Add runtime and compile time flags for enabling Web Animations API and model.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-05  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>
2
3         Add runtime and compile time flags for enabling Web Animations API and model.
4         https://bugs.webkit.org/show_bug.cgi?id=150914
5
6         Reviewed by Benjamin Poulain.
7
8         Add ENABLE_WEB_ANIMATIONS compile time flag, runtime flag webAnimationsEnabled and Expose WK2 preference for runtime flag.
9
10         * Configurations/FeatureDefines.xcconfig:
11
12 2015-11-05  Sukolsak Sakshuwong  <sukolsak@gmail.com>
13
14         Layout Test js/intl-collator.html is crashing on win 7 debug
15         https://bugs.webkit.org/show_bug.cgi?id=150943
16
17         Reviewed by Geoffrey Garen.
18
19         The string length returned by ICU's uenum_next seems to be unreliable
20         on an old version of ICU. Since uenum_next returns a null-terminated
21         string anyway, this patch removes the use of the length.
22
23         * runtime/IntlCollatorConstructor.cpp:
24         (JSC::sortLocaleData):
25
26 2015-11-05  Filip Pizlo  <fpizlo@apple.com>
27
28         Unreviewed, add FIXMEs referencing https://bugs.webkit.org/show_bug.cgi?id=150958 and
29         https://bugs.webkit.org/show_bug.cgi?id=150954.
30
31         * b3/B3LowerToAir.cpp:
32         (JSC::B3::Air::LowerToAir::createGenericCompare):
33         * b3/B3ReduceStrength.cpp:
34
35 2015-11-05  Aleksandr Skachkov  <gskachkov@gmail.com>
36
37         Using emitResolveScope & emitGetFromScope with 'this' that is TDZ lead to segfault in DFG
38         https://bugs.webkit.org/show_bug.cgi?id=150902
39
40         Reviewed by Geoffrey Garen.
41
42         Tiny fix provided by Saam Barati. This fix prevent segfault error in arrow function, 
43         when it uses in constructor of derived class, before 'super' is called.
44
45         * dfg/DFGAbstractInterpreterInlines.h:
46         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
47
48 2015-11-05  Filip Pizlo  <fpizlo@apple.com>
49
50         B3->Air lowering should have a story for compare-branch fusion
51         https://bugs.webkit.org/show_bug.cgi?id=150721
52
53         Reviewed by Geoffrey Garen.
54
55         This adds comprehensive support for compares and compare/branch fusion to B3. The fusion is
56         super aggressive. It can even handle things like Branch(LessThan(Load8S(...), constant)). It
57         can even handle flipping the operands to the branch, and flipping the comparison condition,
58         if it enables a more efficient instruction. This happens when there is asymmetry in the
59         admitted argument kinds. For example, Branch32 will only accept an Imm as a second operand.
60         If we do a LessThan(constant, load) then we will generate it as:
61
62             Branch32 GreaterThan, (addr), $imm
63
64         This also supports compiling and fusing tests, and to some extent, compiling and fusing
65         double compares. Though we cannot test doubles yet because we don't have enough support for
66         that.
67
68         This also supports fusing compare/branches in Checks. We basically get that for free.
69
70         Because I wanted to fuse comparisons with sub-32-bit loads, I added support for those loads
71         directly, too.
72
73         The tests are now getting super big, so I made testb3 run tests in parallel.
74
75         Finally, this slightly changes the semantics of Branch and Check. Previously they would have
76         accepted a double to branch on. I found that this is awkward. It's especially awkward since
77         we want to be explicit about when a double zero constant is materialized. So, from now on, we
78         require that to branch on a double being non-zero, you have to do Branch(NotEqual(value, 0)).
79
80         * assembler/MacroAssembler.h:
81         (JSC::MacroAssembler::invert):
82         (JSC::MacroAssembler::isInvertible):
83         (JSC::MacroAssembler::flip):
84         (JSC::MacroAssembler::isSigned):
85         (JSC::MacroAssembler::isUnsigned):
86         * assembler/MacroAssemblerX86Common.h:
87         (JSC::MacroAssemblerX86Common::test32):
88         (JSC::MacroAssemblerX86Common::invert):
89         * b3/B3CheckSpecial.cpp:
90         (JSC::B3::CheckSpecial::Key::Key):
91         (JSC::B3::CheckSpecial::Key::dump):
92         (JSC::B3::CheckSpecial::CheckSpecial):
93         (JSC::B3::CheckSpecial::~CheckSpecial):
94         * b3/B3CheckSpecial.h:
95         (JSC::B3::CheckSpecial::Key::Key):
96         (JSC::B3::CheckSpecial::Key::operator==):
97         (JSC::B3::CheckSpecial::Key::operator!=):
98         (JSC::B3::CheckSpecial::Key::operator bool):
99         (JSC::B3::CheckSpecial::Key::opcode):
100         (JSC::B3::CheckSpecial::Key::numArgs):
101         (JSC::B3::CheckSpecial::Key::isHashTableDeletedValue):
102         (JSC::B3::CheckSpecial::Key::hash):
103         (JSC::B3::CheckSpecialKeyHash::hash):
104         (JSC::B3::CheckSpecialKeyHash::equal):
105         * b3/B3Const32Value.cpp:
106         (JSC::B3::Const32Value::zShrConstant):
107         (JSC::B3::Const32Value::equalConstant):
108         (JSC::B3::Const32Value::notEqualConstant):
109         (JSC::B3::Const32Value::lessThanConstant):
110         (JSC::B3::Const32Value::greaterThanConstant):
111         (JSC::B3::Const32Value::lessEqualConstant):
112         (JSC::B3::Const32Value::greaterEqualConstant):
113         (JSC::B3::Const32Value::aboveConstant):
114         (JSC::B3::Const32Value::belowConstant):
115         (JSC::B3::Const32Value::aboveEqualConstant):
116         (JSC::B3::Const32Value::belowEqualConstant):
117         (JSC::B3::Const32Value::dumpMeta):
118         * b3/B3Const32Value.h:
119         * b3/B3Const64Value.cpp:
120         (JSC::B3::Const64Value::zShrConstant):
121         (JSC::B3::Const64Value::equalConstant):
122         (JSC::B3::Const64Value::notEqualConstant):
123         (JSC::B3::Const64Value::lessThanConstant):
124         (JSC::B3::Const64Value::greaterThanConstant):
125         (JSC::B3::Const64Value::lessEqualConstant):
126         (JSC::B3::Const64Value::greaterEqualConstant):
127         (JSC::B3::Const64Value::aboveConstant):
128         (JSC::B3::Const64Value::belowConstant):
129         (JSC::B3::Const64Value::aboveEqualConstant):
130         (JSC::B3::Const64Value::belowEqualConstant):
131         (JSC::B3::Const64Value::dumpMeta):
132         * b3/B3Const64Value.h:
133         * b3/B3ConstDoubleValue.cpp:
134         (JSC::B3::ConstDoubleValue::subConstant):
135         (JSC::B3::ConstDoubleValue::equalConstant):
136         (JSC::B3::ConstDoubleValue::notEqualConstant):
137         (JSC::B3::ConstDoubleValue::lessThanConstant):
138         (JSC::B3::ConstDoubleValue::greaterThanConstant):
139         (JSC::B3::ConstDoubleValue::lessEqualConstant):
140         (JSC::B3::ConstDoubleValue::greaterEqualConstant):
141         (JSC::B3::ConstDoubleValue::dumpMeta):
142         * b3/B3ConstDoubleValue.h:
143         * b3/B3LowerToAir.cpp:
144         (JSC::B3::Air::LowerToAir::LowerToAir):
145         (JSC::B3::Air::LowerToAir::run):
146         (JSC::B3::Air::LowerToAir::shouldCopyPropagate):
147         (JSC::B3::Air::LowerToAir::ArgPromise::ArgPromise):
148         (JSC::B3::Air::LowerToAir::ArgPromise::tmp):
149         (JSC::B3::Air::LowerToAir::ArgPromise::operator bool):
150         (JSC::B3::Air::LowerToAir::ArgPromise::kind):
151         (JSC::B3::Air::LowerToAir::ArgPromise::peek):
152         (JSC::B3::Air::LowerToAir::ArgPromise::consume):
153         (JSC::B3::Air::LowerToAir::tmp):
154         (JSC::B3::Air::LowerToAir::tmpPromise):
155         (JSC::B3::Air::LowerToAir::canBeInternal):
156         (JSC::B3::Air::LowerToAir::addr):
157         (JSC::B3::Air::LowerToAir::loadPromise):
158         (JSC::B3::Air::LowerToAir::imm):
159         (JSC::B3::Air::LowerToAir::appendBinOp):
160         (JSC::B3::Air::LowerToAir::tryAppendStoreUnOp):
161         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
162         (JSC::B3::Air::LowerToAir::createGenericCompare):
163         (JSC::B3::Air::LowerToAir::createBranch):
164         (JSC::B3::Air::LowerToAir::createCompare):
165         (JSC::B3::Air::LowerToAir::tryLoad):
166         (JSC::B3::Air::LowerToAir::tryLoad8S):
167         (JSC::B3::Air::LowerToAir::tryLoad8Z):
168         (JSC::B3::Air::LowerToAir::tryLoad16S):
169         (JSC::B3::Air::LowerToAir::tryLoad16Z):
170         (JSC::B3::Air::LowerToAir::tryAdd):
171         (JSC::B3::Air::LowerToAir::tryStackSlot):
172         (JSC::B3::Air::LowerToAir::tryEqual):
173         (JSC::B3::Air::LowerToAir::tryNotEqual):
174         (JSC::B3::Air::LowerToAir::tryLessThan):
175         (JSC::B3::Air::LowerToAir::tryGreaterThan):
176         (JSC::B3::Air::LowerToAir::tryLessEqual):
177         (JSC::B3::Air::LowerToAir::tryGreaterEqual):
178         (JSC::B3::Air::LowerToAir::tryAbove):
179         (JSC::B3::Air::LowerToAir::tryBelow):
180         (JSC::B3::Air::LowerToAir::tryAboveEqual):
181         (JSC::B3::Air::LowerToAir::tryBelowEqual):
182         (JSC::B3::Air::LowerToAir::tryPatchpoint):
183         (JSC::B3::Air::LowerToAir::tryCheck):
184         (JSC::B3::Air::LowerToAir::tryBranch):
185         (JSC::B3::Air::LowerToAir::loadAddr): Deleted.
186         * b3/B3LoweringMatcher.patterns:
187         * b3/B3Opcode.cpp:
188         (JSC::B3::invertedCompare):
189         * b3/B3Opcode.h:
190         (JSC::B3::isCheckMath):
191         * b3/B3Procedure.cpp:
192         (JSC::B3::Procedure::addBlock):
193         (JSC::B3::Procedure::addIntConstant):
194         (JSC::B3::Procedure::addBoolConstant):
195         (JSC::B3::Procedure::resetValueOwners):
196         * b3/B3Procedure.h:
197         * b3/B3ReduceStrength.cpp:
198         * b3/B3Validate.cpp:
199         * b3/B3Value.cpp:
200         (JSC::B3::Value::zShrConstant):
201         (JSC::B3::Value::equalConstant):
202         (JSC::B3::Value::notEqualConstant):
203         (JSC::B3::Value::lessThanConstant):
204         (JSC::B3::Value::greaterThanConstant):
205         (JSC::B3::Value::lessEqualConstant):
206         (JSC::B3::Value::greaterEqualConstant):
207         (JSC::B3::Value::aboveConstant):
208         (JSC::B3::Value::belowConstant):
209         (JSC::B3::Value::aboveEqualConstant):
210         (JSC::B3::Value::belowEqualConstant):
211         (JSC::B3::Value::invertedCompare):
212         * b3/B3Value.h:
213         * b3/air/AirArg.cpp:
214         (JSC::B3::Air::Arg::isRepresentableAs):
215         (JSC::B3::Air::Arg::dump):
216         (WTF::printInternal):
217         * b3/air/AirArg.h:
218         (JSC::B3::Air::Arg::isUse):
219         (JSC::B3::Air::Arg::typeForB3Type):
220         (JSC::B3::Air::Arg::widthForB3Type):
221         (JSC::B3::Air::Arg::Arg):
222         (JSC::B3::Air::Arg::value):
223         (JSC::B3::Air::Arg::isRepresentableAs):
224         (JSC::B3::Air::Arg::asNumber):
225         (JSC::B3::Air::Arg::pointerValue):
226         (JSC::B3::Air::Arg::asDoubleCondition):
227         (JSC::B3::Air::Arg::inverted):
228         (JSC::B3::Air::Arg::flipped):
229         (JSC::B3::Air::Arg::isSignedCond):
230         (JSC::B3::Air::Arg::isUnsignedCond):
231         * b3/air/AirInst.h:
232         (JSC::B3::Air::Inst::Inst):
233         (JSC::B3::Air::Inst::operator bool):
234         * b3/air/AirOpcode.opcodes:
235         * b3/air/opcode_generator.rb:
236         * b3/testb3.cpp:
237         (hiddenTruthBecauseNoReturnIsStupid):
238         (JSC::B3::testStoreLoadStackSlot):
239         (JSC::B3::modelLoad):
240         (JSC::B3::testLoad):
241         (JSC::B3::testBranch):
242         (JSC::B3::testComplex):
243         (JSC::B3::testSimplePatchpoint):
244         (JSC::B3::testSimpleCheck):
245         (JSC::B3::genericTestCompare):
246         (JSC::B3::modelCompare):
247         (JSC::B3::testCompareLoad):
248         (JSC::B3::testCompareImpl):
249         (JSC::B3::testCompare):
250         (JSC::B3::run):
251         (main):
252         * dfg/DFGSpeculativeJIT.cpp:
253         (JSC::DFG::SpeculativeJIT::compileArithMod):
254         * jit/JITPropertyAccess.cpp:
255         (JSC::JIT::emitIntTypedArrayGetByVal):
256         (JSC::JIT::emitIntTypedArrayPutByVal):
257
258 2015-11-05  Joseph Pecoraro  <pecoraro@apple.com>
259
260         Web Inspector: Clean up InjectedScript uses
261         https://bugs.webkit.org/show_bug.cgi?id=150921
262
263         Reviewed by Timothy Hatcher.
264
265         * inspector/InjectedScript.cpp:
266         (Inspector::InjectedScript::wrapCallFrames):
267         * inspector/InjectedScript.h:
268         * inspector/InjectedScriptBase.cpp:
269         (Inspector::InjectedScriptBase::initialize): Deleted.
270         * inspector/InjectedScriptBase.h:
271         * inspector/InjectedScriptManager.cpp:
272         (Inspector::InjectedScriptManager::didCreateInjectedScript):
273         * inspector/InjectedScriptManager.h:
274         * inspector/InjectedScriptModule.cpp:
275         (Inspector::InjectedScriptModule::ensureInjected):
276         * inspector/InjectedScriptModule.h:
277         * inspector/agents/InspectorDebuggerAgent.cpp:
278         (Inspector::InspectorDebuggerAgent::currentCallFrames):
279         * inspector/agents/InspectorDebuggerAgent.h:
280
281 2015-11-05  Joseph Pecoraro  <pecoraro@apple.com>
282
283         Web Inspector: Put ScriptDebugServer into InspectorEnvironment and cleanup duplicate references
284         https://bugs.webkit.org/show_bug.cgi?id=150869
285
286         Reviewed by Brian Burg.
287
288         ScriptDebugServer (JSC::Debugger) is being used by more and more agents
289         for instrumentation into JavaScriptCore. Currently the ScriptDebugServer
290         is owned by DebuggerAgent subclasses that make their own ScriptDebugServer
291         subclass. As more agents want to use it there was added boilerplate.
292         Instead, put the ScriptDebugServer in the InspectorEnvironment (Controllers).
293         Then each agent can access it during construction through the environment.
294
295         Do the same clean up for RuntimeAgent::globalVM, which is now just a
296         duplication of InspectorEnvironment::vm.
297
298         * inspector/InspectorEnvironment.h:
299         Add scriptDebugServer().
300
301         * inspector/JSGlobalObjectInspectorController.h:
302         * inspector/JSGlobalObjectInspectorController.cpp:
303         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
304         (Inspector::JSGlobalObjectInspectorController::scriptDebugServer):
305         Own the JSGlobalObjectScriptDebugServer.
306
307         * inspector/agents/InspectorDebuggerAgent.h:
308         * inspector/agents/InspectorDebuggerAgent.cpp:
309         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
310         (Inspector::InspectorDebuggerAgent::enable):
311         (Inspector::InspectorDebuggerAgent::disable):
312         (Inspector::InspectorDebuggerAgent::setBreakpointsActive):
313         (Inspector::InspectorDebuggerAgent::isPaused):
314         (Inspector::InspectorDebuggerAgent::setSuppressAllPauses):
315         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
316         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
317         (Inspector::InspectorDebuggerAgent::continueToLocation):
318         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
319         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
320         (Inspector::InspectorDebuggerAgent::cancelPauseOnNextStatement):
321         (Inspector::InspectorDebuggerAgent::resume):
322         (Inspector::InspectorDebuggerAgent::stepOver):
323         (Inspector::InspectorDebuggerAgent::stepInto):
324         (Inspector::InspectorDebuggerAgent::stepOut):
325         (Inspector::InspectorDebuggerAgent::setPauseOnExceptions):
326         (Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
327         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
328         (Inspector::InspectorDebuggerAgent::didPause):
329         (Inspector::InspectorDebuggerAgent::breakProgram):
330         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
331         * inspector/agents/InspectorRuntimeAgent.h:
332         * inspector/agents/InspectorRuntimeAgent.cpp:
333         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
334         (Inspector::setPauseOnExceptionsState):
335         (Inspector::InspectorRuntimeAgent::parse):
336         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
337         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
338         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
339         Use VM and ScriptDebugServer passed during construction.
340
341         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
342         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
343         (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
344         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent): Deleted.
345         One special case needed by this subclass as a convenience to access the global object.
346
347         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
348         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
349         (Inspector::JSGlobalObjectRuntimeAgent::globalVM): Deleted.
350         This virtual method is no longer needed, the base class has everything now.
351
352 2015-11-05  Xabier Rodriguez Calvar  <calvaris@igalia.com>
353
354         [Streams API] Shield implementation from user mangling Promise.reject and resolve methods
355         https://bugs.webkit.org/show_bug.cgi?id=150895
356
357         Reviewed by Youenn Fablet.
358
359         Keep Promise.resolve and reject also as internal slots for the Promise constructor given that there is no way to
360         retrieve the former implementation if the user decides to replace it. This allows to safely create vended
361         promises even if the user changes the constructor methods.
362
363         * runtime/JSPromiseConstructor.h:
364         * runtime/JSPromiseConstructor.cpp:
365         (JSC::JSPromiseConstructor::addOwnInternalSlots): Added to include @reject and @resolve.
366         (JSC::JSPromiseConstructor::create): Call addOwnInternalSlots.
367
368 2015-11-04  Benjamin Poulain  <bpoulain@apple.com>
369
370         [JSC] Add B3-to-Air lowering for the shift opcodes
371         https://bugs.webkit.org/show_bug.cgi?id=150919
372
373         Reviewed by Filip Pizlo.
374
375         * assembler/MacroAssemblerX86_64.h:
376         (JSC::MacroAssemblerX86_64::rshift64):
377         (JSC::MacroAssemblerX86_64::urshift64):
378         * assembler/X86Assembler.h:
379         (JSC::X86Assembler::shrq_CLr):
380         * b3/B3Const32Value.cpp:
381         (JSC::B3::Const32Value::shlConstant):
382         (JSC::B3::Const32Value::sShrConstant):
383         (JSC::B3::Const32Value::zShrConstant):
384         * b3/B3Const32Value.h:
385         * b3/B3Const64Value.cpp:
386         (JSC::B3::Const64Value::shlConstant):
387         (JSC::B3::Const64Value::sShrConstant):
388         (JSC::B3::Const64Value::zShrConstant):
389         * b3/B3Const64Value.h:
390         * b3/B3LowerToAir.cpp:
391         (JSC::B3::Air::LowerToAir::appendShift):
392         (JSC::B3::Air::LowerToAir::tryShl):
393         (JSC::B3::Air::LowerToAir::trySShr):
394         (JSC::B3::Air::LowerToAir::tryZShr):
395         * b3/B3LoweringMatcher.patterns:
396         * b3/B3Opcode.h:
397         * b3/B3ReduceStrength.cpp:
398         * b3/B3Value.cpp:
399         (JSC::B3::Value::shlConstant):
400         (JSC::B3::Value::sShrConstant):
401         (JSC::B3::Value::zShrConstant):
402         * b3/B3Value.h:
403         * b3/air/AirInstInlines.h:
404         (JSC::B3::Air::isShiftValid):
405         (JSC::B3::Air::isRshift32Valid):
406         (JSC::B3::Air::isRshift64Valid):
407         (JSC::B3::Air::isUrshift32Valid):
408         (JSC::B3::Air::isUrshift64Valid):
409         * b3/air/AirOpcode.opcodes:
410         * b3/testb3.cpp:
411         (JSC::B3::testShlArgs):
412         (JSC::B3::testShlImms):
413         (JSC::B3::testShlArgImm):
414         (JSC::B3::testShlArgs32):
415         (JSC::B3::testShlImms32):
416         (JSC::B3::testShlArgImm32):
417         (JSC::B3::testSShrArgs):
418         (JSC::B3::testSShrImms):
419         (JSC::B3::testSShrArgImm):
420         (JSC::B3::testSShrArgs32):
421         (JSC::B3::testSShrImms32):
422         (JSC::B3::testSShrArgImm32):
423         (JSC::B3::testZShrArgs):
424         (JSC::B3::testZShrImms):
425         (JSC::B3::testZShrArgImm):
426         (JSC::B3::testZShrArgs32):
427         (JSC::B3::testZShrImms32):
428         (JSC::B3::testZShrArgImm32):
429         (JSC::B3::run):
430
431 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
432
433         B3 should be able to compile a Check
434         https://bugs.webkit.org/show_bug.cgi?id=150878
435
436         Reviewed by Saam Barati.
437
438         The Check opcode in B3 is going to be our main OSR exit mechanism. It is a stackmap
439         value, so you can pass it any number of additional arguments, and you will get to find
440         out how those arguments are represented at the point that the value lands in the machine
441         code. Unlike a Patchpoint, a Check branches on a value, with the goal of supporting full
442         compare/branch fusion. The stackmap's generator runs in an out-of-line path to which
443         that branch is linked.
444
445         This change fills in the glue necessary to compile a Check and it includes a simple
446         test of this functionality. That test also happens to check that such simple code will
447         never use callee-saves, which I think is sensible.
448
449         * b3/B3LowerToAir.cpp:
450         (JSC::B3::Air::LowerToAir::append):
451         (JSC::B3::Air::LowerToAir::ensureSpecial):
452         (JSC::B3::Air::LowerToAir::fillStackmap):
453         (JSC::B3::Air::LowerToAir::tryStackSlot):
454         (JSC::B3::Air::LowerToAir::tryPatchpoint):
455         (JSC::B3::Air::LowerToAir::tryCheck):
456         (JSC::B3::Air::LowerToAir::tryUpsilon):
457         * b3/B3LoweringMatcher.patterns:
458         * b3/testb3.cpp:
459         (JSC::B3::testSimplePatchpoint):
460         (JSC::B3::testSimpleCheck):
461         (JSC::B3::run):
462
463 2015-10-30  Keith Miller  <keith_miller@apple.com>
464
465         Fix endless OSR exits when creating a rope that contains an object that ToPrimitive's to a number.
466         https://bugs.webkit.org/show_bug.cgi?id=150583
467
468         Reviewed by Benjamin Poulain.
469
470         Before we assumed that the result of ToPrimitive on any object was a string.
471         This had a couple of negative effects. First, the result ToPrimitive on an
472         object can be overridden to be any primitive type. In fact, as of ES6, ToPrimitive,
473         when part of a addition expression, will type hint a number value. Second, even after
474         repeatedly exiting with a bad type we would continue to think that the result
475         of ToPrimitive would be a string so we continue to convert StrCats into MakeRope.
476
477         The fix is to make Prediction Propagation match the behavior of Fixup and move
478         canOptimizeStringObjectAccess to DFGGraph.
479
480         * bytecode/SpeculatedType.h:
481         * dfg/DFGFixupPhase.cpp:
482         (JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
483         (JSC::DFG::FixupPhase::fixupToPrimitive):
484         (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
485         (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
486         (JSC::DFG::FixupPhase::isStringPrototypeMethodSane): Deleted.
487         (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess): Deleted.
488         * dfg/DFGGraph.cpp:
489         (JSC::DFG::Graph::isStringPrototypeMethodSane):
490         (JSC::DFG::Graph::canOptimizeStringObjectAccess):
491         * dfg/DFGGraph.h:
492         * dfg/DFGPredictionPropagationPhase.cpp:
493         (JSC::DFG::PredictionPropagationPhase::resultOfToPrimitive):
494         (JSC::DFG::resultOfToPrimitive): Deleted.
495
496         * bytecode/SpeculatedType.h:
497         * dfg/DFGFixupPhase.cpp:
498         (JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
499         (JSC::DFG::FixupPhase::fixupToPrimitive):
500         (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
501         (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
502         (JSC::DFG::FixupPhase::isStringPrototypeMethodSane): Deleted.
503         (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess): Deleted.
504         * dfg/DFGGraph.cpp:
505         (JSC::DFG::Graph::isStringPrototypeMethodSane):
506         (JSC::DFG::Graph::canOptimizeStringObjectAccess):
507         * dfg/DFGGraph.h:
508         * dfg/DFGPredictionPropagationPhase.cpp:
509         (JSC::DFG::PredictionPropagationPhase::resultOfToPrimitive):
510         (JSC::DFG::resultOfToPrimitive): Deleted.
511         * tests/stress/string-rope-with-custom-valueof.js: Added.
512         (catNumber):
513         (number.valueOf):
514         (catBool):
515         (bool.valueOf):
516         (catUndefined):
517         (undef.valueOf):
518         (catRandom):
519         (random.valueOf):
520
521 2015-11-04  Xabier Rodriguez Calvar  <calvaris@igalia.com>
522
523         Remove bogus global internal functions for properties and prototype retrieval
524         https://bugs.webkit.org/show_bug.cgi?id=150892
525
526         Reviewed by Darin Adler.
527
528         Global @getOwnPropertyNames and @getPrototypeOf point to the floor function, so it is bogus dead code.
529
530         * runtime/JSGlobalObject.cpp:
531         (JSC::JSGlobalObject::init): Removed global @getOwnPropertyNames and @getPrototypeOf.
532
533 2015-11-03  Benjamin Poulain  <bpoulain@apple.com>
534
535         [JSC] Add B3-to-Air lowering for BitXor
536         https://bugs.webkit.org/show_bug.cgi?id=150872
537
538         Reviewed by Filip Pizlo.
539
540         * assembler/MacroAssemblerX86Common.h:
541         (JSC::MacroAssemblerX86Common::xor32):
542         Fix the indentation.
543
544         * b3/B3Const32Value.cpp:
545         (JSC::B3::Const32Value::bitXorConstant):
546         * b3/B3Const32Value.h:
547         * b3/B3Const64Value.cpp:
548         (JSC::B3::Const64Value::bitXorConstant):
549         * b3/B3Const64Value.h:
550         * b3/B3LowerToAir.cpp:
551         (JSC::B3::Air::LowerToAir::tryXor):
552         * b3/B3LoweringMatcher.patterns:
553         * b3/B3ReduceStrength.cpp:
554         * b3/B3Value.cpp:
555         (JSC::B3::Value::bitXorConstant):
556         * b3/B3Value.h:
557         * b3/air/AirOpcode.opcodes:
558         * b3/testb3.cpp:
559         (JSC::B3::testBitXorArgs):
560         (JSC::B3::testBitXorSameArg):
561         (JSC::B3::testBitXorImms):
562         (JSC::B3::testBitXorArgImm):
563         (JSC::B3::testBitXorImmArg):
564         (JSC::B3::testBitXorBitXorArgImmImm):
565         (JSC::B3::testBitXorImmBitXorArgImm):
566         (JSC::B3::testBitXorArgs32):
567         (JSC::B3::testBitXorSameArg32):
568         (JSC::B3::testBitXorImms32):
569         (JSC::B3::testBitXorArgImm32):
570         (JSC::B3::testBitXorImmArg32):
571         (JSC::B3::testBitXorBitXorArgImmImm32):
572         (JSC::B3::testBitXorImmBitXorArgImm32):
573         (JSC::B3::run):
574
575 2015-11-03  Mark Lam  <mark.lam@apple.com>
576
577         Add op_add tests to compare behavior of JIT generated code to the LLINT's.
578         https://bugs.webkit.org/show_bug.cgi?id=150864
579
580         Reviewed by Saam Barati.
581
582         * tests/stress/op_add.js: Added.
583         (o1.valueOf):
584         (generateScenarios):
585         (printScenarios):
586         (testCases.func):
587         (func):
588         (initializeTestCases):
589         (runTest):
590
591 2015-11-03  Mark Lam  <mark.lam@apple.com>
592
593         Rename DFG's compileAdd to compileArithAdd.
594         https://bugs.webkit.org/show_bug.cgi?id=150866
595
596         Reviewed by Benjamin Poulain.
597
598         The function is only supposed to generate code to do arithmetic addition on
599         numeric types.  Naming it compileArithAdd() is more accurate, and is consistent
600         with the name of the node it emits code for (i.e. ArithAdd) as well as other
601         compiler functions for analogous operations e.g. compileArithSub.
602
603         * dfg/DFGSpeculativeJIT.cpp:
604         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
605         (JSC::DFG::SpeculativeJIT::compileArithAdd):
606         (JSC::DFG::SpeculativeJIT::compileAdd): Deleted.
607         * dfg/DFGSpeculativeJIT.h:
608         * dfg/DFGSpeculativeJIT32_64.cpp:
609         (JSC::DFG::SpeculativeJIT::compile):
610         * dfg/DFGSpeculativeJIT64.cpp:
611         (JSC::DFG::SpeculativeJIT::compile):
612
613 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
614
615         Web Inspector: Remove duplication among ScriptDebugServer subclasses
616         https://bugs.webkit.org/show_bug.cgi?id=150860
617
618         Reviewed by Timothy Hatcher.
619
620         ScriptDebugServer expects a list of listeners to dispatch events to.
621         However each of its subclasses had their own implementation of the
622         list because of different handling when the first was added or when
623         the last was removed. Extract common code into ScriptDebugServer
624         which simplifies things.
625
626         Subclasses now only implement a virtual methods "attachDebugger"
627         and "detachDebugger" which is the unique work done when the first
628         listener is added or last is removed.
629
630         * inspector/JSGlobalObjectScriptDebugServer.cpp:
631         (Inspector::JSGlobalObjectScriptDebugServer::attachDebugger):
632         (Inspector::JSGlobalObjectScriptDebugServer::detachDebugger):
633         (Inspector::JSGlobalObjectScriptDebugServer::addListener): Deleted.
634         (Inspector::JSGlobalObjectScriptDebugServer::removeListener): Deleted.
635         * inspector/JSGlobalObjectScriptDebugServer.h:
636         * inspector/ScriptDebugServer.cpp:
637         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
638         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
639         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
640         (Inspector::ScriptDebugServer::sourceParsed):
641         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
642         (Inspector::ScriptDebugServer::addListener):
643         (Inspector::ScriptDebugServer::removeListener):
644         * inspector/ScriptDebugServer.h:
645         * inspector/agents/InspectorDebuggerAgent.cpp:
646         (Inspector::InspectorDebuggerAgent::enable):
647         (Inspector::InspectorDebuggerAgent::disable):
648         * inspector/agents/InspectorDebuggerAgent.h:
649         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
650         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer): Deleted.
651         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer): Deleted.
652         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
653
654         * inspector/ScriptDebugListener.h:
655         (Inspector::ScriptDebugListener::Script::Script):
656         Drive-by convert Script to a struct, it has public fields and is used as such.
657
658 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
659
660         B3::LowerToAir should recognize Neg (i.e. Sub($0, value))
661         https://bugs.webkit.org/show_bug.cgi?id=150759
662
663         Reviewed by Benjamin Poulain.
664
665         Adds various forms of Sub(0, value) and compiles them as Neg. Also fixes a bug in
666         StoreSubLoad. This bug was correctness-benign, so I couldn't add a test for it.
667
668         * b3/B3LowerToAir.cpp:
669         (JSC::B3::Air::LowerToAir::immOrTmp):
670         (JSC::B3::Air::LowerToAir::appendUnOp):
671         (JSC::B3::Air::LowerToAir::appendBinOp):
672         (JSC::B3::Air::LowerToAir::tryAppendStoreUnOp):
673         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
674         (JSC::B3::Air::LowerToAir::trySub):
675         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
676         * b3/B3LoweringMatcher.patterns:
677         * b3/air/AirOpcode.opcodes:
678         * b3/testb3.cpp:
679         (JSC::B3::testAdd1Ptr):
680         (JSC::B3::testNeg32):
681         (JSC::B3::testNegPtr):
682         (JSC::B3::testStoreAddLoad):
683         (JSC::B3::testStoreAddAndLoad):
684         (JSC::B3::testStoreNegLoad32):
685         (JSC::B3::testStoreNegLoadPtr):
686         (JSC::B3::testAdd1Uncommuted):
687         (JSC::B3::run):
688
689 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
690
691         B3::Values that have effects should allow specification of custom HeapRanges
692         https://bugs.webkit.org/show_bug.cgi?id=150535
693
694         Reviewed by Benjamin Poulain.
695
696         Add a Effects field to calls and patchpoints. Add a HeapRange to MemoryValues.
697
698         In the process, I created a class for the CCall opcode, so that it has somewhere to put
699         the Effects field.
700
701         While doing this, I realized that we didn't have a good way of ensuring that an opcode
702         that requires a specific subclass was actually created with that subclass. So, I added
703         assertions for this.
704
705         * CMakeLists.txt:
706         * JavaScriptCore.xcodeproj/project.pbxproj:
707         * b3/B3ArgumentRegValue.h:
708         * b3/B3CCallValue.cpp: Added.
709         * b3/B3CCallValue.h: Added.
710         * b3/B3CheckValue.h:
711         * b3/B3Const32Value.h:
712         * b3/B3Const64Value.h:
713         * b3/B3ConstDoubleValue.h:
714         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
715         * b3/B3ControlValue.h:
716         * b3/B3Effects.h:
717         (JSC::B3::Effects::forCall):
718         (JSC::B3::Effects::mustExecute):
719         * b3/B3MemoryValue.h:
720         * b3/B3PatchpointValue.h:
721         * b3/B3StackSlotValue.h:
722         * b3/B3UpsilonValue.h:
723         * b3/B3Value.cpp:
724         (JSC::B3::Value::effects):
725         (JSC::B3::Value::dumpMeta):
726         (JSC::B3::Value::checkOpcode):
727         (JSC::B3::Value::typeFor):
728         * b3/B3Value.h:
729
730 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
731
732         B3::Stackmap should be a superclass of B3::PatchpointValue and B3::CheckValue rather than being one of their members
733         https://bugs.webkit.org/show_bug.cgi?id=150831
734
735         Rubber stamped by Benjamin Poulain.
736
737         Previously, Stackmap was a value that PatchpointValue and CheckValue would hold as a field.
738         We'd have convenient ways of getting this field, like via Value::stackmap(). But this was a
739         bit ridiculous, since Stackmap is logically just a common supertype for Patchpointvalue and
740         CheckValue. This patch makes this reality by replacing Stackmap with StackmapValue. This makes
741         the code a lot more reasonable.
742
743         I also needed to make dumping a bit more customizable, so I changed dumpMeta() to take a
744         CommaPrinter&. This gives subclasses better control over whether or not to emit a comma. Also
745         it's now possible for subclasses of Value to customize how children are printed. StackmapValue
746         uses this to print the children and their reps together like:
747
748             Int32 @2 = Patchpoint(@0:SomeRegister, @1:SomeRegister, generator = 0x1107ec010, clobbered = [], usedRegisters = [], ExitsSideways|ControlDependent|Writes:Top|Reads:Top)
749
750         This has no behavior change, it's just a big refactoring. You can see how much simpler this
751         makes things by looking at the testSimplePatchpoint() test.
752
753         * CMakeLists.txt:
754         * JavaScriptCore.xcodeproj/project.pbxproj:
755         * b3/B3ArgumentRegValue.cpp:
756         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
757         (JSC::B3::ArgumentRegValue::dumpMeta):
758         * b3/B3ArgumentRegValue.h:
759         * b3/B3CheckSpecial.cpp:
760         (JSC::B3::CheckSpecial::generate):
761         * b3/B3CheckValue.cpp:
762         (JSC::B3::CheckValue::~CheckValue):
763         (JSC::B3::CheckValue::CheckValue):
764         (JSC::B3::CheckValue::dumpMeta): Deleted.
765         * b3/B3CheckValue.h:
766         (JSC::B3::CheckValue::accepts):
767         * b3/B3Const32Value.cpp:
768         (JSC::B3::Const32Value::notEqualConstant):
769         (JSC::B3::Const32Value::dumpMeta):
770         * b3/B3Const32Value.h:
771         * b3/B3Const64Value.cpp:
772         (JSC::B3::Const64Value::notEqualConstant):
773         (JSC::B3::Const64Value::dumpMeta):
774         * b3/B3Const64Value.h:
775         * b3/B3ConstDoubleValue.cpp:
776         (JSC::B3::ConstDoubleValue::notEqualConstant):
777         (JSC::B3::ConstDoubleValue::dumpMeta):
778         * b3/B3ConstDoubleValue.h:
779         * b3/B3ConstrainedValue.cpp: Added.
780         (JSC::B3::ConstrainedValue::dump):
781         * b3/B3ConstrainedValue.h: Added.
782         (JSC::B3::ConstrainedValue::ConstrainedValue):
783         (JSC::B3::ConstrainedValue::operator bool):
784         (JSC::B3::ConstrainedValue::value):
785         (JSC::B3::ConstrainedValue::rep):
786         * b3/B3ControlValue.cpp:
787         (JSC::B3::ControlValue::convertToJump):
788         (JSC::B3::ControlValue::dumpMeta):
789         * b3/B3ControlValue.h:
790         * b3/B3LowerToAir.cpp:
791         (JSC::B3::Air::LowerToAir::tryPatchpoint):
792         * b3/B3MemoryValue.cpp:
793         (JSC::B3::MemoryValue::accessByteSize):
794         (JSC::B3::MemoryValue::dumpMeta):
795         * b3/B3MemoryValue.h:
796         * b3/B3PatchpointSpecial.cpp:
797         (JSC::B3::PatchpointSpecial::generate):
798         * b3/B3PatchpointValue.cpp:
799         (JSC::B3::PatchpointValue::~PatchpointValue):
800         (JSC::B3::PatchpointValue::PatchpointValue):
801         (JSC::B3::PatchpointValue::dumpMeta): Deleted.
802         * b3/B3PatchpointValue.h:
803         (JSC::B3::PatchpointValue::accepts):
804         * b3/B3StackSlotValue.cpp:
805         (JSC::B3::StackSlotValue::~StackSlotValue):
806         (JSC::B3::StackSlotValue::dumpMeta):
807         * b3/B3StackSlotValue.h:
808         * b3/B3Stackmap.cpp: Removed.
809         * b3/B3Stackmap.h: Removed.
810         * b3/B3StackmapSpecial.cpp:
811         (JSC::B3::StackmapSpecial::reportUsedRegisters):
812         (JSC::B3::StackmapSpecial::extraClobberedRegs):
813         (JSC::B3::StackmapSpecial::forEachArgImpl):
814         (JSC::B3::StackmapSpecial::isValidImpl):
815         (JSC::B3::StackmapSpecial::admitsStackImpl):
816         * b3/B3StackmapSpecial.h:
817         * b3/B3StackmapValue.cpp: Added.
818         (JSC::B3::StackmapValue::~StackmapValue):
819         (JSC::B3::StackmapValue::append):
820         (JSC::B3::StackmapValue::setConstrainedChild):
821         (JSC::B3::StackmapValue::setConstraint):
822         (JSC::B3::StackmapValue::dumpChildren):
823         (JSC::B3::StackmapValue::dumpMeta):
824         (JSC::B3::StackmapValue::StackmapValue):
825         * b3/B3StackmapValue.h: Added.
826         * b3/B3SwitchValue.cpp:
827         (JSC::B3::SwitchValue::appendCase):
828         (JSC::B3::SwitchValue::dumpMeta):
829         (JSC::B3::SwitchValue::SwitchValue):
830         * b3/B3SwitchValue.h:
831         * b3/B3UpsilonValue.cpp:
832         (JSC::B3::UpsilonValue::~UpsilonValue):
833         (JSC::B3::UpsilonValue::dumpMeta):
834         * b3/B3UpsilonValue.h:
835         * b3/B3Validate.cpp:
836         * b3/B3Value.cpp:
837         (JSC::B3::Value::dump):
838         (JSC::B3::Value::dumpChildren):
839         (JSC::B3::Value::deepDump):
840         (JSC::B3::Value::performSubstitution):
841         (JSC::B3::Value::dumpMeta):
842         * b3/B3Value.h:
843         * b3/B3ValueInlines.h:
844         (JSC::B3::Value::asNumber):
845         (JSC::B3::Value::stackmap): Deleted.
846         * b3/B3ValueRep.h:
847         (JSC::B3::ValueRep::kind):
848         (JSC::B3::ValueRep::operator==):
849         (JSC::B3::ValueRep::operator!=):
850         (JSC::B3::ValueRep::operator bool):
851         (JSC::B3::ValueRep::isAny):
852         * b3/air/AirInstInlines.h:
853         * b3/testb3.cpp:
854         (JSC::B3::testSimplePatchpoint):
855
856 2015-11-03  Benjamin Poulain  <bpoulain@apple.com>
857
858         [JSC] Add Air lowering for BitOr and impove BitAnd
859         https://bugs.webkit.org/show_bug.cgi?id=150827
860
861         Reviewed by Filip Pizlo.
862
863         In this patch:
864         -B3 to Air lowering for BirOr.
865         -Codegen for BitOr.
866         -Strength reduction for BitOr and BitAnd.
867         -Tests for BitAnd and BitOr.
868         -Bug fix: Move64 with a negative value was destroying the top bits.
869
870         * b3/B3Const32Value.cpp:
871         (JSC::B3::Const32Value::bitAndConstant):
872         (JSC::B3::Const32Value::bitOrConstant):
873         * b3/B3Const32Value.h:
874         * b3/B3Const64Value.cpp:
875         (JSC::B3::Const64Value::bitAndConstant):
876         (JSC::B3::Const64Value::bitOrConstant):
877         * b3/B3Const64Value.h:
878         * b3/B3LowerToAir.cpp:
879         (JSC::B3::Air::LowerToAir::immForMove):
880         (JSC::B3::Air::LowerToAir::immOrTmpForMove):
881         (JSC::B3::Air::LowerToAir::tryOr):
882         (JSC::B3::Air::LowerToAir::tryConst64):
883         (JSC::B3::Air::LowerToAir::tryUpsilon):
884         (JSC::B3::Air::LowerToAir::tryIdentity):
885         (JSC::B3::Air::LowerToAir::tryReturn):
886         (JSC::B3::Air::LowerToAir::immOrTmp): Deleted.
887         * b3/B3LoweringMatcher.patterns:
888         * b3/B3ReduceStrength.cpp:
889         * b3/B3Value.cpp:
890         (JSC::B3::Value::bitAndConstant):
891         (JSC::B3::Value::bitOrConstant):
892         * b3/B3Value.h:
893         * b3/air/AirOpcode.opcodes:
894         * b3/testb3.cpp:
895         (JSC::B3::testReturnConst64):
896         (JSC::B3::testBitAndArgs):
897         (JSC::B3::testBitAndSameArg):
898         (JSC::B3::testBitAndImms):
899         (JSC::B3::testBitAndArgImm):
900         (JSC::B3::testBitAndImmArg):
901         (JSC::B3::testBitAndBitAndArgImmImm):
902         (JSC::B3::testBitAndImmBitAndArgImm):
903         (JSC::B3::testBitAndArgs32):
904         (JSC::B3::testBitAndSameArg32):
905         (JSC::B3::testBitAndImms32):
906         (JSC::B3::testBitAndArgImm32):
907         (JSC::B3::testBitAndImmArg32):
908         (JSC::B3::testBitAndBitAndArgImmImm32):
909         (JSC::B3::testBitAndImmBitAndArgImm32):
910         (JSC::B3::testBitOrArgs):
911         (JSC::B3::testBitOrSameArg):
912         (JSC::B3::testBitOrImms):
913         (JSC::B3::testBitOrArgImm):
914         (JSC::B3::testBitOrImmArg):
915         (JSC::B3::testBitOrBitOrArgImmImm):
916         (JSC::B3::testBitOrImmBitOrArgImm):
917         (JSC::B3::testBitOrArgs32):
918         (JSC::B3::testBitOrSameArg32):
919         (JSC::B3::testBitOrImms32):
920         (JSC::B3::testBitOrArgImm32):
921         (JSC::B3::testBitOrImmArg32):
922         (JSC::B3::testBitOrBitOrArgImmImm32):
923         (JSC::B3::testBitOrImmBitOrArgImm32):
924         (JSC::B3::run):
925
926 2015-11-03  Saam barati  <sbarati@apple.com>
927
928         Rewrite "const" as "var" for iTunes/iBooks on the Mac
929         https://bugs.webkit.org/show_bug.cgi?id=150852
930
931         Reviewed by Geoffrey Garen.
932
933         VM now has a setting indicating if we should treat
934         "const" variables as "var" to more closely match
935         JSC's previous implementation of "const" before ES6.
936
937         * parser/Parser.h:
938         (JSC::Parser::next):
939         (JSC::Parser::nextExpectIdentifier):
940         * runtime/VM.h:
941         (JSC::VM::setShouldRewriteConstAsVar):
942         (JSC::VM::shouldRewriteConstAsVar):
943
944 2015-11-03  Mark Lam  <mark.lam@apple.com>
945
946         Fix some inefficiencies in the baseline usage of JITAddGenerator.
947         https://bugs.webkit.org/show_bug.cgi?id=150850
948
949         Reviewed by Michael Saboff.
950
951         1. emit_op_add() was loading the operands twice.  Removed the redundant load.
952         2. The snippet may decide that it wants to go the slow path route all the time.
953            In that case, emit_op_add will end up emitting a branch to an out of line
954            slow path followed by some dead code to store the result of the fast path
955            on to the stack.
956            We now check if the snippet determined that there's no fast path, and just
957            emit the slow path inline, and skip the dead store of the fast path result.
958
959         * jit/JITArithmetic.cpp:
960         (JSC::JIT::emit_op_add):
961
962 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
963
964         B3::LowerToAir should do copy propagation
965         https://bugs.webkit.org/show_bug.cgi?id=150775
966
967         Reviewed by Geoffrey Garen.
968
969         What we are trying to do is remove the unnecessary Move's and Move32's from Trunc and ZExt32.
970         You could think of this as an Air optimization, and indeed, Air is powerful enough that we
971         could write a phase that does copy propagation through Move's and Move32's. For Move32's it
972         would only copy-propagate if it proved that the value was already zero-extended. We could
973         know this by just adding a Def32 role to Air.
974
975         But this patch takes a different approach: we ensure that we don't generate such redundant
976         Move's and Move32's to begin with. The reason is that it's much cheaper to do analysis over
977         B3 than over Air. So, whenever possible, and optimization should be implemented in B3. In
978         this case the optimization can't quite be implemented in B3 because you cannot remove a Trunc
979         or ZExt32 without violating the B3 type system. So, the best place to do this optimization is
980         during lowering: we can use B3 for our analysis and we can use Air to express the
981         transformation.
982
983         Copy propagating during B3->Air lowering is natural because we are creating "SSA-like" Tmps
984         from the B3 Values. They are SSA-like in the sense that except the tmp for a Phi, we know
985         that the Tmp will be assigned once and that the assignment will dominate all uses. So, if we
986         see an operation like Trunc that is semantically just a Move, we can skip the Move and just
987         claim that the Trunc has the same Tmp as its child. We do something similar for ZExt32,
988         except with that one we have to analyze IR to ensure that the value will actually be zero
989         extended. Note that this kind of reasoning about how Tmps work in Air is only possible in the
990         B3->Air lowering, since at that point we know for sure which Tmps behave this way. If we
991         wanted to do anything like this as a later Air phase, we'd have to do more analysis to first
992         prove that Tmps behave in this way.
993
994         * b3/B3LowerToAir.cpp:
995         (JSC::B3::Air::LowerToAir::run):
996         (JSC::B3::Air::LowerToAir::highBitsAreZero):
997         (JSC::B3::Air::LowerToAir::shouldCopyPropagate):
998         (JSC::B3::Air::LowerToAir::tmp):
999         (JSC::B3::Air::LowerToAir::tryStore):
1000         (JSC::B3::Air::LowerToAir::tryTrunc):
1001         (JSC::B3::Air::LowerToAir::tryZExt32):
1002         (JSC::B3::Air::LowerToAir::tryIdentity):
1003         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg): Deleted.
1004         * b3/B3LoweringMatcher.patterns:
1005
1006 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
1007
1008         Web Inspector: Move ScriptDebugServer::Task to WorkerScriptDebugServer where it is actually used
1009         https://bugs.webkit.org/show_bug.cgi?id=150847
1010
1011         Reviewed by Timothy Hatcher.
1012
1013         * inspector/ScriptDebugServer.h:
1014         Remove Task from here, it isn't needed in the general case.
1015
1016         * parser/SourceProvider.h:
1017         Remove unimplemented method.
1018
1019 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
1020
1021         Web Inspector: Handle or Remove ParseHTML Timeline Event Records
1022         https://bugs.webkit.org/show_bug.cgi?id=150689
1023
1024         Reviewed by Timothy Hatcher.
1025
1026         * inspector/protocol/Timeline.json:
1027
1028 2015-11-03  Michael Saboff  <msaboff@apple.com>
1029
1030         Rename InlineCallFrame:: getCallerSkippingDeadFrames to something more descriptive
1031         https://bugs.webkit.org/show_bug.cgi?id=150832
1032
1033         Reviewed by Geoffrey Garen.
1034
1035         Renamed InlineCallFrame::getCallerSkippingDeadFrames() to getCallerSkippingTailCalls().
1036         Did similar renaming to helper InlineCallFrame::computeCallerSkippingTailCalls() and
1037         InlineCallFrame::getCallerInlineFrameSkippingTailCalls().
1038
1039         * bytecode/InlineCallFrame.h:
1040         (JSC::InlineCallFrame::computeCallerSkippingTailCalls):
1041         (JSC::InlineCallFrame::getCallerSkippingTailCalls):
1042         (JSC::InlineCallFrame::getCallerInlineFrameSkippingTailCalls):
1043         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames): Deleted.
1044         (JSC::InlineCallFrame::getCallerSkippingDeadFrames): Deleted.
1045         (JSC::InlineCallFrame::getCallerInlineFrameSkippingDeadFrames): Deleted.
1046         * dfg/DFGByteCodeParser.cpp:
1047         (JSC::DFG::ByteCodeParser::allInlineFramesAreTailCalls):
1048         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
1049         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1050         * dfg/DFGGraph.cpp:
1051         (JSC::DFG::Graph::isLiveInBytecode):
1052         * dfg/DFGGraph.h:
1053         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
1054         * dfg/DFGOSRExitCompilerCommon.cpp:
1055         (JSC::DFG::reifyInlinedCallFrames):
1056         * dfg/DFGPreciseLocalClobberize.h:
1057         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1058         * dfg/DFGSpeculativeJIT32_64.cpp:
1059         (JSC::DFG::SpeculativeJIT::emitCall):
1060         * dfg/DFGSpeculativeJIT64.cpp:
1061         (JSC::DFG::SpeculativeJIT::emitCall):
1062         * ftl/FTLLowerDFGToLLVM.cpp:
1063         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
1064         * interpreter/StackVisitor.cpp:
1065         (JSC::StackVisitor::gotoNextFrame):
1066
1067 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
1068
1069         B3/Air should use bubble sort for their insertion sets, because it's faster than std::stable_sort
1070         https://bugs.webkit.org/show_bug.cgi?id=150828
1071
1072         Reviewed by Geoffrey Garen.
1073
1074         Undo the 2% compile time regression caused by http://trac.webkit.org/changeset/191913.
1075
1076         * b3/B3InsertionSet.cpp:
1077         (JSC::B3::InsertionSet::execute): Switch to bubble sort.
1078         * b3/air/AirInsertionSet.cpp:
1079         (JSC::B3::Air::InsertionSet::execute): Switch to bubble sort.
1080         * dfg/DFGBlockInsertionSet.cpp:
1081         (JSC::DFG::BlockInsertionSet::execute): Switch back to quicksort.
1082
1083 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
1084
1085         Unreviewed, partially revert r191952.
1086
1087         Removed GCC compiler workarounds (unreachable returns).
1088
1089         * b3/B3Type.h:
1090         (JSC::B3::sizeofType):
1091         * b3/air/AirArg.h:
1092         (JSC::B3::Air::Arg::isUse):
1093         (JSC::B3::Air::Arg::isDef):
1094         (JSC::B3::Air::Arg::isGP):
1095         (JSC::B3::Air::Arg::isFP):
1096         (JSC::B3::Air::Arg::isType):
1097         * b3/air/AirCode.h:
1098         (JSC::B3::Air::Code::newTmp):
1099         (JSC::B3::Air::Code::numTmps):
1100
1101 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
1102
1103         Fix the ENABLE(B3_JIT) build on Linux
1104         https://bugs.webkit.org/show_bug.cgi?id=150794
1105
1106         Reviewed by Darin Adler.
1107
1108         * CMakeLists.txt:
1109         * b3/B3HeapRange.h:
1110         * b3/B3IndexSet.h:
1111         (JSC::B3::IndexSet::Iterable::iterator::operator++):
1112         * b3/B3Type.h:
1113         (JSC::B3::sizeofType):
1114         * b3/air/AirArg.cpp:
1115         (JSC::B3::Air::Arg::dump):
1116         * b3/air/AirArg.h:
1117         (JSC::B3::Air::Arg::isUse):
1118         (JSC::B3::Air::Arg::isDef):
1119         (JSC::B3::Air::Arg::isGP):
1120         (JSC::B3::Air::Arg::isFP):
1121         (JSC::B3::Air::Arg::isType):
1122         * b3/air/AirCode.h:
1123         (JSC::B3::Air::Code::newTmp):
1124         (JSC::B3::Air::Code::numTmps):
1125         * b3/air/AirSpecial.cpp:
1126
1127 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1128
1129         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
1130         https://bugs.webkit.org/show_bug.cgi?id=150793
1131
1132         Reviewed by Darin Adler.
1133
1134         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
1135         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
1136         the ifdef in parseAssignmentExpression.
1137         This prevents functionality of parsing arrow function syntax.
1138
1139         * parser/Lexer.cpp:
1140         (JSC::Lexer<T>::lex):
1141         * parser/Parser.cpp:
1142         (JSC::Parser<LexerType>::parseInner): Deleted.
1143         * parser/Parser.h:
1144         (JSC::Parser::isArrowFunctionParamters): Deleted.
1145         * parser/ParserTokens.h:
1146
1147 2015-11-02  Michael Saboff  <msaboff@apple.com>
1148
1149         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
1150         https://bugs.webkit.org/show_bug.cgi?id=150745
1151
1152         Reviewed by Geoffrey Garen.
1153
1154         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
1155         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
1156         type of the true caller, that is the function we'll be returning to.
1157
1158         This can be found by remembering the last call type we find while walking up the inlined
1159         frames in InlineCallFrame::getCallerSkippingDeadFrames().
1160
1161         We can also return directly back to a getter or setter callsite without using a thunk.
1162
1163         * bytecode/InlineCallFrame.h:
1164         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
1165         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
1166         * dfg/DFGOSRExitCompilerCommon.cpp:
1167         (JSC::DFG::reifyInlinedCallFrames):
1168         * jit/JITPropertyAccess.cpp:
1169         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
1170         for reified inlined frames created during OSR exit. 
1171         * jit/ThunkGenerators.cpp:
1172         (JSC::baselineGetterReturnThunkGenerator): Deleted.
1173         (JSC::baselineSetterReturnThunkGenerator): Deleted.
1174         * jit/ThunkGenerators.h:
1175
1176 2015-11-02  Saam barati  <sbarati@apple.com>
1177
1178         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
1179         https://bugs.webkit.org/show_bug.cgi?id=150760
1180
1181         Reviewed by Geoffrey Garen.
1182
1183         This is related to using PhantomLocal instead of Flush as 
1184         the liveness preservation mechanism for live catch variables. 
1185         I'm temporarily switching things back to Flush. This will be a
1186         performance hit for try/catch in the DFG. Landing this patch,
1187         though, will allow me to land try/catch in the FTL. It also
1188         makes try/catch in the DFG sound. I have opened another
1189         bug to further investigate using PhantomLocal as the
1190         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
1191
1192         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
1193         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
1194         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
1195         (assert):
1196         (let.oThrow.get f):
1197         (let.o2.get f):
1198         (foo):
1199         (f):
1200
1201 2015-11-02  Andy Estes  <aestes@apple.com>
1202
1203         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
1204         https://bugs.webkit.org/show_bug.cgi?id=150819
1205
1206         Reviewed by Dan Bernstein.
1207
1208         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
1209
1210         * Configurations/Base.xcconfig:
1211
1212 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
1213
1214         [Win] MiniBrowser unable to use WebInspector
1215         https://bugs.webkit.org/show_bug.cgi?id=150810
1216         <rdar://problem/23358514>
1217
1218         Reviewed by Timothy Hatcher.
1219
1220         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
1221         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
1222         parsing error in the JS file.
1223         
1224         The solution was to switch from using "COMMAND echo" to use the more cross-platform
1225         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
1226         escaping properly on all platforms.
1227
1228         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
1229
1230 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
1231
1232         B3 should be able to compile a Patchpoint
1233         https://bugs.webkit.org/show_bug.cgi?id=150750
1234
1235         Reviewed by Geoffrey Garen.
1236
1237         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
1238         with a B3::PatchpointSpecial.
1239
1240         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
1241         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
1242         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
1243         otherwise I would have had to write a lot of boilerplate.
1244
1245         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
1246
1247         There were a ton of indexing bugs in B3StackmapSpecial.
1248
1249         The spiller was broken in case the Def was not the last Arg, since it was adding things
1250         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
1251         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
1252         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
1253         order insertions as a rare case. I think that we don't really need to be so paranoid.
1254         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
1255         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
1256         used sort, which is slightly wrong.
1257
1258         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
1259
1260         * b3/B3InsertionSet.cpp:
1261         (JSC::B3::InsertionSet::execute):
1262         * b3/B3LowerToAir.cpp:
1263         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1264         (JSC::B3::Air::LowerToAir::appendStore):
1265         (JSC::B3::Air::LowerToAir::moveForType):
1266         (JSC::B3::Air::LowerToAir::append):
1267         (JSC::B3::Air::LowerToAir::ensureSpecial):
1268         (JSC::B3::Air::LowerToAir::tryStore):
1269         (JSC::B3::Air::LowerToAir::tryStackSlot):
1270         (JSC::B3::Air::LowerToAir::tryPatchpoint):
1271         (JSC::B3::Air::LowerToAir::tryUpsilon):
1272         * b3/B3LoweringMatcher.patterns:
1273         * b3/B3PatchpointValue.h:
1274         (JSC::B3::PatchpointValue::accepts): Deleted.
1275         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
1276         * b3/B3Stackmap.h:
1277         (JSC::B3::Stackmap::constrain):
1278         (JSC::B3::Stackmap::appendConstraint):
1279         (JSC::B3::Stackmap::reps):
1280         (JSC::B3::Stackmap::clobber):
1281         * b3/B3StackmapSpecial.cpp:
1282         (JSC::B3::StackmapSpecial::forEachArgImpl):
1283         (JSC::B3::StackmapSpecial::isValidImpl):
1284         * b3/B3Value.h:
1285         * b3/B3ValueRep.h:
1286         (JSC::B3::ValueRep::ValueRep):
1287         (JSC::B3::ValueRep::reg):
1288         (JSC::B3::ValueRep::operator bool):
1289         (JSC::B3::ValueRep::isAny):
1290         (JSC::B3::ValueRep::isSomeRegister):
1291         (JSC::B3::ValueRep::isReg):
1292         (JSC::B3::ValueRep::isGPR):
1293         (JSC::B3::ValueRep::isFPR):
1294         (JSC::B3::ValueRep::gpr):
1295         (JSC::B3::ValueRep::fpr):
1296         (JSC::B3::ValueRep::isStack):
1297         (JSC::B3::ValueRep::offsetFromFP):
1298         (JSC::B3::ValueRep::isStackArgument):
1299         (JSC::B3::ValueRep::offsetFromSP):
1300         (JSC::B3::ValueRep::isConstant):
1301         (JSC::B3::ValueRep::value):
1302         * b3/air/AirCode.cpp:
1303         (JSC::B3::Air::Code::dump):
1304         * b3/air/AirInsertionSet.cpp:
1305         (JSC::B3::Air::InsertionSet::execute):
1306         * b3/testb3.cpp:
1307         (JSC::B3::testComplex):
1308         (JSC::B3::testSimplePatchpoint):
1309         (JSC::B3::run):
1310         * dfg/DFGBlockInsertionSet.cpp:
1311         (JSC::DFG::BlockInsertionSet::execute):
1312
1313 2015-11-02  Mark Lam  <mark.lam@apple.com>
1314
1315         Snippefy op_add for the baseline JIT.
1316         https://bugs.webkit.org/show_bug.cgi?id=150129
1317
1318         Reviewed by Geoffrey Garen and Saam Barati.
1319
1320         Performance is neutral for both 32-bit and 64-bit on X86_64.
1321
1322         * CMakeLists.txt:
1323         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1324         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1325         * JavaScriptCore.xcodeproj/project.pbxproj:
1326         * jit/JIT.h:
1327         (JSC::JIT::getOperandConstantInt):
1328         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
1329           because the snippet needs it.
1330
1331         * jit/JITAddGenerator.cpp: Added.
1332         (JSC::JITAddGenerator::generateFastPath):
1333         * jit/JITAddGenerator.h: Added.
1334         (JSC::JITAddGenerator::JITAddGenerator):
1335         (JSC::JITAddGenerator::endJumpList):
1336         (JSC::JITAddGenerator::slowPathJumpList):
1337         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
1338           is a constant int32_t.  It does not implement an optimization for the case where
1339           both operands are constant int32_t.  This is because:
1340           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
1341           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
1342
1343           Hence, such an optimization path (for 2 constant int32_t operands) would never
1344           be taken, and is why we won't implement it.
1345
1346         * jit/JITArithmetic.cpp:
1347         (JSC::JIT::compileBinaryArithOp):
1348         (JSC::JIT::compileBinaryArithOpSlowCase):
1349         - Removed op_add cases.  These are no longer used by the op_add emitters.
1350
1351         (JSC::JIT::emit_op_add):
1352         (JSC::JIT::emitSlow_op_add):
1353         - Moved out from the JSVALUE64 section to the common section, and reimplemented
1354           using the snippet.
1355
1356         * jit/JITArithmetic32_64.cpp:
1357         (JSC::JIT::emitBinaryDoubleOp):
1358         (JSC::JIT::emit_op_add): Deleted.
1359         (JSC::JIT::emitAdd32Constant): Deleted.
1360         (JSC::JIT::emitSlow_op_add): Deleted.
1361         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
1362           and 64-bit implementations.
1363
1364         * jit/JITInlines.h:
1365         (JSC::JIT::getOperandConstantInt):
1366         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
1367           because the snippet needs it.
1368
1369 2015-11-02  Brian Burg  <bburg@apple.com>
1370
1371         Run sort-Xcode-project-file for the JavaScriptCore project.
1372
1373         Unreviewed. Many things were out of order following recent B3 commits.
1374
1375         * JavaScriptCore.xcodeproj/project.pbxproj:
1376
1377 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
1378
1379         Rename op_put_getter_setter to op_put_getter_setter_by_id
1380         https://bugs.webkit.org/show_bug.cgi?id=150773
1381
1382         Reviewed by Mark Lam.
1383
1384         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
1385         the other ops' names like op_put_getter_by_id etc.
1386
1387         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
1388
1389         * JavaScriptCore.xcodeproj/project.pbxproj:
1390         * bytecode/BytecodeList.json:
1391         * bytecode/BytecodeUseDef.h:
1392         (JSC::computeUsesForBytecodeOffset):
1393         (JSC::computeDefsForBytecodeOffset):
1394         * bytecode/CodeBlock.cpp:
1395         (JSC::CodeBlock::dumpBytecode):
1396         * bytecompiler/BytecodeGenerator.cpp:
1397         (JSC::BytecodeGenerator::emitPutGetterSetter):
1398         * dfg/DFGByteCodeParser.cpp:
1399         (JSC::DFG::ByteCodeParser::parseBlock):
1400         * dfg/DFGCapabilities.cpp:
1401         (JSC::DFG::capabilityLevel):
1402         * jit/JIT.cpp:
1403         (JSC::JIT::privateCompileMainPass):
1404         * jit/JIT.h:
1405         * jit/JITPropertyAccess.cpp:
1406         (JSC::JIT::emit_op_put_getter_setter_by_id):
1407         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1408         * jit/JITPropertyAccess32_64.cpp:
1409         (JSC::JIT::emit_op_put_getter_setter_by_id):
1410         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1411         * llint/LLIntSlowPaths.cpp:
1412         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1413         * llint/LLIntSlowPaths.h:
1414         * llint/LowLevelInterpreter.asm:
1415
1416 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
1417
1418         Fix the FTL JIT build with system LLVM on Linux
1419         https://bugs.webkit.org/show_bug.cgi?id=150795
1420
1421         Reviewed by Filip Pizlo.
1422
1423         * CMakeLists.txt:
1424
1425 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1426
1427         [ES6] Support Generator Syntax
1428         https://bugs.webkit.org/show_bug.cgi?id=150769
1429
1430         Reviewed by Geoffrey Garen.
1431
1432         This patch implements syntax part of ES6 Generators.
1433
1434         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
1435         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
1436         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
1437         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
1438
1439         * Configurations/FeatureDefines.xcconfig:
1440         * bytecompiler/NodesCodegen.cpp:
1441         (JSC::YieldExprNode::emitBytecode):
1442         * parser/ASTBuilder.h:
1443         (JSC::ASTBuilder::createYield):
1444         * parser/Keywords.table:
1445         * parser/NodeConstructors.h:
1446         (JSC::YieldExprNode::YieldExprNode):
1447         * parser/Nodes.h:
1448         * parser/Parser.cpp:
1449         (JSC::Parser<LexerType>::Parser):
1450         (JSC::Parser<LexerType>::parseInner):
1451         (JSC::Parser<LexerType>::parseStatementListItem):
1452         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1453         (JSC::Parser<LexerType>::parseDestructuringPattern):
1454         (JSC::Parser<LexerType>::parseBreakStatement):
1455         (JSC::Parser<LexerType>::parseContinueStatement):
1456         (JSC::Parser<LexerType>::parseTryStatement):
1457         (JSC::Parser<LexerType>::parseStatement):
1458         (JSC::stringForFunctionMode):
1459         (JSC::Parser<LexerType>::parseFunctionParameters):
1460         (JSC::Parser<LexerType>::parseFunctionInfo):
1461         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1462         (JSC::Parser<LexerType>::parseClass):
1463         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
1464         (JSC::Parser<LexerType>::parseExportDeclaration):
1465         (JSC::Parser<LexerType>::parseAssignmentExpression):
1466         (JSC::Parser<LexerType>::parseYieldExpression):
1467         (JSC::Parser<LexerType>::parseProperty):
1468         (JSC::Parser<LexerType>::parsePropertyMethod):
1469         (JSC::Parser<LexerType>::parseGetterSetter):
1470         (JSC::Parser<LexerType>::parseFunctionExpression):
1471         (JSC::Parser<LexerType>::parsePrimaryExpression):
1472         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
1473         * parser/Parser.h:
1474         (JSC::Scope::Scope):
1475         (JSC::Scope::setSourceParseMode):
1476         (JSC::Scope::isGenerator):
1477         (JSC::Scope::setIsFunction):
1478         (JSC::Scope::setIsGenerator):
1479         (JSC::Scope::setIsModule):
1480         (JSC::Parser::pushScope):
1481         (JSC::Parser::isYIELDMaskedAsIDENT):
1482         (JSC::Parser::matchSpecIdentifier):
1483         (JSC::Parser::saveState):
1484         (JSC::Parser::restoreState):
1485         * parser/ParserModes.h:
1486         (JSC::isFunctionParseMode):
1487         (JSC::isModuleParseMode):
1488         (JSC::isProgramParseMode):
1489         * parser/ParserTokens.h:
1490         * parser/SyntaxChecker.h:
1491         (JSC::SyntaxChecker::createYield):
1492         * tests/stress/generator-methods.js: Added.
1493         (Hello.prototype.gen):
1494         (Hello.gen):
1495         (Hello):
1496         (Hello.prototype.set get string_appeared_here):
1497         (Hello.string_appeared_here):
1498         (Hello.prototype.20):
1499         (Hello.20):
1500         (Hello.prototype.42):
1501         (Hello.42):
1502         (let.object.gen):
1503         (let.object.set get string_appeared_here):
1504         (let.object.20):
1505         (let.object.42):
1506         * tests/stress/generator-syntax.js: Added.
1507         (testSyntax):
1508         (testSyntaxError):
1509         (testSyntaxError.Hello.prototype.get gen):
1510         (testSyntaxError.Hello):
1511         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
1512         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
1513         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
1514         (testSyntaxError.value):
1515         (testSyntaxError.gen.ng):
1516         (testSyntaxError.gen):
1517         (testSyntax.gen):
1518         * tests/stress/yield-and-line-terminator.js: Added.
1519         (testSyntax):
1520         (testSyntaxError):
1521         (testSyntax.gen):
1522         (testSyntaxError.gen):
1523         * tests/stress/yield-label-generator.js: Added.
1524         (testSyntax):
1525         (testSyntaxError):
1526         (testSyntaxError.test):
1527         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
1528         * tests/stress/yield-label.js: Added.
1529         (yield):
1530         (testSyntaxError):
1531         (testSyntaxError.test):
1532         * tests/stress/yield-named-accessors-generator.js: Added.
1533         (t1.let.object.get yield):
1534         (t1.let.object.set yield):
1535         (t1):
1536         (t2.let.object.get yield):
1537         (t2.let.object.set yield):
1538         (t2):
1539         * tests/stress/yield-named-accessors.js: Added.
1540         (t1.let.object.get yield):
1541         (t1.let.object.set yield):
1542         (t1):
1543         (t2.let.object.get yield):
1544         (t2.let.object.set yield):
1545         (t2):
1546         * tests/stress/yield-named-variable-generator.js: Added.
1547         (testSyntax):
1548         (testSyntaxError):
1549         (testSyntaxError.t1):
1550         (testSyntaxError.t1.yield):
1551         (testSyntax.t1.yield):
1552         (testSyntax.t1):
1553         * tests/stress/yield-named-variable.js: Added.
1554         (testSyntax):
1555         (testSyntaxError):
1556         (testSyntax.t1):
1557         (testSyntaxError.t1):
1558         (testSyntax.t1.yield):
1559         (testSyntaxError.t1.yield):
1560         * tests/stress/yield-out-of-generator.js: Added.
1561         (testSyntax):
1562         (testSyntaxError):
1563         (testSyntaxError.hello):
1564         (testSyntaxError.gen.hello):
1565         (testSyntaxError.gen):
1566         (testSyntax.gen):
1567         (testSyntax.gen.ok):
1568         (testSyntaxError.gen.ok):
1569
1570 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1571
1572         Dominators should be factored out of the DFG
1573         https://bugs.webkit.org/show_bug.cgi?id=150764
1574
1575         Reviewed by Geoffrey Garen.
1576
1577         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
1578         DFG:
1579
1580         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
1581            future if we wanted to support inverted dominators, we could do it by just creating a
1582            DFG::BackwardCFG.
1583
1584         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
1585            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
1586            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
1587            the DFG.
1588
1589         * CMakeLists.txt:
1590         * JavaScriptCore.xcodeproj/project.pbxproj:
1591         * dfg/DFGAnalysis.h: Removed.
1592         * dfg/DFGCFG.h: Added.
1593         (JSC::DFG::CFG::CFG):
1594         (JSC::DFG::CFG::root):
1595         (JSC::DFG::CFG::newMap<T>):
1596         (JSC::DFG::CFG::successors):
1597         (JSC::DFG::CFG::predecessors):
1598         (JSC::DFG::CFG::index):
1599         (JSC::DFG::CFG::node):
1600         (JSC::DFG::CFG::numNodes):
1601         (JSC::DFG::CFG::dump):
1602         * dfg/DFGCSEPhase.cpp:
1603         * dfg/DFGDisassembler.cpp:
1604         (JSC::DFG::Disassembler::createDumpList):
1605         * dfg/DFGDominators.cpp: Removed.
1606         * dfg/DFGDominators.h:
1607         (JSC::DFG::Dominators::Dominators):
1608         (JSC::DFG::Dominators::strictlyDominates): Deleted.
1609         (JSC::DFG::Dominators::dominates): Deleted.
1610         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
1611         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
1612         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
1613         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
1614         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
1615         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
1616         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
1617         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
1618         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
1619         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
1620         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
1621         * dfg/DFGEdgeDominates.h:
1622         (JSC::DFG::EdgeDominates::operator()):
1623         * dfg/DFGGraph.cpp:
1624         (JSC::DFG::Graph::Graph):
1625         (JSC::DFG::Graph::dumpBlockHeader):
1626         (JSC::DFG::Graph::invalidateCFG):
1627         (JSC::DFG::Graph::substituteGetLocal):
1628         (JSC::DFG::Graph::handleAssertionFailure):
1629         (JSC::DFG::Graph::ensureDominators):
1630         (JSC::DFG::Graph::ensurePrePostNumbering):
1631         (JSC::DFG::Graph::ensureNaturalLoops):
1632         (JSC::DFG::Graph::valueProfileFor):
1633         * dfg/DFGGraph.h:
1634         (JSC::DFG::Graph::hasDebuggerEnabled):
1635         * dfg/DFGLICMPhase.cpp:
1636         (JSC::DFG::LICMPhase::run):
1637         (JSC::DFG::LICMPhase::attemptHoist):
1638         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1639         (JSC::DFG::createPreHeader):
1640         (JSC::DFG::LoopPreHeaderCreationPhase::run):
1641         * dfg/DFGNaturalLoops.cpp:
1642         (JSC::DFG::NaturalLoop::dump):
1643         (JSC::DFG::NaturalLoops::NaturalLoops):
1644         (JSC::DFG::NaturalLoops::~NaturalLoops):
1645         (JSC::DFG::NaturalLoops::loopsOf):
1646         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
1647         (JSC::DFG::NaturalLoops::compute): Deleted.
1648         * dfg/DFGNaturalLoops.h:
1649         (JSC::DFG::NaturalLoops::numLoops):
1650         * dfg/DFGNode.h:
1651         (JSC::DFG::Node::SuccessorsIterable::end):
1652         (JSC::DFG::Node::SuccessorsIterable::size):
1653         (JSC::DFG::Node::SuccessorsIterable::at):
1654         (JSC::DFG::Node::SuccessorsIterable::operator[]):
1655         * dfg/DFGOSREntrypointCreationPhase.cpp:
1656         (JSC::DFG::OSREntrypointCreationPhase::run):
1657         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1658         * dfg/DFGPlan.cpp:
1659         (JSC::DFG::Plan::compileInThreadImpl):
1660         * dfg/DFGPrePostNumbering.cpp:
1661         (JSC::DFG::PrePostNumbering::PrePostNumbering):
1662         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
1663         (JSC::DFG::PrePostNumbering::compute): Deleted.
1664         * dfg/DFGPrePostNumbering.h:
1665         (JSC::DFG::PrePostNumbering::preNumber):
1666         (JSC::DFG::PrePostNumbering::postNumber):
1667         * dfg/DFGPutStackSinkingPhase.cpp:
1668         * dfg/DFGSSACalculator.cpp:
1669         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1670         (JSC::DFG::SSACalculator::reachingDefAtTail):
1671         * dfg/DFGSSACalculator.h:
1672         (JSC::DFG::SSACalculator::computePhis):
1673         * dfg/DFGSSAConversionPhase.cpp:
1674         (JSC::DFG::SSAConversionPhase::run):
1675         * ftl/FTLLink.cpp:
1676         (JSC::FTL::link):
1677         * ftl/FTLLowerDFGToLLVM.cpp:
1678         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
1679         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
1680         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
1681
1682 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1683
1684         B3::reduceStrength's DCE should be more agro and less wrong
1685         https://bugs.webkit.org/show_bug.cgi?id=150748
1686
1687         Reviewed by Geoffrey Garen.
1688
1689         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
1690         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
1691         cycles. It was also probably slower than it needed to be, since it would eliminate all
1692         never-referenced things on each fixpoint.
1693
1694         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
1695         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
1696         Upsilons, it's a fixpoint. It works fine in the end.
1697
1698         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
1699         writing as a compile time benchmark. So, I include that test in this change. I also include
1700         the small lowering extensions that it needed - shifting and zero extending.
1701
1702         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
1703         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
1704         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
1705         close once we give B3 a register allocator, but still, that's pretty good news for our B3
1706         strategy.
1707
1708         * JavaScriptCore.xcodeproj/project.pbxproj:
1709         * assembler/MacroAssemblerX86_64.h:
1710         (JSC::MacroAssemblerX86_64::lshift64):
1711         (JSC::MacroAssemblerX86_64::rshift64):
1712         * assembler/X86Assembler.h:
1713         (JSC::X86Assembler::shlq_i8r):
1714         (JSC::X86Assembler::shlq_CLr):
1715         (JSC::X86Assembler::imull_rr):
1716         * b3/B3BasicBlock.cpp:
1717         (JSC::B3::BasicBlock::replacePredecessor):
1718         (JSC::B3::BasicBlock::dump):
1719         (JSC::B3::BasicBlock::removeNops): Deleted.
1720         * b3/B3BasicBlock.h:
1721         (JSC::B3::BasicBlock::frequency):
1722         * b3/B3Common.cpp:
1723         (JSC::B3::shouldSaveIRBeforePhase):
1724         (JSC::B3::shouldMeasurePhaseTiming):
1725         * b3/B3Common.h:
1726         (JSC::B3::isRepresentableAsImpl):
1727         * b3/B3Generate.cpp:
1728         (JSC::B3::generate):
1729         (JSC::B3::generateToAir):
1730         * b3/B3LowerToAir.cpp:
1731         (JSC::B3::Air::LowerToAir::tryAnd):
1732         (JSC::B3::Air::LowerToAir::tryShl):
1733         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1734         (JSC::B3::Air::LowerToAir::tryTrunc):
1735         (JSC::B3::Air::LowerToAir::tryZExt32):
1736         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1737         * b3/B3LoweringMatcher.patterns:
1738         * b3/B3PhaseScope.cpp:
1739         (JSC::B3::PhaseScope::PhaseScope):
1740         * b3/B3PhaseScope.h:
1741         * b3/B3ReduceStrength.cpp:
1742         * b3/B3TimingScope.cpp: Added.
1743         (JSC::B3::TimingScope::TimingScope):
1744         (JSC::B3::TimingScope::~TimingScope):
1745         * b3/B3TimingScope.h: Added.
1746         * b3/B3Validate.cpp:
1747         * b3/air/AirAllocateStack.cpp:
1748         (JSC::B3::Air::allocateStack):
1749         * b3/air/AirGenerate.cpp:
1750         (JSC::B3::Air::generate):
1751         * b3/air/AirInstInlines.h:
1752         (JSC::B3::Air::ForEach<Arg>::forEach):
1753         (JSC::B3::Air::Inst::forEach):
1754         (JSC::B3::Air::isLshift32Valid):
1755         (JSC::B3::Air::isLshift64Valid):
1756         * b3/air/AirLiveness.h:
1757         (JSC::B3::Air::Liveness::isAlive):
1758         (JSC::B3::Air::Liveness::Liveness):
1759         (JSC::B3::Air::Liveness::LocalCalc::execute):
1760         * b3/air/AirOpcode.opcodes:
1761         * b3/air/AirPhaseScope.cpp:
1762         (JSC::B3::Air::PhaseScope::PhaseScope):
1763         * b3/air/AirPhaseScope.h:
1764         * b3/testb3.cpp:
1765         (JSC::B3::testBranchEqualFoldPtr):
1766         (JSC::B3::testComplex):
1767         (JSC::B3::run):
1768         * runtime/Options.h:
1769
1770 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
1771
1772         [ES6] Add support for toStringTag
1773         https://bugs.webkit.org/show_bug.cgi?id=150696
1774
1775         Re-landing, as this wasn't the culprit.
1776
1777         * runtime/ArrayIteratorPrototype.cpp:
1778         (JSC::ArrayIteratorPrototype::finishCreation):
1779         * runtime/CommonIdentifiers.h:
1780         * runtime/JSArrayBufferPrototype.cpp:
1781         (JSC::JSArrayBufferPrototype::finishCreation):
1782         (JSC::JSArrayBufferPrototype::create):
1783         * runtime/JSDataViewPrototype.cpp:
1784         (JSC::JSDataViewPrototype::create):
1785         (JSC::JSDataViewPrototype::finishCreation):
1786         (JSC::JSDataViewPrototype::createStructure):
1787         * runtime/JSDataViewPrototype.h:
1788         * runtime/JSModuleNamespaceObject.cpp:
1789         (JSC::JSModuleNamespaceObject::finishCreation):
1790         * runtime/JSONObject.cpp:
1791         (JSC::JSONObject::finishCreation):
1792         * runtime/JSPromisePrototype.cpp:
1793         (JSC::JSPromisePrototype::finishCreation):
1794         (JSC::JSPromisePrototype::getOwnPropertySlot):
1795         * runtime/JSTypedArrayViewPrototype.cpp:
1796         (JSC::typedArrayViewProtoFuncValues):
1797         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1798         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
1799         (JSC::JSTypedArrayViewPrototype::finishCreation):
1800         * runtime/MapIteratorPrototype.cpp:
1801         (JSC::MapIteratorPrototype::finishCreation):
1802         (JSC::MapIteratorPrototypeFuncNext):
1803         * runtime/MapPrototype.cpp:
1804         (JSC::MapPrototype::finishCreation):
1805         * runtime/MathObject.cpp:
1806         (JSC::MathObject::finishCreation):
1807         * runtime/ObjectPrototype.cpp:
1808         (JSC::objectProtoFuncToString):
1809         * runtime/SetIteratorPrototype.cpp:
1810         (JSC::SetIteratorPrototype::finishCreation):
1811         (JSC::SetIteratorPrototypeFuncNext):
1812         * runtime/SetPrototype.cpp:
1813         (JSC::SetPrototype::finishCreation):
1814         * runtime/SmallStrings.cpp:
1815         (JSC::SmallStrings::SmallStrings):
1816         (JSC::SmallStrings::initializeCommonStrings):
1817         (JSC::SmallStrings::visitStrongReferences):
1818         * runtime/SmallStrings.h:
1819         (JSC::SmallStrings::typeString):
1820         (JSC::SmallStrings::objectStringStart):
1821         (JSC::SmallStrings::nullObjectString):
1822         (JSC::SmallStrings::undefinedObjectString):
1823         * runtime/StringIteratorPrototype.cpp:
1824         (JSC::StringIteratorPrototype::finishCreation):
1825         * runtime/SymbolPrototype.cpp:
1826         (JSC::SymbolPrototype::finishCreation):
1827         * runtime/WeakMapPrototype.cpp:
1828         (JSC::WeakMapPrototype::finishCreation):
1829         (JSC::getWeakMapData):
1830         * runtime/WeakSetPrototype.cpp:
1831         (JSC::WeakSetPrototype::finishCreation):
1832         (JSC::getWeakMapData):
1833         * tests/es6.yaml:
1834         * tests/modules/namespace.js:
1835         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
1836
1837 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1838
1839         Unreviewed, rolling out r191815 and r191821.
1840         https://bugs.webkit.org/show_bug.cgi?id=150781
1841
1842         Seems to have broken JSC API tests on some platforms
1843         (Requested by ap on #webkit).
1844
1845         Reverted changesets:
1846
1847         "[ES6] Add support for toStringTag"
1848         https://bugs.webkit.org/show_bug.cgi?id=150696
1849         http://trac.webkit.org/changeset/191815
1850
1851         "Unreviewed, forgot to mark tests as passing for new feature."
1852         http://trac.webkit.org/changeset/191821
1853
1854 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1855
1856         Unreviewed, rolling out r191858.
1857         https://bugs.webkit.org/show_bug.cgi?id=150780
1858
1859         Broke the build (Requested by ap on #webkit).
1860
1861         Reverted changeset:
1862
1863         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
1864         https://bugs.webkit.org/show_bug.cgi?id=150773
1865         http://trac.webkit.org/changeset/191858
1866
1867 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1868
1869         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
1870
1871         * b3/B3LowerToAir.cpp:
1872         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1873
1874 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1875
1876         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
1877
1878         * b3/B3LowerToAir.cpp:
1879         (JSC::B3::Air::LowerToAir::tryTrunc):
1880
1881 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1882
1883         Rename op_put_getter_setter to op_put_getter_setter_by_id
1884         https://bugs.webkit.org/show_bug.cgi?id=150773
1885
1886         Reviewed by Mark Lam.
1887
1888         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
1889         the other ops' names like op_put_getter_by_id etc.
1890
1891         * bytecode/BytecodeList.json:
1892         * bytecode/BytecodeUseDef.h:
1893         (JSC::computeUsesForBytecodeOffset):
1894         (JSC::computeDefsForBytecodeOffset):
1895         * bytecode/CodeBlock.cpp:
1896         (JSC::CodeBlock::dumpBytecode):
1897         * bytecompiler/BytecodeGenerator.cpp:
1898         (JSC::BytecodeGenerator::emitPutGetterSetter):
1899         * dfg/DFGByteCodeParser.cpp:
1900         (JSC::DFG::ByteCodeParser::parseBlock):
1901         * dfg/DFGCapabilities.cpp:
1902         (JSC::DFG::capabilityLevel):
1903         * jit/JIT.cpp:
1904         (JSC::JIT::privateCompileMainPass):
1905         * jit/JIT.h:
1906         * jit/JITPropertyAccess.cpp:
1907         (JSC::JIT::emit_op_put_getter_setter_by_id):
1908         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1909         * jit/JITPropertyAccess32_64.cpp:
1910         (JSC::JIT::emit_op_put_getter_setter_by_id):
1911         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1912         * llint/LLIntSlowPaths.cpp:
1913         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1914         * llint/LLIntSlowPaths.h:
1915         * llint/LowLevelInterpreter.asm:
1916
1917 2015-10-31  Andreas Kling  <akling@apple.com>
1918
1919         Add a debug overlay with information about web process resource usage.
1920         <https://webkit.org/b/150599>
1921
1922         Reviewed by Darin Adler.
1923
1924         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
1925         WeakBlock objects, keeping them in a single location that can be sampled by the
1926         resource usage overlay thread.
1927
1928         The bulk of these changes is threading a Heap& through from sites where blocks are
1929         allocated or freed.
1930
1931         * heap/CopiedBlock.cpp:
1932         (JSC::CopiedBlock::createNoZeroFill):
1933         (JSC::CopiedBlock::destroy):
1934         (JSC::CopiedBlock::create):
1935         * heap/CopiedBlock.h:
1936         * heap/CopiedSpace.cpp:
1937         (JSC::CopiedSpace::~CopiedSpace):
1938         (JSC::CopiedSpace::tryAllocateOversize):
1939         (JSC::CopiedSpace::tryReallocateOversize):
1940         * heap/CopiedSpaceInlines.h:
1941         (JSC::CopiedSpace::recycleEvacuatedBlock):
1942         (JSC::CopiedSpace::recycleBorrowedBlock):
1943         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1944         (JSC::CopiedSpace::allocateBlock):
1945         (JSC::CopiedSpace::startedCopying):
1946         * heap/Heap.cpp:
1947         (JSC::Heap::~Heap):
1948         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
1949         * heap/Heap.h:
1950         (JSC::Heap::blockBytesAllocated):
1951         * heap/HeapInlines.h:
1952         (JSC::Heap::didAllocateBlock):
1953         (JSC::Heap::didFreeBlock):
1954         * heap/MarkedAllocator.cpp:
1955         (JSC::MarkedAllocator::allocateBlock):
1956         * heap/MarkedBlock.cpp:
1957         (JSC::MarkedBlock::create):
1958         (JSC::MarkedBlock::destroy):
1959         * heap/MarkedBlock.h:
1960         * heap/MarkedSpace.cpp:
1961         (JSC::MarkedSpace::freeBlock):
1962         * heap/WeakBlock.cpp:
1963         (JSC::WeakBlock::create):
1964         (JSC::WeakBlock::destroy):
1965         * heap/WeakBlock.h:
1966         * heap/WeakSet.cpp:
1967         (JSC::WeakSet::~WeakSet):
1968         (JSC::WeakSet::addAllocator):
1969         (JSC::WeakSet::removeAllocator):
1970
1971 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1972
1973         Air should eliminate dead code
1974         https://bugs.webkit.org/show_bug.cgi?id=150746
1975
1976         Reviewed by Geoffrey Garen.
1977
1978         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
1979         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
1980         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
1981         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
1982         runs these rules to fixpoint, and then removes the dead instructions.
1983
1984         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
1985         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
1986         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
1987         checks are all Specials, and the Special base class by default always claims that the
1988         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
1989         exotic math constructs; then the Special associated with that thing would claim that there
1990         are no effects.
1991
1992         * JavaScriptCore.xcodeproj/project.pbxproj:
1993         * b3/air/AirBasicBlock.h:
1994         (JSC::B3::Air::BasicBlock::begin):
1995         (JSC::B3::Air::BasicBlock::end):
1996         (JSC::B3::Air::BasicBlock::at):
1997         (JSC::B3::Air::BasicBlock::last):
1998         (JSC::B3::Air::BasicBlock::resize):
1999         (JSC::B3::Air::BasicBlock::appendInst):
2000         * b3/air/AirEliminateDeadCode.cpp: Added.
2001         (JSC::B3::Air::eliminateDeadCode):
2002         * b3/air/AirEliminateDeadCode.h: Added.
2003         * b3/air/AirGenerate.cpp:
2004         (JSC::B3::Air::generate):
2005         * b3/air/AirInst.h:
2006         * b3/air/AirOpcode.opcodes:
2007         * b3/air/AirSpecial.cpp:
2008         (JSC::B3::Air::Special::name):
2009         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
2010         (JSC::B3::Air::Special::dump):
2011         * b3/air/AirSpecial.h:
2012         * b3/air/opcode_generator.rb:
2013
2014 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
2015
2016         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
2017         https://bugs.webkit.org/show_bug.cgi?id=150511
2018
2019         Reviewed by Saam Barati.
2020
2021         This change adds such a phase. In the process of writing it, I was reminded about the
2022         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
2023
2024         * JavaScriptCore.xcodeproj/project.pbxproj:
2025         * b3/air/AirAllocateStack.cpp:
2026         (JSC::B3::Air::allocateStack):
2027         * b3/air/AirGenerate.cpp:
2028         (JSC::B3::Air::generate):
2029         * b3/air/AirReportUsedRegisters.cpp: Added.
2030         (JSC::B3::Air::reportUsedRegisters):
2031         * b3/air/AirReportUsedRegisters.h: Added.
2032
2033 2015-10-31  Brian Burg  <bburg@apple.com>
2034
2035         Builtins generator should put WebCore-only wrappers in the per-builtin header
2036         https://bugs.webkit.org/show_bug.cgi?id=150539
2037
2038         Reviewed by Youenn Fablet.
2039
2040         If generating for WebCore, put the XXXWrapper and related boilerplate
2041         in the per-builtin header instead of making a separate XXXWrapper.h.
2042
2043         Rebaseline the tests.
2044
2045         * CMakeLists.txt:
2046         * DerivedSources.make:
2047         * Scripts/builtins/builtins.py:
2048         * Scripts/builtins/builtins_generate_separate_header.py:
2049         (BuiltinsSeparateHeaderGenerator.generate_output):
2050         (generate_header_includes):
2051         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
2052         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
2053         * Scripts/generate-js-builtins.py:
2054         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2055         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2056         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2057         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2058
2059 2015-10-31  Saam barati  <sbarati@apple.com>
2060
2061         JSC should have a forceGCSlowPaths option
2062         https://bugs.webkit.org/show_bug.cgi?id=150744
2063
2064         Reviewed by Filip Pizlo.
2065
2066         This patch implements the forceGCSlowPaths option.
2067         It defaults to false, but when it is set to true,
2068         the JITs will always allocate objects along the slow
2069         path. This will be helpful for writing a certain class
2070         of tests. This may also come in handy for debugging
2071         later.
2072
2073         This patch also adds the "forceGCSlowPaths" function
2074         in jsc.cpp which sets the option to true. If you
2075         use this function in a jsc stress test, it's best
2076         to call it as the first thing in the program before
2077         we JIT anything.
2078
2079         * dfg/DFGSpeculativeJIT.h:
2080         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
2081         * ftl/FTLLowerDFGToLLVM.cpp:
2082         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
2083         * jit/JITInlines.h:
2084         (JSC::JIT::emitAllocateJSObject):
2085         * jsc.cpp:
2086         (GlobalObject::finishCreation):
2087         (functionEdenGC):
2088         (functionForceGCSlowPaths):
2089         (functionHeapSize):
2090         * runtime/Options.h:
2091
2092 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
2093
2094         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
2095         https://bugs.webkit.org/show_bug.cgi?id=150753
2096
2097         Reviewed by Timothy Hatcher.
2098
2099         * parser/Parser.h:
2100         (JSC::Parser<LexerType>::parse):
2101         Only set the directives on the SourceProvider if we were parsing the
2102         entire file (Program or Module), not if we are in function parsing mode.
2103         This was inadvertently clearing the directives stored on the
2104         SourceProvider when the function parse didn't see directives and reset
2105         the values on the source provider.
2106
2107 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
2108
2109         [JSC] Add lowering for B3's Sub operation with integers
2110         https://bugs.webkit.org/show_bug.cgi?id=150749
2111
2112         Reviewed by Filip Pizlo.
2113
2114         * b3/B3LowerToAir.cpp:
2115         (JSC::B3::Air::LowerToAir::trySub):
2116         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
2117         * b3/B3LoweringMatcher.patterns:
2118         Identical to Add but obviously NotCommutative.
2119
2120         * b3/B3ReduceStrength.cpp:
2121         Turn Add/Sub with zero into an identity. I only added for
2122         Add since Sub with a constant is always turned into an Add.
2123
2124         Also switched the Sub optimizations to put the strongest first.
2125
2126         * b3/air/AirOpcode.opcodes:
2127         * b3/testb3.cpp:
2128         (JSC::B3::testAddArgImm):
2129         (JSC::B3::testAddImmArg):
2130         (JSC::B3::testSubArgs):
2131         (JSC::B3::testSubArgImm):
2132         (JSC::B3::testSubImmArg):
2133         (JSC::B3::testSubArgs32):
2134         (JSC::B3::testSubArgImm32):
2135         (JSC::B3::testSubImmArg32):
2136         (JSC::B3::testStoreSubLoad):
2137         (JSC::B3::run):
2138
2139 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
2140
2141         [JSC] Add the Air Opcode definitions to the Xcode project file
2142         https://bugs.webkit.org/show_bug.cgi?id=150701
2143
2144         Reviewed by Geoffrey Garen.
2145
2146         * JavaScriptCore.xcodeproj/project.pbxproj:
2147         Easier for those who use Xcode :)
2148
2149 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
2150
2151         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
2152
2153         * b3/B3ValueRep.h:
2154
2155 2015-10-30  Michael Saboff  <msaboff@apple.com>
2156
2157         Windows X86-64 change for Crash making a tail call from a getter to a host function
2158         https://bugs.webkit.org/show_bug.cgi?id=150737
2159
2160         Reviewed by Geoffrey Garen.
2161
2162         Need to make the same change for Windows X86-64 as was made in change set
2163         http://trac.webkit.org/changeset/191765.
2164
2165         * jit/JITStubsMSVC64.asm:
2166
2167 2015-10-30  Keith Miller  <keith_miller@apple.com>
2168
2169         Unreviewed, forgot to mark tests as passing for new feature.
2170
2171         * tests/es6.yaml:
2172
2173 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
2174
2175         B3 should be able to compile a control flow diamond
2176         https://bugs.webkit.org/show_bug.cgi?id=150720
2177
2178         Reviewed by Benjamin Poulain.
2179
2180         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
2181         comparisons and boolean-like operations.
2182
2183         * assembler/MacroAssembler.cpp:
2184         (WTF::printInternal):
2185         * assembler/MacroAssembler.h:
2186         * b3/B3BasicBlockUtils.h:
2187         (JSC::B3::replacePredecessor):
2188         (JSC::B3::resetReachability):
2189         * b3/B3CheckValue.h:
2190         * b3/B3Common.h:
2191         (JSC::B3::isRepresentableAsImpl):
2192         (JSC::B3::isRepresentableAs):
2193         * b3/B3Const32Value.cpp:
2194         (JSC::B3::Const32Value::subConstant):
2195         (JSC::B3::Const32Value::equalConstant):
2196         (JSC::B3::Const32Value::notEqualConstant):
2197         (JSC::B3::Const32Value::dumpMeta):
2198         * b3/B3Const32Value.h:
2199         * b3/B3Const64Value.cpp:
2200         (JSC::B3::Const64Value::subConstant):
2201         (JSC::B3::Const64Value::equalConstant):
2202         (JSC::B3::Const64Value::notEqualConstant):
2203         (JSC::B3::Const64Value::dumpMeta):
2204         * b3/B3Const64Value.h:
2205         * b3/B3ConstDoubleValue.cpp:
2206         (JSC::B3::ConstDoubleValue::subConstant):
2207         (JSC::B3::ConstDoubleValue::equalConstant):
2208         (JSC::B3::ConstDoubleValue::notEqualConstant):
2209         (JSC::B3::ConstDoubleValue::dumpMeta):
2210         * b3/B3ConstDoubleValue.h:
2211         * b3/B3ControlValue.cpp:
2212         (JSC::B3::ControlValue::~ControlValue):
2213         (JSC::B3::ControlValue::convertToJump):
2214         (JSC::B3::ControlValue::dumpMeta):
2215         * b3/B3ControlValue.h:
2216         * b3/B3LowerToAir.cpp:
2217         (JSC::B3::Air::LowerToAir::imm):
2218         (JSC::B3::Air::LowerToAir::tryStackSlot):
2219         (JSC::B3::Air::LowerToAir::tryUpsilon):
2220         (JSC::B3::Air::LowerToAir::tryPhi):
2221         (JSC::B3::Air::LowerToAir::tryBranch):
2222         (JSC::B3::Air::LowerToAir::tryJump):
2223         (JSC::B3::Air::LowerToAir::tryIdentity):
2224         * b3/B3LoweringMatcher.patterns:
2225         * b3/B3Opcode.h:
2226         * b3/B3Procedure.cpp:
2227         (JSC::B3::Procedure::resetReachability):
2228         (JSC::B3::Procedure::dump):
2229         * b3/B3ReduceStrength.cpp:
2230         * b3/B3UpsilonValue.cpp:
2231         (JSC::B3::UpsilonValue::dumpMeta):
2232         * b3/B3UpsilonValue.h:
2233         (JSC::B3::UpsilonValue::accepts): Deleted.
2234         (JSC::B3::UpsilonValue::phi): Deleted.
2235         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
2236         * b3/B3Validate.cpp:
2237         * b3/B3Value.cpp:
2238         (JSC::B3::Value::subConstant):
2239         (JSC::B3::Value::equalConstant):
2240         (JSC::B3::Value::notEqualConstant):
2241         (JSC::B3::Value::returnsBool):
2242         (JSC::B3::Value::asTriState):
2243         (JSC::B3::Value::effects):
2244         * b3/B3Value.h:
2245         * b3/B3ValueInlines.h:
2246         (JSC::B3::Value::asInt32):
2247         (JSC::B3::Value::isInt32):
2248         (JSC::B3::Value::hasInt64):
2249         (JSC::B3::Value::asInt64):
2250         (JSC::B3::Value::isInt64):
2251         (JSC::B3::Value::hasInt):
2252         (JSC::B3::Value::asIntPtr):
2253         (JSC::B3::Value::isIntPtr):
2254         (JSC::B3::Value::hasDouble):
2255         (JSC::B3::Value::asDouble):
2256         (JSC::B3::Value::isEqualToDouble):
2257         (JSC::B3::Value::hasNumber):
2258         (JSC::B3::Value::representableAs):
2259         (JSC::B3::Value::asNumber):
2260         (JSC::B3::Value::stackmap):
2261         * b3/air/AirArg.cpp:
2262         (JSC::B3::Air::Arg::dump):
2263         * b3/air/AirArg.h:
2264         (JSC::B3::Air::Arg::resCond):
2265         (JSC::B3::Air::Arg::doubleCond):
2266         (JSC::B3::Air::Arg::special):
2267         (JSC::B3::Air::Arg::isResCond):
2268         (JSC::B3::Air::Arg::isDoubleCond):
2269         (JSC::B3::Air::Arg::isSpecial):
2270         (JSC::B3::Air::Arg::isGP):
2271         (JSC::B3::Air::Arg::isFP):
2272         (JSC::B3::Air::Arg::asResultCondition):
2273         (JSC::B3::Air::Arg::asDoubleCondition):
2274         (JSC::B3::Air::Arg::Arg):
2275         * b3/air/AirCode.cpp:
2276         (JSC::B3::Air::Code::resetReachability):
2277         (JSC::B3::Air::Code::dump):
2278         * b3/air/AirOpcode.opcodes:
2279         * b3/air/opcode_generator.rb:
2280         * b3/testb3.cpp:
2281         (hiddenTruthBecauseNoReturnIsStupid):
2282         (usage):
2283         (JSC::B3::compile):
2284         (JSC::B3::invoke):
2285         (JSC::B3::compileAndRun):
2286         (JSC::B3::test42):
2287         (JSC::B3::testStoreLoadStackSlot):
2288         (JSC::B3::testBranch):
2289         (JSC::B3::testDiamond):
2290         (JSC::B3::testBranchNotEqual):
2291         (JSC::B3::testBranchFold):
2292         (JSC::B3::testDiamondFold):
2293         (JSC::B3::run):
2294         (run):
2295         (main):
2296
2297 2015-10-30  Keith Miller  <keith_miller@apple.com>
2298
2299         [ES6] Add support for toStringTag
2300         https://bugs.webkit.org/show_bug.cgi?id=150696
2301
2302         Reviewed by Geoffrey Garen.
2303
2304         This patch adds support for Symbol.toStringTag. This is a simple
2305         feature, if an object passed to Object.prototype.toString() has a
2306         toStringTag we use the tag in the string rather than the class info.
2307         Added a test that checks this works for all the default supported classes
2308         along with the corresponding prototype and custom cases.
2309
2310         * runtime/ArrayIteratorPrototype.cpp:
2311         (JSC::ArrayIteratorPrototype::finishCreation):
2312         * runtime/CommonIdentifiers.h:
2313         * runtime/JSArrayBufferPrototype.cpp:
2314         (JSC::JSArrayBufferPrototype::finishCreation):
2315         * runtime/JSDataViewPrototype.cpp:
2316         (JSC::JSDataViewPrototype::finishCreation):
2317         * runtime/JSDataViewPrototype.h:
2318         * runtime/JSModuleNamespaceObject.cpp:
2319         (JSC::JSModuleNamespaceObject::finishCreation):
2320         * runtime/JSONObject.cpp:
2321         (JSC::JSONObject::finishCreation):
2322         * runtime/JSPromisePrototype.cpp:
2323         (JSC::JSPromisePrototype::finishCreation):
2324         * runtime/JSTypedArrayViewPrototype.cpp:
2325         (JSC::typedArrayViewProtoGetterFuncToStringTag):
2326         (JSC::JSTypedArrayViewPrototype::finishCreation):
2327         * runtime/MapIteratorPrototype.cpp:
2328         (JSC::MapIteratorPrototype::finishCreation):
2329         * runtime/MapPrototype.cpp:
2330         (JSC::MapPrototype::finishCreation):
2331         * runtime/MathObject.cpp:
2332         (JSC::MathObject::finishCreation):
2333         * runtime/ObjectPrototype.cpp:
2334         (JSC::objectProtoFuncToString):
2335         * runtime/SetIteratorPrototype.cpp:
2336         (JSC::SetIteratorPrototype::finishCreation):
2337         * runtime/SetPrototype.cpp:
2338         (JSC::SetPrototype::finishCreation):
2339         * runtime/SmallStrings.cpp:
2340         (JSC::SmallStrings::SmallStrings):
2341         (JSC::SmallStrings::initializeCommonStrings):
2342         (JSC::SmallStrings::visitStrongReferences):
2343         * runtime/SmallStrings.h:
2344         (JSC::SmallStrings::objectStringStart):
2345         * runtime/StringIteratorPrototype.cpp:
2346         (JSC::StringIteratorPrototype::finishCreation):
2347         * runtime/SymbolPrototype.cpp:
2348         (JSC::SymbolPrototype::finishCreation):
2349         * runtime/WeakMapPrototype.cpp:
2350         (JSC::WeakMapPrototype::finishCreation):
2351         * runtime/WeakSetPrototype.cpp:
2352         (JSC::WeakSetPrototype::finishCreation):
2353         * tests/modules/namespace.js:
2354         * tests/stress/symbol-tostringtag.js: Added.
2355         (toStr):
2356         (strName):
2357         (classes.string_appeared_here):
2358
2359 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
2360
2361         Web Inspector: Do not show JavaScriptCore builtins in inspector
2362         https://bugs.webkit.org/show_bug.cgi?id=146049
2363
2364         Reviewed by Geoffrey Garen.
2365
2366         * debugger/Debugger.cpp:
2367         When gathering scripts to notify the inspector / debuggers about
2368         skip over sources containing host / built-in functions as those
2369         for those won't contain source code developers expect to see.
2370
2371 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
2372
2373         Fix typo in "use strict" in TypedArray builtins
2374         https://bugs.webkit.org/show_bug.cgi?id=150709
2375
2376         Reviewed by Geoffrey Garen.
2377
2378         * builtins/TypedArray.prototype.js:
2379         (toLocaleString):
2380
2381 2015-10-29  Philippe Normand  <pnormand@igalia.com>
2382
2383         [GTK][Mac] disable OBJC JSC API
2384         https://bugs.webkit.org/show_bug.cgi?id=150500
2385
2386         Reviewed by Alex Christensen.
2387
2388         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
2389
2390 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2391
2392         Air::handleCalleeSaves shouldn't save/restore the frame pointer
2393         https://bugs.webkit.org/show_bug.cgi?id=150688
2394
2395         Reviewed by Michael Saboff.
2396
2397         We save/restore the FP inside Air::generate().
2398
2399         * b3/air/AirHandleCalleeSaves.cpp:
2400         (JSC::B3::Air::handleCalleeSaves):
2401
2402 2015-10-29  Michael Saboff  <msaboff@apple.com>
2403
2404         Crash making a tail call from a getter to a host function
2405         https://bugs.webkit.org/show_bug.cgi?id=150663
2406
2407         Reviewed by Geoffrey Garen.
2408
2409         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
2410         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
2411
2412         * jit/JITOperations.cpp:
2413
2414 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2415
2416         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
2417         https://bugs.webkit.org/show_bug.cgi?id=150685
2418
2419         Reviewed by Geoffrey Garen.
2420
2421         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
2422         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
2423         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
2424         requires fewer bits.
2425
2426         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
2427         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
2428         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
2429         helper should happily accept either Const32Value or Const64Value.
2430
2431         We already sort of had this with immAnyType(), but it just turns out that anyone using
2432         immAnyType() should really be using imm().
2433
2434         * b3/B3LowerToAir.cpp:
2435         (JSC::B3::Air::LowerToAir::imm):
2436         (JSC::B3::Air::LowerToAir::tryStore):
2437         (JSC::B3::Air::LowerToAir::tryConst64):
2438         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
2439         * b3/testb3.cpp:
2440         (JSC::B3::testAdd1):
2441         (JSC::B3::testAdd1Ptr):
2442         (JSC::B3::testStoreAddLoad):
2443         (JSC::B3::run):
2444
2445 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2446
2447         StoreOpLoad pattern matching should check effects between the Store and Load
2448         https://bugs.webkit.org/show_bug.cgi?id=150534
2449
2450         Reviewed by Geoffrey Garen.
2451
2452         If we turn:
2453
2454             a = Load(addr)
2455             b = Add(a, 42)
2456             Store(b, addr)
2457
2458         Into:
2459
2460             Add $42, (addr)
2461
2462         Then we must make sure that we didn't really have this to begin with:
2463
2464             a = Load(addr)
2465             Store(666, addr)
2466             b = Add(a, 42)
2467             Store(b, addr)
2468
2469         That's because pattern matching doesn't care about control flow, and it finds the Load
2470         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
2471         enough to broadly ask questions about whether such a code motion of the Load is legal.
2472
2473         * b3/B3Effects.cpp:
2474         (JSC::B3::Effects::interferes):
2475         (JSC::B3::Effects::dump):
2476         * b3/B3Effects.h:
2477         (JSC::B3::Effects::mustExecute):
2478         * b3/B3LowerToAir.cpp:
2479         (JSC::B3::Air::LowerToAir::run):
2480         (JSC::B3::Air::LowerToAir::commitInternal):
2481         (JSC::B3::Air::LowerToAir::crossesInterference):
2482         (JSC::B3::Air::LowerToAir::effectiveAddr):
2483         (JSC::B3::Air::LowerToAir::loadAddr):
2484         * b3/B3Procedure.cpp:
2485         (JSC::B3::Procedure::addBlock):
2486         (JSC::B3::Procedure::resetValueOwners):
2487         (JSC::B3::Procedure::resetReachability):
2488         * b3/B3Procedure.h:
2489         * b3/B3Value.cpp:
2490         (JSC::B3::Value::effects):
2491         * b3/B3Value.h:
2492         * b3/testb3.cpp:
2493         (JSC::B3::testStoreAddLoad):
2494         (JSC::B3::testStoreAddLoadInterference):
2495         (JSC::B3::testStoreAddAndLoad):
2496         (JSC::B3::testLoadOffsetUsingAdd):
2497         (JSC::B3::testLoadOffsetUsingAddInterference):
2498         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2499         (JSC::B3::run):
2500
2501 2015-10-29  Brady Eidson  <beidson@apple.com>
2502
2503         Modern IDB: deleteObjectStore support.
2504         https://bugs.webkit.org/show_bug.cgi?id=150673
2505
2506         Reviewed by Alex Christensen.
2507
2508         * runtime/VM.h:
2509
2510 2015-10-29  Mark Lam  <mark.lam@apple.com>
2511
2512         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
2513         https://bugs.webkit.org/show_bug.cgi?id=150687
2514
2515         Unreviewed.
2516
2517         Disabling the feature while it is being debugged.  I'm doing this by effectively
2518         rolling out only the changes in FTLCapabilities.cpp.
2519
2520         * ftl/FTLCapabilities.cpp:
2521         (JSC::FTL::canCompile):
2522
2523 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2524
2525         Unreviewed, fix iOS build.
2526
2527         * assembler/MacroAssemblerARM64.h:
2528         (JSC::MacroAssemblerARM64::store64):
2529
2530 2015-10-29  Alex Christensen  <achristensen@webkit.org>
2531
2532         Fix Mac CMake build
2533         https://bugs.webkit.org/show_bug.cgi?id=150686
2534
2535         Reviewed by Filip Pizlo.
2536
2537         * API/ObjCCallbackFunction.mm:
2538         * CMakeLists.txt:
2539         * PlatformMac.cmake:
2540
2541 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2542
2543         Air needs syntax for escaping StackSlots
2544         https://bugs.webkit.org/show_bug.cgi?id=150430
2545
2546         Reviewed by Geoffrey Garen.
2547
2548         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
2549         instruction for getting the value of an address. This is necessary to support arbitrary
2550         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
2551         this new instruction.
2552
2553         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
2554         would do: it evaluates an address, but does not load from it or store to it.
2555
2556         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
2557         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
2558         that StackSlots may escape, and factors this into its analysis.
2559
2560         * assembler/MacroAssembler.h:
2561         (JSC::MacroAssembler::lea):
2562         * b3/B3AddressMatcher.patterns:
2563         * b3/B3LowerToAir.cpp:
2564         (JSC::B3::Air::LowerToAir::run):
2565         (JSC::B3::Air::LowerToAir::addr):
2566         (JSC::B3::Air::LowerToAir::loadAddr):
2567         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
2568         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
2569         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
2570         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
2571         (JSC::B3::Air::LowerToAir::tryConst64):
2572         (JSC::B3::Air::LowerToAir::tryFramePointer):
2573         (JSC::B3::Air::LowerToAir::tryStackSlot):
2574         (JSC::B3::Air::LowerToAir::tryIdentity):
2575         * b3/B3LoweringMatcher.patterns:
2576         * b3/B3MemoryValue.cpp:
2577         (JSC::B3::MemoryValue::~MemoryValue):
2578         (JSC::B3::MemoryValue::accessByteSize):
2579         (JSC::B3::MemoryValue::dumpMeta):
2580         * b3/B3MemoryValue.h:
2581         * b3/B3ReduceStrength.cpp:
2582         * b3/B3StackSlotValue.h:
2583         (JSC::B3::StackSlotValue::accepts): Deleted.
2584         * b3/B3Type.h:
2585         (JSC::B3::pointerType):
2586         (JSC::B3::sizeofType):
2587         * b3/B3Validate.cpp:
2588         * b3/B3Value.h:
2589         * b3/air/AirAllocateStack.cpp:
2590         (JSC::B3::Air::allocateStack):
2591         * b3/air/AirArg.h:
2592         (JSC::B3::Air::Arg::isUse):
2593         (JSC::B3::Air::Arg::isDef):
2594         (JSC::B3::Air::Arg::forEachTmp):
2595         * b3/air/AirCode.cpp:
2596         (JSC::B3::Air::Code::addStackSlot):
2597         (JSC::B3::Air::Code::addSpecial):
2598         * b3/air/AirCode.h:
2599         * b3/air/AirOpcode.opcodes:
2600         * b3/air/AirSpillEverything.cpp:
2601         (JSC::B3::Air::spillEverything):
2602         * b3/air/AirStackSlot.h:
2603         (JSC::B3::Air::StackSlot::byteSize):
2604         (JSC::B3::Air::StackSlot::kind):
2605         (JSC::B3::Air::StackSlot::isLocked):
2606         (JSC::B3::Air::StackSlot::index):
2607         (JSC::B3::Air::StackSlot::alignment):
2608         * b3/air/opcode_generator.rb:
2609         * b3/testb3.cpp:
2610         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2611         (JSC::B3::testFramePointer):
2612         (JSC::B3::testStackSlot):
2613         (JSC::B3::testLoadFromFramePointer):
2614         (JSC::B3::testStoreLoadStackSlot):
2615         (JSC::B3::run):
2616
2617 2015-10-29  Saam barati  <sbarati@apple.com>
2618
2619         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
2620         https://bugs.webkit.org/show_bug.cgi?id=150655
2621
2622         Reviewed by Filip Pizlo.
2623
2624         We're recomputing this value for an *OSRExitDescriptor* for every one
2625         of its corresponding *OSRExits*. This is having a multiplicative
2626         effect on offsets because each computation is relative to the previous
2627         value. We must do this computation just once per OSRExitDescriptor.
2628
2629         * ftl/FTLCompile.cpp:
2630         (JSC::FTL::mmAllocateDataSection):
2631
2632 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2633
2634         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
2635         https://bugs.webkit.org/show_bug.cgi?id=150657
2636
2637         Reviewed by Geoffrey Garen.
2638
2639         Also added the ability to store an immediate to memory.
2640
2641         * assembler/MacroAssembler.h:
2642         (JSC::MacroAssembler::storePtr):
2643         * assembler/MacroAssemblerARM64.h:
2644         (JSC::MacroAssemblerARM64::store64):
2645         * assembler/MacroAssemblerX86_64.h:
2646         (JSC::MacroAssemblerX86_64::store64):
2647         * b3/B3LowerToAir.cpp:
2648         (JSC::B3::Air::LowerToAir::imm):
2649         (JSC::B3::Air::LowerToAir::immAnyInt):
2650         (JSC::B3::Air::LowerToAir::immOrTmp):
2651         (JSC::B3::Air::LowerToAir::tryStore):
2652         * b3/air/AirOpcode.opcodes:
2653         * b3/air/AirSpillEverything.cpp:
2654         (JSC::B3::Air::spillEverything):
2655         * b3/testb3.cpp:
2656         (JSC::B3::testStore):
2657         (JSC::B3::testStoreConstant):
2658         (JSC::B3::testStoreConstantPtr):
2659         (JSC::B3::testTrunc):
2660         (JSC::B3::run):
2661
2662 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2663
2664         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
2665         https://bugs.webkit.org/show_bug.cgi?id=150654
2666
2667         Reviewed by Geoffrey Garen.
2668
2669         * inspector/scripts/codegen/generator.py:
2670
2671 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2672
2673         B3::reduceStrength() should do DCE
2674         https://bugs.webkit.org/show_bug.cgi?id=150656
2675
2676         Reviewed by Saam Barati.
2677
2678         * b3/B3BasicBlock.cpp:
2679         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
2680         * b3/B3BasicBlock.h:
2681         * b3/B3Procedure.cpp:
2682         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
2683         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
2684         * b3/B3Procedure.h:
2685         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
2686         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2687         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2688         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
2689         (JSC::B3::Procedure::values):
2690         * b3/B3ProcedureInlines.h:
2691         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
2692         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
2693
2694 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2695
2696         Web Inspector: Remove unused / duplicate WebSocket timeline records
2697         https://bugs.webkit.org/show_bug.cgi?id=150647
2698
2699         Reviewed by Timothy Hatcher.
2700
2701         * inspector/protocol/Timeline.json:
2702
2703 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2704
2705         B3::LowerToAir should not duplicate Loads
2706         https://bugs.webkit.org/show_bug.cgi?id=150651
2707
2708         Reviewed by Benjamin Poulain.
2709
2710         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
2711         if we haven't already emitted code that uses the Value and the Value has only one direct
2712         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
2713         Value: we won't emit any more code for it in the future.
2714
2715         The optimization to fuse Loads was forgetting to do all of these things, and so generated
2716         code would have a lot of duplicated Loads. That's bad and this change fixes that.
2717
2718         Ordinarily, this is far less tricky because the pattern matcher does this for us via
2719         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
2720         won't need to do this manually very often.
2721
2722         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
2723         debug.
2724
2725         * b3/B3IndexMap.h:
2726         (JSC::B3::IndexMap::IndexMap):
2727         (JSC::B3::IndexMap::resize):
2728         (JSC::B3::IndexMap::operator[]):
2729         * b3/B3LowerToAir.cpp:
2730         (JSC::B3::Air::LowerToAir::tmp):
2731         (JSC::B3::Air::LowerToAir::canBeInternal):
2732         (JSC::B3::Air::LowerToAir::commitInternal):
2733         (JSC::B3::Air::LowerToAir::effectiveAddr):
2734         (JSC::B3::Air::LowerToAir::loadAddr):
2735         (JSC::B3::Air::LowerToAir::appendBinOp):
2736         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2737         (JSC::B3::Air::LowerToAir::acceptInternals):
2738         * b3/B3UseCounts.cpp:
2739         (JSC::B3::UseCounts::UseCounts):
2740
2741 2015-10-28  Mark Lam  <mark.lam@apple.com>
2742
2743         JITSubGenerator::generateFastPath() does not need to be inlined.
2744         https://bugs.webkit.org/show_bug.cgi?id=150645
2745
2746         Reviewed by Geoffrey Garen.
2747
2748         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
2749         perf neutral.
2750
2751         * CMakeLists.txt:
2752         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2753         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2754         * JavaScriptCore.xcodeproj/project.pbxproj:
2755         * ftl/FTLCompile.cpp:
2756         * jit/JITSubGenerator.cpp: Added.
2757         (JSC::JITSubGenerator::generateFastPath):
2758         * jit/JITSubGenerator.h:
2759         (JSC::JITSubGenerator::JITSubGenerator):
2760         (JSC::JITSubGenerator::endJumpList):
2761         (JSC::JITSubGenerator::slowPathJumpList):
2762         (JSC::JITSubGenerator::generateFastPath): Deleted.
2763
2764 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2765
2766         [B3] handleCommutativity should canonicalize commutative operations over non-constants
2767         https://bugs.webkit.org/show_bug.cgi?id=150649
2768
2769         Reviewed by Saam Barati.
2770
2771         Turn this: Add(value1, value2)
2772         Into this: Add(value2, value1)
2773
2774         But ony if value2 should come before value1 according to our total ordering. This will allow
2775         CSE to observe the equality between commuted versions of the same operation, since we will
2776         first canonicalize them into the same order.
2777
2778         * b3/B3ReduceStrength.cpp:
2779
2780 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2781
2782         Unreviewed, fix the build for case sensitive file systems.
2783
2784         * b3/air/AirBasicBlock.h:
2785         * b3/air/AirStackSlot.h:
2786
2787 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2788
2789         Create a super rough prototype of B3
2790         https://bugs.webkit.org/show_bug.cgi?id=150280
2791
2792         Reviewed by Benjamin Poulain.
2793
2794         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
2795         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
2796         for aggressive C-level optimizations and an awesome portable backend. The backend, called
2797         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
2798         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
2799         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
2800         instruction selection, reflectively selects Air opcodes by querying which instruction forms
2801         are possible. Air allows for optimal register allocation and stack layout. Currently the
2802         register allocator isn't written, but the stack layout is.
2803
2804         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
2805         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
2806         stuff added to the instruction selector. But it's a neat start.
2807
2808         * CMakeLists.txt:
2809         * DerivedSources.make:
2810         * JavaScriptCore.xcodeproj/project.pbxproj:
2811         * assembler/MacroAssembler.cpp:
2812         (WTF::printInternal):
2813         * assembler/MacroAssembler.h:
2814         * b3: Added.
2815         * b3/B3AddressMatcher.patterns: Added.
2816         * b3/B3ArgumentRegValue.cpp: Added.
2817         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
2818         (JSC::B3::ArgumentRegValue::dumpMeta):
2819         * b3/B3ArgumentRegValue.h: Added.
2820         * b3/B3BasicBlock.cpp: Added.
2821         (JSC::B3::BasicBlock::BasicBlock):
2822         (JSC::B3::BasicBlock::~BasicBlock):
2823         (JSC::B3::BasicBlock::append):
2824         (JSC::B3::BasicBlock::addPredecessor):
2825         (JSC::B3::BasicBlock::removePredecessor):
2826         (JSC::B3::BasicBlock::replacePredecessor):
2827         (JSC::B3::BasicBlock::removeNops):
2828         (JSC::B3::BasicBlock::dump):
2829         (JSC::B3::BasicBlock::deepDump):
2830         * b3/B3BasicBlock.h: Added.
2831         (JSC::B3::BasicBlock::index):
2832         (JSC::B3::BasicBlock::begin):
2833         (JSC::B3::BasicBlock::end):
2834         (JSC::B3::BasicBlock::size):
2835         (JSC::B3::BasicBlock::at):
2836         (JSC::B3::BasicBlock::last):
2837         (JSC::B3::BasicBlock::values):
2838         (JSC::B3::BasicBlock::numPredecessors):
2839         (JSC::B3::BasicBlock::predecessor):
2840         (JSC::B3::BasicBlock::predecessors):
2841         (JSC::B3::BasicBlock::frequency):
2842         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
2843         (JSC::B3::DeepBasicBlockDump::dump):
2844         (JSC::B3::deepDump):
2845         * b3/B3BasicBlockInlines.h: Added.
2846         (JSC::B3::BasicBlock::appendNew):
2847         (JSC::B3::BasicBlock::numSuccessors):
2848         (JSC::B3::BasicBlock::successor):
2849         (JSC::B3::BasicBlock::successors):
2850         (JSC::B3::BasicBlock::successorBlock):
2851         (JSC::B3::BasicBlock::successorBlocks):
2852         * b3/B3BasicBlockUtils.h: Added.
2853         (JSC::B3::addPredecessor):
2854         (JSC::B3::removePredecessor):
2855         (JSC::B3::replacePredecessor):
2856         (JSC::B3::resetReachability):
2857         (JSC::B3::blocksInPreOrder):
2858         (JSC::B3::blocksInPostOrder):
2859         * b3/B3BlockWorklist.h: Added.
2860         * b3/B3CheckSpecial.cpp: Added.
2861         (JSC::B3::Air::numB3Args):
2862         (JSC::B3::CheckSpecial::CheckSpecial):
2863         (JSC::B3::CheckSpecial::~CheckSpecial):
2864         (JSC::B3::CheckSpecial::hiddenBranch):
2865         (JSC::B3::CheckSpecial::forEachArg):
2866         (JSC::B3::CheckSpecial::isValid):
2867         (JSC::B3::CheckSpecial::admitsStack):
2868         (JSC::B3::CheckSpecial::generate):
2869         (JSC::B3::CheckSpecial::dumpImpl):
2870         (JSC::B3::CheckSpecial::deepDumpImpl):
2871         * b3/B3CheckSpecial.h: Added.
2872         * b3/B3CheckValue.cpp: Added.
2873         (JSC::B3::CheckValue::~CheckValue):
2874         (JSC::B3::CheckValue::dumpMeta):
2875         * b3/B3CheckValue.h: Added.
2876         * b3/B3Common.cpp: Added.
2877         (JSC::B3::shouldDumpIR):
2878         (JSC::B3::shouldDumpIRAtEachPhase):
2879         (JSC::B3::shouldValidateIR):
2880         (JSC::B3::shouldValidateIRAtEachPhase):
2881         (JSC::B3::shouldSaveIRBeforePhase):
2882         * b3/B3Common.h: Added.
2883         (JSC::B3::is64Bit):
2884         (JSC::B3::is32Bit):
2885         * b3/B3Commutativity.cpp: Added.
2886         (WTF::printInternal):
2887         * b3/B3Commutativity.h: Added.
2888         * b3/B3Const32Value.cpp: Added.
2889         (JSC::B3::Const32Value::~Const32Value):
2890         (JSC::B3::Const32Value::negConstant):
2891         (JSC::B3::Const32Value::addConstant):
2892         (JSC::B3::Const32Value::subConstant):
2893         (JSC::B3::Const32Value::dumpMeta):
2894         * b3/B3Const32Value.h: Added.
2895         * b3/B3Const64Value.cpp: Added.
2896         (JSC::B3::Const64Value::~Const64Value):
2897         (JSC::B3::Const64Value::negConstant):
2898         (JSC::B3::Const64Value::addConstant):
2899         (JSC::B3::Const64Value::subConstant):
2900         (JSC::B3::Const64Value::dumpMeta):
2901         * b3/B3Const64Value.h: Added.
2902         * b3/B3ConstDoubleValue.cpp: Added.
2903         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
2904         (JSC::B3::ConstDoubleValue::negConstant):
2905         (JSC::B3::ConstDoubleValue::addConstant):
2906         (JSC::B3::ConstDoubleValue::subConstant):
2907         (JSC::B3::ConstDoubleValue::dumpMeta):
2908         * b3/B3ConstDoubleValue.h: Added.
2909         (JSC::B3::ConstDoubleValue::accepts):
2910         (JSC::B3::ConstDoubleValue::value):
2911         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
2912         * b3/B3ConstPtrValue.h: Added.
2913         (JSC::B3::ConstPtrValue::value):
2914         (JSC::B3::ConstPtrValue::ConstPtrValue):
2915         * b3/B3ControlValue.cpp: Added.
2916         (JSC::B3::ControlValue::~ControlValue):
2917         (JSC::B3::ControlValue::dumpMeta):
2918         * b3/B3ControlValue.h: Added.
2919         * b3/B3Effects.cpp: Added.
2920         (JSC::B3::Effects::dump):
2921         * b3/B3Effects.h: Added.
2922         (JSC::B3::Effects::mustExecute):
2923         * b3/B3FrequencyClass.cpp: Added.
2924         (WTF::printInternal):
2925         * b3/B3FrequencyClass.h: Added.
2926         * b3/B3FrequentedBlock.h: Added.
2927         * b3/B3Generate.cpp: Added.
2928         (JSC::B3::generate):
2929         (JSC::B3::generateToAir):
2930         * b3/B3Generate.h: Added.
2931         * b3/B3GenericFrequentedBlock.h: Added.
2932         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
2933         (JSC::B3::GenericFrequentedBlock::operator==):
2934         (JSC::B3::GenericFrequentedBlock::operator!=):
2935         (JSC::B3::GenericFrequentedBlock::operator bool):
2936         (JSC::B3::GenericFrequentedBlock::block):
2937         (JSC::B3::GenericFrequentedBlock::frequency):
2938         (JSC::B3::GenericFrequentedBlock::dump):
2939         * b3/B3HeapRange.cpp: Added.
2940         (JSC::B3::HeapRange::dump):
2941         * b3/B3HeapRange.h: Added.
2942         (JSC::B3::HeapRange::HeapRange):
2943         (JSC::B3::HeapRange::top):
2944         (JSC::B3::HeapRange::operator==):
2945         (JSC::B3::HeapRange::operator!=):
2946         (JSC::B3::HeapRange::operator bool):
2947         (JSC::B3::HeapRange::begin):
2948         (JSC::B3::HeapRange::end):
2949         (JSC::B3::HeapRange::overlaps):
2950         * b3/B3IndexMap.h: Added.
2951         (JSC::B3::IndexMap::IndexMap):
2952         (JSC::B3::IndexMap::resize):
2953         (JSC::B3::IndexMap::operator[]):
2954         * b3/B3IndexSet.h: Added.
2955         (JSC::B3::IndexSet::IndexSet):
2956         (JSC::B3::IndexSet::add):
2957         (JSC::B3::IndexSet::contains):
2958         (JSC::B3::IndexSet::Iterable::Iterable):
2959         (JSC::B3::IndexSet::Iterable::iterator::iterator):
2960         (JSC::B3::IndexSet::Iterable::iterator::operator*):
2961         (JSC::B3::IndexSet::Iterable::iterator::operator++):
2962         (JSC::B3::IndexSet::Iterable::iterator::operator==):
2963         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
2964         (JSC::B3::IndexSet::Iterable::begin):
2965         (JSC::B3::IndexSet::Iterable::end):
2966         (JSC::B3::IndexSet::values):
2967         (JSC::B3::IndexSet::indices):
2968         (JSC::B3::IndexSet::dump):
2969         * b3/B3InsertionSet.cpp: Added.
2970         (JSC::B3::InsertionSet::execute):
2971         * b3/B3InsertionSet.h: Added.
2972         (JSC::B3::InsertionSet::InsertionSet):
2973         (JSC::B3::InsertionSet::code):
2974         (JSC::B3::InsertionSet::appendInsertion):
2975         (JSC::B3::InsertionSet::insertValue):
2976         * b3/B3InsertionSetInlines.h: Added.
2977         (JSC::B3::InsertionSet::insert):
2978         * b3/B3LowerToAir.cpp: Added.
2979         (JSC::B3::Air::LowerToAir::LowerToAir):
2980         (JSC::B3::Air::LowerToAir::run):
2981         (JSC::B3::Air::LowerToAir::tmp):
2982         (JSC::B3::Air::LowerToAir::effectiveAddr):
2983         (JSC::B3::Air::LowerToAir::addr):
2984         (JSC::B3::Air::LowerToAir::loadAddr):
2985         (JSC::B3::Air::LowerToAir::imm):
2986         (JSC::B3::Air::LowerToAir::immOrTmp):
2987         (JSC::B3::Air::LowerToAir::appendBinOp):
2988         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2989         (JSC::B3::Air::LowerToAir::moveForType):
2990         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
2991         (JSC::B3::Air::LowerToAir::append):
2992         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
2993         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
2994         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
2995         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
2996         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
2997         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
2998         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
2999         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
3000         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
3001         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
3002         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
3003         (JSC::B3::Air::LowerToAir::acceptRoot):
3004         (JSC::B3::Air::LowerToAir::acceptRootLate):
3005         (JSC::B3::Air::LowerToAir::acceptInternals):
3006         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
3007         (JSC::B3::Air::LowerToAir::acceptOperands):
3008         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
3009         (JSC::B3::Air::LowerToAir::tryLoad):
3010         (JSC::B3::Air::LowerToAir::tryAdd):
3011         (JSC::B3::Air::LowerToAir::tryAnd):
3012         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
3013         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
3014         (JSC::B3::Air::LowerToAir::tryStore):
3015         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
3016         (JSC::B3::Air::LowerToAir::tryTrunc):
3017         (JSC::B3::Air::LowerToAir::tryArgumentReg):
3018         (JSC::B3::Air::LowerToAir::tryConst32):
3019         (JSC::B3::Air::LowerToAir::tryConst64):
3020         (JSC::B3::Air::LowerToAir::tryIdentity):
3021         (JSC::B3::Air::LowerToAir::tryReturn):
3022         (JSC::B3::lowerToAir):
3023         * b3/B3LowerToAir.h: Added.
3024         * b3/B3LoweringMatcher.patterns: Added.
3025         * b3/B3MemoryValue.cpp: Added.
3026         (JSC::B3::MemoryValue::~MemoryValue):
3027         (JSC::B3::MemoryValue::dumpMeta):
3028         * b3/B3MemoryValue.h: Added.
3029         * b3/B3Opcode.cpp: Added.
3030         (WTF::printInternal):
3031         * b3/B3Opcode.h: Added.
3032         (JSC::B3::isCheckMath):
3033         * b3/B3Origin.cpp: Added.
3034         (JSC::B3::Origin::dump):
3035         * b3/B3Origin.h: Added.
3036         (JSC::B3::Origin::Origin):
3037         (JSC::B3::Origin::operator bool):
3038         (JSC::B3::Origin::data):
3039         * b3/B3PatchpointSpecial.cpp: Added.
3040         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
3041         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
3042         (JSC::B3::PatchpointSpecial::forEachArg):
3043         (JSC::B3::PatchpointSpecial::isValid):
3044         (JSC::B3::PatchpointSpecial::admitsStack):
3045         (JSC::B3::PatchpointSpecial::generate):
3046         (JSC::B3::PatchpointSpecial::dumpImpl):
3047         (JSC::B3::PatchpointSpecial::deepDumpImpl):
3048         * b3/B3PatchpointSpecial.h: Added.
3049         * b3/B3PatchpointValue.cpp: Added.
3050         (JSC::B3::PatchpointValue::~PatchpointValue):
3051         (JSC::B3::PatchpointValue::dumpMeta):
3052         * b3/B3PatchpointValue.h: Added.
3053         (JSC::B3::PatchpointValue::accepts):
3054         (JSC::B3::PatchpointValue::PatchpointValue):
3055         * b3/B3PhaseScope.cpp: Added.
3056         (JSC::B3::PhaseScope::PhaseScope):
3057         (JSC::B3::PhaseScope::~PhaseScope):
3058         * b3/B3PhaseScope.h: Added.
3059         * b3/B3Procedure.cpp: Added.
3060         (JSC::B3::Procedure::Procedure):
3061         (JSC::B3::Procedure::~Procedure):
3062         (JSC::B3::Procedure::addBlock):
3063         (JSC::B3::Procedure::resetReachability):
3064         (JSC::B3::Procedure::dump):
3065         (JSC::B3::Procedure::blocksInPreOrder):
3066         (JSC::B3::Procedure::blocksInPostOrder):
3067         * b3/B3Procedure.h: Added.
3068         (JSC::B3::Procedure::size):
3069         (JSC::B3::Procedure::at):
3070         (JSC::B3::Procedure::operator[]):
3071         (JSC::B3::Procedure::iterator::iterator):
3072         (JSC::B3::Procedure::iterator::operator*):
3073         (JSC::B3::Procedure::iterator::operator++):
3074         (JSC::B3::Procedure::iterator::operator==):
3075         (JSC::B3::Procedure::iterator::operator!=):
3076         (JSC::B3::Procedure::iterator::findNext):
3077         (JSC::B3::Procedure::begin):
3078         (JSC::B3::Procedure::end):
3079         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
3080         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
3081         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
3082         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
3083         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
3084         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
3085         (JSC::B3::Procedure::ValuesCollection::begin):
3086         (JSC::B3::Procedure::ValuesCollection::end):
3087         (JSC::B3::Procedure::ValuesCollection::size):
3088         (JSC::B3::Procedure::ValuesCollection::at):
3089         (JSC::B3::Procedure::ValuesCollection::operator[]):
3090         (JSC::B3::Procedure::values):
3091         (JSC::B3::Procedure::setLastPhaseName):
3092         (JSC::B3::Procedure::lastPhaseName):
3093         * b3/B3ProcedureInlines.h: Added.
3094         (JSC::B3::Procedure::add):
3095         * b3/B3ReduceStrength.cpp: Added.
3096         (JSC::B3::reduceStrength):
3097         * b3/B3ReduceStrength.h: Added.
3098         * b3/B3StackSlotKind.cpp: Added.
3099         (WTF::printInternal):
3100         * b3/B3StackSlotKind.h: Added.
3101         * b3/B3StackSlotValue.cpp: Added.
3102         (JSC::B3::StackSlotValue::~StackSlotValue):
3103         (JSC::B3::StackSlotValue::dumpMeta):
3104         * b3/B3StackSlotValue.h: Added.
3105         (JSC::B3::StackSlotValue::accepts):
3106         (JSC::B3::StackSlotValue::byteSize):
3107         (JSC::B3::StackSlotValue::kind):
3108         (JSC::B3::StackSlotValue::offsetFromFP):
3109         (JSC::B3::StackSlotValue::setOffsetFromFP):
3110         (JSC::B3::StackSlotValue::StackSlotValue):
3111         * b3/B3Stackmap.cpp: Added.
3112         (JSC::B3::Stackmap::Stackmap):
3113         (JSC::B3::Stackmap::~Stackmap):
3114         (JSC::B3::Stackmap::dump):
3115         * b3/B3Stackmap.h: Added.
3116         (JSC::B3::Stackmap::constrain):
3117         (JSC::B3::Stackmap::reps):
3118         (JSC::B3::Stackmap::clobber):
3119         (JSC::B3::Stackmap::clobbered):
3120         (JSC::B3::Stackmap::setGenerator):
3121         * b3/B3StackmapSpecial.cpp: Added.
3122         (JSC::B3::StackmapSpecial::StackmapSpecial):
3123         (JSC::B3::StackmapSpecial::~StackmapSpecial):
3124         (JSC::B3::StackmapSpecial::reportUsedRegisters):
3125         (JSC::B3::StackmapSpecial::extraClobberedRegs):
3126         (JSC::B3::StackmapSpecial::forEachArgImpl):
3127         (JSC::B3::StackmapSpecial::isValidImpl):
3128         (JSC::B3::StackmapSpecial::admitsStackImpl):
3129         (JSC::B3::StackmapSpecial::appendRepsImpl):
3130         (JSC::B3::StackmapSpecial::repForArg):
3131         * b3/B3StackmapSpecial.h: Added.
3132         * b3/B3SuccessorCollection.h: Added.
3133         (JSC::B3::SuccessorCollection::SuccessorCollection):
3134         (JSC::B3::SuccessorCollection::size):
3135         (JSC::B3::SuccessorCollection::at):
3136         (JSC::B3::SuccessorCollection::operator[]):
3137         (JSC::B3::SuccessorCollection::iterator::iterator):
3138         (JSC::B3::SuccessorCollection::iterator::operator*):
3139         (JSC::B3::SuccessorCollection::iterator::operator++):
3140         (JSC::B3::SuccessorCollection::iterator::operator==):
3141         (JSC::B3::SuccessorCollection::iterator::operator!=):
3142         (JSC::B3::SuccessorCollection::begin):
3143         (JSC::B3::SuccessorCollection::end):
3144         * b3/B3SwitchCase.cpp: Added.
3145         (JSC::B3::SwitchCase::dump):
3146         * b3/B3SwitchCase.h: Added.
3147         (JSC::B3::SwitchCase::SwitchCase):
3148         (JSC::B3::SwitchCase::operator bool):
3149         (JSC::B3::SwitchCase::caseValue):
3150         (JSC::B3::SwitchCase::target):
3151         (JSC::B3::SwitchCase::targetBlock):
3152         * b3/B3SwitchValue.cpp: Added.
3153         (JSC::B3::SwitchValue::~SwitchValue):
3154         (JSC::B3::SwitchValue::removeCase):
3155         (JSC::B3::SwitchValue::appendCase):
3156         (JSC::B3::SwitchValue::dumpMeta):
3157         (JSC::B3::SwitchValue::SwitchValue):
3158         * b3/B3SwitchValue.h: Added.
3159         (JSC::B3::SwitchValue::accepts):
3160         (JSC::B3::SwitchValue::numCaseValues):
3161         (JSC::B3::SwitchValue::caseValue):
3162         (JSC::B3::SwitchValue::caseValues):
3163         (JSC::B3::SwitchValue::fallThrough):
3164         (JSC::B3::SwitchValue::size):
3165         (JSC::B3::SwitchValue::at):
3166         (JSC::B3::SwitchValue::operator[]):
3167         (JSC::B3::SwitchValue::iterator::iterator):
3168         (JSC::B3::SwitchValue::iterator::operator*):
3169         (JSC::B3::SwitchValue::iterator::operator++):
3170         (JSC::B3::SwitchValue::iterator::operator==):
3171         (JSC::B3::SwitchValue::iterator::operator!=):
3172         (JSC::B3::SwitchValue::begin):
3173         (JSC::B3::SwitchValue::end):
3174         * b3/B3Type.cpp: Added.
3175         (WTF::printInternal):
3176         * b3/B3Type.h: Added.
3177         (JSC::B3::isInt):
3178         (JSC::B3::isFloat):
3179         (JSC::B3::pointerType):
3180         * b3/B3UpsilonValue.cpp: Added.
3181         (JSC::B3::UpsilonValue::~UpsilonValue):
3182         (JSC::B3::UpsilonValue::dumpMeta):
3183         * b3/B3UpsilonValue.h: Added.
3184         (JSC::B3::UpsilonValue::accepts):
3185         (JSC::B3::UpsilonValue::phi):
3186         (JSC::B3::UpsilonValue::UpsilonValue):
3187         * b3/B3UseCounts.cpp: Added.
3188         (JSC::B3::UseCounts::UseCounts):
3189         (JSC::B3::UseCounts::~UseCounts):
3190         * b3/B3UseCounts.h: Added.
3191         (JSC::B3::UseCounts::operator[]):
3192         * b3/B3Validate.cpp: Added.
3193         (JSC::B3::validate):
3194         * b3/B3Validate.h: Added.
3195         * b3/B3Value.cpp: Added.
3196         (JSC::B3::Value::~Value):
3197         (JSC::B3::Value::replaceWithIdentity):
3198         (JSC::B3::Value::replaceWithNop):
3199         (JSC::B3::Value::dump):
3200         (JSC::B3::Value::deepDump):
3201         (JSC::B3::Value::negConstant):
3202         (JSC::B3::Value::addConstant):
3203         (JSC::B3::Value::subConstant):
3204         (JSC::B3::Value::effects):
3205         (JSC::B3::Value::performSubstitution):
3206         (JSC::B3::Value::dumpMeta):
3207         (JSC::B3::Value::typeFor):
3208         * b3/B3Value.h: Added.
3209         (JSC::B3::DeepValueDump::DeepValueDump):
3210         (JSC::B3::DeepValueDump::dump):
3211         (JSC::B3::deepDump):
3212         * b3/B3ValueInlines.h: Added.
3213         (JSC::B3::Value::as):
3214         (JSC::B3::Value::isConstant):
3215         (JSC::B3::Value::hasInt32):
3216         (JSC::B3::Value::asInt32):
3217         (JSC::B3::Value::hasInt64):
3218         (JSC::B3::Value::asInt64):
3219         (JSC::B3::Value::hasInt):
3220         (JSC::B3::Value::asInt):
3221         (JSC::B3::Value::isInt):
3222         (JSC::B3::Value::hasIntPtr):
3223         (JSC::B3::Value::asIntPtr):
3224         (JSC::B3::Value::hasDouble):
3225         (JSC::B3::Value::asDouble):
3226         (JSC::B3::Value::stackmap):
3227         * b3/B3ValueRep.cpp: Added.
3228         (JSC::B3::ValueRep::dump):
3229         (WTF::printInternal):
3230         * b3/B3ValueRep.h: Added.
3231         (JSC::B3::ValueRep::ValueRep):
3232         (JSC::B3::ValueRep::reg):
3233         (JSC::B3::ValueRep::stack):
3234         (JSC::B3::ValueRep::stackArgument):
3235         (JSC::B3::ValueRep::constant):
3236         (JSC::B3::ValueRep::constantDouble):
3237         (JSC::B3::ValueRep::kind):
3238         (JSC::B3::ValueRep::operator bool):
3239         (JSC::B3::ValueRep::offsetFromFP):
3240         (JSC::B3::ValueRep::offsetFromSP):
3241         (JSC::B3::ValueRep::value):
3242         (JSC::B3::ValueRep::doubleValue):
3243         * b3/air: Added.
3244         * b3/air/AirAllocateStack.cpp: Added.
3245         (JSC::B3::Air::allocateStack):
3246         * b3/air/AirAllocateStack.h: Added.
3247         * b3/air/AirArg.cpp: Added.
3248         (JSC::B3::Air::Arg::dump):
3249         * b3/air/AirArg.h: Added.
3250         (JSC::B3::Air::Arg::isUse):
3251         (JSC::B3::Air::Arg::isDef):
3252         (JSC::B3::Air::Arg::typeForB3Type):
3253         (JSC::B3::Air::Arg::Arg):
3254         (JSC::B3::Air::Arg::imm):
3255         (JSC::B3::Air::Arg::imm64):
3256         (JSC::B3::Air::Arg::addr):
3257         (JSC::B3::Air::Arg::stack):
3258         (JSC::B3::Air::Arg::callArg):
3259         (JSC::B3::Air::Arg::isValidScale):
3260         (JSC::B3::Air::Arg::logScale):
3261         (JSC::B3::Air::Arg::index):
3262         (JSC::B3::Air::Arg::relCond):
3263         (JSC::B3::Air::Arg::resCond):
3264         (JSC::B3::Air::Arg::special):
3265         (JSC::B3::Air::Arg::operator==):
3266         (JSC::B3::Air::Arg::operator!=):
3267         (JSC::B3::Air::Arg::operator bool):
3268         (JSC::B3::Air::Arg::kind):
3269         (JSC::B3::Air::Arg::isTmp):
3270         (JSC::B3::Air::Arg::isImm):
3271         (JSC::B3::Air::Arg::isImm64):
3272         (JSC::B3::Air::Arg::isAddr):
3273         (JSC::B3::Air::Arg::isStack):
3274         (JSC::B3::Air::Arg::isCallArg):
3275         (JSC::B3::Air::Arg::isIndex):
3276         (JSC::B3::Air::Arg::isRelCond):
3277         (JSC::B3::Air::Arg::isResCond):
3278         (JSC::B3::Air::Arg::isSpecial):
3279         (JSC::B3::Air::Arg::isAlive):
3280         (JSC::B3::Air::Arg::tmp):
3281         (JSC::B3::Air::Arg::value):
3282         (JSC::B3::Air::Arg::pointerValue):
3283         (JSC::B3::Air::Arg::base):
3284         (JSC::B3::Air::Arg::hasOffset):
3285         (JSC::B3::Air::Arg::offset):
3286         (JSC::B3::Air::Arg::stackSlot):
3287         (JSC::B3::Air::Arg::scale):
3288         (JSC::B3::Air::Arg::isGPTmp):
3289         (JSC::B3::Air::Arg::isFPTmp):
3290         (JSC::B3::Air::Arg::isGP):
3291         (JSC::B3::Air::Arg::isFP):
3292         (JSC::B3::Air::Arg::hasType):
3293         (JSC::B3::Air::Arg::type):
3294         (JSC::B3::Air::Arg::isType):
3295         (JSC::B3::Air::Arg::isGPR):
3296         (JSC::B3::Air::Arg::gpr):
3297         (JSC::B3::Air::Arg::isFPR):
3298         (JSC::B3::Air::Arg::fpr):
3299         (JSC::B3::Air::Arg::isReg):
3300         (JSC::B3::Air::Arg::reg):
3301         (JSC::B3::Air::Arg::gpTmpIndex):
3302         (JSC::B3::Air::Arg::fpTmpIndex):
3303         (JSC::B3::Air::Arg::tmpIndex):
3304         (JSC::B3::Air::Arg::withOffset):
3305         (JSC::B3::Air::Arg::forEachTmpFast):
3306         (JSC::B3::Air::Arg::forEachTmp):
3307         (JSC::B3::Air::Arg::asTrustedImm32):
3308         (JSC::B3::Air::Arg::asTrustedImm64):
3309         (JSC::B3::Air::Arg::asTrustedImmPtr):
3310         (JSC::B3::Air::Arg::asAddress):
3311         (JSC::B3::Air::Arg::asBaseIndex):
3312         (JSC::B3::Air::Arg::asRelationalCondition):
3313         (JSC::B3::Air::Arg::asResultCondition):
3314         (JSC::B3::Air::Arg::isHashTableDeletedValue):
3315         (JSC::B3::Air::Arg::hash):
3316         (JSC::B3::Air::ArgHash::hash):
3317         (JSC::B3::Air::ArgHash::equal):
3318         * b3/air/AirBasicBlock.cpp: Added.
3319         (JSC::B3::Air::BasicBlock::addPredecessor):
3320         (JSC::B3::Air::BasicBlock::removePredecessor):
3321         (JSC::B3::Air::BasicBlock::replacePredecessor):
3322         (JSC::B3::Air::BasicBlock::dump):
3323         (JSC::B3::Air::BasicBlock::deepDump):
3324         (JSC::B3::Air::BasicBlock::BasicBlock):
3325         * b3/air/AirBasicBlock.h: Added.
3326         (JSC::B3::Air::BasicBlock::index):
3327         (JSC::B3::Air::BasicBlock::size):
3328         (JSC::B3::Air::BasicBlock::begin):
3329         (JSC::B3::Air::BasicBlock::end):
3330         (JSC::B3::Air::BasicBlock::at):
3331         (JSC::B3::Air::BasicBlock::last):
3332         (JSC::B3::Air::BasicBlock::appendInst):
3333         (JSC::B3::Air::BasicBlock::append):
3334         (JSC::B3::Air::BasicBlock::numSuccessors):
3335         (JSC::B3::Air::BasicBlock::successor):
3336         (JSC::B3::Air::BasicBlock::successors):
3337         (JSC::B3::Air::BasicBlock::successorBlock):
3338         (JSC::B3::Air::BasicBlock::successorBlocks):
3339         (JSC::B3::Air::BasicBlock::numPredecessors):
3340         (JSC::B3::Air::BasicBlock::predecessor):
3341         (JSC::B3::Air::BasicBlock::predecessors):
3342         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
3343         (JSC::B3::Air::DeepBasicBlockDump::dump):
3344         (JSC::B3::Air::deepDump):
3345         * b3/air/AirCCallSpecial.cpp: Added.
3346         (JSC::B3::Air::CCallSpecial::CCallSpecial):
3347         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
3348         (JSC::B3::Air::CCallSpecial::forEachArg):
3349         (JSC::B3::Air::CCallSpecial::isValid):
3350         (JSC::B3::Air::CCallSpecial::admitsStack):
3351         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
3352         (JSC::B3::Air::CCallSpecial::generate):
3353         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
3354         (JSC::B3::Air::CCallSpecial::dumpImpl):
3355         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
3356         * b3/air/AirCCallSpecial.h: Added.
3357         * b3/air/AirCode.cpp: Added.
3358         (JSC::B3::Air::Code::Code):
3359         (JSC::B3::Air::Code::~Code):
3360         (JSC::B3::Air::Code::addBlock):
3361         (JSC::B3::Air::Code::addStackSlot):
3362         (JSC::B3::Air::Code::addSpecial):
3363         (JSC::B3::Air::Code::cCallSpecial):
3364         (JSC::B3::Air::Code::resetReachability):
3365         (JSC::B3::Air::Code::dump):
3366         (JSC::B3::Air::Code::findFirstBlockIndex):
3367         (JSC::B3::Air::Code::findNextBlockIndex):
3368         (JSC::B3::Air::Code::findNextBlock):
3369         * b3/air/AirCode.h: Added.
3370         (JSC::B3::Air::Code::newTmp):
3371         (JSC::B3::Air::Code::numTmps):
3372         (JSC::B3::Air::Code::callArgAreaSize):
3373         (JSC::B3::Air::Code::requestCallArgAreaSize):
3374         (JSC::B3::Air::Code::frameSize):
3375         (JSC::B3::Air::Code::setFrameSize):
3376         (JSC::B3::Air::Code::calleeSaveRegisters):
3377         (JSC::B3::Air::Code::size):
3378         (JSC::B3::Air::Code::at):
3379         (JSC::B3::Air::Code::operator[]):
3380         (JSC::B3::Air::Code::iterator::iterator):
3381         (JSC::B3::Air::Code::iterator::operator*):
3382         (JSC::B3::Air::Code::iterator::operator++):
3383         (JSC::B3::Air::Code::iterator::operator==):
3384         (JSC::B3::Air::Code::iterator::operator!=):
3385         (JSC::B3::Air::Code::begin):
3386         (JSC::B3::Air::Code::end):
3387         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
3388         (JSC::B3::Air::Code::StackSlotsCollection::size):
3389         (JSC::B3::Air::Code::StackSlotsCollection::at):
3390         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
3391         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
3392         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
3393         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
3394         (JSC::B3::Air::Code::StackSlotsCollection::iterator