Changeset 178856 in webkit

Timestamp:

Jan 21, 2015 1:43:55 PM (9 years ago)

Author:

msaboff@apple.com

Message:

Eliminate Scope slot from JavaScript CallFrame
​https://bugs.webkit.org/show_bug.cgi?id=136724

Reviewed by Geoffrey Garen.

This finishes the removal of the scope chain slot from the call frame header.

• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::reifyInlinedCallFrames):

• dfg/DFGPreciseLocalClobberize.h:

(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

• ftl/FTLJSCall.cpp:

(JSC::FTL::JSCall::emit):

• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
(JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):

• interpreter/JSStack.h:
• interpreter/VMInspector.cpp:

(JSC::VMInspector::dumpFrame):

• jit/JITCall.cpp:

(JSC::JIT::compileOpCall):

• jit/JITCall32_64.cpp:

(JSC::JIT::compileOpCall):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::privateCompileCTINativeCall):

• jit/Repatch.cpp:

(JSC::generateByIdStub):
(JSC::linkClosureCall):

• jit/ThunkGenerators.cpp:

(JSC::virtualForThunkGenerator):
(JSC::nativeForGenerator):
Deleted ScopeChain slot from JSStack. Removed all code where ScopeChain was being
read or set. In most cases this was where we make JS calls.

• interpreter/CallFrameClosure.h:

(JSC::CallFrameClosure::setArgument):
(JSC::CallFrameClosure::resetCallFrame): Deleted.

• interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):

• interpreter/ProtoCallFrame.cpp:

(JSC::ProtoCallFrame::init):

• interpreter/ProtoCallFrame.h:

(JSC::ProtoCallFrame::scope): Deleted.
(JSC::ProtoCallFrame::setScope): Deleted.

• llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter64.asm:

Removed the related scopeChainValue member from ProtoCallFrame. Reduced the number of
registers that needed to be copied from the ProtoCallFrame to a callee's frame
from 5 to 4.

• llint/LowLevelInterpreter32_64.asm:

In addition to the prior changes, also deleted the unused macro getDeBruijnScope.

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGOSRExitCompilerCommon.cpp (modified) (2 diffs)
• dfg/DFGPreciseLocalClobberize.h (modified) (1 diff)
• dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
• dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
• ftl/FTLJSCall.cpp (modified) (1 diff)
• ftl/FTLLowerDFGToLLVM.cpp (modified) (2 diffs)
• interpreter/CallFrameClosure.h (modified) (1 diff)
• interpreter/Interpreter.cpp (modified) (6 diffs)
• interpreter/JSStack.h (modified) (1 diff)
• interpreter/ProtoCallFrame.cpp (modified) (1 diff)
• interpreter/ProtoCallFrame.h (modified) (2 diffs)
• interpreter/VMInspector.cpp (modified) (2 diffs)
• jit/JITCall.cpp (modified) (2 diffs)
• jit/JITCall32_64.cpp (modified) (2 diffs)
• jit/JITOpcodes32_64.cpp (modified) (2 diffs)
• jit/Repatch.cpp (modified) (2 diffs)
• jit/ThunkGenerators.cpp (modified) (5 diffs)
• llint/LLIntData.cpp (modified) (2 diffs)
• llint/LowLevelInterpreter.asm (modified) (2 diffs)
• llint/LowLevelInterpreter32_64.asm (modified) (4 diffs)
• llint/LowLevelInterpreter64.asm (modified) (4 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2015-01-21  Michael Saboff  <msaboff@apple.com>
+
+        Eliminate Scope slot from JavaScript CallFrame
+        https://bugs.webkit.org/show_bug.cgi?id=136724
+
+        Reviewed by Geoffrey Garen.
+
+        This finishes the removal of the scope chain slot from the call frame header.
+
+        * dfg/DFGOSRExitCompilerCommon.cpp:
+        (JSC::DFG::reifyInlinedCallFrames):
+        * dfg/DFGPreciseLocalClobberize.h:
+        (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+        * ftl/FTLJSCall.cpp:
+        (JSC::FTL::JSCall::emit):
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
+        (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
+        * interpreter/JSStack.h:
+        * interpreter/VMInspector.cpp:
+        (JSC::VMInspector::dumpFrame):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileOpCall):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::privateCompileCTINativeCall):
+        * jit/Repatch.cpp:
+        (JSC::generateByIdStub):
+        (JSC::linkClosureCall):
+        * jit/ThunkGenerators.cpp:
+        (JSC::virtualForThunkGenerator):
+        (JSC::nativeForGenerator):
+        Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
+        read or set.  In most cases this was where we make JS calls.
+
+        * interpreter/CallFrameClosure.h:
+        (JSC::CallFrameClosure::setArgument):
+        (JSC::CallFrameClosure::resetCallFrame): Deleted.
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::executeCall):
+        (JSC::Interpreter::executeConstruct):
+        (JSC::Interpreter::prepareForRepeatCall):
+        * interpreter/ProtoCallFrame.cpp:
+        (JSC::ProtoCallFrame::init):
+        * interpreter/ProtoCallFrame.h:
+        (JSC::ProtoCallFrame::scope): Deleted.
+        (JSC::ProtoCallFrame::setScope): Deleted.
+        * llint/LLIntData.cpp:
+        (JSC::LLInt::Data::performAssertions):
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter64.asm:
+        Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
+        registers that needed to be copied from the ProtoCallFrame to a callee's frame
+        from 5 to 4.
+
+        * llint/LowLevelInterpreter32_64.asm:
+        In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
+
 2015-01-21  Michael Saboff  <msaboff@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp

@@ -198 +198 @@
 #if USE(JSVALUE64)
         jit.storePtr(AssemblyHelpers::TrustedImmPtr(baselineCodeBlock), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::CodeBlock)));
-        if (!inlineCallFrame->isClosureCall)
-            jit.store64(AssemblyHelpers::TrustedImm64(JSValue::encode(JSValue(inlineCallFrame->calleeConstant()->scope()))), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::ScopeChain)));
         jit.store64(callerFrameGPR, AssemblyHelpers::addressForByteOffset(inlineCallFrame->callerFrameOffset()));
         uint32_t locationBits = CallFrame::Location::encodeAsBytecodeOffset(codeOrigin.bytecodeIndex);
@@ -212 +210 @@
 #else // USE(JSVALUE64) // so this is the 32-bit part
         jit.storePtr(AssemblyHelpers::TrustedImmPtr(baselineCodeBlock), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::CodeBlock)));
-        jit.store32(AssemblyHelpers::TrustedImm32(JSValue::CellTag), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::ScopeChain)));
-        if (!inlineCallFrame->isClosureCall)
-            jit.storePtr(AssemblyHelpers::TrustedImmPtr(inlineCallFrame->calleeConstant()->scope()), AssemblyHelpers::payloadFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::ScopeChain)));
         jit.storePtr(callerFrameGPR, AssemblyHelpers::addressForByteOffset(inlineCallFrame->callerFrameOffset()));
         Instruction* instruction = baselineCodeBlock->instructions().begin() + codeOrigin.bytecodeIndex;

trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h

@@ -132 +132 @@
             for (unsigned i = inlineCallFrame->arguments.size(); i-- > 1;)
                 m_read(VirtualRegister(inlineCallFrame->stackOffset + virtualRegisterForArgument(i).offset()));
-            if (inlineCallFrame->isClosureCall) {
-                m_read(VirtualRegister(inlineCallFrame->stackOffset + JSStack::ScopeChain));
+            if (inlineCallFrame->isClosureCall)
                 m_read(VirtualRegister(inlineCallFrame->stackOffset + JSStack::Callee));
-            }
         }
     }

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -697 +697 @@
     slowPath.append(branchNotCell(callee.jsValueRegs()));
     slowPath.append(m_jit.branchPtrWithPatch(MacroAssembler::NotEqual, calleePayloadGPR, targetToCheck));
-    m_jit.loadPtr(MacroAssembler::Address(calleePayloadGPR, OBJECT_OFFSETOF(JSFunction, m_scope)), resultPayloadGPR);
-    m_jit.storePtr(resultPayloadGPR, calleeFramePayloadSlot(JSStack::ScopeChain));
-    m_jit.storePtr(MacroAssembler::TrustedImm32(JSValue::CellTag), calleeFrameTagSlot(JSStack::ScopeChain));
 
     JITCompiler::Call fastCall = m_jit.nearCall();

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -676 +676 @@
 
     slowPath = m_jit.branchPtrWithPatch(MacroAssembler::NotEqual, calleeGPR, targetToCheck, MacroAssembler::TrustedImmPtr(0));
-
-    m_jit.loadPtr(MacroAssembler::Address(calleeGPR, OBJECT_OFFSETOF(JSFunction, m_scope)), resultGPR);
-    m_jit.store64(resultGPR, calleeFrameSlot(JSStack::ScopeChain));
 
     JITCompiler::Call fastCall = m_jit.nearCall();

trunk/Source/JavaScriptCore/ftl/FTLJSCall.cpp

@@ -58 +58 @@
         CCallHelpers::TrustedImmPtr(0));
     
-    jit.loadPtr(
-        CCallHelpers::Address(GPRInfo::regT0, JSFunction::offsetOfScopeChain()),
-        GPRInfo::regT1);
-    jit.store64(
-        GPRInfo::regT1,
-        CCallHelpers::Address(
-            CCallHelpers::stackPointerRegister,
-            sizeof(Register) * (JSStack::ScopeChain - JSStack::CallerFrameAndPCSize)));
-    
     m_fastCall = jit.nearCall();
     CCallHelpers::Jump done = jit.jump();

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp

@@ -3628 +3628 @@
             callee = m_out.operation(function);
 
-        JSScope* scope = knownFunction->scopeUnchecked();
         m_out.storePtr(m_callFrame, m_execStorage, m_heaps.CallFrame_callerFrame);
         m_out.storePtr(constNull(m_out.intPtr), addressFor(m_execStorage, JSStack::CodeBlock));
-        m_out.storePtr(weakPointer(scope), addressFor(m_execStorage, JSStack::ScopeChain));
         m_out.storePtr(weakPointer(knownFunction), addressFor(m_execStorage, JSStack::Callee));
 
@@ -3679 +3677 @@
         arguments.append(jsCallee); // callee -> %rax
         arguments.append(getUndef(m_out.int64)); // code block
-        arguments.append(getUndef(m_out.int64)); // scope chain
         arguments.append(jsCallee); // callee -> stack
         arguments.append(m_out.constInt64(numArgs)); // argument count and zeros for the tag

trunk/Source/JavaScriptCore/interpreter/CallFrameClosure.h

@@ -50 +50 @@
         protoCallFrame->setArgument(argument, value);
     }
-
-    void resetCallFrame()
-    {
-        protoCallFrame->setScope(scope);
-    }
 };
 

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -901 +901 @@
 
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(codeBlock, scope, JSCallee::create(vm, scope->globalObject(), scope), thisObj, 1);
+    protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), thisObj, 1);
 
     if (LegacyProfiler* profiler = vm.enabledProfiler())
@@ -964 +964 @@
 
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(newCodeBlock, scope, function, thisValue, argsCount, args.data());
+    protoCallFrame.init(newCodeBlock, function, thisValue, argsCount, args.data());
 
     if (LegacyProfiler* profiler = vm.enabledProfiler())
@@ -1035 +1035 @@
 
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(newCodeBlock, scope, constructor, jsUndefined(), argsCount, args.data());
+    protoCallFrame.init(newCodeBlock, constructor, jsUndefined(), argsCount, args.data());
 
     if (LegacyProfiler* profiler = vm.enabledProfiler())
@@ -1084 +1084 @@
     size_t argsCount = argumentCountIncludingThis;
 
-    protoCallFrame->init(newCodeBlock, scope, function, jsUndefined(), argsCount, args);
+    protoCallFrame->init(newCodeBlock, function, jsUndefined(), argsCount, args);
     // Return the successful closure:
     CallFrameClosure result = { callFrame, protoCallFrame, function, functionExecutable, &vm, scope, newCodeBlock->numParameters(), argumentCountIncludingThis };
@@ -1101 +1101 @@
 
     StackStats::CheckPoint stackCheckPoint;
-    closure.resetCallFrame();
 
     if (LegacyProfiler* profiler = vm.enabledProfiler())
@@ -1188 +1187 @@
 
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(codeBlock, scope, JSCallee::create(vm, scope->globalObject(), scope), thisValue, 1);
+    protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), thisValue, 1);
 
     if (LegacyProfiler* profiler = vm.enabledProfiler())

trunk/Source/JavaScriptCore/interpreter/JSStack.h

@@ -59 +59 @@
             CallerFrameAndPCSize = sizeof(CallerFrameAndPC) / sizeof(Register),
             CodeBlock = CallerFrameAndPCSize,
-            ScopeChain,
             Callee,
             ArgumentCount,

trunk/Source/JavaScriptCore/interpreter/ProtoCallFrame.cpp

@@ -33 +33 @@
 namespace JSC {
 
-void ProtoCallFrame::init(CodeBlock* codeBlock, JSScope* scope, JSObject* callee, JSValue thisValue, int argCountIncludingThis, JSValue* otherArgs)
+void ProtoCallFrame::init(CodeBlock* codeBlock, JSObject* callee, JSValue thisValue, int argCountIncludingThis, JSValue* otherArgs)
 {
     this->args = otherArgs;
     this->setCodeBlock(codeBlock);
-    this->setScope(scope);
     this->setCallee(callee);
     this->setArgumentCountIncludingThis(argCountIncludingThis);

trunk/Source/JavaScriptCore/interpreter/ProtoCallFrame.h

@@ -33 +33 @@
 struct ProtoCallFrame {
     Register codeBlockValue;
-    Register scopeChainValue;
     Register calleeValue;
     Register argCountAndCodeOriginValue;
@@ -41 +40 @@
     JSValue *args;
 
-    void init(CodeBlock*, JSScope*, JSObject*, JSValue, int, JSValue* otherArgs = 0);
+    void init(CodeBlock*, JSObject*, JSValue, int, JSValue* otherArgs = 0);
 
     CodeBlock* codeBlock() const { return codeBlockValue.Register::codeBlock(); }
     void setCodeBlock(CodeBlock* codeBlock) { codeBlockValue = codeBlock; }
-
-    JSScope* scope() const { return scopeChainValue.Register::scope(); }
-    void setScope(JSScope* scope) { scopeChainValue = scope; }
 
     JSObject* callee() const { return calleeValue.Register::function(); }

trunk/Source/JavaScriptCore/interpreter/VMInspector.cpp

@@ -74 +74 @@
         printf("%s ", prefix);
 
-    printf("frame [%d] %p { cb %p:%s, retPC %p:%s, scope %p:%s, callee %p:%s, callerFrame %p:%s, argc %d, vPC %p }",
+    printf("frame [%d] %p { cb %p:%s, retPC %p:%s, callee %p:%s, callerFrame %p:%s, argc %d, vPC %p }",
         frameCount, frame,
         CAST<void*>(frame[JSStack::CodeBlock].payload()),
@@ -80 +80 @@
         CAST<void*>(frame[JSStack::ReturnPC].payload()),
         getTypeName(frame[JSStack::ReturnPC].jsValue()),
-        CAST<void*>(frame[JSStack::ScopeChain].payload()),
-        getTypeName(frame[JSStack::ScopeChain].jsValue()),
         CAST<void*>(frame[JSStack::Callee].payload()),
         getTypeName(frame[JSStack::Callee].jsValue()),

trunk/Source/JavaScriptCore/jit/JITCall.cpp

@@ -178 +178 @@
 
        For a JS call:
-        - Caller initializes ScopeChain.
         - Callee initializes ReturnPC; CodeBlock.
         - Callee restores callFrameRegister before return.
 
        For a non-JS call:
-        - Caller initializes ScopeChain; ReturnPC; CodeBlock.
+        - Caller initializes ReturnPC; CodeBlock.
         - Caller restores callFrameRegister after return.
     */
@@ -237 +236 @@
     m_callCompilationInfo[callLinkInfoIndex].callLinkInfo = info;
 
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scope)), regT2);
-    store64(regT2, Address(MacroAssembler::stackPointerRegister, JSStack::ScopeChain * sizeof(Register) - sizeof(CallerFrameAndPC)));
-
     m_callCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall();
 

trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp

@@ -265 +265 @@
 
        For a JS call:
-        - Caller initializes ScopeChain.
         - Callee initializes ReturnPC; CodeBlock.
         - Callee restores callFrameRegister before return.
 
        For a non-JS call:
-        - Caller initializes ScopeChain; ReturnPC; CodeBlock.
+        - Caller initializes ReturnPC; CodeBlock.
         - Caller restores callFrameRegister after return.
     */
@@ -328 +327 @@
     m_callCompilationInfo[callLinkInfoIndex].callLinkInfo = info;
 
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scope)), regT2);
-    store32(regT2, Address(MacroAssembler::stackPointerRegister, JSStack::ScopeChain * sizeof(Register) + PayloadOffset - sizeof(CallerFrameAndPC)));
-    store32(TrustedImm32(JSValue::CellTag), Address(stackPointerRegister, JSStack::ScopeChain * sizeof(Register) + TagOffset - sizeof(CallerFrameAndPC)));
-
     checkStackPointerAlignment();
     m_callCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall();

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -58 +58 @@
 
 #if CPU(X86)
-    // Load caller frame's scope chain into this callframe so that whatever we call can
-    // get to its global data.
-    emitGetCallerFrameFromCallFrameHeaderPtr(regT0);
-    emitGetFromCallFrameHeaderPtr(JSStack::ScopeChain, regT1, regT0);
-    emitPutCellToCallFrameHeader(regT1, JSStack::ScopeChain);
-
     // Calling convention:      f(ecx, edx, ...);
     // Host function signature: f(ExecState*);
@@ -77 +71 @@
 
 #elif CPU(ARM) || CPU(SH4) || CPU(MIPS)
-    // Load caller frame's scope chain into this callframe so that whatever we call can get to its global data.
-    emitGetCallerFrameFromCallFrameHeaderPtr(regT2);
-    emitGetFromCallFrameHeaderPtr(JSStack::ScopeChain, regT1, regT2);
-    emitPutCellToCallFrameHeader(regT1, JSStack::ScopeChain);
-
 #if CPU(MIPS)
     // Allocate stack space for (unused) 16 bytes (8-byte aligned) for 4 arguments.

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -512 +512 @@
                 MacroAssembler::TrustedImmPtr(0));
             
-            // loadedValueGPR is already burned. We can reuse it. From here on we assume that
-            // any volatile register will be clobbered anyway.
-            stubJit.loadPtr(
-                MacroAssembler::Address(loadedValueGPR, JSFunction::offsetOfScopeChain()),
-                loadedValueGPR);
-            stubJit.storeCell(
-                loadedValueGPR, calleeFrame.withOffset(JSStack::ScopeChain * sizeof(Register)));
             fastPathCall = stubJit.nearCall();
             
@@ -1686 +1679 @@
             CCallHelpers::TrustedImmPtr(executable)));
     
-    stubJit.loadPtr(
-        CCallHelpers::Address(calleeGPR, JSFunction::offsetOfScopeChain()),
-        GPRInfo::returnValueGPR);
-    
-#if USE(JSVALUE64)
-    stubJit.store64(
-        GPRInfo::returnValueGPR,
-        CCallHelpers::Address(MacroAssembler::stackPointerRegister, static_cast<ptrdiff_t>(sizeof(Register) * JSStack::ScopeChain) + offsetToFrame));
-#else
-    stubJit.storePtr(
-        GPRInfo::returnValueGPR,
-        CCallHelpers::Address(MacroAssembler::stackPointerRegister, static_cast<ptrdiff_t>(sizeof(Register) * JSStack::ScopeChain) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload) + offsetToFrame));
-    stubJit.store32(
-        CCallHelpers::TrustedImm32(JSValue::CellTag),
-        CCallHelpers::Address(MacroAssembler::stackPointerRegister, static_cast<ptrdiff_t>(sizeof(Register) * JSStack::ScopeChain) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag) + offsetToFrame));
-#endif
-    
     AssemblyHelpers::Call call = stubJit.nearCall();
     AssemblyHelpers::Jump done = stubJit.jump();

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -215 +215 @@
     // call.
     
-    jit.loadPtr(
-        CCallHelpers::Address(GPRInfo::regT0, JSFunction::offsetOfScopeChain()),
-        GPRInfo::regT1);
-#if USE(JSVALUE64)
-    jit.emitPutToCallFrameHeaderBeforePrologue(GPRInfo::regT1, JSStack::ScopeChain);
-#else
-    jit.emitPutPayloadToCallFrameHeaderBeforePrologue(GPRInfo::regT1, JSStack::ScopeChain);
-    jit.emitPutTagToCallFrameHeaderBeforePrologue(CCallHelpers::TrustedImm32(JSValue::CellTag),
-        JSStack::ScopeChain);
-#endif
-    
     // Make a tail call. This will return back to JIT code.
     emitPointerValidation(jit, GPRInfo::regT4);
@@ -277 +266 @@
 
 #if CPU(X86)
-    // Load callee's scope chain into this callframe so that whatever we call can
-    // get to its global data.
-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::regT1);
-    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSCallee::offsetOfScopeChain()), JSInterfaceJIT::regT1);
-    jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain);
-
     // Calling convention:      f(ecx, edx, ...);
     // Host function signature: f(ExecState*);
@@ -297 +280 @@
 
 #elif CPU(X86_64)
-    // Load callee's scope chain into this callframe so that whatever we call can
-    // get to its global data.
-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::regT1);
-    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSCallee::offsetOfScopeChain()), JSInterfaceJIT::regT1);
-    jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain);
 #if !OS(WINDOWS)
     // Calling convention:      f(edi, esi, edx, ecx, ...);
@@ -334 +312 @@
     COMPILE_ASSERT(ARM64Registers::x2 != JSInterfaceJIT::regT3, T3_not_trampled_by_arg_2);
 
-    // Load callee's scope chain into this callframe so that whatever we call can
-    // get to its global data.
-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::regT1);
-    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSCallee::offsetOfScopeChain()), JSInterfaceJIT::regT1);
-    jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain);
-
     // Host function signature: f(ExecState*);
     jit.move(JSInterfaceJIT::callFrameRegister, ARM64Registers::x0);
@@ -347 +319 @@
     jit.call(JSInterfaceJIT::Address(ARM64Registers::x2, executableOffsetToFunction));
 #elif CPU(ARM) || CPU(SH4) || CPU(MIPS)
-    // Load callee's scope chain into this callframe so that whatever we call can
-    // get to its global data.
-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::regT1);
-    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSCallee::offsetOfScopeChain()), JSInterfaceJIT::regT1);
-    jit.emitPutCellToCallFrameHeader(JSInterfaceJIT::regT1, JSStack::ScopeChain);
-
 #if CPU(MIPS)
     // Allocate stack space for (unused) 16 bytes (8-byte aligned) for 4 arguments.

trunk/Source/JavaScriptCore/llint/LLIntData.cpp

@@ -74 +74 @@
 #if USE(JSVALUE64)
     const ptrdiff_t PtrSize = 8;
-    const ptrdiff_t CallFrameHeaderSlots = 6;
+    const ptrdiff_t CallFrameHeaderSlots = 5;
 #else // USE(JSVALUE64) // i.e. 32-bit version
     const ptrdiff_t PtrSize = 4;
-    const ptrdiff_t CallFrameHeaderSlots = 5;
+    const ptrdiff_t CallFrameHeaderSlots = 4;
 #endif
     const ptrdiff_t SlotSize = 8;
@@ -90 +90 @@
     ASSERT(CallFrame::returnPCOffset() == CallFrame::callerFrameOffset() + PtrSize);
     ASSERT(JSStack::CodeBlock * sizeof(Register) == CallFrame::returnPCOffset() + PtrSize);
-    ASSERT(JSStack::ScopeChain * sizeof(Register) == JSStack::CodeBlock * sizeof(Register) + SlotSize);
-    ASSERT(JSStack::Callee * sizeof(Register) == JSStack::ScopeChain * sizeof(Register) + SlotSize);
+    ASSERT(JSStack::Callee * sizeof(Register) == JSStack::CodeBlock * sizeof(Register) + SlotSize);
     ASSERT(JSStack::ArgumentCount * sizeof(Register) == JSStack::Callee * sizeof(Register) + SlotSize);
     ASSERT(JSStack::ThisArgument * sizeof(Register) == JSStack::ArgumentCount * sizeof(Register) + SlotSize);

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -35 +35 @@
 if JSVALUE64
     const PtrSize = 8
-    const CallFrameHeaderSlots = 6
+    const CallFrameHeaderSlots = 5
 else
     const PtrSize = 4
-    const CallFrameHeaderSlots = 5
+    const CallFrameHeaderSlots = 4
     const CallFrameAlignSlots = 1
 end
@@ -51 +51 @@
 const ReturnPC = CallerFrame + PtrSize
 const CodeBlock = ReturnPC + PtrSize
-const ScopeChain = CodeBlock + SlotSize
-const Callee = ScopeChain + SlotSize
+const Callee = CodeBlock + SlotSize
 const ArgumentCount = Callee + SlotSize
 const ThisArgumentOffset = ArgumentCount + SlotSize

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -288 +288 @@
 .stackHeightOK:
     move temp1, sp
-    move 5, temp1
+    move 4, temp1
 
 .copyHeaderLoop:
@@ -1941 +1941 @@
     negi t3
     addp cfr, t3  # t3 contains the new value of cfr
-    loadp JSFunction::m_scope[t2], t0
     storei t2, Callee + PayloadOffset[t3]
-    storei t0, ScopeChain + PayloadOffset[t3]
     loadi 12[PC], t2
     storei PC, ArgumentCount + TagOffset[cfr]
     storei t2, ArgumentCount + PayloadOffset[t3]
     storei CellTag, Callee + TagOffset[t3]
-    storei CellTag, ScopeChain + TagOffset[t3]
     addp CallerFrameAndPCSize, t3
     callTargetFunction(t1, t3)
@@ -2030 +2027 @@
     dispatch(2)
 
-
-# Gives you the scope in t0, while allowing you to optionally perform additional checks on the
-# scopes as they are traversed. scopeCheck() is called with two arguments: the register
-# holding the scope, and a register that can be used for scratch. Note that this does not
-# use t3, so you can hold stuff in t3 if need be.
-macro getDeBruijnScope(deBruijinIndexOperand, scopeCheck)
-    loadp ScopeChain + PayloadOffset[cfr], t0
-    loadi deBruijinIndexOperand, t2
-
-    btiz t2, .done
-
-    loadp CodeBlock[cfr], t1
-    bineq CodeBlock::m_codeType[t1], FunctionCode, .loop
-    btbz CodeBlock::m_needsActivation[t1], .loop
-
-    loadi CodeBlock::m_lexicalEnvironmentRegister[t1], t1
-
-    # Need to conditionally skip over one scope.
-    bieq TagOffset[cfr, t1, 8], EmptyValueTag, .noActivation
-    scopeCheck(t0, t1)
-    loadp JSScope::m_next[t0], t0
-.noActivation:
-    subi 1, t2
-
-    btiz t2, .done
-.loop:
-    scopeCheck(t0, t1)
-    loadp JSScope::m_next[t0], t0
-    subi 1, t2
-    btinz t2, .loop
-
-.done:
-
-end
-
 _llint_op_end:
     traceExecution()
@@ -2096 +2058 @@
     storep 0, CodeBlock[cfr]
     loadi Callee + PayloadOffset[cfr], t1
-    loadi JSCallee::m_scope[t1], t0
-    storei CellTag, ScopeChain + TagOffset[cfr]
-    storei t0, ScopeChain + PayloadOffset[cfr]
     // Callee is still in t1 for code below
     if X86 or X86_WIN

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -227 +227 @@
 .stackHeightOK:
     move temp1, sp
-    move 5, temp1
+    move 4, temp1
 
 .copyHeaderLoop:
@@ -1800 +1800 @@
     negp t3
     addp cfr, t3
-    loadp JSFunction::m_scope[t2], t0
     storeq t2, Callee[t3]
-    storeq t0, ScopeChain[t3]
     loadisFromInstruction(3, t2)
     storei PC, ArgumentCount + TagOffset[cfr]
@@ -1931 +1929 @@
         loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
         storep cfr, VM::topCallFrame[t1]
-        // Callee still in t0
-        loadp JSCallee::m_scope[t0], t1
-        storeq t1, ScopeChain[cfr]
         move cfr, arg1
         loadp Callee[cfr], arg2
@@ -1953 +1948 @@
         loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
         storep cfr, VM::topCallFrame[t1]
-        // Callee still in t0
-        loadp JSCallee::m_scope[t0], t1
-        storep t1, ScopeChain[cfr]
         preserveReturnAddressAfterCall(t3)
         storep t3, ReturnPC[cfr]