Context Navigation

← Previous Changeset
Next Changeset →

Changeset 157317 in webkit

Timestamp:

Oct 11, 2013 12:18:27 PM (11 years ago)

Author:

commit-queue@webkit.org

Message:

Unreviewed, rolling out r157307.
http://trac.webkit.org/changeset/157307
https://bugs.webkit.org/show_bug.cgi?id=122671

Many assertion failures (Requested by ap on #webkit).

jit/ThunkGenerators.cpp:

(JSC::arrayIteratorNextThunkGenerator):

jit/ThunkGenerators.h:
runtime/ArrayIteratorPrototype.cpp:

(JSC::ArrayIteratorPrototype::finishCreation):
(JSC::createIteratorResult):
(JSC::arrayIteratorPrototypeNext):

runtime/Intrinsic.h:
runtime/JSArrayIterator.cpp:

(JSC::JSArrayIterator::finishCreation):

runtime/VM.cpp:

(JSC::thunkGeneratorForIntrinsic):

Location:

trunk/Source/JavaScriptCore

Files:

: 7 edited

ChangeLog (modified) (1 diff)
jit/ThunkGenerators.cpp (modified) (4 diffs)
jit/ThunkGenerators.h (modified) (1 diff)
runtime/ArrayIteratorPrototype.cpp (modified) (2 diffs)
runtime/Intrinsic.h (modified) (1 diff)
runtime/JSArrayIterator.cpp (modified) (2 diffs)
runtime/VM.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/ChangeLog

-                      r157313
+                      r157317
+-10-11  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, rolling out r157307.
+        http://trac.webkit.org/changeset/157307
+        https://bugs.webkit.org/show_bug.cgi?id=122671
+        Many assertion failures (Requested by ap on #webkit).
+        * jit/ThunkGenerators.cpp:
+        (JSC::arrayIteratorNextThunkGenerator):
+        * jit/ThunkGenerators.h:
+        * runtime/ArrayIteratorPrototype.cpp:
+        (JSC::ArrayIteratorPrototype::finishCreation):
+        (JSC::createIteratorResult):
+        (JSC::arrayIteratorPrototypeNext):
+        * runtime/Intrinsic.h:
+        * runtime/JSArrayIterator.cpp:
+        (JSC::JSArrayIterator::finishCreation):
+        * runtime/VM.cpp:
+        (JSC::thunkGeneratorForIntrinsic):
 -10-11  Mark Lam  <mark.lam@apple.com>

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

-                      r157307
+                      r157317
+}
 static MacroAssemblerCodeRef arrayIteratorNextThunkGenerator(VM* vm, ArrayIterationKind kind)
+MacroAssemblerCodeRef arrayIteratorNextThunkGenerator(VM* vm)
+{
     typedef SpecializedThunkJIT::TrustedImm32 TrustedImm32;
 …
     jit.and32(TrustedImm32(IndexingShapeMask), SpecializedThunkJIT::regT3);
     Jump notDone = jit.branch32(SpecializedThunkJIT::Below, SpecializedThunkJIT::regT1, Address(SpecializedThunkJIT::regT2, Butterfly::offsetOfPublicLength()));
     // Return the termination signal to indicate that we've finished
 …
     notDone.link(&jit);
+    if (kind == ArrayIterateKey) {
+        jit.add32(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex()));
+        jit.returnInt32(SpecializedThunkJIT::regT1);
+        return jit.finalize(vm->jitStubs->ctiNativeCall(vm), "array-iterator-next-key");
+    }
+    ASSERT(kind == ArrayIterateKeyValue);
+    Jump notKey = jit.branch32(SpecializedThunkJIT::NotEqual, Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfIterationKind()), TrustedImm32(ArrayIterateKey));
+    // If we're doing key iteration we just need to increment m_nextIndex and return the current value
+    jit.add32(TrustedImm32(1), Address(SpecializedThunkJIT::regT4, JSArrayIterator::offsetOfNextIndex()));
+    jit.returnInt32(SpecializedThunkJIT::regT1);
+    notKey.link(&jit);
     // Okay, now we're returning a value so make sure we're inside the vector size
 …
     jit.returnDouble(SpecializedThunkJIT::fpRegT0);
+    return jit.finalize(vm->jitStubs->ctiNativeCall(vm), "array-iterator-next-value");
+}
+MacroAssemblerCodeRef arrayIteratorNextKeyThunkGenerator(VM* vm)
+{
+    return arrayIteratorNextThunkGenerator(vm, ArrayIterateKey);
+}
+MacroAssemblerCodeRef arrayIteratorNextValueThunkGenerator(VM* vm)
+{
+    return arrayIteratorNextThunkGenerator(vm, ArrayIterateValue);
+    return jit.finalize(vm->jitStubs->ctiNativeCall(vm), "array-iterator-next");
+}

trunk/Source/JavaScriptCore/jit/ThunkGenerators.h

-                      r157307
+                      r157317
 MacroAssemblerCodeRef powThunkGenerator(VM*);
 MacroAssemblerCodeRef imulThunkGenerator(VM*);
+MacroAssemblerCodeRef arrayIteratorNextKeyThunkGenerator(VM*);
+MacroAssemblerCodeRef arrayIteratorNextValueThunkGenerator(VM*);
+MacroAssemblerCodeRef arrayIteratorNextThunkGenerator(VM*);
+}

trunk/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.cpp

-                      r157307
+                      r157317
 const ClassInfo ArrayIteratorPrototype::s_info = { "Array Iterator", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(ArrayIteratorPrototype) };
+static EncodedJSValue JSC_HOST_CALL arrayIteratorPrototypeNext(ExecState*);
 static EncodedJSValue JSC_HOST_CALL arrayIteratorPrototypeIterate(ExecState*);
 …
     vm.prototypeMap.addPrototype(this);
+    JSC_NATIVE_INTRINSIC_FUNCTION(vm.propertyNames->iteratorNextPrivateName, arrayIteratorPrototypeNext, DontEnum, 0, ArrayIteratorNextIntrinsic);
     JSC_NATIVE_FUNCTION(vm.propertyNames->iteratorPrivateName, arrayIteratorPrototypeIterate, DontEnum, 0);
+}
+static EncodedJSValue createIteratorResult(CallFrame* callFrame, ArrayIterationKind kind, size_t index, JSValue result, bool done)
+{
+    callFrame->setArgument(callFrame->argumentCount() - 1, jsBoolean(done));
+    if (done)
+        return JSValue::encode(callFrame->vm().iterationTerminator.get());
+    switch (kind & ~ArrayIterateSparseTag) {
+    case ArrayIterateKey:
+        return JSValue::encode(jsNumber(index));
+    case ArrayIterateValue:
+        return JSValue::encode(result);
+    case ArrayIterateKeyValue: {
+        MarkedArgumentBuffer args;
+        args.append(jsNumber(index));
+        args.append(result);
+        JSGlobalObject* globalObject = callFrame->callee()->globalObject();
+        return JSValue::encode(constructArray(callFrame, 0, globalObject, args));
+    }
+    default:
+        RELEASE_ASSERT_NOT_REACHED();
+    }
+    return JSValue::encode(JSValue());
+}
+EncodedJSValue JSC_HOST_CALL arrayIteratorPrototypeNext(CallFrame* callFrame)
+{
+    JSArrayIterator* iterator = jsDynamicCast<JSArrayIterator*>(callFrame->thisValue());
+    if (!iterator)
+        throwTypeError(callFrame, ASCIILiteral("Cannot call ArrayIterator.next() on a non-ArrayIterator object"));
+    JSObject* iteratedObject = iterator->iteratedObject();
+    size_t index = iterator->nextIndex();
+    ArrayIterationKind kind = iterator->iterationKind();
+    JSValue jsLength = JSValue(iteratedObject).get(callFrame, callFrame->propertyNames().length);
+    if (callFrame->hadException())
+        return JSValue::encode(jsNull());
+    size_t length = jsLength.toUInt32(callFrame);
+    if (callFrame->hadException())
+        return JSValue::encode(jsNull());
+    if (index >= length) {
+        iterator->finish();
+        return createIteratorResult(callFrame, kind, index, jsUndefined(), true);
+    }
+    if (JSValue result = iteratedObject->tryGetIndexQuickly(index)) {
+        iterator->setNextIndex(index + 1);
+        return createIteratorResult(callFrame, kind, index, result, false);
+    }
+    JSValue result = jsUndefined();
+    PropertySlot slot(iteratedObject);
+    if (kind > ArrayIterateSparseTag) {
+        // We assume that the indexed property will be an own property so cache the getOwnProperty
+        // method locally
+        auto getOwnPropertySlotByIndex = iteratedObject->methodTable()->getOwnPropertySlotByIndex;
+        while (index < length) {
+            if (getOwnPropertySlotByIndex(iteratedObject, callFrame, index, slot)) {
+                result = slot.getValue(callFrame, index);
+                break;
+            }
+            if (iteratedObject->getPropertySlot(callFrame, index, slot)) {
+                result = slot.getValue(callFrame, index);
+                break;
+            }
+            index++;
+        }
+    } else if (iteratedObject->getPropertySlot(callFrame, index, slot))
+        result = slot.getValue(callFrame, index);
+    if (index == length)
+        iterator->finish();
+    else
+        iterator->setNextIndex(index + 1);
+    return createIteratorResult(callFrame, kind, index, jsUndefined(), index == length);
+}

trunk/Source/JavaScriptCore/runtime/Intrinsic.h

-                      r157307
+                      r157317
     StringPrototypeValueOfIntrinsic,
     IMulIntrinsic,
+    ArrayIteratorNextValueIntrinsic,
+    ArrayIteratorNextKeyIntrinsic,
+    ArrayIteratorNextGenericIntrinsic
+    ArrayIteratorNextIntrinsic
 };

trunk/Source/JavaScriptCore/runtime/JSArrayIterator.cpp

-                      r157307
+                      r157317
 const ClassInfo JSArrayIterator::s_info = { "ArrayIterator", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSArrayIterator) };
+static EncodedJSValue JSC_HOST_CALL arrayIteratorNextKey(ExecState*);
+static EncodedJSValue JSC_HOST_CALL arrayIteratorNextValue(ExecState*);
+static EncodedJSValue JSC_HOST_CALL arrayIteratorNextGeneric(ExecState*);
+void JSArrayIterator::finishCreation(VM& vm, JSGlobalObject* globalObject, ArrayIterationKind kind, JSObject* iteratedObject)
+void JSArrayIterator::finishCreation(VM& vm, JSGlobalObject*, ArrayIterationKind kind, JSObject* iteratedObject)
+{
     Base::finishCreation(vm);
-    ASSERT(inherits(info()));
     m_iterationKind = kind;
     m_iteratedObject.set(vm, this, iteratedObject);
-    switch (kind) {
-    case ArrayIterateKey:
-        JSC_NATIVE_INTRINSIC_FUNCTION(vm.propertyNames->iteratorNextPrivateName, arrayIteratorNextKey, DontEnum, 0, ArrayIteratorNextKeyIntrinsic);
-        break;
-    case ArrayIterateValue:
-        JSC_NATIVE_INTRINSIC_FUNCTION(vm.propertyNames->iteratorNextPrivateName, arrayIteratorNextValue, DontEnum, 0, ArrayIteratorNextValueIntrinsic);
-        break;
-    default:
-        JSC_NATIVE_INTRINSIC_FUNCTION(vm.propertyNames->iteratorNextPrivateName, arrayIteratorNextGeneric, DontEnum, 0, ArrayIteratorNextGenericIntrinsic);
-        break;
+    }
+}
 …
+}
-static EncodedJSValue createIteratorResult(CallFrame* callFrame, ArrayIterationKind kind, size_t index, JSValue result, bool done)
+{
-    callFrame->setArgument(callFrame->argumentCount() - 1, jsBoolean(done));
-    if (done)
-        return JSValue::encode(callFrame->vm().iterationTerminator.get());
-    switch (kind & ~ArrayIterateSparseTag) {
-    case ArrayIterateKey:
-        return JSValue::encode(jsNumber(index));
-    case ArrayIterateValue:
-        return JSValue::encode(result);
-    case ArrayIterateKeyValue: {
-        MarkedArgumentBuffer args;
-        args.append(jsNumber(index));
-        args.append(result);
-        JSGlobalObject* globalObject = callFrame->callee()->globalObject();
-        return JSValue::encode(constructArray(callFrame, 0, globalObject, args));
+    }
-    default:
-        RELEASE_ASSERT_NOT_REACHED();
+    }
-    return JSValue::encode(JSValue());
+}
-static inline EncodedJSValue JSC_HOST_CALL arrayIteratorNext(CallFrame* callFrame)
+{
-    JSArrayIterator* iterator = jsDynamicCast<JSArrayIterator*>(callFrame->thisValue());
-    if (!iterator)
-        throwTypeError(callFrame, ASCIILiteral("Cannot call ArrayIterator.next() on a non-ArrayIterator object"));
-    JSObject* iteratedObject = iterator->iteratedObject();
-    size_t index = iterator->nextIndex();
-    ArrayIterationKind kind = iterator->iterationKind();
-    JSValue jsLength = JSValue(iteratedObject).get(callFrame, callFrame->propertyNames().length);
-    if (callFrame->hadException())
-        return JSValue::encode(jsNull());
-    size_t length = jsLength.toUInt32(callFrame);
-    if (callFrame->hadException())
-        return JSValue::encode(jsNull());
-    if (index >= length) {
-        iterator->finish();
-        return createIteratorResult(callFrame, kind, index, jsUndefined(), true);
+    }
-    if (JSValue result = iteratedObject->tryGetIndexQuickly(index)) {
-        iterator->setNextIndex(index + 1);
-        return createIteratorResult(callFrame, kind, index, result, false);
+    }
-    JSValue result = jsUndefined();
-    PropertySlot slot(iteratedObject);
-    if (kind > ArrayIterateSparseTag) {
-        // We assume that the indexed property will be an own property so cache the getOwnProperty
-        // method locally
-        auto getOwnPropertySlotByIndex = iteratedObject->methodTable()->getOwnPropertySlotByIndex;
-        while (index < length) {
-            if (getOwnPropertySlotByIndex(iteratedObject, callFrame, index, slot)) {
-                result = slot.getValue(callFrame, index);
-                break;
+            }
-            if (iteratedObject->getPropertySlot(callFrame, index, slot)) {
-                result = slot.getValue(callFrame, index);
-                break;
+            }
-            index++;
+        }
-    } else if (iteratedObject->getPropertySlot(callFrame, index, slot))
-        result = slot.getValue(callFrame, index);
-    if (index == length)
-        iterator->finish();
-    else
-        iterator->setNextIndex(index + 1);
-    return createIteratorResult(callFrame, kind, index, jsUndefined(), index == length);
+}
-EncodedJSValue JSC_HOST_CALL arrayIteratorNextKey(CallFrame* callFrame)
+{
-    return arrayIteratorNext(callFrame);
+}
-EncodedJSValue JSC_HOST_CALL arrayIteratorNextValue(CallFrame* callFrame)
+{
-    return arrayIteratorNext(callFrame);
+}
-EncodedJSValue JSC_HOST_CALL arrayIteratorNextGeneric(CallFrame* callFrame)
+{
-    return arrayIteratorNext(callFrame);
+}
+}

trunk/Source/JavaScriptCore/runtime/VM.cpp

-                      r157307
+                      r157317
     case IMulIntrinsic:
         return imulThunkGenerator;
+    case ArrayIteratorNextKeyIntrinsic:
+        return arrayIteratorNextKeyThunkGenerator;
+    case ArrayIteratorNextValueIntrinsic:
+        return arrayIteratorNextValueThunkGenerator;
+    case ArrayIteratorNextIntrinsic:
+        return arrayIteratorNextThunkGenerator;
     default:
         return 0;

Note: See TracChangeset for help on using the changeset viewer.