diff options
| author | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-06-27 06:07:23 +0000 |
|---|---|---|
| committer | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-06-27 06:07:23 +0000 |
| commit | 1bf1084f2b10c3b47fd1a588d85d21ed0eb41d0c (patch) | |
| tree | 46dcd36c86e7fbc6e5df36deb463b33e9967a6f7 /Source/JavaScriptCore/bytecompiler | |
| parent | 32761a6cee1d0dee366b885b7b9c777e67885688 (diff) | |
| download | WebKitGtk-tarball-master.tar.gz | |
webkitgtk-2.16.5HEADwebkitgtk-2.16.5master
Diffstat (limited to 'Source/JavaScriptCore/bytecompiler')
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp | 4483 | ||||
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h | 1017 | ||||
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/Label.h | 12 | ||||
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/LabelScope.h | 26 | ||||
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp | 3014 | ||||
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/RegisterID.h | 8 | ||||
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/StaticPropertyAnalysis.h | 10 | ||||
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/StaticPropertyAnalyzer.h | 9 |
8 files changed, 6621 insertions, 1958 deletions
diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp index cd4490f59..4b211b7b6 100644 --- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp +++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2009, 2012, 2013, 2014 Apple Inc. All rights reserved. + * Copyright (C) 2008-2017 Apple Inc. All rights reserved. * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca> * Copyright (C) 2012 Igalia, S.L. * @@ -12,7 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -31,17 +31,30 @@ #include "config.h" #include "BytecodeGenerator.h" +#include "ArithProfile.h" +#include "BuiltinExecutables.h" +#include "BytecodeGeneratorification.h" +#include "BytecodeLivenessAnalysis.h" +#include "DefinePropertyAttributes.h" #include "Interpreter.h" -#include "JSActivation.h" +#include "JSCInlines.h" #include "JSFunction.h" -#include "JSNameScope.h" +#include "JSGeneratorFunction.h" +#include "JSLexicalEnvironment.h" +#include "JSTemplateRegistryKey.h" #include "LowLevelInterpreter.h" -#include "Operations.h" #include "Options.h" #include "StackAlignment.h" #include "StrongInlines.h" #include "UnlinkedCodeBlock.h" +#include "UnlinkedEvalCodeBlock.h" +#include "UnlinkedFunctionCodeBlock.h" #include "UnlinkedInstructionStream.h" +#include "UnlinkedModuleProgramCodeBlock.h" +#include "UnlinkedProgramCodeBlock.h" +#include <wtf/BitVector.h> +#include <wtf/CommaPrinter.h> +#include <wtf/SmallPtrSet.h> #include <wtf/StdLibExtras.h> #include <wtf/text/WTFString.h> @@ -55,21 +68,65 @@ void Label::setLocation(unsigned location) unsigned size = m_unresolvedJumps.size(); for (unsigned i = 0; i < size; ++i) - m_generator->m_instructions[m_unresolvedJumps[i].second].u.operand = m_location - m_unresolvedJumps[i].first; + m_generator.instructions()[m_unresolvedJumps[i].second].u.operand = m_location - m_unresolvedJumps[i].first; +} + +void Variable::dump(PrintStream& out) const +{ + out.print( + "{ident = ", m_ident, + ", offset = ", m_offset, + ", local = ", RawPointer(m_local), + ", attributes = ", m_attributes, + ", kind = ", m_kind, + ", symbolTableConstantIndex = ", m_symbolTableConstantIndex, + ", isLexicallyScoped = ", m_isLexicallyScoped, "}"); } ParserError BytecodeGenerator::generate() { - SamplingRegion samplingRegion("Bytecode Generation"); - m_codeBlock->setThisRegister(m_thisRegister.virtualRegister()); - m_scopeNode->emitBytecode(*this); + emitLogShadowChickenPrologueIfNecessary(); + + // If we have declared a variable named "arguments" and we are using arguments then we should + // perform that assignment now. + if (m_needToInitializeArguments) + initializeVariable(variable(propertyNames().arguments), m_argumentsRegister); + + if (m_restParameter) + m_restParameter->emit(*this); + + { + RefPtr<RegisterID> temp = newTemporary(); + RefPtr<RegisterID> globalScope; + for (auto functionPair : m_functionsToInitialize) { + FunctionMetadataNode* metadata = functionPair.first; + FunctionVariableType functionType = functionPair.second; + emitNewFunction(temp.get(), metadata); + if (functionType == NormalFunctionVariable) + initializeVariable(variable(metadata->ident()), temp.get()); + else if (functionType == GlobalFunctionVariable) { + if (!globalScope) { + // We know this will resolve to the global object because our parser/global initialization code + // doesn't allow let/const/class variables to have the same names as functions. + RefPtr<RegisterID> globalObjectScope = emitResolveScope(nullptr, Variable(metadata->ident())); + globalScope = newBlockScopeVariable(); + emitMove(globalScope.get(), globalObjectScope.get()); + } + emitPutToScope(globalScope.get(), Variable(metadata->ident()), temp.get(), ThrowIfNotFound, InitializationMode::NotInitialization); + } else + RELEASE_ASSERT_NOT_REACHED(); + } + } + + bool callingClassConstructor = constructorKind() != ConstructorKind::None && !isConstructor(); + if (!callingClassConstructor) + m_scopeNode->emitBytecode(*this); m_staticPropertyAnalyzer.kill(); - for (unsigned i = 0; i < m_tryRanges.size(); ++i) { - TryRange& range = m_tryRanges[i]; + for (auto& range : m_tryRanges) { int start = range.start->bind(); int end = range.end->bind(); @@ -98,15 +155,15 @@ ParserError BytecodeGenerator::generate() if (end <= start) continue; - ASSERT(range.tryData->targetScopeDepth != UINT_MAX); - UnlinkedHandlerInfo info = { - static_cast<uint32_t>(start), static_cast<uint32_t>(end), - static_cast<uint32_t>(range.tryData->target->bind()), - range.tryData->targetScopeDepth - }; + UnlinkedHandlerInfo info(static_cast<uint32_t>(start), static_cast<uint32_t>(end), + static_cast<uint32_t>(range.tryData->target->bind()), range.tryData->handlerType); m_codeBlock->addExceptionHandler(info); } + + if (isGeneratorOrAsyncFunctionBodyParseMode(m_codeBlock->parseMode())) + performGeneratorification(m_codeBlock.get(), m_instructions, m_generatorFrameSymbolTable.get(), m_generatorFrameSymbolTableIndex); + m_codeBlock->setInstructions(std::make_unique<UnlinkedInstructionStream>(m_instructions)); m_codeBlock->shrinkToFit(); @@ -116,465 +173,1020 @@ ParserError BytecodeGenerator::generate() return ParserError(ParserError::ErrorNone); } -bool BytecodeGenerator::addVar( - const Identifier& ident, ConstantMode constantMode, WatchMode watchMode, RegisterID*& r0) -{ - ASSERT(static_cast<size_t>(m_codeBlock->m_numVars) == m_calleeRegisters.size()); - - ConcurrentJITLocker locker(symbolTable().m_lock); - int index = virtualRegisterForLocal(m_calleeRegisters.size()).offset(); - SymbolTableEntry newEntry(index, constantMode == IsConstant ? ReadOnly : 0); - SymbolTable::Map::AddResult result = symbolTable().add(locker, ident.impl(), newEntry); - - if (!result.isNewEntry) { - r0 = ®isterFor(result.iterator->value.getIndex()); - return false; - } - - if (watchMode == IsWatchable) { - while (m_watchableVariables.size() < static_cast<size_t>(m_codeBlock->m_numVars)) - m_watchableVariables.append(Identifier()); - m_watchableVariables.append(ident); - } - - r0 = addVar(); - - ASSERT(watchMode == NotWatchable || static_cast<size_t>(m_codeBlock->m_numVars) == m_watchableVariables.size()); - - return true; -} - -void BytecodeGenerator::preserveLastVar() -{ - if ((m_firstConstantIndex = m_calleeRegisters.size()) != 0) - m_lastVar = &m_calleeRegisters.last(); -} - -BytecodeGenerator::BytecodeGenerator(VM& vm, ProgramNode* programNode, UnlinkedProgramCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode) - : m_shouldEmitDebugHooks(debuggerMode == DebuggerOn) - , m_shouldEmitProfileHooks(profilerMode == ProfilerOn) - , m_symbolTable(0) +BytecodeGenerator::BytecodeGenerator(VM& vm, ProgramNode* programNode, UnlinkedProgramCodeBlock* codeBlock, DebuggerMode debuggerMode, const VariableEnvironment* parentScopeTDZVariables) + : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn) , m_scopeNode(programNode) , m_codeBlock(vm, codeBlock) , m_thisRegister(CallFrame::thisArgumentOffset()) - , m_emptyValueRegister(0) - , m_globalObjectRegister(0) - , m_finallyDepth(0) - , m_localScopeDepth(0) , m_codeType(GlobalCode) - , m_nextConstantOffset(0) - , m_globalConstantIndex(0) - , m_hasCreatedActivation(true) - , m_firstLazyFunction(0) - , m_lastLazyFunction(0) - , m_staticPropertyAnalyzer(&m_instructions) , m_vm(&vm) - , m_lastOpcodeID(op_end) -#ifndef NDEBUG - , m_lastOpcodePosition(0) -#endif - , m_usesExceptions(false) - , m_expressionTooDeep(false) + , m_needsToUpdateArrowFunctionContext(programNode->usesArrowFunction() || programNode->usesEval()) { - if (m_shouldEmitDebugHooks) - m_codeBlock->setNeedsFullScopeChain(true); + ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size()); + + for (auto& constantRegister : m_linkTimeConstantRegisters) + constantRegister = nullptr; + + allocateCalleeSaveSpace(); m_codeBlock->setNumParameters(1); // Allocate space for "this" - emitOpcode(op_enter); + emitEnter(); - const VarStack& varStack = programNode->varStack(); - const FunctionStack& functionStack = programNode->functionStack(); + allocateAndEmitScope(); - for (size_t i = 0; i < functionStack.size(); ++i) { - FunctionBodyNode* function = functionStack[i]; - UnlinkedFunctionExecutable* unlinkedFunction = makeFunction(function); - codeBlock->addFunctionDeclaration(*m_vm, function->ident(), unlinkedFunction); - } + emitWatchdog(); + + const FunctionStack& functionStack = programNode->functionStack(); - for (size_t i = 0; i < varStack.size(); ++i) - codeBlock->addVariableDeclaration(varStack[i].first, !!(varStack[i].second & DeclarationStacks::IsConstant)); + for (auto* function : functionStack) + m_functionsToInitialize.append(std::make_pair(function, GlobalFunctionVariable)); + if (Options::validateBytecode()) { + for (auto& entry : programNode->varDeclarations()) + RELEASE_ASSERT(entry.value.isVar()); + } + codeBlock->setVariableDeclarations(programNode->varDeclarations()); + codeBlock->setLexicalDeclarations(programNode->lexicalVariables()); + // Even though this program may have lexical variables that go under TDZ, when linking the get_from_scope/put_to_scope + // operations we emit we will have ResolveTypes that implictly do TDZ checks. Therefore, we don't need + // additional TDZ checks on top of those. This is why we can omit pushing programNode->lexicalVariables() + // to the TDZ stack. + + if (needsToUpdateArrowFunctionContext()) { + initializeArrowFunctionContextScopeIfNeeded(); + emitPutThisToArrowFunctionContextScope(); + } } -BytecodeGenerator::BytecodeGenerator(VM& vm, FunctionBodyNode* functionBody, UnlinkedFunctionCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode) - : m_shouldEmitDebugHooks(debuggerMode == DebuggerOn) - , m_shouldEmitProfileHooks(profilerMode == ProfilerOn) - , m_symbolTable(codeBlock->symbolTable()) - , m_scopeNode(functionBody) +BytecodeGenerator::BytecodeGenerator(VM& vm, FunctionNode* functionNode, UnlinkedFunctionCodeBlock* codeBlock, DebuggerMode debuggerMode, const VariableEnvironment* parentScopeTDZVariables) + : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn) + , m_scopeNode(functionNode) , m_codeBlock(vm, codeBlock) - , m_activationRegister(0) - , m_emptyValueRegister(0) - , m_globalObjectRegister(0) - , m_finallyDepth(0) - , m_localScopeDepth(0) , m_codeType(FunctionCode) - , m_nextConstantOffset(0) - , m_globalConstantIndex(0) - , m_hasCreatedActivation(false) - , m_firstLazyFunction(0) - , m_lastLazyFunction(0) - , m_staticPropertyAnalyzer(&m_instructions) , m_vm(&vm) - , m_lastOpcodeID(op_end) -#ifndef NDEBUG - , m_lastOpcodePosition(0) -#endif - , m_usesExceptions(false) - , m_expressionTooDeep(false) + , m_isBuiltinFunction(codeBlock->isBuiltinFunction()) + , m_usesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode()) + // FIXME: We should be able to have tail call elimination with the profiler + // enabled. This is currently not possible because the profiler expects + // op_will_call / op_did_call pairs before and after a call, which are not + // compatible with tail calls (we have no way of emitting op_did_call). + // https://bugs.webkit.org/show_bug.cgi?id=148819 + , m_inTailPosition(Options::useTailCalls() && !isConstructor() && constructorKind() == ConstructorKind::None && isStrictMode()) + , m_needsToUpdateArrowFunctionContext(functionNode->usesArrowFunction() || functionNode->usesEval()) + , m_derivedContextType(codeBlock->derivedContextType()) { - if (m_shouldEmitDebugHooks) - m_codeBlock->setNeedsFullScopeChain(true); - - m_symbolTable->setUsesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode()); - Vector<Identifier> boundParameterProperties; - FunctionParameters& parameters = *functionBody->parameters(); - for (size_t i = 0; i < parameters.size(); i++) { - auto pattern = parameters.at(i); - if (pattern->isBindingNode()) - continue; - pattern->collectBoundIdentifiers(boundParameterProperties); - continue; + for (auto& constantRegister : m_linkTimeConstantRegisters) + constantRegister = nullptr; + + if (m_isBuiltinFunction) + m_shouldEmitDebugHooks = false; + + allocateCalleeSaveSpace(); + + SymbolTable* functionSymbolTable = SymbolTable::create(*m_vm); + functionSymbolTable->setUsesNonStrictEval(m_usesNonStrictEval); + int symbolTableConstantIndex = 0; + + FunctionParameters& parameters = *functionNode->parameters(); + // http://www.ecma-international.org/ecma-262/6.0/index.html#sec-functiondeclarationinstantiation + // This implements IsSimpleParameterList in the Ecma 2015 spec. + // If IsSimpleParameterList is false, we will create a strict-mode like arguments object. + // IsSimpleParameterList is false if the argument list contains any default parameter values, + // a rest parameter, or any destructuring patterns. + // If we do have default parameters, destructuring parameters, or a rest parameter, our parameters will be allocated in a different scope. + bool isSimpleParameterList = parameters.isSimpleParameterList(); + + SourceParseMode parseMode = codeBlock->parseMode(); + + bool containsArrowOrEvalButNotInArrowBlock = ((functionNode->usesArrowFunction() && functionNode->doAnyInnerArrowFunctionsUseAnyFeature()) || functionNode->usesEval()) && !m_codeBlock->isArrowFunction(); + bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || functionNode->needsActivation() || containsArrowOrEvalButNotInArrowBlock; + + bool shouldCaptureAllOfTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval(); + bool needsArguments = ((functionNode->usesArguments() && !codeBlock->isArrowFunction()) || codeBlock->usesEval() || (functionNode->usesArrowFunction() && !codeBlock->isArrowFunction() && isArgumentsUsedInInnerArrowFunction())); + + if (isGeneratorOrAsyncFunctionBodyParseMode(parseMode)) { + // Generator and AsyncFunction never provides "arguments". "arguments" reference will be resolved in an upper generator function scope. + needsArguments = false; + + // Generator and AsyncFunction uses the var scope to save and resume its variables. So the lexical scope is always instantiated. + shouldCaptureSomeOfTheThings = true; } - m_symbolTable->setParameterCountIncludingThis(functionBody->parameters()->size() + 1); - emitOpcode(op_enter); - if (m_codeBlock->needsFullScopeChain()) { - m_activationRegister = addVar(); - emitInitLazyRegister(m_activationRegister); - m_codeBlock->setActivationRegister(m_activationRegister->virtualRegister()); + if (isGeneratorOrAsyncFunctionWrapperParseMode(parseMode) && needsArguments) { + // Generator does not provide "arguments". Instead, wrapping GeneratorFunction provides "arguments". + // This is because arguments of a generator should be evaluated before starting it. + // To workaround it, we evaluate these arguments as arguments of a wrapping generator function, and reference it from a generator. + // + // function *gen(a, b = hello()) + // { + // return { + // @generatorNext: function (@generator, @generatorState, @generatorValue, @generatorResumeMode, @generatorFrame) + // { + // arguments; // This `arguments` should reference to the gen's arguments. + // ... + // } + // } + // } + shouldCaptureSomeOfTheThings = true; } - m_symbolTable->setCaptureStart(virtualRegisterForLocal(m_codeBlock->m_numVars).offset()); + if (shouldCaptureAllOfTheThings) + functionNode->varDeclarations().markAllVariablesAsCaptured(); + + auto captures = [&] (UniquedStringImpl* uid) -> bool { + if (!shouldCaptureSomeOfTheThings) + return false; + if (needsArguments && uid == propertyNames().arguments.impl()) { + // Actually, we only need to capture the arguments object when we "need full activation" + // because of name scopes. But historically we did it this way, so for now we just preserve + // the old behavior. + // FIXME: https://bugs.webkit.org/show_bug.cgi?id=143072 + return true; + } + return functionNode->captures(uid); + }; + auto varKind = [&] (UniquedStringImpl* uid) -> VarKind { + return captures(uid) ? VarKind::Scope : VarKind::Stack; + }; - if (functionBody->usesArguments() || codeBlock->usesEval()) { // May reify arguments object. - RegisterID* unmodifiedArgumentsRegister = addVar(); // Anonymous, so it can't be modified by user code. - RegisterID* argumentsRegister = addVar(propertyNames().arguments, IsVariable, NotWatchable); // Can be changed by assigning to 'arguments'. + m_calleeRegister.setIndex(CallFrameSlot::callee); - // We can save a little space by hard-coding the knowledge that the two - // 'arguments' values are stored in consecutive registers, and storing - // only the index of the assignable one. - codeBlock->setArgumentsRegister(argumentsRegister->virtualRegister()); - ASSERT_UNUSED(unmodifiedArgumentsRegister, unmodifiedArgumentsRegister->virtualRegister() == JSC::unmodifiedArgumentsRegister(codeBlock->argumentsRegister())); + initializeParameters(parameters); + ASSERT(!(isSimpleParameterList && m_restParameter)); - emitInitLazyRegister(argumentsRegister); - emitInitLazyRegister(unmodifiedArgumentsRegister); - - if (shouldTearOffArgumentsEagerly()) { - emitOpcode(op_create_arguments); - instructions().append(argumentsRegister->index()); - } + emitEnter(); + + if (isGeneratorOrAsyncFunctionBodyParseMode(parseMode)) + m_generatorRegister = &m_parameters[1]; + + allocateAndEmitScope(); + + emitWatchdog(); + + if (functionNameIsInScope(functionNode->ident(), functionNode->functionMode())) { + ASSERT(parseMode != SourceParseMode::GeneratorBodyMode); + ASSERT(!isAsyncFunctionBodyParseMode(parseMode)); + bool isDynamicScope = functionNameScopeIsDynamic(codeBlock->usesEval(), codeBlock->isStrictMode()); + bool isFunctionNameCaptured = captures(functionNode->ident().impl()); + bool markAsCaptured = isDynamicScope || isFunctionNameCaptured; + emitPushFunctionNameScope(functionNode->ident(), &m_calleeRegister, markAsCaptured); } - bool shouldCaptureAllTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval(); + if (shouldCaptureSomeOfTheThings) + m_lexicalEnvironmentRegister = addVar(); + + if (shouldCaptureSomeOfTheThings || vm.typeProfiler()) + symbolTableConstantIndex = addConstantValue(functionSymbolTable)->index(); + + // We can allocate the "var" environment if we don't have default parameter expressions. If we have + // default parameter expressions, we have to hold off on allocating the "var" environment because + // the parent scope of the "var" environment is the parameter environment. + if (isSimpleParameterList) + initializeVarLexicalEnvironment(symbolTableConstantIndex, functionSymbolTable, shouldCaptureSomeOfTheThings); + // Figure out some interesting facts about our arguments. bool capturesAnyArgumentByName = false; - Vector<RegisterID*, 0, UnsafeVectorOverflow> capturedArguments; - if (functionBody->hasCapturedVariables() || shouldCaptureAllTheThings) { - FunctionParameters& parameters = *functionBody->parameters(); - capturedArguments.resize(parameters.size()); + if (functionNode->hasCapturedVariables()) { + FunctionParameters& parameters = *functionNode->parameters(); for (size_t i = 0; i < parameters.size(); ++i) { - capturedArguments[i] = 0; - auto pattern = parameters.at(i); + auto pattern = parameters.at(i).first; if (!pattern->isBindingNode()) continue; const Identifier& ident = static_cast<const BindingNode*>(pattern)->boundProperty(); - if (!functionBody->captures(ident) && !shouldCaptureAllTheThings) - continue; - capturesAnyArgumentByName = true; - capturedArguments[i] = addVar(); + capturesAnyArgumentByName |= captures(ident.impl()); } } + + if (capturesAnyArgumentByName) + ASSERT(m_lexicalEnvironmentRegister); - if (capturesAnyArgumentByName && !shouldTearOffArgumentsEagerly()) { - size_t parameterCount = m_symbolTable->parameterCount(); - auto slowArguments = std::make_unique<SlowArgument[]>(parameterCount); - for (size_t i = 0; i < parameterCount; ++i) { - if (!capturedArguments[i]) { - ASSERT(slowArguments[i].status == SlowArgument::Normal); - slowArguments[i].index = CallFrame::argumentOffset(i); + // Need to know what our functions are called. Parameters have some goofy behaviors when it + // comes to functions of the same name. + for (FunctionMetadataNode* function : functionNode->functionStack()) + m_functions.add(function->ident().impl()); + + if (needsArguments) { + // Create the arguments object now. We may put the arguments object into the activation if + // it is captured. Either way, we create two arguments object variables: one is our + // private variable that is immutable, and another that is the user-visible variable. The + // immutable one is only used here, or during formal parameter resolutions if we opt for + // DirectArguments. + + m_argumentsRegister = addVar(); + m_argumentsRegister->ref(); + } + + if (needsArguments && !codeBlock->isStrictMode() && isSimpleParameterList) { + // If we captured any formal parameter by name, then we use ScopedArguments. Otherwise we + // use DirectArguments. With ScopedArguments, we lift all of our arguments into the + // activation. + + if (capturesAnyArgumentByName) { + functionSymbolTable->setArgumentsLength(vm, parameters.size()); + + // For each parameter, we have two possibilities: + // Either it's a binding node with no function overlap, in which case it gets a name + // in the symbol table - or it just gets space reserved in the symbol table. Either + // way we lift the value into the scope. + for (unsigned i = 0; i < parameters.size(); ++i) { + ScopeOffset offset = functionSymbolTable->takeNextScopeOffset(NoLockingNecessary); + functionSymbolTable->setArgumentOffset(vm, i, offset); + if (UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first)) { + VarOffset varOffset(offset); + SymbolTableEntry entry(varOffset); + // Stores to these variables via the ScopedArguments object will not do + // notifyWrite(), since that would be cumbersome. Also, watching formal + // parameters when "arguments" is in play is unlikely to be super profitable. + // So, we just disable it. + entry.disableWatching(*m_vm); + functionSymbolTable->set(NoLockingNecessary, name, entry); + } + emitOpcode(op_put_to_scope); + instructions().append(m_lexicalEnvironmentRegister->index()); + instructions().append(UINT_MAX); + instructions().append(virtualRegisterForArgument(1 + i).offset()); + instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, InitializationMode::NotInitialization).operand()); + instructions().append(symbolTableConstantIndex); + instructions().append(offset.offset()); + } + + // This creates a scoped arguments object and copies the overflow arguments into the + // scope. It's the equivalent of calling ScopedArguments::createByCopying(). + emitOpcode(op_create_scoped_arguments); + instructions().append(m_argumentsRegister->index()); + instructions().append(m_lexicalEnvironmentRegister->index()); + } else { + // We're going to put all parameters into the DirectArguments object. First ensure + // that the symbol table knows that this is happening. + for (unsigned i = 0; i < parameters.size(); ++i) { + if (UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first)) + functionSymbolTable->set(NoLockingNecessary, name, SymbolTableEntry(VarOffset(DirectArgumentsOffset(i)))); + } + + emitOpcode(op_create_direct_arguments); + instructions().append(m_argumentsRegister->index()); + } + } else if (isSimpleParameterList) { + // Create the formal parameters the normal way. Any of them could be captured, or not. If + // captured, lift them into the scope. We cannot do this if we have default parameter expressions + // because when default parameter expressions exist, they belong in their own lexical environment + // separate from the "var" lexical environment. + for (unsigned i = 0; i < parameters.size(); ++i) { + UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first); + if (!name) + continue; + + if (!captures(name)) { + // This is the easy case - just tell the symbol table about the argument. It will + // be accessed directly. + functionSymbolTable->set(NoLockingNecessary, name, SymbolTableEntry(VarOffset(virtualRegisterForArgument(1 + i)))); continue; } - slowArguments[i].status = SlowArgument::Captured; - slowArguments[i].index = capturedArguments[i]->index(); + + ScopeOffset offset = functionSymbolTable->takeNextScopeOffset(NoLockingNecessary); + const Identifier& ident = + static_cast<const BindingNode*>(parameters.at(i).first)->boundProperty(); + functionSymbolTable->set(NoLockingNecessary, name, SymbolTableEntry(VarOffset(offset))); + + emitOpcode(op_put_to_scope); + instructions().append(m_lexicalEnvironmentRegister->index()); + instructions().append(addConstant(ident)); + instructions().append(virtualRegisterForArgument(1 + i).offset()); + instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, InitializationMode::NotInitialization).operand()); + instructions().append(symbolTableConstantIndex); + instructions().append(offset.offset()); } - m_symbolTable->setSlowArguments(std::move(slowArguments)); } - - RegisterID* calleeRegister = resolveCallee(functionBody); // May push to the scope chain and/or add a captured var. - - const DeclarationStacks::FunctionStack& functionStack = functionBody->functionStack(); - const DeclarationStacks::VarStack& varStack = functionBody->varStack(); - - // Captured variables and functions go first so that activations don't have - // to step over the non-captured locals to mark them. - m_hasCreatedActivation = false; - if (functionBody->hasCapturedVariables()) { - for (size_t i = 0; i < functionStack.size(); ++i) { - FunctionBodyNode* function = functionStack[i]; - const Identifier& ident = function->ident(); - if (functionBody->captures(ident)) { - if (!m_hasCreatedActivation) { - m_hasCreatedActivation = true; - emitOpcode(op_create_activation); - instructions().append(m_activationRegister->index()); - } - m_functions.add(ident.impl()); - emitNewFunction(addVar(ident, IsVariable, IsWatchable), IsCaptured, function); + + if (needsArguments && (codeBlock->isStrictMode() || !isSimpleParameterList)) { + // Allocate a cloned arguments object. + emitOpcode(op_create_cloned_arguments); + instructions().append(m_argumentsRegister->index()); + } + + // There are some variables that need to be preinitialized to something other than Undefined: + // + // - "arguments": unless it's used as a function or parameter, this should refer to the + // arguments object. + // + // - functions: these always override everything else. + // + // The most logical way to do all of this is to initialize none of the variables until now, + // and then initialize them in BytecodeGenerator::generate() in such an order that the rules + // for how these things override each other end up holding. We would initialize "arguments" first, + // then all arguments, then the functions. + // + // But some arguments are already initialized by default, since if they aren't captured and we + // don't have "arguments" then we just point the symbol table at the stack slot of those + // arguments. We end up initializing the rest of the arguments that have an uncomplicated + // binding (i.e. don't involve destructuring) above when figuring out how to lay them out, + // because that's just the simplest thing. This means that when we initialize them, we have to + // watch out for the things that override arguments (namely, functions). + + // This is our final act of weirdness. "arguments" is overridden by everything except the + // callee. We add it to the symbol table if it's not already there and it's not an argument. + bool shouldCreateArgumentsVariableInParameterScope = false; + if (needsArguments) { + // If "arguments" is overridden by a function or destructuring parameter name, then it's + // OK for us to call createVariable() because it won't change anything. It's also OK for + // us to them tell BytecodeGenerator::generate() to write to it because it will do so + // before it initializes functions and destructuring parameters. But if "arguments" is + // overridden by a "simple" function parameter, then we have to bail: createVariable() + // would assert and BytecodeGenerator::generate() would write the "arguments" after the + // argument value had already been properly initialized. + + bool haveParameterNamedArguments = false; + for (unsigned i = 0; i < parameters.size(); ++i) { + UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first); + if (name == propertyNames().arguments.impl()) { + haveParameterNamedArguments = true; + break; } } - for (size_t i = 0; i < varStack.size(); ++i) { - const Identifier& ident = varStack[i].first; - if (functionBody->captures(ident)) - addVar(ident, (varStack[i].second & DeclarationStacks::IsConstant) ? IsConstant : IsVariable, IsWatchable); + + bool shouldCreateArgumensVariable = !haveParameterNamedArguments + && !SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(m_codeBlock->parseMode()); + shouldCreateArgumentsVariableInParameterScope = shouldCreateArgumensVariable && !isSimpleParameterList; + // Do not create arguments variable in case of Arrow function. Value will be loaded from parent scope + if (shouldCreateArgumensVariable && !shouldCreateArgumentsVariableInParameterScope) { + createVariable( + propertyNames().arguments, varKind(propertyNames().arguments.impl()), functionSymbolTable); + + m_needToInitializeArguments = true; } } - bool canLazilyCreateFunctions = !functionBody->needsActivationForMoreThanVariables() && !m_shouldEmitDebugHooks; - if (!canLazilyCreateFunctions && !m_hasCreatedActivation) { - m_hasCreatedActivation = true; - emitOpcode(op_create_activation); - instructions().append(m_activationRegister->index()); + + for (FunctionMetadataNode* function : functionNode->functionStack()) { + const Identifier& ident = function->ident(); + createVariable(ident, varKind(ident.impl()), functionSymbolTable); + m_functionsToInitialize.append(std::make_pair(function, NormalFunctionVariable)); + } + for (auto& entry : functionNode->varDeclarations()) { + ASSERT(!entry.value.isLet() && !entry.value.isConst()); + if (!entry.value.isVar()) // This is either a parameter or callee. + continue; + if (shouldCreateArgumentsVariableInParameterScope && entry.key.get() == propertyNames().arguments.impl()) + continue; + createVariable(Identifier::fromUid(m_vm, entry.key.get()), varKind(entry.key.get()), functionSymbolTable, IgnoreExisting); } - m_symbolTable->setCaptureEnd(virtualRegisterForLocal(codeBlock->m_numVars).offset()); - m_firstLazyFunction = codeBlock->m_numVars; - for (size_t i = 0; i < functionStack.size(); ++i) { - FunctionBodyNode* function = functionStack[i]; - const Identifier& ident = function->ident(); - if (!functionBody->captures(ident)) { - m_functions.add(ident.impl()); - RefPtr<RegisterID> reg = addVar(ident, IsVariable, NotWatchable); - // Don't lazily create functions that override the name 'arguments' - // as this would complicate lazy instantiation of actual arguments. - if (!canLazilyCreateFunctions || ident == propertyNames().arguments) - emitNewFunction(reg.get(), NotCaptured, function); + m_newTargetRegister = addVar(); + switch (parseMode) { + case SourceParseMode::GeneratorWrapperFunctionMode: { + m_generatorRegister = addVar(); + + // FIXME: Emit to_this only when Generator uses it. + // https://bugs.webkit.org/show_bug.cgi?id=151586 + m_codeBlock->addPropertyAccessInstruction(instructions().size()); + emitOpcode(op_to_this); + instructions().append(kill(&m_thisRegister)); + instructions().append(0); + instructions().append(0); + + emitMove(m_generatorRegister, &m_calleeRegister); + emitCreateThis(m_generatorRegister); + break; + } + + case SourceParseMode::AsyncArrowFunctionMode: + case SourceParseMode::AsyncMethodMode: + case SourceParseMode::AsyncFunctionMode: { + ASSERT(!isConstructor()); + ASSERT(constructorKind() == ConstructorKind::None); + m_generatorRegister = addVar(); + m_promiseCapabilityRegister = addVar(); + + if (parseMode != SourceParseMode::AsyncArrowFunctionMode) { + // FIXME: Emit to_this only when AsyncFunctionBody uses it. + // https://bugs.webkit.org/show_bug.cgi?id=151586 + m_codeBlock->addPropertyAccessInstruction(instructions().size()); + emitOpcode(op_to_this); + instructions().append(kill(&m_thisRegister)); + instructions().append(0); + instructions().append(0); + } + + emitNewObject(m_generatorRegister); + + // let promiseCapability be @newPromiseCapability(@Promise) + auto varNewPromiseCapability = variable(propertyNames().builtinNames().newPromiseCapabilityPrivateName()); + RefPtr<RegisterID> scope = newTemporary(); + moveToDestinationIfNeeded(scope.get(), emitResolveScope(scope.get(), varNewPromiseCapability)); + RefPtr<RegisterID> newPromiseCapability = emitGetFromScope(newTemporary(), scope.get(), varNewPromiseCapability, ThrowIfNotFound); + + CallArguments args(*this, nullptr, 1); + emitLoad(args.thisRegister(), jsUndefined()); + + auto varPromiseConstructor = variable(propertyNames().builtinNames().PromisePrivateName()); + moveToDestinationIfNeeded(scope.get(), emitResolveScope(scope.get(), varPromiseConstructor)); + emitGetFromScope(args.argumentRegister(0), scope.get(), varPromiseConstructor, ThrowIfNotFound); + + // JSTextPosition(int _line, int _offset, int _lineStartOffset) + JSTextPosition divot(m_scopeNode->firstLine(), m_scopeNode->startOffset(), m_scopeNode->lineStartOffset()); + emitCall(promiseCapabilityRegister(), newPromiseCapability.get(), NoExpectedFunction, args, divot, divot, divot, DebuggableCall::No); + break; + } + + case SourceParseMode::AsyncFunctionBodyMode: + case SourceParseMode::AsyncArrowFunctionBodyMode: + case SourceParseMode::GeneratorBodyMode: { + // |this| is already filled correctly before here. + emitLoad(m_newTargetRegister, jsUndefined()); + break; + } + + default: { + if (SourceParseMode::ArrowFunctionMode != parseMode) { + if (isConstructor()) { + emitMove(m_newTargetRegister, &m_thisRegister); + if (constructorKind() == ConstructorKind::Extends) { + Ref<Label> isDerived = newLabel(); + Ref<Label> done = newLabel(); + m_isDerivedConstuctor = addVar(); + emitGetById(m_isDerivedConstuctor, &m_calleeRegister, propertyNames().builtinNames().isDerivedConstructorPrivateName()); + emitJumpIfTrue(m_isDerivedConstuctor, isDerived.get()); + emitCreateThis(&m_thisRegister); + emitJump(done.get()); + emitLabel(isDerived.get()); + emitMoveEmptyValue(&m_thisRegister); + emitLabel(done.get()); + } else + emitCreateThis(&m_thisRegister); + } else if (constructorKind() != ConstructorKind::None) + emitThrowTypeError("Cannot call a class constructor without |new|"); else { - emitInitLazyRegister(reg.get()); - m_lazyFunctions.set(reg->virtualRegister().toLocal(), function); + bool shouldEmitToThis = false; + if (functionNode->usesThis() || codeBlock->usesEval() || m_scopeNode->doAnyInnerArrowFunctionsUseThis() || m_scopeNode->doAnyInnerArrowFunctionsUseEval()) + shouldEmitToThis = true; + else if ((functionNode->usesSuperProperty() || m_scopeNode->doAnyInnerArrowFunctionsUseSuperProperty()) && !codeBlock->isStrictMode()) { + // We must emit to_this when we're not in strict mode because we + // will convert |this| to an object, and that object may be passed + // to a strict function as |this|. This is observable because that + // strict function's to_this will just return the object. + // + // We don't need to emit this for strict-mode code because + // strict-mode code may call another strict function, which will + // to_this if it directly uses this; this is OK, because we defer + // to_this until |this| is used directly. Strict-mode code might + // also call a sloppy mode function, and that will to_this, which + // will defer the conversion, again, until necessary. + shouldEmitToThis = true; + } + + if (shouldEmitToThis) { + m_codeBlock->addPropertyAccessInstruction(instructions().size()); + emitOpcode(op_to_this); + instructions().append(kill(&m_thisRegister)); + instructions().append(0); + instructions().append(0); + } } } + break; } - m_lastLazyFunction = canLazilyCreateFunctions ? codeBlock->m_numVars : m_firstLazyFunction; - for (size_t i = 0; i < varStack.size(); ++i) { - const Identifier& ident = varStack[i].first; - if (!functionBody->captures(ident)) - addVar(ident, (varStack[i].second & DeclarationStacks::IsConstant) ? IsConstant : IsVariable, NotWatchable); } - if (shouldCaptureAllTheThings) - m_symbolTable->setCaptureEnd(virtualRegisterForLocal(codeBlock->m_numVars).offset()); + // We need load |super| & |this| for arrow function before initializeDefaultParameterValuesAndSetupFunctionScopeStack + // if we have default parameter expression. Because |super| & |this| values can be used there + if ((SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(parseMode) && !isSimpleParameterList) || parseMode == SourceParseMode::AsyncArrowFunctionBodyMode) { + if (functionNode->usesThis() || functionNode->usesSuperProperty()) + emitLoadThisFromArrowFunctionLexicalEnvironment(); - if (m_symbolTable->captureCount()) - emitOpcode(op_touch_entry); - - m_parameters.grow(parameters.size() + 1); // reserve space for "this" + if (m_scopeNode->usesNewTarget() || m_scopeNode->usesSuperCall()) + emitLoadNewTargetFromArrowFunctionLexicalEnvironment(); + } - // Add "this" as a parameter - int nextParameterIndex = CallFrame::thisArgumentOffset(); - m_thisRegister.setIndex(nextParameterIndex++); - m_codeBlock->addParameter(); - Vector<std::pair<RegisterID*, const DeconstructionPatternNode*>> deconstructedParameters; - for (size_t i = 0; i < parameters.size(); ++i, ++nextParameterIndex) { - int index = nextParameterIndex; - auto pattern = parameters.at(i); - if (!pattern->isBindingNode()) { - m_codeBlock->addParameter(); - RegisterID& parameter = registerFor(index); - parameter.setIndex(index); - deconstructedParameters.append(std::make_pair(¶meter, pattern)); - continue; - } - auto simpleParameter = static_cast<const BindingNode*>(pattern); - if (capturedArguments.size() && capturedArguments[i]) { - ASSERT((functionBody->hasCapturedVariables() && functionBody->captures(simpleParameter->boundProperty())) || shouldCaptureAllTheThings); - index = capturedArguments[i]->index(); - RegisterID original(nextParameterIndex); - emitMove(capturedArguments[i], &original); - } - addParameter(simpleParameter->boundProperty(), index); + if (needsToUpdateArrowFunctionContext() && !codeBlock->isArrowFunction()) { + bool canReuseLexicalEnvironment = isSimpleParameterList; + initializeArrowFunctionContextScopeIfNeeded(functionSymbolTable, canReuseLexicalEnvironment); + emitPutThisToArrowFunctionContextScope(); + emitPutNewTargetToArrowFunctionContextScope(); + emitPutDerivedConstructorToArrowFunctionContextScope(); } - preserveLastVar(); - // We declare the callee's name last because it should lose to a var, function, and/or parameter declaration. - addCallee(functionBody, calleeRegister); + // All "addVar()"s needs to happen before "initializeDefaultParameterValuesAndSetupFunctionScopeStack()" is called + // because a function's default parameter ExpressionNodes will use temporary registers. + pushTDZVariables(*parentScopeTDZVariables, TDZCheckOptimization::DoNotOptimize, TDZRequirement::UnderTDZ); - if (isConstructor()) { - emitCreateThis(&m_thisRegister); - } else if (functionBody->usesThis() || codeBlock->usesEval() || m_shouldEmitDebugHooks) { - m_codeBlock->addPropertyAccessInstruction(instructions().size()); - emitOpcode(op_to_this); - instructions().append(kill(&m_thisRegister)); - instructions().append(0); + Ref<Label> catchLabel = newLabel(); + TryData* tryFormalParametersData = nullptr; + bool needTryCatch = isAsyncFunctionWrapperParseMode(parseMode) && !isSimpleParameterList; + if (needTryCatch) { + Ref<Label> tryFormalParametersStart = newEmittedLabel(); + tryFormalParametersData = pushTry(tryFormalParametersStart.get(), catchLabel.get(), HandlerType::SynthesizedCatch); + } + + initializeDefaultParameterValuesAndSetupFunctionScopeStack(parameters, isSimpleParameterList, functionNode, functionSymbolTable, symbolTableConstantIndex, captures, shouldCreateArgumentsVariableInParameterScope); + + if (needTryCatch) { + Ref<Label> didNotThrow = newLabel(); + emitJump(didNotThrow.get()); + emitLabel(catchLabel.get()); + popTry(tryFormalParametersData, catchLabel.get()); + + RefPtr<RegisterID> thrownValue = newTemporary(); + RegisterID* unused = newTemporary(); + emitCatch(unused, thrownValue.get()); + + // return promiseCapability.@reject(thrownValue) + RefPtr<RegisterID> reject = emitGetById(newTemporary(), promiseCapabilityRegister(), m_vm->propertyNames->builtinNames().rejectPrivateName()); + + CallArguments args(*this, nullptr, 1); + emitLoad(args.thisRegister(), jsUndefined()); + emitMove(args.argumentRegister(0), thrownValue.get()); + + JSTextPosition divot(functionNode->firstLine(), functionNode->startOffset(), functionNode->lineStartOffset()); + + RefPtr<RegisterID> result = emitCall(newTemporary(), reject.get(), NoExpectedFunction, args, divot, divot, divot, DebuggableCall::No); + emitReturn(emitGetById(newTemporary(), promiseCapabilityRegister(), m_vm->propertyNames->builtinNames().promisePrivateName())); + + emitLabel(didNotThrow.get()); } - for (size_t i = 0; i < deconstructedParameters.size(); i++) { - auto& entry = deconstructedParameters[i]; - entry.second->bindValue(*this, entry.first); + + // If we don't have default parameter expression, then loading |this| inside an arrow function must be done + // after initializeDefaultParameterValuesAndSetupFunctionScopeStack() because that function sets up the + // SymbolTable stack and emitLoadThisFromArrowFunctionLexicalEnvironment() consults the SymbolTable stack + if (SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(parseMode) && isSimpleParameterList) { + if (functionNode->usesThis() || functionNode->usesSuperProperty()) + emitLoadThisFromArrowFunctionLexicalEnvironment(); + + if (m_scopeNode->usesNewTarget() || m_scopeNode->usesSuperCall()) + emitLoadNewTargetFromArrowFunctionLexicalEnvironment(); + } + + // Set up the lexical environment scope as the generator frame. We store the saved and resumed generator registers into this scope with the symbol keys. + // Since they are symbol keyed, these variables cannot be reached from the usual code. + if (isGeneratorOrAsyncFunctionBodyParseMode(parseMode)) { + ASSERT(m_lexicalEnvironmentRegister); + m_generatorFrameSymbolTable.set(*m_vm, functionSymbolTable); + m_generatorFrameSymbolTableIndex = symbolTableConstantIndex; + emitMove(generatorFrameRegister(), m_lexicalEnvironmentRegister); + emitPutById(generatorRegister(), propertyNames().builtinNames().generatorFramePrivateName(), generatorFrameRegister()); } + + bool shouldInitializeBlockScopedFunctions = false; // We generate top-level function declarations in ::generate(). + pushLexicalScope(m_scopeNode, TDZCheckOptimization::Optimize, NestedScopeType::IsNotNested, nullptr, shouldInitializeBlockScopedFunctions); } -BytecodeGenerator::BytecodeGenerator(VM& vm, EvalNode* evalNode, UnlinkedEvalCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode) - : m_shouldEmitDebugHooks(debuggerMode == DebuggerOn) - , m_shouldEmitProfileHooks(profilerMode == ProfilerOn) - , m_symbolTable(codeBlock->symbolTable()) +BytecodeGenerator::BytecodeGenerator(VM& vm, EvalNode* evalNode, UnlinkedEvalCodeBlock* codeBlock, DebuggerMode debuggerMode, const VariableEnvironment* parentScopeTDZVariables) + : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn) , m_scopeNode(evalNode) , m_codeBlock(vm, codeBlock) , m_thisRegister(CallFrame::thisArgumentOffset()) - , m_emptyValueRegister(0) - , m_globalObjectRegister(0) - , m_finallyDepth(0) - , m_localScopeDepth(0) , m_codeType(EvalCode) - , m_nextConstantOffset(0) - , m_globalConstantIndex(0) - , m_hasCreatedActivation(true) - , m_firstLazyFunction(0) - , m_lastLazyFunction(0) - , m_staticPropertyAnalyzer(&m_instructions) , m_vm(&vm) - , m_lastOpcodeID(op_end) -#ifndef NDEBUG - , m_lastOpcodePosition(0) -#endif - , m_usesExceptions(false) - , m_expressionTooDeep(false) + , m_usesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode()) + , m_needsToUpdateArrowFunctionContext(evalNode->usesArrowFunction() || evalNode->usesEval()) + , m_derivedContextType(codeBlock->derivedContextType()) { - m_codeBlock->setNeedsFullScopeChain(true); + for (auto& constantRegister : m_linkTimeConstantRegisters) + constantRegister = nullptr; + + allocateCalleeSaveSpace(); - m_symbolTable->setUsesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode()); m_codeBlock->setNumParameters(1); - emitOpcode(op_enter); + pushTDZVariables(*parentScopeTDZVariables, TDZCheckOptimization::DoNotOptimize, TDZRequirement::UnderTDZ); + emitEnter(); + + allocateAndEmitScope(); + + emitWatchdog(); + const DeclarationStacks::FunctionStack& functionStack = evalNode->functionStack(); for (size_t i = 0; i < functionStack.size(); ++i) m_codeBlock->addFunctionDecl(makeFunction(functionStack[i])); - const DeclarationStacks::VarStack& varStack = evalNode->varStack(); - unsigned numVariables = varStack.size(); + const VariableEnvironment& varDeclarations = evalNode->varDeclarations(); + unsigned numVariables = varDeclarations.size(); Vector<Identifier, 0, UnsafeVectorOverflow> variables; variables.reserveCapacity(numVariables); - for (size_t i = 0; i < numVariables; ++i) { - ASSERT(varStack[i].first.impl()->isIdentifier()); - variables.append(varStack[i].first); + for (auto& entry : varDeclarations) { + ASSERT(entry.value.isVar()); + ASSERT(entry.key->isAtomic() || entry.key->isSymbol()); + variables.append(Identifier::fromUid(m_vm, entry.key.get())); } codeBlock->adoptVariables(variables); - preserveLastVar(); + + if (evalNode->usesSuperCall() || evalNode->usesNewTarget()) + m_newTargetRegister = addVar(); + + if (codeBlock->isArrowFunctionContext() && (evalNode->usesThis() || evalNode->usesSuperProperty())) + emitLoadThisFromArrowFunctionLexicalEnvironment(); + + if (evalNode->usesSuperCall() || evalNode->usesNewTarget()) + emitLoadNewTargetFromArrowFunctionLexicalEnvironment(); + + if (needsToUpdateArrowFunctionContext() && !codeBlock->isArrowFunctionContext() && !isDerivedConstructorContext()) { + initializeArrowFunctionContextScopeIfNeeded(); + emitPutThisToArrowFunctionContextScope(); + } + + bool shouldInitializeBlockScopedFunctions = false; // We generate top-level function declarations in ::generate(). + pushLexicalScope(m_scopeNode, TDZCheckOptimization::Optimize, NestedScopeType::IsNotNested, nullptr, shouldInitializeBlockScopedFunctions); } -BytecodeGenerator::~BytecodeGenerator() +BytecodeGenerator::BytecodeGenerator(VM& vm, ModuleProgramNode* moduleProgramNode, UnlinkedModuleProgramCodeBlock* codeBlock, DebuggerMode debuggerMode, const VariableEnvironment* parentScopeTDZVariables) + : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn) + , m_scopeNode(moduleProgramNode) + , m_codeBlock(vm, codeBlock) + , m_thisRegister(CallFrame::thisArgumentOffset()) + , m_codeType(ModuleCode) + , m_vm(&vm) + , m_usesNonStrictEval(false) + , m_needsToUpdateArrowFunctionContext(moduleProgramNode->usesArrowFunction() || moduleProgramNode->usesEval()) { + ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size()); + + for (auto& constantRegister : m_linkTimeConstantRegisters) + constantRegister = nullptr; + + if (m_isBuiltinFunction) + m_shouldEmitDebugHooks = false; + + allocateCalleeSaveSpace(); + + SymbolTable* moduleEnvironmentSymbolTable = SymbolTable::create(*m_vm); + moduleEnvironmentSymbolTable->setUsesNonStrictEval(m_usesNonStrictEval); + moduleEnvironmentSymbolTable->setScopeType(SymbolTable::ScopeType::LexicalScope); + + bool shouldCaptureAllOfTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval(); + if (shouldCaptureAllOfTheThings) + moduleProgramNode->varDeclarations().markAllVariablesAsCaptured(); + + auto captures = [&] (UniquedStringImpl* uid) -> bool { + return moduleProgramNode->captures(uid); + }; + auto lookUpVarKind = [&] (UniquedStringImpl* uid, const VariableEnvironmentEntry& entry) -> VarKind { + // Allocate the exported variables in the module environment. + if (entry.isExported()) + return VarKind::Scope; + + // Allocate the namespace variables in the module environment to instantiate + // it from the outside of the module code. + if (entry.isImportedNamespace()) + return VarKind::Scope; + + if (entry.isCaptured()) + return VarKind::Scope; + return captures(uid) ? VarKind::Scope : VarKind::Stack; + }; + + emitEnter(); + + allocateAndEmitScope(); + + emitWatchdog(); + + m_calleeRegister.setIndex(CallFrameSlot::callee); + + m_codeBlock->setNumParameters(1); // Allocate space for "this" + + // Now declare all variables. + + for (auto& entry : moduleProgramNode->varDeclarations()) { + ASSERT(!entry.value.isLet() && !entry.value.isConst()); + if (!entry.value.isVar()) // This is either a parameter or callee. + continue; + // Imported bindings are not allocated in the module environment as usual variables' way. + // These references remain the "Dynamic" in the unlinked code block. Later, when linking + // the code block, we resolve the reference to the "ModuleVar". + if (entry.value.isImported() && !entry.value.isImportedNamespace()) + continue; + createVariable(Identifier::fromUid(m_vm, entry.key.get()), lookUpVarKind(entry.key.get(), entry.value), moduleEnvironmentSymbolTable, IgnoreExisting); + } + + VariableEnvironment& lexicalVariables = moduleProgramNode->lexicalVariables(); + instantiateLexicalVariables(lexicalVariables, moduleEnvironmentSymbolTable, ScopeRegisterType::Block, lookUpVarKind); + + // We keep the symbol table in the constant pool. + RegisterID* constantSymbolTable = nullptr; + if (vm.typeProfiler()) + constantSymbolTable = addConstantValue(moduleEnvironmentSymbolTable); + else + constantSymbolTable = addConstantValue(moduleEnvironmentSymbolTable->cloneScopePart(*m_vm)); + + pushTDZVariables(lexicalVariables, TDZCheckOptimization::Optimize, TDZRequirement::UnderTDZ); + bool isWithScope = false; + m_lexicalScopeStack.append({ moduleEnvironmentSymbolTable, m_topMostScope, isWithScope, constantSymbolTable->index() }); + emitPrefillStackTDZVariables(lexicalVariables, moduleEnvironmentSymbolTable); + + // makeFunction assumes that there's correct TDZ stack entries. + // So it should be called after putting our lexical environment to the TDZ stack correctly. + + for (FunctionMetadataNode* function : moduleProgramNode->functionStack()) { + const auto& iterator = moduleProgramNode->varDeclarations().find(function->ident().impl()); + RELEASE_ASSERT(iterator != moduleProgramNode->varDeclarations().end()); + RELEASE_ASSERT(!iterator->value.isImported()); + + VarKind varKind = lookUpVarKind(iterator->key.get(), iterator->value); + if (varKind == VarKind::Scope) { + // http://www.ecma-international.org/ecma-262/6.0/#sec-moduledeclarationinstantiation + // Section 15.2.1.16.4, step 16-a-iv-1. + // All heap allocated function declarations should be instantiated when the module environment + // is created. They include the exported function declarations and not-exported-but-heap-allocated + // function declarations. This is required because exported function should be instantiated before + // executing the any module in the dependency graph. This enables the modules to link the imported + // bindings before executing the any module code. + // + // And since function declarations are instantiated before executing the module body code, the spec + // allows the functions inside the module to be executed before its module body is executed under + // the circular dependencies. The following is the example. + // + // Module A (executed first): + // import { b } from "B"; + // // Here, the module "B" is not executed yet, but the function declaration is already instantiated. + // // So we can call the function exported from "B". + // b(); + // + // export function a() { + // } + // + // Module B (executed second): + // import { a } from "A"; + // + // export function b() { + // c(); + // } + // + // // c is not exported, but since it is referenced from the b, we should instantiate it before + // // executing the "B" module code. + // function c() { + // a(); + // } + // + // Module EntryPoint (executed last): + // import "B"; + // import "A"; + // + m_codeBlock->addFunctionDecl(makeFunction(function)); + } else { + // Stack allocated functions can be allocated when executing the module's body. + m_functionsToInitialize.append(std::make_pair(function, NormalFunctionVariable)); + } + } + + // Remember the constant register offset to the top-most symbol table. This symbol table will be + // cloned in the code block linking. After that, to create the module environment, we retrieve + // the cloned symbol table from the linked code block by using this offset. + codeBlock->setModuleEnvironmentSymbolTableConstantRegisterOffset(constantSymbolTable->index()); } -RegisterID* BytecodeGenerator::emitInitLazyRegister(RegisterID* reg) +BytecodeGenerator::~BytecodeGenerator() { - emitOpcode(op_init_lazy_reg); - instructions().append(reg->index()); - ASSERT(!hasWatchableVariable(reg->index())); - return reg; } -RegisterID* BytecodeGenerator::resolveCallee(FunctionBodyNode* functionBodyNode) +void BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack( + FunctionParameters& parameters, bool isSimpleParameterList, FunctionNode* functionNode, SymbolTable* functionSymbolTable, + int symbolTableConstantIndex, const std::function<bool (UniquedStringImpl*)>& captures, bool shouldCreateArgumentsVariableInParameterScope) { - if (functionBodyNode->ident().isNull() || !functionBodyNode->functionNameIsInScope()) - return 0; + Vector<std::pair<Identifier, RefPtr<RegisterID>>> valuesToMoveIntoVars; + ASSERT(!(isSimpleParameterList && shouldCreateArgumentsVariableInParameterScope)); + if (!isSimpleParameterList) { + // Refer to the ES6 spec section 9.2.12: http://www.ecma-international.org/ecma-262/6.0/index.html#sec-functiondeclarationinstantiation + // This implements step 21. + VariableEnvironment environment; + Vector<Identifier> allParameterNames; + for (unsigned i = 0; i < parameters.size(); i++) + parameters.at(i).first->collectBoundIdentifiers(allParameterNames); + if (shouldCreateArgumentsVariableInParameterScope) + allParameterNames.append(propertyNames().arguments); + IdentifierSet parameterSet; + for (auto& ident : allParameterNames) { + parameterSet.add(ident.impl()); + auto addResult = environment.add(ident); + addResult.iterator->value.setIsLet(); // When we have default parameter expressions, parameters act like "let" variables. + if (captures(ident.impl())) + addResult.iterator->value.setIsCaptured(); + } + // This implements step 25 of section 9.2.12. + pushLexicalScopeInternal(environment, TDZCheckOptimization::Optimize, NestedScopeType::IsNotNested, nullptr, TDZRequirement::UnderTDZ, ScopeType::LetConstScope, ScopeRegisterType::Block); - m_calleeRegister.setIndex(JSStack::Callee); + if (shouldCreateArgumentsVariableInParameterScope) { + Variable argumentsVariable = variable(propertyNames().arguments); + initializeVariable(argumentsVariable, m_argumentsRegister); + liftTDZCheckIfPossible(argumentsVariable); + } - // If non-strict eval is in play, we use a separate object in the scope chain for the callee's name. - if ((m_codeBlock->usesEval() && !m_codeBlock->isStrictMode()) || m_shouldEmitDebugHooks) - emitPushNameScope(functionBodyNode->ident(), &m_calleeRegister, ReadOnly | DontDelete); + RefPtr<RegisterID> temp = newTemporary(); + for (unsigned i = 0; i < parameters.size(); i++) { + std::pair<DestructuringPatternNode*, ExpressionNode*> parameter = parameters.at(i); + if (parameter.first->isRestParameter()) + continue; + if ((i + 1) < m_parameters.size()) + emitMove(temp.get(), &m_parameters[i + 1]); + else + emitGetArgument(temp.get(), i); + if (parameter.second) { + RefPtr<RegisterID> condition = emitIsUndefined(newTemporary(), temp.get()); + Ref<Label> skipDefaultParameterBecauseNotUndefined = newLabel(); + emitJumpIfFalse(condition.get(), skipDefaultParameterBecauseNotUndefined.get()); + emitNode(temp.get(), parameter.second); + emitLabel(skipDefaultParameterBecauseNotUndefined.get()); + } - if (!functionBodyNode->captures(functionBodyNode->ident())) - return &m_calleeRegister; + parameter.first->bindValue(*this, temp.get()); + } - // Move the callee into the captured section of the stack. - return emitMove(addVar(), IsCaptured, &m_calleeRegister); -} + // Final act of weirdness for default parameters. If a "var" also + // has the same name as a parameter, it should start out as the + // value of that parameter. Note, though, that they will be distinct + // bindings. + // This is step 28 of section 9.2.12. + for (auto& entry : functionNode->varDeclarations()) { + if (!entry.value.isVar()) // This is either a parameter or callee. + continue; -void BytecodeGenerator::addCallee(FunctionBodyNode* functionBodyNode, RegisterID* calleeRegister) -{ - if (functionBodyNode->ident().isNull() || !functionBodyNode->functionNameIsInScope()) - return; + if (parameterSet.contains(entry.key)) { + Identifier ident = Identifier::fromUid(m_vm, entry.key.get()); + Variable var = variable(ident); + RegisterID* scope = emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = emitGetFromScope(newTemporary(), scope, var, DoNotThrowIfNotFound); + valuesToMoveIntoVars.append(std::make_pair(ident, value)); + } + } - // If non-strict eval is in play, we use a separate object in the scope chain for the callee's name. - if ((m_codeBlock->usesEval() && !m_codeBlock->isStrictMode()) || m_shouldEmitDebugHooks) - return; + // Functions with default parameter expressions must have a separate environment + // record for parameters and "var"s. The "var" environment record must have the + // parameter environment record as its parent. + // See step 28 of section 9.2.12. + bool hasCapturedVariables = !!m_lexicalEnvironmentRegister; + initializeVarLexicalEnvironment(symbolTableConstantIndex, functionSymbolTable, hasCapturedVariables); + } - ASSERT(calleeRegister); - symbolTable().add(functionBodyNode->ident().impl(), SymbolTableEntry(calleeRegister->index(), ReadOnly)); + // This completes step 28 of section 9.2.12. + for (unsigned i = 0; i < valuesToMoveIntoVars.size(); i++) { + ASSERT(!isSimpleParameterList); + Variable var = variable(valuesToMoveIntoVars[i].first); + RegisterID* scope = emitResolveScope(nullptr, var); + emitPutToScope(scope, var, valuesToMoveIntoVars[i].second.get(), DoNotThrowIfNotFound, InitializationMode::NotInitialization); + } } -void BytecodeGenerator::addParameter(const Identifier& ident, int parameterIndex) +bool BytecodeGenerator::needsDerivedConstructorInArrowFunctionLexicalEnvironment() { - // Parameters overwrite var declarations, but not function declarations. - StringImpl* rep = ident.impl(); - if (!m_functions.contains(rep)) { - symbolTable().set(rep, parameterIndex); - RegisterID& parameter = registerFor(parameterIndex); - parameter.setIndex(parameterIndex); + if ((isConstructor() && constructorKind() == ConstructorKind::Extends) || m_codeBlock->isClassContext()) { + if (isSuperUsedInInnerArrowFunction()) + return true; } - - // To maintain the calling convention, we have to allocate unique space for - // each parameter, even if the parameter doesn't make it into the symbol table. - m_codeBlock->addParameter(); + return false; } -bool BytecodeGenerator::willResolveToArguments(const Identifier& ident) +void BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded(SymbolTable* functionSymbolTable, bool canReuseLexicalEnvironment) { - if (ident != propertyNames().arguments) - return false; - - if (!shouldOptimizeLocals()) - return false; - - SymbolTableEntry entry = symbolTable().get(ident.impl()); - if (entry.isNull()) - return false; + ASSERT(!m_arrowFunctionContextLexicalEnvironmentRegister); - if (m_codeBlock->usesArguments() && m_codeType == FunctionCode) - return true; + if (canReuseLexicalEnvironment && m_lexicalEnvironmentRegister) { + RELEASE_ASSERT(!m_codeBlock->isArrowFunction()); + RELEASE_ASSERT(functionSymbolTable); + + m_arrowFunctionContextLexicalEnvironmentRegister = m_lexicalEnvironmentRegister; + + ScopeOffset offset; + + if (isThisUsedInInnerArrowFunction()) { + offset = functionSymbolTable->takeNextScopeOffset(NoLockingNecessary); + functionSymbolTable->set(NoLockingNecessary, propertyNames().thisIdentifier.impl(), SymbolTableEntry(VarOffset(offset))); + } + + if (m_codeType == FunctionCode && isNewTargetUsedInInnerArrowFunction()) { + offset = functionSymbolTable->takeNextScopeOffset(); + functionSymbolTable->set(NoLockingNecessary, propertyNames().builtinNames().newTargetLocalPrivateName().impl(), SymbolTableEntry(VarOffset(offset))); + } + + if (needsDerivedConstructorInArrowFunctionLexicalEnvironment()) { + offset = functionSymbolTable->takeNextScopeOffset(NoLockingNecessary); + functionSymbolTable->set(NoLockingNecessary, propertyNames().builtinNames().derivedConstructorPrivateName().impl(), SymbolTableEntry(VarOffset(offset))); + } + + return; + } + + VariableEnvironment environment; + + if (isThisUsedInInnerArrowFunction()) { + auto addResult = environment.add(propertyNames().thisIdentifier); + addResult.iterator->value.setIsCaptured(); + addResult.iterator->value.setIsLet(); + } - return false; + if (m_codeType == FunctionCode && isNewTargetUsedInInnerArrowFunction()) { + auto addTarget = environment.add(propertyNames().builtinNames().newTargetLocalPrivateName()); + addTarget.iterator->value.setIsCaptured(); + addTarget.iterator->value.setIsLet(); + } + + if (needsDerivedConstructorInArrowFunctionLexicalEnvironment()) { + auto derivedConstructor = environment.add(propertyNames().builtinNames().derivedConstructorPrivateName()); + derivedConstructor.iterator->value.setIsCaptured(); + derivedConstructor.iterator->value.setIsLet(); + } + + if (environment.size() > 0) { + size_t size = m_lexicalScopeStack.size(); + pushLexicalScopeInternal(environment, TDZCheckOptimization::Optimize, NestedScopeType::IsNotNested, nullptr, TDZRequirement::UnderTDZ, ScopeType::LetConstScope, ScopeRegisterType::Block); + + ASSERT_UNUSED(size, m_lexicalScopeStack.size() == size + 1); + + m_arrowFunctionContextLexicalEnvironmentRegister = m_lexicalScopeStack.last().m_scope; + } } -RegisterID* BytecodeGenerator::uncheckedRegisterForArguments() +RegisterID* BytecodeGenerator::initializeNextParameter() { - ASSERT(willResolveToArguments(propertyNames().arguments)); - - SymbolTableEntry entry = symbolTable().get(propertyNames().arguments.impl()); - ASSERT(!entry.isNull()); - return ®isterFor(entry.getIndex()); + VirtualRegister reg = virtualRegisterForArgument(m_codeBlock->numParameters()); + m_parameters.grow(m_parameters.size() + 1); + auto& parameter = registerFor(reg); + parameter.setIndex(reg.offset()); + m_codeBlock->addParameter(); + return ¶meter; } -RegisterID* BytecodeGenerator::createLazyRegisterIfNecessary(RegisterID* reg) +void BytecodeGenerator::initializeParameters(FunctionParameters& parameters) { - if (!reg->virtualRegister().isLocal()) - return reg; + // Make sure the code block knows about all of our parameters, and make sure that parameters + // needing destructuring are noted. + m_thisRegister.setIndex(initializeNextParameter()->index()); // this + + bool nonSimpleArguments = false; + for (unsigned i = 0; i < parameters.size(); ++i) { + auto parameter = parameters.at(i); + auto pattern = parameter.first; + if (pattern->isRestParameter()) { + RELEASE_ASSERT(!m_restParameter); + m_restParameter = static_cast<RestParameterNode*>(pattern); + nonSimpleArguments = true; + continue; + } + if (parameter.second) { + nonSimpleArguments = true; + continue; + } + if (!nonSimpleArguments) + initializeNextParameter(); + } +} - int localVariableNumber = reg->virtualRegister().toLocal(); +void BytecodeGenerator::initializeVarLexicalEnvironment(int symbolTableConstantIndex, SymbolTable* functionSymbolTable, bool hasCapturedVariables) +{ + if (hasCapturedVariables) { + RELEASE_ASSERT(m_lexicalEnvironmentRegister); + emitOpcode(op_create_lexical_environment); + instructions().append(m_lexicalEnvironmentRegister->index()); + instructions().append(scopeRegister()->index()); + instructions().append(symbolTableConstantIndex); + instructions().append(addConstantValue(jsUndefined())->index()); + + emitOpcode(op_mov); + instructions().append(scopeRegister()->index()); + instructions().append(m_lexicalEnvironmentRegister->index()); + + pushLocalControlFlowScope(); + } + bool isWithScope = false; + m_lexicalScopeStack.append({ functionSymbolTable, m_lexicalEnvironmentRegister, isWithScope, symbolTableConstantIndex }); + m_varScopeLexicalScopeStackIndex = m_lexicalScopeStack.size() - 1; +} - if (m_lastLazyFunction <= localVariableNumber || localVariableNumber < m_firstLazyFunction) - return reg; - emitLazyNewFunction(reg, m_lazyFunctions.get(localVariableNumber)); - return reg; +UniquedStringImpl* BytecodeGenerator::visibleNameForParameter(DestructuringPatternNode* pattern) +{ + if (pattern->isBindingNode()) { + const Identifier& ident = static_cast<const BindingNode*>(pattern)->boundProperty(); + if (!m_functions.contains(ident.impl())) + return ident.impl(); + } + return nullptr; } RegisterID* BytecodeGenerator::newRegister() { - m_calleeRegisters.append(virtualRegisterForLocal(m_calleeRegisters.size())); - int numCalleeRegisters = max<int>(m_codeBlock->m_numCalleeRegisters, m_calleeRegisters.size()); - numCalleeRegisters = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), numCalleeRegisters); - m_codeBlock->m_numCalleeRegisters = numCalleeRegisters; - return &m_calleeRegisters.last(); + m_calleeLocals.append(virtualRegisterForLocal(m_calleeLocals.size())); + int numCalleeLocals = max<int>(m_codeBlock->m_numCalleeLocals, m_calleeLocals.size()); + numCalleeLocals = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), numCalleeLocals); + m_codeBlock->m_numCalleeLocals = numCalleeLocals; + return &m_calleeLocals.last(); +} + +void BytecodeGenerator::reclaimFreeRegisters() +{ + while (m_calleeLocals.size() && !m_calleeLocals.last().refCount()) + m_calleeLocals.removeLast(); +} + +RegisterID* BytecodeGenerator::newBlockScopeVariable() +{ + reclaimFreeRegisters(); + + return newRegister(); } RegisterID* BytecodeGenerator::newTemporary() { - // Reclaim free register IDs. - while (m_calleeRegisters.size() && !m_calleeRegisters.last().refCount()) - m_calleeRegisters.removeLast(); - + reclaimFreeRegisters(); + RegisterID* result = newRegister(); result->setTemporary(); return result; @@ -587,33 +1199,40 @@ LabelScopePtr BytecodeGenerator::newLabelScope(LabelScope::Type type, const Iden m_labelScopes.removeLast(); // Allocate new label scope. - LabelScope scope(type, name, scopeDepth(), newLabel(), type == LabelScope::Loop ? newLabel() : PassRefPtr<Label>()); // Only loops have continue targets. - m_labelScopes.append(scope); - return LabelScopePtr(&m_labelScopes, m_labelScopes.size() - 1); + LabelScope scope(type, name, labelScopeDepth(), newLabel(), type == LabelScope::Loop ? RefPtr<Label>(newLabel()) : RefPtr<Label>()); // Only loops have continue targets. + m_labelScopes.append(WTFMove(scope)); + return LabelScopePtr(m_labelScopes, m_labelScopes.size() - 1); } -PassRefPtr<Label> BytecodeGenerator::newLabel() +Ref<Label> BytecodeGenerator::newLabel() { // Reclaim free label IDs. while (m_labels.size() && !m_labels.last().refCount()) m_labels.removeLast(); // Allocate new label ID. - m_labels.append(this); - return &m_labels.last(); + m_labels.append(*this); + return m_labels.last(); } -PassRefPtr<Label> BytecodeGenerator::emitLabel(Label* l0) +Ref<Label> BytecodeGenerator::newEmittedLabel() +{ + Ref<Label> label = newLabel(); + emitLabel(label.get()); + return label; +} + +void BytecodeGenerator::emitLabel(Label& l0) { unsigned newLabelIndex = instructions().size(); - l0->setLocation(newLabelIndex); + l0.setLocation(newLabelIndex); if (m_codeBlock->numberOfJumpTargets()) { unsigned lastLabelIndex = m_codeBlock->lastJumpTarget(); ASSERT(lastLabelIndex <= newLabelIndex); if (newLabelIndex == lastLabelIndex) { // Peephole optimizations have already been disabled by emitting the last label - return l0; + return; } } @@ -621,7 +1240,6 @@ PassRefPtr<Label> BytecodeGenerator::emitLabel(Label* l0) // This disables peephole optimizations when an instruction is a jump target m_lastOpcodeID = op_end; - return l0; } void BytecodeGenerator::emitOpcode(OpcodeID opcodeID) @@ -657,9 +1275,21 @@ UnlinkedValueProfile BytecodeGenerator::emitProfiledOpcode(OpcodeID opcodeID) return result; } +void BytecodeGenerator::emitEnter() +{ + emitOpcode(op_enter); +} + void BytecodeGenerator::emitLoopHint() { emitOpcode(op_loop_hint); + emitWatchdog(); +} + +void BytecodeGenerator::emitWatchdog() +{ + if (vm()->watchdog()) + emitOpcode(op_watchdog); } void BytecodeGenerator::retrieveLastBinaryOp(int& dstIndex, int& src1Index, int& src2Index) @@ -693,15 +1323,14 @@ void ALWAYS_INLINE BytecodeGenerator::rewindUnaryOp() m_lastOpcodeID = op_end; } -PassRefPtr<Label> BytecodeGenerator::emitJump(Label* target) +void BytecodeGenerator::emitJump(Label& target) { size_t begin = instructions().size(); emitOpcode(op_jmp); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); } -PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* target) +void BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label& target) { if (m_lastOpcodeID == op_less) { int dstIndex; @@ -717,8 +1346,8 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* tar emitOpcode(op_jless); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } } else if (m_lastOpcodeID == op_lesseq) { int dstIndex; @@ -734,8 +1363,8 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* tar emitOpcode(op_jlesseq); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } } else if (m_lastOpcodeID == op_greater) { int dstIndex; @@ -751,8 +1380,8 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* tar emitOpcode(op_jgreater); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } } else if (m_lastOpcodeID == op_greatereq) { int dstIndex; @@ -768,10 +1397,10 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* tar emitOpcode(op_jgreatereq); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } - } else if (m_lastOpcodeID == op_eq_null && target->isForward()) { + } else if (m_lastOpcodeID == op_eq_null && target.isForward()) { int dstIndex; int srcIndex; @@ -783,10 +1412,10 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* tar size_t begin = instructions().size(); emitOpcode(op_jeq_null); instructions().append(srcIndex); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } - } else if (m_lastOpcodeID == op_neq_null && target->isForward()) { + } else if (m_lastOpcodeID == op_neq_null && target.isForward()) { int dstIndex; int srcIndex; @@ -798,8 +1427,8 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* tar size_t begin = instructions().size(); emitOpcode(op_jneq_null); instructions().append(srcIndex); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } } @@ -807,13 +1436,12 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* tar emitOpcode(op_jtrue); instructions().append(cond->index()); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); } -PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* target) +void BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label& target) { - if (m_lastOpcodeID == op_less && target->isForward()) { + if (m_lastOpcodeID == op_less && target.isForward()) { int dstIndex; int src1Index; int src2Index; @@ -827,10 +1455,10 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* ta emitOpcode(op_jnless); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } - } else if (m_lastOpcodeID == op_lesseq && target->isForward()) { + } else if (m_lastOpcodeID == op_lesseq && target.isForward()) { int dstIndex; int src1Index; int src2Index; @@ -844,10 +1472,10 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* ta emitOpcode(op_jnlesseq); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } - } else if (m_lastOpcodeID == op_greater && target->isForward()) { + } else if (m_lastOpcodeID == op_greater && target.isForward()) { int dstIndex; int src1Index; int src2Index; @@ -861,10 +1489,10 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* ta emitOpcode(op_jngreater); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } - } else if (m_lastOpcodeID == op_greatereq && target->isForward()) { + } else if (m_lastOpcodeID == op_greatereq && target.isForward()) { int dstIndex; int src1Index; int src2Index; @@ -878,8 +1506,8 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* ta emitOpcode(op_jngreatereq); instructions().append(src1Index); instructions().append(src2Index); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } } else if (m_lastOpcodeID == op_not) { int dstIndex; @@ -893,10 +1521,10 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* ta size_t begin = instructions().size(); emitOpcode(op_jtrue); instructions().append(srcIndex); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } - } else if (m_lastOpcodeID == op_eq_null && target->isForward()) { + } else if (m_lastOpcodeID == op_eq_null && target.isForward()) { int dstIndex; int srcIndex; @@ -908,10 +1536,10 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* ta size_t begin = instructions().size(); emitOpcode(op_jneq_null); instructions().append(srcIndex); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } - } else if (m_lastOpcodeID == op_neq_null && target->isForward()) { + } else if (m_lastOpcodeID == op_neq_null && target.isForward()) { int dstIndex; int srcIndex; @@ -923,43 +1551,48 @@ PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* ta size_t begin = instructions().size(); emitOpcode(op_jeq_null); instructions().append(srcIndex); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + return; } } size_t begin = instructions().size(); emitOpcode(op_jfalse); instructions().append(cond->index()); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); } -PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionCall(RegisterID* cond, Label* target) +void BytecodeGenerator::emitJumpIfNotFunctionCall(RegisterID* cond, Label& target) { size_t begin = instructions().size(); emitOpcode(op_jneq_ptr); instructions().append(cond->index()); instructions().append(Special::CallFunction); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + instructions().append(0); } -PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionApply(RegisterID* cond, Label* target) +void BytecodeGenerator::emitJumpIfNotFunctionApply(RegisterID* cond, Label& target) { size_t begin = instructions().size(); emitOpcode(op_jneq_ptr); instructions().append(cond->index()); instructions().append(Special::ApplyFunction); - instructions().append(target->bind(begin, instructions().size())); - return target; + instructions().append(target.bind(begin, instructions().size())); + instructions().append(0); +} + +bool BytecodeGenerator::hasConstant(const Identifier& ident) const +{ + UniquedStringImpl* rep = ident.impl(); + return m_identifierMap.contains(rep); } unsigned BytecodeGenerator::addConstant(const Identifier& ident) { - StringImpl* rep = ident.impl(); + UniquedStringImpl* rep = ident.impl(); IdentifierMap::AddResult result = m_identifierMap.add(rep, m_codeBlock->numberOfIdentifiers()); if (result.isNewEntry) m_codeBlock->addIdentifier(ident); @@ -981,49 +1614,103 @@ RegisterID* BytecodeGenerator::addConstantEmptyValue() return m_emptyValueRegister; } -RegisterID* BytecodeGenerator::addConstantValue(JSValue v) +RegisterID* BytecodeGenerator::addConstantValue(JSValue v, SourceCodeRepresentation sourceCodeRepresentation) { if (!v) return addConstantEmptyValue(); int index = m_nextConstantOffset; - JSValueMap::AddResult result = m_jsValueMap.add(JSValue::encode(v), m_nextConstantOffset); + + if (sourceCodeRepresentation == SourceCodeRepresentation::Double && v.isInt32()) + v = jsDoubleNumber(v.asNumber()); + EncodedJSValueWithRepresentation valueMapKey { JSValue::encode(v), sourceCodeRepresentation }; + JSValueMap::AddResult result = m_jsValueMap.add(valueMapKey, m_nextConstantOffset); if (result.isNewEntry) { m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset); ++m_nextConstantOffset; - m_codeBlock->addConstant(v); + m_codeBlock->addConstant(v, sourceCodeRepresentation); } else index = result.iterator->value; return &m_constantPoolRegisters[index]; } +RegisterID* BytecodeGenerator::emitMoveLinkTimeConstant(RegisterID* dst, LinkTimeConstant type) +{ + unsigned constantIndex = static_cast<unsigned>(type); + if (!m_linkTimeConstantRegisters[constantIndex]) { + int index = m_nextConstantOffset; + m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset); + ++m_nextConstantOffset; + m_codeBlock->addConstant(type); + m_linkTimeConstantRegisters[constantIndex] = &m_constantPoolRegisters[index]; + } + + if (!dst) + return m_linkTimeConstantRegisters[constantIndex]; + + emitOpcode(op_mov); + instructions().append(dst->index()); + instructions().append(m_linkTimeConstantRegisters[constantIndex]->index()); + + return dst; +} + unsigned BytecodeGenerator::addRegExp(RegExp* r) { return m_codeBlock->addRegExp(r); } -RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, CaptureMode captureMode, RegisterID* src) +RegisterID* BytecodeGenerator::emitMoveEmptyValue(RegisterID* dst) { - m_staticPropertyAnalyzer.mov(dst->index(), src->index()); + RefPtr<RegisterID> emptyValue = addConstantEmptyValue(); - emitOpcode(captureMode == IsCaptured ? op_captured_mov : op_mov); + emitOpcode(op_mov); instructions().append(dst->index()); - instructions().append(src->index()); - if (captureMode == IsCaptured) - instructions().append(watchableVariable(dst->index())); + instructions().append(emptyValue->index()); return dst; } RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, RegisterID* src) { - return emitMove(dst, captureMode(dst->index()), src); + ASSERT(src != m_emptyValueRegister); + + m_staticPropertyAnalyzer.mov(dst->index(), src->index()); + emitOpcode(op_mov); + instructions().append(dst->index()); + instructions().append(src->index()); + + return dst; } RegisterID* BytecodeGenerator::emitUnaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src) { + ASSERT_WITH_MESSAGE(op_to_number != opcodeID, "op_to_number has a Value Profile."); + ASSERT_WITH_MESSAGE(op_negate != opcodeID, "op_negate has an Arith Profile."); emitOpcode(opcodeID); instructions().append(dst->index()); instructions().append(src->index()); + + return dst; +} + +RegisterID* BytecodeGenerator::emitUnaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src, OperandTypes types) +{ + ASSERT_WITH_MESSAGE(op_to_number != opcodeID, "op_to_number has a Value Profile."); + emitOpcode(opcodeID); + instructions().append(dst->index()); + instructions().append(src->index()); + + if (opcodeID == op_negate) + instructions().append(ArithProfile(types.first()).bits()); + return dst; +} + +RegisterID* BytecodeGenerator::emitUnaryOpProfiled(OpcodeID opcodeID, RegisterID* dst, RegisterID* src) +{ + UnlinkedValueProfile profile = emitProfiledOpcode(opcodeID); + instructions().append(dst->index()); + instructions().append(src->index()); + instructions().append(profile); return dst; } @@ -1050,7 +1737,7 @@ RegisterID* BytecodeGenerator::emitBinaryOp(OpcodeID opcodeID, RegisterID* dst, if (opcodeID == op_bitor || opcodeID == op_bitand || opcodeID == op_bitxor || opcodeID == op_add || opcodeID == op_mul || opcodeID == op_sub || opcodeID == op_div) - instructions().append(types.toInt()); + instructions().append(ArithProfile(types.first(), types.second()).bits()); return dst; } @@ -1091,14 +1778,23 @@ RegisterID* BytecodeGenerator::emitEqualityOp(OpcodeID opcodeID, RegisterID* dst } if (value == "string") { rewindUnaryOp(); - emitOpcode(op_is_string); + emitOpcode(op_is_cell_with_type); + instructions().append(dst->index()); + instructions().append(srcIndex); + instructions().append(StringType); + return dst; + } + if (value == "symbol") { + rewindUnaryOp(); + emitOpcode(op_is_cell_with_type); instructions().append(dst->index()); instructions().append(srcIndex); + instructions().append(SymbolType); return dst; } if (value == "object") { rewindUnaryOp(); - emitOpcode(op_is_object); + emitOpcode(op_is_object_or_null); instructions().append(dst->index()); instructions().append(srcIndex); return dst; @@ -1120,35 +1816,120 @@ RegisterID* BytecodeGenerator::emitEqualityOp(OpcodeID opcodeID, RegisterID* dst return dst; } -RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, bool b) +void BytecodeGenerator::emitTypeProfilerExpressionInfo(const JSTextPosition& startDivot, const JSTextPosition& endDivot) { - return emitLoad(dst, jsBoolean(b)); + ASSERT(vm()->typeProfiler()); + + unsigned start = startDivot.offset; // Ranges are inclusive of their endpoints, AND 0 indexed. + unsigned end = endDivot.offset - 1; // End Ranges already go one past the inclusive range, so subtract 1. + unsigned instructionOffset = instructions().size() - 1; + m_codeBlock->addTypeProfilerExpressionInfo(instructionOffset, start, end); +} + +void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, ProfileTypeBytecodeFlag flag) +{ + if (!vm()->typeProfiler()) + return; + + if (!registerToProfile) + return; + + emitOpcode(op_profile_type); + instructions().append(registerToProfile->index()); + instructions().append(0); + instructions().append(flag); + instructions().append(0); + instructions().append(resolveType()); + + // Don't emit expression info for this version of profile type. This generally means + // we're profiling information for something that isn't in the actual text of a JavaScript + // program. For example, implicit return undefined from a function call. +} + +void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, const JSTextPosition& startDivot, const JSTextPosition& endDivot) +{ + emitProfileType(registerToProfile, ProfileTypeBytecodeDoesNotHaveGlobalID, startDivot, endDivot); +} + +void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, ProfileTypeBytecodeFlag flag, const JSTextPosition& startDivot, const JSTextPosition& endDivot) +{ + if (!vm()->typeProfiler()) + return; + + if (!registerToProfile) + return; + + // The format of this instruction is: op_profile_type regToProfile, TypeLocation*, flag, identifier?, resolveType? + emitOpcode(op_profile_type); + instructions().append(registerToProfile->index()); + instructions().append(0); + instructions().append(flag); + instructions().append(0); + instructions().append(resolveType()); + + emitTypeProfilerExpressionInfo(startDivot, endDivot); } -RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, double number) +void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, const Variable& var, const JSTextPosition& startDivot, const JSTextPosition& endDivot) { - // FIXME: Our hash tables won't hold infinity, so we make a new JSValue each time. - // Later we can do the extra work to handle that like the other cases. They also don't - // work correctly with NaN as a key. - if (std::isnan(number) || number == HashTraits<double>::emptyValue() || HashTraits<double>::isDeletedValue(number)) - return emitLoad(dst, jsNumber(number)); - JSValue& valueInMap = m_numberMap.add(number, JSValue()).iterator->value; - if (!valueInMap) - valueInMap = jsNumber(number); - return emitLoad(dst, valueInMap); + if (!vm()->typeProfiler()) + return; + + if (!registerToProfile) + return; + + ProfileTypeBytecodeFlag flag; + int symbolTableOrScopeDepth; + if (var.local() || var.offset().isScope()) { + flag = ProfileTypeBytecodeLocallyResolved; + ASSERT(var.symbolTableConstantIndex()); + symbolTableOrScopeDepth = var.symbolTableConstantIndex(); + } else { + flag = ProfileTypeBytecodeClosureVar; + symbolTableOrScopeDepth = localScopeDepth(); + } + + // The format of this instruction is: op_profile_type regToProfile, TypeLocation*, flag, identifier?, resolveType? + emitOpcode(op_profile_type); + instructions().append(registerToProfile->index()); + instructions().append(symbolTableOrScopeDepth); + instructions().append(flag); + instructions().append(addConstant(var.ident())); + instructions().append(resolveType()); + + emitTypeProfilerExpressionInfo(startDivot, endDivot); +} + +void BytecodeGenerator::emitProfileControlFlow(int textOffset) +{ + if (vm()->controlFlowProfiler()) { + RELEASE_ASSERT(textOffset >= 0); + size_t bytecodeOffset = instructions().size(); + m_codeBlock->addOpProfileControlFlowBytecodeOffset(bytecodeOffset); + + emitOpcode(op_profile_control_flow); + instructions().append(textOffset); + } +} + +RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, bool b) +{ + return emitLoad(dst, jsBoolean(b)); } RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, const Identifier& identifier) { + ASSERT(!identifier.isSymbol()); JSString*& stringInMap = m_stringMap.add(identifier.impl(), nullptr).iterator->value; if (!stringInMap) stringInMap = jsOwnedString(vm(), identifier.string()); + return emitLoad(dst, JSValue(stringInMap)); } -RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, JSValue v) +RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, JSValue v, SourceCodeRepresentation sourceCodeRepresentation) { - RegisterID* constantID = addConstantValue(v); + RegisterID* constantID = addConstantValue(v, sourceCodeRepresentation); if (dst) return emitMove(dst, constantID); return constantID; @@ -1169,113 +1950,636 @@ RegisterID* BytecodeGenerator::emitLoadGlobalObject(RegisterID* dst) return m_globalObjectRegister; } -bool BytecodeGenerator::isCaptured(int operand) +template<typename LookUpVarKindFunctor> +bool BytecodeGenerator::instantiateLexicalVariables(const VariableEnvironment& lexicalVariables, SymbolTable* symbolTable, ScopeRegisterType scopeRegisterType, LookUpVarKindFunctor lookUpVarKind) { - return m_symbolTable && m_symbolTable->isCaptured(operand); + bool hasCapturedVariables = false; + { + for (auto& entry : lexicalVariables) { + ASSERT(entry.value.isLet() || entry.value.isConst() || entry.value.isFunction()); + ASSERT(!entry.value.isVar()); + SymbolTableEntry symbolTableEntry = symbolTable->get(NoLockingNecessary, entry.key.get()); + ASSERT(symbolTableEntry.isNull()); + + // Imported bindings which are not the namespace bindings are not allocated + // in the module environment as usual variables' way. + // And since these types of the variables only seen in the module environment, + // other lexical environment need not to take care this. + if (entry.value.isImported() && !entry.value.isImportedNamespace()) + continue; + + VarKind varKind = lookUpVarKind(entry.key.get(), entry.value); + VarOffset varOffset; + if (varKind == VarKind::Scope) { + varOffset = VarOffset(symbolTable->takeNextScopeOffset(NoLockingNecessary)); + hasCapturedVariables = true; + } else { + ASSERT(varKind == VarKind::Stack); + RegisterID* local; + if (scopeRegisterType == ScopeRegisterType::Block) { + local = newBlockScopeVariable(); + local->ref(); + } else + local = addVar(); + varOffset = VarOffset(local->virtualRegister()); + } + + SymbolTableEntry newEntry(varOffset, entry.value.isConst() ? ReadOnly : 0); + symbolTable->add(NoLockingNecessary, entry.key.get(), newEntry); + } + } + return hasCapturedVariables; } -Local BytecodeGenerator::local(const Identifier& property) +void BytecodeGenerator::emitPrefillStackTDZVariables(const VariableEnvironment& lexicalVariables, SymbolTable* symbolTable) { - if (property == propertyNames().thisIdentifier) - return Local(thisRegister(), ReadOnly, NotCaptured); - - if (property == propertyNames().arguments) - createArgumentsIfNecessary(); + // Prefill stack variables with the TDZ empty value. + // Scope variables will be initialized to the TDZ empty value when JSLexicalEnvironment is allocated. + for (auto& entry : lexicalVariables) { + // Imported bindings which are not the namespace bindings are not allocated + // in the module environment as usual variables' way. + // And since these types of the variables only seen in the module environment, + // other lexical environment need not to take care this. + if (entry.value.isImported() && !entry.value.isImportedNamespace()) + continue; - if (!shouldOptimizeLocals()) - return Local(); + if (entry.value.isFunction()) + continue; - SymbolTableEntry entry = symbolTable().get(property.impl()); - if (entry.isNull()) - return Local(); + SymbolTableEntry symbolTableEntry = symbolTable->get(NoLockingNecessary, entry.key.get()); + ASSERT(!symbolTableEntry.isNull()); + VarOffset offset = symbolTableEntry.varOffset(); + if (offset.isScope()) + continue; - RegisterID* local = createLazyRegisterIfNecessary(®isterFor(entry.getIndex())); - return Local(local, entry.getAttributes(), captureMode(local->index())); + ASSERT(offset.isStack()); + emitMoveEmptyValue(®isterFor(offset.stackOffset())); + } } -Local BytecodeGenerator::constLocal(const Identifier& property) +void BytecodeGenerator::pushLexicalScope(VariableEnvironmentNode* node, TDZCheckOptimization tdzCheckOptimization, NestedScopeType nestedScopeType, RegisterID** constantSymbolTableResult, bool shouldInitializeBlockScopedFunctions) { - if (m_codeType != FunctionCode) - return Local(); + VariableEnvironment& environment = node->lexicalVariables(); + RegisterID* constantSymbolTableResultTemp = nullptr; + pushLexicalScopeInternal(environment, tdzCheckOptimization, nestedScopeType, &constantSymbolTableResultTemp, TDZRequirement::UnderTDZ, ScopeType::LetConstScope, ScopeRegisterType::Block); - SymbolTableEntry entry = symbolTable().get(property.impl()); - if (entry.isNull()) - return Local(); + if (shouldInitializeBlockScopedFunctions) + initializeBlockScopedFunctions(environment, node->functionStack(), constantSymbolTableResultTemp); - RegisterID* local = createLazyRegisterIfNecessary(®isterFor(entry.getIndex())); - return Local(local, entry.getAttributes(), captureMode(local->index())); + if (constantSymbolTableResult && constantSymbolTableResultTemp) + *constantSymbolTableResult = constantSymbolTableResultTemp; } -void BytecodeGenerator::emitCheckHasInstance(RegisterID* dst, RegisterID* value, RegisterID* base, Label* target) +void BytecodeGenerator::pushLexicalScopeInternal(VariableEnvironment& environment, TDZCheckOptimization tdzCheckOptimization, NestedScopeType nestedScopeType, + RegisterID** constantSymbolTableResult, TDZRequirement tdzRequirement, ScopeType scopeType, ScopeRegisterType scopeRegisterType) { - size_t begin = instructions().size(); - emitOpcode(op_check_has_instance); + if (!environment.size()) + return; + + if (m_shouldEmitDebugHooks) + environment.markAllVariablesAsCaptured(); + + SymbolTable* symbolTable = SymbolTable::create(*m_vm); + switch (scopeType) { + case ScopeType::CatchScope: + symbolTable->setScopeType(SymbolTable::ScopeType::CatchScope); + break; + case ScopeType::LetConstScope: + symbolTable->setScopeType(SymbolTable::ScopeType::LexicalScope); + break; + case ScopeType::FunctionNameScope: + symbolTable->setScopeType(SymbolTable::ScopeType::FunctionNameScope); + break; + } + + if (nestedScopeType == NestedScopeType::IsNested) + symbolTable->markIsNestedLexicalScope(); + + auto lookUpVarKind = [] (UniquedStringImpl*, const VariableEnvironmentEntry& entry) -> VarKind { + return entry.isCaptured() ? VarKind::Scope : VarKind::Stack; + }; + + bool hasCapturedVariables = instantiateLexicalVariables(environment, symbolTable, scopeRegisterType, lookUpVarKind); + + RegisterID* newScope = nullptr; + RegisterID* constantSymbolTable = nullptr; + int symbolTableConstantIndex = 0; + if (vm()->typeProfiler()) { + constantSymbolTable = addConstantValue(symbolTable); + symbolTableConstantIndex = constantSymbolTable->index(); + } + if (hasCapturedVariables) { + if (scopeRegisterType == ScopeRegisterType::Block) { + newScope = newBlockScopeVariable(); + newScope->ref(); + } else + newScope = addVar(); + if (!constantSymbolTable) { + ASSERT(!vm()->typeProfiler()); + constantSymbolTable = addConstantValue(symbolTable->cloneScopePart(*m_vm)); + symbolTableConstantIndex = constantSymbolTable->index(); + } + if (constantSymbolTableResult) + *constantSymbolTableResult = constantSymbolTable; + + emitOpcode(op_create_lexical_environment); + instructions().append(newScope->index()); + instructions().append(scopeRegister()->index()); + instructions().append(constantSymbolTable->index()); + instructions().append(addConstantValue(tdzRequirement == TDZRequirement::UnderTDZ ? jsTDZValue() : jsUndefined())->index()); + + emitMove(scopeRegister(), newScope); + + pushLocalControlFlowScope(); + } + + bool isWithScope = false; + m_lexicalScopeStack.append({ symbolTable, newScope, isWithScope, symbolTableConstantIndex }); + pushTDZVariables(environment, tdzCheckOptimization, tdzRequirement); + + if (tdzRequirement == TDZRequirement::UnderTDZ) + emitPrefillStackTDZVariables(environment, symbolTable); +} + +void BytecodeGenerator::initializeBlockScopedFunctions(VariableEnvironment& environment, FunctionStack& functionStack, RegisterID* constantSymbolTable) +{ + /* + * We must transform block scoped function declarations in strict mode like so: + * + * function foo() { + * if (c) { + * function foo() { ... } + * if (bar) { ... } + * else { ... } + * function baz() { ... } + * } + * } + * + * to: + * + * function foo() { + * if (c) { + * let foo = function foo() { ... } + * let baz = function baz() { ... } + * if (bar) { ... } + * else { ... } + * } + * } + * + * But without the TDZ checks. + */ + + if (!environment.size()) { + RELEASE_ASSERT(!functionStack.size()); + return; + } + + if (!functionStack.size()) + return; + + SymbolTable* symbolTable = m_lexicalScopeStack.last().m_symbolTable; + RegisterID* scope = m_lexicalScopeStack.last().m_scope; + RefPtr<RegisterID> temp = newTemporary(); + int symbolTableIndex = constantSymbolTable ? constantSymbolTable->index() : 0; + for (FunctionMetadataNode* function : functionStack) { + const Identifier& name = function->ident(); + auto iter = environment.find(name.impl()); + RELEASE_ASSERT(iter != environment.end()); + RELEASE_ASSERT(iter->value.isFunction()); + // We purposefully don't hold the symbol table lock around this loop because emitNewFunctionExpressionCommon may GC. + SymbolTableEntry entry = symbolTable->get(NoLockingNecessary, name.impl()); + RELEASE_ASSERT(!entry.isNull()); + emitNewFunctionExpressionCommon(temp.get(), function); + bool isLexicallyScoped = true; + emitPutToScope(scope, variableForLocalEntry(name, entry, symbolTableIndex, isLexicallyScoped), temp.get(), DoNotThrowIfNotFound, InitializationMode::Initialization); + } +} + +void BytecodeGenerator::hoistSloppyModeFunctionIfNecessary(const Identifier& functionName) +{ + if (m_scopeNode->hasSloppyModeHoistedFunction(functionName.impl())) { + Variable currentFunctionVariable = variable(functionName); + RefPtr<RegisterID> currentValue; + if (RegisterID* local = currentFunctionVariable.local()) + currentValue = local; + else { + RefPtr<RegisterID> scope = emitResolveScope(nullptr, currentFunctionVariable); + currentValue = emitGetFromScope(newTemporary(), scope.get(), currentFunctionVariable, DoNotThrowIfNotFound); + } + + ASSERT(m_varScopeLexicalScopeStackIndex); + ASSERT(*m_varScopeLexicalScopeStackIndex < m_lexicalScopeStack.size()); + LexicalScopeStackEntry varScope = m_lexicalScopeStack[*m_varScopeLexicalScopeStackIndex]; + SymbolTable* varSymbolTable = varScope.m_symbolTable; + ASSERT(varSymbolTable->scopeType() == SymbolTable::ScopeType::VarScope); + SymbolTableEntry entry = varSymbolTable->get(NoLockingNecessary, functionName.impl()); + if (functionName == propertyNames().arguments && entry.isNull()) { + // "arguments" might be put in the parameter scope when we have a non-simple + // parameter list since "arguments" is visible to expressions inside the + // parameter evaluation list. + // e.g: + // function foo(x = arguments) { { function arguments() { } } } + RELEASE_ASSERT(*m_varScopeLexicalScopeStackIndex > 0); + varScope = m_lexicalScopeStack[*m_varScopeLexicalScopeStackIndex - 1]; + SymbolTable* parameterSymbolTable = varScope.m_symbolTable; + entry = parameterSymbolTable->get(NoLockingNecessary, functionName.impl()); + } + RELEASE_ASSERT(!entry.isNull()); + bool isLexicallyScoped = false; + emitPutToScope(varScope.m_scope, variableForLocalEntry(functionName, entry, varScope.m_symbolTableConstantIndex, isLexicallyScoped), currentValue.get(), DoNotThrowIfNotFound, InitializationMode::NotInitialization); + } +} + +void BytecodeGenerator::popLexicalScope(VariableEnvironmentNode* node) +{ + VariableEnvironment& environment = node->lexicalVariables(); + popLexicalScopeInternal(environment); +} + +void BytecodeGenerator::popLexicalScopeInternal(VariableEnvironment& environment) +{ + // NOTE: This function only makes sense for scopes that aren't ScopeRegisterType::Var (only function name scope right now is ScopeRegisterType::Var). + // This doesn't make sense for ScopeRegisterType::Var because we deref RegisterIDs here. + if (!environment.size()) + return; + + if (m_shouldEmitDebugHooks) + environment.markAllVariablesAsCaptured(); + + auto stackEntry = m_lexicalScopeStack.takeLast(); + SymbolTable* symbolTable = stackEntry.m_symbolTable; + bool hasCapturedVariables = false; + for (auto& entry : environment) { + if (entry.value.isCaptured()) { + hasCapturedVariables = true; + continue; + } + SymbolTableEntry symbolTableEntry = symbolTable->get(NoLockingNecessary, entry.key.get()); + ASSERT(!symbolTableEntry.isNull()); + VarOffset offset = symbolTableEntry.varOffset(); + ASSERT(offset.isStack()); + RegisterID* local = ®isterFor(offset.stackOffset()); + local->deref(); + } + + if (hasCapturedVariables) { + RELEASE_ASSERT(stackEntry.m_scope); + emitPopScope(scopeRegister(), stackEntry.m_scope); + popLocalControlFlowScope(); + stackEntry.m_scope->deref(); + } + + m_TDZStack.removeLast(); +} + +void BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration(VariableEnvironmentNode* node, RegisterID* loopSymbolTable) +{ + VariableEnvironment& environment = node->lexicalVariables(); + if (!environment.size()) + return; + if (m_shouldEmitDebugHooks) + environment.markAllVariablesAsCaptured(); + if (!environment.hasCapturedVariables()) + return; + + RELEASE_ASSERT(loopSymbolTable); + + // This function needs to do setup for a for loop's activation if any of + // the for loop's lexically declared variables are captured (that is, variables + // declared in the loop header, not the loop body). This function needs to + // make a copy of the current activation and copy the values from the previous + // activation into the new activation because each iteration of a for loop + // gets a new activation. + + auto stackEntry = m_lexicalScopeStack.last(); + SymbolTable* symbolTable = stackEntry.m_symbolTable; + RegisterID* loopScope = stackEntry.m_scope; + ASSERT(symbolTable->scopeSize()); + ASSERT(loopScope); + Vector<std::pair<RegisterID*, Identifier>> activationValuesToCopyOver; + + { + activationValuesToCopyOver.reserveInitialCapacity(symbolTable->scopeSize()); + + for (auto end = symbolTable->end(NoLockingNecessary), ptr = symbolTable->begin(NoLockingNecessary); ptr != end; ++ptr) { + if (!ptr->value.varOffset().isScope()) + continue; + + RefPtr<UniquedStringImpl> ident = ptr->key; + Identifier identifier = Identifier::fromUid(m_vm, ident.get()); + + RegisterID* transitionValue = newBlockScopeVariable(); + transitionValue->ref(); + emitGetFromScope(transitionValue, loopScope, variableForLocalEntry(identifier, ptr->value, loopSymbolTable->index(), true), DoNotThrowIfNotFound); + activationValuesToCopyOver.uncheckedAppend(std::make_pair(transitionValue, identifier)); + } + } + + // We need this dynamic behavior of the executing code to ensure + // each loop iteration has a new activation object. (It's pretty ugly). + // Also, this new activation needs to be assigned to the same register + // as the previous scope because the loop body is compiled under + // the assumption that the scope's register index is constant even + // though the value in that register will change on each loop iteration. + RefPtr<RegisterID> parentScope = emitGetParentScope(newTemporary(), loopScope); + emitMove(scopeRegister(), parentScope.get()); + + emitOpcode(op_create_lexical_environment); + instructions().append(loopScope->index()); + instructions().append(scopeRegister()->index()); + instructions().append(loopSymbolTable->index()); + instructions().append(addConstantValue(jsTDZValue())->index()); + + emitMove(scopeRegister(), loopScope); + + { + for (auto pair : activationValuesToCopyOver) { + const Identifier& identifier = pair.second; + SymbolTableEntry entry = symbolTable->get(NoLockingNecessary, identifier.impl()); + RELEASE_ASSERT(!entry.isNull()); + RegisterID* transitionValue = pair.first; + emitPutToScope(loopScope, variableForLocalEntry(identifier, entry, loopSymbolTable->index(), true), transitionValue, DoNotThrowIfNotFound, InitializationMode::NotInitialization); + transitionValue->deref(); + } + } +} + +Variable BytecodeGenerator::variable(const Identifier& property, ThisResolutionType thisResolutionType) +{ + if (property == propertyNames().thisIdentifier && thisResolutionType == ThisResolutionType::Local) { + return Variable(property, VarOffset(thisRegister()->virtualRegister()), thisRegister(), + ReadOnly, Variable::SpecialVariable, 0, false); + } + + // We can optimize lookups if the lexical variable is found before a "with" or "catch" + // scope because we're guaranteed static resolution. If we have to pass through + // a "with" or "catch" scope we loose this guarantee. + // We can't optimize cases like this: + // { + // let x = ...; + // with (o) { + // doSomethingWith(x); + // } + // } + // Because we can't gaurantee static resolution on x. + // But, in this case, we are guaranteed static resolution: + // { + // let x = ...; + // with (o) { + // let x = ...; + // doSomethingWith(x); + // } + // } + for (unsigned i = m_lexicalScopeStack.size(); i--; ) { + auto& stackEntry = m_lexicalScopeStack[i]; + if (stackEntry.m_isWithScope) + return Variable(property); + SymbolTable* symbolTable = stackEntry.m_symbolTable; + SymbolTableEntry symbolTableEntry = symbolTable->get(NoLockingNecessary, property.impl()); + if (symbolTableEntry.isNull()) + continue; + bool resultIsCallee = false; + if (symbolTable->scopeType() == SymbolTable::ScopeType::FunctionNameScope) { + if (m_usesNonStrictEval) { + // We don't know if an eval has introduced a "var" named the same thing as the function name scope variable name. + // We resort to dynamic lookup to answer this question. + Variable result = Variable(property); + return result; + } + resultIsCallee = true; + } + Variable result = variableForLocalEntry(property, symbolTableEntry, stackEntry.m_symbolTableConstantIndex, symbolTable->scopeType() == SymbolTable::ScopeType::LexicalScope); + if (resultIsCallee) + result.setIsReadOnly(); + return result; + } + + return Variable(property); +} + +Variable BytecodeGenerator::variableForLocalEntry( + const Identifier& property, const SymbolTableEntry& entry, int symbolTableConstantIndex, bool isLexicallyScoped) +{ + VarOffset offset = entry.varOffset(); + + RegisterID* local; + if (offset.isStack()) + local = ®isterFor(offset.stackOffset()); + else + local = nullptr; + + return Variable(property, offset, local, entry.getAttributes(), Variable::NormalVariable, symbolTableConstantIndex, isLexicallyScoped); +} + +void BytecodeGenerator::createVariable( + const Identifier& property, VarKind varKind, SymbolTable* symbolTable, ExistingVariableMode existingVariableMode) +{ + ASSERT(property != propertyNames().thisIdentifier); + SymbolTableEntry entry = symbolTable->get(NoLockingNecessary, property.impl()); + + if (!entry.isNull()) { + if (existingVariableMode == IgnoreExisting) + return; + + // Do some checks to ensure that the variable we're being asked to create is sufficiently + // compatible with the one we have already created. + + VarOffset offset = entry.varOffset(); + + // We can't change our minds about whether it's captured. + if (offset.kind() != varKind) { + dataLog( + "Trying to add variable called ", property, " as ", varKind, + " but it was already added as ", offset, ".\n"); + RELEASE_ASSERT_NOT_REACHED(); + } + + return; + } + + VarOffset varOffset; + if (varKind == VarKind::Scope) + varOffset = VarOffset(symbolTable->takeNextScopeOffset(NoLockingNecessary)); + else { + ASSERT(varKind == VarKind::Stack); + varOffset = VarOffset(virtualRegisterForLocal(m_calleeLocals.size())); + } + SymbolTableEntry newEntry(varOffset, 0); + symbolTable->add(NoLockingNecessary, property.impl(), newEntry); + + if (varKind == VarKind::Stack) { + RegisterID* local = addVar(); + RELEASE_ASSERT(local->index() == varOffset.stackOffset().offset()); + } +} + +RegisterID* BytecodeGenerator::emitOverridesHasInstance(RegisterID* dst, RegisterID* constructor, RegisterID* hasInstanceValue) +{ + emitOpcode(op_overrides_has_instance); instructions().append(dst->index()); - instructions().append(value->index()); - instructions().append(base->index()); - instructions().append(target->bind(begin, instructions().size())); + instructions().append(constructor->index()); + instructions().append(hasInstanceValue->index()); + return dst; } // Indicates the least upper bound of resolve type based on local scope. The bytecode linker // will start with this ResolveType and compute the least upper bound including intercepting scopes. ResolveType BytecodeGenerator::resolveType() { - if (m_localScopeDepth) - return Dynamic; - if (m_symbolTable && m_symbolTable->usesNonStrictEval()) + for (unsigned i = m_lexicalScopeStack.size(); i--; ) { + if (m_lexicalScopeStack[i].m_isWithScope) + return Dynamic; + if (m_usesNonStrictEval && m_lexicalScopeStack[i].m_symbolTable->scopeType() == SymbolTable::ScopeType::FunctionNameScope) { + // We never want to assign to a FunctionNameScope. Returning Dynamic here achieves this goal. + // If we aren't in non-strict eval mode, then NodesCodeGen needs to take care not to emit + // a put_to_scope with the destination being the function name scope variable. + return Dynamic; + } + } + + if (m_usesNonStrictEval) return GlobalPropertyWithVarInjectionChecks; return GlobalProperty; } -RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Identifier& identifier) +RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Variable& variable) { - m_codeBlock->addPropertyAccessInstruction(instructions().size()); - - ASSERT(!m_symbolTable || !m_symbolTable->contains(identifier.impl()) || resolveType() == Dynamic); + switch (variable.offset().kind()) { + case VarKind::Stack: + return nullptr; + + case VarKind::DirectArgument: + return argumentsRegister(); + + case VarKind::Scope: { + // This always refers to the activation that *we* allocated, and not the current scope that code + // lives in. Note that this will change once we have proper support for block scoping. Once that + // changes, it will be correct for this code to return scopeRegister(). The only reason why we + // don't do that already is that m_lexicalEnvironment is required by ConstDeclNode. ConstDeclNode + // requires weird things because it is a shameful pile of nonsense, but block scoping would make + // that code sensible and obviate the need for us to do bad things. + for (unsigned i = m_lexicalScopeStack.size(); i--; ) { + auto& stackEntry = m_lexicalScopeStack[i]; + // We should not resolve a variable to VarKind::Scope if a "with" scope lies in between the current + // scope and the resolved scope. + RELEASE_ASSERT(!stackEntry.m_isWithScope); + + if (stackEntry.m_symbolTable->get(NoLockingNecessary, variable.ident().impl()).isNull()) + continue; + + RegisterID* scope = stackEntry.m_scope; + RELEASE_ASSERT(scope); + return scope; + } - // resolve_scope dst, id, ResolveType, depth - emitOpcode(op_resolve_scope); - instructions().append(kill(dst)); - instructions().append(addConstant(identifier)); - instructions().append(resolveType()); - instructions().append(0); - instructions().append(0); - return dst; + RELEASE_ASSERT_NOT_REACHED(); + return nullptr; + + } + case VarKind::Invalid: + // Indicates non-local resolution. + + m_codeBlock->addPropertyAccessInstruction(instructions().size()); + + // resolve_scope dst, id, ResolveType, depth + dst = tempDestination(dst); + emitOpcode(op_resolve_scope); + instructions().append(kill(dst)); + instructions().append(scopeRegister()->index()); + instructions().append(addConstant(variable.ident())); + instructions().append(resolveType()); + instructions().append(localScopeDepth()); + instructions().append(0); + return dst; + } + + RELEASE_ASSERT_NOT_REACHED(); + return nullptr; } -RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier& identifier, ResolveMode resolveMode) +RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Variable& variable, ResolveMode resolveMode) { - m_codeBlock->addPropertyAccessInstruction(instructions().size()); - - // get_from_scope dst, scope, id, ResolveModeAndType, Structure, Operand - UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_scope); - instructions().append(kill(dst)); - instructions().append(scope->index()); - instructions().append(addConstant(identifier)); - instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand()); - instructions().append(0); - instructions().append(0); - instructions().append(profile); - return dst; + switch (variable.offset().kind()) { + case VarKind::Stack: + return emitMove(dst, variable.local()); + + case VarKind::DirectArgument: { + UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_arguments); + instructions().append(kill(dst)); + instructions().append(scope->index()); + instructions().append(variable.offset().capturedArgumentsOffset().offset()); + instructions().append(profile); + return dst; + } + + case VarKind::Scope: + case VarKind::Invalid: { + m_codeBlock->addPropertyAccessInstruction(instructions().size()); + + // get_from_scope dst, scope, id, GetPutInfo, Structure, Operand + UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_scope); + instructions().append(kill(dst)); + instructions().append(scope->index()); + instructions().append(addConstant(variable.ident())); + instructions().append(GetPutInfo(resolveMode, variable.offset().isScope() ? LocalClosureVar : resolveType(), InitializationMode::NotInitialization).operand()); + instructions().append(localScopeDepth()); + instructions().append(variable.offset().isScope() ? variable.offset().scopeOffset().offset() : 0); + instructions().append(profile); + return dst; + } } + + RELEASE_ASSERT_NOT_REACHED(); } -RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Identifier& identifier, RegisterID* value, ResolveMode resolveMode) +RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Variable& variable, RegisterID* value, ResolveMode resolveMode, InitializationMode initializationMode) { - m_codeBlock->addPropertyAccessInstruction(instructions().size()); + switch (variable.offset().kind()) { + case VarKind::Stack: + emitMove(variable.local(), value); + return value; + + case VarKind::DirectArgument: + emitOpcode(op_put_to_arguments); + instructions().append(scope->index()); + instructions().append(variable.offset().capturedArgumentsOffset().offset()); + instructions().append(value->index()); + return value; + + case VarKind::Scope: + case VarKind::Invalid: { + m_codeBlock->addPropertyAccessInstruction(instructions().size()); + + // put_to_scope scope, id, value, GetPutInfo, Structure, Operand + emitOpcode(op_put_to_scope); + instructions().append(scope->index()); + instructions().append(addConstant(variable.ident())); + instructions().append(value->index()); + ScopeOffset offset; + if (variable.offset().isScope()) { + offset = variable.offset().scopeOffset(); + instructions().append(GetPutInfo(resolveMode, LocalClosureVar, initializationMode).operand()); + instructions().append(variable.symbolTableConstantIndex()); + } else { + ASSERT(resolveType() != LocalClosureVar); + instructions().append(GetPutInfo(resolveMode, resolveType(), initializationMode).operand()); + instructions().append(localScopeDepth()); + } + instructions().append(!!offset ? offset.offset() : 0); + return value; + } } + + RELEASE_ASSERT_NOT_REACHED(); +} - // put_to_scope scope, id, value, ResolveModeAndType, Structure, Operand - emitOpcode(op_put_to_scope); - instructions().append(scope->index()); - instructions().append(addConstant(identifier)); - instructions().append(value->index()); - instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand()); - instructions().append(0); - instructions().append(0); - return value; +RegisterID* BytecodeGenerator::initializeVariable(const Variable& variable, RegisterID* value) +{ + RELEASE_ASSERT(variable.offset().kind() != VarKind::Invalid); + RegisterID* scope = emitResolveScope(nullptr, variable); + return emitPutToScope(scope, variable, value, ThrowIfNotFound, InitializationMode::NotInitialization); } RegisterID* BytecodeGenerator::emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* basePrototype) -{ +{ emitOpcode(op_instanceof); instructions().append(dst->index()); instructions().append(value->index()); @@ -1283,19 +2587,43 @@ RegisterID* BytecodeGenerator::emitInstanceOf(RegisterID* dst, RegisterID* value return dst; } -RegisterID* BytecodeGenerator::emitInitGlobalConst(const Identifier& identifier, RegisterID* value) +RegisterID* BytecodeGenerator::emitInstanceOfCustom(RegisterID* dst, RegisterID* value, RegisterID* constructor, RegisterID* hasInstanceValue) { - ASSERT(m_codeType == GlobalCode); - emitOpcode(op_init_global_const_nop); - instructions().append(0); + emitOpcode(op_instanceof_custom); + instructions().append(dst->index()); instructions().append(value->index()); - instructions().append(0); - instructions().append(addConstant(identifier)); - return value; + instructions().append(constructor->index()); + instructions().append(hasInstanceValue->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitIn(RegisterID* dst, RegisterID* property, RegisterID* base) +{ + UnlinkedArrayProfile arrayProfile = newArrayProfile(); + emitOpcode(op_in); + instructions().append(dst->index()); + instructions().append(base->index()); + instructions().append(property->index()); + instructions().append(arrayProfile); + return dst; +} + +RegisterID* BytecodeGenerator::emitTryGetById(RegisterID* dst, RegisterID* base, const Identifier& property) +{ + ASSERT_WITH_MESSAGE(!parseIndex(property), "Indexed properties are not supported with tryGetById."); + + UnlinkedValueProfile profile = emitProfiledOpcode(op_try_get_by_id); + instructions().append(kill(dst)); + instructions().append(base->index()); + instructions().append(addConstant(property)); + instructions().append(profile); + return dst; } RegisterID* BytecodeGenerator::emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property) { + ASSERT_WITH_MESSAGE(!parseIndex(property), "Indexed properties should be handled with get_by_val."); + m_codeBlock->addPropertyAccessInstruction(instructions().size()); UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_id); @@ -1305,23 +2633,28 @@ RegisterID* BytecodeGenerator::emitGetById(RegisterID* dst, RegisterID* base, co instructions().append(0); instructions().append(0); instructions().append(0); - instructions().append(0); + instructions().append(Options::prototypeHitCountForLLIntCaching()); instructions().append(profile); return dst; } -RegisterID* BytecodeGenerator::emitGetArgumentsLength(RegisterID* dst, RegisterID* base) +RegisterID* BytecodeGenerator::emitGetById(RegisterID* dst, RegisterID* base, RegisterID* thisVal, const Identifier& property) { - emitOpcode(op_get_arguments_length); - instructions().append(dst->index()); - ASSERT(base->virtualRegister() == m_codeBlock->argumentsRegister()); + ASSERT_WITH_MESSAGE(!parseIndex(property), "Indexed properties should be handled with get_by_val."); + + UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_id_with_this); + instructions().append(kill(dst)); instructions().append(base->index()); - instructions().append(addConstant(propertyNames().length)); + instructions().append(thisVal->index()); + instructions().append(addConstant(property)); + instructions().append(profile); return dst; } RegisterID* BytecodeGenerator::emitPutById(RegisterID* base, const Identifier& property, RegisterID* value) { + ASSERT_WITH_MESSAGE(!parseIndex(property), "Indexed properties should be handled with put_by_val."); + unsigned propertyIndex = addConstant(property); m_staticPropertyAnalyzer.putById(base->index(), propertyIndex); @@ -1332,16 +2665,34 @@ RegisterID* BytecodeGenerator::emitPutById(RegisterID* base, const Identifier& p instructions().append(base->index()); instructions().append(propertyIndex); instructions().append(value->index()); - instructions().append(0); - instructions().append(0); - instructions().append(0); - instructions().append(0); - instructions().append(0); + instructions().append(0); // old structure + instructions().append(0); // offset + instructions().append(0); // new structure + instructions().append(0); // structure chain + instructions().append(static_cast<int>(PutByIdNone)); // is not direct + return value; } -RegisterID* BytecodeGenerator::emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value) +RegisterID* BytecodeGenerator::emitPutById(RegisterID* base, RegisterID* thisValue, const Identifier& property, RegisterID* value) { + ASSERT_WITH_MESSAGE(!parseIndex(property), "Indexed properties should be handled with put_by_val."); + + unsigned propertyIndex = addConstant(property); + + emitOpcode(op_put_by_id_with_this); + instructions().append(base->index()); + instructions().append(thisValue->index()); + instructions().append(propertyIndex); + instructions().append(value->index()); + + return value; +} + +RegisterID* BytecodeGenerator::emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value, PropertyNode::PutType putType) +{ + ASSERT_WITH_MESSAGE(!parseIndex(property), "Indexed properties should be handled with put_by_val(direct)."); + unsigned propertyIndex = addConstant(property); m_staticPropertyAnalyzer.putById(base->index(), propertyIndex); @@ -1352,29 +2703,85 @@ RegisterID* BytecodeGenerator::emitDirectPutById(RegisterID* base, const Identif instructions().append(base->index()); instructions().append(propertyIndex); instructions().append(value->index()); - instructions().append(0); - instructions().append(0); - instructions().append(0); - instructions().append(0); - instructions().append( - property != m_vm->propertyNames->underscoreProto - && PropertyName(property).asIndex() == PropertyName::NotAnIndex); + instructions().append(0); // old structure + instructions().append(0); // offset + instructions().append(0); // new structure + instructions().append(0); // structure chain (unused if direct) + instructions().append(static_cast<int>((putType == PropertyNode::KnownDirect || property != m_vm->propertyNames->underscoreProto) ? PutByIdIsDirect : PutByIdNone)); return value; } -void BytecodeGenerator::emitPutGetterSetter(RegisterID* base, const Identifier& property, RegisterID* getter, RegisterID* setter) +void BytecodeGenerator::emitPutGetterById(RegisterID* base, const Identifier& property, unsigned attributes, RegisterID* getter) +{ + unsigned propertyIndex = addConstant(property); + m_staticPropertyAnalyzer.putById(base->index(), propertyIndex); + + emitOpcode(op_put_getter_by_id); + instructions().append(base->index()); + instructions().append(propertyIndex); + instructions().append(attributes); + instructions().append(getter->index()); +} + +void BytecodeGenerator::emitPutSetterById(RegisterID* base, const Identifier& property, unsigned attributes, RegisterID* setter) +{ + unsigned propertyIndex = addConstant(property); + m_staticPropertyAnalyzer.putById(base->index(), propertyIndex); + + emitOpcode(op_put_setter_by_id); + instructions().append(base->index()); + instructions().append(propertyIndex); + instructions().append(attributes); + instructions().append(setter->index()); +} + +void BytecodeGenerator::emitPutGetterSetter(RegisterID* base, const Identifier& property, unsigned attributes, RegisterID* getter, RegisterID* setter) { unsigned propertyIndex = addConstant(property); m_staticPropertyAnalyzer.putById(base->index(), propertyIndex); - emitOpcode(op_put_getter_setter); + emitOpcode(op_put_getter_setter_by_id); instructions().append(base->index()); instructions().append(propertyIndex); + instructions().append(attributes); instructions().append(getter->index()); instructions().append(setter->index()); } +void BytecodeGenerator::emitPutGetterByVal(RegisterID* base, RegisterID* property, unsigned attributes, RegisterID* getter) +{ + emitOpcode(op_put_getter_by_val); + instructions().append(base->index()); + instructions().append(property->index()); + instructions().append(attributes); + instructions().append(getter->index()); +} + +void BytecodeGenerator::emitPutSetterByVal(RegisterID* base, RegisterID* property, unsigned attributes, RegisterID* setter) +{ + emitOpcode(op_put_setter_by_val); + instructions().append(base->index()); + instructions().append(property->index()); + instructions().append(attributes); + instructions().append(setter->index()); +} + +void BytecodeGenerator::emitPutGeneratorFields(RegisterID* nextFunction) +{ + // FIXME: Currently, we just create an object and store generator related fields as its properties for ease. + // But to make it efficient, we will introduce JSGenerator class, add opcode new_generator and use its C++ fields instead of these private properties. + // https://bugs.webkit.org/show_bug.cgi?id=151545 + + emitDirectPutById(m_generatorRegister, propertyNames().builtinNames().generatorNextPrivateName(), nextFunction, PropertyNode::KnownDirect); + + emitDirectPutById(m_generatorRegister, propertyNames().builtinNames().generatorThisPrivateName(), &m_thisRegister, PropertyNode::KnownDirect); + + emitDirectPutById(m_generatorRegister, propertyNames().builtinNames().generatorStatePrivateName(), emitLoad(nullptr, jsNumber(0)), PropertyNode::KnownDirect); + + emitDirectPutById(m_generatorRegister, propertyNames().builtinNames().generatorFramePrivateName(), emitLoad(nullptr, jsNull()), PropertyNode::KnownDirect); +} + RegisterID* BytecodeGenerator::emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier& property) { emitOpcode(op_del_by_id); @@ -1384,12 +2791,36 @@ RegisterID* BytecodeGenerator::emitDeleteById(RegisterID* dst, RegisterID* base, return dst; } -RegisterID* BytecodeGenerator::emitGetArgumentByVal(RegisterID* dst, RegisterID* base, RegisterID* property) +RegisterID* BytecodeGenerator::emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property) { + for (size_t i = m_forInContextStack.size(); i > 0; i--) { + ForInContext& context = m_forInContextStack[i - 1].get(); + if (context.local() != property) + continue; + + if (!context.isValid()) + break; + + if (context.type() == ForInContext::IndexedForInContextType) { + property = static_cast<IndexedForInContext&>(context).index(); + break; + } + + ASSERT(context.type() == ForInContext::StructureForInContextType); + StructureForInContext& structureContext = static_cast<StructureForInContext&>(context); + UnlinkedValueProfile profile = emitProfiledOpcode(op_get_direct_pname); + instructions().append(kill(dst)); + instructions().append(base->index()); + instructions().append(property->index()); + instructions().append(structureContext.index()->index()); + instructions().append(structureContext.enumerator()->index()); + instructions().append(profile); + return dst; + } + UnlinkedArrayProfile arrayProfile = newArrayProfile(); - UnlinkedValueProfile profile = emitProfiledOpcode(op_get_argument_by_val); + UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_val); instructions().append(kill(dst)); - ASSERT(base->virtualRegister() == m_codeBlock->argumentsRegister()); instructions().append(base->index()); instructions().append(property->index()); instructions().append(arrayProfile); @@ -1397,27 +2828,13 @@ RegisterID* BytecodeGenerator::emitGetArgumentByVal(RegisterID* dst, RegisterID* return dst; } -RegisterID* BytecodeGenerator::emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property) +RegisterID* BytecodeGenerator::emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* thisValue, RegisterID* property) { - for (size_t i = m_forInContextStack.size(); i > 0; i--) { - ForInContext& context = m_forInContextStack[i - 1]; - if (context.propertyRegister == property) { - emitOpcode(op_get_by_pname); - instructions().append(dst->index()); - instructions().append(base->index()); - instructions().append(property->index()); - instructions().append(context.expectedSubscriptRegister->index()); - instructions().append(context.iterRegister->index()); - instructions().append(context.indexRegister->index()); - return dst; - } - } - UnlinkedArrayProfile arrayProfile = newArrayProfile(); - UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_val); + UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_val_with_this); instructions().append(kill(dst)); instructions().append(base->index()); + instructions().append(thisValue->index()); instructions().append(property->index()); - instructions().append(arrayProfile); instructions().append(profile); return dst; } @@ -1430,6 +2847,18 @@ RegisterID* BytecodeGenerator::emitPutByVal(RegisterID* base, RegisterID* proper instructions().append(property->index()); instructions().append(value->index()); instructions().append(arrayProfile); + + return value; +} + +RegisterID* BytecodeGenerator::emitPutByVal(RegisterID* base, RegisterID* thisValue, RegisterID* property, RegisterID* value) +{ + emitOpcode(op_put_by_val_with_this); + instructions().append(base->index()); + instructions().append(thisValue->index()); + instructions().append(property->index()); + instructions().append(value->index()); + return value; } @@ -1462,25 +2891,128 @@ RegisterID* BytecodeGenerator::emitPutByIndex(RegisterID* base, unsigned index, return value; } -RegisterID* BytecodeGenerator::emitCreateThis(RegisterID* dst) +RegisterID* BytecodeGenerator::emitAssert(RegisterID* condition, int line) { - RefPtr<RegisterID> func = newTemporary(); + emitOpcode(op_assert); + instructions().append(condition->index()); + instructions().append(line); + return condition; +} - m_codeBlock->addPropertyAccessInstruction(instructions().size()); - emitOpcode(op_get_callee); - instructions().append(func->index()); - instructions().append(0); +RegisterID* BytecodeGenerator::emitGetArgument(RegisterID* dst, int32_t index) +{ + UnlinkedValueProfile profile = emitProfiledOpcode(op_get_argument); + instructions().append(dst->index()); + instructions().append(index + 1); // Including |this|. + instructions().append(profile); + return dst; +} +RegisterID* BytecodeGenerator::emitCreateThis(RegisterID* dst) +{ size_t begin = instructions().size(); - m_staticPropertyAnalyzer.createThis(m_thisRegister.index(), begin + 3); + m_staticPropertyAnalyzer.createThis(dst->index(), begin + 3); + m_codeBlock->addPropertyAccessInstruction(instructions().size()); emitOpcode(op_create_this); - instructions().append(m_thisRegister.index()); - instructions().append(func->index()); + instructions().append(dst->index()); + instructions().append(dst->index()); + instructions().append(0); instructions().append(0); return dst; } +void BytecodeGenerator::emitTDZCheck(RegisterID* target) +{ + emitOpcode(op_check_tdz); + instructions().append(target->index()); +} + +bool BytecodeGenerator::needsTDZCheck(const Variable& variable) +{ + for (unsigned i = m_TDZStack.size(); i--;) { + auto iter = m_TDZStack[i].find(variable.ident().impl()); + if (iter == m_TDZStack[i].end()) + continue; + return iter->value != TDZNecessityLevel::NotNeeded; + } + + return false; +} + +void BytecodeGenerator::emitTDZCheckIfNecessary(const Variable& variable, RegisterID* target, RegisterID* scope) +{ + if (needsTDZCheck(variable)) { + if (target) + emitTDZCheck(target); + else { + RELEASE_ASSERT(!variable.isLocal() && scope); + RefPtr<RegisterID> result = emitGetFromScope(newTemporary(), scope, variable, DoNotThrowIfNotFound); + emitTDZCheck(result.get()); + } + } +} + +void BytecodeGenerator::liftTDZCheckIfPossible(const Variable& variable) +{ + RefPtr<UniquedStringImpl> identifier(variable.ident().impl()); + for (unsigned i = m_TDZStack.size(); i--;) { + auto iter = m_TDZStack[i].find(identifier); + if (iter != m_TDZStack[i].end()) { + if (iter->value == TDZNecessityLevel::Optimize) + iter->value = TDZNecessityLevel::NotNeeded; + break; + } + } +} + +void BytecodeGenerator::pushTDZVariables(const VariableEnvironment& environment, TDZCheckOptimization optimization, TDZRequirement requirement) +{ + if (!environment.size()) + return; + + TDZNecessityLevel level; + if (requirement == TDZRequirement::UnderTDZ) { + if (optimization == TDZCheckOptimization::Optimize) + level = TDZNecessityLevel::Optimize; + else + level = TDZNecessityLevel::DoNotOptimize; + } else + level = TDZNecessityLevel::NotNeeded; + + TDZMap map; + for (const auto& entry : environment) + map.add(entry.key, entry.value.isFunction() ? TDZNecessityLevel::NotNeeded : level); + + m_TDZStack.append(WTFMove(map)); +} + +void BytecodeGenerator::getVariablesUnderTDZ(VariableEnvironment& result) +{ + // We keep track of variablesThatDontNeedTDZ in this algorithm to prevent + // reporting that "x" is under TDZ if this function is called at "...". + // + // { + // { + // let x; + // ... + // } + // let x; + // } + // + SmallPtrSet<UniquedStringImpl*, 16> variablesThatDontNeedTDZ; + for (unsigned i = m_TDZStack.size(); i--; ) { + auto& map = m_TDZStack[i]; + for (auto& entry : map) { + if (entry.value != TDZNecessityLevel::NotNeeded) { + if (!variablesThatDontNeedTDZ.contains(entry.key.get())) + result.add(entry.key.get()); + } else + variablesThatDontNeedTDZ.add(entry.key.get()); + } + } +} + RegisterID* BytecodeGenerator::emitNewObject(RegisterID* dst) { size_t begin = instructions().size(); @@ -1508,6 +3040,15 @@ JSString* BytecodeGenerator::addStringConstant(const Identifier& identifier) return stringInMap; } +JSTemplateRegistryKey* BytecodeGenerator::addTemplateRegistryKeyConstant(Ref<TemplateRegistryKey>&& templateRegistryKey) +{ + return m_templateRegistryKeyMap.ensure(templateRegistryKey.copyRef(), [&] { + auto* result = JSTemplateRegistryKey::create(*vm(), WTFMove(templateRegistryKey)); + addConstantValue(result); + return result; + }).iterator->value; +} + RegisterID* BytecodeGenerator::emitNewArray(RegisterID* dst, ElementNode* elements, unsigned length) { #if !ASSERT_DISABLED @@ -1564,30 +3105,56 @@ RegisterID* BytecodeGenerator::emitNewArray(RegisterID* dst, ElementNode* elemen return dst; } -RegisterID* BytecodeGenerator::emitNewFunction(RegisterID* dst, CaptureMode captureMode, FunctionBodyNode* function) +RegisterID* BytecodeGenerator::emitNewArrayWithSpread(RegisterID* dst, ElementNode* elements) { - return emitNewFunctionInternal(dst, captureMode, m_codeBlock->addFunctionDecl(makeFunction(function)), false); -} + BitVector bitVector; + Vector<RefPtr<RegisterID>, 16> argv; + for (ElementNode* node = elements; node; node = node->next()) { + bitVector.set(argv.size(), node->value()->isSpreadExpression()); -RegisterID* BytecodeGenerator::emitLazyNewFunction(RegisterID* dst, FunctionBodyNode* function) -{ - FunctionOffsetMap::AddResult ptr = m_functionOffsets.add(function, 0); - if (ptr.isNewEntry) - ptr.iterator->value = m_codeBlock->addFunctionDecl(makeFunction(function)); - return emitNewFunctionInternal(dst, NotCaptured, ptr.iterator->value, true); + argv.append(newTemporary()); + // op_new_array_with_spread requires the initial values to be a sequential range of registers. + RELEASE_ASSERT(argv.size() == 1 || argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() - 1); + } + + RELEASE_ASSERT(argv.size()); + + { + unsigned i = 0; + for (ElementNode* node = elements; node; node = node->next()) { + if (node->value()->isSpreadExpression()) { + ExpressionNode* expression = static_cast<SpreadExpressionNode*>(node->value())->expression(); + RefPtr<RegisterID> tmp = newTemporary(); + emitNode(tmp.get(), expression); + + emitOpcode(op_spread); + instructions().append(argv[i].get()->index()); + instructions().append(tmp.get()->index()); + } else { + ExpressionNode* expression = node->value(); + emitNode(argv[i].get(), expression); + } + i++; + } + } + + unsigned bitVectorIndex = m_codeBlock->addBitVector(WTFMove(bitVector)); + emitOpcode(op_new_array_with_spread); + instructions().append(dst->index()); + instructions().append(argv[0]->index()); // argv + instructions().append(argv.size()); // argc + instructions().append(bitVectorIndex); + + return dst; } -RegisterID* BytecodeGenerator::emitNewFunctionInternal(RegisterID* dst, CaptureMode captureMode, unsigned index, bool doNullCheck) +RegisterID* BytecodeGenerator::emitNewArrayWithSize(RegisterID* dst, RegisterID* length) { - createActivationIfNecessary(); - emitOpcode(captureMode == IsCaptured ? op_new_captured_func : op_new_func); + emitOpcode(op_new_array_with_size); instructions().append(dst->index()); - instructions().append(index); - if (captureMode == IsCaptured) { - ASSERT(!doNullCheck); - instructions().append(watchableVariable(dst->index())); - } else - instructions().append(doNullCheck); + instructions().append(length->index()); + instructions().append(newArrayAllocationProfile()); + return dst; } @@ -1599,66 +3166,131 @@ RegisterID* BytecodeGenerator::emitNewRegExp(RegisterID* dst, RegExp* regExp) return dst; } -RegisterID* BytecodeGenerator::emitNewFunctionExpression(RegisterID* r0, FuncExprNode* n) +void BytecodeGenerator::emitNewFunctionExpressionCommon(RegisterID* dst, FunctionMetadataNode* function) { - FunctionBodyNode* function = n->body(); unsigned index = m_codeBlock->addFunctionExpr(makeFunction(function)); + + OpcodeID opcodeID = op_new_func_exp; + switch (function->parseMode()) { + case SourceParseMode::GeneratorWrapperFunctionMode: + opcodeID = op_new_generator_func_exp; + break; + case SourceParseMode::AsyncFunctionMode: + case SourceParseMode::AsyncMethodMode: + case SourceParseMode::AsyncArrowFunctionMode: + opcodeID = op_new_async_func_exp; + break; + default: + break; + } - createActivationIfNecessary(); + emitOpcode(opcodeID); + instructions().append(dst->index()); + instructions().append(scopeRegister()->index()); + instructions().append(index); +} + +RegisterID* BytecodeGenerator::emitNewFunctionExpression(RegisterID* dst, FuncExprNode* func) +{ + emitNewFunctionExpressionCommon(dst, func->metadata()); + return dst; +} + +RegisterID* BytecodeGenerator::emitNewArrowFunctionExpression(RegisterID* dst, ArrowFuncExprNode* func) +{ + ASSERT(SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(func->metadata()->parseMode())); + emitNewFunctionExpressionCommon(dst, func->metadata()); + return dst; +} + +RegisterID* BytecodeGenerator::emitNewMethodDefinition(RegisterID* dst, MethodDefinitionNode* func) +{ + ASSERT(isMethodParseMode(func->metadata()->parseMode())); + emitNewFunctionExpressionCommon(dst, func->metadata()); + return dst; +} + +RegisterID* BytecodeGenerator::emitNewDefaultConstructor(RegisterID* dst, ConstructorKind constructorKind, const Identifier& name, + const Identifier& ecmaName, const SourceCode& classSource) +{ + UnlinkedFunctionExecutable* executable = m_vm->builtinExecutables()->createDefaultConstructor(constructorKind, name); + executable->setInvalidTypeProfilingOffsets(); + executable->setEcmaName(ecmaName); + executable->setClassSource(classSource); + + unsigned index = m_codeBlock->addFunctionExpr(executable); + emitOpcode(op_new_func_exp); - instructions().append(r0->index()); + instructions().append(dst->index()); + instructions().append(scopeRegister()->index()); instructions().append(index); - return r0; + return dst; } -RegisterID* BytecodeGenerator::emitCall(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd) +RegisterID* BytecodeGenerator::emitNewFunction(RegisterID* dst, FunctionMetadataNode* function) { - return emitCall(op_call, dst, func, expectedFunction, callArguments, divot, divotStart, divotEnd); + unsigned index = m_codeBlock->addFunctionDecl(makeFunction(function)); + if (function->parseMode() == SourceParseMode::GeneratorWrapperFunctionMode) + emitOpcode(op_new_generator_func); + else if (function->parseMode() == SourceParseMode::AsyncFunctionMode) + emitOpcode(op_new_async_func); + else + emitOpcode(op_new_func); + instructions().append(dst->index()); + instructions().append(scopeRegister()->index()); + instructions().append(index); + return dst; } -void BytecodeGenerator::createArgumentsIfNecessary() +void BytecodeGenerator::emitSetFunctionNameIfNeeded(ExpressionNode* valueNode, RegisterID* value, RegisterID* name) { - if (m_codeType != FunctionCode) - return; - - if (!m_codeBlock->usesArguments()) + if (valueNode->isBaseFuncExprNode()) { + FunctionMetadataNode* metadata = static_cast<BaseFuncExprNode*>(valueNode)->metadata(); + if (!metadata->ecmaName().isNull()) + return; + } else if (valueNode->isClassExprNode()) { + ClassExprNode* classExprNode = static_cast<ClassExprNode*>(valueNode); + if (!classExprNode->ecmaName().isNull()) + return; + if (classExprNode->hasStaticProperty(m_vm->propertyNames->name)) + return; + } else return; - if (shouldTearOffArgumentsEagerly()) - return; + // FIXME: We should use an op_call to an internal function here instead. + // https://bugs.webkit.org/show_bug.cgi?id=155547 + emitOpcode(op_set_function_name); + instructions().append(value->index()); + instructions().append(name->index()); +} - emitOpcode(op_create_arguments); - instructions().append(m_codeBlock->argumentsRegister().offset()); - ASSERT(!hasWatchableVariable(m_codeBlock->argumentsRegister().offset())); +RegisterID* BytecodeGenerator::emitCall(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) +{ + return emitCall(op_call, dst, func, expectedFunction, callArguments, divot, divotStart, divotEnd, debuggableCall); } -void BytecodeGenerator::createActivationIfNecessary() +RegisterID* BytecodeGenerator::emitCallInTailPosition(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) { - if (m_hasCreatedActivation) - return; - if (!m_codeBlock->needsFullScopeChain()) - return; - emitOpcode(op_create_activation); - instructions().append(m_activationRegister->index()); + return emitCall(m_inTailPosition ? op_tail_call : op_call, dst, func, expectedFunction, callArguments, divot, divotStart, divotEnd, debuggableCall); } -RegisterID* BytecodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd) +RegisterID* BytecodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) { - return emitCall(op_call_eval, dst, func, NoExpectedFunction, callArguments, divot, divotStart, divotEnd); + return emitCall(op_call_eval, dst, func, NoExpectedFunction, callArguments, divot, divotStart, divotEnd, debuggableCall); } ExpectedFunction BytecodeGenerator::expectedFunctionForIdentifier(const Identifier& identifier) { - if (identifier == m_vm->propertyNames->Object) + if (identifier == propertyNames().Object || identifier == propertyNames().builtinNames().ObjectPrivateName()) return ExpectObjectConstructor; - if (identifier == m_vm->propertyNames->Array) + if (identifier == propertyNames().Array || identifier == propertyNames().builtinNames().ArrayPrivateName()) return ExpectArrayConstructor; return NoExpectedFunction; } -ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, Label* done) +ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, Label& done) { - RefPtr<Label> realCall = newLabel(); + Ref<Label> realCall = newLabel(); switch (expectedFunction) { case ExpectObjectConstructor: { // If the number of arguments is non-zero, then we can't do anything interesting. @@ -1670,6 +3302,7 @@ ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, instructions().append(func->index()); instructions().append(Special::ObjectConstructor); instructions().append(realCall->bind(begin, instructions().size())); + instructions().append(0); if (dst != ignoredResult()) emitNewObject(dst); @@ -1690,14 +3323,12 @@ ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, instructions().append(func->index()); instructions().append(Special::ArrayConstructor); instructions().append(realCall->bind(begin, instructions().size())); + instructions().append(0); if (dst != ignoredResult()) { - if (callArguments.argumentCountIncludingThis() == 2) { - emitOpcode(op_new_array_with_size); - instructions().append(dst->index()); - instructions().append(callArguments.argumentRegister(0)->index()); - instructions().append(newArrayAllocationProfile()); - } else { + if (callArguments.argumentCountIncludingThis() == 2) + emitNewArrayWithSize(dst, callArguments.argumentRegister(0)); + else { ASSERT(callArguments.argumentCountIncludingThis() == 1); emitOpcode(op_new_array); instructions().append(dst->index()); @@ -1716,20 +3347,17 @@ ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, size_t begin = instructions().size(); emitOpcode(op_jmp); - instructions().append(done->bind(begin, instructions().size())); + instructions().append(done.bind(begin, instructions().size())); emitLabel(realCall.get()); return expectedFunction; } -RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd) +RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) { - ASSERT(opcodeID == op_call || opcodeID == op_call_eval); + ASSERT(opcodeID == op_call || opcodeID == op_call_eval || opcodeID == op_tail_call); ASSERT(func->refCount()); - - if (m_shouldEmitProfileHooks) - emitMove(callArguments.profileHookRegister(), func); - + // Generate code for arguments. unsigned argument = 0; if (callArguments.argumentsNode()) { @@ -1737,28 +3365,31 @@ RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, Regi if (n && n->m_expr->isSpreadExpression()) { RELEASE_ASSERT(!n->m_next); auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression(); - expression->emitBytecode(*this, callArguments.argumentRegister(0)); - return emitCallVarargs(dst, func, callArguments.thisRegister(), callArguments.argumentRegister(0), newTemporary(), callArguments.profileHookRegister(), divot, divotStart, divotEnd); + RefPtr<RegisterID> argumentRegister; + argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0)); + RefPtr<RegisterID> thisRegister = emitMove(newTemporary(), callArguments.thisRegister()); + return emitCallVarargs(opcodeID == op_tail_call ? op_tail_call_varargs : op_call_varargs, dst, func, callArguments.thisRegister(), argumentRegister.get(), newTemporary(), 0, divot, divotStart, divotEnd, debuggableCall); } for (; n; n = n->m_next) emitNode(callArguments.argumentRegister(argument++), n); } // Reserve space for call frame. - Vector<RefPtr<RegisterID>, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow> callFrame; - for (int i = 0; i < JSStack::CallFrameHeaderSize; ++i) + Vector<RefPtr<RegisterID>, CallFrame::headerSizeInRegisters, UnsafeVectorOverflow> callFrame; + for (int i = 0; i < CallFrame::headerSizeInRegisters; ++i) callFrame.append(newTemporary()); - if (m_shouldEmitProfileHooks) { - emitOpcode(op_profile_will_call); - instructions().append(callArguments.profileHookRegister()->index()); - } + if (m_shouldEmitDebugHooks && debuggableCall == DebuggableCall::Yes) + emitDebugHook(WillExecuteExpression, divotStart); emitExpressionInfo(divot, divotStart, divotEnd); - RefPtr<Label> done = newLabel(); + Ref<Label> done = newLabel(); expectedFunction = emitExpectedFunctionSnippet(dst, func, expectedFunction, callArguments, done.get()); + if (opcodeID == op_tail_call) + emitLogShadowChickenTailIfNecessary(); + // Emit call. UnlinkedArrayProfile arrayProfile = newArrayProfile(); UnlinkedValueProfile profile = emitProfiledOpcode(opcodeID); @@ -1768,75 +3399,168 @@ RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, Regi instructions().append(func->index()); instructions().append(callArguments.argumentCountIncludingThis()); instructions().append(callArguments.stackOffset()); -#if ENABLE(LLINT) instructions().append(m_codeBlock->addLLIntCallLinkInfo()); -#else instructions().append(0); -#endif instructions().append(arrayProfile); instructions().append(profile); if (expectedFunction != NoExpectedFunction) emitLabel(done.get()); - if (m_shouldEmitProfileHooks) { - emitOpcode(op_profile_did_call); - instructions().append(callArguments.profileHookRegister()->index()); - } - return dst; } -RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd) +RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) { - if (m_shouldEmitProfileHooks) { - emitMove(profileHookRegister, func); - emitOpcode(op_profile_will_call); - instructions().append(profileHookRegister->index()); - } + return emitCallVarargs(op_call_varargs, dst, func, thisRegister, arguments, firstFreeRegister, firstVarArgOffset, divot, divotStart, divotEnd, debuggableCall); +} + +RegisterID* BytecodeGenerator::emitCallVarargsInTailPosition(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) +{ + return emitCallVarargs(m_inTailPosition ? op_tail_call_varargs : op_call_varargs, dst, func, thisRegister, arguments, firstFreeRegister, firstVarArgOffset, divot, divotStart, divotEnd, debuggableCall); +} + +RegisterID* BytecodeGenerator::emitConstructVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) +{ + return emitCallVarargs(op_construct_varargs, dst, func, thisRegister, arguments, firstFreeRegister, firstVarArgOffset, divot, divotStart, divotEnd, debuggableCall); +} + +RegisterID* BytecodeGenerator::emitCallForwardArgumentsInTailPosition(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) +{ + ASSERT(m_inTailPosition); + return emitCallVarargs(op_tail_call_forward_arguments, dst, func, thisRegister, nullptr, firstFreeRegister, firstVarArgOffset, divot, divotStart, divotEnd, debuggableCall); +} +RegisterID* BytecodeGenerator::emitCallVarargs(OpcodeID opcode, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall debuggableCall) +{ + if (m_shouldEmitDebugHooks && debuggableCall == DebuggableCall::Yes) + emitDebugHook(WillExecuteExpression, divotStart); + emitExpressionInfo(divot, divotStart, divotEnd); + if (opcode == op_tail_call_varargs) + emitLogShadowChickenTailIfNecessary(); + // Emit call. UnlinkedArrayProfile arrayProfile = newArrayProfile(); - UnlinkedValueProfile profile = emitProfiledOpcode(op_call_varargs); + UnlinkedValueProfile profile = emitProfiledOpcode(opcode); ASSERT(dst != ignoredResult()); instructions().append(dst->index()); instructions().append(func->index()); - instructions().append(thisRegister->index()); - instructions().append(arguments->index()); + instructions().append(thisRegister ? thisRegister->index() : 0); + instructions().append(arguments ? arguments->index() : 0); instructions().append(firstFreeRegister->index()); + instructions().append(firstVarArgOffset); instructions().append(arrayProfile); instructions().append(profile); - if (m_shouldEmitProfileHooks) { - emitOpcode(op_profile_did_call); - instructions().append(profileHookRegister->index()); - } return dst; } -RegisterID* BytecodeGenerator::emitReturn(RegisterID* src) +void BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary() { - if (m_codeBlock->needsFullScopeChain()) { - emitOpcode(op_tear_off_activation); - instructions().append(m_activationRegister->index()); - } + if (!m_shouldEmitDebugHooks && !Options::alwaysUseShadowChicken()) + return; + emitOpcode(op_log_shadow_chicken_prologue); + instructions().append(scopeRegister()->index()); +} - if (m_codeBlock->usesArguments() && m_codeBlock->numParameters() != 1 && !isStrictMode()) { - emitOpcode(op_tear_off_arguments); - instructions().append(m_codeBlock->argumentsRegister().offset()); - instructions().append(m_activationRegister ? m_activationRegister->index() : emitLoad(0, JSValue())->index()); +void BytecodeGenerator::emitLogShadowChickenTailIfNecessary() +{ + if (!m_shouldEmitDebugHooks && !Options::alwaysUseShadowChicken()) + return; + emitOpcode(op_log_shadow_chicken_tail); + instructions().append(thisRegister()->index()); + instructions().append(scopeRegister()->index()); +} + +void BytecodeGenerator::emitCallDefineProperty(RegisterID* newObj, RegisterID* propertyNameRegister, + RegisterID* valueRegister, RegisterID* getterRegister, RegisterID* setterRegister, unsigned options, const JSTextPosition& position) +{ + DefinePropertyAttributes attributes; + if (options & PropertyConfigurable) + attributes.setConfigurable(true); + + if (options & PropertyWritable) + attributes.setWritable(true); + else if (valueRegister) + attributes.setWritable(false); + + if (options & PropertyEnumerable) + attributes.setEnumerable(true); + + if (valueRegister) + attributes.setValue(); + if (getterRegister) + attributes.setGet(); + if (setterRegister) + attributes.setSet(); + + ASSERT(!valueRegister || (!getterRegister && !setterRegister)); + + emitExpressionInfo(position, position, position); + + if (attributes.hasGet() || attributes.hasSet()) { + RefPtr<RegisterID> throwTypeErrorFunction; + if (!attributes.hasGet() || !attributes.hasSet()) + throwTypeErrorFunction = emitMoveLinkTimeConstant(nullptr, LinkTimeConstant::ThrowTypeErrorFunction); + + RefPtr<RegisterID> getter; + if (attributes.hasGet()) + getter = getterRegister; + else + getter = throwTypeErrorFunction; + + RefPtr<RegisterID> setter; + if (attributes.hasSet()) + setter = setterRegister; + else + setter = throwTypeErrorFunction; + + emitOpcode(op_define_accessor_property); + instructions().append(newObj->index()); + instructions().append(propertyNameRegister->index()); + instructions().append(getter->index()); + instructions().append(setter->index()); + instructions().append(emitLoad(nullptr, jsNumber(attributes.rawRepresentation()))->index()); + } else { + emitOpcode(op_define_data_property); + instructions().append(newObj->index()); + instructions().append(propertyNameRegister->index()); + instructions().append(valueRegister->index()); + instructions().append(emitLoad(nullptr, jsNumber(attributes.rawRepresentation()))->index()); } +} - // Constructors use op_ret_object_or_this to check the result is an - // object, unless we can trivially determine the check is not - // necessary (currently, if the return value is 'this'). - if (isConstructor() && (src->index() != m_thisRegister.index())) { - emitOpcode(op_ret_object_or_this); - instructions().append(src->index()); - instructions().append(m_thisRegister.index()); - return src; +RegisterID* BytecodeGenerator::emitReturn(RegisterID* src, ReturnFrom from) +{ + if (isConstructor()) { + bool mightBeDerived = constructorKind() == ConstructorKind::Extends; + bool srcIsThis = src->index() == m_thisRegister.index(); + + if (mightBeDerived && (srcIsThis || from == ReturnFrom::Finally)) + emitTDZCheck(src); + + if (!srcIsThis || from == ReturnFrom::Finally) { + Ref<Label> isObjectLabel = newLabel(); + emitJumpIfTrue(emitIsObject(newTemporary(), src), isObjectLabel.get()); + + if (mightBeDerived) { + ASSERT(m_isDerivedConstuctor); + Ref<Label> returnThis = newLabel(); + emitJumpIfFalse(m_isDerivedConstuctor, returnThis.get()); + // Else, we're a derived constructor here. + Ref<Label> isUndefinedLabel = newLabel(); + emitJumpIfTrue(emitIsUndefined(newTemporary(), src), isUndefinedLabel.get()); + emitThrowTypeError("Cannot return a non-object type in the constructor of a derived class."); + emitLabel(isUndefinedLabel.get()); + emitTDZCheck(&m_thisRegister); + emitLabel(returnThis.get()); + } + emitUnaryNoDstOp(op_ret, &m_thisRegister); + emitLabel(isObjectLabel.get()); + } } + return emitUnaryNoDstOp(op_ret, src); } @@ -1851,29 +3575,31 @@ RegisterID* BytecodeGenerator::emitConstruct(RegisterID* dst, RegisterID* func, { ASSERT(func->refCount()); - if (m_shouldEmitProfileHooks) - emitMove(callArguments.profileHookRegister(), func); - // Generate code for arguments. unsigned argument = 0; if (ArgumentsNode* argumentsNode = callArguments.argumentsNode()) { + + ArgumentListNode* n = callArguments.argumentsNode()->m_listNode; + if (n && n->m_expr->isSpreadExpression()) { + RELEASE_ASSERT(!n->m_next); + auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression(); + RefPtr<RegisterID> argumentRegister; + argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0)); + return emitConstructVarargs(dst, func, callArguments.thisRegister(), argumentRegister.get(), newTemporary(), 0, divot, divotStart, divotEnd, DebuggableCall::No); + } + for (ArgumentListNode* n = argumentsNode->m_listNode; n; n = n->m_next) emitNode(callArguments.argumentRegister(argument++), n); } - if (m_shouldEmitProfileHooks) { - emitOpcode(op_profile_will_call); - instructions().append(callArguments.profileHookRegister()->index()); - } - // Reserve space for call frame. - Vector<RefPtr<RegisterID>, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow> callFrame; - for (int i = 0; i < JSStack::CallFrameHeaderSize; ++i) + Vector<RefPtr<RegisterID>, CallFrame::headerSizeInRegisters, UnsafeVectorOverflow> callFrame; + for (int i = 0; i < CallFrame::headerSizeInRegisters; ++i) callFrame.append(newTemporary()); emitExpressionInfo(divot, divotStart, divotEnd); - RefPtr<Label> done = newLabel(); + Ref<Label> done = newLabel(); expectedFunction = emitExpectedFunctionSnippet(dst, func, expectedFunction, callArguments, done.get()); UnlinkedValueProfile profile = emitProfiledOpcode(op_construct); @@ -1882,22 +3608,14 @@ RegisterID* BytecodeGenerator::emitConstruct(RegisterID* dst, RegisterID* func, instructions().append(func->index()); instructions().append(callArguments.argumentCountIncludingThis()); instructions().append(callArguments.stackOffset()); -#if ENABLE(LLINT) instructions().append(m_codeBlock->addLLIntCallLinkInfo()); -#else instructions().append(0); -#endif instructions().append(0); instructions().append(profile); if (expectedFunction != NoExpectedFunction) emitLabel(done.get()); - if (m_shouldEmitProfileHooks) { - emitOpcode(op_profile_did_call); - instructions().append(callArguments.profileHookRegister()->index()); - } - return dst; } @@ -1918,76 +3636,114 @@ void BytecodeGenerator::emitToPrimitive(RegisterID* dst, RegisterID* src) instructions().append(src->index()); } -RegisterID* BytecodeGenerator::emitPushWithScope(RegisterID* scope) +void BytecodeGenerator::emitGetScope() { - ControlFlowContext context; - context.isFinallyBlock = false; - m_scopeContextStack.append(context); - m_localScopeDepth++; + emitOpcode(op_get_scope); + instructions().append(scopeRegister()->index()); +} - return emitUnaryNoDstOp(op_push_with_scope, scope); +RegisterID* BytecodeGenerator::emitPushWithScope(RegisterID* objectScope) +{ + pushLocalControlFlowScope(); + RegisterID* newScope = newBlockScopeVariable(); + newScope->ref(); + + emitOpcode(op_push_with_scope); + instructions().append(newScope->index()); + instructions().append(objectScope->index()); + instructions().append(scopeRegister()->index()); + + emitMove(scopeRegister(), newScope); + m_lexicalScopeStack.append({ nullptr, newScope, true, 0 }); + + return newScope; } -void BytecodeGenerator::emitPopScope() +RegisterID* BytecodeGenerator::emitGetParentScope(RegisterID* dst, RegisterID* scope) { - ASSERT(m_scopeContextStack.size()); - ASSERT(!m_scopeContextStack.last().isFinallyBlock); + emitOpcode(op_get_parent_scope); + instructions().append(dst->index()); + instructions().append(scope->index()); + return dst; +} - emitOpcode(op_pop_scope); +void BytecodeGenerator::emitPopScope(RegisterID* dst, RegisterID* scope) +{ + RefPtr<RegisterID> parentScope = emitGetParentScope(newTemporary(), scope); + emitMove(dst, parentScope.get()); +} - m_scopeContextStack.removeLast(); - m_localScopeDepth--; +void BytecodeGenerator::emitPopWithScope() +{ + emitPopScope(scopeRegister(), scopeRegister()); + popLocalControlFlowScope(); + auto stackEntry = m_lexicalScopeStack.takeLast(); + stackEntry.m_scope->deref(); + RELEASE_ASSERT(stackEntry.m_isWithScope); } -void BytecodeGenerator::emitDebugHook(DebugHookID debugHookID, unsigned line, unsigned charOffset, unsigned lineStart) +void BytecodeGenerator::emitDebugHook(DebugHookType debugHookType, const JSTextPosition& divot) { -#if ENABLE(DEBUG_WITH_BREAKPOINT) - if (debugHookID != DidReachBreakpoint) - return; -#else if (!m_shouldEmitDebugHooks) return; -#endif - JSTextPosition divot(line, charOffset, lineStart); + emitExpressionInfo(divot, divot, divot); emitOpcode(op_debug); - instructions().append(debugHookID); + instructions().append(debugHookType); instructions().append(false); } -void BytecodeGenerator::pushFinallyContext(StatementNode* finallyBlock) +void BytecodeGenerator::emitDebugHook(DebugHookType debugHookType, unsigned line, unsigned charOffset, unsigned lineStart) +{ + emitDebugHook(debugHookType, JSTextPosition(line, charOffset, lineStart)); +} + +void BytecodeGenerator::emitDebugHook(StatementNode* statement) +{ + // DebuggerStatementNode will output its own special debug hook. + if (statement->isDebuggerStatement()) + return; + + emitDebugHook(WillExecuteStatement, statement->position()); +} + +void BytecodeGenerator::emitDebugHook(ExpressionNode* expr) +{ + emitDebugHook(WillExecuteStatement, expr->position()); +} + +void BytecodeGenerator::emitWillLeaveCallFrameDebugHook() +{ + RELEASE_ASSERT(m_scopeNode->isFunctionNode()); + emitDebugHook(WillLeaveCallFrame, m_scopeNode->lastLine(), m_scopeNode->startOffset(), m_scopeNode->lineStartOffset()); +} + +FinallyContext* BytecodeGenerator::pushFinallyControlFlowScope(Label& finallyLabel) { // Reclaim free label scopes. while (m_labelScopes.size() && !m_labelScopes.last().refCount()) m_labelScopes.removeLast(); - ControlFlowContext scope; - scope.isFinallyBlock = true; - FinallyContext context = { - finallyBlock, - static_cast<unsigned>(m_scopeContextStack.size()), - static_cast<unsigned>(m_switchContextStack.size()), - static_cast<unsigned>(m_forInContextStack.size()), - static_cast<unsigned>(m_tryContextStack.size()), - static_cast<unsigned>(m_labelScopes.size()), - m_finallyDepth, - m_localScopeDepth - }; - scope.finallyContext = context; - m_scopeContextStack.append(scope); + ControlFlowScope scope(ControlFlowScope::Finally, currentLexicalScopeIndex(), FinallyContext(m_currentFinallyContext, finallyLabel)); + m_controlFlowScopeStack.append(WTFMove(scope)); + m_finallyDepth++; + m_currentFinallyContext = &m_controlFlowScopeStack.last().finallyContext; + return m_currentFinallyContext; } -void BytecodeGenerator::popFinallyContext() +FinallyContext BytecodeGenerator::popFinallyControlFlowScope() { - ASSERT(m_scopeContextStack.size()); - ASSERT(m_scopeContextStack.last().isFinallyBlock); + ASSERT(m_controlFlowScopeStack.size()); + ASSERT(m_controlFlowScopeStack.last().isFinallyScope()); ASSERT(m_finallyDepth > 0); - m_scopeContextStack.removeLast(); + ASSERT(m_currentFinallyContext); + m_currentFinallyContext = m_currentFinallyContext->outerContext(); m_finallyDepth--; + return m_controlFlowScopeStack.takeLast().finallyContext; } -LabelScope* BytecodeGenerator::breakTarget(const Identifier& name) +LabelScopePtr BytecodeGenerator::breakTarget(const Identifier& name) { // Reclaim free label scopes. // @@ -2003,7 +3759,7 @@ LabelScope* BytecodeGenerator::breakTarget(const Identifier& name) } if (!m_labelScopes.size()) - return 0; + return LabelScopePtr::null(); // We special-case the following, which is a syntax error in Firefox: // label: @@ -2011,273 +3767,247 @@ LabelScope* BytecodeGenerator::breakTarget(const Identifier& name) if (name.isEmpty()) { for (int i = m_labelScopes.size() - 1; i >= 0; --i) { LabelScope* scope = &m_labelScopes[i]; - if (scope->type() != LabelScope::NamedLabel) { - ASSERT(scope->breakTarget()); - return scope; - } + if (scope->type() != LabelScope::NamedLabel) + return LabelScopePtr(m_labelScopes, i); } - return 0; + return LabelScopePtr::null(); } for (int i = m_labelScopes.size() - 1; i >= 0; --i) { LabelScope* scope = &m_labelScopes[i]; - if (scope->name() && *scope->name() == name) { - ASSERT(scope->breakTarget()); - return scope; - } + if (scope->name() && *scope->name() == name) + return LabelScopePtr(m_labelScopes, i); } - return 0; + return LabelScopePtr::null(); } -LabelScope* BytecodeGenerator::continueTarget(const Identifier& name) +LabelScopePtr BytecodeGenerator::continueTarget(const Identifier& name) { // Reclaim free label scopes. while (m_labelScopes.size() && !m_labelScopes.last().refCount()) m_labelScopes.removeLast(); if (!m_labelScopes.size()) - return 0; + return LabelScopePtr::null(); if (name.isEmpty()) { for (int i = m_labelScopes.size() - 1; i >= 0; --i) { LabelScope* scope = &m_labelScopes[i]; if (scope->type() == LabelScope::Loop) { ASSERT(scope->continueTarget()); - return scope; + return LabelScopePtr(m_labelScopes, i); } } - return 0; + return LabelScopePtr::null(); } // Continue to the loop nested nearest to the label scope that matches // 'name'. - LabelScope* result = 0; + LabelScopePtr result = LabelScopePtr::null(); for (int i = m_labelScopes.size() - 1; i >= 0; --i) { LabelScope* scope = &m_labelScopes[i]; if (scope->type() == LabelScope::Loop) { ASSERT(scope->continueTarget()); - result = scope; + result = LabelScopePtr(m_labelScopes, i); } if (scope->name() && *scope->name() == name) - return result; // may be 0 + return result; // may be null. } - return 0; + return LabelScopePtr::null(); } -void BytecodeGenerator::emitComplexPopScopes(ControlFlowContext* topScope, ControlFlowContext* bottomScope) +void BytecodeGenerator::allocateCalleeSaveSpace() { - while (topScope > bottomScope) { - // First we count the number of dynamic scopes we need to remove to get - // to a finally block. - int nNormalScopes = 0; - while (topScope > bottomScope) { - if (topScope->isFinallyBlock) - break; - ++nNormalScopes; - --topScope; - } + size_t virtualRegisterCountForCalleeSaves = CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters(); + + for (size_t i = 0; i < virtualRegisterCountForCalleeSaves; i++) { + RegisterID* localRegister = addVar(); + localRegister->ref(); + m_localRegistersForCalleeSaveRegisters.append(localRegister); + } +} + +void BytecodeGenerator::allocateAndEmitScope() +{ + m_scopeRegister = addVar(); + m_scopeRegister->ref(); + m_codeBlock->setScopeRegister(scopeRegister()->virtualRegister()); + emitGetScope(); + m_topMostScope = addVar(); + emitMove(m_topMostScope, scopeRegister()); +} - if (nNormalScopes) { - // We need to remove a number of dynamic scopes to get to the next - // finally block - while (nNormalScopes--) - emitOpcode(op_pop_scope); +TryData* BytecodeGenerator::pushTry(Label& start, Label& handlerLabel, HandlerType handlerType) +{ + m_tryData.append(TryData { handlerLabel, handlerType }); + TryData* result = &m_tryData.last(); + + m_tryContextStack.append(TryContext { + start, + result + }); + + return result; +} - // If topScope == bottomScope then there isn't a finally block left to emit. - if (topScope == bottomScope) +void BytecodeGenerator::popTry(TryData* tryData, Label& end) +{ + m_usesExceptions = true; + + ASSERT_UNUSED(tryData, m_tryContextStack.last().tryData == tryData); + + m_tryRanges.append(TryRange { + m_tryContextStack.last().start.copyRef(), + end, + m_tryContextStack.last().tryData + }); + m_tryContextStack.removeLast(); +} + +void BytecodeGenerator::emitCatch(RegisterID* exceptionRegister, RegisterID* thrownValueRegister) +{ + emitOpcode(op_catch); + instructions().append(exceptionRegister->index()); + instructions().append(thrownValueRegister->index()); +} + +void BytecodeGenerator::restoreScopeRegister(int lexicalScopeIndex) +{ + if (lexicalScopeIndex == CurrentLexicalScopeIndex) + return; // No change needed. + + if (lexicalScopeIndex != OutermostLexicalScopeIndex) { + ASSERT(lexicalScopeIndex < static_cast<int>(m_lexicalScopeStack.size())); + int endIndex = lexicalScopeIndex + 1; + for (size_t i = endIndex; i--; ) { + if (m_lexicalScopeStack[i].m_scope) { + emitMove(scopeRegister(), m_lexicalScopeStack[i].m_scope); return; - } - - Vector<ControlFlowContext> savedScopeContextStack; - Vector<SwitchInfo> savedSwitchContextStack; - Vector<ForInContext> savedForInContextStack; - Vector<TryContext> poppedTryContexts; - LabelScopeStore savedLabelScopes; - while (topScope > bottomScope && topScope->isFinallyBlock) { - RefPtr<Label> beforeFinally = emitLabel(newLabel().get()); - - // Save the current state of the world while instating the state of the world - // for the finally block. - FinallyContext finallyContext = topScope->finallyContext; - bool flipScopes = finallyContext.scopeContextStackSize != m_scopeContextStack.size(); - bool flipSwitches = finallyContext.switchContextStackSize != m_switchContextStack.size(); - bool flipForIns = finallyContext.forInContextStackSize != m_forInContextStack.size(); - bool flipTries = finallyContext.tryContextStackSize != m_tryContextStack.size(); - bool flipLabelScopes = finallyContext.labelScopesSize != m_labelScopes.size(); - int topScopeIndex = -1; - int bottomScopeIndex = -1; - if (flipScopes) { - topScopeIndex = topScope - m_scopeContextStack.begin(); - bottomScopeIndex = bottomScope - m_scopeContextStack.begin(); - savedScopeContextStack = m_scopeContextStack; - m_scopeContextStack.shrink(finallyContext.scopeContextStackSize); - } - if (flipSwitches) { - savedSwitchContextStack = m_switchContextStack; - m_switchContextStack.shrink(finallyContext.switchContextStackSize); - } - if (flipForIns) { - savedForInContextStack = m_forInContextStack; - m_forInContextStack.shrink(finallyContext.forInContextStackSize); } - if (flipTries) { - while (m_tryContextStack.size() != finallyContext.tryContextStackSize) { - ASSERT(m_tryContextStack.size() > finallyContext.tryContextStackSize); - TryContext context = m_tryContextStack.last(); - m_tryContextStack.removeLast(); - TryRange range; - range.start = context.start; - range.end = beforeFinally; - range.tryData = context.tryData; - m_tryRanges.append(range); - poppedTryContexts.append(context); - } - } - if (flipLabelScopes) { - savedLabelScopes = m_labelScopes; - while (m_labelScopes.size() > finallyContext.labelScopesSize) - m_labelScopes.removeLast(); - } - int savedFinallyDepth = m_finallyDepth; - m_finallyDepth = finallyContext.finallyDepth; - int savedDynamicScopeDepth = m_localScopeDepth; - m_localScopeDepth = finallyContext.dynamicScopeDepth; - - // Emit the finally block. - emitNode(finallyContext.finallyBlock); - - RefPtr<Label> afterFinally = emitLabel(newLabel().get()); - - // Restore the state of the world. - if (flipScopes) { - m_scopeContextStack = savedScopeContextStack; - topScope = &m_scopeContextStack[topScopeIndex]; // assert it's within bounds - bottomScope = m_scopeContextStack.begin() + bottomScopeIndex; // don't assert, since it the index might be -1. - } - if (flipSwitches) - m_switchContextStack = savedSwitchContextStack; - if (flipForIns) - m_forInContextStack = savedForInContextStack; - if (flipTries) { - ASSERT(m_tryContextStack.size() == finallyContext.tryContextStackSize); - for (unsigned i = poppedTryContexts.size(); i--;) { - TryContext context = poppedTryContexts[i]; - context.start = afterFinally; - m_tryContextStack.append(context); - } - poppedTryContexts.clear(); - } - if (flipLabelScopes) - m_labelScopes = savedLabelScopes; - m_finallyDepth = savedFinallyDepth; - m_localScopeDepth = savedDynamicScopeDepth; - - --topScope; } } + // Note that if we don't find a local scope in the current function/program, + // we must grab the outer-most scope of this bytecode generation. + emitMove(scopeRegister(), m_topMostScope); } -void BytecodeGenerator::emitPopScopes(int targetScopeDepth) +void BytecodeGenerator::restoreScopeRegister() { - ASSERT(scopeDepth() - targetScopeDepth >= 0); + restoreScopeRegister(currentLexicalScopeIndex()); +} - size_t scopeDelta = scopeDepth() - targetScopeDepth; - ASSERT(scopeDelta <= m_scopeContextStack.size()); +int BytecodeGenerator::labelScopeDepthToLexicalScopeIndex(int targetLabelScopeDepth) +{ + ASSERT(labelScopeDepth() - targetLabelScopeDepth >= 0); + size_t scopeDelta = labelScopeDepth() - targetLabelScopeDepth; + ASSERT(scopeDelta <= m_controlFlowScopeStack.size()); if (!scopeDelta) - return; + return CurrentLexicalScopeIndex; - if (!m_finallyDepth) { - while (scopeDelta--) - emitOpcode(op_pop_scope); - return; - } + ControlFlowScope& targetScope = m_controlFlowScopeStack[targetLabelScopeDepth]; + return targetScope.lexicalScopeIndex; +} - emitComplexPopScopes(&m_scopeContextStack.last(), &m_scopeContextStack.last() - scopeDelta); +int BytecodeGenerator::localScopeDepth() const +{ + return m_localScopeDepth; } -RegisterID* BytecodeGenerator::emitGetPropertyNames(RegisterID* dst, RegisterID* base, RegisterID* i, RegisterID* size, Label* breakTarget) +int BytecodeGenerator::labelScopeDepth() const { - size_t begin = instructions().size(); + unsigned depth = localScopeDepth() + m_finallyDepth; + ASSERT(depth == m_controlFlowScopeStack.size()); + return depth; +} - emitOpcode(op_get_pnames); - instructions().append(dst->index()); - instructions().append(base->index()); - instructions().append(i->index()); - instructions().append(size->index()); - instructions().append(breakTarget->bind(begin, instructions().size())); - return dst; +void BytecodeGenerator::emitThrowStaticError(ErrorType errorType, RegisterID* raw) +{ + RefPtr<RegisterID> message = newTemporary(); + emitToString(message.get(), raw); + emitOpcode(op_throw_static_error); + instructions().append(message->index()); + instructions().append(static_cast<unsigned>(errorType)); } -RegisterID* BytecodeGenerator::emitNextPropertyName(RegisterID* dst, RegisterID* base, RegisterID* i, RegisterID* size, RegisterID* iter, Label* target) +void BytecodeGenerator::emitThrowStaticError(ErrorType errorType, const Identifier& message) { - size_t begin = instructions().size(); + emitOpcode(op_throw_static_error); + instructions().append(addConstantValue(addStringConstant(message))->index()); + instructions().append(static_cast<unsigned>(errorType)); +} - emitOpcode(op_next_pname); - instructions().append(dst->index()); - instructions().append(base->index()); - instructions().append(i->index()); - instructions().append(size->index()); - instructions().append(iter->index()); - instructions().append(target->bind(begin, instructions().size())); - return dst; +void BytecodeGenerator::emitThrowReferenceError(const String& message) +{ + emitThrowStaticError(ErrorType::ReferenceError, Identifier::fromString(m_vm, message)); } -TryData* BytecodeGenerator::pushTry(Label* start) +void BytecodeGenerator::emitThrowTypeError(const String& message) { - TryData tryData; - tryData.target = newLabel(); - tryData.targetScopeDepth = UINT_MAX; - m_tryData.append(tryData); - TryData* result = &m_tryData.last(); - - TryContext tryContext; - tryContext.start = start; - tryContext.tryData = result; - - m_tryContextStack.append(tryContext); - - return result; + emitThrowStaticError(ErrorType::TypeError, Identifier::fromString(m_vm, message)); } -RegisterID* BytecodeGenerator::popTryAndEmitCatch(TryData* tryData, RegisterID* targetRegister, Label* end) +void BytecodeGenerator::emitThrowTypeError(const Identifier& message) { - m_usesExceptions = true; - - ASSERT_UNUSED(tryData, m_tryContextStack.last().tryData == tryData); - - TryRange tryRange; - tryRange.start = m_tryContextStack.last().start; - tryRange.end = end; - tryRange.tryData = m_tryContextStack.last().tryData; - m_tryRanges.append(tryRange); - m_tryContextStack.removeLast(); - - emitLabel(tryRange.tryData->target.get()); - tryRange.tryData->targetScopeDepth = m_localScopeDepth; + emitThrowStaticError(ErrorType::TypeError, message); +} - emitOpcode(op_catch); - instructions().append(targetRegister->index()); - return targetRegister; +void BytecodeGenerator::emitThrowRangeError(const Identifier& message) +{ + emitThrowStaticError(ErrorType::RangeError, message); } -void BytecodeGenerator::emitThrowReferenceError(const String& message) +void BytecodeGenerator::emitThrowOutOfMemoryError() { - emitOpcode(op_throw_static_error); - instructions().append(addConstantValue(addStringConstant(Identifier(m_vm, message)))->index()); - instructions().append(true); + emitThrowStaticError(ErrorType::Error, Identifier::fromString(m_vm, "Out of memory")); +} + +void BytecodeGenerator::emitPushFunctionNameScope(const Identifier& property, RegisterID* callee, bool isCaptured) +{ + // There is some nuance here: + // If we're in strict mode code, the function name scope variable acts exactly like a "const" variable. + // If we're not in strict mode code, we want to allow bogus assignments to the name scoped variable. + // This means any assignment to the variable won't throw, but it won't actually assign a new value to it. + // To accomplish this, we don't report that this scope is a lexical scope. This will prevent + // any throws when trying to assign to the variable (while still ensuring it keeps its original + // value). There is some ugliness and exploitation of a leaky abstraction here, but it's better than + // having a completely new op code and a class to handle name scopes which are so close in functionality + // to lexical environments. + VariableEnvironment nameScopeEnvironment; + auto addResult = nameScopeEnvironment.add(property); + if (isCaptured) + addResult.iterator->value.setIsCaptured(); + addResult.iterator->value.setIsConst(); // The function name scope name acts like a const variable. + unsigned numVars = m_codeBlock->m_numVars; + pushLexicalScopeInternal(nameScopeEnvironment, TDZCheckOptimization::Optimize, NestedScopeType::IsNotNested, nullptr, TDZRequirement::NotUnderTDZ, ScopeType::FunctionNameScope, ScopeRegisterType::Var); + ASSERT_UNUSED(numVars, m_codeBlock->m_numVars == static_cast<int>(numVars + 1)); // Should have only created one new "var" for the function name scope. + bool shouldTreatAsLexicalVariable = isStrictMode(); + Variable functionVar = variableForLocalEntry(property, m_lexicalScopeStack.last().m_symbolTable->get(NoLockingNecessary, property.impl()), m_lexicalScopeStack.last().m_symbolTableConstantIndex, shouldTreatAsLexicalVariable); + emitPutToScope(m_lexicalScopeStack.last().m_scope, functionVar, callee, ThrowIfNotFound, InitializationMode::NotInitialization); } -void BytecodeGenerator::emitPushNameScope(const Identifier& property, RegisterID* value, unsigned attributes) +void BytecodeGenerator::pushLocalControlFlowScope() { - ControlFlowContext context; - context.isFinallyBlock = false; - m_scopeContextStack.append(context); + ControlFlowScope scope(ControlFlowScope::Label, currentLexicalScopeIndex()); + m_controlFlowScopeStack.append(WTFMove(scope)); m_localScopeDepth++; +} - emitOpcode(op_push_name_scope); - instructions().append(addConstant(property)); - instructions().append(value->index()); - instructions().append(attributes); +void BytecodeGenerator::popLocalControlFlowScope() +{ + ASSERT(m_controlFlowScopeStack.size()); + ASSERT(!m_controlFlowScopeStack.last().isFinallyScope()); + m_controlFlowScopeStack.removeLast(); + m_localScopeDepth--; +} + +void BytecodeGenerator::emitPushCatchScope(VariableEnvironment& environment) +{ + pushLexicalScopeInternal(environment, TDZCheckOptimization::Optimize, NestedScopeType::IsNotNested, nullptr, TDZRequirement::UnderTDZ, ScopeType::CatchScope, ScopeRegisterType::Block); +} + +void BytecodeGenerator::emitPopCatchScope(VariableEnvironment& environment) +{ + popLexicalScopeInternal(environment); } void BytecodeGenerator::beginSwitch(RegisterID* scrutineeRegister, SwitchInfo::SwitchType type) @@ -2330,7 +4060,7 @@ static int32_t keyForCharacterSwitch(ExpressionNode* node, int32_t min, int32_t static void prepareJumpTableForSwitch( UnlinkedSimpleJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount, - RefPtr<Label>* labels, ExpressionNode** nodes, int32_t min, int32_t max, + const Vector<Ref<Label>, 8>& labels, ExpressionNode** nodes, int32_t min, int32_t max, int32_t (*keyGetter)(ExpressionNode*, int32_t min, int32_t max)) { jumpTable.min = min; @@ -2344,7 +4074,7 @@ static void prepareJumpTableForSwitch( } } -static void prepareJumpTableForStringSwitch(UnlinkedStringJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes) +static void prepareJumpTableForStringSwitch(UnlinkedStringJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount, const Vector<Ref<Label>, 8>& labels, ExpressionNode** nodes) { for (uint32_t i = 0; i < clauseCount; ++i) { // We're emitting this after the clause labels should have been fixed, so @@ -2353,11 +4083,11 @@ static void prepareJumpTableForStringSwitch(UnlinkedStringJumpTable& jumpTable, ASSERT(nodes[i]->isString()); StringImpl* clause = static_cast<StringNode*>(nodes[i])->value().impl(); - jumpTable.offsetTable.add(clause, labels[i]->bind(switchAddress, switchAddress + 3)); + jumpTable.offsetTable.add(clause, UnlinkedStringJumpTable::OffsetLocation { labels[i]->bind(switchAddress, switchAddress + 3) }); } } -void BytecodeGenerator::endSwitch(uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes, Label* defaultLabel, int32_t min, int32_t max) +void BytecodeGenerator::endSwitch(uint32_t clauseCount, const Vector<Ref<Label>, 8>& labels, ExpressionNode** nodes, Label& defaultLabel, int32_t min, int32_t max) { SwitchInfo switchInfo = m_switchContextStack.last(); m_switchContextStack.removeLast(); @@ -2366,7 +4096,7 @@ void BytecodeGenerator::endSwitch(uint32_t clauseCount, RefPtr<Label>* labels, E case SwitchInfo::SwitchImmediate: case SwitchInfo::SwitchCharacter: { instructions()[switchInfo.bytecodeOffset + 1] = m_codeBlock->numberOfSwitchJumpTables(); - instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel->bind(switchInfo.bytecodeOffset, switchInfo.bytecodeOffset + 3); + instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel.bind(switchInfo.bytecodeOffset, switchInfo.bytecodeOffset + 3); UnlinkedSimpleJumpTable& jumpTable = m_codeBlock->addSwitchJumpTable(); prepareJumpTableForSwitch( @@ -2379,7 +4109,7 @@ void BytecodeGenerator::endSwitch(uint32_t clauseCount, RefPtr<Label>* labels, E case SwitchInfo::SwitchString: { instructions()[switchInfo.bytecodeOffset + 1] = m_codeBlock->numberOfStringSwitchJumpTables(); - instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel->bind(switchInfo.bytecodeOffset, switchInfo.bytecodeOffset + 3); + instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel.bind(switchInfo.bytecodeOffset, switchInfo.bytecodeOffset + 3); UnlinkedStringJumpTable& jumpTable = m_codeBlock->addStringSwitchJumpTable(); prepareJumpTableForStringSwitch(jumpTable, switchInfo.bytecodeOffset, clauseCount, labels, nodes); @@ -2402,81 +4132,856 @@ RegisterID* BytecodeGenerator::emitThrowExpressionTooDeepException() return newTemporary(); } -void BytecodeGenerator::setIsNumericCompareFunction(bool isNumericCompareFunction) -{ - m_codeBlock->setIsNumericCompareFunction(isNumericCompareFunction); -} - bool BytecodeGenerator::isArgumentNumber(const Identifier& ident, int argumentNumber) { - RegisterID* registerID = local(ident).get(); - if (!registerID || registerID->index() >= 0) - return 0; + RegisterID* registerID = variable(ident).local(); + if (!registerID) + return false; return registerID->index() == CallFrame::argumentOffset(argumentNumber); } -void BytecodeGenerator::emitReadOnlyExceptionIfNeeded() +bool BytecodeGenerator::emitReadOnlyExceptionIfNeeded(const Variable& variable) { - if (!isStrictMode()) - return; - emitOpcode(op_throw_static_error); - instructions().append(addConstantValue(addStringConstant(Identifier(m_vm, StrictModeReadonlyPropertyWriteError)))->index()); - instructions().append(false); + // If we're in strict mode, we always throw. + // If we're not in strict mode, we throw for "const" variables but not the function callee. + if (isStrictMode() || variable.isConst()) { + emitThrowTypeError(Identifier::fromString(m_vm, ReadonlyPropertyWriteError)); + return true; + } + return false; } - -void BytecodeGenerator::emitEnumeration(ThrowableExpressionData* node, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack) + +void BytecodeGenerator::emitEnumeration(ThrowableExpressionData* node, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack, ForOfNode* forLoopNode, RegisterID* forLoopSymbolTable) { - if (subjectNode->isResolveNode() - && willResolveToArguments(static_cast<ResolveNode*>(subjectNode)->identifier()) - && !symbolTable().slowArguments()) { - RefPtr<RegisterID> index = emitLoad(newTemporary(), jsNumber(0)); + CompletionRecordScope completionRecordScope(*this); + RefPtr<RegisterID> subject = newTemporary(); + emitNode(subject.get(), subjectNode); + RefPtr<RegisterID> iterator = emitGetById(newTemporary(), subject.get(), propertyNames().iteratorSymbol); + { + CallArguments args(*this, nullptr); + emitMove(args.thisRegister(), subject.get()); + emitCall(iterator.get(), iterator.get(), NoExpectedFunction, args, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + } + + Ref<Label> loopDone = newLabel(); + Ref<Label> tryStartLabel = newLabel(); + Ref<Label> finallyViaThrowLabel = newLabel(); + Ref<Label> finallyLabel = newLabel(); + Ref<Label> catchLabel = newLabel(); + Ref<Label> endCatchLabel = newLabel(); + + // RefPtr<Register> iterator's lifetime must be longer than IteratorCloseContext. + FinallyContext* finallyContext = pushFinallyControlFlowScope(finallyLabel.get()); + + { LabelScopePtr scope = newLabelScope(LabelScope::Loop); - RefPtr<RegisterID> value = emitLoad(newTemporary(), jsUndefined()); - - emitJump(scope->continueTarget()); - - RefPtr<Label> loopStart = newLabel(); + RefPtr<RegisterID> value = newTemporary(); + emitLoad(value.get(), jsUndefined()); + + emitJump(*scope->continueTarget()); + + Ref<Label> loopStart = newLabel(); emitLabel(loopStart.get()); emitLoopHint(); - emitGetArgumentByVal(value.get(), uncheckedRegisterForArguments(), index.get()); + + emitLabel(tryStartLabel.get()); + TryData* tryData = pushTry(tryStartLabel.get(), finallyViaThrowLabel.get(), HandlerType::SynthesizedFinally); callBack(*this, value.get()); - emitInc(index.get()); - emitLabel(scope->continueTarget()); + emitJump(*scope->continueTarget()); + + // IteratorClose sequence for abrupt completions. + { + // Finally block for the enumeration. + emitLabel(finallyViaThrowLabel.get()); + popTry(tryData, finallyViaThrowLabel.get()); + + Ref<Label> finallyBodyLabel = newLabel(); + RefPtr<RegisterID> finallyExceptionRegister = newTemporary(); + RegisterID* unused = newTemporary(); + + emitCatch(completionValueRegister(), unused); + emitSetCompletionType(CompletionType::Throw); + emitMove(finallyExceptionRegister.get(), completionValueRegister()); + emitJump(finallyBodyLabel.get()); + + emitLabel(finallyLabel.get()); + emitMoveEmptyValue(finallyExceptionRegister.get()); + + emitLabel(finallyBodyLabel.get()); + restoreScopeRegister(); + + Ref<Label> finallyDone = newLabel(); + + RefPtr<RegisterID> returnMethod = emitGetById(newTemporary(), iterator.get(), propertyNames().returnKeyword); + emitJumpIfTrue(emitIsUndefined(newTemporary(), returnMethod.get()), finallyDone.get()); + + Ref<Label> returnCallTryStart = newLabel(); + emitLabel(returnCallTryStart.get()); + TryData* returnCallTryData = pushTry(returnCallTryStart.get(), catchLabel.get(), HandlerType::SynthesizedCatch); + + CallArguments returnArguments(*this, nullptr); + emitMove(returnArguments.thisRegister(), iterator.get()); + emitCall(value.get(), returnMethod.get(), NoExpectedFunction, returnArguments, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + emitJumpIfTrue(emitIsObject(newTemporary(), value.get()), finallyDone.get()); + emitThrowTypeError(ASCIILiteral("Iterator result interface is not an object.")); + + emitLabel(finallyDone.get()); + emitFinallyCompletion(*finallyContext, completionTypeRegister(), endCatchLabel.get()); + + popTry(returnCallTryData, finallyDone.get()); + + // Catch block for exceptions that may be thrown while calling the return + // handler in the enumeration finally block. The only reason we need this + // catch block is because if entered the above finally block due to a thrown + // exception, then we want to re-throw the original exception on exiting + // the finally block. Otherwise, we'll let any new exception pass through. + { + emitLabel(catchLabel.get()); + RefPtr<RegisterID> exceptionRegister = newTemporary(); + RegisterID* unused = newTemporary(); + emitCatch(exceptionRegister.get(), unused); + // Since this is a synthesized catch block and we're guaranteed to never need + // to resolve any symbols from the scope, we can skip restoring the scope + // register here. + + Ref<Label> throwLabel = newLabel(); + emitJumpIfTrue(emitIsEmpty(newTemporary(), finallyExceptionRegister.get()), throwLabel.get()); + emitMove(exceptionRegister.get(), finallyExceptionRegister.get()); + + emitLabel(throwLabel.get()); + emitThrow(exceptionRegister.get()); + + emitLabel(endCatchLabel.get()); + } + } + + emitLabel(*scope->continueTarget()); + if (forLoopNode) { + RELEASE_ASSERT(forLoopNode->isForOfNode()); + prepareLexicalScopeForNextForLoopIteration(forLoopNode, forLoopSymbolTable); + emitDebugHook(forLoopNode->lexpr()); + } + + { + emitIteratorNext(value.get(), iterator.get(), node); + emitJumpIfTrue(emitGetById(newTemporary(), value.get(), propertyNames().done), loopDone.get()); + emitGetById(value.get(), value.get(), propertyNames().value); + emitJump(loopStart.get()); + } - RefPtr<RegisterID> length = emitGetArgumentsLength(newTemporary(), uncheckedRegisterForArguments()); - emitJumpIfTrue(emitEqualityOp(op_less, newTemporary(), index.get(), length.get()), loopStart.get()); emitLabel(scope->breakTarget()); - return; } - LabelScopePtr scope = newLabelScope(LabelScope::Loop); - RefPtr<RegisterID> subject = newTemporary(); - emitNode(subject.get(), subjectNode); - RefPtr<RegisterID> iterator = emitGetById(newTemporary(), subject.get(), propertyNames().iteratorPrivateName); + // IteratorClose sequence for break-ed control flow. + popFinallyControlFlowScope(); + emitIteratorClose(iterator.get(), node); + emitLabel(loopDone.get()); +} + +RegisterID* BytecodeGenerator::emitGetTemplateObject(RegisterID* dst, TaggedTemplateNode* taggedTemplate) +{ + TemplateRegistryKey::StringVector rawStrings; + TemplateRegistryKey::OptionalStringVector cookedStrings; + + TemplateStringListNode* templateString = taggedTemplate->templateLiteral()->templateStrings(); + for (; templateString; templateString = templateString->next()) { + auto* string = templateString->value(); + ASSERT(string->raw()); + rawStrings.append(string->raw()->impl()); + if (!string->cooked()) + cookedStrings.append(std::nullopt); + else + cookedStrings.append(string->cooked()->impl()); + } + + RefPtr<RegisterID> getTemplateObject = emitGetGlobalPrivate(newTemporary(), propertyNames().builtinNames().getTemplateObjectPrivateName()); + CallArguments arguments(*this, nullptr); + emitLoad(arguments.thisRegister(), JSValue(addTemplateRegistryKeyConstant(m_vm->templateRegistryKeyTable().createKey(WTFMove(rawStrings), WTFMove(cookedStrings))))); + return emitCall(dst, getTemplateObject.get(), NoExpectedFunction, arguments, taggedTemplate->divot(), taggedTemplate->divotStart(), taggedTemplate->divotEnd(), DebuggableCall::No); +} + +RegisterID* BytecodeGenerator::emitGetGlobalPrivate(RegisterID* dst, const Identifier& property) +{ + dst = tempDestination(dst); + Variable var = variable(property); + if (RegisterID* local = var.local()) + return emitMove(dst, local); + + RefPtr<RegisterID> scope = newTemporary(); + moveToDestinationIfNeeded(scope.get(), emitResolveScope(scope.get(), var)); + return emitGetFromScope(dst, scope.get(), var, ThrowIfNotFound); +} + +RegisterID* BytecodeGenerator::emitGetEnumerableLength(RegisterID* dst, RegisterID* base) +{ + emitOpcode(op_get_enumerable_length); + instructions().append(dst->index()); + instructions().append(base->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitHasGenericProperty(RegisterID* dst, RegisterID* base, RegisterID* propertyName) +{ + emitOpcode(op_has_generic_property); + instructions().append(dst->index()); + instructions().append(base->index()); + instructions().append(propertyName->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitHasIndexedProperty(RegisterID* dst, RegisterID* base, RegisterID* propertyName) +{ + UnlinkedArrayProfile arrayProfile = newArrayProfile(); + emitOpcode(op_has_indexed_property); + instructions().append(dst->index()); + instructions().append(base->index()); + instructions().append(propertyName->index()); + instructions().append(arrayProfile); + return dst; +} + +RegisterID* BytecodeGenerator::emitHasStructureProperty(RegisterID* dst, RegisterID* base, RegisterID* propertyName, RegisterID* enumerator) +{ + emitOpcode(op_has_structure_property); + instructions().append(dst->index()); + instructions().append(base->index()); + instructions().append(propertyName->index()); + instructions().append(enumerator->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitGetPropertyEnumerator(RegisterID* dst, RegisterID* base) +{ + emitOpcode(op_get_property_enumerator); + instructions().append(dst->index()); + instructions().append(base->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitEnumeratorStructurePropertyName(RegisterID* dst, RegisterID* enumerator, RegisterID* index) +{ + emitOpcode(op_enumerator_structure_pname); + instructions().append(dst->index()); + instructions().append(enumerator->index()); + instructions().append(index->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitEnumeratorGenericPropertyName(RegisterID* dst, RegisterID* enumerator, RegisterID* index) +{ + emitOpcode(op_enumerator_generic_pname); + instructions().append(dst->index()); + instructions().append(enumerator->index()); + instructions().append(index->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitToIndexString(RegisterID* dst, RegisterID* index) +{ + emitOpcode(op_to_index_string); + instructions().append(dst->index()); + instructions().append(index->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitIsCellWithType(RegisterID* dst, RegisterID* src, JSType type) +{ + emitOpcode(op_is_cell_with_type); + instructions().append(dst->index()); + instructions().append(src->index()); + instructions().append(type); + return dst; +} + +RegisterID* BytecodeGenerator::emitIsObject(RegisterID* dst, RegisterID* src) +{ + emitOpcode(op_is_object); + instructions().append(dst->index()); + instructions().append(src->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitIsNumber(RegisterID* dst, RegisterID* src) +{ + emitOpcode(op_is_number); + instructions().append(dst->index()); + instructions().append(src->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitIsUndefined(RegisterID* dst, RegisterID* src) +{ + emitOpcode(op_is_undefined); + instructions().append(dst->index()); + instructions().append(src->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitIsEmpty(RegisterID* dst, RegisterID* src) +{ + emitOpcode(op_is_empty); + instructions().append(dst->index()); + instructions().append(src->index()); + return dst; +} + +RegisterID* BytecodeGenerator::emitIteratorNext(RegisterID* dst, RegisterID* iterator, const ThrowableExpressionData* node) +{ { - CallArguments args(*this, 0); - emitMove(args.thisRegister(), subject.get()); - emitCall(iterator.get(), iterator.get(), NoExpectedFunction, args, node->divot(), node->divotStart(), node->divotEnd()); + RefPtr<RegisterID> next = emitGetById(newTemporary(), iterator, propertyNames().next); + CallArguments nextArguments(*this, nullptr); + emitMove(nextArguments.thisRegister(), iterator); + emitCall(dst, next.get(), NoExpectedFunction, nextArguments, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + } + { + Ref<Label> typeIsObject = newLabel(); + emitJumpIfTrue(emitIsObject(newTemporary(), dst), typeIsObject.get()); + emitThrowTypeError(ASCIILiteral("Iterator result interface is not an object.")); + emitLabel(typeIsObject.get()); } - RefPtr<RegisterID> iteratorNext = emitGetById(newTemporary(), iterator.get(), propertyNames().iteratorNextPrivateName); + return dst; +} + +RegisterID* BytecodeGenerator::emitIteratorNextWithValue(RegisterID* dst, RegisterID* iterator, RegisterID* value, const ThrowableExpressionData* node) +{ + { + RefPtr<RegisterID> next = emitGetById(newTemporary(), iterator, propertyNames().next); + CallArguments nextArguments(*this, nullptr, 1); + emitMove(nextArguments.thisRegister(), iterator); + emitMove(nextArguments.argumentRegister(0), value); + emitCall(dst, next.get(), NoExpectedFunction, nextArguments, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + } + { + Ref<Label> typeIsObject = newLabel(); + emitJumpIfTrue(emitIsObject(newTemporary(), dst), typeIsObject.get()); + emitThrowTypeError(ASCIILiteral("Iterator result interface is not an object.")); + emitLabel(typeIsObject.get()); + } + return dst; +} + +void BytecodeGenerator::emitIteratorClose(RegisterID* iterator, const ThrowableExpressionData* node) +{ + Ref<Label> done = newLabel(); + RefPtr<RegisterID> returnMethod = emitGetById(newTemporary(), iterator, propertyNames().returnKeyword); + emitJumpIfTrue(emitIsUndefined(newTemporary(), returnMethod.get()), done.get()); + RefPtr<RegisterID> value = newTemporary(); - emitLoad(value.get(), jsUndefined()); + CallArguments returnArguments(*this, nullptr); + emitMove(returnArguments.thisRegister(), iterator); + emitCall(value.get(), returnMethod.get(), NoExpectedFunction, returnArguments, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + emitJumpIfTrue(emitIsObject(newTemporary(), value.get()), done.get()); + emitThrowTypeError(ASCIILiteral("Iterator result interface is not an object.")); + emitLabel(done.get()); +} + +void BytecodeGenerator::pushIndexedForInScope(RegisterID* localRegister, RegisterID* indexRegister) +{ + if (!localRegister) + return; + m_forInContextStack.append(adoptRef(*new IndexedForInContext(localRegister, indexRegister))); +} + +void BytecodeGenerator::popIndexedForInScope(RegisterID* localRegister) +{ + if (!localRegister) + return; + m_forInContextStack.removeLast(); +} + +RegisterID* BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment(const Identifier& identifier) +{ + ASSERT(m_codeBlock->isArrowFunction() || m_codeBlock->isArrowFunctionContext() || constructorKind() == ConstructorKind::Extends || m_codeType == EvalCode); + + return emitResolveScope(nullptr, variable(identifier, ThisResolutionType::Scoped)); +} + +void BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment() +{ + emitGetFromScope(thisRegister(), emitLoadArrowFunctionLexicalEnvironment(propertyNames().thisIdentifier), variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped), DoNotThrowIfNotFound); +} + +RegisterID* BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment() +{ + Variable newTargetVar = variable(propertyNames().builtinNames().newTargetLocalPrivateName()); + + return emitGetFromScope(m_newTargetRegister, emitLoadArrowFunctionLexicalEnvironment(propertyNames().builtinNames().newTargetLocalPrivateName()), newTargetVar, ThrowIfNotFound); + +} + +RegisterID* BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment() +{ + Variable protoScopeVar = variable(propertyNames().builtinNames().derivedConstructorPrivateName()); + return emitGetFromScope(newTemporary(), emitLoadArrowFunctionLexicalEnvironment(propertyNames().builtinNames().derivedConstructorPrivateName()), protoScopeVar, ThrowIfNotFound); +} + +RegisterID* BytecodeGenerator::ensureThis() +{ + if (constructorKind() == ConstructorKind::Extends && needsToUpdateArrowFunctionContext() && isSuperCallUsedInInnerArrowFunction()) + emitLoadThisFromArrowFunctionLexicalEnvironment(); + + if (constructorKind() == ConstructorKind::Extends || isDerivedConstructorContext()) + emitTDZCheck(thisRegister()); + + return thisRegister(); +} + +bool BytecodeGenerator::isThisUsedInInnerArrowFunction() +{ + return m_scopeNode->doAnyInnerArrowFunctionsUseThis() || m_scopeNode->doAnyInnerArrowFunctionsUseSuperProperty() || m_scopeNode->doAnyInnerArrowFunctionsUseSuperCall() || m_scopeNode->doAnyInnerArrowFunctionsUseEval() || m_codeBlock->usesEval(); +} + +bool BytecodeGenerator::isArgumentsUsedInInnerArrowFunction() +{ + return m_scopeNode->doAnyInnerArrowFunctionsUseArguments() || m_scopeNode->doAnyInnerArrowFunctionsUseEval(); +} + +bool BytecodeGenerator::isNewTargetUsedInInnerArrowFunction() +{ + return m_scopeNode->doAnyInnerArrowFunctionsUseNewTarget() || m_scopeNode->doAnyInnerArrowFunctionsUseSuperCall() || m_scopeNode->doAnyInnerArrowFunctionsUseEval() || m_codeBlock->usesEval(); +} + +bool BytecodeGenerator::isSuperUsedInInnerArrowFunction() +{ + return m_scopeNode->doAnyInnerArrowFunctionsUseSuperCall() || m_scopeNode->doAnyInnerArrowFunctionsUseSuperProperty() || m_scopeNode->doAnyInnerArrowFunctionsUseEval() || m_codeBlock->usesEval(); +} + +bool BytecodeGenerator::isSuperCallUsedInInnerArrowFunction() +{ + return m_scopeNode->doAnyInnerArrowFunctionsUseSuperCall() || m_scopeNode->doAnyInnerArrowFunctionsUseEval() || m_codeBlock->usesEval(); +} + +void BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope() +{ + if (isNewTargetUsedInInnerArrowFunction()) { + ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister); + + Variable newTargetVar = variable(propertyNames().builtinNames().newTargetLocalPrivateName()); + emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, newTargetVar, newTarget(), DoNotThrowIfNotFound, InitializationMode::Initialization); + } +} - emitJump(scope->continueTarget()); +void BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope() +{ + if (needsDerivedConstructorInArrowFunctionLexicalEnvironment()) { + ASSERT(m_arrowFunctionContextLexicalEnvironmentRegister); + + Variable protoScope = variable(propertyNames().builtinNames().derivedConstructorPrivateName()); + emitPutToScope(m_arrowFunctionContextLexicalEnvironmentRegister, protoScope, &m_calleeRegister, DoNotThrowIfNotFound, InitializationMode::Initialization); + } +} + +void BytecodeGenerator::emitPutThisToArrowFunctionContextScope() +{ + if (isThisUsedInInnerArrowFunction() || (m_scopeNode->usesSuperCall() && m_codeType == EvalCode)) { + ASSERT(isDerivedConstructorContext() || m_arrowFunctionContextLexicalEnvironmentRegister != nullptr); + + Variable thisVar = variable(propertyNames().thisIdentifier, ThisResolutionType::Scoped); + RegisterID* scope = isDerivedConstructorContext() ? emitLoadArrowFunctionLexicalEnvironment(propertyNames().thisIdentifier) : m_arrowFunctionContextLexicalEnvironmentRegister; - RefPtr<Label> loopStart = newLabel(); - emitLabel(loopStart.get()); - emitLoopHint(); - callBack(*this, value.get()); - emitLabel(scope->continueTarget()); - CallArguments nextArguments(*this, 0, 1); - emitMove(nextArguments.thisRegister(), iterator.get()); - emitMove(nextArguments.argumentRegister(0), value.get()); - emitCall(value.get(), iteratorNext.get(), NoExpectedFunction, nextArguments, node->divot(), node->divotStart(), node->divotEnd()); - RefPtr<RegisterID> result = newTemporary(); - emitJumpIfFalse(emitEqualityOp(op_stricteq, result.get(), value.get(), emitLoad(0, JSValue(vm()->iterationTerminator.get()))), loopStart.get()); - emitLabel(scope->breakTarget()); + emitPutToScope(scope, thisVar, thisRegister(), ThrowIfNotFound, InitializationMode::NotInitialization); + } +} + +void BytecodeGenerator::pushStructureForInScope(RegisterID* localRegister, RegisterID* indexRegister, RegisterID* propertyRegister, RegisterID* enumeratorRegister) +{ + if (!localRegister) + return; + m_forInContextStack.append(adoptRef(*new StructureForInContext(localRegister, indexRegister, propertyRegister, enumeratorRegister))); +} + +void BytecodeGenerator::popStructureForInScope(RegisterID* localRegister) +{ + if (!localRegister) + return; + m_forInContextStack.removeLast(); +} + +void BytecodeGenerator::invalidateForInContextForLocal(RegisterID* localRegister) +{ + // Lexically invalidating ForInContexts is kind of weak sauce, but it only occurs if + // either of the following conditions is true: + // + // (1) The loop iteration variable is re-assigned within the body of the loop. + // (2) The loop iteration variable is captured in the lexical scope of the function. + // + // These two situations occur sufficiently rarely that it's okay to use this style of + // "analysis" to make iteration faster. If we didn't want to do this, we would either have + // to perform some flow-sensitive analysis to see if/when the loop iteration variable was + // reassigned, or we'd have to resort to runtime checks to see if the variable had been + // reassigned from its original value. + for (size_t i = m_forInContextStack.size(); i > 0; i--) { + ForInContext& context = m_forInContextStack[i - 1].get(); + if (context.local() != localRegister) + continue; + context.invalidate(); + break; + } +} + +RegisterID* BytecodeGenerator::emitRestParameter(RegisterID* result, unsigned numParametersToSkip) +{ + RefPtr<RegisterID> restArrayLength = newTemporary(); + emitOpcode(op_get_rest_length); + instructions().append(restArrayLength->index()); + instructions().append(numParametersToSkip); + + emitOpcode(op_create_rest); + instructions().append(result->index()); + instructions().append(restArrayLength->index()); + instructions().append(numParametersToSkip); + + return result; +} + +void BytecodeGenerator::emitRequireObjectCoercible(RegisterID* value, const String& error) +{ + // FIXME: op_jneq_null treats "undetectable" objects as null/undefined. RequireObjectCoercible + // thus incorrectly throws a TypeError for interfaces like HTMLAllCollection. + Ref<Label> target = newLabel(); + size_t begin = instructions().size(); + emitOpcode(op_jneq_null); + instructions().append(value->index()); + instructions().append(target->bind(begin, instructions().size())); + emitThrowTypeError(error); + emitLabel(target.get()); +} + +void BytecodeGenerator::emitYieldPoint(RegisterID* argument) +{ + Ref<Label> mergePoint = newLabel(); + unsigned yieldPointIndex = m_yieldPoints++; + emitGeneratorStateChange(yieldPointIndex + 1); + + // Split the try range here. + Ref<Label> savePoint = newEmittedLabel(); + for (unsigned i = m_tryContextStack.size(); i--;) { + TryContext& context = m_tryContextStack[i]; + m_tryRanges.append(TryRange { + context.start.copyRef(), + savePoint.copyRef(), + context.tryData + }); + // Try range will be restared at the merge point. + context.start = mergePoint.get(); + } + Vector<TryContext> savedTryContextStack; + m_tryContextStack.swap(savedTryContextStack); + + emitOpcode(op_yield); + instructions().append(generatorFrameRegister()->index()); + instructions().append(yieldPointIndex); + instructions().append(argument->index()); + + // Restore the try contexts, which start offset is updated to the merge point. + m_tryContextStack.swap(savedTryContextStack); + emitLabel(mergePoint.get()); +} + +RegisterID* BytecodeGenerator::emitYield(RegisterID* argument) +{ + emitYieldPoint(argument); + + Ref<Label> normalLabel = newLabel(); + RefPtr<RegisterID> condition = newTemporary(); + emitEqualityOp(op_stricteq, condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::NormalMode)))); + emitJumpIfTrue(condition.get(), normalLabel.get()); + + Ref<Label> throwLabel = newLabel(); + emitEqualityOp(op_stricteq, condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::ThrowMode)))); + emitJumpIfTrue(condition.get(), throwLabel.get()); + // Return. + { + RefPtr<RegisterID> returnRegister = generatorValueRegister(); + bool hasFinally = emitReturnViaFinallyIfNeeded(returnRegister.get()); + if (!hasFinally) + emitReturn(returnRegister.get()); + } + + // Throw. + emitLabel(throwLabel.get()); + emitThrow(generatorValueRegister()); + + // Normal. + emitLabel(normalLabel.get()); + return generatorValueRegister(); +} + +RegisterID* BytecodeGenerator::emitDelegateYield(RegisterID* argument, ThrowableExpressionData* node) +{ + RefPtr<RegisterID> value = newTemporary(); + { + RefPtr<RegisterID> iterator = emitGetById(newTemporary(), argument, propertyNames().iteratorSymbol); + { + CallArguments args(*this, nullptr); + emitMove(args.thisRegister(), argument); + emitCall(iterator.get(), iterator.get(), NoExpectedFunction, args, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + } + + Ref<Label> loopDone = newLabel(); + { + Ref<Label> nextElement = newLabel(); + emitLoad(value.get(), jsUndefined()); + + emitJump(nextElement.get()); + + Ref<Label> loopStart = newLabel(); + emitLabel(loopStart.get()); + emitLoopHint(); + + Ref<Label> branchOnResult = newLabel(); + { + emitYieldPoint(value.get()); + + Ref<Label> normalLabel = newLabel(); + Ref<Label> returnLabel = newLabel(); + { + RefPtr<RegisterID> condition = newTemporary(); + emitEqualityOp(op_stricteq, condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::NormalMode)))); + emitJumpIfTrue(condition.get(), normalLabel.get()); + + emitEqualityOp(op_stricteq, condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::ReturnMode)))); + emitJumpIfTrue(condition.get(), returnLabel.get()); + + // Fallthrough to ThrowMode. + } + + // Throw. + { + Ref<Label> throwMethodFound = newLabel(); + RefPtr<RegisterID> throwMethod = emitGetById(newTemporary(), iterator.get(), propertyNames().throwKeyword); + emitJumpIfFalse(emitIsUndefined(newTemporary(), throwMethod.get()), throwMethodFound.get()); + + emitIteratorClose(iterator.get(), node); + emitThrowTypeError(ASCIILiteral("Delegated generator does not have a 'throw' method.")); + + emitLabel(throwMethodFound.get()); + CallArguments throwArguments(*this, nullptr, 1); + emitMove(throwArguments.thisRegister(), iterator.get()); + emitMove(throwArguments.argumentRegister(0), generatorValueRegister()); + emitCall(value.get(), throwMethod.get(), NoExpectedFunction, throwArguments, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + + emitJumpIfTrue(emitIsObject(newTemporary(), value.get()), branchOnResult.get()); + emitThrowTypeError(ASCIILiteral("Iterator result interface is not an object.")); + } + + // Return. + emitLabel(returnLabel.get()); + { + Ref<Label> returnMethodFound = newLabel(); + RefPtr<RegisterID> returnMethod = emitGetById(newTemporary(), iterator.get(), propertyNames().returnKeyword); + emitJumpIfFalse(emitIsUndefined(newTemporary(), returnMethod.get()), returnMethodFound.get()); + + emitMove(value.get(), generatorValueRegister()); + + Ref<Label> returnSequence = newLabel(); + emitJump(returnSequence.get()); + + emitLabel(returnMethodFound.get()); + CallArguments returnArguments(*this, nullptr, 1); + emitMove(returnArguments.thisRegister(), iterator.get()); + emitMove(returnArguments.argumentRegister(0), generatorValueRegister()); + emitCall(value.get(), returnMethod.get(), NoExpectedFunction, returnArguments, node->divot(), node->divotStart(), node->divotEnd(), DebuggableCall::No); + + Ref<Label> returnIteratorResultIsObject = newLabel(); + emitJumpIfTrue(emitIsObject(newTemporary(), value.get()), returnIteratorResultIsObject.get()); + emitThrowTypeError(ASCIILiteral("Iterator result interface is not an object.")); + + emitLabel(returnIteratorResultIsObject.get()); + Ref<Label> returnFromGenerator = newLabel(); + emitJumpIfTrue(emitGetById(newTemporary(), value.get(), propertyNames().done), returnFromGenerator.get()); + + emitGetById(value.get(), value.get(), propertyNames().value); + emitJump(loopStart.get()); + + emitLabel(returnFromGenerator.get()); + emitGetById(value.get(), value.get(), propertyNames().value); + + emitLabel(returnSequence.get()); + bool hasFinally = emitReturnViaFinallyIfNeeded(value.get()); + if (!hasFinally) + emitReturn(value.get()); + } + + // Normal. + emitLabel(normalLabel.get()); + emitMove(value.get(), generatorValueRegister()); + } + + emitLabel(nextElement.get()); + emitIteratorNextWithValue(value.get(), iterator.get(), value.get(), node); + + emitLabel(branchOnResult.get()); + emitJumpIfTrue(emitGetById(newTemporary(), value.get(), propertyNames().done), loopDone.get()); + emitGetById(value.get(), value.get(), propertyNames().value); + emitJump(loopStart.get()); + } + emitLabel(loopDone.get()); + } + + emitGetById(value.get(), value.get(), propertyNames().value); + return value.get(); +} + + +void BytecodeGenerator::emitGeneratorStateChange(int32_t state) +{ + RegisterID* completedState = emitLoad(nullptr, jsNumber(state)); + emitPutById(generatorRegister(), propertyNames().builtinNames().generatorStatePrivateName(), completedState); +} + +bool BytecodeGenerator::emitJumpViaFinallyIfNeeded(int targetLabelScopeDepth, Label& jumpTarget) +{ + ASSERT(labelScopeDepth() - targetLabelScopeDepth >= 0); + size_t numberOfScopesToCheckForFinally = labelScopeDepth() - targetLabelScopeDepth; + ASSERT(numberOfScopesToCheckForFinally <= m_controlFlowScopeStack.size()); + if (!numberOfScopesToCheckForFinally) + return false; + + FinallyContext* innermostFinallyContext = nullptr; + FinallyContext* outermostFinallyContext = nullptr; + size_t scopeIndex = m_controlFlowScopeStack.size() - 1; + while (numberOfScopesToCheckForFinally--) { + ControlFlowScope* scope = &m_controlFlowScopeStack[scopeIndex--]; + if (scope->isFinallyScope()) { + FinallyContext* finallyContext = &scope->finallyContext; + if (!innermostFinallyContext) + innermostFinallyContext = finallyContext; + outermostFinallyContext = finallyContext; + finallyContext->incNumberOfBreaksOrContinues(); + } + } + if (!outermostFinallyContext) + return false; // No finallys to thread through. + + auto jumpID = bytecodeOffsetToJumpID(instructions().size()); + int lexicalScopeIndex = labelScopeDepthToLexicalScopeIndex(targetLabelScopeDepth); + outermostFinallyContext->registerJump(jumpID, lexicalScopeIndex, jumpTarget); + + emitSetCompletionType(jumpID); + emitJump(*innermostFinallyContext->finallyLabel()); + return true; // We'll be jumping to a finally block. +} + +bool BytecodeGenerator::emitReturnViaFinallyIfNeeded(RegisterID* returnRegister) +{ + size_t numberOfScopesToCheckForFinally = m_controlFlowScopeStack.size(); + if (!numberOfScopesToCheckForFinally) + return false; + + FinallyContext* innermostFinallyContext = nullptr; + while (numberOfScopesToCheckForFinally) { + size_t scopeIndex = --numberOfScopesToCheckForFinally; + ControlFlowScope* scope = &m_controlFlowScopeStack[scopeIndex]; + if (scope->isFinallyScope()) { + FinallyContext* finallyContext = &scope->finallyContext; + if (!innermostFinallyContext) + innermostFinallyContext = finallyContext; + finallyContext->setHandlesReturns(); + } + } + if (!innermostFinallyContext) + return false; // No finallys to thread through. + + emitSetCompletionType(CompletionType::Return); + emitSetCompletionValue(returnRegister); + emitJump(*innermostFinallyContext->finallyLabel()); + return true; // We'll be jumping to a finally block. +} + +void BytecodeGenerator::emitFinallyCompletion(FinallyContext& context, RegisterID* completionTypeRegister, Label& normalCompletionLabel) +{ + if (context.numberOfBreaksOrContinues() || context.handlesReturns()) { + emitJumpIf(op_stricteq, completionTypeRegister, CompletionType::Normal, normalCompletionLabel); + + FinallyContext* outerContext = context.outerContext(); + + size_t numberOfJumps = context.numberOfJumps(); + ASSERT(outerContext || numberOfJumps == context.numberOfBreaksOrContinues()); + + for (size_t i = 0; i < numberOfJumps; i++) { + Ref<Label> nextLabel = newLabel(); + auto& jump = context.jumps(i); + emitJumpIf(op_nstricteq, completionTypeRegister, jump.jumpID, nextLabel.get()); + + restoreScopeRegister(jump.targetLexicalScopeIndex); + emitSetCompletionType(CompletionType::Normal); + emitJump(jump.targetLabel.get()); + + emitLabel(nextLabel.get()); + } + + if (outerContext) { + // We are not the outermost finally. + bool hasBreaksOrContinuesNotCoveredByJumps = context.numberOfBreaksOrContinues() > numberOfJumps; + if (hasBreaksOrContinuesNotCoveredByJumps || context.handlesReturns()) + emitJumpIf(op_nstricteq, completionTypeRegister, CompletionType::Throw, *outerContext->finallyLabel()); + + } else { + // We are the outermost finally. + if (context.handlesReturns()) { + Ref<Label> notReturnLabel = newLabel(); + emitJumpIf(op_nstricteq, completionTypeRegister, CompletionType::Return, notReturnLabel.get()); + + emitWillLeaveCallFrameDebugHook(); + emitReturn(completionValueRegister(), ReturnFrom::Finally); + + emitLabel(notReturnLabel.get()); + } + } + } + emitJumpIf(op_nstricteq, completionTypeRegister, CompletionType::Throw, normalCompletionLabel); + emitThrow(completionValueRegister()); +} + +bool BytecodeGenerator::allocateCompletionRecordRegisters() +{ + if (m_completionTypeRegister) + return false; + + ASSERT(!m_completionValueRegister); + m_completionTypeRegister = newTemporary(); + m_completionValueRegister = newTemporary(); + + emitSetCompletionType(CompletionType::Normal); + emitMoveEmptyValue(m_completionValueRegister.get()); + return true; +} + +void BytecodeGenerator::releaseCompletionRecordRegisters() +{ + ASSERT(m_completionTypeRegister && m_completionValueRegister); + m_completionTypeRegister = nullptr; + m_completionValueRegister = nullptr; +} + +void BytecodeGenerator::emitJumpIf(OpcodeID compareOpcode, RegisterID* completionTypeRegister, CompletionType type, Label& jumpTarget) +{ + RefPtr<RegisterID> tempRegister = newTemporary(); + RegisterID* valueConstant = addConstantValue(jsNumber(static_cast<int>(type))); + OperandTypes operandTypes = OperandTypes(ResultType::numberTypeIsInt32(), ResultType::unknownType()); + + auto equivalenceResult = emitBinaryOp(compareOpcode, tempRegister.get(), valueConstant, completionTypeRegister, operandTypes); + emitJumpIfTrue(equivalenceResult, jumpTarget); } } // namespace JSC + +namespace WTF { + +void printInternal(PrintStream& out, JSC::Variable::VariableKind kind) +{ + switch (kind) { + case JSC::Variable::NormalVariable: + out.print("Normal"); + return; + case JSC::Variable::SpecialVariable: + out.print("Special"); + return; + } + RELEASE_ASSERT_NOT_REACHED(); +} + +} // namespace WTF + diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h index 4e9f213c9..06da7cb71 100644 --- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h +++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2009, 2012, 2013 Apple Inc. All rights reserved. + * Copyright (C) 2008-2009, 2012-2016 Apple Inc. All rights reserved. * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca> * Copyright (C) 2012 Igalia, S.L. * @@ -12,7 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -28,34 +28,32 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef BytecodeGenerator_h -#define BytecodeGenerator_h +#pragma once #include "CodeBlock.h" -#include <wtf/HashTraits.h> #include "Instruction.h" +#include "Interpreter.h" +#include "JSGeneratorFunction.h" #include "Label.h" #include "LabelScope.h" -#include "Interpreter.h" +#include "Nodes.h" #include "ParserError.h" #include "RegisterID.h" -#include "SymbolTable.h" -#include "Debugger.h" -#include "Nodes.h" #include "StaticPropertyAnalyzer.h" +#include "SymbolTable.h" +#include "TemplateRegistryKey.h" #include "UnlinkedCodeBlock.h" - #include <functional> - -#include <wtf/PassRefPtr.h> +#include <wtf/CheckedArithmetic.h> +#include <wtf/HashTraits.h> #include <wtf/SegmentedVector.h> +#include <wtf/SetForScope.h> #include <wtf/Vector.h> - namespace JSC { class Identifier; - class Label; + class JSTemplateRegistryKey; enum ExpectedFunction { NoExpectedFunction, @@ -63,132 +61,334 @@ namespace JSC { ExpectArrayConstructor }; + enum class DebuggableCall { Yes, No }; + enum class ThisResolutionType { Local, Scoped }; + class CallArguments { public: CallArguments(BytecodeGenerator&, ArgumentsNode*, unsigned additionalArguments = 0); RegisterID* thisRegister() { return m_argv[0].get(); } RegisterID* argumentRegister(unsigned i) { return m_argv[i + 1].get(); } - unsigned stackOffset() { return -m_argv[0]->index() + JSStack::CallFrameHeaderSize; } + unsigned stackOffset() { return -m_argv[0]->index() + CallFrame::headerSizeInRegisters; } unsigned argumentCountIncludingThis() { return m_argv.size() - m_padding; } - RegisterID* profileHookRegister() { return m_profileHookRegister.get(); } ArgumentsNode* argumentsNode() { return m_argumentsNode; } private: - RefPtr<RegisterID> m_profileHookRegister; ArgumentsNode* m_argumentsNode; Vector<RefPtr<RegisterID>, 8, UnsafeVectorOverflow> m_argv; unsigned m_padding; }; + // https://tc39.github.io/ecma262/#sec-completion-record-specification-type + // + // For the Break and Continue cases, instead of using the Break and Continue enum values + // below, we use the unique jumpID of the break and continue statement as the encoding + // for the CompletionType value. emitFinallyCompletion() uses this jumpID value later + // to determine the appropriate jump target to jump to after executing the relevant finally + // blocks. The jumpID is computed as: + // jumpID = bytecodeOffset (of the break/continue node) + CompletionType::NumberOfTypes. + // Hence, there won't be any collision between jumpIDs and CompletionType enums. + enum class CompletionType : int { + Normal, + Break, + Continue, + Return, + Throw, + + NumberOfTypes + }; + + inline CompletionType bytecodeOffsetToJumpID(unsigned offset) + { + int jumpIDAsInt = offset + static_cast<int>(CompletionType::NumberOfTypes); + ASSERT(jumpIDAsInt >= static_cast<int>(CompletionType::NumberOfTypes)); + return static_cast<CompletionType>(jumpIDAsInt); + } + + struct FinallyJump { + FinallyJump(CompletionType jumpID, int targetLexicalScopeIndex, Label& targetLabel) + : jumpID(jumpID) + , targetLexicalScopeIndex(targetLexicalScopeIndex) + , targetLabel(targetLabel) + { } + + CompletionType jumpID; + int targetLexicalScopeIndex; + Ref<Label> targetLabel; + }; + struct FinallyContext { - StatementNode* finallyBlock; - unsigned scopeContextStackSize; - unsigned switchContextStackSize; - unsigned forInContextStackSize; - unsigned tryContextStackSize; - unsigned labelScopesSize; - int finallyDepth; - int dynamicScopeDepth; + FinallyContext() { } + FinallyContext(FinallyContext* outerContext, Label& finallyLabel) + : m_outerContext(outerContext) + , m_finallyLabel(&finallyLabel) + { + ASSERT(m_jumps.isEmpty()); + } + + FinallyContext* outerContext() const { return m_outerContext; } + Label* finallyLabel() const { return m_finallyLabel; } + + uint32_t numberOfBreaksOrContinues() const { return m_numberOfBreaksOrContinues.unsafeGet(); } + void incNumberOfBreaksOrContinues() { m_numberOfBreaksOrContinues++; } + + bool handlesReturns() const { return m_handlesReturns; } + void setHandlesReturns() { m_handlesReturns = true; } + + void registerJump(CompletionType jumpID, int lexicalScopeIndex, Label& targetLabel) + { + m_jumps.append(FinallyJump(jumpID, lexicalScopeIndex, targetLabel)); + } + + size_t numberOfJumps() const { return m_jumps.size(); } + FinallyJump& jumps(size_t i) { return m_jumps[i]; } + + private: + FinallyContext* m_outerContext { nullptr }; + Label* m_finallyLabel { nullptr }; + Checked<uint32_t, WTF::CrashOnOverflow> m_numberOfBreaksOrContinues; + bool m_handlesReturns { false }; + Vector<FinallyJump> m_jumps; }; - struct ControlFlowContext { - bool isFinallyBlock; + struct ControlFlowScope { + typedef uint8_t Type; + enum { + Label, + Finally + }; + ControlFlowScope(Type type, int lexicalScopeIndex, FinallyContext&& finallyContext = FinallyContext()) + : type(type) + , lexicalScopeIndex(lexicalScopeIndex) + , finallyContext(std::forward<FinallyContext>(finallyContext)) + { } + + bool isLabelScope() const { return type == Label; } + bool isFinallyScope() const { return type == Finally; } + + Type type; + int lexicalScopeIndex; FinallyContext finallyContext; }; - struct ForInContext { - RefPtr<RegisterID> expectedSubscriptRegister; - RefPtr<RegisterID> iterRegister; - RefPtr<RegisterID> indexRegister; - RefPtr<RegisterID> propertyRegister; + class ForInContext : public RefCounted<ForInContext> { + WTF_MAKE_FAST_ALLOCATED; + WTF_MAKE_NONCOPYABLE(ForInContext); + public: + ForInContext(RegisterID* localRegister) + : m_localRegister(localRegister) + , m_isValid(true) + { + } + + virtual ~ForInContext() + { + } + + bool isValid() const { return m_isValid; } + void invalidate() { m_isValid = false; } + + enum ForInContextType { + StructureForInContextType, + IndexedForInContextType + }; + virtual ForInContextType type() const = 0; + + RegisterID* local() const { return m_localRegister.get(); } + + private: + RefPtr<RegisterID> m_localRegister; + bool m_isValid; + }; + + class StructureForInContext : public ForInContext { + public: + StructureForInContext(RegisterID* localRegister, RegisterID* indexRegister, RegisterID* propertyRegister, RegisterID* enumeratorRegister) + : ForInContext(localRegister) + , m_indexRegister(indexRegister) + , m_propertyRegister(propertyRegister) + , m_enumeratorRegister(enumeratorRegister) + { + } + + ForInContextType type() const override + { + return StructureForInContextType; + } + + RegisterID* index() const { return m_indexRegister.get(); } + RegisterID* property() const { return m_propertyRegister.get(); } + RegisterID* enumerator() const { return m_enumeratorRegister.get(); } + + private: + RefPtr<RegisterID> m_indexRegister; + RefPtr<RegisterID> m_propertyRegister; + RefPtr<RegisterID> m_enumeratorRegister; + }; + + class IndexedForInContext : public ForInContext { + public: + IndexedForInContext(RegisterID* localRegister, RegisterID* indexRegister) + : ForInContext(localRegister) + , m_indexRegister(indexRegister) + { + } + + ForInContextType type() const override + { + return IndexedForInContextType; + } + + RegisterID* index() const { return m_indexRegister.get(); } + + private: + RefPtr<RegisterID> m_indexRegister; }; struct TryData { - RefPtr<Label> target; - unsigned targetScopeDepth; + Ref<Label> target; + HandlerType handlerType; }; struct TryContext { - RefPtr<Label> start; + Ref<Label> start; TryData* tryData; }; - enum CaptureMode { - NotCaptured, - IsCaptured - }; - - class Local { + class Variable { public: - Local() - : m_local(0) + enum VariableKind { NormalVariable, SpecialVariable }; + + Variable() + : m_offset() + , m_local(nullptr) + , m_attributes(0) + , m_kind(NormalVariable) + , m_symbolTableConstantIndex(0) // This is meaningless here for this kind of Variable. + , m_isLexicallyScoped(false) + { + } + + Variable(const Identifier& ident) + : m_ident(ident) + , m_local(nullptr) , m_attributes(0) + , m_kind(NormalVariable) // This is somewhat meaningless here for this kind of Variable. + , m_symbolTableConstantIndex(0) // This is meaningless here for this kind of Variable. + , m_isLexicallyScoped(false) { } - Local(RegisterID* local, unsigned attributes, CaptureMode captureMode) - : m_local(local) + Variable(const Identifier& ident, VarOffset offset, RegisterID* local, unsigned attributes, VariableKind kind, int symbolTableConstantIndex, bool isLexicallyScoped) + : m_ident(ident) + , m_offset(offset) + , m_local(local) , m_attributes(attributes) - , m_isCaptured(captureMode == IsCaptured) + , m_kind(kind) + , m_symbolTableConstantIndex(symbolTableConstantIndex) + , m_isLexicallyScoped(isLexicallyScoped) { } - operator bool() { return m_local; } + // If it's unset, then it is a non-locally-scoped variable. If it is set, then it could be + // a stack variable, a scoped variable in a local scope, or a variable captured in the + // direct arguments object. + bool isResolved() const { return !!m_offset; } + int symbolTableConstantIndex() const { ASSERT(isResolved() && !isSpecial()); return m_symbolTableConstantIndex; } + + const Identifier& ident() const { return m_ident; } + + VarOffset offset() const { return m_offset; } + bool isLocal() const { return m_offset.isStack(); } + RegisterID* local() const { return m_local; } - RegisterID* get() { return m_local; } + bool isReadOnly() const { return m_attributes & ReadOnly; } + bool isSpecial() const { return m_kind != NormalVariable; } + bool isConst() const { return isReadOnly() && m_isLexicallyScoped; } + void setIsReadOnly() { m_attributes |= ReadOnly; } - bool isReadOnly() { return m_attributes & ReadOnly; } - - bool isCaptured() { return m_isCaptured; } - CaptureMode captureMode() { return isCaptured() ? IsCaptured : NotCaptured; } + void dump(PrintStream&) const; private: + Identifier m_ident; + VarOffset m_offset; RegisterID* m_local; unsigned m_attributes; - bool m_isCaptured; + VariableKind m_kind; + int m_symbolTableConstantIndex; + bool m_isLexicallyScoped; }; struct TryRange { - RefPtr<Label> start; - RefPtr<Label> end; + Ref<Label> start; + Ref<Label> end; TryData* tryData; }; + enum ProfileTypeBytecodeFlag { + ProfileTypeBytecodeClosureVar, + ProfileTypeBytecodeLocallyResolved, + ProfileTypeBytecodeDoesNotHaveGlobalID, + ProfileTypeBytecodeFunctionArgument, + ProfileTypeBytecodeFunctionReturnStatement + }; + class BytecodeGenerator { WTF_MAKE_FAST_ALLOCATED; + WTF_MAKE_NONCOPYABLE(BytecodeGenerator); public: - typedef DeclarationStacks::VarStack VarStack; typedef DeclarationStacks::FunctionStack FunctionStack; - BytecodeGenerator(VM&, ProgramNode*, UnlinkedProgramCodeBlock*, DebuggerMode, ProfilerMode); - BytecodeGenerator(VM&, FunctionBodyNode*, UnlinkedFunctionCodeBlock*, DebuggerMode, ProfilerMode); - BytecodeGenerator(VM&, EvalNode*, UnlinkedEvalCodeBlock*, DebuggerMode, ProfilerMode); + BytecodeGenerator(VM&, ProgramNode*, UnlinkedProgramCodeBlock*, DebuggerMode, const VariableEnvironment*); + BytecodeGenerator(VM&, FunctionNode*, UnlinkedFunctionCodeBlock*, DebuggerMode, const VariableEnvironment*); + BytecodeGenerator(VM&, EvalNode*, UnlinkedEvalCodeBlock*, DebuggerMode, const VariableEnvironment*); + BytecodeGenerator(VM&, ModuleProgramNode*, UnlinkedModuleProgramCodeBlock*, DebuggerMode, const VariableEnvironment*); ~BytecodeGenerator(); VM* vm() const { return m_vm; } + ParserArena& parserArena() const { return m_scopeNode->parserArena(); } const CommonIdentifiers& propertyNames() const { return *m_vm->propertyNames; } - bool isConstructor() { return m_codeBlock->isConstructor(); } - - ParserError generate(); + bool isConstructor() const { return m_codeBlock->isConstructor(); } + DerivedContextType derivedContextType() const { return m_derivedContextType; } + bool usesArrowFunction() const { return m_scopeNode->usesArrowFunction(); } + bool needsToUpdateArrowFunctionContext() const { return m_needsToUpdateArrowFunctionContext; } + bool usesEval() const { return m_scopeNode->usesEval(); } + bool usesThis() const { return m_scopeNode->usesThis(); } + ConstructorKind constructorKind() const { return m_codeBlock->constructorKind(); } + SuperBinding superBinding() const { return m_codeBlock->superBinding(); } + JSParserScriptMode scriptMode() const { return m_codeBlock->scriptMode(); } + + template<typename... Args> + static ParserError generate(VM& vm, Args&& ...args) + { + DeferGC deferGC(vm.heap); + auto bytecodeGenerator = std::make_unique<BytecodeGenerator>(vm, std::forward<Args>(args)...); + return bytecodeGenerator->generate(); + } bool isArgumentNumber(const Identifier&, int); - void setIsNumericCompareFunction(bool isNumericCompareFunction); - - bool willResolveToArguments(const Identifier&); - RegisterID* uncheckedRegisterForArguments(); - - bool isCaptured(int operand); - CaptureMode captureMode(int operand) { return isCaptured(operand) ? IsCaptured : NotCaptured; } + Variable variable(const Identifier&, ThisResolutionType = ThisResolutionType::Local); + + enum ExistingVariableMode { VerifyExisting, IgnoreExisting }; + void createVariable(const Identifier&, VarKind, SymbolTable*, ExistingVariableMode = VerifyExisting); // Creates the variable, or asserts that the already-created variable is sufficiently compatible. - Local local(const Identifier&); - Local constLocal(const Identifier&); - // Returns the register storing "this" RegisterID* thisRegister() { return &m_thisRegister; } + RegisterID* argumentsRegister() { return m_argumentsRegister; } + RegisterID* newTarget() + { + return m_newTargetRegister; + } + + RegisterID* scopeRegister() { return m_scopeRegister; } + + RegisterID* generatorRegister() { return m_generatorRegister; } + + RegisterID* promiseCapabilityRegister() { return m_promiseCapabilityRegister; } // Returns the next available temporary register. Registers returned by // newTemporary require a modified form of reference counting: any @@ -206,6 +406,13 @@ namespace JSC { RegisterID* ignoredResult() { return &m_ignoredResultRegister; } + // This will be allocated in the temporary region of registers, but it will + // not be marked as a temporary. This will ensure that finalDestination() does + // not overwrite a block scope variable that it mistakes as a temporary. These + // registers can be (and are) reclaimed when the lexical scope they belong to + // is no longer on the symbol table stack. + RegisterID* newBlockScopeVariable(); + // Returns a place to write intermediate values of an operation // which reuses dst if it is safe to do so. RegisterID* tempDestination(RegisterID* dst) @@ -226,7 +433,7 @@ namespace JSC { RegisterID* destinationForAssignResult(RegisterID* dst) { - if (dst && dst != ignoredResult() && m_codeBlock->needsFullScopeChain()) + if (dst && dst != ignoredResult()) return dst->isTemporary() ? dst : newTemporary(); return 0; } @@ -238,49 +445,71 @@ namespace JSC { } LabelScopePtr newLabelScope(LabelScope::Type, const Identifier* = 0); - PassRefPtr<Label> newLabel(); + Ref<Label> newLabel(); + Ref<Label> newEmittedLabel(); void emitNode(RegisterID* dst, StatementNode* n) { + SetForScope<bool> tailPositionPoisoner(m_inTailPosition, false); + return emitNodeInTailPosition(dst, n); + } + + void emitNodeInTailPosition(RegisterID* dst, StatementNode* n) + { // Node::emitCode assumes that dst, if provided, is either a local or a referenced temporary. ASSERT(!dst || dst == ignoredResult() || !dst->isTemporary() || dst->refCount()); - // Should never store directly into a captured variable. - ASSERT(!dst || dst == ignoredResult() || !isCaptured(dst->index())); - if (!m_vm->isSafeToRecurse()) { + if (UNLIKELY(!m_vm->isSafeToRecurse())) { emitThrowExpressionTooDeepException(); return; } + if (UNLIKELY(n->needsDebugHook())) + emitDebugHook(n); n->emitBytecode(*this, dst); } void emitNode(StatementNode* n) { - emitNode(0, n); + emitNode(nullptr, n); + } + + void emitNodeInTailPosition(StatementNode* n) + { + emitNodeInTailPosition(nullptr, n); } RegisterID* emitNode(RegisterID* dst, ExpressionNode* n) { + SetForScope<bool> tailPositionPoisoner(m_inTailPosition, false); + return emitNodeInTailPosition(dst, n); + } + + RegisterID* emitNodeInTailPosition(RegisterID* dst, ExpressionNode* n) + { // Node::emitCode assumes that dst, if provided, is either a local or a referenced temporary. ASSERT(!dst || dst == ignoredResult() || !dst->isTemporary() || dst->refCount()); - // Should never store directly into a captured variable. - ASSERT(!dst || dst == ignoredResult() || !isCaptured(dst->index())); - if (!m_vm->isSafeToRecurse()) + if (UNLIKELY(!m_vm->isSafeToRecurse())) return emitThrowExpressionTooDeepException(); + if (UNLIKELY(n->needsDebugHook())) + emitDebugHook(n); return n->emitBytecode(*this, dst); } RegisterID* emitNode(ExpressionNode* n) { - return emitNode(0, n); + return emitNode(nullptr, n); + } + + RegisterID* emitNodeInTailPosition(ExpressionNode* n) + { + return emitNodeInTailPosition(nullptr, n); } - void emitNodeInConditionContext(ExpressionNode* n, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) + void emitNodeInConditionContext(ExpressionNode* n, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { - if (!m_vm->isSafeToRecurse()) { + if (UNLIKELY(!m_vm->isSafeToRecurse())) { emitThrowExpressionTooDeepException(); return; } - n->emitBytecodeInConditionContext(*this, trueTarget, falseTarget, fallThroughMode); } @@ -290,7 +519,7 @@ namespace JSC { ASSERT(divotEnd.offset >= divot.offset); int sourceOffset = m_scopeNode->source().startOffset(); - unsigned firstLine = m_scopeNode->source().firstLine(); + unsigned firstLine = m_scopeNode->source().firstLine().oneBasedInt(); int divotOffset = divot.offset - sourceOffset; int startOffset = divot.offset - divotStart.offset; @@ -312,18 +541,20 @@ namespace JSC { unsigned column = divotOffset - lineStart; unsigned instructionOffset = instructions().size(); - m_codeBlock->addExpressionInfo(instructionOffset, divotOffset, startOffset, endOffset, line, column); + if (!m_isBuiltinFunction) + m_codeBlock->addExpressionInfo(instructionOffset, divotOffset, startOffset, endOffset, line, column); } + ALWAYS_INLINE bool leftHandSideNeedsCopy(bool rightHasAssignments, bool rightIsPure) { - return (m_codeType != FunctionCode || m_codeBlock->needsFullScopeChain() || rightHasAssignments) && !rightIsPure; + return (m_codeType != FunctionCode || rightHasAssignments) && !rightIsPure; } - ALWAYS_INLINE PassRefPtr<RegisterID> emitNodeForLeftHandSide(ExpressionNode* n, bool rightHasAssignments, bool rightIsPure) + ALWAYS_INLINE RefPtr<RegisterID> emitNodeForLeftHandSide(ExpressionNode* n, bool rightHasAssignments, bool rightIsPure) { if (leftHandSideNeedsCopy(rightHasAssignments, rightIsPure)) { - PassRefPtr<RegisterID> dst = newTemporary(); + RefPtr<RegisterID> dst = newTemporary(); emitNode(dst.get(), n); return dst; } @@ -331,62 +562,125 @@ namespace JSC { return emitNode(n); } + void hoistSloppyModeFunctionIfNecessary(const Identifier& functionName); + + private: + void emitTypeProfilerExpressionInfo(const JSTextPosition& startDivot, const JSTextPosition& endDivot); + public: + + // This doesn't emit expression info. If using this, make sure you shouldn't be emitting text offset. + void emitProfileType(RegisterID* registerToProfile, ProfileTypeBytecodeFlag); + // These variables are associated with variables in a program. They could be Locals, LocalClosureVar, or ClosureVar. + void emitProfileType(RegisterID* registerToProfile, const Variable&, const JSTextPosition& startDivot, const JSTextPosition& endDivot); + + void emitProfileType(RegisterID* registerToProfile, ProfileTypeBytecodeFlag, const JSTextPosition& startDivot, const JSTextPosition& endDivot); + // These are not associated with variables and don't have a global id. + void emitProfileType(RegisterID* registerToProfile, const JSTextPosition& startDivot, const JSTextPosition& endDivot); + + void emitProfileControlFlow(int); + + RegisterID* emitLoadArrowFunctionLexicalEnvironment(const Identifier&); + RegisterID* ensureThis(); + void emitLoadThisFromArrowFunctionLexicalEnvironment(); + RegisterID* emitLoadNewTargetFromArrowFunctionLexicalEnvironment(); + RegisterID* emitLoad(RegisterID* dst, bool); - RegisterID* emitLoad(RegisterID* dst, double); RegisterID* emitLoad(RegisterID* dst, const Identifier&); - RegisterID* emitLoad(RegisterID* dst, JSValue); + RegisterID* emitLoad(RegisterID* dst, JSValue, SourceCodeRepresentation = SourceCodeRepresentation::Other); RegisterID* emitLoadGlobalObject(RegisterID* dst); RegisterID* emitUnaryOp(OpcodeID, RegisterID* dst, RegisterID* src); + RegisterID* emitUnaryOp(OpcodeID, RegisterID* dst, RegisterID* src, OperandTypes); + RegisterID* emitUnaryOpProfiled(OpcodeID, RegisterID* dst, RegisterID* src); RegisterID* emitBinaryOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes); RegisterID* emitEqualityOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2); RegisterID* emitUnaryNoDstOp(OpcodeID, RegisterID* src); RegisterID* emitCreateThis(RegisterID* dst); + void emitTDZCheck(RegisterID* target); + bool needsTDZCheck(const Variable&); + void emitTDZCheckIfNecessary(const Variable&, RegisterID* target, RegisterID* scope); + void liftTDZCheckIfPossible(const Variable&); RegisterID* emitNewObject(RegisterID* dst); RegisterID* emitNewArray(RegisterID* dst, ElementNode*, unsigned length); // stops at first elision - - RegisterID* emitNewFunction(RegisterID* dst, CaptureMode, FunctionBodyNode*); - RegisterID* emitLazyNewFunction(RegisterID* dst, FunctionBodyNode* body); - RegisterID* emitNewFunctionInternal(RegisterID* dst, CaptureMode, unsigned index, bool shouldNullCheck); - RegisterID* emitNewFunctionExpression(RegisterID* dst, FuncExprNode* func); + RegisterID* emitNewArrayWithSpread(RegisterID* dst, ElementNode*); + RegisterID* emitNewArrayWithSize(RegisterID* dst, RegisterID* length); + + RegisterID* emitNewFunction(RegisterID* dst, FunctionMetadataNode*); + RegisterID* emitNewFunctionExpression(RegisterID* dst, FuncExprNode*); + RegisterID* emitNewDefaultConstructor(RegisterID* dst, ConstructorKind, const Identifier& name, const Identifier& ecmaName, const SourceCode& classSource); + RegisterID* emitNewArrowFunctionExpression(RegisterID*, ArrowFuncExprNode*); + RegisterID* emitNewMethodDefinition(RegisterID* dst, MethodDefinitionNode*); RegisterID* emitNewRegExp(RegisterID* dst, RegExp*); - RegisterID* emitMove(RegisterID* dst, CaptureMode, RegisterID* src); + void emitSetFunctionNameIfNeeded(ExpressionNode* valueNode, RegisterID* value, RegisterID* name); + + RegisterID* emitMoveLinkTimeConstant(RegisterID* dst, LinkTimeConstant); + RegisterID* emitMoveEmptyValue(RegisterID* dst); RegisterID* emitMove(RegisterID* dst, RegisterID* src); - RegisterID* emitToNumber(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_to_number, dst, src); } + RegisterID* emitToNumber(RegisterID* dst, RegisterID* src) { return emitUnaryOpProfiled(op_to_number, dst, src); } + RegisterID* emitToString(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_to_string, dst, src); } RegisterID* emitInc(RegisterID* srcDst); RegisterID* emitDec(RegisterID* srcDst); - void emitCheckHasInstance(RegisterID* dst, RegisterID* value, RegisterID* base, Label* target); + RegisterID* emitOverridesHasInstance(RegisterID* dst, RegisterID* constructor, RegisterID* hasInstanceValue); RegisterID* emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* basePrototype); + RegisterID* emitInstanceOfCustom(RegisterID* dst, RegisterID* value, RegisterID* constructor, RegisterID* hasInstanceValue); RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src); } - RegisterID* emitIn(RegisterID* dst, RegisterID* property, RegisterID* base) { return emitBinaryOp(op_in, dst, property, base, OperandTypes()); } - - RegisterID* emitInitGlobalConst(const Identifier&, RegisterID* value); + RegisterID* emitIn(RegisterID* dst, RegisterID* property, RegisterID* base); + RegisterID* emitTryGetById(RegisterID* dst, RegisterID* base, const Identifier& property); RegisterID* emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property); - RegisterID* emitGetArgumentsLength(RegisterID* dst, RegisterID* base); + RegisterID* emitGetById(RegisterID* dst, RegisterID* base, RegisterID* thisVal, const Identifier& property); RegisterID* emitPutById(RegisterID* base, const Identifier& property, RegisterID* value); - RegisterID* emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value); + RegisterID* emitPutById(RegisterID* base, RegisterID* thisValue, const Identifier& property, RegisterID* value); + RegisterID* emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value, PropertyNode::PutType); RegisterID* emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier&); RegisterID* emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property); - RegisterID* emitGetArgumentByVal(RegisterID* dst, RegisterID* base, RegisterID* property); + RegisterID* emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* thisValue, RegisterID* property); RegisterID* emitPutByVal(RegisterID* base, RegisterID* property, RegisterID* value); + RegisterID* emitPutByVal(RegisterID* base, RegisterID* thisValue, RegisterID* property, RegisterID* value); RegisterID* emitDirectPutByVal(RegisterID* base, RegisterID* property, RegisterID* value); RegisterID* emitDeleteByVal(RegisterID* dst, RegisterID* base, RegisterID* property); RegisterID* emitPutByIndex(RegisterID* base, unsigned index, RegisterID* value); - void emitPutGetterSetter(RegisterID* base, const Identifier& property, RegisterID* getter, RegisterID* setter); - - ExpectedFunction expectedFunctionForIdentifier(const Identifier&); - RegisterID* emitCall(RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd); - RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd); - RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd); - void emitEnumeration(ThrowableExpressionData* enumerationNode, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack); - - RegisterID* emitReturn(RegisterID* src); + RegisterID* emitAssert(RegisterID* condition, int line); + + void emitPutGetterById(RegisterID* base, const Identifier& property, unsigned propertyDescriptorOptions, RegisterID* getter); + void emitPutSetterById(RegisterID* base, const Identifier& property, unsigned propertyDescriptorOptions, RegisterID* setter); + void emitPutGetterSetter(RegisterID* base, const Identifier& property, unsigned attributes, RegisterID* getter, RegisterID* setter); + void emitPutGetterByVal(RegisterID* base, RegisterID* property, unsigned propertyDescriptorOptions, RegisterID* getter); + void emitPutSetterByVal(RegisterID* base, RegisterID* property, unsigned propertyDescriptorOptions, RegisterID* setter); + + RegisterID* emitGetArgument(RegisterID* dst, int32_t index); + + // Initialize object with generator fields (@generatorThis, @generatorNext, @generatorState, @generatorFrame) + void emitPutGeneratorFields(RegisterID* nextFunction); + + ExpectedFunction expectedFunctionForIdentifier(const Identifier&); + RegisterID* emitCall(RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + RegisterID* emitCallInTailPosition(RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + RegisterID* emitCallVarargsInTailPosition(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + RegisterID* emitCallForwardArgumentsInTailPosition(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + + enum PropertyDescriptorOption { + PropertyConfigurable = 1, + PropertyWritable = 1 << 1, + PropertyEnumerable = 1 << 2, + }; + void emitCallDefineProperty(RegisterID* newObj, RegisterID* propertyNameRegister, + RegisterID* valueRegister, RegisterID* getterRegister, RegisterID* setterRegister, unsigned options, const JSTextPosition&); + + void emitEnumeration(ThrowableExpressionData* enumerationNode, ExpressionNode* subjectNode, const std::function<void(BytecodeGenerator&, RegisterID*)>& callBack, ForOfNode* = nullptr, RegisterID* forLoopSymbolTable = nullptr); + + RegisterID* emitGetTemplateObject(RegisterID* dst, TaggedTemplateNode*); + RegisterID* emitGetGlobalPrivate(RegisterID* dst, const Identifier& property); + + enum class ReturnFrom { Normal, Finally }; + RegisterID* emitReturn(RegisterID* src, ReturnFrom = ReturnFrom::Normal); RegisterID* emitEnd(RegisterID* src) { return emitUnaryNoDstOp(op_end, src); } RegisterID* emitConstruct(RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd); @@ -394,28 +688,80 @@ namespace JSC { void emitToPrimitive(RegisterID* dst, RegisterID* src); ResolveType resolveType(); - RegisterID* emitResolveScope(RegisterID* dst, const Identifier&); - RegisterID* emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier&, ResolveMode); - RegisterID* emitPutToScope(RegisterID* scope, const Identifier&, RegisterID* value, ResolveMode); + RegisterID* emitResolveConstantLocal(RegisterID* dst, const Variable&); + RegisterID* emitResolveScope(RegisterID* dst, const Variable&); + RegisterID* emitGetFromScope(RegisterID* dst, RegisterID* scope, const Variable&, ResolveMode); + RegisterID* emitPutToScope(RegisterID* scope, const Variable&, RegisterID* value, ResolveMode, InitializationMode); + RegisterID* initializeVariable(const Variable&, RegisterID* value); - PassRefPtr<Label> emitLabel(Label*); + void emitLabel(Label&); void emitLoopHint(); - PassRefPtr<Label> emitJump(Label* target); - PassRefPtr<Label> emitJumpIfTrue(RegisterID* cond, Label* target); - PassRefPtr<Label> emitJumpIfFalse(RegisterID* cond, Label* target); - PassRefPtr<Label> emitJumpIfNotFunctionCall(RegisterID* cond, Label* target); - PassRefPtr<Label> emitJumpIfNotFunctionApply(RegisterID* cond, Label* target); - void emitPopScopes(int targetScopeDepth); - - RegisterID* emitGetPropertyNames(RegisterID* dst, RegisterID* base, RegisterID* i, RegisterID* size, Label* breakTarget); - RegisterID* emitNextPropertyName(RegisterID* dst, RegisterID* base, RegisterID* i, RegisterID* size, RegisterID* iter, Label* target); - - void emitReadOnlyExceptionIfNeeded(); + void emitJump(Label& target); + void emitJumpIfTrue(RegisterID* cond, Label& target); + void emitJumpIfFalse(RegisterID* cond, Label& target); + void emitJumpIfNotFunctionCall(RegisterID* cond, Label& target); + void emitJumpIfNotFunctionApply(RegisterID* cond, Label& target); + + void emitEnter(); + void emitWatchdog(); + + RegisterID* emitHasIndexedProperty(RegisterID* dst, RegisterID* base, RegisterID* propertyName); + RegisterID* emitHasStructureProperty(RegisterID* dst, RegisterID* base, RegisterID* propertyName, RegisterID* enumerator); + RegisterID* emitHasGenericProperty(RegisterID* dst, RegisterID* base, RegisterID* propertyName); + RegisterID* emitGetPropertyEnumerator(RegisterID* dst, RegisterID* base); + RegisterID* emitGetEnumerableLength(RegisterID* dst, RegisterID* base); + RegisterID* emitGetStructurePropertyEnumerator(RegisterID* dst, RegisterID* base, RegisterID* length); + RegisterID* emitGetGenericPropertyEnumerator(RegisterID* dst, RegisterID* base, RegisterID* length, RegisterID* structureEnumerator); + RegisterID* emitEnumeratorStructurePropertyName(RegisterID* dst, RegisterID* enumerator, RegisterID* index); + RegisterID* emitEnumeratorGenericPropertyName(RegisterID* dst, RegisterID* enumerator, RegisterID* index); + RegisterID* emitToIndexString(RegisterID* dst, RegisterID* index); + + RegisterID* emitIsCellWithType(RegisterID* dst, RegisterID* src, JSType); + RegisterID* emitIsJSArray(RegisterID* dst, RegisterID* src) { return emitIsCellWithType(dst, src, ArrayType); } + RegisterID* emitIsProxyObject(RegisterID* dst, RegisterID* src) { return emitIsCellWithType(dst, src, ProxyObjectType); } + RegisterID* emitIsRegExpObject(RegisterID* dst, RegisterID* src) { return emitIsCellWithType(dst, src, RegExpObjectType); } + RegisterID* emitIsMap(RegisterID* dst, RegisterID* src) { return emitIsCellWithType(dst, src, JSMapType); } + RegisterID* emitIsSet(RegisterID* dst, RegisterID* src) { return emitIsCellWithType(dst, src, JSSetType); } + RegisterID* emitIsObject(RegisterID* dst, RegisterID* src); + RegisterID* emitIsNumber(RegisterID* dst, RegisterID* src); + RegisterID* emitIsUndefined(RegisterID* dst, RegisterID* src); + RegisterID* emitIsEmpty(RegisterID* dst, RegisterID* src); + RegisterID* emitIsDerivedArray(RegisterID* dst, RegisterID* src) { return emitIsCellWithType(dst, src, DerivedArrayType); } + void emitRequireObjectCoercible(RegisterID* value, const String& error); + + RegisterID* emitIteratorNext(RegisterID* dst, RegisterID* iterator, const ThrowableExpressionData* node); + RegisterID* emitIteratorNextWithValue(RegisterID* dst, RegisterID* iterator, RegisterID* value, const ThrowableExpressionData* node); + void emitIteratorClose(RegisterID* iterator, const ThrowableExpressionData* node); + + RegisterID* emitRestParameter(RegisterID* result, unsigned numParametersToSkip); + + bool emitReadOnlyExceptionIfNeeded(const Variable&); // Start a try block. 'start' must have been emitted. - TryData* pushTry(Label* start); + TryData* pushTry(Label& start, Label& handlerLabel, HandlerType); // End a try block. 'end' must have been emitted. - RegisterID* popTryAndEmitCatch(TryData*, RegisterID* targetRegister, Label* end); + void popTry(TryData*, Label& end); + void emitCatch(RegisterID* exceptionRegister, RegisterID* thrownValueRegister); + + private: + static const int CurrentLexicalScopeIndex = -2; + static const int OutermostLexicalScopeIndex = -1; + + int currentLexicalScopeIndex() const + { + int size = static_cast<int>(m_lexicalScopeStack.size()); + ASSERT(static_cast<size_t>(size) == m_lexicalScopeStack.size()); + ASSERT(size >= 0); + if (!size) + return OutermostLexicalScopeIndex; + return size - 1; + } + + public: + void restoreScopeRegister(); + void restoreScopeRegister(int lexicalScopeIndex); + + int labelScopeDepthToLexicalScopeIndex(int labelScopeDepth); void emitThrow(RegisterID* exc) { @@ -423,48 +769,157 @@ namespace JSC { emitUnaryNoDstOp(op_throw, exc); } + void emitThrowStaticError(ErrorType, RegisterID*); + void emitThrowStaticError(ErrorType, const Identifier& message); void emitThrowReferenceError(const String& message); + void emitThrowTypeError(const String& message); + void emitThrowTypeError(const Identifier& message); + void emitThrowRangeError(const Identifier& message); + void emitThrowOutOfMemoryError(); + + void emitPushCatchScope(VariableEnvironment&); + void emitPopCatchScope(VariableEnvironment&); + + void emitGetScope(); + RegisterID* emitPushWithScope(RegisterID* objectScope); + void emitPopWithScope(); + void emitPutThisToArrowFunctionContextScope(); + void emitPutNewTargetToArrowFunctionContextScope(); + void emitPutDerivedConstructorToArrowFunctionContextScope(); + RegisterID* emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment(); + + void emitDebugHook(DebugHookType, const JSTextPosition&); + void emitDebugHook(DebugHookType, unsigned line, unsigned charOffset, unsigned lineStart); + void emitDebugHook(StatementNode*); + void emitDebugHook(ExpressionNode*); + void emitWillLeaveCallFrameDebugHook(); + + class CompletionRecordScope { + public: + CompletionRecordScope(BytecodeGenerator& generator, bool needCompletionRecordRegisters = true) + : m_generator(generator) + { + if (needCompletionRecordRegisters && m_generator.allocateCompletionRecordRegisters()) + m_needToReleaseOnDestruction = true; + } + ~CompletionRecordScope() + { + if (m_needToReleaseOnDestruction) + m_generator.releaseCompletionRecordRegisters(); + } - void emitPushNameScope(const Identifier& property, RegisterID* value, unsigned attributes); - - RegisterID* emitPushWithScope(RegisterID* scope); - void emitPopScope(); - - void emitDebugHook(DebugHookID, unsigned line, unsigned charOffset, unsigned lineStart); - - int scopeDepth() { return m_localScopeDepth + m_finallyDepth; } - bool hasFinaliser() { return m_finallyDepth != 0; } - - void pushFinallyContext(StatementNode* finallyBlock); - void popFinallyContext(); + private: + BytecodeGenerator& m_generator; + bool m_needToReleaseOnDestruction { false }; + }; - void pushOptimisedForIn(RegisterID* expectedSubscript, RegisterID* iter, RegisterID* index, RegisterID* propertyRegister) + RegisterID* completionTypeRegister() const { - ForInContext context = { expectedSubscript, iter, index, propertyRegister }; - m_forInContextStack.append(context); + ASSERT(m_completionTypeRegister); + return m_completionTypeRegister.get(); + } + RegisterID* completionValueRegister() const + { + ASSERT(m_completionValueRegister); + return m_completionValueRegister.get(); } - void popOptimisedForIn() + void emitSetCompletionType(CompletionType type) + { + emitLoad(completionTypeRegister(), JSValue(static_cast<int>(type))); + } + void emitSetCompletionValue(RegisterID* reg) { - m_forInContextStack.removeLast(); + emitMove(completionValueRegister(), reg); } - LabelScope* breakTarget(const Identifier&); - LabelScope* continueTarget(const Identifier&); + void emitJumpIf(OpcodeID compareOpcode, RegisterID* completionTypeRegister, CompletionType, Label& jumpTarget); + + bool emitJumpViaFinallyIfNeeded(int targetLabelScopeDepth, Label& jumpTarget); + bool emitReturnViaFinallyIfNeeded(RegisterID* returnRegister); + void emitFinallyCompletion(FinallyContext&, RegisterID* completionTypeRegister, Label& normalCompletionLabel); + + private: + bool allocateCompletionRecordRegisters(); + void releaseCompletionRecordRegisters(); + + public: + FinallyContext* pushFinallyControlFlowScope(Label& finallyLabel); + FinallyContext popFinallyControlFlowScope(); + + void pushIndexedForInScope(RegisterID* local, RegisterID* index); + void popIndexedForInScope(RegisterID* local); + void pushStructureForInScope(RegisterID* local, RegisterID* index, RegisterID* property, RegisterID* enumerator); + void popStructureForInScope(RegisterID* local); + void invalidateForInContextForLocal(RegisterID* local); + + LabelScopePtr breakTarget(const Identifier&); + LabelScopePtr continueTarget(const Identifier&); void beginSwitch(RegisterID*, SwitchInfo::SwitchType); - void endSwitch(uint32_t clauseCount, RefPtr<Label>*, ExpressionNode**, Label* defaultLabel, int32_t min, int32_t range); + void endSwitch(uint32_t clauseCount, const Vector<Ref<Label>, 8>&, ExpressionNode**, Label& defaultLabel, int32_t min, int32_t range); + + void emitYieldPoint(RegisterID*); + + void emitGeneratorStateLabel(); + void emitGeneratorStateChange(int32_t state); + RegisterID* emitYield(RegisterID* argument); + RegisterID* emitDelegateYield(RegisterID* argument, ThrowableExpressionData*); + RegisterID* generatorStateRegister() { return &m_parameters[static_cast<int32_t>(JSGeneratorFunction::GeneratorArgument::State)]; } + RegisterID* generatorValueRegister() { return &m_parameters[static_cast<int32_t>(JSGeneratorFunction::GeneratorArgument::Value)]; } + RegisterID* generatorResumeModeRegister() { return &m_parameters[static_cast<int32_t>(JSGeneratorFunction::GeneratorArgument::ResumeMode)]; } + RegisterID* generatorFrameRegister() { return &m_parameters[static_cast<int32_t>(JSGeneratorFunction::GeneratorArgument::Frame)]; } CodeType codeType() const { return m_codeType; } - bool shouldEmitProfileHooks() { return m_shouldEmitProfileHooks; } bool shouldEmitDebugHooks() { return m_shouldEmitDebugHooks; } bool isStrictMode() const { return m_codeBlock->isStrictMode(); } + SourceParseMode parseMode() const { return m_codeBlock->parseMode(); } + + bool isBuiltinFunction() const { return m_isBuiltinFunction; } + + OpcodeID lastOpcodeID() const { return m_lastOpcodeID; } + + bool isDerivedConstructorContext() { return m_derivedContextType == DerivedContextType::DerivedConstructorContext; } + bool isDerivedClassContext() { return m_derivedContextType == DerivedContextType::DerivedMethodContext; } + bool isArrowFunction() { return m_codeBlock->isArrowFunction(); } + + enum class TDZCheckOptimization { Optimize, DoNotOptimize }; + enum class NestedScopeType { IsNested, IsNotNested }; private: - friend class Label; + enum class TDZRequirement { UnderTDZ, NotUnderTDZ }; + enum class ScopeType { CatchScope, LetConstScope, FunctionNameScope }; + enum class ScopeRegisterType { Var, Block }; + void pushLexicalScopeInternal(VariableEnvironment&, TDZCheckOptimization, NestedScopeType, RegisterID** constantSymbolTableResult, TDZRequirement, ScopeType, ScopeRegisterType); + void initializeBlockScopedFunctions(VariableEnvironment&, FunctionStack&, RegisterID* constantSymbolTable); + void popLexicalScopeInternal(VariableEnvironment&); + template<typename LookUpVarKindFunctor> + bool instantiateLexicalVariables(const VariableEnvironment&, SymbolTable*, ScopeRegisterType, LookUpVarKindFunctor); + void emitPrefillStackTDZVariables(const VariableEnvironment&, SymbolTable*); + void emitPopScope(RegisterID* dst, RegisterID* scope); + RegisterID* emitGetParentScope(RegisterID* dst, RegisterID* scope); + void emitPushFunctionNameScope(const Identifier& property, RegisterID* value, bool isCaptured); + void emitNewFunctionExpressionCommon(RegisterID*, FunctionMetadataNode*); + bool isNewTargetUsedInInnerArrowFunction(); + bool isArgumentsUsedInInnerArrowFunction(); + + public: + bool isSuperUsedInInnerArrowFunction(); + bool isSuperCallUsedInInnerArrowFunction(); + bool isThisUsedInInnerArrowFunction(); + void pushLexicalScope(VariableEnvironmentNode*, TDZCheckOptimization, NestedScopeType = NestedScopeType::IsNotNested, RegisterID** constantSymbolTableResult = nullptr, bool shouldInitializeBlockScopedFunctions = true); + void popLexicalScope(VariableEnvironmentNode*); + void prepareLexicalScopeForNextForLoopIteration(VariableEnvironmentNode*, RegisterID* loopSymbolTable); + int labelScopeDepth() const; + + private: + ParserError generate(); + void reclaimFreeRegisters(); + Variable variableForLocalEntry(const Identifier&, const SymbolTableEntry&, int symbolTableConstantIndex, bool isLexicallyScoped); + void emitOpcode(OpcodeID); UnlinkedArrayAllocationProfile newArrayAllocationProfile(); UnlinkedObjectAllocationProfile newObjectAllocationProfile(); @@ -482,203 +937,219 @@ namespace JSC { ALWAYS_INLINE void rewindBinaryOp(); ALWAYS_INLINE void rewindUnaryOp(); - void emitComplexPopScopes(ControlFlowContext* topScope, ControlFlowContext* bottomScope); + void allocateCalleeSaveSpace(); + void allocateAndEmitScope(); typedef HashMap<double, JSValue> NumberMap; - typedef HashMap<StringImpl*, JSString*, IdentifierRepHash> IdentifierStringMap; + typedef HashMap<UniquedStringImpl*, JSString*, IdentifierRepHash> IdentifierStringMap; + typedef HashMap<Ref<TemplateRegistryKey>, JSTemplateRegistryKey*> TemplateRegistryKeyMap; // Helper for emitCall() and emitConstruct(). This works because the set of // expected functions have identical behavior for both call and construct // (i.e. "Object()" is identical to "new Object()"). - ExpectedFunction emitExpectedFunctionSnippet(RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, Label* done); + ExpectedFunction emitExpectedFunctionSnippet(RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, Label& done); - RegisterID* emitCall(OpcodeID, RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd); + RegisterID* emitCall(OpcodeID, RegisterID* dst, RegisterID* func, ExpectedFunction, CallArguments&, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); RegisterID* newRegister(); - // Adds a var slot and maps it to the name ident in symbolTable(). - enum WatchMode { IsWatchable, NotWatchable }; - RegisterID* addVar(const Identifier& ident, ConstantMode constantMode, WatchMode watchMode) - { - RegisterID* local; - addVar(ident, constantMode, watchMode, local); - return local; - } - - // Ditto. Returns true if a new RegisterID was added, false if a pre-existing RegisterID was re-used. - bool addVar(const Identifier&, ConstantMode, WatchMode, RegisterID*&); - - // Adds an anonymous var slot. To give this slot a name, add it to symbolTable(). + // Adds an anonymous local var slot. To give this slot a name, add it to symbolTable(). RegisterID* addVar() { ++m_codeBlock->m_numVars; - return newRegister(); + RegisterID* result = newRegister(); + ASSERT(VirtualRegister(result->index()).toLocal() == m_codeBlock->m_numVars - 1); + result->ref(); // We should never free this slot. + return result; } - // Returns the index of the added var. - void addParameter(const Identifier&, int parameterIndex); - RegisterID* resolveCallee(FunctionBodyNode*); - void addCallee(FunctionBodyNode*, RegisterID*); - - void preserveLastVar(); - - RegisterID& registerFor(int index) + // Initializes the stack form the parameter; does nothing for the symbol table. + RegisterID* initializeNextParameter(); + UniquedStringImpl* visibleNameForParameter(DestructuringPatternNode*); + + RegisterID& registerFor(VirtualRegister reg) { - if (operandIsLocal(index)) - return m_calleeRegisters[VirtualRegister(index).toLocal()]; + if (reg.isLocal()) + return m_calleeLocals[reg.toLocal()]; - if (index == JSStack::Callee) + if (reg.offset() == CallFrameSlot::callee) return m_calleeRegister; ASSERT(m_parameters.size()); - return m_parameters[VirtualRegister(index).toArgument()]; + return m_parameters[reg.toArgument()]; } + bool hasConstant(const Identifier&) const; unsigned addConstant(const Identifier&); - RegisterID* addConstantValue(JSValue); + RegisterID* addConstantValue(JSValue, SourceCodeRepresentation = SourceCodeRepresentation::Other); RegisterID* addConstantEmptyValue(); unsigned addRegExp(RegExp*); unsigned addConstantBuffer(unsigned length); - UnlinkedFunctionExecutable* makeFunction(FunctionBodyNode* body) + UnlinkedFunctionExecutable* makeFunction(FunctionMetadataNode* metadata) { - return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), body); - } - - RegisterID* emitInitLazyRegister(RegisterID*); + DerivedContextType newDerivedContextType = DerivedContextType::None; - public: - JSString* addStringConstant(const Identifier&); - - Vector<UnlinkedInstruction, 0, UnsafeVectorOverflow>& instructions() { return m_instructions; } + if (SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(metadata->parseMode())) { + if (constructorKind() == ConstructorKind::Extends || isDerivedConstructorContext()) + newDerivedContextType = DerivedContextType::DerivedConstructorContext; + else if (m_codeBlock->isClassContext() || isDerivedClassContext()) + newDerivedContextType = DerivedContextType::DerivedMethodContext; + } - SymbolTable& symbolTable() { return *m_symbolTable; } + VariableEnvironment variablesUnderTDZ; + getVariablesUnderTDZ(variablesUnderTDZ); - bool shouldOptimizeLocals() - { - if (m_codeType != FunctionCode) - return false; + // FIXME: These flags, ParserModes and propagation to XXXCodeBlocks should be reorganized. + // https://bugs.webkit.org/show_bug.cgi?id=151547 + SourceParseMode parseMode = metadata->parseMode(); + ConstructAbility constructAbility = constructAbilityForParseMode(parseMode); + if (parseMode == SourceParseMode::MethodMode && metadata->constructorKind() != ConstructorKind::None) + constructAbility = ConstructAbility::CanConstruct; - if (m_localScopeDepth) - return false; - - return true; + return UnlinkedFunctionExecutable::create(m_vm, m_scopeNode->source(), metadata, isBuiltinFunction() ? UnlinkedBuiltinFunction : UnlinkedNormalFunction, constructAbility, scriptMode(), variablesUnderTDZ, newDerivedContextType); } - bool canOptimizeNonLocals() - { - if (m_localScopeDepth) - return false; + void getVariablesUnderTDZ(VariableEnvironment&); - if (m_codeType == EvalCode) - return false; + RegisterID* emitConstructVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + RegisterID* emitCallVarargs(OpcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd, DebuggableCall); + + void emitLogShadowChickenPrologueIfNecessary(); + void emitLogShadowChickenTailIfNecessary(); - if (m_codeType == FunctionCode && m_codeBlock->usesEval()) - return false; + void initializeParameters(FunctionParameters&); + void initializeVarLexicalEnvironment(int symbolTableConstantIndex, SymbolTable* functionSymbolTable, bool hasCapturedVariables); + void initializeDefaultParameterValuesAndSetupFunctionScopeStack(FunctionParameters&, bool isSimpleParameterList, FunctionNode*, SymbolTable*, int symbolTableConstantIndex, const std::function<bool (UniquedStringImpl*)>& captures, bool shouldCreateArgumentsVariableInParameterScope); + void initializeArrowFunctionContextScopeIfNeeded(SymbolTable* functionSymbolTable = nullptr, bool canReuseLexicalEnvironment = false); + bool needsDerivedConstructorInArrowFunctionLexicalEnvironment(); - return true; - } + public: + JSString* addStringConstant(const Identifier&); + JSTemplateRegistryKey* addTemplateRegistryKeyConstant(Ref<TemplateRegistryKey>&&); - bool shouldTearOffArgumentsEagerly() - { - return m_codeType == FunctionCode && isStrictMode() && m_scopeNode->modifiesParameter(); - } + Vector<UnlinkedInstruction, 0, UnsafeVectorOverflow>& instructions() { return m_instructions; } RegisterID* emitThrowExpressionTooDeepException(); - void createArgumentsIfNecessary(); - void createActivationIfNecessary(); - RegisterID* createLazyRegisterIfNecessary(RegisterID*); - - unsigned watchableVariable(int operand) - { - VirtualRegister reg(operand); - if (!reg.isLocal()) - return UINT_MAX; - if (static_cast<size_t>(reg.toLocal()) >= m_watchableVariables.size()) - return UINT_MAX; - Identifier& ident = m_watchableVariables[reg.toLocal()]; - if (ident.isNull()) - return UINT_MAX; - return addConstant(ident); - } - - bool hasWatchableVariable(int operand) - { - return watchableVariable(operand) != UINT_MAX; - } - + private: Vector<UnlinkedInstruction, 0, UnsafeVectorOverflow> m_instructions; bool m_shouldEmitDebugHooks; - bool m_shouldEmitProfileHooks; - - SymbolTable* m_symbolTable; - ScopeNode* m_scopeNode; + struct LexicalScopeStackEntry { + SymbolTable* m_symbolTable; + RegisterID* m_scope; + bool m_isWithScope; + int m_symbolTableConstantIndex; + }; + Vector<LexicalScopeStackEntry> m_lexicalScopeStack; + enum class TDZNecessityLevel { + NotNeeded, + Optimize, + DoNotOptimize + }; + typedef HashMap<RefPtr<UniquedStringImpl>, TDZNecessityLevel, IdentifierRepHash> TDZMap; + Vector<TDZMap> m_TDZStack; + std::optional<size_t> m_varScopeLexicalScopeStackIndex; + void pushTDZVariables(const VariableEnvironment&, TDZCheckOptimization, TDZRequirement); + + ScopeNode* const m_scopeNode; Strong<UnlinkedCodeBlock> m_codeBlock; // Some of these objects keep pointers to one another. They are arranged // to ensure a sane destruction order that avoids references to freed memory. - HashSet<RefPtr<StringImpl>, IdentifierRepHash> m_functions; + HashSet<RefPtr<UniquedStringImpl>, IdentifierRepHash> m_functions; RegisterID m_ignoredResultRegister; RegisterID m_thisRegister; RegisterID m_calleeRegister; - RegisterID* m_activationRegister; - RegisterID* m_emptyValueRegister; - RegisterID* m_globalObjectRegister; - Vector<Identifier, 16> m_watchableVariables; + RegisterID* m_scopeRegister { nullptr }; + RegisterID* m_topMostScope { nullptr }; + RegisterID* m_argumentsRegister { nullptr }; + RegisterID* m_lexicalEnvironmentRegister { nullptr }; + RegisterID* m_generatorRegister { nullptr }; + RegisterID* m_emptyValueRegister { nullptr }; + RegisterID* m_globalObjectRegister { nullptr }; + RegisterID* m_newTargetRegister { nullptr }; + RegisterID* m_isDerivedConstuctor { nullptr }; + RegisterID* m_linkTimeConstantRegisters[LinkTimeConstantCount]; + RegisterID* m_arrowFunctionContextLexicalEnvironmentRegister { nullptr }; + RegisterID* m_promiseCapabilityRegister { nullptr }; + + RefPtr<RegisterID> m_completionTypeRegister; + RefPtr<RegisterID> m_completionValueRegister; + + FinallyContext* m_currentFinallyContext { nullptr }; + + SegmentedVector<RegisterID*, 16> m_localRegistersForCalleeSaveRegisters; SegmentedVector<RegisterID, 32> m_constantPoolRegisters; - SegmentedVector<RegisterID, 32> m_calleeRegisters; + SegmentedVector<RegisterID, 32> m_calleeLocals; SegmentedVector<RegisterID, 32> m_parameters; SegmentedVector<Label, 32> m_labels; LabelScopeStore m_labelScopes; - RefPtr<RegisterID> m_lastVar; - int m_finallyDepth; - int m_localScopeDepth; - CodeType m_codeType; + unsigned m_finallyDepth { 0 }; + int m_localScopeDepth { 0 }; + const CodeType m_codeType; + + int localScopeDepth() const; + void pushLocalControlFlowScope(); + void popLocalControlFlowScope(); - Vector<ControlFlowContext, 0, UnsafeVectorOverflow> m_scopeContextStack; + // FIXME: Restore overflow checking with UnsafeVectorOverflow once SegmentVector supports it. + // https://bugs.webkit.org/show_bug.cgi?id=165980 + SegmentedVector<ControlFlowScope, 16> m_controlFlowScopeStack; Vector<SwitchInfo> m_switchContextStack; - Vector<ForInContext> m_forInContextStack; + Vector<Ref<ForInContext>> m_forInContextStack; Vector<TryContext> m_tryContextStack; + unsigned m_yieldPoints { 0 }; + + Strong<SymbolTable> m_generatorFrameSymbolTable; + int m_generatorFrameSymbolTableIndex { 0 }; + + enum FunctionVariableType : uint8_t { NormalFunctionVariable, GlobalFunctionVariable }; + Vector<std::pair<FunctionMetadataNode*, FunctionVariableType>> m_functionsToInitialize; + bool m_needToInitializeArguments { false }; + RestParameterNode* m_restParameter { nullptr }; Vector<TryRange> m_tryRanges; SegmentedVector<TryData, 8> m_tryData; - int m_firstConstantIndex; - int m_nextConstantOffset; - unsigned m_globalConstantIndex; - - int m_globalVarStorageOffset; + int m_nextConstantOffset { 0 }; - bool m_hasCreatedActivation; - int m_firstLazyFunction; - int m_lastLazyFunction; - HashMap<unsigned int, FunctionBodyNode*, WTF::IntHash<unsigned int>, WTF::UnsignedWithZeroKeyHashTraits<unsigned int>> m_lazyFunctions; - typedef HashMap<FunctionBodyNode*, unsigned> FunctionOffsetMap; + typedef HashMap<FunctionMetadataNode*, unsigned> FunctionOffsetMap; FunctionOffsetMap m_functionOffsets; // Constant pool IdentifierMap m_identifierMap; + + typedef HashMap<EncodedJSValueWithRepresentation, unsigned, EncodedJSValueWithRepresentationHash, EncodedJSValueWithRepresentationHashTraits> JSValueMap; JSValueMap m_jsValueMap; - NumberMap m_numberMap; IdentifierStringMap m_stringMap; + TemplateRegistryKeyMap m_templateRegistryKeyMap; - StaticPropertyAnalyzer m_staticPropertyAnalyzer; + StaticPropertyAnalyzer m_staticPropertyAnalyzer { &m_instructions }; VM* m_vm; - OpcodeID m_lastOpcodeID; + OpcodeID m_lastOpcodeID = op_end; #ifndef NDEBUG - size_t m_lastOpcodePosition; + size_t m_lastOpcodePosition { 0 }; #endif - bool m_usesExceptions; - bool m_expressionTooDeep; + bool m_usesExceptions { false }; + bool m_expressionTooDeep { false }; + bool m_isBuiltinFunction { false }; + bool m_usesNonStrictEval { false }; + bool m_inTailPosition { false }; + bool m_needsToUpdateArrowFunctionContext; + DerivedContextType m_derivedContextType { DerivedContextType::None }; }; -} +} // namespace JSC + +namespace WTF { + +void printInternal(PrintStream&, JSC::Variable::VariableKind); -#endif // BytecodeGenerator_h +} // namespace WTF diff --git a/Source/JavaScriptCore/bytecompiler/Label.h b/Source/JavaScriptCore/bytecompiler/Label.h index d29ab8ff3..eabfb493d 100644 --- a/Source/JavaScriptCore/bytecompiler/Label.h +++ b/Source/JavaScriptCore/bytecompiler/Label.h @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,8 +26,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef Label_h -#define Label_h +#pragma once #include "CodeBlock.h" #include "Instruction.h" @@ -40,8 +39,9 @@ namespace JSC { class BytecodeGenerator; class Label { + WTF_MAKE_NONCOPYABLE(Label); public: - explicit Label(BytecodeGenerator* generator) + explicit Label(BytecodeGenerator& generator) : m_refCount(0) , m_location(invalidLocation) , m_generator(generator) @@ -82,10 +82,8 @@ namespace JSC { int m_refCount; unsigned m_location; - BytecodeGenerator* m_generator; + BytecodeGenerator& m_generator; mutable JumpVector m_unresolvedJumps; }; } // namespace JSC - -#endif // Label_h diff --git a/Source/JavaScriptCore/bytecompiler/LabelScope.h b/Source/JavaScriptCore/bytecompiler/LabelScope.h index 2df6f1b9b..4d76133f1 100644 --- a/Source/JavaScriptCore/bytecompiler/LabelScope.h +++ b/Source/JavaScriptCore/bytecompiler/LabelScope.h @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,10 +26,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef LabelScope_h -#define LabelScope_h +#pragma once -#include <wtf/PassRefPtr.h> #include "Label.h" namespace JSC { @@ -40,18 +38,18 @@ namespace JSC { public: enum Type { Loop, Switch, NamedLabel }; - LabelScope(Type type, const Identifier* name, int scopeDepth, PassRefPtr<Label> breakTarget, PassRefPtr<Label> continueTarget) + LabelScope(Type type, const Identifier* name, int scopeDepth, Ref<Label>&& breakTarget, RefPtr<Label>&& continueTarget) : m_refCount(0) , m_type(type) , m_name(name) , m_scopeDepth(scopeDepth) - , m_breakTarget(breakTarget) - , m_continueTarget(continueTarget) + , m_breakTarget(WTFMove(breakTarget)) + , m_continueTarget(WTFMove(continueTarget)) { } int refCount() const { return m_refCount; } - Label* breakTarget() const { return m_breakTarget.get(); } + Label& breakTarget() const { return m_breakTarget.get(); } Label* continueTarget() const { return m_continueTarget.get(); } Type type() const { return m_type; } @@ -72,7 +70,7 @@ namespace JSC { Type m_type; const Identifier* m_name; int m_scopeDepth; - RefPtr<Label> m_breakTarget; + Ref<Label> m_breakTarget; RefPtr<Label> m_continueTarget; }; @@ -85,8 +83,8 @@ namespace JSC { , m_index(0) { } - LabelScopePtr(LabelScopeStore* owner, size_t index) - : m_owner(owner) + LabelScopePtr(LabelScopeStore& owner, size_t index) + : m_owner(&owner) , m_index(index) { m_owner->at(index).ref(); @@ -117,16 +115,18 @@ namespace JSC { m_owner->at(m_index).deref(); } + bool operator!() const { return !m_owner; } + LabelScope& operator*() { ASSERT(m_owner); return m_owner->at(m_index); } LabelScope* operator->() { ASSERT(m_owner); return &m_owner->at(m_index); } const LabelScope& operator*() const { ASSERT(m_owner); return m_owner->at(m_index); } const LabelScope* operator->() const { ASSERT(m_owner); return &m_owner->at(m_index); } + static LabelScopePtr null() { return LabelScopePtr(); } + private: LabelScopeStore* m_owner; size_t m_index; }; } // namespace JSC - -#endif // LabelScope_h diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp index 1ffd4f311..8f6f0582d 100644 --- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp +++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp @@ -1,7 +1,7 @@ /* * Copyright (C) 1999-2002 Harri Porten (porten@kde.org) * Copyright (C) 2001 Peter Kelly (pmk@post.com) -* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2012, 2013 Apple Inc. All rights reserved. +* Copyright (C) 2003-2017 Apple Inc. All rights reserved. * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca) * Copyright (C) 2007 Maks Orlovich * Copyright (C) 2007 Eric Seidel <eric@webkit.org> @@ -28,26 +28,21 @@ #include "Nodes.h" #include "NodeConstructors.h" +#include "BuiltinNames.h" #include "BytecodeGenerator.h" #include "CallFrame.h" -#include "Debugger.h" #include "JIT.h" +#include "JSCInlines.h" #include "JSFunction.h" +#include "JSGeneratorFunction.h" #include "JSGlobalObject.h" -#include "JSNameScope.h" -#include "JSONObject.h" #include "LabelScope.h" #include "Lexer.h" -#include "Operations.h" #include "Parser.h" -#include "PropertyNameArray.h" -#include "RegExpCache.h" -#include "RegExpObject.h" -#include "SamplingTool.h" #include "StackAlignment.h" #include <wtf/Assertions.h> -#include <wtf/RefCountedLeakCounter.h> #include <wtf/Threading.h> +#include <wtf/text/StringBuilder.h> using namespace WTF; @@ -76,7 +71,7 @@ namespace JSC { because the assignment node, "x =", passes r[x] as dst to the number node, "1". */ -void ExpressionNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void ExpressionNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { RegisterID* result = generator.emitNode(this); if (fallThroughMode == FallThroughMeansTrue) @@ -96,9 +91,15 @@ RegisterID* ThrowableExpressionData::emitThrowReferenceError(BytecodeGenerator& // ------------------------------ ConstantNode ---------------------------------- -void ConstantNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void ConstantNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { TriState value = jsValue(generator).pureToBoolean(); + + if (UNLIKELY(needsDebugHook())) { + if (value != MixedTriState) + generator.emitDebugHook(this); + } + if (value == MixedTriState) ExpressionNode::emitBytecodeInConditionContext(generator, trueTarget, falseTarget, fallThroughMode); else if (value == TrueTriState && fallThroughMode == FallThroughMeansFalse) @@ -121,6 +122,15 @@ JSValue StringNode::jsValue(BytecodeGenerator& generator) const return generator.addStringConstant(m_value); } +// ------------------------------ NumberNode ---------------------------------- + +RegisterID* NumberNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitLoad(dst, jsValue(generator), isIntegerNode() ? SourceCodeRepresentation::Integer : SourceCodeRepresentation::Double); +} + // ------------------------------ RegExpNode ----------------------------------- RegisterID* RegExpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) @@ -134,30 +144,222 @@ RegisterID* RegExpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* d RegisterID* ThisNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { + generator.ensureThis(); if (dst == generator.ignoredResult()) return 0; - return generator.moveToDestinationIfNeeded(dst, generator.thisRegister()); + + RegisterID* result = generator.moveToDestinationIfNeeded(dst, generator.thisRegister()); + static const unsigned thisLength = 4; + generator.emitProfileType(generator.thisRegister(), position(), JSTextPosition(-1, position().offset + thisLength, -1)); + return result; +} + +// ------------------------------ SuperNode ------------------------------------- + +static RegisterID* emitHomeObjectForCallee(BytecodeGenerator& generator) +{ + if (generator.isDerivedClassContext() || generator.isDerivedConstructorContext()) { + RegisterID* derivedConstructor = generator.emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment(); + return generator.emitGetById(generator.newTemporary(), derivedConstructor, generator.propertyNames().builtinNames().homeObjectPrivateName()); + } + + RegisterID callee; + callee.setIndex(CallFrameSlot::callee); + return generator.emitGetById(generator.newTemporary(), &callee, generator.propertyNames().builtinNames().homeObjectPrivateName()); +} + +static RegisterID* emitSuperBaseForCallee(BytecodeGenerator& generator) +{ + RefPtr<RegisterID> homeObject = emitHomeObjectForCallee(generator); + return generator.emitGetById(generator.newTemporary(), homeObject.get(), generator.propertyNames().underscoreProto); +} + +static RegisterID* emitGetSuperFunctionForConstruct(BytecodeGenerator& generator) +{ + if (generator.isDerivedConstructorContext()) + return generator.emitGetById(generator.newTemporary(), generator.emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment(), generator.propertyNames().underscoreProto); + + RegisterID callee; + callee.setIndex(CallFrameSlot::callee); + return generator.emitGetById(generator.newTemporary(), &callee, generator.propertyNames().underscoreProto); +} + +RegisterID* SuperNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RegisterID* result = emitSuperBaseForCallee(generator); + return generator.moveToDestinationIfNeeded(generator.finalDestination(dst), result); +} + +// ------------------------------ ImportNode ------------------------------------- + +RegisterID* ImportNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RefPtr<RegisterID> importModule = generator.emitGetGlobalPrivate(generator.newTemporary(), generator.propertyNames().builtinNames().importModulePrivateName()); + CallArguments arguments(generator, nullptr, 1); + generator.emitLoad(arguments.thisRegister(), jsUndefined()); + generator.emitNode(arguments.argumentRegister(0), m_expr); + return generator.emitCall(generator.finalDestination(dst, importModule.get()), importModule.get(), NoExpectedFunction, arguments, divot(), divotStart(), divotEnd(), DebuggableCall::No); +} + +// ------------------------------ NewTargetNode ---------------------------------- + +RegisterID* NewTargetNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (dst == generator.ignoredResult()) + return nullptr; + + return generator.moveToDestinationIfNeeded(dst, generator.newTarget()); } // ------------------------------ ResolveNode ---------------------------------- bool ResolveNode::isPure(BytecodeGenerator& generator) const { - return generator.local(m_ident).get(); + return generator.variable(m_ident).offset().isStack(); } RegisterID* ResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); if (dst == generator.ignoredResult()) - return 0; - return generator.moveToDestinationIfNeeded(dst, local.get()); + return nullptr; + + generator.emitProfileType(local, var, m_position, JSTextPosition(-1, m_position.offset + m_ident.length(), -1)); + return generator.moveToDestinationIfNeeded(dst, local); } JSTextPosition divot = m_start + m_ident.length(); generator.emitExpressionInfo(divot, m_start, divot); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident); - return generator.emitGetFromScope(generator.finalDestination(dst), scope.get(), m_ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var); + RegisterID* finalDest = generator.finalDestination(dst); + RegisterID* result = generator.emitGetFromScope(finalDest, scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, finalDest, nullptr); + generator.emitProfileType(finalDest, var, m_position, JSTextPosition(-1, m_position.offset + m_ident.length(), -1)); + return result; +} + +// ------------------------------ TemplateStringNode ----------------------------------- + +RegisterID* TemplateStringNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (dst == generator.ignoredResult()) + return nullptr; + ASSERT(cooked()); + return generator.emitLoad(dst, JSValue(generator.addStringConstant(*cooked()))); +} + +// ------------------------------ TemplateLiteralNode ----------------------------------- + +RegisterID* TemplateLiteralNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!m_templateExpressions) { + TemplateStringNode* templateString = m_templateStrings->value(); + ASSERT_WITH_MESSAGE(!m_templateStrings->next(), "Only one template element exists because there's no expression in a given template literal."); + return generator.emitNode(dst, templateString); + } + + Vector<RefPtr<RegisterID>, 16> temporaryRegisters; + + TemplateStringListNode* templateString = m_templateStrings; + TemplateExpressionListNode* templateExpression = m_templateExpressions; + for (; templateExpression; templateExpression = templateExpression->next(), templateString = templateString->next()) { + // Evaluate TemplateString. + ASSERT(templateString->value()->cooked()); + if (!templateString->value()->cooked()->isEmpty()) { + temporaryRegisters.append(generator.newTemporary()); + generator.emitNode(temporaryRegisters.last().get(), templateString->value()); + } + + // Evaluate Expression. + temporaryRegisters.append(generator.newTemporary()); + generator.emitNode(temporaryRegisters.last().get(), templateExpression->value()); + generator.emitToString(temporaryRegisters.last().get(), temporaryRegisters.last().get()); + } + + // Evaluate tail TemplateString. + ASSERT(templateString->value()->cooked()); + if (!templateString->value()->cooked()->isEmpty()) { + temporaryRegisters.append(generator.newTemporary()); + generator.emitNode(temporaryRegisters.last().get(), templateString->value()); + } + + if (temporaryRegisters.size() == 1) + return generator.emitToString(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get()); + + return generator.emitStrcat(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get(), temporaryRegisters.size()); +} + +// ------------------------------ TaggedTemplateNode ----------------------------------- + +RegisterID* TaggedTemplateNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ExpectedFunction expectedFunction = NoExpectedFunction; + RefPtr<RegisterID> tag = nullptr; + RefPtr<RegisterID> base = nullptr; + if (!m_tag->isLocation()) { + tag = generator.newTemporary(); + tag = generator.emitNode(tag.get(), m_tag); + } else if (m_tag->isResolveNode()) { + ResolveNode* resolve = static_cast<ResolveNode*>(m_tag); + const Identifier& identifier = resolve->identifier(); + expectedFunction = generator.expectedFunctionForIdentifier(identifier); + + Variable var = generator.variable(identifier); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + tag = generator.emitMove(generator.newTemporary(), local); + } else { + tag = generator.newTemporary(); + base = generator.newTemporary(); + + JSTextPosition newDivot = divotStart() + identifier.length(); + generator.emitExpressionInfo(newDivot, divotStart(), newDivot); + generator.moveToDestinationIfNeeded(base.get(), generator.emitResolveScope(base.get(), var)); + generator.emitGetFromScope(tag.get(), base.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, tag.get(), nullptr); + } + } else if (m_tag->isBracketAccessorNode()) { + BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(m_tag); + base = generator.newTemporary(); + base = generator.emitNode(base.get(), bracket->base()); + RefPtr<RegisterID> property = generator.emitNode(bracket->subscript()); + if (bracket->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + tag = generator.emitGetByVal(generator.newTemporary(), base.get(), thisValue.get(), property.get()); + } else + tag = generator.emitGetByVal(generator.newTemporary(), base.get(), property.get()); + } else { + ASSERT(m_tag->isDotAccessorNode()); + DotAccessorNode* dot = static_cast<DotAccessorNode*>(m_tag); + base = generator.newTemporary(); + base = generator.emitNode(base.get(), dot->base()); + if (dot->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + tag = generator.emitGetById(generator.newTemporary(), base.get(), thisValue.get(), dot->identifier()); + } else + tag = generator.emitGetById(generator.newTemporary(), base.get(), dot->identifier()); + } + + RefPtr<RegisterID> templateObject = generator.emitGetTemplateObject(generator.newTemporary(), this); + + unsigned expressionsCount = 0; + for (TemplateExpressionListNode* templateExpression = m_templateLiteral->templateExpressions(); templateExpression; templateExpression = templateExpression->next()) + ++expressionsCount; + + CallArguments callArguments(generator, nullptr, 1 + expressionsCount); + if (base) + generator.emitMove(callArguments.thisRegister(), base.get()); + else + generator.emitLoad(callArguments.thisRegister(), jsUndefined()); + + unsigned argumentIndex = 0; + generator.emitMove(callArguments.argumentRegister(argumentIndex++), templateObject.get()); + for (TemplateExpressionListNode* templateExpression = m_templateLiteral->templateExpressions(); templateExpression; templateExpression = templateExpression->next()) + generator.emitNode(callArguments.argumentRegister(argumentIndex++), templateExpression->value()); + + return generator.emitCallInTailPosition(generator.finalDestination(dst, tag.get()), tag.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } // ------------------------------ ArrayNode ------------------------------------ @@ -177,6 +379,21 @@ RegisterID* ArrayNode::emitBytecode(BytecodeGenerator& generator, RegisterID* ds if (!firstPutElement && !m_elision) return generator.emitNewArray(generator.finalDestination(dst), m_element, length); + if (firstPutElement && firstPutElement->value()->isSpreadExpression()) { + bool hasElision = false; + for (ElementNode* node = m_element; node; node = node->next()) { + if (!!node->elision()) { + hasElision = true; + break; + } + } + if (!!m_elision) + hasElision = true; + + if (!hasElision) + return generator.emitNewArrayWithSpread(generator.finalDestination(dst), m_element); + } + RefPtr<RegisterID> array = generator.emitNewArray(generator.tempDestination(dst), m_element, length); ElementNode* n = firstPutElement; for (; n; n = n->next()) { @@ -227,11 +444,13 @@ bool ArrayNode::isSimpleArray() const for (ElementNode* ptr = m_element; ptr; ptr = ptr->next()) { if (ptr->elision()) return false; + if (ptr->value()->isSpreadExpression()) + return false; } return true; } -ArgumentListNode* ArrayNode::toArgumentList(VM* vm, int lineNumber, int startPosition) const +ArgumentListNode* ArrayNode::toArgumentList(ParserArena& parserArena, int lineNumber, int startPosition) const { ASSERT(!m_elision && !m_optional); ElementNode* ptr = m_element; @@ -240,12 +459,12 @@ ArgumentListNode* ArrayNode::toArgumentList(VM* vm, int lineNumber, int startPos JSTokenLocation location; location.line = lineNumber; location.startOffset = startPosition; - ArgumentListNode* head = new (vm) ArgumentListNode(location, ptr->value()); + ArgumentListNode* head = new (parserArena) ArgumentListNode(location, ptr->value()); ArgumentListNode* tail = head; ptr = ptr->next(); for (; ptr; ptr = ptr->next()) { ASSERT(!ptr->elision()); - tail = new (vm) ArgumentListNode(location, tail, ptr->value()); + tail = new (parserArena) ArgumentListNode(location, tail, ptr->value()); } return head; } @@ -254,49 +473,59 @@ ArgumentListNode* ArrayNode::toArgumentList(VM* vm, int lineNumber, int startPos RegisterID* ObjectLiteralNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (!m_list) { - if (dst == generator.ignoredResult()) - return 0; - return generator.emitNewObject(generator.finalDestination(dst)); - } - return generator.emitNode(dst, m_list); + if (!m_list) { + if (dst == generator.ignoredResult()) + return 0; + return generator.emitNewObject(generator.finalDestination(dst)); + } + RefPtr<RegisterID> newObj = generator.emitNewObject(generator.tempDestination(dst)); + generator.emitNode(newObj.get(), m_list); + return generator.moveToDestinationIfNeeded(dst, newObj.get()); } // ------------------------------ PropertyListNode ----------------------------- +static inline void emitPutHomeObject(BytecodeGenerator& generator, RegisterID* function, RegisterID* homeObject) +{ + generator.emitPutById(function, generator.propertyNames().builtinNames().homeObjectPrivateName(), homeObject); +} + RegisterID* PropertyListNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> newObj = generator.tempDestination(dst); - - generator.emitNewObject(newObj.get()); - // Fast case: this loop just handles regular value properties. PropertyListNode* p = this; - for (; p && p->m_node->m_type == PropertyNode::Constant; p = p->m_next) { - if (p->m_node->m_name) { - generator.emitDirectPutById(newObj.get(), *p->m_node->name(), generator.emitNode(p->m_node->m_assign)); - continue; - } - RefPtr<RegisterID> propertyName = generator.emitNode(p->m_node->m_expression); - generator.emitDirectPutByVal(newObj.get(), propertyName.get(), generator.emitNode(p->m_node->m_assign)); - } + for (; p && (p->m_node->m_type & PropertyNode::Constant); p = p->m_next) + emitPutConstantProperty(generator, dst, *p->m_node); // Were there any get/set properties? if (p) { + // Build a list of getter/setter pairs to try to put them at the same time. If we encounter + // a computed property, just emit everything as that may override previous values. + bool hasComputedProperty = false; + typedef std::pair<PropertyNode*, PropertyNode*> GetterSetterPair; - typedef HashMap<StringImpl*, GetterSetterPair> GetterSetterMap; + typedef HashMap<UniquedStringImpl*, GetterSetterPair, IdentifierRepHash> GetterSetterMap; GetterSetterMap map; // Build a map, pairing get/set values together. for (PropertyListNode* q = p; q; q = q->m_next) { PropertyNode* node = q->m_node; - if (node->m_type == PropertyNode::Constant) + if (node->m_type & PropertyNode::Computed) { + hasComputedProperty = true; + break; + } + if (node->m_type & PropertyNode::Constant) continue; - GetterSetterPair pair(node, static_cast<PropertyNode*>(0)); + // Duplicates are possible. + GetterSetterPair pair(node, static_cast<PropertyNode*>(nullptr)); GetterSetterMap::AddResult result = map.add(node->name()->impl(), pair); - if (!result.isNewEntry) - result.iterator->value.second = node; + if (!result.isNewEntry) { + if (result.iterator->value.first->m_type == node->m_type) + result.iterator->value.first = node; + else + result.iterator->value.second = node; + } } // Iterate over the remaining properties in the list. @@ -304,20 +533,41 @@ RegisterID* PropertyListNode::emitBytecode(BytecodeGenerator& generator, Registe PropertyNode* node = p->m_node; // Handle regular values. - if (node->m_type == PropertyNode::Constant) { - if (node->name()) { - generator.emitDirectPutById(newObj.get(), *node->name(), generator.emitNode(node->m_assign)); + if (node->m_type & PropertyNode::Constant) { + emitPutConstantProperty(generator, dst, *node); + continue; + } + + RefPtr<RegisterID> value = generator.emitNode(node->m_assign); + bool needsSuperBinding = node->needsSuperBinding(); + if (needsSuperBinding) + emitPutHomeObject(generator, value.get(), dst); + + unsigned attributes = node->isClassProperty() ? (Accessor | DontEnum) : Accessor; + + ASSERT(node->m_type & (PropertyNode::Getter | PropertyNode::Setter)); + + // This is a get/set property which may be overridden by a computed property later. + if (hasComputedProperty) { + // Computed accessors. + if (node->m_type & PropertyNode::Computed) { + RefPtr<RegisterID> propertyName = generator.emitNode(node->m_expression); + generator.emitSetFunctionNameIfNeeded(node->m_assign, value.get(), propertyName.get()); + if (node->m_type & PropertyNode::Getter) + generator.emitPutGetterByVal(dst, propertyName.get(), attributes, value.get()); + else + generator.emitPutSetterByVal(dst, propertyName.get(), attributes, value.get()); continue; } - RefPtr<RegisterID> propertyName = generator.emitNode(p->m_node->m_expression); - generator.emitDirectPutByVal(newObj.get(), propertyName.get(), generator.emitNode(p->m_node->m_assign)); + + if (node->m_type & PropertyNode::Getter) + generator.emitPutGetterById(dst, *node->name(), attributes, value.get()); + else + generator.emitPutSetterById(dst, *node->name(), attributes, value.get()); continue; } - - RegisterID* value = generator.emitNode(node->m_assign); - // This is a get/set property, find its entry in the map. - ASSERT(node->m_type == PropertyNode::Getter || node->m_type == PropertyNode::Setter); + // This is a get/set property pair. GetterSetterMap::iterator it = map.find(node->name()->impl()); ASSERT(it != map.end()); GetterSetterPair& pair = it->value; @@ -325,75 +575,142 @@ RegisterID* PropertyListNode::emitBytecode(BytecodeGenerator& generator, Registe // Was this already generated as a part of its partner? if (pair.second == node) continue; - + // Generate the paired node now. RefPtr<RegisterID> getterReg; RefPtr<RegisterID> setterReg; + RegisterID* secondReg = nullptr; - if (node->m_type == PropertyNode::Getter) { + if (node->m_type & PropertyNode::Getter) { getterReg = value; if (pair.second) { - ASSERT(pair.second->m_type == PropertyNode::Setter); + ASSERT(pair.second->m_type & PropertyNode::Setter); setterReg = generator.emitNode(pair.second->m_assign); + secondReg = setterReg.get(); } else { setterReg = generator.newTemporary(); generator.emitLoad(setterReg.get(), jsUndefined()); } } else { - ASSERT(node->m_type == PropertyNode::Setter); + ASSERT(node->m_type & PropertyNode::Setter); setterReg = value; if (pair.second) { - ASSERT(pair.second->m_type == PropertyNode::Getter); + ASSERT(pair.second->m_type & PropertyNode::Getter); getterReg = generator.emitNode(pair.second->m_assign); + secondReg = getterReg.get(); } else { getterReg = generator.newTemporary(); generator.emitLoad(getterReg.get(), jsUndefined()); } } - generator.emitPutGetterSetter(newObj.get(), *node->name(), getterReg.get(), setterReg.get()); + ASSERT(!pair.second || needsSuperBinding == pair.second->needsSuperBinding()); + if (needsSuperBinding && pair.second) + emitPutHomeObject(generator, secondReg, dst); + + generator.emitPutGetterSetter(dst, *node->name(), attributes, getterReg.get(), setterReg.get()); } } - return generator.moveToDestinationIfNeeded(dst, newObj.get()); + return dst; +} + +void PropertyListNode::emitPutConstantProperty(BytecodeGenerator& generator, RegisterID* newObj, PropertyNode& node) +{ + RefPtr<RegisterID> value = generator.emitNode(node.m_assign); + if (node.needsSuperBinding()) + emitPutHomeObject(generator, value.get(), newObj); + + if (node.isClassProperty()) { + ASSERT(node.needsSuperBinding()); + RefPtr<RegisterID> propertyNameRegister; + if (node.name()) + propertyNameRegister = generator.emitLoad(nullptr, *node.name()); + else + propertyNameRegister = generator.emitNode(node.m_expression); + + generator.emitSetFunctionNameIfNeeded(node.m_assign, value.get(), propertyNameRegister.get()); + generator.emitCallDefineProperty(newObj, propertyNameRegister.get(), value.get(), nullptr, nullptr, BytecodeGenerator::PropertyConfigurable | BytecodeGenerator::PropertyWritable, m_position); + return; + } + if (const auto* identifier = node.name()) { + std::optional<uint32_t> optionalIndex = parseIndex(*identifier); + if (!optionalIndex) { + generator.emitDirectPutById(newObj, *identifier, value.get(), node.putType()); + return; + } + + RefPtr<RegisterID> index = generator.emitLoad(nullptr, jsNumber(optionalIndex.value())); + generator.emitDirectPutByVal(newObj, index.get(), value.get()); + return; + } + RefPtr<RegisterID> propertyName = generator.emitNode(node.m_expression); + generator.emitSetFunctionNameIfNeeded(node.m_assign, value.get(), propertyName.get()); + generator.emitDirectPutByVal(newObj, propertyName.get(), value.get()); } // ------------------------------ BracketAccessorNode -------------------------------- +static bool isNonIndexStringElement(ExpressionNode& element) +{ + return element.isString() && !parseIndex(static_cast<StringNode&>(element).value()); +} + RegisterID* BracketAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (m_base->isResolveNode() - && generator.willResolveToArguments(static_cast<ResolveNode*>(m_base)->identifier()) - && !generator.symbolTable().slowArguments()) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> finalDest = generator.finalDestination(dst); + RefPtr<RegisterID> thisValue = generator.ensureThis(); + RefPtr<RegisterID> superBase = emitSuperBaseForCallee(generator); + + if (isNonIndexStringElement(*m_subscript)) { + const Identifier& id = static_cast<StringNode*>(m_subscript)->value(); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitGetById(finalDest.get(), superBase.get(), thisValue.get(), id); + } else { + RefPtr<RegisterID> subscript = generator.emitNode(m_subscript); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitGetByVal(finalDest.get(), superBase.get(), thisValue.get(), subscript.get()); + } + + generator.emitProfileType(finalDest.get(), divotStart(), divotEnd()); + return finalDest.get(); + } + + RegisterID* ret; + RefPtr<RegisterID> finalDest = generator.finalDestination(dst); + + if (isNonIndexStringElement(*m_subscript)) { + RefPtr<RegisterID> base = generator.emitNode(m_base); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + ret = generator.emitGetById(finalDest.get(), base.get(), static_cast<StringNode*>(m_subscript)->value()); + } else { + RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments, m_subscript->isPure(generator)); RegisterID* property = generator.emitNode(m_subscript); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedRegisterForArguments(), property); + ret = generator.emitGetByVal(finalDest.get(), base.get(), property); } - RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments, m_subscript->isPure(generator)); - RegisterID* property = generator.emitNode(m_subscript); - generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetByVal(generator.finalDestination(dst), base.get(), property); + generator.emitProfileType(finalDest.get(), divotStart(), divotEnd()); + return ret; } // ------------------------------ DotAccessorNode -------------------------------- RegisterID* DotAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (m_ident == generator.propertyNames().length) { - if (!m_base->isResolveNode()) - goto nonArgumentsPath; - ResolveNode* resolveNode = static_cast<ResolveNode*>(m_base); - if (!generator.willResolveToArguments(resolveNode->identifier())) - goto nonArgumentsPath; - generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetArgumentsLength(generator.finalDestination(dst), generator.uncheckedRegisterForArguments()); - } - -nonArgumentsPath: - RegisterID* base = generator.emitNode(m_base); + bool baseIsSuper = m_base->isSuperNode(); + RefPtr<RegisterID> base = baseIsSuper ? emitSuperBaseForCallee(generator) : generator.emitNode(m_base); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetById(generator.finalDestination(dst), base, m_ident); + RegisterID* finalDest = generator.finalDestination(dst); + RegisterID* ret; + if (baseIsSuper) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + ret = generator.emitGetById(finalDest, base.get(), thisValue.get(), m_ident); + } else + ret = generator.emitGetById(finalDest, base.get(), m_ident); + generator.emitProfileType(finalDest, divotStart(), divotEnd()); + return ret; } // ------------------------------ ArgumentListNode ----------------------------- @@ -416,6 +733,7 @@ RegisterID* NewExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* RefPtr<RegisterID> func = generator.emitNode(m_expr); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); CallArguments callArguments(generator, m_args); + generator.emitMove(callArguments.thisRegister(), func.get()); return generator.emitConstruct(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd()); } @@ -423,9 +741,6 @@ CallArguments::CallArguments(BytecodeGenerator& generator, ArgumentsNode* argume : m_argumentsNode(argumentsNode) , m_padding(0) { - if (generator.shouldEmitProfileHooks()) - m_profileHookRegister = generator.newTemporary(); - size_t argumentCountIncludingThis = 1 + additionalArguments; // 'this' register. if (argumentsNode) { for (ArgumentListNode* node = argumentsNode->m_listNode; node; node = node->m_next) @@ -437,6 +752,12 @@ CallArguments::CallArguments(BytecodeGenerator& generator, ArgumentsNode* argume m_argv[i] = generator.newTemporary(); ASSERT(static_cast<size_t>(i) == m_argv.size() - 1 || m_argv[i]->index() == m_argv[i + 1]->index() - 1); } + + // We need to ensure that the frame size is stack-aligned + while ((CallFrame::headerSizeInRegisters + m_argv.size()) % stackAlignmentRegisters()) { + m_argv.insert(0, generator.newTemporary()); + m_padding++; + } while (stackOffset() % stackAlignmentRegisters()) { m_argv.insert(0, generator.newTemporary()); @@ -448,31 +769,81 @@ CallArguments::CallArguments(BytecodeGenerator& generator, ArgumentsNode* argume RegisterID* EvalFunctionCallNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(generator.propertyNames().eval)) { - RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local.get()); + // We need try to load 'this' before call eval in constructor, because 'this' can created by 'super' in some of the arrow function + // var A = class A { + // constructor () { this.id = 'A'; } + // } + // + // var B = class B extend A { + // constructor () { + // var arrow = () => super(); + // arrow(); + // eval("this.id = 'B'"); + // } + // } + if (generator.constructorKind() == ConstructorKind::Extends && generator.needsToUpdateArrowFunctionContext() && generator.isThisUsedInInnerArrowFunction()) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); + + Variable var = generator.variable(generator.propertyNames().eval); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd()); + return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::No); } RefPtr<RegisterID> func = generator.newTemporary(); CallArguments callArguments(generator, m_args); JSTextPosition newDivot = divotStart() + 4; generator.emitExpressionInfo(newDivot, divotStart(), newDivot); - generator.emitResolveScope(callArguments.thisRegister(), generator.propertyNames().eval); - generator.emitGetFromScope(func.get(), callArguments.thisRegister(), generator.propertyNames().eval, ThrowIfNotFound); - return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd()); + generator.moveToDestinationIfNeeded( + callArguments.thisRegister(), + generator.emitResolveScope(callArguments.thisRegister(), var)); + generator.emitGetFromScope(func.get(), callArguments.thisRegister(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, func.get(), nullptr); + return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::No); } // ------------------------------ FunctionCallValueNode ---------------------------------- RegisterID* FunctionCallValueNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { + if (m_expr->isSuperNode()) { + RefPtr<RegisterID> func = emitGetSuperFunctionForConstruct(generator); + RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); + CallArguments callArguments(generator, m_args); + + ASSERT(generator.isConstructor() || generator.derivedContextType() == DerivedContextType::DerivedConstructorContext); + ASSERT(generator.constructorKind() == ConstructorKind::Extends || generator.derivedContextType() == DerivedContextType::DerivedConstructorContext); + generator.emitMove(callArguments.thisRegister(), generator.newTarget()); + RegisterID* ret = generator.emitConstruct(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + + bool isConstructorKindDerived = generator.constructorKind() == ConstructorKind::Extends; + bool doWeUseArrowFunctionInConstructor = isConstructorKindDerived && generator.needsToUpdateArrowFunctionContext(); + + if (generator.isDerivedConstructorContext() || (doWeUseArrowFunctionInConstructor && generator.isSuperCallUsedInInnerArrowFunction())) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); + + Ref<Label> thisIsEmptyLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitIsEmpty(generator.newTemporary(), generator.thisRegister()), thisIsEmptyLabel.get()); + generator.emitThrowReferenceError(ASCIILiteral("'super()' can't be called more than once in a constructor.")); + generator.emitLabel(thisIsEmptyLabel.get()); + + generator.emitMove(generator.thisRegister(), ret); + + if (generator.isDerivedConstructorContext() || doWeUseArrowFunctionInConstructor) + generator.emitPutThisToArrowFunctionContextScope(); + + return ret; + } RefPtr<RegisterID> func = generator.emitNode(m_expr); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - return generator.emitCall(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } // ------------------------------ FunctionCallResolveNode ---------------------------------- @@ -481,14 +852,18 @@ RegisterID* FunctionCallResolveNode::emitBytecode(BytecodeGenerator& generator, { ExpectedFunction expectedFunction = generator.expectedFunctionForIdentifier(m_ident); - if (Local local = generator.local(m_ident)) { - RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local.get()); + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); // This passes NoExpectedFunction because we expect that if the function is in a // local variable, then it's not one of our built-in constructors. - return generator.emitCall(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } RefPtr<RegisterID> func = generator.newTemporary(); @@ -497,23 +872,291 @@ RegisterID* FunctionCallResolveNode::emitBytecode(BytecodeGenerator& generator, JSTextPosition newDivot = divotStart() + m_ident.length(); generator.emitExpressionInfo(newDivot, divotStart(), newDivot); - generator.emitResolveScope(callArguments.thisRegister(), m_ident); - generator.emitGetFromScope(func.get(), callArguments.thisRegister(), m_ident, ThrowIfNotFound); - return generator.emitCall(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd()); + generator.moveToDestinationIfNeeded( + callArguments.thisRegister(), + generator.emitResolveScope(callArguments.thisRegister(), var)); + generator.emitGetFromScope(func.get(), callArguments.thisRegister(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, func.get(), nullptr); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; +} + +// ------------------------------ BytecodeIntrinsicNode ---------------------------------- + +RegisterID* BytecodeIntrinsicNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + return (this->*m_emitter)(generator, dst); } +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_argument(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + ASSERT(node->m_expr->isNumber()); + double value = static_cast<NumberNode*>(node->m_expr)->value(); + int32_t index = static_cast<int32_t>(value); + ASSERT(value == index); + ASSERT(index >= 0); + ASSERT(!node->m_next); + + // The body functions of generator and async have different mechanism for arguments. + ASSERT(generator.parseMode() != SourceParseMode::GeneratorBodyMode); + ASSERT(!isAsyncFunctionBodyParseMode(generator.parseMode())); + + return generator.emitGetArgument(generator.finalDestination(dst), index); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_argumentCount(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(!m_args->m_listNode); + + return generator.emitUnaryNoDstOp(op_argument_count, generator.finalDestination(dst)); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_assert(BytecodeGenerator& generator, RegisterID* dst) +{ +#ifndef NDEBUG + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> condition = generator.emitNode(node); + generator.emitAssert(condition.get(), node->firstLine()); + return dst; +#else + UNUSED_PARAM(generator); + return dst; +#endif +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_putByValDirect(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> base = generator.emitNode(node); + node = node->m_next; + RefPtr<RegisterID> index = generator.emitNode(node); + node = node->m_next; + RefPtr<RegisterID> value = generator.emitNode(node); + + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitDirectPutByVal(base.get(), index.get(), value.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_tailCallForwardArguments(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> function = generator.emitNode(node); + node = node->m_next; + RefPtr<RegisterID> thisRegister = generator.emitNode(node); + ASSERT(!node->m_next); + + RefPtr<RegisterID> finalDst = generator.finalDestination(dst); + return generator.emitCallForwardArgumentsInTailPosition(finalDst.get(), function.get(), thisRegister.get(), generator.newTemporary(), 0, divot(), divotStart(), divotEnd(), DebuggableCall::No); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_throwTypeError(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + ASSERT(!node->m_next); + if (node->m_expr->isString()) { + const Identifier& ident = static_cast<StringNode*>(node->m_expr)->value(); + generator.emitThrowTypeError(ident); + } else { + RefPtr<RegisterID> message = generator.emitNode(node); + generator.emitThrowStaticError(ErrorType::TypeError, message.get()); + } + return dst; +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_throwRangeError(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + ASSERT(!node->m_next); + if (node->m_expr->isString()) { + const Identifier& ident = static_cast<StringNode*>(node->m_expr)->value(); + generator.emitThrowRangeError(ident); + } else { + RefPtr<RegisterID> message = generator.emitNode(node); + generator.emitThrowStaticError(ErrorType::RangeError, message.get()); + } + + return dst; +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_throwOutOfMemoryError(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(!m_args->m_listNode); + + generator.emitThrowOutOfMemoryError(); + return dst; +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_tryGetById(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> base = generator.emitNode(node); + node = node->m_next; + + // Since this is a builtin we expect the creator to use a string literal as the second argument. + ASSERT(node->m_expr->isString()); + const Identifier& ident = static_cast<StringNode*>(node->m_expr)->value(); + ASSERT(!node->m_next); + + RefPtr<RegisterID> finalDest = generator.finalDestination(dst); + return generator.emitTryGetById(finalDest.get(), base.get(), ident); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_toNumber(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitToNumber(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_toString(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitToString(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isJSArray(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsJSArray(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isProxyObject(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsProxyObject(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isRegExpObject(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsRegExpObject(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isObject(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsObject(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isDerivedArray(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsDerivedArray(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isMap(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsMap(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isSet(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsSet(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_newArrayWithSize(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> size = generator.emitNode(node); + ASSERT(!node->m_next); + + RefPtr<RegisterID> finalDestination = generator.finalDestination(dst); + generator.emitNewArrayWithSize(finalDestination.get(), size.get()); + return finalDestination.get(); +} + + +#define JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS(name) \ + RegisterID* BytecodeIntrinsicNode::emit_intrinsic_##name(BytecodeGenerator& generator, RegisterID* dst) \ + { \ + ASSERT(!m_args); \ + ASSERT(type() == Type::Constant); \ + if (dst == generator.ignoredResult()) \ + return nullptr; \ + return generator.emitLoad(dst, generator.vm()->bytecodeIntrinsicRegistry().name##Value(generator)); \ + } + JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_EACH_NAME(JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS) +#undef JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS + // ------------------------------ FunctionCallBracketNode ---------------------------------- RegisterID* FunctionCallBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> base = generator.emitNode(m_base); - RegisterID* property = generator.emitNode(m_subscript); - generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property); + bool baseIsSuper = m_base->isSuperNode(); + bool subscriptIsNonIndexString = isNonIndexStringElement(*m_subscript); + + RefPtr<RegisterID> base; + if (baseIsSuper) + base = emitSuperBaseForCallee(generator); + else { + if (subscriptIsNonIndexString) + base = generator.emitNode(m_base); + else + base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments, m_subscript->isPure(generator)); + } + + RefPtr<RegisterID> function; + RefPtr<RegisterID> thisRegister; + if (baseIsSuper) { + // Note that we only need to do this once because we either have a non-TDZ this or we throw. Once we have a non-TDZ this, we can't change its value back to TDZ. + thisRegister = generator.ensureThis(); + } + if (subscriptIsNonIndexString) { + generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); + if (baseIsSuper) + function = generator.emitGetById(generator.tempDestination(dst), base.get(), thisRegister.get(), static_cast<StringNode*>(m_subscript)->value()); + else + function = generator.emitGetById(generator.tempDestination(dst), base.get(), static_cast<StringNode*>(m_subscript)->value()); + } else { + RefPtr<RegisterID> property = generator.emitNode(m_subscript); + generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); + if (baseIsSuper) + function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), thisRegister.get(), property.get()); + else + function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property.get()); + } + RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); CallArguments callArguments(generator, m_args); - generator.emitMove(callArguments.thisRegister(), base.get()); - return generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + if (baseIsSuper) { + generator.emitTDZCheck(generator.thisRegister()); + generator.emitMove(callArguments.thisRegister(), thisRegister.get()); + } else + generator.emitMove(callArguments.thisRegister(), base.get()); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } // ------------------------------ FunctionCallDotNode ---------------------------------- @@ -523,48 +1166,75 @@ RegisterID* FunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, Regi RefPtr<RegisterID> function = generator.tempDestination(dst); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); CallArguments callArguments(generator, m_args); - generator.emitNode(callArguments.thisRegister(), m_base); + bool baseIsSuper = m_base->isSuperNode(); + if (baseIsSuper) + generator.emitMove(callArguments.thisRegister(), generator.ensureThis()); + else + generator.emitNode(callArguments.thisRegister(), m_base); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - generator.emitGetById(function.get(), callArguments.thisRegister(), m_ident); - return generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + if (baseIsSuper) { + RefPtr<RegisterID> superBase = emitSuperBaseForCallee(generator); + generator.emitGetById(function.get(), superBase.get(), callArguments.thisRegister(), m_ident); + } else + generator.emitGetById(function.get(), callArguments.thisRegister(), m_ident); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } RegisterID* CallFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<Label> realCall = generator.newLabel(); - RefPtr<Label> end = generator.newLabel(); + Ref<Label> realCall = generator.newLabel(); + Ref<Label> end = generator.newLabel(); RefPtr<RegisterID> base = generator.emitNode(m_base); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); - RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); - generator.emitJumpIfNotFunctionCall(function.get(), realCall.get()); + RefPtr<RegisterID> function; + bool emitCallCheck = !generator.isBuiltinFunction(); + if (emitCallCheck) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + function = generator.emitGetById(generator.tempDestination(dst), base.get(), thisValue.get(), generator.propertyNames().builtinNames().callPublicName()); + } else + function = generator.emitGetById(generator.tempDestination(dst), base.get(), generator.propertyNames().builtinNames().callPublicName()); + generator.emitJumpIfNotFunctionCall(function.get(), realCall.get()); + } + RefPtr<RegisterID> returnValue = generator.finalDestination(dst); { - if (m_args->m_listNode && m_args->m_listNode->m_expr) { + if (m_args->m_listNode && m_args->m_listNode->m_expr && m_args->m_listNode->m_expr->isSpreadExpression()) { + SpreadExpressionNode* spread = static_cast<SpreadExpressionNode*>(m_args->m_listNode->m_expr); + ExpressionNode* subject = spread->expression(); + RefPtr<RegisterID> argumentsRegister; + argumentsRegister = generator.emitNode(subject); + generator.emitExpressionInfo(spread->divot(), spread->divotStart(), spread->divotEnd()); + RefPtr<RegisterID> thisRegister = generator.emitGetByVal(generator.newTemporary(), argumentsRegister.get(), generator.emitLoad(0, jsNumber(0))); + generator.emitCallVarargsInTailPosition(returnValue.get(), base.get(), thisRegister.get(), argumentsRegister.get(), generator.newTemporary(), 1, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + } else if (m_args->m_listNode && m_args->m_listNode->m_expr) { ArgumentListNode* oldList = m_args->m_listNode; m_args->m_listNode = m_args->m_listNode->m_next; RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); CallArguments callArguments(generator, m_args); generator.emitNode(callArguments.thisRegister(), oldList->m_expr); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - generator.emitJump(end.get()); - + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); m_args->m_listNode = oldList; } else { RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - generator.emitJump(end.get()); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } } - generator.emitLabel(realCall.get()); - { - CallArguments callArguments(generator, m_args); - generator.emitMove(callArguments.thisRegister(), base.get()); - generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + if (emitCallCheck) { + generator.emitJump(end.get()); + generator.emitLabel(realCall.get()); + { + CallArguments callArguments(generator, m_args); + generator.emitMove(callArguments.thisRegister(), base.get()); + generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + } + generator.emitLabel(end.get()); } - generator.emitLabel(end.get()); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); return returnValue.get(); } @@ -581,69 +1251,96 @@ RegisterID* ApplyFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, // function.apply(thisArg, [arg0, arg1, ...]) -> can be trivially coerced into function.call(thisArg, arg0, arg1, ...) and saves object allocation bool mayBeCall = areTrivialApplyArguments(m_args); - RefPtr<Label> realCall = generator.newLabel(); - RefPtr<Label> end = generator.newLabel(); + Ref<Label> realCall = generator.newLabel(); + Ref<Label> end = generator.newLabel(); RefPtr<RegisterID> base = generator.emitNode(m_base); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); + RefPtr<RegisterID> function; RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); - generator.emitJumpIfNotFunctionApply(function.get(), realCall.get()); - { - if (mayBeCall) { - if (m_args->m_listNode && m_args->m_listNode->m_expr) { - ArgumentListNode* oldList = m_args->m_listNode; - if (m_args->m_listNode->m_next) { - ASSERT(m_args->m_listNode->m_next->m_expr->isSimpleArray()); - ASSERT(!m_args->m_listNode->m_next->m_next); - m_args->m_listNode = static_cast<ArrayNode*>(m_args->m_listNode->m_next->m_expr)->toArgumentList(generator.vm(), 0, 0); - RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); - CallArguments callArguments(generator, m_args); - generator.emitNode(callArguments.thisRegister(), oldList->m_expr); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - } else { - m_args->m_listNode = m_args->m_listNode->m_next; - RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); - CallArguments callArguments(generator, m_args); - generator.emitNode(callArguments.thisRegister(), oldList->m_expr); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - } - m_args->m_listNode = oldList; + bool emitCallCheck = !generator.isBuiltinFunction(); + if (emitCallCheck) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + function = generator.emitGetById(generator.tempDestination(dst), base.get(), thisValue.get(), generator.propertyNames().builtinNames().applyPublicName()); + } else + function = generator.emitGetById(generator.tempDestination(dst), base.get(), generator.propertyNames().builtinNames().applyPublicName()); + generator.emitJumpIfNotFunctionApply(function.get(), realCall.get()); + } + if (mayBeCall) { + if (m_args->m_listNode && m_args->m_listNode->m_expr) { + ArgumentListNode* oldList = m_args->m_listNode; + if (m_args->m_listNode->m_expr->isSpreadExpression()) { + SpreadExpressionNode* spread = static_cast<SpreadExpressionNode*>(m_args->m_listNode->m_expr); + RefPtr<RegisterID> realFunction = generator.emitMove(generator.newTemporary(), base.get()); + RefPtr<RegisterID> index = generator.emitLoad(generator.newTemporary(), jsNumber(0)); + RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsUndefined()); + RefPtr<RegisterID> argumentsRegister = generator.emitLoad(generator.newTemporary(), jsUndefined()); + + auto extractor = [&thisRegister, &argumentsRegister, &index](BytecodeGenerator& generator, RegisterID* value) + { + Ref<Label> haveThis = generator.newLabel(); + Ref<Label> end = generator.newLabel(); + RefPtr<RegisterID> compareResult = generator.newTemporary(); + RefPtr<RegisterID> indexZeroCompareResult = generator.emitBinaryOp(op_eq, compareResult.get(), index.get(), generator.emitLoad(0, jsNumber(0)), OperandTypes(ResultType::numberTypeIsInt32(), ResultType::numberTypeIsInt32())); + generator.emitJumpIfFalse(indexZeroCompareResult.get(), haveThis.get()); + generator.emitMove(thisRegister.get(), value); + generator.emitLoad(index.get(), jsNumber(1)); + generator.emitJump(end.get()); + generator.emitLabel(haveThis.get()); + RefPtr<RegisterID> indexOneCompareResult = generator.emitBinaryOp(op_eq, compareResult.get(), index.get(), generator.emitLoad(0, jsNumber(1)), OperandTypes(ResultType::numberTypeIsInt32(), ResultType::numberTypeIsInt32())); + generator.emitJumpIfFalse(indexOneCompareResult.get(), end.get()); + generator.emitMove(argumentsRegister.get(), value); + generator.emitLoad(index.get(), jsNumber(2)); + generator.emitLabel(end.get()); + }; + generator.emitEnumeration(this, spread->expression(), extractor); + generator.emitCallVarargsInTailPosition(returnValue.get(), realFunction.get(), thisRegister.get(), argumentsRegister.get(), generator.newTemporary(), 0, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + } else if (m_args->m_listNode->m_next) { + ASSERT(m_args->m_listNode->m_next->m_expr->isSimpleArray()); + ASSERT(!m_args->m_listNode->m_next->m_next); + m_args->m_listNode = static_cast<ArrayNode*>(m_args->m_listNode->m_next->m_expr)->toArgumentList(generator.parserArena(), 0, 0); + RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); + CallArguments callArguments(generator, m_args); + generator.emitNode(callArguments.thisRegister(), oldList->m_expr); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } else { + m_args->m_listNode = m_args->m_listNode->m_next; RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); CallArguments callArguments(generator, m_args); - generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + generator.emitNode(callArguments.thisRegister(), oldList->m_expr); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } + m_args->m_listNode = oldList; } else { - ASSERT(m_args->m_listNode && m_args->m_listNode->m_next); - RefPtr<RegisterID> profileHookRegister; - if (generator.shouldEmitProfileHooks()) - profileHookRegister = generator.newTemporary(); RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); - RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr); - RefPtr<RegisterID> argsRegister; - ArgumentListNode* args = m_args->m_listNode->m_next; - if (args->m_expr->isResolveNode() && generator.willResolveToArguments(static_cast<ResolveNode*>(args->m_expr)->identifier())) - argsRegister = generator.uncheckedRegisterForArguments(); - else - argsRegister = generator.emitNode(args->m_expr); - - // Function.prototype.apply ignores extra arguments, but we still - // need to evaluate them for side effects. - while ((args = args->m_next)) - generator.emitNode(args->m_expr); - - generator.emitCallVarargs(returnValue.get(), realFunction.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), profileHookRegister.get(), divot(), divotStart(), divotEnd()); + CallArguments callArguments(generator, m_args); + generator.emitLoad(callArguments.thisRegister(), jsUndefined()); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } - generator.emitJump(end.get()); + } else { + ASSERT(m_args->m_listNode && m_args->m_listNode->m_next); + RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); + RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr); + RefPtr<RegisterID> argsRegister; + ArgumentListNode* args = m_args->m_listNode->m_next; + argsRegister = generator.emitNode(args->m_expr); + + // Function.prototype.apply ignores extra arguments, but we still + // need to evaluate them for side effects. + while ((args = args->m_next)) + generator.emitNode(args->m_expr); + + generator.emitCallVarargsInTailPosition(returnValue.get(), realFunction.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), 0, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } - generator.emitLabel(realCall.get()); - { + if (emitCallCheck) { + generator.emitJump(end.get()); + generator.emitLabel(realCall.get()); CallArguments callArguments(generator, m_args); generator.emitMove(callArguments.thisRegister(), base.get()); - generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitLabel(end.get()); } - generator.emitLabel(end.get()); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); return returnValue.get(); } @@ -672,30 +1369,35 @@ RegisterID* PostfixNode::emitResolve(BytecodeGenerator& generator, RegisterID* d ResolveNode* resolve = static_cast<ResolveNode*>(m_expr); const Identifier& ident = resolve->identifier(); - if (Local local = generator.local(ident)) { - RegisterID* localReg = local.get(); - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - localReg = generator.emitMove(generator.tempDestination(dst), localReg); - } - if (local.isCaptured()) { - RefPtr<RegisterID> tempDst = generator.finalDestination(dst); - ASSERT(dst != localReg); - RefPtr<RegisterID> tempDstSrc = generator.newTemporary(); - generator.emitToNumber(tempDst.get(), localReg); - generator.emitMove(tempDstSrc.get(), localReg); - emitIncOrDec(generator, tempDstSrc.get(), m_operator); - generator.emitMove(localReg, tempDstSrc.get()); - return tempDst.get(); + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> localReg = local; + if (var.isReadOnly()) { + generator.emitReadOnlyExceptionIfNeeded(var); + localReg = generator.emitMove(generator.tempDestination(dst), local); } - return emitPostIncOrDec(generator, generator.finalDestination(dst), localReg, m_operator); + generator.invalidateForInContextForLocal(local); + RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), localReg.get(), m_operator); + generator.emitProfileType(localReg.get(), var, divotStart(), divotEnd()); + return oldValue.get(); } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); + if (var.isReadOnly()) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return value.get(); + } RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), value.get(), m_operator); - generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound); + if (!var.isReadOnly()) { + generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(value.get(), var, divotStart(), divotEnd()); + } + return oldValue.get(); } @@ -713,10 +1415,20 @@ RegisterID* PostfixNode::emitBracket(BytecodeGenerator& generator, RegisterID* d RefPtr<RegisterID> property = generator.emitNode(subscript); generator.emitExpressionInfo(bracketAccessor->divot(), bracketAccessor->divotStart(), bracketAccessor->divotEnd()); - RefPtr<RegisterID> value = generator.emitGetByVal(generator.newTemporary(), base.get(), property.get()); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (baseNode->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetByVal(generator.newTemporary(), base.get(), thisValue.get(), property.get()); + } else + value = generator.emitGetByVal(generator.newTemporary(), base.get(), property.get()); RegisterID* oldValue = emitPostIncOrDec(generator, generator.tempDestination(dst), value.get(), m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutByVal(base.get(), property.get(), value.get()); + if (baseNode->isSuperNode()) + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), value.get()); + else + generator.emitPutByVal(base.get(), property.get(), value.get()); + generator.emitProfileType(value.get(), divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, oldValue); } @@ -728,15 +1440,26 @@ RegisterID* PostfixNode::emitDot(BytecodeGenerator& generator, RegisterID* dst) ASSERT(m_expr->isDotAccessorNode()); DotAccessorNode* dotAccessor = static_cast<DotAccessorNode*>(m_expr); ExpressionNode* baseNode = dotAccessor->base(); + bool baseIsSuper = baseNode->isSuperNode(); const Identifier& ident = dotAccessor->identifier(); RefPtr<RegisterID> base = generator.emitNode(baseNode); generator.emitExpressionInfo(dotAccessor->divot(), dotAccessor->divotStart(), dotAccessor->divotEnd()); - RefPtr<RegisterID> value = generator.emitGetById(generator.newTemporary(), base.get(), ident); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (baseIsSuper) { + thisValue = generator.ensureThis(); + value = generator.emitGetById(generator.newTemporary(), base.get(), thisValue.get(), ident); + } else + value = generator.emitGetById(generator.newTemporary(), base.get(), ident); RegisterID* oldValue = emitPostIncOrDec(generator, generator.tempDestination(dst), value.get(), m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutById(base.get(), ident, value.get()); + if (baseIsSuper) + generator.emitPutById(base.get(), thisValue.get(), ident, value.get()); + else + generator.emitPutById(base.get(), ident, value.get()); + generator.emitProfileType(value.get(), divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, oldValue); } @@ -752,19 +1475,23 @@ RegisterID* PostfixNode::emitBytecode(BytecodeGenerator& generator, RegisterID* return emitDot(generator, dst); return emitThrowReferenceError(generator, m_operator == OpPlusPlus - ? "Postfix ++ operator applied to value that is not a reference." - : "Postfix -- operator applied to value that is not a reference."); + ? ASCIILiteral("Postfix ++ operator applied to value that is not a reference.") + : ASCIILiteral("Postfix -- operator applied to value that is not a reference.")); } // ------------------------------ DeleteResolveNode ----------------------------------- RegisterID* DeleteResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (generator.local(m_ident).get()) + Variable var = generator.variable(m_ident); + if (var.local()) { + generator.emitTDZCheckIfNecessary(var, var.local(), nullptr); return generator.emitLoad(generator.finalDestination(dst), false); + } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> base = generator.emitResolveScope(generator.tempDestination(dst), m_ident); + RefPtr<RegisterID> base = generator.emitResolveScope(dst, var); + generator.emitTDZCheckIfNecessary(var, nullptr, base.get()); return generator.emitDeleteById(generator.finalDestination(dst, base.get()), base.get(), m_ident); } @@ -773,20 +1500,24 @@ RegisterID* DeleteResolveNode::emitBytecode(BytecodeGenerator& generator, Regist RegisterID* DeleteBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> r0 = generator.emitNode(m_base); - RegisterID* r1 = generator.emitNode(m_subscript); + RefPtr<RegisterID> r1 = generator.emitNode(m_subscript); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitDeleteByVal(generator.finalDestination(dst), r0.get(), r1); + if (m_base->isSuperNode()) + return emitThrowReferenceError(generator, "Cannot delete a super property"); + return generator.emitDeleteByVal(generator.finalDestination(dst), r0.get(), r1.get()); } // ------------------------------ DeleteDotNode ----------------------------------- RegisterID* DeleteDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RegisterID* r0 = generator.emitNode(m_base); + RefPtr<RegisterID> r0 = generator.emitNode(m_base); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitDeleteById(generator.finalDestination(dst), r0, m_ident); + if (m_base->isSuperNode()) + return emitThrowReferenceError(generator, "Cannot delete a super property"); + return generator.emitDeleteById(generator.finalDestination(dst), r0.get(), m_ident); } // ------------------------------ DeleteValueNode ----------------------------------- @@ -811,18 +1542,21 @@ RegisterID* VoidNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst return generator.emitLoad(dst, jsUndefined()); } -// ------------------------------ TypeOfValueNode ----------------------------------- +// ------------------------------ TypeOfResolveNode ----------------------------------- RegisterID* TypeOfResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); if (dst == generator.ignoredResult()) return 0; - return generator.emitTypeOf(generator.finalDestination(dst), local.get()); + return generator.emitTypeOf(generator.finalDestination(dst), local); } - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, DoNotThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); if (dst == generator.ignoredResult()) return 0; return generator.emitTypeOf(generator.finalDestination(dst, scope.get()), value.get()); @@ -848,28 +1582,42 @@ RegisterID* PrefixNode::emitResolve(BytecodeGenerator& generator, RegisterID* ds ResolveNode* resolve = static_cast<ResolveNode*>(m_expr); const Identifier& ident = resolve->identifier(); - if (Local local = generator.local(ident)) { - RegisterID* localReg = local.get(); - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - localReg = generator.emitMove(generator.tempDestination(dst), localReg); - } - if (local.isCaptured()) { + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> localReg = local; + if (var.isReadOnly()) { + generator.emitReadOnlyExceptionIfNeeded(var); + localReg = generator.emitMove(generator.tempDestination(dst), localReg.get()); + } else if (generator.vm()->typeProfiler()) { + generator.invalidateForInContextForLocal(local); RefPtr<RegisterID> tempDst = generator.tempDestination(dst); - generator.emitMove(tempDst.get(), localReg); + generator.emitMove(tempDst.get(), localReg.get()); emitIncOrDec(generator, tempDst.get(), m_operator); - generator.emitMove(localReg, tempDst.get()); + generator.emitMove(localReg.get(), tempDst.get()); + generator.emitProfileType(localReg.get(), var, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, tempDst.get()); } - emitIncOrDec(generator, localReg, m_operator); - return generator.moveToDestinationIfNeeded(dst, localReg); + generator.invalidateForInContextForLocal(local); + emitIncOrDec(generator, localReg.get(), m_operator); + return generator.moveToDestinationIfNeeded(dst, localReg.get()); } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); + if (var.isReadOnly()) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return value.get(); + } + emitIncOrDec(generator, value.get(), m_operator); - generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound); + if (!var.isReadOnly()) { + generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(value.get(), var, divotStart(), divotEnd()); + } return generator.moveToDestinationIfNeeded(dst, value.get()); } @@ -885,10 +1633,20 @@ RegisterID* PrefixNode::emitBracket(BytecodeGenerator& generator, RegisterID* ds RefPtr<RegisterID> propDst = generator.tempDestination(dst); generator.emitExpressionInfo(bracketAccessor->divot(), bracketAccessor->divotStart(), bracketAccessor->divotEnd()); - RegisterID* value = generator.emitGetByVal(propDst.get(), base.get(), property.get()); + RegisterID* value; + RefPtr<RegisterID> thisValue; + if (baseNode->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetByVal(propDst.get(), base.get(), thisValue.get(), property.get()); + } else + value = generator.emitGetByVal(propDst.get(), base.get(), property.get()); emitIncOrDec(generator, value, m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutByVal(base.get(), property.get(), value); + if (baseNode->isSuperNode()) + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), value); + else + generator.emitPutByVal(base.get(), property.get(), value); + generator.emitProfileType(value, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, propDst.get()); } @@ -903,10 +1661,20 @@ RegisterID* PrefixNode::emitDot(BytecodeGenerator& generator, RegisterID* dst) RefPtr<RegisterID> propDst = generator.tempDestination(dst); generator.emitExpressionInfo(dotAccessor->divot(), dotAccessor->divotStart(), dotAccessor->divotEnd()); - RegisterID* value = generator.emitGetById(propDst.get(), base.get(), ident); + RegisterID* value; + RefPtr<RegisterID> thisValue; + if (baseNode->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetById(propDst.get(), base.get(), thisValue.get(), ident); + } else + value = generator.emitGetById(propDst.get(), base.get(), ident); emitIncOrDec(generator, value, m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutById(base.get(), ident, value); + if (baseNode->isSuperNode()) + generator.emitPutById(base.get(), thisValue.get(), ident, value); + else + generator.emitPutById(base.get(), ident, value); + generator.emitProfileType(value, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, propDst.get()); } @@ -922,33 +1690,46 @@ RegisterID* PrefixNode::emitBytecode(BytecodeGenerator& generator, RegisterID* d return emitDot(generator, dst); return emitThrowReferenceError(generator, m_operator == OpPlusPlus - ? "Prefix ++ operator applied to value that is not a reference." - : "Prefix -- operator applied to value that is not a reference."); + ? ASCIILiteral("Prefix ++ operator applied to value that is not a reference.") + : ASCIILiteral("Prefix -- operator applied to value that is not a reference.")); } // ------------------------------ Unary Operation Nodes ----------------------------------- RegisterID* UnaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RegisterID* src = generator.emitNode(m_expr); + RefPtr<RegisterID> src = generator.emitNode(m_expr); generator.emitExpressionInfo(position(), position(), position()); - return generator.emitUnaryOp(opcodeID(), generator.finalDestination(dst), src); + return generator.emitUnaryOp(opcodeID(), generator.finalDestination(dst), src.get(), OperandTypes(m_expr->resultDescriptor())); +} + +// ------------------------------ UnaryPlusNode ----------------------------------- + +RegisterID* UnaryPlusNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(opcodeID() == op_to_number); + RefPtr<RegisterID> src = generator.emitNode(expr()); + generator.emitExpressionInfo(position(), position(), position()); + return generator.emitToNumber(generator.finalDestination(dst), src.get()); } // ------------------------------ BitwiseNotNode ----------------------------------- RegisterID* BitwiseNotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> src2 = generator.emitLoad(generator.newTemporary(), jsNumber(-1)); - RegisterID* src1 = generator.emitNode(m_expr); - return generator.emitBinaryOp(op_bitxor, generator.finalDestination(dst, src1), src1, src2.get(), OperandTypes(m_expr->resultDescriptor(), ResultType::numberTypeIsInt32())); + RefPtr<RegisterID> src2 = generator.emitLoad(nullptr, jsNumber(-1)); + RefPtr<RegisterID> src1 = generator.emitNode(m_expr); + return generator.emitBinaryOp(op_bitxor, generator.finalDestination(dst, src1.get()), src1.get(), src2.get(), OperandTypes(m_expr->resultDescriptor(), ResultType::numberTypeIsInt32())); } // ------------------------------ LogicalNotNode ----------------------------------- -void LogicalNotNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void LogicalNotNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { - // reverse the true and false targets + if (UNLIKELY(needsDebugHook())) + generator.emitDebugHook(this); + + // Reverse the true and false targets. generator.emitNodeInConditionContext(expr(), falseTarget, trueTarget, invert(fallThroughMode)); } @@ -1072,12 +1853,17 @@ RegisterID* BinaryOpNode::emitStrcat(BytecodeGenerator& generator, RegisterID* d return generator.emitStrcat(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get(), temporaryRegisters.size()); } -void BinaryOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void BinaryOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { TriState branchCondition; ExpressionNode* branchExpression; tryFoldToBranch(generator, branchCondition, branchExpression); + if (UNLIKELY(needsDebugHook())) { + if (branchCondition != MixedTriState) + generator.emitDebugHook(this); + } + if (branchCondition == MixedTriState) ExpressionNode::emitBytecodeInConditionContext(generator, trueTarget, falseTarget, fallThroughMode); else if (branchCondition == TrueTriState) @@ -1155,20 +1941,20 @@ RegisterID* BinaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* } RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(left, m_rightHasAssignments, right->isPure(generator)); - bool wasTypeof = generator.m_lastOpcodeID == op_typeof; - RegisterID* src2 = generator.emitNode(right); + bool wasTypeof = generator.lastOpcodeID() == op_typeof; + RefPtr<RegisterID> src2 = generator.emitNode(right); generator.emitExpressionInfo(position(), position(), position()); if (wasTypeof && (opcodeID == op_neq || opcodeID == op_nstricteq)) { RefPtr<RegisterID> tmp = generator.tempDestination(dst); if (opcodeID == op_neq) - generator.emitEqualityOp(op_eq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2); + generator.emitEqualityOp(op_eq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2.get()); else if (opcodeID == op_nstricteq) - generator.emitEqualityOp(op_stricteq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2); + generator.emitEqualityOp(op_stricteq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2.get()); else RELEASE_ASSERT_NOT_REACHED(); return generator.emitUnaryOp(op_not, generator.finalDestination(dst, tmp.get()), tmp.get()); } - RegisterID* result = generator.emitBinaryOp(opcodeID, generator.finalDestination(dst, src1.get()), src1.get(), src2, OperandTypes(left->resultDescriptor(), right->resultDescriptor())); + RegisterID* result = generator.emitBinaryOp(opcodeID, generator.finalDestination(dst, src1.get()), src1.get(), src2.get(), OperandTypes(left->resultDescriptor(), right->resultDescriptor())); if (opcodeID == op_urshift && dst != generator.ignoredResult()) return generator.emitUnaryOp(op_unsigned, result, result); return result; @@ -1188,8 +1974,8 @@ RegisterID* EqualNode::emitBytecode(BytecodeGenerator& generator, RegisterID* ds std::swap(left, right); RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(left, m_rightHasAssignments, m_expr2->isPure(generator)); - RegisterID* src2 = generator.emitNode(right); - return generator.emitEqualityOp(op_eq, generator.finalDestination(dst, src1.get()), src1.get(), src2); + RefPtr<RegisterID> src2 = generator.emitNode(right); + return generator.emitEqualityOp(op_eq, generator.finalDestination(dst, src1.get()), src1.get(), src2.get()); } RegisterID* StrictEqualNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) @@ -1200,59 +1986,100 @@ RegisterID* StrictEqualNode::emitBytecode(BytecodeGenerator& generator, Register std::swap(left, right); RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(left, m_rightHasAssignments, m_expr2->isPure(generator)); - RegisterID* src2 = generator.emitNode(right); - return generator.emitEqualityOp(op_stricteq, generator.finalDestination(dst, src1.get()), src1.get(), src2); + RefPtr<RegisterID> src2 = generator.emitNode(right); + return generator.emitEqualityOp(op_stricteq, generator.finalDestination(dst, src1.get()), src1.get(), src2.get()); } RegisterID* ThrowableBinaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); - RegisterID* src2 = generator.emitNode(m_expr2); + RefPtr<RegisterID> src2 = generator.emitNode(m_expr2); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitBinaryOp(opcodeID(), generator.finalDestination(dst, src1.get()), src1.get(), src2, OperandTypes(m_expr1->resultDescriptor(), m_expr2->resultDescriptor())); + return generator.emitBinaryOp(opcodeID(), generator.finalDestination(dst, src1.get()), src1.get(), src2.get(), OperandTypes(m_expr1->resultDescriptor(), m_expr2->resultDescriptor())); } RegisterID* InstanceOfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); - RefPtr<RegisterID> src2 = generator.emitNode(m_expr2); + RefPtr<RegisterID> hasInstanceValue = generator.newTemporary(); + RefPtr<RegisterID> isObject = generator.newTemporary(); + RefPtr<RegisterID> isCustom = generator.newTemporary(); RefPtr<RegisterID> prototype = generator.newTemporary(); - RefPtr<RegisterID> dstReg = generator.finalDestination(dst, src1.get()); - RefPtr<Label> target = generator.newLabel(); + RefPtr<RegisterID> value = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); + RefPtr<RegisterID> constructor = generator.emitNode(m_expr2); + RefPtr<RegisterID> dstReg = generator.finalDestination(dst, value.get()); + Ref<Label> custom = generator.newLabel(); + Ref<Label> done = generator.newLabel(); + Ref<Label> typeError = generator.newLabel(); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitCheckHasInstance(dstReg.get(), src1.get(), src2.get(), target.get()); + generator.emitIsObject(isObject.get(), constructor.get()); + generator.emitJumpIfFalse(isObject.get(), typeError.get()); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitGetById(prototype.get(), src2.get(), generator.vm()->propertyNames->prototype); + generator.emitGetById(hasInstanceValue.get(), constructor.get(), generator.vm()->propertyNames->hasInstanceSymbol); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* result = generator.emitInstanceOf(dstReg.get(), src1.get(), prototype.get()); - generator.emitLabel(target.get()); - return result; + generator.emitOverridesHasInstance(isCustom.get(), constructor.get(), hasInstanceValue.get()); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitJumpIfTrue(isCustom.get(), custom.get()); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitGetById(prototype.get(), constructor.get(), generator.vm()->propertyNames->prototype); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitInstanceOf(dstReg.get(), value.get(), prototype.get()); + + generator.emitJump(done.get()); + + generator.emitLabel(typeError.get()); + generator.emitThrowTypeError("Right hand side of instanceof is not an object"); + + generator.emitLabel(custom.get()); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitInstanceOfCustom(dstReg.get(), value.get(), constructor.get(), hasInstanceValue.get()); + + generator.emitLabel(done.get()); + + return dstReg.get(); +} + +// ------------------------------ InNode ---------------------------- + +RegisterID* InNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RefPtr<RegisterID> key = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); + RefPtr<RegisterID> base = generator.emitNode(m_expr2); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + return generator.emitIn(generator.finalDestination(dst, key.get()), key.get(), base.get()); } + // ------------------------------ LogicalOpNode ---------------------------- RegisterID* LogicalOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> temp = generator.tempDestination(dst); - RefPtr<Label> target = generator.newLabel(); + Ref<Label> target = generator.newLabel(); generator.emitNode(temp.get(), m_expr1); if (m_operator == OpLogicalAnd) generator.emitJumpIfFalse(temp.get(), target.get()); else generator.emitJumpIfTrue(temp.get(), target.get()); - generator.emitNode(temp.get(), m_expr2); + generator.emitNodeInTailPosition(temp.get(), m_expr2); generator.emitLabel(target.get()); return generator.moveToDestinationIfNeeded(dst, temp.get()); } -void LogicalOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void LogicalOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { - RefPtr<Label> afterExpr1 = generator.newLabel(); + if (UNLIKELY(needsDebugHook())) + generator.emitDebugHook(this); + + Ref<Label> afterExpr1 = generator.newLabel(); if (m_operator == OpLogicalAnd) generator.emitNodeInConditionContext(m_expr1, afterExpr1.get(), falseTarget, FallThroughMeansTrue); else @@ -1267,21 +2094,25 @@ void LogicalOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, RegisterID* ConditionalNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> newDst = generator.finalDestination(dst); - RefPtr<Label> beforeElse = generator.newLabel(); - RefPtr<Label> afterElse = generator.newLabel(); + Ref<Label> beforeElse = generator.newLabel(); + Ref<Label> afterElse = generator.newLabel(); - RefPtr<Label> beforeThen = generator.newLabel(); + Ref<Label> beforeThen = generator.newLabel(); generator.emitNodeInConditionContext(m_logical, beforeThen.get(), beforeElse.get(), FallThroughMeansTrue); generator.emitLabel(beforeThen.get()); - generator.emitNode(newDst.get(), m_expr1); + generator.emitProfileControlFlow(m_expr1->startOffset()); + generator.emitNodeInTailPosition(newDst.get(), m_expr1); generator.emitJump(afterElse.get()); generator.emitLabel(beforeElse.get()); - generator.emitNode(newDst.get(), m_expr2); + generator.emitProfileControlFlow(m_expr1->endOffset() + 1); + generator.emitNodeInTailPosition(newDst.get(), m_expr2); generator.emitLabel(afterElse.get()); + generator.emitProfileControlFlow(m_expr2->endOffset() + 1); + return newDst.get(); } @@ -1327,6 +2158,9 @@ static ALWAYS_INLINE RegisterID* emitReadModifyAssignment(BytecodeGenerator& gen case OpModEq: opcodeID = op_mod; break; + case OpPowEq: + opcodeID = op_pow; + break; default: RELEASE_ASSERT_NOT_REACHED(); return dst; @@ -1346,60 +2180,124 @@ static ALWAYS_INLINE RegisterID* emitReadModifyAssignment(BytecodeGenerator& gen RegisterID* ReadModifyResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - return emitReadModifyAssignment(generator, generator.finalDestination(dst), local.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + JSTextPosition newDivot = divotStart() + m_ident.length(); + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + if (var.isReadOnly()) { + generator.emitReadOnlyExceptionIfNeeded(var); + RegisterID* result = emitReadModifyAssignment(generator, generator.finalDestination(dst), local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + generator.emitProfileType(result, divotStart(), divotEnd()); + return result; } - if (local.isCaptured() - || generator.leftHandSideNeedsCopy(m_rightHasAssignments, m_right->isPure(generator))) { + if (generator.leftHandSideNeedsCopy(m_rightHasAssignments, m_right->isPure(generator))) { RefPtr<RegisterID> result = generator.newTemporary(); - generator.emitMove(result.get(), local.get()); + generator.emitMove(result.get(), local); emitReadModifyAssignment(generator, result.get(), result.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); - generator.emitMove(local.get(), result.get()); + generator.emitMove(local, result.get()); + generator.invalidateForInContextForLocal(local); + generator.emitProfileType(local, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, result.get()); } - RegisterID* result = emitReadModifyAssignment(generator, local.get(), local.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + RegisterID* result = emitReadModifyAssignment(generator, local, local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + generator.invalidateForInContextForLocal(local); + generator.emitProfileType(result, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, result); } - JSTextPosition newDivot = divotStart() + m_ident.length(); generator.emitExpressionInfo(newDivot, divotStart(), newDivot); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); + if (var.isReadOnly()) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return value.get(); + } RefPtr<RegisterID> result = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()), this); - return generator.emitPutToScope(scope.get(), m_ident, result.get(), ThrowIfNotFound); + RegisterID* returnResult = result.get(); + if (!var.isReadOnly()) { + returnResult = generator.emitPutToScope(scope.get(), var, result.get(), ThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(result.get(), var, divotStart(), divotEnd()); + } + return returnResult; +} + +static InitializationMode initializationModeForAssignmentContext(AssignmentContext assignmentContext) +{ + switch (assignmentContext) { + case AssignmentContext::DeclarationStatement: + return InitializationMode::Initialization; + case AssignmentContext::ConstDeclarationStatement: + return InitializationMode::ConstInitialization; + case AssignmentContext::AssignmentExpression: + return InitializationMode::NotInitialization; + } + + ASSERT_NOT_REACHED(); + return InitializationMode::NotInitialization; } // ------------------------------ AssignResolveNode ----------------------------------- RegisterID* AssignResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - return generator.emitNode(dst, m_right); - } - if (local.isCaptured()) { + Variable var = generator.variable(m_ident); + bool isReadOnly = var.isReadOnly() && m_assignmentContext != AssignmentContext::ConstDeclarationStatement; + if (RegisterID* local = var.local()) { + RegisterID* result = nullptr; + if (m_assignmentContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, local, nullptr); + + if (isReadOnly) { + result = generator.emitNode(dst, m_right); // Execute side effects first. + generator.emitReadOnlyExceptionIfNeeded(var); + generator.emitProfileType(result, var, divotStart(), divotEnd()); + } else if (var.isSpecial()) { RefPtr<RegisterID> tempDst = generator.tempDestination(dst); generator.emitNode(tempDst.get(), m_right); - generator.emitMove(local.get(), tempDst.get()); - return generator.moveToDestinationIfNeeded(dst, tempDst.get()); + generator.emitMove(local, tempDst.get()); + generator.emitProfileType(local, var, divotStart(), divotEnd()); + generator.invalidateForInContextForLocal(local); + result = generator.moveToDestinationIfNeeded(dst, tempDst.get()); + } else { + RegisterID* right = generator.emitNode(local, m_right); + generator.emitProfileType(right, var, divotStart(), divotEnd()); + generator.invalidateForInContextForLocal(local); + result = generator.moveToDestinationIfNeeded(dst, right); } - RegisterID* result = generator.emitNode(local.get(), m_right); - return generator.moveToDestinationIfNeeded(dst, result); + + if (m_assignmentContext == AssignmentContext::DeclarationStatement || m_assignmentContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); + return result; } if (generator.isStrictMode()) generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + if (m_assignmentContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, nullptr, scope.get()); if (dst == generator.ignoredResult()) dst = 0; RefPtr<RegisterID> result = generator.emitNode(dst, m_right); + if (isReadOnly) { + RegisterID* result = generator.emitNode(dst, m_right); // Execute side effects first. + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return result; + } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitPutToScope(scope.get(), m_ident, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); + RegisterID* returnResult = result.get(); + if (!isReadOnly) { + returnResult = generator.emitPutToScope(scope.get(), var, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_assignmentContext)); + generator.emitProfileType(result.get(), var, divotStart(), divotEnd()); + } + + if (m_assignmentContext == AssignmentContext::DeclarationStatement || m_assignmentContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); + return returnResult; } // ------------------------------ AssignDotNode ----------------------------------- @@ -1408,11 +2306,16 @@ RegisterID* AssignDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID { RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator)); RefPtr<RegisterID> value = generator.destinationForAssignResult(dst); - RegisterID* result = generator.emitNode(value.get(), m_right); + RefPtr<RegisterID> result = generator.emitNode(value.get(), m_right); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* forwardResult = (dst == generator.ignoredResult()) ? result : generator.moveToDestinationIfNeeded(generator.tempDestination(result), result); - generator.emitPutById(base.get(), m_ident, forwardResult); - return generator.moveToDestinationIfNeeded(dst, forwardResult); + RefPtr<RegisterID> forwardResult = (dst == generator.ignoredResult()) ? result.get() : generator.moveToDestinationIfNeeded(generator.tempDestination(result.get()), result.get()); + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), m_ident, forwardResult.get()); + } else + generator.emitPutById(base.get(), m_ident, forwardResult.get()); + generator.emitProfileType(forwardResult.get(), divotStart(), divotEnd()); + return generator.moveToDestinationIfNeeded(dst, forwardResult.get()); } // ------------------------------ ReadModifyDotNode ----------------------------------- @@ -1422,18 +2325,30 @@ RegisterID* ReadModifyDotNode::emitBytecode(BytecodeGenerator& generator, Regist RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator)); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> value = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); - RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (m_base->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetById(generator.tempDestination(dst), base.get(), thisValue.get(), m_ident); + } else + value = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); + RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, static_cast<JSC::Operator>(m_operator), OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitPutById(base.get(), m_ident, updatedValue); + RegisterID* ret; + if (m_base->isSuperNode()) + ret = generator.emitPutById(base.get(), thisValue.get(), m_ident, updatedValue); + else + ret = generator.emitPutById(base.get(), m_ident, updatedValue); + generator.emitProfileType(updatedValue, divotStart(), divotEnd()); + return ret; } // ------------------------------ AssignErrorNode ----------------------------------- RegisterID* AssignErrorNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - return emitThrowReferenceError(generator, "Left side of assignment is not a reference."); + return emitThrowReferenceError(generator, ASCIILiteral("Left side of assignment is not a reference.")); } // ------------------------------ AssignBracketNode ----------------------------------- @@ -1443,11 +2358,26 @@ RegisterID* AssignBracketNode::emitBytecode(BytecodeGenerator& generator, Regist RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments || m_rightHasAssignments, m_subscript->isPure(generator) && m_right->isPure(generator)); RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(m_subscript, m_rightHasAssignments, m_right->isPure(generator)); RefPtr<RegisterID> value = generator.destinationForAssignResult(dst); - RegisterID* result = generator.emitNode(value.get(), m_right); + RefPtr<RegisterID> result = generator.emitNode(value.get(), m_right); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* forwardResult = (dst == generator.ignoredResult()) ? result : generator.moveToDestinationIfNeeded(generator.tempDestination(result), result); - generator.emitPutByVal(base.get(), property.get(), forwardResult); + RegisterID* forwardResult = (dst == generator.ignoredResult()) ? result.get() : generator.moveToDestinationIfNeeded(generator.tempDestination(result.get()), result.get()); + + if (isNonIndexStringElement(*m_subscript)) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), static_cast<StringNode*>(m_subscript)->value(), forwardResult); + } else + generator.emitPutById(base.get(), static_cast<StringNode*>(m_subscript)->value(), forwardResult); + } else { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), forwardResult); + } else + generator.emitPutByVal(base.get(), property.get(), forwardResult); + } + + generator.emitProfileType(forwardResult, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, forwardResult); } @@ -1459,11 +2389,21 @@ RegisterID* ReadModifyBracketNode::emitBytecode(BytecodeGenerator& generator, Re RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(m_subscript, m_rightHasAssignments, m_right->isPure(generator)); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> value = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property.get()); - RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (m_base->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetByVal(generator.tempDestination(dst), base.get(), thisValue.get(), property.get()); + } else + value = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property.get()); + RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, static_cast<JSC::Operator>(m_operator), OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutByVal(base.get(), property.get(), updatedValue); + if (m_base->isSuperNode()) + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), updatedValue); + else + generator.emitPutByVal(base.get(), property.get(), updatedValue); + generator.emitProfileType(updatedValue, divotStart(), divotEnd()); return updatedValue; } @@ -1472,58 +2412,10 @@ RegisterID* ReadModifyBracketNode::emitBytecode(BytecodeGenerator& generator, Re RegisterID* CommaNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - ASSERT(m_expressions.size() > 1); - for (size_t i = 0; i < m_expressions.size() - 1; i++) - generator.emitNode(generator.ignoredResult(), m_expressions[i]); - return generator.emitNode(dst, m_expressions.last()); -} - -// ------------------------------ ConstDeclNode ------------------------------------ - -RegisterID* ConstDeclNode::emitCodeSingle(BytecodeGenerator& generator) -{ - // FIXME: This code does not match the behavior of const in Firefox. - if (Local local = generator.constLocal(m_ident)) { - if (!m_init) - return local.get(); - - if (local.isCaptured()) { - RefPtr<RegisterID> tempDst = generator.newTemporary(); - generator.emitNode(tempDst.get(), m_init); - return generator.emitMove(local.get(), tempDst.get()); - } - - return generator.emitNode(local.get(), m_init); - } - - RefPtr<RegisterID> value = m_init ? generator.emitNode(m_init) : generator.emitLoad(0, jsUndefined()); - - if (generator.codeType() == GlobalCode) - return generator.emitInitGlobalConst(m_ident, value.get()); - - if (generator.codeType() != EvalCode) - return value.get(); - - // FIXME: This will result in incorrect assignment if m_ident exists in an intervening with scope. - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident); - return generator.emitPutToScope(scope.get(), m_ident, value.get(), DoNotThrowIfNotFound); -} - -RegisterID* ConstDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) -{ - RegisterID* result = 0; - for (ConstDeclNode* n = this; n; n = n->m_next) - result = n->emitCodeSingle(generator); - - return result; -} - -// ------------------------------ ConstStatementNode ----------------------------- - -void ConstStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) -{ - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - generator.emitNode(m_next); + CommaNode* node = this; + for (; node && node->next(); node = node->next()) + generator.emitNode(generator.ignoredResult(), node->m_expr); + return generator.emitNodeInTailPosition(dst, node->m_expr); } // ------------------------------ SourceElements ------------------------------- @@ -1531,15 +2423,13 @@ void ConstStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) inline StatementNode* SourceElements::lastStatement() const { - size_t size = m_statements.size(); - return size ? m_statements[size - 1] : 0; + return m_tail; } inline void SourceElements::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - size_t size = m_statements.size(); - for (size_t i = 0; i < size; ++i) - generator.emitNode(dst, m_statements[i]); + for (StatementNode* statement = m_head; statement; statement = statement->next()) + generator.emitNodeInTailPosition(dst, statement); } // ------------------------------ BlockNode ------------------------------------ @@ -1549,7 +2439,7 @@ inline StatementNode* BlockNode::lastStatement() const return m_statements ? m_statements->lastStatement() : 0; } -inline StatementNode* BlockNode::singleStatement() const +StatementNode* BlockNode::singleStatement() const { return m_statements ? m_statements->singleStatement() : 0; } @@ -1558,21 +2448,23 @@ void BlockNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { if (!m_statements) return; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested); m_statements->emitBytecode(generator, dst); + generator.popLexicalScope(this); } // ------------------------------ EmptyStatementNode --------------------------- -void EmptyStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +void EmptyStatementNode::emitBytecode(BytecodeGenerator&, RegisterID*) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + RELEASE_ASSERT(needsDebugHook()); } // ------------------------------ DebuggerStatementNode --------------------------- void DebuggerStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - generator.emitDebugHook(DidReachBreakpoint, lastLine(), startOffset(), lineStartOffset()); + generator.emitDebugHook(DidReachBreakpoint, position()); } // ------------------------------ ExprStatementNode ---------------------------- @@ -1580,19 +2472,60 @@ void DebuggerStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterI void ExprStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { ASSERT(m_expr); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); generator.emitNode(dst, m_expr); } -// ------------------------------ VarStatementNode ---------------------------- +// ------------------------------ DeclarationStatement ---------------------------- -void VarStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +void DeclarationStatement::emitBytecode(BytecodeGenerator& generator, RegisterID*) { ASSERT(m_expr); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); generator.emitNode(m_expr); } +// ------------------------------ EmptyVarExpression ---------------------------- + +RegisterID* EmptyVarExpression::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + // It's safe to return null here because this node will always be a child node of DeclarationStatement which ignores our return value. + if (!generator.vm()->typeProfiler()) + return nullptr; + + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) + generator.emitProfileType(local, var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + else { + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, DoNotThrowIfNotFound); + generator.emitProfileType(value.get(), var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + } + + return nullptr; +} + +// ------------------------------ EmptyLetExpression ---------------------------- + +RegisterID* EmptyLetExpression::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + // Lexical declarations like 'let' must move undefined into their variables so we don't + // get TDZ errors for situations like this: `let x; x;` + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitLoad(local, jsUndefined()); + generator.emitProfileType(local, var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + } else { + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitLoad(nullptr, jsUndefined()); + generator.emitPutToScope(scope.get(), var, value.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::Initialization); + generator.emitProfileType(value.get(), var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + } + + generator.liftTDZCheckIfPossible(var); + + // It's safe to return null here because this node will always be a child node of DeclarationStatement which ignores our return value. + return nullptr; +} + // ------------------------------ IfElseNode --------------------------------------- static inline StatementNode* singleStatement(StatementNode* statementNode) @@ -1634,32 +2567,35 @@ bool IfElseNode::tryFoldBreakAndContinue(BytecodeGenerator& generator, Statement void IfElseNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - - RefPtr<Label> beforeThen = generator.newLabel(); - RefPtr<Label> beforeElse = generator.newLabel(); - RefPtr<Label> afterElse = generator.newLabel(); + Ref<Label> beforeThen = generator.newLabel(); + Ref<Label> beforeElse = generator.newLabel(); + Ref<Label> afterElse = generator.newLabel(); - Label* trueTarget = beforeThen.get(); - Label* falseTarget = beforeElse.get(); + Label* trueTarget = beforeThen.ptr(); + Label& falseTarget = beforeElse.get(); FallThroughMode fallThroughMode = FallThroughMeansTrue; bool didFoldIfBlock = tryFoldBreakAndContinue(generator, m_ifBlock, trueTarget, fallThroughMode); - generator.emitNodeInConditionContext(m_condition, trueTarget, falseTarget, fallThroughMode); + generator.emitNodeInConditionContext(m_condition, *trueTarget, falseTarget, fallThroughMode); generator.emitLabel(beforeThen.get()); + generator.emitProfileControlFlow(m_ifBlock->startOffset()); if (!didFoldIfBlock) { - generator.emitNode(dst, m_ifBlock); + generator.emitNodeInTailPosition(dst, m_ifBlock); if (m_elseBlock) generator.emitJump(afterElse.get()); } generator.emitLabel(beforeElse.get()); - if (m_elseBlock) - generator.emitNode(dst, m_elseBlock); + if (m_elseBlock) { + generator.emitProfileControlFlow(m_ifBlock->endOffset() + (m_ifBlock->isBlock() ? 1 : 0)); + generator.emitNodeInTailPosition(dst, m_elseBlock); + } generator.emitLabel(afterElse.get()); + StatementNode* endingBlock = m_elseBlock ? m_elseBlock : m_ifBlock; + generator.emitProfileControlFlow(endingBlock->endOffset() + (endingBlock->isBlock() ? 1 : 0)); } // ------------------------------ DoWhileNode ---------------------------------- @@ -1668,15 +2604,13 @@ void DoWhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - RefPtr<Label> topOfLoop = generator.newLabel(); + Ref<Label> topOfLoop = generator.newLabel(); generator.emitLabel(topOfLoop.get()); generator.emitLoopHint(); - generator.emitDebugHook(WillExecuteStatement, lastLine(), startOffset(), lineStartOffset()); - generator.emitNode(dst, m_statement); + generator.emitNodeInTailPosition(dst, m_statement); - generator.emitLabel(scope->continueTarget()); - generator.emitDebugHook(WillExecuteStatement, lastLine(), startOffset(), lineStartOffset()); + generator.emitLabel(*scope->continueTarget()); generator.emitNodeInConditionContext(m_expr, topOfLoop.get(), scope->breakTarget(), FallThroughMeansFalse); generator.emitLabel(scope->breakTarget()); @@ -1687,22 +2621,23 @@ void DoWhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) void WhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - RefPtr<Label> topOfLoop = generator.newLabel(); + Ref<Label> topOfLoop = generator.newLabel(); - generator.emitDebugHook(WillExecuteStatement, m_expr->lineNo(), m_expr->startOffset(), m_expr->lineStartOffset()); generator.emitNodeInConditionContext(m_expr, topOfLoop.get(), scope->breakTarget(), FallThroughMeansTrue); generator.emitLabel(topOfLoop.get()); generator.emitLoopHint(); - generator.emitNode(dst, m_statement); + generator.emitProfileControlFlow(m_statement->startOffset()); + generator.emitNodeInTailPosition(dst, m_statement); - generator.emitLabel(scope->continueTarget()); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + generator.emitLabel(*scope->continueTarget()); generator.emitNodeInConditionContext(m_expr, topOfLoop.get(), scope->breakTarget(), FallThroughMeansFalse); generator.emitLabel(scope->breakTarget()); + + generator.emitProfileControlFlow(m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0)); } // ------------------------------ ForNode -------------------------------------- @@ -1711,22 +2646,24 @@ void ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + RegisterID* forLoopSymbolTable = nullptr; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested, &forLoopSymbolTable); if (m_expr1) generator.emitNode(generator.ignoredResult(), m_expr1); - - RefPtr<Label> topOfLoop = generator.newLabel(); + + Ref<Label> topOfLoop = generator.newLabel(); if (m_expr2) generator.emitNodeInConditionContext(m_expr2, topOfLoop.get(), scope->breakTarget(), FallThroughMeansTrue); generator.emitLabel(topOfLoop.get()); generator.emitLoopHint(); + generator.emitProfileControlFlow(m_statement->startOffset()); - generator.emitNode(dst, m_statement); + generator.emitNodeInTailPosition(dst, m_statement); - generator.emitLabel(scope->continueTarget()); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); if (m_expr3) generator.emitNode(generator.ignoredResult(), m_expr3); @@ -1736,153 +2673,336 @@ void ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) generator.emitJump(topOfLoop.get()); generator.emitLabel(scope->breakTarget()); + generator.popLexicalScope(this); + generator.emitProfileControlFlow(m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0)); } // ------------------------------ ForInNode ------------------------------------ -void ForInNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +RegisterID* ForInNode::tryGetBoundLocal(BytecodeGenerator& generator) { - LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - - if (!m_lexpr->isLocation()) { - emitThrowReferenceError(generator, "Left side of for-in statement is not a reference."); - return; + if (m_lexpr->isResolveNode()) { + const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); + return generator.variable(ident).local(); } - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + if (m_lexpr->isDestructuringNode()) { + DestructuringAssignmentNode* assignNode = static_cast<DestructuringAssignmentNode*>(m_lexpr); + auto binding = assignNode->bindings(); + if (!binding->isBindingNode()) + return nullptr; + + auto simpleBinding = static_cast<BindingNode*>(binding); + const Identifier& ident = simpleBinding->boundProperty(); + Variable var = generator.variable(ident); + if (var.isSpecial()) + return nullptr; + return var.local(); + } - RefPtr<RegisterID> base = generator.newTemporary(); - generator.emitNode(base.get(), m_expr); - RefPtr<RegisterID> i = generator.newTemporary(); - RefPtr<RegisterID> size = generator.newTemporary(); - RefPtr<RegisterID> expectedSubscript; - RefPtr<RegisterID> iter = generator.emitGetPropertyNames(generator.newTemporary(), base.get(), i.get(), size.get(), scope->breakTarget()); - generator.emitJump(scope->continueTarget()); - - RefPtr<Label> loopStart = generator.newLabel(); - generator.emitLabel(loopStart.get()); - generator.emitLoopHint(); + return nullptr; +} - RegisterID* propertyName; - bool optimizedForinAccess = false; - if (m_lexpr->isResolveNode()) { - const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); - Local local = generator.local(ident); - if (!local.get()) { - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect = propertyName; +void ForInNode::emitLoopHeader(BytecodeGenerator& generator, RegisterID* propertyName) +{ + auto lambdaEmitResolveVariable = [&](const Identifier& ident) + { + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + generator.emitMove(local, propertyName); + } else { if (generator.isStrictMode()) generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident); + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutToScope(scope, ident, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); - } else { - expectedSubscript = generator.newTemporary(); - propertyName = expectedSubscript.get(); - generator.emitMove(local.get(), propertyName); - generator.pushOptimisedForIn(expectedSubscript.get(), iter.get(), i.get(), local.get()); - optimizedForinAccess = true; + generator.emitPutToScope(scope.get(), var, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization); } - } else if (m_lexpr->isDotAccessorNode()) { + generator.emitProfileType(propertyName, var, m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1)); + }; + + if (m_lexpr->isResolveNode()) { + const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); + lambdaEmitResolveVariable(ident); + return; + } + + if (m_lexpr->isAssignResolveNode()) { + const Identifier& ident = static_cast<AssignResolveNode*>(m_lexpr)->identifier(); + lambdaEmitResolveVariable(ident); + return; + } + + if (m_lexpr->isDotAccessorNode()) { DotAccessorNode* assignNode = static_cast<DotAccessorNode*>(m_lexpr); const Identifier& ident = assignNode->identifier(); - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect = propertyName; - RegisterID* base = generator.emitNode(assignNode->base()); - + RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutById(base, ident, propertyName); - } else if (m_lexpr->isBracketAccessorNode()) { + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), ident, propertyName); + } else + generator.emitPutById(base.get(), ident, propertyName); + generator.emitProfileType(propertyName, assignNode->divotStart(), assignNode->divotEnd()); + return; + } + if (m_lexpr->isBracketAccessorNode()) { BracketAccessorNode* assignNode = static_cast<BracketAccessorNode*>(m_lexpr); - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect = propertyName; RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); - RegisterID* subscript = generator.emitNode(assignNode->subscript()); - + RefPtr<RegisterID> subscript = generator.emitNode(assignNode->subscript()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutByVal(base.get(), subscript, propertyName); - } else { - ASSERT(m_lexpr->isDeconstructionNode()); - DeconstructingAssignmentNode* assignNode = static_cast<DeconstructingAssignmentNode*>(m_lexpr); + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), subscript.get(), propertyName); + } else + generator.emitPutByVal(base.get(), subscript.get(), propertyName); + generator.emitProfileType(propertyName, assignNode->divotStart(), assignNode->divotEnd()); + return; + } + + if (m_lexpr->isDestructuringNode()) { + DestructuringAssignmentNode* assignNode = static_cast<DestructuringAssignmentNode*>(m_lexpr); auto binding = assignNode->bindings(); - if (binding->isBindingNode()) { - auto simpleBinding = static_cast<BindingNode*>(binding); - Identifier ident = simpleBinding->boundProperty(); - Local local = generator.local(ident); - propertyName = local.get(); - if (!propertyName || local.isCaptured()) - goto genericBinding; - expectedSubscript = generator.emitMove(generator.newTemporary(), propertyName); - generator.pushOptimisedForIn(expectedSubscript.get(), iter.get(), i.get(), propertyName); - optimizedForinAccess = true; - goto completedSimpleBinding; - } else { - genericBinding: - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect(propertyName); + if (!binding->isBindingNode()) { assignNode->bindings()->bindValue(generator, propertyName); + return; } - completedSimpleBinding: - ; + + auto simpleBinding = static_cast<BindingNode*>(binding); + const Identifier& ident = simpleBinding->boundProperty(); + Variable var = generator.variable(ident); + if (!var.local() || var.isSpecial()) { + assignNode->bindings()->bindValue(generator, propertyName); + return; + } + generator.emitMove(var.local(), propertyName); + generator.emitProfileType(propertyName, var, simpleBinding->divotStart(), simpleBinding->divotEnd()); + return; } - generator.emitNode(dst, m_statement); + RELEASE_ASSERT_NOT_REACHED(); +} - if (optimizedForinAccess) - generator.popOptimisedForIn(); +void ForInNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!m_lexpr->isAssignResolveNode() && !m_lexpr->isAssignmentLocation()) { + emitThrowReferenceError(generator, ASCIILiteral("Left side of for-in statement is not a reference.")); + return; + } - generator.emitLabel(scope->continueTarget()); - generator.emitNextPropertyName(propertyName, base.get(), i.get(), size.get(), iter.get(), loopStart.get()); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - generator.emitLabel(scope->breakTarget()); + Ref<Label> end = generator.newLabel(); + + RegisterID* forLoopSymbolTable = nullptr; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested, &forLoopSymbolTable); + + if (m_lexpr->isAssignResolveNode()) + generator.emitNode(generator.ignoredResult(), m_lexpr); + + RefPtr<RegisterID> base = generator.newTemporary(); + RefPtr<RegisterID> length; + RefPtr<RegisterID> enumerator; + + generator.emitNode(base.get(), m_expr); + RefPtr<RegisterID> local = this->tryGetBoundLocal(generator); + RefPtr<RegisterID> enumeratorIndex; + + // Pause at the assignment expression for each for..in iteration. + generator.emitDebugHook(m_lexpr); + + int profilerStartOffset = m_statement->startOffset(); + int profilerEndOffset = m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0); + + enumerator = generator.emitGetPropertyEnumerator(generator.newTemporary(), base.get()); + + // Indexed property loop. + { + LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); + Ref<Label> loopStart = generator.newLabel(); + Ref<Label> loopEnd = generator.newLabel(); + + length = generator.emitGetEnumerableLength(generator.newTemporary(), enumerator.get()); + RefPtr<RegisterID> i = generator.emitLoad(generator.newTemporary(), jsNumber(0)); + RefPtr<RegisterID> propertyName = generator.newTemporary(); + + generator.emitLabel(loopStart.get()); + generator.emitLoopHint(); + + RefPtr<RegisterID> result = generator.emitEqualityOp(op_less, generator.newTemporary(), i.get(), length.get()); + generator.emitJumpIfFalse(result.get(), loopEnd.get()); + generator.emitHasIndexedProperty(result.get(), base.get(), i.get()); + generator.emitJumpIfFalse(result.get(), *scope->continueTarget()); + + generator.emitToIndexString(propertyName.get(), i.get()); + this->emitLoopHeader(generator, propertyName.get()); + + generator.emitProfileControlFlow(profilerStartOffset); + + generator.pushIndexedForInScope(local.get(), i.get()); + generator.emitNode(dst, m_statement); + generator.popIndexedForInScope(local.get()); + + generator.emitProfileControlFlow(profilerEndOffset); + + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); + generator.emitInc(i.get()); + generator.emitDebugHook(m_lexpr); // Pause at the assignment expression for each for..in iteration. + generator.emitJump(loopStart.get()); + + generator.emitLabel(scope->breakTarget()); + generator.emitJump(end.get()); + generator.emitLabel(loopEnd.get()); + } + + // Structure property loop. + { + LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); + Ref<Label> loopStart = generator.newLabel(); + Ref<Label> loopEnd = generator.newLabel(); + + enumeratorIndex = generator.emitLoad(generator.newTemporary(), jsNumber(0)); + RefPtr<RegisterID> propertyName = generator.newTemporary(); + generator.emitEnumeratorStructurePropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + + generator.emitLabel(loopStart.get()); + generator.emitLoopHint(); + + RefPtr<RegisterID> result = generator.emitUnaryOp(op_eq_null, generator.newTemporary(), propertyName.get()); + generator.emitJumpIfTrue(result.get(), loopEnd.get()); + generator.emitHasStructureProperty(result.get(), base.get(), propertyName.get(), enumerator.get()); + generator.emitJumpIfFalse(result.get(), *scope->continueTarget()); + + this->emitLoopHeader(generator, propertyName.get()); + + generator.emitProfileControlFlow(profilerStartOffset); + + generator.pushStructureForInScope(local.get(), enumeratorIndex.get(), propertyName.get(), enumerator.get()); + generator.emitNode(dst, m_statement); + generator.popStructureForInScope(local.get()); + + generator.emitProfileControlFlow(profilerEndOffset); + + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); + generator.emitInc(enumeratorIndex.get()); + generator.emitEnumeratorStructurePropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + generator.emitDebugHook(m_lexpr); // Pause at the assignment expression for each for..in iteration. + generator.emitJump(loopStart.get()); + + generator.emitLabel(scope->breakTarget()); + generator.emitJump(end.get()); + generator.emitLabel(loopEnd.get()); + } + + // Generic property loop. + { + LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); + Ref<Label> loopStart = generator.newLabel(); + Ref<Label> loopEnd = generator.newLabel(); + + RefPtr<RegisterID> propertyName = generator.newTemporary(); + + generator.emitEnumeratorGenericPropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + + generator.emitLabel(loopStart.get()); + generator.emitLoopHint(); + + RefPtr<RegisterID> result = generator.emitUnaryOp(op_eq_null, generator.newTemporary(), propertyName.get()); + generator.emitJumpIfTrue(result.get(), loopEnd.get()); + + generator.emitHasGenericProperty(result.get(), base.get(), propertyName.get()); + generator.emitJumpIfFalse(result.get(), *scope->continueTarget()); + + this->emitLoopHeader(generator, propertyName.get()); + + generator.emitProfileControlFlow(profilerStartOffset); + + generator.emitNode(dst, m_statement); + + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); + generator.emitInc(enumeratorIndex.get()); + generator.emitEnumeratorGenericPropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + generator.emitDebugHook(m_lexpr); // Pause at the assignment expression for each for..in iteration. + generator.emitJump(loopStart.get()); + + generator.emitLabel(scope->breakTarget()); + generator.emitJump(end.get()); + generator.emitLabel(loopEnd.get()); + } + + generator.emitLabel(end.get()); + generator.popLexicalScope(this); + generator.emitProfileControlFlow(profilerEndOffset); } // ------------------------------ ForOfNode ------------------------------------ void ForOfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (!m_lexpr->isLocation()) { - emitThrowReferenceError(generator, "Left side of for-of statement is not a reference."); + if (!m_lexpr->isAssignmentLocation()) { + emitThrowReferenceError(generator, ASCIILiteral("Left side of for-of statement is not a reference.")); return; } - - LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + + RegisterID* forLoopSymbolTable = nullptr; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested, &forLoopSymbolTable); auto extractor = [this, dst](BytecodeGenerator& generator, RegisterID* value) { if (m_lexpr->isResolveNode()) { const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); - if (Local local = generator.local(ident)) - generator.emitMove(local.get(), value); - else { + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + generator.emitMove(local, value); + } else { if (generator.isStrictMode()) generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident); + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutToScope(scope, ident, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); + generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization); } + generator.emitProfileType(value, var, m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1)); } else if (m_lexpr->isDotAccessorNode()) { DotAccessorNode* assignNode = static_cast<DotAccessorNode*>(m_lexpr); const Identifier& ident = assignNode->identifier(); RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutById(base.get(), ident, value); + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), ident, value); + } else + generator.emitPutById(base.get(), ident, value); + generator.emitProfileType(value, assignNode->divotStart(), assignNode->divotEnd()); } else if (m_lexpr->isBracketAccessorNode()) { BracketAccessorNode* assignNode = static_cast<BracketAccessorNode*>(m_lexpr); RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); RegisterID* subscript = generator.emitNode(assignNode->subscript()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutByVal(base.get(), subscript, value); + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), subscript, value); + } else + generator.emitPutByVal(base.get(), subscript, value); + generator.emitProfileType(value, assignNode->divotStart(), assignNode->divotEnd()); } else { - ASSERT(m_lexpr->isDeconstructionNode()); - DeconstructingAssignmentNode* assignNode = static_cast<DeconstructingAssignmentNode*>(m_lexpr); + ASSERT(m_lexpr->isDestructuringNode()); + DestructuringAssignmentNode* assignNode = static_cast<DestructuringAssignmentNode*>(m_lexpr); assignNode->bindings()->bindValue(generator, value); } + generator.emitProfileControlFlow(m_statement->startOffset()); generator.emitNode(dst, m_statement); }; - generator.emitEnumeration(this, m_expr, extractor); + generator.emitEnumeration(this, m_expr, extractor, this, forLoopSymbolTable); + generator.popLexicalScope(this); + generator.emitProfileControlFlow(m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0)); } // ------------------------------ ContinueNode --------------------------------- @@ -1890,26 +3010,30 @@ void ForOfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) Label* ContinueNode::trivialTarget(BytecodeGenerator& generator) { if (generator.shouldEmitDebugHooks()) - return 0; + return nullptr; - LabelScope* scope = generator.continueTarget(m_ident); + LabelScopePtr scope = generator.continueTarget(m_ident); ASSERT(scope); - if (generator.scopeDepth() != scope->scopeDepth()) - return 0; + if (generator.labelScopeDepth() != scope->scopeDepth()) + return nullptr; return scope->continueTarget(); } void ContinueNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - - LabelScope* scope = generator.continueTarget(m_ident); + LabelScopePtr scope = generator.continueTarget(m_ident); ASSERT(scope); - generator.emitPopScopes(scope->scopeDepth()); - generator.emitJump(scope->continueTarget()); + bool hasFinally = generator.emitJumpViaFinallyIfNeeded(scope->scopeDepth(), *scope->continueTarget()); + if (!hasFinally) { + int lexicalScopeIndex = generator.labelScopeDepthToLexicalScopeIndex(scope->scopeDepth()); + generator.restoreScopeRegister(lexicalScopeIndex); + generator.emitJump(*scope->continueTarget()); + } + + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ BreakNode ------------------------------------ @@ -1917,65 +3041,74 @@ void ContinueNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) Label* BreakNode::trivialTarget(BytecodeGenerator& generator) { if (generator.shouldEmitDebugHooks()) - return 0; + return nullptr; - LabelScope* scope = generator.breakTarget(m_ident); + LabelScopePtr scope = generator.breakTarget(m_ident); ASSERT(scope); - if (generator.scopeDepth() != scope->scopeDepth()) - return 0; + if (generator.labelScopeDepth() != scope->scopeDepth()) + return nullptr; - return scope->breakTarget(); + return &scope->breakTarget(); } void BreakNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - - LabelScope* scope = generator.breakTarget(m_ident); + LabelScopePtr scope = generator.breakTarget(m_ident); ASSERT(scope); - generator.emitPopScopes(scope->scopeDepth()); - generator.emitJump(scope->breakTarget()); + bool hasFinally = generator.emitJumpViaFinallyIfNeeded(scope->scopeDepth(), scope->breakTarget()); + if (!hasFinally) { + int lexicalScopeIndex = generator.labelScopeDepthToLexicalScopeIndex(scope->scopeDepth()); + generator.restoreScopeRegister(lexicalScopeIndex); + generator.emitJump(scope->breakTarget()); + } + + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ ReturnNode ----------------------------------- void ReturnNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); ASSERT(generator.codeType() == FunctionCode); if (dst == generator.ignoredResult()) dst = 0; - RefPtr<RegisterID> returnRegister = m_value ? generator.emitNode(dst, m_value) : generator.emitLoad(dst, jsUndefined()); - if (generator.scopeDepth()) { - returnRegister = generator.emitMove(generator.newTemporary(), returnRegister.get()); - generator.emitPopScopes(0); + RefPtr<RegisterID> returnRegister = m_value ? generator.emitNodeInTailPosition(dst, m_value) : generator.emitLoad(dst, jsUndefined()); + + generator.emitProfileType(returnRegister.get(), ProfileTypeBytecodeFunctionReturnStatement, divotStart(), divotEnd()); + + bool hasFinally = generator.emitReturnViaFinallyIfNeeded(returnRegister.get()); + if (!hasFinally) { + generator.emitWillLeaveCallFrameDebugHook(); + generator.emitReturn(returnRegister.get()); } - generator.emitDebugHook(WillLeaveCallFrame, lastLine(), startOffset(), lineStartOffset()); - generator.emitReturn(returnRegister.get()); + generator.emitProfileControlFlow(endOffset()); + // Emitting an unreachable return here is needed in case this op_profile_control_flow is the + // last opcode in a CodeBlock because a CodeBlock's instructions must end with a terminal opcode. + if (generator.vm()->controlFlowProfiler()) + generator.emitReturn(generator.emitLoad(nullptr, jsUndefined())); } // ------------------------------ WithNode ------------------------------------- void WithNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - RefPtr<RegisterID> scope = generator.emitNode(m_expr); generator.emitExpressionInfo(m_divot, m_divot - m_expressionLength, m_divot); generator.emitPushWithScope(scope.get()); - generator.emitNode(dst, m_statement); - generator.emitPopScope(); + generator.emitNodeInTailPosition(dst, m_statement); + generator.emitPopWithScope(); } // ------------------------------ CaseClauseNode -------------------------------- inline void CaseClauseNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { + generator.emitProfileControlFlow(m_startOffset); if (!m_statements) return; m_statements->emitBytecode(generator, dst); @@ -2074,18 +3207,17 @@ SwitchInfo::SwitchType CaseBlockNode::tryTableSwitch(Vector<ExpressionNode*, 8>& void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterID* switchExpression, RegisterID* dst) { - RefPtr<Label> defaultLabel; - Vector<RefPtr<Label>, 8> labelVector; + Vector<Ref<Label>, 8> labelVector; Vector<ExpressionNode*, 8> literalVector; int32_t min_num = std::numeric_limits<int32_t>::max(); int32_t max_num = std::numeric_limits<int32_t>::min(); SwitchInfo::SwitchType switchType = tryTableSwitch(literalVector, min_num, max_num); + Ref<Label> defaultLabel = generator.newLabel(); if (switchType != SwitchInfo::SwitchNone) { // Prepare the various labels for (uint32_t i = 0; i < literalVector.size(); i++) labelVector.append(generator.newLabel()); - defaultLabel = generator.newLabel(); generator.beginSwitch(switchExpression, switchType); } else { // Setup jumps @@ -2104,7 +3236,6 @@ void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterI labelVector.append(generator.newLabel()); generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get()); } - defaultLabel = generator.newLabel(); generator.emitJump(defaultLabel.get()); } @@ -2129,7 +3260,7 @@ void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterI ASSERT(i == labelVector.size()); if (switchType != SwitchInfo::SwitchNone) { ASSERT(labelVector.size() == literalVector.size()); - generator.endSwitch(labelVector.size(), labelVector.data(), literalVector.data(), defaultLabel.get(), min_num, max_num); + generator.endSwitch(labelVector.size(), labelVector, literalVector.data(), defaultLabel.get(), min_num, max_num); } } @@ -2137,26 +3268,26 @@ void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterI void SwitchNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - LabelScopePtr scope = generator.newLabelScope(LabelScope::Switch); RefPtr<RegisterID> r0 = generator.emitNode(m_expr); + + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::DoNotOptimize, BytecodeGenerator::NestedScopeType::IsNested); m_block->emitBytecodeForBlock(generator, r0.get(), dst); + generator.popLexicalScope(this); generator.emitLabel(scope->breakTarget()); + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ LabelNode ------------------------------------ void LabelNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - ASSERT(!generator.breakTarget(m_name)); LabelScopePtr scope = generator.newLabelScope(LabelScope::NamedLabel, &m_name); - generator.emitNode(dst, m_statement); + generator.emitNodeInTailPosition(dst, m_statement); generator.emitLabel(scope->breakTarget()); } @@ -2165,13 +3296,13 @@ void LabelNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) void ThrowNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - if (dst == generator.ignoredResult()) dst = 0; RefPtr<RegisterID> expr = generator.emitNode(m_expr); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); generator.emitThrow(expr.get()); + + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ TryNode -------------------------------------- @@ -2181,58 +3312,102 @@ void TryNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) // NOTE: The catch and finally blocks must be labeled explicitly, so the // optimizer knows they may be jumped to from anywhere. - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - ASSERT(m_catchBlock || m_finallyBlock); + BytecodeGenerator::CompletionRecordScope completionRecordScope(generator, m_finallyBlock); - RefPtr<Label> tryStartLabel = generator.newLabel(); + RefPtr<Label> catchLabel; + RefPtr<Label> catchEndLabel; + RefPtr<Label> finallyViaThrowLabel; + RefPtr<Label> finallyLabel; + RefPtr<Label> finallyEndLabel; + + Ref<Label> tryStartLabel = generator.newLabel(); generator.emitLabel(tryStartLabel.get()); - - if (m_finallyBlock) - generator.pushFinallyContext(m_finallyBlock); - TryData* tryData = generator.pushTry(tryStartLabel.get()); - generator.emitNode(dst, m_tryBlock); + if (m_finallyBlock) { + finallyViaThrowLabel = generator.newLabel(); + finallyLabel = generator.newLabel(); + finallyEndLabel = generator.newLabel(); + generator.pushFinallyControlFlowScope(*finallyLabel); + } if (m_catchBlock) { - RefPtr<Label> catchEndLabel = generator.newLabel(); - - // Normal path: jump over the catch block. - generator.emitJump(catchEndLabel.get()); + catchLabel = generator.newLabel(); + catchEndLabel = generator.newLabel(); + } + + Label& tryHandlerLabel = m_catchBlock ? *catchLabel : *finallyViaThrowLabel; + HandlerType tryHandlerType = m_catchBlock ? HandlerType::Catch : HandlerType::Finally; + TryData* tryData = generator.pushTry(tryStartLabel.get(), tryHandlerLabel, tryHandlerType); + generator.emitNode(dst, m_tryBlock); + + if (m_finallyBlock) + generator.emitJump(*finallyLabel); + else + generator.emitJump(*catchEndLabel); + + Ref<Label> endTryLabel = generator.newEmittedLabel(); + generator.popTry(tryData, endTryLabel.get()); + + if (m_catchBlock) { // Uncaught exception path: the catch block. - RefPtr<Label> here = generator.emitLabel(generator.newLabel().get()); - RefPtr<RegisterID> exceptionRegister = generator.popTryAndEmitCatch(tryData, generator.newTemporary(), here.get()); - + generator.emitLabel(*catchLabel); + RefPtr<RegisterID> thrownValueRegister = generator.newTemporary(); + RegisterID* unused = generator.newTemporary(); + generator.emitCatch(unused, thrownValueRegister.get()); + generator.restoreScopeRegister(); + + TryData* tryData = nullptr; if (m_finallyBlock) { // If the catch block throws an exception and we have a finally block, then the finally // block should "catch" that exception. - tryData = generator.pushTry(here.get()); + tryData = generator.pushTry(*catchLabel, *finallyViaThrowLabel, HandlerType::Finally); } - - generator.emitPushNameScope(m_exceptionIdent, exceptionRegister.get(), DontDelete); - generator.emitNode(dst, m_catchBlock); - generator.emitPopScope(); - generator.emitLabel(catchEndLabel.get()); + + generator.emitPushCatchScope(m_lexicalVariables); + m_catchPattern->bindValue(generator, thrownValueRegister.get()); + generator.emitProfileControlFlow(m_tryBlock->endOffset() + 1); + if (m_finallyBlock) + generator.emitNode(dst, m_catchBlock); + else + generator.emitNodeInTailPosition(dst, m_catchBlock); + generator.emitLoad(thrownValueRegister.get(), jsUndefined()); + generator.emitPopCatchScope(m_lexicalVariables); + + if (m_finallyBlock) { + generator.emitSetCompletionType(CompletionType::Normal); + generator.emitJump(*finallyLabel); + generator.popTry(tryData, *finallyViaThrowLabel); + } + + generator.emitLabel(*catchEndLabel); + generator.emitProfileControlFlow(m_catchBlock->endOffset() + 1); } if (m_finallyBlock) { - RefPtr<Label> preFinallyLabel = generator.emitLabel(generator.newLabel().get()); - - generator.popFinallyContext(); + FinallyContext finallyContext = generator.popFinallyControlFlowScope(); + + // Entry to the finally block for CompletionType::Throw. + generator.emitLabel(*finallyViaThrowLabel); + RegisterID* unused = generator.newTemporary(); + generator.emitCatch(generator.completionValueRegister(), unused); + generator.emitSetCompletionType(CompletionType::Throw); - RefPtr<Label> finallyEndLabel = generator.newLabel(); + // Entry to the finally block for CompletionTypes other than Throw. + generator.emitLabel(*finallyLabel); + generator.restoreScopeRegister(); - // Normal path: run the finally code, and jump to the end. - generator.emitNode(dst, m_finallyBlock); - generator.emitJump(finallyEndLabel.get()); + RefPtr<RegisterID> savedCompletionTypeRegister = generator.newTemporary(); + generator.emitMove(savedCompletionTypeRegister.get(), generator.completionTypeRegister()); - // Uncaught exception path: invoke the finally block, then re-throw the exception. - RefPtr<RegisterID> tempExceptionRegister = generator.popTryAndEmitCatch(tryData, generator.newTemporary(), preFinallyLabel.get()); - generator.emitNode(dst, m_finallyBlock); - generator.emitThrow(tempExceptionRegister.get()); + int finallyStartOffset = m_catchBlock ? m_catchBlock->endOffset() + 1 : m_tryBlock->endOffset() + 1; + generator.emitProfileControlFlow(finallyStartOffset); + generator.emitNodeInTailPosition(dst, m_finallyBlock); - generator.emitLabel(finallyEndLabel.get()); + generator.emitFinallyCompletion(finallyContext, savedCompletionTypeRegister.get(), *finallyEndLabel); + generator.emitLabel(*finallyEndLabel); + generator.emitProfileControlFlow(m_finallyBlock->endOffset() + 1); } } @@ -2245,20 +3420,33 @@ inline void ScopeNode::emitStatementsBytecode(BytecodeGenerator& generator, Regi m_statements->emitBytecode(generator, dst); } -// ------------------------------ ProgramNode ----------------------------- - -void ProgramNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +static void emitProgramNodeBytecode(BytecodeGenerator& generator, ScopeNode& scopeNode) { - generator.emitDebugHook(WillExecuteProgram, startLine(), startStartOffset(), startLineStartOffset()); + generator.emitDebugHook(WillExecuteProgram, scopeNode.startLine(), scopeNode.startStartOffset(), scopeNode.startLineStartOffset()); RefPtr<RegisterID> dstRegister = generator.newTemporary(); generator.emitLoad(dstRegister.get(), jsUndefined()); - emitStatementsBytecode(generator, dstRegister.get()); + generator.emitProfileControlFlow(scopeNode.startStartOffset()); + scopeNode.emitStatementsBytecode(generator, dstRegister.get()); - generator.emitDebugHook(DidExecuteProgram, lastLine(), startOffset(), lineStartOffset()); + generator.emitDebugHook(DidExecuteProgram, scopeNode.lastLine(), scopeNode.startOffset(), scopeNode.lineStartOffset()); generator.emitEnd(dstRegister.get()); } +// ------------------------------ ProgramNode ----------------------------- + +void ProgramNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + emitProgramNodeBytecode(generator, *this); +} + +// ------------------------------ ModuleProgramNode -------------------- + +void ModuleProgramNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + emitProgramNodeBytecode(generator, *this); +} + // ------------------------------ EvalNode ----------------------------- void EvalNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) @@ -2273,53 +3461,161 @@ void EvalNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) generator.emitEnd(dstRegister.get()); } -// ------------------------------ FunctionBodyNode ----------------------------- +// ------------------------------ FunctionNode ----------------------------- -void FunctionBodyNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +void FunctionNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { + if (generator.vm()->typeProfiler()) { + // If the parameter list is non simple one, it is handled in bindValue's code. + if (m_parameters->isSimpleParameterList()) { + for (size_t i = 0; i < m_parameters->size(); i++) { + BindingNode* bindingNode = static_cast<BindingNode*>(m_parameters->at(i).first); + RegisterID reg(CallFrame::argumentOffset(i)); + generator.emitProfileType(®, ProfileTypeBytecodeFunctionArgument, bindingNode->divotStart(), bindingNode->divotEnd()); + } + } + } + + generator.emitProfileControlFlow(startStartOffset()); generator.emitDebugHook(DidEnterCallFrame, startLine(), startStartOffset(), startLineStartOffset()); - emitStatementsBytecode(generator, generator.ignoredResult()); - StatementNode* singleStatement = this->singleStatement(); - ReturnNode* returnNode = 0; + switch (generator.parseMode()) { + case SourceParseMode::GeneratorWrapperFunctionMode: { + StatementNode* singleStatement = this->singleStatement(); + ASSERT(singleStatement->isExprStatement()); + ExprStatementNode* exprStatement = static_cast<ExprStatementNode*>(singleStatement); + ExpressionNode* expr = exprStatement->expr(); + ASSERT(expr->isFuncExprNode()); + FuncExprNode* funcExpr = static_cast<FuncExprNode*>(expr); + + RefPtr<RegisterID> next = generator.newTemporary(); + generator.emitNode(next.get(), funcExpr); + + if (generator.superBinding() == SuperBinding::Needed) { + RefPtr<RegisterID> homeObject = emitHomeObjectForCallee(generator); + emitPutHomeObject(generator, next.get(), homeObject.get()); + } + + generator.emitPutGeneratorFields(next.get()); - // Check for a return statement at the end of a function composed of a single block. - if (singleStatement && singleStatement->isBlock()) { - StatementNode* lastStatementInBlock = static_cast<BlockNode*>(singleStatement)->lastStatement(); - if (lastStatementInBlock && lastStatementInBlock->isReturnNode()) - returnNode = static_cast<ReturnNode*>(lastStatementInBlock); + ASSERT(startOffset() >= lineStartOffset()); + generator.emitDebugHook(WillLeaveCallFrame, lastLine(), startOffset(), lineStartOffset()); + generator.emitReturn(generator.generatorRegister()); + break; } - // If there is no return we must automatically insert one. - if (!returnNode) { - RegisterID* r0 = generator.isConstructor() ? generator.thisRegister() : generator.emitLoad(0, jsUndefined()); + case SourceParseMode::AsyncFunctionMode: + case SourceParseMode::AsyncMethodMode: + case SourceParseMode::AsyncArrowFunctionMode: { + StatementNode* singleStatement = this->singleStatement(); + ASSERT(singleStatement->isExprStatement()); + ExprStatementNode* exprStatement = static_cast<ExprStatementNode*>(singleStatement); + ExpressionNode* expr = exprStatement->expr(); + ASSERT(expr->isFuncExprNode()); + FuncExprNode* funcExpr = static_cast<FuncExprNode*>(expr); + + RefPtr<RegisterID> next = generator.newTemporary(); + generator.emitNode(next.get(), funcExpr); + + if (generator.superBinding() == SuperBinding::Needed || (generator.parseMode() == SourceParseMode::AsyncArrowFunctionMode && generator.isSuperUsedInInnerArrowFunction())) { + RefPtr<RegisterID> homeObject = emitHomeObjectForCallee(generator); + emitPutHomeObject(generator, next.get(), homeObject.get()); + } + + if (generator.parseMode() == SourceParseMode::AsyncArrowFunctionMode && generator.isThisUsedInInnerArrowFunction()) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); + + generator.emitPutGeneratorFields(next.get()); + ASSERT(startOffset() >= lineStartOffset()); generator.emitDebugHook(WillLeaveCallFrame, lastLine(), startOffset(), lineStartOffset()); - generator.emitReturn(r0); - return; + + // load and call @asyncFunctionResume + auto var = generator.variable(generator.propertyNames().builtinNames().asyncFunctionResumePrivateName()); + RefPtr<RegisterID> scope = generator.newTemporary(); + generator.moveToDestinationIfNeeded(scope.get(), generator.emitResolveScope(scope.get(), var)); + RefPtr<RegisterID> asyncFunctionResume = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + + CallArguments args(generator, nullptr, 4); + unsigned argumentCount = 0; + generator.emitLoad(args.thisRegister(), jsUndefined()); + generator.emitMove(args.argumentRegister(argumentCount++), generator.generatorRegister()); + generator.emitMove(args.argumentRegister(argumentCount++), generator.promiseCapabilityRegister()); + generator.emitLoad(args.argumentRegister(argumentCount++), jsUndefined()); + generator.emitLoad(args.argumentRegister(argumentCount++), jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::NormalMode))); + // JSTextPosition(int _line, int _offset, int _lineStartOffset) + JSTextPosition divot(firstLine(), startOffset(), lineStartOffset()); + + RefPtr<RegisterID> result = generator.newTemporary(); + generator.emitCallInTailPosition(result.get(), asyncFunctionResume.get(), NoExpectedFunction, args, divot, divot, divot, DebuggableCall::No); + generator.emitReturn(result.get()); + break; } - // If there is a return statment, and it is the only statement in the function, check if this is a numeric compare. - if (static_cast<BlockNode*>(singleStatement)->singleStatement()) { - ExpressionNode* returnValueExpression = returnNode->value(); - if (returnValueExpression && returnValueExpression->isSubtract()) { - ExpressionNode* lhsExpression = static_cast<SubNode*>(returnValueExpression)->lhs(); - ExpressionNode* rhsExpression = static_cast<SubNode*>(returnValueExpression)->rhs(); - if (lhsExpression->isResolveNode() - && rhsExpression->isResolveNode() - && generator.isArgumentNumber(static_cast<ResolveNode*>(lhsExpression)->identifier(), 0) - && generator.isArgumentNumber(static_cast<ResolveNode*>(rhsExpression)->identifier(), 1)) { - - generator.setIsNumericCompareFunction(true); - } + case SourceParseMode::AsyncArrowFunctionBodyMode: + case SourceParseMode::AsyncFunctionBodyMode: + case SourceParseMode::GeneratorBodyMode: { + Ref<Label> generatorBodyLabel = generator.newLabel(); + { + RefPtr<RegisterID> condition = generator.newTemporary(); + generator.emitEqualityOp(op_stricteq, condition.get(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::NormalMode)))); + generator.emitJumpIfTrue(condition.get(), generatorBodyLabel.get()); + + Ref<Label> throwLabel = generator.newLabel(); + generator.emitEqualityOp(op_stricteq, condition.get(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::ThrowMode)))); + generator.emitJumpIfTrue(condition.get(), throwLabel.get()); + + generator.emitReturn(generator.generatorValueRegister()); + + generator.emitLabel(throwLabel.get()); + generator.emitThrow(generator.generatorValueRegister()); } + + generator.emitLabel(generatorBodyLabel.get()); + + emitStatementsBytecode(generator, generator.ignoredResult()); + + Ref<Label> done = generator.newLabel(); + generator.emitLabel(done.get()); + generator.emitReturn(generator.emitLoad(nullptr, jsUndefined())); + break; + } + + default: { + emitStatementsBytecode(generator, generator.ignoredResult()); + + StatementNode* singleStatement = this->singleStatement(); + ReturnNode* returnNode = 0; + + // Check for a return statement at the end of a function composed of a single block. + if (singleStatement && singleStatement->isBlock()) { + StatementNode* lastStatementInBlock = static_cast<BlockNode*>(singleStatement)->lastStatement(); + if (lastStatementInBlock && lastStatementInBlock->isReturnNode()) + returnNode = static_cast<ReturnNode*>(lastStatementInBlock); + } + + // If there is no return we must automatically insert one. + if (!returnNode) { + if (generator.constructorKind() == ConstructorKind::Extends && generator.needsToUpdateArrowFunctionContext() && generator.isSuperCallUsedInInnerArrowFunction()) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); // Arrow function can invoke 'super' in constructor and before leave constructor we need load 'this' from lexical arrow function environment + + RegisterID* r0 = generator.isConstructor() ? generator.thisRegister() : generator.emitLoad(0, jsUndefined()); + generator.emitProfileType(r0, ProfileTypeBytecodeFunctionReturnStatement); // Do not emit expression info for this profile because it's not in the user's source code. + ASSERT(startOffset() >= lineStartOffset()); + generator.emitWillLeaveCallFrameDebugHook(); + generator.emitReturn(r0); + return; + } + break; + } } } // ------------------------------ FuncDeclNode --------------------------------- -void FuncDeclNode::emitBytecode(BytecodeGenerator&, RegisterID*) +void FuncDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { + generator.hoistSloppyModeFunctionIfNecessary(metadata()->ident()); } // ------------------------------ FuncExprNode --------------------------------- @@ -2328,9 +3624,217 @@ RegisterID* FuncExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* { return generator.emitNewFunctionExpression(generator.finalDestination(dst), this); } - -// ------------------------------ DeconstructingAssignmentNode ----------------- -RegisterID* DeconstructingAssignmentNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) + +// ------------------------------ ArrowFuncExprNode --------------------------------- + +RegisterID* ArrowFuncExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + return generator.emitNewArrowFunctionExpression(generator.finalDestination(dst), this); +} + +// ------------------------------ MethodDefinitionNode --------------------------------- + +RegisterID* MethodDefinitionNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + return generator.emitNewMethodDefinition(generator.finalDestination(dst), this); +} + +// ------------------------------ YieldExprNode -------------------------------- + +RegisterID* YieldExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!delegate()) { + RefPtr<RegisterID> arg = nullptr; + if (argument()) { + arg = generator.newTemporary(); + generator.emitNode(arg.get(), argument()); + } else + arg = generator.emitLoad(nullptr, jsUndefined()); + RefPtr<RegisterID> value = generator.emitYield(arg.get()); + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitMove(generator.finalDestination(dst), value.get()); + } + RefPtr<RegisterID> arg = generator.newTemporary(); + generator.emitNode(arg.get(), argument()); + RefPtr<RegisterID> value = generator.emitDelegateYield(arg.get(), this); + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitMove(generator.finalDestination(dst), value.get()); +} + +// ------------------------------ AwaitExprNode -------------------------------- + +RegisterID* AwaitExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RefPtr<RegisterID> arg = generator.newTemporary(); + generator.emitNode(arg.get(), argument()); + RefPtr<RegisterID> value = generator.emitYield(arg.get()); + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitMove(generator.finalDestination(dst), value.get()); +} + +// ------------------------------ ClassDeclNode --------------------------------- + +void ClassDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + generator.emitNode(dst, m_classDeclaration); +} + +// ------------------------------ ClassExprNode --------------------------------- + +RegisterID* ClassExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!m_name.isNull()) + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested); + + RefPtr<RegisterID> superclass; + if (m_classHeritage) { + superclass = generator.newTemporary(); + generator.emitNode(superclass.get(), m_classHeritage); + } + + RefPtr<RegisterID> constructor; + bool needsHomeObject = false; + + // FIXME: Make the prototype non-configurable & non-writable. + if (m_constructorExpression) { + ASSERT(m_constructorExpression->isFuncExprNode()); + FunctionMetadataNode* metadata = static_cast<FuncExprNode*>(m_constructorExpression)->metadata(); + metadata->setEcmaName(ecmaName()); + metadata->setClassSource(m_classSource); + constructor = generator.emitNode(dst, m_constructorExpression); + if (m_classHeritage) { + needsHomeObject = true; + RefPtr<RegisterID> isDerivedConstructor = generator.newTemporary(); + generator.emitUnaryOp(op_not, isDerivedConstructor.get(), + generator.emitUnaryOp(op_eq_null, isDerivedConstructor.get(), superclass.get())); + generator.emitDirectPutById(constructor.get(), generator.propertyNames().builtinNames().isDerivedConstructorPrivateName(), isDerivedConstructor.get(), PropertyNode::Unknown); + } else if (metadata->superBinding() == SuperBinding::Needed) + needsHomeObject = true; + } else { + if (m_classHeritage) { + constructor = generator.finalDestination(dst); + RefPtr<RegisterID> tempRegister = generator.newTemporary(); + Ref<Label> superclassIsNullLabel = generator.newLabel(); + Ref<Label> done = generator.newLabel(); + + generator.emitJumpIfTrue(generator.emitUnaryOp(op_eq_null, tempRegister.get(), superclass.get()), superclassIsNullLabel.get()); + generator.emitNewDefaultConstructor(constructor.get(), ConstructorKind::Extends, m_name, ecmaName(), m_classSource); + generator.emitLoad(tempRegister.get(), jsBoolean(true)); + generator.emitJump(done.get()); + generator.emitLabel(superclassIsNullLabel.get()); + generator.emitNewDefaultConstructor(constructor.get(), ConstructorKind::Base, m_name, ecmaName(), m_classSource); + generator.emitLoad(tempRegister.get(), jsBoolean(false)); + generator.emitLabel(done.get()); + generator.emitDirectPutById(constructor.get(), generator.propertyNames().builtinNames().isDerivedConstructorPrivateName(), tempRegister.get(), PropertyNode::Unknown); + } else { + constructor = generator.emitNewDefaultConstructor(generator.finalDestination(dst), + ConstructorKind::Base, m_name, ecmaName(), m_classSource); + } + } + + const auto& propertyNames = generator.propertyNames(); + RefPtr<RegisterID> prototype = generator.emitNewObject(generator.newTemporary()); + + if (superclass) { + RefPtr<RegisterID> protoParent = generator.newTemporary(); + generator.emitLoad(protoParent.get(), jsNull()); + + RefPtr<RegisterID> tempRegister = generator.newTemporary(); + + // FIXME: Throw TypeError if it's a generator function. + Ref<Label> superclassIsUndefinedLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitIsUndefined(tempRegister.get(), superclass.get()), superclassIsUndefinedLabel.get()); + + Ref<Label> superclassIsNullLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitUnaryOp(op_eq_null, tempRegister.get(), superclass.get()), superclassIsNullLabel.get()); + + Ref<Label> superclassIsObjectLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitIsObject(tempRegister.get(), superclass.get()), superclassIsObjectLabel.get()); + generator.emitLabel(superclassIsUndefinedLabel.get()); + generator.emitThrowTypeError(ASCIILiteral("The superclass is not an object.")); + generator.emitLabel(superclassIsObjectLabel.get()); + generator.emitGetById(protoParent.get(), superclass.get(), generator.propertyNames().prototype); + + Ref<Label> protoParentIsObjectOrNullLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitUnaryOp(op_is_object_or_null, tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get()); + generator.emitJumpIfTrue(generator.emitUnaryOp(op_is_function, tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get()); + generator.emitThrowTypeError(ASCIILiteral("The value of the superclass's prototype property is not an object.")); + generator.emitLabel(protoParentIsObjectOrNullLabel.get()); + + generator.emitDirectPutById(constructor.get(), generator.propertyNames().underscoreProto, superclass.get(), PropertyNode::Unknown); + generator.emitLabel(superclassIsNullLabel.get()); + generator.emitDirectPutById(prototype.get(), generator.propertyNames().underscoreProto, protoParent.get(), PropertyNode::Unknown); + } + + if (needsHomeObject) + emitPutHomeObject(generator, constructor.get(), prototype.get()); + + RefPtr<RegisterID> constructorNameRegister = generator.emitLoad(nullptr, propertyNames.constructor); + generator.emitCallDefineProperty(prototype.get(), constructorNameRegister.get(), constructor.get(), nullptr, nullptr, + BytecodeGenerator::PropertyConfigurable | BytecodeGenerator::PropertyWritable, m_position); + + RefPtr<RegisterID> prototypeNameRegister = generator.emitLoad(nullptr, propertyNames.prototype); + generator.emitCallDefineProperty(constructor.get(), prototypeNameRegister.get(), prototype.get(), nullptr, nullptr, 0, m_position); + + if (m_staticMethods) + generator.emitNode(constructor.get(), m_staticMethods); + + if (m_instanceMethods) + generator.emitNode(prototype.get(), m_instanceMethods); + + if (!m_name.isNull()) { + Variable classNameVar = generator.variable(m_name); + RELEASE_ASSERT(classNameVar.isResolved()); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, classNameVar); + generator.emitPutToScope(scope.get(), classNameVar, constructor.get(), ThrowIfNotFound, InitializationMode::Initialization); + generator.popLexicalScope(this); + } + + return generator.moveToDestinationIfNeeded(dst, constructor.get()); +} + +// ------------------------------ ImportDeclarationNode ----------------------- + +void ImportDeclarationNode::emitBytecode(BytecodeGenerator&, RegisterID*) +{ + // Do nothing at runtime. +} + +// ------------------------------ ExportAllDeclarationNode -------------------- + +void ExportAllDeclarationNode::emitBytecode(BytecodeGenerator&, RegisterID*) +{ + // Do nothing at runtime. +} + +// ------------------------------ ExportDefaultDeclarationNode ---------------- + +void ExportDefaultDeclarationNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(m_declaration); + generator.emitNode(dst, m_declaration); +} + +// ------------------------------ ExportLocalDeclarationNode ------------------ + +void ExportLocalDeclarationNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(m_declaration); + generator.emitNode(dst, m_declaration); +} + +// ------------------------------ ExportNamedDeclarationNode ------------------ + +void ExportNamedDeclarationNode::emitBytecode(BytecodeGenerator&, RegisterID*) +{ + // Do nothing at runtime. +} + +// ------------------------------ DestructuringAssignmentNode ----------------- +RegisterID* DestructuringAssignmentNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { if (RegisterID* result = m_bindings->emitDirectBinding(generator, dst, m_initializer)) return result; @@ -2340,67 +3844,133 @@ RegisterID* DeconstructingAssignmentNode::emitBytecode(BytecodeGenerator& genera return generator.moveToDestinationIfNeeded(dst, initializer.get()); } -DeconstructionPatternNode::~DeconstructionPatternNode() +static void assignDefaultValueIfUndefined(BytecodeGenerator& generator, RegisterID* maybeUndefined, ExpressionNode* defaultValue) { + ASSERT(defaultValue); + Ref<Label> isNotUndefined = generator.newLabel(); + generator.emitJumpIfFalse(generator.emitIsUndefined(generator.newTemporary(), maybeUndefined), isNotUndefined.get()); + generator.emitNode(maybeUndefined, defaultValue); + generator.emitLabel(isNotUndefined.get()); } - + void ArrayPatternNode::bindValue(BytecodeGenerator& generator, RegisterID* rhs) const { - for (size_t i = 0; i < m_targetPatterns.size(); i++) { - auto target = m_targetPatterns[i]; - if (!target) - continue; - RefPtr<RegisterID> temp = generator.newTemporary(); - generator.emitLoad(temp.get(), jsNumber(i)); - generator.emitGetByVal(temp.get(), rhs, temp.get()); - target->bindValue(generator, temp.get()); + RefPtr<RegisterID> iterator = generator.newTemporary(); + { + generator.emitGetById(iterator.get(), rhs, generator.propertyNames().iteratorSymbol); + CallArguments args(generator, nullptr); + generator.emitMove(args.thisRegister(), rhs); + generator.emitCall(iterator.get(), iterator.get(), NoExpectedFunction, args, divot(), divotStart(), divotEnd(), DebuggableCall::No); } + + if (m_targetPatterns.isEmpty()) { + generator.emitIteratorClose(iterator.get(), this); + return; + } + + RefPtr<RegisterID> done; + for (auto& target : m_targetPatterns) { + switch (target.bindingType) { + case BindingType::Elision: + case BindingType::Element: { + Ref<Label> iterationSkipped = generator.newLabel(); + if (!done) + done = generator.newTemporary(); + else + generator.emitJumpIfTrue(done.get(), iterationSkipped.get()); + + RefPtr<RegisterID> value = generator.newTemporary(); + generator.emitIteratorNext(value.get(), iterator.get(), this); + generator.emitGetById(done.get(), value.get(), generator.propertyNames().done); + generator.emitJumpIfTrue(done.get(), iterationSkipped.get()); + generator.emitGetById(value.get(), value.get(), generator.propertyNames().value); + + { + Ref<Label> valueIsSet = generator.newLabel(); + generator.emitJump(valueIsSet.get()); + generator.emitLabel(iterationSkipped.get()); + generator.emitLoad(value.get(), jsUndefined()); + generator.emitLabel(valueIsSet.get()); + } + + if (target.bindingType == BindingType::Element) { + if (target.defaultValue) + assignDefaultValueIfUndefined(generator, value.get(), target.defaultValue); + target.pattern->bindValue(generator, value.get()); + } + break; + } + + case BindingType::RestElement: { + RefPtr<RegisterID> array = generator.emitNewArray(generator.newTemporary(), 0, 0); + + Ref<Label> iterationDone = generator.newLabel(); + if (!done) + done = generator.newTemporary(); + else + generator.emitJumpIfTrue(done.get(), iterationDone.get()); + + RefPtr<RegisterID> index = generator.newTemporary(); + generator.emitLoad(index.get(), jsNumber(0)); + Ref<Label> loopStart = generator.newLabel(); + generator.emitLabel(loopStart.get()); + + RefPtr<RegisterID> value = generator.newTemporary(); + generator.emitIteratorNext(value.get(), iterator.get(), this); + generator.emitGetById(done.get(), value.get(), generator.propertyNames().done); + generator.emitJumpIfTrue(done.get(), iterationDone.get()); + generator.emitGetById(value.get(), value.get(), generator.propertyNames().value); + + generator.emitDirectPutByVal(array.get(), index.get(), value.get()); + generator.emitInc(index.get()); + generator.emitJump(loopStart.get()); + + generator.emitLabel(iterationDone.get()); + target.pattern->bindValue(generator, array.get()); + break; + } + } + } + + Ref<Label> iteratorClosed = generator.newLabel(); + generator.emitJumpIfTrue(done.get(), iteratorClosed.get()); + generator.emitIteratorClose(iterator.get(), this); + generator.emitLabel(iteratorClosed.get()); } RegisterID* ArrayPatternNode::emitDirectBinding(BytecodeGenerator& generator, RegisterID* dst, ExpressionNode* rhs) { - if (rhs->isResolveNode() - && generator.willResolveToArguments(static_cast<ResolveNode*>(rhs)->identifier()) - && !generator.symbolTable().slowArguments()) { - for (size_t i = 0; i < m_targetPatterns.size(); i++) { - auto target = m_targetPatterns[i]; - if (!target) - continue; - - RefPtr<RegisterID> temp = generator.newTemporary(); - generator.emitLoad(temp.get(), jsNumber(i)); - generator.emitGetArgumentByVal(temp.get(), generator.uncheckedRegisterForArguments(), temp.get()); - target->bindValue(generator, temp.get()); - } - if (dst == generator.ignoredResult() || !dst) - return generator.emitLoad(generator.finalDestination(dst), jsUndefined()); - Local local = generator.local(generator.vm()->propertyNames->arguments); - return generator.moveToDestinationIfNeeded(dst, local.get()); - } if (!rhs->isSimpleArray()) - return 0; + return nullptr; + + ElementNode* elementNodes = static_cast<ArrayNode*>(rhs)->elements(); + Vector<ExpressionNode*> elements; + for (; elementNodes; elementNodes = elementNodes->next()) { + ExpressionNode* value = elementNodes->value(); + if (value->isSpreadExpression()) + return nullptr; + elements.append(value); + } RefPtr<RegisterID> resultRegister; if (dst && dst != generator.ignoredResult()) resultRegister = generator.emitNewArray(generator.newTemporary(), 0, 0); - ElementNode* elementNodes = static_cast<ArrayNode*>(rhs)->elements(); - Vector<ExpressionNode*> elements; - for (; elementNodes; elementNodes = elementNodes->next()) - elements.append(elementNodes->value()); if (m_targetPatterns.size() != elements.size()) - return 0; + return nullptr; Vector<RefPtr<RegisterID>> registers; registers.reserveCapacity(m_targetPatterns.size()); for (size_t i = 0; i < m_targetPatterns.size(); i++) { registers.uncheckedAppend(generator.newTemporary()); generator.emitNode(registers.last().get(), elements[i]); + if (m_targetPatterns[i].defaultValue) + assignDefaultValueIfUndefined(generator, registers.last().get(), m_targetPatterns[i].defaultValue); if (resultRegister) generator.emitPutByIndex(resultRegister.get(), i, registers.last().get()); } for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (m_targetPatterns[i]) - m_targetPatterns[i]->bindValue(generator, registers[i].get()); + if (m_targetPatterns[i].pattern) + m_targetPatterns[i].pattern->bindValue(generator, registers[i].get()); } if (resultRegister) return generator.moveToDestinationIfNeeded(dst, resultRegister.get()); @@ -2411,13 +3981,24 @@ void ArrayPatternNode::toString(StringBuilder& builder) const { builder.append('['); for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (!m_targetPatterns[i]) { + const auto& target = m_targetPatterns[i]; + + switch (target.bindingType) { + case BindingType::Elision: builder.append(','); - continue; + break; + + case BindingType::Element: + target.pattern->toString(builder); + if (i < m_targetPatterns.size() - 1) + builder.append(','); + break; + + case BindingType::RestElement: + builder.appendLiteral("..."); + target.pattern->toString(builder); + break; } - m_targetPatterns[i]->toString(builder); - if (i < m_targetPatterns.size() - 1) - builder.append(','); } builder.append(']'); } @@ -2425,7 +4006,7 @@ void ArrayPatternNode::toString(StringBuilder& builder) const void ArrayPatternNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) const { for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (DeconstructionPatternNode* node = m_targetPatterns[i].get()) + if (DestructuringPatternNode* node = m_targetPatterns[i].pattern) node->collectBoundIdentifiers(identifiers); } } @@ -2434,13 +4015,11 @@ void ObjectPatternNode::toString(StringBuilder& builder) const { builder.append('{'); for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (m_targetPatterns[i].wasString) { - builder.append('"'); - escapeStringToBuilder(builder, m_targetPatterns[i].propertyName.string()); - builder.append('"'); - } else + if (m_targetPatterns[i].wasString) + builder.appendQuotedJSONString(m_targetPatterns[i].propertyName.string()); + else builder.append(m_targetPatterns[i].propertyName.string()); - builder.append(":"); + builder.append(':'); m_targetPatterns[i].pattern->toString(builder); if (i < m_targetPatterns.size() - 1) builder.append(','); @@ -2450,10 +4029,25 @@ void ObjectPatternNode::toString(StringBuilder& builder) const void ObjectPatternNode::bindValue(BytecodeGenerator& generator, RegisterID* rhs) const { - for (size_t i = 0; i < m_targetPatterns.size(); i++) { - auto& target = m_targetPatterns[i]; + generator.emitRequireObjectCoercible(rhs, ASCIILiteral("Right side of assignment cannot be destructured")); + for (const auto& target : m_targetPatterns) { RefPtr<RegisterID> temp = generator.newTemporary(); - generator.emitGetById(temp.get(), rhs, target.propertyName); + if (!target.propertyExpression) { + // Should not emit get_by_id for indexed ones. + std::optional<uint32_t> optionalIndex = parseIndex(target.propertyName); + if (!optionalIndex) + generator.emitGetById(temp.get(), rhs, target.propertyName); + else { + RefPtr<RegisterID> index = generator.emitLoad(nullptr, jsNumber(optionalIndex.value())); + generator.emitGetByVal(temp.get(), rhs, index.get()); + } + } else { + RefPtr<RegisterID> propertyName = generator.emitNode(target.propertyExpression); + generator.emitGetByVal(temp.get(), rhs, propertyName.get()); + } + + if (target.defaultValue) + assignDefaultValueIfUndefined(generator, temp.get(), target.defaultValue); target.pattern->bindValue(generator, temp.get()); } } @@ -2466,19 +4060,35 @@ void ObjectPatternNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) void BindingNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const { - if (Local local = generator.local(m_boundProperty)) { - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); + Variable var = generator.variable(m_boundProperty); + bool isReadOnly = var.isReadOnly() && m_bindingContext != AssignmentContext::ConstDeclarationStatement; + if (RegisterID* local = var.local()) { + if (m_bindingContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, local, nullptr); + if (isReadOnly) { + generator.emitReadOnlyExceptionIfNeeded(var); return; } - generator.emitMove(local.get(), value); + generator.emitMove(local, value); + generator.emitProfileType(local, var, divotStart(), divotEnd()); + if (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); return; } if (generator.isStrictMode()) generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); - RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), m_boundProperty); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); - generator.emitPutToScope(scope, m_boundProperty, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); + if (m_bindingContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, nullptr, scope.get()); + if (isReadOnly) { + generator.emitReadOnlyExceptionIfNeeded(var); + return; + } + generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_bindingContext)); + generator.emitProfileType(value, var, divotStart(), divotEnd()); + if (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); return; } @@ -2491,7 +4101,97 @@ void BindingNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) const { identifiers.append(m_boundProperty); } - + +void AssignmentElementNode::collectBoundIdentifiers(Vector<Identifier>&) const +{ +} + +void AssignmentElementNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const +{ + if (m_assignmentTarget->isResolveNode()) { + ResolveNode* lhs = static_cast<ResolveNode*>(m_assignmentTarget); + Variable var = generator.variable(lhs->identifier()); + bool isReadOnly = var.isReadOnly(); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + + if (isReadOnly) + generator.emitReadOnlyExceptionIfNeeded(var); + else { + generator.invalidateForInContextForLocal(local); + generator.moveToDestinationIfNeeded(local, value); + generator.emitProfileType(local, divotStart(), divotEnd()); + } + return; + } + if (generator.isStrictMode()) + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + generator.emitTDZCheckIfNecessary(var, nullptr, scope.get()); + if (isReadOnly) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return; + } + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + if (!isReadOnly) { + generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(value, var, divotStart(), divotEnd()); + } + } else if (m_assignmentTarget->isDotAccessorNode()) { + DotAccessorNode* lhs = static_cast<DotAccessorNode*>(m_assignmentTarget); + RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(lhs->base(), true, false); + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + if (lhs->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), lhs->identifier(), value); + } else + generator.emitPutById(base.get(), lhs->identifier(), value); + generator.emitProfileType(value, divotStart(), divotEnd()); + } else if (m_assignmentTarget->isBracketAccessorNode()) { + BracketAccessorNode* lhs = static_cast<BracketAccessorNode*>(m_assignmentTarget); + RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(lhs->base(), true, false); + RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(lhs->subscript(), true, false); + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + if (lhs->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), value); + } else + generator.emitPutByVal(base.get(), property.get(), value); + generator.emitProfileType(value, divotStart(), divotEnd()); + } +} + +void AssignmentElementNode::toString(StringBuilder& builder) const +{ + if (m_assignmentTarget->isResolveNode()) + builder.append(static_cast<ResolveNode*>(m_assignmentTarget)->identifier().string()); +} + +void RestParameterNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) const +{ + m_pattern->collectBoundIdentifiers(identifiers); +} + +void RestParameterNode::toString(StringBuilder& builder) const +{ + builder.appendLiteral("..."); + m_pattern->toString(builder); +} + +void RestParameterNode::bindValue(BytecodeGenerator&, RegisterID*) const +{ + RELEASE_ASSERT_NOT_REACHED(); +} + +void RestParameterNode::emit(BytecodeGenerator& generator) +{ + RefPtr<RegisterID> temp = generator.newTemporary(); + generator.emitRestParameter(temp.get(), m_numParametersToSkip); + m_pattern->bindValue(generator, temp.get()); +} + + RegisterID* SpreadExpressionNode::emitBytecode(BytecodeGenerator&, RegisterID*) { RELEASE_ASSERT_NOT_REACHED(); diff --git a/Source/JavaScriptCore/bytecompiler/RegisterID.h b/Source/JavaScriptCore/bytecompiler/RegisterID.h index 83216f613..cc80f5eb8 100644 --- a/Source/JavaScriptCore/bytecompiler/RegisterID.h +++ b/Source/JavaScriptCore/bytecompiler/RegisterID.h @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,8 +26,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef RegisterID_h -#define RegisterID_h +#pragma once #include "VirtualRegister.h" @@ -70,7 +69,6 @@ namespace JSC { void setIndex(int index) { - ASSERT(!m_refCount); #ifndef NDEBUG m_didSetIndex = true; #endif @@ -135,5 +133,3 @@ namespace WTF { }; } // namespace WTF - -#endif // RegisterID_h diff --git a/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalysis.h b/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalysis.h index 293c22414..d11be1a32 100644 --- a/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalysis.h +++ b/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalysis.h @@ -23,10 +23,8 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef StaticPropertyAnalysis_h -#define StaticPropertyAnalysis_h +#pragma once -#include "Executable.h" #include "JSGlobalObject.h" #include <wtf/HashSet.h> @@ -35,9 +33,9 @@ namespace JSC { // Reference count indicates number of live registers that alias this object. class StaticPropertyAnalysis : public RefCounted<StaticPropertyAnalysis> { public: - static PassRefPtr<StaticPropertyAnalysis> create(Vector<UnlinkedInstruction, 0, UnsafeVectorOverflow>* instructions, unsigned target) + static Ref<StaticPropertyAnalysis> create(Vector<UnlinkedInstruction, 0, UnsafeVectorOverflow>* instructions, unsigned target) { - return adoptRef(new StaticPropertyAnalysis(instructions, target)); + return adoptRef(*new StaticPropertyAnalysis(instructions, target)); } void addPropertyIndex(unsigned propertyIndex) { m_propertyIndexes.add(propertyIndex); } @@ -63,5 +61,3 @@ private: }; } // namespace JSC - -#endif // StaticPropertyAnalysis_h diff --git a/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalyzer.h b/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalyzer.h index e63fef86a..cc3b1e4a9 100644 --- a/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalyzer.h +++ b/Source/JavaScriptCore/bytecompiler/StaticPropertyAnalyzer.h @@ -23,8 +23,7 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef StaticPropertyAnalyzer_h -#define StaticPropertyAnalyzer_h +#pragma once #include "StaticPropertyAnalysis.h" #include <wtf/HashMap.h> @@ -72,7 +71,7 @@ inline void StaticPropertyAnalyzer::newObject(int dst, unsigned offsetOfInlineCa AnalysisMap::AddResult addResult = m_analyses.add(dst, analysis); if (!addResult.isNewEntry) { kill(addResult.iterator->value.get()); - addResult.iterator->value = analysis.release(); + addResult.iterator->value = WTFMove(analysis); } } @@ -95,7 +94,7 @@ inline void StaticPropertyAnalyzer::mov(int dst, int src) AnalysisMap::AddResult addResult = m_analyses.add(dst, analysis); if (!addResult.isNewEntry) { kill(addResult.iterator->value.get()); - addResult.iterator->value = analysis.release(); + addResult.iterator->value = WTFMove(analysis); } } @@ -166,5 +165,3 @@ inline void StaticPropertyAnalyzer::kill() } } // namespace JSC - -#endif // StaticPropertyAnalyzer_h |