[JSC] JSON.stringify can accept call-with-no-arguments
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2
3         [JSC] JSON.stringify can accept call-with-no-arguments
4         https://bugs.webkit.org/show_bug.cgi?id=190343
5
6         Reviewed by Mark Lam.
7
8         JSON.stringify can accept `JSON.stringify()` call (call-with-no-arguments) according to the spec[1].
9         Instead of throwing an error, we should take the first argument as `undefined` if it is not given.
10
11         [1]: https://tc39.github.io/ecma262/#sec-json.stringify
12
13         * runtime/JSONObject.cpp:
14         (JSC::JSONProtoFuncStringify):
15
16 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
17
18         Gardening: Build fix after r237084.
19         https://bugs.webkit.org/show_bug.cgi?id=189708
20
21         Unreviewd.
22
23         * JavaScriptCore.xcodeproj/project.pbxproj:
24
25 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
26
27         Separate configuration extraction from offset extraction
28         https://bugs.webkit.org/show_bug.cgi?id=189708
29
30         Reviewed by Keith Miller.
31
32         Instead of generating a file with all offsets for every combination of
33         configurations, we first generate a file with only the configuration
34         indices and pass that to the offset extractor. The offset extractor then
35         only generates the offsets for valid configurations
36
37         * CMakeLists.txt:
38         * JavaScriptCore.xcodeproj/project.pbxproj:
39         * llint/LLIntOffsetsExtractor.cpp:
40         (JSC::LLIntOffsetsExtractor::dummy):
41         * llint/LLIntSettingsExtractor.cpp: Added.
42         (main):
43         * offlineasm/generate_offset_extractor.rb:
44         * offlineasm/generate_settings_extractor.rb: Added.
45         * offlineasm/offsets.rb:
46         * offlineasm/settings.rb:
47
48 2018-10-12  Ryan Haddad  <ryanhaddad@apple.com>
49
50         Unreviewed, rolling out r237063.
51
52         Caused layout test fast/dom/Window/window-postmessage-clone-
53         deep-array.html to fail on macOS and iOS Debug bots.
54
55         Reverted changeset:
56
57         "[JSC] Remove gcc warnings on mips and armv7"
58         https://bugs.webkit.org/show_bug.cgi?id=188598
59         https://trac.webkit.org/changeset/237063
60
61 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
62
63         [JSC] Remove gcc warnings on mips and armv7
64         https://bugs.webkit.org/show_bug.cgi?id=188598
65
66         Reviewed by Mark Lam.
67
68         Fix many gcc/clang warnings that are false positives, mostly alignment
69         issues.
70
71         * assembler/MacroAssemblerPrinter.cpp:
72         (JSC::Printer::printMemory):
73         Use bitwise_cast instead of reinterpret_cast.
74         * assembler/testmasm.cpp:
75         (JSC::floatOperands):
76         marked as potentially unused as it is not used on all platforms.
77         (JSC::testProbeModifiesStackValues):
78         modifiedFlags is not used on mips, so don't declare it.
79         * bytecode/CodeBlock.h:
80         Make ScriptExecutable::prepareForExecution() return an
81         std::optional<Exception*> instead of a JSObject*.
82         * interpreter/Interpreter.cpp:
83         (JSC::Interpreter::executeProgram):
84         (JSC::Interpreter::executeCall):
85         (JSC::Interpreter::executeConstruct):
86         (JSC::Interpreter::prepareForRepeatCall):
87         (JSC::Interpreter::execute):
88         (JSC::Interpreter::executeModuleProgram):
89         Update calling code for the prototype change of
90         ScriptExecutable::prepareForExecution().
91         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
92         * llint/LLIntSlowPaths.cpp:
93         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
94         * runtime/JSBigInt.cpp:
95         (JSC::JSBigInt::dataStorage):
96         Use bitwise_cast instead of reinterpret_cast.
97         * runtime/ScriptExecutable.cpp:
98         * runtime/ScriptExecutable.h:
99         Make ScriptExecutable::prepareForExecution() return an
100         std::optional<Exception*> instead of a JSObject*.
101         * tools/JSDollarVM.cpp:
102         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
103
104 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
105
106         Use currentStackPointer more
107         https://bugs.webkit.org/show_bug.cgi?id=190503
108
109         Reviewed by Saam Barati.
110
111         * runtime/VM.cpp:
112         (JSC::VM::committedStackByteCount):
113
114 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
115
116         [JSC] JSC should have "parseFunction" to optimize Function constructor
117         https://bugs.webkit.org/show_bug.cgi?id=190340
118
119         Reviewed by Mark Lam.
120
121         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
122         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
123         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
124         is really costly and ideally we should meet the above requirement by the one time parsing.
125
126         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
127         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
128         For example, if we run the code,
129
130             Function('/*', '*/){')
131
132         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
133         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
134         that, in our implementation, we first create the entire string.
135
136             function anonymous(/*) {
137                 */){
138             }
139
140         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
141         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
142         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
143         above example while we parse the entire function only once. And we do not need to create two strings too.
144
145         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
146         significantly sped up (28.2%).
147
148         Before:
149             uglify-js:  2.94 runs/s
150         After:
151             uglify-js:  3.77 runs/s
152
153         * bytecode/UnlinkedFunctionExecutable.cpp:
154         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
155         * bytecode/UnlinkedFunctionExecutable.h:
156         * parser/Parser.cpp:
157         (JSC::Parser<LexerType>::parseInner):
158         (JSC::Parser<LexerType>::parseSingleFunction):
159         (JSC::Parser<LexerType>::parseFunctionInfo):
160         (JSC::Parser<LexerType>::parseFunctionDeclaration):
161         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
162         (JSC::Parser<LexerType>::parseClass):
163         (JSC::Parser<LexerType>::parsePropertyMethod):
164         (JSC::Parser<LexerType>::parseGetterSetter):
165         (JSC::Parser<LexerType>::parseFunctionExpression):
166         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
167         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
168         * parser/Parser.h:
169         (JSC::Parser<LexerType>::parse):
170         (JSC::parse):
171         (JSC::parseFunctionForFunctionConstructor):
172         * parser/ParserModes.h:
173         * parser/ParserTokens.h:
174         (JSC::JSTextPosition::JSTextPosition):
175         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
176         * parser/SourceCodeKey.h:
177         (JSC::SourceCodeKey::SourceCodeKey):
178         (JSC::SourceCodeKey::operator== const):
179         * runtime/CodeCache.cpp:
180         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
181         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
182         * runtime/CodeCache.h:
183         * runtime/FunctionConstructor.cpp:
184         (JSC::constructFunctionSkippingEvalEnabledCheck):
185         * runtime/FunctionExecutable.cpp:
186         (JSC::FunctionExecutable::fromGlobalCode):
187         * runtime/FunctionExecutable.h:
188
189 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
190
191         Fix non-existent define `CPU(JSVALUE64)`
192         https://bugs.webkit.org/show_bug.cgi?id=190479
193
194         Reviewed by Yusuke Suzuki.
195
196         * jit/CCallHelpers.h:
197         (JSC::CCallHelpers::setupArgumentsImpl):
198         Correct CPU(JSVALUE64) to USE(JSVALUE64).
199
200 2018-10-11  Keith Rollin  <krollin@apple.com>
201
202         CURRENT_ARCH should not be used in Run Script phase.
203         https://bugs.webkit.org/show_bug.cgi?id=190407
204         <rdar://problem/45133556>
205
206         Reviewed by Alexey Proskuryakov.
207
208         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
209         CURRENT_ARCH is not well-defined during this phase (and may even have
210         the value "undefined") since this phase is run just once per build
211         rather than once per supported architecture. Migrate away from
212         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
213         performing an operation for each value, or by picking the first entry
214         in ARCHS and using that as a representative value.
215
216         * JavaScriptCore.xcodeproj/project.pbxproj: Store
217         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
218         rather than CURRENT_ARCH.
219
220 2018-10-10  Mark Lam  <mark.lam@apple.com>
221
222         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
223         https://bugs.webkit.org/show_bug.cgi?id=190405
224         <rdar://problem/45131464>
225
226         Reviewed by Michael Saboff.
227
228         The ASAN detect_stack_use_after_return option checks for use of stack variables
229         after they have been freed.  It does this by allocating relevant stack variables
230         in heap memory (instead of on the stack) if the code ever takes the address of
231         those stack variables.  Unfortunately, this is a common idiom that we use to
232         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
233         computed approximate stack pointer value will point into the heap instead of the
234         stack.  This breaks the VM's expectations and wreaks havoc.
235
236         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
237         taking the address of stack variables.
238
239         We also need to enhance ExceptionScopes to be able to work with ASAN
240         detect_stack_use_after_return which will allocated the scope in the heap.  We
241         work around this by passing the current stack pointer of the instantiating calling
242         frame into the scope constructor, and using that for the position check in
243         ~ThrowScope() instead.
244
245         The above is only a start towards enabling ASAN detect_stack_use_after_return on
246         the VM.  There are still other issues to be resolved before we can run with this
247         ASAN option.
248
249         * runtime/CatchScope.h:
250         * runtime/ExceptionEventLocation.h:
251         (JSC::ExceptionEventLocation::ExceptionEventLocation):
252         * runtime/ExceptionScope.h:
253         (JSC::ExceptionScope::stackPosition const):
254         * runtime/JSLock.cpp:
255         (JSC::JSLock::didAcquireLock):
256         * runtime/ThrowScope.cpp:
257         (JSC::ThrowScope::~ThrowScope):
258         * runtime/ThrowScope.h:
259         * runtime/VM.h:
260         (JSC::VM::needExceptionCheck const):
261         (JSC::VM::isSafeToRecurse const):
262         * wasm/js/WebAssemblyFunction.cpp:
263         (JSC::callWebAssemblyFunction):
264         * yarr/YarrPattern.cpp:
265         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
266
267 2018-10-10  Devin Rousso  <drousso@apple.com>
268
269         Web Inspector: create special Network waterfall for media events
270         https://bugs.webkit.org/show_bug.cgi?id=189773
271         <rdar://problem/44626605>
272
273         Reviewed by Joseph Pecoraro.
274
275         * inspector/protocol/DOM.json:
276         Add `didFireEvent` event that is fired when specific event listeners added by
277         `InspectorInstrumentation::addEventListenersToNode` are fired.
278
279 2018-10-10  Michael Saboff  <msaboff@apple.com>
280
281         Increase executable memory pool from 64MB to 128MB for ARM64
282         https://bugs.webkit.org/show_bug.cgi?id=190453
283
284         Reviewed by Saam Barati.
285
286         * jit/ExecutableAllocator.cpp:
287
288 2018-10-10  Devin Rousso  <drousso@apple.com>
289
290         Web Inspector: notify the frontend when a canvas has started recording via console.record
291         https://bugs.webkit.org/show_bug.cgi?id=190306
292
293         Reviewed by Brian Burg.
294
295         * inspector/protocol/Canvas.json:
296         Add `recordingStarted` event.
297
298         * inspector/protocol/Recording.json:
299         Add `Initiator` enum for determining who started the recording.
300
301 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
302
303         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
304         https://bugs.webkit.org/show_bug.cgi?id=190429
305
306         Reviewed by Saam Barati.
307
308         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
309         To make it explicit that these functions can fail, we rename these functions from createXXX
310         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
311         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
312         and it should return RefPtr<>.
313
314         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
315         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
316         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
317         RELEASE_ASSERT on the result of `tryCreate(...)`.
318
319         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
320
321         This change actually finds one place which does not perform any null checkings while it uses
322         `RefPtr<> create(...)` function.
323
324         * API/JSCallbackObjectFunctions.h:
325         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
326         (JSC::JSCallbackObject<Parent>::put):
327         (JSC::JSCallbackObject<Parent>::putByIndex):
328         (JSC::JSCallbackObject<Parent>::deleteProperty):
329         (JSC::JSCallbackObject<Parent>::callbackGetter):
330         * API/JSClassRef.h:
331         (StaticValueEntry::StaticValueEntry):
332         * API/JSContext.mm:
333         (-[JSContext evaluateScript:withSourceURL:]):
334         (-[JSContext setName:]):
335         * API/JSContextRef.cpp:
336         (JSGlobalContextCopyName):
337         (JSContextCreateBacktrace):
338         * API/JSObjectRef.cpp:
339         (JSObjectCopyPropertyNames):
340         * API/JSScriptRef.cpp:
341         * API/JSStringRef.cpp:
342         (JSStringCreateWithCharactersNoCopy):
343         * API/JSValue.mm:
344         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
345         (+[JSValue valueWithNewErrorFromMessage:inContext:]):
346         (+[JSValue valueWithNewSymbolFromDescription:inContext:]):
347         (performPropertyOperation):
348         (-[JSValue invokeMethod:withArguments:]):
349         (containerValueToObject):
350         (objectToValueWithoutCopy):
351         (objectToValue):
352         * API/JSValueRef.cpp:
353         (JSValueCreateJSONString):
354         (JSValueToStringCopy):
355         * API/OpaqueJSString.cpp:
356         (OpaqueJSString::tryCreate):
357         (OpaqueJSString::create): Deleted.
358         * API/OpaqueJSString.h:
359         * API/glib/JSCContext.cpp:
360         (evaluateScriptInContext):
361         * API/glib/JSCValue.cpp:
362         (jsc_value_new_string_from_bytes):
363         * ftl/FTLLazySlowPath.h:
364         (JSC::FTL::LazySlowPath::createGenerator):
365         * ftl/FTLLazySlowPathCall.h:
366         (JSC::FTL::createLazyCallGenerator):
367         * ftl/FTLOSRExit.cpp:
368         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
369         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
370         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
371         * ftl/FTLOSRExit.h:
372         * ftl/FTLPatchpointExceptionHandle.cpp:
373         (JSC::FTL::PatchpointExceptionHandle::create):
374         (JSC::FTL::PatchpointExceptionHandle::createHandle):
375         * ftl/FTLPatchpointExceptionHandle.h:
376         * heap/EdenGCActivityCallback.h:
377         (JSC::GCActivityCallback::tryCreateEdenTimer):
378         (JSC::GCActivityCallback::createEdenTimer): Deleted.
379         * heap/FullGCActivityCallback.h:
380         (JSC::GCActivityCallback::tryCreateFullTimer):
381         (JSC::GCActivityCallback::createFullTimer): Deleted.
382         * heap/GCActivityCallback.h:
383         * heap/Heap.cpp:
384         (JSC::Heap::Heap):
385         * inspector/AsyncStackTrace.cpp:
386         (Inspector::AsyncStackTrace::create):
387         * inspector/AsyncStackTrace.h:
388         * jsc.cpp:
389         (fillBufferWithContentsOfFile):
390         * runtime/ArrayBuffer.h:
391         * runtime/GenericTypedArrayView.h:
392         * runtime/GenericTypedArrayViewInlines.h:
393         (JSC::GenericTypedArrayView<Adaptor>::create):
394         (JSC::GenericTypedArrayView<Adaptor>::tryCreate):
395         (JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
396         (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized):
397         (JSC::GenericTypedArrayView<Adaptor>::subarray const):
398         * runtime/JSArrayBufferView.cpp:
399         (JSC::JSArrayBufferView::possiblySharedImpl):
400         * runtime/JSGenericTypedArrayViewInlines.h:
401         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
402         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
403         * wasm/WasmMemory.cpp:
404         (JSC::Wasm::Memory::create):
405         (JSC::Wasm::Memory::tryCreate):
406         * wasm/WasmMemory.h:
407         * wasm/WasmTable.cpp:
408         (JSC::Wasm::Table::tryCreate):
409         (JSC::Wasm::Table::create): Deleted.
410         * wasm/WasmTable.h:
411         * wasm/js/JSWebAssemblyInstance.cpp:
412         (JSC::JSWebAssemblyInstance::create):
413         * wasm/js/JSWebAssemblyMemory.cpp:
414         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
415         * wasm/js/WebAssemblyMemoryConstructor.cpp:
416         (JSC::constructJSWebAssemblyMemory):
417         * wasm/js/WebAssemblyModuleRecord.cpp:
418         (JSC::WebAssemblyModuleRecord::link):
419         * wasm/js/WebAssemblyTableConstructor.cpp:
420         (JSC::constructJSWebAssemblyTable):
421
422 2018-10-09  Devin Rousso  <drousso@apple.com>
423
424         Web Inspector: show redirect requests in Network and Timelines tabs
425         https://bugs.webkit.org/show_bug.cgi?id=150005
426         <rdar://problem/5378164>
427
428         Reviewed by Joseph Pecoraro.
429
430         * inspector/protocol/Network.json:
431         Add missing fields to `ResourceTiming`.
432
433 2018-10-09  Claudio Saavedra  <csaavedra@igalia.com>
434
435         [WPE] Explicitly link against gmodule where used
436         https://bugs.webkit.org/show_bug.cgi?id=190398
437
438         Reviewed by Michael Catanzaro.
439
440         * PlatformWPE.cmake:
441
442 2018-10-08  Justin Fan  <justin_fan@apple.com>
443
444         WebGPU: Rename old WebGPU prototype to WebMetal
445         https://bugs.webkit.org/show_bug.cgi?id=190325
446         <rdar://problem/44990443>
447
448         Reviewed by Dean Jackson.
449
450         Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface.
451
452         * Configurations/FeatureDefines.xcconfig:
453         * inspector/protocol/Canvas.json:
454         * inspector/scripts/codegen/generator.py:
455
456 2018-10-08  Aditya Keerthi  <akeerthi@apple.com>
457
458         Make <input type=color> a runtime enabled (on-by-default) feature
459         https://bugs.webkit.org/show_bug.cgi?id=189162
460
461         Reviewed by Wenson Hsieh and Tim Horton.
462
463         * Configurations/FeatureDefines.xcconfig:
464
465 2018-10-08  Devin Rousso  <drousso@apple.com>
466
467         Web Inspector: group media network entries by the node that triggered the request
468         https://bugs.webkit.org/show_bug.cgi?id=189606
469         <rdar://problem/44438527>
470
471         Reviewed by Brian Burg.
472
473         * inspector/protocol/Network.json:
474         Add an optional `nodeId` field to the `Initiator` object that is set it is possible to
475         determine which ancestor node triggered the load. It may not correspond directly to the node
476         with the href/src, as that url may only be used by an ancestor for loading.
477
478 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
479
480         [JSC][Linux] Use non-truncated name for JIT workers in Linux
481         https://bugs.webkit.org/show_bug.cgi?id=190339
482
483         Reviewed by Mark Lam.
484
485         The current thread names are meaningless in Linux environment. We do not want to
486         have truncated name in Linux: we want to have clear name in Linux. Instead, we
487         should have the name for Linux separately from the name used in the non-Linux
488         environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for
489         Linux environment.
490
491         * dfg/DFGWorklist.cpp:
492         (JSC::DFG::createWorklistName):
493         (JSC::DFG::Worklist::Worklist):
494         (JSC::DFG::Worklist::create):
495         (JSC::DFG::ensureGlobalDFGWorklist):
496         (JSC::DFG::ensureGlobalFTLWorklist):
497         * dfg/DFGWorklist.h:
498         * jit/JITWorklist.cpp:
499
500 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
501
502         Name Heap threads
503         https://bugs.webkit.org/show_bug.cgi?id=190337
504
505         Reviewed by Mark Lam.
506
507         Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since
508         Linux does not accept the name longer than 15. We do not want to use the short name
509         for non-Linux environment. And we want to have clear name in Linux: truncated name
510         is not good. So, having the two names is the only way.
511
512         * heap/HeapHelperPool.cpp:
513         (JSC::heapHelperPool):
514
515 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
516
517         [JSC] Avoid creating ProgramExecutable in checkSyntax
518         https://bugs.webkit.org/show_bug.cgi?id=190332
519
520         Reviewed by Mark Lam.
521
522         uglify-js in web-tooling-benchmark executes massive number of Function constructor calls.
523         In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax
524         is important when the performance of Function constructor matters. Current checkSyntax code
525         unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves
526         the benchmark score slightly.
527
528         Before:
529             uglify-js:  2.87 runs/s
530         After:
531             uglify-js:  2.94 runs/s
532
533         * runtime/Completion.cpp:
534         (JSC::checkSyntaxInternal):
535         (JSC::checkSyntax):
536         * runtime/ProgramExecutable.cpp:
537         (JSC::ProgramExecutable::checkSyntax): Deleted.
538         * runtime/ProgramExecutable.h:
539
540 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
541
542         [ESNext][BigInt] Implement support for "|"
543         https://bugs.webkit.org/show_bug.cgi?id=186229
544
545         Reviewed by Yusuke Suzuki.
546
547         This patch is introducing support for BigInt into bitwise "or" operator.
548         In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and
549         "ValueBitOr", to replace "BitOr" node. The idea is to follow the
550         difference that we make on Arith<op> and Value<op>, where ArithBitOr
551         handles cases when the operands are Int32 and ValueBitOr handles
552         the remaining cases.
553
554         We are also changing op_bitor to use ValueProfile. We are using
555         ValueProfile during DFG generation to emit "ArithBitOr" when
556         outcome prediction is Int32.
557
558         * bytecode/CodeBlock.cpp:
559         (JSC::CodeBlock::finishCreation):
560         (JSC::CodeBlock::arithProfileForPC):
561         * bytecompiler/BytecodeGenerator.cpp:
562         (JSC::BytecodeGenerator::emitBinaryOp):
563         * dfg/DFGAbstractInterpreterInlines.h:
564         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
565         * dfg/DFGBackwardsPropagationPhase.cpp:
566         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
567         (JSC::DFG::BackwardsPropagationPhase::propagate):
568         * dfg/DFGByteCodeParser.cpp:
569         (JSC::DFG::ByteCodeParser::parseBlock):
570         * dfg/DFGClobberize.h:
571         (JSC::DFG::clobberize):
572         * dfg/DFGDoesGC.cpp:
573         (JSC::DFG::doesGC):
574         * dfg/DFGFixupPhase.cpp:
575         (JSC::DFG::FixupPhase::fixupNode):
576         * dfg/DFGNodeType.h:
577         * dfg/DFGOperations.cpp:
578         (JSC::DFG::bitwiseOp):
579         * dfg/DFGOperations.h:
580         * dfg/DFGPredictionPropagationPhase.cpp:
581         * dfg/DFGSafeToExecute.h:
582         (JSC::DFG::safeToExecute):
583         * dfg/DFGSpeculativeJIT.cpp:
584         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
585         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
586         * dfg/DFGSpeculativeJIT.h:
587         (JSC::DFG::SpeculativeJIT::bitOp):
588         * dfg/DFGSpeculativeJIT32_64.cpp:
589         (JSC::DFG::SpeculativeJIT::compile):
590         * dfg/DFGSpeculativeJIT64.cpp:
591         (JSC::DFG::SpeculativeJIT::compile):
592         * dfg/DFGStrengthReductionPhase.cpp:
593         (JSC::DFG::StrengthReductionPhase::handleNode):
594         * ftl/FTLCapabilities.cpp:
595         (JSC::FTL::canCompile):
596         * ftl/FTLLowerDFGToB3.cpp:
597         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
598         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
599         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr):
600         (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted.
601         * jit/JITArithmetic.cpp:
602         (JSC::JIT::emit_op_bitor):
603         * llint/LowLevelInterpreter32_64.asm:
604         * llint/LowLevelInterpreter64.asm:
605         * runtime/CommonSlowPaths.cpp:
606         (JSC::SLOW_PATH_DECL):
607         * runtime/JSBigInt.cpp:
608         (JSC::JSBigInt::bitwiseAnd):
609         (JSC::JSBigInt::bitwiseOr):
610         (JSC::JSBigInt::absoluteBitwiseOp):
611         (JSC::JSBigInt::absoluteAddOne):
612         * runtime/JSBigInt.h:
613
614 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
615
616         [JSC] Use new extra memory reporting in SparseArrayMap
617         https://bugs.webkit.org/show_bug.cgi?id=190278
618
619         Reviewed by Keith Miller.
620
621         This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory
622         to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap.
623
624         * runtime/SparseArrayValueMap.cpp:
625         (JSC::SparseArrayValueMap::add):
626         (JSC::SparseArrayValueMap::visitChildren):
627
628 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
629
630         [JSC][Linux] Support Perf JITDump logging
631         https://bugs.webkit.org/show_bug.cgi?id=189893
632
633         Reviewed by Mark Lam.
634
635         This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information.
636         We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory.
637         By using this dump and perf.data output, we can annotate JIT code with profiling information.
638
639             $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js
640             $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true
641             [ perf record: Woken up 1 times to write data ]
642             [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ]
643             $ perf inject --jit -i perf.data -o perf.jit.data
644             $ perf report -i perf.jit.data
645
646         * Sources.txt:
647         * assembler/LinkBuffer.cpp:
648         (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
649         * assembler/LinkBuffer.h:
650         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
651         * assembler/PerfLog.cpp: Added.
652         (JSC::PerfLog::singleton):
653         (JSC::generateTimestamp):
654         (JSC::getCurrentThreadID):
655         (JSC::PerfLog::PerfLog):
656         (JSC::PerfLog::write):
657         (JSC::PerfLog::flush):
658         (JSC::PerfLog::log):
659         * assembler/PerfLog.h: Added.
660         * jit/ExecutableAllocator.cpp:
661         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
662         * runtime/Options.cpp:
663         (JSC::Options::isAvailable):
664         * runtime/Options.h:
665
666 2018-10-05  Mark Lam  <mark.lam@apple.com>
667
668         Gardening: Build fix after r236880.
669         https://bugs.webkit.org/show_bug.cgi?id=190317
670
671         Unreviewed.
672
673         * jit/ExecutableAllocator.h:
674
675 2018-10-05  Mark Lam  <mark.lam@apple.com>
676
677         performJITMemcpy() should handle the case when the executable allocator is not initialized yet.
678         https://bugs.webkit.org/show_bug.cgi?id=190317
679         <rdar://problem/45039398>
680
681         Reviewed by Saam Barati.
682
683         When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy()
684         to copy memory before the JIT fixed memory pool is initialize.  Before r236864,
685         performJITMemcpy() would just do a memcpy in that case.  We need to restore the
686         equivalent behavior.
687
688         * jit/ExecutableAllocator.cpp:
689         (JSC::isJITPC):
690         * jit/ExecutableAllocator.h:
691         (JSC::performJITMemcpy):
692
693 2018-10-05  Carlos Eduardo Ramalho  <cadubentzen@gmail.com>
694
695         [WPE][JSC] Use Unified Sources for Platform-specific sources
696         https://bugs.webkit.org/show_bug.cgi?id=190300
697
698         Reviewed by Yusuke Suzuki.
699
700         Currently the GTK port already used Unified Sources with the same source files.
701         As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES
702         to the list of libraries to link with.
703
704         * PlatformWPE.cmake:
705         * SourcesWPE.txt: Added.
706         * shell/PlatformWPE.cmake:
707
708 2018-10-05  Mike Gorse  <mgorse@alum.wpi.edu>
709
710         [GTK] build fails with python 3 if LANG and LC_TYPE are unset
711         https://bugs.webkit.org/show_bug.cgi?id=190258
712
713         Reviewed by Konstantin Tokarev.
714
715         * Scripts/cssmin.py: Set stdout to UTF-8 on python 3.
716         * Scripts/generateIntlCanonicalizeLanguage.py: Open files with
717           encoding=UTF-8 on Python 3.
718         * yarr/generateYarrCanonicalizeUnicode: Ditto.
719         * yarr/generateYarrUnicodePropertyTables.py: Ditto.
720
721 2018-10-04  Mark Lam  <mark.lam@apple.com>
722
723         Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object.
724         https://bugs.webkit.org/show_bug.cgi?id=190295
725         <rdar://problem/19197193>
726
727         Reviewed by Saam Barati.
728
729         This allows us to use the tagging logic already baked into MacroAssemblerCodePtr
730         instead of needing to use our own custom version here.
731
732         * jit/ExecutableAllocator.cpp:
733         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
734         (JSC::FixedVMPoolExecutableAllocator::memoryStart):
735         (JSC::FixedVMPoolExecutableAllocator::memoryEnd):
736         (JSC::FixedVMPoolExecutableAllocator::isJITPC):
737         (JSC::ExecutableAllocator::allocate):
738         (JSC::startOfFixedExecutableMemoryPoolImpl):
739         (JSC::endOfFixedExecutableMemoryPoolImpl):
740         (JSC::isJITPC):
741         * jit/ExecutableAllocator.h:
742
743 2018-10-04  Mark Lam  <mark.lam@apple.com>
744
745         Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled.
746         https://bugs.webkit.org/show_bug.cgi?id=190283
747         <rdar://problem/45015752>
748
749         Reviewed by Keith Miller.
750
751         * runtime/Options.cpp:
752         (JSC::Options::initialize):
753         * wasm/WasmFaultSignalHandler.cpp:
754         (JSC::Wasm::enableFastMemory):
755
756 2018-10-03  Ross Kirsling  <ross.kirsling@sony.com>
757
758         [JSC] print() changes CRLF to CRCRLF on Windows
759         https://bugs.webkit.org/show_bug.cgi?id=190228
760
761         Reviewed by Mark Lam.
762
763         * jsc.cpp:
764         (main):
765         Ultimately, this is just the normal behavior of printf in text mode on Windows.
766         Since we're reading in files as binary, we need to be printing out as binary too
767         (just as we do in DumpRenderTree and ImageDiff.)
768
769 2018-10-03  Saam barati  <sbarati@apple.com>
770
771         lowXYZ in FTLLower should always filter the type of the incoming edge
772         https://bugs.webkit.org/show_bug.cgi?id=189939
773         <rdar://problem/44407030>
774
775         Reviewed by Michael Saboff.
776
777         For example, the FTL may know more about data flow than AI in certain programs,
778         and it needs to inform AI of these data flow properties to appease the assertion
779         we have in AI that a node must perform type checks on its child nodes.
780         
781         For example, consider this program:
782         
783         ```
784         bb#1
785         a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
786         Branch(...,  #2, #3)
787         
788         bb#2
789         ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
790         Jump(#3)
791         
792         bb#3
793         c: Add(Int32:@something, Int32:@a)
794         ```
795         
796         When the Add node does lowInt32() for @a, FTL lower used to just grab it
797         from the int32 hash table without filtering the AbstractValue. However,
798         the parent node is asking for a type check to happen, so we must inform
799         AI of this "type check" if we want to appease the assertion that all nodes
800         perform type checks for their edges that semantically perform type checks.
801         This patch makes it so we filter the AbstractValue in the lowXYZ even
802         if FTLLower proved the value must be XYZ.
803
804         * ftl/FTLLowerDFGToB3.cpp:
805         (JSC::FTL::DFG::LowerDFGToB3::compilePhi):
806         (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
807         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
808         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
809         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
810
811 2018-10-03  Michael Saboff  <msaboff@apple.com>
812
813         Command line jsc should report memory footprint in bytes
814         https://bugs.webkit.org/show_bug.cgi?id=190267
815
816         Reviewed by Mark Lam.
817
818         Change to leave the footprint values from the system unmodified.
819
820         * jsc.cpp:
821         (JSCMemoryFootprint::finishCreation):
822
823 2018-10-03  Mark Lam  <mark.lam@apple.com>
824
825         Suppress unreachable code warning for LLIntAssembly.h code.
826         https://bugs.webkit.org/show_bug.cgi?id=190263
827         <rdar://problem/44986532>
828
829         Reviewed by Saam Barati.
830
831         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
832         asm files, and may contain dead code which are harmless, but will trip up the warning.
833         We should suppress the warning so that it doesn't break builds.
834
835         * llint/LowLevelInterpreter.cpp:
836         (JSC::CLoop::execute):
837
838 2018-10-03  Dan Bernstein  <mitz@apple.com>
839
840         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
841         https://bugs.webkit.org/show_bug.cgi?id=190250
842
843         Reviewed by Alex Christensen.
844
845         * API/tests/Regress141275.mm:
846         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
847           by making the self-retaining explicit.
848
849         * API/tests/testapi.cpp:
850         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
851           loop instead of returning from the lambda.
852
853         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
854           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
855           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
856
857         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
858           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
859
860         * assembler/MacroAssemblerPrinter.cpp:
861         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
862           some commas with semicolons.
863
864 2018-10-03  Mark Lam  <mark.lam@apple.com>
865
866         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
867         https://bugs.webkit.org/show_bug.cgi?id=190187
868         <rdar://problem/42512909>
869
870         Reviewed by Michael Saboff.
871
872         Allowing different max string lengths at each level opens up opportunities for
873         bugs to creep in.  With 2 different max length values, it is more difficult to
874         keep the story straight on how we do overflow / bounds checks at each place in
875         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
876         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
877         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
878         standardize on a MaxLength of INT_MAX at all levels.
879
880         We'll also standardize the way we do length overflow checks on using
881         CheckedArithmetic, and add some asserts to document the assumptions of the code.
882
883         * runtime/FunctionConstructor.cpp:
884         (JSC::constructFunctionSkippingEvalEnabledCheck):
885         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
886         * runtime/JSString.h:
887         (JSC::JSString::finishCreation):
888         (JSC::JSString::createHasOtherOwner):
889         (JSC::JSString::setLength):
890         * runtime/JSStringInlines.h:
891         (JSC::jsMakeNontrivialString):
892         * runtime/Operations.h:
893         (JSC::jsString):
894
895 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
896
897         [JSC] Add a C++ callable overload of objectConstructorSeal
898         https://bugs.webkit.org/show_bug.cgi?id=190137
899
900         Reviewed by Yusuke Suzuki.
901
902         * runtime/ObjectConstructor.cpp:
903         * runtime/ObjectConstructor.h:
904
905 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
906
907         Fix Disassembler-output on ARM Thumb2
908         https://bugs.webkit.org/show_bug.cgi?id=190203
909
910         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
911         execution in thumb mode for jumps and calls. The actual machine
912         instructions are still aligned to 2-bytes though. Use dataLocation() as
913         start address for disassembling since it unsets the thumb bit.
914         Until now the disassembler would start at the wrong address (off by 1),
915         resulting in the wrong disassembled machine instructions.
916
917         Reviewed by Mark Lam.
918
919         * disassembler/CapstoneDisassembler.cpp:
920         (JSC::tryToDisassemble):
921
922 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
923
924         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
925         https://bugs.webkit.org/show_bug.cgi?id=190215
926
927         Reviewed by Mark Lam.
928
929         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
930         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
931         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
932         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
933         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
934
935         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
936         non-JIT configurations. This does not have any functionality allocating executable memory, thus
937         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
938
939         * jit/ExecutableAllocator.cpp:
940         (JSC::ExecutableAllocator::initializeAllocator):
941         (JSC::ExecutableAllocator::singleton):
942         * jit/ExecutableAllocator.h:
943         (JSC::ExecutableAllocator::isValid const):
944         (JSC::ExecutableAllocator::underMemoryPressure):
945         (JSC::ExecutableAllocator::memoryPressureMultiplier):
946         (JSC::ExecutableAllocator::dumpProfile):
947         (JSC::ExecutableAllocator::allocate):
948         (JSC::ExecutableAllocator::isValidExecutableMemory):
949         (JSC::ExecutableAllocator::committedByteCount):
950         (JSC::ExecutableAllocator::getLock const):
951         (JSC::performJITMemcpy):
952
953 2018-10-01  Dean Jackson  <dino@apple.com>
954
955         Remove CSS Animation Triggers
956         https://bugs.webkit.org/show_bug.cgi?id=190175
957         <rdar://problem/44925626>
958
959         Reviewed by Simon Fraser.
960
961         * Configurations/FeatureDefines.xcconfig:
962
963 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
964
965         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
966         https://bugs.webkit.org/show_bug.cgi?id=190033
967
968         Reviewed by Yusuke Suzuki.
969
970         The implementation of JSBigInt::toStringToGeneric doesn't handle power
971         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
972         implemented JSBigInt::toStringBasePowerOfTwo that follows the
973         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
974         digit.
975
976         * runtime/JSBigInt.cpp:
977         (JSC::JSBigInt::toString):
978         (JSC::JSBigInt::toStringBasePowerOfTwo):
979         * runtime/JSBigInt.h:
980
981 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
982
983         [JSC] Add branchIfNaN and branchIfNotNaN
984         https://bugs.webkit.org/show_bug.cgi?id=190122
985
986         Reviewed by Mark Lam.
987
988         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
989
990         * dfg/DFGSpeculativeJIT.cpp:
991         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
992         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
993         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
994         (JSC::DFG::SpeculativeJIT::compileSpread):
995         (JSC::DFG::SpeculativeJIT::compileNewArray):
996         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
997         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
998         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
999         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
1000         * dfg/DFGSpeculativeJIT32_64.cpp:
1001         (JSC::DFG::SpeculativeJIT::compile):
1002         * dfg/DFGSpeculativeJIT64.cpp:
1003         (JSC::DFG::SpeculativeJIT::compile):
1004         * jit/AssemblyHelpers.cpp:
1005         (JSC::AssemblyHelpers::purifyNaN):
1006         * jit/AssemblyHelpers.h:
1007         (JSC::AssemblyHelpers::branchIfNaN):
1008         (JSC::AssemblyHelpers::branchIfNotNaN):
1009         * jit/JITPropertyAccess.cpp:
1010         (JSC::JIT::emitGenericContiguousPutByVal):
1011         (JSC::JIT::emitDoubleLoad):
1012         (JSC::JIT::emitFloatTypedArrayGetByVal):
1013         * jit/JITPropertyAccess32_64.cpp:
1014         (JSC::JIT::emitGenericContiguousPutByVal):
1015         * wasm/js/JSToWasm.cpp:
1016         (JSC::Wasm::createJSToWasmWrapper):
1017
1018 2018-10-01  Mark Lam  <mark.lam@apple.com>
1019
1020         Function.toString() should also copy the source code Functions that are class definitions.
1021         https://bugs.webkit.org/show_bug.cgi?id=190186
1022         <rdar://problem/44733360>
1023
1024         Reviewed by Saam Barati.
1025
1026         Previously, if the Function is a class definition, functionProtoFuncToString()
1027         would create a String using StringView::toStringWithoutCopying(), and use that
1028         String to make a JSString.  This is not a problem if the underlying SourceProvider
1029         (that backs the characters in that StringView) is immortal.  However, this is
1030         not always the case in practice.
1031
1032         This patch fixes this issue by changing functionProtoFuncToString() to create the
1033         String using StringView::toString() instead, which makes a copy of the underlying
1034         characters buffer.  This detaches the resultant JSString from the SourceProvider
1035         characters buffer that it was created from, and ensure that the underlying
1036         characters buffer of the string will be alive for the entire lifetime of the
1037         JSString.
1038
1039         * runtime/FunctionPrototype.cpp:
1040         (JSC::functionProtoFuncToString):
1041
1042 2018-10-01  Keith Miller  <keith_miller@apple.com>
1043
1044         Create a RELEASE_AND_RETURN macro for ExceptionScopes
1045         https://bugs.webkit.org/show_bug.cgi?id=190163
1046
1047         Reviewed by Mark Lam.
1048
1049         The new RELEASE_AND_RETURN does all the work for cases
1050         where you want to return the result of some expression
1051         without explicitly checking for an exception. This is
1052         much like the existing RETURN_IF_EXCEPTION macro.
1053
1054         * dfg/DFGOperations.cpp:
1055         (JSC::DFG::newTypedArrayWithSize):
1056         * interpreter/Interpreter.cpp:
1057         (JSC::eval):
1058         * jit/JITOperations.cpp:
1059         (JSC::getByVal):
1060         * jsc.cpp:
1061         (functionDollarAgentReceiveBroadcast):
1062         * llint/LLIntSlowPaths.cpp:
1063         (JSC::LLInt::setUpCall):
1064         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1065         (JSC::LLInt::varargsSetup):
1066         * profiler/ProfilerDatabase.cpp:
1067         (JSC::Profiler::Database::toJSON const):
1068         * runtime/AbstractModuleRecord.cpp:
1069         (JSC::AbstractModuleRecord::hostResolveImportedModule):
1070         * runtime/ArrayConstructor.cpp:
1071         (JSC::constructArrayWithSizeQuirk):
1072         * runtime/ArrayPrototype.cpp:
1073         (JSC::getProperty):
1074         (JSC::fastJoin):
1075         (JSC::arrayProtoFuncToString):
1076         (JSC::arrayProtoFuncToLocaleString):
1077         (JSC::arrayProtoFuncJoin):
1078         (JSC::arrayProtoFuncPop):
1079         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1080         * runtime/BigIntConstructor.cpp:
1081         (JSC::toBigInt):
1082         * runtime/CommonSlowPaths.h:
1083         (JSC::CommonSlowPaths::opInByVal):
1084         * runtime/ConstructData.cpp:
1085         (JSC::construct):
1086         * runtime/DateConstructor.cpp:
1087         (JSC::dateParse):
1088         * runtime/DatePrototype.cpp:
1089         (JSC::dateProtoFuncToPrimitiveSymbol):
1090         * runtime/DirectArguments.h:
1091         * runtime/ErrorConstructor.cpp:
1092         (JSC::Interpreter::constructWithErrorConstructor):
1093         * runtime/ErrorPrototype.cpp:
1094         (JSC::errorProtoFuncToString):
1095         * runtime/ExceptionScope.h:
1096         * runtime/FunctionConstructor.cpp:
1097         (JSC::constructFunction):
1098         * runtime/FunctionPrototype.cpp:
1099         (JSC::functionProtoFuncToString):
1100         * runtime/GenericArgumentsInlines.h:
1101         (JSC::GenericArguments<Type>::defineOwnProperty):
1102         * runtime/GetterSetter.cpp:
1103         (JSC::callGetter):
1104         * runtime/IntlCollatorConstructor.cpp:
1105         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1106         * runtime/IntlCollatorPrototype.cpp:
1107         (JSC::IntlCollatorFuncCompare):
1108         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
1109         * runtime/IntlDateTimeFormatConstructor.cpp:
1110         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1111         * runtime/IntlDateTimeFormatPrototype.cpp:
1112         (JSC::IntlDateTimeFormatFuncFormatDateTime):
1113         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
1114         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
1115         * runtime/IntlNumberFormatConstructor.cpp:
1116         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1117         * runtime/IntlNumberFormatPrototype.cpp:
1118         (JSC::IntlNumberFormatFuncFormatNumber):
1119         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
1120         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
1121         * runtime/IntlObject.cpp:
1122         (JSC::intlNumberOption):
1123         * runtime/IntlObjectInlines.h:
1124         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
1125         * runtime/IntlPluralRules.cpp:
1126         (JSC::IntlPluralRules::resolvedOptions):
1127         * runtime/IntlPluralRulesConstructor.cpp:
1128         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
1129         * runtime/IntlPluralRulesPrototype.cpp:
1130         (JSC::IntlPluralRulesPrototypeFuncSelect):
1131         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
1132         * runtime/JSArray.cpp:
1133         (JSC::JSArray::defineOwnProperty):
1134         (JSC::JSArray::put):
1135         (JSC::JSArray::setLength):
1136         (JSC::JSArray::unshiftCountWithAnyIndexingType):
1137         * runtime/JSArrayBufferPrototype.cpp:
1138         (JSC::arrayBufferProtoGetterFuncByteLength):
1139         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
1140         * runtime/JSArrayInlines.h:
1141         (JSC::toLength):
1142         * runtime/JSBoundFunction.cpp:
1143         (JSC::boundFunctionCall):
1144         (JSC::boundFunctionConstruct):
1145         * runtime/JSCJSValue.cpp:
1146         (JSC::JSValue::putToPrimitive):
1147         * runtime/JSCJSValueInlines.h:
1148         (JSC::JSValue::toIndex const):
1149         (JSC::JSValue::toPropertyKey const):
1150         (JSC::JSValue::get const):
1151         (JSC::JSValue::getPropertySlot const):
1152         (JSC::JSValue::getOwnPropertySlot const):
1153         (JSC::JSValue::equalSlowCaseInline):
1154         * runtime/JSDataView.cpp:
1155         (JSC::JSDataView::put):
1156         (JSC::JSDataView::defineOwnProperty):
1157         * runtime/JSFunction.cpp:
1158         (JSC::JSFunction::put):
1159         (JSC::JSFunction::defineOwnProperty):
1160         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1161         (JSC::constructGenericTypedArrayViewWithArguments):
1162         (JSC::constructGenericTypedArrayView):
1163         * runtime/JSGenericTypedArrayViewInlines.h:
1164         (JSC::JSGenericTypedArrayView<Adaptor>::set):
1165         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1166         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1167         (JSC::speciesConstruct):
1168         (JSC::genericTypedArrayViewProtoFuncJoin):
1169         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1170         * runtime/JSGlobalObject.cpp:
1171         (JSC::JSGlobalObject::put):
1172         * runtime/JSGlobalObjectFunctions.cpp:
1173         (JSC::decode):
1174         (JSC::globalFuncEval):
1175         (JSC::globalFuncProtoGetter):
1176         * runtime/JSInternalPromise.cpp:
1177         (JSC::JSInternalPromise::then):
1178         * runtime/JSModuleEnvironment.cpp:
1179         (JSC::JSModuleEnvironment::put):
1180         * runtime/JSModuleLoader.cpp:
1181         (JSC::JSModuleLoader::provideFetch):
1182         (JSC::JSModuleLoader::loadAndEvaluateModule):
1183         (JSC::JSModuleLoader::loadModule):
1184         (JSC::JSModuleLoader::linkAndEvaluateModule):
1185         (JSC::JSModuleLoader::requestImportModule):
1186         (JSC::JSModuleLoader::getModuleNamespaceObject):
1187         (JSC::moduleLoaderRequestedModules):
1188         * runtime/JSONObject.cpp:
1189         (JSC::Stringifier::stringify):
1190         (JSC::Stringifier::toJSON):
1191         (JSC::Walker::walk):
1192         (JSC::JSONProtoFuncStringify):
1193         * runtime/JSObject.cpp:
1194         (JSC::ordinarySetSlow):
1195         (JSC::JSObject::putInlineSlow):
1196         (JSC::JSObject::toPrimitive const):
1197         (JSC::JSObject::hasInstance):
1198         (JSC::JSObject::toNumber const):
1199         (JSC::JSObject::defineOwnIndexedProperty):
1200         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
1201         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
1202         (JSC::JSObject::defineOwnNonIndexProperty):
1203         * runtime/JSObject.h:
1204         (JSC::JSObject::get const):
1205         * runtime/JSObjectInlines.h:
1206         (JSC::JSObject::getPropertySlot const):
1207         (JSC::JSObject::putInlineForJSObject):
1208         * runtime/MapConstructor.cpp:
1209         (JSC::constructMap):
1210         * runtime/NativeErrorConstructor.cpp:
1211         (JSC::Interpreter::constructWithNativeErrorConstructor):
1212         * runtime/ObjectConstructor.cpp:
1213         (JSC::constructObject):
1214         (JSC::objectConstructorGetPrototypeOf):
1215         (JSC::objectConstructorGetOwnPropertyDescriptor):
1216         (JSC::objectConstructorGetOwnPropertyDescriptors):
1217         (JSC::objectConstructorGetOwnPropertyNames):
1218         (JSC::objectConstructorGetOwnPropertySymbols):
1219         (JSC::objectConstructorKeys):
1220         (JSC::objectConstructorDefineProperty):
1221         (JSC::objectConstructorDefineProperties):
1222         (JSC::objectConstructorCreate):
1223         * runtime/ObjectPrototype.cpp:
1224         (JSC::objectProtoFuncToLocaleString):
1225         (JSC::objectProtoFuncToString):
1226         * runtime/Operations.cpp:
1227         (JSC::jsAddSlowCase):
1228         * runtime/Operations.h:
1229         (JSC::jsString):
1230         (JSC::jsLess):
1231         (JSC::jsLessEq):
1232         * runtime/ParseInt.h:
1233         (JSC::toStringView):
1234         * runtime/ProxyConstructor.cpp:
1235         (JSC::constructProxyObject):
1236         * runtime/ProxyObject.cpp:
1237         (JSC::ProxyObject::toStringName):
1238         (JSC::performProxyGet):
1239         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
1240         (JSC::ProxyObject::performHasProperty):
1241         (JSC::ProxyObject::getOwnPropertySlotCommon):
1242         (JSC::ProxyObject::performPut):
1243         (JSC::ProxyObject::putByIndexCommon):
1244         (JSC::performProxyCall):
1245         (JSC::performProxyConstruct):
1246         (JSC::ProxyObject::performDelete):
1247         (JSC::ProxyObject::performPreventExtensions):
1248         (JSC::ProxyObject::performIsExtensible):
1249         (JSC::ProxyObject::performDefineOwnProperty):
1250         (JSC::ProxyObject::performSetPrototype):
1251         (JSC::ProxyObject::performGetPrototype):
1252         * runtime/ReflectObject.cpp:
1253         (JSC::reflectObjectConstruct):
1254         (JSC::reflectObjectDefineProperty):
1255         (JSC::reflectObjectGet):
1256         (JSC::reflectObjectGetOwnPropertyDescriptor):
1257         (JSC::reflectObjectGetPrototypeOf):
1258         (JSC::reflectObjectOwnKeys):
1259         (JSC::reflectObjectSet):
1260         * runtime/RegExpConstructor.cpp:
1261         (JSC::constructRegExp):
1262         * runtime/RegExpObject.cpp:
1263         (JSC::RegExpObject::defineOwnProperty):
1264         (JSC::RegExpObject::matchGlobal):
1265         * runtime/RegExpPrototype.cpp:
1266         (JSC::regExpProtoFuncTestFast):
1267         (JSC::regExpProtoFuncExec):
1268         (JSC::regExpProtoFuncToString):
1269         * runtime/ScriptExecutable.cpp:
1270         (JSC::ScriptExecutable::newCodeBlockFor):
1271         * runtime/SetConstructor.cpp:
1272         (JSC::constructSet):
1273         * runtime/SparseArrayValueMap.cpp:
1274         (JSC::SparseArrayValueMap::putEntry):
1275         (JSC::SparseArrayEntry::put):
1276         * runtime/StringConstructor.cpp:
1277         (JSC::stringFromCharCode):
1278         (JSC::stringFromCodePoint):
1279         * runtime/StringObject.cpp:
1280         (JSC::StringObject::put):
1281         (JSC::StringObject::putByIndex):
1282         (JSC::StringObject::defineOwnProperty):
1283         * runtime/StringPrototype.cpp:
1284         (JSC::jsSpliceSubstrings):
1285         (JSC::jsSpliceSubstringsWithSeparators):
1286         (JSC::removeUsingRegExpSearch):
1287         (JSC::replaceUsingRegExpSearch):
1288         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
1289         (JSC::replaceUsingStringSearch):
1290         (JSC::repeatCharacter):
1291         (JSC::replace):
1292         (JSC::stringProtoFuncReplaceUsingRegExp):
1293         (JSC::stringProtoFuncReplaceUsingStringSearch):
1294         (JSC::stringProtoFuncSplitFast):
1295         (JSC::stringProtoFuncToLowerCase):
1296         (JSC::stringProtoFuncToUpperCase):
1297         (JSC::toLocaleCase):
1298         (JSC::trimString):
1299         (JSC::stringProtoFuncIncludes):
1300         (JSC::builtinStringIncludesInternal):
1301         (JSC::normalize):
1302         (JSC::stringProtoFuncNormalize):
1303         * runtime/SymbolPrototype.cpp:
1304         (JSC::symbolProtoFuncToString):
1305         (JSC::symbolProtoFuncValueOf):
1306         * tools/JSDollarVM.cpp:
1307         (WTF::functionWasmStreamingParserAddBytes):
1308         (JSC::functionGetPrivateProperty):
1309         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1310         (JSC::constructJSWebAssemblyCompileError):
1311         * wasm/js/WebAssemblyModuleConstructor.cpp:
1312         (JSC::constructJSWebAssemblyModule):
1313         (JSC::WebAssemblyModuleConstructor::createModule):
1314         * wasm/js/WebAssemblyTableConstructor.cpp:
1315         (JSC::constructJSWebAssemblyTable):
1316         * wasm/js/WebAssemblyWrapperFunction.cpp:
1317         (JSC::callWebAssemblyWrapperFunction):
1318
1319 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
1320
1321         [JSC] Add a JSONStringify overload that receives a JSValue space
1322         https://bugs.webkit.org/show_bug.cgi?id=190131
1323
1324         Reviewed by Yusuke Suzuki.
1325
1326         * runtime/JSONObject.cpp:
1327         * runtime/JSONObject.h:
1328
1329 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1330
1331         Unreviewed, rolling out r236647.
1332         https://bugs.webkit.org/show_bug.cgi?id=190124
1333
1334         Breaking test stress/big-int-to-string.js (Requested by
1335         caiolima_ on #webkit).
1336
1337         Reverted changeset:
1338
1339         "[BigInt] BigInt.proptotype.toString is broken when radix is
1340         power of 2"
1341         https://bugs.webkit.org/show_bug.cgi?id=190033
1342         https://trac.webkit.org/changeset/236647
1343
1344 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1345
1346         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
1347         https://bugs.webkit.org/show_bug.cgi?id=189498
1348
1349         Reviewed by Saam Barati.
1350
1351         To call JS-to-Wasm code we need to convert the result value from wasm function to
1352         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
1353         over signature.returnType(). But since we know the value of `signature.returnType()`
1354         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
1355         and remove this switch from callWebAssemblyFunction.
1356
1357         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
1358         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
1359         we add an implementation for that.
1360
1361         * jit/AssemblyHelpers.h:
1362         (JSC::AssemblyHelpers::boxDouble):
1363         * wasm/js/JSToWasm.cpp:
1364         (JSC::Wasm::createJSToWasmWrapper):
1365         * wasm/js/WebAssemblyFunction.cpp:
1366         (JSC::callWebAssemblyFunction):
1367
1368 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1369
1370         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1371         https://bugs.webkit.org/show_bug.cgi?id=190033
1372
1373         Reviewed by Yusuke Suzuki.
1374
1375         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1376         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1377         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1378         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1379         digit.
1380
1381         * runtime/JSBigInt.cpp:
1382         (JSC::JSBigInt::toString):
1383         (JSC::JSBigInt::toStringBasePowerOfTwo):
1384         * runtime/JSBigInt.h:
1385
1386 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1387
1388         [ESNext][BigInt] Implement support for "&"
1389         https://bugs.webkit.org/show_bug.cgi?id=186228
1390
1391         Reviewed by Yusuke Suzuki.
1392
1393         This patch introduces support of BigInt into bitwise "&" operation.
1394         We are also introducing the ValueBitAnd DFG node, that is responsible
1395         to take care of JIT for non-Int32 operands. With the introduction of this
1396         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
1397         follows the behavior of ArithAdd and other arithmetic nodes, where
1398         the Arith<op> version always results in Number (in the case of
1399         ArithBitAnd, its is always an Int32).
1400
1401         * bytecode/CodeBlock.cpp:
1402         (JSC::CodeBlock::finishCreation):
1403         * bytecompiler/BytecodeGenerator.cpp:
1404         (JSC::BytecodeGenerator::emitBinaryOp):
1405         * dfg/DFGAbstractInterpreterInlines.h:
1406         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1407         * dfg/DFGBackwardsPropagationPhase.cpp:
1408         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1409         (JSC::DFG::BackwardsPropagationPhase::propagate):
1410         * dfg/DFGByteCodeParser.cpp:
1411         (JSC::DFG::ByteCodeParser::parseBlock):
1412         * dfg/DFGClobberize.h:
1413         (JSC::DFG::clobberize):
1414         * dfg/DFGDoesGC.cpp:
1415         (JSC::DFG::doesGC):
1416         * dfg/DFGFixupPhase.cpp:
1417         (JSC::DFG::FixupPhase::fixupNode):
1418         * dfg/DFGNodeType.h:
1419         * dfg/DFGOperations.cpp:
1420         * dfg/DFGOperations.h:
1421         * dfg/DFGPredictionPropagationPhase.cpp:
1422         * dfg/DFGSafeToExecute.h:
1423         (JSC::DFG::safeToExecute):
1424         * dfg/DFGSpeculativeJIT.cpp:
1425         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
1426         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
1427         * dfg/DFGSpeculativeJIT.h:
1428         (JSC::DFG::SpeculativeJIT::bitOp):
1429         * dfg/DFGSpeculativeJIT32_64.cpp:
1430         (JSC::DFG::SpeculativeJIT::compile):
1431         * dfg/DFGSpeculativeJIT64.cpp:
1432         (JSC::DFG::SpeculativeJIT::compile):
1433         * dfg/DFGStrengthReductionPhase.cpp:
1434         (JSC::DFG::StrengthReductionPhase::handleNode):
1435         * ftl/FTLCapabilities.cpp:
1436         (JSC::FTL::canCompile):
1437         * ftl/FTLLowerDFGToB3.cpp:
1438         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1439         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
1440         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
1441         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
1442         * jit/JIT.h:
1443         * jit/JITArithmetic.cpp:
1444         (JSC::JIT::emitBitBinaryOpFastPath):
1445         (JSC::JIT::emit_op_bitand):
1446         * llint/LowLevelInterpreter32_64.asm:
1447         * llint/LowLevelInterpreter64.asm:
1448         * runtime/CommonSlowPaths.cpp:
1449         (JSC::SLOW_PATH_DECL):
1450         * runtime/JSBigInt.cpp:
1451         (JSC::JSBigInt::JSBigInt):
1452         (JSC::JSBigInt::initialize):
1453         (JSC::JSBigInt::createZero):
1454         (JSC::JSBigInt::createFrom):
1455         (JSC::JSBigInt::bitwiseAnd):
1456         (JSC::JSBigInt::absoluteBitwiseOp):
1457         (JSC::JSBigInt::absoluteAnd):
1458         (JSC::JSBigInt::absoluteOr):
1459         (JSC::JSBigInt::absoluteAndNot):
1460         (JSC::JSBigInt::absoluteAddOne):
1461         (JSC::JSBigInt::absoluteSubOne):
1462         * runtime/JSBigInt.h:
1463         * runtime/JSCJSValue.h:
1464         * runtime/JSCJSValueInlines.h:
1465         (JSC::JSValue::toBigIntOrInt32 const):
1466
1467 2018-09-28  Mark Lam  <mark.lam@apple.com>
1468
1469         Gardening: speculative build fix.
1470         <rdar://problem/44869924>
1471
1472         Not reviewed.
1473
1474         * assembler/LinkBuffer.cpp:
1475         (JSC::LinkBuffer::copyCompactAndLinkCode):
1476
1477 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
1478
1479         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
1480         https://bugs.webkit.org/show_bug.cgi?id=190080
1481
1482         Reviewed by Mark Lam.
1483
1484         * assembler/ARMv7Assembler.h:
1485         (JSC::ARMv7Assembler::link):
1486         (JSC::ARMv7Assembler::linkJumpT1):
1487         (JSC::ARMv7Assembler::linkJumpT2):
1488         (JSC::ARMv7Assembler::linkJumpT3):
1489         (JSC::ARMv7Assembler::linkJumpT4):
1490         (JSC::ARMv7Assembler::linkConditionalJumpT4):
1491         (JSC::ARMv7Assembler::linkBX):
1492         (JSC::ARMv7Assembler::linkConditionalBX):
1493         * assembler/MacroAssemblerARMv7.h:
1494         (JSC::MacroAssemblerARMv7::link):
1495
1496 2018-09-27  Saam barati  <sbarati@apple.com>
1497
1498         Verify the contents of AssemblerBuffer on arm64e
1499         https://bugs.webkit.org/show_bug.cgi?id=190057
1500         <rdar://problem/38916630>
1501
1502         Reviewed by Mark Lam.
1503
1504         * assembler/ARM64Assembler.h:
1505         (JSC::ARM64Assembler::ARM64Assembler):
1506         (JSC::ARM64Assembler::fillNops):
1507         (JSC::ARM64Assembler::link):
1508         (JSC::ARM64Assembler::linkJumpOrCall):
1509         (JSC::ARM64Assembler::linkCompareAndBranch):
1510         (JSC::ARM64Assembler::linkConditionalBranch):
1511         (JSC::ARM64Assembler::linkTestAndBranch):
1512         (JSC::ARM64Assembler::unlinkedCode): Deleted.
1513         * assembler/ARMAssembler.h:
1514         (JSC::ARMAssembler::fillNops):
1515         * assembler/ARMv7Assembler.h:
1516         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
1517         * assembler/AbstractMacroAssembler.h:
1518         (JSC::AbstractMacroAssembler::emitNops):
1519         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
1520         * assembler/AssemblerBuffer.h:
1521         (JSC::ARM64EHash::ARM64EHash):
1522         (JSC::ARM64EHash::update):
1523         (JSC::ARM64EHash::hash const):
1524         (JSC::ARM64EHash::randomSeed const):
1525         (JSC::AssemblerBuffer::AssemblerBuffer):
1526         (JSC::AssemblerBuffer::putShort):
1527         (JSC::AssemblerBuffer::putIntUnchecked):
1528         (JSC::AssemblerBuffer::putInt):
1529         (JSC::AssemblerBuffer::hash const):
1530         (JSC::AssemblerBuffer::data const):
1531         (JSC::AssemblerBuffer::putIntegralUnchecked):
1532         (JSC::AssemblerBuffer::append): Deleted.
1533         * assembler/LinkBuffer.cpp:
1534         (JSC::LinkBuffer::copyCompactAndLinkCode):
1535         * assembler/MIPSAssembler.h:
1536         (JSC::MIPSAssembler::fillNops):
1537         * assembler/MacroAssemblerARM64.h:
1538         (JSC::MacroAssemblerARM64::jumpsToLink):
1539         (JSC::MacroAssemblerARM64::link):
1540         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
1541         * assembler/MacroAssemblerARMv7.h:
1542         (JSC::MacroAssemblerARMv7::jumpsToLink):
1543         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
1544         * assembler/X86Assembler.h:
1545         (JSC::X86Assembler::fillNops):
1546
1547 2018-09-27  Mark Lam  <mark.lam@apple.com>
1548
1549         ByValInfo should not use integer offsets.
1550         https://bugs.webkit.org/show_bug.cgi?id=190070
1551         <rdar://problem/44803430>
1552
1553         Reviewed by Saam Barati.
1554
1555         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
1556
1557         * bytecode/ByValInfo.h:
1558         (JSC::ByValInfo::ByValInfo):
1559         * jit/JIT.cpp:
1560         (JSC::JIT::link):
1561         * jit/JITOpcodes.cpp:
1562         (JSC::JIT::privateCompileHasIndexedProperty):
1563         * jit/JITOpcodes32_64.cpp:
1564         (JSC::JIT::privateCompileHasIndexedProperty):
1565         * jit/JITPropertyAccess.cpp:
1566         (JSC::JIT::privateCompileGetByVal):
1567         (JSC::JIT::privateCompileGetByValWithCachedId):
1568         (JSC::JIT::privateCompilePutByVal):
1569         (JSC::JIT::privateCompilePutByValWithCachedId):
1570
1571 2018-09-27  Saam barati  <sbarati@apple.com>
1572
1573         DFG::OSRExit::m_patchableCodeOffset should not be an int
1574         https://bugs.webkit.org/show_bug.cgi?id=190066
1575         <rdar://problem/39498244>
1576
1577         Reviewed by Mark Lam.
1578
1579         * dfg/DFGJITCompiler.cpp:
1580         (JSC::DFG::JITCompiler::linkOSRExits):
1581         (JSC::DFG::JITCompiler::link):
1582         * dfg/DFGOSRExit.cpp:
1583         (JSC::DFG::OSRExit::codeLocationForRepatch const):
1584         (JSC::DFG::OSRExit::compileOSRExit):
1585         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
1586         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
1587         (JSC::DFG::OSRExit::correctJump): Deleted.
1588         * dfg/DFGOSRExit.h:
1589         * dfg/DFGOSRExitCompilationInfo.h:
1590
1591 2018-09-27  Saam barati  <sbarati@apple.com>
1592
1593         Don't use int offsets in StructureStubInfo
1594         https://bugs.webkit.org/show_bug.cgi?id=190064
1595         <rdar://problem/44784719>
1596
1597         Reviewed by Mark Lam.
1598
1599         * bytecode/InlineAccess.cpp:
1600         (JSC::linkCodeInline):
1601         * bytecode/StructureStubInfo.h:
1602         (JSC::StructureStubInfo::slowPathCallLocation):
1603         (JSC::StructureStubInfo::doneLocation):
1604         (JSC::StructureStubInfo::slowPathStartLocation):
1605         * jit/JITInlineCacheGenerator.cpp:
1606         (JSC::JITInlineCacheGenerator::finalize):
1607
1608 2018-09-27  Mark Lam  <mark.lam@apple.com>
1609
1610         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
1611         https://bugs.webkit.org/show_bug.cgi?id=190054
1612         <rdar://problem/44803543>
1613
1614         Reviewed by Saam Barati.
1615
1616         * dfg/DFGJITCode.h:
1617         (JSC::DFG::JITCode::appendOSREntryData):
1618         * dfg/DFGJITCompiler.cpp:
1619         (JSC::DFG::JITCompiler::noticeOSREntry):
1620         * dfg/DFGOSREntry.cpp:
1621         (JSC::DFG::OSREntryData::dumpInContext const):
1622         (JSC::DFG::prepareOSREntry):
1623         * dfg/DFGOSREntry.h:
1624         * runtime/JSCPtrTag.h:
1625
1626 2018-09-27  Mark Lam  <mark.lam@apple.com>
1627
1628         JITMathIC should not use integer offsets into machine code.
1629         https://bugs.webkit.org/show_bug.cgi?id=190030
1630         <rdar://problem/44803307>
1631
1632         Reviewed by Saam Barati.
1633
1634         We'll replace them with CodeLocation smart pointers instead.
1635
1636         * jit/JITMathIC.h:
1637         (JSC::isProfileEmpty):
1638
1639 2018-09-26  Mark Lam  <mark.lam@apple.com>
1640
1641         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
1642         https://bugs.webkit.org/show_bug.cgi?id=190022
1643         <rdar://problem/44800928>
1644
1645         Reviewed by Saam Barati.
1646
1647         * jit/ExecutableAllocator.cpp:
1648         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1649         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1650         * jit/ExecutableAllocator.h:
1651         (JSC::performJITMemcpy):
1652         * runtime/Options.cpp:
1653         (JSC::recomputeDependentOptions):
1654
1655 2018-09-26  Mark Lam  <mark.lam@apple.com>
1656
1657         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
1658         https://bugs.webkit.org/show_bug.cgi?id=190016
1659         <rdar://problem/44802875>
1660
1661         Reviewed by Saam Barati.
1662
1663         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
1664         JIT memory.
1665
1666         * assembler/ARM64Assembler.h:
1667         (JSC::ARM64Assembler::fillNops):
1668         (JSC::ARM64Assembler::replaceWithVMHalt):
1669         (JSC::ARM64Assembler::replaceWithJump):
1670         (JSC::ARM64Assembler::replaceWithLoad):
1671         (JSC::ARM64Assembler::replaceWithAddressComputation):
1672         (JSC::ARM64Assembler::setPointer):
1673         (JSC::ARM64Assembler::repatchInt32):
1674         (JSC::ARM64Assembler::repatchCompact):
1675         (JSC::ARM64Assembler::linkJumpOrCall):
1676         (JSC::ARM64Assembler::linkCompareAndBranch):
1677         (JSC::ARM64Assembler::linkConditionalBranch):
1678         (JSC::ARM64Assembler::linkTestAndBranch):
1679         * assembler/LinkBuffer.cpp:
1680         (JSC::LinkBuffer::copyCompactAndLinkCode):
1681         (JSC::LinkBuffer::linkCode):
1682         * jit/ExecutableAllocator.h:
1683         (JSC::performJITMemcpy):
1684
1685 2018-09-25  Keith Miller  <keith_miller@apple.com>
1686
1687         Move Symbol API to SPI
1688         https://bugs.webkit.org/show_bug.cgi?id=189946
1689
1690         Reviewed by Michael Saboff.
1691
1692         Some of the property access methods on JSValue needed to be moved
1693         to a category so that SPI overloads don't result in a compiler
1694         error for internal users.
1695
1696         Additionally, this patch does not move the new enum entry for
1697         Symbols in the JSType enumeration.
1698
1699         * API/JSObjectRef.h:
1700         * API/JSObjectRefPrivate.h:
1701         * API/JSValue.h:
1702         * API/JSValuePrivate.h:
1703         * API/JSValueRef.h:
1704
1705 2018-09-26  Keith Miller  <keith_miller@apple.com>
1706
1707         We should zero unused property storage when rebalancing array storage.
1708         https://bugs.webkit.org/show_bug.cgi?id=188151
1709
1710         Reviewed by Michael Saboff.
1711
1712         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
1713         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
1714         property storage.
1715
1716         * runtime/JSArray.cpp:
1717         (JSC::JSArray::unshiftCountSlowCase):
1718
1719 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1720
1721         Unreviewed, add scope verification handling
1722         https://bugs.webkit.org/show_bug.cgi?id=189780
1723
1724         * runtime/ArrayPrototype.cpp:
1725         (JSC::arrayProtoFuncIndexOf):
1726         (JSC::arrayProtoFuncLastIndexOf):
1727
1728 2018-09-26  Koby Boyango  <koby.b@mce.systems>
1729
1730         [JSC] offlineasm parser should handle CRLF in asm files
1731         https://bugs.webkit.org/show_bug.cgi?id=189949
1732
1733         Reviewed by Mark Lam.
1734
1735         * offlineasm/parser.rb:
1736
1737 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1738
1739         [JSC] Optimize Array#lastIndexOf
1740         https://bugs.webkit.org/show_bug.cgi?id=189780
1741
1742         Reviewed by Saam Barati.
1743
1744         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
1745         for JSArray with contiguous storage.
1746
1747         * runtime/ArrayPrototype.cpp:
1748         (JSC::arrayProtoFuncLastIndexOf):
1749
1750 2018-09-25  Saam Barati  <sbarati@apple.com>
1751
1752         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1753         https://bugs.webkit.org/show_bug.cgi?id=189940
1754         <rdar://problem/43640987>
1755
1756         Reviewed by Mark Lam.
1757
1758         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
1759         CodeBlock. There is nothing semantically wrong with doing that (except for
1760         poor naming), however, the poor naming here led us to make a real semantic
1761         mistake. We wanted the baseline CodeBlock's constant pool, but we were
1762         accessing the FTL CodeBlock's constant pool accidentally. We need to
1763         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
1764         constant value.
1765
1766         * bytecode/InlineCallFrame.h:
1767         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
1768         * ftl/FTLOperations.cpp:
1769         (JSC::FTL::operationMaterializeObjectInOSR):
1770
1771 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
1772
1773         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
1774         https://bugs.webkit.org/show_bug.cgi?id=189962
1775         <rdar://problem/44648287>
1776
1777         Reviewed by Brian Burg.
1778
1779         * inspector/scripts/codegen/generate_objc_header.py:
1780         (ObjCHeaderGenerator._callback_block_for_command):
1781         If there are no return parameters include "void" in the block signature.
1782
1783         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
1784         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
1785         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1786         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1787         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
1788         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
1789         Rebaseline test results.
1790
1791 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
1792
1793         Remove AUTHORS and THANKS files which are stale
1794         https://bugs.webkit.org/show_bug.cgi?id=189941
1795
1796         Reviewed by Darin Adler.
1797
1798         Included mentions below so their names are still in ChangeLogs.
1799
1800         * AUTHORS: Removed.
1801         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
1802         These authors remain mentioned in copyrights in source files.
1803
1804         * THANKS: Removed.
1805         Richard Moore <rich@kde.org> - for filling the Math object with some life
1806         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
1807         Marco Pinelli <pinmc@libero.it> - for his patches
1808         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
1809         
1810 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
1811
1812         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
1813         https://bugs.webkit.org/show_bug.cgi?id=189733
1814
1815         Reviewed by Michael Catanzaro.
1816
1817         * assembler/ARM64Assembler.h:
1818         * assembler/ARMAssembler.h:
1819         (JSC::ARMAssembler::cacheFlush):
1820         * assembler/MacroAssemblerARM.cpp:
1821         (JSC::isVFPPresent):
1822         * assembler/MacroAssemblerARM64.cpp:
1823         * assembler/MacroAssemblerARMv7.cpp:
1824         * assembler/MacroAssemblerMIPS.cpp:
1825         * assembler/MacroAssemblerX86Common.cpp:
1826         * heap/HeapCell.cpp:
1827         * heap/HeapCell.h:
1828         * jit/HostCallReturnValue.h:
1829         * jit/JIT.h:
1830         * jit/JITOperations.cpp:
1831         * jit/ThunkGenerators.cpp:
1832         * runtime/ArrayConventions.cpp:
1833         (JSC::clearArrayMemset):
1834         * runtime/JSBigInt.cpp:
1835         (JSC::JSBigInt::digitDiv):
1836
1837 2018-09-24  Saam Barati  <sbarati@apple.com>
1838
1839         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1840         https://bugs.webkit.org/show_bug.cgi?id=189922
1841         <rdar://problem/44651275>
1842
1843         Reviewed by Mark Lam.
1844
1845         The implementation was first getting the length to iterate up to,
1846         then getting the starting index. However, getting the starting
1847         index may perform effects. e.g, it could change the length of the
1848         array. This changes it so we verify the length is still valid.
1849
1850         * runtime/ArrayPrototype.cpp:
1851         (JSC::arrayProtoFuncIndexOf):
1852
1853 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1854
1855         offlineasm: fix macro scoping
1856         https://bugs.webkit.org/show_bug.cgi?id=189902
1857
1858         Reviewed by Mark Lam.
1859
1860         In the code below, the reference to `f` in `g`, which should refer to
1861         the outer macro definition will instead refer to the f argument of the
1862         anonymous macro passed to `g`. That leads to this code failing to
1863         compile (f expected 0 args but got 1).
1864         
1865         ```
1866         macro f(x)
1867             move x, t0
1868         end
1869         
1870         macro g(fn)
1871             fn(macro () f(42) end)
1872         end
1873         
1874         g(macro(f) f() end)
1875         ```
1876
1877         * offlineasm/ast.rb:
1878         * offlineasm/transform.rb:
1879
1880 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1881
1882         Add forEach method for iterating CodeBlock's ValueProfiles
1883         https://bugs.webkit.org/show_bug.cgi?id=189897
1884
1885         Reviewed by Mark Lam.
1886
1887         Add method to abstract how we find ValueProfiles in a CodeBlock in
1888         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
1889         ValueProfiles will be stored in the MetadataTable.
1890
1891         * bytecode/CodeBlock.cpp:
1892         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1893         (JSC::CodeBlock::updateAllValueProfilePredictions):
1894         (JSC::CodeBlock::shouldOptimizeNow):
1895         (JSC::CodeBlock::dumpValueProfiles):
1896         * bytecode/CodeBlock.h:
1897         (JSC::CodeBlock::forEachValueProfile):
1898         (JSC::CodeBlock::numberOfArgumentValueProfiles):
1899         (JSC::CodeBlock::valueProfileForArgument):
1900         (JSC::CodeBlock::numberOfValueProfiles):
1901         (JSC::CodeBlock::valueProfile):
1902         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
1903         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
1904         * tools/HeapVerifier.cpp:
1905         (JSC::HeapVerifier::validateJSCell):
1906
1907 2018-09-24  Saam barati  <sbarati@apple.com>
1908
1909         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1910         https://bugs.webkit.org/show_bug.cgi?id=189682
1911         <rdar://problem/43557315>
1912
1913         Reviewed by Mark Lam.
1914
1915         Otherwise, if we have code like this:
1916         ```
1917         a: Arguments
1918         b: GetButterfly(@a)
1919         c: ForceExit
1920         d: GetArrayLength(@a, @b)
1921         ```
1922         it will get transformed into this invalid DFG IR:
1923         ```
1924         a: PhantomArguments
1925         b: Check(@a)
1926         c: ForceExit
1927         d: GetArrayLength(@a, @b)
1928         ```
1929         
1930         And we will fail DFG validation since @b does not have a result.
1931         
1932         The fix is to just remove all nodes after the ForceExit and plant an
1933         Unreachable after it. So the above code program will now turn into this:
1934         ```
1935         a: PhantomArguments
1936         b: Check(@a)
1937         c: ForceExit
1938         e: Unreachable
1939         ```
1940
1941         * dfg/DFGArgumentsEliminationPhase.cpp:
1942
1943 2018-09-22  Saam barati  <sbarati@apple.com>
1944
1945         The sampling should not use Strong<CodeBlock> in its machineLocation field
1946         https://bugs.webkit.org/show_bug.cgi?id=189319
1947
1948         Reviewed by Filip Pizlo.
1949
1950         The sampling profiler has a CLI mode where we gather information about inline
1951         call frames. That data structure was using a Strong<CodeBlock>. We were
1952         constructing this Strong<CodeBlock> during GC concurrently to processing all
1953         the Strong handles. This is a bug since we end up corrupting that data
1954         structure. This patch fixes this by just making this data structure use the
1955         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
1956
1957         * inspector/agents/InspectorScriptProfilerAgent.cpp:
1958         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1959         * runtime/SamplingProfiler.cpp:
1960         (JSC::SamplingProfiler::processUnverifiedStackTraces):
1961
1962         (JSC::SamplingProfiler::reportTopFunctions):
1963         (JSC::SamplingProfiler::reportTopBytecodes):
1964         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
1965         cause a GC to happen while already holding the sampling profiler's
1966         lock.
1967
1968 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1969
1970         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
1971         https://bugs.webkit.org/show_bug.cgi?id=189778
1972
1973         Reviewed by Keith Miller.
1974
1975         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
1976         Linux and macOS respectively. We would like to enable it for non JIT
1977         configurations in X86_64 and ARM64.
1978
1979         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
1980         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
1981         configuration. But it is wrong in the new scenario since we have a build
1982         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
1983         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
1984         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
1985         related to LLInt ASM interpreter and not related to JIT.
1986
1987         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
1988         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
1989         has machine register information that is used in LLInt ASM interpreter.
1990
1991         * API/tests/PingPongStackOverflowTest.cpp:
1992         (testPingPongStackOverflow):
1993         * CMakeLists.txt:
1994         * JavaScriptCore.xcodeproj/project.pbxproj:
1995         * assembler/MaxFrameExtentForSlowPathCall.h:
1996         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
1997         * bytecode/CodeBlock.cpp:
1998         (JSC::CodeBlock::finishCreation):
1999         * bytecode/CodeBlock.h:
2000         (JSC::CodeBlock::calleeSaveRegisters const):
2001         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
2002         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2003         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
2004         * bytecode/Opcode.h:
2005         (JSC::padOpcodeName):
2006         * heap/Heap.cpp:
2007         (JSC::Heap::gatherJSStackRoots):
2008         (JSC::Heap::stopThePeriphery):
2009         * interpreter/CLoopStack.cpp:
2010         * interpreter/CLoopStack.h:
2011         * interpreter/CLoopStackInlines.h:
2012         * interpreter/EntryFrame.h:
2013         * interpreter/Interpreter.cpp:
2014         (JSC::Interpreter::Interpreter):
2015         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
2016         * interpreter/Interpreter.h:
2017         * interpreter/StackVisitor.cpp:
2018         (JSC::StackVisitor::Frame::calleeSaveRegisters):
2019         * interpreter/VMEntryRecord.h:
2020         * jit/ExecutableAllocator.h:
2021         * jit/FPRInfo.h:
2022         (WTF::printInternal):
2023         * jit/GPRInfo.cpp:
2024         * jit/GPRInfo.h:
2025         (WTF::printInternal):
2026         * jit/HostCallReturnValue.cpp:
2027         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
2028         * jit/HostCallReturnValue.h:
2029         * jit/JITOperations.cpp:
2030         (JSC::getHostCallReturnValueWithExecState): Deleted.
2031         * jit/JITOperationsMSVC64.cpp:
2032         * jit/Reg.cpp:
2033         * jit/Reg.h:
2034         * jit/RegisterAtOffset.cpp:
2035         * jit/RegisterAtOffset.h:
2036         * jit/RegisterAtOffsetList.cpp:
2037         * jit/RegisterAtOffsetList.h:
2038         * jit/RegisterMap.h:
2039         * jit/RegisterSet.cpp:
2040         * jit/RegisterSet.h:
2041         * jit/TempRegisterSet.cpp:
2042         * jit/TempRegisterSet.h:
2043         * llint/LLIntCLoop.cpp:
2044         * llint/LLIntCLoop.h:
2045         * llint/LLIntData.cpp:
2046         (JSC::LLInt::initialize):
2047         (JSC::LLInt::Data::performAssertions):
2048         * llint/LLIntData.h:
2049         * llint/LLIntOfflineAsmConfig.h:
2050         * llint/LLIntOpcode.h:
2051         * llint/LLIntPCRanges.h:
2052         * llint/LLIntSlowPaths.cpp:
2053         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2054         * llint/LLIntSlowPaths.h:
2055         * llint/LLIntThunks.cpp:
2056         * llint/LowLevelInterpreter.cpp:
2057         * llint/LowLevelInterpreter.h:
2058         * runtime/JSCJSValue.h:
2059         * runtime/MachineContext.h:
2060         * runtime/SamplingProfiler.cpp:
2061         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
2062         for LLInt ASM interpreter with non JIT configuration.
2063         * runtime/TestRunnerUtils.cpp:
2064         (JSC::optimizeNextInvocation):
2065         * runtime/VM.cpp:
2066         (JSC::VM::VM):
2067         (JSC::VM::getHostFunction):
2068         (JSC::VM::updateSoftReservedZoneSize):
2069         (JSC::sanitizeStackForVM):
2070         (JSC::VM::committedStackByteCount):
2071         * runtime/VM.h:
2072         * runtime/VMInlines.h:
2073         (JSC::VM::ensureStackCapacityFor):
2074         (JSC::VM::isSafeToRecurseSoft const):
2075
2076 2018-09-21  Keith Miller  <keith_miller@apple.com>
2077
2078         Add Promise SPI
2079         https://bugs.webkit.org/show_bug.cgi?id=189809
2080
2081         Reviewed by Saam Barati.
2082
2083         The Patch adds new SPI to create promises. It's mostly SPI because
2084         I want to see how internal users react to it before we make it
2085         public.
2086
2087         This patch adds a couple of new Obj-C SPI methods. The first
2088         creates a new promise using the same API that JS does where the
2089         user provides an executor callback. If an exception is raised
2090         in/to that callback the promise is automagically rejected. The
2091         other methods create a pre-resolved or rejected promise as this
2092         appears to be a common way to initialize a promise.
2093
2094         I was also considering adding a second version of executor API
2095         where it would catch specific Obj-C exceptions. This would work by
2096         taking a Class paramter and checking isKindOfClass: on the
2097         exception. I decided against this as nothing else in our API
2098         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2099         corrupt state if an Obj-C exception unwinds through JS frames.
2100
2101         This patch adds a new C function that will create a "deferred"
2102         promise. A deferred promise is a style of creating promise/futures
2103         where the resolve and reject functions are passed as outputs of a
2104         function. I went with this style for the C SPI because we don't have
2105         any concept of forwarding exceptions in the C API.
2106
2107         In order to make the C API work I refactored a bit of the promise code
2108         so that we can call a static method on JSDeferredPromise and just get
2109         the components without allocating an extra cell wrapper.
2110
2111         * API/JSContext.mm:
2112         (+[JSContext currentCallee]):
2113         * API/JSObjectRef.cpp:
2114         (JSObjectMakeDeferredPromise):
2115         * API/JSObjectRefPrivate.h:
2116         * API/JSValue.mm:
2117         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2118         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2119         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2120         * API/JSValuePrivate.h: Added.
2121         * API/JSVirtualMachine.mm:
2122         * API/JSVirtualMachinePrivate.h:
2123         * API/tests/testapi.c:
2124         (main):
2125         * API/tests/testapi.cpp:
2126         (APIContext::operator JSC::ExecState*):
2127         (TestAPI::failed const):
2128         (TestAPI::check):
2129         (TestAPI::basicSymbol):
2130         (TestAPI::symbolsTypeof):
2131         (TestAPI::symbolsGetPropertyForKey):
2132         (TestAPI::symbolsSetPropertyForKey):
2133         (TestAPI::symbolsHasPropertyForKey):
2134         (TestAPI::symbolsDeletePropertyForKey):
2135         (TestAPI::promiseResolveTrue):
2136         (TestAPI::promiseRejectTrue):
2137         (testCAPIViaCpp):
2138         (TestAPI::run): Deleted.
2139         * API/tests/testapi.mm:
2140         (testObjectiveCAPIMain):
2141         (promiseWithExecutor):
2142         (promiseRejectOnJSException):
2143         (promiseCreateResolved):
2144         (promiseCreateRejected):
2145         (parallelPromiseResolveTest):
2146         (testObjectiveCAPI):
2147         * JavaScriptCore.xcodeproj/project.pbxproj:
2148         * runtime/JSInternalPromiseDeferred.cpp:
2149         (JSC::JSInternalPromiseDeferred::create):
2150         * runtime/JSPromise.h:
2151         * runtime/JSPromiseConstructor.cpp:
2152         (JSC::constructPromise):
2153         * runtime/JSPromiseDeferred.cpp:
2154         (JSC::JSPromiseDeferred::createDeferredData):
2155         (JSC::JSPromiseDeferred::create):
2156         (JSC::JSPromiseDeferred::finishCreation):
2157         (JSC::newPromiseCapability): Deleted.
2158         * runtime/JSPromiseDeferred.h:
2159         (JSC::JSPromiseDeferred::promise const):
2160         (JSC::JSPromiseDeferred::resolve const):
2161         (JSC::JSPromiseDeferred::reject const):
2162
2163 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
2164
2165         Unreviewed, rolling out r236359.
2166
2167         Broke the Windows build.
2168
2169         Reverted changeset:
2170
2171         "Add Promise SPI"
2172         https://bugs.webkit.org/show_bug.cgi?id=189809
2173         https://trac.webkit.org/changeset/236359
2174
2175 2018-09-21  Mark Lam  <mark.lam@apple.com>
2176
2177         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
2178         https://bugs.webkit.org/show_bug.cgi?id=189855
2179         <rdar://problem/44680181>
2180
2181         Reviewed by Filip Pizlo.
2182
2183         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
2184         ExecState* argument.  This is intentional so that resolveRope() does not throw
2185         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
2186         get the VM from the cell instead of via the ExecState.
2187
2188         Also removed an obsolete and unused field in JSString.
2189
2190         * runtime/JSString.cpp:
2191         (JSC::JSRopeString::resolveRope const):
2192         (JSC::JSRopeString::outOfMemory const):
2193         * runtime/JSString.h:
2194         (JSC::JSString::tryGetValue const):
2195
2196 2018-09-21  Michael Saboff  <msaboff@apple.com>
2197
2198         Add functions to measure memory footprint to JSC
2199         https://bugs.webkit.org/show_bug.cgi?id=189768
2200
2201         Reviewed by Saam Barati.
2202
2203         Rolling this back in again.
2204
2205         Provide system memory metrics for the current process to aid in memory reduction measurement and
2206         tuning using native JS tests.
2207
2208         * jsc.cpp:
2209         (MemoryFootprint::now):
2210         (MemoryFootprint::resetPeak):
2211         (GlobalObject::finishCreation):
2212         (JSCMemoryFootprint::JSCMemoryFootprint):
2213         (JSCMemoryFootprint::createStructure):
2214         (JSCMemoryFootprint::create):
2215         (JSCMemoryFootprint::finishCreation):
2216         (JSCMemoryFootprint::addProperty):
2217         (functionResetMemoryPeak):
2218
2219 2018-09-21  Keith Miller  <keith_miller@apple.com>
2220
2221         Add Promise SPI
2222         https://bugs.webkit.org/show_bug.cgi?id=189809
2223
2224         Reviewed by Saam Barati.
2225
2226         The Patch adds new SPI to create promises. It's mostly SPI because
2227         I want to see how internal users react to it before we make it
2228         public.
2229
2230         This patch adds a couple of new Obj-C SPI methods. The first
2231         creates a new promise using the same API that JS does where the
2232         user provides an executor callback. If an exception is raised
2233         in/to that callback the promise is automagically rejected. The
2234         other methods create a pre-resolved or rejected promise as this
2235         appears to be a common way to initialize a promise.
2236
2237         I was also considering adding a second version of executor API
2238         where it would catch specific Obj-C exceptions. This would work by
2239         taking a Class paramter and checking isKindOfClass: on the
2240         exception. I decided against this as nothing else in our API
2241         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2242         corrupt state if an Obj-C exception unwinds through JS frames.
2243
2244         This patch adds a new C function that will create a "deferred"
2245         promise. A deferred promise is a style of creating promise/futures
2246         where the resolve and reject functions are passed as outputs of a
2247         function. I went with this style for the C SPI because we don't have
2248         any concept of forwarding exceptions in the C API.
2249
2250         In order to make the C API work I refactored a bit of the promise code
2251         so that we can call a static method on JSDeferredPromise and just get
2252         the components without allocating an extra cell wrapper.
2253
2254         * API/JSContext.mm:
2255         (+[JSContext currentCallee]):
2256         * API/JSObjectRef.cpp:
2257         (JSObjectMakeDeferredPromise):
2258         * API/JSObjectRefPrivate.h:
2259         * API/JSValue.mm:
2260         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2261         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2262         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2263         * API/JSValuePrivate.h: Added.
2264         * API/JSVirtualMachine.mm:
2265         * API/JSVirtualMachinePrivate.h:
2266         * API/tests/testapi.c:
2267         (main):
2268         * API/tests/testapi.cpp:
2269         (APIContext::operator JSC::ExecState*):
2270         (TestAPI::failed const):
2271         (TestAPI::check):
2272         (TestAPI::basicSymbol):
2273         (TestAPI::symbolsTypeof):
2274         (TestAPI::symbolsGetPropertyForKey):
2275         (TestAPI::symbolsSetPropertyForKey):
2276         (TestAPI::symbolsHasPropertyForKey):
2277         (TestAPI::symbolsDeletePropertyForKey):
2278         (TestAPI::promiseResolveTrue):
2279         (TestAPI::promiseRejectTrue):
2280         (testCAPIViaCpp):
2281         (TestAPI::run): Deleted.
2282         * API/tests/testapi.mm:
2283         (testObjectiveCAPIMain):
2284         (promiseWithExecutor):
2285         (promiseRejectOnJSException):
2286         (promiseCreateResolved):
2287         (promiseCreateRejected):
2288         (parallelPromiseResolveTest):
2289         (testObjectiveCAPI):
2290         * JavaScriptCore.xcodeproj/project.pbxproj:
2291         * runtime/JSInternalPromiseDeferred.cpp:
2292         (JSC::JSInternalPromiseDeferred::create):
2293         * runtime/JSPromise.h:
2294         * runtime/JSPromiseConstructor.cpp:
2295         (JSC::constructPromise):
2296         * runtime/JSPromiseDeferred.cpp:
2297         (JSC::JSPromiseDeferred::createDeferredData):
2298         (JSC::JSPromiseDeferred::create):
2299         (JSC::JSPromiseDeferred::finishCreation):
2300         (JSC::newPromiseCapability): Deleted.
2301         * runtime/JSPromiseDeferred.h:
2302         (JSC::JSPromiseDeferred::promise const):
2303         (JSC::JSPromiseDeferred::resolve const):
2304         (JSC::JSPromiseDeferred::reject const):
2305
2306 2018-09-21  Truitt Savell  <tsavell@apple.com>
2307
2308         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
2309         https://bugs.webkit.org/show_bug.cgi?id=156674
2310
2311         Unreviewed Test Gardening
2312
2313         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2314         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2315
2316 2018-09-21  Mike Gorse  <mgorse@suse.com>
2317
2318         Build tools should work when the /usr/bin/python is python3
2319         https://bugs.webkit.org/show_bug.cgi?id=156674
2320
2321         Reviewed by Michael Catanzaro.
2322
2323         * Scripts/cssmin.py:
2324         * Scripts/generate-js-builtins.py:
2325         (do_open):
2326         (generate_bindings_for_builtins_files):
2327         * Scripts/generateIntlCanonicalizeLanguage.py:
2328         * Scripts/jsmin.py:
2329         (JavascriptMinify.minify.write):
2330         (JavascriptMinify):
2331         (JavascriptMinify.minify):
2332         * Scripts/make-js-file-arrays.py:
2333         (chunk):
2334         (main):
2335         * Scripts/wkbuiltins/__init__.py:
2336         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
2337         (generate_section_for_global_private_code_name_macro):
2338         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
2339         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
2340         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
2341         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
2342         * Scripts/wkbuiltins/builtins_model.py:
2343         (BuiltinFunction.__lt__):
2344         (BuiltinsCollection.copyrights):
2345         (BuiltinsCollection._parse_functions):
2346         * disassembler/udis86/ud_opcode.py:
2347         (UdOpcodeTables.pprint.printWalk):
2348         * generate-bytecode-files:
2349         * inspector/scripts/codegen/__init__.py:
2350         * inspector/scripts/codegen/cpp_generator.py:
2351         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2352         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
2353         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2354         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2355         (CppBackendDispatcherHeaderGenerator.generate_output):
2356         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2357         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2358         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2359         (CppBackendDispatcherImplementationGenerator.generate_output):
2360         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2361         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2362         (CppFrontendDispatcherHeaderGenerator.generate_output):
2363         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2364         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2365         (CppFrontendDispatcherImplementationGenerator.generate_output):
2366         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2367         (CppProtocolTypesHeaderGenerator.generate_output):
2368         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2369         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2370         (CppProtocolTypesImplementationGenerator.generate_output):
2371         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2372         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
2373         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2374         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2375         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
2376         * inspector/scripts/codegen/generate_js_backend_commands.py:
2377         (JSBackendCommandsGenerator.should_generate_domain):
2378         (JSBackendCommandsGenerator.domains_to_generate):
2379         (JSBackendCommandsGenerator.generate_output):
2380         (JSBackendCommandsGenerator.generate_domain):
2381         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2382         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2383         (ObjCBackendDispatcherHeaderGenerator.generate_output):
2384         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2385         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2386         (ObjCBackendDispatcherImplementationGenerator.generate_output):
2387         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
2388         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2389         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2390         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2391         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2392         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
2393         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2394         * inspector/scripts/codegen/generate_objc_header.py:
2395         (ObjCHeaderGenerator.generate_output):
2396         (ObjCHeaderGenerator._generate_type_interface):
2397         * inspector/scripts/codegen/generate_objc_internal_header.py:
2398         (ObjCInternalHeaderGenerator.generate_output):
2399         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2400         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2401         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
2402         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2403         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2404         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2405         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2406         (ObjCProtocolTypesImplementationGenerator.generate_output):
2407         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
2408         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2409         * inspector/scripts/codegen/generator.py:
2410         (Generator.non_supplemental_domains):
2411         (Generator.open_fields):
2412         (Generator.calculate_types_requiring_shape_assertions):
2413         (Generator._traverse_and_assign_enum_values):
2414         (Generator.stylized_name_for_enum_value):
2415         * inspector/scripts/codegen/models.py:
2416         (find_duplicates):
2417         * inspector/scripts/codegen/objc_generator.py:
2418         * wasm/generateWasm.py:
2419         (opcodeIterator):
2420         * yarr/generateYarrCanonicalizeUnicode:
2421         * yarr/generateYarrUnicodePropertyTables.py:
2422         * yarr/hasher.py:
2423         (stringHash):
2424
2425 2018-09-21  Tomas Popela  <tpopela@redhat.com>
2426
2427         [ARM] Build broken on armv7hl after r235517
2428         https://bugs.webkit.org/show_bug.cgi?id=189831
2429
2430         Reviewed by Yusuke Suzuki.
2431
2432         Add missing implementation of patchebleBranch8() for traditional ARM.
2433
2434         * assembler/MacroAssemblerARM.h:
2435         (JSC::MacroAssemblerARM::patchableBranch8):
2436
2437 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2438
2439         Unreviewed, rolling out r236293.
2440
2441         Internal build still broken.
2442
2443         Reverted changeset:
2444
2445         "Add functions to measure memory footprint to JSC"
2446         https://bugs.webkit.org/show_bug.cgi?id=189768
2447         https://trac.webkit.org/changeset/236293
2448
2449 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2450
2451         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
2452         https://bugs.webkit.org/show_bug.cgi?id=189558
2453
2454         Reviewed by Mark Lam.
2455
2456         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
2457
2458             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
2459
2460         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
2461         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
2462
2463         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
2464         And we propagate this value to the global atomic counter when rebalance happens.
2465
2466         We also reduce HeapCell::heap() access by using `vm.heap`.
2467
2468         * heap/SlotVisitor.cpp:
2469         (JSC::SlotVisitor::didStartMarking):
2470         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
2471         (JSC::SlotVisitor::drain):
2472         (JSC::SlotVisitor::performIncrementOfDraining):
2473         * heap/SlotVisitor.h:
2474         * heap/SlotVisitorInlines.h:
2475         (JSC::SlotVisitor::reportExtraMemoryVisited):
2476         * runtime/JSString.cpp:
2477         (JSC::JSRopeString::resolveRopeToAtomicString const):
2478         (JSC::JSRopeString::resolveRope const):
2479         * runtime/JSString.h:
2480         (JSC::JSString::finishCreation):
2481         * wasm/js/JSWebAssemblyInstance.cpp:
2482         (JSC::JSWebAssemblyInstance::finishCreation):
2483         * wasm/js/JSWebAssemblyMemory.cpp:
2484         (JSC::JSWebAssemblyMemory::finishCreation):
2485
2486 2018-09-20  Michael Saboff  <msaboff@apple.com>
2487
2488         Add functions to measure memory footprint to JSC
2489         https://bugs.webkit.org/show_bug.cgi?id=189768
2490
2491         Reviewed by Saam Barati.
2492
2493         Rolling this back in.
2494
2495         Provide system memory metrics for the current process to aid in memory reduction measurement and
2496         tuning using native JS tests.
2497
2498         * jsc.cpp:
2499         (MemoryFootprint::now):
2500         (MemoryFootprint::resetPeak):
2501         (GlobalObject::finishCreation):
2502         (JSCMemoryFootprint::JSCMemoryFootprint):
2503         (JSCMemoryFootprint::createStructure):
2504         (JSCMemoryFootprint::create):
2505         (JSCMemoryFootprint::finishCreation):
2506         (JSCMemoryFootprint::addProperty):
2507         (functionResetMemoryPeak):
2508
2509 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2510
2511         Unreviewed, rolling out r236235.
2512
2513         Breaks internal builds.
2514
2515         Reverted changeset:
2516
2517         "Add functions to measure memory footprint to JSC"
2518         https://bugs.webkit.org/show_bug.cgi?id=189768
2519         https://trac.webkit.org/changeset/236235
2520
2521 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
2522
2523         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
2524         https://bugs.webkit.org/show_bug.cgi?id=189730
2525
2526         Reviewed by Saam Barati.
2527
2528         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
2529
2530         * jit/JITMathIC.h:
2531         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
2532
2533 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2534
2535         [JSC] Optimize Array#indexOf in C++ runtime
2536         https://bugs.webkit.org/show_bug.cgi?id=189507
2537
2538         Reviewed by Saam Barati.
2539
2540         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
2541         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
2542         and actually it is working well, C++ Array#indexOf is called significant amount
2543         of time before tiering up, and it takes 6.74% of jsc main thread samples according
2544         to perf command in Linux. This is because C++ Array#indexOf is too generic and
2545         misses the chance to optimize JSArray cases.
2546
2547         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
2548         access to the given JSArray is non-observable and indexing type is good for the fast
2549         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
2550         babylon web-tooling-benchmark.
2551
2552         * runtime/ArrayPrototype.cpp:
2553         (JSC::arrayProtoFuncIndexOf):
2554         * runtime/JSArray.h:
2555         * runtime/JSArrayInlines.h:
2556         (JSC::JSArray::canDoFastIndexedAccess):
2557         (JSC::toLength):
2558         * runtime/JSCJSValueInlines.h:
2559         (JSC::JSValue::JSValue):
2560         * runtime/JSGlobalObject.h:
2561         * runtime/JSGlobalObjectInlines.h:
2562         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
2563         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
2564         * runtime/MathCommon.h:
2565         (JSC::canBeStrictInt32):
2566         (JSC::canBeInt32):
2567
2568 2018-09-19  Michael Saboff  <msaboff@apple.com>
2569
2570         Add functions to measure memory footprint to JSC
2571         https://bugs.webkit.org/show_bug.cgi?id=189768
2572
2573         Reviewed by Saam Barati.
2574
2575         Provide system memory metrics for the current process to aid in memory reduction measurement and
2576         tuning using native JS tests.
2577
2578         * jsc.cpp:
2579         (MemoryFootprint::now):
2580         (MemoryFootprint::resetPeak):
2581         (GlobalObject::finishCreation):
2582         (JSCMemoryFootprint::JSCMemoryFootprint):
2583         (JSCMemoryFootprint::createStructure):
2584         (JSCMemoryFootprint::create):
2585         (JSCMemoryFootprint::finishCreation):
2586         (JSCMemoryFootprint::addProperty):
2587         (functionResetMemoryPeak):
2588
2589 2018-09-19  Saam barati  <sbarati@apple.com>
2590
2591         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
2592         https://bugs.webkit.org/show_bug.cgi?id=189703
2593
2594         Reviewed by Mark Lam.
2595
2596         This fixes a crash that a TypeProfiler change revealed.
2597
2598         * dfg/DFGSpeculativeJIT64.cpp:
2599         (JSC::DFG::SpeculativeJIT::compile):
2600
2601 2018-09-19  Saam barati  <sbarati@apple.com>
2602
2603         AI rule for MultiPutByOffset executes its effects in the wrong order
2604         https://bugs.webkit.org/show_bug.cgi?id=189757
2605         <rdar://problem/43535257>
2606
2607         Reviewed by Michael Saboff.
2608
2609         The AI rule for MultiPutByOffset was executing effects in the wrong order.
2610         It first executed the transition effects and the effects on the base, and
2611         then executed the filtering effects on the value being stored. However, you
2612         can end up with the wrong type when the base and the value being stored
2613         are the same. E.g, in a program like `o.f = o`. These effects need to happen
2614         in the opposite order, modeling what happens in the runtime executing of
2615         MultiPutByOffset.
2616
2617         * dfg/DFGAbstractInterpreterInlines.h:
2618         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2619
2620 2018-09-18  Mark Lam  <mark.lam@apple.com>
2621
2622         Ensure that ForInContexts are invalidated if their loop local is over-written.
2623         https://bugs.webkit.org/show_bug.cgi?id=189571
2624         <rdar://problem/44402277>
2625
2626         Reviewed by Saam Barati.
2627
2628         Instead of hunting down every place in the BytecodeGenerator that potentially
2629         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
2630         the bytecode range of the loop body when the ForInContext is popped, and
2631         invalidate the context if we ever find the loop temp variable over-written.
2632
2633         This has 2 benefits:
2634         1. It ensures that every type of opcode that can write to the loop temp will be
2635            handled appropriately, not just the op_mov that we've hunted down.
2636         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
2637            every time we emit an op_mov (or other opcodes that can write to a local)
2638            even when we're not inside a for-in loop.
2639
2640         JSC benchmarks show that that this change is performance neutral.
2641
2642         * bytecompiler/BytecodeGenerator.cpp:
2643         (JSC::BytecodeGenerator::pushIndexedForInScope):
2644         (JSC::BytecodeGenerator::popIndexedForInScope):
2645         (JSC::BytecodeGenerator::pushStructureForInScope):
2646         (JSC::BytecodeGenerator::popStructureForInScope):
2647         (JSC::ForInContext::finalize):
2648         (JSC::StructureForInContext::finalize):
2649         (JSC::IndexedForInContext::finalize):
2650         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
2651         * bytecompiler/BytecodeGenerator.h:
2652         (JSC::ForInContext::ForInContext):
2653         (JSC::ForInContext::bodyBytecodeStartOffset const):
2654         (JSC::StructureForInContext::StructureForInContext):
2655         (JSC::IndexedForInContext::IndexedForInContext):
2656         * bytecompiler/NodesCodegen.cpp:
2657         (JSC::PostfixNode::emitResolve):
2658         (JSC::PrefixNode::emitResolve):
2659         (JSC::ReadModifyResolveNode::emitBytecode):
2660         (JSC::AssignResolveNode::emitBytecode):
2661         (JSC::EmptyLetExpression::emitBytecode):
2662         (JSC::ForInNode::emitLoopHeader):
2663         (JSC::ForOfNode::emitBytecode):
2664         (JSC::BindingNode::bindValue const):
2665         (JSC::AssignmentElementNode::bindValue const):
2666         * runtime/CommonSlowPaths.cpp:
2667         (JSC::SLOW_PATH_DECL):
2668
2669 2018-09-17  Devin Rousso  <drousso@apple.com>
2670
2671         Web Inspector: generate CSSKeywordCompletions from backend values
2672         https://bugs.webkit.org/show_bug.cgi?id=189041
2673
2674         Reviewed by Joseph Pecoraro.
2675
2676         * inspector/protocol/CSS.json:
2677         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
2678
2679 2018-09-17  Saam barati  <sbarati@apple.com>
2680
2681         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
2682         https://bugs.webkit.org/show_bug.cgi?id=189676
2683         <rdar://problem/39682897>
2684
2685         Reviewed by Michael Saboff.
2686
2687         Because the incoming value may be TDZ, CheckStructure may end up crashing.
2688         Since the Type Profile does not currently record TDZ values in any of its
2689         data structures, this is not a semantic change in how it will show you data.
2690         It just fixes crashes when we emit a CheckStructure and the incoming value
2691         is TDZ.
2692
2693         * dfg/DFGFixupPhase.cpp:
2694         (JSC::DFG::FixupPhase::fixupNode):
2695         * dfg/DFGNode.h:
2696         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
2697
2698 2018-09-17  Darin Adler  <darin@apple.com>
2699
2700         Use OpaqueJSString rather than JSRetainPtr inside WebKit
2701         https://bugs.webkit.org/show_bug.cgi?id=189652
2702
2703         Reviewed by Saam Barati.
2704
2705         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
2706         JSStringRef.h.
2707
2708         * API/JSContext.mm:
2709         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
2710         than JSStringCreateWithCFString, simplifying the code and also obviating the
2711         need for explicit JSStringRelease.
2712         (-[JSContext setName:]): Ditto.
2713
2714         * API/JSStringRef.cpp:
2715         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
2716         It seems that additional optimization is possible, obviating the need to allocate
2717         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
2718
2719         * API/JSValue.mm:
2720         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
2721         OpaqueJSString::create and adoptRef as appropriate.
2722         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
2723         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
2724         (performPropertyOperation): Ditto.
2725         (-[JSValue invokeMethod:withArguments:]): Ditto.
2726         (valueToObjectWithoutCopy): Ditto.
2727         (containerValueToObject): Ditto.
2728         (valueToString): Ditto.
2729         (objectToValueWithoutCopy): Ditto.
2730         (objectToValue): Ditto.
2731
2732 2018-09-08  Darin Adler  <darin@apple.com>
2733
2734         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
2735         https://bugs.webkit.org/show_bug.cgi?id=189455
2736
2737         Reviewed by Keith Miller.
2738
2739         * API/JSObjectRef.cpp:
2740         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
2741         JSRetainPtr<JSStringRef>.
2742         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
2743         adopt constructor.
2744         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
2745         the array elements are now Ref.
2746
2747         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
2748         it only works for two specific unrelated types, JSStringRef and
2749         JSGlobalContextRef. Simplified the default constructor using data
2750         member initialization. Prepared to make the adopt constructor private
2751         (got everything compiling that way, then made it public again so that
2752         Apple internal software will still build). Got rid of unneeded
2753         templated constructor and assignment operator, since it's not relevant
2754         since there is no inheritance between JSRetainPtr template types.
2755         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
2756         Added move constructor and move assignment operator for slightly better
2757         performance. Simplified implementations of various member functions
2758         so they are more obviously correct, by using leakPtr in more of them
2759         and using std::exchange to make the flow of values more obvious.
2760
2761         * API/JSValue.mm:
2762         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
2763         missing JSStringRelease to fix a leak.
2764
2765         * API/tests/CustomGlobalObjectClassTest.c:
2766         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
2767         (globalObjectSetPrototypeTest): Ditto.
2768         (globalObjectPrivatePropertyTest): Ditto.
2769
2770         * API/tests/ExecutionTimeLimitTest.cpp:
2771         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
2772         (testExecutionTimeLimit): Ditto, lots more.
2773
2774         * API/tests/FunctionOverridesTest.cpp:
2775         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
2776
2777         * API/tests/JSObjectGetProxyTargetTest.cpp:
2778         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
2779         a leak.
2780
2781         * API/tests/PingPongStackOverflowTest.cpp:
2782         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
2783         JSStringRelease to fix leaks.
2784
2785         * API/tests/testapi.c:
2786         (throwException): Added. Helper function for repeated idiom where we want
2787         to throw an exception, but with additional JSStringRelease calls so we don't
2788         have to leak just to keep the code simpler to read.
2789         (MyObject_getProperty): Use throwException.
2790         (MyObject_setProperty): Ditto.
2791         (MyObject_deleteProperty): Ditto.
2792         (isValueEqualToString): Added. Helper function for an idiom where we check
2793         if something is a string and then if it's equal to a particular string
2794         constant, but a version that has an additional JSStringRelease call so we
2795         don't have to leak just to keep the code simpler to read.
2796         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
2797         (MyObject_callAsConstructor): Ditto.
2798         (MyObject_hasInstance): Ditto.
2799         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
2800         (testMarkingConstraintsAndHeapFinalizers): Ditto.
2801
2802 2018-09-14  Saam barati  <sbarati@apple.com>
2803
2804         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
2805         https://bugs.webkit.org/show_bug.cgi?id=189628
2806         <rdar://problem/39481690>
2807
2808         Reviewed by Mark Lam.
2809
2810         An Availability may point to a Node. And that Node may be removed from
2811         the graph, e.g, it's freed and its memory is no longer owned by Graph.
2812         This patch makes it so we no longer dump this metadata by default. If
2813         this metadata is interesting to you, you'll need to go in and change
2814         Graph::dump to dump the needed metadata.
2815
2816         * dfg/DFGGraph.cpp:
2817         (JSC::DFG::Graph::dump):
2818
2819 2018-09-14  Mark Lam  <mark.lam@apple.com>
2820
2821         Refactor some ForInContext code for better encapsulation.
2822         https://bugs.webkit.org/show_bug.cgi?id=189626
2823         <rdar://problem/44466415>
2824
2825         Reviewed by Keith Miller.
2826
2827         1. Add a ForInContext::m_type field to store the context type.  This does not
2828            increase the class size, but eliminates the need for a virtual call to get the
2829            type.
2830
2831            Note: we still need a virtual destructor because we'll be mingling
2832            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
2833
2834         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
2835            convenience methods.
2836
2837         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
2838            to do the casting to the subclass types.  This ensures that we'll properly
2839            assert that the casting is legal.
2840
2841         * bytecompiler/BytecodeGenerator.cpp:
2842         (JSC::BytecodeGenerator::emitGetByVal):
2843         (JSC::BytecodeGenerator::popIndexedForInScope):
2844         (JSC::BytecodeGenerator::popStructureForInScope):
2845         * bytecompiler/BytecodeGenerator.h:
2846         (JSC::ForInContext::type const):
2847         (JSC::ForInContext::isIndexedForInContext const):
2848         (JSC::ForInContext::isStructureForInContext const):
2849         (JSC::ForInContext::asIndexedForInContext):
2850         (JSC::ForInContext::asStructureForInContext):
2851         (JSC::ForInContext::ForInContext):
2852         (JSC::StructureForInContext::StructureForInContext):
2853         (JSC::IndexedForInContext::IndexedForInContext):
2854         (JSC::ForInContext::~ForInContext): Deleted.
2855
2856 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
2857
2858         Web Inspector: Record actions performed on ImageBitmapRenderingContext
2859         https://bugs.webkit.org/show_bug.cgi?id=181341
2860
2861         Reviewed by Joseph Pecoraro.
2862
2863         * inspector/protocol/Recording.json:
2864         * inspector/scripts/codegen/generator.py:
2865
2866 2018-09-14  Mike Gorse  <mgorse@suse.com>
2867
2868         builtins directory causes name conflict on Python 3
2869         https://bugs.webkit.org/show_bug.cgi?id=189552
2870
2871         Reviewed by Michael Catanzaro.
2872
2873         * CMakeLists.txt: builtins -> wkbuiltins.
2874         * DerivedSources.make: builtins -> wkbuiltins.
2875         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
2876           builtins.
2877         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
2878         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
2879         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
2880         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
2881         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
2882         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
2883         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
2884         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
2885         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
2886         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
2887         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
2888         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
2889
2890 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2891
2892         [WebAssembly] Inline WasmContext accessor functions
2893         https://bugs.webkit.org/show_bug.cgi?id=189416
2894
2895         Reviewed by Saam Barati.
2896
2897         WasmContext accessor functions are very small while it resides in the critical path of
2898         JS to Wasm function call. This patch makes them inline to improve performance.
2899         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
2900
2901         * JavaScriptCore.xcodeproj/project.pbxproj:
2902         * Sources.txt:
2903         * interpreter/CallFrame.cpp:
2904         * jit/AssemblyHelpers.cpp:
2905         * wasm/WasmB3IRGenerator.cpp:
2906         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
2907         (JSC::Wasm::Context::useFastTLS):
2908         (JSC::Wasm::Context::load const):
2909         (JSC::Wasm::Context::store):
2910         * wasm/WasmMemoryInformation.cpp:
2911         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
2912         * wasm/js/JSToWasm.cpp:
2913         * wasm/js/WebAssemblyFunction.cpp:
2914
2915 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2916
2917         Move JavaScriptCore files to match Xcode project hierarchy
2918         <https://webkit.org/b/189574>
2919
2920         Reviewed by Filip Pizlo.
2921
2922         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
2923         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
2924         * CMakeLists.txt: Update for new path to
2925         generateYarrUnicodePropertyTables.py, hasher.py and
2926         JSAPIValueWrapper.h.
2927         * DerivedSources.make: Ditto. Add missing dependency on
2928         hasher.py captured by CMakeLists.txt.
2929         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
2930         reference paths. Add hasher.py library to project.
2931         * Sources.txt: Update for new path to
2932         JSAPIValueWrapper.cpp.
2933         * runtime/JSImmutableButterfly.h: Add missing includes
2934         after changes to Sources.txt and regenerating unified
2935         sources.
2936         * runtime/RuntimeType.h: Ditto.
2937         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
2938         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
2939
2940 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2941
2942         Let Xcode have its way with the JavaScriptCore project
2943
2944         * JavaScriptCore.xcodeproj/project.pbxproj:
2945
2946 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
2947
2948         Add IGNORE_WARNING_.* macros
2949         https://bugs.webkit.org/show_bug.cgi?id=188996
2950
2951         Reviewed by Michael Catanzaro.
2952
2953         * API/JSCallbackObject.h:
2954         * API/tests/testapi.c:
2955         * assembler/LinkBuffer.h:
2956         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2957         * b3/B3LowerToAir.cpp:
2958         * b3/B3Opcode.cpp:
2959         * b3/B3Type.h:
2960         * b3/B3TypeMap.h:
2961         * b3/B3Width.h:
2962         * b3/air/AirArg.cpp:
2963         * b3/air/AirArg.h:
2964         * b3/air/AirCode.h:
2965         * bytecode/Opcode.h:
2966         (JSC::padOpcodeName):
2967         * dfg/DFGSpeculativeJIT.cpp:
2968         (JSC::DFG::SpeculativeJIT::speculateNumber):
2969         (JSC::DFG::SpeculativeJIT::speculateMisc):
2970         * dfg/DFGSpeculativeJIT64.cpp:
2971         * ftl/FTLOutput.h:
2972         * jit/CCallHelpers.h:
2973         (JSC::CCallHelpers::calculatePokeOffset):
2974         * llint/LLIntData.cpp:
2975         * llint/LLIntSlowPaths.cpp:
2976         (JSC::LLInt::slowPathLogF):
2977         * runtime/ConfigFile.cpp:
2978         (JSC::ConfigFile::canonicalizePaths):
2979         * runtime/JSDataViewPrototype.cpp:
2980         * runtime/JSGenericTypedArrayViewConstructor.h:
2981         * runtime/JSGenericTypedArrayViewPrototype.h:
2982         * runtime/Options.cpp:
2983         (JSC::Options::setAliasedOption):
2984         * tools/CodeProfiling.cpp:
2985         * wasm/WasmSections.h:
2986         * wasm/generateWasmValidateInlinesHeader.py:
2987
2988 == Rolled over to ChangeLog-2018-09-11 ==