1c7995865f6dfd00fa230c6d7b18ea523111cbe6
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-12-10  Caio Lima  <ticaiolima@gmail.com>
2
3         [BigInt] Add ValueMul into DFG
4         https://bugs.webkit.org/show_bug.cgi?id=186175
5
6         Reviewed by Yusuke Suzuki.
7
8         This patch is adding a new DFG node called ValueMul. This node is
9         responsible to handle multiplication operations that can result into
10         non-number values. We emit such node during DFGByteCodeParser when the
11         operands are not numbers. During FixupPhase, we change this
12         operation to ArithMul if we can speculate Number/Boolean operands.
13
14         The BigInt specialization shows a small progression:
15
16                                 noSpec                changes
17
18         big-int-simple-mul  18.8090+-1.0435  ^  17.4305+-0.2673  ^ definitely 1.0791x faster
19
20         * dfg/DFGAbstractInterpreterInlines.h:
21         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
22         * dfg/DFGBackwardsPropagationPhase.cpp:
23         (JSC::DFG::BackwardsPropagationPhase::propagate):
24         * dfg/DFGByteCodeParser.cpp:
25         (JSC::DFG::ByteCodeParser::makeSafe):
26         (JSC::DFG::ByteCodeParser::parseBlock):
27         * dfg/DFGClobberize.h:
28         (JSC::DFG::clobberize):
29         * dfg/DFGDoesGC.cpp:
30         (JSC::DFG::doesGC):
31         * dfg/DFGFixupPhase.cpp:
32         (JSC::DFG::FixupPhase::fixupMultiplication):
33         (JSC::DFG::FixupPhase::fixupNode):
34         * dfg/DFGNode.h:
35         (JSC::DFG::Node::arithNodeFlags):
36         * dfg/DFGNodeType.h:
37         * dfg/DFGOperations.cpp:
38         * dfg/DFGOperations.h:
39         * dfg/DFGPredictionPropagationPhase.cpp:
40         * dfg/DFGSafeToExecute.h:
41         (JSC::DFG::safeToExecute):
42         * dfg/DFGSpeculativeJIT.cpp:
43         (JSC::DFG::SpeculativeJIT::compileValueMul):
44         (JSC::DFG::SpeculativeJIT::compileArithMul):
45         * dfg/DFGSpeculativeJIT.h:
46         * dfg/DFGSpeculativeJIT64.cpp:
47         (JSC::DFG::SpeculativeJIT::compile):
48         * dfg/DFGValidate.cpp:
49         * ftl/FTLCapabilities.cpp:
50         (JSC::FTL::canCompile):
51         * ftl/FTLLowerDFGToB3.cpp:
52         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
53         (JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
54         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
55
56 2018-12-08  Mark Lam  <mark.lam@apple.com>
57
58         Reduce size of PropertySlot and PutPropertySlot.
59         https://bugs.webkit.org/show_bug.cgi?id=192526
60
61         Reviewed by Keith Miller.
62
63         With some minor adjustments, we can reduce the size of PropertySlot from 80 bytes
64         (19 padding bytes) to 64 bytes (3 padding bytes), and PutPropertySlot from 40
65         bytes (4 padding bytes) to 32 bytes (0 padding bytes but with 6 unused bits).
66         These measurements are for a 64-bit build.
67
68         * runtime/PropertySlot.h:
69         * runtime/PutPropertySlot.h:
70         (JSC::PutPropertySlot::PutPropertySlot):
71
72 2018-12-08  Dominik Infuehr  <dinfuehr@igalia.com>
73
74         Record right offset with aligned wide instructions
75         https://bugs.webkit.org/show_bug.cgi?id=192006
76
77         Reviewed by Yusuke Suzuki.
78
79         Aligning bytecode instructions inserts nops into the instruction stream.
80         Emitting an instruction did not record the actual start of the instruction with
81         aligned instructions, but the nop just before the actual instruction. This was
82         problematic with the StaticPropertyAnalyzer that used the wrong instruction offset.
83
84         * bytecode/InstructionStream.h:
85         (JSC::InstructionStream::MutableRef::clone):
86         * bytecompiler/BytecodeGenerator.cpp:
87         (JSC::BytecodeGenerator::alignWideOpcode):
88         (JSC::BytecodeGenerator::emitCreateThis):
89         (JSC::BytecodeGenerator::emitNewObject):
90         * generator/Opcode.rb:
91
92 2018-12-07  Tadeu Zagallo  <tzagallo@apple.com>
93
94         Align the metadata table on all platforms
95         https://bugs.webkit.org/show_bug.cgi?id=192050
96         <rdar://problem/46312674>
97
98         Reviewed by Mark Lam.
99
100         Although certain platforms don't require the metadata to be aligned,
101         values were being concurrently read and written to ValueProfiles,
102         which caused crashes since these operations are not atomic on unaligned
103         addresses.
104
105         * bytecode/Opcode.cpp:
106         (JSC::metadataAlignment):
107         * bytecode/Opcode.h:
108         * bytecode/UnlinkedMetadataTableInlines.h:
109         (JSC::UnlinkedMetadataTable::finalize):
110
111 2018-12-05  Mark Lam  <mark.lam@apple.com>
112
113         speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
114         https://bugs.webkit.org/show_bug.cgi?id=192441
115         <rdar://problem/46480355>
116
117         Reviewed by Saam Barati.
118
119         This is because a regular String (non-Identifier) can be converted into an
120         Identifier.  During DFG/FTL compilation, AbstractValue::checkConsistency() may
121         expect a value to be of type SpecStringVar, but the mutator thread may have
122         converted the string into an Identifier.  This creates a race where
123         AbstractValue::checkConsistency() may fail because it sees a SpecStringIdent when
124         it expects the a SpecStringVar.  
125
126         The fix is to speculate non-Identifier strings as type SpecString which allows it
127         to be SpecStringVar or SpecStringIndent.
128
129         * bytecode/SpeculatedType.cpp:
130         (JSC::speculationFromCell):
131
132 2018-12-04  Mark Lam  <mark.lam@apple.com>
133
134         DFG's StrengthReduction phase should not reduce Construct into DirectContruct when the executable does not have constructAbility.
135         https://bugs.webkit.org/show_bug.cgi?id=192386
136         <rdar://problem/46445516>
137
138         Reviewed by Saam Barati.
139
140         This violates an invariant documented by a RELEASE_ASSERT in operationLinkDirectCall().
141
142         * dfg/DFGStrengthReductionPhase.cpp:
143         (JSC::DFG::StrengthReductionPhase::handleNode):
144
145 2018-12-04  Caio Lima  <ticaiolima@gmail.com>
146
147         [ESNext][BigInt] Support logic operations
148         https://bugs.webkit.org/show_bug.cgi?id=179903
149
150         Reviewed by Yusuke Suzuki.
151
152         We are introducing in this patch the ToBoolean support for JSBigInt.
153         With this change, we can implement the correct behavior of BigInt as
154         operand of logical opertions. During JIT genertion into DFG and FTL,
155         we are using JSBigInt::m_length to verify if the number is 0n or not,
156         following the same approach used by JSString. This is also safe in the case
157         of BigInt, because only 0n has m_length == 0.
158
159         We are not including BigInt speculation into Branch nodes in this
160         patch, but the plan is to implement it in further patches.
161
162         * ftl/FTLAbstractHeapRepository.h:
163         * ftl/FTLLowerDFGToB3.cpp:
164         (JSC::FTL::DFG::LowerDFGToB3::boolify):
165         (JSC::FTL::DFG::LowerDFGToB3::isBigInt):
166         * jit/AssemblyHelpers.cpp:
167         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
168         (JSC::AssemblyHelpers::branchIfValue):
169         * runtime/JSBigInt.cpp:
170         (JSC::JSBigInt::isZero const):
171         (JSC::JSBigInt::offsetOfLength):
172         (JSC::JSBigInt::toBoolean const):
173         (JSC::JSBigInt::isZero): Deleted.
174         * runtime/JSBigInt.h:
175         * runtime/JSCellInlines.h:
176         (JSC::JSCell::toBoolean const):
177         (JSC::JSCell::pureToBoolean const):
178
179 2018-12-04  Devin Rousso  <drousso@apple.com>
180
181         Web Inspector: Audit: tests should support async operations
182         https://bugs.webkit.org/show_bug.cgi?id=192171
183         <rdar://problem/46423562>
184
185         Reviewed by Joseph Pecoraro.
186
187         Add `awaitPromise` command for executing a callback when a Promise gets settled.
188
189         Drive-by: allow `wasThrown` to be optional, instead of expecting it to always have a value.
190
191         * inspector/protocol/Runtime.json:
192
193         * inspector/InjectedScriptSource.js:
194         (InjectedScript.prototype.awaitPromise): Added.
195
196         * inspector/InjectedScript.h:
197         * inspector/InjectedScript.cpp:
198         (Inspector::InjectedScript::evaluate):
199         (Inspector::InjectedScript::awaitPromise): Added.
200         (Inspector::InjectedScript::callFunctionOn):
201         (Inspector::InjectedScript::evaluateOnCallFrame):
202
203         * inspector/InjectedScriptBase.h:
204         * inspector/InjectedScriptBase.cpp:
205         (Inspector::InjectedScriptBase::makeEvalCall):
206         (Inspector::InjectedScriptBase::makeAsyncCall): Added.
207         (Inspector::InjcetedScriptBase::checkCallResult): Added.
208         (Inspector::InjcetedScriptBase::checkAsyncCallResult): Added.
209
210         * inspector/agents/InspectorRuntimeAgent.h:
211         * inspector/agents/InspectorRuntimeAgent.cpp:
212         (Inspector::InspectorRuntimeAgent::evaluate):
213         (Inspector::InspectorRuntimeAgent::awaitPromise):
214         (Inspector::InspectorRuntimeAgent::callFunctionOn):
215
216         * inspector/agents/InspectorDebuggerAgent.cpp:
217         (Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
218
219 2018-12-03  Ryan Haddad  <ryanhaddad@apple.com>
220
221         Unreviewed, rolling out r238833.
222
223         Breaks macOS and iOS debug builds.
224
225         Reverted changeset:
226
227         "[ESNext][BigInt] Support logic operations"
228         https://bugs.webkit.org/show_bug.cgi?id=179903
229         https://trac.webkit.org/changeset/238833
230
231 2018-12-03  Caio Lima  <ticaiolima@gmail.com>
232
233         [ESNext][BigInt] Support logic operations
234         https://bugs.webkit.org/show_bug.cgi?id=179903
235
236         Reviewed by Yusuke Suzuki.
237
238         We are introducing in this patch the ToBoolean support for JSBigInt.
239         With this change, we can implement the correct behavior of BigInt as
240         operand of logical opertions. During JIT genertion into DFG and FTL,
241         we are using JSBigInt::m_length to verify if the number is 0n or not,
242         following the same approach used by JSString. This is also safe in the case
243         of BigInt, because only 0n has m_length == 0.
244
245         We are not including BigInt speculation into Branch nodes in this
246         patch, but the plan is to implement it in further patches.
247
248         * ftl/FTLAbstractHeapRepository.h:
249         * ftl/FTLLowerDFGToB3.cpp:
250         (JSC::FTL::DFG::LowerDFGToB3::boolify):
251         (JSC::FTL::DFG::LowerDFGToB3::isBigInt):
252         * jit/AssemblyHelpers.cpp:
253         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
254         (JSC::AssemblyHelpers::branchIfValue):
255         * runtime/JSBigInt.cpp:
256         (JSC::JSBigInt::isZero const):
257         (JSC::JSBigInt::offsetOfLength):
258         (JSC::JSBigInt::toBoolean const):
259         (JSC::JSBigInt::isZero): Deleted.
260         * runtime/JSBigInt.h:
261         * runtime/JSCellInlines.h:
262         (JSC::JSCell::toBoolean const):
263         (JSC::JSCell::pureToBoolean const):
264
265 2018-12-03  Keith Rollin  <krollin@apple.com>
266
267         Add .xcfilelist files
268         https://bugs.webkit.org/show_bug.cgi?id=192082
269         <rdar://problem/46312533>
270
271         Reviewed by Brent Fulgham.
272
273         Add .xcfilelist files for Generate Derived Sources and Generate
274         Unified Sources build phases in Xcode. These are just being staged for
275         now; they'll be added to the Xcode projects later.
276
277         * DerivedSources-input.xcfilelist: Added.
278         * DerivedSources-output.xcfilelist: Added.
279         * UnifiedSources-input.xcfilelist: Added.
280         * UnifiedSources-output.xcfilelist: Added.
281
282 2018-12-03  Mark Lam  <mark.lam@apple.com>
283
284         Fix the bytecode code generator scripts to pretty print BytecodeStructs.h and BytecodeIndices.h.
285         https://bugs.webkit.org/show_bug.cgi?id=192271
286
287         Reviewed by Keith Miller.
288
289         This makes the generated code style compliant and human readable.
290
291         * generator/Argument.rb:
292         * generator/DSL.rb:
293         * generator/Fits.rb:
294         * generator/Metadata.rb:
295         * generator/Opcode.rb:
296
297 2018-12-02  Zalan Bujtas  <zalan@apple.com>
298
299         Add a runtime feature flag for LayoutFormattingContext.
300         https://bugs.webkit.org/show_bug.cgi?id=192280
301
302         Reviewed by Simon Fraser.
303
304         * Configurations/FeatureDefines.xcconfig:
305
306 2018-12-02  Caio Lima  <ticaiolima@gmail.com>
307
308         [ESNext][BigInt] Implement support for "<<" and ">>"
309         https://bugs.webkit.org/show_bug.cgi?id=186233
310
311         Reviewed by Yusuke Suzuki.
312
313         This patch is introducing the support for BigInt into lshift and
314         rshift into LLint and Baseline layers.
315
316         * runtime/CommonSlowPaths.cpp:
317         (JSC::SLOW_PATH_DECL):
318         * runtime/JSBigInt.cpp:
319         (JSC::JSBigInt::createWithLength):
320         (JSC::JSBigInt::leftShift):
321         (JSC::JSBigInt::signedRightShift):
322         (JSC::JSBigInt::leftShiftByAbsolute):
323         (JSC::JSBigInt::rightShiftByAbsolute):
324         (JSC::JSBigInt::rightShiftByMaximum):
325         (JSC::JSBigInt::toShiftAmount):
326         * runtime/JSBigInt.h:
327
328 2018-12-01  Simon Fraser  <simon.fraser@apple.com>
329
330         Heap.h refers to the non-existent HeapStatistics
331         https://bugs.webkit.org/show_bug.cgi?id=187882
332
333         Reviewed by Keith Miller.
334         
335         Just remove the "friend class HeapStatistics".
336
337         * heap/Heap.h:
338
339 2018-11-29  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
340
341         [JSC] Keep TypeMaybeBigInt small
342         https://bugs.webkit.org/show_bug.cgi?id=192203
343
344         Reviewed by Saam Barati.
345
346         As BigInt is being implemented, more and more bytecodes start returning BigInt.
347         It means that ResultType of these bytecodes include TypeMaybeBigInt. However,
348         TypeMaybeBigInt was large number 0x20, leading to wide instruction since ResultType
349         easily becomes larger than 32 (e.g. TypeInt32 | TypeMaybeBigInt == 33).
350
351         This patch sorts the numbers of TypeMaybeXXX based on the frequency of appearance in
352         the code.
353
354         * parser/ResultType.h:
355
356 2018-11-30  Dean Jackson  <dino@apple.com>
357
358         Try to fix Windows build by using strcmp instead of strcasecmp.
359
360         * jsc.cpp:
361         (isMJSFile):
362
363 2018-11-30  Mark Lam  <mark.lam@apple.com>
364
365         Fix the bytecode code generator scripts to pretty print Bytecodes.h.
366         https://bugs.webkit.org/show_bug.cgi?id=192258
367
368         Reviewed by Keith Miller.
369
370         This makes Bytecodes.h more human readable.
371
372         * generator/DSL.rb:
373         * generator/Section.rb:
374
375 2018-11-30  Mark Lam  <mark.lam@apple.com>
376
377         Add the generator directory to the Xcode project.
378         https://bugs.webkit.org/show_bug.cgi?id=192252
379
380         Reviewed by Michael Saboff.
381
382         This is so that we can work with these bytecode class generator files easily in Xcode.
383
384         * JavaScriptCore.xcodeproj/project.pbxproj:
385
386 2018-11-30  Don Olmstead  <don.olmstead@sony.com>
387
388         Rename ENABLE_SUBTLE_CRYPTO to ENABLE_WEB_CRYPTO
389         https://bugs.webkit.org/show_bug.cgi?id=192197
390
391         Reviewed by Jiewen Tan.
392
393         * Configurations/FeatureDefines.xcconfig:
394
395 2018-11-30  Dean Jackson  <dino@apple.com>
396
397         Add first-class support for .mjs files in jsc binary
398         https://bugs.webkit.org/show_bug.cgi?id=192190
399         <rdar://problem/46375715>
400
401         Reviewed by Keith Miller.
402
403         Treat files with a .mjs extension as a module, regardless
404         of whether or not the --module-file argument was given.
405
406         * jsc.cpp:
407         (printUsageStatement): Update usage.
408         (isMJSFile): Helper to look for .mjs extensions.
409         (CommandLine::parseArguments): Pick the appropriate script type.
410
411 2018-11-30  Caio Lima  <ticaiolima@gmail.com>
412
413         [BigInt] Implement ValueBitXor into DFG
414         https://bugs.webkit.org/show_bug.cgi?id=190264
415
416         Reviewed by Yusuke Suzuki.
417
418         This patch is splitting the BitXor node into ArithBitXor and
419         ValueBitXor. This is necessary due the introduction of
420         BigInt, since BitXor operations now can result into Int32 or BigInt.
421         In such case, we use ArithBitXor when operands are Int and fallback to
422         ValueBitXor when operands are anything else. In the case of
423         ValueBitXor, we speculate BigInt when op1 and op2 are predicted as
424         BigInt as well. BigInt specialization consist into call
425         `operationBigIntBitXor` function, that calls JSBigInt::bitXor.
426
427         * bytecode/BytecodeList.rb:
428         * bytecode/CodeBlock.cpp:
429         (JSC::CodeBlock::finishCreation):
430         (JSC::CodeBlock::arithProfileForPC):
431         * bytecode/Opcode.h:
432         (JSC::padOpcodeName):
433         * bytecompiler/BytecodeGenerator.h:
434         * dfg/DFGAbstractInterpreterInlines.h:
435         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
436         * dfg/DFGBackwardsPropagationPhase.cpp:
437         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
438         (JSC::DFG::BackwardsPropagationPhase::propagate):
439         * dfg/DFGByteCodeParser.cpp:
440         (JSC::DFG::ByteCodeParser::parseBlock):
441         * dfg/DFGClobberize.h:
442         (JSC::DFG::clobberize):
443         * dfg/DFGDoesGC.cpp:
444         (JSC::DFG::doesGC):
445         * dfg/DFGFixupPhase.cpp:
446         (JSC::DFG::FixupPhase::fixupNode):
447         * dfg/DFGNodeType.h:
448         * dfg/DFGOperations.cpp:
449         * dfg/DFGOperations.h:
450         * dfg/DFGPredictionPropagationPhase.cpp:
451         * dfg/DFGSafeToExecute.h:
452         (JSC::DFG::safeToExecute):
453         * dfg/DFGSpeculativeJIT.cpp:
454         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
455         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
456         * dfg/DFGSpeculativeJIT.h:
457         (JSC::DFG::SpeculativeJIT::bitOp):
458         * dfg/DFGSpeculativeJIT32_64.cpp:
459         (JSC::DFG::SpeculativeJIT::compile):
460         * dfg/DFGSpeculativeJIT64.cpp:
461         (JSC::DFG::SpeculativeJIT::compile):
462         * dfg/DFGStrengthReductionPhase.cpp:
463         (JSC::DFG::StrengthReductionPhase::handleNode):
464         * ftl/FTLCapabilities.cpp:
465         (JSC::FTL::canCompile):
466         * ftl/FTLLowerDFGToB3.cpp:
467         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
468         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitXor):
469         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitXor):
470         (JSC::FTL::DFG::LowerDFGToB3::compileBitXor): Deleted.
471         * jit/JITArithmetic.cpp:
472         (JSC::JIT::emit_op_bitxor):
473         * llint/LowLevelInterpreter32_64.asm:
474         * llint/LowLevelInterpreter64.asm:
475         * runtime/CommonSlowPaths.cpp:
476         (JSC::SLOW_PATH_DECL):
477
478 2018-11-29  Justin Michaud  <justin_michaud@apple.com>
479
480         CSS Painting API should pass 'this' correctly to paint callback, and repaint when properties change.
481         https://bugs.webkit.org/show_bug.cgi?id=191443
482
483         Reviewed by Dean Jackson.
484
485         Export the simpler construct() method for use in WebCore.
486
487         * runtime/ConstructData.h:
488
489 2018-11-28  Mark Lam  <mark.lam@apple.com>
490
491         ENABLE_SEPARATED_WX_HEAP needs to be defined in Platform.h.
492         https://bugs.webkit.org/show_bug.cgi?id=192110
493         <rdar://problem/46317746>
494
495         Reviewed by Saam Barati.
496
497         * config.h:
498
499 2018-11-28  Keith Rollin  <krollin@apple.com>
500
501         Update generate-{derived,unified}-sources scripts to support generating .xcfilelist files
502         https://bugs.webkit.org/show_bug.cgi?id=192031
503         <rdar://problem/46286816>
504
505         Reviewed by Alex Christensen.
506
507         The Generate Derived Sources and Generate Unified Sources build phases
508         in Xcode need to have their inputs and outputs specified. This
509         specification will come in the form of .xcfilelist files that will be
510         attached to these build phases. There is one .xcfilelist file that
511         lists the input file and one that lists the output files. As part of
512         this work, the various generate-{derived,unified}-sources scripts that
513         are executed in these Generate build phases are modified to help in
514         the creation of these .xcfilelist files. In particular, they can now
515         be invoked with command-line parameters. These parameters are then
516         used to alter the normal execution of these scripts, causing them to
517         produce the .xcfilelist files as opposed to actually generating the
518         files that are listed in those files.
519
520         * Scripts/generate-derived-sources.sh:
521         * Scripts/generate-unified-sources.sh:
522
523 2018-11-28  Keith Rollin  <krollin@apple.com>
524
525         Revert print_all_generated_files work in r238008; tighten up target specifications
526         https://bugs.webkit.org/show_bug.cgi?id=192025
527         <rdar://problem/46284301>
528
529         Reviewed by Alex Christensen.
530
531         In r238008, I added a facility for DerivedSources.make makefiles to
532         print out the list of files that they generate. This output was used
533         in the generation of .xcfilelist files used to specify the output of
534         the associated Generate Derived Sources build phases in Xcode. This
535         approach worked, but it meant that people would need to follow a
536         specific convention to keep this mechanism working.
537
538         Instead of continuing this approach, I'm going to implement a new
539         facility based on the output of `make` when passed the -d flag (which
540         prints dependency information). This new mechanism is completely
541         automatic and doesn't need maintainers to follow a convention. To that
542         end, remove most of the work performed in r238008 that supports the
543         print_all_generated_files target.
544
545         At the same time, it's important for the sets of targets and their
546         dependencies to be complete and correct. Therefore, also include
547         changes to bring those up-to-date. As part of that, you'll see
548         prevalent use of a particular technique. Here's an example:
549
550             BYTECODE_FILES = \
551                 Bytecodes.h \
552                 BytecodeIndices.h \
553                 BytecodeStructs.h \
554                 InitBytecodes.asm \
555             #
556             BYTECODE_FILES_PATTERNS = $(subst .,%,$(BYTECODE_FILES))
557
558             all : $(BYTECODE_FILES)
559
560             $(BYTECODE_FILES_PATTERNS): $(wildcard $(JavaScriptCore)/generator/*.rb) $(JavaScriptCore)/bytecode/BytecodeList.rb
561                 ...
562
563         These lines indicate a set of generated files (those specified in
564         BYTECODE_FILES). These files are generated by the BytecodeList.rb
565         tool. But, as opposed to the normal rule where a single foo.output is
566         generated by foo.input plus some additional dependencies, this rule
567         produces multiple output files from a tool whose connection to the
568         output files is not immediately clear. A special approach is needed
569         where a single rule produces multiple output files. The normal way to
570         implement this is to use an .INTERMEDIATE target. However, we used
571         this approach in the past and ran into a problem with it, addressing
572         it with an alternate approach in r210507. The above example shows this
573         approach. The .'s in the list of target files are replaced with %'s,
574         and the result is used as the left side of the dependency rule.
575
576         * DerivedSources.make:
577
578 2018-11-28  Keith Rollin  <krollin@apple.com>
579
580         Remove Postprocess Headers dependencies
581         https://bugs.webkit.org/show_bug.cgi?id=192023
582         <rdar://problem/46283377>
583
584         Reviewed by Mark Lam.
585
586         JavaScriptCore's Xcode Postprocess Headers build phase used to have a
587         dependency on a specific handful of files. In r234227, the script used
588         in this phase (postprocess-headers.sh) was completely rewritten to
589         operate on *all* files in JSC's Public and Private headers directories
590         instead of just this handful. This rewrite makes the previous
591         dependency specification insufficient, leading to incorrect
592         incremental builds if the right files weren't touched. Address this by
593         removing the dependencies completely. This will cause
594         postprocess-headers.sh to always be executed, even when none of its
595         files are touch. Running this script all the time is OK, since it has
596         built-in protections against unnecessarily touching files that haven't
597         changed.
598
599         * JavaScriptCore.xcodeproj/project.pbxproj:
600
601 2018-11-27  Mark Lam  <mark.lam@apple.com>
602
603         ENABLE_FAST_JIT_PERMISSIONS should be false for iosmac.
604         https://bugs.webkit.org/show_bug.cgi?id=192055
605         <rdar://problem/46288783>
606
607         Reviewed by Saam Barati.
608
609         * Configurations/FeatureDefines.xcconfig:
610
611 2018-11-27  Saam barati  <sbarati@apple.com>
612
613         r238510 broke scopes of size zero
614         https://bugs.webkit.org/show_bug.cgi?id=192033
615         <rdar://problem/46281734>
616
617         Reviewed by Keith Miller.
618
619         In r238510, I wrote the loop like this: 
620         `for (ScopeOffset offset { 0 }; offset <= symbolTable->maxScopeOffset(); offset += 1)`
621         
622         This breaks for scopes of size zero because maxScopeOffset() will be UINT_MAX.
623         
624         This patch fixes this by writing the loop as:
625         `for (unsigned offset = 0; offset < symbolTable->scopeSize(); ++offset)`
626
627         * dfg/DFGObjectAllocationSinkingPhase.cpp:
628
629 2018-11-27  Mark Lam  <mark.lam@apple.com>
630
631         ASSERTION FAILED: capacity && isPageAligned(capacity) in JSC::CLoopStack::CLoopStack(JSC::VM&).
632         https://bugs.webkit.org/show_bug.cgi?id=192018
633
634         Reviewed by Saam Barati.
635
636         This assertion failed because the regress-191579.js test was specifying
637         --maxPerThreadStackUsage=400000 i.e. it was running with a stack size that is not
638         page aligned.  Given that the user can specify any arbitrary stack size, and the
639         CLoop stack expects to be page aligned, we'll just round up the requested capacity
640         to the next page alignment.
641
642         * interpreter/CLoopStack.cpp:
643         (JSC::CLoopStack::CLoopStack):
644
645 2018-11-27  Mark Lam  <mark.lam@apple.com>
646
647         [Re-landing] NaNs read from Wasm code needs to be be purified.
648         https://bugs.webkit.org/show_bug.cgi?id=191056
649         <rdar://problem/45660341>
650
651         Reviewed by Filip Pizlo.
652
653         * wasm/js/WebAssemblyModuleRecord.cpp:
654         (JSC::WebAssemblyModuleRecord::link):
655
656 2018-11-27  Timothy Hatcher  <timothy@apple.com>
657
658         Web Inspector: Add support for forcing color scheme appearance in DOM tree.
659         https://bugs.webkit.org/show_bug.cgi?id=191820
660         rdar://problem/46153172
661
662         Reviewed by Devin Rousso.
663
664         * inspector/protocol/Page.json: Added setForcedAppearance.
665         Also added the defaultAppearanceDidChange event and Appearance enum.
666
667 2018-11-27  Ryan Haddad  <ryanhaddad@apple.com>
668
669         Unreviewed, rolling out r238509.
670
671         Causes JSC tests to fail on iOS.
672
673         Reverted changeset:
674
675         "NaNs read from Wasm code needs to be be purified."
676         https://bugs.webkit.org/show_bug.cgi?id=191056
677         https://trac.webkit.org/changeset/238509
678
679 2018-11-27  Mark Lam  <mark.lam@apple.com>
680
681         Introducing a ENABLE_SEPARATED_WX_HEAP macro.
682         https://bugs.webkit.org/show_bug.cgi?id=192013
683         <rdar://problem/45494310>
684
685         Reviewed by Keith Miller.
686
687         This makes the code a little more readable.
688
689         I put the definition of ENABLE_SEPARATED_WX_HEAP in JSC's config.h instead of
690         Platform.h because ENABLE_SEPARATED_WX_HEAP is only needed inside JSC.  Also,
691         ENABLE_SEPARATED_WX_HEAP depends on ENABLE(FAST_JIT_PERMISSIONS), which is only
692         defined for JSC.
693
694         * config.h:
695         * jit/ExecutableAllocator.cpp:
696         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
697         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
698         * jit/ExecutableAllocator.h:
699         (JSC::performJITMemcpy):
700         * runtime/Options.cpp:
701         (JSC::recomputeDependentOptions):
702
703 2018-11-26  Caio Lima  <ticaiolima@gmail.com>
704
705         Re-introduce op_bitnot
706         https://bugs.webkit.org/show_bug.cgi?id=190923
707
708         Reviewed by Yusuke Suzuki.
709
710         With the introduction of BigInt as a new type, we can't emit bitwise
711         not as `x ^ -1` anymore, because this is incompatible with the new type.
712         Based on that, this Patch is adding `op_bitnot` as a new operation
713         into LLInt, as well as introducing ArithBitNot node into DFG to support
714         JIT compilation of such opcode. We will use the ValueProfile of this
715         intruction in the future to generate better code when its operand
716         is not Int32.
717
718         * assembler/MacroAssemblerARM64.h:
719         (JSC::MacroAssemblerARM64::not32):
720         * assembler/MacroAssemblerARMv7.h:
721         (JSC::MacroAssemblerARMv7::not32):
722         * assembler/MacroAssemblerMIPS.h:
723         (JSC::MacroAssemblerMIPS::not32):
724         * bytecode/BytecodeList.rb:
725         * bytecode/BytecodeUseDef.h:
726         (JSC::computeUsesForBytecodeOffset):
727         (JSC::computeDefsForBytecodeOffset):
728         * bytecode/CodeBlock.cpp:
729         (JSC::CodeBlock::finishCreation):
730         * bytecode/Opcode.h:
731         (JSC::padOpcodeName):
732         * bytecompiler/BytecodeGenerator.cpp:
733         (JSC::BytecodeGenerator::emitUnaryOp):
734         * bytecompiler/NodesCodegen.cpp:
735         (JSC::UnaryPlusNode::emitBytecode):
736         (JSC::BitwiseNotNode::emitBytecode): Deleted.
737         * dfg/DFGAbstractInterpreterInlines.h:
738         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
739         * dfg/DFGBackwardsPropagationPhase.cpp:
740         (JSC::DFG::BackwardsPropagationPhase::propagate):
741         * dfg/DFGByteCodeParser.cpp:
742         (JSC::DFG::ByteCodeParser::parseBlock):
743         * dfg/DFGCapabilities.cpp:
744         (JSC::DFG::capabilityLevel):
745         * dfg/DFGClobberize.h:
746         (JSC::DFG::clobberize):
747         * dfg/DFGDoesGC.cpp:
748         (JSC::DFG::doesGC):
749         * dfg/DFGFixupPhase.cpp:
750         (JSC::DFG::FixupPhase::fixupNode):
751         * dfg/DFGNodeType.h:
752         * dfg/DFGOperations.cpp:
753         * dfg/DFGOperations.h:
754         * dfg/DFGPredictionPropagationPhase.cpp:
755         * dfg/DFGSafeToExecute.h:
756         (JSC::DFG::safeToExecute):
757         * dfg/DFGSpeculativeJIT.cpp:
758         (JSC::DFG::SpeculativeJIT::compileBitwiseNot):
759         * dfg/DFGSpeculativeJIT.h:
760         * dfg/DFGSpeculativeJIT32_64.cpp:
761         (JSC::DFG::SpeculativeJIT::compile):
762         * dfg/DFGSpeculativeJIT64.cpp:
763         (JSC::DFG::SpeculativeJIT::compile):
764         * ftl/FTLCapabilities.cpp:
765         (JSC::FTL::canCompile):
766         * ftl/FTLLowerDFGToB3.cpp:
767         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
768         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitNot):
769         * jit/JIT.cpp:
770         (JSC::JIT::privateCompileMainPass):
771         (JSC::JIT::privateCompileSlowCases):
772         * jit/JIT.h:
773         * jit/JITArithmetic.cpp:
774         (JSC::JIT::emit_op_bitnot):
775         * llint/LowLevelInterpreter32_64.asm:
776         * llint/LowLevelInterpreter64.asm:
777         * offlineasm/cloop.rb:
778         * parser/NodeConstructors.h:
779         (JSC::BitwiseNotNode::BitwiseNotNode):
780         * parser/Nodes.h:
781         * parser/ResultType.h:
782         (JSC::ResultType::bigIntOrInt32Type):
783         (JSC::ResultType::forBitOp):
784         * runtime/CommonSlowPaths.cpp:
785         (JSC::SLOW_PATH_DECL):
786         * runtime/CommonSlowPaths.h:
787
788 2018-11-26  Saam barati  <sbarati@apple.com>
789
790         InPlaceAbstractState::endBasicBlock rule for SetLocal should filter the value based on the flush format
791         https://bugs.webkit.org/show_bug.cgi?id=191956
792         <rdar://problem/45665806>
793
794         Reviewed by Yusuke Suzuki.
795
796         This is a similar bug to what Keith fixed in r232134. The issue is if we have
797         a program like this:
798         
799         a: JSConstant(jsNumber(0))
800         b: SetLocal(Int32:@a, loc1, FlushedInt32)
801         c: ArrayifyToStructure(Cell:@a)
802         d: Jump(...)
803         
804         At the point in the program right after the Jump, a GetLocal for loc1
805         would return whatever the ArrayifyToStructure resulting type is. This breaks
806         the invariant that a GetLocal must return a value that is a subtype of its
807         FlushFormat. InPlaceAbstractState::endBasicBlock will know if a SetLocal is
808         the final node touching a local slot. If so, it'll see if any nodes later
809         in the block may have refined the type of the value stored in that slot. If
810         so, endBasicBlock() further refines the type to ensure that any GetLocals
811         loading from the same slot will result in having this more refined type.
812         However, we must ensure that this logic only considers types within the
813         hierarchy of the variable access data's FlushFormat, otherwise, we may
814         break the invariant that a GetLocal's type is a subtype of its FlushFormat.
815
816         * dfg/DFGInPlaceAbstractState.cpp:
817         (JSC::DFG::InPlaceAbstractState::endBasicBlock):
818
819 2018-11-26  Saam barati  <sbarati@apple.com>
820
821         Object allocation sinking phase needs to iterate each scope offset instead of just iterating the symbol table's hashmap when handling an activation
822         https://bugs.webkit.org/show_bug.cgi?id=191958
823         <rdar://problem/46221877>
824
825         Reviewed by Yusuke Suzuki.
826
827         There may be more entries in an activation than unique variables
828         in a symbol table's hashmap. For example, if you have two parameters
829         to a function, and they both are the same name, and the function
830         uses eval, we'll end up with two scope slots, but only a single
831         entry in the hashmap in the symbol table. Object allocation sinking
832         phase was previously iterating over the hashmap, assuming these
833         values were equivalent. This is wrong in the above case. Instead,
834         we need to iterate over each scope offset.
835
836         * dfg/DFGObjectAllocationSinkingPhase.cpp:
837         * runtime/GenericOffset.h:
838         (JSC::GenericOffset::operator+=):
839         (JSC::GenericOffset::operator-=):
840
841 2018-11-26  Mark Lam  <mark.lam@apple.com>
842
843         NaNs read from Wasm code needs to be be purified.
844         https://bugs.webkit.org/show_bug.cgi?id=191056
845         <rdar://problem/45660341>
846
847         Reviewed by Filip Pizlo.
848
849         * wasm/js/WebAssemblyModuleRecord.cpp:
850         (JSC::WebAssemblyModuleRecord::link):
851
852 2018-11-26  Tadeu Zagallo  <tzagallo@apple.com>
853
854         ASSERTION FAILED: m_outOfLineJumpTargets.contains(bytecodeOffset)
855         https://bugs.webkit.org/show_bug.cgi?id=191716
856         <rdar://problem/45723878>
857
858         Reviewed by Saam Barati.
859
860         After https://bugs.webkit.org/show_bug.cgi?id=187373, when updating
861         jump targets during generatorification, we only stored the new jump
862         target when it changed. However, the out-of-line jump targets are
863         cleared at the beginning of the pass, so we need to store it
864         unconditionally.
865
866         * bytecode/PreciseJumpTargetsInlines.h:
867         (JSC::extractStoredJumpTargetsForInstruction):
868         (JSC::updateStoredJumpTargetsForInstruction):
869
870 2018-11-23  Wenson Hsieh  <wenson_hsieh@apple.com>
871
872         Enable drag and drop support for iOSMac
873         https://bugs.webkit.org/show_bug.cgi?id=191818
874         <rdar://problem/43907454>
875
876         Reviewed by Dean Jackson.
877
878         * Configurations/FeatureDefines.xcconfig:
879
880 2018-11-22  Mark Lam  <mark.lam@apple.com>
881
882         Make the jsc shell's dumpException() more robust against long exception strings.
883         https://bugs.webkit.org/show_bug.cgi?id=191910
884         <rdar://problem/46212980>
885
886         Reviewed by Michael Saboff.
887
888         This only affects the dumping of the exception string in the jsc shell due to
889         unhandled exceptions or exceptions at shell boot time before any JS code is
890         running.
891
892         * jsc.cpp:
893         (dumpException):
894
895 2018-11-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
896
897         [JSC] Drop ARM_TRADITIONAL support in LLInt, baseline JIT, and DFG
898         https://bugs.webkit.org/show_bug.cgi?id=191675
899
900         Reviewed by Mark Lam.
901
902         We no longer maintain ARM_TRADITIONAL LLInt and JIT in JSC. This architecture will use
903         CLoop instead. This patch removes ARM_TRADITIONAL support in LLInt and JIT.
904
905         Discussed in https://lists.webkit.org/pipermail/webkit-dev/2018-October/030220.html.
906
907         * CMakeLists.txt:
908         * JavaScriptCore.xcodeproj/project.pbxproj:
909         * Sources.txt:
910         * assembler/ARMAssembler.cpp: Removed.
911         * assembler/ARMAssembler.h: Removed.
912         * assembler/LinkBuffer.cpp:
913         (JSC::LinkBuffer::linkCode):
914         (JSC::LinkBuffer::dumpCode):
915         * assembler/MacroAssembler.h:
916         (JSC::MacroAssembler::patchableBranch32):
917         * assembler/MacroAssemblerARM.cpp: Removed.
918         * assembler/MacroAssemblerARM.h: Removed.
919         * assembler/PerfLog.cpp:
920         * assembler/PerfLog.h:
921         * assembler/ProbeContext.h:
922         (JSC::Probe::CPUState::pc):
923         (JSC::Probe::CPUState::fp):
924         (JSC::Probe::CPUState::sp):
925         * assembler/testmasm.cpp:
926         (JSC::isPC):
927         (JSC::testProbeModifiesStackPointer):
928         (JSC::testProbeModifiesStackValues):
929         * bytecode/InlineAccess.h:
930         (JSC::InlineAccess::sizeForPropertyAccess):
931         (JSC::InlineAccess::sizeForPropertyReplace):
932         (JSC::InlineAccess::sizeForLengthAccess):
933         * dfg/DFGSpeculativeJIT.h:
934         * disassembler/CapstoneDisassembler.cpp:
935         (JSC::tryToDisassemble):
936         * jit/AssemblyHelpers.cpp:
937         (JSC::AssemblyHelpers::debugCall):
938         * jit/AssemblyHelpers.h:
939         * jit/CCallHelpers.h:
940         (JSC::CCallHelpers::setupArgumentsImpl):
941         (JSC::CCallHelpers::prepareForTailCallSlow):
942         * jit/CallFrameShuffler.cpp:
943         (JSC::CallFrameShuffler::prepareForTailCall):
944         * jit/HostCallReturnValue.cpp:
945         * jit/JITMathIC.h:
946         (JSC::isProfileEmpty):
947         * jit/RegisterSet.cpp:
948         (JSC::RegisterSet::reservedHardwareRegisters):
949         (JSC::RegisterSet::calleeSaveRegisters):
950         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
951         (JSC::RegisterSet::dfgCalleeSaveRegisters):
952         * jit/Repatch.cpp:
953         (JSC::forceICFailure):
954         * jit/ThunkGenerators.cpp:
955         (JSC::nativeForGenerator):
956         * llint/LLIntOfflineAsmConfig.h:
957         * llint/LowLevelInterpreter.asm:
958         * llint/LowLevelInterpreter32_64.asm:
959         * offlineasm/arm.rb:
960         * offlineasm/backends.rb:
961         * yarr/YarrJIT.cpp:
962         (JSC::Yarr::YarrGenerator::generateEnter):
963         (JSC::Yarr::YarrGenerator::generateReturn):
964
965 2018-11-21  Saam barati  <sbarati@apple.com>
966
967         DFGSpeculativeJIT should not &= exitOK with mayExit(node)
968         https://bugs.webkit.org/show_bug.cgi?id=191897
969         <rdar://problem/45871998>
970
971         Reviewed by Mark Lam.
972
973         exitOK is a statement about it being legal to exit. mayExit() is about being
974         conservative and returning false only if an OSR exit *could never* happen.
975         mayExit() tries to be as smart as possible to see if it can return false.
976         It can't return false if a runtime exit *could* happen. However, there is
977         code in the compiler where mayExit() returns false (because it uses data
978         generated from AI about type checks being proved), but the code we emit in the
979         compiler backend unconditionally generates an OSR exit, even if that exit may
980         never execute. For example, let's say we have this IR:
981         
982         SomeNode(Boolean:@input)
983         
984         And we always emit code like this as a way of emitting a boolean type check:
985         
986         jump L1 if input == true
987         jump L1 if input == false
988         emit an OSR exit
989         
990         In such a program, when we generate the above OSR exit, in a validationEnabled()
991         build, and if @input is proved to be a boolean, we'll end up crashing because we
992         have the bogus assertion saying !exitOK. This is one reason why things are cleaner
993         if we don't conflate mayExit() with exitOK.
994
995         * dfg/DFGSpeculativeJIT.cpp:
996         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
997
998 2018-11-21  Saam barati  <sbarati@apple.com>
999
1000         Fix assertion in KnownCellUse inside SpeculativeJIT::speculate
1001         https://bugs.webkit.org/show_bug.cgi?id=191895
1002         <rdar://problem/46167406>
1003
1004         Reviewed by Mark Lam.
1005
1006         We were asserting that the input edge should have type SpecCell but it should
1007         really be SpecCellCheck since the type filter for KnownCellUse is SpecCellCheck.
1008         
1009         This patch cleans up that assertion code by joining a bunch of cases into a
1010         single function call which grabs the type filter for the edge UseKind and
1011         asserts that the incoming edge meets the type filter criteria.
1012
1013         * dfg/DFGSpeculativeJIT.cpp:
1014         (JSC::DFG::SpeculativeJIT::speculate):
1015         * ftl/FTLLowerDFGToB3.cpp:
1016         (JSC::FTL::DFG::LowerDFGToB3::speculate):
1017
1018 2018-11-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1019
1020         [JSC] Use ProtoCallFrame::numberOfRegisters instead of raw number `4`
1021         https://bugs.webkit.org/show_bug.cgi?id=191877
1022
1023         Reviewed by Sam Weinig.
1024
1025         Instead of hard-coding `4` into LowLevelInterpreter, use ProtoCallFrame::numberOfRegisters.
1026
1027         * interpreter/ProtoCallFrame.h:
1028         * llint/LowLevelInterpreter32_64.asm:
1029         * llint/LowLevelInterpreter64.asm:
1030
1031 2018-11-21  Mark Lam  <mark.lam@apple.com>
1032
1033         Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError.
1034         https://bugs.webkit.org/show_bug.cgi?id=191776
1035         <rdar://problem/46152851>
1036
1037         Reviewed by Saam Barati.
1038
1039         * wasm/WasmMemory.cpp:
1040         (JSC::Wasm::Memory::tryCreate):
1041         - return nullptr if the requested bytes exceed MAX_ARRAY_BUFFER_SIZE.
1042           The clients will already do a null check and throw an OutOfMemoryError if needed.
1043         (JSC::Wasm::Memory::grow):
1044         - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE.
1045         * wasm/js/WebAssemblyMemoryConstructor.cpp:
1046         (JSC::constructJSWebAssemblyMemory):
1047         - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE.
1048
1049 2018-11-21  Caio Lima  <ticaiolima@gmail.com>
1050
1051         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
1052         https://bugs.webkit.org/show_bug.cgi?id=190836
1053
1054         Reviewed by Saam Barati and Yusuke Suzuki.
1055
1056         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
1057         where we allocate a BigInt trusting the length received as argument.
1058         With this additional method, we now check if length passed to
1059         `JSBigInt::tryCreateWithLength` is not greater than JSBigInt::maxLength.
1060         When the length is greater than JSBigInt::maxLength, we then throw OOM
1061         exception.
1062         This required us to change the interface of some JSBigInt operations to
1063         receive `ExecState*` instead of `VM&`. We changed only operations that
1064         can throw because of OOM.
1065         We beleive that this approach of throwing instead of finishing the
1066         execution abruptly is better because JS programs can catch such
1067         exception and handle this issue properly.
1068
1069         * dfg/DFGOperations.cpp:
1070         * jit/JITOperations.cpp:
1071         * runtime/CommonSlowPaths.cpp:
1072         (JSC::SLOW_PATH_DECL):
1073         * runtime/JSBigInt.cpp:
1074         (JSC::JSBigInt::createZero):
1075         (JSC::JSBigInt::tryCreateWithLength):
1076         (JSC::JSBigInt::createWithLengthUnchecked):
1077         (JSC::JSBigInt::createFrom):
1078         (JSC::JSBigInt::multiply):
1079         (JSC::JSBigInt::divide):
1080         (JSC::JSBigInt::copy):
1081         (JSC::JSBigInt::unaryMinus):
1082         (JSC::JSBigInt::remainder):
1083         (JSC::JSBigInt::add):
1084         (JSC::JSBigInt::sub):
1085         (JSC::JSBigInt::bitwiseAnd):
1086         (JSC::JSBigInt::bitwiseOr):
1087         (JSC::JSBigInt::bitwiseXor):
1088         (JSC::JSBigInt::absoluteAdd):
1089         (JSC::JSBigInt::absoluteSub):
1090         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
1091         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
1092         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
1093         (JSC::JSBigInt::absoluteBitwiseOp):
1094         (JSC::JSBigInt::absoluteAddOne):
1095         (JSC::JSBigInt::absoluteSubOne):
1096         (JSC::JSBigInt::toStringGeneric):
1097         (JSC::JSBigInt::rightTrim):
1098         (JSC::JSBigInt::allocateFor):
1099         (JSC::JSBigInt::createWithLength): Deleted.
1100         * runtime/JSBigInt.h:
1101         * runtime/Operations.cpp:
1102         (JSC::jsAddSlowCase):
1103         * runtime/Operations.h:
1104         (JSC::jsSub):
1105         (JSC::jsMul):
1106
1107 2018-11-20  Mark Lam  <mark.lam@apple.com>
1108
1109         Remove invalid assertion in VMTraps::SignalSender's SignalAction.
1110         https://bugs.webkit.org/show_bug.cgi?id=191856
1111         <rdar://problem/46089992>
1112
1113         Reviewed by Yusuke Suzuki.
1114
1115         The ASSERT(vm.traps().needTrapHandling()) assertion in SignalSender's SigAction
1116         function is invalid because we can't be sure that the trap has been handled yet
1117         by the time the trap fires.  This is because the main thread may also check traps
1118         (in LLInt, baseline JIT and VM runtime code).  There's a race to handle the trap.
1119         Hence, the SigAction cannot assume that the trap still needs handling by the time
1120         it is executed.  This patch removed the invalid assertion.
1121
1122         Also renamed m_trapSet to m_condition because it is a AutomaticThreadCondition,
1123         and all the ways it is used is as a condvar.  The m_trapSet name doesn't seem
1124         appropriate nor meaningful.
1125
1126         * runtime/VMTraps.cpp:
1127         (JSC::VMTraps::tryInstallTrapBreakpoints):
1128         - Added a !needTrapHandling() check as an optimization: there's no need to install
1129           VMTrap breakpoints if someone already beat us to handling the trap (remember,
1130           the main thread is racing against the VMTraps signalling thread to handle the
1131           trap too).  We only need to install the VMTraps breakpoints if we need DFG/FTL
1132           compiled code to deopt so that they can check and handle pending traps.  If the
1133           trap has already been handled, it's better to not deopt any DFG/FTL functions.
1134
1135         (JSC::VMTraps::willDestroyVM):
1136         (JSC::VMTraps::fireTrap):
1137         (JSC::VMTraps::VMTraps):
1138         * runtime/VMTraps.h:
1139
1140 2018-11-21  Dominik Infuehr  <dinfuehr@igalia.com>
1141
1142         Enable JIT on ARM/Linux
1143         https://bugs.webkit.org/show_bug.cgi?id=191548
1144
1145         Reviewed by Yusuke Suzuki.
1146
1147         Enable JIT by default on ARMv7/Linux after it was disabled with
1148         recent bytcode format change.
1149
1150         * bytecode/CodeBlock.cpp:
1151         (JSC::CodeBlock::getICStatusMap):
1152         * bytecode/CodeBlock.h:
1153         (JSC::CodeBlock::metadata):
1154         * bytecode/InByIdStatus.cpp:
1155         (JSC::InByIdStatus::computeFor):
1156         * bytecode/Instruction.h:
1157         (JSC::Instruction::cast):
1158         * bytecode/MetadataTable.h:
1159         (JSC::MetadataTable::forEach):
1160         * bytecode/PutByIdStatus.cpp:
1161         (JSC::PutByIdStatus::computeFor):
1162         (JSC::PutByIdStatus::hasExitSite): Deleted.
1163         * bytecode/PutByIdStatus.h:
1164         * dfg/DFGOSRExit.cpp:
1165         (JSC::DFG::reifyInlinedCallFrames):
1166         * dfg/DFGOSRExitCompilerCommon.cpp:
1167         (JSC::DFG::reifyInlinedCallFrames):
1168         * generator/Argument.rb:
1169         * generator/Opcode.rb:
1170         * jit/GPRInfo.h:
1171         * jit/JIT.h:
1172         * jit/JITArithmetic32_64.cpp:
1173         (JSC::JIT::emit_compareAndJump):
1174         (JSC::JIT::emit_compareUnsignedAndJump):
1175         (JSC::JIT::emit_compareUnsigned):
1176         (JSC::JIT::emit_compareAndJumpSlow):
1177         (JSC::JIT::emit_op_unsigned):
1178         (JSC::JIT::emit_op_inc):
1179         (JSC::JIT::emit_op_dec):
1180         (JSC::JIT::emitBinaryDoubleOp):
1181         (JSC::JIT::emit_op_mod):
1182         (JSC::JIT::emitSlow_op_mod):
1183         * jit/JITCall32_64.cpp:
1184         (JSC::JIT::emitPutCallResult):
1185         (JSC::JIT::emit_op_ret):
1186         (JSC::JIT::emitSlow_op_call):
1187         (JSC::JIT::emitSlow_op_tail_call):
1188         (JSC::JIT::emitSlow_op_call_eval):
1189         (JSC::JIT::emitSlow_op_call_varargs):
1190         (JSC::JIT::emitSlow_op_tail_call_varargs):
1191         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
1192         (JSC::JIT::emitSlow_op_construct_varargs):
1193         (JSC::JIT::emitSlow_op_construct):
1194         (JSC::JIT::emit_op_call):
1195         (JSC::JIT::emit_op_tail_call):
1196         (JSC::JIT::emit_op_call_eval):
1197         (JSC::JIT::emit_op_call_varargs):
1198         (JSC::JIT::emit_op_tail_call_varargs):
1199         (JSC::JIT::emit_op_tail_call_forward_arguments):
1200         (JSC::JIT::emit_op_construct_varargs):
1201         (JSC::JIT::emit_op_construct):
1202         (JSC::JIT::compileSetupFrame):
1203         (JSC::JIT::compileCallEval):
1204         (JSC::JIT::compileCallEvalSlowCase):
1205         (JSC::JIT::compileOpCall):
1206         (JSC::JIT::compileOpCallSlowCase):
1207         (JSC::JIT::compileSetupVarargsFrame): Deleted.
1208         * jit/JITInlines.h:
1209         (JSC::JIT::updateTopCallFrame):
1210         * jit/JITOpcodes.cpp:
1211         (JSC::JIT::emit_op_catch):
1212         (JSC::JIT::emitSlow_op_loop_hint):
1213         * jit/JITOpcodes32_64.cpp:
1214         (JSC::JIT::emit_op_mov):
1215         (JSC::JIT::emit_op_end):
1216         (JSC::JIT::emit_op_jmp):
1217         (JSC::JIT::emit_op_new_object):
1218         (JSC::JIT::emitSlow_op_new_object):
1219         (JSC::JIT::emit_op_overrides_has_instance):
1220         (JSC::JIT::emit_op_instanceof):
1221         (JSC::JIT::emit_op_instanceof_custom):
1222         (JSC::JIT::emitSlow_op_instanceof):
1223         (JSC::JIT::emitSlow_op_instanceof_custom):
1224         (JSC::JIT::emit_op_is_empty):
1225         (JSC::JIT::emit_op_is_undefined):
1226         (JSC::JIT::emit_op_is_boolean):
1227         (JSC::JIT::emit_op_is_number):
1228         (JSC::JIT::emit_op_is_cell_with_type):
1229         (JSC::JIT::emit_op_is_object):
1230         (JSC::JIT::emit_op_to_primitive):
1231         (JSC::JIT::emit_op_set_function_name):
1232         (JSC::JIT::emit_op_not):
1233         (JSC::JIT::emit_op_jfalse):
1234         (JSC::JIT::emit_op_jtrue):
1235         (JSC::JIT::emit_op_jeq_null):
1236         (JSC::JIT::emit_op_jneq_null):
1237         (JSC::JIT::emit_op_jneq_ptr):
1238         (JSC::JIT::emit_op_eq):
1239         (JSC::JIT::emitSlow_op_eq):
1240         (JSC::JIT::emit_op_jeq):
1241         (JSC::JIT::emitSlow_op_jeq):
1242         (JSC::JIT::emit_op_neq):
1243         (JSC::JIT::emitSlow_op_neq):
1244         (JSC::JIT::emit_op_jneq):
1245         (JSC::JIT::emitSlow_op_jneq):
1246         (JSC::JIT::compileOpStrictEq):
1247         (JSC::JIT::emit_op_stricteq):
1248         (JSC::JIT::emit_op_nstricteq):
1249         (JSC::JIT::compileOpStrictEqJump):
1250         (JSC::JIT::emit_op_jstricteq):
1251         (JSC::JIT::emit_op_jnstricteq):
1252         (JSC::JIT::emitSlow_op_jstricteq):
1253         (JSC::JIT::emitSlow_op_jnstricteq):
1254         (JSC::JIT::emit_op_eq_null):
1255         (JSC::JIT::emit_op_neq_null):
1256         (JSC::JIT::emit_op_throw):
1257         (JSC::JIT::emit_op_to_number):
1258         (JSC::JIT::emit_op_to_string):
1259         (JSC::JIT::emit_op_to_object):
1260         (JSC::JIT::emit_op_catch):
1261         (JSC::JIT::emit_op_identity_with_profile):
1262         (JSC::JIT::emit_op_get_parent_scope):
1263         (JSC::JIT::emit_op_switch_imm):
1264         (JSC::JIT::emit_op_switch_char):
1265         (JSC::JIT::emit_op_switch_string):
1266         (JSC::JIT::emit_op_debug):
1267         (JSC::JIT::emit_op_enter):
1268         (JSC::JIT::emit_op_get_scope):
1269         (JSC::JIT::emit_op_create_this):
1270         (JSC::JIT::emit_op_to_this):
1271         (JSC::JIT::emit_op_check_tdz):
1272         (JSC::JIT::emit_op_has_structure_property):
1273         (JSC::JIT::privateCompileHasIndexedProperty):
1274         (JSC::JIT::emit_op_has_indexed_property):
1275         (JSC::JIT::emitSlow_op_has_indexed_property):
1276         (JSC::JIT::emit_op_get_direct_pname):
1277         (JSC::JIT::emit_op_enumerator_structure_pname):
1278         (JSC::JIT::emit_op_enumerator_generic_pname):
1279         (JSC::JIT::emit_op_profile_type):
1280         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1281         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1282         * jit/JITPropertyAccess32_64.cpp:
1283         (JSC::JIT::emit_op_put_getter_by_id):
1284         (JSC::JIT::emit_op_put_setter_by_id):
1285         (JSC::JIT::emit_op_put_getter_setter_by_id):
1286         (JSC::JIT::emit_op_put_getter_by_val):
1287         (JSC::JIT::emit_op_put_setter_by_val):
1288         (JSC::JIT::emit_op_del_by_id):
1289         (JSC::JIT::emit_op_del_by_val):
1290         (JSC::JIT::emit_op_get_by_val):
1291         (JSC::JIT::emitGetByValWithCachedId):
1292         (JSC::JIT::emitSlow_op_get_by_val):
1293         (JSC::JIT::emit_op_put_by_val_direct):
1294         (JSC::JIT::emit_op_put_by_val):
1295         (JSC::JIT::emitGenericContiguousPutByVal):
1296         (JSC::JIT::emitArrayStoragePutByVal):
1297         (JSC::JIT::emitPutByValWithCachedId):
1298         (JSC::JIT::emitSlow_op_put_by_val):
1299         (JSC::JIT::emit_op_try_get_by_id):
1300         (JSC::JIT::emitSlow_op_try_get_by_id):
1301         (JSC::JIT::emit_op_get_by_id_direct):
1302         (JSC::JIT::emitSlow_op_get_by_id_direct):
1303         (JSC::JIT::emit_op_get_by_id):
1304         (JSC::JIT::emitSlow_op_get_by_id):
1305         (JSC::JIT::emit_op_get_by_id_with_this):
1306         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1307         (JSC::JIT::emit_op_put_by_id):
1308         (JSC::JIT::emitSlow_op_put_by_id):
1309         (JSC::JIT::emit_op_in_by_id):
1310         (JSC::JIT::emitSlow_op_in_by_id):
1311         (JSC::JIT::emit_op_resolve_scope):
1312         (JSC::JIT::emit_op_get_from_scope):
1313         (JSC::JIT::emitSlow_op_get_from_scope):
1314         (JSC::JIT::emit_op_put_to_scope):
1315         (JSC::JIT::emitSlow_op_put_to_scope):
1316         (JSC::JIT::emit_op_get_from_arguments):
1317         (JSC::JIT::emit_op_put_to_arguments):
1318         * jit/RegisterSet.cpp:
1319         (JSC::RegisterSet::vmCalleeSaveRegisters):
1320         * llint/LLIntData.cpp:
1321         (JSC::LLInt::Data::performAssertions):
1322         * llint/LowLevelInterpreter.asm:
1323         * runtime/SamplingProfiler.cpp:
1324         (JSC::tryGetBytecodeIndex):
1325
1326 2018-11-20  Saam barati  <sbarati@apple.com>
1327
1328         Merging an IC variant may lead to the IC status containing overlapping structure sets
1329         https://bugs.webkit.org/show_bug.cgi?id=191869
1330         <rdar://problem/45403453>
1331
1332         Reviewed by Mark Lam.
1333
1334         When merging two IC variant lists, we may end up in a world where we have
1335         overlapping structure sets. We defend against this when we append a new
1336         variant, but we should also defend against it once we merge in a new variant.
1337         
1338         Consider this case with MultiPutByOffset, where we merge two PutByIdStatuses
1339         together, P1 and P2.
1340         
1341         Let's consider these structures:
1342         s1 = {}
1343         s2 = {p: 0}
1344         s3 = {p: 0, p2: 1}
1345         
1346         P1 contains these variants:
1347         Transition: [s1 => s2]
1348         Replace: [s2, s3]
1349         
1350         P2 contains:
1351         Replace: [s2]
1352         
1353         Because of the ordering of the variants, we may end up combining
1354         P2's replace into P1's transition, forming this new list:
1355         Transition: [(s1, s2) => s2]
1356         Replace: [s2, s3]
1357         
1358         Obviously the ideal thing here is to have some ordering when we merge
1359         in variants to choose the most ideal option. It'd be ideal for P2's
1360         Replace to be merged into P1's replace.
1361         
1362         If we notice that this is super important, we can implement some kind
1363         of ordering. None of our tests (until this patch) stress this. This patch
1364         just makes it so we defend against this crazy scenario by falling back
1365         to the slow path gracefully. This prevents us from emitting invalid
1366         IR in FTL->B3 lowering by creating a switch with two case labels being
1367         identical values.
1368
1369         * bytecode/ICStatusUtils.h:
1370         (JSC::appendICStatusVariant):
1371
1372 2018-11-20  Fujii Hironori  <Hironori.Fujii@sony.com>
1373
1374         REGRESSION(r238039) WebCore::JSDOMGlobalObject::createStructure is using JSC::Structure::create without including StructureInlines.h
1375         https://bugs.webkit.org/show_bug.cgi?id=191626
1376         <rdar://problem/46161064>
1377
1378         Unreviewed adding comment for my change r238366.
1379
1380         * runtime/Structure.h: Added a comment for Structure::create.
1381
1382 2018-11-19  Mark Lam  <mark.lam@apple.com>
1383
1384         globalFuncImportModule() should return a promise when it clears exceptions.
1385         https://bugs.webkit.org/show_bug.cgi?id=191792
1386         <rdar://problem/46090763>
1387
1388         Reviewed by Michael Saboff.
1389
1390         If we're clearing the exceptions in a CatchScope, then it means that we've handled
1391         the exception, and is able to proceed in a normal manner.  Hence, we should not
1392         return the empty JSValue in this case: instead, we should return a Promise as
1393         expected by import's API.
1394
1395         The only time when we can't return a promise is when we fail to create a Promise.
1396         In that case, we should be propagating the exception.
1397
1398         Hence, globalFuncImportModule() contains a ThrowScope (for propagating the
1399         exception that arises from failure to create the Promise) wrapping a CatchScope
1400         (for catching any exception that arises from failure to execute the import).
1401
1402         Also fixed similar issues, and some exception check issues in JSModuleLoader and
1403         the jsc shell.
1404
1405         * jsc.cpp:
1406         (GlobalObject::moduleLoaderImportModule):
1407         (GlobalObject::moduleLoaderFetch):
1408         * runtime/JSGlobalObjectFunctions.cpp:
1409         (JSC::globalFuncImportModule):
1410         * runtime/JSModuleLoader.cpp:
1411         (JSC::JSModuleLoader::loadAndEvaluateModule):
1412         (JSC::JSModuleLoader::loadModule):
1413         (JSC::JSModuleLoader::requestImportModule):
1414         (JSC::JSModuleLoader::importModule):
1415         (JSC::JSModuleLoader::resolve):
1416         (JSC::JSModuleLoader::fetch):
1417         (JSC::moduleLoaderParseModule):
1418         (JSC::moduleLoaderResolveSync):
1419
1420 2018-11-19  Alex Christensen  <achristensen@webkit.org>
1421
1422         Add SPI to disable JIT in a WKWebView
1423         https://bugs.webkit.org/show_bug.cgi?id=191822
1424         <rdar://problem/28119360>
1425
1426         Reviewed by Geoffrey Garen.
1427
1428         * jit/ExecutableAllocator.cpp:
1429         (JSC::jitDisabled):
1430         (JSC::allowJIT):
1431         (JSC::ExecutableAllocator::setJITEnabled):
1432         * jit/ExecutableAllocator.h:
1433         (JSC::ExecutableAllocator::setJITEnabled):
1434
1435 2018-11-19  Fujii Hironori  <Hironori.Fujii@sony.com>
1436
1437         [MSVC] X86Assembler.h(108): error C2666: 'WebCore::operator -': 7 overloads have similar conversions
1438         https://bugs.webkit.org/show_bug.cgi?id=189467
1439         <rdar://problem/44290945>
1440
1441         Reviewed by Mark Lam.
1442
1443         This issue has happened several times. And, it seems that it will
1444         take more time for Microsoft to fix the MSVC bug. We need a
1445         effective workaround not to repeat this issue until they fix MSVC.
1446
1447         Remove ": int8_t" of RegisterID only for COMPILER(MSVC).
1448
1449         * assembler/X86Assembler.h: Added JSC_X86_ASM_REGISTER_ID_ENUM_BASE_TYPE macro.
1450
1451 2018-11-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1452
1453         [WebAssembly] I64 arguments / return value check should be moved from callWebAssemblyFunction to JSToWasm wrapper
1454         https://bugs.webkit.org/show_bug.cgi?id=190512
1455
1456         Reviewed by Keith Miller.
1457
1458         This patch moves I64 arguments / return value check from callWebAssemblyFunction to JSToWasm wrapper. Since this
1459         check can be done when compiling the function, we should encode the result into the generated wrapper instead of
1460         checking every time we call callWebAssemblyFunction. This change is also one of the steps removing callWebAssemblyFunction
1461         entirely.
1462
1463         * wasm/WasmExceptionType.h:
1464         * wasm/js/JSToWasm.cpp:
1465         (JSC::Wasm::createJSToWasmWrapper):
1466         * wasm/js/WebAssemblyFunction.cpp:
1467         (JSC::callWebAssemblyFunction):
1468         * wasm/js/WebAssemblyWrapperFunction.cpp:
1469         (JSC::callWebAssemblyWrapperFunction):
1470
1471 2018-11-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1472
1473         Consider removing double load for accessing the instructions from LLInt
1474         https://bugs.webkit.org/show_bug.cgi?id=190932
1475
1476         Reviewed by Mark Lam.
1477
1478         Changing InstructionStream to RefCountedArray like structure involves so much changes
1479         including BytecodeGraph, PreciseJumpTargets etc. Instead, CodeBlock simply hold a raw
1480         pointer to the InstructionStream's data. Since InstructionStream is not changed
1481         anymore, this pointer is valid while CodeBlock is live.
1482
1483         * bytecode/CodeBlock.cpp:
1484         (JSC::CodeBlock::CodeBlock):
1485         * bytecode/CodeBlock.h:
1486         * bytecode/InstructionStream.h:
1487         (JSC::InstructionStream::rawPointer const):
1488         * llint/LowLevelInterpreter.asm:
1489         * llint/LowLevelInterpreter32_64.asm:
1490         * llint/LowLevelInterpreter64.asm:
1491
1492 2018-11-18  Fujii Hironori  <Hironori.Fujii@sony.com>
1493
1494         REGRESSION(r238039) WebCore::JSDOMGlobalObject::createStructure is using JSC::Structure::create without including StructureInlines.h
1495         https://bugs.webkit.org/show_bug.cgi?id=191626
1496
1497         Reviewed by Yusuke Suzuki.
1498
1499         JSC::Structure::create is used everywhere. It should be defined in
1500         Structure.h, not in StructureInlines.h.
1501
1502         * runtime/Structure.h:
1503         (JSC::Structure::create): Moved.
1504         * runtime/StructureInlines.h: Moved JSC::Structure::create.
1505
1506 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1507
1508         Unreviewed, rolling in the rest of r237254
1509         https://bugs.webkit.org/show_bug.cgi?id=190340
1510
1511         * parser/ParserModes.h:
1512         * parser/ParserTokens.h:
1513         (JSC::JSTextPosition::JSTextPosition):
1514         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
1515         * runtime/CodeCache.cpp:
1516         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1517         * runtime/FunctionConstructor.cpp:
1518         (JSC::constructFunctionSkippingEvalEnabledCheck):
1519
1520 2018-11-17  Devin Rousso  <drousso@apple.com>
1521
1522         Web Inspector: Network: add button to show system certificate dialog
1523         https://bugs.webkit.org/show_bug.cgi?id=191458
1524         <rdar://problem/45977019>
1525
1526         Reviewed by Joseph Pecoraro.
1527
1528         * inspector/protocol/Network.json:
1529         Add `getSerializedCertificate` command.
1530
1531 2018-11-17  Dominik Infuehr  <dinfuehr@igalia.com>
1532
1533         Fix build with disabled DFG/FTL
1534         https://bugs.webkit.org/show_bug.cgi?id=191256
1535
1536         Reviewed by Yusuke Suzuki.
1537
1538         Fix compilation errors and warnings with both DFG and FTL
1539         disabled at compile-time.
1540
1541         * bytecode/CodeBlock.cpp:
1542         (JSC::CodeBlock::getICStatusMap):
1543         * bytecode/InByIdStatus.cpp:
1544         (JSC::InByIdStatus::computeFor):
1545         * bytecode/PutByIdStatus.cpp:
1546         (JSC::PutByIdStatus::computeFor):
1547         (JSC::PutByIdStatus::hasExitSite): Deleted.
1548         * bytecode/PutByIdStatus.h:
1549         * jit/JITOpcodes.cpp:
1550         (JSC::JIT::emit_op_catch):
1551
1552 2018-11-16  Joseph Pecoraro  <pecoraro@apple.com>
1553
1554         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Local Inspector)
1555         https://bugs.webkit.org/show_bug.cgi?id=191740
1556         <rdar://problem/45470897>
1557
1558         Reviewed by Timothy Hatcher.
1559
1560         * inspector/InspectorFrontendChannel.h:
1561         Expose EnumTraits for ConnectionType for WebKit IPC messages.
1562
1563 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1564
1565         All users of ArrayBuffer should agree on the same max size
1566         https://bugs.webkit.org/show_bug.cgi?id=191771
1567
1568         Reviewed by Mark Lam.
1569
1570         Array buffers cannot be larger than 0x7fffffff, because otherwise loading typedArray.length in the DFG/FTL would produce
1571         a uint32 or would require a signedness check, neither of which sounds reasonable. It's better to just bound their max size
1572         instead.
1573
1574         * runtime/ArrayBuffer.cpp:
1575         (JSC::ArrayBufferContents::ArrayBufferContents):
1576         (JSC::ArrayBufferContents::tryAllocate):
1577         (JSC::ArrayBufferContents::transferTo):
1578         (JSC::ArrayBufferContents::copyTo):
1579         (JSC::ArrayBufferContents::shareWith):
1580         * runtime/ArrayBuffer.h:
1581         * wasm/WasmMemory.cpp:
1582         (JSC::Wasm::Memory::tryCreate):
1583         (JSC::Wasm::Memory::grow):
1584         * wasm/WasmPageCount.h:
1585
1586 2018-11-16  Saam Barati  <sbarati@apple.com>
1587
1588         KnownCellUse should also have SpecCellCheck as its type filter
1589         https://bugs.webkit.org/show_bug.cgi?id=191729
1590         <rdar://problem/45872852>
1591
1592         Reviewed by Filip Pizlo.
1593
1594         We write transformations in the compiler like this where we emit edges with
1595         KnownCellUse if we know we're inserting code at a point where we're dominated
1596         by a Cell check:
1597         
1598         a: SomeValue
1599         b: Something(Cell:@a)
1600         c: SomethingElse(@b)
1601         d: CheckNotEmpty(@a)
1602         
1603         =>
1604         
1605         a: SomeValue
1606         b: Something(Cell:@a)
1607         e: RandomOtherThing(KnownCellUse:@a)
1608         c: SomethingElse(@b)
1609         d: CheckNotEmpty(@a)
1610         
1611         However, doing this used to lead to subtly incorrect programs since KnownCellUse
1612         did not allow the empty value to flow through it. We used to end up incorrectly
1613         deleting @d in the above program. We fix this, we make KnownCellUse allow the empty
1614         value to flow through.
1615
1616         * dfg/DFGUseKind.h:
1617         (JSC::DFG::typeFilterFor):
1618
1619 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
1620
1621         Fix assertion failure on BytecodeGenerator::recordOpcode
1622         https://bugs.webkit.org/show_bug.cgi?id=191724
1623         <rdar://problem/45724395>
1624
1625         Reviewed by Saam Barati.
1626
1627         Since https://bugs.webkit.org/show_bug.cgi?id=187373, we were not
1628         restoring m_lastInstruction after patching the bytecode when
1629         finalizing StructureForInContexts, only m_lastOpcodeID, which led to
1630         the assertion failure.
1631
1632         * bytecompiler/BytecodeGenerator.cpp:
1633         (JSC::StructureForInContext::finalize):
1634
1635 2018-11-15  Mark Lam  <mark.lam@apple.com>
1636
1637         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
1638         https://bugs.webkit.org/show_bug.cgi?id=191730
1639         <rdar://problem/46048517>
1640
1641         Reviewed by Saam Barati.
1642
1643         According to the spec https://www.ecma-international.org/ecma-262/9.0/index.html#sec-regexp.prototype-@@match,
1644         the RegExp match results are filled in using the spec's CreateDataProperty()
1645         function which does not consult the prototype for setters.  JSArray:push()
1646         consults the prototype for setters.  We should be using putDirectIndex() instead.
1647
1648         * runtime/RegExpObjectInlines.h:
1649         (JSC::collectMatches):
1650
1651 2018-11-15  Mark Lam  <mark.lam@apple.com>
1652
1653         RegExp operations should not take fast patch if lastIndex is not numeric.
1654         https://bugs.webkit.org/show_bug.cgi?id=191731
1655         <rdar://problem/46017305>
1656
1657         Reviewed by Saam Barati.
1658
1659         This is because if lastIndex is an object with a valueOf() method, it can execute
1660         arbitrary code which may have side effects, and side effects are not permitted by
1661         the RegExp fast paths.
1662
1663         * builtins/RegExpPrototype.js:
1664         (globalPrivate.hasObservableSideEffectsForRegExpMatch):
1665         (overriddenName.string_appeared_here.search):
1666         (globalPrivate.hasObservableSideEffectsForRegExpSplit):
1667         (intrinsic.RegExpTestIntrinsic.test):
1668         * builtins/StringPrototype.js:
1669         (globalPrivate.hasObservableSideEffectsForStringReplace):
1670
1671 2018-11-15  Keith Rollin  <krollin@apple.com>
1672
1673         Delete old .xcfilelist files
1674         https://bugs.webkit.org/show_bug.cgi?id=191669
1675         <rdar://problem/46081994>
1676
1677         Reviewed by Chris Dumez.
1678
1679         .xcfilelist files were created and added to the Xcode project files in
1680         https://trac.webkit.org/changeset/238008/webkit. However, they caused
1681         build issues and they were removed from the Xcode projects in
1682         https://trac.webkit.org/changeset/238055/webkit. This check-in removes
1683         the files from the repository altogether. They'll ultimately be
1684         replaced with new files with names that indicate whether the
1685         associated files are inputs to the Run Script phase or are files
1686         created by the Run Script phase.
1687
1688         * DerivedSources.xcfilelist: Removed.
1689         * UnifiedSources.xcfilelist: Removed.
1690
1691 2018-11-14  Keith Rollin  <krollin@apple.com>
1692
1693         Move scripts for Derived and Unified Sources to external files
1694         https://bugs.webkit.org/show_bug.cgi?id=191670
1695         <rdar://problem/46082278>
1696
1697         Reviewed by Keith Miller.
1698
1699         Move the scripts in the Generate Derived Sources and Generate Unified
1700         Sources Run Script phases from the Xcode projects to external shell
1701         script files. Then invoke those scripts from the Run Script phases.
1702         This refactoring is being performed to support later work that will
1703         invoke these scripts in other contexts.
1704
1705         The scripts were maintained as-is when making the move. I did a little
1706         reformatting and added 'set -e' to the top of each file, but that's
1707         it.
1708
1709         * JavaScriptCore.xcodeproj/project.pbxproj:
1710         * Scripts/generate-derived-sources.sh: Added.
1711         * Scripts/generate-unified-sources.sh: Added.
1712
1713 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
1714
1715         Web Inspector: Pass Inspector::FrontendChannel as a reference connect/disconnect methods
1716         https://bugs.webkit.org/show_bug.cgi?id=191612
1717
1718         Reviewed by Matt Baker.
1719
1720         * inspector/InspectorFrontendRouter.cpp:
1721         (Inspector::FrontendRouter::connectFrontend):
1722         (Inspector::FrontendRouter::disconnectFrontend):
1723         * inspector/InspectorFrontendRouter.h:
1724         * inspector/JSGlobalObjectInspectorController.cpp:
1725         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1726         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
1727         * inspector/JSGlobalObjectInspectorController.h:
1728         * inspector/remote/RemoteControllableTarget.h:
1729         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
1730         (Inspector::RemoteConnectionToTarget::setup):
1731         (Inspector::RemoteConnectionToTarget::close):
1732         * inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
1733         (Inspector::RemoteConnectionToTarget::setup):
1734         (Inspector::RemoteConnectionToTarget::close):
1735         * runtime/JSGlobalObjectDebuggable.cpp:
1736         (JSC::JSGlobalObjectDebuggable::connect):
1737         (JSC::JSGlobalObjectDebuggable::disconnect):
1738         * runtime/JSGlobalObjectDebuggable.h:
1739
1740 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
1741
1742         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Remote Inspector)
1743         https://bugs.webkit.org/show_bug.cgi?id=191494
1744         <rdar://problem/45469854>
1745
1746         Reviewed by Devin Rousso.
1747
1748         * CMakeLists.txt:
1749         * DerivedSources.make:
1750         * JavaScriptCore.xcodeproj/project.pbxproj:
1751         * Sources.txt:
1752         New domain and resources.
1753
1754         * inspector/protocol/Target.json: Added.
1755         New protocol domain, modeled after Worker.json, to allow for
1756         multiplexing between different targets.
1757
1758         * inspector/InspectorTarget.h:
1759         Each target will instantiate an InspectorTarget and must
1760         provide an identifier, type, and means of connecting/disconnecting
1761         to a frontend channel.
1762
1763         * inspector/agents/InspectorTargetAgent.cpp: Added.
1764         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
1765         (Inspector::InspectorTargetAgent::didCreateFrontendAndBackend):
1766         (Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend):
1767         (Inspector::InspectorTargetAgent::exists):
1768         (Inspector::InspectorTargetAgent::initialized):
1769         (Inspector::InspectorTargetAgent::sendMessageToTarget):
1770         (Inspector::InspectorTargetAgent::sendMessageFromTargetToFrontend):
1771         (Inspector::targetTypeToProtocolType):
1772         (Inspector::buildTargetInfoObject):
1773         (Inspector::InspectorTargetAgent::targetCreated):
1774         (Inspector::InspectorTargetAgent::targetTerminated):
1775         (Inspector::InspectorTargetAgent::connectToTargets):
1776         (Inspector::InspectorTargetAgent::disconnectFromTargets):
1777         * inspector/agents/InspectorTargetAgent.h: Added.
1778         TargetAgent holds a list of targets, and connects/disconnects to each
1779         of the targets when a frontend connects/disconnects.
1780
1781         * inspector/scripts/codegen/generator.py:
1782         Better enum casing of ServiceWorker.
1783
1784 2018-11-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1785
1786         Unreviewed, rolling in CodeCache in r237254
1787         https://bugs.webkit.org/show_bug.cgi?id=190340
1788
1789         Land the CodeCache part without adding an additional hash value.
1790
1791         * bytecode/UnlinkedFunctionExecutable.cpp:
1792         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1793         * bytecode/UnlinkedFunctionExecutable.h:
1794         * parser/SourceCodeKey.h:
1795         (JSC::SourceCodeKey::SourceCodeKey):
1796         (JSC::SourceCodeKey::operator== const):
1797         * runtime/CodeCache.cpp:
1798         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1799         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1800         * runtime/CodeCache.h:
1801         * runtime/FunctionConstructor.cpp:
1802         (JSC::constructFunctionSkippingEvalEnabledCheck):
1803         * runtime/FunctionExecutable.cpp:
1804         (JSC::FunctionExecutable::fromGlobalCode):
1805         * runtime/FunctionExecutable.h:
1806
1807 2018-11-13  Saam Barati  <sbarati@apple.com>
1808
1809         ProxyObject should check for VMInquiry and return early before throwing a stack overflow exception
1810         https://bugs.webkit.org/show_bug.cgi?id=191601
1811
1812         Reviewed by Mark Lam.
1813
1814         This doesn't fix any bugs today, but it may reduce future bugs. It was
1815         always weird that ProxyObject::getOwnPropertySlot with VMInquiry might
1816         throw a stack overflow error instead of just returning false like it
1817         normally does when VMInquiry is passed in.
1818
1819         * runtime/ProxyObject.cpp:
1820         (JSC::ProxyObject::getOwnPropertySlotCommon):
1821
1822 2018-11-13  Saam Barati  <sbarati@apple.com>
1823
1824         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
1825         https://bugs.webkit.org/show_bug.cgi?id=191600
1826
1827         Reviewed by Mark Lam.
1828
1829         processLogEntries will call into calculatedClassName, which will clear
1830         any exceptions it encounters (it assumes that they're stack overflow exceptions).
1831         However, this code may be called when an exception is already pending on the 
1832         VM (e.g, when we throw an exception in the DFG, we compile an OSR exit
1833         offramp, which may compile a baseline codeblock, which will process
1834         the type profiler log). To get around this, processLogEntires should stash
1835         away and re-apply any pending exceptions.
1836
1837         * dfg/DFGDriver.cpp:
1838         (JSC::DFG::compileImpl):
1839         * dfg/DFGOperations.cpp:
1840         * inspector/agents/InspectorRuntimeAgent.cpp:
1841         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1842         * jit/JIT.cpp:
1843         (JSC::JIT::doMainThreadPreparationBeforeCompile):
1844         * jit/JITOperations.cpp:
1845         * runtime/CommonSlowPaths.cpp:
1846         (JSC::SLOW_PATH_DECL):
1847         * runtime/TypeProfilerLog.cpp:
1848         (JSC::TypeProfilerLog::processLogEntries):
1849         * runtime/TypeProfilerLog.h:
1850         * runtime/VM.cpp:
1851         (JSC::VM::dumpTypeProfilerData):
1852         * runtime/VM.h:
1853         (JSC::VM::DeferExceptionScope::DeferExceptionScope):
1854         * tools/JSDollarVM.cpp:
1855         (JSC::functionFindTypeForExpression):
1856         (JSC::functionReturnTypeFor):
1857
1858 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
1859
1860         Unreviewed, rolling out r238132.
1861
1862         The test added with this change is timing out on Debug JSC
1863         bots.
1864
1865         Reverted changeset:
1866
1867         "[BigInt] JSBigInt::createWithLength should throw when length
1868         is greater than JSBigInt::maxLength"
1869         https://bugs.webkit.org/show_bug.cgi?id=190836
1870         https://trac.webkit.org/changeset/238132
1871
1872 2018-11-12  Mark Lam  <mark.lam@apple.com>
1873
1874         Add OOM detection to StringPrototype's substituteBackreferences().
1875         https://bugs.webkit.org/show_bug.cgi?id=191563
1876         <rdar://problem/45720428>
1877
1878         Reviewed by Saam Barati.
1879
1880         * dfg/DFGStrengthReductionPhase.cpp:
1881         (JSC::DFG::StrengthReductionPhase::handleNode):
1882         * runtime/StringPrototype.cpp:
1883         (JSC::substituteBackreferencesSlow):
1884         (JSC::substituteBackreferencesInline):
1885         (JSC::substituteBackreferences):
1886         (JSC::replaceUsingRegExpSearch):
1887         (JSC::replaceUsingStringSearch):
1888         * runtime/StringPrototype.h:
1889
1890 2018-11-13  Mark Lam  <mark.lam@apple.com>
1891
1892         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
1893         https://bugs.webkit.org/show_bug.cgi?id=191579
1894         <rdar://problem/45942472>
1895
1896         Reviewed by Saam Barati.
1897
1898         Both of these functions do a lot of work.  It would be good for the topCallFrame
1899         to be correct should we need to throw an exception.
1900
1901         For example, we've observed the following crash trace:
1902
1903           * frame #0: WTFCrash() at Assertions.cpp:253
1904             frame #1: ...
1905             frame #2: JSC::StructureIDTable::get(this=0x00006040000162f0, structureID=1874583248) at StructureIDTable.h:129
1906             frame #3: JSC::VM::getStructure(this=0x0000604000016210, id=4022066896) at VM.h:705
1907             frame #4: JSC::JSCell::structure(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:125
1908             frame #5: JSC::JSCell::classInfo(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:335
1909             frame #6: JSC::JSCell::inherits(this=0x00007ffeefbbde30, vm=0x0000604000016210, info=0x0000000105eaf020) const at JSCellInlines.h:302
1910             frame #7: JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(from=0x00007ffeefbbde30) at JSCast.h:36
1911             frame #8: JSC::asObject(cell=0x00007ffeefbbde30) at JSObject.h:1299
1912             frame #9: JSC::asObject(value=JSValue @ 0x00007ffeefbba380) at JSObject.h:1304
1913             frame #10: JSC::Register::object(this=0x00007ffeefbbdd58) const at JSObject.h:1514
1914             frame #11: JSC::ExecState::jsCallee(this=0x00007ffeefbbdd40) const at CallFrame.h:107
1915             frame #12: JSC::ExecState::isStackOverflowFrame(this=0x00007ffeefbbdd40) const at CallFrameInlines.h:36
1916             frame #13: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:52
1917             frame #14: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:41
1918             frame #15: void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>&, unsigned long, unsigned long)::$_3>(startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800, functor=0x00007ffeefbbaa60)::$_3 const&) at StackVisitor.h:147
1919             frame #16: JSC::Interpreter::getStackTrace(this=0x0000602000005db0, owner=0x000062d00020cbe0, results=0x00006020000249d0, framesToSkip=0, maxStackSize=1) at Interpreter.cpp:437
1920             frame #17: JSC::getStackTrace(exec=0x000062d00002c048, vm=0x0000631000000800, obj=0x000062d00020cbe0, useCurrentFrame=true) at Error.cpp:170
1921             frame #18: JSC::ErrorInstance::finishCreation(this=0x000062d00020cbe0, exec=0x000062d00002c048, vm=0x0000631000000800, message=0x00007ffeefbbb800, useCurrentFrame=true) at ErrorInstance.cpp:119
1922             frame #19: JSC::ErrorInstance::create(exec=0x000062d00002c048, vm=0x0000631000000800, structure=0x000062d0000f5730, message=0x00007ffeefbbb800, appender=0x0000000000000000, type=TypeNothing, useCurrentFrame=true)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) at ErrorInstance.h:49
1923             frame #20: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800, appender=0x0000000000000000)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) at Error.cpp:68
1924             frame #21: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800) at Error.cpp:316
1925             frame #22: JSC::createStackOverflowError(exec=0x000062d00002c048, globalObject=0x000062d00002c000) at ExceptionHelpers.cpp:77
1926             frame #23: JSC::createStackOverflowError(exec=0x000062d00002c048) at ExceptionHelpers.cpp:72
1927             frame #24: JSC::throwStackOverflowError(exec=0x000062d00002c048, scope=0x00007ffeefbbbaa0) at ExceptionHelpers.cpp:335
1928             frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372
1929             frame #26: JSC::ProxyObject::getOwnPropertySlot(object=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbd40, slot=0x00007ffeefbbc720) at ProxyObject.cpp:395
1930             frame #27: JSC::JSObject::getNonIndexPropertySlot(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbea0, slot=0x00007ffeefbbc720) at JSObjectInlines.h:150
1931             frame #28: bool JSC::JSObject::getPropertySlot<false>(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbc320, slot=0x00007ffeefbbc720) at JSObject.h:1424
1932             frame #29: JSC::JSObject::calculatedClassName(object=0x000062d000200e40) at JSObject.cpp:535
1933             frame #30: JSC::Structure::toStructureShape(this=0x000062d000007410, value=JSValue @ 0x00007ffeefbbcae0, sawPolyProtoStructure=0x00007ffeefbbcf60) at Structure.cpp:1142
1934             frame #31: JSC::TypeProfilerLog::processLogEntries(this=0x000060400000a950, reason=0x00007ffeefbbd5c0) at TypeProfilerLog.cpp:89
1935             frame #32: JSC::JIT::doMainThreadPreparationBeforeCompile(this=0x0000619000034da0) at JIT.cpp:951
1936             frame #33: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:43
1937             frame #34: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:42
1938             frame #35: JSC::JITWorklist::compileLater(this=0x0000616000001b80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:256
1939             frame #36: JSC::LLInt::jitCompileAndSetHeuristics(codeBlock=0x000062d0001d88c0, exec=0x00007ffeefbbde30, loopOSREntryBytecodeOffset=0) at LLIntSlowPaths.cpp:391
1940             frame #37: llint_replace(exec=0x00007ffeefbbde30, pc=0x00006040000161ba) at LLIntSlowPaths.cpp:516
1941             frame #38: llint_entry at LowLevelInterpreter64.asm:98
1942             frame #39: vmEntryToJavaScript at LowLevelInterpreter64.asm:296
1943             ...
1944
1945         This crash occurred because StackVisitor was seeing an invalid topCallFrame while
1946         trying to capture the Error stack while throwing a StackOverflowError below
1947         llint_replace.  While in this specific example, it is questionable whether we
1948         should be executing JS code below TypeProfilerLog::processLogEntries(), it is
1949         correct to have set the topCallFrame in llint_replace.  We do this by calling
1950         LLINT_BEGIN_NO_SET_PC() at the top of llint_replace.
1951
1952         We also do the same for llint_osr.
1953         
1954         Note: both of these LLInt slow path functions are called with a fully initialized
1955         CallFrame.  Hence, there's no issue with setting topCallFrame to their CallFrames
1956         for these functions.
1957
1958         * llint/LLIntSlowPaths.cpp:
1959         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1960
1961 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
1962
1963         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
1964         https://bugs.webkit.org/show_bug.cgi?id=190836
1965
1966         Reviewed by Saam Barati.
1967
1968         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
1969         where we allocate a BigInt trusting the length received as argument.
1970         With this additional method, we now check if length passed to
1971         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
1972         When the length is greater than maxLength, we then throw OOM
1973         exception.
1974         This required change the interface of some JSBigInt operations to
1975         receive `ExecState*` instead of `VM&`. We changed only operations that
1976         can throw because of OOM.
1977         We beleive that this approach of throwing instead of finishing the
1978         execution abruptly is better because JS programs can catch such
1979         exception and handle this issue properly.
1980
1981         * dfg/DFGOperations.cpp:
1982         * jit/JITOperations.cpp:
1983         * runtime/CommonSlowPaths.cpp:
1984         (JSC::SLOW_PATH_DECL):
1985         * runtime/JSBigInt.cpp:
1986         (JSC::JSBigInt::createZero):
1987         (JSC::JSBigInt::tryCreateWithLength):
1988         (JSC::JSBigInt::createWithLengthUnchecked):
1989         (JSC::JSBigInt::createFrom):
1990         (JSC::JSBigInt::multiply):
1991         (JSC::JSBigInt::divide):
1992         (JSC::JSBigInt::copy):
1993         (JSC::JSBigInt::unaryMinus):
1994         (JSC::JSBigInt::remainder):
1995         (JSC::JSBigInt::add):
1996         (JSC::JSBigInt::sub):
1997         (JSC::JSBigInt::bitwiseAnd):
1998         (JSC::JSBigInt::bitwiseOr):
1999         (JSC::JSBigInt::bitwiseXor):
2000         (JSC::JSBigInt::absoluteAdd):
2001         (JSC::JSBigInt::absoluteSub):
2002         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
2003         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
2004         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
2005         (JSC::JSBigInt::absoluteBitwiseOp):
2006         (JSC::JSBigInt::absoluteAddOne):
2007         (JSC::JSBigInt::absoluteSubOne):
2008         (JSC::JSBigInt::toStringGeneric):
2009         (JSC::JSBigInt::rightTrim):
2010         (JSC::JSBigInt::allocateFor):
2011         (JSC::JSBigInt::createWithLength): Deleted.
2012         * runtime/JSBigInt.h:
2013         * runtime/Operations.cpp:
2014         (JSC::jsAddSlowCase):
2015         * runtime/Operations.h:
2016         (JSC::jsSub):
2017         (JSC::jsMul):
2018
2019 2018-11-12  Devin Rousso  <drousso@apple.com>
2020
2021         Web Inspector: Network: show secure certificate details per-request
2022         https://bugs.webkit.org/show_bug.cgi?id=191447
2023         <rdar://problem/30019476>
2024
2025         Reviewed by Joseph Pecoraro.
2026
2027         Add Security domain to hold security related protocol types.
2028
2029         * CMakeLists.txt:
2030         * DerivedSources.make:
2031         * inspector/protocol/Network.json:
2032         * inspector/protocol/Security.json: Added.
2033         * inspector/scripts/codegen/objc_generator.py:
2034         (ObjCGenerator):
2035
2036 2018-11-12  Saam barati  <sbarati@apple.com>
2037
2038         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
2039         https://bugs.webkit.org/show_bug.cgi?id=191555
2040
2041         * bytecode/UnlinkedFunctionExecutable.cpp:
2042         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2043         * bytecode/UnlinkedFunctionExecutable.h:
2044         * parser/SourceCodeKey.h:
2045         (JSC::SourceCodeKey::SourceCodeKey):
2046         (JSC::SourceCodeKey::operator== const):
2047         * runtime/CodeCache.cpp:
2048         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2049         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2050         * runtime/CodeCache.h:
2051         * runtime/FunctionConstructor.cpp:
2052         (JSC::constructFunctionSkippingEvalEnabledCheck):
2053         * runtime/FunctionExecutable.cpp:
2054         (JSC::FunctionExecutable::fromGlobalCode):
2055         * runtime/FunctionExecutable.h:
2056
2057 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
2058
2059         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
2060         https://bugs.webkit.org/show_bug.cgi?id=191492
2061
2062         Reviewed by Alex Christensen.
2063
2064         Rename file.
2065
2066         * API/JSValue.mm:
2067
2068 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
2069
2070         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
2071         https://bugs.webkit.org/show_bug.cgi?id=191492
2072
2073         Reviewed by Alex Christensen.
2074
2075         * API/JSValue.mm:
2076
2077 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
2078
2079         Unreviewed, silence -Wunused-variable warning
2080
2081         * bytecode/Opcode.h:
2082         (JSC::padOpcodeName):
2083
2084 2018-11-09  Keith Rollin  <krollin@apple.com>
2085
2086         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
2087
2088         Remove the use of .xcfilelists until their side-effects are better
2089         understood.
2090
2091         * JavaScriptCore.xcodeproj/project.pbxproj:
2092
2093 2018-11-09  Keith Miller  <keith_miller@apple.com>
2094
2095         LLInt VectorSizeOffset should be based on offset extraction
2096         https://bugs.webkit.org/show_bug.cgi?id=191468
2097
2098         Reviewed by Yusuke Suzuki.
2099
2100         This patch also adds some usings to LLIntOffsetsExtractor that
2101         make it possible to use the bare names of Vector/RefCountedArray
2102         in offsets extraction.
2103
2104         * llint/LLIntOffsetsExtractor.cpp:
2105         * llint/LowLevelInterpreter.asm:
2106
2107 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2108
2109         Unreviewed, rolling in CodeCache in r237254
2110         https://bugs.webkit.org/show_bug.cgi?id=190340
2111
2112         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
2113
2114         * bytecode/UnlinkedFunctionExecutable.cpp:
2115         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2116         * bytecode/UnlinkedFunctionExecutable.h:
2117         * parser/SourceCodeKey.h:
2118         (JSC::SourceCodeKey::SourceCodeKey):
2119         (JSC::SourceCodeKey::operator== const):
2120         * runtime/CodeCache.cpp:
2121         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2122         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2123         * runtime/CodeCache.h:
2124         * runtime/FunctionConstructor.cpp:
2125         (JSC::constructFunctionSkippingEvalEnabledCheck):
2126         * runtime/FunctionExecutable.cpp:
2127         (JSC::FunctionExecutable::fromGlobalCode):
2128         * runtime/FunctionExecutable.h:
2129
2130 2018-11-08  Keith Miller  <keith_miller@apple.com>
2131
2132         put_by_val opcodes need to add the number tag as a 64-bit register
2133         https://bugs.webkit.org/show_bug.cgi?id=191456
2134
2135         Reviewed by Saam Barati.
2136
2137         Previously the LLInt would add it as a pointer sized value. That is
2138         wrong if pointer size is less 64-bits.
2139
2140         * llint/LowLevelInterpreter64.asm:
2141
2142 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
2143
2144         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
2145         https://bugs.webkit.org/show_bug.cgi?id=191439
2146
2147         Reviewed by Saam Barati.
2148
2149         * CMakeLists.txt:
2150         * runtime/ParseInt.h:
2151         (JSC::isStrWhiteSpace):
2152         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
2153
2154 2018-11-08  Michael Saboff  <msaboff@apple.com>
2155
2156         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
2157         https://bugs.webkit.org/show_bug.cgi?id=191444
2158
2159         Reviewed by Saam Barati.
2160
2161         * runtime/Options.h:
2162
2163 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
2164
2165         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
2166         https://bugs.webkit.org/show_bug.cgi?id=191416
2167
2168         Reviewed by Saam Barati.
2169
2170         * disassembler/UDis86Disassembler.cpp:
2171         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
2172
2173 2018-11-08  Keith Rollin  <krollin@apple.com>
2174
2175         Create .xcfilelist files
2176         https://bugs.webkit.org/show_bug.cgi?id=191324
2177         <rdar://problem/45852819>
2178
2179         Reviewed by Alex Christensen.
2180
2181         As part of preparing for enabling XCBuild, create and use .xcfilelist
2182         files. These files are using during Run Script build phases in an
2183         Xcode project. If a Run Script build phase produces new files that are
2184         used later as inputs to subsequent build phases, XCBuild needs to know
2185         about these files. These files can be either specified in an "output
2186         files" section of the Run Script phase editor, or in .xcfilelist files
2187         that are associated with the Run Script build phase.
2188
2189         This patch takes the second approach. It consists of three sets of changes:
2190
2191         - Modify the DerivedSources.make files to have a
2192           'print_all_generated_files" target that produces a list of the files
2193           they create.
2194
2195         - Create a shell script that produces .xcfilelist files from the
2196           output of the previous step, as well as for the files created in the
2197           Generate Unified Sources build steps.
2198
2199         - Add the new .xcfilelist files to the associated projects.
2200
2201         Note that, with these changes, the Xcode workspace and projects can no
2202         longer be fully loaded into Xcode 9. Xcode will attempt to load the
2203         projects that have .xcfilelist files associated with them, but will
2204         fail and display a placeholder for those projects instead. It's
2205         expected that all developers are using Xcode 10 by now and that not
2206         being able to load into Xcode 9 is not a practical issue. Keep in mind
2207         that this is strictly an IDE issue, and that the projects can still be
2208         built with `xcodebuild`.
2209
2210         Also note that the shell script that creates the .xcfilelist files can
2211         also be used to verify that the set of files that's currently checked
2212         in is up-to-date. This checking can be used as part of a check-in hook
2213         or part of check-webkit-style to sooner catch cases where the
2214         .xcfilelist files need to be regenerated.
2215
2216         * DerivedSources.make:
2217         * DerivedSources.xcfilelist: Added.
2218         * JavaScriptCore.xcodeproj/project.pbxproj:
2219         * UnifiedSources.xcfilelist: Added.
2220
2221 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
2222
2223         U+180E is no longer a whitespace character
2224         https://bugs.webkit.org/show_bug.cgi?id=191415
2225
2226         Reviewed by Saam Barati.
2227
2228         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
2229         (https://github.com/tc39/ecma262/pull/300)
2230
2231         * parser/Lexer.h:
2232         (JSC::Lexer<UChar>::isWhiteSpace):
2233         * runtime/ParseInt.h:
2234         (JSC::isStrWhiteSpace):
2235         * yarr/create_regex_tables:
2236
2237 2018-11-08  Keith Miller  <keith_miller@apple.com>
2238
2239         jitEnabledByDefault() should be on useJIT not useBaselineJIT
2240         https://bugs.webkit.org/show_bug.cgi?id=191434
2241
2242         Reviewed by Saam Barati.
2243
2244         * runtime/Options.h:
2245
2246 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
2247
2248         Web Inspector: Restrict domains at the target level instead of only at the window level
2249         https://bugs.webkit.org/show_bug.cgi?id=191344
2250
2251         Reviewed by Devin Rousso.
2252
2253         * inspector/protocol/Console.json:
2254         * inspector/protocol/Debugger.json:
2255         * inspector/protocol/Heap.json:
2256         * inspector/protocol/Runtime.json:
2257         Remove workerSupported as it is now no longer necessary. It is implied
2258         by availability being empty (meaning it is supported everywhere).
2259
2260         * inspector/protocol/Inspector.json:
2261         * inspector/protocol/ScriptProfiler.json:
2262         Restrict to "javascript" and "web" debuggables, not available in workers.
2263
2264         * inspector/protocol/Worker.json:
2265         Cleanup, remove empty types list.
2266         
2267         * inspector/protocol/Recording.json:
2268         Cleanup, only expose this in the "web" domain for now.
2269
2270         * inspector/scripts/codegen/generate_js_backend_commands.py:
2271         (JSBackendCommandsGenerator.generate_domain):
2272         * inspector/scripts/codegen/models.py:
2273         (Protocol.parse_domain):
2274         Allow a list of debuggable types. Add "worker" even though it is unused
2275         since that is a type we would want to allow or consider.
2276
2277         (Domain.__init__):
2278         (Domains):
2279         Remove now unnecessary workerSupported code.
2280         Allow availability on a domain with only types.
2281
2282         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
2283         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
2284
2285 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2286
2287         Consider removing double load for accessing the MetadataTable from LLInt
2288         https://bugs.webkit.org/show_bug.cgi?id=190933
2289
2290         Reviewed by Keith Miller.
2291
2292         This patch removes double load for accesses to MetadataTable from LLInt.
2293         MetadataTable is now specially RefCounted class, which has interesting memory layout.
2294         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
2295
2296         * bytecode/CodeBlock.cpp:
2297         (JSC::CodeBlock::finishCreation):
2298         (JSC::CodeBlock::estimatedSize):
2299         (JSC::CodeBlock::visitChildren):
2300         * bytecode/CodeBlock.h:
2301         (JSC::CodeBlock::metadata):
2302         * bytecode/CodeBlockInlines.h:
2303         (JSC::CodeBlock::forEachValueProfile):
2304         (JSC::CodeBlock::forEachArrayProfile):
2305         (JSC::CodeBlock::forEachArrayAllocationProfile):
2306         (JSC::CodeBlock::forEachObjectAllocationProfile):
2307         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2308         * bytecode/MetadataTable.cpp:
2309         (JSC::MetadataTable::MetadataTable):
2310         (JSC::MetadataTable::~MetadataTable):
2311         (JSC::MetadataTable::sizeInBytes):
2312         * bytecode/MetadataTable.h:
2313         (JSC::MetadataTable::get):
2314         (JSC::MetadataTable::forEach):
2315         (JSC::MetadataTable::ref const):
2316         (JSC::MetadataTable::deref const):
2317         (JSC::MetadataTable::refCount const):
2318         (JSC::MetadataTable::hasOneRef const):
2319         (JSC::MetadataTable::buffer):
2320         (JSC::MetadataTable::linkingData const):
2321         (JSC::MetadataTable::getImpl):
2322         * bytecode/UnlinkedMetadataTable.h:
2323         (JSC::UnlinkedMetadataTable::buffer const):
2324         * bytecode/UnlinkedMetadataTableInlines.h:
2325         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2326         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2327         (JSC::UnlinkedMetadataTable::addEntry):
2328         (JSC::UnlinkedMetadataTable::sizeInBytes):
2329         (JSC::UnlinkedMetadataTable::finalize):
2330         (JSC::UnlinkedMetadataTable::link):
2331         (JSC::UnlinkedMetadataTable::unlink):
2332         * llint/LowLevelInterpreter.asm:
2333         * llint/LowLevelInterpreter32_64.asm:
2334
2335 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
2336
2337         [BigInt] Add support to BigInt into ValueAdd
2338         https://bugs.webkit.org/show_bug.cgi?id=186177
2339
2340         Reviewed by Keith Miller.
2341
2342         We are adding a very primitive specialization case of BigInts into ValueAdd.
2343         When compiling a speculated version of this node to BigInt, we are currently
2344         calling 'operationAddBigInt', a function that expects only BigInts as
2345         parameter and effectly add numbers using JSBigInt::add. To properly
2346         speculate BigInt operands, we changed ArithProfile to observe when
2347         its result is a BigInt. With this new observation, we are able to identify
2348         when ValueAdd results into a String or BigInt.
2349
2350         Here are some numbers for this specialization running
2351         microbenchmarks:
2352
2353         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
2354         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
2355
2356         * bytecode/ArithProfile.cpp:
2357         (JSC::ArithProfile::emitObserveResult):
2358         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
2359         (JSC::ArithProfile::shouldEmitSetBigInt const):
2360         (JSC::ArithProfile::emitSetNonNumeric const):
2361         (JSC::ArithProfile::emitSetBigInt const):
2362         (WTF::printInternal):
2363         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
2364         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
2365         * bytecode/ArithProfile.h:
2366         (JSC::ArithProfile::observedUnaryInt):
2367         (JSC::ArithProfile::observedUnaryNumber):
2368         (JSC::ArithProfile::observedBinaryIntInt):
2369         (JSC::ArithProfile::observedBinaryNumberInt):
2370         (JSC::ArithProfile::observedBinaryIntNumber):
2371         (JSC::ArithProfile::observedBinaryNumberNumber):
2372         (JSC::ArithProfile::didObserveNonInt32 const):
2373         (JSC::ArithProfile::didObserveNonNumeric const):
2374         (JSC::ArithProfile::didObserveBigInt const):
2375         (JSC::ArithProfile::setObservedNonNumeric):
2376         (JSC::ArithProfile::setObservedBigInt):
2377         (JSC::ArithProfile::observeResult):
2378         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
2379         (JSC::ArithProfile::setObservedNonNumber): Deleted.
2380         * dfg/DFGByteCodeParser.cpp:
2381         (JSC::DFG::ByteCodeParser::makeSafe):
2382         * dfg/DFGFixupPhase.cpp:
2383         (JSC::DFG::FixupPhase::fixupNode):
2384         * dfg/DFGNode.h:
2385         (JSC::DFG::Node::mayHaveNonNumericResult):
2386         (JSC::DFG::Node::mayHaveBigIntResult):
2387         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
2388         * dfg/DFGNodeFlags.cpp:
2389         (JSC::DFG::dumpNodeFlags):
2390         * dfg/DFGNodeFlags.h:
2391         * dfg/DFGOperations.cpp:
2392         * dfg/DFGOperations.h:
2393         * dfg/DFGPredictionPropagationPhase.cpp:
2394         * dfg/DFGSpeculativeJIT.cpp:
2395         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2396         * ftl/FTLLowerDFGToB3.cpp:
2397         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2398         * runtime/CommonSlowPaths.cpp:
2399         (JSC::updateArithProfileForUnaryArithOp):
2400         (JSC::updateArithProfileForBinaryArithOp):
2401
2402 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
2403
2404         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
2405         https://bugs.webkit.org/show_bug.cgi?id=191340
2406
2407         Reviewed by Devin Rousso.
2408
2409         * inspector/ConsoleMessage.cpp:
2410         (Inspector::messageSourceValue):
2411         Use new enum name.
2412
2413         * inspector/scripts/codegen/generator.py:
2414         Correct the casing of "JavaScript".
2415
2416 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
2417
2418         Align wide opcodes in the instruction stream
2419         https://bugs.webkit.org/show_bug.cgi?id=191254
2420
2421         Reviewed by Keith Miller.
2422
2423         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
2424         aligned on platforms that don't like unaligned memory access.
2425
2426         For that, add a new type to represent jump targets, BoundLabel, which
2427         delays computing the offset in case we need to emit nops for padding.
2428         Extra padding is also emitted before op_yield and at the of each
2429         BytecodeWriter fragment, to ensure that the bytecode remains aligned
2430         after the rewriting.
2431
2432         As a side effect, we can longer guarantee that the point immediately
2433         before emitting an opcode is the start of that opcode, since nops
2434         might be emitted in between if the opcode needs to be wide. To fix
2435         that, we only take the offset of opcodes after they have been emitted,
2436         using `m_lastInstruction.offset()`.
2437
2438         * bytecode/BytecodeDumper.h:
2439         (JSC::BytecodeDumper::dumpValue):
2440         * bytecode/BytecodeGeneratorification.cpp:
2441         (JSC::BytecodeGeneratorification::run):
2442         * bytecode/BytecodeList.rb:
2443         * bytecode/BytecodeRewriter.h:
2444         (JSC::BytecodeRewriter::Fragment::align):
2445         (JSC::BytecodeRewriter::insertFragmentBefore):
2446         (JSC::BytecodeRewriter::insertFragmentAfter):
2447         * bytecode/Fits.h:
2448         * bytecode/InstructionStream.h:
2449         (JSC::InstructionStreamWriter::ref):
2450         * bytecode/PreciseJumpTargetsInlines.h:
2451         (JSC::updateStoredJumpTargetsForInstruction):
2452         * bytecompiler/BytecodeGenerator.cpp:
2453         (JSC::Label::setLocation):
2454         (JSC::BoundLabel::target):
2455         (JSC::BoundLabel::saveTarget):
2456         (JSC::BoundLabel::commitTarget):
2457         (JSC::BytecodeGenerator::generate):
2458         (JSC::BytecodeGenerator::recordOpcode):
2459         (JSC::BytecodeGenerator::alignWideOpcode):
2460         (JSC::BytecodeGenerator::emitProfileControlFlow):
2461         (JSC::BytecodeGenerator::emitResolveScope):
2462         (JSC::BytecodeGenerator::emitGetFromScope):
2463         (JSC::BytecodeGenerator::emitPutToScope):
2464         (JSC::BytecodeGenerator::emitGetById):
2465         (JSC::BytecodeGenerator::emitDirectGetById):
2466         (JSC::BytecodeGenerator::emitPutById):
2467         (JSC::BytecodeGenerator::emitDirectPutById):
2468         (JSC::BytecodeGenerator::emitGetByVal):
2469         (JSC::BytecodeGenerator::emitCreateThis):
2470         (JSC::BytecodeGenerator::beginSwitch):
2471         (JSC::BytecodeGenerator::endSwitch):
2472         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2473         (JSC::BytecodeGenerator::emitYieldPoint):
2474         (JSC::BytecodeGenerator::emitToThis):
2475         (JSC::Label::bind): Deleted.
2476         * bytecompiler/BytecodeGenerator.h:
2477         (JSC::BytecodeGenerator::recordOpcode): Deleted.
2478         * bytecompiler/Label.h:
2479         (JSC::BoundLabel::BoundLabel):
2480         (JSC::BoundLabel::operator int):
2481         (JSC::Label::bind):
2482         * generator/Opcode.rb:
2483
2484 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
2485
2486         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
2487         https://bugs.webkit.org/show_bug.cgi?id=191184
2488
2489         Reviewed by Saam Barati.
2490
2491         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
2492
2493         * API/tests/PingPongStackOverflowTest.cpp:
2494         (testPingPongStackOverflow):
2495
2496 2018-11-06  Justin Fan  <justin_fan@apple.com>
2497
2498         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
2499         https://bugs.webkit.org/show_bug.cgi?id=191291
2500
2501         Reviewed by Myles Maxfield.
2502
2503         Properly disable WEBGPU on all non-Metal platforms for now.
2504
2505         * Configurations/FeatureDefines.xcconfig:
2506
2507 2018-11-06  Keith Rollin  <krollin@apple.com>
2508
2509         Adjust handling of Include paths that need quoting
2510         https://bugs.webkit.org/show_bug.cgi?id=191314
2511         <rdar://problem/45849143>
2512
2513         Reviewed by Dan Bernstein.
2514
2515         There are several places in the JavaScriptCore Xcode project where the
2516         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
2517         definitions look like:
2518
2519             HEADER_SEARCH_PATHS = (
2520                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
2521                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
2522                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
2523                 "$(inherited)",
2524             );
2525
2526         The idea here is presumably to have the resulting $(CPP) command have
2527         -I options where the associated paths are themselves quoted,
2528         protecting against space characters in the paths.
2529
2530         This approach to quote management can break under Xcode 9. If
2531         .xcfilelist files are added to the project, the 'objectVersion' value
2532         in the Xcode project file is changed from 46 to 51. If a project with
2533         objectVersion=51 is presented to Xcode 9 (as can happen when we build
2534         for older OS's), it produces build lines where the quotes are escaped,
2535         thereby becoming part of the path. The build then fails because a
2536         search for a file normally found in a directory called "Foo" will be
2537         looked for in "\"Foo\"", which doesn't exist.
2538
2539         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
2540         definition doesn't work, leading to paths that need quoting due to
2541         space characters but that don't get this quoting (the part of the path
2542         after the space appears to simply go missing).
2543
2544         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
2545         the definitions to the .xcconfig fixes this problem.
2546
2547         * Configurations/ToolExecutable.xcconfig:
2548         * JavaScriptCore.xcodeproj/project.pbxproj:
2549
2550 2018-11-06  Michael Saboff  <msaboff@apple.com>
2551
2552         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
2553         https://bugs.webkit.org/show_bug.cgi?id=191271
2554
2555         Reviewed by Saam Barati.
2556
2557         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
2558         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
2559         exception bubbling for String.match() with a global RegExp as well as String.replace()
2560         and String.search().
2561
2562         * runtime/RegExpObjectInlines.h:
2563         (JSC::RegExpObject::matchInline):
2564         (JSC::collectMatches):
2565         * runtime/RegExpPrototype.cpp:
2566         (JSC::regExpProtoFuncSearchFast):
2567         * runtime/StringPrototype.cpp:
2568         (JSC::removeUsingRegExpSearch):
2569         (JSC::replaceUsingRegExpSearch):
2570
2571 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
2572
2573         Fix typos in closing ENABLE guards
2574         https://bugs.webkit.org/show_bug.cgi?id=191273
2575
2576         Reviewed by Keith Miller.
2577
2578         * ftl/FTLForOSREntryJITCode.h:
2579         * ftl/FTLJITCode.h:
2580         * jsc.cpp:
2581         * wasm/WasmMemoryInformation.h:
2582         * wasm/WasmPageCount.h:
2583
2584 2018-11-05  Keith Miller  <keith_miller@apple.com>
2585
2586         Make static_asserts in APICast into bitwise_cast
2587         https://bugs.webkit.org/show_bug.cgi?id=191272
2588
2589         Reviewed by Filip Pizlo.
2590
2591         * API/APICast.h:
2592         (toJS):
2593         (toJSForGC):
2594         (toRef):
2595
2596 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
2597
2598         Enable LLInt on ARMv7/Linux
2599         https://bugs.webkit.org/show_bug.cgi?id=191190
2600
2601         Reviewed by Yusuke Suzuki.
2602
2603         After enabling the new bytecode format in r237547, C_LOOP was
2604         forced on all 32-bit platforms. Now enable LLInt again on
2605         ARMv7-Thumb2/Linux.
2606
2607         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
2608         stores/restores it on LLInt function calls. It also introduces the globaladdr-
2609         instruction for the ARM-offlineasm to access the opcode-table.
2610
2611         * jit/GPRInfo.h:
2612         * jit/RegisterSet.cpp:
2613         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2614         * llint/LowLevelInterpreter.asm:
2615         * llint/LowLevelInterpreter32_64.asm:
2616         * offlineasm/arm.rb:
2617         * offlineasm/asm.rb:
2618         * offlineasm/instructions.rb:
2619
2620 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
2621
2622         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
2623         https://bugs.webkit.org/show_bug.cgi?id=191146
2624
2625         Reviewed by Yusuke Suzuki.
2626
2627         * jit/JIT.h: Changed is64BitType from a template class method to a
2628         template inner class.
2629
2630 2018-11-02  Keith Miller  <keith_miller@apple.com>
2631
2632         Assert JSValues can fit into a pointer when API casting
2633         https://bugs.webkit.org/show_bug.cgi?id=191220
2634
2635         Reviewed by Michael Saboff.
2636
2637         * API/APICast.h:
2638         (toJS):
2639         (toJSForGC):
2640         (toRef):
2641
2642 2018-11-02  Michael Saboff  <msaboff@apple.com>
2643
2644         Rolling in r237753 with unreviewed build fix.
2645
2646         Fixed issues with DECLARE_THROW_SCOPE placement.
2647
2648 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
2649
2650         Unreviewed, rolling out r237753.
2651
2652         Introduced JSC test failures
2653
2654         Reverted changeset:
2655
2656         "Running out of stack space not properly handled in
2657         RegExp::compile() and its callers"
2658         https://bugs.webkit.org/show_bug.cgi?id=191206
2659         https://trac.webkit.org/changeset/237753
2660
2661 2018-11-02  Michael Saboff  <msaboff@apple.com>
2662
2663         Running out of stack space not properly handled in RegExp::compile() and its callers
2664         https://bugs.webkit.org/show_bug.cgi?id=191206
2665
2666         Reviewed by Filip Pizlo.
2667
2668         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
2669         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
2670         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
2671
2672         * runtime/RegExp.cpp:
2673         (JSC::RegExp::compile):
2674         (JSC::RegExp::compileMatchOnly):
2675         * runtime/RegExp.h:
2676         * runtime/RegExpInlines.h:
2677         (JSC::RegExp::compileIfNecessary):
2678         (JSC::RegExp::matchInline):
2679         (JSC::RegExp::compileIfNecessaryMatchOnly):
2680         * runtime/RegExpObjectInlines.h:
2681         (JSC::RegExpObject::execInline):
2682         * yarr/YarrErrorCode.h:
2683         (JSC::Yarr::hasHardError):
2684
2685 2018-11-02  Keith Miller  <keith_miller@apple.com>
2686
2687         API should use wrapper object if address is 32-bit
2688         https://bugs.webkit.org/show_bug.cgi?id=191203
2689
2690         Reviewed by Filip Pizlo.
2691
2692         * API/APICast.h:
2693         (toJS):
2694         (toJSForGC):
2695         (toRef):
2696
2697 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
2698
2699         Metadata should not be copyable
2700         https://bugs.webkit.org/show_bug.cgi?id=191193
2701
2702         Reviewed by Keith Miller.
2703
2704         We should only ever hold references to the entry in the metadata table.
2705
2706         * bytecode/CodeBlock.cpp:
2707         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2708         * dfg/DFGByteCodeParser.cpp:
2709         (JSC::DFG::ByteCodeParser::parseBlock):
2710         * generator/Metadata.rb:
2711
2712 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
2713
2714         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
2715         https://bugs.webkit.org/show_bug.cgi?id=191175
2716
2717         Reviewed by Keith Miller.
2718
2719         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
2720
2721         * jit/JITExceptions.cpp:
2722         (JSC::genericUnwind):
2723         * llint/LLIntData.h:
2724         (JSC::LLInt::getWideCodePtr):
2725
2726 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
2727
2728         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
2729         https://bugs.webkit.org/show_bug.cgi?id=189693
2730
2731         Reviewed by Yusuke Suzuki.
2732
2733         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
2734         * API/JSStringRef.cpp: Ditto.
2735         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
2736         * wasm/WasmParser.h: Ditto.
2737
2738 2018-11-01  Keith Miller  <keith_miller@apple.com>
2739
2740         Unreviewed, JavaScriptCore should only guarantee to produce a
2741         modulemap if we are building for iOSMac.
2742
2743         * Configurations/JavaScriptCore.xcconfig:
2744
2745 2018-10-31  Devin Rousso  <drousso@apple.com>
2746
2747         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
2748         https://bugs.webkit.org/show_bug.cgi?id=190856
2749
2750         Reviewed by Brian Burg.
2751
2752         * inspector/protocol/Canvas.json:
2753         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
2754         immediately after a context is created.
2755
2756         * inspector/protocol/Recording.json:
2757         Add `creation` value for `Initiator` enum.
2758
2759 2018-10-31  Devin Rousso  <drousso@apple.com>
2760
2761         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
2762         https://bugs.webkit.org/show_bug.cgi?id=190641
2763         <rdar://problem/45319049>
2764
2765         Reviewed by Joseph Pecoraro.
2766
2767         * inspector/protocol/DOM.json:
2768         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
2769         whether a video element's low power state has changed.
2770
2771 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
2772
2773         Adjust inlining threshold for new bytecode format
2774         https://bugs.webkit.org/show_bug.cgi?id=191115
2775
2776         Reviewed by Saam Barati.
2777
2778         The new format reduced the number of operands for many opcodes, which
2779         changed inlining decisions and impacted performance negatively.
2780
2781         * runtime/Options.h:
2782
2783 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
2784
2785         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
2786         https://bugs.webkit.org/show_bug.cgi?id=191108
2787         <rdar://problem/45690700>
2788
2789         Reviewed by Saam Barati.
2790
2791         When linking the handler, we need to check whether the target op_catch is
2792         wide or narrow in order to chose the right code pointer for the handler.
2793
2794         * bytecode/CodeBlock.cpp:
2795         (JSC::CodeBlock::finishCreation):
2796
2797 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
2798
2799         Align entries in metadata table
2800         https://bugs.webkit.org/show_bug.cgi?id=191062
2801
2802         Reviewed by Filip Pizlo.
2803
2804         Entries in the metadata table need to be aligned on some 32-bit
2805         architectures.
2806
2807         * bytecode/MetadataTable.h:
2808         (JSC::MetadataTable::forEach):
2809         * bytecode/Opcode.cpp:
2810         (JSC::metadataAlignment):
2811         * bytecode/Opcode.h:
2812         * bytecode/UnlinkedMetadataTableInlines.h:
2813         (JSC::UnlinkedMetadataTable::finalize):
2814         * generator/Section.rb:
2815
2816 2018-10-31  Jim Mason  <jmason@ibinx.com>
2817
2818         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
2819         https://bugs.webkit.org/show_bug.cgi?id=191063
2820
2821         Reviewed by Yusuke Suzuki.
2822
2823         * wasm/WasmFaultSignalHandler.cpp:
2824
2825 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2826
2827         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
2828         https://bugs.webkit.org/show_bug.cgi?id=191092
2829
2830         Reviewed by Saam Barati.
2831
2832         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
2833         following things to tighten LLInt ASM code.
2834
2835         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
2836         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
2837         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
2838         a power of two, we convert it to lshift instruction.
2839
2840         * llint/LowLevelInterpreter32_64.asm:
2841         * llint/LowLevelInterpreter64.asm:
2842         * offlineasm/arm64.rb:
2843         * offlineasm/instructions.rb:
2844         * offlineasm/x86.rb:
2845
2846 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
2847
2848         [PlayStation] Enable JavaScriptCore
2849         https://bugs.webkit.org/show_bug.cgi?id=191072
2850
2851         Reviewed by Brent Fulgham.
2852
2853         Add platform files for the PlayStation port.
2854
2855         * PlatformPlayStation.cmake: Added.
2856
2857 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
2858
2859         Clean up some obsolete MAX_ALLOWED macros
2860         https://bugs.webkit.org/show_bug.cgi?id=190916
2861
2862         Reviewed by Tim Horton.
2863
2864         * API/JSManagedValue.mm:
2865         * API/JSVirtualMachine.mm:
2866         * API/JSWrapperMap.mm:
2867
2868 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
2869
2870         useProbeOSRExit causes failures for Win64 DFG JIT
2871         https://bugs.webkit.org/show_bug.cgi?id=190656
2872
2873         Reviewed by Keith Miller.
2874
2875         * assembler/ProbeContext.cpp:
2876         (JSC::Probe::executeProbe):
2877         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
2878         then let's just call lowWatermarkFromVisitingDirtyPages instead.
2879
2880         * dfg/DFGOSRExit.cpp:
2881         (JSC::DFG::OSRExit::executeOSRExit):
2882         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
2883         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
2884         (Also, stop redundantly setting the stack pointer twice in a row.)
2885
2886 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2887
2888         "Unreviewed, partial rolling in r237254"
2889         https://bugs.webkit.org/show_bug.cgi?id=190340
2890
2891         This only adds Parser.{cpp,h}. And it is not used in this patch.
2892         It examines that the regression is related to exact Parser changes.
2893
2894         * parser/Parser.cpp:
2895         (JSC::Parser<LexerType>::parseInner):
2896         (JSC::Parser<LexerType>::parseSingleFunction):
2897         (JSC::Parser<LexerType>::parseFunctionInfo):
2898         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2899         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
2900         * parser/Parser.h:
2901         (JSC::Parser<LexerType>::parse):
2902         (JSC::parse):
2903         (JSC::parseFunctionForFunctionConstructor):
2904
2905 2018-10-29  Mark Lam  <mark.lam@apple.com>
2906
2907         Correctly detect string overflow when using the 'Function' constructor.
2908         https://bugs.webkit.org/show_bug.cgi?id=184883
2909         <rdar://problem/36320331>
2910
2911         Reviewed by Saam Barati.
2912
2913         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
2914         we detect an overflow.
2915
2916         * runtime/FunctionConstructor.cpp:
2917         (JSC::constructFunctionSkippingEvalEnabledCheck):
2918         * runtime/JSGlobalObjectFunctions.cpp:
2919         (JSC::encode):
2920         (JSC::decode):
2921         * runtime/JSONObject.cpp:
2922         (JSC::Stringifier::stringify):
2923         (JSC::Stringifier::appendStringifiedValue):
2924
2925 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2926
2927         Unreviewed, fix JSC on arm64e after r237547
2928         https://bugs.webkit.org/show_bug.cgi?id=187373
2929
2930         Unreviewed.
2931
2932         Remove unused move guarded by POINTER_PROFILING that was trashing the
2933         metadata on arm64e.
2934
2935         * llint/LowLevelInterpreter64.asm:
2936
2937 2018-10-29  Keith Miller  <keith_miller@apple.com>
2938
2939         JSC should explicitly list its modulemap file
2940         https://bugs.webkit.org/show_bug.cgi?id=191032
2941
2942         Reviewed by Saam Barati.
2943
2944         The automagically generated module map file for JSC will
2945         include headers where they may not work out of the box.
2946         This patch makes it so we now export the same modulemap
2947         that used to be provided via the legacy system.
2948
2949         * Configurations/JavaScriptCore.xcconfig:
2950         * JavaScriptCore.modulemap: Added.
2951         * JavaScriptCore.xcodeproj/project.pbxproj:
2952
2953 2018-10-29  Tim Horton  <timothy_horton@apple.com>
2954
2955         Modernize WebKit nibs and lprojs for localization's sake
2956         https://bugs.webkit.org/show_bug.cgi?id=190911
2957         <rdar://problem/45349466>
2958
2959         Reviewed by Dan Bernstein.
2960
2961         * JavaScriptCore.xcodeproj/project.pbxproj:
2962         English->en
2963
2964 2018-10-29  Commit Queue  <commit-queue@webkit.org>
2965
2966         Unreviewed, rolling out r237492.
2967         https://bugs.webkit.org/show_bug.cgi?id=191035
2968
2969         "It regresses JetStream 2 by 5% on some iOS devices"
2970         (Requested by saamyjoon on #webkit).
2971
2972         Reverted changeset:
2973
2974         "Unreviewed, partial rolling in r237254"
2975         https://bugs.webkit.org/show_bug.cgi?id=190340
2976         https://trac.webkit.org/changeset/237492
2977
2978 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2979
2980         Add support for GetStack FlushedDouble
2981         https://bugs.webkit.org/show_bug.cgi?id=191012
2982         <rdar://problem/45265141>
2983
2984         Reviewed by Saam Barati.
2985
2986         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
2987         for doubles, but it turns out it may arise from the PutStack sinking
2988         phase: if we sink a PutStack into a successor block, other predecessors
2989         will emit a GetStack followed by a Upsilon.
2990
2991         * ftl/FTLLowerDFGToB3.cpp:
2992         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
2993
2994 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2995
2996         New bytecode format for JSC
2997         https://bugs.webkit.org/show_bug.cgi?id=187373
2998         <rdar://problem/44186758>
2999
3000         Reviewed by Filip Pizlo.
3001
3002         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
3003         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
3004         operands) and might contain an extra operand, the metadataID. The metadataID is used to
3005         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
3006
3007         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
3008         and types to all its operands. Additionally, reading a bytecode from the instruction stream
3009         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
3010         operands directly from the stream.
3011
3012
3013         * CMakeLists.txt:
3014         * DerivedSources.make:
3015         * JavaScriptCore.xcodeproj/project.pbxproj:
3016         * Sources.txt:
3017         * assembler/MacroAssemblerCodeRef.h:
3018         (JSC::ReturnAddressPtr::ReturnAddressPtr):
3019         (JSC::ReturnAddressPtr::value const):
3020         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
3021         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
3022         * bytecode/ArithProfile.h:
3023         (JSC::ArithProfile::ArithProfile):
3024         * bytecode/ArrayAllocationProfile.h:
3025         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
3026         * bytecode/ArrayProfile.h:
3027         * bytecode/BytecodeBasicBlock.cpp:
3028         (JSC::isJumpTarget):
3029         (JSC::BytecodeBasicBlock::computeImpl):
3030         (JSC::BytecodeBasicBlock::compute):
3031         * bytecode/BytecodeBasicBlock.h:
3032         (JSC::BytecodeBasicBlock::leaderOffset const):
3033         (JSC::BytecodeBasicBlock::totalLength const):
3034         (JSC::BytecodeBasicBlock::offsets const):
3035         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
3036         (JSC::BytecodeBasicBlock::addLength):
3037         * bytecode/BytecodeDumper.cpp:
3038         (JSC::BytecodeDumper<Block>::printLocationAndOp):
3039         (JSC::BytecodeDumper<Block>::dumpBytecode):
3040         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
3041         (JSC::BytecodeDumper<Block>::dumpConstants):
3042         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
3043         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
3044         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
3045         (JSC::BytecodeDumper<Block>::dumpBlock):
3046         * bytecode/BytecodeDumper.h:
3047         (JSC::BytecodeDumper::dumpOperand):
3048         (JSC::BytecodeDumper::dumpValue):
3049         (JSC::BytecodeDumper::BytecodeDumper):
3050         (JSC::BytecodeDumper::block const):
3051         * bytecode/BytecodeGeneratorification.cpp:
3052         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
3053         (JSC::BytecodeGeneratorification::enterPoint const):
3054         (JSC::BytecodeGeneratorification::instructions const):
3055         (JSC::GeneratorLivenessAnalysis::run):
3056         (JSC::BytecodeGeneratorification::run):
3057         (JSC::performGeneratorification):
3058         * bytecode/BytecodeGeneratorification.h:
3059         * bytecode/BytecodeGraph.h:
3060         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
3061         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
3062         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
3063         (JSC::BytecodeGraph::BytecodeGraph):
3064         * bytecode/BytecodeKills.h:
3065         * bytecode/BytecodeList.json: Removed.
3066         * bytecode/BytecodeList.rb: Added.
3067         * bytecode/BytecodeLivenessAnalysis.cpp:
3068         (JSC::BytecodeLivenessAnalysis::dumpResults):
3069         * bytecode/BytecodeLivenessAnalysis.h:
3070         * bytecode/BytecodeLivenessAnalysisInlines.h:
3071         (JSC::isValidRegisterForLiveness):
3072         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
3073         * bytecode/BytecodeRewriter.cpp:
3074         (JSC::BytecodeRewriter::applyModification):
3075         (JSC::BytecodeRewriter::execute):
3076         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
3077         (JSC::BytecodeRewriter::insertImpl):
3078         (JSC::BytecodeRewriter::adjustJumpTarget):
3079         (JSC::BytecodeRewriter::adjustJumpTargets):
3080         * bytecode/BytecodeRewriter.h:
3081         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
3082         (JSC::BytecodeRewriter::Fragment::Fragment):
3083         (JSC::BytecodeRewriter::Fragment::appendInstruction):
3084         (JSC::BytecodeRewriter::BytecodeRewriter):
3085         (JSC::BytecodeRewriter::insertFragmentBefore):
3086         (JSC::BytecodeRewriter::insertFragmentAfter):
3087         (JSC::BytecodeRewriter::removeBytecode):
3088         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
3089         (JSC::BytecodeRewriter::adjustJumpTarget):
3090         * bytecode/BytecodeUseDef.h:
3091         (JSC::computeUsesForBytecodeOffset):
3092         (JSC::computeDefsForBytecodeOffset):
3093         * bytecode/CallLinkStatus.cpp:
3094         (JSC::CallLinkStatus::computeFromLLInt):
3095         * bytecode/CodeBlock.cpp:
3096         (JSC::CodeBlock::dumpBytecode):
3097         (JSC::CodeBlock::CodeBlock):
3098         (JSC::CodeBlock::finishCreation):
3099         (JSC::CodeBlock::estimatedSize):
3100         (JSC::CodeBlock::visitChildren):
3101         (JSC::CodeBlock::propagateTransitions):
3102         (JSC::CodeBlock::finalizeLLIntInlineCaches):
3103         (JSC::CodeBlock::addJITAddIC):
3104         (JSC::CodeBlock::addJITMulIC):
3105         (JSC::CodeBlock::addJITSubIC):
3106         (JSC::CodeBlock::addJITNegIC):
3107         (JSC::CodeBlock::stronglyVisitStrongReferences):
3108         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
3109         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
3110         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
3111         (JSC::CodeBlock::getArrayProfile):
3112         (JSC::CodeBlock::updateAllArrayPredictions):
3113         (JSC::CodeBlock::predictedMachineCodeSize):
3114         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
3115         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
3116         (JSC::CodeBlock::valueProfileForBytecodeOffset):
3117         (JSC::CodeBlock::validate):
3118         (JSC::CodeBlock::outOfLineJumpOffset):
3119         (JSC::CodeBlock::outOfLineJumpTarget):
3120         (JSC::CodeBlock::arithProfileForBytecodeOffset):
3121         (JSC::CodeBlock::arithProfileForPC):
3122         (JSC::CodeBlock::couldTakeSpecialFastCase):
3123         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
3124         * bytecode/CodeBlock.h:
3125         (JSC::CodeBlock::addMathIC):
3126         (JSC::CodeBlock::outOfLineJumpOffset):
3127         (JSC::CodeBlock::bytecodeOffset):
3128         (JSC::CodeBlock::instructions const):
3129         (JSC::CodeBlock::instructionCount const):
3130         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
3131         (JSC::CodeBlock::metadata):
3132         (JSC::CodeBlock::metadataSizeInBytes):
3133         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
3134         (JSC::CodeBlock::totalNumberOfValueProfiles):
3135         * bytecode/CodeBlockInlines.h: Added.
3136         (JSC::CodeBlock::forEachValueProfile):
3137         (JSC::CodeBlock::forEachArrayProfile):
3138         (JSC::CodeBlock::forEachArrayAllocationProfile):
3139         (JSC::CodeBlock::forEachObjectAllocationProfile):
3140         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
3141         * bytecode/Fits.h: Added.
3142         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
3143         * bytecode/GetByIdStatus.cpp:
3144         (JSC::GetByIdStatus::computeFromLLInt):
3145         * bytecode/Instruction.h:
3146         (JSC::Instruction::Instruction):
3147         (JSC::Instruction::Impl::opcodeID const):
3148         (JSC::Instruction::opcodeID const):
3149         (JSC::Instruction::name const):
3150         (JSC::Instruction::isWide const):
3151         (JSC::Instruction::size const):
3152         (JSC::Instruction::is const):
3153         (JSC::Instruction::as const):
3154         (JSC::Instruction::cast):
3155         (JSC::Instruction::cast const):
3156         (JSC::Instruction::narrow const):
3157         (JSC::Instruction::wide const):
3158         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3159         (JSC::InstructionStream::InstructionStream):
3160         (JSC::InstructionStream::sizeInBytes const):
3161         * bytecode/InstructionStream.h: Added.
3162         (JSC::InstructionStream::BaseRef::BaseRef):
3163         (JSC::InstructionStream::BaseRef::operator=):
3164         (JSC::InstructionStream::BaseRef::operator-> const):
3165         (JSC::InstructionStream::BaseRef::ptr const):
3166         (JSC::InstructionStream::BaseRef::operator!= const):
3167         (JSC::InstructionStream::BaseRef::next const):
3168         (JSC::InstructionStream::BaseRef::offset const):
3169         (JSC::InstructionStream::BaseRef::isValid const):
3170         (JSC::InstructionStream::BaseRef::unwrap const):
3171         (JSC::InstructionStream::MutableRef::freeze const):
3172         (JSC::InstructionStream::MutableRef::operator->):
3173         (JSC::InstructionStream::MutableRef::ptr):
3174         (JSC::InstructionStream::MutableRef::operator Ref):
3175         (JSC::InstructionStream::MutableRef::unwrap):
3176         (JSC::InstructionStream::iterator::operator*):
3177         (JSC::InstructionStream::iterator::operator++):
3178         (JSC::InstructionStream::begin const):
3179         (JSC::InstructionStream::end const):
3180         (JSC::InstructionStream::at const):
3181         (JSC::InstructionStream::size const):
3182         (JSC::InstructionStreamWriter::InstructionStreamWriter):
3183         (JSC::InstructionStreamWriter::ref):
3184         (JSC::InstructionStreamWriter::seek):
3185         (JSC::InstructionStreamWriter::position):
3186         (JSC::InstructionStreamWriter::write):
3187         (JSC::InstructionStreamWriter::rewind):
3188         (JSC::InstructionStreamWriter::finalize):
3189         (JSC::InstructionStreamWriter::swap):
3190         (JSC::InstructionStreamWriter::iterator::operator*):
3191         (JSC::InstructionStreamWriter::iterator::operator++):
3192         (JSC::InstructionStreamWriter::begin):
3193         (JSC::InstructionStreamWriter::end):
3194         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
3195         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
3196         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
3197         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
3198         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
3199         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3200         (JSC::MetadataTable::MetadataTable):
3201         (JSC::DeallocTable::withOpcodeType):
3202         (JSC::MetadataTable::~MetadataTable):
3203         (JSC::MetadataTable::sizeInBytes):
3204         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
3205         (JSC::MetadataTable::get):
3206         (JSC::MetadataTable::forEach):
3207         (JSC::MetadataTable::getImpl):
3208         * bytecode/Opcode.cpp:
3209         (JSC::metadataSize):
3210         * bytecode/Opcode.h:
3211         (JSC::padOpcodeName):
3212         * bytecode/OpcodeInlines.h:
3213         (JSC::isOpcodeShape):
3214         (JSC::getOpcodeType):
3215         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3216         * bytecode/PreciseJumpTargets.cpp:
3217         (JSC::getJumpTargetsForInstruction):
3218         (JSC::computePreciseJumpTargetsInternal):
3219         (JSC::computePreciseJumpTargets):
3220         (JSC::recomputePreciseJumpTargets):
3221         (JSC::findJumpTargetsForInstruction):
3222         * bytecode/PreciseJumpTargets.h:
3223         * bytecode/PreciseJumpTargetsInlines.h:
3224         (JSC::jumpTargetForInstruction):
3225         (JSC::extractStoredJumpTargetsForInstruction):
3226         (JSC::updateStoredJumpTargetsForInstruction):
3227         * bytecode/PutByIdStatus.cpp:
3228         (JSC::PutByIdStatus::computeFromLLInt):
3229         * bytecode/SpecialPointer.cpp:
3230         (WTF::printInternal):
3231         * bytecode/SpecialPointer.h:
3232         * bytecode/UnlinkedCodeBlock.cpp:
3233         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
3234         (JSC::UnlinkedCodeBlock::visitChildren):
3235         (JSC::UnlinkedCodeBlock::estimatedSize):
3236         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
3237         (JSC::dumpLineColumnEntry):
3238         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
3239         (JSC::UnlinkedCodeBlock::setInstructions):
3240         (JSC::UnlinkedCodeBlock::instructions const):
3241         (JSC::UnlinkedCodeBlock::applyModification):
3242         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
3243         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
3244         * bytecode/UnlinkedCodeBlock.h:
3245         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
3246         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
3247         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3248         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
3249         (JSC::UnlinkedCodeBlock::metadata):
3250         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
3251         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
3252         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
3253         * bytecode/UnlinkedInstructionStream.cpp: Removed.
3254         * bytecode/UnlinkedInstructionStream.h: Removed.
3255         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
3256         * bytecode/UnlinkedMetadataTableInlines.h: Added.
3257         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
3258         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
3259         (JSC::UnlinkedMetadataTable::addEntry):
3260         (JSC::UnlinkedMetadataTable::sizeInBytes):
3261         (JSC::UnlinkedMetadataTable::finalize):
3262         (JSC::UnlinkedMetadataTable::link):
3263         (JSC::UnlinkedMetadataTable::unlink):
3264         * bytecode/VirtualRegister.cpp:
3265         (JSC::VirtualRegister::VirtualRegister):
3266         * bytecode/VirtualRegister.h:
3267         * bytecompiler/BytecodeGenerator.cpp:
3268         (JSC::Label::setLocation):
3269         (JSC::Label::bind):
3270         (JSC::BytecodeGenerator::generate):
3271         (JSC::BytecodeGenerator::BytecodeGenerator):
3272         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
3273         (JSC::BytecodeGenerator::emitEnter):
3274         (JSC::BytecodeGenerator::emitLoopHint):
3275         (JSC::BytecodeGenerator::emitJump):
3276         (JSC::BytecodeGenerator::emitCheckTraps):
3277         (JSC::BytecodeGenerator::rewind):
3278         (JSC::BytecodeGenerator::fuseCompareAndJump):
3279         (JSC::BytecodeGenerator::fuseTestAndJmp):
3280         (JSC::BytecodeGenerator::emitJumpIfTrue):
3281         (JSC::BytecodeGenerator::emitJumpIfFalse):
3282         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
3283         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
3284         (JSC::BytecodeGenerator::moveLinkTimeConstant):
3285         (JSC::BytecodeGenerator::moveEmptyValue):
3286         (JSC::BytecodeGenerator::emitMove):
3287         (JSC::BytecodeGenerator::emitUnaryOp):
3288         (JSC::BytecodeGenerator::emitBinaryOp):
3289         (JSC::BytecodeGenerator::emitToObject):
3290         (JSC::BytecodeGenerator::emitToNumber):
3291         (JSC::BytecodeGenerator::emitToString):
3292         (JSC::BytecodeGenerator::emitTypeOf):
3293         (JSC::BytecodeGenerator::emitInc):
3294         (JSC::BytecodeGenerator::emitDec):
3295         (JSC::BytecodeGenerator::emitEqualityOp):
3296         (JSC::BytecodeGenerator::emitProfileType):
3297         (JSC::BytecodeGenerator::emitProfileControlFlow):
3298         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3299         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
3300         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3301         (JSC::BytecodeGenerator::emitOverridesHasInstance):
3302         (JSC::BytecodeGenerator::emitResolveScope):
3303         (JSC::BytecodeGenerator::emitGetFromScope):
3304         (JSC::BytecodeGenerator::emitPutToScope):
3305         (JSC::BytecodeGenerator::emitInstanceOf):
3306         (JSC::BytecodeGenerator::emitInstanceOfCustom):
3307         (JSC::BytecodeGenerator::emitInByVal):
3308         (JSC::BytecodeGenerator::emitInById):
3309         (JSC::BytecodeGenerator::emitTryGetById):
3310         (JSC::BytecodeGenerator::emitGetById):
3311         (JSC::BytecodeGenerator::emitDirectGetById):
3312         (JSC::BytecodeGenerator::emitPutById):
3313         (JSC::BytecodeGenerator::emitDirectPutById):
3314         (JSC::BytecodeGenerator::emitPutGetterById):
3315         (JSC::BytecodeGenerator::emitPutSetterById):
3316         (JSC::BytecodeGenerator::emitPutGetterSetter):
3317         (JSC::BytecodeGenerator::emitPutGetterByVal):
3318         (JSC::BytecodeGenerator::emitPutSetterByVal):
3319         (JSC::BytecodeGenerator::emitDeleteById):
3320         (JSC::BytecodeGenerator::emitGetByVal):
3321         (JSC::BytecodeGenerator::emitPutByVal):
3322         (JSC::BytecodeGenerator::emitDirectPutByVal):
3323         (JSC::BytecodeGenerator::emitDeleteByVal):
3324         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
3325         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
3326         (JSC::BytecodeGenerator::emitIdWithProfile):
3327         (JSC::BytecodeGenerator::emitUnreachable):
3328         (JSC::BytecodeGenerator::emitGetArgument):
3329         (JSC::BytecodeGenerator::emitCreateThis):
3330         (JSC::BytecodeGenerator::emitTDZCheck):
3331         (JSC::BytecodeGenerator::emitNewObject):
3332         (JSC::BytecodeGenerator::emitNewArrayBuffer):
3333         (JSC::BytecodeGenerator::emitNewArray):
3334         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
3335         (JSC::BytecodeGenerator::emitNewArrayWithSize):
3336         (JSC::BytecodeGenerator::emitNewRegExp):
3337         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
3338         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
3339         (JSC::BytecodeGenerator::emitNewFunction):
3340         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
3341         (JSC::BytecodeGenerator::emitCall):
3342         (JSC::BytecodeGenerator::emitCallInTailPosition):
3343         (JSC::BytecodeGenerator::emitCallEval):
3344         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
3345         (JSC::BytecodeGenerator::emitCallVarargs):
3346         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
3347         (JSC::BytecodeGenerator::emitConstructVarargs):
3348         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
3349         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
3350         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
3351         (JSC::BytecodeGenerator::emitCallDefineProperty):
3352         (JSC::BytecodeGenerator::emitReturn):
3353         (JSC::BytecodeGenerator::emitEnd):
3354         (JSC::BytecodeGenerator::emitConstruct):
3355         (JSC::BytecodeGenerator::emitStrcat):
3356         (JSC::BytecodeGenerator::emitToPrimitive):
3357         (JSC::BytecodeGenerator::emitGetScope):
3358         (JSC::BytecodeGenerator::emitPushWithScope):
3359         (JSC::BytecodeGenerator::emitGetParentScope):
3360         (JSC::BytecodeGenerator::emitDebugHook):
3361         (JSC::BytecodeGenerator::emitCatch):
3362         (JSC::BytecodeGenerator::emitThrow):
3363         (JSC::BytecodeGenerator::emitArgumentCount):
3364         (JSC::BytecodeGenerator::emitThrowStaticError):
3365         (JSC::BytecodeGenerator::beginSwitch):
3366         (JSC::prepareJumpTableForSwitch):
3367         (JSC::prepareJumpTableForStringSwitch):
3368         (JSC::BytecodeGenerator::endSwitch):
3369         (JSC::BytecodeGenerator::emitGetEnumerableLength):
3370         (JSC::BytecodeGenerator::emitHasGenericProperty):
3371         (JSC::BytecodeGenerator::emitHasIndexedProperty):
3372         (JSC::BytecodeGenerator::emitHasStructureProperty):
3373         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
3374         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
3375         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
3376         (JSC::BytecodeGenerator::emitToIndexString):
3377         (JSC::BytecodeGenerator::emitIsCellWithType):
3378         (JSC::BytecodeGenerator::emitIsObject):
3379         (JSC::BytecodeGenerator::emitIsNumber):
3380         (JSC::BytecodeGenerator::emitIsUndefined):
3381         (JSC::BytecodeGenerator::emitIsEmpty):
3382         (JSC::BytecodeGenerator::emitRestParameter):
3383         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
3384         (JSC::BytecodeGenerator::emitYieldPoint):
3385         (JSC::BytecodeGenerator::emitYield):
3386         (JSC::BytecodeGenerator::emitGetAsyncIterator):
3387         (JSC::BytecodeGenerator::emitDelegateYield):
3388         (JSC::BytecodeGenerator::emitFinallyCompletion):
3389         (JSC::BytecodeGenerator::emitJumpIf):
3390         (JSC::ForInContext::finalize):
3391         (JSC::StructureForInContext::finalize):
3392         (JSC::IndexedForInContext::finalize):
3393         (JSC::StaticPropertyAnalysis::record):
3394         (JSC::BytecodeGenerator::emitToThis):
3395         * bytecompiler/BytecodeGenerator.h:
3396         (JSC::StructureForInContext::addGetInst):
3397         (JSC::BytecodeGenerator::recordOpcode):
3398         (JSC::BytecodeGenerator::addMetadataFor):
3399         (JSC::BytecodeGenerator::emitUnaryOp):
3400         (JSC::BytecodeGenerator::kill):
3401         (JSC::BytecodeGenerator::instructions const):
3402         (JSC::BytecodeGenerator::write):
3403         (JSC::BytecodeGenerator::withWriter):
3404         * bytecompiler/Label.h:
3405         (JSC::Label::Label):
3406         (JSC::Label::bind):
3407         * bytecompiler/NodesCodegen.cpp:
3408         (JSC::ArrayNode::emitBytecode):
3409         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
3410         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3411         (JSC::BitwiseNotNode::emitBytecode):
3412         (JSC::BinaryOpNode::emitBytecode):
3413         (JSC::EqualNode::emitBytecode):
3414         (JSC::StrictEqualNode::emitBytecode):
3415         (JSC::emitReadModifyAssignment):
3416         (JSC::ForInNode::emitBytecode):
3417         (JSC::CaseBlockNode::emitBytecodeForBlock):
3418         (JSC::FunctionNode::emitBytecode):
3419         (JSC::ClassExprNode::emitBytecode):
3420         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
3421         (WTF::printInternal):
3422         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3423         * bytecompiler/RegisterID.h:
3424         * bytecompiler/StaticPropertyAnalysis.h:
3425         (JSC::StaticPropertyAnalysis::create):
3426         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
3427         * bytecompiler/StaticPropertyAnalyzer.h:
3428         (JSC::StaticPropertyAnalyzer::createThis):
3429         (JSC::StaticPropertyAnalyzer::newObject):
3430         (JSC::StaticPropertyAnalyzer::putById):
3431         (JSC::StaticPropertyAnalyzer::mov):
3432         (JSC::StaticPropertyAnalyzer::kill):
3433         * dfg/DFGByteCodeParser.cpp:
3434         (JSC::DFG::ByteCodeParser::addCall):
3435         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
3436         (JSC::DFG::ByteCodeParser::getArrayMode):
3437         (JSC::DFG::ByteCodeParser::handleCall):
3438         (JSC::DFG::ByteCodeParser::handleVarargsCall):
3439         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
3440         (JSC::DFG::ByteCodeParser::inlineCall):
3441         (JSC::DFG::ByteCodeParser::handleCallVariant):
3442         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
3443         (JSC::DFG::ByteCodeParser::handleInlining):
3444         (JSC::DFG::ByteCodeParser::handleMinMax):
3445         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3446         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
3447         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
3448         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
3449         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
3450         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
3451         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3452         (JSC::DFG::ByteCodeParser::handleGetById):
3453         (JSC::DFG::ByteCodeParser::handlePutById):
3454         (JSC::DFG::ByteCodeParser::parseGetById):
3455         (JSC::DFG::ByteCodeParser::parseBlock):
3456         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3457         (JSC::DFG::ByteCodeParser::handlePutByVal):
3458         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
3459         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
3460         (JSC::DFG::ByteCodeParser::handleNewFunc):
3461         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
3462         (JSC::DFG::ByteCodeParser::parse):
3463         * dfg/DFGCapabilities.cpp:
3464         (JSC::DFG::capabilityLevel):
3465         * dfg/DFGCapabilities.h:
3466         (JSC::DFG::capabilityLevel):
3467         * dfg/DFGOSREntry.cpp:
3468         (JSC::DFG::prepareCatchOSREntry):
3469         * dfg/DFGSpeculativeJIT.cpp:
3470         (JSC::DFG::SpeculativeJIT::compileValueAdd):
3471         (JSC::DFG::SpeculativeJIT::compileValueSub):
3472         (JSC::DFG::SpeculativeJIT::compileValueNegate):
3473         (JSC::DFG::SpeculativeJIT::compileArithMul):
3474         * ftl/FTLLowerDFGToB3.cpp:
3475         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
3476         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
3477         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
3478         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
3479         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
3480         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
3481         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
3482         * ftl/FTLOperations.cpp:
3483         (JSC::FTL::operationMaterializeObjectInOSR):
3484         * generate-bytecode-files: Removed.
3485         * generator/Argument.rb: Added.
3486         * generator/Assertion.rb: Added.
3487         * generator/DSL.rb: Added.
3488         * generator/Fits.rb: Added.
3489         * generator/GeneratedFile.rb: Added.
3490         * generator/Metadata.rb: Added.
3491         * generator/Opcode.rb: Added.
3492         * generator/OpcodeGroup.rb: Added.
3493         * generator/Options.rb: Added.
3494         * generator/Section.rb: Added.
3495         * generator/Template.rb: Added.
3496         * generator/Type.rb: Added.
3497         * generator/main.rb: Added.
3498         * interpreter/AbstractPC.h:
3499         * interpreter/CallFrame.cpp:
3500         (JSC::CallFrame::currentVPC const):
3501         (JSC::CallFrame::setCurrentVPC):
3502         * interpreter/CallFrame.h:
3503         (JSC::CallSiteIndex::CallSiteIndex):
3504         (JSC::ExecState::setReturnPC):
3505         * interpreter/Interpreter.cpp:
3506         (WTF::printInternal):
3507         * interpreter/Interpreter.h:
3508         * interpreter/InterpreterInlines.h:
3509         * interpreter/StackVisitor.cpp:
3510         (JSC::StackVisitor::Frame::dump const):
3511         * interpreter/VMEntryRecord.h:
3512         * jit/JIT.cpp:
3513         (JSC::JIT::JIT):
3514         (JSC::JIT::emitSlowCaseCall):
3515         (JSC::JIT::privateCompileMainPass):
3516         (JSC::JIT::privateCompileSlowCases):
3517         (JSC::JIT::compileWithoutLinking):
3518         (JSC::JIT::link):
3519         * jit/JIT.h:
3520         * jit/JITArithmetic.cpp:
3521         (JSC::JIT::emit_op_jless):
3522         (JSC::JIT::emit_op_jlesseq):
3523         (JSC::JIT::emit_op_jgreater):
3524         (JSC::JIT::emit_op_jgreatereq):
3525         (JSC::JIT::emit_op_jnless):
3526         (JSC::JIT::emit_op_jnlesseq):
3527         (JSC::JIT::emit_op_jngreater):
3528         (JSC::JIT::emit_op_jngreatereq):
3529         (JSC::JIT::emitSlow_op_jless):
3530         (JSC::JIT::emitSlow_op_jlesseq):
3531         (JSC::JIT::emitSlow_op_jgreater):
3532         (JSC::JIT::emitSlow_op_jgreatereq):
3533         (JSC::JIT::emitSlow_op_jnless):
3534         (JSC::JIT::emitSlow_op_jnlesseq):
3535         (JSC::JIT::emitSlow_op_jngreater):
3536         (JSC::JIT::emitSlow_op_jngreatereq):
3537         (JSC::JIT::emit_op_below):
3538         (JSC::JIT::emit_op_beloweq):
3539         (JSC::JIT::emit_op_jbelow):
3540         (JSC::JIT::emit_op_jbeloweq):
3541         (JSC::JIT::emit_op_unsigned):
3542         (JSC::JIT::emit_compareAndJump):
3543         (JSC::JIT::emit_compareUnsignedAndJump):
3544         (JSC::JIT::emit_compareUnsigned):
3545         (JSC::JIT::emit_compareAndJumpSlow):
3546         (JSC::JIT::emit_op_inc):
3547         (JSC::JIT::emit_op_dec):
3548         (JSC::JIT::emit_op_mod):
3549         (JSC::JIT::emitSlow_op_mod):
3550         (JSC::JIT::emit_op_negate):
3551         (JSC::JIT::emitSlow_op_negate):
3552         (JSC::JIT::emitBitBinaryOpFastPath):
3553         (JSC::JIT::emit_op_bitand):
3554         (JSC::JIT::emit_op_bitor):
3555         (JSC::JIT::emit_op_bitxor):
3556         (JSC::JIT::emit_op_lshift):
3557         (JSC::JIT::emitRightShiftFastPath):
3558         (JSC::JIT::emit_op_rshift):
3559         (JSC::JIT::emit_op_urshift):
3560         (JSC::getOperandTypes):
3561         (JSC::JIT::emit_op_add):
3562         (JSC::JIT::emitSlow_op_add):
3563         (JSC::JIT::emitMathICFast):
3564         (JSC::JIT::emitMathICSlow):
3565         (JSC::JIT::emit_op_div):
3566         (JSC::JIT::emit_op_mul):
3567         (JSC::JIT::emitSlow_op_mul):
3568         (JSC::JIT::emit_op_sub):
3569         (JSC::JIT::emitSlow_op_sub):
3570         * jit/JITCall.cpp:
3571         (JSC::JIT::emitPutCallResult):
3572         (JSC::JIT::compileSetupFrame):
3573         (JSC::JIT::compileCallEval):
3574         (JSC::JIT::compileCallEvalSlowCase):
3575         (JSC::JIT::compileTailCall):
3576         (JSC::JIT::compileOpCall):
3577         (JSC::JIT::compileOpCallSlowCase):
3578         (JSC::JIT::emit_op_call):
3579         (JSC::JIT::emit_op_tail_call):
3580         (JSC::JIT::emit_op_call_eval):
3581         (JSC::JIT::emit_op_call_varargs):
3582         (JSC::JIT::emit_op_tail_call_varargs):
3583         (JSC::JIT::emit_op_tail_call_forward_arguments):
3584         (JSC::JIT::emit_op_construct_varargs):
3585         (JSC::JIT::emit_op_construct):
3586         (JSC::JIT::emitSlow_op_call):
3587         (JSC::JIT::emitSlow_op_tail_call):
3588         (JSC::JIT::emitSlow_op_call_eval):
3589         (JSC::JIT::emitSlow_op_call_varargs):
3590         (JSC::JIT::emitSlow_op_tail_call_varargs):
3591         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
3592         (JSC::JIT::emitSlow_op_construct_varargs):
3593         (JSC::JIT::emitSlow_op_construct):
3594         * jit/JITDisassembler.cpp:
3595         (JSC::JITDisassembler::JITDisassembler):
3596         * jit/JITExceptions.cpp:
3597         (JSC::genericUnwind):
3598         * jit/JITInlines.h:
3599         (JSC::JIT::emitDoubleGetByVal):
3600         (JSC::JIT::emitLoadForArrayMode):
3601         (JSC::JIT::emitContiguousGetByVal):
3602         (JSC::JIT::emitArrayStorageGetByVal):
3603         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
3604         (JSC::JIT::sampleInstruction):
3605         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
3606         (JSC::JIT::emitValueProfilingSite):
3607         (JSC::JIT::jumpTarget):
3608         (JSC::JIT::copiedGetPutInfo):
3609         (JSC::JIT::copiedArithProfile):
3610         * jit/JITMathIC.h:
3611         (JSC::isProfileEmpty):
3612         (JSC::JITBinaryMathIC::JITBinaryMathIC):
3613         (JSC::JITUnaryMathIC::JITUnaryMathIC):
3614         * jit/JITOpcodes.cpp:
3615         (JSC::JIT::emit_op_mov):
3616         (JSC::JIT::emit_op_end):
3617         (JSC::JIT::emit_op_jmp):
3618         (JSC::JIT::emit_op_new_object):
3619         (JSC::JIT::emitSlow_op_new_object):
3620         (JSC::JIT::emit_op_overrides_has_instance):
3621         (JSC::JIT::emit_op_instanceof):
3622         (JSC::JIT::emitSlow_op_instanceof):
3623         (JSC::JIT::emit_op_instanceof_custom):
3624         (JSC::JIT::emit_op_is_empty):
3625         (JSC::JIT::emit_op_is_undefined):
3626         (JSC::JIT::emit_op_is_boolean):
3627         (JSC::JIT::emit_op_is_number):
3628         (JSC::JIT::emit_op_is_cell_with_type):
3629         (JSC::JIT::emit_op_is_object):
3630         (JSC::JIT::emit_op_ret):
3631         (JSC::JIT::emit_op_to_primitive):
3632         (JSC::JIT::emit_op_set_function_name):
3633         (JSC::JIT::emit_op_not):
3634         (JSC::JIT::emit_op_jfalse):
3635         (JSC::JIT::emit_op_jeq_null):
3636         (JSC::JIT::emit_op_jneq_null):
3637         (JSC::JIT::emit_op_jneq_ptr):
3638         (JSC::JIT::emit_op_eq):
3639         (JSC::JIT::emit_op_jeq):
3640         (JSC::JIT::emit_op_jtrue):
3641         (JSC::JIT::emit_op_neq):
3642         (JSC::JIT::emit_op_jneq):
3643         (JSC::JIT::emit_op_throw):
3644         (JSC::JIT::compileOpStrictEq):
3645         (JSC::JIT::emit_op_stricteq):
3646         (JSC::JIT::emit_op_nstricteq):
3647         (JSC::JIT::compileOpStrictEqJump):
3648         (JSC::JIT::emit_op_jstricteq):
3649         (JSC::JIT::emit_op_jnstricteq):
3650         (JSC::JIT::emitSlow_op_jstricteq):
3651         (JSC::JIT::emitSlow_op_jnstricteq):
3652         (JSC::JIT::emit_op_to_number):
3653         (JSC::JIT::emit_op_to_string):
3654         (JSC::JIT::emit_op_to_object):
3655         (JSC::JIT::emit_op_catch):
3656         (JSC::JIT::emit_op_identity_with_profile):
3657         (JSC::JIT::emit_op_get_parent_scope):
3658         (JSC::JIT::emit_op_switch_imm):
3659         (JSC::JIT::emit_op_switch_char):
3660         (JSC::JIT::emit_op_switch_string):
3661         (JSC::JIT::emit_op_debug):
3662         (JSC::JIT::emit_op_eq_null):
3663         (JSC::JIT::emit_op_neq_null):
3664         (JSC::JIT::emit_op_enter):
3665         (JSC::JIT::emit_op_get_scope):
3666         (JSC::JIT::emit_op_to_this):
3667         (JSC::JIT::emit_op_create_this):
3668         (JSC::JIT::emit_op_check_tdz):
3669         (JSC::JIT::emitSlow_op_eq):
3670         (JSC::JIT::emitSlow_op_neq):
3671         (JSC::JIT::emitSlow_op_jeq):
3672         (JSC::JIT::emitSlow_op_jneq):
3673         (JSC::JIT::emitSlow_op_instanceof_custom):
3674         (JSC::JIT::emit_op_loop_hint):
3675         (JSC::JIT::emitSlow_op_loop_hint):
3676         (JSC::JIT::emit_op_check_traps):
3677         (JSC::JIT::emit_op_nop):
3678         (JSC::JIT::emit_op_super_sampler_begin):
3679         (JSC::JIT::emit_op_super_sampler_end):
3680         (JSC::JIT::emitSlow_op_check_traps):
3681         (JSC::JIT::emit_op_new_regexp):
3682         (JSC::JIT::emitNewFuncCommon):
3683         (JSC::JIT::emit_op_new_func):
3684         (JSC::JIT::emit_op_new_generator_func):
3685         (JSC::JIT::emit_op_new_async_generator_func):
3686         (JSC::JIT::emit_op_new_async_func):
3687         (JSC::JIT::emitNewFuncExprCommon):
3688         (JSC::JIT::emit_op_new_func_exp):
3689         (JSC::JIT::emit_op_new_generator_func_exp):
3690         (JSC::JIT::emit_op_new_async_func_exp):
3691         (JSC::JIT::emit_op_new_async_generator_func_exp):
3692         (JSC::JIT::emit_op_new_array):
3693         (JSC::JIT::emit_op_new_array_with_size):
3694         (JSC::JIT::emit_op_has_structure_property):
3695         (JSC::JIT::privateCompileHasIndexedProperty):
3696         (JSC::JIT::emit_op_has_indexed_property):
3697         (JSC::JIT::emitSlow_op_has_indexed_property):
3698         (JSC::JIT::emit_op_get_direct_pname):
3699         (JSC::JIT::emit_op_enumerator_structure_pname):
3700         (JSC::JIT::emit_op_enumerator_generic_pname):
3701         (JSC::JIT::emit_op_profile_type):
3702         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
3703         (JSC::JIT::emit_op_log_shadow_chicken_tail):
3704         (JSC::JIT::emit_op_profile_control_flow):
3705         (JSC::JIT::emit_op_argument_count):
3706         (JSC::JIT::emit_op_get_rest_length):
3707         (JSC::JIT::emit_op_get_argument):
3708         * jit/JITOpcodes32_64.cpp:
3709         (JSC::JIT::emit_op_to_this):
3710         * jit/JITOperations.cpp:
3711         * jit/JITOperations.h:
3712         * jit/JITPropertyAccess.cpp:
3713         (JSC::JIT::emit_op_get_by_val):
3714         (JSC::JIT::emitGetByValWithCachedId):
3715         (JSC::JIT::emitSlow_op_get_by_val):
3716         (JSC::JIT::emit_op_put_by_val_direct):
3717         (JSC::JIT::emit_op_put_by_val):
3718         (JSC::JIT::emitGenericContiguousPutByVal):
3719         (JSC::JIT::emitArrayStoragePutByVal):
3720         (JSC::JIT::emitPutByValWithCachedId):
3721         (JSC::JIT::emitSlow_op_put_by_val):
3722         (JSC::JIT::emit_op_put_getter_by_id):
3723         (JSC::JIT::emit_op_put_setter_by_id):
3724         (JSC::JIT::emit_op_put_getter_setter_by_id):
3725         (JSC::JIT::emit_op_put_getter_by_val):
3726         (JSC::JIT::emit_op_put_setter_by_val):
3727         (JSC::JIT::emit_op_del_by_id):
3728         (JSC::JIT::emit_op_del_by_val):
3729         (JSC::JIT::emit_op_try_get_by_id):
3730         (JSC::JIT::emitSlow_op_try_get_by_id):
3731         (JSC::JIT::emit_op_get_by_id_direct):
3732         (JSC::JIT::emitSlow_op_get_by_id_direct):
3733         (JSC::JIT::emit_op_get_by_id):
3734         (JSC::JIT::emit_op_get_by_id_with_this):
3735         (JSC::JIT::emitSlow_op_get_by_id):
3736         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3737         (JSC::JIT::emit_op_put_by_id):
3738         (JSC::JIT::emitSlow_op_put_by_id):
3739         (JSC::JIT::emit_op_in_by_id):
3740         (JSC::JIT::emitSlow_op_in_by_id):
3741         (JSC::JIT::emit_op_resolve_scope):
3742         (JSC::JIT::emit_op_get_from_scope):
3743         (JSC::JIT::emitSlow_op_get_from_scope):
3744         (JSC::JIT::emit_op_put_to_scope):
3745         (JSC::JIT::emitSlow_op_put_to_scope):
3746         (JSC::JIT::emit_op_get_from_arguments):
3747         (JSC::JIT::emit_op_put_to_arguments):
3748         (JSC::JIT::privateCompileGetByVal):
3749         (JSC::JIT::privateCompileGetByValWithCachedId):
3750         (JSC::JIT::privateCompilePutByVal):
3751         (JSC::JIT::privateCompilePutByValWithCachedId):
3752         (JSC::JIT::emitDoubleLoad):
3753         (JSC::JIT::emitContiguousLoad):
3754         (JSC::JIT::emitArrayStorageLoad):
3755         (JSC::JIT::emitDirectArgumentsGetByVal):
3756         (JSC::JIT::emitScopedArgumentsGetByVal):
3757         (JSC::JIT::emitIntTypedArrayGetByVal):
3758         (JSC::JIT::emitFloatTypedArrayGetByVal):
3759         (JSC::JIT::emitIntTypedArrayPutByVal):
3760         (JSC::JIT::emitFloatTypedArrayPutByVal):
3761         * jit/RegisterSet.cpp:
3762         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
3763         * jit/SlowPathCall.h:
3764         (JSC::JITSlowPathCall::JITSlowPathCall):
3765         * llint/LLIntData.cpp:
3766         (JSC::LLInt::initialize):
3767         (JSC::LLInt::Data::performAssertions):
3768         * llint/LLIntData.h:
3769         (JSC::LLInt::exceptionInstructions):
3770         (JSC::LLInt::opcodeMap):
3771         (JSC::LLInt::opcodeMapWide):
3772         (JSC::LLInt::getOpcode):
3773         (JSC::LLInt::getOpcodeWide):
3774         (JSC::LLInt::getWideCodePtr):
3775         * llint/LLIntOffsetsExtractor.cpp:
3776         * llint/LLIntSlowPaths.cpp:
3777         (JSC::LLInt::llint_trace_operand):
3778         (JSC::LLInt::llint_trace_value):
3779         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3780         (JSC::LLInt::entryOSR):
3781         (JSC::LLInt::setupGetByIdPrototypeCache):
3782         (JSC::LLInt::getByVal):
3783         (JSC::LLInt::handleHostCall):
3784         (JSC::LLInt::setUpCall):
3785         (JSC::LLInt::genericCall):
3786         (JSC::LLInt::varargsSetup):
3787         (JSC::LLInt::commonCallEval):
3788         * llint/LLIntSlowPaths.h:
3789         * llint/LowLevelInterpreter.asm:
3790         * llint/LowLevelInterpreter.cpp:
3791         (JSC::CLoopRegister::operator const Instruction*):
3792         (JSC::CLoop::execute):
3793         * llint/LowLevelInterpreter32_64.asm:
3794         * llint/LowLevelInterpreter64.asm:
3795         * offlineasm/arm64.rb:
3796         * offlineasm/asm.rb:
3797         * offlineasm/ast.rb:
3798         * offlineasm/cloop.rb:
3799         * offlineasm/generate_offset_extractor.rb:
3800         * offlineasm/instructions.rb:
3801         * offlineasm/offsets.rb:
3802         * offlineasm/parser.rb:
3803         * offlineasm/transform.rb:
3804         * offlineasm/x86.rb:
3805         * parser/ResultType.h:
3806         (JSC::ResultType::dump const):
3807         (JSC::OperandTypes::first const):
3808         (JSC::OperandTypes::second const):
3809         (JSC::OperandTypes::dump const):
3810         * profiler/ProfilerBytecodeSequence.cpp:
3811         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
3812         * runtime/CommonSlowPaths.cpp:
3813         (JSC::SLOW_PATH_DECL):
3814         (JSC::updateArithProfileForUnaryArithOp):
3815         (JSC::updateArithProfileForBinaryArithOp):
3816         * runtime/CommonSlowPaths.h:
3817         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
3818         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
3819         * runtime/ExceptionFuzz.cpp:
3820         (JSC::doExceptionFuzzing):
3821         * runtime/ExceptionFuzz.h:
3822         (JSC::doExceptionFuzzingIfEnabled):
3823         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3824         (JSC::GetPutInfo::dump const):
3825         (WTF::printInternal):
3826         * runtime/GetPutInfo.h:
3827         (JSC::GetPutInfo::operand const):
3828         * runtime/JSCPoison.h:
3829         * runtime/JSType.cpp: Added.
3830         (WTF::printInternal):
3831         * runtime/JSType.h:
3832         * runtime/SamplingProfiler.cpp:
3833         (JSC::SamplingProfiler::StackFrame::displayName):
3834         * runtime/SamplingProfiler.h:
3835         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
3836         * runtime/SlowPathReturnType.h:
3837         (JSC::encodeResult):
3838         (JSC::decodeResult):
3839         * runtime/VM.h:
3840         * runtime/Watchdog.h:
3841         * tools/HeapVerifier.cpp:
3842
3843 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3844
3845         Unreviewed, partial rolling in r237254
3846         https://bugs.webkit.org/show_bug.cgi?id=190340
3847
3848         We do not use the added function right now to investigate what is the reason of the regression.
3849         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
3850         seems culprit of the regression on iOS devices.
3851
3852         * bytecode/UnlinkedFunctionExecutable.cpp:
3853         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3854         * bytecode/UnlinkedFunctionExecutable.h:
3855         * parser/SourceCodeKey.h:
3856         (JSC::SourceCodeKey::SourceCodeKey):
3857         (JSC::SourceCodeKey::operator== const):
3858         * runtime/CodeCache.cpp:
3859         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3860         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3861         * runtime/CodeCache.h:
3862         * runtime/FunctionConstructor.cpp:
3863         (JSC::constructFunctionSkippingEvalEnabledCheck):
3864         * runtime/FunctionExecutable.cpp:
3865         (JSC::FunctionExecutable::fromGlobalCode):
3866         * runtime/FunctionExecutable.h:
3867
3868 2018-10-26  Commit Queue  <commit-queue@webkit.org>
3869
3870         Unreviewed, rolling out r237479 and r237484.
3871         https://bugs.webkit.org/show_bug.cgi?id=190978
3872
3873         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
3874
3875         Reverted changesets:
3876
3877         "New bytecode format for JSC"
3878         https://bugs.webkit.org/show_bug.cgi?id=187373
3879         https://trac.webkit.org/changeset/237479
3880
3881         "Gardening: Build fix after r237479."
3882         https://bugs.webkit.org/show_bug.cgi?id=187373
3883         https://trac.webkit.org/changeset/237484
3884
3885 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
3886
3887         Gardening: Build fix after r237479.
3888         https://bugs.webkit.org/show_bug.cgi?id=187373
3889
3890         Unreviewed.
3891
3892         * Configurations/JSC.xcconfig:
3893         * JavaScriptCore.xcodeproj/project.pbxproj:
3894         * llint/LLIntData.cpp:
3895         (JSC::LLInt::initialize):
3896
3897 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
3898
3899         New bytecode format for JSC
3900         https://bugs.webkit.org/show_bug.cgi?id=187373
3901         <rdar://problem/44186758>
3902
3903         Reviewed by Filip Pizlo.
3904
3905         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
3906         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
3907         operands) and might contain an extra operand, the metadataID. The metadataID is used to
3908         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
3909
3910         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
3911         and types to all its operands. Additionally, reading a bytecode from the instruction stream
3912         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
3913         operands directly from the stream.
3914
3915
3916         * CMakeLists.txt:
3917         * DerivedSources.make:
3918         * JavaScriptCore.xcodeproj/project.pbxproj:
3919         * Sources.txt:
3920         * assembler/MacroAssemblerCodeRef.h:
3921         (JSC::ReturnAddressPtr::ReturnAddressPtr):
3922         (JSC::ReturnAddressPtr::value const):
3923         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
3924         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
3925         * bytecode/ArithProfile.h:
3926         (JSC::ArithProfile::ArithProfile):
3927         * bytecode/ArrayAllocationProfile.h:
3928         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
3929         * bytecode/ArrayProfile.h:
3930         * bytecode/BytecodeBasicBlock.cpp:
3931         (JSC::isJumpTarget):
3932         (JSC::BytecodeBasicBlock::computeImpl):
3933         (JSC::BytecodeBasicBlock::compute):
3934         * bytecode/BytecodeBasicBlock.h:
3935         (JSC::BytecodeBasicBlock::leaderOffset const):
3936         (JSC::BytecodeBasicBlock::totalLength const):
3937         (JSC::BytecodeBasicBlock::offsets const):
3938         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
3939         (JSC::BytecodeBasicBlock::addLength):
3940         * bytecode/BytecodeDumper.cpp:
3941         (JSC::BytecodeDumper<Block>::printLocationAndOp):
3942         (JSC::BytecodeDumper<Block>::dumpBytecode):
3943         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
3944         (JSC::BytecodeDumper<Block>::dumpConstants):
3945         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
3946         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
3947         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
3948         (JSC::BytecodeDumper<Block>::dumpBlock):
3949         * bytecode/BytecodeDumper.h:
3950         (JSC::BytecodeDumper::dumpOperand):
3951         (JSC::BytecodeDumper::dumpValue):
3952         (JSC::BytecodeDumper::BytecodeDumper):
3953         (JSC::BytecodeDumper::block const):
3954         * bytecode/BytecodeGeneratorification.cpp:
3955         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
3956         (JSC::BytecodeGeneratorification::enterPoint const):
3957         (JSC::BytecodeGeneratorification::instructions const):
3958         (JSC::GeneratorLivenessAnalysis::run):
3959         (JSC::BytecodeGeneratorification::run):
3960         (JSC::performGeneratorification):
3961         * bytecode/BytecodeGeneratorification.h:
3962         * bytecode/BytecodeGraph.h:
3963         (JSC::BytecodeGraph::blockContainsBytecodeOffset):