Imported WebKit commit 6339232fec7f5d9984a33388aecfd2cbc7832053 (http://svn.webkit.org/repository/webkit/trunk@129343)

New snapshot with build fixes for latest qtbase

3 files changed, 43 insertions, 25 deletions

diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index 6b31be221..54dccb9ed 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -532,8 +532,8 @@ void CodeBlock::dump(ExecState* exec)
         static_cast<unsigned long>(instructions().size() * sizeof(Instruction)),
         this, codeTypeToString(codeType()), m_numParameters, m_numCalleeRegisters,
         m_numVars);
-    if (m_numCapturedVars)
-        dataLog("; %d captured var(s)", m_numCapturedVars);
+    if (m_symbolTable->captureCount())
+        dataLog("; %d captured var(s)", m_symbolTable->captureCount());
     if (usesArguments()) {
         dataLog(
             "; uses arguments, in r%d, r%d",
@@ -873,8 +873,11 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
             break;
         }
         case op_check_has_instance: {
-            int base = (++it)->u.operand;
-            dataLog("[%4d] check_has_instance\t\t %s", location, registerName(exec, base).data());
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            dataLog("[%4d] check_has_instance\t\t %s, %s, %s, %d(->%d)", location, registerName(exec, r0).data(), registerName(exec, r1).data(), registerName(exec, r2).data(), offset, location + offset);
             dumpBytecodeCommentAndNewLine(location);
             break;
         }
@@ -882,8 +885,7 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
             int r0 = (++it)->u.operand;
             int r1 = (++it)->u.operand;
             int r2 = (++it)->u.operand;
-            int r3 = (++it)->u.operand;
-            dataLog("[%4d] instanceof\t\t %s, %s, %s, %s", location, registerName(exec, r0).data(), registerName(exec, r1).data(), registerName(exec, r2).data(), registerName(exec, r3).data());
+            dataLog("[%4d] instanceof\t\t %s, %s, %s", location, registerName(exec, r0).data(), registerName(exec, r1).data(), registerName(exec, r2).data());
             dumpBytecodeCommentAndNewLine(location);
             break;
         }
@@ -1707,7 +1709,6 @@ CodeBlock::CodeBlock(CopyParsedBlockTag, CodeBlock& other)
     , m_heap(other.m_heap)
     , m_numCalleeRegisters(other.m_numCalleeRegisters)
     , m_numVars(other.m_numVars)
-    , m_numCapturedVars(other.m_numCapturedVars)
     , m_isConstructor(other.m_isConstructor)
     , m_ownerExecutable(*other.m_globalData, other.m_ownerExecutable.get(), other.m_ownerExecutable.get())
     , m_globalData(other.m_globalData)
@@ -1773,7 +1774,6 @@ CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, CodeType codeType, JSGlo
     , m_heap(&m_globalObject->globalData().heap)
     , m_numCalleeRegisters(0)
     , m_numVars(0)
-    , m_numCapturedVars(0)
     , m_isConstructor(isConstructor)
     , m_numParameters(0)
     , m_ownerExecutable(globalObject->globalData(), ownerExecutable, ownerExecutable)
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h
index d0c969c6d..22c48311c 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.h
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h
@@ -432,6 +432,8 @@ namespace JSC {
 
         unsigned instructionCount() { return m_instructions.size(); }
 
+        int argumentIndexAfterCapture(size_t argument);
+
 #if ENABLE(JIT)
         void setJITCode(const JITCode& code, MacroAssemblerCodePtr codeWithArityCheck)
         {
@@ -514,7 +516,7 @@ namespace JSC {
             m_argumentsRegister = argumentsRegister;
             ASSERT(usesArguments());
         }
-        int argumentsRegister()
+        int argumentsRegister() const
         {
             ASSERT(usesArguments());
             return m_argumentsRegister;
@@ -529,7 +531,7 @@ namespace JSC {
         {
             m_activationRegister = activationRegister;
         }
-        int activationRegister()
+        int activationRegister() const
         {
             ASSERT(needsFullScopeChain());
             return m_activationRegister;
@@ -552,11 +554,24 @@ namespace JSC {
             if (inlineCallFrame && !operandIsArgument(operand))
                 return inlineCallFrame->capturedVars.get(operand);
 
-            // Our estimate of argument capture is conservative.
             if (operandIsArgument(operand))
-                return needsActivation() || usesArguments();
+                return usesArguments();
+
+            // The activation object isn't in the captured region, but it's "captured"
+            // in the sense that stores to its location can be observed indirectly.
+            if (needsActivation() && operand == activationRegister())
+                return true;
+
+            // Ditto for the arguments object.
+            if (usesArguments() && operand == argumentsRegister())
+                return true;
 
-            return operand < m_numCapturedVars;
+            // Ditto for the arguments object.
+            if (usesArguments() && operand == unmodifiedArgumentsRegister(argumentsRegister()))
+                return true;
+
+            return operand >= m_symbolTable->captureStart() 
+                && operand < m_symbolTable->captureEnd();
         }
 
         CodeType codeType() const { return m_codeType; }
@@ -1174,7 +1189,6 @@ namespace JSC {
 
         int m_numCalleeRegisters;
         int m_numVars;
-        int m_numCapturedVars;
         bool m_isConstructor;
 
     protected:
@@ -1520,6 +1534,18 @@ namespace JSC {
         return baselineCodeBlock;
     }
     
+    inline int CodeBlock::argumentIndexAfterCapture(size_t argument)
+    {
+        if (argument >= static_cast<size_t>(symbolTable()->parameterCount()))
+            return CallFrame::argumentOffset(argument);
+
+        const SlowArgument* slowArguments = symbolTable()->slowArguments();
+        if (!slowArguments || slowArguments[argument].status == SlowArgument::Normal)
+            return CallFrame::argumentOffset(argument);
+
+        ASSERT(slowArguments[argument].status == SlowArgument::Captured);
+        return slowArguments[argument].index;
+    }
 
     inline Register& ExecState::r(int index)
     {
@@ -1552,15 +1578,7 @@ namespace JSC {
         if (!codeBlock())
             return this[argumentOffset(argument)].jsValue();
 
-        if (argument >= static_cast<size_t>(codeBlock()->symbolTable()->parameterCount()))
-            return this[argumentOffset(argument)].jsValue();
-
-        const SlowArgument* slowArguments = codeBlock()->symbolTable()->slowArguments();
-        if (!slowArguments || slowArguments[argument].status == SlowArgument::Normal)
-            return this[argumentOffset(argument)].jsValue();
-
-        ASSERT(slowArguments[argument].status == SlowArgument::Captured);
-        return this[slowArguments[argument].indexIfCaptured].jsValue();
+        return this[codeBlock()->argumentIndexAfterCapture(argument)].jsValue();
     }
 
 #if ENABLE(DFG_JIT)
diff --git a/Source/JavaScriptCore/bytecode/Opcode.h b/Source/JavaScriptCore/bytecode/Opcode.h
index 87b100056..a5d466154 100644
--- a/Source/JavaScriptCore/bytecode/Opcode.h
+++ b/Source/JavaScriptCore/bytecode/Opcode.h
@@ -84,8 +84,8 @@ namespace JSC {
         macro(op_bitxor, 5) \
         macro(op_bitor, 5) \
         \
-        macro(op_check_has_instance, 2) \
-        macro(op_instanceof, 5) \
+        macro(op_check_has_instance, 5) \
+        macro(op_instanceof, 4) \
         macro(op_typeof, 3) \
         macro(op_is_undefined, 3) \
         macro(op_is_boolean, 3) \