diff options
Diffstat (limited to 'Source/JavaScriptCore/llint/LLIntSlowPaths.cpp')
| -rw-r--r-- | Source/JavaScriptCore/llint/LLIntSlowPaths.cpp | 1176 |
1 files changed, 731 insertions, 445 deletions
diff --git a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp index b2a7b8ea1..80d164083 100644 --- a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp +++ b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011, 2012, 2013 Apple Inc. All rights reserved. + * Copyright (C) 2011-2016 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -26,48 +26,63 @@ #include "config.h" #include "LLIntSlowPaths.h" -#if ENABLE(LLINT) - -#include "Arguments.h" #include "ArrayConstructor.h" #include "CallFrame.h" #include "CommonSlowPaths.h" #include "CommonSlowPathsExceptions.h" +#include "Error.h" +#include "ErrorHandlingScope.h" +#include "EvalCodeBlock.h" +#include "Exception.h" +#include "ExceptionFuzz.h" +#include "FunctionCodeBlock.h" +#include "FunctionWhitelist.h" #include "GetterSetter.h" #include "HostCallReturnValue.h" #include "Interpreter.h" +#include "IteratorOperations.h" #include "JIT.h" #include "JITExceptions.h" -#include "JSActivation.h" +#include "JITWorklist.h" +#include "JSAsyncFunction.h" +#include "JSCInlines.h" #include "JSCJSValue.h" +#include "JSGeneratorFunction.h" #include "JSGlobalObjectFunctions.h" -#include "JSNameScope.h" -#include "JSPropertyNameIterator.h" -#include "JSStackInlines.h" +#include "JSLexicalEnvironment.h" #include "JSString.h" #include "JSWithScope.h" #include "LLIntCommon.h" +#include "LLIntData.h" #include "LLIntExceptions.h" #include "LowLevelInterpreter.h" +#include "ModuleProgramCodeBlock.h" #include "ObjectConstructor.h" -#include "Operations.h" +#include "ObjectPropertyConditionSet.h" +#include "ProgramCodeBlock.h" +#include "ProtoCallFrame.h" +#include "RegExpObject.h" +#include "ShadowChicken.h" #include "StructureRareDataInlines.h" +#include "VMInlines.h" +#include <wtf/NeverDestroyed.h> #include <wtf/StringPrintStream.h> namespace JSC { namespace LLInt { #define LLINT_BEGIN_NO_SET_PC() \ VM& vm = exec->vm(); \ - NativeCallFrameTracer tracer(&vm, exec) + NativeCallFrameTracer tracer(&vm, exec); \ + auto throwScope = DECLARE_THROW_SCOPE(vm) #ifndef NDEBUG #define LLINT_SET_PC_FOR_STUBS() do { \ exec->codeBlock()->bytecodeOffset(pc); \ - exec->setCurrentVPC(pc + 1); \ + exec->setCurrentVPC(pc); \ } while (false) #else #define LLINT_SET_PC_FOR_STUBS() do { \ - exec->setCurrentVPC(pc + 1); \ + exec->setCurrentVPC(pc); \ } while (false) #endif @@ -82,16 +97,17 @@ namespace JSC { namespace LLInt { return encodeResult(first, second); \ } while (false) -#define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, exec) +#define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, 0) #define LLINT_THROW(exceptionToThrow) do { \ - vm.throwException(exec, exceptionToThrow); \ + throwException(exec, throwScope, exceptionToThrow); \ pc = returnToThrow(exec); \ LLINT_END_IMPL(); \ } while (false) #define LLINT_CHECK_EXCEPTION() do { \ - if (UNLIKELY(vm.exception())) { \ + doExceptionFuzzingIfEnabled(exec, throwScope, "LLIntSlowPaths", pc); \ + if (UNLIKELY(throwScope.exception())) { \ pc = returnToThrow(exec); \ LLINT_END_IMPL(); \ } \ @@ -119,6 +135,14 @@ namespace JSC { namespace LLInt { LLINT_END_IMPL(); \ } while (false) +#define LLINT_RETURN_WITH_PC_ADJUSTMENT(value, pcAdjustment) do { \ + JSValue __r_returnValue = (value); \ + LLINT_CHECK_EXCEPTION(); \ + LLINT_OP(1) = __r_returnValue; \ + pc += (pcAdjustment); \ + LLINT_END_IMPL(); \ + } while (false) + #define LLINT_RETURN_PROFILED(opcode, value) do { \ JSValue __rp_returnValue = (value); \ LLINT_CHECK_EXCEPTION(); \ @@ -136,23 +160,31 @@ namespace JSC { namespace LLInt { #define LLINT_CALL_THROW(exec, exceptionToThrow) do { \ ExecState* __ct_exec = (exec); \ - vm.throwException(__ct_exec, exceptionToThrow); \ - LLINT_CALL_END_IMPL(__ct_exec, callToThrow(__ct_exec)); \ + throwException(__ct_exec, throwScope, exceptionToThrow); \ + LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec)); \ } while (false) -#define LLINT_CALL_CHECK_EXCEPTION(exec) do { \ +#define LLINT_CALL_CHECK_EXCEPTION(exec, execCallee) do { \ ExecState* __cce_exec = (exec); \ - if (UNLIKELY(vm.exception())) \ - LLINT_CALL_END_IMPL(__cce_exec, callToThrow(__cce_exec)); \ + ExecState* __cce_execCallee = (execCallee); \ + doExceptionFuzzingIfEnabled(__cce_exec, throwScope, "LLIntSlowPaths/call", nullptr); \ + if (UNLIKELY(throwScope.exception())) \ + LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee)); \ } while (false) -#define LLINT_CALL_RETURN(exec, callTarget) do { \ +#define LLINT_CALL_RETURN(exec, execCallee, callTarget) do { \ ExecState* __cr_exec = (exec); \ + ExecState* __cr_execCallee = (execCallee); \ void* __cr_callTarget = (callTarget); \ - LLINT_CALL_CHECK_EXCEPTION(__cr_exec->callerFrame()); \ - LLINT_CALL_END_IMPL(__cr_exec, __cr_callTarget); \ + LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee); \ + LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget); \ } while (false) +#define LLINT_RETURN_CALLEE_FRAME(execCallee) do { \ + ExecState* __rcf_exec = (execCallee); \ + LLINT_RETURN_TWO(pc, __rcf_exec); \ + } while (false) + extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand) { LLINT_BEGIN(); @@ -195,19 +227,20 @@ extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc LLINT_SLOW_PATH_DECL(trace_prologue) { - dataLogF("%p / %p: in prologue.\n", exec->codeBlock(), exec); + dataLogF("%p / %p: in prologue of ", exec->codeBlock(), exec); + dataLog(*exec->codeBlock(), "\n"); LLINT_END_IMPL(); } static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind) { - JSFunction* callee = jsCast<JSFunction*>(exec->callee()); + JSFunction* callee = jsCast<JSFunction*>(exec->jsCallee()); FunctionExecutable* executable = callee->jsExecutable(); CodeBlock* codeBlock = executable->codeBlockFor(kind); - dataLogF("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeRegisters = %u, caller = %p.\n", - codeBlock, exec, comment, callee, executable, - codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeRegisters, - exec->callerFrame()); + dataLogF("%p / %p: in %s of ", codeBlock, exec, comment); + dataLog(*codeBlock); + dataLogF(" function %p, executable %p; numVars = %u, numParameters = %u, numCalleeLocals = %u, caller = %p.\n", + callee, executable, codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeLocals, exec->callerFrame()); } LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call) @@ -236,12 +269,15 @@ LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct) LLINT_SLOW_PATH_DECL(trace) { - dataLogF("%p / %p: executing bc#%zu, %s, scope %p, pc = %p\n", + dataLogF("%p / %p: executing bc#%zu, %s, pc = %p\n", exec->codeBlock(), exec, static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()), - opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], - exec->scope(), pc); + opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], pc); + if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) { + dataLogF("Frame will eventually return to %p\n", exec->returnPC().value()); + *bitwise_cast<volatile char*>(exec->returnPC().value()); + } if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) { dataLogF("Will be returning to %p\n", exec->returnPC().value()); dataLogF("The new cfr will be %p\n", exec->callerFrame()); @@ -263,26 +299,44 @@ LLINT_SLOW_PATH_DECL(special_trace) enum EntryKind { Prologue, ArityCheck }; #if ENABLE(JIT) -inline bool shouldJIT(ExecState* exec) +static FunctionWhitelist& ensureGlobalJITWhitelist() +{ + static LazyNeverDestroyed<FunctionWhitelist> baselineWhitelist; + static std::once_flag initializeWhitelistFlag; + std::call_once(initializeWhitelistFlag, [] { + const char* functionWhitelistFile = Options::jitWhitelist(); + baselineWhitelist.construct(functionWhitelistFile); + }); + return baselineWhitelist; +} + +inline bool shouldJIT(ExecState* exec, CodeBlock* codeBlock) { + if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionCount()) + || !ensureGlobalJITWhitelist().contains(codeBlock)) + return false; + // You can modify this to turn off JITting without rebuilding the world. return exec->vm().canUseJIT(); } // Returns true if we should try to OSR. -inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec) +inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec, unsigned loopOSREntryBytecodeOffset = 0) { VM& vm = exec->vm(); DeferGCForAWhile deferGC(vm.heap); // My callers don't set top callframe, so we don't want to GC here at all. codeBlock->updateAllValueProfilePredictions(); - + if (!codeBlock->checkIfJITThresholdReached()) { + CODEBLOCK_LOG_EVENT(codeBlock, "delayJITCompile", ("threshold not reached, counter = ", codeBlock->llintExecuteCounter())); if (Options::verboseOSR()) dataLogF(" JIT threshold should be lifted.\n"); return false; } + JITWorklist::instance()->poll(vm); + switch (codeBlock->jitType()) { case JITCode::BaselineJIT: { if (Options::verboseOSR()) @@ -291,25 +345,11 @@ inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec) return true; } case JITCode::InterpreterThunk: { - CompilationResult result = JIT::compile(&vm, codeBlock, JITCompilationCanFail); - switch (result) { - case CompilationFailed: - if (Options::verboseOSR()) - dataLogF(" JIT compilation failed.\n"); - codeBlock->dontJITAnytimeSoon(); - return false; - case CompilationSuccessful: - if (Options::verboseOSR()) - dataLogF(" JIT compilation successful.\n"); - codeBlock->install(); - codeBlock->jitSoon(); - return true; - default: - RELEASE_ASSERT_NOT_REACHED(); - return false; - } + JITWorklist::instance()->compileLater(codeBlock, loopOSREntryBytecodeOffset); + return codeBlock->jitType() == JITCode::BaselineJIT; } default: + dataLog("Unexpected code block in LLInt: ", *codeBlock, "\n"); RELEASE_ASSERT_NOT_REACHED(); return false; } @@ -323,17 +363,19 @@ static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* cod codeBlock->llintExecuteCounter(), "\n"); } - if (!shouldJIT(exec)) { + if (!shouldJIT(exec, codeBlock)) { codeBlock->dontJITAnytimeSoon(); - LLINT_RETURN_TWO(0, exec); + LLINT_RETURN_TWO(0, 0); } if (!jitCompileAndSetHeuristics(codeBlock, exec)) - LLINT_RETURN_TWO(0, exec); + LLINT_RETURN_TWO(0, 0); + + CODEBLOCK_LOG_EVENT(codeBlock, "OSR entry", ("in prologue")); if (kind == Prologue) - LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), exec); + LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), 0); ASSERT(kind == ArityCheck); - LLINT_RETURN_TWO(codeBlock->jitCodeWithArityCheck().executableAddress(), exec); + LLINT_RETURN_TWO(codeBlock->jitCode()->addressForCall(MustCheckArity).executableAddress(), 0); } #else // ENABLE(JIT) static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char*, EntryKind) @@ -350,22 +392,22 @@ LLINT_SLOW_PATH_DECL(entry_osr) LLINT_SLOW_PATH_DECL(entry_osr_function_for_call) { - return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue); + return entryOSR(exec, pc, jsCast<JSFunction*>(exec->jsCallee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue); } LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct) { - return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue); + return entryOSR(exec, pc, jsCast<JSFunction*>(exec->jsCallee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue); } LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck) { - return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck); + return entryOSR(exec, pc, jsCast<JSFunction*>(exec->jsCallee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck); } LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck) { - return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck); + return entryOSR(exec, pc, jsCast<JSFunction*>(exec->jsCallee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck); } LLINT_SLOW_PATH_DECL(loop_osr) @@ -379,14 +421,18 @@ LLINT_SLOW_PATH_DECL(loop_osr) codeBlock->llintExecuteCounter(), "\n"); } - if (!shouldJIT(exec)) { + unsigned loopOSREntryBytecodeOffset = pc - codeBlock->instructions().begin(); + + if (!shouldJIT(exec, codeBlock)) { codeBlock->dontJITAnytimeSoon(); - LLINT_RETURN_TWO(0, exec); + LLINT_RETURN_TWO(0, 0); } - if (!jitCompileAndSetHeuristics(codeBlock, exec)) - LLINT_RETURN_TWO(0, exec); + if (!jitCompileAndSetHeuristics(codeBlock, exec, loopOSREntryBytecodeOffset)) + LLINT_RETURN_TWO(0, 0); + CODEBLOCK_LOG_EVENT(codeBlock, "osrEntry", ("at bc#", pc - codeBlock->instructions().begin())); + ASSERT(codeBlock->jitType() == JITCode::BaselineJIT); Vector<BytecodeAndMachineOffset> map; @@ -398,10 +444,11 @@ LLINT_SLOW_PATH_DECL(loop_osr) void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset); ASSERT(jumpTarget); - LLINT_RETURN_TWO(jumpTarget, exec); + LLINT_RETURN_TWO(jumpTarget, exec->topOfFrame()); #else // ENABLE(JIT) + UNUSED_PARAM(pc); codeBlock->dontJITAnytimeSoon(); - LLINT_RETURN_TWO(0, exec); + LLINT_RETURN_TWO(0, 0); #endif // ENABLE(JIT) } @@ -416,7 +463,7 @@ LLINT_SLOW_PATH_DECL(replace) codeBlock->llintExecuteCounter(), "\n"); } - if (shouldJIT(exec)) + if (shouldJIT(exec, codeBlock)) jitCompileAndSetHeuristics(codeBlock, exec); else codeBlock->dontJITAnytimeSoon(); @@ -429,32 +476,48 @@ LLINT_SLOW_PATH_DECL(replace) LLINT_SLOW_PATH_DECL(stack_check) { - LLINT_BEGIN(); + VM& vm = exec->vm(); + auto throwScope = DECLARE_THROW_SCOPE(vm); + + VMEntryFrame* vmEntryFrame = vm.topVMEntryFrame; + CallFrame* callerFrame = exec->callerFrame(vmEntryFrame); + if (!callerFrame) { + callerFrame = exec; + vmEntryFrame = vm.topVMEntryFrame; + } + NativeCallFrameTracerWithRestore tracer(&vm, vmEntryFrame, callerFrame); + + LLINT_SET_PC_FOR_STUBS(); + #if LLINT_SLOW_PATH_TRACING dataLogF("Checking stack height with exec = %p.\n", exec); - dataLogF("CodeBlock = %p.\n", exec->codeBlock()); - dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeRegisters); + dataLog("CodeBlock = ", *exec->codeBlock(), "\n"); + dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeLocals); dataLogF("Num vars = %u.\n", exec->codeBlock()->m_numVars); - dataLogF("Current end is at %p.\n", exec->vm().interpreter->stack().end()); + + dataLogF("Current OS stack end is at %p.\n", vm.softStackLimit()); +#if !ENABLE(JIT) + dataLogF("Current C Loop stack end is at %p.\n", vm.cloopStackLimit()); #endif - ASSERT(!exec->vm().interpreter->stack().containsAddress(&exec->registers()[virtualRegisterForLocal(exec->codeBlock()->m_numCalleeRegisters).offset()])); - if (UNLIKELY(!vm.interpreter->stack().grow(&exec->registers()[virtualRegisterForLocal(exec->codeBlock()->m_numCalleeRegisters).offset()]))) { - exec = exec->callerFrame(); - CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec)); - pc = returnToThrowForThrownException(exec); - } - LLINT_END_IMPL(); -} -LLINT_SLOW_PATH_DECL(slow_path_create_activation) -{ - LLINT_BEGIN(); -#if LLINT_SLOW_PATH_TRACING - dataLogF("Creating an activation, exec = %p!\n", exec); #endif - JSActivation* activation = JSActivation::create(vm, exec, exec->codeBlock()); - exec->setScope(activation); - LLINT_RETURN(JSValue(activation)); + // If the stack check succeeds and we don't need to throw the error, then + // we'll return 0 instead. The prologue will check for a non-zero value + // when determining whether to set the callFrame or not. + + // For JIT enabled builds which uses the C stack, the stack is not growable. + // Hence, if we get here, then we know a stack overflow is imminent. So, just + // throw the StackOverflowError unconditionally. +#if !ENABLE(JIT) + ASSERT(!vm.interpreter->cloopStack().containsAddress(exec->topOfFrame())); + if (LIKELY(vm.ensureStackCapacityFor(exec->topOfFrame()))) + LLINT_RETURN_TWO(pc, 0); +#endif + + ErrorHandlingScope errorScope(vm); + throwStackOverflowError(callerFrame, throwScope); + pc = returnToThrow(callerFrame); + LLINT_RETURN_TWO(pc, exec); } LLINT_SLOW_PATH_DECL(slow_path_new_object) @@ -486,43 +549,110 @@ LLINT_SLOW_PATH_DECL(slow_path_new_regexp) LLINT_BEGIN(); RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand); if (!regExp->isValid()) - LLINT_THROW(createSyntaxError(exec, "Invalid flag supplied to RegExp constructor.")); + LLINT_THROW(createSyntaxError(exec, regExp->errorMessage())); LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp)); } -LLINT_SLOW_PATH_DECL(slow_path_check_has_instance) +LLINT_SLOW_PATH_DECL(slow_path_instanceof) { LLINT_BEGIN(); - JSValue value = LLINT_OP_C(2).jsValue(); - JSValue baseVal = LLINT_OP_C(3).jsValue(); - if (baseVal.isObject()) { - JSObject* baseObject = asObject(baseVal); - ASSERT(!baseObject->structure()->typeInfo().implementsDefaultHasInstance()); - if (baseObject->structure()->typeInfo().implementsHasInstance()) { - pc += pc[4].u.operand; - LLINT_RETURN(jsBoolean(baseObject->methodTable()->customHasInstance(baseObject, exec, value))); - } - } - LLINT_THROW(createInvalidParameterError(exec, "instanceof", baseVal)); + JSValue proto = LLINT_OP_C(3).jsValue(); + LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto))); } -LLINT_SLOW_PATH_DECL(slow_path_instanceof) +LLINT_SLOW_PATH_DECL(slow_path_instanceof_custom) { LLINT_BEGIN(); + JSValue value = LLINT_OP_C(2).jsValue(); - JSValue proto = LLINT_OP_C(3).jsValue(); - ASSERT(!value.isObject() || !proto.isObject()); - LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto))); + JSValue constructor = LLINT_OP_C(3).jsValue(); + JSValue hasInstanceValue = LLINT_OP_C(4).jsValue(); + + ASSERT(constructor.isObject()); + ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor.getObject()->structure()->typeInfo().implementsDefaultHasInstance()); + + JSValue result = jsBoolean(constructor.getObject()->hasInstance(exec, value, hasInstanceValue)); + LLINT_RETURN(result); +} + +LLINT_SLOW_PATH_DECL(slow_path_try_get_by_id) +{ + LLINT_BEGIN(); + CodeBlock* codeBlock = exec->codeBlock(); + const Identifier& ident = codeBlock->identifier(pc[3].u.operand); + JSValue baseValue = LLINT_OP_C(2).jsValue(); + PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::VMInquiry); + + baseValue.getPropertySlot(exec, ident, slot); + JSValue result = slot.getPureResult(); + + LLINT_RETURN_PROFILED(op_try_get_by_id, result); +} + +static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc, JSCell* baseCell, PropertySlot& slot, const Identifier& ident) +{ + CodeBlock* codeBlock = exec->codeBlock(); + Structure* structure = baseCell->structure(); + + if (structure->typeInfo().prohibitsPropertyCaching()) + return; + + if (structure->needImpurePropertyWatchpoint()) + return; + + if (structure->isDictionary()) { + if (structure->hasBeenFlattenedBefore()) + return; + structure->flattenDictionaryStructure(vm, jsCast<JSObject*>(baseCell)); + } + + ObjectPropertyConditionSet conditions; + if (slot.isUnset()) + conditions = generateConditionsForPropertyMiss(vm, codeBlock, exec, structure, ident.impl()); + else + conditions = generateConditionsForPrototypePropertyHit(vm, codeBlock, exec, structure, slot.slotBase(), ident.impl()); + + if (!conditions.isValid()) + return; + + PropertyOffset offset = invalidOffset; + CodeBlock::StructureWatchpointMap& watchpointMap = codeBlock->llintGetByIdWatchpointMap(); + auto result = watchpointMap.add(structure, Bag<LLIntPrototypeLoadAdaptiveStructureWatchpoint>()); + for (ObjectPropertyCondition condition : conditions) { + if (!condition.isWatchable()) + return; + if (condition.condition().kind() == PropertyCondition::Presence) + offset = condition.condition().offset(); + result.iterator->value.add(condition, pc)->install(); + } + ASSERT((offset == invalidOffset) == slot.isUnset()); + + ConcurrentJSLocker locker(codeBlock->m_lock); + + if (slot.isUnset()) { + pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_unset); + pc[4].u.structureID = structure->id(); + return; + } + ASSERT(slot.isValue()); + + pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_load); + pc[4].u.structureID = structure->id(); + pc[5].u.operand = offset; + // We know that this pointer will remain valid because it will be cleared by either a watchpoint fire or + // during GC when we clear the LLInt caches. + pc[6].u.pointer = slot.slotBase(); } + LLINT_SLOW_PATH_DECL(slow_path_get_by_id) { LLINT_BEGIN(); CodeBlock* codeBlock = exec->codeBlock(); const Identifier& ident = codeBlock->identifier(pc[3].u.operand); JSValue baseValue = LLINT_OP_C(2).jsValue(); - PropertySlot slot(baseValue); + PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::Get); JSValue result = baseValue.get(exec, ident, slot); LLINT_CHECK_EXCEPTION(); @@ -530,36 +660,43 @@ LLINT_SLOW_PATH_DECL(slow_path_get_by_id) if (!LLINT_ALWAYS_ACCESS_SLOW && baseValue.isCell() - && slot.isCacheable() - && slot.slotBase() == baseValue - && slot.isCacheableValue()) { - + && slot.isCacheable()) { + JSCell* baseCell = baseValue.asCell(); Structure* structure = baseCell->structure(); + if (slot.isValue() && slot.slotBase() == baseValue) { + // Start out by clearing out the old cache. + pc[0].u.opcode = LLInt::getOpcode(op_get_by_id); + pc[4].u.pointer = nullptr; // old structure + pc[5].u.pointer = nullptr; // offset + + // Prevent the prototype cache from ever happening. + pc[7].u.operand = 0; - if (!structure->isUncacheableDictionary() - && !structure->typeInfo().prohibitsPropertyCaching()) { - ConcurrentJITLocker locker(codeBlock->m_lock); - - pc[4].u.structure.set( - vm, codeBlock->ownerExecutable(), structure); - if (isInlineOffset(slot.cachedOffset())) { - pc[0].u.opcode = LLInt::getOpcode(llint_op_get_by_id); - pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage(); - } else { - pc[0].u.opcode = LLInt::getOpcode(llint_op_get_by_id_out_of_line); - pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue); + if (structure->propertyAccessesAreCacheable()) { + vm.heap.writeBarrier(codeBlock); + + ConcurrentJSLocker locker(codeBlock->m_lock); + + pc[4].u.structureID = structure->id(); + pc[5].u.operand = slot.cachedOffset(); } - } - } + } else if (UNLIKELY(pc[7].u.operand && (slot.isValue() || slot.isUnset()))) { + ASSERT(slot.slotBase() != baseValue); - if (!LLINT_ALWAYS_ACCESS_SLOW + if (!(--pc[7].u.operand)) + setupGetByIdPrototypeCache(exec, vm, pc, baseCell, slot, ident); + } + } else if (!LLINT_ALWAYS_ACCESS_SLOW && isJSArray(baseValue) && ident == exec->propertyNames().length) { - pc[0].u.opcode = LLInt::getOpcode(llint_op_get_array_length); + pc[0].u.opcode = LLInt::getOpcode(op_get_array_length); ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin()); arrayProfile->observeStructure(baseValue.asCell()->structure()); pc[4].u.arrayProfile = arrayProfile; + + // Prevent the prototype cache from ever happening. + pc[7].u.operand = 0; } pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result); @@ -572,7 +709,7 @@ LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length) CodeBlock* codeBlock = exec->codeBlock(); const Identifier& ident = codeBlock->identifier(pc[3].u.operand); JSValue baseValue = LLINT_OP(2).jsValue(); - PropertySlot slot(baseValue); + PropertySlot slot(baseValue, PropertySlot::InternalMethodType::Get); LLINT_RETURN(baseValue.get(exec, ident, slot)); } @@ -584,15 +721,23 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_id) JSValue baseValue = LLINT_OP_C(1).jsValue(); PutPropertySlot slot(baseValue, codeBlock->isStrictMode(), codeBlock->putByIdContext()); - if (pc[8].u.operand) + if (pc[8].u.putByIdFlags & PutByIdIsDirect) asObject(baseValue)->putDirect(vm, ident, LLINT_OP_C(3).jsValue(), slot); else - baseValue.put(exec, ident, LLINT_OP_C(3).jsValue(), slot); + baseValue.putInline(exec, ident, LLINT_OP_C(3).jsValue(), slot); LLINT_CHECK_EXCEPTION(); if (!LLINT_ALWAYS_ACCESS_SLOW && baseValue.isCell() - && slot.isCacheable()) { + && slot.isCacheablePut()) { + + // Start out by clearing out the old cache. + pc[4].u.pointer = nullptr; // old structure + pc[5].u.pointer = nullptr; // offset + pc[6].u.pointer = nullptr; // new structure + pc[7].u.pointer = nullptr; // structure chain + pc[8].u.putByIdFlags = + static_cast<PutByIdFlags>(pc[8].u.putByIdFlags & PutByIdPersistentFlagsMask); JSCell* baseCell = baseValue.asCell(); Structure* structure = baseCell->structure(); @@ -600,55 +745,38 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_id) if (!structure->isUncacheableDictionary() && !structure->typeInfo().prohibitsPropertyCaching() && baseCell == slot.base()) { + + vm.heap.writeBarrier(codeBlock); if (slot.type() == PutPropertySlot::NewProperty) { - GCSafeConcurrentJITLocker locker(codeBlock->m_lock, vm.heap); + GCSafeConcurrentJSLocker locker(codeBlock->m_lock, vm.heap); if (!structure->isDictionary() && structure->previousID()->outOfLineCapacity() == structure->outOfLineCapacity()) { ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated()); - - // This is needed because some of the methods we call - // below may GC. - pc[0].u.opcode = LLInt::getOpcode(llint_op_put_by_id); - if (normalizePrototypeChain(exec, baseCell) != InvalidPrototypeChain) { + if (normalizePrototypeChain(exec, structure) != InvalidPrototypeChain) { ASSERT(structure->previousID()->isObject()); - pc[4].u.structure.set( - vm, codeBlock->ownerExecutable(), structure->previousID()); - if (isInlineOffset(slot.cachedOffset())) - pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage(); - else - pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue); - pc[6].u.structure.set( - vm, codeBlock->ownerExecutable(), structure); - StructureChain* chain = structure->prototypeChain(exec); - ASSERT(chain); - pc[7].u.structureChain.set( - vm, codeBlock->ownerExecutable(), chain); - - if (pc[8].u.operand) { - if (isInlineOffset(slot.cachedOffset())) - pc[0].u.opcode = LLInt::getOpcode(llint_op_put_by_id_transition_direct); - else - pc[0].u.opcode = LLInt::getOpcode(llint_op_put_by_id_transition_direct_out_of_line); - } else { - if (isInlineOffset(slot.cachedOffset())) - pc[0].u.opcode = LLInt::getOpcode(llint_op_put_by_id_transition_normal); - else - pc[0].u.opcode = LLInt::getOpcode(llint_op_put_by_id_transition_normal_out_of_line); + pc[4].u.structureID = structure->previousID()->id(); + pc[5].u.operand = slot.cachedOffset(); + pc[6].u.structureID = structure->id(); + if (!(pc[8].u.putByIdFlags & PutByIdIsDirect)) { + StructureChain* chain = structure->prototypeChain(exec); + ASSERT(chain); + pc[7].u.structureChain.set( + vm, codeBlock, chain); } + pc[8].u.putByIdFlags = static_cast<PutByIdFlags>( + pc[8].u.putByIdFlags | + structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags()); } } } else { - pc[4].u.structure.set( - vm, codeBlock->ownerExecutable(), structure); - if (isInlineOffset(slot.cachedOffset())) { - pc[0].u.opcode = LLInt::getOpcode(llint_op_put_by_id); - pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage(); - } else { - pc[0].u.opcode = LLInt::getOpcode(llint_op_put_by_id_out_of_line); - pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue); - } + structure->didCachePropertyReplacement(vm, slot.cachedOffset()); + pc[4].u.structureID = structure->id(); + pc[5].u.operand = slot.cachedOffset(); + pc[8].u.putByIdFlags = static_cast<PutByIdFlags>( + pc[8].u.putByIdFlags | + structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags()); } } } @@ -661,59 +789,48 @@ LLINT_SLOW_PATH_DECL(slow_path_del_by_id) LLINT_BEGIN(); CodeBlock* codeBlock = exec->codeBlock(); JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec); + LLINT_CHECK_EXCEPTION(); bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand)); LLINT_CHECK_EXCEPTION(); if (!couldDelete && codeBlock->isStrictMode()) - LLINT_THROW(createTypeError(exec, "Unable to delete property.")); + LLINT_THROW(createTypeError(exec, UnableToDeletePropertyError)); LLINT_RETURN(jsBoolean(couldDelete)); } -inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript) +static ALWAYS_INLINE JSValue getByVal(VM& vm, ExecState* exec, JSValue baseValue, JSValue subscript) { + auto scope = DECLARE_THROW_SCOPE(vm); + if (LIKELY(baseValue.isCell() && subscript.isString())) { - if (JSValue result = baseValue.asCell()->fastGetOwnProperty(exec, asString(subscript)->value(exec))) - return result; + Structure& structure = *baseValue.asCell()->structure(vm); + if (JSCell::canUseFastGetOwnProperty(structure)) { + if (RefPtr<AtomicStringImpl> existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) { + if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString.get())) + return result; + } + } } if (subscript.isUInt32()) { uint32_t i = subscript.asUInt32(); if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i)) return asString(baseValue)->getIndex(exec, i); - + scope.release(); return baseValue.get(exec, i); } - if (isName(subscript)) - return baseValue.get(exec, jsCast<NameInstance*>(subscript.asCell())->privateName()); - - Identifier property(exec, subscript.toString(exec)->value(exec)); + baseValue.requireObjectCoercible(exec); + RETURN_IF_EXCEPTION(scope, JSValue()); + auto property = subscript.toPropertyKey(exec); + RETURN_IF_EXCEPTION(scope, JSValue()); + scope.release(); return baseValue.get(exec, property); } LLINT_SLOW_PATH_DECL(slow_path_get_by_val) { LLINT_BEGIN(); - LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())); -} - -LLINT_SLOW_PATH_DECL(slow_path_get_argument_by_val) -{ - LLINT_BEGIN(); - JSValue arguments = LLINT_OP(2).jsValue(); - if (!arguments) { - arguments = Arguments::create(vm, exec); - LLINT_CHECK_EXCEPTION(); - LLINT_OP(2) = arguments; - exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[2].u.operand)).offset()) = arguments; - } - - LLINT_RETURN_PROFILED(op_get_argument_by_val, getByVal(exec, arguments, LLINT_OP_C(3).jsValue())); -} - -LLINT_SLOW_PATH_DECL(slow_path_get_by_pname) -{ - LLINT_BEGIN(); - LLINT_RETURN(getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())); + LLINT_RETURN_PROFILED(op_get_by_val, getByVal(vm, exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())); } LLINT_SLOW_PATH_DECL(slow_path_put_by_val) @@ -723,6 +840,7 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_val) JSValue baseValue = LLINT_OP_C(1).jsValue(); JSValue subscript = LLINT_OP_C(2).jsValue(); JSValue value = LLINT_OP_C(3).jsValue(); + bool isStrictMode = exec->codeBlock()->isStrictMode(); if (LIKELY(subscript.isUInt32())) { uint32_t i = subscript.asUInt32(); @@ -731,22 +849,16 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_val) if (object->canSetIndexQuickly(i)) object->setIndexQuickly(vm, i, value); else - object->methodTable()->putByIndex(object, exec, i, value, exec->codeBlock()->isStrictMode()); + object->methodTable()->putByIndex(object, exec, i, value, isStrictMode); LLINT_END(); } - baseValue.putByIndex(exec, i, value, exec->codeBlock()->isStrictMode()); - LLINT_END(); - } - - if (isName(subscript)) { - PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode()); - baseValue.put(exec, jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot); + baseValue.putByIndex(exec, i, value, isStrictMode); LLINT_END(); } - Identifier property(exec, subscript.toString(exec)->value(exec)); + auto property = subscript.toPropertyKey(exec); LLINT_CHECK_EXCEPTION(); - PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode()); + PutPropertySlot slot(baseValue, isStrictMode); baseValue.put(exec, property, value, slot); LLINT_END(); } @@ -760,19 +872,34 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_val_direct) JSValue value = LLINT_OP_C(3).jsValue(); RELEASE_ASSERT(baseValue.isObject()); JSObject* baseObject = asObject(baseValue); + bool isStrictMode = exec->codeBlock()->isStrictMode(); if (LIKELY(subscript.isUInt32())) { - uint32_t i = subscript.asUInt32(); - baseObject->putDirectIndex(exec, i, value); - } else if (isName(subscript)) { - PutPropertySlot slot(baseObject, exec->codeBlock()->isStrictMode()); - baseObject->putDirect(exec->vm(), jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot); - } else { - Identifier property(exec, subscript.toString(exec)->value(exec)); - if (!exec->vm().exception()) { // Don't put to an object if toString threw an exception. - PutPropertySlot slot(baseObject, exec->codeBlock()->isStrictMode()); - baseObject->putDirect(exec->vm(), property, value, slot); + // Despite its name, JSValue::isUInt32 will return true only for positive boxed int32_t; all those values are valid array indices. + ASSERT(isIndex(subscript.asUInt32())); + baseObject->putDirectIndex(exec, subscript.asUInt32(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow); + LLINT_END(); + } + + if (subscript.isDouble()) { + double subscriptAsDouble = subscript.asDouble(); + uint32_t subscriptAsUInt32 = static_cast<uint32_t>(subscriptAsDouble); + if (subscriptAsDouble == subscriptAsUInt32 && isIndex(subscriptAsUInt32)) { + baseObject->putDirectIndex(exec, subscriptAsUInt32, value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow); + LLINT_END(); } } + + // Don't put to an object if toString threw an exception. + auto property = subscript.toPropertyKey(exec); + if (UNLIKELY(throwScope.exception())) + LLINT_END(); + + if (std::optional<uint32_t> index = parseIndex(property)) + baseObject->putDirectIndex(exec, index.value(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow); + else { + PutPropertySlot slot(baseObject, isStrictMode); + baseObject->putDirect(exec->vm(), property, value, slot); + } LLINT_END(); } @@ -781,7 +908,8 @@ LLINT_SLOW_PATH_DECL(slow_path_del_by_val) LLINT_BEGIN(); JSValue baseValue = LLINT_OP_C(2).jsValue(); JSObject* baseObject = baseValue.toObject(exec); - + LLINT_CHECK_EXCEPTION(); + JSValue subscript = LLINT_OP_C(3).jsValue(); bool couldDelete; @@ -789,17 +917,15 @@ LLINT_SLOW_PATH_DECL(slow_path_del_by_val) uint32_t i; if (subscript.getUInt32(i)) couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i); - else if (isName(subscript)) - couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, jsCast<NameInstance*>(subscript.asCell())->privateName()); else { LLINT_CHECK_EXCEPTION(); - Identifier property(exec, subscript.toString(exec)->value(exec)); + auto property = subscript.toPropertyKey(exec); LLINT_CHECK_EXCEPTION(); couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property); } if (!couldDelete && exec->codeBlock()->isStrictMode()) - LLINT_THROW(createTypeError(exec, "Unable to delete property.")); + LLINT_THROW(createTypeError(exec, UnableToDeletePropertyError)); LLINT_RETURN(jsBoolean(couldDelete)); } @@ -813,29 +939,97 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_index) LLINT_END(); } -LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter) +LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_id) +{ + LLINT_BEGIN(); + ASSERT(LLINT_OP(1).jsValue().isObject()); + JSObject* baseObj = asObject(LLINT_OP(1).jsValue()); + + unsigned options = pc[3].u.operand; + + JSValue getter = LLINT_OP(4).jsValue(); + ASSERT(getter.isObject()); + + baseObj->putGetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(getter), options); + LLINT_END(); +} + +LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_id) +{ + LLINT_BEGIN(); + ASSERT(LLINT_OP(1).jsValue().isObject()); + JSObject* baseObj = asObject(LLINT_OP(1).jsValue()); + + unsigned options = pc[3].u.operand; + + JSValue setter = LLINT_OP(4).jsValue(); + ASSERT(setter.isObject()); + + baseObj->putSetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(setter), options); + LLINT_END(); +} + +LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter_by_id) { LLINT_BEGIN(); ASSERT(LLINT_OP(1).jsValue().isObject()); JSObject* baseObj = asObject(LLINT_OP(1).jsValue()); - GetterSetter* accessor = GetterSetter::create(vm); + GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject()); LLINT_CHECK_EXCEPTION(); - - JSValue getter = LLINT_OP(3).jsValue(); - JSValue setter = LLINT_OP(4).jsValue(); + + JSValue getter = LLINT_OP(4).jsValue(); + JSValue setter = LLINT_OP(5).jsValue(); ASSERT(getter.isObject() || getter.isUndefined()); ASSERT(setter.isObject() || setter.isUndefined()); ASSERT(getter.isObject() || setter.isObject()); if (!getter.isUndefined()) - accessor->setGetter(vm, asObject(getter)); + accessor->setGetter(vm, exec->lexicalGlobalObject(), asObject(getter)); if (!setter.isUndefined()) - accessor->setSetter(vm, asObject(setter)); + accessor->setSetter(vm, exec->lexicalGlobalObject(), asObject(setter)); baseObj->putDirectAccessor( exec, exec->codeBlock()->identifier(pc[2].u.operand), - accessor, Accessor); + accessor, pc[3].u.operand); + LLINT_END(); +} + +LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_val) +{ + LLINT_BEGIN(); + ASSERT(LLINT_OP(1).jsValue().isObject()); + JSObject* baseObj = asObject(LLINT_OP(1).jsValue()); + JSValue subscript = LLINT_OP_C(2).jsValue(); + + unsigned options = pc[3].u.operand; + + JSValue getter = LLINT_OP(4).jsValue(); + ASSERT(getter.isObject()); + + auto property = subscript.toPropertyKey(exec); + LLINT_CHECK_EXCEPTION(); + + baseObj->putGetter(exec, property, asObject(getter), options); + LLINT_END(); +} + +LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_val) +{ + LLINT_BEGIN(); + ASSERT(LLINT_OP(1).jsValue().isObject()); + JSObject* baseObj = asObject(LLINT_OP(1).jsValue()); + JSValue subscript = LLINT_OP_C(2).jsValue(); + + unsigned options = pc[3].u.operand; + + JSValue setter = LLINT_OP(4).jsValue(); + ASSERT(setter.isObject()); + + auto property = subscript.toPropertyKey(exec); + LLINT_CHECK_EXCEPTION(); + + baseObj->putSetter(exec, property, asObject(setter), options); LLINT_END(); } @@ -947,23 +1141,75 @@ LLINT_SLOW_PATH_DECL(slow_path_new_func) { LLINT_BEGIN(); CodeBlock* codeBlock = exec->codeBlock(); - ASSERT(codeBlock->codeType() != FunctionCode - || !codeBlock->needsFullScopeChain() - || exec->uncheckedR(codeBlock->activationRegister().offset()).jsValue()); + JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope(); #if LLINT_SLOW_PATH_TRACING dataLogF("Creating function!\n"); #endif - LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[2].u.operand), exec->scope())); + LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope)); +} + +LLINT_SLOW_PATH_DECL(slow_path_new_generator_func) +{ + LLINT_BEGIN(); + CodeBlock* codeBlock = exec->codeBlock(); + JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope(); +#if LLINT_SLOW_PATH_TRACING + dataLogF("Creating function!\n"); +#endif + LLINT_RETURN(JSGeneratorFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope)); +} + +LLINT_SLOW_PATH_DECL(slow_path_new_async_func) +{ + LLINT_BEGIN(); + CodeBlock* codeBlock = exec->codeBlock(); + JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope(); +#if LLINT_SLOW_PATH_TRACING + dataLogF("Creating async function!\n"); +#endif + LLINT_RETURN(JSAsyncFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope)); } LLINT_SLOW_PATH_DECL(slow_path_new_func_exp) { LLINT_BEGIN(); + + CodeBlock* codeBlock = exec->codeBlock(); + JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope(); + FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand); + + LLINT_RETURN(JSFunction::create(vm, executable, scope)); +} + +LLINT_SLOW_PATH_DECL(slow_path_new_generator_func_exp) +{ + LLINT_BEGIN(); + + CodeBlock* codeBlock = exec->codeBlock(); + JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope(); + FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand); + + LLINT_RETURN(JSGeneratorFunction::create(vm, executable, scope)); +} + +LLINT_SLOW_PATH_DECL(slow_path_new_async_func_exp) +{ + LLINT_BEGIN(); + CodeBlock* codeBlock = exec->codeBlock(); - FunctionExecutable* function = codeBlock->functionExpr(pc[2].u.operand); - JSFunction* func = JSFunction::create(vm, function, exec->scope()); + JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope(); + FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand); - LLINT_RETURN(func); + LLINT_RETURN(JSAsyncFunction::create(vm, executable, scope)); +} + +LLINT_SLOW_PATH_DECL(slow_path_set_function_name) +{ + LLINT_BEGIN(); + JSFunction* func = jsCast<JSFunction*>(LLINT_OP(1).Register::unboxedCell()); + JSValue name = LLINT_OP_C(2).Register::jsValue(); + func->setFunctionName(exec, name); + LLINT_END(); } static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind) @@ -976,8 +1222,8 @@ static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, ExecState* exec = execCallee->callerFrame(); VM& vm = exec->vm(); + auto throwScope = DECLARE_THROW_SCOPE(vm); - execCallee->setScope(exec->scope()); execCallee->setCodeBlock(0); execCallee->clearReturnPC(); @@ -985,21 +1231,21 @@ static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, CallData callData; CallType callType = getCallData(callee, callData); - ASSERT(callType != CallTypeJS); + ASSERT(callType != CallType::JS); - if (callType == CallTypeHost) { + if (callType == CallType::Host) { NativeCallFrameTracer tracer(&vm, execCallee); execCallee->setCallee(asObject(callee)); vm.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee)); - LLINT_CALL_RETURN(execCallee, LLInt::getCodePtr(getHostCallReturnValue)); + LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue)); } #if LLINT_SLOW_PATH_TRACING dataLog("Call callee is not a function: ", callee, "\n"); #endif - ASSERT(callType == CallTypeNone); + ASSERT(callType == CallType::None); LLINT_CALL_THROW(exec, createNotAFunctionError(exec, callee)); } @@ -1008,74 +1254,85 @@ static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, ConstructData constructData; ConstructType constructType = getConstructData(callee, constructData); - ASSERT(constructType != ConstructTypeJS); + ASSERT(constructType != ConstructType::JS); - if (constructType == ConstructTypeHost) { + if (constructType == ConstructType::Host) { NativeCallFrameTracer tracer(&vm, execCallee); execCallee->setCallee(asObject(callee)); vm.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee)); - LLINT_CALL_RETURN(execCallee, LLInt::getCodePtr(getHostCallReturnValue)); + LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue)); } #if LLINT_SLOW_PATH_TRACING dataLog("Constructor callee is not a function: ", callee, "\n"); #endif - ASSERT(constructType == ConstructTypeNone); + ASSERT(constructType == ConstructType::None); LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee)); } inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0) { + ExecState* exec = execCallee->callerFrame(); + VM& vm = exec->vm(); + auto throwScope = DECLARE_THROW_SCOPE(vm); + #if LLINT_SLOW_PATH_TRACING - dataLogF("Performing call with recorded PC = %p\n", execCallee->callerFrame()->currentVPC()); + dataLogF("Performing call with recorded PC = %p\n", exec->currentVPC()); #endif - + JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue); - if (!calleeAsFunctionCell) + if (!calleeAsFunctionCell) { + throwScope.release(); return handleHostCall(execCallee, pc, calleeAsValue, kind); - + } JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell); JSScope* scope = callee->scopeUnchecked(); - VM& vm = *scope->vm(); - execCallee->setScope(scope); ExecutableBase* executable = callee->executable(); - + MacroAssemblerCodePtr codePtr; CodeBlock* codeBlock = 0; - if (executable->isHostFunction()) - codePtr = executable->hostCodeEntryFor(kind); - else { + if (executable->isHostFunction()) { + codePtr = executable->entrypointFor(kind, MustCheckArity); + } else { FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable); - JSObject* error = functionExecutable->prepareForExecution(execCallee, callee->scope(), kind); - if (error) - LLINT_CALL_THROW(execCallee->callerFrame(), error); - codeBlock = functionExecutable->codeBlockFor(kind); + + if (!isCall(kind) && functionExecutable->constructAbility() == ConstructAbility::CannotConstruct) + LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee)); + + CodeBlock** codeBlockSlot = execCallee->addressOfCodeBlock(); + JSObject* error = functionExecutable->prepareForExecution<FunctionExecutable>(vm, callee, scope, kind, *codeBlockSlot); + ASSERT(throwScope.exception() == error); + if (UNLIKELY(error)) + LLINT_CALL_THROW(exec, error); + codeBlock = *codeBlockSlot; ASSERT(codeBlock); + ArityCheckMode arity; if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters())) - codePtr = functionExecutable->jsCodeWithArityCheckEntryFor(kind); + arity = MustCheckArity; else - codePtr = functionExecutable->jsCodeEntryFor(kind); + arity = ArityCheckNotRequired; + codePtr = functionExecutable->entrypointFor(kind, arity); } + + ASSERT(!!codePtr); if (!LLINT_ALWAYS_ACCESS_SLOW && callLinkInfo) { - ExecState* execCaller = execCallee->callerFrame(); - - CodeBlock* callerCodeBlock = execCaller->codeBlock(); + CodeBlock* callerCodeBlock = exec->codeBlock(); - ConcurrentJITLocker locker(callerCodeBlock->m_lock); + ConcurrentJSLocker locker(callerCodeBlock->m_lock); if (callLinkInfo->isOnList()) callLinkInfo->remove(); - callLinkInfo->callee.set(vm, callerCodeBlock->ownerExecutable(), callee); - callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock->ownerExecutable(), callee); + callLinkInfo->callee.set(vm, callerCodeBlock, callee); + callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock, callee); callLinkInfo->machineCodeTarget = codePtr; if (codeBlock) - codeBlock->linkIncomingCall(execCaller, callLinkInfo); + codeBlock->linkIncomingCall(exec, callLinkInfo); } - LLINT_CALL_RETURN(execCallee, codePtr.executableAddress()); + LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress()); } inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind) @@ -1091,7 +1348,7 @@ inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpec ExecState* execCallee = exec - pc[4].u.operand; execCallee->setArgumentCountIncludingThis(pc[3].u.operand); - execCallee->uncheckedR(JSStack::Callee) = calleeAsValue; + execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue; execCallee->setCallerFrame(exec); ASSERT(pc[5].u.callLinkInfo); @@ -1101,51 +1358,100 @@ inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpec LLINT_SLOW_PATH_DECL(slow_path_call) { LLINT_BEGIN_NO_SET_PC(); + throwScope.release(); return genericCall(exec, pc, CodeForCall); } LLINT_SLOW_PATH_DECL(slow_path_construct) { LLINT_BEGIN_NO_SET_PC(); + throwScope.release(); return genericCall(exec, pc, CodeForConstruct); } -LLINT_SLOW_PATH_DECL(slow_path_size_and_alloc_frame_for_varargs) +LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_varargs) { LLINT_BEGIN(); // This needs to: // - Set up a call frame while respecting the variable arguments. - ExecState* execCallee = sizeAndAllocFrameForVarargs(exec, &vm.interpreter->stack(), - LLINT_OP_C(4).jsValue(), pc[5].u.operand); - LLINT_CALL_CHECK_EXCEPTION(exec); + unsigned numUsedStackSlots = -pc[5].u.operand; + unsigned length = sizeFrameForVarargs(exec, vm, + LLINT_OP_C(4).jsValue(), numUsedStackSlots, pc[6].u.operand); + LLINT_CALL_CHECK_EXCEPTION(exec, exec); + ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, length + 1); + vm.varargsLength = length; vm.newCallFrameReturnValue = execCallee; - LLINT_END(); + LLINT_RETURN_CALLEE_FRAME(execCallee); } -LLINT_SLOW_PATH_DECL(slow_path_call_varargs) +LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_forward_arguments) +{ + LLINT_BEGIN(); + // This needs to: + // - Set up a call frame with the same arguments as the current frame. + + unsigned numUsedStackSlots = -pc[5].u.operand; + + unsigned arguments = sizeFrameForForwardArguments(exec, vm, numUsedStackSlots); + LLINT_CALL_CHECK_EXCEPTION(exec, exec); + + ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, arguments + 1); + + vm.varargsLength = arguments; + vm.newCallFrameReturnValue = execCallee; + + LLINT_RETURN_CALLEE_FRAME(execCallee); +} + +enum class SetArgumentsWith { + Object, + CurrentArguments +}; + +inline SlowPathReturnType varargsSetup(ExecState* exec, Instruction* pc, CodeSpecializationKind kind, SetArgumentsWith set) { LLINT_BEGIN_NO_SET_PC(); // This needs to: // - Figure out what to call and compile it if necessary. // - Return a tuple of machine code address to call and the new call frame. - + JSValue calleeAsValue = LLINT_OP_C(2).jsValue(); - + ExecState* execCallee = vm.newCallFrameReturnValue; - loadVarargs(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue()); - LLINT_CALL_CHECK_EXCEPTION(exec); - - execCallee->uncheckedR(JSStack::Callee) = calleeAsValue; + if (set == SetArgumentsWith::Object) { + setupVarargsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand, vm.varargsLength); + LLINT_CALL_CHECK_EXCEPTION(exec, exec); + } else + setupForwardArgumentsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), vm.varargsLength); + execCallee->setCallerFrame(exec); + execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue; exec->setCurrentVPC(pc); - - return setUpCall(execCallee, pc, CodeForCall, calleeAsValue); + + throwScope.release(); + return setUpCall(execCallee, pc, kind, calleeAsValue); +} + +LLINT_SLOW_PATH_DECL(slow_path_call_varargs) +{ + return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::Object); +} + +LLINT_SLOW_PATH_DECL(slow_path_tail_call_forward_arguments) +{ + return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::CurrentArguments); } +LLINT_SLOW_PATH_DECL(slow_path_construct_varargs) +{ + return varargsSetup(exec, pc, CodeForConstruct, SetArgumentsWith::Object); +} + + LLINT_SLOW_PATH_DECL(slow_path_call_eval) { LLINT_BEGIN_NO_SET_PC(); @@ -1155,37 +1461,18 @@ LLINT_SLOW_PATH_DECL(slow_path_call_eval) execCallee->setArgumentCountIncludingThis(pc[3].u.operand); execCallee->setCallerFrame(exec); - execCallee->uncheckedR(JSStack::Callee) = calleeAsValue; - execCallee->setScope(exec->scope()); + execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue; execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point)); execCallee->setCodeBlock(0); exec->setCurrentVPC(pc); - if (!isHostFunction(calleeAsValue, globalFuncEval)) + if (!isHostFunction(calleeAsValue, globalFuncEval)) { + throwScope.release(); return setUpCall(execCallee, pc, CodeForCall, calleeAsValue); + } vm.hostCallReturnValue = eval(execCallee); - LLINT_CALL_RETURN(execCallee, LLInt::getCodePtr(getHostCallReturnValue)); -} - -LLINT_SLOW_PATH_DECL(slow_path_tear_off_activation) -{ - LLINT_BEGIN(); - ASSERT(exec->codeBlock()->needsFullScopeChain()); - jsCast<JSActivation*>(LLINT_OP(1).jsValue())->tearOff(vm); - LLINT_END(); -} - -LLINT_SLOW_PATH_DECL(slow_path_tear_off_arguments) -{ - LLINT_BEGIN(); - ASSERT(exec->codeBlock()->usesArguments()); - Arguments* arguments = jsCast<Arguments*>(exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[1].u.operand)).offset()).jsValue()); - if (JSValue activationValue = LLINT_OP_C(2).jsValue()) - arguments->didTearOffActivation(exec, jsCast<JSActivation*>(activationValue)); - else - arguments->tearOff(exec); - LLINT_END(); + LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue)); } LLINT_SLOW_PATH_DECL(slow_path_strcat) @@ -1200,199 +1487,198 @@ LLINT_SLOW_PATH_DECL(slow_path_to_primitive) LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec)); } -LLINT_SLOW_PATH_DECL(slow_path_get_pnames) +LLINT_SLOW_PATH_DECL(slow_path_throw) { LLINT_BEGIN(); - JSValue v = LLINT_OP(2).jsValue(); - if (v.isUndefinedOrNull()) { - pc += pc[5].u.operand; - LLINT_END(); - } - - JSObject* o = v.toObject(exec); - Structure* structure = o->structure(); - JSPropertyNameIterator* jsPropertyNameIterator = structure->enumerationCache(); - if (!jsPropertyNameIterator || jsPropertyNameIterator->cachedPrototypeChain() != structure->prototypeChain(exec)) - jsPropertyNameIterator = JSPropertyNameIterator::create(exec, o); - - LLINT_OP(1) = JSValue(jsPropertyNameIterator); - LLINT_OP(2) = JSValue(o); - LLINT_OP(3) = Register::withInt(0); - LLINT_OP(4) = Register::withInt(jsPropertyNameIterator->size()); - - pc += OPCODE_LENGTH(op_get_pnames); - LLINT_END(); + LLINT_THROW(LLINT_OP_C(1).jsValue()); } -LLINT_SLOW_PATH_DECL(slow_path_next_pname) +LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer) { - LLINT_BEGIN(); - JSObject* base = asObject(LLINT_OP(2).jsValue()); - JSString* property = asString(LLINT_OP(1).jsValue()); - if (base->hasProperty(exec, Identifier(exec, property->value(exec)))) { - // Go to target. - pc += pc[6].u.operand; - } // Else, don't change the PC, so the interpreter will reloop. - LLINT_END(); + LLINT_BEGIN_NO_SET_PC(); + ASSERT(vm.watchdog()); + if (UNLIKELY(vm.shouldTriggerTermination(exec))) + LLINT_THROW(createTerminatedExecutionException(&vm)); + LLINT_RETURN_TWO(0, exec); } -LLINT_SLOW_PATH_DECL(slow_path_push_with_scope) +LLINT_SLOW_PATH_DECL(slow_path_debug) { LLINT_BEGIN(); - JSValue v = LLINT_OP_C(1).jsValue(); - JSObject* o = v.toObject(exec); - LLINT_CHECK_EXCEPTION(); - - exec->setScope(JSWithScope::create(exec, o)); + int debugHookType = pc[1].u.operand; + vm.interpreter->debug(exec, static_cast<DebugHookType>(debugHookType)); LLINT_END(); } -LLINT_SLOW_PATH_DECL(slow_path_pop_scope) +LLINT_SLOW_PATH_DECL(slow_path_handle_exception) { - LLINT_BEGIN(); - exec->setScope(exec->scope()->next()); - LLINT_END(); + LLINT_BEGIN_NO_SET_PC(); + UNUSED_PARAM(throwScope); + genericUnwind(&vm, exec); + LLINT_END_IMPL(); } -LLINT_SLOW_PATH_DECL(slow_path_push_name_scope) +LLINT_SLOW_PATH_DECL(slow_path_get_from_scope) { LLINT_BEGIN(); - CodeBlock* codeBlock = exec->codeBlock(); - JSNameScope* scope = JSNameScope::create(exec, codeBlock->identifier(pc[1].u.operand), LLINT_OP(2).jsValue(), pc[3].u.operand); - exec->setScope(scope); - LLINT_END(); -} + const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand); + JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue()); + GetPutInfo getPutInfo(pc[4].u.operand); -LLINT_SLOW_PATH_DECL(slow_path_throw) -{ - LLINT_BEGIN(); - LLINT_THROW(LLINT_OP_C(1).jsValue()); -} + // ModuleVar is always converted to ClosureVar for get_from_scope. + ASSERT(getPutInfo.resolveType() != ModuleVar); -LLINT_SLOW_PATH_DECL(slow_path_throw_static_error) -{ - LLINT_BEGIN(); - if (pc[2].u.operand) - LLINT_THROW(createReferenceError(exec, errorDescriptionForValue(exec, LLINT_OP_C(1).jsValue())->value(exec))); - else - LLINT_THROW(createTypeError(exec, errorDescriptionForValue(exec, LLINT_OP_C(1).jsValue())->value(exec))); -} + LLINT_RETURN(scope->getPropertySlot(exec, ident, [&] (bool found, PropertySlot& slot) -> JSValue { + if (!found) { + if (getPutInfo.resolveMode() == ThrowIfNotFound) + return throwException(exec, throwScope, createUndefinedVariableError(exec, ident)); + return jsUndefined(); + } -LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer) -{ - LLINT_BEGIN_NO_SET_PC(); - if (UNLIKELY(vm.watchdog.didFire(exec))) - LLINT_THROW(createTerminatedExecutionException(&vm)); - LLINT_RETURN_TWO(0, exec); + JSValue result = JSValue(); + if (scope->isGlobalLexicalEnvironment()) { + // When we can't statically prove we need a TDZ check, we must perform the check on the slow path. + result = slot.getValue(exec, ident); + if (result == jsTDZValue()) + return throwException(exec, throwScope, createTDZError(exec)); + } + + CommonSlowPaths::tryCacheGetFromScopeGlobal(exec, vm, pc, scope, slot, ident); + + if (!result) + return slot.getValue(exec, ident); + return result; + })); } -LLINT_SLOW_PATH_DECL(slow_path_debug) +LLINT_SLOW_PATH_DECL(slow_path_put_to_scope) { LLINT_BEGIN(); - int debugHookID = pc[1].u.operand; - vm.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID)); + + CodeBlock* codeBlock = exec->codeBlock(); + const Identifier& ident = codeBlock->identifier(pc[2].u.operand); + JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue()); + JSValue value = LLINT_OP_C(3).jsValue(); + GetPutInfo getPutInfo = GetPutInfo(pc[4].u.operand); + if (getPutInfo.resolveType() == LocalClosureVar) { + JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope); + environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value); + + // Have to do this *after* the write, because if this puts the set into IsWatched, then we need + // to have already changed the value of the variable. Otherwise we might watch and constant-fold + // to the Undefined value from before the assignment. + if (WatchpointSet* set = pc[5].u.watchpointSet) + set->touch(vm, "Executed op_put_scope<LocalClosureVar>"); + LLINT_END(); + } + + bool hasProperty = scope->hasProperty(exec, ident); + LLINT_CHECK_EXCEPTION(); + if (hasProperty + && scope->isGlobalLexicalEnvironment() + && !isInitialization(getPutInfo.initializationMode())) { + // When we can't statically prove we need a TDZ check, we must perform the check on the slow path. + PropertySlot slot(scope, PropertySlot::InternalMethodType::Get); + JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot); + if (slot.getValue(exec, ident) == jsTDZValue()) + LLINT_THROW(createTDZError(exec)); + } + + if (getPutInfo.resolveMode() == ThrowIfNotFound && !hasProperty) + LLINT_THROW(createUndefinedVariableError(exec, ident)); + + PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode())); + scope->methodTable()->put(scope, exec, ident, value, slot); + CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, getPutInfo, slot, ident); + LLINT_END(); } -LLINT_SLOW_PATH_DECL(slow_path_profile_will_call) +LLINT_SLOW_PATH_DECL(slow_path_check_if_exception_is_uncatchable_and_notify_profiler) { LLINT_BEGIN(); - if (LegacyProfiler* profiler = vm.enabledProfiler()) - profiler->willExecute(exec, LLINT_OP(1).jsValue()); - LLINT_END(); + RELEASE_ASSERT(!!throwScope.exception()); + + if (isTerminatedExecutionException(vm, throwScope.exception())) + LLINT_RETURN_TWO(pc, bitwise_cast<void*>(static_cast<uintptr_t>(1))); + LLINT_RETURN_TWO(pc, 0); } -LLINT_SLOW_PATH_DECL(slow_path_profile_did_call) +LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_prologue) { LLINT_BEGIN(); - if (LegacyProfiler* profiler = vm.enabledProfiler()) - profiler->didExecute(exec, LLINT_OP(1).jsValue()); + + JSScope* scope = exec->uncheckedR(pc[1].u.operand).Register::scope(); + vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::prologue(exec->jsCallee(), exec, exec->callerFrame(), scope)); + LLINT_END(); } -LLINT_SLOW_PATH_DECL(throw_from_native_call) +LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_tail) { LLINT_BEGIN(); - ASSERT(vm.exception()); + + JSValue thisValue = LLINT_OP(1).jsValue(); + JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope(); + +#if USE(JSVALUE64) + CallSiteIndex callSiteIndex(exec->codeBlock()->bytecodeOffset(pc)); +#else + CallSiteIndex callSiteIndex(pc); +#endif + vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::tail(exec, thisValue, scope, exec->codeBlock(), callSiteIndex)); + LLINT_END(); } -LLINT_SLOW_PATH_DECL(slow_path_handle_exception) +extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCallFrame* protoFrame) { - LLINT_BEGIN_NO_SET_PC(); - ASSERT(vm.exception()); - genericUnwind(&vm, exec, vm.exception()); - LLINT_END_IMPL(); + ExecState* exec = vm->topCallFrame; + auto scope = DECLARE_THROW_SCOPE(*vm); + + if (!exec) + exec = protoFrame->callee()->globalObject()->globalExec(); + throwStackOverflowError(exec, scope); + return encodeResult(0, 0); } -LLINT_SLOW_PATH_DECL(slow_path_resolve_scope) +#if !ENABLE(JIT) +extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack) { - LLINT_BEGIN(); - const Identifier& ident = exec->codeBlock()->identifier(pc[2].u.operand); - LLINT_RETURN(JSScope::resolve(exec, exec->scope(), ident)); + bool success = vm->ensureStackCapacityFor(newTopOfStack); + return encodeResult(reinterpret_cast<void*>(success), 0); } +#endif -LLINT_SLOW_PATH_DECL(slow_path_get_from_scope) +extern "C" void llint_write_barrier_slow(ExecState* exec, JSCell* cell) { - LLINT_BEGIN(); - const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand); - JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue()); - ResolveModeAndType modeAndType(pc[4].u.operand); - - PropertySlot slot(scope); - if (!scope->getPropertySlot(exec, ident, slot)) { - if (modeAndType.mode() == ThrowIfNotFound) - LLINT_RETURN(exec->vm().throwException(exec, createUndefinedVariableError(exec, ident))); - LLINT_RETURN(jsUndefined()); - } - - // Covers implicit globals. Since they don't exist until they first execute, we didn't know how to cache them at compile time. - if (slot.isCacheableValue() && slot.slotBase() == scope && scope->structure()->propertyAccessesAreCacheable()) { - if (modeAndType.type() == GlobalProperty || modeAndType.type() == GlobalPropertyWithVarInjectionChecks) { - CodeBlock* codeBlock = exec->codeBlock(); - ConcurrentJITLocker locker(codeBlock->m_lock); - pc[5].u.structure.set(exec->vm(), codeBlock->ownerExecutable(), scope->structure()); - pc[6].u.pointer = reinterpret_cast<void*>(slot.cachedOffset()); - } - } - - LLINT_RETURN(slot.getValue(exec, ident)); + VM& vm = exec->vm(); + vm.heap.writeBarrier(cell); } -LLINT_SLOW_PATH_DECL(slow_path_put_to_scope) +extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash() { - LLINT_BEGIN(); - CodeBlock* codeBlock = exec->codeBlock(); - const Identifier& ident = codeBlock->identifier(pc[2].u.operand); - JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue()); - JSValue value = LLINT_OP_C(3).jsValue(); - ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand); - - if (modeAndType.mode() == ThrowIfNotFound && !scope->hasProperty(exec, ident)) - LLINT_THROW(createUndefinedVariableError(exec, ident)); - - PutPropertySlot slot(scope, codeBlock->isStrictMode()); - scope->methodTable()->put(scope, exec, ident, value, slot); + CRASH(); +} - // Covers implicit globals. Since they don't exist until they first execute, we didn't know how to cache them at compile time. - if (modeAndType.type() == GlobalProperty || modeAndType.type() == GlobalPropertyWithVarInjectionChecks) { - if (slot.isCacheable() && slot.base() == scope && scope->structure()->propertyAccessesAreCacheable()) { - ConcurrentJITLocker locker(codeBlock->m_lock); - pc[5].u.structure.set(exec->vm(), codeBlock->ownerExecutable(), scope->structure()); - pc[6].u.pointer = reinterpret_cast<void*>(slot.cachedOffset()); - } - } +#if ENABLE(LLINT_STATS) - LLINT_END(); +LLINT_SLOW_PATH_DECL(count_opcode) +{ + OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode); + Data::opcodeStats(opcodeID).count++; + LLINT_END_IMPL(); } -extern "C" void llint_write_barrier_slow(ExecState*, JSCell* cell) +LLINT_SLOW_PATH_DECL(count_opcode_slow_path) { - Heap::writeBarrier(cell); + OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode); + Data::opcodeStats(opcodeID).slowPathCount++; + LLINT_END_IMPL(); } -} } // namespace JSC::LLInt +#endif // ENABLE(LLINT_STATS) -#endif // ENABLE(LLINT) +} } // namespace JSC::LLInt |