Changeset 240248 in webkit
- Timestamp:
- Jan 21, 2019 9:28:35 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 3 deleted
- 23 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r240244 r240248 1 2019-01-21 Yusuke Suzuki <ysuzuki@apple.com> 2 3 Unreviewed, roll out r240220 due to date-format-xparb regression 4 https://bugs.webkit.org/show_bug.cgi?id=193603 5 6 * stress/let-lexical-binding-shadow-existing-global-property-ftl.js: 7 * stress/scope-operation-cache-global-property-before-deleting.js: Removed. 8 * stress/scope-operation-cache-global-property-bump-counter.js: Removed. 9 * stress/scope-operation-cache-global-property-even-if-it-fails.js: Removed. 10 1 11 2019-01-21 Caio Lima <ticaiolima@gmail.com> 2 12 -
trunk/JSTests/stress/let-lexical-binding-shadow-existing-global-property-ftl.js
r240220 r240248 41 41 42 42 foo(); 43 shouldBe(globalThis.bar, 4);44 43 shouldBe(bar, 4); 45 44 shouldBe(get(), 4); -
trunk/Source/JavaScriptCore/ChangeLog
r240246 r240248 1 2019-01-21 Yusuke Suzuki <ysuzuki@apple.com> 2 3 Unreviewed, roll out r240220 due to date-format-xparb regression 4 https://bugs.webkit.org/show_bug.cgi?id=193603 5 6 * bytecode/BytecodeList.rb: 7 * bytecode/CodeBlock.cpp: 8 (JSC::CodeBlock::notifyLexicalBindingShadowing): 9 (JSC::CodeBlock::notifyLexicalBindingUpdate): Deleted. 10 * bytecode/CodeBlock.h: 11 * dfg/DFGByteCodeParser.cpp: 12 (JSC::DFG::ByteCodeParser::parseBlock): 13 * dfg/DFGDesiredGlobalProperties.cpp: 14 (JSC::DFG::DesiredGlobalProperties::isStillValidOnMainThread): 15 * dfg/DFGDesiredGlobalProperties.h: 16 * dfg/DFGGraph.cpp: 17 (JSC::DFG::Graph::watchGlobalProperty): Deleted. 18 * dfg/DFGGraph.h: 19 * dfg/DFGPlan.cpp: 20 (JSC::DFG::Plan::isStillValidOnMainThread): 21 * jit/JITPropertyAccess.cpp: 22 (JSC::JIT::emit_op_resolve_scope): 23 * jit/JITPropertyAccess32_64.cpp: 24 (JSC::JIT::emit_op_resolve_scope): 25 * llint/LowLevelInterpreter32_64.asm: 26 * llint/LowLevelInterpreter64.asm: 27 * runtime/CommonSlowPaths.cpp: 28 (JSC::SLOW_PATH_DECL): 29 * runtime/CommonSlowPaths.h: 30 (JSC::CommonSlowPaths::tryCachePutToScopeGlobal): 31 (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal): 32 * runtime/JSGlobalObject.cpp: 33 (JSC::JSGlobalObject::notifyLexicalBindingShadowing): 34 (JSC::JSGlobalObject::getReferencedPropertyWatchpointSet): 35 (JSC::JSGlobalObject::ensureReferencedPropertyWatchpointSet): 36 (JSC::JSGlobalObject::bumpGlobalLexicalBindingEpoch): Deleted. 37 * runtime/JSGlobalObject.h: 38 (JSC::JSGlobalObject::globalLexicalBindingEpoch const): Deleted. 39 (JSC::JSGlobalObject::globalLexicalBindingEpochOffset): Deleted. 40 (JSC::JSGlobalObject::addressOfGlobalLexicalBindingEpoch): Deleted. 41 * runtime/Options.cpp: 42 (JSC::Options::initialize): 43 (JSC::Options::setOptions): 44 (JSC::Options::setOptionWithoutAlias): 45 (JSC::correctOptions): Deleted. 46 * runtime/Options.h: 47 * runtime/ProgramExecutable.cpp: 48 (JSC::ProgramExecutable::initializeGlobalProperties): 49 1 50 2019-01-21 Yusuke Suzuki <ysuzuki@apple.com> 2 51 -
trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb
r240220 r240248 834 834 metadata: { 835 835 resolveType: ResolveType, # offset 4 836 _0: { # offset 5 837 localScopeDepth: unsigned, 838 globalLexicalBindingEpoch: unsigned, 839 }, 840 _1: { # offset 6 836 localScopeDepth: unsigned, # offset 5 837 _: { # offset 6 841 838 # written during linking 842 839 lexicalEnvironment: WriteBarrierBase[JSCell], # lexicalEnvironment && type == ModuleVar -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
r240224 r240248 2669 2669 #endif // ENABLE(DFG_JIT) 2670 2670 2671 void CodeBlock::notifyLexicalBinding Update()2671 void CodeBlock::notifyLexicalBindingShadowing(VM& vm, const IdentifierSet& set) 2672 2672 { 2673 2673 // FIXME: Currently, module code do not query to JSGlobalLexicalEnvironment. So this case should be removed once it is fixed. … … 2676 2676 return; 2677 2677 JSGlobalObject* globalObject = m_globalObject.get(); 2678 JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(globalObject->globalScope()); 2679 SymbolTable* symbolTable = globalLexicalEnvironment->symbolTable();2678 2679 auto scope = DECLARE_THROW_SCOPE(vm); 2680 2680 2681 2681 ConcurrentJSLocker locker(m_lock); 2682 2683 auto isShadowed = [&] (UniquedStringImpl* uid) {2684 ConcurrentJSLocker locker(symbolTable->m_lock);2685 return symbolTable->contains(locker, uid);2686 };2687 2682 2688 2683 for (const auto& instruction : *m_instructions) { … … 2695 2690 if (originalResolveType == GlobalProperty || originalResolveType == GlobalPropertyWithVarInjectionChecks) { 2696 2691 const Identifier& ident = identifier(bytecode.m_var); 2697 if (isShadowed(ident.impl())) 2698 metadata.m_globalLexicalBindingEpoch = 0; 2699 else 2700 metadata.m_globalLexicalBindingEpoch = globalObject->globalLexicalBindingEpoch(); 2692 if (set.contains(ident.impl())) { 2693 // We pass JSGlobalLexicalScope as a start point of the scope chain. 2694 // It should immediately find the lexical binding because that's the reason why we perform this rewriting now. 2695 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.m_localScopeDepth, globalObject->globalScope(), ident, Get, bytecode.m_resolveType, InitializationMode::NotInitialization); 2696 scope.releaseAssertNoException(); 2697 ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar); 2698 metadata.m_resolveType = needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar; 2699 metadata.m_localScopeDepth = 0; 2700 ASSERT(!op.lexicalEnvironment); 2701 JSScope* constantScope = JSScope::constantScopeForCodeBlock(metadata.m_resolveType, this); 2702 ASSERT(constantScope == globalObject->globalScope()); 2703 metadata.m_constantScope.set(vm, this, constantScope); 2704 dataLogLnIf(CodeBlockInternal::verbose, "Rewrite op_resolve_scope from ", originalResolveType, " to ", metadata.m_resolveType); 2705 } 2701 2706 } 2702 2707 break; 2703 2708 } 2709 2710 case op_get_from_scope: { 2711 auto bytecode = instruction->as<OpGetFromScope>(); 2712 auto& metadata = bytecode.metadata(this); 2713 ResolveType originalResolveType = metadata.m_getPutInfo.resolveType(); 2714 if (originalResolveType == GlobalProperty || originalResolveType == GlobalPropertyWithVarInjectionChecks) { 2715 const Identifier& ident = identifier(bytecode.m_var); 2716 if (set.contains(ident.impl())) { 2717 // We pass JSGlobalLexicalScope as a start point of the scope chain. 2718 // It should immediately find the lexical binding because that's the reason why we perform this rewriting now. 2719 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.m_localScopeDepth, globalObject->globalScope(), ident, Get, bytecode.m_getPutInfo.resolveType(), InitializationMode::NotInitialization); 2720 scope.releaseAssertNoException(); 2721 ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar); 2722 metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar, bytecode.m_getPutInfo.initializationMode()); 2723 metadata.m_watchpointSet = op.watchpointSet; 2724 metadata.m_operand = op.operand; 2725 dataLogLnIf(CodeBlockInternal::verbose, "Rewrite op_get_from_scope from ", originalResolveType, " to ", metadata.m_getPutInfo.resolveType()); 2726 } 2727 } 2728 break; 2729 } 2730 2731 case op_put_to_scope: { 2732 auto bytecode = instruction->as<OpPutToScope>(); 2733 auto& metadata = bytecode.metadata(this); 2734 ResolveType originalResolveType = metadata.m_getPutInfo.resolveType(); 2735 if (originalResolveType == GlobalProperty || originalResolveType == GlobalPropertyWithVarInjectionChecks) { 2736 const Identifier& ident = identifier(bytecode.m_var); 2737 if (set.contains(ident.impl())) { 2738 // We pass JSGlobalLexicalScope as a start point of the scope chain. 2739 // It should immediately find the lexical binding because that's the reason why we perform this rewriting now. 2740 ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.m_symbolTableOrScopeDepth, globalObject->globalScope(), ident, Put, bytecode.m_getPutInfo.resolveType(), bytecode.m_getPutInfo.initializationMode()); 2741 scope.releaseAssertNoException(); 2742 ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar || op.type == Dynamic); 2743 2744 ResolveType resolveType = op.type; 2745 metadata.m_watchpointSet = nullptr; 2746 if (resolveType == GlobalLexicalVarWithVarInjectionChecks || resolveType == GlobalLexicalVar) { 2747 resolveType = needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar; 2748 metadata.m_watchpointSet = op.watchpointSet; 2749 } 2750 metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), resolveType, bytecode.m_getPutInfo.initializationMode()); 2751 metadata.m_operand = op.operand; 2752 dataLogLnIf(CodeBlockInternal::verbose, "Rewrite op_put_to_scope from ", originalResolveType, " to ", metadata.m_getPutInfo.resolveType()); 2753 } 2754 } 2755 break; 2756 } 2757 2704 2758 default: 2705 2759 break; -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.h
r240224 r240248 196 196 void finalizeUnconditionally(VM&); 197 197 198 void notifyLexicalBinding Update();198 void notifyLexicalBindingShadowing(VM&, const IdentifierSet&); 199 199 200 200 void dumpSource(); -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r240229 r240248 6183 6183 if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) { 6184 6184 if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) { 6185 unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[bytecode.m_var]; 6185 6186 JSGlobalObject* globalObject = m_inlineStackTop->m_codeBlock->globalObject(); 6186 unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[bytecode.m_var]; 6187 if (!m_graph.watchGlobalProperty(globalObject, identifierNumber)) 6188 addToGraph(ForceOSRExit); 6187 m_graph.globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber)); 6189 6188 } 6190 6189 } … … 6298 6297 // FIXME: Currently, module code do not query to JSGlobalLexicalEnvironment. So this case should be removed once it is fixed. 6299 6298 // https://bugs.webkit.org/show_bug.cgi?id=193347 6300 if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) { 6301 if (!m_graph.watchGlobalProperty(globalObject, identifierNumber)) 6302 addToGraph(ForceOSRExit); 6303 } 6299 if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) 6300 m_graph.globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber)); 6304 6301 6305 6302 SpeculatedType prediction = getPrediction(); … … 6475 6472 // FIXME: Currently, module code do not query to JSGlobalLexicalEnvironment. So this case should be removed once it is fixed. 6476 6473 // https://bugs.webkit.org/show_bug.cgi?id=193347 6477 if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) { 6478 if (!m_graph.watchGlobalProperty(globalObject, identifierNumber)) 6479 addToGraph(ForceOSRExit); 6480 } 6474 if (m_inlineStackTop->m_codeBlock->scriptMode() != JSParserScriptMode::Module) 6475 m_graph.globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber)); 6481 6476 6482 6477 PutByIdStatus status; -
trunk/Source/JavaScriptCore/dfg/DFGDesiredGlobalProperties.cpp
r240220 r240248 37 37 namespace JSC { namespace DFG { 38 38 39 bool DesiredGlobalProperties::isStillValidOnMainThread( VM& vm,DesiredIdentifiers& identifiers)39 bool DesiredGlobalProperties::isStillValidOnMainThread(DesiredIdentifiers& identifiers) 40 40 { 41 bool isStillValid = true;42 41 for (const auto& property : m_set) { 43 42 auto* uid = identifiers.at(property.identifierNumber()); 44 JSGlobalObject* globalObject = property.globalObject(); 45 { 46 SymbolTable* symbolTable = globalObject->globalLexicalEnvironment()->symbolTable(); 47 ConcurrentJSLocker locker(symbolTable->m_lock); 48 if (!symbolTable->contains(locker, uid)) 49 continue; 43 if (auto* watchpointSet = property.globalObject()->getReferencedPropertyWatchpointSet(uid)) { 44 if (!watchpointSet->isStillValid()) 45 return false; 50 46 } 51 // Set invalidated WatchpointSet here to prevent further compile-and-fail loop.52 property.globalObject()->ensureReferencedPropertyWatchpointSet(uid).fireAll(vm, "Lexical binding shadows an existing global property");53 isStillValid = false;54 47 } 55 return isStillValid;48 return true; 56 49 } 57 50 -
trunk/Source/JavaScriptCore/dfg/DFGDesiredGlobalProperties.h
r240220 r240248 48 48 } 49 49 50 bool isStillValidOnMainThread( VM&,DesiredIdentifiers&);50 bool isStillValidOnMainThread(DesiredIdentifiers&); 51 51 52 52 void reallyAdd(CodeBlock*, DesiredIdentifiers&, CommonData&); -
trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp
r240220 r240248 1059 1059 } 1060 1060 1061 bool Graph::watchGlobalProperty(JSGlobalObject* globalObject, unsigned identifierNumber)1062 {1063 UniquedStringImpl* uid = identifiers()[identifierNumber];1064 // If we already have a WatchpointSet, and it is already invalidated, it means that this scope operation must be changed from GlobalProperty to GlobalLexicalVar,1065 // but we still have stale metadata here since we have not yet executed this bytecode operation since the invalidation. Just emitting ForceOSRExit to update the1066 // metadata when it reaches to this code.1067 if (auto* watchpoint = globalObject->getReferencedPropertyWatchpointSet(uid)) {1068 if (!watchpoint->isStillValid())1069 return false;1070 }1071 globalProperties().addLazily(DesiredGlobalProperty(globalObject, identifierNumber));1072 return true;1073 }1074 1075 1061 FullBytecodeLiveness& Graph::livenessFor(CodeBlock* codeBlock) 1076 1062 { -
trunk/Source/JavaScriptCore/dfg/DFGGraph.h
r240220 r240248 793 793 bool watchCondition(const ObjectPropertyCondition&); 794 794 bool watchConditions(const ObjectPropertyConditionSet&); 795 796 bool watchGlobalProperty(JSGlobalObject*, unsigned identifierNumber);797 795 798 796 // Checks if it's known that loading from the given object at the given offset is fine. This is -
trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp
r240220 r240248 574 574 bool Plan::isStillValidOnMainThread() 575 575 { 576 return m_globalProperties.isStillValidOnMainThread( *m_vm,m_identifiers);576 return m_globalProperties.isStillValidOnMainThread(m_identifiers); 577 577 } 578 578 -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
r240220 r240248 767 767 switch (resolveType) { 768 768 case GlobalProperty: 769 case GlobalPropertyWithVarInjectionChecks: { 770 JSScope* constantScope = JSScope::constantScopeForCodeBlock(resolveType, m_codeBlock); 771 RELEASE_ASSERT(constantScope); 772 emitVarInjectionCheck(needsVarInjectionChecks(resolveType)); 773 load32(&metadata.m_globalLexicalBindingEpoch, regT1); 774 addSlowCase(branch32(NotEqual, AbsoluteAddress(m_codeBlock->globalObject()->addressOfGlobalLexicalBindingEpoch()), regT1)); 775 move(TrustedImmPtr(constantScope), regT0); 776 emitPutVirtualRegister(dst); 777 break; 778 } 779 769 case GlobalPropertyWithVarInjectionChecks: 780 770 case GlobalVar: 781 771 case GlobalVarWithVarInjectionChecks: … … 810 800 case GlobalProperty: 811 801 case GlobalPropertyWithVarInjectionChecks: { 812 JumpList skipToEnd; 813 load32(&metadata.m_resolveType, regT0); 814 815 Jump notGlobalProperty = branch32(NotEqual, regT0, TrustedImm32(resolveType)); 816 emitCode(resolveType); 817 skipToEnd.append(jump()); 818 819 notGlobalProperty.link(this); 820 emitCode(needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar); 821 822 skipToEnd.link(this); 802 // Since these GlobalProperty can be changed to GlobalLexicalVar, we should load the value from metadata. 803 JSScope** constantScopeSlot = metadata.m_constantScope.slot(); 804 emitVarInjectionCheck(needsVarInjectionChecks(resolveType)); 805 loadPtr(constantScopeSlot, regT0); 806 emitPutVirtualRegister(dst); 823 807 break; 824 808 } -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
r240220 r240248 770 770 switch (resolveType) { 771 771 case GlobalProperty: 772 case GlobalPropertyWithVarInjectionChecks: { 773 JSScope* constantScope = JSScope::constantScopeForCodeBlock(resolveType, m_codeBlock); 774 RELEASE_ASSERT(constantScope); 775 emitVarInjectionCheck(needsVarInjectionChecks(resolveType)); 776 load32(&metadata.m_globalLexicalBindingEpoch, regT1); 777 addSlowCase(branch32(NotEqual, AbsoluteAddress(m_codeBlock->globalObject()->addressOfGlobalLexicalBindingEpoch()), regT1)); 778 move(TrustedImm32(JSValue::CellTag), regT1); 779 move(TrustedImmPtr(constantScope), regT0); 780 emitStore(dst, regT1, regT0); 781 break; 782 } 783 772 case GlobalPropertyWithVarInjectionChecks: 784 773 case GlobalVar: 785 774 case GlobalVarWithVarInjectionChecks: … … 815 804 case GlobalProperty: 816 805 case GlobalPropertyWithVarInjectionChecks: { 817 JumpList skipToEnd; 818 load32(&metadata.m_resolveType, regT0); 819 820 Jump notGlobalProperty = branch32(NotEqual, regT0, TrustedImm32(resolveType)); 821 emitCode(resolveType); 822 skipToEnd.append(jump()); 823 824 notGlobalProperty.link(this); 825 emitCode(needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar); 826 827 skipToEnd.link(this); 806 // Since these GlobalProperty can be changed to GlobalLexicalVar, we should load the value from metadata. 807 JSScope** constantScopeSlot = metadata.m_constantScope.slot(); 808 emitVarInjectionCheck(needsVarInjectionChecks(resolveType)); 809 move(TrustedImm32(JSValue::CellTag), regT1); 810 loadPtr(constantScopeSlot, regT0); 811 emitStore(dst, regT1, regT0); 828 812 break; 829 813 } -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
r240220 r240248 2093 2093 llintOpWithMetadata(op_resolve_scope, OpResolveScope, macro (size, get, dispatch, metadata, return) 2094 2094 2095 macro getConstantScope(dst) 2096 loadp OpResolveScope::Metadata::m_constantScope[t5], dst 2097 end 2098 2099 macro returnConstantScope() 2100 getConstantScope(t0) 2095 macro getConstantScope() 2096 loadp OpResolveScope::Metadata::m_constantScope[t5], t0 2101 2097 return(CellTag, t0) 2102 end2103 2104 macro globalLexicalBindingEpochCheck(slowPath, globalObject, scratch)2105 loadi OpResolveScope::Metadata::m_globalLexicalBindingEpoch[globalObject], scratch2106 bineq JSGlobalObject::m_globalLexicalBindingEpoch[globalObject], scratch, slowPath2107 2098 end 2108 2099 … … 2127 2118 #rGlobalProperty: 2128 2119 bineq t0, GlobalProperty, .rGlobalVar 2129 getConstantScope(t0) 2130 globalLexicalBindingEpochCheck(.rDynamic, t0, t2) 2131 return(CellTag, t0) 2120 getConstantScope() 2132 2121 2133 2122 .rGlobalVar: 2134 2123 bineq t0, GlobalVar, .rGlobalLexicalVar 2135 returnConstantScope()2124 getConstantScope() 2136 2125 2137 2126 .rGlobalLexicalVar: 2138 2127 bineq t0, GlobalLexicalVar, .rClosureVar 2139 returnConstantScope()2128 getConstantScope() 2140 2129 2141 2130 .rClosureVar: … … 2145 2134 .rModuleVar: 2146 2135 bineq t0, ModuleVar, .rGlobalPropertyWithVarInjectionChecks 2147 returnConstantScope()2136 getConstantScope() 2148 2137 2149 2138 .rGlobalPropertyWithVarInjectionChecks: 2150 2139 bineq t0, GlobalPropertyWithVarInjectionChecks, .rGlobalVarWithVarInjectionChecks 2151 2140 varInjectionCheck(.rDynamic) 2152 getConstantScope(t0) 2153 globalLexicalBindingEpochCheck(.rDynamic, t0, t2) 2154 return(CellTag, t0) 2141 getConstantScope() 2155 2142 2156 2143 .rGlobalVarWithVarInjectionChecks: 2157 2144 bineq t0, GlobalVarWithVarInjectionChecks, .rGlobalLexicalVarWithVarInjectionChecks 2158 2145 varInjectionCheck(.rDynamic) 2159 returnConstantScope()2146 getConstantScope() 2160 2147 2161 2148 .rGlobalLexicalVarWithVarInjectionChecks: 2162 2149 bineq t0, GlobalLexicalVarWithVarInjectionChecks, .rClosureVarWithVarInjectionChecks 2163 2150 varInjectionCheck(.rDynamic) 2164 returnConstantScope()2151 getConstantScope() 2165 2152 2166 2153 .rClosureVarWithVarInjectionChecks: -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
r240220 r240248 2151 2151 metadata(t5, t0) 2152 2152 2153 macro getConstantScope(dst) 2154 loadp OpResolveScope::Metadata::m_constantScope[t5], dst 2155 end 2156 2157 macro returnConstantScope() 2158 getConstantScope(t0) 2153 macro getConstantScope() 2154 loadp OpResolveScope::Metadata::m_constantScope[t5], t0 2159 2155 return(t0) 2160 end2161 2162 macro globalLexicalBindingEpochCheck(slowPath, globalObject, scratch)2163 loadi OpResolveScope::Metadata::m_globalLexicalBindingEpoch[globalObject], scratch2164 bineq JSGlobalObject::m_globalLexicalBindingEpoch[globalObject], scratch, slowPath2165 2156 end 2166 2157 … … 2184 2175 #rGlobalProperty: 2185 2176 bineq t0, GlobalProperty, .rGlobalVar 2186 getConstantScope(t0) 2187 globalLexicalBindingEpochCheck(.rDynamic, t0, t2) 2188 return(t0) 2177 getConstantScope() 2189 2178 2190 2179 .rGlobalVar: 2191 2180 bineq t0, GlobalVar, .rGlobalLexicalVar 2192 returnConstantScope()2181 getConstantScope() 2193 2182 2194 2183 .rGlobalLexicalVar: 2195 2184 bineq t0, GlobalLexicalVar, .rClosureVar 2196 returnConstantScope()2185 getConstantScope() 2197 2186 2198 2187 .rClosureVar: … … 2202 2191 .rModuleVar: 2203 2192 bineq t0, ModuleVar, .rGlobalPropertyWithVarInjectionChecks 2204 returnConstantScope()2193 getConstantScope() 2205 2194 2206 2195 .rGlobalPropertyWithVarInjectionChecks: 2207 2196 bineq t0, GlobalPropertyWithVarInjectionChecks, .rGlobalVarWithVarInjectionChecks 2208 2197 varInjectionCheck(.rDynamic, t2) 2209 getConstantScope(t0) 2210 globalLexicalBindingEpochCheck(.rDynamic, t0, t2) 2211 return(t0) 2198 getConstantScope() 2212 2199 2213 2200 .rGlobalVarWithVarInjectionChecks: 2214 2201 bineq t0, GlobalVarWithVarInjectionChecks, .rGlobalLexicalVarWithVarInjectionChecks 2215 2202 varInjectionCheck(.rDynamic, t2) 2216 returnConstantScope()2203 getConstantScope() 2217 2204 2218 2205 .rGlobalLexicalVarWithVarInjectionChecks: 2219 2206 bineq t0, GlobalLexicalVarWithVarInjectionChecks, .rClosureVarWithVarInjectionChecks 2220 2207 varInjectionCheck(.rDynamic, t2) 2221 returnConstantScope()2208 getConstantScope() 2222 2209 2223 2210 .rClosureVarWithVarInjectionChecks: … … 2270 2257 #gGlobalProperty: 2271 2258 bineq t0, GlobalProperty, .gGlobalVar 2272 loadWithStructureCheck(OpGetFromScope, get, .gDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.2259 loadWithStructureCheck(OpGetFromScope, get, .gDynamic) 2273 2260 getProperty() 2274 2261 … … 2291 2278 .gGlobalPropertyWithVarInjectionChecks: 2292 2279 bineq t0, GlobalPropertyWithVarInjectionChecks, .gGlobalVarWithVarInjectionChecks 2293 loadWithStructureCheck(OpGetFromScope, get, .gDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.2280 loadWithStructureCheck(OpGetFromScope, get, .gDynamic) 2294 2281 getProperty() 2295 2282 … … 2378 2365 .pGlobalProperty: 2379 2366 bineq t0, GlobalProperty, .pGlobalVar 2380 loadWithStructureCheck(OpPutToScope, get, .pDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.2367 loadWithStructureCheck(OpPutToScope, get, .pDynamic) 2381 2368 putProperty() 2382 2369 writeBarrierOnOperands(size, get, m_scope, m_value) … … 2405 2392 .pGlobalPropertyWithVarInjectionChecks: 2406 2393 bineq t0, GlobalPropertyWithVarInjectionChecks, .pGlobalVarWithVarInjectionChecks 2407 loadWithStructureCheck(OpPutToScope, get, .pDynamic) # This structure check includes lexical binding epoch check since when the epoch is changed, scope will be changed too.2394 loadWithStructureCheck(OpPutToScope, get, .pDynamic) 2408 2395 putProperty() 2409 2396 writeBarrierOnOperands(size, get, m_scope, m_value) -
trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
r240220 r240248 1068 1068 ASSERT(resolveType != ModuleVar); 1069 1069 1070 switch (resolveType) { 1071 case GlobalProperty: 1072 case GlobalPropertyWithVarInjectionChecks: 1073 case UnresolvedProperty: 1074 case UnresolvedPropertyWithVarInjectionChecks: { 1070 if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) { 1075 1071 if (resolvedScope->isGlobalObject()) { 1076 1072 JSGlobalObject* globalObject = jsCast<JSGlobalObject*>(resolvedScope); … … 1079 1075 if (hasProperty) { 1080 1076 ConcurrentJSLocker locker(exec->codeBlock()->m_lock); 1081 metadata.m_resolveType = needsVarInjectionChecks(resolveType) ? GlobalPropertyWithVarInjectionChecks : GlobalProperty; 1077 if (resolveType == UnresolvedProperty) 1078 metadata.m_resolveType = GlobalProperty; 1079 else 1080 metadata.m_resolveType = GlobalPropertyWithVarInjectionChecks; 1081 1082 1082 metadata.m_globalObject = globalObject; 1083 metadata.m_globalLexicalBindingEpoch = globalObject->globalLexicalBindingEpoch();1084 1083 } 1085 1084 } else if (resolvedScope->isGlobalLexicalEnvironment()) { 1086 1085 JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(resolvedScope); 1087 1086 ConcurrentJSLocker locker(exec->codeBlock()->m_lock); 1088 metadata.m_resolveType = needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar; 1087 if (resolveType == UnresolvedProperty) 1088 metadata.m_resolveType = GlobalLexicalVar; 1089 else 1090 metadata.m_resolveType = GlobalLexicalVarWithVarInjectionChecks; 1089 1091 metadata.m_globalLexicalEnvironment = globalLexicalEnvironment; 1090 1092 } 1091 break;1092 }1093 default:1094 break;1095 1093 } 1096 1094 -
trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h
r240220 r240248 125 125 auto& metadata = bytecode.metadata(exec); 126 126 ResolveType resolveType = metadata.m_getPutInfo.resolveType(); 127 128 switch (resolveType) { 129 case UnresolvedProperty: 130 case UnresolvedPropertyWithVarInjectionChecks: { 127 if (resolveType != GlobalProperty && resolveType != GlobalPropertyWithVarInjectionChecks 128 && resolveType != UnresolvedProperty && resolveType != UnresolvedPropertyWithVarInjectionChecks) 129 return; 130 131 if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) { 131 132 if (scope->isGlobalObject()) { 132 ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalPropertyWithVarInjectionChecks : GlobalProperty;133 resolveType = newResolveType; // Allow below caching mechanism to kick in.133 ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalProperty : GlobalPropertyWithVarInjectionChecks; 134 resolveType = newResolveType; 134 135 ConcurrentJSLocker locker(codeBlock->m_lock); 135 136 metadata.m_getPutInfo = GetPutInfo(metadata.m_getPutInfo.resolveMode(), newResolveType, metadata.m_getPutInfo.initializationMode()); 136 break; 137 } 138 FALLTHROUGH; 139 } 140 case GlobalProperty: 141 case GlobalPropertyWithVarInjectionChecks: { 142 // Global Lexical Binding Epoch is changed. Update op_get_from_scope from GlobalProperty to GlobalLexicalVar. 143 if (scope->isGlobalLexicalEnvironment()) { 137 } else if (scope->isGlobalLexicalEnvironment()) { 144 138 JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(scope); 145 ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;139 ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalLexicalVar : GlobalLexicalVarWithVarInjectionChecks; 146 140 metadata.m_getPutInfo = GetPutInfo(metadata.m_getPutInfo.resolveMode(), newResolveType, metadata.m_getPutInfo.initializationMode()); 147 141 SymbolTableEntry entry = globalLexicalEnvironment->symbolTable()->get(ident.impl()); … … 150 144 metadata.m_watchpointSet = entry.watchpointSet(); 151 145 metadata.m_operand = reinterpret_cast<uintptr_t>(globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot()); 152 return;153 146 } 154 break; 155 } 156 default: 157 return; 158 } 159 147 } 148 160 149 if (resolveType == GlobalProperty || resolveType == GlobalPropertyWithVarInjectionChecks) { 161 150 VM& vm = exec->vm(); … … 188 177 ResolveType resolveType = metadata.m_getPutInfo.resolveType(); 189 178 190 switch (resolveType) { 191 case UnresolvedProperty: 192 case UnresolvedPropertyWithVarInjectionChecks: { 179 if (resolveType == UnresolvedProperty || resolveType == UnresolvedPropertyWithVarInjectionChecks) { 193 180 if (scope->isGlobalObject()) { 194 ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalPropertyWithVarInjectionChecks : GlobalProperty;181 ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalProperty : GlobalPropertyWithVarInjectionChecks; 195 182 resolveType = newResolveType; // Allow below caching mechanism to kick in. 196 183 ConcurrentJSLocker locker(exec->codeBlock()->m_lock); 197 184 metadata.m_getPutInfo = GetPutInfo(metadata.m_getPutInfo.resolveMode(), newResolveType, metadata.m_getPutInfo.initializationMode()); 198 break; 199 } 200 FALLTHROUGH; 201 } 202 case GlobalProperty: 203 case GlobalPropertyWithVarInjectionChecks: { 204 // Global Lexical Binding Epoch is changed. Update op_get_from_scope from GlobalProperty to GlobalLexicalVar. 205 if (scope->isGlobalLexicalEnvironment()) { 185 } else if (scope->isGlobalLexicalEnvironment()) { 206 186 JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(scope); 207 ResolveType newResolveType = needsVarInjectionChecks(resolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;187 ResolveType newResolveType = resolveType == UnresolvedProperty ? GlobalLexicalVar : GlobalLexicalVarWithVarInjectionChecks; 208 188 SymbolTableEntry entry = globalLexicalEnvironment->symbolTable()->get(ident.impl()); 209 189 ASSERT(!entry.isNull()); … … 212 192 metadata.m_watchpointSet = entry.watchpointSet(); 213 193 metadata.m_operand = reinterpret_cast<uintptr_t>(globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot()); 214 return;215 194 } 216 break;217 }218 default:219 return;220 195 } 221 196 -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
r240242 r240248 1858 1858 #endif // ENABLE(INTL) 1859 1859 1860 void JSGlobalObject::bumpGlobalLexicalBindingEpoch(VM& vm) 1861 { 1862 if (++m_globalLexicalBindingEpoch == Options::thresholdForGlobalLexicalBindingEpoch()) { 1863 // Since the epoch overflows, we should rewrite all the CodeBlock to adjust to the newly started generation. 1864 m_globalLexicalBindingEpoch = 1; 1865 vm.heap.codeBlockSet().iterate([&] (CodeBlock* codeBlock) { 1866 if (codeBlock->globalObject() != this) 1867 return; 1868 codeBlock->notifyLexicalBindingUpdate(); 1869 }); 1870 } 1860 void JSGlobalObject::notifyLexicalBindingShadowing(VM& vm, const IdentifierSet& set) 1861 { 1862 auto scope = DECLARE_THROW_SCOPE(vm); 1863 #if ENABLE(DFG_JIT) 1864 for (const auto& key : set) 1865 ensureReferencedPropertyWatchpointSet(key.get()).fireAll(vm, "Lexical binding shadows the existing global properties"); 1866 #endif 1867 vm.heap.codeBlockSet().iterate([&] (CodeBlock* codeBlock) { 1868 if (codeBlock->globalObject() != this) 1869 return; 1870 codeBlock->notifyLexicalBindingShadowing(vm, set); 1871 scope.assertNoException(); 1872 }); 1873 scope.release(); 1871 1874 } 1872 1875 … … 1894 1897 WatchpointSet* JSGlobalObject::getReferencedPropertyWatchpointSet(UniquedStringImpl* uid) 1895 1898 { 1896 ConcurrentJSLocker locker(m_referencedGlobalPropertyWatchpointSetsLock);1897 1899 return m_referencedGlobalPropertyWatchpointSets.get(uid); 1898 1900 } … … 1900 1902 WatchpointSet& JSGlobalObject::ensureReferencedPropertyWatchpointSet(UniquedStringImpl* uid) 1901 1903 { 1902 ConcurrentJSLocker locker(m_referencedGlobalPropertyWatchpointSetsLock);1903 1904 return m_referencedGlobalPropertyWatchpointSets.ensure(uid, [] { 1904 1905 return WatchpointSet::create(IsWatched); -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h
r240242 r240248 487 487 using ReferencedGlobalPropertyWatchpointSets = HashMap<RefPtr<UniquedStringImpl>, Ref<WatchpointSet>, IdentifierRepHash>; 488 488 ReferencedGlobalPropertyWatchpointSets m_referencedGlobalPropertyWatchpointSets; 489 ConcurrentJSLock m_referencedGlobalPropertyWatchpointSetsLock;490 489 #endif 491 490 492 491 bool m_evalEnabled { true }; 493 492 bool m_webAssemblyEnabled { true }; 494 unsigned m_globalLexicalBindingEpoch { 1 };495 493 String m_evalDisabledErrorMessage; 496 494 String m_webAssemblyDisabledErrorMessage; … … 754 752 #endif // ENABLE(INTL) 755 753 756 void bumpGlobalLexicalBindingEpoch(VM&); 757 unsigned globalLexicalBindingEpoch() const { return m_globalLexicalBindingEpoch; } 758 static ptrdiff_t globalLexicalBindingEpochOffset() { return OBJECT_OFFSETOF(JSGlobalObject, m_globalLexicalBindingEpoch); } 759 unsigned* addressOfGlobalLexicalBindingEpoch() { return &m_globalLexicalBindingEpoch; } 754 void notifyLexicalBindingShadowing(VM&, const IdentifierSet&); 760 755 761 756 void setConsoleClient(ConsoleClient* consoleClient) { m_consoleClient = consoleClient; } -
trunk/Source/JavaScriptCore/runtime/Options.cpp
r240224 r240248 375 375 Options::useMachForExceptions() = false; 376 376 #endif 377 }378 379 static void correctOptions()380 {381 unsigned thresholdForGlobalLexicalBindingEpoch = Options::thresholdForGlobalLexicalBindingEpoch();382 if (thresholdForGlobalLexicalBindingEpoch == 0 || thresholdForGlobalLexicalBindingEpoch == 1)383 Options::thresholdForGlobalLexicalBindingEpoch() = UINT_MAX;384 377 } 385 378 … … 574 567 ; // Deconfuse editors that do auto indentation 575 568 #endif 576 577 correctOptions();578 569 579 570 recomputeDependentOptions(); … … 709 700 } 710 701 711 correctOptions();712 713 702 recomputeDependentOptions(); 714 703 … … 747 736 if (success) { \ 748 737 name_() = value; \ 749 correctOptions(); \750 738 recomputeDependentOptions(); \ 751 739 return true; \ -
trunk/Source/JavaScriptCore/runtime/Options.h
r240224 r240248 509 509 v(bool, traceLLIntSlowPath, false, Configurable, nullptr) \ 510 510 v(bool, traceBaselineJITExecution, false, Normal, nullptr) \ 511 v(unsigned, thresholdForGlobalLexicalBindingEpoch, UINT_MAX, Normal, "Threshold for global lexical binding epoch. If the epoch reaches to this value, CodeBlock metadata for scope operations will be revised globally. It needs to be greater than 1.") \ 511 v(optionString, diskCachePath, nullptr, Restricted, "") \ 512 v(bool, forceDiskCache, false, Restricted, "") \ 512 513 513 514 -
trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp
r240220 r240248 108 108 const VariableEnvironment& variableDeclarations = unlinkedCodeBlock->variableDeclarations(); 109 109 const VariableEnvironment& lexicalDeclarations = unlinkedCodeBlock->lexicalDeclarations(); 110 IdentifierSet shadowedProperties; 110 111 // The ES6 spec says that no vars/global properties/let/const can be duplicated in the global scope. 111 112 // This carried out section 15.1.8 of the ES6 spec: http://www.ecma-international.org/ecma-262/6.0/index.html#sec-globaldeclarationinstantiation … … 131 132 // https://tc39.github.io/ecma262/#sec-globaldeclarationinstantiation step 5-c, `hasRestrictedGlobal` becomes false 132 133 // However we may emit GlobalProperty look up in bytecodes already and it may cache the value for the global scope. 133 // To make it invalid, 134 // 1. In LLInt and Baseline, we bump the global lexical binding epoch and it works. 134 // To make it invalid, we iterate all the CodeBlocks and rewrite the instruction to convert GlobalProperty to GlobalLexicalVar. 135 // 1. In LLInt, we always check metadata's resolveType. So rewritten instruction just works. 136 // 2. In Baseline JIT, we check metadata's resolveType in GlobalProperty case so that we can notice once it is changed. 135 137 // 3. In DFG and FTL, we watch the watchpoint and jettison once it is fired. 138 shadowedProperties.add(entry.key.get()); 136 139 break; 137 140 case GlobalPropertyLookUpStatus::NotFound: … … 204 207 } 205 208 } 206 if (lexicalDeclarations.size()) { 207 #if ENABLE(DFG_JIT) 208 for (auto& entry : lexicalDeclarations) { 209 // If WatchpointSet exists, just fire it. Since DFG WatchpointSet addition is also done on the main thread, we can sync them. 210 // So that we do not create WatchpointSet here. DFG will create if necessary on the main thread. 211 // And it will only create not-invalidated watchpoint set if the global lexical environment binding doesn't exist, which is why this code works. 212 if (auto* watchpointSet = globalObject->getReferencedPropertyWatchpointSet(entry.key.get())) 213 watchpointSet->fireAll(vm, "Lexical binding shadows an existing global property"); 214 } 215 #endif 216 globalObject->bumpGlobalLexicalBindingEpoch(vm); 217 } 209 210 if (!shadowedProperties.isEmpty()) { 211 globalObject->notifyLexicalBindingShadowing(vm, WTFMove(shadowedProperties)); 212 throwScope.assertNoException(); 213 } 214 218 215 return nullptr; 219 216 }
Note: See TracChangeset
for help on using the changeset viewer.