Unreviewed, rolling out r125687.

http://trac.webkit.org/changeset/125687
https://bugs.webkit.org/show_bug.cgi?id=94147

It broke the whole world (Requested by Ossy_night on #webkit).

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-08-15

Source/JavaScriptCore:

* API/JSValueRef.cpp:
(JSValueToBoolean):
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* bytecode/Watchpoint.h:
(WatchpointSet):
* debugger/DebuggerCallFrame.h:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compile):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_is_undefined):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_is_undefined):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncSome):
* runtime/BooleanConstructor.cpp:
(JSC::constructBoolean):
(JSC::callBooleanConstructor):
* runtime/JSCell.h:
(JSCell):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSGlobalObject.h:
(JSGlobalObject):
* runtime/JSString.h:
(JSC::JSCell::toBoolean):
(JSC::JSValue::toBoolean):
* runtime/JSValue.h:
* runtime/ObjectConstructor.cpp:
(JSC::toPropertyDescriptor):
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC::jsIsObjectType):
* runtime/Operations.h:
(JSC):
(JSC::JSValue::equalSlowCaseInline):
* runtime/RegExpConstructor.cpp:
(JSC::setRegExpConstructorMultiline):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
* runtime/Structure.h:

Source/WebCore:

* bindings/js/JSCustomSQLStatementErrorCallback.cpp:
(WebCore::JSSQLStatementErrorCallback::handleEvent):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::addEventListener):
(WebCore::JSDOMWindow::removeEventListener):
* bindings/js/JSDataViewCustom.cpp:
(WebCore::getDataViewMember):
* bindings/js/JSDeviceMotionEventCustom.cpp:
(WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
* bindings/js/JSDeviceOrientationEventCustom.cpp:
(WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
* bindings/js/JSDictionary.cpp:
(WebCore::JSDictionary::convertValue):
* bindings/js/JSDirectoryEntryCustom.cpp:
(WebCore::JSDirectoryEntry::getFile):
(WebCore::JSDirectoryEntry::getDirectory):
* bindings/js/JSDirectoryEntrySyncCustom.cpp:
(WebCore::getFlags):
* bindings/js/JSHTMLCanvasElementCustom.cpp:
(WebCore::JSHTMLCanvasElement::getContext):
* bindings/js/JSInspectorFrontendHostCustom.cpp:
(WebCore::populateContextMenuItems):
* bindings/js/JSMessageEventCustom.cpp:
(WebCore::handleInitMessageEvent):
* bindings/js/JSWebGLRenderingContextCustom.cpp:
(WebCore::dataFunctionMatrix):
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::open):
* bindings/js/JavaScriptCallFrame.cpp:
* bindings/js/JavaScriptCallFrame.h:
(JavaScriptCallFrame):
* bindings/js/ScriptDebugServer.cpp:
(WebCore::ScriptDebugServer::hasBreakpoint):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateEventListenerCall):
(GenerateHeader):
(JSValueToNative):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
(WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
* bindings/scripts/test/JS/JSTestEventTarget.h:
(WebCore::JSTestEventTarget::create):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::setJSTestObjCreate):
(WebCore::setJSTestObjReflectedBooleanAttr):
(WebCore::setJSTestObjReflectedCustomBooleanAttr):
(WebCore::jsTestObjPrototypeFunctionAddEventListener):
(WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
* bridge/c/c_utility.cpp:
(JSC::Bindings::convertValueToNPVariant):
* bridge/jni/jni_jsobject.mm:
(JavaJSObject::convertValueToJObject):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::convertValueToQVariant):

Source/WebKit/mac:

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::addValueToArray):

Source/WebKit2:

* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):

LayoutTests:

* fast/js/document-all-between-frames-expected.txt: Removed.
* fast/js/document-all-between-frames.html: Removed.
* fast/js/resources/document-all-between-frames-subframe.html: Removed.
* platform/chromium/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125711 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent cfbd0dd1
2012-08-15 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r125687.
http://trac.webkit.org/changeset/125687
https://bugs.webkit.org/show_bug.cgi?id=94147
It broke the whole world (Requested by Ossy_night on #webkit).
* fast/js/document-all-between-frames-expected.txt: Removed.
* fast/js/document-all-between-frames.html: Removed.
* fast/js/resources/document-all-between-frames-subframe.html: Removed.
* platform/chromium/TestExpectations:
2012-08-15 Dominic Mazzoni <dmazzoni@google.com>
AX: Calls to AXObjectCache should prefer Node over Renderer
<!DOCTYPE HTML>
<html>
<head>
<script src="resources/js-test-pre.js"></script>
</head>
<body>
<script>
window.passUp = null;
</script>
<iframe id="subframe" src="resources/document-all-between-frames-subframe.html"></iframe>
<script>
window.jsTestIsAsync = true;
window.passUp = [];
function waitForResponse() {
if (window.passUp.length < (9 * 300) + 1) {
setTimeout(waitForResponse, 100);
return;
}
for (var i = 0; i < window.passUp.length; i++) {
debug(window.passUp[i]);
}
if (testRunner) {
testRunner.notifyDone();
}
}
var subframe = document.getElementById("subframe");
subframe.contentWindow.passDown = document.all;
if (document.all) {
debug("FAIL: document.all didn't masquerade as undefined");
} else {
debug("document.all masqueraded as undefined");
}
setTimeout(waitForResponse, 100);
</script>
<script src="resources/js-test-post.js"></script>
</body>
</html>
<!DOCTYPE HTML>
<html>
<head>
<title>Subframe</title>
<script src="resources/js-test-pre.js"></script>
</head>
<body>
<script>
var documentDotAll = window.passDown;
window.parent.passUp = [];
if (document.all) {
window.parent.passUp.push("FAIL: if (document.all) didn't masqueraded as undefined");
} else {
window.parent.passUp.push("if (document.all) masqueraded as undefined");
}
for (var i = 0; i < 300; i++) {
if (documentDotAll) {
window.parent.passUp.push("if (documentDotAll) did not masquerade as undefined");
} else {
window.parent.passUp.push("FAIL: if (documentDotAll) masqueraded as undefined");
}
if (documentDotAll == null) {
window.parent.passUp.push("FAIL: if (documentDotAll == null) masqueraded as undefined");
} else {
window.parent.passUp.push("if (documentDotAll == null) did not masquerade as undefined");
}
if (documentDotAll == undefined) {
window.parent.passUp.push("FAIL: if (documentDotAll == undefined) masqueraded as undefined");
} else {
window.parent.passUp.push("if (documentDotAll == undefined) did not masquerade as undefined");
}
if (!documentDotAll) {
window.parent.passUp.push("FAIL: if (!documentDotAll) masqueraded as undefined");
} else {
window.parent.passUp.push("if (!documentDotAll) did not masquerade as undefined");
}
if (documentDotAll != null) {
window.parent.passUp.push("if (documentDotAll != null) did not masquerade as undefined");
} else {
window.parent.passUp.push("FAIL: if (documentDotAll != null) masqueraded as undefined");
}
if (documentDotAll != undefined) {
window.parent.passUp.push("if (documentDotAll != undefined) did not masquerade as undefined");
} else {
window.parent.passUp.push("FAIL: if (documentDotAll != undefined) masqueraded as undefined");
}
if (documentDotAll === undefined) {
window.parent.passUp.push("FAIL: if (documentDotAll === undefined) masqueraded as undefined");
} else {
window.parent.passUp.push("if (documentDotAll === undefined) did not masquerade as undefined");
}
if (documentDotAll !== undefined) {
window.parent.passUp.push("if (documentDotAll !== undefined) did not masquerade as undefined");
} else {
window.parent.passUp.push("FAIL: if (documentDotAll !== undefined) masqueraded as undefined");
}
if (typeof documentDotAll === "undefined") {
window.parent.passUp.push("FAIL: if (typeof documentDotAll === \"undefined\") masqueraded as undefined");
} else {
window.parent.passUp.push("if (typeof documentDotAll === \"undefined\") did not masquerade as undefined");
}
}
</script>
</body>
</html>
......@@ -855,9 +855,6 @@ WONTFIX SKIP : platform/blackberry = PASS
// JavaScriptCore bindings willfully have different behavior than V8 bindings
WONTFIX SKIP : plugins/npruntime/overrides-all-properties.html = TEXT
// JavaScriptCore treats document.all differently
WONTFIX SKIP : fast/js/document-all-between-frames.html = TEXT
// Chromium doesn't use fullscreen-specific media controls
WONTFIX SKIP : media/video-controls-fullscreen-volume.html = TEXT
......
......@@ -266,7 +266,7 @@ bool JSValueToBoolean(JSContextRef ctx, JSValueRef value)
APIEntryShim entryShim(exec);
JSValue jsValue = toJS(exec, value);
return jsValue.toBoolean(exec);
return jsValue.toBoolean();
}
double JSValueToNumber(JSContextRef ctx, JSValueRef value, JSValueRef* exception)
......
2012-08-15 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r125687.
http://trac.webkit.org/changeset/125687
https://bugs.webkit.org/show_bug.cgi?id=94147
It broke the whole world (Requested by Ossy_night on #webkit).
* API/JSValueRef.cpp:
(JSValueToBoolean):
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* bytecode/Watchpoint.h:
(WatchpointSet):
* debugger/DebuggerCallFrame.h:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compile):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_is_undefined):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_is_undefined):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncSome):
* runtime/BooleanConstructor.cpp:
(JSC::constructBoolean):
(JSC::callBooleanConstructor):
* runtime/JSCell.h:
(JSCell):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSGlobalObject.h:
(JSGlobalObject):
* runtime/JSString.h:
(JSC::JSCell::toBoolean):
(JSC::JSValue::toBoolean):
* runtime/JSValue.h:
* runtime/ObjectConstructor.cpp:
(JSC::toPropertyDescriptor):
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC::jsIsObjectType):
* runtime/Operations.h:
(JSC):
(JSC::JSValue::equalSlowCaseInline):
* runtime/RegExpConstructor.cpp:
(JSC::setRegExpConstructorMultiline):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
* runtime/Structure.h:
2012-08-15 Gabor Ballabas <gaborb@inf.u-szeged.hu>
Buildfix after r125541
......
......@@ -258,7 +258,6 @@ EXPORTS
?neuter@ArrayBufferView@WTF@@MAEXXZ
?newUninitialized@CString@WTF@@SA?AV12@IAAPAD@Z
?notifyWriteSlow@SymbolTableEntry@JSC@@AAEXXZ
?notifyWriteSlow@WatchpointSet@JSC@@QAEXXZ
?nullptr@@3Vnullptr_t@std@@A
?number@String@WTF@@SA?AV12@NII@Z
?number@UString@JSC@@SA?AV12@H@Z
......
......@@ -78,7 +78,7 @@ public:
bool* addressOfIsWatched() { return &m_isWatched; }
JS_EXPORT_PRIVATE void notifyWriteSlow(); // Call only if you've checked isWatched.
void notifyWriteSlow(); // Call only if you've checked isWatched.
private:
void fireAllWatchpoints();
......
......@@ -48,7 +48,6 @@ namespace JSC {
{
}
CallFrame* callFrame() const { return m_callFrame; }
JSGlobalObject* dynamicGlobalObject() const { return m_callFrame->dynamicGlobalObject(); }
ScopeChainNode* scopeChain() const { return m_callFrame->scopeChain(); }
JS_EXPORT_PRIVATE const UString* functionName() const;
......
......@@ -608,7 +608,7 @@ bool AbstractState::execute(unsigned indexInBlock)
case LogicalNot: {
JSValue childConst = forNode(node.child1()).value();
if (childConst && trySetConstant(nodeIndex, jsBoolean(!childConst.toBoolean(m_codeBlock->globalObjectFor(node.codeOrigin)->globalExec())))) {
if (childConst && trySetConstant(nodeIndex, jsBoolean(!childConst.toBoolean()))) {
m_foundConstants = true;
node.setCanExit(false);
break;
......@@ -646,18 +646,10 @@ bool AbstractState::execute(unsigned indexInBlock)
bool constantWasSet;
switch (node.op()) {
case IsUndefined:
node.setCanExit(true);
if (m_codeBlock->globalObjectFor(node.codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid()) {
constantWasSet = trySetConstant(nodeIndex, jsBoolean(
child.isCell()
? false
: child.isUndefined()));
} else {
constantWasSet = trySetConstant(nodeIndex, jsBoolean(
child.isCell()
? child.asCell()->structure()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node.codeOrigin))
: child.isUndefined()));
}
constantWasSet = trySetConstant(nodeIndex, jsBoolean(
child.isCell()
? child.asCell()->structure()->typeInfo().masqueradesAsUndefined()
: child.isUndefined()));
break;
case IsBoolean:
constantWasSet = trySetConstant(nodeIndex, jsBoolean(child.isBoolean()));
......@@ -737,8 +729,8 @@ bool AbstractState::execute(unsigned indexInBlock)
&& m_graph.valueOfJSConstant(node.child1().index()).isNull())
|| (m_graph.isConstant(node.child2().index())
&& m_graph.valueOfJSConstant(node.child2().index()).isNull())) {
// We can exit if we haven't fired the MasqueradesAsUndefind watchpoint yet.
node.setCanExit(m_codeBlock->globalObjectFor(node.codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid());
// We know that this won't clobber the world. But that's all we know.
node.setCanExit(false);
break;
}
......@@ -1091,7 +1083,7 @@ bool AbstractState::execute(unsigned indexInBlock)
case Branch: {
JSValue value = forNode(node.child1()).value();
if (value) {
bool booleanValue = value.toBoolean(m_codeBlock->globalObjectFor(node.codeOrigin)->globalExec());
bool booleanValue = value.toBoolean();
if (booleanValue)
m_branchDirection = TakeTrue;
else
......
......@@ -101,7 +101,7 @@ public:
// Branch on constant -> jettison the not-taken block and merge.
if (m_graph[m_graph[block->last()].child1()].hasConstant()) {
bool condition =
m_graph.valueOfJSConstant(m_graph[block->last()].child1().index()).toBoolean(m_graph.globalObjectFor(m_graph[block->last()].codeOrigin)->globalExec());
m_graph.valueOfJSConstant(m_graph[block->last()].child1().index()).toBoolean();
BasicBlock* targetBlock = m_graph.m_blocks[
m_graph.successorForCondition(block, condition)].get();
if (targetBlock->m_predecessors.size() == 1) {
......
......@@ -1273,9 +1273,9 @@ JSCell* DFG_OPERATION operationNewFunctionExpression(ExecState* exec, JSCell* fu
return function;
}
size_t DFG_OPERATION operationIsObject(ExecState* exec, EncodedJSValue value)
size_t DFG_OPERATION operationIsObject(EncodedJSValue value)
{
return jsIsObjectType(exec, JSValue::decode(value));
return jsIsObjectType(JSValue::decode(value));
}
size_t DFG_OPERATION operationIsFunction(EncodedJSValue value)
......@@ -1368,7 +1368,7 @@ size_t DFG_OPERATION dfgConvertJSValueToBoolean(ExecState* exec, EncodedJSValue
JSGlobalData* globalData = &exec->globalData();
NativeCallFrameTracer tracer(globalData, exec);
return JSValue::decode(encodedOp).toBoolean(exec);
return JSValue::decode(encodedOp).toBoolean();
}
#if DFG_ENABLE(VERBOSE_SPECULATION_FAILURE)
......
......@@ -180,7 +180,7 @@ EncodedJSValue DFG_OPERATION operationGetArgumentByVal(ExecState*, int32_t, int3
JSCell* DFG_OPERATION operationNewFunction(ExecState*, JSCell*) WTF_INTERNAL;
JSCell* DFG_OPERATION operationNewFunctionExpression(ExecState*, JSCell*) WTF_INTERNAL;
double DFG_OPERATION operationFModOnInts(int32_t, int32_t) WTF_INTERNAL;
size_t DFG_OPERATION operationIsObject(ExecState*, EncodedJSValue) WTF_INTERNAL;
size_t DFG_OPERATION operationIsObject(EncodedJSValue) WTF_INTERNAL;
size_t DFG_OPERATION operationIsFunction(EncodedJSValue) WTF_INTERNAL;
void DFG_OPERATION operationReallocateStorageAndFinishPut(ExecState*, JSObject*, Structure*, PropertyOffset, EncodedJSValue) WTF_INTERNAL;
char* DFG_OPERATION operationAllocatePropertyStorageWithInitialCapacity(ExecState*) WTF_INTERNAL;
......
......@@ -623,29 +623,10 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull(Edge operand, bool inv
JITCompiler::Jump notCell;
if (!isKnownCell(operand.index()))
notCell = m_jit.branch32(MacroAssembler::NotEqual, argTagGPR, TrustedImm32(JSValue::CellTag));
JITCompiler::Jump notMasqueradesAsUndefined;
if (m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid()) {
m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->add(speculationWatchpoint());
m_jit.move(invert ? TrustedImm32(0) : TrustedImm32(1), resultPayloadGPR);
notMasqueradesAsUndefined = m_jit.jump();
} else {
m_jit.loadPtr(JITCompiler::Address(argPayloadGPR, JSCell::structureOffset()), resultPayloadGPR);
JITCompiler::Jump isMasqueradesAsUndefined = m_jit.branchTest8(JITCompiler::NonZero, JITCompiler::Address(resultPayloadGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined));
m_jit.move(invert ? TrustedImm32(0) : TrustedImm32(1), resultPayloadGPR);
notMasqueradesAsUndefined = m_jit.jump();
isMasqueradesAsUndefined.link(&m_jit);
GPRTemporary localGlobalObject(this);
GPRTemporary remoteGlobalObject(this);
GPRReg localGlobalObjectGPR = localGlobalObject.gpr();
GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
m_jit.move(JITCompiler::TrustedImmPtr(m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)), localGlobalObjectGPR);
m_jit.loadPtr(JITCompiler::Address(resultPayloadGPR, Structure::globalObjectOffset()), remoteGlobalObjectGPR);
m_jit.compare32(invert ? JITCompiler::NotEqual : JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, resultPayloadGPR);
}
m_jit.loadPtr(JITCompiler::Address(argPayloadGPR, JSCell::structureOffset()), resultPayloadGPR);
m_jit.test8(invert ? JITCompiler::Zero : JITCompiler::NonZero, JITCompiler::Address(resultPayloadGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined), resultPayloadGPR);
if (!isKnownCell(operand.index())) {
JITCompiler::Jump done = m_jit.jump();
......@@ -659,8 +640,6 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull(Edge operand, bool inv
done.link(&m_jit);
}
notMasqueradesAsUndefined.link(&m_jit);
booleanResult(resultPayloadGPR, m_compileIndex);
}
......@@ -689,22 +668,9 @@ void SpeculativeJIT::nonSpeculativePeepholeBranchNull(Edge operand, NodeIndex br
if (!isKnownCell(operand.index()))
notCell = m_jit.branch32(MacroAssembler::NotEqual, argTagGPR, TrustedImm32(JSValue::CellTag));
if (m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid()) {
m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->add(speculationWatchpoint());
jump(invert ? taken : notTaken, ForceJump);
} else {
m_jit.loadPtr(JITCompiler::Address(argPayloadGPR, JSCell::structureOffset()), resultGPR);
branchTest8(JITCompiler::Zero, JITCompiler::Address(resultGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined), invert ? taken : notTaken);
GPRTemporary localGlobalObject(this);
GPRTemporary remoteGlobalObject(this);
GPRReg localGlobalObjectGPR = localGlobalObject.gpr();
GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
m_jit.move(TrustedImmPtr(m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)), localGlobalObjectGPR);
m_jit.loadPtr(JITCompiler::Address(resultGPR, Structure::globalObjectOffset()), remoteGlobalObjectGPR);
branchPtr(invert ? JITCompiler::NotEqual : JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, taken);
}
m_jit.loadPtr(JITCompiler::Address(argPayloadGPR, JSCell::structureOffset()), resultGPR);
branchTest8(invert ? JITCompiler::Zero : JITCompiler::NonZero, JITCompiler::Address(resultGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined), taken);
if (!isKnownCell(operand.index())) {
jump(notTaken, ForceJump);
......@@ -3802,28 +3768,9 @@ void SpeculativeJIT::compile(Node& node)
JITCompiler::Jump done = m_jit.jump();
isCell.link(&m_jit);
JITCompiler::Jump notMasqueradesAsUndefined;
if (m_jit.graph().globalObjectFor(node.codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid()) {
m_jit.graph().globalObjectFor(node.codeOrigin)->masqueradesAsUndefinedWatchpoint()->add(speculationWatchpoint());
m_jit.move(TrustedImm32(0), result.gpr());
notMasqueradesAsUndefined = m_jit.jump();
} else {
m_jit.loadPtr(JITCompiler::Address(value.payloadGPR(), JSCell::structureOffset()), result.gpr());
JITCompiler::Jump isMasqueradesAsUndefined = m_jit.branchTest8(JITCompiler::NonZero, JITCompiler::Address(result.gpr(), Structure::typeInfoFlagsOffset()), TrustedImm32(MasqueradesAsUndefined));
m_jit.move(TrustedImm32(0), result.gpr());
notMasqueradesAsUndefined = m_jit.jump();
isMasqueradesAsUndefined.link(&m_jit);
GPRTemporary localGlobalObject(this);
GPRTemporary remoteGlobalObject(this);
GPRReg localGlobalObjectGPR = localGlobalObject.gpr();
GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
m_jit.move(TrustedImmPtr(m_jit.globalObjectFor(node.codeOrigin)), localGlobalObjectGPR);
m_jit.loadPtr(JITCompiler::Address(result.gpr(), Structure::globalObjectOffset()), remoteGlobalObjectGPR);
m_jit.compare32(JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, result.gpr());
}
notMasqueradesAsUndefined.link(&m_jit);
m_jit.loadPtr(JITCompiler::Address(value.payloadGPR(), JSCell::structureOffset()), result.gpr());
m_jit.test8(JITCompiler::NonZero, JITCompiler::Address(result.gpr(), Structure::typeInfoFlagsOffset()), TrustedImm32(MasqueradesAsUndefined), result.gpr());
done.link(&m_jit);
booleanResult(result.gpr(), m_compileIndex);
break;
......
......@@ -588,29 +588,10 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull(Edge operand, bool inv
if (!isKnownCell(operand.index()))
notCell = m_jit.branchTestPtr(MacroAssembler::NonZero, argGPR, GPRInfo::tagMaskRegister);
JITCompiler::Jump notMasqueradesAsUndefined;
if (m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid()) {
m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->add(speculationWatchpoint());
m_jit.move(invert ? TrustedImm32(0) : TrustedImm32(1), resultGPR);
notMasqueradesAsUndefined = m_jit.jump();
} else {
m_jit.loadPtr(JITCompiler::Address(argGPR, JSCell::structureOffset()), resultGPR);
JITCompiler::Jump isMasqueradesAsUndefined = m_jit.branchTest8(JITCompiler::NonZero, JITCompiler::Address(resultGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined));
m_jit.move(invert ? TrustedImm32(0) : TrustedImm32(1), resultGPR);
notMasqueradesAsUndefined = m_jit.jump();
isMasqueradesAsUndefined.link(&m_jit);
GPRTemporary localGlobalObject(this);
GPRTemporary remoteGlobalObject(this);
GPRReg localGlobalObjectGPR = localGlobalObject.gpr();
GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
m_jit.move(JITCompiler::TrustedImmPtr(m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)), localGlobalObjectGPR);
m_jit.loadPtr(JITCompiler::Address(resultGPR, Structure::globalObjectOffset()), remoteGlobalObjectGPR);
m_jit.comparePtr(invert ? JITCompiler::NotEqual : JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, resultGPR);
}
m_jit.loadPtr(JITCompiler::Address(argGPR, JSCell::structureOffset()), resultGPR);
m_jit.test8(invert ? JITCompiler::Zero : JITCompiler::NonZero, JITCompiler::Address(resultGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined), resultGPR);
if (!isKnownCell(operand.index())) {
JITCompiler::Jump done = m_jit.jump();
......@@ -622,9 +603,7 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull(Edge operand, bool inv
done.link(&m_jit);
}
notMasqueradesAsUndefined.link(&m_jit);
m_jit.or32(TrustedImm32(ValueFalse), resultGPR);
jsValueResult(resultGPR, m_compileIndex, DataFormatJSBoolean);
}
......@@ -653,22 +632,9 @@ void SpeculativeJIT::nonSpeculativePeepholeBranchNull(Edge operand, NodeIndex br
if (!isKnownCell(operand.index()))
notCell = m_jit.branchTestPtr(MacroAssembler::NonZero, argGPR, GPRInfo::tagMaskRegister);
if (m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid()) {
m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)->masqueradesAsUndefinedWatchpoint()->add(speculationWatchpoint());
jump(invert ? taken : notTaken, ForceJump);
} else {
m_jit.loadPtr(JITCompiler::Address(argGPR, JSCell::structureOffset()), resultGPR);
branchTest8(JITCompiler::Zero, JITCompiler::Address(resultGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined), invert ? taken : notTaken);
GPRTemporary localGlobalObject(this);
GPRTemporary remoteGlobalObject(this);
GPRReg localGlobalObjectGPR = localGlobalObject.gpr();
GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
m_jit.move(TrustedImmPtr(m_jit.graph().globalObjectFor(m_jit.graph()[operand].codeOrigin)), localGlobalObjectGPR);
m_jit.loadPtr(JITCompiler::Address(resultGPR, Structure::globalObjectOffset()), remoteGlobalObjectGPR);
branchPtr(invert ? JITCompiler::NotEqual : JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, taken);
}
m_jit.loadPtr(JITCompiler::Address(argGPR, JSCell::structureOffset()), resultGPR);
branchTest8(invert ? JITCompiler::Zero : JITCompiler::NonZero, JITCompiler::Address(resultGPR, Structure::typeInfoFlagsOffset()), JITCompiler::TrustedImm32(MasqueradesAsUndefined), taken);
if (!isKnownCell(operand.index())) {
jump(notTaken, ForceJump);
......@@ -3789,28 +3755,9 @@ void SpeculativeJIT::compile(Node& node)
JITCompiler::Jump done = m_jit.jump();
isCell.link(&m_jit);
JITCompiler::Jump notMasqueradesAsUndefined;
if (m_jit.graph().globalObjectFor(node.codeOrigin)->masqueradesAsUndefinedWatchpoint()->isStillValid()) {
m_jit.graph().globalObjectFor(node.codeOrigin)->masqueradesAsUndefinedWatchpoint()->add(speculationWatchpoint());
m_jit.move(TrustedImm32(ValueFalse), result.gpr());
notMasqueradesAsUndefined = m_jit.jump();
} else {
m_jit.loadPtr(JITCompiler::Address(value.gpr(), JSCell::structureOffset()), result.gpr());
JITCompiler::Jump isMasqueradesAsUndefined = m_jit.branchTest8(JITCompiler::NonZero, JITCompiler::Address(result.gpr(), Structure::typeInfoFlagsOffset()), TrustedImm32(MasqueradesAsUndefined));
m_jit.move(TrustedImm32(ValueFalse), result.gpr());
notMasqueradesAsUndefined = m_jit.jump();
isMasqueradesAsUndefined.link(&m_jit);
GPRTemporary localGlobalObject(this);
GPRTemporary remoteGlobalObject(this);
GPRReg localGlobalObjectGPR = localGlobalObject.gpr();
GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
m_jit.move(TrustedImmPtr(m_jit.globalObjectFor(node.codeOrigin)), localGlobalObjectGPR);
m_jit.loadPtr(JITCompiler::Address(result.gpr(), Structure::globalObjectOffset()), remoteGlobalObjectGPR);
m_jit.comparePtr(JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, result.gpr());
}
notMasqueradesAsUndefined.link(&m_jit);
m_jit.loadPtr(JITCompiler::Address(value.gpr(), JSCell::structureOffset()), result.gpr());
m_jit.test8(JITCompiler::NonZero, JITCompiler::Address(result.gpr(), Structure::typeInfoFlagsOffset()), TrustedImm32(MasqueradesAsUndefined), result.gpr());
done.link(&m_jit);
m_jit.or32(TrustedImm32(ValueFalse), result.gpr());
jsValueResult(result.gpr(), m_compileIndex, DataFormatJSBoolean);
......
......@@ -2118,7 +2118,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
NEXT_INSTRUCTION();
}
callFrame->uncheckedR(dst) = jsBoolean(src.isCell() && src.asCell()->structure()->masqueradesAsUndefined(callFrame->lexicalGlobalObject()));
callFrame->uncheckedR(dst) = jsBoolean(src.isCell() && src.asCell()->structure()->typeInfo().masqueradesAsUndefined());
vPC += OPCODE_LENGTH(op_eq_null);
NEXT_INSTRUCTION();
}
......@@ -2158,7 +2158,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
NEXT_INSTRUCTION();
}