Closed Bug 724790 Opened 12 years ago Closed 12 years ago

can we avoid this hasOverriddenArgs funny business?

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla13

People

(Reporter: luke, Assigned: luke)

References

Details

Attachments

(1 file, 2 obsolete files)

rm overwritten args v.2 (v.2)
32.85 KB, patch
Waldo
: review+
Details | Diff | Splinter Review 
If I understand correctly, 'arguments' can only be overwritten by a direct assignment in a function or a direct eval in a function.  In particular, 'f.arguments = 3' does not overwrite arguments.  In that case, it seems like we should just stop emitting jsop_arguments (emitting name ops instead) and avoid the need to test for overwritten arguments.
Attached patch rm overwritten args (obsolete) — Splinter Review 
We already track when we overwrite 'arguments' in a formal so it is easy enough to add the symmetric case for overwritten locals.  The patch as is, I think, a strict simplification of the current code, but not much.  However, this pays off with my later patch to make arguments (mostly) eager in a way that ultimately allows GetCallArguments/SetCallArguments/call_resolve to be replaced by a simple data property.
Assignee: general → luke
Status: NEW → ASSIGNED
Attachment #595232 - Flags: review?(jwalden+bmo)
Comment on attachment 595232 [details] [diff] [review]
rm overwritten args

Review of attachment 595232 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/frontend/BytecodeEmitter.h
@@ +167,5 @@
>  #define TCF_RETURN_VOID         0x08 /* function has 'return;' */
>  #define TCF_IN_FOR_INIT         0x10 /* parsing init expr of for; exclude 'in' */
>  #define TCF_FUN_SETS_OUTER_NAME 0x20 /* function set outer name (lexical or free) */
>  #define TCF_FUN_PARAM_ARGUMENTS 0x40 /* function has parameter named arguments */
> +#define TCF_FUN_LOCAL_ARGUMENTS 0x80 /* function has local named arguments */

TCF_FUN_ARGUMENTS_LOCAL reads better to me, as in "has an arguments local".  The other ordering suggests the arguments are local, which is true -- but vacuously so.  Although this doesn't strike me as the best possible name either...

@@ -183,2 @@
>                                          from global script */
> -/* bit 0x8000 is unused */

Sigh, I hate keeping long lists of bit names in order.

@@ +271,5 @@
>   */
>  #define TCF_FUN_FLAGS           (TCF_FUN_SETS_OUTER_NAME |                    \
>                                   TCF_FUN_USES_ARGUMENTS  |                    \
>                                   TCF_FUN_PARAM_ARGUMENTS |                    \
> +                                 TCF_FUN_LOCAL_ARGUMENTS |                    \

Should this really be the case?  I wouldn't think so, given every function has its own unique |arguments|.

@@ +437,5 @@
> +    bool mayOverwriteArguments() const {
> +        JS_ASSERT(inFunction());
> +        return !inStrictMode() &&
> +               (callsEval() ||
> +                flags & (TCF_FUN_PARAM_ARGUMENTS | TCF_FUN_LOCAL_ARGUMENTS));

We might as well assert that if inStrictMode() those flags aren't present.

::: js/src/frontend/Parser.cpp
@@ +4422,5 @@
>  
>              if (tc->inFunction() && name == context->runtime->atomState.argumentsAtom) {
>                  tc->noteArgumentsNameUse(pn2);
>                  if (!blockObj)
> +                    tc->flags |= (TCF_FUN_HEAVYWEIGHT | TCF_FUN_LOCAL_ARGUMENTS);

So we're going to (already do?) deoptimize functions with a let-variable named |arguments|?  Fine by me.

::: js/src/jsfun.cpp
@@ +672,1 @@
>              callobj.initArguments(ObjectValue(fp->argsObj()));

Looks like initArguments should take ArgumentsObject&...

@@ +759,5 @@
>  {
>      CallObject &callobj = obj->asCall();
>  
>      StackFrame *fp = callobj.maybeStackFrame();
> +    if (fp && callobj.arguments().isUndefined()) {

SetCallArguments will cheerfully set arguments() to |undefined|, so I don't think this works.

[jwalden@wheres-wally src]$ dbg/js
js> function f() { var arguments; arguments = undefined; return arguments; } f(1, 2, 3)
({0:1, 1:2, 2:3})

Which just might blow this idea out of the water, actually.  But you're the one proposing a simplification, and I'm the one poking holes in it, so maybe you see a clever trick to keep things working.

::: js/src/methodjit/StubCalls.cpp
@@ +1368,2 @@
>      f.regs.sp++;
> +    JSObject *arguments = js_GetArgsObject(f.cx, f.fp());

As a reader nicety, it seems better if the variable type here is the narrowest thing possible, i.e. ArgumentsObject*.

::: js/src/vm/ScopeObject.h
@@ +132,5 @@
>      inline JSFunction *getCalleeFunction() const;
>      inline void setCallee(JSObject *callee);
>  
>      /* Returns the callee's arguments object. */
> +    inline const js::Value &arguments() const;

This comment's a lie (now?) -- the value returned is whatever the value of |arguments| is inside the function.

/* Returns the value of the |arguments| binding for this CallObject. */

Maybe?

The way this returns undefined before initing/setting is also a bit weird, and in need of elucidation.  But see below.

@@ +137,2 @@
>      inline void setArguments(const js::Value &v);
>      inline void initArguments(const js::Value &v);

set/init and when to use them are a bit confusing, seems to me.  I am going to assume your subsequent patch simplifying arguments to a data property will take care of this.

::: js/src/vm/Stack.h
@@ +376,1 @@
>      };

This enum needs an entry for the free bits available for future use, if you're going to touch this.
Attachment #595232 - Flags: review?(jwalden+bmo) → review-
(In reply to Jeff Walden (:Waldo) (remove +bmo to email) from comment #2)

> >  #define TCF_FUN_FLAGS           (TCF_FUN_SETS_OUTER_NAME |                    \
> >                                   TCF_FUN_USES_ARGUMENTS  |                    \
> >                                   TCF_FUN_PARAM_ARGUMENTS |                    \
> > +                                 TCF_FUN_LOCAL_ARGUMENTS |                    \
> 
> Should this really be the case?  I wouldn't think so, given every function
> has its own unique |arguments|.

Initially I left it out for the same reason but, iirc, this mask seemed to be applied when copying flags from the body of a function to the emitter for the function so I was losing the flag.

> SetCallArguments will cheerfully set arguments() to |undefined|, so I don't
> think this works.

D'oh, I saw this, but I put the fix in a later patch (http://hg.mozilla.org/users/lwagner_mozilla.com/inbound-patches/file/a74e2b978ca9/eager-args-obj#l941) but I didn't push the fix up to this patch.  Good eye; new patch when I get back.
(In reply to Jeff Walden (:Waldo) (remove +bmo to email) from comment #2)
> >  #define TCF_FUN_PARAM_ARGUMENTS 0x40 /* function has parameter named arguments */
> > +#define TCF_FUN_LOCAL_ARGUMENTS 0x80 /* function has local named arguments */
> 
> TCF_FUN_ARGUMENTS_LOCAL reads better to me, as in "has an arguments local". 

TCF_FUN_LOCAL_ARGUMENTS is symmetric with TCF_FUN_PARAM_ARGUMENTS
Attached patch rm overwritten args v.2 (obsolete) — Splinter Review 

        Attachment #595232 -
        Attachment is obsolete: true

        Attachment #599234 -
        Flags: review?(jwalden+bmo)

    
    

    
  
Green on try

    
    

    
  


  
Somehow I managed to re-upload the original patch last time...

        Attachment #601050 -
        Flags: review?(jwalden+bmo)

    
  

        Attachment #599234 -
        Attachment is obsolete: true

        Attachment #599234 -
        Flags: review?(jwalden+bmo)

    
    

    
  
Comment on attachment 601050 [details] [diff] [review]
rm overwritten args v.2 (v.2)

Review of attachment 601050 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit-test/tests/basic/testOverwrittenArgumentsWithUndefined.js
@@ +6,5 @@
> +    eval("assertEq(arguments, undefined)");
> +    arguments = a;
> +    eval("assertEq(arguments[0], 42)");
> +    eval("assertEq(arguments, a)");
> +}

Tangentially:

Does the test pass if you change |f()| to |f(z)| and assign 17 to |z| while |arguments === undefined|, then test for |a[0] === 17|?  Add that in the test if it passes.  (I'm not sure if it does.)  Also add the converse, setting |a[0] = 8675309| while |arguments === undefined|, then testing for |z === 8675309|, if that passes.

::: js/src/jsinterp.cpp
@@ +3014,5 @@
>      if (cx->typeInferenceEnabled() && !script->strictModeCode) {
>          if (!script->ensureRanInference(cx))
>              goto error;
>          if (script->createdArgs) {
> +            JSObject *arguments = js_GetArgsObject(cx, regs.fp());

ArgumentsObject

@@ +3022,5 @@
>          } else {
>              rval = MagicValue(JS_LAZY_ARGUMENTS);
>          }
>      } else {
> +        JSObject *arguments = js_GetArgsObject(cx, regs.fp());

ArgumentsObject

::: js/src/vm/Stack.h
@@ +376,1 @@
>      };

This still needs an entry indicating which bits are free.

        Attachment #601050 -
        Flags: review?(jwalden+bmo) → review+

    
    

    
  
Free bits left as followup since there was no consensus on irc as to whether this was actually a good thing.

https://hg.mozilla.org/integration/mozilla-inbound/rev/bd71047c9b4d

    
  
Target Milestone: --- → mozilla13

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/bd71047c9b4d
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED

    
  
No longer depends on: 735936

    
  
Depends on: 737570

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: