Changeset 240248 in webkit


Ignore:
Timestamp:
Jan 21, 2019 9:28:35 PM (5 years ago)
Author:
yusukesuzuki@slowstart.org
Message:

Unreviewed, roll out r240220 due to date-format-xparb regression
https://bugs.webkit.org/show_bug.cgi?id=193603

JSTests:

  • stress/let-lexical-binding-shadow-existing-global-property-ftl.js:
  • stress/scope-operation-cache-global-property-before-deleting.js: Removed.
  • stress/scope-operation-cache-global-property-bump-counter.js: Removed.
  • stress/scope-operation-cache-global-property-even-if-it-fails.js: Removed.

Source/JavaScriptCore:

  • bytecode/BytecodeList.rb:
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::notifyLexicalBindingShadowing):
(JSC::CodeBlock::notifyLexicalBindingUpdate): Deleted.

  • bytecode/CodeBlock.h:
  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGDesiredGlobalProperties.cpp:

(JSC::DFG::DesiredGlobalProperties::isStillValidOnMainThread):

  • dfg/DFGDesiredGlobalProperties.h:
  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::watchGlobalProperty): Deleted.

  • dfg/DFGGraph.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::isStillValidOnMainThread):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_resolve_scope):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_resolve_scope):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::notifyLexicalBindingShadowing):
(JSC::JSGlobalObject::getReferencedPropertyWatchpointSet):
(JSC::JSGlobalObject::ensureReferencedPropertyWatchpointSet):
(JSC::JSGlobalObject::bumpGlobalLexicalBindingEpoch): Deleted.

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::globalLexicalBindingEpoch const): Deleted.
(JSC::JSGlobalObject::globalLexicalBindingEpochOffset): Deleted.
(JSC::JSGlobalObject::addressOfGlobalLexicalBindingEpoch): Deleted.

  • runtime/Options.cpp:

(JSC::Options::initialize):
(JSC::Options::setOptions):
(JSC::Options::setOptionWithoutAlias):
(JSC::correctOptions): Deleted.

  • runtime/Options.h:
  • runtime/ProgramExecutable.cpp:

(JSC::ProgramExecutable::initializeGlobalProperties):

Location:
trunk
Files:
3 deleted
23 edited

Legend:

Unmodified
Added
Removed
  • trunk/JSTests/ChangeLog

    r240244 r240248  
     12019-01-21  Yusuke Suzuki  <ysuzuki@apple.com>
     2
     3        Unreviewed, roll out r240220 due to date-format-xparb regression
     4        https://bugs.webkit.org/show_bug.cgi?id=193603
     5
     6        * stress/let-lexical-binding-shadow-existing-global-property-ftl.js:
     7        * stress/scope-operation-cache-global-property-before-deleting.js: Removed.
     8        * stress/scope-operation-cache-global-property-bump-counter.js: Removed.
     9        * stress/scope-operation-cache-global-property-even-if-it-fails.js: Removed.
     10
    1112019-01-21  Caio Lima  <ticaiolima@gmail.com>
    212
  • trunk/JSTests/stress/let-lexical-binding-shadow-existing-global-property-ftl.js

    r240220 r240248  
    4141
    4242foo();
    43 shouldBe(globalThis.bar, 4);
    4443shouldBe(bar, 4);
    4544shouldBe(get(), 4);
  • trunk/Source/JavaScriptCore/ChangeLog

    r240246 r240248  
     12019-01-21  Yusuke Suzuki  <ysuzuki@apple.com>
     2
     3        Unreviewed, roll out r240220 due to date-format-xparb regression
     4        https://bugs.webkit.org/show_bug.cgi?id=193603
     5
     6        * bytecode/BytecodeList.rb:
     7        * bytecode/CodeBlock.cpp:
     8        (JSC::CodeBlock::notifyLexicalBindingShadowing):
     9        (JSC::CodeBlock::notifyLexicalBindingUpdate): Deleted.
     10        * bytecode/CodeBlock.h:
     11        * dfg/DFGByteCodeParser.cpp:
     12        (JSC::DFG::ByteCodeParser::parseBlock):
     13        * dfg/DFGDesiredGlobalProperties.cpp:
     14        (JSC::DFG::DesiredGlobalProperties::isStillValidOnMainThread):
     15        * dfg/DFGDesiredGlobalProperties.h:
     16        * dfg/DFGGraph.cpp:
     17        (JSC::DFG::Graph::watchGlobalProperty): Deleted.
     18        * dfg/DFGGraph.h:
     19        * dfg/DFGPlan.cpp:
     20        (JSC::DFG::Plan::isStillValidOnMainThread):
     21        * jit/JITPropertyAccess.cpp:
     22        (JSC::JIT::emit_op_resolve_scope):
     23        * jit/JITPropertyAccess32_64.cpp:
     24        (JSC::JIT::emit_op_resolve_scope):
     25        * llint/LowLevelInterpreter32_64.asm:
     26        * llint/LowLevelInterpreter64.asm:
     27        * runtime/CommonSlowPaths.cpp:
     28        (JSC::SLOW_PATH_DECL):
     29        * runtime/CommonSlowPaths.h:
     30        (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
     31        (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
     32        * runtime/JSGlobalObject.cpp:
     33        (JSC::JSGlobalObject::notifyLexicalBindingShadowing):
     34        (JSC::JSGlobalObject::getReferencedPropertyWatchpointSet):
     35        (JSC::JSGlobalObject::ensureReferencedPropertyWatchpointSet):
     36        (JSC::JSGlobalObject::bumpGlobalLexicalBindingEpoch): Deleted.
     37        * runtime/JSGlobalObject.h:
     38        (JSC::JSGlobalObject::globalLexicalBindingEpoch const): Deleted.
     39        (JSC::JSGlobalObject::globalLexicalBindingEpochOffset): Deleted.
     40        (JSC::JSGlobalObject::addressOfGlobalLexicalBindingEpoch): Deleted.
     41        * runtime/Options.cpp:
     42        (JSC::Options::initialize):
     43        (JSC::Options::setOptions):
     44        (JSC::Options::setOptionWithoutAlias):
     45        (JSC::correctOptions): Deleted.
     46        * runtime/Options.h:
     47        * runtime/ProgramExecutable.cpp:
     48        (JSC::ProgramExecutable::initializeGlobalProperties):
     49
    1502019-01-21  Yusuke Suzuki  <ysuzuki@apple.com>
    251
  • trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb

    r240220 r240248  
    834834    metadata: {
    835835        resolveType: ResolveType, # offset 4
    836         _0: { # offset 5
    837             localScopeDepth: unsigned,
    838             globalLexicalBindingEpoch: unsigned,
    839         },
    840         _1: { # offset 6
     836        localScopeDepth: unsigned, # offset 5
     837        _: { # offset 6
    841838             # written during linking
    842839             lexicalEnvironment: WriteBarrierBase[JSCell], # lexicalEnvironment && type == ModuleVar
  • trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

    r240224 r240248  
    26692669#endif // ENABLE(DFG_JIT)
    26702670
    2671 void CodeBlock::notifyLexicalBindingUpdate()
     2671void CodeBlock::notifyLexicalBindingShadowing(VM& vm, const IdentifierSet& set)
    26722672{
    26732673    // FIXME: Currently, module code do not query to JSGlobalLexicalEnvironment. So this case should be removed once it is fixed.
     
    26762676        return;
    26772677    JSGlobalObject* globalObject = m_globalObject.get();
    2678     JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(globalObject->globalScope());
    2679     SymbolTable* symbolTable = globalLexicalEnvironment->symbolTable();
     2678
     2679    auto scope = DECLARE_THROW_SCOPE(vm);
    26802680
    26812681    ConcurrentJSLocker locker(m_lock);
    2682 
    2683     auto isShadowed = [&] (UniquedStringImpl* uid) {
    2684         ConcurrentJSLocker locker(symbolTable->m_lock);
    2685         return symbolTable->contains(locker, uid);
    2686     };
    26872682
    26882683    for (const auto& instruction : *m_instructions) {
     
    26952690            if (originalResolveType == GlobalProperty || originalResolveType == GlobalPropertyWithVarInjectionChecks) {
    26962691                const Identifier& ident = identifier(bytecode.m_var);
    2697                 if (isShadowed(ident.impl()))
    2698                     metadata.m_globalLexicalBindingEpoch = 0;
    2699                 else
    2700                     metadata.m_globalLexicalBindingEpoch = globalObject->globalLexicalBindingEpoch();
     2692                if (set.contains(ident.impl())) {
     2693                    // We pass JSGlobalLexicalScope as a start point of the scope chain.
     2694                    // It should immediately find the lexical binding because that's the reason why we perform this rewriting now.
     2695                    ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.m_localScopeDepth, globalObject->globalScope(), ident, Get, bytecode.m_resolveType, InitializationMode::NotInitialization);
     2696                    scope.releaseAssertNoException();
     2697                    ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar);
     2698                    metadata.m_resolveType = needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;
     2699                    metadata.m_localScopeDepth = 0;
     2700                    ASSERT(!op.lexicalEnvironment);
     2701                    JSScope* constantScope = JSScope::constantScopeForCodeBlock(metadata.m_resolveType, this);
     2702                    ASSERT(constantScope == globalObject->globalScope());
     2703                    metadata.m_constantScope.set(vm, this, constantScope);
     2704                    dataLogLnIf(CodeBlockInternal::verbose, "Rewrite op_resolve_scope from ", originalResolveType, " to ", metadata.m_resolveType);
     2705                }
    27012706            }
    27022707            break;
    27032708        }
     2709
     2710        case op_get_from_scope: {
     2711            auto bytecode = instruction->as<OpGetFromScope>();
     2712            auto& metadata = bytecode.metadata(this);
     2713            ResolveType originalResolveType = metadata.m_getPutInfo.resolveType();
     2714            if (originalResolveType == GlobalProperty || originalResolveType == GlobalPropertyWithVarInjectionChecks) {
     2715                const Identifier& ident = identifier(bytecode.m_var);
     2716                if (set.contains(ident.impl())) {
     2717                    // We pass JSGlobalLexicalScope as a start point of the scope chain.
     2718                    // It should immediately find the lexical binding because that's the reason why we perform this rewriting now.
     2719                    ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.m_localScopeDepth, globalObject->globalScope(), ident, Get, bytecode.m_getPutInfo.resolveType(), InitializationMode::NotInitialization);
     2720                    scope.releaseAssertNoException();
     2721                    ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar);
     2722                    metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar, bytecode.m_getPutInfo.initializationMode());
     2723                    metadata.m_watchpointSet = op.watchpointSet;
     2724                    metadata.m_operand = op.operand;
     2725                    dataLogLnIf(CodeBlockInternal::verbose, "Rewrite op_get_from_scope from ", originalResolveType, " to ", metadata.m_getPutInfo.resolveType());
     2726                }
     2727            }
     2728            break;
     2729        }
     2730
     2731        case op_put_to_scope: {
     2732            auto bytecode = instruction->as<OpPutToScope>();
     2733            auto& metadata = bytecode.metadata(this);
     2734            ResolveType originalResolveType = metadata.m_getPutInfo.resolveType();
     2735            if (originalResolveType == GlobalProperty || originalResolveType == GlobalPropertyWithVarInjectionChecks) {
     2736                const Identifier& ident = identifier(bytecode.m_var);
     2737                if (set.contains(ident.impl())) {
     2738                    // We pass JSGlobalLexicalScope as a start point of the scope chain.
     2739                    // It should immediately find the lexical binding because that's the reason why we perform this rewriting now.
     2740                    ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.m_symbolTableOrScopeDepth, globalObject->globalScope(), ident, Put, bytecode.m_getPutInfo.resolveType(), bytecode.m_getPutInfo.initializationMode());
     2741                    scope.releaseAssertNoException();
     2742                    ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar || op.type == Dynamic);
     2743
     2744                    ResolveType resolveType = op.type;
     2745                    metadata.m_watchpointSet = nullptr;
     2746                    if (resolveType == GlobalLexicalVarWithVarInjectionChecks || resolveType == GlobalLexicalVar) {
     2747                        resolveType = needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;
     2748                        metadata.m_watchpointSet = op.watchpointSet;
     2749                    }
     2750                    metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), resolveType, bytecode.m_getPutInfo.initializationMode());
     2751                    metadata.m_operand = op.operand;
     2752                    dataLogLnIf(CodeBlockInternal::verbose, "Rewrite op_put_to_scope from ", originalResolveType, " to ", metadata.m_getPutInfo.resolveType());
     2753                }
     2754            }
     2755            break;
     2756        }
     2757
    27042758        default:
    27052759            break;
  • trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

    r240224 r240248  
    196196    void finalizeUnconditionally(VM&);
    197197
    198     void notifyLexicalBindingUpdate();
     198    void notifyLexicalBindingShadowing(VM&, const IdentifierSet&);
    199199
    200200    void dumpSource();
  • trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

    r240229 r240248  
    61836183            if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) {
    61846184                if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) {
     6185                    unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[bytecode.m_var];
    61856186                    JSGlobalObject* globalObject = m_inlineStackTop->m_codeBlock->globalObject();
    6186                     unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[bytecode.m_var];
    6187                     if (!m_graph.watchGlobalProperty(globalObject, identifierNumber))
    6188                         addToGraph(ForceOSRExit);
     6187                    m_graph.globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber));
    61896188                }
    61906189            }
     
    62986297                // FIXME: Currently, module code do not query to JSGlobalLexicalEnvironment. So this case should be removed once it is fixed.
    62996298                // https://bugs.webkit.org/show_bug.cgi?id=193347
    6300                 if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) {
    6301                     if (!m_graph.watchGlobalProperty(globalObject, identifierNumber))
    6302                         addToGraph(ForceOSRExit);
    6303                 }
     6299                if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module)
     6300                    m_graph.globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber));
    63046301
    63056302                SpeculatedType prediction = getPrediction();
     
    64756472                // FIXME: Currently, module code do not query to JSGlobalLexicalEnvironment. So this case should be removed once it is fixed.
    64766473                // https://bugs.webkit.org/show_bug.cgi?id=193347
    6477                 if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) {
    6478                     if (!m_graph.watchGlobalProperty(globalObject, identifierNumber))
    6479                         addToGraph(ForceOSRExit);
    6480                 }
     6474                if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module)
     6475                    m_graph.globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber));
    64816476
    64826477                PutByIdStatus status;
  • trunk/Source/JavaScriptCore/dfg/DFGDesiredGlobalProperties.cpp

    r240220 r240248  
    3737namespace JSC { namespace DFG {
    3838
    39 bool DesiredGlobalProperties::isStillValidOnMainThread(VM& vm, DesiredIdentifiers& identifiers)
     39bool DesiredGlobalProperties::isStillValidOnMainThread(DesiredIdentifiers& identifiers)
    4040{
    41     bool isStillValid = true;
    4241    for (const auto& property : m_set) {
    4342        auto* uid = identifiers.at(property.identifierNumber());
    44         JSGlobalObject* globalObject = property.globalObject();
    45         {
    46             SymbolTable* symbolTable = globalObject->globalLexicalEnvironment()->symbolTable();
    47             ConcurrentJSLocker locker(symbolTable->m_lock);
    48             if (!symbolTable->contains(locker, uid))
    49                 continue;
     43        if (auto* watchpointSet = property.globalObject()->getReferencedPropertyWatchpointSet(uid)) {
     44            if (!watchpointSet->isStillValid())
     45                return false;
    5046        }
    51         // Set invalidated WatchpointSet here to prevent further compile-and-fail loop.
    52         property.globalObject()->ensureReferencedPropertyWatchpointSet(uid).fireAll(vm, "Lexical binding shadows an existing global property");
    53         isStillValid = false;
    5447    }
    55     return isStillValid;
     48    return true;
    5649}
    5750
  • trunk/Source/JavaScriptCore/dfg/DFGDesiredGlobalProperties.h

    r240220 r240248  
    4848    }
    4949
    50     bool isStillValidOnMainThread(VM&, DesiredIdentifiers&);
     50    bool isStillValidOnMainThread(DesiredIdentifiers&);
    5151
    5252    void reallyAdd(CodeBlock*, DesiredIdentifiers&, CommonData&);
  • trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp

    r240220 r240248  
    10591059}
    10601060
    1061 bool Graph::watchGlobalProperty(JSGlobalObject* globalObject, unsigned identifierNumber)
    1062 {
    1063     UniquedStringImpl* uid = identifiers()[identifierNumber];
    1064     // If we already have a WatchpointSet, and it is already invalidated, it means that this scope operation must be changed from GlobalProperty to GlobalLexicalVar,
    1065     // but we still have stale metadata here since we have not yet executed this bytecode operation since the invalidation. Just emitting ForceOSRExit to update the
    1066     // metadata when it reaches to this code.
    1067     if (auto* watchpoint = globalObject->getReferencedPropertyWatchpointSet(uid)) {
    1068         if (!watchpoint->isStillValid())
    1069             return false;
    1070     }
    1071     globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber));
    1072     return true;
    1073 }
    1074 
    10751061FullBytecodeLiveness& Graph::livenessFor(CodeBlock* codeBlock)
    10761062{
  • trunk/Source/JavaScriptCore/dfg/DFGGraph.h

    r240220 r240248  
    793793    bool watchCondition(const ObjectPropertyCondition&);
    794794    bool watchConditions(const ObjectPropertyConditionSet&);
    795 
    796     bool watchGlobalProperty(JSGlobalObject*, unsigned identifierNumber);
    797795
    798796    // Checks if it's known that loading from the given object at the given offset is fine. This is
  • trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp

    r240220 r240248  
    574574bool Plan::isStillValidOnMainThread()
    575575{
    576     return m_globalProperties.isStillValidOnMainThread(*m_vm, m_identifiers);
     576    return m_globalProperties.isStillValidOnMainThread(m_identifiers);
    577577}
    578578
  • trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

    r240220 r240248  
    767767        switch (resolveType) {
    768768        case GlobalProperty:
    769         case GlobalPropertyWithVarInjectionChecks: {
    770             JSScope* constantScope = JSScope::constantScopeForCodeBlock(resolveType, m_codeBlock);
    771             RELEASE_ASSERT(constantScope);
    772             emitVarInjectionCheck(needsVarInjectionChecks(resolveType));
    773             load32(&metadata.m_globalLexicalBindingEpoch, regT1);
    774             addSlowCase(branch32(NotEqual, AbsoluteAddress(m_codeBlock->globalObject()->addressOfGlobalLexicalBindingEpoch()), regT1));
    775             move(TrustedImmPtr(constantScope), regT0);
    776             emitPutVirtualRegister(dst);
    777             break;
    778         }
    779 
     769        case GlobalPropertyWithVarInjectionChecks:
    780770        case GlobalVar:
    781771        case GlobalVarWithVarInjectionChecks:
     
    810800    case GlobalProperty:
    811801    case GlobalPropertyWithVarInjectionChecks: {
    812         JumpList skipToEnd;
    813         load32(&metadata.m_resolveType, regT0);
    814 
    815         Jump notGlobalProperty = branch32(NotEqual, regT0, TrustedImm32(resolveType));
    816         emitCode(resolveType);
    817         skipToEnd.append(jump());
    818 
    819         notGlobalProperty.link(this);
    820         emitCode(needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar);
    821 
    822         skipToEnd.link(this);
     802        // Since these GlobalProperty can be changed to GlobalLexicalVar, we should load the value from metadata.
     803        JSScope** constantScopeSlot = metadata.m_constantScope.slot();
     804        emitVarInjectionCheck(needsVarInjectionChecks(resolveType));
     805        loadPtr(constantScopeSlot, regT0);
     806        emitPutVirtualRegister(dst);
    823807        break;
    824808    }
  • trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

    r240220 r240248  
    770770        switch (resolveType) {
    771771        case GlobalProperty:
    772         case GlobalPropertyWithVarInjectionChecks: {
    773             JSScope* constantScope = JSScope::constantScopeForCodeBlock(resolveType, m_codeBlock);
    774             RELEASE_ASSERT(constantScope);
    775             emitVarInjectionCheck(needsVarInjectionChecks(resolveType));
    776             load32(&metadata.m_globalLexicalBindingEpoch, regT1);
    777             addSlowCase(branch32(NotEqual, AbsoluteAddress(m_codeBlock->globalObject()->addressOfGlobalLexicalBindingEpoch()), regT1));
    778             move(TrustedImm32(JSValue::CellTag), regT1);
    779             move(TrustedImmPtr(constantScope), regT0);
    780             emitStore(dst, regT1, regT0);
    781             break;
    782         }
    783 
     772        case GlobalPropertyWithVarInjectionChecks:
    784773        case GlobalVar:
    785774        case GlobalVarWithVarInjectionChecks:
     
    815804    case GlobalProperty:
    816805    case GlobalPropertyWithVarInjectionChecks: {
    817         JumpList skipToEnd;
    818         load32(&metadata.m_resolveType, regT0);
    819 
    820         Jump notGlobalProperty = branch32(NotEqual, regT0, TrustedImm32(resolveType));
    821         emitCode(resolveType);
    822         skipToEnd.append(jump());
    823 
    824         notGlobalProperty.link(this);
    825         emitCode(needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar);
    826 
    827         skipToEnd.link(this);
     806        // Since these GlobalProperty can be changed to GlobalLexicalVar, we should load the value from metadata.
     807        JSScope** constantScopeSlot = metadata.m_constantScope.slot();
     808        emitVarInjectionCheck(needsVarInjectionChecks(resolveType));
     809        move(TrustedImm32(JSValue::CellTag), regT1);
     810        loadPtr(constantScopeSlot, regT0);
     811        emitStore(dst, regT1, regT0);
    828812        break;
    829813    }
  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

    r240220 r240248  
    20932093llintOpWithMetadata(op_resolve_scope, OpResolveScope, macro (size, get, dispatch, metadata, return)
    20942094
    2095     macro getConstantScope(dst)
    2096         loadp OpResolveScope::Metadata::m_constantScope[t5], dst
    2097     end
    2098 
    2099     macro returnConstantScope()
    2100         getConstantScope(t0)
     2095    macro getConstantScope()
     2096        loadp OpResolveScope::Metadata::m_constantScope[t5],  t0
    21012097        return(CellTag, t0)
    2102     end
    2103 
    2104     macro globalLexicalBindingEpochCheck(slowPath, globalObject, scratch)
    2105         loadi OpResolveScope::Metadata::m_globalLexicalBindingEpoch[globalObject], scratch
    2106         bineq JSGlobalObject::m_globalLexicalBindingEpoch[globalObject], scratch, slowPath
    21072098    end
    21082099
     
    21272118#rGlobalProperty:
    21282119    bineq t0, GlobalProperty, .rGlobalVar
    2129     getConstantScope(t0)
    2130     globalLexicalBindingEpochCheck(.rDynamic, t0, t2)
    2131     return(CellTag, t0)
     2120    getConstantScope()
    21322121
    21332122.rGlobalVar:
    21342123    bineq t0, GlobalVar, .rGlobalLexicalVar
    2135     returnConstantScope()
     2124    getConstantScope()
    21362125
    21372126.rGlobalLexicalVar:
    21382127    bineq t0, GlobalLexicalVar, .rClosureVar
    2139     returnConstantScope()
     2128    getConstantScope()
    21402129
    21412130.rClosureVar:
     
    21452134.rModuleVar:
    21462135    bineq t0, ModuleVar, .rGlobalPropertyWithVarInjectionChecks
    2147     returnConstantScope()
     2136    getConstantScope()
    21482137
    21492138.rGlobalPropertyWithVarInjectionChecks:
    21502139    bineq t0, GlobalPropertyWithVarInjectionChecks, .rGlobalVarWithVarInjectionChecks
    21512140    varInjectionCheck(.rDynamic)
    2152     getConstantScope(t0)
    2153     globalLexicalBindingEpochCheck(.rDynamic, t0, t2)
    2154     return(CellTag, t0)
     2141    getConstantScope()
    21552142
    21562143.rGlobalVarWithVarInjectionChecks:
    21572144    bineq t0, GlobalVarWithVarInjectionChecks, .rGlobalLexicalVarWithVarInjectionChecks
    21582145    varInjectionCheck(.rDynamic)
    2159     returnConstantScope()
     2146    getConstantScope()
    21602147
    21612148.rGlobalLexicalVarWithVarInjectionChecks:
    21622149    bineq t0, GlobalLexicalVarWithVarInjectionChecks, .rClosureVarWithVarInjectionChecks
    21632150    varInjectionCheck(.rDynamic)
    2164     returnConstantScope()
     2151    getConstantScope()
    21652152
    21662153.rClosureVarWithVarInjectionChecks:
  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

    r240220 r240248  
    21512151    metadata(t5, t0)
    21522152
    2153     macro getConstantScope(dst)
    2154         loadp OpResolveScope::Metadata::m_constantScope[t5], dst
    2155     end
    2156 
    2157     macro returnConstantScope()
    2158         getConstantScope(t0)
     2153    macro getConstantScope()
     2154        loadp OpResolveScope::Metadata::m_constantScope[t5],  t0
    21592155        return(t0)
    2160     end
    2161 
    2162     macro globalLexicalBindingEpochCheck(slowPath, globalObject, scratch)
    2163         loadi OpResolveScope::Metadata::m_globalLexicalBindingEpoch[globalObject], scratch
    2164         bineq JSGlobalObject::m_globalLexicalBindingEpoch[globalObject], scratch, slowPath
    21652156    end
    21662157
     
    21842175#rGlobalProperty:
    21852176    bineq t0, GlobalProperty, .rGlobalVar
    2186     getConstantScope(t0)
    2187     globalLexicalBindingEpochCheck(.rDynamic, t0, t2)
    2188     return(t0)
     2177    getConstantScope()
    21892178
    21902179.rGlobalVar:
    21912180    bineq t0, GlobalVar, .rGlobalLexicalVar
    2192     returnConstantScope()
     2181    getConstantScope()
    21932182
    21942183.rGlobalLexicalVar:
    21952184    bineq t0, GlobalLexicalVar, .rClosureVar
    2196     returnConstantScope()
     2185    getConstantScope()
    21972186
    21982187.rClosureVar:
     
    22022191.rModuleVar:
    22032192    bineq t0, ModuleVar, .rGlobalPropertyWithVarInjectionChecks
    2204     returnConstantScope()
     2193    getConstantScope()
    22052194
    22062195.rGlobalPropertyWithVarInjectionChecks:
    22072196    bineq t0, GlobalPropertyWithVarInjectionChecks, .rGlobalVarWithVarInjectionChecks
    22082197    varInjectionCheck(.rDynamic, t2)
    2209     getConstantScope(t0)
    2210     globalLexicalBindingEpochCheck(.rDynamic, t0, t2)
    2211     return(t0)
     2198    getConstantScope()
    22122199
    22132200.rGlobalVarWithVarInjectionChecks:
    22142201    bineq t0, GlobalVarWithVarInjectionChecks, .rGlobalLexicalVarWithVarInjectionChecks
    22152202    varInjectionCheck(.rDynamic, t2)
    2216     returnConstantScope()
     2203    getConstantScope()
    22172204
    22182205.rGlobalLexicalVarWithVarInjectionChecks:
    22192206    bineq t0, GlobalLexicalVarWithVarInjectionChecks, .rClosureVarWithVarInjectionChecks
    22202207    varInjectionCheck(.rDynamic, t2)
    2221     returnConstantScope()
     2208    getConstantScope()
    22222209
    22232210.rClosureVarWithVarInjectionChecks:
     
    22702257#gGlobalProperty:
    22712258    bineq t0, GlobalProperty, .gGlobalVar
    2272     loadWithStructureCheck(OpGetFromScope, get, .gDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.
     2259    loadWithStructureCheck(OpGetFromScope, get, .gDynamic)
    22732260    getProperty()
    22742261
     
    22912278.gGlobalPropertyWithVarInjectionChecks:
    22922279    bineq t0, GlobalPropertyWithVarInjectionChecks, .gGlobalVarWithVarInjectionChecks
    2293     loadWithStructureCheck(OpGetFromScope, get, .gDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.
     2280    loadWithStructureCheck(OpGetFromScope, get, .gDynamic)
    22942281    getProperty()
    22952282
     
    23782365.pGlobalProperty:
    23792366    bineq t0, GlobalProperty, .pGlobalVar
    2380     loadWithStructureCheck(OpPutToScope, get, .pDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.
     2367    loadWithStructureCheck(OpPutToScope, get, .pDynamic)
    23812368    putProperty()
    23822369    writeBarrierOnOperands(size, get, m_scope, m_value)
     
    24052392.pGlobalPropertyWithVarInjectionChecks:
    24062393    bineq t0, GlobalPropertyWithVarInjectionChecks, .pGlobalVarWithVarInjectionChecks
    2407     loadWithStructureCheck(OpPutToScope, get, .pDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.
     2394    loadWithStructureCheck(OpPutToScope, get, .pDynamic)
    24082395    putProperty()
    24092396    writeBarrierOnOperands(size, get, m_scope, m_value)
  • trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

    r240220 r240248  
    10681068    ASSERT(resolveType != ModuleVar);
    10691069
    1070     switch (resolveType) {
    1071     case GlobalProperty:
    1072     case GlobalPropertyWithVarInjectionChecks:
    1073     case UnresolvedProperty:
    1074     case UnresolvedPropertyWithVarInjectionChecks: {
     1070    if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) {
    10751071        if (resolvedScope->isGlobalObject()) {
    10761072            JSGlobalObject* globalObject = jsCast<JSGlobalObject*>(resolvedScope);
     
    10791075            if (hasProperty) {
    10801076                ConcurrentJSLocker locker(exec->codeBlock()->m_lock);
    1081                 metadata.m_resolveType = needsVarInjectionChecks(resolveType) ? GlobalPropertyWithVarInjectionChecks : GlobalProperty;
     1077                if (resolveType == UnresolvedProperty)
     1078                    metadata.m_resolveType = GlobalProperty;
     1079                else
     1080                    metadata.m_resolveType = GlobalPropertyWithVarInjectionChecks;
     1081
    10821082                metadata.m_globalObject = globalObject;
    1083                 metadata.m_globalLexicalBindingEpoch = globalObject->globalLexicalBindingEpoch();
    10841083            }
    10851084        } else if (resolvedScope->isGlobalLexicalEnvironment()) {
    10861085            JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(resolvedScope);
    10871086            ConcurrentJSLocker locker(exec->codeBlock()->m_lock);
    1088             metadata.m_resolveType = needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;
     1087            if (resolveType == UnresolvedProperty)
     1088                metadata.m_resolveType = GlobalLexicalVar;
     1089            else
     1090                metadata.m_resolveType = GlobalLexicalVarWithVarInjectionChecks;
    10891091            metadata.m_globalLexicalEnvironment = globalLexicalEnvironment;
    10901092        }
    1091         break;
    1092     }
    1093     default:
    1094         break;
    10951093    }
    10961094
  • trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h

    r240220 r240248  
    125125    auto& metadata = bytecode.metadata(exec);
    126126    ResolveType resolveType = metadata.m_getPutInfo.resolveType();
    127 
    128     switch (resolveType) {
    129     case UnresolvedProperty:
    130     case UnresolvedPropertyWithVarInjectionChecks: {
     127    if (resolveType != GlobalProperty && resolveType != GlobalPropertyWithVarInjectionChecks
     128        && resolveType != UnresolvedProperty && resolveType != UnresolvedPropertyWithVarInjectionChecks)
     129        return;
     130
     131    if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) {
    131132        if (scope->isGlobalObject()) {
    132             ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalPropertyWithVarInjectionChecks : GlobalProperty;
    133             resolveType = newResolveType; // Allow below caching mechanism to kick in.
     133            ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalProperty : GlobalPropertyWithVarInjectionChecks;
     134            resolveType = newResolveType;
    134135            ConcurrentJSLocker locker(codeBlock->m_lock);
    135136            metadata.m_getPutInfo = GetPutInfo(metadata.m_getPutInfo.resolveMode(), newResolveType, metadata.m_getPutInfo.initializationMode());
    136             break;
    137         }
    138         FALLTHROUGH;
    139     }
    140     case GlobalProperty:
    141     case GlobalPropertyWithVarInjectionChecks: {
    142          // Global Lexical Binding Epoch is changed. Update op_get_from_scope from GlobalProperty to GlobalLexicalVar.
    143         if (scope->isGlobalLexicalEnvironment()) {
     137        } else if (scope->isGlobalLexicalEnvironment()) {
    144138            JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(scope);
    145             ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;
     139            ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalLexicalVar : GlobalLexicalVarWithVarInjectionChecks;
    146140            metadata.m_getPutInfo = GetPutInfo(metadata.m_getPutInfo.resolveMode(), newResolveType, metadata.m_getPutInfo.initializationMode());
    147141            SymbolTableEntry entry = globalLexicalEnvironment->symbolTable()->get(ident.impl());
     
    150144            metadata.m_watchpointSet = entry.watchpointSet();
    151145            metadata.m_operand = reinterpret_cast<uintptr_t>(globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot());
    152             return;
    153146        }
    154         break;
    155     }
    156     default:
    157         return;
    158     }
    159 
     147    }
     148   
    160149    if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) {
    161150        VM& vm = exec->vm();
     
    188177    ResolveType resolveType = metadata.m_getPutInfo.resolveType();
    189178
    190     switch (resolveType) {
    191     case UnresolvedProperty:
    192     case UnresolvedPropertyWithVarInjectionChecks: {
     179    if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) {
    193180        if (scope->isGlobalObject()) {
    194             ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalPropertyWithVarInjectionChecks : GlobalProperty;
     181            ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalProperty : GlobalPropertyWithVarInjectionChecks;
    195182            resolveType = newResolveType; // Allow below caching mechanism to kick in.
    196183            ConcurrentJSLocker locker(exec->codeBlock()->m_lock);
    197184            metadata.m_getPutInfo = GetPutInfo(metadata.m_getPutInfo.resolveMode(), newResolveType, metadata.m_getPutInfo.initializationMode());
    198             break;
    199         }
    200         FALLTHROUGH;
    201     }
    202     case GlobalProperty:
    203     case GlobalPropertyWithVarInjectionChecks: {
    204          // Global Lexical Binding Epoch is changed. Update op_get_from_scope from GlobalProperty to GlobalLexicalVar.
    205         if (scope->isGlobalLexicalEnvironment()) {
     185        } else if (scope->isGlobalLexicalEnvironment()) {
    206186            JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(scope);
    207             ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;
     187            ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalLexicalVar : GlobalLexicalVarWithVarInjectionChecks;
    208188            SymbolTableEntry entry = globalLexicalEnvironment->symbolTable()->get(ident.impl());
    209189            ASSERT(!entry.isNull());
     
    212192            metadata.m_watchpointSet = entry.watchpointSet();
    213193            metadata.m_operand = reinterpret_cast<uintptr_t>(globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot());
    214             return;
    215194        }
    216         break;
    217     }
    218     default:
    219         return;
    220195    }
    221196
  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

    r240242 r240248  
    18581858#endif // ENABLE(INTL)
    18591859
    1860 void JSGlobalObject::bumpGlobalLexicalBindingEpoch(VM& vm)
    1861 {
    1862     if (++m_globalLexicalBindingEpoch == Options::thresholdForGlobalLexicalBindingEpoch()) {
    1863         // Since the epoch overflows, we should rewrite all the CodeBlock to adjust to the newly started generation.
    1864         m_globalLexicalBindingEpoch = 1;
    1865         vm.heap.codeBlockSet().iterate([&] (CodeBlock* codeBlock) {
    1866             if (codeBlock->globalObject() != this)
    1867                 return;
    1868             codeBlock->notifyLexicalBindingUpdate();
    1869         });
    1870     }
     1860void JSGlobalObject::notifyLexicalBindingShadowing(VM& vm, const IdentifierSet& set)
     1861{
     1862    auto scope = DECLARE_THROW_SCOPE(vm);
     1863#if ENABLE(DFG_JIT)
     1864    for (const auto& key : set)
     1865        ensureReferencedPropertyWatchpointSet(key.get()).fireAll(vm, "Lexical binding shadows the existing global properties");
     1866#endif
     1867    vm.heap.codeBlockSet().iterate([&] (CodeBlock* codeBlock) {
     1868        if (codeBlock->globalObject() != this)
     1869            return;
     1870        codeBlock->notifyLexicalBindingShadowing(vm, set);
     1871        scope.assertNoException();
     1872    });
     1873    scope.release();
    18711874}
    18721875
     
    18941897WatchpointSet* JSGlobalObject::getReferencedPropertyWatchpointSet(UniquedStringImpl* uid)
    18951898{
    1896     ConcurrentJSLocker locker(m_referencedGlobalPropertyWatchpointSetsLock);
    18971899    return m_referencedGlobalPropertyWatchpointSets.get(uid);
    18981900}
     
    19001902WatchpointSet& JSGlobalObject::ensureReferencedPropertyWatchpointSet(UniquedStringImpl* uid)
    19011903{
    1902     ConcurrentJSLocker locker(m_referencedGlobalPropertyWatchpointSetsLock);
    19031904    return m_referencedGlobalPropertyWatchpointSets.ensure(uid, [] {
    19041905        return WatchpointSet::create(IsWatched);
  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

    r240242 r240248  
    487487    using ReferencedGlobalPropertyWatchpointSets = HashMap<RefPtr<UniquedStringImpl>, Ref<WatchpointSet>, IdentifierRepHash>;
    488488    ReferencedGlobalPropertyWatchpointSets m_referencedGlobalPropertyWatchpointSets;
    489     ConcurrentJSLock m_referencedGlobalPropertyWatchpointSetsLock;
    490489#endif
    491490
    492491    bool m_evalEnabled { true };
    493492    bool m_webAssemblyEnabled { true };
    494     unsigned m_globalLexicalBindingEpoch { 1 };
    495493    String m_evalDisabledErrorMessage;
    496494    String m_webAssemblyDisabledErrorMessage;
     
    754752#endif // ENABLE(INTL)
    755753
    756     void bumpGlobalLexicalBindingEpoch(VM&);
    757     unsigned globalLexicalBindingEpoch() const { return m_globalLexicalBindingEpoch; }
    758     static ptrdiff_t globalLexicalBindingEpochOffset() { return OBJECT_OFFSETOF(JSGlobalObject, m_globalLexicalBindingEpoch); }
    759     unsigned* addressOfGlobalLexicalBindingEpoch() { return &m_globalLexicalBindingEpoch; }
     754    void notifyLexicalBindingShadowing(VM&, const IdentifierSet&);
    760755
    761756    void setConsoleClient(ConsoleClient* consoleClient) { m_consoleClient = consoleClient; }
  • trunk/Source/JavaScriptCore/runtime/Options.cpp

    r240224 r240248  
    375375    Options::useMachForExceptions() = false;
    376376#endif
    377 }
    378 
    379 static void correctOptions()
    380 {
    381     unsigned thresholdForGlobalLexicalBindingEpoch = Options::thresholdForGlobalLexicalBindingEpoch();
    382     if (thresholdForGlobalLexicalBindingEpoch == 0 || thresholdForGlobalLexicalBindingEpoch == 1)
    383         Options::thresholdForGlobalLexicalBindingEpoch() = UINT_MAX;
    384377}
    385378
     
    574567                ; // Deconfuse editors that do auto indentation
    575568#endif
    576 
    577             correctOptions();
    578569   
    579570            recomputeDependentOptions();
     
    709700    }
    710701
    711     correctOptions();
    712 
    713702    recomputeDependentOptions();
    714703
     
    747736        if (success) {                                             \
    748737            name_() = value;                                       \
    749             correctOptions();                                      \
    750738            recomputeDependentOptions();                           \
    751739            return true;                                           \
  • trunk/Source/JavaScriptCore/runtime/Options.h

    r240224 r240248  
    509509    v(bool, traceLLIntSlowPath, false, Configurable, nullptr) \
    510510    v(bool, traceBaselineJITExecution, false, Normal, nullptr) \
    511     v(unsigned, thresholdForGlobalLexicalBindingEpoch, UINT_MAX, Normal, "Threshold for global lexical binding epoch. If the epoch reaches to this value, CodeBlock metadata for scope operations will be revised globally. It needs to be greater than 1.") \
     511    v(optionString, diskCachePath, nullptr, Restricted, "") \
     512    v(bool, forceDiskCache, false, Restricted, "") \
    512513
    513514
  • trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp

    r240220 r240248  
    108108    const VariableEnvironment& variableDeclarations = unlinkedCodeBlock->variableDeclarations();
    109109    const VariableEnvironment& lexicalDeclarations = unlinkedCodeBlock->lexicalDeclarations();
     110    IdentifierSet shadowedProperties;
    110111    // The ES6 spec says that no vars/global properties/let/const can be duplicated in the global scope.
    111112    // This carried out section 15.1.8 of the ES6 spec: http://www.ecma-international.org/ecma-262/6.0/index.html#sec-globaldeclarationinstantiation
     
    131132                // https://tc39.github.io/ecma262/#sec-globaldeclarationinstantiation step 5-c, `hasRestrictedGlobal` becomes false
    132133                // However we may emit GlobalProperty look up in bytecodes already and it may cache the value for the global scope.
    133                 // To make it invalid,
    134                 // 1. In LLInt and Baseline, we bump the global lexical binding epoch and it works.
     134                // To make it invalid, we iterate all the CodeBlocks and rewrite the instruction to convert GlobalProperty to GlobalLexicalVar.
     135                // 1. In LLInt, we always check metadata's resolveType. So rewritten instruction just works.
     136                // 2. In Baseline JIT, we check metadata's resolveType in GlobalProperty case so that we can notice once it is changed.
    135137                // 3. In DFG and FTL, we watch the watchpoint and jettison once it is fired.
     138                shadowedProperties.add(entry.key.get());
    136139                break;
    137140            case GlobalPropertyLookUpStatus::NotFound:
     
    204207        }
    205208    }
    206     if (lexicalDeclarations.size()) {
    207 #if ENABLE(DFG_JIT)
    208         for (auto& entry : lexicalDeclarations) {
    209             // If WatchpointSet exists, just fire it. Since DFG WatchpointSet addition is also done on the main thread, we can sync them.
    210             // So that we do not create WatchpointSet here. DFG will create if necessary on the main thread.
    211             // And it will only create not-invalidated watchpoint set if the global lexical environment binding doesn't exist, which is why this code works.
    212             if (auto* watchpointSet = globalObject->getReferencedPropertyWatchpointSet(entry.key.get()))
    213                 watchpointSet->fireAll(vm, "Lexical binding shadows an existing global property");
    214         }
    215 #endif
    216         globalObject->bumpGlobalLexicalBindingEpoch(vm);
    217     }
     209
     210    if (!shadowedProperties.isEmpty()) {
     211        globalObject->notifyLexicalBindingShadowing(vm, WTFMove(shadowedProperties));
     212        throwScope.assertNoException();
     213    }
     214
    218215    return nullptr;
    219216}
Note: See TracChangeset for help on using the changeset viewer.