Remove FTL::LowerDFGToLLVM::compileJSConstant()
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-11-05  Filip Pizlo  <fpizlo@apple.com>
2
3         Remove FTL::LowerDFGToLLVM::compileJSConstant()
4         https://bugs.webkit.org/show_bug.cgi?id=123817
5
6         Reviewed by Geoffrey Garen.
7
8         * ftl/FTLLowerDFGToLLVM.cpp:
9
10 2013-11-04  Filip Pizlo  <fpizlo@apple.com>
11
12         FTL should support PutById
13         https://bugs.webkit.org/show_bug.cgi?id=123784
14
15         Reviewed by Geoffrey Garen.
16
17         * ftl/FTLAbbreviations.h:
18         (JSC::FTL::buildCall):
19         * ftl/FTLCapabilities.cpp:
20         (JSC::FTL::canCompile):
21         * ftl/FTLCompile.cpp:
22         (JSC::FTL::generateICFastPath):
23         (JSC::FTL::fixFunctionBasedOnStackMaps):
24         * ftl/FTLInlineCacheDescriptor.h:
25         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
26         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
27         (JSC::FTL::PutByIdDescriptor::PutByIdDescriptor):
28         (JSC::FTL::PutByIdDescriptor::ecmaMode):
29         (JSC::FTL::PutByIdDescriptor::putKind):
30         * ftl/FTLIntrinsicRepository.h:
31         * ftl/FTLLowerDFGToLLVM.cpp:
32         (JSC::FTL::LowerDFGToLLVM::compileNode):
33         (JSC::FTL::LowerDFGToLLVM::compilePutById):
34         * ftl/FTLOutput.h:
35         (JSC::FTL::Output::call):
36         * ftl/FTLSlowPathCall.cpp:
37         (JSC::FTL::callOperation):
38         * ftl/FTLSlowPathCall.h:
39         * ftl/FTLState.h:
40         * jit/CCallHelpers.h:
41         (JSC::CCallHelpers::setupArguments):
42         * runtime/Executable.h:
43         (JSC::ScriptExecutable::ecmaMode):
44
45 2013-11-04  Filip Pizlo  <fpizlo@apple.com>
46
47         GetById->GetByOffset and PutById->PutByOffset folding should mark haveStructures since it may result in structure transition watchpoints
48         https://bugs.webkit.org/show_bug.cgi?id=123788
49
50         Reviewed by Geoffrey Garen.
51         
52         haveStructures is true if there are any currentlyKnownStructures that have
53         interesting values, since that's the only time when clobbering needs to do things.
54         It's a really important compile-time optimization. But that also means that anytime
55         we might cause currentlyKnownStructures to get set - like when we might insert some
56         structure transition watchpoints - we need to set haveStructures. We were forgetting
57         to do that for GetById->GetByOffset and PutById->PutByOffset because, I guess, we
58         forgot that those might insert structure transition watchpoints.
59
60         * dfg/DFGAbstractInterpreterInlines.h:
61         (JSC::DFG::::executeEffects):
62
63 2013-11-05  Julien Brianceau  <jbriance@cisco.com>
64
65         [mips] Make regTx registers match between JSInterfaceJIT and GPRInfo.
66         https://bugs.webkit.org/show_bug.cgi?id=123807
67
68         Reviewed by Mark Lam.
69
70         * jit/GPRInfo.h:
71         (JSC::GPRInfo::toIndex):
72         * jit/JSInterfaceJIT.h:
73
74 2013-11-05  Julien Brianceau  <jbriance@cisco.com>
75
76         REGRESSION(r158315): Fix register mixup in JIT::compileOpCall.
77         https://bugs.webkit.org/show_bug.cgi?id=123799
78
79         Reviewed by Mark Lam.
80
81         Changeset r158315 is crashing architectures where JSInterfaceJIT::regT3 is
82         different from GPRInfo::regT3. This is the case for MIPS architecture.
83
84         * jit/JITCall32_64.cpp:
85         (JSC::JIT::compileOpCall):
86
87 2013-11-05  Julien Brianceau  <jbriance@cisco.com>
88
89         [mips] Fix build for MIPS platforms.
90         https://bugs.webkit.org/show_bug.cgi?id=123796
91
92         Reviewed by Michael Saboff.
93
94         * assembler/LinkBuffer.cpp:
95         (JSC::LinkBuffer::linkCode): Add specific MIPS call to relocateJumps.
96         * assembler/MIPSAssembler.h: Remove executableCopy (because of r157690) and set relocateJumps function public.
97         (JSC::MIPSAssembler::firstRegister):
98         (JSC::MIPSAssembler::lastRegister):
99         (JSC::MIPSAssembler::firstFPRegister):
100         (JSC::MIPSAssembler::lastFPRegister):
101         (JSC::MIPSAssembler::buffer): Needed since r157690.
102         * assembler/MacroAssemblerMIPS.h: Add framePointerRegister.
103         (JSC::MacroAssemblerMIPS::revertJumpReplacementToPatchableBranchPtrWithPatch): Remove unused parameter warning.
104
105 2013-11-04  Filip Pizlo  <fpizlo@apple.com>
106
107         internal-js-tests.yaml/Octane/stress-tests/pdfjs.js.default: ASSERTION FAILED: m_state.forNode(child).m_futurePossibleStructure.isSubsetOf(StructureSet(structure)) at DFGConstantFoldingPhase.cpp:249
108         https://bugs.webkit.org/show_bug.cgi?id=123778
109
110         Unreviewed, remove the other such assertion.
111
112         * dfg/DFGConstantFoldingPhase.cpp:
113         (JSC::DFG::ConstantFoldingPhase::foldConstants):
114
115 2013-11-04  Michael Saboff  <msaboff@apple.com>
116
117         REGRESSION(r158586): plugins/refcount-leaks.html fails
118         https://bugs.webkit.org/show_bug.cgi?id=123765
119
120         We were leaving a hole of one slot above a new frame when pushing the new frame on
121         the stack with pushFrame().  This unused slot can contain residual values that will
122         be marked during GC.
123
124         Reviewed by Filip Pizlo.
125
126         * interpreter/JSStackInlines.h:
127         (JSC::JSStack::pushFrame):
128
129 2013-11-04  Filip Pizlo  <fpizlo@apple.com>
130
131         internal-js-tests.yaml/Octane/stress-tests/pdfjs.js.default: ASSERTION FAILED: m_state.forNode(child).m_futurePossibleStructure.isSubsetOf(StructureSet(structure)) at DFGConstantFoldingPhase.cpp:249
132         https://bugs.webkit.org/show_bug.cgi?id=123778
133
134         Reviewed by Geoffrey Garen.
135         
136         This assertion was just wrong: ee do an execute() above the assertion. The assertion
137         is asserting that if we need a watchpoint (i.e. the best proven structure was not the
138         current structure) then it must be the future possible structure.  But while that may
139         have been true before execute(), it won't be true after if the PutById was a
140         transition. Of course, this can only happen in the concurrent JIT in which case the
141         code would be invalidated anyway since we would only transform the code in a way that
142         leveraged the lack of a transition if we inserted a watchpoint, in which case we
143         would realize that the watchpoint had been fired during compilation.
144         
145         Since this requires concurrent JIT awesomeness, I don't know how to test it.
146
147         * dfg/DFGConstantFoldingPhase.cpp:
148         (JSC::DFG::ConstantFoldingPhase::foldConstants):
149
150 2013-11-04  Filip Pizlo  <fpizlo@apple.com>
151
152         DFG CheckArray(String) should just be a Phantom(String:)
153         https://bugs.webkit.org/show_bug.cgi?id=123779
154
155         Reviewed by Geoffrey Garen.
156         
157         This should be a speed-up since Phantom(String:) is smart enough to use the string
158         structure. It should also be a simplification since CheckArray(String) was totally
159         redundant.
160         
161         Also FixupPhase was assuming that it may see CheckArray's. That's wrong. It can
162         create CheckArray's but it won't see them as input since no previous phase can
163         create them.
164
165         * dfg/DFGFixupPhase.cpp:
166         (JSC::DFG::FixupPhase::fixupNode):
167         (JSC::DFG::FixupPhase::checkArray):
168         * dfg/DFGSpeculativeJIT.cpp:
169         (JSC::DFG::SpeculativeJIT::checkArray):
170
171 2013-11-04  Filip Pizlo  <fpizlo@apple.com>
172
173         DFG NewArray/NewArrayBuffer shouldn't be constructing with negative indexing
174         https://bugs.webkit.org/show_bug.cgi?id=123760
175         <rdar://problem/15356705>
176
177         Reviewed by Mark Hahnenberg and Oliver Hunt.
178
179         * dfg/DFGOperations.cpp:
180
181 2013-11-04  Michael Saboff  <msaboff@apple.com>
182
183         Eliminate HostCall bit from JSC Stack CallerFrame
184         https://bugs.webkit.org/show_bug.cgi?id=123642
185
186         Reviewed by Geoffrey Garen.
187
188         Replace the HostCallFrame bit or'ed to the CallerFrame value in a CallFrame with
189         a VM entry sentinel CallFrame.  Logically, the VM entry sentinel call frame is
190         pushed on the stack before the callee frame when calling from native to JavaScript
191         code.  The callee frame's CallerFrame points at the VM entry sentinel call frame
192         and the VM entry sentinel call frame's CallerFrame points to the real caller.
193         The VM entry sentinel call frame has a sentinel (1) in the CodeBlock to indicate
194         its a VM entry sentinel call frame.  It's ScopeChain has vm.topCallFrame at the
195         time of the call.  This allows for a complete stack walk as well as walking just
196         the contiguous JS frames.
197
198         The VM entry sentinel call frame and callee frame are currently allocated and
199         initialized in ExecState::init(), but this initialization will be moved to
200         ctiTrampoline when we actually move onto the native stack.
201
202         * bytecode/CodeBlock.cpp:
203         (JSC::CodeBlock::noticeIncomingCall):
204         * debugger/DebuggerCallFrame.cpp:
205         (JSC::DebuggerCallFrame::callerFrame):
206         * dfg/DFGJITCompiler.cpp:
207         (JSC::DFG::JITCompiler::compileExceptionHandlers):
208         * interpreter/CallFrame.h:
209         (JSC::ExecState::frameExtent):
210         (JSC::ExecState::currentVPC):
211         (JSC::ExecState::setCurrentVPC):
212         (JSC::ExecState::init):
213         (JSC::ExecState::noCaller):
214         (JSC::ExecState::isVMEntrySentinel):
215         (JSC::ExecState::vmEntrySentinelCallerFrame):
216         (JSC::ExecState::initializeVMEntrySentinelFrame):
217         (JSC::ExecState::callerFrameSkippingVMEntrySentinel):
218         (JSC::ExecState::vmEntrySentinelCodeBlock):
219         * interpreter/Interpreter.cpp:
220         (JSC::unwindCallFrame):
221         (JSC::Interpreter::getStackTrace):
222         * interpreter/Interpreter.h:
223         (JSC::TopCallFrameSetter::TopCallFrameSetter):
224         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
225         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
226         * interpreter/JSStack.cpp:
227         (JSC::JSStack::~JSStack):
228         * interpreter/JSStackInlines.h:
229         (JSC::JSStack::getStartOfFrame):
230         (JSC::JSStack::pushFrame):
231         (JSC::JSStack::popFrame):
232         * interpreter/Register.h:
233         (JSC::Register::operator=):
234         (JSC::Register::callFrame):
235         * interpreter/StackVisitor.cpp:
236         (JSC::StackVisitor::readFrame):
237         (JSC::StackVisitor::readNonInlinedFrame):
238         (JSC::StackVisitor::readInlinedFrame):
239         (JSC::StackVisitor::Frame::print):
240         * interpreter/VMInspector.cpp:
241         (JSC::VMInspector::countFrames):
242         * jit/JIT.cpp:
243         (JSC::JIT::privateCompileExceptionHandlers):
244         * jit/JITOperations.cpp:
245         * jit/JITStubsARM.h:
246         (JSC::ctiTrampoline):
247         * jit/JITStubsARM64.h:
248         * jit/JITStubsARMv7.h:
249         (JSC::ctiTrampoline):
250         * jit/JITStubsMIPS.h:
251         * jit/JITStubsMSVC64.asm:
252         * jit/JITStubsSH4.h:
253         * jit/JITStubsX86.h:
254         * jit/JITStubsX86_64.h:
255         * jsc.cpp:
256         (functionDumpCallFrame):
257         * llint/LowLevelInterpreter.cpp:
258         (JSC::CLoop::execute):
259         * runtime/VM.cpp:
260         (JSC::VM::VM):
261         (JSC::VM::throwException):
262
263 2013-11-04  Mark Hahnenberg  <mhahnenberg@apple.com>
264
265         JSArrayBufferViews of length 0 allocate 0 CopiedSpace bytes, which is invalid
266         https://bugs.webkit.org/show_bug.cgi?id=123746
267
268         Reviewed by Geoffrey Garen.
269
270         This patch disallows clients from allocating 0 bytes in CopiedSpace. We enforce this invariant 
271         with an ASSERT in C++ code and a breakpoint in JIT code. Clients who care about 0-byte 
272         allocations (like JSArrayBufferViews) must handle that case themselves, but we don't punish 
273         anybody else for the rare case that somebody decides to allocate a 0-length typed array. 
274         It also makes the allocation and copying cases consistent for CopiedSpace: no 0-byte allocations, 
275         no 0-byte copying.
276  
277         Also added a check so that JSArrayBufferViews don't try to copy their m_vector backing store when 
278         their length is 0. Also sprinkled several ASSERTs throughout the JSArrayBufferView code to make sure that 
279         when length is 0 m_vector is null.
280
281         * dfg/DFGSpeculativeJIT.cpp:
282         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
283         * dfg/DFGSpeculativeJIT.h:
284         (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
285         * heap/CopiedSpaceInlines.h:
286         (JSC::CopiedSpace::tryAllocate):
287         * runtime/ArrayBuffer.h:
288         (JSC::ArrayBuffer::create):
289         * runtime/JSArrayBufferView.cpp:
290         (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
291         * runtime/JSGenericTypedArrayViewInlines.h:
292         (JSC::::visitChildren):
293         (JSC::::copyBackingStore):
294         (JSC::::slowDownAndWasteMemory):
295
296 2013-11-04  Julien Brianceau  <jbriance@cisco.com>
297
298         [sh4] Refactor jumps in baseline JIT to return label after the jump.
299         https://bugs.webkit.org/show_bug.cgi?id=123734
300
301         Reviewed by Michael Saboff.
302
303         Current implementation of jumps in sh4 baseline JIT returns a label on the jump itself
304         and not after it. This is not correct and leads to issues like infinite loop the DFG
305         (https://bugs.webkit.org/show_bug.cgi?id=122597 for instance). This refactor fixes this
306         and also simplifies the link and relink procedures for sh4 jumps.
307
308         * assembler/MacroAssemblerSH4.h:
309         (JSC::MacroAssemblerSH4::branchDouble):
310         (JSC::MacroAssemblerSH4::branchTrue):
311         (JSC::MacroAssemblerSH4::branchFalse):
312         * assembler/SH4Assembler.h:
313         (JSC::SH4Assembler::jmp):
314         (JSC::SH4Assembler::extraInstrForBranch):
315         (JSC::SH4Assembler::jne):
316         (JSC::SH4Assembler::je):
317         (JSC::SH4Assembler::bra):
318         (JSC::SH4Assembler::linkJump):
319         (JSC::SH4Assembler::relinkJump):
320
321 2013-11-03  Filip Pizlo  <fpizlo@apple.com>
322
323         Generated color wheel displays incorrectly (regressed in r155567)
324         https://bugs.webkit.org/show_bug.cgi?id=123664
325
326         Reviewed by Andreas Kling.
327
328         Interestingly, r155567 just "un-broke" the attempt to constant-fold ArithMod, but
329         that constant folding was just wrong to begin with. There is no evidence that this
330         constant folding rule is profitable. I'm removing it instead of trying to think
331         about what it means for it to be correct.
332
333         * dfg/DFGAbstractInterpreterInlines.h:
334         (JSC::DFG::::executeEffects):
335
336 2013-11-03  Filip Pizlo  <fpizlo@apple.com>
337
338         Unreviewed, it is no longer necessary to call DisablePrettyStackTrace.
339
340         * llvm/library/LLVMExports.cpp:
341         (initializeAndGetJSCLLVMAPI):
342
343 2013-11-02  Mark Lam  <mark.lam@apple.com>
344
345         Assertion failure in non-JIT'ed LLInt on ARM Thumb.
346         https://bugs.webkit.org/show_bug.cgi?id=97569.
347
348         Reviewed by Geoffrey Garen.
349
350         * assembler/MacroAssemblerCodeRef.h:
351         - Thumb2 alignment assertions do not apply to the C Loop LLINT because
352           the arguments passed to those assertions are actually OpcodeIDs
353           masquerading as addresses.
354         * llint/LLIntOfflineAsmConfig.h:
355         - Some of the #defines belong in the !ENABLE(LLINT_C_LOOP) section.
356           Moving them there.
357         * llint/LowLevelInterpreter.cpp:
358         - Keep the compiler happy from some unreferenced C Loop labels.
359
360 2013-11-02  Filip Pizlo  <fpizlo@apple.com>
361
362         FTL should use LLVM intrinsics for OSR exit, watchpoints, inline caches, and stack layout
363         https://bugs.webkit.org/show_bug.cgi?id=122318
364
365         Reviewed by Geoffrey Garen.
366         
367         This all now works. This patch just updates our implementation to work with LLVM trunk,
368         and removes all of the old code that tried to do OSR exits and heap accesses without
369         the benefit of those intrinsics.
370         
371         In particular:
372         
373         - StackMaps parsing now uses the new, less compact, but more future-proof, format.
374         
375         - Remove the ftlUsesStackmaps() option and hard-code ftlUsesStackmaps = true. Remove
376           all code for ftlUsesStackmaps = false, since that was only there for back when we
377           didn't have the intrinsics.
378         
379         - Remove the other experimental OSR options (useLLVMOSRExitIntrinsic,
380           ftlTrapsOnOSRExit, and FTLOSRExitOmitsMarshalling).
381         
382         - Remove LowerDFGToLLVM's use of the ExitThunkGenerator since we don't need to generate
383           the exit thunks until after we parse the stackmaps.
384         
385         - Remove all of the exit thunk and compiler code for the no-stackmaps case.
386
387         * dfg/DFGDriver.cpp:
388         (JSC::DFG::compileImpl):
389         * ftl/FTLCompile.cpp:
390         (JSC::FTL::mmAllocateDataSection):
391         * ftl/FTLExitThunkGenerator.cpp:
392         (JSC::FTL::ExitThunkGenerator::emitThunk):
393         * ftl/FTLIntrinsicRepository.h:
394         * ftl/FTLLocation.cpp:
395         (JSC::FTL::Location::forStackmaps):
396         * ftl/FTLLowerDFGToLLVM.cpp:
397         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
398         (JSC::FTL::LowerDFGToLLVM::lower):
399         (JSC::FTL::LowerDFGToLLVM::compileGetById):
400         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
401         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
402         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
403         (JSC::FTL::LowerDFGToLLVM::callStackmap):
404         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
405         * ftl/FTLOSRExitCompilationInfo.h:
406         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
407         * ftl/FTLOSRExitCompiler.cpp:
408         (JSC::FTL::compileStub):
409         (JSC::FTL::compileFTLOSRExit):
410         * ftl/FTLStackMaps.cpp:
411         (JSC::FTL::StackMaps::Location::parse):
412         (JSC::FTL::StackMaps::parse):
413         (WTF::printInternal):
414         * ftl/FTLStackMaps.h:
415         * ftl/FTLThunks.cpp:
416         (JSC::FTL::osrExitGenerationThunkGenerator):
417         * ftl/FTLThunks.h:
418         (JSC::FTL::Thunks::getOSRExitGenerationThunk):
419         * runtime/Options.h:
420
421 2013-11-02  Patrick Gansterer  <paroga@webkit.org>
422
423         Add missing getHostCallReturnValue() for MSVC ARM
424         https://bugs.webkit.org/show_bug.cgi?id=123685
425
426         Reviewed by Darin Adler.
427
428         * jit/JITStubsARM.h:
429
430 2013-11-02  Patrick Gansterer  <paroga@webkit.org>
431
432         Fix MSVC warning about unary minus operator
433         https://bugs.webkit.org/show_bug.cgi?id=123674
434
435         Reviewed by Darin Adler.
436
437         Change some static_cast<> to silence the following warning of Microsoft compiler:
438         warning C4146: unary minus operator applied to unsigned type, result still unsigned
439
440         * jit/Repatch.cpp:
441         (JSC::emitPutTransitionStub):
442
443 2013-11-02  Filip Pizlo  <fpizlo@apple.com>
444
445         Disable LLVM's pretty stack traces, which involve intercepting fatal signals
446         https://bugs.webkit.org/show_bug.cgi?id=123681
447
448         Reviewed by Geoffrey Garen.
449
450         * llvm/library/LLVMExports.cpp:
451         (initializeAndGetJSCLLVMAPI):
452
453 2013-11-02  Filip Pizlo  <fpizlo@apple.com>
454
455         LLVM assertion failures should funnel into WTF's crash handling
456         https://bugs.webkit.org/show_bug.cgi?id=123682
457
458         Reviewed by Geoffrey Garen.
459         
460         Inside llvmForJSC, we override assertion-related functions and funnel them
461         into g_llvmTrapCallback(). We also now register a fatal error handler inside
462         the library and funnel that into g_llvmTrapCallback, and have
463         initializeAndGetJSCLLVMAPI() take such a callback as an argument.
464         
465         Inside JSC, we no longer call LLVMInstallFatalErrorHandler() but instead we
466         pass WTFLogAlwaysAndCrash() as the trap callback for llvmForJSC.
467
468         * llvm/InitializeLLVM.cpp:
469         (JSC::initializeLLVM):
470         * llvm/InitializeLLVMPOSIX.cpp:
471         (JSC::initializeLLVMPOSIX):
472         * llvm/library/LLVMExports.cpp:
473         (llvmCrash):
474         (initializeAndGetJSCLLVMAPI):
475         * llvm/library/LLVMOverrides.cpp:
476         (raise):
477         (__assert_rtn):
478         (abort):
479         * llvm/library/LLVMTrapCallback.h: Added.
480
481 2013-11-02  Filip Pizlo  <fpizlo@apple.com>
482
483         CodeBlock::jettison() shouldn't call baselineVersion()
484         https://bugs.webkit.org/show_bug.cgi?id=123675
485
486         Reviewed by Geoffrey Garen.
487         
488         Fix more uses of baselineVersion().
489
490         * bytecode/CodeBlock.cpp:
491         (JSC::CodeBlock::jettison):
492         * bytecode/CodeBlock.h:
493         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
494         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
495
496 2013-11-02  Filip Pizlo  <fpizlo@apple.com>
497
498         LLVM asserts in internal-js-tests.yaml/Octane/stress-tests/mandreel.js
499         https://bugs.webkit.org/show_bug.cgi?id=123535
500
501         Reviewed by Geoffrey Garen.
502         
503         Use double comparisons for doubles.
504
505         * ftl/FTLLowerDFGToLLVM.cpp:
506         (JSC::FTL::LowerDFGToLLVM::doubleToInt32):
507
508 2013-11-02  Patrick Gansterer  <paroga@webkit.org>
509
510         Various small WinCE build fixes
511
512         * jsc.cpp:
513         (main):
514
515 2013-11-02  Patrick Gansterer  <paroga@webkit.org>
516
517         Fix MSVC ARM build after r157581.
518
519         * jit/JITStubsARM.h:
520
521 2013-11-01  Filip Pizlo  <fpizlo@apple.com>
522
523         FTL should use a simple optimization pipeline by default
524         https://bugs.webkit.org/show_bug.cgi?id=123638
525
526         Reviewed by Geoffrey Garen.
527         
528         20% speed-up on imagine-gaussian-blur, when combined with --ftlUsesStackmaps=true.
529
530         * ftl/FTLCompile.cpp:
531         (JSC::FTL::compile):
532         * runtime/Options.h:
533
534 2013-11-01  Andreas Kling  <akling@apple.com>
535
536         Neuter WTF_MAKE_FAST_ALLOCATED in GLOBAL_FASTMALLOC_NEW builds.
537         <https://webkit.org/b/123639>
538
539         JSC::ParserArenaRefCounted really needed to have the new/delete
540         operators overridden, in order for JSC::ScopeNode to be able to
541         choose that "operator new" out of the two it inherits.
542
543         Reviewed by Anders Carlsson.
544
545 2013-11-01  Filip Pizlo  <fpizlo@apple.com>
546
547         OSR exit profiling should be robust against all code being cleared
548         https://bugs.webkit.org/show_bug.cgi?id=123629
549         <rdar://problem/15365476>
550
551         Reviewed by Michael Saboff.
552         
553         The problem here is two-fold:
554
555         1) A watchpoint (i.e. ProfiledCodeBlockJettisoningWatchpoint) may be fired after we
556         have cleared the CodeBlock for all or some Executables.  This means that doing
557         codeBlock->baselineVersion() would either crash or return a bogus CodeBlock, since
558         there wasn't a baseline code block reachable from the Executable anymore.  The
559         solution is that we shouldn't be asking for the baseline code block reachable from
560         the owning executable (what baselineVersion did), but instead we should be asking
561         for the baseline version reachable from the code block being watchpointed (basically
562         what CodeBlock::alternative() did).
563
564         2) If dealing with inlined code, baselienCodeBlockForOriginAndBaselineCodeBlock()
565         may return null, for the same reason as above - we might have cleared the baseline
566         codeblock for the executable that was inlined.  The solution is to just not do
567         profiling if there isn't a baseline code block anymore.
568
569         * bytecode/CodeBlock.cpp:
570         (JSC::CodeBlock::baselineAlternative):
571         (JSC::CodeBlock::baselineVersion):
572         (JSC::CodeBlock::jettison):
573         * bytecode/CodeBlock.h:
574         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
575         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
576         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
577         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
578         * dfg/DFGOSRExitBase.cpp:
579         (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSiteSlow):
580         * jit/AssemblyHelpers.h:
581         (JSC::AssemblyHelpers::AssemblyHelpers):
582         * runtime/Executable.cpp:
583         (JSC::FunctionExecutable::baselineCodeBlockFor):
584
585 2013-10-31  Oliver Hunt  <oliver@apple.com>
586
587         JavaScript parser bug
588         https://bugs.webkit.org/show_bug.cgi?id=123506
589
590         Reviewed by Mark Lam.
591
592         Add ParserState as an abstraction and use that to save and restore
593         the parser state around nested functions (We'll need to use this in
594         more places in future).  Also fix a minor error typo this testcases
595         hit.
596
597         * parser/Parser.cpp:
598         (JSC::::parseFunctionInfo):
599         (JSC::::parseAssignmentExpression):
600         * parser/Parser.h:
601         (JSC::Parser::saveState):
602         (JSC::Parser::restoreState):
603
604 2013-10-31  Filip Pizlo  <fpizlo@apple.com>
605
606         FTL Int32ToDouble should handle the forward type check case where you need a recovery
607         https://bugs.webkit.org/show_bug.cgi?id=123605
608
609         Reviewed by Mark Hahnenberg.
610         
611         If you have a Int32ToDouble that needs to do a type check and it's required to do a
612         forward exit, then it needs to manually pass in a value recovery for itself in the
613         OSR exit - since this is one of those forward-exiting nodes that doesn't have a
614         preceding MovHint.
615
616         * ftl/FTLLowerDFGToLLVM.cpp:
617         (JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
618         (JSC::FTL::LowerDFGToLLVM::forwardTypeCheck):
619
620 2013-10-31  Filip Pizlo  <fpizlo@apple.com>
621
622         FTL should implement InvalidationPoint in terms of llvm.stackmap
623         https://bugs.webkit.org/show_bug.cgi?id=113647
624
625         Reviewed by Mark Hahnenberg.
626         
627         This is pretty straightforward now that InvalidationPoint has exactly the semantics
628         that agree with llvm.stackmap.
629
630         * ftl/FTLCompile.cpp:
631         (JSC::FTL::fixFunctionBasedOnStackMaps):
632         * ftl/FTLLowerDFGToLLVM.cpp:
633         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
634         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
635         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
636         (JSC::FTL::LowerDFGToLLVM::callStackmap):
637         * ftl/FTLOSRExitCompilationInfo.h:
638         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
639
640 2013-10-30  Oliver Hunt  <oliver@apple.com>
641
642         Implement basic ES6 Math functions
643         https://bugs.webkit.org/show_bug.cgi?id=123536
644
645         Reviewed by Michael Saboff.
646
647         Fairly trivial patch to implement the core ES6 Math functions.
648
649         This doesn't implement Math.hypot as it is not a trivial function.
650         I've also skipped Math.sign as I am yet to be convinced the spec
651         behaviour is good.  Everything else is trivial.
652
653         * runtime/MathObject.cpp:
654         (JSC::MathObject::finishCreation):
655         (JSC::mathProtoFuncACosh):
656         (JSC::mathProtoFuncASinh):
657         (JSC::mathProtoFuncATanh):
658         (JSC::mathProtoFuncCbrt):
659         (JSC::mathProtoFuncCosh):
660         (JSC::mathProtoFuncExpm1):
661         (JSC::mathProtoFuncFround):
662         (JSC::mathProtoFuncLog1p):
663         (JSC::mathProtoFuncLog10):
664         (JSC::mathProtoFuncLog2):
665         (JSC::mathProtoFuncSinh):
666         (JSC::mathProtoFuncTanh):
667         (JSC::mathProtoFuncTrunc):
668
669 2013-10-31  Filip Pizlo  <fpizlo@apple.com>
670
671         FTL::Location::restoreInto() doesn't handle stack-related registers correctly if you're using it after pushing a new stack frame
672         https://bugs.webkit.org/show_bug.cgi?id=123591
673
674         Reviewed by Mark Hahnenberg.
675         
676         This gets us to pass more tests with ftlUsesStackmaps.
677
678         * ftl/FTLLocation.cpp:
679         (JSC::FTL::Location::restoreInto):
680         * ftl/FTLLocation.h:
681         * ftl/FTLThunks.cpp:
682         (JSC::FTL::osrExitGenerationWithStackMapThunkGenerator):
683
684 2013-10-31  Alexey Proskuryakov  <ap@apple.com>
685
686         Enable WebCrypto on Mac
687         https://bugs.webkit.org/show_bug.cgi?id=123587
688
689         Reviewed by Anders Carlsson.
690
691         * Configurations/FeatureDefines.xcconfig: Do it.
692
693 2013-10-31  Filip Pizlo  <fpizlo@apple.com>
694
695         Unreviewed, really remove CachedTranscendentalFunction.h.
696
697         * GNUmakefile.list.am:
698         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
699
700 2013-10-31  Filip Pizlo  <fpizlo@apple.com>
701
702         Remove CachedTranscendentalFunction because caching math functions is an ugly idea
703         https://bugs.webkit.org/show_bug.cgi?id=123574
704
705         Reviewed by Mark Hahnenberg.
706         
707         This is performance-neutral because I also make Math.cos/sin intrinsic. This means that
708         we gain the "overhead" of actually computing sin and cos but we lose the overhead of
709         going through the native call thunks.
710         
711         Caching transcendental functions is a really ugly idea. It works for SunSpider because
712         that benchmark makes very predictable calls into Math.sin. But I don't believe that this
713         is representative of any kind of reality, and so for sensible uses of Math.sin/cos all
714         that this was doing was adding more call overhead and some hashing overhead.
715
716         * JavaScriptCore.xcodeproj/project.pbxproj:
717         * dfg/DFGAbstractInterpreterInlines.h:
718         (JSC::DFG::::executeEffects):
719         * dfg/DFGBackwardsPropagationPhase.cpp:
720         (JSC::DFG::BackwardsPropagationPhase::propagate):
721         * dfg/DFGByteCodeParser.cpp:
722         (JSC::DFG::ByteCodeParser::handleIntrinsic):
723         * dfg/DFGCSEPhase.cpp:
724         (JSC::DFG::CSEPhase::performNodeCSE):
725         * dfg/DFGClobberize.h:
726         (JSC::DFG::clobberize):
727         * dfg/DFGFixupPhase.cpp:
728         (JSC::DFG::FixupPhase::fixupNode):
729         * dfg/DFGNodeType.h:
730         * dfg/DFGPredictionPropagationPhase.cpp:
731         (JSC::DFG::PredictionPropagationPhase::propagate):
732         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
733         * dfg/DFGSafeToExecute.h:
734         (JSC::DFG::safeToExecute):
735         * dfg/DFGSpeculativeJIT.h:
736         (JSC::DFG::SpeculativeJIT::callOperation):
737         * dfg/DFGSpeculativeJIT32_64.cpp:
738         (JSC::DFG::SpeculativeJIT::compile):
739         * dfg/DFGSpeculativeJIT64.cpp:
740         (JSC::DFG::SpeculativeJIT::compile):
741         * jit/JITOperations.h:
742         * runtime/CachedTranscendentalFunction.h: Removed.
743         * runtime/DateInstanceCache.h:
744         * runtime/Intrinsic.h:
745         * runtime/MathObject.cpp:
746         (JSC::MathObject::finishCreation):
747         (JSC::mathProtoFuncCos):
748         (JSC::mathProtoFuncSin):
749         * runtime/VM.h:
750
751 2013-10-30  Filip Pizlo  <fpizlo@apple.com>
752
753         Assertion failure in js/dom/global-constructors-attributes-dedicated-worker.html
754         https://bugs.webkit.org/show_bug.cgi?id=123551
755         <rdar://problem/15356238>
756
757         Reviewed by Mark Hahnenberg.
758         
759         WatchpointSets have always had this "fire everything on deletion" policy because it
760         seemed like a good fail-safe at the time I first implemented WatchpointSets. But
761         it's actually causing bugs rather than providing safety:
762         
763         - Everyone who registers Watchpoints with WatchpointSets have separate mechanisms
764           for either keeping the WatchpointSets alive or noticing when they are collected.
765           So this wasn't actually providing any safety.
766           
767           One example of this is Structures, where:
768           
769           - CodeBlocks that register Watchpoints on Structure's WatchpointSet will also
770             register weak references to the Structure, and the GC will jettison a CodeBlock
771             if the Structure(s) it cares about dies.
772           
773           - StructureStubInfos that register Watchpoints on Structure's WatchpointSet will
774             also be cleared by GC if the Structures die.
775         
776         - The WatchpointSet destructor would get invoked from finalization/destruction.
777           This would then cause CodeBlock::jettison() to be called on a CodeBlock, but that
778           method requires doing things that access heap objects. This would usually cause
779           problems on VM destruction, since then the CodeBlocks would still be alive but the
780           whole heap would be destroyed.
781         
782         This also ensures that CodeBlock::jettison() cannot cause a GC. This is safe since
783         that method doesn't really allocate objects, and it is likely necessary because
784         jettison() may be called from deep in the stack.
785
786         * bytecode/CodeBlock.cpp:
787         (JSC::CodeBlock::jettison):
788         * bytecode/Watchpoint.cpp:
789         (JSC::WatchpointSet::~WatchpointSet):
790         * bytecode/Watchpoint.h:
791
792 2013-10-30  Mark Lam  <mark.lam@apple.com>
793
794         Unreviewed, fix C Loop LLINT build.
795
796         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
797         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
798         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
799         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
800
801 2013-10-30  Filip Pizlo  <fpizlo@apple.com>
802
803         Unreviewed, fix FTL build.
804
805         * ftl/FTLAbstractHeapRepository.h:
806         * ftl/FTLLowerDFGToLLVM.cpp:
807         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
808
809 2013-10-30  Alexey Proskuryakov  <ap@apple.com>
810
811         Add a way to fulfill promises from DOM code
812         https://bugs.webkit.org/show_bug.cgi?id=123466
813
814         Reviewed by Sam Weinig.
815
816         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSPromise.h and JSPromiseResolver.h
817         private headers for WebCore to use.
818
819         * runtime/JSPromise.h:
820         * runtime/JSPromiseResolver.h:
821         Export functions that JSDOMPromise will use.
822
823 2013-10-30  Mark Lam  <mark.lam@apple.com>
824
825         Adjust CallFrameHeader's ReturnPC and CallFrame locations to match the native ABI .
826         https://bugs.webkit.org/show_bug.cgi?id=123444.
827
828         Reviewed by Geoffrey Garen.
829
830         - Introduced an explicit CallerFrameAndPC struct.
831         - A CallFrame is expected to start with a CallerFrameAndPC struct. 
832         - The Register class no longer supports CallFrame* and Instruction*.
833
834           These hides the differences between JSVALUE32_64 and JSVALUE64 in
835           terms of managing the callerFrame() and returnPC() values.
836
837         - Convert all uses of JSStack::CallerFrame and JSStack::ReturnPC to
838           go through CallFrame to access the appropriate values and offsets.
839           CallFrame, in turn, will access the callerFrame and returnPC via
840           the CallerFrameAndPC struct.
841
842         - InlineCallFrame will provide offsets for its callerFrame and
843           returnPC. It will make use of CallFrame::callerFrameOffset() and
844           CallerFrame::returnPCOffset() to compute these.
845
846         * bytecode/CodeOrigin.h:
847         (JSC::InlineCallFrame::callerFrameOffset):
848         (JSC::InlineCallFrame::returnPCOffset):
849         * dfg/DFGJITCompiler.cpp:
850         (JSC::DFG::JITCompiler::compileEntry):
851         (JSC::DFG::JITCompiler::compileExceptionHandlers):
852         * dfg/DFGOSRExitCompilerCommon.cpp:
853         (JSC::DFG::reifyInlinedCallFrames):
854         * dfg/DFGSpeculativeJIT.h:
855         (JSC::DFG::SpeculativeJIT::calleeFrameSlot):
856         (JSC::DFG::SpeculativeJIT::calleeArgumentSlot):
857         (JSC::DFG::SpeculativeJIT::calleeFrameTagSlot):
858         (JSC::DFG::SpeculativeJIT::calleeFramePayloadSlot):
859         (JSC::DFG::SpeculativeJIT::calleeArgumentTagSlot):
860         (JSC::DFG::SpeculativeJIT::calleeArgumentPayloadSlot):
861         - Prefixed all the above with callee since they apply to the callee frame.
862         (JSC::DFG::SpeculativeJIT::calleeFrameCallerFrame):
863         - Added to set the callerFrame pointer in the callee frame.
864
865         * dfg/DFGSpeculativeJIT32_64.cpp:
866         (JSC::DFG::SpeculativeJIT::emitCall):
867         (JSC::DFG::SpeculativeJIT::compile):
868         * dfg/DFGSpeculativeJIT64.cpp:
869         (JSC::DFG::SpeculativeJIT::emitCall):
870         (JSC::DFG::SpeculativeJIT::compile):
871         * ftl/FTLLink.cpp:
872         (JSC::FTL::compileEntry):
873         (JSC::FTL::link):
874         * interpreter/CallFrame.h:
875         (JSC::ExecState::callerFrame):
876         (JSC::ExecState::callerFrameOffset):
877         (JSC::ExecState::returnPC):
878         (JSC::ExecState::hasReturnPC):
879         (JSC::ExecState::clearReturnPC):
880         (JSC::ExecState::returnPCOffset):
881         (JSC::ExecState::setCallerFrame):
882         (JSC::ExecState::setReturnPC):
883         (JSC::ExecState::callerFrameAndPC):
884         * interpreter/JSStack.h:
885         * interpreter/Register.h:
886         * jit/AssemblyHelpers.h:
887         (JSC::AssemblyHelpers::emitPutToCallFrameHeader):
888         - Convert to using storePtr() here and simplify the code.
889         (JSC::AssemblyHelpers::emitGetCallerFrameFromCallFrameHeaderPtr):
890         (JSC::AssemblyHelpers::emitPutCallerFrameToCallFrameHeader):
891         (JSC::AssemblyHelpers::emitGetReturnPCFromCallFrameHeaderPtr):
892         (JSC::AssemblyHelpers::emitPutReturnPCToCallFrameHeader):
893         - Helpers to emit gets/puts of the callerFrame and returnPC.
894         (JSC::AssemblyHelpers::addressForByteOffset):
895         * jit/JIT.cpp:
896         (JSC::JIT::JIT):
897         (JSC::JIT::privateCompile):
898         (JSC::JIT::privateCompileExceptionHandlers):
899         * jit/JITCall.cpp:
900         (JSC::JIT::compileCallEval):
901         (JSC::JIT::compileOpCall):
902         * jit/JITCall32_64.cpp:
903         (JSC::JIT::emit_op_ret):
904         (JSC::JIT::emit_op_ret_object_or_this):
905         (JSC::JIT::compileCallEval):
906         (JSC::JIT::compileOpCall):
907         * jit/JITInlines.h:
908         (JSC::JIT::unmap):
909         * jit/JITOpcodes.cpp:
910         (JSC::JIT::emit_op_end):
911         (JSC::JIT::emit_op_ret):
912         (JSC::JIT::emit_op_ret_object_or_this):
913         * jit/JITOpcodes32_64.cpp:
914         (JSC::JIT::privateCompileCTINativeCall):
915         (JSC::JIT::emit_op_end):
916         * jit/JITOperations.cpp:
917         * jit/SpecializedThunkJIT.h:
918         (JSC::SpecializedThunkJIT::returnJSValue):
919         (JSC::SpecializedThunkJIT::returnDouble):
920         (JSC::SpecializedThunkJIT::returnInt32):
921         (JSC::SpecializedThunkJIT::returnJSCell):
922         * jit/ThunkGenerators.cpp:
923         (JSC::throwExceptionFromCallSlowPathGenerator):
924         (JSC::slowPathFor):
925         (JSC::nativeForGenerator):
926
927         * llint/LLIntData.cpp:
928         (JSC::LLInt::Data::performAssertions):
929         * llint/LowLevelInterpreter.asm:
930         - Updated offsets and asserts to match the new CallFrame layout.
931
932 2013-10-30  Filip Pizlo  <fpizlo@apple.com>
933
934         Unreviewed, fix Mac.
935
936         * assembler/AbstractMacroAssembler.h:
937         (JSC::AbstractMacroAssembler::RegisterAllocationOffset::checkOffsets):
938         (JSC::AbstractMacroAssembler::checkRegisterAllocationAgainstBranchRange):
939
940 2013-10-30  Filip Pizlo  <fpizlo@apple.com>
941
942         Unreviewed, fix Windows.
943
944         * bytecode/CodeBlock.cpp:
945         (JSC::CodeBlock::jettison):
946
947 2013-10-30  Filip Pizlo  <fpizlo@apple.com>
948
949         Unreviewed, fix Windows.
950
951         * bytecode/CodeBlock.h:
952         (JSC::CodeBlock::addFrequentExitSite):
953
954 2013-10-29  Filip Pizlo  <fpizlo@apple.com>
955
956         Add InvalidationPoints to the DFG and use them for all watchpoints
957         https://bugs.webkit.org/show_bug.cgi?id=123472
958
959         Reviewed by Mark Hahnenberg.
960         
961         This makes a fundamental change to how watchpoints work in the DFG.
962         
963         Previously, a watchpoint was an instruction whose execution semantics were something
964         like:
965         
966             if (watchpoint->invalidated)
967                 exit
968         
969         We would implement this without any branch by using jump replacement.
970         
971         This is a very good optimization. But it's a bit awkward once you get a lot of
972         watchpoints: semantically we will have lots of these branches in the code, which the
973         compiler needs to reason about even though they don't actually result in any emitted
974         code.
975         
976         Separately, we also had a mechanism for jettisoning a CodeBlock. This mechanism would
977         be invoked if a CodeBlock exited a lot. It would ensure that a CodeBlock wouldn't be
978         called into again, but it would do nothing for CodeBlocks that were already on the
979         stack.
980         
981         This change flips jettisoning and watchpoint invalidation on their heads. Now, the jump
982         replacement has nothing to do with watchpoints; instead it's something that happens if
983         you ever jettison a CodeBlock. Jump replacement is now an all-or-nothing operation over
984         all of the potential call-return safe-exit-points in a CodeBlock. We call these
985         "InvalidationPoint"s. A watchpoint instruction is now "lowered" by having the DFG
986         collect all of the watchpoint sets that the CodeBlock cares about, and then registering
987         a CodeBlockJettisoningWatchpoint with all of them. That is, if the watchpoint fires, it
988         jettisons the CodeBlock, which in turn ensures that the CodeBlock can't be called into
989         (because the entrypoint now points to baseline code) and can't be returned into
990         (because returning exits to baseline before the next bytecode instruction).
991         
992         This will allow for a sensible lowering of watchpoints to LLVM IR. It will also allow
993         for jettison() to be used effectively for things like breakpointing and single-stepping
994         in the debugger.
995         
996         Well, basically, this mechanism just takes us into the HotSpot-style world where anyone
997         can, at any time and for any reason, request that an optimized CodeBlock is rendered
998         immediately invalid. You can use this for many cool things, I'm sure.
999
1000         * CMakeLists.txt:
1001         * GNUmakefile.list.am:
1002         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1003         * JavaScriptCore.xcodeproj/project.pbxproj:
1004         * assembler/AbstractMacroAssembler.h:
1005         * bytecode/CodeBlock.cpp:
1006         (JSC::CodeBlock::jettison):
1007         * bytecode/CodeBlock.h:
1008         * bytecode/CodeBlockJettisoningWatchpoint.cpp: Added.
1009         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
1010         * bytecode/CodeBlockJettisoningWatchpoint.h: Added.
1011         (JSC::CodeBlockJettisoningWatchpoint::CodeBlockJettisoningWatchpoint):
1012         * bytecode/ExitKind.cpp:
1013         (JSC::exitKindToString):
1014         * bytecode/ExitKind.h:
1015         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added.
1016         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
1017         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h: Added.
1018         (JSC::ProfiledCodeBlockJettisoningWatchpoint::ProfiledCodeBlockJettisoningWatchpoint):
1019         * dfg/DFGAbstractHeap.h:
1020         * dfg/DFGAbstractInterpreterInlines.h:
1021         (JSC::DFG::::executeEffects):
1022         * dfg/DFGClobberize.cpp:
1023         (JSC::DFG::writesOverlap):
1024         * dfg/DFGClobberize.h:
1025         (JSC::DFG::clobberize):
1026         (JSC::DFG::AbstractHeapOverlaps::AbstractHeapOverlaps):
1027         (JSC::DFG::AbstractHeapOverlaps::operator()):
1028         (JSC::DFG::AbstractHeapOverlaps::result):
1029         * dfg/DFGCommonData.cpp:
1030         (JSC::DFG::CommonData::invalidate):
1031         * dfg/DFGCommonData.h:
1032         (JSC::DFG::CommonData::CommonData):
1033         * dfg/DFGDesiredWatchpoints.cpp:
1034         (JSC::DFG::DesiredWatchpoints::addLazily):
1035         (JSC::DFG::DesiredWatchpoints::reallyAdd):
1036         * dfg/DFGDesiredWatchpoints.h:
1037         (JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet):
1038         (JSC::DFG::GenericDesiredWatchpoints::addLazily):
1039         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
1040         (JSC::DFG::GenericDesiredWatchpoints::areStillValid):
1041         * dfg/DFGFixupPhase.cpp:
1042         (JSC::DFG::FixupPhase::fixupNode):
1043         * dfg/DFGInvalidationPointInjectionPhase.cpp: Added.
1044         (JSC::DFG::InvalidationPointInjectionPhase::InvalidationPointInjectionPhase):
1045         (JSC::DFG::InvalidationPointInjectionPhase::run):
1046         (JSC::DFG::InvalidationPointInjectionPhase::handle):
1047         (JSC::DFG::InvalidationPointInjectionPhase::insertInvalidationCheck):
1048         (JSC::DFG::performInvalidationPointInjection):
1049         * dfg/DFGInvalidationPointInjectionPhase.h: Added.
1050         * dfg/DFGJITCode.h:
1051         * dfg/DFGJITCompiler.cpp:
1052         (JSC::DFG::JITCompiler::linkOSRExits):
1053         (JSC::DFG::JITCompiler::link):
1054         * dfg/DFGJITCompiler.h:
1055         * dfg/DFGJumpReplacement.cpp: Added.
1056         (JSC::DFG::JumpReplacement::fire):
1057         * dfg/DFGJumpReplacement.h: Added.
1058         (JSC::DFG::JumpReplacement::JumpReplacement):
1059         * dfg/DFGNodeType.h:
1060         * dfg/DFGOSRExitCompilationInfo.h:
1061         * dfg/DFGOperations.cpp:
1062         * dfg/DFGPlan.cpp:
1063         (JSC::DFG::Plan::compileInThreadImpl):
1064         (JSC::DFG::Plan::reallyAdd):
1065         * dfg/DFGPredictionPropagationPhase.cpp:
1066         (JSC::DFG::PredictionPropagationPhase::propagate):
1067         * dfg/DFGSafeToExecute.h:
1068         (JSC::DFG::safeToExecute):
1069         * dfg/DFGSpeculativeJIT.cpp:
1070         (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
1071         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1072         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1073         * dfg/DFGSpeculativeJIT.h:
1074         (JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
1075         (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
1076         * dfg/DFGSpeculativeJIT32_64.cpp:
1077         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1078         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1079         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1080         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
1081         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
1082         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1083         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1084         (JSC::DFG::SpeculativeJIT::compile):
1085         * dfg/DFGSpeculativeJIT64.cpp:
1086         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1087         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1088         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1089         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
1090         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
1091         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1092         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1093         (JSC::DFG::SpeculativeJIT::compile):
1094         * dfg/DFGWatchpointCollectionPhase.cpp: Added.
1095         (JSC::DFG::WatchpointCollectionPhase::WatchpointCollectionPhase):
1096         (JSC::DFG::WatchpointCollectionPhase::run):
1097         (JSC::DFG::WatchpointCollectionPhase::handle):
1098         (JSC::DFG::WatchpointCollectionPhase::handleEdge):
1099         (JSC::DFG::WatchpointCollectionPhase::handleMasqueradesAsUndefined):
1100         (JSC::DFG::WatchpointCollectionPhase::handleStringGetByVal):
1101         (JSC::DFG::WatchpointCollectionPhase::addLazily):
1102         (JSC::DFG::WatchpointCollectionPhase::globalObject):
1103         (JSC::DFG::performWatchpointCollection):
1104         * dfg/DFGWatchpointCollectionPhase.h: Added.
1105         * ftl/FTLCapabilities.cpp:
1106         (JSC::FTL::canCompile):
1107         * ftl/FTLLowerDFGToLLVM.cpp:
1108         (JSC::FTL::LowerDFGToLLVM::compileNode):
1109         (JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
1110         (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
1111         (JSC::FTL::LowerDFGToLLVM::compileGlobalVarWatchpoint):
1112         (JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
1113         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
1114         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant):
1115         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
1116         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1117         (JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
1118         * jit/JITOperations.cpp:
1119         * jit/JumpReplacementWatchpoint.cpp: Removed.
1120         * jit/JumpReplacementWatchpoint.h: Removed.
1121
1122 2013-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1123
1124         JSExport doesn't support constructors
1125         https://bugs.webkit.org/show_bug.cgi?id=123380
1126
1127         Reviewed by Geoffrey Garen.
1128
1129         Support for constructor-style callbacks for the Objective-C API to JSC is currently limited to 
1130         Objective-C blocks. Any clients who try to call the constructor of a JSExport-ed Objective-C class 
1131         are met with a type error stating that it cannot be called as a constructor.
1132
1133         It would be nice to expand JSExport's functionality to support this idiom. It is a natural 
1134         extension to JSExport and would increase the expressiveness and simplicity in both Objective-C and 
1135         JavaScript client code.
1136
1137         The way we'll do this is to expand the capabilities of ObjCCallbackFunction and associated classes. 
1138         Instead of constructing a normal C API object for the constructor, we'll instead allocate a full-blown 
1139         ObjCCallbackFunction object which can already properly handle being invoked as a constructor.
1140
1141         * API/JSWrapperMap.mm:
1142         (copyMethodsToObject):
1143         (allocateConstructorForCustomClass):
1144         (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
1145         (tryUnwrapObjcObject):
1146         * API/ObjCCallbackFunction.h:
1147         (JSC::ObjCCallbackFunction::impl):
1148         * API/ObjCCallbackFunction.mm:
1149         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
1150         (JSC::ObjCCallbackFunctionImpl::wrappedConstructor):
1151         (JSC::ObjCCallbackFunctionImpl::isConstructible):
1152         (JSC::ObjCCallbackFunction::getConstructData):
1153         (JSC::ObjCCallbackFunctionImpl::name):
1154         (JSC::ObjCCallbackFunctionImpl::call):
1155         (objCCallbackFunctionForInvocation):
1156         (objCCallbackFunctionForInit):
1157         (tryUnwrapConstructor):
1158         * API/tests/testapi.mm:
1159         (-[TextXYZ initWithString:]):
1160         (-[ClassA initWithA:]):
1161         (-[ClassB initWithA:b:]):
1162         (-[ClassC initWithA:]):
1163         (-[ClassC initWithA:b:]):
1164
1165 2013-10-30  peavo@outlook.com  <peavo@outlook.com>
1166
1167         [Win] Compile errors when enabling DFG JIT.
1168         https://bugs.webkit.org/show_bug.cgi?id=120998
1169
1170         Reviewed by Brent Fulgham.
1171
1172         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added files.
1173         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
1174         * dfg/DFGAllocator.h: Removed scope.
1175         * dfg/DFGWorklist.cpp: Use new ThreadingOnce class instead of pthread_once.
1176         (JSC::DFG::globalWorklist):
1177         * heap/DeferGC.h: Link fix, member needs to be public.
1178         * jit/JITOperationWrappers.h: Added required assembler macros.
1179
1180 2013-10-30  Iago Toral Quiroga  <itoral@igalia.com>
1181
1182         Add result caching for Math.cos
1183         https://bugs.webkit.org/show_bug.cgi?id=123255
1184
1185         Reviewed by Brent Fulgham.
1186
1187         * runtime/MathObject.cpp:
1188         (JSC::mathProtoFuncCos):
1189         * runtime/VM.h:
1190
1191 2013-10-30  Alex Christensen  <achristensen@webkit.org>
1192
1193         Disabled JIT on Win64.
1194         https://bugs.webkit.org/show_bug.cgi?id=122472
1195
1196         Reviewed by Geoffrey Garen.
1197
1198         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1199         Disabled building JITStubsMSVC64.
1200
1201 2013-10-29  Michael Saboff  <msaboff@apple.com>
1202
1203         Change local variable register allocation to start at offset -1
1204         https://bugs.webkit.org/show_bug.cgi?id=123182
1205
1206         Reviewed by Geoffrey Garen.
1207
1208         Adjusted the virtual register mapping down by one slot.  Reduced
1209         the CallFrame header slots offsets by one.  They now start at 0.
1210         Changed arity fixup to no longer skip passed register slot 0 as this
1211         is now part of the CallFrame header.
1212
1213         * bytecode/VirtualRegister.h:
1214         (JSC::operandIsLocal):
1215         (JSC::operandIsArgument):
1216         (JSC::VirtualRegister::localToOperand):
1217         (JSC::VirtualRegister::operandToLocal):
1218           Adjusted functions for shift in mapping from local to register offset.
1219
1220         * dfg/DFGByteCodeParser.cpp:
1221         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
1222         (JSC::DFG::ByteCodeParser::addCall):
1223         (JSC::DFG::ByteCodeParser::handleInlining):
1224         (JSC::DFG::ByteCodeParser::parseBlock):
1225         * dfg/DFGVariableEventStream.cpp:
1226         (JSC::DFG::VariableEventStream::reconstruct):
1227         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1228         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1229         * interpreter/CallFrame.h:
1230         (JSC::ExecState::frameExtent):
1231         (JSC::ExecState::offsetFor):
1232         * interpreter/Interpreter.cpp:
1233         (JSC::loadVarargs):
1234         (JSC::Interpreter::dumpRegisters):
1235         (JSC::Interpreter::executeCall):
1236         * llint/LLIntData.cpp:
1237         (JSC::LLInt::Data::performAssertions):
1238         * llint/LowLevelInterpreter.asm:
1239           Adjusted math to accomodate for shift in call frame slots.
1240
1241         * dfg/DFGJITCompiler.cpp:
1242         (JSC::DFG::JITCompiler::compileFunction):
1243         * dfg/DFGSpeculativeJIT.h:
1244         (JSC::DFG::SpeculativeJIT::calleeFrameOffset):
1245         * interpreter/CallFrame.cpp:
1246         (JSC::CallFrame::frameExtentInternal):
1247         * interpreter/JSStackInlines.h:
1248         (JSC::JSStack::pushFrame):
1249         * jit/JIT.cpp:
1250         (JSC::JIT::privateCompile):
1251         * jit/JITOperations.cpp:
1252         * llint/LLIntSlowPaths.cpp:
1253         (JSC::LLInt::llint_slow_path_stack_check):
1254         * runtime/CommonSlowPaths.h:
1255         (JSC::CommonSlowPaths::arityCheckFor):
1256           Fixed offset calculation to use VirtualRegister and related calculation instead of
1257           doing seperate calculations.
1258
1259         * interpreter/JSStack.h:
1260           Adjusted CallFrame slots down by one.  Did some miscellaneous fixing of dumpRegisters()
1261           in the process of testing the fixes.
1262
1263         * jit/ThunkGenerators.cpp:
1264         (JSC::arityFixup):
1265           Changed arity fixup to no longer skip passed register slot 0 as this
1266           is now part of the CallFrame header.
1267
1268         * llint/LowLevelInterpreter32_64.asm:
1269         * llint/LowLevelInterpreter64.asm:
1270           Changed arity fixup to no longer skip passed register slot 0 as this
1271           is now part of the CallFrame header.  Updated op_enter processing for
1272           the change in local registers.
1273
1274         * runtime/JSGlobalObject.h:
1275           Removed the now unneeded extra slot in the global callframe
1276
1277 2013-10-29  Julien Brianceau  <jbriance@cisco.com>
1278
1279         [arm] Fix lots of crashes because of 4th argument register trampling.
1280         https://bugs.webkit.org/show_bug.cgi?id=123421
1281
1282         Reviewed by Michael Saboff.
1283
1284         r3 register is the 4th argument register for ARM and also a scratch
1285         register in the baseline JIT for this architecture. We can use r6
1286         instead, as this used to be the timeoutCheckRegister and it is no
1287         longer used since r148119.
1288
1289         * assembler/ARMAssembler.h: Temp register is now r6 instead of r3 for ARM.
1290         * assembler/MacroAssemblerARMv7.h: Temp register is now r6 instead of r3 for ARMv7.
1291         * jit/GPRInfo.h: Add r3 properly in GPRInfo for ARM.
1292         (JSC::GPRInfo::toRegister):
1293         (JSC::GPRInfo::toIndex):
1294         * jit/JITStubsARM.h:
1295         (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init.
1296         * jit/JITStubsARMv7.h:
1297         (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init.
1298         * jit/JSInterfaceJIT.h: Remove useless stuff.
1299         * yarr/YarrJIT.cpp: Use r3 and not the new scratch register r6.
1300         (JSC::Yarr::YarrGenerator::generateEnter): r8 register doesn't need to be saved.
1301         (JSC::Yarr::YarrGenerator::generateReturn):
1302
1303 2013-10-29  Julien Brianceau  <jbriance@cisco.com>
1304
1305         Fix CPU(ARM_TRADITIONAL) build after r157690.
1306         https://bugs.webkit.org/show_bug.cgi?id=123247
1307
1308         Reviewed by Michael Saboff.
1309
1310         Since r157690, the executableCopy function has been removed from AssemblerBuffer.h
1311         and the copy of executable code occurs in the linkCode function (in LinkBuffer.cpp).
1312         As the constant pool for jumps is updated in the executableCopy function of ARM_TRADITIONAL,
1313         this part of code still needs to be called and absolute jumps must be corrected to anticipate
1314         the copy of the executable code through memcpy.
1315
1316         * assembler/ARMAssembler.cpp:
1317         (JSC::ARMAssembler::prepareExecutableCopy): Rename executableCopy to prepareExecutableCopy
1318         and correct absolute jump values using the delta between the source and destination buffers.
1319         * assembler/ARMAssembler.h:
1320         * assembler/LinkBuffer.cpp:
1321         (JSC::LinkBuffer::linkCode): Call prepareExecutableCopy just before the memcpy.
1322
1323 2013-10-28  Filip Pizlo  <fpizlo@apple.com>
1324
1325         OSRExit::m_watchpointIndex should be in OSRExitCompilationInfo
1326         https://bugs.webkit.org/show_bug.cgi?id=123423
1327
1328         Reviewed by Mark Hahnenberg.
1329         
1330         Also enable ExitKind to tell you if it's a watchpoint.
1331
1332         * bytecode/ExitKind.cpp:
1333         (JSC::exitKindToString):
1334         * bytecode/ExitKind.h:
1335         (JSC::isWatchpoint):
1336         * dfg/DFGByteCodeParser.cpp:
1337         (JSC::DFG::ByteCodeParser::setLocal):
1338         (JSC::DFG::ByteCodeParser::setArgument):
1339         (JSC::DFG::ByteCodeParser::handleCall):
1340         (JSC::DFG::ByteCodeParser::handleGetById):
1341         (JSC::DFG::ByteCodeParser::parseBlock):
1342         * dfg/DFGJITCompiler.cpp:
1343         (JSC::DFG::JITCompiler::linkOSRExits):
1344         (JSC::DFG::JITCompiler::link):
1345         * dfg/DFGJITCompiler.h:
1346         (JSC::DFG::JITCompiler::appendExitInfo):
1347         * dfg/DFGOSRExit.cpp:
1348         (JSC::DFG::OSRExit::OSRExit):
1349         * dfg/DFGOSRExit.h:
1350         * dfg/DFGOSRExitCompilationInfo.h:
1351         (JSC::DFG::OSRExitCompilationInfo::OSRExitCompilationInfo):
1352         * dfg/DFGOSRExitCompiler.cpp:
1353         * dfg/DFGSpeculativeJIT.cpp:
1354         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
1355         * dfg/DFGSpeculativeJIT32_64.cpp:
1356         (JSC::DFG::SpeculativeJIT::compile):
1357         * dfg/DFGSpeculativeJIT64.cpp:
1358         (JSC::DFG::SpeculativeJIT::compile):
1359
1360 2013-10-28  Myles C. Maxfield  <mmaxfield@apple.com>
1361
1362         Parsing support for -webkit-text-decoration-skip: ink
1363         https://bugs.webkit.org/show_bug.cgi?id=123358
1364
1365         Reviewed by Dean Jackson.
1366
1367         Adding ENABLE(CSS3_TEXT_DECORATION)
1368
1369         * Configurations/FeatureDefines.xcconfig:
1370
1371 2013-10-24  Filip Pizlo  <fpizlo@apple.com>
1372
1373         Get rid of InlineStart so that I don't have to implement it in FTL
1374         https://bugs.webkit.org/show_bug.cgi?id=123302
1375
1376         Reviewed by Geoffrey Garen.
1377         
1378         InlineStart was a special instruction that we would insert at the top of inlined code,
1379         so that the backend could capture the OSR state of arguments to an inlined call. It used
1380         to be that only the backend had this information, so this instruction was sort of an ugly
1381         callback from the backend for filling in some data structures.
1382         
1383         But in the time since when that code was written (two years ago?), we rationalized how
1384         variables work. It's now the case that variables that the runtime must know about are
1385         treated specially in IR (they are "flushed") and we know how we will represent them even
1386         before we get to the backend. The last place that makes changes to their representation
1387         is the StackLayoutPhase.
1388         
1389         So, this patch gets rid of InlineStart, but keeps around the special meta-data that the
1390         instruction had. Instead of handling the bookkeeping in the backend, we handle it in
1391         StackLayoutPhase. This means that the DFG and FTL can share code for handling this
1392         bookkeeping. This also means that now the FTL can compile code blocks that had inlining.
1393         
1394         Of course, giving the FTL the ability to handle code blocks that had inlining means that
1395         we're going to have new bugs. Sure enough, the FTL's linker didn't handle inline call
1396         frames. This patch also fixes that.
1397
1398         * dfg/DFGAbstractInterpreterInlines.h:
1399         (JSC::DFG::::executeEffects):
1400         * dfg/DFGByteCodeParser.cpp:
1401         (JSC::DFG::ByteCodeParser::handleInlining):
1402         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1403         * dfg/DFGClobberize.h:
1404         (JSC::DFG::clobberize):
1405         * dfg/DFGFixupPhase.cpp:
1406         (JSC::DFG::FixupPhase::fixupNode):
1407         * dfg/DFGGraph.h:
1408         * dfg/DFGNode.h:
1409         * dfg/DFGNodeType.h:
1410         * dfg/DFGPredictionPropagationPhase.cpp:
1411         (JSC::DFG::PredictionPropagationPhase::propagate):
1412         * dfg/DFGSafeToExecute.h:
1413         (JSC::DFG::safeToExecute):
1414         * dfg/DFGSpeculativeJIT.cpp:
1415         * dfg/DFGSpeculativeJIT.h:
1416         * dfg/DFGSpeculativeJIT32_64.cpp:
1417         (JSC::DFG::SpeculativeJIT::compile):
1418         * dfg/DFGSpeculativeJIT64.cpp:
1419         (JSC::DFG::SpeculativeJIT::compile):
1420         * dfg/DFGStackLayoutPhase.cpp:
1421         (JSC::DFG::StackLayoutPhase::run):
1422         * ftl/FTLLink.cpp:
1423         (JSC::FTL::link):
1424
1425 2013-10-24  Filip Pizlo  <fpizlo@apple.com>
1426
1427         The GetById->GetByOffset AI-based optimization should actually do things
1428         https://bugs.webkit.org/show_bug.cgi?id=123299
1429
1430         Reviewed by Oliver Hunt.
1431         
1432         20% speed-up on Octane/gbemu.
1433
1434         * bytecode/GetByIdStatus.cpp:
1435         (JSC::GetByIdStatus::computeFor): Actually finish filling in the Status by setting the state. Previously it would remain set to NoInformation, meaning that this whole method was a no-op.
1436
1437 2013-10-28  Carlos Garcia Campos  <cgarcia@igalia.com>
1438
1439         Unreviewed. Fix make distcheck.
1440
1441         * GNUmakefile.list.am: Add missing files to compilation.
1442
1443 2013-10-25  Oliver Hunt  <oliver@apple.com>
1444
1445         Refactor parser rollback logic
1446         https://bugs.webkit.org/show_bug.cgi?id=123372
1447
1448         Reviewed by Brady Eidson.
1449
1450         Add a sane abstraction for rollbacks in the parser.
1451
1452         * parser/Parser.cpp:
1453         (JSC::::parseSourceElements):
1454         (JSC::::parseObjectLiteral):
1455         * parser/Parser.h:
1456         (JSC::Parser::createSavePoint):
1457         (JSC::Parser::restoreSavePoint):
1458
1459 2013-10-25  peavo@outlook.com  <peavo@outlook.com>
1460
1461         [Win] Javascript crash with DFG JIT enabled.
1462         https://bugs.webkit.org/show_bug.cgi?id=121001
1463
1464         Reviewed by Geoffrey Garen.
1465
1466         On windows, using register GPRInfo::regT0 as parameter to e.g. JIT::storeDouble(..., GPRInfo::regT0)),
1467         results in a call to JIT::storeDouble(FPRegisterID src, const void* address),
1468         where the address parameter gets the value of GPRInfo::regT0, which is 0 (eax on Windows).
1469         This causes the register to be written to address 0, hence the crash.
1470   
1471         * assembler/MacroAssemblerX86.h:
1472         (JSC::MacroAssemblerX86::storeDouble): Assert if we try to generate code which writes to a null pointer.
1473         * dfg/DFGOSRExitCompiler32_64.cpp:
1474         (JSC::DFG::OSRExitCompiler::compileExit): Use address in regT0 as parameter.
1475         * dfg/DFGThunks.cpp:
1476         (JSC::DFG::osrExitGenerationThunkGenerator): Ditto.
1477
1478 2013-10-25  Oliver Hunt  <oliver@apple.com>
1479
1480         Fix a number of problems with destructuring of arguments
1481         https://bugs.webkit.org/show_bug.cgi?id=123357
1482
1483         Reviewed by Filip Pizlo.
1484
1485         This renames the destructuring node's emitBytecode to bindValue
1486         in order to remove the existing confusion over what was happening.
1487
1488         We then fix an incorrect fall through in the destructuring arguments
1489         logic, and fix the then exposed bug where we placed the index rather
1490         than value into the bound property.
1491
1492         * bytecompiler/BytecodeGenerator.cpp:
1493         (JSC::BytecodeGenerator::BytecodeGenerator):
1494         * bytecompiler/NodesCodegen.cpp:
1495         (JSC::ForInNode::emitBytecode):
1496         (JSC::ForOfNode::emitBytecode):
1497         (JSC::DeconstructingAssignmentNode::emitBytecode):
1498         (JSC::ArrayPatternNode::bindValue):
1499         (JSC::ArrayPatternNode::emitDirectBinding):
1500         (JSC::ObjectPatternNode::bindValue):
1501         (JSC::BindingNode::bindValue):
1502         * parser/Nodes.h:
1503
1504 2013-10-25  Joseph Pecoraro  <pecoraro@apple.com>
1505
1506         Upstream ENABLE(REMOTE_INSPECTOR) and enable on iOS and Mac
1507         https://bugs.webkit.org/show_bug.cgi?id=123111
1508
1509         Reviewed by Timothy Hatcher.
1510
1511         * Configurations/FeatureDefines.xcconfig:
1512
1513 2013-10-25  Oliver Hunt  <oliver@apple.com>
1514
1515         Fix MSVC again
1516
1517         * parser/Parser.cpp:
1518
1519 2013-10-25  Oliver Hunt  <oliver@apple.com>
1520
1521         Fix MSVC
1522
1523         * parser/Parser.cpp:
1524
1525 2013-10-25  Oliver Hunt  <oliver@apple.com>
1526
1527         Improve JSC Parser error messages
1528         https://bugs.webkit.org/show_bug.cgi?id=123341
1529
1530         Reviewed by Andreas Kling.
1531
1532         This patch moves away from the current cludgy mechanisms used to produce
1533         error messages and moves to something closer to case by case errors.
1534
1535         This results in a large change size as previously we may just have
1536         'failIfFalse(foo)', but now the logic becomes either
1537         'failIfFalseWithMessage(foo, "Cannot do blah with ", foo->thing())'
1538         Or alternatively
1539
1540         if (!foo)
1541             check for 'interesting' errors, before falling back to generic error
1542
1543         This means that this patch is large, but produces no semantic changes, and
1544         only hits slow (e.g. error) paths.
1545
1546         * parser/Parser.cpp:
1547         (JSC::::Parser):
1548         (JSC::::parseSourceElements):
1549         (JSC::::parseVarDeclaration):
1550         (JSC::::parseConstDeclaration):
1551         (JSC::::parseDoWhileStatement):
1552         (JSC::::parseWhileStatement):
1553         (JSC::::parseVarDeclarationList):
1554         (JSC::::createBindingPattern):
1555         (JSC::::parseDeconstructionPattern):
1556         (JSC::::parseConstDeclarationList):
1557         (JSC::::parseForStatement):
1558         (JSC::::parseBreakStatement):
1559         (JSC::::parseContinueStatement):
1560         (JSC::::parseReturnStatement):
1561         (JSC::::parseThrowStatement):
1562         (JSC::::parseWithStatement):
1563         (JSC::::parseSwitchStatement):
1564         (JSC::::parseSwitchClauses):
1565         (JSC::::parseSwitchDefaultClause):
1566         (JSC::::parseTryStatement):
1567         (JSC::::parseDebuggerStatement):
1568         (JSC::::parseBlockStatement):
1569         (JSC::::parseStatement):
1570         (JSC::::parseFormalParameters):
1571         (JSC::::parseFunctionBody):
1572         (JSC::stringForFunctionMode):
1573         (JSC::::parseFunctionInfo):
1574         (JSC::::parseFunctionDeclaration):
1575         (JSC::::parseExpressionOrLabelStatement):
1576         (JSC::::parseExpressionStatement):
1577         (JSC::::parseIfStatement):
1578         (JSC::::parseExpression):
1579         (JSC::::parseAssignmentExpression):
1580         (JSC::::parseConditionalExpression):
1581         (JSC::::parseBinaryExpression):
1582         (JSC::::parseProperty):
1583         (JSC::::parseObjectLiteral):
1584         (JSC::::parseStrictObjectLiteral):
1585         (JSC::::parseArrayLiteral):
1586         (JSC::::parsePrimaryExpression):
1587         (JSC::::parseArguments):
1588         (JSC::::parseMemberExpression):
1589         (JSC::operatorString):
1590         (JSC::::parseUnaryExpression):
1591         (JSC::::printUnexpectedTokenText):
1592         * parser/Parser.h:
1593         (JSC::Scope::hasDeclaredVariable):
1594         (JSC::Scope::hasDeclaredParameter):
1595         (JSC::Parser::hasDeclaredVariable):
1596         (JSC::Parser::hasDeclaredParameter):
1597         (JSC::Parser::setErrorMessage):
1598
1599 2013-10-24  Mark Rowe  <mrowe@apple.com>
1600
1601         Remove references to OS X 10.7 from Xcode configuration settings.
1602
1603         Now that we're not building for OS X 10.7 they're no longer needed.
1604
1605         Reviewed by Anders Carlsson.
1606
1607         * Configurations/Base.xcconfig:
1608         * Configurations/DebugRelease.xcconfig:
1609         * Configurations/FeatureDefines.xcconfig:
1610         * Configurations/Version.xcconfig:
1611
1612 2013-10-24  Mark Rowe  <mrowe@apple.com>
1613
1614         <rdar://problem/15312643> Prepare for the mysterious future.
1615
1616         Reviewed by David Kilzer.
1617
1618         * Configurations/Base.xcconfig:
1619         * Configurations/DebugRelease.xcconfig:
1620         * Configurations/FeatureDefines.xcconfig:
1621         * Configurations/Version.xcconfig:
1622
1623 2013-10-24  Mark Lam  <mark.lam@apple.com>
1624
1625         Better way to fix part of broken C Loop LLINT build.
1626         https://bugs.webkit.org/show_bug.cgi?id=123271.
1627
1628         Reviewed by Geoffrey Garen.
1629
1630         Undoing offline asm hackery.
1631
1632         * llint/LowLevelInterpreter.cpp:
1633         * llint/LowLevelInterpreter32_64.asm:
1634         * llint/LowLevelInterpreter64.asm:
1635         * offlineasm/cloop.rb:
1636         * offlineasm/instructions.rb:
1637
1638 2013-10-24  Mark Lam  <mark.lam@apple.com>
1639
1640         Fix broken C Loop LLINT build.
1641         https://bugs.webkit.org/show_bug.cgi?id=123271.
1642
1643         Reviewed by Michael Saboff.
1644
1645         * bytecode/CodeBlock.cpp:
1646         (JSC::CodeBlock::printGetByIdCacheStatus): Added an UNUSED_PARAM().
1647         (JSC::CodeBlock::dumpBytecode): Added #if ENABLE(JIT) to JIT only code.
1648         * bytecode/GetByIdStatus.cpp:
1649         (JSC::GetByIdStatus::computeFor): Added an UNUSED_PARAM().
1650         * bytecode/PutByIdStatus.cpp:
1651         (JSC::PutByIdStatus::computeFor): Added an UNUSED_PARAM().
1652         * bytecode/StructureStubInfo.h:
1653         - Added a stub StubInfoMap for non-JIT builds. StubInfoMap is still used
1654           in function prototypes even when !ENABLE(JIT). Rather that adding #if's
1655           in many places, we just provide a stub/placeholder implementation that
1656           is unused but keeps the compiler happy.
1657         * jit/JITOperations.h: Added #if ENABLE(JIT).
1658         * llint/LowLevelInterpreter32_64.asm:
1659         * llint/LowLevelInterpreter64.asm:
1660         - The putByVal() macro reifies a slow path which is never taken in one case.
1661           This translates into a label that is never used in the C Loop LLINT. The
1662           C++ compiler doesn't like unused labels. So, we fix this by adding a
1663           cloopUnusedLabel offline asm instruction that synthesizes the following:
1664
1665               if (false) goto unusedLabel;
1666
1667           This keeps the C++ compiler happy without changing code behavior.
1668         * offlineasm/cloop.rb: Implementing cloopUnusedLabel.
1669         * offlineasm/instructions.rb: Declaring cloopUnusedLabel.
1670         * runtime/Executable.cpp:
1671         (JSC::setupJIT): Added UNUSED_PARAM()s.
1672         (JSC::ScriptExecutable::prepareForExecutionImpl):
1673         - run-javascriptcore-tests have phases that forces the LLINT to be off
1674           which in turn asserts that the JIT is enabled. With the C Loop LLINT,
1675           this combination is illegal. So, we override the setup code here to
1676           always use the LLINT if !ENABLE(JIT) regardless of what options are
1677           passed in.
1678
1679 2013-10-24  peavo@outlook.com  <peavo@outlook.com>
1680
1681         Uninitialized member causes crash when DFG JIT is not enabled.
1682         https://bugs.webkit.org/show_bug.cgi?id=123270
1683
1684         Reviewed by Brent Fulgham.
1685
1686         The data member sizeOfLastScratchBuffer in the VM class is only initialized if DFG JIT is enabled, even though it's defined regardless.
1687         This causes an early crash on Windows, which doesn't have DFG JIT enabled.
1688
1689         * runtime/VM.cpp:
1690         (JSC::VM::VM): Initialize sizeOfLastScratchBuffer member regardless of whether DFG JIT is enabled.
1691
1692 2013-10-24  Ryuan Choi  <ryuan.choi@samsung.com>
1693
1694         [EFL] Build break with latest EFL 1.8 libraries.
1695         https://bugs.webkit.org/show_bug.cgi?id=123245
1696
1697         Reviewed by Gyuyoung Kim.
1698
1699         After fixed build break on EFL 1.8 at r138326, EFL libraries are changed
1700         Eo typedef and splitted header files which contain version macro.
1701
1702         * PlatformEfl.cmake: Added EO path to include directories.
1703         * heap/HeapTimer.h: Changed Ecore_Timer typedef when EO exist.
1704
1705 2013-10-23  Filip Pizlo  <fpizlo@apple.com>
1706
1707         Put all uses of LLVM intrinsics behind a single Option
1708         https://bugs.webkit.org/show_bug.cgi?id=123219
1709
1710         Reviewed by Mark Hahnenberg.
1711
1712         * ftl/FTLExitThunkGenerator.cpp:
1713         (JSC::FTL::ExitThunkGenerator::emitThunk):
1714         * ftl/FTLLowerDFGToLLVM.cpp:
1715         (JSC::FTL::generateExitThunks):
1716         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1717         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
1718         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
1719         * ftl/FTLOSRExitCompiler.cpp:
1720         (JSC::FTL::compileFTLOSRExit):
1721         * runtime/Options.h:
1722
1723 2013-10-23  Daniel Bates  <dabates@apple.com>
1724
1725         Fix JavaScriptCore build targets following <http://trac.webkit.org/changeset/157864>
1726         (https://bugs.webkit.org/show_bug.cgi?id=123169)
1727
1728         Tell Xcode that the supported platforms for all JavaScriptCore targets are iOS and OS X.
1729
1730         * Configurations/Base.xcconfig:
1731
1732 2013-10-23  Michael Saboff  <msaboff@apple.com>
1733
1734         LLInt arity check exception processing should start unwinding from caller
1735         https://bugs.webkit.org/show_bug.cgi?id=123209
1736
1737         Reviewed by Oliver Hunt.
1738
1739         Use the caller frame returned from slow_path_call_arityCheck to process exceptions.
1740
1741         * llint/LowLevelInterpreter32_64.asm:
1742         * llint/LowLevelInterpreter64.asm:
1743
1744 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
1745
1746         FTL should be able to do some simple inline caches using LLVM patchpoints
1747         https://bugs.webkit.org/show_bug.cgi?id=123164
1748
1749         Reviewed by Mark Hahnenberg.
1750         
1751         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
1752         
1753         The idea is that we ask LLVM for a nop slide the size of a GetById inline
1754         cache and then fill in the code after LLVM compilation is complete. For now, we
1755         just use the system calling convention for the arguments and return. We also
1756         still make some assumptions about registers that aren't correct. But, most of
1757         the scaffolding is there and this will successfully patch an inline cache.
1758
1759         * JavaScriptCore.xcodeproj/project.pbxproj:
1760         * assembler/AbstractMacroAssembler.h:
1761         * assembler/LinkBuffer.cpp:
1762         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
1763         (JSC::LinkBuffer::linkCode):
1764         (JSC::LinkBuffer::allocate):
1765         * assembler/LinkBuffer.h:
1766         (JSC::LinkBuffer::LinkBuffer):
1767         (JSC::LinkBuffer::link):
1768         * ftl/FTLAbbreviations.h:
1769         (JSC::FTL::constNull):
1770         (JSC::FTL::buildCall):
1771         * ftl/FTLCapabilities.cpp:
1772         (JSC::FTL::canCompile):
1773         * ftl/FTLCompile.cpp:
1774         (JSC::FTL::fixFunctionBasedOnStackMaps):
1775         * ftl/FTLInlineCacheDescriptor.h: Added.
1776         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
1777         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
1778         (JSC::FTL::GetByIdDescriptor::stackmapID):
1779         (JSC::FTL::GetByIdDescriptor::codeOrigin):
1780         (JSC::FTL::GetByIdDescriptor::uid):
1781         * ftl/FTLInlineCacheSize.cpp: Added.
1782         (JSC::FTL::sizeOfGetById):
1783         (JSC::FTL::sizeOfPutById):
1784         * ftl/FTLInlineCacheSize.h: Added.
1785         * ftl/FTLIntrinsicRepository.h:
1786         * ftl/FTLJITFinalizer.cpp:
1787         (JSC::FTL::JITFinalizer::finalizeFunction):
1788         * ftl/FTLJITFinalizer.h:
1789         * ftl/FTLLocation.cpp:
1790         (JSC::FTL::Location::directGPR):
1791         * ftl/FTLLocation.h:
1792         * ftl/FTLLowerDFGToLLVM.cpp:
1793         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1794         * ftl/FTLOutput.h:
1795         (JSC::FTL::Output::call):
1796         * ftl/FTLSlowPathCall.cpp: Added.
1797         (JSC::FTL::callOperation):
1798         * ftl/FTLSlowPathCall.h: Added.
1799         (JSC::FTL::SlowPathCall::SlowPathCall):
1800         (JSC::FTL::SlowPathCall::call):
1801         (JSC::FTL::SlowPathCall::key):
1802         * ftl/FTLSlowPathCallKey.cpp: Added.
1803         (JSC::FTL::SlowPathCallKey::dump):
1804         * ftl/FTLSlowPathCallKey.h: Added.
1805         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
1806         (JSC::FTL::SlowPathCallKey::usedRegisters):
1807         (JSC::FTL::SlowPathCallKey::callTarget):
1808         (JSC::FTL::SlowPathCallKey::offset):
1809         (JSC::FTL::SlowPathCallKey::isEmptyValue):
1810         (JSC::FTL::SlowPathCallKey::isDeletedValue):
1811         (JSC::FTL::SlowPathCallKey::operator==):
1812         (JSC::FTL::SlowPathCallKey::hash):
1813         (JSC::FTL::SlowPathCallKeyHash::hash):
1814         (JSC::FTL::SlowPathCallKeyHash::equal):
1815         * ftl/FTLStackMaps.cpp:
1816         (JSC::FTL::StackMaps::Location::directGPR):
1817         * ftl/FTLStackMaps.h:
1818         * ftl/FTLState.h:
1819         * ftl/FTLThunks.cpp:
1820         (JSC::FTL::slowPathCallThunkGenerator):
1821         * ftl/FTLThunks.h:
1822         (JSC::FTL::Thunks::getSlowPathCallThunk):
1823         * jit/CCallHelpers.h:
1824         (JSC::CCallHelpers::setupArguments):
1825         * jit/GPRInfo.h:
1826         * jit/JITInlineCacheGenerator.cpp:
1827         (JSC::garbageStubInfo):
1828         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
1829         (JSC::JITByIdGenerator::finalize):
1830         * jit/JITInlineCacheGenerator.h:
1831         (JSC::JITByIdGenerator::slowPathBegin):
1832         * jit/RegisterSet.cpp:
1833         (JSC::RegisterSet::stackRegisters):
1834         (JSC::RegisterSet::specialRegisters):
1835         (JSC::RegisterSet::calleeSaveRegisters):
1836         (JSC::RegisterSet::allGPRs):
1837         (JSC::RegisterSet::allFPRs):
1838         (JSC::RegisterSet::allRegisters):
1839         (JSC::RegisterSet::dump):
1840         * jit/RegisterSet.h:
1841         (JSC::RegisterSet::exclude):
1842         (JSC::RegisterSet::numberOfSetRegisters):
1843         (JSC::RegisterSet::RegisterSet):
1844         (JSC::RegisterSet::isEmptyValue):
1845         (JSC::RegisterSet::isDeletedValue):
1846         (JSC::RegisterSet::operator==):
1847         (JSC::RegisterSet::hash):
1848         (JSC::RegisterSetHash::hash):
1849         (JSC::RegisterSetHash::equal):
1850         * runtime/Options.h:
1851
1852 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
1853
1854         jitCompileAndSetHeuristics should DeferGCForAWhile
1855         https://bugs.webkit.org/show_bug.cgi?id=123196
1856
1857         Reviewed by Mark Hahnenberg.
1858         
1859         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
1860         my machines. I don't think this is testable; we just need to steadily converge towards
1861         getting our uses of DeferGC to be right and then be careful not to regress. We're not
1862         there yet, obviously.
1863         
1864         * llint/LLIntSlowPaths.cpp:
1865         (JSC::LLInt::jitCompileAndSetHeuristics):
1866
1867 2013-10-23  Daniel Bates  <dabates@apple.com>
1868
1869         [iOS] Upstream more JavaScriptCore build configuration changes
1870         https://bugs.webkit.org/show_bug.cgi?id=123169
1871
1872         Reviewed by David Kilzer.
1873
1874         * Configurations/Base.xcconfig:
1875         * Configurations/Version.xcconfig:
1876         * Configurations/iOS.xcconfig: Added.
1877         * JavaScriptCore.xcodeproj/project.pbxproj:
1878
1879 2013-10-23  Daniel Bates  <dabates@apple.com>
1880
1881         [iOS] Export DefaultGCActivityCallback member functions
1882         https://bugs.webkit.org/show_bug.cgi?id=123175
1883
1884         Reviewed by David Kilzer.
1885
1886         * runtime/GCActivityCallback.h:
1887
1888 2013-10-23  Daniel Bates  <dabates@apple.com>
1889
1890         [iOS] Upstream more ARMv7s bits
1891         https://bugs.webkit.org/show_bug.cgi?id=123052
1892
1893         Reviewed by Joseph Pecoraro.
1894
1895         * Configurations/JavaScriptCore.xcconfig:
1896
1897 2013-10-22  Andreas Kling  <akling@apple.com>
1898
1899         Minor VM* -> VM& cleanups in HashTable and Keywords.
1900         <https://webkit.org/b/123183>
1901
1902         Turn some VM* variables that will never be null into VM&.
1903
1904         Reviewed by Geoffrey Garen.
1905
1906 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
1907
1908         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
1909         https://bugs.webkit.org/show_bug.cgi?id=123179
1910
1911         Reviewed by Mark Hahnenberg.
1912
1913         * parser/NodeConstructors.h:
1914         (JSC::LogicalOpNode::LogicalOpNode):
1915         * parser/ResultType.h:
1916         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
1917         This is JavaScript (aka Sparta).
1918
1919 2013-10-22  Commit Queue  <commit-queue@webkit.org>
1920
1921         Unreviewed, rolling out r157819.
1922         http://trac.webkit.org/changeset/157819
1923         https://bugs.webkit.org/show_bug.cgi?id=123180
1924
1925         Broke 32-bit builds (Requested by smfr on #webkit).
1926
1927         * Configurations/JavaScriptCore.xcconfig:
1928         * Configurations/ToolExecutable.xcconfig:
1929
1930 2013-10-22  Daniel Bates  <dabates@apple.com>
1931
1932         [iOS] Upstream more ARMv7s bits
1933         https://bugs.webkit.org/show_bug.cgi?id=123052
1934
1935         Reviewed by Joseph Pecoraro.
1936
1937         * Configurations/JavaScriptCore.xcconfig:
1938         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
1939         modifying a file in JavaScriptCore/Configurations.
1940
1941 2013-10-22  Daniel Bates  <dabates@apple.com>
1942
1943         [iOS] Upstream JSLock changes
1944         https://bugs.webkit.org/show_bug.cgi?id=123107
1945
1946         Reviewed by Geoffrey Garen.
1947
1948         * runtime/JSLock.cpp:
1949         (JSC::JSLock::unlock):
1950         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
1951         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
1952         use pre-increment instead of post-increment when we're not using the return value of the instruction.
1953         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
1954         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
1955         since we don't use the return value of such instructions.
1956         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
1957         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
1958         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
1959         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
1960         the argument is sufficiently descriptive of its purpose.
1961
1962 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
1963
1964         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
1965         https://bugs.webkit.org/show_bug.cgi?id=123166
1966
1967         Reviewed by Michael Saboff.
1968
1969         * jit/CCallHelpers.h:
1970         (JSC::CCallHelpers::setupArgumentsWithExecState):
1971
1972 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
1973
1974         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
1975         https://bugs.webkit.org/show_bug.cgi?id=123165
1976
1977         Reviewed by Michael Saboff.
1978
1979         * jit/JITInlines.h:
1980         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
1981         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
1982         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
1983         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
1984
1985 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
1986
1987         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
1988         https://bugs.webkit.org/show_bug.cgi?id=123092
1989
1990         Reviewed by Michael Saboff.
1991
1992         Impacted architectures are SH4 and ARM_TRADITIONAL.
1993
1994         * assembler/ARMAssembler.h:
1995         (JSC::ARMAssembler::buffer):
1996         * assembler/AssemblerBufferWithConstantPool.h:
1997         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
1998         * assembler/LinkBuffer.cpp:
1999         (JSC::LinkBuffer::linkCode):
2000         * assembler/SH4Assembler.h:
2001         (JSC::SH4Assembler::buffer):
2002
2003 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
2004
2005         Remove unused stuff in JIT stubs.
2006         https://bugs.webkit.org/show_bug.cgi?id=123155
2007
2008         Reviewed by Michael Saboff.
2009
2010         * jit/JITStubs.h:
2011         * jit/JITStubsARM.h:
2012         (JSC::ctiTrampoline):
2013         * jit/JITStubsARM64.h:
2014         * jit/JITStubsARMv7.h:
2015         * jit/JITStubsMIPS.h:
2016         * jit/JITStubsSH4.h:
2017         * jit/JITStubsX86.h:
2018         * jit/JITStubsX86_64.h:
2019
2020 2013-10-22  Daniel Bates  <dabates@apple.com>
2021
2022         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
2023         https://bugs.webkit.org/show_bug.cgi?id=123115
2024         <rdar://problem/13696872>
2025
2026         Reviewed by Andy Estes.
2027
2028         Based on a patch by Mark Hahnenberg.
2029
2030         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
2031
2032         * API/JSBase.cpp:
2033
2034 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
2035
2036         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
2037         https://bugs.webkit.org/show_bug.cgi?id=123157
2038
2039         Reviewed by Andreas Kling.
2040
2041         * assembler/SH4Assembler.h:
2042         (JSC::SH4Assembler::lastRegister):
2043         (JSC::SH4Assembler::firstFPRegister):
2044         (JSC::SH4Assembler::lastFPRegister):
2045
2046 2013-10-22  Brian Holt  <brian.holt@samsung.com>
2047
2048         Build break on ARMv7 after r157209
2049         https://bugs.webkit.org/show_bug.cgi?id=122890
2050
2051         Reviewed by Csaba Osztrogon√°c.
2052
2053         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
2054
2055         * assembler/ARMAssembler.h:
2056         * assembler/MacroAssemblerARM.h:
2057         (JSC::MacroAssemblerARM::firstRegister):
2058         (JSC::MacroAssemblerARM::lastRegister):
2059         (JSC::MacroAssemblerARM::firstFPRegister):
2060         (JSC::MacroAssemblerARM::lastFPRegister):
2061
2062 2013-10-21  Daniel Bates  <dabates@apple.com>
2063
2064         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
2065         https://bugs.webkit.org/show_bug.cgi?id=123045
2066
2067         Reviewed by Joseph Pecoraro.
2068
2069         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
2070         to global method table.
2071         * runtime/JSGlobalObject.cpp: Ditto.
2072         * runtime/JSGlobalObject.h:
2073         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
2074
2075 2013-10-21  Daniel Bates  <dabates@apple.com>
2076
2077         [iOS] Upstream JSC Objective-C API compiler warning fixes
2078         https://bugs.webkit.org/show_bug.cgi?id=123125
2079
2080         Reviewed by Mark Hahnenberg.
2081
2082         Based on a patch by Mark Hahnenberg.
2083
2084         * API/JSValue.mm:
2085         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
2086         (-[JSValue toSize]): Ditto.
2087         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
2088
2089 2013-10-21  Daniel Bates  <dabates@apple.com>
2090
2091         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
2092         available since iOS 7.0
2093         https://bugs.webkit.org/show_bug.cgi?id=123122
2094
2095         Reviewed by Dan Bernstein.
2096
2097         * API/JSContext.h:
2098         * API/JSManagedValue.h:
2099         * API/JSValue.h:
2100         * API/JSVirtualMachine.h:
2101
2102 2013-10-20  Mark Lam  <mark.lam@apple.com>
2103
2104         Avoid JSC debugger overhead unless needed.
2105         https://bugs.webkit.org/show_bug.cgi?id=123084.
2106
2107         Reviewed by Geoffrey Garen.
2108
2109         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
2110         - If no break on exception is set, we also avoid exception event debug callbacks.
2111         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
2112           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
2113           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
2114           returning, the ScriptDebugServer will clear its m_currentCallFrame if
2115           needsOpDebugCallbacks() is false.
2116
2117         * debugger/Debugger.cpp:
2118         (JSC::Debugger::Debugger):
2119         (JSC::Debugger::setNeedsExceptionCallbacks):
2120         (JSC::Debugger::setShouldPause):
2121         (JSC::Debugger::updateNumberOfBreakpoints):
2122         (JSC::Debugger::updateNeedForOpDebugCallbacks):
2123         * debugger/Debugger.h:
2124         * interpreter/Interpreter.cpp:
2125         (JSC::Interpreter::unwind):
2126         (JSC::Interpreter::debug):
2127         * jit/JITOpcodes.cpp:
2128         (JSC::JIT::emit_op_debug):
2129         * jit/JITOpcodes32_64.cpp:
2130         (JSC::JIT::emit_op_debug):
2131         * llint/LLIntOffsetsExtractor.cpp:
2132         * llint/LowLevelInterpreter.asm:
2133
2134 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
2135
2136         [WIN] Unreviewed build correction.
2137
2138         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
2139           sources, not header files.
2140         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
2141
2142 2013-10-21  Oliver Hunt  <oliver@apple.com>
2143
2144         Support computed property names in object literals
2145         https://bugs.webkit.org/show_bug.cgi?id=123112
2146
2147         Reviewed by Michael Saboff.
2148
2149         Add support for computed property names to the parser.
2150
2151         * bytecompiler/NodesCodegen.cpp:
2152         (JSC::PropertyListNode::emitBytecode):
2153         * parser/ASTBuilder.h:
2154         (JSC::ASTBuilder::createProperty):
2155         (JSC::ASTBuilder::getName):
2156         * parser/NodeConstructors.h:
2157         (JSC::PropertyNode::PropertyNode):
2158         * parser/Nodes.h:
2159         (JSC::PropertyNode::expressionName):
2160         (JSC::PropertyNode::name):
2161         * parser/Parser.cpp:
2162         (JSC::::parseProperty):
2163         (JSC::::parseStrictObjectLiteral):
2164         * parser/SyntaxChecker.h:
2165         (JSC::SyntaxChecker::Property::Property):
2166         (JSC::SyntaxChecker::createProperty):
2167         (JSC::SyntaxChecker::operatorStackPop):
2168
2169 2013-10-21  Michael Saboff  <msaboff@apple.com>
2170
2171         Add option so that JSC will crash if it can't allocate executable memory for the JITs
2172         https://bugs.webkit.org/show_bug.cgi?id=123048
2173         <rdar://problem/12856193>
2174
2175         Reviewed by Geoffrey Garen.
2176
2177         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
2178         when checking the validity of the executable allocator. The default value for this option is
2179         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
2180         the app can obtain executable memory.
2181
2182         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
2183         (main):
2184         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
2185         * runtime/VM.cpp:
2186         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
2187         is enabled.
2188
2189 2013-10-21  Nadav Rotem  <nrotem@apple.com>
2190
2191         Remove AllInOneFile.cpp
2192         https://bugs.webkit.org/show_bug.cgi?id=123055
2193
2194         Reviewed by Csaba Osztrogon√°c.
2195
2196         * AllInOneFile.cpp: Removed.
2197
2198 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
2199
2200         Unreviewed, cleanup a FIXME comment.
2201
2202         * jit/Repatch.cpp:
2203
2204 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
2205
2206         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
2207         https://bugs.webkit.org/show_bug.cgi?id=123076
2208
2209         Reviewed by Sam Weinig.
2210         
2211         Start preparing for a world in which we are patching code generated by LLVM, which may have
2212         very different register usage conventions than our JITs. This requires us being more explicit
2213         about the registers we are using. For example, the repatching code shouldn't take for granted
2214         that tagMaskRegister holds the TagMask or that the register is even in use.
2215
2216         * CMakeLists.txt:
2217         * GNUmakefile.list.am:
2218         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2219         * JavaScriptCore.xcodeproj/project.pbxproj:
2220         * assembler/MacroAssembler.h:
2221         (JSC::MacroAssembler::numberOfRegisters):
2222         (JSC::MacroAssembler::registerIndex):
2223         (JSC::MacroAssembler::numberOfFPRegisters):
2224         (JSC::MacroAssembler::fpRegisterIndex):
2225         (JSC::MacroAssembler::totalNumberOfRegisters):
2226         * bytecode/StructureStubInfo.h:
2227         * dfg/DFGSpeculativeJIT.cpp:
2228         (JSC::DFG::SpeculativeJIT::usedRegisters):
2229         * dfg/DFGSpeculativeJIT.h:
2230         * ftl/FTLSaveRestore.cpp:
2231         (JSC::FTL::bytesForGPRs):
2232         (JSC::FTL::bytesForFPRs):
2233         (JSC::FTL::offsetOfGPR):
2234         (JSC::FTL::offsetOfFPR):
2235         * jit/JITInlineCacheGenerator.cpp:
2236         (JSC::JITByIdGenerator::JITByIdGenerator):
2237         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
2238         * jit/JITInlineCacheGenerator.h:
2239         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
2240         * jit/JITPropertyAccess.cpp:
2241         (JSC::JIT::emit_op_get_by_id):
2242         (JSC::JIT::emit_op_put_by_id):
2243         * jit/JITPropertyAccess32_64.cpp:
2244         (JSC::JIT::emit_op_get_by_id):
2245         (JSC::JIT::emit_op_put_by_id):
2246         * jit/RegisterSet.cpp: Added.
2247         (JSC::RegisterSet::specialRegisters):
2248         * jit/RegisterSet.h: Added.
2249         (JSC::RegisterSet::RegisterSet):
2250         (JSC::RegisterSet::set):
2251         (JSC::RegisterSet::clear):
2252         (JSC::RegisterSet::get):
2253         (JSC::RegisterSet::merge):
2254         * jit/Repatch.cpp:
2255         (JSC::generateProtoChainAccessStub):
2256         (JSC::tryCacheGetByID):
2257         (JSC::tryBuildGetByIDList):
2258         (JSC::emitPutReplaceStub):
2259         (JSC::tryRepatchIn):
2260         (JSC::linkClosureCall):
2261         * jit/TempRegisterSet.cpp: Added.
2262         (JSC::TempRegisterSet::TempRegisterSet):
2263         * jit/TempRegisterSet.h:
2264
2265 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
2266
2267         [sh4] Fix build (broken since r157690).
2268         https://bugs.webkit.org/show_bug.cgi?id=123081
2269
2270         Reviewed by Andreas Kling.
2271
2272         * assembler/AssemblerBufferWithConstantPool.h:
2273         * assembler/SH4Assembler.h:
2274         (JSC::SH4Assembler::buffer):
2275         (JSC::SH4Assembler::readCallTarget):
2276
2277 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
2278
2279         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
2280         https://bugs.webkit.org/show_bug.cgi?id=123079
2281
2282         Reviewed by Geoffrey Garen.
2283
2284         * jit/TempRegisterSet.h:
2285
2286 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
2287
2288         Rename RegisterSet to TempRegisterSet
2289         https://bugs.webkit.org/show_bug.cgi?id=123077
2290
2291         Reviewed by Dan Bernstein.
2292
2293         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2294         * JavaScriptCore.xcodeproj/project.pbxproj:
2295         * bytecode/StructureStubInfo.h:
2296         * dfg/DFGJITCompiler.h:
2297         * dfg/DFGSpeculativeJIT.h:
2298         (JSC::DFG::SpeculativeJIT::usedRegisters):
2299         * jit/JITInlineCacheGenerator.cpp:
2300         (JSC::JITByIdGenerator::JITByIdGenerator):
2301         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
2302         * jit/JITInlineCacheGenerator.h:
2303         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
2304         * jit/JITPropertyAccess.cpp:
2305         (JSC::JIT::emit_op_get_by_id):
2306         (JSC::JIT::emit_op_put_by_id):
2307         * jit/JITPropertyAccess32_64.cpp:
2308         (JSC::JIT::emit_op_get_by_id):
2309         (JSC::JIT::emit_op_put_by_id):
2310         * jit/RegisterSet.h: Removed.
2311         * jit/ScratchRegisterAllocator.h:
2312         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
2313         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
2314         (JSC::TempRegisterSet::TempRegisterSet):
2315         (JSC::TempRegisterSet::asPOD):
2316         (JSC::TempRegisterSet::copyInfo):
2317
2318 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
2319
2320         Restructure LinkBuffer to allow for alternate allocation strategies
2321         https://bugs.webkit.org/show_bug.cgi?id=123071
2322
2323         Reviewed by Oliver Hunt.
2324         
2325         The idea is to eventually allow a LinkBuffer to place the code into an already
2326         allocated region of memory.  That region of memory could be the nop-slide left behind
2327         by a llvm.webkit.patchpoint.
2328
2329         * assembler/ARM64Assembler.h:
2330         (JSC::ARM64Assembler::buffer):
2331         * assembler/AssemblerBuffer.h:
2332         * assembler/LinkBuffer.cpp:
2333         (JSC::LinkBuffer::copyCompactAndLinkCode):
2334         (JSC::LinkBuffer::linkCode):
2335         (JSC::LinkBuffer::allocate):
2336         (JSC::LinkBuffer::shrink):
2337         * assembler/LinkBuffer.h:
2338         (JSC::LinkBuffer::LinkBuffer):
2339         (JSC::LinkBuffer::didFailToAllocate):
2340         * assembler/X86Assembler.h:
2341         (JSC::X86Assembler::buffer):
2342         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
2343
2344 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
2345
2346         Some includes in JSC seem to use an incorrect style
2347         https://bugs.webkit.org/show_bug.cgi?id=123057
2348
2349         Reviewed by Geoffrey Garen.
2350
2351         Changed pseudo-system includes to user ones.
2352
2353         * API/JSContextRef.cpp:
2354         * API/JSStringRefCF.cpp:
2355         * API/JSValueRef.cpp:
2356         * API/OpaqueJSString.cpp:
2357         * jit/JIT.h:
2358         * parser/SyntaxChecker.h:
2359         * runtime/WeakGCMap.h:
2360
2361 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
2362
2363         Baseline JIT and DFG IC code generation should be unified and rationalized
2364         https://bugs.webkit.org/show_bug.cgi?id=122939
2365
2366         Reviewed by Geoffrey Garen.
2367         
2368         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
2369         some register info and creates JIT inline caches for you. Used this to even furhter
2370         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
2371         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
2372         that it needs to do the equivalent of get_by_id, so with this generator it will be able
2373         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
2374
2375         * CMakeLists.txt:
2376         * GNUmakefile.list.am:
2377         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2378         * JavaScriptCore.xcodeproj/project.pbxproj:
2379         * assembler/AbstractMacroAssembler.h:
2380         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
2381         * bytecode/CodeBlock.h:
2382         (JSC::CodeBlock::ecmaMode):
2383         * dfg/DFGInlineCacheWrapper.h: Added.
2384         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
2385         * dfg/DFGInlineCacheWrapperInlines.h: Added.
2386         (JSC::DFG::::finalize):
2387         * dfg/DFGJITCompiler.cpp:
2388         (JSC::DFG::JITCompiler::link):
2389         * dfg/DFGJITCompiler.h:
2390         (JSC::DFG::JITCompiler::addGetById):
2391         (JSC::DFG::JITCompiler::addPutById):
2392         * dfg/DFGSpeculativeJIT32_64.cpp:
2393         (JSC::DFG::SpeculativeJIT::cachedGetById):
2394         (JSC::DFG::SpeculativeJIT::cachedPutById):
2395         * dfg/DFGSpeculativeJIT64.cpp:
2396         (JSC::DFG::SpeculativeJIT::cachedGetById):
2397         (JSC::DFG::SpeculativeJIT::cachedPutById):
2398         (JSC::DFG::SpeculativeJIT::compile):
2399         * jit/AssemblyHelpers.h:
2400         (JSC::AssemblyHelpers::isStrictModeFor):
2401         (JSC::AssemblyHelpers::strictModeFor):
2402         * jit/GPRInfo.h:
2403         (JSC::JSValueRegs::tagGPR):
2404         * jit/JIT.cpp:
2405         (JSC::JIT::JIT):
2406         (JSC::JIT::privateCompileSlowCases):
2407         (JSC::JIT::privateCompile):
2408         * jit/JIT.h:
2409         * jit/JITInlineCacheGenerator.cpp: Added.
2410         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
2411         (JSC::JITByIdGenerator::JITByIdGenerator):
2412         (JSC::JITByIdGenerator::finalize):
2413         (JSC::JITByIdGenerator::generateFastPathChecks):
2414         (JSC::JITGetByIdGenerator::generateFastPath):
2415         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
2416         (JSC::JITPutByIdGenerator::generateFastPath):
2417         (JSC::JITPutByIdGenerator::slowPathFunction):
2418         * jit/JITInlineCacheGenerator.h: Added.
2419         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
2420         (JSC::JITInlineCacheGenerator::stubInfo):
2421         (JSC::JITByIdGenerator::JITByIdGenerator):
2422         (JSC::JITByIdGenerator::reportSlowPathCall):
2423         (JSC::JITByIdGenerator::slowPathJump):
2424         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
2425         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
2426         * jit/JITPropertyAccess.cpp:
2427         (JSC::JIT::emit_op_get_by_id):
2428         (JSC::JIT::emitSlow_op_get_by_id):
2429         (JSC::JIT::emit_op_put_by_id):
2430         (JSC::JIT::emitSlow_op_put_by_id):
2431         * jit/JITPropertyAccess32_64.cpp:
2432         (JSC::JIT::emit_op_get_by_id):
2433         (JSC::JIT::emitSlow_op_get_by_id):
2434         (JSC::JIT::emit_op_put_by_id):
2435         (JSC::JIT::emitSlow_op_put_by_id):
2436         * jit/RegisterSet.h:
2437         (JSC::RegisterSet::set):
2438
2439 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
2440
2441         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
2442         https://bugs.webkit.org/show_bug.cgi?id=123067
2443
2444         Reviewed by Geoffrey Garen.
2445
2446         * API/APICast.h: Include it.
2447
2448 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
2449
2450         FTL::Location should treat the offset as an addend in the case of a Register location
2451         https://bugs.webkit.org/show_bug.cgi?id=123062
2452
2453         Reviewed by Sam Weinig.
2454
2455         * ftl/FTLLocation.cpp:
2456         (JSC::FTL::Location::forStackmaps):
2457         (JSC::FTL::Location::dump):
2458         (JSC::FTL::Location::restoreInto):
2459         * ftl/FTLLocation.h:
2460         (JSC::FTL::Location::forRegister):
2461         (JSC::FTL::Location::hasAddend):
2462         (JSC::FTL::Location::addend):
2463
2464 2013-10-19  Nadav Rotem  <nrotem@apple.com>
2465
2466         DFG dominators: document and rename stuff.
2467         https://bugs.webkit.org/show_bug.cgi?id=123056
2468
2469         Reviewed by Filip Pizlo.
2470
2471         Documented the code and renamed some variables.
2472
2473         * dfg/DFGDominators.cpp:
2474         (JSC::DFG::Dominators::compute):
2475         (JSC::DFG::Dominators::pruneDominators):
2476         * dfg/DFGDominators.h:
2477
2478 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
2479
2480         Fix build failure for architectures with 4 argument registers.
2481         https://bugs.webkit.org/show_bug.cgi?id=123060
2482
2483         Reviewed by Michael Saboff.
2484
2485         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
2486         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
2487
2488         * dfg/DFGSpeculativeJIT.h:
2489         (JSC::DFG::SpeculativeJIT::callOperation):
2490         * jit/CCallHelpers.h:
2491         (JSC::CCallHelpers::setupArgumentsWithExecState):
2492         * jit/JITInlines.h:
2493         (JSC::JIT::callOperation):
2494
2495 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
2496
2497         Unreviewed, fix FTL build.
2498
2499         * ftl/FTLIntrinsicRepository.h:
2500         * ftl/FTLLowerDFGToLLVM.cpp:
2501         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2502
2503 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
2504
2505         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
2506         https://bugs.webkit.org/show_bug.cgi?id=122940
2507
2508         Reviewed by Oliver Hunt.
2509         
2510         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
2511         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
2512         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
2513         StructureStubInfo's. It removes some of the need for the compile-time property access
2514         records; for example the DFG no longer has to save information about registers in a
2515         property access record only to later save it to the stub info.
2516         
2517         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
2518         at any stage of compilation.
2519
2520         * bytecode/CodeBlock.cpp:
2521         (JSC::CodeBlock::printGetByIdCacheStatus):
2522         (JSC::CodeBlock::dumpBytecode):
2523         (JSC::CodeBlock::~CodeBlock):
2524         (JSC::CodeBlock::propagateTransitions):
2525         (JSC::CodeBlock::finalizeUnconditionally):
2526         (JSC::CodeBlock::addStubInfo):
2527         (JSC::CodeBlock::getStubInfoMap):
2528         (JSC::CodeBlock::shrinkToFit):
2529         * bytecode/CodeBlock.h:
2530         (JSC::CodeBlock::begin):
2531         (JSC::CodeBlock::end):
2532         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
2533         * bytecode/CodeOrigin.h:
2534         (JSC::CodeOrigin::CodeOrigin):
2535         (JSC::CodeOrigin::isHashTableDeletedValue):
2536         (JSC::CodeOrigin::hash):
2537         (JSC::CodeOriginHash::hash):
2538         (JSC::CodeOriginHash::equal):
2539         * bytecode/GetByIdStatus.cpp:
2540         (JSC::GetByIdStatus::computeFor):
2541         * bytecode/GetByIdStatus.h:
2542         * bytecode/PutByIdStatus.cpp:
2543         (JSC::PutByIdStatus::computeFor):
2544         * bytecode/PutByIdStatus.h:
2545         * bytecode/StructureStubInfo.h:
2546         (JSC::getStructureStubInfoCodeOrigin):
2547         * dfg/DFGByteCodeParser.cpp:
2548         (JSC::DFG::ByteCodeParser::parseBlock):
2549         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2550         * dfg/DFGJITCompiler.cpp:
2551         (JSC::DFG::JITCompiler::link):
2552         * dfg/DFGJITCompiler.h:
2553         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
2554         (JSC::DFG::InRecord::InRecord):
2555         * dfg/DFGSpeculativeJIT.cpp:
2556         (JSC::DFG::SpeculativeJIT::compileIn):
2557         * dfg/DFGSpeculativeJIT.h:
2558         (JSC::DFG::SpeculativeJIT::callOperation):
2559         * dfg/DFGSpeculativeJIT32_64.cpp:
2560         (JSC::DFG::SpeculativeJIT::cachedGetById):
2561         (JSC::DFG::SpeculativeJIT::cachedPutById):
2562         * dfg/DFGSpeculativeJIT64.cpp:
2563         (JSC::DFG::SpeculativeJIT::cachedGetById):
2564         (JSC::DFG::SpeculativeJIT::cachedPutById):
2565         * jit/CCallHelpers.h:
2566         (JSC::CCallHelpers::setupArgumentsWithExecState):
2567         * jit/JIT.cpp:
2568         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2569         (JSC::JIT::privateCompile):
2570         * jit/JIT.h:
2571         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2572         * jit/JITInlines.h:
2573         (JSC::JIT::callOperation):
2574         * jit/JITOperations.cpp:
2575         * jit/JITOperations.h:
2576         * jit/JITPropertyAccess.cpp:
2577         (JSC::JIT::emitSlow_op_get_by_id):
2578         (JSC::JIT::emitSlow_op_put_by_id):
2579         * jit/JITPropertyAccess32_64.cpp:
2580         (JSC::JIT::emitSlow_op_get_by_id):
2581         (JSC::JIT::emitSlow_op_put_by_id):
2582         * jit/Repatch.cpp:
2583         (JSC::appropriateGenericPutByIdFunction):
2584         (JSC::appropriateListBuildingPutByIdFunction):
2585         (JSC::resetPutByID):
2586
2587 2013-10-18  Oliver Hunt  <oliver@apple.com>
2588
2589         Spread operator should be performing direct "puts" and not triggering setters
2590         https://bugs.webkit.org/show_bug.cgi?id=123047
2591
2592         Reviewed by Geoffrey Garen.
2593
2594         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
2595         to array construct.  This required a new PutByValDirect node to be introduced to
2596         the DFG.  The current implementation simply changes the slow path function that
2597         is called, but in future this could be made faster as it does not need to check
2598         the prototype chain.
2599
2600         * bytecode/CodeBlock.cpp:
2601         (JSC::CodeBlock::dumpBytecode):
2602         (JSC::CodeBlock::CodeBlock):
2603         * bytecode/Opcode.h:
2604         (JSC::padOpcodeName):
2605         * bytecompiler/BytecodeGenerator.cpp:
2606         (JSC::BytecodeGenerator::emitDirectPutByVal):
2607         * bytecompiler/BytecodeGenerator.h:
2608         * bytecompiler/NodesCodegen.cpp:
2609         (JSC::ArrayNode::emitBytecode):
2610         * dfg/DFGAbstractInterpreterInlines.h:
2611         (JSC::DFG::::executeEffects):
2612         * dfg/DFGBackwardsPropagationPhase.cpp:
2613         (JSC::DFG::BackwardsPropagationPhase::propagate):
2614         * dfg/DFGByteCodeParser.cpp:
2615         (JSC::DFG::ByteCodeParser::parseBlock):
2616         * dfg/DFGCSEPhase.cpp:
2617         (JSC::DFG::CSEPhase::getArrayLengthElimination):
2618         (JSC::DFG::CSEPhase::getByValLoadElimination):
2619         (JSC::DFG::CSEPhase::checkStructureElimination):
2620         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
2621         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2622         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
2623         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2624         (JSC::DFG::CSEPhase::performNodeCSE):
2625         * dfg/DFGCapabilities.cpp:
2626         (JSC::DFG::capabilityLevel):
2627         * dfg/DFGClobberize.h:
2628         (JSC::DFG::clobberize):
2629         * dfg/DFGFixupPhase.cpp:
2630         (JSC::DFG::FixupPhase::fixupNode):
2631         * dfg/DFGGraph.h:
2632         (JSC::DFG::Graph::clobbersWorld):
2633         * dfg/DFGNode.h:
2634         (JSC::DFG::Node::hasArrayMode):
2635         * dfg/DFGNodeType.h:
2636         * dfg/DFGOperations.cpp:
2637         (JSC::DFG::putByVal):
2638         (JSC::DFG::operationPutByValInternal):
2639         * dfg/DFGOperations.h:
2640         * dfg/DFGPredictionPropagationPhase.cpp:
2641         (JSC::DFG::PredictionPropagationPhase::propagate):
2642         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2643         * dfg/DFGSafeToExecute.h:
2644         (JSC::DFG::safeToExecute):
2645         * dfg/DFGSpeculativeJIT32_64.cpp:
2646         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
2647         (JSC::DFG::SpeculativeJIT::compile):
2648         * dfg/DFGSpeculativeJIT64.cpp:
2649         (JSC::DFG::SpeculativeJIT::compile):
2650         * dfg/DFGTypeCheckHoistingPhase.cpp:
2651         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
2652         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
2653         * jit/JIT.cpp:
2654         (JSC::JIT::privateCompileMainPass):
2655         (JSC::JIT::privateCompileSlowCases):
2656         * jit/JIT.h:
2657         (JSC::JIT::compileDirectPutByVal):
2658         * jit/JITOperations.cpp:
2659         * jit/JITOperations.h:
2660         * jit/JITPropertyAccess.cpp:
2661         (JSC::JIT::emitSlow_op_put_by_val):
2662         (JSC::JIT::privateCompilePutByVal):
2663         * jit/JITPropertyAccess32_64.cpp:
2664         (JSC::JIT::emitSlow_op_put_by_val):
2665         * llint/LLIntSlowPaths.cpp:
2666         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2667         * llint/LLIntSlowPaths.h:
2668         * llint/LowLevelInterpreter32_64.asm:
2669         * llint/LowLevelInterpreter64.asm:
2670
2671 2013-10-18  Daniel Bates  <dabates@apple.com>
2672
2673         [iOS] Export symbol for VM::sharedInstanceExists()
2674         https://bugs.webkit.org/show_bug.cgi?id=123046
2675
2676         Reviewed by Mark Hahnenberg.
2677
2678         * runtime/VM.h:
2679
2680 2013-10-18  Daniel Bates  <dabates@apple.com>
2681
2682         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
2683         https://bugs.webkit.org/show_bug.cgi?id=123049
2684
2685         Reviewed by Mark Hahnenberg.
2686
2687         * heap/Heap.cpp:
2688         (JSC::Heap::setIncrementalSweeper):
2689         * heap/Heap.h:
2690         * heap/HeapTimer.h:
2691         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
2692         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
2693         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
2694         (duplicates the include in the .cpp).
2695         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
2696         making use of this now, but we'll make use of it in a subsequent patch.
2697
2698 2013-10-18  Anders Carlsson  <andersca@apple.com>
2699
2700         Remove spaces between template angle brackets
2701         https://bugs.webkit.org/show_bug.cgi?id=123040
2702
2703         Reviewed by Andreas Kling.
2704
2705         * API/JSCallbackObject.cpp:
2706         (JSC::::create):
2707         * API/JSObjectRef.cpp:
2708         * bytecode/CodeBlock.h:
2709         (JSC::CodeBlock::constants):
2710         (JSC::CodeBlock::setConstantRegisters):
2711         * bytecode/DFGExitProfile.h:
2712         * bytecode/EvalCodeCache.h:
2713         * bytecode/Operands.h:
2714         * bytecode/UnlinkedCodeBlock.h:
2715         (JSC::UnlinkedCodeBlock::constantRegisters):
2716         * bytecode/Watchpoint.h:
2717         * bytecompiler/BytecodeGenerator.h:
2718         * bytecompiler/StaticPropertyAnalysis.h:
2719         * bytecompiler/StaticPropertyAnalyzer.h:
2720         * dfg/DFGArgumentsSimplificationPhase.cpp:
2721         * dfg/DFGBlockInsertionSet.h:
2722         * dfg/DFGCSEPhase.cpp:
2723         (JSC::DFG::performCSE):
2724         (JSC::DFG::performStoreElimination):
2725         * dfg/DFGCommonData.h:
2726         * dfg/DFGDesiredStructureChains.h:
2727         * dfg/DFGDesiredWatchpoints.h:
2728         * dfg/DFGJITCompiler.h:
2729         * dfg/DFGOSRExitCompiler32_64.cpp:
2730         (JSC::DFG::OSRExitCompiler::compileExit):
2731         * dfg/DFGOSRExitCompiler64.cpp:
2732         (JSC::DFG::OSRExitCompiler::compileExit):
2733         * dfg/DFGWorklist.h:
2734         * heap/BlockAllocator.h:
2735         (JSC::CopiedBlock):
2736         (JSC::MarkedBlock):
2737         (JSC::WeakBlock):
2738         (JSC::MarkStackSegment):
2739         (JSC::CopyWorkListSegment):
2740         (JSC::HandleBlock):
2741         * heap/Heap.h:
2742         * heap/Local.h:
2743         * heap/MarkedBlock.h:
2744         * heap/Strong.h:
2745         * jit/AssemblyHelpers.cpp:
2746         (JSC::AssemblyHelpers::decodedCodeMapFor):
2747         * jit/AssemblyHelpers.h:
2748         * jit/SpecializedThunkJIT.h:
2749         * parser/Nodes.h:
2750         * parser/Parser.cpp:
2751         (JSC::::parseIfStatement):
2752         * parser/Parser.h:
2753         (JSC::Scope::copyCapturedVariablesToVector):
2754         (JSC::parse):
2755         * parser/ParserArena.h:
2756         * parser/SourceProviderCacheItem.h:
2757         * profiler/LegacyProfiler.cpp:
2758         (JSC::dispatchFunctionToProfiles):
2759         * profiler/LegacyProfiler.h:
2760         (JSC::LegacyProfiler::currentProfiles):
2761         * profiler/ProfileNode.h:
2762         (JSC::ProfileNode::children):
2763         * profiler/ProfilerDatabase.h:
2764         * runtime/Butterfly.h:
2765         (JSC::Butterfly::contiguousInt32):
2766         (JSC::Butterfly::contiguous):
2767         * runtime/GenericTypedArrayViewInlines.h:
2768         (JSC::::create):
2769         * runtime/Identifier.h:
2770         (JSC::Identifier::add):
2771         * runtime/JSPromise.h:
2772         * runtime/PropertyMapHashTable.h:
2773         * runtime/PropertyNameArray.h:
2774         * runtime/RegExpCache.h:
2775         * runtime/SparseArrayValueMap.h:
2776         * runtime/SymbolTable.h:
2777         * runtime/VM.h:
2778         * tools/CodeProfile.cpp:
2779         (JSC::truncateTrace):
2780         * tools/CodeProfile.h:
2781         * yarr/YarrInterpreter.cpp:
2782         * yarr/YarrInterpreter.h:
2783         (JSC::Yarr::BytecodePattern::BytecodePattern):
2784         * yarr/YarrJIT.cpp:
2785         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2786         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2787         (JSC::Yarr::YarrGenerator::opCompileBody):
2788         * yarr/YarrPattern.cpp:
2789         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2790         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2791         * yarr/YarrPattern.h:
2792
2793 2013-10-18  Mark Lam  <mark.lam@apple.com>
2794
2795         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
2796         https://bugs.webkit.org/show_bug.cgi?id=123037.
2797
2798         Reviewed by Geoffrey Garen.
2799
2800         * jit/JITStubsMSVC64.asm:
2801         * jit/JITStubsX86.h:
2802         * jit/JITStubsX86_64.h:
2803
2804 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
2805
2806         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
2807         https://bugs.webkit.org/show_bug.cgi?id=121661
2808
2809         Reviewed by Mark Hahnenberg.
2810         
2811         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
2812         so I added a return-early check using isCompilationThread().
2813         
2814         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
2815         it is describing: m_offset and the property table. Most structures only have m_offset and report
2816         null for the property table. If the property table is there, it will tell you additional
2817         information and that information subsumes m_offset - but the m_offset is still there. So, when
2818         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
2819         machinery to do this.
2820         
2821         Changing the property table only happens on the main thread.
2822         
2823         Because the machinery to change the property table is so complex, especially with respect to
2824         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
2825         called at key points before and after changes to the property table or the offset.
2826
2827         Most clients of Structure who care about object layout, including the concurrent thread, will
2828         want to know m_offset and not the property table. If they want the property table, they will
2829         already be super careful. The concurrent thread has special methods for this, like
2830         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
2831         view of the property table.
2832         
2833         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
2834         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
2835         
2836         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
2837         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
2838         because we have found that it helps quickly identify situations where the property table and
2839         m_offset get out of sync - mainly because code that changes either of those things will usually
2840         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
2841         need the property table; it uses the m_offset. The concurrent JIT is correct to call
2842         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
2843         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
2844         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
2845         locks, and that same structure is having its property table modified by the main thread, we end
2846         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
2847         property table modified - instead what happens is that some downstream structure steals the
2848         property table and then starts adding things to it. The concurrent thread loads the property
2849         table before it's stolen, and hence the badness.
2850         
2851         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
2852         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
2853         and then you have a possible crash.
2854         
2855         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
2856         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
2857         it's in the concurrent JIT.
2858         
2859         * runtime/StructureInlines.h:
2860         (JSC::Structure::checkOffsetConsistency):
2861
2862 2013-10-18  Daniel Bates  <dabates@apple.com>
2863
2864         Add SPI to disable the garbage collector timer
2865         https://bugs.webkit.org/show_bug.cgi?id=122921
2866
2867         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
2868         omitted.
2869
2870         * heap/Heap.cpp:
2871         (JSC::Heap::setGarbageCollectionTimerEnabled):
2872
2873 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
2874
2875         Group 64-bit specific and 32-bit specific callOperation implementations.
2876         https://bugs.webkit.org/show_bug.cgi?id=123024
2877
2878         Reviewed by Michael Saboff.
2879
2880         This is not a big deal, but could be less confusing when reading the code.
2881
2882         * jit/JITInlines.h:
2883         (JSC::JIT::callOperation):
2884         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
2885         (JSC::JIT::callOperationNoExceptionCheck):
2886
2887 2013-10-18  Nadav Rotem  <nrotem@apple.com>
2888
2889         Fix a FlushLiveness problem.
2890         https://bugs.webkit.org/show_bug.cgi?id=122984
2891
2892         Reviewed by Filip Pizlo.
2893
2894         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2895         (JSC::DFG::FlushLivenessAnalysisPhase::process):
2896
2897 2013-10-18  Michael Saboff  <msaboff@apple.com>
2898
2899         Change native function call stubs to use JIT operations instead of ctiVMHandleException
2900         https://bugs.webkit.org/show_bug.cgi?id=122982
2901
2902         Reviewed by Geoffrey Garen.
2903
2904         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
2905         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
2906         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
2907         in the process.
2908
2909         * dfg/DFGJITCompiler.cpp:
2910         (JSC::DFG::JITCompiler::compileExceptionHandlers):
2911         * jit/CCallHelpers.h:
2912         (JSC::CCallHelpers::jumpToExceptionHandler):
2913         * jit/JIT.cpp:
2914         (JSC::JIT::privateCompileExceptionHandlers):
2915         * jit/JIT.h:
2916         * jit/JITExceptions.cpp:
2917         (JSC::genericUnwind):
2918         * jit/JITExceptions.h:
2919         * jit/JITInlines.h:
2920         (JSC::JIT::callOperationNoExceptionCheck):
2921         * jit/JITOpcodes.cpp:
2922         (JSC::JIT::emit_op_throw):
2923         * jit/JITOpcodes32_64.cpp:
2924         (JSC::JIT::privateCompileCTINativeCall):
2925         (JSC::JIT::emit_op_throw):
2926         * jit/JITOperations.cpp:
2927         * jit/JITOperations.h:
2928         * jit/JITStubs.cpp:
2929         * jit/JITStubs.h:
2930         * jit/JITStubsARM.h:
2931         * jit/JITStubsARM64.h:
2932         * jit/JITStubsARMv7.h:
2933         * jit/JITStubsMIPS.h:
2934         * jit/JITStubsMSVC64.asm:
2935         * jit/JITStubsSH4.h:
2936         * jit/JITStubsX86.h:
2937         * jit/JITStubsX86_64.h:
2938         * jit/Repatch.cpp:
2939         (JSC::tryBuildGetByIDList):
2940         * jit/SlowPathCall.h:
2941         (JSC::JITSlowPathCall::call):
2942         * jit/ThunkGenerators.cpp:
2943         (JSC::throwExceptionFromCallSlowPathGenerator):
2944         (JSC::nativeForGenerator):
2945         * runtime/VM.h:
2946         (JSC::VM::callFrameForThrowOffset):
2947         (JSC::VM::targetMachinePCForThrowOffset):
2948
2949 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
2950
2951         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
2952         https://bugs.webkit.org/show_bug.cgi?id=123023
2953
2954         Reviewed by Michael Saboff.
2955
2956         * jit/JITInlines.h:
2957         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
2958         using EABI_32BIT_DUMMY_ARG here.
2959
2960 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
2961
2962         Unreviewed, another ARM64 build fix.
2963         
2964         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
2965         on ARM64 and none of its uses are legit - they should all be using
2966         andPtr(TrustedImm32, blah) anyway.
2967
2968         * assembler/MacroAssembler.h:
2969         * assembler/MacroAssemblerARM64.h:
2970         * dfg/DFGJITCompiler.cpp:
2971         (JSC::DFG::JITCompiler::compileExceptionHandlers):
2972         * jit/JIT.cpp:
2973         (JSC::JIT::privateCompileExceptionHandlers):
2974
2975 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
2976
2977         Unreviewed, speculative ARM64 build fix.
2978         
2979         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
2980         implemented. So, you have to use TrustedImmPtr in the superclasses.
2981
2982         * assembler/MacroAssemblerARM64.h:
2983         (JSC::MacroAssemblerARM64::store8):
2984         (JSC::MacroAssemblerARM64::branchTest8):
2985
2986 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
2987
2988         Unreviewed, speculative ARM build fix.
2989         https://bugs.webkit.org/show_bug.cgi?id=122890
2990         <rdar://problem/15258624>
2991
2992         * assembler/ARM64Assembler.h:
2993         (JSC::ARM64Assembler::firstRegister):
2994         (JSC::ARM64Assembler::lastRegister):
2995         (JSC::ARM64Assembler::firstFPRegister):
2996         (JSC::ARM64Assembler::lastFPRegister):
2997         * assembler/MacroAssemblerARM64.h:
2998         * assembler/MacroAssemblerARMv7.h:
2999
3000 2013-10-17  Andreas Kling  <akling@apple.com>
3001
3002         Pass VM instead of JSGlobalObject to JSONObject constructor.
3003         <https://webkit.org/b/122999>
3004
3005         JSONObject was only use the JSGlobalObject to grab at the VM.
3006         Dodge a few loads by passing the VM directly instead.
3007
3008         Reviewed by Geoffrey Garen.
3009
3010         * runtime/JSONObject.cpp:
3011         (JSC::JSONObject::JSONObject):
3012         (JSC::JSONObject::finishCreation):
3013         * runtime/JSONObject.h:
3014         (JSC::JSONObject::create):
3015
3016 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
3017
3018         Removed the JITStackFrame struct
3019         https://bugs.webkit.org/show_bug.cgi?id=123001
3020
3021         Reviewed by Anders Carlsson.
3022
3023         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
3024         our helper functions obey the C function call ABI.
3025
3026 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
3027
3028         Removed an unused #define
3029         https://bugs.webkit.org/show_bug.cgi?id=123000
3030
3031         Reviewed by Anders Carlsson.
3032
3033         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
3034         since it is unused now. This is a step toward using the C stack.
3035
3036 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
3037
3038         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
3039         https://bugs.webkit.org/show_bug.cgi?id=122973
3040
3041         Reviewed by Michael Saboff.
3042
3043         * jit/ThunkGenerators.cpp:
3044         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
3045         so I removed it.
3046
3047         The code acted as if it needed to pass an argument to
3048         lookupExceptionHandler, and as if it passed that argument to itself
3049         through JITStackFrame. However, lookupExceptionHandler does not take
3050         an argument (other than the default ExecState argument), and the code
3051         did not initialize the thing that it thought it passed to itself!
3052
3053 2013-10-17  Alex Christensen  <achristensen@webkit.org>
3054
3055         Run JavaScriptCore tests again on Windows.
3056         https://bugs.webkit.org/show_bug.cgi?id=122787
3057
3058         Reviewed by Tim Horton.
3059
3060         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
3061         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
3062
3063 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
3064
3065         Removed restoreArgumentReference (another use of JITStackFrame)
3066         https://bugs.webkit.org/show_bug.cgi?id=122997
3067
3068         Reviewed by Oliver Hunt.
3069
3070         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
3071         toward using the C stack.
3072
3073 2013-10-17  Oliver Hunt  <oliver@apple.com>
3074
3075         Remove JITStubCall.h
3076         https://bugs.webkit.org/show_bug.cgi?id=122991
3077
3078         Reviewed by Geoff Garen.
3079
3080         Happily this is no longer used
3081
3082         * GNUmakefile.list.am:
3083         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3084         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3085         * JavaScriptCore.xcodeproj/project.pbxproj:
3086         * jit/JIT.cpp:
3087         * jit/JITArithmetic.cpp:
3088         * jit/JITArithmetic32_64.cpp:
3089         * jit/JITCall.cpp:
3090         * jit/JITCall32_64.cpp:
3091         * jit/JITOpcodes.cpp:
3092         * jit/JITOpcodes32_64.cpp:
3093         * jit/JITPropertyAccess.cpp:
3094         * jit/JITPropertyAccess32_64.cpp:
3095         * jit/JITStubCall.h: Removed.
3096
3097 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
3098
3099         Removed a use of JITSTACKFRAME_ARGS_INDEX
3100         https://bugs.webkit.org/show_bug.cgi?id=122989
3101
3102         Reviewed by Oliver Hunt.
3103
3104         * jit/JITStubCall.h: Removed an unused function. This is one step closer
3105         to using the C stack.
3106
3107 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
3108
3109         Change emit_op_catch to use another method to materialize VM
3110         https://bugs.webkit.org/show_bug.cgi?id=122977
3111
3112         Reviewed by Oliver Hunt.
3113
3114         * jit/JITOpcodes.cpp:
3115         (JSC::JIT::emit_op_catch):
3116         * jit/JITOpcodes32_64.cpp:
3117         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
3118         on JITStackFrame. It is also faster and simpler.
3119
3120 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
3121
3122         Eliminate emitGetJITStubArg() - dead code
3123         https://bugs.webkit.org/show_bug.cgi?id=122975
3124
3125         Reviewed by Anders Carlsson.
3126
3127         * jit/JIT.h:
3128         * jit/JITInlines.h: Removed unused, deprecated function.
3129
3130 2013-10-17  Mark Lam  <mark.lam@apple.com>
3131
3132         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
3133         https://bugs.webkit.org/show_bug.cgi?id=122979.
3134
3135         Reviewed by Michael Saboff.
3136
3137         * jit/JITStubs.cpp:
3138         * jit/JITStubs.h:
3139         * jit/JITStubsARM.h:
3140         * jit/JITStubsARM64.h:
3141         * jit/JITStubsARMv7.h:
3142         * jit/JITStubsMIPS.h:
3143         * jit/JITStubsSH4.h:
3144         * jit/JITStubsX86.h:
3145         * jit/JITStubsX86_64.h:
3146         * runtime/VM.cpp:
3147         (JSC::VM::VM):
3148
3149 2013-10-17  Michael Saboff  <msaboff@apple.com>
3150
3151         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
3152         https://bugs.webkit.org/show_bug.cgi?id=122974
3153
3154         Reviewed by Geoffrey Garen.
3155
3156         Eliminated unneeded storing to JITStackFrame.
3157
3158         * dfg/DFGJITCompiler.cpp:
3159         (JSC::DFG::JITCompiler::compileFunction):
3160
3161 2013-10-17  Michael Saboff  <msaboff@apple.com>
3162
3163         Transition cti_op_throw and cti_vm_throw to a JIT operation
3164         https://bugs.webkit.org/show_bug.cgi?id=122931
3165
3166         Reviewed by Filip Pizlo.
3167
3168         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
3169         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
3170         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
3171         callOperation to handle the need to provide space for structure return value.
3172
3173         * jit/JIT.h:
3174         * jit/JITInlines.h:
3175         (JSC::JIT::callOperation):
3176         * jit/JITOpcodes.cpp:
3177         (JSC::JIT::emit_op_throw):
3178         * jit/JITOpcodes32_64.cpp:
3179         (JSC::JIT::emit_op_throw):
3180         (JSC::JIT::emit_op_catch):
3181         * jit/JITOperations.cpp:
3182         * jit/JITOperations.h:
3183         * jit/JITStubs.cpp:
3184         * jit/JITStubs.h:
3185         * jit/JITStubsARM.h:
3186         * jit/JITStubsARM64.h:
3187         * jit/JITStubsARMv7.h:
3188         * jit/JITStubsMIPS.h:
3189         * jit/JITStubsMSVC64.asm:
3190         * jit/JITStubsSH4.h:
3191         * jit/JITStubsX86.h:
3192         * jit/JITStubsX86_64.h:
3193         * jit/JSInterfaceJIT.h:
3194
3195 2013-10-17  Mark Lam  <mark.lam@apple.com>
3196
3197         Remove JITStackFrame references in the C Loop LLINT.
3198         https://bugs.webkit.org/show_bug.cgi?id=122950.
3199
3200         Reviewed by Michael Saboff.
3201
3202         * jit/JITStubs.h:
3203         * llint/LowLevelInterpreter.cpp:
3204         (JSC::CLoop::execute):
3205         * offlineasm/cloop.rb:
3206
3207 2013-10-17  Mark Lam  <mark.lam@apple.com>
3208
3209         Remove JITStackFrame references in JIT probes.
3210         https://bugs.webkit.org/show_bug.cgi?id=122947.
3211
3212         Reviewed by Michael Saboff.
3213
3214         * assembler/MacroAssemblerARM.cpp:
3215         (JSC::MacroAssemblerARM::ProbeContext::dump):
3216         * assembler/MacroAssemblerARM.h:
3217         * assembler/MacroAssemblerARMv7.cpp:
3218         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
3219         * assembler/MacroAssemblerARMv7.h:
3220         * assembler/MacroAssemblerX86Common.cpp:
3221         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
3222         * assembler/MacroAssemblerX86Common.h:
3223         * jit/JITStubsARM.h:
3224         * jit/JITStubsARMv7.h:
3225         * jit/JITStubsX86.h:
3226         * jit/JITStubsX86Common.h:
3227         * jit/JITStubsX86_64.h:
3228
3229 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
3230
3231         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
3232         https://bugs.webkit.org/show_bug.cgi?id=122949
3233
3234         Reviewed by Andreas Kling.
3235
3236         * jit/CCallHelpers.h:
3237         (JSC::CCallHelpers::setupArgumentsWithExecState):
3238
3239 2013-10-16  Mark Lam  <mark.lam@apple.com>
3240
3241         Transition remaining op_get* JITStubs to JIT operations.
3242         https://bugs.webkit.org/show_bug.cgi?id=122925.
3243
3244         Reviewed by Geoffrey Garen.
3245
3246         Transitioning:
3247             cti_op_get_by_id_generic
3248             cti_op_get_by_val
3249             cti_op_get_by_val_generic
3250             cti_op_get_by_val_string
3251
3252         * dfg/DFGOperations.cpp:
3253         * dfg/DFGOperations.h:
3254         * jit/JIT.h:
3255         * jit/JITInlines.h:
3256         (JSC::JIT::callOperation):
3257         * jit/JITOpcodes.cpp:
3258         (JSC::JIT::emitSlow_op_get_arguments_length):
3259         (JSC::JIT::emitSlow_op_get_argument_by_val):
3260         * jit/JITOpcodes32_64.cpp:
3261         (JSC::JIT::emitSlow_op_get_arguments_length):
3262         (JSC::JIT::emitSlow_op_get_argument_by_val):
3263         * jit/JITOperations.cpp:
3264         * jit/JITOperations.h:
3265         * jit/JITPropertyAccess.cpp:
3266         (JSC::JIT::emitSlow_op_get_by_val):
3267         (JSC::JIT::emitSlow_op_get_by_pname):
3268         (JSC::JIT::privateCompileGetByVal):
3269         * jit/JITPropertyAccess32_64.cpp:
3270         (JSC::JIT::emitSlow_op_get_by_val):
3271         (JSC::JIT::emitSlow_op_get_by_pname):
3272         * jit/JITStubs.cpp:
3273         * jit/JITStubs.h:
3274         * runtime/Executable.cpp:
3275         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
3276         * runtime/Options.cpp:
3277         (JSC::Options::initialize):
3278
3279 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
3280
3281         Introduce WTF::Bag and start using it for InlineCallFrameSet
3282         https://bugs.webkit.org/show_bug.cgi?id=122941
3283
3284         Reviewed by Geoffrey Garen.
3285         
3286         Use Bag for InlineCallFrameSet. If this works out then I'll make other
3287         SegmentedVectors into Bags as well.
3288
3289         * bytecode/InlineCallFrameSet.cpp:
3290         (JSC::InlineCallFrameSet::add):
3291         * bytecode/InlineCallFrameSet.h:
3292         (JSC::InlineCallFrameSet::begin):
3293         (JSC::InlineCallFrameSet::end):
3294         * dfg/DFGArgumentsSimplificationPhase.cpp:
3295         (JSC::DFG::ArgumentsSimplificationPhase::run):
3296         * dfg/DFGJITCompiler.cpp:
3297         (JSC::DFG::JITCompiler::link):
3298         * dfg/DFGStackLayoutPhase.cpp:
3299         (JSC::DFG::StackLayoutPhase::run):
3300         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3301         (JSC::DFG::VirtualRegisterAllocationPhase::run):
3302
3303 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
3304
3305         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
3306         https://bugs.webkit.org/show_bug.cgi?id=122905
3307         <rdar://problem/15237856>
3308
3309         Reviewed by Michael Saboff.
3310         
3311         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
3312         then always call it to install something that calls CRASH().
3313
3314         * llvm/InitializeLLVM.cpp:
3315         (JSC::llvmCrash):
3316         (JSC::initializeLLVMOnce):
3317         (JSC::initializeLLVM):
3318         * llvm/LLVMAPIFunctions.h:
3319
3320 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
3321
3322         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
3323         https://bugs.webkit.org/show_bug.cgi?id=122938
3324
3325         Reviewed by Sam Weinig.
3326         
3327         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
3328
3329         * jit/Repatch.cpp:
3330         (JSC::tryBuildGetByIDList):
3331
3332 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
3333
3334         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
3335         https://bugs.webkit.org/show_bug.cgi?id=122937
3336
3337         Reviewed by Geoffrey Garen.
3338         
3339         JITStubCall used to do it.
3340         
3341         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
3342
3343         * jit/JIT.h:
3344         (JSC::JIT::appendCall):
3345
3346 2013-10-16  Michael Saboff  <msaboff@apple.com>
3347
3348         transition void cti_op_put_by_val* stubs to JIT operations
3349         https://bugs.webkit.org/show_bug.cgi?id=122903
3350
3351         Reviewed by Geoffrey Garen.
3352
3353         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
3354         operationPutByValGeneric.
3355
3356         * jit/CCallHelpers.h:
3357         (JSC::CCallHelpers::setupArgumentsWithExecState):
3358         * jit/JIT.h:
3359         * jit/JITInlines.h:
3360         (JSC::JIT::callOperation):
3361         * jit/JITOperations.cpp:
3362         * jit/JITOperations.h:
3363         * jit/JITPropertyAccess.cpp:
3364         (JSC::JIT::emitSlow_op_put_by_val):
3365         (JSC::JIT::privateCompilePutByVal):
3366         * jit/JITPropertyAccess32_64.cpp:
3367         (JSC::JIT::emitSlow_op_put_by_val):
3368         * jit/JITStubs.cpp:
3369         * jit/JITStubs.h:
3370         * jit/JSInterfaceJIT.h:
3371
3372 2013-10-16  Oliver Hunt  <oliver@apple.com>
3373
3374         Implement ES6 spread operator
3375         https://bugs.webkit.org/show_bug.cgi?id=122911
3376
3377         Reviewed by Michael Saboff.
3378
3379         Implement the ES6 spread operator
3380
3381         This has a little bit of refactoring to move the enumeration logic out ForOfNode
3382         and into BytecodeGenerator, and then adds the logic to make it nicely callback
3383         driven.
3384
3385         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
3386         and actually handling the spread.
3387
3388         * bytecompiler/BytecodeGenerator.cpp:
3389         (JSC::BytecodeGenerator::emitNewArray):
3390         (JSC::BytecodeGenerator::emitCall):
3391         (JSC::BytecodeGenerator::emitEnumeration):
3392         * bytecompiler/BytecodeGenerator.h:
3393         * bytecompiler/NodesCodegen.cpp:
3394         (JSC::ArrayNode::emitBytecode):
3395         (JSC::ForOfNode::emitBytecode):
3396         (JSC::SpreadExpressionNode::emitBytecode):
3397         * parser/ASTBuilder.h:
3398         (JSC::ASTBuilder::createSpreadExpression):
3399         * parser/Lexer.cpp:
3400         (JSC::::lex):
3401         * parser/NodeConstructors.h:
3402         (JSC::SpreadExpressionNode::SpreadExpressionNode):
3403         * parser/Nodes.h:
3404         (JSC::ExpressionNode::isSpreadExpression):
3405         (JSC::SpreadExpressionNode::expression):
3406         * parser/Parser.cpp:
3407         (JSC::::parseArrayLiteral):
3408         (JSC::::parseArguments):
3409         (JSC::::parseMemberExpression):
3410         * parser/Parser.h:
3411         (JSC::Parser::getTokenName):
3412         (JSC::Parser::updateErrorMessageSpecialCase):
3413         * parser/ParserTokens.h:
3414         * parser/SyntaxChecker.h:
3415         (JSC::SyntaxChecker::createSpreadExpression):
3416
3417 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
3418
3419         Add a useLLInt option to jsc
3420         https://bugs.webkit.org/show_bug.cgi?id=122930
3421
3422         Reviewed by Geoffrey Garen.