Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (177145 => 177146)
--- trunk/Source/_javascript_Core/ChangeLog 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-12-11 16:41:33 UTC (rev 177146)
@@ -1,3 +1,75 @@
+2014-12-11 Michael Saboff <msab...@apple.com>
+
+ REGRESSION: Use of undefined CallFrame::ScopeChain value
+ https://bugs.webkit.org/show_bug.cgi?id=139533
+
+ Reviewed by Mark Lam.
+
+ Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
+ all usages of these funcitons. In some cases the scope is passed in or determined
+ another way. In some cases the scope is used to calculate other values. Lastly
+ were places where these functions where used that are no longer needed. For
+ example when making a call, the caller's ScopeChain was copied to the callee's
+ ScopeChain. This change no longer uses the ScopeChain call frame header slot.
+ That slot will be removed in a future patch.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * jit/JIT.h:
+ * jit/JITInlines.h:
+ (JSC::JIT::callOperation):
+ * runtime/JSLexicalEnvironment.h:
+ (JSC::JSLexicalEnvironment::create):
+ (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_create_lexical_environment):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_create_lexical_environment):
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::handleHostCall):
+ (JSC::LLInt::setUpCall):
+ (JSC::LLInt::llint_throw_stack_overflow_error):
+ Pass the current scope value to the helper operationCreateActivation() and
+ the call to JSLexicalEnvironment::create() instead of using the stack frame
+ scope chain value.
+
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ CreateActivation now has a second child, the scope.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::init): Deleted. This is dead code.
+ (JSC::ExecState::scope): Deleted.
+ (JSC::ExecState::setScope): Deleted.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
+ chain slot.
+
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ Changed process to find JSScope values on the stack or by some other means.
+
+ * runtime/JSWithScope.h:
+ (JSC::JSWithScope::JSWithScope): Deleted.
+ Eliminated unused constructor.
+
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+ Changed to pass in the current scope.
+
2014-12-10 Gyuyoung Kim <gyuyoung....@samsung.com>
Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -3398,7 +3398,7 @@
}
case op_create_lexical_environment: {
- Node* lexicalEnvironment = addToGraph(CreateActivation, get(VirtualRegister(currentInstruction[1].u.operand)));
+ Node* lexicalEnvironment = addToGraph(CreateActivation, get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand)));
set(VirtualRegister(currentInstruction[1].u.operand), lexicalEnvironment);
set(VirtualRegister(currentInstruction[2].u.operand), lexicalEnvironment);
NEXT_OPCODE(op_create_lexical_environment);
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -1172,6 +1172,8 @@
break;
}
+
+ case CreateActivation:
case NewFunction: {
fixEdge<CellUse>(node->child2());
break;
@@ -1216,7 +1218,6 @@
case IsNumber:
case IsObject:
case IsFunction:
- case CreateActivation:
case CreateArguments:
case PhantomArguments:
case TearOffArguments:
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (177145 => 177146)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -1204,6 +1204,11 @@
m_jit.setupArgumentsWithExecState(arg1);
return appendCallWithExceptionCheckSetResult(operation, result);
}
+ JITCompiler::Call callOperation(C_JITOperation_EJscZ operation, GPRReg result, GPRReg arg1, int32_t arg2)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImm32(arg2));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
JITCompiler::Call callOperation(C_JITOperation_EZ operation, GPRReg result, GPRReg arg1)
{
m_jit.setupArgumentsWithExecState(arg1);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -4180,9 +4180,11 @@
case CreateActivation: {
GPRTemporary result(this);
GPRReg resultGPR = result.gpr();
+ SpeculateCellOperand scope(this, node->child2());
+ GPRReg scopeGPR = scope.gpr();
flushRegisters();
- callOperation(operationCreateActivation, resultGPR, framePointerOffsetToGetActivationRegisters());
+ callOperation(operationCreateActivation, resultGPR, scopeGPR, framePointerOffsetToGetActivationRegisters());
cellResult(resultGPR, node);
break;
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -4243,9 +4243,11 @@
GPRTemporary result(this);
GPRReg resultGPR = result.gpr();
-
+ SpeculateCellOperand scope(this, node->child2());
+ GPRReg scopeGPR = scope.gpr();
+
flushRegisters();
- callOperation(operationCreateActivation, resultGPR, framePointerOffsetToGetActivationRegisters());
+ callOperation(operationCreateActivation, resultGPR, scopeGPR, framePointerOffsetToGetActivationRegisters());
cellResult(resultGPR, node);
break;
Modified: trunk/Source/_javascript_Core/interpreter/CallFrame.h (177145 => 177146)
--- trunk/Source/_javascript_Core/interpreter/CallFrame.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/interpreter/CallFrame.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -45,12 +45,6 @@
JSValue calleeAsValue() const { return this[JSStack::Callee].jsValue(); }
JSObject* callee() const { return this[JSStack::Callee].function(); }
CodeBlock* codeBlock() const { return this[JSStack::CodeBlock].Register::codeBlock(); }
- JSScope* scope() const
- {
- ASSERT(this[JSStack::ScopeChain].Register::scope());
- return this[JSStack::ScopeChain].Register::scope();
- }
-
JSScope* scope(int scopeRegisterOffset) const
{
ASSERT(this[scopeRegisterOffset].Register::scope());
@@ -191,23 +185,9 @@
#endif
void setCallerFrame(CallFrame* frame) { callerFrameAndPC().callerFrame = frame; }
- void setScope(JSScope* scope) { static_cast<Register*>(this)[JSStack::ScopeChain] = scope; }
void setScope(int scopeRegisterOffset, JSScope* scope) { static_cast<Register*>(this)[scopeRegisterOffset] = scope; }
void setActivation(JSLexicalEnvironment*);
- ALWAYS_INLINE void init(CodeBlock* codeBlock, Instruction* vPC, JSScope* scope,
- CallFrame* callerFrame, int argc, JSObject* callee)
- {
- ASSERT(callerFrame == noCaller() || callerFrame->stack()->containsAddress(this));
-
- setCodeBlock(codeBlock);
- setScope(scope);
- setCallerFrame(callerFrame);
- setReturnPC(vPC); // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.
- setArgumentCountIncludingThis(argc); // original argument count (for the sake of the "arguments" object)
- setCallee(callee);
- }
-
// Read a register from the codeframe (or constant from the CodeBlock).
Register& r(int);
// Read a register for a non-constant
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -381,7 +381,7 @@
--it;
dataLogF("[Callee] | %10p | %p \n", it, callFrame->callee());
--it;
- dataLogF("[ScopeChain] | %10p | %p \n", it, callFrame->scope());
+ // FIXME: Remove the next decrement when the ScopeChain slot is removed from the call header
--it;
#if ENABLE(JIT)
AbstractPC pc = callFrame->abstractReturnPC(callFrame->vm());
@@ -767,8 +767,8 @@
JSValue Interpreter::execute(ProgramExecutable* program, CallFrame* callFrame, JSObject* thisObj)
{
SamplingScope samplingScope(this);
-
- JSScope* scope = callFrame->scope();
+
+ JSScope* scope = thisObj->globalObject();
VM& vm = *scope->vm();
ASSERT(!vm.exception());
@@ -929,18 +929,21 @@
return jsNull();
bool isJSCall = (callType == CallTypeJS);
- JSScope* scope;
+ JSScope* scope = nullptr;
CodeBlock* newCodeBlock;
size_t argsCount = 1 + args.size(); // implicit "this" parameter
- if (isJSCall)
+ JSGlobalObject* globalObject;
+
+ if (isJSCall) {
scope = callData.js.scope;
- else {
+ globalObject = scope->globalObject();
+ } else {
ASSERT(callType == CallTypeHost);
- scope = callFrame->scope();
+ globalObject = function->globalObject();
}
- VMEntryScope entryScope(vm, scope->globalObject());
+ VMEntryScope entryScope(vm, globalObject);
if (!vm.isSafeToRecurse())
return checkedReturn(throwStackOverflowError(callFrame));
@@ -997,18 +1000,21 @@
return checkedReturn(throwStackOverflowError(callFrame));
bool isJSConstruct = (constructType == ConstructTypeJS);
- JSScope* scope;
+ JSScope* scope = nullptr;
CodeBlock* newCodeBlock;
size_t argsCount = 1 + args.size(); // implicit "this" parameter
- if (isJSConstruct)
+ JSGlobalObject* globalObject;
+
+ if (isJSConstruct) {
scope = constructData.js.scope;
- else {
+ globalObject = scope->globalObject();
+ } else {
ASSERT(constructType == ConstructTypeHost);
- scope = callFrame->scope();
+ globalObject = constructor->globalObject();
}
- VMEntryScope entryScope(vm, scope->globalObject());
+ VMEntryScope entryScope(vm, globalObject);
if (!vm.isSafeToRecurse())
return checkedReturn(throwStackOverflowError(callFrame));
@@ -1138,7 +1144,7 @@
JSScope* variableObject;
if ((numVariables || numFunctions) && eval->isStrictMode()) {
- scope = StrictEvalActivation::create(callFrame);
+ scope = StrictEvalActivation::create(callFrame, scope);
variableObject = scope;
} else {
for (JSScope* node = scope; ; node = node->next()) {
Modified: trunk/Source/_javascript_Core/jit/JIT.h (177145 => 177146)
--- trunk/Source/_javascript_Core/jit/JIT.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/jit/JIT.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -699,6 +699,8 @@
MacroAssembler::Call callOperation(J_JITOperation_EJIdc, int, GPRReg, const Identifier*);
MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg);
MacroAssembler::Call callOperation(J_JITOperation_EJscC, int, GPRReg, JSCell*);
+ MacroAssembler::Call callOperation(C_JITOperation_EJscZ, GPRReg, int32_t);
+ MacroAssembler::Call callOperation(C_JITOperation_EJscZ, int, GPRReg, int32_t);
#if USE(JSVALUE64)
MacroAssembler::Call callOperation(WithProfileTag, J_JITOperation_EJJ, int, GPRReg, GPRReg);
#else
Modified: trunk/Source/_javascript_Core/jit/JITInlines.h (177145 => 177146)
--- trunk/Source/_javascript_Core/jit/JITInlines.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/jit/JITInlines.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -210,6 +210,12 @@
return appendCallWithExceptionCheck(operation);
}
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EJscZ operation, GPRReg arg1, int32_t arg2)
+{
+ setupArgumentsWithExecState(arg1, TrustedImm32(arg2));
+ return appendCallWithExceptionCheck(operation);
+}
+
ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EO operation, GPRReg arg)
{
setupArgumentsWithExecState(arg);
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -672,7 +672,8 @@
int dst = currentInstruction[1].u.operand;
int scope = currentInstruction[2].u.operand;
- callOperation(operationCreateActivation, 0);
+ emitGetVirtualRegister(scope, regT0);
+ callOperation(operationCreateActivation, regT0, 0);
emitStoreCell(dst, returnValueGPR);
emitStoreCell(scope, returnValueGPR);
}
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -901,7 +901,8 @@
int lexicalEnvironment = currentInstruction[1].u.operand;
int scope = currentInstruction[2].u.operand;
- callOperation(operationCreateActivation, 0);
+ emitLoadPayload(currentInstruction[2].u.operand, regT0);
+ callOperation(operationCreateActivation, regT0, 0);
emitStoreCell(lexicalEnvironment, returnValueGPR);
emitStoreCell(scope, returnValueGPR);
}
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -608,11 +608,11 @@
EncodedJSValue JIT_OPERATION operationCallEval(ExecState* exec, ExecState* execCallee)
{
- ASSERT(exec->codeBlock()->codeType() != FunctionCode
+
+ ASSERT_UNUSED(exec, exec->codeBlock()->codeType() != FunctionCode
|| !exec->codeBlock()->needsActivation()
|| exec->hasActivation());
- execCallee->setScope(exec->scope());
execCallee->setCodeBlock(0);
if (!isHostFunction(execCallee->calleeAsValue(), globalFuncEval))
@@ -631,7 +631,6 @@
ExecState* exec = execCallee->callerFrame();
VM* vm = &exec->vm();
- execCallee->setScope(exec->scope());
execCallee->setCodeBlock(0);
if (kind == CodeForCall) {
@@ -692,7 +691,6 @@
JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
JSScope* scope = callee->scopeUnchecked();
- execCallee->setScope(scope);
ExecutableBase* executable = callee->executable();
MacroAssemblerCodePtr codePtr;
@@ -702,7 +700,6 @@
else {
FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, &scope, kind);
- execCallee->setScope(scope);
if (error) {
throwStackOverflowError(exec);
return reinterpret_cast<char*>(vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress());
@@ -757,12 +754,10 @@
JSFunction* function = jsCast<JSFunction*>(calleeAsFunctionCell);
JSScope* scope = function->scopeUnchecked();
- execCallee->setScope(scope);
ExecutableBase* executable = function->executable();
if (UNLIKELY(!executable->hasJITCodeFor(kind))) {
FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
JSObject* error = functionExecutable->prepareForExecution(execCallee, function, &scope, kind);
- execCallee->setScope(scope);
if (error) {
exec->vm().throwException(exec, error);
return reinterpret_cast<char*>(vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress());
@@ -1401,12 +1396,11 @@
return JSValue::encode(JSValue());
}
-JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, int32_t offset)
+JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, JSScope* currentScope, int32_t offset)
{
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
- JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->registers() + offset, exec->codeBlock());
- exec->setScope(lexicalEnvironment);
+ JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->registers() + offset, currentScope, exec->codeBlock());
return lexicalEnvironment;
}
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (177145 => 177146)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -132,6 +132,7 @@
typedef JSCell* JIT_OPERATION (*C_JITOperation_EJZ)(ExecState*, EncodedJSValue, int32_t);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EJZC)(ExecState*, EncodedJSValue, int32_t, JSCell*);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EJJC)(ExecState*, EncodedJSValue, EncodedJSValue, JSCell*);
+typedef JSCell* JIT_OPERATION (*C_JITOperation_EJscZ)(ExecState*, JSScope*, int32_t);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssSt)(ExecState*, JSString*, Structure*);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssJss)(ExecState*, JSString*, JSString*);
typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssJssJss)(ExecState*, JSString*, JSString*, JSString*);
@@ -292,7 +293,7 @@
void JIT_OPERATION operationProfileDidCall(ExecState*, EncodedJSValue) WTF_INTERNAL;
void JIT_OPERATION operationProfileWillCall(ExecState*, EncodedJSValue) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationCheckHasInstance(ExecState*, EncodedJSValue, EncodedJSValue baseVal) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationCreateActivation(ExecState*, int32_t offset) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationCreateActivation(ExecState*, JSScope* currentScope, int32_t offset) WTF_INTERNAL;
JSCell* JIT_OPERATION operationCreateArguments(ExecState*) WTF_INTERNAL;
JSCell* JIT_OPERATION operationCreateArgumentsDuringOSRExit(ExecState*) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetArgumentsLength(ExecState*, int32_t) WTF_INTERNAL;
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -259,7 +259,7 @@
exec,
static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)],
- exec->scope(), pc);
+ exec->uncheckedR(exec->codeBlock()->scopeRegister().offset()).Register::scope(), pc);
if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
*bitwise_cast<volatile char*>(exec->returnPC().value());
@@ -503,7 +503,9 @@
#if LLINT_SLOW_PATH_TRACING
dataLogF("Creating an lexicalEnvironment, exec = %p!\n", exec);
#endif
- JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->codeBlock());
+ int scopeReg = pc[2].u.operand;
+ JSScope* scope = exec->uncheckedR(scopeReg).Register::scope();
+ JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, scope, exec->codeBlock());
exec->uncheckedR(pc[2].u.operand) = lexicalEnvironment;
LLINT_RETURN(JSValue(lexicalEnvironment));
}
@@ -1030,7 +1032,6 @@
ExecState* exec = execCallee->callerFrame();
VM& vm = exec->vm();
- execCallee->setScope(exec->scope());
execCallee->setCodeBlock(0);
execCallee->clearReturnPC();
@@ -1094,7 +1095,6 @@
JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
JSScope* scope = callee->scopeUnchecked();
VM& vm = *scope->vm();
- execCallee->setScope(scope);
ExecutableBase* executable = callee->executable();
MacroAssemblerCodePtr codePtr;
@@ -1104,7 +1104,6 @@
else {
FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, &scope, kind);
- execCallee->setScope(scope);
if (error)
LLINT_CALL_THROW(exec, error);
codeBlock = functionExecutable->codeBlockFor(kind);
@@ -1235,8 +1234,6 @@
execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
execCallee->setCallerFrame(exec);
execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
- JSScope* callerScope = exec->uncheckedR(exec->codeBlock()->scopeRegister().offset()).Register::scope();
- execCallee->setScope(callerScope);
execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
execCallee->setCodeBlock(0);
exec->setCurrentVPC(pc);
@@ -1433,7 +1430,7 @@
{
ExecState* exec = vm->topCallFrame;
if (!exec)
- exec = protoFrame->scope()->globalObject()->globalExec();
+ exec = protoFrame->callee()->globalObject()->globalExec();
throwStackOverflowError(exec);
return encodeResult(0, 0);
}
Modified: trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h (177145 => 177146)
--- trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -41,12 +41,12 @@
class JSLexicalEnvironment : public JSEnvironmentRecord {
private:
- JSLexicalEnvironment(VM&, CallFrame*, Register*, CodeBlock*);
+ JSLexicalEnvironment(VM&, CallFrame*, Register*, JSScope*, CodeBlock*);
public:
typedef JSEnvironmentRecord Base;
- static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, Register* registers, CodeBlock* codeBlock)
+ static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, Register* registers, JSScope* currentScope, CodeBlock* codeBlock)
{
SymbolTable* symbolTable = codeBlock->symbolTable();
ASSERT(codeBlock->codeType() == FunctionCode);
@@ -56,14 +56,14 @@
vm.heap,
allocationSize(symbolTable)
)
- ) JSLexicalEnvironment(vm, callFrame, registers, codeBlock);
+ ) JSLexicalEnvironment(vm, callFrame, registers, currentScope, codeBlock);
lexicalEnvironment->finishCreation(vm);
return lexicalEnvironment;
}
- static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, CodeBlock* codeBlock)
+ static JSLexicalEnvironment* create(VM& vm, CallFrame* callFrame, JSScope* currentScope, CodeBlock* codeBlock)
{
- return create(vm, callFrame, callFrame->registers() + codeBlock->framePointerOffsetToGetActivationRegisters(), codeBlock);
+ return create(vm, callFrame, callFrame->registers() + codeBlock->framePointerOffsetToGetActivationRegisters(), currentScope, codeBlock);
}
static void visitChildren(JSCell*, SlotVisitor&);
@@ -108,12 +108,12 @@
extern int activationCount;
extern int allTheThingsCount;
-inline JSLexicalEnvironment::JSLexicalEnvironment(VM& vm, CallFrame* callFrame, Register* registers, CodeBlock* codeBlock)
+inline JSLexicalEnvironment::JSLexicalEnvironment(VM& vm, CallFrame* callFrame, Register* registers, JSScope* currentScope, CodeBlock* codeBlock)
: Base(
vm,
callFrame->lexicalGlobalObject()->activationStructure(),
registers,
- callFrame->scope(),
+ currentScope,
codeBlock->symbolTable())
{
SymbolTable* symbolTable = codeBlock->symbolTable();
Modified: trunk/Source/_javascript_Core/runtime/JSWithScope.h (177145 => 177146)
--- trunk/Source/_javascript_Core/runtime/JSWithScope.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/runtime/JSWithScope.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -53,16 +53,6 @@
DECLARE_EXPORT_INFO;
private:
- JSWithScope(ExecState* exec, JSObject* object)
- : Base(
- exec->vm(),
- exec->lexicalGlobalObject()->withScopeStructure(),
- exec->scope()
- )
- , m_object(exec->vm(), this, object)
- {
- }
-
JSWithScope(ExecState* exec, JSObject* object, JSScope* next)
: Base(
exec->vm(),
Modified: trunk/Source/_javascript_Core/runtime/StrictEvalActivation.cpp (177145 => 177146)
--- trunk/Source/_javascript_Core/runtime/StrictEvalActivation.cpp 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/runtime/StrictEvalActivation.cpp 2014-12-11 16:41:33 UTC (rev 177146)
@@ -35,11 +35,11 @@
const ClassInfo StrictEvalActivation::s_info = { "Object", &Base::s_info, 0, CREATE_METHOD_TABLE(StrictEvalActivation) };
-StrictEvalActivation::StrictEvalActivation(ExecState* exec)
+StrictEvalActivation::StrictEvalActivation(ExecState* exec, JSScope* currentScope)
: Base(
exec->vm(),
exec->lexicalGlobalObject()->strictEvalActivationStructure(),
- exec->scope()
+ currentScope
)
{
}
Modified: trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h (177145 => 177146)
--- trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h 2014-12-11 13:37:09 UTC (rev 177145)
+++ trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h 2014-12-11 16:41:33 UTC (rev 177146)
@@ -34,9 +34,9 @@
public:
typedef JSScope Base;
- static StrictEvalActivation* create(ExecState* exec)
+ static StrictEvalActivation* create(ExecState* exec, JSScope* currentScope)
{
- StrictEvalActivation* lexicalEnvironment = new (NotNull, allocateCell<StrictEvalActivation>(*exec->heap())) StrictEvalActivation(exec);
+ StrictEvalActivation* lexicalEnvironment = new (NotNull, allocateCell<StrictEvalActivation>(*exec->heap())) StrictEvalActivation(exec, currentScope);
lexicalEnvironment->finishCreation(exec->vm());
return lexicalEnvironment;
}
@@ -55,7 +55,7 @@
static const unsigned StructureFlags = IsEnvironmentRecord | Base::StructureFlags;
private:
- StrictEvalActivation(ExecState*);
+ StrictEvalActivation(ExecState*, JSScope*);
};
} // namespace JSC
