130cdaec8e1c4f9fbcf8e0ff3b32ae2d15f7c894
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-28  Saam Barati  <sbarati@apple.com>
2
3         AssemblyHelpers should not have a VM field
4         https://bugs.webkit.org/show_bug.cgi?id=170207
5
6         Reviewed by Yusuke Suzuki.
7
8         APIs that need VM should take one as a parameter. When doing position
9         independent code for Wasm, we can't tie code generation to a VM.
10
11         * b3/B3Compile.cpp:
12         (JSC::B3::compile):
13         * b3/air/testair.cpp:
14         * b3/testb3.cpp:
15         (JSC::B3::testEntrySwitchSimple):
16         (JSC::B3::testEntrySwitchNoEntrySwitch):
17         (JSC::B3::testEntrySwitchWithCommonPaths):
18         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
19         (JSC::B3::testEntrySwitchLoop):
20         * bytecode/AccessCase.cpp:
21         (JSC::AccessCase::generateWithGuard):
22         (JSC::AccessCase::generateImpl):
23         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
24         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
25         * bytecode/InlineAccess.cpp:
26         (JSC::InlineAccess::dumpCacheSizesAndCrash):
27         (JSC::InlineAccess::generateSelfPropertyAccess):
28         (JSC::InlineAccess::generateSelfPropertyReplace):
29         (JSC::InlineAccess::generateArrayLength):
30         (JSC::InlineAccess::rewireStubAsJump):
31         * bytecode/InlineAccess.h:
32         * bytecode/PolymorphicAccess.cpp:
33         (JSC::AccessGenerationState::emitExplicitExceptionHandler):
34         (JSC::PolymorphicAccess::regenerate):
35         * bytecode/PolymorphicAccess.h:
36         (JSC::AccessGenerationState::AccessGenerationState):
37         * dfg/DFGJITCompiler.cpp:
38         (JSC::DFG::JITCompiler::JITCompiler):
39         (JSC::DFG::JITCompiler::compileExceptionHandlers):
40         (JSC::DFG::JITCompiler::link):
41         (JSC::DFG::JITCompiler::compile):
42         (JSC::DFG::JITCompiler::compileFunction):
43         (JSC::DFG::JITCompiler::exceptionCheck):
44         * dfg/DFGJITCompiler.h:
45         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
46         (JSC::DFG::JITCompiler::fastExceptionCheck):
47         (JSC::DFG::JITCompiler::vm):
48         * dfg/DFGOSRExitCompiler.cpp:
49         * dfg/DFGOSRExitCompiler.h:
50         * dfg/DFGOSRExitCompiler32_64.cpp:
51         (JSC::DFG::OSRExitCompiler::compileExit):
52         * dfg/DFGOSRExitCompiler64.cpp:
53         (JSC::DFG::OSRExitCompiler::compileExit):
54         * dfg/DFGOSRExitCompilerCommon.cpp:
55         (JSC::DFG::adjustAndJumpToTarget):
56         * dfg/DFGOSRExitCompilerCommon.h:
57         * dfg/DFGSpeculativeJIT.cpp:
58         (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
59         (JSC::DFG::SpeculativeJIT::checkArray):
60         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
61         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
62         (JSC::DFG::SpeculativeJIT::compileMakeRope):
63         (JSC::DFG::SpeculativeJIT::compileGetGlobalObject):
64         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
65         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
66         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
67         (JSC::DFG::SpeculativeJIT::compileSpread):
68         (JSC::DFG::SpeculativeJIT::compileArraySlice):
69         (JSC::DFG::SpeculativeJIT::compileNukeStructureAndSetButterfly):
70         (JSC::DFG::SpeculativeJIT::compileNewStringObject):
71         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
72         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
73         * dfg/DFGSpeculativeJIT.h:
74         (JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
75         (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
76         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
77         (JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
78         * dfg/DFGSpeculativeJIT32_64.cpp:
79         (JSC::DFG::SpeculativeJIT::emitCall):
80         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
81         (JSC::DFG::SpeculativeJIT::emitBranch):
82         (JSC::DFG::SpeculativeJIT::compile):
83         * dfg/DFGSpeculativeJIT64.cpp:
84         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
85         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
86         (JSC::DFG::SpeculativeJIT::emitCall):
87         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
88         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
89         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
90         (JSC::DFG::SpeculativeJIT::emitBranch):
91         (JSC::DFG::SpeculativeJIT::compile):
92         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
93         * dfg/DFGThunks.cpp:
94         (JSC::DFG::osrEntryThunkGenerator):
95         * ftl/FTLCompile.cpp:
96         (JSC::FTL::compile):
97         * ftl/FTLJITFinalizer.h:
98         * ftl/FTLLazySlowPath.cpp:
99         (JSC::FTL::LazySlowPath::generate):
100         * ftl/FTLLazySlowPathCall.h:
101         (JSC::FTL::createLazyCallGenerator):
102         * ftl/FTLLink.cpp:
103         (JSC::FTL::link):
104         * ftl/FTLLowerDFGToB3.cpp:
105         (JSC::FTL::DFG::LowerDFGToB3::lower):
106         (JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
107         (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
108         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
109         (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
110         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
111         (JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
112         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
113         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
114         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
115         (JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull):
116         (JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
117         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
118         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
119         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
120         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
121         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
122         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
123         (JSC::FTL::DFG::LowerDFGToB3::buildTypeOf):
124         * ftl/FTLOSRExitCompiler.cpp:
125         (JSC::FTL::compileStub):
126         * ftl/FTLSlowPathCall.h:
127         (JSC::FTL::callOperation):
128         * ftl/FTLState.h:
129         (JSC::FTL::State::vm):
130         * ftl/FTLThunks.cpp:
131         (JSC::FTL::genericGenerationThunkGenerator):
132         (JSC::FTL::slowPathCallThunkGenerator):
133         * jit/AssemblyHelpers.cpp:
134         (JSC::AssemblyHelpers::jitReleaseAssertNoException):
135         (JSC::AssemblyHelpers::callExceptionFuzz):
136         (JSC::AssemblyHelpers::emitJumpIfException):
137         (JSC::AssemblyHelpers::emitExceptionCheck):
138         (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
139         (JSC::AssemblyHelpers::emitLoadStructure):
140         (JSC::AssemblyHelpers::emitRandomThunk):
141         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
142         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
143         (JSC::AssemblyHelpers::debugCall):
144         * jit/AssemblyHelpers.h:
145         (JSC::AssemblyHelpers::AssemblyHelpers):
146         (JSC::AssemblyHelpers::codeBlock):
147         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
148         (JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer):
149         (JSC::AssemblyHelpers::barrierBranch):
150         (JSC::AssemblyHelpers::barrierStoreLoadFence):
151         (JSC::AssemblyHelpers::mutatorFence):
152         (JSC::AssemblyHelpers::storeButterfly):
153         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
154         (JSC::AssemblyHelpers::jumpIfMutatorFenceNotNeeded):
155         (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
156         (JSC::AssemblyHelpers::emitAllocateJSObject):
157         (JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
158         (JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
159         (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
160         (JSC::AssemblyHelpers::vm): Deleted.
161         (JSC::AssemblyHelpers::debugCall): Deleted.
162         * jit/CCallHelpers.cpp:
163         (JSC::CCallHelpers::ensureShadowChickenPacket):
164         * jit/CCallHelpers.h:
165         (JSC::CCallHelpers::CCallHelpers):
166         (JSC::CCallHelpers::jumpToExceptionHandler):
167         * jit/JIT.cpp:
168         (JSC::JIT::emitEnterOptimizationCheck):
169         (JSC::JIT::privateCompileExceptionHandlers):
170         * jit/JIT.h:
171         (JSC::JIT::exceptionCheck):
172         (JSC::JIT::exceptionCheckWithCallFrameRollback):
173         * jit/JITMathIC.h:
174         (JSC::JITMathIC::generateOutOfLine):
175         * jit/JITOpcodes.cpp:
176         (JSC::JIT::emit_op_instanceof):
177         (JSC::JIT::emit_op_is_undefined):
178         (JSC::JIT::emit_op_jfalse):
179         (JSC::JIT::emit_op_jeq_null):
180         (JSC::JIT::emit_op_jneq_null):
181         (JSC::JIT::emit_op_jtrue):
182         (JSC::JIT::emit_op_throw):
183         (JSC::JIT::emit_op_catch):
184         (JSC::JIT::emit_op_eq_null):
185         (JSC::JIT::emit_op_neq_null):
186         (JSC::JIT::emitSlow_op_loop_hint):
187         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
188         (JSC::JIT::emit_op_log_shadow_chicken_tail):
189         * jit/JITOpcodes32_64.cpp:
190         (JSC::JIT::privateCompileCTINativeCall):
191         (JSC::JIT::emit_op_new_object):
192         (JSC::JIT::emit_op_jfalse):
193         (JSC::JIT::emit_op_jtrue):
194         (JSC::JIT::emit_op_throw):
195         (JSC::JIT::emit_op_catch):
196         (JSC::JIT::emit_op_create_this):
197         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
198         (JSC::JIT::emit_op_log_shadow_chicken_tail):
199         * jit/JITPropertyAccess.cpp:
200         (JSC::JIT::emitWriteBarrier):
201         * jit/JSInterfaceJIT.h:
202         (JSC::JSInterfaceJIT::JSInterfaceJIT):
203         (JSC::JSInterfaceJIT::vm):
204         * jit/Repatch.cpp:
205         (JSC::tryCacheGetByID):
206         (JSC::tryCachePutByID):
207         (JSC::linkPolymorphicCall):
208         (JSC::resetGetByID):
209         (JSC::resetPutByID):
210         * jit/SetupVarargsFrame.cpp:
211         (JSC::emitSetupVarargsFrameFastCase):
212         * jit/SetupVarargsFrame.h:
213         * jit/SpecializedThunkJIT.h:
214         (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
215         * jit/ThunkGenerators.cpp:
216         (JSC::throwExceptionFromCallSlowPathGenerator):
217         (JSC::linkCallThunkGenerator):
218         (JSC::linkPolymorphicCallThunkGenerator):
219         (JSC::virtualThunkFor):
220         (JSC::nativeForGenerator):
221         (JSC::randomThunkGenerator):
222         (JSC::boundThisNoArgsFunctionCallGenerator):
223         (JSC::throwExceptionFromWasmThunkGenerator):
224         * wasm/WasmB3IRGenerator.cpp:
225         (JSC::Wasm::parseAndCompile):
226         * wasm/WasmBinding.cpp:
227         (JSC::Wasm::wasmToJs):
228         (JSC::Wasm::wasmToWasm):
229
230 2017-03-28  Keith Miller  <keith_miller@apple.com>
231
232         WebAssembly: We should have Origins
233         https://bugs.webkit.org/show_bug.cgi?id=170217
234
235         Reviewed by Mark Lam.
236
237         This patch adds wasm origins for B3::Values, called OpcodeOrigin. Currently,
238         OpcodeOrigin just tracks the original opcode and the location of that opcode.
239
240         Here's a sample:
241
242         BB#0: ; frequency = 1.000000
243             Int64 @4 = Patchpoint(generator = 0x10f487fa8, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister)
244             Int64 @5 = FramePointer()
245             Void @8 = Store(@4, @5, offset = 24, ControlDependent|Writes:Top)
246             Int64 @10 = Const64(0)
247             Void @12 = Store($0(@10), @5, offset = 16, ControlDependent|Writes:Top)
248             Int64 @13 = Patchpoint(generator = 0x10f4be7f0, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister, ExitsSideways|ControlDependent|WritesPinned|ReadsPinned|Fence|Writes:Top|Reads:Top)
249             Int64 @16 = ArgumentReg(%rdi)
250             Int64 @18 = ArgumentReg(%rsi)
251             Int32 @22 = Trunc(@18, Wasm: {opcode: I64Rotl, location: 5})
252             Int64 @23 = RotL(@16, @22, Wasm: {opcode: I64Rotl, location: 5})
253             Void @27 = Return(@23, Terminal, Wasm: {opcode: End, location: 6})
254
255         * JavaScriptCore.xcodeproj/project.pbxproj:
256         * b3/B3Value.cpp:
257         (JSC::B3::Value::deepDump):
258         * wasm/WasmB3IRGenerator.cpp:
259         (JSC::Wasm::B3IRGenerator::setParser):
260         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
261         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
262         (JSC::Wasm::B3IRGenerator::emitLoadOp):
263         (JSC::Wasm::B3IRGenerator::emitStoreOp):
264         (JSC::Wasm::B3IRGenerator::addConstant):
265         (JSC::Wasm::B3IRGenerator::addLoop):
266         (JSC::Wasm::B3IRGenerator::unify):
267         (JSC::Wasm::parseAndCompile):
268         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
269         (JSC::Wasm::getMemoryBaseAndSize): Deleted.
270         * wasm/WasmFunctionParser.h:
271         (JSC::Wasm::FunctionParser::currentOpcode):
272         (JSC::Wasm::FunctionParser::currentOpcodeStartingOffset):
273         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
274         * wasm/WasmOpcodeOrigin.cpp: Added.
275         (JSC::Wasm::OpcodeOrigin::dump):
276         * wasm/WasmOpcodeOrigin.h: Added.
277         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
278         * wasm/WasmValidate.cpp:
279         (JSC::Wasm::Validate::setParser):
280         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
281         (CodeGenerator.generate):
282         (generateB3OpCode):
283         (generateConstCode):
284
285 2017-03-28  JF Bastien  <jfbastien@apple.com>
286
287         WebAssembly: option to crash if no fast memory is available
288         https://bugs.webkit.org/show_bug.cgi?id=170219
289
290         Reviewed by Mark Lam.
291
292         * runtime/Options.h:
293         * wasm/WasmMemory.cpp:
294         (JSC::Wasm::webAssemblyCouldntGetFastMemory):
295         (JSC::Wasm::tryGetFastMemory):
296
297 2017-03-28  Mark Lam  <mark.lam@apple.com>
298
299         The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
300         https://bugs.webkit.org/show_bug.cgi?id=170213
301         <rdar://problem/30755345>
302
303         Reviewed by Filip Pizlo.
304
305         The current condition for stealing the conn isn't tight enough.  Restricting the
306         stealing to when m_currentPhase == NotRunning ensures that the Collector is
307         really done running.
308
309         No test because this issue only manifests with a race condition that is difficult
310         to reproduce on demand.
311
312         * heap/Heap.cpp:
313         (JSC::Heap::requestCollection):
314
315 2017-03-28  Keith Miller  <keith_miller@apple.com>
316
317         WebAssembly: Make WebAssembly.instantiate/compile truly asynchronous
318         https://bugs.webkit.org/show_bug.cgi?id=169187
319
320         Reviewed by Saam Barati.
321
322         This patch allows WebAssembly compilations to happen asynchronously.
323         To do so, it refactors how much of the compilation happens and adds
324         new infrastructure for async promises.
325
326         First, there is a new class, PromiseDeferredTimer that lives on
327         the VM.  PromiseDeferredTimer will manage the life-cycle of async
328         pending promises and any dependencies that promise
329         needs. PromiseDeferredTimer automagically releases the pending
330         promise and dependencies once the JSPromiseDeferred is resolved or
331         rejected. Additionally, PromiseDeferredTimer provides a mechanism
332         to poll the run-loop whenever the async task needs to synchronize
333         with the JS thread. Normally, that will be whenever the async task
334         finishes. In the case of Web Assembly we also use this feature for
335         the compile + instantiate case, where we might have more work
336         after the first async task completes (more on that later).
337
338         The next class is Wasm::Worklist, which is used to manage Wasm
339         compilation tasks. The worklist class works similarly to the
340         DFG/FTL Worklists. It has a pool of threads that it manages. One
341         interesting aspect of Wasm Worklist is that it can synchronously
342         compile a plan that is already potentially running
343         asynchronously. This can occur if a user calls
344         WebAssembly.instantiate() then new WebAssembly.instantiate() on
345         the same module. In that case the Wasm Worklist will bump the
346         priority of the running pending Plan and block the JS thread.
347
348         This patch also makes some of the Wasm Plan code cleaner. Since we
349         now defer all compilation to instantiation time, we no longer need
350         to guess at which memory we are going to get. Also, Wasm Plans now
351         track the work they have done with a state enum.
352
353         Finally, this patch makes renamed HeapTimer to JSRunLoopTimer. It
354         also adds changes test262AsyncTest to a more generic testing
355         infrastructure. Now, in addition to the old functionality, you can
356         call asyncTest() with the number of tests you expect. When the jsc
357         CLI exits, it will guarantee that asyncTestPassed() is called that
358         many times.
359
360         * CMakeLists.txt:
361         * JavaScriptCore.xcodeproj/project.pbxproj:
362         * heap/GCActivityCallback.h:
363         * heap/IncrementalSweeper.cpp:
364         (JSC::IncrementalSweeper::scheduleTimer):
365         (JSC::IncrementalSweeper::IncrementalSweeper):
366         * heap/IncrementalSweeper.h:
367         * heap/StopIfNecessaryTimer.cpp:
368         (JSC::StopIfNecessaryTimer::StopIfNecessaryTimer):
369         * heap/StopIfNecessaryTimer.h:
370         * heap/StrongInlines.h:
371         * jsc.cpp:
372         (GlobalObject::finishCreation):
373         (printInternal):
374         (functionAsyncTestStart):
375         (functionAsyncTestPassed):
376         (functionTestWasmModuleFunctions):
377         (CommandLine::parseArguments):
378         (runJSC):
379         * runtime/JSPromiseDeferred.cpp:
380         (JSC::JSPromiseDeferred::resolve):
381         (JSC::JSPromiseDeferred::reject):
382         * runtime/JSPromiseDeferred.h:
383         (JSC::JSPromiseDeferred::promiseAsyncPending):
384         * runtime/JSRunLoopTimer.cpp: Renamed from Source/JavaScriptCore/heap/HeapTimer.cpp.
385         (JSC::JSRunLoopTimer::JSRunLoopTimer):
386         (JSC::JSRunLoopTimer::setRunLoop):
387         (JSC::JSRunLoopTimer::~JSRunLoopTimer):
388         (JSC::JSRunLoopTimer::timerDidFire):
389         (JSC::JSRunLoopTimer::scheduleTimer):
390         (JSC::JSRunLoopTimer::cancelTimer):
391         (JSC::JSRunLoopTimer::invalidate):
392         * runtime/JSRunLoopTimer.h: Copied from Source/JavaScriptCore/heap/HeapTimer.h.
393         * runtime/Options.h:
394         * runtime/PromiseDeferredTimer.cpp: Added.
395         (JSC::PromiseDeferredTimer::PromiseDeferredTimer):
396         (JSC::PromiseDeferredTimer::doWork):
397         (JSC::PromiseDeferredTimer::runRunLoop):
398         (JSC::PromiseDeferredTimer::addPendingPromise):
399         (JSC::PromiseDeferredTimer::cancelPendingPromise):
400         (JSC::PromiseDeferredTimer::scheduleWorkSoon):
401         (JSC::PromiseDeferredTimer::scheduleBlockedTask):
402         * runtime/PromiseDeferredTimer.h: Renamed from Source/JavaScriptCore/heap/HeapTimer.h.
403         (JSC::PromiseDeferredTimer::stopRunningTasks):
404         * runtime/VM.cpp:
405         (JSC::VM::VM):
406         (JSC::VM::~VM):
407         * runtime/VM.h:
408         * wasm/JSWebAssembly.cpp:
409         (JSC::reject):
410         (JSC::webAssemblyCompileFunc):
411         (JSC::resolve):
412         (JSC::instantiate):
413         (JSC::compileAndInstantiate):
414         (JSC::webAssemblyInstantiateFunc):
415         (JSC::webAssemblyValidateFunc):
416         * wasm/WasmB3IRGenerator.cpp:
417         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
418         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
419         (JSC::Wasm::B3IRGenerator::memoryKind):
420         (JSC::Wasm::parseAndCompile):
421         * wasm/WasmB3IRGenerator.h:
422         * wasm/WasmFormat.h:
423         (JSC::Wasm::ModuleInformation::internalFunctionCount):
424         * wasm/WasmFunctionParser.h:
425         * wasm/WasmMemory.h:
426         * wasm/WasmMemoryInformation.cpp:
427         (JSC::Wasm::MemoryInformation::MemoryInformation):
428         * wasm/WasmMemoryInformation.h:
429         (JSC::Wasm::MemoryInformation::maximum):
430         (JSC::Wasm::MemoryInformation::hasReservedMemory): Deleted.
431         (JSC::Wasm::MemoryInformation::takeReservedMemory): Deleted.
432         (JSC::Wasm::MemoryInformation::mode): Deleted.
433         * wasm/WasmModuleParser.cpp:
434         * wasm/WasmModuleParser.h:
435         (JSC::Wasm::ModuleParser::ModuleParser):
436         * wasm/WasmPlan.cpp:
437         (JSC::Wasm::Plan::Plan):
438         (JSC::Wasm::Plan::stateString):
439         (JSC::Wasm::Plan::moveToState):
440         (JSC::Wasm::Plan::fail):
441         (JSC::Wasm::Plan::parseAndValidateModule):
442         (JSC::Wasm::Plan::prepare):
443         (JSC::Wasm::Plan::ThreadCountHolder::ThreadCountHolder):
444         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
445         (JSC::Wasm::Plan::compileFunctions):
446         (JSC::Wasm::Plan::complete):
447         (JSC::Wasm::Plan::waitForCompletion):
448         (JSC::Wasm::Plan::cancel):
449         (JSC::Wasm::Plan::run): Deleted.
450         (JSC::Wasm::Plan::initializeCallees): Deleted.
451         * wasm/WasmPlan.h:
452         (JSC::Wasm::Plan::dontFinalize):
453         (JSC::Wasm::Plan::exports):
454         (JSC::Wasm::Plan::internalFunctionCount):
455         (JSC::Wasm::Plan::takeModuleInformation):
456         (JSC::Wasm::Plan::takeCallLinkInfos):
457         (JSC::Wasm::Plan::takeWasmExitStubs):
458         (JSC::Wasm::Plan::setModeAndPromise):
459         (JSC::Wasm::Plan::mode):
460         (JSC::Wasm::Plan::pendingPromise):
461         (JSC::Wasm::Plan::vm):
462         (JSC::Wasm::Plan::errorMessage):
463         (JSC::Wasm::Plan::failed):
464         (JSC::Wasm::Plan::hasWork):
465         (JSC::Wasm::Plan::hasBeenPrepared):
466         * wasm/WasmPlanInlines.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
467         (JSC::Wasm::Plan::initializeCallees):
468         * wasm/WasmValidate.cpp:
469         * wasm/WasmWorklist.cpp: Added.
470         (JSC::Wasm::Worklist::priorityString):
471         (JSC::Wasm::Worklist::QueueElement::setToNextPriority):
472         (JSC::Wasm::Worklist::iterate):
473         (JSC::Wasm::Worklist::enqueue):
474         (JSC::Wasm::Worklist::completePlanSynchronously):
475         (JSC::Wasm::Worklist::stopAllPlansForVM):
476         (JSC::Wasm::Worklist::Worklist):
477         (JSC::Wasm::Worklist::~Worklist):
478         (JSC::Wasm::existingWorklistOrNull):
479         (JSC::Wasm::ensureWorklist):
480         * wasm/WasmWorklist.h: Added.
481         (JSC::Wasm::Worklist::nextTicket):
482         (JSC::Wasm::Worklist::Comparator::operator()):
483         * wasm/js/JSWebAssemblyCallee.h:
484         * wasm/js/JSWebAssemblyCodeBlock.cpp:
485         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
486         (JSC::JSWebAssemblyCodeBlock::initialize):
487         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
488         * wasm/js/JSWebAssemblyCodeBlock.h:
489         (JSC::JSWebAssemblyCodeBlock::create):
490         (JSC::JSWebAssemblyCodeBlock::initialized):
491         (JSC::JSWebAssemblyCodeBlock::plan):
492         (JSC::JSWebAssemblyCodeBlock::runnable):
493         (JSC::JSWebAssemblyCodeBlock::errorMessage):
494         (JSC::JSWebAssemblyCodeBlock::callees):
495         * wasm/js/JSWebAssemblyHelpers.h:
496         (JSC::createSourceBufferFromValue):
497         * wasm/js/JSWebAssemblyInstance.cpp:
498         (JSC::JSWebAssemblyInstance::finishCreation):
499         (JSC::JSWebAssemblyInstance::visitChildren):
500         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
501         (JSC::JSWebAssemblyInstance::finalizeCreation):
502         (JSC::JSWebAssemblyInstance::create):
503         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
504         * wasm/js/JSWebAssemblyInstance.h:
505         (JSC::JSWebAssemblyInstance::codeBlock):
506         (JSC::JSWebAssemblyInstance::initialized):
507         (JSC::JSWebAssemblyInstance::module):
508         (JSC::JSWebAssemblyInstance::importFunction):
509         (JSC::JSWebAssemblyInstance::setMemory):
510         (JSC::JSWebAssemblyInstance::table):
511         (JSC::JSWebAssemblyInstance::importFunctions):
512         (JSC::JSWebAssemblyInstance::setImportFunction): Deleted.
513         (JSC::JSWebAssemblyInstance::setTable): Deleted.
514         * wasm/js/JSWebAssemblyModule.cpp:
515         (JSC::JSWebAssemblyModule::createStub):
516         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
517         (JSC::JSWebAssemblyModule::finishCreation):
518         (JSC::JSWebAssemblyModule::setCodeBlock):
519         (JSC::JSWebAssemblyModule::buildCodeBlock): Deleted.
520         (JSC::JSWebAssemblyModule::create): Deleted.
521         (JSC::JSWebAssemblyModule::codeBlock): Deleted.
522         * wasm/js/JSWebAssemblyModule.h:
523         (JSC::JSWebAssemblyModule::moduleInformation):
524         (JSC::JSWebAssemblyModule::codeBlock):
525         (JSC::JSWebAssemblyModule::source):
526         (JSC::JSWebAssemblyModule::takeReservedMemory): Deleted.
527         (JSC::JSWebAssemblyModule::codeBlockFor): Deleted.
528         * wasm/js/WebAssemblyInstanceConstructor.cpp:
529         (JSC::constructJSWebAssemblyInstance):
530         (JSC::WebAssemblyInstanceConstructor::createInstance): Deleted.
531         * wasm/js/WebAssemblyModuleConstructor.cpp:
532         (JSC::WebAssemblyModuleConstructor::createModule):
533         * wasm/js/WebAssemblyModulePrototype.cpp:
534         (JSC::webAssemblyModuleProtoImports):
535         (JSC::webAssemblyModuleProtoExports):
536         * wasm/js/WebAssemblyModuleRecord.cpp:
537         (JSC::WebAssemblyModuleRecord::finishCreation):
538         (JSC::WebAssemblyModuleRecord::link):
539         (JSC::WebAssemblyModuleRecord::evaluate):
540         * wasm/js/WebAssemblyModuleRecord.h:
541
542 2017-03-28  Yusuke Suzuki  <utatane.tea@gmail.com>
543
544         WebAssembly: add fallback to use pinned register to load/store state
545         https://bugs.webkit.org/show_bug.cgi?id=169773
546
547         Reviewed by Saam Barati.
548
549         This patch adds a new pinned register to hold JSWebAssemblyInstance,
550         which is used to represent the context of running Wasm code.
551         While we use fast TLS to hold the context in macOS, we do not have
552         any system reserved fast TLS slot in the other systems. This pinned
553         register approach is used in these systems. These changes decouple
554         VM from Wasm module to make Wasm module position independent code.
555
556         While using fast TLS could be beneficial in x64 systems which number of
557         registers is relatively small, pinned register approach could be
558         beneficial in ARM64 which has plenty of registers. In macOS, we can
559         switch the implementation with the runtime flag. Thus macOS port can
560         compare the performance and decide which implementation is used after
561         landing this patch.
562
563         * heap/MarkedBlock.h:
564         (JSC::MarkedBlock::offsetOfVM):
565         * jit/AssemblyHelpers.cpp:
566         (JSC::AssemblyHelpers::loadWasmContext):
567         (JSC::AssemblyHelpers::storeWasmContext):
568         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
569         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
570         * jit/AssemblyHelpers.h:
571         (JSC::AssemblyHelpers::loadWasmContext): Deleted.
572         (JSC::AssemblyHelpers::storeWasmContext): Deleted.
573         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister): Deleted.
574         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister): Deleted.
575         * jit/Repatch.cpp:
576         (JSC::webAssemblyOwner):
577         (JSC::linkFor):
578         (JSC::linkPolymorphicCall):
579         (JSC::isWebAssemblyToJSCallee): Deleted.
580         * jit/ThunkGenerators.cpp:
581         (JSC::throwExceptionFromWasmThunkGenerator):
582         * llint/LLIntData.cpp:
583         (JSC::LLInt::Data::performAssertions):
584         * llint/LowLevelInterpreter.asm:
585         * runtime/JSCell.cpp:
586         (JSC::JSCell::isAnyWasmCallee):
587         * runtime/JSCellInlines.h:
588         (JSC::isWebAssemblyToJSCallee):
589         * runtime/JSType.h:
590         * runtime/StackFrame.cpp:
591         (JSC::StackFrame::functionName):
592         * runtime/VM.cpp:
593         (JSC::VM::VM):
594         * runtime/VM.h:
595         (JSC::VM::wasmContextOffset):
596         * wasm/WasmB3IRGenerator.cpp:
597         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
598         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
599         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
600         (JSC::Wasm::getMemoryBaseAndSize):
601         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
602         (JSC::Wasm::createJSToWasmWrapper):
603         (JSC::Wasm::loadWasmContext): Deleted.
604         (JSC::Wasm::storeWasmContext): Deleted.
605         (JSC::Wasm::restoreWebAssemblyGlobalState): Deleted.
606         * wasm/WasmBinding.cpp:
607         (JSC::Wasm::wasmToJs):
608         * wasm/WasmContext.cpp:
609         (JSC::loadWasmContext):
610         (JSC::storeWasmContext):
611         * wasm/WasmContext.h:
612         * wasm/WasmMemoryInformation.cpp:
613         (JSC::Wasm::getPinnedRegisters):
614         (JSC::Wasm::PinnedRegisterInfo::get):
615         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
616         * wasm/WasmMemoryInformation.h:
617         (JSC::Wasm::PinnedRegisterInfo::toSave):
618         (JSC::Wasm::useFastTLS):
619         (JSC::Wasm::useFastTLSForWasmContext):
620         * wasm/js/JSWebAssemblyInstance.cpp:
621         (JSC::JSWebAssemblyInstance::finishCreation):
622         (JSC::JSWebAssemblyInstance::visitChildren):
623         * wasm/js/JSWebAssemblyInstance.h:
624         (JSC::JSWebAssemblyInstance::offsetOfCallee):
625         * wasm/js/JSWebAssemblyModule.cpp:
626         (JSC::JSWebAssemblyModule::finishCreation):
627         (JSC::JSWebAssemblyModule::visitChildren):
628         * wasm/js/JSWebAssemblyModule.h:
629         (JSC::JSWebAssemblyModule::callee):
630         * wasm/js/WebAssemblyFunction.cpp:
631         (JSC::callWebAssemblyFunction):
632         (JSC::WebAssemblyFunction::create):
633         * wasm/js/WebAssemblyToJSCallee.cpp:
634         (JSC::WebAssemblyToJSCallee::create):
635         (JSC::WebAssemblyToJSCallee::createStructure):
636         (JSC::WebAssemblyToJSCallee::finishCreation):
637         (JSC::WebAssemblyToJSCallee::visitChildren):
638         (JSC::WebAssemblyToJSCallee::destroy): Deleted.
639         * wasm/js/WebAssemblyToJSCallee.h:
640
641 2017-03-28  Brian Burg  <bburg@apple.com>
642
643         Web Inspector: Add "Disable Caches" option that only applies to the inspected page while Web Inspector is open
644         https://bugs.webkit.org/show_bug.cgi?id=169865
645         <rdar://problem/31250573>
646
647         Reviewed by Joseph Pecoraro.
648
649         * inspector/protocol/Network.json:
650         Rename the command for disabling resource caching to match the WebCore::Page
651         flag. This also removes the possibility that this could be confused for the old,
652         buggy command that this patch rips out.
653
654 2017-03-25  Yusuke Suzuki  <utatane.tea@gmail.com>
655
656         [JSC] Move platformThreadSignal to WTF
657         https://bugs.webkit.org/show_bug.cgi?id=170097
658
659         Reviewed by Mark Lam.
660
661         It is a small clean up towards https://bugs.webkit.org/show_bug.cgi?id=170027.
662         platformThreadSignal uses PlatformThread in JSC, but it can be implemented in
663         WTF ThreadIdentifier.
664
665         * runtime/JSLock.cpp:
666         (JSC::JSLock::lock):
667         * runtime/JSLock.h:
668         (JSC::JSLock::ownerThread):
669         (JSC::JSLock::currentThreadIsHoldingLock):
670         * runtime/PlatformThread.h:
671         (JSC::platformThreadSignal): Deleted.
672         * runtime/VM.h:
673         (JSC::VM::ownerThread):
674         * runtime/VMTraps.cpp:
675         (JSC::VMTraps::SignalSender::send):
676
677 2017-03-28  JF Bastien  <jfbastien@apple.com>
678
679         WebAssembly: implement Module imports/exports
680         https://bugs.webkit.org/show_bug.cgi?id=166982
681
682         Reviewed by Saam Barati.
683
684         As defined in: https://github.com/WebAssembly/design/commit/18cbacb90cd3584dd5c9aa3d392e4e55f66af6ab
685
686         * wasm/WasmFormat.h:
687         (JSC::Wasm::makeString): use uppercase instead, it was only used
688         for diagnostic but is now used for the expected JS property's
689         capitalization
690         * wasm/js/WebAssemblyModulePrototype.cpp:
691         (JSC::webAssemblyModuleProtoImports):
692         (JSC::webAssemblyModuleProtoExports):
693
694 2017-03-27  JF Bastien  <jfbastien@apple.com>
695
696         WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
697         https://bugs.webkit.org/show_bug.cgi?id=170160
698
699         Reviewed by Mark Lam.
700
701         * JavaScriptCore.xcodeproj/project.pbxproj:
702         * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
703
704 2017-03-27  JF Bastien  <jfbastien@apple.com>
705
706         WebAssembly: misc memory testing
707         https://bugs.webkit.org/show_bug.cgi?id=170137
708
709         Reviewed by Keith Miller.
710
711         * wasm/js/WebAssemblyInstanceConstructor.cpp:
712         (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
713
714 2017-03-27  Michael Saboff  <msaboff@apple.com>
715
716         Add ARM64 system instructions to disassembler
717         https://bugs.webkit.org/show_bug.cgi?id=170084
718
719         Reviewed by Saam Barati.
720
721         This changes adds support for MRS and MSR instructions, and refactors the DMB
722         disassembly to handle all of the barrier instructions.
723
724         * disassembler/ARM64/A64DOpcode.cpp:
725         (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
726         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
727         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
728         (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
729         * disassembler/ARM64/A64DOpcode.h:
730         (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
731         (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
732         (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
733         (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
734         (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
735         (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
736         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
737         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
738         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
739         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
740         (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
741         (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
742         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
743
744 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
745
746         B3::fixSSA should do liveness pruning
747         https://bugs.webkit.org/show_bug.cgi?id=170111
748
749         Reviewed by Saam Barati.
750         
751         This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
752         create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
753         construction.
754         
755         This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
756         times.
757
758         * CMakeLists.txt:
759         * JavaScriptCore.xcodeproj/project.pbxproj:
760         * b3/B3BasicBlock.h:
761         (JSC::B3::BasicBlock::get):
762         * b3/B3FixSSA.cpp:
763         (JSC::B3::fixSSA):
764         * b3/B3VariableLiveness.cpp: Added.
765         (JSC::B3::VariableLiveness::VariableLiveness):
766         (JSC::B3::VariableLiveness::~VariableLiveness):
767         * b3/B3VariableLiveness.h: Added.
768         (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
769         (JSC::B3::VariableLivenessAdapter::numIndices):
770         (JSC::B3::VariableLivenessAdapter::valueToIndex):
771         (JSC::B3::VariableLivenessAdapter::indexToValue):
772         (JSC::B3::VariableLivenessAdapter::blockSize):
773         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
774         (JSC::B3::VariableLivenessAdapter::forEachLateUse):
775         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
776         (JSC::B3::VariableLivenessAdapter::forEachLateDef):
777         * b3/air/AirCFG.h: Added.
778         (JSC::B3::Air::CFG::CFG):
779         (JSC::B3::Air::CFG::root):
780         (JSC::B3::Air::CFG::newMap):
781         (JSC::B3::Air::CFG::successors):
782         (JSC::B3::Air::CFG::predecessors):
783         (JSC::B3::Air::CFG::index):
784         (JSC::B3::Air::CFG::node):
785         (JSC::B3::Air::CFG::numNodes):
786         (JSC::B3::Air::CFG::dump):
787         * b3/air/AirCode.cpp:
788         (JSC::B3::Air::Code::Code):
789         * b3/air/AirCode.h:
790         (JSC::B3::Air::Code::cfg):
791         * b3/air/AirLiveness.h:
792         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
793         (JSC::B3::Air::LivenessAdapter::blockSize):
794         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
795         (JSC::B3::Air::LivenessAdapter::forEachLateUse):
796         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
797         (JSC::B3::Air::LivenessAdapter::forEachLateDef):
798         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
799         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
800         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
801         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
802         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
803         (JSC::B3::Air::Liveness::Liveness):
804         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
805         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
806         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
807         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
808         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
809         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
810         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
811         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
812         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
813         (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
814         (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
815         (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
816         (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
817         (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
818         (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
819         (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
820         (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
821         (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
822         (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
823         (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
824         (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
825         (JSC::B3::Air::Liveness::Iterable::end): Deleted.
826         (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
827         (JSC::B3::Air::Liveness::liveAtHead): Deleted.
828         (JSC::B3::Air::Liveness::liveAtTail): Deleted.
829         (JSC::B3::Air::Liveness::workset): Deleted.
830
831 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
832
833         Air::Liveness shouldn't need HashSets
834         https://bugs.webkit.org/show_bug.cgi?id=170102
835
836         Reviewed by Yusuke Suzuki.
837         
838         This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
839         easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
840         the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
841         compile time progression on WasmBench.
842         
843         * b3/B3LowerToAir.cpp:
844         (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
845         * b3/air/AirLiveness.h:
846         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
847         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
848         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
849         (JSC::B3::Air::AbstractLiveness::liveAtHead):
850         (JSC::B3::Air::AbstractLiveness::liveAtTail):
851         * b3/air/AirTmp.h:
852         (JSC::B3::Air::Tmp::bank):
853         (JSC::B3::Air::Tmp::tmpIndex):
854         * dfg/DFGStoreBarrierClusteringPhase.cpp:
855
856 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
857
858         Air should use RegisterSet for RegLiveness
859         https://bugs.webkit.org/show_bug.cgi?id=170108
860
861         Reviewed by Yusuke Suzuki.
862         
863         The biggest change here is the introduction of the new RegLiveness class. This is a
864         drop-in replacement for the old RegLiveness, which was a specialization of
865         AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
866         sets everywhere, which is efficient for registers since RegisterSet is just two (on
867         x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
868         compile time progression on WasmBench.
869
870         * CMakeLists.txt:
871         * JavaScriptCore.xcodeproj/project.pbxproj:
872         * b3/B3TimingScope.cpp: Records phase timing totals.
873         (JSC::B3::TimingScope::TimingScope):
874         (JSC::B3::TimingScope::~TimingScope):
875         * b3/B3TimingScope.h:
876         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
877         (JSC::B3::Air::allocateRegistersByGraphColoring):
878         * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
879         (JSC::B3::Air::Liveness::Liveness):
880         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
881         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
882         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
883         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
884         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
885         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
886         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
887         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
888         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
889         (JSC::B3::Air::Liveness::Iterable::Iterable):
890         (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
891         (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
892         (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
893         (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
894         (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
895         (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
896         (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
897         (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
898         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
899         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
900         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
901         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
902         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
903         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
904         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
905         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
906         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
907         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
908         (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
909         (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
910         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
911         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
912         (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
913         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
914         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
915         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
916         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
917         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
918         (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
919         (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
920         (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
921         (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
922         (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
923         (JSC::B3::Air::AbstractLiveness::workset): Deleted.
924         * b3/air/AirLogRegisterPressure.cpp:
925         * b3/air/AirLowerAfterRegAlloc.cpp:
926         * b3/air/AirRegLiveness.cpp: Added.
927         (JSC::B3::Air::RegLiveness::RegLiveness):
928         (JSC::B3::Air::RegLiveness::~RegLiveness):
929         (JSC::B3::Air::RegLiveness::LocalCalc::execute):
930         * b3/air/AirRegLiveness.h: Added.
931         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
932         (JSC::B3::Air::RegLiveness::LocalCalc::live):
933         (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
934         (JSC::B3::Air::RegLiveness::liveAtHead):
935         (JSC::B3::Air::RegLiveness::liveAtTail):
936         * b3/air/AirReportUsedRegisters.cpp:
937         * jit/RegisterSet.h:
938         (JSC::RegisterSet::add):
939         (JSC::RegisterSet::remove):
940         (JSC::RegisterSet::contains):
941         (JSC::RegisterSet::subsumes):
942         (JSC::RegisterSet::iterator::iterator):
943         (JSC::RegisterSet::iterator::operator*):
944         (JSC::RegisterSet::iterator::operator++):
945         (JSC::RegisterSet::iterator::operator==):
946         (JSC::RegisterSet::iterator::operator!=):
947         (JSC::RegisterSet::begin):
948         (JSC::RegisterSet::end):
949
950 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
951
952         Fix wasm by returning after we do TLS.
953
954         Rubber stamped by Keith Miller.
955
956         * jit/AssemblyHelpers.h:
957         (JSC::AssemblyHelpers::storeWasmContext):
958
959 2017-03-24  Mark Lam  <mark.lam@apple.com>
960
961         Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
962         https://bugs.webkit.org/show_bug.cgi?id=170086
963         <rdar://problem/31253673>
964
965         Reviewed by Saam Barati.
966
967         Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
968         just before we RELEASE_ASSERT_NOT_REACHED.
969
970         * heap/Heap.cpp:
971         (JSC::Heap::resumeThePeriphery):
972
973 2017-03-24  JF Bastien  <jfbastien@apple.com>
974
975         WebAssembly: store state in TLS instead of on VM
976         https://bugs.webkit.org/show_bug.cgi?id=169611
977
978         Reviewed by Filip Pizlo.
979
980         Using thread-local storage instead of VM makes code more position
981         independent. We used to store the WebAssembly top Instance (the
982         latest one in the call stack) on VM, now we instead store it in
983         TLS. This top Instance is used to access a bunch of state such as
984         Memory location, size, table (for call_indirect), etc.
985
986         Instead of calling it "top", which is confusing, we now just call
987         it WasmContext.
988
989         Making the code PIC means future patches will be able to
990         postMessage and structured clone into IDB without having to
991         recompile the code. This wasn't possible before because we
992         hard-coded the address of VM at compilation time. That doesn't
993         work between workers, and doesn't work across reloads (which IDB
994         is intended to do).
995
996         It'll also potentially make code faster once we start tuning
997         what's in TLS, what's in which of the 4 free slots, and what's in
998         pinned registers. I'm leaving this tuning for later because
999         there's lower lying fruit for us to pick.
1000
1001         * CMakeLists.txt:
1002         * JavaScriptCore.xcodeproj/project.pbxproj:
1003         * assembler/AbstractMacroAssembler.h:
1004         * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
1005         (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
1006         (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
1007         * assembler/MacroAssembler.h:
1008         (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
1009         the code required to store to TLS, only to load
1010         * assembler/MacroAssemblerARM64.h:
1011         (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
1012         (JSC::MacroAssemblerARM64::storeToTLS32):
1013         (JSC::MacroAssemblerARM64::storeToTLS64):
1014         (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
1015         * assembler/MacroAssemblerX86Common.h:
1016         (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
1017         (JSC::MacroAssemblerX86Common::storeToTLS32):
1018         (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
1019         * assembler/MacroAssemblerX86_64.h:
1020         (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
1021         (JSC::MacroAssemblerX86_64::storeToTLS64):
1022         * assembler/X86Assembler.h:
1023         (JSC::X86Assembler::movl_rm):
1024         (JSC::X86Assembler::movq_rm):
1025         * b3/testb3.cpp:
1026         (JSC::B3::testFastTLSLoad):
1027         (JSC::B3::testFastTLSStore):
1028         (JSC::B3::run):
1029         * jit/AssemblyHelpers.h:
1030         (JSC::AssemblyHelpers::loadWasmContext):
1031         (JSC::AssemblyHelpers::storeWasmContext):
1032         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
1033         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
1034         * jit/Repatch.cpp:
1035         (JSC::webAssemblyOwner):
1036         * jit/ThunkGenerators.cpp:
1037         (JSC::throwExceptionFromWasmThunkGenerator):
1038         * runtime/Options.h:
1039         * runtime/VM.cpp:
1040         (JSC::VM::VM):
1041         * runtime/VM.h:
1042         * wasm/WasmB3IRGenerator.cpp:
1043         (JSC::Wasm::loadWasmContext):
1044         (JSC::Wasm::storeWasmContext):
1045         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1046         (JSC::Wasm::getMemoryBaseAndSize):
1047         (JSC::Wasm::restoreWebAssemblyGlobalState):
1048         (JSC::Wasm::createJSToWasmWrapper):
1049         (JSC::Wasm::parseAndCompile):
1050         * wasm/WasmBinding.cpp:
1051         (JSC::Wasm::materializeImportJSCell):
1052         (JSC::Wasm::wasmToJs):
1053         (JSC::Wasm::wasmToWasm):
1054         * wasm/WasmContext.cpp: Added.
1055         (JSC::loadWasmContext):
1056         (JSC::storeWasmContext):
1057         * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
1058         * wasm/js/WebAssemblyFunction.cpp:
1059         (JSC::callWebAssemblyFunction):
1060         * wasm/js/WebAssemblyInstanceConstructor.h:
1061
1062 2017-03-24  JF Bastien  <jfbastien@apple.com>
1063
1064         WebAssembly: spec-tests/memory.wast.js fails in debug
1065         https://bugs.webkit.org/show_bug.cgi?id=169794
1066
1067         Reviewed by Keith Miller.
1068
1069         The failure was due to empty memories (with maximum size 0). Those
1070         only occur in tests and in code that's trying to trip us. This
1071         patch adds memory mode "none" which represents no memory. It can
1072         work with either bounds checked or signaling code because it never
1073         contains loads and stores.
1074
1075         The spec tests which were failing did the following:
1076             > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
1077             > (assert_return (invoke "memsize") (i32.const 0))
1078             > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
1079             > (assert_return (invoke "memsize") (i32.const 0))
1080             > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
1081             > (assert_return (invoke "memsize") (i32.const 1))
1082
1083         * wasm/WasmB3IRGenerator.cpp:
1084         (JSC::Wasm::B3IRGenerator::memoryKind):
1085         * wasm/WasmMemory.cpp:
1086         (JSC::Wasm::tryGetFastMemory):
1087         (JSC::Wasm::releaseFastMemory):
1088         (JSC::Wasm::Memory::Memory):
1089         (JSC::Wasm::Memory::createImpl):
1090         (JSC::Wasm::Memory::create):
1091         (JSC::Wasm::Memory::grow):
1092         (JSC::Wasm::Memory::makeString):
1093         * wasm/WasmMemory.h:
1094         * wasm/WasmMemoryInformation.cpp:
1095         (JSC::Wasm::MemoryInformation::MemoryInformation):
1096         * wasm/js/JSWebAssemblyCodeBlock.cpp:
1097         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1098         * wasm/js/JSWebAssemblyModule.cpp:
1099         (JSC::JSWebAssemblyModule::codeBlock):
1100         (JSC::JSWebAssemblyModule::finishCreation):
1101         * wasm/js/JSWebAssemblyModule.h:
1102         (JSC::JSWebAssemblyModule::codeBlock):
1103         (JSC::JSWebAssemblyModule::codeBlockFor):
1104
1105 2017-03-24  Mark Lam  <mark.lam@apple.com>
1106
1107         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
1108         https://bugs.webkit.org/show_bug.cgi?id=170064
1109         <rdar://problem/31246098>
1110
1111         Reviewed by Geoffrey Garen.
1112
1113         * runtime/ArrayPrototype.cpp:
1114         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1115         * runtime/JSArray.cpp:
1116         (JSC::JSArray::fastSlice):
1117
1118 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
1119
1120         [JSC] Use jsNontrivialString agressively for ToString(Int52)
1121         https://bugs.webkit.org/show_bug.cgi?id=170002
1122
1123         Reviewed by Sam Weinig.
1124
1125         We use the same logic used for Int32 to use jsNontvirialString.
1126         After single character check, produced string is always longer than 1.
1127         Thus, we can use jsNontrivialString.
1128
1129         * runtime/NumberPrototype.cpp:
1130         (JSC::int52ToString):
1131
1132 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
1133
1134         [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
1135         https://bugs.webkit.org/show_bug.cgi?id=170045
1136
1137         Reviewed by Mark Lam.
1138
1139         It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
1140         interval fluctuation. Use WeakRandom instead.
1141
1142         * runtime/SamplingProfiler.cpp:
1143         (JSC::SamplingProfiler::SamplingProfiler):
1144         (JSC::SamplingProfiler::timerLoop):
1145         * runtime/SamplingProfiler.h:
1146
1147 2017-03-23  Mark Lam  <mark.lam@apple.com>
1148
1149         Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
1150         https://bugs.webkit.org/show_bug.cgi?id=170025
1151         <rdar://problem/31228679>
1152
1153         Reviewed by Saam Barati.
1154
1155         * runtime/ArrayPrototype.cpp:
1156         (JSC::copySplicedArrayElements):
1157         (JSC::arrayProtoFuncSplice):
1158
1159 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
1160
1161         [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
1162         https://bugs.webkit.org/show_bug.cgi?id=169998
1163
1164         Reviewed by Saam Barati.
1165
1166         Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
1167         We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
1168         We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
1169
1170         This patch tighten the conditions of addShouldSpeculateAnyInt.
1171
1172         1. Honor DoubleConstant.
1173
1174         When executing imaging-darkroom, we have a thing like that,
1175
1176             132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
1177             1320:< 1:loc38>        Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
1178             1321:< 1:loc39>        Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
1179             133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
1180
1181         The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
1182         of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
1183         While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
1184         severe performance regression.
1185
1186         Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
1187
1188         One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
1189         We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
1190         the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
1191         it in Int52.
1192
1193         So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
1194         Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
1195
1196         2. Two Int52Rep(Double) conversions are not desirable.
1197
1198         We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
1199         decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
1200         rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
1201         cheap since only one Double to Int52 conversion could be required.
1202         This recovers some regression in assorted tests while keeping kraken crypto improvements.
1203
1204         3. Avoid frequent Int52 to JSValue conversions.
1205
1206         Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
1207         Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
1208         converting Int52, performing ArithAdd, and soon converting back to JSValue.
1209
1210         The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
1211         And still it keeps kraken crypto improvements.
1212
1213                                                    baseline                  patched
1214
1215         imaging-darkroom                       201.112+-3.192      ^     189.532+-2.883         ^ definitely 1.0611x faster
1216         stanford-crypto-pbkdf2                 103.953+-2.325            100.926+-2.396           might be 1.0300x faster
1217         stanford-crypto-sha256-iterative        35.103+-1.071      ?      36.049+-1.143         ? might be 1.0270x slower
1218
1219         * dfg/DFGGraph.h:
1220         (JSC::DFG::Graph::addShouldSpeculateAnyInt):
1221
1222 == Rolled over to ChangeLog-2017-03-23 ==