diff options
Diffstat (limited to 'Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp')
| -rw-r--r-- | Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp | 3014 |
1 files changed, 2357 insertions, 657 deletions
diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp index 1ffd4f311..8f6f0582d 100644 --- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp +++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp @@ -1,7 +1,7 @@ /* * Copyright (C) 1999-2002 Harri Porten (porten@kde.org) * Copyright (C) 2001 Peter Kelly (pmk@post.com) -* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2012, 2013 Apple Inc. All rights reserved. +* Copyright (C) 2003-2017 Apple Inc. All rights reserved. * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca) * Copyright (C) 2007 Maks Orlovich * Copyright (C) 2007 Eric Seidel <eric@webkit.org> @@ -28,26 +28,21 @@ #include "Nodes.h" #include "NodeConstructors.h" +#include "BuiltinNames.h" #include "BytecodeGenerator.h" #include "CallFrame.h" -#include "Debugger.h" #include "JIT.h" +#include "JSCInlines.h" #include "JSFunction.h" +#include "JSGeneratorFunction.h" #include "JSGlobalObject.h" -#include "JSNameScope.h" -#include "JSONObject.h" #include "LabelScope.h" #include "Lexer.h" -#include "Operations.h" #include "Parser.h" -#include "PropertyNameArray.h" -#include "RegExpCache.h" -#include "RegExpObject.h" -#include "SamplingTool.h" #include "StackAlignment.h" #include <wtf/Assertions.h> -#include <wtf/RefCountedLeakCounter.h> #include <wtf/Threading.h> +#include <wtf/text/StringBuilder.h> using namespace WTF; @@ -76,7 +71,7 @@ namespace JSC { because the assignment node, "x =", passes r[x] as dst to the number node, "1". */ -void ExpressionNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void ExpressionNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { RegisterID* result = generator.emitNode(this); if (fallThroughMode == FallThroughMeansTrue) @@ -96,9 +91,15 @@ RegisterID* ThrowableExpressionData::emitThrowReferenceError(BytecodeGenerator& // ------------------------------ ConstantNode ---------------------------------- -void ConstantNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void ConstantNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { TriState value = jsValue(generator).pureToBoolean(); + + if (UNLIKELY(needsDebugHook())) { + if (value != MixedTriState) + generator.emitDebugHook(this); + } + if (value == MixedTriState) ExpressionNode::emitBytecodeInConditionContext(generator, trueTarget, falseTarget, fallThroughMode); else if (value == TrueTriState && fallThroughMode == FallThroughMeansFalse) @@ -121,6 +122,15 @@ JSValue StringNode::jsValue(BytecodeGenerator& generator) const return generator.addStringConstant(m_value); } +// ------------------------------ NumberNode ---------------------------------- + +RegisterID* NumberNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitLoad(dst, jsValue(generator), isIntegerNode() ? SourceCodeRepresentation::Integer : SourceCodeRepresentation::Double); +} + // ------------------------------ RegExpNode ----------------------------------- RegisterID* RegExpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) @@ -134,30 +144,222 @@ RegisterID* RegExpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* d RegisterID* ThisNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { + generator.ensureThis(); if (dst == generator.ignoredResult()) return 0; - return generator.moveToDestinationIfNeeded(dst, generator.thisRegister()); + + RegisterID* result = generator.moveToDestinationIfNeeded(dst, generator.thisRegister()); + static const unsigned thisLength = 4; + generator.emitProfileType(generator.thisRegister(), position(), JSTextPosition(-1, position().offset + thisLength, -1)); + return result; +} + +// ------------------------------ SuperNode ------------------------------------- + +static RegisterID* emitHomeObjectForCallee(BytecodeGenerator& generator) +{ + if (generator.isDerivedClassContext() || generator.isDerivedConstructorContext()) { + RegisterID* derivedConstructor = generator.emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment(); + return generator.emitGetById(generator.newTemporary(), derivedConstructor, generator.propertyNames().builtinNames().homeObjectPrivateName()); + } + + RegisterID callee; + callee.setIndex(CallFrameSlot::callee); + return generator.emitGetById(generator.newTemporary(), &callee, generator.propertyNames().builtinNames().homeObjectPrivateName()); +} + +static RegisterID* emitSuperBaseForCallee(BytecodeGenerator& generator) +{ + RefPtr<RegisterID> homeObject = emitHomeObjectForCallee(generator); + return generator.emitGetById(generator.newTemporary(), homeObject.get(), generator.propertyNames().underscoreProto); +} + +static RegisterID* emitGetSuperFunctionForConstruct(BytecodeGenerator& generator) +{ + if (generator.isDerivedConstructorContext()) + return generator.emitGetById(generator.newTemporary(), generator.emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment(), generator.propertyNames().underscoreProto); + + RegisterID callee; + callee.setIndex(CallFrameSlot::callee); + return generator.emitGetById(generator.newTemporary(), &callee, generator.propertyNames().underscoreProto); +} + +RegisterID* SuperNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RegisterID* result = emitSuperBaseForCallee(generator); + return generator.moveToDestinationIfNeeded(generator.finalDestination(dst), result); +} + +// ------------------------------ ImportNode ------------------------------------- + +RegisterID* ImportNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RefPtr<RegisterID> importModule = generator.emitGetGlobalPrivate(generator.newTemporary(), generator.propertyNames().builtinNames().importModulePrivateName()); + CallArguments arguments(generator, nullptr, 1); + generator.emitLoad(arguments.thisRegister(), jsUndefined()); + generator.emitNode(arguments.argumentRegister(0), m_expr); + return generator.emitCall(generator.finalDestination(dst, importModule.get()), importModule.get(), NoExpectedFunction, arguments, divot(), divotStart(), divotEnd(), DebuggableCall::No); +} + +// ------------------------------ NewTargetNode ---------------------------------- + +RegisterID* NewTargetNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (dst == generator.ignoredResult()) + return nullptr; + + return generator.moveToDestinationIfNeeded(dst, generator.newTarget()); } // ------------------------------ ResolveNode ---------------------------------- bool ResolveNode::isPure(BytecodeGenerator& generator) const { - return generator.local(m_ident).get(); + return generator.variable(m_ident).offset().isStack(); } RegisterID* ResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); if (dst == generator.ignoredResult()) - return 0; - return generator.moveToDestinationIfNeeded(dst, local.get()); + return nullptr; + + generator.emitProfileType(local, var, m_position, JSTextPosition(-1, m_position.offset + m_ident.length(), -1)); + return generator.moveToDestinationIfNeeded(dst, local); } JSTextPosition divot = m_start + m_ident.length(); generator.emitExpressionInfo(divot, m_start, divot); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident); - return generator.emitGetFromScope(generator.finalDestination(dst), scope.get(), m_ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var); + RegisterID* finalDest = generator.finalDestination(dst); + RegisterID* result = generator.emitGetFromScope(finalDest, scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, finalDest, nullptr); + generator.emitProfileType(finalDest, var, m_position, JSTextPosition(-1, m_position.offset + m_ident.length(), -1)); + return result; +} + +// ------------------------------ TemplateStringNode ----------------------------------- + +RegisterID* TemplateStringNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (dst == generator.ignoredResult()) + return nullptr; + ASSERT(cooked()); + return generator.emitLoad(dst, JSValue(generator.addStringConstant(*cooked()))); +} + +// ------------------------------ TemplateLiteralNode ----------------------------------- + +RegisterID* TemplateLiteralNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!m_templateExpressions) { + TemplateStringNode* templateString = m_templateStrings->value(); + ASSERT_WITH_MESSAGE(!m_templateStrings->next(), "Only one template element exists because there's no expression in a given template literal."); + return generator.emitNode(dst, templateString); + } + + Vector<RefPtr<RegisterID>, 16> temporaryRegisters; + + TemplateStringListNode* templateString = m_templateStrings; + TemplateExpressionListNode* templateExpression = m_templateExpressions; + for (; templateExpression; templateExpression = templateExpression->next(), templateString = templateString->next()) { + // Evaluate TemplateString. + ASSERT(templateString->value()->cooked()); + if (!templateString->value()->cooked()->isEmpty()) { + temporaryRegisters.append(generator.newTemporary()); + generator.emitNode(temporaryRegisters.last().get(), templateString->value()); + } + + // Evaluate Expression. + temporaryRegisters.append(generator.newTemporary()); + generator.emitNode(temporaryRegisters.last().get(), templateExpression->value()); + generator.emitToString(temporaryRegisters.last().get(), temporaryRegisters.last().get()); + } + + // Evaluate tail TemplateString. + ASSERT(templateString->value()->cooked()); + if (!templateString->value()->cooked()->isEmpty()) { + temporaryRegisters.append(generator.newTemporary()); + generator.emitNode(temporaryRegisters.last().get(), templateString->value()); + } + + if (temporaryRegisters.size() == 1) + return generator.emitToString(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get()); + + return generator.emitStrcat(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get(), temporaryRegisters.size()); +} + +// ------------------------------ TaggedTemplateNode ----------------------------------- + +RegisterID* TaggedTemplateNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ExpectedFunction expectedFunction = NoExpectedFunction; + RefPtr<RegisterID> tag = nullptr; + RefPtr<RegisterID> base = nullptr; + if (!m_tag->isLocation()) { + tag = generator.newTemporary(); + tag = generator.emitNode(tag.get(), m_tag); + } else if (m_tag->isResolveNode()) { + ResolveNode* resolve = static_cast<ResolveNode*>(m_tag); + const Identifier& identifier = resolve->identifier(); + expectedFunction = generator.expectedFunctionForIdentifier(identifier); + + Variable var = generator.variable(identifier); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + tag = generator.emitMove(generator.newTemporary(), local); + } else { + tag = generator.newTemporary(); + base = generator.newTemporary(); + + JSTextPosition newDivot = divotStart() + identifier.length(); + generator.emitExpressionInfo(newDivot, divotStart(), newDivot); + generator.moveToDestinationIfNeeded(base.get(), generator.emitResolveScope(base.get(), var)); + generator.emitGetFromScope(tag.get(), base.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, tag.get(), nullptr); + } + } else if (m_tag->isBracketAccessorNode()) { + BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(m_tag); + base = generator.newTemporary(); + base = generator.emitNode(base.get(), bracket->base()); + RefPtr<RegisterID> property = generator.emitNode(bracket->subscript()); + if (bracket->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + tag = generator.emitGetByVal(generator.newTemporary(), base.get(), thisValue.get(), property.get()); + } else + tag = generator.emitGetByVal(generator.newTemporary(), base.get(), property.get()); + } else { + ASSERT(m_tag->isDotAccessorNode()); + DotAccessorNode* dot = static_cast<DotAccessorNode*>(m_tag); + base = generator.newTemporary(); + base = generator.emitNode(base.get(), dot->base()); + if (dot->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + tag = generator.emitGetById(generator.newTemporary(), base.get(), thisValue.get(), dot->identifier()); + } else + tag = generator.emitGetById(generator.newTemporary(), base.get(), dot->identifier()); + } + + RefPtr<RegisterID> templateObject = generator.emitGetTemplateObject(generator.newTemporary(), this); + + unsigned expressionsCount = 0; + for (TemplateExpressionListNode* templateExpression = m_templateLiteral->templateExpressions(); templateExpression; templateExpression = templateExpression->next()) + ++expressionsCount; + + CallArguments callArguments(generator, nullptr, 1 + expressionsCount); + if (base) + generator.emitMove(callArguments.thisRegister(), base.get()); + else + generator.emitLoad(callArguments.thisRegister(), jsUndefined()); + + unsigned argumentIndex = 0; + generator.emitMove(callArguments.argumentRegister(argumentIndex++), templateObject.get()); + for (TemplateExpressionListNode* templateExpression = m_templateLiteral->templateExpressions(); templateExpression; templateExpression = templateExpression->next()) + generator.emitNode(callArguments.argumentRegister(argumentIndex++), templateExpression->value()); + + return generator.emitCallInTailPosition(generator.finalDestination(dst, tag.get()), tag.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } // ------------------------------ ArrayNode ------------------------------------ @@ -177,6 +379,21 @@ RegisterID* ArrayNode::emitBytecode(BytecodeGenerator& generator, RegisterID* ds if (!firstPutElement && !m_elision) return generator.emitNewArray(generator.finalDestination(dst), m_element, length); + if (firstPutElement && firstPutElement->value()->isSpreadExpression()) { + bool hasElision = false; + for (ElementNode* node = m_element; node; node = node->next()) { + if (!!node->elision()) { + hasElision = true; + break; + } + } + if (!!m_elision) + hasElision = true; + + if (!hasElision) + return generator.emitNewArrayWithSpread(generator.finalDestination(dst), m_element); + } + RefPtr<RegisterID> array = generator.emitNewArray(generator.tempDestination(dst), m_element, length); ElementNode* n = firstPutElement; for (; n; n = n->next()) { @@ -227,11 +444,13 @@ bool ArrayNode::isSimpleArray() const for (ElementNode* ptr = m_element; ptr; ptr = ptr->next()) { if (ptr->elision()) return false; + if (ptr->value()->isSpreadExpression()) + return false; } return true; } -ArgumentListNode* ArrayNode::toArgumentList(VM* vm, int lineNumber, int startPosition) const +ArgumentListNode* ArrayNode::toArgumentList(ParserArena& parserArena, int lineNumber, int startPosition) const { ASSERT(!m_elision && !m_optional); ElementNode* ptr = m_element; @@ -240,12 +459,12 @@ ArgumentListNode* ArrayNode::toArgumentList(VM* vm, int lineNumber, int startPos JSTokenLocation location; location.line = lineNumber; location.startOffset = startPosition; - ArgumentListNode* head = new (vm) ArgumentListNode(location, ptr->value()); + ArgumentListNode* head = new (parserArena) ArgumentListNode(location, ptr->value()); ArgumentListNode* tail = head; ptr = ptr->next(); for (; ptr; ptr = ptr->next()) { ASSERT(!ptr->elision()); - tail = new (vm) ArgumentListNode(location, tail, ptr->value()); + tail = new (parserArena) ArgumentListNode(location, tail, ptr->value()); } return head; } @@ -254,49 +473,59 @@ ArgumentListNode* ArrayNode::toArgumentList(VM* vm, int lineNumber, int startPos RegisterID* ObjectLiteralNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (!m_list) { - if (dst == generator.ignoredResult()) - return 0; - return generator.emitNewObject(generator.finalDestination(dst)); - } - return generator.emitNode(dst, m_list); + if (!m_list) { + if (dst == generator.ignoredResult()) + return 0; + return generator.emitNewObject(generator.finalDestination(dst)); + } + RefPtr<RegisterID> newObj = generator.emitNewObject(generator.tempDestination(dst)); + generator.emitNode(newObj.get(), m_list); + return generator.moveToDestinationIfNeeded(dst, newObj.get()); } // ------------------------------ PropertyListNode ----------------------------- +static inline void emitPutHomeObject(BytecodeGenerator& generator, RegisterID* function, RegisterID* homeObject) +{ + generator.emitPutById(function, generator.propertyNames().builtinNames().homeObjectPrivateName(), homeObject); +} + RegisterID* PropertyListNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> newObj = generator.tempDestination(dst); - - generator.emitNewObject(newObj.get()); - // Fast case: this loop just handles regular value properties. PropertyListNode* p = this; - for (; p && p->m_node->m_type == PropertyNode::Constant; p = p->m_next) { - if (p->m_node->m_name) { - generator.emitDirectPutById(newObj.get(), *p->m_node->name(), generator.emitNode(p->m_node->m_assign)); - continue; - } - RefPtr<RegisterID> propertyName = generator.emitNode(p->m_node->m_expression); - generator.emitDirectPutByVal(newObj.get(), propertyName.get(), generator.emitNode(p->m_node->m_assign)); - } + for (; p && (p->m_node->m_type & PropertyNode::Constant); p = p->m_next) + emitPutConstantProperty(generator, dst, *p->m_node); // Were there any get/set properties? if (p) { + // Build a list of getter/setter pairs to try to put them at the same time. If we encounter + // a computed property, just emit everything as that may override previous values. + bool hasComputedProperty = false; + typedef std::pair<PropertyNode*, PropertyNode*> GetterSetterPair; - typedef HashMap<StringImpl*, GetterSetterPair> GetterSetterMap; + typedef HashMap<UniquedStringImpl*, GetterSetterPair, IdentifierRepHash> GetterSetterMap; GetterSetterMap map; // Build a map, pairing get/set values together. for (PropertyListNode* q = p; q; q = q->m_next) { PropertyNode* node = q->m_node; - if (node->m_type == PropertyNode::Constant) + if (node->m_type & PropertyNode::Computed) { + hasComputedProperty = true; + break; + } + if (node->m_type & PropertyNode::Constant) continue; - GetterSetterPair pair(node, static_cast<PropertyNode*>(0)); + // Duplicates are possible. + GetterSetterPair pair(node, static_cast<PropertyNode*>(nullptr)); GetterSetterMap::AddResult result = map.add(node->name()->impl(), pair); - if (!result.isNewEntry) - result.iterator->value.second = node; + if (!result.isNewEntry) { + if (result.iterator->value.first->m_type == node->m_type) + result.iterator->value.first = node; + else + result.iterator->value.second = node; + } } // Iterate over the remaining properties in the list. @@ -304,20 +533,41 @@ RegisterID* PropertyListNode::emitBytecode(BytecodeGenerator& generator, Registe PropertyNode* node = p->m_node; // Handle regular values. - if (node->m_type == PropertyNode::Constant) { - if (node->name()) { - generator.emitDirectPutById(newObj.get(), *node->name(), generator.emitNode(node->m_assign)); + if (node->m_type & PropertyNode::Constant) { + emitPutConstantProperty(generator, dst, *node); + continue; + } + + RefPtr<RegisterID> value = generator.emitNode(node->m_assign); + bool needsSuperBinding = node->needsSuperBinding(); + if (needsSuperBinding) + emitPutHomeObject(generator, value.get(), dst); + + unsigned attributes = node->isClassProperty() ? (Accessor | DontEnum) : Accessor; + + ASSERT(node->m_type & (PropertyNode::Getter | PropertyNode::Setter)); + + // This is a get/set property which may be overridden by a computed property later. + if (hasComputedProperty) { + // Computed accessors. + if (node->m_type & PropertyNode::Computed) { + RefPtr<RegisterID> propertyName = generator.emitNode(node->m_expression); + generator.emitSetFunctionNameIfNeeded(node->m_assign, value.get(), propertyName.get()); + if (node->m_type & PropertyNode::Getter) + generator.emitPutGetterByVal(dst, propertyName.get(), attributes, value.get()); + else + generator.emitPutSetterByVal(dst, propertyName.get(), attributes, value.get()); continue; } - RefPtr<RegisterID> propertyName = generator.emitNode(p->m_node->m_expression); - generator.emitDirectPutByVal(newObj.get(), propertyName.get(), generator.emitNode(p->m_node->m_assign)); + + if (node->m_type & PropertyNode::Getter) + generator.emitPutGetterById(dst, *node->name(), attributes, value.get()); + else + generator.emitPutSetterById(dst, *node->name(), attributes, value.get()); continue; } - - RegisterID* value = generator.emitNode(node->m_assign); - // This is a get/set property, find its entry in the map. - ASSERT(node->m_type == PropertyNode::Getter || node->m_type == PropertyNode::Setter); + // This is a get/set property pair. GetterSetterMap::iterator it = map.find(node->name()->impl()); ASSERT(it != map.end()); GetterSetterPair& pair = it->value; @@ -325,75 +575,142 @@ RegisterID* PropertyListNode::emitBytecode(BytecodeGenerator& generator, Registe // Was this already generated as a part of its partner? if (pair.second == node) continue; - + // Generate the paired node now. RefPtr<RegisterID> getterReg; RefPtr<RegisterID> setterReg; + RegisterID* secondReg = nullptr; - if (node->m_type == PropertyNode::Getter) { + if (node->m_type & PropertyNode::Getter) { getterReg = value; if (pair.second) { - ASSERT(pair.second->m_type == PropertyNode::Setter); + ASSERT(pair.second->m_type & PropertyNode::Setter); setterReg = generator.emitNode(pair.second->m_assign); + secondReg = setterReg.get(); } else { setterReg = generator.newTemporary(); generator.emitLoad(setterReg.get(), jsUndefined()); } } else { - ASSERT(node->m_type == PropertyNode::Setter); + ASSERT(node->m_type & PropertyNode::Setter); setterReg = value; if (pair.second) { - ASSERT(pair.second->m_type == PropertyNode::Getter); + ASSERT(pair.second->m_type & PropertyNode::Getter); getterReg = generator.emitNode(pair.second->m_assign); + secondReg = getterReg.get(); } else { getterReg = generator.newTemporary(); generator.emitLoad(getterReg.get(), jsUndefined()); } } - generator.emitPutGetterSetter(newObj.get(), *node->name(), getterReg.get(), setterReg.get()); + ASSERT(!pair.second || needsSuperBinding == pair.second->needsSuperBinding()); + if (needsSuperBinding && pair.second) + emitPutHomeObject(generator, secondReg, dst); + + generator.emitPutGetterSetter(dst, *node->name(), attributes, getterReg.get(), setterReg.get()); } } - return generator.moveToDestinationIfNeeded(dst, newObj.get()); + return dst; +} + +void PropertyListNode::emitPutConstantProperty(BytecodeGenerator& generator, RegisterID* newObj, PropertyNode& node) +{ + RefPtr<RegisterID> value = generator.emitNode(node.m_assign); + if (node.needsSuperBinding()) + emitPutHomeObject(generator, value.get(), newObj); + + if (node.isClassProperty()) { + ASSERT(node.needsSuperBinding()); + RefPtr<RegisterID> propertyNameRegister; + if (node.name()) + propertyNameRegister = generator.emitLoad(nullptr, *node.name()); + else + propertyNameRegister = generator.emitNode(node.m_expression); + + generator.emitSetFunctionNameIfNeeded(node.m_assign, value.get(), propertyNameRegister.get()); + generator.emitCallDefineProperty(newObj, propertyNameRegister.get(), value.get(), nullptr, nullptr, BytecodeGenerator::PropertyConfigurable | BytecodeGenerator::PropertyWritable, m_position); + return; + } + if (const auto* identifier = node.name()) { + std::optional<uint32_t> optionalIndex = parseIndex(*identifier); + if (!optionalIndex) { + generator.emitDirectPutById(newObj, *identifier, value.get(), node.putType()); + return; + } + + RefPtr<RegisterID> index = generator.emitLoad(nullptr, jsNumber(optionalIndex.value())); + generator.emitDirectPutByVal(newObj, index.get(), value.get()); + return; + } + RefPtr<RegisterID> propertyName = generator.emitNode(node.m_expression); + generator.emitSetFunctionNameIfNeeded(node.m_assign, value.get(), propertyName.get()); + generator.emitDirectPutByVal(newObj, propertyName.get(), value.get()); } // ------------------------------ BracketAccessorNode -------------------------------- +static bool isNonIndexStringElement(ExpressionNode& element) +{ + return element.isString() && !parseIndex(static_cast<StringNode&>(element).value()); +} + RegisterID* BracketAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (m_base->isResolveNode() - && generator.willResolveToArguments(static_cast<ResolveNode*>(m_base)->identifier()) - && !generator.symbolTable().slowArguments()) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> finalDest = generator.finalDestination(dst); + RefPtr<RegisterID> thisValue = generator.ensureThis(); + RefPtr<RegisterID> superBase = emitSuperBaseForCallee(generator); + + if (isNonIndexStringElement(*m_subscript)) { + const Identifier& id = static_cast<StringNode*>(m_subscript)->value(); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitGetById(finalDest.get(), superBase.get(), thisValue.get(), id); + } else { + RefPtr<RegisterID> subscript = generator.emitNode(m_subscript); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitGetByVal(finalDest.get(), superBase.get(), thisValue.get(), subscript.get()); + } + + generator.emitProfileType(finalDest.get(), divotStart(), divotEnd()); + return finalDest.get(); + } + + RegisterID* ret; + RefPtr<RegisterID> finalDest = generator.finalDestination(dst); + + if (isNonIndexStringElement(*m_subscript)) { + RefPtr<RegisterID> base = generator.emitNode(m_base); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + ret = generator.emitGetById(finalDest.get(), base.get(), static_cast<StringNode*>(m_subscript)->value()); + } else { + RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments, m_subscript->isPure(generator)); RegisterID* property = generator.emitNode(m_subscript); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetArgumentByVal(generator.finalDestination(dst), generator.uncheckedRegisterForArguments(), property); + ret = generator.emitGetByVal(finalDest.get(), base.get(), property); } - RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments, m_subscript->isPure(generator)); - RegisterID* property = generator.emitNode(m_subscript); - generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetByVal(generator.finalDestination(dst), base.get(), property); + generator.emitProfileType(finalDest.get(), divotStart(), divotEnd()); + return ret; } // ------------------------------ DotAccessorNode -------------------------------- RegisterID* DotAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (m_ident == generator.propertyNames().length) { - if (!m_base->isResolveNode()) - goto nonArgumentsPath; - ResolveNode* resolveNode = static_cast<ResolveNode*>(m_base); - if (!generator.willResolveToArguments(resolveNode->identifier())) - goto nonArgumentsPath; - generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetArgumentsLength(generator.finalDestination(dst), generator.uncheckedRegisterForArguments()); - } - -nonArgumentsPath: - RegisterID* base = generator.emitNode(m_base); + bool baseIsSuper = m_base->isSuperNode(); + RefPtr<RegisterID> base = baseIsSuper ? emitSuperBaseForCallee(generator) : generator.emitNode(m_base); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitGetById(generator.finalDestination(dst), base, m_ident); + RegisterID* finalDest = generator.finalDestination(dst); + RegisterID* ret; + if (baseIsSuper) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + ret = generator.emitGetById(finalDest, base.get(), thisValue.get(), m_ident); + } else + ret = generator.emitGetById(finalDest, base.get(), m_ident); + generator.emitProfileType(finalDest, divotStart(), divotEnd()); + return ret; } // ------------------------------ ArgumentListNode ----------------------------- @@ -416,6 +733,7 @@ RegisterID* NewExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* RefPtr<RegisterID> func = generator.emitNode(m_expr); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); CallArguments callArguments(generator, m_args); + generator.emitMove(callArguments.thisRegister(), func.get()); return generator.emitConstruct(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd()); } @@ -423,9 +741,6 @@ CallArguments::CallArguments(BytecodeGenerator& generator, ArgumentsNode* argume : m_argumentsNode(argumentsNode) , m_padding(0) { - if (generator.shouldEmitProfileHooks()) - m_profileHookRegister = generator.newTemporary(); - size_t argumentCountIncludingThis = 1 + additionalArguments; // 'this' register. if (argumentsNode) { for (ArgumentListNode* node = argumentsNode->m_listNode; node; node = node->m_next) @@ -437,6 +752,12 @@ CallArguments::CallArguments(BytecodeGenerator& generator, ArgumentsNode* argume m_argv[i] = generator.newTemporary(); ASSERT(static_cast<size_t>(i) == m_argv.size() - 1 || m_argv[i]->index() == m_argv[i + 1]->index() - 1); } + + // We need to ensure that the frame size is stack-aligned + while ((CallFrame::headerSizeInRegisters + m_argv.size()) % stackAlignmentRegisters()) { + m_argv.insert(0, generator.newTemporary()); + m_padding++; + } while (stackOffset() % stackAlignmentRegisters()) { m_argv.insert(0, generator.newTemporary()); @@ -448,31 +769,81 @@ CallArguments::CallArguments(BytecodeGenerator& generator, ArgumentsNode* argume RegisterID* EvalFunctionCallNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(generator.propertyNames().eval)) { - RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local.get()); + // We need try to load 'this' before call eval in constructor, because 'this' can created by 'super' in some of the arrow function + // var A = class A { + // constructor () { this.id = 'A'; } + // } + // + // var B = class B extend A { + // constructor () { + // var arrow = () => super(); + // arrow(); + // eval("this.id = 'B'"); + // } + // } + if (generator.constructorKind() == ConstructorKind::Extends && generator.needsToUpdateArrowFunctionContext() && generator.isThisUsedInInnerArrowFunction()) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); + + Variable var = generator.variable(generator.propertyNames().eval); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd()); + return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::No); } RefPtr<RegisterID> func = generator.newTemporary(); CallArguments callArguments(generator, m_args); JSTextPosition newDivot = divotStart() + 4; generator.emitExpressionInfo(newDivot, divotStart(), newDivot); - generator.emitResolveScope(callArguments.thisRegister(), generator.propertyNames().eval); - generator.emitGetFromScope(func.get(), callArguments.thisRegister(), generator.propertyNames().eval, ThrowIfNotFound); - return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd()); + generator.moveToDestinationIfNeeded( + callArguments.thisRegister(), + generator.emitResolveScope(callArguments.thisRegister(), var)); + generator.emitGetFromScope(func.get(), callArguments.thisRegister(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, func.get(), nullptr); + return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::No); } // ------------------------------ FunctionCallValueNode ---------------------------------- RegisterID* FunctionCallValueNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { + if (m_expr->isSuperNode()) { + RefPtr<RegisterID> func = emitGetSuperFunctionForConstruct(generator); + RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); + CallArguments callArguments(generator, m_args); + + ASSERT(generator.isConstructor() || generator.derivedContextType() == DerivedContextType::DerivedConstructorContext); + ASSERT(generator.constructorKind() == ConstructorKind::Extends || generator.derivedContextType() == DerivedContextType::DerivedConstructorContext); + generator.emitMove(callArguments.thisRegister(), generator.newTarget()); + RegisterID* ret = generator.emitConstruct(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + + bool isConstructorKindDerived = generator.constructorKind() == ConstructorKind::Extends; + bool doWeUseArrowFunctionInConstructor = isConstructorKindDerived && generator.needsToUpdateArrowFunctionContext(); + + if (generator.isDerivedConstructorContext() || (doWeUseArrowFunctionInConstructor && generator.isSuperCallUsedInInnerArrowFunction())) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); + + Ref<Label> thisIsEmptyLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitIsEmpty(generator.newTemporary(), generator.thisRegister()), thisIsEmptyLabel.get()); + generator.emitThrowReferenceError(ASCIILiteral("'super()' can't be called more than once in a constructor.")); + generator.emitLabel(thisIsEmptyLabel.get()); + + generator.emitMove(generator.thisRegister(), ret); + + if (generator.isDerivedConstructorContext() || doWeUseArrowFunctionInConstructor) + generator.emitPutThisToArrowFunctionContextScope(); + + return ret; + } RefPtr<RegisterID> func = generator.emitNode(m_expr); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - return generator.emitCall(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } // ------------------------------ FunctionCallResolveNode ---------------------------------- @@ -481,14 +852,18 @@ RegisterID* FunctionCallResolveNode::emitBytecode(BytecodeGenerator& generator, { ExpectedFunction expectedFunction = generator.expectedFunctionForIdentifier(m_ident); - if (Local local = generator.local(m_ident)) { - RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local.get()); + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> func = generator.emitMove(generator.tempDestination(dst), local); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, func.get()); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); // This passes NoExpectedFunction because we expect that if the function is in a // local variable, then it's not one of our built-in constructors. - return generator.emitCall(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), func.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } RefPtr<RegisterID> func = generator.newTemporary(); @@ -497,23 +872,291 @@ RegisterID* FunctionCallResolveNode::emitBytecode(BytecodeGenerator& generator, JSTextPosition newDivot = divotStart() + m_ident.length(); generator.emitExpressionInfo(newDivot, divotStart(), newDivot); - generator.emitResolveScope(callArguments.thisRegister(), m_ident); - generator.emitGetFromScope(func.get(), callArguments.thisRegister(), m_ident, ThrowIfNotFound); - return generator.emitCall(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd()); + generator.moveToDestinationIfNeeded( + callArguments.thisRegister(), + generator.emitResolveScope(callArguments.thisRegister(), var)); + generator.emitGetFromScope(func.get(), callArguments.thisRegister(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, func.get(), nullptr); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), func.get(), expectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; +} + +// ------------------------------ BytecodeIntrinsicNode ---------------------------------- + +RegisterID* BytecodeIntrinsicNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + return (this->*m_emitter)(generator, dst); } +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_argument(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + ASSERT(node->m_expr->isNumber()); + double value = static_cast<NumberNode*>(node->m_expr)->value(); + int32_t index = static_cast<int32_t>(value); + ASSERT(value == index); + ASSERT(index >= 0); + ASSERT(!node->m_next); + + // The body functions of generator and async have different mechanism for arguments. + ASSERT(generator.parseMode() != SourceParseMode::GeneratorBodyMode); + ASSERT(!isAsyncFunctionBodyParseMode(generator.parseMode())); + + return generator.emitGetArgument(generator.finalDestination(dst), index); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_argumentCount(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(!m_args->m_listNode); + + return generator.emitUnaryNoDstOp(op_argument_count, generator.finalDestination(dst)); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_assert(BytecodeGenerator& generator, RegisterID* dst) +{ +#ifndef NDEBUG + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> condition = generator.emitNode(node); + generator.emitAssert(condition.get(), node->firstLine()); + return dst; +#else + UNUSED_PARAM(generator); + return dst; +#endif +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_putByValDirect(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> base = generator.emitNode(node); + node = node->m_next; + RefPtr<RegisterID> index = generator.emitNode(node); + node = node->m_next; + RefPtr<RegisterID> value = generator.emitNode(node); + + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitDirectPutByVal(base.get(), index.get(), value.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_tailCallForwardArguments(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> function = generator.emitNode(node); + node = node->m_next; + RefPtr<RegisterID> thisRegister = generator.emitNode(node); + ASSERT(!node->m_next); + + RefPtr<RegisterID> finalDst = generator.finalDestination(dst); + return generator.emitCallForwardArgumentsInTailPosition(finalDst.get(), function.get(), thisRegister.get(), generator.newTemporary(), 0, divot(), divotStart(), divotEnd(), DebuggableCall::No); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_throwTypeError(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + ASSERT(!node->m_next); + if (node->m_expr->isString()) { + const Identifier& ident = static_cast<StringNode*>(node->m_expr)->value(); + generator.emitThrowTypeError(ident); + } else { + RefPtr<RegisterID> message = generator.emitNode(node); + generator.emitThrowStaticError(ErrorType::TypeError, message.get()); + } + return dst; +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_throwRangeError(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + ASSERT(!node->m_next); + if (node->m_expr->isString()) { + const Identifier& ident = static_cast<StringNode*>(node->m_expr)->value(); + generator.emitThrowRangeError(ident); + } else { + RefPtr<RegisterID> message = generator.emitNode(node); + generator.emitThrowStaticError(ErrorType::RangeError, message.get()); + } + + return dst; +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_throwOutOfMemoryError(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(!m_args->m_listNode); + + generator.emitThrowOutOfMemoryError(); + return dst; +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_tryGetById(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> base = generator.emitNode(node); + node = node->m_next; + + // Since this is a builtin we expect the creator to use a string literal as the second argument. + ASSERT(node->m_expr->isString()); + const Identifier& ident = static_cast<StringNode*>(node->m_expr)->value(); + ASSERT(!node->m_next); + + RefPtr<RegisterID> finalDest = generator.finalDestination(dst); + return generator.emitTryGetById(finalDest.get(), base.get(), ident); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_toNumber(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitToNumber(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_toString(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitToString(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isJSArray(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsJSArray(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isProxyObject(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsProxyObject(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isRegExpObject(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsRegExpObject(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isObject(BytecodeGenerator& generator, RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsObject(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isDerivedArray(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsDerivedArray(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isMap(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsMap(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_isSet(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> src = generator.emitNode(node); + ASSERT(!node->m_next); + + return generator.moveToDestinationIfNeeded(dst, generator.emitIsSet(generator.tempDestination(dst), src.get())); +} + +RegisterID* BytecodeIntrinsicNode::emit_intrinsic_newArrayWithSize(JSC::BytecodeGenerator& generator, JSC::RegisterID* dst) +{ + ArgumentListNode* node = m_args->m_listNode; + RefPtr<RegisterID> size = generator.emitNode(node); + ASSERT(!node->m_next); + + RefPtr<RegisterID> finalDestination = generator.finalDestination(dst); + generator.emitNewArrayWithSize(finalDestination.get(), size.get()); + return finalDestination.get(); +} + + +#define JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS(name) \ + RegisterID* BytecodeIntrinsicNode::emit_intrinsic_##name(BytecodeGenerator& generator, RegisterID* dst) \ + { \ + ASSERT(!m_args); \ + ASSERT(type() == Type::Constant); \ + if (dst == generator.ignoredResult()) \ + return nullptr; \ + return generator.emitLoad(dst, generator.vm()->bytecodeIntrinsicRegistry().name##Value(generator)); \ + } + JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_EACH_NAME(JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS) +#undef JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS + // ------------------------------ FunctionCallBracketNode ---------------------------------- RegisterID* FunctionCallBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> base = generator.emitNode(m_base); - RegisterID* property = generator.emitNode(m_subscript); - generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property); + bool baseIsSuper = m_base->isSuperNode(); + bool subscriptIsNonIndexString = isNonIndexStringElement(*m_subscript); + + RefPtr<RegisterID> base; + if (baseIsSuper) + base = emitSuperBaseForCallee(generator); + else { + if (subscriptIsNonIndexString) + base = generator.emitNode(m_base); + else + base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments, m_subscript->isPure(generator)); + } + + RefPtr<RegisterID> function; + RefPtr<RegisterID> thisRegister; + if (baseIsSuper) { + // Note that we only need to do this once because we either have a non-TDZ this or we throw. Once we have a non-TDZ this, we can't change its value back to TDZ. + thisRegister = generator.ensureThis(); + } + if (subscriptIsNonIndexString) { + generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); + if (baseIsSuper) + function = generator.emitGetById(generator.tempDestination(dst), base.get(), thisRegister.get(), static_cast<StringNode*>(m_subscript)->value()); + else + function = generator.emitGetById(generator.tempDestination(dst), base.get(), static_cast<StringNode*>(m_subscript)->value()); + } else { + RefPtr<RegisterID> property = generator.emitNode(m_subscript); + generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); + if (baseIsSuper) + function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), thisRegister.get(), property.get()); + else + function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property.get()); + } + RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); CallArguments callArguments(generator, m_args); - generator.emitMove(callArguments.thisRegister(), base.get()); - return generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + if (baseIsSuper) { + generator.emitTDZCheck(generator.thisRegister()); + generator.emitMove(callArguments.thisRegister(), thisRegister.get()); + } else + generator.emitMove(callArguments.thisRegister(), base.get()); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } // ------------------------------ FunctionCallDotNode ---------------------------------- @@ -523,48 +1166,75 @@ RegisterID* FunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, Regi RefPtr<RegisterID> function = generator.tempDestination(dst); RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); CallArguments callArguments(generator, m_args); - generator.emitNode(callArguments.thisRegister(), m_base); + bool baseIsSuper = m_base->isSuperNode(); + if (baseIsSuper) + generator.emitMove(callArguments.thisRegister(), generator.ensureThis()); + else + generator.emitNode(callArguments.thisRegister(), m_base); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - generator.emitGetById(function.get(), callArguments.thisRegister(), m_ident); - return generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + if (baseIsSuper) { + RefPtr<RegisterID> superBase = emitSuperBaseForCallee(generator); + generator.emitGetById(function.get(), superBase.get(), callArguments.thisRegister(), m_ident); + } else + generator.emitGetById(function.get(), callArguments.thisRegister(), m_ident); + RegisterID* ret = generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); + return ret; } RegisterID* CallFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<Label> realCall = generator.newLabel(); - RefPtr<Label> end = generator.newLabel(); + Ref<Label> realCall = generator.newLabel(); + Ref<Label> end = generator.newLabel(); RefPtr<RegisterID> base = generator.emitNode(m_base); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); - RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); - generator.emitJumpIfNotFunctionCall(function.get(), realCall.get()); + RefPtr<RegisterID> function; + bool emitCallCheck = !generator.isBuiltinFunction(); + if (emitCallCheck) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + function = generator.emitGetById(generator.tempDestination(dst), base.get(), thisValue.get(), generator.propertyNames().builtinNames().callPublicName()); + } else + function = generator.emitGetById(generator.tempDestination(dst), base.get(), generator.propertyNames().builtinNames().callPublicName()); + generator.emitJumpIfNotFunctionCall(function.get(), realCall.get()); + } + RefPtr<RegisterID> returnValue = generator.finalDestination(dst); { - if (m_args->m_listNode && m_args->m_listNode->m_expr) { + if (m_args->m_listNode && m_args->m_listNode->m_expr && m_args->m_listNode->m_expr->isSpreadExpression()) { + SpreadExpressionNode* spread = static_cast<SpreadExpressionNode*>(m_args->m_listNode->m_expr); + ExpressionNode* subject = spread->expression(); + RefPtr<RegisterID> argumentsRegister; + argumentsRegister = generator.emitNode(subject); + generator.emitExpressionInfo(spread->divot(), spread->divotStart(), spread->divotEnd()); + RefPtr<RegisterID> thisRegister = generator.emitGetByVal(generator.newTemporary(), argumentsRegister.get(), generator.emitLoad(0, jsNumber(0))); + generator.emitCallVarargsInTailPosition(returnValue.get(), base.get(), thisRegister.get(), argumentsRegister.get(), generator.newTemporary(), 1, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + } else if (m_args->m_listNode && m_args->m_listNode->m_expr) { ArgumentListNode* oldList = m_args->m_listNode; m_args->m_listNode = m_args->m_listNode->m_next; RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); CallArguments callArguments(generator, m_args); generator.emitNode(callArguments.thisRegister(), oldList->m_expr); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - generator.emitJump(end.get()); - + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); m_args->m_listNode = oldList; } else { RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); CallArguments callArguments(generator, m_args); generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - generator.emitJump(end.get()); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } } - generator.emitLabel(realCall.get()); - { - CallArguments callArguments(generator, m_args); - generator.emitMove(callArguments.thisRegister(), base.get()); - generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + if (emitCallCheck) { + generator.emitJump(end.get()); + generator.emitLabel(realCall.get()); + { + CallArguments callArguments(generator, m_args); + generator.emitMove(callArguments.thisRegister(), base.get()); + generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + } + generator.emitLabel(end.get()); } - generator.emitLabel(end.get()); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); return returnValue.get(); } @@ -581,69 +1251,96 @@ RegisterID* ApplyFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, // function.apply(thisArg, [arg0, arg1, ...]) -> can be trivially coerced into function.call(thisArg, arg0, arg1, ...) and saves object allocation bool mayBeCall = areTrivialApplyArguments(m_args); - RefPtr<Label> realCall = generator.newLabel(); - RefPtr<Label> end = generator.newLabel(); + Ref<Label> realCall = generator.newLabel(); + Ref<Label> end = generator.newLabel(); RefPtr<RegisterID> base = generator.emitNode(m_base); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); + RefPtr<RegisterID> function; RefPtr<RegisterID> returnValue = generator.finalDestination(dst, function.get()); - generator.emitJumpIfNotFunctionApply(function.get(), realCall.get()); - { - if (mayBeCall) { - if (m_args->m_listNode && m_args->m_listNode->m_expr) { - ArgumentListNode* oldList = m_args->m_listNode; - if (m_args->m_listNode->m_next) { - ASSERT(m_args->m_listNode->m_next->m_expr->isSimpleArray()); - ASSERT(!m_args->m_listNode->m_next->m_next); - m_args->m_listNode = static_cast<ArrayNode*>(m_args->m_listNode->m_next->m_expr)->toArgumentList(generator.vm(), 0, 0); - RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); - CallArguments callArguments(generator, m_args); - generator.emitNode(callArguments.thisRegister(), oldList->m_expr); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - } else { - m_args->m_listNode = m_args->m_listNode->m_next; - RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); - CallArguments callArguments(generator, m_args); - generator.emitNode(callArguments.thisRegister(), oldList->m_expr); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); - } - m_args->m_listNode = oldList; + bool emitCallCheck = !generator.isBuiltinFunction(); + if (emitCallCheck) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + function = generator.emitGetById(generator.tempDestination(dst), base.get(), thisValue.get(), generator.propertyNames().builtinNames().applyPublicName()); + } else + function = generator.emitGetById(generator.tempDestination(dst), base.get(), generator.propertyNames().builtinNames().applyPublicName()); + generator.emitJumpIfNotFunctionApply(function.get(), realCall.get()); + } + if (mayBeCall) { + if (m_args->m_listNode && m_args->m_listNode->m_expr) { + ArgumentListNode* oldList = m_args->m_listNode; + if (m_args->m_listNode->m_expr->isSpreadExpression()) { + SpreadExpressionNode* spread = static_cast<SpreadExpressionNode*>(m_args->m_listNode->m_expr); + RefPtr<RegisterID> realFunction = generator.emitMove(generator.newTemporary(), base.get()); + RefPtr<RegisterID> index = generator.emitLoad(generator.newTemporary(), jsNumber(0)); + RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsUndefined()); + RefPtr<RegisterID> argumentsRegister = generator.emitLoad(generator.newTemporary(), jsUndefined()); + + auto extractor = [&thisRegister, &argumentsRegister, &index](BytecodeGenerator& generator, RegisterID* value) + { + Ref<Label> haveThis = generator.newLabel(); + Ref<Label> end = generator.newLabel(); + RefPtr<RegisterID> compareResult = generator.newTemporary(); + RefPtr<RegisterID> indexZeroCompareResult = generator.emitBinaryOp(op_eq, compareResult.get(), index.get(), generator.emitLoad(0, jsNumber(0)), OperandTypes(ResultType::numberTypeIsInt32(), ResultType::numberTypeIsInt32())); + generator.emitJumpIfFalse(indexZeroCompareResult.get(), haveThis.get()); + generator.emitMove(thisRegister.get(), value); + generator.emitLoad(index.get(), jsNumber(1)); + generator.emitJump(end.get()); + generator.emitLabel(haveThis.get()); + RefPtr<RegisterID> indexOneCompareResult = generator.emitBinaryOp(op_eq, compareResult.get(), index.get(), generator.emitLoad(0, jsNumber(1)), OperandTypes(ResultType::numberTypeIsInt32(), ResultType::numberTypeIsInt32())); + generator.emitJumpIfFalse(indexOneCompareResult.get(), end.get()); + generator.emitMove(argumentsRegister.get(), value); + generator.emitLoad(index.get(), jsNumber(2)); + generator.emitLabel(end.get()); + }; + generator.emitEnumeration(this, spread->expression(), extractor); + generator.emitCallVarargsInTailPosition(returnValue.get(), realFunction.get(), thisRegister.get(), argumentsRegister.get(), generator.newTemporary(), 0, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + } else if (m_args->m_listNode->m_next) { + ASSERT(m_args->m_listNode->m_next->m_expr->isSimpleArray()); + ASSERT(!m_args->m_listNode->m_next->m_next); + m_args->m_listNode = static_cast<ArrayNode*>(m_args->m_listNode->m_next->m_expr)->toArgumentList(generator.parserArena(), 0, 0); + RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); + CallArguments callArguments(generator, m_args); + generator.emitNode(callArguments.thisRegister(), oldList->m_expr); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } else { + m_args->m_listNode = m_args->m_listNode->m_next; RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); CallArguments callArguments(generator, m_args); - generator.emitLoad(callArguments.thisRegister(), jsUndefined()); - generator.emitCall(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + generator.emitNode(callArguments.thisRegister(), oldList->m_expr); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } + m_args->m_listNode = oldList; } else { - ASSERT(m_args->m_listNode && m_args->m_listNode->m_next); - RefPtr<RegisterID> profileHookRegister; - if (generator.shouldEmitProfileHooks()) - profileHookRegister = generator.newTemporary(); RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); - RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr); - RefPtr<RegisterID> argsRegister; - ArgumentListNode* args = m_args->m_listNode->m_next; - if (args->m_expr->isResolveNode() && generator.willResolveToArguments(static_cast<ResolveNode*>(args->m_expr)->identifier())) - argsRegister = generator.uncheckedRegisterForArguments(); - else - argsRegister = generator.emitNode(args->m_expr); - - // Function.prototype.apply ignores extra arguments, but we still - // need to evaluate them for side effects. - while ((args = args->m_next)) - generator.emitNode(args->m_expr); - - generator.emitCallVarargs(returnValue.get(), realFunction.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), profileHookRegister.get(), divot(), divotStart(), divotEnd()); + CallArguments callArguments(generator, m_args); + generator.emitLoad(callArguments.thisRegister(), jsUndefined()); + generator.emitCallInTailPosition(returnValue.get(), realFunction.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } - generator.emitJump(end.get()); + } else { + ASSERT(m_args->m_listNode && m_args->m_listNode->m_next); + RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get()); + RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr); + RefPtr<RegisterID> argsRegister; + ArgumentListNode* args = m_args->m_listNode->m_next; + argsRegister = generator.emitNode(args->m_expr); + + // Function.prototype.apply ignores extra arguments, but we still + // need to evaluate them for side effects. + while ((args = args->m_next)) + generator.emitNode(args->m_expr); + + generator.emitCallVarargsInTailPosition(returnValue.get(), realFunction.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), 0, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); } - generator.emitLabel(realCall.get()); - { + if (emitCallCheck) { + generator.emitJump(end.get()); + generator.emitLabel(realCall.get()); CallArguments callArguments(generator, m_args); generator.emitMove(callArguments.thisRegister(), base.get()); - generator.emitCall(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd()); + generator.emitCallInTailPosition(returnValue.get(), function.get(), NoExpectedFunction, callArguments, divot(), divotStart(), divotEnd(), DebuggableCall::Yes); + generator.emitLabel(end.get()); } - generator.emitLabel(end.get()); + generator.emitProfileType(returnValue.get(), divotStart(), divotEnd()); return returnValue.get(); } @@ -672,30 +1369,35 @@ RegisterID* PostfixNode::emitResolve(BytecodeGenerator& generator, RegisterID* d ResolveNode* resolve = static_cast<ResolveNode*>(m_expr); const Identifier& ident = resolve->identifier(); - if (Local local = generator.local(ident)) { - RegisterID* localReg = local.get(); - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - localReg = generator.emitMove(generator.tempDestination(dst), localReg); - } - if (local.isCaptured()) { - RefPtr<RegisterID> tempDst = generator.finalDestination(dst); - ASSERT(dst != localReg); - RefPtr<RegisterID> tempDstSrc = generator.newTemporary(); - generator.emitToNumber(tempDst.get(), localReg); - generator.emitMove(tempDstSrc.get(), localReg); - emitIncOrDec(generator, tempDstSrc.get(), m_operator); - generator.emitMove(localReg, tempDstSrc.get()); - return tempDst.get(); + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> localReg = local; + if (var.isReadOnly()) { + generator.emitReadOnlyExceptionIfNeeded(var); + localReg = generator.emitMove(generator.tempDestination(dst), local); } - return emitPostIncOrDec(generator, generator.finalDestination(dst), localReg, m_operator); + generator.invalidateForInContextForLocal(local); + RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), localReg.get(), m_operator); + generator.emitProfileType(localReg.get(), var, divotStart(), divotEnd()); + return oldValue.get(); } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); + if (var.isReadOnly()) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return value.get(); + } RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), value.get(), m_operator); - generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound); + if (!var.isReadOnly()) { + generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(value.get(), var, divotStart(), divotEnd()); + } + return oldValue.get(); } @@ -713,10 +1415,20 @@ RegisterID* PostfixNode::emitBracket(BytecodeGenerator& generator, RegisterID* d RefPtr<RegisterID> property = generator.emitNode(subscript); generator.emitExpressionInfo(bracketAccessor->divot(), bracketAccessor->divotStart(), bracketAccessor->divotEnd()); - RefPtr<RegisterID> value = generator.emitGetByVal(generator.newTemporary(), base.get(), property.get()); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (baseNode->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetByVal(generator.newTemporary(), base.get(), thisValue.get(), property.get()); + } else + value = generator.emitGetByVal(generator.newTemporary(), base.get(), property.get()); RegisterID* oldValue = emitPostIncOrDec(generator, generator.tempDestination(dst), value.get(), m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutByVal(base.get(), property.get(), value.get()); + if (baseNode->isSuperNode()) + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), value.get()); + else + generator.emitPutByVal(base.get(), property.get(), value.get()); + generator.emitProfileType(value.get(), divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, oldValue); } @@ -728,15 +1440,26 @@ RegisterID* PostfixNode::emitDot(BytecodeGenerator& generator, RegisterID* dst) ASSERT(m_expr->isDotAccessorNode()); DotAccessorNode* dotAccessor = static_cast<DotAccessorNode*>(m_expr); ExpressionNode* baseNode = dotAccessor->base(); + bool baseIsSuper = baseNode->isSuperNode(); const Identifier& ident = dotAccessor->identifier(); RefPtr<RegisterID> base = generator.emitNode(baseNode); generator.emitExpressionInfo(dotAccessor->divot(), dotAccessor->divotStart(), dotAccessor->divotEnd()); - RefPtr<RegisterID> value = generator.emitGetById(generator.newTemporary(), base.get(), ident); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (baseIsSuper) { + thisValue = generator.ensureThis(); + value = generator.emitGetById(generator.newTemporary(), base.get(), thisValue.get(), ident); + } else + value = generator.emitGetById(generator.newTemporary(), base.get(), ident); RegisterID* oldValue = emitPostIncOrDec(generator, generator.tempDestination(dst), value.get(), m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutById(base.get(), ident, value.get()); + if (baseIsSuper) + generator.emitPutById(base.get(), thisValue.get(), ident, value.get()); + else + generator.emitPutById(base.get(), ident, value.get()); + generator.emitProfileType(value.get(), divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, oldValue); } @@ -752,19 +1475,23 @@ RegisterID* PostfixNode::emitBytecode(BytecodeGenerator& generator, RegisterID* return emitDot(generator, dst); return emitThrowReferenceError(generator, m_operator == OpPlusPlus - ? "Postfix ++ operator applied to value that is not a reference." - : "Postfix -- operator applied to value that is not a reference."); + ? ASCIILiteral("Postfix ++ operator applied to value that is not a reference.") + : ASCIILiteral("Postfix -- operator applied to value that is not a reference.")); } // ------------------------------ DeleteResolveNode ----------------------------------- RegisterID* DeleteResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (generator.local(m_ident).get()) + Variable var = generator.variable(m_ident); + if (var.local()) { + generator.emitTDZCheckIfNecessary(var, var.local(), nullptr); return generator.emitLoad(generator.finalDestination(dst), false); + } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> base = generator.emitResolveScope(generator.tempDestination(dst), m_ident); + RefPtr<RegisterID> base = generator.emitResolveScope(dst, var); + generator.emitTDZCheckIfNecessary(var, nullptr, base.get()); return generator.emitDeleteById(generator.finalDestination(dst, base.get()), base.get(), m_ident); } @@ -773,20 +1500,24 @@ RegisterID* DeleteResolveNode::emitBytecode(BytecodeGenerator& generator, Regist RegisterID* DeleteBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> r0 = generator.emitNode(m_base); - RegisterID* r1 = generator.emitNode(m_subscript); + RefPtr<RegisterID> r1 = generator.emitNode(m_subscript); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitDeleteByVal(generator.finalDestination(dst), r0.get(), r1); + if (m_base->isSuperNode()) + return emitThrowReferenceError(generator, "Cannot delete a super property"); + return generator.emitDeleteByVal(generator.finalDestination(dst), r0.get(), r1.get()); } // ------------------------------ DeleteDotNode ----------------------------------- RegisterID* DeleteDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RegisterID* r0 = generator.emitNode(m_base); + RefPtr<RegisterID> r0 = generator.emitNode(m_base); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitDeleteById(generator.finalDestination(dst), r0, m_ident); + if (m_base->isSuperNode()) + return emitThrowReferenceError(generator, "Cannot delete a super property"); + return generator.emitDeleteById(generator.finalDestination(dst), r0.get(), m_ident); } // ------------------------------ DeleteValueNode ----------------------------------- @@ -811,18 +1542,21 @@ RegisterID* VoidNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst return generator.emitLoad(dst, jsUndefined()); } -// ------------------------------ TypeOfValueNode ----------------------------------- +// ------------------------------ TypeOfResolveNode ----------------------------------- RegisterID* TypeOfResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); if (dst == generator.ignoredResult()) return 0; - return generator.emitTypeOf(generator.finalDestination(dst), local.get()); + return generator.emitTypeOf(generator.finalDestination(dst), local); } - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), m_ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, DoNotThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, DoNotThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); if (dst == generator.ignoredResult()) return 0; return generator.emitTypeOf(generator.finalDestination(dst, scope.get()), value.get()); @@ -848,28 +1582,42 @@ RegisterID* PrefixNode::emitResolve(BytecodeGenerator& generator, RegisterID* ds ResolveNode* resolve = static_cast<ResolveNode*>(m_expr); const Identifier& ident = resolve->identifier(); - if (Local local = generator.local(ident)) { - RegisterID* localReg = local.get(); - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - localReg = generator.emitMove(generator.tempDestination(dst), localReg); - } - if (local.isCaptured()) { + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + RefPtr<RegisterID> localReg = local; + if (var.isReadOnly()) { + generator.emitReadOnlyExceptionIfNeeded(var); + localReg = generator.emitMove(generator.tempDestination(dst), localReg.get()); + } else if (generator.vm()->typeProfiler()) { + generator.invalidateForInContextForLocal(local); RefPtr<RegisterID> tempDst = generator.tempDestination(dst); - generator.emitMove(tempDst.get(), localReg); + generator.emitMove(tempDst.get(), localReg.get()); emitIncOrDec(generator, tempDst.get(), m_operator); - generator.emitMove(localReg, tempDst.get()); + generator.emitMove(localReg.get(), tempDst.get()); + generator.emitProfileType(localReg.get(), var, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, tempDst.get()); } - emitIncOrDec(generator, localReg, m_operator); - return generator.moveToDestinationIfNeeded(dst, localReg); + generator.invalidateForInContextForLocal(local); + emitIncOrDec(generator, localReg.get(), m_operator); + return generator.moveToDestinationIfNeeded(dst, localReg.get()); } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.tempDestination(dst), ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(dst, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); + if (var.isReadOnly()) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return value.get(); + } + emitIncOrDec(generator, value.get(), m_operator); - generator.emitPutToScope(scope.get(), ident, value.get(), ThrowIfNotFound); + if (!var.isReadOnly()) { + generator.emitPutToScope(scope.get(), var, value.get(), ThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(value.get(), var, divotStart(), divotEnd()); + } return generator.moveToDestinationIfNeeded(dst, value.get()); } @@ -885,10 +1633,20 @@ RegisterID* PrefixNode::emitBracket(BytecodeGenerator& generator, RegisterID* ds RefPtr<RegisterID> propDst = generator.tempDestination(dst); generator.emitExpressionInfo(bracketAccessor->divot(), bracketAccessor->divotStart(), bracketAccessor->divotEnd()); - RegisterID* value = generator.emitGetByVal(propDst.get(), base.get(), property.get()); + RegisterID* value; + RefPtr<RegisterID> thisValue; + if (baseNode->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetByVal(propDst.get(), base.get(), thisValue.get(), property.get()); + } else + value = generator.emitGetByVal(propDst.get(), base.get(), property.get()); emitIncOrDec(generator, value, m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutByVal(base.get(), property.get(), value); + if (baseNode->isSuperNode()) + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), value); + else + generator.emitPutByVal(base.get(), property.get(), value); + generator.emitProfileType(value, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, propDst.get()); } @@ -903,10 +1661,20 @@ RegisterID* PrefixNode::emitDot(BytecodeGenerator& generator, RegisterID* dst) RefPtr<RegisterID> propDst = generator.tempDestination(dst); generator.emitExpressionInfo(dotAccessor->divot(), dotAccessor->divotStart(), dotAccessor->divotEnd()); - RegisterID* value = generator.emitGetById(propDst.get(), base.get(), ident); + RegisterID* value; + RefPtr<RegisterID> thisValue; + if (baseNode->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetById(propDst.get(), base.get(), thisValue.get(), ident); + } else + value = generator.emitGetById(propDst.get(), base.get(), ident); emitIncOrDec(generator, value, m_operator); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutById(base.get(), ident, value); + if (baseNode->isSuperNode()) + generator.emitPutById(base.get(), thisValue.get(), ident, value); + else + generator.emitPutById(base.get(), ident, value); + generator.emitProfileType(value, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, propDst.get()); } @@ -922,33 +1690,46 @@ RegisterID* PrefixNode::emitBytecode(BytecodeGenerator& generator, RegisterID* d return emitDot(generator, dst); return emitThrowReferenceError(generator, m_operator == OpPlusPlus - ? "Prefix ++ operator applied to value that is not a reference." - : "Prefix -- operator applied to value that is not a reference."); + ? ASCIILiteral("Prefix ++ operator applied to value that is not a reference.") + : ASCIILiteral("Prefix -- operator applied to value that is not a reference.")); } // ------------------------------ Unary Operation Nodes ----------------------------------- RegisterID* UnaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RegisterID* src = generator.emitNode(m_expr); + RefPtr<RegisterID> src = generator.emitNode(m_expr); generator.emitExpressionInfo(position(), position(), position()); - return generator.emitUnaryOp(opcodeID(), generator.finalDestination(dst), src); + return generator.emitUnaryOp(opcodeID(), generator.finalDestination(dst), src.get(), OperandTypes(m_expr->resultDescriptor())); +} + +// ------------------------------ UnaryPlusNode ----------------------------------- + +RegisterID* UnaryPlusNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(opcodeID() == op_to_number); + RefPtr<RegisterID> src = generator.emitNode(expr()); + generator.emitExpressionInfo(position(), position(), position()); + return generator.emitToNumber(generator.finalDestination(dst), src.get()); } // ------------------------------ BitwiseNotNode ----------------------------------- RegisterID* BitwiseNotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> src2 = generator.emitLoad(generator.newTemporary(), jsNumber(-1)); - RegisterID* src1 = generator.emitNode(m_expr); - return generator.emitBinaryOp(op_bitxor, generator.finalDestination(dst, src1), src1, src2.get(), OperandTypes(m_expr->resultDescriptor(), ResultType::numberTypeIsInt32())); + RefPtr<RegisterID> src2 = generator.emitLoad(nullptr, jsNumber(-1)); + RefPtr<RegisterID> src1 = generator.emitNode(m_expr); + return generator.emitBinaryOp(op_bitxor, generator.finalDestination(dst, src1.get()), src1.get(), src2.get(), OperandTypes(m_expr->resultDescriptor(), ResultType::numberTypeIsInt32())); } // ------------------------------ LogicalNotNode ----------------------------------- -void LogicalNotNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void LogicalNotNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { - // reverse the true and false targets + if (UNLIKELY(needsDebugHook())) + generator.emitDebugHook(this); + + // Reverse the true and false targets. generator.emitNodeInConditionContext(expr(), falseTarget, trueTarget, invert(fallThroughMode)); } @@ -1072,12 +1853,17 @@ RegisterID* BinaryOpNode::emitStrcat(BytecodeGenerator& generator, RegisterID* d return generator.emitStrcat(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get(), temporaryRegisters.size()); } -void BinaryOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void BinaryOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { TriState branchCondition; ExpressionNode* branchExpression; tryFoldToBranch(generator, branchCondition, branchExpression); + if (UNLIKELY(needsDebugHook())) { + if (branchCondition != MixedTriState) + generator.emitDebugHook(this); + } + if (branchCondition == MixedTriState) ExpressionNode::emitBytecodeInConditionContext(generator, trueTarget, falseTarget, fallThroughMode); else if (branchCondition == TrueTriState) @@ -1155,20 +1941,20 @@ RegisterID* BinaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* } RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(left, m_rightHasAssignments, right->isPure(generator)); - bool wasTypeof = generator.m_lastOpcodeID == op_typeof; - RegisterID* src2 = generator.emitNode(right); + bool wasTypeof = generator.lastOpcodeID() == op_typeof; + RefPtr<RegisterID> src2 = generator.emitNode(right); generator.emitExpressionInfo(position(), position(), position()); if (wasTypeof && (opcodeID == op_neq || opcodeID == op_nstricteq)) { RefPtr<RegisterID> tmp = generator.tempDestination(dst); if (opcodeID == op_neq) - generator.emitEqualityOp(op_eq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2); + generator.emitEqualityOp(op_eq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2.get()); else if (opcodeID == op_nstricteq) - generator.emitEqualityOp(op_stricteq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2); + generator.emitEqualityOp(op_stricteq, generator.finalDestination(tmp.get(), src1.get()), src1.get(), src2.get()); else RELEASE_ASSERT_NOT_REACHED(); return generator.emitUnaryOp(op_not, generator.finalDestination(dst, tmp.get()), tmp.get()); } - RegisterID* result = generator.emitBinaryOp(opcodeID, generator.finalDestination(dst, src1.get()), src1.get(), src2, OperandTypes(left->resultDescriptor(), right->resultDescriptor())); + RegisterID* result = generator.emitBinaryOp(opcodeID, generator.finalDestination(dst, src1.get()), src1.get(), src2.get(), OperandTypes(left->resultDescriptor(), right->resultDescriptor())); if (opcodeID == op_urshift && dst != generator.ignoredResult()) return generator.emitUnaryOp(op_unsigned, result, result); return result; @@ -1188,8 +1974,8 @@ RegisterID* EqualNode::emitBytecode(BytecodeGenerator& generator, RegisterID* ds std::swap(left, right); RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(left, m_rightHasAssignments, m_expr2->isPure(generator)); - RegisterID* src2 = generator.emitNode(right); - return generator.emitEqualityOp(op_eq, generator.finalDestination(dst, src1.get()), src1.get(), src2); + RefPtr<RegisterID> src2 = generator.emitNode(right); + return generator.emitEqualityOp(op_eq, generator.finalDestination(dst, src1.get()), src1.get(), src2.get()); } RegisterID* StrictEqualNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) @@ -1200,59 +1986,100 @@ RegisterID* StrictEqualNode::emitBytecode(BytecodeGenerator& generator, Register std::swap(left, right); RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(left, m_rightHasAssignments, m_expr2->isPure(generator)); - RegisterID* src2 = generator.emitNode(right); - return generator.emitEqualityOp(op_stricteq, generator.finalDestination(dst, src1.get()), src1.get(), src2); + RefPtr<RegisterID> src2 = generator.emitNode(right); + return generator.emitEqualityOp(op_stricteq, generator.finalDestination(dst, src1.get()), src1.get(), src2.get()); } RegisterID* ThrowableBinaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); - RegisterID* src2 = generator.emitNode(m_expr2); + RefPtr<RegisterID> src2 = generator.emitNode(m_expr2); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitBinaryOp(opcodeID(), generator.finalDestination(dst, src1.get()), src1.get(), src2, OperandTypes(m_expr1->resultDescriptor(), m_expr2->resultDescriptor())); + return generator.emitBinaryOp(opcodeID(), generator.finalDestination(dst, src1.get()), src1.get(), src2.get(), OperandTypes(m_expr1->resultDescriptor(), m_expr2->resultDescriptor())); } RegisterID* InstanceOfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); - RefPtr<RegisterID> src2 = generator.emitNode(m_expr2); + RefPtr<RegisterID> hasInstanceValue = generator.newTemporary(); + RefPtr<RegisterID> isObject = generator.newTemporary(); + RefPtr<RegisterID> isCustom = generator.newTemporary(); RefPtr<RegisterID> prototype = generator.newTemporary(); - RefPtr<RegisterID> dstReg = generator.finalDestination(dst, src1.get()); - RefPtr<Label> target = generator.newLabel(); + RefPtr<RegisterID> value = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); + RefPtr<RegisterID> constructor = generator.emitNode(m_expr2); + RefPtr<RegisterID> dstReg = generator.finalDestination(dst, value.get()); + Ref<Label> custom = generator.newLabel(); + Ref<Label> done = generator.newLabel(); + Ref<Label> typeError = generator.newLabel(); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitCheckHasInstance(dstReg.get(), src1.get(), src2.get(), target.get()); + generator.emitIsObject(isObject.get(), constructor.get()); + generator.emitJumpIfFalse(isObject.get(), typeError.get()); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitGetById(prototype.get(), src2.get(), generator.vm()->propertyNames->prototype); + generator.emitGetById(hasInstanceValue.get(), constructor.get(), generator.vm()->propertyNames->hasInstanceSymbol); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* result = generator.emitInstanceOf(dstReg.get(), src1.get(), prototype.get()); - generator.emitLabel(target.get()); - return result; + generator.emitOverridesHasInstance(isCustom.get(), constructor.get(), hasInstanceValue.get()); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitJumpIfTrue(isCustom.get(), custom.get()); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitGetById(prototype.get(), constructor.get(), generator.vm()->propertyNames->prototype); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitInstanceOf(dstReg.get(), value.get(), prototype.get()); + + generator.emitJump(done.get()); + + generator.emitLabel(typeError.get()); + generator.emitThrowTypeError("Right hand side of instanceof is not an object"); + + generator.emitLabel(custom.get()); + + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + generator.emitInstanceOfCustom(dstReg.get(), value.get(), constructor.get(), hasInstanceValue.get()); + + generator.emitLabel(done.get()); + + return dstReg.get(); +} + +// ------------------------------ InNode ---------------------------- + +RegisterID* InNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RefPtr<RegisterID> key = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator)); + RefPtr<RegisterID> base = generator.emitNode(m_expr2); + generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); + return generator.emitIn(generator.finalDestination(dst, key.get()), key.get(), base.get()); } + // ------------------------------ LogicalOpNode ---------------------------- RegisterID* LogicalOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> temp = generator.tempDestination(dst); - RefPtr<Label> target = generator.newLabel(); + Ref<Label> target = generator.newLabel(); generator.emitNode(temp.get(), m_expr1); if (m_operator == OpLogicalAnd) generator.emitJumpIfFalse(temp.get(), target.get()); else generator.emitJumpIfTrue(temp.get(), target.get()); - generator.emitNode(temp.get(), m_expr2); + generator.emitNodeInTailPosition(temp.get(), m_expr2); generator.emitLabel(target.get()); return generator.moveToDestinationIfNeeded(dst, temp.get()); } -void LogicalOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label* trueTarget, Label* falseTarget, FallThroughMode fallThroughMode) +void LogicalOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, Label& trueTarget, Label& falseTarget, FallThroughMode fallThroughMode) { - RefPtr<Label> afterExpr1 = generator.newLabel(); + if (UNLIKELY(needsDebugHook())) + generator.emitDebugHook(this); + + Ref<Label> afterExpr1 = generator.newLabel(); if (m_operator == OpLogicalAnd) generator.emitNodeInConditionContext(m_expr1, afterExpr1.get(), falseTarget, FallThroughMeansTrue); else @@ -1267,21 +2094,25 @@ void LogicalOpNode::emitBytecodeInConditionContext(BytecodeGenerator& generator, RegisterID* ConditionalNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> newDst = generator.finalDestination(dst); - RefPtr<Label> beforeElse = generator.newLabel(); - RefPtr<Label> afterElse = generator.newLabel(); + Ref<Label> beforeElse = generator.newLabel(); + Ref<Label> afterElse = generator.newLabel(); - RefPtr<Label> beforeThen = generator.newLabel(); + Ref<Label> beforeThen = generator.newLabel(); generator.emitNodeInConditionContext(m_logical, beforeThen.get(), beforeElse.get(), FallThroughMeansTrue); generator.emitLabel(beforeThen.get()); - generator.emitNode(newDst.get(), m_expr1); + generator.emitProfileControlFlow(m_expr1->startOffset()); + generator.emitNodeInTailPosition(newDst.get(), m_expr1); generator.emitJump(afterElse.get()); generator.emitLabel(beforeElse.get()); - generator.emitNode(newDst.get(), m_expr2); + generator.emitProfileControlFlow(m_expr1->endOffset() + 1); + generator.emitNodeInTailPosition(newDst.get(), m_expr2); generator.emitLabel(afterElse.get()); + generator.emitProfileControlFlow(m_expr2->endOffset() + 1); + return newDst.get(); } @@ -1327,6 +2158,9 @@ static ALWAYS_INLINE RegisterID* emitReadModifyAssignment(BytecodeGenerator& gen case OpModEq: opcodeID = op_mod; break; + case OpPowEq: + opcodeID = op_pow; + break; default: RELEASE_ASSERT_NOT_REACHED(); return dst; @@ -1346,60 +2180,124 @@ static ALWAYS_INLINE RegisterID* emitReadModifyAssignment(BytecodeGenerator& gen RegisterID* ReadModifyResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - return emitReadModifyAssignment(generator, generator.finalDestination(dst), local.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + JSTextPosition newDivot = divotStart() + m_ident.length(); + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + if (var.isReadOnly()) { + generator.emitReadOnlyExceptionIfNeeded(var); + RegisterID* result = emitReadModifyAssignment(generator, generator.finalDestination(dst), local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + generator.emitProfileType(result, divotStart(), divotEnd()); + return result; } - if (local.isCaptured() - || generator.leftHandSideNeedsCopy(m_rightHasAssignments, m_right->isPure(generator))) { + if (generator.leftHandSideNeedsCopy(m_rightHasAssignments, m_right->isPure(generator))) { RefPtr<RegisterID> result = generator.newTemporary(); - generator.emitMove(result.get(), local.get()); + generator.emitMove(result.get(), local); emitReadModifyAssignment(generator, result.get(), result.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); - generator.emitMove(local.get(), result.get()); + generator.emitMove(local, result.get()); + generator.invalidateForInContextForLocal(local); + generator.emitProfileType(local, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, result.get()); } - RegisterID* result = emitReadModifyAssignment(generator, local.get(), local.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + RegisterID* result = emitReadModifyAssignment(generator, local, local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + generator.invalidateForInContextForLocal(local); + generator.emitProfileType(result, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, result); } - JSTextPosition newDivot = divotStart() + m_ident.length(); generator.emitExpressionInfo(newDivot, divotStart(), newDivot); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident); - RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), m_ident, ThrowIfNotFound); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + generator.emitTDZCheckIfNecessary(var, value.get(), nullptr); + if (var.isReadOnly()) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return value.get(); + } RefPtr<RegisterID> result = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()), this); - return generator.emitPutToScope(scope.get(), m_ident, result.get(), ThrowIfNotFound); + RegisterID* returnResult = result.get(); + if (!var.isReadOnly()) { + returnResult = generator.emitPutToScope(scope.get(), var, result.get(), ThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(result.get(), var, divotStart(), divotEnd()); + } + return returnResult; +} + +static InitializationMode initializationModeForAssignmentContext(AssignmentContext assignmentContext) +{ + switch (assignmentContext) { + case AssignmentContext::DeclarationStatement: + return InitializationMode::Initialization; + case AssignmentContext::ConstDeclarationStatement: + return InitializationMode::ConstInitialization; + case AssignmentContext::AssignmentExpression: + return InitializationMode::NotInitialization; + } + + ASSERT_NOT_REACHED(); + return InitializationMode::NotInitialization; } // ------------------------------ AssignResolveNode ----------------------------------- RegisterID* AssignResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (Local local = generator.local(m_ident)) { - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); - return generator.emitNode(dst, m_right); - } - if (local.isCaptured()) { + Variable var = generator.variable(m_ident); + bool isReadOnly = var.isReadOnly() && m_assignmentContext != AssignmentContext::ConstDeclarationStatement; + if (RegisterID* local = var.local()) { + RegisterID* result = nullptr; + if (m_assignmentContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, local, nullptr); + + if (isReadOnly) { + result = generator.emitNode(dst, m_right); // Execute side effects first. + generator.emitReadOnlyExceptionIfNeeded(var); + generator.emitProfileType(result, var, divotStart(), divotEnd()); + } else if (var.isSpecial()) { RefPtr<RegisterID> tempDst = generator.tempDestination(dst); generator.emitNode(tempDst.get(), m_right); - generator.emitMove(local.get(), tempDst.get()); - return generator.moveToDestinationIfNeeded(dst, tempDst.get()); + generator.emitMove(local, tempDst.get()); + generator.emitProfileType(local, var, divotStart(), divotEnd()); + generator.invalidateForInContextForLocal(local); + result = generator.moveToDestinationIfNeeded(dst, tempDst.get()); + } else { + RegisterID* right = generator.emitNode(local, m_right); + generator.emitProfileType(right, var, divotStart(), divotEnd()); + generator.invalidateForInContextForLocal(local); + result = generator.moveToDestinationIfNeeded(dst, right); } - RegisterID* result = generator.emitNode(local.get(), m_right); - return generator.moveToDestinationIfNeeded(dst, result); + + if (m_assignmentContext == AssignmentContext::DeclarationStatement || m_assignmentContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); + return result; } if (generator.isStrictMode()) generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + if (m_assignmentContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, nullptr, scope.get()); if (dst == generator.ignoredResult()) dst = 0; RefPtr<RegisterID> result = generator.emitNode(dst, m_right); + if (isReadOnly) { + RegisterID* result = generator.emitNode(dst, m_right); // Execute side effects first. + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return result; + } generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitPutToScope(scope.get(), m_ident, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); + RegisterID* returnResult = result.get(); + if (!isReadOnly) { + returnResult = generator.emitPutToScope(scope.get(), var, result.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_assignmentContext)); + generator.emitProfileType(result.get(), var, divotStart(), divotEnd()); + } + + if (m_assignmentContext == AssignmentContext::DeclarationStatement || m_assignmentContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); + return returnResult; } // ------------------------------ AssignDotNode ----------------------------------- @@ -1408,11 +2306,16 @@ RegisterID* AssignDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID { RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator)); RefPtr<RegisterID> value = generator.destinationForAssignResult(dst); - RegisterID* result = generator.emitNode(value.get(), m_right); + RefPtr<RegisterID> result = generator.emitNode(value.get(), m_right); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* forwardResult = (dst == generator.ignoredResult()) ? result : generator.moveToDestinationIfNeeded(generator.tempDestination(result), result); - generator.emitPutById(base.get(), m_ident, forwardResult); - return generator.moveToDestinationIfNeeded(dst, forwardResult); + RefPtr<RegisterID> forwardResult = (dst == generator.ignoredResult()) ? result.get() : generator.moveToDestinationIfNeeded(generator.tempDestination(result.get()), result.get()); + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), m_ident, forwardResult.get()); + } else + generator.emitPutById(base.get(), m_ident, forwardResult.get()); + generator.emitProfileType(forwardResult.get(), divotStart(), divotEnd()); + return generator.moveToDestinationIfNeeded(dst, forwardResult.get()); } // ------------------------------ ReadModifyDotNode ----------------------------------- @@ -1422,18 +2325,30 @@ RegisterID* ReadModifyDotNode::emitBytecode(BytecodeGenerator& generator, Regist RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator)); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> value = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); - RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (m_base->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetById(generator.tempDestination(dst), base.get(), thisValue.get(), m_ident); + } else + value = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident); + RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, static_cast<JSC::Operator>(m_operator), OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - return generator.emitPutById(base.get(), m_ident, updatedValue); + RegisterID* ret; + if (m_base->isSuperNode()) + ret = generator.emitPutById(base.get(), thisValue.get(), m_ident, updatedValue); + else + ret = generator.emitPutById(base.get(), m_ident, updatedValue); + generator.emitProfileType(updatedValue, divotStart(), divotEnd()); + return ret; } // ------------------------------ AssignErrorNode ----------------------------------- RegisterID* AssignErrorNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - return emitThrowReferenceError(generator, "Left side of assignment is not a reference."); + return emitThrowReferenceError(generator, ASCIILiteral("Left side of assignment is not a reference.")); } // ------------------------------ AssignBracketNode ----------------------------------- @@ -1443,11 +2358,26 @@ RegisterID* AssignBracketNode::emitBytecode(BytecodeGenerator& generator, Regist RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments || m_rightHasAssignments, m_subscript->isPure(generator) && m_right->isPure(generator)); RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(m_subscript, m_rightHasAssignments, m_right->isPure(generator)); RefPtr<RegisterID> value = generator.destinationForAssignResult(dst); - RegisterID* result = generator.emitNode(value.get(), m_right); + RefPtr<RegisterID> result = generator.emitNode(value.get(), m_right); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* forwardResult = (dst == generator.ignoredResult()) ? result : generator.moveToDestinationIfNeeded(generator.tempDestination(result), result); - generator.emitPutByVal(base.get(), property.get(), forwardResult); + RegisterID* forwardResult = (dst == generator.ignoredResult()) ? result.get() : generator.moveToDestinationIfNeeded(generator.tempDestination(result.get()), result.get()); + + if (isNonIndexStringElement(*m_subscript)) { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), static_cast<StringNode*>(m_subscript)->value(), forwardResult); + } else + generator.emitPutById(base.get(), static_cast<StringNode*>(m_subscript)->value(), forwardResult); + } else { + if (m_base->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), forwardResult); + } else + generator.emitPutByVal(base.get(), property.get(), forwardResult); + } + + generator.emitProfileType(forwardResult, divotStart(), divotEnd()); return generator.moveToDestinationIfNeeded(dst, forwardResult); } @@ -1459,11 +2389,21 @@ RegisterID* ReadModifyBracketNode::emitBytecode(BytecodeGenerator& generator, Re RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(m_subscript, m_rightHasAssignments, m_right->isPure(generator)); generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); - RefPtr<RegisterID> value = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property.get()); - RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); + RefPtr<RegisterID> value; + RefPtr<RegisterID> thisValue; + if (m_base->isSuperNode()) { + thisValue = generator.ensureThis(); + value = generator.emitGetByVal(generator.tempDestination(dst), base.get(), thisValue.get(), property.get()); + } else + value = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property.get()); + RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, static_cast<JSC::Operator>(m_operator), OperandTypes(ResultType::unknownType(), m_right->resultDescriptor())); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutByVal(base.get(), property.get(), updatedValue); + if (m_base->isSuperNode()) + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), updatedValue); + else + generator.emitPutByVal(base.get(), property.get(), updatedValue); + generator.emitProfileType(updatedValue, divotStart(), divotEnd()); return updatedValue; } @@ -1472,58 +2412,10 @@ RegisterID* ReadModifyBracketNode::emitBytecode(BytecodeGenerator& generator, Re RegisterID* CommaNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - ASSERT(m_expressions.size() > 1); - for (size_t i = 0; i < m_expressions.size() - 1; i++) - generator.emitNode(generator.ignoredResult(), m_expressions[i]); - return generator.emitNode(dst, m_expressions.last()); -} - -// ------------------------------ ConstDeclNode ------------------------------------ - -RegisterID* ConstDeclNode::emitCodeSingle(BytecodeGenerator& generator) -{ - // FIXME: This code does not match the behavior of const in Firefox. - if (Local local = generator.constLocal(m_ident)) { - if (!m_init) - return local.get(); - - if (local.isCaptured()) { - RefPtr<RegisterID> tempDst = generator.newTemporary(); - generator.emitNode(tempDst.get(), m_init); - return generator.emitMove(local.get(), tempDst.get()); - } - - return generator.emitNode(local.get(), m_init); - } - - RefPtr<RegisterID> value = m_init ? generator.emitNode(m_init) : generator.emitLoad(0, jsUndefined()); - - if (generator.codeType() == GlobalCode) - return generator.emitInitGlobalConst(m_ident, value.get()); - - if (generator.codeType() != EvalCode) - return value.get(); - - // FIXME: This will result in incorrect assignment if m_ident exists in an intervening with scope. - RefPtr<RegisterID> scope = generator.emitResolveScope(generator.newTemporary(), m_ident); - return generator.emitPutToScope(scope.get(), m_ident, value.get(), DoNotThrowIfNotFound); -} - -RegisterID* ConstDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) -{ - RegisterID* result = 0; - for (ConstDeclNode* n = this; n; n = n->m_next) - result = n->emitCodeSingle(generator); - - return result; -} - -// ------------------------------ ConstStatementNode ----------------------------- - -void ConstStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) -{ - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - generator.emitNode(m_next); + CommaNode* node = this; + for (; node && node->next(); node = node->next()) + generator.emitNode(generator.ignoredResult(), node->m_expr); + return generator.emitNodeInTailPosition(dst, node->m_expr); } // ------------------------------ SourceElements ------------------------------- @@ -1531,15 +2423,13 @@ void ConstStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) inline StatementNode* SourceElements::lastStatement() const { - size_t size = m_statements.size(); - return size ? m_statements[size - 1] : 0; + return m_tail; } inline void SourceElements::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - size_t size = m_statements.size(); - for (size_t i = 0; i < size; ++i) - generator.emitNode(dst, m_statements[i]); + for (StatementNode* statement = m_head; statement; statement = statement->next()) + generator.emitNodeInTailPosition(dst, statement); } // ------------------------------ BlockNode ------------------------------------ @@ -1549,7 +2439,7 @@ inline StatementNode* BlockNode::lastStatement() const return m_statements ? m_statements->lastStatement() : 0; } -inline StatementNode* BlockNode::singleStatement() const +StatementNode* BlockNode::singleStatement() const { return m_statements ? m_statements->singleStatement() : 0; } @@ -1558,21 +2448,23 @@ void BlockNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { if (!m_statements) return; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested); m_statements->emitBytecode(generator, dst); + generator.popLexicalScope(this); } // ------------------------------ EmptyStatementNode --------------------------- -void EmptyStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +void EmptyStatementNode::emitBytecode(BytecodeGenerator&, RegisterID*) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + RELEASE_ASSERT(needsDebugHook()); } // ------------------------------ DebuggerStatementNode --------------------------- void DebuggerStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - generator.emitDebugHook(DidReachBreakpoint, lastLine(), startOffset(), lineStartOffset()); + generator.emitDebugHook(DidReachBreakpoint, position()); } // ------------------------------ ExprStatementNode ---------------------------- @@ -1580,19 +2472,60 @@ void DebuggerStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterI void ExprStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { ASSERT(m_expr); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); generator.emitNode(dst, m_expr); } -// ------------------------------ VarStatementNode ---------------------------- +// ------------------------------ DeclarationStatement ---------------------------- -void VarStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +void DeclarationStatement::emitBytecode(BytecodeGenerator& generator, RegisterID*) { ASSERT(m_expr); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); generator.emitNode(m_expr); } +// ------------------------------ EmptyVarExpression ---------------------------- + +RegisterID* EmptyVarExpression::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + // It's safe to return null here because this node will always be a child node of DeclarationStatement which ignores our return value. + if (!generator.vm()->typeProfiler()) + return nullptr; + + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) + generator.emitProfileType(local, var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + else { + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, DoNotThrowIfNotFound); + generator.emitProfileType(value.get(), var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + } + + return nullptr; +} + +// ------------------------------ EmptyLetExpression ---------------------------- + +RegisterID* EmptyLetExpression::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + // Lexical declarations like 'let' must move undefined into their variables so we don't + // get TDZ errors for situations like this: `let x; x;` + Variable var = generator.variable(m_ident); + if (RegisterID* local = var.local()) { + generator.emitLoad(local, jsUndefined()); + generator.emitProfileType(local, var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + } else { + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + RefPtr<RegisterID> value = generator.emitLoad(nullptr, jsUndefined()); + generator.emitPutToScope(scope.get(), var, value.get(), generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::Initialization); + generator.emitProfileType(value.get(), var, position(), JSTextPosition(-1, position().offset + m_ident.length(), -1)); + } + + generator.liftTDZCheckIfPossible(var); + + // It's safe to return null here because this node will always be a child node of DeclarationStatement which ignores our return value. + return nullptr; +} + // ------------------------------ IfElseNode --------------------------------------- static inline StatementNode* singleStatement(StatementNode* statementNode) @@ -1634,32 +2567,35 @@ bool IfElseNode::tryFoldBreakAndContinue(BytecodeGenerator& generator, Statement void IfElseNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - - RefPtr<Label> beforeThen = generator.newLabel(); - RefPtr<Label> beforeElse = generator.newLabel(); - RefPtr<Label> afterElse = generator.newLabel(); + Ref<Label> beforeThen = generator.newLabel(); + Ref<Label> beforeElse = generator.newLabel(); + Ref<Label> afterElse = generator.newLabel(); - Label* trueTarget = beforeThen.get(); - Label* falseTarget = beforeElse.get(); + Label* trueTarget = beforeThen.ptr(); + Label& falseTarget = beforeElse.get(); FallThroughMode fallThroughMode = FallThroughMeansTrue; bool didFoldIfBlock = tryFoldBreakAndContinue(generator, m_ifBlock, trueTarget, fallThroughMode); - generator.emitNodeInConditionContext(m_condition, trueTarget, falseTarget, fallThroughMode); + generator.emitNodeInConditionContext(m_condition, *trueTarget, falseTarget, fallThroughMode); generator.emitLabel(beforeThen.get()); + generator.emitProfileControlFlow(m_ifBlock->startOffset()); if (!didFoldIfBlock) { - generator.emitNode(dst, m_ifBlock); + generator.emitNodeInTailPosition(dst, m_ifBlock); if (m_elseBlock) generator.emitJump(afterElse.get()); } generator.emitLabel(beforeElse.get()); - if (m_elseBlock) - generator.emitNode(dst, m_elseBlock); + if (m_elseBlock) { + generator.emitProfileControlFlow(m_ifBlock->endOffset() + (m_ifBlock->isBlock() ? 1 : 0)); + generator.emitNodeInTailPosition(dst, m_elseBlock); + } generator.emitLabel(afterElse.get()); + StatementNode* endingBlock = m_elseBlock ? m_elseBlock : m_ifBlock; + generator.emitProfileControlFlow(endingBlock->endOffset() + (endingBlock->isBlock() ? 1 : 0)); } // ------------------------------ DoWhileNode ---------------------------------- @@ -1668,15 +2604,13 @@ void DoWhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - RefPtr<Label> topOfLoop = generator.newLabel(); + Ref<Label> topOfLoop = generator.newLabel(); generator.emitLabel(topOfLoop.get()); generator.emitLoopHint(); - generator.emitDebugHook(WillExecuteStatement, lastLine(), startOffset(), lineStartOffset()); - generator.emitNode(dst, m_statement); + generator.emitNodeInTailPosition(dst, m_statement); - generator.emitLabel(scope->continueTarget()); - generator.emitDebugHook(WillExecuteStatement, lastLine(), startOffset(), lineStartOffset()); + generator.emitLabel(*scope->continueTarget()); generator.emitNodeInConditionContext(m_expr, topOfLoop.get(), scope->breakTarget(), FallThroughMeansFalse); generator.emitLabel(scope->breakTarget()); @@ -1687,22 +2621,23 @@ void DoWhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) void WhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - RefPtr<Label> topOfLoop = generator.newLabel(); + Ref<Label> topOfLoop = generator.newLabel(); - generator.emitDebugHook(WillExecuteStatement, m_expr->lineNo(), m_expr->startOffset(), m_expr->lineStartOffset()); generator.emitNodeInConditionContext(m_expr, topOfLoop.get(), scope->breakTarget(), FallThroughMeansTrue); generator.emitLabel(topOfLoop.get()); generator.emitLoopHint(); - generator.emitNode(dst, m_statement); + generator.emitProfileControlFlow(m_statement->startOffset()); + generator.emitNodeInTailPosition(dst, m_statement); - generator.emitLabel(scope->continueTarget()); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + generator.emitLabel(*scope->continueTarget()); generator.emitNodeInConditionContext(m_expr, topOfLoop.get(), scope->breakTarget(), FallThroughMeansFalse); generator.emitLabel(scope->breakTarget()); + + generator.emitProfileControlFlow(m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0)); } // ------------------------------ ForNode -------------------------------------- @@ -1711,22 +2646,24 @@ void ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + RegisterID* forLoopSymbolTable = nullptr; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested, &forLoopSymbolTable); if (m_expr1) generator.emitNode(generator.ignoredResult(), m_expr1); - - RefPtr<Label> topOfLoop = generator.newLabel(); + + Ref<Label> topOfLoop = generator.newLabel(); if (m_expr2) generator.emitNodeInConditionContext(m_expr2, topOfLoop.get(), scope->breakTarget(), FallThroughMeansTrue); generator.emitLabel(topOfLoop.get()); generator.emitLoopHint(); + generator.emitProfileControlFlow(m_statement->startOffset()); - generator.emitNode(dst, m_statement); + generator.emitNodeInTailPosition(dst, m_statement); - generator.emitLabel(scope->continueTarget()); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); if (m_expr3) generator.emitNode(generator.ignoredResult(), m_expr3); @@ -1736,153 +2673,336 @@ void ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) generator.emitJump(topOfLoop.get()); generator.emitLabel(scope->breakTarget()); + generator.popLexicalScope(this); + generator.emitProfileControlFlow(m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0)); } // ------------------------------ ForInNode ------------------------------------ -void ForInNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +RegisterID* ForInNode::tryGetBoundLocal(BytecodeGenerator& generator) { - LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - - if (!m_lexpr->isLocation()) { - emitThrowReferenceError(generator, "Left side of for-in statement is not a reference."); - return; + if (m_lexpr->isResolveNode()) { + const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); + return generator.variable(ident).local(); } - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + if (m_lexpr->isDestructuringNode()) { + DestructuringAssignmentNode* assignNode = static_cast<DestructuringAssignmentNode*>(m_lexpr); + auto binding = assignNode->bindings(); + if (!binding->isBindingNode()) + return nullptr; + + auto simpleBinding = static_cast<BindingNode*>(binding); + const Identifier& ident = simpleBinding->boundProperty(); + Variable var = generator.variable(ident); + if (var.isSpecial()) + return nullptr; + return var.local(); + } - RefPtr<RegisterID> base = generator.newTemporary(); - generator.emitNode(base.get(), m_expr); - RefPtr<RegisterID> i = generator.newTemporary(); - RefPtr<RegisterID> size = generator.newTemporary(); - RefPtr<RegisterID> expectedSubscript; - RefPtr<RegisterID> iter = generator.emitGetPropertyNames(generator.newTemporary(), base.get(), i.get(), size.get(), scope->breakTarget()); - generator.emitJump(scope->continueTarget()); - - RefPtr<Label> loopStart = generator.newLabel(); - generator.emitLabel(loopStart.get()); - generator.emitLoopHint(); + return nullptr; +} - RegisterID* propertyName; - bool optimizedForinAccess = false; - if (m_lexpr->isResolveNode()) { - const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); - Local local = generator.local(ident); - if (!local.get()) { - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect = propertyName; +void ForInNode::emitLoopHeader(BytecodeGenerator& generator, RegisterID* propertyName) +{ + auto lambdaEmitResolveVariable = [&](const Identifier& ident) + { + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + generator.emitMove(local, propertyName); + } else { if (generator.isStrictMode()) generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident); + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutToScope(scope, ident, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); - } else { - expectedSubscript = generator.newTemporary(); - propertyName = expectedSubscript.get(); - generator.emitMove(local.get(), propertyName); - generator.pushOptimisedForIn(expectedSubscript.get(), iter.get(), i.get(), local.get()); - optimizedForinAccess = true; + generator.emitPutToScope(scope.get(), var, propertyName, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization); } - } else if (m_lexpr->isDotAccessorNode()) { + generator.emitProfileType(propertyName, var, m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1)); + }; + + if (m_lexpr->isResolveNode()) { + const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); + lambdaEmitResolveVariable(ident); + return; + } + + if (m_lexpr->isAssignResolveNode()) { + const Identifier& ident = static_cast<AssignResolveNode*>(m_lexpr)->identifier(); + lambdaEmitResolveVariable(ident); + return; + } + + if (m_lexpr->isDotAccessorNode()) { DotAccessorNode* assignNode = static_cast<DotAccessorNode*>(m_lexpr); const Identifier& ident = assignNode->identifier(); - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect = propertyName; - RegisterID* base = generator.emitNode(assignNode->base()); - + RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutById(base, ident, propertyName); - } else if (m_lexpr->isBracketAccessorNode()) { + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), ident, propertyName); + } else + generator.emitPutById(base.get(), ident, propertyName); + generator.emitProfileType(propertyName, assignNode->divotStart(), assignNode->divotEnd()); + return; + } + if (m_lexpr->isBracketAccessorNode()) { BracketAccessorNode* assignNode = static_cast<BracketAccessorNode*>(m_lexpr); - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect = propertyName; RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); - RegisterID* subscript = generator.emitNode(assignNode->subscript()); - + RefPtr<RegisterID> subscript = generator.emitNode(assignNode->subscript()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutByVal(base.get(), subscript, propertyName); - } else { - ASSERT(m_lexpr->isDeconstructionNode()); - DeconstructingAssignmentNode* assignNode = static_cast<DeconstructingAssignmentNode*>(m_lexpr); + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), subscript.get(), propertyName); + } else + generator.emitPutByVal(base.get(), subscript.get(), propertyName); + generator.emitProfileType(propertyName, assignNode->divotStart(), assignNode->divotEnd()); + return; + } + + if (m_lexpr->isDestructuringNode()) { + DestructuringAssignmentNode* assignNode = static_cast<DestructuringAssignmentNode*>(m_lexpr); auto binding = assignNode->bindings(); - if (binding->isBindingNode()) { - auto simpleBinding = static_cast<BindingNode*>(binding); - Identifier ident = simpleBinding->boundProperty(); - Local local = generator.local(ident); - propertyName = local.get(); - if (!propertyName || local.isCaptured()) - goto genericBinding; - expectedSubscript = generator.emitMove(generator.newTemporary(), propertyName); - generator.pushOptimisedForIn(expectedSubscript.get(), iter.get(), i.get(), propertyName); - optimizedForinAccess = true; - goto completedSimpleBinding; - } else { - genericBinding: - propertyName = generator.newTemporary(); - RefPtr<RegisterID> protect(propertyName); + if (!binding->isBindingNode()) { assignNode->bindings()->bindValue(generator, propertyName); + return; } - completedSimpleBinding: - ; + + auto simpleBinding = static_cast<BindingNode*>(binding); + const Identifier& ident = simpleBinding->boundProperty(); + Variable var = generator.variable(ident); + if (!var.local() || var.isSpecial()) { + assignNode->bindings()->bindValue(generator, propertyName); + return; + } + generator.emitMove(var.local(), propertyName); + generator.emitProfileType(propertyName, var, simpleBinding->divotStart(), simpleBinding->divotEnd()); + return; } - generator.emitNode(dst, m_statement); + RELEASE_ASSERT_NOT_REACHED(); +} - if (optimizedForinAccess) - generator.popOptimisedForIn(); +void ForInNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!m_lexpr->isAssignResolveNode() && !m_lexpr->isAssignmentLocation()) { + emitThrowReferenceError(generator, ASCIILiteral("Left side of for-in statement is not a reference.")); + return; + } - generator.emitLabel(scope->continueTarget()); - generator.emitNextPropertyName(propertyName, base.get(), i.get(), size.get(), iter.get(), loopStart.get()); - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - generator.emitLabel(scope->breakTarget()); + Ref<Label> end = generator.newLabel(); + + RegisterID* forLoopSymbolTable = nullptr; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested, &forLoopSymbolTable); + + if (m_lexpr->isAssignResolveNode()) + generator.emitNode(generator.ignoredResult(), m_lexpr); + + RefPtr<RegisterID> base = generator.newTemporary(); + RefPtr<RegisterID> length; + RefPtr<RegisterID> enumerator; + + generator.emitNode(base.get(), m_expr); + RefPtr<RegisterID> local = this->tryGetBoundLocal(generator); + RefPtr<RegisterID> enumeratorIndex; + + // Pause at the assignment expression for each for..in iteration. + generator.emitDebugHook(m_lexpr); + + int profilerStartOffset = m_statement->startOffset(); + int profilerEndOffset = m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0); + + enumerator = generator.emitGetPropertyEnumerator(generator.newTemporary(), base.get()); + + // Indexed property loop. + { + LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); + Ref<Label> loopStart = generator.newLabel(); + Ref<Label> loopEnd = generator.newLabel(); + + length = generator.emitGetEnumerableLength(generator.newTemporary(), enumerator.get()); + RefPtr<RegisterID> i = generator.emitLoad(generator.newTemporary(), jsNumber(0)); + RefPtr<RegisterID> propertyName = generator.newTemporary(); + + generator.emitLabel(loopStart.get()); + generator.emitLoopHint(); + + RefPtr<RegisterID> result = generator.emitEqualityOp(op_less, generator.newTemporary(), i.get(), length.get()); + generator.emitJumpIfFalse(result.get(), loopEnd.get()); + generator.emitHasIndexedProperty(result.get(), base.get(), i.get()); + generator.emitJumpIfFalse(result.get(), *scope->continueTarget()); + + generator.emitToIndexString(propertyName.get(), i.get()); + this->emitLoopHeader(generator, propertyName.get()); + + generator.emitProfileControlFlow(profilerStartOffset); + + generator.pushIndexedForInScope(local.get(), i.get()); + generator.emitNode(dst, m_statement); + generator.popIndexedForInScope(local.get()); + + generator.emitProfileControlFlow(profilerEndOffset); + + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); + generator.emitInc(i.get()); + generator.emitDebugHook(m_lexpr); // Pause at the assignment expression for each for..in iteration. + generator.emitJump(loopStart.get()); + + generator.emitLabel(scope->breakTarget()); + generator.emitJump(end.get()); + generator.emitLabel(loopEnd.get()); + } + + // Structure property loop. + { + LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); + Ref<Label> loopStart = generator.newLabel(); + Ref<Label> loopEnd = generator.newLabel(); + + enumeratorIndex = generator.emitLoad(generator.newTemporary(), jsNumber(0)); + RefPtr<RegisterID> propertyName = generator.newTemporary(); + generator.emitEnumeratorStructurePropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + + generator.emitLabel(loopStart.get()); + generator.emitLoopHint(); + + RefPtr<RegisterID> result = generator.emitUnaryOp(op_eq_null, generator.newTemporary(), propertyName.get()); + generator.emitJumpIfTrue(result.get(), loopEnd.get()); + generator.emitHasStructureProperty(result.get(), base.get(), propertyName.get(), enumerator.get()); + generator.emitJumpIfFalse(result.get(), *scope->continueTarget()); + + this->emitLoopHeader(generator, propertyName.get()); + + generator.emitProfileControlFlow(profilerStartOffset); + + generator.pushStructureForInScope(local.get(), enumeratorIndex.get(), propertyName.get(), enumerator.get()); + generator.emitNode(dst, m_statement); + generator.popStructureForInScope(local.get()); + + generator.emitProfileControlFlow(profilerEndOffset); + + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); + generator.emitInc(enumeratorIndex.get()); + generator.emitEnumeratorStructurePropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + generator.emitDebugHook(m_lexpr); // Pause at the assignment expression for each for..in iteration. + generator.emitJump(loopStart.get()); + + generator.emitLabel(scope->breakTarget()); + generator.emitJump(end.get()); + generator.emitLabel(loopEnd.get()); + } + + // Generic property loop. + { + LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); + Ref<Label> loopStart = generator.newLabel(); + Ref<Label> loopEnd = generator.newLabel(); + + RefPtr<RegisterID> propertyName = generator.newTemporary(); + + generator.emitEnumeratorGenericPropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + + generator.emitLabel(loopStart.get()); + generator.emitLoopHint(); + + RefPtr<RegisterID> result = generator.emitUnaryOp(op_eq_null, generator.newTemporary(), propertyName.get()); + generator.emitJumpIfTrue(result.get(), loopEnd.get()); + + generator.emitHasGenericProperty(result.get(), base.get(), propertyName.get()); + generator.emitJumpIfFalse(result.get(), *scope->continueTarget()); + + this->emitLoopHeader(generator, propertyName.get()); + + generator.emitProfileControlFlow(profilerStartOffset); + + generator.emitNode(dst, m_statement); + + generator.emitLabel(*scope->continueTarget()); + generator.prepareLexicalScopeForNextForLoopIteration(this, forLoopSymbolTable); + generator.emitInc(enumeratorIndex.get()); + generator.emitEnumeratorGenericPropertyName(propertyName.get(), enumerator.get(), enumeratorIndex.get()); + generator.emitDebugHook(m_lexpr); // Pause at the assignment expression for each for..in iteration. + generator.emitJump(loopStart.get()); + + generator.emitLabel(scope->breakTarget()); + generator.emitJump(end.get()); + generator.emitLabel(loopEnd.get()); + } + + generator.emitLabel(end.get()); + generator.popLexicalScope(this); + generator.emitProfileControlFlow(profilerEndOffset); } // ------------------------------ ForOfNode ------------------------------------ void ForOfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - if (!m_lexpr->isLocation()) { - emitThrowReferenceError(generator, "Left side of for-of statement is not a reference."); + if (!m_lexpr->isAssignmentLocation()) { + emitThrowReferenceError(generator, ASCIILiteral("Left side of for-of statement is not a reference.")); return; } - - LabelScopePtr scope = generator.newLabelScope(LabelScope::Loop); - - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); + + RegisterID* forLoopSymbolTable = nullptr; + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested, &forLoopSymbolTable); auto extractor = [this, dst](BytecodeGenerator& generator, RegisterID* value) { if (m_lexpr->isResolveNode()) { const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier(); - if (Local local = generator.local(ident)) - generator.emitMove(local.get(), value); - else { + Variable var = generator.variable(ident); + if (RegisterID* local = var.local()) { + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + generator.emitMove(local, value); + } else { if (generator.isStrictMode()) generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), ident); + if (var.isReadOnly()) + generator.emitReadOnlyExceptionIfNeeded(var); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); - generator.emitPutToScope(scope, ident, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); + generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization); } + generator.emitProfileType(value, var, m_lexpr->position(), JSTextPosition(-1, m_lexpr->position().offset + ident.length(), -1)); } else if (m_lexpr->isDotAccessorNode()) { DotAccessorNode* assignNode = static_cast<DotAccessorNode*>(m_lexpr); const Identifier& ident = assignNode->identifier(); RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutById(base.get(), ident, value); + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), ident, value); + } else + generator.emitPutById(base.get(), ident, value); + generator.emitProfileType(value, assignNode->divotStart(), assignNode->divotEnd()); } else if (m_lexpr->isBracketAccessorNode()) { BracketAccessorNode* assignNode = static_cast<BracketAccessorNode*>(m_lexpr); RefPtr<RegisterID> base = generator.emitNode(assignNode->base()); RegisterID* subscript = generator.emitNode(assignNode->subscript()); generator.emitExpressionInfo(assignNode->divot(), assignNode->divotStart(), assignNode->divotEnd()); - generator.emitPutByVal(base.get(), subscript, value); + if (assignNode->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), subscript, value); + } else + generator.emitPutByVal(base.get(), subscript, value); + generator.emitProfileType(value, assignNode->divotStart(), assignNode->divotEnd()); } else { - ASSERT(m_lexpr->isDeconstructionNode()); - DeconstructingAssignmentNode* assignNode = static_cast<DeconstructingAssignmentNode*>(m_lexpr); + ASSERT(m_lexpr->isDestructuringNode()); + DestructuringAssignmentNode* assignNode = static_cast<DestructuringAssignmentNode*>(m_lexpr); assignNode->bindings()->bindValue(generator, value); } + generator.emitProfileControlFlow(m_statement->startOffset()); generator.emitNode(dst, m_statement); }; - generator.emitEnumeration(this, m_expr, extractor); + generator.emitEnumeration(this, m_expr, extractor, this, forLoopSymbolTable); + generator.popLexicalScope(this); + generator.emitProfileControlFlow(m_statement->endOffset() + (m_statement->isBlock() ? 1 : 0)); } // ------------------------------ ContinueNode --------------------------------- @@ -1890,26 +3010,30 @@ void ForOfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) Label* ContinueNode::trivialTarget(BytecodeGenerator& generator) { if (generator.shouldEmitDebugHooks()) - return 0; + return nullptr; - LabelScope* scope = generator.continueTarget(m_ident); + LabelScopePtr scope = generator.continueTarget(m_ident); ASSERT(scope); - if (generator.scopeDepth() != scope->scopeDepth()) - return 0; + if (generator.labelScopeDepth() != scope->scopeDepth()) + return nullptr; return scope->continueTarget(); } void ContinueNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - - LabelScope* scope = generator.continueTarget(m_ident); + LabelScopePtr scope = generator.continueTarget(m_ident); ASSERT(scope); - generator.emitPopScopes(scope->scopeDepth()); - generator.emitJump(scope->continueTarget()); + bool hasFinally = generator.emitJumpViaFinallyIfNeeded(scope->scopeDepth(), *scope->continueTarget()); + if (!hasFinally) { + int lexicalScopeIndex = generator.labelScopeDepthToLexicalScopeIndex(scope->scopeDepth()); + generator.restoreScopeRegister(lexicalScopeIndex); + generator.emitJump(*scope->continueTarget()); + } + + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ BreakNode ------------------------------------ @@ -1917,65 +3041,74 @@ void ContinueNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) Label* BreakNode::trivialTarget(BytecodeGenerator& generator) { if (generator.shouldEmitDebugHooks()) - return 0; + return nullptr; - LabelScope* scope = generator.breakTarget(m_ident); + LabelScopePtr scope = generator.breakTarget(m_ident); ASSERT(scope); - if (generator.scopeDepth() != scope->scopeDepth()) - return 0; + if (generator.labelScopeDepth() != scope->scopeDepth()) + return nullptr; - return scope->breakTarget(); + return &scope->breakTarget(); } void BreakNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - - LabelScope* scope = generator.breakTarget(m_ident); + LabelScopePtr scope = generator.breakTarget(m_ident); ASSERT(scope); - generator.emitPopScopes(scope->scopeDepth()); - generator.emitJump(scope->breakTarget()); + bool hasFinally = generator.emitJumpViaFinallyIfNeeded(scope->scopeDepth(), scope->breakTarget()); + if (!hasFinally) { + int lexicalScopeIndex = generator.labelScopeDepthToLexicalScopeIndex(scope->scopeDepth()); + generator.restoreScopeRegister(lexicalScopeIndex); + generator.emitJump(scope->breakTarget()); + } + + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ ReturnNode ----------------------------------- void ReturnNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); ASSERT(generator.codeType() == FunctionCode); if (dst == generator.ignoredResult()) dst = 0; - RefPtr<RegisterID> returnRegister = m_value ? generator.emitNode(dst, m_value) : generator.emitLoad(dst, jsUndefined()); - if (generator.scopeDepth()) { - returnRegister = generator.emitMove(generator.newTemporary(), returnRegister.get()); - generator.emitPopScopes(0); + RefPtr<RegisterID> returnRegister = m_value ? generator.emitNodeInTailPosition(dst, m_value) : generator.emitLoad(dst, jsUndefined()); + + generator.emitProfileType(returnRegister.get(), ProfileTypeBytecodeFunctionReturnStatement, divotStart(), divotEnd()); + + bool hasFinally = generator.emitReturnViaFinallyIfNeeded(returnRegister.get()); + if (!hasFinally) { + generator.emitWillLeaveCallFrameDebugHook(); + generator.emitReturn(returnRegister.get()); } - generator.emitDebugHook(WillLeaveCallFrame, lastLine(), startOffset(), lineStartOffset()); - generator.emitReturn(returnRegister.get()); + generator.emitProfileControlFlow(endOffset()); + // Emitting an unreachable return here is needed in case this op_profile_control_flow is the + // last opcode in a CodeBlock because a CodeBlock's instructions must end with a terminal opcode. + if (generator.vm()->controlFlowProfiler()) + generator.emitReturn(generator.emitLoad(nullptr, jsUndefined())); } // ------------------------------ WithNode ------------------------------------- void WithNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - RefPtr<RegisterID> scope = generator.emitNode(m_expr); generator.emitExpressionInfo(m_divot, m_divot - m_expressionLength, m_divot); generator.emitPushWithScope(scope.get()); - generator.emitNode(dst, m_statement); - generator.emitPopScope(); + generator.emitNodeInTailPosition(dst, m_statement); + generator.emitPopWithScope(); } // ------------------------------ CaseClauseNode -------------------------------- inline void CaseClauseNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { + generator.emitProfileControlFlow(m_startOffset); if (!m_statements) return; m_statements->emitBytecode(generator, dst); @@ -2074,18 +3207,17 @@ SwitchInfo::SwitchType CaseBlockNode::tryTableSwitch(Vector<ExpressionNode*, 8>& void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterID* switchExpression, RegisterID* dst) { - RefPtr<Label> defaultLabel; - Vector<RefPtr<Label>, 8> labelVector; + Vector<Ref<Label>, 8> labelVector; Vector<ExpressionNode*, 8> literalVector; int32_t min_num = std::numeric_limits<int32_t>::max(); int32_t max_num = std::numeric_limits<int32_t>::min(); SwitchInfo::SwitchType switchType = tryTableSwitch(literalVector, min_num, max_num); + Ref<Label> defaultLabel = generator.newLabel(); if (switchType != SwitchInfo::SwitchNone) { // Prepare the various labels for (uint32_t i = 0; i < literalVector.size(); i++) labelVector.append(generator.newLabel()); - defaultLabel = generator.newLabel(); generator.beginSwitch(switchExpression, switchType); } else { // Setup jumps @@ -2104,7 +3236,6 @@ void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterI labelVector.append(generator.newLabel()); generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get()); } - defaultLabel = generator.newLabel(); generator.emitJump(defaultLabel.get()); } @@ -2129,7 +3260,7 @@ void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterI ASSERT(i == labelVector.size()); if (switchType != SwitchInfo::SwitchNone) { ASSERT(labelVector.size() == literalVector.size()); - generator.endSwitch(labelVector.size(), labelVector.data(), literalVector.data(), defaultLabel.get(), min_num, max_num); + generator.endSwitch(labelVector.size(), labelVector, literalVector.data(), defaultLabel.get(), min_num, max_num); } } @@ -2137,26 +3268,26 @@ void CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterI void SwitchNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - LabelScopePtr scope = generator.newLabelScope(LabelScope::Switch); RefPtr<RegisterID> r0 = generator.emitNode(m_expr); + + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::DoNotOptimize, BytecodeGenerator::NestedScopeType::IsNested); m_block->emitBytecodeForBlock(generator, r0.get(), dst); + generator.popLexicalScope(this); generator.emitLabel(scope->breakTarget()); + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ LabelNode ------------------------------------ void LabelNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - ASSERT(!generator.breakTarget(m_name)); LabelScopePtr scope = generator.newLabelScope(LabelScope::NamedLabel, &m_name); - generator.emitNode(dst, m_statement); + generator.emitNodeInTailPosition(dst, m_statement); generator.emitLabel(scope->breakTarget()); } @@ -2165,13 +3296,13 @@ void LabelNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) void ThrowNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - if (dst == generator.ignoredResult()) dst = 0; RefPtr<RegisterID> expr = generator.emitNode(m_expr); generator.emitExpressionInfo(divot(), divotStart(), divotEnd()); generator.emitThrow(expr.get()); + + generator.emitProfileControlFlow(endOffset()); } // ------------------------------ TryNode -------------------------------------- @@ -2181,58 +3312,102 @@ void TryNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) // NOTE: The catch and finally blocks must be labeled explicitly, so the // optimizer knows they may be jumped to from anywhere. - generator.emitDebugHook(WillExecuteStatement, firstLine(), startOffset(), lineStartOffset()); - ASSERT(m_catchBlock || m_finallyBlock); + BytecodeGenerator::CompletionRecordScope completionRecordScope(generator, m_finallyBlock); - RefPtr<Label> tryStartLabel = generator.newLabel(); + RefPtr<Label> catchLabel; + RefPtr<Label> catchEndLabel; + RefPtr<Label> finallyViaThrowLabel; + RefPtr<Label> finallyLabel; + RefPtr<Label> finallyEndLabel; + + Ref<Label> tryStartLabel = generator.newLabel(); generator.emitLabel(tryStartLabel.get()); - - if (m_finallyBlock) - generator.pushFinallyContext(m_finallyBlock); - TryData* tryData = generator.pushTry(tryStartLabel.get()); - generator.emitNode(dst, m_tryBlock); + if (m_finallyBlock) { + finallyViaThrowLabel = generator.newLabel(); + finallyLabel = generator.newLabel(); + finallyEndLabel = generator.newLabel(); + generator.pushFinallyControlFlowScope(*finallyLabel); + } if (m_catchBlock) { - RefPtr<Label> catchEndLabel = generator.newLabel(); - - // Normal path: jump over the catch block. - generator.emitJump(catchEndLabel.get()); + catchLabel = generator.newLabel(); + catchEndLabel = generator.newLabel(); + } + + Label& tryHandlerLabel = m_catchBlock ? *catchLabel : *finallyViaThrowLabel; + HandlerType tryHandlerType = m_catchBlock ? HandlerType::Catch : HandlerType::Finally; + TryData* tryData = generator.pushTry(tryStartLabel.get(), tryHandlerLabel, tryHandlerType); + generator.emitNode(dst, m_tryBlock); + + if (m_finallyBlock) + generator.emitJump(*finallyLabel); + else + generator.emitJump(*catchEndLabel); + + Ref<Label> endTryLabel = generator.newEmittedLabel(); + generator.popTry(tryData, endTryLabel.get()); + + if (m_catchBlock) { // Uncaught exception path: the catch block. - RefPtr<Label> here = generator.emitLabel(generator.newLabel().get()); - RefPtr<RegisterID> exceptionRegister = generator.popTryAndEmitCatch(tryData, generator.newTemporary(), here.get()); - + generator.emitLabel(*catchLabel); + RefPtr<RegisterID> thrownValueRegister = generator.newTemporary(); + RegisterID* unused = generator.newTemporary(); + generator.emitCatch(unused, thrownValueRegister.get()); + generator.restoreScopeRegister(); + + TryData* tryData = nullptr; if (m_finallyBlock) { // If the catch block throws an exception and we have a finally block, then the finally // block should "catch" that exception. - tryData = generator.pushTry(here.get()); + tryData = generator.pushTry(*catchLabel, *finallyViaThrowLabel, HandlerType::Finally); } - - generator.emitPushNameScope(m_exceptionIdent, exceptionRegister.get(), DontDelete); - generator.emitNode(dst, m_catchBlock); - generator.emitPopScope(); - generator.emitLabel(catchEndLabel.get()); + + generator.emitPushCatchScope(m_lexicalVariables); + m_catchPattern->bindValue(generator, thrownValueRegister.get()); + generator.emitProfileControlFlow(m_tryBlock->endOffset() + 1); + if (m_finallyBlock) + generator.emitNode(dst, m_catchBlock); + else + generator.emitNodeInTailPosition(dst, m_catchBlock); + generator.emitLoad(thrownValueRegister.get(), jsUndefined()); + generator.emitPopCatchScope(m_lexicalVariables); + + if (m_finallyBlock) { + generator.emitSetCompletionType(CompletionType::Normal); + generator.emitJump(*finallyLabel); + generator.popTry(tryData, *finallyViaThrowLabel); + } + + generator.emitLabel(*catchEndLabel); + generator.emitProfileControlFlow(m_catchBlock->endOffset() + 1); } if (m_finallyBlock) { - RefPtr<Label> preFinallyLabel = generator.emitLabel(generator.newLabel().get()); - - generator.popFinallyContext(); + FinallyContext finallyContext = generator.popFinallyControlFlowScope(); + + // Entry to the finally block for CompletionType::Throw. + generator.emitLabel(*finallyViaThrowLabel); + RegisterID* unused = generator.newTemporary(); + generator.emitCatch(generator.completionValueRegister(), unused); + generator.emitSetCompletionType(CompletionType::Throw); - RefPtr<Label> finallyEndLabel = generator.newLabel(); + // Entry to the finally block for CompletionTypes other than Throw. + generator.emitLabel(*finallyLabel); + generator.restoreScopeRegister(); - // Normal path: run the finally code, and jump to the end. - generator.emitNode(dst, m_finallyBlock); - generator.emitJump(finallyEndLabel.get()); + RefPtr<RegisterID> savedCompletionTypeRegister = generator.newTemporary(); + generator.emitMove(savedCompletionTypeRegister.get(), generator.completionTypeRegister()); - // Uncaught exception path: invoke the finally block, then re-throw the exception. - RefPtr<RegisterID> tempExceptionRegister = generator.popTryAndEmitCatch(tryData, generator.newTemporary(), preFinallyLabel.get()); - generator.emitNode(dst, m_finallyBlock); - generator.emitThrow(tempExceptionRegister.get()); + int finallyStartOffset = m_catchBlock ? m_catchBlock->endOffset() + 1 : m_tryBlock->endOffset() + 1; + generator.emitProfileControlFlow(finallyStartOffset); + generator.emitNodeInTailPosition(dst, m_finallyBlock); - generator.emitLabel(finallyEndLabel.get()); + generator.emitFinallyCompletion(finallyContext, savedCompletionTypeRegister.get(), *finallyEndLabel); + generator.emitLabel(*finallyEndLabel); + generator.emitProfileControlFlow(m_finallyBlock->endOffset() + 1); } } @@ -2245,20 +3420,33 @@ inline void ScopeNode::emitStatementsBytecode(BytecodeGenerator& generator, Regi m_statements->emitBytecode(generator, dst); } -// ------------------------------ ProgramNode ----------------------------- - -void ProgramNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +static void emitProgramNodeBytecode(BytecodeGenerator& generator, ScopeNode& scopeNode) { - generator.emitDebugHook(WillExecuteProgram, startLine(), startStartOffset(), startLineStartOffset()); + generator.emitDebugHook(WillExecuteProgram, scopeNode.startLine(), scopeNode.startStartOffset(), scopeNode.startLineStartOffset()); RefPtr<RegisterID> dstRegister = generator.newTemporary(); generator.emitLoad(dstRegister.get(), jsUndefined()); - emitStatementsBytecode(generator, dstRegister.get()); + generator.emitProfileControlFlow(scopeNode.startStartOffset()); + scopeNode.emitStatementsBytecode(generator, dstRegister.get()); - generator.emitDebugHook(DidExecuteProgram, lastLine(), startOffset(), lineStartOffset()); + generator.emitDebugHook(DidExecuteProgram, scopeNode.lastLine(), scopeNode.startOffset(), scopeNode.lineStartOffset()); generator.emitEnd(dstRegister.get()); } +// ------------------------------ ProgramNode ----------------------------- + +void ProgramNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + emitProgramNodeBytecode(generator, *this); +} + +// ------------------------------ ModuleProgramNode -------------------- + +void ModuleProgramNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +{ + emitProgramNodeBytecode(generator, *this); +} + // ------------------------------ EvalNode ----------------------------- void EvalNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) @@ -2273,53 +3461,161 @@ void EvalNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) generator.emitEnd(dstRegister.get()); } -// ------------------------------ FunctionBodyNode ----------------------------- +// ------------------------------ FunctionNode ----------------------------- -void FunctionBodyNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) +void FunctionNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { + if (generator.vm()->typeProfiler()) { + // If the parameter list is non simple one, it is handled in bindValue's code. + if (m_parameters->isSimpleParameterList()) { + for (size_t i = 0; i < m_parameters->size(); i++) { + BindingNode* bindingNode = static_cast<BindingNode*>(m_parameters->at(i).first); + RegisterID reg(CallFrame::argumentOffset(i)); + generator.emitProfileType(®, ProfileTypeBytecodeFunctionArgument, bindingNode->divotStart(), bindingNode->divotEnd()); + } + } + } + + generator.emitProfileControlFlow(startStartOffset()); generator.emitDebugHook(DidEnterCallFrame, startLine(), startStartOffset(), startLineStartOffset()); - emitStatementsBytecode(generator, generator.ignoredResult()); - StatementNode* singleStatement = this->singleStatement(); - ReturnNode* returnNode = 0; + switch (generator.parseMode()) { + case SourceParseMode::GeneratorWrapperFunctionMode: { + StatementNode* singleStatement = this->singleStatement(); + ASSERT(singleStatement->isExprStatement()); + ExprStatementNode* exprStatement = static_cast<ExprStatementNode*>(singleStatement); + ExpressionNode* expr = exprStatement->expr(); + ASSERT(expr->isFuncExprNode()); + FuncExprNode* funcExpr = static_cast<FuncExprNode*>(expr); + + RefPtr<RegisterID> next = generator.newTemporary(); + generator.emitNode(next.get(), funcExpr); + + if (generator.superBinding() == SuperBinding::Needed) { + RefPtr<RegisterID> homeObject = emitHomeObjectForCallee(generator); + emitPutHomeObject(generator, next.get(), homeObject.get()); + } + + generator.emitPutGeneratorFields(next.get()); - // Check for a return statement at the end of a function composed of a single block. - if (singleStatement && singleStatement->isBlock()) { - StatementNode* lastStatementInBlock = static_cast<BlockNode*>(singleStatement)->lastStatement(); - if (lastStatementInBlock && lastStatementInBlock->isReturnNode()) - returnNode = static_cast<ReturnNode*>(lastStatementInBlock); + ASSERT(startOffset() >= lineStartOffset()); + generator.emitDebugHook(WillLeaveCallFrame, lastLine(), startOffset(), lineStartOffset()); + generator.emitReturn(generator.generatorRegister()); + break; } - // If there is no return we must automatically insert one. - if (!returnNode) { - RegisterID* r0 = generator.isConstructor() ? generator.thisRegister() : generator.emitLoad(0, jsUndefined()); + case SourceParseMode::AsyncFunctionMode: + case SourceParseMode::AsyncMethodMode: + case SourceParseMode::AsyncArrowFunctionMode: { + StatementNode* singleStatement = this->singleStatement(); + ASSERT(singleStatement->isExprStatement()); + ExprStatementNode* exprStatement = static_cast<ExprStatementNode*>(singleStatement); + ExpressionNode* expr = exprStatement->expr(); + ASSERT(expr->isFuncExprNode()); + FuncExprNode* funcExpr = static_cast<FuncExprNode*>(expr); + + RefPtr<RegisterID> next = generator.newTemporary(); + generator.emitNode(next.get(), funcExpr); + + if (generator.superBinding() == SuperBinding::Needed || (generator.parseMode() == SourceParseMode::AsyncArrowFunctionMode && generator.isSuperUsedInInnerArrowFunction())) { + RefPtr<RegisterID> homeObject = emitHomeObjectForCallee(generator); + emitPutHomeObject(generator, next.get(), homeObject.get()); + } + + if (generator.parseMode() == SourceParseMode::AsyncArrowFunctionMode && generator.isThisUsedInInnerArrowFunction()) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); + + generator.emitPutGeneratorFields(next.get()); + ASSERT(startOffset() >= lineStartOffset()); generator.emitDebugHook(WillLeaveCallFrame, lastLine(), startOffset(), lineStartOffset()); - generator.emitReturn(r0); - return; + + // load and call @asyncFunctionResume + auto var = generator.variable(generator.propertyNames().builtinNames().asyncFunctionResumePrivateName()); + RefPtr<RegisterID> scope = generator.newTemporary(); + generator.moveToDestinationIfNeeded(scope.get(), generator.emitResolveScope(scope.get(), var)); + RefPtr<RegisterID> asyncFunctionResume = generator.emitGetFromScope(generator.newTemporary(), scope.get(), var, ThrowIfNotFound); + + CallArguments args(generator, nullptr, 4); + unsigned argumentCount = 0; + generator.emitLoad(args.thisRegister(), jsUndefined()); + generator.emitMove(args.argumentRegister(argumentCount++), generator.generatorRegister()); + generator.emitMove(args.argumentRegister(argumentCount++), generator.promiseCapabilityRegister()); + generator.emitLoad(args.argumentRegister(argumentCount++), jsUndefined()); + generator.emitLoad(args.argumentRegister(argumentCount++), jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::NormalMode))); + // JSTextPosition(int _line, int _offset, int _lineStartOffset) + JSTextPosition divot(firstLine(), startOffset(), lineStartOffset()); + + RefPtr<RegisterID> result = generator.newTemporary(); + generator.emitCallInTailPosition(result.get(), asyncFunctionResume.get(), NoExpectedFunction, args, divot, divot, divot, DebuggableCall::No); + generator.emitReturn(result.get()); + break; } - // If there is a return statment, and it is the only statement in the function, check if this is a numeric compare. - if (static_cast<BlockNode*>(singleStatement)->singleStatement()) { - ExpressionNode* returnValueExpression = returnNode->value(); - if (returnValueExpression && returnValueExpression->isSubtract()) { - ExpressionNode* lhsExpression = static_cast<SubNode*>(returnValueExpression)->lhs(); - ExpressionNode* rhsExpression = static_cast<SubNode*>(returnValueExpression)->rhs(); - if (lhsExpression->isResolveNode() - && rhsExpression->isResolveNode() - && generator.isArgumentNumber(static_cast<ResolveNode*>(lhsExpression)->identifier(), 0) - && generator.isArgumentNumber(static_cast<ResolveNode*>(rhsExpression)->identifier(), 1)) { - - generator.setIsNumericCompareFunction(true); - } + case SourceParseMode::AsyncArrowFunctionBodyMode: + case SourceParseMode::AsyncFunctionBodyMode: + case SourceParseMode::GeneratorBodyMode: { + Ref<Label> generatorBodyLabel = generator.newLabel(); + { + RefPtr<RegisterID> condition = generator.newTemporary(); + generator.emitEqualityOp(op_stricteq, condition.get(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::NormalMode)))); + generator.emitJumpIfTrue(condition.get(), generatorBodyLabel.get()); + + Ref<Label> throwLabel = generator.newLabel(); + generator.emitEqualityOp(op_stricteq, condition.get(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::ThrowMode)))); + generator.emitJumpIfTrue(condition.get(), throwLabel.get()); + + generator.emitReturn(generator.generatorValueRegister()); + + generator.emitLabel(throwLabel.get()); + generator.emitThrow(generator.generatorValueRegister()); } + + generator.emitLabel(generatorBodyLabel.get()); + + emitStatementsBytecode(generator, generator.ignoredResult()); + + Ref<Label> done = generator.newLabel(); + generator.emitLabel(done.get()); + generator.emitReturn(generator.emitLoad(nullptr, jsUndefined())); + break; + } + + default: { + emitStatementsBytecode(generator, generator.ignoredResult()); + + StatementNode* singleStatement = this->singleStatement(); + ReturnNode* returnNode = 0; + + // Check for a return statement at the end of a function composed of a single block. + if (singleStatement && singleStatement->isBlock()) { + StatementNode* lastStatementInBlock = static_cast<BlockNode*>(singleStatement)->lastStatement(); + if (lastStatementInBlock && lastStatementInBlock->isReturnNode()) + returnNode = static_cast<ReturnNode*>(lastStatementInBlock); + } + + // If there is no return we must automatically insert one. + if (!returnNode) { + if (generator.constructorKind() == ConstructorKind::Extends && generator.needsToUpdateArrowFunctionContext() && generator.isSuperCallUsedInInnerArrowFunction()) + generator.emitLoadThisFromArrowFunctionLexicalEnvironment(); // Arrow function can invoke 'super' in constructor and before leave constructor we need load 'this' from lexical arrow function environment + + RegisterID* r0 = generator.isConstructor() ? generator.thisRegister() : generator.emitLoad(0, jsUndefined()); + generator.emitProfileType(r0, ProfileTypeBytecodeFunctionReturnStatement); // Do not emit expression info for this profile because it's not in the user's source code. + ASSERT(startOffset() >= lineStartOffset()); + generator.emitWillLeaveCallFrameDebugHook(); + generator.emitReturn(r0); + return; + } + break; + } } } // ------------------------------ FuncDeclNode --------------------------------- -void FuncDeclNode::emitBytecode(BytecodeGenerator&, RegisterID*) +void FuncDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID*) { + generator.hoistSloppyModeFunctionIfNecessary(metadata()->ident()); } // ------------------------------ FuncExprNode --------------------------------- @@ -2328,9 +3624,217 @@ RegisterID* FuncExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* { return generator.emitNewFunctionExpression(generator.finalDestination(dst), this); } - -// ------------------------------ DeconstructingAssignmentNode ----------------- -RegisterID* DeconstructingAssignmentNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) + +// ------------------------------ ArrowFuncExprNode --------------------------------- + +RegisterID* ArrowFuncExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + return generator.emitNewArrowFunctionExpression(generator.finalDestination(dst), this); +} + +// ------------------------------ MethodDefinitionNode --------------------------------- + +RegisterID* MethodDefinitionNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + return generator.emitNewMethodDefinition(generator.finalDestination(dst), this); +} + +// ------------------------------ YieldExprNode -------------------------------- + +RegisterID* YieldExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!delegate()) { + RefPtr<RegisterID> arg = nullptr; + if (argument()) { + arg = generator.newTemporary(); + generator.emitNode(arg.get(), argument()); + } else + arg = generator.emitLoad(nullptr, jsUndefined()); + RefPtr<RegisterID> value = generator.emitYield(arg.get()); + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitMove(generator.finalDestination(dst), value.get()); + } + RefPtr<RegisterID> arg = generator.newTemporary(); + generator.emitNode(arg.get(), argument()); + RefPtr<RegisterID> value = generator.emitDelegateYield(arg.get(), this); + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitMove(generator.finalDestination(dst), value.get()); +} + +// ------------------------------ AwaitExprNode -------------------------------- + +RegisterID* AwaitExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + RefPtr<RegisterID> arg = generator.newTemporary(); + generator.emitNode(arg.get(), argument()); + RefPtr<RegisterID> value = generator.emitYield(arg.get()); + if (dst == generator.ignoredResult()) + return nullptr; + return generator.emitMove(generator.finalDestination(dst), value.get()); +} + +// ------------------------------ ClassDeclNode --------------------------------- + +void ClassDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + generator.emitNode(dst, m_classDeclaration); +} + +// ------------------------------ ClassExprNode --------------------------------- + +RegisterID* ClassExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + if (!m_name.isNull()) + generator.pushLexicalScope(this, BytecodeGenerator::TDZCheckOptimization::Optimize, BytecodeGenerator::NestedScopeType::IsNested); + + RefPtr<RegisterID> superclass; + if (m_classHeritage) { + superclass = generator.newTemporary(); + generator.emitNode(superclass.get(), m_classHeritage); + } + + RefPtr<RegisterID> constructor; + bool needsHomeObject = false; + + // FIXME: Make the prototype non-configurable & non-writable. + if (m_constructorExpression) { + ASSERT(m_constructorExpression->isFuncExprNode()); + FunctionMetadataNode* metadata = static_cast<FuncExprNode*>(m_constructorExpression)->metadata(); + metadata->setEcmaName(ecmaName()); + metadata->setClassSource(m_classSource); + constructor = generator.emitNode(dst, m_constructorExpression); + if (m_classHeritage) { + needsHomeObject = true; + RefPtr<RegisterID> isDerivedConstructor = generator.newTemporary(); + generator.emitUnaryOp(op_not, isDerivedConstructor.get(), + generator.emitUnaryOp(op_eq_null, isDerivedConstructor.get(), superclass.get())); + generator.emitDirectPutById(constructor.get(), generator.propertyNames().builtinNames().isDerivedConstructorPrivateName(), isDerivedConstructor.get(), PropertyNode::Unknown); + } else if (metadata->superBinding() == SuperBinding::Needed) + needsHomeObject = true; + } else { + if (m_classHeritage) { + constructor = generator.finalDestination(dst); + RefPtr<RegisterID> tempRegister = generator.newTemporary(); + Ref<Label> superclassIsNullLabel = generator.newLabel(); + Ref<Label> done = generator.newLabel(); + + generator.emitJumpIfTrue(generator.emitUnaryOp(op_eq_null, tempRegister.get(), superclass.get()), superclassIsNullLabel.get()); + generator.emitNewDefaultConstructor(constructor.get(), ConstructorKind::Extends, m_name, ecmaName(), m_classSource); + generator.emitLoad(tempRegister.get(), jsBoolean(true)); + generator.emitJump(done.get()); + generator.emitLabel(superclassIsNullLabel.get()); + generator.emitNewDefaultConstructor(constructor.get(), ConstructorKind::Base, m_name, ecmaName(), m_classSource); + generator.emitLoad(tempRegister.get(), jsBoolean(false)); + generator.emitLabel(done.get()); + generator.emitDirectPutById(constructor.get(), generator.propertyNames().builtinNames().isDerivedConstructorPrivateName(), tempRegister.get(), PropertyNode::Unknown); + } else { + constructor = generator.emitNewDefaultConstructor(generator.finalDestination(dst), + ConstructorKind::Base, m_name, ecmaName(), m_classSource); + } + } + + const auto& propertyNames = generator.propertyNames(); + RefPtr<RegisterID> prototype = generator.emitNewObject(generator.newTemporary()); + + if (superclass) { + RefPtr<RegisterID> protoParent = generator.newTemporary(); + generator.emitLoad(protoParent.get(), jsNull()); + + RefPtr<RegisterID> tempRegister = generator.newTemporary(); + + // FIXME: Throw TypeError if it's a generator function. + Ref<Label> superclassIsUndefinedLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitIsUndefined(tempRegister.get(), superclass.get()), superclassIsUndefinedLabel.get()); + + Ref<Label> superclassIsNullLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitUnaryOp(op_eq_null, tempRegister.get(), superclass.get()), superclassIsNullLabel.get()); + + Ref<Label> superclassIsObjectLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitIsObject(tempRegister.get(), superclass.get()), superclassIsObjectLabel.get()); + generator.emitLabel(superclassIsUndefinedLabel.get()); + generator.emitThrowTypeError(ASCIILiteral("The superclass is not an object.")); + generator.emitLabel(superclassIsObjectLabel.get()); + generator.emitGetById(protoParent.get(), superclass.get(), generator.propertyNames().prototype); + + Ref<Label> protoParentIsObjectOrNullLabel = generator.newLabel(); + generator.emitJumpIfTrue(generator.emitUnaryOp(op_is_object_or_null, tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get()); + generator.emitJumpIfTrue(generator.emitUnaryOp(op_is_function, tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get()); + generator.emitThrowTypeError(ASCIILiteral("The value of the superclass's prototype property is not an object.")); + generator.emitLabel(protoParentIsObjectOrNullLabel.get()); + + generator.emitDirectPutById(constructor.get(), generator.propertyNames().underscoreProto, superclass.get(), PropertyNode::Unknown); + generator.emitLabel(superclassIsNullLabel.get()); + generator.emitDirectPutById(prototype.get(), generator.propertyNames().underscoreProto, protoParent.get(), PropertyNode::Unknown); + } + + if (needsHomeObject) + emitPutHomeObject(generator, constructor.get(), prototype.get()); + + RefPtr<RegisterID> constructorNameRegister = generator.emitLoad(nullptr, propertyNames.constructor); + generator.emitCallDefineProperty(prototype.get(), constructorNameRegister.get(), constructor.get(), nullptr, nullptr, + BytecodeGenerator::PropertyConfigurable | BytecodeGenerator::PropertyWritable, m_position); + + RefPtr<RegisterID> prototypeNameRegister = generator.emitLoad(nullptr, propertyNames.prototype); + generator.emitCallDefineProperty(constructor.get(), prototypeNameRegister.get(), prototype.get(), nullptr, nullptr, 0, m_position); + + if (m_staticMethods) + generator.emitNode(constructor.get(), m_staticMethods); + + if (m_instanceMethods) + generator.emitNode(prototype.get(), m_instanceMethods); + + if (!m_name.isNull()) { + Variable classNameVar = generator.variable(m_name); + RELEASE_ASSERT(classNameVar.isResolved()); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, classNameVar); + generator.emitPutToScope(scope.get(), classNameVar, constructor.get(), ThrowIfNotFound, InitializationMode::Initialization); + generator.popLexicalScope(this); + } + + return generator.moveToDestinationIfNeeded(dst, constructor.get()); +} + +// ------------------------------ ImportDeclarationNode ----------------------- + +void ImportDeclarationNode::emitBytecode(BytecodeGenerator&, RegisterID*) +{ + // Do nothing at runtime. +} + +// ------------------------------ ExportAllDeclarationNode -------------------- + +void ExportAllDeclarationNode::emitBytecode(BytecodeGenerator&, RegisterID*) +{ + // Do nothing at runtime. +} + +// ------------------------------ ExportDefaultDeclarationNode ---------------- + +void ExportDefaultDeclarationNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(m_declaration); + generator.emitNode(dst, m_declaration); +} + +// ------------------------------ ExportLocalDeclarationNode ------------------ + +void ExportLocalDeclarationNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) +{ + ASSERT(m_declaration); + generator.emitNode(dst, m_declaration); +} + +// ------------------------------ ExportNamedDeclarationNode ------------------ + +void ExportNamedDeclarationNode::emitBytecode(BytecodeGenerator&, RegisterID*) +{ + // Do nothing at runtime. +} + +// ------------------------------ DestructuringAssignmentNode ----------------- +RegisterID* DestructuringAssignmentNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { if (RegisterID* result = m_bindings->emitDirectBinding(generator, dst, m_initializer)) return result; @@ -2340,67 +3844,133 @@ RegisterID* DeconstructingAssignmentNode::emitBytecode(BytecodeGenerator& genera return generator.moveToDestinationIfNeeded(dst, initializer.get()); } -DeconstructionPatternNode::~DeconstructionPatternNode() +static void assignDefaultValueIfUndefined(BytecodeGenerator& generator, RegisterID* maybeUndefined, ExpressionNode* defaultValue) { + ASSERT(defaultValue); + Ref<Label> isNotUndefined = generator.newLabel(); + generator.emitJumpIfFalse(generator.emitIsUndefined(generator.newTemporary(), maybeUndefined), isNotUndefined.get()); + generator.emitNode(maybeUndefined, defaultValue); + generator.emitLabel(isNotUndefined.get()); } - + void ArrayPatternNode::bindValue(BytecodeGenerator& generator, RegisterID* rhs) const { - for (size_t i = 0; i < m_targetPatterns.size(); i++) { - auto target = m_targetPatterns[i]; - if (!target) - continue; - RefPtr<RegisterID> temp = generator.newTemporary(); - generator.emitLoad(temp.get(), jsNumber(i)); - generator.emitGetByVal(temp.get(), rhs, temp.get()); - target->bindValue(generator, temp.get()); + RefPtr<RegisterID> iterator = generator.newTemporary(); + { + generator.emitGetById(iterator.get(), rhs, generator.propertyNames().iteratorSymbol); + CallArguments args(generator, nullptr); + generator.emitMove(args.thisRegister(), rhs); + generator.emitCall(iterator.get(), iterator.get(), NoExpectedFunction, args, divot(), divotStart(), divotEnd(), DebuggableCall::No); } + + if (m_targetPatterns.isEmpty()) { + generator.emitIteratorClose(iterator.get(), this); + return; + } + + RefPtr<RegisterID> done; + for (auto& target : m_targetPatterns) { + switch (target.bindingType) { + case BindingType::Elision: + case BindingType::Element: { + Ref<Label> iterationSkipped = generator.newLabel(); + if (!done) + done = generator.newTemporary(); + else + generator.emitJumpIfTrue(done.get(), iterationSkipped.get()); + + RefPtr<RegisterID> value = generator.newTemporary(); + generator.emitIteratorNext(value.get(), iterator.get(), this); + generator.emitGetById(done.get(), value.get(), generator.propertyNames().done); + generator.emitJumpIfTrue(done.get(), iterationSkipped.get()); + generator.emitGetById(value.get(), value.get(), generator.propertyNames().value); + + { + Ref<Label> valueIsSet = generator.newLabel(); + generator.emitJump(valueIsSet.get()); + generator.emitLabel(iterationSkipped.get()); + generator.emitLoad(value.get(), jsUndefined()); + generator.emitLabel(valueIsSet.get()); + } + + if (target.bindingType == BindingType::Element) { + if (target.defaultValue) + assignDefaultValueIfUndefined(generator, value.get(), target.defaultValue); + target.pattern->bindValue(generator, value.get()); + } + break; + } + + case BindingType::RestElement: { + RefPtr<RegisterID> array = generator.emitNewArray(generator.newTemporary(), 0, 0); + + Ref<Label> iterationDone = generator.newLabel(); + if (!done) + done = generator.newTemporary(); + else + generator.emitJumpIfTrue(done.get(), iterationDone.get()); + + RefPtr<RegisterID> index = generator.newTemporary(); + generator.emitLoad(index.get(), jsNumber(0)); + Ref<Label> loopStart = generator.newLabel(); + generator.emitLabel(loopStart.get()); + + RefPtr<RegisterID> value = generator.newTemporary(); + generator.emitIteratorNext(value.get(), iterator.get(), this); + generator.emitGetById(done.get(), value.get(), generator.propertyNames().done); + generator.emitJumpIfTrue(done.get(), iterationDone.get()); + generator.emitGetById(value.get(), value.get(), generator.propertyNames().value); + + generator.emitDirectPutByVal(array.get(), index.get(), value.get()); + generator.emitInc(index.get()); + generator.emitJump(loopStart.get()); + + generator.emitLabel(iterationDone.get()); + target.pattern->bindValue(generator, array.get()); + break; + } + } + } + + Ref<Label> iteratorClosed = generator.newLabel(); + generator.emitJumpIfTrue(done.get(), iteratorClosed.get()); + generator.emitIteratorClose(iterator.get(), this); + generator.emitLabel(iteratorClosed.get()); } RegisterID* ArrayPatternNode::emitDirectBinding(BytecodeGenerator& generator, RegisterID* dst, ExpressionNode* rhs) { - if (rhs->isResolveNode() - && generator.willResolveToArguments(static_cast<ResolveNode*>(rhs)->identifier()) - && !generator.symbolTable().slowArguments()) { - for (size_t i = 0; i < m_targetPatterns.size(); i++) { - auto target = m_targetPatterns[i]; - if (!target) - continue; - - RefPtr<RegisterID> temp = generator.newTemporary(); - generator.emitLoad(temp.get(), jsNumber(i)); - generator.emitGetArgumentByVal(temp.get(), generator.uncheckedRegisterForArguments(), temp.get()); - target->bindValue(generator, temp.get()); - } - if (dst == generator.ignoredResult() || !dst) - return generator.emitLoad(generator.finalDestination(dst), jsUndefined()); - Local local = generator.local(generator.vm()->propertyNames->arguments); - return generator.moveToDestinationIfNeeded(dst, local.get()); - } if (!rhs->isSimpleArray()) - return 0; + return nullptr; + + ElementNode* elementNodes = static_cast<ArrayNode*>(rhs)->elements(); + Vector<ExpressionNode*> elements; + for (; elementNodes; elementNodes = elementNodes->next()) { + ExpressionNode* value = elementNodes->value(); + if (value->isSpreadExpression()) + return nullptr; + elements.append(value); + } RefPtr<RegisterID> resultRegister; if (dst && dst != generator.ignoredResult()) resultRegister = generator.emitNewArray(generator.newTemporary(), 0, 0); - ElementNode* elementNodes = static_cast<ArrayNode*>(rhs)->elements(); - Vector<ExpressionNode*> elements; - for (; elementNodes; elementNodes = elementNodes->next()) - elements.append(elementNodes->value()); if (m_targetPatterns.size() != elements.size()) - return 0; + return nullptr; Vector<RefPtr<RegisterID>> registers; registers.reserveCapacity(m_targetPatterns.size()); for (size_t i = 0; i < m_targetPatterns.size(); i++) { registers.uncheckedAppend(generator.newTemporary()); generator.emitNode(registers.last().get(), elements[i]); + if (m_targetPatterns[i].defaultValue) + assignDefaultValueIfUndefined(generator, registers.last().get(), m_targetPatterns[i].defaultValue); if (resultRegister) generator.emitPutByIndex(resultRegister.get(), i, registers.last().get()); } for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (m_targetPatterns[i]) - m_targetPatterns[i]->bindValue(generator, registers[i].get()); + if (m_targetPatterns[i].pattern) + m_targetPatterns[i].pattern->bindValue(generator, registers[i].get()); } if (resultRegister) return generator.moveToDestinationIfNeeded(dst, resultRegister.get()); @@ -2411,13 +3981,24 @@ void ArrayPatternNode::toString(StringBuilder& builder) const { builder.append('['); for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (!m_targetPatterns[i]) { + const auto& target = m_targetPatterns[i]; + + switch (target.bindingType) { + case BindingType::Elision: builder.append(','); - continue; + break; + + case BindingType::Element: + target.pattern->toString(builder); + if (i < m_targetPatterns.size() - 1) + builder.append(','); + break; + + case BindingType::RestElement: + builder.appendLiteral("..."); + target.pattern->toString(builder); + break; } - m_targetPatterns[i]->toString(builder); - if (i < m_targetPatterns.size() - 1) - builder.append(','); } builder.append(']'); } @@ -2425,7 +4006,7 @@ void ArrayPatternNode::toString(StringBuilder& builder) const void ArrayPatternNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) const { for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (DeconstructionPatternNode* node = m_targetPatterns[i].get()) + if (DestructuringPatternNode* node = m_targetPatterns[i].pattern) node->collectBoundIdentifiers(identifiers); } } @@ -2434,13 +4015,11 @@ void ObjectPatternNode::toString(StringBuilder& builder) const { builder.append('{'); for (size_t i = 0; i < m_targetPatterns.size(); i++) { - if (m_targetPatterns[i].wasString) { - builder.append('"'); - escapeStringToBuilder(builder, m_targetPatterns[i].propertyName.string()); - builder.append('"'); - } else + if (m_targetPatterns[i].wasString) + builder.appendQuotedJSONString(m_targetPatterns[i].propertyName.string()); + else builder.append(m_targetPatterns[i].propertyName.string()); - builder.append(":"); + builder.append(':'); m_targetPatterns[i].pattern->toString(builder); if (i < m_targetPatterns.size() - 1) builder.append(','); @@ -2450,10 +4029,25 @@ void ObjectPatternNode::toString(StringBuilder& builder) const void ObjectPatternNode::bindValue(BytecodeGenerator& generator, RegisterID* rhs) const { - for (size_t i = 0; i < m_targetPatterns.size(); i++) { - auto& target = m_targetPatterns[i]; + generator.emitRequireObjectCoercible(rhs, ASCIILiteral("Right side of assignment cannot be destructured")); + for (const auto& target : m_targetPatterns) { RefPtr<RegisterID> temp = generator.newTemporary(); - generator.emitGetById(temp.get(), rhs, target.propertyName); + if (!target.propertyExpression) { + // Should not emit get_by_id for indexed ones. + std::optional<uint32_t> optionalIndex = parseIndex(target.propertyName); + if (!optionalIndex) + generator.emitGetById(temp.get(), rhs, target.propertyName); + else { + RefPtr<RegisterID> index = generator.emitLoad(nullptr, jsNumber(optionalIndex.value())); + generator.emitGetByVal(temp.get(), rhs, index.get()); + } + } else { + RefPtr<RegisterID> propertyName = generator.emitNode(target.propertyExpression); + generator.emitGetByVal(temp.get(), rhs, propertyName.get()); + } + + if (target.defaultValue) + assignDefaultValueIfUndefined(generator, temp.get(), target.defaultValue); target.pattern->bindValue(generator, temp.get()); } } @@ -2466,19 +4060,35 @@ void ObjectPatternNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) void BindingNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const { - if (Local local = generator.local(m_boundProperty)) { - if (local.isReadOnly()) { - generator.emitReadOnlyExceptionIfNeeded(); + Variable var = generator.variable(m_boundProperty); + bool isReadOnly = var.isReadOnly() && m_bindingContext != AssignmentContext::ConstDeclarationStatement; + if (RegisterID* local = var.local()) { + if (m_bindingContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, local, nullptr); + if (isReadOnly) { + generator.emitReadOnlyExceptionIfNeeded(var); return; } - generator.emitMove(local.get(), value); + generator.emitMove(local, value); + generator.emitProfileType(local, var, divotStart(), divotEnd()); + if (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); return; } if (generator.isStrictMode()) generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); - RegisterID* scope = generator.emitResolveScope(generator.newTemporary(), m_boundProperty); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); - generator.emitPutToScope(scope, m_boundProperty, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound); + if (m_bindingContext == AssignmentContext::AssignmentExpression) + generator.emitTDZCheckIfNecessary(var, nullptr, scope.get()); + if (isReadOnly) { + generator.emitReadOnlyExceptionIfNeeded(var); + return; + } + generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_bindingContext)); + generator.emitProfileType(value, var, divotStart(), divotEnd()); + if (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement) + generator.liftTDZCheckIfPossible(var); return; } @@ -2491,7 +4101,97 @@ void BindingNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) const { identifiers.append(m_boundProperty); } - + +void AssignmentElementNode::collectBoundIdentifiers(Vector<Identifier>&) const +{ +} + +void AssignmentElementNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const +{ + if (m_assignmentTarget->isResolveNode()) { + ResolveNode* lhs = static_cast<ResolveNode*>(m_assignmentTarget); + Variable var = generator.variable(lhs->identifier()); + bool isReadOnly = var.isReadOnly(); + if (RegisterID* local = var.local()) { + generator.emitTDZCheckIfNecessary(var, local, nullptr); + + if (isReadOnly) + generator.emitReadOnlyExceptionIfNeeded(var); + else { + generator.invalidateForInContextForLocal(local); + generator.moveToDestinationIfNeeded(local, value); + generator.emitProfileType(local, divotStart(), divotEnd()); + } + return; + } + if (generator.isStrictMode()) + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + RefPtr<RegisterID> scope = generator.emitResolveScope(nullptr, var); + generator.emitTDZCheckIfNecessary(var, nullptr, scope.get()); + if (isReadOnly) { + bool threwException = generator.emitReadOnlyExceptionIfNeeded(var); + if (threwException) + return; + } + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + if (!isReadOnly) { + generator.emitPutToScope(scope.get(), var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, InitializationMode::NotInitialization); + generator.emitProfileType(value, var, divotStart(), divotEnd()); + } + } else if (m_assignmentTarget->isDotAccessorNode()) { + DotAccessorNode* lhs = static_cast<DotAccessorNode*>(m_assignmentTarget); + RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(lhs->base(), true, false); + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + if (lhs->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutById(base.get(), thisValue.get(), lhs->identifier(), value); + } else + generator.emitPutById(base.get(), lhs->identifier(), value); + generator.emitProfileType(value, divotStart(), divotEnd()); + } else if (m_assignmentTarget->isBracketAccessorNode()) { + BracketAccessorNode* lhs = static_cast<BracketAccessorNode*>(m_assignmentTarget); + RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(lhs->base(), true, false); + RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(lhs->subscript(), true, false); + generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); + if (lhs->base()->isSuperNode()) { + RefPtr<RegisterID> thisValue = generator.ensureThis(); + generator.emitPutByVal(base.get(), thisValue.get(), property.get(), value); + } else + generator.emitPutByVal(base.get(), property.get(), value); + generator.emitProfileType(value, divotStart(), divotEnd()); + } +} + +void AssignmentElementNode::toString(StringBuilder& builder) const +{ + if (m_assignmentTarget->isResolveNode()) + builder.append(static_cast<ResolveNode*>(m_assignmentTarget)->identifier().string()); +} + +void RestParameterNode::collectBoundIdentifiers(Vector<Identifier>& identifiers) const +{ + m_pattern->collectBoundIdentifiers(identifiers); +} + +void RestParameterNode::toString(StringBuilder& builder) const +{ + builder.appendLiteral("..."); + m_pattern->toString(builder); +} + +void RestParameterNode::bindValue(BytecodeGenerator&, RegisterID*) const +{ + RELEASE_ASSERT_NOT_REACHED(); +} + +void RestParameterNode::emit(BytecodeGenerator& generator) +{ + RefPtr<RegisterID> temp = generator.newTemporary(); + generator.emitRestParameter(temp.get(), m_numParametersToSkip); + m_pattern->bindValue(generator, temp.get()); +} + + RegisterID* SpreadExpressionNode::emitBytecode(BytecodeGenerator&, RegisterID*) { RELEASE_ASSERT_NOT_REACHED(); |