Commit graph

70 commits

Author SHA1 Message Date
Linus Groh
fbb176c926 LibJS: Convert has_binding() to ThrowCompletionOr
Also add spec step comments to it while we're here.
2021-10-09 21:53:47 +01:00
Linus Groh
4f03138971 LibJS: Convert get_super_base() to ThrowCompletionOr
Also add spec step comments to it while we're here.
2021-10-09 21:53:47 +01:00
Linus Groh
fe5c2b7bb9 LibJS: Decouple new_function_environment() from FunctionObject
Now that only ECMAScriptFunctionObject uses this, we can remove the
FunctionObject::new_function_environment() pure virtual method and just
implement it as a standalone AO with an ECMAScriptFunctionObject
parameter, next to the other NewFooEnvironment AOs.
2021-10-09 14:29:20 +01:00
Linus Groh
cf168fac50 LibJS: Implement [[Call]] and [[Construct]] internal slots properly
This patch implements:

- Spec compliant [[Call]] and [[Construct]] internal slots, as virtual
  FunctionObject::internal_{call,construct}(). These effectively replace
  the old virtual FunctionObject::{call,construct}(), but with several
  advantages:
  - Clear and consistent naming, following the object internal methods
  - Use of completions
  - internal_construct() returns an Object, and not Value! This has been
    a source of confusion for a long time, since in the spec there's
    always an Object returned but the Value return type in LibJS meant
    that this could not be fully trusted and something could screw you
    over.
  - Arguments are passed explicitly in form of a MarkedValueList,
    allowing manipulation (BoundFunction). We still put them on the
    execution context as a lot of code depends on it (VM::arguments()),
    but not from the Call() / Construct() AOs anymore, which now allows
    for bypassing them and invoking [[Call]] / [[Construct]] directly.
    Nothing but Call() / Construct() themselves do that at the moment,
    but future additions to ECMA262 or already existing web specs might.
- Spec compliant, standalone Call() and Construct() AOs: currently the
  closest we have is VM::{call,construct}(), but those try to cater to
  all the different function object subclasses at once, resulting in a
  horrible mess and calling AOs with functions they should never be
  called with; most prominently PrepareForOrdinaryCall and
  OrdinaryCallBindThis, which are only for ECMAScriptFunctionObject.

As a result this also contains an implicit optimization: we no longer
need to create a new function environment for NativeFunctions - which,
worth mentioning, is what started this whole crusade in the first place
:^)
2021-10-09 14:29:20 +01:00
Andreas Kling
421845b0cd LibJS: Taint variable environment chain after non-strict direct eval()
Since non-strict direct eval() can insert new bindings into a
surrounding var scope, we cannot safely cache some assumptions about
environment chain layout after eval() has taken place.

Since eval() is rare, let's do what other engines do and simply
deoptimize in its presence. This patch adds a new "permanently screwed"
flag to JS::Environment that will be set on the entire variable
environment chain upon non-strict direct eval().
2021-10-07 11:53:18 +02:00
Linus Groh
4fa5748093 LibJS: Add an optimization to avoid needless arguments object creation
This gives FunctionNode a "might need arguments object" boolean flag and
sets it based on the simplest possible heuristic for this: if we
encounter an identifier called "arguments" or "eval" up to the next
(nested) function declaration or expression, we won't need an arguments
object. Otherwise, we *might* need one - the final decision is made in
the FunctionDeclarationInstantiation AO.

Now, this is obviously not perfect. Even if you avoid eval, something
like `foo.arguments` will still trigger a false positive - but it's a
start and already massively cuts down on needlessly allocated objects,
especially in real-world code that is often minified, and so a full
"arguments" identifier will be an actual arguments object more often
than not.

To illustrate the actual impact of this change, here's the number of
allocated arguments objects during a full test-js run:

Before:
- Unmapped arguments objects: 78765
- Mapped arguments objects: 2455

After:
- Unmapped arguments objects: 18
- Mapped arguments objects: 37

This results in a ~5% speedup of test-js on my Linux host machine, and
about 3.5% on i686 Serenity in QEMU (warm runs, average of 5).

The following microbenchmark (calling an empty function 1M times) runs
25% faster on Linux and 45% on Serenity:

    function foo() {}
    for (var i = 0; i < 1_000_000; ++i)
        foo();

test262 reports no changes in either direction, apart from a speedup :^)
2021-10-05 10:15:14 +01:00
Andreas Kling
d872f0d503 LibJS: Avoid an unnecessary String in create_mapped_arguments_object() 2021-10-04 22:54:50 +02:00
Andreas Kling
f4180b7269 LibJS: Avoid an unnecessary String in create_list_from_array_like() 2021-10-04 22:54:50 +02:00
Linus Groh
fe86b04b42 LibJS: Convert define_property_or_throw() to ThrowCompletionOr 2021-10-03 20:14:03 +01:00
Linus Groh
364dd42fc8 LibJS: Convert create_data_property_or_throw() to ThrowCompletionOr 2021-10-03 20:14:03 +01:00
Linus Groh
b7e5f08e56 LibJS: Convert Object::get() to ThrowCompletionOr
To no one's surprise, this patch is pretty big - this is possibly the
most used AO of all of them. Definitely worth it though.
2021-10-03 20:14:03 +01:00
Linus Groh
4d5bd092ea LibJS: Use MUST() where applicable 2021-10-03 20:14:03 +01:00
davidot
830ea0414c LibJS: Make scoping follow the spec
Before this we used an ad-hoc combination of references and 'variables'
stored in a hashmap. This worked in most cases but is not spec like.
Additionally hoisting, dynamically naming functions and scope analysis
was not done properly.

This patch fixes all of that by:
  - Implement BindingInitialization for destructuring assignment.
  - Implementing a new ScopePusher which tracks the lexical and var
    scoped declarations. This hoists functions to the top level if no
    lexical declaration name overlaps. Furthermore we do checking of
    redeclarations in the ScopePusher now requiring less checks all over
    the place.
  - Add methods for parsing the directives and statement lists instead
    of having that code duplicated in multiple places. This allows
    declarations to pushed to the appropriate scope more easily.
  - Remove the non spec way of storing 'variables' in
    DeclarativeEnvironment and make Reference follow the spec instead of
    checking both the bindings and 'variables'.
  - Remove all scoping related things from the Interpreter. And instead
    use environments as specified by the spec. This also includes fixing
    that NativeFunctions did not produce a valid FunctionEnvironment
    which could cause issues with callbacks and eval. All
    FunctionObjects now have a valid NewFunctionEnvironment
    implementation.
  - Remove execute_statements from Interpreter and instead use
    ASTNode::execute everywhere this simplifies AST.cpp as you no longer
    need to worry about which method to call.
  - Make ScopeNodes setup their own environment. This uses four
    different methods specified by the spec
    {Block, Function, Eval, Global}DeclarationInstantiation with the
    annexB extensions.
  - Implement and use NamedEvaluation where specified.

Additionally there are fixes to things exposed by these changes to eval,
{for, for-in, for-of} loops and assignment.

Finally it also fixes some tests in test-js which where passing before
but not now that we have correct behavior :^).
2021-09-30 08:16:32 +01:00
Linus Groh
5148150e1c LibJS: Convert internal_get_prototype_of() to ThrowCompletionOr 2021-09-29 23:49:53 +01:00
Linus Groh
4566472ed6 LibJS: Rename BoundFunction::m_target_function to match spec name 2021-09-25 17:51:30 +02:00
Idan Horowitz
1da8faebf5 LibJS: Convert perform_eval to ThrowCompletionOr 2021-09-21 23:28:38 +03:00
Idan Horowitz
f302b114f3 LibJS: Convert get_substitution to ThrowCompletionOr 2021-09-21 23:28:38 +03:00
Idan Horowitz
69430855e0 LibJS: Remove non-specification compliant exception check 2021-09-21 23:28:38 +03:00
Idan Horowitz
e90e4ac1e2 LibJS: Convert length_of_array_like to ThrowCompletionOr 2021-09-21 23:28:38 +03:00
Idan Horowitz
02a88c5063 LibJS: Convert make_super_property_reference to ThrowCompletionOr 2021-09-21 23:28:38 +03:00
Brian Gianforcaro
9f50e288f7 LibJS: Fix Clang Toolchain CI build
Clang was failing because because it rightfully saw we were attempting
to call a deleted constructor of `MarkedValueList`. If you explicitly
called move(list) then GCC would complain that the move was unnecessary.

For what ever reason both tool chains accept when we construct the
ThrowCompletionOr explicitly that we move the list into and return that.
2021-09-16 10:05:45 +01:00
Linus Groh
2d4650714f LibJS: Use ThrowCompletionOr in get_prototype_from_constructor()
Also add spec step comments to it while we're here.
2021-09-15 23:46:53 +01:00
Linus Groh
bc1b8f9cc8 LibJS: Use ThrowCompletionOr in get_function_realm() 2021-09-15 23:46:53 +01:00
Linus Groh
3d43eb0774 LibJS: Use ThrowCompletionOr in species_constructor()
Also add spec step comments to it as well as a missing exception check
while we're here.
2021-09-15 23:46:53 +01:00
Linus Groh
c4c40f4cf3 LibJS: Use ThrowCompletionOr in create_list_from_array_like()
Also add spec step comments to it while we're here.
2021-09-15 23:46:53 +01:00
Linus Groh
568296d0cc LibJS: Use ThrowCompletionOr in require_object_coercible() 2021-09-15 23:46:53 +01:00
Linus Groh
1a7828a9f3 LibJS: Return default-constructed values instead of the INVALID constant
This is much more common across the whole codebase and even these two
files. The same is used to return an empty JS::Value in an exception
check, for example.
2021-09-15 18:41:33 +01:00
Linus Groh
657d17ace3 LibJS: Remove two unused includes from AbstractOperations.cpp 2021-09-15 18:36:06 +01:00
Linus Groh
80e58dab9a LibJS: Make get_function_realm() actually return a Realm 2021-09-12 11:10:20 +01:00
Linus Groh
06e89311fa LibJS: Set the callee context's realm in prepare_for_ordinary_call()
This includes making FunctionObject::realm() actually return a Realm,
instead of a GlobalObject.
2021-09-12 11:10:20 +01:00
Linus Groh
f29a82dd84 LibJS: Move the GlobalEnvironment from GlobalObject to Realm
This is where the spec wants to have it. Requires a couple of hacks as
currently everything that needs a Realm actually has a GlobalObject, so
we need to go via the Interpreter.
2021-09-12 11:10:20 +01:00
Andreas Kling
19ee5e01ad LibJS: Use Span<Cell*> instead of Vector<Cell*> in more places 2021-09-11 14:10:11 +02:00
Timothy Flynn
6c45620709 LibJS: Reduce copying of string data in String.prototype
The primary themes here are invoking js_string() with existing instances
of Utf16String when possible, and not creating entire UTF-8 copies when
not needed.
2021-08-10 23:07:50 +02:00
Timothy Flynn
c1e99fca1a LibJS: Replace Vector<u16> usage in PrimitiveString wth Utf16String
This commit does not go out of its way to reduce copying of the string
data yet, but is a minimum set of changes to compile LibJS after making
PrimitiveString hold a Utf16String.
2021-08-10 23:07:50 +02:00
Linus Groh
16c38788c3 LibJS: Add missing spec links 2021-08-08 11:04:30 +01:00
Brian Gianforcaro
53166c10ca LibJS: Remove unused header includes 2021-08-01 08:10:16 +02:00
Linus Groh
1c1354db07 LibJS: Store the %Array.prototype.values% intrinsic on the global object
Also group the getter functions for all the additional intrinsics (not
generated via macros), and initialize the members.
2021-07-25 23:44:36 +01:00
Timothy Flynn
5a8f870594 LibJS: Implement RegExp.prototype [ @@replace ] with UTF-16 code units
This also converts the GetSubstitution abstract operation take its input
strings as UTF-16 now that all callers are UTF-16 capable. This means
String.prototype.replace (and replaceAll) no longer needs UTF-8 and
UTF-16 copies of these strings.
2021-07-23 23:06:57 +01:00
Timothy Flynn
06208aaa15 LibJS: Implement String.prototype.replace with UTF-16 code units 2021-07-22 09:10:44 +02:00
davidot
a394aa5830 LibJS: Fix that vm.in_strict_mode was propagated to eval and functions
For eval it depends on the CallerMode and for a created function it
depends on the function itself.
2021-07-20 23:45:28 +02:00
Idan Horowitz
fff112c8a3 LibJS: Add missing spec link to ValidateAndApplyPropertyDescriptor 2021-07-07 10:14:44 +01:00
Idan Horowitz
dd27490ee1 LibJS: Throw if the trap result of OwnPropertyKeys contains duplicates 2021-07-07 01:38:10 +01:00
Timothy Flynn
e0c9f58b0c LibJS: Implement and use the GetSubstitution abstract operation
Used by String.prototype.replace, String.prototype.replaceAll, and
RegExp.prototype [ @@replace ].
2021-07-05 23:26:41 +01:00
Linus Groh
339ccba354 LibJS: Make Object.prototype.toString() fully spec compliant
- Fix evaluation order: IsArray(O) should always be called and before
  Get(O, @@toStringTag), previously it was the other way around and
  IsArray would only be called if @@toStringTag is not a string
- Add missing exception checks to both function calls
- Add missing builtin tag for arguments object

Also, while we're here:
- Update variable names to match spec
- Add spec step comments
2021-07-05 20:21:26 +01:00
davidot
c52d515028 LibJS: Make AbstractOperations::canonical_num... take a PropertyName
This allows us to hide the fact that it could be a number and means we
no longer need to check for this optimization in string and typedarray
2021-07-05 16:04:52 +01:00
Andreas Kling
77fa33e61a LibJS: Finish implementing mapped arguments exotic objects :^)
Now that the Object rewrite is in place, we have enough tools to
implement the mapped `arguments` propreties according to spec.

The basic mechanism is that the `arguments` object installs a hidden
parameter mapping object that property accesses get filtered through.
This is how accessing numeric properties on `arguments` are proxied
to the named identifier in the function scope.

When `arguments` is instantiated, getters and setters are created
for all the numeric properties on the object that correspond to
function arguments. These getters and setters can be deleted from the
object. This is all pretty intricate, so refer to the spec for details.

Note that the `arguments` object itself is still lazily instantiated
on first access within a function. This is non-conforming, and we'll
have to revisit this once we get around to improving function calls.
2021-07-05 02:38:31 +02:00
Linus Groh
9555ca99a0 LibJS: Remove unnecessary value_or() from get()
Object::get() never returns an empty value anymore, as per the spec, so
having a value_or() fallback is no longer needed.
2021-07-05 00:03:25 +02:00
Linus Groh
09bd5f8772 LibJS: Rewrite most of Object for spec compliance :^)
This is a huge patch, I know. In hindsight this perhaps could've been
done slightly more incremental, but I started and then fixed everything
until it worked, and here we are. I tried splitting of some completely
unrelated changes into separate commits, however. Anyway.

This is a rewrite of most of Object, and by extension large parts of
Array, Proxy, Reflect, String, TypedArray, and some other things.

What we already had worked fine for about 90% of things, but getting the
last 10% right proved to be increasingly difficult with the current code
that sort of grew organically and is only very loosely based on the
spec - this became especially obvious when we started fixing a large
number of test262 failures.

Key changes include:

- 1:1 matching function names and parameters of all object-related
  functions, to avoid ambiguity. Previously we had things like put(),
  which the spec doesn't have - as a result it wasn't always clear which
  need to be used.
- Better separation between object abstract operations and internal
  methods - the former are always the same, the latter can be overridden
  (and are therefore virtual). The internal methods (i.e. [[Foo]] in the
  spec) are now prefixed with 'internal_' for clarity - again, it was
  previously not always clear which AO a certain method represents,
  get() could've been both Get and [[Get]] (I don't know which one it
  was closer to right now).
  Note that some of the old names have been kept until all code relying
  on them is updated, but they are now simple wrappers around the
  closest matching standard abstract operation.
- Simplifications of the storage layer: functions that write values to
  storage are now prefixed with 'storage_' to make their purpose clear,
  and as they are not part of the spec they should not contain any steps
  specified by it. Much functionality is now covered by the layers above
  it and was removed (e.g. handling of accessors, attribute checks).
- PropertyAttributes has been greatly simplified, and is being replaced
  by PropertyDescriptor - a concept similar to the current
  implementation, but more aligned with the actual spec. See the commit
  message of the previous commit where it was introduced for details.
- As a bonus, and since I had to look at the spec a whole lot anyway, I
  introduced more inline comments with the exact steps from the spec -
  this makes it super easy to verify correctness.
- East-const all the things.

As a result of all of this, things are much more correct but a bit
slower now. Retaining speed wasn't a consideration at all, I have done
no profiling of the new code - there might be low hanging fruits, which
we can then harvest separately.

Special thanks to Idan for helping me with this by tracking down bugs,
updating everything outside of LibJS to work with these changes (LibWeb,
Spreadsheet, HackStudio), as well as providing countless patches to fix
regressions I introduced - there still are very few (we got it down to
5), but we also get many new passing test262 tests in return. :^)

Co-authored-by: Idan Horowitz <idan.horowitz@gmail.com>
2021-07-04 22:07:36 +01:00
Andreas Kling
1270df257b LibJS: Bring the super keyword in line with the spec
This patch implements spec-compliant runtime semantics for the following
constructs:

- super.property
- super[property]

The MakeSuperPropertyReference AO is added to support this. :^)
2021-07-03 01:12:12 +02:00
Andreas Kling
44221756ab LibJS: Drop "Record" suffix from all the *Environment record classes
"Records" in the spec are basically C++ classes, so let's drop this
mouthful of a suffix.
2021-07-01 12:28:57 +02:00