Web Inspector: Network: add button to show system certificate dialog
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-11-17  Devin Rousso  <drousso@apple.com>
2
3         Web Inspector: Network: add button to show system certificate dialog
4         https://bugs.webkit.org/show_bug.cgi?id=191458
5         <rdar://problem/45977019>
6
7         Reviewed by Joseph Pecoraro.
8
9         * inspector/protocol/Network.json:
10         Add `getSerializedCertificate` command.
11
12 2018-11-17  Dominik Infuehr  <dinfuehr@igalia.com>
13
14         Fix build with disabled DFG/FTL
15         https://bugs.webkit.org/show_bug.cgi?id=191256
16
17         Reviewed by Yusuke Suzuki.
18
19         Fix compilation errors and warnings with both DFG and FTL
20         disabled at compile-time.
21
22         * bytecode/CodeBlock.cpp:
23         (JSC::CodeBlock::getICStatusMap):
24         * bytecode/InByIdStatus.cpp:
25         (JSC::InByIdStatus::computeFor):
26         * bytecode/PutByIdStatus.cpp:
27         (JSC::PutByIdStatus::computeFor):
28         (JSC::PutByIdStatus::hasExitSite): Deleted.
29         * bytecode/PutByIdStatus.h:
30         * jit/JITOpcodes.cpp:
31         (JSC::JIT::emit_op_catch):
32
33 2018-11-16  Joseph Pecoraro  <pecoraro@apple.com>
34
35         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Local Inspector)
36         https://bugs.webkit.org/show_bug.cgi?id=191740
37         <rdar://problem/45470897>
38
39         Reviewed by Timothy Hatcher.
40
41         * inspector/InspectorFrontendChannel.h:
42         Expose EnumTraits for ConnectionType for WebKit IPC messages.
43
44 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
45
46         All users of ArrayBuffer should agree on the same max size
47         https://bugs.webkit.org/show_bug.cgi?id=191771
48
49         Reviewed by Mark Lam.
50
51         Array buffers cannot be larger than 0x7fffffff, because otherwise loading typedArray.length in the DFG/FTL would produce
52         a uint32 or would require a signedness check, neither of which sounds reasonable. It's better to just bound their max size
53         instead.
54
55         * runtime/ArrayBuffer.cpp:
56         (JSC::ArrayBufferContents::ArrayBufferContents):
57         (JSC::ArrayBufferContents::tryAllocate):
58         (JSC::ArrayBufferContents::transferTo):
59         (JSC::ArrayBufferContents::copyTo):
60         (JSC::ArrayBufferContents::shareWith):
61         * runtime/ArrayBuffer.h:
62         * wasm/WasmMemory.cpp:
63         (JSC::Wasm::Memory::tryCreate):
64         (JSC::Wasm::Memory::grow):
65         * wasm/WasmPageCount.h:
66
67 2018-11-16  Saam Barati  <sbarati@apple.com>
68
69         KnownCellUse should also have SpecCellCheck as its type filter
70         https://bugs.webkit.org/show_bug.cgi?id=191729
71         <rdar://problem/45872852>
72
73         Reviewed by Filip Pizlo.
74
75         We write transformations in the compiler like this where we emit edges with
76         KnownCellUse if we know we're inserting code at a point where we're dominated
77         by a Cell check:
78         
79         a: SomeValue
80         b: Something(Cell:@a)
81         c: SomethingElse(@b)
82         d: CheckNotEmpty(@a)
83         
84         =>
85         
86         a: SomeValue
87         b: Something(Cell:@a)
88         e: RandomOtherThing(KnownCellUse:@a)
89         c: SomethingElse(@b)
90         d: CheckNotEmpty(@a)
91         
92         However, doing this used to lead to subtly incorrect programs since KnownCellUse
93         did not allow the empty value to flow through it. We used to end up incorrectly
94         deleting @d in the above program. We fix this, we make KnownCellUse allow the empty
95         value to flow through.
96
97         * dfg/DFGUseKind.h:
98         (JSC::DFG::typeFilterFor):
99
100 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
101
102         Fix assertion failure on BytecodeGenerator::recordOpcode
103         https://bugs.webkit.org/show_bug.cgi?id=191724
104         <rdar://problem/45724395>
105
106         Reviewed by Saam Barati.
107
108         Since https://bugs.webkit.org/show_bug.cgi?id=187373, we were not
109         restoring m_lastInstruction after patching the bytecode when
110         finalizing StructureForInContexts, only m_lastOpcodeID, which led to
111         the assertion failure.
112
113         * bytecompiler/BytecodeGenerator.cpp:
114         (JSC::StructureForInContext::finalize):
115
116 2018-11-15  Mark Lam  <mark.lam@apple.com>
117
118         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
119         https://bugs.webkit.org/show_bug.cgi?id=191730
120         <rdar://problem/46048517>
121
122         Reviewed by Saam Barati.
123
124         According to the spec https://www.ecma-international.org/ecma-262/9.0/index.html#sec-regexp.prototype-@@match,
125         the RegExp match results are filled in using the spec's CreateDataProperty()
126         function which does not consult the prototype for setters.  JSArray:push()
127         consults the prototype for setters.  We should be using putDirectIndex() instead.
128
129         * runtime/RegExpObjectInlines.h:
130         (JSC::collectMatches):
131
132 2018-11-15  Mark Lam  <mark.lam@apple.com>
133
134         RegExp operations should not take fast patch if lastIndex is not numeric.
135         https://bugs.webkit.org/show_bug.cgi?id=191731
136         <rdar://problem/46017305>
137
138         Reviewed by Saam Barati.
139
140         This is because if lastIndex is an object with a valueOf() method, it can execute
141         arbitrary code which may have side effects, and side effects are not permitted by
142         the RegExp fast paths.
143
144         * builtins/RegExpPrototype.js:
145         (globalPrivate.hasObservableSideEffectsForRegExpMatch):
146         (overriddenName.string_appeared_here.search):
147         (globalPrivate.hasObservableSideEffectsForRegExpSplit):
148         (intrinsic.RegExpTestIntrinsic.test):
149         * builtins/StringPrototype.js:
150         (globalPrivate.hasObservableSideEffectsForStringReplace):
151
152 2018-11-15  Keith Rollin  <krollin@apple.com>
153
154         Delete old .xcfilelist files
155         https://bugs.webkit.org/show_bug.cgi?id=191669
156         <rdar://problem/46081994>
157
158         Reviewed by Chris Dumez.
159
160         .xcfilelist files were created and added to the Xcode project files in
161         https://trac.webkit.org/changeset/238008/webkit. However, they caused
162         build issues and they were removed from the Xcode projects in
163         https://trac.webkit.org/changeset/238055/webkit. This check-in removes
164         the files from the repository altogether. They'll ultimately be
165         replaced with new files with names that indicate whether the
166         associated files are inputs to the Run Script phase or are files
167         created by the Run Script phase.
168
169         * DerivedSources.xcfilelist: Removed.
170         * UnifiedSources.xcfilelist: Removed.
171
172 2018-11-14  Keith Rollin  <krollin@apple.com>
173
174         Move scripts for Derived and Unified Sources to external files
175         https://bugs.webkit.org/show_bug.cgi?id=191670
176         <rdar://problem/46082278>
177
178         Reviewed by Keith Miller.
179
180         Move the scripts in the Generate Derived Sources and Generate Unified
181         Sources Run Script phases from the Xcode projects to external shell
182         script files. Then invoke those scripts from the Run Script phases.
183         This refactoring is being performed to support later work that will
184         invoke these scripts in other contexts.
185
186         The scripts were maintained as-is when making the move. I did a little
187         reformatting and added 'set -e' to the top of each file, but that's
188         it.
189
190         * JavaScriptCore.xcodeproj/project.pbxproj:
191         * Scripts/generate-derived-sources.sh: Added.
192         * Scripts/generate-unified-sources.sh: Added.
193
194 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
195
196         Web Inspector: Pass Inspector::FrontendChannel as a reference connect/disconnect methods
197         https://bugs.webkit.org/show_bug.cgi?id=191612
198
199         Reviewed by Matt Baker.
200
201         * inspector/InspectorFrontendRouter.cpp:
202         (Inspector::FrontendRouter::connectFrontend):
203         (Inspector::FrontendRouter::disconnectFrontend):
204         * inspector/InspectorFrontendRouter.h:
205         * inspector/JSGlobalObjectInspectorController.cpp:
206         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
207         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
208         * inspector/JSGlobalObjectInspectorController.h:
209         * inspector/remote/RemoteControllableTarget.h:
210         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
211         (Inspector::RemoteConnectionToTarget::setup):
212         (Inspector::RemoteConnectionToTarget::close):
213         * inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
214         (Inspector::RemoteConnectionToTarget::setup):
215         (Inspector::RemoteConnectionToTarget::close):
216         * runtime/JSGlobalObjectDebuggable.cpp:
217         (JSC::JSGlobalObjectDebuggable::connect):
218         (JSC::JSGlobalObjectDebuggable::disconnect):
219         * runtime/JSGlobalObjectDebuggable.h:
220
221 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
222
223         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Remote Inspector)
224         https://bugs.webkit.org/show_bug.cgi?id=191494
225         <rdar://problem/45469854>
226
227         Reviewed by Devin Rousso.
228
229         * CMakeLists.txt:
230         * DerivedSources.make:
231         * JavaScriptCore.xcodeproj/project.pbxproj:
232         * Sources.txt:
233         New domain and resources.
234
235         * inspector/protocol/Target.json: Added.
236         New protocol domain, modeled after Worker.json, to allow for
237         multiplexing between different targets.
238
239         * inspector/InspectorTarget.h:
240         Each target will instantiate an InspectorTarget and must
241         provide an identifier, type, and means of connecting/disconnecting
242         to a frontend channel.
243
244         * inspector/agents/InspectorTargetAgent.cpp: Added.
245         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
246         (Inspector::InspectorTargetAgent::didCreateFrontendAndBackend):
247         (Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend):
248         (Inspector::InspectorTargetAgent::exists):
249         (Inspector::InspectorTargetAgent::initialized):
250         (Inspector::InspectorTargetAgent::sendMessageToTarget):
251         (Inspector::InspectorTargetAgent::sendMessageFromTargetToFrontend):
252         (Inspector::targetTypeToProtocolType):
253         (Inspector::buildTargetInfoObject):
254         (Inspector::InspectorTargetAgent::targetCreated):
255         (Inspector::InspectorTargetAgent::targetTerminated):
256         (Inspector::InspectorTargetAgent::connectToTargets):
257         (Inspector::InspectorTargetAgent::disconnectFromTargets):
258         * inspector/agents/InspectorTargetAgent.h: Added.
259         TargetAgent holds a list of targets, and connects/disconnects to each
260         of the targets when a frontend connects/disconnects.
261
262         * inspector/scripts/codegen/generator.py:
263         Better enum casing of ServiceWorker.
264
265 2018-11-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
266
267         Unreviewed, rolling in CodeCache in r237254
268         https://bugs.webkit.org/show_bug.cgi?id=190340
269
270         Land the CodeCache part without adding an additional hash value.
271
272         * bytecode/UnlinkedFunctionExecutable.cpp:
273         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
274         * bytecode/UnlinkedFunctionExecutable.h:
275         * parser/SourceCodeKey.h:
276         (JSC::SourceCodeKey::SourceCodeKey):
277         (JSC::SourceCodeKey::operator== const):
278         * runtime/CodeCache.cpp:
279         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
280         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
281         * runtime/CodeCache.h:
282         * runtime/FunctionConstructor.cpp:
283         (JSC::constructFunctionSkippingEvalEnabledCheck):
284         * runtime/FunctionExecutable.cpp:
285         (JSC::FunctionExecutable::fromGlobalCode):
286         * runtime/FunctionExecutable.h:
287
288 2018-11-13  Saam Barati  <sbarati@apple.com>
289
290         ProxyObject should check for VMInquiry and return early before throwing a stack overflow exception
291         https://bugs.webkit.org/show_bug.cgi?id=191601
292
293         Reviewed by Mark Lam.
294
295         This doesn't fix any bugs today, but it may reduce future bugs. It was
296         always weird that ProxyObject::getOwnPropertySlot with VMInquiry might
297         throw a stack overflow error instead of just returning false like it
298         normally does when VMInquiry is passed in.
299
300         * runtime/ProxyObject.cpp:
301         (JSC::ProxyObject::getOwnPropertySlotCommon):
302
303 2018-11-13  Saam Barati  <sbarati@apple.com>
304
305         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
306         https://bugs.webkit.org/show_bug.cgi?id=191600
307
308         Reviewed by Mark Lam.
309
310         processLogEntries will call into calculatedClassName, which will clear
311         any exceptions it encounters (it assumes that they're stack overflow exceptions).
312         However, this code may be called when an exception is already pending on the 
313         VM (e.g, when we throw an exception in the DFG, we compile an OSR exit
314         offramp, which may compile a baseline codeblock, which will process
315         the type profiler log). To get around this, processLogEntires should stash
316         away and re-apply any pending exceptions.
317
318         * dfg/DFGDriver.cpp:
319         (JSC::DFG::compileImpl):
320         * dfg/DFGOperations.cpp:
321         * inspector/agents/InspectorRuntimeAgent.cpp:
322         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
323         * jit/JIT.cpp:
324         (JSC::JIT::doMainThreadPreparationBeforeCompile):
325         * jit/JITOperations.cpp:
326         * runtime/CommonSlowPaths.cpp:
327         (JSC::SLOW_PATH_DECL):
328         * runtime/TypeProfilerLog.cpp:
329         (JSC::TypeProfilerLog::processLogEntries):
330         * runtime/TypeProfilerLog.h:
331         * runtime/VM.cpp:
332         (JSC::VM::dumpTypeProfilerData):
333         * runtime/VM.h:
334         (JSC::VM::DeferExceptionScope::DeferExceptionScope):
335         * tools/JSDollarVM.cpp:
336         (JSC::functionFindTypeForExpression):
337         (JSC::functionReturnTypeFor):
338
339 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
340
341         Unreviewed, rolling out r238132.
342
343         The test added with this change is timing out on Debug JSC
344         bots.
345
346         Reverted changeset:
347
348         "[BigInt] JSBigInt::createWithLength should throw when length
349         is greater than JSBigInt::maxLength"
350         https://bugs.webkit.org/show_bug.cgi?id=190836
351         https://trac.webkit.org/changeset/238132
352
353 2018-11-12  Mark Lam  <mark.lam@apple.com>
354
355         Add OOM detection to StringPrototype's substituteBackreferences().
356         https://bugs.webkit.org/show_bug.cgi?id=191563
357         <rdar://problem/45720428>
358
359         Reviewed by Saam Barati.
360
361         * dfg/DFGStrengthReductionPhase.cpp:
362         (JSC::DFG::StrengthReductionPhase::handleNode):
363         * runtime/StringPrototype.cpp:
364         (JSC::substituteBackreferencesSlow):
365         (JSC::substituteBackreferencesInline):
366         (JSC::substituteBackreferences):
367         (JSC::replaceUsingRegExpSearch):
368         (JSC::replaceUsingStringSearch):
369         * runtime/StringPrototype.h:
370
371 2018-11-13  Mark Lam  <mark.lam@apple.com>
372
373         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
374         https://bugs.webkit.org/show_bug.cgi?id=191579
375         <rdar://problem/45942472>
376
377         Reviewed by Saam Barati.
378
379         Both of these functions do a lot of work.  It would be good for the topCallFrame
380         to be correct should we need to throw an exception.
381
382         For example, we've observed the following crash trace:
383
384           * frame #0: WTFCrash() at Assertions.cpp:253
385             frame #1: ...
386             frame #2: JSC::StructureIDTable::get(this=0x00006040000162f0, structureID=1874583248) at StructureIDTable.h:129
387             frame #3: JSC::VM::getStructure(this=0x0000604000016210, id=4022066896) at VM.h:705
388             frame #4: JSC::JSCell::structure(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:125
389             frame #5: JSC::JSCell::classInfo(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:335
390             frame #6: JSC::JSCell::inherits(this=0x00007ffeefbbde30, vm=0x0000604000016210, info=0x0000000105eaf020) const at JSCellInlines.h:302
391             frame #7: JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(from=0x00007ffeefbbde30) at JSCast.h:36
392             frame #8: JSC::asObject(cell=0x00007ffeefbbde30) at JSObject.h:1299
393             frame #9: JSC::asObject(value=JSValue @ 0x00007ffeefbba380) at JSObject.h:1304
394             frame #10: JSC::Register::object(this=0x00007ffeefbbdd58) const at JSObject.h:1514
395             frame #11: JSC::ExecState::jsCallee(this=0x00007ffeefbbdd40) const at CallFrame.h:107
396             frame #12: JSC::ExecState::isStackOverflowFrame(this=0x00007ffeefbbdd40) const at CallFrameInlines.h:36
397             frame #13: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:52
398             frame #14: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:41
399             frame #15: void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>&, unsigned long, unsigned long)::$_3>(startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800, functor=0x00007ffeefbbaa60)::$_3 const&) at StackVisitor.h:147
400             frame #16: JSC::Interpreter::getStackTrace(this=0x0000602000005db0, owner=0x000062d00020cbe0, results=0x00006020000249d0, framesToSkip=0, maxStackSize=1) at Interpreter.cpp:437
401             frame #17: JSC::getStackTrace(exec=0x000062d00002c048, vm=0x0000631000000800, obj=0x000062d00020cbe0, useCurrentFrame=true) at Error.cpp:170
402             frame #18: JSC::ErrorInstance::finishCreation(this=0x000062d00020cbe0, exec=0x000062d00002c048, vm=0x0000631000000800, message=0x00007ffeefbbb800, useCurrentFrame=true) at ErrorInstance.cpp:119
403             frame #19: JSC::ErrorInstance::create(exec=0x000062d00002c048, vm=0x0000631000000800, structure=0x000062d0000f5730, message=0x00007ffeefbbb800, appender=0x0000000000000000, type=TypeNothing, useCurrentFrame=true)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) at ErrorInstance.h:49
404             frame #20: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800, appender=0x0000000000000000)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) at Error.cpp:68
405             frame #21: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800) at Error.cpp:316
406             frame #22: JSC::createStackOverflowError(exec=0x000062d00002c048, globalObject=0x000062d00002c000) at ExceptionHelpers.cpp:77
407             frame #23: JSC::createStackOverflowError(exec=0x000062d00002c048) at ExceptionHelpers.cpp:72
408             frame #24: JSC::throwStackOverflowError(exec=0x000062d00002c048, scope=0x00007ffeefbbbaa0) at ExceptionHelpers.cpp:335
409             frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372
410             frame #26: JSC::ProxyObject::getOwnPropertySlot(object=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbd40, slot=0x00007ffeefbbc720) at ProxyObject.cpp:395
411             frame #27: JSC::JSObject::getNonIndexPropertySlot(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbea0, slot=0x00007ffeefbbc720) at JSObjectInlines.h:150
412             frame #28: bool JSC::JSObject::getPropertySlot<false>(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbc320, slot=0x00007ffeefbbc720) at JSObject.h:1424
413             frame #29: JSC::JSObject::calculatedClassName(object=0x000062d000200e40) at JSObject.cpp:535
414             frame #30: JSC::Structure::toStructureShape(this=0x000062d000007410, value=JSValue @ 0x00007ffeefbbcae0, sawPolyProtoStructure=0x00007ffeefbbcf60) at Structure.cpp:1142
415             frame #31: JSC::TypeProfilerLog::processLogEntries(this=0x000060400000a950, reason=0x00007ffeefbbd5c0) at TypeProfilerLog.cpp:89
416             frame #32: JSC::JIT::doMainThreadPreparationBeforeCompile(this=0x0000619000034da0) at JIT.cpp:951
417             frame #33: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:43
418             frame #34: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:42
419             frame #35: JSC::JITWorklist::compileLater(this=0x0000616000001b80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:256
420             frame #36: JSC::LLInt::jitCompileAndSetHeuristics(codeBlock=0x000062d0001d88c0, exec=0x00007ffeefbbde30, loopOSREntryBytecodeOffset=0) at LLIntSlowPaths.cpp:391
421             frame #37: llint_replace(exec=0x00007ffeefbbde30, pc=0x00006040000161ba) at LLIntSlowPaths.cpp:516
422             frame #38: llint_entry at LowLevelInterpreter64.asm:98
423             frame #39: vmEntryToJavaScript at LowLevelInterpreter64.asm:296
424             ...
425
426         This crash occurred because StackVisitor was seeing an invalid topCallFrame while
427         trying to capture the Error stack while throwing a StackOverflowError below
428         llint_replace.  While in this specific example, it is questionable whether we
429         should be executing JS code below TypeProfilerLog::processLogEntries(), it is
430         correct to have set the topCallFrame in llint_replace.  We do this by calling
431         LLINT_BEGIN_NO_SET_PC() at the top of llint_replace.
432
433         We also do the same for llint_osr.
434         
435         Note: both of these LLInt slow path functions are called with a fully initialized
436         CallFrame.  Hence, there's no issue with setting topCallFrame to their CallFrames
437         for these functions.
438
439         * llint/LLIntSlowPaths.cpp:
440         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
441
442 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
443
444         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
445         https://bugs.webkit.org/show_bug.cgi?id=190836
446
447         Reviewed by Saam Barati.
448
449         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
450         where we allocate a BigInt trusting the length received as argument.
451         With this additional method, we now check if length passed to
452         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
453         When the length is greater than maxLength, we then throw OOM
454         exception.
455         This required change the interface of some JSBigInt operations to
456         receive `ExecState*` instead of `VM&`. We changed only operations that
457         can throw because of OOM.
458         We beleive that this approach of throwing instead of finishing the
459         execution abruptly is better because JS programs can catch such
460         exception and handle this issue properly.
461
462         * dfg/DFGOperations.cpp:
463         * jit/JITOperations.cpp:
464         * runtime/CommonSlowPaths.cpp:
465         (JSC::SLOW_PATH_DECL):
466         * runtime/JSBigInt.cpp:
467         (JSC::JSBigInt::createZero):
468         (JSC::JSBigInt::tryCreateWithLength):
469         (JSC::JSBigInt::createWithLengthUnchecked):
470         (JSC::JSBigInt::createFrom):
471         (JSC::JSBigInt::multiply):
472         (JSC::JSBigInt::divide):
473         (JSC::JSBigInt::copy):
474         (JSC::JSBigInt::unaryMinus):
475         (JSC::JSBigInt::remainder):
476         (JSC::JSBigInt::add):
477         (JSC::JSBigInt::sub):
478         (JSC::JSBigInt::bitwiseAnd):
479         (JSC::JSBigInt::bitwiseOr):
480         (JSC::JSBigInt::bitwiseXor):
481         (JSC::JSBigInt::absoluteAdd):
482         (JSC::JSBigInt::absoluteSub):
483         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
484         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
485         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
486         (JSC::JSBigInt::absoluteBitwiseOp):
487         (JSC::JSBigInt::absoluteAddOne):
488         (JSC::JSBigInt::absoluteSubOne):
489         (JSC::JSBigInt::toStringGeneric):
490         (JSC::JSBigInt::rightTrim):
491         (JSC::JSBigInt::allocateFor):
492         (JSC::JSBigInt::createWithLength): Deleted.
493         * runtime/JSBigInt.h:
494         * runtime/Operations.cpp:
495         (JSC::jsAddSlowCase):
496         * runtime/Operations.h:
497         (JSC::jsSub):
498         (JSC::jsMul):
499
500 2018-11-12  Devin Rousso  <drousso@apple.com>
501
502         Web Inspector: Network: show secure certificate details per-request
503         https://bugs.webkit.org/show_bug.cgi?id=191447
504         <rdar://problem/30019476>
505
506         Reviewed by Joseph Pecoraro.
507
508         Add Security domain to hold security related protocol types.
509
510         * CMakeLists.txt:
511         * DerivedSources.make:
512         * inspector/protocol/Network.json:
513         * inspector/protocol/Security.json: Added.
514         * inspector/scripts/codegen/objc_generator.py:
515         (ObjCGenerator):
516
517 2018-11-12  Saam barati  <sbarati@apple.com>
518
519         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
520         https://bugs.webkit.org/show_bug.cgi?id=191555
521
522         * bytecode/UnlinkedFunctionExecutable.cpp:
523         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
524         * bytecode/UnlinkedFunctionExecutable.h:
525         * parser/SourceCodeKey.h:
526         (JSC::SourceCodeKey::SourceCodeKey):
527         (JSC::SourceCodeKey::operator== const):
528         * runtime/CodeCache.cpp:
529         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
530         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
531         * runtime/CodeCache.h:
532         * runtime/FunctionConstructor.cpp:
533         (JSC::constructFunctionSkippingEvalEnabledCheck):
534         * runtime/FunctionExecutable.cpp:
535         (JSC::FunctionExecutable::fromGlobalCode):
536         * runtime/FunctionExecutable.h:
537
538 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
539
540         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
541         https://bugs.webkit.org/show_bug.cgi?id=191492
542
543         Reviewed by Alex Christensen.
544
545         Rename file.
546
547         * API/JSValue.mm:
548
549 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
550
551         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
552         https://bugs.webkit.org/show_bug.cgi?id=191492
553
554         Reviewed by Alex Christensen.
555
556         * API/JSValue.mm:
557
558 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
559
560         Unreviewed, silence -Wunused-variable warning
561
562         * bytecode/Opcode.h:
563         (JSC::padOpcodeName):
564
565 2018-11-09  Keith Rollin  <krollin@apple.com>
566
567         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
568
569         Remove the use of .xcfilelists until their side-effects are better
570         understood.
571
572         * JavaScriptCore.xcodeproj/project.pbxproj:
573
574 2018-11-09  Keith Miller  <keith_miller@apple.com>
575
576         LLInt VectorSizeOffset should be based on offset extraction
577         https://bugs.webkit.org/show_bug.cgi?id=191468
578
579         Reviewed by Yusuke Suzuki.
580
581         This patch also adds some usings to LLIntOffsetsExtractor that
582         make it possible to use the bare names of Vector/RefCountedArray
583         in offsets extraction.
584
585         * llint/LLIntOffsetsExtractor.cpp:
586         * llint/LowLevelInterpreter.asm:
587
588 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
589
590         Unreviewed, rolling in CodeCache in r237254
591         https://bugs.webkit.org/show_bug.cgi?id=190340
592
593         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
594
595         * bytecode/UnlinkedFunctionExecutable.cpp:
596         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
597         * bytecode/UnlinkedFunctionExecutable.h:
598         * parser/SourceCodeKey.h:
599         (JSC::SourceCodeKey::SourceCodeKey):
600         (JSC::SourceCodeKey::operator== const):
601         * runtime/CodeCache.cpp:
602         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
603         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
604         * runtime/CodeCache.h:
605         * runtime/FunctionConstructor.cpp:
606         (JSC::constructFunctionSkippingEvalEnabledCheck):
607         * runtime/FunctionExecutable.cpp:
608         (JSC::FunctionExecutable::fromGlobalCode):
609         * runtime/FunctionExecutable.h:
610
611 2018-11-08  Keith Miller  <keith_miller@apple.com>
612
613         put_by_val opcodes need to add the number tag as a 64-bit register
614         https://bugs.webkit.org/show_bug.cgi?id=191456
615
616         Reviewed by Saam Barati.
617
618         Previously the LLInt would add it as a pointer sized value. That is
619         wrong if pointer size is less 64-bits.
620
621         * llint/LowLevelInterpreter64.asm:
622
623 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
624
625         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
626         https://bugs.webkit.org/show_bug.cgi?id=191439
627
628         Reviewed by Saam Barati.
629
630         * CMakeLists.txt:
631         * runtime/ParseInt.h:
632         (JSC::isStrWhiteSpace):
633         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
634
635 2018-11-08  Michael Saboff  <msaboff@apple.com>
636
637         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
638         https://bugs.webkit.org/show_bug.cgi?id=191444
639
640         Reviewed by Saam Barati.
641
642         * runtime/Options.h:
643
644 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
645
646         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
647         https://bugs.webkit.org/show_bug.cgi?id=191416
648
649         Reviewed by Saam Barati.
650
651         * disassembler/UDis86Disassembler.cpp:
652         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
653
654 2018-11-08  Keith Rollin  <krollin@apple.com>
655
656         Create .xcfilelist files
657         https://bugs.webkit.org/show_bug.cgi?id=191324
658         <rdar://problem/45852819>
659
660         Reviewed by Alex Christensen.
661
662         As part of preparing for enabling XCBuild, create and use .xcfilelist
663         files. These files are using during Run Script build phases in an
664         Xcode project. If a Run Script build phase produces new files that are
665         used later as inputs to subsequent build phases, XCBuild needs to know
666         about these files. These files can be either specified in an "output
667         files" section of the Run Script phase editor, or in .xcfilelist files
668         that are associated with the Run Script build phase.
669
670         This patch takes the second approach. It consists of three sets of changes:
671
672         - Modify the DerivedSources.make files to have a
673           'print_all_generated_files" target that produces a list of the files
674           they create.
675
676         - Create a shell script that produces .xcfilelist files from the
677           output of the previous step, as well as for the files created in the
678           Generate Unified Sources build steps.
679
680         - Add the new .xcfilelist files to the associated projects.
681
682         Note that, with these changes, the Xcode workspace and projects can no
683         longer be fully loaded into Xcode 9. Xcode will attempt to load the
684         projects that have .xcfilelist files associated with them, but will
685         fail and display a placeholder for those projects instead. It's
686         expected that all developers are using Xcode 10 by now and that not
687         being able to load into Xcode 9 is not a practical issue. Keep in mind
688         that this is strictly an IDE issue, and that the projects can still be
689         built with `xcodebuild`.
690
691         Also note that the shell script that creates the .xcfilelist files can
692         also be used to verify that the set of files that's currently checked
693         in is up-to-date. This checking can be used as part of a check-in hook
694         or part of check-webkit-style to sooner catch cases where the
695         .xcfilelist files need to be regenerated.
696
697         * DerivedSources.make:
698         * DerivedSources.xcfilelist: Added.
699         * JavaScriptCore.xcodeproj/project.pbxproj:
700         * UnifiedSources.xcfilelist: Added.
701
702 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
703
704         U+180E is no longer a whitespace character
705         https://bugs.webkit.org/show_bug.cgi?id=191415
706
707         Reviewed by Saam Barati.
708
709         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
710         (https://github.com/tc39/ecma262/pull/300)
711
712         * parser/Lexer.h:
713         (JSC::Lexer<UChar>::isWhiteSpace):
714         * runtime/ParseInt.h:
715         (JSC::isStrWhiteSpace):
716         * yarr/create_regex_tables:
717
718 2018-11-08  Keith Miller  <keith_miller@apple.com>
719
720         jitEnabledByDefault() should be on useJIT not useBaselineJIT
721         https://bugs.webkit.org/show_bug.cgi?id=191434
722
723         Reviewed by Saam Barati.
724
725         * runtime/Options.h:
726
727 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
728
729         Web Inspector: Restrict domains at the target level instead of only at the window level
730         https://bugs.webkit.org/show_bug.cgi?id=191344
731
732         Reviewed by Devin Rousso.
733
734         * inspector/protocol/Console.json:
735         * inspector/protocol/Debugger.json:
736         * inspector/protocol/Heap.json:
737         * inspector/protocol/Runtime.json:
738         Remove workerSupported as it is now no longer necessary. It is implied
739         by availability being empty (meaning it is supported everywhere).
740
741         * inspector/protocol/Inspector.json:
742         * inspector/protocol/ScriptProfiler.json:
743         Restrict to "javascript" and "web" debuggables, not available in workers.
744
745         * inspector/protocol/Worker.json:
746         Cleanup, remove empty types list.
747         
748         * inspector/protocol/Recording.json:
749         Cleanup, only expose this in the "web" domain for now.
750
751         * inspector/scripts/codegen/generate_js_backend_commands.py:
752         (JSBackendCommandsGenerator.generate_domain):
753         * inspector/scripts/codegen/models.py:
754         (Protocol.parse_domain):
755         Allow a list of debuggable types. Add "worker" even though it is unused
756         since that is a type we would want to allow or consider.
757
758         (Domain.__init__):
759         (Domains):
760         Remove now unnecessary workerSupported code.
761         Allow availability on a domain with only types.
762
763         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
764         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
765
766 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
767
768         Consider removing double load for accessing the MetadataTable from LLInt
769         https://bugs.webkit.org/show_bug.cgi?id=190933
770
771         Reviewed by Keith Miller.
772
773         This patch removes double load for accesses to MetadataTable from LLInt.
774         MetadataTable is now specially RefCounted class, which has interesting memory layout.
775         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
776
777         * bytecode/CodeBlock.cpp:
778         (JSC::CodeBlock::finishCreation):
779         (JSC::CodeBlock::estimatedSize):
780         (JSC::CodeBlock::visitChildren):
781         * bytecode/CodeBlock.h:
782         (JSC::CodeBlock::metadata):
783         * bytecode/CodeBlockInlines.h:
784         (JSC::CodeBlock::forEachValueProfile):
785         (JSC::CodeBlock::forEachArrayProfile):
786         (JSC::CodeBlock::forEachArrayAllocationProfile):
787         (JSC::CodeBlock::forEachObjectAllocationProfile):
788         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
789         * bytecode/MetadataTable.cpp:
790         (JSC::MetadataTable::MetadataTable):
791         (JSC::MetadataTable::~MetadataTable):
792         (JSC::MetadataTable::sizeInBytes):
793         * bytecode/MetadataTable.h:
794         (JSC::MetadataTable::get):
795         (JSC::MetadataTable::forEach):
796         (JSC::MetadataTable::ref const):
797         (JSC::MetadataTable::deref const):
798         (JSC::MetadataTable::refCount const):
799         (JSC::MetadataTable::hasOneRef const):
800         (JSC::MetadataTable::buffer):
801         (JSC::MetadataTable::linkingData const):
802         (JSC::MetadataTable::getImpl):
803         * bytecode/UnlinkedMetadataTable.h:
804         (JSC::UnlinkedMetadataTable::buffer const):
805         * bytecode/UnlinkedMetadataTableInlines.h:
806         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
807         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
808         (JSC::UnlinkedMetadataTable::addEntry):
809         (JSC::UnlinkedMetadataTable::sizeInBytes):
810         (JSC::UnlinkedMetadataTable::finalize):
811         (JSC::UnlinkedMetadataTable::link):
812         (JSC::UnlinkedMetadataTable::unlink):
813         * llint/LowLevelInterpreter.asm:
814         * llint/LowLevelInterpreter32_64.asm:
815
816 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
817
818         [BigInt] Add support to BigInt into ValueAdd
819         https://bugs.webkit.org/show_bug.cgi?id=186177
820
821         Reviewed by Keith Miller.
822
823         We are adding a very primitive specialization case of BigInts into ValueAdd.
824         When compiling a speculated version of this node to BigInt, we are currently
825         calling 'operationAddBigInt', a function that expects only BigInts as
826         parameter and effectly add numbers using JSBigInt::add. To properly
827         speculate BigInt operands, we changed ArithProfile to observe when
828         its result is a BigInt. With this new observation, we are able to identify
829         when ValueAdd results into a String or BigInt.
830
831         Here are some numbers for this specialization running
832         microbenchmarks:
833
834         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
835         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
836
837         * bytecode/ArithProfile.cpp:
838         (JSC::ArithProfile::emitObserveResult):
839         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
840         (JSC::ArithProfile::shouldEmitSetBigInt const):
841         (JSC::ArithProfile::emitSetNonNumeric const):
842         (JSC::ArithProfile::emitSetBigInt const):
843         (WTF::printInternal):
844         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
845         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
846         * bytecode/ArithProfile.h:
847         (JSC::ArithProfile::observedUnaryInt):
848         (JSC::ArithProfile::observedUnaryNumber):
849         (JSC::ArithProfile::observedBinaryIntInt):
850         (JSC::ArithProfile::observedBinaryNumberInt):
851         (JSC::ArithProfile::observedBinaryIntNumber):
852         (JSC::ArithProfile::observedBinaryNumberNumber):
853         (JSC::ArithProfile::didObserveNonInt32 const):
854         (JSC::ArithProfile::didObserveNonNumeric const):
855         (JSC::ArithProfile::didObserveBigInt const):
856         (JSC::ArithProfile::setObservedNonNumeric):
857         (JSC::ArithProfile::setObservedBigInt):
858         (JSC::ArithProfile::observeResult):
859         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
860         (JSC::ArithProfile::setObservedNonNumber): Deleted.
861         * dfg/DFGByteCodeParser.cpp:
862         (JSC::DFG::ByteCodeParser::makeSafe):
863         * dfg/DFGFixupPhase.cpp:
864         (JSC::DFG::FixupPhase::fixupNode):
865         * dfg/DFGNode.h:
866         (JSC::DFG::Node::mayHaveNonNumericResult):
867         (JSC::DFG::Node::mayHaveBigIntResult):
868         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
869         * dfg/DFGNodeFlags.cpp:
870         (JSC::DFG::dumpNodeFlags):
871         * dfg/DFGNodeFlags.h:
872         * dfg/DFGOperations.cpp:
873         * dfg/DFGOperations.h:
874         * dfg/DFGPredictionPropagationPhase.cpp:
875         * dfg/DFGSpeculativeJIT.cpp:
876         (JSC::DFG::SpeculativeJIT::compileValueAdd):
877         * ftl/FTLLowerDFGToB3.cpp:
878         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
879         * runtime/CommonSlowPaths.cpp:
880         (JSC::updateArithProfileForUnaryArithOp):
881         (JSC::updateArithProfileForBinaryArithOp):
882
883 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
884
885         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
886         https://bugs.webkit.org/show_bug.cgi?id=191340
887
888         Reviewed by Devin Rousso.
889
890         * inspector/ConsoleMessage.cpp:
891         (Inspector::messageSourceValue):
892         Use new enum name.
893
894         * inspector/scripts/codegen/generator.py:
895         Correct the casing of "JavaScript".
896
897 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
898
899         Align wide opcodes in the instruction stream
900         https://bugs.webkit.org/show_bug.cgi?id=191254
901
902         Reviewed by Keith Miller.
903
904         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
905         aligned on platforms that don't like unaligned memory access.
906
907         For that, add a new type to represent jump targets, BoundLabel, which
908         delays computing the offset in case we need to emit nops for padding.
909         Extra padding is also emitted before op_yield and at the of each
910         BytecodeWriter fragment, to ensure that the bytecode remains aligned
911         after the rewriting.
912
913         As a side effect, we can longer guarantee that the point immediately
914         before emitting an opcode is the start of that opcode, since nops
915         might be emitted in between if the opcode needs to be wide. To fix
916         that, we only take the offset of opcodes after they have been emitted,
917         using `m_lastInstruction.offset()`.
918
919         * bytecode/BytecodeDumper.h:
920         (JSC::BytecodeDumper::dumpValue):
921         * bytecode/BytecodeGeneratorification.cpp:
922         (JSC::BytecodeGeneratorification::run):
923         * bytecode/BytecodeList.rb:
924         * bytecode/BytecodeRewriter.h:
925         (JSC::BytecodeRewriter::Fragment::align):
926         (JSC::BytecodeRewriter::insertFragmentBefore):
927         (JSC::BytecodeRewriter::insertFragmentAfter):
928         * bytecode/Fits.h:
929         * bytecode/InstructionStream.h:
930         (JSC::InstructionStreamWriter::ref):
931         * bytecode/PreciseJumpTargetsInlines.h:
932         (JSC::updateStoredJumpTargetsForInstruction):
933         * bytecompiler/BytecodeGenerator.cpp:
934         (JSC::Label::setLocation):
935         (JSC::BoundLabel::target):
936         (JSC::BoundLabel::saveTarget):
937         (JSC::BoundLabel::commitTarget):
938         (JSC::BytecodeGenerator::generate):
939         (JSC::BytecodeGenerator::recordOpcode):
940         (JSC::BytecodeGenerator::alignWideOpcode):
941         (JSC::BytecodeGenerator::emitProfileControlFlow):
942         (JSC::BytecodeGenerator::emitResolveScope):
943         (JSC::BytecodeGenerator::emitGetFromScope):
944         (JSC::BytecodeGenerator::emitPutToScope):
945         (JSC::BytecodeGenerator::emitGetById):
946         (JSC::BytecodeGenerator::emitDirectGetById):
947         (JSC::BytecodeGenerator::emitPutById):
948         (JSC::BytecodeGenerator::emitDirectPutById):
949         (JSC::BytecodeGenerator::emitGetByVal):
950         (JSC::BytecodeGenerator::emitCreateThis):
951         (JSC::BytecodeGenerator::beginSwitch):
952         (JSC::BytecodeGenerator::endSwitch):
953         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
954         (JSC::BytecodeGenerator::emitYieldPoint):
955         (JSC::BytecodeGenerator::emitToThis):
956         (JSC::Label::bind): Deleted.
957         * bytecompiler/BytecodeGenerator.h:
958         (JSC::BytecodeGenerator::recordOpcode): Deleted.
959         * bytecompiler/Label.h:
960         (JSC::BoundLabel::BoundLabel):
961         (JSC::BoundLabel::operator int):
962         (JSC::Label::bind):
963         * generator/Opcode.rb:
964
965 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
966
967         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
968         https://bugs.webkit.org/show_bug.cgi?id=191184
969
970         Reviewed by Saam Barati.
971
972         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
973
974         * API/tests/PingPongStackOverflowTest.cpp:
975         (testPingPongStackOverflow):
976
977 2018-11-06  Justin Fan  <justin_fan@apple.com>
978
979         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
980         https://bugs.webkit.org/show_bug.cgi?id=191291
981
982         Reviewed by Myles Maxfield.
983
984         Properly disable WEBGPU on all non-Metal platforms for now.
985
986         * Configurations/FeatureDefines.xcconfig:
987
988 2018-11-06  Keith Rollin  <krollin@apple.com>
989
990         Adjust handling of Include paths that need quoting
991         https://bugs.webkit.org/show_bug.cgi?id=191314
992         <rdar://problem/45849143>
993
994         Reviewed by Dan Bernstein.
995
996         There are several places in the JavaScriptCore Xcode project where the
997         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
998         definitions look like:
999
1000             HEADER_SEARCH_PATHS = (
1001                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
1002                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
1003                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
1004                 "$(inherited)",
1005             );
1006
1007         The idea here is presumably to have the resulting $(CPP) command have
1008         -I options where the associated paths are themselves quoted,
1009         protecting against space characters in the paths.
1010
1011         This approach to quote management can break under Xcode 9. If
1012         .xcfilelist files are added to the project, the 'objectVersion' value
1013         in the Xcode project file is changed from 46 to 51. If a project with
1014         objectVersion=51 is presented to Xcode 9 (as can happen when we build
1015         for older OS's), it produces build lines where the quotes are escaped,
1016         thereby becoming part of the path. The build then fails because a
1017         search for a file normally found in a directory called "Foo" will be
1018         looked for in "\"Foo\"", which doesn't exist.
1019
1020         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
1021         definition doesn't work, leading to paths that need quoting due to
1022         space characters but that don't get this quoting (the part of the path
1023         after the space appears to simply go missing).
1024
1025         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
1026         the definitions to the .xcconfig fixes this problem.
1027
1028         * Configurations/ToolExecutable.xcconfig:
1029         * JavaScriptCore.xcodeproj/project.pbxproj:
1030
1031 2018-11-06  Michael Saboff  <msaboff@apple.com>
1032
1033         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
1034         https://bugs.webkit.org/show_bug.cgi?id=191271
1035
1036         Reviewed by Saam Barati.
1037
1038         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
1039         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
1040         exception bubbling for String.match() with a global RegExp as well as String.replace()
1041         and String.search().
1042
1043         * runtime/RegExpObjectInlines.h:
1044         (JSC::RegExpObject::matchInline):
1045         (JSC::collectMatches):
1046         * runtime/RegExpPrototype.cpp:
1047         (JSC::regExpProtoFuncSearchFast):
1048         * runtime/StringPrototype.cpp:
1049         (JSC::removeUsingRegExpSearch):
1050         (JSC::replaceUsingRegExpSearch):
1051
1052 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
1053
1054         Fix typos in closing ENABLE guards
1055         https://bugs.webkit.org/show_bug.cgi?id=191273
1056
1057         Reviewed by Keith Miller.
1058
1059         * ftl/FTLForOSREntryJITCode.h:
1060         * ftl/FTLJITCode.h:
1061         * jsc.cpp:
1062         * wasm/WasmMemoryInformation.h:
1063         * wasm/WasmPageCount.h:
1064
1065 2018-11-05  Keith Miller  <keith_miller@apple.com>
1066
1067         Make static_asserts in APICast into bitwise_cast
1068         https://bugs.webkit.org/show_bug.cgi?id=191272
1069
1070         Reviewed by Filip Pizlo.
1071
1072         * API/APICast.h:
1073         (toJS):
1074         (toJSForGC):
1075         (toRef):
1076
1077 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
1078
1079         Enable LLInt on ARMv7/Linux
1080         https://bugs.webkit.org/show_bug.cgi?id=191190
1081
1082         Reviewed by Yusuke Suzuki.
1083
1084         After enabling the new bytecode format in r237547, C_LOOP was
1085         forced on all 32-bit platforms. Now enable LLInt again on
1086         ARMv7-Thumb2/Linux.
1087
1088         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
1089         stores/restores it on LLInt function calls. It also introduces the globaladdr-
1090         instruction for the ARM-offlineasm to access the opcode-table.
1091
1092         * jit/GPRInfo.h:
1093         * jit/RegisterSet.cpp:
1094         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
1095         * llint/LowLevelInterpreter.asm:
1096         * llint/LowLevelInterpreter32_64.asm:
1097         * offlineasm/arm.rb:
1098         * offlineasm/asm.rb:
1099         * offlineasm/instructions.rb:
1100
1101 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
1102
1103         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
1104         https://bugs.webkit.org/show_bug.cgi?id=191146
1105
1106         Reviewed by Yusuke Suzuki.
1107
1108         * jit/JIT.h: Changed is64BitType from a template class method to a
1109         template inner class.
1110
1111 2018-11-02  Keith Miller  <keith_miller@apple.com>
1112
1113         Assert JSValues can fit into a pointer when API casting
1114         https://bugs.webkit.org/show_bug.cgi?id=191220
1115
1116         Reviewed by Michael Saboff.
1117
1118         * API/APICast.h:
1119         (toJS):
1120         (toJSForGC):
1121         (toRef):
1122
1123 2018-11-02  Michael Saboff  <msaboff@apple.com>
1124
1125         Rolling in r237753 with unreviewed build fix.
1126
1127         Fixed issues with DECLARE_THROW_SCOPE placement.
1128
1129 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
1130
1131         Unreviewed, rolling out r237753.
1132
1133         Introduced JSC test failures
1134
1135         Reverted changeset:
1136
1137         "Running out of stack space not properly handled in
1138         RegExp::compile() and its callers"
1139         https://bugs.webkit.org/show_bug.cgi?id=191206
1140         https://trac.webkit.org/changeset/237753
1141
1142 2018-11-02  Michael Saboff  <msaboff@apple.com>
1143
1144         Running out of stack space not properly handled in RegExp::compile() and its callers
1145         https://bugs.webkit.org/show_bug.cgi?id=191206
1146
1147         Reviewed by Filip Pizlo.
1148
1149         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
1150         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
1151         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
1152
1153         * runtime/RegExp.cpp:
1154         (JSC::RegExp::compile):
1155         (JSC::RegExp::compileMatchOnly):
1156         * runtime/RegExp.h:
1157         * runtime/RegExpInlines.h:
1158         (JSC::RegExp::compileIfNecessary):
1159         (JSC::RegExp::matchInline):
1160         (JSC::RegExp::compileIfNecessaryMatchOnly):
1161         * runtime/RegExpObjectInlines.h:
1162         (JSC::RegExpObject::execInline):
1163         * yarr/YarrErrorCode.h:
1164         (JSC::Yarr::hasHardError):
1165
1166 2018-11-02  Keith Miller  <keith_miller@apple.com>
1167
1168         API should use wrapper object if address is 32-bit
1169         https://bugs.webkit.org/show_bug.cgi?id=191203
1170
1171         Reviewed by Filip Pizlo.
1172
1173         * API/APICast.h:
1174         (toJS):
1175         (toJSForGC):
1176         (toRef):
1177
1178 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1179
1180         Metadata should not be copyable
1181         https://bugs.webkit.org/show_bug.cgi?id=191193
1182
1183         Reviewed by Keith Miller.
1184
1185         We should only ever hold references to the entry in the metadata table.
1186
1187         * bytecode/CodeBlock.cpp:
1188         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1189         * dfg/DFGByteCodeParser.cpp:
1190         (JSC::DFG::ByteCodeParser::parseBlock):
1191         * generator/Metadata.rb:
1192
1193 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1194
1195         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
1196         https://bugs.webkit.org/show_bug.cgi?id=191175
1197
1198         Reviewed by Keith Miller.
1199
1200         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
1201
1202         * jit/JITExceptions.cpp:
1203         (JSC::genericUnwind):
1204         * llint/LLIntData.h:
1205         (JSC::LLInt::getWideCodePtr):
1206
1207 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
1208
1209         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
1210         https://bugs.webkit.org/show_bug.cgi?id=189693
1211
1212         Reviewed by Yusuke Suzuki.
1213
1214         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
1215         * API/JSStringRef.cpp: Ditto.
1216         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
1217         * wasm/WasmParser.h: Ditto.
1218
1219 2018-11-01  Keith Miller  <keith_miller@apple.com>
1220
1221         Unreviewed, JavaScriptCore should only guarantee to produce a
1222         modulemap if we are building for iOSMac.
1223
1224         * Configurations/JavaScriptCore.xcconfig:
1225
1226 2018-10-31  Devin Rousso  <drousso@apple.com>
1227
1228         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
1229         https://bugs.webkit.org/show_bug.cgi?id=190856
1230
1231         Reviewed by Brian Burg.
1232
1233         * inspector/protocol/Canvas.json:
1234         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
1235         immediately after a context is created.
1236
1237         * inspector/protocol/Recording.json:
1238         Add `creation` value for `Initiator` enum.
1239
1240 2018-10-31  Devin Rousso  <drousso@apple.com>
1241
1242         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
1243         https://bugs.webkit.org/show_bug.cgi?id=190641
1244         <rdar://problem/45319049>
1245
1246         Reviewed by Joseph Pecoraro.
1247
1248         * inspector/protocol/DOM.json:
1249         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
1250         whether a video element's low power state has changed.
1251
1252 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1253
1254         Adjust inlining threshold for new bytecode format
1255         https://bugs.webkit.org/show_bug.cgi?id=191115
1256
1257         Reviewed by Saam Barati.
1258
1259         The new format reduced the number of operands for many opcodes, which
1260         changed inlining decisions and impacted performance negatively.
1261
1262         * runtime/Options.h:
1263
1264 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1265
1266         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
1267         https://bugs.webkit.org/show_bug.cgi?id=191108
1268         <rdar://problem/45690700>
1269
1270         Reviewed by Saam Barati.
1271
1272         When linking the handler, we need to check whether the target op_catch is
1273         wide or narrow in order to chose the right code pointer for the handler.
1274
1275         * bytecode/CodeBlock.cpp:
1276         (JSC::CodeBlock::finishCreation):
1277
1278 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
1279
1280         Align entries in metadata table
1281         https://bugs.webkit.org/show_bug.cgi?id=191062
1282
1283         Reviewed by Filip Pizlo.
1284
1285         Entries in the metadata table need to be aligned on some 32-bit
1286         architectures.
1287
1288         * bytecode/MetadataTable.h:
1289         (JSC::MetadataTable::forEach):
1290         * bytecode/Opcode.cpp:
1291         (JSC::metadataAlignment):
1292         * bytecode/Opcode.h:
1293         * bytecode/UnlinkedMetadataTableInlines.h:
1294         (JSC::UnlinkedMetadataTable::finalize):
1295         * generator/Section.rb:
1296
1297 2018-10-31  Jim Mason  <jmason@ibinx.com>
1298
1299         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
1300         https://bugs.webkit.org/show_bug.cgi?id=191063
1301
1302         Reviewed by Yusuke Suzuki.
1303
1304         * wasm/WasmFaultSignalHandler.cpp:
1305
1306 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1307
1308         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
1309         https://bugs.webkit.org/show_bug.cgi?id=191092
1310
1311         Reviewed by Saam Barati.
1312
1313         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
1314         following things to tighten LLInt ASM code.
1315
1316         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
1317         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
1318         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
1319         a power of two, we convert it to lshift instruction.
1320
1321         * llint/LowLevelInterpreter32_64.asm:
1322         * llint/LowLevelInterpreter64.asm:
1323         * offlineasm/arm64.rb:
1324         * offlineasm/instructions.rb:
1325         * offlineasm/x86.rb:
1326
1327 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
1328
1329         [PlayStation] Enable JavaScriptCore
1330         https://bugs.webkit.org/show_bug.cgi?id=191072
1331
1332         Reviewed by Brent Fulgham.
1333
1334         Add platform files for the PlayStation port.
1335
1336         * PlatformPlayStation.cmake: Added.
1337
1338 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
1339
1340         Clean up some obsolete MAX_ALLOWED macros
1341         https://bugs.webkit.org/show_bug.cgi?id=190916
1342
1343         Reviewed by Tim Horton.
1344
1345         * API/JSManagedValue.mm:
1346         * API/JSVirtualMachine.mm:
1347         * API/JSWrapperMap.mm:
1348
1349 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
1350
1351         useProbeOSRExit causes failures for Win64 DFG JIT
1352         https://bugs.webkit.org/show_bug.cgi?id=190656
1353
1354         Reviewed by Keith Miller.
1355
1356         * assembler/ProbeContext.cpp:
1357         (JSC::Probe::executeProbe):
1358         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
1359         then let's just call lowWatermarkFromVisitingDirtyPages instead.
1360
1361         * dfg/DFGOSRExit.cpp:
1362         (JSC::DFG::OSRExit::executeOSRExit):
1363         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
1364         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
1365         (Also, stop redundantly setting the stack pointer twice in a row.)
1366
1367 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1368
1369         "Unreviewed, partial rolling in r237254"
1370         https://bugs.webkit.org/show_bug.cgi?id=190340
1371
1372         This only adds Parser.{cpp,h}. And it is not used in this patch.
1373         It examines that the regression is related to exact Parser changes.
1374
1375         * parser/Parser.cpp:
1376         (JSC::Parser<LexerType>::parseInner):
1377         (JSC::Parser<LexerType>::parseSingleFunction):
1378         (JSC::Parser<LexerType>::parseFunctionInfo):
1379         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1380         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
1381         * parser/Parser.h:
1382         (JSC::Parser<LexerType>::parse):
1383         (JSC::parse):
1384         (JSC::parseFunctionForFunctionConstructor):
1385
1386 2018-10-29  Mark Lam  <mark.lam@apple.com>
1387
1388         Correctly detect string overflow when using the 'Function' constructor.
1389         https://bugs.webkit.org/show_bug.cgi?id=184883
1390         <rdar://problem/36320331>
1391
1392         Reviewed by Saam Barati.
1393
1394         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
1395         we detect an overflow.
1396
1397         * runtime/FunctionConstructor.cpp:
1398         (JSC::constructFunctionSkippingEvalEnabledCheck):
1399         * runtime/JSGlobalObjectFunctions.cpp:
1400         (JSC::encode):
1401         (JSC::decode):
1402         * runtime/JSONObject.cpp:
1403         (JSC::Stringifier::stringify):
1404         (JSC::Stringifier::appendStringifiedValue):
1405
1406 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1407
1408         Unreviewed, fix JSC on arm64e after r237547
1409         https://bugs.webkit.org/show_bug.cgi?id=187373
1410
1411         Unreviewed.
1412
1413         Remove unused move guarded by POINTER_PROFILING that was trashing the
1414         metadata on arm64e.
1415
1416         * llint/LowLevelInterpreter64.asm:
1417
1418 2018-10-29  Keith Miller  <keith_miller@apple.com>
1419
1420         JSC should explicitly list its modulemap file
1421         https://bugs.webkit.org/show_bug.cgi?id=191032
1422
1423         Reviewed by Saam Barati.
1424
1425         The automagically generated module map file for JSC will
1426         include headers where they may not work out of the box.
1427         This patch makes it so we now export the same modulemap
1428         that used to be provided via the legacy system.
1429
1430         * Configurations/JavaScriptCore.xcconfig:
1431         * JavaScriptCore.modulemap: Added.
1432         * JavaScriptCore.xcodeproj/project.pbxproj:
1433
1434 2018-10-29  Tim Horton  <timothy_horton@apple.com>
1435
1436         Modernize WebKit nibs and lprojs for localization's sake
1437         https://bugs.webkit.org/show_bug.cgi?id=190911
1438         <rdar://problem/45349466>
1439
1440         Reviewed by Dan Bernstein.
1441
1442         * JavaScriptCore.xcodeproj/project.pbxproj:
1443         English->en
1444
1445 2018-10-29  Commit Queue  <commit-queue@webkit.org>
1446
1447         Unreviewed, rolling out r237492.
1448         https://bugs.webkit.org/show_bug.cgi?id=191035
1449
1450         "It regresses JetStream 2 by 5% on some iOS devices"
1451         (Requested by saamyjoon on #webkit).
1452
1453         Reverted changeset:
1454
1455         "Unreviewed, partial rolling in r237254"
1456         https://bugs.webkit.org/show_bug.cgi?id=190340
1457         https://trac.webkit.org/changeset/237492
1458
1459 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1460
1461         Add support for GetStack FlushedDouble
1462         https://bugs.webkit.org/show_bug.cgi?id=191012
1463         <rdar://problem/45265141>
1464
1465         Reviewed by Saam Barati.
1466
1467         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
1468         for doubles, but it turns out it may arise from the PutStack sinking
1469         phase: if we sink a PutStack into a successor block, other predecessors
1470         will emit a GetStack followed by a Upsilon.
1471
1472         * ftl/FTLLowerDFGToB3.cpp:
1473         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
1474
1475 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1476
1477         New bytecode format for JSC
1478         https://bugs.webkit.org/show_bug.cgi?id=187373
1479         <rdar://problem/44186758>
1480
1481         Reviewed by Filip Pizlo.
1482
1483         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
1484         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
1485         operands) and might contain an extra operand, the metadataID. The metadataID is used to
1486         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
1487
1488         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
1489         and types to all its operands. Additionally, reading a bytecode from the instruction stream
1490         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
1491         operands directly from the stream.
1492
1493
1494         * CMakeLists.txt:
1495         * DerivedSources.make:
1496         * JavaScriptCore.xcodeproj/project.pbxproj:
1497         * Sources.txt:
1498         * assembler/MacroAssemblerCodeRef.h:
1499         (JSC::ReturnAddressPtr::ReturnAddressPtr):
1500         (JSC::ReturnAddressPtr::value const):
1501         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
1502         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
1503         * bytecode/ArithProfile.h:
1504         (JSC::ArithProfile::ArithProfile):
1505         * bytecode/ArrayAllocationProfile.h:
1506         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
1507         * bytecode/ArrayProfile.h:
1508         * bytecode/BytecodeBasicBlock.cpp:
1509         (JSC::isJumpTarget):
1510         (JSC::BytecodeBasicBlock::computeImpl):
1511         (JSC::BytecodeBasicBlock::compute):
1512         * bytecode/BytecodeBasicBlock.h:
1513         (JSC::BytecodeBasicBlock::leaderOffset const):
1514         (JSC::BytecodeBasicBlock::totalLength const):
1515         (JSC::BytecodeBasicBlock::offsets const):
1516         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
1517         (JSC::BytecodeBasicBlock::addLength):
1518         * bytecode/BytecodeDumper.cpp:
1519         (JSC::BytecodeDumper<Block>::printLocationAndOp):
1520         (JSC::BytecodeDumper<Block>::dumpBytecode):
1521         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1522         (JSC::BytecodeDumper<Block>::dumpConstants):
1523         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
1524         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
1525         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
1526         (JSC::BytecodeDumper<Block>::dumpBlock):
1527         * bytecode/BytecodeDumper.h:
1528         (JSC::BytecodeDumper::dumpOperand):
1529         (JSC::BytecodeDumper::dumpValue):
1530         (JSC::BytecodeDumper::BytecodeDumper):
1531         (JSC::BytecodeDumper::block const):
1532         * bytecode/BytecodeGeneratorification.cpp:
1533         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1534         (JSC::BytecodeGeneratorification::enterPoint const):
1535         (JSC::BytecodeGeneratorification::instructions const):
1536         (JSC::GeneratorLivenessAnalysis::run):
1537         (JSC::BytecodeGeneratorification::run):
1538         (JSC::performGeneratorification):
1539         * bytecode/BytecodeGeneratorification.h:
1540         * bytecode/BytecodeGraph.h:
1541         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
1542         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
1543         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
1544         (JSC::BytecodeGraph::BytecodeGraph):
1545         * bytecode/BytecodeKills.h:
1546         * bytecode/BytecodeList.json: Removed.
1547         * bytecode/BytecodeList.rb: Added.
1548         * bytecode/BytecodeLivenessAnalysis.cpp:
1549         (JSC::BytecodeLivenessAnalysis::dumpResults):
1550         * bytecode/BytecodeLivenessAnalysis.h:
1551         * bytecode/BytecodeLivenessAnalysisInlines.h:
1552         (JSC::isValidRegisterForLiveness):
1553         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1554         * bytecode/BytecodeRewriter.cpp:
1555         (JSC::BytecodeRewriter::applyModification):
1556         (JSC::BytecodeRewriter::execute):
1557         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
1558         (JSC::BytecodeRewriter::insertImpl):
1559         (JSC::BytecodeRewriter::adjustJumpTarget):
1560         (JSC::BytecodeRewriter::adjustJumpTargets):
1561         * bytecode/BytecodeRewriter.h:
1562         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
1563         (JSC::BytecodeRewriter::Fragment::Fragment):
1564         (JSC::BytecodeRewriter::Fragment::appendInstruction):
1565         (JSC::BytecodeRewriter::BytecodeRewriter):
1566         (JSC::BytecodeRewriter::insertFragmentBefore):
1567         (JSC::BytecodeRewriter::insertFragmentAfter):
1568         (JSC::BytecodeRewriter::removeBytecode):
1569         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
1570         (JSC::BytecodeRewriter::adjustJumpTarget):
1571         * bytecode/BytecodeUseDef.h:
1572         (JSC::computeUsesForBytecodeOffset):
1573         (JSC::computeDefsForBytecodeOffset):
1574         * bytecode/CallLinkStatus.cpp:
1575         (JSC::CallLinkStatus::computeFromLLInt):
1576         * bytecode/CodeBlock.cpp:
1577         (JSC::CodeBlock::dumpBytecode):
1578         (JSC::CodeBlock::CodeBlock):
1579         (JSC::CodeBlock::finishCreation):
1580         (JSC::CodeBlock::estimatedSize):
1581         (JSC::CodeBlock::visitChildren):
1582         (JSC::CodeBlock::propagateTransitions):
1583         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1584         (JSC::CodeBlock::addJITAddIC):
1585         (JSC::CodeBlock::addJITMulIC):
1586         (JSC::CodeBlock::addJITSubIC):
1587         (JSC::CodeBlock::addJITNegIC):
1588         (JSC::CodeBlock::stronglyVisitStrongReferences):
1589         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
1590         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
1591         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1592         (JSC::CodeBlock::getArrayProfile):
1593         (JSC::CodeBlock::updateAllArrayPredictions):
1594         (JSC::CodeBlock::predictedMachineCodeSize):
1595         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
1596         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
1597         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1598         (JSC::CodeBlock::validate):
1599         (JSC::CodeBlock::outOfLineJumpOffset):
1600         (JSC::CodeBlock::outOfLineJumpTarget):
1601         (JSC::CodeBlock::arithProfileForBytecodeOffset):
1602         (JSC::CodeBlock::arithProfileForPC):
1603         (JSC::CodeBlock::couldTakeSpecialFastCase):
1604         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1605         * bytecode/CodeBlock.h:
1606         (JSC::CodeBlock::addMathIC):
1607         (JSC::CodeBlock::outOfLineJumpOffset):
1608         (JSC::CodeBlock::bytecodeOffset):
1609         (JSC::CodeBlock::instructions const):
1610         (JSC::CodeBlock::instructionCount const):
1611         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1612         (JSC::CodeBlock::metadata):
1613         (JSC::CodeBlock::metadataSizeInBytes):
1614         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
1615         (JSC::CodeBlock::totalNumberOfValueProfiles):
1616         * bytecode/CodeBlockInlines.h: Added.
1617         (JSC::CodeBlock::forEachValueProfile):
1618         (JSC::CodeBlock::forEachArrayProfile):
1619         (JSC::CodeBlock::forEachArrayAllocationProfile):
1620         (JSC::CodeBlock::forEachObjectAllocationProfile):
1621         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1622         * bytecode/Fits.h: Added.
1623         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1624         * bytecode/GetByIdStatus.cpp:
1625         (JSC::GetByIdStatus::computeFromLLInt):
1626         * bytecode/Instruction.h:
1627         (JSC::Instruction::Instruction):
1628         (JSC::Instruction::Impl::opcodeID const):
1629         (JSC::Instruction::opcodeID const):
1630         (JSC::Instruction::name const):
1631         (JSC::Instruction::isWide const):
1632         (JSC::Instruction::size const):
1633         (JSC::Instruction::is const):
1634         (JSC::Instruction::as const):
1635         (JSC::Instruction::cast):
1636         (JSC::Instruction::cast const):
1637         (JSC::Instruction::narrow const):
1638         (JSC::Instruction::wide const):
1639         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1640         (JSC::InstructionStream::InstructionStream):
1641         (JSC::InstructionStream::sizeInBytes const):
1642         * bytecode/InstructionStream.h: Added.
1643         (JSC::InstructionStream::BaseRef::BaseRef):
1644         (JSC::InstructionStream::BaseRef::operator=):
1645         (JSC::InstructionStream::BaseRef::operator-> const):
1646         (JSC::InstructionStream::BaseRef::ptr const):
1647         (JSC::InstructionStream::BaseRef::operator!= const):
1648         (JSC::InstructionStream::BaseRef::next const):
1649         (JSC::InstructionStream::BaseRef::offset const):
1650         (JSC::InstructionStream::BaseRef::isValid const):
1651         (JSC::InstructionStream::BaseRef::unwrap const):
1652         (JSC::InstructionStream::MutableRef::freeze const):
1653         (JSC::InstructionStream::MutableRef::operator->):
1654         (JSC::InstructionStream::MutableRef::ptr):
1655         (JSC::InstructionStream::MutableRef::operator Ref):
1656         (JSC::InstructionStream::MutableRef::unwrap):
1657         (JSC::InstructionStream::iterator::operator*):
1658         (JSC::InstructionStream::iterator::operator++):
1659         (JSC::InstructionStream::begin const):
1660         (JSC::InstructionStream::end const):
1661         (JSC::InstructionStream::at const):
1662         (JSC::InstructionStream::size const):
1663         (JSC::InstructionStreamWriter::InstructionStreamWriter):
1664         (JSC::InstructionStreamWriter::ref):
1665         (JSC::InstructionStreamWriter::seek):
1666         (JSC::InstructionStreamWriter::position):
1667         (JSC::InstructionStreamWriter::write):
1668         (JSC::InstructionStreamWriter::rewind):
1669         (JSC::InstructionStreamWriter::finalize):
1670         (JSC::InstructionStreamWriter::swap):
1671         (JSC::InstructionStreamWriter::iterator::operator*):
1672         (JSC::InstructionStreamWriter::iterator::operator++):
1673         (JSC::InstructionStreamWriter::begin):
1674         (JSC::InstructionStreamWriter::end):
1675         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
1676         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
1677         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
1678         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
1679         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
1680         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1681         (JSC::MetadataTable::MetadataTable):
1682         (JSC::DeallocTable::withOpcodeType):
1683         (JSC::MetadataTable::~MetadataTable):
1684         (JSC::MetadataTable::sizeInBytes):
1685         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
1686         (JSC::MetadataTable::get):
1687         (JSC::MetadataTable::forEach):
1688         (JSC::MetadataTable::getImpl):
1689         * bytecode/Opcode.cpp:
1690         (JSC::metadataSize):
1691         * bytecode/Opcode.h:
1692         (JSC::padOpcodeName):
1693         * bytecode/OpcodeInlines.h:
1694         (JSC::isOpcodeShape):
1695         (JSC::getOpcodeType):
1696         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1697         * bytecode/PreciseJumpTargets.cpp:
1698         (JSC::getJumpTargetsForInstruction):
1699         (JSC::computePreciseJumpTargetsInternal):
1700         (JSC::computePreciseJumpTargets):
1701         (JSC::recomputePreciseJumpTargets):
1702         (JSC::findJumpTargetsForInstruction):
1703         * bytecode/PreciseJumpTargets.h:
1704         * bytecode/PreciseJumpTargetsInlines.h:
1705         (JSC::jumpTargetForInstruction):
1706         (JSC::extractStoredJumpTargetsForInstruction):
1707         (JSC::updateStoredJumpTargetsForInstruction):
1708         * bytecode/PutByIdStatus.cpp:
1709         (JSC::PutByIdStatus::computeFromLLInt):
1710         * bytecode/SpecialPointer.cpp:
1711         (WTF::printInternal):
1712         * bytecode/SpecialPointer.h:
1713         * bytecode/UnlinkedCodeBlock.cpp:
1714         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1715         (JSC::UnlinkedCodeBlock::visitChildren):
1716         (JSC::UnlinkedCodeBlock::estimatedSize):
1717         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1718         (JSC::dumpLineColumnEntry):
1719         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
1720         (JSC::UnlinkedCodeBlock::setInstructions):
1721         (JSC::UnlinkedCodeBlock::instructions const):
1722         (JSC::UnlinkedCodeBlock::applyModification):
1723         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
1724         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1725         * bytecode/UnlinkedCodeBlock.h:
1726         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
1727         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
1728         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
1729         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
1730         (JSC::UnlinkedCodeBlock::metadata):
1731         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1732         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1733         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
1734         * bytecode/UnlinkedInstructionStream.cpp: Removed.
1735         * bytecode/UnlinkedInstructionStream.h: Removed.
1736         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1737         * bytecode/UnlinkedMetadataTableInlines.h: Added.
1738         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1739         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1740         (JSC::UnlinkedMetadataTable::addEntry):
1741         (JSC::UnlinkedMetadataTable::sizeInBytes):
1742         (JSC::UnlinkedMetadataTable::finalize):
1743         (JSC::UnlinkedMetadataTable::link):
1744         (JSC::UnlinkedMetadataTable::unlink):
1745         * bytecode/VirtualRegister.cpp:
1746         (JSC::VirtualRegister::VirtualRegister):
1747         * bytecode/VirtualRegister.h:
1748         * bytecompiler/BytecodeGenerator.cpp:
1749         (JSC::Label::setLocation):
1750         (JSC::Label::bind):
1751         (JSC::BytecodeGenerator::generate):
1752         (JSC::BytecodeGenerator::BytecodeGenerator):
1753         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
1754         (JSC::BytecodeGenerator::emitEnter):
1755         (JSC::BytecodeGenerator::emitLoopHint):
1756         (JSC::BytecodeGenerator::emitJump):
1757         (JSC::BytecodeGenerator::emitCheckTraps):
1758         (JSC::BytecodeGenerator::rewind):
1759         (JSC::BytecodeGenerator::fuseCompareAndJump):
1760         (JSC::BytecodeGenerator::fuseTestAndJmp):
1761         (JSC::BytecodeGenerator::emitJumpIfTrue):
1762         (JSC::BytecodeGenerator::emitJumpIfFalse):
1763         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1764         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1765         (JSC::BytecodeGenerator::moveLinkTimeConstant):
1766         (JSC::BytecodeGenerator::moveEmptyValue):
1767         (JSC::BytecodeGenerator::emitMove):
1768         (JSC::BytecodeGenerator::emitUnaryOp):
1769         (JSC::BytecodeGenerator::emitBinaryOp):
1770         (JSC::BytecodeGenerator::emitToObject):
1771         (JSC::BytecodeGenerator::emitToNumber):
1772         (JSC::BytecodeGenerator::emitToString):
1773         (JSC::BytecodeGenerator::emitTypeOf):
1774         (JSC::BytecodeGenerator::emitInc):
1775         (JSC::BytecodeGenerator::emitDec):
1776         (JSC::BytecodeGenerator::emitEqualityOp):
1777         (JSC::BytecodeGenerator::emitProfileType):
1778         (JSC::BytecodeGenerator::emitProfileControlFlow):
1779         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1780         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
1781         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1782         (JSC::BytecodeGenerator::emitOverridesHasInstance):
1783         (JSC::BytecodeGenerator::emitResolveScope):
1784         (JSC::BytecodeGenerator::emitGetFromScope):
1785         (JSC::BytecodeGenerator::emitPutToScope):
1786         (JSC::BytecodeGenerator::emitInstanceOf):
1787         (JSC::BytecodeGenerator::emitInstanceOfCustom):
1788         (JSC::BytecodeGenerator::emitInByVal):
1789         (JSC::BytecodeGenerator::emitInById):
1790         (JSC::BytecodeGenerator::emitTryGetById):
1791         (JSC::BytecodeGenerator::emitGetById):
1792         (JSC::BytecodeGenerator::emitDirectGetById):
1793         (JSC::BytecodeGenerator::emitPutById):
1794         (JSC::BytecodeGenerator::emitDirectPutById):
1795         (JSC::BytecodeGenerator::emitPutGetterById):
1796         (JSC::BytecodeGenerator::emitPutSetterById):
1797         (JSC::BytecodeGenerator::emitPutGetterSetter):
1798         (JSC::BytecodeGenerator::emitPutGetterByVal):
1799         (JSC::BytecodeGenerator::emitPutSetterByVal):
1800         (JSC::BytecodeGenerator::emitDeleteById):
1801         (JSC::BytecodeGenerator::emitGetByVal):
1802         (JSC::BytecodeGenerator::emitPutByVal):
1803         (JSC::BytecodeGenerator::emitDirectPutByVal):
1804         (JSC::BytecodeGenerator::emitDeleteByVal):
1805         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
1806         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
1807         (JSC::BytecodeGenerator::emitIdWithProfile):
1808         (JSC::BytecodeGenerator::emitUnreachable):
1809         (JSC::BytecodeGenerator::emitGetArgument):
1810         (JSC::BytecodeGenerator::emitCreateThis):
1811         (JSC::BytecodeGenerator::emitTDZCheck):
1812         (JSC::BytecodeGenerator::emitNewObject):
1813         (JSC::BytecodeGenerator::emitNewArrayBuffer):
1814         (JSC::BytecodeGenerator::emitNewArray):
1815         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
1816         (JSC::BytecodeGenerator::emitNewArrayWithSize):
1817         (JSC::BytecodeGenerator::emitNewRegExp):
1818         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1819         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
1820         (JSC::BytecodeGenerator::emitNewFunction):
1821         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
1822         (JSC::BytecodeGenerator::emitCall):
1823         (JSC::BytecodeGenerator::emitCallInTailPosition):
1824         (JSC::BytecodeGenerator::emitCallEval):
1825         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
1826         (JSC::BytecodeGenerator::emitCallVarargs):
1827         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
1828         (JSC::BytecodeGenerator::emitConstructVarargs):
1829         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
1830         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
1831         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
1832         (JSC::BytecodeGenerator::emitCallDefineProperty):
1833         (JSC::BytecodeGenerator::emitReturn):
1834         (JSC::BytecodeGenerator::emitEnd):
1835         (JSC::BytecodeGenerator::emitConstruct):
1836         (JSC::BytecodeGenerator::emitStrcat):
1837         (JSC::BytecodeGenerator::emitToPrimitive):
1838         (JSC::BytecodeGenerator::emitGetScope):
1839         (JSC::BytecodeGenerator::emitPushWithScope):
1840         (JSC::BytecodeGenerator::emitGetParentScope):
1841         (JSC::BytecodeGenerator::emitDebugHook):
1842         (JSC::BytecodeGenerator::emitCatch):
1843         (JSC::BytecodeGenerator::emitThrow):
1844         (JSC::BytecodeGenerator::emitArgumentCount):
1845         (JSC::BytecodeGenerator::emitThrowStaticError):
1846         (JSC::BytecodeGenerator::beginSwitch):
1847         (JSC::prepareJumpTableForSwitch):
1848         (JSC::prepareJumpTableForStringSwitch):
1849         (JSC::BytecodeGenerator::endSwitch):
1850         (JSC::BytecodeGenerator::emitGetEnumerableLength):
1851         (JSC::BytecodeGenerator::emitHasGenericProperty):
1852         (JSC::BytecodeGenerator::emitHasIndexedProperty):
1853         (JSC::BytecodeGenerator::emitHasStructureProperty):
1854         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
1855         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
1856         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
1857         (JSC::BytecodeGenerator::emitToIndexString):
1858         (JSC::BytecodeGenerator::emitIsCellWithType):
1859         (JSC::BytecodeGenerator::emitIsObject):
1860         (JSC::BytecodeGenerator::emitIsNumber):
1861         (JSC::BytecodeGenerator::emitIsUndefined):
1862         (JSC::BytecodeGenerator::emitIsEmpty):
1863         (JSC::BytecodeGenerator::emitRestParameter):
1864         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1865         (JSC::BytecodeGenerator::emitYieldPoint):
1866         (JSC::BytecodeGenerator::emitYield):
1867         (JSC::BytecodeGenerator::emitGetAsyncIterator):
1868         (JSC::BytecodeGenerator::emitDelegateYield):
1869         (JSC::BytecodeGenerator::emitFinallyCompletion):
1870         (JSC::BytecodeGenerator::emitJumpIf):
1871         (JSC::ForInContext::finalize):
1872         (JSC::StructureForInContext::finalize):
1873         (JSC::IndexedForInContext::finalize):
1874         (JSC::StaticPropertyAnalysis::record):
1875         (JSC::BytecodeGenerator::emitToThis):
1876         * bytecompiler/BytecodeGenerator.h:
1877         (JSC::StructureForInContext::addGetInst):
1878         (JSC::BytecodeGenerator::recordOpcode):
1879         (JSC::BytecodeGenerator::addMetadataFor):
1880         (JSC::BytecodeGenerator::emitUnaryOp):
1881         (JSC::BytecodeGenerator::kill):
1882         (JSC::BytecodeGenerator::instructions const):
1883         (JSC::BytecodeGenerator::write):
1884         (JSC::BytecodeGenerator::withWriter):
1885         * bytecompiler/Label.h:
1886         (JSC::Label::Label):
1887         (JSC::Label::bind):
1888         * bytecompiler/NodesCodegen.cpp:
1889         (JSC::ArrayNode::emitBytecode):
1890         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
1891         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1892         (JSC::BitwiseNotNode::emitBytecode):
1893         (JSC::BinaryOpNode::emitBytecode):
1894         (JSC::EqualNode::emitBytecode):
1895         (JSC::StrictEqualNode::emitBytecode):
1896         (JSC::emitReadModifyAssignment):
1897         (JSC::ForInNode::emitBytecode):
1898         (JSC::CaseBlockNode::emitBytecodeForBlock):
1899         (JSC::FunctionNode::emitBytecode):
1900         (JSC::ClassExprNode::emitBytecode):
1901         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
1902         (WTF::printInternal):
1903         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1904         * bytecompiler/RegisterID.h:
1905         * bytecompiler/StaticPropertyAnalysis.h:
1906         (JSC::StaticPropertyAnalysis::create):
1907         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
1908         * bytecompiler/StaticPropertyAnalyzer.h:
1909         (JSC::StaticPropertyAnalyzer::createThis):
1910         (JSC::StaticPropertyAnalyzer::newObject):
1911         (JSC::StaticPropertyAnalyzer::putById):
1912         (JSC::StaticPropertyAnalyzer::mov):
1913         (JSC::StaticPropertyAnalyzer::kill):
1914         * dfg/DFGByteCodeParser.cpp:
1915         (JSC::DFG::ByteCodeParser::addCall):
1916         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1917         (JSC::DFG::ByteCodeParser::getArrayMode):
1918         (JSC::DFG::ByteCodeParser::handleCall):
1919         (JSC::DFG::ByteCodeParser::handleVarargsCall):
1920         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1921         (JSC::DFG::ByteCodeParser::inlineCall):
1922         (JSC::DFG::ByteCodeParser::handleCallVariant):
1923         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
1924         (JSC::DFG::ByteCodeParser::handleInlining):
1925         (JSC::DFG::ByteCodeParser::handleMinMax):
1926         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1927         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
1928         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
1929         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
1930         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1931         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1932         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1933         (JSC::DFG::ByteCodeParser::handleGetById):
1934         (JSC::DFG::ByteCodeParser::handlePutById):
1935         (JSC::DFG::ByteCodeParser::parseGetById):
1936         (JSC::DFG::ByteCodeParser::parseBlock):
1937         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1938         (JSC::DFG::ByteCodeParser::handlePutByVal):
1939         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
1940         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
1941         (JSC::DFG::ByteCodeParser::handleNewFunc):
1942         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
1943         (JSC::DFG::ByteCodeParser::parse):
1944         * dfg/DFGCapabilities.cpp:
1945         (JSC::DFG::capabilityLevel):
1946         * dfg/DFGCapabilities.h:
1947         (JSC::DFG::capabilityLevel):
1948         * dfg/DFGOSREntry.cpp:
1949         (JSC::DFG::prepareCatchOSREntry):
1950         * dfg/DFGSpeculativeJIT.cpp:
1951         (JSC::DFG::SpeculativeJIT::compileValueAdd):
1952         (JSC::DFG::SpeculativeJIT::compileValueSub):
1953         (JSC::DFG::SpeculativeJIT::compileValueNegate):
1954         (JSC::DFG::SpeculativeJIT::compileArithMul):
1955         * ftl/FTLLowerDFGToB3.cpp:
1956         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
1957         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
1958         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
1959         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
1960         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
1961         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
1962         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
1963         * ftl/FTLOperations.cpp:
1964         (JSC::FTL::operationMaterializeObjectInOSR):
1965         * generate-bytecode-files: Removed.
1966         * generator/Argument.rb: Added.
1967         * generator/Assertion.rb: Added.
1968         * generator/DSL.rb: Added.
1969         * generator/Fits.rb: Added.
1970         * generator/GeneratedFile.rb: Added.
1971         * generator/Metadata.rb: Added.
1972         * generator/Opcode.rb: Added.
1973         * generator/OpcodeGroup.rb: Added.
1974         * generator/Options.rb: Added.
1975         * generator/Section.rb: Added.
1976         * generator/Template.rb: Added.
1977         * generator/Type.rb: Added.
1978         * generator/main.rb: Added.
1979         * interpreter/AbstractPC.h:
1980         * interpreter/CallFrame.cpp:
1981         (JSC::CallFrame::currentVPC const):
1982         (JSC::CallFrame::setCurrentVPC):
1983         * interpreter/CallFrame.h:
1984         (JSC::CallSiteIndex::CallSiteIndex):
1985         (JSC::ExecState::setReturnPC):
1986         * interpreter/Interpreter.cpp:
1987         (WTF::printInternal):
1988         * interpreter/Interpreter.h:
1989         * interpreter/InterpreterInlines.h:
1990         * interpreter/StackVisitor.cpp:
1991         (JSC::StackVisitor::Frame::dump const):
1992         * interpreter/VMEntryRecord.h:
1993         * jit/JIT.cpp:
1994         (JSC::JIT::JIT):
1995         (JSC::JIT::emitSlowCaseCall):
1996         (JSC::JIT::privateCompileMainPass):
1997         (JSC::JIT::privateCompileSlowCases):
1998         (JSC::JIT::compileWithoutLinking):
1999         (JSC::JIT::link):
2000         * jit/JIT.h:
2001         * jit/JITArithmetic.cpp:
2002         (JSC::JIT::emit_op_jless):
2003         (JSC::JIT::emit_op_jlesseq):
2004         (JSC::JIT::emit_op_jgreater):
2005         (JSC::JIT::emit_op_jgreatereq):
2006         (JSC::JIT::emit_op_jnless):
2007         (JSC::JIT::emit_op_jnlesseq):
2008         (JSC::JIT::emit_op_jngreater):
2009         (JSC::JIT::emit_op_jngreatereq):
2010         (JSC::JIT::emitSlow_op_jless):
2011         (JSC::JIT::emitSlow_op_jlesseq):
2012         (JSC::JIT::emitSlow_op_jgreater):
2013         (JSC::JIT::emitSlow_op_jgreatereq):
2014         (JSC::JIT::emitSlow_op_jnless):
2015         (JSC::JIT::emitSlow_op_jnlesseq):
2016         (JSC::JIT::emitSlow_op_jngreater):
2017         (JSC::JIT::emitSlow_op_jngreatereq):
2018         (JSC::JIT::emit_op_below):
2019         (JSC::JIT::emit_op_beloweq):
2020         (JSC::JIT::emit_op_jbelow):
2021         (JSC::JIT::emit_op_jbeloweq):
2022         (JSC::JIT::emit_op_unsigned):
2023         (JSC::JIT::emit_compareAndJump):
2024         (JSC::JIT::emit_compareUnsignedAndJump):
2025         (JSC::JIT::emit_compareUnsigned):
2026         (JSC::JIT::emit_compareAndJumpSlow):
2027         (JSC::JIT::emit_op_inc):
2028         (JSC::JIT::emit_op_dec):
2029         (JSC::JIT::emit_op_mod):
2030         (JSC::JIT::emitSlow_op_mod):
2031         (JSC::JIT::emit_op_negate):
2032         (JSC::JIT::emitSlow_op_negate):
2033         (JSC::JIT::emitBitBinaryOpFastPath):
2034         (JSC::JIT::emit_op_bitand):
2035         (JSC::JIT::emit_op_bitor):
2036         (JSC::JIT::emit_op_bitxor):
2037         (JSC::JIT::emit_op_lshift):
2038         (JSC::JIT::emitRightShiftFastPath):
2039         (JSC::JIT::emit_op_rshift):
2040         (JSC::JIT::emit_op_urshift):
2041         (JSC::getOperandTypes):
2042         (JSC::JIT::emit_op_add):
2043         (JSC::JIT::emitSlow_op_add):
2044         (JSC::JIT::emitMathICFast):
2045         (JSC::JIT::emitMathICSlow):
2046         (JSC::JIT::emit_op_div):
2047         (JSC::JIT::emit_op_mul):
2048         (JSC::JIT::emitSlow_op_mul):
2049         (JSC::JIT::emit_op_sub):
2050         (JSC::JIT::emitSlow_op_sub):
2051         * jit/JITCall.cpp:
2052         (JSC::JIT::emitPutCallResult):
2053         (JSC::JIT::compileSetupFrame):
2054         (JSC::JIT::compileCallEval):
2055         (JSC::JIT::compileCallEvalSlowCase):
2056         (JSC::JIT::compileTailCall):
2057         (JSC::JIT::compileOpCall):
2058         (JSC::JIT::compileOpCallSlowCase):
2059         (JSC::JIT::emit_op_call):
2060         (JSC::JIT::emit_op_tail_call):
2061         (JSC::JIT::emit_op_call_eval):
2062         (JSC::JIT::emit_op_call_varargs):
2063         (JSC::JIT::emit_op_tail_call_varargs):
2064         (JSC::JIT::emit_op_tail_call_forward_arguments):
2065         (JSC::JIT::emit_op_construct_varargs):
2066         (JSC::JIT::emit_op_construct):
2067         (JSC::JIT::emitSlow_op_call):
2068         (JSC::JIT::emitSlow_op_tail_call):
2069         (JSC::JIT::emitSlow_op_call_eval):
2070         (JSC::JIT::emitSlow_op_call_varargs):
2071         (JSC::JIT::emitSlow_op_tail_call_varargs):
2072         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
2073         (JSC::JIT::emitSlow_op_construct_varargs):
2074         (JSC::JIT::emitSlow_op_construct):
2075         * jit/JITDisassembler.cpp:
2076         (JSC::JITDisassembler::JITDisassembler):
2077         * jit/JITExceptions.cpp:
2078         (JSC::genericUnwind):
2079         * jit/JITInlines.h:
2080         (JSC::JIT::emitDoubleGetByVal):
2081         (JSC::JIT::emitLoadForArrayMode):
2082         (JSC::JIT::emitContiguousGetByVal):
2083         (JSC::JIT::emitArrayStorageGetByVal):
2084         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2085         (JSC::JIT::sampleInstruction):
2086         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
2087         (JSC::JIT::emitValueProfilingSite):
2088         (JSC::JIT::jumpTarget):
2089         (JSC::JIT::copiedGetPutInfo):
2090         (JSC::JIT::copiedArithProfile):
2091         * jit/JITMathIC.h:
2092         (JSC::isProfileEmpty):
2093         (JSC::JITBinaryMathIC::JITBinaryMathIC):
2094         (JSC::JITUnaryMathIC::JITUnaryMathIC):
2095         * jit/JITOpcodes.cpp:
2096         (JSC::JIT::emit_op_mov):
2097         (JSC::JIT::emit_op_end):
2098         (JSC::JIT::emit_op_jmp):
2099         (JSC::JIT::emit_op_new_object):
2100         (JSC::JIT::emitSlow_op_new_object):
2101         (JSC::JIT::emit_op_overrides_has_instance):
2102         (JSC::JIT::emit_op_instanceof):
2103         (JSC::JIT::emitSlow_op_instanceof):
2104         (JSC::JIT::emit_op_instanceof_custom):
2105         (JSC::JIT::emit_op_is_empty):
2106         (JSC::JIT::emit_op_is_undefined):
2107         (JSC::JIT::emit_op_is_boolean):
2108         (JSC::JIT::emit_op_is_number):
2109         (JSC::JIT::emit_op_is_cell_with_type):
2110         (JSC::JIT::emit_op_is_object):
2111         (JSC::JIT::emit_op_ret):
2112         (JSC::JIT::emit_op_to_primitive):
2113         (JSC::JIT::emit_op_set_function_name):
2114         (JSC::JIT::emit_op_not):
2115         (JSC::JIT::emit_op_jfalse):
2116         (JSC::JIT::emit_op_jeq_null):
2117         (JSC::JIT::emit_op_jneq_null):
2118         (JSC::JIT::emit_op_jneq_ptr):
2119         (JSC::JIT::emit_op_eq):
2120         (JSC::JIT::emit_op_jeq):
2121         (JSC::JIT::emit_op_jtrue):
2122         (JSC::JIT::emit_op_neq):
2123         (JSC::JIT::emit_op_jneq):
2124         (JSC::JIT::emit_op_throw):
2125         (JSC::JIT::compileOpStrictEq):
2126         (JSC::JIT::emit_op_stricteq):
2127         (JSC::JIT::emit_op_nstricteq):
2128         (JSC::JIT::compileOpStrictEqJump):
2129         (JSC::JIT::emit_op_jstricteq):
2130         (JSC::JIT::emit_op_jnstricteq):
2131         (JSC::JIT::emitSlow_op_jstricteq):
2132         (JSC::JIT::emitSlow_op_jnstricteq):
2133         (JSC::JIT::emit_op_to_number):
2134         (JSC::JIT::emit_op_to_string):
2135         (JSC::JIT::emit_op_to_object):
2136         (JSC::JIT::emit_op_catch):
2137         (JSC::JIT::emit_op_identity_with_profile):
2138         (JSC::JIT::emit_op_get_parent_scope):
2139         (JSC::JIT::emit_op_switch_imm):
2140         (JSC::JIT::emit_op_switch_char):
2141         (JSC::JIT::emit_op_switch_string):
2142         (JSC::JIT::emit_op_debug):
2143         (JSC::JIT::emit_op_eq_null):
2144         (JSC::JIT::emit_op_neq_null):
2145         (JSC::JIT::emit_op_enter):
2146         (JSC::JIT::emit_op_get_scope):
2147         (JSC::JIT::emit_op_to_this):
2148         (JSC::JIT::emit_op_create_this):
2149         (JSC::JIT::emit_op_check_tdz):
2150         (JSC::JIT::emitSlow_op_eq):
2151         (JSC::JIT::emitSlow_op_neq):
2152         (JSC::JIT::emitSlow_op_jeq):
2153         (JSC::JIT::emitSlow_op_jneq):
2154         (JSC::JIT::emitSlow_op_instanceof_custom):
2155         (JSC::JIT::emit_op_loop_hint):
2156         (JSC::JIT::emitSlow_op_loop_hint):
2157         (JSC::JIT::emit_op_check_traps):
2158         (JSC::JIT::emit_op_nop):
2159         (JSC::JIT::emit_op_super_sampler_begin):
2160         (JSC::JIT::emit_op_super_sampler_end):
2161         (JSC::JIT::emitSlow_op_check_traps):
2162         (JSC::JIT::emit_op_new_regexp):
2163         (JSC::JIT::emitNewFuncCommon):
2164         (JSC::JIT::emit_op_new_func):
2165         (JSC::JIT::emit_op_new_generator_func):
2166         (JSC::JIT::emit_op_new_async_generator_func):
2167         (JSC::JIT::emit_op_new_async_func):
2168         (JSC::JIT::emitNewFuncExprCommon):
2169         (JSC::JIT::emit_op_new_func_exp):
2170         (JSC::JIT::emit_op_new_generator_func_exp):
2171         (JSC::JIT::emit_op_new_async_func_exp):
2172         (JSC::JIT::emit_op_new_async_generator_func_exp):
2173         (JSC::JIT::emit_op_new_array):
2174         (JSC::JIT::emit_op_new_array_with_size):
2175         (JSC::JIT::emit_op_has_structure_property):
2176         (JSC::JIT::privateCompileHasIndexedProperty):
2177         (JSC::JIT::emit_op_has_indexed_property):
2178         (JSC::JIT::emitSlow_op_has_indexed_property):
2179         (JSC::JIT::emit_op_get_direct_pname):
2180         (JSC::JIT::emit_op_enumerator_structure_pname):
2181         (JSC::JIT::emit_op_enumerator_generic_pname):
2182         (JSC::JIT::emit_op_profile_type):
2183         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2184         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2185         (JSC::JIT::emit_op_profile_control_flow):
2186         (JSC::JIT::emit_op_argument_count):
2187         (JSC::JIT::emit_op_get_rest_length):
2188         (JSC::JIT::emit_op_get_argument):
2189         * jit/JITOpcodes32_64.cpp:
2190         (JSC::JIT::emit_op_to_this):
2191         * jit/JITOperations.cpp:
2192         * jit/JITOperations.h:
2193         * jit/JITPropertyAccess.cpp:
2194         (JSC::JIT::emit_op_get_by_val):
2195         (JSC::JIT::emitGetByValWithCachedId):
2196         (JSC::JIT::emitSlow_op_get_by_val):
2197         (JSC::JIT::emit_op_put_by_val_direct):
2198         (JSC::JIT::emit_op_put_by_val):
2199         (JSC::JIT::emitGenericContiguousPutByVal):
2200         (JSC::JIT::emitArrayStoragePutByVal):
2201         (JSC::JIT::emitPutByValWithCachedId):
2202         (JSC::JIT::emitSlow_op_put_by_val):
2203         (JSC::JIT::emit_op_put_getter_by_id):
2204         (JSC::JIT::emit_op_put_setter_by_id):
2205         (JSC::JIT::emit_op_put_getter_setter_by_id):
2206         (JSC::JIT::emit_op_put_getter_by_val):
2207         (JSC::JIT::emit_op_put_setter_by_val):
2208         (JSC::JIT::emit_op_del_by_id):
2209         (JSC::JIT::emit_op_del_by_val):
2210         (JSC::JIT::emit_op_try_get_by_id):
2211         (JSC::JIT::emitSlow_op_try_get_by_id):
2212         (JSC::JIT::emit_op_get_by_id_direct):
2213         (JSC::JIT::emitSlow_op_get_by_id_direct):
2214         (JSC::JIT::emit_op_get_by_id):
2215         (JSC::JIT::emit_op_get_by_id_with_this):
2216         (JSC::JIT::emitSlow_op_get_by_id):
2217         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2218         (JSC::JIT::emit_op_put_by_id):
2219         (JSC::JIT::emitSlow_op_put_by_id):
2220         (JSC::JIT::emit_op_in_by_id):
2221         (JSC::JIT::emitSlow_op_in_by_id):
2222         (JSC::JIT::emit_op_resolve_scope):
2223         (JSC::JIT::emit_op_get_from_scope):
2224         (JSC::JIT::emitSlow_op_get_from_scope):
2225         (JSC::JIT::emit_op_put_to_scope):
2226         (JSC::JIT::emitSlow_op_put_to_scope):
2227         (JSC::JIT::emit_op_get_from_arguments):
2228         (JSC::JIT::emit_op_put_to_arguments):
2229         (JSC::JIT::privateCompileGetByVal):
2230         (JSC::JIT::privateCompileGetByValWithCachedId):
2231         (JSC::JIT::privateCompilePutByVal):
2232         (JSC::JIT::privateCompilePutByValWithCachedId):
2233         (JSC::JIT::emitDoubleLoad):
2234         (JSC::JIT::emitContiguousLoad):
2235         (JSC::JIT::emitArrayStorageLoad):
2236         (JSC::JIT::emitDirectArgumentsGetByVal):
2237         (JSC::JIT::emitScopedArgumentsGetByVal):
2238         (JSC::JIT::emitIntTypedArrayGetByVal):
2239         (JSC::JIT::emitFloatTypedArrayGetByVal):
2240         (JSC::JIT::emitIntTypedArrayPutByVal):
2241         (JSC::JIT::emitFloatTypedArrayPutByVal):
2242         * jit/RegisterSet.cpp:
2243         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2244         * jit/SlowPathCall.h:
2245         (JSC::JITSlowPathCall::JITSlowPathCall):
2246         * llint/LLIntData.cpp:
2247         (JSC::LLInt::initialize):
2248         (JSC::LLInt::Data::performAssertions):
2249         * llint/LLIntData.h:
2250         (JSC::LLInt::exceptionInstructions):
2251         (JSC::LLInt::opcodeMap):
2252         (JSC::LLInt::opcodeMapWide):
2253         (JSC::LLInt::getOpcode):
2254         (JSC::LLInt::getOpcodeWide):
2255         (JSC::LLInt::getWideCodePtr):
2256         * llint/LLIntOffsetsExtractor.cpp:
2257         * llint/LLIntSlowPaths.cpp:
2258         (JSC::LLInt::llint_trace_operand):
2259         (JSC::LLInt::llint_trace_value):
2260         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2261         (JSC::LLInt::entryOSR):
2262         (JSC::LLInt::setupGetByIdPrototypeCache):
2263         (JSC::LLInt::getByVal):
2264         (JSC::LLInt::handleHostCall):
2265         (JSC::LLInt::setUpCall):
2266         (JSC::LLInt::genericCall):
2267         (JSC::LLInt::varargsSetup):
2268         (JSC::LLInt::commonCallEval):
2269         * llint/LLIntSlowPaths.h:
2270         * llint/LowLevelInterpreter.asm:
2271         * llint/LowLevelInterpreter.cpp:
2272         (JSC::CLoopRegister::operator const Instruction*):
2273         (JSC::CLoop::execute):
2274         * llint/LowLevelInterpreter32_64.asm:
2275         * llint/LowLevelInterpreter64.asm:
2276         * offlineasm/arm64.rb:
2277         * offlineasm/asm.rb:
2278         * offlineasm/ast.rb:
2279         * offlineasm/cloop.rb:
2280         * offlineasm/generate_offset_extractor.rb:
2281         * offlineasm/instructions.rb:
2282         * offlineasm/offsets.rb:
2283         * offlineasm/parser.rb:
2284         * offlineasm/transform.rb:
2285         * offlineasm/x86.rb:
2286         * parser/ResultType.h:
2287         (JSC::ResultType::dump const):
2288         (JSC::OperandTypes::first const):
2289         (JSC::OperandTypes::second const):
2290         (JSC::OperandTypes::dump const):
2291         * profiler/ProfilerBytecodeSequence.cpp:
2292         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
2293         * runtime/CommonSlowPaths.cpp:
2294         (JSC::SLOW_PATH_DECL):
2295         (JSC::updateArithProfileForUnaryArithOp):
2296         (JSC::updateArithProfileForBinaryArithOp):
2297         * runtime/CommonSlowPaths.h:
2298         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
2299         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
2300         * runtime/ExceptionFuzz.cpp:
2301         (JSC::doExceptionFuzzing):
2302         * runtime/ExceptionFuzz.h:
2303         (JSC::doExceptionFuzzingIfEnabled):
2304         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2305         (JSC::GetPutInfo::dump const):
2306         (WTF::printInternal):
2307         * runtime/GetPutInfo.h:
2308         (JSC::GetPutInfo::operand const):
2309         * runtime/JSCPoison.h:
2310         * runtime/JSType.cpp: Added.
2311         (WTF::printInternal):
2312         * runtime/JSType.h:
2313         * runtime/SamplingProfiler.cpp:
2314         (JSC::SamplingProfiler::StackFrame::displayName):
2315         * runtime/SamplingProfiler.h:
2316         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
2317         * runtime/SlowPathReturnType.h:
2318         (JSC::encodeResult):
2319         (JSC::decodeResult):
2320         * runtime/VM.h:
2321         * runtime/Watchdog.h:
2322         * tools/HeapVerifier.cpp:
2323
2324 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2325
2326         Unreviewed, partial rolling in r237254
2327         https://bugs.webkit.org/show_bug.cgi?id=190340
2328
2329         We do not use the added function right now to investigate what is the reason of the regression.
2330         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
2331         seems culprit of the regression on iOS devices.
2332
2333         * bytecode/UnlinkedFunctionExecutable.cpp:
2334         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2335         * bytecode/UnlinkedFunctionExecutable.h:
2336         * parser/SourceCodeKey.h:
2337         (JSC::SourceCodeKey::SourceCodeKey):
2338         (JSC::SourceCodeKey::operator== const):
2339         * runtime/CodeCache.cpp:
2340         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2341         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2342         * runtime/CodeCache.h:
2343         * runtime/FunctionConstructor.cpp:
2344         (JSC::constructFunctionSkippingEvalEnabledCheck):
2345         * runtime/FunctionExecutable.cpp:
2346         (JSC::FunctionExecutable::fromGlobalCode):
2347         * runtime/FunctionExecutable.h:
2348
2349 2018-10-26  Commit Queue  <commit-queue@webkit.org>
2350
2351         Unreviewed, rolling out r237479 and r237484.
2352         https://bugs.webkit.org/show_bug.cgi?id=190978
2353
2354         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
2355
2356         Reverted changesets:
2357
2358         "New bytecode format for JSC"
2359         https://bugs.webkit.org/show_bug.cgi?id=187373
2360         https://trac.webkit.org/changeset/237479
2361
2362         "Gardening: Build fix after r237479."
2363         https://bugs.webkit.org/show_bug.cgi?id=187373
2364         https://trac.webkit.org/changeset/237484
2365
2366 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2367
2368         Gardening: Build fix after r237479.
2369         https://bugs.webkit.org/show_bug.cgi?id=187373
2370
2371         Unreviewed.
2372
2373         * Configurations/JSC.xcconfig:
2374         * JavaScriptCore.xcodeproj/project.pbxproj:
2375         * llint/LLIntData.cpp:
2376         (JSC::LLInt::initialize):
2377
2378 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2379
2380         New bytecode format for JSC
2381         https://bugs.webkit.org/show_bug.cgi?id=187373
2382         <rdar://problem/44186758>
2383
2384         Reviewed by Filip Pizlo.
2385
2386         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
2387         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
2388         operands) and might contain an extra operand, the metadataID. The metadataID is used to
2389         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
2390
2391         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
2392         and types to all its operands. Additionally, reading a bytecode from the instruction stream
2393         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
2394         operands directly from the stream.
2395
2396
2397         * CMakeLists.txt:
2398         * DerivedSources.make:
2399         * JavaScriptCore.xcodeproj/project.pbxproj:
2400         * Sources.txt:
2401         * assembler/MacroAssemblerCodeRef.h:
2402         (JSC::ReturnAddressPtr::ReturnAddressPtr):
2403         (JSC::ReturnAddressPtr::value const):
2404         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
2405         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2406         * bytecode/ArithProfile.h:
2407         (JSC::ArithProfile::ArithProfile):
2408         * bytecode/ArrayAllocationProfile.h:
2409         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
2410         * bytecode/ArrayProfile.h:
2411         * bytecode/BytecodeBasicBlock.cpp:
2412         (JSC::isJumpTarget):
2413         (JSC::BytecodeBasicBlock::computeImpl):
2414         (JSC::BytecodeBasicBlock::compute):
2415         * bytecode/BytecodeBasicBlock.h:
2416         (JSC::BytecodeBasicBlock::leaderOffset const):
2417         (JSC::BytecodeBasicBlock::totalLength const):
2418         (JSC::BytecodeBasicBlock::offsets const):
2419         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
2420         (JSC::BytecodeBasicBlock::addLength):
2421         * bytecode/BytecodeDumper.cpp:
2422         (JSC::BytecodeDumper<Block>::printLocationAndOp):
2423         (JSC::BytecodeDumper<Block>::dumpBytecode):
2424         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2425         (JSC::BytecodeDumper<Block>::dumpConstants):
2426         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2427         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2428         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2429         (JSC::BytecodeDumper<Block>::dumpBlock):
2430         * bytecode/BytecodeDumper.h:
2431         (JSC::BytecodeDumper::dumpOperand):
2432         (JSC::BytecodeDumper::dumpValue):
2433         (JSC::BytecodeDumper::BytecodeDumper):
2434         (JSC::BytecodeDumper::block const):
2435         * bytecode/BytecodeGeneratorification.cpp:
2436         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2437         (JSC::BytecodeGeneratorification::enterPoint const):
2438         (JSC::BytecodeGeneratorification::instructions const):
2439         (JSC::GeneratorLivenessAnalysis::run):
2440         (JSC::BytecodeGeneratorification::run):
2441         (JSC::performGeneratorification):
2442         * bytecode/BytecodeGeneratorification.h:
2443         * bytecode/BytecodeGraph.h:
2444         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
2445         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
2446         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
2447         (JSC::BytecodeGraph::BytecodeGraph):
2448         * bytecode/BytecodeKills.h:
2449         * bytecode/BytecodeList.json: Removed.
2450         * bytecode/BytecodeList.rb: Added.
2451         * bytecode/BytecodeLivenessAnalysis.cpp:
2452         (JSC::BytecodeLivenessAnalysis::dumpResults):
2453         * bytecode/BytecodeLivenessAnalysis.h:
2454         * bytecode/BytecodeLivenessAnalysisInlines.h:
2455         (JSC::isValidRegisterForLiveness):
2456         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
2457         * bytecode/BytecodeRewriter.cpp:
2458         (JSC::BytecodeRewriter::applyModification):
2459         (JSC::BytecodeRewriter::execute):
2460         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
2461         (JSC::BytecodeRewriter::insertImpl):
2462         (JSC::BytecodeRewriter::adjustJumpTarget):
2463         (JSC::BytecodeRewriter::adjustJumpTargets):
2464         * bytecode/BytecodeRewriter.h:
2465         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
2466         (JSC::BytecodeRewriter::Fragment::Fragment):
2467         (JSC::BytecodeRewriter::Fragment::appendInstruction):
2468         (JSC::BytecodeRewriter::BytecodeRewriter):
2469         (JSC::BytecodeRewriter::insertFragmentBefore):
2470         (JSC::BytecodeRewriter::insertFragmentAfter):
2471         (JSC::BytecodeRewriter::removeBytecode):
2472         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
2473         (JSC::BytecodeRewriter::adjustJumpTarget):
2474         * bytecode/BytecodeUseDef.h:
2475         (JSC::computeUsesForBytecodeOffset):
2476         (JSC::computeDefsForBytecodeOffset):
2477         * bytecode/CallLinkStatus.cpp:
2478         (JSC::CallLinkStatus::computeFromLLInt):
2479         * bytecode/CodeBlock.cpp:
2480         (JSC::CodeBlock::dumpBytecode):
2481         (JSC::CodeBlock::CodeBlock):
2482         (JSC::CodeBlock::finishCreation):
2483         (JSC::CodeBlock::estimatedSize):
2484         (JSC::CodeBlock::visitChildren):
2485         (JSC::CodeBlock::propagateTransitions):
2486         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2487         (JSC::CodeBlock::addJITAddIC):
2488         (JSC::CodeBlock::addJITMulIC):
2489         (JSC::CodeBlock::addJITSubIC):
2490         (JSC::CodeBlock::addJITNegIC):
2491         (JSC::CodeBlock::stronglyVisitStrongReferences):
2492         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
2493         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
2494         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2495         (JSC::CodeBlock::getArrayProfile):
2496         (JSC::CodeBlock::updateAllArrayPredictions):
2497         (JSC::CodeBlock::predictedMachineCodeSize):
2498         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
2499         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2500         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2501         (JSC::CodeBlock::validate):
2502         (JSC::CodeBlock::outOfLineJumpOffset):
2503         (JSC::CodeBlock::outOfLineJumpTarget):
2504         (JSC::CodeBlock::arithProfileForBytecodeOffset):
2505         (JSC::CodeBlock::arithProfileForPC):
2506         (JSC::CodeBlock::couldTakeSpecialFastCase):
2507         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2508         * bytecode/CodeBlock.h:
2509         (JSC::CodeBlock::addMathIC):
2510         (JSC::CodeBlock::outOfLineJumpOffset):
2511         (JSC::CodeBlock::bytecodeOffset):
2512         (JSC::CodeBlock::instructions const):
2513         (JSC::CodeBlock::instructionCount const):
2514         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2515         (JSC::CodeBlock::metadata):
2516         (JSC::CodeBlock::metadataSizeInBytes):
2517         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
2518         (JSC::CodeBlock::totalNumberOfValueProfiles):
2519         * bytecode/CodeBlockInlines.h: Added.
2520         (JSC::CodeBlock::forEachValueProfile):
2521         (JSC::CodeBlock::forEachArrayProfile):
2522         (JSC::CodeBlock::forEachArrayAllocationProfile):
2523         (JSC::CodeBlock::forEachObjectAllocationProfile):
2524         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2525         * bytecode/Fits.h: Added.
2526         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2527         * bytecode/GetByIdStatus.cpp:
2528         (JSC::GetByIdStatus::computeFromLLInt):
2529         * bytecode/Instruction.h:
2530         (JSC::Instruction::Instruction):
2531         (JSC::Instruction::Impl::opcodeID const):
2532         (JSC::Instruction::opcodeID const):
2533         (JSC::Instruction::name const):
2534         (JSC::Instruction::isWide const):
2535         (JSC::Instruction::size const):
2536         (JSC::Instruction::is const):
2537         (JSC::Instruction::as const):
2538         (JSC::Instruction::cast):
2539         (JSC::Instruction::cast const):
2540         (JSC::Instruction::narrow const):
2541         (JSC::Instruction::wide const):
2542         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2543         (JSC::InstructionStream::InstructionStream):
2544         (JSC::InstructionStream::sizeInBytes const):
2545         * bytecode/InstructionStream.h: Added.
2546         (JSC::InstructionStream::BaseRef::BaseRef):
2547         (JSC::InstructionStream::BaseRef::operator=):
2548         (JSC::InstructionStream::BaseRef::operator-> const):
2549         (JSC::InstructionStream::BaseRef::ptr const):
2550         (JSC::InstructionStream::BaseRef::operator!= const):
2551         (JSC::InstructionStream::BaseRef::next const):
2552         (JSC::InstructionStream::BaseRef::offset const):
2553         (JSC::InstructionStream::BaseRef::isValid const):
2554         (JSC::InstructionStream::BaseRef::unwrap const):
2555         (JSC::InstructionStream::MutableRef::freeze const):
2556         (JSC::InstructionStream::MutableRef::operator->):
2557         (JSC::InstructionStream::MutableRef::ptr):
2558         (JSC::InstructionStream::MutableRef::operator Ref):
2559         (JSC::InstructionStream::MutableRef::unwrap):
2560         (JSC::InstructionStream::iterator::operator*):
2561         (JSC::InstructionStream::iterator::operator++):
2562         (JSC::InstructionStream::begin const):
2563         (JSC::InstructionStream::end const):
2564         (JSC::InstructionStream::at const):
2565         (JSC::InstructionStream::size const):
2566         (JSC::InstructionStreamWriter::InstructionStreamWriter):
2567         (JSC::InstructionStreamWriter::ref):
2568         (JSC::InstructionStreamWriter::seek):
2569         (JSC::InstructionStreamWriter::position):
2570         (JSC::InstructionStreamWriter::write):
2571         (JSC::InstructionStreamWriter::rewind):
2572         (JSC::InstructionStreamWriter::finalize):
2573         (JSC::InstructionStreamWriter::swap):
2574         (JSC::InstructionStreamWriter::iterator::operator*):
2575         (JSC::InstructionStreamWriter::iterator::operator++):
2576         (JSC::InstructionStreamWriter::begin):
2577         (JSC::InstructionStreamWriter::end):
2578         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
2579         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
2580         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
2581         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
2582         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
2583         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2584         (JSC::MetadataTable::MetadataTable):
2585         (JSC::DeallocTable::withOpcodeType):
2586         (JSC::MetadataTable::~MetadataTable):
2587         (JSC::MetadataTable::sizeInBytes):
2588         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
2589         (JSC::MetadataTable::get):
2590         (JSC::MetadataTable::forEach):
2591         (JSC::MetadataTable::getImpl):
2592         * bytecode/Opcode.cpp:
2593         (JSC::metadataSize):
2594         * bytecode/Opcode.h:
2595         (JSC::padOpcodeName):
2596         * bytecode/OpcodeInlines.h:
2597         (JSC::isOpcodeShape):
2598         (JSC::getOpcodeType):
2599         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2600         * bytecode/PreciseJumpTargets.cpp:
2601         (JSC::getJumpTargetsForInstruction):
2602         (JSC::computePreciseJumpTargetsInternal):
2603         (JSC::computePreciseJumpTargets):
2604         (JSC::recomputePreciseJumpTargets):
2605         (JSC::findJumpTargetsForInstruction):
2606         * bytecode/PreciseJumpTargets.h:
2607         * bytecode/PreciseJumpTargetsInlines.h:
2608         (JSC::jumpTargetForInstruction):
2609         (JSC::extractStoredJumpTargetsForInstruction):
2610         (JSC::updateStoredJumpTargetsForInstruction):
2611         * bytecode/PutByIdStatus.cpp:
2612         (JSC::PutByIdStatus::computeFromLLInt):
2613         * bytecode/SpecialPointer.cpp:
2614         (WTF::printInternal):
2615         * bytecode/SpecialPointer.h:
2616         * bytecode/UnlinkedCodeBlock.cpp:
2617         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2618         (JSC::UnlinkedCodeBlock::visitChildren):
2619         (JSC::UnlinkedCodeBlock::estimatedSize):
2620         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
2621         (JSC::dumpLineColumnEntry):
2622         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
2623         (JSC::UnlinkedCodeBlock::setInstructions):
2624         (JSC::UnlinkedCodeBlock::instructions const):
2625         (JSC::UnlinkedCodeBlock::applyModification):
2626         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
2627         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2628         * bytecode/UnlinkedCodeBlock.h:
2629         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
2630         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
2631         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
2632         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
2633         (JSC::UnlinkedCodeBlock::metadata):
2634         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
2635         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2636         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
2637         * bytecode/UnlinkedInstructionStream.cpp: Removed.
2638         * bytecode/UnlinkedInstructionStream.h: Removed.
2639         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2640         * bytecode/UnlinkedMetadataTableInlines.h: Added.
2641         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2642         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2643         (JSC::UnlinkedMetadataTable::addEntry):
2644         (JSC::UnlinkedMetadataTable::sizeInBytes):
2645         (JSC::UnlinkedMetadataTable::finalize):
2646         (JSC::UnlinkedMetadataTable::link):
2647         (JSC::UnlinkedMetadataTable::unlink):
2648         * bytecode/VirtualRegister.cpp:
2649         (JSC::VirtualRegister::VirtualRegister):
2650         * bytecode/VirtualRegister.h:
2651         * bytecompiler/BytecodeGenerator.cpp:
2652         (JSC::Label::setLocation):
2653         (JSC::Label::bind):
2654         (JSC::BytecodeGenerator::generate):
2655         (JSC::BytecodeGenerator::BytecodeGenerator):
2656         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2657         (JSC::BytecodeGenerator::emitEnter):
2658         (JSC::BytecodeGenerator::emitLoopHint):
2659         (JSC::BytecodeGenerator::emitJump):
2660         (JSC::BytecodeGenerator::emitCheckTraps):
2661         (JSC::BytecodeGenerator::rewind):
2662         (JSC::BytecodeGenerator::fuseCompareAndJump):
2663         (JSC::BytecodeGenerator::fuseTestAndJmp):
2664         (JSC::BytecodeGenerator::emitJumpIfTrue):
2665         (JSC::BytecodeGenerator::emitJumpIfFalse):
2666         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2667         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2668         (JSC::BytecodeGenerator::moveLinkTimeConstant):
2669         (JSC::BytecodeGenerator::moveEmptyValue):
2670         (JSC::BytecodeGenerator::emitMove):
2671         (JSC::BytecodeGenerator::emitUnaryOp):
2672         (JSC::BytecodeGenerator::emitBinaryOp):
2673         (JSC::BytecodeGenerator::emitToObject):
2674         (JSC::BytecodeGenerator::emitToNumber):
2675         (JSC::BytecodeGenerator::emitToString):
2676         (JSC::BytecodeGenerator::emitTypeOf):
2677         (JSC::BytecodeGenerator::emitInc):
2678         (JSC::BytecodeGenerator::emitDec):
2679         (JSC::BytecodeGenerator::emitEqualityOp):
2680         (JSC::BytecodeGenerator::emitProfileType):
2681         (JSC::BytecodeGenerator::emitProfileControlFlow):
2682         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2683         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
2684         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2685         (JSC::BytecodeGenerator::emitOverridesHasInstance):
2686         (JSC::BytecodeGenerator::emitResolveScope):
2687         (JSC::BytecodeGenerator::emitGetFromScope):
2688         (JSC::BytecodeGenerator::emitPutToScope):
2689         (JSC::BytecodeGenerator::emitInstanceOf):
2690         (JSC::BytecodeGenerator::emitInstanceOfCustom):
2691         (JSC::BytecodeGenerator::emitInByVal):
2692         (JSC::BytecodeGenerator::emitInById):
2693         (JSC::BytecodeGenerator::emitTryGetById):
2694         (JSC::BytecodeGenerator::emitGetById):
2695         (JSC::BytecodeGenerator::emitDirectGetById):
2696         (JSC::BytecodeGenerator::emitPutById):
2697         (JSC::BytecodeGenerator::emitDirectPutById):
2698         (JSC::BytecodeGenerator::emitPutGetterById):
2699         (JSC::BytecodeGenerator::emitPutSetterById):
2700         (JSC::BytecodeGenerator::emitPutGetterSetter):
2701         (JSC::BytecodeGenerator::emitPutGetterByVal):
2702         (JSC::BytecodeGenerator::emitPutSetterByVal):
2703         (JSC::BytecodeGenerator::emitDeleteById):
2704         (JSC::BytecodeGenerator::emitGetByVal):
2705         (JSC::BytecodeGenerator::emitPutByVal):
2706         (JSC::BytecodeGenerator::emitDirectPutByVal):
2707         (JSC::BytecodeGenerator::emitDeleteByVal):
2708         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
2709         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
2710         (JSC::BytecodeGenerator::emitIdWithProfile):
2711         (JSC::BytecodeGenerator::emitUnreachable):
2712         (JSC::BytecodeGenerator::emitGetArgument):
2713         (JSC::BytecodeGenerator::emitCreateThis):
2714         (JSC::BytecodeGenerator::emitTDZCheck):
2715         (JSC::BytecodeGenerator::emitNewObject):
2716         (JSC::BytecodeGenerator::emitNewArrayBuffer):
2717         (JSC::BytecodeGenerator::emitNewArray):
2718         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
2719         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2720         (JSC::BytecodeGenerator::emitNewRegExp):
2721         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
2722         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
2723         (JSC::BytecodeGenerator::emitNewFunction):
2724         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
2725         (JSC::BytecodeGenerator::emitCall):
2726         (JSC::BytecodeGenerator::emitCallInTailPosition):
2727         (JSC::BytecodeGenerator::emitCallEval):
2728         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2729         (JSC::BytecodeGenerator::emitCallVarargs):
2730         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
2731         (JSC::BytecodeGenerator::emitConstructVarargs):
2732         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
2733         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
2734         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
2735         (JSC::BytecodeGenerator::emitCallDefineProperty):
2736         (JSC::BytecodeGenerator::emitReturn):
2737         (JSC::BytecodeGenerator::emitEnd):
2738         (JSC::BytecodeGenerator::emitConstruct):
2739         (JSC::BytecodeGenerator::emitStrcat):
2740         (JSC::BytecodeGenerator::emitToPrimitive):
2741         (JSC::BytecodeGenerator::emitGetScope):
2742         (JSC::BytecodeGenerator::emitPushWithScope):
2743         (JSC::BytecodeGenerator::emitGetParentScope):
2744         (JSC::BytecodeGenerator::emitDebugHook):
2745         (JSC::BytecodeGenerator::emitCatch):
2746         (JSC::BytecodeGenerator::emitThrow):
2747         (JSC::BytecodeGenerator::emitArgumentCount):
2748         (JSC::BytecodeGenerator::emitThrowStaticError):
2749         (JSC::BytecodeGenerator::beginSwitch):
2750         (JSC::prepareJumpTableForSwitch):
2751         (JSC::prepareJumpTableForStringSwitch):
2752         (JSC::BytecodeGenerator::endSwitch):
2753         (JSC::BytecodeGenerator::emitGetEnumerableLength):
2754         (JSC::BytecodeGenerator::emitHasGenericProperty):
2755         (JSC::BytecodeGenerator::emitHasIndexedProperty):
2756         (JSC::BytecodeGenerator::emitHasStructureProperty):
2757         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
2758         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
2759         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
2760         (JSC::BytecodeGenerator::emitToIndexString):
2761         (JSC::BytecodeGenerator::emitIsCellWithType):
2762         (JSC::BytecodeGenerator::emitIsObject):
2763         (JSC::BytecodeGenerator::emitIsNumber):
2764         (JSC::BytecodeGenerator::emitIsUndefined):
2765         (JSC::BytecodeGenerator::emitIsEmpty):
2766         (JSC::BytecodeGenerator::emitRestParameter):
2767         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2768         (JSC::BytecodeGenerator::emitYieldPoint):
2769         (JSC::BytecodeGenerator::emitYield):
2770         (JSC::BytecodeGenerator::emitGetAsyncIterator):
2771         (JSC::BytecodeGenerator::emitDelegateYield):
2772         (JSC::BytecodeGenerator::emitFinallyCompletion):
2773         (JSC::BytecodeGenerator::emitJumpIf):
2774         (JSC::ForInContext::finalize):
2775         (JSC::StructureForInContext::finalize):
2776         (JSC::IndexedForInContext::finalize):
2777         (JSC::StaticPropertyAnalysis::record):
2778         (JSC::BytecodeGenerator::emitToThis):
2779         * bytecompiler/BytecodeGenerator.h:
2780         (JSC::StructureForInContext::addGetInst):
2781         (JSC::BytecodeGenerator::recordOpcode):
2782         (JSC::BytecodeGenerator::addMetadataFor):
2783         (JSC::BytecodeGenerator::emitUnaryOp):
2784         (JSC::BytecodeGenerator::kill):
2785         (JSC::BytecodeGenerator::instructions const):
2786         (JSC::BytecodeGenerator::write):
2787         (JSC::BytecodeGenerator::withWriter):
2788         * bytecompiler/Label.h:
2789         (JSC::Label::Label):
2790         (JSC::Label::bind):
2791         * bytecompiler/NodesCodegen.cpp:
2792         (JSC::ArrayNode::emitBytecode):
2793         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
2794         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2795         (JSC::BitwiseNotNode::emitBytecode):
2796         (JSC::BinaryOpNode::emitBytecode):
2797         (JSC::EqualNode::emitBytecode):
2798         (JSC::StrictEqualNode::emitBytecode):
2799         (JSC::emitReadModifyAssignment):
2800         (JSC::ForInNode::emitBytecode):
2801         (JSC::CaseBlockNode::emitBytecodeForBlock):
2802         (JSC::FunctionNode::emitBytecode):
2803         (JSC::ClassExprNode::emitBytecode):
2804         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
2805         (WTF::printInternal):
2806         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2807         * bytecompiler/RegisterID.h:
2808         * bytecompiler/StaticPropertyAnalysis.h:
2809         (JSC::StaticPropertyAnalysis::create):
2810         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
2811         * bytecompiler/StaticPropertyAnalyzer.h:
2812         (JSC::StaticPropertyAnalyzer::createThis):
2813         (JSC::StaticPropertyAnalyzer::newObject):
2814         (JSC::StaticPropertyAnalyzer::putById):
2815         (JSC::StaticPropertyAnalyzer::mov):
2816         (JSC::StaticPropertyAnalyzer::kill):
2817         * dfg/DFGByteCodeParser.cpp:
2818         (JSC::DFG::ByteCodeParser::addCall):
2819         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2820         (JSC::DFG::ByteCodeParser::getArrayMode):
2821         (JSC::DFG::ByteCodeParser::handleCall):
2822         (JSC::DFG::ByteCodeParser::handleVarargsCall):
2823         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
2824         (JSC::DFG::ByteCodeParser::inlineCall):
2825         (JSC::DFG::ByteCodeParser::handleCallVariant):
2826         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
2827         (JSC::DFG::ByteCodeParser::handleInlining):
2828         (JSC::DFG::ByteCodeParser::handleMinMax):
2829         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
2830         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
2831         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
2832         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
2833         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
2834         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
2835         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2836         (JSC::DFG::ByteCodeParser::handleGetById):
2837         (JSC::DFG::ByteCodeParser::handlePutById):
2838         (JSC::DFG::ByteCodeParser::parseGetById):
2839         (JSC::DFG::ByteCodeParser::parseBlock):
2840         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2841         (JSC::DFG::ByteCodeParser::handlePutByVal):
2842         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
2843         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
2844         (JSC::DFG::ByteCodeParser::handleNewFunc):
2845         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
2846         (JSC::DFG::ByteCodeParser::parse):
2847         * dfg/DFGCapabilities.cpp:
2848         (JSC::DFG::capabilityLevel):
2849         * dfg/DFGCapabilities.h:
2850         (JSC::DFG::capabilityLevel):
2851         * dfg/DFGOSREntry.cpp:
2852         (JSC::DFG::prepareCatchOSREntry):
2853         * dfg/DFGSpeculativeJIT.cpp:
2854         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2855         (JSC::DFG::SpeculativeJIT::compileValueSub):
2856         (JSC::DFG::SpeculativeJIT::compileValueNegate):
2857         (JSC::DFG::SpeculativeJIT::compileArithMul):
2858         * ftl/FTLLowerDFGToB3.cpp:
2859         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2860         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2861         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
2862         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
2863         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
2864         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
2865         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
2866         * ftl/FTLOperations.cpp:
2867         (JSC::FTL::operationMaterializeObjectInOSR):
2868         * generate-bytecode-files: Removed.
2869         * generator/Argument.rb: Added.
2870         * generator/Assertion.rb: Added.
2871         * generator/DSL.rb: Added.
2872         * generator/Fits.rb: Added.
2873         * generator/GeneratedFile.rb: Added.
2874         * generator/Metadata.rb: Added.
2875         * generator/Opcode.rb: Added.
2876         * generator/OpcodeGroup.rb: Added.
2877         * generator/Options.rb: Added.
2878         * generator/Section.rb: Added.
2879         * generator/Template.rb: Added.
2880         * generator/Type.rb: Added.
2881         * generator/main.rb: Added.
2882         * interpreter/AbstractPC.h:
2883         * interpreter/CallFrame.cpp:
2884         (JSC::CallFrame::currentVPC const):
2885         (JSC::CallFrame::setCurrentVPC):
2886         * interpreter/CallFrame.h:
2887         (JSC::CallSiteIndex::CallSiteIndex):
2888         (JSC::ExecState::setReturnPC):
2889         * interpreter/Interpreter.cpp:
2890         (WTF::printInternal):
2891         * interpreter/Interpreter.h:
2892         * interpreter/InterpreterInlines.h:
2893         * interpreter/StackVisitor.cpp:
2894         (JSC::StackVisitor::Frame::dump const):
2895         * interpreter/VMEntryRecord.h:
2896         * jit/JIT.cpp:
2897         (JSC::JIT::JIT):
2898         (JSC::JIT::emitSlowCaseCall):
2899         (JSC::JIT::privateCompileMainPass):
2900         (JSC::JIT::privateCompileSlowCases):
2901         (JSC::JIT::compileWithoutLinking):
2902         (JSC::JIT::link):
2903         * jit/JIT.h:
2904         * jit/JITArithmetic.cpp:
2905         (JSC::JIT::emit_op_jless):
2906         (JSC::JIT::emit_op_jlesseq):
2907         (JSC::JIT::emit_op_jgreater):
2908         (JSC::JIT::emit_op_jgreatereq):
2909         (JSC::JIT::emit_op_jnless):
2910         (JSC::JIT::emit_op_jnlesseq):
2911         (JSC::JIT::emit_op_jngreater):
2912         (JSC::JIT::emit_op_jngreatereq):
2913         (JSC::JIT::emitSlow_op_jless):
2914         (JSC::JIT::emitSlow_op_jlesseq):
2915         (JSC::JIT::emitSlow_op_jgreater):
2916         (JSC::JIT::emitSlow_op_jgreatereq):
2917         (JSC::JIT::emitSlow_op_jnless):
2918         (JSC::JIT::emitSlow_op_jnlesseq):
2919         (JSC::JIT::emitSlow_op_jngreater):
2920         (JSC::JIT::emitSlow_op_jngreatereq):
2921         (JSC::JIT::emit_op_below):
2922         (JSC::JIT::emit_op_beloweq):
2923         (JSC::JIT::emit_op_jbelow):
2924         (JSC::JIT::emit_op_jbeloweq):
2925         (JSC::JIT::emit_op_unsigned):
2926         (JSC::JIT::emit_compareAndJump):
2927         (JSC::JIT::emit_compareUnsignedAndJump):
2928         (JSC::JIT::emit_compareUnsigned):
2929         (JSC::JIT::emit_compareAndJumpSlow):
2930         (JSC::JIT::emit_op_inc):
2931         (JSC::JIT::emit_op_dec):
2932         (JSC::JIT::emit_op_mod):
2933         (JSC::JIT::emitSlow_op_mod):
2934         (JSC::JIT::emit_op_negate):
2935         (JSC::JIT::emitSlow_op_negate):
2936         (JSC::JIT::emitBitBinaryOpFastPath):
2937         (JSC::JIT::emit_op_bitand):
2938         (JSC::JIT::emit_op_bitor):
2939         (JSC::JIT::emit_op_bitxor):
2940         (JSC::JIT::emit_op_lshift):
2941         (JSC::JIT::emitRightShiftFastPath):
2942         (JSC::JIT::emit_op_rshift):
2943         (JSC::JIT::emit_op_urshift):
2944         (JSC::getOperandTypes):
2945         (JSC::JIT::emit_op_add):
2946         (JSC::JIT::emitSlow_op_add):
2947         (JSC::JIT::emitMathICFast):
2948         (JSC::JIT::emitMathICSlow):
2949         (JSC::JIT::emit_op_div):
2950         (JSC::JIT::emit_op_mul):
2951         (JSC::JIT::emitSlow_op_mul):
2952         (JSC::JIT::emit_op_sub):
2953         (JSC::JIT::emitSlow_op_sub):
2954         * jit/JITCall.cpp:
2955         (JSC::JIT::emitPutCallResult):
2956         (JSC::JIT::compileSetupFrame):
2957         (JSC::JIT::compileCallEval):
2958         (JSC::JIT::compileCallEvalSlowCase):
2959         (JSC::JIT::compileTailCall):
2960         (JSC::JIT::compileOpCall):
2961         (JSC::JIT::compileOpCallSlowCase):
2962         (JSC::JIT::emit_op_call):
2963         (JSC::JIT::emit_op_tail_call):
2964         (JSC::JIT::emit_op_call_eval):
2965         (JSC::JIT::emit_op_call_varargs):
2966         (JSC::JIT::emit_op_tail_call_varargs):
2967         (JSC::JIT::emit_op_tail_call_forward_arguments):
2968         (JSC::JIT::emit_op_construct_varargs):
2969         (JSC::JIT::emit_op_construct):
2970         (JSC::JIT::emitSlow_op_call):
2971         (JSC::JIT::emitSlow_op_tail_call):
2972         (JSC::JIT::emitSlow_op_call_eval):
2973         (JSC::JIT::emitSlow_op_call_varargs):
2974         (JSC::JIT::emitSlow_op_tail_call_varargs):
2975         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
2976         (JSC::JIT::emitSlow_op_construct_varargs):
2977         (JSC::JIT::emitSlow_op_construct):
2978         * jit/JITDisassembler.cpp:
2979         (JSC::JITDisassembler::JITDisassembler):
2980         * jit/JITExceptions.cpp:
2981         (JSC::genericUnwind):
2982         * jit/JITInlines.h:
2983         (JSC::JIT::emitDoubleGetByVal):
2984         (JSC::JIT::emitLoadForArrayMode):
2985         (JSC::JIT::emitContiguousGetByVal):
2986         (JSC::JIT::emitArrayStorageGetByVal):
2987         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2988         (JSC::JIT::sampleInstruction):
2989         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
2990         (JSC::JIT::emitValueProfilingSite):
2991         (JSC::JIT::jumpTarget):
2992         (JSC::JIT::copiedGetPutInfo):
2993         (JSC::JIT::copiedArithProfile):
2994         * jit/JITMathIC.h:
2995         (JSC::isProfileEmpty):
2996         (JSC::JITBinaryMathIC::JITBinaryMathIC):
2997         (JSC::JITUnaryMathIC::JITUnaryMathIC):
2998         * jit/JITOpcodes.cpp:
2999         (JSC::JIT::emit_op_mov):
3000         (JSC::JIT::emit_op_end):
3001         (JSC::JIT::emit_op_jmp):
3002         (JSC::JIT::emit_op_new_object):
3003         (JSC::JIT::emitSlow_op_new_object):
3004         (JSC::JIT::emit_op_overrides_has_instance):
3005         (JSC::JIT::emit_op_instanceof):
3006         (JSC::JIT::emitSlow_op_instanceof):
3007         (JSC::JIT::emit_op_instanceof_custom):
3008         (JSC::JIT::emit_op_is_empty):
3009         (JSC::JIT::emit_op_is_undefined):
3010         (JSC::JIT::emit_op_is_boolean):
3011         (JSC::JIT::emit_op_is_number):
3012         (JSC::JIT::emit_op_is_cell_with_type):
3013         (JSC::JIT::emit_op_is_object):
3014         (JSC::JIT::emit_op_ret):
3015         (JSC::JIT::emit_op_to_primitive):
3016         (JSC::JIT::emit_op_set_function_name):
3017         (JSC::JIT::emit_op_not):
3018         (JSC::JIT::emit_op_jfalse):
3019         (JSC::JIT::emit_op_jeq_null):
3020         (JSC::JIT::emit_op_jneq_null):
3021         (JSC::JIT::emit_op_jneq_ptr):
3022         (JSC::JIT::emit_op_eq):
3023         (JSC::JIT::emit_op_jeq):
3024         (JSC::JIT::emit_op_jtrue):
3025         (JSC::JIT::emit_op_neq):
3026         (JSC::JIT::emit_op_jneq):
3027         (JSC::JIT::emit_op_throw):
3028         (JSC::JIT::compileOpStrictEq):
3029         (JSC::JIT::emit_op_stricteq):
3030         (JSC::JIT::emit_op_nstricteq):
3031         (JSC::JIT::compileOpStrictEqJump):
3032         (JSC::JIT::emit_op_jstricteq):
3033         (JSC::JIT::emit_op_jnstricteq):
3034         (JSC::JIT::emitSlow_op_jstricteq):
3035         (JSC::JIT::emitSlow_op_jnstricteq):
3036         (JSC::JIT::emit_op_to_number):
3037         (JSC::JIT::emit_op_to_string):
3038         (JSC::JIT::emit_op_to_object):
3039         (JSC::JIT::emit_op_catch):
3040         (JSC::JIT::emit_op_identity_with_profile):
3041         (JSC::JIT::emit_op_get_parent_scope):
3042         (JSC::JIT::emit_op_switch_imm):
3043         (JSC::JIT::emit_op_switch_char):
3044         (JSC::JIT::emit_op_switch_string):
3045         (JSC::JIT::emit_op_debug):
3046         (JSC::JIT::emit_op_eq_null):
3047         (JSC::JIT::emit_op_neq_null):
3048         (JSC::JIT::emit_op_enter):
3049         (JSC::JIT::emit_op_get_scope):
3050         (JSC::JIT::emit_op_to_this):
3051         (JSC::JIT::emit_op_create_this):
3052         (JSC::JIT::emit_op_check_tdz):
3053         (JSC::JIT::emitSlow_op_eq):
3054         (JSC::JIT::emitSlow_op_neq):
3055         (JSC::JIT::emitSlow_op_jeq):
3056         (JSC::JIT::emitSlow_op_jneq):
3057         (JSC::JIT::emitSlow_op_instanceof_custom):
3058         (JSC::JIT::emit_op_loop_hint):
3059         (JSC::JIT::emitSlow_op_loop_hint):
3060         (JSC::JIT::emit_op_check_traps):
3061         (JSC::JIT::emit_op_nop):
3062         (JSC::JIT::emit_op_super_sampler_begin):
3063         (JSC::JIT::emit_op_super_sampler_end):
3064         (JSC::JIT::emitSlow_op_check_traps):
3065         (JSC::JIT::emit_op_new_regexp):
3066         (JSC::JIT::emitNewFuncCommon):
3067         (JSC::JIT::emit_op_new_func):
3068         (JSC::JIT::emit_op_new_generator_func):
3069         (JSC::JIT::emit_op_new_async_generator_func):
3070         (JSC::JIT::emit_op_new_async_func):
3071         (JSC::JIT::emitNewFuncExprCommon):
3072         (JSC::JIT::emit_op_new_func_exp):
3073         (JSC::JIT::emit_op_new_generator_func_exp):
3074         (JSC::JIT::emit_op_new_async_func_exp):
3075         (JSC::JIT::emit_op_new_async_generator_func_exp):
3076         (JSC::JIT::emit_op_new_array):
3077         (JSC::JIT::emit_op_new_array_with_size):
3078         (JSC::JIT::emit_op_has_structure_property):
3079         (JSC::JIT::privateCompileHasIndexedProperty):
3080         (JSC::JIT::emit_op_has_indexed_property):
3081         (JSC::JIT::emitSlow_op_has_indexed_property):
3082         (JSC::JIT::emit_op_get_direct_pname):
3083         (JSC::JIT::emit_op_enumerator_structure_pname):
3084         (JSC::JIT::emit_op_enumerator_generic_pname):
3085         (JSC::JIT::emit_op_profile_type):
3086         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
3087         (JSC::JIT::emit_op_log_shadow_chicken_tail):
3088         (JSC::JIT::emit_op_profile_control_flow):
3089         (JSC::JIT::emit_op_argument_count):
3090         (JSC::JIT::emit_op_get_rest_length):
3091         (JSC::JIT::emit_op_get_argument):
3092         * jit/JITOpcodes32_64.cpp:
3093         (JSC::JIT::emit_op_to_this):
3094         * jit/JITOperations.cpp:
3095         * jit/JITOperations.h:
3096         * jit/JITPropertyAccess.cpp:
3097         (JSC::JIT::emit_op_get_by_val):
3098         (JSC::JIT::emitGetByValWithCachedId):
3099         (JSC::JIT::emitSlow_op_get_by_val):
3100         (JSC::JIT::emit_op_put_by_val_direct):
3101         (JSC::JIT::emit_op_put_by_val):
3102         (JSC::JIT::emitGenericContiguousPutByVal):
3103         (JSC::JIT::emitArrayStoragePutByVal):
3104         (JSC::JIT::emitPutByValWithCachedId):
3105         (JSC::JIT::emitSlow_op_put_by_val):
3106         (JSC::JIT::emit_op_put_getter_by_id):
3107         (JSC::JIT::emit_op_put_setter_by_id):
3108         (JSC::JIT::emit_op_put_getter_setter_by_id):
3109         (JSC::JIT::emit_op_put_getter_by_val):
3110         (JSC::JIT::emit_op_put_setter_by_val):
3111         (JSC::JIT::emit_op_del_by_id):
3112         (JSC::JIT::emit_op_del_by_val):
3113         (JSC::JIT::emit_op_try_get_by_id):
3114         (JSC::JIT::emitSlow_op_try_get_by_id):
3115         (JSC::JIT::emit_op_get_by_id_direct):
3116         (JSC::JIT::emitSlow_op_get_by_id_direct):
3117         (JSC::JIT::emit_op_get_by_id):
3118         (JSC::JIT::emit_op_get_by_id_with_this):
3119         (JSC::JIT::emitSlow_op_get_by_id):
3120         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3121         (JSC::JIT::emit_op_put_by_id):
3122         (JSC::JIT::emitSlow_op_put_by_id):
3123         (JSC::JIT::emit_op_in_by_id):
3124         (JSC::JIT::emitSlow_op_in_by_id):
3125         (JSC::JIT::emit_op_resolve_scope):
3126         (JSC::JIT::emit_op_get_from_scope):
3127         (JSC::JIT::emitSlow_op_get_from_scope):
3128         (JSC::JIT::emit_op_put_to_scope):
3129         (JSC::JIT::emitSlow_op_put_to_scope):
3130         (JSC::JIT::emit_op_get_from_arguments):
3131         (JSC::JIT::emit_op_put_to_arguments):
3132         (JSC::JIT::privateCompileGetByVal):
3133         (JSC::JIT::privateCompileGetByValWithCachedId):
3134         (JSC::JIT::privateCompilePutByVal):
3135         (JSC::JIT::privateCompilePutByValWithCachedId):
3136         (JSC::JIT::emitDoubleLoad):
3137         (JSC::JIT::emitContiguousLoad):
3138         (JSC::JIT::emitArrayStorageLoad):
3139         (JSC::JIT::emitDirectArgumentsGetByVal):
3140         (JSC::JIT::emitScopedArgumentsGetByVal):
3141         (JSC::JIT::emitIntTypedArrayGetByVal):
3142         (JSC::JIT::emitFloatTypedArrayGetByVal):
3143         (JSC::JIT::emitIntTypedArrayPutByVal):
3144         (JSC::JIT::emitFloatTypedArrayPutByVal):
3145         * jit/RegisterSet.cpp:
3146         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
3147         * jit/SlowPathCall.h:
3148         (JSC::JITSlowPathCall::JITSlowPathCall):
3149         * llint/LLIntData.cpp:
3150         (JSC::LLInt::initialize):
3151         (JSC::LLInt::Data::performAssertions):
3152         * llint/LLIntData.h:
3153         (JSC::LLInt::exceptionInstructions):
3154         (JSC::LLInt::opcodeMap):
3155         (JSC::LLInt::opcodeMapWide):
3156         (JSC::LLInt::getOpcode):
3157         (JSC::LLInt::getOpcodeWide):
3158         (JSC::LLInt::getWideCodePtr):
3159         * llint/LLIntOffsetsExtractor.cpp:
3160         * llint/LLIntSlowPaths.cpp:
3161         (JSC::LLInt::llint_trace_operand):
3162         (JSC::LLInt::llint_trace_value):
3163         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3164         (JSC::LLInt::entryOSR):
3165         (JSC::LLInt::setupGetByIdPrototypeCache):
3166         (JSC::LLInt::getByVal):
3167         (JSC::LLInt::handleHostCall):
3168         (JSC::LLInt::setUpCall):
3169         (JSC::LLInt::genericCall):
3170         (JSC::LLInt::varargsSetup):
3171         (JSC::LLInt::commonCallEval):
3172         * llint/LLIntSlowPaths.h:
3173         * llint/LowLevelInterpreter.asm:
3174         * llint/LowLevelInterpreter.cpp:
3175         (JSC::CLoopRegister::operator const Instruction*):
3176         (JSC::CLoop::execute):
3177         * llint/LowLevelInterpreter32_64.asm:
3178         * llint/LowLevelInterpreter64.asm:
3179         * offlineasm/arm64.rb:
3180         * offlineasm/asm.rb:
3181         * offlineasm/ast.rb:
3182         * offlineasm/cloop.rb:
3183         * offlineasm/generate_offset_extractor.rb:
3184         * offlineasm/instructions.rb:
3185         * offlineasm/offsets.rb:
3186         * offlineasm/parser.rb:
3187         * offlineasm/transform.rb:
3188         * offlineasm/x86.rb:
3189         * parser/ResultType.h:
3190         (JSC::ResultType::dump const):
3191         (JSC::OperandTypes::first const):
3192         (JSC::OperandTypes::second const):
3193         (JSC::OperandTypes::dump const):
3194         * profiler/ProfilerBytecodeSequence.cpp:
3195         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
3196         * runtime/CommonSlowPaths.cpp:
3197         (JSC::SLOW_PATH_DECL):
3198         (JSC::updateArithProfileForUnaryArithOp):
3199         (JSC::updateArithProfileForBinaryArithOp):
3200         * runtime/CommonSlowPaths.h:
3201         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
3202         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
3203         * runtime/ExceptionFuzz.cpp:
3204         (JSC::doExceptionFuzzing):
3205         * runtime/ExceptionFuzz.h:
3206         (JSC::doExceptionFuzzingIfEnabled):
3207         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3208         (JSC::GetPutInfo::dump const):
3209         (WTF::printInternal):
3210         * runtime/GetPutInfo.h:
3211         (JSC::GetPutInfo::operand const):
3212         * runtime/JSCPoison.h:
3213         * runtime/JSType.cpp: Added.
3214         (WTF::printInternal):
3215         * runtime/JSType.h:
3216         * runtime/SamplingProfiler.cpp:
3217         (JSC::SamplingProfiler::StackFrame::displayName):
3218         * runtime/SamplingProfiler.h:
3219         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
3220         * runtime/SlowPathReturnType.h:
3221         (JSC::encodeResult):
3222         (JSC::decodeResult):
3223         * runtime/VM.h:
3224         * runtime/Watchdog.h:
3225         * tools/HeapVerifier.cpp:
3226
3227 2018-10-26  Commit Queue  <commit-queue@webkit.org>
3228
3229         Unreviewed, rolling out r237445.
3230         https://bugs.webkit.org/show_bug.cgi?id=190972
3231
3232         Cause performance regression on iOS devices (Requested by
3233         yusukesuzuki on #webkit).
3234
3235         Reverted changeset:
3236
3237         "Unreviewed, partial rolling in r237254"
3238         https://bugs.webkit.org/show_bug.cgi?id=190340
3239         https://trac.webkit.org/changeset/237445
3240
3241 2018-10-26  Mark Lam  <mark.lam@apple.com>
3242
3243         Fix missing edge cases with JSGlobalObjects having a bad time.
3244         https://bugs.webkit.org/show_bug.cgi?id=189028
3245         <rdar://problem/45204939>
3246
3247         Reviewed by Saam Barati.
3248
3249         Consider the following scenario:
3250
3251             let object O1 (of global G1) have an indexing type that is not SlowPut.
3252             let global G2 have a bad time.
3253             let object O2 (of global G2) be set as the prototype of O1.
3254             let object O3 (of global G2) have indexed accessors.
3255
3256         In the existing code, if we set O3 as O2's prototype, we'll have a bug where
3257         O1 will not be made aware that that there are indexed accessors in its prototype
3258         chain.
3259
3260         In this patch, we solve this issue by introducing a new invariant:
3261
3262             A prototype chain is considered to possibly have indexed accessors if any
3263             object in the chain belongs to a global object that is having a bad time.
3264
3265         We apply this invariant as follows:
3266
3267         1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are
3268            affected by it having a bad time.  If so, it also ensures that those affected
3269            global objects have a bad time.
3270
3271            The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder
3272            to find all objects affected by the global object having a bad time.  We enhance
3273            ObjectsWithBrokenIndexingFinder to also check for the possibility that any global
3274            objects may be affected by other global objects having a bad time i.e.
3275
3276                 let g1 = global1
3277                 let g2 = global2
3278                 let o1 = an object in g1
3279                 let o2 = an object in g2
3280
3281                 let g1 have a bad time
3282                 g2 is affected if
3283                     o1 is in the prototype chain of o2,
3284                     and o2 may be a prototype.
3285
3286            If the ObjectsWithBrokenIndexingFinder does find the possibility of other global
3287            objects being affected, it will abort its heap scan and let haveABadTime() take
3288            a slow path to do a more complete multi global object scan.
3289
3290            The slow path works as follows:
3291
3292            1. Iterate the heap and record the graph of all global object dependencies.
3293
3294               For each global object, record the list of other global objects that are
3295               affected by it.
3296
3297            2. Compute a list of global objects that need to have a bad time using the
3298               current global object dependency graph.
3299
3300            3. For each global object in the list of affected global objects, fire their
3301               HaveABadTime watchpoint and convert all their array structures to the
3302               SlowPut alternatives.
3303
3304            4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected
3305               by any of the globals in the list from (2).
3306
3307         2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the
3308            structure's global object is having a bad time.
3309
3310         Note: there are 3 scenarios that we need to consider:
3311
3312             let g1 = global1
3313             let g2 = global2
3314             let o1 = an object in g1
3315             let o2 = an object in g2
3316
3317             Scenario 1: o2 is a prototype, and
3318                         g1 has a bad time after o1 is inserted into the o2's prototype chain.
3319
3320             Scenario 2: o2 is a prototype, and
3321                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3322
3323             Scenario 3: o2 is NOT a prototype, and
3324                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3325
3326             For scenario 1, when g1 has a bad time, we need to also make sure g2 has
3327             a bad time.  This is handled by enhancement 1 above.
3328
3329             For scenario 2, when o1 is inserted into o2's prototype chain, we need to check
3330             if o1's global object has a bad time.  If so, then we need to make sure o2's
3331             global also has a bad time (because o2 is a prototype) and convert o2's
3332             storage type to SlowPut.  This is handled by enhancement 2 above in conjunction
3333             with JSObject::setPrototypeDirect().
3334
3335             For scenario 3, when o1 is inserted into o2's prototype chain, we need to check
3336             if o1's global object has a bad time.  If so, then we only need to convert o2's
3337             storage type to SlowPut (because o2 is NOT a prototype).  This is handled by
3338             enhancement 2 above.
3339
3340         3. Also add $vm.isHavingABadTime(), $vm.createGlobalObject() to enable us to
3341            write some tests for this issue.
3342
3343         * runtime/JSGlobalObject.cpp:
3344         (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
3345         (JSC::JSGlobalObject::haveABadTime):
3346         * runtime/JSGlobalObject.h:
3347         * runtime/JSObject.h:
3348         (JSC::JSObject::mayInterceptIndexedAccesses): Deleted.
3349         * runtime/JSObjectInlines.h:
3350         (JSC::JSObject::mayInterceptIndexedAccesses):
3351         * runtime/Structure.h:
3352         * runtime/StructureInlines.h:
3353         (JSC::Structure::mayInterceptIndexedAccesses const):
3354         * tools/JSDollarVM.cpp:
3355         (JSC::functionHaveABadTime):
3356         (JSC::functionIsHavingABadTime):
3357         (JSC::functionCreateGlobalObject):
3358         (JSC::JSDollarVM::finishCreation):
3359
3360 2018-10-26  Keith Miller  <keith_miller@apple.com>
3361
3362         JSC xcconfig should set DEFINES_MODULE
3363         https://bugs.webkit.org/show_bug.cgi?id=190952
3364
3365         Reviewed by Mark Lam.
3366
3367         This should mean that the JavaScriptCore.framework will have a module map.
3368
3369         * Configurations/JavaScriptCore.xcconfig:
3370
3371 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3372
3373         [JSC] havingABadTimeWatchpoint is not required in Array#indexOf optimization
3374         https://bugs.webkit.org/show_bug.cgi?id=190941
3375