Changeset 192876 in webkit

Timestamp:

Dec 1, 2015 1:46:12 AM (8 years ago)

Author:

commit-queue@webkit.org

Message:

[ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
​https://bugs.webkit.org/show_bug.cgi?id=149338

Source/JavaScriptCore:

Patch by Aleksandr Skachkov <​gskachkov@gmail.com> on 2015-12-01
Reviewed by Saam Barati.

Implemented new version of the lexically bound 'this' in arrow function. In current version
'this' is stored inside of the lexical environment of the function. To store and load we use
op_get_from_scope and op_put_to_scope operations. Also new implementation prevent raising TDZ
error for arrow functions that are declared before super() but invoke after.

• builtins/BuiltinExecutables.cpp:

(JSC::createExecutableInternal):

• bytecode/BytecodeList.json:
• bytecode/BytecodeUseDef.h:
• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

• bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::getSlow):

• bytecode/ExecutableInfo.h:

(JSC::ExecutableInfo::ExecutableInfo):
(JSC::ExecutableInfo::isDerivedConstructorContext):
(JSC::ExecutableInfo::isArrowFunctionContext):

• bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

• bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::isDerivedConstructorContext):
(JSC::UnlinkedCodeBlock::isArrowFunctionContext):

• bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

• bytecode/UnlinkedFunctionExecutable.h:
• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope):
(JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
(JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):

• bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::isDerivedConstructorContext):
(JSC::BytecodeGenerator::usesArrowFunction):
(JSC::BytecodeGenerator::needsToUpdateArrowFunctionContext):
(JSC::BytecodeGenerator::usesEval):
(JSC::BytecodeGenerator::usesThis):
(JSC::BytecodeGenerator::newTarget):
(JSC::BytecodeGenerator::makeFunction):

• bytecompiler/NodesCodegen.cpp:

(JSC::ThisNode::emitBytecode):
(JSC::SuperNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionNode::emitBytecode):

• debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::evaluate):

• dfg/DFGAbstractInterpreterInlines.h:
• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGCapabilities.cpp:
• dfg/DFGClobberize.h:
• dfg/DFGDoesGC.cpp:
• dfg/DFGFixupPhase.cpp:
• dfg/DFGNodeType.h:
• dfg/DFGObjectAllocationSinkingPhase.cpp:
• dfg/DFGPredictionPropagationPhase.cpp:
• dfg/DFGPromotedHeapLocation.cpp:
• dfg/DFGPromotedHeapLocation.h:
• dfg/DFGSafeToExecute.h:
• dfg/DFGSpeculativeJIT.cpp:
• dfg/DFGSpeculativeJIT.h:
• dfg/DFGSpeculativeJIT32_64.cpp:
• dfg/DFGSpeculativeJIT64.cpp:
• ftl/FTLCapabilities.cpp:
• ftl/FTLLowerDFGToLLVM.cpp:
• ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

• interpreter/Interpreter.cpp:

(JSC::eval):

• jit/JIT.cpp:
• jit/JIT.h:
• jit/JITOpcodes.cpp:

(JSC::JIT::emitNewFuncExprCommon):

• jit/JITOpcodes32_64.cpp:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• parser/ASTBuilder.h:

(JSC::ASTBuilder::createArrowFunctionExpr):
(JSC::ASTBuilder::usesArrowFunction):

• parser/Nodes.h:

(JSC::ScopeNode::usesArrowFunction):

• parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFunctionInfo):

• parser/ParserModes.h:
• runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::CodeCache::getModuleProgramCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

• runtime/CodeCache.h:
• runtime/CommonIdentifiers.h:
• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/Executable.cpp:

(JSC::ScriptExecutable::ScriptExecutable):
(JSC::EvalExecutable::create):
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::ModuleProgramExecutable::ModuleProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):

• runtime/Executable.h:

(JSC::ScriptExecutable::isArrowFunctionContext):
(JSC::ScriptExecutable::isDerivedConstructorContext):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createEvalCodeBlock):

• runtime/JSGlobalObject.h:
• runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

• tests/es6.yaml:
• tests/stress/arrowfunction-activation-sink-osrexit.js:
• tests/stress/arrowfunction-activation-sink.js:
• tests/stress/arrowfunction-lexical-bind-newtarget.js: Added.
• tests/stress/arrowfunction-lexical-bind-supercall-1.js: Added.
• tests/stress/arrowfunction-lexical-bind-supercall-2.js: Added.
• tests/stress/arrowfunction-lexical-bind-supercall-3.js: Added.
• tests/stress/arrowfunction-lexical-bind-supercall-4.js: Added.
• tests/stress/arrowfunction-lexical-bind-this-1.js:
• tests/stress/arrowfunction-lexical-bind-this-7.js: Added.
• tests/stress/arrowfunction-tdz-1.js: Added.
• tests/stress/arrowfunction-tdz-2.js: Added.
• tests/stress/arrowfunction-tdz-3.js: Added.
• tests/stress/arrowfunction-tdz-4.js: Added.
• tests/stress/arrowfunction-tdz.js: Removed.

LayoutTests:

Patch by Skachkov Oleksandr <​gskachkov@gmail.com> on 2015-12-01
Reviewed by Saam Barati.

• js/arrowfunction-supercall-expected.txt: Added.
• js/arrowfunction-supercall.html: Added.
• js/arrowfunction-tdz-expected.txt: Added new expectation.
• js/script-tests/arrowfunction-supercall.js: Added.
• js/script-tests/arrowfunction-tdz.js: Added new cases.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/js/arrowfunction-supercall-expected.txt (added)
• LayoutTests/js/arrowfunction-supercall.html (added)
• LayoutTests/js/arrowfunction-tdz-expected.txt (modified) (1 diff)
• LayoutTests/js/script-tests/arrowfunction-supercall.js (added)
• LayoutTests/js/script-tests/arrowfunction-tdz.js (modified) (2 diffs)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/builtins/BuiltinExecutables.cpp (modified) (1 diff)
• Source/JavaScriptCore/bytecode/BytecodeList.json (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/BytecodeUseDef.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/EvalCodeCache.h (modified) (1 diff)
• Source/JavaScriptCore/bytecode/ExecutableInfo.h (modified) (4 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (modified) (1 diff)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp (modified) (3 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h (modified) (3 diffs)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (15 diffs)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (modified) (12 diffs)
• Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (5 diffs)
• Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGCapabilities.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGClobberize.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGDoesGC.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGNodeType.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp (modified) (5 diffs)
• Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSafeToExecute.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
• Source/JavaScriptCore/ftl/FTLCapabilities.cpp (modified) (1 diff)
• Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (modified) (2 diffs)
• Source/JavaScriptCore/ftl/FTLOperations.cpp (modified) (2 diffs)
• Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JIT.h (modified) (1 diff)
• Source/JavaScriptCore/jit/JITOpcodes.cpp (modified) (3 diffs)
• Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter.asm (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (2 diffs)
• Source/JavaScriptCore/parser/ASTBuilder.h (modified) (2 diffs)
• Source/JavaScriptCore/parser/Nodes.h (modified) (1 diff)
• Source/JavaScriptCore/parser/Parser.cpp (modified) (1 diff)
• Source/JavaScriptCore/parser/ParserModes.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/CodeCache.cpp (modified) (5 diffs)
• Source/JavaScriptCore/runtime/CodeCache.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/CommonIdentifiers.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/Executable.cpp (modified) (8 diffs)
• Source/JavaScriptCore/runtime/Executable.h (modified) (9 diffs)
• Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSGlobalObject.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp (modified) (1 diff)
• Source/JavaScriptCore/tests/es6.yaml (modified) (1 diff)
• Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink-osrexit.js (modified) (1 diff)
• Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink.js (modified) (1 diff)
• Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-newtarget.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-1.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-2.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-3.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-4.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-this-1.js (modified) (2 diffs)
• Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-this-7.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-tdz-1.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-tdz-2.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-tdz-3.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-tdz-4.js (added)
• Source/JavaScriptCore/tests/stress/arrowfunction-tdz.js (deleted)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2015-12-01  Skachkov Oleksandr  <gskachkov@gmail.com>
+
+        [ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
+        https://bugs.webkit.org/show_bug.cgi?id=149338
+
+        Reviewed by Saam Barati.
+
+        * js/arrowfunction-supercall-expected.txt: Added.
+        * js/arrowfunction-supercall.html: Added.
+        * js/arrowfunction-tdz-expected.txt: Added new expectation.
+        * js/script-tests/arrowfunction-supercall.js: Added.
+        * js/script-tests/arrowfunction-tdz.js: Added new cases.
+
 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
 

trunk/LayoutTests/js/arrowfunction-tdz-expected.txt

@@ -5 +5 @@
 
 PASS isReferenceError is true
+PASS isReferenceError is true
+PASS d.id is 'a'
+PASS e.id is 'a'
+PASS f.id is 'a'
+PASS isReferenceError is true
+PASS g.id is 'a'
+PASS h.id is 'a'
+PASS i.id is 'a'
 PASS successfullyParsed is true
 

trunk/LayoutTests/js/script-tests/arrowfunction-tdz.js

@@ -1 +1 @@
 description('Tests for ES6 arrow function test tdz');
 
-var A = class A { };
+var A = class A {
+  constructor() {
+    this.id = 'a';
+  }
+};
+
 var B = class B extends A {
   constructor(accessThisBeforeSuper) {
+    var f = () => this;
     if (accessThisBeforeSuper) {
-      var f = () => this;
+      f();
       super();
     } else {
       super();
+      f();
     }
   }
@@ -22 +29 @@
 shouldBe('isReferenceError', 'true');
 
-var e = new B(false);
+var a = new B(false);
+
+var D = class D extends A {
+  constructor(accessThisBeforeSuper, returnThis) {
+    var f = () => returnThis ? this : {};
+    if (accessThisBeforeSuper) {
+      let val = f();
+      super();
+    } else {
+      super();
+      let val = f();
+    }
+  }
+};
+
+isReferenceError = false;
+try {
+      new D(true, true);
+} catch (e) {
+      isReferenceError = e instanceof ReferenceError;
+}
+
+shouldBe('isReferenceError', 'true');
+
+var d = new D(false, true);
+shouldBe('d.id', "'a'");
+var e = new D(false, false);
+shouldBe('e.id', "'a'");
+var f = new D(true, false);
+shouldBe('f.id', "'a'");
+
+var G = class G extends A {
+  constructor(accessThisBeforeSuper, returnThis) {
+    var f = () => returnThis ? (() => this ) : (()=>{});
+    let af = f();
+    if (accessThisBeforeSuper) {
+      let result = af();
+      super();
+    } else {
+      super();
+      let result = af();
+    }
+  }
+};
+
+try {
+      new G(true, true);
+} catch (e) {
+    exception = e;
+    isReferenceError = e instanceof ReferenceError;
+}
+
+shouldBe('isReferenceError', 'true');
+
+var g = new G(false, true);
+shouldBe('g.id', "'a'");
+var h = new G(false, false);
+shouldBe('h.id', "'a'");
+var i = new G(true, false);
+shouldBe('i.id', "'a'");
 
 var successfullyParsed = true;

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2015-12-01 Aleksandr Skachkov   <gskachkov@gmail.com>
+
+        [ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
+        https://bugs.webkit.org/show_bug.cgi?id=149338
+
+        Reviewed by Saam Barati.
+
+        Implemented new version of the lexically bound 'this' in arrow function. In current version 
+        'this' is stored inside of the lexical environment of the function. To store and load we use
+        op_get_from_scope and op_put_to_scope operations. Also new implementation prevent raising TDZ
+        error for arrow functions that are declared before super() but invoke after.
+
+        * builtins/BuiltinExecutables.cpp:
+        (JSC::createExecutableInternal):
+        * bytecode/BytecodeList.json:
+        * bytecode/BytecodeUseDef.h:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpBytecode):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::getSlow):
+        * bytecode/ExecutableInfo.h:
+        (JSC::ExecutableInfo::ExecutableInfo):
+        (JSC::ExecutableInfo::isDerivedConstructorContext):
+        (JSC::ExecutableInfo::isArrowFunctionContext):
+        * bytecode/UnlinkedCodeBlock.cpp:
+        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
+        * bytecode/UnlinkedCodeBlock.h:
+        (JSC::UnlinkedCodeBlock::isDerivedConstructorContext):
+        (JSC::UnlinkedCodeBlock::isArrowFunctionContext):
+        * bytecode/UnlinkedFunctionExecutable.cpp:
+        (JSC::generateUnlinkedFunctionCodeBlock):
+        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
+        * bytecode/UnlinkedFunctionExecutable.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
+        (JSC::BytecodeGenerator::variable):
+        (JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope):
+        (JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
+        (JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::isDerivedConstructorContext):
+        (JSC::BytecodeGenerator::usesArrowFunction):
+        (JSC::BytecodeGenerator::needsToUpdateArrowFunctionContext):
+        (JSC::BytecodeGenerator::usesEval):
+        (JSC::BytecodeGenerator::usesThis):
+        (JSC::BytecodeGenerator::newTarget):
+        (JSC::BytecodeGenerator::makeFunction):
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::ThisNode::emitBytecode):
+        (JSC::SuperNode::emitBytecode):
+        (JSC::EvalFunctionCallNode::emitBytecode):
+        (JSC::FunctionCallValueNode::emitBytecode):
+        (JSC::FunctionNode::emitBytecode):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * dfg/DFGAbstractInterpreterInlines.h:
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * dfg/DFGCapabilities.cpp:
+        * dfg/DFGClobberize.h:
+        * dfg/DFGDoesGC.cpp:
+        * dfg/DFGFixupPhase.cpp:
+        * dfg/DFGNodeType.h:
+        * dfg/DFGObjectAllocationSinkingPhase.cpp:
+        * dfg/DFGPredictionPropagationPhase.cpp:
+        * dfg/DFGPromotedHeapLocation.cpp:
+        * dfg/DFGPromotedHeapLocation.h:
+        * dfg/DFGSafeToExecute.h:
+        * dfg/DFGSpeculativeJIT.cpp:
+        * dfg/DFGSpeculativeJIT.h:
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        * dfg/DFGSpeculativeJIT64.cpp:
+        * ftl/FTLCapabilities.cpp:
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        * ftl/FTLOperations.cpp:
+        (JSC::FTL::operationMaterializeObjectInOSR):
+        * interpreter/Interpreter.cpp:
+        (JSC::eval):
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitNewFuncExprCommon):
+        * jit/JITOpcodes32_64.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * parser/ASTBuilder.h:
+        (JSC::ASTBuilder::createArrowFunctionExpr):
+        (JSC::ASTBuilder::usesArrowFunction):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::usesArrowFunction):
+        * parser/Parser.cpp:
+        (JSC::Parser<LexerType>::parseFunctionInfo):
+        * parser/ParserModes.h:
+        * runtime/CodeCache.cpp:
+        (JSC::CodeCache::getGlobalCodeBlock):
+        (JSC::CodeCache::getProgramCodeBlock):
+        (JSC::CodeCache::getEvalCodeBlock):
+        (JSC::CodeCache::getModuleProgramCodeBlock):
+        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
+        * runtime/CodeCache.h:
+        * runtime/CommonIdentifiers.h:
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::SLOW_PATH_DECL):
+        * runtime/Executable.cpp:
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::EvalExecutable::create):
+        (JSC::EvalExecutable::EvalExecutable):
+        (JSC::ProgramExecutable::ProgramExecutable):
+        (JSC::ModuleProgramExecutable::ModuleProgramExecutable):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        * runtime/Executable.h:
+        (JSC::ScriptExecutable::isArrowFunctionContext):
+        (JSC::ScriptExecutable::isDerivedConstructorContext):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::createEvalCodeBlock):
+        * runtime/JSGlobalObject.h:
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * tests/es6.yaml:
+        * tests/stress/arrowfunction-activation-sink-osrexit.js:
+        * tests/stress/arrowfunction-activation-sink.js:
+        * tests/stress/arrowfunction-lexical-bind-newtarget.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-1.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-2.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-3.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-4.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-this-1.js:
+        * tests/stress/arrowfunction-lexical-bind-this-7.js: Added.
+        * tests/stress/arrowfunction-tdz-1.js: Added.
+        * tests/stress/arrowfunction-tdz-2.js: Added.
+        * tests/stress/arrowfunction-tdz-3.js: Added.
+        * tests/stress/arrowfunction-tdz-4.js: Added.
+        * tests/stress/arrowfunction-tdz.js: Removed.
+
 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
 

trunk/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp

@@ -116 +116 @@
     metadata->overrideName(name);
     VariableEnvironment dummyTDZVariables;
-    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, kind, constructAbility, dummyTDZVariables, WTF::move(sourceOverride));
+    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, kind, constructAbility, dummyTDZVariables, false, WTF::move(sourceOverride));
     functionExecutable->setNameValue(vm, jsString(&vm, name.string()));
     return functionExecutable;

trunk/Source/JavaScriptCore/bytecode/BytecodeList.json

@@ -91 +91 @@
             { "name" : "op_new_func", "length" : 4 },
             { "name" : "op_new_func_exp", "length" : 4 },
-            { "name" : "op_new_arrow_func_exp", "length" : 5 },
+            { "name" : "op_new_arrow_func_exp", "length" : 4 },
             { "name" : "op_call", "length" : 9 },
             { "name" : "op_tail_call", "length" : 9 },
@@ -128 +128 @@
             { "name" : "op_enumerator_generic_pname", "length" : 4 },
             { "name" : "op_to_index_string", "length" : 3 },
-            { "name" : "op_load_arrowfunction_this", "length" : 2 },
             { "name" : "op_assert", "length" : 3 },
             { "name" : "op_copy_rest", "length": 4 },

trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h

@@ -58 +58 @@
     case op_assert:
     case op_get_scope:
-    case op_load_arrowfunction_this:
     case op_to_this:
     case op_check_tdz:
@@ -372 +371 @@
     case op_check_tdz:
     case op_get_scope:
-    case op_load_arrowfunction_this:
     case op_create_direct_arguments:
     case op_create_scoped_arguments:

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -758 +758 @@
             break;
         }
-        case op_load_arrowfunction_this: {
-            int r0 = (++it)->u.operand;
-            printLocationOpAndRegisterOperand(out, exec, location, it, "load_arrowfunction_this", r0);
-            break;
-        }
         case op_create_direct_arguments: {
             int r0 = (++it)->u.operand;
@@ -1308 +1303 @@
             int r1 = (++it)->u.operand;
             int f0 = (++it)->u.operand;
-            int r2 = (++it)->u.operand;
             printLocationAndOp(out, exec, location, it, "op_new_arrow_func_exp");
-            out.printf("%s, %s, f%d, %s", registerName(r0).data(), registerName(r1).data(), f0, registerName(r2).data());
+            out.printf("%s, %s, f%d", registerName(r0).data(), registerName(r1).data(), f0);
             break;
         }

trunk/Source/JavaScriptCore/bytecode/EvalCodeCache.h

@@ -51 +51 @@
             return 0;
         }
-        
-        EvalExecutable* getSlow(ExecState* exec, JSCell* owner, bool inStrictContext, ThisTDZMode thisTDZMode, const String& evalSource, JSScope* scope)
+
+        EvalExecutable* getSlow(ExecState* exec, JSCell* owner, bool inStrictContext, ThisTDZMode thisTDZMode, bool isDerivedConstructorContext, bool isArrowFunctionContext, const String& evalSource, JSScope* scope)
         {
             VariableEnvironment variablesUnderTDZ;
             JSScope::collectVariablesUnderTDZ(scope, variablesUnderTDZ);
-            EvalExecutable* evalExecutable = EvalExecutable::create(exec, makeSource(evalSource), inStrictContext, thisTDZMode, &variablesUnderTDZ);
+            EvalExecutable* evalExecutable = EvalExecutable::create(exec, makeSource(evalSource), inStrictContext, thisTDZMode, isDerivedConstructorContext, isArrowFunctionContext, &variablesUnderTDZ);
             if (!evalExecutable)
                 return 0;

trunk/Source/JavaScriptCore/bytecode/ExecutableInfo.h

@@ -32 +32 @@
 
 struct ExecutableInfo {
-    ExecutableInfo(bool needsActivation, bool usesEval, bool isStrictMode, bool isConstructor, bool isBuiltinFunction, ConstructorKind constructorKind, bool isArrowFunction)
+    ExecutableInfo(bool needsActivation, bool usesEval, bool isStrictMode, bool isConstructor, bool isBuiltinFunction, ConstructorKind constructorKind, bool isArrowFunction, bool isDerivedConstructorContext, bool isArrowFunctionContext)
         : m_needsActivation(needsActivation)
         , m_usesEval(usesEval)
@@ -40 +40 @@
         , m_constructorKind(static_cast<unsigned>(constructorKind))
         , m_isArrowFunction(isArrowFunction)
+        , m_isDerivedConstructorContext(isDerivedConstructorContext)
+        , m_isArrowFunctionContext(isArrowFunctionContext)
     {
         ASSERT(m_constructorKind == static_cast<unsigned>(constructorKind));
@@ -51 +53 @@
     ConstructorKind constructorKind() const { return static_cast<ConstructorKind>(m_constructorKind); }
     bool isArrowFunction() const { return m_isArrowFunction; }
+    bool isDerivedConstructorContext() const { return m_isDerivedConstructorContext; }
+    bool isArrowFunctionContext() const { return m_isArrowFunctionContext; }
 
 private:
@@ -60 +64 @@
     unsigned m_constructorKind : 2;
     unsigned m_isArrowFunction : 1;
+    unsigned m_isDerivedConstructorContext : 1;
+    unsigned m_isArrowFunctionContext : 1;
 };
 

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp

@@ -67 +67 @@
     , m_constructorKind(static_cast<unsigned>(info.constructorKind()))
     , m_isArrowFunction(info.isArrowFunction())
+    , m_isDerivedConstructorContext(info.isDerivedConstructorContext())
+    , m_isArrowFunctionContext(info.isArrowFunctionContext())
     , m_firstLine(0)
     , m_lineCount(0)

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h

@@ -118 +118 @@
     bool usesEval() const { return m_usesEval; }
     bool isArrowFunction() const { return m_isArrowFunction; }
+    bool isDerivedConstructorContext() const { return m_isDerivedConstructorContext; }
+    bool isArrowFunctionContext() const { return m_isArrowFunctionContext; }
 
     bool needsFullScopeChain() const { return m_needsFullScopeChain; }
@@ -389 +391 @@
     unsigned m_constructorKind : 2;
     unsigned m_isArrowFunction : 1;
+    unsigned m_isDerivedConstructorContext : 1;
+    unsigned m_isArrowFunctionContext : 1;
 
     unsigned m_firstLine;

trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp

@@ -68 +68 @@
     
     UnlinkedFunctionCodeBlock* result = UnlinkedFunctionCodeBlock::create(&vm, FunctionCode,
-        ExecutableInfo(function->needsActivation(), function->usesEval(), function->isStrictMode(), kind == CodeForConstruct, functionKind == UnlinkedBuiltinFunction, executable->constructorKind(), isArrowFunction));
+        ExecutableInfo(function->needsActivation(), function->usesEval(), function->isStrictMode(), kind == CodeForConstruct, functionKind == UnlinkedBuiltinFunction, executable->constructorKind(), isArrowFunction, executable->isDerivedConstructorContext(), false));
     auto generator(std::make_unique<BytecodeGenerator>(vm, function.get(), result, debuggerMode, profilerMode, executable->parentScopeTDZVariables()));
     error = generator->generate();
@@ -76 +76 @@
 }
 
-UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM* vm, Structure* structure, const SourceCode& source, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, VariableEnvironment& parentScopeTDZVariables)
+UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM* vm, Structure* structure, const SourceCode& source, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, VariableEnvironment& parentScopeTDZVariables, bool isDerivedConstructorContext)
     : Base(*vm, structure)
     , m_name(node->ident())
@@ -101 +101 @@
     , m_functionMode(node->functionMode())
     , m_isArrowFunction(node->isArrowFunction())
+    , m_isDerivedConstructorContext(isDerivedConstructorContext)
 {
     ASSERT(m_constructorKind == static_cast<unsigned>(node->constructorKind()));

trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h

@@ -66 +66 @@
     static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
 
-    static UnlinkedFunctionExecutable* create(VM* vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, VariableEnvironment& parentScopeTDZVariables, RefPtr<SourceProvider>&& sourceOverride = nullptr)
+    static UnlinkedFunctionExecutable* create(VM* vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, VariableEnvironment& parentScopeTDZVariables, bool isDerivedConstructorContext, RefPtr<SourceProvider>&& sourceOverride = nullptr)
     {
         UnlinkedFunctionExecutable* instance = new (NotNull, allocateCell<UnlinkedFunctionExecutable>(vm->heap))
-            UnlinkedFunctionExecutable(vm, vm->unlinkedFunctionExecutableStructure.get(), source, WTF::move(sourceOverride), node, unlinkedFunctionKind, constructAbility, parentScopeTDZVariables);
+            UnlinkedFunctionExecutable(vm, vm->unlinkedFunctionExecutableStructure.get(), source, WTF::move(sourceOverride), node, unlinkedFunctionKind, constructAbility, parentScopeTDZVariables, isDerivedConstructorContext);
         instance->finishCreation(*vm);
         return instance;
@@ -127 +127 @@
     const VariableEnvironment* parentScopeTDZVariables() const { return &m_parentScopeTDZVariables; }
     bool isArrowFunction() const { return m_isArrowFunction; }
+    bool isDerivedConstructorContext() const {return m_isDerivedConstructorContext; }
 
 private:
-    UnlinkedFunctionExecutable(VM*, Structure*, const SourceCode&, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, VariableEnvironment&);
+    UnlinkedFunctionExecutable(VM*, Structure*, const SourceCode&, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, VariableEnvironment&, bool isDerivedConstructorContext);
     WriteBarrier<UnlinkedFunctionCodeBlock> m_unlinkedCodeBlockForCall;
     WriteBarrier<UnlinkedFunctionCodeBlock> m_unlinkedCodeBlockForConstruct;
@@ -160 +161 @@
     unsigned m_functionMode : 1; // FunctionMode
     unsigned m_isArrowFunction : 1;
+    unsigned m_isDerivedConstructorContext : 1;
 
 protected:

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -156 +156 @@
     , m_codeType(GlobalCode)
     , m_vm(&vm)
+    , m_isDerivedConstructorContext(false)
+    , m_needsToUpdateArrowFunctionContext(programNode->usesArrowFunction() || programNode->usesEval())
 {
     ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size());
@@ -186 +188 @@
     // additional TDZ checks on top of those. This is why we can omit pushing programNode->lexicalVariables()
     // to the TDZ stack.
+    
+    if (needsToUpdateArrowFunctionContext()) {
+        initializeArrowFunctionContextScopeIfNeeded();
+        emitPutThisToArrowFunctionContextScope();
+    }
 }
 
@@ -203 +210 @@
     // https://bugs.webkit.org/show_bug.cgi?id=148819
     , m_inTailPosition(Options::useTailCalls() && !isConstructor() && constructorKind() == ConstructorKind::None && isStrictMode() && !m_shouldEmitProfileHooks)
+    , m_isDerivedConstructorContext(codeBlock->isDerivedConstructorContext())
+    , m_needsToUpdateArrowFunctionContext(functionNode->usesArrowFunction() || functionNode->usesEval())
 {
     for (auto& constantRegister : m_linkTimeConstantRegisters)
@@ -227 +236 @@
         }
     }
-
-    bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || m_codeBlock->needsFullScopeChain();
+    
+    bool containsArrowOrEvalButNotInArrowBlock = needsToUpdateArrowFunctionContext() && !m_codeBlock->isArrowFunction();
+    bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || m_codeBlock->needsFullScopeChain() || containsArrowOrEvalButNotInArrowBlock;
     bool shouldCaptureAllOfTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval();
     bool needsArguments = functionNode->usesArguments() || codeBlock->usesEval();
@@ -493 +503 @@
             instructions().append(0);
         }
-    } else {
-        if (functionNode->usesThis() || codeBlock->usesEval())
-            emitLoadArrowFunctionThis(&m_thisRegister);
-    }
+    } else if (functionNode->usesThis())
+        emitLoadThisFromArrowFunctionLexicalEnvironment();
 
     // All "addVar()"s needs to happen before "initializeDefaultParameterValuesAndSetupFunctionScopeStack()" is called
@@ -502 +510 @@
     m_TDZStack.append(std::make_pair(*parentScopeTDZVariables, false));
     initializeDefaultParameterValuesAndSetupFunctionScopeStack(parameters, functionNode, functionSymbolTable, symbolTableConstantIndex, captures);
+
+    if (needsToUpdateArrowFunctionContext() && !codeBlock->isArrowFunction()) {
+        initializeArrowFunctionContextScopeIfNeeded(functionSymbolTable);
+        emitPutThisToArrowFunctionContextScope();
+        emitPutNewTargetToArrowFunctionContextScope();
+        emitPutDerivedConstructorToArrowFunctionContextScope();
+    }
 
     pushLexicalScope(m_scopeNode, true);
@@ -515 +530 @@
     , m_vm(&vm)
     , m_usesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode())
+    , m_isDerivedConstructorContext(codeBlock->isDerivedConstructorContext())
+    , m_needsToUpdateArrowFunctionContext(evalNode->usesArrowFunction() || evalNode->usesEval())
 {
     for (auto& constantRegister : m_linkTimeConstantRegisters)
@@ -544 +561 @@
     m_TDZStack.append(std::make_pair(*parentScopeTDZVariables, false));
 
+    if (codeBlock->isArrowFunctionContext() && evalNode->usesThis())
+        emitLoadThisFromArrowFunctionLexicalEnvironment();
+
+    if (needsToUpdateArrowFunctionContext() && !codeBlock->isArrowFunctionContext()) {
+        initializeArrowFunctionContextScopeIfNeeded();
+        emitPutThisToArrowFunctionContextScope();
+    }
+    
     pushLexicalScope(m_scopeNode, true);
 }
@@ -556 +581 @@
     , m_vm(&vm)
     , m_usesNonStrictEval(false)
+    , m_isDerivedConstructorContext(false)
+    , m_needsToUpdateArrowFunctionContext(moduleProgramNode->usesArrowFunction() || moduleProgramNode->usesEval())
 {
     ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size());
@@ -789 +816 @@
         }
     }
+}
+
+void BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded(SymbolTable* symbolTable)
+{
+    if (m_arrowFunctionContextLexicalEnvironmentRegister != nullptr)
+        return;
+    
+    if (m_lexicalEnvironmentRegister != nullptr) {
+        m_arrowFunctionContextLexicalEnvironmentRegister = m_lexicalEnvironmentRegister;
+        
+        if (!m_codeBlock->isArrowFunction()) {
+            ScopeOffset offset;
+
+            offset = symbolTable->takeNextScopeOffset();
+            symbolTable->set(propertyNames().thisIdentifier.impl(), SymbolTableEntry(VarOffset(offset)));
+
+            if (m_codeType == FunctionCode) {
+                offset = symbolTable->takeNextScopeOffset();
+                symbolTable->set(propertyNames().newTargetLocalPrivateName.impl(), SymbolTableEntry(VarOffset(offset)));
+            }
+            
+            if (isConstructor() && constructorKind() == ConstructorKind::Derived) {
+                offset = symbolTable->takeNextScopeOffset();
+                symbolTable->set(propertyNames().derivedConstructorPrivateName.impl(), SymbolTableEntry(VarOffset(offset)));
+            }
+        }
+
+        return;
+    }
+
+    VariableEnvironment environment;
+    auto addResult = environment.add(propertyNames().thisIdentifier);
+    addResult.iterator->value.setIsCaptured();
+    addResult.iterator->value.setIsConst();
+    
+    if (m_codeType == FunctionCode)  {
+        auto addTarget = environment.add(propertyNames().newTargetLocalPrivateName);
+        addTarget.iterator->value.setIsCaptured();
+        addTarget.iterator->value.setIsLet();
+    }
+
+    if (isConstructor() && constructorKind() == ConstructorKind::Derived) {
+        auto derivedConstructor = environment.add(propertyNames().derivedConstructorPrivateName);
+        derivedConstructor.iterator->value.setIsCaptured();
+        derivedConstructor.iterator->value.setIsLet();
+    }
+
+    size_t size = m_symbolTableStack.size();
+    pushLexicalScopeInternal(environment, true, nullptr, TDZRequirement::UnderTDZ, ScopeType::LetConstScope, ScopeRegisterType::Block);
+
+    ASSERT_UNUSED(size, m_symbolTableStack.size() == size + 1);
+
+    m_arrowFunctionContextLexicalEnvironmentRegister = m_symbolTableStack.last().m_scope;
 }
 
@@ -1817 +1897 @@
 }
 
-Variable BytecodeGenerator::variable(const Identifier& property)
-{
-    if (property == propertyNames().thisIdentifier) {
+Variable BytecodeGenerator::variable(const Identifier& property, ThisResolutionType thisResolutionType)
+{
+    if (property == propertyNames().thisIdentifier && thisResolutionType == ThisResolutionType::Local) {
         return Variable(property, VarOffset(thisRegister()->virtualRegister()), thisRegister(),
             ReadOnly, Variable::SpecialVariable, 0, false);
@@ -2516 +2596 @@
     instructions().append(scopeRegister()->index());
     instructions().append(index);
-    
-    if (opcodeID == op_new_arrow_func_exp)
-        instructions().append(thisRegister()->index());
 }
 
@@ -2529 +2606 @@
 RegisterID* BytecodeGenerator::emitNewArrowFunctionExpression(RegisterID* dst, ArrowFuncExprNode* func)
 {
-    bool isClassConstructor = m_codeBlock->isConstructor() && constructorKind() != ConstructorKind::None;
-    if (isClassConstructor)
-        emitTDZCheck(thisRegister());
-    
     emitNewFunctionCommon(dst, func, op_new_arrow_func_exp);
     return dst;
@@ -3127 +3200 @@
     m_topMostScope = addVar();
     emitMove(m_topMostScope, scopeRegister());
-}
-
-RegisterID* BytecodeGenerator::emitLoadArrowFunctionThis(RegisterID* arrowFunctionThis)
-{
-    emitOpcode(op_load_arrowfunction_this);
-    instructions().append(arrowFunctionThis->index());
-    return arrowFunctionThis;
 }
     
@@ -3803 +3869 @@
 }
 
+RegisterID* BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment()
+{
+    ASSERT(m_codeBlock->isArrowFunction() || m_codeBlock->isArrowFunctionContext() || constructorKind() == ConstructorKind::Derived);
+    
+    m_resolvedArrowFunctionScopeContextRegister = emitResolveScope(nullptr, variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped));
+    return m_resolvedArrowFunctionScopeContextRegister.get();
+}
+
+void BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment()
+{
+    emitGetFromScope(thisRegister(), emitLoadArrowFunctionLexicalEnvironment(), variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped), DoNotThrowIfNotFound);
+}
+    
+RegisterID* BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment()
+{
+    m_isNewTargetLoadedInArrowFunction = true;
+
+    Variable newTargetVar = variable(propertyNames().newTargetLocalPrivateName);
+    emitMove(m_newTargetRegister, emitGetFromScope(newTemporary(), emitLoadArrowFunctionLexicalEnvironment(), newTargetVar, ThrowIfNotFound));
+    
+    return m_newTargetRegister;
+}
+
+RegisterID* BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment()
+{
+    Variable protoScopeVar = variable(propertyNames().derivedConstructorPrivateName);
+    return emitGetFromScope(newTemporary(), emitLoadArrowFunctionLexicalEnvironment(), protoScopeVar, ThrowIfNotFound);
+}
+    
+void BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope()
+{
+    ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister != nullptr);
+        
+    Variable newTargetVar = variable(propertyNames().newTargetLocalPrivateName);
+    emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, newTargetVar, newTarget(), DoNotThrowIfNotFound, Initialization);
+}
+    
+void BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope()
+{
+    if (isConstructor() && constructorKind() == ConstructorKind::Derived) {
+        ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister != nullptr);
+            
+        Variable protoScope = variable(propertyNames().derivedConstructorPrivateName);
+        emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, protoScope, &m_calleeRegister, DoNotThrowIfNotFound, Initialization);
+    }
+}
+    
+void BytecodeGenerator::emitPutThisToArrowFunctionContextScope()
+{
+    ASSERT(isDerivedConstructorContext() || m_arrowFunctionContextLexicalEnvironmentRegister != nullptr);
+        
+    if (isDerivedConstructorContext())
+        emitLoadArrowFunctionLexicalEnvironment();
+
+    Variable thisVar = variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped);
+    emitPutToScope(isDerivedConstructorContext() ? m_resolvedArrowFunctionScopeContextRegister.get() : m_arrowFunctionContextLexicalEnvironmentRegister, thisVar, thisRegister(), DoNotThrowIfNotFound, NotInitialization);
+}
+
 void BytecodeGenerator::pushStructureForInScope(RegisterID* localRegister, RegisterID* indexRegister, RegisterID* propertyRegister, RegisterID* enumeratorRegister)
 {

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -66 +66 @@
     };
 
+    enum class ThisResolutionType { Local, Scoped };
+    
     class CallArguments {
     public:
@@ -280 +282 @@
 
         bool isConstructor() const { return m_codeBlock->isConstructor(); }
+        bool isDerivedConstructorContext() const { return m_codeBlock->isDerivedConstructorContext(); }
+        bool usesArrowFunction() const { return m_scopeNode->usesArrowFunction(); }
+        bool needsToUpdateArrowFunctionContext() const { return m_needsToUpdateArrowFunctionContext; }
+        bool usesEval() const { return m_scopeNode->usesEval(); }
+        bool usesThis() const { return m_scopeNode->usesThis(); }
         ConstructorKind constructorKind() const { return m_codeBlock->constructorKind(); }
 
@@ -286 +293 @@
         bool isArgumentNumber(const Identifier&, int);
 
-        Variable variable(const Identifier&);
+        Variable variable(const Identifier&, ThisResolutionType = ThisResolutionType::Local);
         
         enum ExistingVariableMode { VerifyExisting, IgnoreExisting };
@@ -294 +301 @@
         RegisterID* thisRegister() { return &m_thisRegister; }
         RegisterID* argumentsRegister() { return m_argumentsRegister; }
-        RegisterID* newTarget() { return m_newTargetRegister; }
+        RegisterID* newTarget()
+        {
+            return !m_codeBlock->isArrowFunction() || m_isNewTargetLoadedInArrowFunction
+                ? m_newTargetRegister : emitLoadNewTargetFromArrowFunctionLexicalEnvironment();
+        }
 
         RegisterID* scopeRegister() { return m_scopeRegister; }
@@ -480 +491 @@
 
         void emitProfileControlFlow(int);
+        
+        RegisterID* emitLoadArrowFunctionLexicalEnvironment();
+        void emitLoadThisFromArrowFunctionLexicalEnvironment();
+        RegisterID* emitLoadNewTargetFromArrowFunctionLexicalEnvironment();
 
         RegisterID* emitLoad(RegisterID* dst, bool);
@@ -624 +639 @@
         RegisterID* emitPushWithScope(RegisterID* objectScope);
         void emitPopWithScope();
+        void emitPutThisToArrowFunctionContextScope();
+        void emitPutNewTargetToArrowFunctionContextScope();
+        void emitPutDerivedConstructorToArrowFunctionContextScope();
+        RegisterID* emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment();
 
         void emitDebugHook(DebugHookID, unsigned line, unsigned charOffset, unsigned lineStart);
@@ -699 +718 @@
         void allocateCalleeSaveSpace();
         void allocateAndEmitScope();
-        RegisterID* emitLoadArrowFunctionThis(RegisterID*);
         void emitComplexPopScopes(RegisterID*, ControlFlowContext* topScope, ControlFlowContext* bottomScope);
 
@@ -751 +769 @@
         UnlinkedFunctionExecutable* makeFunction(FunctionMetadataNode* metadata)
         {
+            bool newisDerivedConstructorContext = constructorKind() == ConstructorKind::Derived || (m_isDerivedConstructorContext && metadata->isArrowFunction());
+
             VariableEnvironment variablesUnderTDZ;
             getVariablesUnderTDZ(variablesUnderTDZ);
@@ -759 +779 @@
                 constructAbility = ConstructAbility::CannotConstruct;
 
-            return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, variablesUnderTDZ);
+            return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, variablesUnderTDZ, newisDerivedConstructorContext);
         }
 
@@ -769 +789 @@
         void initializeVarLexicalEnvironment(int symbolTableConstantIndex);
         void initializeDefaultParameterValuesAndSetupFunctionScopeStack(FunctionParameters&, FunctionNode*, SymbolTable*, int symbolTableConstantIndex, const std::function<bool (UniquedStringImpl*)>& captures);
+        void initializeArrowFunctionContextScopeIfNeeded(SymbolTable* = nullptr);
 
     public:
@@ -810 +831 @@
         RegisterID* m_newTargetRegister { nullptr };
         RegisterID* m_linkTimeConstantRegisters[LinkTimeConstantCount];
+        RegisterID* m_arrowFunctionContextLexicalEnvironmentRegister { nullptr };
+        RefPtr<RegisterID> m_resolvedArrowFunctionScopeContextRegister;
 
         SegmentedVector<RegisterID*, 16> m_localRegistersForCalleeSaveRegisters;
@@ -864 +887 @@
         bool m_usesNonStrictEval { false };
         bool m_inTailPosition { false };
+        bool m_isDerivedConstructorContext { false };
+        bool m_needsToUpdateArrowFunctionContext;
+        bool m_isNewTargetLoadedInArrowFunction { false };
     };
 

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -146 +146 @@
 RegisterID* ThisNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
 {
-    if (m_shouldAlwaysEmitTDZCheck || generator.constructorKind() == ConstructorKind::Derived)
+    if (generator.constructorKind() == ConstructorKind::Derived && generator.needsToUpdateArrowFunctionContext())
+        generator.emitLoadThisFromArrowFunctionLexicalEnvironment();
+    
+    if (m_shouldAlwaysEmitTDZCheck || generator.constructorKind() == ConstructorKind::Derived || generator.isDerivedConstructorContext())
         generator.emitTDZCheck(generator.thisRegister());
 
@@ -165 +168 @@
         return 0;
 
-    RegisterID callee;
-    callee.setIndex(JSStack::Callee);
-
-    return generator.emitGetById(generator.finalDestination(dst), &callee, generator.propertyNames().underscoreProto);
+    RegisterID* scopeId;
+    if (generator.isDerivedConstructorContext())
+        scopeId = generator.emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment();
+    else {
+        RegisterID callee;
+        callee.setIndex(JSStack::Callee);
+
+        scopeId = &callee;
+    }
+    
+    return generator.emitGetById(generator.finalDestination(dst), scopeId, generator.propertyNames().underscoreProto);
 }
 
@@ -692 +702 @@
 RegisterID* EvalFunctionCallNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
 {
+    // We need try to load 'this' before call eval in constructor, because 'this' can created by 'super' in some of the arrow function
+    // var A = class A {
+    //   constructor () { this.id = 'A'; }
+    // }
+    //
+    // var B = class B extend A {
+    //    constructor () {
+    //       var arrow = () => super();
+    //       arrow();
+    //       eval("this.id = 'B'");
+    //    }
+    // }
+    if (generator.constructorKind() == ConstructorKind::Derived && generator.needsToUpdateArrowFunctionContext())
+        generator.emitLoadThisFromArrowFunctionLexicalEnvironment();
+
     Variable var = generator.variable(generator.propertyNames().eval);
     if (RegisterID* local = var.local()) {
@@ -719 +744 @@
     CallArguments callArguments(generator, m_args);
     if (m_expr->isSuperNode()) {
-        ASSERT(generator.isConstructor());
-        ASSERT(generator.constructorKind() == ConstructorKind::Derived);
+        ASSERT(generator.isConstructor() || generator.isDerivedConstructorContext());
+        ASSERT(generator.constructorKind() == ConstructorKind::Derived || generator.isDerivedConstructorContext());
         generator.emitMove(callArguments.thisRegister(), generator.newTarget());
         RegisterID* ret = generator.emitConstruct(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd());
         generator.emitMove(generator.thisRegister(), ret);
+        
+        bool isConstructorKindDerived = generator.constructorKind() == ConstructorKind::Derived;
+        if (generator.isDerivedConstructorContext() || (isConstructorKindDerived && generator.needsToUpdateArrowFunctionContext()))
+            generator.emitPutThisToArrowFunctionContextScope();
+        
         return ret;
     }
@@ -2981 +3011 @@
     // If there is no return we must automatically insert one.
     if (!returnNode) {
+        if (generator.constructorKind() == ConstructorKind::Derived && generator.needsToUpdateArrowFunctionContext())
+            generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); // Arrow function can invoke 'super' in constructor and before leave constructor we need load 'this' from lexical arrow function environment
+
         RegisterID* r0 = generator.isConstructor() ? generator.thisRegister() : generator.emitLoad(0, jsUndefined());
         generator.emitProfileType(r0, ProfileTypeBytecodeFunctionReturnStatement); // Do not emit expression info for this profile because it's not in the user's source code.

trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp

@@ -197 +197 @@
     JSScope::collectVariablesUnderTDZ(scope()->jsScope(), variablesUnderTDZ);
 
-    EvalExecutable* eval = EvalExecutable::create(callFrame, makeSource(script), codeBlock.isStrictMode(), thisTDZMode, &variablesUnderTDZ);
+    EvalExecutable* eval = EvalExecutable::create(callFrame, makeSource(script), codeBlock.isStrictMode(), thisTDZMode, codeBlock.unlinkedCodeBlock()->isDerivedConstructorContext(), codeBlock.unlinkedCodeBlock()->isArrowFunction(), &variablesUnderTDZ);
     if (vm.exception()) {
         exception = vm.exception();

trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

@@ -1806 +1806 @@
         break;
 
-    case LoadArrowFunctionThis:
-        if (JSValue base = forNode(node->child1()).m_value) {
-            JSArrowFunction* function = jsDynamicCast<JSArrowFunction*>(base);
-            setConstant(node, *m_graph.freeze(function->boundThis()));
-            break;
-        }
-        forNode(node).setType(m_graph, SpecFinalObject);
-        break;
-            
     case SkipScope: {
         JSValue child = forNode(node->child1()).value();

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -4515 +4515 @@
             NEXT_OPCODE(op_get_scope);
         }
-
-        case op_load_arrowfunction_this: {
-            Node* callee = get(VirtualRegister(JSStack::Callee));
-            Node* result;
-            if (JSArrowFunction* function = callee->dynamicCastConstant<JSArrowFunction*>())
-                result = jsConstant(function->boundThis());
-            else
-                result = addToGraph(LoadArrowFunctionThis, callee);
-            set(VirtualRegister(currentInstruction[1].u.operand), result);
-            NEXT_OPCODE(op_load_arrowfunction_this);
-        }
             
         case op_create_direct_arguments: {
@@ -4575 +4564 @@
         }
 
-        case op_new_func_exp: {
+        case op_new_func_exp:
+        case op_new_arrow_func_exp: {
             FunctionExecutable* expr = m_inlineStackTop->m_profiledBlock->functionExpr(currentInstruction[3].u.operand);
             FrozenValue* frozen = m_graph.freezeStrong(expr);
             set(VirtualRegister(currentInstruction[1].u.operand),
                 addToGraph(NewFunction, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
-            NEXT_OPCODE(op_new_func_exp);
-        }
-
-        case op_new_arrow_func_exp: {
-            FunctionExecutable* expr = m_inlineStackTop->m_profiledBlock->functionExpr(currentInstruction[3].u.operand);
-            FrozenValue* frozen = m_graph.freezeStrong(expr);
-
-            set(VirtualRegister(currentInstruction[1].u.operand),
-                addToGraph(NewArrowFunction, OpInfo(frozen),
-                    get(VirtualRegister(currentInstruction[2].u.operand)),
-                    get(VirtualRegister(currentInstruction[4].u.operand))));
-            
-            NEXT_OPCODE(op_new_arrow_func_exp);
+            
+            if (opcodeID == op_new_func_exp) {
+                // Curly braces are necessary
+                NEXT_OPCODE(op_new_func_exp);
+            } else {
+                // Curly braces are necessary
+                NEXT_OPCODE(op_new_arrow_func_exp);
+            }
         }
 

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

@@ -203 +203 @@
     case op_in:
     case op_get_scope:
-    case op_load_arrowfunction_this:
     case op_get_from_scope:
     case op_get_enumerable_length:

trunk/Source/JavaScriptCore/dfg/DFGClobberize.h

@@ -140 +140 @@
     case ArithLog:
     case GetScope:
-    case LoadArrowFunctionThis:
     case SkipScope:
     case StringCharCodeAt:

trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp

@@ -108 +108 @@
     case CheckArray:
     case GetScope:
-    case LoadArrowFunctionThis:
     case SkipScope:
     case GetClosureVar:

trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

@@ -1010 +1010 @@
             fixEdge<KnownCellUse>(node->child1());
             speculateForBarrier(node->child2());
-            break;
-        }
-
-        case LoadArrowFunctionThis: {
-            fixEdge<KnownCellUse>(node->child1());
             break;
         }

trunk/Source/JavaScriptCore/dfg/DFGNodeType.h

@@ -208 +208 @@
     macro(GetArrayLength, NodeResultInt32) \
     macro(GetTypedArrayByteOffset, NodeResultInt32) \
-    macro(LoadArrowFunctionThis, NodeResultJS) \
     macro(GetScope, NodeResultJS) \
     macro(SkipScope, NodeResultJS) \

trunk/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp

@@ -839 +839 @@
         case NewFunction:
         case NewArrowFunction: {
-            bool isArrowFunction = node->op() == NewArrowFunction;
             if (node->castOperand<FunctionExecutable*>()->singletonFunction()->isStillValid()) {
                 m_heap.escape(node->child1().node());
@@ -845 +844 @@
             }
             
-            target = &m_heap.newAllocation(node, isArrowFunction ? Allocation::Kind::NewArrowFunction : Allocation::Kind::Function);
+            target = &m_heap.newAllocation(node, Allocation::Kind::Function);
             writes.add(FunctionExecutablePLoc, LazyNode(node->cellOperand()));
             writes.add(FunctionActivationPLoc, LazyNode(node->child1().node()));
-            if (isArrowFunction)
-                writes.add(ArrowFunctionBoundThisPLoc, LazyNode(node->child2().node()));
             break;
         }
@@ -1019 +1016 @@
             break;
 
-        case LoadArrowFunctionThis:
-            target = m_heap.onlyLocalAllocation(node->child1().node());
-            if (target && target->isArrowFunctionAllocation())
-                exactRead = ArrowFunctionBoundThisPLoc;
-            else
-                m_heap.escape(node->child1().node());
-            break;
-        
         case GetScope:
             target = m_heap.onlyLocalAllocation(node->child1().node());
@@ -2046 +2035 @@
         case NewFunction:
         case NewArrowFunction: {
-            bool isArrowFunction = node->op() == NewArrowFunction;
             Vector<PromotedHeapLocation> locations = m_locationsForAllocation.get(escapee);
-            ASSERT(locations.size() == (isArrowFunction ? 3 : 2));
+            ASSERT(locations.size() == 2);
                 
             PromotedHeapLocation executable(FunctionExecutablePLoc, allocation.identifier());
@@ -2057 +2045 @@
 
             node->child1() = Edge(resolve(block, activation), KnownCellUse);
-            
-            if (isArrowFunction) {
-                PromotedHeapLocation boundThis(ArrowFunctionBoundThisPLoc, allocation.identifier());
-                ASSERT(locations.contains(boundThis));
-                node->child2() = Edge(resolve(block, boundThis), CellUse);
-            }
-            
             break;
         }

trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

@@ -593 +593 @@
         case GetScope:
             changed |= setPrediction(SpecObjectOther);
-            break;
-
-        case LoadArrowFunctionThis:
-            changed |= setPrediction(SpecFinalObject);
             break;
 

trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp

@@ -103 +103 @@
         out.print("ClosureVarPLoc");
         return;
-
-    case ArrowFunctionBoundThisPLoc:
-        out.print("ArrowFunctionBoundThisPLoc");
-        return;
     }
     

trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h

@@ -47 +47 @@
     FunctionActivationPLoc,
     ActivationScopePLoc,
-    ClosureVarPLoc,
-    ArrowFunctionBoundThisPLoc
+    ClosureVarPLoc
 };
 

trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h

@@ -203 +203 @@
     case ArrayifyToStructure:
     case GetScope:
-    case LoadArrowFunctionThis:
     case SkipScope:
     case GetClosureVar:

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

@@ -4740 +4740 @@
     cellResult(result.gpr(), node);
 }
-
-    
-void SpeculativeJIT::compileLoadArrowFunctionThis(Node* node)
-{
-    SpeculateCellOperand function(this, node->child1());
-    GPRTemporary result(this, Reuse, function);
-    m_jit.loadPtr(JITCompiler::Address(function.gpr(), JSArrowFunction::offsetOfThisValue()), result.gpr());
-    cellResult(result.gpr(), node);
-}
     
 void SpeculativeJIT::compileSkipScope(Node* node)

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

@@ -2201 +2201 @@
     
     void compileGetScope(Node*);
-    void compileLoadArrowFunctionThis(Node*);
     void compileSkipScope(Node*);
 

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -3800 +3800 @@
         compileGetScope(node);
         break;
-
-    case LoadArrowFunctionThis:
-        compileLoadArrowFunctionThis(node);
-        break;
             
     case SkipScope:

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -3838 +3838 @@
         break;
             
-    case LoadArrowFunctionThis:
-        compileLoadArrowFunctionThis(node);
-        break;
-            
     case SkipScope:
         compileSkipScope(node);

trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp

@@ -153 +153 @@
     case GetExecutable:
     case GetScope:
-    case LoadArrowFunctionThis:
     case GetCallee:
     case GetArgumentCount:

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp

@@ -810 +810 @@
         case GetScope:
             compileGetScope();
-            break;
-        case LoadArrowFunctionThis:
-            compileLoadArrowFunctionThis();
             break;
         case SkipScope:
@@ -4508 +4505 @@
     }
     
-    void compileLoadArrowFunctionThis()
-    {
-        setJSValue(m_out.loadPtr(lowCell(m_node->child1()), m_heaps.JSArrowFunction_this));
-    }
-    
     void compileSkipScope()
     {

trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp

@@ -165 +165 @@
         FunctionExecutable* executable = nullptr;
         JSScope* activation = nullptr;
-        JSValue boundThis;
-        bool isArrowFunction = false;
         for (unsigned i = materialization->properties().size(); i--;) {
             const ExitPropertyValue& property = materialization->properties()[i];
@@ -173 +171 @@
             if (property.location() == PromotedLocationDescriptor(FunctionActivationPLoc))
                 activation = jsCast<JSScope*>(JSValue::decode(values[i]));
-            if (property.location() == PromotedLocationDescriptor(ArrowFunctionBoundThisPLoc)) {
-                isArrowFunction = true;
-                boundThis = JSValue::decode(values[i]);
-            }
         }
         RELEASE_ASSERT(executable && activation);
 
         
-        JSFunction* result = isArrowFunction
-            ? JSArrowFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation, boundThis)
-            : JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
+        JSFunction* result = JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
 
         return result;

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -173 +173 @@
 
         ThisTDZMode thisTDZMode = callerCodeBlock->unlinkedCodeBlock()->constructorKind() == ConstructorKind::Derived ? ThisTDZMode::AlwaysCheck : ThisTDZMode::CheckIfNeeded;
-        eval = callerCodeBlock->evalCodeCache().getSlow(callFrame, callerCodeBlock, callerCodeBlock->isStrictMode(), thisTDZMode, programSource, callerScopeChain);
+        eval = callerCodeBlock->evalCodeCache().getSlow(callFrame, callerCodeBlock, callerCodeBlock->isStrictMode(), thisTDZMode, callerCodeBlock->unlinkedCodeBlock()->isDerivedConstructorContext(), callerCodeBlock->unlinkedCodeBlock()->isArrowFunction(), programSource, callerScopeChain);
         if (!eval)
             return jsUndefined();

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -222 +222 @@
         DEFINE_OP(op_enter)
         DEFINE_OP(op_get_scope)
-        DEFINE_OP(op_load_arrowfunction_this)
         DEFINE_OP(op_eq)
         DEFINE_OP(op_eq_null)

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -501 +501 @@
         void emit_op_enter(Instruction*);
         void emit_op_get_scope(Instruction*);
-        void emit_op_load_arrowfunction_this(Instruction*);
         void emit_op_eq(Instruction*);
         void emit_op_eq_null(Instruction*);

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -685 +685 @@
     emitStoreCell(dst, regT0);
 }
-    
-void JIT::emit_op_load_arrowfunction_this(Instruction* currentInstruction)
-{
-    int dst = currentInstruction[1].u.operand;
-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, regT0);
-    loadPtr(Address(regT0, JSArrowFunction::offsetOfThisValue()), regT0);
-    emitStoreCell(dst, regT0);
-}
 
 void JIT::emit_op_to_this(Instruction* currentInstruction)
@@ -989 +981 @@
 void JIT::emitNewFuncExprCommon(Instruction* currentInstruction)
 {
-    OpcodeID opcodeID = m_vm->interpreter->getOpcodeID(currentInstruction->u.opcode);
-    bool isArrowFunction = opcodeID == op_new_arrow_func_exp;
-    
     Jump notUndefinedScope;
     int dst = currentInstruction[1].u.operand;
 #if USE(JSVALUE64)
     emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
-    if (isArrowFunction)
-        emitGetVirtualRegister(currentInstruction[4].u.operand, regT1);
     notUndefinedScope = branch64(NotEqual, regT0, TrustedImm64(JSValue::encode(jsUndefined())));
     store64(TrustedImm64(JSValue::encode(jsUndefined())), Address(callFrameRegister, sizeof(Register) * dst));
 #else
     emitLoadPayload(currentInstruction[2].u.operand, regT0);
-    if (isArrowFunction) {
-        int value = currentInstruction[4].u.operand;
-        emitLoad(value, regT3, regT2);
-    }
     notUndefinedScope = branch32(NotEqual, tagFor(currentInstruction[2].u.operand), TrustedImm32(JSValue::UndefinedTag));
     emitStore(dst, jsUndefined());
@@ -1013 +996 @@
         
     FunctionExecutable* function = m_codeBlock->functionExpr(currentInstruction[3].u.operand);
-    if (isArrowFunction)
-#if USE(JSVALUE64)
-        callOperation(operationNewArrowFunction, dst, regT0, function, regT1);
-#else 
-        callOperation(operationNewArrowFunction, dst, regT0, function, regT3, regT2);
-#endif
-    else
-        callOperation(operationNewFunction, dst, regT0, function);
+    callOperation(operationNewFunction, dst, regT0, function);
     done.link(this);
 }

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -939 +939 @@
 }
 
-void JIT::emit_op_load_arrowfunction_this(Instruction* currentInstruction)
-{
-    int dst = currentInstruction[1].u.operand;
-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, regT0);
-    loadPtr(Address(regT0, JSArrowFunction::offsetOfThisValue()), regT0);
-    emitStoreCell(dst, regT0);
-}
-
 void JIT::emit_op_create_this(Instruction* currentInstruction)
 {

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -1056 +1056 @@
 {
     LLINT_BEGIN();
-
-    JSValue thisValue = LLINT_OP_C(4).jsValue();
+    
     CodeBlock* codeBlock = exec->codeBlock();
     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
     
-    LLINT_RETURN(JSArrowFunction::create(vm, executable, scope, thisValue));
+    LLINT_RETURN(JSFunction::create(vm, executable, scope));
 }
 

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -1462 +1462 @@
     traceExecution()
     callSlowPath(_llint_slow_path_new_arrow_func_exp)
-    dispatch(5)
+    dispatch(4)
 
 _llint_op_call:

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -2423 +2423 @@
 
 
-_llint_op_load_arrowfunction_this:
-    traceExecution()
-    loadi Callee + PayloadOffset[cfr], t0
-    loadi JSArrowFunction::m_boundThis[t0], t0
-    loadisFromInstruction(1, t1)
-    storei CellTag, TagOffset[cfr, t1, 8]
-    storei t0, PayloadOffset[cfr, t1, 8]
-    dispatch(2)
-
-
 _llint_op_get_rest_length:
     traceExecution()

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -2285 +2285 @@
     dispatch(6)
 
+
+
 _llint_op_profile_control_flow:
     traceExecution()
@@ -2290 +2292 @@
     addq 1, BasicBlockLocation::m_executionCount[t0]
     dispatch(2)
-
-
-_llint_op_load_arrowfunction_this:
-    traceExecution()
-    loadp Callee[cfr], t0
-    loadp JSArrowFunction::m_boundThis[t0], t0
-    loadisFromInstruction(1, t1)
-    storeq t0, [cfr, t1, 8]
-    dispatch(2)
-
 
 _llint_op_get_rest_length:

trunk/Source/JavaScriptCore/parser/ASTBuilder.h

@@ -375 +375 @@
     ExpressionNode* createArrowFunctionExpr(const JSTokenLocation& location, const ParserFunctionInfo<ASTBuilder>& functionInfo)
     {
-        usesThis();
+        usesArrowFunction();
         SourceCode source = m_sourceCode->subExpression(functionInfo.startOffset, functionInfo.body->isArrowFunctionBodyExpression() ? functionInfo.endOffset - 1 : functionInfo.endOffset, functionInfo.startLine, functionInfo.bodyStartColumn);
         ArrowFuncExprNode* result = new (m_parserArena) ArrowFuncExprNode(location, *functionInfo.name, functionInfo.body, source);
@@ -913 +913 @@
     void incConstants() { m_scope.m_numConstants++; }
     void usesThis() { m_scope.m_features |= ThisFeature; }
+    void usesArrowFunction() { m_scope.m_features |= ArrowFunctionFeature; }
     void usesArguments() { m_scope.m_features |= ArgumentsFeature; }
     void usesWith() { m_scope.m_features |= WithFeature; }

trunk/Source/JavaScriptCore/parser/Nodes.h

@@ -1560 +1560 @@
         bool usesEval() const { return m_features & EvalFeature; }
         bool usesArguments() const { return (m_features & ArgumentsFeature) && !(m_features & ShadowsArgumentsFeature); }
+        bool usesArrowFunction() const { return m_features & ArrowFunctionFeature; }
         bool modifiesParameter() const { return m_features & ModifiedParameterFeature; }
         bool modifiesArguments() const { return m_features & (EvalFeature | ModifiedArgumentsFeature); }

trunk/Source/JavaScriptCore/parser/Parser.cpp

@@ -1877 +1877 @@
         semanticFailIfTrue(m_vm->propertyNames->eval == *functionInfo.name, "'", functionInfo.name->impl(), "' is not a valid function name in strict mode");
     }
-    if (functionScope->hasDirectSuper()) {
+    if (functionScope->hasDirectSuper() && functionBodyType == StandardFunctionBodyBlock) {
         semanticFailIfTrue(!isClassConstructor, "Cannot call super() outside of a class constructor");
         semanticFailIfTrue(constructorKind != ConstructorKind::Derived, "Cannot call super() in a base class constructor");
     }
-    if (functionScope->needsSuperBinding())
+    if (functionScope->needsSuperBinding() && functionBodyType == StandardFunctionBodyBlock)
         semanticFailIfTrue(expectedSuperBinding == SuperBinding::NotNeeded, "super can only be used in a method of a derived class");
 

trunk/Source/JavaScriptCore/parser/ParserModes.h

@@ -144 +144 @@
 typedef unsigned CodeFeatures;
 
-const CodeFeatures NoFeatures =                    0;
-const CodeFeatures EvalFeature =              1 << 0;
-const CodeFeatures ArgumentsFeature =         1 << 1;
-const CodeFeatures WithFeature =              1 << 2;
-const CodeFeatures ThisFeature =              1 << 3;
-const CodeFeatures StrictModeFeature =        1 << 4;
-const CodeFeatures ShadowsArgumentsFeature =  1 << 5;
-const CodeFeatures ModifiedParameterFeature = 1 << 6;
-const CodeFeatures ModifiedArgumentsFeature = 1 << 7;
+const CodeFeatures NoFeatures =                       0;
+const CodeFeatures EvalFeature =                 1 << 0;
+const CodeFeatures ArgumentsFeature =            1 << 1;
+const CodeFeatures WithFeature =                 1 << 2;
+const CodeFeatures ThisFeature =                 1 << 3;
+const CodeFeatures StrictModeFeature =           1 << 4;
+const CodeFeatures ShadowsArgumentsFeature =     1 << 5;
+const CodeFeatures ModifiedParameterFeature =    1 << 6;
+const CodeFeatures ModifiedArgumentsFeature =    1 << 7;
+const CodeFeatures ArrowFunctionFeature =        1 << 8;
+const CodeFeatures ArrowFunctionContextFeature = 1 << 9;
 
-const CodeFeatures AllFeatures = EvalFeature | ArgumentsFeature | WithFeature | ThisFeature | StrictModeFeature | ShadowsArgumentsFeature | ModifiedParameterFeature;
+const CodeFeatures AllFeatures = EvalFeature | ArgumentsFeature | WithFeature | ThisFeature | StrictModeFeature | ShadowsArgumentsFeature | ModifiedParameterFeature | ArrowFunctionFeature | ArrowFunctionContextFeature;
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/CodeCache.cpp

@@ -84 +84 @@
 
 template <class UnlinkedCodeBlockType, class ExecutableType>
-UnlinkedCodeBlockType* CodeCache::getGlobalCodeBlock(VM& vm, ExecutableType* executable, const SourceCode& source, JSParserBuiltinMode builtinMode,
-    JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
+UnlinkedCodeBlockType* CodeCache::getGlobalCodeBlock(VM& vm, ExecutableType* executable, const SourceCode& source, JSParserBuiltinMode builtinMode, JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, bool, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
 {
     SourceCodeKey key = SourceCodeKey(source, String(), CacheTypes<UnlinkedCodeBlockType>::codeType, builtinMode, strictMode, thisTDZMode);
@@ -113 +112 @@
     unsigned unlinkedEndColumn = rootNode->endColumn();
     unsigned endColumn = unlinkedEndColumn + (endColumnIsOnStartLine ? startColumn : 1);
-    executable->recordParse(rootNode->features(), rootNode->hasCapturedVariables(), rootNode->firstLine(), rootNode->lastLine(), startColumn, endColumn);
+    unsigned arrowContextFeature = executable->isArrowFunctionContext() ? ArrowFunctionContextFeature : 0;
+    executable->recordParse(rootNode->features() | arrowContextFeature, rootNode->hasCapturedVariables(), rootNode->firstLine(), rootNode->lastLine(), startColumn, endColumn);
 
     UnlinkedCodeBlockType* unlinkedCodeBlock = UnlinkedCodeBlockType::create(&vm, executable->executableInfo());
@@ -133 +133 @@
 {
     VariableEnvironment emptyParentTDZVariables;
-    return getGlobalCodeBlock<UnlinkedProgramCodeBlock>(vm, executable, source, builtinMode, strictMode, ThisTDZMode::CheckIfNeeded, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
+    return getGlobalCodeBlock<UnlinkedProgramCodeBlock>(vm, executable, source, builtinMode, strictMode, ThisTDZMode::CheckIfNeeded, false, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
 }
 
-UnlinkedEvalCodeBlock* CodeCache::getEvalCodeBlock(VM& vm, EvalExecutable* executable, const SourceCode& source, JSParserBuiltinMode builtinMode, JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
+UnlinkedEvalCodeBlock* CodeCache::getEvalCodeBlock(VM& vm, EvalExecutable* executable, const SourceCode& source, JSParserBuiltinMode builtinMode, JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, bool isArrowFunctionContext, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
 {
-    return getGlobalCodeBlock<UnlinkedEvalCodeBlock>(vm, executable, source, builtinMode, strictMode, thisTDZMode, debuggerMode, profilerMode, error, variablesUnderTDZ);
+    return getGlobalCodeBlock<UnlinkedEvalCodeBlock>(vm, executable, source, builtinMode, strictMode, thisTDZMode, isArrowFunctionContext, debuggerMode, profilerMode, error, variablesUnderTDZ);
 }
 
@@ -144 +144 @@
 {
     VariableEnvironment emptyParentTDZVariables;
-    return getGlobalCodeBlock<UnlinkedModuleProgramCodeBlock>(vm, executable, source, builtinMode, JSParserStrictMode::Strict, ThisTDZMode::CheckIfNeeded, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
+    return getGlobalCodeBlock<UnlinkedModuleProgramCodeBlock>(vm, executable, source, builtinMode, JSParserStrictMode::Strict, ThisTDZMode::CheckIfNeeded, false, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
 }
 
@@ -189 +189 @@
     // The Function constructor only has access to global variables, so no variables will be under TDZ.
     VariableEnvironment emptyTDZVariables;
-    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, UnlinkedNormalFunction, ConstructAbility::CanConstruct, emptyTDZVariables);
+    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, UnlinkedNormalFunction, ConstructAbility::CanConstruct, emptyTDZVariables, false);
     functionExecutable->m_nameValue.set(vm, functionExecutable, jsString(&vm, name.string()));
 

trunk/Source/JavaScriptCore/runtime/CodeCache.h

@@ -259 +259 @@
 
     UnlinkedProgramCodeBlock* getProgramCodeBlock(VM&, ProgramExecutable*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, DebuggerMode, ProfilerMode, ParserError&);
-    UnlinkedEvalCodeBlock* getEvalCodeBlock(VM&, EvalExecutable*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
+    UnlinkedEvalCodeBlock* getEvalCodeBlock(VM&, EvalExecutable*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, bool, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
     UnlinkedModuleProgramCodeBlock* getModuleProgramCodeBlock(VM&, ModuleProgramExecutable*, const SourceCode&, JSParserBuiltinMode, DebuggerMode, ProfilerMode, ParserError&);
     UnlinkedFunctionExecutable* getFunctionExecutableFromGlobalCode(VM&, const Identifier&, const SourceCode&, ParserError&);
@@ -270 +270 @@
 private:
     template <class UnlinkedCodeBlockType, class ExecutableType> 
-    UnlinkedCodeBlockType* getGlobalCodeBlock(VM&, ExecutableType*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
+    UnlinkedCodeBlockType* getGlobalCodeBlock(VM&, ExecutableType*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, bool, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
 
     CodeCacheMap m_sourceCode;

trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h

@@ -331 +331 @@
     macro(Float32Array) \
     macro(Float64Array) \
+    macro(newTargetLocal) \
+    macro(derivedConstructor) \
+
 
 

trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

@@ -226 +226 @@
 #if !ASSERT_DISABLED
     ConstructData constructData;
-    ASSERT(constructor->methodTable()->getConstructData(constructor, constructData) == ConstructTypeJS);
+    ASSERT(constructor->methodTable()->getConstructData(constructor, constructData) == ConstructTypeJS || constructor->jsExecutable()->isArrowFunction());
 #endif
 

trunk/Source/JavaScriptCore/runtime/Executable.cpp

@@ -132 +132 @@
 const ClassInfo ScriptExecutable::s_info = { "ScriptExecutable", &ExecutableBase::s_info, 0, CREATE_METHOD_TABLE(ScriptExecutable) };
 
-ScriptExecutable::ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext)
+ScriptExecutable::ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext, bool isInDerivedConstructorContext, bool isInArrowFunctionContext)
     : ExecutableBase(vm, structure, NUM_PARAMETERS_NOT_COMPILED)
     , m_source(source)
@@ -139 +139 @@
     , m_neverInline(false)
     , m_didTryToEnterInLoop(false)
+    , m_isDerivedConstructorContext(isInDerivedConstructorContext)
+    , m_isArrowFunctionContext(isInArrowFunctionContext)
     , m_overrideLineNumber(-1)
     , m_firstLine(-1)
@@ -413 +415 @@
 const ClassInfo EvalExecutable::s_info = { "EvalExecutable", &ScriptExecutable::s_info, 0, CREATE_METHOD_TABLE(EvalExecutable) };
 
-EvalExecutable* EvalExecutable::create(ExecState* exec, const SourceCode& source, bool isInStrictContext, ThisTDZMode thisTDZMode, const VariableEnvironment* variablesUnderTDZ)
+EvalExecutable* EvalExecutable::create(ExecState* exec, const SourceCode& source, bool isInStrictContext, ThisTDZMode thisTDZMode, bool isDerivedConstructorContext, bool isArrowFunctionContext, const VariableEnvironment* variablesUnderTDZ)
 {
     JSGlobalObject* globalObject = exec->lexicalGlobalObject();
@@ -421 +423 @@
     }
 
-    EvalExecutable* executable = new (NotNull, allocateCell<EvalExecutable>(*exec->heap())) EvalExecutable(exec, source, isInStrictContext);
+    EvalExecutable* executable = new (NotNull, allocateCell<EvalExecutable>(*exec->heap())) EvalExecutable(exec, source, isInStrictContext, isDerivedConstructorContext, isArrowFunctionContext);
     executable->finishCreation(exec->vm());
 
-    UnlinkedEvalCodeBlock* unlinkedEvalCode = globalObject->createEvalCodeBlock(exec, executable, thisTDZMode, variablesUnderTDZ);
+    UnlinkedEvalCodeBlock* unlinkedEvalCode = globalObject->createEvalCodeBlock(exec, executable, thisTDZMode, isArrowFunctionContext, variablesUnderTDZ);
     if (!unlinkedEvalCode)
         return 0;
@@ -433 +435 @@
 }
 
-EvalExecutable::EvalExecutable(ExecState* exec, const SourceCode& source, bool inStrictContext)
-    : ScriptExecutable(exec->vm().evalExecutableStructure.get(), exec->vm(), source, inStrictContext)
+EvalExecutable::EvalExecutable(ExecState* exec, const SourceCode& source, bool inStrictContext, bool isDerivedConstructorContext, bool isArrowFunctionContext)
+    : ScriptExecutable(exec->vm().evalExecutableStructure.get(), exec->vm(), source, inStrictContext, isDerivedConstructorContext, isArrowFunctionContext)
 {
 }
@@ -446 +448 @@
 
 ProgramExecutable::ProgramExecutable(ExecState* exec, const SourceCode& source)
-    : ScriptExecutable(exec->vm().programExecutableStructure.get(), exec->vm(), source, false)
+    : ScriptExecutable(exec->vm().programExecutableStructure.get(), exec->vm(), source, false, false, false)
 {
     m_typeProfilingStartOffset = 0;
@@ -462 +464 @@
 
 ModuleProgramExecutable::ModuleProgramExecutable(ExecState* exec, const SourceCode& source)
-    : ScriptExecutable(exec->vm().moduleProgramExecutableStructure.get(), exec->vm(), source, false)
+    : ScriptExecutable(exec->vm().moduleProgramExecutableStructure.get(), exec->vm(), source, false, false, false)
 {
     m_typeProfilingStartOffset = 0;
@@ -493 +495 @@
 const ClassInfo FunctionExecutable::s_info = { "FunctionExecutable", &ScriptExecutable::s_info, 0, CREATE_METHOD_TABLE(FunctionExecutable) };
 
-FunctionExecutable::FunctionExecutable(VM& vm, const SourceCode& source, 
-    UnlinkedFunctionExecutable* unlinkedExecutable, unsigned firstLine, 
-    unsigned lastLine, unsigned startColumn, unsigned endColumn)
-    : ScriptExecutable(vm.functionExecutableStructure.get(), vm, source, unlinkedExecutable->isInStrictContext())
+FunctionExecutable::FunctionExecutable(VM& vm, const SourceCode& source, UnlinkedFunctionExecutable* unlinkedExecutable, unsigned firstLine, unsigned lastLine, unsigned startColumn, unsigned endColumn)
+    : ScriptExecutable(vm.functionExecutableStructure.get(), vm, source, unlinkedExecutable->isInStrictContext(), unlinkedExecutable->isDerivedConstructorContext(), false)
     , m_unlinkedExecutable(vm, this, unlinkedExecutable)
 {

trunk/Source/JavaScriptCore/runtime/Executable.h

@@ -345 +345 @@
     bool usesArguments() const { return m_features & ArgumentsFeature; }
     bool needsActivation() const { return m_hasCapturedVariables || m_features & (EvalFeature | WithFeature); }
+    bool isArrowFunctionContext() const { return m_isArrowFunctionContext; }
     bool isStrictMode() const { return m_features & StrictModeFeature; }
+    bool isDerivedConstructorContext() const { return m_isDerivedConstructorContext; }
     ECMAMode ecmaMode() const { return isStrictMode() ? StrictMode : NotStrictMode; }
         
@@ -394 +396 @@
 
 protected:
-    ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext);
+    ScriptExecutable(Structure*, VM&, const SourceCode&, bool isInStrictContext, bool isInDerivedConstructorContext, bool isInArrowFunctionContext);
 
     void finishCreation(VM& vm)
@@ -413 +415 @@
     bool m_neverOptimize { false };
     bool m_didTryToEnterInLoop;
+    bool m_isDerivedConstructorContext;
+    bool m_isArrowFunctionContext;
     int m_overrideLineNumber;
     int m_firstLine;
@@ -435 +439 @@
     }
 
-    static EvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, ThisTDZMode, const VariableEnvironment*);
+    static EvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, ThisTDZMode, bool isDerivedConstructorContext, bool isArrowFunctionContext, const VariableEnvironment*);
 
     PassRefPtr<JITCode> generatedJITCode()
@@ -449 +453 @@
     DECLARE_INFO;
 
-    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, false); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, false, isDerivedConstructorContext(), isArrowFunctionContext()); }
 
     unsigned numVariables() { return m_unlinkedEvalCodeBlock->numVariables(); }
@@ -457 +461 @@
     friend class ExecutableBase;
     friend class ScriptExecutable;
-    EvalExecutable(ExecState*, const SourceCode&, bool);
+    EvalExecutable(ExecState*, const SourceCode&, bool inStrictContext, bool isDerivedConstructorContext, bool isArrowFunctionContext);
 
     static void visitChildren(JSCell*, SlotVisitor&);
@@ -502 +506 @@
     DECLARE_INFO;
 
-    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, false); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, false, isDerivedConstructorContext(), false); }
 
 private:
@@ -543 +547 @@
     DECLARE_INFO;
 
-    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, false); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, false, isDerivedConstructorContext(), false); }
+
     UnlinkedModuleProgramCodeBlock* unlinkedModuleProgramCodeBlock() { return m_unlinkedModuleProgramCodeBlock.get(); }
 
@@ -652 +657 @@
     ConstructAbility constructAbility() const { return m_unlinkedExecutable->constructAbility(); }
     bool isArrowFunction() const { return m_unlinkedExecutable->isArrowFunction(); }
+    bool isDerivedConstructorContext() const { return m_unlinkedExecutable->isDerivedConstructorContext(); }
     bool isClassConstructorFunction() const { return m_unlinkedExecutable->isClassConstructorFunction(); }
     const Identifier& name() { return m_unlinkedExecutable->name(); }

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -950 +950 @@
 }
 
-UnlinkedEvalCodeBlock* JSGlobalObject::createEvalCodeBlock(CallFrame* callFrame, EvalExecutable* executable, ThisTDZMode thisTDZMode, const VariableEnvironment* variablesUnderTDZ)
+UnlinkedEvalCodeBlock* JSGlobalObject::createEvalCodeBlock(CallFrame* callFrame, EvalExecutable* executable, ThisTDZMode thisTDZMode, bool isArrowFunctionContext, const VariableEnvironment* variablesUnderTDZ)
 {
     ParserError error;
@@ -957 +957 @@
     ProfilerMode profilerMode = hasProfiler() ? ProfilerOn : ProfilerOff;
     UnlinkedEvalCodeBlock* unlinkedCodeBlock = vm().codeCache()->getEvalCodeBlock(
-        vm(), executable, executable->source(), JSParserBuiltinMode::NotBuiltin, strictMode, thisTDZMode, debuggerMode, profilerMode, error, variablesUnderTDZ);
+        vm(), executable, executable->source(), JSParserBuiltinMode::NotBuiltin, strictMode, thisTDZMode, isArrowFunctionContext, debuggerMode, profilerMode, error, variablesUnderTDZ);
 
     if (hasDebugger())

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -662 +662 @@
 
     UnlinkedProgramCodeBlock* createProgramCodeBlock(CallFrame*, ProgramExecutable*, JSObject** exception);
-    UnlinkedEvalCodeBlock* createEvalCodeBlock(CallFrame*, EvalExecutable*, ThisTDZMode, const VariableEnvironment*);
+    UnlinkedEvalCodeBlock* createEvalCodeBlock(CallFrame*, EvalExecutable*, ThisTDZMode, bool isArrowFunctionContext, const VariableEnvironment*);
     UnlinkedModuleProgramCodeBlock* createModuleProgramCodeBlock(CallFrame*, ModuleProgramExecutable*);
 

trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

@@ -582 +582 @@
     JSGlobalObject* calleeGlobalObject = exec->callee()->globalObject();
     VariableEnvironment emptyTDZVariables; // Indirect eval does not have access to the lexical scope.
-    EvalExecutable* eval = EvalExecutable::create(exec, makeSource(s), false, ThisTDZMode::CheckIfNeeded, &emptyTDZVariables);
+    EvalExecutable* eval = EvalExecutable::create(exec, makeSource(s), false, ThisTDZMode::CheckIfNeeded, false, false, &emptyTDZVariables);
     if (!eval)
         return JSValue::encode(jsUndefined());

trunk/Source/JavaScriptCore/tests/es6.yaml

@@ -744 +744 @@
   cmd: runES6 :fail
 - path: es6/arrow_functions_lexical_new.target_binding.js
-  cmd: runES6 :fail
+  cmd: runES6 :normal
 - path: es6/arrow_functions_lexical_super_binding.js
   cmd: runES6 :fail

trunk/Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink-osrexit.js

@@ -1 @@
-var n = 1000000;
+var n = 100000;
 
 function bar() { }

trunk/Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink.js

@@ -1 @@
-var n = 10000000;
+var n = 1000000;
 
 function bar(f) { f(10); }

trunk/Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-this-1.js

@@ -9 +9 @@
   this.getName = () => eval("this.name");
   this.getNameHard = () => eval("(() => this.name)()");
+  this.getNameReallyHard = () => eval("eval('(() => this.name)()')");
 }
 
@@ -17 +18 @@
   testCase(d.getName(), d.name, "Error: this is not lexically binded inside of the arrow function #1");
   testCase(d.getNameHard(), d.name, "Error: this is not lexically binded inside of the arrow function #2");
+  testCase(d.getNameReallyHard(), d.name, "Error: this is not lexically binded inside of the arrow function #3");
 }