Changeset 220778 in webkit
- Timestamp:
- Aug 15, 2017 6:10:01 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 18 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r220735 r220778 1 2017-08-15 Robin Morisset <rmorisset@apple.com> 2 3 Support the 'with' keyword in FTL. 4 https://bugs.webkit.org/show_bug.cgi?id=175585 5 6 Reviewed by Saam Barati. 7 8 Also improve the JSTest/stress/with.js file to test 9 what happens when non-objects are passed to with. 10 11 * stress/with.js: 12 (foo): 13 (i.catch): 14 (i.with): Deleted. 15 1 16 2017-08-14 Keith Miller <keith_miller@apple.com> 2 17 -
trunk/JSTests/stress/with.js
r220724 r220778 1 for (var i = 0; i < 10000; ++i) { 2 var x = 1; 3 var y = 2; 4 5 var z = {a: 42}; 6 with (z) { 1 function foo (x, y, z, newX, checkZ, errorMessage) { 2 with(z) { 7 3 x = y; 8 4 } 9 if (x !== 2 || y !== 2 || z.a !== 42) { 10 throw "Error: bad result, first case, for i = " + i; 11 } 12 13 z = {y: 42} 14 with (z) { 15 x = y; 16 } 17 if (x !== 42 || y !== 2 || z.y !== 42) { 18 throw "Error: bad result, second case, for i = " + i; 19 } 20 21 z = {x: 13}; 22 with (z) { 23 x = y; 24 } 25 if (x !== 42 || y !== 2 || z.x !== 2) { 26 throw "Error: bad result, third case, for i = " + i; 27 } 28 29 z = {x:13, y:14}; 30 with (z) { 31 x = y; 32 } 33 if (x !== 42 || y !== 2 || z.x !== 14 || z.y !== 14) { 34 throw "Error: bad result, fourth case, for i = " + i; 5 if (x !== newX || !checkZ(z)) { 6 throw errorMessage; 35 7 } 36 8 } 9 10 for (var i = 0; i < 10000; ++i) { 11 foo(1, 2, {a:42}, 2, z => z.a === 42, "Error: bad result for non-overlapping case, i = " + i); 12 foo(1, 2, {x:42}, 1, z => z.x === 2, "Error: bad result for setter case, i = " + i); 13 foo(1, 2, {y:42}, 42, z => z.y === 42, "Error: bad result for getter case, i = " + i); 14 foo(1, 2, {x:42, y:13}, 1, z => z.x === 13 && z.y === 13, "Error: bad result for setter/getter case, i = " + i); 15 foo(1, 2, "toto", 2, z => z === "toto", "Error: bad result for string case, i = " + i); 16 try { 17 foo(1, 2, null, 2, z => 18 {throw "Error: missing type error, i = " + i}, "Unreachable"); 19 } catch (e) { 20 if (!(e instanceof TypeError)) { 21 throw e; 22 } 23 } 24 } -
trunk/Source/JavaScriptCore/ChangeLog
r220777 r220778 1 2017-08-15 Robin Morisset <rmorisset@apple.com> 2 3 Support the 'with' keyword in FTL 4 https://bugs.webkit.org/show_bug.cgi?id=175585 5 6 Reviewed by Saam Barati. 7 8 Also makes sure that the order of arguments of PushWithScope, op_push_with_scope, JSWithScope::create() 9 and so on is consistent (always parentScope first, the new scopeObject second). We used to go from one 10 to the other at different step which was quite confusing. I picked this order for consistency with CreateActivation 11 that takes its parentScope argument first. 12 13 * bytecompiler/BytecodeGenerator.cpp: 14 (JSC::BytecodeGenerator::emitPushWithScope): 15 * debugger/DebuggerCallFrame.cpp: 16 (JSC::DebuggerCallFrame::evaluateWithScopeExtension): 17 * dfg/DFGByteCodeParser.cpp: 18 (JSC::DFG::ByteCodeParser::parseBlock): 19 * dfg/DFGFixupPhase.cpp: 20 (JSC::DFG::FixupPhase::fixupNode): 21 * dfg/DFGSpeculativeJIT.cpp: 22 (JSC::DFG::SpeculativeJIT::compilePushWithScope): 23 * ftl/FTLCapabilities.cpp: 24 (JSC::FTL::canCompile): 25 * ftl/FTLLowerDFGToB3.cpp: 26 (JSC::FTL::DFG::LowerDFGToB3::compileNode): 27 (JSC::FTL::DFG::LowerDFGToB3::compilePushWithScope): 28 * jit/JITOperations.cpp: 29 * runtime/CommonSlowPaths.cpp: 30 (JSC::SLOW_PATH_DECL): 31 * runtime/Completion.cpp: 32 (JSC::evaluateWithScopeExtension): 33 * runtime/JSWithScope.cpp: 34 (JSC::JSWithScope::create): 35 * runtime/JSWithScope.h: 36 1 37 2017-08-15 Saam Barati <sbarati@apple.com> 2 38 -
trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
r220735 r220778 3767 3767 emitOpcode(op_push_with_scope); 3768 3768 instructions().append(newScope->index()); 3769 instructions().append(scopeRegister()->index()); 3769 3770 instructions().append(objectScope->index()); 3770 instructions().append(scopeRegister()->index());3771 3771 3772 3772 emitMove(scopeRegister(), newScope); -
trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp
r218794 r220778 256 256 if (scopeExtensionObject) { 257 257 JSScope* ignoredPreviousScope = globalObject->globalScope(); 258 globalObject->setGlobalScopeExtension(JSWithScope::create(vm, globalObject, scopeExtensionObject, ignoredPreviousScope));258 globalObject->setGlobalScopeExtension(JSWithScope::create(vm, globalObject, ignoredPreviousScope, scopeExtensionObject)); 259 259 } 260 260 -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r220770 r220778 5652 5652 5653 5653 case op_push_with_scope: { 5654 Node* scopeObject= get(VirtualRegister(currentInstruction[2].u.operand));5655 Node* currentScope= get(VirtualRegister(currentInstruction[3].u.operand));5656 set(VirtualRegister(currentInstruction[1].u.operand), addToGraph(PushWithScope, scopeObject, currentScope));5654 Node* currentScope = get(VirtualRegister(currentInstruction[2].u.operand)); 5655 Node* object = get(VirtualRegister(currentInstruction[3].u.operand)); 5656 set(VirtualRegister(currentInstruction[1].u.operand), addToGraph(PushWithScope, currentScope, object)); 5657 5657 NEXT_OPCODE(op_push_with_scope); 5658 5658 } -
trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
r220735 r220778 1711 1711 case CreateScopedArguments: 1712 1712 case CreateActivation: 1713 case PushWithScope: 1713 1714 case NewFunction: 1714 1715 case NewGeneratorFunction: 1715 1716 case NewAsyncFunction: { 1716 1717 fixEdge<CellUse>(node->child1()); 1717 break;1718 }1719 1720 case PushWithScope: {1721 // Child2 is always the current scope, which is guaranteed to be an object.1722 fixEdge<KnownCellUse>(node->child2());1723 1718 break; 1724 1719 } -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r220724 r220778 1127 1127 void SpeculativeJIT::compilePushWithScope(Node* node) 1128 1128 { 1129 JSValueOperand scopeObject(this, node->child1()); 1130 SpeculateCellOperand currentScope(this, node->child2()); 1131 JSValueRegs scopeObjectRegs = scopeObject.jsValueRegs(); 1129 SpeculateCellOperand currentScope(this, node->child1()); 1132 1130 GPRReg currentScopeGPR = currentScope.gpr(); 1131 1132 JSValueOperand object(this, node->child2()); 1133 JSValueRegs objectRegs = object.jsValueRegs(); 1133 1134 1134 1135 GPRFlushedCallResult result(this); … … 1136 1137 1137 1138 flushRegisters(); 1138 callOperation(operationPushWithScope, resultGPR, currentScopeGPR, scopeObjectRegs);1139 callOperation(operationPushWithScope, resultGPR, currentScopeGPR, objectRegs); 1139 1140 m_jit.exceptionCheck(); 1140 1141 -
trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
r220118 r220778 116 116 case GetGlobalObject: 117 117 case CreateActivation: 118 case PushWithScope: 118 119 case NewFunction: 119 120 case NewGeneratorFunction: -
trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
r220712 r220778 740 740 compileCreateActivation(); 741 741 break; 742 case PushWithScope: 743 compilePushWithScope(); 744 break; 742 745 case NewFunction: 743 746 case NewGeneratorFunction: … … 4263 4266 } 4264 4267 } 4265 4268 4269 void compilePushWithScope() 4270 { 4271 LValue parentScope = lowCell(m_node->child1()); 4272 LValue object = lowJSValue(m_node->child2()); 4273 4274 LValue result = vmCall(Int64, m_out.operation(operationPushWithScope), m_callFrame, parentScope, object); 4275 4276 setJSValue(result); 4277 } 4278 4266 4279 void compileCreateActivation() 4267 4280 { -
trunk/Source/JavaScriptCore/jit/JITOperations.cpp
r220724 r220778 1997 1997 } 1998 1998 1999 JSCell* JIT_OPERATION operationPushWithScope(ExecState* exec, JSCell* currentScopeCell, EncodedJSValue scopeObjectValue)1999 JSCell* JIT_OPERATION operationPushWithScope(ExecState* exec, JSCell* currentScopeCell, EncodedJSValue objectValue) 2000 2000 { 2001 2001 VM& vm = exec->vm(); … … 2003 2003 auto scope = DECLARE_THROW_SCOPE(vm); 2004 2004 2005 JSObject* newScope = JSValue::decode(scopeObjectValue).toObject(exec);2005 JSObject* object = JSValue::decode(objectValue).toObject(exec); 2006 2006 RETURN_IF_EXCEPTION(scope, nullptr); 2007 2007 2008 2008 JSScope* currentScope = jsCast<JSScope*>(currentScopeCell); 2009 2009 2010 return JSWithScope::create(vm, exec->lexicalGlobalObject(), newScope, currentScope);2010 return JSWithScope::create(vm, exec->lexicalGlobalObject(), currentScope, object); 2011 2011 } 2012 2012 -
trunk/Source/JavaScriptCore/jit/JITOperations.h
r220724 r220778 420 420 EncodedJSValue JIT_OPERATION operationDeleteByValJSResult(ExecState*, EncodedJSValue base, EncodedJSValue target) WTF_INTERNAL; 421 421 size_t JIT_OPERATION operationDeleteByVal(ExecState*, EncodedJSValue base, EncodedJSValue target) WTF_INTERNAL; 422 JSCell* JIT_OPERATION operationPushWithScope(ExecState*, JSCell* currentScopeCell, EncodedJSValue scopeObject) WTF_INTERNAL;422 JSCell* JIT_OPERATION operationPushWithScope(ExecState*, JSCell* currentScopeCell, EncodedJSValue object) WTF_INTERNAL; 423 423 JSCell* JIT_OPERATION operationGetPNames(ExecState*, JSObject*) WTF_INTERNAL; 424 424 EncodedJSValue JIT_OPERATION operationInstanceOf(ExecState*, EncodedJSValue, EncodedJSValue proto) WTF_INTERNAL; -
trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
r218794 r220778 815 815 { 816 816 BEGIN(); 817 JSObject* newScope = OP_C( 2).jsValue().toObject(exec);818 CHECK_EXCEPTION(); 819 820 int scopeReg = pc[ 3].u.operand;817 JSObject* newScope = OP_C(3).jsValue().toObject(exec); 818 CHECK_EXCEPTION(); 819 820 int scopeReg = pc[2].u.operand; 821 821 JSScope* currentScope = exec->uncheckedR(scopeReg).Register::scope(); 822 RETURN(JSWithScope::create(vm, exec->lexicalGlobalObject(), newScope, currentScope));822 RETURN(JSWithScope::create(vm, exec->lexicalGlobalObject(), currentScope, newScope)); 823 823 } 824 824 -
trunk/Source/JavaScriptCore/runtime/Completion.cpp
r220186 r220778 124 124 if (scopeExtensionObject) { 125 125 JSScope* ignoredPreviousScope = globalObject->globalScope(); 126 globalObject->setGlobalScopeExtension(JSWithScope::create(exec->vm(), globalObject, scopeExtensionObject, ignoredPreviousScope));126 globalObject->setGlobalScopeExtension(JSWithScope::create(exec->vm(), globalObject, ignoredPreviousScope, scopeExtensionObject)); 127 127 } 128 128 -
trunk/Source/JavaScriptCore/runtime/JSWithScope.cpp
r217108 r220778 34 34 35 35 JSWithScope* JSWithScope::create( 36 VM& vm, JSGlobalObject* globalObject, JS Object* object, JSScope* next)36 VM& vm, JSGlobalObject* globalObject, JSScope* next, JSObject* object) 37 37 { 38 38 Structure* structure = globalObject->withScopeStructure(); -
trunk/Source/JavaScriptCore/runtime/JSWithScope.h
r206525 r220778 34 34 typedef JSScope Base; 35 35 36 JS_EXPORT_PRIVATE static JSWithScope* create(VM&, JSGlobalObject*, JS Object*, JSScope* next);36 JS_EXPORT_PRIVATE static JSWithScope* create(VM&, JSGlobalObject*, JSScope* next, JSObject*); 37 37 38 38 JSObject* object() { return m_object.get(); } -
trunk/Source/WebCore/ChangeLog
r220764 r220778 1 2017-08-15 Robin Morisset <rmorisset@apple.com> 2 3 Change the order of arguments of JSWithScope::create() for consistency 4 https://bugs.webkit.org/show_bug.cgi?id=175585 5 6 Reviewed by Saam Barati. 7 8 No change of behavior. 9 10 * bindings/js/JSHTMLElementCustom.cpp: 11 (WebCore::JSHTMLElement::pushEventHandlerScope const): 12 1 13 2017-08-15 Youenn Fablet <youenn@apple.com> 2 14 -
trunk/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp
r211892 r220778 121 121 JSGlobalObject* lexicalGlobalObject = exec->lexicalGlobalObject(); 122 122 123 scope = JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), element.document())), scope);123 scope = JSWithScope::create(vm, lexicalGlobalObject, scope, asObject(toJS(exec, globalObject(), element.document()))); 124 124 125 125 // The form is next, searched before the document, but after the element itself. 126 126 if (HTMLFormElement* form = element.form()) 127 scope = JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), *form)), scope);127 scope = JSWithScope::create(vm, lexicalGlobalObject, scope, asObject(toJS(exec, globalObject(), *form))); 128 128 129 129 // The element is on top, searched first. 130 return JSWithScope::create(vm, lexicalGlobalObject, asObject(toJS(exec, globalObject(), element)), scope);130 return JSWithScope::create(vm, lexicalGlobalObject, scope, asObject(toJS(exec, globalObject(), element))); 131 131 } 132 132
Note: See TracChangeset
for help on using the changeset viewer.