]> git.saurik.com Git - apple/javascriptcore.git/blob - interpreter/Interpreter.cpp
projects / apple / javascriptcore.git / blob
? search:


a45773c5d496d8aa2a74f6fe9b34f0e54dba62f5
[apple/javascriptcore.git] / interpreter / Interpreter.cpp
1 /*
2 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
3 * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #include "config.h"
31 #include "Interpreter.h"
32
33 #include "Arguments.h"
34 #include "BatchedTransitionOptimizer.h"
35 #include "CodeBlock.h"
36 #include "DebuggerCallFrame.h"
37 #include "EvalCodeCache.h"
38 #include "ExceptionHelpers.h"
39 #include "CallFrame.h"
40 #include "GlobalEvalFunction.h"
41 #include "JSActivation.h"
42 #include "JSArray.h"
43 #include "JSByteArray.h"
44 #include "JSFunction.h"
45 #include "JSNotAnObject.h"
46 #include "JSPropertyNameIterator.h"
47 #include "JSStaticScopeObject.h"
48 #include "JSString.h"
49 #include "ObjectPrototype.h"
50 #include "Parser.h"
51 #include "Profiler.h"
52 #include "RegExpObject.h"
53 #include "RegExpPrototype.h"
54 #include "Register.h"
55 #include "Collector.h"
56 #include "Debugger.h"
57 #include "Operations.h"
58 #include "SamplingTool.h"
59 #include <stdio.h>
60
61 #if ENABLE(JIT)
62 #include "JIT.h"
63 #endif
64
65 #if ENABLE(ASSEMBLER)
66 #include "AssemblerBuffer.h"
67 #endif
68
69 #if PLATFORM(DARWIN)
70 #include <mach/mach.h>
71 #endif
72
73 #if HAVE(SYS_TIME_H)
74 #include <sys/time.h>
75 #endif
76
77 #if PLATFORM(WIN_OS)
78 #include <windows.h>
79 #endif
80
81 #if PLATFORM(QT)
82 #include <QDateTime>
83 #endif
84
85 using namespace std;
86
87 namespace JSC {
88
89 // Preferred number of milliseconds between each timeout check
90 static const int preferredScriptCheckTimeInterval = 1000;
91
92 static ALWAYS_INLINE unsigned bytecodeOffsetForPC(CallFrame* callFrame, CodeBlock* codeBlock, void* pc)
93 {
94 #if ENABLE(JIT)
95 return codeBlock->getBytecodeIndex(callFrame, pc);
96 #else
97 UNUSED_PARAM(callFrame);
98 return static_cast<Instruction*>(pc) - codeBlock->instructions().begin();
99 #endif
100 }
101
102 // Returns the depth of the scope chain within a given call frame.
103 static int depth(CodeBlock* codeBlock, ScopeChain& sc)
104 {
105 if (!codeBlock->needsFullScopeChain())
106 return 0;
107 return sc.localDepth();
108 }
109
110 static inline bool jsLess(CallFrame* callFrame, JSValuePtr v1, JSValuePtr v2)
111 {
112 if (JSValuePtr::areBothInt32Fast(v1, v2))
113 return v1.getInt32Fast() < v2.getInt32Fast();
114
115 double n1;
116 double n2;
117 if (v1.getNumber(n1) && v2.getNumber(n2))
118 return n1 < n2;
119
120 Interpreter* interpreter = callFrame->interpreter();
121 if (interpreter->isJSString(v1) && interpreter->isJSString(v2))
122 return asString(v1)->value() < asString(v2)->value();
123
124 JSValuePtr p1;
125 JSValuePtr p2;
126 bool wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
127 bool wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
128
129 if (wasNotString1 | wasNotString2)
130 return n1 < n2;
131
132 return asString(p1)->value() < asString(p2)->value();
133 }
134
135 static inline bool jsLessEq(CallFrame* callFrame, JSValuePtr v1, JSValuePtr v2)
136 {
137 if (JSValuePtr::areBothInt32Fast(v1, v2))
138 return v1.getInt32Fast() <= v2.getInt32Fast();
139
140 double n1;
141 double n2;
142 if (v1.getNumber(n1) && v2.getNumber(n2))
143 return n1 <= n2;
144
145 Interpreter* interpreter = callFrame->interpreter();
146 if (interpreter->isJSString(v1) && interpreter->isJSString(v2))
147 return !(asString(v2)->value() < asString(v1)->value());
148
149 JSValuePtr p1;
150 JSValuePtr p2;
151 bool wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
152 bool wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
153
154 if (wasNotString1 | wasNotString2)
155 return n1 <= n2;
156
157 return !(asString(p2)->value() < asString(p1)->value());
158 }
159
160 static NEVER_INLINE JSValuePtr jsAddSlowCase(CallFrame* callFrame, JSValuePtr v1, JSValuePtr v2)
161 {
162 // exception for the Date exception in defaultValue()
163 JSValuePtr p1 = v1.toPrimitive(callFrame);
164 JSValuePtr p2 = v2.toPrimitive(callFrame);
165
166 if (p1.isString() || p2.isString()) {
167 RefPtr<UString::Rep> value = concatenate(p1.toString(callFrame).rep(), p2.toString(callFrame).rep());
168 if (!value)
169 return throwOutOfMemoryError(callFrame);
170 return jsString(callFrame, value.release());
171 }
172
173 return jsNumber(callFrame, p1.toNumber(callFrame) + p2.toNumber(callFrame));
174 }
175
176 // Fast-path choices here are based on frequency data from SunSpider:
177 // <times> Add case: <t1> <t2>
178 // ---------------------------
179 // 5626160 Add case: 3 3 (of these, 3637690 are for immediate values)
180 // 247412 Add case: 5 5
181 // 20900 Add case: 5 6
182 // 13962 Add case: 5 3
183 // 4000 Add case: 3 5
184
185 static ALWAYS_INLINE JSValuePtr jsAdd(CallFrame* callFrame, JSValuePtr v1, JSValuePtr v2)
186 {
187 double left;
188 double right = 0.0;
189
190 bool rightIsNumber = v2.getNumber(right);
191 if (rightIsNumber && v1.getNumber(left))
192 return jsNumber(callFrame, left + right);
193
194 bool leftIsString = v1.isString();
195 if (leftIsString && v2.isString()) {
196 RefPtr<UString::Rep> value = concatenate(asString(v1)->value().rep(), asString(v2)->value().rep());
197 if (!value)
198 return throwOutOfMemoryError(callFrame);
199 return jsString(callFrame, value.release());
200 }
201
202 if (rightIsNumber & leftIsString) {
203 RefPtr<UString::Rep> value = v2.isInt32Fast() ?
204 concatenate(asString(v1)->value().rep(), v2.getInt32Fast()) :
205 concatenate(asString(v1)->value().rep(), right);
206
207 if (!value)
208 return throwOutOfMemoryError(callFrame);
209 return jsString(callFrame, value.release());
210 }
211
212 // All other cases are pretty uncommon
213 return jsAddSlowCase(callFrame, v1, v2);
214 }
215
216 static JSValuePtr jsTypeStringForValue(CallFrame* callFrame, JSValuePtr v)
217 {
218 if (v.isUndefined())
219 return jsNontrivialString(callFrame, "undefined");
220 if (v.isBoolean())
221 return jsNontrivialString(callFrame, "boolean");
222 if (v.isNumber())
223 return jsNontrivialString(callFrame, "number");
224 if (v.isString())
225 return jsNontrivialString(callFrame, "string");
226 if (v.isObject()) {
227 // Return "undefined" for objects that should be treated
228 // as null when doing comparisons.
229 if (asObject(v)->structure()->typeInfo().masqueradesAsUndefined())
230 return jsNontrivialString(callFrame, "undefined");
231 CallData callData;
232 if (asObject(v)->getCallData(callData) != CallTypeNone)
233 return jsNontrivialString(callFrame, "function");
234 }
235 return jsNontrivialString(callFrame, "object");
236 }
237
238 static bool jsIsObjectType(JSValuePtr v)
239 {
240 if (!v.isCell())
241 return v.isNull();
242
243 JSType type = asCell(v)->structure()->typeInfo().type();
244 if (type == NumberType || type == StringType)
245 return false;
246 if (type == ObjectType) {
247 if (asObject(v)->structure()->typeInfo().masqueradesAsUndefined())
248 return false;
249 CallData callData;
250 if (asObject(v)->getCallData(callData) != CallTypeNone)
251 return false;
252 }
253 return true;
254 }
255
256 static bool jsIsFunctionType(JSValuePtr v)
257 {
258 if (v.isObject()) {
259 CallData callData;
260 if (asObject(v)->getCallData(callData) != CallTypeNone)
261 return true;
262 }
263 return false;
264 }
265
266 NEVER_INLINE bool Interpreter::resolve(CallFrame* callFrame, Instruction* vPC, JSValuePtr& exceptionValue)
267 {
268 int dst = (vPC + 1)->u.operand;
269 int property = (vPC + 2)->u.operand;
270
271 ScopeChainNode* scopeChain = callFrame->scopeChain();
272 ScopeChainIterator iter = scopeChain->begin();
273 ScopeChainIterator end = scopeChain->end();
274 ASSERT(iter != end);
275
276 CodeBlock* codeBlock = callFrame->codeBlock();
277 Identifier& ident = codeBlock->identifier(property);
278 do {
279 JSObject* o = *iter;
280 PropertySlot slot(o);
281 if (o->getPropertySlot(callFrame, ident, slot)) {
282 JSValuePtr result = slot.getValue(callFrame, ident);
283 exceptionValue = callFrame->globalData().exception;
284 if (exceptionValue)
285 return false;
286 callFrame[dst] = JSValuePtr(result);
287 return true;
288 }
289 } while (++iter != end);
290 exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
291 return false;
292 }
293
294 NEVER_INLINE bool Interpreter::resolveSkip(CallFrame* callFrame, Instruction* vPC, JSValuePtr& exceptionValue)
295 {
296 CodeBlock* codeBlock = callFrame->codeBlock();
297
298 int dst = (vPC + 1)->u.operand;
299 int property = (vPC + 2)->u.operand;
300 int skip = (vPC + 3)->u.operand + codeBlock->needsFullScopeChain();
301
302 ScopeChainNode* scopeChain = callFrame->scopeChain();
303 ScopeChainIterator iter = scopeChain->begin();
304 ScopeChainIterator end = scopeChain->end();
305 ASSERT(iter != end);
306 while (skip--) {
307 ++iter;
308 ASSERT(iter != end);
309 }
310 Identifier& ident = codeBlock->identifier(property);
311 do {
312 JSObject* o = *iter;
313 PropertySlot slot(o);
314 if (o->getPropertySlot(callFrame, ident, slot)) {
315 JSValuePtr result = slot.getValue(callFrame, ident);
316 exceptionValue = callFrame->globalData().exception;
317 if (exceptionValue)
318 return false;
319 callFrame[dst] = JSValuePtr(result);
320 return true;
321 }
322 } while (++iter != end);
323 exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
324 return false;
325 }
326
327 NEVER_INLINE bool Interpreter::resolveGlobal(CallFrame* callFrame, Instruction* vPC, JSValuePtr& exceptionValue)
328 {
329 int dst = (vPC + 1)->u.operand;
330 JSGlobalObject* globalObject = static_cast<JSGlobalObject*>((vPC + 2)->u.jsCell);
331 ASSERT(globalObject->isGlobalObject());
332 int property = (vPC + 3)->u.operand;
333 Structure* structure = (vPC + 4)->u.structure;
334 int offset = (vPC + 5)->u.operand;
335
336 if (structure == globalObject->structure()) {
337 callFrame[dst] = JSValuePtr(globalObject->getDirectOffset(offset));
338 return true;
339 }
340
341 CodeBlock* codeBlock = callFrame->codeBlock();
342 Identifier& ident = codeBlock->identifier(property);
343 PropertySlot slot(globalObject);
344 if (globalObject->getPropertySlot(callFrame, ident, slot)) {
345 JSValuePtr result = slot.getValue(callFrame, ident);
346 if (slot.isCacheable() && !globalObject->structure()->isDictionary() && slot.slotBase() == globalObject) {
347 if (vPC[4].u.structure)
348 vPC[4].u.structure->deref();
349 globalObject->structure()->ref();
350 vPC[4] = globalObject->structure();
351 vPC[5] = slot.cachedOffset();
352 callFrame[dst] = JSValuePtr(result);
353 return true;
354 }
355
356 exceptionValue = callFrame->globalData().exception;
357 if (exceptionValue)
358 return false;
359 callFrame[dst] = JSValuePtr(result);
360 return true;
361 }
362
363 exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
364 return false;
365 }
366
367 static ALWAYS_INLINE JSValuePtr inlineResolveBase(CallFrame* callFrame, Identifier& property, ScopeChainNode* scopeChain)
368 {
369 ScopeChainIterator iter = scopeChain->begin();
370 ScopeChainIterator next = iter;
371 ++next;
372 ScopeChainIterator end = scopeChain->end();
373 ASSERT(iter != end);
374
375 PropertySlot slot;
376 JSObject* base;
377 while (true) {
378 base = *iter;
379 if (next == end || base->getPropertySlot(callFrame, property, slot))
380 return base;
381
382 iter = next;
383 ++next;
384 }
385
386 ASSERT_NOT_REACHED();
387 return noValue();
388 }
389
390 NEVER_INLINE void Interpreter::resolveBase(CallFrame* callFrame, Instruction* vPC)
391 {
392 int dst = (vPC + 1)->u.operand;
393 int property = (vPC + 2)->u.operand;
394 callFrame[dst] = JSValuePtr(inlineResolveBase(callFrame, callFrame->codeBlock()->identifier(property), callFrame->scopeChain()));
395 }
396
397 NEVER_INLINE bool Interpreter::resolveBaseAndProperty(CallFrame* callFrame, Instruction* vPC, JSValuePtr& exceptionValue)
398 {
399 int baseDst = (vPC + 1)->u.operand;
400 int propDst = (vPC + 2)->u.operand;
401 int property = (vPC + 3)->u.operand;
402
403 ScopeChainNode* scopeChain = callFrame->scopeChain();
404 ScopeChainIterator iter = scopeChain->begin();
405 ScopeChainIterator end = scopeChain->end();
406
407 // FIXME: add scopeDepthIsZero optimization
408
409 ASSERT(iter != end);
410
411 CodeBlock* codeBlock = callFrame->codeBlock();
412 Identifier& ident = codeBlock->identifier(property);
413 JSObject* base;
414 do {
415 base = *iter;
416 PropertySlot slot(base);
417 if (base->getPropertySlot(callFrame, ident, slot)) {
418 JSValuePtr result = slot.getValue(callFrame, ident);
419 exceptionValue = callFrame->globalData().exception;
420 if (exceptionValue)
421 return false;
422 callFrame[propDst] = JSValuePtr(result);
423 callFrame[baseDst] = JSValuePtr(base);
424 return true;
425 }
426 ++iter;
427 } while (iter != end);
428
429 exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
430 return false;
431 }
432
433 NEVER_INLINE bool Interpreter::resolveBaseAndFunc(CallFrame* callFrame, Instruction* vPC, JSValuePtr& exceptionValue)
434 {
435 int baseDst = (vPC + 1)->u.operand;
436 int funcDst = (vPC + 2)->u.operand;
437 int property = (vPC + 3)->u.operand;
438
439 ScopeChainNode* scopeChain = callFrame->scopeChain();
440 ScopeChainIterator iter = scopeChain->begin();
441 ScopeChainIterator end = scopeChain->end();
442
443 // FIXME: add scopeDepthIsZero optimization
444
445 ASSERT(iter != end);
446
447 CodeBlock* codeBlock = callFrame->codeBlock();
448 Identifier& ident = codeBlock->identifier(property);
449 JSObject* base;
450 do {
451 base = *iter;
452 PropertySlot slot(base);
453 if (base->getPropertySlot(callFrame, ident, slot)) {
454 // ECMA 11.2.3 says that if we hit an activation the this value should be null.
455 // However, section 10.2.3 says that in the case where the value provided
456 // by the caller is null, the global object should be used. It also says
457 // that the section does not apply to internal functions, but for simplicity
458 // of implementation we use the global object anyway here. This guarantees
459 // that in host objects you always get a valid object for this.
460 // We also handle wrapper substitution for the global object at the same time.
461 JSObject* thisObj = base->toThisObject(callFrame);
462 JSValuePtr result = slot.getValue(callFrame, ident);
463 exceptionValue = callFrame->globalData().exception;
464 if (exceptionValue)
465 return false;
466
467 callFrame[baseDst] = JSValuePtr(thisObj);
468 callFrame[funcDst] = JSValuePtr(result);
469 return true;
470 }
471 ++iter;
472 } while (iter != end);
473
474 exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
475 return false;
476 }
477
478 ALWAYS_INLINE CallFrame* Interpreter::slideRegisterWindowForCall(CodeBlock* newCodeBlock, RegisterFile* registerFile, CallFrame* callFrame, size_t registerOffset, int argc)
479 {
480 Register* r = callFrame->registers();
481 Register* newEnd = r + registerOffset + newCodeBlock->m_numCalleeRegisters;
482
483 if (LIKELY(argc == newCodeBlock->m_numParameters)) { // correct number of arguments
484 if (UNLIKELY(!registerFile->grow(newEnd)))
485 return 0;
486 r += registerOffset;
487 } else if (argc < newCodeBlock->m_numParameters) { // too few arguments -- fill in the blanks
488 size_t omittedArgCount = newCodeBlock->m_numParameters - argc;
489 registerOffset += omittedArgCount;
490 newEnd += omittedArgCount;
491 if (!registerFile->grow(newEnd))
492 return 0;
493 r += registerOffset;
494
495 Register* argv = r - RegisterFile::CallFrameHeaderSize - omittedArgCount;
496 for (size_t i = 0; i < omittedArgCount; ++i)
497 argv[i] = jsUndefined();
498 } else { // too many arguments -- copy expected arguments, leaving the extra arguments behind
499 size_t numParameters = newCodeBlock->m_numParameters;
500 registerOffset += numParameters;
501 newEnd += numParameters;
502
503 if (!registerFile->grow(newEnd))
504 return 0;
505 r += registerOffset;
506
507 Register* argv = r - RegisterFile::CallFrameHeaderSize - numParameters - argc;
508 for (size_t i = 0; i < numParameters; ++i)
509 argv[i + argc] = argv[i];
510 }
511
512 return CallFrame::create(r);
513 }
514
515 static NEVER_INLINE bool isNotObject(CallFrame* callFrame, bool forInstanceOf, CodeBlock* codeBlock, const Instruction* vPC, JSValuePtr value, JSValuePtr& exceptionData)
516 {
517 if (value.isObject())
518 return false;
519 exceptionData = createInvalidParamError(callFrame, forInstanceOf ? "instanceof" : "in" , value, vPC - codeBlock->instructions().begin(), codeBlock);
520 return true;
521 }
522
523 NEVER_INLINE JSValuePtr Interpreter::callEval(CallFrame* callFrame, RegisterFile* registerFile, Register* argv, int argc, int registerOffset, JSValuePtr& exceptionValue)
524 {
525 if (argc < 2)
526 return jsUndefined();
527
528 JSValuePtr program = argv[1].jsValue(callFrame);
529
530 if (!program.isString())
531 return program;
532
533 UString programSource = asString(program)->value();
534
535 ScopeChainNode* scopeChain = callFrame->scopeChain();
536 CodeBlock* codeBlock = callFrame->codeBlock();
537 RefPtr<EvalNode> evalNode = codeBlock->evalCodeCache().get(callFrame, programSource, scopeChain, exceptionValue);
538
539 JSValuePtr result = jsUndefined();
540 if (evalNode)
541 result = callFrame->globalData().interpreter->execute(evalNode.get(), callFrame, callFrame->thisValue().toThisObject(callFrame), callFrame->registers() - registerFile->start() + registerOffset, scopeChain, &exceptionValue);
542
543 return result;
544 }
545
546 Interpreter::Interpreter()
547 : m_sampler(0)
548 #if ENABLE(JIT)
549 , m_ctiArrayLengthTrampoline(0)
550 , m_ctiStringLengthTrampoline(0)
551 , m_ctiVirtualCallPreLink(0)
552 , m_ctiVirtualCallLink(0)
553 , m_ctiVirtualCall(0)
554 #endif
555 , m_reentryDepth(0)
556 , m_timeoutTime(0)
557 , m_timeAtLastCheckTimeout(0)
558 , m_timeExecuting(0)
559 , m_timeoutCheckCount(0)
560 , m_ticksUntilNextTimeoutCheck(initialTickCountThreshold)
561 {
562 initTimeout();
563 privateExecute(InitializeAndReturn, 0, 0, 0);
564
565 // Bizarrely, calling fastMalloc here is faster than allocating space on the stack.
566 void* storage = fastMalloc(sizeof(CollectorBlock));
567
568 JSCell* jsArray = new (storage) JSArray(JSArray::createStructure(jsNull()));
569 m_jsArrayVptr = jsArray->vptr();
570 jsArray->~JSCell();
571
572 JSCell* jsByteArray = new (storage) JSByteArray(JSByteArray::VPtrStealingHack);
573 m_jsByteArrayVptr = jsByteArray->vptr();
574 jsByteArray->~JSCell();
575
576 JSCell* jsString = new (storage) JSString(JSString::VPtrStealingHack);
577 m_jsStringVptr = jsString->vptr();
578 jsString->~JSCell();
579
580 JSCell* jsFunction = new (storage) JSFunction(JSFunction::createStructure(jsNull()));
581 m_jsFunctionVptr = jsFunction->vptr();
582 jsFunction->~JSCell();
583
584 fastFree(storage);
585 }
586
587 void Interpreter::initialize(JSGlobalData* globalData)
588 {
589 #if ENABLE(JIT)
590 JIT::compileCTIMachineTrampolines(globalData);
591 #else
592 UNUSED_PARAM(globalData);
593 #endif
594 }
595
596 Interpreter::~Interpreter()
597 {
598 }
599
600 #ifndef NDEBUG
601
602 void Interpreter::dumpCallFrame(CallFrame* callFrame)
603 {
604 callFrame->codeBlock()->dump(callFrame);
605 dumpRegisters(callFrame);
606 }
607
608 void Interpreter::dumpRegisters(CallFrame* callFrame)
609 {
610 printf("Register frame: \n\n");
611 printf("----------------------------------------------------\n");
612 printf(" use | address | value \n");
613 printf("----------------------------------------------------\n");
614
615 CodeBlock* codeBlock = callFrame->codeBlock();
616 RegisterFile* registerFile = &callFrame->scopeChain()->globalObject()->globalData()->interpreter->registerFile();
617 const Register* it;
618 const Register* end;
619
620 if (codeBlock->codeType() == GlobalCode) {
621 it = registerFile->lastGlobal();
622 end = it + registerFile->numGlobals();
623 while (it != end) {
624 printf("[global var] | %10p | %10p \n", it, (*it).v());
625 ++it;
626 }
627 printf("----------------------------------------------------\n");
628 }
629
630 it = callFrame->registers() - RegisterFile::CallFrameHeaderSize - codeBlock->m_numParameters;
631 printf("[this] | %10p | %10p \n", it, (*it).v()); ++it;
632 end = it + max(codeBlock->m_numParameters - 1, 0); // - 1 to skip "this"
633 if (it != end) {
634 do {
635 printf("[param] | %10p | %10p \n", it, (*it).v());
636 ++it;
637 } while (it != end);
638 }
639 printf("----------------------------------------------------\n");
640
641 printf("[CodeBlock] | %10p | %10p \n", it, (*it).v()); ++it;
642 printf("[ScopeChain] | %10p | %10p \n", it, (*it).v()); ++it;
643 printf("[CallerRegisters] | %10p | %10p \n", it, (*it).v()); ++it;
644 printf("[ReturnPC] | %10p | %10p \n", it, (*it).v()); ++it;
645 printf("[ReturnValueRegister] | %10p | %10p \n", it, (*it).v()); ++it;
646 printf("[ArgumentCount] | %10p | %10p \n", it, (*it).v()); ++it;
647 printf("[Callee] | %10p | %10p \n", it, (*it).v()); ++it;
648 printf("[OptionalCalleeArguments] | %10p | %10p \n", it, (*it).v()); ++it;
649 printf("----------------------------------------------------\n");
650
651 int registerCount = 0;
652
653 end = it + codeBlock->m_numVars;
654 if (it != end) {
655 do {
656 printf("[r%2d] | %10p | %10p \n", registerCount, it, (*it).v());
657 ++it;
658 ++registerCount;
659 } while (it != end);
660 }
661 printf("----------------------------------------------------\n");
662
663 end = it + codeBlock->m_numConstants;
664 if (it != end) {
665 do {
666 printf("[r%2d] | %10p | %10p \n", registerCount, it, (*it).v());
667 ++it;
668 ++registerCount;
669 } while (it != end);
670 }
671 printf("----------------------------------------------------\n");
672
673 end = it + codeBlock->m_numCalleeRegisters - codeBlock->m_numConstants - codeBlock->m_numVars;
674 if (it != end) {
675 do {
676 printf("[r%2d] | %10p | %10p \n", registerCount, it, (*it).v());
677 ++it;
678 ++registerCount;
679 } while (it != end);
680 }
681 printf("----------------------------------------------------\n");
682 }
683
684 #endif
685
686 bool Interpreter::isOpcode(Opcode opcode)
687 {
688 #if HAVE(COMPUTED_GOTO)
689 return opcode != HashTraits<Opcode>::emptyValue()
690 && !HashTraits<Opcode>::isDeletedValue(opcode)
691 && m_opcodeIDTable.contains(opcode);
692 #else
693 return opcode >= 0 && opcode <= op_end;
694 #endif
695 }
696
697 NEVER_INLINE bool Interpreter::unwindCallFrame(CallFrame*& callFrame, JSValuePtr exceptionValue, unsigned& bytecodeOffset, CodeBlock*& codeBlock)
698 {
699 CodeBlock* oldCodeBlock = codeBlock;
700 ScopeChainNode* scopeChain = callFrame->scopeChain();
701
702 if (Debugger* debugger = callFrame->dynamicGlobalObject()->debugger()) {
703 DebuggerCallFrame debuggerCallFrame(callFrame, exceptionValue);
704 if (callFrame->callee())
705 debugger->returnEvent(debuggerCallFrame, codeBlock->ownerNode()->sourceID(), codeBlock->ownerNode()->lastLine());
706 else
707 debugger->didExecuteProgram(debuggerCallFrame, codeBlock->ownerNode()->sourceID(), codeBlock->ownerNode()->lastLine());
708 }
709
710 if (Profiler* profiler = *Profiler::enabledProfilerReference()) {
711 if (callFrame->callee())
712 profiler->didExecute(callFrame, callFrame->callee());
713 else
714 profiler->didExecute(callFrame, codeBlock->ownerNode()->sourceURL(), codeBlock->ownerNode()->lineNo());
715 }
716
717 // If this call frame created an activation or an 'arguments' object, tear it off.
718 if (oldCodeBlock->codeType() == FunctionCode && oldCodeBlock->needsFullScopeChain()) {
719 while (!scopeChain->object->isObject(&JSActivation::info))
720 scopeChain = scopeChain->pop();
721 static_cast<JSActivation*>(scopeChain->object)->copyRegisters(callFrame->optionalCalleeArguments());
722 } else if (Arguments* arguments = callFrame->optionalCalleeArguments()) {
723 if (!arguments->isTornOff())
724 arguments->copyRegisters();
725 }
726
727 if (oldCodeBlock->needsFullScopeChain())
728 scopeChain->deref();
729
730 void* returnPC = callFrame->returnPC();
731 callFrame = callFrame->callerFrame();
732 if (callFrame->hasHostCallFrameFlag())
733 return false;
734
735 codeBlock = callFrame->codeBlock();
736 bytecodeOffset = bytecodeOffsetForPC(callFrame, codeBlock, returnPC);
737 return true;
738 }
739
740 NEVER_INLINE HandlerInfo* Interpreter::throwException(CallFrame*& callFrame, JSValuePtr& exceptionValue, unsigned bytecodeOffset, bool explicitThrow)
741 {
742 // Set up the exception object
743
744 CodeBlock* codeBlock = callFrame->codeBlock();
745 if (exceptionValue.isObject()) {
746 JSObject* exception = asObject(exceptionValue);
747 if (exception->isNotAnObjectErrorStub()) {
748 exception = createNotAnObjectError(callFrame, static_cast<JSNotAnObjectErrorStub*>(exception), bytecodeOffset, codeBlock);
749 exceptionValue = exception;
750 } else {
751 if (!exception->hasProperty(callFrame, Identifier(callFrame, "line")) &&
752 !exception->hasProperty(callFrame, Identifier(callFrame, "sourceId")) &&
753 !exception->hasProperty(callFrame, Identifier(callFrame, "sourceURL")) &&
754 !exception->hasProperty(callFrame, Identifier(callFrame, expressionBeginOffsetPropertyName)) &&
755 !exception->hasProperty(callFrame, Identifier(callFrame, expressionCaretOffsetPropertyName)) &&
756 !exception->hasProperty(callFrame, Identifier(callFrame, expressionEndOffsetPropertyName))) {
757 if (explicitThrow) {
758 int startOffset = 0;
759 int endOffset = 0;
760 int divotPoint = 0;
761 int line = codeBlock->expressionRangeForBytecodeOffset(callFrame, bytecodeOffset, divotPoint, startOffset, endOffset);
762 exception->putWithAttributes(callFrame, Identifier(callFrame, "line"), jsNumber(callFrame, line), ReadOnly | DontDelete);
763
764 // We only hit this path for error messages and throw statements, which don't have a specific failure position
765 // So we just give the full range of the error/throw statement.
766 exception->putWithAttributes(callFrame, Identifier(callFrame, expressionBeginOffsetPropertyName), jsNumber(callFrame, divotPoint - startOffset), ReadOnly | DontDelete);
767 exception->putWithAttributes(callFrame, Identifier(callFrame, expressionEndOffsetPropertyName), jsNumber(callFrame, divotPoint + endOffset), ReadOnly | DontDelete);
768 } else
769 exception->putWithAttributes(callFrame, Identifier(callFrame, "line"), jsNumber(callFrame, codeBlock->lineNumberForBytecodeOffset(callFrame, bytecodeOffset)), ReadOnly | DontDelete);
770 exception->putWithAttributes(callFrame, Identifier(callFrame, "sourceId"), jsNumber(callFrame, codeBlock->ownerNode()->sourceID()), ReadOnly | DontDelete);
771 exception->putWithAttributes(callFrame, Identifier(callFrame, "sourceURL"), jsOwnedString(callFrame, codeBlock->ownerNode()->sourceURL()), ReadOnly | DontDelete);
772 }
773
774 if (exception->isWatchdogException()) {
775 while (unwindCallFrame(callFrame, exceptionValue, bytecodeOffset, codeBlock)) {
776 // Don't need handler checks or anything, we just want to unroll all the JS callframes possible.
777 }
778 return 0;
779 }
780 }
781 }
782
783 if (Debugger* debugger = callFrame->dynamicGlobalObject()->debugger()) {
784 DebuggerCallFrame debuggerCallFrame(callFrame, exceptionValue);
785 debugger->exception(debuggerCallFrame, codeBlock->ownerNode()->sourceID(), codeBlock->lineNumberForBytecodeOffset(callFrame, bytecodeOffset));
786 }
787
788 // If we throw in the middle of a call instruction, we need to notify
789 // the profiler manually that the call instruction has returned, since
790 // we'll never reach the relevant op_profile_did_call.
791 if (Profiler* profiler = *Profiler::enabledProfilerReference()) {
792 #if !ENABLE(JIT)
793 if (isCallBytecode(codeBlock->instructions()[bytecodeOffset].u.opcode))
794 profiler->didExecute(callFrame, callFrame[codeBlock->instructions()[bytecodeOffset + 2].u.operand].jsValue(callFrame));
795 else if (codeBlock->instructions()[bytecodeOffset + 8].u.opcode == getOpcode(op_construct))
796 profiler->didExecute(callFrame, callFrame[codeBlock->instructions()[bytecodeOffset + 10].u.operand].jsValue(callFrame));
797 #else
798 int functionRegisterIndex;
799 if (codeBlock->functionRegisterForBytecodeOffset(bytecodeOffset, functionRegisterIndex))
800 profiler->didExecute(callFrame, callFrame[functionRegisterIndex].jsValue(callFrame));
801 #endif
802 }
803
804 // Calculate an exception handler vPC, unwinding call frames as necessary.
805
806 HandlerInfo* handler = 0;
807 while (!(handler = codeBlock->handlerForBytecodeOffset(bytecodeOffset))) {
808 if (!unwindCallFrame(callFrame, exceptionValue, bytecodeOffset, codeBlock))
809 return 0;
810 }
811
812 // Now unwind the scope chain within the exception handler's call frame.
813
814 ScopeChainNode* scopeChain = callFrame->scopeChain();
815 ScopeChain sc(scopeChain);
816 int scopeDelta = depth(codeBlock, sc) - handler->scopeDepth;
817 ASSERT(scopeDelta >= 0);
818 while (scopeDelta--)
819 scopeChain = scopeChain->pop();
820 callFrame->setScopeChain(scopeChain);
821
822 return handler;
823 }
824
825 JSValuePtr Interpreter::execute(ProgramNode* programNode, CallFrame* callFrame, ScopeChainNode* scopeChain, JSObject* thisObj, JSValuePtr* exception)
826 {
827 ASSERT(!scopeChain->globalData->exception);
828
829 if (m_reentryDepth >= MaxReentryDepth) {
830 *exception = createStackOverflowError(callFrame);
831 return jsNull();
832 }
833
834 CodeBlock* codeBlock = &programNode->bytecode(scopeChain);
835
836 Register* oldEnd = m_registerFile.end();
837 Register* newEnd = oldEnd + codeBlock->m_numParameters + RegisterFile::CallFrameHeaderSize + codeBlock->m_numCalleeRegisters;
838 if (!m_registerFile.grow(newEnd)) {
839 *exception = createStackOverflowError(callFrame);
840 return jsNull();
841 }
842
843 DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject());
844
845 JSGlobalObject* lastGlobalObject = m_registerFile.globalObject();
846 JSGlobalObject* globalObject = callFrame->dynamicGlobalObject();
847 globalObject->copyGlobalsTo(m_registerFile);
848
849 CallFrame* newCallFrame = CallFrame::create(oldEnd + codeBlock->m_numParameters + RegisterFile::CallFrameHeaderSize);
850 newCallFrame[codeBlock->thisRegister()] = JSValuePtr(thisObj);
851 newCallFrame->init(codeBlock, 0, scopeChain, CallFrame::noCaller(), 0, 0, 0);
852
853 if (codeBlock->needsFullScopeChain())
854 scopeChain->ref();
855
856 Profiler** profiler = Profiler::enabledProfilerReference();
857 if (*profiler)
858 (*profiler)->willExecute(newCallFrame, programNode->sourceURL(), programNode->lineNo());
859
860 JSValuePtr result;
861 {
862 SamplingTool::CallRecord callRecord(m_sampler);
863
864 m_reentryDepth++;
865 #if ENABLE(JIT)
866 if (!codeBlock->jitCode())
867 JIT::compile(scopeChain->globalData, codeBlock);
868 result = JIT::execute(codeBlock->jitCode(), &m_registerFile, newCallFrame, scopeChain->globalData, exception);
869 #else
870 result = privateExecute(Normal, &m_registerFile, newCallFrame, exception);
871 #endif
872 m_reentryDepth--;
873 }
874
875 if (*profiler)
876 (*profiler)->didExecute(callFrame, programNode->sourceURL(), programNode->lineNo());
877
878 if (m_reentryDepth && lastGlobalObject && globalObject != lastGlobalObject)
879 lastGlobalObject->copyGlobalsTo(m_registerFile);
880
881 m_registerFile.shrink(oldEnd);
882
883 return result;
884 }
885
886 JSValuePtr Interpreter::execute(FunctionBodyNode* functionBodyNode, CallFrame* callFrame, JSFunction* function, JSObject* thisObj, const ArgList& args, ScopeChainNode* scopeChain, JSValuePtr* exception)
887 {
888 ASSERT(!scopeChain->globalData->exception);
889
890 if (m_reentryDepth >= MaxReentryDepth) {
891 *exception = createStackOverflowError(callFrame);
892 return jsNull();
893 }
894
895 Register* oldEnd = m_registerFile.end();
896 int argc = 1 + args.size(); // implicit "this" parameter
897
898 if (!m_registerFile.grow(oldEnd + argc)) {
899 *exception = createStackOverflowError(callFrame);
900 return jsNull();
901 }
902
903 DynamicGlobalObjectScope globalObjectScope(callFrame, callFrame->globalData().dynamicGlobalObject ? callFrame->globalData().dynamicGlobalObject : scopeChain->globalObject());
904
905 CallFrame* newCallFrame = CallFrame::create(oldEnd);
906 size_t dst = 0;
907 newCallFrame[0] = JSValuePtr(thisObj);
908 ArgList::const_iterator end = args.end();
909 for (ArgList::const_iterator it = args.begin(); it != end; ++it)
910 newCallFrame[++dst] = *it;
911
912 CodeBlock* codeBlock = &functionBodyNode->bytecode(scopeChain);
913 newCallFrame = slideRegisterWindowForCall(codeBlock, &m_registerFile, newCallFrame, argc + RegisterFile::CallFrameHeaderSize, argc);
914 if (UNLIKELY(!newCallFrame)) {
915 *exception = createStackOverflowError(callFrame);
916 m_registerFile.shrink(oldEnd);
917 return jsNull();
918 }
919 // a 0 codeBlock indicates a built-in caller
920 newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), 0, argc, function);
921
922 Profiler** profiler = Profiler::enabledProfilerReference();
923 if (*profiler)
924 (*profiler)->willExecute(callFrame, function);
925
926 JSValuePtr result;
927 {
928 SamplingTool::CallRecord callRecord(m_sampler);
929
930 m_reentryDepth++;
931 #if ENABLE(JIT)
932 if (!codeBlock->jitCode())
933 JIT::compile(scopeChain->globalData, codeBlock);
934 result = JIT::execute(codeBlock->jitCode(), &m_registerFile, newCallFrame, scopeChain->globalData, exception);
935 #else
936 result = privateExecute(Normal, &m_registerFile, newCallFrame, exception);
937 #endif
938 m_reentryDepth--;
939 }
940
941 if (*profiler)
942 (*profiler)->didExecute(callFrame, function);
943
944 m_registerFile.shrink(oldEnd);
945 return result;
946 }
947
948 JSValuePtr Interpreter::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, ScopeChainNode* scopeChain, JSValuePtr* exception)
949 {
950 return execute(evalNode, callFrame, thisObj, m_registerFile.size() + evalNode->bytecode(scopeChain).m_numParameters + RegisterFile::CallFrameHeaderSize, scopeChain, exception);
951 }
952
953 JSValuePtr Interpreter::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, int globalRegisterOffset, ScopeChainNode* scopeChain, JSValuePtr* exception)
954 {
955 ASSERT(!scopeChain->globalData->exception);
956
957 if (m_reentryDepth >= MaxReentryDepth) {
958 *exception = createStackOverflowError(callFrame);
959 return jsNull();
960 }
961
962 DynamicGlobalObjectScope globalObjectScope(callFrame, callFrame->globalData().dynamicGlobalObject ? callFrame->globalData().dynamicGlobalObject : scopeChain->globalObject());
963
964 EvalCodeBlock* codeBlock = &evalNode->bytecode(scopeChain);
965
966 JSVariableObject* variableObject;
967 for (ScopeChainNode* node = scopeChain; ; node = node->next) {
968 ASSERT(node);
969 if (node->object->isVariableObject()) {
970 variableObject = static_cast<JSVariableObject*>(node->object);
971 break;
972 }
973 }
974
975 { // Scope for BatchedTransitionOptimizer
976
977 BatchedTransitionOptimizer optimizer(variableObject);
978
979 const DeclarationStacks::VarStack& varStack = codeBlock->ownerNode()->varStack();
980 DeclarationStacks::VarStack::const_iterator varStackEnd = varStack.end();
981 for (DeclarationStacks::VarStack::const_iterator it = varStack.begin(); it != varStackEnd; ++it) {
982 const Identifier& ident = (*it).first;
983 if (!variableObject->hasProperty(callFrame, ident)) {
984 PutPropertySlot slot;
985 variableObject->put(callFrame, ident, jsUndefined(), slot);
986 }
987 }
988
989 const DeclarationStacks::FunctionStack& functionStack = codeBlock->ownerNode()->functionStack();
990 DeclarationStacks::FunctionStack::const_iterator functionStackEnd = functionStack.end();
991 for (DeclarationStacks::FunctionStack::const_iterator it = functionStack.begin(); it != functionStackEnd; ++it) {
992 PutPropertySlot slot;
993 variableObject->put(callFrame, (*it)->m_ident, (*it)->makeFunction(callFrame, scopeChain), slot);
994 }
995
996 }
997
998 Register* oldEnd = m_registerFile.end();
999 Register* newEnd = m_registerFile.start() + globalRegisterOffset + codeBlock->m_numCalleeRegisters;
1000 if (!m_registerFile.grow(newEnd)) {
1001 *exception = createStackOverflowError(callFrame);
1002 return jsNull();
1003 }
1004
1005 CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + globalRegisterOffset);
1006
1007 // a 0 codeBlock indicates a built-in caller
1008 newCallFrame[codeBlock->thisRegister()] = JSValuePtr(thisObj);
1009 newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), 0, 0, 0);
1010
1011 if (codeBlock->needsFullScopeChain())
1012 scopeChain->ref();
1013
1014 Profiler** profiler = Profiler::enabledProfilerReference();
1015 if (*profiler)
1016 (*profiler)->willExecute(newCallFrame, evalNode->sourceURL(), evalNode->lineNo());
1017
1018 JSValuePtr result;
1019 {
1020 SamplingTool::CallRecord callRecord(m_sampler);
1021
1022 m_reentryDepth++;
1023 #if ENABLE(JIT)
1024 if (!codeBlock->jitCode())
1025 JIT::compile(scopeChain->globalData, codeBlock);
1026 result = JIT::execute(codeBlock->jitCode(), &m_registerFile, newCallFrame, scopeChain->globalData, exception);
1027 #else
1028 result = privateExecute(Normal, &m_registerFile, newCallFrame, exception);
1029 #endif
1030 m_reentryDepth--;
1031 }
1032
1033 if (*profiler)
1034 (*profiler)->didExecute(callFrame, evalNode->sourceURL(), evalNode->lineNo());
1035
1036 m_registerFile.shrink(oldEnd);
1037 return result;
1038 }
1039
1040 NEVER_INLINE void Interpreter::debug(CallFrame* callFrame, DebugHookID debugHookID, int firstLine, int lastLine)
1041 {
1042 Debugger* debugger = callFrame->dynamicGlobalObject()->debugger();
1043 if (!debugger)
1044 return;
1045
1046 switch (debugHookID) {
1047 case DidEnterCallFrame:
1048 debugger->callEvent(callFrame, callFrame->codeBlock()->ownerNode()->sourceID(), firstLine);
1049 return;
1050 case WillLeaveCallFrame:
1051 debugger->returnEvent(callFrame, callFrame->codeBlock()->ownerNode()->sourceID(), lastLine);
1052 return;
1053 case WillExecuteStatement:
1054 debugger->atStatement(callFrame, callFrame->codeBlock()->ownerNode()->sourceID(), firstLine);
1055 return;
1056 case WillExecuteProgram:
1057 debugger->willExecuteProgram(callFrame, callFrame->codeBlock()->ownerNode()->sourceID(), firstLine);
1058 return;
1059 case DidExecuteProgram:
1060 debugger->didExecuteProgram(callFrame, callFrame->codeBlock()->ownerNode()->sourceID(), lastLine);
1061 return;
1062 case DidReachBreakpoint:
1063 debugger->didReachBreakpoint(callFrame, callFrame->codeBlock()->ownerNode()->sourceID(), lastLine);
1064 return;
1065 }
1066 }
1067
1068 void Interpreter::resetTimeoutCheck()
1069 {
1070 m_ticksUntilNextTimeoutCheck = initialTickCountThreshold;
1071 m_timeAtLastCheckTimeout = 0;
1072 m_timeExecuting = 0;
1073 }
1074
1075 // Returns the time the current thread has spent executing, in milliseconds.
1076 static inline unsigned getCPUTime()
1077 {
1078 #if PLATFORM(DARWIN)
1079 mach_msg_type_number_t infoCount = THREAD_BASIC_INFO_COUNT;
1080 thread_basic_info_data_t info;
1081
1082 // Get thread information
1083 mach_port_t threadPort = mach_thread_self();
1084 thread_info(threadPort, THREAD_BASIC_INFO, reinterpret_cast<thread_info_t>(&info), &infoCount);
1085 mach_port_deallocate(mach_task_self(), threadPort);
1086
1087 unsigned time = info.user_time.seconds * 1000 + info.user_time.microseconds / 1000;
1088 time += info.system_time.seconds * 1000 + info.system_time.microseconds / 1000;
1089
1090 return time;
1091 #elif HAVE(SYS_TIME_H)
1092 // FIXME: This should probably use getrusage with the RUSAGE_THREAD flag.
1093 struct timeval tv;
1094 gettimeofday(&tv, 0);
1095 return tv.tv_sec * 1000 + tv.tv_usec / 1000;
1096 #elif PLATFORM(QT)
1097 QDateTime t = QDateTime::currentDateTime();
1098 return t.toTime_t() * 1000 + t.time().msec();
1099 #elif PLATFORM(WIN_OS)
1100 union {
1101 FILETIME fileTime;
1102 unsigned long long fileTimeAsLong;
1103 } userTime, kernelTime;
1104
1105 // GetThreadTimes won't accept NULL arguments so we pass these even though
1106 // they're not used.
1107 FILETIME creationTime, exitTime;
1108
1109 GetThreadTimes(GetCurrentThread(), &creationTime, &exitTime, &kernelTime.fileTime, &userTime.fileTime);
1110
1111 return userTime.fileTimeAsLong / 10000 + kernelTime.fileTimeAsLong / 10000;
1112 #else
1113 #error Platform does not have getCurrentTime function
1114 #endif
1115 }
1116
1117 // We have to return a JSValue here, gcc seems to produce worse code if
1118 // we attempt to return a bool
1119 ALWAYS_INLINE bool Interpreter::checkTimeout(JSGlobalObject* globalObject)
1120 {
1121 unsigned currentTime = getCPUTime();
1122
1123 if (!m_timeAtLastCheckTimeout) {
1124 // Suspicious amount of looping in a script -- start timing it
1125 m_timeAtLastCheckTimeout = currentTime;
1126 return false;
1127 }
1128
1129 unsigned timeDiff = currentTime - m_timeAtLastCheckTimeout;
1130
1131 if (timeDiff == 0)
1132 timeDiff = 1;
1133
1134 m_timeExecuting += timeDiff;
1135 m_timeAtLastCheckTimeout = currentTime;
1136
1137 // Adjust the tick threshold so we get the next checkTimeout call in the interval specified in
1138 // preferredScriptCheckTimeInterval
1139 m_ticksUntilNextTimeoutCheck = static_cast<unsigned>((static_cast<float>(preferredScriptCheckTimeInterval) / timeDiff) * m_ticksUntilNextTimeoutCheck);
1140 // If the new threshold is 0 reset it to the default threshold. This can happen if the timeDiff is higher than the
1141 // preferred script check time interval.
1142 if (m_ticksUntilNextTimeoutCheck == 0)
1143 m_ticksUntilNextTimeoutCheck = initialTickCountThreshold;
1144
1145 if (globalObject->shouldInterruptScriptBeforeTimeout())
1146 return true;
1147
1148 if (m_timeoutTime && m_timeExecuting > m_timeoutTime) {
1149 if (globalObject->shouldInterruptScript())
1150 return true;
1151
1152 resetTimeoutCheck();
1153 }
1154
1155 return false;
1156 }
1157
1158 NEVER_INLINE ScopeChainNode* Interpreter::createExceptionScope(CallFrame* callFrame, const Instruction* vPC)
1159 {
1160 int dst = (++vPC)->u.operand;
1161 CodeBlock* codeBlock = callFrame->codeBlock();
1162 Identifier& property = codeBlock->identifier((++vPC)->u.operand);
1163 JSValuePtr value = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1164 JSObject* scope = new (callFrame) JSStaticScopeObject(callFrame, property, value, DontDelete);
1165 callFrame[dst] = JSValuePtr(scope);
1166
1167 return callFrame->scopeChain()->push(scope);
1168 }
1169
1170 NEVER_INLINE void Interpreter::tryCachePutByID(CallFrame* callFrame, CodeBlock* codeBlock, Instruction* vPC, JSValuePtr baseValue, const PutPropertySlot& slot)
1171 {
1172 // Recursive invocation may already have specialized this instruction.
1173 if (vPC[0].u.opcode != getOpcode(op_put_by_id))
1174 return;
1175
1176 if (!baseValue.isCell())
1177 return;
1178
1179 // Uncacheable: give up.
1180 if (!slot.isCacheable()) {
1181 vPC[0] = getOpcode(op_put_by_id_generic);
1182 return;
1183 }
1184
1185 JSCell* baseCell = asCell(baseValue);
1186 Structure* structure = baseCell->structure();
1187
1188 if (structure->isDictionary()) {
1189 vPC[0] = getOpcode(op_put_by_id_generic);
1190 return;
1191 }
1192
1193 // Cache miss: record Structure to compare against next time.
1194 Structure* lastStructure = vPC[4].u.structure;
1195 if (structure != lastStructure) {
1196 // First miss: record Structure to compare against next time.
1197 if (!lastStructure) {
1198 vPC[4] = structure;
1199 return;
1200 }
1201
1202 // Second miss: give up.
1203 vPC[0] = getOpcode(op_put_by_id_generic);
1204 return;
1205 }
1206
1207 // Cache hit: Specialize instruction and ref Structures.
1208
1209 // If baseCell != slot.base(), then baseCell must be a proxy for another object.
1210 if (baseCell != slot.base()) {
1211 vPC[0] = getOpcode(op_put_by_id_generic);
1212 return;
1213 }
1214
1215 // Structure transition, cache transition info
1216 if (slot.type() == PutPropertySlot::NewProperty) {
1217 vPC[0] = getOpcode(op_put_by_id_transition);
1218 vPC[4] = structure->previousID();
1219 vPC[5] = structure;
1220 vPC[6] = structure->prototypeChain(callFrame);
1221 vPC[7] = slot.cachedOffset();
1222 codeBlock->refStructures(vPC);
1223 return;
1224 }
1225
1226 vPC[0] = getOpcode(op_put_by_id_replace);
1227 vPC[5] = slot.cachedOffset();
1228 codeBlock->refStructures(vPC);
1229 }
1230
1231 NEVER_INLINE void Interpreter::uncachePutByID(CodeBlock* codeBlock, Instruction* vPC)
1232 {
1233 codeBlock->derefStructures(vPC);
1234 vPC[0] = getOpcode(op_put_by_id);
1235 vPC[4] = 0;
1236 }
1237
1238 static size_t countPrototypeChainEntriesAndCheckForProxies(CallFrame* callFrame, JSValuePtr baseValue, const PropertySlot& slot)
1239 {
1240 JSCell* cell = asCell(baseValue);
1241 size_t count = 0;
1242
1243 while (slot.slotBase() != cell) {
1244 JSValuePtr v = cell->structure()->prototypeForLookup(callFrame);
1245
1246 // If we didn't find slotBase in baseValue's prototype chain, then baseValue
1247 // must be a proxy for another object.
1248
1249 if (v.isNull())
1250 return 0;
1251
1252 cell = asCell(v);
1253
1254 // Since we're accessing a prototype in a loop, it's a good bet that it
1255 // should not be treated as a dictionary.
1256 if (cell->structure()->isDictionary())
1257 asObject(cell)->setStructure(Structure::fromDictionaryTransition(cell->structure()));
1258
1259 ++count;
1260 }
1261
1262 ASSERT(count);
1263 return count;
1264 }
1265
1266 NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock* codeBlock, Instruction* vPC, JSValuePtr baseValue, const Identifier& propertyName, const PropertySlot& slot)
1267 {
1268 // Recursive invocation may already have specialized this instruction.
1269 if (vPC[0].u.opcode != getOpcode(op_get_by_id))
1270 return;
1271
1272 // FIXME: Cache property access for immediates.
1273 if (!baseValue.isCell()) {
1274 vPC[0] = getOpcode(op_get_by_id_generic);
1275 return;
1276 }
1277
1278 if (isJSArray(baseValue) && propertyName == callFrame->propertyNames().length) {
1279 vPC[0] = getOpcode(op_get_array_length);
1280 return;
1281 }
1282
1283 if (isJSString(baseValue) && propertyName == callFrame->propertyNames().length) {
1284 vPC[0] = getOpcode(op_get_string_length);
1285 return;
1286 }
1287
1288 // Uncacheable: give up.
1289 if (!slot.isCacheable()) {
1290 vPC[0] = getOpcode(op_get_by_id_generic);
1291 return;
1292 }
1293
1294 Structure* structure = asCell(baseValue)->structure();
1295
1296 if (structure->isDictionary()) {
1297 vPC[0] = getOpcode(op_get_by_id_generic);
1298 return;
1299 }
1300
1301 // Cache miss
1302 Structure* lastStructure = vPC[4].u.structure;
1303 if (structure != lastStructure) {
1304 // First miss: record Structure to compare against next time.
1305 if (!lastStructure) {
1306 vPC[4] = structure;
1307 return;
1308 }
1309
1310 // Second miss: give up.
1311 vPC[0] = getOpcode(op_get_by_id_generic);
1312 return;
1313 }
1314
1315 // Cache hit: Specialize instruction and ref Structures.
1316
1317 if (slot.slotBase() == baseValue) {
1318 vPC[0] = getOpcode(op_get_by_id_self);
1319 vPC[5] = slot.cachedOffset();
1320
1321 codeBlock->refStructures(vPC);
1322 return;
1323 }
1324
1325 if (slot.slotBase() == structure->prototypeForLookup(callFrame)) {
1326 ASSERT(slot.slotBase().isObject());
1327
1328 JSObject* baseObject = asObject(slot.slotBase());
1329
1330 // Since we're accessing a prototype in a loop, it's a good bet that it
1331 // should not be treated as a dictionary.
1332 if (baseObject->structure()->isDictionary())
1333 baseObject->setStructure(Structure::fromDictionaryTransition(baseObject->structure()));
1334
1335 vPC[0] = getOpcode(op_get_by_id_proto);
1336 vPC[5] = baseObject->structure();
1337 vPC[6] = slot.cachedOffset();
1338
1339 codeBlock->refStructures(vPC);
1340 return;
1341 }
1342
1343 size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot);
1344 if (!count) {
1345 vPC[0] = getOpcode(op_get_by_id_generic);
1346 return;
1347 }
1348
1349 vPC[0] = getOpcode(op_get_by_id_chain);
1350 vPC[4] = structure;
1351 vPC[5] = structure->prototypeChain(callFrame);
1352 vPC[6] = count;
1353 vPC[7] = slot.cachedOffset();
1354 codeBlock->refStructures(vPC);
1355 }
1356
1357 NEVER_INLINE void Interpreter::uncacheGetByID(CodeBlock* codeBlock, Instruction* vPC)
1358 {
1359 codeBlock->derefStructures(vPC);
1360 vPC[0] = getOpcode(op_get_by_id);
1361 vPC[4] = 0;
1362 }
1363
1364 JSValuePtr Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFile, CallFrame* callFrame, JSValuePtr* exception)
1365 {
1366 // One-time initialization of our address tables. We have to put this code
1367 // here because our labels are only in scope inside this function.
1368 if (flag == InitializeAndReturn) {
1369 #if HAVE(COMPUTED_GOTO)
1370 #define ADD_BYTECODE(id, length) m_opcodeTable[id] = &&id;
1371 FOR_EACH_OPCODE_ID(ADD_BYTECODE);
1372 #undef ADD_BYTECODE
1373
1374 #define ADD_OPCODE_ID(id, length) m_opcodeIDTable.add(&&id, id);
1375 FOR_EACH_OPCODE_ID(ADD_OPCODE_ID);
1376 #undef ADD_OPCODE_ID
1377 ASSERT(m_opcodeIDTable.size() == numOpcodeIDs);
1378 #endif // HAVE(COMPUTED_GOTO)
1379 return noValue();
1380 }
1381
1382 #if ENABLE(JIT)
1383 // Currently with CTI enabled we never interpret functions
1384 ASSERT_NOT_REACHED();
1385 #endif
1386
1387 JSGlobalData* globalData = &callFrame->globalData();
1388 JSValuePtr exceptionValue = noValue();
1389 HandlerInfo* handler = 0;
1390
1391 Instruction* vPC = callFrame->codeBlock()->instructions().begin();
1392 Profiler** enabledProfilerReference = Profiler::enabledProfilerReference();
1393 unsigned tickCount = m_ticksUntilNextTimeoutCheck + 1;
1394
1395 #define CHECK_FOR_EXCEPTION() \
1396 do { \
1397 if (UNLIKELY(globalData->exception != noValue())) { \
1398 exceptionValue = globalData->exception; \
1399 goto vm_throw; \
1400 } \
1401 } while (0)
1402
1403 #if ENABLE(OPCODE_STATS)
1404 OpcodeStats::resetLastInstruction();
1405 #endif
1406
1407 #define CHECK_FOR_TIMEOUT() \
1408 if (!--tickCount) { \
1409 if (checkTimeout(callFrame->dynamicGlobalObject())) { \
1410 exceptionValue = jsNull(); \
1411 goto vm_throw; \
1412 } \
1413 tickCount = m_ticksUntilNextTimeoutCheck; \
1414 }
1415
1416 #if ENABLE(OPCODE_SAMPLING)
1417 #define SAMPLE(codeBlock, vPC) m_sampler->sample(codeBlock, vPC)
1418 #define CTI_SAMPLER ARG_globalData->interpreter->sampler()
1419 #else
1420 #define SAMPLE(codeBlock, vPC)
1421 #define CTI_SAMPLER 0
1422 #endif
1423
1424 #if HAVE(COMPUTED_GOTO)
1425 #define NEXT_INSTRUCTION() SAMPLE(callFrame->codeBlock(), vPC); goto *vPC->u.opcode
1426 #if ENABLE(OPCODE_STATS)
1427 #define DEFINE_OPCODE(opcode) opcode: OpcodeStats::recordInstruction(opcode);
1428 #else
1429 #define DEFINE_OPCODE(opcode) opcode:
1430 #endif
1431 NEXT_INSTRUCTION();
1432 #else
1433 #define NEXT_INSTRUCTION() SAMPLE(callFrame->codeBlock(), vPC); goto interpreterLoopStart
1434 #if ENABLE(OPCODE_STATS)
1435 #define DEFINE_OPCODE(opcode) case opcode: OpcodeStats::recordInstruction(opcode);
1436 #else
1437 #define DEFINE_OPCODE(opcode) case opcode:
1438 #endif
1439 while (1) { // iterator loop begins
1440 interpreterLoopStart:;
1441 switch (vPC->u.opcode)
1442 #endif
1443 {
1444 DEFINE_OPCODE(op_new_object) {
1445 /* new_object dst(r)
1446
1447 Constructs a new empty Object instance using the original
1448 constructor, and puts the result in register dst.
1449 */
1450 int dst = (++vPC)->u.operand;
1451 callFrame[dst] = JSValuePtr(constructEmptyObject(callFrame));
1452
1453 ++vPC;
1454 NEXT_INSTRUCTION();
1455 }
1456 DEFINE_OPCODE(op_new_array) {
1457 /* new_array dst(r) firstArg(r) argCount(n)
1458
1459 Constructs a new Array instance using the original
1460 constructor, and puts the result in register dst.
1461 The array will contain argCount elements with values
1462 taken from registers starting at register firstArg.
1463 */
1464 int dst = (++vPC)->u.operand;
1465 int firstArg = (++vPC)->u.operand;
1466 int argCount = (++vPC)->u.operand;
1467 ArgList args(callFrame->registers() + firstArg, argCount);
1468 callFrame[dst] = JSValuePtr(constructArray(callFrame, args));
1469
1470 ++vPC;
1471 NEXT_INSTRUCTION();
1472 }
1473 DEFINE_OPCODE(op_new_regexp) {
1474 /* new_regexp dst(r) regExp(re)
1475
1476 Constructs a new RegExp instance using the original
1477 constructor from regexp regExp, and puts the result in
1478 register dst.
1479 */
1480 int dst = (++vPC)->u.operand;
1481 int regExp = (++vPC)->u.operand;
1482 callFrame[dst] = JSValuePtr(new (globalData) RegExpObject(callFrame->scopeChain()->globalObject()->regExpStructure(), callFrame->codeBlock()->regexp(regExp)));
1483
1484 ++vPC;
1485 NEXT_INSTRUCTION();
1486 }
1487 DEFINE_OPCODE(op_mov) {
1488 /* mov dst(r) src(r)
1489
1490 Copies register src to register dst.
1491 */
1492 int dst = (++vPC)->u.operand;
1493 int src = (++vPC)->u.operand;
1494 callFrame[dst] = callFrame[src];
1495
1496 ++vPC;
1497 NEXT_INSTRUCTION();
1498 }
1499 DEFINE_OPCODE(op_eq) {
1500 /* eq dst(r) src1(r) src2(r)
1501
1502 Checks whether register src1 and register src2 are equal,
1503 as with the ECMAScript '==' operator, and puts the result
1504 as a boolean in register dst.
1505 */
1506 int dst = (++vPC)->u.operand;
1507 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1508 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1509 if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
1510 callFrame[dst] = JSFastMath::equal(src1, src2);
1511 else {
1512 JSValuePtr result = jsBoolean(JSValuePtr::equalSlowCase(callFrame, src1, src2));
1513 CHECK_FOR_EXCEPTION();
1514 callFrame[dst] = result;
1515 }
1516
1517 ++vPC;
1518 NEXT_INSTRUCTION();
1519 }
1520 DEFINE_OPCODE(op_eq_null) {
1521 /* eq_null dst(r) src(r)
1522
1523 Checks whether register src is null, as with the ECMAScript '!='
1524 operator, and puts the result as a boolean in register dst.
1525 */
1526 int dst = (++vPC)->u.operand;
1527 JSValuePtr src = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1528
1529 if (src.isUndefinedOrNull()) {
1530 callFrame[dst] = jsBoolean(true);
1531 ++vPC;
1532 NEXT_INSTRUCTION();
1533 }
1534
1535 callFrame[dst] = jsBoolean(src.isCell() && src.asCell()->structure()->typeInfo().masqueradesAsUndefined());
1536 ++vPC;
1537 NEXT_INSTRUCTION();
1538 }
1539 DEFINE_OPCODE(op_neq) {
1540 /* neq dst(r) src1(r) src2(r)
1541
1542 Checks whether register src1 and register src2 are not
1543 equal, as with the ECMAScript '!=' operator, and puts the
1544 result as a boolean in register dst.
1545 */
1546 int dst = (++vPC)->u.operand;
1547 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1548 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1549 if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
1550 callFrame[dst] = JSFastMath::notEqual(src1, src2);
1551 else {
1552 JSValuePtr result = jsBoolean(!JSValuePtr::equalSlowCase(callFrame, src1, src2));
1553 CHECK_FOR_EXCEPTION();
1554 callFrame[dst] = result;
1555 }
1556
1557 ++vPC;
1558 NEXT_INSTRUCTION();
1559 }
1560 DEFINE_OPCODE(op_neq_null) {
1561 /* neq_null dst(r) src(r)
1562
1563 Checks whether register src is not null, as with the ECMAScript '!='
1564 operator, and puts the result as a boolean in register dst.
1565 */
1566 int dst = (++vPC)->u.operand;
1567 JSValuePtr src = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1568
1569 if (src.isUndefinedOrNull()) {
1570 callFrame[dst] = jsBoolean(false);
1571 ++vPC;
1572 NEXT_INSTRUCTION();
1573 }
1574
1575 callFrame[dst] = jsBoolean(!src.isCell() || !asCell(src)->structure()->typeInfo().masqueradesAsUndefined());
1576 ++vPC;
1577 NEXT_INSTRUCTION();
1578 }
1579 DEFINE_OPCODE(op_stricteq) {
1580 /* stricteq dst(r) src1(r) src2(r)
1581
1582 Checks whether register src1 and register src2 are strictly
1583 equal, as with the ECMAScript '===' operator, and puts the
1584 result as a boolean in register dst.
1585 */
1586 int dst = (++vPC)->u.operand;
1587 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1588 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1589 callFrame[dst] = jsBoolean(JSValuePtr::strictEqual(src1, src2));
1590
1591 ++vPC;
1592 NEXT_INSTRUCTION();
1593 }
1594 DEFINE_OPCODE(op_nstricteq) {
1595 /* nstricteq dst(r) src1(r) src2(r)
1596
1597 Checks whether register src1 and register src2 are not
1598 strictly equal, as with the ECMAScript '!==' operator, and
1599 puts the result as a boolean in register dst.
1600 */
1601 int dst = (++vPC)->u.operand;
1602 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1603 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1604 callFrame[dst] = jsBoolean(!JSValuePtr::strictEqual(src1, src2));
1605
1606 ++vPC;
1607 NEXT_INSTRUCTION();
1608 }
1609 DEFINE_OPCODE(op_less) {
1610 /* less dst(r) src1(r) src2(r)
1611
1612 Checks whether register src1 is less than register src2, as
1613 with the ECMAScript '<' operator, and puts the result as
1614 a boolean in register dst.
1615 */
1616 int dst = (++vPC)->u.operand;
1617 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1618 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1619 JSValuePtr result = jsBoolean(jsLess(callFrame, src1, src2));
1620 CHECK_FOR_EXCEPTION();
1621 callFrame[dst] = result;
1622
1623 ++vPC;
1624 NEXT_INSTRUCTION();
1625 }
1626 DEFINE_OPCODE(op_lesseq) {
1627 /* lesseq dst(r) src1(r) src2(r)
1628
1629 Checks whether register src1 is less than or equal to
1630 register src2, as with the ECMAScript '<=' operator, and
1631 puts the result as a boolean in register dst.
1632 */
1633 int dst = (++vPC)->u.operand;
1634 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1635 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1636 JSValuePtr result = jsBoolean(jsLessEq(callFrame, src1, src2));
1637 CHECK_FOR_EXCEPTION();
1638 callFrame[dst] = result;
1639
1640 ++vPC;
1641 NEXT_INSTRUCTION();
1642 }
1643 DEFINE_OPCODE(op_pre_inc) {
1644 /* pre_inc srcDst(r)
1645
1646 Converts register srcDst to number, adds one, and puts the result
1647 back in register srcDst.
1648 */
1649 int srcDst = (++vPC)->u.operand;
1650 JSValuePtr v = callFrame[srcDst].jsValue(callFrame);
1651 if (JSFastMath::canDoFastAdditiveOperations(v))
1652 callFrame[srcDst] = JSValuePtr(JSFastMath::incImmediateNumber(v));
1653 else {
1654 JSValuePtr result = jsNumber(callFrame, v.toNumber(callFrame) + 1);
1655 CHECK_FOR_EXCEPTION();
1656 callFrame[srcDst] = result;
1657 }
1658
1659 ++vPC;
1660 NEXT_INSTRUCTION();
1661 }
1662 DEFINE_OPCODE(op_pre_dec) {
1663 /* pre_dec srcDst(r)
1664
1665 Converts register srcDst to number, subtracts one, and puts the result
1666 back in register srcDst.
1667 */
1668 int srcDst = (++vPC)->u.operand;
1669 JSValuePtr v = callFrame[srcDst].jsValue(callFrame);
1670 if (JSFastMath::canDoFastAdditiveOperations(v))
1671 callFrame[srcDst] = JSValuePtr(JSFastMath::decImmediateNumber(v));
1672 else {
1673 JSValuePtr result = jsNumber(callFrame, v.toNumber(callFrame) - 1);
1674 CHECK_FOR_EXCEPTION();
1675 callFrame[srcDst] = result;
1676 }
1677
1678 ++vPC;
1679 NEXT_INSTRUCTION();
1680 }
1681 DEFINE_OPCODE(op_post_inc) {
1682 /* post_inc dst(r) srcDst(r)
1683
1684 Converts register srcDst to number. The number itself is
1685 written to register dst, and the number plus one is written
1686 back to register srcDst.
1687 */
1688 int dst = (++vPC)->u.operand;
1689 int srcDst = (++vPC)->u.operand;
1690 JSValuePtr v = callFrame[srcDst].jsValue(callFrame);
1691 if (JSFastMath::canDoFastAdditiveOperations(v)) {
1692 callFrame[dst] = v;
1693 callFrame[srcDst] = JSValuePtr(JSFastMath::incImmediateNumber(v));
1694 } else {
1695 JSValuePtr number = callFrame[srcDst].jsValue(callFrame).toJSNumber(callFrame);
1696 CHECK_FOR_EXCEPTION();
1697 callFrame[dst] = number;
1698 callFrame[srcDst] = JSValuePtr(jsNumber(callFrame, number.uncheckedGetNumber() + 1));
1699 }
1700
1701 ++vPC;
1702 NEXT_INSTRUCTION();
1703 }
1704 DEFINE_OPCODE(op_post_dec) {
1705 /* post_dec dst(r) srcDst(r)
1706
1707 Converts register srcDst to number. The number itself is
1708 written to register dst, and the number minus one is written
1709 back to register srcDst.
1710 */
1711 int dst = (++vPC)->u.operand;
1712 int srcDst = (++vPC)->u.operand;
1713 JSValuePtr v = callFrame[srcDst].jsValue(callFrame);
1714 if (JSFastMath::canDoFastAdditiveOperations(v)) {
1715 callFrame[dst] = v;
1716 callFrame[srcDst] = JSValuePtr(JSFastMath::decImmediateNumber(v));
1717 } else {
1718 JSValuePtr number = callFrame[srcDst].jsValue(callFrame).toJSNumber(callFrame);
1719 CHECK_FOR_EXCEPTION();
1720 callFrame[dst] = number;
1721 callFrame[srcDst] = JSValuePtr(jsNumber(callFrame, number.uncheckedGetNumber() - 1));
1722 }
1723
1724 ++vPC;
1725 NEXT_INSTRUCTION();
1726 }
1727 DEFINE_OPCODE(op_to_jsnumber) {
1728 /* to_jsnumber dst(r) src(r)
1729
1730 Converts register src to number, and puts the result
1731 in register dst.
1732 */
1733 int dst = (++vPC)->u.operand;
1734 int src = (++vPC)->u.operand;
1735
1736 JSValuePtr srcVal = callFrame[src].jsValue(callFrame);
1737
1738 if (LIKELY(srcVal.isNumber()))
1739 callFrame[dst] = callFrame[src];
1740 else {
1741 JSValuePtr result = srcVal.toJSNumber(callFrame);
1742 CHECK_FOR_EXCEPTION();
1743 callFrame[dst] = result;
1744 }
1745
1746 ++vPC;
1747 NEXT_INSTRUCTION();
1748 }
1749 DEFINE_OPCODE(op_negate) {
1750 /* negate dst(r) src(r)
1751
1752 Converts register src to number, negates it, and puts the
1753 result in register dst.
1754 */
1755 int dst = (++vPC)->u.operand;
1756 JSValuePtr src = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1757 ++vPC;
1758 double v;
1759 if (src.getNumber(v))
1760 callFrame[dst] = JSValuePtr(jsNumber(callFrame, -v));
1761 else {
1762 JSValuePtr result = jsNumber(callFrame, -src.toNumber(callFrame));
1763 CHECK_FOR_EXCEPTION();
1764 callFrame[dst] = result;
1765 }
1766
1767 NEXT_INSTRUCTION();
1768 }
1769 DEFINE_OPCODE(op_add) {
1770 /* add dst(r) src1(r) src2(r)
1771
1772 Adds register src1 and register src2, and puts the result
1773 in register dst. (JS add may be string concatenation or
1774 numeric add, depending on the types of the operands.)
1775 */
1776 int dst = (++vPC)->u.operand;
1777 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1778 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1779 if (JSFastMath::canDoFastAdditiveOperations(src1, src2))
1780 callFrame[dst] = JSValuePtr(JSFastMath::addImmediateNumbers(src1, src2));
1781 else {
1782 JSValuePtr result = jsAdd(callFrame, src1, src2);
1783 CHECK_FOR_EXCEPTION();
1784 callFrame[dst] = result;
1785 }
1786 vPC += 2;
1787 NEXT_INSTRUCTION();
1788 }
1789 DEFINE_OPCODE(op_mul) {
1790 /* mul dst(r) src1(r) src2(r)
1791
1792 Multiplies register src1 and register src2 (converted to
1793 numbers), and puts the product in register dst.
1794 */
1795 int dst = (++vPC)->u.operand;
1796 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1797 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1798 double left;
1799 double right;
1800 if (JSValuePtr::areBothInt32Fast(src1, src2)) {
1801 int32_t left = src1.getInt32Fast();
1802 int32_t right = src2.getInt32Fast();
1803 if ((left | right) >> 15 == 0)
1804 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left * right));
1805 else
1806 callFrame[dst] = JSValuePtr(jsNumber(callFrame, static_cast<double>(left) * static_cast<double>(right)));
1807 } else if (src1.getNumber(left) && src2.getNumber(right))
1808 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left * right));
1809 else {
1810 JSValuePtr result = jsNumber(callFrame, src1.toNumber(callFrame) * src2.toNumber(callFrame));
1811 CHECK_FOR_EXCEPTION();
1812 callFrame[dst] = result;
1813 }
1814
1815 vPC += 2;
1816 NEXT_INSTRUCTION();
1817 }
1818 DEFINE_OPCODE(op_div) {
1819 /* div dst(r) dividend(r) divisor(r)
1820
1821 Divides register dividend (converted to number) by the
1822 register divisor (converted to number), and puts the
1823 quotient in register dst.
1824 */
1825 int dst = (++vPC)->u.operand;
1826 JSValuePtr dividend = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1827 JSValuePtr divisor = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1828 double left;
1829 double right;
1830 if (dividend.getNumber(left) && divisor.getNumber(right))
1831 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left / right));
1832 else {
1833 JSValuePtr result = jsNumber(callFrame, dividend.toNumber(callFrame) / divisor.toNumber(callFrame));
1834 CHECK_FOR_EXCEPTION();
1835 callFrame[dst] = result;
1836 }
1837 ++vPC;
1838 NEXT_INSTRUCTION();
1839 }
1840 DEFINE_OPCODE(op_mod) {
1841 /* mod dst(r) dividend(r) divisor(r)
1842
1843 Divides register dividend (converted to number) by
1844 register divisor (converted to number), and puts the
1845 remainder in register dst.
1846 */
1847 int dst = (++vPC)->u.operand;
1848 int dividend = (++vPC)->u.operand;
1849 int divisor = (++vPC)->u.operand;
1850
1851 JSValuePtr dividendValue = callFrame[dividend].jsValue(callFrame);
1852 JSValuePtr divisorValue = callFrame[divisor].jsValue(callFrame);
1853
1854 if (JSValuePtr::areBothInt32Fast(dividendValue, divisorValue) && divisorValue != js0()) {
1855 // We expect the result of the modulus of a number that was representable as an int32 to also be representable
1856 // as an int32.
1857 JSValuePtr result = JSValuePtr::makeInt32Fast(dividendValue.getInt32Fast() % divisorValue.getInt32Fast());
1858 ASSERT(result);
1859 callFrame[dst] = result;
1860 ++vPC;
1861 NEXT_INSTRUCTION();
1862 }
1863
1864 double d = dividendValue.toNumber(callFrame);
1865 JSValuePtr result = jsNumber(callFrame, fmod(d, divisorValue.toNumber(callFrame)));
1866 CHECK_FOR_EXCEPTION();
1867 callFrame[dst] = result;
1868 ++vPC;
1869 NEXT_INSTRUCTION();
1870 }
1871 DEFINE_OPCODE(op_sub) {
1872 /* sub dst(r) src1(r) src2(r)
1873
1874 Subtracts register src2 (converted to number) from register
1875 src1 (converted to number), and puts the difference in
1876 register dst.
1877 */
1878 int dst = (++vPC)->u.operand;
1879 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1880 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1881 double left;
1882 double right;
1883 if (JSFastMath::canDoFastAdditiveOperations(src1, src2))
1884 callFrame[dst] = JSValuePtr(JSFastMath::subImmediateNumbers(src1, src2));
1885 else if (src1.getNumber(left) && src2.getNumber(right))
1886 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left - right));
1887 else {
1888 JSValuePtr result = jsNumber(callFrame, src1.toNumber(callFrame) - src2.toNumber(callFrame));
1889 CHECK_FOR_EXCEPTION();
1890 callFrame[dst] = result;
1891 }
1892 vPC += 2;
1893 NEXT_INSTRUCTION();
1894 }
1895 DEFINE_OPCODE(op_lshift) {
1896 /* lshift dst(r) val(r) shift(r)
1897
1898 Performs left shift of register val (converted to int32) by
1899 register shift (converted to uint32), and puts the result
1900 in register dst.
1901 */
1902 int dst = (++vPC)->u.operand;
1903 JSValuePtr val = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1904 JSValuePtr shift = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1905 int32_t left;
1906 uint32_t right;
1907 if (JSValuePtr::areBothInt32Fast(val, shift))
1908 callFrame[dst] = JSValuePtr(jsNumber(callFrame, val.getInt32Fast() << (shift.getInt32Fast() & 0x1f)));
1909 else if (val.numberToInt32(left) && shift.numberToUInt32(right))
1910 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left << (right & 0x1f)));
1911 else {
1912 JSValuePtr result = jsNumber(callFrame, (val.toInt32(callFrame)) << (shift.toUInt32(callFrame) & 0x1f));
1913 CHECK_FOR_EXCEPTION();
1914 callFrame[dst] = result;
1915 }
1916
1917 ++vPC;
1918 NEXT_INSTRUCTION();
1919 }
1920 DEFINE_OPCODE(op_rshift) {
1921 /* rshift dst(r) val(r) shift(r)
1922
1923 Performs arithmetic right shift of register val (converted
1924 to int32) by register shift (converted to
1925 uint32), and puts the result in register dst.
1926 */
1927 int dst = (++vPC)->u.operand;
1928 JSValuePtr val = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1929 JSValuePtr shift = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1930 int32_t left;
1931 uint32_t right;
1932 if (JSFastMath::canDoFastRshift(val, shift))
1933 callFrame[dst] = JSValuePtr(JSFastMath::rightShiftImmediateNumbers(val, shift));
1934 else if (val.numberToInt32(left) && shift.numberToUInt32(right))
1935 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left >> (right & 0x1f)));
1936 else {
1937 JSValuePtr result = jsNumber(callFrame, (val.toInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
1938 CHECK_FOR_EXCEPTION();
1939 callFrame[dst] = result;
1940 }
1941
1942 ++vPC;
1943 NEXT_INSTRUCTION();
1944 }
1945 DEFINE_OPCODE(op_urshift) {
1946 /* rshift dst(r) val(r) shift(r)
1947
1948 Performs logical right shift of register val (converted
1949 to uint32) by register shift (converted to
1950 uint32), and puts the result in register dst.
1951 */
1952 int dst = (++vPC)->u.operand;
1953 JSValuePtr val = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1954 JSValuePtr shift = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1955 if (JSFastMath::canDoFastUrshift(val, shift))
1956 callFrame[dst] = JSValuePtr(JSFastMath::rightShiftImmediateNumbers(val, shift));
1957 else {
1958 JSValuePtr result = jsNumber(callFrame, (val.toUInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
1959 CHECK_FOR_EXCEPTION();
1960 callFrame[dst] = result;
1961 }
1962
1963 ++vPC;
1964 NEXT_INSTRUCTION();
1965 }
1966 DEFINE_OPCODE(op_bitand) {
1967 /* bitand dst(r) src1(r) src2(r)
1968
1969 Computes bitwise AND of register src1 (converted to int32)
1970 and register src2 (converted to int32), and puts the result
1971 in register dst.
1972 */
1973 int dst = (++vPC)->u.operand;
1974 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1975 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
1976 int32_t left;
1977 int32_t right;
1978 if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
1979 callFrame[dst] = JSValuePtr(JSFastMath::andImmediateNumbers(src1, src2));
1980 else if (src1.numberToInt32(left) && src2.numberToInt32(right))
1981 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left & right));
1982 else {
1983 JSValuePtr result = jsNumber(callFrame, src1.toInt32(callFrame) & src2.toInt32(callFrame));
1984 CHECK_FOR_EXCEPTION();
1985 callFrame[dst] = result;
1986 }
1987
1988 vPC += 2;
1989 NEXT_INSTRUCTION();
1990 }
1991 DEFINE_OPCODE(op_bitxor) {
1992 /* bitxor dst(r) src1(r) src2(r)
1993
1994 Computes bitwise XOR of register src1 (converted to int32)
1995 and register src2 (converted to int32), and puts the result
1996 in register dst.
1997 */
1998 int dst = (++vPC)->u.operand;
1999 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
2000 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
2001 int32_t left;
2002 int32_t right;
2003 if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
2004 callFrame[dst] = JSValuePtr(JSFastMath::xorImmediateNumbers(src1, src2));
2005 else if (src1.numberToInt32(left) && src2.numberToInt32(right))
2006 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left ^ right));
2007 else {
2008 JSValuePtr result = jsNumber(callFrame, src1.toInt32(callFrame) ^ src2.toInt32(callFrame));
2009 CHECK_FOR_EXCEPTION();
2010 callFrame[dst] = result;
2011 }
2012
2013 vPC += 2;
2014 NEXT_INSTRUCTION();
2015 }
2016 DEFINE_OPCODE(op_bitor) {
2017 /* bitor dst(r) src1(r) src2(r)
2018
2019 Computes bitwise OR of register src1 (converted to int32)
2020 and register src2 (converted to int32), and puts the
2021 result in register dst.
2022 */
2023 int dst = (++vPC)->u.operand;
2024 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
2025 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
2026 int32_t left;
2027 int32_t right;
2028 if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
2029 callFrame[dst] = JSValuePtr(JSFastMath::orImmediateNumbers(src1, src2));
2030 else if (src1.numberToInt32(left) && src2.numberToInt32(right))
2031 callFrame[dst] = JSValuePtr(jsNumber(callFrame, left | right));
2032 else {
2033 JSValuePtr result = jsNumber(callFrame, src1.toInt32(callFrame) | src2.toInt32(callFrame));
2034 CHECK_FOR_EXCEPTION();
2035 callFrame[dst] = result;
2036 }
2037
2038 vPC += 2;
2039 NEXT_INSTRUCTION();
2040 }
2041 DEFINE_OPCODE(op_bitnot) {
2042 /* bitnot dst(r) src(r)
2043
2044 Computes bitwise NOT of register src1 (converted to int32),
2045 and puts the result in register dst.
2046 */
2047 int dst = (++vPC)->u.operand;
2048 JSValuePtr src = callFrame[(++vPC)->u.operand].jsValue(callFrame);
2049 int32_t value;
2050 if (src.numberToInt32(value))
2051 callFrame[dst] = JSValuePtr(jsNumber(callFrame, ~value));
2052 else {
2053 JSValuePtr result = jsNumber(callFrame, ~src.toInt32(callFrame));
2054 CHECK_FOR_EXCEPTION();
2055 callFrame[dst] = result;
2056 }
2057 ++vPC;
2058 NEXT_INSTRUCTION();
2059 }
2060 DEFINE_OPCODE(op_not) {
2061 /* not dst(r) src(r)
2062
2063 Computes logical NOT of register src (converted to
2064 boolean), and puts the result in register dst.
2065 */
2066 int dst = (++vPC)->u.operand;
2067 int src = (++vPC)->u.operand;
2068 JSValuePtr result = jsBoolean(!callFrame[src].jsValue(callFrame).toBoolean(callFrame));
2069 CHECK_FOR_EXCEPTION();
2070 callFrame[dst] = result;
2071
2072 ++vPC;
2073 NEXT_INSTRUCTION();
2074 }
2075 DEFINE_OPCODE(op_instanceof) {
2076 /* instanceof dst(r) value(r) constructor(r) constructorProto(r)
2077
2078 Tests whether register value is an instance of register
2079 constructor, and puts the boolean result in register
2080 dst. Register constructorProto must contain the "prototype"
2081 property (not the actual prototype) of the object in
2082 register constructor. This lookup is separated so that
2083 polymorphic inline caching can apply.
2084
2085 Raises an exception if register constructor is not an
2086 object.
2087 */
2088 int dst = vPC[1].u.operand;
2089 int value = vPC[2].u.operand;
2090 int base = vPC[3].u.operand;
2091 int baseProto = vPC[4].u.operand;
2092
2093 JSValuePtr baseVal = callFrame[base].jsValue(callFrame);
2094
2095 if (isNotObject(callFrame, true, callFrame->codeBlock(), vPC, baseVal, exceptionValue))
2096 goto vm_throw;
2097
2098 JSObject* baseObj = asObject(baseVal);
2099 callFrame[dst] = jsBoolean(baseObj->structure()->typeInfo().implementsHasInstance() ? baseObj->hasInstance(callFrame, callFrame[value].jsValue(callFrame), callFrame[baseProto].jsValue(callFrame)) : false);
2100
2101 vPC += 5;
2102 NEXT_INSTRUCTION();
2103 }
2104 DEFINE_OPCODE(op_typeof) {
2105 /* typeof dst(r) src(r)
2106
2107 Determines the type string for src according to ECMAScript
2108 rules, and puts the result in register dst.
2109 */
2110 int dst = (++vPC)->u.operand;
2111 int src = (++vPC)->u.operand;
2112 callFrame[dst] = JSValuePtr(jsTypeStringForValue(callFrame, callFrame[src].jsValue(callFrame)));
2113
2114 ++vPC;
2115 NEXT_INSTRUCTION();
2116 }
2117 DEFINE_OPCODE(op_is_undefined) {
2118 /* is_undefined dst(r) src(r)
2119
2120 Determines whether the type string for src according to
2121 the ECMAScript rules is "undefined", and puts the result
2122 in register dst.
2123 */
2124 int dst = (++vPC)->u.operand;
2125 int src = (++vPC)->u.operand;
2126 JSValuePtr v = callFrame[src].jsValue(callFrame);
2127 callFrame[dst] = jsBoolean(v.isCell() ? v.asCell()->structure()->typeInfo().masqueradesAsUndefined() : v.isUndefined());
2128
2129 ++vPC;
2130 NEXT_INSTRUCTION();
2131 }
2132 DEFINE_OPCODE(op_is_boolean) {
2133 /* is_boolean dst(r) src(r)
2134
2135 Determines whether the type string for src according to
2136 the ECMAScript rules is "boolean", and puts the result
2137 in register dst.
2138 */
2139 int dst = (++vPC)->u.operand;
2140 int src = (++vPC)->u.operand;
2141 callFrame[dst] = jsBoolean(callFrame[src].jsValue(callFrame).isBoolean());
2142
2143 ++vPC;
2144 NEXT_INSTRUCTION();
2145 }
2146 DEFINE_OPCODE(op_is_number) {
2147 /* is_number dst(r) src(r)
2148
2149 Determines whether the type string for src according to
2150 the ECMAScript rules is "number", and puts the result
2151 in register dst.
2152 */
2153 int dst = (++vPC)->u.operand;
2154 int src = (++vPC)->u.operand;
2155 callFrame[dst] = jsBoolean(callFrame[src].jsValue(callFrame).isNumber());
2156
2157 ++vPC;
2158 NEXT_INSTRUCTION();
2159 }
2160 DEFINE_OPCODE(op_is_string) {
2161 /* is_string dst(r) src(r)
2162
2163 Determines whether the type string for src according to
2164 the ECMAScript rules is "string", and puts the result
2165 in register dst.
2166 */
2167 int dst = (++vPC)->u.operand;
2168 int src = (++vPC)->u.operand;
2169 callFrame[dst] = jsBoolean(callFrame[src].jsValue(callFrame).isString());
2170
2171 ++vPC;
2172 NEXT_INSTRUCTION();
2173 }
2174 DEFINE_OPCODE(op_is_object) {
2175 /* is_object dst(r) src(r)
2176
2177 Determines whether the type string for src according to
2178 the ECMAScript rules is "object", and puts the result
2179 in register dst.
2180 */
2181 int dst = (++vPC)->u.operand;
2182 int src = (++vPC)->u.operand;
2183 callFrame[dst] = jsBoolean(jsIsObjectType(callFrame[src].jsValue(callFrame)));
2184
2185 ++vPC;
2186 NEXT_INSTRUCTION();
2187 }
2188 DEFINE_OPCODE(op_is_function) {
2189 /* is_function dst(r) src(r)
2190
2191 Determines whether the type string for src according to
2192 the ECMAScript rules is "function", and puts the result
2193 in register dst.
2194 */
2195 int dst = (++vPC)->u.operand;
2196 int src = (++vPC)->u.operand;
2197 callFrame[dst] = jsBoolean(jsIsFunctionType(callFrame[src].jsValue(callFrame)));
2198
2199 ++vPC;
2200 NEXT_INSTRUCTION();
2201 }
2202 DEFINE_OPCODE(op_in) {
2203 /* in dst(r) property(r) base(r)
2204
2205 Tests whether register base has a property named register
2206 property, and puts the boolean result in register dst.
2207
2208 Raises an exception if register constructor is not an
2209 object.
2210 */
2211 int dst = (++vPC)->u.operand;
2212 int property = (++vPC)->u.operand;
2213 int base = (++vPC)->u.operand;
2214
2215 JSValuePtr baseVal = callFrame[base].jsValue(callFrame);
2216 if (isNotObject(callFrame, false, callFrame->codeBlock(), vPC, baseVal, exceptionValue))
2217 goto vm_throw;
2218
2219 JSObject* baseObj = asObject(baseVal);
2220
2221 JSValuePtr propName = callFrame[property].jsValue(callFrame);
2222
2223 uint32_t i;
2224 if (propName.getUInt32(i))
2225 callFrame[dst] = jsBoolean(baseObj->hasProperty(callFrame, i));
2226 else {
2227 Identifier property(callFrame, propName.toString(callFrame));
2228 CHECK_FOR_EXCEPTION();
2229 callFrame[dst] = jsBoolean(baseObj->hasProperty(callFrame, property));
2230 }
2231
2232 ++vPC;
2233 NEXT_INSTRUCTION();
2234 }
2235 DEFINE_OPCODE(op_resolve) {
2236 /* resolve dst(r) property(id)
2237
2238 Looks up the property named by identifier property in the
2239 scope chain, and writes the resulting value to register
2240 dst. If the property is not found, raises an exception.
2241 */
2242 if (UNLIKELY(!resolve(callFrame, vPC, exceptionValue)))
2243 goto vm_throw;
2244
2245 vPC += 3;
2246 NEXT_INSTRUCTION();
2247 }
2248 DEFINE_OPCODE(op_resolve_skip) {
2249 /* resolve_skip dst(r) property(id) skip(n)
2250
2251 Looks up the property named by identifier property in the
2252 scope chain skipping the top 'skip' levels, and writes the resulting
2253 value to register dst. If the property is not found, raises an exception.
2254 */
2255 if (UNLIKELY(!resolveSkip(callFrame, vPC, exceptionValue)))
2256 goto vm_throw;
2257
2258 vPC += 4;
2259
2260 NEXT_INSTRUCTION();
2261 }
2262 DEFINE_OPCODE(op_resolve_global) {
2263 /* resolve_skip dst(r) globalObject(c) property(id) structure(sID) offset(n)
2264
2265 Performs a dynamic property lookup for the given property, on the provided
2266 global object. If structure matches the Structure of the global then perform
2267 a fast lookup using the case offset, otherwise fall back to a full resolve and
2268 cache the new structure and offset
2269 */
2270 if (UNLIKELY(!resolveGlobal(callFrame, vPC, exceptionValue)))
2271 goto vm_throw;
2272
2273 vPC += 6;
2274
2275 NEXT_INSTRUCTION();
2276 }
2277 DEFINE_OPCODE(op_get_global_var) {
2278 /* get_global_var dst(r) globalObject(c) index(n)
2279
2280 Gets the global var at global slot index and places it in register dst.
2281 */
2282 int dst = (++vPC)->u.operand;
2283 JSGlobalObject* scope = static_cast<JSGlobalObject*>((++vPC)->u.jsCell);
2284 ASSERT(scope->isGlobalObject());
2285 int index = (++vPC)->u.operand;
2286
2287 callFrame[dst] = scope->registerAt(index);
2288 ++vPC;
2289 NEXT_INSTRUCTION();
2290 }
2291 DEFINE_OPCODE(op_put_global_var) {
2292 /* put_global_var globalObject(c) index(n) value(r)
2293
2294 Puts value into global slot index.
2295 */
2296 JSGlobalObject* scope = static_cast<JSGlobalObject*>((++vPC)->u.jsCell);
2297 ASSERT(scope->isGlobalObject());
2298 int index = (++vPC)->u.operand;
2299 int value = (++vPC)->u.operand;
2300
2301 scope->registerAt(index) = JSValuePtr(callFrame[value].jsValue(callFrame));
2302 ++vPC;
2303 NEXT_INSTRUCTION();
2304 }
2305 DEFINE_OPCODE(op_get_scoped_var) {
2306 /* get_scoped_var dst(r) index(n) skip(n)
2307
2308 Loads the contents of the index-th local from the scope skip nodes from
2309 the top of the scope chain, and places it in register dst
2310 */
2311 int dst = (++vPC)->u.operand;
2312 int index = (++vPC)->u.operand;
2313 int skip = (++vPC)->u.operand + callFrame->codeBlock()->needsFullScopeChain();
2314
2315 ScopeChainNode* scopeChain = callFrame->scopeChain();
2316 ScopeChainIterator iter = scopeChain->begin();
2317 ScopeChainIterator end = scopeChain->end();
2318 ASSERT(iter != end);
2319 while (skip--) {
2320 ++iter;
2321 ASSERT(iter != end);
2322 }
2323
2324 ASSERT((*iter)->isVariableObject());
2325 JSVariableObject* scope = static_cast<JSVariableObject*>(*iter);
2326 callFrame[dst] = scope->registerAt(index);
2327 ++vPC;
2328 NEXT_INSTRUCTION();
2329 }
2330 DEFINE_OPCODE(op_put_scoped_var) {
2331 /* put_scoped_var index(n) skip(n) value(r)
2332
2333 */
2334 int index = (++vPC)->u.operand;
2335 int skip = (++vPC)->u.operand + callFrame->codeBlock()->needsFullScopeChain();
2336 int value = (++vPC)->u.operand;
2337
2338 ScopeChainNode* scopeChain = callFrame->scopeChain();
2339 ScopeChainIterator iter = scopeChain->begin();
2340 ScopeChainIterator end = scopeChain->end();
2341 ASSERT(iter != end);
2342 while (skip--) {
2343 ++iter;
2344 ASSERT(iter != end);
2345 }
2346
2347 ASSERT((*iter)->isVariableObject());
2348 JSVariableObject* scope = static_cast<JSVariableObject*>(*iter);
2349 scope->registerAt(index) = JSValuePtr(callFrame[value].jsValue(callFrame));
2350 ++vPC;
2351 NEXT_INSTRUCTION();
2352 }
2353 DEFINE_OPCODE(op_resolve_base) {
2354 /* resolve_base dst(r) property(id)
2355
2356 Searches the scope chain for an object containing
2357 identifier property, and if one is found, writes it to
2358 register dst. If none is found, the outermost scope (which
2359 will be the global object) is stored in register dst.
2360 */
2361 resolveBase(callFrame, vPC);
2362
2363 vPC += 3;
2364 NEXT_INSTRUCTION();
2365 }
2366 DEFINE_OPCODE(op_resolve_with_base) {
2367 /* resolve_with_base baseDst(r) propDst(r) property(id)
2368
2369 Searches the scope chain for an object containing
2370 identifier property, and if one is found, writes it to
2371 register srcDst, and the retrieved property value to register
2372 propDst. If the property is not found, raises an exception.
2373
2374 This is more efficient than doing resolve_base followed by
2375 resolve, or resolve_base followed by get_by_id, as it
2376 avoids duplicate hash lookups.
2377 */
2378 if (UNLIKELY(!resolveBaseAndProperty(callFrame, vPC, exceptionValue)))
2379 goto vm_throw;
2380
2381 vPC += 4;
2382 NEXT_INSTRUCTION();
2383 }
2384 DEFINE_OPCODE(op_resolve_func) {
2385 /* resolve_func baseDst(r) funcDst(r) property(id)
2386
2387 Searches the scope chain for an object containing
2388 identifier property, and if one is found, writes the
2389 appropriate object to use as "this" when calling its
2390 properties to register baseDst; and the retrieved property
2391 value to register propDst. If the property is not found,
2392 raises an exception.
2393
2394 This differs from resolve_with_base, because the
2395 global this value will be substituted for activations or
2396 the global object, which is the right behavior for function
2397 calls but not for other property lookup.
2398 */
2399 if (UNLIKELY(!resolveBaseAndFunc(callFrame, vPC, exceptionValue)))
2400 goto vm_throw;
2401
2402 vPC += 4;
2403 NEXT_INSTRUCTION();
2404 }
2405 DEFINE_OPCODE(op_get_by_id) {
2406 /* get_by_id dst(r) base(r) property(id) structure(sID) nop(n) nop(n) nop(n)
2407
2408 Generic property access: Gets the property named by identifier
2409 property from the value base, and puts the result in register dst.
2410 */
2411 int dst = vPC[1].u.operand;
2412 int base = vPC[2].u.operand;
2413 int property = vPC[3].u.operand;
2414
2415 CodeBlock* codeBlock = callFrame->codeBlock();
2416 Identifier& ident = codeBlock->identifier(property);
2417 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2418 PropertySlot slot(baseValue);
2419 JSValuePtr result = baseValue.get(callFrame, ident, slot);
2420 CHECK_FOR_EXCEPTION();
2421
2422 tryCacheGetByID(callFrame, codeBlock, vPC, baseValue, ident, slot);
2423
2424 callFrame[dst] = result;
2425 vPC += 8;
2426 NEXT_INSTRUCTION();
2427 }
2428 DEFINE_OPCODE(op_get_by_id_self) {
2429 /* op_get_by_id_self dst(r) base(r) property(id) structure(sID) offset(n) nop(n) nop(n)
2430
2431 Cached property access: Attempts to get a cached property from the
2432 value base. If the cache misses, op_get_by_id_self reverts to
2433 op_get_by_id.
2434 */
2435 int base = vPC[2].u.operand;
2436 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2437
2438 if (LIKELY(baseValue.isCell())) {
2439 JSCell* baseCell = asCell(baseValue);
2440 Structure* structure = vPC[4].u.structure;
2441
2442 if (LIKELY(baseCell->structure() == structure)) {
2443 ASSERT(baseCell->isObject());
2444 JSObject* baseObject = asObject(baseCell);
2445 int dst = vPC[1].u.operand;
2446 int offset = vPC[5].u.operand;
2447
2448 ASSERT(baseObject->get(callFrame, callFrame->codeBlock()->identifier(vPC[3].u.operand)) == baseObject->getDirectOffset(offset));
2449 callFrame[dst] = JSValuePtr(baseObject->getDirectOffset(offset));
2450
2451 vPC += 8;
2452 NEXT_INSTRUCTION();
2453 }
2454 }
2455
2456 uncacheGetByID(callFrame->codeBlock(), vPC);
2457 NEXT_INSTRUCTION();
2458 }
2459 DEFINE_OPCODE(op_get_by_id_proto) {
2460 /* op_get_by_id_proto dst(r) base(r) property(id) structure(sID) prototypeStructure(sID) offset(n) nop(n)
2461
2462 Cached property access: Attempts to get a cached property from the
2463 value base's prototype. If the cache misses, op_get_by_id_proto
2464 reverts to op_get_by_id.
2465 */
2466 int base = vPC[2].u.operand;
2467 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2468
2469 if (LIKELY(baseValue.isCell())) {
2470 JSCell* baseCell = asCell(baseValue);
2471 Structure* structure = vPC[4].u.structure;
2472
2473 if (LIKELY(baseCell->structure() == structure)) {
2474 ASSERT(structure->prototypeForLookup(callFrame).isObject());
2475 JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
2476 Structure* prototypeStructure = vPC[5].u.structure;
2477
2478 if (LIKELY(protoObject->structure() == prototypeStructure)) {
2479 int dst = vPC[1].u.operand;
2480 int offset = vPC[6].u.operand;
2481
2482 ASSERT(protoObject->get(callFrame, callFrame->codeBlock()->identifier(vPC[3].u.operand)) == protoObject->getDirectOffset(offset));
2483 callFrame[dst] = JSValuePtr(protoObject->getDirectOffset(offset));
2484
2485 vPC += 8;
2486 NEXT_INSTRUCTION();
2487 }
2488 }
2489 }
2490
2491 uncacheGetByID(callFrame->codeBlock(), vPC);
2492 NEXT_INSTRUCTION();
2493 }
2494 DEFINE_OPCODE(op_get_by_id_self_list) {
2495 // Polymorphic self access caching currently only supported when JITting.
2496 ASSERT_NOT_REACHED();
2497 // This case of the switch must not be empty, else (op_get_by_id_self_list == op_get_by_id_chain)!
2498 vPC += 8;
2499 NEXT_INSTRUCTION();
2500 }
2501 DEFINE_OPCODE(op_get_by_id_proto_list) {
2502 // Polymorphic prototype access caching currently only supported when JITting.
2503 ASSERT_NOT_REACHED();
2504 // This case of the switch must not be empty, else (op_get_by_id_proto_list == op_get_by_id_chain)!
2505 vPC += 8;
2506 NEXT_INSTRUCTION();
2507 }
2508 DEFINE_OPCODE(op_get_by_id_chain) {
2509 /* op_get_by_id_chain dst(r) base(r) property(id) structure(sID) structureChain(chain) count(n) offset(n)
2510
2511 Cached property access: Attempts to get a cached property from the
2512 value base's prototype chain. If the cache misses, op_get_by_id_chain
2513 reverts to op_get_by_id.
2514 */
2515 int base = vPC[2].u.operand;
2516 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2517
2518 if (LIKELY(baseValue.isCell())) {
2519 JSCell* baseCell = asCell(baseValue);
2520 Structure* structure = vPC[4].u.structure;
2521
2522 if (LIKELY(baseCell->structure() == structure)) {
2523 RefPtr<Structure>* it = vPC[5].u.structureChain->head();
2524 size_t count = vPC[6].u.operand;
2525 RefPtr<Structure>* end = it + count;
2526
2527 while (true) {
2528 JSObject* baseObject = asObject(baseCell->structure()->prototypeForLookup(callFrame));
2529
2530 if (UNLIKELY(baseObject->structure() != (*it).get()))
2531 break;
2532
2533 if (++it == end) {
2534 int dst = vPC[1].u.operand;
2535 int offset = vPC[7].u.operand;
2536
2537 ASSERT(baseObject->get(callFrame, callFrame->codeBlock()->identifier(vPC[3].u.operand)) == baseObject->getDirectOffset(offset));
2538 callFrame[dst] = JSValuePtr(baseObject->getDirectOffset(offset));
2539
2540 vPC += 8;
2541 NEXT_INSTRUCTION();
2542 }
2543
2544 // Update baseCell, so that next time around the loop we'll pick up the prototype's prototype.
2545 baseCell = baseObject;
2546 }
2547 }
2548 }
2549
2550 uncacheGetByID(callFrame->codeBlock(), vPC);
2551 NEXT_INSTRUCTION();
2552 }
2553 DEFINE_OPCODE(op_get_by_id_generic) {
2554 /* op_get_by_id_generic dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
2555
2556 Generic property access: Gets the property named by identifier
2557 property from the value base, and puts the result in register dst.
2558 */
2559 int dst = vPC[1].u.operand;
2560 int base = vPC[2].u.operand;
2561 int property = vPC[3].u.operand;
2562
2563 Identifier& ident = callFrame->codeBlock()->identifier(property);
2564 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2565 PropertySlot slot(baseValue);
2566 JSValuePtr result = baseValue.get(callFrame, ident, slot);
2567 CHECK_FOR_EXCEPTION();
2568
2569 callFrame[dst] = result;
2570 vPC += 8;
2571 NEXT_INSTRUCTION();
2572 }
2573 DEFINE_OPCODE(op_get_array_length) {
2574 /* op_get_array_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
2575
2576 Cached property access: Gets the length of the array in register base,
2577 and puts the result in register dst. If register base does not hold
2578 an array, op_get_array_length reverts to op_get_by_id.
2579 */
2580
2581 int base = vPC[2].u.operand;
2582 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2583 if (LIKELY(isJSArray(baseValue))) {
2584 int dst = vPC[1].u.operand;
2585 callFrame[dst] = JSValuePtr(jsNumber(callFrame, asArray(baseValue)->length()));
2586 vPC += 8;
2587 NEXT_INSTRUCTION();
2588 }
2589
2590 uncacheGetByID(callFrame->codeBlock(), vPC);
2591 NEXT_INSTRUCTION();
2592 }
2593 DEFINE_OPCODE(op_get_string_length) {
2594 /* op_get_string_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
2595
2596 Cached property access: Gets the length of the string in register base,
2597 and puts the result in register dst. If register base does not hold
2598 a string, op_get_string_length reverts to op_get_by_id.
2599 */
2600
2601 int base = vPC[2].u.operand;
2602 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2603 if (LIKELY(isJSString(baseValue))) {
2604 int dst = vPC[1].u.operand;
2605 callFrame[dst] = JSValuePtr(jsNumber(callFrame, asString(baseValue)->value().size()));
2606 vPC += 8;
2607 NEXT_INSTRUCTION();
2608 }
2609
2610 uncacheGetByID(callFrame->codeBlock(), vPC);
2611 NEXT_INSTRUCTION();
2612 }
2613 DEFINE_OPCODE(op_put_by_id) {
2614 /* put_by_id base(r) property(id) value(r) nop(n) nop(n) nop(n) nop(n)
2615
2616 Generic property access: Sets the property named by identifier
2617 property, belonging to register base, to register value.
2618
2619 Unlike many opcodes, this one does not write any output to
2620 the register file.
2621 */
2622
2623 int base = vPC[1].u.operand;
2624 int property = vPC[2].u.operand;
2625 int value = vPC[3].u.operand;
2626
2627 CodeBlock* codeBlock = callFrame->codeBlock();
2628 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2629 Identifier& ident = codeBlock->identifier(property);
2630 PutPropertySlot slot;
2631 baseValue.put(callFrame, ident, callFrame[value].jsValue(callFrame), slot);
2632 CHECK_FOR_EXCEPTION();
2633
2634 tryCachePutByID(callFrame, codeBlock, vPC, baseValue, slot);
2635
2636 vPC += 8;
2637 NEXT_INSTRUCTION();
2638 }
2639 DEFINE_OPCODE(op_put_by_id_transition) {
2640 /* op_put_by_id_transition base(r) property(id) value(r) oldStructure(sID) newStructure(sID) structureChain(chain) offset(n)
2641
2642 Cached property access: Attempts to set a new property with a cached transition
2643 property named by identifier property, belonging to register base,
2644 to register value. If the cache misses, op_put_by_id_transition
2645 reverts to op_put_by_id_generic.
2646
2647 Unlike many opcodes, this one does not write any output to
2648 the register file.
2649 */
2650 int base = vPC[1].u.operand;
2651 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2652
2653 if (LIKELY(baseValue.isCell())) {
2654 JSCell* baseCell = asCell(baseValue);
2655 Structure* oldStructure = vPC[4].u.structure;
2656 Structure* newStructure = vPC[5].u.structure;
2657
2658 if (LIKELY(baseCell->structure() == oldStructure)) {
2659 ASSERT(baseCell->isObject());
2660 JSObject* baseObject = asObject(baseCell);
2661
2662 RefPtr<Structure>* it = vPC[6].u.structureChain->head();
2663
2664 JSValuePtr proto = baseObject->structure()->prototypeForLookup(callFrame);
2665 while (!proto.isNull()) {
2666 if (UNLIKELY(asObject(proto)->structure() != (*it).get())) {
2667 uncachePutByID(callFrame->codeBlock(), vPC);
2668 NEXT_INSTRUCTION();
2669 }
2670 ++it;
2671 proto = asObject(proto)->structure()->prototypeForLookup(callFrame);
2672 }
2673
2674 baseObject->transitionTo(newStructure);
2675
2676 int value = vPC[3].u.operand;
2677 unsigned offset = vPC[7].u.operand;
2678 ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(callFrame->codeBlock()->identifier(vPC[2].u.operand))) == offset);
2679 baseObject->putDirectOffset(offset, callFrame[value].jsValue(callFrame));
2680
2681 vPC += 8;
2682 NEXT_INSTRUCTION();
2683 }
2684 }
2685
2686 uncachePutByID(callFrame->codeBlock(), vPC);
2687 NEXT_INSTRUCTION();
2688 }
2689 DEFINE_OPCODE(op_put_by_id_replace) {
2690 /* op_put_by_id_replace base(r) property(id) value(r) structure(sID) offset(n) nop(n) nop(n)
2691
2692 Cached property access: Attempts to set a pre-existing, cached
2693 property named by identifier property, belonging to register base,
2694 to register value. If the cache misses, op_put_by_id_replace
2695 reverts to op_put_by_id.
2696
2697 Unlike many opcodes, this one does not write any output to
2698 the register file.
2699 */
2700 int base = vPC[1].u.operand;
2701 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2702
2703 if (LIKELY(baseValue.isCell())) {
2704 JSCell* baseCell = asCell(baseValue);
2705 Structure* structure = vPC[4].u.structure;
2706
2707 if (LIKELY(baseCell->structure() == structure)) {
2708 ASSERT(baseCell->isObject());
2709 JSObject* baseObject = asObject(baseCell);
2710 int value = vPC[3].u.operand;
2711 unsigned offset = vPC[5].u.operand;
2712
2713 ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(callFrame->codeBlock()->identifier(vPC[2].u.operand))) == offset);
2714 baseObject->putDirectOffset(offset, callFrame[value].jsValue(callFrame));
2715
2716 vPC += 8;
2717 NEXT_INSTRUCTION();
2718 }
2719 }
2720
2721 uncachePutByID(callFrame->codeBlock(), vPC);
2722 NEXT_INSTRUCTION();
2723 }
2724 DEFINE_OPCODE(op_put_by_id_generic) {
2725 /* op_put_by_id_generic base(r) property(id) value(r) nop(n) nop(n) nop(n) nop(n)
2726
2727 Generic property access: Sets the property named by identifier
2728 property, belonging to register base, to register value.
2729
2730 Unlike many opcodes, this one does not write any output to
2731 the register file.
2732 */
2733 int base = vPC[1].u.operand;
2734 int property = vPC[2].u.operand;
2735 int value = vPC[3].u.operand;
2736
2737 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2738 Identifier& ident = callFrame->codeBlock()->identifier(property);
2739 PutPropertySlot slot;
2740 baseValue.put(callFrame, ident, callFrame[value].jsValue(callFrame), slot);
2741 CHECK_FOR_EXCEPTION();
2742
2743 vPC += 8;
2744 NEXT_INSTRUCTION();
2745 }
2746 DEFINE_OPCODE(op_del_by_id) {
2747 /* del_by_id dst(r) base(r) property(id)
2748
2749 Converts register base to Object, deletes the property
2750 named by identifier property from the object, and writes a
2751 boolean indicating success (if true) or failure (if false)
2752 to register dst.
2753 */
2754 int dst = (++vPC)->u.operand;
2755 int base = (++vPC)->u.operand;
2756 int property = (++vPC)->u.operand;
2757
2758 JSObject* baseObj = callFrame[base].jsValue(callFrame).toObject(callFrame);
2759 Identifier& ident = callFrame->codeBlock()->identifier(property);
2760 JSValuePtr result = jsBoolean(baseObj->deleteProperty(callFrame, ident));
2761 CHECK_FOR_EXCEPTION();
2762 callFrame[dst] = result;
2763 ++vPC;
2764 NEXT_INSTRUCTION();
2765 }
2766 DEFINE_OPCODE(op_get_by_val) {
2767 /* get_by_val dst(r) base(r) property(r)
2768
2769 Converts register base to Object, gets the property named
2770 by register property from the object, and puts the result
2771 in register dst. property is nominally converted to string
2772 but numbers are treated more efficiently.
2773 */
2774 int dst = (++vPC)->u.operand;
2775 int base = (++vPC)->u.operand;
2776 int property = (++vPC)->u.operand;
2777
2778 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2779 JSValuePtr subscript = callFrame[property].jsValue(callFrame);
2780
2781 JSValuePtr result;
2782
2783 if (LIKELY(subscript.isUInt32Fast())) {
2784 uint32_t i = subscript.getUInt32Fast();
2785 if (isJSArray(baseValue)) {
2786 JSArray* jsArray = asArray(baseValue);
2787 if (jsArray->canGetIndex(i))
2788 result = jsArray->getIndex(i);
2789 else
2790 result = jsArray->JSArray::get(callFrame, i);
2791 } else if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
2792 result = asString(baseValue)->getIndex(&callFrame->globalData(), i);
2793 else if (isJSByteArray(baseValue) && asByteArray(baseValue)->canAccessIndex(i))
2794 result = asByteArray(baseValue)->getIndex(callFrame, i);
2795 else
2796 result = baseValue.get(callFrame, i);
2797 } else {
2798 Identifier property(callFrame, subscript.toString(callFrame));
2799 result = baseValue.get(callFrame, property);
2800 }
2801
2802 CHECK_FOR_EXCEPTION();
2803 callFrame[dst] = result;
2804 ++vPC;
2805 NEXT_INSTRUCTION();
2806 }
2807 DEFINE_OPCODE(op_put_by_val) {
2808 /* put_by_val base(r) property(r) value(r)
2809
2810 Sets register value on register base as the property named
2811 by register property. Base is converted to object
2812 first. register property is nominally converted to string
2813 but numbers are treated more efficiently.
2814
2815 Unlike many opcodes, this one does not write any output to
2816 the register file.
2817 */
2818 int base = (++vPC)->u.operand;
2819 int property = (++vPC)->u.operand;
2820 int value = (++vPC)->u.operand;
2821
2822 JSValuePtr baseValue = callFrame[base].jsValue(callFrame);
2823 JSValuePtr subscript = callFrame[property].jsValue(callFrame);
2824
2825 if (LIKELY(subscript.isUInt32Fast())) {
2826 uint32_t i = subscript.getUInt32Fast();
2827 if (isJSArray(baseValue)) {
2828 JSArray* jsArray = asArray(baseValue);
2829 if (jsArray->canSetIndex(i))
2830 jsArray->setIndex(i, callFrame[value].jsValue(callFrame));
2831 else
2832 jsArray->JSArray::put(callFrame, i, callFrame[value].jsValue(callFrame));
2833 } else if (isJSByteArray(baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
2834 JSByteArray* jsByteArray = asByteArray(baseValue);
2835 double dValue = 0;
2836 JSValuePtr jsValue = callFrame[value].jsValue(callFrame);
2837 if (jsValue.isInt32Fast())
2838 jsByteArray->setIndex(i, jsValue.getInt32Fast());
2839 else if (jsValue.getNumber(dValue))
2840 jsByteArray->setIndex(i, dValue);
2841 else
2842 baseValue.put(callFrame, i, jsValue);
2843 } else
2844 baseValue.put(callFrame, i, callFrame[value].jsValue(callFrame));
2845 } else {
2846 Identifier property(callFrame, subscript.toString(callFrame));
2847 if (!globalData->exception) { // Don't put to an object if toString threw an exception.
2848 PutPropertySlot slot;
2849 baseValue.put(callFrame, property, callFrame[value].jsValue(callFrame), slot);
2850 }
2851 }
2852
2853 CHECK_FOR_EXCEPTION();
2854 ++vPC;
2855 NEXT_INSTRUCTION();
2856 }
2857 DEFINE_OPCODE(op_del_by_val) {
2858 /* del_by_val dst(r) base(r) property(r)
2859
2860 Converts register base to Object, deletes the property
2861 named by register property from the object, and writes a
2862 boolean indicating success (if true) or failure (if false)
2863 to register dst.
2864 */
2865 int dst = (++vPC)->u.operand;
2866 int base = (++vPC)->u.operand;
2867 int property = (++vPC)->u.operand;
2868
2869 JSObject* baseObj = callFrame[base].jsValue(callFrame).toObject(callFrame); // may throw
2870
2871 JSValuePtr subscript = callFrame[property].jsValue(callFrame);
2872 JSValuePtr result;
2873 uint32_t i;
2874 if (subscript.getUInt32(i))
2875 result = jsBoolean(baseObj->deleteProperty(callFrame, i));
2876 else {
2877 CHECK_FOR_EXCEPTION();
2878 Identifier property(callFrame, subscript.toString(callFrame));
2879 CHECK_FOR_EXCEPTION();
2880 result = jsBoolean(baseObj->deleteProperty(callFrame, property));
2881 }
2882
2883 CHECK_FOR_EXCEPTION();
2884 callFrame[dst] = result;
2885 ++vPC;
2886 NEXT_INSTRUCTION();
2887 }
2888 DEFINE_OPCODE(op_put_by_index) {
2889 /* put_by_index base(r) property(n) value(r)
2890
2891 Sets register value on register base as the property named
2892 by the immediate number property. Base is converted to
2893 object first.
2894
2895 Unlike many opcodes, this one does not write any output to
2896 the register file.
2897
2898 This opcode is mainly used to initialize array literals.
2899 */
2900 int base = (++vPC)->u.operand;
2901 unsigned property = (++vPC)->u.operand;
2902 int value = (++vPC)->u.operand;
2903
2904 callFrame[base].jsValue(callFrame).put(callFrame, property, callFrame[value].jsValue(callFrame));
2905
2906 ++vPC;
2907 NEXT_INSTRUCTION();
2908 }
2909 DEFINE_OPCODE(op_loop) {
2910 /* loop target(offset)
2911
2912 Jumps unconditionally to offset target from the current
2913 instruction.
2914
2915 Additionally this loop instruction may terminate JS execution is
2916 the JS timeout is reached.
2917 */
2918 #if ENABLE(OPCODE_STATS)
2919 OpcodeStats::resetLastInstruction();
2920 #endif
2921 int target = (++vPC)->u.operand;
2922 CHECK_FOR_TIMEOUT();
2923 vPC += target;
2924 NEXT_INSTRUCTION();
2925 }
2926 DEFINE_OPCODE(op_jmp) {
2927 /* jmp target(offset)
2928
2929 Jumps unconditionally to offset target from the current
2930 instruction.
2931 */
2932 #if ENABLE(OPCODE_STATS)
2933 OpcodeStats::resetLastInstruction();
2934 #endif
2935 int target = (++vPC)->u.operand;
2936
2937 vPC += target;
2938 NEXT_INSTRUCTION();
2939 }
2940 DEFINE_OPCODE(op_loop_if_true) {
2941 /* loop_if_true cond(r) target(offset)
2942
2943 Jumps to offset target from the current instruction, if and
2944 only if register cond converts to boolean as true.
2945
2946 Additionally this loop instruction may terminate JS execution is
2947 the JS timeout is reached.
2948 */
2949 int cond = (++vPC)->u.operand;
2950 int target = (++vPC)->u.operand;
2951 if (callFrame[cond].jsValue(callFrame).toBoolean(callFrame)) {
2952 vPC += target;
2953 CHECK_FOR_TIMEOUT();
2954 NEXT_INSTRUCTION();
2955 }
2956
2957 ++vPC;
2958 NEXT_INSTRUCTION();
2959 }
2960 DEFINE_OPCODE(op_jtrue) {
2961 /* jtrue cond(r) target(offset)
2962
2963 Jumps to offset target from the current instruction, if and
2964 only if register cond converts to boolean as true.
2965 */
2966 int cond = (++vPC)->u.operand;
2967 int target = (++vPC)->u.operand;
2968 if (callFrame[cond].jsValue(callFrame).toBoolean(callFrame)) {
2969 vPC += target;
2970 NEXT_INSTRUCTION();
2971 }
2972
2973 ++vPC;
2974 NEXT_INSTRUCTION();
2975 }
2976 DEFINE_OPCODE(op_jfalse) {
2977 /* jfalse cond(r) target(offset)
2978
2979 Jumps to offset target from the current instruction, if and
2980 only if register cond converts to boolean as false.
2981 */
2982 int cond = (++vPC)->u.operand;
2983 int target = (++vPC)->u.operand;
2984 if (!callFrame[cond].jsValue(callFrame).toBoolean(callFrame)) {
2985 vPC += target;
2986 NEXT_INSTRUCTION();
2987 }
2988
2989 ++vPC;
2990 NEXT_INSTRUCTION();
2991 }
2992 DEFINE_OPCODE(op_jeq_null) {
2993 /* jeq_null src(r) target(offset)
2994
2995 Jumps to offset target from the current instruction, if and
2996 only if register src is null.
2997 */
2998 int src = (++vPC)->u.operand;
2999 int target = (++vPC)->u.operand;
3000 JSValuePtr srcValue = callFrame[src].jsValue(callFrame);
3001
3002 if (srcValue.isUndefinedOrNull() || (srcValue.isCell() && srcValue.asCell()->structure()->typeInfo().masqueradesAsUndefined())) {
3003 vPC += target;
3004 NEXT_INSTRUCTION();
3005 }
3006
3007 ++vPC;
3008 NEXT_INSTRUCTION();
3009 }
3010 DEFINE_OPCODE(op_jneq_null) {
3011 /* jneq_null src(r) target(offset)
3012
3013 Jumps to offset target from the current instruction, if and
3014 only if register src is not null.
3015 */
3016 int src = (++vPC)->u.operand;
3017 int target = (++vPC)->u.operand;
3018 JSValuePtr srcValue = callFrame[src].jsValue(callFrame);
3019
3020 if (!srcValue.isUndefinedOrNull() || (srcValue.isCell() && !srcValue.asCell()->structure()->typeInfo().masqueradesAsUndefined())) {
3021 vPC += target;
3022 NEXT_INSTRUCTION();
3023 }
3024
3025 ++vPC;
3026 NEXT_INSTRUCTION();
3027 }
3028 DEFINE_OPCODE(op_loop_if_less) {
3029 /* loop_if_less src1(r) src2(r) target(offset)
3030
3031 Checks whether register src1 is less than register src2, as
3032 with the ECMAScript '<' operator, and then jumps to offset
3033 target from the current instruction, if and only if the
3034 result of the comparison is true.
3035
3036 Additionally this loop instruction may terminate JS execution is
3037 the JS timeout is reached.
3038 */
3039 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3040 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3041 int target = (++vPC)->u.operand;
3042
3043 bool result = jsLess(callFrame, src1, src2);
3044 CHECK_FOR_EXCEPTION();
3045
3046 if (result) {
3047 vPC += target;
3048 CHECK_FOR_TIMEOUT();
3049 NEXT_INSTRUCTION();
3050 }
3051
3052 ++vPC;
3053 NEXT_INSTRUCTION();
3054 }
3055 DEFINE_OPCODE(op_loop_if_lesseq) {
3056 /* loop_if_lesseq src1(r) src2(r) target(offset)
3057
3058 Checks whether register src1 is less than or equal to register
3059 src2, as with the ECMAScript '<=' operator, and then jumps to
3060 offset target from the current instruction, if and only if the
3061 result of the comparison is true.
3062
3063 Additionally this loop instruction may terminate JS execution is
3064 the JS timeout is reached.
3065 */
3066 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3067 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3068 int target = (++vPC)->u.operand;
3069
3070 bool result = jsLessEq(callFrame, src1, src2);
3071 CHECK_FOR_EXCEPTION();
3072
3073 if (result) {
3074 vPC += target;
3075 CHECK_FOR_TIMEOUT();
3076 NEXT_INSTRUCTION();
3077 }
3078
3079 ++vPC;
3080 NEXT_INSTRUCTION();
3081 }
3082 DEFINE_OPCODE(op_jnless) {
3083 /* jnless src1(r) src2(r) target(offset)
3084
3085 Checks whether register src1 is less than register src2, as
3086 with the ECMAScript '<' operator, and then jumps to offset
3087 target from the current instruction, if and only if the
3088 result of the comparison is false.
3089 */
3090 JSValuePtr src1 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3091 JSValuePtr src2 = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3092 int target = (++vPC)->u.operand;
3093
3094 bool result = jsLess(callFrame, src1, src2);
3095 CHECK_FOR_EXCEPTION();
3096
3097 if (!result) {
3098 vPC += target;
3099 NEXT_INSTRUCTION();
3100 }
3101
3102 ++vPC;
3103 NEXT_INSTRUCTION();
3104 }
3105 DEFINE_OPCODE(op_switch_imm) {
3106 /* switch_imm tableIndex(n) defaultOffset(offset) scrutinee(r)
3107
3108 Performs a range checked switch on the scrutinee value, using
3109 the tableIndex-th immediate switch jump table. If the scrutinee value
3110 is an immediate number in the range covered by the referenced jump
3111 table, and the value at jumpTable[scrutinee value] is non-zero, then
3112 that value is used as the jump offset, otherwise defaultOffset is used.
3113 */
3114 int tableIndex = (++vPC)->u.operand;
3115 int defaultOffset = (++vPC)->u.operand;
3116 JSValuePtr scrutinee = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3117 if (scrutinee.isInt32Fast())
3118 vPC += callFrame->codeBlock()->immediateSwitchJumpTable(tableIndex).offsetForValue(scrutinee.getInt32Fast(), defaultOffset);
3119 else {
3120 int32_t value;
3121 if (scrutinee.numberToInt32(value))
3122 vPC += callFrame->codeBlock()->immediateSwitchJumpTable(tableIndex).offsetForValue(value, defaultOffset);
3123 else
3124 vPC += defaultOffset;
3125 }
3126 NEXT_INSTRUCTION();
3127 }
3128 DEFINE_OPCODE(op_switch_char) {
3129 /* switch_char tableIndex(n) defaultOffset(offset) scrutinee(r)
3130
3131 Performs a range checked switch on the scrutinee value, using
3132 the tableIndex-th character switch jump table. If the scrutinee value
3133 is a single character string in the range covered by the referenced jump
3134 table, and the value at jumpTable[scrutinee value] is non-zero, then
3135 that value is used as the jump offset, otherwise defaultOffset is used.
3136 */
3137 int tableIndex = (++vPC)->u.operand;
3138 int defaultOffset = (++vPC)->u.operand;
3139 JSValuePtr scrutinee = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3140 if (!scrutinee.isString())
3141 vPC += defaultOffset;
3142 else {
3143 UString::Rep* value = asString(scrutinee)->value().rep();
3144 if (value->size() != 1)
3145 vPC += defaultOffset;
3146 else
3147 vPC += callFrame->codeBlock()->characterSwitchJumpTable(tableIndex).offsetForValue(value->data()[0], defaultOffset);
3148 }
3149 NEXT_INSTRUCTION();
3150 }
3151 DEFINE_OPCODE(op_switch_string) {
3152 /* switch_string tableIndex(n) defaultOffset(offset) scrutinee(r)
3153
3154 Performs a sparse hashmap based switch on the value in the scrutinee
3155 register, using the tableIndex-th string switch jump table. If the
3156 scrutinee value is a string that exists as a key in the referenced
3157 jump table, then the value associated with the string is used as the
3158 jump offset, otherwise defaultOffset is used.
3159 */
3160 int tableIndex = (++vPC)->u.operand;
3161 int defaultOffset = (++vPC)->u.operand;
3162 JSValuePtr scrutinee = callFrame[(++vPC)->u.operand].jsValue(callFrame);
3163 if (!scrutinee.isString())
3164 vPC += defaultOffset;
3165 else
3166 vPC += callFrame->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(asString(scrutinee)->value().rep(), defaultOffset);
3167 NEXT_INSTRUCTION();
3168 }
3169 DEFINE_OPCODE(op_new_func) {
3170 /* new_func dst(r) func(f)
3171
3172 Constructs a new Function instance from function func and
3173 the current scope chain using the original Function
3174 constructor, using the rules for function declarations, and
3175 puts the result in register dst.
3176 */
3177 int dst = (++vPC)->u.operand;
3178 int func = (++vPC)->u.operand;
3179
3180 callFrame[dst] = callFrame->codeBlock()->function(func)->makeFunction(callFrame, callFrame->scopeChain());
3181
3182 ++vPC;
3183 NEXT_INSTRUCTION();
3184 }
3185 DEFINE_OPCODE(op_new_func_exp) {
3186 /* new_func_exp dst(r) func(f)
3187
3188 Constructs a new Function instance from function func and
3189 the current scope chain using the original Function
3190 constructor, using the rules for function expressions, and
3191 puts the result in register dst.
3192 */
3193 int dst = (++vPC)->u.operand;
3194 int func = (++vPC)->u.operand;
3195
3196 callFrame[dst] = callFrame->codeBlock()->functionExpression(func)->makeFunction(callFrame, callFrame->scopeChain());
3197
3198 ++vPC;
3199 NEXT_INSTRUCTION();
3200 }
3201 DEFINE_OPCODE(op_call_eval) {
3202 /* call_eval dst(r) func(r) argCount(n) registerOffset(n)
3203
3204 Call a function named "eval" with no explicit "this" value
3205 (which may therefore be the eval operator). If register
3206 thisVal is the global object, and register func contains
3207 that global object's original global eval function, then
3208 perform the eval operator in local scope (interpreting
3209 the argument registers as for the "call"
3210 opcode). Otherwise, act exactly as the "call" opcode would.
3211 */
3212
3213 int dst = vPC[1].u.operand;
3214 int func = vPC[2].u.operand;
3215 int argCount = vPC[3].u.operand;
3216 int registerOffset = vPC[4].u.operand;
3217
3218 JSValuePtr funcVal = callFrame[func].jsValue(callFrame);
3219
3220 Register* newCallFrame = callFrame->registers() + registerOffset;
3221 Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
3222 JSValuePtr thisValue = argv[0].jsValue(callFrame);
3223 JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
3224
3225 if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
3226 JSValuePtr result = callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
3227 if (exceptionValue)
3228 goto vm_throw;
3229 callFrame[dst] = result;
3230
3231 vPC += 5;
3232 NEXT_INSTRUCTION();
3233 }
3234
3235 // We didn't find the blessed version of eval, so process this
3236 // instruction as a normal function call.
3237 // fall through to op_call
3238 }
3239 DEFINE_OPCODE(op_call) {
3240 /* call dst(r) func(r) argCount(n) registerOffset(n)
3241
3242 Perform a function call.
3243
3244 registerOffset is the distance the callFrame pointer should move
3245 before the VM initializes the new call frame's header.
3246
3247 dst is where op_ret should store its result.
3248 */
3249
3250 int dst = vPC[1].u.operand;
3251 int func = vPC[2].u.operand;
3252 int argCount = vPC[3].u.operand;
3253 int registerOffset = vPC[4].u.operand;
3254
3255 JSValuePtr v = callFrame[func].jsValue(callFrame);
3256
3257 CallData callData;
3258 CallType callType = v.getCallData(callData);
3259
3260 if (callType == CallTypeJS) {
3261 ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
3262 FunctionBodyNode* functionBodyNode = callData.js.functionBody;
3263 CodeBlock* newCodeBlock = &functionBodyNode->bytecode(callDataScopeChain);
3264
3265 CallFrame* previousCallFrame = callFrame;
3266
3267 callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
3268 if (UNLIKELY(!callFrame)) {
3269 callFrame = previousCallFrame;
3270 exceptionValue = createStackOverflowError(callFrame);
3271 goto vm_throw;
3272 }
3273
3274 callFrame->init(newCodeBlock, vPC + 5, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
3275 vPC = newCodeBlock->instructions().begin();
3276
3277 #if ENABLE(OPCODE_STATS)
3278 OpcodeStats::resetLastInstruction();
3279 #endif
3280
3281 NEXT_INSTRUCTION();
3282 }
3283
3284 if (callType == CallTypeHost) {
3285 ScopeChainNode* scopeChain = callFrame->scopeChain();
3286 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
3287 newCallFrame->init(0, vPC + 5, scopeChain, callFrame, dst, argCount, 0);
3288
3289 Register* thisRegister = newCallFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
3290 ArgList args(thisRegister + 1, argCount - 1);
3291
3292 // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
3293 JSValuePtr thisValue = thisRegister->jsValue(callFrame);
3294 if (thisValue == jsNull())
3295 thisValue = callFrame->globalThisValue();
3296
3297 JSValuePtr returnValue;
3298 {
3299 SamplingTool::HostCallRecord callRecord(m_sampler);
3300 returnValue = callData.native.function(newCallFrame, asObject(v), thisValue, args);
3301 }
3302 CHECK_FOR_EXCEPTION();
3303
3304 callFrame[dst] = JSValuePtr(returnValue);
3305
3306 vPC += 5;
3307 NEXT_INSTRUCTION();
3308 }
3309
3310 ASSERT(callType == CallTypeNone);
3311
3312 exceptionValue = createNotAFunctionError(callFrame, v, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
3313 goto vm_throw;
3314 }
3315 DEFINE_OPCODE(op_tear_off_activation) {
3316 /* tear_off_activation activation(r)
3317
3318 Copy all locals and parameters to new memory allocated on
3319 the heap, and make the passed activation use this memory
3320 in the future when looking up entries in the symbol table.
3321 If there is an 'arguments' object, then it will also use
3322 this memory for storing the named parameters, but not any
3323 extra arguments.
3324
3325 This opcode should only be used immediately before op_ret.
3326 */
3327
3328 int src = (++vPC)->u.operand;
3329 ASSERT(callFrame->codeBlock()->needsFullScopeChain());
3330
3331 asActivation(callFrame[src].getJSValue())->copyRegisters(callFrame->optionalCalleeArguments());
3332
3333 ++vPC;
3334 NEXT_INSTRUCTION();
3335 }
3336 DEFINE_OPCODE(op_tear_off_arguments) {
3337 /* tear_off_arguments
3338
3339 Copy all arguments to new memory allocated on the heap,
3340 and make the 'arguments' object use this memory in the
3341 future when looking up named parameters, but not any
3342 extra arguments. If an activation object exists for the
3343 current function context, then the tear_off_activation
3344 opcode should be used instead.
3345
3346 This opcode should only be used immediately before op_ret.
3347 */
3348
3349 ASSERT(callFrame->codeBlock()->usesArguments() && !callFrame->codeBlock()->needsFullScopeChain());
3350
3351 callFrame->optionalCalleeArguments()->copyRegisters();
3352
3353 ++vPC;
3354 NEXT_INSTRUCTION();
3355 }
3356 DEFINE_OPCODE(op_ret) {
3357 /* ret result(r)
3358
3359 Return register result as the return value of the current
3360 function call, writing it into the caller's expected return
3361 value register. In addition, unwind one call frame and
3362 restore the scope chain, code block instruction pointer and
3363 register base to those of the calling function.
3364 */
3365
3366 int result = (++vPC)->u.operand;
3367
3368 if (callFrame->codeBlock()->needsFullScopeChain())
3369 callFrame->scopeChain()->deref();
3370
3371 JSValuePtr returnValue = callFrame[result].jsValue(callFrame);
3372
3373 vPC = callFrame->returnPC();
3374 int dst = callFrame->returnValueRegister();
3375 callFrame = callFrame->callerFrame();
3376
3377 if (callFrame->hasHostCallFrameFlag())
3378 return returnValue;
3379
3380 callFrame[dst] = JSValuePtr(returnValue);
3381
3382 NEXT_INSTRUCTION();
3383 }
3384 DEFINE_OPCODE(op_enter) {
3385 /* enter
3386
3387 Initializes local variables to undefined and fills constant
3388 registers with their values. If the code block requires an
3389 activation, enter_with_activation should be used instead.
3390
3391 This opcode should only be used at the beginning of a code
3392 block.
3393 */
3394
3395 size_t i = 0;
3396 CodeBlock* codeBlock = callFrame->codeBlock();
3397
3398 for (size_t count = codeBlock->m_numVars; i < count; ++i)
3399 callFrame[i] = jsUndefined();
3400
3401 for (size_t count = codeBlock->numberOfConstantRegisters(), j = 0; j < count; ++i, ++j)
3402 callFrame[i] = codeBlock->constantRegister(j);
3403
3404 ++vPC;
3405 NEXT_INSTRUCTION();
3406 }
3407 DEFINE_OPCODE(op_enter_with_activation) {
3408 /* enter_with_activation dst(r)
3409
3410 Initializes local variables to undefined, fills constant
3411 registers with their values, creates an activation object,
3412 and places the new activation both in dst and at the top
3413 of the scope chain. If the code block does not require an
3414 activation, enter should be used instead.
3415
3416 This opcode should only be used at the beginning of a code
3417 block.
3418 */
3419
3420 size_t i = 0;
3421 CodeBlock* codeBlock = callFrame->codeBlock();
3422
3423 for (size_t count = codeBlock->m_numVars; i < count; ++i)
3424 callFrame[i] = jsUndefined();
3425
3426 for (size_t count = codeBlock->numberOfConstantRegisters(), j = 0; j < count; ++i, ++j)
3427 callFrame[i] = codeBlock->constantRegister(j);
3428
3429 int dst = (++vPC)->u.operand;
3430 JSActivation* activation = new (globalData) JSActivation(callFrame, static_cast<FunctionBodyNode*>(codeBlock->ownerNode()));
3431 callFrame[dst] = activation;
3432 callFrame->setScopeChain(callFrame->scopeChain()->copy()->push(activation));
3433
3434 ++vPC;
3435 NEXT_INSTRUCTION();
3436 }
3437 DEFINE_OPCODE(op_convert_this) {
3438 /* convert_this this(r)
3439
3440 Takes the value in the 'this' register, converts it to a
3441 value that is suitable for use as the 'this' value, and
3442 stores it in the 'this' register. This opcode is emitted
3443 to avoid doing the conversion in the caller unnecessarily.
3444
3445 This opcode should only be used at the beginning of a code
3446 block.
3447 */
3448
3449 int thisRegister = (++vPC)->u.operand;
3450 JSValuePtr thisVal = callFrame[thisRegister].getJSValue();
3451 if (thisVal.needsThisConversion())
3452 callFrame[thisRegister] = JSValuePtr(thisVal.toThisObject(callFrame));
3453
3454 ++vPC;
3455 NEXT_INSTRUCTION();
3456 }
3457 DEFINE_OPCODE(op_create_arguments) {
3458 /* create_arguments
3459
3460 Creates the 'arguments' object and places it in both the
3461 'arguments' call frame slot and the local 'arguments'
3462 register.
3463
3464 This opcode should only be used at the beginning of a code
3465 block.
3466 */
3467
3468 Arguments* arguments = new (globalData) Arguments(callFrame);
3469 callFrame->setCalleeArguments(arguments);
3470 callFrame[RegisterFile::ArgumentsRegister] = arguments;
3471
3472 ++vPC;
3473 NEXT_INSTRUCTION();
3474 }
3475 DEFINE_OPCODE(op_construct) {
3476 /* construct dst(r) func(r) argCount(n) registerOffset(n) proto(r) thisRegister(r)
3477
3478 Invoke register "func" as a constructor. For JS
3479 functions, the calling convention is exactly as for the
3480 "call" opcode, except that the "this" value is a newly
3481 created Object. For native constructors, no "this"
3482 value is passed. In either case, the argCount and registerOffset
3483 registers are interpreted as for the "call" opcode.
3484
3485 Register proto must contain the prototype property of
3486 register func. This is to enable polymorphic inline
3487 caching of this lookup.
3488 */
3489
3490 int dst = vPC[1].u.operand;
3491 int func = vPC[2].u.operand;
3492 int argCount = vPC[3].u.operand;
3493 int registerOffset = vPC[4].u.operand;
3494 int proto = vPC[5].u.operand;
3495 int thisRegister = vPC[6].u.operand;
3496
3497 JSValuePtr v = callFrame[func].jsValue(callFrame);
3498
3499 ConstructData constructData;
3500 ConstructType constructType = v.getConstructData(constructData);
3501
3502 if (constructType == ConstructTypeJS) {
3503 ScopeChainNode* callDataScopeChain = constructData.js.scopeChain;
3504 FunctionBodyNode* functionBodyNode = constructData.js.functionBody;
3505 CodeBlock* newCodeBlock = &functionBodyNode->bytecode(callDataScopeChain);
3506
3507 Structure* structure;
3508 JSValuePtr prototype = callFrame[proto].jsValue(callFrame);
3509 if (prototype.isObject())
3510 structure = asObject(prototype)->inheritorID();
3511 else
3512 structure = callDataScopeChain->globalObject()->emptyObjectStructure();
3513 JSObject* newObject = new (globalData) JSObject(structure);
3514
3515 callFrame[thisRegister] = JSValuePtr(newObject); // "this" value
3516
3517 CallFrame* previousCallFrame = callFrame;
3518
3519 callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
3520 if (UNLIKELY(!callFrame)) {
3521 callFrame = previousCallFrame;
3522 exceptionValue = createStackOverflowError(callFrame);
3523 goto vm_throw;
3524 }
3525
3526 callFrame->init(newCodeBlock, vPC + 7, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
3527 vPC = newCodeBlock->instructions().begin();
3528
3529 #if ENABLE(OPCODE_STATS)
3530 OpcodeStats::resetLastInstruction();
3531 #endif
3532
3533 NEXT_INSTRUCTION();
3534 }
3535
3536 if (constructType == ConstructTypeHost) {
3537 ArgList args(callFrame->registers() + thisRegister + 1, argCount - 1);
3538
3539 ScopeChainNode* scopeChain = callFrame->scopeChain();
3540 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
3541 newCallFrame->init(0, vPC + 7, scopeChain, callFrame, dst, argCount, 0);
3542
3543 JSValuePtr returnValue;
3544 {
3545 SamplingTool::HostCallRecord callRecord(m_sampler);
3546 returnValue = constructData.native.function(newCallFrame, asObject(v), args);
3547 }
3548 CHECK_FOR_EXCEPTION();
3549 callFrame[dst] = JSValuePtr(returnValue);
3550
3551 vPC += 7;
3552 NEXT_INSTRUCTION();
3553 }
3554
3555 ASSERT(constructType == ConstructTypeNone);
3556
3557 exceptionValue = createNotAConstructorError(callFrame, v, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
3558 goto vm_throw;
3559 }
3560 DEFINE_OPCODE(op_construct_verify) {
3561 /* construct_verify dst(r) override(r)
3562
3563 Verifies that register dst holds an object. If not, moves
3564 the object in register override to register dst.
3565 */
3566
3567 int dst = vPC[1].u.operand;;
3568 if (LIKELY(callFrame[dst].jsValue(callFrame).isObject())) {
3569 vPC += 3;
3570 NEXT_INSTRUCTION();
3571 }
3572
3573 int override = vPC[2].u.operand;
3574 callFrame[dst] = callFrame[override];
3575
3576 vPC += 3;
3577 NEXT_INSTRUCTION();
3578 }
3579 DEFINE_OPCODE(op_push_scope) {
3580 /* push_scope scope(r)
3581
3582 Converts register scope to object, and pushes it onto the top
3583 of the current scope chain. The contents of the register scope
3584 are replaced by the result of toObject conversion of the scope.
3585 */
3586 int scope = (++vPC)->u.operand;
3587 JSValuePtr v = callFrame[scope].jsValue(callFrame);
3588 JSObject* o = v.toObject(callFrame);
3589 CHECK_FOR_EXCEPTION();
3590
3591 callFrame[scope] = JSValuePtr(o);
3592 callFrame->setScopeChain(callFrame->scopeChain()->push(o));
3593
3594 ++vPC;
3595 NEXT_INSTRUCTION();
3596 }
3597 DEFINE_OPCODE(op_pop_scope) {
3598 /* pop_scope
3599
3600 Removes the top item from the current scope chain.
3601 */
3602 callFrame->setScopeChain(callFrame->scopeChain()->pop());
3603
3604 ++vPC;
3605 NEXT_INSTRUCTION();
3606 }
3607 DEFINE_OPCODE(op_get_pnames) {
3608 /* get_pnames dst(r) base(r)
3609
3610 Creates a property name list for register base and puts it
3611 in register dst. This is not a true JavaScript value, just
3612 a synthetic value used to keep the iteration state in a
3613 register.
3614 */
3615 int dst = (++vPC)->u.operand;
3616 int base = (++vPC)->u.operand;
3617
3618 callFrame[dst] = JSPropertyNameIterator::create(callFrame, callFrame[base].jsValue(callFrame));
3619 ++vPC;
3620 NEXT_INSTRUCTION();
3621 }
3622 DEFINE_OPCODE(op_next_pname) {
3623 /* next_pname dst(r) iter(r) target(offset)
3624
3625 Tries to copies the next name from property name list in
3626 register iter. If there are names left, then copies one to
3627 register dst, and jumps to offset target. If there are none
3628 left, invalidates the iterator and continues to the next
3629 instruction.
3630 */
3631 int dst = (++vPC)->u.operand;
3632 int iter = (++vPC)->u.operand;
3633 int target = (++vPC)->u.operand;
3634
3635 JSPropertyNameIterator* it = callFrame[iter].propertyNameIterator();
3636 if (JSValuePtr temp = it->next(callFrame)) {
3637 CHECK_FOR_TIMEOUT();
3638 callFrame[dst] = JSValuePtr(temp);
3639 vPC += target;
3640 NEXT_INSTRUCTION();
3641 }
3642 it->invalidate();
3643
3644 ++vPC;
3645 NEXT_INSTRUCTION();
3646 }
3647 DEFINE_OPCODE(op_jmp_scopes) {
3648 /* jmp_scopes count(n) target(offset)
3649
3650 Removes the a number of items from the current scope chain
3651 specified by immediate number count, then jumps to offset
3652 target.
3653 */
3654 int count = (++vPC)->u.operand;
3655 int target = (++vPC)->u.operand;
3656
3657 ScopeChainNode* tmp = callFrame->scopeChain();
3658 while (count--)
3659 tmp = tmp->pop();
3660 callFrame->setScopeChain(tmp);
3661
3662 vPC += target;
3663 NEXT_INSTRUCTION();
3664 }
3665 #if HAVE(COMPUTED_GOTO)
3666 // Appease GCC
3667 goto *(&&skip_new_scope);
3668 #endif
3669 DEFINE_OPCODE(op_push_new_scope) {
3670 /* new_scope dst(r) property(id) value(r)
3671
3672 Constructs a new StaticScopeObject with property set to value. That scope
3673 object is then pushed onto the ScopeChain. The scope object is then stored
3674 in dst for GC.
3675 */
3676 callFrame->setScopeChain(createExceptionScope(callFrame, vPC));
3677
3678 vPC += 4;
3679 NEXT_INSTRUCTION();
3680 }
3681 #if HAVE(COMPUTED_GOTO)
3682 skip_new_scope:
3683 #endif
3684 DEFINE_OPCODE(op_catch) {
3685 /* catch ex(r)
3686
3687 Retrieves the VMs current exception and puts it in register
3688 ex. This is only valid after an exception has been raised,
3689 and usually forms the beginning of an exception handler.
3690 */
3691 ASSERT(exceptionValue);
3692 ASSERT(!globalData->exception);
3693 int ex = (++vPC)->u.operand;
3694 callFrame[ex] = exceptionValue;
3695 exceptionValue = noValue();
3696
3697 ++vPC;
3698 NEXT_INSTRUCTION();
3699 }
3700 DEFINE_OPCODE(op_throw) {
3701 /* throw ex(r)
3702
3703 Throws register ex as an exception. This involves three
3704 steps: first, it is set as the current exception in the
3705 VM's internal state, then the stack is unwound until an
3706 exception handler or a native code boundary is found, and
3707 then control resumes at the exception handler if any or
3708 else the script returns control to the nearest native caller.
3709 */
3710
3711 int ex = (++vPC)->u.operand;
3712 exceptionValue = callFrame[ex].jsValue(callFrame);
3713
3714 handler = throwException(callFrame, exceptionValue, vPC - callFrame->codeBlock()->instructions().begin(), true);
3715 if (!handler) {
3716 *exception = exceptionValue;
3717 return jsNull();
3718 }
3719
3720 vPC = callFrame->codeBlock()->instructions().begin() + handler->target;
3721 NEXT_INSTRUCTION();
3722 }
3723 DEFINE_OPCODE(op_unexpected_load) {
3724 /* unexpected_load load dst(r) src(k)
3725
3726 Copies constant src to register dst.
3727 */
3728 int dst = (++vPC)->u.operand;
3729 int src = (++vPC)->u.operand;
3730 callFrame[dst] = JSValuePtr(callFrame->codeBlock()->unexpectedConstant(src));
3731
3732 ++vPC;
3733 NEXT_INSTRUCTION();
3734 }
3735 DEFINE_OPCODE(op_new_error) {
3736 /* new_error dst(r) type(n) message(k)
3737
3738 Constructs a new Error instance using the original
3739 constructor, using immediate number n as the type and
3740 constant message as the message string. The result is
3741 written to register dst.
3742 */
3743 int dst = (++vPC)->u.operand;
3744 int type = (++vPC)->u.operand;
3745 int message = (++vPC)->u.operand;
3746
3747 CodeBlock* codeBlock = callFrame->codeBlock();
3748 callFrame[dst] = JSValuePtr(Error::create(callFrame, (ErrorType)type, codeBlock->unexpectedConstant(message).toString(callFrame), codeBlock->lineNumberForBytecodeOffset(callFrame, vPC - codeBlock->instructions().begin()), codeBlock->ownerNode()->sourceID(), codeBlock->ownerNode()->sourceURL()));
3749
3750 ++vPC;
3751 NEXT_INSTRUCTION();
3752 }
3753 DEFINE_OPCODE(op_end) {
3754 /* end result(r)
3755
3756 Return register result as the value of a global or eval
3757 program. Return control to the calling native code.
3758 */
3759
3760 if (callFrame->codeBlock()->needsFullScopeChain()) {
3761 ScopeChainNode* scopeChain = callFrame->scopeChain();
3762 ASSERT(scopeChain->refCount > 1);
3763 scopeChain->deref();
3764 }
3765 int result = (++vPC)->u.operand;
3766 return callFrame[result].jsValue(callFrame);
3767 }
3768 DEFINE_OPCODE(op_put_getter) {
3769 /* put_getter base(r) property(id) function(r)
3770
3771 Sets register function on register base as the getter named
3772 by identifier property. Base and function are assumed to be
3773 objects as this op should only be used for getters defined
3774 in object literal form.
3775
3776 Unlike many opcodes, this one does not write any output to
3777 the register file.
3778 */
3779 int base = (++vPC)->u.operand;
3780 int property = (++vPC)->u.operand;
3781 int function = (++vPC)->u.operand;
3782
3783 ASSERT(callFrame[base].jsValue(callFrame).isObject());
3784 JSObject* baseObj = asObject(callFrame[base].jsValue(callFrame));
3785 Identifier& ident = callFrame->codeBlock()->identifier(property);
3786 ASSERT(callFrame[function].jsValue(callFrame).isObject());
3787 baseObj->defineGetter(callFrame, ident, asObject(callFrame[function].jsValue(callFrame)));
3788
3789 ++vPC;
3790 NEXT_INSTRUCTION();
3791 }
3792 DEFINE_OPCODE(op_put_setter) {
3793 /* put_setter base(r) property(id) function(r)
3794
3795 Sets register function on register base as the setter named
3796 by identifier property. Base and function are assumed to be
3797 objects as this op should only be used for setters defined
3798 in object literal form.
3799
3800 Unlike many opcodes, this one does not write any output to
3801 the register file.
3802 */
3803 int base = (++vPC)->u.operand;
3804 int property = (++vPC)->u.operand;
3805 int function = (++vPC)->u.operand;
3806
3807 ASSERT(callFrame[base].jsValue(callFrame).isObject());
3808 JSObject* baseObj = asObject(callFrame[base].jsValue(callFrame));
3809 Identifier& ident = callFrame->codeBlock()->identifier(property);
3810 ASSERT(callFrame[function].jsValue(callFrame).isObject());
3811 baseObj->defineSetter(callFrame, ident, asObject(callFrame[function].jsValue(callFrame)));
3812
3813 ++vPC;
3814 NEXT_INSTRUCTION();
3815 }
3816 DEFINE_OPCODE(op_jsr) {
3817 /* jsr retAddrDst(r) target(offset)
3818
3819 Places the address of the next instruction into the retAddrDst
3820 register and jumps to offset target from the current instruction.
3821 */
3822 int retAddrDst = (++vPC)->u.operand;
3823 int target = (++vPC)->u.operand;
3824 callFrame[retAddrDst] = vPC + 1;
3825
3826 vPC += target;
3827 NEXT_INSTRUCTION();
3828 }
3829 DEFINE_OPCODE(op_sret) {
3830 /* sret retAddrSrc(r)
3831
3832 Jumps to the address stored in the retAddrSrc register. This
3833 differs from op_jmp because the target address is stored in a
3834 register, not as an immediate.
3835 */
3836 int retAddrSrc = (++vPC)->u.operand;
3837 vPC = callFrame[retAddrSrc].vPC();
3838 NEXT_INSTRUCTION();
3839 }
3840 DEFINE_OPCODE(op_debug) {
3841 /* debug debugHookID(n) firstLine(n) lastLine(n)
3842
3843 Notifies the debugger of the current state of execution. This opcode
3844 is only generated while the debugger is attached.
3845 */
3846 int debugHookID = (++vPC)->u.operand;
3847 int firstLine = (++vPC)->u.operand;
3848 int lastLine = (++vPC)->u.operand;
3849
3850 debug(callFrame, static_cast<DebugHookID>(debugHookID), firstLine, lastLine);
3851
3852 ++vPC;
3853 NEXT_INSTRUCTION();
3854 }
3855 DEFINE_OPCODE(op_profile_will_call) {
3856 /* op_profile_will_call function(r)
3857
3858 Notifies the profiler of the beginning of a function call. This opcode
3859 is only generated if developer tools are enabled.
3860 */
3861 int function = vPC[1].u.operand;
3862
3863 if (*enabledProfilerReference)
3864 (*enabledProfilerReference)->willExecute(callFrame, callFrame[function].jsValue(callFrame));
3865
3866 vPC += 2;
3867 NEXT_INSTRUCTION();
3868 }
3869 DEFINE_OPCODE(op_profile_did_call) {
3870 /* op_profile_did_call function(r)
3871
3872 Notifies the profiler of the end of a function call. This opcode
3873 is only generated if developer tools are enabled.
3874 */
3875 int function = vPC[1].u.operand;
3876
3877 if (*enabledProfilerReference)
3878 (*enabledProfilerReference)->didExecute(callFrame, callFrame[function].jsValue(callFrame));
3879
3880 vPC += 2;
3881 NEXT_INSTRUCTION();
3882 }
3883 vm_throw: {
3884 globalData->exception = noValue();
3885 if (!tickCount) {
3886 // The exceptionValue is a lie! (GCC produces bad code for reasons I
3887 // cannot fathom if we don't assign to the exceptionValue before branching)
3888 exceptionValue = createInterruptedExecutionException(globalData);
3889 }
3890 handler = throwException(callFrame, exceptionValue, vPC - callFrame->codeBlock()->instructions().begin(), false);
3891 if (!handler) {
3892 *exception = exceptionValue;
3893 return jsNull();
3894 }
3895
3896 vPC = callFrame->codeBlock()->instructions().begin() + handler->target;
3897 NEXT_INSTRUCTION();
3898 }
3899 }
3900 #if !HAVE(COMPUTED_GOTO)
3901 } // iterator loop ends
3902 #endif
3903 #undef NEXT_INSTRUCTION
3904 #undef DEFINE_OPCODE
3905 #undef CHECK_FOR_EXCEPTION
3906 #undef CHECK_FOR_TIMEOUT
3907 }
3908
3909 JSValuePtr Interpreter::retrieveArguments(CallFrame* callFrame, JSFunction* function) const
3910 {
3911 CallFrame* functionCallFrame = findFunctionCallFrame(callFrame, function);
3912 if (!functionCallFrame)
3913 return jsNull();
3914
3915 CodeBlock* codeBlock = functionCallFrame->codeBlock();
3916 if (codeBlock->usesArguments()) {
3917 ASSERT(codeBlock->codeType() == FunctionCode);
3918 SymbolTable& symbolTable = codeBlock->symbolTable();
3919 int argumentsIndex = symbolTable.get(functionCallFrame->propertyNames().arguments.ustring().rep()).getIndex();
3920 return functionCallFrame[argumentsIndex].jsValue(callFrame);
3921 }
3922
3923 Arguments* arguments = functionCallFrame->optionalCalleeArguments();
3924 if (!arguments) {
3925 arguments = new (functionCallFrame) Arguments(functionCallFrame);
3926 arguments->copyRegisters();
3927 callFrame->setCalleeArguments(arguments);
3928 }
3929
3930 return arguments;
3931 }
3932
3933 JSValuePtr Interpreter::retrieveCaller(CallFrame* callFrame, InternalFunction* function) const
3934 {
3935 CallFrame* functionCallFrame = findFunctionCallFrame(callFrame, function);
3936 if (!functionCallFrame)
3937 return jsNull();
3938
3939 CallFrame* callerFrame = functionCallFrame->callerFrame();
3940 if (callerFrame->hasHostCallFrameFlag())
3941 return jsNull();
3942
3943 JSValuePtr caller = callerFrame->callee();
3944 if (!caller)
3945 return jsNull();
3946
3947 return caller;
3948 }
3949
3950 void Interpreter::retrieveLastCaller(CallFrame* callFrame, int& lineNumber, intptr_t& sourceID, UString& sourceURL, JSValuePtr& function) const
3951 {
3952 function = noValue();
3953 lineNumber = -1;
3954 sourceURL = UString();
3955
3956 CallFrame* callerFrame = callFrame->callerFrame();
3957 if (callerFrame->hasHostCallFrameFlag())
3958 return;
3959
3960 CodeBlock* callerCodeBlock = callerFrame->codeBlock();
3961 if (!callerCodeBlock)
3962 return;
3963
3964 unsigned bytecodeOffset = bytecodeOffsetForPC(callerFrame, callerCodeBlock, callFrame->returnPC());
3965 lineNumber = callerCodeBlock->lineNumberForBytecodeOffset(callerFrame, bytecodeOffset - 1);
3966 sourceID = callerCodeBlock->ownerNode()->sourceID();
3967 sourceURL = callerCodeBlock->ownerNode()->sourceURL();
3968 function = callerFrame->callee();
3969 }
3970
3971 CallFrame* Interpreter::findFunctionCallFrame(CallFrame* callFrame, InternalFunction* function)
3972 {
3973 for (CallFrame* candidate = callFrame; candidate; candidate = candidate->callerFrame()->removeHostCallFrameFlag()) {
3974 if (candidate->callee() == function)
3975 return candidate;
3976 }
3977 return 0;
3978 }
3979
3980 #if ENABLE(JIT)
3981
3982 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
3983
3984 NEVER_INLINE void Interpreter::tryCTICachePutByID(CallFrame* callFrame, CodeBlock* codeBlock, void* returnAddress, JSValuePtr baseValue, const PutPropertySlot& slot)
3985 {
3986 // The interpreter checks for recursion here; I do not believe this can occur in CTI.
3987
3988 if (!baseValue.isCell())
3989 return;
3990
3991 // Uncacheable: give up.
3992 if (!slot.isCacheable()) {
3993 ctiPatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(cti_op_put_by_id_generic));
3994 return;
3995 }
3996
3997 JSCell* baseCell = asCell(baseValue);
3998 Structure* structure = baseCell->structure();
3999
4000 if (structure->isDictionary()) {
4001 ctiPatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(cti_op_put_by_id_generic));
4002 return;
4003 }
4004
4005 // If baseCell != base, then baseCell must be a proxy for another object.
4006 if (baseCell != slot.base()) {
4007 ctiPatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(cti_op_put_by_id_generic));
4008 return;
4009 }
4010
4011 StructureStubInfo* stubInfo = &codeBlock->getStubInfo(returnAddress);
4012
4013 // Cache hit: Specialize instruction and ref Structures.
4014
4015 // Structure transition, cache transition info
4016 if (slot.type() == PutPropertySlot::NewProperty) {
4017 StructureChain* prototypeChain = structure->prototypeChain(callFrame);
4018 stubInfo->initPutByIdTransition(structure->previousID(), structure, prototypeChain);
4019 JIT::compilePutByIdTransition(callFrame->scopeChain()->globalData, codeBlock, stubInfo, structure->previousID(), structure, slot.cachedOffset(), prototypeChain, returnAddress);
4020 return;
4021 }
4022
4023 stubInfo->initPutByIdReplace(structure);
4024
4025 #if USE(CTI_REPATCH_PIC)
4026 UNUSED_PARAM(callFrame);
4027 JIT::patchPutByIdReplace(stubInfo, structure, slot.cachedOffset(), returnAddress);
4028 #else
4029 JIT::compilePutByIdReplace(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, slot.cachedOffset(), returnAddress);
4030 #endif
4031 }
4032
4033 NEVER_INLINE void Interpreter::tryCTICacheGetByID(CallFrame* callFrame, CodeBlock* codeBlock, void* returnAddress, JSValuePtr baseValue, const Identifier& propertyName, const PropertySlot& slot)
4034 {
4035 // FIXME: Write a test that proves we need to check for recursion here just
4036 // like the interpreter does, then add a check for recursion.
4037
4038 // FIXME: Cache property access for immediates.
4039 if (!baseValue.isCell()) {
4040 ctiPatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(cti_op_get_by_id_generic));
4041 return;
4042 }
4043
4044 if (isJSArray(baseValue) && propertyName == callFrame->propertyNames().length) {
4045 #if USE(CTI_REPATCH_PIC)
4046 JIT::compilePatchGetArrayLength(callFrame->scopeChain()->globalData, codeBlock, returnAddress);
4047 #else
4048 ctiPatchCallByReturnAddress(returnAddress, m_ctiArrayLengthTrampoline);
4049 #endif
4050 return;
4051 }
4052 if (isJSString(baseValue) && propertyName == callFrame->propertyNames().length) {
4053 // The tradeoff of compiling an patched inline string length access routine does not seem
4054 // to pay off, so we currently only do this for arrays.
4055 ctiPatchCallByReturnAddress(returnAddress, m_ctiStringLengthTrampoline);
4056 return;
4057 }
4058
4059 // Uncacheable: give up.
4060 if (!slot.isCacheable()) {
4061 ctiPatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(cti_op_get_by_id_generic));
4062 return;
4063 }
4064
4065 JSCell* baseCell = asCell(baseValue);
4066 Structure* structure = baseCell->structure();
4067
4068 if (structure->isDictionary()) {
4069 ctiPatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(cti_op_get_by_id_generic));
4070 return;
4071 }
4072
4073 // In the interpreter the last structure is trapped here; in CTI we use the
4074 // *_second method to achieve a similar (but not quite the same) effect.
4075
4076 StructureStubInfo* stubInfo = &codeBlock->getStubInfo(returnAddress);
4077
4078 // Cache hit: Specialize instruction and ref Structures.
4079
4080 if (slot.slotBase() == baseValue) {
4081 // set this up, so derefStructures can do it's job.
4082 stubInfo->initGetByIdSelf(structure);
4083
4084 #if USE(CTI_REPATCH_PIC)
4085 JIT::patchGetByIdSelf(stubInfo, structure, slot.cachedOffset(), returnAddress);
4086 #else
4087 JIT::compileGetByIdSelf(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, slot.cachedOffset(), returnAddress);
4088 #endif
4089 return;
4090 }
4091
4092 if (slot.slotBase() == structure->prototypeForLookup(callFrame)) {
4093 ASSERT(slot.slotBase().isObject());
4094
4095 JSObject* slotBaseObject = asObject(slot.slotBase());
4096
4097 // Since we're accessing a prototype in a loop, it's a good bet that it
4098 // should not be treated as a dictionary.
4099 if (slotBaseObject->structure()->isDictionary())
4100 slotBaseObject->setStructure(Structure::fromDictionaryTransition(slotBaseObject->structure()));
4101
4102 stubInfo->initGetByIdProto(structure, slotBaseObject->structure());
4103
4104 JIT::compileGetByIdProto(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, slotBaseObject->structure(), slot.cachedOffset(), returnAddress);
4105 return;
4106 }
4107
4108 size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot);
4109 if (!count) {
4110 stubInfo->opcodeID = op_get_by_id_generic;
4111 return;
4112 }
4113
4114 StructureChain* prototypeChain = structure->prototypeChain(callFrame);
4115 stubInfo->initGetByIdChain(structure, prototypeChain);
4116 JIT::compileGetByIdChain(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, prototypeChain, count, slot.cachedOffset(), returnAddress);
4117 }
4118
4119 #endif
4120
4121 #if USE(JIT_STUB_ARGUMENT_VA_LIST)
4122 #define SETUP_VA_LISTL_ARGS va_list vl_args; va_start(vl_args, args)
4123 #else // JIT_STUB_ARGUMENT_REGISTER or JIT_STUB_ARGUMENT_STACK
4124 #define SETUP_VA_LISTL_ARGS
4125 #endif
4126
4127 #ifndef NDEBUG
4128
4129 extern "C" {
4130
4131 static void jscGeneratedNativeCode()
4132 {
4133 // When executing a CTI function (which might do an allocation), we hack the return address
4134 // to pretend to be executing this function, to keep stack logging tools from blowing out
4135 // memory.
4136 }
4137
4138 }
4139
4140 struct StackHack {
4141 ALWAYS_INLINE StackHack(void** location)
4142 {
4143 returnAddressLocation = location;
4144 savedReturnAddress = *returnAddressLocation;
4145 ctiSetReturnAddress(returnAddressLocation, reinterpret_cast<void*>(jscGeneratedNativeCode));
4146 }
4147 ALWAYS_INLINE ~StackHack()
4148 {
4149 ctiSetReturnAddress(returnAddressLocation, savedReturnAddress);
4150 }
4151
4152 void** returnAddressLocation;
4153 void* savedReturnAddress;
4154 };
4155
4156 #define BEGIN_STUB_FUNCTION() SETUP_VA_LISTL_ARGS; StackHack stackHack(&STUB_RETURN_ADDRESS_SLOT)
4157 #define STUB_SET_RETURN_ADDRESS(address) stackHack.savedReturnAddress = address
4158 #define STUB_RETURN_ADDRESS stackHack.savedReturnAddress
4159
4160 #else
4161
4162 #define BEGIN_STUB_FUNCTION() SETUP_VA_LISTL_ARGS
4163 #define STUB_SET_RETURN_ADDRESS(address) ctiSetReturnAddress(&STUB_RETURN_ADDRESS_SLOT, address);
4164 #define STUB_RETURN_ADDRESS STUB_RETURN_ADDRESS_SLOT
4165
4166 #endif
4167
4168 // The reason this is not inlined is to avoid having to do a PIC branch
4169 // to get the address of the ctiVMThrowTrampoline function. It's also
4170 // good to keep the code size down by leaving as much of the exception
4171 // handling code out of line as possible.
4172 static NEVER_INLINE void returnToThrowTrampoline(JSGlobalData* globalData, void* exceptionLocation, void*& returnAddressSlot)
4173 {
4174 ASSERT(globalData->exception);
4175 globalData->exceptionLocation = exceptionLocation;
4176 ctiSetReturnAddress(&returnAddressSlot, reinterpret_cast<void*>(ctiVMThrowTrampoline));
4177 }
4178
4179 static NEVER_INLINE void throwStackOverflowError(CallFrame* callFrame, JSGlobalData* globalData, void* exceptionLocation, void*& returnAddressSlot)
4180 {
4181 globalData->exception = createStackOverflowError(callFrame);
4182 returnToThrowTrampoline(globalData, exceptionLocation, returnAddressSlot);
4183 }
4184
4185 #define VM_THROW_EXCEPTION() \
4186 do { \
4187 VM_THROW_EXCEPTION_AT_END(); \
4188 return 0; \
4189 } while (0)
4190 #define VM_THROW_EXCEPTION_2() \
4191 do { \
4192 VM_THROW_EXCEPTION_AT_END(); \
4193 RETURN_PAIR(0, 0); \
4194 } while (0)
4195 #define VM_THROW_EXCEPTION_AT_END() \
4196 returnToThrowTrampoline(ARG_globalData, STUB_RETURN_ADDRESS, STUB_RETURN_ADDRESS)
4197
4198 #define CHECK_FOR_EXCEPTION() \
4199 do { \
4200 if (UNLIKELY(ARG_globalData->exception != noValue())) \
4201 VM_THROW_EXCEPTION(); \
4202 } while (0)
4203 #define CHECK_FOR_EXCEPTION_AT_END() \
4204 do { \
4205 if (UNLIKELY(ARG_globalData->exception != noValue())) \
4206 VM_THROW_EXCEPTION_AT_END(); \
4207 } while (0)
4208 #define CHECK_FOR_EXCEPTION_VOID() \
4209 do { \
4210 if (UNLIKELY(ARG_globalData->exception != noValue())) { \
4211 VM_THROW_EXCEPTION_AT_END(); \
4212 return; \
4213 } \
4214 } while (0)
4215
4216 JSObject* Interpreter::cti_op_convert_this(STUB_ARGS)
4217 {
4218 BEGIN_STUB_FUNCTION();
4219
4220 JSValuePtr v1 = ARG_src1;
4221 CallFrame* callFrame = ARG_callFrame;
4222
4223 JSObject* result = v1.toThisObject(callFrame);
4224 CHECK_FOR_EXCEPTION_AT_END();
4225 return result;
4226 }
4227
4228 void Interpreter::cti_op_end(STUB_ARGS)
4229 {
4230 BEGIN_STUB_FUNCTION();
4231
4232 ScopeChainNode* scopeChain = ARG_callFrame->scopeChain();
4233 ASSERT(scopeChain->refCount > 1);
4234 scopeChain->deref();
4235 }
4236
4237 JSValueEncodedAsPointer* Interpreter::cti_op_add(STUB_ARGS)
4238 {
4239 BEGIN_STUB_FUNCTION();
4240
4241 JSValuePtr v1 = ARG_src1;
4242 JSValuePtr v2 = ARG_src2;
4243
4244 double left;
4245 double right = 0.0;
4246
4247 bool rightIsNumber = v2.getNumber(right);
4248 if (rightIsNumber && v1.getNumber(left))
4249 return JSValuePtr::encode(jsNumber(ARG_globalData, left + right));
4250
4251 CallFrame* callFrame = ARG_callFrame;
4252
4253 bool leftIsString = v1.isString();
4254 if (leftIsString && v2.isString()) {
4255 RefPtr<UString::Rep> value = concatenate(asString(v1)->value().rep(), asString(v2)->value().rep());
4256 if (UNLIKELY(!value)) {
4257 throwOutOfMemoryError(callFrame);
4258 VM_THROW_EXCEPTION();
4259 }
4260
4261 return JSValuePtr::encode(jsString(ARG_globalData, value.release()));
4262 }
4263
4264 if (rightIsNumber & leftIsString) {
4265 RefPtr<UString::Rep> value = v2.isInt32Fast() ?
4266 concatenate(asString(v1)->value().rep(), v2.getInt32Fast()) :
4267 concatenate(asString(v1)->value().rep(), right);
4268
4269 if (UNLIKELY(!value)) {
4270 throwOutOfMemoryError(callFrame);
4271 VM_THROW_EXCEPTION();
4272 }
4273 return JSValuePtr::encode(jsString(ARG_globalData, value.release()));
4274 }
4275
4276 // All other cases are pretty uncommon
4277 JSValuePtr result = jsAddSlowCase(callFrame, v1, v2);
4278 CHECK_FOR_EXCEPTION_AT_END();
4279 return JSValuePtr::encode(result);
4280 }
4281
4282 JSValueEncodedAsPointer* Interpreter::cti_op_pre_inc(STUB_ARGS)
4283 {
4284 BEGIN_STUB_FUNCTION();
4285
4286 JSValuePtr v = ARG_src1;
4287
4288 CallFrame* callFrame = ARG_callFrame;
4289 JSValuePtr result = jsNumber(ARG_globalData, v.toNumber(callFrame) + 1);
4290 CHECK_FOR_EXCEPTION_AT_END();
4291 return JSValuePtr::encode(result);
4292 }
4293
4294 int Interpreter::cti_timeout_check(STUB_ARGS)
4295 {
4296 BEGIN_STUB_FUNCTION();
4297 Interpreter* interpreter = ARG_globalData->interpreter;
4298
4299 if (interpreter->checkTimeout(ARG_callFrame->dynamicGlobalObject())) {
4300 ARG_globalData->exception = createInterruptedExecutionException(ARG_globalData);
4301 VM_THROW_EXCEPTION_AT_END();
4302 }
4303
4304 return interpreter->m_ticksUntilNextTimeoutCheck;
4305 }
4306
4307 void Interpreter::cti_register_file_check(STUB_ARGS)
4308 {
4309 BEGIN_STUB_FUNCTION();
4310
4311 if (LIKELY(ARG_registerFile->grow(ARG_callFrame + ARG_callFrame->codeBlock()->m_numCalleeRegisters)))
4312 return;
4313
4314 // Rewind to the previous call frame because op_call already optimistically
4315 // moved the call frame forward.
4316 CallFrame* oldCallFrame = ARG_callFrame->callerFrame();
4317 ARG_setCallFrame(oldCallFrame);
4318 throwStackOverflowError(oldCallFrame, ARG_globalData, oldCallFrame->returnPC(), STUB_RETURN_ADDRESS);
4319 }
4320
4321 int Interpreter::cti_op_loop_if_less(STUB_ARGS)
4322 {
4323 BEGIN_STUB_FUNCTION();
4324
4325 JSValuePtr src1 = ARG_src1;
4326 JSValuePtr src2 = ARG_src2;
4327 CallFrame* callFrame = ARG_callFrame;
4328
4329 bool result = jsLess(callFrame, src1, src2);
4330 CHECK_FOR_EXCEPTION_AT_END();
4331 return result;
4332 }
4333
4334 int Interpreter::cti_op_loop_if_lesseq(STUB_ARGS)
4335 {
4336 BEGIN_STUB_FUNCTION();
4337
4338 JSValuePtr src1 = ARG_src1;
4339 JSValuePtr src2 = ARG_src2;
4340 CallFrame* callFrame = ARG_callFrame;
4341
4342 bool result = jsLessEq(callFrame, src1, src2);
4343 CHECK_FOR_EXCEPTION_AT_END();
4344 return result;
4345 }
4346
4347 JSObject* Interpreter::cti_op_new_object(STUB_ARGS)
4348 {
4349 BEGIN_STUB_FUNCTION();
4350
4351 return constructEmptyObject(ARG_callFrame);
4352 }
4353
4354 void Interpreter::cti_op_put_by_id_generic(STUB_ARGS)
4355 {
4356 BEGIN_STUB_FUNCTION();
4357
4358 PutPropertySlot slot;
4359 ARG_src1.put(ARG_callFrame, *ARG_id2, ARG_src3, slot);
4360 CHECK_FOR_EXCEPTION_AT_END();
4361 }
4362
4363 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_generic(STUB_ARGS)
4364 {
4365 BEGIN_STUB_FUNCTION();
4366
4367 CallFrame* callFrame = ARG_callFrame;
4368 Identifier& ident = *ARG_id2;
4369
4370 JSValuePtr baseValue = ARG_src1;
4371 PropertySlot slot(baseValue);
4372 JSValuePtr result = baseValue.get(callFrame, ident, slot);
4373
4374 CHECK_FOR_EXCEPTION_AT_END();
4375 return JSValuePtr::encode(result);
4376 }
4377
4378 #if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
4379
4380 void Interpreter::cti_op_put_by_id(STUB_ARGS)
4381 {
4382 BEGIN_STUB_FUNCTION();
4383
4384 CallFrame* callFrame = ARG_callFrame;
4385 Identifier& ident = *ARG_id2;
4386
4387 PutPropertySlot slot;
4388 ARG_src1.put(callFrame, ident, ARG_src3, slot);
4389
4390 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_put_by_id_second));
4391
4392 CHECK_FOR_EXCEPTION_AT_END();
4393 }
4394
4395 void Interpreter::cti_op_put_by_id_second(STUB_ARGS)
4396 {
4397 BEGIN_STUB_FUNCTION();
4398
4399 PutPropertySlot slot;
4400 ARG_src1.put(ARG_callFrame, *ARG_id2, ARG_src3, slot);
4401 ARG_globalData->interpreter->tryCTICachePutByID(ARG_callFrame, ARG_callFrame->codeBlock(), STUB_RETURN_ADDRESS, ARG_src1, slot);
4402 CHECK_FOR_EXCEPTION_AT_END();
4403 }
4404
4405 void Interpreter::cti_op_put_by_id_fail(STUB_ARGS)
4406 {
4407 BEGIN_STUB_FUNCTION();
4408
4409 CallFrame* callFrame = ARG_callFrame;
4410 Identifier& ident = *ARG_id2;
4411
4412 PutPropertySlot slot;
4413 ARG_src1.put(callFrame, ident, ARG_src3, slot);
4414
4415 CHECK_FOR_EXCEPTION_AT_END();
4416 }
4417
4418 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id(STUB_ARGS)
4419 {
4420 BEGIN_STUB_FUNCTION();
4421
4422 CallFrame* callFrame = ARG_callFrame;
4423 Identifier& ident = *ARG_id2;
4424
4425 JSValuePtr baseValue = ARG_src1;
4426 PropertySlot slot(baseValue);
4427 JSValuePtr result = baseValue.get(callFrame, ident, slot);
4428
4429 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_second));
4430
4431 CHECK_FOR_EXCEPTION_AT_END();
4432 return JSValuePtr::encode(result);
4433 }
4434
4435 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_second(STUB_ARGS)
4436 {
4437 BEGIN_STUB_FUNCTION();
4438
4439 CallFrame* callFrame = ARG_callFrame;
4440 Identifier& ident = *ARG_id2;
4441
4442 JSValuePtr baseValue = ARG_src1;
4443 PropertySlot slot(baseValue);
4444 JSValuePtr result = baseValue.get(callFrame, ident, slot);
4445
4446 ARG_globalData->interpreter->tryCTICacheGetByID(callFrame, callFrame->codeBlock(), STUB_RETURN_ADDRESS, baseValue, ident, slot);
4447
4448 CHECK_FOR_EXCEPTION_AT_END();
4449 return JSValuePtr::encode(result);
4450 }
4451
4452 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_self_fail(STUB_ARGS)
4453 {
4454 BEGIN_STUB_FUNCTION();
4455
4456 CallFrame* callFrame = ARG_callFrame;
4457 Identifier& ident = *ARG_id2;
4458
4459 JSValuePtr baseValue = ARG_src1;
4460 PropertySlot slot(baseValue);
4461 JSValuePtr result = baseValue.get(callFrame, ident, slot);
4462
4463 CHECK_FOR_EXCEPTION();
4464
4465 if (baseValue.isCell()
4466 && slot.isCacheable()
4467 && !asCell(baseValue)->structure()->isDictionary()
4468 && slot.slotBase() == baseValue) {
4469
4470 CodeBlock* codeBlock = callFrame->codeBlock();
4471 StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
4472
4473 ASSERT(slot.slotBase().isObject());
4474
4475 PolymorphicAccessStructureList* polymorphicStructureList;
4476 int listIndex = 1;
4477
4478 if (stubInfo->opcodeID == op_get_by_id_self) {
4479 ASSERT(!stubInfo->stubRoutine);
4480 polymorphicStructureList = new PolymorphicAccessStructureList(0, stubInfo->u.getByIdSelf.baseObjectStructure);
4481 stubInfo->initGetByIdSelfList(polymorphicStructureList, 2);
4482 } else {
4483 polymorphicStructureList = stubInfo->u.getByIdSelfList.structureList;
4484 listIndex = stubInfo->u.getByIdSelfList.listSize;
4485 stubInfo->u.getByIdSelfList.listSize++;
4486 }
4487
4488 JIT::compileGetByIdSelfList(callFrame->scopeChain()->globalData, codeBlock, stubInfo, polymorphicStructureList, listIndex, asCell(baseValue)->structure(), slot.cachedOffset());
4489
4490 if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
4491 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_generic));
4492 } else {
4493 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_generic));
4494 }
4495 return JSValuePtr::encode(result);
4496 }
4497
4498 static PolymorphicAccessStructureList* getPolymorphicAccessStructureListSlot(StructureStubInfo* stubInfo, int& listIndex)
4499 {
4500 PolymorphicAccessStructureList* prototypeStructureList = 0;
4501 listIndex = 1;
4502
4503 switch (stubInfo->opcodeID) {
4504 case op_get_by_id_proto:
4505 prototypeStructureList = new PolymorphicAccessStructureList(stubInfo->stubRoutine, stubInfo->u.getByIdProto.baseObjectStructure, stubInfo->u.getByIdProto.prototypeStructure);
4506 stubInfo->stubRoutine = 0;
4507 stubInfo->initGetByIdProtoList(prototypeStructureList, 2);
4508 break;
4509 case op_get_by_id_chain:
4510 prototypeStructureList = new PolymorphicAccessStructureList(stubInfo->stubRoutine, stubInfo->u.getByIdChain.baseObjectStructure, stubInfo->u.getByIdChain.chain);
4511 stubInfo->stubRoutine = 0;
4512 stubInfo->initGetByIdProtoList(prototypeStructureList, 2);
4513 break;
4514 case op_get_by_id_proto_list:
4515 prototypeStructureList = stubInfo->u.getByIdProtoList.structureList;
4516 listIndex = stubInfo->u.getByIdProtoList.listSize;
4517 stubInfo->u.getByIdProtoList.listSize++;
4518 break;
4519 default:
4520 ASSERT_NOT_REACHED();
4521 }
4522
4523 ASSERT(listIndex < POLYMORPHIC_LIST_CACHE_SIZE);
4524 return prototypeStructureList;
4525 }
4526
4527 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_proto_list(STUB_ARGS)
4528 {
4529 BEGIN_STUB_FUNCTION();
4530
4531 CallFrame* callFrame = ARG_callFrame;
4532
4533 JSValuePtr baseValue = ARG_src1;
4534 PropertySlot slot(baseValue);
4535 JSValuePtr result = baseValue.get(callFrame, *ARG_id2, slot);
4536
4537 CHECK_FOR_EXCEPTION();
4538
4539 if (!baseValue.isCell() || !slot.isCacheable() || asCell(baseValue)->structure()->isDictionary()) {
4540 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail));
4541 return JSValuePtr::encode(result);
4542 }
4543
4544 Structure* structure = asCell(baseValue)->structure();
4545 CodeBlock* codeBlock = callFrame->codeBlock();
4546 StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
4547
4548 ASSERT(slot.slotBase().isObject());
4549 JSObject* slotBaseObject = asObject(slot.slotBase());
4550
4551 if (slot.slotBase() == baseValue)
4552 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail));
4553 else if (slot.slotBase() == asCell(baseValue)->structure()->prototypeForLookup(callFrame)) {
4554 // Since we're accessing a prototype in a loop, it's a good bet that it
4555 // should not be treated as a dictionary.
4556 if (slotBaseObject->structure()->isDictionary())
4557 slotBaseObject->setStructure(Structure::fromDictionaryTransition(slotBaseObject->structure()));
4558
4559 int listIndex;
4560 PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(stubInfo, listIndex);
4561
4562 JIT::compileGetByIdProtoList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, slotBaseObject->structure(), slot.cachedOffset());
4563
4564 if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
4565 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_list_full));
4566 } else if (size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot)) {
4567 int listIndex;
4568 PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(stubInfo, listIndex);
4569
4570 JIT::compileGetByIdChainList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, structure->prototypeChain(callFrame), count, slot.cachedOffset());
4571
4572 if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
4573 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_list_full));
4574 } else
4575 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail));
4576
4577 return JSValuePtr::encode(result);
4578 }
4579
4580 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_proto_list_full(STUB_ARGS)
4581 {
4582 BEGIN_STUB_FUNCTION();
4583
4584 JSValuePtr baseValue = ARG_src1;
4585 PropertySlot slot(baseValue);
4586 JSValuePtr result = baseValue.get(ARG_callFrame, *ARG_id2, slot);
4587
4588 CHECK_FOR_EXCEPTION_AT_END();
4589 return JSValuePtr::encode(result);
4590 }
4591
4592 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_proto_fail(STUB_ARGS)
4593 {
4594 BEGIN_STUB_FUNCTION();
4595
4596 JSValuePtr baseValue = ARG_src1;
4597 PropertySlot slot(baseValue);
4598 JSValuePtr result = baseValue.get(ARG_callFrame, *ARG_id2, slot);
4599
4600 CHECK_FOR_EXCEPTION_AT_END();
4601 return JSValuePtr::encode(result);
4602 }
4603
4604 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_array_fail(STUB_ARGS)
4605 {
4606 BEGIN_STUB_FUNCTION();
4607
4608 JSValuePtr baseValue = ARG_src1;
4609 PropertySlot slot(baseValue);
4610 JSValuePtr result = baseValue.get(ARG_callFrame, *ARG_id2, slot);
4611
4612 CHECK_FOR_EXCEPTION_AT_END();
4613 return JSValuePtr::encode(result);
4614 }
4615
4616 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_id_string_fail(STUB_ARGS)
4617 {
4618 BEGIN_STUB_FUNCTION();
4619
4620 JSValuePtr baseValue = ARG_src1;
4621 PropertySlot slot(baseValue);
4622 JSValuePtr result = baseValue.get(ARG_callFrame, *ARG_id2, slot);
4623
4624 CHECK_FOR_EXCEPTION_AT_END();
4625 return JSValuePtr::encode(result);
4626 }
4627
4628 #endif
4629
4630 JSValueEncodedAsPointer* Interpreter::cti_op_instanceof(STUB_ARGS)
4631 {
4632 BEGIN_STUB_FUNCTION();
4633
4634 CallFrame* callFrame = ARG_callFrame;
4635 JSValuePtr value = ARG_src1;
4636 JSValuePtr baseVal = ARG_src2;
4637 JSValuePtr proto = ARG_src3;
4638
4639 // at least one of these checks must have failed to get to the slow case
4640 ASSERT(!value.isCell() || !baseVal.isCell() || !proto.isCell()
4641 || !value.isObject() || !baseVal.isObject() || !proto.isObject()
4642 || (asObject(baseVal)->structure()->typeInfo().flags() & (ImplementsHasInstance | OverridesHasInstance)) != ImplementsHasInstance);
4643
4644 if (!baseVal.isObject()) {
4645 CallFrame* callFrame = ARG_callFrame;
4646 CodeBlock* codeBlock = callFrame->codeBlock();
4647 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
4648 ARG_globalData->exception = createInvalidParamError(callFrame, "instanceof", baseVal, vPCIndex, codeBlock);
4649 VM_THROW_EXCEPTION();
4650 }
4651
4652 if (!asObject(baseVal)->structure()->typeInfo().implementsHasInstance())
4653 return JSValuePtr::encode(jsBoolean(false));
4654
4655 if (!proto.isObject()) {
4656 throwError(callFrame, TypeError, "instanceof called on an object with an invalid prototype property.");
4657 VM_THROW_EXCEPTION();
4658 }
4659
4660 if (!value.isObject())
4661 return JSValuePtr::encode(jsBoolean(false));
4662
4663 JSValuePtr result = jsBoolean(asObject(baseVal)->hasInstance(callFrame, value, proto));
4664 CHECK_FOR_EXCEPTION_AT_END();
4665
4666 return JSValuePtr::encode(result);
4667 }
4668
4669 JSValueEncodedAsPointer* Interpreter::cti_op_del_by_id(STUB_ARGS)
4670 {
4671 BEGIN_STUB_FUNCTION();
4672
4673 CallFrame* callFrame = ARG_callFrame;
4674
4675 JSObject* baseObj = ARG_src1.toObject(callFrame);
4676
4677 JSValuePtr result = jsBoolean(baseObj->deleteProperty(callFrame, *ARG_id2));
4678 CHECK_FOR_EXCEPTION_AT_END();
4679 return JSValuePtr::encode(result);
4680 }
4681
4682 JSValueEncodedAsPointer* Interpreter::cti_op_mul(STUB_ARGS)
4683 {
4684 BEGIN_STUB_FUNCTION();
4685
4686 JSValuePtr src1 = ARG_src1;
4687 JSValuePtr src2 = ARG_src2;
4688
4689 double left;
4690 double right;
4691 if (src1.getNumber(left) && src2.getNumber(right))
4692 return JSValuePtr::encode(jsNumber(ARG_globalData, left * right));
4693
4694 CallFrame* callFrame = ARG_callFrame;
4695 JSValuePtr result = jsNumber(ARG_globalData, src1.toNumber(callFrame) * src2.toNumber(callFrame));
4696 CHECK_FOR_EXCEPTION_AT_END();
4697 return JSValuePtr::encode(result);
4698 }
4699
4700 JSObject* Interpreter::cti_op_new_func(STUB_ARGS)
4701 {
4702 BEGIN_STUB_FUNCTION();
4703
4704 return ARG_func1->makeFunction(ARG_callFrame, ARG_callFrame->scopeChain());
4705 }
4706
4707 void* Interpreter::cti_op_call_JSFunction(STUB_ARGS)
4708 {
4709 BEGIN_STUB_FUNCTION();
4710
4711 #ifndef NDEBUG
4712 CallData callData;
4713 ASSERT(ARG_src1.getCallData(callData) == CallTypeJS);
4714 #endif
4715
4716 ScopeChainNode* callDataScopeChain = asFunction(ARG_src1)->m_scopeChain.node();
4717 CodeBlock* newCodeBlock = &asFunction(ARG_src1)->body()->bytecode(callDataScopeChain);
4718
4719 if (!newCodeBlock->jitCode())
4720 JIT::compile(ARG_globalData, newCodeBlock);
4721
4722 return newCodeBlock;
4723 }
4724
4725 VoidPtrPair Interpreter::cti_op_call_arityCheck(STUB_ARGS)
4726 {
4727 BEGIN_STUB_FUNCTION();
4728
4729 CallFrame* callFrame = ARG_callFrame;
4730 CodeBlock* newCodeBlock = ARG_codeBlock4;
4731 int argCount = ARG_int3;
4732
4733 ASSERT(argCount != newCodeBlock->m_numParameters);
4734
4735 CallFrame* oldCallFrame = callFrame->callerFrame();
4736
4737 if (argCount > newCodeBlock->m_numParameters) {
4738 size_t numParameters = newCodeBlock->m_numParameters;
4739 Register* r = callFrame->registers() + numParameters;
4740
4741 Register* argv = r - RegisterFile::CallFrameHeaderSize - numParameters - argCount;
4742 for (size_t i = 0; i < numParameters; ++i)
4743 argv[i + argCount] = argv[i];
4744
4745 callFrame = CallFrame::create(r);
4746 callFrame->setCallerFrame(oldCallFrame);
4747 } else {
4748 size_t omittedArgCount = newCodeBlock->m_numParameters - argCount;
4749 Register* r = callFrame->registers() + omittedArgCount;
4750 Register* newEnd = r + newCodeBlock->m_numCalleeRegisters;
4751 if (!ARG_registerFile->grow(newEnd)) {
4752 // Rewind to the previous call frame because op_call already optimistically
4753 // moved the call frame forward.
4754 ARG_setCallFrame(oldCallFrame);
4755 throwStackOverflowError(oldCallFrame, ARG_globalData, ARG_returnAddress2, STUB_RETURN_ADDRESS);
4756 RETURN_PAIR(0, 0);
4757 }
4758
4759 Register* argv = r - RegisterFile::CallFrameHeaderSize - omittedArgCount;
4760 for (size_t i = 0; i < omittedArgCount; ++i)
4761 argv[i] = jsUndefined();
4762
4763 callFrame = CallFrame::create(r);
4764 callFrame->setCallerFrame(oldCallFrame);
4765 }
4766
4767 RETURN_PAIR(newCodeBlock, callFrame);
4768 }
4769
4770 void* Interpreter::cti_vm_dontLazyLinkCall(STUB_ARGS)
4771 {
4772 BEGIN_STUB_FUNCTION();
4773
4774 JSFunction* callee = asFunction(ARG_src1);
4775 CodeBlock* codeBlock = &callee->body()->bytecode(callee->m_scopeChain.node());
4776 if (!codeBlock->jitCode())
4777 JIT::compile(ARG_globalData, codeBlock);
4778
4779 ctiPatchCallByReturnAddress(ARG_returnAddress2, ARG_globalData->interpreter->m_ctiVirtualCallLink);
4780
4781 return codeBlock->jitCode();
4782 }
4783
4784 void* Interpreter::cti_vm_lazyLinkCall(STUB_ARGS)
4785 {
4786 BEGIN_STUB_FUNCTION();
4787
4788 JSFunction* callee = asFunction(ARG_src1);
4789 CodeBlock* codeBlock = &callee->body()->bytecode(callee->m_scopeChain.node());
4790 if (!codeBlock->jitCode())
4791 JIT::compile(ARG_globalData, codeBlock);
4792
4793 CallLinkInfo* callLinkInfo = &ARG_callFrame->callerFrame()->codeBlock()->getCallLinkInfo(ARG_returnAddress2);
4794 JIT::linkCall(callee, codeBlock, codeBlock->jitCode(), callLinkInfo, ARG_int3);
4795
4796 return codeBlock->jitCode();
4797 }
4798
4799 JSObject* Interpreter::cti_op_push_activation(STUB_ARGS)
4800 {
4801 BEGIN_STUB_FUNCTION();
4802
4803 JSActivation* activation = new (ARG_globalData) JSActivation(ARG_callFrame, static_cast<FunctionBodyNode*>(ARG_callFrame->codeBlock()->ownerNode()));
4804 ARG_callFrame->setScopeChain(ARG_callFrame->scopeChain()->copy()->push(activation));
4805 return activation;
4806 }
4807
4808 JSValueEncodedAsPointer* Interpreter::cti_op_call_NotJSFunction(STUB_ARGS)
4809 {
4810 BEGIN_STUB_FUNCTION();
4811
4812 JSValuePtr funcVal = ARG_src1;
4813
4814 CallData callData;
4815 CallType callType = funcVal.getCallData(callData);
4816
4817 ASSERT(callType != CallTypeJS);
4818
4819 if (callType == CallTypeHost) {
4820 int registerOffset = ARG_int2;
4821 int argCount = ARG_int3;
4822 CallFrame* previousCallFrame = ARG_callFrame;
4823 CallFrame* callFrame = CallFrame::create(previousCallFrame->registers() + registerOffset);
4824
4825 callFrame->init(0, static_cast<Instruction*>(STUB_RETURN_ADDRESS), previousCallFrame->scopeChain(), previousCallFrame, 0, argCount, 0);
4826 ARG_setCallFrame(callFrame);
4827
4828 Register* argv = ARG_callFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
4829 ArgList argList(argv + 1, argCount - 1);
4830
4831 JSValuePtr returnValue;
4832 {
4833 SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
4834
4835 // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
4836 JSValuePtr thisValue = argv[0].jsValue(callFrame);
4837 if (thisValue == jsNull())
4838 thisValue = callFrame->globalThisValue();
4839
4840 returnValue = callData.native.function(callFrame, asObject(funcVal), thisValue, argList);
4841 }
4842 ARG_setCallFrame(previousCallFrame);
4843 CHECK_FOR_EXCEPTION();
4844
4845 return JSValuePtr::encode(returnValue);
4846 }
4847
4848 ASSERT(callType == CallTypeNone);
4849
4850 CallFrame* callFrame = ARG_callFrame;
4851 CodeBlock* codeBlock = callFrame->codeBlock();
4852 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
4853 ARG_globalData->exception = createNotAFunctionError(ARG_callFrame, funcVal, vPCIndex, codeBlock);
4854 VM_THROW_EXCEPTION();
4855 }
4856
4857 void Interpreter::cti_op_create_arguments(STUB_ARGS)
4858 {
4859 BEGIN_STUB_FUNCTION();
4860
4861 Arguments* arguments = new (ARG_globalData) Arguments(ARG_callFrame);
4862 ARG_callFrame->setCalleeArguments(arguments);
4863 ARG_callFrame[RegisterFile::ArgumentsRegister] = arguments;
4864 }
4865
4866 void Interpreter::cti_op_create_arguments_no_params(STUB_ARGS)
4867 {
4868 BEGIN_STUB_FUNCTION();
4869
4870 Arguments* arguments = new (ARG_globalData) Arguments(ARG_callFrame, Arguments::NoParameters);
4871 ARG_callFrame->setCalleeArguments(arguments);
4872 ARG_callFrame[RegisterFile::ArgumentsRegister] = arguments;
4873 }
4874
4875 void Interpreter::cti_op_tear_off_activation(STUB_ARGS)
4876 {
4877 BEGIN_STUB_FUNCTION();
4878
4879 ASSERT(ARG_callFrame->codeBlock()->needsFullScopeChain());
4880 asActivation(ARG_src1)->copyRegisters(ARG_callFrame->optionalCalleeArguments());
4881 }
4882
4883 void Interpreter::cti_op_tear_off_arguments(STUB_ARGS)
4884 {
4885 BEGIN_STUB_FUNCTION();
4886
4887 ASSERT(ARG_callFrame->codeBlock()->usesArguments() && !ARG_callFrame->codeBlock()->needsFullScopeChain());
4888 ARG_callFrame->optionalCalleeArguments()->copyRegisters();
4889 }
4890
4891 void Interpreter::cti_op_profile_will_call(STUB_ARGS)
4892 {
4893 BEGIN_STUB_FUNCTION();
4894
4895 ASSERT(*ARG_profilerReference);
4896 (*ARG_profilerReference)->willExecute(ARG_callFrame, ARG_src1);
4897 }
4898
4899 void Interpreter::cti_op_profile_did_call(STUB_ARGS)
4900 {
4901 BEGIN_STUB_FUNCTION();
4902
4903 ASSERT(*ARG_profilerReference);
4904 (*ARG_profilerReference)->didExecute(ARG_callFrame, ARG_src1);
4905 }
4906
4907 void Interpreter::cti_op_ret_scopeChain(STUB_ARGS)
4908 {
4909 BEGIN_STUB_FUNCTION();
4910
4911 ASSERT(ARG_callFrame->codeBlock()->needsFullScopeChain());
4912 ARG_callFrame->scopeChain()->deref();
4913 }
4914
4915 JSObject* Interpreter::cti_op_new_array(STUB_ARGS)
4916 {
4917 BEGIN_STUB_FUNCTION();
4918
4919 ArgList argList(&ARG_callFrame->registers()[ARG_int1], ARG_int2);
4920 return constructArray(ARG_callFrame, argList);
4921 }
4922
4923 JSValueEncodedAsPointer* Interpreter::cti_op_resolve(STUB_ARGS)
4924 {
4925 BEGIN_STUB_FUNCTION();
4926
4927 CallFrame* callFrame = ARG_callFrame;
4928 ScopeChainNode* scopeChain = callFrame->scopeChain();
4929
4930 ScopeChainIterator iter = scopeChain->begin();
4931 ScopeChainIterator end = scopeChain->end();
4932 ASSERT(iter != end);
4933
4934 Identifier& ident = *ARG_id1;
4935 do {
4936 JSObject* o = *iter;
4937 PropertySlot slot(o);
4938 if (o->getPropertySlot(callFrame, ident, slot)) {
4939 JSValuePtr result = slot.getValue(callFrame, ident);
4940 CHECK_FOR_EXCEPTION_AT_END();
4941 return JSValuePtr::encode(result);
4942 }
4943 } while (++iter != end);
4944
4945 CodeBlock* codeBlock = callFrame->codeBlock();
4946 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
4947 ARG_globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
4948 VM_THROW_EXCEPTION();
4949 }
4950
4951 JSObject* Interpreter::cti_op_construct_JSConstruct(STUB_ARGS)
4952 {
4953 BEGIN_STUB_FUNCTION();
4954
4955 #ifndef NDEBUG
4956 ConstructData constructData;
4957 ASSERT(asFunction(ARG_src1)->getConstructData(constructData) == ConstructTypeJS);
4958 #endif
4959
4960 Structure* structure;
4961 if (ARG_src4.isObject())
4962 structure = asObject(ARG_src4)->inheritorID();
4963 else
4964 structure = asFunction(ARG_src1)->m_scopeChain.node()->globalObject()->emptyObjectStructure();
4965 return new (ARG_globalData) JSObject(structure);
4966 }
4967
4968 JSValueEncodedAsPointer* Interpreter::cti_op_construct_NotJSConstruct(STUB_ARGS)
4969 {
4970 BEGIN_STUB_FUNCTION();
4971
4972 CallFrame* callFrame = ARG_callFrame;
4973
4974 JSValuePtr constrVal = ARG_src1;
4975 int argCount = ARG_int3;
4976 int thisRegister = ARG_int5;
4977
4978 ConstructData constructData;
4979 ConstructType constructType = constrVal.getConstructData(constructData);
4980
4981 if (constructType == ConstructTypeHost) {
4982 ArgList argList(callFrame->registers() + thisRegister + 1, argCount - 1);
4983
4984 JSValuePtr returnValue;
4985 {
4986 SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
4987 returnValue = constructData.native.function(callFrame, asObject(constrVal), argList);
4988 }
4989 CHECK_FOR_EXCEPTION();
4990
4991 return JSValuePtr::encode(returnValue);
4992 }
4993
4994 ASSERT(constructType == ConstructTypeNone);
4995
4996 CodeBlock* codeBlock = callFrame->codeBlock();
4997 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
4998 ARG_globalData->exception = createNotAConstructorError(callFrame, constrVal, vPCIndex, codeBlock);
4999 VM_THROW_EXCEPTION();
5000 }
5001
5002 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_val(STUB_ARGS)
5003 {
5004 BEGIN_STUB_FUNCTION();
5005
5006 CallFrame* callFrame = ARG_callFrame;
5007 Interpreter* interpreter = ARG_globalData->interpreter;
5008
5009 JSValuePtr baseValue = ARG_src1;
5010 JSValuePtr subscript = ARG_src2;
5011
5012 JSValuePtr result;
5013
5014 if (LIKELY(subscript.isUInt32Fast())) {
5015 uint32_t i = subscript.getUInt32Fast();
5016 if (interpreter->isJSArray(baseValue)) {
5017 JSArray* jsArray = asArray(baseValue);
5018 if (jsArray->canGetIndex(i))
5019 result = jsArray->getIndex(i);
5020 else
5021 result = jsArray->JSArray::get(callFrame, i);
5022 } else if (interpreter->isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
5023 result = asString(baseValue)->getIndex(ARG_globalData, i);
5024 else if (interpreter->isJSByteArray(baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
5025 // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
5026 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_val_byte_array));
5027 return JSValuePtr::encode(asByteArray(baseValue)->getIndex(callFrame, i));
5028 } else
5029 result = baseValue.get(callFrame, i);
5030 } else {
5031 Identifier property(callFrame, subscript.toString(callFrame));
5032 result = baseValue.get(callFrame, property);
5033 }
5034
5035 CHECK_FOR_EXCEPTION_AT_END();
5036 return JSValuePtr::encode(result);
5037 }
5038
5039 JSValueEncodedAsPointer* Interpreter::cti_op_get_by_val_byte_array(STUB_ARGS)
5040 {
5041 BEGIN_STUB_FUNCTION();
5042
5043 CallFrame* callFrame = ARG_callFrame;
5044 Interpreter* interpreter = ARG_globalData->interpreter;
5045
5046 JSValuePtr baseValue = ARG_src1;
5047 JSValuePtr subscript = ARG_src2;
5048
5049 JSValuePtr result;
5050
5051 if (LIKELY(subscript.isUInt32Fast())) {
5052 uint32_t i = subscript.getUInt32Fast();
5053 if (interpreter->isJSByteArray(baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
5054 // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
5055 return JSValuePtr::encode(asByteArray(baseValue)->getIndex(callFrame, i));
5056 }
5057
5058 result = baseValue.get(callFrame, i);
5059 if (!interpreter->isJSByteArray(baseValue))
5060 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_val));
5061 } else {
5062 Identifier property(callFrame, subscript.toString(callFrame));
5063 result = baseValue.get(callFrame, property);
5064 }
5065
5066 CHECK_FOR_EXCEPTION_AT_END();
5067 return JSValuePtr::encode(result);
5068 }
5069
5070 VoidPtrPair Interpreter::cti_op_resolve_func(STUB_ARGS)
5071 {
5072 BEGIN_STUB_FUNCTION();
5073
5074 CallFrame* callFrame = ARG_callFrame;
5075 ScopeChainNode* scopeChain = callFrame->scopeChain();
5076
5077 ScopeChainIterator iter = scopeChain->begin();
5078 ScopeChainIterator end = scopeChain->end();
5079
5080 // FIXME: add scopeDepthIsZero optimization
5081
5082 ASSERT(iter != end);
5083
5084 Identifier& ident = *ARG_id1;
5085 JSObject* base;
5086 do {
5087 base = *iter;
5088 PropertySlot slot(base);
5089 if (base->getPropertySlot(callFrame, ident, slot)) {
5090 // ECMA 11.2.3 says that if we hit an activation the this value should be null.
5091 // However, section 10.2.3 says that in the case where the value provided
5092 // by the caller is null, the global object should be used. It also says
5093 // that the section does not apply to internal functions, but for simplicity
5094 // of implementation we use the global object anyway here. This guarantees
5095 // that in host objects you always get a valid object for this.
5096 // We also handle wrapper substitution for the global object at the same time.
5097 JSObject* thisObj = base->toThisObject(callFrame);
5098 JSValuePtr result = slot.getValue(callFrame, ident);
5099 CHECK_FOR_EXCEPTION_AT_END();
5100
5101 RETURN_PAIR(thisObj, JSValuePtr::encode(result));
5102 }
5103 ++iter;
5104 } while (iter != end);
5105
5106 CodeBlock* codeBlock = callFrame->codeBlock();
5107 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
5108 ARG_globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
5109 VM_THROW_EXCEPTION_2();
5110 }
5111
5112 JSValueEncodedAsPointer* Interpreter::cti_op_sub(STUB_ARGS)
5113 {
5114 BEGIN_STUB_FUNCTION();
5115
5116 JSValuePtr src1 = ARG_src1;
5117 JSValuePtr src2 = ARG_src2;
5118
5119 double left;
5120 double right;
5121 if (src1.getNumber(left) && src2.getNumber(right))
5122 return JSValuePtr::encode(jsNumber(ARG_globalData, left - right));
5123
5124 CallFrame* callFrame = ARG_callFrame;
5125 JSValuePtr result = jsNumber(ARG_globalData, src1.toNumber(callFrame) - src2.toNumber(callFrame));
5126 CHECK_FOR_EXCEPTION_AT_END();
5127 return JSValuePtr::encode(result);
5128 }
5129
5130 void Interpreter::cti_op_put_by_val(STUB_ARGS)
5131 {
5132 BEGIN_STUB_FUNCTION();
5133
5134 CallFrame* callFrame = ARG_callFrame;
5135 Interpreter* interpreter = ARG_globalData->interpreter;
5136
5137 JSValuePtr baseValue = ARG_src1;
5138 JSValuePtr subscript = ARG_src2;
5139 JSValuePtr value = ARG_src3;
5140
5141 if (LIKELY(subscript.isUInt32Fast())) {
5142 uint32_t i = subscript.getUInt32Fast();
5143 if (interpreter->isJSArray(baseValue)) {
5144 JSArray* jsArray = asArray(baseValue);
5145 if (jsArray->canSetIndex(i))
5146 jsArray->setIndex(i, value);
5147 else
5148 jsArray->JSArray::put(callFrame, i, value);
5149 } else if (interpreter->isJSByteArray(baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
5150 JSByteArray* jsByteArray = asByteArray(baseValue);
5151 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_put_by_val_byte_array));
5152 // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
5153 if (value.isInt32Fast()) {
5154 jsByteArray->setIndex(i, value.getInt32Fast());
5155 return;
5156 } else {
5157 double dValue = 0;
5158 if (value.getNumber(dValue)) {
5159 jsByteArray->setIndex(i, dValue);
5160 return;
5161 }
5162 }
5163
5164 baseValue.put(callFrame, i, value);
5165 } else
5166 baseValue.put(callFrame, i, value);
5167 } else {
5168 Identifier property(callFrame, subscript.toString(callFrame));
5169 if (!ARG_globalData->exception) { // Don't put to an object if toString threw an exception.
5170 PutPropertySlot slot;
5171 baseValue.put(callFrame, property, value, slot);
5172 }
5173 }
5174
5175 CHECK_FOR_EXCEPTION_AT_END();
5176 }
5177
5178 void Interpreter::cti_op_put_by_val_array(STUB_ARGS)
5179 {
5180 BEGIN_STUB_FUNCTION();
5181
5182 CallFrame* callFrame = ARG_callFrame;
5183
5184 JSValuePtr baseValue = ARG_src1;
5185 int i = ARG_int2;
5186 JSValuePtr value = ARG_src3;
5187
5188 ASSERT(ARG_globalData->interpreter->isJSArray(baseValue));
5189
5190 if (LIKELY(i >= 0))
5191 asArray(baseValue)->JSArray::put(callFrame, i, value);
5192 else {
5193 // This should work since we're re-boxing an immediate unboxed in JIT code.
5194 ASSERT(JSValuePtr::makeInt32Fast(i));
5195 Identifier property(callFrame, JSValuePtr::makeInt32Fast(i).toString(callFrame));
5196 // FIXME: can toString throw an exception here?
5197 if (!ARG_globalData->exception) { // Don't put to an object if toString threw an exception.
5198 PutPropertySlot slot;
5199 baseValue.put(callFrame, property, value, slot);
5200 }
5201 }
5202
5203 CHECK_FOR_EXCEPTION_AT_END();
5204 }
5205
5206 void Interpreter::cti_op_put_by_val_byte_array(STUB_ARGS)
5207 {
5208 BEGIN_STUB_FUNCTION();
5209
5210 CallFrame* callFrame = ARG_callFrame;
5211 Interpreter* interpreter = ARG_globalData->interpreter;
5212
5213 JSValuePtr baseValue = ARG_src1;
5214 JSValuePtr subscript = ARG_src2;
5215 JSValuePtr value = ARG_src3;
5216
5217 if (LIKELY(subscript.isUInt32Fast())) {
5218 uint32_t i = subscript.getUInt32Fast();
5219 if (interpreter->isJSByteArray(baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
5220 JSByteArray* jsByteArray = asByteArray(baseValue);
5221
5222 // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
5223 if (value.isInt32Fast()) {
5224 jsByteArray->setIndex(i, value.getInt32Fast());
5225 return;
5226 } else {
5227 double dValue = 0;
5228 if (value.getNumber(dValue)) {
5229 jsByteArray->setIndex(i, dValue);
5230 return;
5231 }
5232 }
5233 }
5234
5235 if (!interpreter->isJSByteArray(baseValue))
5236 ctiPatchCallByReturnAddress(STUB_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_put_by_val));
5237 baseValue.put(callFrame, i, value);
5238 } else {
5239 Identifier property(callFrame, subscript.toString(callFrame));
5240 if (!ARG_globalData->exception) { // Don't put to an object if toString threw an exception.
5241 PutPropertySlot slot;
5242 baseValue.put(callFrame, property, value, slot);
5243 }
5244 }
5245
5246 CHECK_FOR_EXCEPTION_AT_END();
5247 }
5248
5249 JSValueEncodedAsPointer* Interpreter::cti_op_lesseq(STUB_ARGS)
5250 {
5251 BEGIN_STUB_FUNCTION();
5252
5253 CallFrame* callFrame = ARG_callFrame;
5254 JSValuePtr result = jsBoolean(jsLessEq(callFrame, ARG_src1, ARG_src2));
5255 CHECK_FOR_EXCEPTION_AT_END();
5256 return JSValuePtr::encode(result);
5257 }
5258
5259 int Interpreter::cti_op_loop_if_true(STUB_ARGS)
5260 {
5261 BEGIN_STUB_FUNCTION();
5262
5263 JSValuePtr src1 = ARG_src1;
5264
5265 CallFrame* callFrame = ARG_callFrame;
5266
5267 bool result = src1.toBoolean(callFrame);
5268 CHECK_FOR_EXCEPTION_AT_END();
5269 return result;
5270 }
5271
5272 JSValueEncodedAsPointer* Interpreter::cti_op_negate(STUB_ARGS)
5273 {
5274 BEGIN_STUB_FUNCTION();
5275
5276 JSValuePtr src = ARG_src1;
5277
5278 double v;
5279 if (src.getNumber(v))
5280 return JSValuePtr::encode(jsNumber(ARG_globalData, -v));
5281
5282 CallFrame* callFrame = ARG_callFrame;
5283 JSValuePtr result = jsNumber(ARG_globalData, -src.toNumber(callFrame));
5284 CHECK_FOR_EXCEPTION_AT_END();
5285 return JSValuePtr::encode(result);
5286 }
5287
5288 JSValueEncodedAsPointer* Interpreter::cti_op_resolve_base(STUB_ARGS)
5289 {
5290 BEGIN_STUB_FUNCTION();
5291
5292 return JSValuePtr::encode(inlineResolveBase(ARG_callFrame, *ARG_id1, ARG_callFrame->scopeChain()));
5293 }
5294
5295 JSValueEncodedAsPointer* Interpreter::cti_op_resolve_skip(STUB_ARGS)
5296 {
5297 BEGIN_STUB_FUNCTION();
5298
5299 CallFrame* callFrame = ARG_callFrame;
5300 ScopeChainNode* scopeChain = callFrame->scopeChain();
5301
5302 int skip = ARG_int2;
5303
5304 ScopeChainIterator iter = scopeChain->begin();
5305 ScopeChainIterator end = scopeChain->end();
5306 ASSERT(iter != end);
5307 while (skip--) {
5308 ++iter;
5309 ASSERT(iter != end);
5310 }
5311 Identifier& ident = *ARG_id1;
5312 do {
5313 JSObject* o = *iter;
5314 PropertySlot slot(o);
5315 if (o->getPropertySlot(callFrame, ident, slot)) {
5316 JSValuePtr result = slot.getValue(callFrame, ident);
5317 CHECK_FOR_EXCEPTION_AT_END();
5318 return JSValuePtr::encode(result);
5319 }
5320 } while (++iter != end);
5321
5322 CodeBlock* codeBlock = callFrame->codeBlock();
5323 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
5324 ARG_globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
5325 VM_THROW_EXCEPTION();
5326 }
5327
5328 JSValueEncodedAsPointer* Interpreter::cti_op_resolve_global(STUB_ARGS)
5329 {
5330 BEGIN_STUB_FUNCTION();
5331
5332 CallFrame* callFrame = ARG_callFrame;
5333 JSGlobalObject* globalObject = asGlobalObject(ARG_src1);
5334 Identifier& ident = *ARG_id2;
5335 unsigned globalResolveInfoIndex = ARG_int3;
5336 ASSERT(globalObject->isGlobalObject());
5337
5338 PropertySlot slot(globalObject);
5339 if (globalObject->getPropertySlot(callFrame, ident, slot)) {
5340 JSValuePtr result = slot.getValue(callFrame, ident);
5341 if (slot.isCacheable() && !globalObject->structure()->isDictionary() && slot.slotBase() == globalObject) {
5342 GlobalResolveInfo& globalResolveInfo = callFrame->codeBlock()->globalResolveInfo(globalResolveInfoIndex);
5343 if (globalResolveInfo.structure)
5344 globalResolveInfo.structure->deref();
5345 globalObject->structure()->ref();
5346 globalResolveInfo.structure = globalObject->structure();
5347 globalResolveInfo.offset = slot.cachedOffset();
5348 return JSValuePtr::encode(result);
5349 }
5350
5351 CHECK_FOR_EXCEPTION_AT_END();
5352 return JSValuePtr::encode(result);
5353 }
5354
5355 unsigned vPCIndex = callFrame->codeBlock()->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
5356 ARG_globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, callFrame->codeBlock());
5357 VM_THROW_EXCEPTION();
5358 }
5359
5360 JSValueEncodedAsPointer* Interpreter::cti_op_div(STUB_ARGS)
5361 {
5362 BEGIN_STUB_FUNCTION();
5363
5364 JSValuePtr src1 = ARG_src1;
5365 JSValuePtr src2 = ARG_src2;
5366
5367 double left;
5368 double right;
5369 if (src1.getNumber(left) && src2.getNumber(right))
5370 return JSValuePtr::encode(jsNumber(ARG_globalData, left / right));
5371
5372 CallFrame* callFrame = ARG_callFrame;
5373 JSValuePtr result = jsNumber(ARG_globalData, src1.toNumber(callFrame) / src2.toNumber(callFrame));
5374 CHECK_FOR_EXCEPTION_AT_END();
5375 return JSValuePtr::encode(result);
5376 }
5377
5378 JSValueEncodedAsPointer* Interpreter::cti_op_pre_dec(STUB_ARGS)
5379 {
5380 BEGIN_STUB_FUNCTION();
5381
5382 JSValuePtr v = ARG_src1;
5383
5384 CallFrame* callFrame = ARG_callFrame;
5385 JSValuePtr result = jsNumber(ARG_globalData, v.toNumber(callFrame) - 1);
5386 CHECK_FOR_EXCEPTION_AT_END();
5387 return JSValuePtr::encode(result);
5388 }
5389
5390 int Interpreter::cti_op_jless(STUB_ARGS)
5391 {
5392 BEGIN_STUB_FUNCTION();
5393
5394 JSValuePtr src1 = ARG_src1;
5395 JSValuePtr src2 = ARG_src2;
5396 CallFrame* callFrame = ARG_callFrame;
5397
5398 bool result = jsLess(callFrame, src1, src2);
5399 CHECK_FOR_EXCEPTION_AT_END();
5400 return result;
5401 }
5402
5403 JSValueEncodedAsPointer* Interpreter::cti_op_not(STUB_ARGS)
5404 {
5405 BEGIN_STUB_FUNCTION();
5406
5407 JSValuePtr src = ARG_src1;
5408
5409 CallFrame* callFrame = ARG_callFrame;
5410
5411 JSValuePtr result = jsBoolean(!src.toBoolean(callFrame));
5412 CHECK_FOR_EXCEPTION_AT_END();
5413 return JSValuePtr::encode(result);
5414 }
5415
5416 int Interpreter::cti_op_jtrue(STUB_ARGS)
5417 {
5418 BEGIN_STUB_FUNCTION();
5419
5420 JSValuePtr src1 = ARG_src1;
5421
5422 CallFrame* callFrame = ARG_callFrame;
5423
5424 bool result = src1.toBoolean(callFrame);
5425 CHECK_FOR_EXCEPTION_AT_END();
5426 return result;
5427 }
5428
5429 VoidPtrPair Interpreter::cti_op_post_inc(STUB_ARGS)
5430 {
5431 BEGIN_STUB_FUNCTION();
5432
5433 JSValuePtr v = ARG_src1;
5434
5435 CallFrame* callFrame = ARG_callFrame;
5436
5437 JSValuePtr number = v.toJSNumber(callFrame);
5438 CHECK_FOR_EXCEPTION_AT_END();
5439
5440 RETURN_PAIR(JSValuePtr::encode(number), JSValuePtr::encode(jsNumber(ARG_globalData, number.uncheckedGetNumber() + 1)));
5441 }
5442
5443 JSValueEncodedAsPointer* Interpreter::cti_op_eq(STUB_ARGS)
5444 {
5445 BEGIN_STUB_FUNCTION();
5446
5447 JSValuePtr src1 = ARG_src1;
5448 JSValuePtr src2 = ARG_src2;
5449
5450 CallFrame* callFrame = ARG_callFrame;
5451
5452 ASSERT(!JSValuePtr::areBothInt32Fast(src1, src2));
5453 JSValuePtr result = jsBoolean(JSValuePtr::equalSlowCaseInline(callFrame, src1, src2));
5454 CHECK_FOR_EXCEPTION_AT_END();
5455 return JSValuePtr::encode(result);
5456 }
5457
5458 JSValueEncodedAsPointer* Interpreter::cti_op_lshift(STUB_ARGS)
5459 {
5460 BEGIN_STUB_FUNCTION();
5461
5462 JSValuePtr val = ARG_src1;
5463 JSValuePtr shift = ARG_src2;
5464
5465 int32_t left;
5466 uint32_t right;
5467 if (JSValuePtr::areBothInt32Fast(val, shift))
5468 return JSValuePtr::encode(jsNumber(ARG_globalData, val.getInt32Fast() << (shift.getInt32Fast() & 0x1f)));
5469 if (val.numberToInt32(left) && shift.numberToUInt32(right))
5470 return JSValuePtr::encode(jsNumber(ARG_globalData, left << (right & 0x1f)));
5471
5472 CallFrame* callFrame = ARG_callFrame;
5473 JSValuePtr result = jsNumber(ARG_globalData, (val.toInt32(callFrame)) << (shift.toUInt32(callFrame) & 0x1f));
5474 CHECK_FOR_EXCEPTION_AT_END();
5475 return JSValuePtr::encode(result);
5476 }
5477
5478 JSValueEncodedAsPointer* Interpreter::cti_op_bitand(STUB_ARGS)
5479 {
5480 BEGIN_STUB_FUNCTION();
5481
5482 JSValuePtr src1 = ARG_src1;
5483 JSValuePtr src2 = ARG_src2;
5484
5485 int32_t left;
5486 int32_t right;
5487 if (src1.numberToInt32(left) && src2.numberToInt32(right))
5488 return JSValuePtr::encode(jsNumber(ARG_globalData, left & right));
5489
5490 CallFrame* callFrame = ARG_callFrame;
5491 JSValuePtr result = jsNumber(ARG_globalData, src1.toInt32(callFrame) & src2.toInt32(callFrame));
5492 CHECK_FOR_EXCEPTION_AT_END();
5493 return JSValuePtr::encode(result);
5494 }
5495
5496 JSValueEncodedAsPointer* Interpreter::cti_op_rshift(STUB_ARGS)
5497 {
5498 BEGIN_STUB_FUNCTION();
5499
5500 JSValuePtr val = ARG_src1;
5501 JSValuePtr shift = ARG_src2;
5502
5503 int32_t left;
5504 uint32_t right;
5505 if (JSFastMath::canDoFastRshift(val, shift))
5506 return JSValuePtr::encode(JSFastMath::rightShiftImmediateNumbers(val, shift));
5507 if (val.numberToInt32(left) && shift.numberToUInt32(right))
5508 return JSValuePtr::encode(jsNumber(ARG_globalData, left >> (right & 0x1f)));
5509
5510 CallFrame* callFrame = ARG_callFrame;
5511 JSValuePtr result = jsNumber(ARG_globalData, (val.toInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
5512 CHECK_FOR_EXCEPTION_AT_END();
5513 return JSValuePtr::encode(result);
5514 }
5515
5516 JSValueEncodedAsPointer* Interpreter::cti_op_bitnot(STUB_ARGS)
5517 {
5518 BEGIN_STUB_FUNCTION();
5519
5520 JSValuePtr src = ARG_src1;
5521
5522 int value;
5523 if (src.numberToInt32(value))
5524 return JSValuePtr::encode(jsNumber(ARG_globalData, ~value));
5525
5526 CallFrame* callFrame = ARG_callFrame;
5527 JSValuePtr result = jsNumber(ARG_globalData, ~src.toInt32(callFrame));
5528 CHECK_FOR_EXCEPTION_AT_END();
5529 return JSValuePtr::encode(result);
5530 }
5531
5532 VoidPtrPair Interpreter::cti_op_resolve_with_base(STUB_ARGS)
5533 {
5534 BEGIN_STUB_FUNCTION();
5535
5536 CallFrame* callFrame = ARG_callFrame;
5537 ScopeChainNode* scopeChain = callFrame->scopeChain();
5538
5539 ScopeChainIterator iter = scopeChain->begin();
5540 ScopeChainIterator end = scopeChain->end();
5541
5542 // FIXME: add scopeDepthIsZero optimization
5543
5544 ASSERT(iter != end);
5545
5546 Identifier& ident = *ARG_id1;
5547 JSObject* base;
5548 do {
5549 base = *iter;
5550 PropertySlot slot(base);
5551 if (base->getPropertySlot(callFrame, ident, slot)) {
5552 JSValuePtr result = slot.getValue(callFrame, ident);
5553 CHECK_FOR_EXCEPTION_AT_END();
5554
5555 RETURN_PAIR(base, JSValuePtr::encode(result));
5556 }
5557 ++iter;
5558 } while (iter != end);
5559
5560 CodeBlock* codeBlock = callFrame->codeBlock();
5561 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
5562 ARG_globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
5563 VM_THROW_EXCEPTION_2();
5564 }
5565
5566 JSObject* Interpreter::cti_op_new_func_exp(STUB_ARGS)
5567 {
5568 BEGIN_STUB_FUNCTION();
5569
5570 return ARG_funcexp1->makeFunction(ARG_callFrame, ARG_callFrame->scopeChain());
5571 }
5572
5573 JSValueEncodedAsPointer* Interpreter::cti_op_mod(STUB_ARGS)
5574 {
5575 BEGIN_STUB_FUNCTION();
5576
5577 JSValuePtr dividendValue = ARG_src1;
5578 JSValuePtr divisorValue = ARG_src2;
5579
5580 CallFrame* callFrame = ARG_callFrame;
5581 double d = dividendValue.toNumber(callFrame);
5582 JSValuePtr result = jsNumber(ARG_globalData, fmod(d, divisorValue.toNumber(callFrame)));
5583 CHECK_FOR_EXCEPTION_AT_END();
5584 return JSValuePtr::encode(result);
5585 }
5586
5587 JSValueEncodedAsPointer* Interpreter::cti_op_less(STUB_ARGS)
5588 {
5589 BEGIN_STUB_FUNCTION();
5590
5591 CallFrame* callFrame = ARG_callFrame;
5592 JSValuePtr result = jsBoolean(jsLess(callFrame, ARG_src1, ARG_src2));
5593 CHECK_FOR_EXCEPTION_AT_END();
5594 return JSValuePtr::encode(result);
5595 }
5596
5597 JSValueEncodedAsPointer* Interpreter::cti_op_neq(STUB_ARGS)
5598 {
5599 BEGIN_STUB_FUNCTION();
5600
5601 JSValuePtr src1 = ARG_src1;
5602 JSValuePtr src2 = ARG_src2;
5603
5604 ASSERT(!JSValuePtr::areBothInt32Fast(src1, src2));
5605
5606 CallFrame* callFrame = ARG_callFrame;
5607 JSValuePtr result = jsBoolean(!JSValuePtr::equalSlowCaseInline(callFrame, src1, src2));
5608 CHECK_FOR_EXCEPTION_AT_END();
5609 return JSValuePtr::encode(result);
5610 }
5611
5612 VoidPtrPair Interpreter::cti_op_post_dec(STUB_ARGS)
5613 {
5614 BEGIN_STUB_FUNCTION();
5615
5616 JSValuePtr v = ARG_src1;
5617
5618 CallFrame* callFrame = ARG_callFrame;
5619
5620 JSValuePtr number = v.toJSNumber(callFrame);
5621 CHECK_FOR_EXCEPTION_AT_END();
5622
5623 RETURN_PAIR(JSValuePtr::encode(number), JSValuePtr::encode(jsNumber(ARG_globalData, number.uncheckedGetNumber() - 1)));
5624 }
5625
5626 JSValueEncodedAsPointer* Interpreter::cti_op_urshift(STUB_ARGS)
5627 {
5628 BEGIN_STUB_FUNCTION();
5629
5630 JSValuePtr val = ARG_src1;
5631 JSValuePtr shift = ARG_src2;
5632
5633 CallFrame* callFrame = ARG_callFrame;
5634
5635 if (JSFastMath::canDoFastUrshift(val, shift))
5636 return JSValuePtr::encode(JSFastMath::rightShiftImmediateNumbers(val, shift));
5637 else {
5638 JSValuePtr result = jsNumber(ARG_globalData, (val.toUInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
5639 CHECK_FOR_EXCEPTION_AT_END();
5640 return JSValuePtr::encode(result);
5641 }
5642 }
5643
5644 JSValueEncodedAsPointer* Interpreter::cti_op_bitxor(STUB_ARGS)
5645 {
5646 BEGIN_STUB_FUNCTION();
5647
5648 JSValuePtr src1 = ARG_src1;
5649 JSValuePtr src2 = ARG_src2;
5650
5651 CallFrame* callFrame = ARG_callFrame;
5652
5653 JSValuePtr result = jsNumber(ARG_globalData, src1.toInt32(callFrame) ^ src2.toInt32(callFrame));
5654 CHECK_FOR_EXCEPTION_AT_END();
5655 return JSValuePtr::encode(result);
5656 }
5657
5658 JSObject* Interpreter::cti_op_new_regexp(STUB_ARGS)
5659 {
5660 BEGIN_STUB_FUNCTION();
5661
5662 return new (ARG_globalData) RegExpObject(ARG_callFrame->lexicalGlobalObject()->regExpStructure(), ARG_regexp1);
5663 }
5664
5665 JSValueEncodedAsPointer* Interpreter::cti_op_bitor(STUB_ARGS)
5666 {
5667 BEGIN_STUB_FUNCTION();
5668
5669 JSValuePtr src1 = ARG_src1;
5670 JSValuePtr src2 = ARG_src2;
5671
5672 CallFrame* callFrame = ARG_callFrame;
5673
5674 JSValuePtr result = jsNumber(ARG_globalData, src1.toInt32(callFrame) | src2.toInt32(callFrame));
5675 CHECK_FOR_EXCEPTION_AT_END();
5676 return JSValuePtr::encode(result);
5677 }
5678
5679 JSValueEncodedAsPointer* Interpreter::cti_op_call_eval(STUB_ARGS)
5680 {
5681 BEGIN_STUB_FUNCTION();
5682
5683 CallFrame* callFrame = ARG_callFrame;
5684 RegisterFile* registerFile = ARG_registerFile;
5685
5686 Interpreter* interpreter = ARG_globalData->interpreter;
5687
5688 JSValuePtr funcVal = ARG_src1;
5689 int registerOffset = ARG_int2;
5690 int argCount = ARG_int3;
5691
5692 Register* newCallFrame = callFrame->registers() + registerOffset;
5693 Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
5694 JSValuePtr thisValue = argv[0].jsValue(callFrame);
5695 JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
5696
5697 if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
5698 JSValuePtr exceptionValue = noValue();
5699 JSValuePtr result = interpreter->callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
5700 if (UNLIKELY(exceptionValue != noValue())) {
5701 ARG_globalData->exception = exceptionValue;
5702 VM_THROW_EXCEPTION_AT_END();
5703 }
5704 return JSValuePtr::encode(result);
5705 }
5706
5707 return JSValuePtr::encode(jsImpossibleValue());
5708 }
5709
5710 JSValueEncodedAsPointer* Interpreter::cti_op_throw(STUB_ARGS)
5711 {
5712 BEGIN_STUB_FUNCTION();
5713
5714 CallFrame* callFrame = ARG_callFrame;
5715 CodeBlock* codeBlock = callFrame->codeBlock();
5716
5717 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
5718
5719 JSValuePtr exceptionValue = ARG_src1;
5720 ASSERT(exceptionValue);
5721
5722 HandlerInfo* handler = ARG_globalData->interpreter->throwException(callFrame, exceptionValue, vPCIndex, true);
5723
5724 if (!handler) {
5725 *ARG_exception = exceptionValue;
5726 return JSValuePtr::encode(jsNull());
5727 }
5728
5729 ARG_setCallFrame(callFrame);
5730 void* catchRoutine = handler->nativeCode;
5731 ASSERT(catchRoutine);
5732 STUB_SET_RETURN_ADDRESS(catchRoutine);
5733 return JSValuePtr::encode(exceptionValue);
5734 }
5735
5736 JSPropertyNameIterator* Interpreter::cti_op_get_pnames(STUB_ARGS)
5737 {
5738 BEGIN_STUB_FUNCTION();
5739
5740 return JSPropertyNameIterator::create(ARG_callFrame, ARG_src1);
5741 }
5742
5743 JSValueEncodedAsPointer* Interpreter::cti_op_next_pname(STUB_ARGS)
5744 {
5745 BEGIN_STUB_FUNCTION();
5746
5747 JSPropertyNameIterator* it = ARG_pni1;
5748 JSValuePtr temp = it->next(ARG_callFrame);
5749 if (!temp)
5750 it->invalidate();
5751 return JSValuePtr::encode(temp);
5752 }
5753
5754 JSObject* Interpreter::cti_op_push_scope(STUB_ARGS)
5755 {
5756 BEGIN_STUB_FUNCTION();
5757
5758 JSObject* o = ARG_src1.toObject(ARG_callFrame);
5759 CHECK_FOR_EXCEPTION();
5760 ARG_callFrame->setScopeChain(ARG_callFrame->scopeChain()->push(o));
5761 return o;
5762 }
5763
5764 void Interpreter::cti_op_pop_scope(STUB_ARGS)
5765 {
5766 BEGIN_STUB_FUNCTION();
5767
5768 ARG_callFrame->setScopeChain(ARG_callFrame->scopeChain()->pop());
5769 }
5770
5771 JSValueEncodedAsPointer* Interpreter::cti_op_typeof(STUB_ARGS)
5772 {
5773 BEGIN_STUB_FUNCTION();
5774
5775 return JSValuePtr::encode(jsTypeStringForValue(ARG_callFrame, ARG_src1));
5776 }
5777
5778 JSValueEncodedAsPointer* Interpreter::cti_op_is_undefined(STUB_ARGS)
5779 {
5780 BEGIN_STUB_FUNCTION();
5781
5782 JSValuePtr v = ARG_src1;
5783 return JSValuePtr::encode(jsBoolean(v.isCell() ? v.asCell()->structure()->typeInfo().masqueradesAsUndefined() : v.isUndefined()));
5784 }
5785
5786 JSValueEncodedAsPointer* Interpreter::cti_op_is_boolean(STUB_ARGS)
5787 {
5788 BEGIN_STUB_FUNCTION();
5789
5790 return JSValuePtr::encode(jsBoolean(ARG_src1.isBoolean()));
5791 }
5792
5793 JSValueEncodedAsPointer* Interpreter::cti_op_is_number(STUB_ARGS)
5794 {
5795 BEGIN_STUB_FUNCTION();
5796
5797 return JSValuePtr::encode(jsBoolean(ARG_src1.isNumber()));
5798 }
5799
5800 JSValueEncodedAsPointer* Interpreter::cti_op_is_string(STUB_ARGS)
5801 {
5802 BEGIN_STUB_FUNCTION();
5803
5804 return JSValuePtr::encode(jsBoolean(ARG_globalData->interpreter->isJSString(ARG_src1)));
5805 }
5806
5807 JSValueEncodedAsPointer* Interpreter::cti_op_is_object(STUB_ARGS)
5808 {
5809 BEGIN_STUB_FUNCTION();
5810
5811 return JSValuePtr::encode(jsBoolean(jsIsObjectType(ARG_src1)));
5812 }
5813
5814 JSValueEncodedAsPointer* Interpreter::cti_op_is_function(STUB_ARGS)
5815 {
5816 BEGIN_STUB_FUNCTION();
5817
5818 return JSValuePtr::encode(jsBoolean(jsIsFunctionType(ARG_src1)));
5819 }
5820
5821 JSValueEncodedAsPointer* Interpreter::cti_op_stricteq(STUB_ARGS)
5822 {
5823 BEGIN_STUB_FUNCTION();
5824
5825 JSValuePtr src1 = ARG_src1;
5826 JSValuePtr src2 = ARG_src2;
5827
5828 return JSValuePtr::encode(jsBoolean(JSValuePtr::strictEqual(src1, src2)));
5829 }
5830
5831 JSValueEncodedAsPointer* Interpreter::cti_op_nstricteq(STUB_ARGS)
5832 {
5833 BEGIN_STUB_FUNCTION();
5834
5835 JSValuePtr src1 = ARG_src1;
5836 JSValuePtr src2 = ARG_src2;
5837
5838 return JSValuePtr::encode(jsBoolean(!JSValuePtr::strictEqual(src1, src2)));
5839 }
5840
5841 JSValueEncodedAsPointer* Interpreter::cti_op_to_jsnumber(STUB_ARGS)
5842 {
5843 BEGIN_STUB_FUNCTION();
5844
5845 JSValuePtr src = ARG_src1;
5846 CallFrame* callFrame = ARG_callFrame;
5847
5848 JSValuePtr result = src.toJSNumber(callFrame);
5849 CHECK_FOR_EXCEPTION_AT_END();
5850 return JSValuePtr::encode(result);
5851 }
5852
5853 JSValueEncodedAsPointer* Interpreter::cti_op_in(STUB_ARGS)
5854 {
5855 BEGIN_STUB_FUNCTION();
5856
5857 CallFrame* callFrame = ARG_callFrame;
5858 JSValuePtr baseVal = ARG_src2;
5859
5860 if (!baseVal.isObject()) {
5861 CallFrame* callFrame = ARG_callFrame;
5862 CodeBlock* codeBlock = callFrame->codeBlock();
5863 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
5864 ARG_globalData->exception = createInvalidParamError(callFrame, "in", baseVal, vPCIndex, codeBlock);
5865 VM_THROW_EXCEPTION();
5866 }
5867
5868 JSValuePtr propName = ARG_src1;
5869 JSObject* baseObj = asObject(baseVal);
5870
5871 uint32_t i;
5872 if (propName.getUInt32(i))
5873 return JSValuePtr::encode(jsBoolean(baseObj->hasProperty(callFrame, i)));
5874
5875 Identifier property(callFrame, propName.toString(callFrame));
5876 CHECK_FOR_EXCEPTION();
5877 return JSValuePtr::encode(jsBoolean(baseObj->hasProperty(callFrame, property)));
5878 }
5879
5880 JSObject* Interpreter::cti_op_push_new_scope(STUB_ARGS)
5881 {
5882 BEGIN_STUB_FUNCTION();
5883
5884 JSObject* scope = new (ARG_globalData) JSStaticScopeObject(ARG_callFrame, *ARG_id1, ARG_src2, DontDelete);
5885
5886 CallFrame* callFrame = ARG_callFrame;
5887 callFrame->setScopeChain(callFrame->scopeChain()->push(scope));
5888 return scope;
5889 }
5890
5891 void Interpreter::cti_op_jmp_scopes(STUB_ARGS)
5892 {
5893 BEGIN_STUB_FUNCTION();
5894
5895 unsigned count = ARG_int1;
5896 CallFrame* callFrame = ARG_callFrame;
5897
5898 ScopeChainNode* tmp = callFrame->scopeChain();
5899 while (count--)
5900 tmp = tmp->pop();
5901 callFrame->setScopeChain(tmp);
5902 }
5903
5904 void Interpreter::cti_op_put_by_index(STUB_ARGS)
5905 {
5906 BEGIN_STUB_FUNCTION();
5907
5908 CallFrame* callFrame = ARG_callFrame;
5909 unsigned property = ARG_int2;
5910
5911 ARG_src1.put(callFrame, property, ARG_src3);
5912 }
5913
5914 void* Interpreter::cti_op_switch_imm(STUB_ARGS)
5915 {
5916 BEGIN_STUB_FUNCTION();
5917
5918 JSValuePtr scrutinee = ARG_src1;
5919 unsigned tableIndex = ARG_int2;
5920 CallFrame* callFrame = ARG_callFrame;
5921 CodeBlock* codeBlock = callFrame->codeBlock();
5922
5923 if (scrutinee.isInt32Fast())
5924 return codeBlock->immediateSwitchJumpTable(tableIndex).ctiForValue(scrutinee.getInt32Fast());
5925 else {
5926 int32_t value;
5927 if (scrutinee.numberToInt32(value))
5928 return codeBlock->immediateSwitchJumpTable(tableIndex).ctiForValue(value);
5929 else
5930 return codeBlock->immediateSwitchJumpTable(tableIndex).ctiDefault;
5931 }
5932 }
5933
5934 void* Interpreter::cti_op_switch_char(STUB_ARGS)
5935 {
5936 BEGIN_STUB_FUNCTION();
5937
5938 JSValuePtr scrutinee = ARG_src1;
5939 unsigned tableIndex = ARG_int2;
5940 CallFrame* callFrame = ARG_callFrame;
5941 CodeBlock* codeBlock = callFrame->codeBlock();
5942
5943 void* result = codeBlock->characterSwitchJumpTable(tableIndex).ctiDefault;
5944
5945 if (scrutinee.isString()) {
5946 UString::Rep* value = asString(scrutinee)->value().rep();
5947 if (value->size() == 1)
5948 result = codeBlock->characterSwitchJumpTable(tableIndex).ctiForValue(value->data()[0]);
5949 }
5950
5951 return result;
5952 }
5953
5954 void* Interpreter::cti_op_switch_string(STUB_ARGS)
5955 {
5956 BEGIN_STUB_FUNCTION();
5957
5958 JSValuePtr scrutinee = ARG_src1;
5959 unsigned tableIndex = ARG_int2;
5960 CallFrame* callFrame = ARG_callFrame;
5961 CodeBlock* codeBlock = callFrame->codeBlock();
5962
5963 void* result = codeBlock->stringSwitchJumpTable(tableIndex).ctiDefault;
5964
5965 if (scrutinee.isString()) {
5966 UString::Rep* value = asString(scrutinee)->value().rep();
5967 result = codeBlock->stringSwitchJumpTable(tableIndex).ctiForValue(value);
5968 }
5969
5970 return result;
5971 }
5972
5973 JSValueEncodedAsPointer* Interpreter::cti_op_del_by_val(STUB_ARGS)
5974 {
5975 BEGIN_STUB_FUNCTION();
5976
5977 CallFrame* callFrame = ARG_callFrame;
5978
5979 JSValuePtr baseValue = ARG_src1;
5980 JSObject* baseObj = baseValue.toObject(callFrame); // may throw
5981
5982 JSValuePtr subscript = ARG_src2;
5983 JSValuePtr result;
5984 uint32_t i;
5985 if (subscript.getUInt32(i))
5986 result = jsBoolean(baseObj->deleteProperty(callFrame, i));
5987 else {
5988 CHECK_FOR_EXCEPTION();
5989 Identifier property(callFrame, subscript.toString(callFrame));
5990 CHECK_FOR_EXCEPTION();
5991 result = jsBoolean(baseObj->deleteProperty(callFrame, property));
5992 }
5993
5994 CHECK_FOR_EXCEPTION_AT_END();
5995 return JSValuePtr::encode(result);
5996 }
5997
5998 void Interpreter::cti_op_put_getter(STUB_ARGS)
5999 {
6000 BEGIN_STUB_FUNCTION();
6001
6002 CallFrame* callFrame = ARG_callFrame;
6003
6004 ASSERT(ARG_src1.isObject());
6005 JSObject* baseObj = asObject(ARG_src1);
6006 ASSERT(ARG_src3.isObject());
6007 baseObj->defineGetter(callFrame, *ARG_id2, asObject(ARG_src3));
6008 }
6009
6010 void Interpreter::cti_op_put_setter(STUB_ARGS)
6011 {
6012 BEGIN_STUB_FUNCTION();
6013
6014 CallFrame* callFrame = ARG_callFrame;
6015
6016 ASSERT(ARG_src1.isObject());
6017 JSObject* baseObj = asObject(ARG_src1);
6018 ASSERT(ARG_src3.isObject());
6019 baseObj->defineSetter(callFrame, *ARG_id2, asObject(ARG_src3));
6020 }
6021
6022 JSObject* Interpreter::cti_op_new_error(STUB_ARGS)
6023 {
6024 BEGIN_STUB_FUNCTION();
6025
6026 CallFrame* callFrame = ARG_callFrame;
6027 CodeBlock* codeBlock = callFrame->codeBlock();
6028 unsigned type = ARG_int1;
6029 JSValuePtr message = ARG_src2;
6030 unsigned bytecodeOffset = ARG_int3;
6031
6032 unsigned lineNumber = codeBlock->lineNumberForBytecodeOffset(callFrame, bytecodeOffset);
6033 return Error::create(callFrame, static_cast<ErrorType>(type), message.toString(callFrame), lineNumber, codeBlock->ownerNode()->sourceID(), codeBlock->ownerNode()->sourceURL());
6034 }
6035
6036 void Interpreter::cti_op_debug(STUB_ARGS)
6037 {
6038 BEGIN_STUB_FUNCTION();
6039
6040 CallFrame* callFrame = ARG_callFrame;
6041
6042 int debugHookID = ARG_int1;
6043 int firstLine = ARG_int2;
6044 int lastLine = ARG_int3;
6045
6046 ARG_globalData->interpreter->debug(callFrame, static_cast<DebugHookID>(debugHookID), firstLine, lastLine);
6047 }
6048
6049 JSValueEncodedAsPointer* Interpreter::cti_vm_throw(STUB_ARGS)
6050 {
6051 BEGIN_STUB_FUNCTION();
6052
6053 CallFrame* callFrame = ARG_callFrame;
6054 CodeBlock* codeBlock = callFrame->codeBlock();
6055 JSGlobalData* globalData = ARG_globalData;
6056
6057 unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, globalData->exceptionLocation);
6058
6059 JSValuePtr exceptionValue = globalData->exception;
6060 ASSERT(exceptionValue);
6061 globalData->exception = noValue();
6062
6063 HandlerInfo* handler = globalData->interpreter->throwException(callFrame, exceptionValue, vPCIndex, false);
6064
6065 if (!handler) {
6066 *ARG_exception = exceptionValue;
6067 return JSValuePtr::encode(jsNull());
6068 }
6069
6070 ARG_setCallFrame(callFrame);
6071 void* catchRoutine = handler->nativeCode;
6072 ASSERT(catchRoutine);
6073 STUB_SET_RETURN_ADDRESS(catchRoutine);
6074 return JSValuePtr::encode(exceptionValue);
6075 }
6076
6077 #undef STUB_RETURN_ADDRESS
6078 #undef STUB_SET_RETURN_ADDRESS
6079 #undef BEGIN_STUB_FUNCTION
6080 #undef CHECK_FOR_EXCEPTION
6081 #undef CHECK_FOR_EXCEPTION_AT_END
6082 #undef CHECK_FOR_EXCEPTION_VOID
6083 #undef VM_THROW_EXCEPTION
6084 #undef VM_THROW_EXCEPTION_2
6085 #undef VM_THROW_EXCEPTION_AT_END
6086
6087 #endif // ENABLE(JIT)
6088
6089 } // namespace JSC
mirror of JavaScriptCore