Revert http://trac.webkit.org/r251875
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2019-11-02  Alexey Proskuryakov  <ap@apple.com>
2
3         Revert http://trac.webkit.org/r251875
4         Don't use memmove/memcpy/memset for memory that can be scanned concurrently
5
6         This is suspected to have broken performance tests on iOS.
7
8         Also reverted http://trac.webkit.org/r251909, because that was necessary for clean revert.
9         gcSafeMemmove references undefined slowPathBackwardsMemmove on non-gcc compatible compilers
10
11         * CMakeLists.txt:
12         * JavaScriptCore.xcodeproj/project.pbxproj:
13         * heap/GCMemoryOperations.h: Removed.
14         * heap/Heap.h:
15         * runtime/ArrayConventions.cpp:
16         (JSC::clearArrayMemset):
17         * runtime/ArrayPrototype.cpp:
18         (JSC::copyElements):
19         * runtime/ButterflyInlines.h:
20         (JSC::Butterfly::tryCreate):
21         (JSC::Butterfly::createOrGrowPropertyStorage):
22         (JSC::Butterfly::growArrayRight):
23         (JSC::Butterfly::reallocArrayRightIfPossible):
24         (JSC::Butterfly::resizeArray):
25         (JSC::Butterfly::unshift):
26         (JSC::Butterfly::shift):
27         * runtime/JSArray.cpp:
28         (JSC::JSArray::unshiftCountSlowCase):
29         (JSC::JSArray::appendMemcpy):
30         (JSC::JSArray::fastSlice):
31         (JSC::JSArray::shiftCountWithArrayStorage):
32         (JSC::JSArray::shiftCountWithAnyIndexingType):
33         (JSC::JSArray::unshiftCountWithArrayStorage):
34         * runtime/JSObject.cpp:
35         (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
36         (JSC::JSObject::convertFromCopyOnWrite):
37         (JSC::JSObject::shiftButterflyAfterFlattening):
38         * runtime/JSObject.h:
39         * runtime/RegExpMatchesArray.h:
40         (JSC::createRegExpMatchesArray):
41         * runtime/Structure.cpp:
42         (JSC::Structure::flattenDictionaryStructure):
43
44 2019-11-02  Robin Morisset  <rmorisset@apple.com>
45
46         The offline assembler is wrong about which immediates are supported by and/or/xor on ARM64
47         https://bugs.webkit.org/show_bug.cgi?id=203752
48
49         Reviewed by Tadeu Zagallo.
50
51         See https://dinfuehr.github.io/blog/encoding-of-immediate-values-on-aarch64/ for the details of which immediates are supported.
52         This patch is a minimal fix, ideally we should refactor all of the code dealing with immediates in risc.rb, but considering that I don't know ruby and this code is poorly/not tested, I went for the simplest possible fix.
53
54         * offlineasm/arm64.rb:
55         * offlineasm/mips.rb:
56         * offlineasm/risc.rb:
57
58 2019-11-02  Devin Rousso  <drousso@apple.com>
59
60         Web Inspector: Add diagnostic logging for frontend feature usage
61         https://bugs.webkit.org/show_bug.cgi?id=203579
62         <rdar://problem/56717410>
63
64         Reviewed by Brian Burg.
65
66         Original patch by Matt Baker <mattbaker@apple.com>.
67
68         * Configurations/FeatureDefines.xcconfig:
69         Add `ENABLE_INSPECTOR_TELEMETRY`, which is only enabled for macOS.
70
71 2019-11-01  Devin Rousso  <drousso@apple.com>
72
73         Web Inspector: Timelines: add a timeline that shows information about any recorded CSS animation/transition
74         https://bugs.webkit.org/show_bug.cgi?id=203651
75         <rdar://problem/56128726>
76
77         Reviewed by Brian Burg.
78
79         Unlike all other forms of Web Animations, CSS animations/transitions, are _not_ created by
80         JavaScript, and therefore can seemingly appear out of nowhere. This patch expands the Media
81         timeline to be the Media & Animations timeline, which tracks when CSS animations/transitions
82         are created, started, delayed, iterated, canceled, or finished.
83
84         * CMakeLists.txt:
85         * DerivedSources-input.xcfilelist:
86         * DerivedSources.make:
87         * inspector/protocol/Animation.json: Added.
88         * inspector/protocol/Timeline.json:
89         Add an Animation domain for handling the tracking of CSS Web Animations.
90
91 2019-11-01  Saam Barati  <sbarati@apple.com>
92
93         Refactor uses of StructureStubInfo 'thisGPR' to a union for thisGPR and prototypeGPR
94         https://bugs.webkit.org/show_bug.cgi?id=203693
95
96         Reviewed by Mark Lam and Yusuke Suzuki.
97
98         I'm going to be adding a third overload for this field when making
99         GetByVal inline caching part of StructureStubInfo. It's nicer for
100         each use case of this field to use it by the proper name.
101
102         * bytecode/AccessCase.cpp:
103         (JSC::AccessCase::generateWithGuard):
104         (JSC::AccessCase::generateImpl):
105         * bytecode/PolymorphicAccess.cpp:
106         (JSC::PolymorphicAccess::regenerate):
107         * bytecode/PolymorphicAccess.h:
108         (JSC::AccessGenerationState::AccessGenerationState):
109         * bytecode/StructureStubInfo.h:
110         * jit/JITInlineCacheGenerator.cpp:
111         (JSC::JITByIdGenerator::JITByIdGenerator):
112         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
113         (JSC::JITInstanceOfGenerator::JITInstanceOfGenerator):
114
115 2019-11-01  Alexey Shvayka  <shvaikalesh@gmail.com>
116
117         [[HasProperty]] result of Proxy in prototype chain is ignored
118         https://bugs.webkit.org/show_bug.cgi?id=203560
119
120         Reviewed by Ross Kirsling.
121
122         Before this change, when [[HasProperty]] was called on ordinary object with Proxy in prototype chain,
123         falsy result of Proxy's "has" trap was ignored and prototype chain was inspected further.
124
125         According to spec, OrdinaryHasProperty unconditionally returns result of parent's [[HasProperty]] call.
126         (step 5.a of https://tc39.es/ecma262/#sec-ordinaryhasproperty)
127
128         * runtime/JSObjectInlines.h:
129         (JSC::JSObject::getPropertySlot):
130         (JSC::JSObject::getNonIndexPropertySlot):
131
132 2019-10-31  Yusuke Suzuki  <ysuzuki@apple.com>
133
134         Unreviewed, speculative GTK build fix r251886
135         https://bugs.webkit.org/show_bug.cgi?id=203703
136
137         * wasm/WasmSlowPaths.h:
138
139 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
140
141         Fix GTK build after r251886
142         https://bugs.webkit.org/show_bug.cgi?id=203703
143
144         Reviewed by Yusuke Suzuki.
145
146         slow_path_wasm_throw_exception was missing `extern "C"` in the implementation file.
147
148         * wasm/WasmSlowPaths.cpp:
149         (JSC::LLInt::slow_path_wasm_throw_exception):
150
151 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
152
153         gcSafeMemmove references undefined slowPathBackwardsMemmove on non-gcc compatible compilers
154         https://bugs.webkit.org/show_bug.cgi?id=203721
155
156         Reviewed by Fujii Hironori.
157
158         * heap/GCMemoryOperations.h:
159         (JSC::gcSafeMemmove):
160
161 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
162
163         Fix build when WTF_CPU_NEEDS_ALIGNED_ACCESS=1 after r251886
164         https://bugs.webkit.org/show_bug.cgi?id=203718
165
166         Reviewed by Yusuke Suzuki.
167
168         * bytecompiler/BytecodeGeneratorBaseInlines.h:
169         (JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode16):
170         (JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode32):
171
172 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
173
174         offlineasm should emit the suffixes for floating point instructions on Windows x86
175         https://bugs.webkit.org/show_bug.cgi?id=203720
176
177         Reviewed by Yusuke Suzuki.
178
179         * offlineasm/x86.rb:
180
181 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
182
183         Disable Wasm interpreter on WinCairo
184         https://bugs.webkit.org/show_bug.cgi?id=203705
185
186         Reviewed by Yusuke Suzuki.
187
188         The interpreter does not build on WinCairo.
189
190         * llint/LowLevelInterpreter.asm:
191
192 2019-10-31  Yusuke Suzuki  <ysuzuki@apple.com>
193
194         [JSC] Remove metadata(CallFrame*) accessor
195         https://bugs.webkit.org/show_bug.cgi?id=203712
196
197         Reviewed by Tadeu Zagallo.
198
199         We should pass CodeBlock* explicitly to remove unnecessary use of CallFrame*, which is very error-prone.
200
201         * dfg/DFGOSREntry.cpp:
202         (JSC::DFG::prepareCatchOSREntry):
203         * dfg/DFGOSREntry.h:
204         * generator/Metadata.rb:
205         * jit/JITOperations.cpp:
206
207 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
208
209         Unreviewed, fix LowLevelInterpreter32_64.asm after r251886
210         https://bugs.webkit.org/show_bug.cgi?id=194257
211
212         ci2d was renamed to ci2ds and I also missed LowLevelInterpreter32_64.asm
213
214         * llint/LowLevelInterpreter32_64.asm:
215
216 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
217
218         Unreviewed, fix cloop builds after r251886
219         https://bugs.webkit.org/show_bug.cgi?id=194257
220
221         ci2d was renamed to ci2ds, but I missed cloop.rb, arm.rb and mips.rb
222
223         * offlineasm/arm.rb:
224         * offlineasm/cloop.rb:
225         * offlineasm/mips.rb:
226
227 2019-10-31  Tadeu Zagallo  <tzagallo@apple.com>
228
229         [WebAssembly] Create a Wasm interpreter
230         https://bugs.webkit.org/show_bug.cgi?id=194257
231         <rdar://problem/44186794>
232
233         Reviewed by Saam Barati.
234
235         Add an interpreter tier to WebAssembly which reuses the LLInt infrastructure. The interpreter
236         currently tiers up straight to OMG and can OSR enter at the prologue and from loops. The initial
237         implementation of the interpreter is very naive, but despite the lack of optimizations it still
238         shows a 2x improvement on the WebAssembly subtests in JetStream2 and 2x improvement on the
239         PSPDFKit benchmark. It reduces "compilation" times by ~3x and it's neutral on throughput.
240
241         The interpreter follows the same calling conventions as the BBQ/OMG, this means that:
242         - We have to allocate locals for all argument registers and write all arguments registers to the
243           stack in the prologue.
244         - Calls have to allocate space for at least as many arguments as the number of argument registers.
245           Before each call, all argument registers must be loaded from the stack, and after we return from
246           the call, all registers must be stored back to the stack, in case they contain return values. We
247           carefully layout the stack so that the arguments that would already have to be passed in the stack
248           end up in the right place. The stack layout for calls is:
249             [ gprs ][ fprs ][ optional stack arguments ][ callee frame ]
250                                                                        ^ sp
251         - The return opcode has to load all registers from the stack, since they might need to contain
252           results of the function.
253         - The calling convention requires that the callee should store itself in the callee slot of the call
254           frame, which is impossible in the interpreter, since the code we execute is the same for all callees.
255           In order to work around that, we generate an entry thunk to the wasm interpreter for each function.
256           All this thunk does is store the callee in the call frame and tail call the interpreter.
257
258         * CMakeLists.txt:
259         * DerivedSources-input.xcfilelist:
260         * DerivedSources-output.xcfilelist:
261         * DerivedSources.make:
262         * JavaScriptCore.xcodeproj/project.pbxproj:
263         * Sources.txt:
264         * bytecode/BytecodeDumper.cpp:
265         (JSC::BytecodeDumper<Block>::constantName const):
266         (JSC::BytecodeDumper<Block>::dumpValue):
267         (JSC::BytecodeDumper<Block>::dumpBytecode):
268         (JSC::CodeBlockBytecodeDumper<Block>::vm const):
269         (JSC::CodeBlockBytecodeDumper<Block>::identifier const):
270         (JSC::CodeBlockBytecodeDumper<Block>::dumpIdentifiers):
271         (JSC::CodeBlockBytecodeDumper<Block>::dumpConstants):
272         (JSC::CodeBlockBytecodeDumper<Block>::dumpExceptionHandlers):
273         (JSC::CodeBlockBytecodeDumper<Block>::dumpSwitchJumpTables):
274         (JSC::CodeBlockBytecodeDumper<Block>::dumpStringSwitchJumpTables):
275         (JSC::CodeBlockBytecodeDumper<Block>::dumpBlock):
276         * bytecode/BytecodeDumper.h:
277         (JSC::BytecodeDumper::dumpValue):
278         (JSC::BytecodeDumper::BytecodeDumper):
279         * bytecode/BytecodeGeneratorification.cpp:
280         (JSC::performGeneratorification):
281         * bytecode/BytecodeList.rb:
282         * bytecode/CodeBlock.cpp:
283         (JSC::CodeBlock::dumpBytecode):
284         * bytecode/Fits.h:
285         * bytecode/Instruction.h:
286         (JSC::BaseInstruction::BaseInstruction):
287         (JSC::BaseInstruction::Impl::opcodeID const):
288         (JSC::BaseInstruction::opcodeID const):
289         (JSC::BaseInstruction::name const):
290         (JSC::BaseInstruction::isWide16 const):
291         (JSC::BaseInstruction::isWide32 const):
292         (JSC::BaseInstruction::hasMetadata const):
293         (JSC::BaseInstruction::sizeShiftAmount const):
294         (JSC::BaseInstruction::size const):
295         (JSC::BaseInstruction::is const):
296         (JSC::BaseInstruction::as const):
297         (JSC::BaseInstruction::cast):
298         (JSC::BaseInstruction::cast const):
299         (JSC::BaseInstruction::wide16 const):
300         (JSC::BaseInstruction::wide32 const):
301         * bytecode/InstructionStream.h:
302         (JSC::InstructionStream::iterator::operator+=):
303         (JSC::InstructionStream::iterator::operator++):
304         (JSC::InstructionStreamWriter::iterator::operator+=):
305         (JSC::InstructionStreamWriter::iterator::operator++):
306         * bytecode/Opcode.cpp:
307         * bytecode/Opcode.h:
308         * bytecode/PreciseJumpTargetsInlines.h:
309         * bytecode/UnlinkedCodeBlock.h:
310         * bytecode/VirtualRegister.cpp:
311         (JSC::VirtualRegister::VirtualRegister):
312         * bytecode/VirtualRegister.h:
313         * bytecompiler/BytecodeGenerator.cpp:
314         (JSC::GenericLabel<JSGeneratorTraits>::setLocation):
315         (JSC::BytecodeGenerator::BytecodeGenerator):
316         * bytecompiler/BytecodeGenerator.h:
317         * bytecompiler/BytecodeGeneratorBase.h: Added.
318         * bytecompiler/BytecodeGeneratorBaseInlines.h: Added.
319         (JSC::shrinkToFit):
320         (JSC::BytecodeGeneratorBase<Traits>::BytecodeGeneratorBase):
321         (JSC::BytecodeGeneratorBase<Traits>::newLabel):
322         (JSC::BytecodeGeneratorBase<Traits>::newEmittedLabel):
323         (JSC::BytecodeGeneratorBase<Traits>::reclaimFreeRegisters):
324         (JSC::BytecodeGeneratorBase<Traits>::emitLabel):
325         (JSC::BytecodeGeneratorBase<Traits>::recordOpcode):
326         (JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode16):
327         (JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode32):
328         (JSC::BytecodeGeneratorBase<Traits>::write):
329         (JSC::BytecodeGeneratorBase<Traits>::newRegister):
330         (JSC::BytecodeGeneratorBase<Traits>::newTemporary):
331         (JSC::BytecodeGeneratorBase<Traits>::addVar):
332         (JSC::BytecodeGeneratorBase<Traits>::allocateCalleeSaveSpace):
333         * bytecompiler/Label.h:
334         (JSC::GenericBoundLabel::GenericBoundLabel):
335         (JSC::GenericBoundLabel::target):
336         (JSC::GenericBoundLabel::saveTarget):
337         (JSC::GenericBoundLabel::commitTarget):
338         * dfg/DFGByteCodeParser.cpp:
339         * dfg/DFGCapabilities.cpp:
340         (JSC::DFG::capabilityLevel):
341         * dfg/DFGOperations.cpp:
342         * generator/Argument.rb:
343         * generator/DSL.rb:
344         * generator/GeneratedFile.rb:
345         * generator/Opcode.rb:
346         * generator/Options.rb:
347         * generator/Section.rb:
348         * generator/Wasm.rb: Added.
349         * interpreter/Register.h:
350         * interpreter/RegisterInlines.h:
351         (JSC::Register::operator=):
352         * jit/JITArithmetic.cpp:
353         * jit/JITOpcodes.cpp:
354         * llint/LLIntData.cpp:
355         (JSC::LLInt::initialize):
356         * llint/LLIntData.h:
357         (JSC::LLInt::wasmExceptionInstructions):
358         * llint/LLIntOfflineAsmConfig.h:
359         * llint/LLIntOffsetsExtractor.cpp:
360         * llint/LLIntSlowPaths.cpp:
361         * llint/LLIntThunks.cpp:
362         (JSC::LLInt::generateThunkWithJumpTo):
363         (JSC::LLInt::wasmFunctionEntryThunk):
364         * llint/LLIntThunks.h:
365         * llint/LowLevelInterpreter.asm:
366         * llint/LowLevelInterpreter32_64.asm:
367         * llint/LowLevelInterpreter64.asm:
368         * llint/WebAssembly.asm: Added.
369         * offlineasm/arm64.rb:
370         * offlineasm/instructions.rb:
371         * offlineasm/parser.rb:
372         * offlineasm/registers.rb:
373         * offlineasm/transform.rb:
374         * offlineasm/x86.rb:
375         * parser/Nodes.h:
376         * runtime/Error.cpp:
377         (JSC::FindFirstCallerFrameWithCodeblockFunctor::operator() const):
378         * runtime/ErrorInstance.cpp:
379         (JSC::ErrorInstance::finishCreation):
380         * runtime/Options.cpp:
381         (JSC::overrideDefaults):
382         * runtime/OptionsList.h:
383         * runtime/SamplingProfiler.cpp:
384         (JSC::FrameWalker::recordJITFrame):
385         (JSC::FrameWalker::resetAtMachineFrame):
386         * wasm/WasmAirIRGenerator.cpp:
387         (JSC::Wasm::AirIRGenerator::isControlTypeIf):
388         (JSC::Wasm::AirIRGenerator::emitLoopTierUpCheck):
389         * wasm/WasmB3IRGenerator.cpp:
390         (JSC::Wasm::B3IRGenerator::isControlTypeIf):
391         * wasm/WasmBBQPlan.cpp:
392         (JSC::Wasm::BBQPlan::prepareImpl):
393         (JSC::Wasm::BBQPlan::work):
394         (JSC::Wasm::BBQPlan::compileFunction):
395         (JSC::Wasm::BBQPlan::didCompleteCompilation):
396         (JSC::Wasm::BBQPlan::initializeCallees):
397         * wasm/WasmBBQPlan.h:
398         * wasm/WasmBBQPlanInlines.h: Removed.
399         * wasm/WasmCallee.cpp:
400         (JSC::Wasm::Callee::Callee):
401         (JSC::Wasm::Callee::dump const):
402         (JSC::Wasm::JITCallee::JITCallee):
403         (JSC::Wasm::LLIntCallee::setEntrypoint):
404         (JSC::Wasm::LLIntCallee::entrypoint const):
405         (JSC::Wasm::LLIntCallee::calleeSaveRegisters):
406         (JSC::Wasm:: const):
407         * wasm/WasmCallee.h:
408         (JSC::Wasm::Callee::setOSREntryCallee):
409         (JSC::Wasm::JITCallee::wasmToWasmCallsites):
410         (JSC::Wasm::JITCallee:: const):
411         * wasm/WasmCallingConvention.h:
412         * wasm/WasmCodeBlock.cpp:
413         (JSC::Wasm::CodeBlock::CodeBlock):
414         * wasm/WasmCodeBlock.h:
415         (JSC::Wasm::CodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
416         (JSC::Wasm::CodeBlock::wasmBBQCalleeFromFunctionIndexSpace):
417         (JSC::Wasm::CodeBlock::wasmToWasmExitStub):
418         * wasm/WasmCompilationMode.cpp:
419         (JSC::Wasm::makeString):
420         * wasm/WasmCompilationMode.h:
421         * wasm/WasmEmbedder.h:
422         * wasm/WasmEntryPlan.cpp: Added.
423         (JSC::Wasm::EntryPlan::EntryPlan):
424         (JSC::Wasm::EntryPlan::stateString):
425         (JSC::Wasm::EntryPlan::moveToState):
426         (JSC::Wasm::EntryPlan::didReceiveFunctionData):
427         (JSC::Wasm::EntryPlan::parseAndValidateModule):
428         (JSC::Wasm::EntryPlan::prepare):
429         (JSC::Wasm::EntryPlan::ThreadCountHolder::ThreadCountHolder):
430         (JSC::Wasm::EntryPlan::ThreadCountHolder::~ThreadCountHolder):
431         (JSC::Wasm::EntryPlan::complete):
432         (JSC::Wasm::EntryPlan::compileFunctions):
433         (JSC::Wasm::EntryPlan::work):
434         * wasm/WasmEntryPlan.h: Copied from Source/JavaScriptCore/wasm/WasmBBQPlan.h.
435         (JSC::Wasm::EntryPlan::parseAndValidateModule):
436         (JSC::Wasm::EntryPlan::exports const):
437         (JSC::Wasm::EntryPlan::internalFunctionCount const):
438         (JSC::Wasm::EntryPlan::takeModuleInformation):
439         (JSC::Wasm::EntryPlan::takeWasmToWasmExitStubs):
440         (JSC::Wasm::EntryPlan::takeWasmToWasmCallsites):
441         (JSC::Wasm::EntryPlan::hasBeenPrepared const):
442         (JSC::Wasm::EntryPlan::tryReserveCapacity):
443         * wasm/WasmFunctionCodeBlock.cpp: Added.
444         (JSC::Wasm::FunctionCodeBlock::setInstructions):
445         (JSC::Wasm::FunctionCodeBlock::dumpBytecode):
446         (JSC::Wasm::FunctionCodeBlock::addOutOfLineJumpTarget):
447         (JSC::Wasm::FunctionCodeBlock::outOfLineJumpOffset):
448         (JSC::Wasm::FunctionCodeBlock::outOfLineJumpTarget):
449         (JSC::Wasm::FunctionCodeBlock::addSignature):
450         (JSC::Wasm::FunctionCodeBlock::signature const):
451         (JSC::Wasm::FunctionCodeBlock::addJumpTable):
452         (JSC::Wasm::FunctionCodeBlock::jumpTable const const):
453         (JSC::Wasm::FunctionCodeBlock::numberOfJumpTables const):
454         * wasm/WasmFunctionCodeBlock.h: Added.
455         (JSC::Wasm::FunctionCodeBlock::FunctionCodeBlock):
456         (JSC::Wasm::FunctionCodeBlock::getConstant const):
457         (JSC::Wasm::FunctionCodeBlock::functionIndex const):
458         (JSC::Wasm::FunctionCodeBlock::addJumpTarget):
459         (JSC::Wasm::FunctionCodeBlock::numberOfJumpTargets):
460         (JSC::Wasm::FunctionCodeBlock::lastJumpTarget):
461         (JSC::Wasm::FunctionCodeBlock::outOfLineJumpOffset):
462         (JSC::Wasm::FunctionCodeBlock::bytecodeOffset):
463         (JSC::Wasm::FunctionCodeBlock::tierUpCounter):
464         * wasm/WasmFunctionParser.h:
465         (JSC::Wasm::FunctionParser<Context>::parseExpression):
466         (JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
467         * wasm/WasmInstance.h:
468         * wasm/WasmLLIntGenerator.cpp: Added.
469         (JSC::Wasm::LLIntGenerator::ControlType::ControlType):
470         (JSC::Wasm::LLIntGenerator::ControlType::loop):
471         (JSC::Wasm::LLIntGenerator::ControlType::topLevel):
472         (JSC::Wasm::LLIntGenerator::ControlType::block):
473         (JSC::Wasm::LLIntGenerator::ControlType::if_):
474         (JSC::Wasm::LLIntGenerator::ControlType::targetLabelForBranch const):
475         (JSC::Wasm::LLIntGenerator::fail const):
476         (JSC::Wasm::LLIntGenerator::unifyValuesWithBlock):
477         (JSC::Wasm::LLIntGenerator::emptyExpression):
478         (JSC::Wasm::LLIntGenerator::createStack):
479         (JSC::Wasm::LLIntGenerator::isControlTypeIf):
480         (JSC::Wasm::LLIntGenerator::addEndToUnreachable):
481         (JSC::Wasm::LLIntGenerator::setParser):
482         (JSC::Wasm::LLIntGenerator::dump):
483         (JSC::Wasm::LLIntGenerator::virtualRegisterForLocal):
484         (JSC::Wasm::LLIntGenerator::tmpsForSignature):
485         (JSC::Wasm::LLIntGenerator::jsNullConstant):
486         (JSC::Wasm::LLIntGenerator::isConstant):
487         (JSC::Wasm::parseAndCompileBytecode):
488         (JSC::Wasm::LLIntGenerator::LLIntGenerator):
489         (JSC::Wasm::LLIntGenerator::finalize):
490         (JSC::Wasm::LLIntGenerator::callInformationFor):
491         (JSC::Wasm::LLIntGenerator::addArguments):
492         (JSC::Wasm::LLIntGenerator::addLocal):
493         (JSC::Wasm::LLIntGenerator::addConstant):
494         (JSC::Wasm::LLIntGenerator::getLocal):
495         (JSC::Wasm::LLIntGenerator::setLocal):
496         (JSC::Wasm::LLIntGenerator::getGlobal):
497         (JSC::Wasm::LLIntGenerator::setGlobal):
498         (JSC::Wasm::LLIntGenerator::addLoop):
499         (JSC::Wasm::LLIntGenerator::addTopLevel):
500         (JSC::Wasm::LLIntGenerator::addBlock):
501         (JSC::Wasm::LLIntGenerator::addIf):
502         (JSC::Wasm::LLIntGenerator::addElse):
503         (JSC::Wasm::LLIntGenerator::addElseToUnreachable):
504         (JSC::Wasm::LLIntGenerator::addReturn):
505         (JSC::Wasm::LLIntGenerator::addBranch):
506         (JSC::Wasm::LLIntGenerator::addSwitch):
507         (JSC::Wasm::LLIntGenerator::endBlock):
508         (JSC::Wasm::LLIntGenerator::addCall):
509         (JSC::Wasm::LLIntGenerator::addCallIndirect):
510         (JSC::Wasm::LLIntGenerator::addRefIsNull):
511         (JSC::Wasm::LLIntGenerator::addRefFunc):
512         (JSC::Wasm::LLIntGenerator::addTableGet):
513         (JSC::Wasm::LLIntGenerator::addTableSet):
514         (JSC::Wasm::LLIntGenerator::addTableSize):
515         (JSC::Wasm::LLIntGenerator::addTableGrow):
516         (JSC::Wasm::LLIntGenerator::addTableFill):
517         (JSC::Wasm::LLIntGenerator::addUnreachable):
518         (JSC::Wasm::LLIntGenerator::addCurrentMemory):
519         (JSC::Wasm::LLIntGenerator::addGrowMemory):
520         (JSC::Wasm::LLIntGenerator::addSelect):
521         (JSC::Wasm::LLIntGenerator::load):
522         (JSC::Wasm::LLIntGenerator::store):
523         (JSC::GenericLabel<Wasm::GeneratorTraits>::setLocation):
524         * wasm/WasmLLIntGenerator.h: Copied from Source/JavaScriptCore/wasm/WasmCompilationMode.h.
525         * wasm/WasmLLIntPlan.cpp: Added.
526         (JSC::Wasm::LLIntPlan::prepareImpl):
527         (JSC::Wasm::LLIntPlan::compileFunction):
528         (JSC::Wasm::LLIntPlan::didCompleteCompilation):
529         (JSC::Wasm::LLIntPlan::initializeCallees):
530         * wasm/WasmLLIntPlan.h: Copied from Source/JavaScriptCore/wasm/WasmOMGForOSREntryPlan.h.
531         * wasm/WasmLLIntTierUpCounter.cpp: Copied from Source/JavaScriptCore/wasm/WasmCompilationMode.cpp.
532         (JSC::Wasm::LLIntTierUpCounter::addOSREntryDataForLoop):
533         (JSC::Wasm::LLIntTierUpCounter::osrEntryDataForLoop const const):
534         * wasm/WasmLLIntTierUpCounter.h: Copied from Source/JavaScriptCore/wasm/WasmOMGForOSREntryPlan.h.
535         (JSC::Wasm::LLIntTierUpCounter::LLIntTierUpCounter):
536         (JSC::Wasm::LLIntTierUpCounter::optimizeAfterWarmUp):
537         (JSC::Wasm::LLIntTierUpCounter::checkIfOptimizationThresholdReached):
538         (JSC::Wasm::LLIntTierUpCounter::optimizeSoon):
539         * wasm/WasmMemoryInformation.cpp:
540         (JSC::Wasm::PinnedRegisterInfo::get):
541         * wasm/WasmModule.cpp:
542         (JSC::Wasm::makeValidationResult):
543         (JSC::Wasm::makeValidationCallback):
544         (JSC::Wasm::Module::validateSync):
545         (JSC::Wasm::Module::validateAsync):
546         * wasm/WasmOMGForOSREntryPlan.cpp:
547         (JSC::Wasm::OMGForOSREntryPlan::OMGForOSREntryPlan):
548         (JSC::Wasm::OMGForOSREntryPlan::work):
549         * wasm/WasmOMGForOSREntryPlan.h:
550         * wasm/WasmOMGPlan.cpp:
551         (JSC::Wasm::OMGPlan::work):
552         * wasm/WasmSlowPaths.cpp: Added.
553         (JSC::LLInt::jitCompileAndSetHeuristics):
554         (JSC::LLInt::WASM_SLOW_PATH_DECL):
555         (JSC::LLInt::doWasmCall):
556         (JSC::LLInt::doWasmCallIndirect):
557         (JSC::LLInt::slow_path_wasm_throw_exception):
558         (JSC::LLInt::slow_path_wasm_popcount):
559         (JSC::LLInt::slow_path_wasm_popcountll):
560         * wasm/WasmSlowPaths.h: Added.
561         * wasm/WasmTable.cpp:
562         (JSC::Wasm::FuncRefTable::function const):
563         (JSC::Wasm::FuncRefTable::instance const):
564         * wasm/WasmTable.h:
565         * wasm/WasmTierUpCount.h:
566         * wasm/WasmValidate.cpp:
567         (JSC::Wasm::Validate::isControlTypeIf):
568         * wasm/js/JSToWasm.cpp:
569         (JSC::Wasm::createJSToWasmWrapper):
570         * wasm/js/JSToWasm.h:
571         * wasm/js/WebAssemblyFunction.cpp:
572         (JSC::WebAssemblyFunction::calleeSaves const):
573
574 2019-10-31  Yusuke Suzuki  <ysuzuki@apple.com>
575
576         [JSC] Make String#localeCompare faster by inlining JSGlobalObject::defaultCollator
577         https://bugs.webkit.org/show_bug.cgi?id=203696
578
579         Reviewed by Mark Lam.
580
581         We found that JSGlobalObject::defaultCollator is not inlined and it takes some time in JetStream2/cdjs.
582         We use LazyProperty mechanism here and make JSGlobalObject::defaultCollator function inlinable simple one.
583         This patch improves JetStream2/cdjs by 2%.
584
585         * runtime/IntlCollator.cpp:
586         (JSC::IntlCollator::initializeCollator):
587         * runtime/IntlObject.cpp:
588         (JSC::intlBooleanOption):
589         (JSC::intlStringOption):
590         (JSC::intlNumberOption):
591         * runtime/JSGlobalObject.cpp:
592         (JSC::JSGlobalObject::init):
593         (JSC::JSGlobalObject::visitChildren):
594         (JSC::JSGlobalObject::defaultCollator): Deleted.
595         * runtime/JSGlobalObject.h:
596         (JSC::JSGlobalObject::defaultCollator const):
597         * runtime/StringPrototype.cpp:
598         (JSC::stringProtoFuncLocaleCompare):
599
600 2019-10-31  Saam Barati  <sbarati@apple.com>
601
602         Don't use memmove/memcpy/memset for memory that can be scanned concurrently
603         https://bugs.webkit.org/show_bug.cgi?id=203228
604         <rdar://problem/56401852>
605
606         Reviewed by Robin Morisset.
607
608         We had code inside various places of the runtime which would call into system
609         memcpy/memmove/memset when updating a live butterfly. This means that the
610         concurrent collector could be scanning such butterflies while a memcpy/memmove/memset
611         was running. Those functions don't guarantee anything about the minimum
612         alignment of the stores they do. And implementations for them frequently have
613         byte copy loops for low byte copy counts. This lead to us seeing torn JSValues
614         inside the concurrent collector during Array.prototype.splice. This patch
615         introduces new functions for doing memcpy/memmove/memset for data structures
616         which may be concurrently scanned. The loops are written using inline assembly
617         for gcc compatible compilers on 64 bit platforms. The inline assembly
618         ensures we never write to memory using instructions that store fewer
619         than 8 bytes. On other platforms, we just use a volatile pointer to
620         ensure the compiler doesn't turn the loop into a function call or a
621         series of stores which may be smaller than 8 bytes.
622
623         * CMakeLists.txt:
624         * JavaScriptCore.xcodeproj/project.pbxproj:
625         * heap/GCMemoryOperations.h: Added.
626         (JSC::gcSafeMemcpy):
627         (JSC::gcSafeMemmove):
628         (JSC::gcSafeZeroMemory):
629         * heap/Heap.h:
630         * runtime/ArrayConventions.cpp:
631         (JSC::clearArrayMemset):
632         * runtime/ArrayPrototype.cpp:
633         (JSC::copyElements):
634         * runtime/ButterflyInlines.h:
635         (JSC::Butterfly::tryCreate):
636         (JSC::Butterfly::createOrGrowPropertyStorage):
637         (JSC::Butterfly::growArrayRight):
638         (JSC::Butterfly::reallocArrayRightIfPossible):
639         (JSC::Butterfly::resizeArray):
640         (JSC::Butterfly::unshift):
641         (JSC::Butterfly::shift):
642         * runtime/JSArray.cpp:
643         (JSC::JSArray::unshiftCountSlowCase):
644         (JSC::JSArray::appendMemcpy):
645         (JSC::JSArray::fastSlice):
646         (JSC::JSArray::shiftCountWithArrayStorage):
647         (JSC::JSArray::shiftCountWithAnyIndexingType):
648         (JSC::JSArray::unshiftCountWithArrayStorage):
649         * runtime/JSObject.cpp:
650         (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
651         (JSC::JSObject::convertFromCopyOnWrite):
652         (JSC::JSObject::shiftButterflyAfterFlattening):
653         * runtime/JSObject.h:
654         * runtime/RegExpMatchesArray.h:
655         (JSC::createRegExpMatchesArray):
656         * runtime/Structure.cpp:
657         (JSC::Structure::flattenDictionaryStructure):
658
659 2019-10-31  Devin Rousso  <drousso@apple.com>
660
661         Web Inspector: Debugger: make sure the blackbox config is removed before iterating all existing scripts
662         https://bugs.webkit.org/show_bug.cgi?id=203666
663
664         Reviewed by Matt Baker.
665
666         * inspector/agents/InspectorDebuggerAgent.h:
667         * inspector/agents/InspectorDebuggerAgent.cpp:
668         (Inspector::InspectorDebuggerAgent::setShouldBlackboxURL):
669
670 2019-10-31  Alex Christensen  <achristensen@webkit.org>
671
672         CMake build should make WebKit framework able to be used by Safari
673         https://bugs.webkit.org/show_bug.cgi?id=203685
674
675         Rubber-stamped by Tim Horton.
676
677         * PlatformMac.cmake:
678
679 2019-10-31  Yusuke Suzuki  <ysuzuki@apple.com>
680
681         [JSC] DateMath should have TimeClipped version
682         https://bugs.webkit.org/show_bug.cgi?id=203550
683
684         Reviewed by Saam Barati.
685
686         Removing `using namespace WTF;` in Date related files in JSC.
687
688         * runtime/DateConstructor.cpp:
689         * runtime/DateConversion.cpp:
690         (JSC::formatDateTime):
691         * runtime/DateInstance.cpp:
692         * runtime/DatePrototype.cpp:
693         * runtime/JSDateMath.cpp:
694         (JSC::localTimeOffset):
695         (JSC::timeToMS):
696         (JSC::gregorianDateTimeToMS):
697         (JSC::msToGregorianDateTime):
698         (JSC::parseDate):
699         (JSC::msToSeconds): Deleted.
700         (JSC::msToWeekDay): Deleted.
701
702 2019-10-30  Peng Liu  <peng.liu6@apple.com>
703
704         [Picture-in-Picture Web API] Enable the support for iOS
705         https://bugs.webkit.org/show_bug.cgi?id=202618
706
707         Reviewed by Jer Noble.
708
709         Enable the Picture-in-Picture API support for iOS (iPad only).
710
711         * Configurations/FeatureDefines.xcconfig:
712
713 2019-10-30  Yusuke Suzuki  <ysuzuki@apple.com>
714
715         [JSC] Date functions should have intrinsic
716         https://bugs.webkit.org/show_bug.cgi?id=202187
717
718         Reviewed by Keith Miller.
719
720         This patch adds intrinsic to Date object getter functions to make it inlined in DFG and FTL.
721         We add two DFG nodes, DateGetInt32OrNaN and DateGetTime. DateGetTime is used when we know
722         that the result is always machine double. On the other hand, DateGetInt32OrNaN is used when the result is Int32 or NaN.
723
724         Run SunSpider 100 times and get the solid improvement in Date related benchmarks.
725
726                                           ToT                     Patched
727
728             date-format-tofte        5.3511+-0.0260     ^      5.2747+-0.0273        ^ definitely 1.0145x faster
729             date-format-xparb        4.9196+-0.0265     ^      4.7067+-0.0200        ^ definitely 1.0452x faster
730
731         * bytecode/SpeculatedType.cpp:
732         (JSC::dumpSpeculation):
733         (JSC::speculationFromClassInfo):
734         (JSC::speculationFromJSType):
735         (JSC::speculationFromString):
736         * bytecode/SpeculatedType.h:
737         * dfg/DFGAbstractHeap.h:
738         * dfg/DFGAbstractInterpreterInlines.h:
739         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
740         * dfg/DFGByteCodeParser.cpp:
741         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
742         * dfg/DFGClobberize.h:
743         (JSC::DFG::clobberize):
744         * dfg/DFGDoesGC.cpp:
745         (JSC::DFG::doesGC):
746         * dfg/DFGFixupPhase.cpp:
747         (JSC::DFG::FixupPhase::fixupNode):
748         * dfg/DFGGraph.cpp:
749         (JSC::DFG::Graph::dump):
750         * dfg/DFGHeapLocation.cpp:
751         (WTF::printInternal):
752         * dfg/DFGHeapLocation.h:
753         * dfg/DFGNode.h:
754         (JSC::DFG::Node::hasIntrinsic):
755         (JSC::DFG::Node::intrinsic):
756         (JSC::DFG::Node::hasHeapPrediction):
757         * dfg/DFGNodeType.h:
758         * dfg/DFGOperations.cpp:
759         * dfg/DFGOperations.h:
760         * dfg/DFGPredictionPropagationPhase.cpp:
761         * dfg/DFGSafeToExecute.h:
762         (JSC::DFG::SafeToExecuteEdge::operator()):
763         (JSC::DFG::safeToExecute):
764         * dfg/DFGSpeculativeJIT.cpp:
765         (JSC::DFG::SpeculativeJIT::speculateDateObject):
766         (JSC::DFG::SpeculativeJIT::speculate):
767         * dfg/DFGSpeculativeJIT.h:
768         * dfg/DFGSpeculativeJIT32_64.cpp:
769         (JSC::DFG::SpeculativeJIT::compile):
770         * dfg/DFGSpeculativeJIT64.cpp:
771         (JSC::DFG::SpeculativeJIT::compile):
772         (JSC::DFG::SpeculativeJIT::compileDateGet):
773         * dfg/DFGUseKind.cpp:
774         (WTF::printInternal):
775         * dfg/DFGUseKind.h:
776         (JSC::DFG::typeFilterFor):
777         (JSC::DFG::isCell):
778         * ftl/FTLAbstractHeapRepository.cpp:
779         * ftl/FTLAbstractHeapRepository.h:
780         * ftl/FTLCapabilities.cpp:
781         (JSC::FTL::canCompile):
782         * ftl/FTLLowerDFGToB3.cpp:
783         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
784         (JSC::FTL::DFG::LowerDFGToB3::compileDateGet):
785         (JSC::FTL::DFG::LowerDFGToB3::lowDateObject):
786         (JSC::FTL::DFG::LowerDFGToB3::speculate):
787         (JSC::FTL::DFG::LowerDFGToB3::speculateDateObject):
788         * runtime/DateConversion.cpp:
789         (JSC::formatDateTime):
790         * runtime/DateInstance.cpp:
791         (JSC::DateInstance::calculateGregorianDateTime const):
792         (JSC::DateInstance::calculateGregorianDateTimeUTC const):
793         * runtime/DateInstance.h:
794         * runtime/DateInstanceCache.h:
795         (JSC::DateInstanceData::offsetOfGregorianDateTimeCachedForMS):
796         (JSC::DateInstanceData::offsetOfCachedGregorianDateTime):
797         (JSC::DateInstanceData::offsetOfGregorianDateTimeUTCCachedForMS):
798         (JSC::DateInstanceData::offsetOfCachedGregorianDateTimeUTC):
799         (JSC::DateInstanceData::DateInstanceData): Deleted.
800         * runtime/DatePrototype.cpp:
801         (JSC::formatLocaleDate):
802         (JSC::formateDateInstance):
803         (JSC::dateProtoFuncToISOString):
804         (JSC::dateProtoFuncGetFullYear):
805         (JSC::dateProtoFuncGetUTCFullYear):
806         (JSC::dateProtoFuncGetMonth):
807         (JSC::dateProtoFuncGetUTCMonth):
808         (JSC::dateProtoFuncGetDate):
809         (JSC::dateProtoFuncGetUTCDate):
810         (JSC::dateProtoFuncGetDay):
811         (JSC::dateProtoFuncGetUTCDay):
812         (JSC::dateProtoFuncGetHours):
813         (JSC::dateProtoFuncGetUTCHours):
814         (JSC::dateProtoFuncGetMinutes):
815         (JSC::dateProtoFuncGetUTCMinutes):
816         (JSC::dateProtoFuncGetSeconds):
817         (JSC::dateProtoFuncGetUTCSeconds):
818         (JSC::dateProtoFuncGetMilliSeconds):
819         (JSC::dateProtoFuncGetUTCMilliseconds):
820         (JSC::dateProtoFuncGetTimezoneOffset):
821         (JSC::setNewValueFromTimeArgs):
822         (JSC::setNewValueFromDateArgs):
823         (JSC::dateProtoFuncSetYear):
824         (JSC::dateProtoFuncGetYear):
825         * runtime/Intrinsic.cpp:
826         (JSC::intrinsicName):
827         * runtime/Intrinsic.h:
828         * runtime/JSDateMath.cpp:
829         (JSC::msToGregorianDateTime):
830         * runtime/JSType.cpp:
831         (WTF::printInternal):
832         * runtime/JSType.h:
833
834 2019-10-30  Ross Kirsling  <ross.kirsling@sony.com>
835
836         Intl.DateTimeFormat returns resolvedOptions in the wrong order
837         https://bugs.webkit.org/show_bug.cgi?id=203297
838
839         Reviewed by Yusuke Suzuki.
840
841         See table here:
842         https://tc39.es/ecma402/#table-datetimeformat-resolvedoptions-properties
843
844         * runtime/IntlDateTimeFormat.cpp:
845         (JSC::IntlDateTimeFormat::resolvedOptions):
846
847 2019-10-30  Tadeu Zagallo  <tzagallo@apple.com>
848
849         tryCachePutToScopeGlobal should hold the lock to update metadata.m_getPutInfo
850         https://bugs.webkit.org/show_bug.cgi?id=203628
851         <rdar://problem/56705353>
852
853         Reviewed by Yusuke Suzuki.
854
855         We hold the lock to update m_watchpointSet and m_operand, but at that point we have already
856         updated m_getPutInfo. This can lead to inconsistent state observable from the compiler thread
857         where the getPutInfo does not match the watchpointSet.
858
859         * runtime/CommonSlowPaths.h:
860         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
861
862 2019-10-07  Jer Noble  <jer.noble@apple.com>
863
864         Implement the Remote Playback API.
865         https://bugs.webkit.org/show_bug.cgi?id=162971
866
867         Reviewed by Youenn Fablet.
868
869         Add RemotePlayback as a common identifier, needed for bindings due to "EnabledAtRuntime=RemotePlayback".
870
871         * runtime/CommonIdentifiers.h:
872
873 2019-10-29  Yusuke Suzuki  <ysuzuki@apple.com>
874
875         [JSC] Add fast path for String#localeCompare
876         https://bugs.webkit.org/show_bug.cgi?id=202676
877
878         Reviewed by Mark Lam.
879
880         When String#localeCompare is invoked, we are setting up UCharIterator to iterate code points.
881         But this is too slow since its implementation is invoking function pointer for each code point
882         to get next code point. Strings have many code points typically. Invoking function pointer so many times
883         takes too much time just for locale-aware comparison.
884
885         This patch revises the implementation by adding 2 fast path and 1 slow path. The slow path requires extra memory,
886         but it is soon released (not GC-managed).
887
888         1. If both strings are ASCII (not Latin1), we use ucol_strcollUTF8.
889         2. If both strings are 16-bit, we use ucol_strcoll.
890         3. Otherwise, we convert strings to 16-bit strings, and then we use ucol_strcoll.
891
892         JetStream2/cdjs is improved from 56 to 85 on iMac Pro (50%).
893
894         * runtime/IntlCollator.cpp:
895         (JSC::IntlCollator::compareStrings):
896         * tools/JSDollarVM.cpp:
897         (JSC::functionMake16BitStringIfPossible):
898         (JSC::JSDollarVM::finishCreation):
899
900 2019-10-28  Yusuke Suzuki  <ysuzuki@apple.com>
901
902         [JSC] Remove JSPromiseDeferred
903         https://bugs.webkit.org/show_bug.cgi?id=203400
904
905         Reviewed by Keith Miller.
906
907         This patch optimizes the existing Promise usage in C++. We remove JSPromiseDeferred and JSInternalPromiseDeferred, use JSPromise and JSInternalPromise directly.
908         JSC now offers first `resolve` and `reject` operations to `JSPromise` without separating `resolve` and `reject` function from `JSPromise`. Then, we do not need
909         to have a tuple of these functions and promise, and we can just use `JSPromise::resolve` and `JSPromise::reject`. This removes unnecessary function allocations
910         and cell allocation for JSPromiseDeferred and makes API simple.
911
912         * API/JSAPIGlobalObject.mm:
913         (JSC::JSAPIGlobalObject::moduleLoaderImportModule):
914         (JSC::JSAPIGlobalObject::moduleLoaderFetch):
915         (JSC::JSAPIGlobalObject::loadAndEvaluateJSScriptModule):
916         * API/JSObjectRef.cpp:
917         (JSObjectMakeDeferredPromise):
918         * CMakeLists.txt:
919         * JavaScriptCore.xcodeproj/project.pbxproj:
920         * Sources.txt:
921         * jsc.cpp:
922         (GlobalObject::moduleLoaderImportModule):
923         (GlobalObject::moduleLoaderFetch):
924         (runJSC):
925         * runtime/Completion.cpp:
926         (JSC::rejectPromise):
927         * runtime/JSGlobalObject.cpp:
928         (JSC::JSGlobalObject::init):
929         (JSC::JSGlobalObject::visitChildren):
930         * runtime/JSGlobalObject.h:
931         (JSC::JSGlobalObject::newPromiseCapabilityFunction const):
932         (JSC::JSGlobalObject::resolvePromiseFunction const):
933         (JSC::JSGlobalObject::rejectPromiseFunction const):
934         (JSC::JSGlobalObject::numberProtoToStringFunction const):
935         * runtime/JSGlobalObjectFunctions.cpp:
936         (JSC::globalFuncImportModule):
937         * runtime/JSInternalPromise.h:
938         * runtime/JSInternalPromiseDeferred.cpp: Removed.
939         * runtime/JSInternalPromiseDeferred.h: Removed.
940         * runtime/JSModuleLoader.cpp:
941         (JSC::JSModuleLoader::importModule):
942         (JSC::JSModuleLoader::resolve):
943         (JSC::JSModuleLoader::fetch):
944         (JSC::moduleLoaderParseModule):
945         * runtime/JSPromise.cpp:
946         (JSC::JSPromise::flags const):
947         (JSC::JSPromise::isHandled const):
948         (JSC::JSPromise::createDeferredData):
949         (JSC::JSPromise::resolvedPromise):
950         (JSC::callFunction):
951         (JSC::JSPromise::resolve):
952         (JSC::JSPromise::reject):
953         * runtime/JSPromise.h:
954         * runtime/JSPromiseDeferred.cpp: Removed.
955         * runtime/JSPromiseDeferred.h: Removed.
956         * runtime/PromiseTimer.cpp: Renamed from Source/JavaScriptCore/runtime/PromiseDeferredTimer.cpp.
957         (JSC::PromiseTimer::PromiseTimer):
958         (JSC::PromiseTimer::doWork):
959         (JSC::PromiseTimer::runRunLoop):
960         (JSC::PromiseTimer::addPendingPromise):
961         (JSC::PromiseTimer::hasPendingPromise):
962         (JSC::PromiseTimer::hasDependancyInPendingPromise):
963         (JSC::PromiseTimer::cancelPendingPromise):
964         (JSC::PromiseTimer::scheduleWorkSoon):
965         * runtime/PromiseTimer.h: Renamed from Source/JavaScriptCore/runtime/PromiseDeferredTimer.h.
966         (JSC::PromiseTimer::create):
967         * runtime/StringRecursionChecker.h:
968         * runtime/VM.cpp:
969         (JSC::VM::VM):
970         (JSC::VM::~VM):
971         * runtime/VM.h:
972         * wasm/js/JSWebAssembly.cpp:
973         (JSC::reject):
974         (JSC::webAssemblyModuleValidateAsyncInternal):
975         (JSC::webAssemblyCompileFunc):
976         (JSC::resolve):
977         (JSC::JSWebAssembly::webAssemblyModuleValidateAsync):
978         (JSC::instantiate):
979         (JSC::compileAndInstantiate):
980         (JSC::JSWebAssembly::instantiate):
981         (JSC::webAssemblyModuleInstantinateAsyncInternal):
982         (JSC::JSWebAssembly::webAssemblyModuleInstantinateAsync):
983         (JSC::webAssemblyInstantiateFunc):
984         (JSC::webAssemblyCompileStreamingInternal):
985         (JSC::webAssemblyInstantiateStreamingInternal):
986         * wasm/js/JSWebAssembly.h:
987         * wasm/js/JSWebAssemblyCodeBlock.h:
988
989 2019-10-28  Adrian Perez de Castro  <aperez@igalia.com>
990
991         [GTK][WPE] Fix various non-unified build issues introduced since r251436
992         https://bugs.webkit.org/show_bug.cgi?id=203492
993
994         Reviewed by Alex Christensen and Mark Lam.
995
996         * bytecode/BytecodeIndex.cpp: Add missing inclusion of wtf/PrintStream.h
997         * bytecode/ICStatusUtils.h: Add missing inclusion if BytecodeIndex.h
998         * bytecode/InstructionStream.h: Ditto.
999         * debugger/DebuggerLocation.cpp: Add missing inclusion of JSCellInlines.h
1000         * dfg/DFGLazyJSValue.h: Add missing inclusion of GPRInfo.h
1001         * ftl/FTLOSREntry.h: Add missing inclusion of BytecodeIndex.h
1002         * heap/CompleteSubspaceInlines.h: Add missing inclusions of CompleteSubspace.h and VM.h
1003         * inspector/JavaScriptCallFrame.h:
1004         (Inspector::JavaScriptCallFrame::thisValue const): Prepend namespace to the JSC::VM type.
1005         * jit/JITDisassembler.h: Add missing inclusion of BytecodeIndex.h
1006         * jit/JITWorklist.h: Ditto.
1007         * runtime/JSImmutableButterfly.cpp: Add missing inclusion of ButterflyInlines.h
1008         * runtime/ObjectInitializationScope.h: Add missing inclusion of VM.h
1009         * runtime/StringRecursionChecker.h: Add missing inclusion of GetVM.h
1010         * runtime/VMTraps.cpp: Add missing inclusion of CallFrameInlines.h
1011         * tools/Integrity.cpp: Add missing inclusion of Integrity.h, HeapCellInlines.h, and
1012         JSCellInlines.h
1013         * wasm/WasmOperations.cpp: Add missing inclusion of JSCJSValueInlines.h and
1014         JSGlobalObjectInlines.h
1015         * wasm/WasmOperations.h: Add missing inclusion of IndexingType.h, JSCJSValue.h, and
1016         WasmExceptionType.h; add forward declarations for JSArrray and Wasm::Signature.
1017         * wasm/js/JSWebAssembly.cpp: Add missing inclusion of WasmOperations.h
1018         * wasm/js/JSWebAssemblyHelpers.h: Add missing inclusion of Error.h and JSArrayBufferView.h
1019
1020 2019-10-28  Ross Kirsling  <ross.kirsling@sony.com>
1021
1022         [JSC] Lexer flags should be an OptionSet
1023         https://bugs.webkit.org/show_bug.cgi?id=203032
1024
1025         Reviewed by Yusuke Suzuki.
1026
1027         LexerFlags has an annoyingly misspelled value LexexFlagsDontBuildKeywords;
1028         let's use this as an opportunity to modernize this enum.
1029
1030         * parser/ASTBuilder.h:
1031         * parser/Lexer.cpp:
1032         (JSC::Lexer<LChar>::parseIdentifier):
1033         (JSC::Lexer<UChar>::parseIdentifier):
1034         (JSC::Lexer<CharacterType>::parseIdentifierSlowCase):
1035         (JSC::Lexer<T>::lexWithoutClearingLineTerminator):
1036         * parser/Lexer.h:
1037         (JSC::Lexer<T>::lexExpectIdentifier):
1038         (JSC::Lexer<T>::lex):
1039         * parser/Parser.cpp:
1040         (JSC::Parser<LexerType>::parseProperty):
1041         (JSC::Parser<LexerType>::parseMemberExpression):
1042         * parser/Parser.h:
1043         (JSC::Parser::next):
1044         (JSC::Parser::nextWithoutClearingLineTerminator):
1045         (JSC::Parser::nextExpectIdentifier):
1046         (JSC::Parser::consume):
1047         * parser/SyntaxChecker.h:
1048
1049 2019-10-28  Yusuke Suzuki  <ysuzuki@apple.com>
1050
1051         [JSC] Optimize Promise runtime functions
1052         https://bugs.webkit.org/show_bug.cgi?id=203454
1053
1054         Reviewed by Keith Miller.
1055
1056         This patch optimizes Promise runtime functions a bit.
1057
1058         1. Add fast paths to Promise.resolve / Promise.reject.
1059         2. Remove state check in async-functions. Unlike generators, async-function's next function is not exposed to users.
1060            It is called by runtime so we can control state perfectly.
1061         3. Add "enqueueJob" name to make sampling profiler work for this function.
1062         4. Make Promise/InternalPromise constructor inlinable size
1063
1064                                               ToT                     Patched
1065
1066             promise-creation-many       25.5794+-0.3681     ^     22.5410+-0.3229        ^ definitely 1.1348x faster
1067             promise-resolve             32.3793+-0.4252     ^      9.4219+-0.1114        ^ definitely 3.4366x faster
1068             promise-reject             108.5968+-0.7741     ^     36.9383+-0.3770        ^ definitely 2.9400x faster
1069
1070         * builtins/AsyncFunctionPrototype.js:
1071         (globalPrivate.asyncFunctionResume):
1072         * builtins/PromiseConstructor.js:
1073         (reject):
1074         (resolve):
1075         (nakedConstructor.Promise.reject):
1076         (nakedConstructor.Promise):
1077         (nakedConstructor.InternalPromise.reject):
1078         (nakedConstructor.InternalPromise):
1079         (nakedConstructor.Promise.resolve): Deleted.
1080         (nakedConstructor.InternalPromise.resolve): Deleted.
1081         * builtins/PromiseOperations.js:
1082         (globalPrivate.newPromiseCapability.resolve):
1083         (globalPrivate.newPromiseCapability.reject):
1084         (globalPrivate.newPromiseCapability):
1085         (globalPrivate.promiseResolveSlow):
1086         (globalPrivate.promiseRejectSlow):
1087         * runtime/JSGlobalObject.cpp:
1088         (JSC::JSGlobalObject::init):
1089
1090 2019-10-28  Yusuke Suzuki  <ysuzuki@apple.com>
1091
1092         [JSC] Use FTLOutput::callWithoutSideEffects if operation does not have side effects
1093         https://bugs.webkit.org/show_bug.cgi?id=203485
1094
1095         Reviewed by Mark Lam.
1096
1097         This makes Call's Effect none, and encourages optimizations around it.
1098
1099         * ftl/FTLLowerDFGToB3.cpp:
1100         (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
1101         (JSC::FTL::DFG::LowerDFGToB3::sensibleDoubleToInt32):
1102         (JSC::FTL::DFG::LowerDFGToB3::jsValueToStrictInt52):
1103
1104 2019-10-28  Tuomas Karkkainen  <tuomas.webkit@apple.com>
1105
1106         dumpSpeculation in SpeculatedType.cpp prints to the wrong stream and has wrong capitalization for NaN
1107         https://bugs.webkit.org/show_bug.cgi?id=203486
1108
1109         Reviewed by Antti Koivisto.
1110
1111         * bytecode/SpeculatedType.cpp:
1112         (JSC::dumpSpeculation):
1113
1114 2019-10-28  Fujii Hironori  <Hironori.Fujii@sony.com>
1115
1116         [Windows][Clang] error LNK2001: unresolved external symbol "void * __cdecl JSC::allocateCell<class JSC::JSGenericTypedArrayView<struct JSC::Float32Adaptor> >(class JSC::Heap &,unsigned __int64)"
1117         https://bugs.webkit.org/show_bug.cgi?id=203483
1118
1119         Unreviewed build fix for clang-cl builds.
1120
1121         * runtime/JSGenericTypedArrayViewInlines.h: Added #include "JSCellInlines.h".
1122
1123 2019-10-26  Chris Lord  <clord@igalia.com>
1124
1125         Put OffscreenCanvas behind a build flag
1126         https://bugs.webkit.org/show_bug.cgi?id=203146
1127
1128         Reviewed by Ryosuke Niwa.
1129
1130         * Configurations/FeatureDefines.xcconfig:
1131
1132 2019-10-25  Yury Semikhatsky  <yurys@chromium.org>
1133
1134         Web Inspector: support emulateUserGesture parameter in Runtime.callFunctionOn
1135         https://bugs.webkit.org/show_bug.cgi?id=200262
1136
1137         Reviewed by Devin Rousso.
1138
1139         * inspector/agents/InspectorRuntimeAgent.cpp:
1140         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1141         * inspector/agents/InspectorRuntimeAgent.h:
1142         * inspector/protocol/Runtime.json:
1143
1144 2019-10-24  Mark Lam  <mark.lam@apple.com>
1145
1146         Move JSC::Register inline methods into RegisterInlines.h.
1147         https://bugs.webkit.org/show_bug.cgi?id=203391
1148
1149         Reviewed by Yusuke Suzuki and Keith Miller.
1150
1151         We're doing this because:
1152         1. RegisterInlines.h is the canonical place to put inline Register methods.
1153         2. It helps reduce build time.
1154            e.g. build-jsc went from 208.02 to 196.81 seconds (about a 5% reduction).
1155         3. This enables experimental work to box JSCells in JSValue.
1156
1157         This patch also handles the fallout of this change, which necessitates more
1158         inline methods being moved from <file>.h to their respective <file>Inlines.h.
1159
1160         JSArray.h used to include ButterflyInlines.h and JSCellInlines.h.  This is a
1161         violation of inclusion ordering (.h should not #include Inlines.h).  This
1162         violation has been removed.
1163
1164         * API/JSAPIGlobalObject.mm:
1165         * CMakeLists.txt:
1166         * JavaScriptCore.xcodeproj/project.pbxproj:
1167         * bytecode/CodeBlock.h:
1168         (JSC::CallFrame::r): Deleted.
1169         (JSC::CallFrame::uncheckedR): Deleted.
1170         * bytecode/MetadataTable.cpp:
1171         * ftl/FTLLowerDFGToB3.cpp:
1172         * interpreter/CallFrame.h:
1173         (JSC::CallFrame::guaranteedJSValueCallee const): Deleted.
1174         (JSC::CallFrame::jsCallee const): Deleted.
1175         (JSC::CallFrame::codeBlock const): Deleted.
1176         (JSC::CallFrame::unsafeCodeBlock const): Deleted.
1177         (JSC::CallFrame::scope const): Deleted.
1178         (JSC::CallFrame::topOfFrame): Deleted.
1179         (JSC::CallFrame::setScope): Deleted.
1180         (JSC::CallFrame::setCallee): Deleted.
1181         (JSC::CallFrame::setCodeBlock): Deleted.
1182         * interpreter/CallFrameInlines.h:
1183         (JSC::CallFrame::r):
1184         (JSC::CallFrame::uncheckedR):
1185         (JSC::CallFrame::guaranteedJSValueCallee const):
1186         (JSC::CallFrame::jsCallee const):
1187         (JSC::CallFrame::codeBlock const):
1188         (JSC::CallFrame::unsafeCodeBlock const):
1189         (JSC::CallFrame::lexicalGlobalObject const):
1190         (JSC::CallFrame::setCallee):
1191         (JSC::CallFrame::setCodeBlock):
1192         (JSC::CallFrame::setScope):
1193         (JSC::CallFrame::scope const):
1194         (JSC::CallFrame::topOfFrame):
1195         * interpreter/Interpreter.cpp:
1196         * interpreter/ProtoCallFrame.h:
1197         (JSC::ProtoCallFrame::init): Deleted.
1198         * interpreter/ProtoCallFrameInlines.h: Added.
1199         (JSC::ProtoCallFrame::init):
1200         (JSC::ProtoCallFrame::callee const):
1201         (JSC::ProtoCallFrame::setCallee):
1202         (JSC::ProtoCallFrame::codeBlock const):
1203         (JSC::ProtoCallFrame::setCodeBlock):
1204         * interpreter/Register.h:
1205         (JSC::Register::callFrame const): Deleted.
1206         (JSC::Register::codeBlock const): Deleted.
1207         (JSC::Register::asanUnsafeCodeBlock const): Deleted.
1208         * interpreter/RegisterInlines.h: Added.
1209         (JSC::Register::callFrame const):
1210         (JSC::Register::codeBlock const):
1211         (JSC::Register::asanUnsafeCodeBlock const):
1212         (JSC::Register::object const):
1213         (JSC::Register::operator=):
1214         (JSC::Register::scope const):
1215         * interpreter/StackVisitor.cpp:
1216         * jit/AssemblyHelpers.h:
1217         * llint/LLIntSlowPaths.cpp:
1218         * runtime/ArrayStorage.h:
1219         (JSC::ArrayStorage::optimalVectorLength): Deleted.
1220         * runtime/ArrayStorageInlines.h: Added.
1221         (JSC::ArrayStorage::availableVectorLength):
1222         (JSC::ArrayStorage::optimalVectorLength):
1223         (JSC::ArrayStorage::totalSize const):
1224         * runtime/ButterflyInlines.h:
1225         * runtime/ClassInfo.h:
1226         * runtime/GetVM.h: Added.
1227         * runtime/JSArray.h:
1228         * runtime/JSArrayInlines.h:
1229         * runtime/JSCellInlines.h:
1230         * runtime/JSGlobalObject.h:
1231         * runtime/JSObject.h:
1232         (JSC::Register::object const): Deleted.
1233         (JSC::Register::operator=): Deleted.
1234         * runtime/JSObjectInlines.h:
1235         * runtime/JSScope.h:
1236         (JSC::Register::operator=): Deleted.
1237         (JSC::Register::scope const): Deleted.
1238         (JSC::CallFrame::lexicalGlobalObject const): Deleted.
1239         * runtime/JSString.h:
1240         * runtime/PropertyNameArray.h:
1241         * runtime/PropertySlot.h:
1242         * runtime/VMInlines.h:
1243         * tools/HeapVerifier.cpp:
1244         * wasm/js/WebAssemblyFunction.cpp:
1245
1246 2019-10-24  Zan Dobersek  <zdobersek@igalia.com>
1247
1248         REGRESSION(r251468): Build, test failures in 32-bit JSC after BytecodeIndex refactoring
1249         https://bugs.webkit.org/show_bug.cgi?id=203290
1250
1251         Reviewed by Keith Miller.
1252
1253         * bytecode/BytecodeIndex.h:
1254         (JSC::BytecodeIndex::BytecodeIndex):
1255         Add a BytecodeIndex(WTF::HashTableDeletedValueType) constructor.
1256         * bytecode/CodeOrigin.h:
1257         (JSC::CodeOrigin::CodeOrigin):
1258         Have the CodeOrigin(WTF::HashTableDeletedValueType) constructor
1259         initialize the BytecodeIndex object accordingly, as a deleted value.
1260         (JSC::CodeOrigin::isHashTableDeletedValue const):
1261         Test BytecodeIndex object's deleted-value condition through the
1262         corresponding BytecodeIndex::isHashTableDeletedValue() method.
1263         * profiler/ProfilerOrigin.h:
1264         (JSC::Profiler::Origin::Origin):
1265         Simplify the m_bytecodeIndex member initialization for a deleted value.
1266         (JSC::Profiler::Origin::operator! const):
1267         Fix the negation operator, returning true if the m_bytecodeIndex is
1268         either empty or deleted.
1269
1270 2019-10-24  Sihui Liu  <sihui_liu@apple.com>
1271
1272         [ Mac WK1 ] REGRESSION (r251261): Layout Test inspector/console/webcore-logging.html is consistently Failing
1273         https://bugs.webkit.org/show_bug.cgi?id=203173
1274         <rdar://problem/56424721>
1275
1276         Hold a strong reference to JSGlobalOjbect in ConsoleMessage so that object is not garbage collected before
1277         WebConsoleAgent::frameWindowDiscarded.
1278
1279         Covered by existing test: inspector/console/webcore-logging.html.
1280
1281         Reviewed by Geoffrey Garen.
1282
1283         * inspector/ConsoleMessage.cpp:
1284         (Inspector::ConsoleMessage::ConsoleMessage):
1285         (Inspector::ConsoleMessage::clear):
1286         * inspector/ConsoleMessage.h:
1287
1288 2019-10-24  Yusuke Suzuki  <ysuzuki@apple.com>
1289
1290         [JSC] Properly organize wasm operations
1291         https://bugs.webkit.org/show_bug.cgi?id=203360
1292
1293         Reviewed by Keith Miller.
1294
1295         This patch cleans up operation functions called from Wasm.
1296
1297         1. Properly name these operations with prefix "operation".
1298         2. Do not use lambda. Define function with JIT_OPERATION.
1299         3. Consolidate them in WasmOperations.cpp.
1300
1301         * wasm/WasmAirIRGenerator.cpp:
1302         (JSC::Wasm::AirIRGenerator::addRefFunc):
1303         (JSC::Wasm::AirIRGenerator::addTableGet):
1304         (JSC::Wasm::AirIRGenerator::addTableSet):
1305         (JSC::Wasm::AirIRGenerator::addTableSize):
1306         (JSC::Wasm::AirIRGenerator::addTableGrow):
1307         (JSC::Wasm::AirIRGenerator::addTableFill):
1308         (JSC::Wasm::AirIRGenerator::addGrowMemory):
1309         (JSC::Wasm::AirIRGenerator::emitWriteBarrierForJSWrapper):
1310         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Popcnt>):
1311         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Popcnt>):
1312         * wasm/WasmB3IRGenerator.cpp:
1313         (JSC::Wasm::B3IRGenerator::addTableGet):
1314         (JSC::Wasm::B3IRGenerator::addTableSet):
1315         (JSC::Wasm::B3IRGenerator::addRefFunc):
1316         (JSC::Wasm::B3IRGenerator::addTableSize):
1317         (JSC::Wasm::B3IRGenerator::addTableGrow):
1318         (JSC::Wasm::B3IRGenerator::addTableFill):
1319         (JSC::Wasm::B3IRGenerator::addGrowMemory):
1320         (JSC::Wasm::B3IRGenerator::emitWriteBarrierForJSWrapper):
1321         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Popcnt>):
1322         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Popcnt>):
1323         * wasm/WasmInstance.cpp:
1324         (JSC::Wasm::getWasmTableElement): Deleted.
1325         (JSC::Wasm::setWasmTableElement): Deleted.
1326         (JSC::Wasm::doWasmTableGrow): Deleted.
1327         (JSC::Wasm::doWasmTableFill): Deleted.
1328         (JSC::Wasm::doWasmRefFunc): Deleted.
1329         * wasm/WasmInstance.h:
1330         * wasm/WasmOperations.cpp:
1331         (JSC::Wasm::operationWasmUnwind):
1332         (JSC::Wasm::operationConvertToF64):
1333         (JSC::Wasm::operationConvertToI32):
1334         (JSC::Wasm::operationConvertToF32):
1335         (JSC::Wasm::operationIterateResults):
1336         (JSC::Wasm::operationAllocateResultsArray):
1337         (JSC::Wasm::operationWasmWriteBarrierSlowPath):
1338         (JSC::Wasm::operationPopcount32):
1339         (JSC::Wasm::operationPopcount64):
1340         (JSC::Wasm::operationGrowMemory):
1341         (JSC::Wasm::operationGetWasmTableElement):
1342         (JSC::Wasm::setWasmTableElement):
1343         (JSC::Wasm::operationSetWasmTableElement):
1344         (JSC::Wasm::operationWasmTableGrow):
1345         (JSC::Wasm::operationWasmTableFill):
1346         (JSC::Wasm::operationWasmRefFunc):
1347         (JSC::Wasm::operationGetWasmTableSize):
1348         (JSC::Wasm::operationWasmToJSException):
1349         * wasm/WasmOperations.h:
1350         * wasm/js/JSToWasm.cpp:
1351         (JSC::Wasm::marshallJSResult):
1352         (JSC::Wasm::allocateResultsArray): Deleted.
1353         * wasm/js/WasmToJS.cpp:
1354         (JSC::Wasm::wasmToJS):
1355         (JSC::Wasm::operationWasmToJSException): Deleted.
1356         * wasm/js/WasmToJS.h:
1357         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1358
1359 2019-10-24  Yusuke Suzuki  <ysuzuki@apple.com>
1360
1361         [JSC] Remove LLInt's Callee size assumption
1362         https://bugs.webkit.org/show_bug.cgi?id=203282
1363
1364         Reviewed by Mark Lam.
1365
1366         LLInt code still assumes that Callee is always allocated in non-LargeAllocation.
1367         This patch removes this assumption by following three changes.
1368
1369         1. If we can get CodeBlock, we get VM& from CodeBlock.
1370         2. In nativeCallTrampoline and internalFunctionCallTrampoline, we get VM& from JSGlobalObject. It involves one more pointer-chasing but it is OK
1371            since this JSGlobalObject's VM* field will be touched in called native functions anyway. And this code is only used when we are not using JIT.
1372         3. In exception handling code in LLInt, we get VM& from callee by checking LargeAllocation possibility. This is OK since it is only executed when
1373            exception unwinding happens, and which is an expensive operation anyway.
1374
1375         * heap/LargeAllocation.h:
1376         (JSC::LargeAllocation::headerSize):
1377         * heap/WeakSet.h:
1378         (JSC::WeakSet::WeakSet):
1379         (JSC::WeakSet::vm const):
1380         * llint/LowLevelInterpreter.asm:
1381         * llint/LowLevelInterpreter32_64.asm:
1382         * llint/LowLevelInterpreter64.asm:
1383         * runtime/JSGlobalObject.cpp:
1384         (JSC::JSGlobalObject::JSGlobalObject):
1385         (JSC::JSGlobalObject::init):
1386         * runtime/JSGlobalObject.h:
1387         (JSC::JSGlobalObject::vm const):
1388         (JSC::JSGlobalObject::defaultCodeGenerationMode const):
1389         * runtime/VM.h:
1390         (JSC::WeakSet::heap const):
1391
1392 2019-10-24  Zan Dobersek  <zdobersek@igalia.com>
1393
1394         [JSC] Get 32-bit ports back into building order
1395         https://bugs.webkit.org/show_bug.cgi?id=203358
1396
1397         Reviewed by Carlos Garcia Campos.
1398
1399         Get JSC building again on 32-bit architectures after changes in r251468.
1400         Some 32-bit code in LLint and JIT is brought back, and additional casts
1401         around BytecodeIndex construction are added as necessary.
1402
1403         * dfg/DFGOSRExit.cpp:
1404         (JSC::DFG::reifyInlinedCallFrames):
1405         * dfg/DFGOSRExitCompilerCommon.cpp:
1406         (JSC::DFG::reifyInlinedCallFrames):
1407         * interpreter/CallFrame.cpp:
1408         (JSC::CallFrame::setCurrentVPC):
1409         * jit/JITCall32_64.cpp:
1410         (JSC::JIT::compileCallEvalSlowCase):
1411         (JSC::JIT::compileOpCall):
1412         * jit/JITInlines.h:
1413         (JSC::JIT::updateTopCallFrame):
1414         * jit/JITOpcodes32_64.cpp:
1415         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1416         * jit/JITPropertyAccess32_64.cpp:
1417         (JSC::JIT::emit_op_get_by_val):
1418         (JSC::JIT::emitGetByValWithCachedId):
1419         (JSC::JIT::emit_op_put_by_val):
1420         (JSC::JIT::emitPutByValWithCachedId):
1421         (JSC::JIT::emit_op_try_get_by_id):
1422         (JSC::JIT::emit_op_get_by_id_direct):
1423         (JSC::JIT::emit_op_get_by_id):
1424         (JSC::JIT::emit_op_get_by_id_with_this):
1425         (JSC::JIT::emit_op_put_by_id):
1426         (JSC::JIT::emit_op_in_by_id):
1427         * llint/LLIntSlowPaths.cpp:
1428         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1429
1430 2019-10-24  Paulo Matos  <pmatos@igalia.com>
1431
1432         Disable pichdr generation on MIPS for return location labels
1433         https://bugs.webkit.org/show_bug.cgi?id=203040
1434
1435         Reviewed by Yusuke Suzuki.
1436
1437         Disable generation of pichdr for return location labels generated in
1438         defineOSRExitReturnLabel. Since r250806 (Allow OSR exit to the LLInt),
1439         MIPS was segfaulting since the pichdr after an OSR exit was corruption
1440         the gp register.
1441
1442         * offlineasm/mips.rb:
1443
1444 2019-10-23  Devin Rousso  <drousso@apple.com>
1445
1446         Web Inspector: provide a way to inject "bootstrap" JavaScript into the page as the first script executed
1447         https://bugs.webkit.org/show_bug.cgi?id=195847
1448         <rdar://problem/48950551>
1449
1450         Reviewed by Joseph Pecoraro.
1451
1452         When debugging webpages, it's often useful to be able to swizzle various functions in order
1453         to add extra logs for when they're called (e.g. `Event.prototype.preventDefault`). Sometimes
1454         this can be difficult, such as if the page saves a copy of the function and references that
1455         instead, in which case it would be helpful to have a way to guarantee that the swizzled code
1456         is the first thing evaluated after the context is created.
1457
1458         This change adds support for that concept, which has been named Inspector Bootstrap Script.
1459         Once created, it will be injected as the first user script to every new global object that
1460         is created afterwards. Modifications to the Inspector Bootstrap Script take effect for all
1461         new global objects created _after_ the modification happened.
1462
1463         * inspector/protocol/Page.json:
1464         Add `setBoostrapScript` command.
1465
1466 2019-10-23  Yusuke Suzuki  <ysuzuki@apple.com>
1467
1468         [JSC] Remove wasmAwareLexicalGlobalObject
1469         https://bugs.webkit.org/show_bug.cgi?id=203351
1470
1471         Reviewed by Mark Lam.
1472
1473         CallFrame::lexicalGlobalObject() is no longer called frequently. We can just make the current wasmAwareLexicalGlobalObject as CallFrame::lexicalGlobalObject,
1474         and remove wasmAwareLexicalGlobalObject function.
1475
1476         * debugger/Debugger.cpp:
1477         (JSC::Debugger::hasBreakpoint):
1478         (JSC::Debugger::breakProgram):
1479         (JSC::lexicalGlobalObjectForCallFrame):
1480         * debugger/DebuggerCallFrame.cpp:
1481         (JSC::DebuggerCallFrame::deprecatedVMEntryGlobalObject const):
1482         (JSC::DebuggerCallFrame::scope):
1483         (JSC::DebuggerCallFrame::thisValue const):
1484         (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
1485         * debugger/DebuggerCallFrame.h:
1486         * inspector/JSJavaScriptCallFrame.cpp:
1487         (Inspector::JSJavaScriptCallFrame::thisObject const):
1488         * inspector/JavaScriptCallFrame.h:
1489         (Inspector::JavaScriptCallFrame::thisValue const):
1490         * interpreter/CallFrame.cpp:
1491         (JSC::CallFrame::lexicalGlobalObjectFromWasmCallee const):
1492         (JSC::CallFrame::wasmAwareLexicalGlobalObject): Deleted.
1493         * interpreter/CallFrame.h:
1494         * interpreter/Interpreter.cpp:
1495         (JSC::notifyDebuggerOfUnwinding):
1496         (JSC::Interpreter::debug):
1497         * interpreter/StackVisitor.cpp:
1498         (JSC::StackVisitor::Frame::createArguments):
1499         * interpreter/StackVisitor.h:
1500         * llint/LLIntSlowPaths.cpp:
1501         (JSC::LLInt::llint_throw_stack_overflow_error):
1502         * runtime/JSFunction.cpp:
1503         (JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
1504         (JSC::RetrieveArgumentsFunctor::operator() const):
1505         (JSC::retrieveArguments):
1506         * runtime/JSScope.h:
1507         (JSC::CallFrame::lexicalGlobalObject const):
1508         * runtime/RegExpInlines.h:
1509         (JSC::RegExp::matchInline):
1510         * wasm/js/WasmToJS.cpp:
1511         (JSC::Wasm::wasmToJS):
1512
1513 2019-10-23  Keith Miller  <keith_miller@apple.com>
1514
1515         Undo incidental change from BytecodeIndex class patch
1516         https://bugs.webkit.org/show_bug.cgi?id=203339
1517
1518         Reviewed by Mark Lam.
1519
1520         It's not totally clear why we need to claim our bytecode index is
1521         0 when we can't figure what the true index is. I'd rather unbreak
1522         our build for now, however, and fix the underlying issue in
1523         https://bugs.webkit.org/show_bug.cgi?id=203340
1524
1525         * runtime/Error.cpp:
1526         (JSC::getBytecodeIndex):
1527
1528 2019-10-23  Yusuke Suzuki  <ysuzuki@apple.com>
1529
1530         [JSC] Figure out missing prepareCallOperation
1531         https://bugs.webkit.org/show_bug.cgi?id=203285
1532
1533         Reviewed by Mark Lam.
1534
1535         We start using __builtin_frame_address to get CallFrame* in JIT operations. For the platform which is not supporting this API (MSVC),
1536         we put frame-pointer to vm.topCallFrame in the caller side. The problem is that all Apple platform is now using __builtin_frame_address,
1537         and we are not testing vm.topCallFrame version at all.
1538
1539         To find missing prepareCallOperation call, we introduce JITOperationPrologueCallFrameTracer. When USE(BUILTIN_FRAME_ADDRESS) is enabled and
1540         if it is debug build, we anyway put frame-pointer to vm.topCallFrame. And after that, we ensure that vm.topCallFrame is the same to the
1541         CallFrame* gained by __builtin_frame_address. By doing this, we can find places missing this call in debug build of Apple ports.
1542
1543         We also found that FTL's custom getter calling is putting wrong value to vm.topCallFrame. This patch fixes it too.
1544
1545         * dfg/DFGOSRExit.cpp:
1546         (JSC::DFG::OSRExit::emitRestoreArguments):
1547         (JSC::DFG::operationCompileOSRExit):
1548         (JSC::DFG::OSRExit::compileExit):
1549         (JSC::DFG::operationDebugPrintSpeculationFailure):
1550         (JSC::DFG::OSRExit::compileOSRExit): Deleted.
1551         (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure): Deleted.
1552         * dfg/DFGOSRExit.h:
1553         * dfg/DFGOSRExitCompilerCommon.cpp:
1554         (JSC::DFG::handleExitCounts):
1555         (JSC::DFG::osrWriteBarrier):
1556         * dfg/DFGOSRExitCompilerCommon.h:
1557         * dfg/DFGOperations.cpp:
1558         * dfg/DFGOperations.h:
1559         * dfg/DFGSpeculativeJIT64.cpp:
1560         (JSC::DFG::SpeculativeJIT::compile):
1561         * dfg/DFGThunks.cpp:
1562         (JSC::DFG::osrExitThunkGenerator):
1563         (JSC::DFG::osrExitGenerationThunkGenerator):
1564         * ftl/FTLLowerDFGToB3.cpp:
1565         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1566         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1567         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
1568         (JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
1569         (JSC::FTL::DFG::LowerDFGToB3::callPreflight):
1570         (JSC::FTL::DFG::LowerDFGToB3::callCheck):
1571         * ftl/FTLOSRExitCompiler.cpp:
1572         (JSC::FTL::compileStub):
1573         (JSC::FTL::operationCompileFTLOSRExit):
1574         (JSC::FTL::compileFTLOSRExit): Deleted.
1575         * ftl/FTLOSRExitCompiler.h:
1576         * ftl/FTLOperations.cpp:
1577         (JSC::FTL::operationPopulateObjectInOSR):
1578         (JSC::FTL::operationMaterializeObjectInOSR):
1579         (JSC::FTL::operationCompileFTLLazySlowPath):
1580         (JSC::FTL::compileFTLLazySlowPath): Deleted.
1581         * ftl/FTLOperations.h:
1582         * ftl/FTLSlowPathCall.cpp:
1583         (JSC::FTL::SlowPathCallContext::makeCall):
1584         * ftl/FTLThunks.cpp:
1585         (JSC::FTL::genericGenerationThunkGenerator):
1586         (JSC::FTL::osrExitGenerationThunkGenerator):
1587         (JSC::FTL::lazySlowPathGenerationThunkGenerator):
1588         (JSC::FTL::slowPathCallThunkGenerator):
1589         * ftl/FTLThunks.h:
1590         (JSC::FTL::generateIfNecessary):
1591         (JSC::FTL::Thunks::getSlowPathCallThunk):
1592         * interpreter/FrameTracers.h:
1593         (JSC::SlowPathFrameTracer::SlowPathFrameTracer):
1594         (JSC::JITOperationPrologueCallFrameTracer::JITOperationPrologueCallFrameTracer):
1595         (JSC::JITOperationPrologueCallFrameTracer::~JITOperationPrologueCallFrameTracer):
1596         * jit/AssemblyHelpers.cpp:
1597         (JSC::AssemblyHelpers::callExceptionFuzz):
1598         (JSC::AssemblyHelpers::debugCall):
1599         * jit/AssemblyHelpers.h:
1600         (JSC::AssemblyHelpers::prepareCallOperation):
1601         * jit/CCallHelpers.cpp:
1602         (JSC::CCallHelpers::ensureShadowChickenPacket):
1603         * jit/CCallHelpers.h:
1604         (JSC::CCallHelpers::prepareCallOperation): Deleted.
1605         * jit/JITOperations.cpp:
1606         * jit/JITOperations.h:
1607         * jit/Repatch.cpp:
1608         (JSC::ftlThunkAwareRepatchCall):
1609         * jit/ThunkGenerators.cpp:
1610         (JSC::boundThisNoArgsFunctionCallGenerator):
1611         * llint/LLIntSlowPaths.cpp:
1612         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1613         (JSC::LLInt::handleHostCall):
1614         * runtime/AtomicsObject.cpp:
1615         (JSC::operationAtomicsAdd):
1616         (JSC::operationAtomicsAnd):
1617         (JSC::operationAtomicsCompareExchange):
1618         (JSC::operationAtomicsExchange):
1619         (JSC::operationAtomicsIsLockFree):
1620         (JSC::operationAtomicsLoad):
1621         (JSC::operationAtomicsOr):
1622         (JSC::operationAtomicsStore):
1623         (JSC::operationAtomicsSub):
1624         (JSC::operationAtomicsXor):
1625         * runtime/CommonSlowPaths.cpp:
1626         (JSC::SLOW_PATH_DECL):
1627         * runtime/StringPrototype.cpp:
1628         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
1629         (JSC::operationStringProtoFuncReplaceRegExpString):
1630         (JSC::operationStringProtoFuncReplaceGeneric):
1631         * tools/JSDollarVM.cpp:
1632         (IGNORE_WARNINGS_BEGIN):
1633         * wasm/WasmAirIRGenerator.cpp:
1634         (JSC::Wasm::AirIRGenerator::emitLoopTierUpCheck):
1635         * wasm/WasmB3IRGenerator.cpp:
1636         (JSC::Wasm::B3IRGenerator::emitLoopTierUpCheck):
1637         * wasm/WasmOperations.cpp:
1638         (JSC::Wasm::operationWasmThrowBadI64):
1639         (JSC::Wasm::operationWasmTriggerOSREntryNow):
1640         (JSC::Wasm::operationWasmTriggerTierUpNow):
1641         (JSC::Wasm::operationThrowBadI64): Deleted.
1642         (JSC::Wasm::triggerOSREntryNow): Deleted.
1643         (JSC::Wasm::triggerTierUpNow): Deleted.
1644         * wasm/WasmOperations.h:
1645         * wasm/WasmThunks.cpp:
1646         (JSC::Wasm::triggerOMGEntryTierUpThunkGenerator):
1647         * wasm/js/JSWebAssembly.cpp:
1648         (JSC::instantiate):
1649         * wasm/js/WasmToJS.cpp:
1650         (JSC::Wasm::handleBadI64Use):
1651         (JSC::Wasm::operationWasmToJSException):
1652         (JSC::Wasm::emitThrowWasmToJSException):
1653         (JSC::Wasm::wasmToJSException): Deleted.
1654         * wasm/js/WasmToJS.h:
1655         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1656         (JSC::constructJSWebAssemblyInstance):
1657
1658 2019-10-23  Truitt Savell  <tsavell@apple.com>
1659
1660         Unreviewed, rolling out r251482.
1661
1662         r251261 broke multiple tests, reverting this as part of that
1663         rollout.
1664
1665         Reverted changeset:
1666
1667         "[ Mac WK1 ] REGRESSION (r251261): Layout Test
1668         inspector/console/webcore-logging.html is consistently
1669         Failing"
1670         https://bugs.webkit.org/show_bug.cgi?id=203173
1671         https://trac.webkit.org/changeset/251482
1672
1673 2019-10-23  Yury Semikhatsky  <yurys@chromium.org>
1674
1675         Web Inspector: notify inspector when provisional page is created, committed and destroyed
1676         https://bugs.webkit.org/show_bug.cgi?id=202704
1677
1678         Reviewed by Devin Rousso.
1679
1680         * inspector/InspectorTarget.h: changed InspectorTarget to not require FrontendChannel as
1681         all messages are routed by means of the owning InspectorTargetAgent.
1682         * inspector/agents/InspectorTargetAgent.cpp:
1683         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
1684         (Inspector::buildTargetInfoObject):
1685         (Inspector::InspectorTargetAgent::targetCreated):
1686         (Inspector::InspectorTargetAgent::targetDestroyed):
1687         (Inspector::InspectorTargetAgent::didCommitProvisionalTarget): this method is used to
1688         notify frontend that corresponding provisional target has committed and replaced previous
1689         target.
1690         (Inspector::InspectorTargetAgent::connectionType const):
1691         (Inspector::InspectorTargetAgent::connectToTargets):
1692         (Inspector::InspectorTargetAgent::disconnectFromTargets):
1693         * inspector/agents/InspectorTargetAgent.h:
1694         * inspector/protocol/Target.json: extended TargetInfo with provisional page details and
1695         added event which is fired when provisional page gets committed. If provisional
1696         load fails there will be targetDestroyed event without corresponding commit.
1697
1698 2019-10-23  Ross Kirsling  <ross.kirsling@sony.com>
1699
1700         String.prototype.matchAll should throw on non-global regex
1701         https://bugs.webkit.org/show_bug.cgi?id=202838
1702
1703         Reviewed by Keith Miller.
1704
1705         * builtins/StringPrototype.js:
1706         (matchAll):
1707         Implement normative change from https://github.com/tc39/ecma262/pull/1716.
1708
1709         * builtins/BuiltinNames.h:
1710         * runtime/JSGlobalObject.cpp:
1711         (JSC::JSGlobalObject::init):
1712         * runtime/RegExpConstructor.cpp:
1713         (JSC::esSpecIsRegExp): Added.
1714         * runtime/RegExpConstructor.h:
1715         Expose isRegExp to builtins. (This differs from @isRegExpObject by first checking for Symbol.match.)
1716
1717 2019-10-23  Sihui Liu  <sihui_liu@apple.com>
1718
1719         [ Mac WK1 ] REGRESSION (r251261): Layout Test inspector/console/webcore-logging.html is consistently Failing
1720         https://bugs.webkit.org/show_bug.cgi?id=203173
1721         <rdar://problem/56424721>
1722
1723         Hold a strong reference to JSGlobalOjbect in ConsoleMessage so that object is not garbage collected before
1724         WebConsoleAgent::frameWindowDiscarded.
1725
1726         Covered by existing test: inspector/console/webcore-logging.html.
1727
1728         Reviewed by Geoffrey Garen.
1729
1730         * inspector/ConsoleMessage.cpp:
1731         (Inspector::ConsoleMessage::ConsoleMessage):
1732         (Inspector::ConsoleMessage::clear):
1733         * inspector/ConsoleMessage.h:
1734
1735 2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>
1736
1737         Make `JSGlobalObject*` threading change more stabilized by adding tests and assertions
1738         https://bugs.webkit.org/show_bug.cgi?id=203274
1739
1740         Reviewed by Saam Barati.
1741
1742         This patch does some follow-up changes after r251425.
1743
1744         1. Add tests that tests vm.topCallFrame from C++ world to ensure that `vm.topCallFrame` is kept nullptr if it is accessed from C++ world even after executing some scripts.
1745         2. Add assertion to ensure that `DECLARE_CALL_FRAME` is only called in JIT operation's prologue.
1746         3. Remove some of ExecState::deprecatedVM call.
1747         4. Define `USE(BUILTIN_FRAME_ADDRESS)` when using __builtin_frame_address to get CallFrame.
1748
1749         * API/tests/testapi.cpp:
1750         (TestAPI::topCallFrameAccess):
1751         (testCAPIViaCpp):
1752         * interpreter/CallFrame.cpp:
1753         (JSC::isFromJSCode):
1754         * interpreter/CallFrame.h:
1755         * jit/CCallHelpers.h:
1756         (JSC::CCallHelpers::prepareCallOperation):
1757         * tools/VMInspector.cpp:
1758         (JSC::VMInspector::dumpRegisters):
1759
1760 2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>
1761
1762         Unreviewed, WinCairo build fix after r251468
1763         https://bugs.webkit.org/show_bug.cgi?id=203276
1764
1765         * jit/JIT.h:
1766
1767 2019-10-22  Keith Miller  <keith_miller@apple.com>
1768
1769         BytecodeIndex should be a proper C++ class
1770         https://bugs.webkit.org/show_bug.cgi?id=203276
1771
1772         Reviewed by Mark Lam.
1773
1774         This patch makes a change to how we refer to the bytecode index in
1775         a bytecode stream. Previously we just used an unsigned number to
1776         represent the index, this patch changes most of the code to use a
1777         BytecodeIndex class instead. The only places where this patch does
1778         not change this is for jump and switch targets / deltas.
1779
1780         Additionally, this patch attempts to canonicalize the terminology
1781         around how we refer to bytecode indices. Now we use the word index
1782         to refer to the bytecode index class and offset to refer to the
1783         unsigned byte offset into the instruction stream.
1784
1785         * JavaScriptCore.xcodeproj/project.pbxproj:
1786         * Sources.txt:
1787         * bytecode/ByValInfo.h:
1788         (JSC::ByValInfo::ByValInfo):
1789         (JSC::getByValInfoBytecodeIndex):
1790         * bytecode/BytecodeBasicBlock.cpp:
1791         (JSC::BytecodeBasicBlock::computeImpl):
1792         * bytecode/BytecodeGeneratorification.cpp:
1793         (JSC::GeneratorLivenessAnalysis::run):
1794         * bytecode/BytecodeIndex.cpp: Added.
1795         (JSC::BytecodeIndex::dump const):
1796         * bytecode/BytecodeIndex.h: Added.
1797         (JSC::BytecodeIndex::BytecodeIndex):
1798         (JSC::BytecodeIndex::offset const):
1799         (JSC::BytecodeIndex::asBits const):
1800         (JSC::BytecodeIndex::hash const):
1801         (JSC::BytecodeIndex::deletedValue):
1802         (JSC::BytecodeIndex::isHashTableDeletedValue const):
1803         (JSC::BytecodeIndex::operator bool const):
1804         (JSC::BytecodeIndex::operator == const):
1805         (JSC::BytecodeIndex::operator != const):
1806         (JSC::BytecodeIndex::operator < const):
1807         (JSC::BytecodeIndex::operator > const):
1808         (JSC::BytecodeIndex::operator <= const):
1809         (JSC::BytecodeIndex::operator >= const):
1810         (JSC::BytecodeIndex::fromBits):
1811         (JSC::BytecodeIndexHash::hash):
1812         (JSC::BytecodeIndexHash::equal):
1813         * bytecode/BytecodeLivenessAnalysis.cpp:
1814         (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeIndex):
1815         (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
1816         (JSC::BytecodeLivenessAnalysis::computeKills):
1817         (JSC::BytecodeLivenessAnalysis::dumpResults):
1818         (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset): Deleted.
1819         * bytecode/BytecodeLivenessAnalysis.h:
1820         * bytecode/BytecodeLivenessAnalysisInlines.h:
1821         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1822         (JSC::BytecodeLivenessPropagation::computeLocalLivenessForBytecodeIndex):
1823         (JSC::BytecodeLivenessPropagation::computeLocalLivenessForBlock):
1824         (JSC::BytecodeLivenessPropagation::getLivenessInfoAtBytecodeIndex):
1825         (JSC::BytecodeLivenessPropagation::computeLocalLivenessForBytecodeOffset): Deleted.
1826         (JSC::BytecodeLivenessPropagation::getLivenessInfoAtBytecodeOffset): Deleted.
1827         * bytecode/BytecodeUseDef.h:
1828         (JSC::computeUsesForBytecodeIndex):
1829         (JSC::computeDefsForBytecodeIndex):
1830         (JSC::computeUsesForBytecodeOffset): Deleted.
1831         (JSC::computeDefsForBytecodeOffset): Deleted.
1832         * bytecode/CallLinkStatus.cpp:
1833         (JSC::CallLinkStatus::computeFromLLInt):
1834         (JSC::CallLinkStatus::computeFor):
1835         (JSC::CallLinkStatus::computeExitSiteData):
1836         * bytecode/CallLinkStatus.h:
1837         * bytecode/CodeBlock.cpp:
1838         (JSC::CodeBlock::getCallLinkInfoForBytecodeIndex):
1839         (JSC::CodeBlock::addRareCaseProfile):
1840         (JSC::CodeBlock::rareCaseProfileForBytecodeIndex):
1841         (JSC::CodeBlock::rareCaseProfileCountForBytecodeIndex):
1842         (JSC::CodeBlock::handlerForBytecodeIndex):
1843         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeIndex):
1844         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeIndexSlow):
1845         (JSC::CodeBlock::lineNumberForBytecodeIndex):
1846         (JSC::CodeBlock::columnNumberForBytecodeIndex):
1847         (JSC::CodeBlock::expressionRangeForBytecodeIndex const):
1848         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1849         (JSC::CodeBlock::getArrayProfile):
1850         (JSC::CodeBlock::tryGetValueProfileForBytecodeIndex):
1851         (JSC::CodeBlock::valueProfilePredictionForBytecodeIndex):
1852         (JSC::CodeBlock::valueProfileForBytecodeIndex):
1853         (JSC::CodeBlock::validate):
1854         (JSC::CodeBlock::arithProfileForBytecodeIndex):
1855         (JSC::CodeBlock::couldTakeSpecialArithFastCase):
1856         (JSC::CodeBlock::bytecodeIndexFromCallSiteIndex):
1857         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset): Deleted.
1858         (JSC::CodeBlock::rareCaseProfileCountForBytecodeOffset): Deleted.
1859         (JSC::CodeBlock::handlerForBytecodeOffset): Deleted.
1860         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset): Deleted.
1861         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow): Deleted.
1862         (JSC::CodeBlock::lineNumberForBytecodeOffset): Deleted.
1863         (JSC::CodeBlock::columnNumberForBytecodeOffset): Deleted.
1864         (JSC::CodeBlock::expressionRangeForBytecodeOffset const): Deleted.
1865         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset): Deleted.
1866         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): Deleted.
1867         (JSC::CodeBlock::valueProfileForBytecodeOffset): Deleted.
1868         (JSC::CodeBlock::arithProfileForBytecodeOffset): Deleted.
1869         (JSC::CodeBlock::couldTakeSpecialFastCase): Deleted.
1870         (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex): Deleted.
1871         * bytecode/CodeBlock.h:
1872         (JSC::CodeBlock::likelyToTakeSlowCase):
1873         (JSC::CodeBlock::couldTakeSlowCase):
1874         (JSC::CodeBlock::bytecodeIndex):
1875         * bytecode/CodeOrigin.cpp:
1876         (JSC::CodeOrigin::approximateHash const):
1877         (JSC::CodeOrigin::dump const):
1878         * bytecode/CodeOrigin.h:
1879         (JSC::CodeOrigin::CodeOrigin):
1880         (JSC::CodeOrigin::isSet const):
1881         (JSC::CodeOrigin::isHashTableDeletedValue const):
1882         (JSC::CodeOrigin::bytecodeIndex const):
1883         (JSC::CodeOrigin::OutOfLineCodeOrigin::OutOfLineCodeOrigin):
1884         (JSC::CodeOrigin::buildCompositeValue):
1885         (JSC::CodeOrigin::hash const):
1886         * bytecode/DFGExitProfile.cpp:
1887         (JSC::DFG::FrequentExitSite::dump const):
1888         (JSC::DFG::ExitProfile::exitSitesFor):
1889         * bytecode/DFGExitProfile.h:
1890         (JSC::DFG::FrequentExitSite::FrequentExitSite):
1891         (JSC::DFG::FrequentExitSite::operator== const):
1892         (JSC::DFG::FrequentExitSite::subsumes const):
1893         (JSC::DFG::FrequentExitSite::hash const):
1894         (JSC::DFG::FrequentExitSite::bytecodeIndex const):
1895         (JSC::DFG::FrequentExitSite::isHashTableDeletedValue const):
1896         (JSC::DFG::QueryableExitProfile::hasExitSite const):
1897         (JSC::DFG::FrequentExitSite::bytecodeOffset const): Deleted.
1898         * bytecode/DeferredSourceDump.cpp:
1899         (JSC::DeferredSourceDump::DeferredSourceDump):
1900         (JSC::DeferredSourceDump::dump):
1901         * bytecode/DeferredSourceDump.h:
1902         (): Deleted.
1903         * bytecode/FullBytecodeLiveness.h:
1904         (JSC::FullBytecodeLiveness::getLiveness const):
1905         (JSC::FullBytecodeLiveness::operandIsLive const):
1906         * bytecode/GetByIdStatus.cpp:
1907         (JSC::GetByIdStatus::computeFromLLInt):
1908         (JSC::GetByIdStatus::computeFor):
1909         (JSC::GetByIdStatus::computeForStubInfo):
1910         * bytecode/GetByIdStatus.h:
1911         * bytecode/ICStatusUtils.cpp:
1912         (JSC::hasBadCacheExitSite):
1913         * bytecode/ICStatusUtils.h:
1914         * bytecode/InByIdStatus.cpp:
1915         (JSC::InByIdStatus::computeFor):
1916         * bytecode/InByIdStatus.h:
1917         * bytecode/InlineCallFrame.cpp:
1918         (JSC::InlineCallFrame::dumpInContext const):
1919         * bytecode/InstanceOfStatus.cpp:
1920         (JSC::InstanceOfStatus::computeFor):
1921         * bytecode/InstanceOfStatus.h:
1922         * bytecode/InstructionStream.h:
1923         (JSC::InstructionStream::BaseRef::offset const):
1924         (JSC::InstructionStream::BaseRef::index const):
1925         (JSC::InstructionStream::at const):
1926         * bytecode/LazyOperandValueProfile.h:
1927         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
1928         (JSC::LazyOperandValueProfileKey::operator== const):
1929         (JSC::LazyOperandValueProfileKey::hash const):
1930         (JSC::LazyOperandValueProfileKey::bytecodeIndex const):
1931         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue const):
1932         (JSC::LazyOperandValueProfileKey::bytecodeOffset const): Deleted.
1933         * bytecode/MethodOfGettingAValueProfile.cpp:
1934         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
1935         * bytecode/MethodOfGettingAValueProfile.h:
1936         * bytecode/PutByIdStatus.cpp:
1937         (JSC::PutByIdStatus::computeFromLLInt):
1938         (JSC::PutByIdStatus::computeFor):
1939         * bytecode/PutByIdStatus.h:
1940         * bytecode/StructureStubInfo.cpp:
1941         (JSC::StructureStubInfo::StructureStubInfo):
1942         * bytecode/UnlinkedCodeBlock.cpp:
1943         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeIndex):
1944         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeIndex const):
1945         (JSC::UnlinkedCodeBlock::handlerForBytecodeIndex):
1946         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1947         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const): Deleted.
1948         (JSC::UnlinkedCodeBlock::handlerForBytecodeOffset): Deleted.
1949         * bytecode/UnlinkedCodeBlock.h:
1950         * bytecode/ValueProfile.h:
1951         (JSC::RareCaseProfile::RareCaseProfile):
1952         (JSC::getRareCaseProfileBytecodeIndex):
1953         (JSC::getRareCaseProfileBytecodeOffset): Deleted.
1954         * bytecompiler/BytecodeGenerator.cpp:
1955         (JSC::ForInContext::finalize):
1956         * debugger/DebuggerCallFrame.cpp:
1957         (JSC::DebuggerCallFrame::currentPosition):
1958         * dfg/DFGBasicBlock.cpp:
1959         (JSC::DFG::BasicBlock::BasicBlock):
1960         * dfg/DFGBasicBlock.h:
1961         (JSC::DFG::getBytecodeBeginForBlock):
1962         (JSC::DFG::blockForBytecodeIndex):
1963         (JSC::DFG::blockForBytecodeOffset): Deleted.
1964         * dfg/DFGBlockInsertionSet.cpp:
1965         (JSC::DFG::BlockInsertionSet::insert):
1966         * dfg/DFGByteCodeParser.cpp:
1967         (JSC::DFG::ByteCodeParser::flushForTerminalImpl):
1968         (JSC::DFG::ByteCodeParser::flushIfTerminal):
1969         (JSC::DFG::ByteCodeParser::branchData):
1970         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1971         (JSC::DFG::ByteCodeParser::getPrediction):
1972         (JSC::DFG::ByteCodeParser::getArrayMode):
1973         (JSC::DFG::ByteCodeParser::makeSafe):
1974         (JSC::DFG::ByteCodeParser::makeDivSafe):
1975         (JSC::DFG::ByteCodeParser::allocateTargetableBlock):
1976         (JSC::DFG::ByteCodeParser::allocateUntargetableBlock):
1977         (JSC::DFG::ByteCodeParser::makeBlockTargetable):
1978         (JSC::DFG::ByteCodeParser::handleCall):
1979         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1980         (JSC::DFG::ByteCodeParser::inlineCall):
1981         (JSC::DFG::ByteCodeParser::handleCallVariant):
1982         (JSC::DFG::ByteCodeParser::handleInlining):
1983         (JSC::DFG::ByteCodeParser::parseBlock):
1984         (JSC::DFG::ByteCodeParser::linkBlock):
1985         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1986         (JSC::DFG::ByteCodeParser::parse):
1987         * dfg/DFGCommonData.cpp:
1988         (JSC::DFG::CommonData::addCodeOrigin):
1989         (JSC::DFG::CommonData::addUniqueCallSiteIndex):
1990         (JSC::DFG::CommonData::lastCallSite const):
1991         * dfg/DFGCommonData.h:
1992         (JSC::DFG::CommonData::catchOSREntryDataForBytecodeIndex):
1993         (JSC::DFG::CommonData::appendCatchEntrypoint):
1994         * dfg/DFGDriver.cpp:
1995         (JSC::DFG::compileImpl):
1996         (JSC::DFG::compile):
1997         * dfg/DFGDriver.h:
1998         * dfg/DFGGraph.cpp:
1999         (JSC::DFG::Graph::dump):
2000         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2001         (JSC::DFG::Graph::willCatchExceptionInMachineFrame):
2002         * dfg/DFGGraph.h:
2003         * dfg/DFGJITCode.cpp:
2004         (JSC::DFG::JITCode::clearOSREntryBlockAndResetThresholds):
2005         * dfg/DFGJITCode.h:
2006         (JSC::DFG::JITCode::appendOSREntryData):
2007         (JSC::DFG::JITCode::osrEntryDataForBytecodeIndex):
2008         * dfg/DFGJITCompiler.cpp:
2009         (JSC::DFG::JITCompiler::JITCompiler):
2010         (JSC::DFG::JITCompiler::compile):
2011         (JSC::DFG::JITCompiler::compileFunction):
2012         * dfg/DFGJITCompiler.h:
2013         (JSC::DFG::JITCompiler::setStartOfCode):
2014         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
2015         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlockForTryCatch):
2016         * dfg/DFGOSREntry.cpp:
2017         (JSC::DFG::OSREntryData::dumpInContext const):
2018         (JSC::DFG::prepareOSREntry):
2019         (JSC::DFG::prepareCatchOSREntry):
2020         * dfg/DFGOSREntry.h:
2021         (JSC::DFG::getOSREntryDataBytecodeIndex):
2022         (JSC::DFG::prepareOSREntry):
2023         * dfg/DFGOSREntrypointCreationPhase.cpp:
2024         (JSC::DFG::OSREntrypointCreationPhase::run):
2025         * dfg/DFGOSRExit.cpp:
2026         (JSC::DFG::OSRExit::executeOSRExit):
2027         (JSC::DFG::reifyInlinedCallFrames):
2028         (JSC::DFG::adjustAndJumpToTarget):
2029         (JSC::DFG::printOSRExit):
2030         (JSC::DFG::OSRExit::compileExit):
2031         (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure):
2032         * dfg/DFGOSRExit.h:
2033         * dfg/DFGOSRExitCompilerCommon.cpp:
2034         (JSC::DFG::callerReturnPC):
2035         (JSC::DFG::reifyInlinedCallFrames):
2036         (JSC::DFG::adjustAndJumpToTarget):
2037         * dfg/DFGOSRExitCompilerCommon.h:
2038         * dfg/DFGOperations.cpp:
2039         * dfg/DFGOperations.h:
2040         * dfg/DFGPlan.cpp:
2041         (JSC::DFG::Plan::Plan):
2042         (JSC::DFG::Plan::compileInThreadImpl):
2043         (JSC::DFG::Plan::cleanMustHandleValuesIfNecessary):
2044         * dfg/DFGPlan.h:
2045         (JSC::DFG::Plan::osrEntryBytecodeIndex const):
2046         (JSC::DFG::Plan::tierUpInLoopHierarchy):
2047         (JSC::DFG::Plan::tierUpAndOSREnterBytecodes):
2048         * dfg/DFGSSAConversionPhase.cpp:
2049         (JSC::DFG::SSAConversionPhase::run):
2050         * dfg/DFGSpeculativeJIT.cpp:
2051         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2052         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2053         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2054         (JSC::DFG::SpeculativeJIT::compileValueSub):
2055         (JSC::DFG::SpeculativeJIT::compileValueNegate):
2056         (JSC::DFG::SpeculativeJIT::compileValueMul):
2057         (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
2058         * dfg/DFGSpeculativeJIT64.cpp:
2059         (JSC::DFG::SpeculativeJIT::compile):
2060         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2061         (JSC::DFG::TierUpCheckInjectionPhase::run):
2062         (JSC::DFG::TierUpCheckInjectionPhase::buildNaturalLoopToLoopHintMap):
2063         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
2064         (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
2065         * dfg/DFGValidate.cpp:
2066         * ftl/FTLCompile.cpp:
2067         (JSC::FTL::compile):
2068         * ftl/FTLForOSREntryJITCode.h:
2069         (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
2070         (JSC::FTL::ForOSREntryJITCode::bytecodeIndex const):
2071         * ftl/FTLLowerDFGToB3.cpp:
2072         (JSC::FTL::DFG::LowerDFGToB3::lower):
2073         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2074         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2075         (JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
2076         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
2077         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
2078         * ftl/FTLOSREntry.cpp:
2079         (JSC::FTL::prepareOSREntry):
2080         * ftl/FTLOSREntry.h:
2081         * interpreter/CallFrame.cpp:
2082         (JSC::CallFrame::callSiteIndex const):
2083         (JSC::CallFrame::unsafeCallSiteIndex const):
2084         (JSC::CallFrame::setCurrentVPC):
2085         (JSC::CallFrame::bytecodeIndex):
2086         (JSC::CallFrame::codeOrigin):
2087         (JSC::CallFrame::dump):
2088         (JSC::CallFrame::bytecodeOffset): Deleted.
2089         * interpreter/CallFrame.h:
2090         (JSC::CallSiteIndex::CallSiteIndex):
2091         (JSC::CallSiteIndex::operator bool const):
2092         (JSC::CallSiteIndex::operator== const):
2093         (JSC::CallSiteIndex::bits const):
2094         (JSC::CallSiteIndex::bytecodeIndex const):
2095         (JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
2096         (): Deleted.
2097         * interpreter/Interpreter.cpp:
2098         (JSC::GetStackTraceFunctor::operator() const):
2099         (JSC::findExceptionHandler):
2100         * interpreter/ShadowChicken.cpp:
2101         (JSC::ShadowChicken::update):
2102         * interpreter/StackVisitor.cpp:
2103         (JSC::StackVisitor::readNonInlinedFrame):
2104         (JSC::StackVisitor::readInlinedFrame):
2105         (JSC::StackVisitor::Frame::retrieveExpressionInfo const):
2106         (JSC::StackVisitor::Frame::dump const):
2107         * interpreter/StackVisitor.h:
2108         (JSC::StackVisitor::Frame::bytecodeIndex const):
2109         (JSC::StackVisitor::Frame::bytecodeOffset const): Deleted.
2110         * jit/JIT.cpp:
2111         (JSC::JIT::JIT):
2112         (JSC::JIT::emitEnterOptimizationCheck):
2113         (JSC::JIT::privateCompileMainPass):
2114         (JSC::JIT::privateCompileSlowCases):
2115         (JSC::JIT::compileWithoutLinking):
2116         (JSC::JIT::link):
2117         (JSC::JIT::privateCompileExceptionHandlers):
2118         * jit/JIT.h:
2119         (JSC::CallRecord::CallRecord):
2120         (JSC::SlowCaseEntry::SlowCaseEntry):
2121         (JSC::SwitchRecord::SwitchRecord):
2122         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2123         * jit/JITCall.cpp:
2124         (JSC::JIT::compileCallEvalSlowCase):
2125         (JSC::JIT::compileOpCall):
2126         * jit/JITCodeMap.h:
2127         (JSC::JITCodeMap::Entry::Entry):
2128         (JSC::JITCodeMap::Entry::bytecodeIndex const):
2129         (JSC::JITCodeMap::append):
2130         (JSC::JITCodeMap::find const):
2131         * jit/JITDisassembler.cpp:
2132         (JSC::JITDisassembler::dumpVectorForInstructions):
2133         (JSC::JITDisassembler::reportInstructions):
2134         * jit/JITDisassembler.h:
2135         * jit/JITInlines.h:
2136         (JSC::JIT::emitNakedCall):
2137         (JSC::JIT::emitNakedTailCall):
2138         (JSC::JIT::updateTopCallFrame):
2139         (JSC::JIT::linkAllSlowCasesForBytecodeIndex):
2140         (JSC::JIT::addSlowCase):
2141         (JSC::JIT::addJump):
2142         (JSC::JIT::emitJumpSlowToHot):
2143         (JSC::JIT::emitGetVirtualRegister):
2144         (JSC::JIT::linkAllSlowCasesForBytecodeOffset): Deleted.
2145         * jit/JITOpcodes.cpp:
2146         (JSC::JIT::emit_op_instanceof):
2147         (JSC::JIT::emit_op_catch):
2148         (JSC::JIT::emit_op_switch_imm):
2149         (JSC::JIT::emit_op_switch_char):
2150         (JSC::JIT::emit_op_switch_string):
2151         (JSC::JIT::emitSlow_op_loop_hint):
2152         (JSC::JIT::emit_op_has_indexed_property):
2153         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2154         * jit/JITOpcodes32_64.cpp:
2155         (JSC::JIT::emit_op_instanceof):
2156         (JSC::JIT::emit_op_catch):
2157         (JSC::JIT::emit_op_switch_imm):
2158         (JSC::JIT::emit_op_switch_char):
2159         (JSC::JIT::emit_op_switch_string):
2160         (JSC::JIT::emit_op_has_indexed_property):
2161         * jit/JITOperations.cpp:
2162         (JSC::getByVal):
2163         (JSC::tryGetByValOptimize):
2164         * jit/JITPropertyAccess.cpp:
2165         (JSC::JIT::emit_op_get_by_val):
2166         (JSC::JIT::emitGetByValWithCachedId):
2167         (JSC::JIT::emit_op_put_by_val):
2168         (JSC::JIT::emitPutByValWithCachedId):
2169         (JSC::JIT::emit_op_try_get_by_id):
2170         (JSC::JIT::emit_op_get_by_id_direct):
2171         (JSC::JIT::emit_op_get_by_id):
2172         (JSC::JIT::emit_op_get_by_id_with_this):
2173         (JSC::JIT::emit_op_put_by_id):
2174         (JSC::JIT::emit_op_in_by_id):
2175         * jit/JITWorklist.cpp:
2176         (JSC::JITWorklist::Plan::Plan):
2177         (JSC::JITWorklist::Plan::compileNow):
2178         (JSC::JITWorklist::compileLater):
2179         (JSC::JITWorklist::compileNow):
2180         * jit/JITWorklist.h:
2181         * jit/PCToCodeOriginMap.cpp:
2182         (JSC::PCToCodeOriginMap::PCToCodeOriginMap):
2183         (JSC::PCToCodeOriginMap::findPC const):
2184         * jit/PCToCodeOriginMap.h:
2185         (JSC::PCToCodeOriginMapBuilder::defaultCodeOrigin):
2186         * jit/SlowPathCall.h:
2187         (JSC::JITSlowPathCall::call):
2188         * llint/LLIntSlowPaths.cpp:
2189         (JSC::LLInt::jitCompileAndSetHeuristics):
2190         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2191         * profiler/ProfilerOrigin.cpp:
2192         (JSC::Profiler::Origin::Origin):
2193         (JSC::Profiler::Origin::dump const):
2194         (JSC::Profiler::Origin::toJS const):
2195         * profiler/ProfilerOrigin.h:
2196         (JSC::Profiler::Origin::Origin):
2197         (JSC::Profiler::Origin::operator! const):
2198         (JSC::Profiler::Origin::bytecodeIndex const):
2199         (JSC::Profiler::Origin::hash const):
2200         (JSC::Profiler::Origin::isHashTableDeletedValue const):
2201         * runtime/Error.cpp:
2202         (JSC::getBytecodeIndex):
2203         (JSC::getBytecodeOffset): Deleted.
2204         * runtime/Error.h:
2205         * runtime/ErrorInstance.cpp:
2206         (JSC::appendSourceToError):
2207         (JSC::ErrorInstance::finishCreation):
2208         * runtime/SamplingProfiler.cpp:
2209         (JSC::tryGetBytecodeIndex):
2210         (JSC::SamplingProfiler::processUnverifiedStackTraces):
2211         (JSC::SamplingProfiler::reportTopBytecodes):
2212         * runtime/SamplingProfiler.h:
2213         (JSC::SamplingProfiler::StackFrame::CodeLocation::hasBytecodeIndex const):
2214         * runtime/StackFrame.cpp:
2215         (JSC::StackFrame::StackFrame):
2216         (JSC::StackFrame::computeLineAndColumn const):
2217         * runtime/StackFrame.h:
2218         (JSC::StackFrame::hasBytecodeIndex const):
2219         (JSC::StackFrame::bytecodeIndex):
2220         (JSC::StackFrame::hasBytecodeOffset const): Deleted.
2221         (JSC::StackFrame::bytecodeOffset): Deleted.
2222         * tools/VMInspector.cpp:
2223         (JSC::VMInspector::dumpRegisters):
2224
2225 2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>
2226
2227         Unreviewed, make 32bit JIT built
2228         https://bugs.webkit.org/show_bug.cgi?id=202392
2229
2230         This patch makes 32bit JIT built at least.
2231
2232         * jit/JITOpcodes32_64.cpp:
2233         (JSC::JIT::emit_op_throw):
2234         * jit/JITPropertyAccess32_64.cpp:
2235         (JSC::JIT::emitGetByValWithCachedId):
2236         (JSC::JIT::emitSlow_op_get_by_id_direct):
2237         (JSC::JIT::emitSlow_op_get_by_id):
2238         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2239         (JSC::JIT::emitSlow_op_get_from_scope):
2240
2241 2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>
2242
2243         [JSC] Remove non-LargeAllocation restriction for JSCallee
2244         https://bugs.webkit.org/show_bug.cgi?id=203260
2245
2246         Reviewed by Saam Barati.
2247
2248         We now pass JSGlobalObject* instead of ExecState*. And we are getting VM& from JSGlobalObject*.
2249         Because now accessing ExecState::vm() becomes less frequent, we can remove the restriction that
2250         callee is only allocated in non-LargeAllocation, which restriction made ExecState::vm fast.
2251
2252         This patch renames `CallFrame::vm` to `CallFrame::deprecatedVM`. And we avoid using it as much as possible.
2253         And we also remove the restriction that callee needs to be in non-LargeAllocation.
2254
2255         * API/JSContextRef.cpp:
2256         (JSContextCreateBacktrace):
2257         * bytecode/CodeBlock.cpp:
2258         (JSC::CodeBlock::noticeIncomingCall):
2259         * debugger/DebuggerCallFrame.cpp:
2260         (JSC::DebuggerCallFrame::deprecatedVMEntryGlobalObject const):
2261         (JSC::DebuggerCallFrame::functionName const):
2262         (JSC::DebuggerCallFrame::scope):
2263         (JSC::DebuggerCallFrame::type const):
2264         (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
2265         (JSC::DebuggerCallFrame::positionForCallFrame):
2266         * dfg/DFGOSRExit.cpp:
2267         (JSC::DFG::OSRExit::executeOSRExit):
2268         (JSC::DFG::OSRExit::compileOSRExit):
2269         (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure):
2270         * dfg/DFGOperations.cpp:
2271         * ftl/FTLOSRExitCompiler.cpp:
2272         (JSC::FTL::compileFTLOSRExit):
2273         * ftl/FTLOperations.cpp:
2274         (JSC::FTL::compileFTLLazySlowPath):
2275         * inspector/JSInjectedScriptHost.cpp:
2276         (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
2277         * inspector/ScriptCallStackFactory.cpp:
2278         (Inspector::createScriptCallStack):
2279         (Inspector::createScriptCallStackForConsole):
2280         * interpreter/CallFrame.cpp:
2281         (JSC::CallFrame::callerSourceOrigin):
2282         (JSC::CallFrame::friendlyFunctionName):
2283         * interpreter/CallFrame.h:
2284         (JSC::CallFrame::iterate):
2285         * interpreter/Interpreter.cpp:
2286         (JSC::sizeOfVarargs):
2287         (JSC::sizeFrameForVarargs):
2288         (JSC::Interpreter::getStackTrace):
2289         (JSC::Interpreter::unwind):
2290         (JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
2291         (JSC::Interpreter::debug):
2292         * interpreter/Interpreter.h:
2293         * interpreter/ShadowChicken.cpp:
2294         (JSC::ShadowChicken::update):
2295         * interpreter/StackVisitor.cpp:
2296         (JSC::StackVisitor::StackVisitor):
2297         (JSC::StackVisitor::Frame::functionName const):
2298         * interpreter/StackVisitor.h:
2299         (JSC::StackVisitor::visit):
2300         * jit/HostCallReturnValue.cpp:
2301         (JSC::getHostCallReturnValueWithExecState):
2302         * jit/JITOperations.cpp:
2303         * jit/Repatch.cpp:
2304         (JSC::linkFor):
2305         (JSC::linkPolymorphicCall):
2306         * jit/Repatch.h:
2307         * jsc.cpp:
2308         (functionJSCStack):
2309         (functionRunString):
2310         (functionLoadString):
2311         (functionCallerSourceOrigin):
2312         (functionCallerIsOMGCompiled):
2313         (functionDollarEvalScript):
2314         * llint/LLIntSlowPaths.cpp:
2315         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2316         * runtime/Error.cpp:
2317         (JSC::getBytecodeOffset):
2318         * runtime/FunctionConstructor.cpp:
2319         (JSC::constructFunction):
2320         * runtime/JSCellInlines.h:
2321         (JSC::CallFrame::deprecatedVM const):
2322         (JSC::CallFrame::vm const): Deleted.
2323         * runtime/JSFunction.cpp:
2324         (JSC::retrieveArguments):
2325         (JSC::JSFunction::argumentsGetter):
2326         (JSC::retrieveCallerFunction):
2327         (JSC::JSFunction::callerGetter):
2328         (JSC::JSFunction::defineOwnProperty):
2329         * runtime/JSGlobalObject.cpp:
2330         (JSC::assertCall):
2331         * runtime/JSGlobalObjectFunctions.cpp:
2332         (JSC::globalFuncEval):
2333         (JSC::globalFuncImportModule):
2334         * runtime/NullSetterFunction.cpp:
2335         (JSC::callerIsStrict):
2336         (JSC::NullSetterFunctionInternal::callReturnUndefined):
2337         * tools/JSDollarVM.cpp:
2338         (IGNORE_WARNINGS_BEGIN):
2339         (JSC::functionLLintTrue):
2340         (JSC::functionJITTrue):
2341         (JSC::functionDumpRegisters):
2342         (JSC::functionShadowChickenFunctionsOnStack):
2343         * tools/VMInspector.cpp:
2344         (JSC::VMInspector::codeBlockForFrame):
2345         (JSC::VMInspector::dumpCallFrame):
2346         (JSC::VMInspector::dumpRegisters):
2347         (JSC::VMInspector::dumpStack):
2348         * wasm/js/WasmToJS.cpp:
2349         (JSC::Wasm::wasmToJS):
2350
2351 2019-10-22  Mark Lam  <mark.lam@apple.com>
2352
2353         Clients of JSArray::tryCreateUninitializedRestricted() should invoke the mutatorFence().
2354         https://bugs.webkit.org/show_bug.cgi?id=203231
2355         <rdar://problem/56486552>
2356
2357         Reviewed by Saam Barati.
2358
2359         Clients of JSArray::tryCreateUninitializedRestricted() creates a partially
2360         initialized JSArray butterfly, with the contract that it (the client) will take
2361         care of filling in all the missing indexed properties before setting the newly
2362         created array loose in the world.  We intentionally do not unconditionally write
2363         barrier the newly created array but, instead, rely on an owner object (or GC root)
2364         that it gets put into to scan it.
2365
2366         That said, we do need to ensure that all the stores are completed before this
2367         array is put in an owner object (or GC root) which makes it scannable by the GC.
2368         This ensures that the GC will not be scanning a partially initialized array
2369         butterfly.  To achieve this, we should invoke the mutatorFence after the clients
2370         of JSArray::tryCreateUninitializedRestricted() finish initializing the array.
2371
2372         By design, all clients of tryCreateUninitializedRestricted() must instantiate an
2373         ObjectInitializationScope RAII object.  This patch makes use of the
2374         ObjectInitializationScope destructor to invoke the mutatorFence.
2375
2376         Note: we technically only need to invoke the fence if we succeeded in allocating
2377         the array.  However, we just invoke the fence unconditionally because we expect
2378         that in the common path, we will succeed in allocating the array.  The release
2379         build version of ObjectInitializationScope does not keep record of whether we
2380         succeed in allocating the array anyway.  To keep the behavior consistent, the
2381         debug build version of ObjectInitializationScope will also unconditionally
2382         invoke the fence even if we failed to allocate the array.
2383
2384         This patch also does the following:
2385
2386         1. Replaced the setting of the public length in arrayProtoPrivateFuncConcatMemcpy()
2387            with an assertion.  The public length was already set by
2388            tryCreateUninitializedRestricted() earlier.
2389
2390            Ditto for JSArray::fastSlice().
2391
2392         2. Removed a redundant instance of ObjectInitializationScope in
2393            createEmptyRegExpMatchesArray().
2394
2395         * runtime/ArrayPrototype.cpp:
2396         (JSC::arrayProtoPrivateFuncConcatMemcpy):
2397         * runtime/JSArray.cpp:
2398         (JSC::JSArray::fastSlice):
2399         * runtime/ObjectInitializationScope.cpp:
2400         (JSC::ObjectInitializationScope::~ObjectInitializationScope):
2401         * runtime/ObjectInitializationScope.h:
2402         (JSC::ObjectInitializationScope::~ObjectInitializationScope):
2403         * runtime/RegExpMatchesArray.cpp:
2404         (JSC::createEmptyRegExpMatchesArray):
2405
2406 2019-10-22  Mark Lam  <mark.lam@apple.com>
2407
2408         Fix incorrect assertion in operationRegExpExecNonGlobalOrSticky().
2409         https://bugs.webkit.org/show_bug.cgi?id=203230
2410         <rdar://problem/56460749>
2411
2412         Reviewed by Robin Morisset.
2413
2414         operationRegExpExecNonGlobalOrSticky() was asserting no exception when
2415         createRegExpMatchesArray() returns null.  createRegExpMatchesArray() only returns
2416         null when RegExp::matchInline() returns -1.  RegExp::matchInline() can return -1
2417         either when there's an error, or if the match fails.  When there's an error,
2418         RegExp::matchInline() also throws an exception via a throwError() helper.
2419
2420         This patch fixes operationRegExpExecNonGlobalOrSticky() to check for an exception
2421         being thrown, or createRegExpMatchesArray() returning a null array due to a failed
2422         match.
2423
2424         * dfg/DFGOperations.cpp:
2425
2426 2019-10-22  Adrian Perez de Castro  <aperez@igalia.com>
2427
2428         [GTK][WPE] Fix non-unified builds after r251326
2429         https://bugs.webkit.org/show_bug.cgi?id=203244
2430
2431         Reviewed by Youenn Fablet.
2432
2433         * ftl/FTLOSREntry.h: Add missing forward declaration of JSC::VM.
2434         * inspector/ScriptCallStackFactory.h: Add missing forward declaration of JSC::JSGlobalObject.
2435         * llint/LLIntExceptions.h: Add missing forward declaration of JSC::VM.
2436         * runtime/ExceptionFuzz.h: Add missing forward declaration of JSC::JSGlobalObject.
2437         * runtime/JSDateMath.h: Ditto.
2438         * runtime/JSStringJoiner.h: Add missing inclusion of the JSGlobalObject.h header.
2439         * runtime/Watchdog.h: Add missing forward declaration of JSC::JSGlobalObject.
2440         * wasm/WasmOperations.h: Add missing forward declaration of JSC::JSWebAssemblyInstance.
2441
2442 2019-10-21  Yusuke Suzuki  <ysuzuki@apple.com>
2443
2444         [JSC] Thread JSGlobalObject* instead of ExecState*
2445         https://bugs.webkit.org/show_bug.cgi?id=202392
2446
2447         Reviewed by Geoffrey Garen.
2448
2449         This patch replaces JSC's convention entirely: instead of passing ExecState*, we pass lexical JSGlobalObject*.
2450         We have many issues historically.
2451
2452         1. We have a hack like global-exec, since many runtime functions take ExecState* while valid ExecState* is populated only after executing some JS function.
2453         2. We pass ExecState* without considering whether this is correct one when inlining a function. If inlined function has different realm, `exec->lexicalGlobalObject()` just returns wrong JSGlobalObject*.
2454
2455         This patch attempts to remove these issues entirely by passing JSGlobalObject* instead of ExecState*.
2456
2457         1. We change ExecState* to JSGlobalObject*.
2458         2. JIT operations should take JSGlobalObject* instead of ExecState* to reflect the inlinee's JSGlobalObject* correctly.
2459         3. We get CallFrame* by using `__builtin_frame_address(1)` in JIT operations. When it is not available, we put CallFrame* to `vm.topCallFrame` in the caller side and load it from VM.
2460         4. We remove ExecState*. All the actual call-frame is called `CallFrame*`. CallFrame* is passed only when CallFrame* is actually needed: accessing arguments, OSR etc.
2461         5. LLInt and Baseline slow paths are just getting CallFrame*. It gets CodeBlock from CallFrame* and getting VM& and JSGlobalObject* from it since they do not have inlining.
2462         6. We basically removed `VM::vmEntryGlobalObject`. It returns JSGlobalObject* from VMEntryScope. APIs and Completion.cpp use this but they are wrong. And by using lexical JSGlobalObject*, we fixed WPT issues.
2463         7. This patch does not fix complicated JSGlobalObject* issues. But we put FIXME if it seems wrong and it needs to be revisited.
2464         8. FunctionConstructor, ArrayConstructor etc. are exposed from JSGlobalObject to use it for InternalFunction::createStructure() without using `CallFrame*`.
2465
2466         * API/APICallbackFunction.h:
2467         (JSC::APICallbackFunction::call):
2468         (JSC::APICallbackFunction::construct):
2469         * API/APICast.h:
2470         (toJS):
2471         (toJSGlobalObject):
2472         (toJSForGC):
2473         (toRef):
2474         (toGlobalRef):
2475         * API/APIUtils.h:
2476         (handleExceptionIfNeeded):
2477         (setException):
2478         * API/JSAPIGlobalObject.h:
2479         * API/JSAPIGlobalObject.mm:
2480         (JSC::JSAPIGlobalObject::moduleLoaderResolve):
2481         (JSC::JSAPIGlobalObject::moduleLoaderImportModule):
2482         (JSC::JSAPIGlobalObject::moduleLoaderFetch):
2483         (JSC::JSAPIGlobalObject::moduleLoaderCreateImportMetaProperties):
2484         (JSC::JSAPIGlobalObject::moduleLoaderEvaluate):
2485         (JSC::JSAPIGlobalObject::loadAndEvaluateJSScriptModule):
2486         * API/JSAPIValueWrapper.h:
2487         * API/JSBase.cpp:
2488         (JSEvaluateScriptInternal):
2489         (JSEvaluateScript):
2490         (JSCheckScriptSyntax):
2491         (JSGarbageCollect):
2492         (JSReportExtraMemoryCost):
2493         (JSSynchronousGarbageCollectForDebugging):
2494         (JSSynchronousEdenCollectForDebugging):
2495         * API/JSBaseInternal.h:
2496         * API/JSCTestRunnerUtils.cpp:
2497         (JSC::failNextNewCodeBlock):
2498         (JSC::numberOfDFGCompiles):
2499         (JSC::setNeverInline):
2500         (JSC::setNeverOptimize):
2501         * API/JSCallbackConstructor.h:
2502         * API/JSCallbackObject.h:
2503         * API/JSCallbackObjectFunctions.h:
2504         (JSC::JSCallbackObject<Parent>::JSCallbackObject):
2505         (JSC::JSCallbackObject<Parent>::finishCreation):
2506         (JSC::JSCallbackObject<Parent>::init):
2507         (JSC::JSCallbackObject<Parent>::toStringName):
2508         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
2509         (JSC::JSCallbackObject<Parent>::getOwnPropertySlotByIndex):
2510         (JSC::JSCallbackObject<Parent>::defaultValue):
2511         (JSC::JSCallbackObject<Parent>::put):
2512         (JSC::JSCallbackObject<Parent>::putByIndex):
2513         (JSC::JSCallbackObject<Parent>::deleteProperty):
2514         (JSC::JSCallbackObject<Parent>::deletePropertyByIndex):
2515         (JSC::JSCallbackObject<Parent>::construct):
2516         (JSC::JSCallbackObject<Parent>::customHasInstance):
2517         (JSC::JSCallbackObject<Parent>::call):
2518         (JSC::JSCallbackObject<Parent>::getOwnNonIndexPropertyNames):
2519         (JSC::JSCallbackObject<Parent>::getStaticValue):
2520         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
2521         (JSC::JSCallbackObject<Parent>::callbackGetter):
2522         * API/JSClassRef.cpp:
2523         (OpaqueJSClass::contextData):
2524         (OpaqueJSClass::staticValues):
2525         (OpaqueJSClass::staticFunctions):
2526         (OpaqueJSClass::prototype):
2527         * API/JSClassRef.h:
2528         * API/JSContext.mm:
2529         (-[JSContext ensureWrapperMap]):
2530         (-[JSContext evaluateJSScript:]):
2531         (-[JSContext dependencyIdentifiersForModuleJSScript:]):
2532         (-[JSContext setException:]):
2533         (-[JSContext initWithGlobalContextRef:]):
2534         (-[JSContext wrapperMap]):
2535         * API/JSContextRef.cpp:
2536         (internalScriptTimeoutCallback):
2537         (JSGlobalContextCreateInGroup):
2538         (JSGlobalContextRetain):
2539         (JSGlobalContextRelease):
2540         (JSContextGetGlobalObject):
2541         (JSContextGetGroup):
2542         (JSContextGetGlobalContext):
2543         (JSGlobalContextCopyName):
2544         (JSGlobalContextSetName):
2545         (JSGlobalContextSetUnhandledRejectionCallback):
2546         (JSContextCreateBacktrace):
2547         (JSGlobalContextGetRemoteInspectionEnabled):
2548         (JSGlobalContextSetRemoteInspectionEnabled):
2549         (JSGlobalContextGetIncludesNativeCallStackWhenReportingExceptions):
2550         (JSGlobalContextSetIncludesNativeCallStackWhenReportingExceptions):
2551         (JSGlobalContextGetDebuggerRunLoop):
2552         (JSGlobalContextSetDebuggerRunLoop):
2553         (JSGlobalContextGetAugmentableInspectorController):
2554         * API/JSManagedValue.mm:
2555         (-[JSManagedValue initWithValue:]):
2556         (-[JSManagedValue value]):
2557         * API/JSObjectRef.cpp:
2558         (JSObjectMake):
2559         (JSObjectMakeFunctionWithCallback):
2560         (JSObjectMakeConstructor):
2561         (JSObjectMakeFunction):
2562         (JSObjectMakeArray):
2563         (JSObjectMakeDate):
2564         (JSObjectMakeError):
2565         (JSObjectMakeRegExp):
2566         (JSObjectMakeDeferredPromise):
2567         (JSObjectGetPrototype):
2568         (JSObjectSetPrototype):
2569         (JSObjectHasProperty):
2570         (JSObjectGetProperty):
2571         (JSObjectSetProperty):
2572         (JSObjectHasPropertyForKey):
2573         (JSObjectGetPropertyForKey):
2574         (JSObjectSetPropertyForKey):
2575         (JSObjectDeletePropertyForKey):
2576         (JSObjectGetPropertyAtIndex):
2577         (JSObjectSetPropertyAtIndex):
2578         (JSObjectDeleteProperty):
2579         (JSObjectGetPrivateProperty):
2580         (JSObjectSetPrivateProperty):
2581         (JSObjectDeletePrivateProperty):
2582         (JSObjectIsFunction):
2583         (JSObjectCallAsFunction):
2584         (JSObjectIsConstructor):
2585         (JSObjectCallAsConstructor):
2586         (JSObjectCopyPropertyNames):
2587         (JSObjectGetGlobalContext):
2588         * API/JSScriptRef.cpp:
2589         * API/JSTypedArray.cpp:
2590         (createTypedArray):
2591         (JSValueGetTypedArrayType):
2592         (JSObjectMakeTypedArray):
2593         (JSObjectMakeTypedArrayWithBytesNoCopy):
2594         (JSObjectMakeTypedArrayWithArrayBuffer):
2595         (JSObjectMakeTypedArrayWithArrayBufferAndOffset):
2596         (JSObjectGetTypedArrayBytesPtr):
2597         (JSObjectGetTypedArrayLength):
2598         (JSObjectGetTypedArrayByteLength):
2599         (JSObjectGetTypedArrayByteOffset):
2600         (JSObjectGetTypedArrayBuffer):
2601         (JSObjectMakeArrayBufferWithBytesNoCopy):
2602         (JSObjectGetArrayBufferBytesPtr):
2603         (JSObjectGetArrayBufferByteLength):
2604         * API/JSValue.mm:
2605         (JSContainerConvertor::add):
2606         (reportExceptionToInspector):
2607         (valueToObjectWithoutCopy):
2608         (ObjcContainerConvertor::add):
2609         * API/JSValueRef.cpp:
2610         (JSValueGetType):
2611         (JSValueIsUndefined):
2612         (JSValueIsNull):
2613         (JSValueIsBoolean):
2614         (JSValueIsNumber):
2615         (JSValueIsString):
2616         (JSValueIsObject):
2617         (JSValueIsSymbol):
2618         (JSValueIsArray):
2619         (JSValueIsDate):
2620         (JSValueIsObjectOfClass):
2621         (JSValueIsEqual):
2622         (JSValueIsStrictEqual):
2623         (JSValueIsInstanceOfConstructor):
2624         (JSValueMakeUndefined):
2625         (JSValueMakeNull):
2626         (JSValueMakeBoolean):
2627         (JSValueMakeNumber):
2628         (JSValueMakeSymbol):
2629         (JSValueMakeString):
2630         (JSValueMakeFromJSONString):
2631         (JSValueCreateJSONString):
2632         (JSValueToBoolean):
2633         (JSValueToNumber):
2634         (JSValueToStringCopy):
2635         (JSValueToObject):
2636         (JSValueProtect):
2637         (JSValueUnprotect):
2638         * API/JSWeakObjectMapRefPrivate.cpp:
2639         * API/JSWrapperMap.mm:
2640         (constructorHasInstance):
2641         (makeWrapper):
2642         (putNonEnumerable):
2643         (copyMethodsToObject):
2644         (-[JSObjCClassInfo wrapperForObject:inContext:]):
2645         (-[JSObjCClassInfo structureInContext:]):
2646         * API/ObjCCallbackFunction.mm:
2647         (JSC::objCCallbackFunctionCallAsFunction):
2648         (JSC::objCCallbackFunctionCallAsConstructor):
2649         (objCCallbackFunctionForInvocation):
2650         * API/glib/JSCCallbackFunction.cpp:
2651         (JSC::JSCCallbackFunction::call):
2652         (JSC::JSCCallbackFunction::construct):
2653         * API/glib/JSCClass.cpp:
2654         (isWrappedObject):
2655         (jscContextForObject):
2656         (jscClassCreateConstructor):
2657         (jscClassAddMethod):
2658         * API/glib/JSCContext.cpp:
2659         (jsc_context_evaluate_in_object):
2660         (jsc_context_check_syntax):
2661         * API/glib/JSCException.cpp:
2662         (jscExceptionCreate):
2663         * API/glib/JSCValue.cpp:
2664         (jsc_value_object_define_property_data):
2665         (jsc_value_object_define_property_accessor):
2666         (jscValueFunctionCreate):
2667         * API/glib/JSCWeakValue.cpp:
2668         (jscWeakValueInitialize):
2669         (jsc_weak_value_get_value):
2670         * API/glib/JSCWrapperMap.cpp:
2671         (JSC::WrapperMap::createJSWrappper):
2672         (JSC::WrapperMap::createContextWithJSWrappper):
2673         * API/tests/JSONParseTest.cpp:
2674         (testJSONParse):
2675         * API/tests/JSObjectGetProxyTargetTest.cpp:
2676         (testJSObjectGetProxyTarget):
2677         * API/tests/JSWrapperMapTests.mm:
2678         (+[JSWrapperMapTests testStructureIdentity]):
2679         * API/tests/testapi.cpp:
2680         (APIContext::APIContext):
2681         (APIContext::operator JSC::JSGlobalObject*):
2682         (APIContext::operator JSC::ExecState*): Deleted.
2683         * CMakeLists.txt:
2684         * JavaScriptCore.xcodeproj/project.pbxproj:
2685         * bindings/ScriptFunctionCall.cpp:
2686         (Deprecated::ScriptCallArgumentHandler::appendArgument):
2687         (Deprecated::ScriptFunctionCall::ScriptFunctionCall):
2688         (Deprecated::ScriptFunctionCall::call):
2689         * bindings/ScriptFunctionCall.h:
2690         * bindings/ScriptObject.cpp:
2691         (Deprecated::ScriptObject::ScriptObject):
2692         * bindings/ScriptObject.h:
2693         (Deprecated::ScriptObject::globalObject const):
2694         (Deprecated::ScriptObject::scriptState const): Deleted.
2695         * bindings/ScriptValue.cpp:
2696         (Inspector::jsToInspectorValue):
2697         (Inspector::toInspectorValue):
2698         * bindings/ScriptValue.h:
2699         * bytecode/AccessCase.cpp:
2700         (JSC::AccessCase::generateImpl):
2701         * bytecode/AccessCaseSnippetParams.cpp:
2702         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
2703         * bytecode/CodeBlock.cpp:
2704         (JSC::CodeBlock::finishCreation):
2705         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
2706         (JSC::CodeBlock::setConstantRegisters):
2707         (JSC::CodeBlock::linkIncomingCall):
2708         (JSC::CodeBlock::linkIncomingPolymorphicCall):
2709         (JSC::CodeBlock::noticeIncomingCall):
2710         * bytecode/CodeBlock.h:
2711         (JSC::CallFrame::r):
2712         (JSC::CallFrame::uncheckedR):
2713         (JSC::ExecState::r): Deleted.
2714         (JSC::ExecState::uncheckedR): Deleted.
2715         * bytecode/DirectEvalCodeCache.cpp:
2716         (JSC::DirectEvalCodeCache::setSlow):
2717         * bytecode/DirectEvalCodeCache.h:
2718         (JSC::DirectEvalCodeCache::set):
2719         * bytecode/InlineCallFrame.cpp:
2720         (JSC::InlineCallFrame::calleeForCallFrame const):
2721         * bytecode/InlineCallFrame.h:
2722         * bytecode/InternalFunctionAllocationProfile.h:
2723         (JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
2724         * bytecode/ObjectPropertyConditionSet.cpp:
2725         (JSC::generateConditionsForPropertyMiss):
2726         (JSC::generateConditionsForPropertySetterMiss):
2727         (JSC::generateConditionsForPrototypePropertyHit):
2728         (JSC::generateConditionsForPrototypePropertyHitCustom):
2729         (JSC::generateConditionsForInstanceOf):
2730         * bytecode/ObjectPropertyConditionSet.h:
2731         * bytecode/PolymorphicAccess.cpp:
2732         (JSC::AccessGenerationState::emitExplicitExceptionHandler):
2733         * bytecode/StructureStubInfo.h:
2734         (JSC::appropriateGenericGetByIdFunction):
2735         * bytecode/UnlinkedFunctionExecutable.cpp:
2736         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2737         * bytecode/UnlinkedFunctionExecutable.h:
2738         * bytecode/ValueRecovery.cpp:
2739         (JSC::ValueRecovery::recover const):
2740         * bytecode/ValueRecovery.h:
2741         * debugger/Debugger.cpp:
2742         (JSC::Debugger::attach):
2743         (JSC::Debugger::hasBreakpoint):
2744         (JSC::Debugger::breakProgram):
2745         (JSC::lexicalGlobalObjectForCallFrame):
2746         (JSC::Debugger::updateCallFrame):
2747         (JSC::Debugger::pauseIfNeeded):
2748         (JSC::Debugger::exception):
2749         (JSC::Debugger::atStatement):
2750         (JSC::Debugger::atExpression):
2751         (JSC::Debugger::callEvent):
2752         (JSC::Debugger::returnEvent):
2753         (JSC::Debugger::unwindEvent):
2754         (JSC::Debugger::willExecuteProgram):
2755         (JSC::Debugger::didExecuteProgram):
2756         (JSC::Debugger::didReachBreakpoint):
2757         * debugger/Debugger.h:
2758         * debugger/DebuggerCallFrame.cpp:
2759         (JSC::DebuggerCallFrame::create):
2760         (JSC::DebuggerCallFrame::globalObject):
2761         (JSC::DebuggerCallFrame::deprecatedVMEntryGlobalObject const):
2762         (JSC::DebuggerCallFrame::thisValue const):
2763         (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
2764         (JSC::DebuggerCallFrame::sourceIDForCallFrame):
2765         (JSC::DebuggerCallFrame::globalExec): Deleted.
2766         (JSC::DebuggerCallFrame::vmEntryGlobalObject const): Deleted.
2767         * debugger/DebuggerCallFrame.h:
2768         * debugger/DebuggerEvalEnabler.h:
2769         (JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
2770         (JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
2771         * debugger/DebuggerScope.cpp:
2772         (JSC::DebuggerScope::toStringName):
2773         (JSC::DebuggerScope::getOwnPropertySlot):
2774         (JSC::DebuggerScope::put):
2775         (JSC::DebuggerScope::deleteProperty):
2776         (JSC::DebuggerScope::getOwnPropertyNames):
2777         (JSC::DebuggerScope::defineOwnProperty):
2778         (JSC::DebuggerScope::caughtValue const):
2779         * debugger/DebuggerScope.h:
2780         * dfg/DFGAbstractInterpreterInlines.h:
2781         (JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult):
2782         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2783         * dfg/DFGArithMode.h:
2784         * dfg/DFGArrayifySlowPathGenerator.h:
2785         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2786         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
2787         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
2788         (JSC::DFG::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator):
2789         * dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
2790         * dfg/DFGGraph.h:
2791         (JSC::DFG::Graph::globalThisObjectFor):
2792         * dfg/DFGJITCode.cpp:
2793         (JSC::DFG::JITCode::reconstruct):
2794         * dfg/DFGJITCode.h:
2795         * dfg/DFGJITCompiler.cpp:
2796         (JSC::DFG::JITCompiler::compileExceptionHandlers):
2797         (JSC::DFG::JITCompiler::compileFunction):
2798         * dfg/DFGOSREntry.cpp:
2799         (JSC::DFG::prepareOSREntry):
2800         (JSC::DFG::prepareCatchOSREntry):
2801         * dfg/DFGOSREntry.h:
2802         (JSC::DFG::prepareOSREntry):
2803         * dfg/DFGOSRExit.cpp:
2804         (JSC::DFG::createClonedArgumentsDuringExit):
2805         (JSC::DFG::OSRExit::executeOSRExit):
2806         (JSC::DFG::adjustAndJumpToTarget):
2807         (JSC::DFG::printOSRExit):
2808         (JSC::DFG::OSRExit::emitRestoreArguments):
2809         (JSC::DFG::OSRExit::compileOSRExit):
2810         (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure):
2811         * dfg/DFGOSRExit.h:
2812         * dfg/DFGOSRExitCompilerCommon.cpp:
2813         (JSC::DFG::osrWriteBarrier):
2814         (JSC::DFG::adjustAndJumpToTarget):
2815         * dfg/DFGOperations.cpp:
2816         (JSC::DFG::putByVal):
2817         (JSC::DFG::putByValInternal):
2818         (JSC::DFG::putByValCellInternal):
2819         (JSC::DFG::putByValCellStringInternal):
2820         (JSC::DFG::newTypedArrayWithSize):
2821         (JSC::DFG::putWithThis):
2822         (JSC::DFG::binaryOp):
2823         (JSC::DFG::bitwiseBinaryOp):
2824         (JSC::DFG::getByValObject):
2825         * dfg/DFGOperations.h:
2826         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
2827         (JSC::DFG::SaneStringGetByValSlowPathGenerator::SaneStringGetByValSlowPathGenerator):
2828         * dfg/DFGSpeculativeJIT.cpp:
2829         (JSC::DFG::SpeculativeJIT::compileInById):
2830         (JSC::DFG::SpeculativeJIT::compileInByVal):
2831         (JSC::DFG::SpeculativeJIT::compileDeleteById):
2832         (JSC::DFG::SpeculativeJIT::compileDeleteByVal):
2833         (JSC::DFG::SpeculativeJIT::compilePushWithScope):
2834         (JSC::DFG::SpeculativeJIT::compileStringSlice):
2835         (JSC::DFG::SpeculativeJIT::compileToLowerCase):
2836         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2837         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
2838         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2839         (JSC::DFG::SpeculativeJIT::compileFromCharCode):
2840         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2841         (JSC::DFG::SpeculativeJIT::compileGetByValForObjectWithString):
2842         (JSC::DFG::SpeculativeJIT::compileGetByValForObjectWithSymbol):
2843         (JSC::DFG::SpeculativeJIT::compilePutByValForCellWithString):
2844         (JSC::DFG::SpeculativeJIT::compilePutByValForCellWithSymbol):
2845         (JSC::DFG::SpeculativeJIT::compileGetByValWithThis):
2846         (JSC::DFG::SpeculativeJIT::compileParseInt):
2847         (JSC::DFG::SpeculativeJIT::compileInstanceOfForCells):
2848         (JSC::DFG::SpeculativeJIT::compileValueBitNot):
2849         (JSC::DFG::SpeculativeJIT::emitUntypedBitOp):
2850         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
2851         (JSC::DFG::SpeculativeJIT::emitUntypedRightShiftBitOp):
2852         (JSC::DFG::SpeculativeJIT::compileValueLShiftOp):
2853         (JSC::DFG::SpeculativeJIT::compileValueBitRShift):
2854         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2855         (JSC::DFG::SpeculativeJIT::compileValueSub):
2856         (JSC::DFG::SpeculativeJIT::compileMathIC):
2857         (JSC::DFG::SpeculativeJIT::compileInstanceOfCustom):
2858         (JSC::DFG::SpeculativeJIT::compileToObjectOrCallObjectConstructor):
2859         (JSC::DFG::SpeculativeJIT::compileArithAbs):
2860         (JSC::DFG::SpeculativeJIT::compileArithClz32):
2861         (JSC::DFG::SpeculativeJIT::compileArithDoubleUnaryOp):
2862         (JSC::DFG::SpeculativeJIT::compileValueMul):
2863         (JSC::DFG::SpeculativeJIT::compileValueDiv):
2864         (JSC::DFG::SpeculativeJIT::compileArithFRound):
2865         (JSC::DFG::SpeculativeJIT::compileValueMod):
2866         (JSC::DFG::SpeculativeJIT::compileArithRounding):
2867         (JSC::DFG::SpeculativeJIT::compileArithSqrt):
2868         (JSC::DFG::SpeculativeJIT::compileValuePow):
2869         (JSC::DFG::SpeculativeJIT::compileStringEquality):
2870         (JSC::DFG::SpeculativeJIT::compileStringCompare):
2871         (JSC::DFG::SpeculativeJIT::compileSameValue):
2872         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
2873         (JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
2874         (JSC::DFG::SpeculativeJIT::compileNewFunction):
2875         (JSC::DFG::SpeculativeJIT::compileSetFunctionName):
2876         (JSC::DFG::SpeculativeJIT::compileLoadVarargs):
2877         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
2878         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
2879         (JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
2880         (JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
2881         (JSC::DFG::SpeculativeJIT::compileCreateRest):
2882         (JSC::DFG::SpeculativeJIT::compileSpread):
2883         (JSC::DFG::SpeculativeJIT::compileNewArray):
2884         (JSC::DFG::SpeculativeJIT::compileNewArrayWithSpread):
2885         (JSC::DFG::SpeculativeJIT::compileArraySlice):
2886         (JSC::DFG::SpeculativeJIT::compileArrayIndexOf):
2887         (JSC::DFG::SpeculativeJIT::compileArrayPush):
2888         (JSC::DFG::SpeculativeJIT::compileNotifyWrite):
2889         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
2890         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2891         (JSC::DFG::SpeculativeJIT::compileCallDOM):
2892         (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
2893         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOrStringValueOf):
2894         (JSC::DFG::SpeculativeJIT::compileNumberToStringWithValidRadixConstant):
2895         (JSC::DFG::SpeculativeJIT::compileNumberToStringWithRadix):
2896         (JSC::DFG::SpeculativeJIT::compileNewStringObject):
2897         (JSC::DFG::SpeculativeJIT::compileNewSymbol):
2898         (JSC::DFG::SpeculativeJIT::compileNewTypedArrayWithSize):
2899         (JSC::DFG::SpeculativeJIT::compileNewRegexp):
2900         (JSC::DFG::SpeculativeJIT::emitSwitchImm):
2901         (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
2902         (JSC::DFG::SpeculativeJIT::emitSwitchChar):
2903         (JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
2904         (JSC::DFG::SpeculativeJIT::emitSwitchString):
2905         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
2906         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
2907         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
2908         (JSC::DFG::SpeculativeJIT::compileResolveScope):
2909         (JSC::DFG::SpeculativeJIT::compileResolveScopeForHoistingFuncDeclInEval):
2910         (JSC::DFG::SpeculativeJIT::compileGetDynamicVar):
2911         (JSC::DFG::SpeculativeJIT::compilePutDynamicVar):
2912         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
2913         (JSC::DFG::SpeculativeJIT::compileStringReplace):
2914         (JSC::DFG::SpeculativeJIT::compileDefineDataProperty):
2915         (JSC::DFG::SpeculativeJIT::compileDefineAccessorProperty):
2916         (JSC::DFG::SpeculativeJIT::compileThrow):
2917         (JSC::DFG::SpeculativeJIT::compileThrowStaticError):
2918         (JSC::DFG::SpeculativeJIT::compileHasGenericProperty):
2919         (JSC::DFG::SpeculativeJIT::compileToIndexString):
2920         (JSC::DFG::SpeculativeJIT::compilePutByIdWithThis):
2921         (JSC::DFG::SpeculativeJIT::compileHasStructureProperty):
2922         (JSC::DFG::SpeculativeJIT::compileGetPropertyEnumerator):
2923         (JSC::DFG::SpeculativeJIT::compileStrCat):
2924         (JSC::DFG::SpeculativeJIT::compileNewArrayBuffer):
2925         (JSC::DFG::SpeculativeJIT::compileNewArrayWithSize):
2926         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
2927         (JSC::DFG::SpeculativeJIT::compileToThis):
2928         (JSC::DFG::SpeculativeJIT::compileObjectKeys):
2929         (JSC::DFG::SpeculativeJIT::compileObjectCreate):
2930         (JSC::DFG::SpeculativeJIT::compileCreateThis):
2931         (JSC::DFG::SpeculativeJIT::compileCreatePromise):
2932         (JSC::DFG::SpeculativeJIT::compileCreateInternalFieldObject):
2933         (JSC::DFG::SpeculativeJIT::compileNewObject):
2934         (JSC::DFG::SpeculativeJIT::compileNewPromise):
2935         (JSC::DFG::SpeculativeJIT::compileNewInternalFieldObject):
2936         (JSC::DFG::SpeculativeJIT::compileToPrimitive):
2937         (JSC::DFG::SpeculativeJIT::compileSetAdd):
2938         (JSC::DFG::SpeculativeJIT::compileMapSet):
2939         (JSC::DFG::SpeculativeJIT::compileWeakSetAdd):
2940         (JSC::DFG::SpeculativeJIT::compileWeakMapSet):
2941         (JSC::DFG::SpeculativeJIT::compileGetPrototypeOf):
2942         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
2943         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
2944         (JSC::DFG::SpeculativeJIT::compileGetDirectPname):
2945         (JSC::DFG::SpeculativeJIT::compileProfileType):
2946         (JSC::DFG::SpeculativeJIT::cachedPutById):
2947         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2948         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2949         (JSC::DFG::SpeculativeJIT::compileBigIntEquality):
2950         (JSC::DFG::SpeculativeJIT::compileMakeRope):
2951         * dfg/DFGSpeculativeJIT.h:
2952         (JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
2953         (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
2954         * dfg/DFGSpeculativeJIT32_64.cpp:
2955         (JSC::DFG::SpeculativeJIT::cachedGetById):
2956         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2957         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2958         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2959         (JSC::DFG::SpeculativeJIT::emitCall):
2960         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
2961         (JSC::DFG::SpeculativeJIT::compile):
2962         * dfg/DFGSpeculativeJIT64.cpp:
2963         (JSC::DFG::SpeculativeJIT::cachedGetById):
2964         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2965         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2966         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2967         (JSC::DFG::SpeculativeJIT::emitCall):
2968         (JSC::DFG::SpeculativeJIT::compile):
2969         * dynbench.cpp:
2970         (main):
2971         * ftl/FTLCompile.cpp:
2972         (JSC::FTL::compile):
2973         * ftl/FTLGeneratedFunction.h:
2974         * ftl/FTLLink.cpp:
2975         (JSC::FTL::link):
2976         * ftl/FTLLowerDFGToB3.cpp:
2977         (JSC::FTL::DFG::LowerDFGToB3::lower):
2978         (JSC::FTL::DFG::LowerDFGToB3::compileToObjectOrCallObjectConstructor):
2979         (JSC::FTL::DFG::LowerDFGToB3::compileToThis):
2980         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2981         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2982         (JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
2983         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
2984         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
2985         (JSC::FTL::DFG::LowerDFGToB3::compileStrCat):
2986         (JSC::FTL::DFG::LowerDFGToB3::compileArithClz32):
2987         (JSC::FTL::DFG::LowerDFGToB3::compileValueDiv):
2988         (JSC::FTL::DFG::LowerDFGToB3::compileValueMod):
2989         (JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):
2990         (JSC::FTL::DFG::LowerDFGToB3::compileArithUnary):
2991         (JSC::FTL::DFG::LowerDFGToB3::compileValuePow):
2992         (JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
2993         (JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
2994         (JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):
2995         (JSC::FTL::DFG::LowerDFGToB3::compileArithTrunc):
2996         (JSC::FTL::DFG::LowerDFGToB3::compileArithSqrt):
2997         (JSC::FTL::DFG::LowerDFGToB3::compileArithFRound):
2998         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitNot):
2999         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
3000         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
3001         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitXor):
3002         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitRShift):
3003         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitLShift):
3004         (JSC::FTL::DFG::LowerDFGToB3::compileArrayify):
3005         (JSC::FTL::DFG::LowerDFGToB3::compileGetById):
3006         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
3007         (JSC::FTL::DFG::LowerDFGToB3::compileGetByValWithThis):
3008         (JSC::FTL::DFG::LowerDFGToB3::compilePutByIdWithThis):
3009         (JSC::FTL::DFG::LowerDFGToB3::compilePutByValWithThis):
3010         (JSC::FTL::DFG::LowerDFGToB3::compileAtomicsReadModifyWrite):
3011         (JSC::FTL::DFG::LowerDFGToB3::compileAtomicsIsLockFree):
3012         (JSC::FTL::DFG::LowerDFGToB3::compileDefineDataProperty):
3013         (JSC::FTL::DFG::LowerDFGToB3::compileDefineAccessorProperty):
3014         (JSC::FTL::DFG::LowerDFGToB3::compilePutById):
3015         (JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
3016         (JSC::FTL::DFG::LowerDFGToB3::compileGetPrototypeOf):
3017         (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
3018         (JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
3019         (JSC::FTL::DFG::LowerDFGToB3::compilePutAccessorById):
3020         (JSC::FTL::DFG::LowerDFGToB3::compilePutGetterSetterById):
3021         (JSC::FTL::DFG::LowerDFGToB3::compilePutAccessorByVal):
3022         (JSC::FTL::DFG::LowerDFGToB3::compileDeleteById):
3023         (JSC::FTL::DFG::LowerDFGToB3::compileDeleteByVal):
3024         (JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
3025         (JSC::FTL::DFG::LowerDFGToB3::compileArrayIndexOf):
3026         (JSC::FTL::DFG::LowerDFGToB3::compileArrayPop):
3027         (JSC::FTL::DFG::LowerDFGToB3::compilePushWithScope):
3028         (JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
3029         (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
3030         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
3031         (JSC::FTL::DFG::LowerDFGToB3::compileCreateScopedArguments):
3032         (JSC::FTL::DFG::LowerDFGToB3::compileCreateClonedArguments):
3033         (JSC::FTL::DFG::LowerDFGToB3::compileCreateRest):
3034         (JSC::FTL::DFG::LowerDFGToB3::compileObjectKeys):
3035         (JSC::FTL::DFG::LowerDFGToB3::compileObjectCreate):
3036         (JSC::FTL::DFG::LowerDFGToB3::compileNewPromise):
3037         (JSC::FTL::DFG::LowerDFGToB3::compileNewInternalFieldObject):
3038         (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
3039         (JSC::FTL::DFG::LowerDFGToB3::compileNewSymbol):
3040         (JSC::FTL::DFG::LowerDFGToB3::compileNewArray):
3041         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
3042         (JSC::FTL::DFG::LowerDFGToB3::compileCreateThis):
3043         (JSC::FTL::DFG::LowerDFGToB3::compileCreatePromise):
3044         (JSC::FTL::DFG::LowerDFGToB3::compileCreateInternalFieldObject):
3045         (JSC::FTL::DFG::LowerDFGToB3::compileSpread):
3046         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayBuffer):
3047         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
3048         (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
3049         (JSC::FTL::DFG::LowerDFGToB3::compileToNumber):
3050         (JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructorOrStringValueOf):
3051         (JSC::FTL::DFG::LowerDFGToB3::compileToPrimitive):
3052         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
3053         (JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
3054         (JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCode):
3055         (JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
3056         (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
3057         (JSC::FTL::DFG::LowerDFGToB3::compileSameValue):
3058         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
3059         (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
3060         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
3061         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
3062         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
3063         (JSC::FTL::DFG::LowerDFGToB3::compileLoadVarargs):
3064         (JSC::FTL::DFG::LowerDFGToB3::compileSwitch):
3065         (JSC::FTL::DFG::LowerDFGToB3::compileThrow):
3066         (JSC::FTL::DFG::LowerDFGToB3::compileThrowStaticError):
3067         (JSC::FTL::DFG::LowerDFGToB3::mapHashString):
3068         (JSC::FTL::DFG::LowerDFGToB3::compileMapHash):
3069         (JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucket):
3070         (JSC::FTL::DFG::LowerDFGToB3::compileSetAdd):
3071         (JSC::FTL::DFG::LowerDFGToB3::compileMapSet):
3072         (JSC::FTL::DFG::LowerDFGToB3::compileWeakSetAdd):
3073         (JSC::FTL::DFG::LowerDFGToB3::compileWeakMapSet):
3074         (JSC::FTL::DFG::LowerDFGToB3::compileInByVal):
3075         (JSC::FTL::DFG::LowerDFGToB3::compileInById):
3076         (JSC::FTL::DFG::LowerDFGToB3::compileHasOwnProperty):
3077         (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
3078         (JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
3079         (JSC::FTL::DFG::LowerDFGToB3::compileInstanceOfCustom):
3080         (JSC::FTL::DFG::LowerDFGToB3::compileHasIndexedProperty):
3081         (JSC::FTL::DFG::LowerDFGToB3::compileHasGenericProperty):
3082         (JSC::FTL::DFG::LowerDFGToB3::compileHasStructureProperty):
3083         (JSC::FTL::DFG::LowerDFGToB3::compileGetDirectPname):
3084         (JSC::FTL::DFG::LowerDFGToB3::compileGetPropertyEnumerator):
3085         (JSC::FTL::DFG::LowerDFGToB3::compileToIndexString):
3086         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
3087         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
3088         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
3089         (JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
3090         (JSC::FTL::DFG::LowerDFGToB3::compileRegExpExecNonGlobalOrSticky):
3091         (JSC::FTL::DFG::LowerDFGToB3::compileRegExpMatchFastGlobal):
3092         (JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
3093         (JSC::FTL::DFG::LowerDFGToB3::compileRegExpMatchFast):
3094         (JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
3095         (JSC::FTL::DFG::LowerDFGToB3::compileSetFunctionName):
3096         (JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
3097         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
3098         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
3099         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
3100         (JSC::FTL::DFG::LowerDFGToB3::getById):
3101         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
3102         (JSC::FTL::DFG::LowerDFGToB3::compare):
3103         (JSC::FTL::DFG::LowerDFGToB3::compileStringSlice):
3104         (JSC::FTL::DFG::LowerDFGToB3::compileToLowerCase):
3105         (JSC::FTL::DFG::LowerDFGToB3::compileNumberToStringWithRadix):
3106         (JSC::FTL::DFG::LowerDFGToB3::compileNumberToStringWithValidRadixConstant):
3107         (JSC::FTL::DFG::LowerDFGToB3::compileResolveScopeForHoistingFuncDeclInEval):
3108         (JSC::FTL::DFG::LowerDFGToB3::compileResolveScope):
3109         (JSC::FTL::DFG::LowerDFGToB3::compileGetDynamicVar):
3110         (JSC::FTL::DFG::LowerDFGToB3::compilePutDynamicVar):
3111         (JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):
3112         (JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
3113         (JSC::FTL::DFG::LowerDFGToB3::nonSpeculativeCompare):
3114         (JSC::FTL::DFG::LowerDFGToB3::stringsEqual):
3115         (JSC::FTL::DFG::LowerDFGToB3::emitBinarySnippet):
3116         (JSC::FTL::DFG::LowerDFGToB3::emitBinaryBitOpSnippet):
3117         (JSC::FTL::DFG::LowerDFGToB3::emitRightShiftSnippet):
3118         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
3119         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
3120         (JSC::FTL::DFG::LowerDFGToB3::ensureShadowChickenPacket):
3121         (JSC::FTL::DFG::LowerDFGToB3::contiguousPutByValOutOfBounds):
3122         (JSC::FTL::DFG::LowerDFGToB3::switchStringSlow):
3123         (JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
3124         (JSC::FTL::DFG::LowerDFGToB3::callCheck):
3125         * ftl/FTLOSREntry.cpp:
3126         (JSC::FTL::prepareOSREntry):
3127         * ftl/FTLOSREntry.h:
3128         * ftl/FTLOSRExitCompiler.cpp:
3129         (JSC::FTL::compileStub):
3130         (JSC::FTL::compileFTLOSRExit):
3131         * ftl/FTLOSRExitCompiler.h:
3132         * ftl/FTLOperations.cpp:
3133         (JSC::FTL::operationPopulateObjectInOSR):
3134         (JSC::FTL::operationMaterializeObjectInOSR):
3135         (JSC::FTL::compileFTLLazySlowPath):
3136         * ftl/FTLOperations.h:
3137         * ftl/FTLSlowPathCall.h:
3138         (JSC::FTL::callOperation):
3139         * generator/Metadata.rb:
3140         * heap/Handle.h:
3141         * heap/HeapCell.h:
3142         * heap/HeapSnapshotBuilder.cpp:
3143         (JSC::HeapSnapshotBuilder::json):
3144         * inspector/ConsoleMessage.cpp:
3145         (Inspector::ConsoleMessage::ConsoleMessage):
3146         (Inspector::ConsoleMessage::autogenerateMetadata):
3147         (Inspector::ConsoleMessage::addToFrontend):
3148         (Inspector::ConsoleMessage::globalObject const):
3149         (Inspector::ConsoleMessage::scriptState const): Deleted.
3150         * inspector/ConsoleMessage.h:
3151         * inspector/InjectedScript.cpp:
3152         (Inspector::InjectedScript::wrapCallFrames const):
3153         (Inspector::InjectedScript::wrapObject const):
3154         (Inspector::InjectedScript::wrapJSONString const):
3155         (Inspector::InjectedScript::wrapTable const):
3156         (Inspector::InjectedScript::previewValue const):
3157         (Inspector::InjectedScript::arrayFromVector):
3158         * inspector/InjectedScriptBase.cpp:
3159         (Inspector::InjectedScriptBase::hasAccessToInspectedScriptState const):
3160         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled const):
3161         (Inspector::InjectedScriptBase::makeCall):
3162         (Inspector::InjectedScriptBase::makeAsyncCall):
3163         * inspector/InjectedScriptBase.h:
3164         * inspector/InjectedScriptHost.cpp:
3165         (Inspector::InjectedScriptHost::wrapper):
3166         * inspector/InjectedScriptHost.h:
3167         * inspector/InjectedScriptManager.cpp:
3168         (Inspector::InjectedScriptManager::injectedScriptIdFor):
3169         (Inspector::InjectedScriptManager::createInjectedScript):
3170         (Inspector::InjectedScriptManager::injectedScriptFor):
3171         * inspector/InjectedScriptManager.h:
3172         * inspector/InjectedScriptModule.cpp:
3173         (Inspector::InjectedScriptModule::ensureInjected):
3174         * inspector/InjectedScriptModule.h:
3175         * inspector/InspectorEnvironment.h:
3176         * inspector/JSGlobalObjectConsoleClient.cpp:
3177         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
3178         (Inspector::JSGlobalObjectConsoleClient::count):
3179         (Inspector::JSGlobalObjectConsoleClient::countReset):
3180         (Inspector::JSGlobalObjectConsoleClient::profile):
3181         (Inspector::JSGlobalObjectConsoleClient::profileEnd):
3182         (Inspector::JSGlobalObjectConsoleClient::takeHeapSnapshot):
3183         (Inspector::JSGlobalObjectConsoleClient::time):
3184         (Inspector::JSGlobalObjectConsoleClient::timeLog):
3185         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
3186         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
3187         (Inspector::JSGlobalObjectConsoleClient::record):
3188         (Inspector::JSGlobalObjectConsoleClient::recordEnd):
3189         (Inspector::JSGlobalObjectConsoleClient::screenshot):
3190         * inspector/JSGlobalObjectConsoleClient.h:
3191         * inspector/JSGlobalObjectInspectorController.cpp:
3192         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
3193         * inspector/JSGlobalObjectInspectorController.h:
3194         * inspector/JSGlobalObjectScriptDebugServer.h:
3195         * inspector/JSInjectedScriptHost.cpp:
3196         (Inspector::JSInjectedScriptHost::evaluate const):
3197         (Inspector::JSInjectedScriptHost::savedResultAlias const):
3198         (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
3199         (Inspector::JSInjectedScriptHost::internalConstructorName):
3200         (Inspector::JSInjectedScriptHost::isHTMLAllCollection):
3201         (Inspector::JSInjectedScriptHost::isPromiseRejectedWithNativeGetterTypeError):
3202         (Inspector::JSInjectedScriptHost::subtype):
3203         (Inspector::JSInjectedScriptHost::functionDetails):
3204         (Inspector::constructInternalProperty):
3205         (Inspector::JSInjectedScriptHost::getInternalProperties):
3206         (Inspector::JSInjectedScriptHost::proxyTargetValue):
3207         (Inspector::JSInjectedScriptHost::weakMapSize):
3208         (Inspector::JSInjectedScriptHost::weakMapEntries):
3209         (Inspector::JSInjectedScriptHost::weakSetSize):
3210         (Inspector::JSInjectedScriptHost::weakSetEntries):
3211         (Inspector::cloneArrayIteratorObject):
3212         (Inspector::cloneMapIteratorObject):
3213         (Inspector::cloneSetIteratorObject):
3214         (Inspector::JSInjectedScriptHost::iteratorEntries):
3215         (Inspector::checkForbiddenPrototype):
3216         (Inspector::JSInjectedScriptHost::queryInstances):
3217         (Inspector::JSInjectedScriptHost::queryHolders):
3218         * inspector/JSInjectedScriptHost.h:
3219         * inspector/JSInjectedScriptHostPrototype.cpp:
3220         (Inspector::jsInjectedScriptHostPrototypeAttributeEvaluate):
3221         (Inspector::jsInjectedScriptHostPrototypeAttributeSavedResultAlias):
3222         (Inspector::jsInjectedScriptHostPrototypeFunctionInternalConstructorName):
3223         (Inspector::jsInjectedScriptHostPrototypeFunctionIsHTMLAllCollection):
3224         (Inspector::jsInjectedScriptHostPrototypeFunctionIsPromiseRejectedWithNativeGetterTypeError):
3225         (Inspector::jsInjectedScriptHostPrototypeFunctionProxyTargetValue):
3226         (Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapSize):
3227         (Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapEntries):
3228         (Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetSize):
3229         (Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetEntries):
3230         (Inspector::jsInjectedScriptHostPrototypeFunctionIteratorEntries):
3231         (Inspector::jsInjectedScriptHostPrototypeFunctionQueryInstances):
3232         (Inspector::jsInjectedScriptHostPrototypeFunctionQueryHolders):
3233         (Inspector::jsInjectedScriptHostPrototypeFunctionEvaluateWithScopeExtension):
3234         (Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
3235         (Inspector::jsInjectedScriptHostPrototypeFunctionFunctionDetails):
3236         (Inspector::jsInjectedScriptHostPrototypeFunctionGetInternalProperties):
3237         * inspector/JSJavaScriptCallFrame.cpp:
3238         (Inspector::JSJavaScriptCallFrame::evaluateWithScopeExtension):
3239         (Inspector::valueForScopeLocation):
3240         (Inspector::JSJavaScriptCallFrame::scopeDescriptions):
3241         (Inspector::JSJavaScriptCallFrame::caller const):
3242         (Inspector::JSJavaScriptCallFrame::sourceID const):
3243         (Inspector::JSJavaScriptCallFrame::line const):
3244         (Inspector::JSJavaScriptCallFrame::column const):
3245         (Inspector::JSJavaScriptCallFrame::functionName const):
3246         (Inspector::JSJavaScriptCallFrame::scopeChain const):
3247         (Inspector::JSJavaScriptCallFrame::thisObject const):
3248         (Inspector::JSJavaScriptCallFrame::isTailDeleted const):
3249         (Inspector::JSJavaScriptCallFrame::type const):
3250         (Inspector::toJS):
3251         * inspector/JSJavaScriptCallFrame.h:
3252         * inspector/JSJavaScriptCallFramePrototype.cpp:
3253         (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluateWithScopeExtension):
3254         (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeDescriptions):
3255         (Inspector::jsJavaScriptCallFrameAttributeCaller):
3256         (Inspector::jsJavaScriptCallFrameAttributeSourceID):
3257         (Inspector::jsJavaScriptCallFrameAttributeLine):
3258         (Inspector::jsJavaScriptCallFrameAttributeColumn):
3259         (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
3260         (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
3261         (Inspector::jsJavaScriptCallFrameAttributeThisObject):
3262         (Inspector::jsJavaScriptCallFrameAttributeType):
3263         (Inspector::jsJavaScriptCallFrameIsTailDeleted):
3264         * inspector/JavaScriptCallFrame.h:
3265         (Inspector::JavaScriptCallFrame::deprecatedVMEntryGlobalObject const):
3266         (Inspector::JavaScriptCallFrame::vmEntryGlobalObject const): Deleted.
3267         * inspector/ScriptArguments.cpp:
3268         (Inspector::ScriptArguments::create):
3269         (Inspector::ScriptArguments::ScriptArguments):
3270         (Inspector::ScriptArguments::globalObject const):
3271         (Inspector::ScriptArguments::getFirstArgumentAsString const):
3272         (Inspector::ScriptArguments::isEqual const):
3273         (Inspector::ScriptArguments::globalState const): Deleted.
3274         * inspector/ScriptArguments.h:
3275         * inspector/ScriptCallStackFactory.cpp:
3276         (Inspector::createScriptCallStack):
3277         (Inspector::createScriptCallStackForConsole):
3278         (Inspector::extractSourceInformationFromException):
3279         (Inspector::createScriptCallStackFromException):
3280         (Inspector::createScriptArguments):
3281         * inspector/ScriptCallStackFactory.h:
3282         * inspector/ScriptDebugListener.h:
3283         * inspector/ScriptDebugServer.cpp:
3284         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
3285         (Inspector::ScriptDebugServer::sourceParsed):
3286         (Inspector::ScriptDebugServer::handleExceptionInBreakpointCondition const):
3287         (Inspector::ScriptDebugServer::handlePause):
3288         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
3289         * inspector/ScriptDebugServer.h:
3290         * inspector/agents/InspectorAuditAgent.cpp:
3291         (Inspector::InspectorAuditAgent::setup):
3292         (Inspector::InspectorAuditAgent::populateAuditObject):
3293         * inspector/agents/InspectorAuditAgent.h:
3294         * inspector/agents/InspectorConsoleAgent.cpp:
3295         (Inspector::InspectorConsoleAgent::startTiming):
3296         (Inspector::InspectorConsoleAgent::logTiming):
3297         (Inspector::InspectorConsoleAgent::stopTiming):
3298         (Inspector::InspectorConsoleAgent::count):
3299         (Inspector::InspectorConsoleAgent::countReset):
3300         * inspector/agents/InspectorConsoleAgent.h:
3301         * inspector/agents/InspectorDebuggerAgent.cpp:
3302         (Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
3303         (Inspector::InspectorDebuggerAgent::resume):
3304         (Inspector::InspectorDebuggerAgent::didPause):
3305         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3306         (Inspector::InspectorDebuggerAgent::didContinue):
3307         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
3308         (Inspector::InspectorDebuggerAgent::assertPaused):
3309         * inspector/agents/InspectorDebuggerAgent.h:
3310         * inspector/agents/InspectorHeapAgent.cpp:
3311         (Inspector::InspectorHeapAgent::snapshot):
3312         (Inspector::InspectorHeapAgent::getPreview):
3313         (Inspector::InspectorHeapAgent::getRemoteObject):
3314         * inspector/agents/JSGlobalObjectAuditAgent.cpp:
3315         (Inspector::JSGlobalObjectAuditAgent::injectedScriptForEval):
3316         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
3317         (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
3318         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
3319         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
3320         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
3321         (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
3322         * interpreter/AbstractPC.cpp:
3323         (JSC::AbstractPC::AbstractPC):
3324         * interpreter/AbstractPC.h:
3325         * interpreter/CachedCall.h:
3326         (JSC::CachedCall::CachedCall):
3327         * interpreter/CallFrame.cpp:
3328         (JSC::CallFrame::initDeprecatedCallFrameForDebugger):
3329         (JSC::CallFrame::wasmAwareLexicalGlobalObject):
3330         (JSC::CallFrame::convertToStackOverflowFrame):
3331         (JSC::ExecState::initGlobalExec): Deleted.
3332         * interpreter/CallFrame.h:
3333         (JSC::CallFrame::isDeprecatedCallFrameForDebugger const):
3334         (JSC::CallFrame::isGlobalExec const): Deleted.
3335         * interpreter/Interpreter.cpp:
3336         (JSC::eval):
3337         (JSC::sizeOfVarargs):
3338         (JSC::sizeFrameForForwardArguments):
3339         (JSC::sizeFrameForVarargs):
3340         (JSC::loadVarargs):
3341         (JSC::setupVarargsFrame):