Changeset 226269 in webkit
- Timestamp:
- Dec 22, 2017 11:51:03 AM (6 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 12 edited
-
ChangeLog (modified) (1 diff)
-
dfg/DFGOperations.cpp (modified) (3 diffs)
-
dfg/DFGOperations.h (modified) (1 diff)
-
dfg/DFGSpeculativeJIT.cpp (modified) (3 diffs)
-
dfg/DFGSpeculativeJIT.h (modified) (8 diffs)
-
dfg/DFGSpeculativeJIT32_64.cpp (modified) (14 diffs)
-
dfg/DFGSpeculativeJIT64.cpp (modified) (10 diffs)
-
ftl/FTLLowerDFGToB3.cpp (modified) (3 diffs)
-
jit/JITOperations.cpp (modified) (2 diffs)
-
jit/JITOperations.h (modified) (2 diffs)
-
runtime/StringPrototype.cpp (modified) (29 diffs)
-
runtime/StringPrototype.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r226268 r226269 1 2017-12-22 Yusuke Suzuki <utatane.tea@gmail.com> 2 3 [DFG] Cleaning up and unifying 32bit code more 4 https://bugs.webkit.org/show_bug.cgi?id=181124 5 6 Reviewed by Mark Lam. 7 8 This patch unifies DFG 32bit code into 64bit code more. In this patch, we move RegExp DFG nodes 9 from 32bit / 64bit code to the common code. We change some RegExp operations to returning JSCell* 10 instead of EncodedJSValue. This simplifies DFG implementation. 11 12 And we also move HasGenericProperty since we now have JSValueRegsFlushedCallResult. ToPrimive, 13 LogShadowChickenPrologue, and LogShadowChickenTail are almost the same in 32bit and 64bit. 14 Thus, it is unified easily. 15 16 And we also move some GPRFlushedCallResult from the original places to the places just after 17 `flushRegisters()` not to spill unnecessary registers. 18 19 * dfg/DFGOperations.cpp: 20 * dfg/DFGOperations.h: 21 * dfg/DFGSpeculativeJIT.cpp: 22 (JSC::DFG::SpeculativeJIT::compileRegExpExec): 23 (JSC::DFG::SpeculativeJIT::compileRegExpTest): 24 (JSC::DFG::SpeculativeJIT::compileStringReplace): 25 (JSC::DFG::SpeculativeJIT::compileHasGenericProperty): 26 (JSC::DFG::SpeculativeJIT::compileToPrimitive): 27 (JSC::DFG::SpeculativeJIT::compileLogShadowChickenPrologue): 28 (JSC::DFG::SpeculativeJIT::compileLogShadowChickenTail): 29 * dfg/DFGSpeculativeJIT.h: 30 (JSC::DFG::SpeculativeJIT::callOperation): 31 * dfg/DFGSpeculativeJIT32_64.cpp: 32 (JSC::DFG::SpeculativeJIT::emitCall): 33 (JSC::DFG::SpeculativeJIT::compile): 34 * dfg/DFGSpeculativeJIT64.cpp: 35 (JSC::DFG::SpeculativeJIT::compile): 36 (JSC::DFG::SpeculativeJIT::speculateDoubleRepAnyInt): 37 * ftl/FTLLowerDFGToB3.cpp: 38 (JSC::FTL::DFG::LowerDFGToB3::compileStringReplace): 39 * jit/JITOperations.cpp: 40 * jit/JITOperations.h: 41 * runtime/StringPrototype.cpp: 42 (JSC::jsSpliceSubstrings): 43 (JSC::jsSpliceSubstringsWithSeparators): 44 (JSC::removeUsingRegExpSearch): 45 (JSC::replaceUsingRegExpSearch): 46 (JSC::operationStringProtoFuncReplaceRegExpEmptyStr): 47 (JSC::operationStringProtoFuncReplaceRegExpString): 48 (JSC::replaceUsingStringSearch): 49 (JSC::replace): 50 (JSC::stringProtoFuncReplaceUsingRegExp): 51 (JSC::stringProtoFuncReplaceUsingStringSearch): 52 (JSC::operationStringProtoFuncReplaceGeneric): 53 * runtime/StringPrototype.h: 54 1 55 2017-12-22 Michael Catanzaro <mcatanzaro@igalia.com> 2 56 -
trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
r225832 r226269 56 56 #include "JSLexicalEnvironment.h" 57 57 #include "JSMap.h" 58 #include "JSPropertyNameEnumerator.h" 58 59 #include "JSSet.h" 59 60 #include "ObjectConstructor.h" … … 1801 1802 } 1802 1803 1804 EncodedJSValue JIT_OPERATION operationHasGenericProperty(ExecState* exec, EncodedJSValue encodedBaseValue, JSCell* propertyName) 1805 { 1806 VM& vm = exec->vm(); 1807 NativeCallFrameTracer tracer(&vm, exec); 1808 JSValue baseValue = JSValue::decode(encodedBaseValue); 1809 if (baseValue.isUndefinedOrNull()) 1810 return JSValue::encode(jsBoolean(false)); 1811 1812 JSObject* base = baseValue.toObject(exec); 1813 if (!base) 1814 return JSValue::encode(JSValue()); 1815 return JSValue::encode(jsBoolean(base->hasPropertyGeneric(exec, asString(propertyName)->toIdentifier(exec), PropertySlot::InternalMethodType::GetOwnProperty))); 1816 } 1817 1803 1818 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyByInt(ExecState* exec, JSCell* baseCell, int32_t subscript, int32_t internalMethodType) 1804 1819 { … … 1811 1826 } 1812 1827 return JSValue::encode(jsBoolean(object->hasPropertyGeneric(exec, subscript, static_cast<PropertySlot::InternalMethodType>(internalMethodType)))); 1828 } 1829 1830 JSCell* JIT_OPERATION operationGetPropertyEnumerator(ExecState* exec, EncodedJSValue encodedBase) 1831 { 1832 VM& vm = exec->vm(); 1833 NativeCallFrameTracer tracer(&vm, exec); 1834 auto scope = DECLARE_THROW_SCOPE(vm); 1835 1836 JSValue base = JSValue::decode(encodedBase); 1837 if (base.isUndefinedOrNull()) 1838 return JSPropertyNameEnumerator::create(vm); 1839 1840 JSObject* baseObject = base.toObject(exec); 1841 RETURN_IF_EXCEPTION(scope, { }); 1842 1843 scope.release(); 1844 return propertyNameEnumerator(exec, baseObject); 1845 } 1846 1847 JSCell* JIT_OPERATION operationGetPropertyEnumeratorCell(ExecState* exec, JSCell* cell) 1848 { 1849 VM& vm = exec->vm(); 1850 NativeCallFrameTracer tracer(&vm, exec); 1851 auto scope = DECLARE_THROW_SCOPE(vm); 1852 1853 JSObject* base = cell->toObject(exec, exec->lexicalGlobalObject()); 1854 RETURN_IF_EXCEPTION(scope, { }); 1855 1856 scope.release(); 1857 return propertyNameEnumerator(exec, base); 1858 } 1859 1860 JSCell* JIT_OPERATION operationToIndexString(ExecState* exec, int32_t index) 1861 { 1862 VM& vm = exec->vm(); 1863 NativeCallFrameTracer tracer(&vm, exec); 1864 return jsString(exec, Identifier::from(exec, index).string()); 1813 1865 } 1814 1866 -
trunk/Source/JavaScriptCore/dfg/DFGOperations.h
r225832 r226269 81 81 EncodedJSValue JIT_OPERATION operationGetPrototypeOf(ExecState*, EncodedJSValue) WTF_INTERNAL; 82 82 EncodedJSValue JIT_OPERATION operationGetPrototypeOfObject(ExecState*, JSObject*) WTF_INTERNAL; 83 EncodedJSValue JIT_OPERATION operationHasGenericProperty(ExecState*, EncodedJSValue, JSCell*); 83 84 EncodedJSValue JIT_OPERATION operationHasIndexedPropertyByInt(ExecState*, JSCell*, int32_t, int32_t); 85 JSCell* JIT_OPERATION operationGetPropertyEnumerator(ExecState*, EncodedJSValue); 86 JSCell* JIT_OPERATION operationGetPropertyEnumeratorCell(ExecState*, JSCell*); 87 JSCell* JIT_OPERATION operationToIndexString(ExecState*, int32_t); 84 88 char* JIT_OPERATION operationNewArray(ExecState*, Structure*, void*, size_t) WTF_INTERNAL; 85 89 char* JIT_OPERATION operationNewEmptyArray(ExecState*, Structure*) WTF_INTERNAL; -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r226261 r226269 10424 10424 } 10425 10425 10426 void SpeculativeJIT::compileRegExpExec(Node* node) 10427 { 10428 bool sample = false; 10429 if (sample) 10430 m_jit.incrementSuperSamplerCount(); 10431 10432 SpeculateCellOperand globalObject(this, node->child1()); 10433 GPRReg globalObjectGPR = globalObject.gpr(); 10434 10435 if (node->child2().useKind() == RegExpObjectUse) { 10436 if (node->child3().useKind() == StringUse) { 10437 SpeculateCellOperand base(this, node->child2()); 10438 SpeculateCellOperand argument(this, node->child3()); 10439 GPRReg baseGPR = base.gpr(); 10440 GPRReg argumentGPR = argument.gpr(); 10441 speculateRegExpObject(node->child2(), baseGPR); 10442 speculateString(node->child3(), argumentGPR); 10443 10444 flushRegisters(); 10445 JSValueRegsFlushedCallResult result(this); 10446 JSValueRegs resultRegs = result.regs(); 10447 callOperation(operationRegExpExecString, resultRegs, globalObjectGPR, baseGPR, argumentGPR); 10448 m_jit.exceptionCheck(); 10449 10450 jsValueResult(resultRegs, node); 10451 10452 if (sample) 10453 m_jit.decrementSuperSamplerCount(); 10454 return; 10455 } 10456 10457 SpeculateCellOperand base(this, node->child2()); 10458 JSValueOperand argument(this, node->child3()); 10459 GPRReg baseGPR = base.gpr(); 10460 JSValueRegs argumentRegs = argument.jsValueRegs(); 10461 speculateRegExpObject(node->child2(), baseGPR); 10462 10463 flushRegisters(); 10464 JSValueRegsFlushedCallResult result(this); 10465 JSValueRegs resultRegs = result.regs(); 10466 callOperation(operationRegExpExec, resultRegs, globalObjectGPR, baseGPR, argumentRegs); 10467 m_jit.exceptionCheck(); 10468 10469 jsValueResult(resultRegs, node); 10470 10471 if (sample) 10472 m_jit.decrementSuperSamplerCount(); 10473 return; 10474 } 10475 10476 JSValueOperand base(this, node->child2()); 10477 JSValueOperand argument(this, node->child3()); 10478 JSValueRegs baseRegs = base.jsValueRegs(); 10479 JSValueRegs argumentRegs = argument.jsValueRegs(); 10480 10481 flushRegisters(); 10482 JSValueRegsFlushedCallResult result(this); 10483 JSValueRegs resultRegs = result.regs(); 10484 callOperation(operationRegExpExecGeneric, resultRegs, globalObjectGPR, baseRegs, argumentRegs); 10485 m_jit.exceptionCheck(); 10486 10487 jsValueResult(resultRegs, node); 10488 10489 if (sample) 10490 m_jit.decrementSuperSamplerCount(); 10491 } 10492 10493 void SpeculativeJIT::compileRegExpTest(Node* node) 10494 { 10495 SpeculateCellOperand globalObject(this, node->child1()); 10496 GPRReg globalObjectGPR = globalObject.gpr(); 10497 10498 if (node->child2().useKind() == RegExpObjectUse) { 10499 if (node->child3().useKind() == StringUse) { 10500 SpeculateCellOperand base(this, node->child2()); 10501 SpeculateCellOperand argument(this, node->child3()); 10502 GPRReg baseGPR = base.gpr(); 10503 GPRReg argumentGPR = argument.gpr(); 10504 speculateRegExpObject(node->child2(), baseGPR); 10505 speculateString(node->child3(), argumentGPR); 10506 10507 flushRegisters(); 10508 GPRFlushedCallResult result(this); 10509 callOperation(operationRegExpTestString, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 10510 m_jit.exceptionCheck(); 10511 10512 unblessedBooleanResult(result.gpr(), node); 10513 return; 10514 } 10515 10516 SpeculateCellOperand base(this, node->child2()); 10517 JSValueOperand argument(this, node->child3()); 10518 GPRReg baseGPR = base.gpr(); 10519 JSValueRegs argumentRegs = argument.jsValueRegs(); 10520 speculateRegExpObject(node->child2(), baseGPR); 10521 10522 flushRegisters(); 10523 GPRFlushedCallResult result(this); 10524 callOperation(operationRegExpTest, result.gpr(), globalObjectGPR, baseGPR, argumentRegs); 10525 m_jit.exceptionCheck(); 10526 10527 unblessedBooleanResult(result.gpr(), node); 10528 return; 10529 } 10530 10531 JSValueOperand base(this, node->child2()); 10532 JSValueOperand argument(this, node->child3()); 10533 JSValueRegs baseRegs = base.jsValueRegs(); 10534 JSValueRegs argumentRegs = argument.jsValueRegs(); 10535 10536 flushRegisters(); 10537 GPRFlushedCallResult result(this); 10538 callOperation(operationRegExpTestGeneric, result.gpr(), globalObjectGPR, baseRegs, argumentRegs); 10539 m_jit.exceptionCheck(); 10540 10541 unblessedBooleanResult(result.gpr(), node); 10542 } 10543 10544 void SpeculativeJIT::compileStringReplace(Node* node) 10545 { 10546 ASSERT(node->op() == StringReplace || node->op() == StringReplaceRegExp); 10547 bool sample = false; 10548 if (sample) 10549 m_jit.incrementSuperSamplerCount(); 10550 10551 if (node->child1().useKind() == StringUse 10552 && node->child2().useKind() == RegExpObjectUse 10553 && node->child3().useKind() == StringUse) { 10554 if (JSString* replace = node->child3()->dynamicCastConstant<JSString*>(*m_jit.vm())) { 10555 if (!replace->length()) { 10556 SpeculateCellOperand string(this, node->child1()); 10557 SpeculateCellOperand regExp(this, node->child2()); 10558 GPRReg stringGPR = string.gpr(); 10559 GPRReg regExpGPR = regExp.gpr(); 10560 speculateString(node->child1(), stringGPR); 10561 speculateRegExpObject(node->child2(), regExpGPR); 10562 10563 flushRegisters(); 10564 GPRFlushedCallResult result(this); 10565 callOperation(operationStringProtoFuncReplaceRegExpEmptyStr, result.gpr(), stringGPR, regExpGPR); 10566 m_jit.exceptionCheck(); 10567 cellResult(result.gpr(), node); 10568 if (sample) 10569 m_jit.decrementSuperSamplerCount(); 10570 return; 10571 } 10572 } 10573 10574 SpeculateCellOperand string(this, node->child1()); 10575 SpeculateCellOperand regExp(this, node->child2()); 10576 SpeculateCellOperand replace(this, node->child3()); 10577 GPRReg stringGPR = string.gpr(); 10578 GPRReg regExpGPR = regExp.gpr(); 10579 GPRReg replaceGPR = replace.gpr(); 10580 speculateString(node->child1(), stringGPR); 10581 speculateRegExpObject(node->child2(), regExpGPR); 10582 speculateString(node->child3(), replaceGPR); 10583 10584 flushRegisters(); 10585 GPRFlushedCallResult result(this); 10586 callOperation(operationStringProtoFuncReplaceRegExpString, result.gpr(), stringGPR, regExpGPR, replaceGPR); 10587 m_jit.exceptionCheck(); 10588 cellResult(result.gpr(), node); 10589 if (sample) 10590 m_jit.decrementSuperSamplerCount(); 10591 return; 10592 } 10593 10594 // If we fixed up the edge of child2, we inserted a Check(@child2, String). 10595 OperandSpeculationMode child2SpeculationMode = AutomaticOperandSpeculation; 10596 if (node->child2().useKind() == StringUse) 10597 child2SpeculationMode = ManualOperandSpeculation; 10598 10599 JSValueOperand string(this, node->child1()); 10600 JSValueOperand search(this, node->child2(), child2SpeculationMode); 10601 JSValueOperand replace(this, node->child3()); 10602 JSValueRegs stringRegs = string.jsValueRegs(); 10603 JSValueRegs searchRegs = search.jsValueRegs(); 10604 JSValueRegs replaceRegs = replace.jsValueRegs(); 10605 10606 flushRegisters(); 10607 GPRFlushedCallResult result(this); 10608 callOperation(operationStringProtoFuncReplaceGeneric, result.gpr(), stringRegs, searchRegs, replaceRegs); 10609 m_jit.exceptionCheck(); 10610 cellResult(result.gpr(), node); 10611 if (sample) 10612 m_jit.decrementSuperSamplerCount(); 10613 } 10614 10426 10615 void SpeculativeJIT::compileLazyJSConstant(Node* node) 10427 10616 { … … 10906 11095 } 10907 11096 11097 void SpeculativeJIT::compileHasGenericProperty(Node* node) 11098 { 11099 JSValueOperand base(this, node->child1()); 11100 SpeculateCellOperand property(this, node->child2()); 11101 11102 JSValueRegs baseRegs = base.jsValueRegs(); 11103 GPRReg propertyGPR = property.gpr(); 11104 11105 flushRegisters(); 11106 JSValueRegsFlushedCallResult result(this); 11107 JSValueRegs resultRegs = result.regs(); 11108 callOperation(operationHasGenericProperty, resultRegs, baseRegs, propertyGPR); 11109 m_jit.exceptionCheck(); 11110 blessedBooleanResult(resultRegs.payloadGPR(), node); 11111 } 11112 10908 11113 void SpeculativeJIT::compileToIndexString(Node* node) 10909 11114 { … … 11228 11433 } 11229 11434 11435 void SpeculativeJIT::compileToPrimitive(Node* node) 11436 { 11437 DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse); 11438 JSValueOperand argument(this, node->child1()); 11439 JSValueRegsTemporary result(this, Reuse, argument); 11440 11441 JSValueRegs argumentRegs = argument.jsValueRegs(); 11442 JSValueRegs resultRegs = result.regs(); 11443 11444 argument.use(); 11445 11446 MacroAssembler::Jump alreadyPrimitive = m_jit.branchIfNotCell(argumentRegs); 11447 MacroAssembler::Jump notPrimitive = m_jit.branchIfObject(argumentRegs.payloadGPR()); 11448 11449 alreadyPrimitive.link(&m_jit); 11450 m_jit.moveValueRegs(argumentRegs, resultRegs); 11451 11452 addSlowPathGenerator(slowPathCall(notPrimitive, this, operationToPrimitive, resultRegs, argumentRegs)); 11453 11454 jsValueResult(resultRegs, node, DataFormatJS, UseChildrenCalledExplicitly); 11455 } 11456 11457 void SpeculativeJIT::compileLogShadowChickenPrologue(Node* node) 11458 { 11459 flushRegisters(); 11460 prepareForExternalCall(); 11461 m_jit.emitStoreCodeOrigin(node->origin.semantic); 11462 11463 GPRTemporary scratch1(this, GPRInfo::nonArgGPR0); // This must be a non-argument GPR. 11464 GPRReg scratch1Reg = scratch1.gpr(); 11465 GPRTemporary scratch2(this); 11466 GPRReg scratch2Reg = scratch2.gpr(); 11467 GPRTemporary shadowPacket(this); 11468 GPRReg shadowPacketReg = shadowPacket.gpr(); 11469 11470 m_jit.ensureShadowChickenPacket(*m_jit.vm(), shadowPacketReg, scratch1Reg, scratch2Reg); 11471 11472 SpeculateCellOperand scope(this, node->child1()); 11473 GPRReg scopeReg = scope.gpr(); 11474 11475 m_jit.logShadowChickenProloguePacket(shadowPacketReg, scratch1Reg, scopeReg); 11476 noResult(node); 11477 } 11478 11479 void SpeculativeJIT::compileLogShadowChickenTail(Node* node) 11480 { 11481 flushRegisters(); 11482 prepareForExternalCall(); 11483 CallSiteIndex callSiteIndex = m_jit.emitStoreCodeOrigin(node->origin.semantic); 11484 11485 GPRTemporary scratch1(this, GPRInfo::nonArgGPR0); // This must be a non-argument GPR. 11486 GPRReg scratch1Reg = scratch1.gpr(); 11487 GPRTemporary scratch2(this); 11488 GPRReg scratch2Reg = scratch2.gpr(); 11489 GPRTemporary shadowPacket(this); 11490 GPRReg shadowPacketReg = shadowPacket.gpr(); 11491 11492 m_jit.ensureShadowChickenPacket(*m_jit.vm(), shadowPacketReg, scratch1Reg, scratch2Reg); 11493 11494 JSValueOperand thisValue(this, node->child1()); 11495 JSValueRegs thisRegs = thisValue.jsValueRegs(); 11496 SpeculateCellOperand scope(this, node->child2()); 11497 GPRReg scopeReg = scope.gpr(); 11498 11499 m_jit.logShadowChickenTailPacket(shadowPacketReg, thisRegs, scopeReg, m_jit.codeBlock(), callSiteIndex); 11500 noResult(node); 11501 } 11502 11230 11503 void SpeculativeJIT::compileSetAdd(Node* node) 11231 11504 { -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
r226261 r226269 1348 1348 } 1349 1349 1350 JITCompiler::Call callOperation(J_JITOperation_EGReoJ operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3)1351 {1352 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);1353 return appendCallSetResult(operation, result);1354 }1355 1356 JITCompiler::Call callOperation(J_JITOperation_EGReoJss operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3)1357 {1358 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);1359 return appendCallSetResult(operation, result);1360 }1361 1362 1350 JITCompiler::Call callOperation(V_JITOperation_EWs operation, WatchpointSet* watchpointSet) 1363 1351 { … … 1571 1559 return appendCallSetResult(operation, result); 1572 1560 } 1573 JITCompiler::Call callOperation(J_JITOperation_EJssReo operation, GPRReg result, GPRReg arg1, GPRReg arg2) 1561 JITCompiler::Call callOperation(J_JITOperation_EGReoJ operation, JSValueRegs result, GPRReg arg1, GPRReg arg2, JSValueRegs arg3) 1562 { 1563 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3.payloadGPR()); 1564 return appendCallSetResult(operation, result.payloadGPR()); 1565 } 1566 JITCompiler::Call callOperation(J_JITOperation_EGReoJss operation, JSValueRegs result, GPRReg arg1, GPRReg arg2, GPRReg arg3) 1567 { 1568 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3); 1569 return appendCallSetResult(operation, result.payloadGPR()); 1570 } 1571 JITCompiler::Call callOperation(C_JITOperation_EJssReo operation, GPRReg result, GPRReg arg1, GPRReg arg2) 1574 1572 { 1575 1573 m_jit.setupArgumentsWithExecState(arg1, arg2); 1576 1574 return appendCallSetResult(operation, result); 1577 1575 } 1578 JITCompiler::Call callOperation( J_JITOperation_EJssReoJss operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3)1576 JITCompiler::Call callOperation(C_JITOperation_EJssReoJss operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3) 1579 1577 { 1580 1578 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3); … … 1827 1825 return callOperation(operation, result, arg1.gpr(), arg2.gpr()); 1828 1826 } 1829 JITCompiler::Call callOperation(S_JITOperation_EGJJ operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRRegarg3)1830 { 1831 m_jit.setupArgumentsWithExecState(arg1, arg2 , arg3);1832 return appendCallSetResult(operation, result); 1833 } 1834 JITCompiler::Call callOperation(S_JITOperation_EGReoJ operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRRegarg3)1835 { 1836 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3 );1827 JITCompiler::Call callOperation(S_JITOperation_EGJJ operation, GPRReg result, GPRReg arg1, JSValueRegs arg2, JSValueRegs arg3) 1828 { 1829 m_jit.setupArgumentsWithExecState(arg1, arg2.payloadGPR(), arg3.payloadGPR()); 1830 return appendCallSetResult(operation, result); 1831 } 1832 JITCompiler::Call callOperation(S_JITOperation_EGReoJ operation, GPRReg result, GPRReg arg1, GPRReg arg2, JSValueRegs arg3) 1833 { 1834 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3.payloadGPR()); 1837 1835 return appendCallSetResult(operation, result); 1838 1836 } … … 1873 1871 return appendCallSetResult(operation, result); 1874 1872 } 1875 JITCompiler::Call callOperation(J_JITOperation_EGJJ operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRRegarg3)1876 { 1877 m_jit.setupArgumentsWithExecState(arg1, arg2 , arg3);1878 return appendCallSetResult(operation, result );1873 JITCompiler::Call callOperation(J_JITOperation_EGJJ operation, JSValueRegs result, GPRReg arg1, JSValueRegs arg2, JSValueRegs arg3) 1874 { 1875 m_jit.setupArgumentsWithExecState(arg1, arg2.payloadGPR(), arg3.payloadGPR()); 1876 return appendCallSetResult(operation, result.payloadGPR()); 1879 1877 } 1880 1878 JITCompiler::Call callOperation(J_JITOperation_EJJ operation, GPRReg result, GPRReg arg1, int32_t imm) … … 2248 2246 return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR()); 2249 2247 } 2250 JITCompiler::Call callOperation( J_JITOperation_EJssReo operation, JSValueRegsresult, GPRReg arg1, GPRReg arg2)2248 JITCompiler::Call callOperation(C_JITOperation_EJssReo operation, GPRReg result, GPRReg arg1, GPRReg arg2) 2251 2249 { 2252 2250 m_jit.setupArgumentsWithExecState(arg1, arg2); 2253 return appendCallSetResult(operation, result .payloadGPR(), result.tagGPR());2254 } 2255 JITCompiler::Call callOperation( J_JITOperation_EJssReoJss operation, JSValueRegsresult, GPRReg arg1, GPRReg arg2, GPRReg arg3)2251 return appendCallSetResult(operation, result); 2252 } 2253 JITCompiler::Call callOperation(C_JITOperation_EJssReoJss operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3) 2256 2254 { 2257 2255 m_jit.setupArgumentsWithExecState(arg1, arg2, arg3); 2258 return appendCallSetResult(operation, result .payloadGPR(), result.tagGPR());2256 return appendCallSetResult(operation, result); 2259 2257 } 2260 2258 JITCompiler::Call callOperation(J_JITOperation_EPS operation, JSValueRegs result, void* pointer, size_t size) … … 3052 3050 void compileArrayPush(Node*); 3053 3051 void compileNotifyWrite(Node*); 3054 bool compileRegExpExec(Node*); 3052 void compileRegExpExec(Node*); 3053 void compileRegExpTest(Node*); 3054 void compileStringReplace(Node*); 3055 3055 void compileIsObjectOrNull(Node*); 3056 3056 void compileIsFunction(Node*); … … 3079 3079 void compileThrowStaticError(Node*); 3080 3080 void compileGetEnumerableLength(Node*); 3081 void compileHasGenericProperty(Node*); 3081 3082 void compileToIndexString(Node*); 3082 3083 void compilePutByIdWithThis(Node*); … … 3093 3094 void compileCreateThis(Node*); 3094 3095 void compileNewObject(Node*); 3096 void compileToPrimitive(Node*); 3097 void compileLogShadowChickenPrologue(Node*); 3098 void compileLogShadowChickenTail(Node*); 3095 3099 3096 3100 void moveTrueTo(GPRReg); -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r226261 r226269 988 988 989 989 auto setResultAndResetStack = [&] () { 990 GPRFlushedCallResult resultPayload(this); 991 GPRFlushedCallResult2 resultTag(this); 992 GPRReg resultPayloadGPR = resultPayload.gpr(); 993 GPRReg resultTagGPR = resultTag.gpr(); 994 995 m_jit.setupResults(resultPayloadGPR, resultTagGPR); 996 997 jsValueResult(resultTagGPR, resultPayloadGPR, node, DataFormatJS, UseChildrenCalledExplicitly); 990 JSValueRegsFlushedCallResult result(this); 991 JSValueRegs resultRegs = result.regs(); 992 993 m_jit.setupResults(resultRegs); 994 995 jsValueResult(resultRegs, node, DataFormatJS, UseChildrenCalledExplicitly); 998 996 // After the calls are done, we need to reestablish our stack 999 997 // pointer. We rely on this for varargs calls, calls with arity … … 2591 2589 2592 2590 flushRegisters(); 2593 GPRFlushedCallResult2 resultTag(this);2594 GPRFlushedCallResult resultPayload(this);2595 callOperation(operationGetByValCell, JSValueRegs(resultTag.gpr(), resultPayload.gpr()), baseGPR, propertyRegs);2591 JSValueRegsFlushedCallResult result(this); 2592 JSValueRegs resultRegs = result.regs(); 2593 callOperation(operationGetByValCell, resultRegs, baseGPR, propertyRegs); 2596 2594 m_jit.exceptionCheck(); 2597 2595 2598 jsValueResult(result Tag.gpr(), resultPayload.gpr(), node);2596 jsValueResult(resultRegs, node); 2599 2597 break; 2600 2598 } … … 2853 2851 JSValueRegs subscriptRegs = subscript.jsValueRegs(); 2854 2852 2855 GPRFlushedCallResult resultPayload(this);2856 GPRFlushedCallResult2 resultTag(this);2857 GPRReg resultPayloadGPR = resultPayload.gpr();2858 GPRReg resultTagGPR = resultTag.gpr();2859 2860 2853 flushRegisters(); 2861 callOperation(operationGetByValWithThis, JSValueRegs(resultTagGPR, resultPayloadGPR), baseRegs, thisValueRegs, subscriptRegs); 2854 JSValueRegsFlushedCallResult result(this); 2855 JSValueRegs resultRegs = result.regs(); 2856 callOperation(operationGetByValWithThis, resultRegs, baseRegs, thisValueRegs, subscriptRegs); 2862 2857 m_jit.exceptionCheck(); 2863 2858 2864 jsValueResult(result TagGPR, resultPayloadGPR, node);2859 jsValueResult(resultRegs, node); 2865 2860 break; 2866 2861 } … … 3165 3160 3166 3161 case RegExpExec: { 3167 SpeculateCellOperand globalObject(this, node->child1()); 3168 GPRReg globalObjectGPR = globalObject.gpr(); 3169 3170 if (node->child2().useKind() == RegExpObjectUse) { 3171 if (node->child3().useKind() == StringUse) { 3172 SpeculateCellOperand base(this, node->child2()); 3173 SpeculateCellOperand argument(this, node->child3()); 3174 GPRReg baseGPR = base.gpr(); 3175 GPRReg argumentGPR = argument.gpr(); 3176 speculateRegExpObject(node->child2(), baseGPR); 3177 speculateString(node->child3(), argumentGPR); 3178 3179 flushRegisters(); 3180 GPRFlushedCallResult2 resultTag(this); 3181 GPRFlushedCallResult resultPayload(this); 3182 callOperation( 3183 operationRegExpExecString, JSValueRegs(resultTag.gpr(), resultPayload.gpr()), 3184 globalObjectGPR, baseGPR, argumentGPR); 3185 m_jit.exceptionCheck(); 3186 3187 jsValueResult(resultTag.gpr(), resultPayload.gpr(), node); 3188 break; 3189 } 3190 3191 SpeculateCellOperand base(this, node->child2()); 3192 JSValueOperand argument(this, node->child3()); 3193 GPRReg baseGPR = base.gpr(); 3194 JSValueRegs argumentRegs = argument.jsValueRegs(); 3195 speculateRegExpObject(node->child2(), baseGPR); 3196 3197 flushRegisters(); 3198 GPRFlushedCallResult2 resultTag(this); 3199 GPRFlushedCallResult resultPayload(this); 3200 callOperation( 3201 operationRegExpExec, JSValueRegs(resultTag.gpr(), resultPayload.gpr()), globalObjectGPR, baseGPR, argumentRegs); 3202 m_jit.exceptionCheck(); 3203 3204 jsValueResult(resultTag.gpr(), resultPayload.gpr(), node); 3205 break; 3206 } 3207 3208 JSValueOperand base(this, node->child2()); 3209 JSValueOperand argument(this, node->child3()); 3210 JSValueRegs baseRegs = base.jsValueRegs(); 3211 JSValueRegs argumentRegs = argument.jsValueRegs(); 3212 3213 flushRegisters(); 3214 GPRFlushedCallResult2 resultTag(this); 3215 GPRFlushedCallResult resultPayload(this); 3216 callOperation( 3217 operationRegExpExecGeneric, JSValueRegs(resultTag.gpr(), resultPayload.gpr()), globalObjectGPR, baseRegs, argumentRegs); 3218 m_jit.exceptionCheck(); 3219 3220 jsValueResult(resultTag.gpr(), resultPayload.gpr(), node); 3162 compileRegExpExec(node); 3221 3163 break; 3222 3164 } 3223 3165 3224 3166 case RegExpTest: { 3225 SpeculateCellOperand globalObject(this, node->child1()); 3226 GPRReg globalObjectGPR = globalObject.gpr(); 3227 3228 if (node->child2().useKind() == RegExpObjectUse) { 3229 if (node->child3().useKind() == StringUse) { 3230 SpeculateCellOperand base(this, node->child2()); 3231 SpeculateCellOperand argument(this, node->child3()); 3232 GPRReg baseGPR = base.gpr(); 3233 GPRReg argumentGPR = argument.gpr(); 3234 speculateRegExpObject(node->child2(), baseGPR); 3235 speculateString(node->child3(), argumentGPR); 3236 3237 flushRegisters(); 3238 GPRFlushedCallResult result(this); 3239 callOperation( 3240 operationRegExpTestString, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 3241 m_jit.exceptionCheck(); 3242 3243 booleanResult(result.gpr(), node); 3244 break; 3245 } 3246 3247 SpeculateCellOperand base(this, node->child2()); 3248 JSValueOperand argument(this, node->child3()); 3249 GPRReg baseGPR = base.gpr(); 3250 JSValueRegs argumentRegs = argument.jsValueRegs(); 3251 speculateRegExpObject(node->child2(), baseGPR); 3252 3253 flushRegisters(); 3254 GPRFlushedCallResult result(this); 3255 callOperation( 3256 operationRegExpTest, result.gpr(), globalObjectGPR, baseGPR, argumentRegs); 3257 m_jit.exceptionCheck(); 3258 3259 booleanResult(result.gpr(), node); 3260 break; 3261 } 3262 3263 JSValueOperand base(this, node->child2()); 3264 JSValueOperand argument(this, node->child3()); 3265 JSValueRegs baseRegs = base.jsValueRegs(); 3266 JSValueRegs argumentRegs = argument.jsValueRegs(); 3267 3268 flushRegisters(); 3269 GPRFlushedCallResult result(this); 3270 callOperation( 3271 operationRegExpTestGeneric, result.gpr(), globalObjectGPR, baseRegs, argumentRegs); 3272 m_jit.exceptionCheck(); 3273 3274 booleanResult(result.gpr(), node); 3167 compileRegExpTest(node); 3275 3168 break; 3276 3169 } … … 3278 3171 case StringReplace: 3279 3172 case StringReplaceRegExp: { 3280 if (node->child1().useKind() == StringUse 3281 && node->child2().useKind() == RegExpObjectUse 3282 && node->child3().useKind() == StringUse) { 3283 if (JSString* replace = node->child3()->dynamicCastConstant<JSString*>(*m_jit.vm())) { 3284 if (!replace->length()) { 3285 SpeculateCellOperand string(this, node->child1()); 3286 SpeculateCellOperand regExp(this, node->child2()); 3287 GPRReg stringGPR = string.gpr(); 3288 GPRReg regExpGPR = regExp.gpr(); 3289 speculateString(node->child1(), stringGPR); 3290 speculateRegExpObject(node->child2(), regExpGPR); 3291 3292 flushRegisters(); 3293 GPRFlushedCallResult2 resultTag(this); 3294 GPRFlushedCallResult resultPayload(this); 3295 callOperation( 3296 operationStringProtoFuncReplaceRegExpEmptyStr, JSValueRegs(resultTag.gpr(), resultPayload.gpr()), stringGPR, regExpGPR); 3297 m_jit.exceptionCheck(); 3298 cellResult(resultPayload.gpr(), node); 3299 break; 3300 } 3301 } 3302 3303 SpeculateCellOperand string(this, node->child1()); 3304 SpeculateCellOperand regExp(this, node->child2()); 3305 SpeculateCellOperand replace(this, node->child3()); 3306 GPRReg stringGPR = string.gpr(); 3307 GPRReg regExpGPR = regExp.gpr(); 3308 GPRReg replaceGPR = replace.gpr(); 3309 speculateString(node->child1(), stringGPR); 3310 speculateRegExpObject(node->child2(), regExpGPR); 3311 speculateString(node->child3(), replaceGPR); 3312 3313 flushRegisters(); 3314 GPRFlushedCallResult2 resultTag(this); 3315 GPRFlushedCallResult resultPayload(this); 3316 callOperation( 3317 operationStringProtoFuncReplaceRegExpString, JSValueRegs(resultTag.gpr(), resultPayload.gpr()), 3318 stringGPR, regExpGPR, replaceGPR); 3319 m_jit.exceptionCheck(); 3320 cellResult(resultPayload.gpr(), node); 3321 break; 3322 } 3323 3324 // If we fixed up the edge of child2, we inserted a Check(@child2, String). 3325 OperandSpeculationMode child2SpeculationMode = AutomaticOperandSpeculation; 3326 if (node->child2().useKind() == StringUse) 3327 child2SpeculationMode = ManualOperandSpeculation; 3328 3329 JSValueOperand string(this, node->child1()); 3330 JSValueOperand search(this, node->child2(), child2SpeculationMode); 3331 JSValueOperand replace(this, node->child3()); 3332 JSValueRegs stringRegs = string.jsValueRegs(); 3333 JSValueRegs searchRegs = search.jsValueRegs(); 3334 JSValueRegs replaceRegs = replace.jsValueRegs(); 3335 3336 flushRegisters(); 3337 GPRFlushedCallResult2 resultTag(this); 3338 GPRFlushedCallResult resultPayload(this); 3339 callOperation( 3340 operationStringProtoFuncReplaceGeneric, JSValueRegs(resultTag.gpr(), resultPayload.gpr()), 3341 stringRegs, searchRegs, replaceRegs); 3342 m_jit.exceptionCheck(); 3343 cellResult(resultPayload.gpr(), node); 3173 compileStringReplace(node); 3344 3174 break; 3345 3175 } … … 3616 3446 3617 3447 case ToPrimitive: { 3618 RELEASE_ASSERT(node->child1().useKind() == UntypedUse); 3619 JSValueOperand argument(this, node->child1()); 3620 GPRTemporary resultTag(this, Reuse, argument, TagWord); 3621 GPRTemporary resultPayload(this, Reuse, argument, PayloadWord); 3622 3623 GPRReg argumentTagGPR = argument.tagGPR(); 3624 GPRReg argumentPayloadGPR = argument.payloadGPR(); 3625 GPRReg resultTagGPR = resultTag.gpr(); 3626 GPRReg resultPayloadGPR = resultPayload.gpr(); 3627 3628 argument.use(); 3629 3630 MacroAssembler::Jump alreadyPrimitive = m_jit.branchIfNotCell(argument.jsValueRegs()); 3631 MacroAssembler::Jump notPrimitive = m_jit.branchIfObject(argumentPayloadGPR); 3632 3633 alreadyPrimitive.link(&m_jit); 3634 m_jit.move(argumentTagGPR, resultTagGPR); 3635 m_jit.move(argumentPayloadGPR, resultPayloadGPR); 3636 3637 addSlowPathGenerator( 3638 slowPathCall( 3639 notPrimitive, this, operationToPrimitive, 3640 JSValueRegs(resultTagGPR, resultPayloadGPR), JSValueRegs(argumentTagGPR, argumentPayloadGPR))); 3641 3642 jsValueResult(resultTagGPR, resultPayloadGPR, node, UseChildrenCalledExplicitly); 3448 compileToPrimitive(node); 3643 3449 break; 3644 3450 } … … 4636 4442 JSValueRegs inputRegs = input.jsValueRegs(); 4637 4443 4444 flushRegisters(); 4638 4445 GPRFlushedCallResult result(this); 4639 4446 GPRReg resultGPR = result.gpr(); 4640 4641 flushRegisters();4642 4447 callOperation(operationMapHash, resultGPR, inputRegs); 4643 4448 m_jit.exceptionCheck(); … … 4655 4460 JSValueOperand key(this, node->child2()); 4656 4461 SpeculateInt32Operand hash(this, node->child3()); 4657 GPRFlushedCallResult result(this);4658 4462 4659 4463 GPRReg mapGPR = map.gpr(); 4660 4464 JSValueRegs keyRegs = key.jsValueRegs(); 4661 4465 GPRReg hashGPR = hash.gpr(); 4662 GPRReg resultGPR = result.gpr();4663 4466 4664 4467 if (node->child1().useKind() == MapObjectUse) … … 4670 4473 4671 4474 flushRegisters(); 4475 GPRFlushedCallResult result(this); 4476 GPRReg resultGPR = result.gpr(); 4672 4477 if (node->child1().useKind() == MapObjectUse) 4673 4478 callOperation(operationJSMapFindBucket, resultGPR, mapGPR, keyRegs, hashGPR); … … 4991 4796 } 4992 4797 case HasGenericProperty: { 4993 JSValueOperand base(this, node->child1()); 4994 SpeculateCellOperand property(this, node->child2()); 4995 GPRFlushedCallResult resultPayload(this); 4996 GPRFlushedCallResult2 resultTag(this); 4997 JSValueRegs baseRegs = base.jsValueRegs(); 4998 GPRReg resultPayloadGPR = resultPayload.gpr(); 4999 GPRReg resultTagGPR = resultTag.gpr(); 5000 5001 flushRegisters(); 5002 callOperation(operationHasGenericProperty, JSValueRegs(resultTagGPR, resultPayloadGPR), baseRegs, property.gpr()); 5003 m_jit.exceptionCheck(); 5004 booleanResult(resultPayloadGPR, node); 4798 compileHasGenericProperty(node); 5005 4799 break; 5006 4800 } … … 5087 4881 5088 4882 #if CPU(X86) 5089 GPRFlushedCallResult resultPayload(this);5090 GPRFlushedCallResult2 resultTag(this);5091 4883 GPRTemporary scratch(this); 5092 4884 5093 GPRReg resultTagGPR = resultTag.gpr();5094 GPRReg resultPayloadGPR = resultPayload.gpr();5095 4885 GPRReg scratchGPR = scratch.gpr(); 5096 4886 5097 4887 // Not enough registers on X86 for this code, so always use the slow path. 5098 4888 flushRegisters(); 4889 JSValueRegsFlushedCallResult result(this); 4890 JSValueRegs resultRegs = result.regs(); 5099 4891 m_jit.move(MacroAssembler::TrustedImm32(JSValue::CellTag), scratchGPR); 5100 callOperation(operationGetByValCell, JSValueRegs(resultTagGPR, resultPayloadGPR), baseGPR, JSValueRegs(scratchGPR, propertyGPR));4892 callOperation(operationGetByValCell, resultRegs, baseGPR, JSValueRegs(scratchGPR, propertyGPR)); 5101 4893 m_jit.exceptionCheck(); 5102 4894 #else 5103 GPRTemporary resultPayload(this);5104 GPRTemporary resultTag(this);5105 4895 GPRTemporary scratch(this); 5106 5107 GPRReg resultTagGPR = resultTag.gpr(); 5108 GPRReg resultPayloadGPR = resultPayload.gpr(); 4896 JSValueRegsFlushedCallResult result(this); 4897 5109 4898 GPRReg scratchGPR = scratch.gpr(); 4899 JSValueRegs resultRegs = result.regs(); 5110 4900 5111 4901 Edge& indexEdge = m_jit.graph().varArgChild(node, 2); … … 5136 4926 m_jit.move(indexGPR, scratchGPR); 5137 4927 m_jit.signExtend32ToPtr(scratchGPR, scratchGPR); 5138 m_jit.load32(MacroAssembler::BaseIndex(baseGPR, scratchGPR, MacroAssembler::TimesEight, JSObject::offsetOfInlineStorage() + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), result TagGPR);5139 m_jit.load32(MacroAssembler::BaseIndex(baseGPR, scratchGPR, MacroAssembler::TimesEight, JSObject::offsetOfInlineStorage() + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), result PayloadGPR);4928 m_jit.load32(MacroAssembler::BaseIndex(baseGPR, scratchGPR, MacroAssembler::TimesEight, JSObject::offsetOfInlineStorage() + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), resultRegs.tagGPR()); 4929 m_jit.load32(MacroAssembler::BaseIndex(baseGPR, scratchGPR, MacroAssembler::TimesEight, JSObject::offsetOfInlineStorage() + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), resultRegs.payloadGPR()); 5140 4930 5141 4931 MacroAssembler::Jump done = m_jit.jump(); … … 5147 4937 m_jit.neg32(scratchGPR); 5148 4938 m_jit.signExtend32ToPtr(scratchGPR, scratchGPR); 5149 // We use result PayloadGPRas a temporary here. We have to make sure clobber it after getting the5150 // value out of indexGPR and enumeratorGPR because result PayloadGPRcould reuse either of those registers.5151 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), result PayloadGPR);4939 // We use resultRegs.payloadGPR() as a temporary here. We have to make sure clobber it after getting the 4940 // value out of indexGPR and enumeratorGPR because resultRegs.payloadGPR() could reuse either of those registers. 4941 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), resultRegs.payloadGPR()); 5152 4942 int32_t offsetOfFirstProperty = static_cast<int32_t>(offsetInButterfly(firstOutOfLineOffset)) * sizeof(EncodedJSValue); 5153 m_jit.load32(MacroAssembler::BaseIndex(result PayloadGPR, scratchGPR, MacroAssembler::TimesEight, offsetOfFirstProperty + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), resultTagGPR);5154 m_jit.load32(MacroAssembler::BaseIndex(result PayloadGPR, scratchGPR, MacroAssembler::TimesEight, offsetOfFirstProperty + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), resultPayloadGPR);4943 m_jit.load32(MacroAssembler::BaseIndex(resultRegs.payloadGPR(), scratchGPR, MacroAssembler::TimesEight, offsetOfFirstProperty + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), resultRegs.tagGPR()); 4944 m_jit.load32(MacroAssembler::BaseIndex(resultRegs.payloadGPR(), scratchGPR, MacroAssembler::TimesEight, offsetOfFirstProperty + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), resultRegs.payloadGPR()); 5155 4945 5156 4946 done.link(&m_jit); 5157 4947 5158 addSlowPathGenerator(slowPathCall(slowPath, this, operationGetByValCell, JSValueRegs(resultTagGPR, resultPayloadGPR), baseGPR, propertyGPR));4948 addSlowPathGenerator(slowPathCall(slowPath, this, operationGetByValCell, resultRegs, baseGPR, propertyGPR)); 5159 4949 #endif 5160 4950 5161 jsValueResult(result TagGPR, resultPayloadGPR, node);4951 jsValueResult(resultRegs, node); 5162 4952 break; 5163 4953 } … … 5233 5023 5234 5024 case LogShadowChickenPrologue: { 5235 flushRegisters(); 5236 prepareForExternalCall(); 5237 m_jit.emitStoreCodeOrigin(node->origin.semantic); 5238 5239 GPRTemporary scratch1(this, GPRInfo::nonArgGPR0); // This must be a non-argument GPR. 5240 GPRReg scratch1Reg = scratch1.gpr(); 5241 GPRTemporary shadowPacket(this); 5242 GPRReg shadowPacketReg = shadowPacket.gpr(); 5243 GPRTemporary scratch2(this); 5244 GPRReg scratch2Reg = scratch2.gpr(); 5245 5246 m_jit.ensureShadowChickenPacket(*m_jit.vm(), shadowPacketReg, scratch1Reg, scratch2Reg); 5247 5248 SpeculateCellOperand scope(this, node->child1()); 5249 GPRReg scopeReg = scope.gpr(); 5250 5251 m_jit.logShadowChickenProloguePacket(shadowPacketReg, scratch1Reg, scopeReg); 5252 noResult(node); 5025 compileLogShadowChickenPrologue(node); 5253 5026 break; 5254 5027 } 5255 5028 5256 5029 case LogShadowChickenTail: { 5257 flushRegisters(); 5258 prepareForExternalCall(); 5259 CallSiteIndex callSiteIndex = m_jit.emitStoreCodeOrigin(node->origin.semantic); 5260 5261 GPRTemporary scratch1(this, GPRInfo::nonArgGPR0); // This must be a non-argument GPR. 5262 GPRReg scratch1Reg = scratch1.gpr(); 5263 GPRTemporary shadowPacket(this); 5264 GPRReg shadowPacketReg = shadowPacket.gpr(); 5265 GPRTemporary scratch2(this); 5266 GPRReg scratch2Reg = scratch2.gpr(); 5267 5268 m_jit.ensureShadowChickenPacket(*m_jit.vm(), shadowPacketReg, scratch1Reg, scratch2Reg); 5269 5270 JSValueOperand thisValue(this, node->child1()); 5271 JSValueRegs thisRegs = thisValue.jsValueRegs(); 5272 SpeculateCellOperand scope(this, node->child2()); 5273 GPRReg scopeReg = scope.gpr(); 5274 5275 m_jit.logShadowChickenTailPacket(shadowPacketReg, thisRegs, scopeReg, m_jit.codeBlock(), callSiteIndex); 5276 noResult(node); 5030 compileLogShadowChickenTail(node); 5277 5031 break; 5278 5032 } -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r226261 r226269 2447 2447 FPRReg valueFPR = value.fpr(); 2448 2448 2449 flushRegisters(); 2449 2450 GPRFlushedCallResult result(this); 2450 2451 GPRReg resultGPR = result.gpr(); 2451 2452 flushRegisters();2453 2454 2452 callOperation(operationConvertDoubleToInt52, resultGPR, valueFPR); 2455 2453 … … 2935 2933 GPRReg subscriptGPR = subscript.gpr(); 2936 2934 2935 flushRegisters(); 2937 2936 GPRFlushedCallResult result(this); 2938 2937 GPRReg resultGPR = result.gpr(); 2939 2940 flushRegisters();2941 2938 callOperation(operationGetByValWithThis, resultGPR, baseGPR, thisValueGPR, subscriptGPR); 2942 2939 m_jit.exceptionCheck(); … … 3256 3253 } 3257 3254 3255 flushRegisters(); 3258 3256 GPRFlushedCallResult result(this); 3259 3257 resultGPR = result.gpr(); 3260 3261 flushRegisters();3262 3258 callSlowPath(); 3263 3259 m_jit.exceptionCheck(); … … 3405 3401 JSValueOperand operand(this, node->child1()); 3406 3402 GPRReg operandGPR = operand.gpr(); 3403 flushRegisters(); 3407 3404 GPRFlushedCallResult result(this); 3408 3405 GPRReg resultGPR = result.gpr(); 3409 flushRegisters();3410 3406 callOperation(operationAtomicsIsLockFree, resultGPR, operandGPR); 3411 3407 m_jit.exceptionCheck(); … … 3430 3426 3431 3427 case RegExpExec: { 3432 bool sample = false; 3433 3434 if (sample) 3435 m_jit.incrementSuperSamplerCount(); 3436 3437 SpeculateCellOperand globalObject(this, node->child1()); 3438 GPRReg globalObjectGPR = globalObject.gpr(); 3439 3440 if (node->child2().useKind() == RegExpObjectUse) { 3441 if (node->child3().useKind() == StringUse) { 3442 SpeculateCellOperand base(this, node->child2()); 3443 SpeculateCellOperand argument(this, node->child3()); 3444 GPRReg baseGPR = base.gpr(); 3445 GPRReg argumentGPR = argument.gpr(); 3446 speculateRegExpObject(node->child2(), baseGPR); 3447 speculateString(node->child3(), argumentGPR); 3448 3449 flushRegisters(); 3450 GPRFlushedCallResult result(this); 3451 callOperation(operationRegExpExecString, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 3452 m_jit.exceptionCheck(); 3453 3454 jsValueResult(result.gpr(), node); 3455 3456 if (sample) 3457 m_jit.decrementSuperSamplerCount(); 3458 break; 3459 } 3460 3461 SpeculateCellOperand base(this, node->child2()); 3462 JSValueOperand argument(this, node->child3()); 3463 GPRReg baseGPR = base.gpr(); 3464 GPRReg argumentGPR = argument.gpr(); 3465 speculateRegExpObject(node->child2(), baseGPR); 3466 3467 flushRegisters(); 3468 GPRFlushedCallResult result(this); 3469 callOperation(operationRegExpExec, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 3470 m_jit.exceptionCheck(); 3471 3472 jsValueResult(result.gpr(), node); 3473 3474 if (sample) 3475 m_jit.decrementSuperSamplerCount(); 3476 break; 3477 } 3478 3479 JSValueOperand base(this, node->child2()); 3480 JSValueOperand argument(this, node->child3()); 3481 GPRReg baseGPR = base.gpr(); 3482 GPRReg argumentGPR = argument.gpr(); 3483 3484 flushRegisters(); 3485 GPRFlushedCallResult result(this); 3486 callOperation(operationRegExpExecGeneric, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 3487 m_jit.exceptionCheck(); 3488 3489 jsValueResult(result.gpr(), node); 3490 3491 if (sample) 3492 m_jit.decrementSuperSamplerCount(); 3428 compileRegExpExec(node); 3493 3429 break; 3494 3430 } 3495 3431 3496 3432 case RegExpTest: { 3497 SpeculateCellOperand globalObject(this, node->child1()); 3498 GPRReg globalObjectGPR = globalObject.gpr(); 3499 3500 if (node->child2().useKind() == RegExpObjectUse) { 3501 if (node->child3().useKind() == StringUse) { 3502 SpeculateCellOperand base(this, node->child2()); 3503 SpeculateCellOperand argument(this, node->child3()); 3504 GPRReg baseGPR = base.gpr(); 3505 GPRReg argumentGPR = argument.gpr(); 3506 speculateRegExpObject(node->child2(), baseGPR); 3507 speculateString(node->child3(), argumentGPR); 3508 3509 flushRegisters(); 3510 GPRFlushedCallResult result(this); 3511 callOperation(operationRegExpTestString, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 3512 m_jit.exceptionCheck(); 3513 3514 m_jit.or32(TrustedImm32(ValueFalse), result.gpr()); 3515 jsValueResult(result.gpr(), node); 3516 break; 3517 } 3518 3519 SpeculateCellOperand base(this, node->child2()); 3520 JSValueOperand argument(this, node->child3()); 3521 GPRReg baseGPR = base.gpr(); 3522 GPRReg argumentGPR = argument.gpr(); 3523 speculateRegExpObject(node->child2(), baseGPR); 3524 3525 flushRegisters(); 3526 GPRFlushedCallResult result(this); 3527 callOperation(operationRegExpTest, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 3528 m_jit.exceptionCheck(); 3529 3530 m_jit.or32(TrustedImm32(ValueFalse), result.gpr()); 3531 jsValueResult(result.gpr(), node); 3532 break; 3533 } 3534 3535 JSValueOperand base(this, node->child2()); 3536 JSValueOperand argument(this, node->child3()); 3537 GPRReg baseGPR = base.gpr(); 3538 GPRReg argumentGPR = argument.gpr(); 3539 3540 flushRegisters(); 3541 GPRFlushedCallResult result(this); 3542 callOperation(operationRegExpTestGeneric, result.gpr(), globalObjectGPR, baseGPR, argumentGPR); 3543 m_jit.exceptionCheck(); 3544 3545 m_jit.or32(TrustedImm32(ValueFalse), result.gpr()); 3546 jsValueResult(result.gpr(), node, DataFormatJSBoolean); 3433 compileRegExpTest(node); 3547 3434 break; 3548 3435 } … … 3550 3437 case StringReplace: 3551 3438 case StringReplaceRegExp: { 3552 bool sample = false; 3553 3554 if (sample) 3555 m_jit.incrementSuperSamplerCount(); 3556 3557 if (node->child1().useKind() == StringUse 3558 && node->child2().useKind() == RegExpObjectUse 3559 && node->child3().useKind() == StringUse) { 3560 if (JSString* replace = node->child3()->dynamicCastConstant<JSString*>(*m_jit.vm())) { 3561 if (!replace->length()) { 3562 SpeculateCellOperand string(this, node->child1()); 3563 SpeculateCellOperand regExp(this, node->child2()); 3564 GPRReg stringGPR = string.gpr(); 3565 GPRReg regExpGPR = regExp.gpr(); 3566 speculateString(node->child1(), stringGPR); 3567 speculateRegExpObject(node->child2(), regExpGPR); 3568 3569 flushRegisters(); 3570 GPRFlushedCallResult result(this); 3571 callOperation( 3572 operationStringProtoFuncReplaceRegExpEmptyStr, result.gpr(), stringGPR, 3573 regExpGPR); 3574 m_jit.exceptionCheck(); 3575 cellResult(result.gpr(), node); 3576 if (sample) 3577 m_jit.decrementSuperSamplerCount(); 3578 break; 3579 } 3580 } 3581 3582 SpeculateCellOperand string(this, node->child1()); 3583 SpeculateCellOperand regExp(this, node->child2()); 3584 SpeculateCellOperand replace(this, node->child3()); 3585 GPRReg stringGPR = string.gpr(); 3586 GPRReg regExpGPR = regExp.gpr(); 3587 GPRReg replaceGPR = replace.gpr(); 3588 speculateString(node->child1(), stringGPR); 3589 speculateRegExpObject(node->child2(), regExpGPR); 3590 speculateString(node->child3(), replaceGPR); 3591 3592 flushRegisters(); 3593 GPRFlushedCallResult result(this); 3594 callOperation( 3595 operationStringProtoFuncReplaceRegExpString, result.gpr(), stringGPR, regExpGPR, 3596 replaceGPR); 3597 m_jit.exceptionCheck(); 3598 cellResult(result.gpr(), node); 3599 if (sample) 3600 m_jit.decrementSuperSamplerCount(); 3601 break; 3602 } 3603 3604 // If we fixed up the edge of child2, we inserted a Check(@child2, String). 3605 OperandSpeculationMode child2SpeculationMode = AutomaticOperandSpeculation; 3606 if (node->child2().useKind() == StringUse) 3607 child2SpeculationMode = ManualOperandSpeculation; 3608 3609 JSValueOperand string(this, node->child1()); 3610 JSValueOperand search(this, node->child2(), child2SpeculationMode); 3611 JSValueOperand replace(this, node->child3()); 3612 GPRReg stringGPR = string.gpr(); 3613 GPRReg searchGPR = search.gpr(); 3614 GPRReg replaceGPR = replace.gpr(); 3615 3616 flushRegisters(); 3617 GPRFlushedCallResult result(this); 3618 callOperation( 3619 operationStringProtoFuncReplaceGeneric, result.gpr(), stringGPR, searchGPR, 3620 replaceGPR); 3621 m_jit.exceptionCheck(); 3622 cellResult(result.gpr(), node); 3623 if (sample) 3624 m_jit.decrementSuperSamplerCount(); 3439 compileStringReplace(node); 3625 3440 break; 3626 3441 } … … 3846 3661 3847 3662 case ToPrimitive: { 3848 DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse); 3849 JSValueOperand argument(this, node->child1()); 3850 GPRTemporary result(this, Reuse, argument); 3851 3852 GPRReg argumentGPR = argument.gpr(); 3853 GPRReg resultGPR = result.gpr(); 3854 3855 argument.use(); 3856 3857 MacroAssembler::Jump alreadyPrimitive = m_jit.branchIfNotCell(JSValueRegs(argumentGPR)); 3858 MacroAssembler::Jump notPrimitive = m_jit.branchIfObject(argumentGPR); 3859 3860 alreadyPrimitive.link(&m_jit); 3861 m_jit.move(argumentGPR, resultGPR); 3862 3863 addSlowPathGenerator( 3864 slowPathCall(notPrimitive, this, operationToPrimitive, resultGPR, argumentGPR)); 3865 3866 jsValueResult(resultGPR, node, UseChildrenCalledExplicitly); 3663 compileToPrimitive(node); 3867 3664 break; 3868 3665 } … … 5453 5250 } 5454 5251 case HasGenericProperty: { 5455 JSValueOperand base(this, node->child1()); 5456 SpeculateCellOperand property(this, node->child2()); 5457 5458 JSValueRegs baseRegs = base.jsValueRegs(); 5459 GPRReg propertyGPR = property.gpr(); 5460 5461 flushRegisters(); 5462 GPRFlushedCallResult result(this); 5463 GPRReg resultGPR = result.gpr(); 5464 callOperation(operationHasGenericProperty, resultGPR, baseRegs, propertyGPR); 5465 m_jit.exceptionCheck(); 5466 jsValueResult(resultGPR, node, DataFormatJSBoolean); 5252 compileHasGenericProperty(node); 5467 5253 break; 5468 5254 } … … 5702 5488 5703 5489 case LogShadowChickenPrologue: { 5704 flushRegisters(); 5705 prepareForExternalCall(); 5706 m_jit.emitStoreCodeOrigin(node->origin.semantic); 5707 5708 GPRTemporary scratch1(this, GPRInfo::nonArgGPR0); // This must be a non-argument GPR. 5709 GPRReg scratch1Reg = scratch1.gpr(); 5710 GPRTemporary scratch2(this); 5711 GPRReg scratch2Reg = scratch2.gpr(); 5712 GPRTemporary shadowPacket(this); 5713 GPRReg shadowPacketReg = shadowPacket.gpr(); 5714 5715 m_jit.ensureShadowChickenPacket(*m_jit.vm(), shadowPacketReg, scratch1Reg, scratch2Reg); 5716 5717 SpeculateCellOperand scope(this, node->child1()); 5718 GPRReg scopeReg = scope.gpr(); 5719 5720 m_jit.logShadowChickenProloguePacket(shadowPacketReg, scratch1Reg, scopeReg); 5721 noResult(node); 5490 compileLogShadowChickenPrologue(node); 5722 5491 break; 5723 5492 } 5724 5493 5725 5494 case LogShadowChickenTail: { 5726 flushRegisters(); 5727 prepareForExternalCall(); 5728 CallSiteIndex callSiteIndex = m_jit.emitStoreCodeOrigin(node->origin.semantic); 5729 5730 GPRTemporary scratch1(this, GPRInfo::nonArgGPR0); // This must be a non-argument GPR. 5731 GPRReg scratch1Reg = scratch1.gpr(); 5732 GPRTemporary scratch2(this); 5733 GPRReg scratch2Reg = scratch2.gpr(); 5734 GPRTemporary shadowPacket(this); 5735 GPRReg shadowPacketReg = shadowPacket.gpr(); 5736 5737 m_jit.ensureShadowChickenPacket(*m_jit.vm(), shadowPacketReg, scratch1Reg, scratch2Reg); 5738 5739 JSValueOperand thisValue(this, node->child1()); 5740 JSValueRegs thisRegs = JSValueRegs(thisValue.gpr()); 5741 SpeculateCellOperand scope(this, node->child2()); 5742 GPRReg scopeReg = scope.gpr(); 5743 5744 m_jit.logShadowChickenTailPacket(shadowPacketReg, thisRegs, scopeReg, m_jit.codeBlock(), callSiteIndex); 5745 noResult(node); 5495 compileLogShadowChickenTail(node); 5746 5496 break; 5747 5497 } … … 5976 5726 FPRReg valueFPR = value.fpr(); 5977 5727 5728 flushRegisters(); 5978 5729 GPRFlushedCallResult result(this); 5979 5730 GPRReg resultGPR = result.gpr(); 5980 5981 flushRegisters();5982 5983 5731 callOperation(operationConvertDoubleToInt52, resultGPR, valueFPR); 5984 5732 -
trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
r226209 r226269 10321 10321 10322 10322 LValue result = vmCall( 10323 Int64, m_out.operation(operationStringProtoFuncReplaceRegExpEmptyStr),10323 pointerType(), m_out.operation(operationStringProtoFuncReplaceRegExpEmptyStr), 10324 10324 m_callFrame, string, regExp); 10325 10325 … … 10334 10334 10335 10335 LValue result = vmCall( 10336 Int64, m_out.operation(operationStringProtoFuncReplaceRegExpString),10336 pointerType(), m_out.operation(operationStringProtoFuncReplaceRegExpString), 10337 10337 m_callFrame, string, regExp, replace); 10338 10338 … … 10348 10348 10349 10349 LValue result = vmCall( 10350 Int64, m_out.operation(operationStringProtoFuncReplaceGeneric), m_callFrame,10350 pointerType(), m_out.operation(operationStringProtoFuncReplaceGeneric), m_callFrame, 10351 10351 lowJSValue(m_node->child1()), search, 10352 10352 lowJSValue(m_node->child3())); -
trunk/Source/JavaScriptCore/jit/JITOperations.cpp
r226209 r226269 59 59 #include "JSGlobalObjectFunctions.h" 60 60 #include "JSLexicalEnvironment.h" 61 #include "JSPropertyNameEnumerator.h"62 61 #include "JSWithScope.h" 63 62 #include "ModuleProgramCodeBlock.h" … … 2373 2372 } 2374 2373 2375 EncodedJSValue JIT_OPERATION operationHasGenericProperty(ExecState* exec, EncodedJSValue encodedBaseValue, JSCell* propertyName)2376 {2377 VM& vm = exec->vm();2378 NativeCallFrameTracer tracer(&vm, exec);2379 JSValue baseValue = JSValue::decode(encodedBaseValue);2380 if (baseValue.isUndefinedOrNull())2381 return JSValue::encode(jsBoolean(false));2382 2383 JSObject* base = baseValue.toObject(exec);2384 if (!base)2385 return JSValue::encode(JSValue());2386 return JSValue::encode(jsBoolean(base->hasPropertyGeneric(exec, asString(propertyName)->toIdentifier(exec), PropertySlot::InternalMethodType::GetOwnProperty)));2387 }2388 2389 JSCell* JIT_OPERATION operationGetPropertyEnumeratorCell(ExecState* exec, JSCell* cell)2390 {2391 VM& vm = exec->vm();2392 NativeCallFrameTracer tracer(&vm, exec);2393 auto scope = DECLARE_THROW_SCOPE(vm);2394 2395 JSObject* base = cell->toObject(exec, exec->lexicalGlobalObject());2396 RETURN_IF_EXCEPTION(scope, { });2397 2398 scope.release();2399 return propertyNameEnumerator(exec, base);2400 }2401 2402 JSCell* JIT_OPERATION operationGetPropertyEnumerator(ExecState* exec, EncodedJSValue encodedBase)2403 {2404 VM& vm = exec->vm();2405 NativeCallFrameTracer tracer(&vm, exec);2406 auto scope = DECLARE_THROW_SCOPE(vm);2407 2408 JSValue base = JSValue::decode(encodedBase);2409 if (base.isUndefinedOrNull())2410 return JSPropertyNameEnumerator::create(vm);2411 2412 JSObject* baseObject = base.toObject(exec);2413 RETURN_IF_EXCEPTION(scope, { });2414 2415 scope.release();2416 return propertyNameEnumerator(exec, baseObject);2417 }2418 2419 EncodedJSValue JIT_OPERATION operationNextEnumeratorPname(ExecState* exec, JSCell* enumeratorCell, int32_t index)2420 {2421 VM& vm = exec->vm();2422 NativeCallFrameTracer tracer(&vm, exec);2423 JSPropertyNameEnumerator* enumerator = jsCast<JSPropertyNameEnumerator*>(enumeratorCell);2424 JSString* propertyName = enumerator->propertyNameAtIndex(index);2425 return JSValue::encode(propertyName ? propertyName : jsNull());2426 }2427 2428 JSCell* JIT_OPERATION operationToIndexString(ExecState* exec, int32_t index)2429 {2430 VM& vm = exec->vm();2431 NativeCallFrameTracer tracer(&vm, exec);2432 return jsString(exec, Identifier::from(exec, index).string());2433 }2434 2435 2374 ALWAYS_INLINE static EncodedJSValue unprofiledAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) 2436 2375 { -
trunk/Source/JavaScriptCore/jit/JITOperations.h
r226208 r226269 221 221 typedef JSCell* (JIT_OPERATION *C_JITOperation_ECJ)(ExecState*, JSCell*, EncodedJSValue); 222 222 typedef JSCell* (JIT_OPERATION *C_JITOperation_ECO)(ExecState*, JSCell*, JSObject*); 223 typedef JSCell* (JIT_OPERATION *C_JITOperation_EJssReo)(ExecState*, JSString*, RegExpObject*); 224 typedef JSCell* (JIT_OPERATION *C_JITOperation_EJssReoJss)(ExecState*, JSString*, RegExpObject*, JSString*); 223 225 typedef double (JIT_OPERATION *D_JITOperation_D)(double); 224 226 typedef double (JIT_OPERATION *D_JITOperation_G)(JSGlobalObject*); … … 461 463 int32_t JIT_OPERATION operationInstanceOfCustom(ExecState*, EncodedJSValue encodedValue, JSObject* constructor, EncodedJSValue encodedHasInstance) WTF_INTERNAL; 462 464 463 EncodedJSValue JIT_OPERATION operationHasGenericProperty(ExecState*, EncodedJSValue, JSCell*);464 JSCell* JIT_OPERATION operationGetPropertyEnumeratorCell(ExecState*, JSCell*);465 JSCell* JIT_OPERATION operationGetPropertyEnumerator(ExecState*, EncodedJSValue);466 EncodedJSValue JIT_OPERATION operationNextEnumeratorPname(ExecState*, JSCell*, int32_t);467 JSCell* JIT_OPERATION operationToIndexString(ExecState*, int32_t);468 469 465 EncodedJSValue JIT_OPERATION operationValueAdd(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL; 470 466 EncodedJSValue JIT_OPERATION operationValueAddProfiled(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*) WTF_INTERNAL; -
trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp
r225150 r226269 308 308 }; 309 309 310 static ALWAYS_INLINE JS ValuejsSpliceSubstrings(ExecState* exec, JSString* sourceVal, const String& source, const StringRange* substringRanges, int rangeCount)310 static ALWAYS_INLINE JSString* jsSpliceSubstrings(ExecState* exec, JSString* sourceVal, const String& source, const StringRange* substringRanges, int rangeCount) 311 311 { 312 312 VM& vm = exec->vm(); … … 335 335 const LChar* sourceData = source.characters8(); 336 336 auto impl = StringImpl::tryCreateUninitialized(totalLength, buffer); 337 if (!impl) 338 return throwOutOfMemoryError(exec, scope); 337 if (!impl) { 338 throwOutOfMemoryError(exec, scope); 339 return nullptr; 340 } 339 341 340 342 int bufferPos = 0; … … 354 356 355 357 auto impl = StringImpl::tryCreateUninitialized(totalLength, buffer); 356 if (!impl) 357 return throwOutOfMemoryError(exec, scope); 358 if (!impl) { 359 throwOutOfMemoryError(exec, scope); 360 return nullptr; 361 } 358 362 359 363 int bufferPos = 0; … … 369 373 } 370 374 371 static ALWAYS_INLINE JS ValuejsSpliceSubstringsWithSeparators(ExecState* exec, JSString* sourceVal, const String& source, const StringRange* substringRanges, int rangeCount, const String* separators, int separatorCount)375 static ALWAYS_INLINE JSString* jsSpliceSubstringsWithSeparators(ExecState* exec, JSString* sourceVal, const String& source, const StringRange* substringRanges, int rangeCount, const String* separators, int separatorCount) 372 376 { 373 377 VM& vm = exec->vm(); … … 394 398 allSeparators8Bit = false; 395 399 } 396 if (totalLength.hasOverflowed()) 397 return throwOutOfMemoryError(exec, scope); 400 if (totalLength.hasOverflowed()) { 401 throwOutOfMemoryError(exec, scope); 402 return nullptr; 403 } 398 404 399 405 if (!totalLength) … … 405 411 406 412 auto impl = StringImpl::tryCreateUninitialized(totalLength.unsafeGet(), buffer); 407 if (!impl) 408 return throwOutOfMemoryError(exec, scope); 413 if (!impl) { 414 throwOutOfMemoryError(exec, scope); 415 return nullptr; 416 } 409 417 410 418 int maxCount = std::max(rangeCount, separatorCount); … … 431 439 UChar* buffer; 432 440 auto impl = StringImpl::tryCreateUninitialized(totalLength.unsafeGet(), buffer); 433 if (!impl) 434 return throwOutOfMemoryError(exec, scope); 441 if (!impl) { 442 throwOutOfMemoryError(exec, scope); 443 return nullptr; 444 } 435 445 436 446 int maxCount = std::max(rangeCount, separatorCount); … … 464 474 do { \ 465 475 throwOutOfMemoryError(exec__, scope__); \ 466 return encodedJSValue(); \476 return nullptr; \ 467 477 } while (false) 468 478 469 static ALWAYS_INLINE EncodedJSValueremoveUsingRegExpSearch(VM& vm, ExecState* exec, JSString* string, const String& source, RegExp* regExp)479 static ALWAYS_INLINE JSString* removeUsingRegExpSearch(VM& vm, ExecState* exec, JSString* string, const String& source, RegExp* regExp) 470 480 { 471 481 auto scope = DECLARE_THROW_SCOPE(vm); … … 500 510 501 511 if (!lastIndex) 502 return JSValue::encode(string);512 return string; 503 513 504 514 if (static_cast<unsigned>(lastIndex) < sourceLen) { … … 507 517 } 508 518 scope.release(); 509 return JSValue::encode(jsSpliceSubstrings(exec, string, source, sourceRanges.data(), sourceRanges.size()));510 } 511 512 static ALWAYS_INLINE EncodedJSValuereplaceUsingRegExpSearch(519 return jsSpliceSubstrings(exec, string, source, sourceRanges.data(), sourceRanges.size()); 520 } 521 522 static ALWAYS_INLINE JSString* replaceUsingRegExpSearch( 513 523 VM& vm, ExecState* exec, JSString* string, JSValue searchValue, CallData& callData, 514 524 CallType callType, String& replacementString, JSValue replaceValue) … … 518 528 const String& source = string->value(exec); 519 529 unsigned sourceLen = source.length(); 520 RETURN_IF_EXCEPTION(scope, encodedJSValue());530 RETURN_IF_EXCEPTION(scope, nullptr); 521 531 RegExpObject* regExpObject = asRegExpObject(searchValue); 522 532 RegExp* regExp = regExpObject->regExp(); … … 527 537 // ES5.1 15.5.4.10 step 8.a. 528 538 regExpObject->setLastIndex(exec, 0); 529 RETURN_IF_EXCEPTION(scope, encodedJSValue());539 RETURN_IF_EXCEPTION(scope, nullptr); 530 540 531 541 if (callType == CallType::None && !replacementString.length()) { … … 551 561 JSFunction* func = jsCast<JSFunction*>(replaceValue); 552 562 CachedCall cachedCall(exec, func, argCount); 553 RETURN_IF_EXCEPTION(scope, encodedJSValue());563 RETURN_IF_EXCEPTION(scope, nullptr); 554 564 if (source.is8Bit()) { 555 565 while (true) { … … 600 610 if (UNLIKELY(cachedCall.hasOverflowedArguments())) { 601 611 throwOutOfMemoryError(exec, scope); 602 return encodedJSValue();612 return nullptr; 603 613 } 604 614 605 615 JSValue jsResult = cachedCall.call(); 606 RETURN_IF_EXCEPTION(scope, encodedJSValue());616 RETURN_IF_EXCEPTION(scope, nullptr); 607 617 replacements.append(jsResult.toWTFString(exec)); 608 RETURN_IF_EXCEPTION(scope, encodedJSValue());618 RETURN_IF_EXCEPTION(scope, nullptr); 609 619 610 620 lastIndex = result.end; … … 666 676 if (UNLIKELY(cachedCall.hasOverflowedArguments())) { 667 677 throwOutOfMemoryError(exec, scope); 668 return encodedJSValue();678 return nullptr; 669 679 } 670 680 671 681 JSValue jsResult = cachedCall.call(); 672 RETURN_IF_EXCEPTION(scope, encodedJSValue());682 RETURN_IF_EXCEPTION(scope, nullptr); 673 683 replacements.append(jsResult.toWTFString(exec)); 674 RETURN_IF_EXCEPTION(scope, encodedJSValue());684 RETURN_IF_EXCEPTION(scope, nullptr); 675 685 676 686 lastIndex = result.end; … … 731 741 if (UNLIKELY(args.hasOverflowed())) { 732 742 throwOutOfMemoryError(exec, scope); 733 return encodedJSValue();743 return nullptr; 734 744 } 735 745 736 746 JSValue replacement = call(exec, replaceValue, callType, callData, jsUndefined(), args); 737 RETURN_IF_EXCEPTION(scope, encodedJSValue());747 RETURN_IF_EXCEPTION(scope, nullptr); 738 748 String replacementString = replacement.toWTFString(exec); 739 RETURN_IF_EXCEPTION(scope, encodedJSValue());749 RETURN_IF_EXCEPTION(scope, nullptr); 740 750 replacements.append(replacementString); 741 RETURN_IF_EXCEPTION(scope, encodedJSValue());751 RETURN_IF_EXCEPTION(scope, nullptr); 742 752 } else { 743 753 int replLen = replacementString.length(); … … 766 776 767 777 if (!lastIndex && replacements.isEmpty()) 768 return JSValue::encode(string);778 return string; 769 779 770 780 if (static_cast<unsigned>(lastIndex) < sourceLen) { … … 773 783 } 774 784 scope.release(); 775 return JSValue::encode(jsSpliceSubstringsWithSeparators(exec, string, source, sourceRanges.data(), sourceRanges.size(), replacements.data(), replacements.size()));776 } 777 778 EncodedJSValueJIT_OPERATION operationStringProtoFuncReplaceRegExpEmptyStr(785 return jsSpliceSubstringsWithSeparators(exec, string, source, sourceRanges.data(), sourceRanges.size(), replacements.data(), replacements.size()); 786 } 787 788 JSCell* JIT_OPERATION operationStringProtoFuncReplaceRegExpEmptyStr( 779 789 ExecState* exec, JSString* thisValue, RegExpObject* searchValue) 780 790 { … … 787 797 // ES5.1 15.5.4.10 step 8.a. 788 798 searchValue->setLastIndex(exec, 0); 789 RETURN_IF_EXCEPTION(scope, encodedJSValue());799 RETURN_IF_EXCEPTION(scope, nullptr); 790 800 scope.release(); 791 801 return removeUsingRegExpSearch(vm, exec, thisValue, thisValue->value(exec), regExp); … … 799 809 } 800 810 801 EncodedJSValueJIT_OPERATION operationStringProtoFuncReplaceRegExpString(811 JSCell* JIT_OPERATION operationStringProtoFuncReplaceRegExpString( 802 812 ExecState* exec, JSString* thisValue, RegExpObject* searchValue, JSString* replaceString) 803 813 { … … 811 821 } 812 822 813 static ALWAYS_INLINE EncodedJSValuereplaceUsingRegExpSearch(VM& vm, ExecState* exec, JSString* string, JSValue searchValue, JSValue replaceValue)823 static ALWAYS_INLINE JSString* replaceUsingRegExpSearch(VM& vm, ExecState* exec, JSString* string, JSValue searchValue, JSValue replaceValue) 814 824 { 815 825 auto scope = DECLARE_THROW_SCOPE(vm); … … 820 830 if (callType == CallType::None) { 821 831 replacementString = replaceValue.toWTFString(exec); 822 RETURN_IF_EXCEPTION(scope, encodedJSValue());832 RETURN_IF_EXCEPTION(scope, nullptr); 823 833 } 824 834 … … 828 838 } 829 839 830 static ALWAYS_INLINE EncodedJSValuereplaceUsingStringSearch(VM& vm, ExecState* exec, JSString* jsString, JSValue searchValue, JSValue replaceValue)840 static ALWAYS_INLINE JSString* replaceUsingStringSearch(VM& vm, ExecState* exec, JSString* jsString, JSValue searchValue, JSValue replaceValue) 831 841 { 832 842 auto scope = DECLARE_THROW_SCOPE(vm); 833 843 834 844 const String& string = jsString->value(exec); 835 RETURN_IF_EXCEPTION(scope, encodedJSValue());845 RETURN_IF_EXCEPTION(scope, nullptr); 836 846 String searchString = searchValue.toWTFString(exec); 837 RETURN_IF_EXCEPTION(scope, encodedJSValue());847 RETURN_IF_EXCEPTION(scope, nullptr); 838 848 839 849 size_t matchStart = string.find(searchString); 840 850 841 851 if (matchStart == notFound) 842 return JSValue::encode(jsString);852 return jsString; 843 853 844 854 CallData callData; … … 851 861 ASSERT(!args.hasOverflowed()); 852 862 replaceValue = call(exec, replaceValue, callType, callData, jsUndefined(), args); 853 RETURN_IF_EXCEPTION(scope, encodedJSValue());863 RETURN_IF_EXCEPTION(scope, nullptr); 854 864 } 855 865 856 866 String replaceString = replaceValue.toWTFString(exec); 857 RETURN_IF_EXCEPTION(scope, encodedJSValue());867 RETURN_IF_EXCEPTION(scope, nullptr); 858 868 859 869 StringImpl* stringImpl = string.impl(); … … 867 877 String rightPart(StringImpl::createSubstringSharingImpl(*stringImpl, matchEnd, leftLength)); 868 878 scope.release(); 869 return JS Value::encode(JSC::jsString(exec, leftPart, middlePart, rightPart));879 return JSC::jsString(exec, leftPart, middlePart, rightPart); 870 880 } 871 881 … … 937 947 } 938 948 939 ALWAYS_INLINE EncodedJSValuereplace(949 ALWAYS_INLINE JSString* replace( 940 950 VM& vm, ExecState* exec, JSString* string, JSValue searchValue, JSValue replaceValue) 941 951 { … … 945 955 } 946 956 947 ALWAYS_INLINE EncodedJSValuereplace(957 ALWAYS_INLINE JSString* replace( 948 958 VM& vm, ExecState* exec, JSValue thisValue, JSValue searchValue, JSValue replaceValue) 949 959 { 950 960 auto scope = DECLARE_THROW_SCOPE(vm); 951 961 952 if (!checkObjectCoercible(thisValue)) 953 return throwVMTypeError(exec, scope); 962 if (!checkObjectCoercible(thisValue)) { 963 throwVMTypeError(exec, scope); 964 return nullptr; 965 } 954 966 JSString* string = thisValue.toString(exec); 955 RETURN_IF_EXCEPTION(scope, encodedJSValue());967 RETURN_IF_EXCEPTION(scope, nullptr); 956 968 scope.release(); 957 969 return replace(vm, exec, string, searchValue, replaceValue); … … 971 983 972 984 scope.release(); 973 return replaceUsingRegExpSearch(vm, exec, string, searchValue, exec->argument(1));985 return JSValue::encode(replaceUsingRegExpSearch(vm, exec, string, searchValue, exec->argument(1))); 974 986 } 975 987 … … 983 995 984 996 scope.release(); 985 return replaceUsingStringSearch(vm, exec, string, exec->argument(0), exec->argument(1));986 } 987 988 EncodedJSValueJIT_OPERATION operationStringProtoFuncReplaceGeneric(997 return JSValue::encode(replaceUsingStringSearch(vm, exec, string, exec->argument(0), exec->argument(1))); 998 } 999 1000 JSCell* JIT_OPERATION operationStringProtoFuncReplaceGeneric( 989 1001 ExecState* exec, EncodedJSValue thisValue, EncodedJSValue searchValue, 990 1002 EncodedJSValue replaceValue) -
trunk/Source/JavaScriptCore/runtime/StringPrototype.h
r206525 r226269 51 51 }; 52 52 53 EncodedJSValueJIT_OPERATION operationStringProtoFuncReplaceGeneric(53 JSCell* JIT_OPERATION operationStringProtoFuncReplaceGeneric( 54 54 ExecState*, EncodedJSValue thisValue, EncodedJSValue searchValue, EncodedJSValue replaceValue); 55 55 56 EncodedJSValueJIT_OPERATION operationStringProtoFuncReplaceRegExpEmptyStr(56 JSCell* JIT_OPERATION operationStringProtoFuncReplaceRegExpEmptyStr( 57 57 ExecState*, JSString* thisValue, RegExpObject* searchValue); 58 58 59 EncodedJSValueJIT_OPERATION operationStringProtoFuncReplaceRegExpString(59 JSCell* JIT_OPERATION operationStringProtoFuncReplaceRegExpString( 60 60 ExecState*, JSString* thisValue, RegExpObject* searchValue, JSString* replaceValue); 61 61
Note: See TracChangeset
for help on using the changeset viewer.
