3b67985252ef8ea1c31323defcb72895ad733639
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-25  Oliver Hunt  <oliver@apple.com>
2
3         Fix MSVC again
4
5         * parser/Parser.cpp:
6
7 2013-10-25  Oliver Hunt  <oliver@apple.com>
8
9         Fix MSVC
10
11         * parser/Parser.cpp:
12
13 2013-10-25  Oliver Hunt  <oliver@apple.com>
14
15         Improve JSC Parser error messages
16         https://bugs.webkit.org/show_bug.cgi?id=123341
17
18         Reviewed by Andreas Kling.
19
20         This patch moves away from the current cludgy mechanisms used to produce
21         error messages and moves to something closer to case by case errors.
22
23         This results in a large change size as previously we may just have
24         'failIfFalse(foo)', but now the logic becomes either
25         'failIfFalseWithMessage(foo, "Cannot do blah with ", foo->thing())'
26         Or alternatively
27
28         if (!foo)
29             check for 'interesting' errors, before falling back to generic error
30
31         This means that this patch is large, but produces no semantic changes, and
32         only hits slow (e.g. error) paths.
33
34         * parser/Parser.cpp:
35         (JSC::::Parser):
36         (JSC::::parseSourceElements):
37         (JSC::::parseVarDeclaration):
38         (JSC::::parseConstDeclaration):
39         (JSC::::parseDoWhileStatement):
40         (JSC::::parseWhileStatement):
41         (JSC::::parseVarDeclarationList):
42         (JSC::::createBindingPattern):
43         (JSC::::parseDeconstructionPattern):
44         (JSC::::parseConstDeclarationList):
45         (JSC::::parseForStatement):
46         (JSC::::parseBreakStatement):
47         (JSC::::parseContinueStatement):
48         (JSC::::parseReturnStatement):
49         (JSC::::parseThrowStatement):
50         (JSC::::parseWithStatement):
51         (JSC::::parseSwitchStatement):
52         (JSC::::parseSwitchClauses):
53         (JSC::::parseSwitchDefaultClause):
54         (JSC::::parseTryStatement):
55         (JSC::::parseDebuggerStatement):
56         (JSC::::parseBlockStatement):
57         (JSC::::parseStatement):
58         (JSC::::parseFormalParameters):
59         (JSC::::parseFunctionBody):
60         (JSC::stringForFunctionMode):
61         (JSC::::parseFunctionInfo):
62         (JSC::::parseFunctionDeclaration):
63         (JSC::::parseExpressionOrLabelStatement):
64         (JSC::::parseExpressionStatement):
65         (JSC::::parseIfStatement):
66         (JSC::::parseExpression):
67         (JSC::::parseAssignmentExpression):
68         (JSC::::parseConditionalExpression):
69         (JSC::::parseBinaryExpression):
70         (JSC::::parseProperty):
71         (JSC::::parseObjectLiteral):
72         (JSC::::parseStrictObjectLiteral):
73         (JSC::::parseArrayLiteral):
74         (JSC::::parsePrimaryExpression):
75         (JSC::::parseArguments):
76         (JSC::::parseMemberExpression):
77         (JSC::operatorString):
78         (JSC::::parseUnaryExpression):
79         (JSC::::printUnexpectedTokenText):
80         * parser/Parser.h:
81         (JSC::Scope::hasDeclaredVariable):
82         (JSC::Scope::hasDeclaredParameter):
83         (JSC::Parser::hasDeclaredVariable):
84         (JSC::Parser::hasDeclaredParameter):
85         (JSC::Parser::setErrorMessage):
86
87 2013-10-24  Mark Rowe  <mrowe@apple.com>
88
89         Remove references to OS X 10.7 from Xcode configuration settings.
90
91         Now that we're not building for OS X 10.7 they're no longer needed.
92
93         Reviewed by Anders Carlsson.
94
95         * Configurations/Base.xcconfig:
96         * Configurations/DebugRelease.xcconfig:
97         * Configurations/FeatureDefines.xcconfig:
98         * Configurations/Version.xcconfig:
99
100 2013-10-24  Mark Rowe  <mrowe@apple.com>
101
102         <rdar://problem/15312643> Prepare for the mysterious future.
103
104         Reviewed by David Kilzer.
105
106         * Configurations/Base.xcconfig:
107         * Configurations/DebugRelease.xcconfig:
108         * Configurations/FeatureDefines.xcconfig:
109         * Configurations/Version.xcconfig:
110
111 2013-10-24  Mark Lam  <mark.lam@apple.com>
112
113         Better way to fix part of broken C Loop LLINT build.
114         https://bugs.webkit.org/show_bug.cgi?id=123271.
115
116         Reviewed by Geoffrey Garen.
117
118         Undoing offline asm hackery.
119
120         * llint/LowLevelInterpreter.cpp:
121         * llint/LowLevelInterpreter32_64.asm:
122         * llint/LowLevelInterpreter64.asm:
123         * offlineasm/cloop.rb:
124         * offlineasm/instructions.rb:
125
126 2013-10-24  Mark Lam  <mark.lam@apple.com>
127
128         Fix broken C Loop LLINT build.
129         https://bugs.webkit.org/show_bug.cgi?id=123271.
130
131         Reviewed by Michael Saboff.
132
133         * bytecode/CodeBlock.cpp:
134         (JSC::CodeBlock::printGetByIdCacheStatus): Added an UNUSED_PARAM().
135         (JSC::CodeBlock::dumpBytecode): Added #if ENABLE(JIT) to JIT only code.
136         * bytecode/GetByIdStatus.cpp:
137         (JSC::GetByIdStatus::computeFor): Added an UNUSED_PARAM().
138         * bytecode/PutByIdStatus.cpp:
139         (JSC::PutByIdStatus::computeFor): Added an UNUSED_PARAM().
140         * bytecode/StructureStubInfo.h:
141         - Added a stub StubInfoMap for non-JIT builds. StubInfoMap is still used
142           in function prototypes even when !ENABLE(JIT). Rather that adding #if's
143           in many places, we just provide a stub/placeholder implementation that
144           is unused but keeps the compiler happy.
145         * jit/JITOperations.h: Added #if ENABLE(JIT).
146         * llint/LowLevelInterpreter32_64.asm:
147         * llint/LowLevelInterpreter64.asm:
148         - The putByVal() macro reifies a slow path which is never taken in one case.
149           This translates into a label that is never used in the C Loop LLINT. The
150           C++ compiler doesn't like unused labels. So, we fix this by adding a
151           cloopUnusedLabel offline asm instruction that synthesizes the following:
152
153               if (false) goto unusedLabel;
154
155           This keeps the C++ compiler happy without changing code behavior.
156         * offlineasm/cloop.rb: Implementing cloopUnusedLabel.
157         * offlineasm/instructions.rb: Declaring cloopUnusedLabel.
158         * runtime/Executable.cpp:
159         (JSC::setupJIT): Added UNUSED_PARAM()s.
160         (JSC::ScriptExecutable::prepareForExecutionImpl):
161         - run-javascriptcore-tests have phases that forces the LLINT to be off
162           which in turn asserts that the JIT is enabled. With the C Loop LLINT,
163           this combination is illegal. So, we override the setup code here to
164           always use the LLINT if !ENABLE(JIT) regardless of what options are
165           passed in.
166
167 2013-10-24  peavo@outlook.com  <peavo@outlook.com>
168
169         Uninitialized member causes crash when DFG JIT is not enabled.
170         https://bugs.webkit.org/show_bug.cgi?id=123270
171
172         Reviewed by Brent Fulgham.
173
174         The data member sizeOfLastScratchBuffer in the VM class is only initialized if DFG JIT is enabled, even though it's defined regardless.
175         This causes an early crash on Windows, which doesn't have DFG JIT enabled.
176
177         * runtime/VM.cpp:
178         (JSC::VM::VM): Initialize sizeOfLastScratchBuffer member regardless of whether DFG JIT is enabled.
179
180 2013-10-24  Ryuan Choi  <ryuan.choi@samsung.com>
181
182         [EFL] Build break with latest EFL 1.8 libraries.
183         https://bugs.webkit.org/show_bug.cgi?id=123245
184
185         Reviewed by Gyuyoung Kim.
186
187         After fixed build break on EFL 1.8 at r138326, EFL libraries are changed
188         Eo typedef and splitted header files which contain version macro.
189
190         * PlatformEfl.cmake: Added EO path to include directories.
191         * heap/HeapTimer.h: Changed Ecore_Timer typedef when EO exist.
192
193 2013-10-23  Filip Pizlo  <fpizlo@apple.com>
194
195         Put all uses of LLVM intrinsics behind a single Option
196         https://bugs.webkit.org/show_bug.cgi?id=123219
197
198         Reviewed by Mark Hahnenberg.
199
200         * ftl/FTLExitThunkGenerator.cpp:
201         (JSC::FTL::ExitThunkGenerator::emitThunk):
202         * ftl/FTLLowerDFGToLLVM.cpp:
203         (JSC::FTL::generateExitThunks):
204         (JSC::FTL::LowerDFGToLLVM::compileGetById):
205         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
206         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
207         * ftl/FTLOSRExitCompiler.cpp:
208         (JSC::FTL::compileFTLOSRExit):
209         * runtime/Options.h:
210
211 2013-10-23  Daniel Bates  <dabates@apple.com>
212
213         Fix JavaScriptCore build targets following <http://trac.webkit.org/changeset/157864>
214         (https://bugs.webkit.org/show_bug.cgi?id=123169)
215
216         Tell Xcode that the supported platforms for all JavaScriptCore targets are iOS and OS X.
217
218         * Configurations/Base.xcconfig:
219
220 2013-10-23  Michael Saboff  <msaboff@apple.com>
221
222         LLInt arity check exception processing should start unwinding from caller
223         https://bugs.webkit.org/show_bug.cgi?id=123209
224
225         Reviewed by Oliver Hunt.
226
227         Use the caller frame returned from slow_path_call_arityCheck to process exceptions.
228
229         * llint/LowLevelInterpreter32_64.asm:
230         * llint/LowLevelInterpreter64.asm:
231
232 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
233
234         FTL should be able to do some simple inline caches using LLVM patchpoints
235         https://bugs.webkit.org/show_bug.cgi?id=123164
236
237         Reviewed by Mark Hahnenberg.
238         
239         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
240         
241         The idea is that we ask LLVM for a nop slide the size of a GetById inline
242         cache and then fill in the code after LLVM compilation is complete. For now, we
243         just use the system calling convention for the arguments and return. We also
244         still make some assumptions about registers that aren't correct. But, most of
245         the scaffolding is there and this will successfully patch an inline cache.
246
247         * JavaScriptCore.xcodeproj/project.pbxproj:
248         * assembler/AbstractMacroAssembler.h:
249         * assembler/LinkBuffer.cpp:
250         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
251         (JSC::LinkBuffer::linkCode):
252         (JSC::LinkBuffer::allocate):
253         * assembler/LinkBuffer.h:
254         (JSC::LinkBuffer::LinkBuffer):
255         (JSC::LinkBuffer::link):
256         * ftl/FTLAbbreviations.h:
257         (JSC::FTL::constNull):
258         (JSC::FTL::buildCall):
259         * ftl/FTLCapabilities.cpp:
260         (JSC::FTL::canCompile):
261         * ftl/FTLCompile.cpp:
262         (JSC::FTL::fixFunctionBasedOnStackMaps):
263         * ftl/FTLInlineCacheDescriptor.h: Added.
264         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
265         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
266         (JSC::FTL::GetByIdDescriptor::stackmapID):
267         (JSC::FTL::GetByIdDescriptor::codeOrigin):
268         (JSC::FTL::GetByIdDescriptor::uid):
269         * ftl/FTLInlineCacheSize.cpp: Added.
270         (JSC::FTL::sizeOfGetById):
271         (JSC::FTL::sizeOfPutById):
272         * ftl/FTLInlineCacheSize.h: Added.
273         * ftl/FTLIntrinsicRepository.h:
274         * ftl/FTLJITFinalizer.cpp:
275         (JSC::FTL::JITFinalizer::finalizeFunction):
276         * ftl/FTLJITFinalizer.h:
277         * ftl/FTLLocation.cpp:
278         (JSC::FTL::Location::directGPR):
279         * ftl/FTLLocation.h:
280         * ftl/FTLLowerDFGToLLVM.cpp:
281         (JSC::FTL::LowerDFGToLLVM::compileGetById):
282         * ftl/FTLOutput.h:
283         (JSC::FTL::Output::call):
284         * ftl/FTLSlowPathCall.cpp: Added.
285         (JSC::FTL::callOperation):
286         * ftl/FTLSlowPathCall.h: Added.
287         (JSC::FTL::SlowPathCall::SlowPathCall):
288         (JSC::FTL::SlowPathCall::call):
289         (JSC::FTL::SlowPathCall::key):
290         * ftl/FTLSlowPathCallKey.cpp: Added.
291         (JSC::FTL::SlowPathCallKey::dump):
292         * ftl/FTLSlowPathCallKey.h: Added.
293         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
294         (JSC::FTL::SlowPathCallKey::usedRegisters):
295         (JSC::FTL::SlowPathCallKey::callTarget):
296         (JSC::FTL::SlowPathCallKey::offset):
297         (JSC::FTL::SlowPathCallKey::isEmptyValue):
298         (JSC::FTL::SlowPathCallKey::isDeletedValue):
299         (JSC::FTL::SlowPathCallKey::operator==):
300         (JSC::FTL::SlowPathCallKey::hash):
301         (JSC::FTL::SlowPathCallKeyHash::hash):
302         (JSC::FTL::SlowPathCallKeyHash::equal):
303         * ftl/FTLStackMaps.cpp:
304         (JSC::FTL::StackMaps::Location::directGPR):
305         * ftl/FTLStackMaps.h:
306         * ftl/FTLState.h:
307         * ftl/FTLThunks.cpp:
308         (JSC::FTL::slowPathCallThunkGenerator):
309         * ftl/FTLThunks.h:
310         (JSC::FTL::Thunks::getSlowPathCallThunk):
311         * jit/CCallHelpers.h:
312         (JSC::CCallHelpers::setupArguments):
313         * jit/GPRInfo.h:
314         * jit/JITInlineCacheGenerator.cpp:
315         (JSC::garbageStubInfo):
316         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
317         (JSC::JITByIdGenerator::finalize):
318         * jit/JITInlineCacheGenerator.h:
319         (JSC::JITByIdGenerator::slowPathBegin):
320         * jit/RegisterSet.cpp:
321         (JSC::RegisterSet::stackRegisters):
322         (JSC::RegisterSet::specialRegisters):
323         (JSC::RegisterSet::calleeSaveRegisters):
324         (JSC::RegisterSet::allGPRs):
325         (JSC::RegisterSet::allFPRs):
326         (JSC::RegisterSet::allRegisters):
327         (JSC::RegisterSet::dump):
328         * jit/RegisterSet.h:
329         (JSC::RegisterSet::exclude):
330         (JSC::RegisterSet::numberOfSetRegisters):
331         (JSC::RegisterSet::RegisterSet):
332         (JSC::RegisterSet::isEmptyValue):
333         (JSC::RegisterSet::isDeletedValue):
334         (JSC::RegisterSet::operator==):
335         (JSC::RegisterSet::hash):
336         (JSC::RegisterSetHash::hash):
337         (JSC::RegisterSetHash::equal):
338         * runtime/Options.h:
339
340 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
341
342         jitCompileAndSetHeuristics should DeferGCForAWhile
343         https://bugs.webkit.org/show_bug.cgi?id=123196
344
345         Reviewed by Mark Hahnenberg.
346         
347         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
348         my machines. I don't think this is testable; we just need to steadily converge towards
349         getting our uses of DeferGC to be right and then be careful not to regress. We're not
350         there yet, obviously.
351         
352         * llint/LLIntSlowPaths.cpp:
353         (JSC::LLInt::jitCompileAndSetHeuristics):
354
355 2013-10-23  Daniel Bates  <dabates@apple.com>
356
357         [iOS] Upstream more JavaScriptCore build configuration changes
358         https://bugs.webkit.org/show_bug.cgi?id=123169
359
360         Reviewed by David Kilzer.
361
362         * Configurations/Base.xcconfig:
363         * Configurations/Version.xcconfig:
364         * Configurations/iOS.xcconfig: Added.
365         * JavaScriptCore.xcodeproj/project.pbxproj:
366
367 2013-10-23  Daniel Bates  <dabates@apple.com>
368
369         [iOS] Export DefaultGCActivityCallback member functions
370         https://bugs.webkit.org/show_bug.cgi?id=123175
371
372         Reviewed by David Kilzer.
373
374         * runtime/GCActivityCallback.h:
375
376 2013-10-23  Daniel Bates  <dabates@apple.com>
377
378         [iOS] Upstream more ARMv7s bits
379         https://bugs.webkit.org/show_bug.cgi?id=123052
380
381         Reviewed by Joseph Pecoraro.
382
383         * Configurations/JavaScriptCore.xcconfig:
384
385 2013-10-22  Andreas Kling  <akling@apple.com>
386
387         Minor VM* -> VM& cleanups in HashTable and Keywords.
388         <https://webkit.org/b/123183>
389
390         Turn some VM* variables that will never be null into VM&.
391
392         Reviewed by Geoffrey Garen.
393
394 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
395
396         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
397         https://bugs.webkit.org/show_bug.cgi?id=123179
398
399         Reviewed by Mark Hahnenberg.
400
401         * parser/NodeConstructors.h:
402         (JSC::LogicalOpNode::LogicalOpNode):
403         * parser/ResultType.h:
404         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
405         This is JavaScript (aka Sparta).
406
407 2013-10-22  Commit Queue  <commit-queue@webkit.org>
408
409         Unreviewed, rolling out r157819.
410         http://trac.webkit.org/changeset/157819
411         https://bugs.webkit.org/show_bug.cgi?id=123180
412
413         Broke 32-bit builds (Requested by smfr on #webkit).
414
415         * Configurations/JavaScriptCore.xcconfig:
416         * Configurations/ToolExecutable.xcconfig:
417
418 2013-10-22  Daniel Bates  <dabates@apple.com>
419
420         [iOS] Upstream more ARMv7s bits
421         https://bugs.webkit.org/show_bug.cgi?id=123052
422
423         Reviewed by Joseph Pecoraro.
424
425         * Configurations/JavaScriptCore.xcconfig:
426         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
427         modifying a file in JavaScriptCore/Configurations.
428
429 2013-10-22  Daniel Bates  <dabates@apple.com>
430
431         [iOS] Upstream JSLock changes
432         https://bugs.webkit.org/show_bug.cgi?id=123107
433
434         Reviewed by Geoffrey Garen.
435
436         * runtime/JSLock.cpp:
437         (JSC::JSLock::unlock):
438         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
439         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
440         use pre-increment instead of post-increment when we're not using the return value of the instruction.
441         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
442         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
443         since we don't use the return value of such instructions.
444         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
445         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
446         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
447         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
448         the argument is sufficiently descriptive of its purpose.
449
450 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
451
452         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
453         https://bugs.webkit.org/show_bug.cgi?id=123166
454
455         Reviewed by Michael Saboff.
456
457         * jit/CCallHelpers.h:
458         (JSC::CCallHelpers::setupArgumentsWithExecState):
459
460 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
461
462         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
463         https://bugs.webkit.org/show_bug.cgi?id=123165
464
465         Reviewed by Michael Saboff.
466
467         * jit/JITInlines.h:
468         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
469         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
470         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
471         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
472
473 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
474
475         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
476         https://bugs.webkit.org/show_bug.cgi?id=123092
477
478         Reviewed by Michael Saboff.
479
480         Impacted architectures are SH4 and ARM_TRADITIONAL.
481
482         * assembler/ARMAssembler.h:
483         (JSC::ARMAssembler::buffer):
484         * assembler/AssemblerBufferWithConstantPool.h:
485         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
486         * assembler/LinkBuffer.cpp:
487         (JSC::LinkBuffer::linkCode):
488         * assembler/SH4Assembler.h:
489         (JSC::SH4Assembler::buffer):
490
491 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
492
493         Remove unused stuff in JIT stubs.
494         https://bugs.webkit.org/show_bug.cgi?id=123155
495
496         Reviewed by Michael Saboff.
497
498         * jit/JITStubs.h:
499         * jit/JITStubsARM.h:
500         (JSC::ctiTrampoline):
501         * jit/JITStubsARM64.h:
502         * jit/JITStubsARMv7.h:
503         * jit/JITStubsMIPS.h:
504         * jit/JITStubsSH4.h:
505         * jit/JITStubsX86.h:
506         * jit/JITStubsX86_64.h:
507
508 2013-10-22  Daniel Bates  <dabates@apple.com>
509
510         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
511         https://bugs.webkit.org/show_bug.cgi?id=123115
512         <rdar://problem/13696872>
513
514         Reviewed by Andy Estes.
515
516         Based on a patch by Mark Hahnenberg.
517
518         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
519
520         * API/JSBase.cpp:
521
522 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
523
524         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
525         https://bugs.webkit.org/show_bug.cgi?id=123157
526
527         Reviewed by Andreas Kling.
528
529         * assembler/SH4Assembler.h:
530         (JSC::SH4Assembler::lastRegister):
531         (JSC::SH4Assembler::firstFPRegister):
532         (JSC::SH4Assembler::lastFPRegister):
533
534 2013-10-22  Brian Holt  <brian.holt@samsung.com>
535
536         Build break on ARMv7 after r157209
537         https://bugs.webkit.org/show_bug.cgi?id=122890
538
539         Reviewed by Csaba Osztrogon√°c.
540
541         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
542
543         * assembler/ARMAssembler.h:
544         * assembler/MacroAssemblerARM.h:
545         (JSC::MacroAssemblerARM::firstRegister):
546         (JSC::MacroAssemblerARM::lastRegister):
547         (JSC::MacroAssemblerARM::firstFPRegister):
548         (JSC::MacroAssemblerARM::lastFPRegister):
549
550 2013-10-21  Daniel Bates  <dabates@apple.com>
551
552         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
553         https://bugs.webkit.org/show_bug.cgi?id=123045
554
555         Reviewed by Joseph Pecoraro.
556
557         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
558         to global method table.
559         * runtime/JSGlobalObject.cpp: Ditto.
560         * runtime/JSGlobalObject.h:
561         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
562
563 2013-10-21  Daniel Bates  <dabates@apple.com>
564
565         [iOS] Upstream JSC Objective-C API compiler warning fixes
566         https://bugs.webkit.org/show_bug.cgi?id=123125
567
568         Reviewed by Mark Hahnenberg.
569
570         Based on a patch by Mark Hahnenberg.
571
572         * API/JSValue.mm:
573         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
574         (-[JSValue toSize]): Ditto.
575         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
576
577 2013-10-21  Daniel Bates  <dabates@apple.com>
578
579         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
580         available since iOS 7.0
581         https://bugs.webkit.org/show_bug.cgi?id=123122
582
583         Reviewed by Dan Bernstein.
584
585         * API/JSContext.h:
586         * API/JSManagedValue.h:
587         * API/JSValue.h:
588         * API/JSVirtualMachine.h:
589
590 2013-10-20  Mark Lam  <mark.lam@apple.com>
591
592         Avoid JSC debugger overhead unless needed.
593         https://bugs.webkit.org/show_bug.cgi?id=123084.
594
595         Reviewed by Geoffrey Garen.
596
597         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
598         - If no break on exception is set, we also avoid exception event debug callbacks.
599         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
600           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
601           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
602           returning, the ScriptDebugServer will clear its m_currentCallFrame if
603           needsOpDebugCallbacks() is false.
604
605         * debugger/Debugger.cpp:
606         (JSC::Debugger::Debugger):
607         (JSC::Debugger::setNeedsExceptionCallbacks):
608         (JSC::Debugger::setShouldPause):
609         (JSC::Debugger::updateNumberOfBreakpoints):
610         (JSC::Debugger::updateNeedForOpDebugCallbacks):
611         * debugger/Debugger.h:
612         * interpreter/Interpreter.cpp:
613         (JSC::Interpreter::unwind):
614         (JSC::Interpreter::debug):
615         * jit/JITOpcodes.cpp:
616         (JSC::JIT::emit_op_debug):
617         * jit/JITOpcodes32_64.cpp:
618         (JSC::JIT::emit_op_debug):
619         * llint/LLIntOffsetsExtractor.cpp:
620         * llint/LowLevelInterpreter.asm:
621
622 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
623
624         [WIN] Unreviewed build correction.
625
626         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
627           sources, not header files.
628         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
629
630 2013-10-21  Oliver Hunt  <oliver@apple.com>
631
632         Support computed property names in object literals
633         https://bugs.webkit.org/show_bug.cgi?id=123112
634
635         Reviewed by Michael Saboff.
636
637         Add support for computed property names to the parser.
638
639         * bytecompiler/NodesCodegen.cpp:
640         (JSC::PropertyListNode::emitBytecode):
641         * parser/ASTBuilder.h:
642         (JSC::ASTBuilder::createProperty):
643         (JSC::ASTBuilder::getName):
644         * parser/NodeConstructors.h:
645         (JSC::PropertyNode::PropertyNode):
646         * parser/Nodes.h:
647         (JSC::PropertyNode::expressionName):
648         (JSC::PropertyNode::name):
649         * parser/Parser.cpp:
650         (JSC::::parseProperty):
651         (JSC::::parseStrictObjectLiteral):
652         * parser/SyntaxChecker.h:
653         (JSC::SyntaxChecker::Property::Property):
654         (JSC::SyntaxChecker::createProperty):
655         (JSC::SyntaxChecker::operatorStackPop):
656
657 2013-10-21  Michael Saboff  <msaboff@apple.com>
658
659         Add option so that JSC will crash if it can't allocate executable memory for the JITs
660         https://bugs.webkit.org/show_bug.cgi?id=123048
661         <rdar://problem/12856193>
662
663         Reviewed by Geoffrey Garen.
664
665         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
666         when checking the validity of the executable allocator. The default value for this option is
667         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
668         the app can obtain executable memory.
669
670         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
671         (main):
672         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
673         * runtime/VM.cpp:
674         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
675         is enabled.
676
677 2013-10-21  Nadav Rotem  <nrotem@apple.com>
678
679         Remove AllInOneFile.cpp
680         https://bugs.webkit.org/show_bug.cgi?id=123055
681
682         Reviewed by Csaba Osztrogon√°c.
683
684         * AllInOneFile.cpp: Removed.
685
686 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
687
688         Unreviewed, cleanup a FIXME comment.
689
690         * jit/Repatch.cpp:
691
692 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
693
694         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
695         https://bugs.webkit.org/show_bug.cgi?id=123076
696
697         Reviewed by Sam Weinig.
698         
699         Start preparing for a world in which we are patching code generated by LLVM, which may have
700         very different register usage conventions than our JITs. This requires us being more explicit
701         about the registers we are using. For example, the repatching code shouldn't take for granted
702         that tagMaskRegister holds the TagMask or that the register is even in use.
703
704         * CMakeLists.txt:
705         * GNUmakefile.list.am:
706         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
707         * JavaScriptCore.xcodeproj/project.pbxproj:
708         * assembler/MacroAssembler.h:
709         (JSC::MacroAssembler::numberOfRegisters):
710         (JSC::MacroAssembler::registerIndex):
711         (JSC::MacroAssembler::numberOfFPRegisters):
712         (JSC::MacroAssembler::fpRegisterIndex):
713         (JSC::MacroAssembler::totalNumberOfRegisters):
714         * bytecode/StructureStubInfo.h:
715         * dfg/DFGSpeculativeJIT.cpp:
716         (JSC::DFG::SpeculativeJIT::usedRegisters):
717         * dfg/DFGSpeculativeJIT.h:
718         * ftl/FTLSaveRestore.cpp:
719         (JSC::FTL::bytesForGPRs):
720         (JSC::FTL::bytesForFPRs):
721         (JSC::FTL::offsetOfGPR):
722         (JSC::FTL::offsetOfFPR):
723         * jit/JITInlineCacheGenerator.cpp:
724         (JSC::JITByIdGenerator::JITByIdGenerator):
725         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
726         * jit/JITInlineCacheGenerator.h:
727         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
728         * jit/JITPropertyAccess.cpp:
729         (JSC::JIT::emit_op_get_by_id):
730         (JSC::JIT::emit_op_put_by_id):
731         * jit/JITPropertyAccess32_64.cpp:
732         (JSC::JIT::emit_op_get_by_id):
733         (JSC::JIT::emit_op_put_by_id):
734         * jit/RegisterSet.cpp: Added.
735         (JSC::RegisterSet::specialRegisters):
736         * jit/RegisterSet.h: Added.
737         (JSC::RegisterSet::RegisterSet):
738         (JSC::RegisterSet::set):
739         (JSC::RegisterSet::clear):
740         (JSC::RegisterSet::get):
741         (JSC::RegisterSet::merge):
742         * jit/Repatch.cpp:
743         (JSC::generateProtoChainAccessStub):
744         (JSC::tryCacheGetByID):
745         (JSC::tryBuildGetByIDList):
746         (JSC::emitPutReplaceStub):
747         (JSC::tryRepatchIn):
748         (JSC::linkClosureCall):
749         * jit/TempRegisterSet.cpp: Added.
750         (JSC::TempRegisterSet::TempRegisterSet):
751         * jit/TempRegisterSet.h:
752
753 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
754
755         [sh4] Fix build (broken since r157690).
756         https://bugs.webkit.org/show_bug.cgi?id=123081
757
758         Reviewed by Andreas Kling.
759
760         * assembler/AssemblerBufferWithConstantPool.h:
761         * assembler/SH4Assembler.h:
762         (JSC::SH4Assembler::buffer):
763         (JSC::SH4Assembler::readCallTarget):
764
765 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
766
767         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
768         https://bugs.webkit.org/show_bug.cgi?id=123079
769
770         Reviewed by Geoffrey Garen.
771
772         * jit/TempRegisterSet.h:
773
774 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
775
776         Rename RegisterSet to TempRegisterSet
777         https://bugs.webkit.org/show_bug.cgi?id=123077
778
779         Reviewed by Dan Bernstein.
780
781         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
782         * JavaScriptCore.xcodeproj/project.pbxproj:
783         * bytecode/StructureStubInfo.h:
784         * dfg/DFGJITCompiler.h:
785         * dfg/DFGSpeculativeJIT.h:
786         (JSC::DFG::SpeculativeJIT::usedRegisters):
787         * jit/JITInlineCacheGenerator.cpp:
788         (JSC::JITByIdGenerator::JITByIdGenerator):
789         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
790         * jit/JITInlineCacheGenerator.h:
791         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
792         * jit/JITPropertyAccess.cpp:
793         (JSC::JIT::emit_op_get_by_id):
794         (JSC::JIT::emit_op_put_by_id):
795         * jit/JITPropertyAccess32_64.cpp:
796         (JSC::JIT::emit_op_get_by_id):
797         (JSC::JIT::emit_op_put_by_id):
798         * jit/RegisterSet.h: Removed.
799         * jit/ScratchRegisterAllocator.h:
800         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
801         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
802         (JSC::TempRegisterSet::TempRegisterSet):
803         (JSC::TempRegisterSet::asPOD):
804         (JSC::TempRegisterSet::copyInfo):
805
806 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
807
808         Restructure LinkBuffer to allow for alternate allocation strategies
809         https://bugs.webkit.org/show_bug.cgi?id=123071
810
811         Reviewed by Oliver Hunt.
812         
813         The idea is to eventually allow a LinkBuffer to place the code into an already
814         allocated region of memory.  That region of memory could be the nop-slide left behind
815         by a llvm.webkit.patchpoint.
816
817         * assembler/ARM64Assembler.h:
818         (JSC::ARM64Assembler::buffer):
819         * assembler/AssemblerBuffer.h:
820         * assembler/LinkBuffer.cpp:
821         (JSC::LinkBuffer::copyCompactAndLinkCode):
822         (JSC::LinkBuffer::linkCode):
823         (JSC::LinkBuffer::allocate):
824         (JSC::LinkBuffer::shrink):
825         * assembler/LinkBuffer.h:
826         (JSC::LinkBuffer::LinkBuffer):
827         (JSC::LinkBuffer::didFailToAllocate):
828         * assembler/X86Assembler.h:
829         (JSC::X86Assembler::buffer):
830         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
831
832 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
833
834         Some includes in JSC seem to use an incorrect style
835         https://bugs.webkit.org/show_bug.cgi?id=123057
836
837         Reviewed by Geoffrey Garen.
838
839         Changed pseudo-system includes to user ones.
840
841         * API/JSContextRef.cpp:
842         * API/JSStringRefCF.cpp:
843         * API/JSValueRef.cpp:
844         * API/OpaqueJSString.cpp:
845         * jit/JIT.h:
846         * parser/SyntaxChecker.h:
847         * runtime/WeakGCMap.h:
848
849 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
850
851         Baseline JIT and DFG IC code generation should be unified and rationalized
852         https://bugs.webkit.org/show_bug.cgi?id=122939
853
854         Reviewed by Geoffrey Garen.
855         
856         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
857         some register info and creates JIT inline caches for you. Used this to even furhter
858         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
859         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
860         that it needs to do the equivalent of get_by_id, so with this generator it will be able
861         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
862
863         * CMakeLists.txt:
864         * GNUmakefile.list.am:
865         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
866         * JavaScriptCore.xcodeproj/project.pbxproj:
867         * assembler/AbstractMacroAssembler.h:
868         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
869         * bytecode/CodeBlock.h:
870         (JSC::CodeBlock::ecmaMode):
871         * dfg/DFGInlineCacheWrapper.h: Added.
872         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
873         * dfg/DFGInlineCacheWrapperInlines.h: Added.
874         (JSC::DFG::::finalize):
875         * dfg/DFGJITCompiler.cpp:
876         (JSC::DFG::JITCompiler::link):
877         * dfg/DFGJITCompiler.h:
878         (JSC::DFG::JITCompiler::addGetById):
879         (JSC::DFG::JITCompiler::addPutById):
880         * dfg/DFGSpeculativeJIT32_64.cpp:
881         (JSC::DFG::SpeculativeJIT::cachedGetById):
882         (JSC::DFG::SpeculativeJIT::cachedPutById):
883         * dfg/DFGSpeculativeJIT64.cpp:
884         (JSC::DFG::SpeculativeJIT::cachedGetById):
885         (JSC::DFG::SpeculativeJIT::cachedPutById):
886         (JSC::DFG::SpeculativeJIT::compile):
887         * jit/AssemblyHelpers.h:
888         (JSC::AssemblyHelpers::isStrictModeFor):
889         (JSC::AssemblyHelpers::strictModeFor):
890         * jit/GPRInfo.h:
891         (JSC::JSValueRegs::tagGPR):
892         * jit/JIT.cpp:
893         (JSC::JIT::JIT):
894         (JSC::JIT::privateCompileSlowCases):
895         (JSC::JIT::privateCompile):
896         * jit/JIT.h:
897         * jit/JITInlineCacheGenerator.cpp: Added.
898         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
899         (JSC::JITByIdGenerator::JITByIdGenerator):
900         (JSC::JITByIdGenerator::finalize):
901         (JSC::JITByIdGenerator::generateFastPathChecks):
902         (JSC::JITGetByIdGenerator::generateFastPath):
903         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
904         (JSC::JITPutByIdGenerator::generateFastPath):
905         (JSC::JITPutByIdGenerator::slowPathFunction):
906         * jit/JITInlineCacheGenerator.h: Added.
907         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
908         (JSC::JITInlineCacheGenerator::stubInfo):
909         (JSC::JITByIdGenerator::JITByIdGenerator):
910         (JSC::JITByIdGenerator::reportSlowPathCall):
911         (JSC::JITByIdGenerator::slowPathJump):
912         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
913         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
914         * jit/JITPropertyAccess.cpp:
915         (JSC::JIT::emit_op_get_by_id):
916         (JSC::JIT::emitSlow_op_get_by_id):
917         (JSC::JIT::emit_op_put_by_id):
918         (JSC::JIT::emitSlow_op_put_by_id):
919         * jit/JITPropertyAccess32_64.cpp:
920         (JSC::JIT::emit_op_get_by_id):
921         (JSC::JIT::emitSlow_op_get_by_id):
922         (JSC::JIT::emit_op_put_by_id):
923         (JSC::JIT::emitSlow_op_put_by_id):
924         * jit/RegisterSet.h:
925         (JSC::RegisterSet::set):
926
927 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
928
929         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
930         https://bugs.webkit.org/show_bug.cgi?id=123067
931
932         Reviewed by Geoffrey Garen.
933
934         * API/APICast.h: Include it.
935
936 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
937
938         FTL::Location should treat the offset as an addend in the case of a Register location
939         https://bugs.webkit.org/show_bug.cgi?id=123062
940
941         Reviewed by Sam Weinig.
942
943         * ftl/FTLLocation.cpp:
944         (JSC::FTL::Location::forStackmaps):
945         (JSC::FTL::Location::dump):
946         (JSC::FTL::Location::restoreInto):
947         * ftl/FTLLocation.h:
948         (JSC::FTL::Location::forRegister):
949         (JSC::FTL::Location::hasAddend):
950         (JSC::FTL::Location::addend):
951
952 2013-10-19  Nadav Rotem  <nrotem@apple.com>
953
954         DFG dominators: document and rename stuff.
955         https://bugs.webkit.org/show_bug.cgi?id=123056
956
957         Reviewed by Filip Pizlo.
958
959         Documented the code and renamed some variables.
960
961         * dfg/DFGDominators.cpp:
962         (JSC::DFG::Dominators::compute):
963         (JSC::DFG::Dominators::pruneDominators):
964         * dfg/DFGDominators.h:
965
966 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
967
968         Fix build failure for architectures with 4 argument registers.
969         https://bugs.webkit.org/show_bug.cgi?id=123060
970
971         Reviewed by Michael Saboff.
972
973         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
974         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
975
976         * dfg/DFGSpeculativeJIT.h:
977         (JSC::DFG::SpeculativeJIT::callOperation):
978         * jit/CCallHelpers.h:
979         (JSC::CCallHelpers::setupArgumentsWithExecState):
980         * jit/JITInlines.h:
981         (JSC::JIT::callOperation):
982
983 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
984
985         Unreviewed, fix FTL build.
986
987         * ftl/FTLIntrinsicRepository.h:
988         * ftl/FTLLowerDFGToLLVM.cpp:
989         (JSC::FTL::LowerDFGToLLVM::compileGetById):
990
991 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
992
993         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
994         https://bugs.webkit.org/show_bug.cgi?id=122940
995
996         Reviewed by Oliver Hunt.
997         
998         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
999         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
1000         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
1001         StructureStubInfo's. It removes some of the need for the compile-time property access
1002         records; for example the DFG no longer has to save information about registers in a
1003         property access record only to later save it to the stub info.
1004         
1005         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
1006         at any stage of compilation.
1007
1008         * bytecode/CodeBlock.cpp:
1009         (JSC::CodeBlock::printGetByIdCacheStatus):
1010         (JSC::CodeBlock::dumpBytecode):
1011         (JSC::CodeBlock::~CodeBlock):
1012         (JSC::CodeBlock::propagateTransitions):
1013         (JSC::CodeBlock::finalizeUnconditionally):
1014         (JSC::CodeBlock::addStubInfo):
1015         (JSC::CodeBlock::getStubInfoMap):
1016         (JSC::CodeBlock::shrinkToFit):
1017         * bytecode/CodeBlock.h:
1018         (JSC::CodeBlock::begin):
1019         (JSC::CodeBlock::end):
1020         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
1021         * bytecode/CodeOrigin.h:
1022         (JSC::CodeOrigin::CodeOrigin):
1023         (JSC::CodeOrigin::isHashTableDeletedValue):
1024         (JSC::CodeOrigin::hash):
1025         (JSC::CodeOriginHash::hash):
1026         (JSC::CodeOriginHash::equal):
1027         * bytecode/GetByIdStatus.cpp:
1028         (JSC::GetByIdStatus::computeFor):
1029         * bytecode/GetByIdStatus.h:
1030         * bytecode/PutByIdStatus.cpp:
1031         (JSC::PutByIdStatus::computeFor):
1032         * bytecode/PutByIdStatus.h:
1033         * bytecode/StructureStubInfo.h:
1034         (JSC::getStructureStubInfoCodeOrigin):
1035         * dfg/DFGByteCodeParser.cpp:
1036         (JSC::DFG::ByteCodeParser::parseBlock):
1037         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1038         * dfg/DFGJITCompiler.cpp:
1039         (JSC::DFG::JITCompiler::link):
1040         * dfg/DFGJITCompiler.h:
1041         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
1042         (JSC::DFG::InRecord::InRecord):
1043         * dfg/DFGSpeculativeJIT.cpp:
1044         (JSC::DFG::SpeculativeJIT::compileIn):
1045         * dfg/DFGSpeculativeJIT.h:
1046         (JSC::DFG::SpeculativeJIT::callOperation):
1047         * dfg/DFGSpeculativeJIT32_64.cpp:
1048         (JSC::DFG::SpeculativeJIT::cachedGetById):
1049         (JSC::DFG::SpeculativeJIT::cachedPutById):
1050         * dfg/DFGSpeculativeJIT64.cpp:
1051         (JSC::DFG::SpeculativeJIT::cachedGetById):
1052         (JSC::DFG::SpeculativeJIT::cachedPutById):
1053         * jit/CCallHelpers.h:
1054         (JSC::CCallHelpers::setupArgumentsWithExecState):
1055         * jit/JIT.cpp:
1056         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1057         (JSC::JIT::privateCompile):
1058         * jit/JIT.h:
1059         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
1060         * jit/JITInlines.h:
1061         (JSC::JIT::callOperation):
1062         * jit/JITOperations.cpp:
1063         * jit/JITOperations.h:
1064         * jit/JITPropertyAccess.cpp:
1065         (JSC::JIT::emitSlow_op_get_by_id):
1066         (JSC::JIT::emitSlow_op_put_by_id):
1067         * jit/JITPropertyAccess32_64.cpp:
1068         (JSC::JIT::emitSlow_op_get_by_id):
1069         (JSC::JIT::emitSlow_op_put_by_id):
1070         * jit/Repatch.cpp:
1071         (JSC::appropriateGenericPutByIdFunction):
1072         (JSC::appropriateListBuildingPutByIdFunction):
1073         (JSC::resetPutByID):
1074
1075 2013-10-18  Oliver Hunt  <oliver@apple.com>
1076
1077         Spread operator should be performing direct "puts" and not triggering setters
1078         https://bugs.webkit.org/show_bug.cgi?id=123047
1079
1080         Reviewed by Geoffrey Garen.
1081
1082         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
1083         to array construct.  This required a new PutByValDirect node to be introduced to
1084         the DFG.  The current implementation simply changes the slow path function that
1085         is called, but in future this could be made faster as it does not need to check
1086         the prototype chain.
1087
1088         * bytecode/CodeBlock.cpp:
1089         (JSC::CodeBlock::dumpBytecode):
1090         (JSC::CodeBlock::CodeBlock):
1091         * bytecode/Opcode.h:
1092         (JSC::padOpcodeName):
1093         * bytecompiler/BytecodeGenerator.cpp:
1094         (JSC::BytecodeGenerator::emitDirectPutByVal):
1095         * bytecompiler/BytecodeGenerator.h:
1096         * bytecompiler/NodesCodegen.cpp:
1097         (JSC::ArrayNode::emitBytecode):
1098         * dfg/DFGAbstractInterpreterInlines.h:
1099         (JSC::DFG::::executeEffects):
1100         * dfg/DFGBackwardsPropagationPhase.cpp:
1101         (JSC::DFG::BackwardsPropagationPhase::propagate):
1102         * dfg/DFGByteCodeParser.cpp:
1103         (JSC::DFG::ByteCodeParser::parseBlock):
1104         * dfg/DFGCSEPhase.cpp:
1105         (JSC::DFG::CSEPhase::getArrayLengthElimination):
1106         (JSC::DFG::CSEPhase::getByValLoadElimination):
1107         (JSC::DFG::CSEPhase::checkStructureElimination):
1108         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
1109         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1110         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
1111         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1112         (JSC::DFG::CSEPhase::performNodeCSE):
1113         * dfg/DFGCapabilities.cpp:
1114         (JSC::DFG::capabilityLevel):
1115         * dfg/DFGClobberize.h:
1116         (JSC::DFG::clobberize):
1117         * dfg/DFGFixupPhase.cpp:
1118         (JSC::DFG::FixupPhase::fixupNode):
1119         * dfg/DFGGraph.h:
1120         (JSC::DFG::Graph::clobbersWorld):
1121         * dfg/DFGNode.h:
1122         (JSC::DFG::Node::hasArrayMode):
1123         * dfg/DFGNodeType.h:
1124         * dfg/DFGOperations.cpp:
1125         (JSC::DFG::putByVal):
1126         (JSC::DFG::operationPutByValInternal):
1127         * dfg/DFGOperations.h:
1128         * dfg/DFGPredictionPropagationPhase.cpp:
1129         (JSC::DFG::PredictionPropagationPhase::propagate):
1130         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
1131         * dfg/DFGSafeToExecute.h:
1132         (JSC::DFG::safeToExecute):
1133         * dfg/DFGSpeculativeJIT32_64.cpp:
1134         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
1135         (JSC::DFG::SpeculativeJIT::compile):
1136         * dfg/DFGSpeculativeJIT64.cpp:
1137         (JSC::DFG::SpeculativeJIT::compile):
1138         * dfg/DFGTypeCheckHoistingPhase.cpp:
1139         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
1140         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
1141         * jit/JIT.cpp:
1142         (JSC::JIT::privateCompileMainPass):
1143         (JSC::JIT::privateCompileSlowCases):
1144         * jit/JIT.h:
1145         (JSC::JIT::compileDirectPutByVal):
1146         * jit/JITOperations.cpp:
1147         * jit/JITOperations.h:
1148         * jit/JITPropertyAccess.cpp:
1149         (JSC::JIT::emitSlow_op_put_by_val):
1150         (JSC::JIT::privateCompilePutByVal):
1151         * jit/JITPropertyAccess32_64.cpp:
1152         (JSC::JIT::emitSlow_op_put_by_val):
1153         * llint/LLIntSlowPaths.cpp:
1154         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1155         * llint/LLIntSlowPaths.h:
1156         * llint/LowLevelInterpreter32_64.asm:
1157         * llint/LowLevelInterpreter64.asm:
1158
1159 2013-10-18  Daniel Bates  <dabates@apple.com>
1160
1161         [iOS] Export symbol for VM::sharedInstanceExists()
1162         https://bugs.webkit.org/show_bug.cgi?id=123046
1163
1164         Reviewed by Mark Hahnenberg.
1165
1166         * runtime/VM.h:
1167
1168 2013-10-18  Daniel Bates  <dabates@apple.com>
1169
1170         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
1171         https://bugs.webkit.org/show_bug.cgi?id=123049
1172
1173         Reviewed by Mark Hahnenberg.
1174
1175         * heap/Heap.cpp:
1176         (JSC::Heap::setIncrementalSweeper):
1177         * heap/Heap.h:
1178         * heap/HeapTimer.h:
1179         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
1180         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
1181         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
1182         (duplicates the include in the .cpp).
1183         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
1184         making use of this now, but we'll make use of it in a subsequent patch.
1185
1186 2013-10-18  Anders Carlsson  <andersca@apple.com>
1187
1188         Remove spaces between template angle brackets
1189         https://bugs.webkit.org/show_bug.cgi?id=123040
1190
1191         Reviewed by Andreas Kling.
1192
1193         * API/JSCallbackObject.cpp:
1194         (JSC::::create):
1195         * API/JSObjectRef.cpp:
1196         * bytecode/CodeBlock.h:
1197         (JSC::CodeBlock::constants):
1198         (JSC::CodeBlock::setConstantRegisters):
1199         * bytecode/DFGExitProfile.h:
1200         * bytecode/EvalCodeCache.h:
1201         * bytecode/Operands.h:
1202         * bytecode/UnlinkedCodeBlock.h:
1203         (JSC::UnlinkedCodeBlock::constantRegisters):
1204         * bytecode/Watchpoint.h:
1205         * bytecompiler/BytecodeGenerator.h:
1206         * bytecompiler/StaticPropertyAnalysis.h:
1207         * bytecompiler/StaticPropertyAnalyzer.h:
1208         * dfg/DFGArgumentsSimplificationPhase.cpp:
1209         * dfg/DFGBlockInsertionSet.h:
1210         * dfg/DFGCSEPhase.cpp:
1211         (JSC::DFG::performCSE):
1212         (JSC::DFG::performStoreElimination):
1213         * dfg/DFGCommonData.h:
1214         * dfg/DFGDesiredStructureChains.h:
1215         * dfg/DFGDesiredWatchpoints.h:
1216         * dfg/DFGJITCompiler.h:
1217         * dfg/DFGOSRExitCompiler32_64.cpp:
1218         (JSC::DFG::OSRExitCompiler::compileExit):
1219         * dfg/DFGOSRExitCompiler64.cpp:
1220         (JSC::DFG::OSRExitCompiler::compileExit):
1221         * dfg/DFGWorklist.h:
1222         * heap/BlockAllocator.h:
1223         (JSC::CopiedBlock):
1224         (JSC::MarkedBlock):
1225         (JSC::WeakBlock):
1226         (JSC::MarkStackSegment):
1227         (JSC::CopyWorkListSegment):
1228         (JSC::HandleBlock):
1229         * heap/Heap.h:
1230         * heap/Local.h:
1231         * heap/MarkedBlock.h:
1232         * heap/Strong.h:
1233         * jit/AssemblyHelpers.cpp:
1234         (JSC::AssemblyHelpers::decodedCodeMapFor):
1235         * jit/AssemblyHelpers.h:
1236         * jit/SpecializedThunkJIT.h:
1237         * parser/Nodes.h:
1238         * parser/Parser.cpp:
1239         (JSC::::parseIfStatement):
1240         * parser/Parser.h:
1241         (JSC::Scope::copyCapturedVariablesToVector):
1242         (JSC::parse):
1243         * parser/ParserArena.h:
1244         * parser/SourceProviderCacheItem.h:
1245         * profiler/LegacyProfiler.cpp:
1246         (JSC::dispatchFunctionToProfiles):
1247         * profiler/LegacyProfiler.h:
1248         (JSC::LegacyProfiler::currentProfiles):
1249         * profiler/ProfileNode.h:
1250         (JSC::ProfileNode::children):
1251         * profiler/ProfilerDatabase.h:
1252         * runtime/Butterfly.h:
1253         (JSC::Butterfly::contiguousInt32):
1254         (JSC::Butterfly::contiguous):
1255         * runtime/GenericTypedArrayViewInlines.h:
1256         (JSC::::create):
1257         * runtime/Identifier.h:
1258         (JSC::Identifier::add):
1259         * runtime/JSPromise.h:
1260         * runtime/PropertyMapHashTable.h:
1261         * runtime/PropertyNameArray.h:
1262         * runtime/RegExpCache.h:
1263         * runtime/SparseArrayValueMap.h:
1264         * runtime/SymbolTable.h:
1265         * runtime/VM.h:
1266         * tools/CodeProfile.cpp:
1267         (JSC::truncateTrace):
1268         * tools/CodeProfile.h:
1269         * yarr/YarrInterpreter.cpp:
1270         * yarr/YarrInterpreter.h:
1271         (JSC::Yarr::BytecodePattern::BytecodePattern):
1272         * yarr/YarrJIT.cpp:
1273         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1274         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1275         (JSC::Yarr::YarrGenerator::opCompileBody):
1276         * yarr/YarrPattern.cpp:
1277         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1278         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1279         * yarr/YarrPattern.h:
1280
1281 2013-10-18  Mark Lam  <mark.lam@apple.com>
1282
1283         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
1284         https://bugs.webkit.org/show_bug.cgi?id=123037.
1285
1286         Reviewed by Geoffrey Garen.
1287
1288         * jit/JITStubsMSVC64.asm:
1289         * jit/JITStubsX86.h:
1290         * jit/JITStubsX86_64.h:
1291
1292 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1293
1294         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
1295         https://bugs.webkit.org/show_bug.cgi?id=121661
1296
1297         Reviewed by Mark Hahnenberg.
1298         
1299         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
1300         so I added a return-early check using isCompilationThread().
1301         
1302         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
1303         it is describing: m_offset and the property table. Most structures only have m_offset and report
1304         null for the property table. If the property table is there, it will tell you additional
1305         information and that information subsumes m_offset - but the m_offset is still there. So, when
1306         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
1307         machinery to do this.
1308         
1309         Changing the property table only happens on the main thread.
1310         
1311         Because the machinery to change the property table is so complex, especially with respect to
1312         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
1313         called at key points before and after changes to the property table or the offset.
1314
1315         Most clients of Structure who care about object layout, including the concurrent thread, will
1316         want to know m_offset and not the property table. If they want the property table, they will
1317         already be super careful. The concurrent thread has special methods for this, like
1318         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
1319         view of the property table.
1320         
1321         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
1322         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
1323         
1324         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
1325         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
1326         because we have found that it helps quickly identify situations where the property table and
1327         m_offset get out of sync - mainly because code that changes either of those things will usually
1328         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
1329         need the property table; it uses the m_offset. The concurrent JIT is correct to call
1330         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
1331         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
1332         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
1333         locks, and that same structure is having its property table modified by the main thread, we end
1334         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
1335         property table modified - instead what happens is that some downstream structure steals the
1336         property table and then starts adding things to it. The concurrent thread loads the property
1337         table before it's stolen, and hence the badness.
1338         
1339         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
1340         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
1341         and then you have a possible crash.
1342         
1343         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
1344         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
1345         it's in the concurrent JIT.
1346         
1347         * runtime/StructureInlines.h:
1348         (JSC::Structure::checkOffsetConsistency):
1349
1350 2013-10-18  Daniel Bates  <dabates@apple.com>
1351
1352         Add SPI to disable the garbage collector timer
1353         https://bugs.webkit.org/show_bug.cgi?id=122921
1354
1355         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1356         omitted.
1357
1358         * heap/Heap.cpp:
1359         (JSC::Heap::setGarbageCollectionTimerEnabled):
1360
1361 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1362
1363         Group 64-bit specific and 32-bit specific callOperation implementations.
1364         https://bugs.webkit.org/show_bug.cgi?id=123024
1365
1366         Reviewed by Michael Saboff.
1367
1368         This is not a big deal, but could be less confusing when reading the code.
1369
1370         * jit/JITInlines.h:
1371         (JSC::JIT::callOperation):
1372         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1373         (JSC::JIT::callOperationNoExceptionCheck):
1374
1375 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1376
1377         Fix a FlushLiveness problem.
1378         https://bugs.webkit.org/show_bug.cgi?id=122984
1379
1380         Reviewed by Filip Pizlo.
1381
1382         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1383         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1384
1385 2013-10-18  Michael Saboff  <msaboff@apple.com>
1386
1387         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1388         https://bugs.webkit.org/show_bug.cgi?id=122982
1389
1390         Reviewed by Geoffrey Garen.
1391
1392         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1393         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1394         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1395         in the process.
1396
1397         * dfg/DFGJITCompiler.cpp:
1398         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1399         * jit/CCallHelpers.h:
1400         (JSC::CCallHelpers::jumpToExceptionHandler):
1401         * jit/JIT.cpp:
1402         (JSC::JIT::privateCompileExceptionHandlers):
1403         * jit/JIT.h:
1404         * jit/JITExceptions.cpp:
1405         (JSC::genericUnwind):
1406         * jit/JITExceptions.h:
1407         * jit/JITInlines.h:
1408         (JSC::JIT::callOperationNoExceptionCheck):
1409         * jit/JITOpcodes.cpp:
1410         (JSC::JIT::emit_op_throw):
1411         * jit/JITOpcodes32_64.cpp:
1412         (JSC::JIT::privateCompileCTINativeCall):
1413         (JSC::JIT::emit_op_throw):
1414         * jit/JITOperations.cpp:
1415         * jit/JITOperations.h:
1416         * jit/JITStubs.cpp:
1417         * jit/JITStubs.h:
1418         * jit/JITStubsARM.h:
1419         * jit/JITStubsARM64.h:
1420         * jit/JITStubsARMv7.h:
1421         * jit/JITStubsMIPS.h:
1422         * jit/JITStubsMSVC64.asm:
1423         * jit/JITStubsSH4.h:
1424         * jit/JITStubsX86.h:
1425         * jit/JITStubsX86_64.h:
1426         * jit/Repatch.cpp:
1427         (JSC::tryBuildGetByIDList):
1428         * jit/SlowPathCall.h:
1429         (JSC::JITSlowPathCall::call):
1430         * jit/ThunkGenerators.cpp:
1431         (JSC::throwExceptionFromCallSlowPathGenerator):
1432         (JSC::nativeForGenerator):
1433         * runtime/VM.h:
1434         (JSC::VM::callFrameForThrowOffset):
1435         (JSC::VM::targetMachinePCForThrowOffset):
1436
1437 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1438
1439         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1440         https://bugs.webkit.org/show_bug.cgi?id=123023
1441
1442         Reviewed by Michael Saboff.
1443
1444         * jit/JITInlines.h:
1445         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1446         using EABI_32BIT_DUMMY_ARG here.
1447
1448 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1449
1450         Unreviewed, another ARM64 build fix.
1451         
1452         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1453         on ARM64 and none of its uses are legit - they should all be using
1454         andPtr(TrustedImm32, blah) anyway.
1455
1456         * assembler/MacroAssembler.h:
1457         * assembler/MacroAssemblerARM64.h:
1458         * dfg/DFGJITCompiler.cpp:
1459         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1460         * jit/JIT.cpp:
1461         (JSC::JIT::privateCompileExceptionHandlers):
1462
1463 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1464
1465         Unreviewed, speculative ARM64 build fix.
1466         
1467         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1468         implemented. So, you have to use TrustedImmPtr in the superclasses.
1469
1470         * assembler/MacroAssemblerARM64.h:
1471         (JSC::MacroAssemblerARM64::store8):
1472         (JSC::MacroAssemblerARM64::branchTest8):
1473
1474 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1475
1476         Unreviewed, speculative ARM build fix.
1477         https://bugs.webkit.org/show_bug.cgi?id=122890
1478         <rdar://problem/15258624>
1479
1480         * assembler/ARM64Assembler.h:
1481         (JSC::ARM64Assembler::firstRegister):
1482         (JSC::ARM64Assembler::lastRegister):
1483         (JSC::ARM64Assembler::firstFPRegister):
1484         (JSC::ARM64Assembler::lastFPRegister):
1485         * assembler/MacroAssemblerARM64.h:
1486         * assembler/MacroAssemblerARMv7.h:
1487
1488 2013-10-17  Andreas Kling  <akling@apple.com>
1489
1490         Pass VM instead of JSGlobalObject to JSONObject constructor.
1491         <https://webkit.org/b/122999>
1492
1493         JSONObject was only use the JSGlobalObject to grab at the VM.
1494         Dodge a few loads by passing the VM directly instead.
1495
1496         Reviewed by Geoffrey Garen.
1497
1498         * runtime/JSONObject.cpp:
1499         (JSC::JSONObject::JSONObject):
1500         (JSC::JSONObject::finishCreation):
1501         * runtime/JSONObject.h:
1502         (JSC::JSONObject::create):
1503
1504 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1505
1506         Removed the JITStackFrame struct
1507         https://bugs.webkit.org/show_bug.cgi?id=123001
1508
1509         Reviewed by Anders Carlsson.
1510
1511         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1512         our helper functions obey the C function call ABI.
1513
1514 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1515
1516         Removed an unused #define
1517         https://bugs.webkit.org/show_bug.cgi?id=123000
1518
1519         Reviewed by Anders Carlsson.
1520
1521         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1522         since it is unused now. This is a step toward using the C stack.
1523
1524 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1525
1526         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1527         https://bugs.webkit.org/show_bug.cgi?id=122973
1528
1529         Reviewed by Michael Saboff.
1530
1531         * jit/ThunkGenerators.cpp:
1532         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1533         so I removed it.
1534
1535         The code acted as if it needed to pass an argument to
1536         lookupExceptionHandler, and as if it passed that argument to itself
1537         through JITStackFrame. However, lookupExceptionHandler does not take
1538         an argument (other than the default ExecState argument), and the code
1539         did not initialize the thing that it thought it passed to itself!
1540
1541 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1542
1543         Run JavaScriptCore tests again on Windows.
1544         https://bugs.webkit.org/show_bug.cgi?id=122787
1545
1546         Reviewed by Tim Horton.
1547
1548         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1549         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1550
1551 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1552
1553         Removed restoreArgumentReference (another use of JITStackFrame)
1554         https://bugs.webkit.org/show_bug.cgi?id=122997
1555
1556         Reviewed by Oliver Hunt.
1557
1558         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1559         toward using the C stack.
1560
1561 2013-10-17  Oliver Hunt  <oliver@apple.com>
1562
1563         Remove JITStubCall.h
1564         https://bugs.webkit.org/show_bug.cgi?id=122991
1565
1566         Reviewed by Geoff Garen.
1567
1568         Happily this is no longer used
1569
1570         * GNUmakefile.list.am:
1571         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1572         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1573         * JavaScriptCore.xcodeproj/project.pbxproj:
1574         * jit/JIT.cpp:
1575         * jit/JITArithmetic.cpp:
1576         * jit/JITArithmetic32_64.cpp:
1577         * jit/JITCall.cpp:
1578         * jit/JITCall32_64.cpp:
1579         * jit/JITOpcodes.cpp:
1580         * jit/JITOpcodes32_64.cpp:
1581         * jit/JITPropertyAccess.cpp:
1582         * jit/JITPropertyAccess32_64.cpp:
1583         * jit/JITStubCall.h: Removed.
1584
1585 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1586
1587         Removed a use of JITSTACKFRAME_ARGS_INDEX
1588         https://bugs.webkit.org/show_bug.cgi?id=122989
1589
1590         Reviewed by Oliver Hunt.
1591
1592         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1593         to using the C stack.
1594
1595 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1596
1597         Change emit_op_catch to use another method to materialize VM
1598         https://bugs.webkit.org/show_bug.cgi?id=122977
1599
1600         Reviewed by Oliver Hunt.
1601
1602         * jit/JITOpcodes.cpp:
1603         (JSC::JIT::emit_op_catch):
1604         * jit/JITOpcodes32_64.cpp:
1605         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1606         on JITStackFrame. It is also faster and simpler.
1607
1608 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1609
1610         Eliminate emitGetJITStubArg() - dead code
1611         https://bugs.webkit.org/show_bug.cgi?id=122975
1612
1613         Reviewed by Anders Carlsson.
1614
1615         * jit/JIT.h:
1616         * jit/JITInlines.h: Removed unused, deprecated function.
1617
1618 2013-10-17  Mark Lam  <mark.lam@apple.com>
1619
1620         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1621         https://bugs.webkit.org/show_bug.cgi?id=122979.
1622
1623         Reviewed by Michael Saboff.
1624
1625         * jit/JITStubs.cpp:
1626         * jit/JITStubs.h:
1627         * jit/JITStubsARM.h:
1628         * jit/JITStubsARM64.h:
1629         * jit/JITStubsARMv7.h:
1630         * jit/JITStubsMIPS.h:
1631         * jit/JITStubsSH4.h:
1632         * jit/JITStubsX86.h:
1633         * jit/JITStubsX86_64.h:
1634         * runtime/VM.cpp:
1635         (JSC::VM::VM):
1636
1637 2013-10-17  Michael Saboff  <msaboff@apple.com>
1638
1639         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1640         https://bugs.webkit.org/show_bug.cgi?id=122974
1641
1642         Reviewed by Geoffrey Garen.
1643
1644         Eliminated unneeded storing to JITStackFrame.
1645
1646         * dfg/DFGJITCompiler.cpp:
1647         (JSC::DFG::JITCompiler::compileFunction):
1648
1649 2013-10-17  Michael Saboff  <msaboff@apple.com>
1650
1651         Transition cti_op_throw and cti_vm_throw to a JIT operation
1652         https://bugs.webkit.org/show_bug.cgi?id=122931
1653
1654         Reviewed by Filip Pizlo.
1655
1656         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1657         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1658         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1659         callOperation to handle the need to provide space for structure return value.
1660
1661         * jit/JIT.h:
1662         * jit/JITInlines.h:
1663         (JSC::JIT::callOperation):
1664         * jit/JITOpcodes.cpp:
1665         (JSC::JIT::emit_op_throw):
1666         * jit/JITOpcodes32_64.cpp:
1667         (JSC::JIT::emit_op_throw):
1668         (JSC::JIT::emit_op_catch):
1669         * jit/JITOperations.cpp:
1670         * jit/JITOperations.h:
1671         * jit/JITStubs.cpp:
1672         * jit/JITStubs.h:
1673         * jit/JITStubsARM.h:
1674         * jit/JITStubsARM64.h:
1675         * jit/JITStubsARMv7.h:
1676         * jit/JITStubsMIPS.h:
1677         * jit/JITStubsMSVC64.asm:
1678         * jit/JITStubsSH4.h:
1679         * jit/JITStubsX86.h:
1680         * jit/JITStubsX86_64.h:
1681         * jit/JSInterfaceJIT.h:
1682
1683 2013-10-17  Mark Lam  <mark.lam@apple.com>
1684
1685         Remove JITStackFrame references in the C Loop LLINT.
1686         https://bugs.webkit.org/show_bug.cgi?id=122950.
1687
1688         Reviewed by Michael Saboff.
1689
1690         * jit/JITStubs.h:
1691         * llint/LowLevelInterpreter.cpp:
1692         (JSC::CLoop::execute):
1693         * offlineasm/cloop.rb:
1694
1695 2013-10-17  Mark Lam  <mark.lam@apple.com>
1696
1697         Remove JITStackFrame references in JIT probes.
1698         https://bugs.webkit.org/show_bug.cgi?id=122947.
1699
1700         Reviewed by Michael Saboff.
1701
1702         * assembler/MacroAssemblerARM.cpp:
1703         (JSC::MacroAssemblerARM::ProbeContext::dump):
1704         * assembler/MacroAssemblerARM.h:
1705         * assembler/MacroAssemblerARMv7.cpp:
1706         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1707         * assembler/MacroAssemblerARMv7.h:
1708         * assembler/MacroAssemblerX86Common.cpp:
1709         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1710         * assembler/MacroAssemblerX86Common.h:
1711         * jit/JITStubsARM.h:
1712         * jit/JITStubsARMv7.h:
1713         * jit/JITStubsX86.h:
1714         * jit/JITStubsX86Common.h:
1715         * jit/JITStubsX86_64.h:
1716
1717 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1718
1719         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1720         https://bugs.webkit.org/show_bug.cgi?id=122949
1721
1722         Reviewed by Andreas Kling.
1723
1724         * jit/CCallHelpers.h:
1725         (JSC::CCallHelpers::setupArgumentsWithExecState):
1726
1727 2013-10-16  Mark Lam  <mark.lam@apple.com>
1728
1729         Transition remaining op_get* JITStubs to JIT operations.
1730         https://bugs.webkit.org/show_bug.cgi?id=122925.
1731
1732         Reviewed by Geoffrey Garen.
1733
1734         Transitioning:
1735             cti_op_get_by_id_generic
1736             cti_op_get_by_val
1737             cti_op_get_by_val_generic
1738             cti_op_get_by_val_string
1739
1740         * dfg/DFGOperations.cpp:
1741         * dfg/DFGOperations.h:
1742         * jit/JIT.h:
1743         * jit/JITInlines.h:
1744         (JSC::JIT::callOperation):
1745         * jit/JITOpcodes.cpp:
1746         (JSC::JIT::emitSlow_op_get_arguments_length):
1747         (JSC::JIT::emitSlow_op_get_argument_by_val):
1748         * jit/JITOpcodes32_64.cpp:
1749         (JSC::JIT::emitSlow_op_get_arguments_length):
1750         (JSC::JIT::emitSlow_op_get_argument_by_val):
1751         * jit/JITOperations.cpp:
1752         * jit/JITOperations.h:
1753         * jit/JITPropertyAccess.cpp:
1754         (JSC::JIT::emitSlow_op_get_by_val):
1755         (JSC::JIT::emitSlow_op_get_by_pname):
1756         (JSC::JIT::privateCompileGetByVal):
1757         * jit/JITPropertyAccess32_64.cpp:
1758         (JSC::JIT::emitSlow_op_get_by_val):
1759         (JSC::JIT::emitSlow_op_get_by_pname):
1760         * jit/JITStubs.cpp:
1761         * jit/JITStubs.h:
1762         * runtime/Executable.cpp:
1763         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1764         * runtime/Options.cpp:
1765         (JSC::Options::initialize):
1766
1767 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1768
1769         Introduce WTF::Bag and start using it for InlineCallFrameSet
1770         https://bugs.webkit.org/show_bug.cgi?id=122941
1771
1772         Reviewed by Geoffrey Garen.
1773         
1774         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1775         SegmentedVectors into Bags as well.
1776
1777         * bytecode/InlineCallFrameSet.cpp:
1778         (JSC::InlineCallFrameSet::add):
1779         * bytecode/InlineCallFrameSet.h:
1780         (JSC::InlineCallFrameSet::begin):
1781         (JSC::InlineCallFrameSet::end):
1782         * dfg/DFGArgumentsSimplificationPhase.cpp:
1783         (JSC::DFG::ArgumentsSimplificationPhase::run):
1784         * dfg/DFGJITCompiler.cpp:
1785         (JSC::DFG::JITCompiler::link):
1786         * dfg/DFGStackLayoutPhase.cpp:
1787         (JSC::DFG::StackLayoutPhase::run):
1788         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1789         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1790
1791 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1792
1793         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1794         https://bugs.webkit.org/show_bug.cgi?id=122905
1795         <rdar://problem/15237856>
1796
1797         Reviewed by Michael Saboff.
1798         
1799         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1800         then always call it to install something that calls CRASH().
1801
1802         * llvm/InitializeLLVM.cpp:
1803         (JSC::llvmCrash):
1804         (JSC::initializeLLVMOnce):
1805         (JSC::initializeLLVM):
1806         * llvm/LLVMAPIFunctions.h:
1807
1808 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1809
1810         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1811         https://bugs.webkit.org/show_bug.cgi?id=122938
1812
1813         Reviewed by Sam Weinig.
1814         
1815         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1816
1817         * jit/Repatch.cpp:
1818         (JSC::tryBuildGetByIDList):
1819
1820 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1821
1822         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1823         https://bugs.webkit.org/show_bug.cgi?id=122937
1824
1825         Reviewed by Geoffrey Garen.
1826         
1827         JITStubCall used to do it.
1828         
1829         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1830
1831         * jit/JIT.h:
1832         (JSC::JIT::appendCall):
1833
1834 2013-10-16  Michael Saboff  <msaboff@apple.com>
1835
1836         transition void cti_op_put_by_val* stubs to JIT operations
1837         https://bugs.webkit.org/show_bug.cgi?id=122903
1838
1839         Reviewed by Geoffrey Garen.
1840
1841         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1842         operationPutByValGeneric.
1843
1844         * jit/CCallHelpers.h:
1845         (JSC::CCallHelpers::setupArgumentsWithExecState):
1846         * jit/JIT.h:
1847         * jit/JITInlines.h:
1848         (JSC::JIT::callOperation):
1849         * jit/JITOperations.cpp:
1850         * jit/JITOperations.h:
1851         * jit/JITPropertyAccess.cpp:
1852         (JSC::JIT::emitSlow_op_put_by_val):
1853         (JSC::JIT::privateCompilePutByVal):
1854         * jit/JITPropertyAccess32_64.cpp:
1855         (JSC::JIT::emitSlow_op_put_by_val):
1856         * jit/JITStubs.cpp:
1857         * jit/JITStubs.h:
1858         * jit/JSInterfaceJIT.h:
1859
1860 2013-10-16  Oliver Hunt  <oliver@apple.com>
1861
1862         Implement ES6 spread operator
1863         https://bugs.webkit.org/show_bug.cgi?id=122911
1864
1865         Reviewed by Michael Saboff.
1866
1867         Implement the ES6 spread operator
1868
1869         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1870         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1871         driven.
1872
1873         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1874         and actually handling the spread.
1875
1876         * bytecompiler/BytecodeGenerator.cpp:
1877         (JSC::BytecodeGenerator::emitNewArray):
1878         (JSC::BytecodeGenerator::emitCall):
1879         (JSC::BytecodeGenerator::emitEnumeration):
1880         * bytecompiler/BytecodeGenerator.h:
1881         * bytecompiler/NodesCodegen.cpp:
1882         (JSC::ArrayNode::emitBytecode):
1883         (JSC::ForOfNode::emitBytecode):
1884         (JSC::SpreadExpressionNode::emitBytecode):
1885         * parser/ASTBuilder.h:
1886         (JSC::ASTBuilder::createSpreadExpression):
1887         * parser/Lexer.cpp:
1888         (JSC::::lex):
1889         * parser/NodeConstructors.h:
1890         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1891         * parser/Nodes.h:
1892         (JSC::ExpressionNode::isSpreadExpression):
1893         (JSC::SpreadExpressionNode::expression):
1894         * parser/Parser.cpp:
1895         (JSC::::parseArrayLiteral):
1896         (JSC::::parseArguments):
1897         (JSC::::parseMemberExpression):
1898         * parser/Parser.h:
1899         (JSC::Parser::getTokenName):
1900         (JSC::Parser::updateErrorMessageSpecialCase):
1901         * parser/ParserTokens.h:
1902         * parser/SyntaxChecker.h:
1903         (JSC::SyntaxChecker::createSpreadExpression):
1904
1905 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1906
1907         Add a useLLInt option to jsc
1908         https://bugs.webkit.org/show_bug.cgi?id=122930
1909
1910         Reviewed by Geoffrey Garen.
1911
1912         * runtime/Executable.cpp:
1913         (JSC::setupLLInt):
1914         (JSC::setupJIT):
1915         (JSC::ScriptExecutable::prepareForExecutionImpl):
1916         * runtime/Options.h:
1917
1918 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1919
1920         Build fix.
1921
1922         Forgot to svn add DeferGC.cpp
1923
1924         * heap/DeferGC.cpp: Added.
1925
1926 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1927
1928         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1929         https://bugs.webkit.org/show_bug.cgi?id=122902
1930
1931         Reviewed by Mark Hahnenberg.
1932         
1933         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1934         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1935         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1936         didn't. Turns out that there's even a helpful method,
1937         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1938
1939         * jit/Repatch.cpp:
1940         (JSC::tryCachePutByID):
1941
1942 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1943
1944         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1945         https://bugs.webkit.org/show_bug.cgi?id=122667
1946
1947         Reviewed by Geoffrey Garen.
1948
1949         The issue this patch is attempting to fix is that there are places in our codebase
1950         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1951         operations that can initiate a garbage collection. Garbage collection then calls 
1952         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1953         always necessarily run during garbage collection). This causes a deadlock.
1954  
1955         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1956         into a thread-local field that indicates that it is unsafe to perform any operation 
1957         that could trigger garbage collection on the current thread. In debug builds, 
1958         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1959         detect deadlocks.
1960  
1961         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1962         which uses the DeferGC mechanism to prevent collections from occurring while the 
1963         lock is held.
1964
1965         * CMakeLists.txt:
1966         * GNUmakefile.list.am:
1967         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1968         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1969         * JavaScriptCore.xcodeproj/project.pbxproj:
1970         * heap/DeferGC.h:
1971         (JSC::DisallowGC::DisallowGC):
1972         (JSC::DisallowGC::~DisallowGC):
1973         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1974         (JSC::DisallowGC::initialize):
1975         * jit/Repatch.cpp:
1976         (JSC::repatchPutByID):
1977         (JSC::buildPutByIdList):
1978         * llint/LLIntSlowPaths.cpp:
1979         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1980         * runtime/ConcurrentJITLock.h:
1981         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1982         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1983         (JSC::ConcurrentJITLockerBase::unlockEarly):
1984         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1985         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1986         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1987         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1988         * runtime/InitializeThreading.cpp:
1989         (JSC::initializeThreadingOnce):
1990         * runtime/JSCellInlines.h:
1991         (JSC::allocateCell):
1992         * runtime/JSSymbolTableObject.h:
1993         (JSC::symbolTablePut):
1994         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1995         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1996         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1997         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1998         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1999         the Structure.
2000         (JSC::Structure::materializePropertyMap):
2001         (JSC::Structure::despecifyDictionaryFunction):
2002         (JSC::Structure::changePrototypeTransition):
2003         (JSC::Structure::despecifyFunctionTransition):
2004         (JSC::Structure::attributeChangeTransition):
2005         (JSC::Structure::toDictionaryTransition):
2006         (JSC::Structure::preventExtensionsTransition):
2007         (JSC::Structure::takePropertyTableOrCloneIfPinned):
2008         (JSC::Structure::isSealed):
2009         (JSC::Structure::isFrozen):
2010         (JSC::Structure::addPropertyWithoutTransition):
2011         (JSC::Structure::removePropertyWithoutTransition):
2012         (JSC::Structure::get):
2013         (JSC::Structure::despecifyFunction):
2014         (JSC::Structure::despecifyAllFunctions):
2015         (JSC::Structure::putSpecificValue):
2016         (JSC::Structure::createPropertyMap):
2017         (JSC::Structure::getPropertyNamesFromStructure):
2018         * runtime/Structure.h:
2019         (JSC::Structure::materializePropertyMapIfNecessary):
2020         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2021         * runtime/StructureInlines.h:
2022         (JSC::Structure::get):
2023         * runtime/SymbolTable.h:
2024         (JSC::SymbolTable::find):
2025         (JSC::SymbolTable::end):
2026
2027 2013-10-16  Daniel Bates  <dabates@apple.com>
2028
2029         Add SPI to disable the garbage collector timer
2030         https://bugs.webkit.org/show_bug.cgi?id=122921
2031
2032         Reviewed by Geoffrey Garen.
2033
2034         Based on a patch by Mark Hahnenberg.
2035
2036         * API/JSBase.cpp:
2037         (JSDisableGCTimer): Added; SPI function.
2038         * API/JSBasePrivate.h:
2039         * heap/BlockAllocator.cpp:
2040         (JSC::createBlockFreeingThread): Added.
2041         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
2042         to conditionally create the "block freeing" thread depending on the value of
2043         GCActivityCallback::s_shouldCreateGCTimer.
2044         (JSC::BlockAllocator::~BlockAllocator):
2045         * heap/BlockAllocator.h:
2046         (JSC::BlockAllocator::deallocate):
2047         * heap/Heap.cpp:
2048         (JSC::Heap::didAbandon):
2049         (JSC::Heap::collect):
2050         (JSC::Heap::didAllocate):
2051         * heap/HeapTimer.cpp:
2052         (JSC::HeapTimer::timerDidFire):
2053         * runtime/GCActivityCallback.cpp:
2054         * runtime/GCActivityCallback.h:
2055         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
2056         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
2057         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
2058
2059 2013-10-16  Commit Queue  <commit-queue@webkit.org>
2060
2061         Unreviewed, rolling out r157529.
2062         http://trac.webkit.org/changeset/157529
2063         https://bugs.webkit.org/show_bug.cgi?id=122919
2064
2065         Caused score test failures and some build failures. (Requested
2066         by rfong on #webkit).
2067
2068         * bytecompiler/BytecodeGenerator.cpp:
2069         (JSC::BytecodeGenerator::emitNewArray):
2070         (JSC::BytecodeGenerator::emitCall):
2071         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
2072         * bytecompiler/BytecodeGenerator.h:
2073         * bytecompiler/NodesCodegen.cpp:
2074         (JSC::ArrayNode::emitBytecode):
2075         (JSC::CallArguments::CallArguments):
2076         (JSC::ForOfNode::emitBytecode):
2077         (JSC::BindingNode::collectBoundIdentifiers):
2078         * parser/ASTBuilder.h:
2079         * parser/Lexer.cpp:
2080         (JSC::::lex):
2081         * parser/NodeConstructors.h:
2082         (JSC::DotAccessorNode::DotAccessorNode):
2083         * parser/Nodes.h:
2084         * parser/Parser.cpp:
2085         (JSC::::parseArrayLiteral):
2086         (JSC::::parseArguments):
2087         (JSC::::parseMemberExpression):
2088         * parser/Parser.h:
2089         (JSC::Parser::getTokenName):
2090         (JSC::Parser::updateErrorMessageSpecialCase):
2091         * parser/ParserTokens.h:
2092         * parser/SyntaxChecker.h:
2093
2094 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2095
2096         Remove useless architecture specific implementation in DFG.
2097         https://bugs.webkit.org/show_bug.cgi?id=122917.
2098
2099         Reviewed by Michael Saboff.
2100
2101         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
2102         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
2103
2104         * dfg/DFGSpeculativeJIT.h:
2105
2106 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2107
2108         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
2109         https://bugs.webkit.org/show_bug.cgi?id=122916.
2110
2111         Reviewed by Michael Saboff.
2112
2113         This architecture specific function is not used anymore, so get rid of it.
2114
2115         * jit/JIT.h:
2116         * jit/JITInlines.h:
2117
2118 2013-10-16  Oliver Hunt  <oliver@apple.com>
2119
2120         Implement ES6 spread operator
2121         https://bugs.webkit.org/show_bug.cgi?id=122911
2122
2123         Reviewed by Michael Saboff.
2124
2125         Implement the ES6 spread operator
2126
2127         This has a little bit of refactoring to move the enumeration logic out ForOfNode
2128         and into BytecodeGenerator, and then adds the logic to make it nicely callback
2129         driven.
2130
2131         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
2132         and actually handling the spread.
2133
2134         * bytecompiler/BytecodeGenerator.cpp:
2135         (JSC::BytecodeGenerator::emitNewArray):
2136         (JSC::BytecodeGenerator::emitCall):
2137         (JSC::BytecodeGenerator::emitEnumeration):
2138         * bytecompiler/BytecodeGenerator.h:
2139         * bytecompiler/NodesCodegen.cpp:
2140         (JSC::ArrayNode::emitBytecode):
2141         (JSC::ForOfNode::emitBytecode):
2142         (JSC::SpreadExpressionNode::emitBytecode):
2143         * parser/ASTBuilder.h:
2144         (JSC::ASTBuilder::createSpreadExpression):
2145         * parser/Lexer.cpp:
2146         (JSC::::lex):
2147         * parser/NodeConstructors.h:
2148         (JSC::SpreadExpressionNode::SpreadExpressionNode):
2149         * parser/Nodes.h:
2150         (JSC::ExpressionNode::isSpreadExpression):
2151         (JSC::SpreadExpressionNode::expression):
2152         * parser/Parser.cpp:
2153         (JSC::::parseArrayLiteral):
2154         (JSC::::parseArguments):
2155         (JSC::::parseMemberExpression):
2156         * parser/Parser.h:
2157         (JSC::Parser::getTokenName):
2158         (JSC::Parser::updateErrorMessageSpecialCase):
2159         * parser/ParserTokens.h:
2160         * parser/SyntaxChecker.h:
2161         (JSC::SyntaxChecker::createSpreadExpression):
2162
2163 2013-10-16  Mark Lam  <mark.lam@apple.com>
2164
2165         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
2166         https://bugs.webkit.org/show_bug.cgi?id=122899.
2167
2168         Reviewed by Michael Saboff.
2169
2170         * jit/JITOpcodes32_64.cpp:
2171         (JSC::JIT::emit_op_tear_off_activation):
2172         (JSC::JIT::emit_op_tear_off_arguments):
2173         * jit/JITStubs.cpp:
2174         * jit/JITStubs.h:
2175
2176 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2177
2178         Remove more of the UNINTERRUPTED_SEQUENCE thing
2179         https://bugs.webkit.org/show_bug.cgi?id=122885
2180
2181         Reviewed by Andreas Kling.
2182
2183         It was not completely removed by r157481, leading to build failure for sh4 architecture.
2184
2185         * jit/JIT.h:
2186         * jit/JITInlines.h:
2187
2188 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2189
2190         Get rid of the StructureStubInfo::patch union
2191         https://bugs.webkit.org/show_bug.cgi?id=122877
2192
2193         Reviewed by Sam Weinig.
2194         
2195         Just simplifying code by getting rid of data structures that ain't used no more.
2196         
2197         Note that I replace the patch union with a patch struct. This means we say things like
2198         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
2199         encapsulation makes the code more readable: the patch struct contains just those things
2200         that you need to know to perform patching.
2201
2202         * bytecode/StructureStubInfo.h:
2203         * dfg/DFGJITCompiler.cpp:
2204         (JSC::DFG::JITCompiler::link):
2205         * jit/JIT.cpp:
2206         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2207         * jit/Repatch.cpp:
2208         (JSC::repatchByIdSelfAccess):
2209         (JSC::replaceWithJump):
2210         (JSC::linkRestoreScratch):
2211         (JSC::generateProtoChainAccessStub):
2212         (JSC::tryCacheGetByID):
2213         (JSC::getPolymorphicStructureList):
2214         (JSC::patchJumpToGetByIdStub):
2215         (JSC::tryBuildGetByIDList):
2216         (JSC::emitPutReplaceStub):
2217         (JSC::emitPutTransitionStub):
2218         (JSC::tryCachePutByID):
2219         (JSC::tryBuildPutByIdList):
2220         (JSC::tryRepatchIn):
2221         (JSC::resetGetByID):
2222         (JSC::resetPutByID):
2223         (JSC::resetIn):
2224
2225 2013-10-15  Nadav Rotem  <nrotem@apple.com>
2226
2227         FTL: add support for Int52ToValue and fix putByVal of int52s.
2228         https://bugs.webkit.org/show_bug.cgi?id=122873
2229
2230         Reviewed by Filip Pizlo.
2231
2232         * ftl/FTLCapabilities.cpp:
2233         (JSC::FTL::canCompile):
2234         * ftl/FTLLowerDFGToLLVM.cpp:
2235         (JSC::FTL::LowerDFGToLLVM::compileNode):
2236         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
2237         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2238
2239 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2240
2241         Get rid of the UNINTERRUPTED_SEQUENCE thing
2242         https://bugs.webkit.org/show_bug.cgi?id=122876
2243
2244         Reviewed by Mark Hahnenberg.
2245         
2246         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
2247         
2248         Moreover, we should resist the temptation to bring anything like this back. We don't
2249         want to have inline caches that only work if the assembler lays out code in a specific
2250         predetermined way.
2251
2252         * jit/JIT.h:
2253         * jit/JITCall.cpp:
2254         (JSC::JIT::compileOpCall):
2255         * jit/JITCall32_64.cpp:
2256         (JSC::JIT::compileOpCall):
2257
2258 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2259
2260         Baseline JIT should use the DFG GetById IC
2261         https://bugs.webkit.org/show_bug.cgi?id=122861
2262
2263         Reviewed by Oliver Hunt.
2264         
2265         This mostly just kills a ton of code.
2266         
2267         Note that this doesn't yet do all of the simplifications that can be done, but it does
2268         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
2269
2270         * bytecode/CodeBlock.cpp:
2271         (JSC::CodeBlock::resetStubInternal):
2272         * jit/JIT.cpp:
2273         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2274         * jit/JIT.h:
2275         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2276         * jit/JITInlines.h:
2277         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2278         (JSC::JIT::callOperation):
2279         * jit/JITPropertyAccess.cpp:
2280         (JSC::JIT::compileGetByIdHotPath):
2281         (JSC::JIT::emitSlow_op_get_by_id):
2282         (JSC::JIT::emitSlow_op_get_from_scope):
2283         * jit/JITPropertyAccess32_64.cpp:
2284         (JSC::JIT::compileGetByIdHotPath):
2285         (JSC::JIT::emitSlow_op_get_by_id):
2286         (JSC::JIT::emitSlow_op_get_from_scope):
2287         * jit/JITStubs.cpp:
2288         * jit/JITStubs.h:
2289         * jit/Repatch.cpp:
2290         (JSC::repatchGetByID):
2291         (JSC::buildGetByIDList):
2292         * jit/ThunkGenerators.cpp:
2293         * jit/ThunkGenerators.h:
2294
2295 2013-10-15  Dean Jackson  <dino@apple.com>
2296
2297         Add ENABLE_WEB_ANIMATIONS flag
2298         https://bugs.webkit.org/show_bug.cgi?id=122871
2299
2300         Reviewed by Tim Horton.
2301
2302         Eventually might be http://dev.w3.org/fxtf/web-animations/
2303         but this is just engine-internal work at the moment.
2304
2305         * Configurations/FeatureDefines.xcconfig:
2306
2307 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2308
2309         [sh4] Some calls don't match sh4 ABI.
2310         https://bugs.webkit.org/show_bug.cgi?id=122863
2311
2312         Reviewed by Michael Saboff.
2313
2314         * dfg/DFGSpeculativeJIT.h:
2315         (JSC::DFG::SpeculativeJIT::callOperation):
2316         * jit/CCallHelpers.h:
2317         (JSC::CCallHelpers::setupArgumentsWithExecState):
2318         * jit/JITInlines.h:
2319         (JSC::JIT::callOperation):
2320
2321 2013-10-15  Daniel Bates  <dabates@apple.com>
2322
2323         [iOS] Upstream JavaScriptCore support for ARM64
2324         https://bugs.webkit.org/show_bug.cgi?id=122762
2325
2326         Reviewed by Oliver Hunt and Filip Pizlo.
2327
2328         * Configurations/Base.xcconfig:
2329         * Configurations/DebugRelease.xcconfig:
2330         * Configurations/JavaScriptCore.xcconfig:
2331         * Configurations/ToolExecutable.xcconfig:
2332         * JavaScriptCore.xcodeproj/project.pbxproj:
2333         * assembler/ARM64Assembler.h: Added.
2334         * assembler/AbstractMacroAssembler.h:
2335         (JSC::isARM64):
2336         (JSC::AbstractMacroAssembler::Label::Label):
2337         (JSC::AbstractMacroAssembler::Jump::Jump):
2338         (JSC::AbstractMacroAssembler::Jump::link):
2339         (JSC::AbstractMacroAssembler::Jump::linkTo):
2340         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2341         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
2342         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
2343         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
2344         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
2345         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
2346         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
2347         (JSC::AbstractMacroAssembler::isTempRegisterValid):
2348         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
2349         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2350         * assembler/LinkBuffer.cpp:
2351         (JSC::LinkBuffer::copyCompactAndLinkCode):
2352         (JSC::LinkBuffer::linkCode):
2353         * assembler/LinkBuffer.h:
2354         * assembler/MacroAssembler.h:
2355         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2356         (JSC::MacroAssembler::pushToSave):
2357         (JSC::MacroAssembler::popToRestore):
2358         (JSC::MacroAssembler::patchableBranchTest32):
2359         * assembler/MacroAssemblerARM64.h: Added.
2360         * assembler/MacroAssemblerARMv7.h:
2361         * dfg/DFGFixupPhase.cpp:
2362         (JSC::DFG::FixupPhase::fixupNode):
2363         * dfg/DFGOSRExitCompiler32_64.cpp:
2364         (JSC::DFG::OSRExitCompiler::compileExit):
2365         * dfg/DFGOSRExitCompiler64.cpp:
2366         (JSC::DFG::OSRExitCompiler::compileExit):
2367         * dfg/DFGSpeculativeJIT.cpp:
2368         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2369         (JSC::DFG::SpeculativeJIT::compileArithMod):
2370         * disassembler/ARM64/A64DOpcode.cpp: Added.
2371         * disassembler/ARM64/A64DOpcode.h: Added.
2372         * disassembler/ARM64Disassembler.cpp: Added.
2373         * heap/MachineStackMarker.cpp:
2374         (JSC::getPlatformThreadRegisters):
2375         (JSC::otherThreadStackPointer):
2376         * heap/Region.h:
2377         * jit/AssemblyHelpers.h:
2378         (JSC::AssemblyHelpers::debugCall):
2379         * jit/CCallHelpers.h:
2380         * jit/ExecutableAllocator.h:
2381         * jit/FPRInfo.h:
2382         (JSC::FPRInfo::toRegister):
2383         (JSC::FPRInfo::toIndex):
2384         (JSC::FPRInfo::debugName):
2385         * jit/GPRInfo.h:
2386         (JSC::GPRInfo::toRegister):
2387         (JSC::GPRInfo::toIndex):
2388         (JSC::GPRInfo::debugName):
2389         * jit/JITInlines.h:
2390         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2391         * jit/JITOperationWrappers.h:
2392         * jit/JITOperations.cpp:
2393         * jit/JITStubs.cpp:
2394         (JSC::performPlatformSpecificJITAssertions):
2395         (JSC::tryCachePutByID):
2396         * jit/JITStubs.h:
2397         (JSC::JITStackFrame::returnAddressSlot):
2398         * jit/JITStubsARM64.h: Added.
2399         * jit/JSInterfaceJIT.h:
2400         * jit/Repatch.cpp:
2401         (JSC::emitRestoreScratch):
2402         (JSC::generateProtoChainAccessStub):
2403         (JSC::tryCacheGetByID):
2404         (JSC::emitPutReplaceStub):
2405         (JSC::tryCachePutByID):
2406         (JSC::tryRepatchIn):
2407         * jit/ScratchRegisterAllocator.h:
2408         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2409         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2410         * jit/ThunkGenerators.cpp:
2411         (JSC::nativeForGenerator):
2412         (JSC::floorThunkGenerator):
2413         (JSC::ceilThunkGenerator):
2414         * jsc.cpp:
2415         (main):
2416         * llint/LLIntOfflineAsmConfig.h:
2417         * llint/LLIntSlowPaths.cpp:
2418         (JSC::LLInt::handleHostCall):
2419         * llint/LowLevelInterpreter.asm:
2420         * llint/LowLevelInterpreter64.asm:
2421         * offlineasm/arm.rb:
2422         * offlineasm/arm64.rb: Added.
2423         * offlineasm/backends.rb:
2424         * offlineasm/instructions.rb:
2425         * offlineasm/risc.rb:
2426         * offlineasm/transform.rb:
2427         * yarr/YarrJIT.cpp:
2428         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2429         (JSC::Yarr::YarrGenerator::initCallFrame):
2430         (JSC::Yarr::YarrGenerator::removeCallFrame):
2431         (JSC::Yarr::YarrGenerator::generateEnter):
2432         * yarr/YarrJIT.h:
2433
2434 2013-10-15  Mark Lam  <mark.lam@apple.com>
2435
2436         Fix 3 operand sub operation in C loop LLINT.
2437         https://bugs.webkit.org/show_bug.cgi?id=122866.
2438
2439         Reviewed by Geoffrey Garen.
2440
2441         * offlineasm/cloop.rb:
2442
2443 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2444
2445         ObjCCallbackFunctionImpl shouldn't store a JSContext
2446         https://bugs.webkit.org/show_bug.cgi?id=122531
2447
2448         Reviewed by Geoffrey Garen.
2449
2450         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2451         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2452         by looking using the globalObject of the callee when the function callback is invoked.
2453  
2454         Also added a new test that would cause us to crash previously. The test required making 
2455         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2456         in C API callbacks.
2457
2458         * API/JSContextRef.h:
2459         * API/JSContextRefPrivate.h:
2460         * API/ObjCCallbackFunction.mm:
2461         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2462         (JSC::objCCallbackFunctionCallAsFunction):
2463         (objCCallbackFunctionForInvocation):
2464         * API/WebKitAvailability.h:
2465         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2466         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2467         (CallAsConstructor):
2468         (ConstructorFinalize):
2469         (ConstructorClass):
2470         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2471         (-[JSContext valueWithConstructorDescriptor:]):
2472         (currentThisInsideBlockGetterTest):
2473         * API/tests/testapi.mm:
2474         * JavaScriptCore.xcodeproj/project.pbxproj:
2475         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2476
2477 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2478
2479         Fix build after r157457 for architecture with 4 argument registers.
2480         https://bugs.webkit.org/show_bug.cgi?id=122860
2481
2482         Reviewed by Michael Saboff.
2483
2484         * jit/CCallHelpers.h:
2485         (JSC::CCallHelpers::setupStubArguments134):
2486
2487 2013-10-14  Michael Saboff  <msaboff@apple.com>
2488
2489         transition void cti_op_* methods to JIT operations.
2490         https://bugs.webkit.org/show_bug.cgi?id=122617
2491
2492         Reviewed by Geoffrey Garen.
2493
2494         Converted the follow stubs to JIT operations:
2495             cti_handle_watchdog_timer
2496             cti_op_debug
2497             cti_op_pop_scope
2498             cti_op_profile_did_call
2499             cti_op_profile_will_call
2500             cti_op_put_by_index
2501             cti_op_put_getter_setter
2502             cti_op_tear_off_activation
2503             cti_op_tear_off_arguments
2504             cti_op_throw_static_error
2505             cti_optimize
2506
2507         * dfg/DFGOperations.cpp:
2508         * dfg/DFGOperations.h:
2509         * jit/CCallHelpers.h:
2510         (JSC::CCallHelpers::setupArgumentsWithExecState):
2511         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2512         (JSC::CCallHelpers::setupStubArguments):
2513         (JSC::CCallHelpers::setupStubArguments134):
2514         * jit/JIT.cpp:
2515         (JSC::JIT::emitEnterOptimizationCheck):
2516         * jit/JIT.h:
2517         * jit/JITInlines.h:
2518         (JSC::JIT::callOperation):
2519         * jit/JITOpcodes.cpp:
2520         (JSC::JIT::emit_op_tear_off_activation):
2521         (JSC::JIT::emit_op_tear_off_arguments):
2522         (JSC::JIT::emit_op_push_with_scope):
2523         (JSC::JIT::emit_op_pop_scope):
2524         (JSC::JIT::emit_op_push_name_scope):
2525         (JSC::JIT::emit_op_throw_static_error):
2526         (JSC::JIT::emit_op_debug):
2527         (JSC::JIT::emit_op_profile_will_call):
2528         (JSC::JIT::emit_op_profile_did_call):
2529         (JSC::JIT::emitSlow_op_loop_hint):
2530         * jit/JITOpcodes32_64.cpp:
2531         (JSC::JIT::emit_op_push_with_scope):
2532         (JSC::JIT::emit_op_pop_scope):
2533         (JSC::JIT::emit_op_push_name_scope):
2534         (JSC::JIT::emit_op_throw_static_error):
2535         (JSC::JIT::emit_op_debug):
2536         (JSC::JIT::emit_op_profile_will_call):
2537         (JSC::JIT::emit_op_profile_did_call):
2538         * jit/JITOperations.cpp:
2539         * jit/JITOperations.h:
2540         * jit/JITPropertyAccess.cpp:
2541         (JSC::JIT::emit_op_put_by_index):
2542         (JSC::JIT::emit_op_put_getter_setter):
2543         * jit/JITPropertyAccess32_64.cpp:
2544         (JSC::JIT::emit_op_put_by_index):
2545         (JSC::JIT::emit_op_put_getter_setter):
2546         * jit/JITStubs.cpp:
2547         * jit/JITStubs.h:
2548
2549 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2550
2551         [sh4] Introduce const pools in LLINT.
2552         https://bugs.webkit.org/show_bug.cgi?id=122746
2553
2554         Reviewed by Michael Saboff.
2555
2556         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2557         loaded this way:
2558
2559             mov.l .label, rx
2560             bra out
2561             nop
2562             .balign 4
2563             .label: .long immvalue
2564             out:
2565
2566         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2567         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2568
2569         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2570         * offlineasm/sh4.rb:
2571
2572 2013-10-15  Mark Lam  <mark.lam@apple.com>
2573
2574         Fix broken C Loop LLINT build.
2575         https://bugs.webkit.org/show_bug.cgi?id=122839.
2576
2577         Reviewed by Michael Saboff.
2578
2579         * dfg/DFGFlushedAt.cpp:
2580         * jit/JITOperations.h:
2581
2582 2013-10-14  Mark Lam  <mark.lam@apple.com>
2583
2584         Transition *switch* and *scope* JITStubs to JIT operations.
2585         https://bugs.webkit.org/show_bug.cgi?id=122757.
2586
2587         Reviewed by Geoffrey Garen.
2588
2589         Transitioning:
2590             cti_op_switch_char
2591             cti_op_switch_imm
2592             cti_op_switch_string
2593             cti_op_resolve_scope
2594             cti_op_get_from_scope
2595             cti_op_put_to_scope
2596
2597         * jit/JIT.h:
2598         * jit/JITInlines.h:
2599         (JSC::JIT::callOperation):
2600         * jit/JITOpcodes.cpp:
2601         (JSC::JIT::emit_op_switch_imm):
2602         (JSC::JIT::emit_op_switch_char):
2603         (JSC::JIT::emit_op_switch_string):
2604         * jit/JITOpcodes32_64.cpp:
2605         (JSC::JIT::emit_op_switch_imm):
2606         (JSC::JIT::emit_op_switch_char):
2607         (JSC::JIT::emit_op_switch_string):
2608         * jit/JITOperations.cpp:
2609         * jit/JITOperations.h:
2610         * jit/JITPropertyAccess.cpp:
2611         (JSC::JIT::emitSlow_op_resolve_scope):
2612         (JSC::JIT::emitSlow_op_get_from_scope):
2613         (JSC::JIT::emitSlow_op_put_to_scope):
2614         * jit/JITPropertyAccess32_64.cpp:
2615         (JSC::JIT::emitSlow_op_resolve_scope):
2616         (JSC::JIT::emitSlow_op_get_from_scope):
2617         (JSC::JIT::emitSlow_op_put_to_scope):
2618         * jit/JITStubs.cpp:
2619         * jit/JITStubs.h:
2620
2621 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2622
2623         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2624         https://bugs.webkit.org/show_bug.cgi?id=122786
2625
2626         Reviewed by Mark Hahnenberg.
2627
2628         * bytecode/CodeBlock.cpp:
2629         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2630         * jit/Repatch.cpp:
2631         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2632         (JSC::buildPutByIdList): Ditto.
2633
2634 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2635
2636         Add FTL support for LogicalNot(string)
2637         https://bugs.webkit.org/show_bug.cgi?id=122765
2638
2639         Reviewed by Filip Pizlo.
2640
2641         This patch is tested by:
2642         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2643
2644         * ftl/FTLCapabilities.cpp:
2645         (JSC::FTL::canCompile):
2646         * ftl/FTLLowerDFGToLLVM.cpp:
2647         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2648
2649 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2650
2651         [sh4] Fixes after r157404 and r157411.
2652         https://bugs.webkit.org/show_bug.cgi?id=122782
2653
2654         Reviewed by Michael Saboff.
2655
2656         * dfg/DFGSpeculativeJIT.h:
2657         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2658         * jit/CCallHelpers.h:
2659         (JSC::CCallHelpers::setupArgumentsWithExecState):
2660         * jit/JITInlines.h:
2661         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2662         * jit/JITPropertyAccess32_64.cpp:
2663         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2664
2665 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2666
2667         Unreviewed, rolling out r157413.
2668         http://trac.webkit.org/changeset/157413
2669         https://bugs.webkit.org/show_bug.cgi?id=122779
2670
2671         Appears to have caused frequent crashes (Requested by ap on
2672         #webkit).
2673
2674         * CMakeLists.txt:
2675         * GNUmakefile.list.am:
2676         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2677         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2678         * JavaScriptCore.xcodeproj/project.pbxproj:
2679         * heap/DeferGC.cpp: Removed.
2680         * heap/DeferGC.h:
2681         * jit/JITStubs.cpp:
2682         (JSC::tryCacheGetByID):
2683         (JSC::DEFINE_STUB_FUNCTION):
2684         * llint/LLIntSlowPaths.cpp:
2685         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2686         * runtime/ConcurrentJITLock.h:
2687         * runtime/InitializeThreading.cpp:
2688         (JSC::initializeThreadingOnce):
2689         * runtime/JSCellInlines.h:
2690         (JSC::allocateCell):
2691         * runtime/Structure.cpp:
2692         (JSC::Structure::materializePropertyMap):
2693         (JSC::Structure::putSpecificValue):
2694         (JSC::Structure::createPropertyMap):
2695         * runtime/Structure.h:
2696
2697 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2698
2699         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2700         https://bugs.webkit.org/show_bug.cgi?id=122652
2701
2702         Reviewed by Filip Pizlo.
2703
2704         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2705         so we would end up ASSERTing during garbage collection.
2706
2707         * heap/MarkedAllocator.cpp:
2708         (JSC::MarkedAllocator::allocateSlowCase):
2709
2710 2013-10-11  Oliver Hunt  <oliver@apple.com>
2711
2712         Separate out array iteration intrinsics
2713         https://bugs.webkit.org/show_bug.cgi?id=122656
2714
2715         Reviewed by Michael Saboff.
2716
2717         Separate out the intrinsics for key and values iteration
2718         of arrays.
2719
2720         This requires moving moving array iteration into the iterator
2721         instance, rather than the prototype, but this is essentially
2722         unobservable so we'll live with it for now.
2723
2724         * jit/ThunkGenerators.cpp:
2725         (JSC::arrayIteratorNextThunkGenerator):
2726         (JSC::arrayIteratorNextKeyThunkGenerator):
2727         (JSC::arrayIteratorNextValueThunkGenerator):
2728         * jit/ThunkGenerators.h:
2729         * runtime/ArrayIteratorPrototype.cpp:
2730         (JSC::ArrayIteratorPrototype::finishCreation):
2731         * runtime/Intrinsic.h:
2732         * runtime/JSArrayIterator.cpp:
2733         (JSC::JSArrayIterator::finishCreation):
2734         (JSC::createIteratorResult):
2735         (JSC::arrayIteratorNext):
2736         (JSC::arrayIteratorNextKey):
2737         (JSC::arrayIteratorNextValue):
2738         (JSC::arrayIteratorNextGeneric):
2739         * runtime/VM.cpp:
2740         (JSC::thunkGeneratorForIntrinsic):
2741
2742 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2743
2744         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2745         https://bugs.webkit.org/show_bug.cgi?id=122667
2746
2747         Reviewed by Filip Pizlo.
2748
2749         The issue this patch is attempting to fix is that there are places in our codebase
2750         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2751         operations that can initiate a garbage collection. Garbage collection then calls 
2752         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2753         always necessarily run during garbage collection). This causes a deadlock.
2754
2755         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2756         into a thread-local field that indicates that it is unsafe to perform any operation 
2757         that could trigger garbage collection on the current thread. In debug builds, 
2758         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2759         detect deadlocks.
2760
2761         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2762         which uses the DeferGC mechanism to prevent collections from occurring while the 
2763         lock is held.
2764
2765         * CMakeLists.txt:
2766         * GNUmakefile.list.am:
2767         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2768         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2769         * JavaScriptCore.xcodeproj/project.pbxproj:
2770         * heap/DeferGC.cpp: Added.
2771         * heap/DeferGC.h:
2772         (JSC::DisallowGC::DisallowGC):
2773         (JSC::DisallowGC::~DisallowGC):
2774         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2775         (JSC::DisallowGC::initialize):
2776         * jit/JITStubs.cpp:
2777         (JSC::tryCachePutByID):
2778         (JSC::tryCacheGetByID):
2779         (JSC::DEFINE_STUB_FUNCTION):
2780         * llint/LLIntSlowPaths.cpp:
2781         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2782         * runtime/ConcurrentJITLock.h:
2783         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2784         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2785         (JSC::ConcurrentJITLockerBase::unlockEarly):
2786         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2787         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2788         * runtime/InitializeThreading.cpp:
2789         (JSC::initializeThreadingOnce):
2790         * runtime/JSCellInlines.h:
2791         (JSC::allocateCell):
2792         * runtime/Structure.cpp:
2793         (JSC::Structure::materializePropertyMap):
2794         (JSC::Structure::putSpecificValue):
2795         (JSC::Structure::createPropertyMap):
2796         * runtime/Structure.h:
2797
2798 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2799
2800         Baseline JIT should use the DFG's PutById IC
2801         https://bugs.webkit.org/show_bug.cgi?id=122704
2802
2803         Reviewed by Mark Hahnenberg.
2804         
2805         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2806         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2807         
2808         The only complicated part was that the PutById operations assumed that we first did a
2809         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2810         slow paths to deal with EncodedJSValue's.
2811
2812         * bytecode/CodeBlock.cpp:
2813         (JSC::CodeBlock::resetStubInternal):
2814         * bytecode/PutByIdStatus.cpp:
2815         (JSC::PutByIdStatus::computeFor):
2816         * dfg/DFGSpeculativeJIT.h:
2817         (JSC::DFG::SpeculativeJIT::callOperation):
2818         * dfg/DFGSpeculativeJIT32_64.cpp:
2819         (JSC::DFG::SpeculativeJIT::cachedPutById):
2820         * dfg/DFGSpeculativeJIT64.cpp:
2821         (JSC::DFG::SpeculativeJIT::cachedPutById):
2822         * jit/CCallHelpers.h:
2823         (JSC::CCallHelpers::setupArgumentsWithExecState):
2824         * jit/JIT.cpp:
2825         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2826         * jit/JIT.h:
2827         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2828         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2829         * jit/JITInlines.h:
2830         (JSC::JIT::callOperation):
2831         * jit/JITOperationWrappers.h:
2832         * jit/JITOperations.cpp:
2833         * jit/JITOperations.h:
2834         * jit/JITPropertyAccess.cpp:
2835         (JSC::JIT::compileGetByIdHotPath):
2836         (JSC::JIT::compileGetByIdSlowCase):
2837         (JSC::JIT::emit_op_put_by_id):
2838         (JSC::JIT::emitSlow_op_put_by_id):
2839         * jit/JITPropertyAccess32_64.cpp:
2840         (JSC::JIT::compileGetByIdSlowCase):
2841         (JSC::JIT::emit_op_put_by_id):
2842         (JSC::JIT::emitSlow_op_put_by_id):
2843         * jit/JITStubs.cpp:
2844         * jit/JITStubs.h:
2845         * jit/Repatch.cpp:
2846         (JSC::appropriateGenericPutByIdFunction):
2847         (JSC::appropriateListBuildingPutByIdFunction):
2848         (JSC::resetPutByID):
2849
2850 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2851
2852         FTL should have an inefficient but correct implementation of GetById
2853         https://bugs.webkit.org/show_bug.cgi?id=122740
2854
2855         Reviewed by Mark Hahnenberg.
2856         
2857         It took some effort to realize that the node->prediction() check in the DFG backends
2858         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2859         if !prediction.
2860         
2861         But other than that this was an easy patch.
2862
2863         * dfg/DFGByteCodeParser.cpp:
2864         (JSC::DFG::ByteCodeParser::handleGetById):
2865         * dfg/DFGSpeculativeJIT32_64.cpp:
2866         (JSC::DFG::SpeculativeJIT::compile):
2867         * dfg/DFGSpeculativeJIT64.cpp:
2868         (JSC::DFG::SpeculativeJIT::compile):
2869         * ftl/FTLCapabilities.cpp:
2870         (JSC::FTL::canCompile):
2871         * ftl/FTLIntrinsicRepository.h:
2872         * ftl/FTLLowerDFGToLLVM.cpp:
2873         (JSC::FTL::LowerDFGToLLVM::compileNode):
2874         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2875
2876 2013-10-13  Mark Lam  <mark.lam@apple.com>
2877
2878         Transition misc cti_op_* JITStubs to JIT operations.
2879         https://bugs.webkit.org/show_bug.cgi?id=122645.
2880
2881         Reviewed by Michael Saboff.
2882
2883         Stubs converted:
2884             cti_op_check_has_instance
2885             cti_op_create_arguments
2886             cti_op_del_by_id
2887             cti_op_instanceof
2888             cti_to_object
2889             cti_op_push_activation
2890             cti_op_get_pnames
2891             cti_op_load_varargs
2892
2893         * dfg/DFGOperations.cpp:
2894         * dfg/DFGOperations.h:
2895         * jit/CCallHelpers.h:
2896         (JSC::CCallHelpers::setupArgumentsWithExecState):
2897         * jit/JIT.h:
2898         (JSC::JIT::emitStoreCell):
2899         * jit/JITCall.cpp:
2900         (JSC::JIT::compileLoadVarargs):
2901         * jit/JITCall32_64.cpp:
2902         (JSC::JIT::compileLoadVarargs):
2903         * jit/JITInlines.h:
2904         (JSC::JIT::callOperation):
2905         * jit/JITOpcodes.cpp:
2906         (JSC::JIT::emit_op_get_pnames):
2907         (JSC::JIT::emit_op_create_activation):
2908         (JSC::JIT::emit_op_create_arguments):
2909         (JSC::JIT::emitSlow_op_check_has_instance):
2910         (JSC::JIT::emitSlow_op_instanceof):
2911         (JSC::JIT::emitSlow_op_get_argument_by_val):
2912         * jit/JITOpcodes32_64.cpp:
2913         (JSC::JIT::emitSlow_op_check_has_instance):
2914         (JSC::JIT::emitSlow_op_instanceof):
2915         (JSC::JIT::emit_op_get_pnames):
2916         (JSC::JIT::emit_op_create_activation):
2917         (JSC::JIT::emit_op_create_arguments):
2918         (JSC::JIT::emitSlow_op_get_argument_by_val):
2919         * jit/JITOperations.cpp:
2920         * jit/JITOperations.h:
2921         * jit/JITPropertyAccess.cpp:
2922         (JSC::JIT::emit_op_del_by_id):
2923         * jit/JITPropertyAccess32_64.cpp:
2924         (JSC::JIT::emit_op_del_by_id):
2925         * jit/JITStubs.cpp:
2926         * jit/JITStubs.h:
2927
2928 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2929
2930         FTL OSR exit should perform zero extension on values smaller than 64-bit
2931         https://bugs.webkit.org/show_bug.cgi?id=122688
2932
2933         Reviewed by Gavin Barraclough.
2934         
2935         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2936         register will have zeros on the high bits.  In the few cases where the high bits are
2937         non-zero, the DFG sort of tells us this explicitly.
2938
2939         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2940         emit LLVM IR like:
2941
2942             %2 = trunc i64 %1 to i32
2943             stuff %2
2944             call @llvm.webkit.stackmap(...., %2)
2945
2946         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2947         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2948         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2949         from before truncation, and that register may have garbage in the high bits.
2950
2951         This means that on our end, if we want a 32-bit value and we want that value to be
2952         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2953         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2954         end.
2955         
2956         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2957
2958         * ftl/FTLOSRExitCompiler.cpp:
2959         (JSC::FTL::compileStubWithOSRExitStackmap):
2960         * ftl/FTLValueFormat.cpp:
2961         (JSC::FTL::reboxAccordingToFormat):
2962
2963 == Rolled over to ChangeLog-2013-10-13 ==