[ES6] Implement tail calls in the LLInt and Baseline JIT
[WebKit-https.git] / Source / JavaScriptCore / bytecompiler / BytecodeGenerator.cpp
1 /*
2  * Copyright (C) 2008, 2009, 2012-2015 Apple Inc. All rights reserved.
3  * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
4  * Copyright (C) 2012 Igalia, S.L.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1.  Redistributions of source code must retain the above copyright
11  *     notice, this list of conditions and the following disclaimer.
12  * 2.  Redistributions in binary form must reproduce the above copyright
13  *     notice, this list of conditions and the following disclaimer in the
14  *     documentation and/or other materials provided with the distribution.
15  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
16  *     its contributors may be used to endorse or promote products derived
17  *     from this software without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
20  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
23  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30
31 #include "config.h"
32 #include "BytecodeGenerator.h"
33
34 #include "BuiltinExecutables.h"
35 #include "Interpreter.h"
36 #include "JSFunction.h"
37 #include "JSLexicalEnvironment.h"
38 #include "JSTemplateRegistryKey.h"
39 #include "LowLevelInterpreter.h"
40 #include "JSCInlines.h"
41 #include "Options.h"
42 #include "StackAlignment.h"
43 #include "StrongInlines.h"
44 #include "UnlinkedCodeBlock.h"
45 #include "UnlinkedInstructionStream.h"
46 #include <wtf/StdLibExtras.h>
47 #include <wtf/text/WTFString.h>
48
49 using namespace std;
50
51 namespace JSC {
52
53 void Label::setLocation(unsigned location)
54 {
55     m_location = location;
56     
57     unsigned size = m_unresolvedJumps.size();
58     for (unsigned i = 0; i < size; ++i)
59         m_generator.instructions()[m_unresolvedJumps[i].second].u.operand = m_location - m_unresolvedJumps[i].first;
60 }
61
62 ParserError BytecodeGenerator::generate()
63 {
64     SamplingRegion samplingRegion("Bytecode Generation");
65
66     m_codeBlock->setThisRegister(m_thisRegister.virtualRegister());
67     
68     // If we have declared a variable named "arguments" and we are using arguments then we should
69     // perform that assignment now.
70     if (m_needToInitializeArguments)
71         initializeVariable(variable(propertyNames().arguments), m_argumentsRegister);
72
73     {
74         RefPtr<RegisterID> temp = newTemporary();
75         RefPtr<RegisterID> globalScope;
76         for (auto functionPair : m_functionsToInitialize) {
77             FunctionMetadataNode* metadata = functionPair.first;
78             FunctionVariableType functionType = functionPair.second;
79             emitNewFunction(temp.get(), metadata);
80             if (functionType == NormalFunctionVariable)
81                 initializeVariable(variable(metadata->ident()), temp.get());
82             else if (functionType == GlobalFunctionVariable) {
83                 if (!globalScope) {
84                     // We know this will resolve to the global object because our parser/global initialization code 
85                     // doesn't allow let/const/class variables to have the same names as functions.
86                     RefPtr<RegisterID> globalObjectScope = emitResolveScope(nullptr, Variable(metadata->ident())); 
87                     globalScope = newBlockScopeVariable(); 
88                     emitMove(globalScope.get(), globalObjectScope.get());
89                 }
90                 emitPutToScope(globalScope.get(), Variable(metadata->ident()), temp.get(), ThrowIfNotFound, NotInitialization);
91             } else
92                 RELEASE_ASSERT_NOT_REACHED();
93         }
94     }
95     
96     bool callingClassConstructor = constructorKind() != ConstructorKind::None && !isConstructor();
97     if (!callingClassConstructor)
98         m_scopeNode->emitBytecode(*this);
99
100     m_staticPropertyAnalyzer.kill();
101
102     for (unsigned i = 0; i < m_tryRanges.size(); ++i) {
103         TryRange& range = m_tryRanges[i];
104         int start = range.start->bind();
105         int end = range.end->bind();
106         
107         // This will happen for empty try blocks and for some cases of finally blocks:
108         //
109         // try {
110         //    try {
111         //    } finally {
112         //        return 42;
113         //        // *HERE*
114         //    }
115         // } finally {
116         //    print("things");
117         // }
118         //
119         // The return will pop scopes to execute the outer finally block. But this includes
120         // popping the try context for the inner try. The try context is live in the fall-through
121         // part of the finally block not because we will emit a handler that overlaps the finally,
122         // but because we haven't yet had a chance to plant the catch target. Then when we finish
123         // emitting code for the outer finally block, we repush the try contex, this time with a
124         // new start index. But that means that the start index for the try range corresponding
125         // to the inner-finally-following-the-return (marked as "*HERE*" above) will be greater
126         // than the end index of the try block. This is harmless since end < start handlers will
127         // never get matched in our logic, but we do the runtime a favor and choose to not emit
128         // such handlers at all.
129         if (end <= start)
130             continue;
131         
132         ASSERT(range.tryData->handlerType != HandlerType::Illegal);
133         UnlinkedHandlerInfo info(static_cast<uint32_t>(start), static_cast<uint32_t>(end),
134             static_cast<uint32_t>(range.tryData->target->bind()), range.tryData->handlerType);
135         m_codeBlock->addExceptionHandler(info);
136     }
137     
138     m_codeBlock->setInstructions(std::make_unique<UnlinkedInstructionStream>(m_instructions));
139
140     m_codeBlock->shrinkToFit();
141
142     if (m_expressionTooDeep)
143         return ParserError(ParserError::OutOfMemory);
144     return ParserError(ParserError::ErrorNone);
145 }
146
147 BytecodeGenerator::BytecodeGenerator(VM& vm, ProgramNode* programNode, UnlinkedProgramCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode, const VariableEnvironment* parentScopeTDZVariables)
148     : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn)
149     , m_shouldEmitProfileHooks(Options::forceProfilerBytecodeGeneration() || profilerMode == ProfilerOn)
150     , m_scopeNode(programNode)
151     , m_codeBlock(vm, codeBlock)
152     , m_thisRegister(CallFrame::thisArgumentOffset())
153     , m_codeType(GlobalCode)
154     , m_vm(&vm)
155 {
156     ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size());
157
158     for (auto& constantRegister : m_linkTimeConstantRegisters)
159         constantRegister = nullptr;
160
161     allocateCalleeSaveSpace();
162
163     m_codeBlock->setNumParameters(1); // Allocate space for "this"
164
165     emitOpcode(op_enter);
166
167     allocateAndEmitScope();
168
169     const FunctionStack& functionStack = programNode->functionStack();
170
171     for (size_t i = 0; i < functionStack.size(); ++i) {
172         FunctionMetadataNode* function = functionStack[i];
173         m_functionsToInitialize.append(std::make_pair(function, GlobalFunctionVariable));
174     }
175     if (Options::validateBytecode()) {
176         for (auto& entry : programNode->varDeclarations())
177             RELEASE_ASSERT(entry.value.isVar());
178     }
179     codeBlock->setVariableDeclarations(programNode->varDeclarations());
180     codeBlock->setLexicalDeclarations(programNode->lexicalVariables());
181     // Even though this program may have lexical variables that go under TDZ, when linking the get_from_scope/put_to_scope
182     // operations we emit we will have ResolveTypes that implictly do TDZ checks. Therefore, we don't need
183     // additional TDZ checks on top of those. This is why we can omit pushing programNode->lexicalVariables()
184     // to the TDZ stack.
185 }
186
187 BytecodeGenerator::BytecodeGenerator(VM& vm, FunctionNode* functionNode, UnlinkedFunctionCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode, const VariableEnvironment* parentScopeTDZVariables)
188     : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn)
189     , m_shouldEmitProfileHooks(Options::forceProfilerBytecodeGeneration() || profilerMode == ProfilerOn)
190     , m_scopeNode(functionNode)
191     , m_codeBlock(vm, codeBlock)
192     , m_codeType(FunctionCode)
193     , m_vm(&vm)
194     , m_isBuiltinFunction(codeBlock->isBuiltinFunction())
195     , m_usesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode())
196     // FIXME: We should be able to have tail call elimination with the profiler
197     // enabled. This is currently not possible because the profiler expects
198     // op_will_call / op_did_call pairs before and after a call, which are not
199     // compatible with tail calls (we have no way of emitting op_did_call).
200     // https://bugs.webkit.org/show_bug.cgi?id=148819
201     , m_inTailPosition(Options::enableTailCalls() && constructorKind() == ConstructorKind::None && isStrictMode() && !m_shouldEmitProfileHooks)
202 {
203     for (auto& constantRegister : m_linkTimeConstantRegisters)
204         constantRegister = nullptr;
205
206     if (m_isBuiltinFunction)
207         m_shouldEmitDebugHooks = false;
208
209     allocateCalleeSaveSpace();
210     
211     SymbolTable* functionSymbolTable = SymbolTable::create(*m_vm);
212     functionSymbolTable->setUsesNonStrictEval(m_usesNonStrictEval);
213     int symbolTableConstantIndex = addConstantValue(functionSymbolTable)->index();
214
215     Vector<Identifier> boundParameterProperties;
216     FunctionParameters& parameters = *functionNode->parameters(); 
217     if (!parameters.hasDefaultParameterValues()) { 
218         // If we do have default parameters, they will be allocated in a separate scope.
219         for (size_t i = 0; i < parameters.size(); i++) {
220             auto pattern = parameters.at(i).first;
221             if (pattern->isBindingNode())
222                 continue;
223             pattern->collectBoundIdentifiers(boundParameterProperties);
224         }
225     }
226
227     bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || m_codeBlock->needsFullScopeChain();
228     bool shouldCaptureAllOfTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval();
229     bool needsArguments = functionNode->usesArguments() || codeBlock->usesEval();
230     if (shouldCaptureAllOfTheThings)
231         functionNode->varDeclarations().markAllVariablesAsCaptured();
232     
233     auto captures = [&] (UniquedStringImpl* uid) -> bool {
234         if (!shouldCaptureSomeOfTheThings)
235             return false;
236         if (needsArguments && uid == propertyNames().arguments.impl()) {
237             // Actually, we only need to capture the arguments object when we "need full activation"
238             // because of name scopes. But historically we did it this way, so for now we just preserve
239             // the old behavior.
240             // FIXME: https://bugs.webkit.org/show_bug.cgi?id=143072
241             return true;
242         }
243         return functionNode->captures(uid);
244     };
245     auto varKind = [&] (UniquedStringImpl* uid) -> VarKind {
246         return captures(uid) ? VarKind::Scope : VarKind::Stack;
247     };
248
249     emitOpcode(op_enter);
250
251     allocateAndEmitScope();
252     
253     m_calleeRegister.setIndex(JSStack::Callee);
254     
255     if (functionNameIsInScope(functionNode->ident(), functionNode->functionMode())) {
256         bool isDynamicScope = functionNameScopeIsDynamic(codeBlock->usesEval(), codeBlock->isStrictMode());
257         bool isFunctionNameCaptured = captures(functionNode->ident().impl());
258         bool markAsCaptured = isDynamicScope || isFunctionNameCaptured;
259         emitPushFunctionNameScope(functionNode->ident(), &m_calleeRegister, markAsCaptured);
260     }
261     
262     if (shouldCaptureSomeOfTheThings) {
263         m_lexicalEnvironmentRegister = addVar();
264         // We can allocate the "var" environment if we don't have default parameter expressions. If we have
265         // default parameter expressions, we have to hold off on allocating the "var" environment because
266         // the parent scope of the "var" environment is the parameter environment.
267         if (!parameters.hasDefaultParameterValues())
268             initializeVarLexicalEnvironment(symbolTableConstantIndex);
269     }
270
271     // Make sure the code block knows about all of our parameters, and make sure that parameters
272     // needing destructuring are noted.
273     m_parameters.grow(parameters.size() + 1); // reserve space for "this"
274     m_thisRegister.setIndex(initializeNextParameter()->index()); // this
275     for (unsigned i = 0; i < parameters.size(); ++i)
276         initializeNextParameter();
277     
278     // Figure out some interesting facts about our arguments.
279     bool capturesAnyArgumentByName = false;
280     if (functionNode->hasCapturedVariables()) {
281         FunctionParameters& parameters = *functionNode->parameters();
282         for (size_t i = 0; i < parameters.size(); ++i) {
283             auto pattern = parameters.at(i).first;
284             if (!pattern->isBindingNode())
285                 continue;
286             const Identifier& ident = static_cast<const BindingNode*>(pattern)->boundProperty();
287             capturesAnyArgumentByName |= captures(ident.impl());
288         }
289     }
290     
291     if (capturesAnyArgumentByName)
292         ASSERT(m_lexicalEnvironmentRegister);
293
294     // Need to know what our functions are called. Parameters have some goofy behaviors when it
295     // comes to functions of the same name.
296     for (FunctionMetadataNode* function : functionNode->functionStack())
297         m_functions.add(function->ident().impl());
298     
299     if (needsArguments) {
300         // Create the arguments object now. We may put the arguments object into the activation if
301         // it is captured. Either way, we create two arguments object variables: one is our
302         // private variable that is immutable, and another that is the user-visible variable. The
303         // immutable one is only used here, or during formal parameter resolutions if we opt for
304         // DirectArguments.
305         
306         m_argumentsRegister = addVar();
307         m_argumentsRegister->ref();
308     }
309     
310     if (needsArguments && !codeBlock->isStrictMode() && !parameters.hasDefaultParameterValues()) {
311         // If we captured any formal parameter by name, then we use ScopedArguments. Otherwise we
312         // use DirectArguments. With ScopedArguments, we lift all of our arguments into the
313         // activation.
314         
315         if (capturesAnyArgumentByName) {
316             functionSymbolTable->setArgumentsLength(vm, parameters.size());
317             
318             // For each parameter, we have two possibilities:
319             // Either it's a binding node with no function overlap, in which case it gets a name
320             // in the symbol table - or it just gets space reserved in the symbol table. Either
321             // way we lift the value into the scope.
322             for (unsigned i = 0; i < parameters.size(); ++i) {
323                 ScopeOffset offset = functionSymbolTable->takeNextScopeOffset();
324                 functionSymbolTable->setArgumentOffset(vm, i, offset);
325                 if (UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first)) {
326                     VarOffset varOffset(offset);
327                     SymbolTableEntry entry(varOffset);
328                     // Stores to these variables via the ScopedArguments object will not do
329                     // notifyWrite(), since that would be cumbersome. Also, watching formal
330                     // parameters when "arguments" is in play is unlikely to be super profitable.
331                     // So, we just disable it.
332                     entry.disableWatching();
333                     functionSymbolTable->set(name, entry);
334                 }
335                 emitOpcode(op_put_to_scope);
336                 instructions().append(m_lexicalEnvironmentRegister->index());
337                 instructions().append(UINT_MAX);
338                 instructions().append(virtualRegisterForArgument(1 + i).offset());
339                 instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, NotInitialization).operand());
340                 instructions().append(symbolTableConstantIndex);
341                 instructions().append(offset.offset());
342             }
343             
344             // This creates a scoped arguments object and copies the overflow arguments into the
345             // scope. It's the equivalent of calling ScopedArguments::createByCopying().
346             emitOpcode(op_create_scoped_arguments);
347             instructions().append(m_argumentsRegister->index());
348             instructions().append(m_lexicalEnvironmentRegister->index());
349         } else {
350             // We're going to put all parameters into the DirectArguments object. First ensure
351             // that the symbol table knows that this is happening.
352             for (unsigned i = 0; i < parameters.size(); ++i) {
353                 if (UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first))
354                     functionSymbolTable->set(name, SymbolTableEntry(VarOffset(DirectArgumentsOffset(i))));
355             }
356             
357             emitOpcode(op_create_direct_arguments);
358             instructions().append(m_argumentsRegister->index());
359         }
360     } else if (!parameters.hasDefaultParameterValues()) {
361         // Create the formal parameters the normal way. Any of them could be captured, or not. If
362         // captured, lift them into the scope. We can not do this if we have default parameter expressions
363         // because when default parameter expressions exist, they belong in their own lexical environment
364         // separate from the "var" lexical environment.
365         for (unsigned i = 0; i < parameters.size(); ++i) {
366             UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first);
367             if (!name)
368                 continue;
369             
370             if (!captures(name)) {
371                 // This is the easy case - just tell the symbol table about the argument. It will
372                 // be accessed directly.
373                 functionSymbolTable->set(name, SymbolTableEntry(VarOffset(virtualRegisterForArgument(1 + i))));
374                 continue;
375             }
376             
377             ScopeOffset offset = functionSymbolTable->takeNextScopeOffset();
378             const Identifier& ident =
379                 static_cast<const BindingNode*>(parameters.at(i).first)->boundProperty();
380             functionSymbolTable->set(name, SymbolTableEntry(VarOffset(offset)));
381             
382             emitOpcode(op_put_to_scope);
383             instructions().append(m_lexicalEnvironmentRegister->index());
384             instructions().append(addConstant(ident));
385             instructions().append(virtualRegisterForArgument(1 + i).offset());
386             instructions().append(GetPutInfo(ThrowIfNotFound, LocalClosureVar, NotInitialization).operand());
387             instructions().append(symbolTableConstantIndex);
388             instructions().append(offset.offset());
389         }
390     }
391     
392     if (needsArguments && (codeBlock->isStrictMode() || parameters.hasDefaultParameterValues())) {
393         // Allocate an out-of-bands arguments object.
394         emitOpcode(op_create_out_of_band_arguments);
395         instructions().append(m_argumentsRegister->index());
396     }
397     
398     // Now declare all variables.
399     for (const Identifier& ident : boundParameterProperties) {
400         ASSERT(!parameters.hasDefaultParameterValues());
401         createVariable(ident, varKind(ident.impl()), functionSymbolTable);
402     }
403     for (FunctionMetadataNode* function : functionNode->functionStack()) {
404         const Identifier& ident = function->ident();
405         createVariable(ident, varKind(ident.impl()), functionSymbolTable);
406         m_functionsToInitialize.append(std::make_pair(function, NormalFunctionVariable));
407     }
408     for (auto& entry : functionNode->varDeclarations()) {
409         ASSERT(!entry.value.isLet() && !entry.value.isConst());
410         if (!entry.value.isVar()) // This is either a parameter or callee.
411             continue;
412         // Variables named "arguments" are never const.
413         createVariable(Identifier::fromUid(m_vm, entry.key.get()), varKind(entry.key.get()), functionSymbolTable, IgnoreExisting);
414     }
415
416     // There are some variables that need to be preinitialized to something other than Undefined:
417     //
418     // - "arguments": unless it's used as a function or parameter, this should refer to the
419     //   arguments object.
420     //
421     // - functions: these always override everything else.
422     //
423     // The most logical way to do all of this is to initialize none of the variables until now,
424     // and then initialize them in BytecodeGenerator::generate() in such an order that the rules
425     // for how these things override each other end up holding. We would initialize "arguments" first, 
426     // then all arguments, then the functions.
427     //
428     // But some arguments are already initialized by default, since if they aren't captured and we
429     // don't have "arguments" then we just point the symbol table at the stack slot of those
430     // arguments. We end up initializing the rest of the arguments that have an uncomplicated
431     // binding (i.e. don't involve destructuring) above when figuring out how to lay them out,
432     // because that's just the simplest thing. This means that when we initialize them, we have to
433     // watch out for the things that override arguments (namely, functions).
434     
435     // This is our final act of weirdness. "arguments" is overridden by everything except the
436     // callee. We add it to the symbol table if it's not already there and it's not an argument.
437     if (needsArguments) {
438         // If "arguments" is overridden by a function or destructuring parameter name, then it's
439         // OK for us to call createVariable() because it won't change anything. It's also OK for
440         // us to them tell BytecodeGenerator::generate() to write to it because it will do so
441         // before it initializes functions and destructuring parameters. But if "arguments" is
442         // overridden by a "simple" function parameter, then we have to bail: createVariable()
443         // would assert and BytecodeGenerator::generate() would write the "arguments" after the
444         // argument value had already been properly initialized.
445         
446         bool haveParameterNamedArguments = false;
447         for (unsigned i = 0; i < parameters.size(); ++i) {
448             UniquedStringImpl* name = visibleNameForParameter(parameters.at(i).first);
449             if (name == propertyNames().arguments.impl()) {
450                 haveParameterNamedArguments = true;
451                 break;
452             }
453         }
454         
455         if (!haveParameterNamedArguments) {
456             createVariable(
457                 propertyNames().arguments, varKind(propertyNames().arguments.impl()), functionSymbolTable);
458             m_needToInitializeArguments = true;
459         }
460     }
461
462     m_newTargetRegister = addVar();
463     if (!codeBlock->isArrowFunction()) {
464         if (isConstructor()) {
465             emitMove(m_newTargetRegister, &m_thisRegister);
466             if (constructorKind() == ConstructorKind::Derived)
467                 emitMoveEmptyValue(&m_thisRegister);
468             else
469                 emitCreateThis(&m_thisRegister);
470         } else if (constructorKind() != ConstructorKind::None) {
471             emitThrowTypeError("Cannot call a class constructor");
472         } else if (functionNode->usesThis() || codeBlock->usesEval()) {
473             m_codeBlock->addPropertyAccessInstruction(instructions().size());
474             emitOpcode(op_to_this);
475             instructions().append(kill(&m_thisRegister));
476             instructions().append(0);
477             instructions().append(0);
478         }
479     } else {
480         if (functionNode->usesThis() || codeBlock->usesEval())
481             emitLoadArrowFunctionThis(&m_thisRegister);
482     }
483
484     // All "addVar()"s needs to happen before "initializeDefaultParameterValuesAndSetupFunctionScopeStack()" is called
485     // because a function's default parameter ExpressionNodes will use temporary registers.
486     m_TDZStack.append(std::make_pair(*parentScopeTDZVariables, false));
487     initializeDefaultParameterValuesAndSetupFunctionScopeStack(parameters, functionNode, functionSymbolTable, symbolTableConstantIndex, captures);
488
489     pushLexicalScope(m_scopeNode, true);
490 }
491
492 BytecodeGenerator::BytecodeGenerator(VM& vm, EvalNode* evalNode, UnlinkedEvalCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode, const VariableEnvironment* parentScopeTDZVariables)
493     : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn)
494     , m_shouldEmitProfileHooks(Options::forceProfilerBytecodeGeneration() || profilerMode == ProfilerOn)
495     , m_scopeNode(evalNode)
496     , m_codeBlock(vm, codeBlock)
497     , m_thisRegister(CallFrame::thisArgumentOffset())
498     , m_codeType(EvalCode)
499     , m_vm(&vm)
500     , m_usesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode())
501 {
502     for (auto& constantRegister : m_linkTimeConstantRegisters)
503         constantRegister = nullptr;
504
505     allocateCalleeSaveSpace();
506
507     m_codeBlock->setNumParameters(1);
508
509     emitOpcode(op_enter);
510
511     allocateAndEmitScope();
512
513     const DeclarationStacks::FunctionStack& functionStack = evalNode->functionStack();
514     for (size_t i = 0; i < functionStack.size(); ++i)
515         m_codeBlock->addFunctionDecl(makeFunction(functionStack[i]));
516
517     const VariableEnvironment& varDeclarations = evalNode->varDeclarations();
518     unsigned numVariables = varDeclarations.size();
519     Vector<Identifier, 0, UnsafeVectorOverflow> variables;
520     variables.reserveCapacity(numVariables);
521     for (auto& entry : varDeclarations) {
522         ASSERT(entry.value.isVar());
523         ASSERT(entry.key->isAtomic() || entry.key->isSymbol());
524         variables.append(Identifier::fromUid(m_vm, entry.key.get()));
525     }
526     codeBlock->adoptVariables(variables);
527
528     m_TDZStack.append(std::make_pair(*parentScopeTDZVariables, false));
529
530     pushLexicalScope(m_scopeNode, true);
531 }
532
533 BytecodeGenerator::BytecodeGenerator(VM& vm, ModuleProgramNode* moduleProgramNode, UnlinkedModuleProgramCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode, const VariableEnvironment* parentScopeTDZVariables)
534     : m_shouldEmitDebugHooks(Options::forceDebuggerBytecodeGeneration() || debuggerMode == DebuggerOn)
535     , m_shouldEmitProfileHooks(Options::forceProfilerBytecodeGeneration() || profilerMode == ProfilerOn)
536     , m_scopeNode(moduleProgramNode)
537     , m_codeBlock(vm, codeBlock)
538     , m_thisRegister(CallFrame::thisArgumentOffset())
539     , m_codeType(ModuleCode)
540     , m_vm(&vm)
541     , m_usesNonStrictEval(false)
542 {
543     ASSERT_UNUSED(parentScopeTDZVariables, !parentScopeTDZVariables->size());
544
545     for (auto& constantRegister : m_linkTimeConstantRegisters)
546         constantRegister = nullptr;
547
548     if (m_isBuiltinFunction)
549         m_shouldEmitDebugHooks = false;
550
551     allocateCalleeSaveSpace();
552
553     SymbolTable* moduleEnvironmentSymbolTable = SymbolTable::create(*m_vm);
554     moduleEnvironmentSymbolTable->setUsesNonStrictEval(m_usesNonStrictEval);
555     moduleEnvironmentSymbolTable->setScopeType(SymbolTable::ScopeType::LexicalScope);
556
557     bool shouldCaptureSomeOfTheThings = m_shouldEmitDebugHooks || m_codeBlock->needsFullScopeChain();
558     bool shouldCaptureAllOfTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval();
559     if (shouldCaptureAllOfTheThings)
560         moduleProgramNode->varDeclarations().markAllVariablesAsCaptured();
561
562     auto captures = [&] (UniquedStringImpl* uid) -> bool {
563         if (!shouldCaptureSomeOfTheThings)
564             return false;
565         return moduleProgramNode->captures(uid);
566     };
567     auto lookUpVarKind = [&] (UniquedStringImpl* uid, const VariableEnvironmentEntry& entry) -> VarKind {
568         // Allocate the exported variables in the module environment.
569         if (entry.isExported())
570             return VarKind::Scope;
571
572         // Allocate the namespace variables in the module environment to instantiate
573         // it from the outside of the module code.
574         if (entry.isImportedNamespace())
575             return VarKind::Scope;
576
577         if (entry.isCaptured())
578             return VarKind::Scope;
579         return captures(uid) ? VarKind::Scope : VarKind::Stack;
580     };
581
582     emitOpcode(op_enter);
583
584     allocateAndEmitScope();
585
586     m_calleeRegister.setIndex(JSStack::Callee);
587
588     m_codeBlock->setNumParameters(1); // Allocate space for "this"
589
590     // Now declare all variables.
591
592     for (auto& entry : moduleProgramNode->varDeclarations()) {
593         ASSERT(!entry.value.isLet() && !entry.value.isConst());
594         if (!entry.value.isVar()) // This is either a parameter or callee.
595             continue;
596         // Imported bindings are not allocated in the module environment as usual variables' way.
597         // These references remain the "Dynamic" in the unlinked code block. Later, when linking
598         // the code block, we resolve the reference to the "ModuleVar".
599         if (entry.value.isImported() && !entry.value.isImportedNamespace())
600             continue;
601         createVariable(Identifier::fromUid(m_vm, entry.key.get()), lookUpVarKind(entry.key.get(), entry.value), moduleEnvironmentSymbolTable, IgnoreExisting);
602     }
603
604     VariableEnvironment& lexicalVariables = moduleProgramNode->lexicalVariables();
605     instantiateLexicalVariables(lexicalVariables, moduleEnvironmentSymbolTable, ScopeRegisterType::Block, lookUpVarKind);
606
607     // We keep the symbol table in the constant pool.
608     RegisterID* constantSymbolTable = nullptr;
609     if (vm.typeProfiler())
610         constantSymbolTable = addConstantValue(moduleEnvironmentSymbolTable);
611     else
612         constantSymbolTable = addConstantValue(moduleEnvironmentSymbolTable->cloneScopePart(*m_vm));
613
614     m_TDZStack.append(std::make_pair(lexicalVariables, true));
615     m_symbolTableStack.append(SymbolTableStackEntry { Strong<SymbolTable>(*m_vm, moduleEnvironmentSymbolTable), m_topMostScope, false, constantSymbolTable->index() });
616     emitPrefillStackTDZVariables(lexicalVariables, moduleEnvironmentSymbolTable);
617
618     // makeFunction assumes that there's correct TDZ stack entries.
619     // So it should be called after putting our lexical environment to the TDZ stack correctly.
620
621     for (FunctionMetadataNode* function : moduleProgramNode->functionStack()) {
622         const auto& iterator = moduleProgramNode->varDeclarations().find(function->ident().impl());
623         RELEASE_ASSERT(iterator != moduleProgramNode->varDeclarations().end());
624         RELEASE_ASSERT(!iterator->value.isImported());
625
626         VarKind varKind = lookUpVarKind(iterator->key.get(), iterator->value);
627         if (varKind == VarKind::Scope) {
628             // http://www.ecma-international.org/ecma-262/6.0/#sec-moduledeclarationinstantiation
629             // Section 15.2.1.16.4, step 16-a-iv-1.
630             // All heap allocated function declarations should be instantiated when the module environment
631             // is created. They include the exported function declarations and not-exported-but-heap-allocated
632             // function declarations. This is required because exported function should be instantiated before
633             // executing the any module in the dependency graph. This enables the modules to link the imported
634             // bindings before executing the any module code.
635             //
636             // And since function declarations are instantiated before executing the module body code, the spec
637             // allows the functions inside the module to be executed before its module body is executed under
638             // the circular dependencies. The following is the example.
639             //
640             // Module A (executed first):
641             //    import { b } from "B";
642             //    // Here, the module "B" is not executed yet, but the function declaration is already instantiated.
643             //    // So we can call the function exported from "B".
644             //    b();
645             //
646             //    export function a() {
647             //    }
648             //
649             // Module B (executed second):
650             //    import { a } from "A";
651             //
652             //    export function b() {
653             //        c();
654             //    }
655             //
656             //    // c is not exported, but since it is referenced from the b, we should instantiate it before
657             //    // executing the "B" module code.
658             //    function c() {
659             //        a();
660             //    }
661             //
662             // Module EntryPoint (executed last):
663             //    import "B";
664             //    import "A";
665             //
666             m_codeBlock->addFunctionDecl(makeFunction(function));
667         } else {
668             // Stack allocated functions can be allocated when executing the module's body.
669             m_functionsToInitialize.append(std::make_pair(function, NormalFunctionVariable));
670         }
671     }
672
673     // Remember the constant register offset to the top-most symbol table. This symbol table will be
674     // cloned in the code block linking. After that, to create the module environment, we retrieve
675     // the cloned symbol table from the linked code block by using this offset.
676     codeBlock->setModuleEnvironmentSymbolTableConstantRegisterOffset(constantSymbolTable->index());
677 }
678
679 BytecodeGenerator::~BytecodeGenerator()
680 {
681 }
682
683 void BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack(
684     FunctionParameters& parameters, FunctionNode* functionNode, SymbolTable* functionSymbolTable, 
685     int symbolTableConstantIndex, const std::function<bool (UniquedStringImpl*)>& captures)
686 {
687     Vector<std::pair<Identifier, RefPtr<RegisterID>>> valuesToMoveIntoVars;
688     if (parameters.hasDefaultParameterValues()) {
689         // Refer to the ES6 spec section 9.2.12: http://www.ecma-international.org/ecma-262/6.0/index.html#sec-functiondeclarationinstantiation
690         // This implements step 21.
691         VariableEnvironment environment;
692         Vector<Identifier> allParameterNames; 
693         for (unsigned i = 0; i < parameters.size(); i++)
694             parameters.at(i).first->collectBoundIdentifiers(allParameterNames);
695         IdentifierSet parameterSet;
696         for (auto& ident : allParameterNames) {
697             parameterSet.add(ident.impl());
698             auto addResult = environment.add(ident);
699             addResult.iterator->value.setIsLet(); // When we have default parameter expressions, parameters act like "let" variables.
700             if (captures(ident.impl()))
701                 addResult.iterator->value.setIsCaptured();
702         }
703         
704         // This implements step 25 of section 9.2.12.
705         pushLexicalScopeInternal(environment, true, nullptr, TDZRequirement::UnderTDZ, ScopeType::LetConstScope, ScopeRegisterType::Block);
706
707         RefPtr<RegisterID> temp = newTemporary();
708         for (unsigned i = 0; i < parameters.size(); i++) {
709             std::pair<DestructuringPatternNode*, ExpressionNode*> parameter = parameters.at(i);
710             RefPtr<RegisterID> parameterValue = &registerFor(virtualRegisterForArgument(1 + i));
711             emitMove(temp.get(), parameterValue.get());
712             if (parameter.second) {
713                 RefPtr<RegisterID> condition = emitIsUndefined(newTemporary(), parameterValue.get());
714                 RefPtr<Label> skipDefaultParameterBecauseNotUndefined = newLabel();
715                 emitJumpIfFalse(condition.get(), skipDefaultParameterBecauseNotUndefined.get());
716                 emitNode(temp.get(), parameter.second);
717                 emitLabel(skipDefaultParameterBecauseNotUndefined.get());
718             }
719
720             parameter.first->bindValue(*this, temp.get());
721         }
722
723         // Final act of weirdness for default parameters. If a "var" also
724         // has the same name as a parameter, it should start out as the
725         // value of that parameter. Note, though, that they will be distinct
726         // bindings.
727         // This is step 28 of section 9.2.12. 
728         for (auto& entry : functionNode->varDeclarations()) {
729             if (!entry.value.isVar()) // This is either a parameter or callee.
730                 continue;
731
732             if (parameterSet.contains(entry.key)) {
733                 Identifier ident = Identifier::fromUid(m_vm, entry.key.get());
734                 Variable var = variable(ident);
735                 RegisterID* scope = emitResolveScope(nullptr, var);
736                 RefPtr<RegisterID> value = emitGetFromScope(newTemporary(), scope, var, DoNotThrowIfNotFound);
737                 valuesToMoveIntoVars.append(std::make_pair(ident, value));
738             }
739         }
740
741         // Functions with default parameter expressions must have a separate environment
742         // record for parameters and "var"s. The "var" environment record must have the
743         // parameter environment record as its parent.
744         // See step 28 of section 9.2.12.
745         if (m_lexicalEnvironmentRegister)
746             initializeVarLexicalEnvironment(symbolTableConstantIndex);
747     }
748
749     if (m_lexicalEnvironmentRegister)
750         pushScopedControlFlowContext();
751     m_symbolTableStack.append(SymbolTableStackEntry{ Strong<SymbolTable>(*m_vm, functionSymbolTable), m_lexicalEnvironmentRegister, false, symbolTableConstantIndex });
752
753     // This completes step 28 of section 9.2.12.
754     for (unsigned i = 0; i < valuesToMoveIntoVars.size(); i++) {
755         ASSERT(parameters.hasDefaultParameterValues());
756         Variable var = variable(valuesToMoveIntoVars[i].first);
757         RegisterID* scope = emitResolveScope(nullptr, var);
758         emitPutToScope(scope, var, valuesToMoveIntoVars[i].second.get(), DoNotThrowIfNotFound, NotInitialization);
759     }
760
761     if (!parameters.hasDefaultParameterValues()) {
762         ASSERT(!valuesToMoveIntoVars.size());
763         // Initialize destructuring parameters the old way as if we don't have any default parameter values.
764         // If we have default parameter values, we handle this case above.
765         for (unsigned i = 0; i < parameters.size(); i++) {
766             DestructuringPatternNode* pattern = parameters.at(i).first;
767             if (!pattern->isBindingNode()) {
768                 RefPtr<RegisterID> parameterValue = &registerFor(virtualRegisterForArgument(1 + i));
769                 pattern->bindValue(*this, parameterValue.get());
770             }
771         }
772     }
773 }
774
775 RegisterID* BytecodeGenerator::initializeNextParameter()
776 {
777     VirtualRegister reg = virtualRegisterForArgument(m_codeBlock->numParameters());
778     RegisterID& parameter = registerFor(reg);
779     parameter.setIndex(reg.offset());
780     m_codeBlock->addParameter();
781     return &parameter;
782 }
783
784 void BytecodeGenerator::initializeVarLexicalEnvironment(int symbolTableConstantIndex)
785 {
786     RELEASE_ASSERT(m_lexicalEnvironmentRegister);
787     m_codeBlock->setActivationRegister(m_lexicalEnvironmentRegister->virtualRegister());
788     emitOpcode(op_create_lexical_environment);
789     instructions().append(m_lexicalEnvironmentRegister->index());
790     instructions().append(scopeRegister()->index());
791     instructions().append(symbolTableConstantIndex);
792     instructions().append(addConstantValue(jsUndefined())->index());
793
794     emitOpcode(op_mov);
795     instructions().append(scopeRegister()->index());
796     instructions().append(m_lexicalEnvironmentRegister->index());
797 }
798
799 UniquedStringImpl* BytecodeGenerator::visibleNameForParameter(DestructuringPatternNode* pattern)
800 {
801     if (pattern->isBindingNode()) {
802         const Identifier& ident = static_cast<const BindingNode*>(pattern)->boundProperty();
803         if (!m_functions.contains(ident.impl()))
804             return ident.impl();
805     }
806     return nullptr;
807 }
808
809 RegisterID* BytecodeGenerator::newRegister()
810 {
811     m_calleeRegisters.append(virtualRegisterForLocal(m_calleeRegisters.size()));
812     int numCalleeRegisters = max<int>(m_codeBlock->m_numCalleeRegisters, m_calleeRegisters.size());
813     numCalleeRegisters = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), numCalleeRegisters);
814     m_codeBlock->m_numCalleeRegisters = numCalleeRegisters;
815     return &m_calleeRegisters.last();
816 }
817
818 void BytecodeGenerator::reclaimFreeRegisters()
819 {
820     while (m_calleeRegisters.size() && !m_calleeRegisters.last().refCount())
821         m_calleeRegisters.removeLast();
822 }
823
824 RegisterID* BytecodeGenerator::newBlockScopeVariable()
825 {
826     reclaimFreeRegisters();
827
828     return newRegister();
829 }
830
831 RegisterID* BytecodeGenerator::newTemporary()
832 {
833     reclaimFreeRegisters();
834
835     RegisterID* result = newRegister();
836     result->setTemporary();
837     return result;
838 }
839
840 LabelScopePtr BytecodeGenerator::newLabelScope(LabelScope::Type type, const Identifier* name)
841 {
842     // Reclaim free label scopes.
843     while (m_labelScopes.size() && !m_labelScopes.last().refCount())
844         m_labelScopes.removeLast();
845
846     // Allocate new label scope.
847     LabelScope scope(type, name, labelScopeDepth(), newLabel(), type == LabelScope::Loop ? newLabel() : PassRefPtr<Label>()); // Only loops have continue targets.
848     m_labelScopes.append(scope);
849     return LabelScopePtr(m_labelScopes, m_labelScopes.size() - 1);
850 }
851
852 PassRefPtr<Label> BytecodeGenerator::newLabel()
853 {
854     // Reclaim free label IDs.
855     while (m_labels.size() && !m_labels.last().refCount())
856         m_labels.removeLast();
857
858     // Allocate new label ID.
859     m_labels.append(*this);
860     return &m_labels.last();
861 }
862
863 PassRefPtr<Label> BytecodeGenerator::emitLabel(Label* l0)
864 {
865     unsigned newLabelIndex = instructions().size();
866     l0->setLocation(newLabelIndex);
867
868     if (m_codeBlock->numberOfJumpTargets()) {
869         unsigned lastLabelIndex = m_codeBlock->lastJumpTarget();
870         ASSERT(lastLabelIndex <= newLabelIndex);
871         if (newLabelIndex == lastLabelIndex) {
872             // Peephole optimizations have already been disabled by emitting the last label
873             return l0;
874         }
875     }
876
877     m_codeBlock->addJumpTarget(newLabelIndex);
878
879     // This disables peephole optimizations when an instruction is a jump target
880     m_lastOpcodeID = op_end;
881     return l0;
882 }
883
884 void BytecodeGenerator::emitOpcode(OpcodeID opcodeID)
885 {
886 #ifndef NDEBUG
887     size_t opcodePosition = instructions().size();
888     ASSERT(opcodePosition - m_lastOpcodePosition == opcodeLength(m_lastOpcodeID) || m_lastOpcodeID == op_end);
889     m_lastOpcodePosition = opcodePosition;
890 #endif
891     instructions().append(opcodeID);
892     m_lastOpcodeID = opcodeID;
893 }
894
895 UnlinkedArrayProfile BytecodeGenerator::newArrayProfile()
896 {
897     return m_codeBlock->addArrayProfile();
898 }
899
900 UnlinkedArrayAllocationProfile BytecodeGenerator::newArrayAllocationProfile()
901 {
902     return m_codeBlock->addArrayAllocationProfile();
903 }
904
905 UnlinkedObjectAllocationProfile BytecodeGenerator::newObjectAllocationProfile()
906 {
907     return m_codeBlock->addObjectAllocationProfile();
908 }
909
910 UnlinkedValueProfile BytecodeGenerator::emitProfiledOpcode(OpcodeID opcodeID)
911 {
912     UnlinkedValueProfile result = m_codeBlock->addValueProfile();
913     emitOpcode(opcodeID);
914     return result;
915 }
916
917 void BytecodeGenerator::emitLoopHint()
918 {
919     emitOpcode(op_loop_hint);
920 }
921
922 void BytecodeGenerator::retrieveLastBinaryOp(int& dstIndex, int& src1Index, int& src2Index)
923 {
924     ASSERT(instructions().size() >= 4);
925     size_t size = instructions().size();
926     dstIndex = instructions().at(size - 3).u.operand;
927     src1Index = instructions().at(size - 2).u.operand;
928     src2Index = instructions().at(size - 1).u.operand;
929 }
930
931 void BytecodeGenerator::retrieveLastUnaryOp(int& dstIndex, int& srcIndex)
932 {
933     ASSERT(instructions().size() >= 3);
934     size_t size = instructions().size();
935     dstIndex = instructions().at(size - 2).u.operand;
936     srcIndex = instructions().at(size - 1).u.operand;
937 }
938
939 void ALWAYS_INLINE BytecodeGenerator::rewindBinaryOp()
940 {
941     ASSERT(instructions().size() >= 4);
942     instructions().shrink(instructions().size() - 4);
943     m_lastOpcodeID = op_end;
944 }
945
946 void ALWAYS_INLINE BytecodeGenerator::rewindUnaryOp()
947 {
948     ASSERT(instructions().size() >= 3);
949     instructions().shrink(instructions().size() - 3);
950     m_lastOpcodeID = op_end;
951 }
952
953 PassRefPtr<Label> BytecodeGenerator::emitJump(Label* target)
954 {
955     size_t begin = instructions().size();
956     emitOpcode(op_jmp);
957     instructions().append(target->bind(begin, instructions().size()));
958     return target;
959 }
960
961 PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* target)
962 {
963     if (m_lastOpcodeID == op_less) {
964         int dstIndex;
965         int src1Index;
966         int src2Index;
967
968         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
969
970         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
971             rewindBinaryOp();
972
973             size_t begin = instructions().size();
974             emitOpcode(op_jless);
975             instructions().append(src1Index);
976             instructions().append(src2Index);
977             instructions().append(target->bind(begin, instructions().size()));
978             return target;
979         }
980     } else if (m_lastOpcodeID == op_lesseq) {
981         int dstIndex;
982         int src1Index;
983         int src2Index;
984
985         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
986
987         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
988             rewindBinaryOp();
989
990             size_t begin = instructions().size();
991             emitOpcode(op_jlesseq);
992             instructions().append(src1Index);
993             instructions().append(src2Index);
994             instructions().append(target->bind(begin, instructions().size()));
995             return target;
996         }
997     } else if (m_lastOpcodeID == op_greater) {
998         int dstIndex;
999         int src1Index;
1000         int src2Index;
1001
1002         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
1003
1004         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1005             rewindBinaryOp();
1006
1007             size_t begin = instructions().size();
1008             emitOpcode(op_jgreater);
1009             instructions().append(src1Index);
1010             instructions().append(src2Index);
1011             instructions().append(target->bind(begin, instructions().size()));
1012             return target;
1013         }
1014     } else if (m_lastOpcodeID == op_greatereq) {
1015         int dstIndex;
1016         int src1Index;
1017         int src2Index;
1018
1019         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
1020
1021         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1022             rewindBinaryOp();
1023
1024             size_t begin = instructions().size();
1025             emitOpcode(op_jgreatereq);
1026             instructions().append(src1Index);
1027             instructions().append(src2Index);
1028             instructions().append(target->bind(begin, instructions().size()));
1029             return target;
1030         }
1031     } else if (m_lastOpcodeID == op_eq_null && target->isForward()) {
1032         int dstIndex;
1033         int srcIndex;
1034
1035         retrieveLastUnaryOp(dstIndex, srcIndex);
1036
1037         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1038             rewindUnaryOp();
1039
1040             size_t begin = instructions().size();
1041             emitOpcode(op_jeq_null);
1042             instructions().append(srcIndex);
1043             instructions().append(target->bind(begin, instructions().size()));
1044             return target;
1045         }
1046     } else if (m_lastOpcodeID == op_neq_null && target->isForward()) {
1047         int dstIndex;
1048         int srcIndex;
1049
1050         retrieveLastUnaryOp(dstIndex, srcIndex);
1051
1052         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1053             rewindUnaryOp();
1054
1055             size_t begin = instructions().size();
1056             emitOpcode(op_jneq_null);
1057             instructions().append(srcIndex);
1058             instructions().append(target->bind(begin, instructions().size()));
1059             return target;
1060         }
1061     }
1062
1063     size_t begin = instructions().size();
1064
1065     emitOpcode(op_jtrue);
1066     instructions().append(cond->index());
1067     instructions().append(target->bind(begin, instructions().size()));
1068     return target;
1069 }
1070
1071 PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* target)
1072 {
1073     if (m_lastOpcodeID == op_less && target->isForward()) {
1074         int dstIndex;
1075         int src1Index;
1076         int src2Index;
1077
1078         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
1079
1080         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1081             rewindBinaryOp();
1082
1083             size_t begin = instructions().size();
1084             emitOpcode(op_jnless);
1085             instructions().append(src1Index);
1086             instructions().append(src2Index);
1087             instructions().append(target->bind(begin, instructions().size()));
1088             return target;
1089         }
1090     } else if (m_lastOpcodeID == op_lesseq && target->isForward()) {
1091         int dstIndex;
1092         int src1Index;
1093         int src2Index;
1094
1095         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
1096
1097         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1098             rewindBinaryOp();
1099
1100             size_t begin = instructions().size();
1101             emitOpcode(op_jnlesseq);
1102             instructions().append(src1Index);
1103             instructions().append(src2Index);
1104             instructions().append(target->bind(begin, instructions().size()));
1105             return target;
1106         }
1107     } else if (m_lastOpcodeID == op_greater && target->isForward()) {
1108         int dstIndex;
1109         int src1Index;
1110         int src2Index;
1111
1112         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
1113
1114         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1115             rewindBinaryOp();
1116
1117             size_t begin = instructions().size();
1118             emitOpcode(op_jngreater);
1119             instructions().append(src1Index);
1120             instructions().append(src2Index);
1121             instructions().append(target->bind(begin, instructions().size()));
1122             return target;
1123         }
1124     } else if (m_lastOpcodeID == op_greatereq && target->isForward()) {
1125         int dstIndex;
1126         int src1Index;
1127         int src2Index;
1128
1129         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
1130
1131         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1132             rewindBinaryOp();
1133
1134             size_t begin = instructions().size();
1135             emitOpcode(op_jngreatereq);
1136             instructions().append(src1Index);
1137             instructions().append(src2Index);
1138             instructions().append(target->bind(begin, instructions().size()));
1139             return target;
1140         }
1141     } else if (m_lastOpcodeID == op_not) {
1142         int dstIndex;
1143         int srcIndex;
1144
1145         retrieveLastUnaryOp(dstIndex, srcIndex);
1146
1147         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1148             rewindUnaryOp();
1149
1150             size_t begin = instructions().size();
1151             emitOpcode(op_jtrue);
1152             instructions().append(srcIndex);
1153             instructions().append(target->bind(begin, instructions().size()));
1154             return target;
1155         }
1156     } else if (m_lastOpcodeID == op_eq_null && target->isForward()) {
1157         int dstIndex;
1158         int srcIndex;
1159
1160         retrieveLastUnaryOp(dstIndex, srcIndex);
1161
1162         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1163             rewindUnaryOp();
1164
1165             size_t begin = instructions().size();
1166             emitOpcode(op_jneq_null);
1167             instructions().append(srcIndex);
1168             instructions().append(target->bind(begin, instructions().size()));
1169             return target;
1170         }
1171     } else if (m_lastOpcodeID == op_neq_null && target->isForward()) {
1172         int dstIndex;
1173         int srcIndex;
1174
1175         retrieveLastUnaryOp(dstIndex, srcIndex);
1176
1177         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
1178             rewindUnaryOp();
1179
1180             size_t begin = instructions().size();
1181             emitOpcode(op_jeq_null);
1182             instructions().append(srcIndex);
1183             instructions().append(target->bind(begin, instructions().size()));
1184             return target;
1185         }
1186     }
1187
1188     size_t begin = instructions().size();
1189     emitOpcode(op_jfalse);
1190     instructions().append(cond->index());
1191     instructions().append(target->bind(begin, instructions().size()));
1192     return target;
1193 }
1194
1195 PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionCall(RegisterID* cond, Label* target)
1196 {
1197     size_t begin = instructions().size();
1198
1199     emitOpcode(op_jneq_ptr);
1200     instructions().append(cond->index());
1201     instructions().append(Special::CallFunction);
1202     instructions().append(target->bind(begin, instructions().size()));
1203     return target;
1204 }
1205
1206 PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionApply(RegisterID* cond, Label* target)
1207 {
1208     size_t begin = instructions().size();
1209
1210     emitOpcode(op_jneq_ptr);
1211     instructions().append(cond->index());
1212     instructions().append(Special::ApplyFunction);
1213     instructions().append(target->bind(begin, instructions().size()));
1214     return target;
1215 }
1216
1217 bool BytecodeGenerator::hasConstant(const Identifier& ident) const
1218 {
1219     UniquedStringImpl* rep = ident.impl();
1220     return m_identifierMap.contains(rep);
1221 }
1222
1223 unsigned BytecodeGenerator::addConstant(const Identifier& ident)
1224 {
1225     UniquedStringImpl* rep = ident.impl();
1226     IdentifierMap::AddResult result = m_identifierMap.add(rep, m_codeBlock->numberOfIdentifiers());
1227     if (result.isNewEntry)
1228         m_codeBlock->addIdentifier(ident);
1229
1230     return result.iterator->value;
1231 }
1232
1233 // We can't hash JSValue(), so we use a dedicated data member to cache it.
1234 RegisterID* BytecodeGenerator::addConstantEmptyValue()
1235 {
1236     if (!m_emptyValueRegister) {
1237         int index = m_nextConstantOffset;
1238         m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
1239         ++m_nextConstantOffset;
1240         m_codeBlock->addConstant(JSValue());
1241         m_emptyValueRegister = &m_constantPoolRegisters[index];
1242     }
1243
1244     return m_emptyValueRegister;
1245 }
1246
1247 RegisterID* BytecodeGenerator::addConstantValue(JSValue v, SourceCodeRepresentation sourceCodeRepresentation)
1248 {
1249     if (!v)
1250         return addConstantEmptyValue();
1251
1252     int index = m_nextConstantOffset;
1253
1254     EncodedJSValueWithRepresentation valueMapKey { JSValue::encode(v), sourceCodeRepresentation };
1255     JSValueMap::AddResult result = m_jsValueMap.add(valueMapKey, m_nextConstantOffset);
1256     if (result.isNewEntry) {
1257         m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
1258         ++m_nextConstantOffset;
1259         m_codeBlock->addConstant(v, sourceCodeRepresentation);
1260     } else
1261         index = result.iterator->value;
1262     return &m_constantPoolRegisters[index];
1263 }
1264
1265 RegisterID* BytecodeGenerator::emitMoveLinkTimeConstant(RegisterID* dst, LinkTimeConstant type)
1266 {
1267     unsigned constantIndex = static_cast<unsigned>(type);
1268     if (!m_linkTimeConstantRegisters[constantIndex]) {
1269         int index = m_nextConstantOffset;
1270         m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
1271         ++m_nextConstantOffset;
1272         m_codeBlock->addConstant(type);
1273         m_linkTimeConstantRegisters[constantIndex] = &m_constantPoolRegisters[index];
1274     }
1275
1276     emitOpcode(op_mov);
1277     instructions().append(dst->index());
1278     instructions().append(m_linkTimeConstantRegisters[constantIndex]->index());
1279
1280     return dst;
1281 }
1282
1283 unsigned BytecodeGenerator::addRegExp(RegExp* r)
1284 {
1285     return m_codeBlock->addRegExp(r);
1286 }
1287
1288 RegisterID* BytecodeGenerator::emitMoveEmptyValue(RegisterID* dst)
1289 {
1290     RefPtr<RegisterID> emptyValue = addConstantEmptyValue();
1291
1292     emitOpcode(op_mov);
1293     instructions().append(dst->index());
1294     instructions().append(emptyValue->index());
1295     return dst;
1296 }
1297
1298 RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, RegisterID* src)
1299 {
1300     ASSERT(src != m_emptyValueRegister);
1301
1302     m_staticPropertyAnalyzer.mov(dst->index(), src->index());
1303     emitOpcode(op_mov);
1304     instructions().append(dst->index());
1305     instructions().append(src->index());
1306
1307     return dst;
1308 }
1309
1310 RegisterID* BytecodeGenerator::emitUnaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src)
1311 {
1312     emitOpcode(opcodeID);
1313     instructions().append(dst->index());
1314     instructions().append(src->index());
1315     return dst;
1316 }
1317
1318 RegisterID* BytecodeGenerator::emitInc(RegisterID* srcDst)
1319 {
1320     emitOpcode(op_inc);
1321     instructions().append(srcDst->index());
1322     return srcDst;
1323 }
1324
1325 RegisterID* BytecodeGenerator::emitDec(RegisterID* srcDst)
1326 {
1327     emitOpcode(op_dec);
1328     instructions().append(srcDst->index());
1329     return srcDst;
1330 }
1331
1332 RegisterID* BytecodeGenerator::emitBinaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes types)
1333 {
1334     emitOpcode(opcodeID);
1335     instructions().append(dst->index());
1336     instructions().append(src1->index());
1337     instructions().append(src2->index());
1338
1339     if (opcodeID == op_bitor || opcodeID == op_bitand || opcodeID == op_bitxor ||
1340         opcodeID == op_add || opcodeID == op_mul || opcodeID == op_sub || opcodeID == op_div)
1341         instructions().append(types.toInt());
1342
1343     return dst;
1344 }
1345
1346 RegisterID* BytecodeGenerator::emitEqualityOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2)
1347 {
1348     if (m_lastOpcodeID == op_typeof) {
1349         int dstIndex;
1350         int srcIndex;
1351
1352         retrieveLastUnaryOp(dstIndex, srcIndex);
1353
1354         if (src1->index() == dstIndex
1355             && src1->isTemporary()
1356             && m_codeBlock->isConstantRegisterIndex(src2->index())
1357             && m_codeBlock->constantRegister(src2->index()).get().isString()) {
1358             const String& value = asString(m_codeBlock->constantRegister(src2->index()).get())->tryGetValue();
1359             if (value == "undefined") {
1360                 rewindUnaryOp();
1361                 emitOpcode(op_is_undefined);
1362                 instructions().append(dst->index());
1363                 instructions().append(srcIndex);
1364                 return dst;
1365             }
1366             if (value == "boolean") {
1367                 rewindUnaryOp();
1368                 emitOpcode(op_is_boolean);
1369                 instructions().append(dst->index());
1370                 instructions().append(srcIndex);
1371                 return dst;
1372             }
1373             if (value == "number") {
1374                 rewindUnaryOp();
1375                 emitOpcode(op_is_number);
1376                 instructions().append(dst->index());
1377                 instructions().append(srcIndex);
1378                 return dst;
1379             }
1380             if (value == "string") {
1381                 rewindUnaryOp();
1382                 emitOpcode(op_is_string);
1383                 instructions().append(dst->index());
1384                 instructions().append(srcIndex);
1385                 return dst;
1386             }
1387             if (value == "object") {
1388                 rewindUnaryOp();
1389                 emitOpcode(op_is_object_or_null);
1390                 instructions().append(dst->index());
1391                 instructions().append(srcIndex);
1392                 return dst;
1393             }
1394             if (value == "function") {
1395                 rewindUnaryOp();
1396                 emitOpcode(op_is_function);
1397                 instructions().append(dst->index());
1398                 instructions().append(srcIndex);
1399                 return dst;
1400             }
1401         }
1402     }
1403
1404     emitOpcode(opcodeID);
1405     instructions().append(dst->index());
1406     instructions().append(src1->index());
1407     instructions().append(src2->index());
1408     return dst;
1409 }
1410
1411 void BytecodeGenerator::emitTypeProfilerExpressionInfo(const JSTextPosition& startDivot, const JSTextPosition& endDivot)
1412 {
1413     ASSERT(vm()->typeProfiler());
1414
1415     unsigned start = startDivot.offset; // Ranges are inclusive of their endpoints, AND 0 indexed.
1416     unsigned end = endDivot.offset - 1; // End Ranges already go one past the inclusive range, so subtract 1.
1417     unsigned instructionOffset = instructions().size() - 1;
1418     m_codeBlock->addTypeProfilerExpressionInfo(instructionOffset, start, end);
1419 }
1420
1421 void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, ProfileTypeBytecodeFlag flag)
1422 {
1423     if (!vm()->typeProfiler())
1424         return;
1425
1426     if (!registerToProfile)
1427         return;
1428
1429     emitOpcode(op_profile_type);
1430     instructions().append(registerToProfile->index());
1431     instructions().append(0);
1432     instructions().append(flag);
1433     instructions().append(0);
1434     instructions().append(resolveType());
1435
1436     // Don't emit expression info for this version of profile type. This generally means
1437     // we're profiling information for something that isn't in the actual text of a JavaScript
1438     // program. For example, implicit return undefined from a function call.
1439 }
1440
1441 void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, const JSTextPosition& startDivot, const JSTextPosition& endDivot)
1442 {
1443     emitProfileType(registerToProfile, ProfileTypeBytecodeDoesNotHaveGlobalID, startDivot, endDivot);
1444 }
1445
1446 void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, ProfileTypeBytecodeFlag flag, const JSTextPosition& startDivot, const JSTextPosition& endDivot)
1447 {
1448     if (!vm()->typeProfiler())
1449         return;
1450
1451     if (!registerToProfile)
1452         return;
1453
1454     // The format of this instruction is: op_profile_type regToProfile, TypeLocation*, flag, identifier?, resolveType?
1455     emitOpcode(op_profile_type);
1456     instructions().append(registerToProfile->index());
1457     instructions().append(0);
1458     instructions().append(flag);
1459     instructions().append(0);
1460     instructions().append(resolveType());
1461
1462     emitTypeProfilerExpressionInfo(startDivot, endDivot);
1463 }
1464
1465 void BytecodeGenerator::emitProfileType(RegisterID* registerToProfile, const Variable& var, const JSTextPosition& startDivot, const JSTextPosition& endDivot)
1466 {
1467     if (!vm()->typeProfiler())
1468         return;
1469
1470     if (!registerToProfile)
1471         return;
1472
1473     ProfileTypeBytecodeFlag flag;
1474     int symbolTableOrScopeDepth;
1475     if (var.local() || var.offset().isScope()) {
1476         flag = ProfileTypeBytecodeLocallyResolved;
1477         symbolTableOrScopeDepth = var.symbolTableConstantIndex();
1478     } else {
1479         flag = ProfileTypeBytecodeClosureVar;
1480         symbolTableOrScopeDepth = localScopeDepth();
1481     }
1482
1483     // The format of this instruction is: op_profile_type regToProfile, TypeLocation*, flag, identifier?, resolveType?
1484     emitOpcode(op_profile_type);
1485     instructions().append(registerToProfile->index());
1486     instructions().append(symbolTableOrScopeDepth);
1487     instructions().append(flag);
1488     instructions().append(addConstant(var.ident()));
1489     instructions().append(resolveType());
1490
1491     emitTypeProfilerExpressionInfo(startDivot, endDivot);
1492 }
1493
1494 void BytecodeGenerator::emitProfileControlFlow(int textOffset)
1495 {
1496     if (vm()->controlFlowProfiler()) {
1497         RELEASE_ASSERT(textOffset >= 0);
1498         size_t bytecodeOffset = instructions().size();
1499         m_codeBlock->addOpProfileControlFlowBytecodeOffset(bytecodeOffset);
1500
1501         emitOpcode(op_profile_control_flow);
1502         instructions().append(textOffset);
1503     }
1504 }
1505
1506 RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, bool b)
1507 {
1508     return emitLoad(dst, jsBoolean(b));
1509 }
1510
1511 RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, const Identifier& identifier)
1512 {
1513     JSString*& stringInMap = m_stringMap.add(identifier.impl(), nullptr).iterator->value;
1514     if (!stringInMap)
1515         stringInMap = jsOwnedString(vm(), identifier.string());
1516     return emitLoad(dst, JSValue(stringInMap));
1517 }
1518
1519 RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, JSValue v, SourceCodeRepresentation sourceCodeRepresentation)
1520 {
1521     RegisterID* constantID = addConstantValue(v, sourceCodeRepresentation);
1522     if (dst)
1523         return emitMove(dst, constantID);
1524     return constantID;
1525 }
1526
1527 RegisterID* BytecodeGenerator::emitLoadGlobalObject(RegisterID* dst)
1528 {
1529     if (!m_globalObjectRegister) {
1530         int index = m_nextConstantOffset;
1531         m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
1532         ++m_nextConstantOffset;
1533         m_codeBlock->addConstant(JSValue());
1534         m_globalObjectRegister = &m_constantPoolRegisters[index];
1535         m_codeBlock->setGlobalObjectRegister(VirtualRegister(index));
1536     }
1537     if (dst)
1538         emitMove(dst, m_globalObjectRegister);
1539     return m_globalObjectRegister;
1540 }
1541
1542 template<typename LookUpVarKindFunctor>
1543 bool BytecodeGenerator::instantiateLexicalVariables(const VariableEnvironment& lexicalVariables, SymbolTable* symbolTable, ScopeRegisterType scopeRegisterType, LookUpVarKindFunctor lookUpVarKind)
1544 {
1545     bool hasCapturedVariables = false;
1546     {
1547         ConcurrentJITLocker locker(symbolTable->m_lock);
1548         for (auto& entry : lexicalVariables) {
1549             ASSERT(entry.value.isLet() || entry.value.isConst());
1550             ASSERT(!entry.value.isVar());
1551             SymbolTableEntry symbolTableEntry = symbolTable->get(locker, entry.key.get());
1552             ASSERT(symbolTableEntry.isNull());
1553
1554             // Imported bindings which are not the namespace bindings are not allocated
1555             // in the module environment as usual variables' way.
1556             // And since these types of the variables only seen in the module environment,
1557             // other lexical environment need not to take care this.
1558             if (entry.value.isImported() && !entry.value.isImportedNamespace())
1559                 continue;
1560
1561             VarKind varKind = lookUpVarKind(entry.key.get(), entry.value);
1562             VarOffset varOffset;
1563             if (varKind == VarKind::Scope) {
1564                 varOffset = VarOffset(symbolTable->takeNextScopeOffset(locker));
1565                 hasCapturedVariables = true;
1566             } else {
1567                 ASSERT(varKind == VarKind::Stack);
1568                 RegisterID* local;
1569                 if (scopeRegisterType == ScopeRegisterType::Block) {
1570                     local = newBlockScopeVariable();
1571                     local->ref();
1572                 } else
1573                     local = addVar();
1574                 varOffset = VarOffset(local->virtualRegister());
1575             }
1576
1577             SymbolTableEntry newEntry(varOffset, entry.value.isConst() ? ReadOnly : 0);
1578             symbolTable->add(locker, entry.key.get(), newEntry);
1579         }
1580     }
1581     return hasCapturedVariables;
1582 }
1583
1584 void BytecodeGenerator::emitPrefillStackTDZVariables(const VariableEnvironment& lexicalVariables, SymbolTable* symbolTable)
1585 {
1586     // Prefill stack variables with the TDZ empty value.
1587     // Scope variables will be initialized to the TDZ empty value when JSLexicalEnvironment is allocated.
1588     for (auto& entry : lexicalVariables) {
1589         // Imported bindings which are not the namespace bindings are not allocated
1590         // in the module environment as usual variables' way.
1591         // And since these types of the variables only seen in the module environment,
1592         // other lexical environment need not to take care this.
1593         if (entry.value.isImported() && !entry.value.isImportedNamespace())
1594             continue;
1595
1596         SymbolTableEntry symbolTableEntry = symbolTable->get(entry.key.get());
1597         ASSERT(!symbolTableEntry.isNull());
1598         VarOffset offset = symbolTableEntry.varOffset();
1599         if (offset.isScope())
1600             continue;
1601
1602         ASSERT(offset.isStack());
1603         emitMoveEmptyValue(&registerFor(offset.stackOffset()));
1604     }
1605 }
1606
1607 void BytecodeGenerator::pushLexicalScope(VariableEnvironmentNode* node, bool canOptimizeTDZChecks, RegisterID** constantSymbolTableResult)
1608 {
1609     VariableEnvironment& environment = node->lexicalVariables();
1610     pushLexicalScopeInternal(environment, canOptimizeTDZChecks, constantSymbolTableResult, TDZRequirement::UnderTDZ, ScopeType::LetConstScope, ScopeRegisterType::Block);
1611 }
1612
1613 void BytecodeGenerator::pushLexicalScopeInternal(VariableEnvironment& environment, bool canOptimizeTDZChecks, 
1614     RegisterID** constantSymbolTableResult, TDZRequirement tdzRequirement, ScopeType scopeType, ScopeRegisterType scopeRegisterType)
1615 {
1616     if (!environment.size())
1617         return;
1618
1619     if (m_shouldEmitDebugHooks)
1620         environment.markAllVariablesAsCaptured();
1621
1622     Strong<SymbolTable> symbolTable(*m_vm, SymbolTable::create(*m_vm));
1623     switch (scopeType) {
1624     case ScopeType::CatchScope:
1625         symbolTable->setScopeType(SymbolTable::ScopeType::CatchScope);
1626         break;
1627     case ScopeType::LetConstScope:
1628         symbolTable->setScopeType(SymbolTable::ScopeType::LexicalScope);
1629         break;
1630     case ScopeType::FunctionNameScope:
1631         symbolTable->setScopeType(SymbolTable::ScopeType::FunctionNameScope);
1632         break;
1633     }
1634
1635     auto lookUpVarKind = [] (UniquedStringImpl*, const VariableEnvironmentEntry& entry) -> VarKind {
1636         return entry.isCaptured() ? VarKind::Scope : VarKind::Stack;
1637     };
1638
1639     bool hasCapturedVariables = instantiateLexicalVariables(environment, symbolTable.get(), scopeRegisterType, lookUpVarKind);
1640
1641     RegisterID* newScope = nullptr;
1642     RegisterID* constantSymbolTable = nullptr;
1643     int symbolTableConstantIndex = 0;
1644     if (vm()->typeProfiler()) {
1645         constantSymbolTable = addConstantValue(symbolTable.get());
1646         symbolTableConstantIndex = constantSymbolTable->index();
1647     }
1648     if (hasCapturedVariables) {
1649         if (scopeRegisterType == ScopeRegisterType::Block) {
1650             newScope = newBlockScopeVariable();
1651             newScope->ref();
1652         } else
1653             newScope = addVar();
1654         if (!constantSymbolTable) {
1655             ASSERT(!vm()->typeProfiler());
1656             constantSymbolTable = addConstantValue(symbolTable->cloneScopePart(*m_vm));
1657             symbolTableConstantIndex = constantSymbolTable->index();
1658         }
1659         if (constantSymbolTableResult)
1660             *constantSymbolTableResult = constantSymbolTable;
1661
1662         emitOpcode(op_create_lexical_environment);
1663         instructions().append(newScope->index());
1664         instructions().append(scopeRegister()->index());
1665         instructions().append(constantSymbolTable->index());
1666         instructions().append(addConstantValue(tdzRequirement == TDZRequirement::UnderTDZ ? jsTDZValue() : jsUndefined())->index());
1667
1668         emitMove(scopeRegister(), newScope);
1669
1670         pushScopedControlFlowContext();
1671     }
1672
1673     m_symbolTableStack.append(SymbolTableStackEntry{ symbolTable, newScope, false, symbolTableConstantIndex });
1674     if (tdzRequirement == TDZRequirement::UnderTDZ)
1675         m_TDZStack.append(std::make_pair(environment, canOptimizeTDZChecks));
1676
1677     if (tdzRequirement == TDZRequirement::UnderTDZ)
1678         emitPrefillStackTDZVariables(environment, symbolTable.get());
1679 }
1680
1681 void BytecodeGenerator::popLexicalScope(VariableEnvironmentNode* node)
1682 {
1683     VariableEnvironment& environment = node->lexicalVariables();
1684     popLexicalScopeInternal(environment, TDZRequirement::UnderTDZ);
1685 }
1686
1687 void BytecodeGenerator::popLexicalScopeInternal(VariableEnvironment& environment, TDZRequirement tdzRequirement)
1688 {
1689     // NOTE: This function only makes sense for scopes that aren't ScopeRegisterType::Var (only function name scope right now is ScopeRegisterType::Var).
1690     // This doesn't make sense for ScopeRegisterType::Var because we deref RegisterIDs here.
1691     if (!environment.size())
1692         return;
1693
1694     if (m_shouldEmitDebugHooks)
1695         environment.markAllVariablesAsCaptured();
1696
1697     SymbolTableStackEntry stackEntry = m_symbolTableStack.takeLast();
1698     Strong<SymbolTable> symbolTable = stackEntry.m_symbolTable;
1699     ConcurrentJITLocker locker(symbolTable->m_lock);
1700     bool hasCapturedVariables = false;
1701     for (auto& entry : environment) {
1702         if (entry.value.isCaptured()) {
1703             hasCapturedVariables = true;
1704             continue;
1705         }
1706         SymbolTableEntry symbolTableEntry = symbolTable->get(locker, entry.key.get());
1707         ASSERT(!symbolTableEntry.isNull());
1708         VarOffset offset = symbolTableEntry.varOffset();
1709         ASSERT(offset.isStack());
1710         RegisterID* local = &registerFor(offset.stackOffset());
1711         local->deref();
1712     }
1713
1714     if (hasCapturedVariables) {
1715         RELEASE_ASSERT(stackEntry.m_scope);
1716         emitPopScope(scopeRegister(), stackEntry.m_scope);
1717         popScopedControlFlowContext();
1718         stackEntry.m_scope->deref();
1719     }
1720
1721     if (tdzRequirement == TDZRequirement::UnderTDZ)
1722         m_TDZStack.removeLast();
1723 }
1724
1725 void BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration(VariableEnvironmentNode* node, RegisterID* loopSymbolTable)
1726 {
1727     VariableEnvironment& environment = node->lexicalVariables();
1728     if (!environment.size())
1729         return;
1730     if (m_shouldEmitDebugHooks)
1731         environment.markAllVariablesAsCaptured();
1732     if (!environment.hasCapturedVariables())
1733         return;
1734
1735     RELEASE_ASSERT(loopSymbolTable);
1736
1737     // This function needs to do setup for a for loop's activation if any of
1738     // the for loop's lexically declared variables are captured (that is, variables
1739     // declared in the loop header, not the loop body). This function needs to
1740     // make a copy of the current activation and copy the values from the previous
1741     // activation into the new activation because each iteration of a for loop
1742     // gets a new activation.
1743
1744     SymbolTableStackEntry stackEntry = m_symbolTableStack.last();
1745     Strong<SymbolTable> symbolTable = stackEntry.m_symbolTable;
1746     RegisterID* loopScope = stackEntry.m_scope;
1747     ASSERT(symbolTable->scopeSize());
1748     ASSERT(loopScope);
1749     Vector<std::pair<RegisterID*, Identifier>> activationValuesToCopyOver;
1750
1751     {
1752         ConcurrentJITLocker locker(symbolTable->m_lock);
1753         activationValuesToCopyOver.reserveInitialCapacity(symbolTable->scopeSize());
1754
1755         for (auto end = symbolTable->end(locker), ptr = symbolTable->begin(locker); ptr != end; ++ptr) {
1756             if (!ptr->value.varOffset().isScope())
1757                 continue;
1758
1759             RefPtr<UniquedStringImpl> ident = ptr->key;
1760             Identifier identifier = Identifier::fromUid(m_vm, ident.get());
1761
1762             RegisterID* transitionValue = newBlockScopeVariable();
1763             transitionValue->ref();
1764             emitGetFromScope(transitionValue, loopScope, variableForLocalEntry(identifier, ptr->value, loopSymbolTable->index(), true), DoNotThrowIfNotFound);
1765             activationValuesToCopyOver.uncheckedAppend(std::make_pair(transitionValue, identifier));
1766         }
1767     }
1768
1769     // We need this dynamic behavior of the executing code to ensure
1770     // each loop iteration has a new activation object. (It's pretty ugly).
1771     // Also, this new activation needs to be assigned to the same register
1772     // as the previous scope because the loop body is compiled under
1773     // the assumption that the scope's register index is constant even
1774     // though the value in that register will change on each loop iteration.
1775     RefPtr<RegisterID> parentScope = emitGetParentScope(newTemporary(), loopScope);
1776     emitMove(scopeRegister(), parentScope.get());
1777
1778     emitOpcode(op_create_lexical_environment);
1779     instructions().append(loopScope->index());
1780     instructions().append(scopeRegister()->index());
1781     instructions().append(loopSymbolTable->index());
1782     instructions().append(addConstantValue(jsTDZValue())->index());
1783
1784     emitMove(scopeRegister(), loopScope);
1785
1786     {
1787         ConcurrentJITLocker locker(symbolTable->m_lock);
1788         for (auto pair : activationValuesToCopyOver) {
1789             const Identifier& identifier = pair.second;
1790             SymbolTableEntry entry = symbolTable->get(locker, identifier.impl());
1791             RELEASE_ASSERT(!entry.isNull());
1792             RegisterID* transitionValue = pair.first;
1793             emitPutToScope(loopScope, variableForLocalEntry(identifier, entry, loopSymbolTable->index(), true), transitionValue, DoNotThrowIfNotFound, NotInitialization);
1794             transitionValue->deref();
1795         }
1796     }
1797 }
1798
1799 Variable BytecodeGenerator::variable(const Identifier& property)
1800 {
1801     if (property == propertyNames().thisIdentifier) {
1802         return Variable(property, VarOffset(thisRegister()->virtualRegister()), thisRegister(),
1803             ReadOnly, Variable::SpecialVariable, 0, false);
1804     }
1805     
1806     // We can optimize lookups if the lexical variable is found before a "with" or "catch"
1807     // scope because we're guaranteed static resolution. If we have to pass through
1808     // a "with" or "catch" scope we loose this guarantee.
1809     // We can't optimize cases like this:
1810     // {
1811     //     let x = ...;
1812     //     with (o) {
1813     //         doSomethingWith(x);
1814     //     }
1815     // }
1816     // Because we can't gaurantee static resolution on x.
1817     // But, in this case, we are guaranteed static resolution:
1818     // {
1819     //     let x = ...;
1820     //     with (o) {
1821     //         let x = ...;
1822     //         doSomethingWith(x);
1823     //     }
1824     // }
1825     for (unsigned i = m_symbolTableStack.size(); i--; ) {
1826         SymbolTableStackEntry& stackEntry = m_symbolTableStack[i];
1827         if (stackEntry.m_isWithScope)
1828             return Variable(property);
1829         Strong<SymbolTable>& symbolTable = stackEntry.m_symbolTable;
1830         SymbolTableEntry symbolTableEntry = symbolTable->get(property.impl());
1831         if (symbolTableEntry.isNull())
1832             continue;
1833         bool resultIsCallee = false;
1834         if (symbolTable->scopeType() == SymbolTable::ScopeType::FunctionNameScope) {
1835             if (m_usesNonStrictEval) {
1836                 // We don't know if an eval has introduced a "var" named the same thing as the function name scope variable name.
1837                 // We resort to dynamic lookup to answer this question.
1838                 Variable result = Variable(property);
1839                 return result;
1840             }
1841             resultIsCallee = true;
1842         }
1843         Variable result = variableForLocalEntry(property, symbolTableEntry, stackEntry.m_symbolTableConstantIndex, symbolTable->scopeType() == SymbolTable::ScopeType::LexicalScope);
1844         if (resultIsCallee)
1845             result.setIsReadOnly();
1846         return result;
1847     }
1848
1849     return Variable(property);
1850 }
1851
1852 Variable BytecodeGenerator::variableForLocalEntry(
1853     const Identifier& property, const SymbolTableEntry& entry, int symbolTableConstantIndex, bool isLexicallyScoped)
1854 {
1855     VarOffset offset = entry.varOffset();
1856     
1857     RegisterID* local;
1858     if (offset.isStack())
1859         local = &registerFor(offset.stackOffset());
1860     else
1861         local = nullptr;
1862     
1863     return Variable(property, offset, local, entry.getAttributes(), Variable::NormalVariable, symbolTableConstantIndex, isLexicallyScoped);
1864 }
1865
1866 void BytecodeGenerator::createVariable(
1867     const Identifier& property, VarKind varKind, SymbolTable* symbolTable, ExistingVariableMode existingVariableMode)
1868 {
1869     ASSERT(property != propertyNames().thisIdentifier);
1870     ConcurrentJITLocker locker(symbolTable->m_lock);
1871     SymbolTableEntry entry = symbolTable->get(locker, property.impl());
1872     
1873     if (!entry.isNull()) {
1874         if (existingVariableMode == IgnoreExisting)
1875             return;
1876         
1877         // Do some checks to ensure that the variable we're being asked to create is sufficiently
1878         // compatible with the one we have already created.
1879
1880         VarOffset offset = entry.varOffset();
1881         
1882         // We can't change our minds about whether it's captured.
1883         if (offset.kind() != varKind) {
1884             dataLog(
1885                 "Trying to add variable called ", property, " as ", varKind,
1886                 " but it was already added as ", offset, ".\n");
1887             RELEASE_ASSERT_NOT_REACHED();
1888         }
1889
1890         return;
1891     }
1892     
1893     VarOffset varOffset;
1894     if (varKind == VarKind::Scope)
1895         varOffset = VarOffset(symbolTable->takeNextScopeOffset(locker));
1896     else {
1897         ASSERT(varKind == VarKind::Stack);
1898         varOffset = VarOffset(virtualRegisterForLocal(m_calleeRegisters.size()));
1899     }
1900     SymbolTableEntry newEntry(varOffset, 0);
1901     symbolTable->add(locker, property.impl(), newEntry);
1902     
1903     if (varKind == VarKind::Stack) {
1904         RegisterID* local = addVar();
1905         RELEASE_ASSERT(local->index() == varOffset.stackOffset().offset());
1906     }
1907 }
1908
1909 void BytecodeGenerator::emitCheckHasInstance(RegisterID* dst, RegisterID* value, RegisterID* base, Label* target)
1910 {
1911     size_t begin = instructions().size();
1912     emitOpcode(op_check_has_instance);
1913     instructions().append(dst->index());
1914     instructions().append(value->index());
1915     instructions().append(base->index());
1916     instructions().append(target->bind(begin, instructions().size()));
1917 }
1918
1919 // Indicates the least upper bound of resolve type based on local scope. The bytecode linker
1920 // will start with this ResolveType and compute the least upper bound including intercepting scopes.
1921 ResolveType BytecodeGenerator::resolveType()
1922 {
1923     for (unsigned i = m_symbolTableStack.size(); i--; ) {
1924         if (m_symbolTableStack[i].m_isWithScope)
1925             return Dynamic;
1926         if (m_usesNonStrictEval && m_symbolTableStack[i].m_symbolTable->scopeType() == SymbolTable::ScopeType::FunctionNameScope) {
1927             // We never want to assign to a FunctionNameScope. Returning Dynamic here achieves this goal.
1928             // If we aren't in non-strict eval mode, then NodesCodeGen needs to take care not to emit
1929             // a put_to_scope with the destination being the function name scope variable.
1930             return Dynamic;
1931         }
1932     }
1933
1934     if (m_usesNonStrictEval)
1935         return GlobalPropertyWithVarInjectionChecks;
1936     return GlobalProperty;
1937 }
1938
1939 RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Variable& variable)
1940 {
1941     switch (variable.offset().kind()) {
1942     case VarKind::Stack:
1943         return nullptr;
1944         
1945     case VarKind::DirectArgument:
1946         return argumentsRegister();
1947         
1948     case VarKind::Scope:
1949         // This always refers to the activation that *we* allocated, and not the current scope that code
1950         // lives in. Note that this will change once we have proper support for block scoping. Once that
1951         // changes, it will be correct for this code to return scopeRegister(). The only reason why we
1952         // don't do that already is that m_lexicalEnvironment is required by ConstDeclNode. ConstDeclNode
1953         // requires weird things because it is a shameful pile of nonsense, but block scoping would make
1954         // that code sensible and obviate the need for us to do bad things.
1955         for (unsigned i = m_symbolTableStack.size(); i--; ) {
1956             SymbolTableStackEntry& stackEntry = m_symbolTableStack[i];
1957             // We should not resolve a variable to VarKind::Scope if a "with" scope lies in between the current
1958             // scope and the resolved scope.
1959             RELEASE_ASSERT(!stackEntry.m_isWithScope);
1960
1961             if (stackEntry.m_symbolTable->get(variable.ident().impl()).isNull())
1962                 continue;
1963             
1964             RegisterID* scope = stackEntry.m_scope;
1965             RELEASE_ASSERT(scope);
1966             return scope;
1967         }
1968
1969         RELEASE_ASSERT_NOT_REACHED();
1970         return nullptr;
1971         
1972     case VarKind::Invalid:
1973         // Indicates non-local resolution.
1974         
1975         m_codeBlock->addPropertyAccessInstruction(instructions().size());
1976         
1977         // resolve_scope dst, id, ResolveType, depth
1978         dst = tempDestination(dst);
1979         emitOpcode(op_resolve_scope);
1980         instructions().append(kill(dst));
1981         instructions().append(scopeRegister()->index());
1982         instructions().append(addConstant(variable.ident()));
1983         instructions().append(resolveType());
1984         instructions().append(localScopeDepth());
1985         instructions().append(0);
1986         return dst;
1987     }
1988     
1989     RELEASE_ASSERT_NOT_REACHED();
1990     return nullptr;
1991 }
1992
1993 RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Variable& variable, ResolveMode resolveMode)
1994 {
1995     switch (variable.offset().kind()) {
1996     case VarKind::Stack:
1997         return emitMove(dst, variable.local());
1998         
1999     case VarKind::DirectArgument: {
2000         UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_arguments);
2001         instructions().append(kill(dst));
2002         instructions().append(scope->index());
2003         instructions().append(variable.offset().capturedArgumentsOffset().offset());
2004         instructions().append(profile);
2005         return dst;
2006     }
2007         
2008     case VarKind::Scope:
2009     case VarKind::Invalid: {
2010         m_codeBlock->addPropertyAccessInstruction(instructions().size());
2011         
2012         // get_from_scope dst, scope, id, GetPutInfo, Structure, Operand
2013         UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_scope);
2014         instructions().append(kill(dst));
2015         instructions().append(scope->index());
2016         instructions().append(addConstant(variable.ident()));
2017         instructions().append(GetPutInfo(resolveMode, variable.offset().isScope() ? LocalClosureVar : resolveType(), NotInitialization).operand());
2018         instructions().append(localScopeDepth());
2019         instructions().append(variable.offset().isScope() ? variable.offset().scopeOffset().offset() : 0);
2020         instructions().append(profile);
2021         return dst;
2022     } }
2023     
2024     RELEASE_ASSERT_NOT_REACHED();
2025 }
2026
2027 RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Variable& variable, RegisterID* value, ResolveMode resolveMode, InitializationMode initializationMode)
2028 {
2029     switch (variable.offset().kind()) {
2030     case VarKind::Stack:
2031         emitMove(variable.local(), value);
2032         return value;
2033         
2034     case VarKind::DirectArgument:
2035         emitOpcode(op_put_to_arguments);
2036         instructions().append(scope->index());
2037         instructions().append(variable.offset().capturedArgumentsOffset().offset());
2038         instructions().append(value->index());
2039         return value;
2040         
2041     case VarKind::Scope:
2042     case VarKind::Invalid: {
2043         m_codeBlock->addPropertyAccessInstruction(instructions().size());
2044         
2045         // put_to_scope scope, id, value, GetPutInfo, Structure, Operand
2046         emitOpcode(op_put_to_scope);
2047         instructions().append(scope->index());
2048         instructions().append(addConstant(variable.ident()));
2049         instructions().append(value->index());
2050         ScopeOffset offset;
2051         if (variable.offset().isScope()) {
2052             offset = variable.offset().scopeOffset();
2053             instructions().append(GetPutInfo(resolveMode, LocalClosureVar, initializationMode).operand());
2054             instructions().append(variable.symbolTableConstantIndex());
2055         } else {
2056             ASSERT(resolveType() != LocalClosureVar);
2057             instructions().append(GetPutInfo(resolveMode, resolveType(), initializationMode).operand());
2058             instructions().append(localScopeDepth());
2059         }
2060         instructions().append(!!offset ? offset.offset() : 0);
2061         return value;
2062     } }
2063     
2064     RELEASE_ASSERT_NOT_REACHED();
2065 }
2066
2067 RegisterID* BytecodeGenerator::initializeVariable(const Variable& variable, RegisterID* value)
2068 {
2069     RELEASE_ASSERT(variable.offset().kind() != VarKind::Invalid);
2070     RegisterID* scope = emitResolveScope(nullptr, variable);
2071     return emitPutToScope(scope, variable, value, ThrowIfNotFound, NotInitialization);
2072 }
2073
2074 RegisterID* BytecodeGenerator::emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* basePrototype)
2075 {
2076     emitOpcode(op_instanceof);
2077     instructions().append(dst->index());
2078     instructions().append(value->index());
2079     instructions().append(basePrototype->index());
2080     return dst;
2081 }
2082
2083 RegisterID* BytecodeGenerator::emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property)
2084 {
2085     m_codeBlock->addPropertyAccessInstruction(instructions().size());
2086
2087     UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_id);
2088     instructions().append(kill(dst));
2089     instructions().append(base->index());
2090     instructions().append(addConstant(property));
2091     instructions().append(0);
2092     instructions().append(0);
2093     instructions().append(0);
2094     instructions().append(0);
2095     instructions().append(profile);
2096     return dst;
2097 }
2098
2099 RegisterID* BytecodeGenerator::emitPutById(RegisterID* base, const Identifier& property, RegisterID* value)
2100 {
2101     unsigned propertyIndex = addConstant(property);
2102
2103     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
2104
2105     m_codeBlock->addPropertyAccessInstruction(instructions().size());
2106
2107     emitOpcode(op_put_by_id);
2108     instructions().append(base->index());
2109     instructions().append(propertyIndex);
2110     instructions().append(value->index());
2111     instructions().append(0); // old structure
2112     instructions().append(0); // offset
2113     instructions().append(0); // new structure
2114     instructions().append(0); // structure chain
2115     instructions().append(PutByIdNone); // is not direct
2116
2117     return value;
2118 }
2119
2120 RegisterID* BytecodeGenerator::emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value, PropertyNode::PutType putType)
2121 {
2122     ASSERT(!parseIndex(property));
2123     unsigned propertyIndex = addConstant(property);
2124
2125     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
2126
2127     m_codeBlock->addPropertyAccessInstruction(instructions().size());
2128     
2129     emitOpcode(op_put_by_id);
2130     instructions().append(base->index());
2131     instructions().append(propertyIndex);
2132     instructions().append(value->index());
2133     instructions().append(0); // old structure
2134     instructions().append(0); // offset
2135     instructions().append(0); // new structure
2136     instructions().append(0); // structure chain (unused if direct)
2137     instructions().append((putType == PropertyNode::KnownDirect || property != m_vm->propertyNames->underscoreProto) ? PutByIdIsDirect : PutByIdNone);
2138     return value;
2139 }
2140
2141 void BytecodeGenerator::emitPutGetterById(RegisterID* base, const Identifier& property, unsigned attributes, RegisterID* getter)
2142 {
2143     unsigned propertyIndex = addConstant(property);
2144     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
2145
2146     emitOpcode(op_put_getter_by_id);
2147     instructions().append(base->index());
2148     instructions().append(propertyIndex);
2149     instructions().append(attributes);
2150     instructions().append(getter->index());
2151 }
2152
2153 void BytecodeGenerator::emitPutSetterById(RegisterID* base, const Identifier& property, unsigned attributes, RegisterID* setter)
2154 {
2155     unsigned propertyIndex = addConstant(property);
2156     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
2157
2158     emitOpcode(op_put_setter_by_id);
2159     instructions().append(base->index());
2160     instructions().append(propertyIndex);
2161     instructions().append(attributes);
2162     instructions().append(setter->index());
2163 }
2164
2165 void BytecodeGenerator::emitPutGetterSetter(RegisterID* base, const Identifier& property, unsigned attributes, RegisterID* getter, RegisterID* setter)
2166 {
2167     unsigned propertyIndex = addConstant(property);
2168
2169     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
2170
2171     emitOpcode(op_put_getter_setter);
2172     instructions().append(base->index());
2173     instructions().append(propertyIndex);
2174     instructions().append(attributes);
2175     instructions().append(getter->index());
2176     instructions().append(setter->index());
2177 }
2178
2179 void BytecodeGenerator::emitPutGetterByVal(RegisterID* base, RegisterID* property, unsigned attributes, RegisterID* getter)
2180 {
2181     emitOpcode(op_put_getter_by_val);
2182     instructions().append(base->index());
2183     instructions().append(property->index());
2184     instructions().append(attributes);
2185     instructions().append(getter->index());
2186 }
2187
2188 void BytecodeGenerator::emitPutSetterByVal(RegisterID* base, RegisterID* property, unsigned attributes, RegisterID* setter)
2189 {
2190     emitOpcode(op_put_setter_by_val);
2191     instructions().append(base->index());
2192     instructions().append(property->index());
2193     instructions().append(attributes);
2194     instructions().append(setter->index());
2195 }
2196
2197 RegisterID* BytecodeGenerator::emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier& property)
2198 {
2199     emitOpcode(op_del_by_id);
2200     instructions().append(dst->index());
2201     instructions().append(base->index());
2202     instructions().append(addConstant(property));
2203     return dst;
2204 }
2205
2206 RegisterID* BytecodeGenerator::emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
2207 {
2208     for (size_t i = m_forInContextStack.size(); i > 0; i--) {
2209         ForInContext* context = m_forInContextStack[i - 1].get();
2210         if (context->local() != property)
2211             continue;
2212
2213         if (!context->isValid())
2214             break;
2215
2216         if (context->type() == ForInContext::IndexedForInContextType) {
2217             property = static_cast<IndexedForInContext*>(context)->index();
2218             break;
2219         }
2220
2221         ASSERT(context->type() == ForInContext::StructureForInContextType);
2222         StructureForInContext* structureContext = static_cast<StructureForInContext*>(context);
2223         UnlinkedValueProfile profile = emitProfiledOpcode(op_get_direct_pname);
2224         instructions().append(kill(dst));
2225         instructions().append(base->index());
2226         instructions().append(property->index());
2227         instructions().append(structureContext->index()->index());
2228         instructions().append(structureContext->enumerator()->index());
2229         instructions().append(profile);
2230         return dst;
2231     }
2232
2233     UnlinkedArrayProfile arrayProfile = newArrayProfile();
2234     UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_val);
2235     instructions().append(kill(dst));
2236     instructions().append(base->index());
2237     instructions().append(property->index());
2238     instructions().append(arrayProfile);
2239     instructions().append(profile);
2240     return dst;
2241 }
2242
2243 RegisterID* BytecodeGenerator::emitPutByVal(RegisterID* base, RegisterID* property, RegisterID* value)
2244 {
2245     UnlinkedArrayProfile arrayProfile = newArrayProfile();
2246     emitOpcode(op_put_by_val);
2247     instructions().append(base->index());
2248     instructions().append(property->index());
2249     instructions().append(value->index());
2250     instructions().append(arrayProfile);
2251
2252     return value;
2253 }
2254
2255 RegisterID* BytecodeGenerator::emitDirectPutByVal(RegisterID* base, RegisterID* property, RegisterID* value)
2256 {
2257     UnlinkedArrayProfile arrayProfile = newArrayProfile();
2258     emitOpcode(op_put_by_val_direct);
2259     instructions().append(base->index());
2260     instructions().append(property->index());
2261     instructions().append(value->index());
2262     instructions().append(arrayProfile);
2263     return value;
2264 }
2265
2266 RegisterID* BytecodeGenerator::emitDeleteByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
2267 {
2268     emitOpcode(op_del_by_val);
2269     instructions().append(dst->index());
2270     instructions().append(base->index());
2271     instructions().append(property->index());
2272     return dst;
2273 }
2274
2275 RegisterID* BytecodeGenerator::emitPutByIndex(RegisterID* base, unsigned index, RegisterID* value)
2276 {
2277     emitOpcode(op_put_by_index);
2278     instructions().append(base->index());
2279     instructions().append(index);
2280     instructions().append(value->index());
2281     return value;
2282 }
2283
2284 RegisterID* BytecodeGenerator::emitCreateThis(RegisterID* dst)
2285 {
2286     size_t begin = instructions().size();
2287     m_staticPropertyAnalyzer.createThis(m_thisRegister.index(), begin + 3);
2288
2289     m_codeBlock->addPropertyAccessInstruction(instructions().size());
2290     emitOpcode(op_create_this); 
2291     instructions().append(m_thisRegister.index()); 
2292     instructions().append(m_thisRegister.index()); 
2293     instructions().append(0);
2294     instructions().append(0);
2295     return dst;
2296 }
2297
2298 void BytecodeGenerator::emitTDZCheck(RegisterID* target)
2299 {
2300     emitOpcode(op_check_tdz);
2301     instructions().append(target->index());
2302 }
2303
2304 bool BytecodeGenerator::needsTDZCheck(const Variable& variable)
2305 {
2306     for (unsigned i = m_TDZStack.size(); i--;) {
2307         VariableEnvironment& identifiers = m_TDZStack[i].first;
2308         if (identifiers.contains(variable.ident().impl()))
2309             return true;
2310     }
2311
2312     return false;
2313 }
2314
2315 void BytecodeGenerator::emitTDZCheckIfNecessary(const Variable& variable, RegisterID* target, RegisterID* scope)
2316 {
2317     if (needsTDZCheck(variable)) {
2318         if (target)
2319             emitTDZCheck(target);
2320         else {
2321             RELEASE_ASSERT(!variable.isLocal() && scope);
2322             RefPtr<RegisterID> result = emitGetFromScope(newTemporary(), scope, variable, DoNotThrowIfNotFound);
2323             emitTDZCheck(result.get());
2324         }
2325     }
2326 }
2327
2328 void BytecodeGenerator::liftTDZCheckIfPossible(const Variable& variable)
2329 {
2330     RefPtr<UniquedStringImpl> identifier(variable.ident().impl());
2331     for (unsigned i = m_TDZStack.size(); i--;) {
2332         VariableEnvironment& environment = m_TDZStack[i].first;
2333         if (environment.contains(identifier)) {
2334             bool isSyntacticallyAbleToOptimizeTDZ = m_TDZStack[i].second;
2335             if (isSyntacticallyAbleToOptimizeTDZ) {
2336                 bool wasRemoved = environment.remove(identifier);
2337                 RELEASE_ASSERT(wasRemoved);
2338             }
2339             break;
2340         }
2341     }
2342 }
2343
2344 void BytecodeGenerator::getVariablesUnderTDZ(VariableEnvironment& result)
2345 {
2346     for (auto& pair : m_TDZStack) {
2347         VariableEnvironment& environment = pair.first;
2348         for (auto entry : environment)
2349             result.add(entry.key.get());
2350     }
2351 }
2352
2353 RegisterID* BytecodeGenerator::emitNewObject(RegisterID* dst)
2354 {
2355     size_t begin = instructions().size();
2356     m_staticPropertyAnalyzer.newObject(dst->index(), begin + 2);
2357
2358     emitOpcode(op_new_object);
2359     instructions().append(dst->index());
2360     instructions().append(0);
2361     instructions().append(newObjectAllocationProfile());
2362     return dst;
2363 }
2364
2365 unsigned BytecodeGenerator::addConstantBuffer(unsigned length)
2366 {
2367     return m_codeBlock->addConstantBuffer(length);
2368 }
2369
2370 JSString* BytecodeGenerator::addStringConstant(const Identifier& identifier)
2371 {
2372     JSString*& stringInMap = m_stringMap.add(identifier.impl(), nullptr).iterator->value;
2373     if (!stringInMap) {
2374         stringInMap = jsString(vm(), identifier.string());
2375         addConstantValue(stringInMap);
2376     }
2377     return stringInMap;
2378 }
2379
2380 JSTemplateRegistryKey* BytecodeGenerator::addTemplateRegistryKeyConstant(const TemplateRegistryKey& templateRegistryKey)
2381 {
2382     JSTemplateRegistryKey*& templateRegistryKeyInMap = m_templateRegistryKeyMap.add(templateRegistryKey, nullptr).iterator->value;
2383     if (!templateRegistryKeyInMap) {
2384         templateRegistryKeyInMap = JSTemplateRegistryKey::create(*vm(), templateRegistryKey);
2385         addConstantValue(templateRegistryKeyInMap);
2386     }
2387     return templateRegistryKeyInMap;
2388 }
2389
2390 RegisterID* BytecodeGenerator::emitNewArray(RegisterID* dst, ElementNode* elements, unsigned length)
2391 {
2392 #if !ASSERT_DISABLED
2393     unsigned checkLength = 0;
2394 #endif
2395     bool hadVariableExpression = false;
2396     if (length) {
2397         for (ElementNode* n = elements; n; n = n->next()) {
2398             if (!n->value()->isConstant()) {
2399                 hadVariableExpression = true;
2400                 break;
2401             }
2402             if (n->elision())
2403                 break;
2404 #if !ASSERT_DISABLED
2405             checkLength++;
2406 #endif
2407         }
2408         if (!hadVariableExpression) {
2409             ASSERT(length == checkLength);
2410             unsigned constantBufferIndex = addConstantBuffer(length);
2411             JSValue* constantBuffer = m_codeBlock->constantBuffer(constantBufferIndex).data();
2412             unsigned index = 0;
2413             for (ElementNode* n = elements; index < length; n = n->next()) {
2414                 ASSERT(n->value()->isConstant());
2415                 constantBuffer[index++] = static_cast<ConstantNode*>(n->value())->jsValue(*this);
2416             }
2417             emitOpcode(op_new_array_buffer);
2418             instructions().append(dst->index());
2419             instructions().append(constantBufferIndex);
2420             instructions().append(length);
2421             instructions().append(newArrayAllocationProfile());
2422             return dst;
2423         }
2424     }
2425
2426     Vector<RefPtr<RegisterID>, 16, UnsafeVectorOverflow> argv;
2427     for (ElementNode* n = elements; n; n = n->next()) {
2428         if (!length)
2429             break;
2430         length--;
2431         ASSERT(!n->value()->isSpreadExpression());
2432         argv.append(newTemporary());
2433         // op_new_array requires the initial values to be a sequential range of registers
2434         ASSERT(argv.size() == 1 || argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() - 1);
2435         emitNode(argv.last().get(), n->value());
2436     }
2437     ASSERT(!length);
2438     emitOpcode(op_new_array);
2439     instructions().append(dst->index());
2440     instructions().append(argv.size() ? argv[0]->index() : 0); // argv
2441     instructions().append(argv.size()); // argc
2442     instructions().append(newArrayAllocationProfile());
2443     return dst;
2444 }
2445
2446 RegisterID* BytecodeGenerator::emitNewFunction(RegisterID* dst, FunctionMetadataNode* function)
2447 {
2448     return emitNewFunctionInternal(dst, m_codeBlock->addFunctionDecl(makeFunction(function)));
2449 }
2450
2451 RegisterID* BytecodeGenerator::emitNewFunctionInternal(RegisterID* dst, unsigned index)
2452 {
2453     emitOpcode(op_new_func);
2454     instructions().append(dst->index());
2455     instructions().append(scopeRegister()->index());
2456     instructions().append(index);
2457     return dst;
2458 }
2459
2460 RegisterID* BytecodeGenerator::emitNewRegExp(RegisterID* dst, RegExp* regExp)
2461 {
2462     emitOpcode(op_new_regexp);
2463     instructions().append(dst->index());
2464     instructions().append(addRegExp(regExp));
2465     return dst;
2466 }
2467
2468 void BytecodeGenerator::emitNewFunctionCommon(RegisterID* dst, BaseFuncExprNode* func, OpcodeID opcodeID)
2469 {
2470
2471     ASSERT(opcodeID == op_new_func_exp || opcodeID == op_new_arrow_func_exp);
2472     
2473     FunctionMetadataNode* function = func->metadata();
2474     unsigned index = m_codeBlock->addFunctionExpr(makeFunction(function));
2475     
2476     emitOpcode(opcodeID);
2477     instructions().append(dst->index());
2478     instructions().append(scopeRegister()->index());
2479     instructions().append(index);
2480     
2481     if (opcodeID == op_new_arrow_func_exp)
2482         instructions().append(thisRegister()->index());
2483 }
2484
2485 RegisterID* BytecodeGenerator::emitNewFunctionExpression(RegisterID* dst, FuncExprNode* func)
2486 {
2487     emitNewFunctionCommon(dst, func, op_new_func_exp);
2488     return dst;
2489 }
2490
2491 RegisterID* BytecodeGenerator::emitNewArrowFunctionExpression(RegisterID* dst, ArrowFuncExprNode* func)
2492 {
2493     bool isClassConstructor = m_codeBlock->isConstructor() && constructorKind() != ConstructorKind::None;
2494     if (isClassConstructor)
2495         emitTDZCheck(thisRegister());
2496     
2497     emitNewFunctionCommon(dst, func, op_new_arrow_func_exp);
2498     return dst;
2499 }
2500
2501 RegisterID* BytecodeGenerator::emitNewDefaultConstructor(RegisterID* dst, ConstructorKind constructorKind, const Identifier& name)
2502 {
2503     UnlinkedFunctionExecutable* executable = m_vm->builtinExecutables()->createDefaultConstructor(constructorKind, name);
2504
2505     unsigned index = m_codeBlock->addFunctionExpr(executable);
2506
2507     emitOpcode(op_new_func_exp);
2508     instructions().append(dst->index());
2509     instructions().append(scopeRegister()->index());
2510     instructions().append(index);
2511     return dst;
2512 }
2513
2514 RegisterID* BytecodeGenerator::emitCall(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2515 {
2516     return emitCall(op_call, dst, func, expectedFunction, callArguments, divot, divotStart, divotEnd);
2517 }
2518
2519 RegisterID* BytecodeGenerator::emitCallInTailPosition(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2520 {
2521     return emitCall(m_inTailPosition ? op_tail_call : op_call, dst, func, expectedFunction, callArguments, divot, divotStart, divotEnd);
2522 }
2523
2524 RegisterID* BytecodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2525 {
2526     return emitCall(op_call_eval, dst, func, NoExpectedFunction, callArguments, divot, divotStart, divotEnd);
2527 }
2528
2529 ExpectedFunction BytecodeGenerator::expectedFunctionForIdentifier(const Identifier& identifier)
2530 {
2531     if (identifier == m_vm->propertyNames->Object || identifier == m_vm->propertyNames->ObjectPrivateName)
2532         return ExpectObjectConstructor;
2533     if (identifier == m_vm->propertyNames->Array || identifier == m_vm->propertyNames->ArrayPrivateName)
2534         return ExpectArrayConstructor;
2535     return NoExpectedFunction;
2536 }
2537
2538 ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, Label* done)
2539 {
2540     RefPtr<Label> realCall = newLabel();
2541     switch (expectedFunction) {
2542     case ExpectObjectConstructor: {
2543         // If the number of arguments is non-zero, then we can't do anything interesting.
2544         if (callArguments.argumentCountIncludingThis() >= 2)
2545             return NoExpectedFunction;
2546         
2547         size_t begin = instructions().size();
2548         emitOpcode(op_jneq_ptr);
2549         instructions().append(func->index());
2550         instructions().append(Special::ObjectConstructor);
2551         instructions().append(realCall->bind(begin, instructions().size()));
2552         
2553         if (dst != ignoredResult())
2554             emitNewObject(dst);
2555         break;
2556     }
2557         
2558     case ExpectArrayConstructor: {
2559         // If you're doing anything other than "new Array()" or "new Array(foo)" then we
2560         // don't do inline it, for now. The only reason is that call arguments are in
2561         // the opposite order of what op_new_array expects, so we'd either need to change
2562         // how op_new_array works or we'd need an op_new_array_reverse. Neither of these
2563         // things sounds like it's worth it.
2564         if (callArguments.argumentCountIncludingThis() > 2)
2565             return NoExpectedFunction;
2566         
2567         size_t begin = instructions().size();
2568         emitOpcode(op_jneq_ptr);
2569         instructions().append(func->index());
2570         instructions().append(Special::ArrayConstructor);
2571         instructions().append(realCall->bind(begin, instructions().size()));
2572         
2573         if (dst != ignoredResult()) {
2574             if (callArguments.argumentCountIncludingThis() == 2) {
2575                 emitOpcode(op_new_array_with_size);
2576                 instructions().append(dst->index());
2577                 instructions().append(callArguments.argumentRegister(0)->index());
2578                 instructions().append(newArrayAllocationProfile());
2579             } else {
2580                 ASSERT(callArguments.argumentCountIncludingThis() == 1);
2581                 emitOpcode(op_new_array);
2582                 instructions().append(dst->index());
2583                 instructions().append(0);
2584                 instructions().append(0);
2585                 instructions().append(newArrayAllocationProfile());
2586             }
2587         }
2588         break;
2589     }
2590         
2591     default:
2592         ASSERT(expectedFunction == NoExpectedFunction);
2593         return NoExpectedFunction;
2594     }
2595     
2596     size_t begin = instructions().size();
2597     emitOpcode(op_jmp);
2598     instructions().append(done->bind(begin, instructions().size()));
2599     emitLabel(realCall.get());
2600     
2601     return expectedFunction;
2602 }
2603
2604 RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2605 {
2606     ASSERT(opcodeID == op_call || opcodeID == op_call_eval || opcodeID == op_tail_call);
2607     ASSERT(func->refCount());
2608
2609     if (m_shouldEmitProfileHooks)
2610         emitMove(callArguments.profileHookRegister(), func);
2611
2612     // Generate code for arguments.
2613     unsigned argument = 0;
2614     if (callArguments.argumentsNode()) {
2615         ArgumentListNode* n = callArguments.argumentsNode()->m_listNode;
2616         if (n && n->m_expr->isSpreadExpression()) {
2617             RELEASE_ASSERT(!n->m_next);
2618             auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression();
2619             RefPtr<RegisterID> argumentRegister;
2620             argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
2621             RefPtr<RegisterID> thisRegister = emitMove(newTemporary(), callArguments.thisRegister());
2622             return emitCallVarargs(opcodeID == op_tail_call ? op_tail_call_varargs : op_call_varargs, dst, func, callArguments.thisRegister(), argumentRegister.get(), newTemporary(), 0, callArguments.profileHookRegister(), divot, divotStart, divotEnd);
2623         }
2624         for (; n; n = n->m_next)
2625             emitNode(callArguments.argumentRegister(argument++), n);
2626     }
2627     
2628     // Reserve space for call frame.
2629     Vector<RefPtr<RegisterID>, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow> callFrame;
2630     for (int i = 0; i < JSStack::CallFrameHeaderSize; ++i)
2631         callFrame.append(newTemporary());
2632
2633     if (m_shouldEmitProfileHooks) {
2634         emitOpcode(op_profile_will_call);
2635         instructions().append(callArguments.profileHookRegister()->index());
2636     }
2637
2638     emitExpressionInfo(divot, divotStart, divotEnd);
2639
2640     RefPtr<Label> done = newLabel();
2641     expectedFunction = emitExpectedFunctionSnippet(dst, func, expectedFunction, callArguments, done.get());
2642     
2643     // Emit call.
2644     UnlinkedArrayProfile arrayProfile = newArrayProfile();
2645     UnlinkedValueProfile profile = emitProfiledOpcode(opcodeID);
2646     ASSERT(dst);
2647     ASSERT(dst != ignoredResult());
2648     instructions().append(dst->index());
2649     instructions().append(func->index());
2650     instructions().append(callArguments.argumentCountIncludingThis());
2651     instructions().append(callArguments.stackOffset());
2652     instructions().append(m_codeBlock->addLLIntCallLinkInfo());
2653     instructions().append(0);
2654     instructions().append(arrayProfile);
2655     instructions().append(profile);
2656     
2657     if (expectedFunction != NoExpectedFunction)
2658         emitLabel(done.get());
2659
2660     if (m_shouldEmitProfileHooks) {
2661         emitOpcode(op_profile_did_call);
2662         instructions().append(callArguments.profileHookRegister()->index());
2663     }
2664
2665     return dst;
2666 }
2667
2668 RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2669 {
2670     return emitCallVarargs(op_call_varargs, dst, func, thisRegister, arguments, firstFreeRegister, firstVarArgOffset, profileHookRegister, divot, divotStart, divotEnd);
2671 }
2672
2673 RegisterID* BytecodeGenerator::emitCallVarargsInTailPosition(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2674 {
2675     return emitCallVarargs(m_inTailPosition ? op_tail_call_varargs : op_call_varargs, dst, func, thisRegister, arguments, firstFreeRegister, firstVarArgOffset, profileHookRegister, divot, divotStart, divotEnd);
2676 }
2677
2678 RegisterID* BytecodeGenerator::emitConstructVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2679 {
2680     return emitCallVarargs(op_construct_varargs, dst, func, thisRegister, arguments, firstFreeRegister, firstVarArgOffset, profileHookRegister, divot, divotStart, divotEnd);
2681 }
2682     
2683 RegisterID* BytecodeGenerator::emitCallVarargs(OpcodeID opcode, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2684 {
2685     if (m_shouldEmitProfileHooks) {
2686         emitMove(profileHookRegister, func);
2687         emitOpcode(op_profile_will_call);
2688         instructions().append(profileHookRegister->index());
2689     }
2690     
2691     emitExpressionInfo(divot, divotStart, divotEnd);
2692
2693     // Emit call.
2694     UnlinkedArrayProfile arrayProfile = newArrayProfile();
2695     UnlinkedValueProfile profile = emitProfiledOpcode(opcode);
2696     ASSERT(dst != ignoredResult());
2697     instructions().append(dst->index());
2698     instructions().append(func->index());
2699     instructions().append(thisRegister ? thisRegister->index() : 0);
2700     instructions().append(arguments->index());
2701     instructions().append(firstFreeRegister->index());
2702     instructions().append(firstVarArgOffset);
2703     instructions().append(arrayProfile);
2704     instructions().append(profile);
2705     if (m_shouldEmitProfileHooks) {
2706         emitOpcode(op_profile_did_call);
2707         instructions().append(profileHookRegister->index());
2708     }
2709     return dst;
2710 }
2711
2712 void BytecodeGenerator::emitCallDefineProperty(RegisterID* newObj, RegisterID* propertyNameRegister,
2713     RegisterID* valueRegister, RegisterID* getterRegister, RegisterID* setterRegister, unsigned options, const JSTextPosition& position)
2714 {
2715     RefPtr<RegisterID> descriptorRegister = emitNewObject(newTemporary());
2716
2717     RefPtr<RegisterID> trueRegister = emitLoad(newTemporary(), true);
2718     if (options & PropertyConfigurable)
2719         emitDirectPutById(descriptorRegister.get(), propertyNames().configurable, trueRegister.get(), PropertyNode::Unknown);
2720     if (options & PropertyWritable)
2721         emitDirectPutById(descriptorRegister.get(), propertyNames().writable, trueRegister.get(), PropertyNode::Unknown);
2722     else if (valueRegister) {
2723         RefPtr<RegisterID> falseRegister = emitLoad(newTemporary(), false);
2724         emitDirectPutById(descriptorRegister.get(), propertyNames().writable, falseRegister.get(), PropertyNode::Unknown);
2725     }
2726     if (options & PropertyEnumerable)
2727         emitDirectPutById(descriptorRegister.get(), propertyNames().enumerable, trueRegister.get(), PropertyNode::Unknown);
2728
2729     if (valueRegister)
2730         emitDirectPutById(descriptorRegister.get(), propertyNames().value, valueRegister, PropertyNode::Unknown);
2731     if (getterRegister)
2732         emitDirectPutById(descriptorRegister.get(), propertyNames().get, getterRegister, PropertyNode::Unknown);
2733     if (setterRegister)
2734         emitDirectPutById(descriptorRegister.get(), propertyNames().set, setterRegister, PropertyNode::Unknown);
2735
2736     RefPtr<RegisterID> definePropertyRegister = emitMoveLinkTimeConstant(newTemporary(), LinkTimeConstant::DefinePropertyFunction);
2737
2738     CallArguments callArguments(*this, nullptr, 3);
2739     emitLoad(callArguments.thisRegister(), jsUndefined());
2740     emitMove(callArguments.argumentRegister(0), newObj);
2741     emitMove(callArguments.argumentRegister(1), propertyNameRegister);
2742     emitMove(callArguments.argumentRegister(2), descriptorRegister.get());
2743
2744     emitCall(newTemporary(), definePropertyRegister.get(), NoExpectedFunction, callArguments, position, position, position);
2745 }
2746
2747 RegisterID* BytecodeGenerator::emitReturn(RegisterID* src)
2748 {
2749     if (isConstructor()) {
2750         bool derived = constructorKind() == ConstructorKind::Derived;
2751         if (derived && src->index() == m_thisRegister.index())
2752             emitTDZCheck(src);
2753
2754         RefPtr<Label> isObjectLabel = newLabel();
2755         emitJumpIfTrue(emitIsObject(newTemporary(), src), isObjectLabel.get());
2756
2757         if (derived) {
2758             RefPtr<Label> isUndefinedLabel = newLabel();
2759             emitJumpIfTrue(emitIsUndefined(newTemporary(), src), isUndefinedLabel.get());
2760             emitThrowTypeError("Cannot return a non-object type in the constructor of a derived class.");
2761             emitLabel(isUndefinedLabel.get());
2762             if (constructorKind() == ConstructorKind::Derived)
2763                 emitTDZCheck(&m_thisRegister);
2764         }
2765
2766         emitUnaryNoDstOp(op_ret, &m_thisRegister);
2767
2768         emitLabel(isObjectLabel.get());
2769     }
2770
2771     return emitUnaryNoDstOp(op_ret, src);
2772 }
2773
2774 RegisterID* BytecodeGenerator::emitUnaryNoDstOp(OpcodeID opcodeID, RegisterID* src)
2775 {
2776     emitOpcode(opcodeID);
2777     instructions().append(src->index());
2778     return src;
2779 }
2780
2781 RegisterID* BytecodeGenerator::emitConstruct(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
2782 {
2783     ASSERT(func->refCount());
2784
2785     if (m_shouldEmitProfileHooks)
2786         emitMove(callArguments.profileHookRegister(), func);
2787
2788     // Generate code for arguments.
2789     unsigned argument = 0;
2790     if (ArgumentsNode* argumentsNode = callArguments.argumentsNode()) {
2791         
2792         ArgumentListNode* n = callArguments.argumentsNode()->m_listNode;
2793         if (n && n->m_expr->isSpreadExpression()) {
2794             RELEASE_ASSERT(!n->m_next);
2795             auto expression = static_cast<SpreadExpressionNode*>(n->m_expr)->expression();
2796             RefPtr<RegisterID> argumentRegister;
2797             argumentRegister = expression->emitBytecode(*this, callArguments.argumentRegister(0));
2798             return emitConstructVarargs(dst, func, callArguments.thisRegister(), argumentRegister.get(), newTemporary(), 0, callArguments.profileHookRegister(), divot, divotStart, divotEnd);
2799         }
2800         
2801         for (ArgumentListNode* n = argumentsNode->m_listNode; n; n = n->m_next)
2802             emitNode(callArguments.argumentRegister(argument++), n);
2803     }
2804
2805     if (m_shouldEmitProfileHooks) {
2806         emitOpcode(op_profile_will_call);
2807         instructions().append(callArguments.profileHookRegister()->index());
2808     }
2809
2810     // Reserve space for call frame.
2811     Vector<RefPtr<RegisterID>, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow> callFrame;
2812     for (int i = 0; i < JSStack::CallFrameHeaderSize; ++i)
2813         callFrame.append(newTemporary());
2814
2815     emitExpressionInfo(divot, divotStart, divotEnd);
2816     
2817     RefPtr<Label> done = newLabel();
2818     expectedFunction = emitExpectedFunctionSnippet(dst, func, expectedFunction, callArguments, done.get());
2819
2820     UnlinkedValueProfile profile = emitProfiledOpcode(op_construct);
2821     ASSERT(dst != ignoredResult());
2822     instructions().append(dst->index());
2823     instructions().append(func->index());
2824     instructions().append(callArguments.argumentCountIncludingThis());
2825     instructions().append(callArguments.stackOffset());
2826     instructions().append(m_codeBlock->addLLIntCallLinkInfo());
2827     instructions().append(0);
2828     instructions().append(0);
2829     instructions().append(profile);
2830
2831     if (expectedFunction != NoExpectedFunction)
2832         emitLabel(done.get());
2833
2834     if (m_shouldEmitProfileHooks) {
2835         emitOpcode(op_profile_did_call);
2836         instructions().append(callArguments.profileHookRegister()->index());
2837     }
2838
2839     return dst;
2840 }
2841
2842 RegisterID* BytecodeGenerator::emitStrcat(RegisterID* dst, RegisterID* src, int count)
2843 {
2844     emitOpcode(op_strcat);
2845     instructions().append(dst->index());
2846     instructions().append(src->index());
2847     instructions().append(count);
2848
2849     return dst;
2850 }
2851
2852 void BytecodeGenerator::emitToPrimitive(RegisterID* dst, RegisterID* src)
2853 {
2854     emitOpcode(op_to_primitive);
2855     instructions().append(dst->index());
2856     instructions().append(src->index());
2857 }
2858
2859 void BytecodeGenerator::emitGetScope()
2860 {
2861     emitOpcode(op_get_scope);
2862     instructions().append(scopeRegister()->index());
2863 }
2864
2865 RegisterID* BytecodeGenerator::emitPushWithScope(RegisterID* objectScope)
2866 {
2867     pushScopedControlFlowContext();
2868     RegisterID* newScope = newBlockScopeVariable();
2869     newScope->ref();
2870
2871     emitOpcode(op_push_with_scope);
2872     instructions().append(newScope->index());
2873     instructions().append(objectScope->index());
2874     instructions().append(scopeRegister()->index());
2875
2876     emitMove(scopeRegister(), newScope);
2877     m_symbolTableStack.append(SymbolTableStackEntry{ Strong<SymbolTable>(), newScope, true, 0 });
2878
2879     return newScope;
2880 }
2881
2882 RegisterID* BytecodeGenerator::emitGetParentScope(RegisterID* dst, RegisterID* scope)
2883 {
2884     emitOpcode(op_get_parent_scope);
2885     instructions().append(dst->index());
2886     instructions().append(scope->index());
2887     return dst;
2888 }
2889
2890 void BytecodeGenerator::emitPopScope(RegisterID* dst, RegisterID* scope)
2891 {
2892     RefPtr<RegisterID> parentScope = emitGetParentScope(newTemporary(), scope);
2893     emitMove(dst, parentScope.get());
2894 }
2895
2896 void BytecodeGenerator::emitPopWithScope()
2897 {
2898     emitPopScope(scopeRegister(), scopeRegister());
2899     popScopedControlFlowContext();
2900     SymbolTableStackEntry stackEntry = m_symbolTableStack.takeLast();
2901     stackEntry.m_scope->deref();
2902     RELEASE_ASSERT(stackEntry.m_isWithScope);
2903 }
2904
2905 void BytecodeGenerator::emitDebugHook(DebugHookID debugHookID, unsigned line, unsigned charOffset, unsigned lineStart)
2906 {
2907 #if ENABLE(DEBUG_WITH_BREAKPOINT)
2908     if (debugHookID != DidReachBreakpoint)
2909         return;
2910 #else
2911     if (!m_shouldEmitDebugHooks)
2912         return;
2913 #endif
2914     JSTextPosition divot(line, charOffset, lineStart);
2915     emitExpressionInfo(divot, divot, divot);
2916     emitOpcode(op_debug);
2917     instructions().append(debugHookID);
2918     instructions().append(false);
2919 }
2920
2921 void BytecodeGenerator::pushFinallyContext(StatementNode* finallyBlock)
2922 {
2923     // Reclaim free label scopes.
2924     while (m_labelScopes.size() && !m_labelScopes.last().refCount())
2925         m_labelScopes.removeLast();
2926
2927     ControlFlowContext scope;
2928     scope.isFinallyBlock = true;
2929     FinallyContext context = {
2930         finallyBlock,
2931         nullptr,
2932         nullptr,
2933         static_cast<unsigned>(m_scopeContextStack.size()),
2934         static_cast<unsigned>(m_switchContextStack.size()),
2935         static_cast<unsigned>(m_forInContextStack.size()),
2936         static_cast<unsigned>(m_tryContextStack.size()),
2937         static_cast<unsigned>(m_labelScopes.size()),
2938         static_cast<unsigned>(m_symbolTableStack.size()),
2939         m_finallyDepth,
2940         m_localScopeDepth
2941     };
2942     scope.finallyContext = context;
2943     m_scopeContextStack.append(scope);
2944     m_finallyDepth++;
2945 }
2946
2947 void BytecodeGenerator::pushIteratorCloseContext(RegisterID* iterator, ThrowableExpressionData* node)
2948 {
2949     // Reclaim free label scopes.
2950     while (m_labelScopes.size() && !m_labelScopes.last().refCount())
2951         m_labelScopes.removeLast();
2952
2953     ControlFlowContext scope;
2954     scope.isFinallyBlock = true;
2955     FinallyContext context = {
2956         nullptr,
2957         iterator,
2958         node,
2959         static_cast<unsigned>(m_scopeContextStack.size()),
2960         static_cast<unsigned>(m_switchContextStack.size()),
2961         static_cast<unsigned>(m_forInContextStack.size()),
2962         static_cast<unsigned>(m_tryContextStack.size()),
2963         static_cast<unsigned>(m_labelScopes.size()),
2964         static_cast<unsigned>(m_symbolTableStack.size()),
2965         m_finallyDepth,
2966         m_localScopeDepth
2967     };
2968     scope.finallyContext = context;
2969     m_scopeContextStack.append(scope);
2970     m_finallyDepth++;
2971 }
2972
2973 void BytecodeGenerator::popFinallyContext()
2974 {
2975     ASSERT(m_scopeContextStack.size());
2976     ASSERT(m_scopeContextStack.last().isFinallyBlock);
2977     ASSERT(m_scopeContextStack.last().finallyContext.finallyBlock);
2978     ASSERT(!m_scopeContextStack.last().finallyContext.iterator);
2979     ASSERT(!m_scopeContextStack.last().finallyContext.enumerationNode);
2980     ASSERT(m_finallyDepth > 0);
2981     m_scopeContextStack.removeLast();
2982     m_finallyDepth--;
2983 }
2984
2985 void BytecodeGenerator::popIteratorCloseContext()
2986 {
2987     ASSERT(m_scopeContextStack.size());
2988     ASSERT(m_scopeContextStack.last().isFinallyBlock);
2989     ASSERT(!m_scopeContextStack.last().finallyContext.finallyBlock);
2990     ASSERT(m_scopeContextStack.last().finallyContext.iterator);
2991     ASSERT(m_scopeContextStack.last().finallyContext.enumerationNode);
2992     ASSERT(m_finallyDepth > 0);
2993     m_scopeContextStack.removeLast();
2994     m_finallyDepth--;
2995 }
2996
2997 LabelScopePtr BytecodeGenerator::breakTarget(const Identifier& name)
2998 {
2999     // Reclaim free label scopes.
3000     //
3001     // The condition was previously coded as 'm_labelScopes.size() && !m_labelScopes.last().refCount()',
3002     // however sometimes this appears to lead to GCC going a little haywire and entering the loop with
3003     // size 0, leading to segfaulty badness.  We are yet to identify a valid cause within our code to
3004     // cause the GCC codegen to misbehave in this fashion, and as such the following refactoring of the
3005     // loop condition is a workaround.
3006     while (m_labelScopes.size()) {
3007         if  (m_labelScopes.last().refCount())
3008             break;
3009         m_labelScopes.removeLast();
3010     }
3011
3012     if (!m_labelScopes.size())
3013         return LabelScopePtr::null();
3014
3015     // We special-case the following, which is a syntax error in Firefox:
3016     // label:
3017     //     break;
3018     if (name.isEmpty()) {
3019         for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
3020             LabelScope* scope = &m_labelScopes[i];
3021             if (scope->type() != LabelScope::NamedLabel) {
3022                 ASSERT(scope->breakTarget());
3023                 return LabelScopePtr(m_labelScopes, i);
3024             }
3025         }
3026         return LabelScopePtr::null();
3027     }
3028
3029     for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
3030         LabelScope* scope = &m_labelScopes[i];
3031         if (scope->name() && *scope->name() == name) {
3032             ASSERT(scope->breakTarget());
3033             return LabelScopePtr(m_labelScopes, i);
3034         }
3035     }
3036     return LabelScopePtr::null();
3037 }
3038
3039 LabelScopePtr BytecodeGenerator::continueTarget(const Identifier& name)
3040 {
3041     // Reclaim free label scopes.
3042     while (m_labelScopes.size() && !m_labelScopes.last().refCount())
3043         m_labelScopes.removeLast();
3044
3045     if (!m_labelScopes.size())
3046         return LabelScopePtr::null();
3047
3048     if (name.isEmpty()) {
3049         for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
3050             LabelScope* scope = &m_labelScopes[i];
3051             if (scope->type() == LabelScope::Loop) {
3052                 ASSERT(scope->continueTarget());
3053                 return LabelScopePtr(m_labelScopes, i);
3054             }
3055         }
3056         return LabelScopePtr::null();
3057     }
3058
3059     // Continue to the loop nested nearest to the label scope that matches
3060     // 'name'.
3061     LabelScopePtr result = LabelScopePtr::null();
3062     for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
3063         LabelScope* scope = &m_labelScopes[i];
3064         if (scope->type() == LabelScope::Loop) {
3065             ASSERT(scope->continueTarget());
3066             result = LabelScopePtr(m_labelScopes, i);
3067         }
3068         if (scope->name() && *scope->name() == name)
3069             return result; // may be null.
3070     }
3071     return LabelScopePtr::null();
3072 }
3073
3074 void BytecodeGenerator::allocateCalleeSaveSpace()
3075 {
3076     size_t virtualRegisterCountForCalleeSaves = CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters();
3077
3078     for (size_t i = 0; i < virtualRegisterCountForCalleeSaves; i++) {
3079         RegisterID* localRegister = addVar();
3080         localRegister->ref();
3081         m_localRegistersForCalleeSaveRegisters.append(localRegister);
3082     }
3083 }
3084
3085 void BytecodeGenerator::allocateAndEmitScope()
3086 {
3087     m_scopeRegister = addVar();
3088     m_scopeRegister->ref();
3089     m_codeBlock->setScopeRegister(scopeRegister()->virtualRegister());
3090     emitGetScope();
3091     m_topMostScope = addVar();
3092     emitMove(m_topMostScope, scopeRegister());
3093 }
3094
3095 RegisterID* BytecodeGenerator::emitLoadArrowFunctionThis(RegisterID* arrowFunctionThis)
3096 {
3097     emitOpcode(op_load_arrowfunction_this);
3098     instructions().append(arrowFunctionThis->index());
3099     return arrowFunctionThis;
3100 }
3101     
3102 void BytecodeGenerator::emitComplexPopScopes(RegisterID* scope, ControlFlowContext* topScope, ControlFlowContext* bottomScope)
3103 {
3104     while (topScope > bottomScope) {
3105         // First we count the number of dynamic scopes we need to remove to get
3106         // to a finally block.
3107         int nNormalScopes = 0;
3108         while (topScope > bottomScope) {
3109             if (topScope->isFinallyBlock)
3110                 break;
3111             ++nNormalScopes;
3112             --topScope;
3113         }
3114
3115         if (nNormalScopes) {
3116             // We need to remove a number of dynamic scopes to get to the next
3117             // finally block
3118             RefPtr<RegisterID> parentScope = newTemporary();
3119             while (nNormalScopes--) {
3120                 parentScope = emitGetParentScope(parentScope.get(), scope);
3121                 emitMove(scope, parentScope.get());
3122             }
3123
3124             // If topScope == bottomScope then there isn't a finally block left to emit.
3125             if (topScope == bottomScope)
3126                 return;
3127         }
3128         
3129         Vector<ControlFlowContext> savedScopeContextStack;
3130         Vector<SwitchInfo> savedSwitchContextStack;
3131         Vector<std::unique_ptr<ForInContext>> savedForInContextStack;
3132         Vector<TryContext> poppedTryContexts;
3133         Vector<SymbolTableStackEntry> savedSymbolTableStack;
3134         LabelScopeStore savedLabelScopes;
3135         while (topScope > bottomScope && topScope->isFinallyBlock) {
3136             RefPtr<Label> beforeFinally = emitLabel(newLabel().get());
3137             
3138             // Save the current state of the world while instating the state of the world
3139             // for the finally block.
3140             FinallyContext finallyContext = topScope->finallyContext;
3141             bool flipScopes = finallyContext.scopeContextStackSize != m_scopeContextStack.size();
3142             bool flipSwitches = finallyContext.switchContextStackSize != m_switchContextStack.size();
3143             bool flipForIns = finallyContext.forInContextStackSize != m_forInContextStack.size();
3144             bool flipTries = finallyContext.tryContextStackSize != m_tryContextStack.size();
3145             bool flipLabelScopes = finallyContext.labelScopesSize != m_labelScopes.size();
3146             bool flipSymbolTableStack = finallyContext.symbolTableStackSize != m_symbolTableStack.size();
3147             int topScopeIndex = -1;
3148             int bottomScopeIndex = -1;
3149             if (flipScopes) {
3150                 topScopeIndex = topScope - m_scopeContextStack.begin();
3151                 bottomScopeIndex = bottomScope - m_scopeContextStack.begin();
3152                 savedScopeContextStack = m_scopeContextStack;
3153                 m_scopeContextStack.shrink(finallyContext.scopeContextStackSize);
3154             }
3155             if (flipSwitches) {
3156                 savedSwitchContextStack = m_switchContextStack;
3157                 m_switchContextStack.shrink(finallyContext.switchContextStackSize);
3158             }
3159             if (flipForIns) {
3160                 savedForInContextStack.swap(m_forInContextStack);
3161                 m_forInContextStack.shrink(finallyContext.forInContextStackSize);
3162             }
3163             if (flipTries) {
3164                 while (m_tryContextStack.size() != finallyContext.tryContextStackSize) {
3165                     ASSERT(m_tryContextStack.size() > finallyContext.tryContextStackSize);
3166                     TryContext context = m_tryContextStack.last();
3167                     m_tryContextStack.removeLast();
3168                     TryRange range;
3169                     range.start = context.start;
3170                     range.end = beforeFinally;
3171                     range.tryData = context.tryData;
3172                     m_tryRanges.append(range);
3173                     poppedTryContexts.append(context);
3174                 }
3175             }
3176             if (flipLabelScopes) {
3177                 savedLabelScopes = m_labelScopes;
3178                 while (m_labelScopes.size() > finallyContext.labelScopesSize)
3179                     m_labelScopes.removeLast();
3180             }