393639766d261df4c6fd9dcf29121d791b6a359b
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-10  Alex Christensen  <achristensen@webkit.org>
2
3         Fix CMake build.
4
5         * CMakeLists.txt:
6         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
7
8 2017-03-10  Mark Lam  <mark.lam@apple.com>
9
10         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
11         https://bugs.webkit.org/show_bug.cgi?id=169454
12
13         Reviewed by Michael Saboff.
14
15         The underlying implementation is hoisted right out of Assertions.cpp from the
16         implementations of WTFPrintBacktrace().
17
18         The reason we need this StackTrace object is because during heap debugging, we
19         sometimes want to capture the stack trace that allocated the objects of interest.
20         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
21         perturb the execution profile sufficiently that an issue may not reproduce,
22         while alternatively, just capturing the stack trace and deferring printing it
23         till we actually need it later perturbs the execution profile less.
24
25         In addition, just capturing the stack traces (instead of printing them
26         immediately at each capture site) allows us to avoid polluting stdout with tons
27         of stack traces that may be irrelevant.
28
29         For now, we only capture the native stack trace.  We'll leave capturing and
30         integrating the JS stack trace as an exercise for the future if we need it then.
31
32         Here's an example of how to use this StackTrace utility:
33
34             // Capture a stack trace of the top 10 frames.
35             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
36             // Print the trace.
37             dataLog(*trace);
38
39         * CMakeLists.txt:
40         * JavaScriptCore.xcodeproj/project.pbxproj:
41         * tools/StackTrace.cpp: Added.
42         (JSC::StackTrace::instanceSize):
43         (JSC::StackTrace::captureStackTrace):
44         (JSC::StackTrace::dump):
45         * tools/StackTrace.h: Added.
46         (JSC::StackTrace::size):
47         (JSC::StackTrace::StackTrace):
48
49 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
50
51         B3 should have comprehensive support for atomic operations
52         https://bugs.webkit.org/show_bug.cgi?id=162349
53
54         Reviewed by Keith Miller.
55         
56         This adds the following capabilities to B3:
57         
58         - Atomic weak/strong unfenced/fenced compare-and-swap
59         - Atomic add/sub/or/and/xor/xchg
60         - Acquire/release fencing on loads/stores
61         - Fenceless load-load dependencies
62         
63         This adds lowering to the following instructions on x86:
64         
65         - lock cmpxchg
66         - lock xadd
67         - lock add/sub/or/and/xor/xchg
68         
69         This adds lowering to the following instructions on ARM64:
70         
71         - ldar and friends
72         - stlr and friends
73         - ldxr and friends (unfenced LL)
74         - stxr and friends (unfended SC)
75         - ldaxr and friends (fenced LL)
76         - stlxr and friends (fenced SC)
77         - eor as a fenceless load-load dependency
78         
79         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
80         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
81         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
82         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
83         generate the best possible branch sequence on x86 and ARM64.
84         
85         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
86         respect to each other and with respect to rel stores, creating sequential consistency that
87         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
88         fence effects may only target some abstract heaps but not others, so that load elimination and
89         store sinking can still operate across fences if you just tell B3 that the fence does not alias
90         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
91         Even better, it lets you express fine-grained dependencies where the atomics that affect one
92         property in shared memory do not clobber non-atomics that ffect some other property in shared
93         memory.
94         
95         One of my favorite features is Depend, which allows you to express load-load dependencies. On
96         x86 it lowers to nothing, while on ARM64 it lowers to eor.
97         
98         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
99         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
100         
101         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
102         implementations of the Atomics object, for now.
103         
104         * CMakeLists.txt:
105         * JavaScriptCore.xcodeproj/project.pbxproj:
106         * assembler/ARM64Assembler.h:
107         (JSC::ARM64Assembler::ldar):
108         (JSC::ARM64Assembler::ldxr):
109         (JSC::ARM64Assembler::ldaxr):
110         (JSC::ARM64Assembler::stxr):
111         (JSC::ARM64Assembler::stlr):
112         (JSC::ARM64Assembler::stlxr):
113         (JSC::ARM64Assembler::excepnGenerationImmMask):
114         (JSC::ARM64Assembler::exoticLoad):
115         (JSC::ARM64Assembler::storeRelease):
116         (JSC::ARM64Assembler::exoticStore):
117         * assembler/AbstractMacroAssembler.cpp: Added.
118         (WTF::printInternal):
119         * assembler/AbstractMacroAssembler.h:
120         (JSC::AbstractMacroAssemblerBase::invert):
121         * assembler/MacroAssembler.h:
122         * assembler/MacroAssemblerARM64.h:
123         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
124         (JSC::MacroAssemblerARM64::loadAcq8):
125         (JSC::MacroAssemblerARM64::storeRel8):
126         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
127         (JSC::MacroAssemblerARM64::loadAcq16):
128         (JSC::MacroAssemblerARM64::storeRel16):
129         (JSC::MacroAssemblerARM64::loadAcq32):
130         (JSC::MacroAssemblerARM64::loadAcq64):
131         (JSC::MacroAssemblerARM64::storeRel32):
132         (JSC::MacroAssemblerARM64::storeRel64):
133         (JSC::MacroAssemblerARM64::loadLink8):
134         (JSC::MacroAssemblerARM64::loadLinkAcq8):
135         (JSC::MacroAssemblerARM64::storeCond8):
136         (JSC::MacroAssemblerARM64::storeCondRel8):
137         (JSC::MacroAssemblerARM64::loadLink16):
138         (JSC::MacroAssemblerARM64::loadLinkAcq16):
139         (JSC::MacroAssemblerARM64::storeCond16):
140         (JSC::MacroAssemblerARM64::storeCondRel16):
141         (JSC::MacroAssemblerARM64::loadLink32):
142         (JSC::MacroAssemblerARM64::loadLinkAcq32):
143         (JSC::MacroAssemblerARM64::storeCond32):
144         (JSC::MacroAssemblerARM64::storeCondRel32):
145         (JSC::MacroAssemblerARM64::loadLink64):
146         (JSC::MacroAssemblerARM64::loadLinkAcq64):
147         (JSC::MacroAssemblerARM64::storeCond64):
148         (JSC::MacroAssemblerARM64::storeCondRel64):
149         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
150         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
151         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
152         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
153         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
154         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
155         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
156         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
157         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
158         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
159         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
160         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
161         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
162         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
163         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
164         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
165         (JSC::MacroAssemblerARM64::depend32):
166         (JSC::MacroAssemblerARM64::depend64):
167         (JSC::MacroAssemblerARM64::loadLink):
168         (JSC::MacroAssemblerARM64::loadLinkAcq):
169         (JSC::MacroAssemblerARM64::storeCond):
170         (JSC::MacroAssemblerARM64::storeCondRel):
171         (JSC::MacroAssemblerARM64::signExtend):
172         (JSC::MacroAssemblerARM64::branch):
173         (JSC::MacroAssemblerARM64::atomicStrongCAS):
174         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
175         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
176         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
177         (JSC::MacroAssemblerARM64::extractSimpleAddress):
178         (JSC::MacroAssemblerARM64::signExtend<8>):
179         (JSC::MacroAssemblerARM64::signExtend<16>):
180         (JSC::MacroAssemblerARM64::branch<64>):
181         * assembler/MacroAssemblerX86Common.h:
182         (JSC::MacroAssemblerX86Common::add32):
183         (JSC::MacroAssemblerX86Common::and32):
184         (JSC::MacroAssemblerX86Common::and16):
185         (JSC::MacroAssemblerX86Common::and8):
186         (JSC::MacroAssemblerX86Common::neg32):
187         (JSC::MacroAssemblerX86Common::neg16):
188         (JSC::MacroAssemblerX86Common::neg8):
189         (JSC::MacroAssemblerX86Common::or32):
190         (JSC::MacroAssemblerX86Common::or16):
191         (JSC::MacroAssemblerX86Common::or8):
192         (JSC::MacroAssemblerX86Common::sub16):
193         (JSC::MacroAssemblerX86Common::sub8):
194         (JSC::MacroAssemblerX86Common::sub32):
195         (JSC::MacroAssemblerX86Common::xor32):
196         (JSC::MacroAssemblerX86Common::xor16):
197         (JSC::MacroAssemblerX86Common::xor8):
198         (JSC::MacroAssemblerX86Common::not32):
199         (JSC::MacroAssemblerX86Common::not16):
200         (JSC::MacroAssemblerX86Common::not8):
201         (JSC::MacroAssemblerX86Common::store16):
202         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
203         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
204         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
205         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
206         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
207         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
208         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
209         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
210         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
211         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
212         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
213         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
214         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
215         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
216         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
217         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
218         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
219         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
220         (JSC::MacroAssemblerX86Common::atomicAdd8):
221         (JSC::MacroAssemblerX86Common::atomicAdd16):
222         (JSC::MacroAssemblerX86Common::atomicAdd32):
223         (JSC::MacroAssemblerX86Common::atomicSub8):
224         (JSC::MacroAssemblerX86Common::atomicSub16):
225         (JSC::MacroAssemblerX86Common::atomicSub32):
226         (JSC::MacroAssemblerX86Common::atomicAnd8):
227         (JSC::MacroAssemblerX86Common::atomicAnd16):
228         (JSC::MacroAssemblerX86Common::atomicAnd32):
229         (JSC::MacroAssemblerX86Common::atomicOr8):
230         (JSC::MacroAssemblerX86Common::atomicOr16):
231         (JSC::MacroAssemblerX86Common::atomicOr32):
232         (JSC::MacroAssemblerX86Common::atomicXor8):
233         (JSC::MacroAssemblerX86Common::atomicXor16):
234         (JSC::MacroAssemblerX86Common::atomicXor32):
235         (JSC::MacroAssemblerX86Common::atomicNeg8):
236         (JSC::MacroAssemblerX86Common::atomicNeg16):
237         (JSC::MacroAssemblerX86Common::atomicNeg32):
238         (JSC::MacroAssemblerX86Common::atomicNot8):
239         (JSC::MacroAssemblerX86Common::atomicNot16):
240         (JSC::MacroAssemblerX86Common::atomicNot32):
241         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
242         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
243         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
244         (JSC::MacroAssemblerX86Common::atomicXchg8):
245         (JSC::MacroAssemblerX86Common::atomicXchg16):
246         (JSC::MacroAssemblerX86Common::atomicXchg32):
247         (JSC::MacroAssemblerX86Common::loadAcq8):
248         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
249         (JSC::MacroAssemblerX86Common::loadAcq16):
250         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
251         (JSC::MacroAssemblerX86Common::loadAcq32):
252         (JSC::MacroAssemblerX86Common::storeRel8):
253         (JSC::MacroAssemblerX86Common::storeRel16):
254         (JSC::MacroAssemblerX86Common::storeRel32):
255         (JSC::MacroAssemblerX86Common::storeFence):
256         (JSC::MacroAssemblerX86Common::loadFence):
257         (JSC::MacroAssemblerX86Common::replaceWithJump):
258         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
259         (JSC::MacroAssemblerX86Common::patchableJumpSize):
260         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
261         (JSC::MacroAssemblerX86Common::supportsAVX):
262         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
263         (JSC::MacroAssemblerX86Common::x86Condition):
264         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
265         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
266         * assembler/MacroAssemblerX86_64.h:
267         (JSC::MacroAssemblerX86_64::add64):
268         (JSC::MacroAssemblerX86_64::and64):
269         (JSC::MacroAssemblerX86_64::neg64):
270         (JSC::MacroAssemblerX86_64::or64):
271         (JSC::MacroAssemblerX86_64::sub64):
272         (JSC::MacroAssemblerX86_64::xor64):
273         (JSC::MacroAssemblerX86_64::not64):
274         (JSC::MacroAssemblerX86_64::store64):
275         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
276         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
277         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
278         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
279         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
280         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
281         (JSC::MacroAssemblerX86_64::atomicAdd64):
282         (JSC::MacroAssemblerX86_64::atomicSub64):
283         (JSC::MacroAssemblerX86_64::atomicAnd64):
284         (JSC::MacroAssemblerX86_64::atomicOr64):
285         (JSC::MacroAssemblerX86_64::atomicXor64):
286         (JSC::MacroAssemblerX86_64::atomicNeg64):
287         (JSC::MacroAssemblerX86_64::atomicNot64):
288         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
289         (JSC::MacroAssemblerX86_64::atomicXchg64):
290         (JSC::MacroAssemblerX86_64::loadAcq64):
291         (JSC::MacroAssemblerX86_64::storeRel64):
292         * assembler/X86Assembler.h:
293         (JSC::X86Assembler::addl_mr):
294         (JSC::X86Assembler::addq_mr):
295         (JSC::X86Assembler::addq_rm):
296         (JSC::X86Assembler::addq_im):
297         (JSC::X86Assembler::andl_mr):
298         (JSC::X86Assembler::andl_rm):
299         (JSC::X86Assembler::andw_rm):
300         (JSC::X86Assembler::andb_rm):
301         (JSC::X86Assembler::andl_im):
302         (JSC::X86Assembler::andw_im):
303         (JSC::X86Assembler::andb_im):
304         (JSC::X86Assembler::andq_mr):
305         (JSC::X86Assembler::andq_rm):
306         (JSC::X86Assembler::andq_im):
307         (JSC::X86Assembler::incq_m):
308         (JSC::X86Assembler::negq_m):
309         (JSC::X86Assembler::negl_m):
310         (JSC::X86Assembler::negw_m):
311         (JSC::X86Assembler::negb_m):
312         (JSC::X86Assembler::notl_m):
313         (JSC::X86Assembler::notw_m):
314         (JSC::X86Assembler::notb_m):
315         (JSC::X86Assembler::notq_m):
316         (JSC::X86Assembler::orl_mr):
317         (JSC::X86Assembler::orl_rm):
318         (JSC::X86Assembler::orw_rm):
319         (JSC::X86Assembler::orb_rm):
320         (JSC::X86Assembler::orl_im):
321         (JSC::X86Assembler::orw_im):
322         (JSC::X86Assembler::orb_im):
323         (JSC::X86Assembler::orq_mr):
324         (JSC::X86Assembler::orq_rm):
325         (JSC::X86Assembler::orq_im):
326         (JSC::X86Assembler::subl_mr):
327         (JSC::X86Assembler::subl_rm):
328         (JSC::X86Assembler::subw_rm):
329         (JSC::X86Assembler::subb_rm):
330         (JSC::X86Assembler::subl_im):
331         (JSC::X86Assembler::subw_im):
332         (JSC::X86Assembler::subb_im):
333         (JSC::X86Assembler::subq_mr):
334         (JSC::X86Assembler::subq_rm):
335         (JSC::X86Assembler::subq_im):
336         (JSC::X86Assembler::xorl_mr):
337         (JSC::X86Assembler::xorl_rm):
338         (JSC::X86Assembler::xorl_im):
339         (JSC::X86Assembler::xorw_rm):
340         (JSC::X86Assembler::xorw_im):
341         (JSC::X86Assembler::xorb_rm):
342         (JSC::X86Assembler::xorb_im):
343         (JSC::X86Assembler::xorq_im):
344         (JSC::X86Assembler::xorq_rm):
345         (JSC::X86Assembler::xorq_mr):
346         (JSC::X86Assembler::xchgb_rm):
347         (JSC::X86Assembler::xchgw_rm):
348         (JSC::X86Assembler::xchgl_rm):
349         (JSC::X86Assembler::xchgq_rm):
350         (JSC::X86Assembler::movw_im):
351         (JSC::X86Assembler::movq_i32m):
352         (JSC::X86Assembler::cmpxchgb_rm):
353         (JSC::X86Assembler::cmpxchgw_rm):
354         (JSC::X86Assembler::cmpxchgl_rm):
355         (JSC::X86Assembler::cmpxchgq_rm):
356         (JSC::X86Assembler::xaddb_rm):
357         (JSC::X86Assembler::xaddw_rm):
358         (JSC::X86Assembler::xaddl_rm):
359         (JSC::X86Assembler::xaddq_rm):
360         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
361         * b3/B3AtomicValue.cpp: Added.
362         (JSC::B3::AtomicValue::~AtomicValue):
363         (JSC::B3::AtomicValue::dumpMeta):
364         (JSC::B3::AtomicValue::cloneImpl):
365         (JSC::B3::AtomicValue::AtomicValue):
366         * b3/B3AtomicValue.h: Added.
367         * b3/B3BasicBlock.h:
368         * b3/B3BlockInsertionSet.cpp:
369         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
370         (JSC::B3::BlockInsertionSet::insert): Deleted.
371         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
372         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
373         (JSC::B3::BlockInsertionSet::execute): Deleted.
374         * b3/B3BlockInsertionSet.h:
375         * b3/B3Effects.cpp:
376         (JSC::B3::Effects::interferes):
377         (JSC::B3::Effects::operator==):
378         (JSC::B3::Effects::dump):
379         * b3/B3Effects.h:
380         (JSC::B3::Effects::forCall):
381         (JSC::B3::Effects::mustExecute):
382         * b3/B3EliminateCommonSubexpressions.cpp:
383         * b3/B3Generate.cpp:
384         (JSC::B3::generateToAir):
385         * b3/B3GenericBlockInsertionSet.h: Added.
386         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
387         (JSC::B3::GenericBlockInsertionSet::insert):
388         (JSC::B3::GenericBlockInsertionSet::insertBefore):
389         (JSC::B3::GenericBlockInsertionSet::insertAfter):
390         (JSC::B3::GenericBlockInsertionSet::execute):
391         * b3/B3HeapRange.h:
392         (JSC::B3::HeapRange::operator|):
393         * b3/B3InsertionSet.cpp:
394         (JSC::B3::InsertionSet::insertClone):
395         * b3/B3InsertionSet.h:
396         * b3/B3LegalizeMemoryOffsets.cpp:
397         * b3/B3LowerMacros.cpp:
398         (JSC::B3::lowerMacros):
399         * b3/B3LowerMacrosAfterOptimizations.cpp:
400         * b3/B3LowerToAir.cpp:
401         (JSC::B3::Air::LowerToAir::LowerToAir):
402         (JSC::B3::Air::LowerToAir::run):
403         (JSC::B3::Air::LowerToAir::effectiveAddr):
404         (JSC::B3::Air::LowerToAir::addr):
405         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
406         (JSC::B3::Air::LowerToAir::appendShift):
407         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
408         (JSC::B3::Air::LowerToAir::storeOpcode):
409         (JSC::B3::Air::LowerToAir::createStore):
410         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
411         (JSC::B3::Air::LowerToAir::newBlock):
412         (JSC::B3::Air::LowerToAir::splitBlock):
413         (JSC::B3::Air::LowerToAir::fillStackmap):
414         (JSC::B3::Air::LowerToAir::appendX86Div):
415         (JSC::B3::Air::LowerToAir::appendX86UDiv):
416         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
417         (JSC::B3::Air::LowerToAir::storeCondOpcode):
418         (JSC::B3::Air::LowerToAir::appendCAS):
419         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
420         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
421         (JSC::B3::Air::LowerToAir::lower):
422         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
423         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
424         * b3/B3LowerToAir.h:
425         * b3/B3MemoryValue.cpp:
426         (JSC::B3::MemoryValue::isLegalOffset):
427         (JSC::B3::MemoryValue::accessType):
428         (JSC::B3::MemoryValue::accessBank):
429         (JSC::B3::MemoryValue::accessByteSize):
430         (JSC::B3::MemoryValue::dumpMeta):
431         (JSC::B3::MemoryValue::MemoryValue):
432         (JSC::B3::MemoryValue::accessWidth): Deleted.
433         * b3/B3MemoryValue.h:
434         * b3/B3MemoryValueInlines.h: Added.
435         (JSC::B3::MemoryValue::isLegalOffset):
436         (JSC::B3::MemoryValue::requiresSimpleAddr):
437         (JSC::B3::MemoryValue::accessWidth):
438         * b3/B3MoveConstants.cpp:
439         * b3/B3NativeTraits.h: Added.
440         * b3/B3Opcode.cpp:
441         (JSC::B3::storeOpcode):
442         (WTF::printInternal):
443         * b3/B3Opcode.h:
444         (JSC::B3::isLoad):
445         (JSC::B3::isStore):
446         (JSC::B3::isLoadStore):
447         (JSC::B3::isAtomic):
448         (JSC::B3::isAtomicCAS):
449         (JSC::B3::isAtomicXchg):
450         (JSC::B3::isMemoryAccess):
451         (JSC::B3::signExtendOpcode):
452         * b3/B3Procedure.cpp:
453         (JSC::B3::Procedure::dump):
454         * b3/B3Procedure.h:
455         (JSC::B3::Procedure::hasQuirks):
456         (JSC::B3::Procedure::setHasQuirks):
457         * b3/B3PureCSE.cpp:
458         (JSC::B3::pureCSE):
459         * b3/B3PureCSE.h:
460         * b3/B3ReduceStrength.cpp:
461         * b3/B3Validate.cpp:
462         * b3/B3Value.cpp:
463         (JSC::B3::Value::returnsBool):
464         (JSC::B3::Value::effects):
465         (JSC::B3::Value::key):
466         (JSC::B3::Value::performSubstitution):
467         (JSC::B3::Value::typeFor):
468         * b3/B3Value.h:
469         * b3/B3Width.cpp:
470         (JSC::B3::bestType):
471         * b3/B3Width.h:
472         (JSC::B3::canonicalWidth):
473         (JSC::B3::isCanonicalWidth):
474         (JSC::B3::mask):
475         * b3/air/AirArg.cpp:
476         (JSC::B3::Air::Arg::jsHash):
477         (JSC::B3::Air::Arg::dump):
478         (WTF::printInternal):
479         * b3/air/AirArg.h:
480         (JSC::B3::Air::Arg::isAnyUse):
481         (JSC::B3::Air::Arg::isColdUse):
482         (JSC::B3::Air::Arg::cooled):
483         (JSC::B3::Air::Arg::isEarlyUse):
484         (JSC::B3::Air::Arg::isLateUse):
485         (JSC::B3::Air::Arg::isAnyDef):
486         (JSC::B3::Air::Arg::isEarlyDef):
487         (JSC::B3::Air::Arg::isLateDef):
488         (JSC::B3::Air::Arg::isZDef):
489         (JSC::B3::Air::Arg::simpleAddr):
490         (JSC::B3::Air::Arg::statusCond):
491         (JSC::B3::Air::Arg::isSimpleAddr):
492         (JSC::B3::Air::Arg::isMemory):
493         (JSC::B3::Air::Arg::isStatusCond):
494         (JSC::B3::Air::Arg::isCondition):
495         (JSC::B3::Air::Arg::ptr):
496         (JSC::B3::Air::Arg::base):
497         (JSC::B3::Air::Arg::isGP):
498         (JSC::B3::Air::Arg::isFP):
499         (JSC::B3::Air::Arg::isValidForm):
500         (JSC::B3::Air::Arg::forEachTmpFast):
501         (JSC::B3::Air::Arg::forEachTmp):
502         (JSC::B3::Air::Arg::asAddress):
503         (JSC::B3::Air::Arg::asStatusCondition):
504         (JSC::B3::Air::Arg::isInvertible):
505         (JSC::B3::Air::Arg::inverted):
506         * b3/air/AirBasicBlock.cpp:
507         (JSC::B3::Air::BasicBlock::setSuccessors):
508         * b3/air/AirBasicBlock.h:
509         * b3/air/AirBlockInsertionSet.cpp: Added.
510         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
511         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
512         * b3/air/AirBlockInsertionSet.h: Added.
513         * b3/air/AirDumpAsJS.cpp: Removed.
514         * b3/air/AirDumpAsJS.h: Removed.
515         * b3/air/AirEliminateDeadCode.cpp:
516         (JSC::B3::Air::eliminateDeadCode):
517         * b3/air/AirGenerate.cpp:
518         (JSC::B3::Air::prepareForGeneration):
519         * b3/air/AirInstInlines.h:
520         (JSC::B3::Air::isAtomicStrongCASValid):
521         (JSC::B3::Air::isBranchAtomicStrongCASValid):
522         (JSC::B3::Air::isAtomicStrongCAS8Valid):
523         (JSC::B3::Air::isAtomicStrongCAS16Valid):
524         (JSC::B3::Air::isAtomicStrongCAS32Valid):
525         (JSC::B3::Air::isAtomicStrongCAS64Valid):
526         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
527         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
528         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
529         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
530         * b3/air/AirOpcode.opcodes:
531         * b3/air/AirOptimizeBlockOrder.cpp:
532         (JSC::B3::Air::optimizeBlockOrder):
533         * b3/air/AirPadInterference.cpp:
534         (JSC::B3::Air::padInterference):
535         * b3/air/AirSpillEverything.cpp:
536         (JSC::B3::Air::spillEverything):
537         * b3/air/opcode_generator.rb:
538         * b3/testb3.cpp:
539         (JSC::B3::testLoadAcq42):
540         (JSC::B3::testStoreRelAddLoadAcq32):
541         (JSC::B3::testStoreRelAddLoadAcq8):
542         (JSC::B3::testStoreRelAddFenceLoadAcq8):
543         (JSC::B3::testStoreRelAddLoadAcq16):
544         (JSC::B3::testStoreRelAddLoadAcq64):
545         (JSC::B3::testTrappingStoreElimination):
546         (JSC::B3::testX86LeaAddAdd):
547         (JSC::B3::testX86LeaAddShlLeftScale1):
548         (JSC::B3::testAtomicWeakCAS):
549         (JSC::B3::testAtomicStrongCAS):
550         (JSC::B3::testAtomicXchg):
551         (JSC::B3::testDepend32):
552         (JSC::B3::testDepend64):
553         (JSC::B3::run):
554         * runtime/Options.h:
555
556 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
557
558         Unreviewed typo fixes after r213652.
559         https://bugs.webkit.org/show_bug.cgi?id=168920
560
561         * assembler/MacroAssemblerARM.h:
562         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
563         * assembler/MacroAssemblerMIPS.h:
564         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
565
566 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
567
568         Unreviewed ARM buildfix after r213652.
569         https://bugs.webkit.org/show_bug.cgi?id=168920
570
571         r213652 used replaceWithBrk and replaceWithBkpt names for the same
572         function, which was inconsistent and caused build error in ARMAssembler.
573
574         * assembler/ARM64Assembler.h:
575         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
576         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
577         * assembler/ARMAssembler.h:
578         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
579         (JSC::ARMAssembler::replaceWithBrk): Deleted.
580         * assembler/MacroAssemblerARM64.h:
581         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
582
583 2017-03-10  Alex Christensen  <achristensen@webkit.org>
584
585         Win64 build fix.
586
587         * b3/B3FenceValue.h:
588         * b3/B3Value.h:
589         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
590         doesn't accomplish anything except making Visual Studio mad.
591         * b3/air/opcode_generator.rb:
592         winnt.h has naming collisions with enum values from AirOpcode.h.
593         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
594         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
595         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
596         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
597
598 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
599
600         Unreviewed, rolling out r213695.
601
602         This change broke the Windows build.
603
604         Reverted changeset:
605
606         "Implement a StackTrace utility object that can capture stack
607         traces for debugging."
608         https://bugs.webkit.org/show_bug.cgi?id=169454
609         http://trac.webkit.org/changeset/213695
610
611 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
612
613         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
614         https://bugs.webkit.org/show_bug.cgi?id=167962
615
616         Reviewed by Keith Miller.
617
618         Object Rest/Spread Destructing proposal is in stage 3[1] and this
619         Patch is a prototype implementation of it. A simple change over the
620         parser was necessary to support the new '...' token on Object Pattern
621         destruction rule. In the bytecode generator side, We changed the
622         bytecode generated on ObjectPatternNode::bindValue to store in an
623         array identifiers of already destructed properties, following spec draft
624         section[2], and then pass it as excludedNames to CopyDataProperties.
625         The rest destruction the calls copyDataProperties to perform the
626         copy of rest properties in rhs.
627
628         We also implemented CopyDataProperties as private JS global operation
629         on builtins/GlobalOperations.js following it's specification on [3].
630         It is implemented using Set object to verify if a property is on
631         excludedNames to keep this algorithm with O(n + m) complexity, where n
632         = number of source's own properties and m = excludedNames.length. 
633
634         As a requirement to use JSSets as constants, a change in
635         CodeBlock::create API was necessary, because JSSet creation can throws OOM
636         exception. Now, CodeBlock::finishCreation returns ```false``` if an
637         execption is throwed by
638         CodeBlock::setConstantIdentifierSetRegisters and then we return
639         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
640         check if CodeBlock was constructed properly and then, throw OOM
641         exception to the correct scope.
642
643         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
644         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
645         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
646
647         * builtins/BuiltinNames.h:
648         * builtins/GlobalOperations.js:
649         (globalPrivate.copyDataProperties):
650         * bytecode/CodeBlock.cpp:
651         (JSC::CodeBlock::finishCreation):
652         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
653         * bytecode/CodeBlock.h:
654         * bytecode/EvalCodeBlock.h:
655         (JSC::EvalCodeBlock::create):
656         * bytecode/FunctionCodeBlock.h:
657         (JSC::FunctionCodeBlock::create):
658         * bytecode/ModuleProgramCodeBlock.h:
659         (JSC::ModuleProgramCodeBlock::create):
660         * bytecode/ProgramCodeBlock.h:
661         (JSC::ProgramCodeBlock::create):
662         * bytecode/UnlinkedCodeBlock.h:
663         (JSC::UnlinkedCodeBlock::addSetConstant):
664         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
665         * bytecompiler/BytecodeGenerator.cpp:
666         (JSC::BytecodeGenerator::emitLoad):
667         * bytecompiler/BytecodeGenerator.h:
668         * bytecompiler/NodesCodegen.cpp:
669         (JSC::ObjectPatternNode::bindValue):
670         * parser/ASTBuilder.h:
671         (JSC::ASTBuilder::appendObjectPatternEntry):
672         (JSC::ASTBuilder::appendObjectPatternRestEntry):
673         (JSC::ASTBuilder::setContainsObjectRestElement):
674         * parser/Nodes.h:
675         (JSC::ObjectPatternNode::appendEntry):
676         (JSC::ObjectPatternNode::setContainsRestElement):
677         * parser/Parser.cpp:
678         (JSC::Parser<LexerType>::parseDestructuringPattern):
679         (JSC::Parser<LexerType>::parseProperty):
680         * parser/SyntaxChecker.h:
681         (JSC::SyntaxChecker::operatorStackPop):
682         * runtime/JSGlobalObject.cpp:
683         (JSC::JSGlobalObject::init):
684         * runtime/JSGlobalObjectFunctions.cpp:
685         (JSC::privateToObject):
686         * runtime/JSGlobalObjectFunctions.h:
687         * runtime/ScriptExecutable.cpp:
688         (JSC::ScriptExecutable::newCodeBlockFor):
689
690 2017-03-09  Mark Lam  <mark.lam@apple.com>
691
692         Implement a StackTrace utility object that can capture stack traces for debugging.
693         https://bugs.webkit.org/show_bug.cgi?id=169454
694
695         Reviewed by Michael Saboff.
696
697         The underlying implementation is hoisted right out of Assertions.cpp from the
698         implementations of WTFPrintBacktrace().
699
700         The reason we need this StackTrace object is because during heap debugging, we
701         sometimes want to capture the stack trace that allocated the objects of interest.
702         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
703         perturb the execution profile sufficiently that an issue may not reproduce,
704         while alternatively, just capturing the stack trace and deferring printing it
705         till we actually need it later perturbs the execution profile less.
706
707         In addition, just capturing the stack traces (instead of printing them
708         immediately at each capture site) allows us to avoid polluting stdout with tons
709         of stack traces that may be irrelevant.
710
711         For now, we only capture the native stack trace.  We'll leave capturing and
712         integrating the JS stack trace as an exercise for the future if we need it then.
713
714         Here's an example of how to use this StackTrace utility:
715
716             // Capture a stack trace of the top 10 frames.
717             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
718             // Print the trace.
719             dataLog(*trace);
720
721         * CMakeLists.txt:
722         * JavaScriptCore.xcodeproj/project.pbxproj:
723         * tools/StackTrace.cpp: Added.
724         (JSC::StackTrace::instanceSize):
725         (JSC::StackTrace::captureStackTrace):
726         (JSC::StackTrace::dump):
727         * tools/StackTrace.h: Added.
728         (JSC::StackTrace::StackTrace):
729         (JSC::StackTrace::size):
730
731 2017-03-09  Keith Miller  <keith_miller@apple.com>
732
733         WebAssembly: Enable fast memory for WK2
734         https://bugs.webkit.org/show_bug.cgi?id=169437
735
736         Reviewed by Tim Horton.
737
738         * JavaScriptCore.xcodeproj/project.pbxproj:
739
740 2017-03-09  Matt Baker  <mattbaker@apple.com>
741
742         Web Inspector: Add XHR breakpoints UI
743         https://bugs.webkit.org/show_bug.cgi?id=168763
744         <rdar://problem/30952439>
745
746         Reviewed by Joseph Pecoraro.
747
748         * inspector/protocol/DOMDebugger.json:
749         Added clarifying comments to command descriptions.
750
751 2017-03-09  Michael Saboff  <msaboff@apple.com>
752
753         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
754         https://bugs.webkit.org/show_bug.cgi?id=169387
755
756         Reviewed by Filip Pizlo.
757
758         Added a helper function, processConfigFile(), to process configuration file.
759         Changed jsc.cpp to use that function in lieu of processing the config file
760         manually.
761
762         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
763         * jsc.cpp:
764         (jscmain):
765         * runtime/ConfigFile.cpp:
766         (JSC::processConfigFile):
767         * runtime/ConfigFile.h:
768
769 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
770
771         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
772         https://bugs.webkit.org/show_bug.cgi?id=29687
773         <rdar://problem/19281586>
774
775         Reviewed by Matt Baker and Brian Burg.
776
777         * inspector/protocol/Network.json:
778         Add metrics object with optional properties to loadingFinished event.
779
780 2017-03-09  Youenn Fablet  <youenn@apple.com>
781
782         Minimal build is broken
783         https://bugs.webkit.org/show_bug.cgi?id=169416
784
785         Reviewed by Chris Dumez.
786
787         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
788         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
789
790         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
791         (generate_members):
792         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
793         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
794         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
795
796 2017-03-09  Daniel Bates  <dabates@apple.com>
797
798         Guard Credential Management implementation behind a runtime enabled feature flag
799         https://bugs.webkit.org/show_bug.cgi?id=169364
800         <rdar://problem/30957425>
801
802         Reviewed by Brent Fulgham.
803
804         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
805         needed to guard these interfaces behind a runtime enabled feature flag.
806
807         * runtime/CommonIdentifiers.h:
808
809 2017-03-09  Mark Lam  <mark.lam@apple.com>
810
811         Refactoring some HeapVerifier code.
812         https://bugs.webkit.org/show_bug.cgi?id=169443
813
814         Reviewed by Filip Pizlo.
815
816         Renamed LiveObjectData to CellProfile.
817         Renamed LiveObjectList to CellList.
818         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
819         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
820
821         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
822
823         * CMakeLists.txt:
824         * JavaScriptCore.xcodeproj/project.pbxproj:
825         * heap/Heap.cpp:
826         (JSC::Heap::runBeginPhase):
827         (JSC::Heap::runEndPhase):
828         * heap/HeapVerifier.cpp: Removed.
829         * heap/HeapVerifier.h: Removed.
830         * heap/LiveObjectData.h: Removed.
831         * heap/LiveObjectList.cpp: Removed.
832         * heap/LiveObjectList.h: Removed.
833         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
834         (JSC::CellList::findCell):
835         (JSC::LiveObjectList::findObject): Deleted.
836         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
837         (JSC::CellList::CellList):
838         (JSC::CellList::reset):
839         (JSC::LiveObjectList::LiveObjectList): Deleted.
840         (JSC::LiveObjectList::reset): Deleted.
841         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
842         (JSC::CellProfile::CellProfile):
843         (JSC::LiveObjectData::LiveObjectData): Deleted.
844         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
845         (JSC::GatherCellFunctor::GatherCellFunctor):
846         (JSC::GatherCellFunctor::visit):
847         (JSC::GatherCellFunctor::operator()):
848         (JSC::HeapVerifier::gatherLiveCells):
849         (JSC::HeapVerifier::cellListForGathering):
850         (JSC::trimDeadCellsFromList):
851         (JSC::HeapVerifier::trimDeadCells):
852         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
853         (JSC::HeapVerifier::reportCell):
854         (JSC::HeapVerifier::checkIfRecorded):
855         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
856         (JSC::GatherLiveObjFunctor::visit): Deleted.
857         (JSC::GatherLiveObjFunctor::operator()): Deleted.
858         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
859         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
860         (JSC::trimDeadObjectsFromList): Deleted.
861         (JSC::HeapVerifier::trimDeadObjects): Deleted.
862         (JSC::HeapVerifier::reportObject): Deleted.
863         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
864
865 2017-03-09  Anders Carlsson  <andersca@apple.com>
866
867         Add delegate support to WebCore
868         https://bugs.webkit.org/show_bug.cgi?id=169427
869         Part of rdar://problem/28880714.
870
871         Reviewed by Geoffrey Garen.
872
873         * Configurations/FeatureDefines.xcconfig:
874         Add feature define.
875
876 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
877
878         Web Inspector: Show individual messages in the content pane for a WebSocket
879         https://bugs.webkit.org/show_bug.cgi?id=169011
880
881         Reviewed by Joseph Pecoraro.
882
883         Add walltime parameter and correct the description of Timestamp type.
884
885         * inspector/protocol/Network.json:
886
887 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
888
889         Unreviewed, fix weak external symbol error.
890
891         * heap/SlotVisitor.h:
892
893 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
894
895         std::isnan/isinf should work with WTF time classes
896         https://bugs.webkit.org/show_bug.cgi?id=164991
897
898         Reviewed by Darin Adler.
899         
900         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
901
902         * runtime/AtomicsObject.cpp:
903         (JSC::atomicsFuncWait):
904
905 2017-03-09  Mark Lam  <mark.lam@apple.com>
906
907         Use const AbstractLocker& (instead of const LockHolder&) in more places.
908         https://bugs.webkit.org/show_bug.cgi?id=169424
909
910         Reviewed by Filip Pizlo.
911
912         * heap/CodeBlockSet.cpp:
913         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
914         * heap/CodeBlockSet.h:
915         * heap/CodeBlockSetInlines.h:
916         (JSC::CodeBlockSet::mark):
917         * heap/ConservativeRoots.cpp:
918         (JSC::CompositeMarkHook::CompositeMarkHook):
919         * heap/MachineStackMarker.cpp:
920         (JSC::MachineThreads::tryCopyOtherThreadStacks):
921         * heap/MachineStackMarker.h:
922         * profiler/ProfilerDatabase.cpp:
923         (JSC::Profiler::Database::ensureBytecodesFor):
924         * profiler/ProfilerDatabase.h:
925         * runtime/SamplingProfiler.cpp:
926         (JSC::FrameWalker::FrameWalker):
927         (JSC::CFrameWalker::CFrameWalker):
928         (JSC::SamplingProfiler::createThreadIfNecessary):
929         (JSC::SamplingProfiler::takeSample):
930         (JSC::SamplingProfiler::start):
931         (JSC::SamplingProfiler::pause):
932         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
933         (JSC::SamplingProfiler::clearData):
934         (JSC::SamplingProfiler::releaseStackTraces):
935         * runtime/SamplingProfiler.h:
936         (JSC::SamplingProfiler::setStopWatch):
937         * wasm/WasmMemory.cpp:
938         (JSC::Wasm::availableFastMemories):
939         (JSC::Wasm::activeFastMemories):
940         (JSC::Wasm::viewActiveFastMemories):
941         * wasm/WasmMemory.h:
942
943 2017-03-09  Saam Barati  <sbarati@apple.com>
944
945         WebAssembly: Make the Unity AngryBots demo run
946         https://bugs.webkit.org/show_bug.cgi?id=169268
947
948         Reviewed by Keith Miller.
949
950         This patch fixes three bugs:
951         1. The WasmBinding code for making a JS call was off
952         by 1 in its stack layout code.
953         2. The WasmBinding code had a "<" comparison instead
954         of a ">=" comparison. This would cause us to calculate
955         the wrong frame pointer offset.
956         3. The code to reload wasm state inside B3IRGenerator didn't
957         properly represent its effects.
958
959         * wasm/WasmB3IRGenerator.cpp:
960         (JSC::Wasm::restoreWebAssemblyGlobalState):
961         (JSC::Wasm::parseAndCompile):
962         * wasm/WasmBinding.cpp:
963         (JSC::Wasm::wasmToJs):
964         * wasm/js/WebAssemblyInstanceConstructor.cpp:
965         (JSC::WebAssemblyInstanceConstructor::createInstance):
966
967 2017-03-09  Mark Lam  <mark.lam@apple.com>
968
969         Make the VM Traps mechanism non-polling for the DFG and FTL.
970         https://bugs.webkit.org/show_bug.cgi?id=168920
971         <rdar://problem/30738588>
972
973         Reviewed by Filip Pizlo.
974
975         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
976            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
977         2. Added assembler functions for overwriting an instruction with a breakpoint.
978         3. Added a new JettisonDueToVMTraps jettison reason.
979         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
980            invalidation points with breakpoint instructions.
981         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
982         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
983            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
984            Options::usePollingTraps() to always be true.  This makes the VMTraps
985            implementation fall back to using polling based traps only.
986
987         7. Make VMTraps support signal based traps.
988
989         Some design and implementation details of signal based VM traps:
990
991         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
992
993         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
994           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
995           we want to trap, and check for the occurence of one of the following events:
996
997           a. VMTraps::handleTraps() has been called for the requested trap, or
998
999           b. the VM is inactive and is no longer executing any JS code.  We determine
1000              this to be the case if the thread no longer owns the JSLock and the VM's
1001              entryScope is null.
1002
1003              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1004              null.  This happens when the thread calls JSLock::dropAllLocks() before
1005              calling a host function that may block on IO (or whatever).  For our purpose,
1006              this counts as the VM still running JS code, and VM::fireTrap() will still
1007              be waiting.
1008
1009           If the SignalSender does not see either of these events, it will sleep for a
1010           while and then re-send SIGUSR1 and check for the events again.  When it sees
1011           one of these events, it will consider the mutator to have received the trap
1012           request.
1013
1014         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1015           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1016           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1017           safe to jettison the codeBlock.
1018
1019           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1020           insert the breakpoint instructions itself.  This is because we need the
1021           register state of the the mutator thread (that we want to trap in) in order to
1022           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1023           we don't have a generic way for the requester thread to get the register state
1024           of another thread.
1025
1026         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1027           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1028           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1029           baseline JIT code will eventually reach an op_check_traps and call
1030           VMTraps::handleTraps().
1031
1032           If the handler is not trapping at an invalidation point, then it must be
1033           observing an assertion failure (which also uses the breakpoint instruction).
1034           In this case, the handler will defer to the default SIGTRAP handler and crash.
1035
1036         - The reason we need the SignalSender is because SignalSender::send() is called
1037           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1038           send() needs to make use of the VM pointer, and it is not guaranteed that the
1039           VM will outlive the thread.  SignalSender provides the mechanism by which we
1040           can nullify the VM pointer when the VM dies so that the thread does not
1041           continue to use it.
1042
1043         * assembler/ARM64Assembler.h:
1044         (JSC::ARM64Assembler::replaceWithBrk):
1045         * assembler/ARMAssembler.h:
1046         (JSC::ARMAssembler::replaceWithBrk):
1047         * assembler/ARMv7Assembler.h:
1048         (JSC::ARMv7Assembler::replaceWithBkpt):
1049         * assembler/MIPSAssembler.h:
1050         (JSC::MIPSAssembler::replaceWithBkpt):
1051         * assembler/MacroAssemblerARM.h:
1052         (JSC::MacroAssemblerARM::replaceWithJump):
1053         * assembler/MacroAssemblerARM64.h:
1054         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1055         * assembler/MacroAssemblerARMv7.h:
1056         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1057         * assembler/MacroAssemblerMIPS.h:
1058         (JSC::MacroAssemblerMIPS::replaceWithJump):
1059         * assembler/MacroAssemblerX86Common.h:
1060         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1061         * assembler/X86Assembler.h:
1062         (JSC::X86Assembler::replaceWithInt3):
1063         * bytecode/CodeBlock.cpp:
1064         (JSC::CodeBlock::jettison):
1065         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1066         (JSC::CodeBlock::installVMTrapBreakpoints):
1067         * bytecode/CodeBlock.h:
1068         * bytecompiler/BytecodeGenerator.cpp:
1069         (JSC::BytecodeGenerator::emitCheckTraps):
1070         * dfg/DFGCommonData.cpp:
1071         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1072         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1073         * dfg/DFGCommonData.h:
1074         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1075         * dfg/DFGJumpReplacement.cpp:
1076         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1077         * dfg/DFGJumpReplacement.h:
1078         (JSC::DFG::JumpReplacement::dataLocation):
1079         * dfg/DFGNodeType.h:
1080         * heap/CodeBlockSet.cpp:
1081         (JSC::CodeBlockSet::contains):
1082         * heap/CodeBlockSet.h:
1083         * heap/CodeBlockSetInlines.h:
1084         (JSC::CodeBlockSet::iterate):
1085         * heap/Heap.cpp:
1086         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1087         * heap/Heap.h:
1088         * heap/HeapInlines.h:
1089         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1090         * heap/MachineStackMarker.h:
1091         (JSC::MachineThreads::threadsListHead):
1092         * jit/ExecutableAllocator.cpp:
1093         (JSC::ExecutableAllocator::isValidExecutableMemory):
1094         * jit/ExecutableAllocator.h:
1095         * profiler/ProfilerJettisonReason.cpp:
1096         (WTF::printInternal):
1097         * profiler/ProfilerJettisonReason.h:
1098         * runtime/JSLock.cpp:
1099         (JSC::JSLock::didAcquireLock):
1100         * runtime/Options.cpp:
1101         (JSC::overrideDefaults):
1102         * runtime/Options.h:
1103         * runtime/PlatformThread.h:
1104         (JSC::platformThreadSignal):
1105         * runtime/VM.cpp:
1106         (JSC::VM::~VM):
1107         (JSC::VM::ensureWatchdog):
1108         (JSC::VM::handleTraps): Deleted.
1109         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1110         * runtime/VM.h:
1111         (JSC::VM::ownerThread):
1112         (JSC::VM::traps):
1113         (JSC::VM::handleTraps):
1114         (JSC::VM::needTrapHandling):
1115         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1116         * runtime/VMTraps.cpp:
1117         (JSC::VMTraps::vm):
1118         (JSC::SignalContext::SignalContext):
1119         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1120         (JSC::vmIsInactive):
1121         (JSC::findActiveVMAndStackBounds):
1122         (JSC::handleSigusr1):
1123         (JSC::handleSigtrap):
1124         (JSC::installSignalHandlers):
1125         (JSC::sanitizedTopCallFrame):
1126         (JSC::isSaneFrame):
1127         (JSC::VMTraps::tryInstallTrapBreakpoints):
1128         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1129         (JSC::VMTraps::VMTraps):
1130         (JSC::VMTraps::willDestroyVM):
1131         (JSC::VMTraps::addSignalSender):
1132         (JSC::VMTraps::removeSignalSender):
1133         (JSC::VMTraps::SignalSender::willDestroyVM):
1134         (JSC::VMTraps::SignalSender::send):
1135         (JSC::VMTraps::fireTrap):
1136         (JSC::VMTraps::handleTraps):
1137         * runtime/VMTraps.h:
1138         (JSC::VMTraps::~VMTraps):
1139         (JSC::VMTraps::needTrapHandling):
1140         (JSC::VMTraps::notifyGrabAllLocks):
1141         (JSC::VMTraps::SignalSender::SignalSender):
1142         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1143         * tools/VMInspector.cpp:
1144         * tools/VMInspector.h:
1145         (JSC::VMInspector::getLock):
1146         (JSC::VMInspector::iterate):
1147
1148 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1149
1150         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1151         https://bugs.webkit.org/show_bug.cgi?id=169215
1152
1153         Reviewed by Mark Lam.
1154         
1155         This doesn't have a test because it would be a very complicated test.
1156
1157         * runtime/JSObject.h:
1158         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1159
1160 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1161
1162         WTF should make it super easy to do ARM concurrency tricks
1163         https://bugs.webkit.org/show_bug.cgi?id=169300
1164
1165         Reviewed by Mark Lam.
1166         
1167         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1168         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1169         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1170         machine code, I found other opportunities for improvement, like inlining the "am I
1171         marked" part of the marking functions.
1172
1173         * heap/Heap.cpp:
1174         (JSC::Heap::setGCDidJIT):
1175         * heap/HeapInlines.h:
1176         (JSC::Heap::testAndSetMarked):
1177         * heap/LargeAllocation.h:
1178         (JSC::LargeAllocation::isMarked):
1179         (JSC::LargeAllocation::isMarkedConcurrently):
1180         (JSC::LargeAllocation::aboutToMark):
1181         (JSC::LargeAllocation::testAndSetMarked):
1182         * heap/MarkedBlock.h:
1183         (JSC::MarkedBlock::areMarksStaleWithDependency):
1184         (JSC::MarkedBlock::aboutToMark):
1185         (JSC::MarkedBlock::isMarkedConcurrently):
1186         (JSC::MarkedBlock::isMarked):
1187         (JSC::MarkedBlock::testAndSetMarked):
1188         * heap/SlotVisitor.cpp:
1189         (JSC::SlotVisitor::appendSlow):
1190         (JSC::SlotVisitor::appendHiddenSlow):
1191         (JSC::SlotVisitor::appendHiddenSlowImpl):
1192         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1193         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1194         (JSC::SlotVisitor::appendHidden): Deleted.
1195         * heap/SlotVisitor.h:
1196         * heap/SlotVisitorInlines.h:
1197         (JSC::SlotVisitor::appendUnbarriered):
1198         (JSC::SlotVisitor::appendHidden):
1199         (JSC::SlotVisitor::append):
1200         (JSC::SlotVisitor::appendValues):
1201         (JSC::SlotVisitor::appendValuesHidden):
1202         * runtime/CustomGetterSetter.cpp:
1203         * runtime/JSObject.cpp:
1204         (JSC::JSObject::visitButterflyImpl):
1205         * runtime/JSObject.h:
1206
1207 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1208
1209         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1210         https://bugs.webkit.org/show_bug.cgi?id=160124
1211
1212         Reviewed by Mark Lam.
1213
1214         When performing CallVarargs, we will copy values to the stack.
1215         Before actually copying values, we need to adjust the stackPointerRegister
1216         to ensure copied values are in the allocated stack area.
1217         If we do not that, OS can break the values that is stored beyond the stack
1218         pointer. For example, signal stack can be constructed on these area, and
1219         breaks values.
1220
1221         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1222         in Linux port. Since Linux ports use signal to suspend and resume threads,
1223         signal handler is frequently called when enabling sampling profiler. Thus this
1224         crash occurs.
1225
1226         * dfg/DFGSpeculativeJIT32_64.cpp:
1227         (JSC::DFG::SpeculativeJIT::emitCall):
1228         * dfg/DFGSpeculativeJIT64.cpp:
1229         (JSC::DFG::SpeculativeJIT::emitCall):
1230         * ftl/FTLLowerDFGToB3.cpp:
1231         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1232         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1233         * jit/SetupVarargsFrame.cpp:
1234         (JSC::emitSetupVarargsFrameFastCase):
1235         * jit/SetupVarargsFrame.h:
1236
1237 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1238
1239         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1240         https://bugs.webkit.org/show_bug.cgi?id=164892
1241         <rdar://problem/29320562>
1242
1243         Reviewed by Brian Burg.
1244
1245         * inspector/protocol/Network.json:
1246         Replace "fromDiskCache" property with "source" property which includes
1247         more complete information about the source of this response (network,
1248         memory cache, disk cache, or unknown).
1249
1250         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1251         (_generate_class_for_object_declaration):
1252         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1253         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1254         * inspector/scripts/codegen/generator.py:
1255         (Generator):
1256         (Generator.open_fields):
1257         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1258         enum and open accessor string symbol that would have the same name, only generate
1259         a specific list of open accessor strings. This reduces the list of exported
1260         symbols from all properties to just the ones that are needed. This can be
1261         cleaned up later if needed.
1262
1263         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1264         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1265         Test for open accessors generation.
1266
1267 2017-03-08  Keith Miller  <keith_miller@apple.com>
1268
1269         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1270         https://bugs.webkit.org/show_bug.cgi?id=169290
1271
1272         Reviewed by Saam Barati.
1273
1274         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1275         of some wasm fast memory.
1276
1277         * wasm/WasmFaultSignalHandler.cpp:
1278         (JSC::Wasm::trapHandler):
1279         (JSC::Wasm::enableFastMemory):
1280         * wasm/WasmMemory.cpp:
1281         (JSC::Wasm::activeFastMemories):
1282         (JSC::Wasm::viewActiveFastMemories):
1283         (JSC::Wasm::tryGetFastMemory):
1284         (JSC::Wasm::releaseFastMemory):
1285         * wasm/WasmMemory.h:
1286
1287 2017-03-07  Dean Jackson  <dino@apple.com>
1288
1289         Some platforms won't be able to create a GPUDevice
1290         https://bugs.webkit.org/show_bug.cgi?id=169314
1291         <rdar://problems/30907521>
1292
1293         Reviewed by Jon Lee.
1294
1295         Disable WEB_GPU on the iOS Simulator.
1296
1297         * Configurations/FeatureDefines.xcconfig:
1298
1299 2017-03-06  Saam Barati  <sbarati@apple.com>
1300
1301         WebAssembly: Implement the WebAssembly.instantiate API
1302         https://bugs.webkit.org/show_bug.cgi?id=165982
1303         <rdar://problem/29760110>
1304
1305         Reviewed by Keith Miller.
1306
1307         This patch is a straight forward implementation of the WebAssembly.instantiate
1308         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1309         
1310         I implemented the API in a synchronous manner. We should make it
1311         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1312
1313         * wasm/JSWebAssembly.cpp:
1314         (JSC::webAssemblyCompileFunc):
1315         (JSC::webAssemblyInstantiateFunc):
1316         (JSC::JSWebAssembly::finishCreation):
1317         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1318         (JSC::constructJSWebAssemblyInstance):
1319         (JSC::WebAssemblyInstanceConstructor::createInstance):
1320         * wasm/js/WebAssemblyInstanceConstructor.h:
1321         * wasm/js/WebAssemblyModuleConstructor.cpp:
1322         (JSC::constructJSWebAssemblyModule):
1323         (JSC::WebAssemblyModuleConstructor::createModule):
1324         * wasm/js/WebAssemblyModuleConstructor.h:
1325
1326 2017-03-06  Michael Saboff  <msaboff@apple.com>
1327
1328         Take advantage of fast permissions switching of JIT memory for devices that support it
1329         https://bugs.webkit.org/show_bug.cgi?id=169155
1330
1331         Reviewed by Saam Barati.
1332
1333         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1334         control access to JIT memory.
1335
1336         Had to update the Xcode config files to handle various build variations of
1337         public and internal SDKs.
1338
1339         * Configurations/Base.xcconfig:
1340         * Configurations/FeatureDefines.xcconfig:
1341         * jit/ExecutableAllocator.cpp:
1342         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1343         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1344         * jit/ExecutableAllocator.h:
1345         (JSC::performJITMemcpy):
1346
1347 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1348
1349         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1350         https://bugs.webkit.org/show_bug.cgi?id=168502
1351
1352         Reviewed by Filip Pizlo.
1353
1354         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1355
1356 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1357
1358         op_get_by_id_with_this should use inline caching
1359         https://bugs.webkit.org/show_bug.cgi?id=162124
1360
1361         Reviewed by Saam Barati.
1362
1363         This patch is enabling inline cache for op_get_by_id_with_this in all
1364         tiers. It means that operations using ```super.member``` are going to
1365         be able to be optimized by PIC. To enable it, we introduced a new
1366         member of StructureStubInfo.patch named thisGPR, created a new class
1367         to manage the IC named JITGetByIdWithThisGenerator and changed
1368         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1369         to decide the correct this value on inline caches.
1370         With inline cached enabled, ```super.member``` are ~4.5x faster,
1371         according microbenchmarks.
1372
1373         * bytecode/AccessCase.cpp:
1374         (JSC::AccessCase::generateImpl):
1375         * bytecode/PolymorphicAccess.cpp:
1376         (JSC::PolymorphicAccess::regenerate):
1377         * bytecode/PolymorphicAccess.h:
1378         * bytecode/StructureStubInfo.cpp:
1379         (JSC::StructureStubInfo::reset):
1380         * bytecode/StructureStubInfo.h:
1381         * dfg/DFGFixupPhase.cpp:
1382         (JSC::DFG::FixupPhase::fixupNode):
1383         * dfg/DFGJITCompiler.cpp:
1384         (JSC::DFG::JITCompiler::link):
1385         * dfg/DFGJITCompiler.h:
1386         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1387         * dfg/DFGSpeculativeJIT.cpp:
1388         (JSC::DFG::SpeculativeJIT::compileIn):
1389         * dfg/DFGSpeculativeJIT.h:
1390         (JSC::DFG::SpeculativeJIT::callOperation):
1391         * dfg/DFGSpeculativeJIT32_64.cpp:
1392         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1393         (JSC::DFG::SpeculativeJIT::compile):
1394         * dfg/DFGSpeculativeJIT64.cpp:
1395         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1396         (JSC::DFG::SpeculativeJIT::compile):
1397         * ftl/FTLLowerDFGToB3.cpp:
1398         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1399         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1400         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1401         * jit/CCallHelpers.h:
1402         (JSC::CCallHelpers::setupArgumentsWithExecState):
1403         * jit/ICStats.h:
1404         * jit/JIT.cpp:
1405         (JSC::JIT::JIT):
1406         (JSC::JIT::privateCompileSlowCases):
1407         (JSC::JIT::link):
1408         * jit/JIT.h:
1409         * jit/JITInlineCacheGenerator.cpp:
1410         (JSC::JITByIdGenerator::JITByIdGenerator):
1411         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1412         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1413         * jit/JITInlineCacheGenerator.h:
1414         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1415         * jit/JITInlines.h:
1416         (JSC::JIT::callOperation):
1417         * jit/JITOperations.cpp:
1418         * jit/JITOperations.h:
1419         * jit/JITPropertyAccess.cpp:
1420         (JSC::JIT::emit_op_get_by_id_with_this):
1421         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1422         * jit/JITPropertyAccess32_64.cpp:
1423         (JSC::JIT::emit_op_get_by_id_with_this):
1424         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1425         * jit/Repatch.cpp:
1426         (JSC::appropriateOptimizingGetByIdFunction):
1427         (JSC::appropriateGenericGetByIdFunction):
1428         (JSC::tryCacheGetByID):
1429         * jit/Repatch.h:
1430         * jsc.cpp:
1431         (WTF::CustomGetter::getOwnPropertySlot):
1432         (WTF::CustomGetter::customGetterAcessor):
1433
1434 2017-03-06  Saam Barati  <sbarati@apple.com>
1435
1436         WebAssembly: implement init_expr for Element
1437         https://bugs.webkit.org/show_bug.cgi?id=165888
1438         <rdar://problem/29760199>
1439
1440         Reviewed by Keith Miller.
1441
1442         This patch fixes a few bugs. The main change is allowing init_expr
1443         for the Element's offset. To do this, I had to fix a couple of
1444         other bugs:
1445         
1446         - I removed our invalid early module-parse-time invalidation
1447         of out of bound Element sections. This is not in the spec because
1448         it can't be validated in the general case when the offset is a
1449         get_global.
1450         
1451         - Our get_global validation inside our init_expr parsing code was simply wrong.
1452         It thought that the index operand to get_global went into the pool of imports,
1453         but it does not. It indexes into the pool of globals. I changed the code to
1454         refer to the global pool instead.
1455
1456         * wasm/WasmFormat.h:
1457         (JSC::Wasm::Element::Element):
1458         * wasm/WasmModuleParser.cpp:
1459         * wasm/js/WebAssemblyModuleRecord.cpp:
1460         (JSC::WebAssemblyModuleRecord::evaluate):
1461
1462 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1463
1464         [JSC] Allow indexed module namespace object fields
1465         https://bugs.webkit.org/show_bug.cgi?id=168870
1466
1467         Reviewed by Saam Barati.
1468
1469         While JS modules cannot expose any indexed bindings,
1470         Wasm modules can expose them. However, module namespace
1471         object currently does not support indexed properties.
1472         This patch allows module namespace objects to offer
1473         indexed binding accesses.
1474
1475         * runtime/JSModuleNamespaceObject.cpp:
1476         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
1477         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1478         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
1479         * runtime/JSModuleNamespaceObject.h:
1480
1481 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1482
1483         Null pointer crash when loading module with unresolved import also as a script file
1484         https://bugs.webkit.org/show_bug.cgi?id=168971
1485
1486         Reviewed by Saam Barati.
1487
1488         If linking throws an error, this error should be re-thrown
1489         when requesting the same module.
1490
1491         * builtins/ModuleLoaderPrototype.js:
1492         (globalPrivate.newRegistryEntry):
1493         * runtime/JSModuleRecord.cpp:
1494         (JSC::JSModuleRecord::link):
1495
1496 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1497
1498         [GTK][JSCOnly] Enable WebAssembly on Linux environment
1499         https://bugs.webkit.org/show_bug.cgi?id=164032
1500
1501         Reviewed by Michael Catanzaro.
1502
1503         This patch enables WebAssembly on JSCOnly and GTK ports.
1504         Basically, almost all the WASM code is portable to Linux.
1505         One platform-dependent part is faster memory load using SIGBUS
1506         signal handler. This patch ports this part to Linux.
1507
1508         * CMakeLists.txt:
1509         * llint/LLIntSlowPaths.cpp:
1510         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1511         * wasm/WasmFaultSignalHandler.cpp:
1512         (JSC::Wasm::trapHandler):
1513         (JSC::Wasm::enableFastMemory):
1514
1515 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
1516
1517         Currency digits calculation in Intl.NumberFormat should call out to ICU
1518         https://bugs.webkit.org/show_bug.cgi?id=169182
1519
1520         Reviewed by Yusuke Suzuki.
1521
1522         * runtime/IntlNumberFormat.cpp:
1523         (JSC::computeCurrencyDigits):
1524         (JSC::computeCurrencySortKey): Deleted.
1525         (JSC::extractCurrencySortKey): Deleted.
1526
1527 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
1528
1529         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
1530         https://bugs.webkit.org/show_bug.cgi?id=168869
1531
1532         Reviewed by Keith Miller.
1533
1534         * b3/B3Width.h:
1535         * wasm/WasmSections.h:
1536
1537 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
1538
1539         [ARM] Unreviewed buildfix after r213376.
1540
1541         * assembler/ARMAssembler.h:
1542         (JSC::ARMAssembler::isBkpt): Typo fixed.
1543
1544 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1545
1546         [JSC] build fix after r213399
1547         https://bugs.webkit.org/show_bug.cgi?id=169154
1548
1549         Unreviewed.
1550
1551         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
1552
1553 2017-03-03  Dean Jackson  <dino@apple.com>
1554
1555         Add WebGPU compile flag and experimental feature flag
1556         https://bugs.webkit.org/show_bug.cgi?id=169161
1557         <rdar://problem/30846689>
1558
1559         Reviewed by Tim Horton.
1560
1561         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
1562         and an InternalSetting.
1563
1564         * Configurations/FeatureDefines.xcconfig:
1565
1566 2017-03-03  Michael Saboff  <msaboff@apple.com>
1567
1568         Add support for relative pathnames to JSC config files
1569         https://bugs.webkit.org/show_bug.cgi?id=169154
1570
1571         Reviewed by Saam Barati.
1572
1573         If the config file is a relative path, prepend the current working directory.
1574         After canonicalizing the config file path, we extract its directory path and
1575         use that for the directory for a relative log pathname.
1576
1577         * runtime/ConfigFile.cpp:
1578         (JSC::ConfigFile::ConfigFile):
1579         (JSC::ConfigFile::parse):
1580         (JSC::ConfigFile::canonicalizePaths):
1581         * runtime/ConfigFile.h:
1582
1583 2017-03-03  Michael Saboff  <msaboff@apple.com>
1584
1585         Add load / store exclusive instruction group to ARM64 disassembler
1586         https://bugs.webkit.org/show_bug.cgi?id=169152
1587
1588         Reviewed by Filip Pizlo.
1589
1590         * disassembler/ARM64/A64DOpcode.cpp:
1591         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
1592         * disassembler/ARM64/A64DOpcode.h:
1593         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
1594         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
1595         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
1596         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
1597         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
1598         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
1599         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
1600         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
1601         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
1602
1603 2017-03-03  Keith Miller  <keith_miller@apple.com>
1604
1605         WASM should support faster loads.
1606         https://bugs.webkit.org/show_bug.cgi?id=162693
1607
1608         Reviewed by Saam Barati.
1609
1610         This patch adds support for WebAssembly using a 32-bit address
1611         space for memory (along with some extra space for offset
1612         overflow). With a 32-bit address space (we call them
1613         Signaling/fast memories), we reserve the virtual address space for
1614         2^32 + offset bytes of memory and only mark the usable section as
1615         read/write. If wasm code would read/write out of bounds we use a
1616         custom signal handler to catch the SIGBUS. The signal handler then
1617         checks if the faulting instruction is wasm code and tells the
1618         thread to resume executing from the wasm exception
1619         handler. Otherwise, the signal handler crashes the process, as
1620         usual.
1621
1622         All of the allocations of these memories are managed by the
1623         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
1624         old Signaling memories that are no longer in use. Since getting
1625         the wrong memory can cause recompiles, we try to reserve a memory
1626         for modules that do not import a memory. If a module does import a
1627         memory, we try to guess the type of memory we are going to get
1628         based on the last one allocated.
1629
1630         This patch also changes how the wasm JS-api manages objects. Since
1631         we can compile different versions of code, this patch adds a new
1632         JSWebAssemblyCodeBlock class that holds all the information
1633         specific to running a module in a particular bounds checking
1634         mode. Additionally, the Wasm::Memory object is now a reference
1635         counted class that is shared between the JSWebAssemblyMemory
1636         object and the ArrayBuffer that also views it.
1637
1638         * JavaScriptCore.xcodeproj/project.pbxproj:
1639         * jit/JITThunks.cpp:
1640         (JSC::JITThunks::existingCTIStub):
1641         * jit/JITThunks.h:
1642         * jsc.cpp:
1643         (jscmain):
1644         * runtime/Options.h:
1645         * runtime/VM.cpp:
1646         (JSC::VM::VM):
1647         * runtime/VM.h:
1648         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1649         (JSC::JSWebAssemblyCodeBlock::create):
1650         (JSC::JSWebAssemblyCodeBlock::createStructure):
1651         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
1652         (JSC::JSWebAssemblyCodeBlock::mode):
1653         (JSC::JSWebAssemblyCodeBlock::module):
1654         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
1655         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
1656         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
1657         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
1658         (JSC::JSWebAssemblyCodeBlock::callees):
1659         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
1660         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1661         * wasm/WasmB3IRGenerator.cpp:
1662         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1663         (JSC::Wasm::getMemoryBaseAndSize):
1664         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1665         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1666         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1667         * wasm/WasmCallingConvention.h:
1668         * wasm/WasmFaultSignalHandler.cpp: Added.
1669         (JSC::Wasm::trapHandler):
1670         (JSC::Wasm::registerCode):
1671         (JSC::Wasm::unregisterCode):
1672         (JSC::Wasm::fastMemoryEnabled):
1673         (JSC::Wasm::enableFastMemory):
1674         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
1675         * wasm/WasmFormat.h:
1676         (JSC::Wasm::ModuleInformation::importFunctionCount):
1677         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
1678         * wasm/WasmMemory.cpp:
1679         (JSC::Wasm::mmapBytes):
1680         (JSC::Wasm::Memory::lastAllocatedMode):
1681         (JSC::Wasm::availableFastMemories):
1682         (JSC::Wasm::tryGetFastMemory):
1683         (JSC::Wasm::releaseFastMemory):
1684         (JSC::Wasm::Memory::Memory):
1685         (JSC::Wasm::Memory::createImpl):
1686         (JSC::Wasm::Memory::create):
1687         (JSC::Wasm::Memory::~Memory):
1688         (JSC::Wasm::Memory::grow):
1689         (JSC::Wasm::Memory::dump):
1690         (JSC::Wasm::Memory::makeString):
1691         * wasm/WasmMemory.h:
1692         (JSC::Wasm::Memory::operator bool):
1693         (JSC::Wasm::Memory::size):
1694         (JSC::Wasm::Memory::check):
1695         (JSC::Wasm::Memory::Memory): Deleted.
1696         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
1697         (JSC::Wasm::Memory::offsetOfSize): Deleted.
1698         * wasm/WasmMemoryInformation.cpp:
1699         (JSC::Wasm::MemoryInformation::MemoryInformation):
1700         * wasm/WasmMemoryInformation.h:
1701         (JSC::Wasm::MemoryInformation::hasReservedMemory):
1702         (JSC::Wasm::MemoryInformation::takeReservedMemory):
1703         (JSC::Wasm::MemoryInformation::mode):
1704         * wasm/WasmModuleParser.cpp:
1705         * wasm/WasmModuleParser.h:
1706         (JSC::Wasm::ModuleParser::ModuleParser):
1707         * wasm/WasmPlan.cpp:
1708         (JSC::Wasm::Plan::parseAndValidateModule):
1709         (JSC::Wasm::Plan::run):
1710         * wasm/WasmPlan.h:
1711         (JSC::Wasm::Plan::mode):
1712         * wasm/js/JSWebAssemblyCallee.cpp:
1713         (JSC::JSWebAssemblyCallee::finishCreation):
1714         (JSC::JSWebAssemblyCallee::destroy):
1715         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
1716         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1717         (JSC::JSWebAssemblyCodeBlock::destroy):
1718         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1719         (JSC::JSWebAssemblyCodeBlock::visitChildren):
1720         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
1721         * wasm/js/JSWebAssemblyInstance.cpp:
1722         (JSC::JSWebAssemblyInstance::setMemory):
1723         (JSC::JSWebAssemblyInstance::finishCreation):
1724         (JSC::JSWebAssemblyInstance::visitChildren):
1725         * wasm/js/JSWebAssemblyInstance.h:
1726         (JSC::JSWebAssemblyInstance::module):
1727         (JSC::JSWebAssemblyInstance::codeBlock):
1728         (JSC::JSWebAssemblyInstance::memoryMode):
1729         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
1730         * wasm/js/JSWebAssemblyMemory.cpp:
1731         (JSC::JSWebAssemblyMemory::create):
1732         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
1733         (JSC::JSWebAssemblyMemory::buffer):
1734         (JSC::JSWebAssemblyMemory::grow):
1735         (JSC::JSWebAssemblyMemory::destroy):
1736         * wasm/js/JSWebAssemblyMemory.h:
1737         (JSC::JSWebAssemblyMemory::memory):
1738         (JSC::JSWebAssemblyMemory::offsetOfMemory):
1739         (JSC::JSWebAssemblyMemory::offsetOfSize):
1740         * wasm/js/JSWebAssemblyModule.cpp:
1741         (JSC::JSWebAssemblyModule::buildCodeBlock):
1742         (JSC::JSWebAssemblyModule::create):
1743         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1744         (JSC::JSWebAssemblyModule::codeBlock):
1745         (JSC::JSWebAssemblyModule::finishCreation):
1746         (JSC::JSWebAssemblyModule::visitChildren):
1747         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
1748         * wasm/js/JSWebAssemblyModule.h:
1749         (JSC::JSWebAssemblyModule::takeReservedMemory):
1750         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
1751         (JSC::JSWebAssemblyModule::codeBlock):
1752         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
1753         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
1754         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
1755         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
1756         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
1757         (JSC::JSWebAssemblyModule::callees): Deleted.
1758         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
1759         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
1760         * wasm/js/WebAssemblyFunction.cpp:
1761         (JSC::callWebAssemblyFunction):
1762         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1763         (JSC::constructJSWebAssemblyInstance):
1764         * wasm/js/WebAssemblyMemoryConstructor.cpp:
1765         (JSC::constructJSWebAssemblyMemory):
1766         * wasm/js/WebAssemblyModuleConstructor.cpp:
1767         (JSC::WebAssemblyModuleConstructor::createModule):
1768         * wasm/js/WebAssemblyModuleRecord.cpp:
1769         (JSC::WebAssemblyModuleRecord::link):
1770         (JSC::WebAssemblyModuleRecord::evaluate):
1771
1772 2017-03-03  Mark Lam  <mark.lam@apple.com>
1773
1774         Gardening: fix broken ARM64 build.
1775         https://bugs.webkit.org/show_bug.cgi?id=169139
1776
1777         Not reviewed.
1778
1779         * assembler/ARM64Assembler.h:
1780         (JSC::ARM64Assembler::excepnGenerationImmMask):
1781
1782 2017-03-03  Mark Lam  <mark.lam@apple.com>
1783
1784         Add MacroAssembler::isBreakpoint() query function.
1785         https://bugs.webkit.org/show_bug.cgi?id=169139
1786
1787         Reviewed by Michael Saboff.
1788
1789         This will be needed soon when we use breakpoint instructions to implement
1790         non-polling VM traps, and need to discern between a VM trap signal and a genuine
1791         assertion breakpoint.
1792
1793         * assembler/ARM64Assembler.h:
1794         (JSC::ARM64Assembler::isBrk):
1795         (JSC::ARM64Assembler::excepnGenerationImmMask):
1796         * assembler/ARMAssembler.h:
1797         (JSC::ARMAssembler::isBkpt):
1798         * assembler/ARMv7Assembler.h:
1799         (JSC::ARMv7Assembler::isBkpt):
1800         * assembler/MIPSAssembler.h:
1801         (JSC::MIPSAssembler::isBkpt):
1802         * assembler/MacroAssemblerARM.h:
1803         (JSC::MacroAssemblerARM::isBreakpoint):
1804         * assembler/MacroAssemblerARM64.h:
1805         (JSC::MacroAssemblerARM64::isBreakpoint):
1806         * assembler/MacroAssemblerARMv7.h:
1807         (JSC::MacroAssemblerARMv7::isBreakpoint):
1808         * assembler/MacroAssemblerMIPS.h:
1809         (JSC::MacroAssemblerMIPS::isBreakpoint):
1810         * assembler/MacroAssemblerX86Common.h:
1811         (JSC::MacroAssemblerX86Common::isBreakpoint):
1812         * assembler/X86Assembler.h:
1813         (JSC::X86Assembler::isInt3):
1814
1815 2017-03-03  Mark Lam  <mark.lam@apple.com>
1816
1817         We should only check for traps that we're able to handle.
1818         https://bugs.webkit.org/show_bug.cgi?id=169136
1819
1820         Reviewed by Michael Saboff.
1821
1822         The execute methods in interpreter were checking for the existence of any traps
1823         (without masking) and only handling a subset of those via a mask.  This can
1824         result in a failed assertion on debug builds.
1825
1826         This patch fixes this by applying the same mask for both the needTrapHandling()
1827         check and the handleTraps() call.  Also added a few assertions.
1828
1829         * interpreter/Interpreter.cpp:
1830         (JSC::Interpreter::executeProgram):
1831         (JSC::Interpreter::executeCall):
1832         (JSC::Interpreter::executeConstruct):
1833         (JSC::Interpreter::execute):
1834         * jit/JITOperations.cpp:
1835         * llint/LLIntSlowPaths.cpp:
1836         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1837
1838 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
1839
1840         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
1841         https://bugs.webkit.org/show_bug.cgi?id=169074
1842
1843         Reviewed by Joseph Pecoraro.
1844
1845         They are not actually cocoa specific.
1846
1847         * inspector/remote/RemoteInspector.cpp:
1848         (Inspector::RemoteInspector::updateTargetListing):
1849         * inspector/remote/RemoteInspector.h:
1850         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
1851
1852 2017-03-02  Mark Lam  <mark.lam@apple.com>
1853
1854         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
1855         https://bugs.webkit.org/show_bug.cgi?id=169089
1856
1857         Reviewed by Tim Horton and Joseph Pecoraro.
1858
1859         * runtime/VM.cpp:
1860         (JSC::VM::handleTraps):
1861         * runtime/VM.h:
1862         (JSC::VM::notifyNeedDebuggerBreak):
1863
1864 2017-03-02  Michael Saboff  <msaboff@apple.com>
1865
1866         Add JSC identity when code signing to allow debugging on iOS
1867         https://bugs.webkit.org/show_bug.cgi?id=169099
1868
1869         Reviewed by Filip Pizlo.
1870
1871         * Configurations/JSC.xcconfig:
1872         * Configurations/ToolExecutable.xcconfig:
1873
1874 2017-03-02  Keith Miller  <keith_miller@apple.com>
1875
1876         WebAssemblyFunction should have Function.prototype as its prototype
1877         https://bugs.webkit.org/show_bug.cgi?id=169101
1878
1879         Reviewed by Filip Pizlo.
1880
1881         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
1882         objects should have Function.prototype as their prototype.
1883
1884         * runtime/JSGlobalObject.cpp:
1885         (JSC::JSGlobalObject::init):
1886
1887 2017-03-02  Mark Lam  <mark.lam@apple.com>
1888
1889         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
1890         https://bugs.webkit.org/show_bug.cgi?id=169088
1891
1892         Reviewed by Keith Miller.
1893
1894         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
1895         generated.  This is useful for testing purposes until we have signal based
1896         traps, at which point, we will always emit the op_check_traps bytecode and remove
1897         this option.
1898
1899         Options::usePollingTraps() enables the use of polling VM traps all the time.
1900         This will be useful for benchmark comparisons, (between polling and non-polling
1901         traps), as well as for forcing polling traps later for ports that don't support
1902         signal based traps.
1903
1904         Note: signal based traps are not fully implemented yet.  As a result, if the VM
1905         watchdog is in use, we will force Options::usePollingTraps() to be true.
1906
1907         * bytecompiler/BytecodeGenerator.cpp:
1908         (JSC::BytecodeGenerator::emitCheckTraps):
1909         * dfg/DFGClobberize.h:
1910         (JSC::DFG::clobberize):
1911         * dfg/DFGSpeculativeJIT.cpp:
1912         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
1913         * dfg/DFGSpeculativeJIT32_64.cpp:
1914         (JSC::DFG::SpeculativeJIT::compile):
1915         * dfg/DFGSpeculativeJIT64.cpp:
1916         (JSC::DFG::SpeculativeJIT::compile):
1917         * ftl/FTLLowerDFGToB3.cpp:
1918         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1919         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
1920         * runtime/Options.cpp:
1921         (JSC::recomputeDependentOptions):
1922         * runtime/Options.h:
1923
1924 2017-03-02  Keith Miller  <keith_miller@apple.com>
1925
1926         Fix addressing mode for B3WasmAddress
1927         https://bugs.webkit.org/show_bug.cgi?id=169092
1928
1929         Reviewed by Filip Pizlo.
1930
1931         Fix the potential addressing modes for B3WasmAddress. ARM does not
1932         support a base + index*1 + offset addressing mode. I think when I
1933         read it the first time I assumed it would always work on both ARM
1934         and X86. While true for X86 it's not true for ARM.
1935
1936         * b3/B3LowerToAir.cpp:
1937         (JSC::B3::Air::LowerToAir::effectiveAddr):
1938
1939 2017-03-02  Mark Lam  <mark.lam@apple.com>
1940
1941         Add support for selective handling of VM traps.
1942         https://bugs.webkit.org/show_bug.cgi?id=169087
1943
1944         Reviewed by Keith Miller.
1945
1946         This is needed because there are some places in the VM where it's appropriate to
1947         handle some types of VM traps but not others.
1948
1949         We implement this selection by using a VMTraps::Mask that allows the user to
1950         specify which traps should be serviced.
1951
1952         * interpreter/Interpreter.cpp:
1953         (JSC::Interpreter::executeProgram):
1954         (JSC::Interpreter::executeCall):
1955         (JSC::Interpreter::executeConstruct):
1956         (JSC::Interpreter::execute):
1957         * runtime/VM.cpp:
1958         (JSC::VM::handleTraps):
1959         * runtime/VM.h:
1960         * runtime/VMTraps.cpp:
1961         (JSC::VMTraps::takeTrap): Deleted.
1962         * runtime/VMTraps.h:
1963         (JSC::VMTraps::Mask::Mask):
1964         (JSC::VMTraps::Mask::allEventTypes):
1965         (JSC::VMTraps::Mask::bits):
1966         (JSC::VMTraps::Mask::init):
1967         (JSC::VMTraps::needTrapHandling):
1968         (JSC::VMTraps::hasTrapForEvent):
1969
1970 2017-03-02  Alex Christensen  <achristensen@webkit.org>
1971
1972         Continue enabling WebRTC
1973         https://bugs.webkit.org/show_bug.cgi?id=169056
1974
1975         Reviewed by Jon Lee.
1976
1977         * Configurations/FeatureDefines.xcconfig:
1978
1979 2017-03-02  Tomas Popela  <tpopela@redhat.com>
1980
1981         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
1982         https://bugs.webkit.org/show_bug.cgi?id=169034
1983
1984         Reviewed by Mark Lam.
1985
1986         It should not assign to offset, but compare to offset.
1987
1988         * runtime/JSGlobalObject.cpp:
1989         (JSC::JSGlobalObject::addStaticGlobals):
1990
1991 2017-03-01  Alex Christensen  <achristensen@webkit.org>
1992
1993         Unreviewed, rolling out r213259.
1994
1995         Broke an internal build
1996
1997         Reverted changeset:
1998
1999         "Continue enabling WebRTC"
2000         https://bugs.webkit.org/show_bug.cgi?id=169056
2001         http://trac.webkit.org/changeset/213259
2002
2003 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2004
2005         Continue enabling WebRTC
2006         https://bugs.webkit.org/show_bug.cgi?id=169056
2007
2008         Reviewed by Jon Lee.
2009
2010         * Configurations/FeatureDefines.xcconfig:
2011
2012 2017-03-01  Michael Saboff  <msaboff@apple.com>
2013
2014         Source/JavaScriptCore/ChangeLog
2015         https://bugs.webkit.org/show_bug.cgi?id=169055
2016
2017         Reviewed by Mark Lam.
2018
2019         Made local copies of options strings for OptionRange and string typed options.
2020
2021         * runtime/Options.cpp:
2022         (JSC::parse):
2023         (JSC::OptionRange::init):
2024
2025 2017-03-01  Mark Lam  <mark.lam@apple.com>
2026
2027         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2028         https://bugs.webkit.org/show_bug.cgi?id=168996
2029
2030         Reviewed by Filip Pizlo and Saam Barati.
2031
2032         PlatformThread is more useful because it allows us to:
2033         1. find the MachineThreads::Thread which is associated with it.
2034         2. suspend / resume threads.
2035         3. send a signal to a thread.
2036
2037         We can't do those with std::thread::id.  We will need one or more of these
2038         capabilities to implement non-polling VM traps later.
2039
2040         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2041         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2042         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2043         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2044
2045         * JavaScriptCore.xcodeproj/project.pbxproj:
2046         * heap/MachineStackMarker.cpp:
2047         (JSC::MachineThreads::Thread::createForCurrentThread):
2048         (JSC::MachineThreads::machineThreadForCurrentThread):
2049         (JSC::MachineThreads::removeThread):
2050         (JSC::MachineThreads::Thread::suspend):
2051         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2052         (JSC::getCurrentPlatformThread): Deleted.
2053         * heap/MachineStackMarker.h:
2054         * runtime/JSCellInlines.h:
2055         (JSC::JSCell::classInfo):
2056         * runtime/JSLock.cpp:
2057         (JSC::JSLock::JSLock):
2058         (JSC::JSLock::lock):
2059         (JSC::JSLock::unlock):
2060         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2061         * runtime/JSLock.h:
2062         (JSC::JSLock::ownerThread):
2063         (JSC::JSLock::currentThreadIsHoldingLock):
2064         * runtime/PlatformThread.h: Added.
2065         (JSC::currentPlatformThread):
2066         * runtime/VM.cpp:
2067         (JSC::VM::~VM):
2068         * runtime/VM.h:
2069         (JSC::VM::ownerThread):
2070         * runtime/Watchdog.cpp:
2071         (JSC::Watchdog::setTimeLimit):
2072         (JSC::Watchdog::shouldTerminate):
2073         (JSC::Watchdog::startTimer):
2074         (JSC::Watchdog::stopTimer):
2075         * tools/JSDollarVMPrototype.cpp:
2076         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2077         * tools/VMInspector.cpp:
2078
2079 2017-03-01  Saam Barati  <sbarati@apple.com>
2080
2081         Implement a mega-disassembler that'll be used in the FTL
2082         https://bugs.webkit.org/show_bug.cgi?id=168685
2083
2084         Reviewed by Mark Lam.
2085
2086         This patch extends the previous Air disassembler to print the
2087         DFG and B3 nodes belonging to particular Air instructions.
2088         The algorithm I'm using to do this is not perfect. For example,
2089         it won't try to print the entire DFG/B3 graph. It'll just print
2090         the related nodes for particular Air instructions. We can make the
2091         algorithm more sophisticated as we get more experience looking at
2092         these IR dumps and get a better feel for what we want out of them.
2093
2094         This is an example of the output:
2095
2096         ...
2097         ...
2098         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2099            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2100                Patch &Patchpoint2, %r20, %r20, %r0, @54
2101          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2102            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2103                Move 32(%r20), %r5, @57
2104                       0x389cc9ac0:    ldur   x5, [x20, #32]
2105         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2106            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2107                Move32 (%r5), %r1, @58
2108                       0x389cc9ac4:    ldur   w1, [x5]
2109            Int32 @59 = Const32(DFG:@115, 92)
2110            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2111            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2112                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2113                       0x389cc9ac8:    cmp    w1, #92
2114                       0x389cc9acc:    b.ne   0x389cc9dac
2115         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2116            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2117                Move 8(%r5), %r4, @64
2118                       0x389cc9ad0:    ldur   x4, [x5, #8]
2119          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2120            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2121                Move32 -8(%r4), %r2, @67
2122                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2123       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2124            Int32 @68 = Const32(DFG:@192, -1)
2125                Move $0xffffffffffffffff, %r1, $-1(@68)
2126                       0x389cc9ad8:    mov    x1, #-1
2127          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2128            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2129                Add32 %r2, %r1, %r1, @69
2130                       0x389cc9adc:    add    w1, w2, w1
2131          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2132            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2133            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2134                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2135                       0x389cc9ae0:    cmp    x0, x22
2136                       0x389cc9ae4:    b.lo   0x389cc9dc0
2137            Int32 @72 = Trunc(@53, DFG:@86)
2138            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2139                And32 %r1, %r0, %r1, @73
2140                       0x389cc9ae8:    and    w1, w1, w0
2141            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2142            Int32 @72 = Trunc(@53, DFG:@86)
2143            Int64 @11 = SlotBase(stack0)
2144            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2145                Move32 %r0, -64(%fp), @76
2146                       0x389cc9aec:    stur   w0, [fp, #-64]
2147            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2148            Int64 @77 = ZExt32(@73, DFG:@12)
2149            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2150                Add64 %r1, %r22, %r3, @78
2151                       0x389cc9af0:    add    x3, x1, x22
2152            Int64 @11 = SlotBase(stack0)
2153            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2154                Move %r3, -72(%fp), @81
2155                       0x389cc9af4:    stur   x3, [fp, #-72]
2156            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2157            Int32 @82 = Trunc(@24, DFG:@10)
2158            Int64 @11 = SlotBase(stack0)
2159            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2160                Move32 %r21, -80(%fp), @85
2161                       0x389cc9af8:    stur   w21, [fp, #-80]
2162           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2163            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2164            Void @90 = Branch(@89, DFG:@129, Terminal)
2165                Branch32 AboveOrEqual, %r1, %r2, @90
2166                       0x389cc9afc:    cmp    w1, w2
2167                       0x389cc9b00:    b.hs   0x389cc9bec
2168         ...
2169         ...
2170
2171         * b3/air/AirDisassembler.cpp:
2172         (JSC::B3::Air::Disassembler::dump):
2173         * b3/air/AirDisassembler.h:
2174         * ftl/FTLCompile.cpp:
2175         (JSC::FTL::compile):
2176         * ftl/FTLLowerDFGToB3.cpp:
2177         (JSC::FTL::DFG::LowerDFGToB3::lower):
2178         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2179         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2180         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2181         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2182
2183 2017-03-01  Mark Lam  <mark.lam@apple.com>
2184
2185         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2186         https://bugs.webkit.org/show_bug.cgi?id=169042
2187
2188         Not reviewed.
2189
2190         Rolling out r213229 and r213202.
2191
2192         * JavaScriptCore.xcodeproj/project.pbxproj:
2193         * heap/MachineStackMarker.cpp:
2194         (JSC::getCurrentPlatformThread):
2195         (JSC::MachineThreads::Thread::createForCurrentThread):
2196         (JSC::MachineThreads::machineThreadForCurrentThread):
2197         (JSC::MachineThreads::removeThread):
2198         (JSC::MachineThreads::Thread::suspend):
2199         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2200         * heap/MachineStackMarker.h:
2201         * runtime/JSCellInlines.h:
2202         (JSC::JSCell::classInfo):
2203         * runtime/JSLock.cpp:
2204         (JSC::JSLock::JSLock):
2205         (JSC::JSLock::lock):
2206         (JSC::JSLock::unlock):
2207         (JSC::JSLock::currentThreadIsHoldingLock):
2208         * runtime/JSLock.h:
2209         (JSC::JSLock::ownerThread):
2210         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2211         * runtime/PlatformThread.h: Removed.
2212         * runtime/VM.cpp:
2213         (JSC::VM::~VM):
2214         * runtime/VM.h:
2215         (JSC::VM::ownerThread):
2216         * runtime/Watchdog.cpp:
2217         (JSC::Watchdog::setTimeLimit):
2218         (JSC::Watchdog::shouldTerminate):
2219         (JSC::Watchdog::startTimer):
2220         (JSC::Watchdog::stopTimer):
2221         * tools/JSDollarVMPrototype.cpp:
2222         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2223         * tools/VMInspector.cpp:
2224
2225 2017-03-01  Mark Lam  <mark.lam@apple.com>
2226
2227         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2228         https://bugs.webkit.org/show_bug.cgi?id=169042
2229
2230         Reviewed by Filip Pizlo.
2231
2232         * runtime/JSLock.h:
2233         (JSC::JSLock::currentThreadIsHoldingLock):
2234
2235 2017-02-28  Brian Burg  <bburg@apple.com>
2236
2237         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2238         https://bugs.webkit.org/show_bug.cgi?id=168695
2239         <rdar://problem/30643899>
2240
2241         Reviewed by Joseph Pecoraro.
2242
2243         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2244         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2245         to gather listing information for RemoteAutomationTargets.
2246
2247         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2248         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2249         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2250
2251         * inspector/remote/RemoteInspector.h:
2252         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2253
2254         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2255         (Inspector::RemoteConnectionToTarget::setup):
2256         (Inspector::RemoteConnectionToTarget::close):
2257         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2258         and use it inside the block later after it may have been destructed already. If that happens,
2259         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2260
2261         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2262         (Inspector::RemoteInspector::updateTargetListing):
2263         We need to make sure to request a listing push after the target is updated, so implicitly call
2264         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2265
2266         (Inspector::RemoteInspector::receivedSetupMessage):
2267         (Inspector::RemoteInspector::receivedDidCloseMessage):
2268         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2269         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2270         and asynchronously on the target's queue when the connection to target is opened or closed.
2271
2272 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2273
2274         Leak under Options::setOptions
2275         https://bugs.webkit.org/show_bug.cgi?id=169029
2276
2277         Reviewed by Michael Saboff.
2278
2279         Don't leak the optionsStrCopy variable.
2280
2281         * runtime/Options.cpp:
2282         (JSC::Options::setOptions):
2283
2284 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2285
2286         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2287         https://bugs.webkit.org/show_bug.cgi?id=168968
2288
2289         Reviewed by Saam Barati.
2290
2291         This patch decouples dumping bytecode sequence from CodeBlock.
2292         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2293         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2294         called Generatorification.
2295
2296         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2297         this class to dump bytecode sequence.
2298
2299         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2300         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2301
2302         * CMakeLists.txt:
2303         * JavaScriptCore.xcodeproj/project.pbxproj:
2304         * bytecode/BytecodeDumper.cpp: Added.
2305         (JSC::getStructureID):
2306         (JSC::getSpecialPointer):
2307         (JSC::getPutByIdFlags):
2308         (JSC::getToThisStatus):
2309         (JSC::getPointer):
2310         (JSC::getStructureChain):
2311         (JSC::getStructure):
2312         (JSC::getCallLinkInfo):
2313         (JSC::getBasicBlockLocation):
2314         (JSC::BytecodeDumper<Block>::actualPointerFor):
2315         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2316         (JSC::beginDumpProfiling):
2317         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2318         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2319         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2320         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2321         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2322         (JSC::dumpRareCaseProfile):
2323         (JSC::dumpArithProfile):
2324         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2325         (JSC::BytecodeDumper<Block>::vm):
2326         (JSC::BytecodeDumper<Block>::identifier):
2327         (JSC::regexpToSourceString):
2328         (JSC::regexpName):
2329         (JSC::printLocationAndOp):
2330         (JSC::isConstantRegisterIndex):
2331         (JSC::debugHookName):
2332         (JSC::BytecodeDumper<Block>::registerName):
2333         (JSC::idName):
2334         (JSC::BytecodeDumper<Block>::constantName):
2335         (JSC::BytecodeDumper<Block>::printUnaryOp):
2336         (JSC::BytecodeDumper<Block>::printBinaryOp):
2337         (JSC::BytecodeDumper<Block>::printConditionalJump):
2338         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2339         (JSC::dumpStructure):
2340         (JSC::dumpChain):
2341         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2342         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2343         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2344         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2345         (JSC::BytecodeDumper<Block>::printCallOp):
2346         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2347         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2348         (JSC::BytecodeDumper<Block>::dumpBytecode):
2349         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2350         (JSC::BytecodeDumper<Block>::dumpConstants):
2351         (JSC::BytecodeDumper<Block>::dumpRegExps):
2352         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2353         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2354         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2355         (JSC::BytecodeDumper<Block>::dumpBlock):
2356         * bytecode/BytecodeDumper.h: Added.
2357         (JSC::BytecodeDumper::BytecodeDumper):
2358         (JSC::BytecodeDumper::block):
2359         (JSC::BytecodeDumper::instructionsBegin):
2360         * bytecode/BytecodeGeneratorification.cpp:
2361         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2362         (JSC::performGeneratorification):
2363         * bytecode/BytecodeLivenessAnalysis.cpp:
2364         (JSC::BytecodeLivenessAnalysis::dumpResults):
2365         * bytecode/CodeBlock.cpp:
2366         (JSC::CodeBlock::dumpBytecode):
2367         (JSC::CodeBlock::finishCreation):
2368         (JSC::CodeBlock::propagateTransitions):
2369         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2370         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2371         (JSC::CodeBlock::usesOpcode):
2372         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2373         (JSC::CodeBlock::arithProfileForPC):
2374         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2375         (JSC::idName): Deleted.
2376         (JSC::CodeBlock::registerName): Deleted.
2377         (JSC::CodeBlock::constantName): Deleted.
2378         (JSC::regexpToSourceString): Deleted.
2379         (JSC::regexpName): Deleted.
2380         (JSC::debugHookName): Deleted.
2381         (JSC::CodeBlock::printUnaryOp): Deleted.
2382         (JSC::CodeBlock::printBinaryOp): Deleted.
2383         (JSC::CodeBlock::printConditionalJump): Deleted.
2384         (JSC::CodeBlock::printGetByIdOp): Deleted.
2385         (JSC::dumpStructure): Deleted.
2386         (JSC::dumpChain): Deleted.
2387         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2388         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2389         (JSC::CodeBlock::printCallOp): Deleted.
2390         (JSC::CodeBlock::printPutByIdOp): Deleted.
2391         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2392         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2393         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2394         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2395         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2396         (JSC::CodeBlock::dumpArithProfile): Deleted.
2397         (JSC::CodeBlock::printLocationAndOp): Deleted.
2398         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2399         * bytecode/CodeBlock.h:
2400         (JSC::CodeBlock::constantRegisters):
2401         (JSC::CodeBlock::numberOfRegExps):
2402         (JSC::CodeBlock::bitVectors):
2403         (JSC::CodeBlock::bitVector):
2404         * bytecode/HandlerInfo.h:
2405         (JSC::HandlerInfoBase::typeName):
2406         * bytecode/UnlinkedCodeBlock.cpp:
2407         (JSC::UnlinkedCodeBlock::dump):
2408         * bytecode/UnlinkedCodeBlock.h:
2409         (JSC::UnlinkedCodeBlock::getConstant):
2410         * bytecode/UnlinkedInstructionStream.cpp:
2411         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2412         * bytecode/UnlinkedInstructionStream.h:
2413         (JSC::UnlinkedInstructionStream::Reader::next):
2414         * runtime/Options.h:
2415
2416 2017-02-28  Mark Lam  <mark.lam@apple.com>
2417
2418         Change JSLock to stash PlatformThread instead of std::thread::id.
2419         https://bugs.webkit.org/show_bug.cgi?id=168996
2420
2421         Reviewed by Filip Pizlo.
2422
2423         PlatformThread is more useful because it allows us to:
2424         1. find the MachineThreads::Thread which is associated with it.
2425         2. suspend / resume threads.
2426         3. send a signal to a thread.
2427
2428         We can't do those with std::thread::id.  We will need one or more of these
2429         capabilities to implement non-polling VM traps later.
2430
2431         * JavaScriptCore.xcodeproj/project.pbxproj:
2432         * heap/MachineStackMarker.cpp:
2433         (JSC::MachineThreads::Thread::createForCurrentThread):
2434         (JSC::MachineThreads::machineThreadForCurrentThread):
2435         (JSC::MachineThreads::removeThread):
2436         (JSC::MachineThreads::Thread::suspend):
2437         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2438         (JSC::getCurrentPlatformThread): Deleted.
2439         * heap/MachineStackMarker.h:
2440         * runtime/JSCellInlines.h:
2441         (JSC::JSCell::classInfo):
2442         * runtime/JSLock.cpp:
2443         (JSC::JSLock::lock):
2444         (JSC::JSLock::unlock):
2445         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2446         * runtime/JSLock.h:
2447         (JSC::JSLock::ownerThread):
2448         (JSC::JSLock::currentThreadIsHoldingLock):
2449         * runtime/PlatformThread.h: Added.
2450         (JSC::currentPlatformThread):
2451         * runtime/VM.cpp:
2452         (JSC::VM::~VM):
2453         * runtime/VM.h:
2454         (JSC::VM::ownerThread):
2455         * runtime/Watchdog.cpp:
2456         (JSC::Watchdog::setTimeLimit):
2457         (JSC::Watchdog::shouldTerminate):
2458         (JSC::Watchdog::startTimer):
2459         (JSC::Watchdog::stopTimer):
2460         * tools/JSDollarVMPrototype.cpp:
2461         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2462         * tools/VMInspector.cpp:
2463
2464 2017-02-28  Mark Lam  <mark.lam@apple.com>
2465
2466         Enable the SigillCrashAnalyzer by default for iOS.
2467         https://bugs.webkit.org/show_bug.cgi?id=168989
2468
2469         Reviewed by Keith Miller.
2470
2471         * runtime/Options.cpp:
2472         (JSC::overrideDefaults):
2473
2474 2017-02-28  Mark Lam  <mark.lam@apple.com>
2475
2476         Remove setExclusiveThread() and peers from the JSLock.
2477         https://bugs.webkit.org/show_bug.cgi?id=168977
2478
2479         Reviewed by Filip Pizlo.
2480
2481         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
2482         Speedometer, we see that removal of exclusive thread status has no measurable
2483         impact on performance.  So, let's remove the code for handling exclusive thread
2484         status, and simplify the JSLock code.
2485
2486         For the records, exclusive thread status does improve JSLock locking/unlocking
2487         time by up to 20%.  However, this difference is not measurable in the way WebCore
2488         uses the JSLock as confirmed by Speedometer.
2489
2490         Also applied a minor optimization in JSLock::lock() to assume the initial lock
2491         entry case (as opposed to the re-entry case).  This appears to shows a small
2492         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
2493         time in a micro-benchmark.
2494
2495         * heap/Heap.cpp:
2496         (JSC::Heap::Heap):
2497         * heap/MachineStackMarker.cpp:
2498         (JSC::MachineThreads::MachineThreads):
2499         (JSC::MachineThreads::addCurrentThread):
2500         * heap/MachineStackMarker.h:
2501         * runtime/JSLock.cpp:
2502         (JSC::JSLock::JSLock):
2503         (JSC::JSLock::lock):
2504         (JSC::JSLock::unlock):
2505         (JSC::JSLock::currentThreadIsHoldingLock):
2506         (JSC::JSLock::dropAllLocks):
2507         (JSC::JSLock::grabAllLocks):
2508         (JSC::JSLock::setExclusiveThread): Deleted.
2509         * runtime/JSLock.h:
2510         (JSC::JSLock::ownerThread):
2511         (JSC::JSLock::hasExclusiveThread): Deleted.
2512         (JSC::JSLock::exclusiveThread): Deleted.
2513         * runtime/VM.h:
2514         (JSC::VM::hasExclusiveThread): Deleted.
2515         (JSC::VM::exclusiveThread): Deleted.
2516         (JSC::VM::setExclusiveThread): Deleted.
2517
2518 2017-02-28  Saam Barati  <sbarati@apple.com>
2519
2520         Arm64 disassembler prints "ars" instead of "asr"
2521         https://bugs.webkit.org/show_bug.cgi?id=168923
2522
2523         Rubber stamped by Michael Saboff.
2524
2525         * disassembler/ARM64/A64DOpcode.cpp:
2526         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2527
2528 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
2529
2530         Use of arguments in arrow function is slow
2531         https://bugs.webkit.org/show_bug.cgi?id=168829
2532
2533         Reviewed by Saam Barati.
2534
2535         Current patch improves performance access to arguments within arrow functuion
2536         by preventing create arguments variable within arrow function, also allow to cache 
2537         arguments variable. Before arguments variable always have Dynamic resolve type, after 
2538         patch it can be ClosureVar, that increase performance of access to arguments variable
2539         in 9 times inside of the arrow function. 
2540
2541         * bytecompiler/BytecodeGenerator.cpp:
2542         (JSC::BytecodeGenerator::BytecodeGenerator):
2543         * runtime/JSScope.cpp:
2544         (JSC::abstractAccess):
2545
2546 2017-02-28  Michael Saboff  <msaboff@apple.com>
2547
2548         Add ability to configure JSC options from a file
2549         https://bugs.webkit.org/show_bug.cgi?id=168914
2550
2551         Reviewed by Filip Pizlo.
2552
2553         Added the ability to set options and DataLog file location via a configuration file.
2554         The configuration file is specified with the --configFile option to JSC or the
2555         JSC_configFile environment variable.
2556
2557         The file format allows for options conditionally dependent on various attributes.
2558         Currently those attributes are the process name, parent process name and build
2559         type (Release or Debug).  In this patch, the parent process type is not set.
2560         That will be set up in WebKit code with a follow up patch.
2561
2562         Here is an example config file:
2563
2564             logFile = "/tmp/jscLog.%pid.txt"
2565
2566             jscOptions {
2567                 dumpOptions = 2
2568             }
2569
2570             build == "Debug" {
2571                 jscOptions {
2572                     useConcurrentJIT = false
2573                     dumpDisassembly = true
2574                 }
2575             }
2576
2577             build == "Release" && processName == "jsc" {
2578                 jscOptions {
2579                     asyncDisassembly = true
2580                 }
2581             }
2582
2583         Eliminated the prior options file code.
2584
2585         * CMakeLists.txt:
2586         * JavaScriptCore.xcodeproj/project.pbxproj:
2587         * jsc.cpp:
2588         (jscmain):
2589         * runtime/ConfigFile.cpp: Added.
2590         (JSC::ConfigFileScanner::ConfigFileScanner):
2591         (JSC::ConfigFileScanner::start):
2592         (JSC::ConfigFileScanner::lineNumber):
2593         (JSC::ConfigFileScanner::currentBuffer):
2594         (JSC::ConfigFileScanner::atFileEnd):
2595         (JSC::ConfigFileScanner::tryConsume):
2596         (JSC::ConfigFileScanner::tryConsumeString):
2597         (JSC::ConfigFileScanner::tryConsumeUpto):
2598         (JSC::ConfigFileScanner::fillBufferIfNeeded):
2599         (JSC::ConfigFileScanner::fillBuffer):
2600         (JSC::ConfigFile::ConfigFile):
2601         (JSC::ConfigFile::setProcessName):
2602         (JSC::ConfigFile::setParentProcessName):
2603         (JSC::ConfigFile::parse):
2604         * runtime/ConfigFile.h: Added.
2605         * runtime/Options.cpp:
2606         (JSC::Options::initialize):
2607         (JSC::Options::setOptions):
2608         * runtime/Options.h:
2609
2610 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2611
2612         Begin enabling WebRTC on 64-bit
2613         https://bugs.webkit.org/show_bug.cgi?id=168915
2614
2615         Reviewed by Eric Carlson.
2616
2617         * Configurations/FeatureDefines.xcconfig:
2618
2619 2017-02-27  Mark Lam  <mark.lam@apple.com>
2620
2621         Introduce a VM Traps mechanism and refactor Watchdog to use it.
2622         https://bugs.webkit.org/show_bug.cgi?id=168842
2623
2624         Reviewed by Filip Pizlo.
2625
2626         Currently, the traps mechanism is only used for the JSC watchdog, and for
2627         asynchronous termination requests (which is currently only used for worker
2628         threads termination).
2629
2630         This first cut of the traps mechanism still relies on polling from DFG and FTL
2631         code.  This is done to keep the patch as small as possible.  The work to do
2632         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
2633         another patch.
2634
2635         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
2636         flag to enable the traps polling in the DFG and FTL code.  When we have the
2637         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
2638         the VM::m_needAsynchronousTerminationSupport flag.
2639
2640         Note: this patch also separates asynchronous termination support from the JSC
2641         watchdog.  This separation allows us to significantly simplify the locking
2642         requirements in the watchdog code, and make it easier to reason about its
2643         correctness.
2644
2645         * CMakeLists.txt:
2646         * JavaScriptCore.xcodeproj/project.pbxproj:
2647         * bytecode/BytecodeList.json:
2648         * bytecode/BytecodeUseDef.h:
2649         (JSC::computeUsesForBytecodeOffset):
2650         (JSC::computeDefsForBytecodeOffset):
2651         * bytecode/CodeBlock.cpp:
2652         (JSC::CodeBlock::dumpBytecode):
2653         * bytecompiler/BytecodeGenerator.cpp:
2654         (JSC::BytecodeGenerator::BytecodeGenerator):
2655         (JSC::BytecodeGenerator::emitLoopHint):
2656         (JSC::BytecodeGenerator::emitCheckTraps):
2657         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
2658         * bytecompiler/BytecodeGenerator.h:
2659         * dfg/DFGAbstractInterpreterInlines.h:
2660         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2661         * dfg/DFGByteCodeParser.cpp:
2662         (JSC::DFG::ByteCodeParser::parseBlock):
2663         * dfg/DFGCapabilities.cpp:
2664         (JSC::DFG::capabilityLevel):
2665         * dfg/DFGClobberize.h:
2666         (JSC::DFG::clobberize):
2667         * dfg/DFGDoesGC.cpp:
2668         (JSC::DFG::doesGC):
2669         * dfg/DFGFixupPhase.cpp:
2670         (JSC::DFG::FixupPhase::fixupNode):
2671         * dfg/DFGNodeType.h:
2672         * dfg/DFGPredictionPropagationPhase.cpp:
2673         * dfg/DFGSafeToExecute.h:
2674         (JSC::DFG::safeToExecute):
2675         * dfg/DFGSpeculativeJIT.cpp:
2676         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2677         * dfg/DFGSpeculativeJIT.h:
2678         * dfg/DFGSpeculativeJIT32_64.cpp:
2679         (JSC::DFG::SpeculativeJIT::compile):
2680         * dfg/DFGSpeculativeJIT64.cpp:
2681         (JSC::DFG::SpeculativeJIT::compile):
2682         * ftl/FTLCapabilities.cpp:
2683         (JSC::FTL::canCompile):
2684         * ftl/FTLLowerDFGToB3.cpp:
2685         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2686         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2687         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
2688         * interpreter/Interpreter.cpp:
2689         (JSC::Interpreter::executeProgram):
2690         (JSC::Interpreter::executeCall):
2691         (JSC::Interpreter::executeConstruct):
2692         (JSC::Interpreter::execute):
2693         * jit/JIT.cpp:
2694         (JSC::JIT::privateCompileMainPass):
2695         (JSC::JIT::privateCompileSlowCases):
2696         * jit/JIT.h:
2697         * jit/JITOpcodes.cpp:
2698         (JSC::JIT::emit_op_check_traps):
2699         (JSC::JIT::emitSlow_op_check_traps):
2700         (JSC::JIT::emit_op_watchdog): Deleted.
2701         (JSC::JIT::emitSlow_op_watchdog): Deleted.
2702         * jit/JITOperations.cpp:
2703         * jit/JITOperations.h:
2704         * llint/LLIntSlowPaths.cpp:
2705         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2706         * llint/LLIntSlowPaths.h:
2707         * llint/LowLevelInterpreter.asm:
2708         * llint/LowLevelInterpreter32_64.asm:
2709         * llint/LowLevelInterpreter64.asm:
2710         * runtime/VM.cpp:
2711         (JSC::VM::~VM):
2712         (JSC::VM::ensureWatchdog):
2713         (JSC::VM::handleTraps):
2714         * runtime/VM.h:
2715         (JSC::VM::ownerThread):
2716         (JSC::VM::needTrapHandling):
2717         (JSC::VM::needTrapHandlingAddress):
2718         (JSC::VM::notifyNeedTermination):
2719         (JSC::VM::notifyNeedWatchdogCheck):
2720         (JSC::VM::needAsynchronousTerminationSupport):
2721         (JSC::VM::setNeedAsynchronousTerminationSupport):
2722         * runtime/VMInlines.h:
2723         (JSC::VM::shouldTriggerTermination): Deleted.
2724         * runtime/VMTraps.cpp: Added.
2725         (JSC::VMTraps::fireTrap):
2726         (JSC::VMTraps::takeTrap):
2727         * runtime/VMTraps.h: Added.
2728         (JSC::VMTraps::needTrapHandling):
2729         (JSC::VMTraps::needTrapHandlingAddress):
2730         (JSC::VMTraps::hasTrapForEvent):
2731         (JSC::VMTraps::setTrapForEvent):
2732         (JSC::VMTraps::clearTrapForEvent):
2733         * runtime/Watchdog.cpp:
2734         (JSC::Watchdog::Watchdog):
2735         (JSC::Watchdog::setTimeLimit):
2736         (JSC::Watchdog::shouldTerminate):
2737         (JSC::Watchdog::enteredVM):
2738         (JSC::Watchdog::exitedVM):
2739         (JSC::Watchdog::startTimer):
2740         (JSC::Watchdog::stopTimer):
2741         (JSC::Watchdog::willDestroyVM):
2742         (JSC::Watchdog::terminateSoon): Deleted.
2743         (JSC::Watchdog::shouldTerminateSlow): Deleted.
2744         * runtime/Watchdog.h:
2745         (JSC::Watchdog::shouldTerminate): Deleted.
2746         (JSC::Watchdog::timerDidFireAddress): Deleted.
2747
2748 2017-02-27  Commit Queue  <commit-queue@webkit.org>
2749
2750         Unreviewed, rolling out r213019.
2751         https://bugs.webkit.org/show_bug.cgi?id=168925
2752
2753         "It broke 32-bit jsc tests in debug builds" (Requested by
2754         saamyjoon on #webkit).
2755
2756         Reverted changeset:
2757
2758         "op_get_by_id_with_this should use inline caching"
2759         https://bugs.webkit.org/show_bug.cgi?id=162124
2760         http://trac.webkit.org/changeset/213019
2761
2762 2017-02-27  JF Bastien  <jfbastien@apple.com>
2763
2764         WebAssembly: miscellaneous spec fixes part deux
2765         https://bugs.webkit.org/show_bug.cgi?id=168861
2766
2767         Reviewed by Keith Miller.
2768
2769         * wasm/WasmFunctionParser.h: add some FIXME
2770
2771 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2772
2773         [libwebrtc] Enable WebRTC in some Production Builds
2774         https://bugs.webkit.org/show_bug.cgi?id=168858
2775
2776         * Configurations/FeatureDefines.xcconfig:
2777
2778 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
2779
2780         op_get_by_id_with_this should use inline caching
2781         https://bugs.webkit.org/show_bug.cgi?id=162124
2782
2783         Reviewed by Saam Barati.
2784
2785         This patch is enabling inline cache for op_get_by_id_with_this in all
2786         tiers. It means that operations using ```super.member``` are going to
2787         be able to be optimized by PIC. To enable it, we introduced a new
2788         member of StructureStubInfo.patch named thisGPR, created a new class
2789         to manage the IC named JITGetByIdWithThisGenerator and changed
2790         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
2791         to decide the correct this value on inline caches.
2792         With inline cached enabled, ```super.member``` are ~4.5x faster,
2793         according microbenchmarks.
2794
2795         * bytecode/AccessCase.cpp:
2796         (JSC::AccessCase::generateImpl):
2797         * bytecode/PolymorphicAccess.cpp:
2798         (JSC::PolymorphicAccess::regenerate):
2799         * bytecode/PolymorphicAccess.h:
2800         * bytecode/StructureStubInfo.cpp:
2801         (JSC::StructureStubInfo::reset):
2802         * bytecode/StructureStubInfo.h:
2803         * dfg/DFGFixupPhase.cpp:
2804         (JSC::DFG::FixupPhase::fixupNode):
2805         * dfg/DFGJITCompiler.cpp:
2806         (JSC::DFG::JITCompiler::link):
2807         * dfg/DFGJITCompiler.h:
2808         (JSC::DFG::JITCompiler::addGetByIdWithThis):
2809         * dfg/DFGSpeculativeJIT.cpp:
2810         (JSC::DFG::SpeculativeJIT::compileIn):
2811         * dfg/DFGSpeculativeJIT.h:
2812         (JSC::DFG::SpeculativeJIT::callOperation):
2813         * dfg/DFGSpeculativeJIT32_64.cpp:
2814         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2815         (JSC::DFG::SpeculativeJIT::compile):
2816         * dfg/DFGSpeculativeJIT64.cpp:
2817         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2818         (JSC::DFG::SpeculativeJIT::compile):
2819         * ftl/FTLLowerDFGToB3.cpp:
2820         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
2821         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
2822         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
2823         * jit/CCallHelpers.h:
2824         (JSC::CCallHelpers::setupArgumentsWithExecState):
2825         * jit/ICStats.h:
2826         * jit/JIT.cpp:
2827         (JSC::JIT::JIT):
2828         (JSC::JIT::privateCompileSlowCases):
2829         (JSC::JIT::link):
2830         * jit/JIT.h:
2831         * jit/JITInlineCacheGenerator.cpp:
2832         (JSC::JITByIdGenerator::JITByIdGenerator):
2833         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2834         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
2835         * jit/JITInlineCacheGenerator.h:
2836         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2837         * jit/JITInlines.h:
2838         (JSC::JIT::callOperation):
2839         * jit/JITOperations.cpp:
2840         * jit/JITOperations.h:
2841         * jit/JITPropertyAccess.cpp:
2842         (JSC::JIT::emit_op_get_by_id_with_this):
2843         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2844         * jit/JITPropertyAccess32_64.cpp:
2845         (JSC::JIT::emit_op_get_by_id_with_this):
2846         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2847         * jit/Repatch.cpp:
2848         (JSC::appropriateOptimizingGetByIdFunction):
2849         (JSC::appropriateGenericGetByIdFunction):
2850         (JSC::tryCacheGetByID):
2851         * jit/Repatch.h:
2852         * jsc.cpp:
2853         (WTF::CustomGetter::getOwnPropertySlot):
2854         (WTF::CustomGetter::customGetterAcessor):
2855
2856 2017-02-24  JF Bastien  <jfbastien@apple.com>
2857
2858         WebAssembly: miscellaneous spec fixes
2859         https://bugs.webkit.org/show_bug.cgi?id=168822
2860
2861         Reviewed by Saam Barati.
2862
2863         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
2864         * wasm/WasmSections.h:
2865         (JSC::Wasm::validateOrder):
2866         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
2867         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2868         (JSC::constructJSWebAssemblyInstance): disallow i64 import
2869         * wasm/js/WebAssemblyModuleRecord.cpp:
2870         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
2871         (JSC::WebAssemblyModuleRecord::evaluate):
2872
2873 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
2874
2875         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
2876         https://bugs.webkit.org/show_bug.cgi?id=168833
2877
2878         Reviewed by Saam Barati.
2879         
2880         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
2881         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
2882         approach that if something is not specific to Air, then it should be in the B3
2883         namespace.
2884         
2885         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
2886         
2887         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
2888         was never really a type. Its purpose was always to identify register banks, and we use
2889         this enum when the thing we care about is whether the value is most appropriate for
2890         GPRs or FPRs.
2891         
2892         I kept both as non-enum classes because I think that we've learned that terse compiler
2893         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
2894         argument is even stronger, since you cannot say Width::8 but you can say Width8.
2895
2896         * CMakeLists.txt:
2897         * JavaScriptCore.xcodeproj/project.pbxproj:
2898         * b3/B3Bank.cpp: Added.
2899         (WTF::printInternal):
2900         * b3/B3Bank.h: Added.
2901         (JSC::B3::forEachBank):
2902         (JSC::B3::bankForType):
2903         * b3/B3CheckSpecial.cpp:
2904         (JSC::B3::CheckSpecial::forEachArg):
2905         * b3/B3LegalizeMemoryOffsets.cpp:
2906         * b3/B3LowerToAir.cpp:
2907         (JSC::B3::Air::LowerToAir::run):
2908         (JSC::B3::Air::LowerToAir::tmp):
2909         (JSC::B3::Air::LowerToAir::scaleForShl):
2910         (JSC::B3::Air::LowerToAir::effectiveAddr):
2911         (JSC::B3::Air::LowerToAir::addr):
2912         (JSC::B3::Air::LowerToAir::createGenericCompare):
2913         (JSC::B3::Air::LowerToAir::createBranch):
2914         (JSC::B3::Air::LowerToAir::createCompare):
2915         (JSC::B3::Air::LowerToAir::createSelect):
2916         (JSC::B3::Air::LowerToAir::lower):
2917         * b3/B3MemoryValue.cpp:
2918         (JSC::B3::MemoryValue::accessWidth):
2919         * b3/B3MemoryValue.h:
2920         * b3/B3MoveConstants.cpp:
2921         * b3/B3PatchpointSpecial.cpp:
2922         (JSC::B3::PatchpointSpecial::forEachArg):
2923         * b3/B3StackmapSpecial.cpp:
2924         (JSC::B3::StackmapSpecial::forEachArgImpl):
2925         * b3/B3Value.h:
2926         * b3/B3Variable.h:
2927         (JSC::B3::Variable::width):
2928         (JSC::B3::Variable::bank):
2929         * b3/B3WasmAddressValue.h:
2930         * b3/B3Width.cpp: Added.
2931         (WTF::printInternal):
2932         * b3/B3Width.h: Added.
2933         (JSC::B3::pointerWidth):
2934         (JSC::B3::widthForType):
2935         (JSC::B3::conservativeWidth):
2936         (JSC::B3::minimumWidth):
2937         (JSC::B3::bytes):
2938         (JSC::B3::widthForBytes):
2939         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
2940         * b3/air/AirAllocateStack.cpp:
2941         (JSC::B3::Air::allocateStack):
2942         * b3/air/AirArg.cpp:
2943         (JSC::B3::Air::Arg::canRepresent):
2944         (JSC::B3::Air::Arg::isCompatibleBank):
2945         (JSC::B3::Air::Arg::isCompatibleType): Deleted.
2946         * b3/air/AirArg.h:
2947         (JSC::B3::Air::Arg::hasBank):
2948         (JSC::B3::Air::Arg::bank):
2949         (JSC::B3::Air::Arg::isBank):
2950         (JSC::B3::Air::Arg::forEachTmp):
2951         (JSC::B3::Air::Arg::forEachType): Deleted.
2952         (JSC::B3::Air::Arg::pointerWidth): Deleted.
2953         (JSC::B3::Air::Arg::typeForB3Type): Deleted.
2954         (JSC::B3::Air::Arg::widthForB3Type): Deleted.
2955         (JSC::B3::Air::Arg::conservativeWidth): Deleted.
2956         (JSC::B3::Air::Arg::minimumWidth): Deleted.
2957         (JSC::B3::Air::Arg::bytes): Deleted.
2958         (JSC::B3::Air::Arg::widthForBytes): Deleted.
2959         (JSC::B3::Air::Arg::hasType): Deleted.
2960         (JSC::B3::Air::Arg::type): Deleted.
2961         (JSC::B3::Air::Arg::isType): Deleted.
2962         * b3/air/AirArgInlines.h:
2963         (JSC::B3::Air::ArgThingHelper<Tmp>::forEach):
2964         (JSC::B3::Air::ArgThingHelper<Arg>::forEach):
2965         (JSC::B3::Air::ArgThingHelper<Reg>::forEach):
2966         (JSC::B3::Air::Arg::forEach):
2967         * b3/air/AirCCallSpecial.cpp:
2968         (JSC::B3::Air::CCallSpecial::forEachArg):
2969         * b3/air/AirCCallingConvention.cpp:
2970         * b3/air/AirCode.cpp:
2971         (JSC::B3::Air::Code::Code):
2972         (JSC::B3::Air::Code::setRegsInPriorityOrder):
2973         (JSC::B3::Air::Code::pinRegister):
2974         * b3/air/AirCode.h:
2975         (JSC::B3::Air::Code::regsInPriorityOrder):
2976         (JSC::B3::Air::Code::newTmp):
2977         (JSC::B3::Air::Code::numTmps):
2978         (JSC::B3::Air::Code::regsInPriorityOrderImpl):
2979         * b3/air/AirCustom.cpp:
2980         (JSC::B3::Air::PatchCustom::isValidForm):
2981         (JSC::B3::Air::ShuffleCustom::isValidForm):
2982         * b3/air/AirCustom.h:
2983         (JSC::B3::Air::PatchCustom::forEachArg):
2984         (JSC::B3::Air::CCallCustom::forEachArg):
2985         (JSC::B3::Air::ColdCCallCustom::forEachArg):
2986         (JSC::B3::Air::ShuffleCustom::forEachArg):
2987         (JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
2988         * b3/air/AirDumpAsJS.cpp:
2989         (JSC::B3::Air::dumpAsJS):
2990         * b3/air/AirEliminateDeadCode.cpp:
2991         (JSC::B3::Air::eliminateDeadCode):
2992         * b3/air/AirEmitShuffle.cpp:
2993         (JSC::B3::Air::emitShuffle):
2994         * b3/air/AirEmitShuffle.h:
2995         (JSC::B3::Air::ShufflePair::ShufflePair):
2996         (JSC::B3::Air::ShufflePair::width):
2997         * b3/air/AirFixObviousSpills.cpp:
2998         * b3/air/AirFixPartialRegisterStalls.cpp:
2999         (JSC::B3::Air::fixPartialRegisterStalls):
3000         * b3/air/AirInst.cpp:
3001         (JSC::B3::Air::Inst::hasArgEffects):
3002         * b3/air/AirInst.h:
3003         (JSC::B3::Air::Inst::forEachTmp):
3004         * b3/air/AirInstInlines.h:
3005         (JSC::B3::Air::Inst::forEach):
3006         (JSC::B3::Air::Inst::forEachDef):
3007         (JSC::B3::Air::Inst::forEachDefWithExtraClobberedRegs):
3008         * b3/air/AirLiveness.h:
3009         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
3010         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
3011         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
3012         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
3013         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
3014         (JSC::B3::Air::RegLivenessAdapter::acceptsBank):
3015         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
3016         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
3017         (JSC::B3::Air::TmpLivenessAdapter::acceptsType): Deleted.
3018         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsType): Deleted.
3019         (JSC::B3::Air::RegLivenessAdapter::acceptsType): Deleted.
3020         * b3/air/AirLogRegisterPressure.cpp:
3021         (JSC::B3::Air::logRegisterPressure):
3022         * b3/air/AirLowerAfterRegAlloc.cpp:
3023         (JSC::B3::Air::lowerAfterRegAlloc):
3024         * b3/air/AirLowerMacros.cpp:
3025         (JSC::B3::Air::lowerMacros):
3026         * b3/air/AirPadInterference.cpp:
3027         (JSC::B3::Air::padInterference):
3028         * b3/air/AirReportUsedRegisters.cpp:
3029         (JSC::B3::Air::reportUsedRegisters):
3030         * b3/air/AirSpillEverything.cpp:
3031         (JSC::B3::Air::spillEverything):
3032         * b3/air/AirTmpInlines.h:
3033         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex): Deleted.
3034         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::lastMachineRegisterIndex): Deleted.
3035         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
3036         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex): Deleted.
3037         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::lastMachineRegisterIndex): Deleted.
3038         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
3039         * b3/air/AirTmpWidth.cpp:
3040         (JSC::B3::Air::TmpWidth::recompute):
3041         * b3/air/AirTmpWidth.h:
3042         (JSC::B3::Air::TmpWidth::width):
3043         (JSC::B3::Air::TmpWidth::requiredWidth):
3044         (JSC::B3::Air::TmpWidth::defWidth):
3045         (JSC::B3::Air::TmpWidth::useWidth):
3046         (JSC::B3::Air::TmpWidth::Widths::Widths):
3047         * b3/air/AirUseCounts.h:
3048         (JSC::B3::Air::UseCounts::UseCounts):
3049         * b3/air/AirValidate.cpp:
3050         * b3/air/opcode_generator.rb:
3051         * b3/air/testair.cpp:
3052         (JSC::B3::Air::compile): Deleted.
3053         (JSC::B3::Air::invoke): Deleted.
3054         (JSC::B3::Air::compileAndRun): Deleted.
3055         (JSC::B3::Air::testSimple): Deleted.
3056         (JSC::B3::Air::loadConstantImpl): Deleted.
3057         (JSC::B3::Air::loadConstant): Deleted.
3058         (JSC::B3::Air::loadDoubleConstant): Deleted.
3059         (JSC::B3::Air::testShuffleSimpleSwap): Deleted.
3060         (JSC::B3::Air::testShuffleSimpleShift): Deleted.
3061         (JSC::B3::Air::testShuffleLongShift): Deleted.
3062         (JSC::B3::Air::testShuffleLongShiftBackwards): Deleted.
3063         (JSC::B3::Air::testShuffleSimpleRotate): Deleted.
3064         (JSC::B3::Air::testShuffleSimpleBroadcast): Deleted.
3065         (JSC::B3::Air::testShuffleBroadcastAllRegs): Deleted.
3066         (JSC::B3::Air::testShuffleTreeShift): Deleted.
3067         (JSC::B3::Air::testShuffleTreeShiftBackward): Deleted.
3068         (JSC::B3::Air::testShuffleTreeShiftOtherBackward): Deleted.
3069         (JSC::B3::Air::testShuffleMultipleShifts): Deleted.
3070         (JSC::B3::Air::testShuffleRotateWithFringe): Deleted.
3071         (JSC::B3::Air::testShuffleRotateWithFringeInWeirdOrder): Deleted.
3072         (JSC::B3::Air::testShuffleRotateWithLongFringe): Deleted.
3073         (JSC::B3::Air::testShuffleMultipleRotates): Deleted.
3074         (JSC::B3::Air::testShuffleShiftAndRotate): Deleted.
3075         (JSC::B3::Air::testShuffleShiftAllRegs): Deleted.
3076         (JSC::B3::Air::testShuffleRotateAllRegs): Deleted.
3077         (JSC::B3::Air::testShuffleSimpleSwap64): Deleted.
3078         (JSC::B3::Air::testShuffleSimpleShift64): Deleted.
3079         (JSC::B3::Air::testShuffleSwapMixedWidth): Deleted.
3080         (JSC::B3::Air::testShuffleShiftMixedWidth): Deleted.
3081         (JSC::B3::Air::testShuffleShiftMemory): Deleted.
3082         (JSC::B3::Air::testShuffleShiftMemoryLong): Deleted.
3083         (JSC::B3::Air::testShuffleShiftMemoryAllRegs): Deleted.
3084         (JSC::B3::Air::testShuffleShiftMemoryAllRegs64): Deleted.
3085         (JSC::B3::Air::combineHiLo): Deleted.
3086         (JSC::B3::Air::testShuffleShiftMemoryAllRegsMixedWidth): Deleted.
3087         (JSC::B3::Air::testShuffleRotateMemory): Deleted.
3088         (JSC::B3::Air::testShuffleRotateMemory64): Deleted.
3089         (JSC::B3::Air::testShuffleRotateMemoryMixedWidth): Deleted.
3090         (JSC::B3::Air::testShuffleRotateMemoryAllRegs64): Deleted.
3091         (JSC::B3::Air::testShuffleRotateMemoryAllRegsMixedWidth): Deleted.
3092         (JSC::B3::Air::testShuffleSwapDouble): Deleted.
3093         (JSC::B3::Air::testShuffleShiftDouble): Deleted.
3094         (JSC::B3::Air::testX86VMULSD): Deleted.
3095         (JSC::B3::Air::testX86VMULSDDestRex): Deleted.
3096         (JSC::B3::Air::testX86VMULSDOp1DestRex): Deleted.
3097         (JSC::B3::Air::testX86VMULSDOp2DestRex): Deleted.
3098         (JSC::B3::Air::testX86VMULSDOpsDestRex): Deleted.
3099         (JSC::B3::Air::testX86VMULSDAddr): Deleted.
3100         (JSC::B3::Air::testX86VMULSDAddrOpRexAddr): Deleted.
3101         (JSC::B3::Air::testX86VMULSDDestRexAddr): Deleted.
3102         (JSC::B3::Air::testX86VMULSDRegOpDestRexAddr): Deleted.
3103         (JSC::B3::Air::testX86VMULSDAddrOpDestRexAddr): Deleted.
3104         (JSC::B3::Air::testX86VMULSDBaseNeedsRex): Deleted.
3105         (JSC::B3::Air::testX86VMULSDIndexNeedsRex): Deleted.
3106         (JSC::B3::Air::testX86VMULSDBaseIndexNeedRex): Deleted.
3107         (JSC::B3::Air::run): Deleted.
3108
3109 2017-02-24  Keith Miller  <keith_miller@apple.com>
3110
3111         We should be able to use std::tuples as keys in HashMap
3112         https://bugs.webkit.org/show_bug.cgi?id=168805
3113
3114         Reviewed by Filip Pizlo.
3115
3116         Convert the mess of std::pairs we used as the keys in PrototypeMap
3117         to a std::tuple. I also plan on using this for a HashMap in wasm.
3118
3119         * JavaScriptCore.xcodeproj/project.pbxproj:
3120         * runtime/PrototypeMap.cpp:
3121         (JSC::PrototypeMap::createEmptyStructure):
3122         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
3123         * runtime/PrototypeMap.h:
3124
3125 2017-02-24  Saam Barati  <sbarati@apple.com>
3126
3127         Unreviewed. Remove inaccurate copy-paste comment from r212939.
3128
3129         * dfg/DFGOperations.cpp:
3130
3131 2017-02-23  Saam Barati  <sbarati@apple.com>
3132
3133         Intrinsicify parseInt
3134         https://bugs.webkit.org/show_bug.cgi?id=168627
3135
3136         Reviewed by Filip Pizlo.
3137
3138         This patch makes parseInt an intrinsic in the DFG and FTL.
3139         We do our best to eliminate this node. If we speculate that
3140         the first operand to the operation is an int32, and that there
3141         isn't a second operand, we convert to the identity of the first
3142         operand. That's because parseInt(someInt) === someInt.
3143         
3144         If the first operand is proven to be an integer, and the second
3145         operand is the integer 0 or the integer 10, we can eliminate the
3146         node by making it an identity over its first operand. That's
3147         because parseInt(someInt, 0) === someInt and parseInt(someInt, 10) === someInt.
3148         
3149         If we are not able to constant fold the node away, we try to remove
3150         checks. The most common use case of parseInt is that its first operand
3151         is a proven string. The DFG might be able to remove type checks in this
3152         case. We also set up CSE rules for parseInt(someString, someIntRadix)
3153         because it's a "pure" operation (modulo resolving a rope).
3154
3155         This looks to be a 4% Octane/Box2D progression.
3156
3157         * dfg/DFGAbstractInterpreterInlines.h:
3158         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3159         * dfg/DFGByteCodeParser.cpp:
3160         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3161         * dfg/DFGClobberize.h:
3162         (JSC::DFG::clobberize):
3163         * dfg/DFGConstantFoldingPhase.cpp:
3164         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3165         * dfg/DFGDoesGC.cpp:
3166         (JSC::DFG::doesGC):
3167         * dfg/DFGFixupPhase.cpp:
3168         (JSC::DFG::FixupPhase::fixupNode):
3169         * dfg/DFGNode.h:
3170         (JSC::DFG::Node::hasHeapPrediction):
3171         * dfg/DFGNodeType.h:
3172         * dfg/DFGOperations.cpp:
3173         (JSC::DFG::parseIntResult):
3174         * dfg/DFGOperations.h:
3175         * dfg/DFGPredictionPropagationPhase.cpp:
3176         * dfg/DFGSafeToExecute.h:
3177         (JSC::DFG::safeToExecute):
3178         * dfg/DFGSpeculativeJIT.cpp:
3179         (JSC::DFG::SpeculativeJIT::compileParseInt):
3180         * dfg/DFGSpeculativeJIT.h:
3181         (JSC::DFG::SpeculativeJIT::callOperation):
3182         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
3183         * dfg/DFGSpeculativeJIT32_64.cpp:
3184         (JSC::DFG::SpeculativeJIT::compile):
3185         * dfg/DFGSpeculativeJIT64.cpp:
3186         (JSC::DFG::SpeculativeJIT::compile):
3187         * ftl/FTLCapabilities.cpp:
3188         (JSC::FTL::canCompile):
3189         * ftl/FTLLowerDFGToB3.cpp:
3190         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3191         (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
3192         * jit/JITOperations.h:
3193         * parser/Lexer.cpp:
3194         * runtime/ErrorInstance.cpp:
3195         * runtime/Intrinsic.h:
3196         * runtime/JSGlobalObject.cpp:
3197         (JSC::JSGlobalObject::init):
3198         * runtime/JSGlobalObjectFunctions.cpp:
3199         (JSC::toStringView): Deleted.
3200         (JSC::isStrWhiteSpace): Deleted.
3201         (JSC::parseDigit): Deleted.
3202         (JSC::parseIntOverflow): Deleted.
3203         (JSC::parseInt): Deleted.
3204         * runtime/JSGlobalObjectFunctions.h:
3205         * runtime/ParseInt.h: Added.
3206         (JSC::parseDigit):
3207         (JSC::parseIntOverflow):
3208         (JSC::isStrWhiteSpace):
3209         (JSC::parseInt):
3210         (JSC::toStringView):
3211         * runtime/StringPrototype.cpp:
3212
3213 2017-02-23  JF Bastien  <jfbastien@apple.com>
3214
3215         WebAssembly: support 0x1 version
3216         https://bugs.webkit.org/show_bug.cgi?id=168672
3217
3218         Reviewed by Keith Miller.
3219
3220         * wasm/wasm.json: update the version number, everything is based
3221         on its value
3222
3223 2017-02-23  Saam Barati  <sbarati@apple.com>
3224
3225         Make Briggs fixpoint validation run only with validateGraphAtEachPhase
3226         https://bugs.webkit.org/show_bug.cgi?id=168795
3227
3228         Rubber stamped by Keith Miller.
3229
3230         The Briggs allocator was running intensive validation
3231         on each step of the fixpoint. Instead, it now will just
3232         do it when shouldValidateIRAtEachPhase() is true because
3233         doing this for all !ASSERT_DISABLED builds takes too long.
3234
3235         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3236
3237 2017-02-23  Filip Pizlo  <fpizlo@apple.com>
3238
3239         SpeculativeJIT::compilePutByValForIntTypedArray should only do the constant-folding optimization when the constant passes the type check
3240         https://bugs.webkit.org/show_bug.cgi?id=168787
3241
3242         Reviewed by Michael Saboff and Mark Lam.
3243
3244         * dfg/DFGSpeculativeJIT.cpp:
3245         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3246
3247 2017-02-23  Mark Lam  <mark.lam@apple.com>
3248
3249         Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
3250         https://bugs.webkit.org/show_bug.cgi?id=168786
3251
3252         Reviewed by Filip Pizlo.
3253
3254         In practice, we will always have multiple instructions after invalidation points,
3255         and have enough room in the JIT buffer for the invalidation point to work with.
3256         However, as a precaution, we can guarantee that there's enough room by always
3257         emitting a label just before we link the buffer.  The label will emit nop padding
3258         if needed.
3259
3260         * assembler/LinkBuffer.cpp:
3261         (JSC::LinkBuffer::linkCode):
3262
3263 2017-02-23  Keith Miller  <keith_miller@apple.com>
3264
3265         Unreviewed, fix the cloop build. Needed a #if.
3266
3267         * jit/ExecutableAllocator.cpp:
3268
3269 2017-02-22  Carlos Garcia Campos  <cgarcia@igalia.com>
3270
3271         Better handle Thread and RunLoop initialization
3272         https://bugs.webkit.org/show_bug.cgi?id=167828
3273
3274         Reviewed by Yusuke Suzuki.
3275
3276         * runtime/InitializeThreading.cpp:
3277         (JSC::initializeThreading): Do not initialize double_conversion, that is already initialized by WTF, and GC
3278         threads that will be initialized by WTF main thread when needed.
3279
3280 2017-02-22  JF Bastien  <jfbastien@apple.com>
3281
3282         WebAssembly: clear out insignificant i32 bits when calling JavaScript
3283         https://bugs.webkit.org/show_bug.cgi?id=166677
3284
3285         Reviewed by Keith Miller.
3286
3287         When WebAssembly calls JavaScript it needs to clear out the
3288         insignificant bits of int32 values:
3289
3290           +------------------- tag
3291           |  +---------------- insignificant
3292           |  |   +------------ 32-bit integer value
3293           |  |   |
3294           |--|---|-------|
3295         0xffff0000ffffffff
3296
3297         At least some JavaScript code assumes that these bits are all
3298         zero. In the wasm-to-wasm.js example we store a 64-bit value in an
3299         object with lo / hi fields, each containing 32-bit integers. We
3300         then load these back, and the baseline compiler fails its
3301         comparison because it first checks the value are the same type
3302         (yes, because the int32 tag is set in both), and then whether they
3303         have the same value (no, because comparing the two registers
3304         fails). We could argue that the baseline compiler is wrong for
3305         performing a 64-bit comparison, but it doesn't really matter
3306         because there's not much of a point in breaking that invariant for
3307         WebAssembly's sake.
3308
3309         * wasm/WasmBinding.cpp:
3310         (JSC::Wasm::wasmToJs):
3311
3312 2017-02-22  Keith Miller  <keith_miller@apple.com>
3313
3314         Remove the demand executable allocator
3315         https://bugs.webkit.org/show_bug.cgi?id=168754
3316
3317         Reviewed by Saam Barati.
3318
3319         We currently only use the demand executable allocator for non-iOS 32-bit platforms.
3320         Benchmark results on a MBP indicate there is no appreciable performance difference
3321         between a the fixed and demand allocators. In a future patch I will go back through
3322         this code and remove more of the abstractions.
3323
3324         * JavaScriptCore.xcodeproj/project.pbxproj:
3325         * jit/ExecutableAllocator.cpp:
3326         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
3327         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
3328         (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
3329         (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
3330         (JSC::ExecutableAllocator::initializeAllocator):
3331         (JSC::ExecutableAllocator::ExecutableAllocator):
3332         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
3333         (JSC::ExecutableAllocator::isValid):
3334         (JSC::ExecutableAllocator::underMemoryPressure):
3335         (JSC::ExecutableAllocator::memoryPressureMultiplier):
3336         (JSC::ExecutableAllocator::allocate):
3337         (JSC::ExecutableAllocator::isValidExecutableMemory):
3338         (JSC::ExecutableAllocator::getLock):
3339         (JSC::ExecutableAllocator::committedByteCount):
3340         (JSC::ExecutableAllocator::dumpProfile):
3341         (JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
3342         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
3343         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
3344         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
3345         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
3346         (JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
3347         (JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
3348         (JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
3349         (JSC::DemandExecutableAllocator::allocators): Deleted.
3350         (JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
3351         * jit/ExecutableAllocator.h:
3352         * jit/ExecutableAllocatorFixedVMPool.cpp: Removed.
3353         * jit/JITStubRoutine.h:
3354         (JSC::JITStubRoutine::canPerformRangeFilter):
3355         (JSC::JITStubRoutine::filteringStartAddress):
3356         (JSC::JITStubRoutine::filteringExtentSize):
3357
3358 2017-02-22  Saam Barati  <sbarati@apple.com>
3359
3360         Add biased coloring to Briggs and IRC
3361         https://bugs.webkit.org/show_bug.cgi?id=168611
3362
3363         Reviewed by Filip Pizlo.
3364
3365         This patch implements biased coloring as proposed by Briggs. See section
3366         5.3.3 of his thesis for more information: http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
3367
3368         The main idea of biased coloring is this:
3369         We try to coalesce a move between u and v, but the conservative heuristic
3370         fails. We don't want coalesce the move because we don't want to risk
3371         creating an uncolorable graph. However, if the conservative heuristic fails,
3372         it's not proof that the graph is uncolorable if the move were indeed coalesced.
3373         So, when we go to color the tmps, we'll remember that we really want the
3374         same register for u and v, and if legal during coloring, we will
3375         assign them to the same register.
3376
3377         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3378
3379 2017-02-22  Yusuke Suzuki  <utatane.tea@gmail.com>
3380
3381         JSModuleNamespace object should have IC
3382         https://bugs.webkit.org/show_bug.cgi?id=160590
3383
3384         Reviewed by Saam Barati.
3385
3386         This patch optimizes accesses to module namespace objects.
3387
3388         1. Cache the resolutions for module namespace objects.
3389
3390             When constructing the module namespace object, we already resolves all the exports.
3391             The module namespace object caches this result and leverage it in the later access in
3392             getOwnPropertySlot. This avoids resolving bindings through resolveExport.
3393
3394         2. Introduce ModuleNamespaceLoad IC.
3395
3396             This patch adds new IC for module namespace objects. The mechanism is simple, getOwnPropertySlot
3397             tells us about module namespace object resolution. The IC first checks whether the given object
3398             is an expected module namespace object. If this check succeeds, we load the value from the module
3399             environment.
3400
3401         3. Introduce DFG/FTL optimization.
3402
3403             After exploiting module namespace object accesses in (2), DFG can recognize this in ByteCodeParser.
3404             DFG will convert it to CheckCell with the namespace object and GetClosureVar from the cached environment.
3405             At that time, we have a chance to fold it to the constant.
3406
3407         This optimization improves the performance of accessing to module namespace objects.
3408
3409         Before
3410             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-namespace.js
3411             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.43s user 0.03s system 101% cpu 0.451 total
3412             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-binding.js
3413             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.08s user 0.02s system 103% cpu 0.104 total
3414
3415         After
3416             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-namespace.js
3417             ../../WebKitBuild/module-ic/Release/bin/jsc -m   0.11s user 0.01s system 106% cpu 0.109 total
3418             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.js
3419             ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.j  0.08s user 0.02s system 102% cpu 0.105 total
3420
3421         * CMakeLists.txt:
3422         * JavaScriptCore.xcodeproj/project.pbxproj:
3423         * bytecode/AccessCase.cpp:
3424         (JSC::AccessCase::create):
3425         (JSC::AccessCase::guardedByStructureCheck):
3426         (JSC::AccessCase::canReplace):
3427         (JSC::AccessCase::visitWeak):
3428         (JSC::AccessCase::generateWithGuard):
3429         (JSC::AccessCase::generateImpl):
3430         * bytecode/AccessCase.h:
3431         * bytecode/GetByIdStatus.cpp:
3432         (JSC::GetByIdStatus::GetByIdStatus):
3433         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
3434         (JSC::GetByIdStatus::makesCalls):
3435         (JSC::GetByIdStatus::dump):
3436         * bytecode/GetByIdStatus.h:
3437         (JSC::GetByIdStatus::isModuleNamespace):
3438         (JSC::GetByIdStatus::takesSlowPath):
3439         (JSC::GetByIdStatus::moduleNamespaceObject):
3440         (JSC::GetByIdStatus::moduleEnvironment):
3441         (JSC::GetByIdStatus::scopeOffset):
3442         * bytecode/ModuleNamespaceAccessCase.cpp: Added.
3443         (JSC::ModuleNamespaceAccessCase::ModuleNamespaceAccessCase):
3444         (JSC::ModuleNamespaceAccessCase::create):
3445         (JSC::ModuleNamespaceAccessCase::~ModuleNamespaceAccessCase):
3446         (JSC::ModuleNamespaceAccessCase::clone):
3447         (JSC::ModuleNamespaceAccessCase::emit):
3448         * bytecode/ModuleNamespaceAccessCase.h: Added.
3449         (JSC::ModuleNamespaceAccessCase::moduleNamespaceObject):
3450         (JSC::ModuleNamespaceAccessCase::moduleEnvironment):
3451         (JSC::ModuleNamespaceAccessCase::scopeOffset):
3452         * bytecode/PolymorphicAccess.cpp:
3453         (WTF::printInternal):
3454         * dfg/DFGByteCodeParser.cpp:
3455         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
3456         (JSC::DFG::ByteCodeParser::handleGetById):
3457         * jit/AssemblyHelpers.h:
3458         (JSC::AssemblyHelpers::loadValue):
3459         * jit/Repatch.cpp:
3460         (JSC::tryCacheGetByID):
3461         * runtime/AbstractModuleRecord.cpp:
3462         (JSC::AbstractModuleRecord::getModuleNamespace):
3463         * runtime/JSModuleNamespaceObject.cpp:
3464         (JSC::JSModuleNamespaceObject::finishCreation):
3465         (JSC::JSModuleNamespaceObject::visitChildren):
3466         (JSC::getValue):
3467         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
3468         (JSC::JSModuleNamespaceObject::getOwnPropertyNames):
3469         * runtime/JSModuleNamespaceObject.h:
3470         (JSC::isJSModuleNamespaceObject):
3471         (JSC::JSModuleNamespaceObject::create): Deleted.
3472         (JSC::JSModuleNamespaceObject::createStructure): Deleted.
3473         (JSC::JSModuleNamespaceObject::moduleRecord): Deleted.
3474         * runtime/JSModuleRecord.h:
3475         (JSC::JSModuleRecord::moduleEnvironment): Deleted.
3476         * runtime/PropertySlot.h:
3477         (JSC::PropertySlot::PropertySlot):
3478         (JSC::PropertySlot::domJIT):
3479         (JSC::PropertySlot::moduleNamespaceSlot):
3480         (JSC::PropertySlot::setValueModuleNamespace):
3481         (JSC::PropertySlot::setCacheableCustom):
3482
3483 2017-02-22  Saam Barati  <sbarati@apple.com>
3484
3485         Unreviewed. Rename AirGraphColoring.* files to AirAllocateRegistersByGraphColoring.* to be more consistent with the rest of the Air file names.
3486
3487         * CMakeLists.txt:
3488         * JavaScriptCore.xcodeproj/project.pbxproj:
3489         * b3/air/AirAllocateRegistersByGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.cpp.
3490         * b3/air/AirAllocateRegistersByGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.h.
3491         * b3/air/AirGenerate.cpp:
3492         * b3/air/AirGraphColoring.cpp: Removed.
3493         * b3/air/AirGraphColoring.h: Removed.
3494
3495 2017-02-21  Youenn Fablet  <youenn@apple.com>
3496
3497         [WebRTC][Mac] Activate libwebrtc
3498         https://bugs.webkit.org/show_bug.cgi?id=167293
3499         <rdar://problem/30401864>
3500
3501         Reviewed by Alex Christensen.
3502
3503         * Configurations/FeatureDefines.xcconfig:
3504
3505 2017-02-21  Saam Barati  <sbarati@apple.com>
3506
3507         Add the Briggs optimistic allocator to run on ARM64
3508         https://bugs.webkit.org/show_bug.cgi?id=168454
3509
3510         Reviewed by Filip Pizlo.
3511
3512         This patch adds the Briggs allocator to Air:
3513         http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
3514         It uses it by default on ARM64. I was measuring an 8-10% speedup
3515         in the phase because of this. I also wasn't able to detect a slowdown 
3516         for generated code on ARM64. There are still a few things we can do
3517         to speed things up even further. Moving the interference graph into
3518         a BitVector was another 10-20% speedup. We should consider doing this
3519         in a follow up patch. This is especially important now, since making
3520         register allocation faster has a direct impact on startup time for
3521         Wasm modules.
3522         
3523         I abstracted away the common bits between Briggs and IRC, and moved
3524         them into a common super class. In a follow up to this patch, I plan
3525         on implementing biased coloring for both Briggs and IRC (this is
3526         described in Briggs's thesis). I was able to detect a 1% slowdown
3527         with Briggs on Octane for x86-64. This is because the register file
3528         for x86-64 is smaller than ARM64. When I implemented biased coloring,
3529         I was no longer able to detect this slowdown. I still think it's a
3530         sensible plan to run Briggs on ARM64 and IRC on x86-64.
3531
3532         * CMakeLists.txt:
3533         * JavaScriptCore.xcodeproj/project.pbxproj:
3534         * b3/air/AirGenerate.cpp:
3535         (JSC::B3::Air::prepareForGeneration):
3536         * b3/air/AirGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp.
3537         (JSC::B3::Air::allocateRegistersByGraphColoring):
3538         (JSC::B3::Air::iteratedRegisterCoalescing): Deleted.
3539         * b3/air/AirGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.h.
3540         * b3/air/AirIteratedRegisterCoalescing.cpp: Removed.
3541         * b3/air/AirIteratedRegisterCoalescing.h: Removed.
3542         * runtime/Options.h:
3543
3544 2017-02-21  Mark Lam  <mark.lam@apple.com>
3545
3546         Add more missing exception checks detected by running marathon.js.
3547         https://bugs.webkit.org/show_bug.cgi?id=168697
3548
3549         Reviewed by Saam Barati.
3550
3551         * runtime/StringPrototype.cpp:
3552         (JSC::replaceUsingRegExpSearch):
3553         (JSC::replaceUsingStringSearch):
3554
3555 2017-02-21  JF Bastien  <jfbastien@apple.com>
3556
3557         FullCodeOrigin for CodeBlock+CodeOrigin printing
3558         https://bugs.webkit.org/show_bug.cgi?id=168673
3559
3560         Reviewed by Filip Pizlo.
3561
3562         WebAssembly doesn't have a CodeBlock, so printing it isn't
3563         valid. This patch adds FullCodeOrigin to handle the
3564         CodeBlock+CodeOrigin printing pattern, and uses it through all the
3565         places I could find, including Repatch.cpp where it's relevant for
3566         WebAssembly.
3567
3568         * CMakeLists.txt:
3569         * JavaScriptCore.xcodeproj/project.pbxproj:
3570         * bytecode/CodeBlock.cpp:
3571         (JSC::CodeBlock::noticeIncomingCall):
3572         * bytecode/FullCodeOrigin.cpp: Added.
3573         (JSC::FullCodeOrigin::dump):
3574         (JSC::FullCodeOrigin::dumpInContext):
3575         * bytecode/FullCodeOrigin.h: Added.
3576         (JSC::FullCodeOrigin::FullCodeOrigin):
3577         * bytecode/PolymorphicAccess.cpp:
3578         (JSC::PolymorphicAccess::regenerate):
3579         * jit/PolymorphicCallStubRoutine.cpp:
3580         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
3581         * jit/Repatch.cpp:
3582         (JSC::linkFor):
3583         (JSC::linkDirectFor):
3584         (JSC::linkVirtualFor):
3585
3586 2017-02-21  Filip Pizlo  <fpizlo@apple.com>
3587
3588         Unreviewed, fix cloop. I managed to have my local patch for relanding be the one without the cloop
3589         fix. I keep forgetting about cloop!
3590
3591         * heap/Heap.cpp:
3592         (JSC::Heap::stopThePeriphery):
3593         * runtime/JSLock.cpp:
3594
3595 2017-02-21  Mark Lam  <mark.lam@apple.com>
3596
3597         Add missing exception checks detected by running marathon.js.
3598         https://bugs.webkit.org/show_bug.cgi?id=168687
3599
3600         Reviewed by Saam Barati.
3601
3602         When running the marathon.js test from https://bugs.webkit.org/show_bug.cgi?id=168580,
3603         we get some crashes due to missing exception checks.  This patch adds those
3604         missing exception checks.
3605
3606         * runtime/JSCJSValueInlines.h:
3607         (JSC::JSValue::toPropertyKey):
3608         * runtime/JSObject.cpp:
3609         (JSC::JSObject::getPrimitiveNumber):
3610
3611 2017-02-20  Filip Pizlo  <fpizlo@apple.com>
3612
3613         The collector thread should only start when the mutator doesn't have heap access
3614         https://bugs.webkit.org/show_bug.cgi?id=167737
3615
3616         Reviewed by Keith Miller.
3617         
3618         This turns the collector thread's workflow into a state machine, so that the mutator thread can
3619         run it directly. This reduces the amount of synchronization we do with the collector thread, and
3620         means that most apps will never start the collector thread. The collector thread will still start
3621         when we need to finish collecting and we don't have heap access.
3622         
3623         In this new world, "stopping the world" means relinquishing control of collection to the mutator.
3624         This means tracking who is conducting collection. I use the GCConductor enum to say who is
3625         conducting. It's either GCConductor::Mutator or GCConductor::Collector. I use the term "conn" to
3626         refer to the concept of conducting (having the conn, relinquishing the conn, taking the conn).
3627         So, stopping the world means giving the mutator the conn. Releasing heap access means giving the
3628         collector the conn.
3629         
3630         This meant bringing back the conservative scan of the calling thread. It turns out that this
3631         scan was too slow to be called on each GC increment because apparently setjmp() now does system
3632         calls. So, I wrote our own callee save register saving for the GC. Then I had doubts about
3633         whether or not it was correct, so I also made it so that the GC only rarely asks for the register
3634         state. I think we still want to use my register saving code instead of setjmp because setjmp
3635         seems to save things we don't need, and that could make us overly conservative.
3636         
3637         It turns out that this new scheduling discipline makes the old space-time scheduler perform
3638         better than the new stochastic space-time scheduler on systems with fewer than 4 cores. This is
3639         because the mutator having the conn enables us to time the mutator<->collector context switches
3640         by polling. The OS is never involved. So, we can use super precise timing. This allows the old
3641         space-time schduler to shine like it hadn't before.
3642         
3643         The splay results imply that this is all a good thing. On 2-core systems, this reduces pause
3644         times by 40% and it increases throughput about 5%. On 1-core systems, this reduces pause times by
3645         half and reduces throughput by 8%. On 4-or-more-core systems, this doesn't seem to have much
3646         effect.
3647
3648         * CMakeLists.txt:
3649         * JavaScriptCore.xcodeproj/project.pbxproj:
3650         * bytecode/CodeBlock.cpp:
3651         (JSC::CodeBlock::visitChildren):
3652         * dfg/DFGWorklist.cpp:
3653         (JSC::DFG::Worklist::ThreadBody::ThreadBody):
3654         (JSC::DFG::Worklist::dump):
3655         (JSC::DFG::numberOfWorklists):
3656         (JSC::DFG::ensureWorklistForIndex):
3657         (JSC::DFG::existingWorklistForIndexOrNull):
3658         (JSC::DFG::existingWorklistForIndex):
3659         * dfg/DFGWorklist.h:
3660         (JSC::DFG::numberOfWorklists): Deleted.
3661         (JSC::DFG::ensureWorklistForIndex): Deleted.
3662         (JSC::DFG::existingWorklistForIndexOrNull): Deleted.
3663         (JSC::DFG::existingWorklistForIndex): Deleted.
3664         * heap/CollectingScope.h: Added.
3665         (JSC::CollectingScope::CollectingScope):
3666         (JSC::CollectingScope::~CollectingScope):
3667         * heap/CollectorPhase.cpp: Added.
3668         (JSC::worldShouldBeSuspended):
3669         (WTF::printInternal):
3670         * heap/CollectorPhase.h: Added.
3671         * heap/EdenGCActivityCallback.cpp:
3672         (JSC::EdenGCActivityCallback::lastGCLength):
3673         * heap/FullGCActivityCallback.cpp:
3674         (JSC::FullGCActivityCallback::doCollection):
3675         (JSC::FullGCActivityCallback::lastGCLength):
3676         * heap/GCConductor.cpp: Added.
3677         (JSC::gcConductorShortName):
3678         (WTF::printInternal):
3679         * heap/GCConductor.h: Added.
3680         * heap/GCFinalizationCallback.cpp: Added.
3681         (JSC::GCFinalizationCallback::GCFinalizationCallback):
3682         (JSC::GCFinalizationCallback::~GCFinalizationCallback):
3683         * heap/GCFinalizationCallback.h: Added.
3684         (JSC::GCFinalizationCallbackFuncAdaptor::GCFinalizationCallbackFuncAdaptor):
3685         (JSC::createGCFinalizationCallback):
3686         * heap/Heap.cpp:
3687         (JSC::Heap::Thread::Thread):
3688         (JSC::Heap::Heap):
3689         (JSC::Heap::lastChanceToFinalize):
3690         (JSC::Heap::gatherStackRoots):
3691         (JSC::Heap::updateObjectCounts):
3692         (JSC::Heap::sweepSynchronously):
3693         (JSC::Heap::collectAllGarbage):
3694         (JSC::Heap::collectAsync):
3695         (JSC::Heap::collectSync):
3696         (JSC::Heap::shouldCollectInCollectorThread):
3697         (JSC::Heap::collectInCollectorThread):
3698         (JSC::Heap::checkConn):
3699         (JSC::Heap::runNotRunningPhase):
3700         (JSC::Heap::runBeginPhase):
3701         (JSC::Heap::runFixpointPhase):
3702         (JSC::Heap::runConcurrentPhase):
3703         (JSC::Heap::runReloopPhase):
3704         (JSC::Heap::runEndPhase):
3705         (JSC::Heap::changePhase):
3706         (JSC::Heap::finishChangingPhase):
3707         (JSC::Heap::stopThePeriphery):
3708         (JSC::Heap::resumeThePeriphery):
3709         (JSC::Heap::stopTheMutator):
3710         (JSC::Heap::resumeTheMutator):
3711         (JSC::Heap::stopIfNecessarySlow):
3712         (JSC::Heap::collectInMutatorThread):
3713         (JSC::Heap::waitForCollector):
3714         (JSC::Heap::acquireAccessSlow):
3715         (JSC::Heap::releaseAccessSlow):
3716         (JSC::Heap::relinquishConn):
3717         (JSC::Heap::finishRelinquishingConn):
3718         (JSC::Heap::handleNeedFinalize):
3719         (JSC::Heap::notifyThreadStopping):
3720         (JSC::Heap::finalize):
3721         (JSC::Heap::addFinalizationCallback):
3722         (JSC::Heap::requestCollection):
3723         (JSC::Heap::waitForCollection):
3724         (JSC::Heap::updateAllocationLimits):
3725         (JSC::Heap::didFinishCollection):
3726         (JSC::Heap::collectIfNecessaryOrDefer):
3727         (JSC::Heap::notifyIsSafeToCollect):
3728         (JSC::Heap::preventCollection):
3729         (JSC::Heap::performIncrement):
3730         (JSC::Heap::markToFixpoint): Deleted.
3731         (JSC::Heap::shouldCollectInThread): Deleted.
3732         (JSC::Heap::collectInThread): Deleted.
3733         (JSC::Heap::stopTheWorld): Deleted.
3734         (JSC::Heap::resumeTheWorld): Deleted.
3735         * heap/Heap.h:
3736         (JSC::Heap::machineThreads):
3737         (JSC::Heap::lastFullGCLength):
3738         (JSC::Heap::lastEdenGCLength):
3739         (JSC::Heap::increaseLastFullGCLength):
3740         * heap/HeapInlines.h:
3741         (JSC::Heap::mutatorIsStopped): Deleted.
3742         * heap/HeapStatistics.cpp: Removed.
3743         * heap/HeapStatistics.h: Removed.
3744         * heap/HelpingGCScope.h: Removed.
3745         * heap/IncrementalSweeper.cpp:
3746         (JSC::IncrementalSweeper::stopSweeping):
3747         (JSC::IncrementalSweeper::willFinishSweeping): Deleted.
3748         * heap/IncrementalSweeper.h:
3749         * heap/MachineStackMarker.cpp:
3750         (JSC::MachineThreads::gatherFromCurrentThread):
3751         (JSC::MachineThreads::gatherConservativeRoots):
3752         (JSC::callWithCurrentThreadState):
3753         * heap/MachineStackMarker.h:
3754         * heap/MarkedAllocator.cpp:
3755         (JSC::MarkedAllocator::allocateSlowCaseImpl):
3756         * heap/MarkedBlock.cpp:
3757         (JSC::MarkedBlock::Handle::sweep):
3758         * heap/MarkedSpace.cpp:
3759         (JSC::MarkedSpace::sweep):
3760         * heap/MutatorState.cpp:
3761         (WTF::printInternal):
3762         * heap/MutatorState.h:
3763         * heap/RegisterState.h: Added.
3764         * heap/RunningScope.h: Added.
3765         (JSC::RunningScope::RunningScope):
3766         (JSC::RunningScope::~RunningScope):
3767         * heap/SlotVisitor.cpp:
3768         (JSC::SlotVisitor::SlotVisitor):
3769         (JSC::SlotVisitor::drain):
3770         (JSC::SlotVisitor::drainFromShared):
3771         (JSC::SlotVisitor::drainInParallelPassively):
3772         (JSC::SlotVisitor::donateAll):
3773         (JSC::SlotVisitor::donate):
3774         * heap/SlotVisitor.h:
3775         (JSC::SlotVisitor::codeName):
3776         * heap/StochasticSpaceTimeMutatorScheduler.cpp:
3777         (JSC::StochasticSpaceTimeMutatorScheduler::beginCollection):
3778         (JSC::StochasticSpaceTimeMutatorScheduler::synchronousDrainingDidStall):
3779         (JSC::StochasticSpaceTimeMutatorScheduler::timeToStop):
3780         * heap/SweepingScope.h: Added.
3781         (JSC::SweepingScope::SweepingScope):
3782         (JSC::SweepingScope::~SweepingScope):
3783         * jit/JITWorklist.cpp:
3784         (JSC::JITWorklist::Thread::Thread):
3785         * jsc.cpp:
3786         (GlobalObject::finishCreation):
3787         (functionFlashHeapAccess):
3788         * runtime/InitializeThreading.cpp:
3789         (JSC::initializeThreading):
3790         * runtime/JSCellInlines.h:
3791         (JSC::JSCell::classInfo):
3792         * runtime/Options.cpp:
3793         (JSC::overrideDefaults):
3794         * runtime/Options.h:
3795         * runtime/TestRunnerUtils.cpp:
3796         (JSC::finalizeStatsAtEndOfTesting):
3797
3798 2017-02-21  Saam Barati  <sbarati@apple.com>
3799
3800         Air should have a disassembly mode that dumps IR and assembly intermixed
3801         https://bugs.webkit.org/show_bug.cgi?id=168629
3802
3803         Reviewed by Filip Pizlo.
3804
3805         This will make dumping FTL disassembly dump Air intermixed
3806         with the assembly generated by each Air Inst. This is similar
3807         to how dumpDFGDisassembly dumps the generated assembly for each
3808         Node.
3809         
3810         Here is what the output will look like:
3811         
3812         Generated FTL JIT code for foo#CUaFiQ:[0x10b76c960->0x10b76c2d0->0x10b7b6da0, FTLFunctionCall, 40 (NeverInline)], instruction count = 40:
3813         BB#0: ; frequency = 1.000000
3814                 0x469004e02e00: push %rbp
3815                 0x469004e02e01: mov %rsp, %rbp
3816                 0x469004e02e04: add $0xffffffffffffffd0, %rsp
3817             Move $0x10b76c960, %rax, $4487301472(@16)
3818                 0x469004e02e08: mov $0x10b76c960, %rax
3819             Move %rax, 16(%rbp), @19
3820                 0x469004e02e12: mov %rax, 0x10(%rbp)
3821             Patch &Patchpoint2, %rbp, %rax, @20
3822                 0x469004e02e16: lea -0x50(%rbp), %rax
3823                 0x469004e02e1a: mov $0x1084081e0, %r11
3824                 0x469004e02e24: cmp %rax, (%r11)
3825                 0x469004e02e27: ja 0x469004e02e9a
3826             Move 56(%rbp), %rdx, @23
3827                 0x469004e02e2d: mov 0x38(%rbp), %rdx
3828             Move $0xffff000000000002, %rax, $-281474976710654(@15)
3829                 0x469004e02e31: mov $0xffff000000000002, %rax
3830             Patch &BranchTest64(3,SameAsRep)1, NonZero, %rdx, %rax, %rdx, @26
3831                 0x469004e02e3b: test %rdx, %rax
3832                 0x469004e02e3e: jnz 0x469004e02f08
3833             Move 48(%rbp), %rax, @29
3834                 0x469004e02e44: mov 0x30(%rbp), %rax
3835             Move %rax, %rcx, @31
3836                 0x469004e02e48: mov %rax, %rcx
3837             Xor64 $6, %rcx, @31
3838                 0x469004e02e4b: xor $0x6, %rcx
3839             Patch &BranchTest64(3,SameAsRep)1, NonZero, %rcx, $-2, %rax, @35
3840                 0x469004e02e4f: test $0xfffffffffffffffe, %rcx
3841                 0x469004e02e56: jnz 0x469004e02f12
3842             Patch &Branch32(3,SameAsRep)0, NotEqual, (%rdx), $266, %rdx, @45
3843                 0x469004e02e5c: cmp $0x10a, (%rdx)
3844                 0x469004e02e62: jnz 0x469004e02f1c
3845             BranchTest32 NonZero, %rax, $1, @49
3846                 0x469004e02e68: test $0x1, %al
3847                 0x469004e02e6a: jnz 0x469004e02e91
3848           Successors: #3, #1
3849         BB#1: ; frequency = 1.000000
3850           Predecessors: #0
3851             Move $0, %rcx, @65
3852                 0x469004e02e70: xor %rcx, %rcx
3853             Jump @66
3854           Successors: #2
3855         BB#2: ; frequency = 1.000000
3856           Predecessors: #1, #3
3857             Move 24(%rdx), %rax, @58
3858                 0x469004e02e73: mov 0x18(%rdx), %rax
3859             Patch &BranchAdd32(4,ForceLateUseUnlessRecoverable)3, Overflow, %rcx, %rax, %rcx, %rcx, %rax, @60
3860                 0x469004e02e77: add %eax, %ecx
3861                 0x469004e02e79: jo 0x469004e02f26
3862             Move $0xffff000000000000, %rax, $-281474976710656(@14)
3863                 0x469004e02e7f: mov $0xffff000000000000, %rax
3864             Add64 %rcx, %rax, %rax, @62
3865                 0x469004e02e89: add %rcx, %rax
3866             Ret64 %rax, @63
3867                 0x469004e02e8c: mov %rbp, %rsp
3868                 0x469004e02e8f: pop %rbp
3869                 0x469004e02e90: ret 
3870         BB#3: ; frequency = 1.000000
3871           Predecessors: #0
3872             Move 16(%rdx), %rcx, @52
3873                 0x469004e02e91: mov 0x10(%rdx), %rcx
3874             Jump @55
3875                 0x469004e02e95: jmp 0x469004e02e73
3876           Successors: #2
3877
3878         * CMakeLists.txt:
3879         * JavaScriptCore.xcodeproj/project.pbxproj:
3880         * b3/air/AirCode.h:
3881         (JSC::B3::Air::Code::setDisassembler):
3882         (JSC::B3::Air::Code::disassembler):
3883         * b3/air/AirDisassembler.cpp: Added.
3884         (JSC::B3::Air::Disassembler::startEntrypoint):
3885         (JSC::B3::Air::Disassembler::endEntrypoint):
3886         (JSC::B3::Air::Disassembler::startLatePath):
3887         (JSC::B3::Air::Disassembler::endLatePath):
3888         (JSC::B3::Air::Disassembler::startBlock):
3889         (JSC::B3::Air::Disassembler::addInst):
3890         (JSC::B3::Air::Disassembler::dump):
3891    &nb