Changeset 272580 in webkit

Timestamp:

Feb 9, 2021 8:30:24 AM (18 months ago)

Author:

Caio Lima

Message:

[ESNext] Implement private methods
​https://bugs.webkit.org/show_bug.cgi?id=194434

Reviewed by Filip Pizlo.

JSTests:

• stress/private-brand-installed-after-super-call-from-arrow-function.js: Added.
• stress/private-brand-installed-after-super-call-from-eval.js: Added.
• stress/private-method-brand-check.js: Added.
• stress/private-method-change-attribute-from-branded-structure.js: Added.
• stress/private-method-change-prototype-from-branded-structure.js: Added.
• stress/private-method-check-private-brand-ic.js: Added.
• stress/private-method-check-structure-miss.js: Added.
• stress/private-method-comparison.js: Added.
• stress/private-method-delete-property-from-branded-structure.js: Added.
• stress/private-method-extends-brand-check.js: Added.
• stress/private-method-get-and-call.js: Added.
• stress/private-method-invalid-multiple-brand-installation.js: Added.
• stress/private-method-invalidate-compiled-with-constant-symbol.js: Added.
• stress/private-method-nested-class.js: Added.
• stress/private-method-on-sealed-objects.js: Added.
• stress/private-method-on-uncacheable-dictionary.js: Added.
• stress/private-method-polymorphic-with-constant-symbol.js: Added.
• stress/private-method-set-brand-should-have-write-barrier.js: Added.
• stress/private-method-untyped-use.js: Added.
• stress/private-method-with-uncacheable-dictionary-transition.js: Added.
• stress/private-methods-inline-cache.js: Added.
• stress/private-methods-megamorphic-ic.js: Added.
• stress/private-methods-on-proxy.js: Added.
• stress/private-methods-poly-ic-multiple-classes.js: Added.
• stress/private-methods-poly-ic-single-class.js: Added.
• stress/private-names-available-on-direct-eval.js: Added.
• test262/config.yaml:

Source/JavaScriptCore:

This patch is adding support to private methods following the
specification on ​https://tc39.es/proposal-private-methods/.
This is introducing a new way to declare private methods on
class syntax. Private methods are only accessible within
classes they were declared, and only can be called from
objects that are instance of these classes.
To guarantee such rules, the proposal presents the concept of
Brand Check. During class evaluation, if a private method is present,
a brand is installed in this class. Every instance of such class
then gets this brand installed during [[Construct]] operation. It
means that an object can have multiple brands (e.g when there is also
private methods declared on super class). Before accessing a private
method, there is a check to validate if the target of the call has the
brand of callee method.
The brand check mechanism is implemented using a @privateBrand
stored on class scope. Here is a representation of how this mechanism
works:

`
class C {

#m() { return 3; }
method() { return this.#m(); }

}

let c = new C();
console.log(c.method()); prints 3
`

Generated bytecode for the following representation:
`
{ class lexical scope

const @privateBrand = @createPrivateSymbol();
const #m = function () { return 3; }
C.prototype.method = function() {

@check_private_brand(this, @privateBrand);
return #m.call(this);

}
C = function() {

@set_private_brand(this, @privateBrand);

}

}

let c = new C();
console.log(c.method()); prints 3
`

# Resolving correct brand to check

In the case of shadowing or nested scope, we need to emit brand
checks to the right private brand. See code below:

`
class C {

#m() { return 3; }
method() { return this.#m();}

A = class {

#m2() { return 3; }
foo(o) { return o.#m(); }

}

}
`

The call of "#m" in foo refers to "C::#m". In such case, we need to
check C's private brand, instead of A's private brand.
To perform the proper check, we first resolve scope of "#m" and then
check the private brand of this scope (the scope where the private
method and brand are stored is the same).
So the bytecode to lookup the right brand is:

`
mov loc9, arg1
resolve_scope loc10, "#m"
get_from_scope loc11, loc10, "@privateBrand"
check_private_brand loc9, loc11
get_from_scope loc11, loc10, "#m"
setup call frame
call loc11, ...
...
`

# Brand check mechanism

We are introducing in this patch 2 new bytecodes to allow brand check
of objects: op_set_brand and op_check_brand.
op_set_brand sets a new brand in an object, so we can perform the brand
check later when accessing private methods. This operations throws when
trying to add the same brand twice in an Object.
op_check_brand checks if the given object contains the brand we are
looking for. It traverses the brand chain to verify if the brand is
present, and throws TypeError otherwise.

We are also introducing a subclass for Structure called BrandedStructure.
It is used to store brands and to allow brand check mechanism. BrandedStructure
stores a brand and a parent pointer to another BrandedStructure that allow
us traverse the brand chain. With BrandedStructure, we can then
infer that a given object has the brand we are looking for just
checking its structureId. This is a very good optimization, since we can
reduce most of brand checks to structure checks.

We created a new kind of transition called SetBrand that happens when
op_set_brand is executed. This allow us to cache such kind of
trasitions on trasition table using the key `<brand->uid, 0,
TransitionKind::SetBrand>`. During this transition, we take previous
structure and apply one of the following rules:

1. If it's a BrandedStructure, we then set it to m_parentBrand, to allow proper brand chain check.

2. If it's not a BrandedStructure, we set m_parentBrand to nullptr, meaning that this is the first brand being added to the object with this structure.

For now, we are using the flag isBrandedStructure to identify that a
given Structure is a BrandedStructure. This is done to avoid changes
on places where we are checking for vm.structureStructure().
However, if we ever need space on Structure, this flag is a good
candidate to be deleted and we can move to a solution that uses
vm.brandedStructureStructure();

# JIT Support

This patch also includes initial JIT support for set_private_brand
and check_private_brand. On Baseline JIT, we are using
JITPravateBrandAccessGenerator to support IC for both operands.
On DFGByteCodeParser we are trying to inline brand access whenever
possible, and fallbacking to SetPrivateBrand and
CheckPrivateBrand otherwise. Those nodes are not being optimized at
their full potential, but the code generated by them is also relying on
JITPrivateBrandAccessGenerator to have IC support for both DFG and
FTL. During DFG parsing, we try to reduce those access to CheckIsConstant
and CheckStructure (with PutStructure for set_private_brand cases)
based on available profiled data. This is meant to make brand checks
almost free on DFG/FTL tiers when we have a single evaluation of a
class, since the CheckIsConstant can be eliminated by the constant-folded
scope load, and the CheckStructure is very likely to be redundant
to any other CheckStructure that can be performed on receiver
when we have a finite structure set.
For instance, when we have a brand check on a path-of-no-return to
a GetByOffset sequence on the same receiver, the CheckStructure
for the brand check will enable CSE of the CheckStructure that
would happen for that GetByOffset. Such design is possible because brand
checks supports polymorphic access very similr to what we have for
GetByOffset sequences.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createDefaultConstructor):
(JSC::BuiltinExecutables::createExecutable):

• builtins/BuiltinExecutables.h:

We are adding a new parameter PrivateBrandRequirement to propagate
when a default constructor needs to emit code to setup private brand
on instances.

• builtins/BuiltinNames.h:

Adding @privateBrand that we use to store private brand on
class's scope.

• bytecode/AccessCase.cpp:

(JSC::AccessCase::createCheckPrivateBrand):
(JSC::AccessCase::createSetPrivateBrand):
(JSC::AccessCase::requiresIdentifierNameMatch const):
(JSC::AccessCase::requiresInt32PropertyCheck const):
(JSC::AccessCase::needsScratchFPR const):
(JSC::AccessCase::forEachDependentCell const):
(JSC::AccessCase::doesCalls const):
(JSC::AccessCase::canReplace const):
(JSC::AccessCase::dump const):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generateImpl):

• bytecode/AccessCase.h:

(JSC::AccessCase::structure const):
(JSC::AccessCase::newStructure const):

• bytecode/BytecodeList.rb:
• bytecode/BytecodeUseDef.cpp:

(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):

• bytecode/CheckPrivateBrandStatus.cpp: Added.

(JSC::CheckPrivateBrandStatus::appendVariant):
(JSC::CheckPrivateBrandStatus::computeForBaseline):
(JSC::CheckPrivateBrandStatus::CheckPrivateBrandStatus):
(JSC::CheckPrivateBrandStatus::computeForStubInfoWithoutExitSiteFeedback):
(JSC::CheckPrivateBrandStatus::computeFor):
(JSC::CheckPrivateBrandStatus::slowVersion const):
(JSC::CheckPrivateBrandStatus::merge):
(JSC::CheckPrivateBrandStatus::filter):
(JSC::CheckPrivateBrandStatus::singleIdentifier const):
(JSC::CheckPrivateBrandStatus::visitAggregate):
(JSC::CheckPrivateBrandStatus::markIfCheap):
(JSC::CheckPrivateBrandStatus::finalize):
(JSC::CheckPrivateBrandStatus::dump const):

• bytecode/CheckPrivateBrandStatus.h: Added.
• bytecode/CheckPrivateBrandVariant.cpp: Added.

(JSC::CheckPrivateBrandVariant::CheckPrivateBrandVariant):
(JSC::CheckPrivateBrandVariant::~CheckPrivateBrandVariant):
(JSC::CheckPrivateBrandVariant::attemptToMerge):
(JSC::CheckPrivateBrandVariant::markIfCheap):
(JSC::CheckPrivateBrandVariant::finalize):
(JSC::CheckPrivateBrandVariant::visitAggregate):
(JSC::CheckPrivateBrandVariant::dump const):
(JSC::CheckPrivateBrandVariant::dumpInContext const):

• bytecode/CheckPrivateBrandVariant.h: Added.

(JSC::CheckPrivateBrandVariant::structureSet const):
(JSC::CheckPrivateBrandVariant::structureSet):
(JSC::CheckPrivateBrandVariant::identifier const):
(JSC::CheckPrivateBrandVariant::overlaps):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::finalizeLLIntInlineCaches):

• bytecode/ExecutableInfo.h:

(JSC::ExecutableInfo::ExecutableInfo):
(JSC::ExecutableInfo::privateBrandRequirement const):

• bytecode/PolymorphicAccess.cpp:

(JSC::PolymorphicAccess::regenerate):
(WTF::printInternal):

• bytecode/RecordedStatuses.cpp:

(JSC::RecordedStatuses::operator=):
(JSC::RecordedStatuses::addCheckPrivateBrandStatus):
(JSC::RecordedStatuses::addSetPrivateBrandStatus):
(JSC::RecordedStatuses::visitAggregate):
(JSC::RecordedStatuses::markIfCheap):

• bytecode/RecordedStatuses.h:

(JSC::RecordedStatuses::forEachVector):

• bytecode/SetPrivateBrandStatus.cpp: Added.

(JSC::SetPrivateBrandStatus::appendVariant):
(JSC::SetPrivateBrandStatus::computeForBaseline):
(JSC::SetPrivateBrandStatus::SetPrivateBrandStatus):
(JSC::SetPrivateBrandStatus::computeForStubInfoWithoutExitSiteFeedback):
(JSC::SetPrivateBrandStatus::computeFor):
(JSC::SetPrivateBrandStatus::slowVersion const):
(JSC::SetPrivateBrandStatus::merge):
(JSC::SetPrivateBrandStatus::filter):
(JSC::SetPrivateBrandStatus::singleIdentifier const):
(JSC::SetPrivateBrandStatus::visitAggregate):
(JSC::SetPrivateBrandStatus::markIfCheap):
(JSC::SetPrivateBrandStatus::finalize):
(JSC::SetPrivateBrandStatus::dump const):

• bytecode/SetPrivateBrandStatus.h: Added.
• bytecode/SetPrivateBrandVariant.cpp: Added.

(JSC::SetPrivateBrandVariant::SetPrivateBrandVariant):
(JSC::SetPrivateBrandVariant::~SetPrivateBrandVariant):
(JSC::SetPrivateBrandVariant::attemptToMerge):
(JSC::SetPrivateBrandVariant::markIfCheap):
(JSC::SetPrivateBrandVariant::finalize):
(JSC::SetPrivateBrandVariant::visitAggregate):
(JSC::SetPrivateBrandVariant::dump const):
(JSC::SetPrivateBrandVariant::dumpInContext const):

• bytecode/SetPrivateBrandVariant.h: Added.

(JSC::SetPrivateBrandVariant::oldStructure const):
(JSC::SetPrivateBrandVariant::newStructure const):
(JSC::SetPrivateBrandVariant::identifier const):
(JSC::SetPrivateBrandVariant::overlaps):

• bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::reset):

• bytecode/StructureStubInfo.h:
• bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

• bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::privateBrandRequirement const):

• bytecode/UnlinkedCodeBlockGenerator.h:

(JSC::UnlinkedCodeBlockGenerator::privateBrandRequirement const):

• bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

• bytecode/UnlinkedFunctionExecutable.h:
• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):

We changed BytecodeGenerator for FunctionNode and EvalNode to
propagate parentScope PrivateNameEnvironment. These environments stores
private name entries that are visible into the scope of the
function/eval.
This is required to identify the kind of access a private name is
referring to, since it can be a private field or a private method.

(JSC::BytecodeGenerator::instantiateLexicalVariables):
(JSC::BytecodeGenerator::emitGetPrivateName):
(JSC::BytecodeGenerator::emitCreatePrivateBrand):

The process to create a private brand is as follows:

1. Create a PrivateSymbol using @createPrivateSymbol.
2. Store this symbol into a given scope (i.e class lexical scope) on @privateBrand variable.

(JSC::BytecodeGenerator::emitInstallPrivateBrand):
(JSC::BytecodeGenerator::emitGetPrivateBrand):

We added m_privateNamesStack to BytecodeGenerator to represent the
scope chain of available private names while generating bytecode.

(JSC::BytecodeGenerator::emitCheckPrivateBrand):
(JSC::BytecodeGenerator::isPrivateMethod):
(JSC::BytecodeGenerator::pushPrivateAccessNames):
(JSC::BytecodeGenerator::popPrivateAccessNames):
(JSC::BytecodeGenerator::getAvailablePrivateAccessNames):
(JSC::BytecodeGenerator::emitNewDefaultConstructor):
(JSC::BytecodeGenerator::emitNewClassFieldInitializerFunction):
(JSC::BytecodeGenerator::emitDirectGetByVal): Deleted.

• bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::privateBrandRequirement const):
(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::makeFunction):

This change is required to properly propagate PrivateBrandRequirement
to arrow functions that can potentially call super().

• bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitDeclarePrivateFieldNames):
(JSC::PropertyListNode::emitBytecode):
(JSC::PropertyListNode::emitPutConstantProperty):
(JSC::BaseDotNode::emitGetPropertyValue):

Adding support to properly access private method. Since we store
private methods on class lexical scope, we need a different set of
instructions to access a private method.

(JSC::BaseDotNode::emitPutProperty):

In the case of we trying to write in a private method, we need to
throw a TypeError according to specification
(​https://tc39.es/proposal-private-methods/#sec-privatefieldset).

(JSC::FunctionCallValueNode::emitBytecode):
(JSC::PostfixNode::emitDot):
(JSC::PrefixNode::emitDot):
(JSC::ClassExprNode::emitBytecode):

• debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::evaluateWithScopeExtension):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::filterICStatus):

• dfg/DFGArgumentsEliminationPhase.cpp:
• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

• dfg/DFGClobbersExitState.cpp:

(JSC::DFG::clobbersExitState):

• dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• dfg/DFGGraph.h:
• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

• dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::addPrivateBrandAccess):

• dfg/DFGMayExit.cpp:
• dfg/DFGNode.h:

(JSC::DFG::Node::hasCheckPrivateBrandStatus):
(JSC::DFG::Node::checkPrivateBrandStatus):
(JSC::DFG::Node::hasSetPrivateBrandStatus):
(JSC::DFG::Node::setPrivateBrandStatus):

• dfg/DFGNodeType.h:
• dfg/DFGObjectAllocationSinkingPhase.cpp:
• dfg/DFGPredictionPropagationPhase.cpp:
• dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCheckPrivateBrand):
(JSC::DFG::SpeculativeJIT::compileSetPrivateBrand):

• dfg/DFGSpeculativeJIT.h:
• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGStoreBarrierInsertionPhase.cpp:
• dfg/DFGVarargsForwardingPhase.cpp:
• ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compilePrivateBrandAccess):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckPrivateBrand):
(JSC::FTL::DFG::LowerDFGToB3::compileSetPrivateBrand):

• interpreter/Interpreter.cpp:

(JSC::eval):

• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::link):

• jit/JIT.h:
• jit/JITInlineCacheGenerator.cpp:

(JSC::JITPrivateBrandAccessGenerator::JITPrivateBrandAccessGenerator):
(JSC::JITPrivateBrandAccessGenerator::generateFastPath):
(JSC::JITPrivateBrandAccessGenerator::finalize):

• jit/JITInlineCacheGenerator.h:

(JSC::JITPrivateBrandAccessGenerator::JITPrivateBrandAccessGenerator):
(JSC::JITPrivateBrandAccessGenerator::slowPathJump const):

• jit/JITOperations.cpp:

(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::getPrivateName):

• jit/JITOperations.h:
• jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):

• jit/Repatch.cpp:

(JSC::tryCacheCheckPrivateBrand):
(JSC::repatchCheckPrivateBrand):
(JSC::tryCacheSetPrivateBrand):
(JSC::repatchSetPrivateBrand):
(JSC::resetCheckPrivateBrand):
(JSC::resetSetPrivateBrand):

• jit/Repatch.h:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• parser/Nodes.cpp:

(JSC::FunctionMetadataNode::FunctionMetadataNode):

• parser/Nodes.h:

(JSC::BaseDotNode::isPrivateMember const):
(JSC::BaseDotNode::isPrivateField const): Deleted.

• parser/Parser.cpp:

(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseMemberExpression):

• parser/Parser.h:

(JSC::Scope::declarePrivateMethod):
(JSC::Scope::declarePrivateField):
(JSC::Parser<LexerType>::parse):
(JSC::parse):
(JSC::Scope::declarePrivateName): Deleted.

• parser/ParserModes.h:
• parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createDotAccess):

• parser/VariableEnvironment.cpp:

(JSC::VariableEnvironment::declarePrivateMethod):

• parser/VariableEnvironment.h:

(JSC::VariableEnvironmentEntry::isPrivateField const):
(JSC::VariableEnvironmentEntry::isPrivateMethod const):
(JSC::VariableEnvironmentEntry::setIsPrivateField):
(JSC::VariableEnvironmentEntry::setIsPrivateMethod):
(JSC::PrivateNameEntry::isMethod const):
(JSC::PrivateNameEntry::isPrivateMethodOrAcessor const):
(JSC::VariableEnvironment::addPrivateName):
(JSC::VariableEnvironment::declarePrivateField):
(JSC::VariableEnvironment::declarePrivateMethod):
(JSC::VariableEnvironment::privateNameEnvironment const):
(JSC::VariableEnvironment::hasPrivateMethodOrAccessor const):
(JSC::VariableEnvironment::addPrivateNamesFrom):
(JSC::VariableEnvironmentEntry::isPrivateName const): Deleted.
(JSC::VariableEnvironmentEntry::setIsPrivateName): Deleted.
(JSC::VariableEnvironment::declarePrivateName): Deleted.

• runtime/CachedTypes.cpp:

(JSC::CachedCodeBlockRareData::encode):
(JSC::CachedCodeBlockRareData::decode const):
(JSC::CachedFunctionExecutableRareData::encode):
(JSC::CachedFunctionExecutableRareData::decode const):
(JSC::CachedFunctionExecutable::privateBrandRequirement const):
(JSC::CachedCodeBlock::derivedContextType const):
(JSC::CachedFunctionExecutable::encode):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
(JSC::CachedCodeBlock::needsClassFieldInitializer const): Deleted.

• runtime/CodeCache.cpp:

(JSC::generateUnlinkedCodeBlockImpl):
(JSC::generateUnlinkedCodeBlock):
(JSC::generateUnlinkedCodeBlockForDirectEval):
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):

• runtime/CodeCache.h:
• runtime/DirectEvalExecutable.cpp:

(JSC::DirectEvalExecutable::create):
(JSC::DirectEvalExecutable::DirectEvalExecutable):

• runtime/DirectEvalExecutable.h:
• runtime/EvalExecutable.cpp:

(JSC::EvalExecutable::EvalExecutable):

• runtime/EvalExecutable.h:

(JSC::EvalExecutable::executableInfo const):
(JSC::EvalExecutable::privateBrandRequirement const):

• runtime/ExceptionHelpers.cpp:

(JSC::createInvalidPrivateNameError):

• runtime/IndirectEvalExecutable.cpp:

(JSC::IndirectEvalExecutable::IndirectEvalExecutable):

• runtime/JSObject.h:
• runtime/JSObjectInlines.h:

(JSC::JSObject::checkPrivateBrand):
(JSC::JSObject::setPrivateBrand):

• runtime/JSScope.cpp:

(JSC::JSScope::collectClosureVariablesUnderTDZ):

• runtime/JSScope.h:
• runtime/ModuleProgramExecutable.h:
• runtime/Options.cpp:

(JSC::Options::recomputeDependentOptions):

• runtime/OptionsList.h:
• runtime/ProgramExecutable.h:
• runtime/Structure.cpp:

(JSC::Structure::materializePropertyTable):
(JSC::BrandedStructure::BrandedStructure):
(JSC::BrandedStructure::create):
(JSC::BrandedStructure::checkBrand):
(JSC::Structure::setBrandTransitionFromExistingStructureImpl):
(JSC::Structure::setBrandTransitionFromExistingStructureConcurrently):
(JSC::Structure::setBrandTransition):

• runtime/Structure.h:

(JSC::Structure::finishCreation):

• runtime/StructureInlines.h:

(JSC::Structure::create):
(JSC::Structure::forEachPropertyConcurrently):

• runtime/StructureTransitionTable.h:
• runtime/SymbolTable.cpp:

(JSC::SymbolTable::cloneScopePart):

• runtime/SymbolTable.h:
• runtime/VM.cpp:

(JSC::VM::VM):

• runtime/VM.h:

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/private-brand-installed-after-super-call-from-arrow-function.js (added)
• JSTests/stress/private-brand-installed-after-super-call-from-eval.js (added)
• JSTests/stress/private-method-brand-check.js (added)
• JSTests/stress/private-method-change-attribute-from-branded-structure.js (added)
• JSTests/stress/private-method-change-prototype-from-branded-structure.js (added)
• JSTests/stress/private-method-check-private-brand-ic.js (added)
• JSTests/stress/private-method-check-structure-miss.js (added)
• JSTests/stress/private-method-comparison.js (added)
• JSTests/stress/private-method-delete-property-from-branded-structure.js (added)
• JSTests/stress/private-method-extends-brand-check.js (added)
• JSTests/stress/private-method-get-and-call.js (added)
• JSTests/stress/private-method-invalid-multiple-brand-installation.js (added)
• JSTests/stress/private-method-invalidate-compiled-with-constant-symbol.js (added)
• JSTests/stress/private-method-nested-class.js (added)
• JSTests/stress/private-method-on-sealed-objects.js (added)
• JSTests/stress/private-method-on-uncacheable-dictionary.js (added)
• JSTests/stress/private-method-polymorphic-with-constant-symbol.js (added)
• JSTests/stress/private-method-set-brand-should-have-write-barrier.js (added)
• JSTests/stress/private-method-untyped-use.js (added)
• JSTests/stress/private-method-with-uncacheable-dictionary-transition.js (added)
• JSTests/stress/private-methods-inline-cache.js (added)
• JSTests/stress/private-methods-megamorphic-ic.js (added)
• JSTests/stress/private-methods-on-proxy.js (added)
• JSTests/stress/private-methods-poly-ic-multiple-classes.js (added)
• JSTests/stress/private-methods-poly-ic-single-class.js (added)
• JSTests/stress/private-names-available-on-direct-eval.js (added)
• JSTests/test262/config.yaml (modified) (2 diffs)
• Source/JavaScriptCore/CMakeLists.txt (modified) (3 diffs)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (9 diffs)
• Source/JavaScriptCore/Sources.txt (modified) (3 diffs)
• Source/JavaScriptCore/builtins/BuiltinExecutables.cpp (modified) (4 diffs)
• Source/JavaScriptCore/builtins/BuiltinExecutables.h (modified) (1 diff)
• Source/JavaScriptCore/builtins/BuiltinNames.h (modified) (1 diff)
• Source/JavaScriptCore/bytecode/AccessCase.cpp (modified) (11 diffs)
• Source/JavaScriptCore/bytecode/AccessCase.h (modified) (4 diffs)
• Source/JavaScriptCore/bytecode/BytecodeList.rb (modified) (1 diff)
• Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/CheckPrivateBrandStatus.cpp (added)
• Source/JavaScriptCore/bytecode/CheckPrivateBrandStatus.h (added)
• Source/JavaScriptCore/bytecode/CheckPrivateBrandVariant.cpp (added)
• Source/JavaScriptCore/bytecode/CheckPrivateBrandVariant.h (added)
• Source/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/ExecutableInfo.h (modified) (3 diffs)
• Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/RecordedStatuses.cpp (modified) (4 diffs)
• Source/JavaScriptCore/bytecode/RecordedStatuses.h (modified) (4 diffs)
• Source/JavaScriptCore/bytecode/SetPrivateBrandStatus.cpp (added)
• Source/JavaScriptCore/bytecode/SetPrivateBrandStatus.h (added)
• Source/JavaScriptCore/bytecode/SetPrivateBrandVariant.cpp (added)
• Source/JavaScriptCore/bytecode/SetPrivateBrandVariant.h (added)
• Source/JavaScriptCore/bytecode/StructureStubInfo.cpp (modified) (1 diff)
• Source/JavaScriptCore/bytecode/StructureStubInfo.h (modified) (3 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (modified) (1 diff)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h (modified) (1 diff)
• Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp (modified) (5 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h (modified) (6 diffs)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (15 diffs)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (modified) (12 diffs)
• Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (17 diffs)
• Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (modified) (5 diffs)
• Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (modified) (3 diffs)
• Source/JavaScriptCore/dfg/DFGCapabilities.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGClobberize.h (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGDoesGC.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGJITCompiler.h (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGMayExit.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGNode.h (modified) (3 diffs)
• Source/JavaScriptCore/dfg/DFGNodeType.h (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGSafeToExecute.h (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.cpp (modified) (2 diffs)
• Source/JavaScriptCore/ftl/FTLCapabilities.cpp (modified) (2 diffs)
• Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (modified) (3 diffs)
• Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/ICStats.h (modified) (1 diff)
• Source/JavaScriptCore/jit/JIT.cpp (modified) (5 diffs)
• Source/JavaScriptCore/jit/JIT.h (modified) (4 diffs)
• Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JITInlineCacheGenerator.h (modified) (1 diff)
• Source/JavaScriptCore/jit/JITOperations.cpp (modified) (3 diffs)
• Source/JavaScriptCore/jit/JITOperations.h (modified) (1 diff)
• Source/JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/Repatch.cpp (modified) (2 diffs)
• Source/JavaScriptCore/jit/Repatch.h (modified) (2 diffs)
• Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LLIntSlowPaths.h (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (1 diff)
• Source/JavaScriptCore/parser/Nodes.cpp (modified) (2 diffs)
• Source/JavaScriptCore/parser/Nodes.h (modified) (8 diffs)
• Source/JavaScriptCore/parser/Parser.cpp (modified) (5 diffs)
• Source/JavaScriptCore/parser/Parser.h (modified) (5 diffs)
• Source/JavaScriptCore/parser/ParserModes.h (modified) (1 diff)
• Source/JavaScriptCore/parser/SyntaxChecker.h (modified) (1 diff)
• Source/JavaScriptCore/parser/VariableEnvironment.cpp (modified) (1 diff)
• Source/JavaScriptCore/parser/VariableEnvironment.h (modified) (13 diffs)
• Source/JavaScriptCore/runtime/BrandedStructure.cpp (copied) (copied from trunk/Source/JavaScriptCore/runtime/DirectEvalExecutable.h) (2 diffs)
• Source/JavaScriptCore/runtime/BrandedStructure.h (copied) (copied from trunk/Source/JavaScriptCore/runtime/DirectEvalExecutable.h) (2 diffs)
• Source/JavaScriptCore/runtime/CachedTypes.cpp (modified) (14 diffs)
• Source/JavaScriptCore/runtime/CodeCache.cpp (modified) (6 diffs)
• Source/JavaScriptCore/runtime/CodeCache.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/DirectEvalExecutable.cpp (modified) (4 diffs)
• Source/JavaScriptCore/runtime/DirectEvalExecutable.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/EvalExecutable.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/EvalExecutable.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/ExceptionHelpers.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/IndirectEvalExecutable.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSObject.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSObjectInlines.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/JSScope.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSScope.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/ModuleProgramExecutable.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/Options.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/OptionsList.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/ProgramExecutable.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/Structure.cpp (modified) (3 diffs)
• Source/JavaScriptCore/runtime/Structure.h (modified) (7 diffs)
• Source/JavaScriptCore/runtime/StructureInlines.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/StructureTransitionTable.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/SymbolTable.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/SymbolTable.h (modified) (5 diffs)
• Source/JavaScriptCore/runtime/VM.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/VM.h (modified) (1 diff)

trunk/JSTests/ChangeLog

@@ +1 @@
+2021-02-09  Caio Lima  <ticaiolima@gmail.com>
+
+        [ESNext] Implement private methods
+        https://bugs.webkit.org/show_bug.cgi?id=194434
+
+        Reviewed by Filip Pizlo.
+
+        * stress/private-brand-installed-after-super-call-from-arrow-function.js: Added.
+        * stress/private-brand-installed-after-super-call-from-eval.js: Added.
+        * stress/private-method-brand-check.js: Added.
+        * stress/private-method-change-attribute-from-branded-structure.js: Added.
+        * stress/private-method-change-prototype-from-branded-structure.js: Added.
+        * stress/private-method-check-private-brand-ic.js: Added.
+        * stress/private-method-check-structure-miss.js: Added.
+        * stress/private-method-comparison.js: Added.
+        * stress/private-method-delete-property-from-branded-structure.js: Added.
+        * stress/private-method-extends-brand-check.js: Added.
+        * stress/private-method-get-and-call.js: Added.
+        * stress/private-method-invalid-multiple-brand-installation.js: Added.
+        * stress/private-method-invalidate-compiled-with-constant-symbol.js: Added.
+        * stress/private-method-nested-class.js: Added.
+        * stress/private-method-on-sealed-objects.js: Added.
+        * stress/private-method-on-uncacheable-dictionary.js: Added.
+        * stress/private-method-polymorphic-with-constant-symbol.js: Added.
+        * stress/private-method-set-brand-should-have-write-barrier.js: Added.
+        * stress/private-method-untyped-use.js: Added.
+        * stress/private-method-with-uncacheable-dictionary-transition.js: Added.
+        * stress/private-methods-inline-cache.js: Added.
+        * stress/private-methods-megamorphic-ic.js: Added.
+        * stress/private-methods-on-proxy.js: Added.
+        * stress/private-methods-poly-ic-multiple-classes.js: Added.
+        * stress/private-methods-poly-ic-single-class.js: Added.
+        * stress/private-names-available-on-direct-eval.js: Added.
+        * test262/config.yaml:
+
 2021-02-06  Alexey Shvayka  <shvaikalesh@gmail.com>
 

trunk/JSTests/test262/config.yaml

@@ -5 +5 @@
   FinalizationRegistry: useWeakRefs
   class-fields-private: usePrivateClassFields
+  class-methods-private: usePrivateMethods
   class-static-fields-public: usePublicStaticClassFields
   class-static-fields-private: usePrivateStaticClassFields
@@ -20 +21 @@
     - legacy-regexp
 
-    - class-methods-private
     - class-static-methods-private
     - cleanupSome

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -539 +539 @@
     bytecode/CallMode.h
     bytecode/CallVariant.h
+    bytecode/CheckPrivateBrandStatus.h
+    bytecode/CheckPrivateBrandVariant.h
     bytecode/CodeBlock.h
     bytecode/CodeBlockHash.h
@@ -574 +576 @@
     bytecode/PropertyCondition.h
     bytecode/PutByIdFlags.h
+    bytecode/SetPrivateBrandStatus.h
+    bytecode/SetPrivateBrandVariant.h
     bytecode/SpeculatedType.h
     bytecode/StructureSet.h
@@ -829 +833 @@
     runtime/BooleanObject.h
     runtime/BooleanPrototype.h
+    runtime/BrandedStructure.h
     runtime/Butterfly.h
     runtime/ButterflyInlines.h

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2021-02-09  Caio Lima  <ticaiolima@gmail.com>
+
+        [ESNext] Implement private methods
+        https://bugs.webkit.org/show_bug.cgi?id=194434
+
+        Reviewed by Filip Pizlo.
+
+        This patch is adding support to private methods following the
+        specification on https://tc39.es/proposal-private-methods/.
+        This is introducing a new way to declare private methods on
+        class syntax. Private methods are only accessible within
+        classes they were declared, and only can be called from
+        objects that are instance of these classes.
+        To guarantee such rules, the proposal presents the concept of
+        Brand Check. During class evaluation, if a private method is present,
+        a `brand` is installed in this class. Every instance of such class
+        then gets this brand installed during `[[Construct]]` operation. It
+        means that an object can have multiple brands (e.g when there is also
+        private methods declared on super class). Before accessing a private
+        method, there is a check to validate if the target of the call has the
+        brand of callee method.
+        The brand check mechanism is implemented using a `@privateBrand`
+        stored on class scope. Here is a representation of how this mechanism
+        works:
+
+        ```
+        class C {
+            #m() { return 3; }
+            method() { return this.#m(); }
+        }
+
+        let c = new C();
+        console.log(c.method()); // prints 3
+        ```
+
+        Generated bytecode for the following representation:
+        ```
+        { // class lexical scope
+            const @privateBrand = @createPrivateSymbol();
+            const #m = function () { return 3; }
+            C.prototype.method = function() {
+                @check_private_brand(this, @privateBrand);
+                return #m.call(this);
+            }
+            C = function() {
+                @set_private_brand(this, @privateBrand);
+            }
+        }
+
+        let c = new C();
+        console.log(c.method()); // prints 3
+        ```
+
+        # Resolving correct brand to check
+
+        In the case of shadowing or nested scope, we need to emit brand
+        checks to the right private brand. See code below:
+
+        ```
+        class C {
+            #m() { return 3; }
+            method() { return this.#m();}
+
+            A = class {
+                #m2() { return 3; }
+                foo(o) { return o.#m(); }
+            }
+        }
+        ```
+
+        The call of "#m" in `foo` refers to "C::#m". In such case, we need to
+        check C's private brand, instead of A's private brand.
+        To perform the proper check, we first resolve scope of "#m" and then
+        check the private brand of this scope (the scope where the private
+        method and brand are stored is the same).
+        So the bytecode to lookup the right brand is:
+
+        ```
+        mov loc9, arg1
+        resolve_scope loc10, "#m"
+        get_from_scope loc11, loc10, "@privateBrand"
+        check_private_brand loc9, loc11
+        get_from_scope loc11, loc10, "#m"
+        // setup call frame
+        call loc11, ...
+        // ...
+        ```
+
+        # Brand check mechanism
+
+        We are introducing in this patch 2 new bytecodes to allow brand check
+        of objects: `op_set_brand` and `op_check_brand`.
+        `op_set_brand` sets a new brand in an object, so we can perform the brand
+        check later when accessing private methods. This operations throws when
+        trying to add the same brand twice in an Object.
+        `op_check_brand` checks if the given object contains the brand we are
+        looking for. It traverses the brand chain to verify if the brand is
+        present, and throws `TypeError` otherwise.
+
+        We are also introducing a subclass for Structure called BrandedStructure.
+        It is used to store brands and to allow brand check mechanism. BrandedStructure
+        stores a brand and a parent pointer to another BrandedStructure that allow
+        us traverse the brand chain. With `BrandedStructure`, we can then
+        infer that a given object has the brand we are looking for just
+        checking its structureId. This is a very good optimization, since we can
+        reduce most of brand checks to structure checks.
+
+        We created a new kind of transition called `SetBrand` that happens when
+        `op_set_brand` is executed. This allow us to cache such kind of
+        trasitions on trasition table using the key `<brand->uid, 0,
+        TransitionKind::SetBrand>`. During this transition, we take previous
+        structure and apply one of the following rules:
+
+            1. If it's a BrandedStructure, we then set it to `m_parentBrand`,
+            to allow proper brand chain check.
+        
+            2. If it's not a BrandedStructure, we set `m_parentBrand` to `nullptr`,
+            meaning that this is the first brand being added to the object
+            with this structure.
+        
+        For now, we are using the flag `isBrandedStructure` to identify that a
+        given Structure is a BrandedStructure. This is done to avoid changes
+        on places where we are checking for `vm.structureStructure()`.
+        However, if we ever need space on Structure, this flag is a good
+        candidate to be deleted and we can move to a solution that uses
+        `vm.brandedStructureStructure()`;
+
+         # JIT Support
+
+        This patch also includes initial JIT support for `set_private_brand`
+        and `check_private_brand`. On Baseline JIT, we are using
+        `JITPravateBrandAccessGenerator` to support IC for both operands.
+        On `DFGByteCodeParser` we are trying to inline brand access whenever
+        possible, and fallbacking to `SetPrivateBrand` and
+        `CheckPrivateBrand` otherwise. Those nodes are not being optimized at
+        their full potential, but the code generated by them is also relying on 
+        `JITPrivateBrandAccessGenerator` to have IC support for both DFG and
+        FTL. During DFG parsing, we try to reduce those access  to `CheckIsConstant`
+        and `CheckStructure` (with `PutStructure` for `set_private_brand` cases)
+        based on available profiled data. This is meant to make brand checks
+        almost free on DFG/FTL tiers when we have a single evaluation of a
+        class, since the `CheckIsConstant` can be eliminated by the constant-folded
+        scope load, and the `CheckStructure` is very likely to be redundant
+        to any other `CheckStructure` that can be performed on receiver
+        when we have a finite structure set.
+        For instance, when we have a brand check on a path-of-no-return to
+        a `GetByOffset` sequence on the same receiver, the `CheckStructure`
+        for the brand check will enable CSE of the `CheckStructure` that
+        would happen for that `GetByOffset`. Such design is possible because brand
+        checks supports polymorphic access very similr to what we have for
+        `GetByOffset` sequences.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * builtins/BuiltinExecutables.cpp:
+        (JSC::BuiltinExecutables::createDefaultConstructor):
+        (JSC::BuiltinExecutables::createExecutable):
+        * builtins/BuiltinExecutables.h:
+
+        We are adding a new parameter `PrivateBrandRequirement` to propagate
+        when a default constructor needs to emit code to setup private brand
+        on instances.
+
+        * builtins/BuiltinNames.h:
+
+        Adding `@privateBrand` that  we use to store private brand on
+        class's scope.
+
+        * bytecode/AccessCase.cpp:
+        (JSC::AccessCase::createCheckPrivateBrand):
+        (JSC::AccessCase::createSetPrivateBrand):
+        (JSC::AccessCase::requiresIdentifierNameMatch const):
+        (JSC::AccessCase::requiresInt32PropertyCheck const):
+        (JSC::AccessCase::needsScratchFPR const):
+        (JSC::AccessCase::forEachDependentCell const):
+        (JSC::AccessCase::doesCalls const):
+        (JSC::AccessCase::canReplace const):
+        (JSC::AccessCase::dump const):
+        (JSC::AccessCase::generateWithGuard):
+        (JSC::AccessCase::generateImpl):
+        * bytecode/AccessCase.h:
+        (JSC::AccessCase::structure const):
+        (JSC::AccessCase::newStructure const):
+        * bytecode/BytecodeList.rb:
+        * bytecode/BytecodeUseDef.cpp:
+        (JSC::computeUsesForBytecodeIndexImpl):
+        (JSC::computeDefsForBytecodeIndexImpl):
+        * bytecode/CheckPrivateBrandStatus.cpp: Added.
+        (JSC::CheckPrivateBrandStatus::appendVariant):
+        (JSC::CheckPrivateBrandStatus::computeForBaseline):
+        (JSC::CheckPrivateBrandStatus::CheckPrivateBrandStatus):
+        (JSC::CheckPrivateBrandStatus::computeForStubInfoWithoutExitSiteFeedback):
+        (JSC::CheckPrivateBrandStatus::computeFor):
+        (JSC::CheckPrivateBrandStatus::slowVersion const):
+        (JSC::CheckPrivateBrandStatus::merge):
+        (JSC::CheckPrivateBrandStatus::filter):
+        (JSC::CheckPrivateBrandStatus::singleIdentifier const):
+        (JSC::CheckPrivateBrandStatus::visitAggregate):
+        (JSC::CheckPrivateBrandStatus::markIfCheap):
+        (JSC::CheckPrivateBrandStatus::finalize):
+        (JSC::CheckPrivateBrandStatus::dump const):
+        * bytecode/CheckPrivateBrandStatus.h: Added.
+        * bytecode/CheckPrivateBrandVariant.cpp: Added.
+        (JSC::CheckPrivateBrandVariant::CheckPrivateBrandVariant):
+        (JSC::CheckPrivateBrandVariant::~CheckPrivateBrandVariant):
+        (JSC::CheckPrivateBrandVariant::attemptToMerge):
+        (JSC::CheckPrivateBrandVariant::markIfCheap):
+        (JSC::CheckPrivateBrandVariant::finalize):
+        (JSC::CheckPrivateBrandVariant::visitAggregate):
+        (JSC::CheckPrivateBrandVariant::dump const):
+        (JSC::CheckPrivateBrandVariant::dumpInContext const):
+        * bytecode/CheckPrivateBrandVariant.h: Added.
+        (JSC::CheckPrivateBrandVariant::structureSet const):
+        (JSC::CheckPrivateBrandVariant::structureSet):
+        (JSC::CheckPrivateBrandVariant::identifier const):
+        (JSC::CheckPrivateBrandVariant::overlaps):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::finishCreation):
+        (JSC::CodeBlock::finalizeLLIntInlineCaches):
+        * bytecode/ExecutableInfo.h:
+        (JSC::ExecutableInfo::ExecutableInfo):
+        (JSC::ExecutableInfo::privateBrandRequirement const):
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::PolymorphicAccess::regenerate):
+        (WTF::printInternal):
+        * bytecode/RecordedStatuses.cpp:
+        (JSC::RecordedStatuses::operator=):
+        (JSC::RecordedStatuses::addCheckPrivateBrandStatus):
+        (JSC::RecordedStatuses::addSetPrivateBrandStatus):
+        (JSC::RecordedStatuses::visitAggregate):
+        (JSC::RecordedStatuses::markIfCheap):
+        * bytecode/RecordedStatuses.h:
+        (JSC::RecordedStatuses::forEachVector):
+        * bytecode/SetPrivateBrandStatus.cpp: Added.
+        (JSC::SetPrivateBrandStatus::appendVariant):
+        (JSC::SetPrivateBrandStatus::computeForBaseline):
+        (JSC::SetPrivateBrandStatus::SetPrivateBrandStatus):
+        (JSC::SetPrivateBrandStatus::computeForStubInfoWithoutExitSiteFeedback):
+        (JSC::SetPrivateBrandStatus::computeFor):
+        (JSC::SetPrivateBrandStatus::slowVersion const):
+        (JSC::SetPrivateBrandStatus::merge):
+        (JSC::SetPrivateBrandStatus::filter):
+        (JSC::SetPrivateBrandStatus::singleIdentifier const):
+        (JSC::SetPrivateBrandStatus::visitAggregate):
+        (JSC::SetPrivateBrandStatus::markIfCheap):
+        (JSC::SetPrivateBrandStatus::finalize):
+        (JSC::SetPrivateBrandStatus::dump const):
+        * bytecode/SetPrivateBrandStatus.h: Added.
+        * bytecode/SetPrivateBrandVariant.cpp: Added.
+        (JSC::SetPrivateBrandVariant::SetPrivateBrandVariant):
+        (JSC::SetPrivateBrandVariant::~SetPrivateBrandVariant):
+        (JSC::SetPrivateBrandVariant::attemptToMerge):
+        (JSC::SetPrivateBrandVariant::markIfCheap):
+        (JSC::SetPrivateBrandVariant::finalize):
+        (JSC::SetPrivateBrandVariant::visitAggregate):
+        (JSC::SetPrivateBrandVariant::dump const):
+        (JSC::SetPrivateBrandVariant::dumpInContext const):
+        * bytecode/SetPrivateBrandVariant.h: Added.
+        (JSC::SetPrivateBrandVariant::oldStructure const):
+        (JSC::SetPrivateBrandVariant::newStructure const):
+        (JSC::SetPrivateBrandVariant::identifier const):
+        (JSC::SetPrivateBrandVariant::overlaps):
+        * bytecode/StructureStubInfo.cpp:
+        (JSC::StructureStubInfo::reset):
+        * bytecode/StructureStubInfo.h:
+        * bytecode/UnlinkedCodeBlock.cpp:
+        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
+        * bytecode/UnlinkedCodeBlock.h:
+        (JSC::UnlinkedCodeBlock::privateBrandRequirement const):
+        * bytecode/UnlinkedCodeBlockGenerator.h:
+        (JSC::UnlinkedCodeBlockGenerator::privateBrandRequirement const):
+        * bytecode/UnlinkedFunctionExecutable.cpp:
+        (JSC::generateUnlinkedFunctionCodeBlock):
+        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
+        * bytecode/UnlinkedFunctionExecutable.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+
+        We changed BytecodeGenerator for FunctionNode and EvalNode to
+        propagate parentScope PrivateNameEnvironment. These environments stores
+        private name entries that are visible into the scope of the
+        function/eval.
+        This is required to identify the kind of access a private name is
+        referring to, since it can be a private field or a private method.
+
+        (JSC::BytecodeGenerator::instantiateLexicalVariables):
+        (JSC::BytecodeGenerator::emitGetPrivateName):
+        (JSC::BytecodeGenerator::emitCreatePrivateBrand):
+
+        The process to create a private brand is as follows:
+            1. Create a PrivateSymbol using `@createPrivateSymbol`.
+            2. Store this symbol into a given scope (i.e class lexical scope)
+               on `@privateBrand` variable.
+
+        (JSC::BytecodeGenerator::emitInstallPrivateBrand):
+        (JSC::BytecodeGenerator::emitGetPrivateBrand):
+
+        We added `m_privateNamesStack` to BytecodeGenerator to represent the
+        scope chain of available private names while generating bytecode.
+
+        (JSC::BytecodeGenerator::emitCheckPrivateBrand):
+        (JSC::BytecodeGenerator::isPrivateMethod):
+        (JSC::BytecodeGenerator::pushPrivateAccessNames):
+        (JSC::BytecodeGenerator::popPrivateAccessNames):
+        (JSC::BytecodeGenerator::getAvailablePrivateAccessNames):
+        (JSC::BytecodeGenerator::emitNewDefaultConstructor):
+        (JSC::BytecodeGenerator::emitNewClassFieldInitializerFunction):
+        (JSC::BytecodeGenerator::emitDirectGetByVal): Deleted.
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::privateBrandRequirement const):
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::makeFunction):
+
+        This change is required to properly propagate PrivateBrandRequirement
+        to arrow functions that can potentially call `super()`.
+
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::PropertyListNode::emitDeclarePrivateFieldNames):
+        (JSC::PropertyListNode::emitBytecode):
+        (JSC::PropertyListNode::emitPutConstantProperty):
+        (JSC::BaseDotNode::emitGetPropertyValue):
+
+        Adding support to properly access private method. Since we store
+        private methods on class lexical scope, we need a different set of
+        instructions to access a private method.
+
+        (JSC::BaseDotNode::emitPutProperty):
+
+        In the case of we trying to write in a private method, we need to
+        throw a TypeError according to specification
+        (https://tc39.es/proposal-private-methods/#sec-privatefieldset).
+
+        (JSC::FunctionCallValueNode::emitBytecode):
+        (JSC::PostfixNode::emitDot):
+        (JSC::PrefixNode::emitDot):
+        (JSC::ClassExprNode::emitBytecode):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
+        * dfg/DFGAbstractInterpreterInlines.h:
+        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+        (JSC::DFG::AbstractInterpreter<AbstractStateType>::filterICStatus):
+        * dfg/DFGArgumentsEliminationPhase.cpp:
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * dfg/DFGCapabilities.cpp:
+        (JSC::DFG::capabilityLevel):
+        * dfg/DFGClobberize.h:
+        (JSC::DFG::clobberize):
+        * dfg/DFGClobbersExitState.cpp:
+        (JSC::DFG::clobbersExitState):
+        * dfg/DFGDoesGC.cpp:
+        (JSC::DFG::doesGC):
+        * dfg/DFGFixupPhase.cpp:
+        (JSC::DFG::FixupPhase::fixupNode):
+        * dfg/DFGGraph.h:
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::link):
+        * dfg/DFGJITCompiler.h:
+        (JSC::DFG::JITCompiler::addPrivateBrandAccess):
+        * dfg/DFGMayExit.cpp:
+        * dfg/DFGNode.h:
+        (JSC::DFG::Node::hasCheckPrivateBrandStatus):
+        (JSC::DFG::Node::checkPrivateBrandStatus):
+        (JSC::DFG::Node::hasSetPrivateBrandStatus):
+        (JSC::DFG::Node::setPrivateBrandStatus):
+        * dfg/DFGNodeType.h:
+        * dfg/DFGObjectAllocationSinkingPhase.cpp:
+        * dfg/DFGPredictionPropagationPhase.cpp:
+        * dfg/DFGSafeToExecute.h:
+        (JSC::DFG::safeToExecute):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileCheckPrivateBrand):
+        (JSC::DFG::SpeculativeJIT::compileSetPrivateBrand):
+        * dfg/DFGSpeculativeJIT.h:
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGStoreBarrierInsertionPhase.cpp:
+        * dfg/DFGVarargsForwardingPhase.cpp:
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileNode):
+        (JSC::FTL::DFG::LowerDFGToB3::compilePrivateBrandAccess):
+        (JSC::FTL::DFG::LowerDFGToB3::compileCheckPrivateBrand):
+        (JSC::FTL::DFG::LowerDFGToB3::compileSetPrivateBrand):
+        * interpreter/Interpreter.cpp:
+        (JSC::eval):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::link):
+        * jit/JIT.h:
+        * jit/JITInlineCacheGenerator.cpp:
+        (JSC::JITPrivateBrandAccessGenerator::JITPrivateBrandAccessGenerator):
+        (JSC::JITPrivateBrandAccessGenerator::generateFastPath):
+        (JSC::JITPrivateBrandAccessGenerator::finalize):
+        * jit/JITInlineCacheGenerator.h:
+        (JSC::JITPrivateBrandAccessGenerator::JITPrivateBrandAccessGenerator):
+        (JSC::JITPrivateBrandAccessGenerator::slowPathJump const):
+        * jit/JITOperations.cpp:
+        (JSC::JSC_DEFINE_JIT_OPERATION):
+        (JSC::getPrivateName):
+        * jit/JITOperations.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_set_private_brand):
+        (JSC::JIT::emitSlow_op_set_private_brand):
+        (JSC::JIT::emit_op_check_private_brand):
+        (JSC::JIT::emitSlow_op_check_private_brand):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emit_op_set_private_brand):
+        (JSC::JIT::emitSlow_op_set_private_brand):
+        (JSC::JIT::emit_op_check_private_brand):
+        (JSC::JIT::emitSlow_op_check_private_brand):
+        * jit/Repatch.cpp:
+        (JSC::tryCacheCheckPrivateBrand):
+        (JSC::repatchCheckPrivateBrand):
+        (JSC::tryCacheSetPrivateBrand):
+        (JSC::repatchSetPrivateBrand):
+        (JSC::resetCheckPrivateBrand):
+        (JSC::resetSetPrivateBrand):
+        * jit/Repatch.h:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * llint/LLIntSlowPaths.h:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * parser/Nodes.cpp:
+        (JSC::FunctionMetadataNode::FunctionMetadataNode):
+        * parser/Nodes.h:
+        (JSC::BaseDotNode::isPrivateMember const):
+        (JSC::BaseDotNode::isPrivateField const): Deleted.
+        * parser/Parser.cpp:
+        (JSC::Parser<LexerType>::parseClass):
+        (JSC::Parser<LexerType>::parseMemberExpression):
+        * parser/Parser.h:
+        (JSC::Scope::declarePrivateMethod):
+        (JSC::Scope::declarePrivateField):
+        (JSC::Parser<LexerType>::parse):
+        (JSC::parse):
+        (JSC::Scope::declarePrivateName): Deleted.
+        * parser/ParserModes.h:
+        * parser/SyntaxChecker.h:
+        (JSC::SyntaxChecker::createDotAccess):
+        * parser/VariableEnvironment.cpp:
+        (JSC::VariableEnvironment::declarePrivateMethod):
+        * parser/VariableEnvironment.h:
+        (JSC::VariableEnvironmentEntry::isPrivateField const):
+        (JSC::VariableEnvironmentEntry::isPrivateMethod const):
+        (JSC::VariableEnvironmentEntry::setIsPrivateField):
+        (JSC::VariableEnvironmentEntry::setIsPrivateMethod):
+        (JSC::PrivateNameEntry::isMethod const):
+        (JSC::PrivateNameEntry::isPrivateMethodOrAcessor const):
+        (JSC::VariableEnvironment::addPrivateName):
+        (JSC::VariableEnvironment::declarePrivateField):
+        (JSC::VariableEnvironment::declarePrivateMethod):
+        (JSC::VariableEnvironment::privateNameEnvironment const):
+        (JSC::VariableEnvironment::hasPrivateMethodOrAccessor const):
+        (JSC::VariableEnvironment::addPrivateNamesFrom):
+        (JSC::VariableEnvironmentEntry::isPrivateName const): Deleted.
+        (JSC::VariableEnvironmentEntry::setIsPrivateName): Deleted.
+        (JSC::VariableEnvironment::declarePrivateName): Deleted.
+        * runtime/CachedTypes.cpp:
+        (JSC::CachedCodeBlockRareData::encode):
+        (JSC::CachedCodeBlockRareData::decode const):
+        (JSC::CachedFunctionExecutableRareData::encode):
+        (JSC::CachedFunctionExecutableRareData::decode const):
+        (JSC::CachedFunctionExecutable::privateBrandRequirement const):
+        (JSC::CachedCodeBlock::derivedContextType const):
+        (JSC::CachedFunctionExecutable::encode):
+        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
+        (JSC::CachedCodeBlock::needsClassFieldInitializer const): Deleted.
+        * runtime/CodeCache.cpp:
+        (JSC::generateUnlinkedCodeBlockImpl):
+        (JSC::generateUnlinkedCodeBlock):
+        (JSC::generateUnlinkedCodeBlockForDirectEval):
+        (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
+        * runtime/CodeCache.h:
+        * runtime/DirectEvalExecutable.cpp:
+        (JSC::DirectEvalExecutable::create):
+        (JSC::DirectEvalExecutable::DirectEvalExecutable):
+        * runtime/DirectEvalExecutable.h:
+        * runtime/EvalExecutable.cpp:
+        (JSC::EvalExecutable::EvalExecutable):
+        * runtime/EvalExecutable.h:
+        (JSC::EvalExecutable::executableInfo const):
+        (JSC::EvalExecutable::privateBrandRequirement const):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createInvalidPrivateNameError):
+        * runtime/IndirectEvalExecutable.cpp:
+        (JSC::IndirectEvalExecutable::IndirectEvalExecutable):
+        * runtime/JSObject.h:
+        * runtime/JSObjectInlines.h:
+        (JSC::JSObject::checkPrivateBrand):
+        (JSC::JSObject::setPrivateBrand):
+        * runtime/JSScope.cpp:
+        (JSC::JSScope::collectClosureVariablesUnderTDZ):
+        * runtime/JSScope.h:
+        * runtime/ModuleProgramExecutable.h:
+        * runtime/Options.cpp:
+        (JSC::Options::recomputeDependentOptions):
+        * runtime/OptionsList.h:
+        * runtime/ProgramExecutable.h:
+        * runtime/Structure.cpp:
+        (JSC::Structure::materializePropertyTable):
+        (JSC::BrandedStructure::BrandedStructure):
+        (JSC::BrandedStructure::create):
+        (JSC::BrandedStructure::checkBrand):
+        (JSC::Structure::setBrandTransitionFromExistingStructureImpl):
+        (JSC::Structure::setBrandTransitionFromExistingStructureConcurrently):
+        (JSC::Structure::setBrandTransition):
+        * runtime/Structure.h:
+        (JSC::Structure::finishCreation):
+        * runtime/StructureInlines.h:
+        (JSC::Structure::create):
+        (JSC::Structure::forEachPropertyConcurrently):
+        * runtime/StructureTransitionTable.h:
+        * runtime/SymbolTable.cpp:
+        (JSC::SymbolTable::cloneScopePart):
+        * runtime/SymbolTable.h:
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+
 2021-02-09  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -1243 +1243 @@
                 86158AB3155C8B4000B45C9C /* PropertyName.h in Headers */ = {isa = PBXBuildFile; fileRef = 86158AB2155C8B3F00B45C9C /* PropertyName.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 861816771FB7924200ECC4EC /* BigIntObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 861816761FB7922F00ECC4EC /* BigIntObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                861AF60725D18C9D000B63E1 /* BrandedStructure.h in Headers */ = {isa = PBXBuildFile; fileRef = 861AF60625D18C9D000B63E1 /* BrandedStructure.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 862553D216136E1A009F17D0 /* JSProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = 862553CF16136AA5009F17D0 /* JSProxy.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                86281EF025B6160000367004 /* CheckPrivateBrandVariant.h in Headers */ = {isa = PBXBuildFile; fileRef = 86281EEF25B6160000367004 /* CheckPrivateBrandVariant.h */; };
+                86281EF425B61AF000367004 /* CheckPrivateBrandStatus.h in Headers */ = {isa = PBXBuildFile; fileRef = 86281EF325B61AF000367004 /* CheckPrivateBrandStatus.h */; };
                 863B23E00FC6118900703AA4 /* MacroAssemblerCodeRef.h in Headers */ = {isa = PBXBuildFile; fileRef = 863B23DF0FC60E6200703AA4 /* MacroAssemblerCodeRef.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 863FBC5A25B093B900F6C930 /* WasmValueLocation.h in Headers */ = {isa = PBXBuildFile; fileRef = 863FBC5825B093B900F6C930 /* WasmValueLocation.h */; };
                 865A30F1135007E100CDB49E /* JSCJSValueInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 865A30F0135007E100CDB49E /* JSCJSValueInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                865DA0C525B8957400875772 /* SetPrivateBrandVariant.h in Headers */ = {isa = PBXBuildFile; fileRef = 865DA0C425B8957400875772 /* SetPrivateBrandVariant.h */; };
+                865DA0C825B8960C00875772 /* SetPrivateBrandStatus.h in Headers */ = {isa = PBXBuildFile; fileRef = 865DA0C725B8960C00875772 /* SetPrivateBrandStatus.h */; };
                 866739D213BFDE710023D87C /* BigInteger.h in Headers */ = {isa = PBXBuildFile; fileRef = 866739D013BFDE710023D87C /* BigInteger.h */; };
                 866739D313BFDE710023D87C /* Uint16WithFraction.h in Headers */ = {isa = PBXBuildFile; fileRef = 866739D113BFDE710023D87C /* Uint16WithFraction.h */; };
@@ -4141 +4146 @@
                 861816761FB7922F00ECC4EC /* BigIntObject.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BigIntObject.h; sourceTree = "<group>"; };
                 861816781FB7931300ECC4EC /* BigIntObject.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = BigIntObject.cpp; sourceTree = "<group>"; };
+                861AF60625D18C9D000B63E1 /* BrandedStructure.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BrandedStructure.h; sourceTree = "<group>"; };
                 862553CE16136AA5009F17D0 /* JSProxy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSProxy.cpp; sourceTree = "<group>"; };
                 862553CF16136AA5009F17D0 /* JSProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSProxy.h; sourceTree = "<group>"; };
+                86281EEF25B6160000367004 /* CheckPrivateBrandVariant.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CheckPrivateBrandVariant.h; sourceTree = "<group>"; };
+                86281EF125B6165E00367004 /* CheckPrivateBrandVariant.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CheckPrivateBrandVariant.cpp; sourceTree = "<group>"; };
+                86281EF325B61AF000367004 /* CheckPrivateBrandStatus.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CheckPrivateBrandStatus.h; sourceTree = "<group>"; };
+                86281EF525B61B0600367004 /* CheckPrivateBrandStatus.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CheckPrivateBrandStatus.cpp; sourceTree = "<group>"; };
                 863B23DF0FC60E6200703AA4 /* MacroAssemblerCodeRef.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MacroAssemblerCodeRef.h; sourceTree = "<group>"; };
                 863C6D981521111200585E4E /* YarrCanonicalizeUCS2.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = YarrCanonicalizeUCS2.cpp; path = yarr/YarrCanonicalizeUCS2.cpp; sourceTree = "<group>"; };
@@ -4153 +4163 @@
                 8640923C156EED3B00566CB2 /* MacroAssemblerARM64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MacroAssemblerARM64.h; sourceTree = "<group>"; };
                 865A30F0135007E100CDB49E /* JSCJSValueInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSCJSValueInlines.h; sourceTree = "<group>"; };
+                865DA0C425B8957400875772 /* SetPrivateBrandVariant.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SetPrivateBrandVariant.h; sourceTree = "<group>"; };
+                865DA0C625B8959E00875772 /* SetPrivateBrandVariant.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = SetPrivateBrandVariant.cpp; sourceTree = "<group>"; };
+                865DA0C725B8960C00875772 /* SetPrivateBrandStatus.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SetPrivateBrandStatus.h; sourceTree = "<group>"; };
+                865DA0C925B8962A00875772 /* SetPrivateBrandStatus.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = SetPrivateBrandStatus.cpp; sourceTree = "<group>"; };
+                8664967A25D1DD1200516B36 /* BrandedStructure.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = BrandedStructure.cpp; sourceTree = "<group>"; };
                 866739D013BFDE710023D87C /* BigInteger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BigInteger.h; sourceTree = "<group>"; };
                 866739D113BFDE710023D87C /* Uint16WithFraction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Uint16WithFraction.h; sourceTree = "<group>"; };
@@ -7157 +7172 @@
                                 BC7952340E15EB5600A898AB /* BooleanPrototype.cpp */,
                                 BC7952350E15EB5600A898AB /* BooleanPrototype.h */,
+                                8664967A25D1DD1200516B36 /* BrandedStructure.cpp */,
+                                861AF60625D18C9D000B63E1 /* BrandedStructure.h */,
                                 9E72940A190F0514001A91B5 /* BundlePath.h */,
                                 9E729409190F0306001A91B5 /* BundlePath.mm */,
@@ -8417 +8434 @@
                                 0F3B7E2419A11B8000D9BC56 /* CallVariant.cpp */,
                                 0F3B7E2519A11B8000D9BC56 /* CallVariant.h */,
+                                86281EF525B61B0600367004 /* CheckPrivateBrandStatus.cpp */,
+                                86281EF325B61AF000367004 /* CheckPrivateBrandStatus.h */,
+                                86281EF125B6165E00367004 /* CheckPrivateBrandVariant.cpp */,
+                                86281EEF25B6160000367004 /* CheckPrivateBrandVariant.h */,
                                 969A07900ED1D3AE00F1F681 /* CodeBlock.cpp */,
                                 969A07910ED1D3AE00F1F681 /* CodeBlock.h */,
@@ -8551 +8572 @@
                                 0FF60ABF16740F8100029779 /* ReduceWhitespace.cpp */,
                                 0FF60AC016740F8100029779 /* ReduceWhitespace.h */,
+                                865DA0C925B8962A00875772 /* SetPrivateBrandStatus.cpp */,
+                                865DA0C725B8960C00875772 /* SetPrivateBrandStatus.h */,
+                                865DA0C625B8959E00875772 /* SetPrivateBrandVariant.cpp */,
+                                865DA0C425B8957400875772 /* SetPrivateBrandVariant.h */,
                                 0FD82E84141F3FDA00179C94 /* SpeculatedType.cpp */,
                                 0FD82E4F141DAEA100179C94 /* SpeculatedType.h */,
@@ -9277 +9302 @@
                                 9B4694391F97439E00CCB3F9 /* BooleanPrototype.h in Headers */,
                                 996B73191BDA068000331B84 /* BooleanPrototype.lut.h in Headers */,
+                                861AF60725D18C9D000B63E1 /* BrandedStructure.h in Headers */,
                                 FEA08620182B7A0400F6D851 /* Breakpoint.h in Headers */,
                                 DE26E9031CB5DD0500D2BE82 /* BuiltinExecutableCreator.h in Headers */,
@@ -9342 +9368 @@
                                 0F1C3DDA1BBCE09E00E523E4 /* CellState.h in Headers */,
                                 5338E2A72396EFFB00C61BAD /* CheckpointOSRExitSideState.h in Headers */,
+                                86281EF425B61AF000367004 /* CheckPrivateBrandStatus.h in Headers */,
+                                86281EF025B6160000367004 /* CheckPrivateBrandVariant.h in Headers */,
                                 BC6AAAE50E1F426500AD87D8 /* ClassInfo.h in Headers */,
                                 0FE050261AA9095600D33B33 /* ClonedArguments.h in Headers */,
@@ -10393 +10421 @@
                                 A7299DA617D12858005F5FF9 /* SetConstructor.h in Headers */,
                                 A790DD6E182F499700588807 /* SetIteratorPrototype.h in Headers */,
+                                865DA0C825B8960C00875772 /* SetPrivateBrandStatus.h in Headers */,
+                                865DA0C525B8957400875772 /* SetPrivateBrandVariant.h in Headers */,
                                 A7299DA217D12848005F5FF9 /* SetPrototype.h in Headers */,
                                 0FEE98411A8865B700754E93 /* SetupVarargsFrame.h in Headers */,

trunk/Source/JavaScriptCore/Sources.txt

@@ -212 +212 @@
 bytecode/CallMode.cpp
 bytecode/CallVariant.cpp
+bytecode/CheckPrivateBrandStatus.cpp
+bytecode/CheckPrivateBrandVariant.cpp
 bytecode/CodeBlock.cpp
 bytecode/CodeBlockHash.cpp
@@ -272 +274 @@
 bytecode/RecordedStatuses.cpp
 bytecode/ReduceWhitespace.cpp
+bytecode/SetPrivateBrandStatus.cpp
+bytecode/SetPrivateBrandVariant.cpp
 bytecode/SpeculatedType.cpp
 bytecode/StructureSet.cpp
@@ -735 +739 @@
 runtime/BooleanObject.cpp
 runtime/BooleanPrototype.cpp
+runtime/BrandedStructure.cpp
 runtime/BytecodeCacheError.cpp
 runtime/CallData.cpp

trunk/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp

@@ -60 +60 @@
 }
 
-UnlinkedFunctionExecutable* BuiltinExecutables::createDefaultConstructor(ConstructorKind constructorKind, const Identifier& name, NeedsClassFieldInitializer needsClassFieldInitializer)
+UnlinkedFunctionExecutable* BuiltinExecutables::createDefaultConstructor(ConstructorKind constructorKind, const Identifier& name, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement)
 {
     switch (constructorKind) {
@@ -68 +68 @@
     case ConstructorKind::Base:
     case ConstructorKind::Extends:
-        return createExecutable(m_vm, defaultConstructorSourceCode(constructorKind), name, constructorKind, ConstructAbility::CanConstruct, needsClassFieldInitializer);
+        return createExecutable(m_vm, defaultConstructorSourceCode(constructorKind), name, constructorKind, ConstructAbility::CanConstruct, needsClassFieldInitializer, privateBrandRequirement);
     }
     ASSERT_NOT_REACHED();
@@ -79 +79 @@
 }
 
-UnlinkedFunctionExecutable* BuiltinExecutables::createExecutable(VM& vm, const SourceCode& source, const Identifier& name, ConstructorKind constructorKind, ConstructAbility constructAbility, NeedsClassFieldInitializer needsClassFieldInitializer)
+UnlinkedFunctionExecutable* BuiltinExecutables::createExecutable(VM& vm, const SourceCode& source, const Identifier& name, ConstructorKind constructorKind, ConstructAbility constructAbility, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement)
 {
     // FIXME: Can we just make MetaData computation be constexpr and have the compiler do this for us?
@@ -252 +252 @@
     }
 
-    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(vm, source, &metadata, kind, constructAbility, JSParserScriptMode::Classic, nullptr, DerivedContextType::None, needsClassFieldInitializer, isBuiltinDefaultClassConstructor);
+    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(vm, source, &metadata, kind, constructAbility, JSParserScriptMode::Classic, nullptr, WTF::nullopt, DerivedContextType::None, needsClassFieldInitializer, privateBrandRequirement, isBuiltinDefaultClassConstructor);
     return functionExecutable;
 }

trunk/Source/JavaScriptCore/builtins/BuiltinExecutables.h

@@ -59 +59 @@
 
     static SourceCode defaultConstructorSourceCode(ConstructorKind);
-    UnlinkedFunctionExecutable* createDefaultConstructor(ConstructorKind, const Identifier& name, NeedsClassFieldInitializer);
+    UnlinkedFunctionExecutable* createDefaultConstructor(ConstructorKind, const Identifier& name, NeedsClassFieldInitializer, PrivateBrandRequirement);
 
-    static UnlinkedFunctionExecutable* createExecutable(VM&, const SourceCode&, const Identifier&, ConstructorKind, ConstructAbility, NeedsClassFieldInitializer);
+    static UnlinkedFunctionExecutable* createExecutable(VM&, const SourceCode&, const Identifier&, ConstructorKind, ConstructAbility, NeedsClassFieldInitializer, PrivateBrandRequirement = PrivateBrandRequirement::None);
 
     void finalizeUnconditionally();

trunk/Source/JavaScriptCore/builtins/BuiltinNames.h

@@ -174 +174 @@
     macro(webAssemblyInstantiateStreamingInternal) \
     macro(instanceFieldInitializer) \
+    macro(privateBrand) \
     macro(hasOwnPropertyFunction) \
     macro(createPrivateSymbol) \

trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp

@@ -134 +134 @@
 }
 
+std::unique_ptr<AccessCase> AccessCase::createCheckPrivateBrand(VM& vm, JSCell* owner, CacheableIdentifier identifier, Structure* structure)
+{
+    return std::unique_ptr<AccessCase>(new AccessCase(vm, owner, CheckPrivateBrand, identifier, invalidOffset, structure, { }, { }));
+}
+
+std::unique_ptr<AccessCase> AccessCase::createSetPrivateBrand(
+    VM& vm, JSCell* owner, CacheableIdentifier identifier, Structure* oldStructure, Structure* newStructure)
+{
+    RELEASE_ASSERT(oldStructure == newStructure->previousID());
+    return std::unique_ptr<AccessCase>(new AccessCase(vm, owner, SetPrivateBrand, identifier, invalidOffset, newStructure, { }, { }));
+}
+
 AccessCase::~AccessCase()
 {
@@ -293 +305 @@
     case ScopedArgumentsLength:
     case ModuleNamespaceLoad:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
         return true;
     case InstanceOfHit:
@@ -346 +360 @@
     case InstanceOfMiss:
     case InstanceOfGeneric:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
         return false;
     case IndexedInt32Load:
@@ -388 +404 @@
     case InHit:
     case InMiss:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
     case ArrayLength:
     case StringLength:
@@ -475 +493 @@
     case InHit:
     case InMiss:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
     case ArrayLength:
     case StringLength:
@@ -524 +544 @@
     case InHit:
     case InMiss:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
     case ArrayLength:
     case StringLength:
@@ -675 +697 @@
     case InHit:
     case InMiss:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
         if (other.type() != type())
             return false;
@@ -706 +730 @@
         m_polyProtoAccessChain->dump(structure(), out);
     } else {
-        if (m_type == Transition || m_type == Delete)
+        if (m_type == Transition || m_type == Delete || m_type == SetPrivateBrand)
             out.print(comma, "structure = ", pointerDump(structure()), " -> ", pointerDump(newStructure()));
         else if (m_structure)
@@ -1335 +1359 @@
         } else
             state.failAndIgnore.append(failAndIgnore);
+        return;
+    }
+
+    case CheckPrivateBrand: {
+        emitDefaultGuard();
+        state.succeed();
         return;
     }
@@ -2039 +2069 @@
     }
 
+    case SetPrivateBrand: {
+        ASSERT(structure()->transitionWatchpointSetHasBeenInvalidated());
+        ASSERT(newStructure()->transitionKind() == TransitionKind::SetBrand);
+
+        uint32_t structureBits = bitwise_cast<uint32_t>(newStructure()->id());
+        jit.store32(
+            CCallHelpers::TrustedImm32(structureBits),
+            CCallHelpers::Address(baseGPR, JSCell::structureIDOffset()));
+
+        state.succeed();
+        return;
+    }
+
     case DeleteNonConfigurable: {
         jit.move(MacroAssembler::TrustedImm32(false), valueRegs.payloadGPR());
@@ -2112 +2155 @@
     case IndexedTypedArrayFloat64Load:
     case IndexedStringLoad:
+    case CheckPrivateBrand:
         // These need to be handled by generateWithGuard(), since the guard is part of the
         // algorithm. We can be sure that nobody will call generate() directly for these since they

trunk/Source/JavaScriptCore/bytecode/AccessCase.h

@@ -109 +109 @@
         InstanceOfMiss,
         InstanceOfGeneric,
+        CheckPrivateBrand,
+        SetPrivateBrand,
         IndexedInt32Load,
         IndexedDoubleLoad,
@@ -154 +156 @@
     static std::unique_ptr<AccessCase> createDelete(VM&, JSCell* owner, CacheableIdentifier, PropertyOffset, Structure* oldStructure,
         Structure* newStructure);
+
+    static std::unique_ptr<AccessCase> createCheckPrivateBrand(VM&, JSCell* owner, CacheableIdentifier, Structure*);
+    static std::unique_ptr<AccessCase> createSetPrivateBrand(VM&, JSCell* owner, CacheableIdentifier, Structure* oldStructure, Structure* newStructure);
     
     static std::unique_ptr<AccessCase> fromStructureStubInfo(VM&, JSCell* owner, CacheableIdentifier, StructureStubInfo&);
@@ -163 +168 @@
     Structure* structure() const
     {
-        if (m_type == Transition || m_type == Delete)
+        if (m_type == Transition || m_type == Delete || m_type == SetPrivateBrand)
             return m_structure->previousID();
         return m_structure.get();
@@ -171 +176 @@
     Structure* newStructure() const
     {
-        ASSERT(m_type == Transition || m_type == Delete);
+        ASSERT(m_type == Transition || m_type == Delete || m_type == SetPrivateBrand);
         return m_structure.get();
     }

trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb

@@ -588 +588 @@
         newStructureID: StructureID,
     }
+
+op :set_private_brand,
+    args: {
+        base: VirtualRegister,
+        brand: VirtualRegister,
+    },
+    metadata: {
+        oldStructureID: StructureID,
+        newStructureID: StructureID,
+        brand: WriteBarrier[JSCell],
+    }
+
+op :check_private_brand,
+    args: {
+        base: VirtualRegister,
+        brand: VirtualRegister,
+    },
+    metadata: {
+        structureID: StructureID,
+        brand: WriteBarrier[JSCell],
+    }
+    
 
 op :put_by_val,

trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp

@@ -230 +230 @@
     USES(OpGetPrivateName, base, property)
     USES(OpPutPrivateName, base, property, value)
+    USES(OpSetPrivateBrand, base, brand)
+    USES(OpCheckPrivateBrand, base, brand)
     USES(OpInByVal, base, property)
     USES(OpOverridesHasInstance, constructor, hasInstanceValue)
@@ -398 +400 @@
     case op_put_by_val_direct:
     case op_put_private_name:
+    case op_set_private_brand:
+    case op_check_private_brand:
     case op_put_internal_field:
     case op_define_data_property:

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -545 +545 @@
         LINK(OpPutPrivateName)
 
+        LINK(OpSetPrivateBrand)
+        LINK(OpCheckPrivateBrand)
+
         LINK(OpNewArray)
         LINK(OpNewArrayWithSize)
@@ -1337 +1340 @@
             metadata.m_newStructureID = 0;
             metadata.m_property.clear();
+        });
+
+        m_metadata->forEach<OpSetPrivateBrand>([&] (auto& metadata) {
+            StructureID oldStructureID = metadata.m_oldStructureID;
+            StructureID newStructureID = metadata.m_newStructureID;
+            JSCell* brand = metadata.m_brand.get();
+            if ((!oldStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(oldStructureID)))
+                && (!brand || vm.heap.isMarked(brand))
+                && (!newStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(newStructureID))))
+                return;
+
+            dataLogLnIf(Options::verboseOSR(), "Clearing LLInt set_private_brand transition.");
+            metadata.m_oldStructureID = 0;
+            metadata.m_newStructureID = 0;
+            metadata.m_brand.clear();
+        });
+
+        m_metadata->forEach<OpCheckPrivateBrand>([&] (auto& metadata) {
+            StructureID structureID = metadata.m_structureID;
+            JSCell* brand = metadata.m_brand.get();
+            if ((!structureID || vm.heap.isMarked(vm.heap.structureIDTable().get(structureID)))
+                && (!brand || vm.heap.isMarked(brand)))
+                return;
+
+            dataLogLnIf(Options::verboseOSR(), "Clearing LLInt set_private_brand transition.");
+            metadata.m_structureID = 0;
+            metadata.m_brand.clear();
         });
 

trunk/Source/JavaScriptCore/bytecode/ExecutableInfo.h

@@ -37 +37 @@
 // https://bugs.webkit.org/show_bug.cgi?id=151547
 struct ExecutableInfo {
-    ExecutableInfo(bool usesEval, bool isConstructor, bool isBuiltinFunction, ConstructorKind constructorKind, JSParserScriptMode scriptMode, SuperBinding superBinding, SourceParseMode parseMode, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isArrowFunctionContext, bool isClassContext, EvalContextType evalContextType)
+    ExecutableInfo(bool usesEval, bool isConstructor, PrivateBrandRequirement privateBrandRequirement, bool isBuiltinFunction, ConstructorKind constructorKind, JSParserScriptMode scriptMode, SuperBinding superBinding, SourceParseMode parseMode, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isArrowFunctionContext, bool isClassContext, EvalContextType evalContextType)
         : m_usesEval(usesEval)
         , m_isConstructor(isConstructor)
+        , m_privateBrandRequirement(static_cast<unsigned>(privateBrandRequirement))
         , m_isBuiltinFunction(isBuiltinFunction)
         , m_constructorKind(static_cast<unsigned>(constructorKind))
@@ -58 +59 @@
     bool usesEval() const { return m_usesEval; }
     bool isConstructor() const { return m_isConstructor; }
+    PrivateBrandRequirement privateBrandRequirement() const { return static_cast<PrivateBrandRequirement>(m_privateBrandRequirement); }
     bool isBuiltinFunction() const { return m_isBuiltinFunction; }
     ConstructorKind constructorKind() const { return static_cast<ConstructorKind>(m_constructorKind); }
@@ -72 +74 @@
     unsigned m_usesEval : 1;
     unsigned m_isConstructor : 1;
+    unsigned m_privateBrandRequirement : 1;
     unsigned m_isBuiltinFunction : 1;
     unsigned m_constructorKind : 2;

trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp

@@ -470 +470 @@
     if (state.u.thisGPR != InvalidGPRReg)
         allocator.lock(state.u.thisGPR);
-    allocator.lock(state.valueRegs);
+    if (state.valueRegs)
+        allocator.lock(state.valueRegs);
 #if USE(JSVALUE32_64)
     allocator.lock(stubInfo.baseTagGPR);
@@ -853 +854 @@
         out.print("InMiss");
         return;
+    case AccessCase::CheckPrivateBrand:
+        out.print("CheckPrivateBrand");
+        return;
+    case AccessCase::SetPrivateBrand:
+        out.print("SetPrivateBrand");
+        return;
     case AccessCase::ArrayLength:
         out.print("ArrayLength");

trunk/Source/JavaScriptCore/bytecode/RecordedStatuses.cpp

@@ -36 +36 @@
     ins = WTFMove(other.ins);
     deletes = WTFMove(other.deletes);
+    checkPrivateBrands = WTFMove(other.checkPrivateBrands);
+    setPrivateBrands = WTFMove(other.setPrivateBrands);
     shrinkToFit();
     return *this;
@@ -85 +87 @@
 }
 
+CheckPrivateBrandStatus* RecordedStatuses::addCheckPrivateBrandStatus(const CodeOrigin& codeOrigin, const CheckPrivateBrandStatus& status)
+{
+    auto statusPtr = makeUnique<CheckPrivateBrandStatus>(status);
+    CheckPrivateBrandStatus* result = statusPtr.get();
+    checkPrivateBrands.append(std::make_pair(codeOrigin, WTFMove(statusPtr)));
+    return result;
+}
+
+SetPrivateBrandStatus* RecordedStatuses::addSetPrivateBrandStatus(const CodeOrigin& codeOrigin, const SetPrivateBrandStatus& status)
+{
+    auto statusPtr = makeUnique<SetPrivateBrandStatus>(status);
+    SetPrivateBrandStatus* result = statusPtr.get();
+    setPrivateBrands.append(std::make_pair(codeOrigin, WTFMove(statusPtr)));
+    return result;
+}
+
 void RecordedStatuses::visitAggregate(SlotVisitor& slotVisitor)
 {
@@ -90 +108 @@
         pair.second->visitAggregate(slotVisitor);
     for (auto& pair : deletes)
+        pair.second->visitAggregate(slotVisitor);
+    for (auto& pair : checkPrivateBrands)
+        pair.second->visitAggregate(slotVisitor);
+    for (auto& pair : setPrivateBrands)
         pair.second->visitAggregate(slotVisitor);
 }
@@ -102 +124 @@
         pair.second->markIfCheap(slotVisitor);
     for (auto& pair : deletes)
+        pair.second->markIfCheap(slotVisitor);
+    for (auto& pair : checkPrivateBrands)
+        pair.second->markIfCheap(slotVisitor);
+    for (auto& pair : setPrivateBrands)
         pair.second->markIfCheap(slotVisitor);
 }

trunk/Source/JavaScriptCore/bytecode/RecordedStatuses.h

@@ -27 +27 @@
 
 #include "CallLinkStatus.h"
+#include "CheckPrivateBrandStatus.h"
 #include "DeleteByStatus.h"
 #include "GetByStatus.h"
 #include "InByIdStatus.h"
 #include "PutByIdStatus.h"
+#include "SetPrivateBrandStatus.h"
 
 namespace JSC {
@@ -50 +52 @@
     InByIdStatus* addInByIdStatus(const CodeOrigin&, const InByIdStatus&);
     DeleteByStatus* addDeleteByStatus(const CodeOrigin&, const DeleteByStatus&);
+    CheckPrivateBrandStatus* addCheckPrivateBrandStatus(const CodeOrigin&, const CheckPrivateBrandStatus&);
+    SetPrivateBrandStatus* addSetPrivateBrandStatus(const CodeOrigin&, const SetPrivateBrandStatus&);
     
     void visitAggregate(SlotVisitor&);
@@ -67 +71 @@
         func(ins);
         func(deletes);
+        func(checkPrivateBrands);
+        func(setPrivateBrands);
     }
     
@@ -74 +80 @@
     Vector<std::pair<CodeOrigin, std::unique_ptr<InByIdStatus>>> ins;
     Vector<std::pair<CodeOrigin, std::unique_ptr<DeleteByStatus>>> deletes;
+    Vector<std::pair<CodeOrigin, std::unique_ptr<CheckPrivateBrandStatus>>> checkPrivateBrands;
+    Vector<std::pair<CodeOrigin, std::unique_ptr<SetPrivateBrandStatus>>> setPrivateBrands;
 };
 

trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp

@@ -285 +285 @@
         resetDelBy(codeBlock, *this, DelByKind::NormalByVal);
         break;
+    case AccessType::CheckPrivateBrand:
+        resetCheckPrivateBrand(codeBlock, *this);
+        break;
+    case AccessType::SetPrivateBrand:
+        resetSetPrivateBrand(codeBlock, *this);
+        break;
     }
     

trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h

@@ -60 +60 @@
     DeleteByVal,
     GetPrivateName,
+    CheckPrivateBrand,
+    SetPrivateBrand,
 };
 
@@ -353 +355 @@
         GPRReg prototypeGPR;
         GPRReg propertyGPR;
+        GPRReg brandGPR;
     } regs;
 #if USE(JSVALUE32_64)
@@ -362 +365 @@
         GPRReg thisTagGPR;
         GPRReg propertyTagGPR;
+        GPRReg brandTagGPR;
     } v;
 #endif

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp

@@ -70 +70 @@
         m_rareData->m_needsClassFieldInitializer = static_cast<unsigned>(NeedsClassFieldInitializer::Yes);
     }
+    if (info.privateBrandRequirement() == PrivateBrandRequirement::Needed) {
+        createRareDataIfNecessary(holdLock(cellLock()));
+        m_rareData->m_privateBrandRequirement = static_cast<unsigned>(PrivateBrandRequirement::Needed);
+    }
 }
 

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h

@@ -267 +267 @@
     }
 
+    PrivateBrandRequirement privateBrandRequirement() const
+    {
+        if (m_rareData)
+            return static_cast<PrivateBrandRequirement>(m_rareData->m_privateBrandRequirement);
+        return PrivateBrandRequirement::None;
+    }
+
     void dump(PrintStream&) const;
 
@@ -408 +415 @@
 
         unsigned m_needsClassFieldInitializer : 1;
+        unsigned m_privateBrandRequirement : 1;
     };
 

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h

@@ -51 +51 @@
     JSParserScriptMode scriptMode() const { return m_codeBlock->scriptMode(); }
     NeedsClassFieldInitializer needsClassFieldInitializer() const { return m_codeBlock->needsClassFieldInitializer(); }
+    PrivateBrandRequirement privateBrandRequirement() const { return m_codeBlock->privateBrandRequirement(); }
     bool usesEval() const { return m_codeBlock->usesEval(); }
     SourceParseMode parseMode() const { return m_codeBlock->parseMode(); }

trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp

@@ -71 +71 @@
     bool isClassContext = executable->superBinding() == SuperBinding::Needed || executable->parseMode() == SourceParseMode::ClassFieldInitializerMode;
 
-    UnlinkedFunctionCodeBlock* result = UnlinkedFunctionCodeBlock::create(vm, FunctionCode, ExecutableInfo(function->usesEval(), kind == CodeForConstruct, functionKind == UnlinkedBuiltinFunction, executable->constructorKind(), scriptMode, executable->superBinding(), parseMode, executable->derivedContextType(), executable->needsClassFieldInitializer(), false, isClassContext, EvalContextType::FunctionEvalContext), codeGenerationMode);
+    UnlinkedFunctionCodeBlock* result = UnlinkedFunctionCodeBlock::create(vm, FunctionCode, ExecutableInfo(function->usesEval(), kind == CodeForConstruct, executable->privateBrandRequirement(), functionKind == UnlinkedBuiltinFunction, executable->constructorKind(), scriptMode, executable->superBinding(), parseMode, executable->derivedContextType(), executable->needsClassFieldInitializer(), false, isClassContext, EvalContextType::FunctionEvalContext), codeGenerationMode);
 
     auto parentScopeTDZVariables = executable->parentScopeTDZVariables();
+    PrivateNameEnvironment parentPrivateNameEnvironment = executable->parentPrivateNameEnvironment();
     ECMAMode ecmaMode = executable->isInStrictContext() ? ECMAMode::strict() : ECMAMode::sloppy();
-    error = BytecodeGenerator::generate(vm, function.get(), source, result, codeGenerationMode, parentScopeTDZVariables, ecmaMode);
+    error = BytecodeGenerator::generate(vm, function.get(), source, result, codeGenerationMode, parentScopeTDZVariables, &parentPrivateNameEnvironment, ecmaMode);
 
     if (error.isValid())
@@ -83 +84 @@
 }
 
-UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM& vm, Structure* structure, const SourceCode& parentSource, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, RefPtr<TDZEnvironmentLink> parentScopeTDZVariables, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isBuiltinDefaultClassConstructor)
+UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM& vm, Structure* structure, const SourceCode& parentSource, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, RefPtr<TDZEnvironmentLink> parentScopeTDZVariables, Optional<PrivateNameEnvironment> parentPrivateNameEnvironment, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement, bool isBuiltinDefaultClassConstructor)
     : Base(vm, structure)
     , m_firstLineOffset(node->firstLine() - parentSource.firstLine().oneBasedInt())
@@ -104 +105 @@
     , m_typeProfilingEndOffset(node->startStartOffset() + node->source().length() - 1)
     , m_parameterCount(node->parameterCount())
+    , m_privateBrandRequirement(static_cast<unsigned>(privateBrandRequirement))
     , m_features(0)
     , m_sourceParseMode(node->parseMode())
@@ -123 +125 @@
     ASSERT(m_superBinding == static_cast<unsigned>(node->superBinding()));
     ASSERT(m_derivedContextType == static_cast<unsigned>(derivedContextType));
+    ASSERT(m_privateBrandRequirement == static_cast<unsigned>(privateBrandRequirement));
     ASSERT(!(m_isBuiltinDefaultClassConstructor && constructorKind() == ConstructorKind::None));
     ASSERT(!m_needsClassFieldInitializer || (isClassConstructorFunction() || derivedContextType == DerivedContextType::DerivedConstructorContext));
@@ -129 +132 @@
     if (parentScopeTDZVariables)
         ensureRareData().m_parentScopeTDZVariables = WTFMove(parentScopeTDZVariables);
+    if (parentPrivateNameEnvironment)
+        ensureRareData().m_parentPrivateNameEnvironment = WTFMove(*parentPrivateNameEnvironment);
 }
 

trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h

@@ -71 +71 @@
     }
 
-    static UnlinkedFunctionExecutable* create(VM& vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, RefPtr<TDZEnvironmentLink> parentScopeTDZVariables, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isBuiltinDefaultClassConstructor = false)
+    static UnlinkedFunctionExecutable* create(VM& vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, RefPtr<TDZEnvironmentLink> parentScopeTDZVariables, Optional<PrivateNameEnvironment> parentPrivateNameEnvironment, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement, bool isBuiltinDefaultClassConstructor = false)
     {
         UnlinkedFunctionExecutable* instance = new (NotNull, allocateCell<UnlinkedFunctionExecutable>(vm.heap))
-            UnlinkedFunctionExecutable(vm, vm.unlinkedFunctionExecutableStructure.get(), source, node, unlinkedFunctionKind, constructAbility, scriptMode, WTFMove(parentScopeTDZVariables), derivedContextType, needsClassFieldInitializer, isBuiltinDefaultClassConstructor);
+            UnlinkedFunctionExecutable(vm, vm.unlinkedFunctionExecutableStructure.get(), source, node, unlinkedFunctionKind, constructAbility, scriptMode, WTFMove(parentScopeTDZVariables), WTFMove(parentPrivateNameEnvironment), derivedContextType, needsClassFieldInitializer, privateBrandRequirement, isBuiltinDefaultClassConstructor);
         instance->finishCreation(vm);
         return instance;
@@ -144 +144 @@
     bool hasCapturedVariables() const { return m_hasCapturedVariables; }
 
+    PrivateBrandRequirement privateBrandRequirement() const { return static_cast<PrivateBrandRequirement>(m_privateBrandRequirement); }
+
     static constexpr bool needsDestruction = true;
     static void destroy(JSCell*);
@@ -175 +177 @@
         return m_rareData->m_parentScopeTDZVariables;
     }
+
+    PrivateNameEnvironment parentPrivateNameEnvironment() const
+    {
+        if (!m_rareData)
+            return PrivateNameEnvironment();
+        return m_rareData->m_parentPrivateNameEnvironment;
+    }
     
     bool isArrowFunction() const { return isArrowFunctionParseMode(parseMode()); }
@@ -211 +220 @@
         RefPtr<TDZEnvironmentLink> m_parentScopeTDZVariables;
         Vector<JSTextPosition> m_classFieldLocations;
+        PrivateNameEnvironment m_parentPrivateNameEnvironment;
     };
 
@@ -230 +240 @@
 
 private:
-    UnlinkedFunctionExecutable(VM&, Structure*, const SourceCode&, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, JSParserScriptMode, RefPtr<TDZEnvironmentLink>,  JSC::DerivedContextType, JSC::NeedsClassFieldInitializer, bool isBuiltinDefaultClassConstructor);
+    UnlinkedFunctionExecutable(VM&, Structure*, const SourceCode&, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, JSParserScriptMode, RefPtr<TDZEnvironmentLink>, Optional<PrivateNameEnvironment>, JSC::DerivedContextType, JSC::NeedsClassFieldInitializer, PrivateBrandRequirement, bool isBuiltinDefaultClassConstructor);
     UnlinkedFunctionExecutable(Decoder&, const CachedFunctionExecutable&);
 
@@ -262 +272 @@
     unsigned m_typeProfilingStartOffset;
     unsigned m_typeProfilingEndOffset;
-    unsigned m_parameterCount;
+    unsigned m_parameterCount : 31;
+    unsigned m_privateBrandRequirement : 1;
     CodeFeatures m_features;
     SourceParseMode m_sourceParseMode;

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -290 +290 @@
 }
 
-BytecodeGenerator::BytecodeGenerator(VM& vm, ProgramNode* programNode, UnlinkedProgramCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, ECMAMode ecmaMode)
+BytecodeGenerator::BytecodeGenerator(VM& vm, ProgramNode* programNode, UnlinkedProgramCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, const PrivateNameEnvironment*, ECMAMode ecmaMode)
     : BytecodeGeneratorBase(makeUnique<UnlinkedCodeBlockGenerator>(vm, codeBlock), CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters())
     , m_codeGenerationMode(codeGenerationMode)
@@ -337 +337 @@
 }
 
-BytecodeGenerator::BytecodeGenerator(VM& vm, FunctionNode* functionNode, UnlinkedFunctionCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, ECMAMode ecmaMode)
+BytecodeGenerator::BytecodeGenerator(VM& vm, FunctionNode* functionNode, UnlinkedFunctionCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, const PrivateNameEnvironment* parentPrivateNameEnvironment, ECMAMode ecmaMode)
     : BytecodeGeneratorBase(makeUnique<UnlinkedCodeBlockGenerator>(vm, codeBlock), CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters())
     , m_codeGenerationMode(codeGenerationMode)
@@ -360 +360 @@
     , m_derivedContextType(codeBlock->derivedContextType())
 {
+    pushPrivateAccessNames(parentPrivateNameEnvironment);
+
     SymbolTable* functionSymbolTable = SymbolTable::create(m_vm);
     functionSymbolTable->setUsesNonStrictEval(m_usesNonStrictEval);
@@ -708 +710 @@
                 case ConstructorKind::Base:
                     emitCreateThis(&m_thisRegister);
+                    if (Options::usePrivateMethods() && privateBrandRequirement() == PrivateBrandRequirement::Needed)
+                        emitInstallPrivateBrand(&m_thisRegister);
+
                     emitInstanceFieldInitializationIfNeeded(&m_thisRegister, &m_calleeRegister, m_scopeNode->position(), m_scopeNode->position(), m_scopeNode->position());
                     break;
@@ -839 +844 @@
 }
 
-BytecodeGenerator::BytecodeGenerator(VM& vm, EvalNode* evalNode, UnlinkedEvalCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, ECMAMode ecmaMode)
+BytecodeGenerator::BytecodeGenerator(VM& vm, EvalNode* evalNode, UnlinkedEvalCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, const PrivateNameEnvironment* parentPrivateNameEnvironment, ECMAMode ecmaMode)
     : BytecodeGeneratorBase(makeUnique<UnlinkedCodeBlockGenerator>(vm, codeBlock), CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters())
     , m_codeGenerationMode(codeGenerationMode)
@@ -857 +862 @@
     m_codeBlock->setNumParameters(1);
 
+    pushPrivateAccessNames(parentPrivateNameEnvironment);
+
     m_cachedParentTDZ = parentScopeTDZVariables;
 
@@ -902 +909 @@
 }
 
-BytecodeGenerator::BytecodeGenerator(VM& vm, ModuleProgramNode* moduleProgramNode, UnlinkedModuleProgramCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, ECMAMode ecmaMode)
+BytecodeGenerator::BytecodeGenerator(VM& vm, ModuleProgramNode* moduleProgramNode, UnlinkedModuleProgramCodeBlock* codeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, const PrivateNameEnvironment*, ECMAMode ecmaMode)
     : BytecodeGeneratorBase(makeUnique<UnlinkedCodeBlockGenerator>(vm, codeBlock), CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters())
     , m_codeGenerationMode(codeGenerationMode)
@@ -1894 +1901 @@
             // FIXME: only do this if there is an eval() within a nested scope --- otherwise it isn't needed.
             // https://bugs.webkit.org/show_bug.cgi?id=206663
-            if (entry.value.isPrivateName())
-                symbolTable->addPrivateName(entry.key.get());
+            if (entry.value.isPrivateField())
+                symbolTable->addPrivateName(entry.key.get(), PrivateNameEntry(PrivateNameEntry::Traits::IsDeclared));
+            else if (entry.value.isPrivateMethod())
+                symbolTable->addPrivateName(entry.key.get(), PrivateNameEntry(PrivateNameEntry::Traits::IsDeclared | PrivateNameEntry::Traits::IsMethod));
         }
     }
@@ -2715 +2724 @@
 }
 
-RegisterID* BytecodeGenerator::emitDirectGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
+RegisterID* BytecodeGenerator::emitGetPrivateName(RegisterID* dst, RegisterID* base, RegisterID* property)
 {
     OpGetPrivateName::emit(this, dst, base, property);
@@ -2751 +2760 @@
 }
 
+void BytecodeGenerator::emitCreatePrivateBrand(RegisterID* scope, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
+{
+    RefPtr<RegisterID> createPrivateSymbol = moveLinkTimeConstant(nullptr, LinkTimeConstant::createPrivateSymbol);
+
+    CallArguments arguments(*this, nullptr, 0);
+    emitLoad(arguments.thisRegister(), jsUndefined());
+    RegisterID* newSymbol = emitCall(finalDestination(nullptr, createPrivateSymbol.get()), createPrivateSymbol.get(), NoExpectedFunction, arguments, divot, divotStart, divotEnd, DebuggableCall::No);
+
+    Variable privateBrandVar = variable(propertyNames().builtinNames().privateBrandPrivateName());
+
+    emitPutToScope(scope, privateBrandVar, newSymbol, DoNotThrowIfNotFound, InitializationMode::Initialization);
+}
+
+void BytecodeGenerator::emitInstallPrivateBrand(RegisterID* target)
+{
+    Variable privateBrandVar = variable(propertyNames().builtinNames().privateBrandPrivateName());
+    RefPtr<RegisterID> privateBrandVarScope = emitResolveScope(nullptr, privateBrandVar);
+    RegisterID* privateBrandSymbol = emitGetPrivateBrand(newTemporary(), privateBrandVarScope.get());
+    OpSetPrivateBrand::emit(this, target, privateBrandSymbol);
+}
+
+RegisterID* BytecodeGenerator::emitGetPrivateBrand(RegisterID* dst, RegisterID* scope)
+{
+    Variable privateBrandVar = variable(propertyNames().builtinNames().privateBrandPrivateName());
+    return emitGetFromScope(dst, scope, privateBrandVar, ThrowIfNotFound);
+}
+
 RegisterID* BytecodeGenerator::emitPrivateFieldPut(RegisterID* base, RegisterID* property, RegisterID* value)
 {
     OpPutPrivateName::emit(this, base, property, value, PrivateFieldPutKind::set());
     return value;
+}
+
+void BytecodeGenerator::emitCheckPrivateBrand(RegisterID* base, RegisterID* brandSymbol)
+{
+    OpCheckPrivateBrand::emit(this, base, brandSymbol);
 }
 
@@ -2889 +2930 @@
         }
     }
+}
+
+bool BytecodeGenerator::isPrivateMethod(const Identifier& ident)
+{
+    for (unsigned i = m_privateNamesStack.size(); i--; ) {
+        auto& map = m_privateNamesStack[i];
+        auto it = map.find(ident.impl());
+        if (it != map.end())
+            return it->value.isMethod();
+    }
+
+    return false;
+}
+
+void BytecodeGenerator::pushPrivateAccessNames(const PrivateNameEnvironment* environment)
+{
+    if (!environment || !environment->size())
+        return;
+
+    m_privateNamesStack.append(*environment);
+}
+
+void BytecodeGenerator::popPrivateAccessNames()
+{
+    ASSERT(m_privateNamesStack.size());
+    m_privateNamesStack.removeLast();
 }
 
@@ -2910 +2977 @@
 
     m_TDZStack.append(TDZStackEntry { WTFMove(map), nullptr });
+}
+
+Optional<PrivateNameEnvironment> BytecodeGenerator::getAvailablePrivateAccessNames()
+{
+    PrivateNameEnvironment result;
+    SmallPtrSet<UniquedStringImpl*, 16> excludedNames;
+    for (unsigned i = m_privateNamesStack.size(); i--; ) {
+        auto& map = m_privateNamesStack[i];
+        for (auto& entry : map)  {
+            if (entry.value.isPrivateMethodOrAcessor()) {
+                if (!excludedNames.contains(entry.key.get())) {
+                    result.add(entry.key, entry.value);
+                    excludedNames.add(entry.key.get());
+                }
+            } else
+                excludedNames.add(entry.key.get());
+        }
+    }
+
+    if (!result.size())
+        return WTF::nullopt;
+    return result;
 }
 
@@ -3121 +3210 @@
 
 RegisterID* BytecodeGenerator::emitNewDefaultConstructor(RegisterID* dst, ConstructorKind constructorKind, const Identifier& name,
-    const Identifier& ecmaName, const SourceCode& classSource, NeedsClassFieldInitializer needsClassFieldInitializer)
-{
-    UnlinkedFunctionExecutable* executable = m_vm.builtinExecutables()->createDefaultConstructor(constructorKind, name, needsClassFieldInitializer);
+    const Identifier& ecmaName, const SourceCode& classSource, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement)
+{
+    UnlinkedFunctionExecutable* executable = m_vm.builtinExecutables()->createDefaultConstructor(constructorKind, name, needsClassFieldInitializer, privateBrandRequirement);
     executable->setInvalidTypeProfilingOffsets();
     executable->setEcmaName(ecmaName);
@@ -3147 +3236 @@
 
     auto variablesUnderTDZ = getVariablesUnderTDZ();
+    Optional<PrivateNameEnvironment> parentPrivateNameEnvironment = getAvailablePrivateAccessNames();
     SourceParseMode parseMode = SourceParseMode::ClassFieldInitializerMode;
     ConstructAbility constructAbility = ConstructAbility::CannotConstruct;
@@ -3153 +3243 @@
     FunctionMetadataNode metadata(parserArena(), JSTokenLocation(), JSTokenLocation(), 0, 0, 0, 0, 0, alwaysStrictInClass, ConstructorKind::None, superBinding, 0, parseMode, false);
     metadata.finishParsing(m_scopeNode->source(), Identifier(), FunctionMode::MethodDefinition);
-    auto initializer = UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), &metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, scriptMode(), WTFMove(variablesUnderTDZ), newDerivedContextType, NeedsClassFieldInitializer::No);
+    auto initializer = UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), &metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, scriptMode(), WTFMove(variablesUnderTDZ), WTFMove(parentPrivateNameEnvironment), newDerivedContextType, NeedsClassFieldInitializer::No, PrivateBrandRequirement::None);
     initializer->setClassFieldLocations(WTFMove(classFieldLocations));
 

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -409 +409 @@
         typedef DeclarationStacks::FunctionStack FunctionStack;
 
-        BytecodeGenerator(VM&, ProgramNode*, UnlinkedProgramCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, ECMAMode);
-        BytecodeGenerator(VM&, FunctionNode*, UnlinkedFunctionCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, ECMAMode);
-        BytecodeGenerator(VM&, EvalNode*, UnlinkedEvalCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, ECMAMode);
-        BytecodeGenerator(VM&, ModuleProgramNode*, UnlinkedModuleProgramCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, ECMAMode);
+        BytecodeGenerator(VM&, ProgramNode*, UnlinkedProgramCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, const PrivateNameEnvironment*, ECMAMode);
+        BytecodeGenerator(VM&, FunctionNode*, UnlinkedFunctionCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, const PrivateNameEnvironment*, ECMAMode);
+        BytecodeGenerator(VM&, EvalNode*, UnlinkedEvalCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, const PrivateNameEnvironment*, ECMAMode);
+        BytecodeGenerator(VM&, ModuleProgramNode*, UnlinkedModuleProgramCodeBlock*, OptionSet<CodeGenerationMode>, const RefPtr<TDZEnvironmentLink>&, const PrivateNameEnvironment*, ECMAMode);
 
         ~BytecodeGenerator();
@@ -426 +426 @@
         bool usesEval() const { return m_scopeNode->usesEval(); }
         bool usesThis() const { return m_scopeNode->usesThis(); }
+        PrivateBrandRequirement privateBrandRequirement() const { return m_codeBlock->privateBrandRequirement(); }
         ConstructorKind constructorKind() const { return m_codeBlock->constructorKind(); }
         SuperBinding superBinding() const { return m_codeBlock->superBinding(); }
@@ -432 +433 @@
 
         template<typename Node, typename UnlinkedCodeBlock>
-        static ParserError generate(VM& vm, Node* node, const SourceCode& sourceCode, UnlinkedCodeBlock* unlinkedCodeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, ECMAMode ecmaMode)
+        static ParserError generate(VM& vm, Node* node, const SourceCode& sourceCode, UnlinkedCodeBlock* unlinkedCodeBlock, OptionSet<CodeGenerationMode> codeGenerationMode, const RefPtr<TDZEnvironmentLink>& parentScopeTDZVariables, const PrivateNameEnvironment* privateNameEnvironment, ECMAMode ecmaMode)
         {
             MonotonicTime before;
@@ -439 +440 @@
 
             DeferGC deferGC(vm.heap);
-            auto bytecodeGenerator = makeUnique<BytecodeGenerator>(vm, node, unlinkedCodeBlock, codeGenerationMode, parentScopeTDZVariables, ecmaMode);
+            auto bytecodeGenerator = makeUnique<BytecodeGenerator>(vm, node, unlinkedCodeBlock, codeGenerationMode, parentScopeTDZVariables, privateNameEnvironment, ecmaMode);
             auto result = bytecodeGenerator->generate();
 
@@ -775 +776 @@
         RegisterID* emitNewFunction(RegisterID* dst, FunctionMetadataNode*);
         RegisterID* emitNewFunctionExpression(RegisterID* dst, FuncExprNode*);
-        RegisterID* emitNewDefaultConstructor(RegisterID* dst, ConstructorKind, const Identifier& name, const Identifier& ecmaName, const SourceCode& classSource, NeedsClassFieldInitializer);
+        RegisterID* emitNewDefaultConstructor(RegisterID* dst, ConstructorKind, const Identifier& name, const Identifier& ecmaName, const SourceCode& classSource, NeedsClassFieldInitializer, PrivateBrandRequirement);
         RegisterID* emitNewClassFieldInitializerFunction(RegisterID* dst, Vector<JSTextPosition>&& classFieldLocations, bool isDerived);
         RegisterID* emitNewArrowFunctionExpression(RegisterID*, ArrowFuncExprNode*);
@@ -816 +817 @@
         RegisterID* emitPutByVal(RegisterID* base, RegisterID* property, RegisterID* value);
         RegisterID* emitPutByVal(RegisterID* base, RegisterID* thisValue, RegisterID* property, RegisterID* value);
-        RegisterID* emitDirectGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property);
         RegisterID* emitDirectPutByVal(RegisterID* base, RegisterID* property, RegisterID* value);
         RegisterID* emitDeleteByVal(RegisterID* dst, RegisterID* base, RegisterID* property);
@@ -824 +824 @@
         RegisterID* emitDefinePrivateField(RegisterID* base, RegisterID* property, RegisterID* value);
         RegisterID* emitPrivateFieldPut(RegisterID* base, RegisterID* property, RegisterID* value);
+        RegisterID* emitGetPrivateName(RegisterID* dst, RegisterID* base, RegisterID* property);
+
+        void emitCreatePrivateBrand(RegisterID* dst, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd);
+        void emitInstallPrivateBrand(RegisterID* target);
+        RegisterID* emitGetPrivateBrand(RegisterID* dst, RegisterID* scope);
+        void emitCheckPrivateBrand(RegisterID* base, RegisterID* brand);
 
         void emitSuperSamplerBegin();
@@ -1177 +1183 @@
 
             NeedsClassFieldInitializer needsClassFieldInitializer = metadata->isConstructorAndNeedsClassFieldInitializer() ? NeedsClassFieldInitializer::Yes : NeedsClassFieldInitializer::No;
+            PrivateBrandRequirement privateBrandRequirement = metadata->privateBrandRequirement();
             if (SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode, SourceParseMode::AsyncArrowFunctionBodyMode).contains(metadata->parseMode())) {
                 if (constructorKind() == ConstructorKind::Extends || isDerivedConstructorContext()) {
                     newDerivedContextType = DerivedContextType::DerivedConstructorContext;
                     needsClassFieldInitializer = m_codeBlock->needsClassFieldInitializer();
+                    privateBrandRequirement = m_codeBlock->privateBrandRequirement();
                 }
                 else if (m_codeBlock->isClassContext() || isDerivedClassContext())
@@ -1187 +1195 @@
 
             auto optionalVariablesUnderTDZ = getVariablesUnderTDZ();
+            Optional<PrivateNameEnvironment> parentPrivateNameEnvironment = getAvailablePrivateAccessNames();
 
             // FIXME: These flags, ParserModes and propagation to XXXCodeBlocks should be reorganized.
@@ -1195 +1204 @@
                 constructAbility = ConstructAbility::CanConstruct;
 
-            return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, scriptMode(), WTFMove(optionalVariablesUnderTDZ), newDerivedContextType, needsClassFieldInitializer);
+            return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, scriptMode(), WTFMove(optionalVariablesUnderTDZ), WTFMove(parentPrivateNameEnvironment), newDerivedContextType, needsClassFieldInitializer, privateBrandRequirement);
         }
 
         RefPtr<TDZEnvironmentLink> getVariablesUnderTDZ();
+        Optional<PrivateNameEnvironment> getAvailablePrivateAccessNames();
 
         RegisterID* emitConstructVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall);
@@ -1254 +1264 @@
         }
 
+        bool isPrivateMethod(const Identifier&);
+
+        void pushPrivateAccessNames(const PrivateNameEnvironment*);
+        void popPrivateAccessNames();
+
     private:
         OptionSet<CodeGenerationMode> m_codeGenerationMode;
@@ -1267 +1282 @@
         RefPtr<TDZEnvironmentLink> m_cachedParentTDZ;
         Vector<TDZStackEntry> m_TDZStack;
+        Vector<PrivateNameEnvironment> m_privateNamesStack;
         Optional<size_t> m_varScopeLexicalScopeStackIndex;
         void pushTDZVariables(const VariableEnvironment&, TDZCheckOptimization, TDZRequirement);

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -564 +564 @@
     for (PropertyListNode* p = this; p; p = p->m_next) {
         const PropertyNode& node = *p->m_node;
-        if (node.type() & PropertyNode::Private) {
+        if (node.type() & PropertyNode::PrivateField) {
             if (!createPrivateSymbol)
                 createPrivateSymbol = generator.moveLinkTimeConstant(nullptr, LinkTimeConstant::createPrivateSymbol);
@@ -590 +590 @@
             emitSaveComputedFieldName(generator, *p->m_node);
 
-        if (p->isInstanceClassField()) {
+        if (p->isInstanceClassField() && !(p->m_node->type() & PropertyNode::PrivateMethod)) {
             ASSERT(instanceFieldLocations);
             instanceFieldLocations->append(p->position());
@@ -758 +758 @@
 {
     // Private fields are handled in a synthetic classFieldInitializer function, not here.
-    ASSERT(!(node.type() & PropertyNode::Private));
+    ASSERT(!(node.type() & PropertyNode::PrivateField));
 
     if (PropertyNode::isUnderscoreProtoSetter(generator.vm(), node)) {
@@ -783 +783 @@
     if (node.isClassProperty()) {
         ASSERT(node.needsSuperBinding());
+
+        if (node.type() & PropertyNode::PrivateMethod) {
+            Variable var = generator.variable(*node.name());
+            generator.emitPutToScope(generator.scopeRegister(), var, value.get(), DoNotThrowIfNotFound, InitializationMode::ConstInitialization);
+            return;
+        }
+
+        RefPtr<RegisterID> propertyNameRegister;
         if (node.name())
             propertyName = generator.emitLoad(nullptr, *node.name());
@@ -911 +919 @@
 RegisterID* BaseDotNode::emitGetPropertyValue(BytecodeGenerator& generator, RegisterID* dst, RegisterID* base, RefPtr<RegisterID>& thisValue)
 {
-    if (isPrivateField()) {
+    if (isPrivateMember()) {
+        if (generator.isPrivateMethod(identifier())) {
+            Variable var = generator.variable(identifier());
+            RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
+
+            RegisterID* privateBrandSymbol = generator.emitGetPrivateBrand(generator.newTemporary(), scope.get());
+            generator.emitCheckPrivateBrand(base, privateBrandSymbol);
+
+            return generator.emitGetFromScope(dst, scope.get(), var, ThrowIfNotFound);
+        }
+
         Variable var = generator.variable(m_ident);
         ASSERT_WITH_MESSAGE(!var.local(), "Private Field names must be stored in captured variables");
@@ -918 +936 @@
         RefPtr<RegisterID> privateName = generator.newTemporary();
         generator.emitGetFromScope(privateName.get(), scope.get(), var, DoNotThrowIfNotFound);
-        return generator.emitDirectGetByVal(dst, base, privateName.get());
+        return generator.emitGetPrivateName(dst, base, privateName.get());
     }
 
@@ -938 +956 @@
 RegisterID* BaseDotNode::emitPutProperty(BytecodeGenerator& generator, RegisterID* base, RegisterID* value, RefPtr<RegisterID>& thisValue)
 {
-    if (isPrivateField()) {
+    if (isPrivateMember()) {
+        auto identifierName = identifier();
+        if (generator.isPrivateMethod(identifierName)) {
+            Variable var = generator.variable(identifierName);
+            RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var);
+
+            RegisterID* privateBrandSymbol = generator.emitGetPrivateBrand(generator.newTemporary(), scope.get());
+            generator.emitCheckPrivateBrand(base, privateBrandSymbol);
+
+            generator.emitThrowTypeError("Trying to access a not defined private setter");
+        }
+
         Variable var = generator.variable(m_ident);
         ASSERT_WITH_MESSAGE(!var.local(), "Private Field names must be stored in captured variables");
@@ -1096 +1125 @@
 
         // Initialize instance fields after super-call.
+        if (Options::usePrivateMethods() && generator.privateBrandRequirement() == PrivateBrandRequirement::Needed)
+            generator.emitInstallPrivateBrand(generator.thisRegister());
+
         if (generator.needsClassFieldInitializer() == NeedsClassFieldInitializer::Yes) {
             ASSERT(generator.isConstructor() || generator.isDerivedConstructorContext());
@@ -1101 +1133 @@
             generator.emitInstanceFieldInitializationIfNeeded(generator.thisRegister(), func.get(), divot(), divotStart(), divotEnd());
         }
-
         return ret;
     }
@@ -2255 +2286 @@
     generator.emitExpressionInfo(dotAccessor->divot(), dotAccessor->divotStart(), dotAccessor->divotEnd());
 
-    if (dotAccessor->isPrivateField()) {
+    if (dotAccessor->isPrivateMember()) {
         ASSERT(!baseIsSuper);
         Variable var = generator.variable(ident);
@@ -2262 +2293 @@
         generator.emitGetFromScope(privateName.get(), scope.get(), var, DoNotThrowIfNotFound);
 
-        RefPtr<RegisterID> value = generator.emitDirectGetByVal(generator.newTemporary(), base.get(), privateName.get());
+        RefPtr<RegisterID> value = generator.emitGetPrivateName(generator.newTemporary(), base.get(), privateName.get());
         RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.tempDestination(dst), value.get(), m_operator);
         generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
@@ -2494 +2525 @@
     generator.emitExpressionInfo(dotAccessor->divot(), dotAccessor->divotStart(), dotAccessor->divotEnd());
     RegisterID* value;
-    if (dotAccessor->isPrivateField()) {
+    if (dotAccessor->isPrivateMember()) {
         ASSERT(!baseNode->isSuperNode());
         Variable var = generator.variable(ident);
@@ -2501 +2532 @@
         generator.emitGetFromScope(privateName.get(), scope.get(), var, DoNotThrowIfNotFound);
 
-        value = generator.emitDirectGetByVal(propDst.get(), base.get(), privateName.get());
+        value = generator.emitGetPrivateName(propDst.get(), base.get(), privateName.get());
         emitIncOrDec(generator, value, m_operator);
         generator.emitExpressionInfo(divot(), divotStart(), divotEnd());
@@ -4916 +4947 @@
         generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested);
 
+    bool hasPrivateNames = !!m_lexicalVariables.privateNamesSize();
+    bool shouldEmitPrivateBrand = m_lexicalVariables.hasPrivateMethodOrAccessor();
+    if (hasPrivateNames)
+        generator.pushPrivateAccessNames(m_lexicalVariables.privateNameEnvironment());
+    if (shouldEmitPrivateBrand)
+        generator.emitCreatePrivateBrand(generator.scopeRegister(), m_position, m_position, m_position);
+
     RefPtr<RegisterID> superclass;
     if (m_classHeritage) {
@@ -4926 +4964 @@
 
     auto needsClassFieldInitializer = this->hasInstanceFields() ? NeedsClassFieldInitializer::Yes : NeedsClassFieldInitializer::No;
-
+    auto privateBrandRequirement = shouldEmitPrivateBrand ? PrivateBrandRequirement::Needed : PrivateBrandRequirement::None;
     if (m_constructorExpression) {
         ASSERT(m_constructorExpression->isFuncExprNode());
@@ -4933 +4971 @@
         metadata->setClassSource(m_classSource);
         metadata->setNeedsClassFieldInitializer(needsClassFieldInitializer == NeedsClassFieldInitializer::Yes);
+        metadata->setPrivateBrandRequirement(privateBrandRequirement);
         constructor = generator.emitNode(constructor.get(), m_constructorExpression);
         needsHomeObject = m_classHeritage || metadata->superBinding() == SuperBinding::Needed;
     } else
-        constructor = generator.emitNewDefaultConstructor(constructor.get(), m_classHeritage ? ConstructorKind::Extends : ConstructorKind::Base, m_name, ecmaName(), m_classSource, needsClassFieldInitializer);
+        constructor = generator.emitNewDefaultConstructor(constructor.get(), m_classHeritage ? ConstructorKind::Extends : ConstructorKind::Base, m_name, ecmaName(), m_classSource, needsClassFieldInitializer, privateBrandRequirement);
 
     const auto& propertyNames = generator.propertyNames();
@@ -5014 +5053 @@
     if (m_needsLexicalScope)
         generator.popLexicalScope(this);
+
+    if (hasPrivateNames)
+        generator.popPrivateAccessNames();
 
     return generator.move(generator.finalDestination(dst, constructor.get()), constructor.get());

trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp

@@ -260 +260 @@
 
     TDZEnvironment variablesUnderTDZ;
-    VariableEnvironment privateNames;
-    JSScope::collectClosureVariablesUnderTDZ(scope()->jsScope(), variablesUnderTDZ, privateNames);
+    PrivateNameEnvironment privateNameEnvironment;
+    JSScope::collectClosureVariablesUnderTDZ(scope()->jsScope(), variablesUnderTDZ, privateNameEnvironment);
 
     ECMAMode ecmaMode = codeBlock->ownerExecutable()->isInStrictContext() ? ECMAMode::strict() : ECMAMode::sloppy();
-    auto* eval = DirectEvalExecutable::create(globalObject, makeSource(script, callFrame->callerSourceOrigin(vm)), codeBlock->unlinkedCodeBlock()->derivedContextType(), codeBlock->unlinkedCodeBlock()->needsClassFieldInitializer(), codeBlock->unlinkedCodeBlock()->isArrowFunction(), codeBlock->ownerExecutable()->isInsideOrdinaryFunction(), evalContextType, &variablesUnderTDZ, &privateNames, ecmaMode);
+    auto* eval = DirectEvalExecutable::create(globalObject, makeSource(script, callFrame->callerSourceOrigin(vm)), codeBlock->unlinkedCodeBlock()->derivedContextType(), codeBlock->unlinkedCodeBlock()->needsClassFieldInitializer(), codeBlock->unlinkedCodeBlock()->privateBrandRequirement(), codeBlock->unlinkedCodeBlock()->isArrowFunction(), codeBlock->ownerExecutable()->isInsideOrdinaryFunction(), evalContextType, &variablesUnderTDZ, &privateNameEnvironment, ecmaMode);
     if (UNLIKELY(catchScope.exception())) {
         exception = catchScope.exception();

trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

@@ -31 +31 @@
 #include "ArrayPrototype.h"
 #include "CacheableIdentifierInlines.h"
+#include "CheckPrivateBrandStatus.h"
 #include "DFGAbstractInterpreter.h"
 #include "DFGAbstractInterpreterClobberState.h"
@@ -48 +49 @@
 #include "NumberConstructor.h"
 #include "PutByIdStatus.h"
+#include "SetPrivateBrandStatus.h"
 #include "StringObject.h"
 #include "StructureCache.h"
@@ -4080 +4082 @@
     }
 
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
     case PutPrivateName: {
         clobberWorld();
@@ -4410 +4414 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
     case ClearCatchLocals:
         break;
@@ -4597 +4603 @@
         break;
     }
+
+    case FilterCheckPrivateBrandStatus: {
+        AbstractValue& value = forNode(node->child1());
+        if (value.m_structure.isFinite())
+            node->checkPrivateBrandStatus()->filter(value.m_structure.toStructureSet());
+        break;
+    }
+
+    case FilterSetPrivateBrandStatus: {
+        AbstractValue& value = forNode(node->child1());
+        if (value.m_structure.isFinite())
+            node->setPrivateBrandStatus()->filter(value.m_structure.toStructureSet());
+        break;
+    }
+
 
     default:

trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp

@@ -407 +407 @@
                 case FilterInByIdStatus:
                 case FilterDeleteByStatus:
+                case FilterCheckPrivateBrandStatus:
+                case FilterSetPrivateBrandStatus:
                     break;
 
@@ -1267 +1269 @@
                 case FilterCallLinkStatus:
                 case FilterInByIdStatus:
-                case FilterDeleteByStatus: {
+                case FilterDeleteByStatus:
+                case FilterCheckPrivateBrandStatus:
+                case FilterSetPrivateBrandStatus: {
                     if (!isEliminatedAllocation(node->child1().node()))
                         break;

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -38 +38 @@
 #include "CacheableIdentifierInlines.h"
 #include "CallLinkStatus.h"
+#include "CheckPrivateBrandStatus.h"
 #include "CodeBlock.h"
 #include "CodeBlockWithJITType.h"
@@ -75 +76 @@
 #include "PutByIdStatus.h"
 #include "RegExpPrototype.h"
+#include "SetPrivateBrandStatus.h"
 #include "StackAlignment.h"
 #include "StringConstructor.h"
@@ -6260 +6262 @@
 
             NEXT_OPCODE(op_put_by_val_with_this);
+        }
+
+        case op_check_private_brand: {
+            auto bytecode = currentInstruction->as<OpCheckPrivateBrand>();
+            Node* base = get(bytecode.m_base);
+            Node* brand = get(bytecode.m_brand);
+            bool compiledAsCheckStructure = false;
+
+            CheckPrivateBrandStatus checkStatus = CheckPrivateBrandStatus::computeFor(
+                m_inlineStackTop->m_profiledBlock,
+                m_inlineStackTop->m_baselineMap, m_icContextStack,
+                currentCodeOrigin());
+
+            if (!m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadIdent)
+                && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadType)
+                && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadConstantValue)) {
+
+                if (CacheableIdentifier identifier = checkStatus.singleIdentifier()) {
+                    m_graph.identifiers().ensure(identifier.uid());
+                    ASSERT(identifier.isSymbol());
+                    FrozenValue* frozen = m_graph.freezeStrong(identifier.cell());
+                    addToGraph(CheckIsConstant, OpInfo(frozen), brand);
+
+                    if (checkStatus.isSimple() && checkStatus.variants().size() && Options::useAccessInlining()) {
+                        ASSERT(checkStatus.variants().size() == 1); // If we have single identifier, we should have only 1 variant.
+                        CheckPrivateBrandVariant variant = checkStatus.variants()[0];
+
+                        addToGraph(FilterCheckPrivateBrandStatus, OpInfo(m_graph.m_plan.recordedStatuses().addCheckPrivateBrandStatus(currentCodeOrigin(), checkStatus)), base);
+                        addToGraph(CheckStructure, OpInfo(m_graph.addStructureSet(variant.structureSet())), base);
+
+                        compiledAsCheckStructure = true;
+                    }
+                }
+            }
+
+            if (!compiledAsCheckStructure)
+                addToGraph(CheckPrivateBrand, base, brand);
+
+            NEXT_OPCODE(op_check_private_brand);
+        }
+
+        case op_set_private_brand: {
+            auto bytecode = currentInstruction->as<OpSetPrivateBrand>();
+            Node* base = get(bytecode.m_base);
+            Node* brand = get(bytecode.m_brand);
+
+            bool inlinedSetPrivateBrand = false;
+            SetPrivateBrandStatus setStatus = SetPrivateBrandStatus::computeFor(
+                m_inlineStackTop->m_profiledBlock,
+                m_inlineStackTop->m_baselineMap, m_icContextStack,
+                currentCodeOrigin());
+
+            if (!m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadIdent)
+                && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadType)
+                && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadConstantValue)) {
+
+                if (CacheableIdentifier identifier = setStatus.singleIdentifier()) {
+                    ASSERT(identifier.isSymbol());
+                    FrozenValue* frozen = m_graph.freezeStrong(identifier.cell());
+                    addToGraph(CheckIsConstant, OpInfo(frozen), brand);
+
+
+                    // FIXME: We should include a MultiSetPrivateBrand to handle polymorphic cases
+                    // https://bugs.webkit.org/show_bug.cgi?id=221570
+                    if (setStatus.isSimple() && setStatus.variants().size() == 1 && Options::useAccessInlining()) {
+                        SetPrivateBrandVariant variant = setStatus.variants()[0];
+
+                        addToGraph(FilterSetPrivateBrandStatus, OpInfo(m_graph.m_plan.recordedStatuses().addSetPrivateBrandStatus(currentCodeOrigin(), setStatus)), base);
+                        addToGraph(CheckStructure, OpInfo(m_graph.addStructureSet(variant.oldStructure())), base);
+                        ASSERT(variant.oldStructure()->transitionWatchpointSetHasBeenInvalidated());
+                        ASSERT(variant.newStructure());
+
+                        Transition* transition = m_graph.m_transitions.add(
+                            m_graph.registerStructure(variant.oldStructure()), m_graph.registerStructure(variant.newStructure()));
+
+                        addToGraph(PutStructure, OpInfo(transition), base);
+
+                        inlinedSetPrivateBrand = true;
+                    }
+                }
+            }
+
+            if (!inlinedSetPrivateBrand)
+                addToGraph(SetPrivateBrand, base, brand);
+
+            NEXT_OPCODE(op_set_private_brand);
         }
 

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

@@ -295 +295 @@
     case op_get_private_name:
     case op_put_private_name:
+    case op_set_private_brand:
+    case op_check_private_brand:
         return CanCompileAndInline;
 

trunk/Source/JavaScriptCore/dfg/DFGClobberize.h

@@ -506 +506 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
         write(SideState);
         return;
@@ -678 +680 @@
     case GetPrivateName:
     case GetPrivateNameById:
+    // FIXME: We should have a better cloberize rule for both CheckPrivateBrand and SetPrivateBrand
+    // https://bugs.webkit.org/show_bug.cgi?id=221571
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
     case DefineDataProperty:
     case DefineAccessorProperty:

trunk/Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp

@@ -85 +85 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
     case TryGetById:
         // These do clobber memory, but nothing that is observable. It may be nice to separate the

trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp

@@ -251 +251 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
     case DateGetInt32OrNaN:
     case DateGetTime:
@@ -328 +330 @@
     case GetPrivateName:
     case GetPrivateNameById:
+    case SetPrivateBrand:
+    case CheckPrivateBrand:
     case PutStack:
     case PutToArguments:

trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

@@ -1974 +1974 @@
 
 
+        case SetPrivateBrand: {
+            fixEdge<CellUse>(node->child1());
+            fixEdge<SymbolUse>(node->child2());
+            break;
+        }
+
+        case CheckPrivateBrand:
         case PutPrivateName: {
             fixEdge<SymbolUse>(node->child2());
@@ -2870 +2877 @@
         case FilterInByIdStatus:
         case FilterDeleteByStatus:
+        case FilterCheckPrivateBrandStatus:
+        case FilterSetPrivateBrandStatus:
         case InvalidationPoint:
         case CreateArgumentsButterfly:

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@ -246 +246 @@
     finalizeInlineCaches(m_inByIds, linkBuffer);
     finalizeInlineCaches(m_instanceOfs, linkBuffer);
+    finalizeInlineCaches(m_privateBrandAccesses, linkBuffer);
 
     auto linkCallThunk = FunctionPtr<NoPtrTag>(vm().getCTIStub(linkCallThunkGenerator).retaggedCode<NoPtrTag>());

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h

@@ -213 +213 @@
     }
 
+    void addPrivateBrandAccess(const JITPrivateBrandAccessGenerator& gen, SlowPathGenerator* slowPath)
+    {
+        m_privateBrandAccesses.append(InlineCacheWrapper<JITPrivateBrandAccessGenerator>(gen, slowPath));
+    }
+
     void addJSCall(Call fastCall, Call slowCall, DataLabelPtr targetToCheck, CallLinkInfo* info)
     {
@@ -363 +368 @@
     Vector<InlineCacheWrapper<JITInByIdGenerator>, 4> m_inByIds;
     Vector<InlineCacheWrapper<JITInstanceOfGenerator>, 4> m_instanceOfs;
+    Vector<InlineCacheWrapper<JITPrivateBrandAccessGenerator>, 4> m_privateBrandAccesses;
     Vector<JSCallRecord, 4> m_jsCalls;
     Vector<JSDirectCallRecord, 4> m_jsDirectCalls;

trunk/Source/JavaScriptCore/dfg/DFGMayExit.cpp

@@ -109 +109 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
         break;
 

trunk/Source/JavaScriptCore/dfg/DFGNode.h

@@ -30 +30 @@
 #include "B3SparseCollection.h"
 #include "BasicBlockLocation.h"
+#include "CheckPrivateBrandVariant.h"
 #include "CodeBlock.h"
 #include "DFGAdjacencyList.h"
@@ -55 +56 @@
 #include "PrivateFieldPutKind.h"
 #include "PutByIdVariant.h"
+#include "SetPrivateBrandVariant.h"
 #include "SpeculatedType.h"
 #include "TypeLocation.h"
@@ -3141 +3143 @@
     }
 
+    bool hasCheckPrivateBrandStatus()
+    {
+        return op() == FilterCheckPrivateBrandStatus;
+    }
+
+    CheckPrivateBrandStatus* checkPrivateBrandStatus()
+    {
+        ASSERT(hasCheckPrivateBrandStatus());
+        return m_opInfo.as<CheckPrivateBrandStatus*>();
+    }
+
+    bool hasSetPrivateBrandStatus()
+    {
+        return op() == FilterSetPrivateBrandStatus;
+    }
+
+    SetPrivateBrandStatus* setPrivateBrandStatus()
+    {
+        ASSERT(hasSetPrivateBrandStatus());
+        return m_opInfo.as<SetPrivateBrandStatus*>();
+    }
+
     void dumpChildren(PrintStream& out)
     {

trunk/Source/JavaScriptCore/dfg/DFGNodeType.h

@@ -213 +213 @@
     macro(PutPrivateName, NodeMustGenerate) \
     macro(PutPrivateNameById, NodeMustGenerate) \
+    macro(CheckPrivateBrand, NodeMustGenerate) \
+    macro(SetPrivateBrand, NodeMustGenerate) \
     macro(TryGetById, NodeResultJS) \
     macro(GetById, NodeResultJS | NodeMustGenerate) \
@@ -545 +547 @@
     macro(FilterPutByIdStatus, NodeMustGenerate) \
     macro(FilterDeleteByStatus, NodeMustGenerate) \
+    macro(FilterCheckPrivateBrandStatus, NodeMustGenerate) \
+    macro(FilterSetPrivateBrandStatus, NodeMustGenerate) \
     /* Data view access */ \
     macro(DataViewGetInt, NodeMustGenerate | NodeResultJS) /* The gets are must generate for now because they do bounds checks */ \

trunk/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp

@@ -1262 +1262 @@
         case FilterInByIdStatus:
         case FilterDeleteByStatus:
+        case FilterCheckPrivateBrandStatus:
+        case FilterSetPrivateBrandStatus:
             break;
 
@@ -2612 +2614 @@
                 case FilterInByIdStatus:
                 case FilterDeleteByStatus:
+                case FilterCheckPrivateBrandStatus:
+                case FilterSetPrivateBrandStatus:
                     if (node->child1()->isPhantomAllocation())
                         node->removeWithoutChecks();

trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

@@ -1389 +1389 @@
         case PutPrivateName:
         case PutPrivateNameById:
+        case SetPrivateBrand:
+        case CheckPrivateBrand:
         case PutClosureVar:
         case PutInternalField:
@@ -1455 +1457 @@
         case FilterInByIdStatus:
         case FilterDeleteByStatus:
+        case FilterCheckPrivateBrandStatus:
+        case FilterSetPrivateBrandStatus:
         case ClearCatchLocals:
         case DataViewSet:

trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h

@@ -363 +363 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
         // We don't want these to be moved anywhere other than where we put them, since we want them
         // to capture "profiling" at the point in control flow here the user put them.
@@ -533 +535 @@
     case GetPrivateName:
     case GetPrivateNameById:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
     case DefineDataProperty:
     case DefineAccessorProperty:

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

@@ -3689 +3689 @@
     auto putKind = node->privateFieldPutKind().isDefine() ? PutKind::DirectPrivateFieldDefine : PutKind::DirectPrivateFieldSet;
     cachedPutById(node->origin.semantic, baseGPR, valueRegs, scratchGPR, node->cacheableIdentifier(), putKind, ECMAMode::strict());
+
+    noResult(node);
+}
+
+void SpeculativeJIT::compileCheckPrivateBrand(Node* node)
+{
+    JSValueOperand base(this, node->child1());
+    SpeculateCellOperand brandValue(this, node->child2());
+
+    JSValueRegs baseRegs = base.jsValueRegs();
+
+    GPRReg brandGPR = brandValue.gpr();
+
+    speculateSymbol(node->child2(), brandGPR);
+
+    CodeOrigin codeOrigin = node->origin.semantic;
+    CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
+    RegisterSet usedRegisters = this->usedRegisters();
+
+    JITCompiler::JumpList slowCases;
+    if (needsTypeCheck(node->child1(), SpecCell))
+        slowCases.append(m_jit.branchIfNotCell(baseRegs));
+
+    JITPrivateBrandAccessGenerator gen(
+        m_jit.codeBlock(), codeOrigin, callSite, AccessType::CheckPrivateBrand, usedRegisters,
+        baseRegs, JSValueRegs::payloadOnly(brandGPR));
+
+    gen.stubInfo()->propertyIsSymbol = true;
+    gen.generateFastPath(m_jit);
+    slowCases.append(gen.slowPathJump());
+
+    std::unique_ptr<SlowPathGenerator> slowPath = slowPathCall(
+        slowCases, this, operationCheckPrivateBrandOptimize, NoResult,
+        TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), baseRegs, CCallHelpers::CellValue(brandGPR));
+
+    m_jit.addPrivateBrandAccess(gen, slowPath.get());
+    addSlowPathGenerator(WTFMove(slowPath));
+
+    noResult(node);
+}
+
+void SpeculativeJIT::compileSetPrivateBrand(Node* node)
+{
+    ASSERT(node->child1().useKind() == CellUse);
+    SpeculateCellOperand base(this, node->child1());
+    SpeculateCellOperand brandValue(this, node->child2());
+
+    GPRReg baseGPR = base.gpr();
+    GPRReg brandGPR = brandValue.gpr();
+
+    speculateSymbol(node->child2(), brandGPR);
+
+    CodeOrigin codeOrigin = node->origin.semantic;
+    CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
+    RegisterSet usedRegisters = this->usedRegisters();
+
+    JITCompiler::JumpList slowCases;
+    JITPrivateBrandAccessGenerator gen(
+        m_jit.codeBlock(), codeOrigin, callSite, AccessType::SetPrivateBrand, usedRegisters,
+        JSValueRegs::payloadOnly(baseGPR), JSValueRegs::payloadOnly(brandGPR));
+
+    gen.stubInfo()->propertyIsSymbol = true;
+    gen.generateFastPath(m_jit);
+    slowCases.append(gen.slowPathJump());
+
+    std::unique_ptr<SlowPathGenerator> slowPath = slowPathCall(
+        slowCases, this, operationSetPrivateBrandOptimize, NoResult, 
+        TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(), CCallHelpers::CellValue(baseGPR), CCallHelpers::CellValue(brandGPR));
+
+    m_jit.addPrivateBrandAccess(gen, slowPath.get());
+    addSlowPathGenerator(WTFMove(slowPath));
 
     noResult(node);

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

@@ -1374 +1374 @@
     void compilePutPrivateName(Node*);
     void compilePutPrivateNameById(Node*);
+    void compileCheckPrivateBrand(Node*);
+    void compileSetPrivateBrand(Node*);
     void compileGetByOffset(Node*);
     void compilePutByOffset(Node*);

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -2607 +2607 @@
     }
 
+    case CheckPrivateBrand: {
+        compileCheckPrivateBrand(node);
+        break;
+    }
+
+    case SetPrivateBrand: {
+        compileSetPrivateBrand(node);
+        break;
+    }
+
     case PutByValDirect:
     case PutByVal:
@@ -4242 +4252 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
         m_interpreter.filterICStatus(node);
         noResult(node);

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -2964 +2964 @@
     case PutPrivateNameById: {
         compilePutPrivateNameById(node);
+        break;
+    }
+
+    case CheckPrivateBrand: {
+        compileCheckPrivateBrand(node);
+        break;
+    }
+
+    case SetPrivateBrand: {
+        compileSetPrivateBrand(node);
         break;
     }
@@ -5688 +5698 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
         m_interpreter.filterICStatus(node);
         noResult(node);

trunk/Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp

@@ -274 +274 @@
             }
 
+            case SetPrivateBrand:
             case PutById:
             case PutByIdFlush:

trunk/Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.cpp

@@ -200 +200 @@
             case FilterInByIdStatus:
             case FilterDeleteByStatus:
+            case FilterCheckPrivateBrandStatus:
+            case FilterSetPrivateBrandStatus:
                 break;
 
@@ -403 +405 @@
             case FilterInByIdStatus:
             case FilterDeleteByStatus:
+            case FilterCheckPrivateBrandStatus:
+            case FilterSetPrivateBrandStatus:
                 if (node->child1().node() == candidate)
                     node->remove(m_graph);

trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp

@@ -401 +401 @@
     case GetPrivateName:
     case GetPrivateNameById:
+    case CheckPrivateBrand:
+    case SetPrivateBrand:
     case MatchStructure:
     case FilterCallLinkStatus:
@@ -407 +409 @@
     case FilterInByIdStatus:
     case FilterDeleteByStatus:
+    case FilterCheckPrivateBrandStatus:
+    case FilterSetPrivateBrandStatus:
     case CreateThis:
     case CreatePromise:

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

@@ -962 +962 @@
             compileInByVal();
             break;
+        case CheckPrivateBrand:
+            compileCheckPrivateBrand();
+            break;
+        case SetPrivateBrand:
+            compileSetPrivateBrand();
+            break;
         case HasOwnProperty:
             compileHasOwnProperty();
@@ -1639 +1645 @@
         case FilterInByIdStatus:
         case FilterDeleteByStatus:
+        case FilterCheckPrivateBrandStatus:
+        case FilterSetPrivateBrandStatus:
             compileFilterICStatus();
             break;
@@ -4082 +4090 @@
             setJSValue(m_out.phi(Int64, cellResult, notCellResult));
         }
+    }
+
+    void compilePrivateBrandAccess(LValue base, LValue brand, AccessType accessType)
+    {
+        Node* node = m_node;
+        PatchpointValue* patchpoint = m_out.patchpoint(Void);
+        patchpoint->appendSomeRegister(base);
+        patchpoint->appendSomeRegister(brand);
+        patchpoint->append(m_notCellMask, ValueRep::lateReg(GPRInfo::notCellMaskRegister));
+        patchpoint->append(m_numberTag, ValueRep::lateReg(GPRInfo::numberTagRegister));
+        patchpoint->clobber(RegisterSet::macroScratchRegisters());
+
+        RefPtr<PatchpointExceptionHandle> exceptionHandle = preparePatchpointForExceptions(patchpoint);
+
+        State* state = &m_ftlState;
+        bool baseIsCell = abstractValue(m_node->child1()).isType(SpecCell);
+        patchpoint->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+            AllowMacroScratchRegisterUsage allowScratch(jit);
+
+            CallSiteIndex callSiteIndex = state->jitCode->common.codeOrigins->addUniqueCallSiteIndex(node->origin.semantic);
+
+            // This is the direct exit target for operation calls.
+            Box<CCallHelpers::JumpList> exceptions = exceptionHandle->scheduleExitCreation(params)->jumps(jit);
+
+            // This is the exit for call IC's created by the IC for getters. We don't have
+            // to do anything weird other than call this, since it will associate the exit with
+            // the callsite index.
+            exceptionHandle->scheduleExitCreationForUnwind(params, callSiteIndex);
+
+            GPRReg baseGPR = params[0].gpr();
+            GPRReg brandGPR = params[1].gpr();
+
+            auto generator = Box<JITPrivateBrandAccessGenerator>::create(
+                jit.codeBlock(), node->origin.semantic, callSiteIndex, accessType,
+                params.unavailableRegisters(), JSValueRegs(baseGPR), JSValueRegs(brandGPR));
+
+            CCallHelpers::Jump notCell;
+            if (!baseIsCell)
+                notCell = jit.branchIfNotCell(baseGPR);
+
+            generator->generateFastPath(jit);
+            CCallHelpers::Label done = jit.label();
+
+            params.addLatePath([=] (CCallHelpers& jit) {
+                AllowMacroScratchRegisterUsage allowScratch(jit);
+
+                auto appropriatePrivateAccessFunction = [=] (AccessType type) -> decltype(&operationCheckPrivateBrandOptimize) {
+                    switch (type) {
+                    case AccessType::CheckPrivateBrand:
+                        return operationCheckPrivateBrandOptimize;
+                    case AccessType::SetPrivateBrand:
+                        return operationSetPrivateBrandOptimize;
+                    default:
+                        RELEASE_ASSERT_NOT_REACHED();
+                        return nullptr;
+                    }
+                };
+
+                if (notCell.isSet())
+                    notCell.link(&jit);
+                generator->slowPathJump().link(&jit);
+                CCallHelpers::Label slowPathBegin = jit.label();
+                CCallHelpers::Call slowPathCall = callOperation(
+                    *state, params.unavailableRegisters(), jit, node->origin.semantic,
+                    exceptions.get(), appropriatePrivateAccessFunction(accessType), InvalidGPRReg,
+                    jit.codeBlock()->globalObjectFor(node->origin.semantic),
+                    CCallHelpers::TrustedImmPtr(generator->stubInfo()), baseGPR, brandGPR).call();
+                jit.jump().linkTo(done, &jit);
+
+                generator->reportSlowPathCall(slowPathBegin, slowPathCall);
+
+                jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+                    generator->finalize(linkBuffer, linkBuffer);
+                });
+            });
+        });
+    }
+
+    void compileCheckPrivateBrand()
+    {
+        compilePrivateBrandAccess(lowJSValue(m_node->child1()), lowSymbol(m_node->child2()), AccessType::CheckPrivateBrand);
+    }
+
+    void compileSetPrivateBrand()
+    {
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == CellUse, m_node->child1().useKind());
+        compilePrivateBrandAccess(lowCell(m_node->child1()), lowSymbol(m_node->child2()), AccessType::SetPrivateBrand);
     }
 

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -145 +145 @@
         
         TDZEnvironment variablesUnderTDZ;
-        VariableEnvironment privateNames;
-        JSScope::collectClosureVariablesUnderTDZ(callerScopeChain, variablesUnderTDZ, privateNames);
-        eval = DirectEvalExecutable::create(globalObject, makeSource(programSource, callerCodeBlock->source().provider()->sourceOrigin()), derivedContextType, callerUnlinkedCodeBlock->needsClassFieldInitializer(), isArrowFunctionContext, callerCodeBlock->ownerExecutable()->isInsideOrdinaryFunction(), evalContextType, &variablesUnderTDZ, &privateNames, ecmaMode);
+        PrivateNameEnvironment privateNameEnvironment;
+        JSScope::collectClosureVariablesUnderTDZ(callerScopeChain, variablesUnderTDZ, privateNameEnvironment);
+        eval = DirectEvalExecutable::create(globalObject, makeSource(programSource, callerCodeBlock->source().provider()->sourceOrigin()), derivedContextType, callerUnlinkedCodeBlock->needsClassFieldInitializer(), callerUnlinkedCodeBlock->privateBrandRequirement(), isArrowFunctionContext, callerCodeBlock->ownerExecutable()->isInsideOrdinaryFunction(), evalContextType, &variablesUnderTDZ, &privateNameEnvironment, ecmaMode);
         EXCEPTION_ASSERT(!!scope.exception() == !eval);
         if (!eval)

trunk/Source/JavaScriptCore/jit/ICStats.h

@@ -76 +76 @@
     macro(OperationGetPrivateNameById) \
     macro(OperationGetPrivateNameByIdOptimize) \
-    macro(OperationGetPrivateNameByIdGeneric)
+    macro(OperationGetPrivateNameByIdGeneric) \
+    macro(CheckPrivateBrandAddAccessCase) \
+    macro(SetPrivateBrandAddAccessCase) \
+    macro(CheckPrivateBrandReplaceWithJump) \
+    macro(SetPrivateBrandReplaceWithJump)
 
 class ICEvent {

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -359 +359 @@
         DEFINE_OP(op_get_by_val)
         DEFINE_OP(op_get_private_name)
+        DEFINE_OP(op_set_private_brand)
+        DEFINE_OP(op_check_private_brand)
         DEFINE_OP(op_get_prototype_of)
         DEFINE_OP(op_overrides_has_instance)
@@ -509 +511 @@
     m_delByIdIndex = 0;
     m_instanceOfIndex = 0;
+    m_privateBrandAccessIndex = 0;
     m_byValInstructionIndex = 0;
     m_callLinkInfoIndex = 0;
@@ -565 +568 @@
         DEFINE_SLOWCASE_OP(op_get_by_val)
         DEFINE_SLOWCASE_OP(op_get_private_name)
+        DEFINE_SLOWCASE_OP(op_set_private_brand)
+        DEFINE_SLOWCASE_OP(op_check_private_brand)
         DEFINE_SLOWCASE_OP(op_instanceof)
         DEFINE_SLOWCASE_OP(op_instanceof_custom)
@@ -655 +660 @@
     RELEASE_ASSERT(m_inByIdIndex == m_inByIds.size());
     RELEASE_ASSERT(m_instanceOfIndex == m_instanceOfs.size());
+    RELEASE_ASSERT(m_privateBrandAccessIndex == m_privateBrandAccesses.size());
     RELEASE_ASSERT(m_callLinkInfoIndex == m_callCompilationInfo.size());
 
@@ -903 +909 @@
     finalizeInlineCaches(m_inByIds, patchBuffer);
     finalizeInlineCaches(m_instanceOfs, patchBuffer);
+    finalizeInlineCaches(m_privateBrandAccesses, patchBuffer);
 
     if (m_byValCompilationInfo.size()) {

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -564 +564 @@
         void emit_op_get_by_val(const Instruction*);
         void emit_op_get_private_name(const Instruction*);
+        void emit_op_set_private_brand(const Instruction*);
+        void emit_op_check_private_brand(const Instruction*);
         void emit_op_get_argument_by_val(const Instruction*);
         void emit_op_get_prototype_of(const Instruction*);
@@ -696 +698 @@
         void emitSlow_op_get_by_val(const Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_get_private_name(const Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_set_private_brand(const Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_check_private_brand(const Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_get_argument_by_val(const Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_in_by_id(const Instruction*, Vector<SlowCaseEntry>::iterator&);
@@ -986 +990 @@
         Vector<JITDelByValGenerator> m_delByVals;
         Vector<JITInstanceOfGenerator> m_instanceOfs;
+        Vector<JITPrivateBrandAccessGenerator> m_privateBrandAccesses;
         Vector<ByValCompilationInfo> m_byValCompilationInfo;
         Vector<CallCompilationInfo> m_callCompilationInfo;
@@ -1009 +1014 @@
         unsigned m_delByIdIndex { UINT_MAX };
         unsigned m_instanceOfIndex { UINT_MAX };
+        unsigned m_privateBrandAccessIndex { UINT_MAX };
         unsigned m_byValInstructionIndex { UINT_MAX };
         unsigned m_callLinkInfoIndex { UINT_MAX };

trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp

@@ -325 +325 @@
 }
 
+JITPrivateBrandAccessGenerator::JITPrivateBrandAccessGenerator(CodeBlock* codeBlock, CodeOrigin codeOrigin, CallSiteIndex callSiteIndex, AccessType accessType, const RegisterSet& usedRegisters, JSValueRegs base, JSValueRegs brand)
+    : Base(codeBlock, codeOrigin, callSiteIndex, accessType, usedRegisters)
+{
+    ASSERT(accessType == AccessType::CheckPrivateBrand || accessType == AccessType::SetPrivateBrand);
+    m_stubInfo->hasConstantIdentifier = false;
+
+    m_stubInfo->baseGPR = base.payloadGPR();
+    m_stubInfo->regs.brandGPR = brand.payloadGPR();
+    m_stubInfo->valueGPR = InvalidGPRReg;
+#if USE(JSVALUE32_64)
+    m_stubInfo->baseTagGPR = base.tagGPR();
+    m_stubInfo->v.brandTagGPR = brand.tagGPR();
+    m_stubInfo->valueTagGPR = InvalidGPRReg;
+#endif
+}
+
+void JITPrivateBrandAccessGenerator::generateFastPath(MacroAssembler& jit)
+{
+    m_start = jit.label();
+    m_slowPathJump = jit.patchableJump();
+    m_done = jit.label();
+}
+
+void JITPrivateBrandAccessGenerator::finalize(
+    LinkBuffer& fastPath, LinkBuffer& slowPath)
+{
+    ASSERT(m_start.isSet());
+    Base::finalize(
+        fastPath, slowPath, fastPath.locationOf<JITStubRoutinePtrTag>(m_start));
+}
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h

@@ -247 +247 @@
     JSValueRegs m_base;
     JSValueRegs m_result;
-    JSValueRegs m_;
-
+
+    MacroAssembler::Label m_start;
+    MacroAssembler::PatchableJump m_slowPathJump;
+};
+
+class JITPrivateBrandAccessGenerator : public JITInlineCacheGenerator {
+    using Base = JITInlineCacheGenerator;
+public:
+    JITPrivateBrandAccessGenerator() { }
+
+    JITPrivateBrandAccessGenerator(
+        CodeBlock*, CodeOrigin, CallSiteIndex, AccessType, const RegisterSet& usedRegisters,
+        JSValueRegs base, JSValueRegs brand);
+
+    MacroAssembler::Jump slowPathJump() const
+    {
+        ASSERT(m_slowPathJump.m_jump.isSet());
+        return m_slowPathJump.m_jump;
+    }
+
+    void finalize(
+        LinkBuffer& fastPathLinkBuffer, LinkBuffer& slowPathLinkBuffer);
+    
+    void generateFastPath(MacroAssembler&);
+
+private:
     MacroAssembler::Label m_start;
     MacroAssembler::PatchableJump m_slowPathJump;

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -1093 +1093 @@
     RELEASE_ASSERT(baseValue.isObject());
     directPutByVal(globalObject, asObject(baseValue), subscript, value, byValInfo, ecmaMode);
+}
+
+JSC_DEFINE_JIT_OPERATION(operationSetPrivateBrandOptimize, void, (JSGlobalObject* globalObject, StructureStubInfo* stubInfo, EncodedJSValue encodedBaseValue, EncodedJSValue encodedBrand))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSValue baseValue = JSValue::decode(encodedBaseValue);
+    JSValue brand = JSValue::decode(encodedBrand);
+
+    ASSERT(baseValue.isObject());
+    ASSERT(brand.isSymbol());
+
+    JSObject* baseObject = asObject(baseValue);
+    Structure* oldStructure = baseObject->structure(vm);
+    baseObject->setPrivateBrand(globalObject, brand);
+    RETURN_IF_EXCEPTION(scope, void());
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    if (CacheableIdentifier::isCacheableIdentifierCell(brand)) {
+        CacheableIdentifier identifier = CacheableIdentifier::createFromCell(brand.asCell());
+        if (stubInfo->considerCachingBy(vm, codeBlock, baseObject->structure(vm), identifier))
+            repatchSetPrivateBrand(globalObject, codeBlock, baseObject, oldStructure, identifier, *stubInfo);
+    }
+
+}
+
+JSC_DEFINE_JIT_OPERATION(operationSetPrivateBrandGeneric, void, (JSGlobalObject* globalObject, StructureStubInfo* stubInfo, EncodedJSValue encodedBaseValue, EncodedJSValue encodedBrand))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSValue baseValue = JSValue::decode(encodedBaseValue);
+    JSValue brand = JSValue::decode(encodedBrand);
+
+    if (stubInfo)
+        stubInfo->tookSlowPath = true;
+
+    ASSERT(baseValue.isObject());
+    ASSERT(brand.isSymbol());
+
+    JSObject* baseObject = asObject(baseValue);
+    baseObject->setPrivateBrand(globalObject, brand);
+    RETURN_IF_EXCEPTION(scope, void());
+}
+
+JSC_DEFINE_JIT_OPERATION(operationCheckPrivateBrandOptimize, void, (JSGlobalObject* globalObject, StructureStubInfo* stubInfo, EncodedJSValue encodedBaseValue, EncodedJSValue encodedBrand))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSValue baseValue = JSValue::decode(encodedBaseValue);
+    JSValue brand = JSValue::decode(encodedBrand);
+
+    JSObject* baseObject = baseValue.toObject(globalObject);
+    RETURN_IF_EXCEPTION(scope, void());
+
+    ASSERT(brand.isSymbol());
+
+    baseObject->checkPrivateBrand(globalObject, brand);
+    RETURN_IF_EXCEPTION(scope, void());
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    if (CacheableIdentifier::isCacheableIdentifierCell(brand)) {
+        CacheableIdentifier identifier = CacheableIdentifier::createFromCell(brand.asCell());
+        if (stubInfo->considerCachingBy(vm, codeBlock, baseObject->structure(vm), identifier))
+            repatchCheckPrivateBrand(globalObject, codeBlock, baseObject, identifier, *stubInfo);
+    }
+}
+
+JSC_DEFINE_JIT_OPERATION(operationCheckPrivateBrandGeneric, void, (JSGlobalObject* globalObject, StructureStubInfo* stubInfo, EncodedJSValue encodedBaseValue, EncodedJSValue encodedBrand))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSValue baseValue = JSValue::decode(encodedBaseValue);
+    JSValue brand = JSValue::decode(encodedBrand);
+
+    stubInfo->tookSlowPath = true;
+
+    JSObject* baseObject = baseValue.toObject(globalObject);
+    RETURN_IF_EXCEPTION(scope, void());
+
+    ASSERT(brand.isSymbol());
+
+    baseObject->checkPrivateBrand(globalObject, brand);
+    RETURN_IF_EXCEPTION(scope, void());
 }
 
@@ -2277 +2372 @@
 
     JSObject* base = baseValue.toObject(globalObject);
+    RETURN_IF_EXCEPTION(scope, JSValue());
+
     PropertySlot slot(base, PropertySlot::InternalMethodType::GetOwnProperty);
     base->getPrivateField(globalObject, fieldName, slot);
@@ -2383 +2480 @@
     }
 
-    return JSValue::encode(getPrivateName(globalObject, callFrame, baseValue, fieldName));
+    RELEASE_AND_RETURN(scope, JSValue::encode(getPrivateName(globalObject, callFrame, baseValue, fieldName)));
 }
 

trunk/Source/JavaScriptCore/jit/JITOperations.h

@@ -193 +193 @@
 JSC_DECLARE_JIT_OPERATION(operationPutByIdSetPrivateFieldStrictOptimize, void, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, uintptr_t));
 
+JSC_DECLARE_JIT_OPERATION(operationSetPrivateBrandOptimize, void, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue, EncodedJSValue));
+JSC_DECLARE_JIT_OPERATION(operationCheckPrivateBrandOptimize, void, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue, EncodedJSValue));
+JSC_DECLARE_JIT_OPERATION(operationSetPrivateBrandGeneric, void, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue, EncodedJSValue));
+JSC_DECLARE_JIT_OPERATION(operationCheckPrivateBrandGeneric, void, (JSGlobalObject*, StructureStubInfo*, EncodedJSValue, EncodedJSValue));
+
 JSC_DECLARE_JIT_OPERATION(operationPutPrivateNameOptimize, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*, PrivateFieldPutKind));
 JSC_DECLARE_JIT_OPERATION(operationPutPrivateNameGeneric, void, (JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*, PrivateFieldPutKind));

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -140 +140 @@
     Label coldPathBegin = label();
     Call call = callOperationWithProfile(bytecode.metadata(m_codeBlock), operationGetPrivateNameOptimize, dst, TrustedImmPtr(m_codeBlock->globalObject()), gen.stubInfo(), baseGPR, propertyGPR);
+    gen.reportSlowPathCall(coldPathBegin, call);
+}
+
+void JIT::emit_op_set_private_brand(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpSetPrivateBrand>();
+    VirtualRegister base = bytecode.m_base;
+    VirtualRegister brand = bytecode.m_brand;
+    GPRReg baseGPR = regT0;
+    GPRReg brandGPR = regT1;
+    emitGetVirtualRegister(base, baseGPR);
+    emitGetVirtualRegister(brand, brandGPR);
+
+    emitJumpSlowCaseIfNotJSCell(baseGPR, base);
+
+    JITPrivateBrandAccessGenerator gen(
+        m_codeBlock, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::SetPrivateBrand, RegisterSet::stubUnavailableRegisters(),
+        JSValueRegs(baseGPR), JSValueRegs(brandGPR));
+    gen.generateFastPath(*this);
+    addSlowCase(gen.slowPathJump());
+    m_privateBrandAccesses.append(gen);
+
+    // We should emit write-barrier at the end of sequence since write-barrier clobbers registers.
+    // IC can write new Structure without write-barrier if a base is cell.
+    // FIXME: Use UnconditionalWriteBarrier in Baseline effectively to reduce code size.
+    // https://bugs.webkit.org/show_bug.cgi?id=209395
+    emitWriteBarrier(base, ShouldFilterBase);
+}
+
+void JIT::emitSlow_op_set_private_brand(const Instruction*, Vector<SlowCaseEntry>::iterator& iter)
+{
+    GPRReg baseGPR = regT0;
+    GPRReg brandGPR = regT1;
+
+    linkAllSlowCases(iter);
+
+    JITPrivateBrandAccessGenerator& gen = m_privateBrandAccesses[m_privateBrandAccessIndex];
+    ++m_privateBrandAccessIndex;
+    Label coldPathBegin = label();
+    Call call = callOperation(operationSetPrivateBrandOptimize, TrustedImmPtr(m_codeBlock->globalObject()), gen.stubInfo(), baseGPR, brandGPR);
+    gen.reportSlowPathCall(coldPathBegin, call);
+}
+
+void JIT::emit_op_check_private_brand(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpCheckPrivateBrand>();
+    VirtualRegister base = bytecode.m_base;
+    VirtualRegister brand = bytecode.m_brand;
+
+    emitGetVirtualRegister(base, regT0);
+    emitGetVirtualRegister(brand, regT1);
+
+    emitJumpSlowCaseIfNotJSCell(regT0, base);
+
+    JITPrivateBrandAccessGenerator gen(
+        m_codeBlock, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::CheckPrivateBrand, RegisterSet::stubUnavailableRegisters(),
+        JSValueRegs(regT0), JSValueRegs(regT1));
+    gen.generateFastPath(*this);
+    addSlowCase(gen.slowPathJump());
+    m_privateBrandAccesses.append(gen);
+}
+
+void JIT::emitSlow_op_check_private_brand(const Instruction*, Vector<SlowCaseEntry>::iterator& iter)
+{
+    GPRReg baseGPR = regT0;
+    GPRReg brandGPR = regT1;
+
+    linkAllSlowCases(iter);
+
+    JITPrivateBrandAccessGenerator& gen = m_privateBrandAccesses[m_privateBrandAccessIndex];
+    ++m_privateBrandAccessIndex;
+    Label coldPathBegin = label();
+    Call call = callOperation(operationCheckPrivateBrandOptimize, TrustedImmPtr(m_codeBlock->globalObject()), gen.stubInfo(), baseGPR, brandGPR);
     gen.reportSlowPathCall(coldPathBegin, call);
 }

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -379 +379 @@
     m_byValCompilationInfo[m_byValInstructionIndex].returnAddress = call;
     m_byValInstructionIndex++;
+}
+
+void JIT::emit_op_set_private_brand(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpSetPrivateBrand>();
+    VirtualRegister base = bytecode.m_base;
+    VirtualRegister brand = bytecode.m_brand;
+    JSValueRegs baseRegs(regT1, regT0);
+    JSValueRegs brandRegs(regT3, regT2);
+    emitLoad(base, baseRegs.tagGPR(), baseRegs.payloadGPR());
+    emitLoad(brand, brandRegs.tagGPR(), brandRegs.payloadGPR());
+
+    emitJumpSlowCaseIfNotJSCell(base, baseRegs.tagGPR());
+
+    JITPrivateBrandAccessGenerator gen(
+        m_codeBlock, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::SetPrivateBrand, RegisterSet::stubUnavailableRegisters(),
+        baseRegs, brandRegs);
+    gen.generateFastPath(*this);
+    addSlowCase(gen.slowPathJump());
+    m_privateBrandAccesses.append(gen);
+
+    // We should emit write-barrier at the end of sequence since write-barrier clobbers registers.
+    // IC can write new Structure without write-barrier if a base is cell.
+    // FIXME: Use UnconditionalWriteBarrier in Baseline effectively to reduce code size.
+    // https://bugs.webkit.org/show_bug.cgi?id=209395
+    emitWriteBarrier(base, ShouldFilterBase);
+}
+
+void JIT::emitSlow_op_set_private_brand(const Instruction*, Vector<SlowCaseEntry>::iterator& iter)
+{
+    JSValueRegs baseRegs(regT1, regT0);
+    JSValueRegs brandRegs(regT3, regT2);
+
+    linkAllSlowCases(iter);
+
+    JITPrivateBrandAccessGenerator& gen = m_privateBrandAccesses[m_privateBrandAccessIndex];
+    ++m_privateBrandAccessIndex;
+    Label coldPathBegin = label();
+    Call call = callOperation(operationSetPrivateBrandOptimize, TrustedImmPtr(m_codeBlock->globalObject()), gen.stubInfo(), baseRegs, brandRegs);
+    gen.reportSlowPathCall(coldPathBegin, call);
+}
+
+void JIT::emit_op_check_private_brand(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpCheckPrivateBrand>();
+    VirtualRegister base = bytecode.m_base;
+    VirtualRegister brand = bytecode.m_brand;
+    JSValueRegs baseRegs(regT1, regT0);
+    JSValueRegs brandRegs(regT3, regT2);
+    emitLoad(base, baseRegs.tagGPR(), baseRegs.payloadGPR());
+    emitLoad(brand, brandRegs.tagGPR(), brandRegs.payloadGPR());
+
+    emitJumpSlowCaseIfNotJSCell(base, baseRegs.tagGPR());
+
+    JITPrivateBrandAccessGenerator gen(
+        m_codeBlock, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::CheckPrivateBrand, RegisterSet::stubUnavailableRegisters(),
+        baseRegs, brandRegs);
+    gen.generateFastPath(*this);
+    addSlowCase(gen.slowPathJump());
+    m_privateBrandAccesses.append(gen);
+}
+
+void JIT::emitSlow_op_check_private_brand(const Instruction*, Vector<SlowCaseEntry>::iterator& iter)
+{
+    JSValueRegs baseRegs(regT1, regT0);
+    JSValueRegs brandRegs(regT3, regT2);
+
+    linkAllSlowCases(iter);
+
+    JITPrivateBrandAccessGenerator& gen = m_privateBrandAccesses[m_privateBrandAccessIndex];
+    ++m_privateBrandAccessIndex;
+    Label coldPathBegin = label();
+    Call call = callOperation(operationCheckPrivateBrandOptimize, TrustedImmPtr(m_codeBlock->globalObject()), gen.stubInfo(), baseRegs, brandRegs);
+    gen.reportSlowPathCall(coldPathBegin, call);
 }
 

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -1011 +1011 @@
 }
 
+static InlineCacheAction tryCacheCheckPrivateBrand(
+    JSGlobalObject* globalObject, CodeBlock* codeBlock, JSObject* base, CacheableIdentifier brandID,
+    StructureStubInfo& stubInfo)
+{
+    VM& vm = globalObject->vm();
+    AccessGenerationResult result;
+    Identifier ident = Identifier::fromUid(vm, brandID.uid());
+
+    {
+        GCSafeConcurrentJSLocker locker(codeBlock->m_lock, vm.heap);
+        if (forceICFailure(globalObject))
+            return GiveUpOnCache;
+
+        Structure* structure = base->structure(vm);
+
+        InlineCacheAction action = actionForCell(vm, base);
+        if (action != AttemptToCache)
+            return action;
+
+        bool isBaseProperty = true;
+        LOG_IC((ICEvent::CheckPrivateBrandAddAccessCase, structure->classInfo(), ident, isBaseProperty));
+
+        std::unique_ptr<AccessCase> newCase = AccessCase::createCheckPrivateBrand(vm, codeBlock, brandID, structure);
+
+        result = stubInfo.addAccessCase(locker, globalObject, codeBlock, ECMAMode::strict(), brandID, WTFMove(newCase));
+
+        if (result.generatedSomeCode()) {
+            LOG_IC((ICEvent::CheckPrivateBrandReplaceWithJump, structure->classInfo(), ident, isBaseProperty));
+
+            RELEASE_ASSERT(result.code());
+            InlineAccess::rewireStubAsJump(stubInfo, CodeLocationLabel<JITStubRoutinePtrTag>(result.code()));
+        }
+    }
+
+    fireWatchpointsAndClearStubIfNeeded(vm, stubInfo, codeBlock, result);
+
+    return result.shouldGiveUpNow() ? GiveUpOnCache : RetryCacheLater;
+}
+
+void repatchCheckPrivateBrand(JSGlobalObject* globalObject, CodeBlock* codeBlock, JSObject* baseObject, CacheableIdentifier brandID, StructureStubInfo& stubInfo)
+{
+    SuperSamplerScope superSamplerScope(false);
+
+    if (tryCacheCheckPrivateBrand(globalObject, codeBlock, baseObject, brandID, stubInfo) == GiveUpOnCache)
+        ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation, operationCheckPrivateBrandGeneric);
+}
+
+static InlineCacheAction tryCacheSetPrivateBrand(
+    JSGlobalObject* globalObject, CodeBlock* codeBlock, JSObject* base, Structure* oldStructure, CacheableIdentifier brandID,
+    StructureStubInfo& stubInfo)
+{
+    VM& vm = globalObject->vm();
+    AccessGenerationResult result;
+    Identifier ident = Identifier::fromUid(vm, brandID.uid());
+
+    {
+        GCSafeConcurrentJSLocker locker(codeBlock->m_lock, vm.heap);
+        if (forceICFailure(globalObject))
+            return GiveUpOnCache;
+        
+        ASSERT(oldStructure);
+
+        if (oldStructure->isDictionary())
+            return RetryCacheLater;
+
+        InlineCacheAction action = actionForCell(vm, base);
+        if (action != AttemptToCache)
+            return action;
+        
+        Structure* newStructure = Structure::setBrandTransitionFromExistingStructureConcurrently(oldStructure, brandID.uid());
+        if (!newStructure)
+            return RetryCacheLater;
+        if (newStructure->isDictionary())
+            return GiveUpOnCache;
+        ASSERT(newStructure->previousID() == oldStructure);
+        ASSERT(newStructure->transitionKind() == TransitionKind::SetBrand);
+        ASSERT(newStructure->isObject());
+        
+        bool isBaseProperty = true;
+        LOG_IC((ICEvent::SetPrivateBrandAddAccessCase, oldStructure->classInfo(), ident, isBaseProperty));
+
+        std::unique_ptr<AccessCase> newCase = AccessCase::createSetPrivateBrand(vm, codeBlock, brandID, oldStructure, newStructure);
+
+        result = stubInfo.addAccessCase(locker, globalObject, codeBlock, ECMAMode::strict(), brandID, WTFMove(newCase));
+
+        if (result.generatedSomeCode()) {
+            LOG_IC((ICEvent::SetPrivateBrandReplaceWithJump, oldStructure->classInfo(), ident, isBaseProperty));
+            
+            RELEASE_ASSERT(result.code());
+            InlineAccess::rewireStubAsJump(stubInfo, CodeLocationLabel<JITStubRoutinePtrTag>(result.code()));
+        }
+    }
+
+    fireWatchpointsAndClearStubIfNeeded(vm, stubInfo, codeBlock, result);
+    
+    return result.shouldGiveUpNow() ? GiveUpOnCache : RetryCacheLater;
+}
+
+void repatchSetPrivateBrand(JSGlobalObject* globalObject, CodeBlock* codeBlock, JSObject* baseObject, Structure* oldStructure, CacheableIdentifier brandID, StructureStubInfo& stubInfo)
+{
+    SuperSamplerScope superSamplerScope(false);
+
+    if (tryCacheSetPrivateBrand(globalObject, codeBlock, baseObject, oldStructure,  brandID, stubInfo) == GiveUpOnCache)
+        ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation, operationSetPrivateBrandGeneric);
+}
+
 static InlineCacheAction tryCacheInstanceOf(
     JSGlobalObject* globalObject, CodeBlock* codeBlock, JSValue valueValue, JSValue prototypeValue, StructureStubInfo& stubInfo,
@@ -1586 +1692 @@
 }
 
+void resetCheckPrivateBrand(CodeBlock* codeBlock, StructureStubInfo& stubInfo)
+{
+    ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation, operationCheckPrivateBrandOptimize);
+    InlineAccess::rewireStubAsJump(stubInfo, stubInfo.slowPathStartLocation);
+}
+
+void resetSetPrivateBrand(CodeBlock* codeBlock, StructureStubInfo& stubInfo)
+{
+    ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation, operationSetPrivateBrandOptimize);
+    InlineAccess::rewireStubAsJump(stubInfo, stubInfo.slowPathStartLocation);
+}
+
 MacroAssemblerCodePtr<JSEntryPtrTag> jsToWasmICCodePtr(VM& vm, CodeSpecializationKind kind, JSObject* callee)
 {

trunk/Source/JavaScriptCore/jit/Repatch.h

@@ -54 +54 @@
 void repatchDeleteBy(JSGlobalObject*, CodeBlock*, DeletePropertySlot&, JSValue, Structure*, CacheableIdentifier, StructureStubInfo&, DelByKind, ECMAMode);
 void repatchInByID(JSGlobalObject*, CodeBlock*, JSObject*, CacheableIdentifier, bool wasFound, const PropertySlot&, StructureStubInfo&);
+void repatchCheckPrivateBrand(JSGlobalObject*, CodeBlock*, JSObject*, CacheableIdentifier, StructureStubInfo&);
+void repatchSetPrivateBrand(JSGlobalObject*, CodeBlock*, JSObject*, Structure*, CacheableIdentifier, StructureStubInfo&);
 void repatchInstanceOf(JSGlobalObject*, CodeBlock*, JSValue value, JSValue prototype, StructureStubInfo&, bool wasFound);
 void linkFor(VM&, CallFrame*, CallLinkInfo&, CodeBlock*, JSObject* callee, MacroAssemblerCodePtr<JSEntryPtrTag>);
@@ -65 +67 @@
 void resetInByID(CodeBlock*, StructureStubInfo&);
 void resetInstanceOf(StructureStubInfo&);
+void resetCheckPrivateBrand(CodeBlock*, StructureStubInfo&);
+void resetSetPrivateBrand(CodeBlock*, StructureStubInfo&);
 void ftlThunkAwareRepatchCall(CodeBlock*, CodeLocationCall<JSInternalPtrTag>, FunctionPtr<CFunctionPtrTag> newCalleeFunction);
 MacroAssemblerCodePtr<JSEntryPtrTag> jsToWasmICCodePtr(VM&, CodeSpecializationKind, JSObject* callee);

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -1302 +1302 @@
 }
 
+LLINT_SLOW_PATH_DECL(slow_path_set_private_brand)
+{
+    LLINT_BEGIN();
+
+    auto bytecode = pc->as<OpSetPrivateBrand>();
+    JSValue baseValue = getOperand(callFrame, bytecode.m_base);
+    JSValue brand = getOperand(callFrame, bytecode.m_brand);
+    auto& metadata = bytecode.metadata(codeBlock);
+    ASSERT(baseValue.isObject());
+    ASSERT(brand.isSymbol());
+
+    JSObject* baseObject = asObject(baseValue);
+    Structure* oldStructure = baseObject->structure(vm);
+
+    baseObject->setPrivateBrand(globalObject, brand);
+    LLINT_CHECK_EXCEPTION();
+
+    if (!LLINT_ALWAYS_ACCESS_SLOW && !oldStructure->isDictionary()) {
+        GCSafeConcurrentJSLocker locker(codeBlock->m_lock, vm.heap);
+        Structure* newStructure = baseObject->structure(vm);
+
+        ASSERT(oldStructure == newStructure->previousID());
+        ASSERT(oldStructure->transitionWatchpointSetHasBeenInvalidated());
+
+        // Start out by clearing out the old cache.
+        metadata.m_oldStructureID = 0;
+        metadata.m_newStructureID = 0;
+        metadata.m_brand.clear();
+
+        if (!newStructure->isDictionary()) {
+            metadata.m_oldStructureID = oldStructure->id();
+            metadata.m_newStructureID = newStructure->id();
+            metadata.m_brand.set(vm, codeBlock, brand.asCell());
+        }
+        vm.heap.writeBarrier(codeBlock);
+    }
+
+    LLINT_END();    
+}
+
+LLINT_SLOW_PATH_DECL(slow_path_check_private_brand)
+{
+    LLINT_BEGIN();
+
+    auto bytecode = pc->as<OpCheckPrivateBrand>();
+    auto& metadata = bytecode.metadata(codeBlock);
+    JSValue baseValue = getOperand(callFrame, bytecode.m_base);
+    JSValue brand = getOperand(callFrame, bytecode.m_brand);
+
+    JSObject* baseObject = baseValue.toObject(globalObject);
+    LLINT_CHECK_EXCEPTION();
+
+    ASSERT(brand.isSymbol());
+
+    baseObject->checkPrivateBrand(globalObject, brand);
+    LLINT_CHECK_EXCEPTION();
+
+    // Since a brand can't ever be removed from an object, it's safe to
+    // rely on StructureID even if it's an uncacheable dictionary.
+    Structure* structure = baseObject->structure(vm);
+    if (!LLINT_ALWAYS_ACCESS_SLOW) {
+        GCSafeConcurrentJSLocker locker(codeBlock->m_lock, vm.heap);
+
+        metadata.m_structureID = structure->id();
+        metadata.m_brand.set(vm, codeBlock, brand.asCell());
+        vm.heap.writeBarrier(codeBlock);
+    }
+
+    LLINT_END();    
+}
+
 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
 {

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.h

@@ -78 +78 @@
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_put_by_val_direct);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_put_private_name);
+LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_check_private_brand);
+LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_set_private_brand);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_del_by_val);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_put_getter_by_id);

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -2992 +2992 @@
     notSupported()
 end)
+
+
+llintOpWithMetadata(op_check_private_brand, OpCheckPrivateBrand, macro (size, get, dispatch, metadata, return)
+    metadata(t5, t2)
+    get(m_base, t3)
+    loadConstantOrVariablePayload(size, t3, CellTag, t0, .opCheckPrivateBrandSlow)
+    get(m_brand, t3)
+    loadConstantOrVariablePayload(size, t3, CellTag, t1, .opCheckPrivateBrandSlow)
+
+    loadi OpCheckPrivateBrand::Metadata::m_structureID[t5], t3
+    bineq JSCell::m_structureID[t0], t3, .opCheckPrivateBrandSlow
+
+    loadp OpCheckPrivateBrand::Metadata::m_brand[t5], t3
+    bpneq t3, t1, .opCheckPrivateBrandSlow
+    dispatch()
+
+.opCheckPrivateBrandSlow:
+    callSlowPath(_llint_slow_path_check_private_brand)
+    dispatch()
+end)
+
+
+llintOpWithMetadata(op_set_private_brand, OpSetPrivateBrand, macro (size, get, dispatch, metadata, return)
+    metadata(t5, t2)
+    get(m_base, t3)
+    loadConstantOrVariablePayload(size, t3, CellTag, t0, .opSetPrivateBrandSlow)
+    get(m_brand, t3)
+    loadConstantOrVariablePayload(size, t3, CellTag, t1, .opSetPrivateBrandSlow)
+
+    loadi OpSetPrivateBrand::Metadata::m_oldStructureID[t5], t2
+    bineq t2, JSCell::m_structureID[t0], .opSetPrivateBrandSlow
+
+    loadp OpSetPrivateBrand::Metadata::m_brand[t5], t3
+    bpneq t3, t1, .opSetPrivateBrandSlow
+
+    loadi OpSetPrivateBrand::Metadata::m_newStructureID[t5], t1
+    storei t1, JSCell::m_structureID[t0]
+    writeBarrierOnOperand(size, get, m_base)
+    dispatch()
+
+.opSetPrivateBrandSlow:
+    callSlowPath(_llint_slow_path_set_private_brand)
+    dispatch()
+end)
+

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -1813 +1813 @@
 .opPutPrivateNameSlow:
     callSlowPath(_llint_slow_path_put_private_name)
+    dispatch()
+end)
+
+llintOpWithMetadata(op_set_private_brand, OpSetPrivateBrand, macro (size, get, dispatch, metadata, return)
+    get(m_base, t3)
+    loadConstantOrVariableCell(size, t3, t0, .opSetPrivateBrandSlow)
+    get(m_brand, t3)
+    loadConstantOrVariableCell(size, t3, t1, .opSetPrivateBrandSlow)
+    metadata(t5, t2)
+    loadi OpSetPrivateBrand::Metadata::m_oldStructureID[t5], t2
+    bineq t2, JSCell::m_structureID[t0], .opSetPrivateBrandSlow
+
+    loadp OpSetPrivateBrand::Metadata::m_brand[t5], t3
+    bpneq t3, t1, .opSetPrivateBrandSlow
+
+    loadi OpSetPrivateBrand::Metadata::m_newStructureID[t5], t1
+    storei t1, JSCell::m_structureID[t0]
+    writeBarrierOnOperand(size, get, m_base)
+    dispatch()
+
+.opSetPrivateBrandSlow:
+    callSlowPath(_llint_slow_path_set_private_brand)
+    dispatch()
+end)
+
+llintOpWithMetadata(op_check_private_brand, OpCheckPrivateBrand, macro (size, get, dispatch, metadata, return)
+    metadata(t5, t2)
+    get(m_base, t3)
+    loadConstantOrVariableCell(size, t3, t0, .opCheckPrivateBrandSlow)
+    get(m_brand, t3)
+    loadConstantOrVariableCell(size, t3, t1, .opCheckPrivateBrandSlow)
+
+    loadp OpCheckPrivateBrand::Metadata::m_brand[t5], t3
+    bqneq t3, t1, .opCheckPrivateBrandSlow
+
+    loadi OpCheckPrivateBrand::Metadata::m_structureID[t5], t2
+    bineq t2, JSCell::m_structureID[t0], .opCheckPrivateBrandSlow
+    dispatch()
+
+.opCheckPrivateBrandSlow:
+    callSlowPath(_llint_slow_path_check_private_brand)
     dispatch()
 end)

trunk/Source/JavaScriptCore/parser/Nodes.cpp

@@ -203 +203 @@
         , m_needsClassFieldInitializer(static_cast<unsigned>(NeedsClassFieldInitializer::No))
         , m_isArrowFunctionBodyExpression(isArrowFunctionBodyExpression)
+        , m_privateBrandRequirement(static_cast<unsigned>(PrivateBrandRequirement::None))
         , m_parseMode(mode)
         , m_startColumn(startColumn)
@@ -227 +228 @@
         , m_needsClassFieldInitializer(static_cast<unsigned>(NeedsClassFieldInitializer::No))
         , m_isArrowFunctionBodyExpression(isArrowFunctionBodyExpression)
+        , m_privateBrandRequirement(static_cast<unsigned>(PrivateBrandRequirement::None))
         , m_parseMode(mode)
         , m_startColumn(startColumn)

trunk/Source/JavaScriptCore/parser/Nodes.h

@@ -722 +722 @@
     class PropertyNode final : public ParserArenaFreeable {
     public:
-        enum Type : uint8_t { Constant = 1, Getter = 2, Setter = 4, Computed = 8, Shorthand = 16, Spread = 32, Private = 64 };
+        enum Type : uint8_t { Constant = 1, Getter = 2, Setter = 4, Computed = 8, Shorthand = 16, Spread = 32, PrivateField = 64, PrivateMethod = 128 };
 
         PropertyNode(const Identifier&, ExpressionNode*, Type, SuperBinding, ClassElementTag);
@@ -741 +741 @@
         bool isStaticClassField() const { return isStaticClassProperty() && !needsSuperBinding(); }
         bool isOverriddenByDuplicate() const { return m_isOverriddenByDuplicate; }
-        bool isPrivate() const { return m_type & Private; }
+        bool isPrivate() const { return m_type & (PrivateField | PrivateMethod); }
         bool hasComputedName() const { return m_expression; }
         bool isComputedClassField() const { return isClassField() && hasComputedName(); }
@@ -761 +761 @@
         ExpressionNode* m_expression;
         ExpressionNode* m_assign;
-        unsigned m_type : 7;
+        unsigned m_type;
         unsigned m_needsSuperBinding : 1;
         static_assert(1 << 2 > static_cast<unsigned>(ClassElementTag::LastTag), "ClassElementTag shouldn't use more than two bits");
@@ -839 +839 @@
     };
 
-    enum class DotType { Name, PrivateField };
+    enum class DotType { Name, PrivateMember };
     class BaseDotNode : public ExpressionNode {
     public:
@@ -847 +847 @@
         const Identifier& identifier() const { return m_ident; }
         DotType type() const { return m_type; }
-        bool isPrivateField() const { return m_type == DotType::PrivateField; }
+        bool isPrivateMember() const { return m_type == DotType::PrivateMember; }
 
         RegisterID* emitGetPropertyValue(BytecodeGenerator&, RegisterID* dst, RegisterID* base, RefPtr<RegisterID>& thisValue);
@@ -871 +871 @@
 
         bool isLocation() const final { return true; }
-        bool isPrivateLocation() const override { return m_type == DotType::PrivateField; }
+        bool isPrivateLocation() const override { return m_type == DotType::PrivateMember; }
         bool isDotAccessorNode() const final { return true; }
     };
@@ -2162 +2162 @@
         const Identifier& ecmaName() { return m_ident.isEmpty() ? m_ecmaName : m_ident; }
 
+        void setPrivateBrandRequirement(PrivateBrandRequirement privateBrandRequirement) { m_privateBrandRequirement = static_cast<unsigned>(privateBrandRequirement); }
+        PrivateBrandRequirement privateBrandRequirement() { return static_cast<PrivateBrandRequirement>(m_privateBrandRequirement); }
+
         FunctionMode functionMode() { return m_functionMode; }
 
@@ -2210 +2213 @@
         unsigned m_needsClassFieldInitializer : 1;
         unsigned m_isArrowFunctionBodyExpression : 1;
+        unsigned m_privateBrandRequirement : 1;
         SourceParseMode m_parseMode;
         FunctionMode m_functionMode;

trunk/Source/JavaScriptCore/parser/Parser.cpp

@@ -2871 +2871 @@
     classScope->preventVarDeclarations();
     classScope->setStrictMode();
+    bool declaresPrivateMethod = false;
     next();
 
@@ -2990 +2991 @@
         case PRIVATENAME: {
             ASSERT(Options::usePrivateClassFields());
-            JSToken token = m_token;
             ident = m_token.m_data.ident;
             if (!Options::usePrivateStaticClassFields())
@@ -2997 +2997 @@
             ASSERT(ident);
             next();
-            failIfTrue(matchAndUpdate(OPENPAREN, token), "Cannot parse class method with private name");
-            semanticFailIfTrue(classScope->declarePrivateName(*ident) & DeclarationResult::InvalidDuplicateDeclaration, "Cannot declare private field twice");
-            type = static_cast<PropertyNode::Type>(type | PropertyNode::Private);
+            if (Options::usePrivateMethods() && match(OPENPAREN)) {
+                semanticFailIfTrue(classScope->declarePrivateMethod(*ident) & DeclarationResult::InvalidDuplicateDeclaration, "Cannot declare private method twice");
+                declaresPrivateMethod = true;
+                type = static_cast<PropertyNode::Type>(type | PropertyNode::PrivateMethod);
+                break;
+            }
+
+            failIfTrue(match(OPENPAREN), "Cannot parse class method with private name");
+            semanticFailIfTrue(classScope->declarePrivateField(*ident) & DeclarationResult::InvalidDuplicateDeclaration, "Cannot declare private field twice");
+            type = static_cast<PropertyNode::Type>(type | PropertyNode::PrivateField);
             break;
         }
@@ -3085 +3092 @@
     consumeOrFail(CLOSEBRACE, "Expected a closing '}' after a class body");
 
+    if (declaresPrivateMethod) {
+        Identifier privateBrandIdentifier = m_vm.propertyNames->builtinNames().privateBrandPrivateName();
+        DeclarationResultMask declarationResult = classScope->declareLexicalVariable(&privateBrandIdentifier, true);
+        ASSERT_UNUSED(declarationResult, declarationResult == DeclarationResult::Valid);
+        classScope->useVariable(&privateBrandIdentifier, false);
+        classScope->addClosedVariableCandidateUnconditionally(privateBrandIdentifier.impl());
+    }
+
     if (Options::usePrivateClassFields()) {
         // Fail if there are no parent private name scopes and any used-but-undeclared private names.
         semanticFailIfFalse(copyUndeclaredPrivateNamesToOuterScope(), "Cannot reference undeclared private names");
     }
+
     auto classExpression = context.createClassExpr(location, info, classScope->finalizeLexicalEnvironment(), constructor, parentClass, classElements);
     popScope(classScope, TreeBuilder::NeedsFreeVariableInfo);
@@ -5166 +5182 @@
                     m_parserState.lastPrivateName = ident;
                     currentScope()->useVariable(ident, false);
-                    type = DotType::PrivateField;
+                    type = DotType::PrivateMember;
                     m_token.m_type = IDENT;
                 }

trunk/Source/JavaScriptCore/parser/Parser.h

@@ -501 +501 @@
     }
 
-    DeclarationResultMask declarePrivateName(const Identifier& ident)
+    DeclarationResultMask declarePrivateMethod(const Identifier& ident)
     {
         ASSERT(m_allowsLexicalDeclarations);
         DeclarationResultMask result = DeclarationResult::Valid;
-        auto addResult = m_lexicalVariables.declarePrivateName(ident);
+        bool addResult = m_lexicalVariables.declarePrivateMethod(ident);
+
+        if (!addResult) {
+            result |= DeclarationResult::InvalidDuplicateDeclaration;
+            return result;
+        }
+
+        useVariable(&ident, false);
+        addClosedVariableCandidateUnconditionally(ident.impl());
+
+        return result;
+    }
+
+    DeclarationResultMask declarePrivateField(const Identifier& ident)
+    {
+        ASSERT(m_allowsLexicalDeclarations);
+        DeclarationResultMask result = DeclarationResult::Valid;
+        auto addResult = m_lexicalVariables.declarePrivateField(ident);
         if (!addResult.isNewEntry)
             result |= DeclarationResult::InvalidDuplicateDeclaration;
@@ -945 +962 @@
 
     template <class ParsedNode>
-    std::unique_ptr<ParsedNode> parse(ParserError&, const Identifier&, ParsingContext, Optional<int> functionConstructorParametersEndPosition = WTF::nullopt, const VariableEnvironment* = nullptr, const Vector<JSTextPosition>* = nullptr);
+    std::unique_ptr<ParsedNode> parse(ParserError&, const Identifier&, ParsingContext, Optional<int> functionConstructorParametersEndPosition = WTF::nullopt, const PrivateNameEnvironment* = nullptr, const Vector<JSTextPosition>* = nullptr);
 
     JSTextPosition positionBeforeLastNewline() const { return m_lexer->positionBeforeLastNewline(); }
@@ -2081 +2098 @@
 template <typename LexerType>
 template <class ParsedNode>
-std::unique_ptr<ParsedNode> Parser<LexerType>::parse(ParserError& error, const Identifier& calleeName, ParsingContext parsingContext, Optional<int> functionConstructorParametersEndPosition, const VariableEnvironment* parentScopePrivateNames, const Vector<JSTextPosition>* classFieldLocations)
+std::unique_ptr<ParsedNode> Parser<LexerType>::parse(ParserError& error, const Identifier& calleeName, ParsingContext parsingContext, Optional<int> functionConstructorParametersEndPosition, const PrivateNameEnvironment* parentScopePrivateNames, const Vector<JSTextPosition>* classFieldLocations)
 {
     int errLine;
@@ -2097 +2114 @@
     unsigned startColumn = m_source->startColumn().zeroBasedInt();
 
-    if (isEvalNode<ParsedNode>() && parentScopePrivateNames && parentScopePrivateNames->privateNamesSize()) {
+    if (isEvalNode<ParsedNode>() && parentScopePrivateNames && parentScopePrivateNames->size()) {
         currentScope()->setIsPrivateNameScope();
-        parentScopePrivateNames->copyPrivateNamesTo(currentScope()->lexicalVariables());
+        currentScope()->lexicalVariables().addPrivateNamesFrom(parentScopePrivateNames);
     }
 
@@ -2186 +2203 @@
     EvalContextType evalContextType = EvalContextType::None,
     DebuggerParseData* debuggerParseData = nullptr,
-    const VariableEnvironment* parentScopePrivateNames = nullptr,
+    const PrivateNameEnvironment* parentScopePrivateNames = nullptr,
     const Vector<JSTextPosition>* classFieldLocations = nullptr,
     bool isInsideOrdinaryFunction = false)

trunk/Source/JavaScriptCore/parser/ParserModes.h

@@ -38 +38 @@
 enum class SuperBinding { Needed, NotNeeded };
 
+enum class PrivateBrandRequirement { None, Needed };
+
 enum class CodeGenerationMode : uint8_t {
     Debugger = 1 << 0,

trunk/Source/JavaScriptCore/parser/SyntaxChecker.h

@@ -180 +180 @@
     ExpressionType createNull(const JSTokenLocation&) { return NullExpr; }
     ExpressionType createBracketAccess(const JSTokenLocation&, ExpressionType, ExpressionType, bool, int, int, int) { return BracketExpr; }
-    ExpressionType createDotAccess(const JSTokenLocation&, ExpressionType, const Identifier*, DotType type, int, int, int) { return type == DotType::PrivateField ? PrivateDotExpr : DotExpr; }
+    ExpressionType createDotAccess(const JSTokenLocation&, ExpressionType, const Identifier*, DotType type, int, int, int) { return type == DotType::PrivateMember ? PrivateDotExpr : DotExpr; }
     ExpressionType createRegExp(const JSTokenLocation&, const Identifier& pattern, const Identifier& flags, int) { return Yarr::hasError(Yarr::checkSyntax(pattern.string(), flags.string())) ? 0 : RegExpExpr; }
     ExpressionType createNewExpr(const JSTokenLocation&, ExpressionType, int, int, int, int) { return NewExpr; }

trunk/Source/JavaScriptCore/parser/VariableEnvironment.cpp

@@ -105 +105 @@
 }
 
+bool VariableEnvironment::declarePrivateMethod(const RefPtr<UniquedStringImpl>& identifier)
+{
+    if (!m_rareData)
+        m_rareData = makeUnique<VariableEnvironment::RareData>();
+
+    auto findResult = m_rareData->m_privateNames.find(identifier);
+
+    if (findResult == m_rareData->m_privateNames.end()) {
+        PrivateNameEntry meta(PrivateNameEntry::Traits::IsDeclared | PrivateNameEntry::Traits::IsMethod);
+
+        auto entry = VariableEnvironmentEntry();
+        entry.setIsPrivateMethod();
+        entry.setIsConst();
+        entry.setIsCaptured();
+        m_map.add(identifier, entry);
+
+        auto addResult = m_rareData->m_privateNames.add(identifier, meta);
+        return addResult.isNewEntry;
+    }
+
+    if (findResult->value.isDeclared())
+        return false; // Error: declaring a duplicate private name.
+
+    auto entry = VariableEnvironmentEntry();
+    entry.setIsPrivateMethod();
+    entry.setIsConst();
+    entry.setIsCaptured();
+    m_map.add(identifier, entry);
+
+    // it was previously used, mark it as declared.
+    PrivateNameEntry meta(PrivateNameEntry::Traits::IsDeclared | PrivateNameEntry::Traits::IsUsed | PrivateNameEntry::Traits::IsMethod);
+    auto addResult = m_rareData->m_privateNames.set(identifier, meta);
+    return !addResult.isNewEntry;
+}
 
 void CompactTDZEnvironment::sortCompact(Compact& compact)

trunk/Source/JavaScriptCore/parser/VariableEnvironment.h

@@ -46 +46 @@
     ALWAYS_INLINE bool isParameter() const { return m_bits & IsParameter; }
     ALWAYS_INLINE bool isSloppyModeHoistingCandidate() const { return m_bits & IsSloppyModeHoistingCandidate; }
-    ALWAYS_INLINE bool isPrivateName() const { return m_bits & IsPrivateName; }
+    ALWAYS_INLINE bool isPrivateField() const { return m_bits & IsPrivateField; }
+    ALWAYS_INLINE bool isPrivateMethod() const { return m_bits & IsPrivateMethod; }
 
     ALWAYS_INLINE void setIsCaptured() { m_bits |= IsCaptured; }
@@ -58 +59 @@
     ALWAYS_INLINE void setIsParameter() { m_bits |= IsParameter; }
     ALWAYS_INLINE void setIsSloppyModeHoistingCandidate() { m_bits |= IsSloppyModeHoistingCandidate; }
-    ALWAYS_INLINE void setIsPrivateName() { m_bits |= IsPrivateName; }
+    ALWAYS_INLINE void setIsPrivateField() { m_bits |= IsPrivateField; }
+    ALWAYS_INLINE void setIsPrivateMethod() { m_bits |= IsPrivateMethod; }
 
     ALWAYS_INLINE void clearIsVar() { m_bits &= ~IsVar; }
@@ -81 +83 @@
         IsParameter = 1 << 8,
         IsSloppyModeHoistingCandidate = 1 << 9,
-        IsPrivateName = 1 << 10,
+        IsPrivateField = 1 << 10,
+        IsPrivateMethod = 1 << 11,
     };
     uint16_t m_bits { 0 };
@@ -91 +94 @@
 
 struct PrivateNameEntry {
+    friend class CachedPrivateNameEntry;
+
 public:
     PrivateNameEntry(uint16_t traits = 0) { m_bits = traits; }
@@ -96 +101 @@
     ALWAYS_INLINE bool isUsed() const { return m_bits & IsUsed; }
     ALWAYS_INLINE bool isDeclared() const { return m_bits & IsDeclared; }
+    ALWAYS_INLINE bool isMethod() const { return m_bits & IsMethod; }
+
+    bool isPrivateMethodOrAcessor() const { return isMethod(); }
 
     ALWAYS_INLINE void setIsUsed() { m_bits |= IsUsed; }
@@ -108 +116 @@
 
     enum Traits : uint16_t {
+        None = 0,
         IsUsed = 1 << 0,
         IsDeclared = 1 << 1,
+        IsMethod = 1 << 2,
     };
 
@@ -117 +127 @@
 
 struct PrivateNameEntryHashTraits : HashTraits<PrivateNameEntry> {
-    static const bool needsDestruction = false;
-};
+    static constexpr bool needsDestruction = false;
+};
+
+typedef HashMap<PackedRefPtr<UniquedStringImpl>, PrivateNameEntry, IdentifierRepHash, HashTraits<RefPtr<UniquedStringImpl>>, PrivateNameEntryHashTraits> PrivateNameEnvironment;
 
 class VariableEnvironment {
@@ -124 +136 @@
 private:
     typedef HashMap<PackedRefPtr<UniquedStringImpl>, VariableEnvironmentEntry, IdentifierRepHash, HashTraits<RefPtr<UniquedStringImpl>>, VariableEnvironmentEntryHashTraits> Map;
-    typedef HashMap<PackedRefPtr<UniquedStringImpl>, PrivateNameEntry, IdentifierRepHash, HashTraits<RefPtr<UniquedStringImpl>>, PrivateNameEntryHashTraits> PrivateNames;
+
 public:
+
     VariableEnvironment() { }
     VariableEnvironment(VariableEnvironment&& other)
@@ -147 +160 @@
     ALWAYS_INLINE Map::AddResult add(const RefPtr<UniquedStringImpl>& identifier) { return m_map.add(identifier, VariableEnvironmentEntry()); }
     ALWAYS_INLINE Map::AddResult add(const Identifier& identifier) { return add(identifier.impl()); }
+
+    ALWAYS_INLINE PrivateNameEnvironment::AddResult addPrivateName(const Identifier& identifier) { return addPrivateName(identifier.impl()); }
+    ALWAYS_INLINE PrivateNameEnvironment::AddResult addPrivateName(const RefPtr<UniquedStringImpl>& identifier)
+    {
+        if (!m_rareData)
+            m_rareData = makeUnique<VariableEnvironment::RareData>();
+
+        return m_rareData->m_privateNames.add(identifier, PrivateNameEntry());
+    }
+
     ALWAYS_INLINE unsigned size() const { return m_map.size() + privateNamesSize(); }
     ALWAYS_INLINE unsigned mapSize() const { return m_map.size(); }
@@ -165 +188 @@
     bool isEmpty() const { return !m_map.size(); }
 
-    using PrivateNamesRange = WTF::IteratorRange<PrivateNames::iterator>;
-
-    ALWAYS_INLINE Map::AddResult declarePrivateName(const Identifier& identifier) { return declarePrivateName(identifier.impl()); }
+    using PrivateNamesRange = WTF::IteratorRange<PrivateNameEnvironment::iterator>;
+
+    ALWAYS_INLINE Map::AddResult declarePrivateField(const Identifier& identifier) { return declarePrivateField(identifier.impl()); }
     ALWAYS_INLINE void usePrivateName(const Identifier& identifier) { usePrivateName(identifier.impl()); }
 
-    Map::AddResult declarePrivateName(const RefPtr<UniquedStringImpl>& identifier)
+    bool declarePrivateMethod(const Identifier& identifier) { return declarePrivateMethod(identifier.impl()); }
+    bool declarePrivateMethod(const RefPtr<UniquedStringImpl>& identifier);
+
+    Map::AddResult declarePrivateField(const RefPtr<UniquedStringImpl>& identifier)
     {
         auto& meta = getOrAddPrivateName(identifier.get());
         meta.setIsDeclared();
         auto entry = VariableEnvironmentEntry();
-        entry.setIsPrivateName();
+        entry.setIsPrivateField();
         entry.setIsConst();
         entry.setIsCaptured();
@@ -200 +226 @@
             return 0;
         return m_rareData->m_privateNames.size();
+    }
+
+    ALWAYS_INLINE const PrivateNameEnvironment* privateNameEnvironment() const
+    {
+        if (!m_rareData)
+            return nullptr;
+        return &m_rareData->m_privateNames;
+    }
+
+    ALWAYS_INLINE bool hasPrivateMethodOrAccessor() const
+    {
+        if (!m_rareData)
+            return false;
+
+        for (auto entry : privateNames()) {
+            if (entry.value.isPrivateMethodOrAcessor())
+                return true;
+        }
+
+        return false;
     }
 
@@ -220 +266 @@
                     other.m_rareData->m_privateNames.add(entry.key, entry.value);
             }
+        }
+    }
+
+    ALWAYS_INLINE void addPrivateNamesFrom(const PrivateNameEnvironment* privateNameEnvironment)
+    {
+        if (!privateNameEnvironment)
+            return;
+
+        if (!m_rareData)
+            m_rareData = makeUnique<VariableEnvironment::RareData>();
+
+        for (auto entry : *privateNameEnvironment) {
+            ASSERT(entry.value.isDeclared());
+            m_rareData->m_privateNames.add(entry.key, entry.value);
         }
     }
@@ -245 +305 @@
         RareData(const RareData&) = default;
         RareData& operator=(const RareData&) = default;
-        PrivateNames m_privateNames;
+        PrivateNameEnvironment m_privateNames;
     };
 

trunk/Source/JavaScriptCore/runtime/BrandedStructure.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2021 Igalia S.A. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -24 +25 @@
  */
 
-#pragma once
+#include "config.h"
+#include "BrandedStructure.h"
 
-#include "EvalExecutable.h"
+#include "JSCInlines.h"
 
 namespace JSC {
 
-class DirectEvalExecutable final : public EvalExecutable {
-public:
-    static DirectEvalExecutable* create(JSGlobalObject*, const SourceCode&, DerivedContextType, NeedsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType, const TDZEnvironment* parentScopeTDZVariables, const VariableEnvironment* privateNames, ECMAMode);
-private:
-    DirectEvalExecutable(JSGlobalObject*, const SourceCode&, bool inStrictContext, DerivedContextType, NeedsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType);
-};
+BrandedStructure::BrandedStructure(VM& vm, Structure* previous, UniquedStringImpl* brandUid, DeferredStructureTransitionWatchpointFire* deferred)
+    : Structure(vm, previous, deferred)
+    , m_brand(brandUid)
+{
+    if (previous->isBrandedStructure())
+        m_parentBrand.set(vm, this, jsCast<BrandedStructure*>(previous));
+    this->setIsBrandedStructure(true);
+}
 
-static_assert(sizeof(DirectEvalExecutable) == sizeof(EvalExecutable), "");
+BrandedStructure::BrandedStructure(VM& vm, BrandedStructure* previous, DeferredStructureTransitionWatchpointFire* deferred)
+    : Structure(vm, previous, deferred)
+    , m_brand(previous->m_brand)
+    , m_parentBrand(vm, this, previous->m_parentBrand.get(), WriteBarrier<BrandedStructure>::MayBeNull)
+{
+    this->setIsBrandedStructure(true);
+}
+
+Structure* BrandedStructure::create(VM& vm, Structure* previous, UniquedStringImpl* brandUid, DeferredStructureTransitionWatchpointFire* deferred)
+{
+    ASSERT(vm.structureStructure);
+    BrandedStructure* newStructure = new (NotNull, allocateCell<BrandedStructure>(vm.heap)) BrandedStructure(vm, previous, brandUid, deferred);
+    newStructure->finishCreation(vm, previous);
+    return newStructure;
+}
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/BrandedStructure.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2021 Igalia S.A. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26 +27 @@
 #pragma once
 
-#include "EvalExecutable.h"
+#include "Structure.h"
+#include "Symbol.h"
+#include "Watchpoint.h"
+#include "WriteBarrierInlines.h"
+
+namespace WTF {
+
+class UniquedStringImpl;
+
+} // namespace WTF
 
 namespace JSC {
 
-class DirectEvalExecutable final : public EvalExecutable {
+class BrandedStructure final : public Structure {
+    typedef Structure Base;
+
 public:
-    static DirectEvalExecutable* create(JSGlobalObject*, const SourceCode&, DerivedContextType, NeedsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType, const TDZEnvironment* parentScopeTDZVariables, const VariableEnvironment* privateNames, ECMAMode);
-private:
-    DirectEvalExecutable(JSGlobalObject*, const SourceCode&, bool inStrictContext, DerivedContextType, NeedsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType);
+
+    template<typename CellType, SubspaceAccess>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        return &vm.brandedStructureSpace;
+    }
+
+    ALWAYS_INLINE bool checkBrand(Symbol* brand)
+    {
+        UniquedStringImpl* brandUid = &brand->uid();
+        for (BrandedStructure* currentStructure = this; currentStructure; currentStructure = currentStructure->m_parentBrand.get()) {
+            if (brandUid == currentStructure->m_brand)
+                return true;
+        }
+        return false;
+    }
+
+private: 
+    BrandedStructure(VM&, Structure*, UniquedStringImpl* brand, DeferredStructureTransitionWatchpointFire*);
+    BrandedStructure(VM&, BrandedStructure*, DeferredStructureTransitionWatchpointFire*);
+
+    static Structure* create(VM&, Structure*, UniquedStringImpl* brand, DeferredStructureTransitionWatchpointFire* = nullptr);
+
+    UniquedStringImpl* m_brand;
+    WriteBarrier<BrandedStructure> m_parentBrand;
+
+    friend class Structure;
 };
 
-static_assert(sizeof(DirectEvalExecutable) == sizeof(EvalExecutable), "");
-
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/CachedTypes.cpp

@@ -995 +995 @@
         m_constantIdentifierSets.encode(encoder, rareData.m_constantIdentifierSets);
         m_needsClassFieldInitializer = rareData.m_needsClassFieldInitializer;
+        m_privateBrandRequirement = rareData.m_privateBrandRequirement;
     }
 
@@ -1009 +1010 @@
         m_constantIdentifierSets.decode(decoder, rareData->m_constantIdentifierSets);
         rareData->m_needsClassFieldInitializer = m_needsClassFieldInitializer;
+        rareData->m_privateBrandRequirement = m_privateBrandRequirement;
         return rareData;
     }
@@ -1022 +1024 @@
     CachedVector<CachedConstantIdentifierSetEntry> m_constantIdentifierSets;
     unsigned m_needsClassFieldInitializer : 1;
-};
+    unsigned m_privateBrandRequirement : 1;
+};
+
+typedef CachedHashMap<CachedRefPtr<CachedUniquedStringImpl, UniquedStringImpl, WTF::PackedPtrTraits<UniquedStringImpl>>, PrivateNameEntry, IdentifierRepHash, HashTraits<RefPtr<UniquedStringImpl>>, PrivateNameEntryHashTraits> CachedPrivateNameEnvironment;
 
 class CachedVariableEnvironmentRareData : public CachedObject<VariableEnvironment::RareData> {
@@ -1037 +1042 @@
 
 private:
-    CachedHashMap<CachedRefPtr<CachedUniquedStringImpl, UniquedStringImpl, WTF::PackedPtrTraits<UniquedStringImpl>>, PrivateNameEntry, IdentifierRepHash, HashTraits<RefPtr<UniquedStringImpl>>, PrivateNameEntryHashTraits> m_privateNames;
+    CachedPrivateNameEnvironment m_privateNames;
 };
 
@@ -1214 +1219 @@
 
 private:
-    CachedHashSet<CachedRefPtr<CachedUniquedStringImpl>, IdentifierRepHash> m_privateNames;
+    CachedPrivateNameEnvironment m_privateNames;
 };
 
@@ -1791 +1796 @@
         m_classSource.encode(encoder, rareData.m_classSource);
         m_parentScopeTDZVariables.encode(encoder, rareData.m_parentScopeTDZVariables);
+        m_parentPrivateNameEnvironment.encode(encoder, rareData.m_parentPrivateNameEnvironment);
     }
 
@@ -1798 +1804 @@
         m_classSource.decode(decoder, rareData->m_classSource);
         m_parentScopeTDZVariables.decode(decoder, rareData->m_parentScopeTDZVariables);
+        m_parentPrivateNameEnvironment.decode(decoder, rareData->m_parentPrivateNameEnvironment);
         return rareData;
     }
@@ -1804 +1811 @@
     CachedSourceCodeWithoutProvider m_classSource;
     CachedRefPtr<CachedTDZEnvironmentLink> m_parentScopeTDZVariables;
+    CachedPrivateNameEnvironment m_parentPrivateNameEnvironment;
 };
 
@@ -1839 +1847 @@
     unsigned derivedContextType() const { return m_derivedContextType; }
     unsigned needsClassFieldInitializer() const { return m_needsClassFieldInitializer; }
+    unsigned privateBrandRequirement() const { return m_privateBrandRequirement; }
 
     Identifier name(Decoder& decoder) const { return m_name.decode(decoder); }
@@ -1867 +1876 @@
     unsigned m_typeProfilingStartOffset;
     unsigned m_typeProfilingEndOffset;
-    unsigned m_parameterCount;
+    unsigned m_parameterCount:31;
+    unsigned m_privateBrandRequirement : 1;
     SourceParseMode m_sourceParseMode;
     unsigned m_constructorKind : 2;
@@ -1924 +1934 @@
     unsigned constructorKind() const { return m_constructorKind; }
     unsigned derivedContextType() const { return m_derivedContextType; }
-    unsigned needsClassFieldInitializer() const { return m_needsClassFieldInitializer; }
     unsigned evalContextType() const { return m_evalContextType; }
     unsigned hasTailCalls() const { return m_hasTailCalls; }
@@ -1956 +1965 @@
     unsigned m_constructorKind : 2;
     unsigned m_derivedContextType : 2;
-    unsigned m_needsClassFieldInitializer : 1;
     unsigned m_evalContextType : 2;
     unsigned m_hasTailCalls : 1;
@@ -2237 +2245 @@
     m_derivedContextType = executable.m_derivedContextType;
     m_needsClassFieldInitializer = executable.m_needsClassFieldInitializer;
+    m_privateBrandRequirement = executable.m_privateBrandRequirement;
 
     m_rareData.encode(encoder, executable.m_rareData.get());
@@ -2278 +2287 @@
     , m_typeProfilingEndOffset(cachedExecutable.typeProfilingEndOffset())
     , m_parameterCount(cachedExecutable.parameterCount())
+    , m_privateBrandRequirement(cachedExecutable.privateBrandRequirement())
     , m_features(cachedExecutable.features())
     , m_sourceParseMode(cachedExecutable.sourceParseMode())

trunk/Source/JavaScriptCore/runtime/CodeCache.cpp

@@ -72 +72 @@
 
 template <class UnlinkedCodeBlockType, class ExecutableType = ScriptExecutable>
-UnlinkedCodeBlockType* generateUnlinkedCodeBlockImpl(VM& vm, const SourceCode& source, JSParserStrictMode strictMode, JSParserScriptMode scriptMode, OptionSet<CodeGenerationMode> codeGenerationMode, ParserError& error, EvalContextType evalContextType, DerivedContextType derivedContextType, bool isArrowFunctionContext, const TDZEnvironment* variablesUnderTDZ = nullptr, const VariableEnvironment* parentScopePrivateNames = nullptr, ExecutableType* executable = nullptr)
+UnlinkedCodeBlockType* generateUnlinkedCodeBlockImpl(VM& vm, const SourceCode& source, JSParserStrictMode strictMode, JSParserScriptMode scriptMode, OptionSet<CodeGenerationMode> codeGenerationMode, ParserError& error, EvalContextType evalContextType, DerivedContextType derivedContextType, bool isArrowFunctionContext, const TDZEnvironment* variablesUnderTDZ = nullptr, const PrivateNameEnvironment* privateNameEnvironment = nullptr, ExecutableType* executable = nullptr)
 {
     typedef typename CacheTypes<UnlinkedCodeBlockType>::RootNode RootNode;
@@ -78 +78 @@
 
     std::unique_ptr<RootNode> rootNode = parse<RootNode>(
-        vm, source, Identifier(), JSParserBuiltinMode::NotBuiltin, strictMode, scriptMode, CacheTypes<UnlinkedCodeBlockType>::parseMode, SuperBinding::NotNeeded, error, nullptr, ConstructorKind::None, derivedContextType, evalContextType, nullptr, parentScopePrivateNames, nullptr, isInsideOrdinaryFunction);
+        vm, source, Identifier(), JSParserBuiltinMode::NotBuiltin, strictMode, scriptMode, CacheTypes<UnlinkedCodeBlockType>::parseMode, SuperBinding::NotNeeded, error, nullptr, ConstructorKind::None, derivedContextType, evalContextType, nullptr, privateNameEnvironment, nullptr, isInsideOrdinaryFunction);
 
     if (!rootNode)
@@ -95 +95 @@
     ECMAMode ecmaMode = rootNode->features() & StrictModeFeature ? ECMAMode::strict() : ECMAMode::sloppy();
     NeedsClassFieldInitializer needsClassFieldInitializer = NeedsClassFieldInitializer::No;
-    if constexpr (std::is_same_v<ExecutableType, DirectEvalExecutable>)
+    PrivateBrandRequirement privateBrandRequirement = PrivateBrandRequirement::None;
+    if constexpr (std::is_same_v<ExecutableType, DirectEvalExecutable>) {
         needsClassFieldInitializer = executable->needsClassFieldInitializer();
-    ExecutableInfo executableInfo(usesEval, false, false, ConstructorKind::None, scriptMode, SuperBinding::NotNeeded, CacheTypes<UnlinkedCodeBlockType>::parseMode, derivedContextType, needsClassFieldInitializer, isArrowFunctionContext, false, evalContextType);
+        privateBrandRequirement = executable->privateBrandRequirement();
+    }
+    ExecutableInfo executableInfo(usesEval, false, privateBrandRequirement, false, ConstructorKind::None, scriptMode, SuperBinding::NotNeeded, CacheTypes<UnlinkedCodeBlockType>::parseMode, derivedContextType, needsClassFieldInitializer, isArrowFunctionContext, false, evalContextType);
 
     UnlinkedCodeBlockType* unlinkedCodeBlock = UnlinkedCodeBlockType::create(vm, executableInfo, codeGenerationMode);
@@ -109 +112 @@
     if (variablesUnderTDZ)
         parentVariablesUnderTDZ = TDZEnvironmentLink::create(vm.m_compactVariableMap->get(*variablesUnderTDZ), nullptr);
-    error = BytecodeGenerator::generate(vm, rootNode.get(), source, unlinkedCodeBlock, codeGenerationMode, parentVariablesUnderTDZ, ecmaMode);
+    error = BytecodeGenerator::generate(vm, rootNode.get(), source, unlinkedCodeBlock, codeGenerationMode, parentVariablesUnderTDZ, privateNameEnvironment, ecmaMode);
 
     if (error.isValid())
@@ -118 +121 @@
 
 template <class UnlinkedCodeBlockType, class ExecutableType>
-UnlinkedCodeBlockType* generateUnlinkedCodeBlock(VM& vm, ExecutableType* executable, const SourceCode& source, JSParserStrictMode strictMode, JSParserScriptMode scriptMode, OptionSet<CodeGenerationMode> codeGenerationMode, ParserError& error, EvalContextType evalContextType, const TDZEnvironment* variablesUnderTDZ = nullptr, const VariableEnvironment* parentScopePrivateNames = nullptr)
-{
-    return generateUnlinkedCodeBlockImpl<UnlinkedCodeBlockType, ExecutableType>(vm, source, strictMode, scriptMode, codeGenerationMode, error, evalContextType, executable->derivedContextType(), executable->isArrowFunctionContext(), variablesUnderTDZ, parentScopePrivateNames, executable);
-}
-
-UnlinkedEvalCodeBlock* generateUnlinkedCodeBlockForDirectEval(VM& vm, DirectEvalExecutable* executable, const SourceCode& source, JSParserStrictMode strictMode, JSParserScriptMode scriptMode, OptionSet<CodeGenerationMode> codeGenerationMode, ParserError& error, EvalContextType evalContextType, const TDZEnvironment* variablesUnderTDZ, const VariableEnvironment* parentScopePrivateNames)
-{
-    return generateUnlinkedCodeBlock<UnlinkedEvalCodeBlock>(vm, executable, source, strictMode, scriptMode, codeGenerationMode, error, evalContextType, variablesUnderTDZ, parentScopePrivateNames);
+UnlinkedCodeBlockType* generateUnlinkedCodeBlock(VM& vm, ExecutableType* executable, const SourceCode& source, JSParserStrictMode strictMode, JSParserScriptMode scriptMode, OptionSet<CodeGenerationMode> codeGenerationMode, ParserError& error, EvalContextType evalContextType, const TDZEnvironment* variablesUnderTDZ = nullptr, const PrivateNameEnvironment* privateNameEnvironment = nullptr)
+{
+    return generateUnlinkedCodeBlockImpl<UnlinkedCodeBlockType, ExecutableType>(vm, source, strictMode, scriptMode, codeGenerationMode, error, evalContextType, executable->derivedContextType(), executable->isArrowFunctionContext(), variablesUnderTDZ, privateNameEnvironment, executable);
+}
+
+UnlinkedEvalCodeBlock* generateUnlinkedCodeBlockForDirectEval(VM& vm, DirectEvalExecutable* executable, const SourceCode& source, JSParserStrictMode strictMode, JSParserScriptMode scriptMode, OptionSet<CodeGenerationMode> codeGenerationMode, ParserError& error, EvalContextType evalContextType, const TDZEnvironment* variablesUnderTDZ, const PrivateNameEnvironment* privateNameEnvironment)
+{
+    return generateUnlinkedCodeBlock<UnlinkedEvalCodeBlock>(vm, executable, source, strictMode, scriptMode, codeGenerationMode, error, evalContextType, variablesUnderTDZ, privateNameEnvironment);
 }
 
@@ -249 +252 @@
     // in the global lexical environment, which we always TDZ check accesses from.
     ConstructAbility constructAbility = constructAbilityForParseMode(metadata->parseMode());
-    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(vm, source, metadata, UnlinkedNormalFunction, constructAbility, JSParserScriptMode::Classic, nullptr, DerivedContextType::None, NeedsClassFieldInitializer::No);
+    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(vm, source, metadata, UnlinkedNormalFunction, constructAbility, JSParserScriptMode::Classic, nullptr, WTF::nullopt, DerivedContextType::None, NeedsClassFieldInitializer::No, PrivateBrandRequirement::None);
 
     if (!source.provider()->sourceURLDirective().isNull())

trunk/Source/JavaScriptCore/runtime/CodeCache.h

@@ -255 +255 @@
 };
 
-UnlinkedEvalCodeBlock* generateUnlinkedCodeBlockForDirectEval(VM&, DirectEvalExecutable*, const SourceCode&, JSParserStrictMode, JSParserScriptMode, OptionSet<CodeGenerationMode>, ParserError&, EvalContextType, const TDZEnvironment* variablesUnderTDZ, const VariableEnvironment* parentScopePrivateNames);
+UnlinkedEvalCodeBlock* generateUnlinkedCodeBlockForDirectEval(VM&, DirectEvalExecutable*, const SourceCode&, JSParserStrictMode, JSParserScriptMode, OptionSet<CodeGenerationMode>, ParserError&, EvalContextType, const TDZEnvironment* variablesUnderTDZ, const PrivateNameEnvironment*);
 UnlinkedProgramCodeBlock* recursivelyGenerateUnlinkedCodeBlockForProgram(VM&, const SourceCode&, JSParserStrictMode, JSParserScriptMode, OptionSet<CodeGenerationMode>, ParserError&, EvalContextType);
 UnlinkedModuleProgramCodeBlock* recursivelyGenerateUnlinkedCodeBlockForModuleProgram(VM&, const SourceCode&, JSParserStrictMode, JSParserScriptMode, OptionSet<CodeGenerationMode>, ParserError&, EvalContextType);

trunk/Source/JavaScriptCore/runtime/DirectEvalExecutable.cpp

@@ -35 +35 @@
 namespace JSC {
 
-DirectEvalExecutable* DirectEvalExecutable::create(JSGlobalObject* globalObject, const SourceCode& source, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType evalContextType, const TDZEnvironment* variablesUnderTDZ, const VariableEnvironment* privateNames, ECMAMode ecmaMode)
+DirectEvalExecutable* DirectEvalExecutable::create(JSGlobalObject* globalObject, const SourceCode& source, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType evalContextType, const TDZEnvironment* variablesUnderTDZ, const PrivateNameEnvironment* privateNameEnvironment, ECMAMode ecmaMode)
 {
     VM& vm = globalObject->vm();
@@ -45 +45 @@
     }
 
-    auto* executable = new (NotNull, allocateCell<DirectEvalExecutable>(vm.heap)) DirectEvalExecutable(globalObject, source, ecmaMode.isStrict(), derivedContextType, needsClassFieldInitializer, isArrowFunctionContext, isInsideOrdinaryFunction, evalContextType);
+    auto* executable = new (NotNull, allocateCell<DirectEvalExecutable>(vm.heap)) DirectEvalExecutable(globalObject, source, ecmaMode.isStrict(), derivedContextType, needsClassFieldInitializer, privateBrandRequirement, isArrowFunctionContext, isInsideOrdinaryFunction, evalContextType);
     executable->finishCreation(vm);
 
@@ -53 +53 @@
 
     // We don't bother with CodeCache here because direct eval uses a specialized DirectEvalCodeCache.
-    UnlinkedEvalCodeBlock* unlinkedEvalCode = generateUnlinkedCodeBlockForDirectEval(vm, executable, executable->source(), strictMode, JSParserScriptMode::Classic, codeGenerationMode, error, evalContextType, variablesUnderTDZ, privateNames);
+    UnlinkedEvalCodeBlock* unlinkedEvalCode = generateUnlinkedCodeBlockForDirectEval(vm, executable, executable->source(), strictMode, JSParserScriptMode::Classic, codeGenerationMode, error, evalContextType, variablesUnderTDZ, privateNameEnvironment);
 
     if (globalObject->hasDebugger())
@@ -68 +68 @@
 }
 
-DirectEvalExecutable::DirectEvalExecutable(JSGlobalObject* globalObject, const SourceCode& source, bool inStrictContext, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType evalContextType)
-    : EvalExecutable(globalObject, source, inStrictContext, derivedContextType, isArrowFunctionContext, isInsideOrdinaryFunction, evalContextType, needsClassFieldInitializer)
+DirectEvalExecutable::DirectEvalExecutable(JSGlobalObject* globalObject, const SourceCode& source, bool inStrictContext, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType evalContextType)
+    : EvalExecutable(globalObject, source, inStrictContext, derivedContextType, isArrowFunctionContext, isInsideOrdinaryFunction, evalContextType, needsClassFieldInitializer, privateBrandRequirement)
 {
-    ASSERT(needsClassFieldInitializer == NeedsClassFieldInitializer::No || derivedContextType == DerivedContextType::DerivedConstructorContext);
+    ASSERT((needsClassFieldInitializer == NeedsClassFieldInitializer::No && privateBrandRequirement == PrivateBrandRequirement::None) || derivedContextType == DerivedContextType::DerivedConstructorContext);
 }
 

trunk/Source/JavaScriptCore/runtime/DirectEvalExecutable.h

@@ -32 +32 @@
 class DirectEvalExecutable final : public EvalExecutable {
 public:
-    static DirectEvalExecutable* create(JSGlobalObject*, const SourceCode&, DerivedContextType, NeedsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType, const TDZEnvironment* parentScopeTDZVariables, const VariableEnvironment* privateNames, ECMAMode);
+    static DirectEvalExecutable* create(JSGlobalObject*, const SourceCode&, DerivedContextType, NeedsClassFieldInitializer, PrivateBrandRequirement, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType, const TDZEnvironment* parentScopeTDZVariables, const PrivateNameEnvironment*, ECMAMode);
 private:
-    DirectEvalExecutable(JSGlobalObject*, const SourceCode&, bool inStrictContext, DerivedContextType, NeedsClassFieldInitializer, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType);
+    DirectEvalExecutable(JSGlobalObject*, const SourceCode&, bool inStrictContext, DerivedContextType, NeedsClassFieldInitializer, PrivateBrandRequirement, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType);
 };
 

trunk/Source/JavaScriptCore/runtime/EvalExecutable.cpp

@@ -33 +33 @@
 const ClassInfo EvalExecutable::s_info = { "EvalExecutable", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(EvalExecutable) };
 
-EvalExecutable::EvalExecutable(JSGlobalObject* globalObject, const SourceCode& source, bool inStrictContext, DerivedContextType derivedContextType, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType evalContextType, NeedsClassFieldInitializer needsClassFieldInitializer)
+EvalExecutable::EvalExecutable(JSGlobalObject* globalObject, const SourceCode& source, bool inStrictContext, DerivedContextType derivedContextType, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType evalContextType, NeedsClassFieldInitializer needsClassFieldInitializer, PrivateBrandRequirement privateBrandRequirement)
     : Base(globalObject->vm().evalExecutableStructure.get(), globalObject->vm(), source, inStrictContext, derivedContextType, isArrowFunctionContext, isInsideOrdinaryFunction, evalContextType, NoIntrinsic)
     , m_needsClassFieldInitializer(static_cast<unsigned>(needsClassFieldInitializer))
+    , m_privateBrandRequirement(static_cast<unsigned>(privateBrandRequirement))
 {
     ASSERT(source.provider()->sourceType() == SourceProviderSourceType::Program);

trunk/Source/JavaScriptCore/runtime/EvalExecutable.h

@@ -63 +63 @@
     DECLARE_INFO;
 
-    ExecutableInfo executableInfo() const { return ExecutableInfo(usesEval(), false, false, ConstructorKind::None, JSParserScriptMode::Classic, SuperBinding::NotNeeded, SourceParseMode::ProgramMode, derivedContextType(), needsClassFieldInitializer(), isArrowFunctionContext(), false, evalContextType()); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(usesEval(), false, PrivateBrandRequirement::None, false, ConstructorKind::None, JSParserScriptMode::Classic, SuperBinding::NotNeeded, SourceParseMode::ProgramMode, derivedContextType(), needsClassFieldInitializer(), isArrowFunctionContext(), false, evalContextType()); }
 
     unsigned numVariables() { return m_unlinkedEvalCodeBlock->numVariables(); }
@@ -70 +70 @@
     bool allowDirectEvalCache() const { return m_unlinkedEvalCodeBlock->allowDirectEvalCache(); }
     NeedsClassFieldInitializer needsClassFieldInitializer() const { return static_cast<NeedsClassFieldInitializer>(m_needsClassFieldInitializer); }
+    PrivateBrandRequirement privateBrandRequirement() const { return static_cast<PrivateBrandRequirement>(m_privateBrandRequirement); }
     TemplateObjectMap& ensureTemplateObjectMap(VM&);
 
@@ -77 +78 @@
 
     using Base::finishCreation;
-    EvalExecutable(JSGlobalObject*, const SourceCode&, bool inStrictContext, DerivedContextType, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType, NeedsClassFieldInitializer);
+    EvalExecutable(JSGlobalObject*, const SourceCode&, bool inStrictContext, DerivedContextType, bool isArrowFunctionContext, bool isInsideOrdinaryFunction, EvalContextType, NeedsClassFieldInitializer, PrivateBrandRequirement);
 
     static void visitChildren(JSCell*, SlotVisitor&);
 
     unsigned m_needsClassFieldInitializer : 1;
+    unsigned m_privateBrandRequirement : 1;
 
     WriteBarrier<ExecutableToCodeBlockEdge> m_evalCodeBlock;

trunk/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp

@@ -335 +335 @@
 }
 
+JSObject* createPrivateMethodAccessError(JSGlobalObject* globalObject)
+{
+    return createTypeError(globalObject, makeString("Cannot access private method"_s), defaultSourceAppender, TypeNothing);
+}
+
+JSObject* createReinstallPrivateMethodError(JSGlobalObject* globalObject)
+{
+    return createTypeError(globalObject, makeString("Cannot install same private methods on object more than once"_s), defaultSourceAppender, TypeNothing);
+}
+
 Exception* throwOutOfMemoryError(JSGlobalObject* globalObject, ThrowScope& scope)
 {

trunk/Source/JavaScriptCore/runtime/IndirectEvalExecutable.cpp

@@ -70 +70 @@
 constexpr bool insideOrdinaryFunction = false;
 IndirectEvalExecutable::IndirectEvalExecutable(JSGlobalObject* globalObject, const SourceCode& source, DerivedContextType derivedContextType, bool isArrowFunctionContext, EvalContextType evalContextType)
-    : EvalExecutable(globalObject, source, inStrictContext, derivedContextType, isArrowFunctionContext, insideOrdinaryFunction, evalContextType, NeedsClassFieldInitializer::No)
+    : EvalExecutable(globalObject, source, inStrictContext, derivedContextType, isArrowFunctionContext, insideOrdinaryFunction, evalContextType, NeedsClassFieldInitializer::No, PrivateBrandRequirement::None)
 {
 }

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -185 +185 @@
     inline void setPrivateField(JSGlobalObject*, PropertyName, JSValue, PutPropertySlot&);
     inline void definePrivateField(JSGlobalObject*, PropertyName, JSValue, PutPropertySlot&);
+    inline bool checkPrivateBrand(JSGlobalObject*, JSValue brand);
+    inline void setPrivateBrand(JSGlobalObject*, JSValue brand);
 
     unsigned getArrayLength() const

trunk/Source/JavaScriptCore/runtime/JSObjectInlines.h

@@ -25 +25 @@
 
 #include "AuxiliaryBarrierInlines.h"
+#include "BrandedStructure.h"
 #include "ButterflyInlines.h"
 #include "Error.h"
@@ -579 +580 @@
 JSObject* createInvalidPrivateNameError(JSGlobalObject*);
 JSObject* createRedefinedPrivateNameError(JSGlobalObject*);
+JSObject* createReinstallPrivateMethodError(JSGlobalObject*);
+JSObject* createPrivateMethodAccessError(JSGlobalObject*);
 
 ALWAYS_INLINE bool JSObject::getPrivateFieldSlot(JSObject* object, JSGlobalObject* globalObject, PropertyName propertyName, PropertySlot& slot)
@@ -670 +673 @@
 }
 
+inline bool JSObject::checkPrivateBrand(JSGlobalObject* globalObject, JSValue brand)
+{
+    ASSERT(brand.isSymbol());
+    VM& vm = getVM(globalObject);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    Structure* structure = this->structure(vm);
+    if (!structure->isBrandedStructure() || !jsCast<BrandedStructure*>(structure)->checkBrand(asSymbol(brand))) {
+        throwException(globalObject, scope, createPrivateMethodAccessError(globalObject));
+        RELEASE_AND_RETURN(scope, false);
+    }
+    EXCEPTION_ASSERT(!scope.exception());
+
+    return true;
+}
+
+inline void JSObject::setPrivateBrand(JSGlobalObject* globalObject, JSValue brand)
+{
+    ASSERT(brand.isSymbol());
+    VM& vm = getVM(globalObject);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    Structure* structure = this->structure(vm);
+    if (structure->isBrandedStructure() && jsCast<BrandedStructure*>(structure)->checkBrand(asSymbol(brand))) {
+        throwException(globalObject, scope, createReinstallPrivateMethodError(globalObject));
+        RELEASE_AND_RETURN(scope, void());
+    }
+    EXCEPTION_ASSERT(!scope.exception());
+
+    scope.release();
+
+    DeferredStructureTransitionWatchpointFire deferredWatchpointFire(vm, structure);
+
+    Structure* newStructure = Structure::setBrandTransition(vm, structure, asSymbol(brand), &deferredWatchpointFire);
+    ASSERT(newStructure->isBrandedStructure());
+    ASSERT(newStructure->outOfLineCapacity() || !this->structure(vm)->outOfLineCapacity());
+    this->setStructure(vm, newStructure);
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/JSScope.cpp

@@ -322 +322 @@
 }
 
-void JSScope::collectClosureVariablesUnderTDZ(JSScope* scope, TDZEnvironment& result, VariableEnvironment& privateNames)
+void JSScope::collectClosureVariablesUnderTDZ(JSScope* scope, TDZEnvironment& result, PrivateNameEnvironment& privateNameEnvironment)
 {
     for (; scope; scope = scope->next()) {
@@ -341 +341 @@
 
         if (symbolTable->hasPrivateNames()) {
-            for (auto name : symbolTable->privateNames())
-                privateNames.usePrivateName(name);    
+            auto privateNames = symbolTable->privateNames();
+            for (auto end = privateNames.end(), iter = privateNames.begin(); iter != end; ++iter)
+                privateNameEnvironment.add(iter->key, iter->value);
         }
     }

trunk/Source/JavaScriptCore/runtime/JSScope.h

@@ -28 +28 @@
 #include "GetPutInfo.h"
 #include "JSObject.h"
+#include "VariableEnvironment.h"
 
 namespace JSC {
@@ -33 +34 @@
 class ScopeChainIterator;
 class SymbolTable;
-class VariableEnvironment;
 class WatchpointSet;
 
@@ -63 +63 @@
     static JSScope* constantScopeForCodeBlock(ResolveType, CodeBlock*);
 
-    static void collectClosureVariablesUnderTDZ(JSScope*, TDZEnvironment& result, VariableEnvironment& privateNames);
+    static void collectClosureVariablesUnderTDZ(JSScope*, TDZEnvironment& result, PrivateNameEnvironment&);
 
     static void visitChildren(JSCell*, SlotVisitor&);

trunk/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h

@@ -64 +64 @@
     DECLARE_INFO;
 
-    ExecutableInfo executableInfo() const { return ExecutableInfo(usesEval(), false, false, ConstructorKind::None, JSParserScriptMode::Module, SuperBinding::NotNeeded, SourceParseMode::ModuleEvaluateMode, derivedContextType(), NeedsClassFieldInitializer::No, isArrowFunctionContext(), false, EvalContextType::None); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(usesEval(), false, PrivateBrandRequirement::None, false, ConstructorKind::None, JSParserScriptMode::Module, SuperBinding::NotNeeded, SourceParseMode::ModuleEvaluateMode, derivedContextType(), NeedsClassFieldInitializer::No, isArrowFunctionContext(), false, EvalContextType::None); }
 
     UnlinkedModuleProgramCodeBlock* unlinkedModuleProgramCodeBlock() { return m_unlinkedModuleProgramCodeBlock.get(); }

trunk/Source/JavaScriptCore/runtime/Options.cpp

@@ -540 +540 @@
     else if (Options::randomIntegrityAuditRate() > 1.0)
         Options::randomIntegrityAuditRate() = 1.0;
+    
+    if (Options::usePrivateMethods())
+        Options::usePrivateClassFields() = true;
 
     if (!Options::allowUnsupportedTiers()) {

trunk/Source/JavaScriptCore/runtime/OptionsList.h

@@ -513 +513 @@
     v(Bool, allowUnsupportedTiers, false, Normal, "If true, we will not disable DFG or FTL when an experimental feature is enabled.") \
     v(Bool, usePrivateClassFields, true, Normal, "If true, the parser will understand private data fields inside classes.") \
+    v(Bool, usePrivateMethods, false, Normal, "If true, the parser will understand private methods inside classes.") \
     v(Bool, returnEarlyFromInfiniteLoopsForFuzzing, false, Normal, nullptr) \
     v(Size, earlyReturnFromInfiniteLoopsLimit, 1300000000, Normal, "When returnEarlyFromInfiniteLoopsForFuzzing is true, this determines the number of executions a loop can run for before just returning. This is helpful for the fuzzer so it doesn't get stuck in infinite loops.") \
@@ -569 +570 @@
 
 #define FOR_EACH_JSC_EXPERIMENTAL_OPTION(v) \
-    v(usePrivateClassFields, (SupportsFTL | SupportsDFG), "https://bugs.webkit.org/show_bug.cgi?id=212781", "https://bugs.webkit.org/show_bug.cgi?id=212784")
+    v(usePrivateClassFields, (SupportsFTL | SupportsDFG), "https://bugs.webkit.org/show_bug.cgi?id=212781", "https://bugs.webkit.org/show_bug.cgi?id=212784") \
+    v(usePrivateMethods, (SupportsFTL | SupportsDFG), "https://bugs.webkit.org/show_bug.cgi?id=194434", "https://bugs.webkit.org/show_bug.cgi?id=194434")
 
 constexpr size_t countNumberOfJSCOptions()

trunk/Source/JavaScriptCore/runtime/ProgramExecutable.h

@@ -72 +72 @@
     DECLARE_INFO;
 
-    ExecutableInfo executableInfo() const { return ExecutableInfo(usesEval(), false, false, ConstructorKind::None, JSParserScriptMode::Classic, SuperBinding::NotNeeded, SourceParseMode::ProgramMode, derivedContextType(), NeedsClassFieldInitializer::No, isArrowFunctionContext(), false, EvalContextType::None); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(usesEval(), false, PrivateBrandRequirement::None, false, ConstructorKind::None, JSParserScriptMode::Classic, SuperBinding::NotNeeded, SourceParseMode::ProgramMode, derivedContextType(), NeedsClassFieldInitializer::No, isArrowFunctionContext(), false, EvalContextType::None); }
 
     TemplateObjectMap& ensureTemplateObjectMap(VM&);

trunk/Source/JavaScriptCore/runtime/Structure.cpp

@@ -28 +28 @@
 #include "Structure.h"
 
+#include "BrandedStructure.h"
 #include "BuiltinNames.h"
 #include "DumpContext.h"
@@ -425 +426 @@
     for (size_t i = structures.size(); i--;) {
         structure = structures[i];
-        if (!structure->m_transitionPropertyName)
+        if (!structure->m_transitionPropertyName || structure->transitionKind() == TransitionKind::SetBrand)
             continue;
         switch (structure->transitionKind()) {
@@ -1497 +1498 @@
 }
 
+Structure* Structure::setBrandTransitionFromExistingStructureImpl(Structure* structure, UniquedStringImpl* brandID)
+{
+    ASSERT(structure->isObject());
+
+    if (structure->hasBeenDictionary())
+        return nullptr;
+
+    if (Structure* existingTransition = structure->m_transitionTable.get(brandID, 0, TransitionKind::SetBrand))
+        return existingTransition;
+
+    return nullptr;
+}
+
+Structure* Structure::setBrandTransitionFromExistingStructureConcurrently(Structure* structure, UniquedStringImpl* brandID)
+{
+    ConcurrentJSLocker locker(structure->m_lock);
+    return setBrandTransitionFromExistingStructureImpl(structure, brandID);
+}
+
+Structure* Structure::setBrandTransition(VM& vm, Structure* structure, Symbol* brand, DeferredStructureTransitionWatchpointFire* deferred)
+{
+    Structure* existingTransition = setBrandTransitionFromExistingStructureImpl(structure, &brand->uid());
+    if (existingTransition) 
+        return existingTransition;
+
+    Structure* transition = BrandedStructure::create(vm, structure, &brand->uid(), deferred);
+    transition->setTransitionKind(TransitionKind::SetBrand);
+
+    transition->m_cachedPrototypeChain.setMayBeNull(vm, transition, structure->m_cachedPrototypeChain.get());
+    transition->m_blob.setIndexingModeIncludingHistory(structure->indexingModeIncludingHistory());
+    transition->m_transitionPropertyName = &brand->uid();
+    transition->setTransitionPropertyAttributes(0);
+    transition->setPropertyTable(vm, structure->takePropertyTableOrCloneIfPinned(vm));
+    transition->setMaxOffset(vm, structure->maxOffset());
+    checkOffset(transition->maxOffset(), transition->inlineCapacity());
+
+    if (structure->isDictionary()) {
+        PropertyTable* table = transition->ensurePropertyTable(vm);
+        transition->pin(holdLock(transition->m_lock), vm, table);
+    } else {
+        auto locker = holdLock(structure->m_lock);
+        structure->m_transitionTable.add(vm, transition);
+    }
+
+    transition->checkOffsetConsistency();
+    return transition;
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/Structure.h

@@ -124 +124 @@
 };
 
-class Structure final : public JSCell {
+class Structure : public JSCell {
     static constexpr uint16_t shortInvalidOffset = std::numeric_limits<uint16_t>::max() - 1;
     static constexpr uint16_t useRareDataFlag = std::numeric_limits<uint16_t>::max();
@@ -147 +147 @@
     JS_EXPORT_PRIVATE static bool isValidPrototype(JSValue);
 
-private:
-    void finishCreation(VM& vm)
-    {
-        Base::finishCreation(vm);
-        ASSERT(m_prototype.get().isEmpty() || isValidPrototype(m_prototype.get()));
-    }
-
+protected:
     void finishCreation(VM& vm, const Structure* previous)
     {
@@ -164 +158 @@
             }
         }
+    }
+
+private:
+    void finishCreation(VM& vm)
+    {
+        Base::finishCreation(vm);
+        ASSERT(m_prototype.get().isEmpty() || isValidPrototype(m_prototype.get()));
     }
 
@@ -207 +208 @@
     static Structure* nonPropertyTransition(VM&, Structure*, TransitionKind);
     JS_EXPORT_PRIVATE static Structure* nonPropertyTransitionSlow(VM&, Structure*, TransitionKind);
+    static Structure* setBrandTransitionFromExistingStructureConcurrently(Structure*, UniquedStringImpl*);
+    static Structure* setBrandTransition(VM&, Structure*, Symbol* brand, DeferredStructureTransitionWatchpointFire* = nullptr);
 
     JS_EXPORT_PRIVATE bool isSealed(VM&);
@@ -716 +719 @@
     DEFINE_BITFIELD(bool, protectPropertyTableWhileTransitioning, ProtectPropertyTableWhileTransitioning, 1, 28);
     DEFINE_BITFIELD(bool, hasUnderscoreProtoPropertyExcludingOriginalProto, HasUnderscoreProtoPropertyExcludingOriginalProto, 1, 29);
+    DEFINE_BITFIELD(bool, isBrandedStructure, IsBrandedStructure, 1, 30);
 
     static_assert(s_bitWidthOfTransitionPropertyAttributes <= sizeof(TransitionPropertyAttributes) * 8);
     static_assert(s_bitWidthOfTransitionKind <= sizeof(TransitionKind) * 8);
 
+protected:
+    Structure(VM&, Structure*, DeferredStructureTransitionWatchpointFire*);
+
 private:
     friend class LLIntOffsetsExtractor;
@@ -725 +732 @@
     JS_EXPORT_PRIVATE Structure(VM&, JSGlobalObject*, JSValue prototype, const TypeInfo&, const ClassInfo*, IndexingType, unsigned inlineCapacity);
     Structure(VM&);
-    Structure(VM&, Structure*, DeferredStructureTransitionWatchpointFire*);
 
     static Structure* create(VM&, Structure*, DeferredStructureTransitionWatchpointFire* = nullptr);
@@ -731 +737 @@
     static Structure* addPropertyTransitionToExistingStructureImpl(Structure*, UniquedStringImpl* uid, unsigned attributes, PropertyOffset&);
     static Structure* removePropertyTransitionFromExistingStructureImpl(Structure*, PropertyName, unsigned attributes, PropertyOffset&);
+    static Structure* setBrandTransitionFromExistingStructureImpl(Structure*, UniquedStringImpl*);
 
     // This will return the structure that has a usable property table, that property table,

trunk/Source/JavaScriptCore/runtime/StructureInlines.h

@@ -26 +26 @@
 #pragma once
 
+#include "BrandedStructure.h"
 #include "JSArrayBufferView.h"
 #include "JSCJSValueInlines.h"
@@ -62 +63 @@
 {
     ASSERT(vm.structureStructure);
-    Structure* newStructure = new (NotNull, allocateCell<Structure>(vm.heap)) Structure(vm, previous, deferred);
+    Structure* newStructure;
+    if (previous->isBrandedStructure())
+        newStructure = new (NotNull, allocateCell<BrandedStructure>(vm.heap)) BrandedStructure(vm, jsCast<BrandedStructure*>(previous), deferred);
+    else
+        newStructure = new (NotNull, allocateCell<Structure>(vm.heap)) Structure(vm, previous, deferred);
+
     newStructure->finishCreation(vm, previous);
     return newStructure;
@@ -182 +188 @@
             break;
         case TransitionKind::PropertyDeletion:
+        case TransitionKind::SetBrand:
             continue;
         default:

trunk/Source/JavaScriptCore/runtime/StructureTransitionTable.h

@@ -56 +56 @@
     PreventExtensions,
     Seal,
-    Freeze
+    Freeze,
+
+    // Support for transitions related with private brand
+    SetBrand
 };
 

trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp

@@ -185 +185 @@
         {
             for (auto name : m_rareData->m_privateNames)
-                result->m_rareData->m_privateNames.add(name);
+                result->m_rareData->m_privateNames.add(name.key, name.value);
         }
     }

trunk/Source/JavaScriptCore/runtime/SymbolTable.h

@@ -36 +36 @@
 #include "TypeLocation.h"
 #include "VarOffset.h"
+#include "VariableEnvironment.h"
 #include "Watchpoint.h"
 #include <memory>
@@ -451 +452 @@
     typedef HashMap<VarOffset, RefPtr<UniquedStringImpl>> OffsetToVariableMap;
     typedef Vector<SymbolTableEntry*> LocalToEntryVec;
-    typedef HashSet<RefPtr<UniquedStringImpl>, IdentifierRepHash> PrivateNameSet;
-    typedef WTF::IteratorRange<typename PrivateNameSet::iterator> PrivateNameIteratorRange;
+    typedef WTF::IteratorRange<typename PrivateNameEnvironment::iterator> PrivateNameIteratorRange;
 
     template<typename CellType, SubspaceAccess>
@@ -606 +606 @@
     }
 
-    void addPrivateName(UniquedStringImpl* key)
+    void addPrivateName(const RefPtr<UniquedStringImpl>& key, PrivateNameEntry value)
     {
         ASSERT(key && !key->isSymbol());
@@ -612 +612 @@
             m_rareData = WTF::makeUnique<SymbolTableRareData>();
 
-        ASSERT(!m_rareData->m_privateNames.contains(key));
-        m_rareData->m_privateNames.add(key);
+        ASSERT(m_rareData->m_privateNames.find(key) == m_rareData->m_privateNames.end());
+        m_rareData->m_privateNames.add(key, value);
     }
 
@@ -757 +757 @@
         UniqueTypeSetMap m_uniqueTypeSetMap;
         WriteBarrier<CodeBlock> m_codeBlock;
-        PrivateNameSet m_privateNames;
+        PrivateNameEnvironment m_privateNames;
     };
 

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -34 +34 @@
 #include "BigIntObject.h"
 #include "BooleanObject.h"
+#include "BrandedStructure.h"
 #include "BuiltinExecutables.h"
 #include "BytecodeIntrinsicRegistry.h"
@@ -370 +371 @@
     , structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData) // Hash:0xaca4e62d
     , structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure) // Hash:0x1f1bcdca
+    , brandedStructureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), BrandedStructure)
     , symbolTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), SymbolTable) // Hash:0xc5215afd
     , executableToCodeBlockEdgesWithConstraints(executableToCodeBlockEdgeSpace)

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -466 +466 @@
     IsoSubspace structureRareDataSpace;
     IsoSubspace structureSpace;
+    IsoSubspace brandedStructureSpace;
     IsoSubspace symbolTableSpace;