WebAssembly: implement data section
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2016-12-09  JF Bastien  <jfbastien@apple.com>
2
3         WebAssembly: implement data section
4         https://bugs.webkit.org/show_bug.cgi?id=165696
5
6         Reviewed by Keith Miller.
7
8         As specified in https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#data-section
9         Note that some of the interesting corner cases are ill-defined by the spec: https://github.com/WebAssembly/design/issues/897
10
11         * wasm/WasmFormat.h: segments are what represent sections of memory to initialize (similar to ELF's non-zero intializer data / rodata)
12         (JSC::Wasm::Segment::make):
13         (JSC::Wasm::Segment::destroy):
14         (JSC::Wasm::Segment::byte):
15         (JSC::Wasm::Segment::makePtr):
16         * wasm/WasmModuleParser.cpp: parse the data section, and prevent a few overflows if a user passes in UINT_MAX (the loops would overflow)
17         (JSC::Wasm::ModuleParser::parseType):
18         (JSC::Wasm::ModuleParser::parseImport):
19         (JSC::Wasm::ModuleParser::parseFunction):
20         (JSC::Wasm::ModuleParser::parseExport):
21         (JSC::Wasm::ModuleParser::parseCode):
22         (JSC::Wasm::ModuleParser::parseData):
23         * wasm/js/WebAssemblyModuleRecord.cpp:
24         (JSC::WebAssemblyModuleRecord::evaluate): the only sensible time to initialize the data section is after linking, but before calling start, I test for this but the spec isn't clear it's correct yet
25
26 2016-12-09  Karim H  <karim@karhm.com>
27
28         It is okay to turn undefined into null because we are producing values for a
29         JSON representation (InspectorValue) and JSON has a `null` value and no
30         `undefined` value.
31         https://bugs.webkit.org/show_bug.cgi?id=165506
32
33         Reviewed by Darin Adler.
34
35         * bindings/ScriptValue.cpp:
36         (Inspector::jsToInspectorValue):
37
38 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
39
40         REGRESSION (r209554-209571): stress/poly-setter-combo crashing
41         https://bugs.webkit.org/show_bug.cgi?id=165669
42
43         Reviewed by Geoffrey Garen.
44         
45         We now rely on objects being zero-filled in a bunch of places, not just concurrent GC.
46         So, we need 32-bit to do it too.
47
48         * dfg/DFGSpeculativeJIT32_64.cpp:
49         (JSC::DFG::SpeculativeJIT::compile):
50         * jit/JITOpcodes32_64.cpp:
51         (JSC::JIT::emit_op_new_object):
52
53 2016-12-09  Eric Carlson  <eric.carlson@apple.com>
54
55         Annotate MediaStream and WebRTC idl with EnabledAtRuntime flag
56         https://bugs.webkit.org/show_bug.cgi?id=165251
57
58         Reviewed by Dean Jackson.
59
60         Based on a patch by Dr Alex Gouaillard <agouaillard@gmail.com>
61
62         * runtime/CommonIdentifiers.h: Add WebRTC and MediaStream identifiers.
63
64 2016-12-09  JF Bastien  <jfbastien@apple.com>
65
66         WebAssembly JS API: implement start function
67         https://bugs.webkit.org/show_bug.cgi?id=165150
68
69         Reviewed by Saam Barati.
70
71         * wasm/WasmFormat.h: pass the start function around
72         * wasm/WasmModuleParser.cpp:
73         (JSC::Wasm::ModuleParser::parseTable): mark unreachable code
74         (JSC::Wasm::ModuleParser::parseGlobal): mark unreachable code
75         (JSC::Wasm::ModuleParser::parseStart): mark unreachable code
76         (JSC::Wasm::ModuleParser::parseElement): mark unreachable code
77         (JSC::Wasm::ModuleParser::parseData): mark unreachable code
78         * wasm/js/WebAssemblyFunction.cpp:
79         (JSC::callWebAssemblyFunction): NFC: call the new function below
80         (JSC::WebAssemblyFunction::call): separate this out so that the start function can use it
81         * wasm/js/WebAssemblyFunction.h:
82         * wasm/js/WebAssemblyModuleRecord.cpp:
83         (JSC::WebAssemblyModuleRecord::visitChildren): visit the start function
84         (JSC::WebAssemblyModuleRecord::link): handle start function
85         (JSC::WebAssemblyModuleRecord::evaluate): call the start function, if present
86         * wasm/js/WebAssemblyModuleRecord.h:
87
88 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
89
90         GC might be forced to look at a nuked object due to ordering of AllocatePropertyStorage, MaterializeNewObject, and PutStructure
91         https://bugs.webkit.org/show_bug.cgi?id=165672
92
93         Reviewed by Geoffrey Garen.
94         
95         We need to make sure that the shady stuff in a property put happens after the
96         PutByOffset, since the PutByOffset is the place where we materialize. More generally, we
97         should strive to not have any fenceposts between Nodes where a GC would be illegal.
98         
99         This gets us most of the way there by separating NukeStructureAndSetButterfly from
100         [Re]AllocatePropertyStorage. A transitioning put will now look something like:
101         
102             GetButterfly
103             ReallocatePropertyStorage
104             PutByOffset
105             NukeStructureAndSetButterfly
106             PutStructure
107         
108         Previously the structure would get nuked by ReallocatePropertyStorage, so if we placed
109         an object materialization just after it (before the PutByOffset) then any GC that
110         completed at that safepoint would encounter an unresolved visit race due to seeing a
111         nuked structure. We cannot have nuked structures at safepoints, and this change makes
112         sure that we don't - at least until someone tries to sink to the PutStructure. We will
113         eventually have to create a combined SetStructureAndButterfly node, but we don't need it
114         yet.
115         
116         This also fixes a goof where the DFG's AllocatePropertyStorage was nulling the structure
117         instead of nuking it. This could easily have caused many crashes in GC.
118         
119         * dfg/DFGAbstractInterpreterInlines.h:
120         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
121         * dfg/DFGByteCodeParser.cpp:
122         (JSC::DFG::ByteCodeParser::handlePutById):
123         * dfg/DFGClobberize.h:
124         (JSC::DFG::clobberize):
125         * dfg/DFGClobbersExitState.cpp:
126         (JSC::DFG::clobbersExitState):
127         * dfg/DFGConstantFoldingPhase.cpp:
128         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
129         * dfg/DFGDoesGC.cpp:
130         (JSC::DFG::doesGC):
131         * dfg/DFGFixupPhase.cpp:
132         (JSC::DFG::FixupPhase::fixupNode):
133         * dfg/DFGMayExit.cpp:
134         * dfg/DFGNodeType.h:
135         * dfg/DFGOperations.cpp:
136         * dfg/DFGOperations.h:
137         * dfg/DFGPredictionPropagationPhase.cpp:
138         * dfg/DFGSafeToExecute.h:
139         (JSC::DFG::safeToExecute):
140         * dfg/DFGSpeculativeJIT.cpp:
141         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
142         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
143         (JSC::DFG::SpeculativeJIT::compileNukeStructureAndSetButterfly):
144         * dfg/DFGSpeculativeJIT.h:
145         * dfg/DFGSpeculativeJIT32_64.cpp:
146         (JSC::DFG::SpeculativeJIT::compile):
147         * dfg/DFGSpeculativeJIT64.cpp:
148         (JSC::DFG::SpeculativeJIT::compile):
149         * dfg/DFGStoreBarrierInsertionPhase.cpp:
150         * dfg/DFGTypeCheckHoistingPhase.cpp:
151         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
152         * ftl/FTLCapabilities.cpp:
153         (JSC::FTL::canCompile):
154         * ftl/FTLLowerDFGToB3.cpp:
155         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
156         (JSC::FTL::DFG::LowerDFGToB3::compileNukeStructureAndSetButterfly):
157         (JSC::FTL::DFG::LowerDFGToB3::storageForTransition):
158         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
159         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
160         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
161         * runtime/Options.cpp:
162         (JSC::recomputeDependentOptions):
163         * runtime/Options.h: Fix a bug - make it possible to turn on concurrent GC optionally again.
164
165 2016-12-09  Chris Dumez  <cdumez@apple.com>
166
167         Inline JSCell::toObject()
168         https://bugs.webkit.org/show_bug.cgi?id=165679
169
170         Reviewed by Geoffrey Garen.
171
172         Inline JSCell::toObject() as it shows on Speedometer profiles.
173
174         * runtime/JSCell.cpp:
175         (JSC::JSCell::toObjectSlow):
176         (JSC::JSCell::toObject): Deleted.
177         * runtime/JSCell.h:
178         * runtime/JSCellInlines.h:
179         (JSC::JSCell::toObject):
180
181 2016-12-09  Geoffrey Garen  <ggaren@apple.com>
182
183         Deploy OrdinalNumber in JSC::SourceCode
184         https://bugs.webkit.org/show_bug.cgi?id=165687
185
186         Reviewed by Michael Saboff.
187
188         We have a lot of confusion between 1-based and 0-based counting in line
189         and column numbers. Let's use OrdinalNumber to clear up the confusion.
190
191         * bytecode/UnlinkedFunctionExecutable.cpp:
192         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
193         (JSC::UnlinkedFunctionExecutable::link):
194         * bytecompiler/BytecodeGenerator.h:
195         (JSC::BytecodeGenerator::emitExpressionInfo):
196         * inspector/JSInjectedScriptHost.cpp:
197         (Inspector::JSInjectedScriptHost::functionDetails):
198         * parser/Lexer.cpp:
199         (JSC::Lexer<T>::setCode):
200         * parser/Parser.cpp:
201         (JSC::Parser<LexerType>::Parser):
202         * parser/Parser.h:
203         (JSC::Parser<LexerType>::parse):
204         * parser/SourceCode.h:
205         (JSC::SourceCode::SourceCode):
206         (JSC::SourceCode::firstLine):
207         (JSC::SourceCode::startColumn):
208         * runtime/CodeCache.cpp:
209         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
210         * runtime/ScriptExecutable.h:
211         (JSC::ScriptExecutable::firstLine):
212         (JSC::ScriptExecutable::startColumn):
213         * tools/CodeProfile.h:
214         (JSC::CodeProfile::CodeProfile):
215
216 2016-12-09  Saam Barati  <sbarati@apple.com>
217
218         WebAssembly JS API: implement importing and defining Memory
219         https://bugs.webkit.org/show_bug.cgi?id=164134
220
221         Reviewed by Keith Miller.
222
223         This patch implements the WebAssembly.Memory object. It refactors
224         the code to now associate a Memory with the instance instead of
225         the Module.
226
227         * CMakeLists.txt:
228         * JavaScriptCore.xcodeproj/project.pbxproj:
229         * jsc.cpp:
230         (functionTestWasmModuleFunctions):
231         * runtime/VM.h:
232         * shell/CMakeLists.txt:
233         * testWasm.cpp: Removed.
234         This has bitrotted. I'm removing it.
235
236         * wasm/WasmB3IRGenerator.cpp:
237         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
238         (JSC::Wasm::sizeOfLoadOp):
239         (JSC::Wasm::createJSToWasmWrapper):
240         (JSC::Wasm::parseAndCompile):
241         * wasm/WasmB3IRGenerator.h:
242         * wasm/WasmFormat.cpp:
243         (JSC::Wasm::ModuleInformation::~ModuleInformation): Deleted.
244         * wasm/WasmFormat.h:
245         * wasm/WasmMemory.cpp:
246         (JSC::Wasm::Memory::Memory):
247         * wasm/WasmMemory.h:
248         (JSC::Wasm::Memory::size):
249         (JSC::Wasm::Memory::initial):
250         (JSC::Wasm::Memory::maximum):
251         (JSC::Wasm::Memory::pinnedRegisters): Deleted.
252         * wasm/WasmMemoryInformation.cpp: Added.
253         (JSC::Wasm::MemoryInformation::MemoryInformation):
254         * wasm/WasmMemoryInformation.h: Added.
255         (JSC::Wasm::MemoryInformation::MemoryInformation):
256         (JSC::Wasm::MemoryInformation::pinnedRegisters):
257         (JSC::Wasm::MemoryInformation::initial):
258         (JSC::Wasm::MemoryInformation::maximum):
259         (JSC::Wasm::MemoryInformation::isImport):
260         (JSC::Wasm::MemoryInformation::operator bool):
261         * wasm/WasmModuleParser.cpp:
262         (JSC::Wasm::ModuleParser::parseImport):
263         (JSC::Wasm::ModuleParser::parseMemoryHelper):
264         (JSC::Wasm::ModuleParser::parseMemory):
265         (JSC::Wasm::ModuleParser::parseExport):
266         * wasm/WasmModuleParser.h:
267         * wasm/WasmPageCount.h: Added. Implement a new way of describing Wasm
268         pages and then asking for how many bytes a quantity of pages is. This
269         class also makes it clear when we're talking about bytes or pages.
270
271         (JSC::Wasm::PageCount::PageCount):
272         (JSC::Wasm::PageCount::bytes):
273         (JSC::Wasm::PageCount::isValid):
274         (JSC::Wasm::PageCount::max):
275         (JSC::Wasm::PageCount::operator bool):
276         (JSC::Wasm::PageCount::operator<):
277         (JSC::Wasm::PageCount::operator>):
278         (JSC::Wasm::PageCount::operator>=):
279         * wasm/WasmPlan.cpp:
280         (JSC::Wasm::Plan::run):
281         * wasm/WasmPlan.h:
282         (JSC::Wasm::Plan::memory): Deleted.
283         * wasm/WasmValidate.cpp:
284         (JSC::Wasm::Validate::hasMemory):
285         (JSC::Wasm::Validate::Validate):
286         (JSC::Wasm::validateFunction):
287         * wasm/WasmValidate.h:
288         * wasm/generateWasmValidateInlinesHeader.py:
289         * wasm/js/JSWebAssemblyInstance.cpp:
290         (JSC::JSWebAssemblyInstance::visitChildren):
291         * wasm/js/JSWebAssemblyInstance.h:
292         (JSC::JSWebAssemblyInstance::memory):
293         (JSC::JSWebAssemblyInstance::setMemory):
294         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
295         (JSC::JSWebAssemblyInstance::allocationSize):
296         * wasm/js/JSWebAssemblyMemory.cpp:
297         (JSC::JSWebAssemblyMemory::create):
298         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
299         (JSC::JSWebAssemblyMemory::buffer):
300         (JSC::JSWebAssemblyMemory::visitChildren):
301         * wasm/js/JSWebAssemblyMemory.h:
302         (JSC::JSWebAssemblyMemory::memory):
303         * wasm/js/WebAssemblyFunction.cpp:
304         (JSC::callWebAssemblyFunction):
305         * wasm/js/WebAssemblyInstanceConstructor.cpp:
306         Handle importing and creating of memory according
307         to the spec. This also does the needed validation
308         of making sure the memory defined in the module
309         is compatible with the imported memory.
310
311         (JSC::constructJSWebAssemblyInstance):
312         * wasm/js/WebAssemblyMemoryConstructor.cpp:
313         (JSC::constructJSWebAssemblyMemory):
314         (JSC::callJSWebAssemblyMemory):
315         * wasm/js/WebAssemblyMemoryPrototype.cpp:
316         (JSC::webAssemblyMemoryProtoFuncBuffer):
317         (JSC::WebAssemblyMemoryPrototype::create):
318         (JSC::WebAssemblyMemoryPrototype::finishCreation):
319         * wasm/js/WebAssemblyMemoryPrototype.h:
320         * wasm/js/WebAssemblyModuleRecord.cpp:
321         (JSC::WebAssemblyModuleRecord::finishCreation):
322         (JSC::WebAssemblyModuleRecord::link):
323
324 2016-12-09  Joseph Pecoraro  <pecoraro@apple.com>
325
326         Web Inspector: Some resources fetched via Fetch API do not have data
327         https://bugs.webkit.org/show_bug.cgi?id=165230
328         <rdar://problem/29449220>
329
330         Reviewed by Alex Christensen.
331
332         * inspector/protocol/Page.json:
333         Add new Fetch Page.ResourceType.
334
335 2016-12-09  Geoffrey Garen  <ggaren@apple.com>
336
337         TextPosition and OrdinalNumber should be more like idiomatic numbers
338         https://bugs.webkit.org/show_bug.cgi?id=165678
339
340         Reviewed by Filip Pizlo.
341
342         Adopt default constructor.
343
344         * API/JSBase.cpp:
345         (JSEvaluateScript):
346         (JSCheckScriptSyntax):
347         * API/JSObjectRef.cpp:
348         (JSObjectMakeFunction):
349         * API/JSScriptRef.cpp:
350         (OpaqueJSScript::OpaqueJSScript):
351         * jsc.cpp:
352         (functionCheckModuleSyntax):
353         * parser/SourceCode.h:
354         (JSC::makeSource):
355         * parser/SourceProvider.h:
356         (JSC::StringSourceProvider::create):
357         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
358         * runtime/FunctionConstructor.cpp:
359         (JSC::constructFunction):
360         * runtime/ModuleLoaderPrototype.cpp:
361         (JSC::moduleLoaderPrototypeParseModule):
362
363 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
364
365         Unreviewed, disable concurrent GC for real.
366
367         * runtime/Options.cpp:
368         (JSC::recomputeDependentOptions):
369
370 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
371
372         Unreviewed, disable concurrent GC while crashes get investigated.
373
374         * runtime/Options.cpp:
375         (JSC::recomputeDependentOptions):
376
377 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
378
379         JSSegmentedVariableObject should keep its state private
380
381         Rubber stamped by Michael Saboff.
382         
383         Its state fields were protected for no reason. They really should be private because
384         you have to know to obey a particular concurrency protocol when accessing them.
385
386         * runtime/JSSegmentedVariableObject.h:
387
388 2016-12-09  Csaba Osztrogon√°c  <ossy@webkit.org>
389
390         Unreviewed ARM buildfix after 209570.
391
392         * assembler/MacroAssemblerARM.h:
393         (JSC::MacroAssemblerARM::or32): Added.
394
395 2016-12-08  JF Bastien  <jfbastien@apple.com>
396
397         WebAssembly: JSC::link* shouldn't need a CodeBlock
398         https://bugs.webkit.org/show_bug.cgi?id=165591
399
400         Reviewed by Keith Miller.
401
402         Allow linking without a CodeBlock, which WebAssembly's wasm -> JS stubs does. This needs to work for polymorphic and virtual calls. This patch adds corresponding tests for this.
403
404         * assembler/LinkBuffer.cpp:
405         (JSC::shouldDumpDisassemblyFor): don't look at the tier option if there isn't a CodeBlock, only look at the global one. This is a WebAssembly function, so the tier information is irrelevant.
406         * jit/Repatch.cpp:
407         (JSC::isWebAssemblyToJSCallee): this is used in the link* functions below
408         (JSC::linkFor):
409         (JSC::linkVirtualFor):
410         (JSC::linkPolymorphicCall):
411         * runtime/Options.h: add an option to change the maximum number of polymorphic calls in stubs from wasm to JS, which will come in handy when we try to tune performance or try merging some of the WebAssembly stubs
412         * wasm/WasmBinding.cpp:
413         (JSC::Wasm::importStubGenerator): remove the breakpoint since the code now works
414         * wasm/js/WebAssemblyToJSCallee.h:
415
416 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
417
418         MultiPutByOffset should get a barrier if it transitions
419         https://bugs.webkit.org/show_bug.cgi?id=165646
420
421         Reviewed by Keith Miller.
422         
423         Previously, if we knew that we were storing a non-cell but we needed to transition, we
424         would fail to add the barrier but the FTL's lowering expected the barrier to be there.
425         
426         Strictly, we need to "consider" the barrier on MultiPutByOffset if the value is
427         possibly a cell or if the MultiPutByOffset may transition. Then "considering" the
428         barrier implies checking if the base is possibly old.
429         
430         But because the barrier is so cheap anyway, this patch implements something safer: we
431         just consider the barrier on MultiPutByOffset unconditionally, which opts it out of any
432         barrier optimizations other than those based on the predicted state of the base. Those
433         optimizations are already sound - for example they use doesGC() to detect safepoints
434         and that function correctly predicts when MultiPutByOffset could GC.
435         
436         Because the barrier optimizations are only a very small speed-up, I think it's great to
437         fix bugs by weakening the optimizer without cleverness.
438
439         * dfg/DFGFixupPhase.cpp:
440         * dfg/DFGStoreBarrierInsertionPhase.cpp:
441         * heap/MarkedBlock.cpp:
442         (JSC::MarkedBlock::assertValidCell):
443
444 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
445
446         Enable concurrent GC on ARM64
447         https://bugs.webkit.org/show_bug.cgi?id=165643
448
449         Reviewed by Saam Barati.
450
451         It looks stable enough to enable.
452
453         * assembler/CPU.h:
454         (JSC::useGCFences): Deleted.
455         * bytecode/PolymorphicAccess.cpp:
456         (JSC::AccessCase::generateImpl):
457         * dfg/DFGSpeculativeJIT.cpp:
458         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
459         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
460         * ftl/FTLLowerDFGToB3.cpp:
461         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
462         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
463         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
464         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
465         * jit/AssemblyHelpers.h:
466         (JSC::AssemblyHelpers::mutatorFence):
467         (JSC::AssemblyHelpers::storeButterfly):
468         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
469         (JSC::AssemblyHelpers::emitInitializeInlineStorage):
470         (JSC::AssemblyHelpers::emitInitializeOutOfLineStorage):
471         * runtime/Options.cpp:
472         (JSC::recomputeDependentOptions):
473
474 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
475
476         Disable collectContinuously if not useConcurrentGC
477
478         Rubber stamped by Geoffrey Garen.
479
480         * runtime/Options.cpp:
481         (JSC::recomputeDependentOptions):
482
483 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
484
485         Unreviewed, fix cloop build.
486
487         * runtime/JSObject.h:
488
489 2016-12-06  Filip Pizlo  <fpizlo@apple.com>
490
491         Concurrent GC should be stable enough to land enabled on X86_64
492         https://bugs.webkit.org/show_bug.cgi?id=164990
493
494         Reviewed by Geoffrey Garen.
495         
496         This fixes a ton of performance and correctness bugs revealed by getting the concurrent GC to
497         be stable enough to land enabled.
498         
499         I had to redo the JSObject::visitChildren concurrency protocol again. This time I think it's
500         even more correct than ever!
501         
502         This is an enormous win on JetStream/splay-latency and Octane/SplayLatency. It looks to be
503         mostly neutral on everything else, though Speedometer is showing statistically weak signs of a
504         slight regression.
505
506         * API/JSAPIWrapperObject.mm: Added locking.
507         (JSC::JSAPIWrapperObject::visitChildren):
508         * API/JSCallbackObject.h: Added locking.
509         (JSC::JSCallbackObjectData::visitChildren):
510         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
511         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::deletePrivateProperty):
512         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
513         * CMakeLists.txt:
514         * JavaScriptCore.xcodeproj/project.pbxproj:
515         * bytecode/CodeBlock.cpp:
516         (JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally): This had a TOCTOU race on shouldJettisonDueToOldAge.
517         (JSC::EvalCodeCache::visitAggregate): Moved to EvalCodeCache.cpp.
518         * bytecode/DirectEvalCodeCache.cpp: Added. Outlined some functions and made them use locks.
519         (JSC::DirectEvalCodeCache::setSlow):
520         (JSC::DirectEvalCodeCache::clear):
521         (JSC::DirectEvalCodeCache::visitAggregate):
522         * bytecode/DirectEvalCodeCache.h:
523         (JSC::DirectEvalCodeCache::set):
524         (JSC::DirectEvalCodeCache::clear): Deleted.
525         * bytecode/UnlinkedCodeBlock.cpp: Added locking.
526         (JSC::UnlinkedCodeBlock::visitChildren):
527         (JSC::UnlinkedCodeBlock::setInstructions):
528         (JSC::UnlinkedCodeBlock::shrinkToFit):
529         * bytecode/UnlinkedCodeBlock.h: Added locking.
530         (JSC::UnlinkedCodeBlock::addRegExp):
531         (JSC::UnlinkedCodeBlock::addConstant):
532         (JSC::UnlinkedCodeBlock::addFunctionDecl):
533         (JSC::UnlinkedCodeBlock::addFunctionExpr):
534         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary):
535         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
536         * debugger/Debugger.cpp: Use the right delete API.
537         (JSC::Debugger::recompileAllJSFunctions):
538         * dfg/DFGAbstractInterpreterInlines.h:
539         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Fix a pre-existing bug in ToFunction constant folding.
540         * dfg/DFGClobberize.h: Add support for nuking.
541         (JSC::DFG::clobberize):
542         * dfg/DFGClobbersExitState.cpp: Add support for nuking.
543         (JSC::DFG::clobbersExitState):
544         * dfg/DFGFixupPhase.cpp: Add support for nuking.
545         (JSC::DFG::FixupPhase::fixupNode):
546         (JSC::DFG::FixupPhase::indexForChecks):
547         (JSC::DFG::FixupPhase::originForCheck):
548         (JSC::DFG::FixupPhase::speculateForBarrier):
549         (JSC::DFG::FixupPhase::insertCheck):
550         (JSC::DFG::FixupPhase::fixupChecksInBlock):
551         * dfg/DFGSpeculativeJIT.cpp: Add support for nuking.
552         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
553         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
554         * ftl/FTLLowerDFGToB3.cpp: Add support for nuking.
555         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
556         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
557         (JSC::FTL::DFG::LowerDFGToB3::mutatorFence):
558         (JSC::FTL::DFG::LowerDFGToB3::nukeStructureAndSetButterfly):
559         (JSC::FTL::DFG::LowerDFGToB3::setButterfly): Deleted.
560         * heap/CodeBlockSet.cpp: We need to be more careful about the CodeBlockSet workflow during GC, since we will allocate CodeBlocks in eden while collecting.
561         (JSC::CodeBlockSet::clearMarksForFullCollection):
562         (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
563         * heap/Heap.cpp: Added code to measure max pauses. Added a better collectContinuously mode.
564         (JSC::Heap::lastChanceToFinalize): Stop the collectContinuously thread.
565         (JSC::Heap::harvestWeakReferences): Inline SlotVisitor::harvestWeakReferences.
566         (JSC::Heap::finalizeUnconditionalFinalizers): Inline SlotVisitor::finalizeUnconditionalReferences.
567         (JSC::Heap::markToFixpoint): We need to do some MarkedSpace stuff before every conservative scan, rather than just at the start of marking, so we now call prepareForConservativeScan() before each conservative scan. Also call a less-parallel version of drainInParallel when the mutator is running.
568         (JSC::Heap::collectInThread): Inline Heap::prepareForAllocation().
569         (JSC::Heap::stopIfNecessarySlow): We need to be more careful about ensuring that we run finalization before and after stopping. Also, we should sanitize stack when stopping the world.
570         (JSC::Heap::acquireAccessSlow): Add some optional debug prints.
571         (JSC::Heap::handleNeedFinalize): Assert that we are running this when the world is not stopped.
572         (JSC::Heap::finalize): Remove the old collectContinuously code.
573         (JSC::Heap::requestCollection): We don't need to sanitize stack here anymore.
574         (JSC::Heap::notifyIsSafeToCollect): Start the collectContinuously thread. It will request collection 1 KHz.
575         (JSC::Heap::prepareForAllocation): Deleted.
576         (JSC::Heap::preventCollection): Prevent any new concurrent GCs from being initiated.
577         (JSC::Heap::allowCollection):
578         (JSC::Heap::forEachSlotVisitor): Allows us to safely iterate slot visitors.
579         * heap/Heap.h:
580         * heap/HeapInlines.h:
581         (JSC::Heap::writeBarrier): If the 'to' cell is not NewWhite then it could be AnthraciteOrBlack. During a full collection, objects may be AnthraciteOrBlack from a previous GC. Turns out, we don't benefit from this optimization so we can just kill it.
582         * heap/HeapSnapshotBuilder.cpp:
583         (JSC::HeapSnapshotBuilder::buildSnapshot): This needs to use PreventCollectionScope to ensure snapshot soundness.
584         * heap/ListableHandler.h:
585         (JSC::ListableHandler::isOnList): Useful helper.
586         * heap/LockDuringMarking.h:
587         (JSC::lockDuringMarking): It's a locker that only locks while we're marking.
588         * heap/MarkedAllocator.cpp:
589         (JSC::MarkedAllocator::addBlock): Hold the bitvector lock while resizing.
590         * heap/MarkedBlock.cpp: Hold the bitvector lock while accessing the bitvectors while the mutator is running.
591         * heap/MarkedSpace.cpp:
592         (JSC::MarkedSpace::prepareForConservativeScan): We used to do this in prepareForMarking, but we need to do it before each conservative scan not just before marking.
593         (JSC::MarkedSpace::prepareForMarking): Remove the logic moved to prepareForConservativeScan.
594         * heap/MarkedSpace.h:
595         * heap/PreventCollectionScope.h: Added.
596         * heap/SlotVisitor.cpp: Refactored drainFromShared so that we can write a similar function called drainInParallelPassively.
597         (JSC::SlotVisitor::updateMutatorIsStopped): Update whether we can use "fast" scanning.
598         (JSC::SlotVisitor::mutatorIsStoppedIsUpToDate):
599         (JSC::SlotVisitor::didReachTermination):
600         (JSC::SlotVisitor::hasWork):
601         (JSC::SlotVisitor::drain): This now uses the rightToRun lock to allow the main GC thread to safepoint the workers.
602         (JSC::SlotVisitor::drainFromShared):
603         (JSC::SlotVisitor::drainInParallelPassively): This runs marking with one fewer threads than normal. It's useful for when we have resumed the mutator, since then the mutator has a better chance of getting on a core.
604         (JSC::SlotVisitor::addWeakReferenceHarvester):
605         (JSC::SlotVisitor::addUnconditionalFinalizer):
606         (JSC::SlotVisitor::harvestWeakReferences): Deleted.
607         (JSC::SlotVisitor::finalizeUnconditionalFinalizers): Deleted.
608         * heap/SlotVisitor.h:
609         * heap/SlotVisitorInlines.h: Outline stuff.
610         (JSC::SlotVisitor::addWeakReferenceHarvester): Deleted.
611         (JSC::SlotVisitor::addUnconditionalFinalizer): Deleted.
612         * runtime/InferredType.cpp: This needed thread safety.
613         (JSC::InferredType::visitChildren): This needs to keep its structure finalizer alive until it runs.
614         (JSC::InferredType::set):
615         (JSC::InferredType::InferredStructureFinalizer::finalizeUnconditionally):
616         * runtime/InferredType.h:
617         * runtime/InferredValue.cpp: This needed thread safety.
618         (JSC::InferredValue::visitChildren):
619         (JSC::InferredValue::ValueCleanup::finalizeUnconditionally):
620         * runtime/JSArray.cpp:
621         (JSC::JSArray::unshiftCountSlowCase): Update to use new butterfly API.
622         (JSC::JSArray::unshiftCountWithArrayStorage): Update to use new butterfly API.
623         * runtime/JSArrayBufferView.cpp:
624         (JSC::JSArrayBufferView::visitChildren): Thread safety.
625         * runtime/JSCell.h:
626         (JSC::JSCell::setStructureIDDirectly): This is used for nuking the structure.
627         (JSC::JSCell::InternalLocker::InternalLocker): Deleted. The cell is now the lock.
628         (JSC::JSCell::InternalLocker::~InternalLocker): Deleted. The cell is now the lock.
629         * runtime/JSCellInlines.h:
630         (JSC::JSCell::structure): Clean this up.
631         (JSC::JSCell::lock): The cell is now the lock.
632         (JSC::JSCell::tryLock):
633         (JSC::JSCell::unlock):
634         (JSC::JSCell::isLocked):
635         (JSC::JSCell::lockInternalLock): Deleted.
636         (JSC::JSCell::unlockInternalLock): Deleted.
637         * runtime/JSFunction.cpp:
638         (JSC::JSFunction::visitChildren): Thread safety.
639         * runtime/JSGenericTypedArrayViewInlines.h:
640         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren): Thread safety.
641         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory): Thread safety.
642         * runtime/JSObject.cpp:
643         (JSC::JSObject::markAuxiliaryAndVisitOutOfLineProperties): Factor out this "easy" step of butterfly visiting.
644         (JSC::JSObject::visitButterfly): Make this achieve 100% precision about structure-butterfly relationships. This relies on the mutator "nuking" the structure prior to "locked" structure-butterfly transitions.
645         (JSC::JSObject::visitChildren): Use the new, nicer API.
646         (JSC::JSFinalObject::visitChildren): Use the new, nicer API.
647         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists): Use the new butterfly API.
648         (JSC::JSObject::createInitialUndecided): Use the new butterfly API.
649         (JSC::JSObject::createInitialInt32): Use the new butterfly API.
650         (JSC::JSObject::createInitialDouble): Use the new butterfly API.
651         (JSC::JSObject::createInitialContiguous): Use the new butterfly API.
652         (JSC::JSObject::createArrayStorage): Use the new butterfly API.
653         (JSC::JSObject::convertUndecidedToContiguous): Use the new butterfly API.
654         (JSC::JSObject::convertUndecidedToArrayStorage): Use the new butterfly API.
655         (JSC::JSObject::convertInt32ToArrayStorage): Use the new butterfly API.
656         (JSC::JSObject::convertDoubleToContiguous): Use the new butterfly API.
657         (JSC::JSObject::convertDoubleToArrayStorage): Use the new butterfly API.
658         (JSC::JSObject::convertContiguousToArrayStorage): Use the new butterfly API.
659         (JSC::JSObject::increaseVectorLength): Use the new butterfly API.
660         (JSC::JSObject::shiftButterflyAfterFlattening): Use the new butterfly API.
661         * runtime/JSObject.h:
662         (JSC::JSObject::setButterfly): This now does all of the fences. Only use this when you are not also transitioning the structure or the structure's lastOffset.
663         (JSC::JSObject::nukeStructureAndSetButterfly): Use this when doing locked structure-butterfly transitions.
664         * runtime/JSObjectInlines.h:
665         (JSC::JSObject::putDirectWithoutTransition): Use the newly factored out API.
666         (JSC::JSObject::prepareToPutDirectWithoutTransition): Factor this out!
667         (JSC::JSObject::putDirectInternal): Use the newly factored out API.
668         * runtime/JSPropertyNameEnumerator.cpp:
669         (JSC::JSPropertyNameEnumerator::finishCreation): Locks!
670         (JSC::JSPropertyNameEnumerator::visitChildren): Locks!
671         * runtime/JSSegmentedVariableObject.cpp:
672         (JSC::JSSegmentedVariableObject::visitChildren): Locks!
673         * runtime/JSString.cpp:
674         (JSC::JSString::visitChildren): Thread safety.
675         * runtime/ModuleProgramExecutable.cpp:
676         (JSC::ModuleProgramExecutable::visitChildren): Thread safety.
677         * runtime/Options.cpp: For now we disable concurrent GC on not-X86_64.
678         (JSC::recomputeDependentOptions):
679         * runtime/Options.h: Change the default max GC parallelism to 8. I don't know why it was still 7.
680         * runtime/SamplingProfiler.cpp:
681         (JSC::SamplingProfiler::stackTracesAsJSON): This needs to defer GC before grabbing its lock.
682         * runtime/SparseArrayValueMap.cpp: This needed thread safety.
683         (JSC::SparseArrayValueMap::add):
684         (JSC::SparseArrayValueMap::remove):
685         (JSC::SparseArrayValueMap::visitChildren):
686         * runtime/SparseArrayValueMap.h:
687         * runtime/Structure.cpp: This had a race between addNewPropertyTransition and visitChildren.
688         (JSC::Structure::Structure):
689         (JSC::Structure::materializePropertyTable):
690         (JSC::Structure::addNewPropertyTransition):
691         (JSC::Structure::flattenDictionaryStructure):
692         (JSC::Structure::add): Help out with nuking support - the m_offset needs to play along.
693         (JSC::Structure::visitChildren):
694         * runtime/Structure.h: Make some useful things public - like the notion of a lastOffset.
695         * runtime/StructureChain.cpp:
696         (JSC::StructureChain::visitChildren): Thread safety!
697         * runtime/StructureChain.h: Thread safety!
698         * runtime/StructureIDTable.cpp:
699         (JSC::StructureIDTable::allocateID): Ensure that we don't get nuked IDs.
700         * runtime/StructureIDTable.h: Add the notion of a nuked ID! It's a bit that the runtime never sees except during specific shady actions like locked structure-butterfly transitions. "Nuking" tells the GC to steer clear and rescan once we fire the barrier.
701         (JSC::nukedStructureIDBit):
702         (JSC::nuke):
703         (JSC::isNuked):
704         (JSC::decontaminate):
705         * runtime/StructureInlines.h:
706         (JSC::Structure::hasIndexingHeader): Better API.
707         (JSC::Structure::add):
708         * runtime/VM.cpp: Better GC interaction.
709         (JSC::VM::ensureWatchdog):
710         (JSC::VM::deleteAllLinkedCode):
711         (JSC::VM::deleteAllCode):
712         * runtime/VM.h:
713         (JSC::VM::getStructure): Why wasn't this always an API!
714         * runtime/WebAssemblyExecutable.cpp:
715         (JSC::WebAssemblyExecutable::visitChildren): Thread safety.
716
717 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
718
719         Enable SharedArrayBuffer, remove the flag
720         https://bugs.webkit.org/show_bug.cgi?id=165614
721
722         Rubber stamped by Geoffrey Garen.
723
724         * runtime/JSGlobalObject.cpp:
725         (JSC::JSGlobalObject::init):
726         * runtime/RuntimeFlags.h:
727
728 2016-12-08  JF Bastien  <jfbastien@apple.com>
729
730         WebAssembly JS API: wire up Instance imports
731         https://bugs.webkit.org/show_bug.cgi?id=165118
732
733         Reviewed by Saam Barati.
734
735         Change a bunch of the WebAssembly object model, and pipe the
736         necessary changes to be able to call JS imports from
737         WebAssembly. This will make it easier to call_indirect, and
738         unblock many other missing features.
739
740         As a follow-up I need to teach JSC::linkFor to live without a
741         CodeBlock: wasm doesn't have one and the IC patching is sad. We'll
742         switch on the callee (or its type?) and then use that as the owner
743         (because the callee is alive if the instance is alive, ditto
744         module, and module owns the CallLinkInfo).
745
746         * CMakeLists.txt:
747         * JavaScriptCore.xcodeproj/project.pbxproj:
748         * interpreter/CallFrame.h:
749         (JSC::ExecState::callee): give access to the callee as a JSCell
750         * jit/RegisterSet.cpp: dead code from previous WebAssembly implementation
751         * jsc.cpp:
752         (callWasmFunction):
753         (functionTestWasmModuleFunctions):
754         * runtime/JSCellInlines.h:
755         (JSC::ExecState::vm): check callee instead of jsCallee: wasm only has a JSCell and not a JSObject
756         * runtime/VM.cpp:
757         (JSC::VM::VM): store the "top" WebAssembly.Instance on entry to WebAssembly (and restore the previous one on exit)
758         * runtime/VM.h:
759         * testWasm.cpp:
760         (runWasmTests):
761         * wasm/JSWebAssembly.h:
762         * wasm/WasmB3IRGenerator.cpp:
763         (JSC::Wasm::B3IRGenerator::B3IRGenerator): pass unlinked calls around to shorten their lifetime: they're ony needed until the Plan is done
764         (JSC::Wasm::B3IRGenerator::addCall):
765         (JSC::Wasm::createJSToWasmWrapper):
766         (JSC::Wasm::parseAndCompile): also pass in the function index space, so that imports can be signature-checked along with internal functions
767         * wasm/WasmB3IRGenerator.h:
768         * wasm/WasmBinding.cpp: Added.
769         (JSC::Wasm::importStubGenerator): stubs from wasm to JS
770         * wasm/WasmBinding.h: Copied from Source/JavaScriptCore/wasm/WasmValidate.h.
771         * wasm/WasmCallingConvention.h:
772         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
773         * wasm/WasmFormat.h: fix the object model
774         (JSC::Wasm::CallableFunction::CallableFunction):
775         * wasm/WasmFunctionParser.h: simplify some of the failure condition checks
776         (JSC::Wasm::FunctionParser<Context>::FunctionParser): need function index space, not just internal functions
777         (JSC::Wasm::FunctionParser<Context>::parseExpression):
778         * wasm/WasmModuleParser.cpp: early-create some of the structures which will be needed later
779         (JSC::Wasm::ModuleParser::parseImport):
780         (JSC::Wasm::ModuleParser::parseFunction):
781         (JSC::Wasm::ModuleParser::parseMemory):
782         (JSC::Wasm::ModuleParser::parseExport):
783         (JSC::Wasm::ModuleParser::parseCode):
784         * wasm/WasmModuleParser.h:
785         (JSC::Wasm::ModuleParser::functionIndexSpace):
786         (JSC::Wasm::ModuleParser::functionLocations):
787         * wasm/WasmParser.h:
788         (JSC::Wasm::Parser::consumeUTF8String):
789         * wasm/WasmPlan.cpp: pass around the wasm objects at the right time, reducing their lifetime and making it easier to pass them around when needed
790         (JSC::Wasm::Plan::run):
791         (JSC::Wasm::Plan::initializeCallees):
792         * wasm/WasmPlan.h:
793         (JSC::Wasm::Plan::exports):
794         (JSC::Wasm::Plan::internalFunctionCount):
795         (JSC::Wasm::Plan::jsToWasmEntryPointForFunction):
796         (JSC::Wasm::Plan::takeModuleInformation):
797         (JSC::Wasm::Plan::takeCallLinkInfos):
798         (JSC::Wasm::Plan::takeWasmToJSStubs):
799         (JSC::Wasm::Plan::takeFunctionIndexSpace):
800         * wasm/WasmValidate.cpp: check function index space instead of only internal functions
801         (JSC::Wasm::Validate::addCall):
802         (JSC::Wasm::validateFunction):
803         * wasm/WasmValidate.h:
804         * wasm/js/JSWebAssemblyCallee.cpp:
805         (JSC::JSWebAssemblyCallee::finishCreation):
806         * wasm/js/JSWebAssemblyCallee.h:
807         (JSC::JSWebAssemblyCallee::create):
808         (JSC::JSWebAssemblyCallee::jsToWasmEntryPoint):
809         * wasm/js/JSWebAssemblyInstance.cpp:
810         (JSC::JSWebAssemblyInstance::create):
811         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
812         (JSC::JSWebAssemblyInstance::visitChildren):
813         * wasm/js/JSWebAssemblyInstance.h: hold the import functions off the end of the Instance
814         (JSC::JSWebAssemblyInstance::importFunction):
815         (JSC::JSWebAssemblyInstance::importFunctions):
816         (JSC::JSWebAssemblyInstance::setImportFunction):
817         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
818         (JSC::JSWebAssemblyInstance::offsetOfImportFunction):
819         (JSC::JSWebAssemblyInstance::allocationSize):
820         * wasm/js/JSWebAssemblyModule.cpp:
821         (JSC::JSWebAssemblyModule::create):
822         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
823         (JSC::JSWebAssemblyModule::visitChildren):
824         * wasm/js/JSWebAssemblyModule.h: hold the link call info, the import function stubs, and the function index space
825         (JSC::JSWebAssemblyModule::signatureForFunctionIndexSpace):
826         (JSC::JSWebAssemblyModule::importCount):
827         (JSC::JSWebAssemblyModule::calleeFromFunctionIndexSpace):
828         * wasm/js/WebAssemblyFunction.cpp:
829         (JSC::callWebAssemblyFunction): set top Instance on VM
830         * wasm/js/WebAssemblyFunction.h:
831         (JSC::WebAssemblyFunction::instance):
832         * wasm/js/WebAssemblyInstanceConstructor.cpp:
833         (JSC::constructJSWebAssemblyInstance): handle function imports
834         * wasm/js/WebAssemblyModuleConstructor.cpp:
835         (JSC::constructJSWebAssemblyModule): generate the stubs for import functions
836         * wasm/js/WebAssemblyModuleRecord.cpp:
837         (JSC::WebAssemblyModuleRecord::link):
838         * wasm/js/WebAssemblyToJSCallee.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
839         (JSC::WebAssemblyToJSCallee::create): dummy JSCell singleton which lives on the VM, and is put as the callee in the import stub's frame to identified it when unwinding
840         (JSC::WebAssemblyToJSCallee::createStructure):
841         (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
842         (JSC::WebAssemblyToJSCallee::finishCreation):
843         (JSC::WebAssemblyToJSCallee::destroy):
844         * wasm/js/WebAssemblyToJSCallee.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
845
846 2016-12-08  Mark Lam  <mark.lam@apple.com>
847
848         Enable JSC restricted options by default in the jsc shell.
849         https://bugs.webkit.org/show_bug.cgi?id=165615
850
851         Reviewed by Keith Miller.
852
853         The jsc shell is only used for debugging and development testing.  We should
854         allow it to use restricted options like JSC_useDollarVM even for release builds.
855
856         * jsc.cpp:
857         (jscmain):
858         * runtime/Options.cpp:
859         (JSC::Options::enableRestrictedOptions):
860         (JSC::Options::isAvailable):
861         (JSC::allowRestrictedOptions): Deleted.
862         * runtime/Options.h:
863
864 2016-12-08  Chris Dumez  <cdumez@apple.com>
865
866         Unreviewed, rolling out r209489.
867
868         Likely caused large regressions on JetStream, Sunspider and
869         Speedometer
870
871         Reverted changeset:
872
873         "Add system trace points for JavaScript VM entry/exit"
874         https://bugs.webkit.org/show_bug.cgi?id=165550
875         http://trac.webkit.org/changeset/209489
876
877 2016-12-08  Keith Miller  <keith_miller@apple.com>
878
879         Move LEB tests to API tests
880         https://bugs.webkit.org/show_bug.cgi?id=165586
881
882         Reviewed by Saam Barati.
883
884         Delete old stuff.
885
886         * testWasm.cpp:
887         (printUsageStatement):
888         (CommandLine::parseArguments):
889         (main):
890         (runLEBTests): Deleted.
891
892 2016-12-07  JF Bastien  <jfbastien@apple.com>
893
894         Cleanup WebAssembly's RETURN_IF_EXCEPTION
895         https://bugs.webkit.org/show_bug.cgi?id=165595
896
897         Reviewed by Filip Pizlo.
898
899         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
900         (JSC::constructJSWebAssemblyCompileError):
901         * wasm/js/WebAssemblyFunction.cpp:
902         (JSC::callWebAssemblyFunction):
903         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
904         (JSC::constructJSWebAssemblyRuntimeError):
905
906 2016-12-07  Geoffrey Garen  <ggaren@apple.com>
907
908         Renamed SourceCode members to match their accessor names
909         https://bugs.webkit.org/show_bug.cgi?id=165573
910
911         Reviewed by Keith Miller.
912
913         startChar => startOffset
914         endChar => endOffset
915
916         * parser/UnlinkedSourceCode.h:
917         (JSC::UnlinkedSourceCode::UnlinkedSourceCode):
918         (JSC::UnlinkedSourceCode::view):
919         (JSC::UnlinkedSourceCode::startOffset):
920         (JSC::UnlinkedSourceCode::endOffset):
921         (JSC::UnlinkedSourceCode::length):
922
923 2016-12-07  Keith Miller  <keith_miller@apple.com>
924
925         Add more missing trivial wasm ops.
926         https://bugs.webkit.org/show_bug.cgi?id=165564
927
928         Reviewed by Geoffrey Garen.
929
930         This patch adds the nop, drop, and tee_local opcodes.
931         It also fixes an issue where we were not generating
932         the proper enums for the grow_memory and current_memory
933         opcodes.
934
935         * wasm/WasmFunctionParser.h:
936         (JSC::Wasm::FunctionParser<Context>::parseExpression):
937         * wasm/generateWasmOpsHeader.py:
938
939 2016-12-07  Geoffrey Garen  <ggaren@apple.com>
940
941         Renamed source => parentSource
942         https://bugs.webkit.org/show_bug.cgi?id=165570
943
944         Reviewed by Keith Miller.
945
946         For less confuse.
947
948         * bytecode/UnlinkedFunctionExecutable.cpp:
949         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
950
951 2016-12-07  Yusuke Suzuki  <utatane.tea@gmail.com>
952
953         [JSC] Drop translate phase in module loader
954         https://bugs.webkit.org/show_bug.cgi?id=164861
955
956         Reviewed by Saam Barati.
957
958         Originally, this "translate" phase was introduced to the module loader.
959         However, recent rework discussion[1] starts dropping this phase.
960         And this "translate" phase is meaningless in the browser side module loader
961         since this phase originally mimics the node.js's translation hook (like,
962         transpiling CoffeeScript source to JavaScript).
963
964         This "translate" phase is not necessary for the exposed HTML5
965         <script type="module"> tag right now. Once the module loader pipeline is
966         redefined and specified, we need to update the current loader anyway.
967         So dropping "translate" phase right now is OK.
968
969         This a bit simplifies the current module loader pipeline.
970
971         [1]: https://github.com/whatwg/loader/issues/147
972
973         * builtins/ModuleLoaderPrototype.js:
974         (newRegistryEntry):
975         (fulfillFetch):
976         (requestFetch):
977         (requestInstantiate):
978         (provide):
979         (fulfillTranslate): Deleted.
980         (requestTranslate): Deleted.
981         * bytecode/BytecodeIntrinsicRegistry.cpp:
982         (JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
983         * jsc.cpp:
984         * runtime/JSGlobalObject.cpp:
985         * runtime/JSGlobalObject.h:
986         * runtime/JSModuleLoader.cpp:
987         (JSC::JSModuleLoader::translate): Deleted.
988         * runtime/JSModuleLoader.h:
989         * runtime/ModuleLoaderPrototype.cpp:
990         (JSC::moduleLoaderPrototypeInstantiate):
991         (JSC::moduleLoaderPrototypeTranslate): Deleted.
992
993 2016-12-07  Joseph Pecoraro  <pecoraro@apple.com>
994
995         Web Inspector: Add ability to distinguish if a Script was parsed as a module
996         https://bugs.webkit.org/show_bug.cgi?id=164900
997         <rdar://problem/29323817>
998
999         Reviewed by Timothy Hatcher.
1000
1001         * inspector/agents/InspectorDebuggerAgent.cpp:
1002         (Inspector::InspectorDebuggerAgent::didParseSource):
1003         * inspector/protocol/Debugger.json:
1004         Add an optional event parameter to distinguish if a script was a module or not.
1005
1006 2016-12-07  Simon Fraser  <simon.fraser@apple.com>
1007
1008         Add system trace points for JavaScript VM entry/exit
1009         https://bugs.webkit.org/show_bug.cgi?id=165550
1010
1011         Reviewed by Tim Horton.
1012
1013         Add trace points for entry/exit into/out of the JS VM.
1014
1015         * runtime/VMEntryScope.cpp:
1016         (JSC::VMEntryScope::VMEntryScope):
1017         (JSC::VMEntryScope::~VMEntryScope):
1018
1019 2016-12-06  Keith Miller  <keith_miller@apple.com>
1020
1021         Add support for truncation operators
1022         https://bugs.webkit.org/show_bug.cgi?id=165519
1023
1024         Reviewed by Geoffrey Garen.
1025
1026         This patch adds initial support for truncation operators. The current patch
1027         does range based out of bounds checking, in the future we should use system
1028         register flags on ARM and other tricks on X86 improve the performance of
1029         these opcodes.
1030
1031         * assembler/MacroAssemblerARM64.h:
1032         (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
1033         (JSC::MacroAssemblerARM64::truncateDoubleToInt64):
1034         (JSC::MacroAssemblerARM64::truncateDoubleToUint64):
1035         (JSC::MacroAssemblerARM64::truncateFloatToInt32):
1036         (JSC::MacroAssemblerARM64::truncateFloatToUint32):
1037         (JSC::MacroAssemblerARM64::truncateFloatToInt64):
1038         (JSC::MacroAssemblerARM64::truncateFloatToUint64):
1039         * assembler/MacroAssemblerX86Common.h:
1040         (JSC::MacroAssemblerX86Common::truncateFloatToInt32):
1041         (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): Deleted.
1042         * assembler/MacroAssemblerX86_64.h:
1043         (JSC::MacroAssemblerX86_64::truncateDoubleToUint32):
1044         (JSC::MacroAssemblerX86_64::truncateDoubleToInt64):
1045         (JSC::MacroAssemblerX86_64::truncateDoubleToUint64):
1046         (JSC::MacroAssemblerX86_64::truncateFloatToUint32):
1047         (JSC::MacroAssemblerX86_64::truncateFloatToInt64):
1048         (JSC::MacroAssemblerX86_64::truncateFloatToUint64):
1049         * assembler/X86Assembler.h:
1050         (JSC::X86Assembler::cvttss2si_rr):
1051         (JSC::X86Assembler::cvttss2siq_rr):
1052         * wasm/WasmB3IRGenerator.cpp:
1053         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF64>):
1054         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF32>):
1055         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF64>):
1056         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF32>):
1057         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF64>):
1058         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF64>):
1059         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF32>):
1060         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF32>):
1061         * wasm/WasmFunctionParser.h:
1062         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1063
1064 2016-12-07  Joseph Pecoraro  <pecoraro@apple.com>
1065
1066         Web Inspector: Remove unused and mostly untested Page domain commands and events
1067         https://bugs.webkit.org/show_bug.cgi?id=165507
1068
1069         Reviewed by Brian Burg.
1070
1071         Remove unused and unsupported commands and events.
1072
1073           - Page.setDocumentContent
1074           - Page.getScriptExecutionStatus
1075           - Page.setScriptExecutionDisabled
1076           - Page.handleJavaScriptDialog
1077           - Page.javascriptDialogOpening
1078           - Page.javascriptDialogClosed
1079           - Page.scriptsEnabled
1080
1081         * inspector/protocol/Page.json:
1082
1083 2016-12-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1084
1085         [JSC] Merge PromiseReactions
1086         https://bugs.webkit.org/show_bug.cgi?id=165526
1087
1088         Reviewed by Sam Weinig.
1089
1090         Our promise implementation has two arrays per Promise; promiseFulfillReactions and promiseRejectReactions.
1091         And everytime we call `promise.then`, we create two promise reactions for fullfill and reject.
1092         However, these two reactions and the arrays for reactions can be merged into one array and one reaction.
1093         It reduces the unnecessary object allocations.
1094
1095         No behavior change.
1096
1097         * builtins/BuiltinNames.h:
1098         * builtins/PromiseOperations.js:
1099         (globalPrivate.newPromiseReaction):
1100         (globalPrivate.triggerPromiseReactions):
1101         (globalPrivate.rejectPromise):
1102         (globalPrivate.fulfillPromise):
1103         (globalPrivate.promiseReactionJob):
1104         (globalPrivate.initializePromise):
1105         * builtins/PromisePrototype.js:
1106         (then):
1107         * runtime/JSPromise.cpp:
1108         (JSC::JSPromise::finishCreation):
1109
1110 2016-12-06  Mark Lam  <mark.lam@apple.com>
1111
1112         GetByID IC is wrongly unwrapping the global proxy this value for getter/setters.
1113         https://bugs.webkit.org/show_bug.cgi?id=165401
1114
1115         Reviewed by Saam Barati.
1116
1117         When the this value for a property access is the JS global and that property
1118         access is via a GetterSetter, the underlying getter / setter functions would
1119         expect the this value they receive to be the JSProxy instance instead of the
1120         JSGlobalObject.  This is consistent with how the LLINT and runtime code behaves.
1121         The IC code should behave the same way.
1122
1123         Also added some ASSERTs to document invariants in the code, and help detect
1124         bugs sooner if the code gets changed in a way that breaks those invariants in
1125         the future.
1126
1127         * bytecode/PolymorphicAccess.cpp:
1128         (JSC::AccessCase::generateImpl):
1129
1130 2016-12-06  Joseph Pecoraro  <pecoraro@apple.com>
1131
1132         DumpRenderTree ASSERT in JSC::ExecutableBase::isHostFunction seen on bots
1133         https://bugs.webkit.org/show_bug.cgi?id=165497
1134         <rdar://problem/29538973>
1135
1136         Reviewed by Saam Barati.
1137
1138         * inspector/agents/InspectorScriptProfilerAgent.cpp:
1139         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1140         Defer collection when extracting and processing the samples to avoid
1141         any objects held by the samples from getting collected while processing.
1142         This is because while processing we call into functions that can
1143         allocate and we must prevent those functions from syncing with the
1144         GC thread which may collect other sample data yet to be processed.
1145
1146 2016-12-06  Alexey Proskuryakov  <ap@apple.com>
1147
1148         Correct SDKROOT values in xcconfig files
1149         https://bugs.webkit.org/show_bug.cgi?id=165487
1150         rdar://problem/29539209
1151
1152         Reviewed by Dan Bernstein.
1153
1154         Fix suggested by Dan Bernstein.
1155
1156         * Configurations/DebugRelease.xcconfig:
1157
1158 2016-12-06  Saam Barati  <sbarati@apple.com>
1159
1160         Remove old Wasm object model
1161         https://bugs.webkit.org/show_bug.cgi?id=165481
1162
1163         Reviewed by Keith Miller and Mark Lam.
1164
1165         It's confusing to see code that consults both the old
1166         Wasm object model alongside the new one. The old object
1167         model is not a thing, and it's not being used. Let's
1168         remove it now to prevent further confusion.
1169
1170         * CMakeLists.txt:
1171         * JavaScriptCore.xcodeproj/project.pbxproj:
1172         * bytecode/CodeBlock.cpp:
1173         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1174         (JSC::CodeBlock::replacement):
1175         (JSC::CodeBlock::computeCapabilityLevel):
1176         (JSC::CodeBlock::updateAllPredictions):
1177         * bytecode/CodeBlock.h:
1178         * bytecode/WebAssemblyCodeBlock.cpp: Removed.
1179         * bytecode/WebAssemblyCodeBlock.h: Removed.
1180         * dfg/DFGCapabilities.cpp:
1181         (JSC::DFG::isSupportedForInlining):
1182         * interpreter/Interpreter.cpp:
1183         (JSC::GetStackTraceFunctor::operator()):
1184         (JSC::UnwindFunctor::operator()):
1185         (JSC::isWebAssemblyExecutable): Deleted.
1186         * jit/JITOperations.cpp:
1187         * jit/Repatch.cpp:
1188         (JSC::linkPolymorphicCall):
1189         * llint/LLIntSlowPaths.cpp:
1190         (JSC::LLInt::setUpCall):
1191         * runtime/ExecutableBase.cpp:
1192         (JSC::ExecutableBase::clearCode):
1193         * runtime/ExecutableBase.h:
1194         (JSC::ExecutableBase::isWebAssemblyExecutable): Deleted.
1195         * runtime/JSFunction.cpp:
1196         * runtime/JSFunction.h:
1197         * runtime/JSFunctionInlines.h:
1198         (JSC::JSFunction::isBuiltinFunction):
1199         * runtime/VM.cpp:
1200         (JSC::VM::VM):
1201         * runtime/VM.h:
1202         * runtime/WebAssemblyExecutable.cpp: Removed.
1203         * runtime/WebAssemblyExecutable.h: Removed.
1204
1205 2016-12-06  JF Bastien  <jfbastien@apple.com>
1206
1207         PureNaN: fix typo
1208         https://bugs.webkit.org/show_bug.cgi?id=165493
1209
1210         Reviewed by Mark Lam.
1211
1212         * runtime/PureNaN.h:
1213
1214 2016-12-06  Mark Lam  <mark.lam@apple.com>
1215
1216         Introduce the concept of Immutable Prototype Exotic Objects to comply with the spec.
1217         https://bugs.webkit.org/show_bug.cgi?id=165227
1218         <rdar://problem/29442665>
1219
1220         Reviewed by Saam Barati.
1221
1222         * runtime/JSObject.cpp:
1223         (JSC::JSObject::setPrototypeWithCycleCheck):
1224         - This is where we check for immutable prototype exotic objects and refuse to set
1225           the prototype if needed.
1226           See https://tc39.github.io/ecma262/#sec-immutable-prototype-exotic-objects.
1227
1228         * runtime/JSTypeInfo.h:
1229         (JSC::TypeInfo::isImmutablePrototypeExoticObject):
1230         * runtime/Structure.h:
1231         - Add flag for declaring immutable prototype exotic objects.
1232
1233         * runtime/ObjectPrototype.h:
1234         - Declare that Object.prototype is an immutable prototype exotic object.
1235           See https://tc39.github.io/ecma262/#sec-properties-of-the-object-prototype-object.
1236
1237         * runtime/ObjectConstructor.cpp:
1238         (JSC::objectConstructorSetPrototypeOf):
1239         - Use better error messages.
1240
1241 2016-12-04  Darin Adler  <darin@apple.com>
1242
1243         Use ASCIICType more, and improve it a little bit
1244         https://bugs.webkit.org/show_bug.cgi?id=165360
1245
1246         Reviewed by Sam Weinig.
1247
1248         * inspector/InspectorValues.cpp:
1249         (Inspector::readHexDigits): Use isASCIIHexDigit.
1250         (Inspector::hextoInt): Deleted.
1251         (decodeString): Use toASCIIHexValue.
1252
1253         * runtime/JSGlobalObjectFunctions.cpp:
1254         (JSC::parseDigit): Use isASCIIDigit, isASCIIUpper, and isASCIILower.
1255
1256         * runtime/StringPrototype.cpp:
1257         (JSC::substituteBackreferencesSlow): Use isASCIIDigit.
1258
1259 2016-12-06  Csaba Osztrogon√°c  <ossy@webkit.org>
1260
1261         Add storeFence support for ARMv7
1262         https://bugs.webkit.org/show_bug.cgi?id=164733
1263
1264         Reviewed by Saam Barati.
1265
1266         * assembler/ARMAssembler.h:
1267         (JSC::ARMAssembler::dmbISHST): Added.
1268         * assembler/ARMv7Assembler.h: Typo fixed, DMB has only T1 encoding.
1269         (JSC::ARMv7Assembler::dmbSY):
1270         (JSC::ARMv7Assembler::dmbISHST): Added.
1271         * assembler/MacroAssemblerARM.h:
1272         (JSC::MacroAssemblerARM::storeFence):
1273         * assembler/MacroAssemblerARMv7.h:
1274         (JSC::MacroAssemblerARMv7::storeFence):
1275
1276 2016-12-05  Matt Baker  <mattbaker@apple.com>
1277
1278         Web Inspector: remove ASSERT from InspectorDebuggerAgent::derefAsyncCallData
1279         https://bugs.webkit.org/show_bug.cgi?id=165413
1280         <rdar://problem/29517587>
1281
1282         Reviewed by Brian Burg.
1283
1284         DOMTimer::removeById can call into InspectorInstrumentation with an
1285         invalid identifier, so don't assert that async call data exists.
1286
1287         * inspector/agents/InspectorDebuggerAgent.cpp:
1288         (Inspector::InspectorDebuggerAgent::derefAsyncCallData):
1289
1290 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
1291
1292         Fixed a bug in my last patch.
1293
1294         Unreviewed.
1295
1296         * bytecode/UnlinkedFunctionExecutable.h: Restore the conversion to
1297         one-based counting.
1298
1299 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
1300
1301         Moved start and end column linking into helper functions
1302         https://bugs.webkit.org/show_bug.cgi?id=165422
1303
1304         Reviewed by Sam Weinig.
1305
1306         * bytecode/UnlinkedFunctionExecutable.cpp:
1307         (JSC::UnlinkedFunctionExecutable::link):
1308         * bytecode/UnlinkedFunctionExecutable.h:
1309
1310 2016-12-05  Mark Lam  <mark.lam@apple.com>
1311
1312         Fix JSC files so that we can build a release build with NDEBUG #undef'ed.
1313         https://bugs.webkit.org/show_bug.cgi?id=165409
1314
1315         Reviewed by Keith Miller.
1316
1317         This allows us to run a release build with DEBUG ASSERTs enabled.
1318
1319         * bytecode/BytecodeLivenessAnalysis.cpp:
1320         * bytecode/UnlinkedEvalCodeBlock.cpp:
1321         * bytecode/UnlinkedFunctionCodeBlock.cpp:
1322         * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
1323         * bytecode/UnlinkedProgramCodeBlock.cpp:
1324         * runtime/EvalExecutable.cpp:
1325
1326 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
1327
1328         Renamed source => parentSource
1329         https://bugs.webkit.org/show_bug.cgi?id=165419
1330
1331         Reviewed by Saam Barati.
1332
1333         This should help clarify that a FunctionExecutable holds the source
1334         code to its *parent* scope, and not its own SourceCode.
1335
1336         * builtins/BuiltinExecutables.cpp:
1337         (JSC::BuiltinExecutables::createExecutable):
1338         * bytecode/UnlinkedFunctionExecutable.cpp:
1339         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1340         (JSC::UnlinkedFunctionExecutable::link):
1341         * bytecode/UnlinkedFunctionExecutable.h:
1342
1343 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
1344
1345         ScriptExecutable should not contain a copy of firstLine and startColumn
1346         https://bugs.webkit.org/show_bug.cgi?id=165415
1347
1348         Reviewed by Keith Miller.
1349
1350         We already have this data in SourceCode.
1351
1352         It's super confusing to have two copies of this data, where one is
1353         allowed to mutate. In reality, your line and column number never change.
1354
1355         * bytecode/UnlinkedFunctionExecutable.cpp:
1356         (JSC::UnlinkedFunctionExecutable::link):
1357         * runtime/CodeCache.cpp:
1358         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1359         * runtime/CodeCache.h:
1360         (JSC::generateUnlinkedCodeBlock):
1361         * runtime/FunctionExecutable.cpp:
1362         (JSC::FunctionExecutable::FunctionExecutable):
1363         * runtime/FunctionExecutable.h:
1364         * runtime/ScriptExecutable.cpp:
1365         (JSC::ScriptExecutable::ScriptExecutable):
1366         (JSC::ScriptExecutable::newCodeBlockFor):
1367         * runtime/ScriptExecutable.h:
1368         (JSC::ScriptExecutable::firstLine):
1369         (JSC::ScriptExecutable::startColumn):
1370         (JSC::ScriptExecutable::recordParse):
1371
1372 2016-12-05  Caitlin Potter  <caitp@igalia.com>
1373
1374         [JSC] report unexpected token when "async" is followed by identifier 
1375         https://bugs.webkit.org/show_bug.cgi?id=165091
1376
1377         Reviewed by Mark Lam.
1378
1379         Report a SyntaxError, in order to report correct error in contexts
1380         an async ArrowFunction cannot occur. Also corrects errors in comment
1381         describing JSTokenType bitfield, which was added in r209293.
1382
1383         * parser/Parser.cpp:
1384         (JSC::Parser<LexerType>::parseMemberExpression):
1385         * parser/ParserTokens.h:
1386
1387 2016-12-05  Keith Miller  <keith_miller@apple.com>
1388
1389         Add Wasm i64 to i32 conversion.
1390         https://bugs.webkit.org/show_bug.cgi?id=165378
1391
1392         Reviewed by Filip Pizlo.
1393
1394         It turns out the wrap operation is just B3's Trunc.
1395
1396         * wasm/wasm.json:
1397
1398 2016-12-05  Joseph Pecoraro  <pecoraro@apple.com>
1399
1400         REGRESSION(r208985): SafariForWebKitDevelopment Symbol Not Found looking for method with WTF::Optional
1401         https://bugs.webkit.org/show_bug.cgi?id=165351
1402
1403         Reviewed by Yusuke Suzuki.
1404
1405         Some versions of Safari expect:
1406
1407             Inspector::BackendDispatcher::reportProtocolError(WTF::Optional<long>, Inspector::BackendDispatcher::CommonErrorCode, WTF::String const&)
1408         
1409         Which we had updated to use std::optional. Expose a version with the original
1410         Symbol for these Safaris. This stub will just call through to the new version.
1411
1412         * inspector/InspectorBackendDispatcher.cpp:
1413         (Inspector::BackendDispatcher::reportProtocolError):
1414         * inspector/InspectorBackendDispatcher.h:
1415
1416 2016-12-05  Konstantin Tokarev  <annulen@yandex.ru>
1417
1418         Add __STDC_FORMAT_MACROS before inttypes.h is included
1419         https://bugs.webkit.org/show_bug.cgi?id=165374
1420
1421         We need formatting macros like PRIu64 to be available in all places where
1422         inttypes.h header is used. All these usages get inttypes.h definitions
1423         via wtf/Assertions.h header, except SQLiteFileSystem.cpp where formatting
1424         macros are not used anymore since r185129.
1425
1426         This patch fixes multiple build errors with MinGW and reduces number of
1427         independent __STDC_FORMAT_MACROS uses in the code base.
1428
1429         Reviewed by Darin Adler.
1430
1431         * disassembler/ARM64/A64DOpcode.cpp: Removed __STDC_FORMAT_MACROS
1432         because it is obtained via Assertions.h now
1433         * disassembler/ARM64Disassembler.cpp: Ditto.
1434
1435 2016-12-04  Keith Miller  <keith_miller@apple.com>
1436
1437         Add support for Wasm ctz and popcnt
1438         https://bugs.webkit.org/show_bug.cgi?id=165369
1439
1440         Reviewed by Saam Barati.
1441
1442         * assembler/MacroAssemblerARM64.h:
1443         (JSC::MacroAssemblerARM64::countTrailingZeros32):
1444         (JSC::MacroAssemblerARM64::countTrailingZeros64):
1445         * assembler/MacroAssemblerX86Common.cpp:
1446         * assembler/MacroAssemblerX86Common.h:
1447         (JSC::MacroAssemblerX86Common::countTrailingZeros32):
1448         (JSC::MacroAssemblerX86Common::supportsBMI1):
1449         (JSC::MacroAssemblerX86Common::ctzAfterBsf):
1450         * assembler/MacroAssemblerX86_64.h:
1451         (JSC::MacroAssemblerX86_64::countTrailingZeros64):
1452         * assembler/X86Assembler.h:
1453         (JSC::X86Assembler::tzcnt_rr):
1454         (JSC::X86Assembler::tzcntq_rr):
1455         (JSC::X86Assembler::bsf_rr):
1456         (JSC::X86Assembler::bsfq_rr):
1457         * wasm/WasmB3IRGenerator.cpp:
1458         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Ctz>):
1459         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Ctz>):
1460         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Popcnt>):
1461         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Popcnt>):
1462         * wasm/WasmFunctionParser.h:
1463         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1464
1465 2016-12-04  Saam Barati  <sbarati@apple.com>
1466
1467         We should have a Wasm callee
1468         https://bugs.webkit.org/show_bug.cgi?id=165163
1469
1470         Reviewed by Keith Miller.
1471
1472         This patch adds JSWebAssemblyCallee and stores it into the
1473         callee slot in the call frame as part of the prologue of a
1474         wasm function. This is the first step in implementing
1475         unwinding from/through wasm frames. We will use the callee
1476         to identify that a machine frame belongs to wasm code.
1477
1478         * CMakeLists.txt:
1479         * JavaScriptCore.xcodeproj/project.pbxproj:
1480         * jsc.cpp:
1481         (callWasmFunction):
1482         (functionTestWasmModuleFunctions):
1483         * llint/LowLevelInterpreter64.asm:
1484         * runtime/JSGlobalObject.cpp:
1485         * runtime/VM.cpp:
1486         (JSC::VM::VM):
1487         * runtime/VM.h:
1488         * wasm/JSWebAssembly.h:
1489         * wasm/WasmB3IRGenerator.cpp:
1490         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1491         (JSC::Wasm::parseAndCompile):
1492         * wasm/WasmCallingConvention.h:
1493         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
1494         * wasm/WasmFormat.h:
1495         * wasm/WasmPlan.cpp:
1496         (JSC::Wasm::Plan::initializeCallees):
1497         * wasm/WasmPlan.h:
1498         (JSC::Wasm::Plan::compiledFunction):
1499         (JSC::Wasm::Plan::getCompiledFunctions): Deleted.
1500         * wasm/js/JSWebAssemblyCallee.cpp: Added.
1501         (JSC::JSWebAssemblyCallee::JSWebAssemblyCallee):
1502         (JSC::JSWebAssemblyCallee::finishCreation):
1503         (JSC::JSWebAssemblyCallee::destroy):
1504         * wasm/js/JSWebAssemblyCallee.h: Added.
1505         (JSC::JSWebAssemblyCallee::create):
1506         (JSC::JSWebAssemblyCallee::createStructure):
1507         (JSC::JSWebAssemblyCallee::jsEntryPoint):
1508         * wasm/js/JSWebAssemblyModule.cpp:
1509         (JSC::JSWebAssemblyModule::create):
1510         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1511         (JSC::JSWebAssemblyModule::visitChildren):
1512         * wasm/js/JSWebAssemblyModule.h:
1513         (JSC::JSWebAssemblyModule::moduleInformation):
1514         (JSC::JSWebAssemblyModule::callee):
1515         (JSC::JSWebAssemblyModule::callees):
1516         (JSC::JSWebAssemblyModule::offsetOfCallees):
1517         (JSC::JSWebAssemblyModule::allocationSize):
1518         (JSC::JSWebAssemblyModule::compiledFunctions): Deleted.
1519         * wasm/js/WebAssemblyFunction.cpp:
1520         (JSC::callWebAssemblyFunction):
1521         (JSC::WebAssemblyFunction::create):
1522         (JSC::WebAssemblyFunction::visitChildren):
1523         (JSC::WebAssemblyFunction::finishCreation):
1524         * wasm/js/WebAssemblyFunction.h:
1525         (JSC::WebAssemblyFunction::webAssemblyCallee):
1526         (JSC::WebAssemblyFunction::instance):
1527         (JSC::WebAssemblyFunction::signature):
1528         (JSC::CallableWebAssemblyFunction::CallableWebAssemblyFunction): Deleted.
1529         (JSC::WebAssemblyFunction::webAssemblyFunctionCell): Deleted.
1530         * wasm/js/WebAssemblyFunctionCell.cpp:
1531         (JSC::WebAssemblyFunctionCell::create): Deleted.
1532         (JSC::WebAssemblyFunctionCell::WebAssemblyFunctionCell): Deleted.
1533         (JSC::WebAssemblyFunctionCell::destroy): Deleted.
1534         (JSC::WebAssemblyFunctionCell::createStructure): Deleted.
1535         * wasm/js/WebAssemblyFunctionCell.h:
1536         (JSC::WebAssemblyFunctionCell::function): Deleted.
1537         * wasm/js/WebAssemblyModuleConstructor.cpp:
1538         (JSC::constructJSWebAssemblyModule):
1539         * wasm/js/WebAssemblyModuleRecord.cpp:
1540         (JSC::WebAssemblyModuleRecord::link):
1541
1542 2016-12-04  Matt Baker  <mattbaker@apple.com>
1543
1544         Web Inspector: Assertion Failures breakpoint should respect global Breakpoints enabled setting
1545         https://bugs.webkit.org/show_bug.cgi?id=165277
1546         <rdar://problem/29467098>
1547
1548         Reviewed by Mark Lam.
1549
1550         * inspector/agents/InspectorDebuggerAgent.cpp:
1551         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1552         Check that breakpoints are active before pausing.
1553
1554 2016-12-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1555
1556         Refactor SymbolImpl layout
1557         https://bugs.webkit.org/show_bug.cgi?id=165247
1558
1559         Reviewed by Darin Adler.
1560
1561         Use SymbolImpl::{create, createNullSymbol} instead.
1562
1563         * runtime/PrivateName.h:
1564         (JSC::PrivateName::PrivateName):
1565
1566 2016-12-03  JF Bastien  <jfbastien@apple.com>
1567
1568         WebAssembly: update binary format to 0xD version
1569         https://bugs.webkit.org/show_bug.cgi?id=165345
1570
1571         Reviewed by Keith Miller.
1572
1573         As described in the following PR: https://github.com/WebAssembly/design/pull/836
1574         Originally committed in r209175, reverted in r209242, and fixed in r209284.
1575
1576         * wasm/WasmB3IRGenerator.cpp:
1577         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1578         (JSC::Wasm::B3IRGenerator::zeroForType):
1579         (JSC::Wasm::B3IRGenerator::addConstant):
1580         (JSC::Wasm::createJSWrapper):
1581         * wasm/WasmCallingConvention.h:
1582         (JSC::Wasm::CallingConvention::marshallArgument):
1583         * wasm/WasmFormat.cpp:
1584         (JSC::Wasm::toString): Deleted.
1585         * wasm/WasmFormat.h:
1586         (JSC::Wasm::isValueType):
1587         (JSC::Wasm::toB3Type): Deleted.
1588         * wasm/WasmFunctionParser.h:
1589         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1590         * wasm/WasmModuleParser.cpp:
1591         (JSC::Wasm::ModuleParser::parse):
1592         (JSC::Wasm::ModuleParser::parseType):
1593         * wasm/WasmModuleParser.h:
1594         * wasm/WasmParser.h:
1595         (JSC::Wasm::Parser::parseResultType):
1596         * wasm/generateWasm.py:
1597         (Wasm.__init__):
1598         * wasm/generateWasmOpsHeader.py:
1599         (cppMacro):
1600         (typeMacroizer):
1601         (opcodeMacroizer):
1602         * wasm/js/WebAssemblyFunction.cpp:
1603         (JSC::callWebAssemblyFunction):
1604         * wasm/wasm.json:
1605
1606 2016-12-02  Keith Miller  <keith_miller@apple.com>
1607
1608         Add Wasm copysign
1609         https://bugs.webkit.org/show_bug.cgi?id=165355
1610
1611         Reviewed by Filip Pizlo.
1612
1613         This patch also makes two other important changes:
1614
1615         1) allows for i64 constants in the B3 generator language.
1616         2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
1617            of a Double in B3.
1618
1619         * wasm/WasmB3IRGenerator.cpp:
1620         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1621         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
1622         (CodeGenerator.generateOpcode):
1623         (generateConstCode):
1624         (generateI32ConstCode): Deleted.
1625         * wasm/wasm.json:
1626
1627 2016-12-03  Commit Queue  <commit-queue@webkit.org>
1628
1629         Unreviewed, rolling out r209298.
1630         https://bugs.webkit.org/show_bug.cgi?id=165359
1631
1632         broke the build (Requested by smfr on #webkit).
1633
1634         Reverted changeset:
1635
1636         "Add Wasm copysign"
1637         https://bugs.webkit.org/show_bug.cgi?id=165355
1638         http://trac.webkit.org/changeset/209298
1639
1640 2016-12-02  Keith Miller  <keith_miller@apple.com>
1641
1642         Add Wasm copysign
1643         https://bugs.webkit.org/show_bug.cgi?id=165355
1644
1645         Reviewed by Filip Pizlo.
1646
1647         This patch also makes two other important changes:
1648
1649         1) allows for i64 constants in the B3 generator language.
1650         2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
1651            of a Double in B3.
1652
1653         * wasm/WasmB3IRGenerator.cpp:
1654         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1655         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
1656         (CodeGenerator.generateOpcode):
1657         (generateConstCode):
1658         (generateI32ConstCode): Deleted.
1659         * wasm/wasm.json:
1660
1661 2016-12-02  Keith Miller  <keith_miller@apple.com>
1662
1663         Unreviewed, fix git having a breakdown over trying to reland a rollout.
1664
1665 2016-12-02  Keith Miller  <keith_miller@apple.com>
1666
1667         Add Wasm floating point nearest and trunc
1668         https://bugs.webkit.org/show_bug.cgi?id=165339
1669
1670         Reviewed by Saam Barati.
1671
1672         This patch also allows any wasm primitive type to be passed as a
1673         string.
1674
1675         * assembler/MacroAssemblerARM64.h:
1676         (JSC::MacroAssemblerARM64::nearestIntDouble):
1677         (JSC::MacroAssemblerARM64::nearestIntFloat):
1678         (JSC::MacroAssemblerARM64::truncDouble):
1679         (JSC::MacroAssemblerARM64::truncFloat):
1680         * assembler/MacroAssemblerX86Common.h:
1681         (JSC::MacroAssemblerX86Common::nearestIntDouble):
1682         (JSC::MacroAssemblerX86Common::nearestIntFloat):
1683         * jsc.cpp:
1684         (box):
1685         * wasm/WasmB3IRGenerator.cpp:
1686         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1687         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
1688         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
1689         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
1690         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
1691         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
1692         * wasm/WasmFunctionParser.h:
1693         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1694
1695 2016-12-02  Caitlin Potter  <caitp@igalia.com>
1696
1697 [JSC] add additional bit to JSTokenType bitfield
1698         https://bugs.webkit.org/show_bug.cgi?id=165091
1699
1700         Reviewed by Geoffrey Garen.
1701
1702         Avoid overflow which causes keyword tokens to be treated as unary
1703         tokens now that "async" is tokenized as a keyword, by granting an
1704         additional 64 bits to be occupied by token IDs.
1705
1706         * parser/ParserTokens.h:
1707
1708 2016-12-02  Andy Estes  <aestes@apple.com>
1709
1710         [Cocoa] Adopt the PRODUCT_BUNDLE_IDENTIFIER build setting
1711         https://bugs.webkit.org/show_bug.cgi?id=164492
1712
1713         Reviewed by Dan Bernstein.
1714
1715         * Configurations/JavaScriptCore.xcconfig: Set PRODUCT_BUNDLE_IDENTIFIER to
1716         com.apple.$(PRODUCT_NAME:rfc1034identifier).
1717         * Info.plist: Changed CFBundleIdentifier's value from com.apple.${PRODUCT_NAME} to
1718         ${PRODUCT_BUNDLE_IDENTIFIER}.
1719
1720 2016-12-02  JF Bastien  <jfbastien@apple.com>
1721
1722         WebAssembly: mark WasmOps.h as private
1723         https://bugs.webkit.org/show_bug.cgi?id=165335
1724
1725         Reviewed by Mark Lam.
1726
1727         * JavaScriptCore.xcodeproj/project.pbxproj: WasmOps.h will be used by non-JSC and should therefore be private
1728
1729 2016-12-02  Commit Queue  <commit-queue@webkit.org>
1730
1731         Unreviewed, rolling out r209275 and r209276.
1732         https://bugs.webkit.org/show_bug.cgi?id=165348
1733
1734         "broke the arm build" (Requested by keith_miller on #webkit).
1735
1736         Reverted changesets:
1737
1738         "Add Wasm floating point nearest and trunc"
1739         https://bugs.webkit.org/show_bug.cgi?id=165339
1740         http://trac.webkit.org/changeset/209275
1741
1742         "Unreviewed, forgot to change instruction after renaming."
1743         http://trac.webkit.org/changeset/209276
1744
1745 2016-12-02  Keith Miller  <keith_miller@apple.com>
1746
1747         Unreviewed, forgot to change instruction after renaming.
1748
1749         * assembler/MacroAssemblerARM64.h:
1750         (JSC::MacroAssemblerARM64::nearestIntDouble):
1751         (JSC::MacroAssemblerARM64::nearestIntFloat):
1752
1753 2016-12-02  Keith Miller  <keith_miller@apple.com>
1754
1755         Add Wasm floating point nearest and trunc
1756         https://bugs.webkit.org/show_bug.cgi?id=165339
1757
1758         Reviewed by Filip Pizlo.
1759
1760         This patch also allows any wasm primitive type to be passed as a
1761         string.
1762
1763         * assembler/MacroAssemblerARM64.h:
1764         (JSC::MacroAssemblerARM64::nearestIntDouble):
1765         (JSC::MacroAssemblerARM64::nearestIntFloat):
1766         (JSC::MacroAssemblerARM64::truncDouble):
1767         (JSC::MacroAssemblerARM64::truncFloat):
1768         * assembler/MacroAssemblerX86Common.h:
1769         (JSC::MacroAssemblerX86Common::nearestIntDouble):
1770         (JSC::MacroAssemblerX86Common::nearestIntFloat):
1771         * jsc.cpp:
1772         (box):
1773         * wasm/WasmB3IRGenerator.cpp:
1774         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1775         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
1776         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
1777         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
1778         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
1779         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
1780         * wasm/WasmFunctionParser.h:
1781         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1782
1783 2016-12-02  JF Bastien  <jfbastien@apple.com>
1784
1785         WebAssembly: revert patch causing odd breakage
1786         https://bugs.webkit.org/show_bug.cgi?id=165308
1787
1788         Unreviewed.
1789
1790         Bug #164724 seems to cause build issues which I haven't tracked down yet. WasmOps.h can't be found:
1791         ./Source/JavaScriptCore/wasm/WasmFormat.h:34:10: fatal error: 'WasmOps.h' file not found
1792
1793         It's weird since the file is auto-generated and has been for a while. #164724 merely includes it in WasmFormat.h.
1794
1795         * wasm/WasmB3IRGenerator.cpp:
1796         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1797         (JSC::Wasm::B3IRGenerator::zeroForType):
1798         (JSC::Wasm::B3IRGenerator::addConstant):
1799         (JSC::Wasm::createJSWrapper):
1800         * wasm/WasmCallingConvention.h:
1801         (JSC::Wasm::CallingConvention::marshallArgument):
1802         * wasm/WasmFormat.cpp:
1803         (JSC::Wasm::toString):
1804         * wasm/WasmFormat.h:
1805         (JSC::Wasm::toB3Type):
1806         * wasm/WasmFunctionParser.h:
1807         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1808         * wasm/WasmModuleParser.cpp:
1809         (JSC::Wasm::ModuleParser::parse):
1810         (JSC::Wasm::ModuleParser::parseType):
1811         * wasm/WasmModuleParser.h:
1812         * wasm/WasmParser.h:
1813         (JSC::Wasm::Parser::parseResultType):
1814         * wasm/generateWasm.py:
1815         (Wasm.__init__):
1816         * wasm/generateWasmOpsHeader.py:
1817         (cppMacro):
1818         (opcodeMacroizer):
1819         (typeMacroizer): Deleted.
1820         * wasm/js/WebAssemblyFunction.cpp:
1821         (JSC::callWebAssemblyFunction):
1822         * wasm/wasm.json:
1823
1824 2016-12-01  Brian Burg  <bburg@apple.com>
1825
1826         Remote Inspector: fix weird typo in generated ObjC protocol type initializer implementations
1827         https://bugs.webkit.org/show_bug.cgi?id=165295
1828         <rdar://problem/29427778>
1829
1830         Reviewed by Joseph Pecoraro.
1831
1832         Remove a stray semicolon appended after custom initializer signatures.
1833         This is a syntax error when building with less lenient compiler warnings.
1834
1835         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1836         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1837         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1838         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1839         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1840         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1841         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1842         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1843         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1844
1845 2016-12-01  Saam Barati  <sbarati@apple.com>
1846
1847         Rename CallFrame::callee() to CallFrame::jsCallee()
1848         https://bugs.webkit.org/show_bug.cgi?id=165293
1849
1850         Reviewed by Keith Miller.
1851
1852         Wasm will soon have its own Callee that doesn't derive
1853         from JSObject, but derives from JSCell. I want to introduce
1854         a new function like:
1855         ```
1856         CalleeBase* CallFrame::callee()
1857         ```
1858         
1859         once we have a Wasm callee. It only makes sense to name that
1860         function callee() and rename the current one turn to:
1861         ```
1862         JSObject* CallFrame::jsCallee()
1863         ```
1864
1865         * API/APICallbackFunction.h:
1866         (JSC::APICallbackFunction::call):
1867         (JSC::APICallbackFunction::construct):
1868         * API/JSCallbackObjectFunctions.h:
1869         (JSC::JSCallbackObject<Parent>::construct):
1870         (JSC::JSCallbackObject<Parent>::call):
1871         * debugger/DebuggerCallFrame.cpp:
1872         (JSC::DebuggerCallFrame::scope):
1873         (JSC::DebuggerCallFrame::type):
1874         * interpreter/CallFrame.cpp:
1875         (JSC::CallFrame::friendlyFunctionName):
1876         * interpreter/CallFrame.h:
1877         (JSC::ExecState::jsCallee):
1878         (JSC::ExecState::callee): Deleted.
1879         * interpreter/Interpreter.cpp:
1880         (JSC::Interpreter::dumpRegisters):
1881         (JSC::notifyDebuggerOfUnwinding):
1882         * interpreter/ShadowChicken.cpp:
1883         (JSC::ShadowChicken::update):
1884         * interpreter/StackVisitor.cpp:
1885         (JSC::StackVisitor::readNonInlinedFrame):
1886         * llint/LLIntSlowPaths.cpp:
1887         (JSC::LLInt::traceFunctionPrologue):
1888         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1889         * runtime/ArrayConstructor.cpp:
1890         (JSC::constructArrayWithSizeQuirk):
1891         * runtime/AsyncFunctionConstructor.cpp:
1892         (JSC::callAsyncFunctionConstructor):
1893         (JSC::constructAsyncFunctionConstructor):
1894         * runtime/BooleanConstructor.cpp:
1895         (JSC::constructWithBooleanConstructor):
1896         * runtime/ClonedArguments.cpp:
1897         (JSC::ClonedArguments::createWithInlineFrame):
1898         * runtime/CommonSlowPaths.h:
1899         (JSC::CommonSlowPaths::arityCheckFor):
1900         * runtime/DateConstructor.cpp:
1901         (JSC::constructWithDateConstructor):
1902         * runtime/DirectArguments.cpp:
1903         (JSC::DirectArguments::createByCopying):
1904         * runtime/Error.h:
1905         (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
1906         (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
1907         * runtime/ErrorConstructor.cpp:
1908         (JSC::Interpreter::constructWithErrorConstructor):
1909         (JSC::Interpreter::callErrorConstructor):
1910         * runtime/FunctionConstructor.cpp:
1911         (JSC::constructWithFunctionConstructor):
1912         (JSC::callFunctionConstructor):
1913         * runtime/GeneratorFunctionConstructor.cpp:
1914         (JSC::callGeneratorFunctionConstructor):
1915         (JSC::constructGeneratorFunctionConstructor):
1916         * runtime/InternalFunction.cpp:
1917         (JSC::InternalFunction::createSubclassStructure):
1918         * runtime/IntlCollator.cpp:
1919         (JSC::IntlCollator::initializeCollator):
1920         * runtime/IntlCollatorConstructor.cpp:
1921         (JSC::constructIntlCollator):
1922         (JSC::callIntlCollator):
1923         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1924         * runtime/IntlDateTimeFormat.cpp:
1925         (JSC::IntlDateTimeFormat::initializeDateTimeFormat):
1926         * runtime/IntlDateTimeFormatConstructor.cpp:
1927         (JSC::constructIntlDateTimeFormat):
1928         (JSC::callIntlDateTimeFormat):
1929         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1930         * runtime/IntlNumberFormat.cpp:
1931         (JSC::IntlNumberFormat::initializeNumberFormat):
1932         * runtime/IntlNumberFormatConstructor.cpp:
1933         (JSC::constructIntlNumberFormat):
1934         (JSC::callIntlNumberFormat):
1935         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1936         * runtime/IntlObject.cpp:
1937         (JSC::canonicalizeLocaleList):
1938         (JSC::defaultLocale):
1939         (JSC::lookupSupportedLocales):
1940         (JSC::intlObjectFuncGetCanonicalLocales):
1941         * runtime/JSArrayBufferConstructor.cpp:
1942         (JSC::constructArrayBuffer):
1943         * runtime/JSArrayBufferPrototype.cpp:
1944         (JSC::arrayBufferProtoFuncSlice):
1945         * runtime/JSBoundFunction.cpp:
1946         (JSC::boundThisNoArgsFunctionCall):
1947         (JSC::boundFunctionCall):
1948         (JSC::boundThisNoArgsFunctionConstruct):
1949         (JSC::boundFunctionConstruct):
1950         * runtime/JSCellInlines.h:
1951         (JSC::ExecState::vm):
1952         * runtime/JSCustomGetterSetterFunction.cpp:
1953         (JSC::JSCustomGetterSetterFunction::customGetterSetterFunctionCall):
1954         * runtime/JSFunction.cpp:
1955         (JSC::callHostFunctionAsConstructor):
1956         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1957         (JSC::constructGenericTypedArrayView):
1958         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1959         (JSC::genericTypedArrayViewProtoFuncSlice):
1960         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1961         * runtime/JSGlobalObjectFunctions.cpp:
1962         (JSC::globalFuncEval):
1963         * runtime/JSInternalPromiseConstructor.cpp:
1964         (JSC::constructPromise):
1965         * runtime/JSMapIterator.cpp:
1966         (JSC::JSMapIterator::createPair):
1967         (JSC::JSMapIterator::clone):
1968         * runtime/JSNativeStdFunction.cpp:
1969         (JSC::runStdFunction):
1970         * runtime/JSPromiseConstructor.cpp:
1971         (JSC::constructPromise):
1972         * runtime/JSPropertyNameIterator.cpp:
1973         (JSC::JSPropertyNameIterator::clone):
1974         * runtime/JSScope.h:
1975         (JSC::ExecState::lexicalGlobalObject):
1976         * runtime/JSSetIterator.cpp:
1977         (JSC::JSSetIterator::createPair):
1978         (JSC::JSSetIterator::clone):
1979         * runtime/JSStringIterator.cpp:
1980         (JSC::JSStringIterator::clone):
1981         * runtime/MapConstructor.cpp:
1982         (JSC::constructMap):
1983         * runtime/MapPrototype.cpp:
1984         (JSC::mapProtoFuncValues):
1985         (JSC::mapProtoFuncEntries):
1986         (JSC::mapProtoFuncKeys):
1987         (JSC::privateFuncMapIterator):
1988         * runtime/NativeErrorConstructor.cpp:
1989         (JSC::Interpreter::constructWithNativeErrorConstructor):
1990         (JSC::Interpreter::callNativeErrorConstructor):
1991         * runtime/ObjectConstructor.cpp:
1992         (JSC::constructObject):
1993         * runtime/ProxyObject.cpp:
1994         (JSC::performProxyCall):
1995         (JSC::performProxyConstruct):
1996         * runtime/ProxyRevoke.cpp:
1997         (JSC::performProxyRevoke):
1998         * runtime/RegExpConstructor.cpp:
1999         (JSC::constructWithRegExpConstructor):
2000         (JSC::callRegExpConstructor):
2001         * runtime/ScopedArguments.cpp:
2002         (JSC::ScopedArguments::createByCopying):
2003         * runtime/SetConstructor.cpp:
2004         (JSC::constructSet):
2005         * runtime/SetPrototype.cpp:
2006         (JSC::setProtoFuncValues):
2007         (JSC::setProtoFuncEntries):
2008         (JSC::privateFuncSetIterator):
2009         * runtime/StringConstructor.cpp:
2010         (JSC::constructWithStringConstructor):
2011         * runtime/StringPrototype.cpp:
2012         (JSC::stringProtoFuncIterator):
2013         * runtime/WeakMapConstructor.cpp:
2014         (JSC::constructWeakMap):
2015         * runtime/WeakSetConstructor.cpp:
2016         (JSC::constructWeakSet):
2017         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
2018         (JSC::constructJSWebAssemblyCompileError):
2019         * wasm/js/WebAssemblyFunction.cpp:
2020         (JSC::callWebAssemblyFunction):
2021         * wasm/js/WebAssemblyModuleConstructor.cpp:
2022         (JSC::constructJSWebAssemblyModule):
2023         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
2024         (JSC::constructJSWebAssemblyRuntimeError):
2025
2026 2016-12-01  Brian Burg  <bburg@apple.com>
2027
2028         Web Inspector: generated code should use a framework-style import for *ProtocolArrayConversions.h
2029         https://bugs.webkit.org/show_bug.cgi?id=165281
2030         <rdar://problem/29427778>
2031
2032         Reviewed by Joseph Pecoraro.
2033
2034         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2035         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
2036         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2037         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2038         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2039         * inspector/scripts/tests/expected/enum-values.json-result:
2040         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2041         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2042         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2043         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2044         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2045         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2046         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2047         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2048         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2049
2050 2016-12-01  Geoffrey Garen  <ggaren@apple.com>
2051
2052         SourceCodeKey should use unlinked source code
2053         https://bugs.webkit.org/show_bug.cgi?id=165286
2054
2055         Reviewed by Saam Barati.
2056
2057         This patch splits out UnlinkedSourceCode from SourceCode, and deploys
2058         UnlinkedSourceCode in SourceCodeKey.
2059
2060         It's misleading to store SourceCode in SourceCodeKey because SourceCode
2061         has an absolute location whereas unlinked cached code has no location.
2062
2063         I plan to deploy UnlinkedSourceCode in more places, to indicate code
2064         that has no absolute location.
2065
2066         * JavaScriptCore.xcodeproj/project.pbxproj:
2067         * parser/SourceCode.cpp:
2068         (JSC::UnlinkedSourceCode::toUTF8):
2069         (JSC::SourceCode::toUTF8): Deleted.
2070         * parser/SourceCode.h:
2071         (JSC::SourceCode::SourceCode):
2072         (JSC::SourceCode::startColumn):
2073         (JSC::SourceCode::isHashTableDeletedValue): Deleted.
2074         (JSC::SourceCode::hash): Deleted.
2075         (JSC::SourceCode::view): Deleted.
2076         (JSC::SourceCode::providerID): Deleted.
2077         (JSC::SourceCode::isNull): Deleted.
2078         (JSC::SourceCode::provider): Deleted.
2079         (JSC::SourceCode::startOffset): Deleted.
2080         (JSC::SourceCode::endOffset): Deleted.
2081         (JSC::SourceCode::length): Deleted. Move a bunch of stuff in to a new
2082         base class, UnlinkedSourceCode.
2083
2084         * parser/SourceCodeKey.h:
2085         (JSC::SourceCodeKey::SourceCodeKey): Use UnlinkedSourceCode since code
2086         in the cache has no location.
2087
2088         * parser/UnlinkedSourceCode.h: Copied from Source/JavaScriptCore/parser/SourceCode.h.
2089         (JSC::UnlinkedSourceCode::UnlinkedSourceCode):
2090         (JSC::UnlinkedSourceCode::provider):
2091         (JSC::SourceCode::SourceCode): Deleted.
2092         (JSC::SourceCode::isHashTableDeletedValue): Deleted.
2093         (JSC::SourceCode::hash): Deleted.
2094         (JSC::SourceCode::view): Deleted.
2095         (JSC::SourceCode::providerID): Deleted.
2096         (JSC::SourceCode::isNull): Deleted.
2097         (JSC::SourceCode::provider): Deleted.
2098         (JSC::SourceCode::firstLine): Deleted.
2099         (JSC::SourceCode::startColumn): Deleted.
2100         (JSC::SourceCode::startOffset): Deleted.
2101         (JSC::SourceCode::endOffset): Deleted.
2102         (JSC::SourceCode::length): Deleted.
2103         (JSC::makeSource): Deleted.
2104         (JSC::SourceCode::subExpression): Deleted.
2105
2106         * runtime/CodeCache.h: Use UnlinkedSourceCode in the cache.
2107
2108 2016-12-01  Keith Miller  <keith_miller@apple.com>
2109
2110         Add wasm int to floating point opcodes
2111         https://bugs.webkit.org/show_bug.cgi?id=165252
2112
2113         Reviewed by Geoffrey Garen.
2114
2115         This patch adds support for the Wasm integral type => floating point
2116         type conversion opcodes. Most of these were already supported by B3
2117         however there was no support for uint64 to float/double. Unfortunately,
2118         AFAIK x86_64 does not have a single instruction that performs this
2119         conversion. Since there is a signed conversion instruction on x86 we
2120         use that for all uint64s that don't have the top bit set. If they do have
2121         the top bit set we need to divide by 2 (rounding up) then convert the number
2122         with the signed conversion then double the result.
2123
2124         * assembler/MacroAssemblerX86_64.h:
2125         (JSC::MacroAssemblerX86_64::convertUInt64ToDouble):
2126         (JSC::MacroAssemblerX86_64::convertUInt64ToFloat):
2127         * jsc.cpp:
2128         (valueWithTypeOfWasmValue):
2129         (box):
2130         (functionTestWasmModuleFunctions):
2131         * wasm/WasmB3IRGenerator.cpp:
2132         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
2133         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
2134         * wasm/WasmFunctionParser.h:
2135         (JSC::Wasm::FunctionParser<Context>::parseExpression):
2136         * wasm/wasm.json:
2137
2138 2016-12-01  Geoffrey Garen  <ggaren@apple.com>
2139
2140         Renamed EvalCodeCache => DirectEvalCodeCache
2141         https://bugs.webkit.org/show_bug.cgi?id=165271
2142
2143         Reviewed by Saam Barati.
2144
2145         We only use this cache for DirectEval, not IndirectEval.
2146
2147         * JavaScriptCore.xcodeproj/project.pbxproj:
2148         * bytecode/CodeBlock.cpp:
2149         (JSC::DirectEvalCodeCache::visitAggregate):
2150         (JSC::CodeBlock::stronglyVisitStrongReferences):
2151         (JSC::EvalCodeCache::visitAggregate): Deleted.
2152         * bytecode/CodeBlock.h:
2153         (JSC::CodeBlock::directEvalCodeCache):
2154         (JSC::CodeBlock::evalCodeCache): Deleted.
2155         * bytecode/DirectEvalCodeCache.h: Copied from Source/JavaScriptCore/bytecode/EvalCodeCache.h.
2156         (JSC::EvalCodeCache::CacheKey::CacheKey): Deleted.
2157         (JSC::EvalCodeCache::CacheKey::hash): Deleted.
2158         (JSC::EvalCodeCache::CacheKey::isEmptyValue): Deleted.
2159         (JSC::EvalCodeCache::CacheKey::operator==): Deleted.
2160         (JSC::EvalCodeCache::CacheKey::isHashTableDeletedValue): Deleted.
2161         (JSC::EvalCodeCache::CacheKey::Hash::hash): Deleted.
2162         (JSC::EvalCodeCache::CacheKey::Hash::equal): Deleted.
2163         (JSC::EvalCodeCache::tryGet): Deleted.
2164         (JSC::EvalCodeCache::set): Deleted.
2165         (JSC::EvalCodeCache::isEmpty): Deleted.
2166         (JSC::EvalCodeCache::clear): Deleted.
2167         * bytecode/EvalCodeCache.h: Removed.
2168         * interpreter/Interpreter.cpp:
2169         (JSC::eval):
2170         * runtime/DirectEvalExecutable.cpp:
2171         (JSC::DirectEvalExecutable::create):
2172
2173 2016-12-01  Geoffrey Garen  <ggaren@apple.com>
2174
2175         Removed some unnecessary indirection in code generation
2176         https://bugs.webkit.org/show_bug.cgi?id=165264
2177
2178         Reviewed by Keith Miller.
2179
2180         There's no need to route through JSGlobalObject when producing code --
2181         it just made the code harder to read.
2182
2183         This patch moves functions from JSGlobalObject to their singleton
2184         call sites.
2185
2186         * runtime/CodeCache.cpp:
2187         (JSC::CodeCache::getUnlinkedEvalCodeBlock):
2188         (JSC::CodeCache::getUnlinkedGlobalEvalCodeBlock): Deleted.
2189         * runtime/CodeCache.h:
2190         * runtime/DirectEvalExecutable.cpp:
2191         (JSC::DirectEvalExecutable::create):
2192         * runtime/IndirectEvalExecutable.cpp:
2193         (JSC::IndirectEvalExecutable::create):
2194         * runtime/JSGlobalObject.cpp:
2195         (JSC::JSGlobalObject::createProgramCodeBlock): Deleted.
2196         (JSC::JSGlobalObject::createLocalEvalCodeBlock): Deleted.
2197         (JSC::JSGlobalObject::createGlobalEvalCodeBlock): Deleted.
2198         (JSC::JSGlobalObject::createModuleProgramCodeBlock): Deleted.
2199         * runtime/JSGlobalObject.h:
2200         * runtime/ModuleProgramExecutable.cpp:
2201         (JSC::ModuleProgramExecutable::create):
2202         * runtime/ProgramExecutable.cpp:
2203         (JSC::ProgramExecutable::initializeGlobalProperties):
2204         * runtime/ProgramExecutable.h:
2205
2206 2016-11-30  Darin Adler  <darin@apple.com>
2207
2208         Roll out StringBuilder changes from the previous patch.
2209         They were a slowdown on a Kraken JSON test.
2210
2211         * runtime/JSONObject.cpp:
2212         Roll out changes from below.
2213
2214 2016-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
2215
2216         [JSC] Specifying same module entry point multiple times cause TypeError
2217         https://bugs.webkit.org/show_bug.cgi?id=164858
2218
2219         Reviewed by Saam Barati.
2220
2221         Allow importing the same module multiple times. Previously, when specifying the same
2222         module in the <script type="module" src="here">, it throws TypeError.
2223
2224         * builtins/ModuleLoaderPrototype.js:
2225         (requestFetch):
2226         (requestTranslate):
2227         (requestInstantiate):
2228         (requestSatisfy):
2229
2230 2016-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
2231
2232         WebAssembly JS API: export a module namespace object instead of a module environment
2233         https://bugs.webkit.org/show_bug.cgi?id=165121
2234
2235         Reviewed by Saam Barati.
2236
2237         This patch setup AbstractModuleRecord further for WebAssemblyModuleRecord.
2238         For exported entries in a wasm instance, we set up exported entries for
2239         AbstractModuleRecord. This allows us to export WASM exported functions in
2240         the module handling code.
2241
2242         Since the exported entries in the abstract module record are correctly
2243         instantiated, the module namespace object for WASM module also starts
2244         working correctly. So we start exposing the module namespace object
2245         as `instance.exports` instead of the module environment object.
2246
2247         And we move SourceCode, lexicalVariables, and declaredVariables fields to
2248         JSModuleRecord since they are related to JS source code (in the spec words,
2249         they are related to the source text module record).
2250
2251         * runtime/AbstractModuleRecord.cpp:
2252         (JSC::AbstractModuleRecord::AbstractModuleRecord):
2253         * runtime/AbstractModuleRecord.h:
2254         (JSC::AbstractModuleRecord::sourceCode): Deleted.
2255         (JSC::AbstractModuleRecord::declaredVariables): Deleted.
2256         (JSC::AbstractModuleRecord::lexicalVariables): Deleted.
2257         * runtime/JSModuleRecord.cpp:
2258         (JSC::JSModuleRecord::JSModuleRecord):
2259         * runtime/JSModuleRecord.h:
2260         (JSC::JSModuleRecord::sourceCode):
2261         (JSC::JSModuleRecord::declaredVariables):
2262         (JSC::JSModuleRecord::lexicalVariables):
2263         * wasm/WasmFormat.cpp:
2264         * wasm/js/JSWebAssemblyInstance.cpp:
2265         (JSC::JSWebAssemblyInstance::finishCreation):
2266         * wasm/js/WebAssemblyFunction.cpp:
2267         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2268         (JSC::constructJSWebAssemblyInstance):
2269         * wasm/js/WebAssemblyModuleRecord.cpp:
2270         (JSC::WebAssemblyModuleRecord::create):
2271         (JSC::WebAssemblyModuleRecord::WebAssemblyModuleRecord):
2272         (JSC::WebAssemblyModuleRecord::finishCreation):
2273         WebAssemblyModuleRecord::link should perform linking things.
2274         So allocating exported entries should be done here.
2275         (JSC::WebAssemblyModuleRecord::link):
2276         * wasm/js/WebAssemblyModuleRecord.h:
2277
2278 2016-11-30  Mark Lam  <mark.lam@apple.com>
2279
2280         TypeInfo::OutOfLineTypeFlags should be 16 bits in size.
2281         https://bugs.webkit.org/show_bug.cgi?id=165224
2282
2283         Reviewed by Saam Barati.
2284
2285         There's no reason for OutOfLineTypeFlags to be constraint to 8 bits since the
2286         space is available to us.  Making OutOfLineTypeFlags 16 bits brings TypeInfo up
2287         to 32 bits in size from the current 24 bits.
2288
2289         * runtime/JSTypeInfo.h:
2290         (JSC::TypeInfo::TypeInfo):
2291
2292 2016-11-30  Joseph Pecoraro  <pecoraro@apple.com>
2293
2294         REGRESSION: inspector/sampling-profiler/* LayoutTests are flaky timeouts
2295         https://bugs.webkit.org/show_bug.cgi?id=164388
2296         <rdar://problem/29101555>
2297
2298         Reviewed by Saam Barati.
2299
2300         There was a possibility of a deadlock between the main thread and the GC thread
2301         with the SamplingProfiler lock when Inspector is processing samples to send to
2302         the frontend. The Inspector (main thread) was holding the SamplingProfiler lock
2303         while processing samples, which runs JavaScript that could trigger a GC, and
2304         GC then tries to acquire the SamplingProfiler lock to process unprocessed samples.
2305
2306         A simple solution here is to tighten the bounds of when Inspector holds the
2307         SamplingProfiler lock. It only needs the lock when extracting samples from
2308         the SamplingProfiler. It doesn't need to hold the lock for processing those
2309         samples, which is what can run script and cause a GC.
2310
2311         * inspector/agents/InspectorScriptProfilerAgent.cpp:
2312         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
2313         Tighten bounds of this lock to only where it is needed.
2314
2315 2016-11-30  Mark Lam  <mark.lam@apple.com>
2316
2317         Proxy is not allowed in the global prototype chain.
2318         https://bugs.webkit.org/show_bug.cgi?id=165205
2319
2320         Reviewed by Geoffrey Garen.
2321
2322         * runtime/ProgramExecutable.cpp:
2323         (JSC::ProgramExecutable::initializeGlobalProperties):
2324         - We'll now throw a TypeError if we detect a Proxy in the global prototype chain.
2325
2326 2016-11-30  Commit Queue  <commit-queue@webkit.org>
2327
2328         Unreviewed, rolling out r209112.
2329         https://bugs.webkit.org/show_bug.cgi?id=165208
2330
2331         "It regressed Octane/Raytrace and JetStream" (Requested by
2332         saamyjoon on #webkit).
2333
2334         Reverted changeset:
2335
2336         "We should support CreateThis in the FTL"
2337         https://bugs.webkit.org/show_bug.cgi?id=164904
2338         http://trac.webkit.org/changeset/209112
2339
2340 2016-11-30  Darin Adler  <darin@apple.com>
2341
2342         Streamline and speed up tokenizer and segmented string classes
2343         https://bugs.webkit.org/show_bug.cgi?id=165003
2344
2345         Reviewed by Sam Weinig.
2346
2347         * runtime/JSONObject.cpp:
2348         (JSC::Stringifier::appendStringifiedValue): Use viewWithUnderlyingString when calling
2349         StringBuilder::appendQuotedJSONString, since it now takes a StringView and there is
2350         no benefit in creating a String for that function if one doesn't already exist.
2351
2352 2016-11-29  JF Bastien  <jfbastien@apple.com>
2353
2354         WebAssembly JS API: improve Instance
2355         https://bugs.webkit.org/show_bug.cgi?id=164757
2356
2357         Reviewed by Keith Miller.
2358
2359         An Instance's `exports` property wasn't populated with exports.
2360
2361         According to the spec [0], `exports` should present itself as a WebAssembly
2362         Module Record. In order to do this we need to split JSModuleRecord into
2363         AbstractModuleRecord (without the `link` and `evaluate` functions), and
2364         JSModuleRecord (which implements link and evaluate). We can then have a separate
2365         WebAssemblyModuleRecord which shares most of the implementation.
2366
2367         `exports` then maps function names to WebAssemblyFunction and
2368         WebAssemblyFunctionCell, which call into the B3-generated WebAssembly code.
2369
2370         A follow-up patch will do imports.
2371
2372         A few things of note:
2373
2374          - Use Identifier instead of String. They get uniqued, we need them for the JSModuleNamespaceObject. This is safe because JSWebAssemblyModule creation is on the main thread.
2375          - JSWebAssemblyInstance needs to refer to the JSWebAssemblyModule used to create it, because the module owns the code, identifiers, etc. The world would be very sad if it got GC'd.
2376          - Instance.exports shouldn't use putWithoutTransition because it affects all Structures, whereas here each instance needs its own exports.
2377          - Expose the compiled functions, and pipe them to the InstanceConstructor. Start moving things around to split JSModuleRecord out into JS and WebAssembly parts.
2378
2379           [0]: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstance-constructor
2380
2381         * CMakeLists.txt:
2382         * JavaScriptCore.xcodeproj/project.pbxproj:
2383         * runtime/AbstractModuleRecord.cpp: Copied from Source/JavaScriptCore/runtime/JSModuleRecord.cpp, which I split in two
2384         (JSC::AbstractModuleRecord::AbstractModuleRecord):
2385         (JSC::AbstractModuleRecord::destroy):
2386         (JSC::AbstractModuleRecord::finishCreation):
2387         (JSC::AbstractModuleRecord::visitChildren):
2388         (JSC::AbstractModuleRecord::appendRequestedModule):
2389         (JSC::AbstractModuleRecord::addStarExportEntry):
2390         (JSC::AbstractModuleRecord::addImportEntry):
2391         (JSC::AbstractModuleRecord::addExportEntry):
2392         (JSC::identifierToJSValue):
2393         (JSC::AbstractModuleRecord::hostResolveImportedModule):
2394         (JSC::AbstractModuleRecord::ResolveQuery::ResolveQuery):
2395         (JSC::AbstractModuleRecord::ResolveQuery::isEmptyValue):
2396         (JSC::AbstractModuleRecord::ResolveQuery::isDeletedValue):
2397         (JSC::AbstractModuleRecord::ResolveQuery::Hash::hash):
2398         (JSC::AbstractModuleRecord::ResolveQuery::Hash::equal):
2399         (JSC::AbstractModuleRecord::cacheResolution):
2400         (JSC::getExportedNames):
2401         (JSC::AbstractModuleRecord::getModuleNamespace):
2402         (JSC::printableName):
2403         (JSC::AbstractModuleRecord::dump):
2404         * runtime/AbstractModuleRecord.h: Copied from Source/JavaScriptCore/runtime/JSModuleRecord.h.
2405         (JSC::AbstractModuleRecord::ImportEntry::isNamespace):
2406         (JSC::AbstractModuleRecord::sourceCode):
2407         (JSC::AbstractModuleRecord::moduleKey):
2408         (JSC::AbstractModuleRecord::requestedModules):
2409         (JSC::AbstractModuleRecord::exportEntries):
2410         (JSC::AbstractModuleRecord::importEntries):
2411         (JSC::AbstractModuleRecord::starExportEntries):
2412         (JSC::AbstractModuleRecord::declaredVariables):
2413         (JSC::AbstractModuleRecord::lexicalVariables):
2414         (JSC::AbstractModuleRecord::moduleEnvironment):
2415         * runtime/JSGlobalObject.cpp:
2416         (JSC::JSGlobalObject::init):
2417         (JSC::JSGlobalObject::visitChildren):
2418         * runtime/JSGlobalObject.h:
2419         (JSC::JSGlobalObject::webAssemblyModuleRecordStructure):
2420         (JSC::JSGlobalObject::webAssemblyFunctionStructure):
2421         * runtime/JSModuleEnvironment.cpp:
2422         (JSC::JSModuleEnvironment::create):
2423         (JSC::JSModuleEnvironment::finishCreation):
2424         (JSC::JSModuleEnvironment::getOwnPropertySlot):
2425         (JSC::JSModuleEnvironment::getOwnNonIndexPropertyNames):
2426         (JSC::JSModuleEnvironment::put):
2427         (JSC::JSModuleEnvironment::deleteProperty):
2428         * runtime/JSModuleEnvironment.h:
2429         (JSC::JSModuleEnvironment::create):
2430         (JSC::JSModuleEnvironment::offsetOfModuleRecord):
2431         (JSC::JSModuleEnvironment::allocationSize):
2432         (JSC::JSModuleEnvironment::moduleRecord):
2433         (JSC::JSModuleEnvironment::moduleRecordSlot):
2434         * runtime/JSModuleNamespaceObject.cpp:
2435         (JSC::JSModuleNamespaceObject::finishCreation):
2436         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
2437         * runtime/JSModuleNamespaceObject.h:
2438         (JSC::JSModuleNamespaceObject::create):
2439         (JSC::JSModuleNamespaceObject::moduleRecord):
2440         * runtime/JSModuleRecord.cpp:
2441         (JSC::JSModuleRecord::createStructure):
2442         (JSC::JSModuleRecord::create):
2443         (JSC::JSModuleRecord::JSModuleRecord):
2444         (JSC::JSModuleRecord::destroy):
2445         (JSC::JSModuleRecord::finishCreation):
2446         (JSC::JSModuleRecord::visitChildren):
2447         (JSC::JSModuleRecord::instantiateDeclarations):
2448         * runtime/JSModuleRecord.h:
2449         * runtime/JSScope.cpp:
2450         (JSC::abstractAccess):
2451         (JSC::JSScope::collectClosureVariablesUnderTDZ):
2452         * runtime/VM.cpp:
2453         (JSC::VM::VM):
2454         * runtime/VM.h:
2455         * wasm/JSWebAssembly.h:
2456         * wasm/WasmFormat.h: use Identifier instead of String
2457         * wasm/WasmModuleParser.cpp:
2458         (JSC::Wasm::ModuleParser::parse):
2459         (JSC::Wasm::ModuleParser::parseType):
2460         (JSC::Wasm::ModuleParser::parseImport): fix off-by-one
2461         (JSC::Wasm::ModuleParser::parseFunction):
2462         (JSC::Wasm::ModuleParser::parseExport):
2463         * wasm/WasmModuleParser.h:
2464         (JSC::Wasm::ModuleParser::ModuleParser):
2465         * wasm/WasmPlan.cpp:
2466         (JSC::Wasm::Plan::run):
2467         * wasm/js/JSWebAssemblyInstance.cpp:
2468         (JSC::JSWebAssemblyInstance::create):
2469         (JSC::JSWebAssemblyInstance::finishCreation):
2470         (JSC::JSWebAssemblyInstance::visitChildren):
2471         * wasm/js/JSWebAssemblyInstance.h:
2472         (JSC::JSWebAssemblyInstance::module):
2473         * wasm/js/JSWebAssemblyModule.cpp:
2474         (JSC::JSWebAssemblyModule::create):
2475         (JSC::JSWebAssemblyModule::finishCreation):
2476         (JSC::JSWebAssemblyModule::visitChildren):
2477         * wasm/js/JSWebAssemblyModule.h:
2478         (JSC::JSWebAssemblyModule::moduleInformation):
2479         (JSC::JSWebAssemblyModule::compiledFunctions):
2480         (JSC::JSWebAssemblyModule::exportSymbolTable):
2481         * wasm/js/WebAssemblyFunction.cpp: Added.
2482         (JSC::callWebAssemblyFunction):
2483         (JSC::WebAssemblyFunction::create):
2484         (JSC::WebAssemblyFunction::createStructure):
2485         (JSC::WebAssemblyFunction::WebAssemblyFunction):
2486         (JSC::WebAssemblyFunction::visitChildren):
2487         (JSC::WebAssemblyFunction::finishCreation):
2488         * wasm/js/WebAssemblyFunction.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2489         (JSC::CallableWebAssemblyFunction::CallableWebAssemblyFunction):
2490         (JSC::WebAssemblyFunction::webAssemblyFunctionCell):
2491         * wasm/js/WebAssemblyFunctionCell.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h.
2492         (JSC::WebAssemblyFunctionCell::create):
2493         (JSC::WebAssemblyFunctionCell::WebAssemblyFunctionCell):
2494         (JSC::WebAssemblyFunctionCell::destroy):
2495         (JSC::WebAssemblyFunctionCell::createStructure):
2496         * wasm/js/WebAssemblyFunctionCell.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h.
2497         (JSC::WebAssemblyFunctionCell::function):
2498         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2499         (JSC::constructJSWebAssemblyInstance):
2500         * wasm/js/WebAssemblyModuleConstructor.cpp:
2501         (JSC::constructJSWebAssemblyModule):
2502         * wasm/js/WebAssemblyModuleRecord.cpp: Added.
2503         (JSC::WebAssemblyModuleRecord::createStructure):
2504         (JSC::WebAssemblyModuleRecord::create):
2505         (JSC::WebAssemblyModuleRecord::WebAssemblyModuleRecord):
2506         (JSC::WebAssemblyModuleRecord::destroy):
2507         (JSC::WebAssemblyModuleRecord::finishCreation):
2508         (JSC::WebAssemblyModuleRecord::visitChildren):
2509         (JSC::WebAssemblyModuleRecord::link):
2510         (JSC::WebAssemblyModuleRecord::evaluate):
2511         * wasm/js/WebAssemblyModuleRecord.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2512
2513 2016-11-29  Saam Barati  <sbarati@apple.com>
2514
2515         We should be able optimize the pattern where we spread a function's rest parameter to another call
2516         https://bugs.webkit.org/show_bug.cgi?id=163865
2517
2518         Reviewed by Filip Pizlo.
2519
2520         This patch optimizes the following patterns to prevent both the allocation
2521         of the rest parameter, and the execution of the iterator protocol:
2522         
2523         ```
2524         function foo(...args) {
2525             let arr = [...args];
2526         }
2527         
2528         and
2529         
2530         function foo(...args) {
2531             bar(...args);
2532         }
2533         ```
2534         
2535         To do this, I've extended the arguments elimination phase to reason
2536         about Spread and NewArrayWithSpread. I've added two new nodes, PhantomSpread
2537         and PhantomNewArrayWithSpread. PhantomSpread is only allowed over rest
2538         parameters that don't escape. If the rest parameter *does* escape, we can't
2539         convert the spread into a phantom because it would not be sound w.r.t JS
2540         semantics because we would be reading from the call frame even though
2541         the rest array may have changed.
2542         
2543         Note that NewArrayWithSpread also understands what to do when one of its
2544         arguments is PhantomSpread(@PhantomCreateRest) even if it itself is escaped.
2545         
2546         PhantomNewArrayWithSpread is only allowed over a series of
2547         PhantomSpread(@PhantomCreateRest) nodes. Like with PhantomSpread, PhantomNewArrayWithSpread
2548         is only allowed if none of its arguments that are being spread are escaped
2549         and if it itself is not escaped.
2550         
2551         Because there is a dependency between a node being a candidate and
2552         the escaped state of the node's children, I've extended the notion
2553         of escaping a node inside the arguments elimination phase. Now, when
2554         any node is escaped, we must consider all other candidates that are may
2555         now no longer be valid.
2556         
2557         For example:
2558         
2559         ```
2560         function foo(...args) {
2561             escape(args);
2562             bar(...args);
2563         }
2564         ```
2565         
2566         In the above program, we don't know if the function call to escape()
2567         modifies args, therefore, the spread can not become phantom because
2568         the execution of the spread may not be as simple as reading the
2569         arguments from the call frame.
2570         
2571         Unfortunately, the arguments elimination phase does not consider control
2572         flow when doing its escape analysis. It would be good to integrate this
2573         phase with the object allocation sinking phase. To see why, consider
2574         an example where we don't eliminate the spread and allocation of the rest
2575         parameter even though we could:
2576         
2577         ```
2578         function foo(rareCondition, ...args) {
2579             bar(...args);
2580             if (rareCondition)
2581                 baz(args);
2582         }
2583         ```
2584         
2585         There are only a few users of the PhantomSpread and PhantomNewArrayWithSpread
2586         nodes. PhantomSpread is only used by PhantomNewArrayWithSpread and NewArrayWithSpread.
2587         PhantomNewArrayWithSpread is only used by ForwardVarargs and the various
2588         *Call*ForwardVarargs nodes. The users of these phantoms know how to produce
2589         what the phantom node would have produced. For example, NewArrayWithSpread
2590         knows how to produce the values that would have been produced by PhantomSpread(@PhantomCreateRest)
2591         by directly reading from the call frame.
2592         
2593         This patch is a 6% speedup on my MBP on ES6SampleBench.
2594
2595         * b3/B3LowerToAir.cpp:
2596         (JSC::B3::Air::LowerToAir::tryAppendLea):
2597         * b3/B3ValueRep.h:
2598         * builtins/BuiltinExecutables.cpp:
2599         (JSC::BuiltinExecutables::createDefaultConstructor):
2600         * dfg/DFGAbstractInterpreterInlines.h:
2601         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2602         * dfg/DFGArgumentsEliminationPhase.cpp:
2603         * dfg/DFGClobberize.h:
2604         (JSC::DFG::clobberize):
2605         * dfg/DFGDoesGC.cpp:
2606         (JSC::DFG::doesGC):
2607         * dfg/DFGFixupPhase.cpp:
2608         (JSC::DFG::FixupPhase::fixupNode):
2609         * dfg/DFGForAllKills.h:
2610         (JSC::DFG::forAllKillsInBlock):
2611         * dfg/DFGNode.h:
2612         (JSC::DFG::Node::hasConstant):
2613         (JSC::DFG::Node::constant):
2614         (JSC::DFG::Node::bitVector):
2615         (JSC::DFG::Node::isPhantomAllocation):
2616         * dfg/DFGNodeType.h:
2617         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2618         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
2619         (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
2620         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
2621         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
2622         * dfg/DFGObjectAllocationSinkingPhase.cpp:
2623         * dfg/DFGPreciseLocalClobberize.h:
2624         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
2625         * dfg/DFGPredictionPropagationPhase.cpp:
2626         * dfg/DFGPromotedHeapLocation.cpp:
2627         (WTF::printInternal):
2628         * dfg/DFGPromotedHeapLocation.h:
2629         * dfg/DFGSafeToExecute.h:
2630         (JSC::DFG::safeToExecute):
2631         * dfg/DFGSpeculativeJIT32_64.cpp:
2632         (JSC::DFG::SpeculativeJIT::compile):
2633         * dfg/DFGSpeculativeJIT64.cpp:
2634         (JSC::DFG::SpeculativeJIT::compile):
2635         * dfg/DFGValidate.cpp:
2636         * ftl/FTLCapabilities.cpp:
2637         (JSC::FTL::canCompile):
2638         * ftl/FTLLowerDFGToB3.cpp:
2639         (JSC::FTL::DFG::LowerDFGToB3::LowerDFGToB3):
2640         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2641         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
2642         (JSC::FTL::DFG::LowerDFGToB3::compileSpread):
2643         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
2644         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
2645         (JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargs):
2646         (JSC::FTL::DFG::LowerDFGToB3::getSpreadLengthFromInlineCallFrame):
2647         (JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargsWithSpread):
2648         * ftl/FTLOperations.cpp:
2649         (JSC::FTL::operationPopulateObjectInOSR):
2650         (JSC::FTL::operationMaterializeObjectInOSR):
2651         * jit/SetupVarargsFrame.cpp:
2652         (JSC::emitSetupVarargsFrameFastCase):
2653         * jsc.cpp:
2654         (GlobalObject::finishCreation):
2655         (functionMaxArguments):
2656         * runtime/JSFixedArray.h:
2657         (JSC::JSFixedArray::createFromArray):
2658
2659 2016-11-29  Commit Queue  <commit-queue@webkit.org>
2660
2661         Unreviewed, rolling out r209058 and r209074.
2662         https://bugs.webkit.org/show_bug.cgi?id=165188
2663
2664         These changes caused API test StringBuilderTest.Equal to crash
2665         and/or fail. (Requested by ryanhaddad on #webkit).
2666
2667         Reverted changesets:
2668
2669         "Streamline and speed up tokenizer and segmented string
2670         classes"
2671         https://bugs.webkit.org/show_bug.cgi?id=165003
2672         http://trac.webkit.org/changeset/209058
2673
2674         "REGRESSION (r209058): API test StringBuilderTest.Equal
2675         crashing"
2676         https://bugs.webkit.org/show_bug.cgi?id=165142
2677         http://trac.webkit.org/changeset/209074
2678
2679 2016-11-29  Caitlin Potter  <caitp@igalia.com>
2680
2681         [JSC] always wrap AwaitExpression operand in a new Promise
2682         https://bugs.webkit.org/show_bug.cgi?id=165181
2683
2684         Reviewed by Yusuke Suzuki.
2685
2686         Ensure operand of AwaitExpression is wrapped in a new Promise by
2687         explicitly creating a new Promise Capability and invoking its
2688         resolve callback. This avoids the specified short-circuit for
2689         Promise.resolve().
2690
2691         * builtins/AsyncFunctionPrototype.js:
2692         (globalPrivate.asyncFunctionResume):
2693
2694 2016-11-29  Saam Barati  <sbarati@apple.com>
2695
2696         We should support CreateThis in the FTL
2697         https://bugs.webkit.org/show_bug.cgi?id=164904
2698
2699         Reviewed by Geoffrey Garen.
2700
2701         * ftl/FTLAbstractHeapRepository.h:
2702         * ftl/FTLCapabilities.cpp:
2703         (JSC::FTL::canCompile):
2704         * ftl/FTLLowerDFGToB3.cpp:
2705         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2706         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
2707         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
2708         (JSC::FTL::DFG::LowerDFGToB3::compileCreateThis):
2709         (JSC::FTL::DFG::LowerDFGToB3::storeStructure):
2710         (JSC::FTL::DFG::LowerDFGToB3::allocateCell):
2711         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
2712         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
2713         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):
2714         * runtime/Structure.h:
2715
2716 2016-11-29  Mark Lam  <mark.lam@apple.com>
2717
2718         Fix exception scope verification failures in runtime/RegExp* files.
2719         https://bugs.webkit.org/show_bug.cgi?id=165054
2720
2721         Reviewed by Saam Barati.
2722
2723         Also replaced returning JSValue() with returning { }.
2724
2725         * runtime/RegExpConstructor.cpp:
2726         (JSC::toFlags):
2727         (JSC::regExpCreate):
2728         (JSC::constructRegExp):
2729         * runtime/RegExpObject.cpp:
2730         (JSC::RegExpObject::defineOwnProperty):
2731         (JSC::collectMatches):
2732         (JSC::RegExpObject::matchGlobal):
2733         * runtime/RegExpObjectInlines.h:
2734         (JSC::getRegExpObjectLastIndexAsUnsigned):
2735         (JSC::RegExpObject::execInline):
2736         (JSC::RegExpObject::matchInline):
2737         * runtime/RegExpPrototype.cpp:
2738         (JSC::regExpProtoFuncCompile):
2739         (JSC::flagsString):
2740         (JSC::regExpProtoFuncToString):
2741         (JSC::regExpProtoFuncSplitFast):
2742
2743 2016-11-29  Andy Estes  <aestes@apple.com>
2744
2745         [Cocoa] Enable two clang warnings recommended by Xcode
2746         https://bugs.webkit.org/show_bug.cgi?id=164498
2747
2748         Reviewed by Mark Lam.
2749
2750         * Configurations/Base.xcconfig: Enabled CLANG_WARN_INFINITE_RECURSION and CLANG_WARN_SUSPICIOUS_MOVE.
2751
2752 2016-11-29  Keith Miller  <keith_miller@apple.com>
2753
2754         Add simple way to implement Wasm ops that require more than one B3 opcode
2755         https://bugs.webkit.org/show_bug.cgi?id=165129
2756
2757         Reviewed by Geoffrey Garen.
2758
2759         This patch adds a simple way to show the B3IRGenerator opcode script how
2760         to generate code for Wasm opcodes that do not have a one to one mapping.
2761         The syntax is pretty simple right now. There are only three things one
2762         can use as of this patch (although more things might be added in the future)
2763         1) Wasm opcode arguments: These are referred to as @<argument_number>. For example,
2764            I32.sub would map to Sub(@0, @1).
2765         2) 32-bit int constants: These are reffered to as i32(<value>). For example, i32.inc
2766            would map to Add(@0, i32(1))
2767         3) B3 opcodes: These are referred to as the B3 opcode name followed by the B3Value's constructor
2768            arguments. A value may take the result of another value as an argument. For example, you can do
2769            Div(Mul(@0, Add(@0, i32(1))), i32(2)) if there was a b3 opcode that computed the sum from 1 to n.
2770
2771         These scripts are used to implement Wasm's eqz and floating point max/min opcodes. This patch
2772         also adds missing support for the Wasm Neg opcodes.
2773
2774         * jsc.cpp:
2775         (box):
2776         (functionTestWasmModuleFunctions):
2777         * wasm/WasmB3IRGenerator.cpp:
2778         (JSC::Wasm::toB3Op): Deleted.
2779         * wasm/WasmFunctionParser.h:
2780         (JSC::Wasm::FunctionParser<Context>::parseBody):
2781         * wasm/WasmModuleParser.cpp:
2782         (JSC::Wasm::ModuleParser::parseType):
2783         * wasm/WasmParser.h:
2784         (JSC::Wasm::Parser::parseUInt8):
2785         (JSC::Wasm::Parser::parseValueType):
2786         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
2787         (Source):
2788         (Source.__init__):
2789         (read):
2790         (lex):
2791         (CodeGenerator):
2792         (CodeGenerator.__init__):
2793         (CodeGenerator.advance):
2794         (CodeGenerator.token):
2795         (CodeGenerator.parseError):
2796         (CodeGenerator.consume):
2797         (CodeGenerator.generateParameters):
2798         (CodeGenerator.generateOpcode):
2799         (CodeGenerator.generate):
2800         (temp):
2801         (generateB3OpCode):
2802         (generateI32ConstCode):
2803         (generateB3Code):
2804         (generateSimpleCode):
2805         * wasm/wasm.json:
2806
2807 2016-11-29  Mark Lam  <mark.lam@apple.com>
2808
2809         Fix exception scope verification failures in ProxyConstructor.cpp and ProxyObject.cpp.
2810         https://bugs.webkit.org/show_bug.cgi?id=165053
2811
2812         Reviewed by Saam Barati.
2813
2814         Also replaced returning JSValue() with returning { }.
2815
2816         * runtime/ProxyConstructor.cpp:
2817         (JSC::constructProxyObject):
2818         * runtime/ProxyObject.cpp:
2819         (JSC::ProxyObject::structureForTarget):
2820         (JSC::performProxyGet):
2821         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
2822         (JSC::ProxyObject::performHasProperty):
2823         (JSC::ProxyObject::getOwnPropertySlotCommon):
2824         (JSC::ProxyObject::performPut):
2825         (JSC::ProxyObject::putByIndexCommon):
2826         (JSC::performProxyCall):
2827         (JSC::performProxyConstruct):
2828         (JSC::ProxyObject::performDelete):
2829         (JSC::ProxyObject::performPreventExtensions):
2830         (JSC::ProxyObject::performIsExtensible):
2831         (JSC::ProxyObject::performDefineOwnProperty):
2832         (JSC::ProxyObject::performGetOwnPropertyNames):
2833         (JSC::ProxyObject::performSetPrototype):
2834         (JSC::ProxyObject::performGetPrototype):
2835
2836 2016-11-28  Matt Baker  <mattbaker@apple.com>
2837
2838         Web Inspector: Debugger should have an option for showing asynchronous call stacks
2839         https://bugs.webkit.org/show_bug.cgi?id=163230
2840         <rdar://problem/28698683>
2841
2842         Reviewed by Joseph Pecoraro.
2843
2844         * inspector/ScriptCallFrame.cpp:
2845         (Inspector::ScriptCallFrame::isNative):
2846         Encapsulate check for native code source URL.
2847
2848         * inspector/ScriptCallFrame.h:
2849         * inspector/ScriptCallStack.cpp:
2850         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
2851         (Inspector::ScriptCallStack::buildInspectorArray):
2852         * inspector/ScriptCallStack.h:
2853         Replace use of Console::StackTrace with Array<Console::CallFrame>.
2854
2855         * inspector/agents/InspectorDebuggerAgent.cpp:
2856         (Inspector::InspectorDebuggerAgent::disable):
2857         (Inspector::InspectorDebuggerAgent::setAsyncStackTraceDepth):
2858         Set number of async frames to store (including boundary frames).
2859         A value of zero disables recording of async call stacks.
2860
2861         (Inspector::InspectorDebuggerAgent::buildAsyncStackTrace):
2862         Helper function for building a linked list StackTraces.
2863         (Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
2864         Store a call stack for the script that scheduled the async call.
2865         If the call repeats (e.g. setInterval), the starting reference count is
2866         set to 1. This ensures that dereffing after dispatch won't clear the stack.
2867         If another async call is currently being dispatched, increment the
2868         AsyncCallData reference count for that call.
2869
2870         (Inspector::InspectorDebuggerAgent::didCancelAsyncCall):
2871         Decrement the reference count for the canceled call.
2872
2873         (Inspector::InspectorDebuggerAgent::willDispatchAsyncCall):
2874         Set the identifier for the async callback currently being dispatched,
2875         so that if the debugger pauses during dispatch a stack trace can be
2876         associated with the pause location. If an async call is already being
2877         dispatched, which could be the case when a script schedules an async
2878         call in a nested runloop, do nothing.
2879
2880         (Inspector::InspectorDebuggerAgent::didDispatchAsyncCall):
2881         Decrement the reference count for the canceled call.
2882         (Inspector::InspectorDebuggerAgent::didPause):
2883         If a stored stack trace exists for this location, convert to a protocol
2884         object and send to the frontend.
2885
2886         (Inspector::InspectorDebuggerAgent::didClearGlobalObject):
2887         (Inspector::InspectorDebuggerAgent::clearAsyncStackTraceData):
2888         (Inspector::InspectorDebuggerAgent::refAsyncCallData):
2889         Increment AsyncCallData reference count.
2890         (Inspector::InspectorDebuggerAgent::derefAsyncCallData):
2891         Decrement AsyncCallData reference count. If zero, deref its parent
2892         (if it exists) and remove the AsyncCallData entry.
2893
2894         * inspector/agents/InspectorDebuggerAgent.h:
2895
2896         * inspector/protocol/Console.json:
2897         * inspector/protocol/Network.json:
2898         Replace use of Console.StackTrace with array of Console.CallFrame.
2899
2900         * inspector/protocol/Debugger.json:
2901         New protocol command and event data.
2902
2903 2016-11-28  Darin Adler  <darin@apple.com>
2904
2905         Streamline and speed up tokenizer and segmented string classes
2906         https://bugs.webkit.org/show_bug.cgi?id=165003
2907
2908         Reviewed by Sam Weinig.
2909
2910         * runtime/JSONObject.cpp:
2911         (JSC::Stringifier::appendStringifiedValue): Use viewWithUnderlyingString when calling
2912         StringBuilder::appendQuotedJSONString, since it now takes a StringView and there is
2913         no benefit in creating a String for that function if one doesn't already exist.
2914
2915 2016-11-21  Mark Lam  <mark.lam@apple.com>
2916
2917         Fix exception scope verification failures in runtime/Intl* files.
2918         https://bugs.webkit.org/show_bug.cgi?id=165014
2919
2920         Reviewed by Saam Barati.
2921
2922         * runtime/IntlCollatorConstructor.cpp:
2923         (JSC::constructIntlCollator):
2924         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
2925         * runtime/IntlCollatorPrototype.cpp:
2926         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
2927         * runtime/IntlDateTimeFormatConstructor.cpp:
2928         (JSC::constructIntlDateTimeFormat):
2929         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
2930         * runtime/IntlDateTimeFormatPrototype.cpp:
2931         (JSC::IntlDateTimeFormatFuncFormatDateTime):
2932         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
2933         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
2934         * runtime/IntlNumberFormatConstructor.cpp:
2935         (JSC::constructIntlNumberFormat):
2936         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
2937         * runtime/IntlNumberFormatPrototype.cpp:
2938         (JSC::IntlNumberFormatFuncFormatNumber):
2939         (JSC::IntlNumberFormatPrototypeGetterFormat):
2940         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
2941         * runtime/IntlObject.cpp:
2942         (JSC::lookupSupportedLocales):
2943         * runtime/IntlObjectInlines.h:
2944         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
2945
2946 2016-11-28  Mark Lam  <mark.lam@apple.com>
2947
2948         Fix exception scope verification failures in IteratorOperations.h.
2949         https://bugs.webkit.org/show_bug.cgi?id=165015
2950
2951         Reviewed by Saam Barati.
2952
2953         * runtime/IteratorOperations.h:
2954         (JSC::forEachInIterable):
2955
2956 2016-11-28  Mark Lam  <mark.lam@apple.com>
2957
2958         Fix exception scope verification failures in JSArray* files.
2959         https://bugs.webkit.org/show_bug.cgi?id=165016
2960
2961         Reviewed by Saam Barati.
2962
2963         * runtime/JSArray.cpp:
2964         (JSC::JSArray::defineOwnProperty):
2965         (JSC::JSArray::put):
2966         (JSC::JSArray::setLength):
2967         (JSC::JSArray::pop):
2968         (JSC::JSArray::push):
2969         (JSC::JSArray::unshiftCountWithAnyIndexingType):
2970         * runtime/JSArrayBuffer.cpp:
2971         (JSC::JSArrayBuffer::put):
2972         (JSC::JSArrayBuffer::defineOwnProperty):
2973         * runtime/JSArrayInlines.h:
2974         (JSC::getLength):
2975         (JSC::toLength):
2976
2977 2016-11-28  Mark Lam  <mark.lam@apple.com>
2978
2979         Fix exception scope verification failures in JSDataView.cpp.
2980         https://bugs.webkit.org/show_bug.cgi?id=165020
2981
2982         Reviewed by Saam Barati.
2983
2984         * runtime/JSDataView.cpp:
2985         (JSC::JSDataView::put):
2986
2987 2016-11-28  Mark Lam  <mark.lam@apple.com>
2988
2989         Fix exception scope verification failures in JSFunction.cpp.
2990         https://bugs.webkit.org/show_bug.cgi?id=165021
2991
2992         Reviewed by Saam Barati.
2993
2994         * runtime/JSFunction.cpp:
2995         (JSC::JSFunction::put):
2996         (JSC::JSFunction::defineOwnProperty):
2997
2998 2016-11-28  Mark Lam  <mark.lam@apple.com>
2999
3000         Fix exception scope verification failures in runtime/JSGenericTypedArrayView* files.
3001         https://bugs.webkit.org/show_bug.cgi?id=165022
3002
3003         Reviewed by Saam Barati.
3004
3005         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
3006         (JSC::constructGenericTypedArrayViewFromIterator):
3007         (JSC::constructGenericTypedArrayViewWithArguments):
3008         (JSC::constructGenericTypedArrayView):
3009         * runtime/JSGenericTypedArrayViewInlines.h:
3010         (JSC::JSGenericTypedArrayView<Adaptor>::set):
3011         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
3012         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
3013         (JSC::speciesConstruct):
3014         (JSC::genericTypedArrayViewProtoFuncSet):
3015         (JSC::genericTypedArrayViewProtoFuncJoin):
3016         (JSC::genericTypedArrayViewProtoFuncSlice):
3017         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
3018
3019 2016-11-28  Mark Lam  <mark.lam@apple.com>
3020
3021         Fix exception scope verification failures in runtime/Operations.cpp/h.
3022         https://bugs.webkit.org/show_bug.cgi?id=165046
3023
3024         Reviewed by Saam Barati.
3025
3026         Also switched to using returning { } instead of JSValue().
3027
3028         * runtime/Operations.cpp:
3029         (JSC::jsAddSlowCase):
3030         (JSC::jsIsObjectTypeOrNull):
3031         * runtime/Operations.h:
3032         (JSC::jsStringFromRegisterArray):
3033         (JSC::jsStringFromArguments):
3034         (JSC::jsLess):
3035         (JSC::jsLessEq):
3036
3037 2016-11-28  Mark Lam  <mark.lam@apple.com>
3038
3039         Fix exception scope verification failures in JSScope.cpp.
3040         https://bugs.webkit.org/show_bug.cgi?id=165047
3041
3042         Reviewed by Saam Barati.
3043
3044         * runtime/JSScope.cpp:
3045         (JSC::JSScope::resolve):
3046
3047 2016-11-28  Mark Lam  <mark.lam@apple.com>
3048
3049         Fix exception scope verification failures in JSTypedArrayViewPrototype.cpp.
3050         https://bugs.webkit.org/show_bug.cgi?id=165049
3051
3052         Reviewed by Saam Barati.
3053
3054         * runtime/JSTypedArrayViewPrototype.cpp:
3055         (JSC::typedArrayViewPrivateFuncSort):
3056         (JSC::typedArrayViewProtoFuncSet):
3057         (JSC::typedArrayViewProtoFuncCopyWithin):
3058         (JSC::typedArrayViewProtoFuncIncludes):
3059         (JSC::typedArrayViewProtoFuncLastIndexOf):
3060         (JSC::typedArrayViewProtoFuncIndexOf):
3061         (JSC::typedArrayViewProtoFuncJoin):
3062         (JSC::typedArrayViewProtoGetterFuncBuffer):
3063         (JSC::typedArrayViewProtoGetterFuncLength):
3064         (JSC::typedArrayViewProtoGetterFuncByteLength):
3065         (JSC::typedArrayViewProtoGetterFuncByteOffset):
3066         (JSC::typedArrayViewProtoFuncReverse):
3067         (JSC::typedArrayViewPrivateFuncSubarrayCreate):
3068         (JSC::typedArrayViewProtoFuncSlice):
3069
3070 2016-11-28  Mark Lam  <mark.lam@apple.com>
3071
3072         Fix exception scope verification failures in runtime/Map* files.
3073         https://bugs.webkit.org/show_bug.cgi?id=165050
3074
3075         Reviewed by Saam Barati.
3076
3077         * runtime/MapConstructor.cpp:
3078         (JSC::constructMap):
3079         * runtime/MapIteratorPrototype.cpp:
3080         (JSC::MapIteratorPrototypeFuncNext):
3081         * runtime/MapPrototype.cpp:
3082         (JSC::privateFuncMapIteratorNext):
3083
3084 2016-11-28  Mark Lam  <mark.lam@apple.com>
3085
3086         Fix exception scope verification failures in more miscellaneous files.
3087         https://bugs.webkit.org/show_bug.cgi?id=165102
3088
3089         Reviewed by Saam Barati.
3090
3091         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3092         (JSC::constructJSWebAssemblyInstance):
3093
3094 2016-11-28  Mark Lam  <mark.lam@apple.com>
3095
3096         Fix exception scope verification failures in runtime/Weak* files.
3097         https://bugs.webkit.org/show_bug.cgi?id=165096
3098
3099         Reviewed by Geoffrey Garen.
3100
3101         * runtime/WeakMapConstructor.cpp:
3102         (JSC::constructWeakMap):
3103         * runtime/WeakMapPrototype.cpp:
3104         (JSC::protoFuncWeakMapSet):
3105         * runtime/WeakSetConstructor.cpp:
3106         (JSC::constructWeakSet):
3107         * runtime/WeakSetPrototype.cpp:
3108         (JSC::protoFuncWeakSetAdd):
3109
3110 2016-11-28  Mark Lam  <mark.lam@apple.com>
3111
3112         Fix exception scope verification failures in runtime/String* files.
3113         https://bugs.webkit.org/show_bug.cgi?id=165067
3114
3115         Reviewed by Saam Barati.
3116
3117         * runtime/StringConstructor.cpp:
3118         (JSC::stringFromCodePoint):
3119         (JSC::constructWithStringConstructor):
3120         * runtime/StringObject.cpp:
3121         (JSC::StringObject::put):
3122         (JSC::StringObject::putByIndex):
3123         (JSC::StringObject::defineOwnProperty):
3124         * runtime/StringPrototype.cpp:
3125         (JSC::jsSpliceSubstrings):
3126         (JSC::jsSpliceSubstringsWithSeparators):
3127         (JSC::replaceUsingRegExpSearch):
3128         (JSC::replaceUsingStringSearch):
3129         (JSC::repeatCharacter):
3130         (JSC::replace):
3131         (JSC::stringProtoFuncReplaceUsingStringSearch):
3132         (JSC::stringProtoFuncCharAt):
3133         (JSC::stringProtoFuncCodePointAt):
3134         (JSC::stringProtoFuncConcat):
3135         (JSC::stringProtoFuncIndexOf):
3136         (JSC::stringProtoFuncLastIndexOf):
3137         (JSC::splitStringByOneCharacterImpl):
3138         (JSC::stringProtoFuncSplitFast):
3139         (JSC::stringProtoFuncSubstring):
3140         (JSC::stringProtoFuncToLowerCase):
3141         (JSC::stringProtoFuncToUpperCase):
3142         (JSC::toLocaleCase):
3143         (JSC::trimString):
3144         (JSC::stringProtoFuncIncludes):
3145         (JSC::builtinStringIncludesInternal):
3146         (JSC::stringProtoFuncIterator):
3147         (JSC::normalize):
3148         (JSC::stringProtoFuncNormalize):
3149
3150 2016-11-28  Mark Lam  <mark.lam@apple.com>
3151
3152         Fix exception scope verification failures in ObjectConstructor.cpp and ObjectPrototype.cpp.
3153         https://bugs.webkit.org/show_bug.cgi?id=165051
3154
3155         Reviewed by Saam Barati.
3156
3157         Also,
3158         1. Replaced returning JSValue() with returning { }.
3159         2. Replaced uses of exec->propertyNames() with vm.propertyNames.
3160
3161         * runtime/ObjectConstructor.cpp:
3162         (JSC::constructObject):
3163         (JSC::objectConstructorGetPrototypeOf):
3164         (JSC::objectConstructorGetOwnPropertyDescriptor):
3165         (JSC::objectConstructorGetOwnPropertyDescriptors):
3166         (JSC::objectConstructorGetOwnPropertyNames):
3167         (JSC::objectConstructorGetOwnPropertySymbols):
3168         (JSC::objectConstructorKeys):
3169         (JSC::ownEnumerablePropertyKeys):
3170         (JSC::toPropertyDescriptor):
3171         (JSC::defineProperties):
3172         (JSC::objectConstructorDefineProperties):
3173         (JSC::objectConstructorCreate):
3174         (JSC::setIntegrityLevel):
3175         (JSC::objectConstructorSeal):
3176         (JSC::objectConstructorPreventExtensions):
3177         (JSC::objectConstructorIsSealed):
3178         (JSC::objectConstructorIsFrozen):
3179         (JSC::ownPropertyKeys):
3180         * runtime/ObjectPrototype.cpp:
3181         (JSC::objectProtoFuncValueOf):
3182         (JSC::objectProtoFuncHasOwnProperty):
3183         (JSC::objectProtoFuncIsPrototypeOf):
3184         (JSC::objectProtoFuncDefineGetter):
3185         (JSC::objectProtoFuncDefineSetter):
3186         (JSC::objectProtoFuncLookupGetter):
3187         (JSC::objectProtoFuncLookupSetter):
3188         (JSC::objectProtoFuncToLocaleString):
3189         (JSC::objectProtoFuncToString):
3190
3191 2016-11-26  Mark Lam  <mark.lam@apple.com>
3192
3193         Fix exception scope verification failures in miscellaneous files.
3194         https://bugs.webkit.org/show_bug.cgi?id=165055
3195
3196         Reviewed by Saam Barati.
3197
3198         * runtime/MathObject.cpp:
3199         (JSC::mathProtoFuncIMul):
3200         * runtime/ModuleLoaderPrototype.cpp:
3201         (JSC::moduleLoaderPrototypeParseModule):
3202         (JSC::moduleLoaderPrototypeRequestedModules):
3203         * runtime/NativeErrorConstructor.cpp:
3204         (JSC::Interpreter::constructWithNativeErrorConstructor):
3205         * runtime/NumberConstructor.cpp:
3206         (JSC::constructWithNumberConstructor):
3207         * runtime/SetConstructor.cpp:
3208         (JSC::constructSet):
3209         * runtime/SetIteratorPrototype.cpp:
3210         (JSC::SetIteratorPrototypeFuncNext):
3211         * runtime/SparseArrayValueMap.cpp:
3212         (JSC::SparseArrayValueMap::putEntry):
3213         (JSC::SparseArrayEntry::put):
3214         * runtime/TemplateRegistry.cpp:
3215         (JSC::TemplateRegistry::getTemplateObject):
3216
3217 2016-11-28  Mark Lam  <mark.lam@apple.com>
3218
3219         Fix exception scope verification failures in ReflectObject.cpp.
3220         https://bugs.webkit.org/show_bug.cgi?id=165066
3221
3222         Reviewed by Saam Barati.
3223
3224         * runtime/ReflectObject.cpp:
3225         (JSC::reflectObjectConstruct):
3226         (JSC::reflectObjectDefineProperty):
3227         (JSC::reflectObjectEnumerate):
3228         (JSC::reflectObjectGet):
3229         (JSC::reflectObjectGetOwnPropertyDescriptor):
3230         (JSC::reflectObjectGetPrototypeOf):
3231         (JSC::reflectObjectOwnKeys):
3232         (JSC::reflectObjectSet):
3233
3234 2016-11-24  Mark Lam  <mark.lam@apple.com>
3235
3236         Fix exception scope verification failures in ArrayConstructor.cpp and ArrayPrototype.cpp.
3237         https://bugs.webkit.org/show_bug.cgi?id=164972
3238
3239         Reviewed by Geoffrey Garen.
3240
3241         * runtime/ArrayConstructor.cpp:
3242         (JSC::constructArrayWithSizeQuirk):
3243         * runtime/ArrayPrototype.cpp:
3244         (JSC::getProperty):
3245         (JSC::putLength):
3246         (JSC::speciesWatchpointsValid):
3247         (JSC::speciesConstructArray):
3248         (JSC::shift):
3249         (JSC::unshift):
3250         (JSC::arrayProtoFuncToString):
3251         (JSC::arrayProtoFuncToLocaleString):
3252         (JSC::slowJoin):
3253         (JSC::fastJoin):
3254         (JSC::arrayProtoFuncJoin):
3255         (JSC::arrayProtoFuncPop):
3256         (JSC::arrayProtoFuncPush):
3257         (JSC::arrayProtoFuncReverse):
3258         (JSC::arrayProtoFuncShift):
3259         (JSC::arrayProtoFuncSlice):
3260         (JSC::arrayProtoFuncSplice):
3261         (JSC::arrayProtoFuncUnShift):
3262         (JSC::arrayProtoFuncIndexOf):
3263         (JSC::arrayProtoFuncLastIndexOf):
3264         (JSC::concatAppendOne):
3265         (JSC::arrayProtoPrivateFuncConcatMemcpy):
3266         (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint):
3267
3268 2016-11-28  Mark Lam  <mark.lam@apple.com>
3269
3270         Fix exception scope verification failures in LLIntSlowPaths.cpp.
3271         https://bugs.webkit.org/show_bug.cgi?id=164969
3272
3273         Reviewed by Geoffrey Garen.
3274
3275         * llint/LLIntSlowPaths.cpp:
3276         (JSC::LLInt::getByVal):
3277         (JSC::LLInt::setUpCall):
3278         (JSC::LLInt::varargsSetup):
3279         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3280
3281 2016-11-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3282
3283         [WTF] Import std::optional reference implementation as WTF::Optional
3284         https://bugs.webkit.org/show_bug.cgi?id=164199
3285
3286         Reviewed by Saam Barati and Sam Weinig.
3287
3288         Previous WTF::Optional::operator= is not compatible to std::optional::operator=.
3289         std::optional::emplace has the same semantics to the previous one.
3290         So we change the code to use it.
3291
3292         * Scripts/builtins/builtins_templates.py:
3293         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
3294         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
3295         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
3296         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
3297         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
3298         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
3299         * Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
3300         * Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
3301         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
3302         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
3303         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
3304         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
3305         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
3306         * assembler/MacroAssemblerARM64.h:
3307         (JSC::MacroAssemblerARM64::commuteCompareToZeroIntoTest):
3308         * assembler/MacroAssemblerX86Common.h:
3309         (JSC::MacroAssemblerX86Common::commuteCompareToZeroIntoTest):
3310         * b3/B3CheckSpecial.cpp:
3311         (JSC::B3::CheckSpecial::forEachArg):
3312         (JSC::B3::CheckSpecial::shouldTryAliasingDef):
3313         * b3/B3CheckSpecial.h:
3314         * b3/B3LowerToAir.cpp:
3315         (JSC::B3::Air::LowerToAir::scaleForShl):
3316         (JSC::B3::Air::LowerToAir::effectiveAddr):
3317         (JSC::B3::Air::LowerToAir::tryAppendLea):
3318         * b3/B3Opcode.cpp:
3319         (JSC::B3::invertedCompare):
3320         * b3/B3Opcode.h:
3321         * b3/B3PatchpointSpecial.cpp:
3322         (JSC::B3::PatchpointSpecial::forEachArg):
3323         * b3/B3StackmapSpecial.cpp:
3324         (JSC::B3::StackmapSpecial::forEachArgImpl):
3325         * b3/B3StackmapSpecial.h:
3326         * b3/B3Value.cpp:
3327         (JSC::B3::Value::invertedCompare):
3328         * b3/air/AirArg.h:
3329         (JSC::B3::Air::Arg::isValidScale):
3330         (JSC::B3::Air::Arg::isValidAddrForm):
3331         (JSC::B3::Air::Arg::isValidIndexForm):
3332         (JSC::B3::Air::Arg::isValidForm):
3333         * b3/air/AirCustom.h:
3334         (JSC::B3::Air::PatchCustom::shouldTryAliasingDef):
3335         * b3/air/AirFixObviousSpills.cpp:
3336         * b3/air/AirInst.h:
3337         * b3/air/AirInstInlines.h:
3338         (JSC::B3::Air::Inst::shouldTryAliasingDef):
3339         * b3/air/AirIteratedRegisterCoalescing.cpp:
3340         * b3/air/AirSpecial.cpp:
3341         (JSC::B3::Air::Special::shouldTryAliasingDef):
3342         * b3/air/AirSpecial.h:
3343         * bytecode/BytecodeGeneratorification.cpp:
3344         (JSC::BytecodeGeneratorification::storageForGeneratorLocal):
3345         * bytecode/CodeBlock.cpp:
3346         (JSC::CodeBlock::findPC):
3347         (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex):
3348         * bytecode/CodeBlock.h:
3349         * bytecode/UnlinkedFunctionExecutable.cpp:
3350         (JSC::UnlinkedFunctionExecutable::link):
3351         * bytecode/UnlinkedFunctionExecutable.h:
3352         * bytecompiler/BytecodeGenerator.h:
3353         * bytecompiler/NodesCodegen.cpp:
3354         (JSC::PropertyListNode::emitPutConstantProperty):
3355         (JSC::ObjectPatternNode::bindValue):
3356         * debugger/Debugger.cpp:
3357         (JSC::Debugger::resolveBreakpoint):
3358         * debugger/DebuggerCallFrame.cpp:
3359         (JSC::DebuggerCallFrame::currentPosition):
3360         * debugger/DebuggerParseData.cpp:
3361         (JSC::DebuggerPausePositions::breakpointLocationForLineColumn):
3362         * debugger/DebuggerParseData.h:
3363         * debugger/ScriptProfilingScope.h:
3364         * dfg/DFGAbstractInterpreterInlines.h:
3365         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3366         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeDoubleUnaryOpEffects):
3367         * dfg/DFGJITCode.cpp:
3368         (JSC::DFG::JITCode::findPC):
3369         * dfg/DFGJITCode.h:
3370         * dfg/DFGOperations.cpp:
3371         (JSC::DFG::operationPutByValInternal):
3372         * dfg/DFGSlowPathGenerator.h:
3373         (JSC::DFG::SlowPathGenerator::generate):
3374         * dfg/DFGSpeculativeJIT.cpp:
3375         (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
3376         (JSC::DFG::SpeculativeJIT::emitUntypedBitOp):
3377         (JSC::DFG::SpeculativeJIT::emitUntypedRightShiftBitOp):
3378         (JSC::DFG::SpeculativeJIT::compileMathIC):
3379         (JSC::DFG::SpeculativeJIT::compileArithDiv):
3380         (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
3381         * dfg/DFGSpeculativeJIT.h:
3382         * dfg/DFGSpeculativeJIT32_64.cpp:
3383         (JSC::DFG::SpeculativeJIT::compile):
3384         * dfg/DFGSpeculativeJIT64.cpp:
3385         (JSC::DFG::SpeculativeJIT::compileLogicalNot):