From c516007d7fe108af2fcdedbc3059b7b1332d2645 Mon Sep 17 00:00:00 2001 From: "weinig@apple.com" Date: Tue, 16 Sep 2008 03:46:58 +0000 Subject: [PATCH] 2008-09-15 Sam Weinig Roll out r36462. It broke document.all. * VM/CTI.cpp: (JSC::CTI::privateCompileMainPass): (JSC::CTI::privateCompileSlowCases): * VM/CTI.h: * VM/Machine.cpp: (JSC::Machine::Machine): (JSC::Machine::cti_op_eq_null): (JSC::Machine::cti_op_neq_null): * VM/Machine.h: (JSC::Machine::isJSString): * kjs/JSCell.h: * kjs/JSWrapperObject.h: * kjs/StringObject.h: * kjs/StringObjectThatMasqueradesAsUndefined.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@36475 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- JavaScriptCore/ChangeLog | 20 ++++++ JavaScriptCore/VM/CTI.cpp | 74 ++-------------------- JavaScriptCore/VM/CTI.h | 5 +- JavaScriptCore/VM/Machine.cpp | 10 +-- JavaScriptCore/VM/Machine.h | 2 - JavaScriptCore/kjs/JSCell.h | 4 -- JavaScriptCore/kjs/JSWrapperObject.h | 7 -- JavaScriptCore/kjs/StringObject.h | 4 -- .../kjs/StringObjectThatMasqueradesAsUndefined.h | 4 -- 9 files changed, 27 insertions(+), 103 deletions(-) diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog index f9bda2f..4bf2bd3 100644 --- a/JavaScriptCore/ChangeLog +++ b/JavaScriptCore/ChangeLog @@ -1,3 +1,23 @@ +2008-09-15 Sam Weinig + + + Roll out r36462. It broke document.all. + + * VM/CTI.cpp: + (JSC::CTI::privateCompileMainPass): + (JSC::CTI::privateCompileSlowCases): + * VM/CTI.h: + * VM/Machine.cpp: + (JSC::Machine::Machine): + (JSC::Machine::cti_op_eq_null): + (JSC::Machine::cti_op_neq_null): + * VM/Machine.h: + (JSC::Machine::isJSString): + * kjs/JSCell.h: + * kjs/JSWrapperObject.h: + * kjs/StringObject.h: + * kjs/StringObjectThatMasqueradesAsUndefined.h: + 2008-09-15 Cameron Zwarich Reviewed by Maciej Stachowiak. diff --git a/JavaScriptCore/VM/CTI.cpp b/JavaScriptCore/VM/CTI.cpp index 5dd3c25..77247ec 100644 --- a/JavaScriptCore/VM/CTI.cpp +++ b/JavaScriptCore/VM/CTI.cpp @@ -317,12 +317,6 @@ ALWAYS_INLINE X86Assembler::JmpSrc CTI::emitCall(unsigned opcodeIndex, CTIHelper return call; } -ALWAYS_INLINE void CTI::emitJumpSlowCaseIfIsJSCell(X86Assembler::RegisterID reg, unsigned opcodeIndex) -{ - m_jit.testl_i32r(JSImmediate::TagMask, reg); - m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJe(), opcodeIndex)); -} - ALWAYS_INLINE void CTI::emitJumpSlowCaseIfNotJSCell(X86Assembler::RegisterID reg, unsigned opcodeIndex) { m_jit.testl_i32r(JSImmediate::TagMask, reg); @@ -1402,32 +1396,16 @@ void CTI::privateCompileMainPass() break; } case op_eq_null: { - emitGetArg(instruction[i + 2].u.operand, X86::edx); - - // go to a slow case either if this is not an immediate, or if the immediate is not undefined/null. - emitJumpSlowCaseIfIsJSCell(X86::edx, i); - m_jit.andl_i32r(~JSImmediate::ExtendedTagBitUndefined, X86::edx); - m_jit.cmpl_i32r(JSImmediate::FullTagTypeNull, X86::edx); - m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJne(), i)); - - m_jit.movl_i32r(reinterpret_cast(JSImmediate::trueImmediate()), X86::eax); + emitGetPutArg(instruction[i + 2].u.operand, 0, X86::ecx); + emitCall(i, Machine::cti_op_eq_null); emitPutResult(instruction[i + 1].u.operand); - i += 3; break; } case op_neq_null: { - emitGetArg(instruction[i + 2].u.operand, X86::edx); - - // go to a slow case either if this is not an immediate, or if the immediate is not undefined/null. - emitJumpSlowCaseIfIsJSCell(X86::edx, i); - m_jit.andl_i32r(~JSImmediate::ExtendedTagBitUndefined, X86::edx); - m_jit.cmpl_i32r(JSImmediate::FullTagTypeNull, X86::edx); - m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJne(), i)); - - m_jit.movl_i32r(reinterpret_cast(JSImmediate::falseImmediate()), X86::eax); + emitGetPutArg(instruction[i + 2].u.operand, 0, X86::ecx); + emitCall(i, Machine::cti_op_neq_null); emitPutResult(instruction[i + 1].u.operand); - i += 3; break; } @@ -1876,50 +1854,6 @@ void CTI::privateCompileSlowCases() break; } CTI_COMPILE_BINARY_OP_SLOW_CASE(op_mul); - case op_eq_null: { - m_jit.link(iter->from, m_jit.label()); - - // Value is a JSCell - speculate false, check for StringObjectThatMasqueradesAsUndefined. - m_jit.movl_i32r(reinterpret_cast(JSImmediate::falseImmediate()), X86::eax); - emitPutResult(instruction[i + 1].u.operand); - m_jit.cmpl_i32m(reinterpret_cast(m_machine->m_jsStringObjectThatMasqueradesAsUndefinedVptr), X86::edx); - m_jit.link(m_jit.emitUnlinkedJne(), m_labels[i + 3]); - - // Value is a StringObjectThatMasqueradesAsUndefined - m_jit.movl_i32r(reinterpret_cast(JSImmediate::trueImmediate()), X86::eax); - emitPutResult(instruction[i + 1].u.operand); - m_jit.link(m_jit.emitUnlinkedJmp(), m_labels[i + 3]); - - // Value is an immediate other than undefined/null - m_jit.link((++iter)->from, m_jit.label()); - m_jit.movl_i32r(reinterpret_cast(JSImmediate::falseImmediate()), X86::eax); - emitPutResult(instruction[i + 1].u.operand); - - i += 3; - break; - } - case op_neq_null: { - m_jit.link(iter->from, m_jit.label()); - - // Value is a JSCell - speculate false, check for StringObjectThatMasqueradesAsUndefined. - m_jit.movl_i32r(reinterpret_cast(JSImmediate::trueImmediate()), X86::eax); - emitPutResult(instruction[i + 1].u.operand); - m_jit.cmpl_i32m(reinterpret_cast(m_machine->m_jsStringObjectThatMasqueradesAsUndefinedVptr), X86::edx); - m_jit.link(m_jit.emitUnlinkedJne(), m_labels[i + 3]); - - // Value is a StringObjectThatMasqueradesAsUndefined - m_jit.movl_i32r(reinterpret_cast(JSImmediate::falseImmediate()), X86::eax); - emitPutResult(instruction[i + 1].u.operand); - m_jit.link(m_jit.emitUnlinkedJmp(), m_labels[i + 3]); - - // Value is an immediate other than undefined/null - m_jit.link((++iter)->from, m_jit.label()); - m_jit.movl_i32r(reinterpret_cast(JSImmediate::trueImmediate()), X86::eax); - emitPutResult(instruction[i + 1].u.operand); - - i += 3; - break; - } default: ASSERT_NOT_REACHED(); break; diff --git a/JavaScriptCore/VM/CTI.h b/JavaScriptCore/VM/CTI.h index 4066a83..22bbdfc 100644 --- a/JavaScriptCore/VM/CTI.h +++ b/JavaScriptCore/VM/CTI.h @@ -244,11 +244,7 @@ namespace JSC { static const int repatchOffsetGetByIdStructureID = 19; static const int repatchOffsetGetByIdBranchToSlowCase = 25; static const int repatchOffsetGetByIdPropertyMapOffset = 34; -#if ENABLE(SAMPLING_TOOL) - static const int repatchOffsetGetByIdSlowCaseCall = 27; -#else static const int repatchOffsetGetByIdSlowCaseCall = 17; -#endif public: static void compile(Machine* machine, ExecState* exec, CodeBlock* codeBlock) @@ -357,6 +353,7 @@ namespace JSC { void emitJumpSlowCaseIfIsJSCell(X86Assembler::RegisterID reg, unsigned opcodeIndex); void emitJumpSlowCaseIfNotJSCell(X86Assembler::RegisterID reg, unsigned opcodeIndex); + void emitJumpSlowCaseIfNotImm(X86Assembler::RegisterID, unsigned opcodeIndex); void emitJumpSlowCaseIfNotImms(X86Assembler::RegisterID, X86Assembler::RegisterID, unsigned opcodeIndex); diff --git a/JavaScriptCore/VM/Machine.cpp b/JavaScriptCore/VM/Machine.cpp index 0b0952d..d59b54d 100644 --- a/JavaScriptCore/VM/Machine.cpp +++ b/JavaScriptCore/VM/Machine.cpp @@ -53,7 +53,6 @@ #include "debugger.h" #include "operations.h" #include "SamplingTool.h" -#include "StringObjectThatMasqueradesAsUndefined.h" #include #if PLATFORM(DARWIN) @@ -572,10 +571,6 @@ Machine::Machine() m_jsArrayVptr = jsArray->vptr(); static_cast(jsArray)->~JSCell(); - StringObjectThatMasqueradesAsUndefined* jsStringObjectThatMasqueradesAsUndefined = new (storage) StringObjectThatMasqueradesAsUndefined(StringObjectThatMasqueradesAsUndefined::VPtrStealingHack); - m_jsStringObjectThatMasqueradesAsUndefinedVptr = jsStringObjectThatMasqueradesAsUndefined->vptr(); - static_cast(jsStringObjectThatMasqueradesAsUndefined)->~JSCell(); - JSString* jsString = new (storage) JSString(JSString::VPtrStealingHack); m_jsStringVptr = jsString->vptr(); static_cast(jsString)->~JSCell(); @@ -5427,11 +5422,10 @@ void Machine::cti_op_debug(CTI_ARGS) JSValue* Machine::cti_op_eq_null(CTI_ARGS) { JSValue* src = ARG_src1; - if (src->isUndefinedOrNull()) return jsBoolean(true); - return jsBoolean(ARG_exec->machine()->doesMasqueradesAsUndefined(src)); + return jsBoolean(!JSImmediate::isImmediate(src) && static_cast(src)->masqueradeAsUndefined()); } JSValue* Machine::cti_op_neq_null(CTI_ARGS) @@ -5440,7 +5434,7 @@ JSValue* Machine::cti_op_neq_null(CTI_ARGS) if (src->isUndefinedOrNull()) return jsBoolean(false); - return jsBoolean(!ARG_exec->machine()->doesMasqueradesAsUndefined(src)); + return jsBoolean(JSImmediate::isImmediate(src) || !static_cast(src)->masqueradeAsUndefined()); } void* Machine::cti_vm_throw(CTI_ARGS) diff --git a/JavaScriptCore/VM/Machine.h b/JavaScriptCore/VM/Machine.h index d145642..d75af90 100644 --- a/JavaScriptCore/VM/Machine.h +++ b/JavaScriptCore/VM/Machine.h @@ -260,7 +260,6 @@ namespace JSC { bool isJSArray(JSValue* v) { return !JSImmediate::isImmediate(v) && v->asCell()->vptr() == m_jsArrayVptr; } bool isJSString(JSValue* v) { return !JSImmediate::isImmediate(v) && v->asCell()->vptr() == m_jsStringVptr; } - bool doesMasqueradesAsUndefined(JSValue* v) { return !JSImmediate::isImmediate(v) && v->asCell()->vptr() == m_jsStringObjectThatMasqueradesAsUndefinedVptr; } void tryCacheGetByID(ExecState*, CodeBlock*, Instruction* vPC, JSValue* baseValue, const Identifier& propertyName, const PropertySlot&); void uncacheGetByID(CodeBlock*, Instruction* vPC); @@ -292,7 +291,6 @@ namespace JSC { void* m_jsArrayVptr; void* m_jsStringVptr; - void* m_jsStringObjectThatMasqueradesAsUndefinedVptr; void* m_jsFunctionVptr; #if HAVE(COMPUTED_GOTO) diff --git a/JavaScriptCore/kjs/JSCell.h b/JavaScriptCore/kjs/JSCell.h index c1ad5f9..3c9fbfb 100644 --- a/JavaScriptCore/kjs/JSCell.h +++ b/JavaScriptCore/kjs/JSCell.h @@ -78,10 +78,6 @@ namespace JSC { virtual JSObject* toObject(ExecState*) const = 0; // WebCore uses this to make document.all and style.filter undetectable - // - // This in checked in CTI using a vptr check, so currently only StringObjectThatMasqueradesAsUndefined - // overloading ths is supported. If this behaviour is required in other classes, then we will need - // update the code generated. virtual bool masqueradeAsUndefined() const { return false; } // Garbage collection. diff --git a/JavaScriptCore/kjs/JSWrapperObject.h b/JavaScriptCore/kjs/JSWrapperObject.h index ea33f2e..3c7c6f9 100644 --- a/JavaScriptCore/kjs/JSWrapperObject.h +++ b/JavaScriptCore/kjs/JSWrapperObject.h @@ -34,13 +34,6 @@ namespace JSC { */ class JSWrapperObject : public JSObject { public: - - enum VPtrStealingHackType { VPtrStealingHack }; - JSWrapperObject(VPtrStealingHackType) - : JSObject(StructureID::create(jsNull())) - { - } - JSWrapperObject(JSObject* prototype); JSValue* internalValue() const; diff --git a/JavaScriptCore/kjs/StringObject.h b/JavaScriptCore/kjs/StringObject.h index cc41d2e..597c8dd 100644 --- a/JavaScriptCore/kjs/StringObject.h +++ b/JavaScriptCore/kjs/StringObject.h @@ -28,10 +28,6 @@ namespace JSC { class StringObject : public JSWrapperObject { public: - StringObject(VPtrStealingHackType type) - : JSWrapperObject(type) - { - } StringObject(ExecState*, JSObject* prototype); StringObject(ExecState*, JSObject* prototype, const UString&); diff --git a/JavaScriptCore/kjs/StringObjectThatMasqueradesAsUndefined.h b/JavaScriptCore/kjs/StringObjectThatMasqueradesAsUndefined.h index 6ee9497..122eb42 100644 --- a/JavaScriptCore/kjs/StringObjectThatMasqueradesAsUndefined.h +++ b/JavaScriptCore/kjs/StringObjectThatMasqueradesAsUndefined.h @@ -29,10 +29,6 @@ namespace JSC { // WebCore uses this to make style.filter undetectable class StringObjectThatMasqueradesAsUndefined : public StringObject { public: - StringObjectThatMasqueradesAsUndefined(VPtrStealingHackType type) - : StringObject(type) - { - } StringObjectThatMasqueradesAsUndefined(ExecState* exec, JSObject* prototype, const UString& string) : StringObject(exec, prototype, string) { -- 1.8.3.1