel;
-    RefPtr<Label> catchEndLabel;
-    RefPtr<Label> finallyViaThrowLabel;
-    RefPtr<Label> finallyLabel;
-    RefPtr<Label> finallyEndLabel;
 
     RefPtr<Label> tryStartLabel = generator.newLabel();
     generator.emitLabel(tryStartLabel.get());
-
-    if (m_finallyBlock) {
-        finallyViaThrowLabel = generator.newLabel();
-        finallyLabel = generator.newLabel();
-        finallyEndLabel = generator.newLabel();
-
-        generator.pushFinallyControlFlowScope(finallyLabel.get());
-    }
+    
+    if (m_finallyBlock)
+        generator.pushFinallyControlFlowScope(m_finallyBlock);
+    TryData* tryData = generator.pushTry(tryStartLabel.get());
+
+    generator.emitNode(dst, m_tryBlock);
+
     if (m_catchBlock) {
-        catchLabel = generator.newLabel();
-        catchEndLabel = generator.newLabel();
-    }
-
-    Label* tryHandlerLabel = m_catchBlock ? catchLabel.get() : finallyViaThrowLabel.get();
-    HandlerType tryHandlerType = m_catchBlock ? HandlerType::Catch : HandlerType::Finally;
-    TryData* tryData = generator.pushTry(tryStartLabel.get(), tryHandlerLabel, tryHandlerType);
-
-    generator.emitNode(dst, m_tryBlock);
-
-    // The finallyActionRegister is an empty value by default, which implies CompletionType::Normal.
-    if (m_finallyBlock)
-        generator.emitJump(finallyLabel.get());
-    else
+        RefPtr<Label> catchEndLabel = generator.newLabel();
+        
+        // Normal path: jump over the catch block.
         generator.emitJump(catchEndLabel.get());
 
-    RefPtr<Label> endTryLabel = generator.emitLabel(generator.newLabel().get());
-    generator.popTry(tryData, endTryLabel.get());
-
-    if (m_catchBlock) {
         // Uncaught exception path: the catch block.
-        generator.emitLabel(catchLabel.get());
+        RefPtr<Label> here = generator.emitLabel(generator.newLabel().get());
+        RefPtr<RegisterID> exceptionRegister = generator.newTemporary();
         RefPtr<RegisterID> thrownValueRegister = generator.newTemporary();
-        RegisterID* unused = generator.newTemporary();
-        generator.emitCatch(unused, thrownValueRegister.get());
-        generator.restoreScopeRegister();
-
-        TryData* tryData = nullptr;
+        generator.popTryAndEmitCatch(tryData, exceptionRegister.get(), thrownValueRegister.get(), here.get(), HandlerType::Catch);
+        
         if (m_finallyBlock) {
             // If the catch block throws an exception and we have a finally block, then the finally
             // block should "catch" that exception.
-            tryData = generator.pushTry(catchLabel.get(), finallyViaThrowLabel.get(), HandlerType::Finally);
+            tryData = generator.pushTry(here.get());
         }
 
@@ -3350 +3317 @@
         generator.emitLoad(thrownValueRegister.get(), jsUndefined());
         generator.emitPopCatchScope(m_lexicalVariables);
-
-        if (m_finallyBlock) {
-            generator.emitSetFinallyActionToNormalCompletion();
-            generator.emitJump(finallyLabel.get());
-            generator.popTry(tryData, finallyViaThrowLabel.get());
-        }
-
         generator.emitLabel(catchEndLabel.get());
-        generator.emitProfileControlFlow(m_catchBlock->endOffset() + 1);
     }
 
     if (m_finallyBlock) {
-        FinallyContext finallyContext = generator.popFinallyControlFlowScope();
-
-        // Entry to the finally block for CompletionType::Throw.
-        generator.emitLabel(finallyViaThrowLabel.get());
-        RegisterID* unused = generator.newTemporary();
-        generator.emitCatch(generator.finallyActionRegister(), unused);
-        // Setting the finallyActionRegister to the caught exception here implies CompletionType::Throw.
-
-        // Entry to the finally block for CompletionTypes other than Throw.
-        generator.emitLabel(finallyLabel.get());
-        generator.restoreScopeRegister();
+        RefPtr<Label> preFinallyLabel = generator.emitLabel(generator.newLabel().get());
+        
+        generator.popFinallyControlFlowScope();
+
+        RefPtr<Label> finallyEndLabel = generator.newLabel();
 
         int finallyStartOffset = m_catchBlock ? m_catchBlock->endOffset() + 1 : m_tryBlock->endOffset() + 1;
+
+        // Normal path: run the finally code, and jump to the end.
         generator.emitProfileControlFlow(finallyStartOffset);
         generator.emitNodeInTailPosition(dst, m_finallyBlock);
-
-        generator.emitFinallyCompletion(finallyContext, finallyEndLabel.get());
+        generator.emitProfileControlFlow(m_finallyBlock->endOffset() + 1);
+        generator.emitJump(finallyEndLabel.get());
+
+        // Uncaught exception path: invoke the finally block, then re-throw the exception.
+        RefPtr<RegisterID> exceptionRegister = generator.newTemporary();
+        RefPtr<RegisterID> thrownValueRegister = generator.newTemporary();
+        generator.popTryAndEmitCatch(tryData, exceptionRegister.get(), thrownValueRegister.get(), preFinallyLabel.get(), HandlerType::Finally);
+        generator.emitProfileControlFlow(finallyStartOffset);
+        generator.emitNodeInTailPosition(dst, m_finallyBlock);
+        generator.emitThrow(exceptionRegister.get());
+
         generator.emitLabel(finallyEndLabel.get());
         generator.emitProfileControlFlow(m_finallyBlock->endOffset() + 1);
-    }
+    } else
+        generator.emitProfileControlFlow(m_catchBlock->endOffset() + 1);
+
 }
 

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2016-12-19  Mark Lam  <mark.lam@apple.com>
+
+        Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 2: Rollout r209952.
+        https://bugs.webkit.org/show_bug.cgi?id=166049
+
+        Not reviewed.
+
+        * wtf/SegmentedVector.h:
+        (WTF::SegmentedVector::last):
+        (WTF::SegmentedVector::first): Deleted.
+        (WTF::SegmentedVector::takeLast): Deleted.
+
 2016-12-16  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/WTF/wtf/SegmentedVector.h

@@ -128 +128 @@
         }
 
-        T& first() { return at(0); }
-        const T& first() const { return at(0); }
-        T& last() { return at(size() - 1); }
-        const T& last() const { return at(size() - 1); }
-
-        T takeLast()
-        {
-            ASSERT_WITH_SECURITY_IMPLICATION(!isEmpty());
-            T result = WTFMove(last());
-            --m_size;
-            return result;
+        T& last()
+        {
+            return at(size() - 1);
         }