Record the HashSet/HashMap operations in DFG/FTL/B3 and replay them in a benchmark
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-14  Filip Pizlo  <fpizlo@apple.com>
2
3         Record the HashSet/HashMap operations in DFG/FTL/B3 and replay them in a benchmark
4         https://bugs.webkit.org/show_bug.cgi?id=169590
5
6         Reviewed by Saam Barati.
7         
8         Adds code to support logging some hashtable stuff in the DFG.
9
10         * dfg/DFGAvailabilityMap.cpp:
11         (JSC::DFG::AvailabilityMap::pruneHeap):
12         * dfg/DFGCombinedLiveness.cpp:
13         (JSC::DFG::liveNodesAtHead):
14         (JSC::DFG::CombinedLiveness::CombinedLiveness):
15         * dfg/DFGCombinedLiveness.h:
16         * dfg/DFGLivenessAnalysisPhase.cpp:
17         (JSC::DFG::LivenessAnalysisPhase::run):
18         (JSC::DFG::LivenessAnalysisPhase::processBlock):
19         * dfg/DFGNode.cpp:
20         * dfg/DFGNode.h:
21         * dfg/DFGObjectAllocationSinkingPhase.cpp:
22
23 2017-03-14  Joseph Pecoraro  <pecoraro@apple.com>
24
25         Web Inspector: Remove unused Network protocol event
26         https://bugs.webkit.org/show_bug.cgi?id=169619
27
28         Reviewed by Mark Lam.
29
30         * inspector/protocol/Network.json:
31         This became unused in r213621 and should have been removed
32         from the protocol file then.
33
34 2017-03-14  Mark Lam  <mark.lam@apple.com>
35
36         Add a null check in VMTraps::willDestroyVM() to handle a race condition.
37         https://bugs.webkit.org/show_bug.cgi?id=169620
38
39         Reviewed by Filip Pizlo.
40
41         There exists a race between VMTraps::willDestroyVM() (which removed SignalSenders
42         from its m_signalSenders list) and SignalSender::send() (which removes itself
43         from the list).  In the event that SignalSender::send() removes itself between
44         the time that VMTraps::willDestroyVM() checks if m_signalSenders is empty and the
45         time it takes a sender from m_signalSenders, VMTraps::willDestroyVM() may end up
46         with a NULL sender pointer.  The fix is to add the missing null check before using
47         the sender pointer.
48
49         * runtime/VMTraps.cpp:
50         (JSC::VMTraps::willDestroyVM):
51         (JSC::VMTraps::fireTrap):
52         * runtime/VMTraps.h:
53
54 2017-03-14  Mark Lam  <mark.lam@apple.com>
55
56         Gardening: Speculative build fix for CLoop after r213886.
57         https://bugs.webkit.org/show_bug.cgi?id=169436
58
59         Not reviewed.
60
61         * runtime/MachineContext.h:
62
63 2017-03-14  Yusuke Suzuki  <utatane.tea@gmail.com>
64
65         [JSC] Drop unnecessary pthread_attr_t for JIT enabled Linux / FreeBSD environment
66         https://bugs.webkit.org/show_bug.cgi?id=169592
67
68         Reviewed by Carlos Garcia Campos.
69
70         Since suspended mcontext_t has all the necessary information, we can drop
71         pthread_attr_t allocation and destroy for JIT enabled Linux / FreeBSD environment.
72
73         * heap/MachineStackMarker.cpp:
74         (JSC::MachineThreads::Thread::getRegisters):
75         (JSC::MachineThreads::Thread::Registers::stackPointer):
76         (JSC::MachineThreads::Thread::Registers::framePointer):
77         (JSC::MachineThreads::Thread::Registers::instructionPointer):
78         (JSC::MachineThreads::Thread::Registers::llintPC):
79         (JSC::MachineThreads::Thread::freeRegisters):
80         * heap/MachineStackMarker.h:
81
82 2017-03-14  Zan Dobersek  <zdobersek@igalia.com>
83
84         [GLib] Use USE(GLIB) guards in JavaScriptCore/inspector/EventLoop.cpp
85         https://bugs.webkit.org/show_bug.cgi?id=169594
86
87         Reviewed by Carlos Garcia Campos.
88
89         Instead of PLATFORM(GTK) guards, utilize the USE(GLIB) build guards
90         to guard the GLib-specific includes and invocations in the JSC
91         inspector's EventLoop class implementation.
92
93         * inspector/EventLoop.cpp:
94         (Inspector::EventLoop::cycle):
95
96 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
97
98         [JSC][Linux] Implement VMTrap in Linux ports
99         https://bugs.webkit.org/show_bug.cgi?id=169436
100
101         Reviewed by Mark Lam.
102
103         This patch port VMTrap to Linux ports.
104         We extract MachineContext accessors from various places (wasm/, heap/ and tools/)
105         and use them in all the JSC code.
106
107         * JavaScriptCore.xcodeproj/project.pbxproj:
108         * heap/MachineStackMarker.cpp:
109         (JSC::MachineThreads::Thread::Registers::stackPointer):
110         (JSC::MachineThreads::Thread::Registers::framePointer):
111         (JSC::MachineThreads::Thread::Registers::instructionPointer):
112         (JSC::MachineThreads::Thread::Registers::llintPC):
113         * heap/MachineStackMarker.h:
114         * runtime/MachineContext.h: Added.
115         (JSC::MachineContext::stackPointer):
116         (JSC::MachineContext::framePointer):
117         (JSC::MachineContext::instructionPointer):
118         (JSC::MachineContext::argumentPointer<1>):
119         (JSC::MachineContext::argumentPointer):
120         (JSC::MachineContext::llintInstructionPointer):
121         * runtime/PlatformThread.h:
122         (JSC::platformThreadSignal):
123         * runtime/VMTraps.cpp:
124         (JSC::SignalContext::SignalContext):
125         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
126         * tools/CodeProfiling.cpp:
127         (JSC::profilingTimer):
128         * tools/SigillCrashAnalyzer.cpp:
129         (JSC::SignalContext::SignalContext):
130         (JSC::SignalContext::dump):
131         * tools/VMInspector.cpp:
132         * wasm/WasmFaultSignalHandler.cpp:
133         (JSC::Wasm::trapHandler):
134
135 2017-03-13  Mark Lam  <mark.lam@apple.com>
136
137         Make the HeapVerifier useful again.
138         https://bugs.webkit.org/show_bug.cgi?id=161752
139
140         Reviewed by Filip Pizlo.
141
142         Resurrect the HeapVerifier.  Here's what the verifier now offers:
143
144         1. It captures the list of cells before and after GCs up to N GC cycles.
145            N is set by JSC_numberOfGCCyclesToRecordForVerification.
146            Currently, N defaults to 3.
147
148            This is useful if we're debugging in lldb and want to check if a candidate
149            cell pointer was observed by the GC during the last N GC cycles.  We can do
150            this check buy calling HeapVerifier::checkIfRecorded() with the cell address.
151
152            HeapVerifier::checkIfRecorded() is robust and can be used on bogus addresses.
153            If the candidate cell was previously recorded by the HeapVerifier during a
154            GC cycle, checkIfRecorded() will dump any useful info it has on that cell.
155
156         2. The HeapVerifier will verify that cells in its captured list after a GC are
157            sane.  Some examples of cell insanity are:
158            - the cell claims to belong to a different VM.
159            - the cell has a NULL structureID.
160            - the cell has a NULL structure.
161            - the cell's structure has a NULL structureID.
162            - the cell's structure has a NULL structure.
163            - the cell's structure's structure has a NULL structureID.
164            - the cell's structure's structure has a NULL structure.
165
166            These are all signs of corruption or a GC bug.  The verifier will report any
167            insanity it finds, and then crash with a RELEASE_ASSERT.
168
169         3. Since the HeapVerifier captures list of cells in the heap before and after GCs
170            for the last N GCs, it will also automatically "trim" dead cells those list
171            after the most recent GC.
172
173            "trim" here means that the CellProfile in the HeapVerifier's lists will be
174            updated to reflect that the cell is now dead.  It still keeps a record of the
175            dead cell pointer and the meta data collected about it back when it was alive.
176            As a result, checkIfRecorded() will also report if the candidate cell passed
177            to it is a dead object from a previous GC cycle. 
178
179         4. Each CellProfile captured by the HeapVerifier now track the following info:
180            - the cell's HeapCell::Kind.
181            - the cell's liveness.
182            - if is JSCell, the cell's classInfo()->className.
183            - an associated timestamp.
184            - an associated stack trace.
185
186            Currently, the timestamp is only used for the time when the cell was recorded
187            by the HeapVerifier during GC.  The stack trace is currently unused.
188
189            However, these fields are kept there so that we can instrument the VM (during
190            a debugging session, which requires rebuilding the VM) and record interesting
191            stack traces like that of the time of allocation of the cell.  Since
192            capturing the stack traces for each cell is a very heavy weight operation,
193            the HeapVerifier code does not do this by default.  Instead, we just leave
194            the building blocks for doing so in place to ease future debugging efforts.
195
196         * heap/Heap.cpp:
197         (JSC::Heap::runBeginPhase):
198         (JSC::Heap::runEndPhase):
199         (JSC::Heap::didFinishCollection):
200         * heap/Heap.h:
201         (JSC::Heap::verifier):
202         * heap/MarkedAllocator.h:
203         (JSC::MarkedAllocator::takeLastActiveBlock): Deleted.
204         * heap/MarkedSpace.h:
205         * heap/MarkedSpaceInlines.h:
206         (JSC::MarkedSpace::forEachLiveCell):
207         * tools/CellList.cpp:
208         (JSC::CellList::find):
209         (JSC::CellList::reset):
210         (JSC::CellList::findCell): Deleted.
211         * tools/CellList.h:
212         (JSC::CellList::CellList):
213         (JSC::CellList::name):
214         (JSC::CellList::size):
215         (JSC::CellList::cells):
216         (JSC::CellList::add):
217         (JSC::CellList::reset): Deleted.
218         * tools/CellProfile.h:
219         (JSC::CellProfile::CellProfile):
220         (JSC::CellProfile::cell):
221         (JSC::CellProfile::jsCell):
222         (JSC::CellProfile::isJSCell):
223         (JSC::CellProfile::kind):
224         (JSC::CellProfile::isLive):
225         (JSC::CellProfile::isDead):
226         (JSC::CellProfile::setIsLive):
227         (JSC::CellProfile::setIsDead):
228         (JSC::CellProfile::timestamp):
229         (JSC::CellProfile::className):
230         (JSC::CellProfile::stackTrace):
231         (JSC::CellProfile::setStackTrace):
232         * tools/HeapVerifier.cpp:
233         (JSC::HeapVerifier::startGC):
234         (JSC::HeapVerifier::endGC):
235         (JSC::HeapVerifier::gatherLiveCells):
236         (JSC::trimDeadCellsFromList):
237         (JSC::HeapVerifier::trimDeadCells):
238         (JSC::HeapVerifier::printVerificationHeader):
239         (JSC::HeapVerifier::verifyCellList):
240         (JSC::HeapVerifier::validateCell):
241         (JSC::HeapVerifier::validateJSCell):
242         (JSC::HeapVerifier::verify):
243         (JSC::HeapVerifier::reportCell):
244         (JSC::HeapVerifier::checkIfRecorded):
245         (JSC::HeapVerifier::initializeGCCycle): Deleted.
246         (JSC::GatherCellFunctor::GatherCellFunctor): Deleted.
247         (JSC::GatherCellFunctor::visit): Deleted.
248         (JSC::GatherCellFunctor::operator()): Deleted.
249         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace): Deleted.
250         * tools/HeapVerifier.h:
251         (JSC::HeapVerifier::GCCycle::reset):
252
253 2017-03-13  SKumarMetro  <s.kumar@metrological.com>
254
255         JSC: fix compilation errors for MIPS
256         https://bugs.webkit.org/show_bug.cgi?id=168402
257
258         Reviewed by Mark Lam.
259
260         * assembler/MIPSAssembler.h:
261         (JSC::MIPSAssembler::fillNops):
262         Added.
263         * assembler/MacroAssemblerMIPS.h:
264         Added MacroAssemblerMIPS::numGPRs and MacroAssemblerMIPS::numFPRs .
265         * bytecode/InlineAccess.h:
266         (JSC::InlineAccess::sizeForPropertyAccess):
267         (JSC::InlineAccess::sizeForPropertyReplace):
268         (JSC::InlineAccess::sizeForLengthAccess):
269         Added MIPS cases.
270
271 2017-03-13  Filip Pizlo  <fpizlo@apple.com>
272
273         FTL should not flush strict arguments unless it really needs to
274         https://bugs.webkit.org/show_bug.cgi?id=169519
275
276         Reviewed by Mark Lam.
277         
278         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
279         in DFG SSA IR. It can sometimes unlock other optimizations.
280         
281         Relanding after I fixed the special cases for CreateArguments-style nodes. 
282
283         * dfg/DFGPreciseLocalClobberize.h:
284         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
285
286 2017-03-13  Devin Rousso  <webkit@devinrousso.com>
287
288         Web Inspector: Event Listeners section is missing 'once', 'passive' event listener flags
289         https://bugs.webkit.org/show_bug.cgi?id=167080
290
291         Reviewed by Joseph Pecoraro.
292
293         * inspector/protocol/DOM.json:
294         Add "passive" and "once" items to the EventListener type.
295
296 2017-03-13  Mark Lam  <mark.lam@apple.com>
297
298         Remove obsolete experimental ObjC SPI.
299         https://bugs.webkit.org/show_bug.cgi?id=169569
300
301         Reviewed by Saam Barati.
302
303         * API/JSVirtualMachine.mm:
304         (-[JSVirtualMachine enableSigillCrashAnalyzer]): Deleted.
305         * API/JSVirtualMachinePrivate.h: Removed.
306         * JavaScriptCore.xcodeproj/project.pbxproj:
307
308 2017-03-13  Commit Queue  <commit-queue@webkit.org>
309
310         Unreviewed, rolling out r213856.
311         https://bugs.webkit.org/show_bug.cgi?id=169562
312
313         Breaks JSC stress test stress/super-property-access.js.ftl-
314         eager failing (Requested by mlam|g on #webkit).
315
316         Reverted changeset:
317
318         "FTL should not flush strict arguments unless it really needs
319         to"
320         https://bugs.webkit.org/show_bug.cgi?id=169519
321         http://trac.webkit.org/changeset/213856
322
323 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
324
325         [JSC][Linux] Allow profilers to demangle C++ names
326         https://bugs.webkit.org/show_bug.cgi?id=169559
327
328         Reviewed by Michael Catanzaro.
329
330         Linux also offers dladdr & demangling feature.
331         Thus, we can use it to show the names in profilers.
332         For example, SamplingProfiler tells us the C function names.
333
334         * runtime/SamplingProfiler.cpp:
335         (JSC::SamplingProfiler::StackFrame::displayName):
336         * tools/CodeProfile.cpp:
337         (JSC::symbolName):
338
339 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
340
341         [WTF] Clean up RunLoop and WorkQueue with Seconds and Function
342         https://bugs.webkit.org/show_bug.cgi?id=169537
343
344         Reviewed by Sam Weinig.
345
346         * runtime/Watchdog.cpp:
347         (JSC::Watchdog::startTimer):
348
349 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
350
351         FTL should not flush strict arguments unless it really needs to
352         https://bugs.webkit.org/show_bug.cgi?id=169519
353
354         Reviewed by Mark Lam.
355         
356         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
357         in DFG SSA IR. It can sometimes unlock other optimizations.
358
359         * dfg/DFGPreciseLocalClobberize.h:
360         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
361
362 2017-03-13  Caio Lima  <ticaiolima@gmail.com>
363
364         [JSC] It should be possible create a label named let when parsing Statement in non strict mode
365         https://bugs.webkit.org/show_bug.cgi?id=168684
366
367         Reviewed by Saam Barati.
368
369         This patch is fixing a Parser bug to allow define a label named
370         ```let``` in sloppy mode when parsing a Statement.
371
372         * parser/Parser.cpp:
373         (JSC::Parser<LexerType>::parseStatement):
374
375 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
376
377         Structure::willStoreValueSlow needs to keep the property table alive until the end
378         https://bugs.webkit.org/show_bug.cgi?id=169520
379
380         Reviewed by Michael Saboff.
381
382         We use pointers logically interior to `propertyTable` after doing a GC. We need to prevent the
383         compiler from optimizing away pointers to `propertyTable`.
384         
385         * heap/HeapCell.cpp:
386         (JSC::HeapCell::use):
387         * heap/HeapCell.h:
388         (JSC::HeapCell::use): Introduce API for keeping a pointer alive until some point in execution.
389         * runtime/Structure.cpp:
390         (JSC::Structure::willStoreValueSlow): Use HeapCell::use() to keep the pointer alive.
391
392 2017-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
393
394         Unreviewed, suprress warnings in JSC B3
395
396         * b3/B3Opcode.cpp:
397
398 2017-03-11  Michael Saboff  <msaboff@apple.com>
399
400         Allow regular expressions to be used when selecting a process name in JSC config file
401         https://bugs.webkit.org/show_bug.cgi?id=169495
402
403         Reviewed by Saam Barati.
404
405         Only added regular expression selectors for unix like platforms.
406
407         * runtime/ConfigFile.cpp:
408         (JSC::ConfigFileScanner::tryConsumeRegExPattern):
409         (JSC::ConfigFile::parse):
410
411 2017-03-11  Jon Lee  <jonlee@apple.com>
412
413         WebGPU prototype - Front-End
414         https://bugs.webkit.org/show_bug.cgi?id=167952
415
416         Reviewed by Dean Jackson.
417
418         * runtime/CommonIdentifiers.h: Add WebGPU objects.
419
420 2017-03-10  Filip Pizlo  <fpizlo@apple.com>
421
422         The JITs should be able to emit fast TLS loads
423         https://bugs.webkit.org/show_bug.cgi?id=169483
424
425         Reviewed by Keith Miller.
426         
427         Added loadFromTLS32/64/Ptr to the MacroAssembler and added a B3 test for this.
428
429         * assembler/ARM64Assembler.h:
430         (JSC::ARM64Assembler::mrs_TPIDRRO_EL0):
431         * assembler/MacroAssembler.h:
432         (JSC::MacroAssembler::loadFromTLSPtr):
433         * assembler/MacroAssemblerARM64.h:
434         (JSC::MacroAssemblerARM64::loadFromTLS32):
435         (JSC::MacroAssemblerARM64::loadFromTLS64):
436         * assembler/MacroAssemblerX86Common.h:
437         (JSC::MacroAssemblerX86Common::loadFromTLS32):
438         * assembler/MacroAssemblerX86_64.h:
439         (JSC::MacroAssemblerX86_64::loadFromTLS64):
440         * assembler/X86Assembler.h:
441         (JSC::X86Assembler::adcl_im):
442         (JSC::X86Assembler::addl_mr):
443         (JSC::X86Assembler::addl_im):
444         (JSC::X86Assembler::andl_im):
445         (JSC::X86Assembler::orl_im):
446         (JSC::X86Assembler::orl_rm):
447         (JSC::X86Assembler::subl_im):
448         (JSC::X86Assembler::cmpb_im):
449         (JSC::X86Assembler::cmpl_rm):
450         (JSC::X86Assembler::cmpl_im):
451         (JSC::X86Assembler::testb_im):
452         (JSC::X86Assembler::movb_i8m):
453         (JSC::X86Assembler::movb_rm):
454         (JSC::X86Assembler::movl_mr):
455         (JSC::X86Assembler::movq_mr):
456         (JSC::X86Assembler::movsxd_rr):
457         (JSC::X86Assembler::gs):
458         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
459         * b3/testb3.cpp:
460         (JSC::B3::testFastTLS):
461         (JSC::B3::run):
462
463 2017-03-10  Alex Christensen  <achristensen@webkit.org>
464
465         Fix watch and tv builds after r213294
466         https://bugs.webkit.org/show_bug.cgi?id=169508
467
468         Reviewed by Dan Bernstein.
469
470         * Configurations/FeatureDefines.xcconfig:
471
472 2017-03-10  Saam Barati  <sbarati@apple.com>
473
474         WebAssembly: Make more demos run
475         https://bugs.webkit.org/show_bug.cgi?id=165510
476         <rdar://problem/29760310>
477
478         Reviewed by Keith Miller.
479
480         This patch makes another Wasm demo run:
481         https://kripken.github.io/BananaBread/cube2/bb.html
482         
483         This patch fixes two bugs:
484         1. When WebAssemblyFunctionType was added, we did not properly
485         update the last JS type value.
486         2. Our code for our JS -> Wasm entrypoint was wrong. It lead to bad
487         code generation where we would emit B3 that would write over r12
488         and rbx (on x86) which is invalid since those are our pinned registers.
489         This patch just rewrites the entrypoint to use hand written assembler
490         code. I was planning on doing this anyways because it's a compile
491         time speed boost.
492         
493         Also, this patch adds support for some new API features:
494         We can now export an import, either via a direct export, or via a Table and the
495         Element section. I've added a new class called WebAssemblyWrapperFunction that
496         just wraps over a JSObject that is a function. Wrapper functions have types
497         associated with them, so if they're re-imported, or called via call_indirect,
498         they can be type checked.
499
500         * CMakeLists.txt:
501         * JavaScriptCore.xcodeproj/project.pbxproj:
502         * runtime/JSGlobalObject.cpp:
503         (JSC::JSGlobalObject::init):
504         (JSC::JSGlobalObject::visitChildren):
505         * runtime/JSGlobalObject.h:
506         (JSC::JSGlobalObject::webAssemblyWrapperFunctionStructure):
507         * runtime/JSType.h:
508         * wasm/JSWebAssemblyCodeBlock.h:
509         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
510         * wasm/WasmB3IRGenerator.cpp:
511         (JSC::Wasm::createJSToWasmWrapper):
512         * wasm/WasmCallingConvention.h:
513         (JSC::Wasm::CallingConvention::headerSizeInBytes):
514         * wasm/js/JSWebAssemblyHelpers.h:
515         (JSC::isWebAssemblyHostFunction):
516         * wasm/js/JSWebAssemblyInstance.cpp:
517         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
518         * wasm/js/JSWebAssemblyInstance.h:
519         (JSC::JSWebAssemblyInstance::importFunction):
520         (JSC::JSWebAssemblyInstance::importFunctions):
521         (JSC::JSWebAssemblyInstance::setImportFunction):
522         * wasm/js/JSWebAssemblyTable.cpp:
523         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
524         (JSC::JSWebAssemblyTable::grow):
525         (JSC::JSWebAssemblyTable::clearFunction):
526         (JSC::JSWebAssemblyTable::setFunction):
527         * wasm/js/JSWebAssemblyTable.h:
528         (JSC::JSWebAssemblyTable::getFunction):
529         * wasm/js/WebAssemblyFunction.cpp:
530         (JSC::callWebAssemblyFunction):
531         * wasm/js/WebAssemblyInstanceConstructor.cpp:
532         (JSC::WebAssemblyInstanceConstructor::createInstance):
533         * wasm/js/WebAssemblyModuleRecord.cpp:
534         (JSC::WebAssemblyModuleRecord::link):
535         (JSC::WebAssemblyModuleRecord::evaluate):
536         * wasm/js/WebAssemblyModuleRecord.h:
537         * wasm/js/WebAssemblyTablePrototype.cpp:
538         (JSC::webAssemblyTableProtoFuncGet):
539         (JSC::webAssemblyTableProtoFuncSet):
540         * wasm/js/WebAssemblyWrapperFunction.cpp: Added.
541         (JSC::callWebAssemblyWrapperFunction):
542         (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
543         (JSC::WebAssemblyWrapperFunction::create):
544         (JSC::WebAssemblyWrapperFunction::finishCreation):
545         (JSC::WebAssemblyWrapperFunction::createStructure):
546         (JSC::WebAssemblyWrapperFunction::visitChildren):
547         * wasm/js/WebAssemblyWrapperFunction.h: Added.
548         (JSC::WebAssemblyWrapperFunction::signatureIndex):
549         (JSC::WebAssemblyWrapperFunction::wasmEntrypoint):
550         (JSC::WebAssemblyWrapperFunction::function):
551
552 2017-03-10  Mark Lam  <mark.lam@apple.com>
553
554         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
555         https://bugs.webkit.org/show_bug.cgi?id=168546
556         <rdar://problem/30589551>
557
558         Reviewed by Saam Barati.
559
560         We should protect the scope RegisterID with a RefPtr while it is still needed.
561
562         * bytecompiler/NodesCodegen.cpp:
563         (JSC::ForInNode::emitLoopHeader):
564         (JSC::ForOfNode::emitBytecode):
565         (JSC::BindingNode::bindValue):
566
567 2017-03-10  Alex Christensen  <achristensen@webkit.org>
568
569         Fix CMake build.
570
571         * CMakeLists.txt:
572         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
573
574 2017-03-10  Mark Lam  <mark.lam@apple.com>
575
576         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
577         https://bugs.webkit.org/show_bug.cgi?id=169454
578
579         Reviewed by Michael Saboff.
580
581         The underlying implementation is hoisted right out of Assertions.cpp from the
582         implementations of WTFPrintBacktrace().
583
584         The reason we need this StackTrace object is because during heap debugging, we
585         sometimes want to capture the stack trace that allocated the objects of interest.
586         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
587         perturb the execution profile sufficiently that an issue may not reproduce,
588         while alternatively, just capturing the stack trace and deferring printing it
589         till we actually need it later perturbs the execution profile less.
590
591         In addition, just capturing the stack traces (instead of printing them
592         immediately at each capture site) allows us to avoid polluting stdout with tons
593         of stack traces that may be irrelevant.
594
595         For now, we only capture the native stack trace.  We'll leave capturing and
596         integrating the JS stack trace as an exercise for the future if we need it then.
597
598         Here's an example of how to use this StackTrace utility:
599
600             // Capture a stack trace of the top 10 frames.
601             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
602             // Print the trace.
603             dataLog(*trace);
604
605         * CMakeLists.txt:
606         * JavaScriptCore.xcodeproj/project.pbxproj:
607         * tools/StackTrace.cpp: Added.
608         (JSC::StackTrace::instanceSize):
609         (JSC::StackTrace::captureStackTrace):
610         (JSC::StackTrace::dump):
611         * tools/StackTrace.h: Added.
612         (JSC::StackTrace::size):
613         (JSC::StackTrace::StackTrace):
614
615 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
616
617         B3 should have comprehensive support for atomic operations
618         https://bugs.webkit.org/show_bug.cgi?id=162349
619
620         Reviewed by Keith Miller.
621         
622         This adds the following capabilities to B3:
623         
624         - Atomic weak/strong unfenced/fenced compare-and-swap
625         - Atomic add/sub/or/and/xor/xchg
626         - Acquire/release fencing on loads/stores
627         - Fenceless load-load dependencies
628         
629         This adds lowering to the following instructions on x86:
630         
631         - lock cmpxchg
632         - lock xadd
633         - lock add/sub/or/and/xor/xchg
634         
635         This adds lowering to the following instructions on ARM64:
636         
637         - ldar and friends
638         - stlr and friends
639         - ldxr and friends (unfenced LL)
640         - stxr and friends (unfended SC)
641         - ldaxr and friends (fenced LL)
642         - stlxr and friends (fenced SC)
643         - eor as a fenceless load-load dependency
644         
645         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
646         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
647         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
648         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
649         generate the best possible branch sequence on x86 and ARM64.
650         
651         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
652         respect to each other and with respect to rel stores, creating sequential consistency that
653         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
654         fence effects may only target some abstract heaps but not others, so that load elimination and
655         store sinking can still operate across fences if you just tell B3 that the fence does not alias
656         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
657         Even better, it lets you express fine-grained dependencies where the atomics that affect one
658         property in shared memory do not clobber non-atomics that ffect some other property in shared
659         memory.
660         
661         One of my favorite features is Depend, which allows you to express load-load dependencies. On
662         x86 it lowers to nothing, while on ARM64 it lowers to eor.
663         
664         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
665         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
666         
667         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
668         implementations of the Atomics object, for now.
669         
670         * CMakeLists.txt:
671         * JavaScriptCore.xcodeproj/project.pbxproj:
672         * assembler/ARM64Assembler.h:
673         (JSC::ARM64Assembler::ldar):
674         (JSC::ARM64Assembler::ldxr):
675         (JSC::ARM64Assembler::ldaxr):
676         (JSC::ARM64Assembler::stxr):
677         (JSC::ARM64Assembler::stlr):
678         (JSC::ARM64Assembler::stlxr):
679         (JSC::ARM64Assembler::excepnGenerationImmMask):
680         (JSC::ARM64Assembler::exoticLoad):
681         (JSC::ARM64Assembler::storeRelease):
682         (JSC::ARM64Assembler::exoticStore):
683         * assembler/AbstractMacroAssembler.cpp: Added.
684         (WTF::printInternal):
685         * assembler/AbstractMacroAssembler.h:
686         (JSC::AbstractMacroAssemblerBase::invert):
687         * assembler/MacroAssembler.h:
688         * assembler/MacroAssemblerARM64.h:
689         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
690         (JSC::MacroAssemblerARM64::loadAcq8):
691         (JSC::MacroAssemblerARM64::storeRel8):
692         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
693         (JSC::MacroAssemblerARM64::loadAcq16):
694         (JSC::MacroAssemblerARM64::storeRel16):
695         (JSC::MacroAssemblerARM64::loadAcq32):
696         (JSC::MacroAssemblerARM64::loadAcq64):
697         (JSC::MacroAssemblerARM64::storeRel32):
698         (JSC::MacroAssemblerARM64::storeRel64):
699         (JSC::MacroAssemblerARM64::loadLink8):
700         (JSC::MacroAssemblerARM64::loadLinkAcq8):
701         (JSC::MacroAssemblerARM64::storeCond8):
702         (JSC::MacroAssemblerARM64::storeCondRel8):
703         (JSC::MacroAssemblerARM64::loadLink16):
704         (JSC::MacroAssemblerARM64::loadLinkAcq16):
705         (JSC::MacroAssemblerARM64::storeCond16):
706         (JSC::MacroAssemblerARM64::storeCondRel16):
707         (JSC::MacroAssemblerARM64::loadLink32):
708         (JSC::MacroAssemblerARM64::loadLinkAcq32):
709         (JSC::MacroAssemblerARM64::storeCond32):
710         (JSC::MacroAssemblerARM64::storeCondRel32):
711         (JSC::MacroAssemblerARM64::loadLink64):
712         (JSC::MacroAssemblerARM64::loadLinkAcq64):
713         (JSC::MacroAssemblerARM64::storeCond64):
714         (JSC::MacroAssemblerARM64::storeCondRel64):
715         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
716         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
717         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
718         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
719         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
720         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
721         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
722         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
723         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
724         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
725         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
726         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
727         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
728         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
729         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
730         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
731         (JSC::MacroAssemblerARM64::depend32):
732         (JSC::MacroAssemblerARM64::depend64):
733         (JSC::MacroAssemblerARM64::loadLink):
734         (JSC::MacroAssemblerARM64::loadLinkAcq):
735         (JSC::MacroAssemblerARM64::storeCond):
736         (JSC::MacroAssemblerARM64::storeCondRel):
737         (JSC::MacroAssemblerARM64::signExtend):
738         (JSC::MacroAssemblerARM64::branch):
739         (JSC::MacroAssemblerARM64::atomicStrongCAS):
740         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
741         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
742         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
743         (JSC::MacroAssemblerARM64::extractSimpleAddress):
744         (JSC::MacroAssemblerARM64::signExtend<8>):
745         (JSC::MacroAssemblerARM64::signExtend<16>):
746         (JSC::MacroAssemblerARM64::branch<64>):
747         * assembler/MacroAssemblerX86Common.h:
748         (JSC::MacroAssemblerX86Common::add32):
749         (JSC::MacroAssemblerX86Common::and32):
750         (JSC::MacroAssemblerX86Common::and16):
751         (JSC::MacroAssemblerX86Common::and8):
752         (JSC::MacroAssemblerX86Common::neg32):
753         (JSC::MacroAssemblerX86Common::neg16):
754         (JSC::MacroAssemblerX86Common::neg8):
755         (JSC::MacroAssemblerX86Common::or32):
756         (JSC::MacroAssemblerX86Common::or16):
757         (JSC::MacroAssemblerX86Common::or8):
758         (JSC::MacroAssemblerX86Common::sub16):
759         (JSC::MacroAssemblerX86Common::sub8):
760         (JSC::MacroAssemblerX86Common::sub32):
761         (JSC::MacroAssemblerX86Common::xor32):
762         (JSC::MacroAssemblerX86Common::xor16):
763         (JSC::MacroAssemblerX86Common::xor8):
764         (JSC::MacroAssemblerX86Common::not32):
765         (JSC::MacroAssemblerX86Common::not16):
766         (JSC::MacroAssemblerX86Common::not8):
767         (JSC::MacroAssemblerX86Common::store16):
768         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
769         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
770         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
771         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
772         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
773         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
774         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
775         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
776         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
777         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
778         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
779         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
780         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
781         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
782         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
783         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
784         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
785         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
786         (JSC::MacroAssemblerX86Common::atomicAdd8):
787         (JSC::MacroAssemblerX86Common::atomicAdd16):
788         (JSC::MacroAssemblerX86Common::atomicAdd32):
789         (JSC::MacroAssemblerX86Common::atomicSub8):
790         (JSC::MacroAssemblerX86Common::atomicSub16):
791         (JSC::MacroAssemblerX86Common::atomicSub32):
792         (JSC::MacroAssemblerX86Common::atomicAnd8):
793         (JSC::MacroAssemblerX86Common::atomicAnd16):
794         (JSC::MacroAssemblerX86Common::atomicAnd32):
795         (JSC::MacroAssemblerX86Common::atomicOr8):
796         (JSC::MacroAssemblerX86Common::atomicOr16):
797         (JSC::MacroAssemblerX86Common::atomicOr32):
798         (JSC::MacroAssemblerX86Common::atomicXor8):
799         (JSC::MacroAssemblerX86Common::atomicXor16):
800         (JSC::MacroAssemblerX86Common::atomicXor32):
801         (JSC::MacroAssemblerX86Common::atomicNeg8):
802         (JSC::MacroAssemblerX86Common::atomicNeg16):
803         (JSC::MacroAssemblerX86Common::atomicNeg32):
804         (JSC::MacroAssemblerX86Common::atomicNot8):
805         (JSC::MacroAssemblerX86Common::atomicNot16):
806         (JSC::MacroAssemblerX86Common::atomicNot32):
807         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
808         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
809         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
810         (JSC::MacroAssemblerX86Common::atomicXchg8):
811         (JSC::MacroAssemblerX86Common::atomicXchg16):
812         (JSC::MacroAssemblerX86Common::atomicXchg32):
813         (JSC::MacroAssemblerX86Common::loadAcq8):
814         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
815         (JSC::MacroAssemblerX86Common::loadAcq16):
816         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
817         (JSC::MacroAssemblerX86Common::loadAcq32):
818         (JSC::MacroAssemblerX86Common::storeRel8):
819         (JSC::MacroAssemblerX86Common::storeRel16):
820         (JSC::MacroAssemblerX86Common::storeRel32):
821         (JSC::MacroAssemblerX86Common::storeFence):
822         (JSC::MacroAssemblerX86Common::loadFence):
823         (JSC::MacroAssemblerX86Common::replaceWithJump):
824         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
825         (JSC::MacroAssemblerX86Common::patchableJumpSize):
826         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
827         (JSC::MacroAssemblerX86Common::supportsAVX):
828         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
829         (JSC::MacroAssemblerX86Common::x86Condition):
830         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
831         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
832         * assembler/MacroAssemblerX86_64.h:
833         (JSC::MacroAssemblerX86_64::add64):
834         (JSC::MacroAssemblerX86_64::and64):
835         (JSC::MacroAssemblerX86_64::neg64):
836         (JSC::MacroAssemblerX86_64::or64):
837         (JSC::MacroAssemblerX86_64::sub64):
838         (JSC::MacroAssemblerX86_64::xor64):
839         (JSC::MacroAssemblerX86_64::not64):
840         (JSC::MacroAssemblerX86_64::store64):
841         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
842         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
843         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
844         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
845         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
846         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
847         (JSC::MacroAssemblerX86_64::atomicAdd64):
848         (JSC::MacroAssemblerX86_64::atomicSub64):
849         (JSC::MacroAssemblerX86_64::atomicAnd64):
850         (JSC::MacroAssemblerX86_64::atomicOr64):
851         (JSC::MacroAssemblerX86_64::atomicXor64):
852         (JSC::MacroAssemblerX86_64::atomicNeg64):
853         (JSC::MacroAssemblerX86_64::atomicNot64):
854         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
855         (JSC::MacroAssemblerX86_64::atomicXchg64):
856         (JSC::MacroAssemblerX86_64::loadAcq64):
857         (JSC::MacroAssemblerX86_64::storeRel64):
858         * assembler/X86Assembler.h:
859         (JSC::X86Assembler::addl_mr):
860         (JSC::X86Assembler::addq_mr):
861         (JSC::X86Assembler::addq_rm):
862         (JSC::X86Assembler::addq_im):
863         (JSC::X86Assembler::andl_mr):
864         (JSC::X86Assembler::andl_rm):
865         (JSC::X86Assembler::andw_rm):
866         (JSC::X86Assembler::andb_rm):
867         (JSC::X86Assembler::andl_im):
868         (JSC::X86Assembler::andw_im):
869         (JSC::X86Assembler::andb_im):
870         (JSC::X86Assembler::andq_mr):
871         (JSC::X86Assembler::andq_rm):
872         (JSC::X86Assembler::andq_im):
873         (JSC::X86Assembler::incq_m):
874         (JSC::X86Assembler::negq_m):
875         (JSC::X86Assembler::negl_m):
876         (JSC::X86Assembler::negw_m):
877         (JSC::X86Assembler::negb_m):
878         (JSC::X86Assembler::notl_m):
879         (JSC::X86Assembler::notw_m):
880         (JSC::X86Assembler::notb_m):
881         (JSC::X86Assembler::notq_m):
882         (JSC::X86Assembler::orl_mr):
883         (JSC::X86Assembler::orl_rm):
884         (JSC::X86Assembler::orw_rm):
885         (JSC::X86Assembler::orb_rm):
886         (JSC::X86Assembler::orl_im):
887         (JSC::X86Assembler::orw_im):
888         (JSC::X86Assembler::orb_im):
889         (JSC::X86Assembler::orq_mr):
890         (JSC::X86Assembler::orq_rm):
891         (JSC::X86Assembler::orq_im):
892         (JSC::X86Assembler::subl_mr):
893         (JSC::X86Assembler::subl_rm):
894         (JSC::X86Assembler::subw_rm):
895         (JSC::X86Assembler::subb_rm):
896         (JSC::X86Assembler::subl_im):
897         (JSC::X86Assembler::subw_im):
898         (JSC::X86Assembler::subb_im):
899         (JSC::X86Assembler::subq_mr):
900         (JSC::X86Assembler::subq_rm):
901         (JSC::X86Assembler::subq_im):
902         (JSC::X86Assembler::xorl_mr):
903         (JSC::X86Assembler::xorl_rm):
904         (JSC::X86Assembler::xorl_im):
905         (JSC::X86Assembler::xorw_rm):
906         (JSC::X86Assembler::xorw_im):
907         (JSC::X86Assembler::xorb_rm):
908         (JSC::X86Assembler::xorb_im):
909         (JSC::X86Assembler::xorq_im):
910         (JSC::X86Assembler::xorq_rm):
911         (JSC::X86Assembler::xorq_mr):
912         (JSC::X86Assembler::xchgb_rm):
913         (JSC::X86Assembler::xchgw_rm):
914         (JSC::X86Assembler::xchgl_rm):
915         (JSC::X86Assembler::xchgq_rm):
916         (JSC::X86Assembler::movw_im):
917         (JSC::X86Assembler::movq_i32m):
918         (JSC::X86Assembler::cmpxchgb_rm):
919         (JSC::X86Assembler::cmpxchgw_rm):
920         (JSC::X86Assembler::cmpxchgl_rm):
921         (JSC::X86Assembler::cmpxchgq_rm):
922         (JSC::X86Assembler::xaddb_rm):
923         (JSC::X86Assembler::xaddw_rm):
924         (JSC::X86Assembler::xaddl_rm):
925         (JSC::X86Assembler::xaddq_rm):
926         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
927         * b3/B3AtomicValue.cpp: Added.
928         (JSC::B3::AtomicValue::~AtomicValue):
929         (JSC::B3::AtomicValue::dumpMeta):
930         (JSC::B3::AtomicValue::cloneImpl):
931         (JSC::B3::AtomicValue::AtomicValue):
932         * b3/B3AtomicValue.h: Added.
933         * b3/B3BasicBlock.h:
934         * b3/B3BlockInsertionSet.cpp:
935         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
936         (JSC::B3::BlockInsertionSet::insert): Deleted.
937         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
938         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
939         (JSC::B3::BlockInsertionSet::execute): Deleted.
940         * b3/B3BlockInsertionSet.h:
941         * b3/B3Effects.cpp:
942         (JSC::B3::Effects::interferes):
943         (JSC::B3::Effects::operator==):
944         (JSC::B3::Effects::dump):
945         * b3/B3Effects.h:
946         (JSC::B3::Effects::forCall):
947         (JSC::B3::Effects::mustExecute):
948         * b3/B3EliminateCommonSubexpressions.cpp:
949         * b3/B3Generate.cpp:
950         (JSC::B3::generateToAir):
951         * b3/B3GenericBlockInsertionSet.h: Added.
952         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
953         (JSC::B3::GenericBlockInsertionSet::insert):
954         (JSC::B3::GenericBlockInsertionSet::insertBefore):
955         (JSC::B3::GenericBlockInsertionSet::insertAfter):
956         (JSC::B3::GenericBlockInsertionSet::execute):
957         * b3/B3HeapRange.h:
958         (JSC::B3::HeapRange::operator|):
959         * b3/B3InsertionSet.cpp:
960         (JSC::B3::InsertionSet::insertClone):
961         * b3/B3InsertionSet.h:
962         * b3/B3LegalizeMemoryOffsets.cpp:
963         * b3/B3LowerMacros.cpp:
964         (JSC::B3::lowerMacros):
965         * b3/B3LowerMacrosAfterOptimizations.cpp:
966         * b3/B3LowerToAir.cpp:
967         (JSC::B3::Air::LowerToAir::LowerToAir):
968         (JSC::B3::Air::LowerToAir::run):
969         (JSC::B3::Air::LowerToAir::effectiveAddr):
970         (JSC::B3::Air::LowerToAir::addr):
971         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
972         (JSC::B3::Air::LowerToAir::appendShift):
973         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
974         (JSC::B3::Air::LowerToAir::storeOpcode):
975         (JSC::B3::Air::LowerToAir::createStore):
976         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
977         (JSC::B3::Air::LowerToAir::newBlock):
978         (JSC::B3::Air::LowerToAir::splitBlock):
979         (JSC::B3::Air::LowerToAir::fillStackmap):
980         (JSC::B3::Air::LowerToAir::appendX86Div):
981         (JSC::B3::Air::LowerToAir::appendX86UDiv):
982         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
983         (JSC::B3::Air::LowerToAir::storeCondOpcode):
984         (JSC::B3::Air::LowerToAir::appendCAS):
985         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
986         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
987         (JSC::B3::Air::LowerToAir::lower):
988         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
989         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
990         * b3/B3LowerToAir.h:
991         * b3/B3MemoryValue.cpp:
992         (JSC::B3::MemoryValue::isLegalOffset):
993         (JSC::B3::MemoryValue::accessType):
994         (JSC::B3::MemoryValue::accessBank):
995         (JSC::B3::MemoryValue::accessByteSize):
996         (JSC::B3::MemoryValue::dumpMeta):
997         (JSC::B3::MemoryValue::MemoryValue):
998         (JSC::B3::MemoryValue::accessWidth): Deleted.
999         * b3/B3MemoryValue.h:
1000         * b3/B3MemoryValueInlines.h: Added.
1001         (JSC::B3::MemoryValue::isLegalOffset):
1002         (JSC::B3::MemoryValue::requiresSimpleAddr):
1003         (JSC::B3::MemoryValue::accessWidth):
1004         * b3/B3MoveConstants.cpp:
1005         * b3/B3NativeTraits.h: Added.
1006         * b3/B3Opcode.cpp:
1007         (JSC::B3::storeOpcode):
1008         (WTF::printInternal):
1009         * b3/B3Opcode.h:
1010         (JSC::B3::isLoad):
1011         (JSC::B3::isStore):
1012         (JSC::B3::isLoadStore):
1013         (JSC::B3::isAtomic):
1014         (JSC::B3::isAtomicCAS):
1015         (JSC::B3::isAtomicXchg):
1016         (JSC::B3::isMemoryAccess):
1017         (JSC::B3::signExtendOpcode):
1018         * b3/B3Procedure.cpp:
1019         (JSC::B3::Procedure::dump):
1020         * b3/B3Procedure.h:
1021         (JSC::B3::Procedure::hasQuirks):
1022         (JSC::B3::Procedure::setHasQuirks):
1023         * b3/B3PureCSE.cpp:
1024         (JSC::B3::pureCSE):
1025         * b3/B3PureCSE.h:
1026         * b3/B3ReduceStrength.cpp:
1027         * b3/B3Validate.cpp:
1028         * b3/B3Value.cpp:
1029         (JSC::B3::Value::returnsBool):
1030         (JSC::B3::Value::effects):
1031         (JSC::B3::Value::key):
1032         (JSC::B3::Value::performSubstitution):
1033         (JSC::B3::Value::typeFor):
1034         * b3/B3Value.h:
1035         * b3/B3Width.cpp:
1036         (JSC::B3::bestType):
1037         * b3/B3Width.h:
1038         (JSC::B3::canonicalWidth):
1039         (JSC::B3::isCanonicalWidth):
1040         (JSC::B3::mask):
1041         * b3/air/AirArg.cpp:
1042         (JSC::B3::Air::Arg::jsHash):
1043         (JSC::B3::Air::Arg::dump):
1044         (WTF::printInternal):
1045         * b3/air/AirArg.h:
1046         (JSC::B3::Air::Arg::isAnyUse):
1047         (JSC::B3::Air::Arg::isColdUse):
1048         (JSC::B3::Air::Arg::cooled):
1049         (JSC::B3::Air::Arg::isEarlyUse):
1050         (JSC::B3::Air::Arg::isLateUse):
1051         (JSC::B3::Air::Arg::isAnyDef):
1052         (JSC::B3::Air::Arg::isEarlyDef):
1053         (JSC::B3::Air::Arg::isLateDef):
1054         (JSC::B3::Air::Arg::isZDef):
1055         (JSC::B3::Air::Arg::simpleAddr):
1056         (JSC::B3::Air::Arg::statusCond):
1057         (JSC::B3::Air::Arg::isSimpleAddr):
1058         (JSC::B3::Air::Arg::isMemory):
1059         (JSC::B3::Air::Arg::isStatusCond):
1060         (JSC::B3::Air::Arg::isCondition):
1061         (JSC::B3::Air::Arg::ptr):
1062         (JSC::B3::Air::Arg::base):
1063         (JSC::B3::Air::Arg::isGP):
1064         (JSC::B3::Air::Arg::isFP):
1065         (JSC::B3::Air::Arg::isValidForm):
1066         (JSC::B3::Air::Arg::forEachTmpFast):
1067         (JSC::B3::Air::Arg::forEachTmp):
1068         (JSC::B3::Air::Arg::asAddress):
1069         (JSC::B3::Air::Arg::asStatusCondition):
1070         (JSC::B3::Air::Arg::isInvertible):
1071         (JSC::B3::Air::Arg::inverted):
1072         * b3/air/AirBasicBlock.cpp:
1073         (JSC::B3::Air::BasicBlock::setSuccessors):
1074         * b3/air/AirBasicBlock.h:
1075         * b3/air/AirBlockInsertionSet.cpp: Added.
1076         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
1077         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
1078         * b3/air/AirBlockInsertionSet.h: Added.
1079         * b3/air/AirDumpAsJS.cpp: Removed.
1080         * b3/air/AirDumpAsJS.h: Removed.
1081         * b3/air/AirEliminateDeadCode.cpp:
1082         (JSC::B3::Air::eliminateDeadCode):
1083         * b3/air/AirGenerate.cpp:
1084         (JSC::B3::Air::prepareForGeneration):
1085         * b3/air/AirInstInlines.h:
1086         (JSC::B3::Air::isAtomicStrongCASValid):
1087         (JSC::B3::Air::isBranchAtomicStrongCASValid):
1088         (JSC::B3::Air::isAtomicStrongCAS8Valid):
1089         (JSC::B3::Air::isAtomicStrongCAS16Valid):
1090         (JSC::B3::Air::isAtomicStrongCAS32Valid):
1091         (JSC::B3::Air::isAtomicStrongCAS64Valid):
1092         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
1093         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
1094         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
1095         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
1096         * b3/air/AirOpcode.opcodes:
1097         * b3/air/AirOptimizeBlockOrder.cpp:
1098         (JSC::B3::Air::optimizeBlockOrder):
1099         * b3/air/AirPadInterference.cpp:
1100         (JSC::B3::Air::padInterference):
1101         * b3/air/AirSpillEverything.cpp:
1102         (JSC::B3::Air::spillEverything):
1103         * b3/air/opcode_generator.rb:
1104         * b3/testb3.cpp:
1105         (JSC::B3::testLoadAcq42):
1106         (JSC::B3::testStoreRelAddLoadAcq32):
1107         (JSC::B3::testStoreRelAddLoadAcq8):
1108         (JSC::B3::testStoreRelAddFenceLoadAcq8):
1109         (JSC::B3::testStoreRelAddLoadAcq16):
1110         (JSC::B3::testStoreRelAddLoadAcq64):
1111         (JSC::B3::testTrappingStoreElimination):
1112         (JSC::B3::testX86LeaAddAdd):
1113         (JSC::B3::testX86LeaAddShlLeftScale1):
1114         (JSC::B3::testAtomicWeakCAS):
1115         (JSC::B3::testAtomicStrongCAS):
1116         (JSC::B3::testAtomicXchg):
1117         (JSC::B3::testDepend32):
1118         (JSC::B3::testDepend64):
1119         (JSC::B3::run):
1120         * runtime/Options.h:
1121
1122 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
1123
1124         Unreviewed typo fixes after r213652.
1125         https://bugs.webkit.org/show_bug.cgi?id=168920
1126
1127         * assembler/MacroAssemblerARM.h:
1128         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
1129         * assembler/MacroAssemblerMIPS.h:
1130         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
1131
1132 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
1133
1134         Unreviewed ARM buildfix after r213652.
1135         https://bugs.webkit.org/show_bug.cgi?id=168920
1136
1137         r213652 used replaceWithBrk and replaceWithBkpt names for the same
1138         function, which was inconsistent and caused build error in ARMAssembler.
1139
1140         * assembler/ARM64Assembler.h:
1141         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1142         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
1143         * assembler/ARMAssembler.h:
1144         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1145         (JSC::ARMAssembler::replaceWithBrk): Deleted.
1146         * assembler/MacroAssemblerARM64.h:
1147         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1148
1149 2017-03-10  Alex Christensen  <achristensen@webkit.org>
1150
1151         Win64 build fix.
1152
1153         * b3/B3FenceValue.h:
1154         * b3/B3Value.h:
1155         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
1156         doesn't accomplish anything except making Visual Studio mad.
1157         * b3/air/opcode_generator.rb:
1158         winnt.h has naming collisions with enum values from AirOpcode.h.
1159         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
1160         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
1161         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
1162         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
1163
1164 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
1165
1166         Unreviewed, rolling out r213695.
1167
1168         This change broke the Windows build.
1169
1170         Reverted changeset:
1171
1172         "Implement a StackTrace utility object that can capture stack
1173         traces for debugging."
1174         https://bugs.webkit.org/show_bug.cgi?id=169454
1175         http://trac.webkit.org/changeset/213695
1176
1177 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
1178
1179         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
1180         https://bugs.webkit.org/show_bug.cgi?id=167962
1181
1182         Reviewed by Keith Miller.
1183
1184         Object Rest/Spread Destructing proposal is in stage 3[1] and this
1185         Patch is a prototype implementation of it. A simple change over the
1186         parser was necessary to support the new '...' token on Object Pattern
1187         destruction rule. In the bytecode generator side, We changed the
1188         bytecode generated on ObjectPatternNode::bindValue to store in an
1189         array identifiers of already destructed properties, following spec draft
1190         section[2], and then pass it as excludedNames to CopyDataProperties.
1191         The rest destruction the calls copyDataProperties to perform the
1192         copy of rest properties in rhs.
1193
1194         We also implemented CopyDataProperties as private JS global operation
1195         on builtins/GlobalOperations.js following it's specification on [3].
1196         It is implemented using Set object to verify if a property is on
1197         excludedNames to keep this algorithm with O(n + m) complexity, where n
1198         = number of source's own properties and m = excludedNames.length. 
1199
1200         As a requirement to use JSSets as constants, a change in
1201         CodeBlock::create API was necessary, because JSSet creation can throws OOM
1202         exception. Now, CodeBlock::finishCreation returns ```false``` if an
1203         execption is throwed by
1204         CodeBlock::setConstantIdentifierSetRegisters and then we return
1205         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
1206         check if CodeBlock was constructed properly and then, throw OOM
1207         exception to the correct scope.
1208
1209         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
1210         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
1211         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
1212
1213         * builtins/BuiltinNames.h:
1214         * builtins/GlobalOperations.js:
1215         (globalPrivate.copyDataProperties):
1216         * bytecode/CodeBlock.cpp:
1217         (JSC::CodeBlock::finishCreation):
1218         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
1219         * bytecode/CodeBlock.h:
1220         * bytecode/EvalCodeBlock.h:
1221         (JSC::EvalCodeBlock::create):
1222         * bytecode/FunctionCodeBlock.h:
1223         (JSC::FunctionCodeBlock::create):
1224         * bytecode/ModuleProgramCodeBlock.h:
1225         (JSC::ModuleProgramCodeBlock::create):
1226         * bytecode/ProgramCodeBlock.h:
1227         (JSC::ProgramCodeBlock::create):
1228         * bytecode/UnlinkedCodeBlock.h:
1229         (JSC::UnlinkedCodeBlock::addSetConstant):
1230         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
1231         * bytecompiler/BytecodeGenerator.cpp:
1232         (JSC::BytecodeGenerator::emitLoad):
1233         * bytecompiler/BytecodeGenerator.h:
1234         * bytecompiler/NodesCodegen.cpp:
1235         (JSC::ObjectPatternNode::bindValue):
1236         * parser/ASTBuilder.h:
1237         (JSC::ASTBuilder::appendObjectPatternEntry):
1238         (JSC::ASTBuilder::appendObjectPatternRestEntry):
1239         (JSC::ASTBuilder::setContainsObjectRestElement):
1240         * parser/Nodes.h:
1241         (JSC::ObjectPatternNode::appendEntry):
1242         (JSC::ObjectPatternNode::setContainsRestElement):
1243         * parser/Parser.cpp:
1244         (JSC::Parser<LexerType>::parseDestructuringPattern):
1245         (JSC::Parser<LexerType>::parseProperty):
1246         * parser/SyntaxChecker.h:
1247         (JSC::SyntaxChecker::operatorStackPop):
1248         * runtime/JSGlobalObject.cpp:
1249         (JSC::JSGlobalObject::init):
1250         * runtime/JSGlobalObjectFunctions.cpp:
1251         (JSC::privateToObject):
1252         * runtime/JSGlobalObjectFunctions.h:
1253         * runtime/ScriptExecutable.cpp:
1254         (JSC::ScriptExecutable::newCodeBlockFor):
1255
1256 2017-03-09  Mark Lam  <mark.lam@apple.com>
1257
1258         Implement a StackTrace utility object that can capture stack traces for debugging.
1259         https://bugs.webkit.org/show_bug.cgi?id=169454
1260
1261         Reviewed by Michael Saboff.
1262
1263         The underlying implementation is hoisted right out of Assertions.cpp from the
1264         implementations of WTFPrintBacktrace().
1265
1266         The reason we need this StackTrace object is because during heap debugging, we
1267         sometimes want to capture the stack trace that allocated the objects of interest.
1268         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
1269         perturb the execution profile sufficiently that an issue may not reproduce,
1270         while alternatively, just capturing the stack trace and deferring printing it
1271         till we actually need it later perturbs the execution profile less.
1272
1273         In addition, just capturing the stack traces (instead of printing them
1274         immediately at each capture site) allows us to avoid polluting stdout with tons
1275         of stack traces that may be irrelevant.
1276
1277         For now, we only capture the native stack trace.  We'll leave capturing and
1278         integrating the JS stack trace as an exercise for the future if we need it then.
1279
1280         Here's an example of how to use this StackTrace utility:
1281
1282             // Capture a stack trace of the top 10 frames.
1283             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
1284             // Print the trace.
1285             dataLog(*trace);
1286
1287         * CMakeLists.txt:
1288         * JavaScriptCore.xcodeproj/project.pbxproj:
1289         * tools/StackTrace.cpp: Added.
1290         (JSC::StackTrace::instanceSize):
1291         (JSC::StackTrace::captureStackTrace):
1292         (JSC::StackTrace::dump):
1293         * tools/StackTrace.h: Added.
1294         (JSC::StackTrace::StackTrace):
1295         (JSC::StackTrace::size):
1296
1297 2017-03-09  Keith Miller  <keith_miller@apple.com>
1298
1299         WebAssembly: Enable fast memory for WK2
1300         https://bugs.webkit.org/show_bug.cgi?id=169437
1301
1302         Reviewed by Tim Horton.
1303
1304         * JavaScriptCore.xcodeproj/project.pbxproj:
1305
1306 2017-03-09  Matt Baker  <mattbaker@apple.com>
1307
1308         Web Inspector: Add XHR breakpoints UI
1309         https://bugs.webkit.org/show_bug.cgi?id=168763
1310         <rdar://problem/30952439>
1311
1312         Reviewed by Joseph Pecoraro.
1313
1314         * inspector/protocol/DOMDebugger.json:
1315         Added clarifying comments to command descriptions.
1316
1317 2017-03-09  Michael Saboff  <msaboff@apple.com>
1318
1319         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
1320         https://bugs.webkit.org/show_bug.cgi?id=169387
1321
1322         Reviewed by Filip Pizlo.
1323
1324         Added a helper function, processConfigFile(), to process configuration file.
1325         Changed jsc.cpp to use that function in lieu of processing the config file
1326         manually.
1327
1328         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
1329         * jsc.cpp:
1330         (jscmain):
1331         * runtime/ConfigFile.cpp:
1332         (JSC::processConfigFile):
1333         * runtime/ConfigFile.h:
1334
1335 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
1336
1337         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
1338         https://bugs.webkit.org/show_bug.cgi?id=29687
1339         <rdar://problem/19281586>
1340
1341         Reviewed by Matt Baker and Brian Burg.
1342
1343         * inspector/protocol/Network.json:
1344         Add metrics object with optional properties to loadingFinished event.
1345
1346 2017-03-09  Youenn Fablet  <youenn@apple.com>
1347
1348         Minimal build is broken
1349         https://bugs.webkit.org/show_bug.cgi?id=169416
1350
1351         Reviewed by Chris Dumez.
1352
1353         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
1354         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
1355
1356         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
1357         (generate_members):
1358         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
1359         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
1360         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
1361
1362 2017-03-09  Daniel Bates  <dabates@apple.com>
1363
1364         Guard Credential Management implementation behind a runtime enabled feature flag
1365         https://bugs.webkit.org/show_bug.cgi?id=169364
1366         <rdar://problem/30957425>
1367
1368         Reviewed by Brent Fulgham.
1369
1370         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
1371         needed to guard these interfaces behind a runtime enabled feature flag.
1372
1373         * runtime/CommonIdentifiers.h:
1374
1375 2017-03-09  Mark Lam  <mark.lam@apple.com>
1376
1377         Refactoring some HeapVerifier code.
1378         https://bugs.webkit.org/show_bug.cgi?id=169443
1379
1380         Reviewed by Filip Pizlo.
1381
1382         Renamed LiveObjectData to CellProfile.
1383         Renamed LiveObjectList to CellList.
1384         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
1385         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
1386
1387         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
1388
1389         * CMakeLists.txt:
1390         * JavaScriptCore.xcodeproj/project.pbxproj:
1391         * heap/Heap.cpp:
1392         (JSC::Heap::runBeginPhase):
1393         (JSC::Heap::runEndPhase):
1394         * heap/HeapVerifier.cpp: Removed.
1395         * heap/HeapVerifier.h: Removed.
1396         * heap/LiveObjectData.h: Removed.
1397         * heap/LiveObjectList.cpp: Removed.
1398         * heap/LiveObjectList.h: Removed.
1399         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
1400         (JSC::CellList::findCell):
1401         (JSC::LiveObjectList::findObject): Deleted.
1402         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
1403         (JSC::CellList::CellList):
1404         (JSC::CellList::reset):
1405         (JSC::LiveObjectList::LiveObjectList): Deleted.
1406         (JSC::LiveObjectList::reset): Deleted.
1407         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
1408         (JSC::CellProfile::CellProfile):
1409         (JSC::LiveObjectData::LiveObjectData): Deleted.
1410         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
1411         (JSC::GatherCellFunctor::GatherCellFunctor):
1412         (JSC::GatherCellFunctor::visit):
1413         (JSC::GatherCellFunctor::operator()):
1414         (JSC::HeapVerifier::gatherLiveCells):
1415         (JSC::HeapVerifier::cellListForGathering):
1416         (JSC::trimDeadCellsFromList):
1417         (JSC::HeapVerifier::trimDeadCells):
1418         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
1419         (JSC::HeapVerifier::reportCell):
1420         (JSC::HeapVerifier::checkIfRecorded):
1421         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
1422         (JSC::GatherLiveObjFunctor::visit): Deleted.
1423         (JSC::GatherLiveObjFunctor::operator()): Deleted.
1424         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
1425         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
1426         (JSC::trimDeadObjectsFromList): Deleted.
1427         (JSC::HeapVerifier::trimDeadObjects): Deleted.
1428         (JSC::HeapVerifier::reportObject): Deleted.
1429         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
1430
1431 2017-03-09  Anders Carlsson  <andersca@apple.com>
1432
1433         Add delegate support to WebCore
1434         https://bugs.webkit.org/show_bug.cgi?id=169427
1435         Part of rdar://problem/28880714.
1436
1437         Reviewed by Geoffrey Garen.
1438
1439         * Configurations/FeatureDefines.xcconfig:
1440         Add feature define.
1441
1442 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
1443
1444         Web Inspector: Show individual messages in the content pane for a WebSocket
1445         https://bugs.webkit.org/show_bug.cgi?id=169011
1446
1447         Reviewed by Joseph Pecoraro.
1448
1449         Add walltime parameter and correct the description of Timestamp type.
1450
1451         * inspector/protocol/Network.json:
1452
1453 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1454
1455         Unreviewed, fix weak external symbol error.
1456
1457         * heap/SlotVisitor.h:
1458
1459 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1460
1461         std::isnan/isinf should work with WTF time classes
1462         https://bugs.webkit.org/show_bug.cgi?id=164991
1463
1464         Reviewed by Darin Adler.
1465         
1466         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
1467
1468         * runtime/AtomicsObject.cpp:
1469         (JSC::atomicsFuncWait):
1470
1471 2017-03-09  Mark Lam  <mark.lam@apple.com>
1472
1473         Use const AbstractLocker& (instead of const LockHolder&) in more places.
1474         https://bugs.webkit.org/show_bug.cgi?id=169424
1475
1476         Reviewed by Filip Pizlo.
1477
1478         * heap/CodeBlockSet.cpp:
1479         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
1480         * heap/CodeBlockSet.h:
1481         * heap/CodeBlockSetInlines.h:
1482         (JSC::CodeBlockSet::mark):
1483         * heap/ConservativeRoots.cpp:
1484         (JSC::CompositeMarkHook::CompositeMarkHook):
1485         * heap/MachineStackMarker.cpp:
1486         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1487         * heap/MachineStackMarker.h:
1488         * profiler/ProfilerDatabase.cpp:
1489         (JSC::Profiler::Database::ensureBytecodesFor):
1490         * profiler/ProfilerDatabase.h:
1491         * runtime/SamplingProfiler.cpp:
1492         (JSC::FrameWalker::FrameWalker):
1493         (JSC::CFrameWalker::CFrameWalker):
1494         (JSC::SamplingProfiler::createThreadIfNecessary):
1495         (JSC::SamplingProfiler::takeSample):
1496         (JSC::SamplingProfiler::start):
1497         (JSC::SamplingProfiler::pause):
1498         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
1499         (JSC::SamplingProfiler::clearData):
1500         (JSC::SamplingProfiler::releaseStackTraces):
1501         * runtime/SamplingProfiler.h:
1502         (JSC::SamplingProfiler::setStopWatch):
1503         * wasm/WasmMemory.cpp:
1504         (JSC::Wasm::availableFastMemories):
1505         (JSC::Wasm::activeFastMemories):
1506         (JSC::Wasm::viewActiveFastMemories):
1507         * wasm/WasmMemory.h:
1508
1509 2017-03-09  Saam Barati  <sbarati@apple.com>
1510
1511         WebAssembly: Make the Unity AngryBots demo run
1512         https://bugs.webkit.org/show_bug.cgi?id=169268
1513
1514         Reviewed by Keith Miller.
1515
1516         This patch fixes three bugs:
1517         1. The WasmBinding code for making a JS call was off
1518         by 1 in its stack layout code.
1519         2. The WasmBinding code had a "<" comparison instead
1520         of a ">=" comparison. This would cause us to calculate
1521         the wrong frame pointer offset.
1522         3. The code to reload wasm state inside B3IRGenerator didn't
1523         properly represent its effects.
1524
1525         * wasm/WasmB3IRGenerator.cpp:
1526         (JSC::Wasm::restoreWebAssemblyGlobalState):
1527         (JSC::Wasm::parseAndCompile):
1528         * wasm/WasmBinding.cpp:
1529         (JSC::Wasm::wasmToJs):
1530         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1531         (JSC::WebAssemblyInstanceConstructor::createInstance):
1532
1533 2017-03-09  Mark Lam  <mark.lam@apple.com>
1534
1535         Make the VM Traps mechanism non-polling for the DFG and FTL.
1536         https://bugs.webkit.org/show_bug.cgi?id=168920
1537         <rdar://problem/30738588>
1538
1539         Reviewed by Filip Pizlo.
1540
1541         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
1542            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
1543         2. Added assembler functions for overwriting an instruction with a breakpoint.
1544         3. Added a new JettisonDueToVMTraps jettison reason.
1545         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
1546            invalidation points with breakpoint instructions.
1547         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
1548         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
1549            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
1550            Options::usePollingTraps() to always be true.  This makes the VMTraps
1551            implementation fall back to using polling based traps only.
1552
1553         7. Make VMTraps support signal based traps.
1554
1555         Some design and implementation details of signal based VM traps:
1556
1557         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
1558
1559         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
1560           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
1561           we want to trap, and check for the occurence of one of the following events:
1562
1563           a. VMTraps::handleTraps() has been called for the requested trap, or
1564
1565           b. the VM is inactive and is no longer executing any JS code.  We determine
1566              this to be the case if the thread no longer owns the JSLock and the VM's
1567              entryScope is null.
1568
1569              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1570              null.  This happens when the thread calls JSLock::dropAllLocks() before
1571              calling a host function that may block on IO (or whatever).  For our purpose,
1572              this counts as the VM still running JS code, and VM::fireTrap() will still
1573              be waiting.
1574
1575           If the SignalSender does not see either of these events, it will sleep for a
1576           while and then re-send SIGUSR1 and check for the events again.  When it sees
1577           one of these events, it will consider the mutator to have received the trap
1578           request.
1579
1580         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1581           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1582           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1583           safe to jettison the codeBlock.
1584
1585           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1586           insert the breakpoint instructions itself.  This is because we need the
1587           register state of the the mutator thread (that we want to trap in) in order to
1588           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1589           we don't have a generic way for the requester thread to get the register state
1590           of another thread.
1591
1592         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1593           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1594           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1595           baseline JIT code will eventually reach an op_check_traps and call
1596           VMTraps::handleTraps().
1597
1598           If the handler is not trapping at an invalidation point, then it must be
1599           observing an assertion failure (which also uses the breakpoint instruction).
1600           In this case, the handler will defer to the default SIGTRAP handler and crash.
1601
1602         - The reason we need the SignalSender is because SignalSender::send() is called
1603           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1604           send() needs to make use of the VM pointer, and it is not guaranteed that the
1605           VM will outlive the thread.  SignalSender provides the mechanism by which we
1606           can nullify the VM pointer when the VM dies so that the thread does not
1607           continue to use it.
1608
1609         * assembler/ARM64Assembler.h:
1610         (JSC::ARM64Assembler::replaceWithBrk):
1611         * assembler/ARMAssembler.h:
1612         (JSC::ARMAssembler::replaceWithBrk):
1613         * assembler/ARMv7Assembler.h:
1614         (JSC::ARMv7Assembler::replaceWithBkpt):
1615         * assembler/MIPSAssembler.h:
1616         (JSC::MIPSAssembler::replaceWithBkpt):
1617         * assembler/MacroAssemblerARM.h:
1618         (JSC::MacroAssemblerARM::replaceWithJump):
1619         * assembler/MacroAssemblerARM64.h:
1620         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1621         * assembler/MacroAssemblerARMv7.h:
1622         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1623         * assembler/MacroAssemblerMIPS.h:
1624         (JSC::MacroAssemblerMIPS::replaceWithJump):
1625         * assembler/MacroAssemblerX86Common.h:
1626         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1627         * assembler/X86Assembler.h:
1628         (JSC::X86Assembler::replaceWithInt3):
1629         * bytecode/CodeBlock.cpp:
1630         (JSC::CodeBlock::jettison):
1631         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1632         (JSC::CodeBlock::installVMTrapBreakpoints):
1633         * bytecode/CodeBlock.h:
1634         * bytecompiler/BytecodeGenerator.cpp:
1635         (JSC::BytecodeGenerator::emitCheckTraps):
1636         * dfg/DFGCommonData.cpp:
1637         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1638         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1639         * dfg/DFGCommonData.h:
1640         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1641         * dfg/DFGJumpReplacement.cpp:
1642         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1643         * dfg/DFGJumpReplacement.h:
1644         (JSC::DFG::JumpReplacement::dataLocation):
1645         * dfg/DFGNodeType.h:
1646         * heap/CodeBlockSet.cpp:
1647         (JSC::CodeBlockSet::contains):
1648         * heap/CodeBlockSet.h:
1649         * heap/CodeBlockSetInlines.h:
1650         (JSC::CodeBlockSet::iterate):
1651         * heap/Heap.cpp:
1652         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1653         * heap/Heap.h:
1654         * heap/HeapInlines.h:
1655         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1656         * heap/MachineStackMarker.h:
1657         (JSC::MachineThreads::threadsListHead):
1658         * jit/ExecutableAllocator.cpp:
1659         (JSC::ExecutableAllocator::isValidExecutableMemory):
1660         * jit/ExecutableAllocator.h:
1661         * profiler/ProfilerJettisonReason.cpp:
1662         (WTF::printInternal):
1663         * profiler/ProfilerJettisonReason.h:
1664         * runtime/JSLock.cpp:
1665         (JSC::JSLock::didAcquireLock):
1666         * runtime/Options.cpp:
1667         (JSC::overrideDefaults):
1668         * runtime/Options.h:
1669         * runtime/PlatformThread.h:
1670         (JSC::platformThreadSignal):
1671         * runtime/VM.cpp:
1672         (JSC::VM::~VM):
1673         (JSC::VM::ensureWatchdog):
1674         (JSC::VM::handleTraps): Deleted.
1675         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1676         * runtime/VM.h:
1677         (JSC::VM::ownerThread):
1678         (JSC::VM::traps):
1679         (JSC::VM::handleTraps):
1680         (JSC::VM::needTrapHandling):
1681         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1682         * runtime/VMTraps.cpp:
1683         (JSC::VMTraps::vm):
1684         (JSC::SignalContext::SignalContext):
1685         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1686         (JSC::vmIsInactive):
1687         (JSC::findActiveVMAndStackBounds):
1688         (JSC::handleSigusr1):
1689         (JSC::handleSigtrap):
1690         (JSC::installSignalHandlers):
1691         (JSC::sanitizedTopCallFrame):
1692         (JSC::isSaneFrame):
1693         (JSC::VMTraps::tryInstallTrapBreakpoints):
1694         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1695         (JSC::VMTraps::VMTraps):
1696         (JSC::VMTraps::willDestroyVM):
1697         (JSC::VMTraps::addSignalSender):
1698         (JSC::VMTraps::removeSignalSender):
1699         (JSC::VMTraps::SignalSender::willDestroyVM):
1700         (JSC::VMTraps::SignalSender::send):
1701         (JSC::VMTraps::fireTrap):
1702         (JSC::VMTraps::handleTraps):
1703         * runtime/VMTraps.h:
1704         (JSC::VMTraps::~VMTraps):
1705         (JSC::VMTraps::needTrapHandling):
1706         (JSC::VMTraps::notifyGrabAllLocks):
1707         (JSC::VMTraps::SignalSender::SignalSender):
1708         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1709         * tools/VMInspector.cpp:
1710         * tools/VMInspector.h:
1711         (JSC::VMInspector::getLock):
1712         (JSC::VMInspector::iterate):
1713
1714 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1715
1716         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1717         https://bugs.webkit.org/show_bug.cgi?id=169215
1718
1719         Reviewed by Mark Lam.
1720         
1721         This doesn't have a test because it would be a very complicated test.
1722
1723         * runtime/JSObject.h:
1724         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1725
1726 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1727
1728         WTF should make it super easy to do ARM concurrency tricks
1729         https://bugs.webkit.org/show_bug.cgi?id=169300
1730
1731         Reviewed by Mark Lam.
1732         
1733         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1734         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1735         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1736         machine code, I found other opportunities for improvement, like inlining the "am I
1737         marked" part of the marking functions.
1738
1739         * heap/Heap.cpp:
1740         (JSC::Heap::setGCDidJIT):
1741         * heap/HeapInlines.h:
1742         (JSC::Heap::testAndSetMarked):
1743         * heap/LargeAllocation.h:
1744         (JSC::LargeAllocation::isMarked):
1745         (JSC::LargeAllocation::isMarkedConcurrently):
1746         (JSC::LargeAllocation::aboutToMark):
1747         (JSC::LargeAllocation::testAndSetMarked):
1748         * heap/MarkedBlock.h:
1749         (JSC::MarkedBlock::areMarksStaleWithDependency):
1750         (JSC::MarkedBlock::aboutToMark):
1751         (JSC::MarkedBlock::isMarkedConcurrently):
1752         (JSC::MarkedBlock::isMarked):
1753         (JSC::MarkedBlock::testAndSetMarked):
1754         * heap/SlotVisitor.cpp:
1755         (JSC::SlotVisitor::appendSlow):
1756         (JSC::SlotVisitor::appendHiddenSlow):
1757         (JSC::SlotVisitor::appendHiddenSlowImpl):
1758         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1759         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1760         (JSC::SlotVisitor::appendHidden): Deleted.
1761         * heap/SlotVisitor.h:
1762         * heap/SlotVisitorInlines.h:
1763         (JSC::SlotVisitor::appendUnbarriered):
1764         (JSC::SlotVisitor::appendHidden):
1765         (JSC::SlotVisitor::append):
1766         (JSC::SlotVisitor::appendValues):
1767         (JSC::SlotVisitor::appendValuesHidden):
1768         * runtime/CustomGetterSetter.cpp:
1769         * runtime/JSObject.cpp:
1770         (JSC::JSObject::visitButterflyImpl):
1771         * runtime/JSObject.h:
1772
1773 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1774
1775         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1776         https://bugs.webkit.org/show_bug.cgi?id=160124
1777
1778         Reviewed by Mark Lam.
1779
1780         When performing CallVarargs, we will copy values to the stack.
1781         Before actually copying values, we need to adjust the stackPointerRegister
1782         to ensure copied values are in the allocated stack area.
1783         If we do not that, OS can break the values that is stored beyond the stack
1784         pointer. For example, signal stack can be constructed on these area, and
1785         breaks values.
1786
1787         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1788         in Linux port. Since Linux ports use signal to suspend and resume threads,
1789         signal handler is frequently called when enabling sampling profiler. Thus this
1790         crash occurs.
1791
1792         * dfg/DFGSpeculativeJIT32_64.cpp:
1793         (JSC::DFG::SpeculativeJIT::emitCall):
1794         * dfg/DFGSpeculativeJIT64.cpp:
1795         (JSC::DFG::SpeculativeJIT::emitCall):
1796         * ftl/FTLLowerDFGToB3.cpp:
1797         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1798         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1799         * jit/SetupVarargsFrame.cpp:
1800         (JSC::emitSetupVarargsFrameFastCase):
1801         * jit/SetupVarargsFrame.h:
1802
1803 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1804
1805         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1806         https://bugs.webkit.org/show_bug.cgi?id=164892
1807         <rdar://problem/29320562>
1808
1809         Reviewed by Brian Burg.
1810
1811         * inspector/protocol/Network.json:
1812         Replace "fromDiskCache" property with "source" property which includes
1813         more complete information about the source of this response (network,
1814         memory cache, disk cache, or unknown).
1815
1816         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1817         (_generate_class_for_object_declaration):
1818         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1819         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1820         * inspector/scripts/codegen/generator.py:
1821         (Generator):
1822         (Generator.open_fields):
1823         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1824         enum and open accessor string symbol that would have the same name, only generate
1825         a specific list of open accessor strings. This reduces the list of exported
1826         symbols from all properties to just the ones that are needed. This can be
1827         cleaned up later if needed.
1828
1829         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1830         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1831         Test for open accessors generation.
1832
1833 2017-03-08  Keith Miller  <keith_miller@apple.com>
1834
1835         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1836         https://bugs.webkit.org/show_bug.cgi?id=169290
1837
1838         Reviewed by Saam Barati.
1839
1840         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1841         of some wasm fast memory.
1842
1843         * wasm/WasmFaultSignalHandler.cpp:
1844         (JSC::Wasm::trapHandler):
1845         (JSC::Wasm::enableFastMemory):
1846         * wasm/WasmMemory.cpp:
1847         (JSC::Wasm::activeFastMemories):
1848         (JSC::Wasm::viewActiveFastMemories):
1849         (JSC::Wasm::tryGetFastMemory):
1850         (JSC::Wasm::releaseFastMemory):
1851         * wasm/WasmMemory.h:
1852
1853 2017-03-07  Dean Jackson  <dino@apple.com>
1854
1855         Some platforms won't be able to create a GPUDevice
1856         https://bugs.webkit.org/show_bug.cgi?id=169314
1857         <rdar://problems/30907521>
1858
1859         Reviewed by Jon Lee.
1860
1861         Disable WEB_GPU on the iOS Simulator.
1862
1863         * Configurations/FeatureDefines.xcconfig:
1864
1865 2017-03-06  Saam Barati  <sbarati@apple.com>
1866
1867         WebAssembly: Implement the WebAssembly.instantiate API
1868         https://bugs.webkit.org/show_bug.cgi?id=165982
1869         <rdar://problem/29760110>
1870
1871         Reviewed by Keith Miller.
1872
1873         This patch is a straight forward implementation of the WebAssembly.instantiate
1874         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1875         
1876         I implemented the API in a synchronous manner. We should make it
1877         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1878
1879         * wasm/JSWebAssembly.cpp:
1880         (JSC::webAssemblyCompileFunc):
1881         (JSC::webAssemblyInstantiateFunc):
1882         (JSC::JSWebAssembly::finishCreation):
1883         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1884         (JSC::constructJSWebAssemblyInstance):
1885         (JSC::WebAssemblyInstanceConstructor::createInstance):
1886         * wasm/js/WebAssemblyInstanceConstructor.h:
1887         * wasm/js/WebAssemblyModuleConstructor.cpp:
1888         (JSC::constructJSWebAssemblyModule):
1889         (JSC::WebAssemblyModuleConstructor::createModule):
1890         * wasm/js/WebAssemblyModuleConstructor.h:
1891
1892 2017-03-06  Michael Saboff  <msaboff@apple.com>
1893
1894         Take advantage of fast permissions switching of JIT memory for devices that support it
1895         https://bugs.webkit.org/show_bug.cgi?id=169155
1896
1897         Reviewed by Saam Barati.
1898
1899         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1900         control access to JIT memory.
1901
1902         Had to update the Xcode config files to handle various build variations of
1903         public and internal SDKs.
1904
1905         * Configurations/Base.xcconfig:
1906         * Configurations/FeatureDefines.xcconfig:
1907         * jit/ExecutableAllocator.cpp:
1908         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1909         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1910         * jit/ExecutableAllocator.h:
1911         (JSC::performJITMemcpy):
1912
1913 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1914
1915         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1916         https://bugs.webkit.org/show_bug.cgi?id=168502
1917
1918         Reviewed by Filip Pizlo.
1919
1920         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1921
1922 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1923
1924         op_get_by_id_with_this should use inline caching
1925         https://bugs.webkit.org/show_bug.cgi?id=162124
1926
1927         Reviewed by Saam Barati.
1928
1929         This patch is enabling inline cache for op_get_by_id_with_this in all
1930         tiers. It means that operations using ```super.member``` are going to
1931         be able to be optimized by PIC. To enable it, we introduced a new
1932         member of StructureStubInfo.patch named thisGPR, created a new class
1933         to manage the IC named JITGetByIdWithThisGenerator and changed
1934         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1935         to decide the correct this value on inline caches.
1936         With inline cached enabled, ```super.member``` are ~4.5x faster,
1937         according microbenchmarks.
1938
1939         * bytecode/AccessCase.cpp:
1940         (JSC::AccessCase::generateImpl):
1941         * bytecode/PolymorphicAccess.cpp:
1942         (JSC::PolymorphicAccess::regenerate):
1943         * bytecode/PolymorphicAccess.h:
1944         * bytecode/StructureStubInfo.cpp:
1945         (JSC::StructureStubInfo::reset):
1946         * bytecode/StructureStubInfo.h:
1947         * dfg/DFGFixupPhase.cpp:
1948         (JSC::DFG::FixupPhase::fixupNode):
1949         * dfg/DFGJITCompiler.cpp:
1950         (JSC::DFG::JITCompiler::link):
1951         * dfg/DFGJITCompiler.h:
1952         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1953         * dfg/DFGSpeculativeJIT.cpp:
1954         (JSC::DFG::SpeculativeJIT::compileIn):
1955         * dfg/DFGSpeculativeJIT.h:
1956         (JSC::DFG::SpeculativeJIT::callOperation):
1957         * dfg/DFGSpeculativeJIT32_64.cpp:
1958         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1959         (JSC::DFG::SpeculativeJIT::compile):
1960         * dfg/DFGSpeculativeJIT64.cpp:
1961         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1962         (JSC::DFG::SpeculativeJIT::compile):
1963         * ftl/FTLLowerDFGToB3.cpp:
1964         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1965         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1966         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1967         * jit/CCallHelpers.h:
1968         (JSC::CCallHelpers::setupArgumentsWithExecState):
1969         * jit/ICStats.h:
1970         * jit/JIT.cpp:
1971         (JSC::JIT::JIT):
1972         (JSC::JIT::privateCompileSlowCases):
1973         (JSC::JIT::link):
1974         * jit/JIT.h:
1975         * jit/JITInlineCacheGenerator.cpp:
1976         (JSC::JITByIdGenerator::JITByIdGenerator):
1977         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1978         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1979         * jit/JITInlineCacheGenerator.h:
1980         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1981         * jit/JITInlines.h:
1982         (JSC::JIT::callOperation):
1983         * jit/JITOperations.cpp:
1984         * jit/JITOperations.h:
1985         * jit/JITPropertyAccess.cpp:
1986         (JSC::JIT::emit_op_get_by_id_with_this):
1987         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1988         * jit/JITPropertyAccess32_64.cpp:
1989         (JSC::JIT::emit_op_get_by_id_with_this):
1990         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1991         * jit/Repatch.cpp:
1992         (JSC::appropriateOptimizingGetByIdFunction):
1993         (JSC::appropriateGenericGetByIdFunction):
1994         (JSC::tryCacheGetByID):
1995         * jit/Repatch.h:
1996         * jsc.cpp:
1997         (WTF::CustomGetter::getOwnPropertySlot):
1998         (WTF::CustomGetter::customGetterAcessor):
1999
2000 2017-03-06  Saam Barati  <sbarati@apple.com>
2001
2002         WebAssembly: implement init_expr for Element
2003         https://bugs.webkit.org/show_bug.cgi?id=165888
2004         <rdar://problem/29760199>
2005
2006         Reviewed by Keith Miller.
2007
2008         This patch fixes a few bugs. The main change is allowing init_expr
2009         for the Element's offset. To do this, I had to fix a couple of
2010         other bugs:
2011         
2012         - I removed our invalid early module-parse-time invalidation
2013         of out of bound Element sections. This is not in the spec because
2014         it can't be validated in the general case when the offset is a
2015         get_global.
2016         
2017         - Our get_global validation inside our init_expr parsing code was simply wrong.
2018         It thought that the index operand to get_global went into the pool of imports,
2019         but it does not. It indexes into the pool of globals. I changed the code to
2020         refer to the global pool instead.
2021
2022         * wasm/WasmFormat.h:
2023         (JSC::Wasm::Element::Element):
2024         * wasm/WasmModuleParser.cpp:
2025         * wasm/js/WebAssemblyModuleRecord.cpp:
2026         (JSC::WebAssemblyModuleRecord::evaluate):
2027
2028 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2029
2030         [JSC] Allow indexed module namespace object fields
2031         https://bugs.webkit.org/show_bug.cgi?id=168870
2032
2033         Reviewed by Saam Barati.
2034
2035         While JS modules cannot expose any indexed bindings,
2036         Wasm modules can expose them. However, module namespace
2037         object currently does not support indexed properties.
2038         This patch allows module namespace objects to offer
2039         indexed binding accesses.
2040
2041         * runtime/JSModuleNamespaceObject.cpp:
2042         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
2043         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
2044         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
2045         * runtime/JSModuleNamespaceObject.h:
2046
2047 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2048
2049         Null pointer crash when loading module with unresolved import also as a script file
2050         https://bugs.webkit.org/show_bug.cgi?id=168971
2051
2052         Reviewed by Saam Barati.
2053
2054         If linking throws an error, this error should be re-thrown
2055         when requesting the same module.
2056
2057         * builtins/ModuleLoaderPrototype.js:
2058         (globalPrivate.newRegistryEntry):
2059         * runtime/JSModuleRecord.cpp:
2060         (JSC::JSModuleRecord::link):
2061
2062 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2063
2064         [GTK][JSCOnly] Enable WebAssembly on Linux environment
2065         https://bugs.webkit.org/show_bug.cgi?id=164032
2066
2067         Reviewed by Michael Catanzaro.
2068
2069         This patch enables WebAssembly on JSCOnly and GTK ports.
2070         Basically, almost all the WASM code is portable to Linux.
2071         One platform-dependent part is faster memory load using SIGBUS
2072         signal handler. This patch ports this part to Linux.
2073
2074         * CMakeLists.txt:
2075         * llint/LLIntSlowPaths.cpp:
2076         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2077         * wasm/WasmFaultSignalHandler.cpp:
2078         (JSC::Wasm::trapHandler):
2079         (JSC::Wasm::enableFastMemory):
2080
2081 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
2082
2083         Currency digits calculation in Intl.NumberFormat should call out to ICU
2084         https://bugs.webkit.org/show_bug.cgi?id=169182
2085
2086         Reviewed by Yusuke Suzuki.
2087
2088         * runtime/IntlNumberFormat.cpp:
2089         (JSC::computeCurrencyDigits):
2090         (JSC::computeCurrencySortKey): Deleted.
2091         (JSC::extractCurrencySortKey): Deleted.
2092
2093 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
2094
2095         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
2096         https://bugs.webkit.org/show_bug.cgi?id=168869
2097
2098         Reviewed by Keith Miller.
2099
2100         * b3/B3Width.h:
2101         * wasm/WasmSections.h:
2102
2103 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
2104
2105         [ARM] Unreviewed buildfix after r213376.
2106
2107         * assembler/ARMAssembler.h:
2108         (JSC::ARMAssembler::isBkpt): Typo fixed.
2109
2110 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
2111
2112         [JSC] build fix after r213399
2113         https://bugs.webkit.org/show_bug.cgi?id=169154
2114
2115         Unreviewed.
2116
2117         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
2118
2119 2017-03-03  Dean Jackson  <dino@apple.com>
2120
2121         Add WebGPU compile flag and experimental feature flag
2122         https://bugs.webkit.org/show_bug.cgi?id=169161
2123         <rdar://problem/30846689>
2124
2125         Reviewed by Tim Horton.
2126
2127         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
2128         and an InternalSetting.
2129
2130         * Configurations/FeatureDefines.xcconfig:
2131
2132 2017-03-03  Michael Saboff  <msaboff@apple.com>
2133
2134         Add support for relative pathnames to JSC config files
2135         https://bugs.webkit.org/show_bug.cgi?id=169154
2136
2137         Reviewed by Saam Barati.
2138
2139         If the config file is a relative path, prepend the current working directory.
2140         After canonicalizing the config file path, we extract its directory path and
2141         use that for the directory for a relative log pathname.
2142
2143         * runtime/ConfigFile.cpp:
2144         (JSC::ConfigFile::ConfigFile):
2145         (JSC::ConfigFile::parse):
2146         (JSC::ConfigFile::canonicalizePaths):
2147         * runtime/ConfigFile.h:
2148
2149 2017-03-03  Michael Saboff  <msaboff@apple.com>
2150
2151         Add load / store exclusive instruction group to ARM64 disassembler
2152         https://bugs.webkit.org/show_bug.cgi?id=169152
2153
2154         Reviewed by Filip Pizlo.
2155
2156         * disassembler/ARM64/A64DOpcode.cpp:
2157         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
2158         * disassembler/ARM64/A64DOpcode.h:
2159         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
2160         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
2161         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
2162         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
2163         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
2164         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
2165         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
2166         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
2167         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
2168
2169 2017-03-03  Keith Miller  <keith_miller@apple.com>
2170
2171         WASM should support faster loads.
2172         https://bugs.webkit.org/show_bug.cgi?id=162693
2173
2174         Reviewed by Saam Barati.
2175
2176         This patch adds support for WebAssembly using a 32-bit address
2177         space for memory (along with some extra space for offset
2178         overflow). With a 32-bit address space (we call them
2179         Signaling/fast memories), we reserve the virtual address space for
2180         2^32 + offset bytes of memory and only mark the usable section as
2181         read/write. If wasm code would read/write out of bounds we use a
2182         custom signal handler to catch the SIGBUS. The signal handler then
2183         checks if the faulting instruction is wasm code and tells the
2184         thread to resume executing from the wasm exception
2185         handler. Otherwise, the signal handler crashes the process, as
2186         usual.
2187
2188         All of the allocations of these memories are managed by the
2189         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
2190         old Signaling memories that are no longer in use. Since getting
2191         the wrong memory can cause recompiles, we try to reserve a memory
2192         for modules that do not import a memory. If a module does import a
2193         memory, we try to guess the type of memory we are going to get
2194         based on the last one allocated.
2195
2196         This patch also changes how the wasm JS-api manages objects. Since
2197         we can compile different versions of code, this patch adds a new
2198         JSWebAssemblyCodeBlock class that holds all the information
2199         specific to running a module in a particular bounds checking
2200         mode. Additionally, the Wasm::Memory object is now a reference
2201         counted class that is shared between the JSWebAssemblyMemory
2202         object and the ArrayBuffer that also views it.
2203
2204         * JavaScriptCore.xcodeproj/project.pbxproj:
2205         * jit/JITThunks.cpp:
2206         (JSC::JITThunks::existingCTIStub):
2207         * jit/JITThunks.h:
2208         * jsc.cpp:
2209         (jscmain):
2210         * runtime/Options.h:
2211         * runtime/VM.cpp:
2212         (JSC::VM::VM):
2213         * runtime/VM.h:
2214         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2215         (JSC::JSWebAssemblyCodeBlock::create):
2216         (JSC::JSWebAssemblyCodeBlock::createStructure):
2217         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
2218         (JSC::JSWebAssemblyCodeBlock::mode):
2219         (JSC::JSWebAssemblyCodeBlock::module):
2220         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
2221         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
2222         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
2223         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
2224         (JSC::JSWebAssemblyCodeBlock::callees):
2225         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
2226         (JSC::JSWebAssemblyCodeBlock::allocationSize):
2227         * wasm/WasmB3IRGenerator.cpp:
2228         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2229         (JSC::Wasm::getMemoryBaseAndSize):
2230         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
2231         (JSC::Wasm::B3IRGenerator::emitLoadOp):
2232         (JSC::Wasm::B3IRGenerator::emitStoreOp):
2233         * wasm/WasmCallingConvention.h:
2234         * wasm/WasmFaultSignalHandler.cpp: Added.
2235         (JSC::Wasm::trapHandler):
2236         (JSC::Wasm::registerCode):
2237         (JSC::Wasm::unregisterCode):
2238         (JSC::Wasm::fastMemoryEnabled):
2239         (JSC::Wasm::enableFastMemory):
2240         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
2241         * wasm/WasmFormat.h:
2242         (JSC::Wasm::ModuleInformation::importFunctionCount):
2243         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
2244         * wasm/WasmMemory.cpp:
2245         (JSC::Wasm::mmapBytes):
2246         (JSC::Wasm::Memory::lastAllocatedMode):
2247         (JSC::Wasm::availableFastMemories):
2248         (JSC::Wasm::tryGetFastMemory):
2249         (JSC::Wasm::releaseFastMemory):
2250         (JSC::Wasm::Memory::Memory):
2251         (JSC::Wasm::Memory::createImpl):
2252         (JSC::Wasm::Memory::create):
2253         (JSC::Wasm::Memory::~Memory):
2254         (JSC::Wasm::Memory::grow):
2255         (JSC::Wasm::Memory::dump):
2256         (JSC::Wasm::Memory::makeString):
2257         * wasm/WasmMemory.h:
2258         (JSC::Wasm::Memory::operator bool):
2259         (JSC::Wasm::Memory::size):
2260         (JSC::Wasm::Memory::check):
2261         (JSC::Wasm::Memory::Memory): Deleted.
2262         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
2263         (JSC::Wasm::Memory::offsetOfSize): Deleted.
2264         * wasm/WasmMemoryInformation.cpp:
2265         (JSC::Wasm::MemoryInformation::MemoryInformation):
2266         * wasm/WasmMemoryInformation.h:
2267         (JSC::Wasm::MemoryInformation::hasReservedMemory):
2268         (JSC::Wasm::MemoryInformation::takeReservedMemory):
2269         (JSC::Wasm::MemoryInformation::mode):
2270         * wasm/WasmModuleParser.cpp:
2271         * wasm/WasmModuleParser.h:
2272         (JSC::Wasm::ModuleParser::ModuleParser):
2273         * wasm/WasmPlan.cpp:
2274         (JSC::Wasm::Plan::parseAndValidateModule):
2275         (JSC::Wasm::Plan::run):
2276         * wasm/WasmPlan.h:
2277         (JSC::Wasm::Plan::mode):
2278         * wasm/js/JSWebAssemblyCallee.cpp:
2279         (JSC::JSWebAssemblyCallee::finishCreation):
2280         (JSC::JSWebAssemblyCallee::destroy):
2281         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
2282         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
2283         (JSC::JSWebAssemblyCodeBlock::destroy):
2284         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
2285         (JSC::JSWebAssemblyCodeBlock::visitChildren):
2286         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
2287         * wasm/js/JSWebAssemblyInstance.cpp:
2288         (JSC::JSWebAssemblyInstance::setMemory):
2289         (JSC::JSWebAssemblyInstance::finishCreation):
2290         (JSC::JSWebAssemblyInstance::visitChildren):
2291         * wasm/js/JSWebAssemblyInstance.h:
2292         (JSC::JSWebAssemblyInstance::module):
2293         (JSC::JSWebAssemblyInstance::codeBlock):
2294         (JSC::JSWebAssemblyInstance::memoryMode):
2295         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
2296         * wasm/js/JSWebAssemblyMemory.cpp:
2297         (JSC::JSWebAssemblyMemory::create):
2298         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
2299         (JSC::JSWebAssemblyMemory::buffer):
2300         (JSC::JSWebAssemblyMemory::grow):
2301         (JSC::JSWebAssemblyMemory::destroy):
2302         * wasm/js/JSWebAssemblyMemory.h:
2303         (JSC::JSWebAssemblyMemory::memory):
2304         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2305         (JSC::JSWebAssemblyMemory::offsetOfSize):
2306         * wasm/js/JSWebAssemblyModule.cpp:
2307         (JSC::JSWebAssemblyModule::buildCodeBlock):
2308         (JSC::JSWebAssemblyModule::create):
2309         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2310         (JSC::JSWebAssemblyModule::codeBlock):
2311         (JSC::JSWebAssemblyModule::finishCreation):
2312         (JSC::JSWebAssemblyModule::visitChildren):
2313         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
2314         * wasm/js/JSWebAssemblyModule.h:
2315         (JSC::JSWebAssemblyModule::takeReservedMemory):
2316         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2317         (JSC::JSWebAssemblyModule::codeBlock):
2318         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
2319         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
2320         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
2321         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
2322         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
2323         (JSC::JSWebAssemblyModule::callees): Deleted.
2324         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
2325         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
2326         * wasm/js/WebAssemblyFunction.cpp:
2327         (JSC::callWebAssemblyFunction):
2328         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2329         (JSC::constructJSWebAssemblyInstance):
2330         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2331         (JSC::constructJSWebAssemblyMemory):
2332         * wasm/js/WebAssemblyModuleConstructor.cpp:
2333         (JSC::WebAssemblyModuleConstructor::createModule):
2334         * wasm/js/WebAssemblyModuleRecord.cpp:
2335         (JSC::WebAssemblyModuleRecord::link):
2336         (JSC::WebAssemblyModuleRecord::evaluate):
2337
2338 2017-03-03  Mark Lam  <mark.lam@apple.com>
2339
2340         Gardening: fix broken ARM64 build.
2341         https://bugs.webkit.org/show_bug.cgi?id=169139
2342
2343         Not reviewed.
2344
2345         * assembler/ARM64Assembler.h:
2346         (JSC::ARM64Assembler::excepnGenerationImmMask):
2347
2348 2017-03-03  Mark Lam  <mark.lam@apple.com>
2349
2350         Add MacroAssembler::isBreakpoint() query function.
2351         https://bugs.webkit.org/show_bug.cgi?id=169139
2352
2353         Reviewed by Michael Saboff.
2354
2355         This will be needed soon when we use breakpoint instructions to implement
2356         non-polling VM traps, and need to discern between a VM trap signal and a genuine
2357         assertion breakpoint.
2358
2359         * assembler/ARM64Assembler.h:
2360         (JSC::ARM64Assembler::isBrk):
2361         (JSC::ARM64Assembler::excepnGenerationImmMask):
2362         * assembler/ARMAssembler.h:
2363         (JSC::ARMAssembler::isBkpt):
2364         * assembler/ARMv7Assembler.h:
2365         (JSC::ARMv7Assembler::isBkpt):
2366         * assembler/MIPSAssembler.h:
2367         (JSC::MIPSAssembler::isBkpt):
2368         * assembler/MacroAssemblerARM.h:
2369         (JSC::MacroAssemblerARM::isBreakpoint):
2370         * assembler/MacroAssemblerARM64.h:
2371         (JSC::MacroAssemblerARM64::isBreakpoint):
2372         * assembler/MacroAssemblerARMv7.h:
2373         (JSC::MacroAssemblerARMv7::isBreakpoint):
2374         * assembler/MacroAssemblerMIPS.h:
2375         (JSC::MacroAssemblerMIPS::isBreakpoint):
2376         * assembler/MacroAssemblerX86Common.h:
2377         (JSC::MacroAssemblerX86Common::isBreakpoint):
2378         * assembler/X86Assembler.h:
2379         (JSC::X86Assembler::isInt3):
2380
2381 2017-03-03  Mark Lam  <mark.lam@apple.com>
2382
2383         We should only check for traps that we're able to handle.
2384         https://bugs.webkit.org/show_bug.cgi?id=169136
2385
2386         Reviewed by Michael Saboff.
2387
2388         The execute methods in interpreter were checking for the existence of any traps
2389         (without masking) and only handling a subset of those via a mask.  This can
2390         result in a failed assertion on debug builds.
2391
2392         This patch fixes this by applying the same mask for both the needTrapHandling()
2393         check and the handleTraps() call.  Also added a few assertions.
2394
2395         * interpreter/Interpreter.cpp:
2396         (JSC::Interpreter::executeProgram):
2397         (JSC::Interpreter::executeCall):
2398         (JSC::Interpreter::executeConstruct):
2399         (JSC::Interpreter::execute):
2400         * jit/JITOperations.cpp:
2401         * llint/LLIntSlowPaths.cpp:
2402         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2403
2404 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2405
2406         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
2407         https://bugs.webkit.org/show_bug.cgi?id=169074
2408
2409         Reviewed by Joseph Pecoraro.
2410
2411         They are not actually cocoa specific.
2412
2413         * inspector/remote/RemoteInspector.cpp:
2414         (Inspector::RemoteInspector::updateTargetListing):
2415         * inspector/remote/RemoteInspector.h:
2416         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2417
2418 2017-03-02  Mark Lam  <mark.lam@apple.com>
2419
2420         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
2421         https://bugs.webkit.org/show_bug.cgi?id=169089
2422
2423         Reviewed by Tim Horton and Joseph Pecoraro.
2424
2425         * runtime/VM.cpp:
2426         (JSC::VM::handleTraps):
2427         * runtime/VM.h:
2428         (JSC::VM::notifyNeedDebuggerBreak):
2429
2430 2017-03-02  Michael Saboff  <msaboff@apple.com>
2431
2432         Add JSC identity when code signing to allow debugging on iOS
2433         https://bugs.webkit.org/show_bug.cgi?id=169099
2434
2435         Reviewed by Filip Pizlo.
2436
2437         * Configurations/JSC.xcconfig:
2438         * Configurations/ToolExecutable.xcconfig:
2439
2440 2017-03-02  Keith Miller  <keith_miller@apple.com>
2441
2442         WebAssemblyFunction should have Function.prototype as its prototype
2443         https://bugs.webkit.org/show_bug.cgi?id=169101
2444
2445         Reviewed by Filip Pizlo.
2446
2447         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
2448         objects should have Function.prototype as their prototype.
2449
2450         * runtime/JSGlobalObject.cpp:
2451         (JSC::JSGlobalObject::init):
2452
2453 2017-03-02  Mark Lam  <mark.lam@apple.com>
2454
2455         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
2456         https://bugs.webkit.org/show_bug.cgi?id=169088
2457
2458         Reviewed by Keith Miller.
2459
2460         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
2461         generated.  This is useful for testing purposes until we have signal based
2462         traps, at which point, we will always emit the op_check_traps bytecode and remove
2463         this option.
2464
2465         Options::usePollingTraps() enables the use of polling VM traps all the time.
2466         This will be useful for benchmark comparisons, (between polling and non-polling
2467         traps), as well as for forcing polling traps later for ports that don't support
2468         signal based traps.
2469
2470         Note: signal based traps are not fully implemented yet.  As a result, if the VM
2471         watchdog is in use, we will force Options::usePollingTraps() to be true.
2472
2473         * bytecompiler/BytecodeGenerator.cpp:
2474         (JSC::BytecodeGenerator::emitCheckTraps):
2475         * dfg/DFGClobberize.h:
2476         (JSC::DFG::clobberize):
2477         * dfg/DFGSpeculativeJIT.cpp:
2478         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2479         * dfg/DFGSpeculativeJIT32_64.cpp:
2480         (JSC::DFG::SpeculativeJIT::compile):
2481         * dfg/DFGSpeculativeJIT64.cpp:
2482         (JSC::DFG::SpeculativeJIT::compile):
2483         * ftl/FTLLowerDFGToB3.cpp:
2484         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2485         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2486         * runtime/Options.cpp:
2487         (JSC::recomputeDependentOptions):
2488         * runtime/Options.h:
2489
2490 2017-03-02  Keith Miller  <keith_miller@apple.com>
2491
2492         Fix addressing mode for B3WasmAddress
2493         https://bugs.webkit.org/show_bug.cgi?id=169092
2494
2495         Reviewed by Filip Pizlo.
2496
2497         Fix the potential addressing modes for B3WasmAddress. ARM does not
2498         support a base + index*1 + offset addressing mode. I think when I
2499         read it the first time I assumed it would always work on both ARM
2500         and X86. While true for X86 it's not true for ARM.
2501
2502         * b3/B3LowerToAir.cpp:
2503         (JSC::B3::Air::LowerToAir::effectiveAddr):
2504
2505 2017-03-02  Mark Lam  <mark.lam@apple.com>
2506
2507         Add support for selective handling of VM traps.
2508         https://bugs.webkit.org/show_bug.cgi?id=169087
2509
2510         Reviewed by Keith Miller.
2511
2512         This is needed because there are some places in the VM where it's appropriate to
2513         handle some types of VM traps but not others.
2514
2515         We implement this selection by using a VMTraps::Mask that allows the user to
2516         specify which traps should be serviced.
2517
2518         * interpreter/Interpreter.cpp:
2519         (JSC::Interpreter::executeProgram):
2520         (JSC::Interpreter::executeCall):
2521         (JSC::Interpreter::executeConstruct):
2522         (JSC::Interpreter::execute):
2523         * runtime/VM.cpp:
2524         (JSC::VM::handleTraps):
2525         * runtime/VM.h:
2526         * runtime/VMTraps.cpp:
2527         (JSC::VMTraps::takeTrap): Deleted.
2528         * runtime/VMTraps.h:
2529         (JSC::VMTraps::Mask::Mask):
2530         (JSC::VMTraps::Mask::allEventTypes):
2531         (JSC::VMTraps::Mask::bits):
2532         (JSC::VMTraps::Mask::init):
2533         (JSC::VMTraps::needTrapHandling):
2534         (JSC::VMTraps::hasTrapForEvent):
2535
2536 2017-03-02  Alex Christensen  <achristensen@webkit.org>
2537
2538         Continue enabling WebRTC
2539         https://bugs.webkit.org/show_bug.cgi?id=169056
2540
2541         Reviewed by Jon Lee.
2542
2543         * Configurations/FeatureDefines.xcconfig:
2544
2545 2017-03-02  Tomas Popela  <tpopela@redhat.com>
2546
2547         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
2548         https://bugs.webkit.org/show_bug.cgi?id=169034
2549
2550         Reviewed by Mark Lam.
2551
2552         It should not assign to offset, but compare to offset.
2553
2554         * runtime/JSGlobalObject.cpp:
2555         (JSC::JSGlobalObject::addStaticGlobals):
2556
2557 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2558
2559         Unreviewed, rolling out r213259.
2560
2561         Broke an internal build
2562
2563         Reverted changeset:
2564
2565         "Continue enabling WebRTC"
2566         https://bugs.webkit.org/show_bug.cgi?id=169056
2567         http://trac.webkit.org/changeset/213259
2568
2569 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2570
2571         Continue enabling WebRTC
2572         https://bugs.webkit.org/show_bug.cgi?id=169056
2573
2574         Reviewed by Jon Lee.
2575
2576         * Configurations/FeatureDefines.xcconfig:
2577
2578 2017-03-01  Michael Saboff  <msaboff@apple.com>
2579
2580         Source/JavaScriptCore/ChangeLog
2581         https://bugs.webkit.org/show_bug.cgi?id=169055
2582
2583         Reviewed by Mark Lam.
2584
2585         Made local copies of options strings for OptionRange and string typed options.
2586
2587         * runtime/Options.cpp:
2588         (JSC::parse):
2589         (JSC::OptionRange::init):
2590
2591 2017-03-01  Mark Lam  <mark.lam@apple.com>
2592
2593         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2594         https://bugs.webkit.org/show_bug.cgi?id=168996
2595
2596         Reviewed by Filip Pizlo and Saam Barati.
2597
2598         PlatformThread is more useful because it allows us to:
2599         1. find the MachineThreads::Thread which is associated with it.
2600         2. suspend / resume threads.
2601         3. send a signal to a thread.
2602
2603         We can't do those with std::thread::id.  We will need one or more of these
2604         capabilities to implement non-polling VM traps later.
2605
2606         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2607         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2608         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2609         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2610
2611         * JavaScriptCore.xcodeproj/project.pbxproj:
2612         * heap/MachineStackMarker.cpp:
2613         (JSC::MachineThreads::Thread::createForCurrentThread):
2614         (JSC::MachineThreads::machineThreadForCurrentThread):
2615         (JSC::MachineThreads::removeThread):
2616         (JSC::MachineThreads::Thread::suspend):
2617         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2618         (JSC::getCurrentPlatformThread): Deleted.
2619         * heap/MachineStackMarker.h:
2620         * runtime/JSCellInlines.h:
2621         (JSC::JSCell::classInfo):
2622         * runtime/JSLock.cpp:
2623         (JSC::JSLock::JSLock):
2624         (JSC::JSLock::lock):
2625         (JSC::JSLock::unlock):
2626         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2627         * runtime/JSLock.h:
2628         (JSC::JSLock::ownerThread):
2629         (JSC::JSLock::currentThreadIsHoldingLock):
2630         * runtime/PlatformThread.h: Added.
2631         (JSC::currentPlatformThread):
2632         * runtime/VM.cpp:
2633         (JSC::VM::~VM):
2634         * runtime/VM.h:
2635         (JSC::VM::ownerThread):
2636         * runtime/Watchdog.cpp:
2637         (JSC::Watchdog::setTimeLimit):
2638         (JSC::Watchdog::shouldTerminate):
2639         (JSC::Watchdog::startTimer):
2640         (JSC::Watchdog::stopTimer):
2641         * tools/JSDollarVMPrototype.cpp:
2642         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2643         * tools/VMInspector.cpp:
2644
2645 2017-03-01  Saam Barati  <sbarati@apple.com>
2646
2647         Implement a mega-disassembler that'll be used in the FTL
2648         https://bugs.webkit.org/show_bug.cgi?id=168685
2649
2650         Reviewed by Mark Lam.
2651
2652         This patch extends the previous Air disassembler to print the
2653         DFG and B3 nodes belonging to particular Air instructions.
2654         The algorithm I'm using to do this is not perfect. For example,
2655         it won't try to print the entire DFG/B3 graph. It'll just print
2656         the related nodes for particular Air instructions. We can make the
2657         algorithm more sophisticated as we get more experience looking at
2658         these IR dumps and get a better feel for what we want out of them.
2659
2660         This is an example of the output:
2661
2662         ...
2663         ...
2664         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2665            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2666                Patch &Patchpoint2, %r20, %r20, %r0, @54
2667          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2668            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2669                Move 32(%r20), %r5, @57
2670                       0x389cc9ac0:    ldur   x5, [x20, #32]
2671         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2672            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2673                Move32 (%r5), %r1, @58
2674                       0x389cc9ac4:    ldur   w1, [x5]
2675            Int32 @59 = Const32(DFG:@115, 92)
2676            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2677            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2678                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2679                       0x389cc9ac8:    cmp    w1, #92
2680                       0x389cc9acc:    b.ne   0x389cc9dac
2681         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2682            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2683                Move 8(%r5), %r4, @64
2684                       0x389cc9ad0:    ldur   x4, [x5, #8]
2685          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2686            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2687                Move32 -8(%r4), %r2, @67
2688                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2689       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2690            Int32 @68 = Const32(DFG:@192, -1)
2691                Move $0xffffffffffffffff, %r1, $-1(@68)
2692                       0x389cc9ad8:    mov    x1, #-1
2693          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2694            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2695                Add32 %r2, %r1, %r1, @69
2696                       0x389cc9adc:    add    w1, w2, w1
2697          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2698            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2699            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2700                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2701                       0x389cc9ae0:    cmp    x0, x22
2702                       0x389cc9ae4:    b.lo   0x389cc9dc0
2703            Int32 @72 = Trunc(@53, DFG:@86)
2704            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2705                And32 %r1, %r0, %r1, @73
2706                       0x389cc9ae8:    and    w1, w1, w0
2707            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2708            Int32 @72 = Trunc(@53, DFG:@86)
2709            Int64 @11 = SlotBase(stack0)
2710            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2711                Move32 %r0, -64(%fp), @76
2712                       0x389cc9aec:    stur   w0, [fp, #-64]
2713            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2714            Int64 @77 = ZExt32(@73, DFG:@12)
2715            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2716                Add64 %r1, %r22, %r3, @78
2717                       0x389cc9af0:    add    x3, x1, x22
2718            Int64 @11 = SlotBase(stack0)
2719            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2720                Move %r3, -72(%fp), @81
2721                       0x389cc9af4:    stur   x3, [fp, #-72]
2722            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2723            Int32 @82 = Trunc(@24, DFG:@10)
2724            Int64 @11 = SlotBase(stack0)
2725            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2726                Move32 %r21, -80(%fp), @85
2727                       0x389cc9af8:    stur   w21, [fp, #-80]
2728           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2729            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2730            Void @90 = Branch(@89, DFG:@129, Terminal)
2731                Branch32 AboveOrEqual, %r1, %r2, @90
2732                       0x389cc9afc:    cmp    w1, w2
2733                       0x389cc9b00:    b.hs   0x389cc9bec
2734         ...
2735         ...
2736
2737         * b3/air/AirDisassembler.cpp:
2738         (JSC::B3::Air::Disassembler::dump):
2739         * b3/air/AirDisassembler.h:
2740         * ftl/FTLCompile.cpp:
2741         (JSC::FTL::compile):
2742         * ftl/FTLLowerDFGToB3.cpp:
2743         (JSC::FTL::DFG::LowerDFGToB3::lower):
2744         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2745         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2746         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2747         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2748
2749 2017-03-01  Mark Lam  <mark.lam@apple.com>
2750
2751         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2752         https://bugs.webkit.org/show_bug.cgi?id=169042
2753
2754         Not reviewed.
2755
2756         Rolling out r213229 and r213202.
2757
2758         * JavaScriptCore.xcodeproj/project.pbxproj:
2759         * heap/MachineStackMarker.cpp:
2760         (JSC::getCurrentPlatformThread):
2761         (JSC::MachineThreads::Thread::createForCurrentThread):
2762         (JSC::MachineThreads::machineThreadForCurrentThread):
2763         (JSC::MachineThreads::removeThread):
2764         (JSC::MachineThreads::Thread::suspend):
2765         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2766         * heap/MachineStackMarker.h:
2767         * runtime/JSCellInlines.h:
2768         (JSC::JSCell::classInfo):
2769         * runtime/JSLock.cpp:
2770         (JSC::JSLock::JSLock):
2771         (JSC::JSLock::lock):
2772         (JSC::JSLock::unlock):
2773         (JSC::JSLock::currentThreadIsHoldingLock):
2774         * runtime/JSLock.h:
2775         (JSC::JSLock::ownerThread):
2776         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2777         * runtime/PlatformThread.h: Removed.
2778         * runtime/VM.cpp:
2779         (JSC::VM::~VM):
2780         * runtime/VM.h:
2781         (JSC::VM::ownerThread):
2782         * runtime/Watchdog.cpp:
2783         (JSC::Watchdog::setTimeLimit):
2784         (JSC::Watchdog::shouldTerminate):
2785         (JSC::Watchdog::startTimer):
2786         (JSC::Watchdog::stopTimer):
2787         * tools/JSDollarVMPrototype.cpp:
2788         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2789         * tools/VMInspector.cpp:
2790
2791 2017-03-01  Mark Lam  <mark.lam@apple.com>
2792
2793         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2794         https://bugs.webkit.org/show_bug.cgi?id=169042
2795
2796         Reviewed by Filip Pizlo.
2797
2798         * runtime/JSLock.h:
2799         (JSC::JSLock::currentThreadIsHoldingLock):
2800
2801 2017-02-28  Brian Burg  <bburg@apple.com>
2802
2803         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2804         https://bugs.webkit.org/show_bug.cgi?id=168695
2805         <rdar://problem/30643899>
2806
2807         Reviewed by Joseph Pecoraro.
2808
2809         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2810         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2811         to gather listing information for RemoteAutomationTargets.
2812
2813         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2814         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2815         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2816
2817         * inspector/remote/RemoteInspector.h:
2818         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2819
2820         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2821         (Inspector::RemoteConnectionToTarget::setup):
2822         (Inspector::RemoteConnectionToTarget::close):
2823         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2824         and use it inside the block later after it may have been destructed already. If that happens,
2825         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2826
2827         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2828         (Inspector::RemoteInspector::updateTargetListing):
2829         We need to make sure to request a listing push after the target is updated, so implicitly call
2830         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2831
2832         (Inspector::RemoteInspector::receivedSetupMessage):
2833         (Inspector::RemoteInspector::receivedDidCloseMessage):
2834         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2835         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2836         and asynchronously on the target's queue when the connection to target is opened or closed.
2837
2838 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2839
2840         Leak under Options::setOptions
2841         https://bugs.webkit.org/show_bug.cgi?id=169029
2842
2843         Reviewed by Michael Saboff.
2844
2845         Don't leak the optionsStrCopy variable.
2846
2847         * runtime/Options.cpp:
2848         (JSC::Options::setOptions):
2849
2850 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2851
2852         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2853         https://bugs.webkit.org/show_bug.cgi?id=168968
2854
2855         Reviewed by Saam Barati.
2856
2857         This patch decouples dumping bytecode sequence from CodeBlock.
2858         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2859         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2860         called Generatorification.
2861
2862         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2863         this class to dump bytecode sequence.
2864
2865         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2866         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2867
2868         * CMakeLists.txt:
2869         * JavaScriptCore.xcodeproj/project.pbxproj:
2870         * bytecode/BytecodeDumper.cpp: Added.
2871         (JSC::getStructureID):
2872         (JSC::getSpecialPointer):
2873         (JSC::getPutByIdFlags):
2874         (JSC::getToThisStatus):
2875         (JSC::getPointer):
2876         (JSC::getStructureChain):
2877         (JSC::getStructure):
2878         (JSC::getCallLinkInfo):
2879         (JSC::getBasicBlockLocation):
2880         (JSC::BytecodeDumper<Block>::actualPointerFor):
2881         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2882         (JSC::beginDumpProfiling):
2883         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2884         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2885         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2886         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2887         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2888         (JSC::dumpRareCaseProfile):
2889         (JSC::dumpArithProfile):
2890         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2891         (JSC::BytecodeDumper<Block>::vm):
2892         (JSC::BytecodeDumper<Block>::identifier):
2893         (JSC::regexpToSourceString):
2894         (JSC::regexpName):
2895         (JSC::printLocationAndOp):
2896         (JSC::isConstantRegisterIndex):
2897         (JSC::debugHookName):
2898         (JSC::BytecodeDumper<Block>::registerName):
2899         (JSC::idName):
2900         (JSC::BytecodeDumper<Block>::constantName):
2901         (JSC::BytecodeDumper<Block>::printUnaryOp):
2902         (JSC::BytecodeDumper<Block>::printBinaryOp):
2903         (JSC::BytecodeDumper<Block>::printConditionalJump):
2904         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2905         (JSC::dumpStructure):
2906         (JSC::dumpChain):
2907         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2908         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2909         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2910         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2911         (JSC::BytecodeDumper<Block>::printCallOp):
2912         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2913         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2914         (JSC::BytecodeDumper<Block>::dumpBytecode):
2915         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2916         (JSC::BytecodeDumper<Block>::dumpConstants):
2917         (JSC::BytecodeDumper<Block>::dumpRegExps):
2918         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2919         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2920         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2921         (JSC::BytecodeDumper<Block>::dumpBlock):
2922         * bytecode/BytecodeDumper.h: Added.
2923         (JSC::BytecodeDumper::BytecodeDumper):
2924         (JSC::BytecodeDumper::block):
2925         (JSC::BytecodeDumper::instructionsBegin):
2926         * bytecode/BytecodeGeneratorification.cpp:
2927         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2928         (JSC::performGeneratorification):
2929         * bytecode/BytecodeLivenessAnalysis.cpp:
2930         (JSC::BytecodeLivenessAnalysis::dumpResults):
2931         * bytecode/CodeBlock.cpp:
2932         (JSC::CodeBlock::dumpBytecode):
2933         (JSC::CodeBlock::finishCreation):
2934         (JSC::CodeBlock::propagateTransitions):
2935         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2936         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2937         (JSC::CodeBlock::usesOpcode):
2938         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2939         (JSC::CodeBlock::arithProfileForPC):
2940         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2941         (JSC::idName): Deleted.
2942         (JSC::CodeBlock::registerName): Deleted.
2943         (JSC::CodeBlock::constantName): Deleted.
2944         (JSC::regexpToSourceString): Deleted.
2945         (JSC::regexpName): Deleted.
2946         (JSC::debugHookName): Deleted.
2947         (JSC::CodeBlock::printUnaryOp): Deleted.
2948         (JSC::CodeBlock::printBinaryOp): Deleted.
2949         (JSC::CodeBlock::printConditionalJump): Deleted.
2950         (JSC::CodeBlock::printGetByIdOp): Deleted.
2951         (JSC::dumpStructure): Deleted.
2952         (JSC::dumpChain): Deleted.
2953         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2954         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2955         (JSC::CodeBlock::printCallOp): Deleted.
2956         (JSC::CodeBlock::printPutByIdOp): Deleted.
2957         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2958         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2959         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2960         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2961         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2962         (JSC::CodeBlock::dumpArithProfile): Deleted.
2963         (JSC::CodeBlock::printLocationAndOp): Deleted.
2964         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2965         * bytecode/CodeBlock.h:
2966         (JSC::CodeBlock::constantRegisters):
2967         (JSC::CodeBlock::numberOfRegExps):
2968         (JSC::CodeBlock::bitVectors):
2969         (JSC::CodeBlock::bitVector):
2970         * bytecode/HandlerInfo.h:
2971         (JSC::HandlerInfoBase::typeName):
2972         * bytecode/UnlinkedCodeBlock.cpp:
2973         (JSC::UnlinkedCodeBlock::dump):
2974         * bytecode/UnlinkedCodeBlock.h:
2975         (JSC::UnlinkedCodeBlock::getConstant):
2976         * bytecode/UnlinkedInstructionStream.cpp:
2977         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2978         * bytecode/UnlinkedInstructionStream.h:
2979         (JSC::UnlinkedInstructionStream::Reader::next):
2980         * runtime/Options.h:
2981
2982 2017-02-28  Mark Lam  <mark.lam@apple.com>
2983
2984         Change JSLock to stash PlatformThread instead of std::thread::id.
2985         https://bugs.webkit.org/show_bug.cgi?id=168996
2986
2987         Reviewed by Filip Pizlo.
2988
2989         PlatformThread is more useful because it allows us to:
2990         1. find the MachineThreads::Thread which is associated with it.
2991         2. suspend / resume threads.
2992         3. send a signal to a thread.
2993
2994         We can't do those with std::thread::id.  We will need one or more of these
2995         capabilities to implement non-polling VM traps later.
2996
2997         * JavaScriptCore.xcodeproj/project.pbxproj:
2998         * heap/MachineStackMarker.cpp:
2999         (JSC::MachineThreads::Thread::createForCurrentThread):
3000         (JSC::MachineThreads::machineThreadForCurrentThread):
3001         (JSC::MachineThreads::removeThread):
3002         (JSC::MachineThreads::Thread::suspend):
3003         (JSC::MachineThreads::tryCopyOtherThreadStacks):
3004         (JSC::getCurrentPlatformThread): Deleted.
3005         * heap/MachineStackMarker.h:
3006         * runtime/JSCellInlines.h:
3007         (JSC::JSCell::classInfo):
3008         * runtime/JSLock.cpp:
3009         (JSC::JSLock::lock):
3010         (JSC::JSLock::unlock):
3011         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
3012         * runtime/JSLock.h:
3013         (JSC::JSLock::ownerThread):
3014         (JSC::JSLock::currentThreadIsHoldingLock):
3015         * runtime/PlatformThread.h: Added.
3016         (JSC::currentPlatformThread):
3017         * runtime/VM.cpp:
3018         (JSC::VM::~VM):
3019         * runtime/VM.h:
3020         (JSC::VM::ownerThread):
3021         * runtime/Watchdog.cpp:
3022         (JSC::Watchdog::setTimeLimit):
3023         (JSC::Watchdog::shouldTerminate):
3024         (JSC::Watchdog::startTimer):
3025         (JSC::Watchdog::stopTimer):
3026         * tools/JSDollarVMPrototype.cpp:
3027         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
3028         * tools/VMInspector.cpp:
3029
3030 2017-02-28  Mark Lam  <mark.lam@apple.com>
3031
3032         Enable the SigillCrashAnalyzer by default for iOS.
3033         https://bugs.webkit.org/show_bug.cgi?id=168989
3034
3035         Reviewed by Keith Miller.
3036
3037         * runtime/Options.cpp:
3038         (JSC::overrideDefaults):
3039
3040 2017-02-28  Mark Lam  <mark.lam@apple.com>
3041
3042         Remove setExclusiveThread() and peers from the JSLock.
3043         https://bugs.webkit.org/show_bug.cgi?id=168977
3044
3045         Reviewed by Filip Pizlo.
3046
3047         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
3048         Speedometer, we see that removal of exclusive thread status has no measurable
3049         impact on performance.  So, let's remove the code for handling exclusive thread
3050         status, and simplify the JSLock code.
3051
3052         For the records, exclusive thread status does improve JSLock locking/unlocking
3053         time by up to 20%.  However, this difference is not measurable in the way WebCore
3054         uses the JSLock as confirmed by Speedometer.
3055
3056         Also applied a minor optimization in JSLock::lock() to assume the initial lock
3057         entry case (as opposed to the re-entry case).  This appears to shows a small
3058         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
3059         time in a micro-benchmark.
3060
3061         * heap/Heap.cpp:
3062         (JSC::Heap::Heap):
3063         * heap/MachineStackMarker.cpp:
3064         (JSC::MachineThreads::MachineThreads):
3065         (JSC::MachineThreads::addCurrentThread):
3066         * heap/MachineStackMarker.h:
3067         * runtime/JSLock.cpp:
3068         (JSC::JSLock::JSLock):
3069         (JSC::JSLock::lock):
3070         (JSC::JSLock::unlock):
3071         (JSC::JSLock::currentThreadIsHoldingLock):
3072         (JSC::JSLock::dropAllLocks):
3073         (JSC::JSLock::grabAllLocks):
3074         (JSC::JSLock::setExclusiveThread): Deleted.
3075         * runtime/JSLock.h:
3076         (JSC::JSLock::ownerThread):
3077         (JSC::JSLock::hasExclusiveThread): Deleted.
3078         (JSC::JSLock::exclusiveThread): Deleted.
3079         * runtime/VM.h:
3080         (JSC::VM::hasExclusiveThread): Deleted.
3081         (JSC::VM::exclusiveThread): Deleted.
3082         (JSC::VM::setExclusiveThread): Deleted.
3083
3084 2017-02-28  Saam Barati  <sbarati@apple.com>
3085
3086         Arm64 disassembler prints "ars" instead of "asr"
3087         https://bugs.webkit.org/show_bug.cgi?id=168923
3088
3089         Rubber stamped by Michael Saboff.
3090
3091         * disassembler/ARM64/A64DOpcode.cpp:
3092         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
3093
3094 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
3095
3096         Use of arguments in arrow function is slow
3097         https://bugs.webkit.org/show_bug.cgi?id=168829
3098
3099         Reviewed by Saam Barati.
3100
3101         Current patch improves performance access to arguments within arrow functuion
3102         by preventing create arguments variable within arrow function, also allow to cache 
3103         arguments variable. Before arguments variable always have Dynamic resolve type, after 
3104         patch it can be ClosureVar, that increase performance of access to arguments variable
3105         in 9 times inside of the arrow function. 
3106
3107         * bytecompiler/BytecodeGenerator.cpp:
3108         (JSC::BytecodeGenerator::BytecodeGenerator):
3109         * runtime/JSScope.cpp:
3110         (JSC::abstractAccess):
3111
3112 2017-02-28  Michael Saboff  <msaboff@apple.com>
3113
3114         Add ability to configure JSC options from a file
3115         https://bugs.webkit.org/show_bug.cgi?id=168914
3116
3117         Reviewed by Filip Pizlo.
3118
3119         Added the ability to set options and DataLog file location via a configuration file.
3120         The configuration file is specified with the --configFile option to JSC or the
3121         JSC_configFile environment variable.
3122
3123         The file format allows for options conditionally dependent on various attributes.
3124         Currently those attributes are the process name, parent process name and build
3125         type (Release or Debug).  In this patch, the parent process type is not set.
3126         That will be set up in WebKit code with a follow up patch.
3127
3128         Here is an example config file:
3129
3130             logFile = "/tmp/jscLog.%pid.txt"
3131
3132             jscOptions {
3133                 dumpOptions = 2
3134             }
3135
3136             build == "Debug" {
3137                 jscOptions {
3138                     useConcurrentJIT = false
3139                     dumpDisassembly = true
3140                 }
3141             }
3142
3143             build == "Release" && processName == "jsc" {
3144                 jscOptions {
3145                     asyncDisassembly = true
3146                 }
3147             }
3148
3149         Eliminated the prior options file code.
3150
3151         * CMakeLists.txt:
3152         * JavaScriptCore.xcodeproj/project.pbxproj:
3153         * jsc.cpp:
3154         (jscmain):
3155         * runtime/ConfigFile.cpp: Added.
3156         (JSC::ConfigFileScanner::ConfigFileScanner):
3157         (JSC::ConfigFileScanner::start):
3158         (JSC::ConfigFileScanner::lineNumber):
3159         (JSC::ConfigFileScanner::currentBuffer):
3160         (JSC::ConfigFileScanner::atFileEnd):
3161         (JSC::ConfigFileScanner::tryConsume):
3162         (JSC::ConfigFileScanner::tryConsumeString):
3163         (JSC::ConfigFileScanner::tryConsumeUpto):
3164         (JSC::ConfigFileScanner::fillBufferIfNeeded):
3165         (JSC::ConfigFileScanner::fillBuffer):
3166         (JSC::ConfigFile::ConfigFile):
3167         (JSC::ConfigFile::setProcessName):
3168         (JSC::ConfigFile::setParentProcessName):
3169         (JSC::ConfigFile::parse):
3170         * runtime/ConfigFile.h: Added.
3171         * runtime/Options.cpp:
3172         (JSC::Options::initialize):
3173         (JSC::Options::setOptions):
3174         * runtime/Options.h:
3175
3176 2017-02-27  Alex Christensen  <achristensen@webkit.org>
3177
3178         Begin enabling WebRTC on 64-bit
3179         https://bugs.webkit.org/show_bug.cgi?id=168915
3180
3181         Reviewed by Eric Carlson.
3182
3183         * Configurations/FeatureDefines.xcconfig:
3184
3185 2017-02-27  Mark Lam  <mark.lam@apple.com>
3186
3187         Introduce a VM Traps mechanism and refactor Watchdog to use it.
3188         https://bugs.webkit.org/show_bug.cgi?id=168842
3189
3190         Reviewed by Filip Pizlo.
3191
3192         Currently, the traps mechanism is only used for the JSC watchdog, and for
3193         asynchronous termination requests (which is currently only used for worker
3194         threads termination).
3195
3196         This first cut of the traps mechanism still relies on polling from DFG and FTL
3197         code.  This is done to keep the patch as small as possible.  The work to do
3198         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
3199         another patch.
3200
3201         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
3202         flag to enable the traps polling in the DFG and FTL code.  When we have the
3203         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
3204         the VM::m_needAsynchronousTerminationSupport flag.
3205
3206         Note: this patch also separates asynchronous termination support from the JSC
3207         watchdog.  This separation allows us to significantly simplify the locking
3208         requirements in the watchdog code, and make it easier to reason about its
3209         correctness.
3210
3211         * CMakeLists.txt:
3212         * JavaScriptCore.xcodeproj/project.pbxproj:
3213         * bytecode/BytecodeList.json:
3214         * bytecode/BytecodeUseDef.h:
3215         (JSC::computeUsesForBytecodeOffset):
3216         (JSC::computeDefsForBytecodeOffset):
3217         * bytecode/CodeBlock.cpp:
3218         (JSC::CodeBlock::dumpBytecode):
3219         * bytecompiler/BytecodeGenerator.cpp:
3220         (JSC::BytecodeGenerator::BytecodeGenerator):
3221         (JSC::BytecodeGenerator::emitLoopHint):
3222         (JSC::BytecodeGenerator::emitCheckTraps):
3223         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
3224         * bytecompiler/BytecodeGenerator.h:
3225         * dfg/DFGAbstractInterpreterInlines.h:
3226         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3227         * dfg/DFGByteCodeParser.cpp:
3228         (JSC::DFG::ByteCodeParser::parseBlock):
3229         * dfg/DFGCapabilities.cpp:
3230         (JSC::DFG::capabilityLevel):
3231         * dfg/DFGClobberize.h:
3232         (JSC::DFG::clobberize):
3233         * dfg/DFGDoesGC.cpp:
3234         (JSC::DFG::doesGC):
3235         * dfg/DFGFixupPhase.cpp:
3236         (JSC::DFG::FixupPhase::fixupNode):
3237         * dfg/DFGNodeType.h:
3238         * dfg/DFGPredictionPropagationPhase.cpp:
3239         * dfg/DFGSafeToExecute.h:
3240         (JSC::DFG::safeToExecute):
3241         * dfg/DFGSpeculativeJIT.cpp:
3242         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
3243         * dfg/DFGSpeculativeJIT.h:
3244         * dfg/DFGSpeculativeJIT32_64.cpp:
3245         (JSC::DFG::SpeculativeJIT::compile):
3246         * dfg/DFGSpeculativeJIT64.cpp:
3247         (JSC::DFG::SpeculativeJIT::compile):
3248         * ftl/FTLCapabilities.cpp:
3249         (JSC::FTL::canCompile):
3250         * ftl/FTLLowerDFGToB3.cpp:
3251         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3252         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
3253         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
3254         * interpreter/Interpreter.cpp:
3255         (JSC::Interpreter::executeProgram):
3256         (JSC::Interpreter::executeCall):
3257         (JSC::Interpreter::executeConstruct):
3258         (JSC::Interpreter::execute):
3259         * jit/JIT.cpp:
3260         (JSC::JIT::privateCompileMainPass):
3261         (JSC::JIT::privateCompileSlowCases):
3262         * jit/JIT.h:
3263         * jit/JITOpcodes.cpp:
3264         (JSC::JIT::emit_op_check_traps):
3265         (JSC::JIT::emitSlow_op_check_traps):
3266         (JSC::JIT::emit_op_watchdog): Deleted.
3267         (JSC::JIT::emitSlow_op_watchdog): Deleted.
3268         * jit/JITOperations.cpp:
3269         * jit/JITOperations.h:
3270         * llint/LLIntSlowPaths.cpp:
3271         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3272         * llint/LLIntSlowPaths.h:
3273         * llint/LowLevelInterpreter.asm:
3274         * llint/LowLevelInterpreter32_64.asm:
3275         * llint/LowLevelInterpreter64.asm:
3276         * runtime/VM.cpp:
3277         (JSC::VM::~VM):
3278         (JSC::VM::ensureWatchdog):
3279         (JSC::VM::handleTraps):
3280         * runtime/VM.h:
3281         (JSC::VM::ownerThread):
3282         (JSC::VM::needTrapHandling):
3283         (JSC::VM::needTrapHandlingAddress):
3284         (JSC::VM::notifyNeedTermination):
3285         (JSC::VM::notifyNeedWatchdogCheck):
3286         (JSC::VM::needAsynchronousTerminationSupport):
3287         (JSC::VM::setNeedAsynchronousTerminationSupport):
3288         * runtime/VMInlines.h:
3289         (JSC::VM::shouldTriggerTermination): Deleted.
3290         * runtime/VMTraps.cpp: Added.
3291         (JSC::VMTraps::fireTrap):
3292         (JSC::VMTraps::takeTrap):
3293         * runtime/VMTraps.h: Added.
3294         (JSC::VMTraps::needTrapHandling):
3295         (JSC::VMTraps::needTrapHandlingAddress):
3296         (JSC::VMTraps::hasTrapForEvent):
3297         (JSC::VMTraps::setTrapForEvent):
3298         (JSC::VMTraps::clearTrapForEvent):
3299         * runtime/Watchdog.cpp:
3300         (JSC::Watchdog::Watchdog):
3301         (JSC::Watchdog::setTimeLimit):
3302         (JSC::Watchdog::shouldTerminate):
3303         (JSC::Watchdog::enteredVM):
3304         (JSC::Watchdog::exitedVM):
3305         (JSC::Watchdog::startTimer):
3306         (JSC::Watchdog::stopTimer):
3307         (JSC::Watchdog::willDestroyVM):
3308         (JSC::Watchdog::terminateSoon): Deleted.
3309         (JSC::Watchdog::shouldTerminateSlow): Deleted.
3310         * runtime/Watchdog.h:
3311         (JSC::Watchdog::shouldTerminate): Deleted.
3312         (JSC::Watchdog::timerDidFireAddress): Deleted.
3313
3314 2017-02-27  Commit Queue  <commit-queue@webkit.org>
3315
3316         Unreviewed, rolling out r213019.
3317         https://bugs.webkit.org/show_bug.cgi?id=168925
3318
3319         "It broke 32-bit jsc tests in debug builds" (Requested by
3320         saamyjoon on #webkit).
3321
3322         Reverted changeset:
3323
3324         "op_get_by_id_with_this should use inline caching"
3325         https://bugs.webkit.org/show_bug.cgi?id=162124
3326         http://trac.webkit.org/changeset/213019
3327
3328 2017-02-27  JF Bastien  <jfbastien@apple.com>
3329
3330         WebAssembly: miscellaneous spec fixes part deux
3331         https://bugs.webkit.org/show_bug.cgi?id=168861
3332
3333         Reviewed by Keith Miller.
3334
3335         * wasm/WasmFunctionParser.h: add some FIXME
3336
3337 2017-02-27  Alex Christensen  <achristensen@webkit.org>
3338
3339         [libwebrtc] Enable WebRTC in some Production Builds
3340         https://bugs.webkit.org/show_bug.cgi?id=168858
3341
3342         * Configurations/FeatureDefines.xcconfig:
3343
3344 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
3345
3346         op_get_by_id_with_this should use inline caching
3347         https://bugs.webkit.org/show_bug.cgi?id=162124
3348
3349         Reviewed by Saam Barati.
3350
3351         This patch is enabling inline cache for op_get_by_id_with_this in all
3352         tiers. It means that operations using ```super.member``` are going to
3353         be able to be optimized by PIC. To enable it, we introduced a new
3354         member of StructureStubInfo.patch named thisGPR, created a new class
3355         to manage the IC named JITGetByIdWithThisGenerator and changed
3356         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
3357         to decide the correct this value on inline caches.
3358         With inline cached enabled, ```super.member``` are ~4.5x faster,
3359         according microbenchmarks.
3360
3361         * bytecode/AccessCase.cpp:
3362         (JSC::AccessCase::generateImpl):
3363         * bytecode/PolymorphicAccess.cpp:
3364         (JSC::PolymorphicAccess::regenerate):
3365         * bytecode/PolymorphicAccess.h: