From d2c59c063a2cf3b7fedec98863e94ee30d4e6c5f Mon Sep 17 00:00:00 2001 From: Brian Hackett Date: Thu, 18 Nov 2010 18:14:22 -0800 Subject: [PATCH] Compile INITPROP/INITELEM, bug 606477. r=jorendorff,dvander --- .../tests/basic/testInitDictionary.js | 43 +++ js/src/jit-test/tests/basic/testInitSharp.js | 18 + .../jit-test/tests/basic/testInitSlowify.js | 41 +++ .../jit-test/tests/basic/testInitelemCond.js | 13 + .../jaeger/bug563000/eif-trap-typechange.js | 4 +- .../jaeger/bug563000/trap-from-add-inline.js | 2 +- .../jaeger/bug563000/trap-from-add-ool.js | 2 +- js/src/jsarray.cpp | 14 - js/src/jsarray.h | 3 + js/src/jsbuiltins.h | 1 - js/src/jsemit.cpp | 141 ++++--- js/src/jsinterp.cpp | 59 +-- js/src/jsobj.cpp | 14 +- js/src/jsobjinlines.h | 29 +- js/src/jsopcode.cpp | 78 ++-- js/src/jsopcode.h | 2 +- js/src/jsopcode.tbl | 344 +++++++++--------- js/src/jstracer.cpp | 104 ++++-- js/src/jstracer.h | 4 + js/src/jsxdrapi.h | 2 +- js/src/methodjit/Compiler.cpp | 102 +++--- js/src/methodjit/Compiler.h | 4 + js/src/methodjit/FastOps.cpp | 87 +++++ js/src/methodjit/FrameEntry.h | 16 +- js/src/methodjit/FrameState-inl.h | 10 + js/src/methodjit/FrameState.h | 6 + js/src/methodjit/StubCalls.cpp | 28 +- js/src/methodjit/StubCalls.h | 3 +- 28 files changed, 750 insertions(+), 424 deletions(-) create mode 100644 js/src/jit-test/tests/basic/testInitDictionary.js create mode 100644 js/src/jit-test/tests/basic/testInitSharp.js create mode 100644 js/src/jit-test/tests/basic/testInitSlowify.js create mode 100644 js/src/jit-test/tests/basic/testInitelemCond.js diff --git a/js/src/jit-test/tests/basic/testInitDictionary.js b/js/src/jit-test/tests/basic/testInitDictionary.js new file mode 100644 index 00000000000..219ac0e3a59 --- /dev/null +++ b/js/src/jit-test/tests/basic/testInitDictionary.js @@ -0,0 +1,43 @@ + +var shapes = {}; + +function stringify(a) { + assertEq(shapes[shapeOf(a)], undefined); + shapes[shapeOf(a)] = 1; + var b = ""; + for (var c in a) { + b += c + ":"; + if (typeof a[c] == "function") + b += "function,"; + else + b += a[c] + ","; + } + return b; +} + +function test1() { + return stringify({a: 0, b: 1, a: function() {} }); +} +for (var i = 0; i < 3; i++) + assertEq(test1(), "a:function,b:1,"); + +// This does not cause the object to go to dictionary mode, unlike the above. +function test2() { + return stringify({a: 0, b: 1, a: 2, b: 3}); +} +assertEq(test2(), "a:2,b:3,"); + +function test3() { + return stringify({ + aa:0,ab:1,ac:2,ad:3,ae:4,af:5,ag:6,ah:7,ai:8,aj:9, + ba:0,bb:1,bc:2,bd:3,be:4,bf:5,bg:6,bh:7,bi:8,bj:9, + ca:0,cb:1,cc:2,cd:3,ce:4,cf:5,cg:6,ch:7,ci:8,cj:9, + da:0,db:1,dc:2,dd:3,de:4,df:5,dg:6,dh:7,di:8,dj:9, + ea:0,eb:1,ec:2,ed:3,ee:4,ef:5,eg:6,eh:7,ei:8,ej:9, + fa:0,fb:1,fc:2,fd:3,fe:4,ff:5,fg:6,fh:7,fi:8,fj:9, + ga:0,gb:1,gc:2,gd:3,ge:4,gf:5,gg:6,gh:7,gi:8,gj:9, + ha:0,hb:1,hc:2,hd:3,he:4,hf:5,hg:6,hh:7,hi:8,hj:9 + }); +} +for (var i = 0; i < HOTLOOP + 2; i++) + assertEq(test3(), "aa:0,ab:1,ac:2,ad:3,ae:4,af:5,ag:6,ah:7,ai:8,aj:9,ba:0,bb:1,bc:2,bd:3,be:4,bf:5,bg:6,bh:7,bi:8,bj:9,ca:0,cb:1,cc:2,cd:3,ce:4,cf:5,cg:6,ch:7,ci:8,cj:9,da:0,db:1,dc:2,dd:3,de:4,df:5,dg:6,dh:7,di:8,dj:9,ea:0,eb:1,ec:2,ed:3,ee:4,ef:5,eg:6,eh:7,ei:8,ej:9,fa:0,fb:1,fc:2,fd:3,fe:4,ff:5,fg:6,fh:7,fi:8,fj:9,ga:0,gb:1,gc:2,gd:3,ge:4,gf:5,gg:6,gh:7,gi:8,gj:9,ha:0,hb:1,hc:2,hd:3,he:4,hf:5,hg:6,hh:7,hi:8,hj:9,"); diff --git a/js/src/jit-test/tests/basic/testInitSharp.js b/js/src/jit-test/tests/basic/testInitSharp.js new file mode 100644 index 00000000000..179b561b647 --- /dev/null +++ b/js/src/jit-test/tests/basic/testInitSharp.js @@ -0,0 +1,18 @@ + +function test1() { + return String(#1=[1,2,#1#.length,3,4,delete #1#[0]]); +} +assertEq(test1(), ",2,2,3,4,true"); + +function test2() { + var x = #1={a:0,b:1,c:delete #1#.a}; + var y = ""; + for (var z in x) { y += z + ":" + x[z] + ","; } + return y; +} +assertEq(test2(), "b:1,c:true,"); + +function test3() { + return String(#1=[1,2,#1#.foo = 3,4,5,6]); +} +assertEq(test3(), "1,2,3,4,5,6"); diff --git a/js/src/jit-test/tests/basic/testInitSlowify.js b/js/src/jit-test/tests/basic/testInitSlowify.js new file mode 100644 index 00000000000..fb6868c25ff --- /dev/null +++ b/js/src/jit-test/tests/basic/testInitSlowify.js @@ -0,0 +1,41 @@ + +var x = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,gc(), + ]; +assertEq(x.length, 500); +assertEq(x[10], 11); +assertEq(x[90], 11); + +function stringify(a) { + var b = ""; + for (var c in a) { b += c + ","; } + return b; +} + +var y = {a:1,b:2,c:3,d:4,e:gc(),f:6,g:7,h:8,i:9,j:gc(), + k:11,l:12,m:13,n:14,o:gc(),p:16,q:17,r:18,s:19,t:gc()}; + +assertEq(stringify(y), "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,"); diff --git a/js/src/jit-test/tests/basic/testInitelemCond.js b/js/src/jit-test/tests/basic/testInitelemCond.js new file mode 100644 index 00000000000..47ac95bdf78 --- /dev/null +++ b/js/src/jit-test/tests/basic/testInitelemCond.js @@ -0,0 +1,13 @@ + +/* Element initializers with unknown index. */ + +function foo(i) { + var x = [1,2,i == 1 ? 3 : 4,5,6]; + var y = "" + x; + if (i == 1) + assertEq(y, "1,2,3,5,6"); + else + assertEq(y, "1,2,4,5,6"); +} +for (var i = 0; i < HOTLOOP + 2; i++) + foo(i); diff --git a/js/src/jit-test/tests/jaeger/bug563000/eif-trap-typechange.js b/js/src/jit-test/tests/jaeger/bug563000/eif-trap-typechange.js index 11f2ff0a659..6826b208619 100644 --- a/js/src/jit-test/tests/jaeger/bug563000/eif-trap-typechange.js +++ b/js/src/jit-test/tests/jaeger/bug563000/eif-trap-typechange.js @@ -6,5 +6,7 @@ function caller(obj) { var x = ({ dana : "zuul" }); return x; } -trap(caller, 23, "x = 'success'; nop()"); +// 0 is the pc of "assertJit()", we want the pc of "return x", 2 lines below. +var pc = line2pc(caller, pc2line(caller, 0) + 2); +trap(caller, pc, "x = 'success'; nop()"); assertEq(caller(this), "success"); diff --git a/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-inline.js b/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-inline.js index b52389db7dd..f923504d344 100644 --- a/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-inline.js +++ b/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-inline.js @@ -2,7 +2,7 @@ setDebug(true); x = "notset"; function main() { /* The JSOP_STOP in a. */ - a = { valueOf: function () { trap(main, 38, "success()"); } }; + a = { valueOf: function () { trap(main, 36, "success()"); } }; a + ""; x = "failure"; } diff --git a/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-ool.js b/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-ool.js index fcd51c2fee3..48eb377f52c 100644 --- a/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-ool.js +++ b/js/src/jit-test/tests/jaeger/bug563000/trap-from-add-ool.js @@ -2,7 +2,7 @@ setDebug(true); x = "notset"; function main() { /* The JSOP_STOP in a. */ - a = { valueOf: function () { trap(main, 59, "success()"); } }; + a = { valueOf: function () { trap(main, 57, "success()"); } }; b = ""; eval(); a + b; diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp index 03c52286a77..488a11cc207 100644 --- a/js/src/jsarray.cpp +++ b/js/src/jsarray.cpp @@ -115,9 +115,6 @@ using namespace js::gc; #define MAXINDEX 4294967295u #define MAXSTR "4294967295" -/* Small arrays are dense, no matter what. */ -#define MIN_SPARSE_INDEX 256 - /* * Use the limit on number of object slots for sanity and consistency (see the * assertion in JSObject::makeDenseArraySlow). @@ -2987,17 +2984,6 @@ JS_DEFINE_CALLINFO_3(extern, OBJECT, js_NewPreallocatedArray, CONTEXT, OBJECT, I 0, nanojit::ACCSET_STORE_ANY) #endif -JSObject* JS_FASTCALL -js_InitializerArray(JSContext* cx, int32 count) -{ - gc::FinalizeKind kind = GuessObjectGCKind(count, true); - return NewArrayWithKind(cx, kind); -} -#ifdef JS_TRACER -JS_DEFINE_CALLINFO_2(extern, OBJECT, js_InitializerArray, CONTEXT, INT32, 0, - nanojit::ACCSET_STORE_ANY) -#endif - JSObject * js_InitArrayClass(JSContext *cx, JSObject *obj) { diff --git a/js/src/jsarray.h b/js/src/jsarray.h index ce31bf18a75..7a7cfc64918 100644 --- a/js/src/jsarray.h +++ b/js/src/jsarray.h @@ -144,6 +144,9 @@ js_NewArrayObject(JSContext *cx, jsuint length, const js::Value *vector); extern JSObject * js_NewSlowArrayObject(JSContext *cx); +/* Minimum size at which a dense array can be made sparse. */ +const uint32 MIN_SPARSE_INDEX = 256; + extern JSBool js_GetLengthProperty(JSContext *cx, JSObject *obj, jsuint *lengthp); diff --git a/js/src/jsbuiltins.h b/js/src/jsbuiltins.h index 9d0f89547e1..67e7e51e227 100644 --- a/js/src/jsbuiltins.h +++ b/js/src/jsbuiltins.h @@ -577,7 +577,6 @@ js_dmod(jsdouble a, jsdouble b); /* Defined in jsarray.cpp. */ JS_DECLARE_CALLINFO(js_NewEmptyArray) JS_DECLARE_CALLINFO(js_NewPreallocatedArray) -JS_DECLARE_CALLINFO(js_InitializerArray) JS_DECLARE_CALLINFO(js_ArrayCompPush_tn) JS_DECLARE_CALLINFO(js_EnsureDenseArrayCapacity) diff --git a/js/src/jsemit.cpp b/js/src/jsemit.cpp index 609f81cece4..7acd804c4d8 100644 --- a/js/src/jsemit.cpp +++ b/js/src/jsemit.cpp @@ -1435,6 +1435,13 @@ EmitTraceOp(JSContext *cx, JSCodeGenerator *cg) SET_UINT16(pc_, j); \ JS_END_MACRO +#define EMIT_UINT16_IN_PLACE(offset, op, i) \ + JS_BEGIN_MACRO \ + CG_CODE(cg, offset)[0] = op; \ + CG_CODE(cg, offset)[1] = UINT16_HI(i); \ + CG_CODE(cg, offset)[2] = UINT16_LO(i); \ + JS_END_MACRO + static JSBool FlushPops(JSContext *cx, JSCodeGenerator *cg, intN *npops) { @@ -1734,6 +1741,12 @@ LookupCompileTimeConstant(JSContext *cx, JSCodeGenerator *cg, JSAtom *atom, return JS_TRUE; } +static inline bool +FitsWithoutBigIndex(uintN index) +{ + return index < JS_BIT(16); +} + /* * Return JSOP_NOP to indicate that index fits 2 bytes and no index segment * reset instruction is necessary, JSOP_FALSE to indicate an error or either @@ -1753,7 +1766,7 @@ EmitBigIndexPrefix(JSContext *cx, JSCodeGenerator *cg, uintN index) JS_STATIC_ASSERT(INDEX_LIMIT >= (JSOP_INDEXBASE3 - JSOP_INDEXBASE1 + 2) << 16); - if (index < JS_BIT(16)) + if (FitsWithoutBigIndex(index)) return JSOP_NOP; indexBase = index >> 16; if (indexBase <= JSOP_INDEXBASE3 - JSOP_INDEXBASE1 + 1) { @@ -4467,15 +4480,8 @@ EmitFunctionDefNop(JSContext *cx, JSCodeGenerator *cg, uintN index) static bool EmitNewInit(JSContext *cx, JSCodeGenerator *cg, JSProtoKey key, JSParseNode *pn, int sharpnum) { - /* - * Watch for overflow on the initializer size. This isn't problematic because - * (a) we'll be reporting an error for the initializer shortly, and (b) - * the count is only used as a hint for the interpreter and JITs, and does not - * need to be correct. - */ - uint16 count = (pn->pn_count >= JS_BIT(16)) ? JS_BIT(16) - 1 : pn->pn_count; - - EMIT_UINT16PAIR_IMM_OP(JSOP_NEWINIT, (uint16) key, count); + if (js_Emit3(cx, cg, JSOP_NEWINIT, (jsbytecode) key, 0) < 0) + return false; #if JS_HAS_SHARP_VARS if (cg->hasSharps()) { if (pn->pn_count != 0) @@ -6771,41 +6777,19 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) * JSOP_NEWINIT and JSOP_INITELEM bytecodes to ignore setters and to * avoid dup'ing and popping the array as each element is added, as * JSOP_SETELEM/JSOP_SETPROP would do. - * - * If no sharp variable is defined, the initializer is not for an array - * comprehension, the initializer is not overlarge, and the initializer - * is not in global code (whose stack growth cannot be precisely modeled - * due to the need to reserve space for global variables and regular - * expressions), use JSOP_NEWARRAY to minimize opcodes and to create the - * array using a fast, all-at-once process rather than a slow, element- - * by-element process. */ #if JS_HAS_SHARP_VARS sharpnum = -1; do_emit_array: #endif - op = (JS_LIKELY(pn->pn_count < JS_BIT(16)) && cg->inFunction()) - ? JSOP_NEWARRAY - : JSOP_NEWINIT; - -#if JS_HAS_GENERATORS - if (pn->pn_type == TOK_ARRAYCOMP) - op = JSOP_NEWINIT; -#endif -#if JS_HAS_SHARP_VARS - JS_ASSERT_IF(sharpnum >= 0, cg->hasSharps()); - if (cg->hasSharps()) - op = JSOP_NEWINIT; -#endif - - if (op == JSOP_NEWINIT && !EmitNewInit(cx, cg, JSProto_Array, pn, sharpnum)) - return JS_FALSE; - #if JS_HAS_GENERATORS if (pn->pn_type == TOK_ARRAYCOMP) { uintN saveDepth; + if (!EmitNewInit(cx, cg, JSProto_Array, pn, sharpnum)) + return JS_FALSE; + /* * Pass the new array's stack index to the TOK_ARRAYPUSH case via * cg->arrayCompDepth, then simply traverse the TOK_FOR node and @@ -6825,9 +6809,25 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) } #endif /* JS_HAS_GENERATORS */ + /* + * Use the slower NEWINIT for arrays in scripts containing sharps, and when + * the array length exceeds MIN_SPARSE_INDEX and can be slowified during GC. + * :FIXME: bug 607825 handle slowify case. + */ + if (cg->hasSharps() || pn->pn_count >= MIN_SPARSE_INDEX) { + if (!EmitNewInit(cx, cg, JSProto_Array, pn, sharpnum)) + return JS_FALSE; + } else { + ptrdiff_t off = js_EmitN(cx, cg, JSOP_NEWARRAY, 3); + if (off < 0) + return JS_FALSE; + pc = CG_CODE(cg, off); + SET_UINT24(pc, pn->pn_count); + } + pn2 = pn->pn_head; for (atomIndex = 0; pn2; atomIndex++, pn2 = pn2->pn_next) { - if (op == JSOP_NEWINIT && !EmitNumberOp(cx, atomIndex, cg)) + if (!EmitNumberOp(cx, atomIndex, cg)) return JS_FALSE; if (pn2->pn_type == TOK_COMMA && pn2->pn_arity == PN_NULLARY) { if (js_Emit1(cx, cg, JSOP_HOLE) < 0) @@ -6836,7 +6836,7 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) if (!js_EmitTree(cx, cg, pn2)) return JS_FALSE; } - if (op == JSOP_NEWINIT && js_Emit1(cx, cg, JSOP_INITELEM) < 0) + if (js_Emit1(cx, cg, JSOP_INITELEM) < 0) return JS_FALSE; } JS_ASSERT(atomIndex == pn->pn_count); @@ -6847,18 +6847,12 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) return JS_FALSE; } - if (op == JSOP_NEWINIT) { - /* - * Emit an op to finish the array and, secondarily, to aid in sharp - * array cleanup (if JS_HAS_SHARP_VARS) and decompilation. - */ - if (!EmitEndInit(cx, cg, atomIndex)) - return JS_FALSE; - break; - } - - JS_ASSERT(atomIndex < JS_BIT(16)); - EMIT_UINT16_IMM_OP(JSOP_NEWARRAY, atomIndex); + /* + * Emit an op to finish the array and, secondarily, to aid in sharp + * array cleanup (if JS_HAS_SHARP_VARS) and decompilation. + */ + if (!EmitEndInit(cx, cg, atomIndex)) + return JS_FALSE; break; case TOK_RC: { @@ -6880,9 +6874,22 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) * ignore setters and to avoid dup'ing and popping the object as each * property is added, as JSOP_SETELEM/JSOP_SETPROP would do. */ + ptrdiff_t offset = CG_NEXT(cg) - CG_BASE(cg); if (!EmitNewInit(cx, cg, JSProto_Object, pn, sharpnum)) return JS_FALSE; + /* + * Try to construct the shape of the object as we go, so we can emit a + * JSOP_NEWOBJECT with the final shape instead. + */ + JSObject *obj = NULL; + if (!cg->hasSharps() && cg->compileAndGo()) { + gc::FinalizeKind kind = GuessObjectGCKind(pn->pn_count, false); + obj = NewBuiltinClassInstance(cx, &js_ObjectClass, kind); + if (!obj) + return JS_FALSE; + } + uintN methodInits = 0, slowMethodInits = 0; for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) { /* Emit an index for t[2] for later consumption by JSOP_INITELEM. */ @@ -6898,12 +6905,14 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) op = PN_OP(pn2); if (op == JSOP_GETTER || op == JSOP_SETTER) { + obj = NULL; if (js_Emit1(cx, cg, op) < 0) return JS_FALSE; } /* Annotate JSOP_INITELEM so we decompile 2:c and not just c. */ if (pn3->pn_type == TOK_NUMBER) { + obj = NULL; if (js_NewSrcNote(cx, cg, SRC_INITPROP) < 0) return JS_FALSE; if (js_Emit1(cx, cg, JSOP_INITELEM) < 0) @@ -6921,24 +6930,58 @@ js_EmitTree(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn) if (lambda) ++methodInits; if (op == JSOP_INITPROP && lambda && init->pn_funbox->joinable()) { + obj = NULL; op = JSOP_INITMETHOD; pn2->pn_op = uint8(op); } else { + /* + * Disable NEWOBJECT on initializers that set __proto__, which has + * a non-standard setter on objects. + */ + if (pn3->pn_atom == cx->runtime->atomState.protoAtom) + obj = NULL; op = JSOP_INITPROP; if (lambda) ++slowMethodInits; } + if (obj) { + JS_ASSERT(!obj->inDictionaryMode()); + JSProperty *prop = NULL; + if (!js_DefineNativeProperty(cx, obj, + ATOM_TO_JSID(pn3->pn_atom), UndefinedValue(), NULL, NULL, + JSPROP_ENUMERATE, 0, 0, &prop, 0)) { + return JS_FALSE; + } + if (obj->inDictionaryMode()) + obj = NULL; + } + EMIT_INDEX_OP(op, ALE_INDEX(ale)); } } if (cg->funbox && cg->funbox->shouldUnbrand(methodInits, slowMethodInits)) { + obj = NULL; if (js_Emit1(cx, cg, JSOP_UNBRAND) < 0) return JS_FALSE; } if (!EmitEndInit(cx, cg, pn->pn_count)) return JS_FALSE; + + if (obj) { + /* + * The object survived and has a predictable shape. Update the original bytecode, + * as long as we can do so without using a big index prefix/suffix. + */ + JSObjectBox *objbox = cg->parser->newObjectBox(obj); + if (!objbox) + return JS_FALSE; + unsigned index = cg->objectList.index(objbox); + if (FitsWithoutBigIndex(index)) + EMIT_UINT16_IN_PLACE(offset, JSOP_NEWOBJECT, uint16(index)); + } + break; } diff --git a/js/src/jsinterp.cpp b/js/src/jsinterp.cpp index 3e7ff60410c..4aea1018955 100644 --- a/js/src/jsinterp.cpp +++ b/js/src/jsinterp.cpp @@ -5879,43 +5879,56 @@ BEGIN_CASE(JSOP_HOLE) PUSH_HOLE(); END_CASE(JSOP_HOLE) -BEGIN_CASE(JSOP_NEWARRAY) -{ - len = GET_UINT16(regs.pc); - cx->assertValidStackDepth(len); - JSObject *obj = js_NewArrayObject(cx, len, regs.sp - len); - if (!obj) - goto error; - regs.sp -= len - 1; - regs.sp[-1].setObject(*obj); -} -END_CASE(JSOP_NEWARRAY) - BEGIN_CASE(JSOP_NEWINIT) { - jsint i = GET_UINT16(regs.pc); - jsint count = GET_UINT16(regs.pc + UINT16_LEN); + jsint i = regs.pc[1]; JS_ASSERT(i == JSProto_Array || i == JSProto_Object); JSObject *obj; - gc::FinalizeKind kind = GuessObjectGCKind(count, i == JSProto_Array); - if (i == JSProto_Array) { - obj = NewArrayWithKind(cx, kind); - if (!obj) - goto error; + obj = js_NewArrayObject(cx, 0, NULL); } else { + gc::FinalizeKind kind = GuessObjectGCKind(0, false); obj = NewBuiltinClassInstance(cx, &js_ObjectClass, kind); - if (!obj) - goto error; } + if (!obj) + goto error; + PUSH_OBJECT(*obj); CHECK_INTERRUPT_HANDLER(); } END_CASE(JSOP_NEWINIT) +BEGIN_CASE(JSOP_NEWARRAY) +{ + unsigned count = GET_UINT24(regs.pc); + JSObject *obj = js_NewArrayObject(cx, count, NULL); + + if (!obj || !obj->ensureDenseArrayElements(cx, count)) + goto error; + + PUSH_OBJECT(*obj); + CHECK_INTERRUPT_HANDLER(); +} +END_CASE(JSOP_NEWARRAY) + +BEGIN_CASE(JSOP_NEWOBJECT) +{ + JSObject *baseobj; + LOAD_OBJECT(0, baseobj); + + JSObject *obj = CopyInitializerObject(cx, baseobj); + + if (!obj) + goto error; + + PUSH_OBJECT(*obj); + CHECK_INTERRUPT_HANDLER(); +} +END_CASE(JSOP_NEWOBJECT) + BEGIN_CASE(JSOP_ENDINIT) { /* FIXME remove JSOP_ENDINIT bug 588522 */ @@ -5938,10 +5951,6 @@ BEGIN_CASE(JSOP_INITMETHOD) /* * Probe the property cache. * - * We can not assume that the object created by JSOP_NEWINIT is still - * single-threaded as the debugger can access it from other threads. - * So check first. - * * On a hit, if the cached shape has a non-default setter, it must be * __proto__. If shape->previous() != obj->lastProperty(), there must be a * repeated property name. The fast path does not handle these two cases. diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp index 40df4abbf56..7cd90600d6f 100644 --- a/js/src/jsobj.cpp +++ b/js/src/jsobj.cpp @@ -2831,14 +2831,18 @@ JS_DEFINE_TRCINFO_1(js_Object, nanojit::ACCSET_STORE_ANY))) JSObject* FASTCALL -js_InitializerObject(JSContext* cx, int32 count) +js_InitializerObject(JSContext* cx, JSObject *proto, JSObject *baseobj) { - gc::FinalizeKind kind = GuessObjectGCKind(count, false); - return NewBuiltinClassInstance(cx, &js_ObjectClass, kind); + if (!baseobj) { + gc::FinalizeKind kind = GuessObjectGCKind(0, false); + return NewObjectWithClassProto(cx, &js_ObjectClass, proto, kind); + } + + return CopyInitializerObject(cx, baseobj); } -JS_DEFINE_CALLINFO_2(extern, OBJECT, js_InitializerObject, CONTEXT, INT32, 0, - nanojit::ACCSET_STORE_ANY) +JS_DEFINE_CALLINFO_3(extern, OBJECT, js_InitializerObject, CONTEXT, OBJECT, OBJECT, + 0, nanojit::ACCSET_STORE_ANY) JSObject* FASTCALL js_String_tn(JSContext* cx, JSObject* proto, JSString* str) diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h index b169b774801..63456182510 100644 --- a/js/src/jsobjinlines.h +++ b/js/src/jsobjinlines.h @@ -252,6 +252,12 @@ JSObject::setPrimitiveThis(const js::Value &pthis) setSlot(JSSLOT_PRIMITIVE_THIS, pthis); } +inline js::gc::FinalizeKind +GetObjectFinalizeKind(const JSObject *obj) +{ + return js::gc::FinalizeKind(obj->arena()->header()->thingKind); +} + inline size_t JSObject::numFixedSlots() const { @@ -259,8 +265,7 @@ JSObject::numFixedSlots() const return JSObject::FUN_CLASS_RESERVED_SLOTS; if (!hasSlotsArray()) return capacity; - js::gc::FinalizeKind kind = js::gc::FinalizeKind(arena()->header()->thingKind); - return js::gc::GetGCKindSlots(kind); + return js::gc::GetGCKindSlots(GetObjectFinalizeKind(this)); } inline size_t @@ -1058,6 +1063,26 @@ NewObjectGCKind(JSContext *cx, js::Class *clasp) return gc::FINALIZE_OBJECT4; } +/* Make an object with pregenerated shape from a NEWOBJECT bytecode. */ +static inline JSObject * +CopyInitializerObject(JSContext *cx, JSObject *baseobj) +{ + JS_ASSERT(baseobj->getClass() == &js_ObjectClass); + JS_ASSERT(!baseobj->inDictionaryMode()); + + gc::FinalizeKind kind = GetObjectFinalizeKind(baseobj); + JSObject *obj = NewBuiltinClassInstance(cx, &js_ObjectClass, kind); + + if (!obj || !obj->ensureSlots(cx, baseobj->numSlots())) + return NULL; + + obj->flags = baseobj->flags; + obj->lastProp = baseobj->lastProp; + obj->objShape = baseobj->objShape; + + return obj; +} + } /* namespace js */ #endif /* jsobjinlines_h___ */ diff --git a/js/src/jsopcode.cpp b/js/src/jsopcode.cpp index b03e287d4d0..558eab5b828 100644 --- a/js/src/jsopcode.cpp +++ b/js/src/jsopcode.cpp @@ -221,8 +221,6 @@ js_GetVariableStackUses(JSOp op, jsbytecode *pc) return GET_UINT16(pc); case JSOP_LEAVEBLOCKEXPR: return GET_UINT16(pc) + 1; - case JSOP_NEWARRAY: - return GET_UINT16(pc); default: /* stack: fun, this, [argc arguments] */ JS_ASSERT(op == JSOP_NEW || op == JSOP_CALL || op == JSOP_EVAL || @@ -1012,8 +1010,7 @@ GetStr(SprintStack *ss, uintN i) /* * Gap between stacked strings to allow for insertion of parens and commas - * when auto-parenthesizing expressions and decompiling array initialisers - * (see the JSOP_NEWARRAY case in Decompile). + * when auto-parenthesizing expressions and decompiling array initialisers. */ #define PAREN_SLOP (2 + 1) @@ -1105,6 +1102,12 @@ PopStr(SprintStack *ss, JSOp op) return PopStrPrec(ss, js_CodeSpec[op].prec); } +static inline bool +IsInitializerOp(unsigned char op) +{ + return op == JSOP_NEWINIT || op == JSOP_NEWARRAY || op == JSOP_NEWOBJECT; +} + typedef struct TableEntry { jsval key; ptrdiff_t offset; @@ -4450,53 +4453,9 @@ Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop) todo = SprintPut(&ss->sprinter, "", 0); break; - case JSOP_NEWARRAY: - argc = GET_UINT16(pc); - LOCAL_ASSERT(ss->top >= (uintN) argc); - if (argc == 0) { - todo = SprintCString(&ss->sprinter, "[]"); - break; - } - - argv = (char **) cx->malloc(size_t(argc) * sizeof *argv); - if (!argv) - return NULL; - - op = JSOP_SETNAME; - ok = JS_TRUE; - i = argc; - while (i > 0) - argv[--i] = JS_strdup(cx, POP_STR()); - - todo = SprintCString(&ss->sprinter, "["); - if (todo < 0) - break; - - for (i = 0; i < argc; i++) { - if (!argv[i] || - Sprint(&ss->sprinter, ss_format, - argv[i], (i < argc - 1) ? ", " : "") < 0) { - ok = JS_FALSE; - break; - } - } - - for (i = 0; i < argc; i++) - cx->free(argv[i]); - cx->free(argv); - if (!ok) - return NULL; - - sn = js_GetSrcNote(jp->script, pc); - if (sn && SN_TYPE(sn) == SRC_CONTINUE && SprintCString(&ss->sprinter, ", ") < 0) - return NULL; - if (SprintCString(&ss->sprinter, "]") < 0) - return NULL; - break; - case JSOP_NEWINIT: { - i = GET_UINT16(pc); + i = pc[1]; LOCAL_ASSERT(i == JSProto_Array || i == JSProto_Object); todo = ss->sprinter.offset; @@ -4526,6 +4485,23 @@ Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop) break; } + case JSOP_NEWARRAY: + { + todo = ss->sprinter.offset; + ++ss->inArrayInit; + if (SprintCString(&ss->sprinter, "[") < 0) + return NULL; + break; + } + + case JSOP_NEWOBJECT: + { + todo = ss->sprinter.offset; + if (SprintCString(&ss->sprinter, "{") < 0) + return NULL; + break; + } + case JSOP_ENDINIT: { JSBool inArray; @@ -4552,7 +4528,7 @@ Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop) const char *maybeComma; case JSOP_INITELEM: - isFirst = (ss->opcodes[ss->top - 3] == JSOP_NEWINIT); + isFirst = IsInitializerOp(ss->opcodes[ss->top - 3]); /* Turn off most parens. */ op = JSOP_SETNAME; @@ -4582,7 +4558,7 @@ Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop) jschar(ATOM_IS_IDENTIFIER(atom) ? 0 : '\'')); if (!xval) return NULL; - isFirst = (ss->opcodes[ss->top - 2] == JSOP_NEWINIT); + isFirst = IsInitializerOp(ss->opcodes[ss->top - 2]); rval = POP_STR(); lval = POP_STR(); /* fall through */ diff --git a/js/src/jsopcode.h b/js/src/jsopcode.h index 74280d0a0ed..7c967f7fb94 100644 --- a/js/src/jsopcode.h +++ b/js/src/jsopcode.h @@ -379,7 +379,7 @@ js_GetVariableBytecodeLength(jsbytecode *pc); /* * Find the number of stack slots used by a variadic opcode such as JSOP_CALL - * or JSOP_NEWARRAY (for such ops, JSCodeSpec.nuses is -1). + * (for such ops, JSCodeSpec.nuses is -1). */ extern uintN js_GetVariableStackUses(JSOp op, jsbytecode *pc); diff --git a/js/src/jsopcode.tbl b/js/src/jsopcode.tbl index 5497a56bda9..c3c944f1154 100644 --- a/js/src/jsopcode.tbl +++ b/js/src/jsopcode.tbl @@ -245,112 +245,121 @@ OPDEF(JSOP_SETLOCAL, 87,"setlocal", NULL, 3, 1, 1, 3, JOF_LOCAL| /* Push unsigned 16-bit int constant. */ OPDEF(JSOP_UINT16, 88, "uint16", NULL, 3, 0, 1, 16, JOF_UINT16) -/* Object and array literal support. */ -OPDEF(JSOP_NEWINIT, 89, "newinit", NULL, 5, 0, 1, 19, JOF_UINT16PAIR) -OPDEF(JSOP_ENDINIT, 90, "endinit", NULL, 1, 0, 0, 19, JOF_BYTE) -OPDEF(JSOP_INITPROP, 91, "initprop", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_PROP|JOF_SET|JOF_DETECTING) -OPDEF(JSOP_INITELEM, 92, "initelem", NULL, 1, 3, 1, 3, JOF_BYTE |JOF_ELEM|JOF_SET|JOF_DETECTING) -OPDEF(JSOP_DEFSHARP, 93, "defsharp", NULL, 5, 0, 0, 0, JOF_UINT16PAIR|JOF_SHARPSLOT) -OPDEF(JSOP_USESHARP, 94, "usesharp", NULL, 5, 0, 1, 0, JOF_UINT16PAIR|JOF_SHARPSLOT) +/* + * Object and array literal support. NEWINIT takes the kind of initializer + * (JSProto_Array or JSProto_Object). NEWARRAY is an array initializer + * taking the final length, which can be filled in at the start and initialized + * directly. NEWOBJECT is an object initializer taking an object with the final + * shape, which can be set at the start and slots then filled in directly. + * NEWINIT has an extra byte so it can be exchanged with NEWOBJECT during emit. + */ +OPDEF(JSOP_NEWINIT, 89, "newinit", NULL, 3, 0, 1, 19, JOF_UINT8) +OPDEF(JSOP_NEWARRAY, 90, "newarray", NULL, 4, 0, 1, 19, JOF_UINT24) +OPDEF(JSOP_NEWOBJECT, 91, "newobject", NULL, 3, 0, 1, 19, JOF_OBJECT) +OPDEF(JSOP_ENDINIT, 92, "endinit", NULL, 1, 0, 0, 19, JOF_BYTE) +OPDEF(JSOP_INITPROP, 93, "initprop", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_PROP|JOF_SET|JOF_DETECTING) +OPDEF(JSOP_INITELEM, 94, "initelem", NULL, 1, 3, 1, 3, JOF_BYTE|JOF_ELEM|JOF_SET|JOF_DETECTING) +OPDEF(JSOP_DEFSHARP, 95, "defsharp", NULL, 5, 0, 0, 0, JOF_UINT16PAIR|JOF_SHARPSLOT) +OPDEF(JSOP_USESHARP, 96, "usesharp", NULL, 5, 0, 1, 0, JOF_UINT16PAIR|JOF_SHARPSLOT) /* Fast inc/dec ops for args and locals. */ -OPDEF(JSOP_INCARG, 95, "incarg", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_INC|JOF_TMPSLOT3) -OPDEF(JSOP_DECARG, 96, "decarg", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_DEC|JOF_TMPSLOT3) -OPDEF(JSOP_ARGINC, 97, "arginc", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT3) -OPDEF(JSOP_ARGDEC, 98, "argdec", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT3) +OPDEF(JSOP_INCARG, 97, "incarg", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_INC|JOF_TMPSLOT3) +OPDEF(JSOP_DECARG, 98, "decarg", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_DEC|JOF_TMPSLOT3) +OPDEF(JSOP_ARGINC, 99, "arginc", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT3) +OPDEF(JSOP_ARGDEC, 100, "argdec", NULL, 3, 0, 1, 15, JOF_QARG |JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT3) -OPDEF(JSOP_INCLOCAL, 99, "inclocal", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_INC|JOF_TMPSLOT3) -OPDEF(JSOP_DECLOCAL, 100,"declocal", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_DEC|JOF_TMPSLOT3) -OPDEF(JSOP_LOCALINC, 101,"localinc", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT3) -OPDEF(JSOP_LOCALDEC, 102,"localdec", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT3) +OPDEF(JSOP_INCLOCAL, 101,"inclocal", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_INC|JOF_TMPSLOT3) +OPDEF(JSOP_DECLOCAL, 102,"declocal", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_DEC|JOF_TMPSLOT3) +OPDEF(JSOP_LOCALINC, 103,"localinc", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT3) +OPDEF(JSOP_LOCALDEC, 104,"localdec", NULL, 3, 0, 1, 15, JOF_LOCAL|JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT3) -OPDEF(JSOP_IMACOP, 103,"imacop", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_IMACOP, 105,"imacop", NULL, 1, 0, 0, 0, JOF_BYTE) /* ECMA-compliant for/in ops. */ -OPDEF(JSOP_FORNAME, 104,"forname", NULL, 3, 1, 1, 19, JOF_ATOM|JOF_NAME|JOF_FOR|JOF_TMPSLOT3) -OPDEF(JSOP_FORPROP, 105,"forprop", NULL, 3, 2, 1, 18, JOF_ATOM|JOF_PROP|JOF_FOR|JOF_TMPSLOT3) -OPDEF(JSOP_FORELEM, 106,"forelem", NULL, 1, 1, 2, 18, JOF_BYTE |JOF_ELEM|JOF_FOR) -OPDEF(JSOP_POPN, 107,"popn", NULL, 3, -1, 0, 0, JOF_UINT16) +OPDEF(JSOP_FORNAME, 106,"forname", NULL, 3, 1, 1, 19, JOF_ATOM|JOF_NAME|JOF_FOR|JOF_TMPSLOT3) +OPDEF(JSOP_FORPROP, 107,"forprop", NULL, 3, 2, 1, 18, JOF_ATOM|JOF_PROP|JOF_FOR|JOF_TMPSLOT3) +OPDEF(JSOP_FORELEM, 108,"forelem", NULL, 1, 1, 2, 18, JOF_BYTE |JOF_ELEM|JOF_FOR) +OPDEF(JSOP_POPN, 109,"popn", NULL, 3, -1, 0, 0, JOF_UINT16) /* ECMA-compliant assignment ops. */ -OPDEF(JSOP_BINDNAME, 108,"bindname", NULL, 3, 0, 1, 0, JOF_ATOM|JOF_NAME|JOF_SET) -OPDEF(JSOP_SETNAME, 109,"setname", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_NAME|JOF_SET|JOF_DETECTING) +OPDEF(JSOP_BINDNAME, 110,"bindname", NULL, 3, 0, 1, 0, JOF_ATOM|JOF_NAME|JOF_SET) +OPDEF(JSOP_SETNAME, 111,"setname", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_NAME|JOF_SET|JOF_DETECTING) /* Exception handling ops. */ -OPDEF(JSOP_THROW, 110,js_throw_str, NULL, 1, 1, 0, 0, JOF_BYTE) +OPDEF(JSOP_THROW, 112,js_throw_str, NULL, 1, 1, 0, 0, JOF_BYTE) /* 'in' and 'instanceof' ops. */ -OPDEF(JSOP_IN, 111,js_in_str, js_in_str, 1, 2, 1, 11, JOF_BYTE|JOF_LEFTASSOC) -OPDEF(JSOP_INSTANCEOF,112,js_instanceof_str,js_instanceof_str,1,2,1,11,JOF_BYTE|JOF_LEFTASSOC|JOF_TMPSLOT) +OPDEF(JSOP_IN, 113,js_in_str, js_in_str, 1, 2, 1, 11, JOF_BYTE|JOF_LEFTASSOC) +OPDEF(JSOP_INSTANCEOF,114,js_instanceof_str,js_instanceof_str,1,2,1,11,JOF_BYTE|JOF_LEFTASSOC|JOF_TMPSLOT) /* debugger op */ -OPDEF(JSOP_DEBUGGER, 113,"debugger", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_DEBUGGER, 115,"debugger", NULL, 1, 0, 0, 0, JOF_BYTE) /* gosub/retsub for finally handling */ -OPDEF(JSOP_GOSUB, 114,"gosub", NULL, 3, 0, 0, 0, JOF_JUMP) -OPDEF(JSOP_RETSUB, 115,"retsub", NULL, 1, 2, 0, 0, JOF_BYTE) +OPDEF(JSOP_GOSUB, 116,"gosub", NULL, 3, 0, 0, 0, JOF_JUMP) +OPDEF(JSOP_RETSUB, 117,"retsub", NULL, 1, 2, 0, 0, JOF_BYTE) /* More exception handling ops. */ -OPDEF(JSOP_EXCEPTION, 116,"exception", NULL, 1, 0, 1, 0, JOF_BYTE) +OPDEF(JSOP_EXCEPTION, 118,"exception", NULL, 1, 0, 1, 0, JOF_BYTE) /* Embedded lineno to speedup pc->line mapping. */ -OPDEF(JSOP_LINENO, 117,"lineno", NULL, 3, 0, 0, 0, JOF_UINT16) +OPDEF(JSOP_LINENO, 119,"lineno", NULL, 3, 0, 0, 0, JOF_UINT16) /* * ECMA-compliant switch statement ops. * CONDSWITCH is a decompilable NOP; CASE is ===, POP, jump if true, re-push * lval if false; and DEFAULT is POP lval and GOTO. */ -OPDEF(JSOP_CONDSWITCH,118,"condswitch", NULL, 1, 0, 0, 0, JOF_BYTE|JOF_PARENHEAD) -OPDEF(JSOP_CASE, 119,"case", NULL, 3, 2, 1, 0, JOF_JUMP) -OPDEF(JSOP_DEFAULT, 120,"default", NULL, 3, 1, 0, 0, JOF_JUMP) +OPDEF(JSOP_CONDSWITCH,120,"condswitch", NULL, 1, 0, 0, 0, JOF_BYTE|JOF_PARENHEAD) +OPDEF(JSOP_CASE, 121,"case", NULL, 3, 2, 1, 0, JOF_JUMP) +OPDEF(JSOP_DEFAULT, 122,"default", NULL, 3, 1, 0, 0, JOF_JUMP) /* * ECMA-compliant call to eval op */ -OPDEF(JSOP_EVAL, 121,"eval", NULL, 3, -1, 1, 18, JOF_UINT16|JOF_INVOKE) +OPDEF(JSOP_EVAL, 123,"eval", NULL, 3, -1, 1, 18, JOF_UINT16|JOF_INVOKE) /* * ECMA-compliant helper for 'for (x[i] in o)' loops. */ -OPDEF(JSOP_ENUMELEM, 122,"enumelem", NULL, 1, 3, 0, 3, JOF_BYTE |JOF_SET|JOF_TMPSLOT) +OPDEF(JSOP_ENUMELEM, 124,"enumelem", NULL, 1, 3, 0, 3, JOF_BYTE |JOF_SET|JOF_TMPSLOT) /* * Getter and setter prefix bytecodes. These modify the next bytecode, either * an assignment or a property initializer code, which then defines a property * getter or setter. */ -OPDEF(JSOP_GETTER, 123,js_getter_str,NULL, 1, 0, 0, 0, JOF_BYTE) -OPDEF(JSOP_SETTER, 124,js_setter_str,NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_GETTER, 125,js_getter_str,NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_SETTER, 126,js_setter_str,NULL, 1, 0, 0, 0, JOF_BYTE) /* * Prolog bytecodes for defining function, var, and const names. */ -OPDEF(JSOP_DEFFUN, 125,"deffun", NULL, 3, 0, 0, 0, JOF_OBJECT|JOF_DECLARING) -OPDEF(JSOP_DEFCONST, 126,"defconst", NULL, 3, 0, 0, 0, JOF_ATOM|JOF_DECLARING) -OPDEF(JSOP_DEFVAR, 127,"defvar", NULL, 3, 0, 0, 0, JOF_ATOM|JOF_DECLARING) +OPDEF(JSOP_DEFFUN, 127,"deffun", NULL, 3, 0, 0, 0, JOF_OBJECT|JOF_DECLARING) +OPDEF(JSOP_DEFCONST, 128,"defconst", NULL, 3, 0, 0, 0, JOF_ATOM|JOF_DECLARING) +OPDEF(JSOP_DEFVAR, 129,"defvar", NULL, 3, 0, 0, 0, JOF_ATOM|JOF_DECLARING) /* Push a closure for a named or anonymous function expression. */ -OPDEF(JSOP_LAMBDA, 128, "lambda", NULL, 3, 0, 1, 19, JOF_OBJECT) +OPDEF(JSOP_LAMBDA, 130, "lambda", NULL, 3, 0, 1, 19, JOF_OBJECT) /* Used for named function expression self-naming, if lightweight. */ -OPDEF(JSOP_CALLEE, 129, "callee", NULL, 1, 0, 1, 19, JOF_BYTE) +OPDEF(JSOP_CALLEE, 131, "callee", NULL, 1, 0, 1, 19, JOF_BYTE) /* * Like JSOP_SETLOCAL, but specialized to avoid requiring JSOP_POP immediately * after to throw away the exception value. */ -OPDEF(JSOP_SETLOCALPOP, 130, "setlocalpop", NULL, 3, 1, 0, 3, JOF_LOCAL|JOF_NAME|JOF_SET) +OPDEF(JSOP_SETLOCALPOP, 132, "setlocalpop", NULL, 3, 1, 0, 3, JOF_LOCAL|JOF_NAME|JOF_SET) /* Pick an element from the stack. */ -OPDEF(JSOP_PICK, 131, "pick", NULL, 2, 0, 0, 0, JOF_UINT8) +OPDEF(JSOP_PICK, 133, "pick", NULL, 2, 0, 0, 0, JOF_UINT8) /* * Exception handling no-op, for more economical byte-coding than SRC_TRYFIN * srcnote-annotated JSOP_NOPs and to simply stack balance handling. */ -OPDEF(JSOP_TRY, 132,"try", NULL, 1, 0, 0, 0, JOF_BYTE) -OPDEF(JSOP_FINALLY, 133,"finally", NULL, 1, 0, 2, 0, JOF_BYTE) +OPDEF(JSOP_TRY, 134,"try", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_FINALLY, 135,"finally", NULL, 1, 0, 2, 0, JOF_BYTE) /* * Get a slot from a flat closure function object that contains a snapshot of @@ -358,96 +367,96 @@ OPDEF(JSOP_FINALLY, 133,"finally", NULL, 1, 0, 2, 0, JOF_BYTE) * in the function's u.i.script->upvars() array. The CALL variant computes the * callee and this-object in preparation for a JSOP_CALL. */ -OPDEF(JSOP_GETFCSLOT, 134,"getfcslot", NULL, 3, 0, 1, 19, JOF_UINT16|JOF_NAME) -OPDEF(JSOP_CALLFCSLOT, 135,"callfcslot", NULL, 3, 0, 2, 19, JOF_UINT16|JOF_NAME|JOF_CALLOP) +OPDEF(JSOP_GETFCSLOT, 136,"getfcslot", NULL, 3, 0, 1, 19, JOF_UINT16|JOF_NAME) +OPDEF(JSOP_CALLFCSLOT, 137,"callfcslot", NULL, 3, 0, 2, 19, JOF_UINT16|JOF_NAME|JOF_CALLOP) /* * Bytecodes that avoid making an arguments object in most cases: * JSOP_ARGSUB gets arguments[i] from fp->argv, iff i is in [0, fp->argc-1]. * JSOP_ARGCNT returns fp->argc. */ -OPDEF(JSOP_ARGSUB, 136,"argsub", NULL, 3, 0, 1, 18, JOF_QARG |JOF_NAME) -OPDEF(JSOP_ARGCNT, 137,"argcnt", NULL, 1, 0, 1, 18, JOF_BYTE) +OPDEF(JSOP_ARGSUB, 138,"argsub", NULL, 3, 0, 1, 18, JOF_QARG |JOF_NAME) +OPDEF(JSOP_ARGCNT, 139,"argcnt", NULL, 1, 0, 1, 18, JOF_BYTE) /* * Define a local function object as a local variable. * The local variable's slot number is the first immediate two-byte operand. * The function object's atom index is the second immediate operand. */ -OPDEF(JSOP_DEFLOCALFUN, 138,"deflocalfun",NULL, 5, 0, 0, 0, JOF_SLOTOBJECT|JOF_DECLARING|JOF_TMPSLOT) +OPDEF(JSOP_DEFLOCALFUN, 140,"deflocalfun",NULL, 5, 0, 0, 0, JOF_SLOTOBJECT|JOF_DECLARING|JOF_TMPSLOT) /* Extended jumps. */ -OPDEF(JSOP_GOTOX, 139,"gotox", NULL, 5, 0, 0, 0, JOF_JUMPX) -OPDEF(JSOP_IFEQX, 140,"ifeqx", NULL, 5, 1, 0, 4, JOF_JUMPX|JOF_DETECTING) -OPDEF(JSOP_IFNEX, 141,"ifnex", NULL, 5, 1, 0, 0, JOF_JUMPX|JOF_PARENHEAD) -OPDEF(JSOP_ORX, 142,"orx", NULL, 5, 1, 0, 5, JOF_JUMPX|JOF_DETECTING) -OPDEF(JSOP_ANDX, 143,"andx", NULL, 5, 1, 0, 6, JOF_JUMPX|JOF_DETECTING) -OPDEF(JSOP_GOSUBX, 144,"gosubx", NULL, 5, 0, 0, 0, JOF_JUMPX) -OPDEF(JSOP_CASEX, 145,"casex", NULL, 5, 2, 1, 0, JOF_JUMPX) -OPDEF(JSOP_DEFAULTX, 146,"defaultx", NULL, 5, 1, 0, 0, JOF_JUMPX) -OPDEF(JSOP_TABLESWITCHX, 147,"tableswitchx",NULL, -1, 1, 0, 0, JOF_TABLESWITCHX|JOF_DETECTING|JOF_PARENHEAD) -OPDEF(JSOP_LOOKUPSWITCHX, 148,"lookupswitchx",NULL, -1, 1, 0, 0, JOF_LOOKUPSWITCHX|JOF_DETECTING|JOF_PARENHEAD) +OPDEF(JSOP_GOTOX, 141,"gotox", NULL, 5, 0, 0, 0, JOF_JUMPX) +OPDEF(JSOP_IFEQX, 142,"ifeqx", NULL, 5, 1, 0, 4, JOF_JUMPX|JOF_DETECTING) +OPDEF(JSOP_IFNEX, 143,"ifnex", NULL, 5, 1, 0, 0, JOF_JUMPX|JOF_PARENHEAD) +OPDEF(JSOP_ORX, 144,"orx", NULL, 5, 1, 0, 5, JOF_JUMPX|JOF_DETECTING) +OPDEF(JSOP_ANDX, 145,"andx", NULL, 5, 1, 0, 6, JOF_JUMPX|JOF_DETECTING) +OPDEF(JSOP_GOSUBX, 146,"gosubx", NULL, 5, 0, 0, 0, JOF_JUMPX) +OPDEF(JSOP_CASEX, 147,"casex", NULL, 5, 2, 1, 0, JOF_JUMPX) +OPDEF(JSOP_DEFAULTX, 148,"defaultx", NULL, 5, 1, 0, 0, JOF_JUMPX) +OPDEF(JSOP_TABLESWITCHX, 149,"tableswitchx",NULL, -1, 1, 0, 0, JOF_TABLESWITCHX|JOF_DETECTING|JOF_PARENHEAD) +OPDEF(JSOP_LOOKUPSWITCHX, 150,"lookupswitchx",NULL, -1, 1, 0, 0, JOF_LOOKUPSWITCHX|JOF_DETECTING|JOF_PARENHEAD) /* Placeholders for a real jump opcode set during backpatch chain fixup. */ -OPDEF(JSOP_BACKPATCH, 149,"backpatch",NULL, 3, 0, 0, 0, JOF_JUMP|JOF_BACKPATCH) -OPDEF(JSOP_BACKPATCH_POP, 150,"backpatch_pop",NULL, 3, 1, 0, 0, JOF_JUMP|JOF_BACKPATCH) +OPDEF(JSOP_BACKPATCH, 151,"backpatch",NULL, 3, 0, 0, 0, JOF_JUMP|JOF_BACKPATCH) +OPDEF(JSOP_BACKPATCH_POP, 152,"backpatch_pop",NULL, 3, 1, 0, 0, JOF_JUMP|JOF_BACKPATCH) /* Set pending exception from the stack, to trigger rethrow. */ -OPDEF(JSOP_THROWING, 151,"throwing", NULL, 1, 1, 0, 0, JOF_BYTE) +OPDEF(JSOP_THROWING, 153,"throwing", NULL, 1, 1, 0, 0, JOF_BYTE) /* Set and get return value pseudo-register in stack frame. */ -OPDEF(JSOP_SETRVAL, 152,"setrval", NULL, 1, 1, 0, 2, JOF_BYTE) -OPDEF(JSOP_RETRVAL, 153,"retrval", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_SETRVAL, 154,"setrval", NULL, 1, 1, 0, 2, JOF_BYTE) +OPDEF(JSOP_RETRVAL, 155,"retrval", NULL, 1, 0, 0, 0, JOF_BYTE) /* Free variable references that must either be found on the global or a ReferenceError */ -OPDEF(JSOP_GETGNAME, 154,"getgname", NULL, 3, 0, 1, 19, JOF_ATOM|JOF_NAME|JOF_GNAME) -OPDEF(JSOP_SETGNAME, 155,"setgname", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_NAME|JOF_SET|JOF_DETECTING|JOF_GNAME) -OPDEF(JSOP_INCGNAME, 156,"incgname", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_INC|JOF_TMPSLOT3|JOF_GNAME) -OPDEF(JSOP_DECGNAME, 157,"decgname", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_DEC|JOF_TMPSLOT3|JOF_GNAME) -OPDEF(JSOP_GNAMEINC, 158,"gnameinc", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT3|JOF_GNAME) -OPDEF(JSOP_GNAMEDEC, 159,"gnamedec", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT3|JOF_GNAME) +OPDEF(JSOP_GETGNAME, 156,"getgname", NULL, 3, 0, 1, 19, JOF_ATOM|JOF_NAME|JOF_GNAME) +OPDEF(JSOP_SETGNAME, 157,"setgname", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_NAME|JOF_SET|JOF_DETECTING|JOF_GNAME) +OPDEF(JSOP_INCGNAME, 158,"incgname", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_INC|JOF_TMPSLOT3|JOF_GNAME) +OPDEF(JSOP_DECGNAME, 159,"decgname", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_DEC|JOF_TMPSLOT3|JOF_GNAME) +OPDEF(JSOP_GNAMEINC, 160,"gnameinc", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT3|JOF_GNAME) +OPDEF(JSOP_GNAMEDEC, 161,"gnamedec", NULL, 3, 0, 1, 15, JOF_ATOM|JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT3|JOF_GNAME) /* Regular expression literal requiring special "fork on exec" handling. */ -OPDEF(JSOP_REGEXP, 160,"regexp", NULL, 3, 0, 1, 19, JOF_REGEXP) +OPDEF(JSOP_REGEXP, 162,"regexp", NULL, 3, 0, 1, 19, JOF_REGEXP) /* XML (ECMA-357, a.k.a. "E4X") support. */ -OPDEF(JSOP_DEFXMLNS, 161,"defxmlns", NULL, 1, 1, 0, 0, JOF_BYTE) -OPDEF(JSOP_ANYNAME, 162,"anyname", NULL, 1, 0, 1, 19, JOF_BYTE|JOF_XMLNAME) -OPDEF(JSOP_QNAMEPART, 163,"qnamepart", NULL, 3, 0, 1, 19, JOF_ATOM|JOF_XMLNAME) -OPDEF(JSOP_QNAMECONST, 164,"qnameconst", NULL, 3, 1, 1, 19, JOF_ATOM|JOF_XMLNAME) -OPDEF(JSOP_QNAME, 165,"qname", NULL, 1, 2, 1, 0, JOF_BYTE|JOF_XMLNAME) -OPDEF(JSOP_TOATTRNAME, 166,"toattrname", NULL, 1, 1, 1, 19, JOF_BYTE|JOF_XMLNAME) -OPDEF(JSOP_TOATTRVAL, 167,"toattrval", NULL, 1, 1, 1, 19, JOF_BYTE) -OPDEF(JSOP_ADDATTRNAME, 168,"addattrname",NULL, 1, 2, 1, 13, JOF_BYTE) -OPDEF(JSOP_ADDATTRVAL, 169,"addattrval", NULL, 1, 2, 1, 13, JOF_BYTE) -OPDEF(JSOP_BINDXMLNAME, 170,"bindxmlname",NULL, 1, 1, 2, 3, JOF_BYTE|JOF_SET) -OPDEF(JSOP_SETXMLNAME, 171,"setxmlname", NULL, 1, 3, 1, 3, JOF_BYTE|JOF_SET|JOF_DETECTING) -OPDEF(JSOP_XMLNAME, 172,"xmlname", NULL, 1, 1, 1, 19, JOF_BYTE) -OPDEF(JSOP_DESCENDANTS, 173,"descendants",NULL, 1, 2, 1, 18, JOF_BYTE) -OPDEF(JSOP_FILTER, 174,"filter", NULL, 3, 1, 1, 0, JOF_JUMP) -OPDEF(JSOP_ENDFILTER, 175,"endfilter", NULL, 3, 2, 1, 18, JOF_JUMP) -OPDEF(JSOP_TOXML, 176,"toxml", NULL, 1, 1, 1, 19, JOF_BYTE) -OPDEF(JSOP_TOXMLLIST, 177,"toxmllist", NULL, 1, 1, 1, 19, JOF_BYTE) -OPDEF(JSOP_XMLTAGEXPR, 178,"xmltagexpr", NULL, 1, 1, 1, 0, JOF_BYTE) -OPDEF(JSOP_XMLELTEXPR, 179,"xmleltexpr", NULL, 1, 1, 1, 0, JOF_BYTE) -OPDEF(JSOP_NOTRACE, 180,"notrace", NULL, 3, 0, 0, 0, JOF_UINT16) -OPDEF(JSOP_XMLCDATA, 181,"xmlcdata", NULL, 3, 0, 1, 19, JOF_ATOM) -OPDEF(JSOP_XMLCOMMENT, 182,"xmlcomment", NULL, 3, 0, 1, 19, JOF_ATOM) -OPDEF(JSOP_XMLPI, 183,"xmlpi", NULL, 3, 1, 1, 19, JOF_ATOM) -OPDEF(JSOP_CALLPROP, 184,"callprop", NULL, 3, 1, 2, 18, JOF_ATOM|JOF_PROP|JOF_CALLOP|JOF_TMPSLOT3) +OPDEF(JSOP_DEFXMLNS, 163,"defxmlns", NULL, 1, 1, 0, 0, JOF_BYTE) +OPDEF(JSOP_ANYNAME, 164,"anyname", NULL, 1, 0, 1, 19, JOF_BYTE|JOF_XMLNAME) +OPDEF(JSOP_QNAMEPART, 165,"qnamepart", NULL, 3, 0, 1, 19, JOF_ATOM|JOF_XMLNAME) +OPDEF(JSOP_QNAMECONST, 166,"qnameconst", NULL, 3, 1, 1, 19, JOF_ATOM|JOF_XMLNAME) +OPDEF(JSOP_QNAME, 167,"qname", NULL, 1, 2, 1, 0, JOF_BYTE|JOF_XMLNAME) +OPDEF(JSOP_TOATTRNAME, 168,"toattrname", NULL, 1, 1, 1, 19, JOF_BYTE|JOF_XMLNAME) +OPDEF(JSOP_TOATTRVAL, 169,"toattrval", NULL, 1, 1, 1, 19, JOF_BYTE) +OPDEF(JSOP_ADDATTRNAME, 170,"addattrname",NULL, 1, 2, 1, 13, JOF_BYTE) +OPDEF(JSOP_ADDATTRVAL, 171,"addattrval", NULL, 1, 2, 1, 13, JOF_BYTE) +OPDEF(JSOP_BINDXMLNAME, 172,"bindxmlname",NULL, 1, 1, 2, 3, JOF_BYTE|JOF_SET) +OPDEF(JSOP_SETXMLNAME, 173,"setxmlname", NULL, 1, 3, 1, 3, JOF_BYTE|JOF_SET|JOF_DETECTING) +OPDEF(JSOP_XMLNAME, 174,"xmlname", NULL, 1, 1, 1, 19, JOF_BYTE) +OPDEF(JSOP_DESCENDANTS, 175,"descendants",NULL, 1, 2, 1, 18, JOF_BYTE) +OPDEF(JSOP_FILTER, 176,"filter", NULL, 3, 1, 1, 0, JOF_JUMP) +OPDEF(JSOP_ENDFILTER, 177,"endfilter", NULL, 3, 2, 1, 18, JOF_JUMP) +OPDEF(JSOP_TOXML, 178,"toxml", NULL, 1, 1, 1, 19, JOF_BYTE) +OPDEF(JSOP_TOXMLLIST, 179,"toxmllist", NULL, 1, 1, 1, 19, JOF_BYTE) +OPDEF(JSOP_XMLTAGEXPR, 180,"xmltagexpr", NULL, 1, 1, 1, 0, JOF_BYTE) +OPDEF(JSOP_XMLELTEXPR, 181,"xmleltexpr", NULL, 1, 1, 1, 0, JOF_BYTE) +OPDEF(JSOP_NOTRACE, 182,"notrace", NULL, 3, 0, 0, 0, JOF_UINT16) +OPDEF(JSOP_XMLCDATA, 183,"xmlcdata", NULL, 3, 0, 1, 19, JOF_ATOM) +OPDEF(JSOP_XMLCOMMENT, 184,"xmlcomment", NULL, 3, 0, 1, 19, JOF_ATOM) +OPDEF(JSOP_XMLPI, 185,"xmlpi", NULL, 3, 1, 1, 19, JOF_ATOM) +OPDEF(JSOP_CALLPROP, 186,"callprop", NULL, 3, 1, 2, 18, JOF_ATOM|JOF_PROP|JOF_CALLOP|JOF_TMPSLOT3) /* * Get a display (free) variable from the closure's reserved slots. */ -OPDEF(JSOP_GETUPVAR, 185,"getupvar", NULL, 3, 0, 1, 19, JOF_UINT16|JOF_NAME) -OPDEF(JSOP_CALLUPVAR, 186,"callupvar", NULL, 3, 0, 2, 19, JOF_UINT16|JOF_NAME|JOF_CALLOP) +OPDEF(JSOP_GETUPVAR, 187,"getupvar", NULL, 3, 0, 1, 19, JOF_UINT16|JOF_NAME) +OPDEF(JSOP_CALLUPVAR, 188,"callupvar", NULL, 3, 0, 2, 19, JOF_UINT16|JOF_NAME|JOF_CALLOP) -OPDEF(JSOP_DELDESC, 187,"deldesc", NULL, 1, 2, 1, 15, JOF_BYTE|JOF_ELEM|JOF_DEL) +OPDEF(JSOP_DELDESC, 189,"deldesc", NULL, 1, 2, 1, 15, JOF_BYTE|JOF_ELEM|JOF_DEL) /* * Opcode to hold 24-bit immediate integer operands. */ -OPDEF(JSOP_UINT24, 188,"uint24", NULL, 4, 0, 1, 16, JOF_UINT24) +OPDEF(JSOP_UINT24, 190,"uint24", NULL, 4, 0, 1, 16, JOF_UINT24) /* * Opcodes to allow 24-bit atom or object indexes. Whenever an index exceeds @@ -455,164 +464,155 @@ OPDEF(JSOP_UINT24, 188,"uint24", NULL, 4, 0, 1, 16, JOF_UINT24 * JSOP_INDEXBASE and JSOP_RESETBASE to provide the upper bits of the index. * See jsemit.c, EmitIndexOp. */ -OPDEF(JSOP_INDEXBASE, 189,"indexbase", NULL, 2, 0, 0, 0, JOF_UINT8|JOF_INDEXBASE) -OPDEF(JSOP_RESETBASE, 190,"resetbase", NULL, 1, 0, 0, 0, JOF_BYTE) -OPDEF(JSOP_RESETBASE0, 191,"resetbase0", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_INDEXBASE, 191,"indexbase", NULL, 2, 0, 0, 0, JOF_UINT8|JOF_INDEXBASE) +OPDEF(JSOP_RESETBASE, 192,"resetbase", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_RESETBASE0, 193,"resetbase0", NULL, 1, 0, 0, 0, JOF_BYTE) /* * Opcodes to help the decompiler deal with XML. */ -OPDEF(JSOP_STARTXML, 192,"startxml", NULL, 1, 0, 0, 0, JOF_BYTE) -OPDEF(JSOP_STARTXMLEXPR, 193,"startxmlexpr",NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_STARTXML, 194,"startxml", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_STARTXMLEXPR, 195,"startxmlexpr",NULL, 1, 0, 0, 0, JOF_BYTE) -OPDEF(JSOP_CALLELEM, 194, "callelem", NULL, 1, 2, 2, 18, JOF_BYTE |JOF_ELEM|JOF_LEFTASSOC|JOF_CALLOP) +OPDEF(JSOP_CALLELEM, 196, "callelem", NULL, 1, 2, 2, 18, JOF_BYTE |JOF_ELEM|JOF_LEFTASSOC|JOF_CALLOP) /* * Stop interpretation, emitted at end of script to save the threaded bytecode * interpreter an extra branch test on every DO_NEXT_OP (see jsinterp.c). */ -OPDEF(JSOP_STOP, 195,"stop", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_STOP, 197,"stop", NULL, 1, 0, 0, 0, JOF_BYTE) /* * Get an extant property value, throwing ReferenceError if the identified * property does not exist. */ -OPDEF(JSOP_GETXPROP, 196,"getxprop", NULL, 3, 1, 1, 18, JOF_ATOM|JOF_PROP) +OPDEF(JSOP_GETXPROP, 198,"getxprop", NULL, 3, 1, 1, 18, JOF_ATOM|JOF_PROP) -OPDEF(JSOP_CALLXMLNAME, 197, "callxmlname", NULL, 1, 1, 2, 19, JOF_BYTE|JOF_CALLOP) +OPDEF(JSOP_CALLXMLNAME, 199, "callxmlname", NULL, 1, 1, 2, 19, JOF_BYTE|JOF_CALLOP) /* * Specialized JSOP_TYPEOF to avoid reporting undefined for typeof(0, undef). */ -OPDEF(JSOP_TYPEOFEXPR, 198,"typeofexpr", NULL, 1, 1, 1, 15, JOF_BYTE|JOF_DETECTING) +OPDEF(JSOP_TYPEOFEXPR, 200,"typeofexpr", NULL, 1, 1, 1, 15, JOF_BYTE|JOF_DETECTING) /* * Block-local scope support. */ -OPDEF(JSOP_ENTERBLOCK, 199,"enterblock", NULL, 3, 0, -1, 0, JOF_OBJECT) -OPDEF(JSOP_LEAVEBLOCK, 200,"leaveblock", NULL, 5, -1, 0, 0, JOF_UINT16) +OPDEF(JSOP_ENTERBLOCK, 201,"enterblock", NULL, 3, 0, -1, 0, JOF_OBJECT) +OPDEF(JSOP_LEAVEBLOCK, 202,"leaveblock", NULL, 5, -1, 0, 0, JOF_UINT16) /* Jump to target if top of stack value is of primitive type. */ -OPDEF(JSOP_IFPRIMTOP, 201,"ifprimtop", NULL, 3, 1, 1, 0, JOF_JUMP|JOF_DETECTING) +OPDEF(JSOP_IFPRIMTOP, 203,"ifprimtop", NULL, 3, 1, 1, 0, JOF_JUMP|JOF_DETECTING) /* Throws a TypeError if the value at the top of the stack is not primitive. */ -OPDEF(JSOP_PRIMTOP, 202,"primtop", NULL, 2, 1, 1, 0, JOF_INT8) +OPDEF(JSOP_PRIMTOP, 204,"primtop", NULL, 2, 1, 1, 0, JOF_INT8) /* * Generator and array comprehension support. */ -OPDEF(JSOP_GENERATOR, 203,"generator", NULL, 1, 0, 0, 0, JOF_BYTE) -OPDEF(JSOP_YIELD, 204,"yield", NULL, 1, 1, 1, 1, JOF_BYTE) -OPDEF(JSOP_ARRAYPUSH, 205,"arraypush", NULL, 3, 1, 0, 3, JOF_LOCAL) +OPDEF(JSOP_GENERATOR, 205,"generator", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_YIELD, 206,"yield", NULL, 1, 1, 1, 1, JOF_BYTE) +OPDEF(JSOP_ARRAYPUSH, 207,"arraypush", NULL, 3, 1, 0, 3, JOF_LOCAL) /* * Get the built-in function::foo namespace and push it. */ -OPDEF(JSOP_GETFUNNS, 206,"getfunns", NULL, 1, 0, 1, 19, JOF_BYTE) +OPDEF(JSOP_GETFUNNS, 208,"getfunns", NULL, 1, 0, 1, 19, JOF_BYTE) /* * Variant of JSOP_ENUMELEM for destructuring const (const [a, b] = ...). */ -OPDEF(JSOP_ENUMCONSTELEM, 207,"enumconstelem",NULL, 1, 3, 0, 3, JOF_BYTE|JOF_SET) +OPDEF(JSOP_ENUMCONSTELEM, 209,"enumconstelem",NULL, 1, 3, 0, 3, JOF_BYTE|JOF_SET) /* * Variant of JSOP_LEAVEBLOCK has a result on the stack above the locals, * which must be moved down when the block pops. */ -OPDEF(JSOP_LEAVEBLOCKEXPR,208,"leaveblockexpr",NULL, 5, -1, 1, 3, JOF_UINT16) +OPDEF(JSOP_LEAVEBLOCKEXPR,210,"leaveblockexpr",NULL, 5, -1, 1, 3, JOF_UINT16) /* * Optimize common JSOP_{THIS,GET{ARG,LOCAL}} -> JSOP_GETPROP cliches. */ -OPDEF(JSOP_GETTHISPROP, 209,"getthisprop", NULL, 3, 0, 1, 18, JOF_ATOM|JOF_VARPROP) -OPDEF(JSOP_GETARGPROP, 210,"getargprop", NULL, 5, 0, 1, 18, JOF_SLOTATOM|JOF_VARPROP) -OPDEF(JSOP_GETLOCALPROP, 211,"getlocalprop", NULL, 5, 0, 1, 18, JOF_SLOTATOM|JOF_VARPROP) +OPDEF(JSOP_GETTHISPROP, 211,"getthisprop", NULL, 3, 0, 1, 18, JOF_ATOM|JOF_VARPROP) +OPDEF(JSOP_GETARGPROP, 212,"getargprop", NULL, 5, 0, 1, 18, JOF_SLOTATOM|JOF_VARPROP) +OPDEF(JSOP_GETLOCALPROP, 213,"getlocalprop", NULL, 5, 0, 1, 18, JOF_SLOTATOM|JOF_VARPROP) /* * Optimize atom segments 1-3. These must be followed by JSOP_RESETBASE0 after * the opcode that they prefix. */ -OPDEF(JSOP_INDEXBASE1, 212,"indexbase1", NULL, 1, 0, 0, 0, JOF_BYTE |JOF_INDEXBASE) -OPDEF(JSOP_INDEXBASE2, 213,"indexbase2", NULL, 1, 0, 0, 0, JOF_BYTE |JOF_INDEXBASE) -OPDEF(JSOP_INDEXBASE3, 214,"indexbase3", NULL, 1, 0, 0, 0, JOF_BYTE |JOF_INDEXBASE) +OPDEF(JSOP_INDEXBASE1, 214,"indexbase1", NULL, 1, 0, 0, 0, JOF_BYTE |JOF_INDEXBASE) +OPDEF(JSOP_INDEXBASE2, 215,"indexbase2", NULL, 1, 0, 0, 0, JOF_BYTE |JOF_INDEXBASE) +OPDEF(JSOP_INDEXBASE3, 216,"indexbase3", NULL, 1, 0, 0, 0, JOF_BYTE |JOF_INDEXBASE) -OPDEF(JSOP_CALLGNAME, 215, "callgname", NULL, 3, 0, 2, 19, JOF_ATOM|JOF_NAME|JOF_CALLOP|JOF_GNAME) -OPDEF(JSOP_CALLLOCAL, 216, "calllocal", NULL, 3, 0, 2, 19, JOF_LOCAL|JOF_NAME|JOF_CALLOP) -OPDEF(JSOP_CALLARG, 217, "callarg", NULL, 3, 0, 2, 19, JOF_QARG |JOF_NAME|JOF_CALLOP) -OPDEF(JSOP_BINDGNAME, 218, "bindgname", NULL, 3, 0, 1, 0, JOF_ATOM|JOF_NAME|JOF_SET|JOF_GNAME) +OPDEF(JSOP_CALLGNAME, 217, "callgname", NULL, 3, 0, 2, 19, JOF_ATOM|JOF_NAME|JOF_CALLOP|JOF_GNAME) +OPDEF(JSOP_CALLLOCAL, 218, "calllocal", NULL, 3, 0, 2, 19, JOF_LOCAL|JOF_NAME|JOF_CALLOP) +OPDEF(JSOP_CALLARG, 219, "callarg", NULL, 3, 0, 2, 19, JOF_QARG |JOF_NAME|JOF_CALLOP) +OPDEF(JSOP_BINDGNAME, 220, "bindgname", NULL, 3, 0, 1, 0, JOF_ATOM|JOF_NAME|JOF_SET|JOF_GNAME) /* * Opcodes to hold 8-bit and 32-bit immediate integer operands. */ -OPDEF(JSOP_INT8, 219, "int8", NULL, 2, 0, 1, 16, JOF_INT8) -OPDEF(JSOP_INT32, 220, "int32", NULL, 5, 0, 1, 16, JOF_INT32) +OPDEF(JSOP_INT8, 221, "int8", NULL, 2, 0, 1, 16, JOF_INT8) +OPDEF(JSOP_INT32, 222, "int32", NULL, 5, 0, 1, 16, JOF_INT32) /* * Get the value of the 'length' property from a stacked object. */ -OPDEF(JSOP_LENGTH, 221, "length", NULL, 1, 1, 1, 18, JOF_BYTE|JOF_PROP) - -/* - * Construct a new dense array whose contents are the values provided on the - * stack, consuming those values and replacing them with the newly-constructed - * array. The topmost value is the last value in the new array, and the - * bottommost value is the first value in the array; the array length is a - * 16-bit immediate operand to the instruction. - */ -OPDEF(JSOP_NEWARRAY, 222, "newarray", NULL, 3, -1, 1, 19, JOF_UINT16) +OPDEF(JSOP_LENGTH, 223, "length", NULL, 1, 1, 1, 18, JOF_BYTE|JOF_PROP) /* * Push a JSVAL_HOLE value onto the stack, representing an omitted property in * an array literal (e.g. property 0 in the array [, 1]). This opcode is used - * with the JSOP_NEWARRAY and JSOP_NEWINIT opcodes. + * with the JSOP_NEWARRAY opcode. */ -OPDEF(JSOP_HOLE, 223, "hole", NULL, 1, 0, 1, 0, JOF_BYTE) +OPDEF(JSOP_HOLE, 224, "hole", NULL, 1, 0, 1, 0, JOF_BYTE) /* * Variants of JSOP_{DEF{,LOCAL}FUN,LAMBDA} optimized for the flat closure case. */ -OPDEF(JSOP_DEFFUN_FC, 224,"deffun_fc", NULL, 3, 0, 0, 0, JOF_OBJECT|JOF_DECLARING) -OPDEF(JSOP_DEFLOCALFUN_FC,225,"deflocalfun_fc",NULL, 5, 0, 0, 0, JOF_SLOTOBJECT|JOF_DECLARING|JOF_TMPSLOT) -OPDEF(JSOP_LAMBDA_FC, 226,"lambda_fc", NULL, 3, 0, 1, 19, JOF_OBJECT) +OPDEF(JSOP_DEFFUN_FC, 225,"deffun_fc", NULL, 3, 0, 0, 0, JOF_OBJECT|JOF_DECLARING) +OPDEF(JSOP_DEFLOCALFUN_FC,226,"deflocalfun_fc",NULL, 5, 0, 0, 0, JOF_SLOTOBJECT|JOF_DECLARING|JOF_TMPSLOT) +OPDEF(JSOP_LAMBDA_FC, 227,"lambda_fc", NULL, 3, 0, 1, 19, JOF_OBJECT) /* * Ensure that the value on the top of the stack is an object. The one * argument is an error message, defined in js.msg, that takes one parameter * (the decompilation of the primitive value). */ -OPDEF(JSOP_OBJTOP, 227,"objtop", NULL, 3, 0, 0, 0, JOF_UINT16) +OPDEF(JSOP_OBJTOP, 228,"objtop", NULL, 3, 0, 0, 0, JOF_UINT16) /* This opcode stores an index that is unique to the given loop. */ -OPDEF(JSOP_TRACE, 228, "trace", NULL, 3, 0, 0, 0, JOF_UINT16) +OPDEF(JSOP_TRACE, 229, "trace", NULL, 3, 0, 0, 0, JOF_UINT16) /* * Debugger versions of JSOP_{GET,CALL}UPVAR and the flat closure (_FC) ops. */ -OPDEF(JSOP_GETUPVAR_DBG, 229,"getupvar_dbg", NULL, 3, 0, 1, 19, JOF_UINT16|JOF_NAME) -OPDEF(JSOP_CALLUPVAR_DBG, 230,"callupvar_dbg", NULL, 3, 0, 2, 19, JOF_UINT16|JOF_NAME|JOF_CALLOP) -OPDEF(JSOP_DEFFUN_DBGFC, 231,"deffun_dbgfc", NULL, 3, 0, 0, 0, JOF_OBJECT|JOF_DECLARING) -OPDEF(JSOP_DEFLOCALFUN_DBGFC,232,"deflocalfun_dbgfc",NULL, 5, 0, 0, 0, JOF_SLOTOBJECT|JOF_DECLARING|JOF_TMPSLOT) -OPDEF(JSOP_LAMBDA_DBGFC, 233,"lambda_dbgfc", NULL, 3, 0, 1, 19, JOF_OBJECT) +OPDEF(JSOP_GETUPVAR_DBG, 230,"getupvar_dbg", NULL, 3, 0, 1, 19, JOF_UINT16|JOF_NAME) +OPDEF(JSOP_CALLUPVAR_DBG, 231,"callupvar_dbg", NULL, 3, 0, 2, 19, JOF_UINT16|JOF_NAME|JOF_CALLOP) +OPDEF(JSOP_DEFFUN_DBGFC, 232,"deffun_dbgfc", NULL, 3, 0, 0, 0, JOF_OBJECT|JOF_DECLARING) +OPDEF(JSOP_DEFLOCALFUN_DBGFC,233,"deflocalfun_dbgfc",NULL, 5, 0, 0, 0, JOF_SLOTOBJECT|JOF_DECLARING|JOF_TMPSLOT) +OPDEF(JSOP_LAMBDA_DBGFC, 234,"lambda_dbgfc", NULL, 3, 0, 1, 19, JOF_OBJECT) /* * Joined function object as method optimization support. */ -OPDEF(JSOP_SETMETHOD, 234,"setmethod", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_PROP|JOF_SET|JOF_DETECTING) -OPDEF(JSOP_INITMETHOD, 235,"initmethod", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_PROP|JOF_SET|JOF_DETECTING) -OPDEF(JSOP_UNBRAND, 236,"unbrand", NULL, 1, 1, 1, 0, JOF_BYTE) -OPDEF(JSOP_UNBRANDTHIS, 237,"unbrandthis", NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_SETMETHOD, 235,"setmethod", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_PROP|JOF_SET|JOF_DETECTING) +OPDEF(JSOP_INITMETHOD, 236,"initmethod", NULL, 3, 2, 1, 3, JOF_ATOM|JOF_PROP|JOF_SET|JOF_DETECTING) +OPDEF(JSOP_UNBRAND, 237,"unbrand", NULL, 1, 1, 1, 0, JOF_BYTE) +OPDEF(JSOP_UNBRANDTHIS, 238,"unbrandthis", NULL, 1, 0, 0, 0, JOF_BYTE) -OPDEF(JSOP_SHARPINIT, 238,"sharpinit", NULL, 3, 0, 0, 0, JOF_UINT16|JOF_SHARPSLOT) +OPDEF(JSOP_SHARPINIT, 239,"sharpinit", NULL, 3, 0, 0, 0, JOF_UINT16|JOF_SHARPSLOT) /* Static binding for globals. */ -OPDEF(JSOP_GETGLOBAL, 239,"getglobal", NULL, 3, 0, 1, 19, JOF_GLOBAL|JOF_NAME) -OPDEF(JSOP_SETGLOBAL, 240,"setglobal", NULL, 3, 1, 1, 3, JOF_GLOBAL|JOF_NAME|JOF_SET|JOF_DETECTING) -OPDEF(JSOP_INCGLOBAL, 241,"incglobal", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_INC|JOF_TMPSLOT2) -OPDEF(JSOP_DECGLOBAL, 242,"decglobal", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_DEC|JOF_TMPSLOT2) -OPDEF(JSOP_GLOBALINC, 243,"globalinc", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT2) -OPDEF(JSOP_GLOBALDEC, 244,"globaldec", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT2) -OPDEF(JSOP_CALLGLOBAL, 245,"callglobal", NULL, 3, 0, 2, 19, JOF_GLOBAL|JOF_NAME|JOF_CALLOP) -OPDEF(JSOP_FORGLOBAL, 246,"forglobal", NULL, 3, 1, 1, 19, JOF_GLOBAL|JOF_NAME|JOF_FOR|JOF_TMPSLOT) +OPDEF(JSOP_GETGLOBAL, 240,"getglobal", NULL, 3, 0, 1, 19, JOF_GLOBAL|JOF_NAME) +OPDEF(JSOP_SETGLOBAL, 241,"setglobal", NULL, 3, 1, 1, 3, JOF_GLOBAL|JOF_NAME|JOF_SET|JOF_DETECTING) +OPDEF(JSOP_INCGLOBAL, 242,"incglobal", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_INC|JOF_TMPSLOT2) +OPDEF(JSOP_DECGLOBAL, 243,"decglobal", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_DEC|JOF_TMPSLOT2) +OPDEF(JSOP_GLOBALINC, 244,"globalinc", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_INC|JOF_POST|JOF_TMPSLOT2) +OPDEF(JSOP_GLOBALDEC, 245,"globaldec", NULL, 3, 0, 1, 15, JOF_GLOBAL|JOF_NAME|JOF_DEC|JOF_POST|JOF_TMPSLOT2) +OPDEF(JSOP_CALLGLOBAL, 246,"callglobal", NULL, 3, 0, 2, 19, JOF_GLOBAL|JOF_NAME|JOF_CALLOP) +OPDEF(JSOP_FORGLOBAL, 247,"forglobal", NULL, 3, 1, 1, 19, JOF_GLOBAL|JOF_NAME|JOF_FOR|JOF_TMPSLOT) /* * These opcodes contain a reference to the current blockChain object. @@ -621,10 +621,8 @@ OPDEF(JSOP_FORGLOBAL, 246,"forglobal", NULL, 3, 1, 1, 19, JOF_GLOBAL * does not permit NULL object references, since it stores an index into a table of * objects. */ -OPDEF(JSOP_BLOCKCHAIN, 247,"blockchain", NULL, 3, 0, 0, 0, JOF_OBJECT) -OPDEF(JSOP_NULLBLOCKCHAIN,248,"nullblockchain",NULL, 1, 0, 0, 0, JOF_BYTE) +OPDEF(JSOP_BLOCKCHAIN, 248,"blockchain", NULL, 3, 0, 0, 0, JOF_OBJECT) +OPDEF(JSOP_NULLBLOCKCHAIN,249,"nullblockchain",NULL, 1, 0, 0, 0, JOF_BYTE) /* Like JSOP_FUNAPPLY but for f.call instead of f.apply. */ -OPDEF(JSOP_FUNCALL, 249,"funcall", NULL, 3, -1, 1, 18, JOF_UINT16|JOF_INVOKE) - -/* When changing bytecodes, don't forget to update JSXDR_BYTECODE_VERSION. */ +OPDEF(JSOP_FUNCALL, 250,"funcall", NULL, 3, -1, 1, 18, JOF_UINT16|JOF_INVOKE) diff --git a/js/src/jstracer.cpp b/js/src/jstracer.cpp index 5c24db90d8b..0bb333e6ab0 100644 --- a/js/src/jstracer.cpp +++ b/js/src/jstracer.cpp @@ -2227,6 +2227,8 @@ TraceRecorder::TraceRecorder(JSContext* cx, VMSideExit* anchor, VMFragment* frag trashSelf(false), whichTreesToTrash(&tempAlloc()), guardedShapeTable(cx), + initDepth(0), + hadNewInit(false), rval_ins(NULL), native_rval_ins(NULL), newobj_ins(NULL), @@ -14070,18 +14072,20 @@ TraceRecorder::record_JSOP_UINT16() JS_REQUIRES_STACK AbortableRecordingStatus TraceRecorder::record_JSOP_NEWINIT() { - JSProtoKey key = JSProtoKey(GET_UINT16(cx->regs->pc)); - uint32 count = GET_UINT16(cx->regs->pc + UINT16_LEN); + initDepth++; + hadNewInit = true; + + JSProtoKey key = JSProtoKey(cx->regs->pc[1]); LIns* proto_ins; CHECK_STATUS_A(getClassPrototype(key, proto_ins)); LIns *v_ins; if (key == JSProto_Array) { - LIns *args[] = { w.immi(count), cx_ins }; - v_ins = w.call(&js_InitializerArray_ci, args); + LIns *args[] = { w.immi(0), proto_ins, cx_ins }; + v_ins = w.call(&js_NewPreallocatedArray_ci, args); } else { - LIns *args[] = { w.immi(count), cx_ins }; + LIns *args[] = { w.immpNull(), proto_ins, cx_ins }; v_ins = w.call(&js_InitializerObject_ci, args); } guard(false, w.eqp0(v_ins), OOM_EXIT); @@ -14089,9 +14093,48 @@ TraceRecorder::record_JSOP_NEWINIT() return ARECORD_CONTINUE; } +JS_REQUIRES_STACK AbortableRecordingStatus +TraceRecorder::record_JSOP_NEWARRAY() +{ + initDepth++; + + LIns* proto_ins; + CHECK_STATUS_A(getClassPrototype(JSProto_Array, proto_ins)); + + unsigned count = GET_UINT24(cx->regs->pc); + LIns *args[] = { w.immi(count), proto_ins, cx_ins }; + LIns *v_ins = w.call(&js_NewPreallocatedArray_ci, args); + + guard(false, w.eqp0(v_ins), OOM_EXIT); + stack(0, v_ins); + return ARECORD_CONTINUE; +} + +JS_REQUIRES_STACK AbortableRecordingStatus +TraceRecorder::record_JSOP_NEWOBJECT() +{ + initDepth++; + + LIns* proto_ins; + CHECK_STATUS_A(getClassPrototype(JSProto_Object, proto_ins)); + + JSObject* baseobj = cx->fp()->script()->getObject(getFullIndex(0)); + + LIns *args[] = { w.immpObjGC(baseobj), proto_ins, cx_ins }; + LIns *v_ins = w.call(&js_InitializerObject_ci, args); + + guard(false, w.eqp0(v_ins), OOM_EXIT); + stack(0, v_ins); + return ARECORD_CONTINUE; +} + JS_REQUIRES_STACK AbortableRecordingStatus TraceRecorder::record_JSOP_ENDINIT() { + initDepth--; + if (initDepth == 0) + hadNewInit = false; + #ifdef DEBUG Value& v = stackval(-1); JS_ASSERT(!v.isPrimitive()); @@ -14109,7 +14152,30 @@ TraceRecorder::record_JSOP_INITPROP() JS_REQUIRES_STACK AbortableRecordingStatus TraceRecorder::record_JSOP_INITELEM() { - return setElem(-3, -2, -1); + Value& v = stackval(-1); + Value& idx = stackval(-2); + Value& lval = stackval(-3); + + // The object is either a dense Array or an Object. Only handle the dense case here. + // Also skip array initializers which might be unoptimized NEWINIT initializers. + if (!lval.toObject().isDenseArray() || hadNewInit) + return setElem(-3, -2, -1); + + // The index is always the same constant integer. + JS_ASSERT(idx.isInt32()); + + // Nothing to do for holes, the array's length has already been set. + if (v.isMagic(JS_ARRAY_HOLE)) + return ARECORD_CONTINUE; + + LIns* obj_ins = get(&lval); + LIns* v_ins = get(&v); + + // Set the element. + LIns *slots_ins = w.ldpObjSlots(obj_ins); + box_value_into(v, v_ins, DSlotsAddress(slots_ins, idx.toInt32())); + + return ARECORD_CONTINUE; } JS_REQUIRES_STACK AbortableRecordingStatus @@ -15833,32 +15899,6 @@ TraceRecorder::record_JSOP_LENGTH() return ARECORD_CONTINUE; } -JS_REQUIRES_STACK AbortableRecordingStatus -TraceRecorder::record_JSOP_NEWARRAY() -{ - LIns *proto_ins; - CHECK_STATUS_A(getClassPrototype(JSProto_Array, proto_ins)); - - uint32 len = GET_UINT16(cx->regs->pc); - cx->assertValidStackDepth(len); - - LIns* args[] = { w.immi(len), proto_ins, cx_ins }; - LIns* v_ins = w.call(&js_NewPreallocatedArray_ci, args); - guard(false, w.eqp0(v_ins), OOM_EXIT); - - LIns* slots_ins = NULL; - uint32 count = 0; - for (uint32 i = 0; i < len; i++) { - Value& v = stackval(int(i) - int(len)); - if (!v.isMagic()) - count++; - stobj_set_dslot(v_ins, i, slots_ins, v, get(&v)); - } - - stack(-int(len), v_ins); - return ARECORD_CONTINUE; -} - JS_REQUIRES_STACK AbortableRecordingStatus TraceRecorder::record_JSOP_HOLE() { diff --git a/js/src/jstracer.h b/js/src/jstracer.h index f0ab77ad358..226b72c3980 100644 --- a/js/src/jstracer.h +++ b/js/src/jstracer.h @@ -1082,6 +1082,10 @@ class TraceRecorder /* The set of objects whose shapes already have been guarded. */ GuardedShapeTable guardedShapeTable; + /* Current initializer depth, and whether any of the initializers are unoptimized NEWINIT. */ + int initDepth; + bool hadNewInit; + /***************************************** Temporal state hoisted into the recording session */ /* Carry the return value from a STOP/RETURN to the subsequent record_LeaveFrame. */ diff --git a/js/src/jsxdrapi.h b/js/src/jsxdrapi.h index 65eb6b396ae..67178e6821d 100644 --- a/js/src/jsxdrapi.h +++ b/js/src/jsxdrapi.h @@ -205,7 +205,7 @@ JS_XDRFindClassById(JSXDRState *xdr, uint32 id); * before deserialization of bytecode. If the saved version does not match * the current version, abort deserialization and invalidate the file. */ -#define JSXDR_BYTECODE_VERSION (0xb973c0de - 77) +#define JSXDR_BYTECODE_VERSION (0xb973c0de - 78) /* * Library-private functions. diff --git a/js/src/methodjit/Compiler.cpp b/js/src/methodjit/Compiler.cpp index b074daeb960..a8e256e2615 100644 --- a/js/src/methodjit/Compiler.cpp +++ b/js/src/methodjit/Compiler.cpp @@ -1506,44 +1506,33 @@ mjit::Compiler::generateMethod() END_CASE(JSOP_UINT16) BEGIN_CASE(JSOP_NEWINIT) - { - jsint i = GET_UINT16(PC); - uint32 count = GET_UINT16(PC + UINT16_LEN); - - JS_ASSERT(i == JSProto_Array || i == JSProto_Object); - - prepareStubCall(Uses(0)); - masm.move(Imm32(count), Registers::ArgReg1); - if (i == JSProto_Array) - INLINE_STUBCALL(stubs::NewInitArray); - else - INLINE_STUBCALL(stubs::NewInitObject); - frame.takeReg(Registers::ReturnReg); - frame.pushTypedPayload(JSVAL_TYPE_OBJECT, Registers::ReturnReg); - } + jsop_newinit(); END_CASE(JSOP_NEWINIT) + BEGIN_CASE(JSOP_NEWARRAY) + jsop_newinit(); + END_CASE(JSOP_NEWARRAY) + + BEGIN_CASE(JSOP_NEWOBJECT) + jsop_newinit(); + END_CASE(JSOP_NEWOBJECT) + BEGIN_CASE(JSOP_ENDINIT) END_CASE(JSOP_ENDINIT) - BEGIN_CASE(JSOP_INITPROP) - { - JSAtom *atom = script->getAtom(fullAtomIndex(PC)); - prepareStubCall(Uses(2)); - masm.move(ImmPtr(atom), Registers::ArgReg1); - INLINE_STUBCALL(stubs::InitProp); + BEGIN_CASE(JSOP_INITMETHOD) + jsop_initmethod(); + frame.pop(); + END_CASE(JSOP_INITMETHOD) + + BEGIN_CASE(JSOP_INITPROP) + jsop_initprop(); frame.pop(); - } END_CASE(JSOP_INITPROP) BEGIN_CASE(JSOP_INITELEM) - { - JSOp next = JSOp(PC[JSOP_INITELEM_LENGTH]); - prepareStubCall(Uses(3)); - masm.move(Imm32(next == JSOP_ENDINIT ? 1 : 0), Registers::ArgReg1); - INLINE_STUBCALL(stubs::InitElem); + jsop_initelem(); frame.popn(2); - } END_CASE(JSOP_INITELEM) BEGIN_CASE(JSOP_INCARG) @@ -1941,18 +1930,6 @@ mjit::Compiler::generateMethod() frame.push(Value(Int32Value(GET_INT32(PC)))); END_CASE(JSOP_INT32) - BEGIN_CASE(JSOP_NEWARRAY) - { - uint32 len = GET_UINT16(PC); - prepareStubCall(Uses(len)); - masm.move(Imm32(len), Registers::ArgReg1); - INLINE_STUBCALL(stubs::NewArray); - frame.popn(len); - frame.takeReg(Registers::ReturnReg); - frame.pushTypedPayload(JSVAL_TYPE_OBJECT, Registers::ReturnReg); - } - END_CASE(JSOP_NEWARRAY) - BEGIN_CASE(JSOP_HOLE) frame.push(MagicValue(JS_ARRAY_HOLE)); END_CASE(JSOP_HOLE) @@ -1982,16 +1959,6 @@ mjit::Compiler::generateMethod() INLINE_STUBCALL(stubs::Debugger); END_CASE(JSOP_DEBUGGER) - BEGIN_CASE(JSOP_INITMETHOD) - { - JSAtom *atom = script->getAtom(fullAtomIndex(PC)); - prepareStubCall(Uses(2)); - masm.move(ImmPtr(atom), Registers::ArgReg1); - INLINE_STUBCALL(stubs::InitMethod); - frame.pop(); - } - END_CASE(JSOP_INITMETHOD) - BEGIN_CASE(JSOP_UNBRAND) jsop_unbrand(); END_CASE(JSOP_UNBRAND) @@ -4710,6 +4677,41 @@ mjit::Compiler::jsop_arguments() INLINE_STUBCALL(stubs::Arguments); } +void +mjit::Compiler::jsop_newinit() +{ + bool isArray; + unsigned count = 0; + JSObject *baseobj = NULL; + switch (*PC) { + case JSOP_NEWINIT: + isArray = (PC[1] == JSProto_Array); + break; + case JSOP_NEWARRAY: + isArray = true; + count = GET_UINT24(PC); + break; + case JSOP_NEWOBJECT: + isArray = false; + baseobj = script->getObject(fullAtomIndex(PC)); + break; + default: + JS_NOT_REACHED("Bad op"); + return; + } + + prepareStubCall(Uses(0)); + if (isArray) { + masm.move(Imm32(count), Registers::ArgReg1); + INLINE_STUBCALL(stubs::NewInitArray); + } else { + masm.move(ImmPtr(baseobj), Registers::ArgReg1); + INLINE_STUBCALL(stubs::NewInitObject); + } + frame.takeReg(Registers::ReturnReg); + frame.pushInitializerObject(Registers::ReturnReg, *PC == JSOP_NEWARRAY, baseobj); +} + /* * Note: This function emits tracer hooks into the OOL path. This means if * it is used in the middle of an in-progress slow path, the stream will be diff --git a/js/src/methodjit/Compiler.h b/js/src/methodjit/Compiler.h index 647c5872b3a..eb80f8066f3 100644 --- a/js/src/methodjit/Compiler.h +++ b/js/src/methodjit/Compiler.h @@ -453,6 +453,10 @@ class Compiler : public BaseCompiler bool jsop_andor(JSOp op, jsbytecode *target); void jsop_arginc(JSOp op, uint32 slot, bool popped); void jsop_localinc(JSOp op, uint32 slot, bool popped); + void jsop_newinit(); + void jsop_initmethod(); + void jsop_initprop(); + void jsop_initelem(); bool jsop_setelem(); bool jsop_getelem(bool isCall); bool isCacheableBaseAndIndex(FrameEntry *obj, FrameEntry *id); diff --git a/js/src/methodjit/FastOps.cpp b/js/src/methodjit/FastOps.cpp index fdba3fced99..7384b37c399 100644 --- a/js/src/methodjit/FastOps.cpp +++ b/js/src/methodjit/FastOps.cpp @@ -38,6 +38,8 @@ * * ***** END LICENSE BLOCK ***** */ #include "jsbool.h" +#include "jscntxt.h" +#include "jsemit.h" #include "jslibmath.h" #include "jsnum.h" #include "jsscope.h" @@ -1780,3 +1782,88 @@ mjit::Compiler::jsop_pos() stubcc.rejoin(Changes(1)); } +void +mjit::Compiler::jsop_initmethod() +{ + FrameEntry *obj = frame.peek(-2); + JSAtom *atom = script->getAtom(fullAtomIndex(PC)); + + /* Initializers with INITMETHOD are not fast yet. */ + JS_ASSERT(!obj->initializerObject()); + + prepareStubCall(Uses(2)); + masm.move(ImmPtr(atom), Registers::ArgReg1); + INLINE_STUBCALL(stubs::InitMethod); +} + +void +mjit::Compiler::jsop_initprop() +{ + FrameEntry *obj = frame.peek(-2); + FrameEntry *fe = frame.peek(-1); + JSAtom *atom = script->getAtom(fullAtomIndex(PC)); + + JSObject *baseobj = obj->initializerObject(); + + if (!baseobj) { + prepareStubCall(Uses(2)); + masm.move(ImmPtr(atom), Registers::ArgReg1); + INLINE_STUBCALL(stubs::InitProp); + return; + } + + JSObject *holder; + JSProperty *prop = NULL; +#ifdef DEBUG + int res = +#endif + js_LookupPropertyWithFlags(cx, baseobj, ATOM_TO_JSID(atom), + JSRESOLVE_QUALIFIED, &holder, &prop); + JS_ASSERT(res >= 0 && prop && holder == baseobj); + + RegisterID objReg = frame.copyDataIntoReg(obj); + masm.loadPtr(Address(objReg, offsetof(JSObject, slots)), objReg); + + /* Perform the store. */ + Shape *shape = (Shape *) prop; + frame.storeTo(fe, Address(objReg, shape->slot * sizeof(Value))); + frame.freeReg(objReg); +} + +void +mjit::Compiler::jsop_initelem() +{ + FrameEntry *obj = frame.peek(-3); + FrameEntry *id = frame.peek(-2); + FrameEntry *fe = frame.peek(-1); + + /* + * The initialized index is always a constant, but we won't remember which + * constant if there are branches inside the code computing the initializer + * expression (e.g. the expression uses the '?' operator). Slow path those + * cases, as well as those where INITELEM is used on an object initializer + * or a non-fast array initializer. + */ + if (!id->isConstant() || !obj->initializerArray()) { + JSOp next = JSOp(PC[JSOP_INITELEM_LENGTH]); + + prepareStubCall(Uses(3)); + masm.move(Imm32(next == JSOP_ENDINIT ? 1 : 0), Registers::ArgReg1); + INLINE_STUBCALL(stubs::InitElem); + return; + } + + JS_ASSERT(id->getValue().isInt32()); + + if (fe->isConstant() && fe->getValue().isMagic(JS_ARRAY_HOLE)) { + /* The array already has the correct length, nothing to do. */ + return; + } + + RegisterID objReg = frame.copyDataIntoReg(obj); + masm.loadPtr(Address(objReg, offsetof(JSObject, slots)), objReg); + + /* Perform the store. */ + frame.storeTo(fe, Address(objReg, id->getValue().toInt32() * sizeof(Value))); + frame.freeReg(objReg); +} diff --git a/js/src/methodjit/FrameEntry.h b/js/src/methodjit/FrameEntry.h index 3b59179f4ec..defd5fd4796 100644 --- a/js/src/methodjit/FrameEntry.h +++ b/js/src/methodjit/FrameEntry.h @@ -41,6 +41,7 @@ #define jsjaeger_valueinfo_h__ #include "jsapi.h" +#include "jstypes.h" #include "methodjit/MachineRegs.h" #include "methodjit/RematInfo.h" #include "assembler/assembler/MacroAssembler.h" @@ -122,6 +123,14 @@ class FrameEntry return backing() == other->backing(); } + inline bool initializerArray() { + return initArray; + } + + inline JSObject *initializerObject() { + return initObject; + } + private: void setType(JSValueType type_) { type.setConstant(); @@ -244,7 +253,12 @@ class FrameEntry bool copied; bool isNumber; bool tracked; - char padding[1]; + bool initArray; + JSObject *initObject; + +#if (JS_BITS_PER_WORD == 32) + void *padding; +#endif }; } /* namespace mjit */ diff --git a/js/src/methodjit/FrameState-inl.h b/js/src/methodjit/FrameState-inl.h index fe0304e96be..5fede0ec247 100644 --- a/js/src/methodjit/FrameState-inl.h +++ b/js/src/methodjit/FrameState-inl.h @@ -342,6 +342,16 @@ FrameState::pushInt32(RegisterID payload) regstate[payload].associate(fe, RematInfo::DATA); } +inline void +FrameState::pushInitializerObject(RegisterID payload, bool array, JSObject *baseobj) +{ + pushTypedPayload(JSVAL_TYPE_OBJECT, payload); + + FrameEntry *fe = peek(-1); + fe->initArray = array; + fe->initObject = baseobj; +} + inline void FrameState::pushUntypedPayload(JSValueType type, RegisterID payload) { diff --git a/js/src/methodjit/FrameState.h b/js/src/methodjit/FrameState.h index bb55a3369ac..d376661350c 100644 --- a/js/src/methodjit/FrameState.h +++ b/js/src/methodjit/FrameState.h @@ -309,6 +309,12 @@ class FrameState */ inline void pushInt32(RegisterID payload); + /* + * Pushes an initializer with specified payload, storing whether it is an array + * or object whose contents can be initialized in fast paths. + */ + inline void pushInitializerObject(RegisterID payload, bool array, JSObject *baseobj); + /* * Pops a value off the operation stack, freeing any of its resources. */ diff --git a/js/src/methodjit/StubCalls.cpp b/js/src/methodjit/StubCalls.cpp index 78766a61621..dd4a21ef998 100644 --- a/js/src/methodjit/StubCalls.cpp +++ b/js/src/methodjit/StubCalls.cpp @@ -1268,15 +1268,6 @@ stubs::Mod(VMFrame &f) } } -JSObject *JS_FASTCALL -stubs::NewArray(VMFrame &f, uint32 len) -{ - JSObject *obj = js_NewArrayObject(f.cx, len, f.regs.sp - len); - if (!obj) - THROWV(NULL); - return obj; -} - void JS_FASTCALL stubs::Debugger(VMFrame &f, jsbytecode *pc) { @@ -1378,19 +1369,28 @@ stubs::NewInitArray(VMFrame &f, uint32 count) JSObject *obj = NewArrayWithKind(cx, kind); if (!obj || !obj->ensureSlots(cx, count)) THROWV(NULL); + + obj->setArrayLength(count); return obj; } JSObject * JS_FASTCALL -stubs::NewInitObject(VMFrame &f, uint32 count) +stubs::NewInitObject(VMFrame &f, JSObject *baseobj) { JSContext *cx = f.cx; - gc::FinalizeKind kind = GuessObjectGCKind(count, false); - JSObject *obj = NewBuiltinClassInstance(cx, &js_ObjectClass, kind); - if (!obj || !obj->ensureSlots(cx, count)) + if (!baseobj) { + gc::FinalizeKind kind = GuessObjectGCKind(0, false); + JSObject *obj = NewBuiltinClassInstance(cx, &js_ObjectClass, kind); + if (!obj) + THROWV(NULL); + return obj; + } + + JSObject *obj = CopyInitializerObject(cx, baseobj); + + if (!obj) THROWV(NULL); - return obj; } diff --git a/js/src/methodjit/StubCalls.h b/js/src/methodjit/StubCalls.h index bae601db672..dd3698a4411 100644 --- a/js/src/methodjit/StubCalls.h +++ b/js/src/methodjit/StubCalls.h @@ -49,8 +49,7 @@ namespace stubs { void JS_FASTCALL This(VMFrame &f); JSObject * JS_FASTCALL NewInitArray(VMFrame &f, uint32 count); -JSObject * JS_FASTCALL NewInitObject(VMFrame &f, uint32 count); -JSObject * JS_FASTCALL NewArray(VMFrame &f, uint32 len); +JSObject * JS_FASTCALL NewInitObject(VMFrame &f, JSObject *base); void JS_FASTCALL Trap(VMFrame &f, jsbytecode *pc); void JS_FASTCALL Debugger(VMFrame &f, jsbytecode *pc); void JS_FASTCALL Interrupt(VMFrame &f, jsbytecode *pc);