2673b6e15762e00c362ff4476ed679783c113089
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-04-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         Unreviewed, build fix for Windows after r215228 part 2
4         https://bugs.webkit.org/show_bug.cgi?id=170723
5
6         Since GCActivityCallback class is annotated exported, we do not need to annotate each member.
7
8         * heap/GCActivityCallback.h:
9
10 2017-04-11  Yusuke Suzuki  <utatane.tea@gmail.com>
11
12         [JSC][GTK] Use RunLoop::Timer in GTK port
13         https://bugs.webkit.org/show_bug.cgi?id=170723
14
15         Reviewed by Carlos Garcia Campos.
16
17         This patch makes GTK port use RunLoop::Timer for JSRunLoopTimer.
18         Only Cocoa-based ports use platform-specific Timer because it
19         has additional feature that changes RunLoop to the WebThread one.
20
21         And we enable Heap timers in all the ports including JSCOnly port.
22
23         * heap/EdenGCActivityCallback.cpp:
24         (JSC::EdenGCActivityCallback::lastGCLength):
25         * heap/EdenGCActivityCallback.h:
26         * heap/FullGCActivityCallback.cpp:
27         (JSC::FullGCActivityCallback::lastGCLength):
28         * heap/FullGCActivityCallback.h:
29         * heap/GCActivityCallback.cpp:
30         (JSC::GCActivityCallback::GCActivityCallback):
31         (JSC::GCActivityCallback::doWork):
32         (JSC::GCActivityCallback::scheduleTimer):
33         (JSC::GCActivityCallback::cancelTimer):
34         (JSC::GCActivityCallback::nextFireTime):
35         (JSC::GCActivityCallback::didAllocate):
36         * heap/GCActivityCallback.h:
37         * heap/IncrementalSweeper.cpp:
38         (JSC::IncrementalSweeper::doWork):
39         (JSC::IncrementalSweeper::doSweep):
40         * heap/IncrementalSweeper.h:
41         * heap/StopIfNecessaryTimer.cpp:
42         (JSC::StopIfNecessaryTimer::scheduleSoon):
43         * runtime/JSRunLoopTimer.cpp:
44         (JSC::JSRunLoopTimer::setRunLoop):
45         (JSC::JSRunLoopTimer::scheduleTimer):
46         (JSC::JSRunLoopTimer::cancelTimer):
47         (JSC::JSRunLoopTimer::JSRunLoopTimer):
48         (JSC::JSRunLoopTimer::~JSRunLoopTimer):
49         (JSC::JSRunLoopTimer::timerDidFireCallback):
50         * runtime/JSRunLoopTimer.h:
51         * runtime/PromiseDeferredTimer.cpp:
52         (JSC::PromiseDeferredTimer::scheduleWorkSoon):
53
54 2017-04-11  Guillaume Emont  <guijemont@igalia.com>
55
56         [jsc][mips] Add missing MacroAssembler functions after r214187
57         https://bugs.webkit.org/show_bug.cgi?id=170089
58
59         Reviewed by Yusuke Suzuki.
60
61         * assembler/MacroAssemblerMIPS.h:
62         (JSC::MacroAssemblerMIPS::loadFloat): Added.
63         (JSC::MacroAssemblerMIPS::storeFloat): Added.
64
65 2017-04-11  Yusuke Suzuki  <utatane.tea@gmail.com>
66
67         [JSC] Enable JSRunLoopTimer for JSCOnly and Windows
68         https://bugs.webkit.org/show_bug.cgi?id=170655
69
70         Reviewed by Carlos Garcia Campos.
71
72         * runtime/JSRunLoopTimer.cpp:
73         (JSC::JSRunLoopTimer::JSRunLoopTimer):
74         (JSC::JSRunLoopTimer::scheduleTimer):
75         (JSC::JSRunLoopTimer::cancelTimer):
76         * runtime/JSRunLoopTimer.h:
77
78 2017-04-10  Alex Christensen  <achristensen@webkit.org>
79
80         Revert r215217
81         https://bugs.webkit.org/show_bug.cgi?id=170703
82
83         * Configurations/FeatureDefines.xcconfig:
84
85 2017-04-10  Alex Christensen  <achristensen@webkit.org>
86
87         Continue enabling WebRTC
88         https://bugs.webkit.org/show_bug.cgi?id=170703
89
90         Reviewed by Youenn Fablet.
91
92         * Configurations/FeatureDefines.xcconfig:
93
94 2017-04-10  Mark Lam  <mark.lam@apple.com>
95
96         Move ProbeContext and ProbeFunction out of AbstractMacroAssembler.
97         https://bugs.webkit.org/show_bug.cgi?id=170681
98
99         Reviewed by Michael Saboff.
100
101         This is a refactoring step towards enabling custom probe printers the way printInternal() works for dataLog.
102
103         * assembler/AbstractMacroAssembler.h:
104         (JSC::AbstractMacroAssembler::ProbeContext::gpr): Deleted.
105         (JSC::AbstractMacroAssembler::ProbeContext::fpr): Deleted.
106         (JSC::AbstractMacroAssembler::ProbeContext::gprName): Deleted.
107         (JSC::AbstractMacroAssembler::ProbeContext::fprName): Deleted.
108         * assembler/MacroAssembler.cpp:
109         (JSC::stdFunctionCallback):
110         (JSC::MacroAssembler::probe):
111         * assembler/MacroAssembler.h:
112         (JSC::ProbeContext::gpr):
113         (JSC::ProbeContext::fpr):
114         (JSC::ProbeContext::gprName):
115         (JSC::ProbeContext::fprName):
116         * assembler/MacroAssemblerARM.cpp:
117         (JSC::MacroAssemblerARM::probe):
118         * assembler/MacroAssemblerARM64.cpp:
119         (JSC::arm64ProbeTrampoline):
120         (JSC::MacroAssemblerARM64::probe):
121         * assembler/MacroAssemblerARMv7.cpp:
122         (JSC::MacroAssemblerARMv7::probe):
123         * assembler/MacroAssemblerPrinter.cpp:
124         * assembler/MacroAssemblerPrinter.h:
125         * assembler/MacroAssemblerX86Common.cpp:
126         (JSC::MacroAssemblerX86Common::probe):
127         * ftl/FTLLowerDFGToB3.cpp:
128         (JSC::FTL::DFG::LowerDFGToB3::abstractStructure):
129         (JSC::FTL::DFG::LowerDFGToB3::probe): Deleted.
130         - Deleted because this became a useless place-holder after the transition to B3.
131
132 2017-04-10  Keith Miller  <keith_miller@apple.com>
133
134         WebAssembly: Fix B3IRGenerator for BrTable
135         https://bugs.webkit.org/show_bug.cgi?id=170685
136
137         Reviewed by JF Bastien.
138
139         For some reason this didn't get included in r215141.
140
141         This fixes an issue with BrTable and loops where we would use the loop's return type
142         as the branch target type.
143
144         * wasm/WasmB3IRGenerator.cpp:
145         (JSC::Wasm::B3IRGenerator::ControlData::resultForBranch):
146         (JSC::Wasm::B3IRGenerator::unifyValuesWithBlock):
147
148 2017-04-08  Oliver Hunt  <oliver@apple.com>
149
150         Remove use of strcpy from JSC
151         https://bugs.webkit.org/show_bug.cgi?id=170646
152
153         Reviewed by Mark Lam.
154
155         Replace the use of strcpy with memcpy as strcpy keeps
156         on tripping various analyser warnings even though its
157         trivially safe in this case.
158
159         Essentially code hygiene, no change in behaviour, no
160         perf impact.
161
162         * dfg/DFGDisassembler.cpp:
163         (JSC::DFG::Disassembler::dumpDisassembly):
164
165 2017-04-09  Joseph Pecoraro  <pecoraro@apple.com>
166
167         test262: test262/test/annexB/language/expressions/object/__proto__-fn-name.js
168         https://bugs.webkit.org/show_bug.cgi?id=170650
169
170         Reviewed by Saam Barati.
171
172         * parser/Parser.cpp:
173         (JSC::Parser<LexerType>::parseClass):
174         (JSC::Parser<LexerType>::parseProperty):
175         There needs to be special handling of:
176         
177           PropertyDefinition :  PropertyName ':' AssignmentExpression
178          
179         When the property name is __proto__. In this case the
180         SetFunctionName path does not happen, so the name "__proto__"
181         is not inferred on any anonymous function. See:
182         https://tc39.github.io/ecma262/#sec-__proto__-property-names-in-object-initializers
183
184         * parser/Parser.h:
185         * parser/SyntaxChecker.h:
186         (JSC::SyntaxChecker::createProperty):
187         * parser/ASTBuilder.h:
188         (JSC::ASTBuilder::createProperty):
189         Add an extra parameter to see if inferring / setting names are allowed.
190
191 2017-04-09  Joseph Pecoraro  <pecoraro@apple.com>
192
193         test262: test262/test/annexB/language/literals/regexp/identity-escape.js
194         https://bugs.webkit.org/show_bug.cgi?id=170651
195
196         Reviewed by Saam Barati.
197
198         * yarr/YarrParser.h:
199         (JSC::Yarr::Parser::parseEscape):
200         For \8 and \9 match just the number "8" or "9" instead of both "\\" and the number.
201         See: https://tc39.github.io/ecma262/#sec-decimalescape
202
203 2017-04-08  Youenn Fablet  <youenn@apple.com>
204
205         WebRTC tests gardening
206         https://bugs.webkit.org/show_bug.cgi?id=170508
207
208         Reviewed by Eric Carlson.
209
210         * Configurations/FeatureDefines.xcconfig:
211
212 2017-04-07  Keith Miller  <keith_miller@apple.com>
213
214         WebAssembly: Fix issue with BrTable targeting a Loop
215         https://bugs.webkit.org/show_bug.cgi?id=170638
216
217         Reviewed by Saam Barati.
218
219         This fixes the same issue V8 had in: https://github.com/WebAssembly/spec/pull/456#event-1033547537
220
221         * wasm/WasmValidate.cpp:
222         (JSC::Wasm::Validate::ControlData::branchTargetSignature):
223
224 2017-04-07  Keith Miller  <keith_miller@apple.com>
225
226         Add a PriorityQueue class
227         https://bugs.webkit.org/show_bug.cgi?id=170579
228
229         Reviewed by Saam Barati.
230
231         Update Wasm::Worklist to use WTF::PriorityQueue.
232
233         * wasm/WasmWorklist.cpp:
234         (JSC::Wasm::Worklist::enqueue):
235         (JSC::Wasm::Worklist::completePlanSynchronously):
236         (JSC::Wasm::Worklist::stopAllPlansForVM):
237         (JSC::Wasm::Worklist::~Worklist):
238         (JSC::Wasm::Worklist::iterate): Deleted.
239         * wasm/WasmWorklist.h:
240         (JSC::Wasm::Worklist::isHigherPriority):
241         (JSC::Wasm::Worklist::Comparator::operator()): Deleted.
242
243 2017-04-07  Yuichiro Kikura  <y.kikura@gmail.com>
244
245         WebGPU: implement ComputeCommandEncoder and related components
246         https://bugs.webkit.org/show_bug.cgi?id=170444
247
248         Reviewed by Alex Christensen.
249
250         I added some identifiers related with WebGPUComputeCommandEncoder based on the proposal.
251         https://webkit.org/wp-content/uploads/webgpu-api-proposal.html
252
253         * runtime/CommonIdentifiers.h:
254
255 2017-04-07  Saam Barati  <sbarati@apple.com>
256
257         WebAssembly: Module::getOrCreateCodeBlock is wrong
258         https://bugs.webkit.org/show_bug.cgi?id=170612
259
260         Reviewed by Keith Miller.
261
262         When we were getting a module's CodeBlock, we were checking if !runnable(),
263         and if !runnable(), we were re-creating the CodeBlock. This is wrong, since
264         !runnable() is true while the CodeBlock is compiling. Instead, we should check
265         if we've finished compiling, and if so, if that compilation failed.
266
267         * wasm/WasmModule.cpp:
268         (JSC::Wasm::Module::getOrCreateCodeBlock):
269
270 2017-04-07  Saam Barati  <sbarati@apple.com>
271
272         WebAssembly: Make to a compilation API that allows for multi-VM concurrent compilations of Wasm Modules
273         https://bugs.webkit.org/show_bug.cgi?id=170488
274
275         Reviewed by JF Bastien.
276
277         This patch adds a class called Wasm::Module. It contains the bits from
278         JSWebAssemblyModule that were not VM specific. JSWebAssemblyModule
279         now has a Ref<Wasm::Module>. Similarly, there is now a Wasm::CodeBlock,
280         which owns the non-VM-specific bits that JSWebAssemblyCodeBlock used
281         to own.
282         
283         This patch also simplifies how we verify and compile code. Wasm::Module
284         now has an API for both sync/async validation and compilation. This
285         API abstracts away how Wasm::Plan works.
286         
287         This is hopefully the last patch needed before we can implement
288         window.postMessage for a JSWebAssemblyModule. I think all that's
289         needed now to implement postMessage is simply creating a new
290         JSWebAssemblyModule with the underlying Wasm::Module.
291         
292         This patch is neutral on WasmBench.
293         
294         Finally, this patch changes the promise deferred timer to
295         allow for new tasks to be added while we're executing
296         a task. Before, we'd deadlock if this happened.
297
298         * CMakeLists.txt:
299         * JavaScriptCore.xcodeproj/project.pbxproj:
300         * jsc.cpp:
301         (functionTestWasmModuleFunctions):
302         * runtime/PromiseDeferredTimer.cpp:
303         (JSC::PromiseDeferredTimer::doWork):
304         (JSC::PromiseDeferredTimer::scheduleWorkSoon):
305         * runtime/PromiseDeferredTimer.h:
306         * wasm/WasmB3IRGenerator.cpp:
307         * wasm/WasmBinding.cpp:
308         (JSC::Wasm::wasmToJs):
309         (JSC::Wasm::wasmToWasm):
310         (JSC::Wasm::exitStubGenerator): Deleted.
311         * wasm/WasmBinding.h:
312         * wasm/WasmCodeBlock.cpp: Added.
313         (JSC::Wasm::CodeBlock::CodeBlock):
314         (JSC::Wasm::CodeBlock::waitUntilFinished):
315         (JSC::Wasm::CodeBlock::compileAsync):
316         (JSC::Wasm::CodeBlock::isSafeToRun):
317         * wasm/WasmCodeBlock.h: Added.
318         (JSC::Wasm::CodeBlock::create):
319         (JSC::Wasm::CodeBlock::compilationFinished):
320         (JSC::Wasm::CodeBlock::runnable):
321         (JSC::Wasm::CodeBlock::errorMessage):
322         (JSC::Wasm::CodeBlock::functionImportCount):
323         (JSC::Wasm::CodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
324         (JSC::Wasm::CodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
325         * wasm/WasmModule.cpp: Added.
326         (JSC::Wasm::Module::Module):
327         (JSC::Wasm::makeValidationResult):
328         (JSC::Wasm::Module::validateSyncImpl):
329         (JSC::Wasm::Module::getOrCreateCodeBlock):
330         (JSC::Wasm::Module::compileSync):
331         (JSC::Wasm::Module::makeValidationCallback):
332         (JSC::Wasm::Module::compileAsync):
333         * wasm/WasmModule.h: Added.
334         (JSC::Wasm::Module::create):
335         (JSC::Wasm::Module::validateSync):
336         (JSC::Wasm::Module::validateAsync):
337         (JSC::Wasm::Module::signatureIndexFromFunctionIndexSpace):
338         (JSC::Wasm::Module::moduleInformation):
339         (JSC::Wasm::Module::nonNullCodeBlock):
340         * wasm/WasmPlan.cpp:
341         (JSC::Wasm::Plan::Plan):
342         (JSC::Wasm::Plan::addCompletionTask):
343         (JSC::Wasm::Plan::prepare):
344         (JSC::Wasm::Plan::compileFunctions):
345         (JSC::Wasm::Plan::complete):
346         (JSC::Wasm::Plan::tryRemoveVMAndCancelIfLast):
347         (JSC::Wasm::Plan::cancel): Deleted.
348         * wasm/WasmPlan.h:
349         (JSC::Wasm::Plan::dontFinalize):
350         (JSC::Wasm::Plan::takeWasmToWasmExitStubs):
351         (JSC::Wasm::Plan::mode):
352         (JSC::Wasm::Plan::takeWasmExitStubs): Deleted.
353         (JSC::Wasm::Plan::vm): Deleted.
354         * wasm/WasmWorklist.cpp:
355         (JSC::Wasm::Worklist::stopAllPlansForVM):
356         * wasm/js/JSWebAssemblyCodeBlock.cpp:
357         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
358         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
359         (JSC::JSWebAssemblyCodeBlock::initialize): Deleted.
360         * wasm/js/JSWebAssemblyCodeBlock.h:
361         (JSC::JSWebAssemblyCodeBlock::create):
362         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
363         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
364         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
365         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
366         (JSC::JSWebAssemblyCodeBlock::mode): Deleted.
367         (JSC::JSWebAssemblyCodeBlock::initialized): Deleted.
368         (JSC::JSWebAssemblyCodeBlock::plan): Deleted.
369         (JSC::JSWebAssemblyCodeBlock::runnable): Deleted.
370         (JSC::JSWebAssemblyCodeBlock::errorMessage): Deleted.
371         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee): Deleted.
372         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee): Deleted.
373         * wasm/js/JSWebAssemblyInstance.cpp:
374         (JSC::JSWebAssemblyInstance::finalizeCreation):
375         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock): Deleted.
376         * wasm/js/JSWebAssemblyInstance.h:
377         (JSC::JSWebAssemblyInstance::initialized): Deleted.
378         * wasm/js/JSWebAssemblyModule.cpp:
379         (JSC::JSWebAssemblyModule::createStub):
380         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
381         (JSC::JSWebAssemblyModule::finishCreation):
382         * wasm/js/JSWebAssemblyModule.h:
383         (JSC::JSWebAssemblyModule::moduleInformation):
384         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
385         (JSC::JSWebAssemblyModule::module):
386         * wasm/js/WebAssemblyFunction.cpp:
387         (JSC::WebAssemblyFunction::create):
388         * wasm/js/WebAssemblyInstanceConstructor.cpp:
389         (JSC::constructJSWebAssemblyInstance):
390         * wasm/js/WebAssemblyModuleConstructor.cpp:
391         (JSC::WebAssemblyModuleConstructor::createModule):
392         * wasm/js/WebAssemblyPrototype.cpp:
393         (JSC::reject):
394         (JSC::webAssemblyCompileFunc):
395         (JSC::resolve):
396         (JSC::instantiate):
397         (JSC::compileAndInstantiate):
398         (JSC::webAssemblyValidateFunc):
399
400 2017-04-07  Carlos Garcia Campos  <cgarcia@igalia.com>
401
402         [GTK] Update the priorities used in glib main loop sources
403         https://bugs.webkit.org/show_bug.cgi?id=170457
404
405         Reviewed by Žan Doberšek.
406
407         * runtime/JSRunLoopTimer.cpp:
408         (JSC::JSRunLoopTimer::JSRunLoopTimer):
409
410 2017-04-06  Filip Pizlo  <fpizlo@apple.com>
411
412         Rename allocateStack to allocateStackByGraphColoring.
413
414         Rubber stamped by Saam Barati.
415
416         * CMakeLists.txt:
417         * JavaScriptCore.xcodeproj/project.pbxproj:
418         * b3/air/AirAllocateStack.cpp: Removed.
419         * b3/air/AirAllocateStack.h: Removed.
420         * b3/air/AirAllocateStackByGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirAllocateStack.cpp.
421         (JSC::B3::Air::allocateStackByGraphColoring):
422         (JSC::B3::Air::allocateStack): Deleted.
423         * b3/air/AirAllocateStackByGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirAllocateStack.h.
424         * b3/air/AirGenerate.cpp:
425         (JSC::B3::Air::prepareForGeneration):
426
427 2017-04-06  Michael Saboff  <msaboff@apple.com>
428
429         Cannot Object.seal() or Object.freeze() global "this"
430         https://bugs.webkit.org/show_bug.cgi?id=170549
431
432         Reviewed by Mark Lam.
433
434         Needed to implement JSProxy::isExtensible() which returns the results of calling
435         the same on wrapped object.
436
437         Implemented step 11 of Runtime Semantics: EvalDeclarationInstantiation from the ECMAScript
438         spec to properly return a TypeError object when attempting to add properties to a
439         non-extensible global object.
440
441         * interpreter/Interpreter.cpp:
442         (JSC::Interpreter::execute):
443         * runtime/JSProxy.cpp:
444         (JSC::JSProxy::isExtensible):
445         * runtime/JSProxy.h:
446
447 2017-04-06  Filip Pizlo  <fpizlo@apple.com>
448
449         Linear scan should run liveness only once
450         https://bugs.webkit.org/show_bug.cgi?id=170569
451
452         Reviewed by Keith Miller.
453         
454         Air has a longstanding design bug that Tmps from different banks are indexed independently. This
455         means that all of our analyses over Tmps do separate GP and FP passes. This does have some
456         marginal benefits (the rest of the algorithm is specialized for Bank) but it's probably net bad.
457         However, I don't want to think about solving that general problem.
458         
459         Instead, this just makes linear scan use a UnifiedTmpLiveness that uses a single "linear"
460         indexing for GP and FP. This lets me avoid the much larger refactoring (which would involve
461         substantial changes in graph coloring) while getting the bulk of the benefit (liveness runs once,
462         instead of twice, for linear scan).
463         
464         This patch implements a lot of plumbing to make it possible for Liveness<> to view Tmps as having
465         a unified indexing scheme. Tmp calls this LinearlyIndexed (to match the naming convention of
466         AbsolutelyIndexed and Indexed), while AirLiveness calls this UnifiedTmpLiveness. With this
467         change, -O1 never does any liveness analysis that uses separate GP and FP passes. I think this
468         eliminates any urgency from the larger Tmp indexing bug. We can probably live with graph coloring
469         doing separate passes.
470         
471         This is a ~6% speed-up for wasm -O1 compile times. I think this means that linear scan is no
472         longer the longest pole in the tent.
473
474         * JavaScriptCore.xcodeproj/project.pbxproj:
475         * b3/B3VariableLiveness.h:
476         (JSC::B3::VariableLivenessAdapter::prepareToCompute):
477         * b3/air/AirAllocateRegistersByLinearScan.cpp:
478         (JSC::B3::Air::allocateRegistersByLinearScan):
479         * b3/air/AirCode.h:
480         (JSC::B3::Air::Code::forEachTmp):
481         * b3/air/AirLiveness.h:
482         * b3/air/AirLivenessAdapter.h:
483         (JSC::B3::Air::LivenessAdapter::Actions::Actions):
484         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
485         (JSC::B3::Air::LivenessAdapter::adapter):
486         (JSC::B3::Air::LivenessAdapter::prepareToCompute):
487         (JSC::B3::Air::LivenessAdapter::actionsAt):
488         (JSC::B3::Air::LivenessAdapter::forEachUse):
489         (JSC::B3::Air::LivenessAdapter::forEachDef):
490         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
491         (JSC::B3::Air::UnifiedTmpLivenessAdapter::UnifiedTmpLivenessAdapter):
492         (JSC::B3::Air::UnifiedTmpLivenessAdapter::numIndices):
493         (JSC::B3::Air::UnifiedTmpLivenessAdapter::acceptsBank):
494         (JSC::B3::Air::UnifiedTmpLivenessAdapter::acceptsRole):
495         (JSC::B3::Air::UnifiedTmpLivenessAdapter::valueToIndex):
496         (JSC::B3::Air::UnifiedTmpLivenessAdapter::indexToValue):
497         * b3/air/AirLivenessConstraints.h: Removed.
498         * b3/air/AirRegLiveness.h:
499         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
500         * b3/air/AirTmp.cpp:
501         * b3/air/AirTmp.h:
502         * b3/air/AirTmpInlines.h:
503         (JSC::B3::Air::Tmp::LinearlyIndexed::LinearlyIndexed):
504         (JSC::B3::Air::Tmp::LinearlyIndexed::index):
505         (JSC::B3::Air::Tmp::linearlyIndexed):
506         (JSC::B3::Air::Tmp::indexEnd):
507         (JSC::B3::Air::Tmp::absoluteIndexEnd):
508         (JSC::B3::Air::Tmp::linearIndexEnd):
509         (JSC::B3::Air::Tmp::tmpForAbsoluteIndex):
510         (JSC::B3::Air::Tmp::tmpForLinearIndex):
511         * b3/air/AirTmpMap.h: Added.
512         (JSC::B3::Air::TmpMap::TmpMap):
513         (JSC::B3::Air::TmpMap::resize):
514         (JSC::B3::Air::TmpMap::clear):
515         (JSC::B3::Air::TmpMap::operator[]):
516         (JSC::B3::Air::TmpMap::append):
517
518 2017-04-06  Ryan Haddad  <ryanhaddad@apple.com>
519
520         Unreviewed, rolling out r215046.
521
522         This change broke internal builds.
523
524         Reverted changeset:
525
526         "WebRTC tests gardening"
527         https://bugs.webkit.org/show_bug.cgi?id=170508
528         http://trac.webkit.org/changeset/215046
529
530 2017-04-06  Joseph Pecoraro  <pecoraro@apple.com>
531
532         Web Inspector: Show all headers in the Request Headers section of the Resource details sidebar
533         https://bugs.webkit.org/show_bug.cgi?id=16531
534         <rdar://problem/5712895>
535
536         Reviewed by Timothy Hatcher.
537
538         * inspector/protocol/Network.json:
539         Optional refined list of request headers in Metrics.
540
541 2017-04-06  Filip Pizlo  <fpizlo@apple.com>
542
543         B3 -O1 should generate better code than -O0
544         https://bugs.webkit.org/show_bug.cgi?id=170563
545
546         Reviewed by Michael Saboff.
547         
548         Prior to this change, code generated by -O1 ran slower than code generated by -O0. This turned
549         out to be because of reduceStrength optimizations that increase live ranges and create register
550         pressure, which then creates problems for linear scan.
551         
552         It seemed obvious that canonicalizations that help isel, constant folding, and one-for-one
553         strength reductions should stay. It also seemed obvious that SSA and CFG simplification are fast
554         and harmless. So, I focused on removing:
555         
556         - CSE, which increases live ranges. This is a risky optimization when we know that we've chosen
557           to use a bad register allocator.
558         
559         - Sophisticated strength reductions that create more code, like the insane division optimization.
560         
561         - Anything that inserts basic blocks.
562         
563         CSE appeared to be the cause of half of the throughput regression of -O1 but none of the compile
564         time. This change also reduces the running time of reduceStrength by making it not a fixpoint at
565         optLevel<2.
566         
567         This makes wasm -O1 compile 17% faster. This makes wasm -O1 run 19% faster. This makes -O1 code
568         run 3% faster than -O0, and compile about 4% slower than -O0. We may yet end up choosing to use
569         -O0, but at least now -O1 isn't totally useless.
570
571         * b3/B3ReduceStrength.cpp:
572
573 2017-04-06  Jon Davis  <jond@apple.com>
574
575         Updates feature status for recently shipped features
576         https://bugs.webkit.org/show_bug.cgi?id=170359
577
578         Reviewed by Brian Burg.
579
580         Changed "Done" status to "Supported".
581
582         * features.json:
583
584 2017-04-06  Youenn Fablet  <youenn@apple.com>
585
586         WebRTC tests gardening
587         https://bugs.webkit.org/show_bug.cgi?id=170508
588
589         Reviewed by Eric Carlson.
590
591         * Configurations/FeatureDefines.xcconfig:
592
593 2017-04-06  Guillaume Emont  <guijemont@igalia.com>
594
595         [JSC][MIPS][DFG] Use x86 generic HasOwnProperty
596         https://bugs.webkit.org/show_bug.cgi?id=170222
597
598         Reviewed by Yusuke Suzuki.
599
600         * dfg/DFGFixupPhase.cpp:
601         (JSC::DFG::FixupPhase::fixupNode):
602         use the X86 special version for HasOwnProperty on MIPS too.
603         * dfg/DFGSpeculativeJIT32_64.cpp:
604         (JSC::DFG::SpeculativeJIT::compile):
605         use the X86 special version for HasOwnProperty on MIPS too.
606
607 2017-04-05  Saam Barati  <sbarati@apple.com>
608
609         REGRESSION fix bad isWasm() test by ensuring proper Wasm callee bit pattern
610         https://bugs.webkit.org/show_bug.cgi?id=170494
611         <rdar://problem/31446485>
612
613         Reviewed by Yusuke Suzuki and Mark Lam.
614
615         This patch fixes how we test a 64 bit JSValue pattern to see if it's
616         a Wasm callee. We now tag Wasm::Callee's with 0b011 in their lower 3 bits.
617         The new test is for a Wasm Callee is as follows:
618         isWasm(uint64_t x)
619         {
620             return x & 0xffff000000000007 == 3;
621         }
622         
623         This test works because the lower 3 bits of the non-number immediate values are as follows:
624         undefined: 0b010
625         null:      0b010
626         true:      0b111
627         false:     0b110
628         The test rejects all of these because none have just the value 3 in their lower 3 bits.
629         The test also rejects all numbers, because they have non-zero upper 16 bits.
630         The test also rejects normal cells because they won't have the number 3 as
631         their lower 3 bits. Note, this bit pattern also allows the normal JSValue isCell(), etc,
632         predicates to work on a Wasm::Callee because the various tests will fail if you
633         bit casted a boxed Wasm::Callee* to a JSValue. isCell() would fail since it sees
634         TagBitTypeOther. The other tests also trivially fail, since it won't be a number,
635         and it won't be equal to null, undefined, true, or false. The isBoolean() predicate
636         will fail because we won't have TagBitBool set.
637
638         * interpreter/CallFrame.h:
639         (JSC::ExecState::guaranteedJSValueCallee):
640         (JSC::ExecState::calleeAsValue): Deleted.
641         * interpreter/CalleeBits.h:
642         (JSC::CalleeBits::boxWasm):
643         (JSC::CalleeBits::isWasm):
644         (JSC::CalleeBits::asWasmCallee):
645         * jit/JITOperations.cpp:
646         * runtime/JSCJSValue.h:
647
648 2017-04-05  Keith Miller  <keith_miller@apple.com>
649
650         WebAssembly: Plans should be able to have more than one completion task.
651         https://bugs.webkit.org/show_bug.cgi?id=170516
652
653         Reviewed by Saam Barati.
654
655         This patch also eliminates the need for blocked tasks on the
656         PromiseDeferredTimer and pendingPromise on Wasm::Plan.
657
658         * runtime/PromiseDeferredTimer.cpp:
659         (JSC::PromiseDeferredTimer::doWork):
660         (JSC::PromiseDeferredTimer::cancelPendingPromise):
661         (JSC::PromiseDeferredTimer::scheduleBlockedTask): Deleted.
662         * runtime/PromiseDeferredTimer.h:
663         * wasm/WasmPlan.cpp:
664         (JSC::Wasm::Plan::Plan):
665         (JSC::Wasm::Plan::addCompletionTask):
666         (JSC::Wasm::Plan::complete):
667         * wasm/WasmPlan.h:
668         (JSC::Wasm::Plan::setMode):
669         (JSC::Wasm::Plan::mode):
670         (JSC::Wasm::Plan::setModeAndPromise): Deleted.
671         (JSC::Wasm::Plan::pendingPromise): Deleted.
672         * wasm/WasmWorklist.cpp:
673         (JSC::Wasm::Worklist::enqueue):
674         * wasm/js/WebAssemblyInstanceConstructor.cpp:
675         (JSC::constructJSWebAssemblyInstance):
676         * wasm/js/WebAssemblyPrototype.cpp:
677         (JSC::instantiate):
678
679 2017-04-05  Guilherme Iscaro  <iscaro@profusion.mobi>
680
681         Do not use BLX for immediates (ARM-32)
682
683         https://bugs.webkit.org/show_bug.cgi?id=170351
684
685         Reviewed by Mark Lam.
686
687         Currently the offline asm generator for 32-bit ARM code translates the
688         'call' meta-instruction (which may be found in LowLevelInterpreter.asm
689         and friends) to the ARM's BLX instrunction. The BLX instruction may be
690         used for labels (immediates) and registers and one side effect of BLX
691         is that it may switch the processor's instruction set.
692         A 'BLX register' instruction will change/remain the processor state to
693         ARM if the  register_bit[0] is set to 0 or change/remain to Thumb if
694         register_bit[0] is set to 1. However, a 'BLX label' instruction will
695         always switch the processor state. It switches ARM to thumb and vice-versa.
696         This behaviour is unwanted, since the C++ code and the offlineasm generated code
697         are both compiled using the same instruction set, thus a instruction
698         set change will likely produce a crash. In order to fix the problem the
699         BL instruction can be used for labels. It will branch just like BLX,
700         but it won't change the instruction set. It's important to note that
701         Darwin is not affected by this problem, thus to minimize the impact of
702         this change the BL instruction will only be used on non-darwin targets.
703
704         BLX reference: http://infocenter.arm.com/help/topic/com.arm.doc.dui0489i/CIHBJCDC.html?resultof=%22%62%6c%78%22%20
705
706         * offlineasm/arm.rb:
707
708 2017-04-05  Keith Miller  <keith_miller@apple.com>
709
710         WebAssembly: We shouldn't need to pin size registers if we have a fast memory.
711         https://bugs.webkit.org/show_bug.cgi?id=170504
712
713         Reviewed by Mark Lam.
714
715         * wasm/WasmB3IRGenerator.cpp:
716         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
717         (JSC::Wasm::createJSToWasmWrapper):
718         (JSC::Wasm::parseAndCompile):
719         * wasm/WasmMemoryInformation.h:
720         (JSC::Wasm::PinnedRegisterInfo::toSave):
721
722 2017-04-05  Yusuke Suzuki  <utatane.tea@gmail.com>
723
724         [JSC] Suppress warnings in GCC
725         https://bugs.webkit.org/show_bug.cgi?id=170501
726
727         Reviewed by Keith Miller.
728
729         Should use ASSERT_NOT_REACHED since return-type pragma is only
730         enabled under ASSERT_DISABLED environment. We shoud use
731         ASSERT_NOTREACHED to emit assertions in debug build. It effectively
732         catches bugs while keeping performance in release build.
733
734         * b3/B3Opcode.cpp:
735         (JSC::B3::storeOpcode):
736         * b3/B3Width.h:
737         (JSC::B3::mask):
738         * runtime/Options.cpp:
739         (JSC::parse):
740         * wasm/WasmSections.h:
741         (JSC::Wasm::makeString):
742         * wasm/WasmSignature.cpp:
743         (JSC::Wasm::SignatureInformation::tryCleanup):
744         * wasm/generateWasmValidateInlinesHeader.py:
745
746 2017-04-05  Carlos Garcia Campos  <cgarcia@igalia.com>
747
748         Implement PromiseDeferredTimer for non CF based ports
749         https://bugs.webkit.org/show_bug.cgi?id=170391
750
751         Reviewed by Yusuke Suzuki.
752
753         RunLoop handling is only implemented for CF causing several wasm tests to fail for other ports.
754
755         * jsc.cpp:
756         (runJSC): Remove CF ifdefs.
757         * runtime/PromiseDeferredTimer.cpp:
758         (JSC::PromiseDeferredTimer::doWork): Add non CF implementation using WTF RunLoop.
759         (JSC::PromiseDeferredTimer::runRunLoop): Ditto.
760         * runtime/PromiseDeferredTimer.h:
761
762 2017-04-05  Carlos Garcia Campos  <cgarcia@igalia.com>
763
764         WebAssembly: several tests added in r214504 crash when building with GCC
765         https://bugs.webkit.org/show_bug.cgi?id=170390
766
767         Reviewed by Saam Barati.
768
769         The pattern foo->bar([f = WTFMove(foo)]{}); crashes when building with GCC, I assume the move happens before the
770         foo is used to invoke the function.
771
772         * wasm/js/WebAssemblyPrototype.cpp:
773         (JSC::webAssemblyCompileFunc): Use p.vm() instead of plan->vm(), because plan is moved by the lambda.
774         (JSC::instantiate): Ditto.
775         (JSC::compileAndInstantiate): Ditto.
776
777 2017-03-16  Yusuke Suzuki  <utatane.tea@gmail.com>
778
779         [JSC] Generate TemplateObjects at linking time
780         https://bugs.webkit.org/show_bug.cgi?id=169743
781
782         Reviewed by Keith Miller.
783
784         Currently, the code calls getTemplateObject to get appropriate template objects at runtime.
785         But this template object is constant value and never changed. So instead of creating it
786         at runtime, we should create it at linking time and store it in the constant registers.
787
788         * builtins/BuiltinNames.h:
789         * bytecode/CodeBlock.cpp:
790         (JSC::CodeBlock::finishCreation):
791         (JSC::CodeBlock::setConstantRegisters):
792         * bytecode/CodeBlock.h:
793         * bytecode/UnlinkedCodeBlock.cpp:
794         (JSC::UnlinkedCodeBlock::shrinkToFit):
795         * bytecode/UnlinkedCodeBlock.h:
796         * bytecompiler/BytecodeGenerator.cpp:
797         (JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
798         (JSC::BytecodeGenerator::emitGetTemplateObject):
799         * bytecompiler/BytecodeGenerator.h:
800         * bytecompiler/NodesCodegen.cpp:
801         (JSC::TaggedTemplateNode::emitBytecode):
802         * runtime/JSGlobalObject.cpp:
803         (JSC::JSGlobalObject::init):
804         (JSC::getTemplateObject): Deleted.
805         * runtime/JSTemplateRegistryKey.cpp:
806         * runtime/JSTemplateRegistryKey.h:
807         (JSC::isTemplateRegistryKey):
808
809 2017-04-04  Mark Lam  <mark.lam@apple.com>
810
811         On ARM64, DFG::SpeculativeJIT::compileArithMod() failed to ensure result is of DataFormatInt32.
812         https://bugs.webkit.org/show_bug.cgi?id=170473
813         <rdar://problem/29912391>
814
815         Reviewed by Saam Barati.
816
817         In Unchecked mode, when DFG::SpeculativeJIT::compileArithMod() detects that the
818         divisor is 0, we want it to return 0.  The result is expected to be of
819         DataFormatIn32.
820
821         The ARM implementation just returns the value in the divisor register.  However,
822         the divisor in this case can be of DataFormatJSInt32.  On ARM64, returning the
823         divisor register yields the wrong result format because the same register also
824         holds the upper 32-bit of the JSValue encoding.  The fix is to return an
825         immediate 0 instead.
826
827         Also turned on the assertion in jitAssertIsInt32 for ARM64.  This assertion being
828         disabled may have contributed to this bug going unnoticed all this time.
829
830         * dfg/DFGSpeculativeJIT.cpp:
831         (JSC::DFG::SpeculativeJIT::compileArithMod):
832         * jit/AssemblyHelpers.cpp:
833         (JSC::AssemblyHelpers::jitAssertIsInt32):
834
835 2017-04-04  Filip Pizlo  <fpizlo@apple.com>
836
837         Air::eliminateDeadCode should not repeatedly process the same live instructions
838         https://bugs.webkit.org/show_bug.cgi?id=170490
839
840         Reviewed by Keith Miller.
841         
842         This makes the eliminateDeadCode() fixpoint somewhat worklist-based: we track the set
843         of Insts that might be dead. Every time we detect that one is live, we remove it from
844         the set. This is a big (>2x) speed-up because lots of Insts are immediately found to
845         be live.
846         
847         This is a ~1% wasm -O1 compile time progression.
848
849         * b3/air/AirEliminateDeadCode.cpp:
850         (JSC::B3::Air::eliminateDeadCode):
851
852 2017-04-04  Filip Pizlo  <fpizlo@apple.com>
853
854         Air::eliminateDeadCode() should not use a HashSet
855         https://bugs.webkit.org/show_bug.cgi?id=170487
856
857         Reviewed by Saam Barati.
858         
859         Introduce TmpSet, which is like a HashSet<Tmp>. Use this to make eliminateDeadCode()
860         about 50% faster, resulting in a 1% wasm -O1 compile time progression.
861
862         * JavaScriptCore.xcodeproj/project.pbxproj:
863         * b3/air/AirEliminateDeadCode.cpp:
864         (JSC::B3::Air::eliminateDeadCode):
865         * b3/air/AirTmpSet.h: Added.
866         (JSC::B3::Air::TmpSet::TmpSet):
867         (JSC::B3::Air::TmpSet::add):
868         (JSC::B3::Air::TmpSet::remove):
869         (JSC::B3::Air::TmpSet::contains):
870         (JSC::B3::Air::TmpSet::size):
871         (JSC::B3::Air::TmpSet::isEmpty):
872         (JSC::B3::Air::TmpSet::iterator::iterator):
873         (JSC::B3::Air::TmpSet::iterator::operator*):
874         (JSC::B3::Air::TmpSet::iterator::operator++):
875         (JSC::B3::Air::TmpSet::iterator::operator==):
876         (JSC::B3::Air::TmpSet::iterator::operator!=):
877         (JSC::B3::Air::TmpSet::begin):
878         (JSC::B3::Air::TmpSet::end):
879
880 2017-04-04  Keith Miller  <keith_miller@apple.com>
881
882         WebAssembly: ModuleInformation should be a ref counted thing that can be shared across threads.
883         https://bugs.webkit.org/show_bug.cgi?id=170478
884
885         Reviewed by Saam Barati.
886
887         ModuleInformation has been moved to its own file and is now
888         ThreadSafeRefCounted.  All the Strings we used to keep in the
889         ModuleInformation have been switched to Vector<LChar> this has the
890         advantage that it can be passed across threads. However, this does
891         mean that we need to decode the utf8 strings in each thread. This
892         is likely not a problem because:
893
894         1) most modules have few imports/exports/custom sections.
895         2) most of the time they are ascii so the conversion is cheap.
896         3) we only have to do it once per thread, and there shouldn't be too many.
897
898         This patch also removes
899         moduleSignatureIndicesToUniquedSignatureIndices since that
900         information can already be recovered from the
901         SignatureInformation.
902
903         * JavaScriptCore.xcodeproj/project.pbxproj:
904         * jsc.cpp:
905         (functionTestWasmModuleFunctions):
906         * runtime/Identifier.h:
907         (JSC::Identifier::fromString):
908         * wasm/WasmB3IRGenerator.cpp:
909         (JSC::Wasm::parseAndCompile):
910         * wasm/WasmB3IRGenerator.h:
911         * wasm/WasmFormat.cpp:
912         (JSC::Wasm::makeString):
913         (JSC::Wasm::ModuleInformation::~ModuleInformation): Deleted.
914         * wasm/WasmFormat.h:
915         (JSC::Wasm::makeString):
916         (JSC::Wasm::ModuleInformation::functionIndexSpaceSize): Deleted.
917         (JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace): Deleted.
918         (JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace): Deleted.
919         (JSC::Wasm::ModuleInformation::importFunctionCount): Deleted.
920         (JSC::Wasm::ModuleInformation::internalFunctionCount): Deleted.
921         * wasm/WasmFunctionParser.h:
922         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
923         * wasm/WasmModuleInformation.cpp: Copied from Source/JavaScriptCore/wasm/WasmValidate.h.
924         (JSC::Wasm::ModuleInformation::~ModuleInformation):
925         * wasm/WasmModuleInformation.h: Added.
926         (JSC::Wasm::ModuleInformation::functionIndexSpaceSize):
927         (JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace):
928         (JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace):
929         (JSC::Wasm::ModuleInformation::importFunctionCount):
930         (JSC::Wasm::ModuleInformation::internalFunctionCount):
931         (JSC::Wasm::ModuleInformation::ModuleInformation):
932         * wasm/WasmModuleParser.cpp:
933         * wasm/WasmModuleParser.h:
934         (JSC::Wasm::ModuleParser::ModuleParser):
935         * wasm/WasmParser.h:
936         (JSC::Wasm::Parser<SuccessType>::consumeUTF8String):
937         * wasm/WasmPlan.cpp:
938         (JSC::Wasm::Plan::Plan):
939         (JSC::Wasm::Plan::parseAndValidateModule):
940         (JSC::Wasm::Plan::prepare):
941         (JSC::Wasm::Plan::compileFunctions):
942         (JSC::Wasm::Plan::complete):
943         (JSC::Wasm::Plan::cancel):
944         * wasm/WasmPlan.h:
945         (JSC::Wasm::Plan::internalFunctionCount):
946         (JSC::Wasm::Plan::takeModuleInformation):
947         * wasm/WasmSignature.cpp:
948         (JSC::Wasm::SignatureInformation::get):
949         * wasm/WasmSignature.h:
950         * wasm/WasmValidate.cpp:
951         (JSC::Wasm::validateFunction):
952         * wasm/WasmValidate.h:
953         * wasm/js/JSWebAssemblyHelpers.h:
954         (JSC::createSourceBufferFromValue):
955         * wasm/js/JSWebAssemblyModule.cpp:
956         (JSC::JSWebAssemblyModule::createStub):
957         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
958         (JSC::JSWebAssemblyModule::finishCreation):
959         * wasm/js/JSWebAssemblyModule.h:
960         (JSC::JSWebAssemblyModule::moduleInformation):
961         (JSC::JSWebAssemblyModule::source):
962         * wasm/js/WebAssemblyInstanceConstructor.cpp:
963         (JSC::constructJSWebAssemblyInstance):
964         * wasm/js/WebAssemblyModuleConstructor.cpp:
965         (JSC::WebAssemblyModuleConstructor::createModule):
966         * wasm/js/WebAssemblyModulePrototype.cpp:
967         (JSC::webAssemblyModuleProtoCustomSections):
968         (JSC::webAssemblyModuleProtoImports):
969         (JSC::webAssemblyModuleProtoExports):
970         * wasm/js/WebAssemblyModuleRecord.cpp:
971         (JSC::WebAssemblyModuleRecord::link):
972         * wasm/js/WebAssemblyModuleRecord.h:
973         * wasm/js/WebAssemblyPrototype.cpp:
974         (JSC::webAssemblyCompileFunc):
975         (JSC::instantiate):
976         (JSC::compileAndInstantiate):
977
978 2017-04-04  Filip Pizlo  <fpizlo@apple.com>
979
980         B3::fixSSA() needs a tune-up
981         https://bugs.webkit.org/show_bug.cgi?id=170485
982
983         Reviewed by Saam Barati.
984         
985         After the various optimizations to liveness, register allocation, and other phases, the
986         fixSSA() phase now looks like one of the top offenders. This includes a bunch of
987         changes to make this phase run faster. This is a ~7% wasm -O1 compile time progression.
988         
989         Here's what I did:
990         
991         - We now use IndexSparseSet instead of IndexMap for tracking variable values. This
992           makes it cheaper to chew through small blocks while there is a non-trivial number of
993           total variables.
994         
995         - We now do a "local SSA conversion" pass before anything else. This eliminates
996           obvious Get's. If we were using temporary Variables, it would eliminate many of
997           those. That's useful for when we use demoteValues() and duplciateTails(). For wasm
998           -O1, we mainly care about the fact that it makes a bunch of Set's dead.
999         
1000         - We now do a Set DCE pass after the local SSA but before SSA conversion. This ensures
1001           that any block-local live intervals of Variables disappear and don't need further
1002           consideration.
1003         
1004         - We now cache the reaching defs calculation.
1005         
1006         - We now perform the reaching defs calculation lazily.
1007
1008         * b3/B3FixSSA.cpp:
1009         (JSC::B3::demoteValues):
1010         (JSC::B3::fixSSA):
1011         * b3/B3SSACalculator.cpp:
1012         (JSC::B3::SSACalculator::reachingDefAtTail):
1013         * b3/B3VariableLiveness.cpp:
1014         (JSC::B3::VariableLiveness::VariableLiveness):
1015         * b3/air/AirLiveness.h:
1016         (JSC::B3::Air::Liveness::Liveness):
1017         * dfg/DFGLivenessAnalysisPhase.cpp:
1018         (JSC::DFG::LivenessAnalysisPhase::LivenessAnalysisPhase): Deleted.
1019         (JSC::DFG::LivenessAnalysisPhase::run): Deleted.
1020         (JSC::DFG::LivenessAnalysisPhase::processBlock): Deleted.
1021
1022 2017-04-04  Joseph Pecoraro  <pecoraro@apple.com>
1023
1024         Remove stale LLVM Header Path includes from JavaScriptCore
1025         https://bugs.webkit.org/show_bug.cgi?id=170483
1026
1027         Reviewed by Mark Lam.
1028
1029         * Configurations/Base.xcconfig:
1030
1031 2017-04-04  Filip Pizlo  <fpizlo@apple.com>
1032
1033         B3::LowerToAir incorrectly selects BitXor(AtomicStrongCAS(...), $1)
1034         https://bugs.webkit.org/show_bug.cgi?id=169867
1035
1036         Reviewed by Saam Barati.
1037         
1038         The BitXor(AtomicWeakCAS(...), $1) optimization makes a lot of sense because we an fold the
1039         BitXor into the CAS condition read-out. But there is no version of this that is profitable or
1040         correct for AtomicStrongCAS. The inversion case is handled by Equal(AtomicStrongCAS(...), ...)
1041         becoming NotEqual(AtomicStrongCAS(...), ...), and we alraedy handle that separately.
1042         
1043         So, the fix here is to make the BitXor CAS pattern only recognize AtomicWeakCAS.
1044
1045         * b3/B3LowerToAir.cpp:
1046         (JSC::B3::Air::LowerToAir::lower):
1047         * b3/testb3.cpp:
1048         (JSC::B3::testAtomicStrongCAS):
1049
1050 2017-04-04  Saam Barati  <sbarati@apple.com>
1051
1052         WebAssembly: JSWebAssemblyCallee should not be a JSCell
1053         https://bugs.webkit.org/show_bug.cgi?id=170135
1054
1055         Reviewed by Michael Saboff.
1056
1057         This patch is perhaps the last big change to the design of fundamental
1058         Wasm API to allow for PIC. It changes JSWebAssemblyCallee into a thing
1059         called Wasm::Callee. It serves the same purpose as before, except
1060         Wasm::Callee is not a JSCell. I had to refactor the various parts of the
1061         runtime that will see CallFrame's with Wasm::Callee's in the callee slot.
1062         Thankfully, the parts of the runtime that Wasm touches are limited. The
1063         main refactoring is changing the exception handling code, such as taking
1064         a stack trace, to be friendly to seeing a non JSCell callee.
1065         
1066         The callee() function on ExecState now returns a class I added in this
1067         patch called CalleeBits. CalleeBits will tell you if the callee is a
1068         JSCell or a Wasm::Callee. We tag Wasm::Callee's with a 1 in their lower
1069         bit so we can easily tell what is and isn't a Wasm::Callee.
1070         
1071         The stub that calls out from Wasm to JS still puts a JSCell callee
1072         into the call frame, even though the callee logically represents a
1073         Wasm frame. The reason for this is that we use the call IC infrastructure
1074         to make a call out to JS code, and the code that writes the IC expects
1075         a JSCell as the callee. This is knowingly part of our design. When we
1076         do structured cloning of Wasm Modules, we'll need to regenerate these
1077         JS call stubs.
1078
1079         * API/JSContextRef.cpp:
1080         (BacktraceFunctor::operator()):
1081         * CMakeLists.txt:
1082         * JavaScriptCore.xcodeproj/project.pbxproj:
1083         * debugger/Debugger.cpp:
1084         (JSC::Debugger::pauseIfNeeded):
1085         (JSC::Debugger::currentDebuggerCallFrame):
1086         * debugger/DebuggerCallFrame.cpp:
1087         (JSC::DebuggerCallFrame::create):
1088         (JSC::DebuggerCallFrame::DebuggerCallFrame):
1089         (JSC::DebuggerCallFrame::currentPosition):
1090         (JSC::DebuggerCallFrame::positionForCallFrame):
1091         * debugger/DebuggerCallFrame.h:
1092         * interpreter/CallFrame.cpp:
1093         (JSC::CallFrame::vmEntryGlobalObject):
1094         (JSC::CallFrame::wasmAwareLexicalGlobalObject):
1095         (JSC::CallFrame::isAnyWasmCallee):
1096         (JSC::CallFrame::callerSourceOrigin):
1097         * interpreter/CallFrame.h:
1098         (JSC::ExecState::calleeAsValue):
1099         (JSC::ExecState::jsCallee):
1100         (JSC::ExecState::callee):
1101         (JSC::ExecState::unsafeCallee):
1102         (JSC::ExecState::scope):
1103         (JSC::ExecState::iterate):
1104         * interpreter/CalleeBits.h: Added.
1105         (JSC::CalleeBits::CalleeBits):
1106         (JSC::CalleeBits::operator=):
1107         (JSC::CalleeBits::boxWasm):
1108         (JSC::CalleeBits::isWasm):
1109         (JSC::CalleeBits::isCell):
1110         (JSC::CalleeBits::asCell):
1111         (JSC::CalleeBits::asWasmCallee):
1112         (JSC::CalleeBits::rawPtr):
1113         * interpreter/Interpreter.cpp:
1114         (JSC::GetStackTraceFunctor::operator()):
1115         (JSC::Interpreter::getStackTrace):
1116         (JSC::notifyDebuggerOfUnwinding):
1117         (JSC::UnwindFunctor::UnwindFunctor):
1118         (JSC::UnwindFunctor::operator()):
1119         (JSC::UnwindFunctor::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
1120         (JSC::Interpreter::unwind):
1121         (JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
1122         * interpreter/Interpreter.h:
1123         * interpreter/Register.h:
1124         (JSC::Register::pointer):
1125         * interpreter/ShadowChicken.cpp:
1126         (JSC::ShadowChicken::update):
1127         * interpreter/ShadowChickenInlines.h:
1128         (JSC::ShadowChicken::iterate):
1129         * interpreter/StackVisitor.cpp:
1130         (JSC::StackVisitor::StackVisitor):
1131         (JSC::StackVisitor::readFrame):
1132         (JSC::StackVisitor::readNonInlinedFrame):
1133         (JSC::StackVisitor::readInlinedFrame):
1134         (JSC::StackVisitor::Frame::calleeSaveRegisters):
1135         (JSC::StackVisitor::Frame::functionName):
1136         (JSC::StackVisitor::Frame::dump):
1137         * interpreter/StackVisitor.h:
1138         (JSC::StackVisitor::Frame::callee):
1139         (JSC::StackVisitor::visit):
1140         * jit/Repatch.cpp:
1141         (JSC::linkFor):
1142         (JSC::linkPolymorphicCall):
1143         * jsc.cpp:
1144         (callWasmFunction):
1145         (functionTestWasmModuleFunctions):
1146         * runtime/ArrayPrototype.cpp:
1147         * runtime/Error.cpp:
1148         (JSC::addErrorInfoAndGetBytecodeOffset):
1149         * runtime/ErrorInstance.cpp:
1150         (JSC::ErrorInstance::finishCreation):
1151         * runtime/JSCell.cpp:
1152         (JSC::JSCell::isAnyWasmCallee): Deleted.
1153         * runtime/JSCell.h:
1154         * runtime/JSCellInlines.h:
1155         (JSC::ExecState::vm):
1156         * runtime/JSFunction.cpp:
1157         (JSC::RetrieveArgumentsFunctor::operator()):
1158         (JSC::RetrieveCallerFunctionFunctor::operator()):
1159         * runtime/JSGlobalObject.cpp:
1160         * runtime/SamplingProfiler.cpp:
1161         (JSC::FrameWalker::recordJSFrame):
1162         (JSC::SamplingProfiler::processUnverifiedStackTraces):
1163         * runtime/SamplingProfiler.h:
1164         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
1165         * runtime/StackFrame.cpp:
1166         (JSC::StackFrame::sourceURL):
1167         (JSC::StackFrame::functionName):
1168         * runtime/StackFrame.h:
1169         (JSC::StackFrame::wasm):
1170         * runtime/VM.cpp:
1171         (JSC::VM::VM):
1172         (JSC::VM::throwException):
1173         * runtime/VM.h:
1174         * wasm/JSWebAssembly.h:
1175         * wasm/WasmB3IRGenerator.cpp:
1176         * wasm/WasmBinding.cpp:
1177         (JSC::Wasm::wasmToWasm):
1178         * wasm/WasmCallee.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
1179         (JSC::Wasm::Callee::Callee):
1180         (JSC::JSWebAssemblyCallee::JSWebAssemblyCallee): Deleted.
1181         (JSC::JSWebAssemblyCallee::finishCreation): Deleted.
1182         (JSC::JSWebAssemblyCallee::destroy): Deleted.
1183         * wasm/WasmCallee.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.h.
1184         (JSC::Wasm::Callee::create):
1185         (JSC::JSWebAssemblyCallee::create): Deleted.
1186         (JSC::JSWebAssemblyCallee::createStructure): Deleted.
1187         (JSC::JSWebAssemblyCallee::entrypoint): Deleted.
1188         (JSC::JSWebAssemblyCallee::calleeSaveRegisters): Deleted.
1189         * wasm/WasmContext.h:
1190         * wasm/WasmPlan.cpp:
1191         * wasm/WasmPlan.h:
1192         * wasm/WasmPlanInlines.h:
1193         (JSC::Wasm::Plan::initializeCallees):
1194         * wasm/WasmThunks.cpp:
1195         (JSC::Wasm::throwExceptionFromWasmThunkGenerator):
1196         * wasm/js/JSWebAssemblyCallee.cpp: Removed.
1197         * wasm/js/JSWebAssemblyCallee.h: Removed.
1198         * wasm/js/JSWebAssemblyCodeBlock.cpp:
1199         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1200         (JSC::JSWebAssemblyCodeBlock::initialize):
1201         (JSC::JSWebAssemblyCodeBlock::visitChildren):
1202         * wasm/js/JSWebAssemblyCodeBlock.h:
1203         (JSC::JSWebAssemblyCodeBlock::create):
1204         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
1205         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
1206         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
1207         (JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
1208         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
1209         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
1210         (JSC::JSWebAssemblyCodeBlock::offsetOfImportStubs):
1211         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1212         (JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
1213         (JSC::JSWebAssemblyCodeBlock::callees): Deleted.
1214         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees): Deleted.
1215         * wasm/js/JSWebAssemblyInstance.h:
1216         (JSC::JSWebAssemblyInstance::webAssemblyToJSCallee):
1217         * wasm/js/JSWebAssemblyModule.cpp:
1218         * wasm/js/WebAssemblyFunction.cpp:
1219         (JSC::callWebAssemblyFunction):
1220         (JSC::WebAssemblyFunction::create):
1221         (JSC::WebAssemblyFunction::WebAssemblyFunction):
1222         (JSC::WebAssemblyFunction::visitChildren):
1223         (JSC::WebAssemblyFunction::finishCreation):
1224         * wasm/js/WebAssemblyFunction.h:
1225         (JSC::WebAssemblyFunction::wasmEntrypoint):
1226         (JSC::WebAssemblyFunction::jsEntrypoint):
1227         (JSC::WebAssemblyFunction::offsetOfWasmEntrypoint):
1228         (JSC::WebAssemblyFunction::offsetOfWasmEntryPointCode): Deleted.
1229         * wasm/js/WebAssemblyModuleConstructor.cpp:
1230         * wasm/js/WebAssemblyModuleRecord.cpp:
1231         (JSC::WebAssemblyModuleRecord::link):
1232         (JSC::WebAssemblyModuleRecord::evaluate):
1233
1234 2017-04-04  Keith Miller  <keith_miller@apple.com>
1235
1236         WasmBench asserts in debug jsc
1237         https://bugs.webkit.org/show_bug.cgi?id=170462
1238
1239         Reviewed by Saam Barati.
1240
1241         The assertion should have been an if.
1242
1243         * wasm/WasmWorklist.cpp:
1244
1245 2017-04-04  Filip Pizlo  <fpizlo@apple.com>
1246
1247         Air::lowerAfterRegAlloc should bail early if it finds no Shuffles or ColdCCalls
1248         https://bugs.webkit.org/show_bug.cgi?id=170305
1249
1250         Reviewed by Saam Barati.
1251         
1252         This reduces and sometimes completely eliminates the need to run lowerAfterRegAlloc().
1253         
1254         This lowers the Shuffle for the arguments of a CCall before register allocation unless
1255         the CCall arguments require a real shuffle (like if the CCall arguments were argument
1256         registers). This lowers a ColdCCall like a CCall for optLevel<2.
1257         
1258         Finally, lowerAfterRegAlloc() now checks if there are any Shuffles or CCalls before it
1259         does anything else. For wasm at -O1, this means that the phase doesn't run at all. This
1260         is a ~3% wasm -O1 compile time progression.
1261         
1262         To make this easy, I changed optLevel into a property of Procedure and Code rather than
1263         an argument we thread through everything. I like how Procedure and Code are dumping
1264         ground classes. This does not bother me. Note that I cloned optLevel into Procedure and
1265         Code so that it's cheap to query inside Air phases.
1266
1267         * b3/B3Compile.cpp:
1268         (JSC::B3::compile):
1269         * b3/B3Compile.h:
1270         * b3/B3Generate.cpp:
1271         (JSC::B3::prepareForGeneration):
1272         (JSC::B3::generateToAir):
1273         * b3/B3Generate.h:
1274         * b3/B3Procedure.cpp:
1275         (JSC::B3::Procedure::setOptLevel):
1276         * b3/B3Procedure.h:
1277         (JSC::B3::Procedure::optLevel):
1278         * b3/air/AirCode.h:
1279         (JSC::B3::Air::Code::isPinned):
1280         (JSC::B3::Air::Code::setOptLevel):
1281         (JSC::B3::Air::Code::optLevel):
1282         * b3/air/AirEmitShuffle.cpp:
1283         (JSC::B3::Air::ShufflePair::bank):
1284         (JSC::B3::Air::ShufflePair::opcode):
1285         (JSC::B3::Air::ShufflePair::inst):
1286         (JSC::B3::Air::emitShuffle):
1287         * b3/air/AirEmitShuffle.h:
1288         (JSC::B3::Air::moveFor):
1289         * b3/air/AirGenerate.cpp:
1290         (JSC::B3::Air::prepareForGeneration):
1291         * b3/air/AirGenerate.h:
1292         * b3/air/AirLowerAfterRegAlloc.cpp:
1293         (JSC::B3::Air::lowerAfterRegAlloc):
1294         * b3/air/AirLowerMacros.cpp:
1295         (JSC::B3::Air::lowerMacros):
1296         * b3/testb3.cpp:
1297         (JSC::B3::compileProc):
1298         * wasm/WasmB3IRGenerator.cpp:
1299         (JSC::Wasm::parseAndCompile):
1300
1301 2017-04-04  Filip Pizlo  <fpizlo@apple.com>
1302
1303         Don't need to Air::reportUsedRegisters for wasm at -O1
1304         https://bugs.webkit.org/show_bug.cgi?id=170459
1305
1306         Reviewed by Saam Barati.
1307         
1308         I did some refactorings to Liveness<> to try to understand its performance. Based on
1309         this I concluded that the bigger immediate issue is just removing unnecessary phases
1310         from -O1.
1311         
1312         This removes Air::reportUsedRegisters() from -O1 if the user has indicated that he is
1313         not interested in StackmapGenerationParams::usedRegisters(). The logic here is a bit
1314         weird because of how Air does spill code generation. The register allocator's spiller
1315         will emit spill code using identifiable spill slots, which allows subsequent phases to
1316         register-allocate the spill slots. We do this by a forward flow CSE phase called
1317         fixObviousSpills (which is a terrible name since there is no longer anything obvious
1318         about some of the spills that this phase can fix!). As is most natural for CSEs over
1319         3AC, it rewires the uses of redundant computations rather than removing the redundant
1320         computations. This means that if a spill got "fixed", there may be either or both of
1321         the following:
1322         
1323         - Dead loads from the stack.
1324         - Dead stores to the stack.
1325         
1326         We know that a load from the stack is dead if the register is dead at the point of the
1327         load. We know that a store to the stack is dead if the spill slot is dead at the point
1328         of the store.
1329         
1330         Unfortunately, liveness analysis - over either registers or spill slots - is expensive.
1331         
1332         Fortunately, allocateStack() already does liveness analysis over spill slots. So, we
1333         baked elimination of stores to the stack into that phase. That aspect of clean-up after
1334         the spill CSE comes for free.
1335         
1336         Also fortunately for the FTL, we have to do reportUsedRegisters() anyway. This is a
1337         phase that enables StackmapGenerationParams::usedRegisters() to work, which then
1338         enables the FTL's patchpoints to do crazy slow-path live range splitting. So, Air's
1339         strategy for the load fix-up after spill CSE is to do it as part of
1340         reportUsedRegisters().
1341         
1342         This patch introduces the Procedure::setNeedsUsedRegisters() API. But if you set
1343         needsUsedRegisters to false then we will still run reportUsedRegisters() at -O2 as an
1344         optimization - it removes dead loads from the stack that are left behind from
1345         fixObviousSpills().
1346         
1347         This is a ~6% compile time progression at -O1.
1348
1349         * b3/B3Procedure.h:
1350         (JSC::B3::Procedure::setNeedsUsedRegisters):
1351         (JSC::B3::Procedure::needsUsedRegisters):
1352         * b3/B3StackmapGenerationParams.h:
1353         * b3/B3VariableLiveness.cpp:
1354         (JSC::B3::VariableLiveness::VariableLiveness):
1355         * b3/air/AirCode.cpp:
1356         (JSC::B3::Air::Code::needsUsedRegisters):
1357         * b3/air/AirCode.h:
1358         * b3/air/AirGenerate.cpp:
1359         (JSC::B3::Air::prepareForGeneration):
1360         * b3/air/AirLiveness.h:
1361         (JSC::B3::Air::Liveness::Liveness):
1362         * wasm/WasmB3IRGenerator.cpp:
1363         (JSC::Wasm::parseAndCompile):
1364
1365 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
1366
1367         Air liveness should build constraints and solve them rather than repeatedly parsing IR
1368         https://bugs.webkit.org/show_bug.cgi?id=170421
1369
1370         Reviewed by Saam Barati.
1371         
1372         Inst::forEach<> is expensive. The LivenessAdapter uses forEach with a particularly
1373         gnarly lambda that has many extra checks. Therefore, a lot of the time spent in
1374         liveness analysis is just recomputing forEach<> and that lambda to get uses and defs.
1375         
1376         This introduces LivenessConstraints<>, which is a liveness constraint system based on
1377         Adapter. It basically caches the results of doing forEach. It'll give you the uses and
1378         defs at each instruction boundary.
1379         
1380         This is a ~5% compile time progression at optLevel=1. It's also a ~3% compile time
1381         progression at optLevel=2.
1382         
1383         * JavaScriptCore.xcodeproj/project.pbxproj:
1384         * b3/air/AirLivenessAdapter.h:
1385         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
1386         (JSC::B3::Air::LivenessAdapter::forEachUse):
1387         (JSC::B3::Air::LivenessAdapter::forEachDef):
1388         * b3/air/AirLivenessConstraints.h: Added.
1389         (JSC::B3::Air::LivenessConstraints::Actions::Actions):
1390         (JSC::B3::Air::LivenessConstraints::LivenessConstraints):
1391         (JSC::B3::Air::LivenessConstraints::at):
1392
1393 2017-04-03  Mark Lam  <mark.lam@apple.com>
1394
1395         Fix incorrect capacity delta calculation reported in SparseArrayValueMap::add().
1396         https://bugs.webkit.org/show_bug.cgi?id=170412
1397         <rdar://problem/29697336>
1398
1399         Reviewed by Filip Pizlo.
1400
1401         Here's an example of code that will trigger underflow in the "deprecatedExtraMemory"
1402         reported by SparseArrayValueMap::add() that is added to Heap::m_deprecatedExtraMemorySize:
1403         
1404             arr = new Array;
1405             Object.defineProperty(arr, 18, ({writable: true, configurable: true}));
1406             for (var i = 0; i < 3; ++i) {
1407                 Array.prototype.push.apply(arr, ["", () => {}, {}]);
1408                 Array.prototype.sort.apply(arr, [() => {}, []]);
1409             }
1410
1411         However, Heap::m_deprecatedExtraMemorySize is only 1 of 3 values that are added
1412         up to form the result of Heap::extraMemorySize().  Heap::m_extraMemorySize and
1413         Heap::m_arrayBuffers.size() are the other 2.
1414
1415         While Heap::m_arrayBuffers.size() is bounded by actual allocated memory, both
1416         Heap::m_deprecatedExtraMemorySize and Heap::m_extraMemorySize are added to
1417         without any bounds checks, and they are only reset to 0 at the start of a full
1418         GC.  As a result, if we have a long sequence of eden GCs with a lot of additions
1419         to Heap::m_extraMemorySize and/or Heap::m_deprecatedExtraMemorySize, then these
1420         values could theoretically overflow.  Coupling this with the underflow from
1421         SparseArrayValueMap::add(), the result for Heap::extraMemorySize() can easily
1422         overflow.  Note: Heap::extraMemorySize() is used to compute the value
1423         currentHeapSize.
1424
1425         If multiple conditions line up just right, the above overflows can result in this
1426         debug assertion failure during an eden GC:
1427
1428             ASSERT(currentHeapSize >= m_sizeAfterLastCollect);
1429
1430         Otherwise, the effects of the overflows will only result in the computed
1431         currentHeapSize not being representative of actual memory usage, and therefore,
1432         a full GC may be triggered earlier or later than is ideal.
1433
1434         This patch ensures that SparseArrayValueMap::add() cannot underflow
1435         Heap::m_deprecatedExtraMemorySize.  It also adds overflows checks in the
1436         calculations of Heap::m_deprecatedExtraMemorySize, Heap::m_extraMemorySize, and
1437         Heap::extraMemorySize() so that their values are saturated appropriately to
1438         ensure that GC collections are triggered based on representative memory usage.
1439
1440         * heap/Heap.cpp:
1441         (JSC::Heap::deprecatedReportExtraMemorySlowCase):
1442         (JSC::Heap::extraMemorySize):
1443         (JSC::Heap::updateAllocationLimits):
1444         (JSC::Heap::reportExtraMemoryVisited):
1445         * runtime/SparseArrayValueMap.cpp:
1446         (JSC::SparseArrayValueMap::add):
1447
1448 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
1449
1450         Move the Liveness<> adapters from AirLiveness.h to AirLivenessAdapter.h.
1451
1452         Rubber stamped by Keith Miller.
1453         
1454         This will make it easier to write other code that uses those adapters.
1455
1456         * JavaScriptCore.xcodeproj/project.pbxproj:
1457         * b3/air/AirLiveness.h:
1458         (JSC::B3::Air::LivenessAdapter::LivenessAdapter): Deleted.
1459         (JSC::B3::Air::LivenessAdapter::blockSize): Deleted.
1460         (JSC::B3::Air::LivenessAdapter::forEachUse): Deleted.
1461         (JSC::B3::Air::LivenessAdapter::forEachDef): Deleted.
1462         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter): Deleted.
1463         (JSC::B3::Air::TmpLivenessAdapter::numIndices): Deleted.
1464         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank): Deleted.
1465         (JSC::B3::Air::TmpLivenessAdapter::acceptsRole): Deleted.
1466         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex): Deleted.
1467         (JSC::B3::Air::TmpLivenessAdapter::indexToValue): Deleted.
1468         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter): Deleted.
1469         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices): Deleted.
1470         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank): Deleted.
1471         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole): Deleted.
1472         (JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex): Deleted.
1473         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue): Deleted.
1474         * b3/air/AirLivenessAdapter.h: Added.
1475         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
1476         (JSC::B3::Air::LivenessAdapter::blockSize):
1477         (JSC::B3::Air::LivenessAdapter::forEachUse):
1478         (JSC::B3::Air::LivenessAdapter::forEachDef):
1479         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
1480         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
1481         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
1482         (JSC::B3::Air::TmpLivenessAdapter::acceptsRole):
1483         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
1484         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
1485         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
1486         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
1487         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
1488         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole):
1489         (JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex):
1490         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
1491
1492 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
1493
1494         WTF::Liveness should have an API that focuses on actions at instruction boundaries
1495         https://bugs.webkit.org/show_bug.cgi?id=170407
1496
1497         Reviewed by Keith Miller.
1498         
1499         Adopt changes to the WTF::Liveness<> API. Instead of having separate functions for the
1500         early/late versions of uses and defs, we now have just a use/def API. Those
1501         automatically take care of eary/late issues as needed.
1502         
1503         This reduces the API surface between WTF::Liveness<> and its clients, which makes it
1504         easier to implement some other optimizations I'm thinking about.
1505
1506         * b3/B3VariableLiveness.h:
1507         (JSC::B3::VariableLivenessAdapter::forEachUse):
1508         (JSC::B3::VariableLivenessAdapter::forEachDef):
1509         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse): Deleted.
1510         (JSC::B3::VariableLivenessAdapter::forEachLateUse): Deleted.
1511         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef): Deleted.
1512         (JSC::B3::VariableLivenessAdapter::forEachLateDef): Deleted.
1513         * b3/air/AirLiveness.h:
1514         (JSC::B3::Air::LivenessAdapter::blockSize):
1515         (JSC::B3::Air::LivenessAdapter::forEachUse):
1516         (JSC::B3::Air::LivenessAdapter::forEachDef):
1517         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse): Deleted.
1518         (JSC::B3::Air::LivenessAdapter::forEachLateUse): Deleted.
1519         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef): Deleted.
1520         (JSC::B3::Air::LivenessAdapter::forEachLateDef): Deleted.
1521
1522 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
1523
1524         Inst::forEachArg could compile to more compact code
1525         https://bugs.webkit.org/show_bug.cgi?id=170406
1526
1527         Reviewed by Sam Weinig.
1528         
1529         Prior to this change, Inst::forEachArg compiled to a ginormous ALWAYS_INLINE switch statement.
1530         It had one case for each opcode, and then each of those cases would have a switch statement over
1531         the number of operands. Then the cases of that switch statement would have a sequence of calls to
1532         the passed lambda. This meant that every user of forEachArg would generate an insane amount of
1533         code. It also meant that the inlining achieved nothing, since the lambda would surely then not
1534         be inlined - and if it was, then the icache pressure due to code bloat would surely negate any
1535         benefits.
1536         
1537         This replaces that code with a loop over a compact look-up table. We use the opcode and number of
1538         operands as keys into that look-up table. The table only takes about 20KB. It has one byte for
1539         each argument in each overload of each opcode.
1540         
1541         I can't measure any reproducible change in performance, but the JavaScriptCore framework binary
1542         shrinks by 2.7 MB. This is a 15% reduction in JavaScriptCore binary size.
1543
1544         * JavaScriptCore.xcodeproj/project.pbxproj:
1545         * b3/B3Width.h:
1546         * b3/air/AirCustom.h:
1547         (JSC::B3::Air::PatchCustom::forEachArg):
1548         * b3/air/AirFormTable.h: Added.
1549         (JSC::B3::Air::decodeFormRole):
1550         (JSC::B3::Air::decodeFormBank):
1551         (JSC::B3::Air::decodeFormWidth):
1552         * b3/air/AirInst.h:
1553         * b3/air/opcode_generator.rb:
1554
1555 2017-04-03  Keith Miller  <keith_miller@apple.com>
1556
1557         WebAssembly: remove lastAllocatedMode from Memory
1558         https://bugs.webkit.org/show_bug.cgi?id=170405
1559
1560         Reviewed by Mark Lam.
1561
1562         It's not used anymore so there isn't any point in keeping it around.
1563
1564         * wasm/WasmMemory.cpp:
1565         (JSC::Wasm::Memory::createImpl):
1566         (JSC::Wasm::Memory::lastAllocatedMode): Deleted.
1567         * wasm/WasmMemory.h:
1568
1569 2017-04-03  Zan Dobersek  <zdobersek@igalia.com>
1570
1571         [jsc] Add patchableJumpSize() for MIPS
1572         https://bugs.webkit.org/show_bug.cgi?id=169716
1573
1574         Reviewed by Yusuke Suzuki.
1575
1576         * assembler/MIPSAssembler.h:
1577         (JSC::MIPSAssembler::patchableJumpSize): Added.
1578         * assembler/MacroAssemblerMIPS.h:
1579         (JSC::MacroAssemblerMIPS::patchableJumpSize): Added.
1580
1581 2017-04-03  Guillaume Emont  <guijemont@igalia.com>
1582
1583         [jsc] implement MIPSAssembler::relinkJumpToNop()
1584         https://bugs.webkit.org/show_bug.cgi?id=169720
1585
1586         Reviewed by Yusuke Suzuki.
1587
1588         * assembler/MIPSAssembler.h:
1589         (JSC::MIPSAssembler::relinkJumpToNop): Added.
1590
1591 2017-04-02  Carlos Garcia Campos  <cgarcia@igalia.com>
1592
1593         Share implementation of JSRunLoopTimer::timerDidFire
1594         https://bugs.webkit.org/show_bug.cgi?id=170392
1595
1596         Reviewed by Michael Catanzaro.
1597
1598         The code is cross-platform but it's duplicated in CF and GLib implementations, it could be shared instead.
1599
1600         * runtime/JSRunLoopTimer.cpp:
1601         (JSC::JSRunLoopTimer::timerDidFire): Move common implementation here.
1602         (JSC::JSRunLoopTimer::setRunLoop): Use timerDidFireCallback.
1603         (JSC::JSRunLoopTimer::timerDidFireCallback): Call JSRunLoopTimer::timerDidFire().
1604         * runtime/JSRunLoopTimer.h:
1605
1606 2017-04-01  Oleksandr Skachkov  <gskachkov@gmail.com>
1607
1608         Object with numerical keys with gaps gets filled by NaN values
1609         https://bugs.webkit.org/show_bug.cgi?id=164412
1610
1611         Reviewed by Mark Lam.
1612
1613         This patch fixes issue when object have two properties 
1614         with name as number. The issue appears when during invoking 
1615         convertDoubleToArrayStorage, array is filled by pNaN and 
1616         method converting it to real NaN. This happeneds because a 
1617         pNaN in a Double array is a hole, and Double arrays cannot 
1618         have NaN values. To fix issue we need to check value and 
1619         clear it if it pNaN.
1620
1621         * runtime/JSObject.cpp:
1622         (JSC::JSObject::convertDoubleToArrayStorage):
1623
1624 2017-03-31  Saam Barati  <sbarati@apple.com>
1625
1626         WebAssembly: Make our calls out to JS PIC friendly
1627         https://bugs.webkit.org/show_bug.cgi?id=170261
1628
1629         Reviewed by Keith Miller.
1630
1631         This patch removes a direct call from the module to the Wasm to JS stub.
1632         Instead, we do an indirect call to the stub by loading the stub's executable
1633         address off of the CodeBlock. This is to make the code we emit for comply with
1634         requirements needed for PIC.
1635         
1636         Adding this indirection is not ideal. Although this patch is neutral on
1637         WasmBench, we really want to get back to a world where we have an IC
1638         call infrastructure. This patch is obviously a regression on some
1639         types of programs. I've filed this bug to make sure we implement a
1640         PIC compliant Wasm to JS call IC:
1641         https://bugs.webkit.org/show_bug.cgi?id=170375
1642
1643         * wasm/WasmB3IRGenerator.cpp:
1644         * wasm/WasmFormat.h:
1645         * wasm/WasmPlan.cpp:
1646         (JSC::Wasm::Plan::complete):
1647         * wasm/js/JSWebAssemblyCodeBlock.cpp:
1648         (JSC::JSWebAssemblyCodeBlock::initialize):
1649         * wasm/js/JSWebAssemblyCodeBlock.h:
1650         (JSC::JSWebAssemblyCodeBlock::create):
1651         (JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
1652         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
1653         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1654         (JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
1655         * wasm/js/JSWebAssemblyInstance.cpp:
1656         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
1657         * wasm/js/JSWebAssemblyInstance.h:
1658         (JSC::JSWebAssemblyInstance::offsetOfCodeBlock):
1659
1660 2017-03-31  Keith Miller  <keith_miller@apple.com>
1661
1662         WebAssembly: webAssemblyB3OptimizationLevel should use defaultB3OptLevel by default
1663         https://bugs.webkit.org/show_bug.cgi?id=170378
1664
1665         Reviewed by Saam Barati.
1666
1667         * runtime/Options.h:
1668         * wasm/WasmB3IRGenerator.h:
1669
1670 2017-03-31  Keith Miller  <keith_miller@apple.com>
1671
1672         WebAssembly: Add compilation level option
1673         https://bugs.webkit.org/show_bug.cgi?id=170374
1674
1675         Reviewed by Mark Lam.
1676
1677         This patch adds an option, webAssemblyB3OptimizationLevel, which
1678         changes the optimization mode wasm passes to B3.
1679
1680         * runtime/Options.h:
1681         * wasm/WasmPlan.cpp:
1682         (JSC::Wasm::Plan::compileFunctions):
1683
1684 2017-03-31  Saam Barati  <sbarati@apple.com>
1685
1686         WebAssembly: Strip WasmParser and WasmFunctionParser from knowing about VM
1687         https://bugs.webkit.org/show_bug.cgi?id=170312
1688
1689         Reviewed by Mark Lam.
1690
1691         This is another step towards PIC-ifying Wasm. This patch removes
1692         the VM field that is no longer used.
1693
1694         * wasm/WasmB3IRGenerator.cpp:
1695         (JSC::Wasm::parseAndCompile):
1696         * wasm/WasmB3IRGenerator.h:
1697         * wasm/WasmFunctionParser.h:
1698         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
1699         * wasm/WasmModuleParser.h:
1700         (JSC::Wasm::ModuleParser::ModuleParser):
1701         * wasm/WasmParser.h:
1702         (JSC::Wasm::Parser<SuccessType>::Parser):
1703         * wasm/WasmPlan.cpp:
1704         (JSC::Wasm::Plan::parseAndValidateModule):
1705         (JSC::Wasm::Plan::compileFunctions):
1706         * wasm/WasmValidate.cpp:
1707         (JSC::Wasm::validateFunction):
1708         * wasm/WasmValidate.h:
1709
1710 2017-03-31  Saam Barati  <sbarati@apple.com>
1711
1712         WebAssembly: Ref count Signature and SignatureInformation should not care about VM
1713         https://bugs.webkit.org/show_bug.cgi?id=170316
1714
1715         Reviewed by Keith Miller.
1716
1717         This is yet again another step towards PIC-ifying Wasm.
1718         Signature should be ref counted so we can tell when
1719         no code is holding onto a Signature. This makes it easy
1720         to free unused Signatures. Also, this patch rids SignatureInfo
1721         of any VM knowledge. Now, there is just a single SignatureInfo that
1722         lives in a process.
1723
1724         * runtime/VM.h:
1725         * wasm/WasmB3IRGenerator.cpp:
1726         (JSC::Wasm::createJSToWasmWrapper):
1727         (JSC::Wasm::parseAndCompile):
1728         * wasm/WasmB3IRGenerator.h:
1729         * wasm/WasmBinding.cpp:
1730         (JSC::Wasm::wasmToJs):
1731         * wasm/WasmCallingConvention.h:
1732         (JSC::Wasm::CallingConvention::loadArguments):
1733         * wasm/WasmFormat.h:
1734         * wasm/WasmFunctionParser.h:
1735         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
1736         * wasm/WasmModuleParser.cpp:
1737         * wasm/WasmPlan.cpp:
1738         (JSC::Wasm::Plan::parseAndValidateModule):
1739         (JSC::Wasm::Plan::compileFunctions):
1740         (JSC::Wasm::Plan::complete):
1741         * wasm/WasmSignature.cpp:
1742         (JSC::Wasm::Signature::hash):
1743         (JSC::Wasm::Signature::tryCreate):
1744         (JSC::Wasm::SignatureInformation::SignatureInformation):
1745         (JSC::Wasm::SignatureInformation::singleton):
1746         (JSC::Wasm::SignatureInformation::adopt):
1747         (JSC::Wasm::SignatureInformation::get):
1748         (JSC::Wasm::SignatureInformation::tryCleanup):
1749         (JSC::Wasm::Signature::create): Deleted.
1750         (JSC::Wasm::Signature::createInvalid): Deleted.
1751         (JSC::Wasm::Signature::destroy): Deleted.
1752         (JSC::Wasm::SignatureInformation::~SignatureInformation): Deleted.
1753         * wasm/WasmSignature.h:
1754         (JSC::Wasm::Signature::allocatedSize):
1755         (JSC::Wasm::Signature::operator==):
1756         * wasm/WasmValidate.cpp:
1757         (JSC::Wasm::validateFunction):
1758         * wasm/WasmValidate.h:
1759         * wasm/js/JSWebAssemblyModule.cpp:
1760         (JSC::JSWebAssemblyModule::destroy):
1761         * wasm/js/WebAssemblyFunction.cpp:
1762         (JSC::callWebAssemblyFunction):
1763         * wasm/js/WebAssemblyFunction.h:
1764         * wasm/js/WebAssemblyModuleRecord.cpp:
1765         (JSC::WebAssemblyModuleRecord::link):
1766         (JSC::WebAssemblyModuleRecord::evaluate):
1767         * wasm/js/WebAssemblyWrapperFunction.cpp:
1768         (JSC::WebAssemblyWrapperFunction::create):
1769         * wasm/js/WebAssemblyWrapperFunction.h:
1770
1771 2017-03-31  Mark Lam  <mark.lam@apple.com>
1772
1773         Array.prototype.splice() should not be using JSArray::tryCreateForInitializationPrivate().
1774         https://bugs.webkit.org/show_bug.cgi?id=170303
1775         <rdar://problem/31358281>
1776
1777         Reviewed by Filip Pizlo.
1778
1779         This is because it needs to call getProperty() later to get the values for
1780         initializing the array.  getProperty() can execute arbitrary code and potentially
1781         trigger the GC.  This is not allowed for clients of JSArray::tryCreateForInitializationPrivate().
1782
1783         * runtime/ArrayPrototype.cpp:
1784         (JSC::arrayProtoFuncSplice):
1785         (JSC::copySplicedArrayElements): Deleted.
1786
1787 2017-03-31  Oleksandr Skachkov  <gskachkov@gmail.com>
1788
1789         String.prototype.replace incorrectly applies "special replacement parameters" when passed a function
1790         https://bugs.webkit.org/show_bug.cgi?id=170151
1791
1792         Reviewed by Saam Barati.
1793
1794         This patch fixes issue for String.prototype.replace when passed a function 
1795         with special symbols "$$". It happeneds because substituteBackreferences applies 
1796         unconditionally, but according to the spec it should be applied only for text 
1797         21.1.3.16.8 https://tc39.github.io/ecma262/#sec-string.prototype.replace
1798
1799         * runtime/StringPrototype.cpp:
1800         (JSC::replaceUsingStringSearch):
1801
1802 2017-03-30  Saam Barati  <sbarati@apple.com>
1803
1804         WebAssembly: When Wasm calls to C, it should use Wasm::Context* instead of ExecState* to get VM
1805         https://bugs.webkit.org/show_bug.cgi?id=170185
1806
1807         Reviewed by Michael Saboff.
1808
1809         This is one more step in the direction of PIC-ified Wasm.
1810         When we lift WasmCallee above VM, we will no longer be
1811         able to get VM from ExecState*. This patch ensures that
1812         we don't do that from within the Wasm runtime. Instead,
1813         we use the Wasm::Context* to get the VM.
1814
1815         This patch also adds a new class, Wasm::Thunks. There
1816         is a single Wasm::Thunks that lives in the process. It
1817         is responsible for generating a thunk that Wasm relies on.
1818         The only such thunk right now is the exception throwing
1819         thunk.
1820
1821         This patch also rids WasmFaultSignalHandler from any knowledge
1822         of VM. Previously, it relied on VM to get the exception handling
1823         thunk.
1824
1825         The only part of the Wasm runtime that will be allowed
1826         to get VM& from ExecState will be WasmBinding. In the
1827         future, we plan to keep the calls out to JS to keep
1828         a JSCell as the callee.
1829
1830         * JavaScriptCore.xcodeproj/project.pbxproj:
1831         * dfg/DFGOSREntry.cpp:
1832         (JSC::DFG::prepareOSREntry):
1833         * ftl/FTLOSRExitCompiler.cpp:
1834         (JSC::FTL::compileStub):
1835         * interpreter/Interpreter.cpp:
1836         (JSC::UnwindFunctor::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
1837         * jit/AssemblyHelpers.cpp:
1838         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
1839         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBufferImpl):
1840         * jit/AssemblyHelpers.h:
1841         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
1842         * jit/ThunkGenerators.cpp:
1843         (JSC::throwExceptionFromWasmThunkGenerator): Deleted.
1844         * jit/ThunkGenerators.h:
1845         * runtime/InitializeThreading.cpp:
1846         (JSC::initializeThreading):
1847         * runtime/VM.cpp:
1848         (JSC::VM::VM):
1849         (JSC::VM::getAllCalleeSaveRegisterOffsets):
1850         * runtime/VM.h:
1851         (JSC::VM::topVMEntryFrameOffset):
1852         (JSC::VM::getAllCalleeSaveRegisterOffsets): Deleted.
1853         * wasm/WasmB3IRGenerator.cpp:
1854         (JSC::Wasm::B3IRGenerator::emitExceptionCheck):
1855         * wasm/WasmFaultSignalHandler.cpp:
1856         (JSC::Wasm::trapHandler):
1857         * wasm/WasmMemory.cpp:
1858         (JSC::Wasm::tryGetFastMemory):
1859         * wasm/WasmThunks.cpp: Added.
1860         (JSC::Wasm::throwExceptionFromWasmThunkGenerator):
1861         (JSC::Wasm::Thunks::initialize):
1862         (JSC::Wasm::Thunks::singleton):
1863         (JSC::Wasm::Thunks::stub):
1864         (JSC::Wasm::Thunks::existingStub):
1865         * wasm/WasmThunks.h: Added.
1866         * wasm/js/JSWebAssemblyInstance.cpp:
1867         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
1868         * wasm/js/JSWebAssemblyInstance.h:
1869         (JSC::JSWebAssemblyInstance::offsetOfVM):
1870         * wasm/js/JSWebAssemblyMemory.cpp:
1871         (JSC::JSWebAssemblyMemory::grow):
1872         * wasm/js/JSWebAssemblyMemory.h:
1873         * wasm/js/WebAssemblyMemoryPrototype.cpp:
1874         (JSC::webAssemblyMemoryProtoFuncGrow):
1875
1876 2017-03-30  Mark Lam  <mark.lam@apple.com>
1877
1878         IntlObject should not be using JSArray::initializeIndex().
1879         https://bugs.webkit.org/show_bug.cgi?id=170302
1880         <rdar://problem/31356918>
1881
1882         Reviewed by Saam Barati.
1883
1884         JSArray::initializeIndex() is only meant to be used with arrays created using
1885         JSArray::tryCreateForInitializationPrivate() under very constrained conditions.
1886
1887         * runtime/IntlObject.cpp:
1888         (JSC::canonicalizeLocaleList):
1889         (JSC::intlObjectFuncGetCanonicalLocales):
1890
1891 2017-03-30  Filip Pizlo  <fpizlo@apple.com>
1892
1893         Air should support linear scan for optLevel<2
1894         https://bugs.webkit.org/show_bug.cgi?id=170161
1895
1896         Reviewed by Saam Barati.
1897         
1898         This changes the default opt level of B3 to 2. It makes the other opt levels useful by adding a
1899         new register allocator. This new linear scan allocator will produce significantly worse code.
1900         But it will produce that code a lot faster than IRC or Briggs.
1901         
1902         The opt levels are:
1903             0: no optimizations, linear scan
1904             1: some optimizations, linear scan
1905             2: full optimizations, graph coloring (IRC or Briggs based on CPU)
1906         
1907         What we used to call optLevel=1 is not called optLevel=2, or better yet,
1908         optLevel=B3::defaultOptLevel(). We no longer have anything like the old optLevel=0 (which did no
1909         optimizations but ran graph coloring).
1910         
1911         allocateRegistersByLinearScan() faithfully implements Massimiliano Poletto and Vivek Sarkar's
1912         famous algorithm. It uses the variant that handles clobbered registers by avoiding assigning
1913         ranges to those registers if the range overlaps a clobber. It's engineered to allocate registers
1914         very quickly and generate inefficient code without falling off a cliff.
1915         
1916         The new optLevel=1 speeds up B3 by a factor of 2, and results in a 80% throughput regression.
1917         Linear scan runs 4.7x faster than graph coloring on average.
1918
1919         * CMakeLists.txt:
1920         * JavaScriptCore.xcodeproj/project.pbxproj:
1921         * b3/B3BasicBlockUtils.h:
1922         (JSC::B3::blocksInPreOrder):
1923         (JSC::B3::blocksInPostOrder):
1924         * b3/B3BlockWorklist.h:
1925         * b3/B3CFG.h:
1926         (JSC::B3::CFG::newMap):
1927         * b3/B3Common.h:
1928         (JSC::B3::defaultOptLevel):
1929         * b3/B3Compile.h:
1930         * b3/B3DuplicateTails.cpp:
1931         * b3/B3EliminateCommonSubexpressions.cpp:
1932         * b3/B3FixSSA.cpp:
1933         (JSC::B3::demoteValues):
1934         (JSC::B3::fixSSA):
1935         * b3/B3FixSSA.h:
1936         * b3/B3Generate.cpp:
1937         (JSC::B3::prepareForGeneration):
1938         (JSC::B3::generateToAir):
1939         * b3/B3Generate.h:
1940         * b3/B3HeapRange.cpp: Removed.
1941         * b3/B3HeapRange.h:
1942         (JSC::B3::HeapRange::HeapRange): Deleted.
1943         (JSC::B3::HeapRange::top): Deleted.
1944         (JSC::B3::HeapRange::operator==): Deleted.
1945         (JSC::B3::HeapRange::operator!=): Deleted.
1946         (JSC::B3::HeapRange::operator|): Deleted.
1947         (JSC::B3::HeapRange::operator bool): Deleted.
1948         (JSC::B3::HeapRange::begin): Deleted.
1949         (JSC::B3::HeapRange::end): Deleted.
1950         (JSC::B3::HeapRange::overlaps): Deleted.
1951         * b3/B3LowerToAir.cpp:
1952         * b3/B3MoveConstants.cpp:
1953         * b3/B3PhiChildren.h:
1954         * b3/B3Procedure.cpp:
1955         (JSC::B3::Procedure::dump):
1956         (JSC::B3::Procedure::deleteOrphans):
1957         (JSC::B3::Procedure::setBlockOrderImpl):
1958         * b3/B3ReduceDoubleToFloat.cpp:
1959         * b3/B3ReduceStrength.cpp:
1960         * b3/B3SSACalculator.h:
1961         * b3/B3UseCounts.h:
1962         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
1963         * b3/air/AirAllocateRegistersByLinearScan.cpp: Added.
1964         (JSC::B3::Air::allocateRegistersByLinearScan):
1965         * b3/air/AirAllocateRegistersByLinearScan.h: Added.
1966         * b3/air/AirAllocateStack.cpp:
1967         (JSC::B3::Air::allocateStack):
1968         * b3/air/AirArg.cpp:
1969         (WTF::printInternal):
1970         * b3/air/AirArg.h:
1971         (JSC::B3::Air::Arg::activeAt):
1972         (JSC::B3::Air::Arg::timing):
1973         (JSC::B3::Air::Arg::forEachPhase):
1974         * b3/air/AirBasicBlock.h:
1975         * b3/air/AirBlockWorklist.h:
1976         * b3/air/AirCFG.h:
1977         (JSC::B3::Air::CFG::newMap):
1978         * b3/air/AirEliminateDeadCode.cpp:
1979         (JSC::B3::Air::eliminateDeadCode):
1980         * b3/air/AirFixObviousSpills.cpp:
1981         * b3/air/AirFixPartialRegisterStalls.cpp:
1982         (JSC::B3::Air::fixPartialRegisterStalls):
1983         * b3/air/AirFixSpillsAfterTerminals.cpp: Added.
1984         (JSC::B3::Air::fixSpillsAfterTerminals):
1985         * b3/air/AirFixSpillsAfterTerminals.h: Added.
1986         * b3/air/AirGenerate.cpp:
1987         (JSC::B3::Air::prepareForGeneration):
1988         (JSC::B3::Air::generate):
1989         * b3/air/AirGenerate.h:
1990         * b3/air/AirGenerationContext.h:
1991         * b3/air/AirInsertionSet.h:
1992         * b3/air/AirInst.cpp:
1993         (JSC::B3::Air::Inst::needsPadding):
1994         * b3/air/AirLowerAfterRegAlloc.cpp:
1995         (JSC::B3::Air::lowerAfterRegAlloc):
1996         * b3/air/AirLowerEntrySwitch.cpp:
1997         (JSC::B3::Air::lowerEntrySwitch):
1998         * b3/air/AirOpcode.opcodes:
1999         * b3/air/AirPhaseInsertionSet.cpp: Added.
2000         (JSC::B3::Air::PhaseInsertionSet::execute):
2001         * b3/air/AirPhaseInsertionSet.h: Added.
2002         (JSC::B3::Air::PhaseInsertion::PhaseInsertion):
2003         (JSC::B3::Air::PhaseInsertion::phase):
2004         (JSC::B3::Air::PhaseInsertion::operator<):
2005         (JSC::B3::Air::PhaseInsertionSet::PhaseInsertionSet):
2006         (JSC::B3::Air::PhaseInsertionSet::appendInsertion):
2007         (JSC::B3::Air::PhaseInsertionSet::insertInst):
2008         (JSC::B3::Air::PhaseInsertionSet::insert):
2009         * b3/air/AirRegLiveness.h:
2010         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
2011         * b3/air/AirSpillEverything.cpp:
2012         (JSC::B3::Air::spillEverything):
2013         * b3/air/AirTmp.cpp:
2014         * b3/air/AirTmp.h:
2015         (JSC::B3::Air::Tmp::tmpForIndex):
2016         * b3/air/AirTmpInlines.h:
2017         (JSC::B3::Air::Tmp::Indexed::Indexed):
2018         (JSC::B3::Air::Tmp::Indexed::index):
2019         (JSC::B3::Air::Tmp::AbsolutelyIndexed::AbsolutelyIndexed):
2020         (JSC::B3::Air::Tmp::AbsolutelyIndexed::index):
2021         (JSC::B3::Air::Tmp::indexed):
2022         (JSC::B3::Air::Tmp::absolutelyIndexed):
2023         (JSC::B3::Air::Tmp::tmpForAbsoluteIndex):
2024         * b3/testb3.cpp:
2025         (JSC::B3::compile):
2026         (JSC::B3::testMulLoadTwice):
2027         * jit/RegisterSet.h:
2028         (JSC::RegisterSet::add):
2029         (JSC::RegisterSet::remove):
2030         * runtime/Options.h:
2031         * wasm/WasmB3IRGenerator.h:
2032
2033 2017-03-30  Youenn Fablet  <youenn@apple.com>
2034
2035         Clean up RTCDataChannel
2036         https://bugs.webkit.org/show_bug.cgi?id=169732
2037
2038         Reviewed by Chris Dumez.
2039
2040         * runtime/CommonIdentifiers.h: Adding RTCDataChannelEvent.
2041
2042 2017-03-30  Saam Barati  <sbarati@apple.com>
2043
2044         WebAssembly: pass Wasm::Context* to vmEntryToWasm when not using fast TLS
2045         https://bugs.webkit.org/show_bug.cgi?id=170182
2046
2047         Reviewed by Mark Lam.
2048
2049         This is one more step in the direction of PIC-ified Wasm.
2050         I'm removing assumptions that a wasm callee is a cell. We used to use
2051         the callee to get the WasmContext off the callee's VM. Instead,
2052         this patch makes it so that we pass in the context as a parameter
2053         to the JS entrypoint.
2054
2055         * heap/MarkedBlock.h:
2056         (JSC::MarkedBlock::offsetOfVM): Deleted.
2057         * jit/AssemblyHelpers.cpp:
2058         (JSC::AssemblyHelpers::loadWasmContext):
2059         (JSC::AssemblyHelpers::storeWasmContext):
2060         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
2061         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
2062         * jsc.cpp:
2063         (functionTestWasmModuleFunctions):
2064         * runtime/VM.h:
2065         (JSC::VM::wasmContextOffset): Deleted.
2066         * wasm/WasmB3IRGenerator.cpp:
2067         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
2068         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
2069         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2070         (JSC::Wasm::createJSToWasmWrapper):
2071         * wasm/WasmContext.cpp:
2072         (JSC::Wasm::loadContext):
2073         (JSC::Wasm::storeContext):
2074         (JSC::loadWasmContext): Deleted.
2075         (JSC::storeWasmContext): Deleted.
2076         * wasm/WasmContext.h:
2077         (JSC::Wasm::useFastTLS):
2078         (JSC::Wasm::useFastTLSForContext):
2079         * wasm/WasmMemoryInformation.cpp:
2080         (JSC::Wasm::PinnedRegisterInfo::get):
2081         * wasm/WasmMemoryInformation.h:
2082         (JSC::Wasm::useFastTLS): Deleted.
2083         (JSC::Wasm::useFastTLSForWasmContext): Deleted.
2084         * wasm/js/WebAssemblyFunction.cpp:
2085         (JSC::callWebAssemblyFunction):
2086
2087 2017-03-30  JF Bastien  <jfbastien@apple.com>
2088
2089         WebAssembly: fix misc JS API implementation inconsistencies
2090         https://bugs.webkit.org/show_bug.cgi?id=170187
2091
2092         Reviewed by Keith Miller.
2093
2094         Auto-generate lookup tables.
2095         Methods should be on prototype.
2096         Exception returns should be idiomatic.
2097
2098         * wasm/JSWebAssembly.cpp: validate / compile / instantiate should
2099         be on the prototype
2100         (JSC::JSWebAssembly::create):
2101         (JSC::JSWebAssembly::finishCreation):
2102         (JSC::reject): Deleted.
2103         (JSC::webAssemblyCompileFunc): Deleted.
2104         (JSC::resolve): Deleted.
2105         (JSC::instantiate): Deleted.
2106         (JSC::compileAndInstantiate): Deleted.
2107         (JSC::webAssemblyInstantiateFunc): Deleted.
2108         (JSC::webAssemblyValidateFunc): Deleted.
2109         * wasm/JSWebAssembly.h:
2110         * wasm/js/WebAssemblyMemoryPrototype.cpp: move from JSWebAssembly.cpp
2111         (JSC::webAssemblyMemoryProtoFuncBuffer):
2112         (JSC::WebAssemblyMemoryPrototype::create):
2113         (JSC::WebAssemblyMemoryPrototype::finishCreation):
2114         * wasm/js/WebAssemblyMemoryPrototype.h:
2115         * wasm/js/WebAssemblyPrototype.cpp:
2116         (JSC::reject):
2117         (JSC::webAssemblyCompileFunc):
2118         (JSC::resolve):
2119         (JSC::instantiate):
2120         (JSC::compileAndInstantiate):
2121         (JSC::webAssemblyInstantiateFunc):
2122         (JSC::webAssemblyValidateFunc):
2123         (JSC::webAssemblyFunctionValidate): Deleted.
2124         (JSC::webAssemblyFunctionCompile): Deleted.
2125         * wasm/js/WebAssemblyTablePrototype.cpp:
2126         (JSC::webAssemblyTableProtoFuncGrow):
2127         (JSC::webAssemblyTableProtoFuncGet):
2128         (JSC::webAssemblyTableProtoFuncSet):
2129         (JSC::WebAssemblyTablePrototype::create):
2130         (JSC::WebAssemblyTablePrototype::finishCreation):
2131         * wasm/js/WebAssemblyTablePrototype.h:
2132
2133 2017-03-29  Keith Miller  <keith_miller@apple.com>
2134
2135         Unreviewed, fix the build, again. Hopefully for the last time, again!
2136
2137         * runtime/Options.cpp:
2138
2139 2017-03-29  Keith Miller  <keith_miller@apple.com>
2140
2141         Unreviewed, fix the build, again. Hopefully for the last time!
2142
2143         * runtime/Options.cpp:
2144         (JSC::parse):
2145
2146 2017-03-29  Keith Miller  <keith_miller@apple.com>
2147
2148         Unreviewed, windows build fix.
2149
2150         * runtime/Options.cpp:
2151         (JSC::parse):
2152
2153 2017-03-29  Keith Miller  <keith_miller@apple.com>
2154
2155         WebAssembly: B3IRGenerator should pool constants
2156         https://bugs.webkit.org/show_bug.cgi?id=170266
2157
2158         Reviewed by Filip Pizlo.
2159
2160         This patch adds a HashMap to B3IRGenerator that contains all the constants used in a function.
2161         B3IRGenerator then uses an InsertionSet to add all those constants to the root BB. This doesn't
2162         appear to be a compile time improvement but it could be valuable in the future.
2163
2164         * b3/B3Opcode.h:
2165         (JSC::B3::opcodeForConstant):
2166         * b3/B3Procedure.cpp:
2167         (JSC::B3::Procedure::addConstant):
2168         * b3/B3Procedure.h:
2169         * wasm/WasmB3IRGenerator.cpp:
2170         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2171         (JSC::Wasm::B3IRGenerator::constant):
2172         (JSC::Wasm::B3IRGenerator::insertConstants):
2173         (JSC::Wasm::B3IRGenerator::addConstant):
2174         (JSC::Wasm::B3IRGenerator::dump):
2175         (JSC::Wasm::parseAndCompile):
2176         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
2177         (JSC::Wasm::B3IRGenerator::zeroForType): Deleted.
2178         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
2179         (generateConstCode):
2180
2181 2017-03-29  Saam Barati  <sbarati@apple.com>
2182
2183         LinkBuffer and ExecutableAllocator shouldn't have anything to do with VM
2184         https://bugs.webkit.org/show_bug.cgi?id=170210
2185
2186         Reviewed by Mark Lam.
2187
2188         This is one more step in the direction of PIC-ified Wasm.
2189         LinkBuffer and ExecutableAllocator have no business knowing about VM.
2190
2191         * assembler/LinkBuffer.cpp:
2192         (JSC::LinkBuffer::allocate):
2193         * assembler/LinkBuffer.h:
2194         (JSC::LinkBuffer::LinkBuffer):
2195         (JSC::LinkBuffer::vm): Deleted.
2196         * b3/B3Compile.cpp:
2197         (JSC::B3::compile):
2198         * b3/B3Compile.h:
2199         * b3/air/testair.cpp:
2200         * b3/testb3.cpp:
2201         (JSC::B3::compileProc):
2202         (JSC::B3::compileAndRun):
2203         (JSC::B3::testLoadAcq42):
2204         (JSC::B3::testAddArgZeroImmZDef):
2205         (JSC::B3::testAddLoadTwice):
2206         (JSC::B3::testMulLoadTwice):
2207         (JSC::B3::testMulAddArgsLeft):
2208         (JSC::B3::testMulAddArgsRight):
2209         (JSC::B3::testMulAddArgsLeft32):
2210         (JSC::B3::testMulAddArgsRight32):
2211         (JSC::B3::testMulSubArgsLeft):
2212         (JSC::B3::testMulSubArgsRight):
2213         (JSC::B3::testMulSubArgsLeft32):
2214         (JSC::B3::testMulSubArgsRight32):
2215         (JSC::B3::testMulNegArgs):
2216         (JSC::B3::testMulNegArgs32):
2217         (JSC::B3::testCompareFloatToDoubleThroughPhi):
2218         (JSC::B3::testDoubleToFloatThroughPhi):
2219         (JSC::B3::testReduceFloatToDoubleValidates):
2220         (JSC::B3::testDoubleProducerPhiToFloatConversion):
2221         (JSC::B3::testDoubleProducerPhiToFloatConversionWithDoubleConsumer):
2222         (JSC::B3::testDoubleProducerPhiWithNonFloatConst):
2223         (JSC::B3::testIToD64Arg):
2224         (JSC::B3::testIToF64Arg):
2225         (JSC::B3::testIToD32Arg):
2226         (JSC::B3::testIToF32Arg):
2227         (JSC::B3::testIToD64Mem):
2228         (JSC::B3::testIToF64Mem):
2229         (JSC::B3::testIToD32Mem):
2230         (JSC::B3::testIToF32Mem):
2231         (JSC::B3::testIToDReducedToIToF64Arg):
2232         (JSC::B3::testIToDReducedToIToF32Arg):
2233         (JSC::B3::testStoreRelAddLoadAcq32):
2234         (JSC::B3::testStoreRelAddLoadAcq8):
2235         (JSC::B3::testStoreRelAddFenceLoadAcq8):
2236         (JSC::B3::testStoreRelAddLoadAcq16):
2237         (JSC::B3::testStoreRelAddLoadAcq64):
2238         (JSC::B3::testBranch):
2239         (JSC::B3::testBranchPtr):
2240         (JSC::B3::testDiamond):
2241         (JSC::B3::testBranchNotEqual):
2242         (JSC::B3::testBranchNotEqualCommute):
2243         (JSC::B3::testBranchNotEqualNotEqual):
2244         (JSC::B3::testBranchEqual):
2245         (JSC::B3::testBranchEqualEqual):
2246         (JSC::B3::testBranchEqualCommute):
2247         (JSC::B3::testBranchEqualEqual1):
2248         (JSC::B3::testBranchLoadPtr):
2249         (JSC::B3::testBranchLoad32):
2250         (JSC::B3::testBranchLoad8S):
2251         (JSC::B3::testBranchLoad8Z):
2252         (JSC::B3::testBranchLoad16S):
2253         (JSC::B3::testBranchLoad16Z):
2254         (JSC::B3::testBranch8WithLoad8ZIndex):
2255         (JSC::B3::testComplex):
2256         (JSC::B3::testSimpleCheck):
2257         (JSC::B3::testCheckFalse):
2258         (JSC::B3::testCheckTrue):
2259         (JSC::B3::testCheckLessThan):
2260         (JSC::B3::testCheckMegaCombo):
2261         (JSC::B3::testCheckTrickyMegaCombo):
2262         (JSC::B3::testCheckTwoMegaCombos):
2263         (JSC::B3::testCheckTwoNonRedundantMegaCombos):
2264         (JSC::B3::testCheckAddImm):
2265         (JSC::B3::testCheckAddImmCommute):
2266         (JSC::B3::testCheckAddImmSomeRegister):
2267         (JSC::B3::testCheckAdd):
2268         (JSC::B3::testCheckAdd64):
2269         (JSC::B3::testCheckAddFold):
2270         (JSC::B3::testCheckAddFoldFail):
2271         (JSC::B3::testCheckAddSelfOverflow64):
2272         (JSC::B3::testCheckAddSelfOverflow32):
2273         (JSC::B3::testCheckSubImm):
2274         (JSC::B3::testCheckSubBadImm):
2275         (JSC::B3::testCheckSub):
2276         (JSC::B3::testCheckSub64):
2277         (JSC::B3::testCheckSubFold):
2278         (JSC::B3::testCheckSubFoldFail):
2279         (JSC::B3::testCheckNeg):
2280         (JSC::B3::testCheckNeg64):
2281         (JSC::B3::testCheckMul):
2282         (JSC::B3::testCheckMulMemory):
2283         (JSC::B3::testCheckMul2):
2284         (JSC::B3::testCheckMul64):
2285         (JSC::B3::testCheckMulFold):
2286         (JSC::B3::testCheckMulFoldFail):
2287         (JSC::B3::testCheckMul64SShr):
2288         (JSC::B3::testSwitch):
2289         (JSC::B3::testSwitchChillDiv):
2290         (JSC::B3::testSwitchTargettingSameBlock):
2291         (JSC::B3::testSwitchTargettingSameBlockFoldPathConstant):
2292         (JSC::B3::testBasicSelect):
2293         (JSC::B3::testSelectTest):
2294         (JSC::B3::testSelectCompareDouble):
2295         (JSC::B3::testSelectDouble):
2296         (JSC::B3::testSelectDoubleTest):
2297         (JSC::B3::testSelectDoubleCompareDouble):
2298         (JSC::B3::testSelectFloatCompareFloat):
2299         (JSC::B3::testSelectFold):
2300         (JSC::B3::testSelectInvert):
2301         (JSC::B3::testCheckSelect):
2302         (JSC::B3::testCheckSelectCheckSelect):
2303         (JSC::B3::testCheckSelectAndCSE):
2304         (JSC::B3::testTrivialInfiniteLoop):
2305         (JSC::B3::testFoldPathEqual):
2306         (JSC::B3::testLShiftSelf32):
2307         (JSC::B3::testRShiftSelf32):
2308         (JSC::B3::testURShiftSelf32):
2309         (JSC::B3::testLShiftSelf64):
2310         (JSC::B3::testRShiftSelf64):
2311         (JSC::B3::testURShiftSelf64):
2312         (JSC::B3::testPatchpointDoubleRegs):
2313         (JSC::B3::testSpillDefSmallerThanUse):
2314         (JSC::B3::testSpillUseLargerThanDef):
2315         (JSC::B3::testLateRegister):
2316         (JSC::B3::testInterpreter):
2317         (JSC::B3::testEntrySwitchSimple):
2318         (JSC::B3::testEntrySwitchNoEntrySwitch):
2319         (JSC::B3::testEntrySwitchWithCommonPaths):
2320         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
2321         (JSC::B3::testEntrySwitchLoop):
2322         (JSC::B3::testSomeEarlyRegister):
2323         (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled):
2324         (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled2):
2325         (JSC::B3::testPatchpointTerminalReturnValue):
2326         (JSC::B3::testMemoryFence):
2327         (JSC::B3::testStoreFence):
2328         (JSC::B3::testLoadFence):
2329         (JSC::B3::testPCOriginMapDoesntInsertNops):
2330         (JSC::B3::testPinRegisters):
2331         (JSC::B3::testX86LeaAddAddShlLeft):
2332         (JSC::B3::testX86LeaAddAddShlRight):
2333         (JSC::B3::testX86LeaAddAdd):
2334         (JSC::B3::testX86LeaAddShlRight):
2335         (JSC::B3::testX86LeaAddShlLeftScale1):
2336         (JSC::B3::testX86LeaAddShlLeftScale2):
2337         (JSC::B3::testX86LeaAddShlLeftScale4):
2338         (JSC::B3::testX86LeaAddShlLeftScale8):
2339         (JSC::B3::testAddShl32):
2340         (JSC::B3::testAddShl64):
2341         (JSC::B3::testAddShl65):
2342         (JSC::B3::testLoadBaseIndexShift2):
2343         (JSC::B3::testLoadBaseIndexShift32):
2344         (JSC::B3::testOptimizeMaterialization):
2345         (JSC::B3::testAtomicWeakCAS):
2346         (JSC::B3::testAtomicStrongCAS):
2347         (JSC::B3::testAtomicXchg):
2348         (JSC::B3::testDepend32):
2349         (JSC::B3::testDepend64):
2350         (JSC::B3::testWasmBoundsCheck):
2351         (JSC::B3::testWasmAddress):
2352         (JSC::B3::run):
2353         (JSC::B3::compile): Deleted.
2354         * bytecode/PolymorphicAccess.cpp:
2355         (JSC::PolymorphicAccess::regenerate):
2356         * dfg/DFGJITCompiler.cpp:
2357         (JSC::DFG::JITCompiler::compile):
2358         (JSC::DFG::JITCompiler::compileFunction):
2359         * dfg/DFGLazyJSValue.cpp:
2360         (JSC::DFG::LazyJSValue::emit):
2361         * dfg/DFGOSRExitCompiler.cpp:
2362         * dfg/DFGSpeculativeJIT32_64.cpp:
2363         (JSC::DFG::SpeculativeJIT::emitCall):
2364         * dfg/DFGSpeculativeJIT64.cpp:
2365         (JSC::DFG::SpeculativeJIT::emitCall):
2366         * dfg/DFGThunks.cpp:
2367         (JSC::DFG::osrExitGenerationThunkGenerator):
2368         (JSC::DFG::osrEntryThunkGenerator):
2369         * ftl/FTLCompile.cpp:
2370         (JSC::FTL::compile):
2371         * ftl/FTLLazySlowPath.cpp:
2372         (JSC::FTL::LazySlowPath::generate):
2373         * ftl/FTLLink.cpp:
2374         (JSC::FTL::link):
2375         * ftl/FTLLowerDFGToB3.cpp:
2376         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
2377         (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
2378         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
2379         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
2380         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
2381         * ftl/FTLOSRExitCompiler.cpp:
2382         (JSC::FTL::compileStub):
2383         * ftl/FTLOSRExitHandle.cpp:
2384         (JSC::FTL::OSRExitHandle::emitExitThunk):
2385         * ftl/FTLSlowPathCall.cpp:
2386         (JSC::FTL::SlowPathCallContext::makeCall):
2387         * ftl/FTLSlowPathCall.h:
2388         (JSC::FTL::callOperation):
2389         * ftl/FTLState.h:
2390         * ftl/FTLThunks.cpp:
2391         (JSC::FTL::genericGenerationThunkGenerator):
2392         (JSC::FTL::slowPathCallThunkGenerator):
2393         * ftl/FTLThunks.h:
2394         (JSC::FTL::generateIfNecessary):
2395         (JSC::FTL::Thunks::getSlowPathCallThunk):
2396         * jit/AssemblyHelpers.cpp:
2397         (JSC::AssemblyHelpers::emitDumbVirtualCall):
2398         * jit/AssemblyHelpers.h:
2399         * jit/ExecutableAllocator.cpp:
2400         (JSC::ExecutableAllocator::initializeAllocator):
2401         (JSC::ExecutableAllocator::singleton):
2402         (JSC::ExecutableAllocator::ExecutableAllocator):
2403         (JSC::ExecutableAllocator::allocate):
2404         * jit/ExecutableAllocator.h:
2405         * jit/JIT.cpp:
2406         (JSC::JIT::compileWithoutLinking):
2407         * jit/JITCall.cpp:
2408         (JSC::JIT::compileCallEvalSlowCase):
2409         * jit/JITMathIC.h:
2410         (JSC::JITMathIC::generateOutOfLine):
2411         * jit/JITOpcodes.cpp:
2412         (JSC::JIT::privateCompileHasIndexedProperty):
2413         * jit/JITOpcodes32_64.cpp:
2414         (JSC::JIT::privateCompileHasIndexedProperty):
2415         * jit/JITOperations.cpp:
2416         * jit/JITOperations.h:
2417         * jit/JITPropertyAccess.cpp:
2418         (JSC::JIT::stringGetByValStubGenerator):
2419         (JSC::JIT::privateCompileGetByVal):
2420         (JSC::JIT::privateCompileGetByValWithCachedId):
2421         (JSC::JIT::privateCompilePutByVal):
2422         (JSC::JIT::privateCompilePutByValWithCachedId):
2423         * jit/JITPropertyAccess32_64.cpp:
2424         (JSC::JIT::stringGetByValStubGenerator):
2425         * jit/JITStubRoutine.h:
2426         * jit/Repatch.cpp:
2427         (JSC::ftlThunkAwareRepatchCall):
2428         (JSC::linkPolymorphicCall):
2429         * jit/SpecializedThunkJIT.h:
2430         (JSC::SpecializedThunkJIT::finalize):
2431         * jit/ThunkGenerators.cpp:
2432         (JSC::throwExceptionFromCallSlowPathGenerator):
2433         (JSC::linkCallThunkGenerator):
2434         (JSC::linkPolymorphicCallThunkGenerator):
2435         (JSC::virtualThunkFor):
2436         (JSC::nativeForGenerator):
2437         (JSC::arityFixupGenerator):
2438         (JSC::unreachableGenerator):
2439         (JSC::boundThisNoArgsFunctionCallGenerator):
2440         (JSC::throwExceptionFromWasmThunkGenerator):
2441         * llint/LLIntThunks.cpp:
2442         (JSC::LLInt::generateThunkWithJumpTo):
2443         * runtime/SamplingProfiler.cpp:
2444         (JSC::SamplingProfiler::takeSample):
2445         * runtime/VM.cpp:
2446         (JSC::VM::VM):
2447         * runtime/VM.h:
2448         * runtime/VMTraps.cpp:
2449         (JSC::VMTraps::tryInstallTrapBreakpoints):
2450         * tools/VMInspector.cpp:
2451         * wasm/WasmBinding.cpp:
2452         (JSC::Wasm::wasmToJs):
2453         (JSC::Wasm::wasmToWasm):
2454         (JSC::Wasm::exitStubGenerator):
2455         * wasm/WasmPlan.cpp:
2456         (JSC::Wasm::Plan::complete):
2457         * yarr/YarrJIT.cpp:
2458         (JSC::Yarr::YarrGenerator::compile):
2459         (JSC::Yarr::jitCompile):
2460
2461 2017-03-29  Keith Miller  <keith_miller@apple.com>
2462
2463         WebAssembly: Worklist should periodically check in to see if there are higher priority jobs to do.
2464         https://bugs.webkit.org/show_bug.cgi?id=170204
2465
2466         Reviewed by Saam Barati.
2467
2468         This patch makes it so that Wasm::Plan's compileFunctions method can return periodically
2469         to its caller. The main use for this is if a user asynchronously compiles a wasm module
2470         then later synchronously compiles another module. In this case we want to be able to pause
2471         compilation of other worklists.
2472
2473         This patch also adds support for size_t Options.
2474
2475         * runtime/Options.cpp:
2476         (JSC::parse):
2477         (JSC::Option::dump):
2478         (JSC::Option::operator==):
2479         * runtime/Options.h:
2480         * wasm/WasmPlan.cpp:
2481         (JSC::Wasm::Plan::moveToState):
2482         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
2483         (JSC::Wasm::Plan::compileFunctions):
2484         * wasm/WasmPlan.h:
2485         * wasm/WasmWorklist.cpp:
2486
2487 2017-03-29  Mark Lam  <mark.lam@apple.com>
2488
2489         Remove obsolete references to HeapTimer in JavaScriptCore.order.
2490         https://bugs.webkit.org/show_bug.cgi?id=170252
2491
2492         Reviewed by Saam Barati.
2493
2494         The HeapTimer was renamed to JSRunLoopTimer back in r214504.  These HeapTimer
2495         entries are now no longer meaningful.
2496
2497         * JavaScriptCore.order:
2498
2499 2017-03-29  JF Bastien  <jfbastien@apple.com>
2500
2501         WebAssembly: add shell-only Memory mode helper
2502         https://bugs.webkit.org/show_bug.cgi?id=170227
2503
2504         Reviewed by Mark Lam.
2505
2506         * jsc.cpp:
2507         (GlobalObject::finishCreation):
2508         (functionWebAssemblyMemoryMode):
2509         * wasm/WasmMemory.h:
2510         * wasm/js/JSWebAssemblyInstance.h:
2511         * wasm/js/JSWebAssemblyMemory.h:
2512
2513 2017-03-29  Keith Miller  <keith_miller@apple.com>
2514
2515         WebAssembly: pack OpcodeOrigin to fit in a pointer
2516         https://bugs.webkit.org/show_bug.cgi?id=170244
2517
2518         Reviewed by Michael Saboff.
2519
2520         This patch makes it so we don't have to have allocate the OpcodeOrigin and can just
2521         pack all the data into the pointer B3::Origin already has.
2522
2523         * wasm/WasmB3IRGenerator.cpp:
2524         (JSC::Wasm::parseAndCompile):
2525         * wasm/WasmOpcodeOrigin.cpp:
2526         (JSC::Wasm::OpcodeOrigin::dump):
2527         * wasm/WasmOpcodeOrigin.h:
2528         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
2529         (JSC::Wasm::OpcodeOrigin::opcode):
2530         (JSC::Wasm::OpcodeOrigin::location):
2531
2532 2017-03-29  JF Bastien  <jfbastien@apple.com>
2533
2534         WebAssembly: NFC s/goto/lambda/g
2535         https://bugs.webkit.org/show_bug.cgi?id=170242
2536
2537         Reviewed by Mark Lam.
2538
2539         Lambdas are more in-style than the goto I just used.
2540
2541         * wasm/WasmMemory.cpp:
2542         (JSC::Wasm::tryGetFastMemory):
2543
2544 2017-03-28  Saam Barati  <sbarati@apple.com>
2545
2546         AssemblyHelpers should not have a VM field
2547         https://bugs.webkit.org/show_bug.cgi?id=170207
2548
2549         Reviewed by Yusuke Suzuki.
2550
2551         APIs that need VM should take one as a parameter. When doing position
2552         independent code for Wasm, we can't tie code generation to a VM.
2553
2554         * b3/B3Compile.cpp:
2555         (JSC::B3::compile):
2556         * b3/air/testair.cpp:
2557         * b3/testb3.cpp:
2558         (JSC::B3::testEntrySwitchSimple):
2559         (JSC::B3::testEntrySwitchNoEntrySwitch):
2560         (JSC::B3::testEntrySwitchWithCommonPaths):
2561         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
2562         (JSC::B3::testEntrySwitchLoop):
2563         * bytecode/AccessCase.cpp:
2564         (JSC::AccessCase::generateWithGuard):
2565         (JSC::AccessCase::generateImpl):
2566         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
2567         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
2568         * bytecode/InlineAccess.cpp:
2569         (JSC::InlineAccess::dumpCacheSizesAndCrash):
2570         (JSC::InlineAccess::generateSelfPropertyAccess):
2571         (JSC::InlineAccess::generateSelfPropertyReplace):
2572         (JSC::InlineAccess::generateArrayLength):
2573         (JSC::InlineAccess::rewireStubAsJump):
2574         * bytecode/InlineAccess.h:
2575         * bytecode/PolymorphicAccess.cpp:
2576         (JSC::AccessGenerationState::emitExplicitExceptionHandler):
2577         (JSC::PolymorphicAccess::regenerate):
2578         * bytecode/PolymorphicAccess.h:
2579         (JSC::AccessGenerationState::AccessGenerationState):
2580         * dfg/DFGJITCompiler.cpp:
2581         (JSC::DFG::JITCompiler::JITCompiler):
2582         (JSC::DFG::JITCompiler::compileExceptionHandlers):
2583         (JSC::DFG::JITCompiler::link):
2584         (JSC::DFG::JITCompiler::compile):
2585         (JSC::DFG::JITCompiler::compileFunction):
2586         (JSC::DFG::JITCompiler::exceptionCheck):
2587         * dfg/DFGJITCompiler.h:
2588         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
2589         (JSC::DFG::JITCompiler::fastExceptionCheck):
2590         (JSC::DFG::JITCompiler::vm):
2591         * dfg/DFGOSRExitCompiler.cpp:
2592         * dfg/DFGOSRExitCompiler.h:
2593         * dfg/DFGOSRExitCompiler32_64.cpp:
2594         (JSC::DFG::OSRExitCompiler::compileExit):
2595         * dfg/DFGOSRExitCompiler64.cpp:
2596         (JSC::DFG::OSRExitCompiler::compileExit):
2597         * dfg/DFGOSRExitCompilerCommon.cpp:
2598         (JSC::DFG::adjustAndJumpToTarget):
2599         * dfg/DFGOSRExitCompilerCommon.h:
2600         * dfg/DFGSpeculativeJIT.cpp:
2601         (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
2602         (JSC::DFG::SpeculativeJIT::checkArray):
2603         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2604         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
2605         (JSC::DFG::SpeculativeJIT::compileMakeRope):
2606         (JSC::DFG::SpeculativeJIT::compileGetGlobalObject):
2607         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
2608         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
2609         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
2610         (JSC::DFG::SpeculativeJIT::compileSpread):
2611         (JSC::DFG::SpeculativeJIT::compileArraySlice):
2612         (JSC::DFG::SpeculativeJIT::compileNukeStructureAndSetButterfly):
2613         (JSC::DFG::SpeculativeJIT::compileNewStringObject):
2614         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
2615         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
2616         * dfg/DFGSpeculativeJIT.h:
2617         (JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
2618         (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
2619         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
2620         (JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
2621         * dfg/DFGSpeculativeJIT32_64.cpp:
2622         (JSC::DFG::SpeculativeJIT::emitCall):
2623         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2624         (JSC::DFG::SpeculativeJIT::emitBranch):
2625         (JSC::DFG::SpeculativeJIT::compile):
2626         * dfg/DFGSpeculativeJIT64.cpp:
2627         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
2628         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
2629         (JSC::DFG::SpeculativeJIT::emitCall):
2630         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2631         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2632         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2633         (JSC::DFG::SpeculativeJIT::emitBranch):
2634         (JSC::DFG::SpeculativeJIT::compile):
2635         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
2636         * dfg/DFGThunks.cpp:
2637         (JSC::DFG::osrEntryThunkGenerator):
2638         * ftl/FTLCompile.cpp:
2639         (JSC::FTL::compile):
2640         * ftl/FTLJITFinalizer.h:
2641         * ftl/FTLLazySlowPath.cpp:
2642         (JSC::FTL::LazySlowPath::generate):
2643         * ftl/FTLLazySlowPathCall.h:
2644         (JSC::FTL::createLazyCallGenerator):
2645         * ftl/FTLLink.cpp:
2646         (JSC::FTL::link):
2647         * ftl/FTLLowerDFGToB3.cpp:
2648         (JSC::FTL::DFG::LowerDFGToB3::lower):
2649         (JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
2650         (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
2651         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
2652         (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
2653         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
2654         (JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
2655         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
2656         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
2657         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
2658         (JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull):
2659         (JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
2660         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
2661         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
2662         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2663         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
2664         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
2665         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
2666         (JSC::FTL::DFG::LowerDFGToB3::buildTypeOf):
2667         * ftl/FTLOSRExitCompiler.cpp:
2668         (JSC::FTL::compileStub):
2669         * ftl/FTLSlowPathCall.h:
2670         (JSC::FTL::callOperation):
2671         * ftl/FTLState.h:
2672         (JSC::FTL::State::vm):
2673         * ftl/FTLThunks.cpp:
2674         (JSC::FTL::genericGenerationThunkGenerator):
2675         (JSC::FTL::slowPathCallThunkGenerator):
2676         * jit/AssemblyHelpers.cpp:
2677         (JSC::AssemblyHelpers::jitReleaseAssertNoException):
2678         (JSC::AssemblyHelpers::callExceptionFuzz):
2679         (JSC::AssemblyHelpers::emitJumpIfException):
2680         (JSC::AssemblyHelpers::emitExceptionCheck):
2681         (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
2682         (JSC::AssemblyHelpers::emitLoadStructure):
2683         (JSC::AssemblyHelpers::emitRandomThunk):
2684         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
2685         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
2686         (JSC::AssemblyHelpers::debugCall):
2687         * jit/AssemblyHelpers.h:
2688         (JSC::AssemblyHelpers::AssemblyHelpers):
2689         (JSC::AssemblyHelpers::codeBlock):
2690         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
2691         (JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer):
2692         (JSC::AssemblyHelpers::barrierBranch):
2693         (JSC::AssemblyHelpers::barrierStoreLoadFence):
2694         (JSC::AssemblyHelpers::mutatorFence):
2695         (JSC::AssemblyHelpers::storeButterfly):
2696         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
2697         (JSC::AssemblyHelpers::jumpIfMutatorFenceNotNeeded):
2698         (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
2699         (JSC::AssemblyHelpers::emitAllocateJSObject):
2700         (JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
2701         (JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
2702         (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
2703         (JSC::AssemblyHelpers::vm): Deleted.
2704         (JSC::AssemblyHelpers::debugCall): Deleted.
2705         * jit/CCallHelpers.cpp:
2706         (JSC::CCallHelpers::ensureShadowChickenPacket):
2707         * jit/CCallHelpers.h:
2708         (JSC::CCallHelpers::CCallHelpers):
2709         (JSC::CCallHelpers::jumpToExceptionHandler):
2710         * jit/JIT.cpp:
2711         (JSC::JIT::emitEnterOptimizationCheck):
2712         (JSC::JIT::privateCompileExceptionHandlers):
2713         * jit/JIT.h:
2714         (JSC::JIT::exceptionCheck):
2715         (JSC::JIT::exceptionCheckWithCallFrameRollback):
2716         * jit/JITMathIC.h:
2717         (JSC::JITMathIC::generateOutOfLine):
2718         * jit/JITOpcodes.cpp:
2719         (JSC::JIT::emit_op_instanceof):
2720         (JSC::JIT::emit_op_is_undefined):
2721         (JSC::JIT::emit_op_jfalse):
2722         (JSC::JIT::emit_op_jeq_null):
2723         (JSC::JIT::emit_op_jneq_null):
2724         (JSC::JIT::emit_op_jtrue):
2725         (JSC::JIT::emit_op_throw):
2726         (JSC::JIT::emit_op_catch):
2727         (JSC::JIT::emit_op_eq_null):
2728         (JSC::JIT::emit_op_neq_null):
2729         (JSC::JIT::emitSlow_op_loop_hint):
2730         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2731         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2732         * jit/JITOpcodes32_64.cpp:
2733         (JSC::JIT::privateCompileCTINativeCall):
2734         (JSC::JIT::emit_op_new_object):
2735         (JSC::JIT::emit_op_jfalse):
2736         (JSC::JIT::emit_op_jtrue):
2737         (JSC::JIT::emit_op_throw):
2738         (JSC::JIT::emit_op_catch):
2739         (JSC::JIT::emit_op_create_this):
2740         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2741         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2742         * jit/JITPropertyAccess.cpp:
2743         (JSC::JIT::emitWriteBarrier):
2744         * jit/JSInterfaceJIT.h:
2745         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2746         (JSC::JSInterfaceJIT::vm):
2747         * jit/Repatch.cpp:
2748         (JSC::tryCacheGetByID):
2749         (JSC::tryCachePutByID):
2750         (JSC::linkPolymorphicCall):
2751         (JSC::resetGetByID):
2752         (JSC::resetPutByID):
2753         * jit/SetupVarargsFrame.cpp:
2754         (JSC::emitSetupVarargsFrameFastCase):
2755         * jit/SetupVarargsFrame.h:
2756         * jit/SpecializedThunkJIT.h:
2757         (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
2758         * jit/ThunkGenerators.cpp:
2759         (JSC::throwExceptionFromCallSlowPathGenerator):
2760         (JSC::linkCallThunkGenerator):
2761         (JSC::linkPolymorphicCallThunkGenerator):
2762         (JSC::virtualThunkFor):
2763         (JSC::nativeForGenerator):
2764         (JSC::randomThunkGenerator):
2765         (JSC::boundThisNoArgsFunctionCallGenerator):
2766         (JSC::throwExceptionFromWasmThunkGenerator):
2767         * wasm/WasmB3IRGenerator.cpp:
2768         (JSC::Wasm::parseAndCompile):
2769         * wasm/WasmBinding.cpp:
2770         (JSC::Wasm::wasmToJs):
2771         (JSC::Wasm::wasmToWasm):
2772
2773 2017-03-28  Keith Miller  <keith_miller@apple.com>
2774
2775         WebAssembly: We should have Origins
2776         https://bugs.webkit.org/show_bug.cgi?id=170217
2777
2778         Reviewed by Mark Lam.
2779
2780         This patch adds wasm origins for B3::Values, called OpcodeOrigin. Currently,
2781         OpcodeOrigin just tracks the original opcode and the location of that opcode.
2782
2783         Here's a sample:
2784
2785         BB#0: ; frequency = 1.000000
2786             Int64 @4 = Patchpoint(generator = 0x10f487fa8, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister)
2787             Int64 @5 = FramePointer()
2788             Void @8 = Store(@4, @5, offset = 24, ControlDependent|Writes:Top)
2789             Int64 @10 = Const64(0)
2790             Void @12 = Store($0(@10), @5, offset = 16, ControlDependent|Writes:Top)
2791             Int64 @13 = Patchpoint(generator = 0x10f4be7f0, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister, ExitsSideways|ControlDependent|WritesPinned|ReadsPinned|Fence|Writes:Top|Reads:Top)
2792             Int64 @16 = ArgumentReg(%rdi)
2793             Int64 @18 = ArgumentReg(%rsi)
2794             Int32 @22 = Trunc(@18, Wasm: {opcode: I64Rotl, location: 5})
2795             Int64 @23 = RotL(@16, @22, Wasm: {opcode: I64Rotl, location: 5})
2796             Void @27 = Return(@23, Terminal, Wasm: {opcode: End, location: 6})
2797
2798         * JavaScriptCore.xcodeproj/project.pbxproj:
2799         * b3/B3Value.cpp:
2800         (JSC::B3::Value::deepDump):
2801         * wasm/WasmB3IRGenerator.cpp:
2802         (JSC::Wasm::B3IRGenerator::setParser):
2803         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
2804         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
2805         (JSC::Wasm::B3IRGenerator::emitLoadOp):
2806         (JSC::Wasm::B3IRGenerator::emitStoreOp):
2807         (JSC::Wasm::B3IRGenerator::addConstant):
2808         (JSC::Wasm::B3IRGenerator::addLoop):
2809         (JSC::Wasm::B3IRGenerator::unify):
2810         (JSC::Wasm::parseAndCompile):
2811         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
2812         (JSC::Wasm::getMemoryBaseAndSize): Deleted.
2813         * wasm/WasmFunctionParser.h:
2814         (JSC::Wasm::FunctionParser::currentOpcode):
2815         (JSC::Wasm::FunctionParser::currentOpcodeStartingOffset):
2816         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
2817         * wasm/WasmOpcodeOrigin.cpp: Added.
2818         (JSC::Wasm::OpcodeOrigin::dump):
2819         * wasm/WasmOpcodeOrigin.h: Added.
2820         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
2821         * wasm/WasmValidate.cpp:
2822         (JSC::Wasm::Validate::setParser):
2823         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
2824         (CodeGenerator.generate):
2825         (generateB3OpCode):
2826         (generateConstCode):
2827
2828 2017-03-28  JF Bastien  <jfbastien@apple.com>
2829
2830         WebAssembly: option to crash if no fast memory is available
2831         https://bugs.webkit.org/show_bug.cgi?id=170219
2832
2833         Reviewed by Mark Lam.
2834
2835         * runtime/Options.h:
2836         * wasm/WasmMemory.cpp:
2837         (JSC::Wasm::webAssemblyCouldntGetFastMemory):
2838         (JSC::Wasm::tryGetFastMemory):
2839
2840 2017-03-28  Mark Lam  <mark.lam@apple.com>
2841
2842         The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
2843         https://bugs.webkit.org/show_bug.cgi?id=170213
2844         <rdar://problem/30755345>
2845
2846         Reviewed by Filip Pizlo.
2847
2848         The current condition for stealing the conn isn't tight enough.  Restricting the
2849         stealing to when m_currentPhase == NotRunning ensures that the Collector is
2850         really done running.
2851
2852         No test because this issue only manifests with a race condition that is difficult
2853         to reproduce on demand.
2854
2855         * heap/Heap.cpp:
2856         (JSC::Heap::requestCollection):
2857
2858 2017-03-28  Keith Miller  <keith_miller@apple.com>
2859
2860         WebAssembly: Make WebAssembly.instantiate/compile truly asynchronous
2861         https://bugs.webkit.org/show_bug.cgi?id=169187
2862
2863         Reviewed by Saam Barati.
2864
2865         This patch allows WebAssembly compilations to happen asynchronously.
2866         To do so, it refactors how much of the compilation happens and adds
2867         new infrastructure for async promises.
2868
2869         First, there is a new class, PromiseDeferredTimer that lives on
2870         the VM.  PromiseDeferredTimer will manage the life-cycle of async
2871         pending promises and any dependencies that promise
2872         needs. PromiseDeferredTimer automagically releases the pending
2873         promise and dependencies once the JSPromiseDeferred is resolved or
2874         rejected. Additionally, PromiseDeferredTimer provides a mechanism
2875         to poll the run-loop whenever the async task needs to synchronize
2876         with the JS thread. Normally, that will be whenever the async task
2877         finishes. In the case of Web Assembly we also use this feature for
2878         the compile + instantiate case, where we might have more work
2879         after the first async task completes (more on that later).
2880
2881         The next class is Wasm::Worklist, which is used to manage Wasm
2882         compilation tasks. The worklist class works similarly to the
2883         DFG/FTL Worklists. It has a pool of threads that it manages. One
2884         interesting aspect of Wasm Worklist is that it can synchronously
2885         compile a plan that is already potentially running
2886         asynchronously. This can occur if a user calls
2887         WebAssembly.instantiate() then new WebAssembly.instantiate() on
2888         the same module. In that case the Wasm Worklist will bump the
2889         priority of the running pending Plan and block the JS thread.
2890
2891         This patch also makes some of the Wasm Plan code cleaner. Since we
2892         now defer all compilation to instantiation time, we no longer need
2893         to guess at which memory we are going to get. Also, Wasm Plans now
2894         track the work they have done with a state enum.
2895
2896         Finally, this patch makes renamed HeapTimer to JSRunLoopTimer. It
2897         also adds changes test262AsyncTest to a more generic testing
2898         infrastructure. Now, in addition to the old functionality, you can
2899         call asyncTest() with the number of tests you expect. When the jsc
2900         CLI exits, it will guarantee that asyncTestPassed() is called that
2901         many times.
2902
2903         * CMakeLists.txt:
2904         * JavaScriptCore.xcodeproj/project.pbxproj:
2905         * heap/GCActivityCallback.h:
2906         * heap/IncrementalSweeper.cpp:
2907         (JSC::IncrementalSweeper::scheduleTimer):
2908         (JSC::IncrementalSweeper::IncrementalSweeper):
2909         * heap/IncrementalSweeper.h:
2910         * heap/StopIfNecessaryTimer.cpp:
2911         (JSC::StopIfNecessaryTimer::StopIfNecessaryTimer):
2912         * heap/StopIfNecessaryTimer.h:
2913         * heap/StrongInlines.h:
2914         * jsc.cpp:
2915         (GlobalObject::finishCreation):
2916         (printInternal):
2917         (functionAsyncTestStart):
2918         (functionAsyncTestPassed):
2919         (functionTestWasmModuleFunctions):
2920         (CommandLine::parseArguments):
2921         (runJSC):
2922         * runtime/JSPromiseDeferred.cpp:
2923         (JSC::JSPromiseDeferred::resolve):
2924         (JSC::JSPromiseDeferred::reject):
2925         * runtime/JSPromiseDeferred.h:
2926         (JSC::JSPromiseDeferred::promiseAsyncPending):
2927         * runtime/JSRunLoopTimer.cpp: Renamed from Source/JavaScriptCore/heap/HeapTimer.cpp.
2928         (JSC::JSRunLoopTimer::JSRunLoopTimer):
2929         (JSC::JSRunLoopTimer::setRunLoop):
2930         (JSC::JSRunLoopTimer::~JSRunLoopTimer):
2931         (JSC::JSRunLoopTimer::timerDidFire):
2932         (JSC::JSRunLoopTimer::scheduleTimer):
2933         (JSC::JSRunLoopTimer::cancelTimer):
2934         (JSC::JSRunLoopTimer::invalidate):
2935         * runtime/JSRunLoopTimer.h: Copied from Source/JavaScriptCore/heap/HeapTimer.h.
2936         * runtime/Options.h:
2937         * runtime/PromiseDeferredTimer.cpp: Added.
2938         (JSC::PromiseDeferredTimer::PromiseDeferredTimer):
2939         (JSC::PromiseDeferredTimer::doWork):
2940         (JSC::PromiseDeferredTimer::runRunLoop):
2941         (JSC::PromiseDeferredTimer::addPendingPromise):
2942         (JSC::PromiseDeferredTimer::cancelPendingPromise):
2943         (JSC::PromiseDeferredTimer::scheduleWorkSoon):
2944         (JSC::PromiseDeferredTimer::scheduleBlockedTask):
2945         * runtime/PromiseDeferredTimer.h: Renamed from Source/JavaScriptCore/heap/HeapTimer.h.
2946         (JSC::PromiseDeferredTimer::stopRunningTasks):
2947         * runtime/VM.cpp:
2948         (JSC::VM::VM):
2949         (JSC::VM::~VM):
2950         * runtime/VM.h:
2951         * wasm/JSWebAssembly.cpp:
2952         (JSC::reject):
2953         (JSC::webAssemblyCompileFunc):
2954         (JSC::resolve):
2955         (JSC::instantiate):
2956         (JSC::compileAndInstantiate):
2957         (JSC::webAssemblyInstantiateFunc):
2958         (JSC::webAssemblyValidateFunc):
2959         * wasm/WasmB3IRGenerator.cpp:
2960         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2961         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
2962         (JSC::Wasm::B3IRGenerator::memoryKind):
2963         (JSC::Wasm::parseAndCompile):
2964         * wasm/WasmB3IRGenerator.h:
2965         * wasm/WasmFormat.h:
2966         (JSC::Wasm::ModuleInformation::internalFunctionCount):
2967         * wasm/WasmFunctionParser.h:
2968         * wasm/WasmMemory.h:
2969         * wasm/WasmMemoryInformation.cpp:
2970         (JSC::Wasm::MemoryInformation::MemoryInformation):
2971         * wasm/WasmMemoryInformation.h:
2972         (JSC::Wasm::MemoryInformation::maximum):
2973         (JSC::Wasm::MemoryInformation::hasReservedMemory): Deleted.
2974         (JSC::Wasm::MemoryInformation::takeReservedMemory): Deleted.
2975         (JSC::Wasm::MemoryInformation::mode): Deleted.
2976         * wasm/WasmModuleParser.cpp:
2977         * wasm/WasmModuleParser.h:
2978         (JSC::Wasm::ModuleParser::ModuleParser):
2979         * wasm/WasmPlan.cpp:
2980         (JSC::Wasm::Plan::Plan):
2981         (JSC::Wasm::Plan::stateString):
2982         (JSC::Wasm::Plan::moveToState):
2983         (JSC::Wasm::Plan::fail):
2984         (JSC::Wasm::Plan::parseAndValidateModule):
2985         (JSC::Wasm::Plan::prepare):
2986         (JSC::Wasm::Plan::ThreadCountHolder::ThreadCountHolder):
2987         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
2988         (JSC::Wasm::Plan::compileFunctions):
2989         (JSC::Wasm::Plan::complete):
2990         (JSC::Wasm::Plan::waitForCompletion):
2991         (JSC::Wasm::Plan::cancel):
2992         (JSC::Wasm::Plan::run): Deleted.
2993         (JSC::Wasm::Plan::initializeCallees): Deleted.
2994         * wasm/WasmPlan.h:
2995         (JSC::Wasm::Plan::dontFinalize):
2996         (JSC::Wasm::Plan::exports):
2997         (JSC::Wasm::Plan::internalFunctionCount):
2998         (JSC::Wasm::Plan::takeModuleInformation):
2999         (JSC::Wasm::Plan::takeCallLinkInfos):
3000         (JSC::Wasm::Plan::takeWasmExitStubs):
3001         (JSC::Wasm::Plan::setModeAndPromise):
3002         (JSC::Wasm::Plan::mode):
3003         (JSC::Wasm::Plan::pendingPromise):
3004         (JSC::Wasm::Plan::vm):
3005         (JSC::Wasm::Plan::errorMessage):
3006         (JSC::Wasm::Plan::failed):
3007         (JSC::Wasm::Plan::hasWork):
3008         (JSC::Wasm::Plan::hasBeenPrepared):
3009         * wasm/WasmPlanInlines.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
3010         (JSC::Wasm::Plan::initializeCallees):
3011         * wasm/WasmValidate.cpp:
3012         * wasm/WasmWorklist.cpp: Added.
3013         (JSC::Wasm::Worklist::priorityString):
3014         (JSC::Wasm::Worklist::QueueElement::setToNextPriority):
3015         (JSC::Wasm::Worklist::iterate):
3016         (JSC::Wasm::Worklist::enqueue):
3017         (JSC::Wasm::Worklist::completePlanSynchronously):
3018         (JSC::Wasm::Worklist::stopAllPlansForVM):
3019         (JSC::Wasm::Worklist::Worklist):
3020         (JSC::Wasm::Worklist::~Worklist):
3021         (JSC::Wasm::existingWorklistOrNull):
3022         (JSC::Wasm::ensureWorklist):
3023         * wasm/WasmWorklist.h: Added.
3024         (JSC::Wasm::Worklist::nextTicket):
3025         (JSC::Wasm::Worklist::Comparator::operator()):
3026         * wasm/js/JSWebAssemblyCallee.h:
3027         * wasm/js/JSWebAssemblyCodeBlock.cpp:
3028         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
3029         (JSC::JSWebAssemblyCodeBlock::initialize):
3030         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
3031         * wasm/js/JSWebAssemblyCodeBlock.h:
3032         (JSC::JSWebAssemblyCodeBlock::create):
3033         (JSC::JSWebAssemblyCodeBlock::initialized):
3034         (JSC::JSWebAssemblyCodeBlock::plan):
3035         (JSC::JSWebAssemblyCodeBlock::runnable):
3036         (JSC::JSWebAssemblyCodeBlock::errorMessage):
3037         (JSC::JSWebAssemblyCodeBlock::callees):
3038         * wasm/js/JSWebAssemblyHelpers.h:
3039         (JSC::createSourceBufferFromValue):
3040         * wasm/js/JSWebAssemblyInstance.cpp:
3041         (JSC::JSWebAssemblyInstance::finishCreation):
3042         (JSC::JSWebAssemblyInstance::visitChildren):
3043         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
3044         (JSC::JSWebAssemblyInstance::finalizeCreation):
3045         (JSC::JSWebAssemblyInstance::create):
3046         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
3047         * wasm/js/JSWebAssemblyInstance.h:
3048         (JSC::JSWebAssemblyInstance::codeBlock):
3049         (JSC::JSWebAssemblyInstance::initialized):
3050         (JSC::JSWebAssemblyInstance::module):
3051         (JSC::JSWebAssemblyInstance::importFunction):
3052         (JSC::JSWebAssemblyInstance::setMemory):
3053         (JSC::JSWebAssemblyInstance::table):
3054         (JSC::JSWebAssemblyInstance::importFunctions):
3055         (JSC::JSWebAssemblyInstance::setImportFunction): Deleted.
3056         (JSC::JSWebAssemblyInstance::setTable): Deleted.
3057         * wasm/js/JSWebAssemblyModule.cpp:
3058         (JSC::JSWebAssemblyModule::createStub):
3059         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
3060         (JSC::JSWebAssemblyModule::finishCreation):
3061         (JSC::JSWebAssemblyModule::setCodeBlock):
3062         (JSC::JSWebAssemblyModule::buildCodeBlock): Deleted.
3063         (JSC::JSWebAssemblyModule::create): Deleted.
3064         (JSC::JSWebAssemblyModule::codeBlock): Deleted.
3065         * wasm/js/JSWebAssemblyModule.h:
3066         (JSC::JSWebAssemblyModule::moduleInformation):
3067         (JSC::JSWebAssemblyModule::codeBlock):
3068         (JSC::JSWebAssemblyModule::source):
3069         (JSC::JSWebAssemblyModule::takeReservedMemory): Deleted.
3070         (JSC::JSWebAssemblyModule::codeBlockFor): Deleted.
3071         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3072         (JSC::constructJSWebAssemblyInstance):
3073         (JSC::WebAssemblyInstanceConstructor::createInstance): Deleted.
3074         * wasm/js/WebAssemblyModuleConstructor.cpp:
3075         (JSC::WebAssemblyModuleConstructor::createModule):
3076         * wasm/js/WebAssemblyModulePrototype.cpp:
3077         (JSC::webAssemblyModuleProtoImports):
3078         (JSC::webAssemblyModuleProtoExports):
3079         * wasm/js/WebAssemblyModuleRecord.cpp:
3080         (JSC::WebAssemblyModuleRecord::finishCreation):
3081         (JSC::WebAssemblyModuleRecord::link):
3082         (JSC::WebAssemblyModuleRecord::evaluate):
3083         * wasm/js/WebAssemblyModuleRecord.h:
3084
3085 2017-03-28  Yusuke Suzuki  <utatane.tea@gmail.com>
3086
3087         WebAssembly: add fallback to use pinned register to load/store state
3088         https://bugs.webkit.org/show_bug.cgi?id=169773
3089
3090         Reviewed by Saam Barati.
3091
3092         This patch adds a new pinned register to hold JSWebAssemblyInstance,
3093         which is used to represent the context of running Wasm code.
3094         While we use fast TLS to hold the context in macOS, we do not have
3095         any system reserved fast TLS slot in the other systems. This pinned
3096         register approach is used in these systems. These changes decouple
3097         VM from Wasm module to make Wasm module position independent code.
3098
3099         While using fast TLS could be beneficial in x64 systems which number of
3100         registers is relatively small, pinned register approach could be
3101         beneficial in ARM64 which has plenty of registers. In macOS, we can
3102         switch the implementation with the runtime flag. Thus macOS port can
3103         compare the performance and decide which implementation is used after
3104         landing this patch.
3105
3106         * heap/MarkedBlock.h:
3107         (JSC::MarkedBlock::offsetOfVM):
3108         * jit/AssemblyHelpers.cpp:
3109         (JSC::AssemblyHelpers::loadWasmContext):
3110         (JSC::AssemblyHelpers::storeWasmContext):
3111         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
3112         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
3113         * jit/AssemblyHelpers.h:
3114         (JSC::AssemblyHelpers::loadWasmContext): Deleted.
3115         (JSC::AssemblyHelpers::storeWasmContext): Deleted.
3116         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister): Deleted.
3117         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister): Deleted.
3118         * jit/Repatch.cpp:
3119         (JSC::webAssemblyOwner):
3120         (JSC::linkFor):
3121         (JSC::linkPolymorphicCall):
3122         (JSC::isWebAssemblyToJSCallee): Deleted.
3123         * jit/ThunkGenerators.cpp:
3124         (JSC::throwExceptionFromWasmThunkGenerator):
3125         * llint/LLIntData.cpp:
3126         (JSC::LLInt::Data::performAssertions):
3127         * llint/LowLevelInterpreter.asm:
3128         * runtime/JSCell.cpp:
3129         (JSC::JSCell::isAnyWasmCallee):
3130         * runtime/JSCellInlines.h:
3131         (JSC::isWebAssemblyToJSCallee):
3132         * runtime/JSType.h:
3133         * runtime/StackFrame.cpp:
3134         (JSC::StackFrame::functionName):
3135         * runtime/VM.cpp:
3136         (JSC::VM::VM):
3137         * runtime/VM.h:
3138         (JSC::VM::wasmContextOffset):
3139         * wasm/WasmB3IRGenerator.cpp:
3140         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
3141         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
3142         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
3143         (JSC::Wasm::getMemoryBaseAndSize):
3144         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
3145         (JSC::Wasm::createJSToWasmWrapper):
3146         (JSC::Wasm::loadWasmContext): Deleted.
3147         (JSC::Wasm::storeWasmContext): Deleted.
3148         (JSC::Wasm::restoreWebAssemblyGlobalState): Deleted.
3149         * wasm/WasmBinding.cpp:
3150         (JSC::Wasm::wasmToJs):
3151         * wasm/WasmContext.cpp:
3152         (JSC::loadWasmContext):
3153         (JSC::storeWasmContext):
3154         * wasm/WasmContext.h:
3155         * wasm/WasmMemoryInformation.cpp:
3156         (JSC::Wasm::getPinnedRegisters):
3157         (JSC::Wasm::PinnedRegisterInfo::get):
3158         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
3159         * wasm/WasmMemoryInformation.h:
3160         (JSC::Wasm::PinnedRegisterInfo::toSave):
3161         (JSC::Wasm::useFastTLS):
3162         (JSC::Wasm::useFastTLSForWasmContext):
3163         * wasm/js/JSWebAssemblyInstance.cpp:
3164         (JSC::JSWebAssemblyInstance::finishCreation):
3165         (JSC::JSWebAssemblyInstance::visitChildren):
3166         * wasm/js/JSWebAssemblyInstance.h:
3167         (JSC::JSWebAssemblyInstance::offsetOfCallee):
3168         * wasm/js/JSWebAssemblyModule.cpp:
3169         (JSC::JSWebAssemblyModule::finishCreation):
3170         (JSC::JSWebAssemblyModule::visitChildren):
3171         * wasm/js/JSWebAssemblyModule.h:
3172         (JSC::JSWebAssemblyModule::callee):
3173         * wasm/js/WebAssemblyFunction.cpp:
3174         (JSC::callWebAssemblyFunction):
3175         (JSC::WebAssemblyFunction::create):
3176         * wasm/js/WebAssemblyToJSCallee.cpp:
3177         (JSC::WebAssemblyToJSCallee::create):
3178         (JSC::WebAssemblyToJSCallee::createStructure):
3179         (JSC::WebAssemblyToJSCallee::finishCreation):
3180         (JSC::WebAssemblyToJSCallee::visitChildren):
3181         (JSC::WebAssemblyToJSCallee::destroy): Deleted.
3182         * wasm/js/WebAssemblyToJSCallee.h:
3183
3184 2017-03-28  Brian Burg  <bburg@apple.com>
3185
3186         Web Inspector: Add "Disable Caches" option that only applies to the inspected page while Web Inspector is open
3187         https://bugs.webkit.org/show_bug.cgi?id=169865
3188         <rdar://problem/31250573>
3189
3190         Reviewed by Joseph Pecoraro.
3191
3192         * inspector/protocol/Network.json:
3193         Rename the command for disabling resource caching to match the WebCore::Page
3194         flag. This also removes the possibility that this could be confused for the old,
3195         buggy command that this patch rips out.
3196
3197 2017-03-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3198
3199         [JSC] Move platformThreadSignal to WTF
3200         https://bugs.webkit.org/show_bug.cgi?id=170097
3201
3202         Reviewed by Mark Lam.
3203
3204         It is a small clean up towards https://bugs.webkit.org/show_bug.cgi?id=170027.
3205         platformThreadSignal uses PlatformThread in JSC, but it can be implemented in
3206         WTF ThreadIdentifier.
3207
3208         * runtime/JSLock.cpp:
3209         (JSC::JSLock::lock):
3210         * runtime/JSLock.h:
3211         (JSC::JSLock::ownerThread):
3212         (JSC::JSLock::currentThreadIsHoldingLock):
3213         * runtime/PlatformThread.h:
3214         (JSC::platformThreadSignal): Deleted.
3215         * runtime/VM.h:
3216         (JSC::VM::ownerThread):
3217         * runtime/VMTraps.cpp:
3218         (JSC::VMTraps::SignalSender::send):
3219
3220 2017-03-28  JF Bastien  <jfbastien@apple.com>
3221
3222         WebAssembly: implement Module imports/exports
3223         https://bugs.webkit.org/show_bug.cgi?id=166982
3224
3225         Reviewed by Saam Barati.
3226
3227         As defined in: https://github.com/WebAssembly/design/commit/18cbacb90cd3584dd5c9aa3d392e4e55f66af6ab
3228
3229         * wasm/WasmFormat.h:
3230         (JSC::Wasm::makeString): use uppercase instead, it was only used
3231         for diagnostic but is now used for the expected JS property's
3232         capitalization
3233         * wasm/js/WebAssemblyModulePrototype.cpp:
3234         (JSC::webAssemblyModuleProtoImports):
3235         (JSC::webAssemblyModuleProtoExports):
3236
3237 2017-03-27  JF Bastien  <jfbastien@apple.com>
3238
3239         WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
3240         https://bugs.webkit.org/show_bug.cgi?id=170160
3241
3242         Reviewed by Mark Lam.
3243
3244         * JavaScriptCore.xcodeproj/project.pbxproj:
3245         * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
3246
3247 2017-03-27  JF Bastien  <jfbastien@apple.com>
3248
3249         WebAssembly: misc memory testing
3250         https://bugs.webkit.org/show_bug.cgi?id=170137
3251
3252         Reviewed by Keith Miller.
3253
3254         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3255         (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
3256
3257 2017-03-27  Michael Saboff  <msaboff@apple.com>
3258
3259         Add ARM64 system instructions to disassembler
3260         https://bugs.webkit.org/show_bug.cgi?id=170084
3261
3262         Reviewed by Saam Barati.
3263
3264         This changes adds support for MRS and MSR instructions, and refactors the DMB
3265         disassembly to handle all of the barrier instructions.
3266
3267         * disassembler/ARM64/A64DOpcode.cpp:
3268         (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
3269         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
3270         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
3271         (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
3272         * disassembler/ARM64/A64DOpcode.h:
3273         (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
3274         (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
3275         (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
3276         (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
3277         (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
3278         (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
3279         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
3280         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
3281         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
3282         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
3283         (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
3284         (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
3285         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
3286
3287 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
3288
3289         B3::fixSSA should do liveness pruning
3290         https://bugs.webkit.org/show_bug.cgi?id=170111
3291
3292         Reviewed by Saam Barati.
3293         
3294         This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
3295         create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
3296         construction.
3297         
3298         This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
3299         times.
3300
3301         * CMakeLists.txt:
3302         * JavaScriptCore.xcodeproj/project.pbxproj:
3303         * b3/B3BasicBlock.h:
3304         (JSC::B3::BasicBlock::get):
3305         * b3/B3FixSSA.cpp:
3306         (JSC::B3::fixSSA):
3307         * b3/B3VariableLiveness.cpp: Added.
3308         (JSC::B3::VariableLiveness::VariableLiveness):
3309         (JSC::B3::VariableLiveness::~VariableLiveness):
3310         * b3/B3VariableLiveness.h: Added.
3311         (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
3312         (JSC::B3::VariableLivenessAdapter::numIndices):
3313         (JSC::B3::VariableLivenessAdapter::valueToIndex):
3314         (JSC::B3::VariableLivenessAdapter::indexToValue):
3315         (JSC::B3::VariableLivenessAdapter::blockSize):
3316         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
3317         (JSC::B3::VariableLivenessAdapter::forEachLateUse):
3318         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
3319         (JSC::B3::VariableLivenessAdapter::forEachLateDef):
3320         * b3/air/AirCFG.h: Added.
3321         (JSC::B3::Air::CFG::CFG):
3322         (JSC::B3::Air::CFG::root):
3323         (JSC::B3::Air::CFG::newMap):
3324         (JSC::B3::Air::CFG::successors):
3325         (JSC::B3::Air::CFG::predecessors):
3326         (JSC::B3::Air::CFG::index):
3327         (JSC::B3::Air::CFG::node):
3328         (JSC::B3::Air::CFG::numNodes):
3329         (JSC::B3::Air::CFG::dump):
3330         * b3/air/AirCode.cpp:
3331         (JSC::B3::Air::Code::Code):
3332         * b3/air/AirCode.h:
3333         (JSC::B3::Air::Code::cfg):
3334         * b3/air/AirLiveness.h:
3335         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
3336         (JSC::B3::Air::LivenessAdapter::blockSize):
3337         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
3338         (JSC::B3::Air::LivenessAdapter::forEachLateUse):
3339         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
3340         (JSC::B3::Air::LivenessAdapter::forEachLateDef):
3341         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
3342         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
3343         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
3344         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
3345         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
3346         (JSC::B3::Air::Liveness::Liveness):
3347         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
3348         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
3349         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
3350         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
3351         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
3352         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
3353         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
3354         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
3355         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
3356         (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
3357         (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
3358         (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
3359         (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
3360         (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
3361         (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
3362         (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
3363         (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
3364         (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
3365         (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
3366         (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
3367         (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
3368         (JSC::B3::Air::Liveness::Iterable::end): Deleted.
3369         (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
3370         (JSC::B3::Air::Liveness::liveAtHead): Deleted.
3371         (JSC::B3::Air::Liveness::liveAtTail): Deleted.
3372         (JSC::B3::Air::Liveness::workset): Deleted.
3373
3374 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
3375
3376         Air::Liveness shouldn't need HashSets
3377         https://bugs.webkit.org/show_bug.cgi?id=170102
3378
3379         Reviewed by Yusuke Suzuki.
3380         
3381         This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
3382         easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
3383         the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
3384         compile time progression on WasmBench.
3385         
3386         * b3/B3LowerToAir.cpp:
3387         (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
3388         * b3/air/AirLiveness.h:
3389         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
3390         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
3391         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
3392         (JSC::B3::Air::AbstractLiveness::liveAtHead):
3393         (JSC::B3::Air::AbstractLiveness::liveAtTail):
3394         * b3/air/AirTmp.h:
3395         (JSC::B3::Air::Tmp::bank):
3396         (JSC::B3::Air::Tmp::tmpIndex):
3397         * dfg/DFGStoreBarrierClusteringPhase.cpp:
3398
3399 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
3400
3401         Air should use RegisterSet for RegLiveness
3402         https://bugs.webkit.org/show_bug.cgi?id=170108
3403
3404         Reviewed by Yusuke Suzuki.
3405         
3406         The biggest change here is the introduction of the new RegLiveness class. This is a
3407         drop-in replacement for the old RegLiveness, which was a specialization of
3408         AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
3409         sets everywhere, which is efficient for registers since RegisterSet is just two (on
3410         x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
3411         compile time progression on WasmBench.
3412
3413         * CMakeLists.txt:
3414         * JavaScriptCore.xcodeproj/project.pbxproj:
3415         * b3/B3TimingScope.cpp: Records phase timing totals.
3416         (JSC::B3::TimingScope::TimingScope):
3417         (JSC::B3::TimingScope::~TimingScope):
3418         * b3/B3TimingScope.h:
3419         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3420         (JSC::B3::Air::allocateRegistersByGraphColoring):
3421         * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
3422         (JSC::B3::Air::Liveness::Liveness):
3423         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
3424         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
3425         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
3426         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
3427         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
3428         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
3429         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
3430         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
3431         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
3432         (JSC::B3::Air::Liveness::Iterable::Iterable):
3433         (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
3434         (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
3435         (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
3436         (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
3437         (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
3438         (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
3439         (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
3440         (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
3441         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
3442         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
3443         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
3444         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
3445         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
3446         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
3447         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
3448         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
3449         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
3450         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
3451         (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
3452         (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
3453         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
3454         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
3455         (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
3456         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
3457         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
3458         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
3459         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
3460         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
3461         (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
3462         (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
3463         (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
3464         (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
3465         (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
3466         (JSC::B3::Air::AbstractLiveness::workset): Deleted.
3467         * b3/air/AirLogRegisterPressure.cpp:
3468         * b3/air/AirLowerAfterRegAlloc.cpp:
3469         * b3/air/AirRegLiveness.cpp: Added.
3470         (JSC::B3::Air::RegLiveness::RegLiveness):
3471         (JSC::B3::Air::RegLiveness::~RegLiveness):
3472         (JSC::B3::Air::RegLiveness::LocalCalc::execute):
3473         * b3/air/AirRegLiveness.h: Added.
3474         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
3475         (JSC::B3::Air::RegLiveness::LocalCalc::live):
3476         (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
3477         (JSC::B3::Air::RegLiveness::liveAtHead):
3478         (JSC::B3::Air::RegLiveness::liveAtTail):
3479         * b3/air/AirReportUsedRegisters.cpp:
3480         * jit/RegisterSet.h:
3481         (JSC::RegisterSet::add):
3482         (JSC::RegisterSet::remove):
3483         (JSC::RegisterSet::contains):
3484         (JSC::RegisterSet::subsumes):
3485         (JSC::RegisterSet::iterator::iterator):
3486         (JSC::RegisterSet::iterator::operator*):
3487         (JSC::RegisterSet::iterator::operator++):
3488         (JSC::RegisterSet::iterator::operator==):
3489         (JSC::RegisterSet::iterator::operator!=):
3490         (JSC::RegisterSet::begin):
3491         (JSC::RegisterSet::end):
3492
3493 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
3494
3495         Fix wasm by returning after we do TLS.
3496
3497         Rubber stamped by Keith Miller.
3498
3499         * jit/AssemblyHelpers.h:
3500         (JSC::AssemblyHelpers::storeWasmContext):
3501
3502 2017-03-24  Mark Lam  <mark.lam@apple.com>
3503
3504         Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
3505         https://bugs.webkit.org/show_bug.cgi?id=170086
3506         <rdar://problem/31253673>
3507
3508         Reviewed by Saam Barati.
3509
3510         Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
3511         just before we RELEASE_ASSERT_NOT_REACHED.
3512
3513         * heap/Heap.cpp:
3514         (JSC::Heap::resumeThePeriphery):
3515
3516 2017-03-24  JF Bastien  <jfbastien@apple.com>
3517
3518         WebAssembly: store state in TLS instead of on VM
3519         https://bugs.webkit.org/show_bug.cgi?id=169611
3520
3521         Reviewed by Filip Pizlo.
3522
3523         Using thread-local storage instead of VM makes code more position
3524         independent. We used to store the WebAssembly top Instance (the
3525         latest one in the call stack) on VM, now we instead store it in
3526         TLS. This top Instance is used to access a bunch of state such as
3527         Memory location, size, table (for call_indirect), etc.
3528
3529         Instead of calling it "top", which is confusing, we now just call
3530         it WasmContext.
3531
3532         Making the code PIC means future patches will be able to
3533         postMessage and structured clone into IDB without having to
3534         recompile the code. This wasn't possible before because we
3535         hard-coded the address of VM at compilation time. That doesn't
3536         work between workers, and doesn't work across reloads (which IDB
3537         is intended to do).
3538
3539         It'll also potentially make code faster once we start tuning
3540         what's in TLS, what's in which of the 4 free slots, and what's in
3541         pinned registers. I'm leaving this tuning for later because
3542         there's lower lying fruit for us to pick.
3543
3544         * CMakeLists.txt:
3545         * JavaScriptCore.xcodeproj/project.pbxproj:
3546         * assembler/AbstractMacroAssembler.h:
3547         * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
3548         (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
3549         (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
3550         * assembler/MacroAssembler.h:
3551         (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
3552         the code required to store to TLS, only to load
3553         * assembler/MacroAssemblerARM64.h:
3554         (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
3555         (JSC::MacroAssemblerARM64::storeToTLS32):
3556         (JSC::MacroAssemblerARM64::storeToTLS64):
3557         (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
3558         * assembler/MacroAssemblerX86Common.h:
3559         (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
3560         (JSC::MacroAssemblerX86Common::storeToTLS32):
3561         (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
3562         * assembler/MacroAssemblerX86_64.h:
3563         (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
3564         (JSC::MacroAssemblerX86_64::storeToTLS64):
3565         * assembler/X86Assembler.h:
3566         (JSC::X86Assembler::movl_rm):
3567         (JSC::X86Assembler::movq_rm):
3568         * b3/testb3.cpp:
3569         (JSC::B3::testFastTLSLoad):
3570         (JSC::B3::testFastTLSStore):
3571         (JSC::B3::run):
3572         * jit/AssemblyHelpers.h:
3573         (JSC::AssemblyHelpers::loadWasmContext):
3574         (JSC::AssemblyHelpers::storeWasmContext):
3575         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
3576         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
3577         * jit/Repatch.cpp:
3578         (JSC::webAssemblyOwner):
3579         * jit/ThunkGenerators.cpp:
3580         (JSC::throwExceptionFromWasmThunkGenerator):
3581         * runtime/Options.h:
3582         * runtime/VM.cpp:
3583         (JSC::VM::VM):
3584         * runtime/VM.h:
3585         * wasm/WasmB3IRGenerator.cpp:
3586         (JSC::Wasm::loadWasmContext):
3587         (JSC::Wasm::storeWasmContext):
3588         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
3589         (JSC::Wasm::getMemoryBaseAndSize):
3590         (JSC::Wasm::restoreWebAssemblyGlobalState):
3591         (JSC::Wasm::createJSToWasmWrapper):
3592         (JSC::Wasm::parseAndCompile):
3593         * wasm/WasmBinding.cpp:
3594         (JSC::Wasm::materializeImportJSCell):
3595         (JSC::Wasm::wasmToJs):
3596         (JSC::Wasm::wasmToWasm):
3597         * wasm/WasmContext.cpp: Added.
3598         (JSC::loadWasmContext):
3599         (JSC::storeWasmContext):
3600         * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
3601         * wasm/js/WebAssemblyFunction.cpp:
3602         (JSC::callWebAssemblyFunction):
3603         * wasm/js/WebAssemblyInstanceConstructor.h:
3604
3605 2017-03-24  JF Bastien  <jfbastien@apple.com>
3606
3607         WebAssembly: spec-tests/memory.wast.js fails in debug
3608         https://bugs.webkit.org/show_bug.cgi?id=169794
3609
3610         Reviewed by Keith Miller.
3611
3612         The failure was due to empty memories (with maximum size 0). Those
3613         only occur in tests and in code that's trying to trip us. This
3614         patch adds memory mode "none" which represents no memory. It can
3615         work with either bounds checked or signaling code because it never
3616         contains loads and stores.
3617
3618         The spec tests which were failing did the following:
3619             > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
3620             > (assert_return (invoke "memsize") (i32.const 0))
3621             > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
3622             > (assert_return (invoke "memsize") (i32.const 0))
3623             > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
3624             > (assert_return (invoke "memsize") (i32.const 1))
3625
3626         * wasm/WasmB3IRGenerator.cpp:
3627         (JSC::Wasm::B3IRGenerator::memoryKind):
3628         * wasm/WasmMemory.cpp:
3629         (JSC::Wasm::tryGetFastMemory):
3630         (JSC::Wasm::releaseFastMemory):
3631         (JSC::Wasm::Memory::Memory):
3632         (JSC::Wasm::Memory::createImpl):
3633         (JSC::Wasm::Memory::create):
3634         (JSC::Wasm::Memory::grow):
3635         (JSC::Wasm::Memory::makeString):
3636         * wasm/WasmMemory.h:
3637         * wasm/WasmMemoryInformation.cpp:
3638         (JSC::Wasm::MemoryInformation::MemoryInformation):
3639         * wasm/js/JSWebAssemblyCodeBlock.cpp:
3640         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
3641         * wasm/js/JSWebAssemblyModule.cpp:
3642         (JSC::JSWebAssemblyModule::codeBlock):
3643         (JSC::JSWebAssemblyModule::finishCreation):
3644         * wasm/js/JSWebAssemblyModule.h:
3645         (JSC::JSWebAssemblyModule::codeBlock):
3646         (JSC::JSWebAssemblyModule::codeBlockFor):
3647
3648 2017-03-24  Mark Lam  <mark.lam@apple.com>
3649
3650         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
3651         https://bugs.webkit.org/show_bug.cgi?id=170064
3652         <rdar://problem/31246098>
3653
3654         Reviewed by Geoffrey Garen.
3655
3656         * runtime/ArrayPrototype.cpp:
3657         (JSC::arrayProtoPrivateFuncConcatMemcpy):
3658         * runtime/JSArray.cpp:
3659         (JSC::JSArray::fastSlice):
3660
3661 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3662
3663         [JSC] Use jsNontrivialString agressively for ToString(Int52)
3664         https://bugs.webkit.org/show_bug.cgi?id=170002
3665
3666         Reviewed by Sam Weinig.
3667
3668         We use the same logic used for Int32 to use jsNontvirialString.
3669         After single character check, produced string is always longer than 1.
3670         Thus, we can use jsNontrivialString.
3671
3672         * runtime/NumberPrototype.cpp:
3673         (JSC::int52ToString):
3674
3675 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3676
3677         [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
3678         https://bugs.webkit.org/show_bug.cgi?id=170045
3679
3680         Reviewed by Mark Lam.
3681
3682         It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
3683         interval fluctuation. Use WeakRandom instead.
3684
3685         * runtime/SamplingProfiler.cpp:
3686         (JSC::SamplingProfiler::SamplingProfiler):
3687         (JSC::SamplingProfiler::timerLoop):
3688         * runtime/SamplingProfiler.h:
3689
3690 2017-03-23  Mark Lam  <mark.lam@apple.com>
3691
3692         Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
3693         https://bugs.webkit.org/show_bug.cgi?id=170025
3694         <rdar://problem/31228679>
3695
3696         Reviewed by Saam Barati.
3697
3698         * runtime/ArrayPrototype.cpp:
3699         (JSC::copySplicedArrayElements):
3700         (JSC::arrayProtoFuncSplice):
3701
3702 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3703
3704         [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
3705         https://bugs.webkit.org/show_bug.cgi?id=169998
3706
3707         Reviewed by Saam Barati.
3708
3709         Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
3710         We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
3711         We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
3712
3713         This patch tighten the conditions of addShouldSpeculateAnyInt.
3714
3715         1. Honor DoubleConstant.
3716
3717         When executing imaging-darkroom, we have a thing like that,
3718
3719             132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
3720             1320:< 1:loc38>        Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
3721             1321:< 1:loc39>        Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
3722             133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
3723
3724         The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
3725         of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
3726         While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
3727         severe performance regression.
3728
3729         Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
3730
3731         One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
3732         We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
3733         the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
3734         it in Int52.
3735
3736         So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
3737         Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
3738
3739         2. Two Int52Rep(Double) conversions are not desirable.
3740
3741         We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
3742         decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
3743         rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
3744         cheap since only one Double to Int52 conversion could be required.
3745         This recovers some regression in assorted tests while keeping kraken crypto improvements.
3746
3747         3. Avoid frequent Int52 to JSValue conversions.
3748
3749         Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
3750         Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
3751         converting Int52, performing ArithAdd, and soon converting back to JSValue.
3752
3753         The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
3754         And still it keeps kraken crypto improvements.
3755
3756                                                    baseline                  patched
3757
3758         imaging-darkroom                       201.112+-3.192      ^     189.532+-2.883         ^ definitely 1.0611x faster
3759         stanford-crypto-pbkdf2                 103.953+-2.325            100.926+-2.396           might be 1.0300x faster
3760         stanford-crypto-sha256-iterative        35.103+-1.071      ?      36.049+-1.143         ? might be 1.0270x slower
3761
3762         * dfg/DFGGraph.h:
3763         (JSC::DFG::Graph::addShouldSpeculateAnyInt):
3764
3765 == Rolled over to ChangeLog-2017-03-23 ==