[MERGE #6217 @pleath] Stop passing ActivationObject as 'this' in dynamic-binding cases, eliminate StrictLdThis

Merge pull request #6217 from pleath:actobjthis

Detect non-with scopes in cases of dynamically bound functions and pass "undefined" as "this" instead of the owning instance, which is an ActivationObject. Make ScopedLdThis do the same. Got rid of some unnecessary virtual calls in the process. Since screening ActivationObject is the only thing StrictLdThis does, stop emitting it.

Author: pleath

lib/Backend/IRBuilder.cpp

@@ -1755,7 +1755,7 @@ template <typename SizePolicy>
 void
 IRBuilder::BuildReg2(Js::OpCode newOpcode, uint32 offset)
 {
-    Assert(!OpCodeAttr::IsProfiledOp(newOpcode) || newOpcode == Js::OpCode::ProfiledStrictLdThis);
+    Assert(!OpCodeAttr::IsProfiledOp(newOpcode));
     Assert(OpCodeAttr::HasMultiSizeLayout(newOpcode));
     auto layout = m_jnReader.GetLayout<Js::OpLayoutT_Reg2<SizePolicy>>();
 
@@ -1821,19 +1821,6 @@ IRBuilder::BuildReg2(Js::OpCode newOpcode, uint32 offset, Js::RegSlot R0, Js::Re
         }
         break;
 
-    case Js::OpCode::ProfiledStrictLdThis:
-        newOpcode = Js::OpCode::StrictLdThis;
-        if (m_func->HasProfileInfo())
-        {
-            dstOpnd->SetValueType(m_func->GetReadOnlyProfileInfo()->GetThisInfo().valueType);
-        }
-
-        if (m_func->DoSimpleJitDynamicProfile())
-        {
-            IR::JitProfilingInstr* newInstr = IR::JitProfilingInstr::New(Js::OpCode::StrictLdThis, dstOpnd, src1Opnd, m_func);
-            instr = newInstr;
-        }
-        break;
     case Js::OpCode::Delete_A:
         dstOpnd->SetValueType(ValueType::Boolean);
         break;

lib/Backend/Inline.cpp

@@ -5453,7 +5453,6 @@ Inline::MapFormals(Func *inlinee,
 
 
         case Js::OpCode::LdThis:
-        case Js::OpCode::StrictLdThis:
             // Optimization of LdThis may be possible.
             // Verify that this is a use of the "this" passed by the caller (not a nested function).
             if (instr->GetSrc1()->AsRegOpnd()->m_sym == symThis)
@@ -5699,7 +5698,7 @@ Inline::DoCheckThisOpt(IR::Instr * instr)
     // If the instr is an inlined LdThis, try to replace it with a CheckThis
     // that will bail out if a helper call is required to get the real "this" pointer.
 
-    Assert(instr->m_opcode == Js::OpCode::LdThis || instr->m_opcode == Js::OpCode::StrictLdThis);
+    Assert(instr->m_opcode == Js::OpCode::LdThis);
     Assert(instr->IsInlined());
 
     // Create the CheckThis. The target is the original offset, i.e., the LdThis still has to be executed.
@@ -5708,7 +5707,7 @@ Inline::DoCheckThisOpt(IR::Instr * instr)
         instr->FreeSrc2();
     }
     IR::Instr *newInstr =
-        IR::BailOutInstr::New( instr->m_opcode == Js::OpCode::LdThis ? Js::OpCode::CheckThis : Js::OpCode::StrictCheckThis, IR::BailOutCheckThis, instr, instr->m_func);
+        IR::BailOutInstr::New(Js::OpCode::CheckThis, IR::BailOutCheckThis, instr, instr->m_func);
     // Just re-use the original src1 since the LdThis will usually be deleted.
     newInstr->SetSrc1(instr->GetSrc1());
     newInstr->SetByteCodeOffset(instr);

lib/Backend/JnHelperMethodList.h

@@ -60,7 +60,6 @@ HELPERCALLCHK(OP_CloneInnerScopeSlots, Js::JavascriptOperators::OP_CloneScopeSlo
 HELPERCALLCHK(OP_CloneBlockScope, Js::JavascriptOperators::OP_CloneBlockScope, AttrCanNotBeReentrant)
 HELPERCALLCHK(LdThis, Js::JavascriptOperators::OP_GetThis, AttrCanThrow)
 HELPERCALLCHK(LdThisNoFastPath, Js::JavascriptOperators::OP_GetThisNoFastPath, 0)
-HELPERCALLCHK(StrictLdThis, Js::JavascriptOperators::OP_StrictGetThis, AttrCanNotBeReentrant)
 HELPERCALLCHK(Op_LdElemUndef, Js::JavascriptOperators::OP_LoadUndefinedToElement, AttrCanNotBeReentrant)
 HELPERCALLCHK(Op_LdElemUndefDynamic, Js::JavascriptOperators::OP_LoadUndefinedToElementDynamic, AttrCanNotBeReentrant)
 HELPERCALLCHK(Op_LdElemUndefScoped, Js::JavascriptOperators::OP_LoadUndefinedToElementScoped, AttrCanNotBeReentrant)
@@ -424,7 +423,6 @@ HELPERCALLCHK(SimpleProfileCall_DefaultInlineCacheIndex, Js::SimpleJitHelpers::P
 HELPERCALLCHK(SimpleProfileCall, Js::SimpleJitHelpers::ProfileCall, AttrCanNotBeReentrant)
 HELPERCALLCHK(SimpleProfileReturnTypeCall, Js::SimpleJitHelpers::ProfileReturnTypeCall, AttrCanNotBeReentrant)
 //HELPERCALLCHK(SimpleProfiledLdLen, Js::SimpleJitHelpers::ProfiledLdLen_A, AttrCanThrow) //Can throw because it mirrors OP_GetProperty
-HELPERCALLCHK(SimpleProfiledStrictLdThis, Js::SimpleJitHelpers::ProfiledStrictLdThis, AttrCanNotBeReentrant)
 HELPERCALLCHK(SimpleProfiledLdThis, Js::SimpleJitHelpers::ProfiledLdThis, AttrCanNotBeReentrant)
 HELPERCALLCHK(SimpleProfiledSwitch, Js::SimpleJitHelpers::ProfiledSwitch, AttrCanNotBeReentrant)
 HELPERCALLCHK(SimpleProfiledDivide, Js::SimpleJitHelpers::ProfiledDivide, AttrCanThrow)

lib/Backend/Lower.cpp

@@ -1246,42 +1246,12 @@ Lowerer::LowerRange(IR::Instr *instrStart, IR::Instr *instrEnd, bool defaultDoFa
             Assert(m_func->IsOOPJIT());
             instrPrev = LowerLdNativeCodeData(instr);
             break;
-        case Js::OpCode::StrictLdThis:
-            if (noFieldFastPath)
-            {
-                IR::JnHelperMethod meth;
-                if (instr->IsJitProfilingInstr())
-                {
-                    Assert(instr->AsJitProfilingInstr()->profileId == Js::Constants::NoProfileId);
-                    m_lowererMD.LoadHelperArgument(instr, CreateFunctionBodyOpnd(instr->m_func));
-                    meth = IR::HelperSimpleProfiledStrictLdThis;
-                    this->LowerUnaryHelper(instr, meth);
-                }
-                else
-                {
-                    meth = IR::HelperStrictLdThis;
-                    this->LowerUnaryHelperMem(instr, meth);
-                }
-            }
-            else
-            {
-                this->GenerateLdThisStrict(instr);
-                instr->Remove();
-            }
-            break;
-
         case Js::OpCode::CheckThis:
             GenerateLdThisCheck(instr);
             instr->FreeSrc1();
             this->GenerateBailOut(instr);
             break;
 
-        case Js::OpCode::StrictCheckThis:
-            this->GenerateLdThisStrict(instr);
-            instr->FreeSrc1();
-            this->GenerateBailOut(instr);
-            break;
-
         case Js::OpCode::NewScArray:
             instrPrev = this->LowerNewScArray(instr);
             break;
@@ -23245,69 +23215,6 @@ Lowerer::GenerateLdThisCheck(IR::Instr * instr)
     return true;
 }
 
-//
-// TEST src, Js::AtomTag
-// JNE $done
-// MOV typeReg, objectSrc + offsetof(RecyclableObject::type)
-// CMP [typeReg + offsetof(Type::typeid)], TypeIds_ActivationObject
-// JEQ $helper
-// $done:
-// MOV dst, src
-// JMP $fallthru
-// helper:
-// MOV dst, undefined
-// $fallthru:
-bool
-Lowerer::GenerateLdThisStrict(IR::Instr* instr)
-{
-    IR::RegOpnd * src1 = instr->GetSrc1()->AsRegOpnd();
-    IR::RegOpnd * typeReg = IR::RegOpnd::New(TyMachReg, this->m_func);
-    IR::LabelInstr * done = IR::LabelInstr::New(Js::OpCode::Label, m_func);
-    IR::LabelInstr * fallthru = IR::LabelInstr::New(Js::OpCode::Label, m_func);
-    IR::LabelInstr * helper = IR::LabelInstr::New(Js::OpCode::Label, m_func, /*helper*/true);
-
-    bool assign = instr->GetDst() && !instr->GetDst()->IsEqual(src1);
-    if (!src1->IsNotTaggedValue())
-    {
-        // TEST src1, Js::AtomTag
-        // JNE $done
-        this->m_lowererMD.GenerateObjectTest(src1, instr, assign ? done : fallthru);
-    }
-
-    IR::IndirOpnd * indirOpnd = IR::IndirOpnd::New(src1, Js::RecyclableObject::GetOffsetOfType(), TyMachReg, this->m_func);
-    Lowerer::InsertMove(typeReg, indirOpnd, instr);
-
-    IR::IndirOpnd * typeID = IR::IndirOpnd::New(typeReg, Js::Type::GetOffsetOfTypeId(), TyInt32, this->m_func);
-    IR::Opnd * activationObject = IR::IntConstOpnd::New(Js::TypeIds_ActivationObject, TyMachReg, this->m_func);
-    Lowerer::InsertCompare(typeID, activationObject, instr);
-
-    // JEQ $helper
-    Lowerer::InsertBranch(Js::OpCode::BrEq_A, helper, instr);
-
-    if (assign)
-    {
-        // $done:
-        instr->InsertBefore(done);
-
-        // MOV dst, src
-        Lowerer::InsertMove(instr->GetDst(), src1, instr);
-    }
-
-    // JMP $fallthru
-    Lowerer::InsertBranch(Js::OpCode::Br, fallthru, instr);
-
-    instr->InsertBefore(helper);
-    if (instr->GetDst())
-    {
-        // MOV dst, undefined
-        Lowerer::InsertMove(instr->GetDst(), LoadLibraryValueOpnd(instr, LibraryValue::ValueUndefined), instr);
-    }
-    // $fallthru:
-    instr->InsertAfter(fallthru);
-
-    return true;
-}
-
 // given object instanceof function, functionReg is a register with function,
 // objectReg is a register with instance and inlineCache is an InstIsInlineCache.
 // We want to generate:

lib/Backend/Lower.h

@@ -173,7 +173,6 @@ class Lowerer
     void            GenerateIsDynamicObject(IR::RegOpnd *regOpnd, IR::Instr *insertInstr, IR::LabelInstr *labelHelper, bool fContinueLabel = false);
     void            GenerateIsRecyclableObject(IR::RegOpnd *regOpnd, IR::Instr *insertInstr, IR::LabelInstr *labelHelper, bool checkObjectAndDynamicObject = true);
     bool            GenerateLdThisCheck(IR::Instr * instr);
-    bool            GenerateLdThisStrict(IR::Instr * instr);
     bool            GenerateFastIsInst(IR::Instr * instr);
     void            GenerateFastArrayIsIn(IR::Instr * instr);
     void            GenerateFastObjectIsIn(IR::Instr * instr);

lib/Backend/SimpleJitProfilingHelpers.cpp

@@ -94,26 +94,6 @@ using namespace Js;
         JIT_HELPER_END(SimpleProfileReturnTypeCall);
     }
 
-    Var SimpleJitHelpers::ProfiledStrictLdThis(Var thisVar, FunctionBody* functionBody)
-    {
-        JIT_HELPER_NOT_REENTRANT_NOLOCK_HEADER(SimpleProfiledStrictLdThis);
-        //Adapted from InterpreterStackFrame::OP_ProfiledStrictLdThis
-        DynamicProfileInfo * dynamicProfileInfo = functionBody->GetDynamicProfileInfo();
-        TypeId typeId = JavascriptOperators::GetTypeId(thisVar);
-
-        if (typeId == TypeIds_ActivationObject)
-        {
-            thisVar = functionBody->GetScriptContext()->GetLibrary()->GetUndefined();
-            dynamicProfileInfo->RecordThisInfo(thisVar, ThisType_Mapped);
-            return thisVar;
-        }
-
-        dynamicProfileInfo->RecordThisInfo(thisVar, ThisType_Simple);
-        return thisVar;
-        JIT_HELPER_END(SimpleProfiledStrictLdThis);
-    }
-
-
     Var SimpleJitHelpers::ProfiledLdThis(Var thisVar, int moduleID, FunctionBody* functionBody)
     {
         JIT_HELPER_NOT_REENTRANT_NOLOCK_HEADER(SimpleProfiledLdThis);

lib/Backend/SimpleJitProfilingHelpers.h

@@ -16,7 +16,6 @@ namespace Js
         void ProfileCall(void* framePtr, ProfileId profileId, InlineCacheIndex inlineCacheIndex, Var retval, Var callee, CallInfo info);
         void ProfileReturnTypeCall(void* framePtr, ProfileId profileId, Var retval, JavascriptFunction*callee, CallInfo info);
 
-        Var ProfiledStrictLdThis(Var thisVar, FunctionBody* functionBody);
         Var ProfiledLdThis(Var thisVar, int moduleID, FunctionBody* functionBody);
         Var ProfiledSwitch(FunctionBody* functionBody,ProfileId profileId, Var exp);
         Var ProfiledDivide(FunctionBody* functionBody, ProfileId profileId, Var aLeft, Var aRight);

lib/Runtime/ByteCode/ByteCodeCacheReleaseFileVersion.h

@@ -4,6 +4,7 @@
 //-------------------------------------------------------------------------------------------------------
 // NOTE: If there is a merge conflict the correct fix is to make a new GUID.
 
-// {CA631EEC-2284-4F10-B25B-159819C4ECDB}
-const GUID byteCodeCacheReleaseFileVersion = 
-{ 0xca631eec, 0x2284, 0x4f10, { 0xb2, 0x5b, 0x15, 0x98, 0x19, 0xc4, 0xec, 0xdb } };
+// {1CD5808A-718A-4F04-9D00-8E5097969BD1}
+const GUID byteCodeCacheReleaseFileVersion =
+{ 0x1CD5808A, 0x718A, 0x4F04, { 0x9D, 0x00, 0x8E, 0x50, 0x97, 0x96, 0x9B, 0xD1 } };
+

lib/Runtime/ByteCode/ByteCodeEmitter.cpp

@@ -2195,7 +2195,11 @@ void ByteCodeGenerator::LoadThisObject(FuncInfo *funcInfo, bool thisLoadedFromPa
         // thisLoadedFromParams would be true for the event Handler case,
         // "this" would have been loaded from parameters to put in the environment
         //
-        if (!thisLoadedFromParams)
+        if (funcInfo->GetIsStrictMode())
+        {
+            m_writer.ArgIn0(thisSym->GetLocation());
+        }
+        else if (!thisLoadedFromParams)
         {
             Js::RegSlot tmpReg = funcInfo->AcquireTmpRegister();
             m_writer.ArgIn0(tmpReg);
@@ -2368,7 +2372,7 @@ void ByteCodeGenerator::EmitSuperCall(FuncInfo* funcInfo, ParseNodeSuperCall * p
     }
 
     Symbol* thisSym = pnodeSuperCall->pnodeThis->sym;
-    this->Writer()->Reg2(Js::OpCode::StrictLdThis, pnodeSuperCall->pnodeThis->location, valueForThis);
+    this->Writer()->Reg2(Js::OpCode::Ld_A, pnodeSuperCall->pnodeThis->location, valueForThis);
 
     EmitPropStoreForSpecialSymbol(pnodeSuperCall->pnodeThis->location, thisSym, pnodeSuperCall->pnodeThis->pid, funcInfo, false);
 
@@ -2396,7 +2400,10 @@ void ByteCodeGenerator::EmitThis(FuncInfo *funcInfo, Js::RegSlot lhsLocation, Js
 {
     if (funcInfo->byteCodeFunction->GetIsStrictMode() && !funcInfo->IsGlobalFunction() && !funcInfo->IsLambda())
     {
-        m_writer.Reg2(Js::OpCode::StrictLdThis, lhsLocation, fromRegister);
+        if (lhsLocation != fromRegister)
+        {
+            m_writer.Reg2(Js::OpCode::Ld_A, lhsLocation, fromRegister);
+        }
     }
     else
     {
@@ -4321,7 +4328,7 @@ void ByteCodeGenerator::EmitLoadInstance(Symbol *sym, IdentPtr pid, Js::RegSlot
                 this->m_writer.Reg1(Js::OpCode::LdLocalObj, instLocation);
                 if (thisLocation != Js::Constants::NoRegister && thisLocation != instLocation)
                 {
-                    this->m_writer.Reg1(Js::OpCode::LdLocalObj, thisLocation);
+                    this->m_writer.Reg2(Js::OpCode::Ld_A, thisLocation, funcInfo->undefinedConstantRegister);
                 }
             }
             else
@@ -4334,7 +4341,7 @@ void ByteCodeGenerator::EmitLoadInstance(Symbol *sym, IdentPtr pid, Js::RegSlot
                 this->m_writer.SlotI1(Js::OpCode::LdEnvObj, instLocation, frameDisplayIndex);
                 if (thisLocation != Js::Constants::NoRegister && thisLocation != instLocation)
                 {
-                    this->m_writer.SlotI1(Js::OpCode::LdEnvObj, thisLocation, frameDisplayIndex);
+                    this->m_writer.Reg2(Js::OpCode::Ld_A, thisLocation, funcInfo->undefinedConstantRegister);
                 }
             }
         }

lib/Runtime/ByteCode/ByteCodeWriter.cpp

@@ -382,20 +382,9 @@ namespace Js
         CheckOp(op, OpLayoutType::Reg2);
         Assert(OpCodeAttr::HasMultiSizeLayout(op));
 
-        if (DoDynamicProfileOpcode(CheckThisPhase) ||
-            DoDynamicProfileOpcode(TypedArrayTypeSpecPhase) ||
-            DoDynamicProfileOpcode(ArrayCheckHoistPhase))
-        {
-            if (op == OpCode::StrictLdThis)
-            {
-                op = OpCode::ProfiledStrictLdThis;
-            }
-        }
-
         R0 = ConsumeReg(R0);
         R1 = ConsumeReg(R1);
 
-
         bool isProfiled = false;
         bool isProfiled2 = false;
         Js::ProfileId profileId = Js::Constants::NoProfileId;