Context Navigation

← Previous Changeset
Next Changeset →

Changeset 193584 in webkit

Timestamp:

Dec 6, 2015 12:56:30 PM (8 years ago)

Author:

commit-queue@webkit.org

Message:

[ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
https://bugs.webkit.org/show_bug.cgi?id=149338

Source/JavaScriptCore:

Patch by Aleksandr Skachkov <gskachkov@gmail.com> on 2015-12-05
Reviewed by Saam Barati.

Implemented new version of the lexically bound 'this' in arrow function. In current version
'this' is stored inside of the lexical environment of the function. To store and load we use
op_get_from_scope and op_put_to_scope operations. Also new implementation prevent raising TDZ
error for arrow functions that are declared before super() but invoke after.

builtins/BuiltinExecutables.cpp:

(JSC::createExecutableInternal):

bytecode/BytecodeList.json:
bytecode/BytecodeUseDef.h:
bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::getSlow):

bytecode/ExecutableInfo.h:

(JSC::ExecutableInfo::ExecutableInfo):
(JSC::ExecutableInfo::isDerivedConstructorContext):
(JSC::ExecutableInfo::isArrowFunctionContext):

bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::isArrowFunction):
(JSC::UnlinkedCodeBlock::isDerivedConstructorContext):
(JSC::UnlinkedCodeBlock::isArrowFunctionContext):

bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

bytecode/UnlinkedFunctionExecutable.h:
bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
(JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope):
(JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
(JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::isDerivedConstructorContext):
(JSC::BytecodeGenerator::usesArrowFunction):
(JSC::BytecodeGenerator::needsToUpdateArrowFunctionContext):
(JSC::BytecodeGenerator::usesEval):
(JSC::BytecodeGenerator::usesThis):
(JSC::BytecodeGenerator::newTarget):
(JSC::BytecodeGenerator::makeFunction):

bytecompiler/NodesCodegen.cpp:

(JSC::ThisNode::emitBytecode):
(JSC::SuperNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionNode::emitBytecode):

debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::evaluate):

dfg/DFGAbstractInterpreterInlines.h:
dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:
dfg/DFGClobberize.h:
dfg/DFGDoesGC.cpp:
dfg/DFGFixupPhase.cpp:
dfg/DFGNodeType.h:
dfg/DFGObjectAllocationSinkingPhase.cpp:
dfg/DFGPredictionPropagationPhase.cpp:
dfg/DFGPromotedHeapLocation.cpp:
dfg/DFGPromotedHeapLocation.h:
dfg/DFGSafeToExecute.h:
dfg/DFGSpeculativeJIT.cpp:
dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:
dfg/DFGSpeculativeJIT64.cpp:
ftl/FTLCapabilities.cpp:
ftl/FTLLowerDFGToLLVM.cpp:
ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

interpreter/Interpreter.cpp:

(JSC::eval):

jit/JIT.cpp:
jit/JIT.h:
jit/JITOpcodes.cpp:

(JSC::JIT::emitNewFuncExprCommon):

jit/JITOpcodes32_64.cpp:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
parser/ASTBuilder.h:

(JSC::ASTBuilder::createArrowFunctionExpr):
(JSC::ASTBuilder::usesArrowFunction):

parser/Nodes.h:

(JSC::ScopeNode::usesArrowFunction):

parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFunctionInfo):

parser/ParserModes.h:
runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::CodeCache::getModuleProgramCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

runtime/CodeCache.h:
runtime/CommonIdentifiers.h:
runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/Executable.cpp:

(JSC::ScriptExecutable::ScriptExecutable):
(JSC::EvalExecutable::create):
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::ModuleProgramExecutable::ModuleProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):

runtime/Executable.h:

(JSC::ScriptExecutable::isArrowFunctionContext):
(JSC::ScriptExecutable::isDerivedConstructorContext):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::createEvalCodeBlock):

runtime/JSGlobalObject.h:
runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

tests/es6.yaml:
tests/stress/arrowfunction-activation-sink-osrexit.js:
tests/stress/arrowfunction-activation-sink.js:
tests/stress/arrowfunction-lexical-bind-newtarget.js: Added.
tests/stress/arrowfunction-lexical-bind-supercall-1.js: Added.
tests/stress/arrowfunction-lexical-bind-supercall-2.js: Added.
tests/stress/arrowfunction-lexical-bind-supercall-3.js: Added.
tests/stress/arrowfunction-lexical-bind-supercall-4.js: Added.
tests/stress/arrowfunction-lexical-bind-this-1.js:
tests/stress/arrowfunction-lexical-bind-this-7.js: Added.
tests/stress/arrowfunction-tdz-1.js: Added.
tests/stress/arrowfunction-tdz-2.js: Added.
tests/stress/arrowfunction-tdz-3.js: Added.
tests/stress/arrowfunction-tdz-4.js: Added.
tests/stress/arrowfunction-tdz.js: Removed.

LayoutTests:

Patch by Skachkov Oleksandr <gskachkov@gmail.com> on 2015-12-06
Reviewed by Saam Barati.

js/arrowfunction-supercall-expected.txt: Added.
js/arrowfunction-supercall.html: Added.
js/arrowfunction-tdz-expected.txt: Added new expectation.
js/script-tests/arrowfunction-supercall.js: Added.
js/script-tests/arrowfunction-tdz.js: Added new cases.

Location:

trunk

Files:

: 13 added
: 1 deleted
: 63 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/js/arrowfunction-supercall-expected.txt (added)
LayoutTests/js/arrowfunction-supercall.html (added)
LayoutTests/js/arrowfunction-tdz-expected.txt (modified) (1 diff)
LayoutTests/js/script-tests/arrowfunction-supercall.js (added)
LayoutTests/js/script-tests/arrowfunction-tdz.js (modified) (2 diffs)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/builtins/BuiltinExecutables.cpp (modified) (1 diff)
Source/JavaScriptCore/bytecode/BytecodeList.json (modified) (2 diffs)
Source/JavaScriptCore/bytecode/BytecodeUseDef.h (modified) (2 diffs)
Source/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (2 diffs)
Source/JavaScriptCore/bytecode/EvalCodeCache.h (modified) (1 diff)
Source/JavaScriptCore/bytecode/ExecutableInfo.h (modified) (4 diffs)
Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (modified) (1 diff)
Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (modified) (2 diffs)
Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp (modified) (3 diffs)
Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h (modified) (3 diffs)
Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (15 diffs)
Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (modified) (12 diffs)
Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (5 diffs)
Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (modified) (2 diffs)
Source/JavaScriptCore/dfg/DFGCapabilities.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGClobberize.h (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGDoesGC.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGNodeType.h (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp (modified) (5 diffs)
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGSafeToExecute.h (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
Source/JavaScriptCore/ftl/FTLCapabilities.cpp (modified) (1 diff)
Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (modified) (2 diffs)
Source/JavaScriptCore/ftl/FTLOperations.cpp (modified) (2 diffs)
Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)
Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)
Source/JavaScriptCore/jit/JIT.h (modified) (1 diff)
Source/JavaScriptCore/jit/JITOpcodes.cpp (modified) (3 diffs)
Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (modified) (1 diff)
Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (1 diff)
Source/JavaScriptCore/llint/LowLevelInterpreter.asm (modified) (1 diff)
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (1 diff)
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (2 diffs)
Source/JavaScriptCore/parser/ASTBuilder.h (modified) (2 diffs)
Source/JavaScriptCore/parser/Nodes.h (modified) (1 diff)
Source/JavaScriptCore/parser/Parser.cpp (modified) (1 diff)
Source/JavaScriptCore/parser/ParserModes.h (modified) (1 diff)
Source/JavaScriptCore/runtime/CodeCache.cpp (modified) (5 diffs)
Source/JavaScriptCore/runtime/CodeCache.h (modified) (2 diffs)
Source/JavaScriptCore/runtime/CommonIdentifiers.h (modified) (1 diff)
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/Executable.cpp (modified) (8 diffs)
Source/JavaScriptCore/runtime/Executable.h (modified) (10 diffs)
Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (2 diffs)
Source/JavaScriptCore/runtime/JSGlobalObject.h (modified) (1 diff)
Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp (modified) (1 diff)
Source/JavaScriptCore/tests/es6.yaml (modified) (1 diff)
Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink-osrexit.js (modified) (1 diff)
Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink.js (modified) (1 diff)
Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-newtarget.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-1.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-2.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-3.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-supercall-4.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-this-1.js (modified) (2 diffs)
Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-this-7.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-tdz-1.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-tdz-2.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-tdz-3.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-tdz-4.js (added)
Source/JavaScriptCore/tests/stress/arrowfunction-tdz.js (deleted)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r193513
+                      r193584
+-12-06  Skachkov Oleksandr  <gskachkov@gmail.com>
+        [ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
+        https://bugs.webkit.org/show_bug.cgi?id=149338
+        Reviewed by Saam Barati.
+        * js/arrowfunction-supercall-expected.txt: Added.
+        * js/arrowfunction-supercall.html: Added.
+        * js/arrowfunction-tdz-expected.txt: Added new expectation.
+        * js/script-tests/arrowfunction-supercall.js: Added.
+        * js/script-tests/arrowfunction-tdz.js: Added new cases.
 -12-05  David Kilzer  <ddkilzer@apple.com>

trunk/LayoutTests/js/arrowfunction-tdz-expected.txt

-                      r192882
+                      r193584
 PASS isReferenceError is true
+PASS isReferenceError is true
+PASS d.id is 'a'
+PASS e.id is 'a'
+PASS f.id is 'a'
+PASS isReferenceError is true
+PASS g.id is 'a'
+PASS h.id is 'a'
+PASS i.id is 'a'
 PASS successfullyParsed is true

trunk/LayoutTests/js/script-tests/arrowfunction-tdz.js

-                      r192882
+                      r193584
 description('Tests for ES6 arrow function test tdz');
+var A = class A { };
+var A = class A {
+  constructor() {
+    this.id = 'a';
+  }
+};
 var B = class B extends A {
   constructor(accessThisBeforeSuper) {
+    var f = () => this;
     if (accessThisBeforeSuper) {
       var f = () => this;
+      f();
       super();
     } else {
       super();
+      f();
+    }
+  }
 …
 shouldBe('isReferenceError', 'true');
+var e = new B(false);
+var a = new B(false);
+var D = class D extends A {
+  constructor(accessThisBeforeSuper, returnThis) {
+    var f = () => returnThis ? this : {};
+    if (accessThisBeforeSuper) {
+      let val = f();
+      super();
+    } else {
+      super();
+      let val = f();
+    }
+  }
+};
+isReferenceError = false;
+try {
+      new D(true, true);
+} catch (e) {
+      isReferenceError = e instanceof ReferenceError;
+}
+shouldBe('isReferenceError', 'true');
+var d = new D(false, true);
+shouldBe('d.id', "'a'");
+var e = new D(false, false);
+shouldBe('e.id', "'a'");
+var f = new D(true, false);
+shouldBe('f.id', "'a'");
+var G = class G extends A {
+  constructor(accessThisBeforeSuper, returnThis) {
+    var f = () => returnThis ? (() => this ) : (()=>{});
+    let af = f();
+    if (accessThisBeforeSuper) {
+      let result = af();
+      super();
+    } else {
+      super();
+      let result = af();
+    }
+  }
+};
+try {
+      new G(true, true);
+} catch (e) {
+    exception = e;
+    isReferenceError = e instanceof ReferenceError;
+}
+shouldBe('isReferenceError', 'true');
+var g = new G(false, true);
+shouldBe('g.id', "'a'");
+var h = new G(false, false);
+shouldBe('h.id', "'a'");
+var i = new G(true, false);
+shouldBe('i.id', "'a'");
 var successfullyParsed = true;

trunk/Source/JavaScriptCore/ChangeLog

-                      r193566
+                      r193584
+-12-05 Aleksandr Skachkov   <gskachkov@gmail.com>
+        [ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
+        https://bugs.webkit.org/show_bug.cgi?id=149338
+        Reviewed by Saam Barati.
+        Implemented new version of the lexically bound 'this' in arrow function. In current version
+        'this' is stored inside of the lexical environment of the function. To store and load we use
+        op_get_from_scope and op_put_to_scope operations. Also new implementation prevent raising TDZ
+        error for arrow functions that are declared before super() but invoke after.
+        * builtins/BuiltinExecutables.cpp:
+        (JSC::createExecutableInternal):
+        * bytecode/BytecodeList.json:
+        * bytecode/BytecodeUseDef.h:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpBytecode):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::getSlow):
+        * bytecode/ExecutableInfo.h:
+        (JSC::ExecutableInfo::ExecutableInfo):
+        (JSC::ExecutableInfo::isDerivedConstructorContext):
+        (JSC::ExecutableInfo::isArrowFunctionContext):
+        * bytecode/UnlinkedCodeBlock.cpp:
+        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
+        * bytecode/UnlinkedCodeBlock.h:
+        (JSC::UnlinkedCodeBlock::isArrowFunction):
+        (JSC::UnlinkedCodeBlock::isDerivedConstructorContext):
+        (JSC::UnlinkedCodeBlock::isArrowFunctionContext):
+        * bytecode/UnlinkedFunctionExecutable.cpp:
+        (JSC::generateUnlinkedFunctionCodeBlock):
+        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
+        * bytecode/UnlinkedFunctionExecutable.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
+        (JSC::BytecodeGenerator::variable):
+        (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
+        (JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment):
+        (JSC::BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope):
+        (JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
+        (JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::isDerivedConstructorContext):
+        (JSC::BytecodeGenerator::usesArrowFunction):
+        (JSC::BytecodeGenerator::needsToUpdateArrowFunctionContext):
+        (JSC::BytecodeGenerator::usesEval):
+        (JSC::BytecodeGenerator::usesThis):
+        (JSC::BytecodeGenerator::newTarget):
+        (JSC::BytecodeGenerator::makeFunction):
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::ThisNode::emitBytecode):
+        (JSC::SuperNode::emitBytecode):
+        (JSC::EvalFunctionCallNode::emitBytecode):
+        (JSC::FunctionCallValueNode::emitBytecode):
+        (JSC::FunctionNode::emitBytecode):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * dfg/DFGAbstractInterpreterInlines.h:
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * dfg/DFGCapabilities.cpp:
+        * dfg/DFGClobberize.h:
+        * dfg/DFGDoesGC.cpp:
+        * dfg/DFGFixupPhase.cpp:
+        * dfg/DFGNodeType.h:
+        * dfg/DFGObjectAllocationSinkingPhase.cpp:
+        * dfg/DFGPredictionPropagationPhase.cpp:
+        * dfg/DFGPromotedHeapLocation.cpp:
+        * dfg/DFGPromotedHeapLocation.h:
+        * dfg/DFGSafeToExecute.h:
+        * dfg/DFGSpeculativeJIT.cpp:
+        * dfg/DFGSpeculativeJIT.h:
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        * dfg/DFGSpeculativeJIT64.cpp:
+        * ftl/FTLCapabilities.cpp:
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        * ftl/FTLOperations.cpp:
+        (JSC::FTL::operationMaterializeObjectInOSR):
+        * interpreter/Interpreter.cpp:
+        (JSC::eval):
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitNewFuncExprCommon):
+        * jit/JITOpcodes32_64.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * parser/ASTBuilder.h:
+        (JSC::ASTBuilder::createArrowFunctionExpr):
+        (JSC::ASTBuilder::usesArrowFunction):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::usesArrowFunction):
+        * parser/Parser.cpp:
+        (JSC::Parser<LexerType>::parseFunctionInfo):
+        * parser/ParserModes.h:
+        * runtime/CodeCache.cpp:
+        (JSC::CodeCache::getGlobalCodeBlock):
+        (JSC::CodeCache::getProgramCodeBlock):
+        (JSC::CodeCache::getEvalCodeBlock):
+        (JSC::CodeCache::getModuleProgramCodeBlock):
+        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
+        * runtime/CodeCache.h:
+        * runtime/CommonIdentifiers.h:
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::SLOW_PATH_DECL):
+        * runtime/Executable.cpp:
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::EvalExecutable::create):
+        (JSC::EvalExecutable::EvalExecutable):
+        (JSC::ProgramExecutable::ProgramExecutable):
+        (JSC::ModuleProgramExecutable::ModuleProgramExecutable):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        * runtime/Executable.h:
+        (JSC::ScriptExecutable::isArrowFunctionContext):
+        (JSC::ScriptExecutable::isDerivedConstructorContext):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::createEvalCodeBlock):
+        * runtime/JSGlobalObject.h:
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * tests/es6.yaml:
+        * tests/stress/arrowfunction-activation-sink-osrexit.js:
+        * tests/stress/arrowfunction-activation-sink.js:
+        * tests/stress/arrowfunction-lexical-bind-newtarget.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-1.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-2.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-3.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-supercall-4.js: Added.
+        * tests/stress/arrowfunction-lexical-bind-this-1.js:
+        * tests/stress/arrowfunction-lexical-bind-this-7.js: Added.
+        * tests/stress/arrowfunction-tdz-1.js: Added.
+        * tests/stress/arrowfunction-tdz-2.js: Added.
+        * tests/stress/arrowfunction-tdz-3.js: Added.
+        * tests/stress/arrowfunction-tdz-4.js: Added.
+        * tests/stress/arrowfunction-tdz.js: Removed.
 -12-05  Benjamin Poulain  <bpoulain@apple.com>

trunk/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp

r192937	r193584
116	116	metadata->overrideName(name);
117	117	VariableEnvironment dummyTDZVariables;
118		UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, kind, constructAbility, GeneratorThisMode::NonEmpty, dummyTDZVariables, WTF::move(sourceOverride));
	118	UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, kind, constructAbility, GeneratorThisMode::NonEmpty, dummyTDZVariables, false, WTF::move(sourceOverride));
119	119	functionExecutable->setNameValue(vm, jsString(&vm, name.string()));
120	120	return functionExecutable;

trunk/Source/JavaScriptCore/bytecode/BytecodeList.json

-                      r192937
+                      r193584
             { "name" : "op_new_generator_func", "length" : 4 },
             { "name" : "op_new_generator_func_exp", "length" : 4 },
             { "name" : "op_new_arrow_func_exp", "length" : 5 },
+            { "name" : "op_new_arrow_func_exp", "length" : 4 },
             { "name" : "op_call", "length" : 9 },
             { "name" : "op_tail_call", "length" : 9 },
 …
             { "name" : "op_enumerator_generic_pname", "length" : 4 },
             { "name" : "op_to_index_string", "length" : 3 },
-            { "name" : "op_load_arrowfunction_this", "length" : 2 },
             { "name" : "op_assert", "length" : 3 },
             { "name" : "op_copy_rest", "length": 4 },

trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h

-                      r192937
+                      r193584
     case op_assert:
     case op_get_scope:
-    case op_load_arrowfunction_this:
     case op_to_this:
     case op_check_tdz:
 …
     case op_check_tdz:
     case op_get_scope:
-    case op_load_arrowfunction_this:
     case op_create_direct_arguments:
     case op_create_scoped_arguments:

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

-                      r193491
+                      r193584
             break;
+        }
-        case op_load_arrowfunction_this: {
-            int r0 = (++it)->u.operand;
-            printLocationOpAndRegisterOperand(out, exec, location, it, "load_arrowfunction_this", r0);
-            break;
+        }
         case op_create_direct_arguments: {
             int r0 = (++it)->u.operand;
 …
             int r1 = (++it)->u.operand;
             int f0 = (++it)->u.operand;
-            int r2 = (++it)->u.operand;
             printLocationAndOp(out, exec, location, it, "op_new_arrow_func_exp");
             out.printf("%s, %s, f%d, %s", registerName(r0).data(), registerName(r1).data(), f0, registerName(r2).data());
+            out.printf("%s, %s, f%d", registerName(r0).data(), registerName(r1).data(), f0);
             break;
+        }

trunk/Source/JavaScriptCore/bytecode/EvalCodeCache.h

-                      r192937
+                      r193584
+        }
         EvalExecutable* getSlow(ExecState* exec, JSCell* owner, bool inStrictContext, ThisTDZMode thisTDZMode, const SourceCode& evalSource, JSScope* scope)
+        EvalExecutable* getSlow(ExecState* exec, JSCell* owner, bool inStrictContext, ThisTDZMode thisTDZMode, bool isDerivedConstructorContext, bool isArrowFunctionContext, const SourceCode& evalSource, JSScope* scope)
+        {
             VariableEnvironment variablesUnderTDZ;
             JSScope::collectVariablesUnderTDZ(scope, variablesUnderTDZ);
+            EvalExecutable* evalExecutable = EvalExecutable::create(exec, evalSource, inStrictContext, thisTDZMode, &variablesUnderTDZ);
+            EvalExecutable* evalExecutable = EvalExecutable::create(exec, evalSource, inStrictContext, thisTDZMode, isDerivedConstructorContext, isArrowFunctionContext, &variablesUnderTDZ);
             if (!evalExecutable)
                 return nullptr;

trunk/Source/JavaScriptCore/bytecode/ExecutableInfo.h

-                      r192937
+                      r193584
 // https://bugs.webkit.org/show_bug.cgi?id=151547
 struct ExecutableInfo {
     ExecutableInfo(bool needsActivation, bool usesEval, bool isStrictMode, bool isConstructor, bool isBuiltinFunction, ConstructorKind constructorKind, GeneratorThisMode generatorThisMode, SuperBinding superBinding, SourceParseMode parseMode)
+    ExecutableInfo(bool needsActivation, bool usesEval, bool isStrictMode, bool isConstructor, bool isBuiltinFunction, ConstructorKind constructorKind, GeneratorThisMode generatorThisMode, SuperBinding superBinding, SourceParseMode parseMode, bool isDerivedConstructorContext, bool isArrowFunctionContext)
         : m_needsActivation(needsActivation)
         , m_usesEval(usesEval)
 …
         , m_superBinding(static_cast<unsigned>(superBinding))
         , m_parseMode(parseMode)
+        , m_isDerivedConstructorContext(isDerivedConstructorContext)
+        , m_isArrowFunctionContext(isArrowFunctionContext)
+    {
         ASSERT(m_constructorKind == static_cast<unsigned>(constructorKind));
 …
     SuperBinding superBinding() const { return static_cast<SuperBinding>(m_superBinding); }
     SourceParseMode parseMode() const { return m_parseMode; }
+    bool isDerivedConstructorContext() const { return m_isDerivedConstructorContext; }
+    bool isArrowFunctionContext() const { return m_isArrowFunctionContext; }
 private:
 …
     unsigned m_superBinding : 1;
     SourceParseMode m_parseMode;
+    unsigned m_isDerivedConstructorContext : 1;
+    unsigned m_isArrowFunctionContext : 1;
 };

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp

r192937	r193584
68	68	, m_generatorThisMode(static_cast<unsigned>(info.generatorThisMode()))
69	69	, m_superBinding(static_cast<unsigned>(info.superBinding()))
	70	, m_isDerivedConstructorContext(info.isDerivedConstructorContext())
	71	, m_isArrowFunctionContext(info.isArrowFunctionContext())
70	72	, m_firstLine(0)
71	73	, m_lineCount(0)

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h

-                      r192937
+                      r193584
     bool usesEval() const { return m_usesEval; }
     SourceParseMode parseMode() const { return m_parseMode; }
+    bool isArrowFunction() const { return m_parseMode == SourceParseMode::ArrowFunctionMode; }
+    bool isDerivedConstructorContext() const { return m_isDerivedConstructorContext; }
+    bool isArrowFunctionContext() const { return m_isArrowFunctionContext; }
     bool needsFullScopeChain() const { return m_needsFullScopeChain; }
 …
     unsigned m_generatorThisMode : 1;
     unsigned m_superBinding : 1;
+    unsigned m_isDerivedConstructorContext : 1;
+    unsigned m_isArrowFunctionContext : 1;
     unsigned m_firstLine;

trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp

-                      r192937
+                      r193584
     UnlinkedFunctionCodeBlock* result = UnlinkedFunctionCodeBlock::create(&vm, FunctionCode,
+        ExecutableInfo(function->needsActivation(), function->usesEval(), function->isStrictMode(), kind == CodeForConstruct, functionKind == UnlinkedBuiltinFunction, executable->constructorKind(), executable->generatorThisMode(), executable->superBinding(), parseMode));
+        ExecutableInfo(function->needsActivation(), function->usesEval(), function->isStrictMode(), kind == CodeForConstruct, functionKind == UnlinkedBuiltinFunction, executable->constructorKind(), executable->generatorThisMode(), executable->superBinding(), parseMode,  executable->isDerivedConstructorContext(), false));
     auto generator(std::make_unique<BytecodeGenerator>(vm, function.get(), result, debuggerMode, profilerMode, executable->parentScopeTDZVariables()));
     error = generator->generate();
 …
+}
 UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM* vm, Structure* structure, const SourceCode& source, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, GeneratorThisMode generatorThisMode, VariableEnvironment& parentScopeTDZVariables)
+UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM* vm, Structure* structure, const SourceCode& source, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, GeneratorThisMode generatorThisMode, VariableEnvironment& parentScopeTDZVariables, bool isDerivedConstructorContext)
     : Base(*vm, structure)
     , m_name(node->ident())
 …
     , m_generatorThisMode(static_cast<unsigned>(generatorThisMode))
     , m_superBinding(static_cast<unsigned>(node->superBinding()))
+    , m_isDerivedConstructorContext(isDerivedConstructorContext)
+{
     ASSERT(m_constructorKind == static_cast<unsigned>(node->constructorKind()));

trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h

-                      r192937
+                      r193584
     static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
     static UnlinkedFunctionExecutable* create(VM* vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, GeneratorThisMode generatorThisMode, VariableEnvironment& parentScopeTDZVariables, RefPtr<SourceProvider>&& sourceOverride = nullptr)
+    static UnlinkedFunctionExecutable* create(VM* vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, GeneratorThisMode generatorThisMode, VariableEnvironment& parentScopeTDZVariables, bool isDerivedConstructorContext, RefPtr<SourceProvider>&& sourceOverride = nullptr)
+    {
         UnlinkedFunctionExecutable* instance = new (NotNull, allocateCell<UnlinkedFunctionExecutable>(vm->heap))
             UnlinkedFunctionExecutable(vm, vm->unlinkedFunctionExecutableStructure.get(), source, WTF::move(sourceOverride), node, unlinkedFunctionKind, constructAbility, generatorThisMode, parentScopeTDZVariables);
+            UnlinkedFunctionExecutable(vm, vm->unlinkedFunctionExecutableStructure.get(), source, WTF::move(sourceOverride), node, unlinkedFunctionKind, constructAbility, generatorThisMode, parentScopeTDZVariables, isDerivedConstructorContext);
         instance->finishCreation(*vm);
         return instance;
 …
     bool isClassConstructorFunction() const { return constructorKind() != ConstructorKind::None; }
     const VariableEnvironment* parentScopeTDZVariables() const { return &m_parentScopeTDZVariables; }
+    bool isArrowFunction() const { return m_parseMode == SourceParseMode::ArrowFunctionMode; }
+    bool isDerivedConstructorContext() const {return m_isDerivedConstructorContext; }
 private:
+    UnlinkedFunctionExecutable(VM*, Structure*, const SourceCode&, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, GeneratorThisMode, VariableEnvironment&);
+    UnlinkedFunctionExecutable(VM*, Structure*, const SourceCode&, RefPtr<SourceProvider>&& sourceOverride, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, GeneratorThisMode, VariableEnvironment&, bool isDerivedConstructorContext);
     WriteBarrier<UnlinkedFunctionCodeBlock> m_unlinkedCodeBlockForCall;
     WriteBarrier<UnlinkedFunctionCodeBlock> m_unlinkedCodeBlockForConstruct;
 …
     unsigned m_generatorThisMode : 1;
     unsigned m_superBinding : 1;
+    unsigned m_isDerivedConstructorContext : 1;
 protected:

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

-                      r192937
+                      r193584
     , m_codeType(GlobalCode)
     , m_vm(&vm)
+    , m_isDerivedConstructorContext(false)
+    , m_needsToUpdateArrowFunctionContext(programNode->usesArrowFunction() || programNode->usesEval())
+{
     ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size());
 …
     // additional TDZ checks on top of those. This is why we can omit pushing programNode->lexicalVariables()
     // to the TDZ stack.
+    if (needsToUpdateArrowFunctionContext()) {
+        initializeArrowFunctionContextScopeIfNeeded();
+        emitPutThisToArrowFunctionContextScope();
+    }
+}
 …
     // https://bugs.webkit.org/show_bug.cgi?id=148819
     , m_inTailPosition(Options::useTailCalls() && !isConstructor() && constructorKind() == ConstructorKind::None && isStrictMode() && !m_shouldEmitProfileHooks)
+    , m_isDerivedConstructorContext(codeBlock->isDerivedConstructorContext())
+    , m_needsToUpdateArrowFunctionContext(functionNode->usesArrowFunction() || functionNode->usesEval())
+{
     for (auto& constantRegister : m_linkTimeConstantRegisters)
 …
     SourceParseMode parseMode = codeBlock->parseMode();
+    bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || m_codeBlock->needsFullScopeChain();
+    bool containsArrowOrEvalButNotInArrowBlock = needsToUpdateArrowFunctionContext() && !m_codeBlock->isArrowFunction();
+    bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || m_codeBlock->needsFullScopeChain() || containsArrowOrEvalButNotInArrowBlock;
     bool shouldCaptureAllOfTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval();
     bool needsArguments = functionNode->usesArguments() || codeBlock->usesEval();
 …
     switch (parseMode) {
     case SourceParseMode::ArrowFunctionMode: {
         if (functionNode->usesThis() || codeBlock->usesEval())
             emitLoadArrowFunctionThis(&m_thisRegister);
+        if (functionNode->usesThis())
+            emitLoadThisFromArrowFunctionLexicalEnvironment();
         break;
+    }
 …
     initializeDefaultParameterValuesAndSetupFunctionScopeStack(parameters, functionNode, functionSymbolTable, symbolTableConstantIndex, captures);
+    if (needsToUpdateArrowFunctionContext() && !codeBlock->isArrowFunction()) {
+        initializeArrowFunctionContextScopeIfNeeded(functionSymbolTable);
+        emitPutThisToArrowFunctionContextScope();
+        emitPutNewTargetToArrowFunctionContextScope();
+        emitPutDerivedConstructorToArrowFunctionContextScope();
+    }
     pushLexicalScope(m_scopeNode, true);
+}
 …
     , m_vm(&vm)
     , m_usesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode())
+    , m_isDerivedConstructorContext(codeBlock->isDerivedConstructorContext())
+    , m_needsToUpdateArrowFunctionContext(evalNode->usesArrowFunction() || evalNode->usesEval())
+{
     for (auto& constantRegister : m_linkTimeConstantRegisters)
 …
     m_TDZStack.append(std::make_pair(*parentScopeTDZVariables, false));
+    if (codeBlock->isArrowFunctionContext() && evalNode->usesThis())
+        emitLoadThisFromArrowFunctionLexicalEnvironment();
+    if (needsToUpdateArrowFunctionContext() && !codeBlock->isArrowFunctionContext()) {
+        initializeArrowFunctionContextScopeIfNeeded();
+        emitPutThisToArrowFunctionContextScope();
+    }
     pushLexicalScope(m_scopeNode, true);
+}
 …
     , m_vm(&vm)
     , m_usesNonStrictEval(false)
+    , m_isDerivedConstructorContext(false)
+    , m_needsToUpdateArrowFunctionContext(moduleProgramNode->usesArrowFunction() || moduleProgramNode->usesEval())
+{
     ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size());
 …
+        }
+    }
+}
+void BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded(SymbolTable* symbolTable)
+{
+    if (m_arrowFunctionContextLexicalEnvironmentRegister != nullptr)
+        return;
+    if (m_lexicalEnvironmentRegister != nullptr) {
+        m_arrowFunctionContextLexicalEnvironmentRegister = m_lexicalEnvironmentRegister;
+        if (!m_codeBlock->isArrowFunction()) {
+            ScopeOffset offset;
+            offset = symbolTable->takeNextScopeOffset();
+            symbolTable->set(propertyNames().thisIdentifier.impl(), SymbolTableEntry(VarOffset(offset)));
+            if (m_codeType == FunctionCode) {
+                offset = symbolTable->takeNextScopeOffset();
+                symbolTable->set(propertyNames().newTargetLocalPrivateName.impl(), SymbolTableEntry(VarOffset(offset)));
+            }
+            if (isConstructor() && constructorKind() == ConstructorKind::Derived) {
+                offset = symbolTable->takeNextScopeOffset();
+                symbolTable->set(propertyNames().derivedConstructorPrivateName.impl(), SymbolTableEntry(VarOffset(offset)));
+            }
+        }
+        return;
+    }
+    VariableEnvironment environment;
+    auto addResult = environment.add(propertyNames().thisIdentifier);
+    addResult.iterator->value.setIsCaptured();
+    addResult.iterator->value.setIsConst();
+    if (m_codeType == FunctionCode)  {
+        auto addTarget = environment.add(propertyNames().newTargetLocalPrivateName);
+        addTarget.iterator->value.setIsCaptured();
+        addTarget.iterator->value.setIsLet();
+    }
+    if (isConstructor() && constructorKind() == ConstructorKind::Derived) {
+        auto derivedConstructor = environment.add(propertyNames().derivedConstructorPrivateName);
+        derivedConstructor.iterator->value.setIsCaptured();
+        derivedConstructor.iterator->value.setIsLet();
+    }
+    size_t size = m_symbolTableStack.size();
+    pushLexicalScopeInternal(environment, true, nullptr, TDZRequirement::UnderTDZ, ScopeType::LetConstScope, ScopeRegisterType::Block);
+    ASSERT_UNUSED(size, m_symbolTableStack.size() == size + 1);
+    m_arrowFunctionContextLexicalEnvironmentRegister = m_symbolTableStack.last().m_scope;
+}
 …
+}
 Variable BytecodeGenerator::variable(const Identifier& property)
+{
     if (property == propertyNames().thisIdentifier) {
+Variable BytecodeGenerator::variable(const Identifier& property, ThisResolutionType thisResolutionType)
+{
+    if (property == propertyNames().thisIdentifier && thisResolutionType == ThisResolutionType::Local) {
         return Variable(property, VarOffset(thisRegister()->virtualRegister()), thisRegister(),
             ReadOnly, Variable::SpecialVariable, 0, false);
 …
     instructions().append(scopeRegister()->index());
     instructions().append(index);
-    if (opcodeID == op_new_arrow_func_exp)
-        instructions().append(thisRegister()->index());
+}
 …
 RegisterID* BytecodeGenerator::emitNewArrowFunctionExpression(RegisterID* dst, ArrowFuncExprNode* func)
+{
+    ASSERT(func->metadata()->parseMode() == SourceParseMode::ArrowFunctionMode);
+    bool isClassConstructor = m_codeBlock->isConstructor() && constructorKind() != ConstructorKind::None;
+    if (isClassConstructor || generatorThisMode() == GeneratorThisMode::Empty)
+        emitTDZCheck(thisRegister());
+    ASSERT(func->metadata()->parseMode() == SourceParseMode::ArrowFunctionMode);
     emitNewFunctionExpressionCommon(dst, func);
     return dst;
 …
     m_topMostScope = addVar();
     emitMove(m_topMostScope, scopeRegister());
+}
-RegisterID* BytecodeGenerator::emitLoadArrowFunctionThis(RegisterID* arrowFunctionThis)
+{
-    emitOpcode(op_load_arrowfunction_this);
-    instructions().append(arrowFunctionThis->index());
-    return arrowFunctionThis;
+}
 …
+}
+RegisterID* BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment()
+{
+    ASSERT(m_codeBlock->isArrowFunction() || m_codeBlock->isArrowFunctionContext() || constructorKind() == ConstructorKind::Derived);
+    m_resolvedArrowFunctionScopeContextRegister = emitResolveScope(nullptr, variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped));
+    return m_resolvedArrowFunctionScopeContextRegister.get();
+}
+void BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment()
+{
+    emitGetFromScope(thisRegister(), emitLoadArrowFunctionLexicalEnvironment(), variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped), DoNotThrowIfNotFound);
+}
+RegisterID* BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment()
+{
+    m_isNewTargetLoadedInArrowFunction = true;
+    Variable newTargetVar = variable(propertyNames().newTargetLocalPrivateName);
+    emitMove(m_newTargetRegister, emitGetFromScope(newTemporary(), emitLoadArrowFunctionLexicalEnvironment(), newTargetVar, ThrowIfNotFound));
+    return m_newTargetRegister;
+}
+RegisterID* BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment()
+{
+    Variable protoScopeVar = variable(propertyNames().derivedConstructorPrivateName);
+    return emitGetFromScope(newTemporary(), emitLoadArrowFunctionLexicalEnvironment(), protoScopeVar, ThrowIfNotFound);
+}
+void BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope()
+{
+    ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister != nullptr);
+    Variable newTargetVar = variable(propertyNames().newTargetLocalPrivateName);
+    emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, newTargetVar, newTarget(), DoNotThrowIfNotFound, Initialization);
+}
+void BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope()
+{
+    if (isConstructor() && constructorKind() == ConstructorKind::Derived) {
+        ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister != nullptr);
+        Variable protoScope = variable(propertyNames().derivedConstructorPrivateName);
+        emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, protoScope, &m_calleeRegister, DoNotThrowIfNotFound, Initialization);
+    }
+}
+void BytecodeGenerator::emitPutThisToArrowFunctionContextScope()
+{
+    ASSERT(isDerivedConstructorContext() || m_arrowFunctionContextLexicalEnvironmentRegister != nullptr);
+    if (isDerivedConstructorContext())
+        emitLoadArrowFunctionLexicalEnvironment();
+    Variable thisVar = variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped);
+    emitPutToScope(isDerivedConstructorContext() ? m_resolvedArrowFunctionScopeContextRegister.get() : m_arrowFunctionContextLexicalEnvironmentRegister, thisVar, thisRegister(), DoNotThrowIfNotFound, NotInitialization);
+}
 void BytecodeGenerator::pushStructureForInScope(RegisterID* localRegister, RegisterID* indexRegister, RegisterID* propertyRegister, RegisterID* enumeratorRegister)
+{

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

-                      r192937
+                      r193584
     };
+    enum class ThisResolutionType { Local, Scoped };
     class CallArguments {
     public:
 …
         bool isConstructor() const { return m_codeBlock->isConstructor(); }
+        bool isDerivedConstructorContext() const { return m_codeBlock->isDerivedConstructorContext(); }
+        bool usesArrowFunction() const { return m_scopeNode->usesArrowFunction(); }
+        bool needsToUpdateArrowFunctionContext() const { return m_needsToUpdateArrowFunctionContext; }
+        bool usesEval() const { return m_scopeNode->usesEval(); }
+        bool usesThis() const { return m_scopeNode->usesThis(); }
         ConstructorKind constructorKind() const { return m_codeBlock->constructorKind(); }
         GeneratorThisMode generatorThisMode() const { return m_codeBlock->generatorThisMode(); }
 …
         bool isArgumentNumber(const Identifier&, int);
         Variable variable(const Identifier&);
+        Variable variable(const Identifier&, ThisResolutionType = ThisResolutionType::Local);
         enum ExistingVariableMode { VerifyExisting, IgnoreExisting };
 …
         RegisterID* thisRegister() { return &m_thisRegister; }
         RegisterID* argumentsRegister() { return m_argumentsRegister; }
+        RegisterID* newTarget() { return m_newTargetRegister; }
+        RegisterID* newTarget()
+        {
+            return !m_codeBlock->isArrowFunction() || m_isNewTargetLoadedInArrowFunction
+                ? m_newTargetRegister : emitLoadNewTargetFromArrowFunctionLexicalEnvironment();
+        }
         RegisterID* scopeRegister() { return m_scopeRegister; }
 …
         void emitProfileControlFlow(int);
+        RegisterID* emitLoadArrowFunctionLexicalEnvironment();
+        void emitLoadThisFromArrowFunctionLexicalEnvironment();
+        RegisterID* emitLoadNewTargetFromArrowFunctionLexicalEnvironment();
         RegisterID* emitLoad(RegisterID* dst, bool);
 …
         RegisterID* emitPushWithScope(RegisterID* objectScope);
         void emitPopWithScope();
+        void emitPutThisToArrowFunctionContextScope();
+        void emitPutNewTargetToArrowFunctionContextScope();
+        void emitPutDerivedConstructorToArrowFunctionContextScope();
+        RegisterID* emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment();
         void emitDebugHook(DebugHookID, unsigned line, unsigned charOffset, unsigned lineStart);
 …
         void allocateCalleeSaveSpace();
         void allocateAndEmitScope();
-        RegisterID* emitLoadArrowFunctionThis(RegisterID*);
         void emitComplexPopScopes(RegisterID*, ControlFlowContext* topScope, ControlFlowContext* bottomScope);
 …
         UnlinkedFunctionExecutable* makeFunction(FunctionMetadataNode* metadata)
+        {
+            bool newisDerivedConstructorContext = constructorKind() == ConstructorKind::Derived || (m_isDerivedConstructorContext && metadata->parseMode() == SourceParseMode::ArrowFunctionMode);
             VariableEnvironment variablesUnderTDZ;
             getVariablesUnderTDZ(variablesUnderTDZ);
 …
                 generatorThisMode = GeneratorThisMode::Empty;
             return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, generatorThisMode, variablesUnderTDZ);
+            return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, generatorThisMode, variablesUnderTDZ, newisDerivedConstructorContext);
+        }
 …
         void initializeVarLexicalEnvironment(int symbolTableConstantIndex);
         void initializeDefaultParameterValuesAndSetupFunctionScopeStack(FunctionParameters&, FunctionNode*, SymbolTable*, int symbolTableConstantIndex, const std::function<bool (UniquedStringImpl*)>& captures);
+        void initializeArrowFunctionContextScopeIfNeeded(SymbolTable* = nullptr);
     public:
 …
         RegisterID* m_newTargetRegister { nullptr };
         RegisterID* m_linkTimeConstantRegisters[LinkTimeConstantCount];
+        RegisterID* m_arrowFunctionContextLexicalEnvironmentRegister { nullptr };
+        RefPtr<RegisterID> m_resolvedArrowFunctionScopeContextRegister;
         SegmentedVector<RegisterID*, 16> m_localRegistersForCalleeSaveRegisters;
 …
         bool m_usesNonStrictEval { false };
         bool m_inTailPosition { false };
+        bool m_isDerivedConstructorContext { false };
+        bool m_needsToUpdateArrowFunctionContext;
+        bool m_isNewTargetLoadedInArrowFunction { false };
     };

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

-                      r192937
+                      r193584
 RegisterID* ThisNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (m_shouldAlwaysEmitTDZCheck || generator.constructorKind() == ConstructorKind::Derived || generator.generatorThisMode() == GeneratorThisMode::Empty)
+    if (generator.constructorKind() == ConstructorKind::Derived && generator.needsToUpdateArrowFunctionContext())
+        generator.emitLoadThisFromArrowFunctionLexicalEnvironment();
+    if (m_shouldAlwaysEmitTDZCheck || generator.constructorKind() == ConstructorKind::Derived || generator.generatorThisMode() == GeneratorThisMode::Empty || generator.isDerivedConstructorContext())
         generator.emitTDZCheck(generator.thisRegister());
 …
     if (dst == generator.ignoredResult())
         return 0;
+    if (generator.isDerivedConstructorContext())
+        return generator.emitGetById(generator.finalDestination(dst), generator.emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment(), generator.propertyNames().underscoreProto);
     RegisterID callee;
 …
 RegisterID* EvalFunctionCallNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    // We need try to load 'this' before call eval in constructor, because 'this' can created by 'super' in some of the arrow function
+    // var A = class A {
+    //   constructor () { this.id = 'A'; }
+    // }
+    //
+    // var B = class B extend A {
+    //    constructor () {
+    //       var arrow = () => super();
+    //       arrow();
+    //       eval("this.id = 'B'");
+    //    }
+    // }
+    if (generator.constructorKind() == ConstructorKind::Derived && generator.needsToUpdateArrowFunctionContext())
+        generator.emitLoadThisFromArrowFunctionLexicalEnvironment();
     Variable var = generator.variable(generator.propertyNames().eval);
     if (RegisterID* local = var.local()) {
 …
     CallArguments callArguments(generator, m_args);
     if (m_expr->isSuperNode()) {
         ASSERT(generator.isConstructor());
         ASSERT(generator.constructorKind() == ConstructorKind::Derived);
+        ASSERT(generator.isConstructor() || generator.isDerivedConstructorContext());
+        ASSERT(generator.constructorKind() == ConstructorKind::Derived || generator.isDerivedConstructorContext());
         generator.emitMove(callArguments.thisRegister(), generator.newTarget());
         RegisterID* ret = generator.emitConstruct(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd());
         generator.emitMove(generator.thisRegister(), ret);
+        bool isConstructorKindDerived = generator.constructorKind() == ConstructorKind::Derived;
+        if (generator.isDerivedConstructorContext() || (isConstructorKindDerived && generator.needsToUpdateArrowFunctionContext()))
+            generator.emitPutThisToArrowFunctionContextScope();
         return ret;
+    }
 …
         // If there is no return we must automatically insert one.
         if (!returnNode) {
+            if (generator.constructorKind() == ConstructorKind::Derived && generator.needsToUpdateArrowFunctionContext())
+                generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); // Arrow function can invoke 'super' in constructor and before leave constructor we need load 'this' from lexical arrow function environment
             RegisterID* r0 = generator.isConstructor() ? generator.thisRegister() : generator.emitLoad(0, jsUndefined());
             generator.emitProfileType(r0, ProfileTypeBytecodeFunctionReturnStatement); // Do not emit expression info for this profile because it's not in the user's source code.

trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp

r192882	r193584
197	197	JSScope::collectVariablesUnderTDZ(scope()->jsScope(), variablesUnderTDZ);
198	198
199		EvalExecutable* eval = EvalExecutable::create(callFrame, makeSource(script), codeBlock.isStrictMode(), thisTDZMode, &variablesUnderTDZ);
	199	EvalExecutable* eval = EvalExecutable::create(callFrame, makeSource(script), codeBlock.isStrictMode(), thisTDZMode, codeBlock.unlinkedCodeBlock()->isDerivedConstructorContext(), codeBlock.unlinkedCodeBlock()->isArrowFunction(), &variablesUnderTDZ);
200	200	if (vm.exception()) {
201	201	exception = vm.exception();

trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

-                      r192993
+                      r193584
         break;
-    case LoadArrowFunctionThis:
-        if (JSValue base = forNode(node->child1()).m_value) {
-            JSArrowFunction* function = jsDynamicCast<JSArrowFunction*>(base);
-            setConstant(node, *m_graph.freeze(function->boundThis()));
-            break;
+        }
-        forNode(node).setType(m_graph, SpecFinalObject);
-        break;
     case SkipScope: {
         JSValue child = forNode(node->child1()).value();

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

-                      r193470
+                      r193584
             NEXT_OPCODE(op_get_scope);
+        }
-        case op_load_arrowfunction_this: {
-            Node* callee = get(VirtualRegister(JSStack::Callee));
-            Node* result;
-            if (JSArrowFunction* function = callee->dynamicCastConstant<JSArrowFunction*>())
-                result = jsConstant(function->boundThis());
-            else
-                result = addToGraph(LoadArrowFunctionThis, callee);
-            set(VirtualRegister(currentInstruction[1].u.operand), result);
-            NEXT_OPCODE(op_load_arrowfunction_this);
+        }
         case op_create_direct_arguments: {
 …
+        }
+        case op_new_func_exp: {
+        case op_new_func_exp:
+        case op_new_arrow_func_exp: {
             FunctionExecutable* expr = m_inlineStackTop->m_profiledBlock->functionExpr(currentInstruction[3].u.operand);
             FrozenValue* frozen = m_graph.freezeStrong(expr);
             set(VirtualRegister(currentInstruction[1].u.operand),
                 addToGraph(NewFunction, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
+            NEXT_OPCODE(op_new_func_exp);
+        }
+        case op_new_arrow_func_exp: {
+            FunctionExecutable* expr = m_inlineStackTop->m_profiledBlock->functionExpr(currentInstruction[3].u.operand);
+            FrozenValue* frozen = m_graph.freezeStrong(expr);
+            set(VirtualRegister(currentInstruction[1].u.operand),
+                addToGraph(NewArrowFunction, OpInfo(frozen),
+                    get(VirtualRegister(currentInstruction[2].u.operand)),
+                    get(VirtualRegister(currentInstruction[4].u.operand))));
+            NEXT_OPCODE(op_new_arrow_func_exp);
+            if (opcodeID == op_new_func_exp) {
+                // Curly braces are necessary
+                NEXT_OPCODE(op_new_func_exp);
+            } else {
+                // Curly braces are necessary
+                NEXT_OPCODE(op_new_arrow_func_exp);
+            }
+        }

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

r192882	r193584
203	203	case op_in:
204	204	case op_get_scope:
205		~~case op_load_arrowfunction_this:~~
206	205	case op_get_from_scope:
207	206	case op_get_enumerable_length:

trunk/Source/JavaScriptCore/dfg/DFGClobberize.h

r192993	r193584
140	140	case ArithLog:
141	141	case GetScope:
142		~~case LoadArrowFunctionThis:~~
143	142	case SkipScope:
144	143	case StringCharCodeAt:

trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp

r192882	r193584
108	108	case CheckArray:
109	109	case GetScope:
110		~~case LoadArrowFunctionThis:~~
111	110	case SkipScope:
112	111	case GetClosureVar:

trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

-                      r193470
+                      r193584
             fixEdge<KnownCellUse>(node->child1());
             speculateForBarrier(node->child2());
-            break;
+        }
-        case LoadArrowFunctionThis: {
-            fixEdge<KnownCellUse>(node->child1());
             break;
+        }

trunk/Source/JavaScriptCore/dfg/DFGNodeType.h

r192882	r193584
208	208	macro(GetArrayLength, NodeResultInt32) \
209	209	macro(GetTypedArrayByteOffset, NodeResultInt32) \
210		~~macro(LoadArrowFunctionThis, NodeResultJS) \~~
211	210	macro(GetScope, NodeResultJS) \
212	211	macro(SkipScope, NodeResultJS) \

trunk/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp

-                      r192882
+                      r193584
         case NewFunction:
         case NewArrowFunction: {
-            bool isArrowFunction = node->op() == NewArrowFunction;
             if (node->castOperand<FunctionExecutable*>()->singletonFunction()->isStillValid()) {
                 m_heap.escape(node->child1().node());
 …
+            }
             target = &m_heap.newAllocation(node, isArrowFunction ? Allocation::Kind::NewArrowFunction : Allocation::Kind::Function);
+            target = &m_heap.newAllocation(node, Allocation::Kind::Function);
             writes.add(FunctionExecutablePLoc, LazyNode(node->cellOperand()));
             writes.add(FunctionActivationPLoc, LazyNode(node->child1().node()));
-            if (isArrowFunction)
-                writes.add(ArrowFunctionBoundThisPLoc, LazyNode(node->child2().node()));
             break;
+        }
 …
             break;
-        case LoadArrowFunctionThis:
-            target = m_heap.onlyLocalAllocation(node->child1().node());
-            if (target && target->isArrowFunctionAllocation())
-                exactRead = ArrowFunctionBoundThisPLoc;
-            else
-                m_heap.escape(node->child1().node());
-            break;
         case GetScope:
             target = m_heap.onlyLocalAllocation(node->child1().node());
 …
         case NewFunction:
         case NewArrowFunction: {
-            bool isArrowFunction = node->op() == NewArrowFunction;
             Vector<PromotedHeapLocation> locations = m_locationsForAllocation.get(escapee);
             ASSERT(locations.size() == (isArrowFunction ? 3 : 2));
+            ASSERT(locations.size() == 2);
             PromotedHeapLocation executable(FunctionExecutablePLoc, allocation.identifier());
 …
             node->child1() = Edge(resolve(block, activation), KnownCellUse);
-            if (isArrowFunction) {
-                PromotedHeapLocation boundThis(ArrowFunctionBoundThisPLoc, allocation.identifier());
-                ASSERT(locations.contains(boundThis));
-                node->child2() = Edge(resolve(block, boundThis), CellUse);
+            }
             break;
+        }

trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

-                      r192993
+                      r193584
         case GetScope:
             changed |= setPrediction(SpecObjectOther);
-            break;
-        case LoadArrowFunctionThis:
-            changed |= setPrediction(SpecFinalObject);
             break;

trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.cpp

-                      r192882
+                      r193584
         out.print("ClosureVarPLoc");
         return;
-    case ArrowFunctionBoundThisPLoc:
-        out.print("ArrowFunctionBoundThisPLoc");
-        return;
+    }

trunk/Source/JavaScriptCore/dfg/DFGPromotedHeapLocation.h

-                      r192882
+                      r193584
     FunctionActivationPLoc,
     ActivationScopePLoc,
+    ClosureVarPLoc,
+    ArrowFunctionBoundThisPLoc
+    ClosureVarPLoc
 };

trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h

r192882	r193584
203	203	case ArrayifyToStructure:
204	204	case GetScope:
205		~~case LoadArrowFunctionThis:~~
206	205	case SkipScope:
207	206	case GetClosureVar:

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

-                      r193424
+                      r193584
     cellResult(result.gpr(), node);
+}
-void SpeculativeJIT::compileLoadArrowFunctionThis(Node* node)
+{
-    SpeculateCellOperand function(this, node->child1());
-    GPRTemporary result(this, Reuse, function);
-    m_jit.loadPtr(JITCompiler::Address(function.gpr(), JSArrowFunction::offsetOfThisValue()), result.gpr());
-    cellResult(result.gpr(), node);
+}
 void SpeculativeJIT::compileSkipScope(Node* node)

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

r192882	r193584
2201	2201
2202	2202	void compileGetScope(Node*);
2203		~~void compileLoadArrowFunctionThis(Node*);~~
2204	2203	void compileSkipScope(Node*);
2205	2204

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

-                      r192882
+                      r193584
         compileGetScope(node);
         break;
-    case LoadArrowFunctionThis:
-        compileLoadArrowFunctionThis(node);
-        break;
     case SkipScope:

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

-                      r192882
+                      r193584
         break;
-    case LoadArrowFunctionThis:
-        compileLoadArrowFunctionThis(node);
-        break;
     case SkipScope:
         compileSkipScope(node);

trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp

r192882	r193584
153	153	case GetExecutable:
154	154	case GetScope:
155		~~case LoadArrowFunctionThis:~~
156	155	case GetCallee:
157	156	case GetArgumentCount:

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp

-                      r193506
+                      r193584
         case GetScope:
             compileGetScope();
-            break;
-        case LoadArrowFunctionThis:
-            compileLoadArrowFunctionThis();
             break;
         case SkipScope:
 …
+    }
-    void compileLoadArrowFunctionThis()
+    {
-        setJSValue(m_out.loadPtr(lowCell(m_node->child1()), m_heaps.JSArrowFunction_this));
+    }
     void compileSkipScope()
+    {

trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp

-                      r192882
+                      r193584
         FunctionExecutable* executable = nullptr;
         JSScope* activation = nullptr;
-        JSValue boundThis;
-        bool isArrowFunction = false;
         for (unsigned i = materialization->properties().size(); i--;) {
             const ExitPropertyValue& property = materialization->properties()[i];
 …
             if (property.location() == PromotedLocationDescriptor(FunctionActivationPLoc))
                 activation = jsCast<JSScope*>(JSValue::decode(values[i]));
-            if (property.location() == PromotedLocationDescriptor(ArrowFunctionBoundThisPLoc)) {
-                isArrowFunction = true;
-                boundThis = JSValue::decode(values[i]);
+            }
+        }
         RELEASE_ASSERT(executable && activation);
+        JSFunction* result = isArrowFunction
+            ? JSArrowFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation, boundThis)
+            : JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
+        JSFunction* result = JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
         return result;

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

-                      r192937
+                      r193584
         ASSERT(!callFrame->vm().exception());
+        eval = callerCodeBlock->evalCodeCache().getSlow(callFrame, callerCodeBlock, callerCodeBlock->isStrictMode(), thisTDZMode, sourceCode, callerScopeChain);
+        eval = callerCodeBlock->evalCodeCache().getSlow(callFrame, callerCodeBlock, callerCodeBlock->isStrictMode(), thisTDZMode, callerCodeBlock->unlinkedCodeBlock()->isDerivedConstructorContext(), callerCodeBlock->unlinkedCodeBlock()->isArrowFunction(), sourceCode, callerScopeChain);
         if (!eval)
             return jsUndefined();

trunk/Source/JavaScriptCore/jit/JIT.cpp

r192937	r193584
224	224	DEFINE_OP(op_enter)
225	225	DEFINE_OP(op_get_scope)
226		~~DEFINE_OP(op_load_arrowfunction_this)~~
227	226	DEFINE_OP(op_eq)
228	227	DEFINE_OP(op_eq_null)

trunk/Source/JavaScriptCore/jit/JIT.h

r193471	r193584
503	503	void emit_op_enter(Instruction*);
504	504	void emit_op_get_scope(Instruction*);
505		~~void emit_op_load_arrowfunction_this(Instruction*);~~
506	505	void emit_op_eq(Instruction*);
507	506	void emit_op_eq_null(Instruction*);

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

-                      r193471
+                      r193584
     emitStoreCell(dst, regT0);
+}
-void JIT::emit_op_load_arrowfunction_this(Instruction* currentInstruction)
+{
-    int dst = currentInstruction[1].u.operand;
-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, regT0);
-    loadPtr(Address(regT0, JSArrowFunction::offsetOfThisValue()), regT0);
-    emitStoreCell(dst, regT0);
+}
 void JIT::emit_op_to_this(Instruction* currentInstruction)
 …
 void JIT::emitNewFuncExprCommon(Instruction* currentInstruction)
+{
-    OpcodeID opcodeID = m_vm->interpreter->getOpcodeID(currentInstruction->u.opcode);
-    bool isArrowFunction = opcodeID == op_new_arrow_func_exp;
     Jump notUndefinedScope;
     int dst = currentInstruction[1].u.operand;
 #if USE(JSVALUE64)
     emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
-    if (isArrowFunction)
-        emitGetVirtualRegister(currentInstruction[4].u.operand, regT1);
     notUndefinedScope = branch64(NotEqual, regT0, TrustedImm64(JSValue::encode(jsUndefined())));
     store64(TrustedImm64(JSValue::encode(jsUndefined())), Address(callFrameRegister, sizeof(Register) * dst));
 #else
     emitLoadPayload(currentInstruction[2].u.operand, regT0);
-    if (isArrowFunction) {
-        int value = currentInstruction[4].u.operand;
-        emitLoad(value, regT3, regT2);
+    }
     notUndefinedScope = branch32(NotEqual, tagFor(currentInstruction[2].u.operand), TrustedImm32(JSValue::UndefinedTag));
     emitStore(dst, jsUndefined());
 …
     FunctionExecutable* function = m_codeBlock->functionExpr(currentInstruction[3].u.operand);
+    if (isArrowFunction)
+#if USE(JSVALUE64)
+        callOperation(operationNewArrowFunction, dst, regT0, function, regT1);
+#else
+        callOperation(operationNewArrowFunction, dst, regT0, function, regT3, regT2);
+#endif
+    OpcodeID opcodeID = m_vm->interpreter->getOpcodeID(currentInstruction->u.opcode);
+    if (opcodeID == op_new_func_exp || opcodeID == op_new_arrow_func_exp)
+        callOperation(operationNewFunction, dst, regT0, function);
     else {
+        if (opcodeID == op_new_func_exp)
+            callOperation(operationNewFunction, dst, regT0, function);
+        else {
+            ASSERT(opcodeID == op_new_generator_func_exp);
+            callOperation(operationNewGeneratorFunction, dst, regT0, function);
+        }
+        ASSERT(opcodeID == op_new_generator_func_exp);
+        callOperation(operationNewGeneratorFunction, dst, regT0, function);
+    }
     done.link(this);
+}

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

-                      r192882
+                      r193584
+}
-void JIT::emit_op_load_arrowfunction_this(Instruction* currentInstruction)
+{
-    int dst = currentInstruction[1].u.operand;
-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, regT0);
-    loadPtr(Address(regT0, JSArrowFunction::offsetOfThisValue()), regT0);
-    emitStoreCell(dst, regT0);
+}
 void JIT::emit_op_create_this(Instruction* currentInstruction)
+{

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

-                      r192937
+                      r193584
+{
     LLINT_BEGIN();
+    JSValue thisValue = LLINT_OP_C(4).jsValue();
     CodeBlock* codeBlock = exec->codeBlock();
     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
     LLINT_RETURN(JSArrowFunction::create(vm, executable, scope, thisValue));
+    LLINT_RETURN(JSFunction::create(vm, executable, scope));
+}

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

r192937	r193584
1473	1473	traceExecution()
1474	1474	callSlowPath(_llint_slow_path_new_arrow_func_exp)
1475		dispatch(5)
	1475	dispatch(4)
1476	1476
1477	1477	_llint_op_call:

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

-                      r192882
+                      r193584
-_llint_op_load_arrowfunction_this:
-    traceExecution()
-    loadi Callee + PayloadOffset[cfr], t0
-    loadi JSArrowFunction::m_boundThis[t0], t0
-    loadisFromInstruction(1, t1)
-    storei CellTag, TagOffset[cfr, t1, 8]
-    storei t0, PayloadOffset[cfr, t1, 8]
-    dispatch(2)
 _llint_op_get_rest_length:
     traceExecution()

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

-                      r192882
+                      r193584
     dispatch(6)
 _llint_op_profile_control_flow:
     traceExecution()
 …
     addq 1, BasicBlockLocation::m_executionCount[t0]
     dispatch(2)
-_llint_op_load_arrowfunction_this:
-    traceExecution()
-    loadp Callee[cfr], t0
-    loadp JSArrowFunction::m_boundThis[t0], t0
-    loadisFromInstruction(1, t1)
-    storeq t0, [cfr, t1, 8]
-    dispatch(2)
 _llint_op_get_rest_length:

trunk/Source/JavaScriptCore/parser/ASTBuilder.h

-                      r192937
+                      r193584
     ExpressionNode* createArrowFunctionExpr(const JSTokenLocation& location, const ParserFunctionInfo<ASTBuilder>& functionInfo)
+    {
         usesThis();
+        usesArrowFunction();
         SourceCode source = m_sourceCode->subExpression(functionInfo.startOffset, functionInfo.body->isArrowFunctionBodyExpression() ? functionInfo.endOffset - 1 : functionInfo.endOffset, functionInfo.startLine, functionInfo.bodyStartColumn);
         ArrowFuncExprNode* result = new (m_parserArena) ArrowFuncExprNode(location, *functionInfo.name, functionInfo.body, source);
 …
     void incConstants() { m_scope.m_numConstants++; }
     void usesThis() { m_scope.m_features |= ThisFeature; }
+    void usesArrowFunction() { m_scope.m_features |= ArrowFunctionFeature; }
     void usesArguments() { m_scope.m_features |= ArgumentsFeature; }
     void usesWith() { m_scope.m_features |= WithFeature; }

trunk/Source/JavaScriptCore/parser/Nodes.h

r192937	r193584
1560	1560	bool usesEval() const { return m_features & EvalFeature; }
1561	1561	bool usesArguments() const { return (m_features & ArgumentsFeature) && !(m_features & ShadowsArgumentsFeature); }
	1562	bool usesArrowFunction() const { return m_features & ArrowFunctionFeature; }
1562	1563	bool modifiesParameter() const { return m_features & ModifiedParameterFeature; }
1563	1564	bool modifiesArguments() const { return m_features & (EvalFeature \| ModifiedArgumentsFeature); }

trunk/Source/JavaScriptCore/parser/Parser.cpp

-                      r192937
+                      r193584
         semanticFailIfTrue(m_vm->propertyNames->eval == *functionInfo.name, "'", functionInfo.name->impl(), "' is not a valid function name in strict mode");
+    }
     if (functionScope->hasDirectSuper()) {
+    if (functionScope->hasDirectSuper() && functionBodyType == StandardFunctionBodyBlock) {
         semanticFailIfTrue(!isClassConstructor, "Cannot call super() outside of a class constructor");
         semanticFailIfTrue(constructorKind != ConstructorKind::Derived, "Cannot call super() in a base class constructor");
+    }
     if (functionScope->needsSuperBinding())
+    if (functionScope->needsSuperBinding() && functionBodyType == StandardFunctionBodyBlock)
         semanticFailIfTrue(expectedSuperBinding == SuperBinding::NotNeeded, "super can only be used in a method of a derived class");

trunk/Source/JavaScriptCore/parser/ParserModes.h

-                      r192937
+                      r193584
 typedef unsigned CodeFeatures;
+const CodeFeatures NoFeatures =                    0;
+const CodeFeatures EvalFeature =              1 << 0;
+const CodeFeatures ArgumentsFeature =         1 << 1;
+const CodeFeatures WithFeature =              1 << 2;
+const CodeFeatures ThisFeature =              1 << 3;
+const CodeFeatures StrictModeFeature =        1 << 4;
+const CodeFeatures ShadowsArgumentsFeature =  1 << 5;
+const CodeFeatures ModifiedParameterFeature = 1 << 6;
+const CodeFeatures ModifiedArgumentsFeature = 1 << 7;
+const CodeFeatures NoFeatures =                       0;
+const CodeFeatures EvalFeature =                 1 << 0;
+const CodeFeatures ArgumentsFeature =            1 << 1;
+const CodeFeatures WithFeature =                 1 << 2;
+const CodeFeatures ThisFeature =                 1 << 3;
+const CodeFeatures StrictModeFeature =           1 << 4;
+const CodeFeatures ShadowsArgumentsFeature =     1 << 5;
+const CodeFeatures ModifiedParameterFeature =    1 << 6;
+const CodeFeatures ModifiedArgumentsFeature =    1 << 7;
+const CodeFeatures ArrowFunctionFeature =        1 << 8;
+const CodeFeatures ArrowFunctionContextFeature = 1 << 9;
 const CodeFeatures AllFeatures = EvalFeature | ArgumentsFeature | WithFeature | ThisFeature | StrictModeFeature | ShadowsArgumentsFeature | ModifiedParameterFeature;
+const CodeFeatures AllFeatures = EvalFeature | ArgumentsFeature | WithFeature | ThisFeature | StrictModeFeature | ShadowsArgumentsFeature | ModifiedParameterFeature | ArrowFunctionFeature | ArrowFunctionContextFeature;
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/CodeCache.cpp

-                      r192937
+                      r193584
 template <class UnlinkedCodeBlockType, class ExecutableType>
+UnlinkedCodeBlockType* CodeCache::getGlobalCodeBlock(VM& vm, ExecutableType* executable, const SourceCode& source, JSParserBuiltinMode builtinMode,
+    JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
+UnlinkedCodeBlockType* CodeCache::getGlobalCodeBlock(VM& vm, ExecutableType* executable, const SourceCode& source, JSParserBuiltinMode builtinMode, JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, bool, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
+{
     SourceCodeKey key = SourceCodeKey(source, String(), CacheTypes<UnlinkedCodeBlockType>::codeType, builtinMode, strictMode, thisTDZMode);
 …
     unsigned unlinkedEndColumn = rootNode->endColumn();
     unsigned endColumn = unlinkedEndColumn + (endColumnIsOnStartLine ? startColumn : 1);
+    executable->recordParse(rootNode->features(), rootNode->hasCapturedVariables(), rootNode->firstLine(), rootNode->lastLine(), startColumn, endColumn);
+    unsigned arrowContextFeature = executable->isArrowFunctionContext() ? ArrowFunctionContextFeature : 0;
+    executable->recordParse(rootNode->features() | arrowContextFeature, rootNode->hasCapturedVariables(), rootNode->firstLine(), rootNode->lastLine(), startColumn, endColumn);
     UnlinkedCodeBlockType* unlinkedCodeBlock = UnlinkedCodeBlockType::create(&vm, executable->executableInfo());
 …
+{
     VariableEnvironment emptyParentTDZVariables;
     return getGlobalCodeBlock<UnlinkedProgramCodeBlock>(vm, executable, source, builtinMode, strictMode, ThisTDZMode::CheckIfNeeded, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
+    return getGlobalCodeBlock<UnlinkedProgramCodeBlock>(vm, executable, source, builtinMode, strictMode, ThisTDZMode::CheckIfNeeded, false, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
+}
 UnlinkedEvalCodeBlock* CodeCache::getEvalCodeBlock(VM& vm, EvalExecutable* executable, const SourceCode& source, JSParserBuiltinMode builtinMode, JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
+UnlinkedEvalCodeBlock* CodeCache::getEvalCodeBlock(VM& vm, EvalExecutable* executable, const SourceCode& source, JSParserBuiltinMode builtinMode, JSParserStrictMode strictMode, ThisTDZMode thisTDZMode, bool isArrowFunctionContext, DebuggerMode debuggerMode, ProfilerMode profilerMode, ParserError& error, const VariableEnvironment* variablesUnderTDZ)
+{
     return getGlobalCodeBlock<UnlinkedEvalCodeBlock>(vm, executable, source, builtinMode, strictMode, thisTDZMode, debuggerMode, profilerMode, error, variablesUnderTDZ);
+    return getGlobalCodeBlock<UnlinkedEvalCodeBlock>(vm, executable, source, builtinMode, strictMode, thisTDZMode, isArrowFunctionContext, debuggerMode, profilerMode, error, variablesUnderTDZ);
+}
 …
+{
     VariableEnvironment emptyParentTDZVariables;
     return getGlobalCodeBlock<UnlinkedModuleProgramCodeBlock>(vm, executable, source, builtinMode, JSParserStrictMode::Strict, ThisTDZMode::CheckIfNeeded, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
+    return getGlobalCodeBlock<UnlinkedModuleProgramCodeBlock>(vm, executable, source, builtinMode, JSParserStrictMode::Strict, ThisTDZMode::CheckIfNeeded, false, debuggerMode, profilerMode, error, &emptyParentTDZVariables);
+}
 …
     // The Function constructor only has access to global variables, so no variables will be under TDZ.
     VariableEnvironment emptyTDZVariables;
     UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, UnlinkedNormalFunction, ConstructAbility::CanConstruct, GeneratorThisMode::NonEmpty, emptyTDZVariables);
+    UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, UnlinkedNormalFunction, ConstructAbility::CanConstruct, GeneratorThisMode::NonEmpty, emptyTDZVariables, false);
     functionExecutable->m_nameValue.set(vm, functionExecutable, jsString(&vm, name.string()));

trunk/Source/JavaScriptCore/runtime/CodeCache.h

-                      r192937
+                      r193584
     UnlinkedProgramCodeBlock* getProgramCodeBlock(VM&, ProgramExecutable*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, DebuggerMode, ProfilerMode, ParserError&);
     UnlinkedEvalCodeBlock* getEvalCodeBlock(VM&, EvalExecutable*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
+    UnlinkedEvalCodeBlock* getEvalCodeBlock(VM&, EvalExecutable*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, bool, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
     UnlinkedModuleProgramCodeBlock* getModuleProgramCodeBlock(VM&, ModuleProgramExecutable*, const SourceCode&, JSParserBuiltinMode, DebuggerMode, ProfilerMode, ParserError&);
     UnlinkedFunctionExecutable* getFunctionExecutableFromGlobalCode(VM&, const Identifier&, const SourceCode&, ParserError&);
 …
 private:
     template <class UnlinkedCodeBlockType, class ExecutableType>
     UnlinkedCodeBlockType* getGlobalCodeBlock(VM&, ExecutableType*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
+    UnlinkedCodeBlockType* getGlobalCodeBlock(VM&, ExecutableType*, const SourceCode&, JSParserBuiltinMode, JSParserStrictMode, ThisTDZMode, bool, DebuggerMode, ProfilerMode, ParserError&, const VariableEnvironment*);
     CodeCacheMap m_sourceCode;

trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h

r193493	r193584
342	342	macro(DateTimeFormat) \
343	343	macro(NumberFormat) \
	344	macro(newTargetLocal) \
	345	macro(derivedConstructor) \
344	346
345	347

trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

-                      r192937
+                      r193584
     JSFunction* constructor = jsCast<JSFunction*>(OP(2).jsValue().asCell());
+#if !ASSERT_DISABLED
+    ConstructData constructData;
+    ASSERT(constructor->methodTable()->getConstructData(constructor, constructData) == ConstructTypeJS || constructor->jsExecutable()->isArrowFunction());
+#endif
     auto& cacheWriteBarrier = pc[4].u.jsCell;
     if (!cacheWriteBarrier)

trunk/Source/JavaScriptCore/runtime/Executable.cpp

-                      r192937
+                      r193584
 const ClassInfo ScriptExecutable::s_info = { "ScriptExecutable", &ExecutableBase::s_info, 0, CREATE_METHOD_TABLE(ScriptExecutable) };
 ScriptExecutable::ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext)
+ScriptExecutable::ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext, bool isInDerivedConstructorContext, bool isInArrowFunctionContext)
     : ExecutableBase(vm, structure, NUM_PARAMETERS_NOT_COMPILED)
     , m_source(source)
 …
     , m_neverInline(false)
     , m_didTryToEnterInLoop(false)
+    , m_isDerivedConstructorContext(isInDerivedConstructorContext)
+    , m_isArrowFunctionContext(isInArrowFunctionContext)
     , m_overrideLineNumber(-1)
     , m_firstLine(-1)
 …
 const ClassInfo EvalExecutable::s_info = { "EvalExecutable", &ScriptExecutable::s_info, 0, CREATE_METHOD_TABLE(EvalExecutable) };
 EvalExecutable* EvalExecutable::create(ExecState* exec, const SourceCode& source, bool isInStrictContext, ThisTDZMode thisTDZMode, const VariableEnvironment* variablesUnderTDZ)
+EvalExecutable* EvalExecutable::create(ExecState* exec, const SourceCode& source, bool isInStrictContext, ThisTDZMode thisTDZMode, bool isDerivedConstructorContext, bool isArrowFunctionContext, const VariableEnvironment* variablesUnderTDZ)
+{
     JSGlobalObject* globalObject = exec->lexicalGlobalObject();
 …
+    }
     EvalExecutable* executable = new (NotNull, allocateCell<EvalExecutable>(*exec->heap())) EvalExecutable(exec, source, isInStrictContext);
+    EvalExecutable* executable = new (NotNull, allocateCell<EvalExecutable>(*exec->heap())) EvalExecutable(exec, source, isInStrictContext, isDerivedConstructorContext, isArrowFunctionContext);
     executable->finishCreation(exec->vm());
     UnlinkedEvalCodeBlock* unlinkedEvalCode = globalObject->createEvalCodeBlock(exec, executable, thisTDZMode, variablesUnderTDZ);
+    UnlinkedEvalCodeBlock* unlinkedEvalCode = globalObject->createEvalCodeBlock(exec, executable, thisTDZMode, isArrowFunctionContext, variablesUnderTDZ);
     if (!unlinkedEvalCode)
         return 0;
 …
+}
 EvalExecutable::EvalExecutable(ExecState* exec, const SourceCode& source, bool inStrictContext)
     : ScriptExecutable(exec->vm().evalExecutableStructure.get(), exec->vm(), source, inStrictContext)
+EvalExecutable::EvalExecutable(ExecState* exec, const SourceCode& source, bool inStrictContext, bool isDerivedConstructorContext, bool isArrowFunctionContext)
+    : ScriptExecutable(exec->vm().evalExecutableStructure.get(), exec->vm(), source, inStrictContext, isDerivedConstructorContext, isArrowFunctionContext)
+{
+}
 …
 ProgramExecutable::ProgramExecutable(ExecState* exec, const SourceCode& source)
     : ScriptExecutable(exec->vm().programExecutableStructure.get(), exec->vm(), source, false)
+    : ScriptExecutable(exec->vm().programExecutableStructure.get(), exec->vm(), source, false, false, false)
+{
     m_typeProfilingStartOffset = 0;
 …
 ModuleProgramExecutable::ModuleProgramExecutable(ExecState* exec, const SourceCode& source)
     : ScriptExecutable(exec->vm().moduleProgramExecutableStructure.get(), exec->vm(), source, false)
+    : ScriptExecutable(exec->vm().moduleProgramExecutableStructure.get(), exec->vm(), source, false, false, false)
+{
     m_typeProfilingStartOffset = 0;
 …
 const ClassInfo FunctionExecutable::s_info = { "FunctionExecutable", &ScriptExecutable::s_info, 0, CREATE_METHOD_TABLE(FunctionExecutable) };
+FunctionExecutable::FunctionExecutable(VM& vm, const SourceCode& source,
+    UnlinkedFunctionExecutable* unlinkedExecutable, unsigned firstLine,
+    unsigned lastLine, unsigned startColumn, unsigned endColumn)
+    : ScriptExecutable(vm.functionExecutableStructure.get(), vm, source, unlinkedExecutable->isInStrictContext())
+FunctionExecutable::FunctionExecutable(VM& vm, const SourceCode& source, UnlinkedFunctionExecutable* unlinkedExecutable, unsigned firstLine, unsigned lastLine, unsigned startColumn, unsigned endColumn)
+    : ScriptExecutable(vm.functionExecutableStructure.get(), vm, source, unlinkedExecutable->isInStrictContext(), unlinkedExecutable->isDerivedConstructorContext(), false)
     , m_unlinkedExecutable(vm, this, unlinkedExecutable)
+{

trunk/Source/JavaScriptCore/runtime/Executable.h

-                      r192937
+                      r193584
     bool usesArguments() const { return m_features & ArgumentsFeature; }
     bool needsActivation() const { return m_hasCapturedVariables || m_features & (EvalFeature | WithFeature); }
+    bool isArrowFunctionContext() const { return m_isArrowFunctionContext; }
     bool isStrictMode() const { return m_features & StrictModeFeature; }
+    bool isDerivedConstructorContext() const { return m_isDerivedConstructorContext; }
     ECMAMode ecmaMode() const { return isStrictMode() ? StrictMode : NotStrictMode; }
 …
 protected:
     ScriptExecutable(Structure* structure, VM& vm, const SourceCode& source, bool isInStrictContext);
+    ScriptExecutable(Structure*, VM&, const SourceCode&, bool isInStrictContext, bool isInDerivedConstructorContext, bool isInArrowFunctionContext);
     void finishCreation(VM& vm)
 …
     bool m_neverOptimize { false };
     bool m_didTryToEnterInLoop;
+    bool m_isDerivedConstructorContext;
+    bool m_isArrowFunctionContext;
     int m_overrideLineNumber;
     int m_firstLine;
 …
+    }
     static EvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, ThisTDZMode, const VariableEnvironment*);
+    static EvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, ThisTDZMode, bool isDerivedConstructorContext, bool isArrowFunctionContext, const VariableEnvironment*);
     PassRefPtr<JITCode> generatedJITCode()
 …
     DECLARE_INFO;
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, GeneratorThisMode::NonEmpty, SuperBinding::NotNeeded, SourceParseMode::ProgramMode); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, GeneratorThisMode::NonEmpty, SuperBinding::NotNeeded, SourceParseMode::ProgramMode, isDerivedConstructorContext(), isArrowFunctionContext()); }
     unsigned numVariables() { return m_unlinkedEvalCodeBlock->numVariables(); }
 …
     friend class ExecutableBase;
     friend class ScriptExecutable;
     EvalExecutable(ExecState*, const SourceCode&, bool);
+    EvalExecutable(ExecState*, const SourceCode&, bool inStrictContext, bool isDerivedConstructorContext, bool isArrowFunctionContext);
     static void visitChildren(JSCell*, SlotVisitor&);
 …
     DECLARE_INFO;
     ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, GeneratorThisMode::NonEmpty, SuperBinding::NotNeeded, SourceParseMode::ProgramMode); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, GeneratorThisMode::NonEmpty, SuperBinding::NotNeeded, SourceParseMode::ProgramMode, isDerivedConstructorContext(), false); }
 private:
 …
     DECLARE_INFO;
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, GeneratorThisMode::NonEmpty, SuperBinding::NotNeeded, SourceParseMode::ModuleEvaluateMode); }
+    ExecutableInfo executableInfo() const { return ExecutableInfo(needsActivation(), usesEval(), isStrictMode(), false, false, ConstructorKind::None, GeneratorThisMode::NonEmpty, SuperBinding::NotNeeded, SourceParseMode::ModuleEvaluateMode, isDerivedConstructorContext(), false); }
     UnlinkedModuleProgramCodeBlock* unlinkedModuleProgramCodeBlock() { return m_unlinkedModuleProgramCodeBlock.get(); }
 …
     bool isBuiltinFunction() const { return m_unlinkedExecutable->isBuiltinFunction(); }
     ConstructAbility constructAbility() const { return m_unlinkedExecutable->constructAbility(); }
+    // TODO:Think about avoid using isArrowFunction veriabl
+    bool isArrowFunction() const { return parseMode() == SourceParseMode::ArrowFunctionMode; }
+    bool isDerivedConstructorContext() const { return m_unlinkedExecutable->isDerivedConstructorContext(); }
     bool isClassConstructorFunction() const { return m_unlinkedExecutable->isClassConstructorFunction(); }
     const Identifier& name() { return m_unlinkedExecutable->name(); }
 …
     size_t parameterCount() const { return m_unlinkedExecutable->parameterCount(); } // Excluding 'this'!
     SourceParseMode parseMode() const { return m_unlinkedExecutable->parseMode(); }
-    bool isArrowFunction() const { return parseMode() == SourceParseMode::ArrowFunctionMode; }
     static void visitChildren(JSCell*, SlotVisitor&);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

-                      r193493
+                      r193584
+}
 UnlinkedEvalCodeBlock* JSGlobalObject::createEvalCodeBlock(CallFrame* callFrame, EvalExecutable* executable, ThisTDZMode thisTDZMode, const VariableEnvironment* variablesUnderTDZ)
+UnlinkedEvalCodeBlock* JSGlobalObject::createEvalCodeBlock(CallFrame* callFrame, EvalExecutable* executable, ThisTDZMode thisTDZMode, bool isArrowFunctionContext, const VariableEnvironment* variablesUnderTDZ)
+{
     ParserError error;
 …
     ProfilerMode profilerMode = hasProfiler() ? ProfilerOn : ProfilerOff;
     UnlinkedEvalCodeBlock* unlinkedCodeBlock = vm().codeCache()->getEvalCodeBlock(
         vm(), executable, executable->source(), JSParserBuiltinMode::NotBuiltin, strictMode, thisTDZMode, debuggerMode, profilerMode, error, variablesUnderTDZ);
+        vm(), executable, executable->source(), JSParserBuiltinMode::NotBuiltin, strictMode, thisTDZMode, isArrowFunctionContext, debuggerMode, profilerMode, error, variablesUnderTDZ);
     if (hasDebugger())

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

r192937	r193584
670	670
671	671	UnlinkedProgramCodeBlock* createProgramCodeBlock(CallFrame, ProgramExecutable, JSObject** exception);
672		UnlinkedEvalCodeBlock* createEvalCodeBlock(CallFrame, EvalExecutable, ThisTDZMode, const VariableEnvironment*);
	672	UnlinkedEvalCodeBlock* createEvalCodeBlock(CallFrame, EvalExecutable, ThisTDZMode, bool isArrowFunctionContext, const VariableEnvironment*);
673	673	UnlinkedModuleProgramCodeBlock* createModuleProgramCodeBlock(CallFrame, ModuleProgramExecutable);
674	674

trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

r192882	r193584
582	582	JSGlobalObject* calleeGlobalObject = exec->callee()->globalObject();
583	583	VariableEnvironment emptyTDZVariables; // Indirect eval does not have access to the lexical scope.
584		EvalExecutable* eval = EvalExecutable::create(exec, makeSource(s), false, ThisTDZMode::CheckIfNeeded, &emptyTDZVariables);
	584	EvalExecutable* eval = EvalExecutable::create(exec, makeSource(s), false, ThisTDZMode::CheckIfNeeded, false, false, &emptyTDZVariables);
585	585	if (!eval)
586	586	return JSValue::encode(jsUndefined());

trunk/Source/JavaScriptCore/tests/es6.yaml

r192937	r193584
746	746	cmd: runES6 :fail
747	747	- path: es6/arrow_functions_lexical_new.target_binding.js
748		cmd: runES6 :~~fai~~l
	748	cmd: runES6 :normal
749	749	- path: es6/arrow_functions_lexical_super_binding.js
750	750	cmd: runES6 :fail

trunk/Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink-osrexit.js

r192882	r193584
1		var n = 1000000;
	1	var n = 100000;
2	2
3	3	function bar() { }

trunk/Source/JavaScriptCore/tests/stress/arrowfunction-activation-sink.js

r192882	r193584
1		var n = 10000000;
	1	var n = 1000000;
2	2
3	3	function bar(f) { f(10); }

trunk/Source/JavaScriptCore/tests/stress/arrowfunction-lexical-bind-this-1.js

-                      r192882
+                      r193584
   this.getName = () => eval("this.name");
   this.getNameHard = () => eval("(() => this.name)()");
+  this.getNameReallyHard = () => eval("eval('(() => this.name)()')");
+}
 …
   testCase(d.getName(), d.name, "Error: this is not lexically binded inside of the arrow function #1");
   testCase(d.getNameHard(), d.name, "Error: this is not lexically binded inside of the arrow function #2");
+  testCase(d.getNameReallyHard(), d.name, "Error: this is not lexically binded inside of the arrow function #3");
+}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 193584 in webkit

Legend:

Download in other formats: