[JSC] Remove gcc warnings on mips and armv7
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
2
3         [JSC] Remove gcc warnings on mips and armv7
4         https://bugs.webkit.org/show_bug.cgi?id=188598
5
6         Reviewed by Mark Lam.
7
8         Fix many gcc/clang warnings that are false positives, mostly alignment
9         issues.
10
11         * assembler/MacroAssemblerPrinter.cpp:
12         (JSC::Printer::printMemory):
13         Use bitwise_cast instead of reinterpret_cast.
14         * assembler/testmasm.cpp:
15         (JSC::floatOperands):
16         marked as potentially unused as it is not used on all platforms.
17         (JSC::testProbeModifiesStackValues):
18         modifiedFlags is not used on mips, so don't declare it.
19         * bytecode/CodeBlock.h:
20         Make ScriptExecutable::prepareForExecution() return an
21         std::optional<Exception*> instead of a JSObject*.
22         * interpreter/Interpreter.cpp:
23         (JSC::Interpreter::executeProgram):
24         (JSC::Interpreter::executeCall):
25         (JSC::Interpreter::executeConstruct):
26         (JSC::Interpreter::prepareForRepeatCall):
27         (JSC::Interpreter::execute):
28         (JSC::Interpreter::executeModuleProgram):
29         Update calling code for the prototype change of
30         ScriptExecutable::prepareForExecution().
31         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
32         * llint/LLIntSlowPaths.cpp:
33         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
34         * runtime/JSBigInt.cpp:
35         (JSC::JSBigInt::dataStorage):
36         Use bitwise_cast instead of reinterpret_cast.
37         * runtime/ScriptExecutable.cpp:
38         * runtime/ScriptExecutable.h:
39         Make ScriptExecutable::prepareForExecution() return an
40         std::optional<Exception*> instead of a JSObject*.
41         * tools/JSDollarVM.cpp:
42         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
43
44 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
45
46         Use currentStackPointer more
47         https://bugs.webkit.org/show_bug.cgi?id=190503
48
49         Reviewed by Saam Barati.
50
51         * runtime/VM.cpp:
52         (JSC::VM::committedStackByteCount):
53
54 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
55
56         [JSC] JSC should have "parseFunction" to optimize Function constructor
57         https://bugs.webkit.org/show_bug.cgi?id=190340
58
59         Reviewed by Mark Lam.
60
61         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
62         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
63         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
64         is really costly and ideally we should meet the above requirement by the one time parsing.
65
66         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
67         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
68         For example, if we run the code,
69
70             Function('/*', '*/){')
71
72         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
73         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
74         that, in our implementation, we first create the entire string.
75
76             function anonymous(/*) {
77                 */){
78             }
79
80         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
81         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
82         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
83         above example while we parse the entire function only once. And we do not need to create two strings too.
84
85         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
86         significantly sped up (28.2%).
87
88         Before:
89             uglify-js:  2.94 runs/s
90         After:
91             uglify-js:  3.77 runs/s
92
93         * bytecode/UnlinkedFunctionExecutable.cpp:
94         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
95         * bytecode/UnlinkedFunctionExecutable.h:
96         * parser/Parser.cpp:
97         (JSC::Parser<LexerType>::parseInner):
98         (JSC::Parser<LexerType>::parseSingleFunction):
99         (JSC::Parser<LexerType>::parseFunctionInfo):
100         (JSC::Parser<LexerType>::parseFunctionDeclaration):
101         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
102         (JSC::Parser<LexerType>::parseClass):
103         (JSC::Parser<LexerType>::parsePropertyMethod):
104         (JSC::Parser<LexerType>::parseGetterSetter):
105         (JSC::Parser<LexerType>::parseFunctionExpression):
106         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
107         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
108         * parser/Parser.h:
109         (JSC::Parser<LexerType>::parse):
110         (JSC::parse):
111         (JSC::parseFunctionForFunctionConstructor):
112         * parser/ParserModes.h:
113         * parser/ParserTokens.h:
114         (JSC::JSTextPosition::JSTextPosition):
115         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
116         * parser/SourceCodeKey.h:
117         (JSC::SourceCodeKey::SourceCodeKey):
118         (JSC::SourceCodeKey::operator== const):
119         * runtime/CodeCache.cpp:
120         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
121         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
122         * runtime/CodeCache.h:
123         * runtime/FunctionConstructor.cpp:
124         (JSC::constructFunctionSkippingEvalEnabledCheck):
125         * runtime/FunctionExecutable.cpp:
126         (JSC::FunctionExecutable::fromGlobalCode):
127         * runtime/FunctionExecutable.h:
128
129 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
130
131         Fix non-existent define `CPU(JSVALUE64)`
132         https://bugs.webkit.org/show_bug.cgi?id=190479
133
134         Reviewed by Yusuke Suzuki.
135
136         * jit/CCallHelpers.h:
137         (JSC::CCallHelpers::setupArgumentsImpl):
138         Correct CPU(JSVALUE64) to USE(JSVALUE64).
139
140 2018-10-11  Keith Rollin  <krollin@apple.com>
141
142         CURRENT_ARCH should not be used in Run Script phase.
143         https://bugs.webkit.org/show_bug.cgi?id=190407
144         <rdar://problem/45133556>
145
146         Reviewed by Alexey Proskuryakov.
147
148         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
149         CURRENT_ARCH is not well-defined during this phase (and may even have
150         the value "undefined") since this phase is run just once per build
151         rather than once per supported architecture. Migrate away from
152         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
153         performing an operation for each value, or by picking the first entry
154         in ARCHS and using that as a representative value.
155
156         * JavaScriptCore.xcodeproj/project.pbxproj: Store
157         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
158         rather than CURRENT_ARCH.
159
160 2018-10-10  Mark Lam  <mark.lam@apple.com>
161
162         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
163         https://bugs.webkit.org/show_bug.cgi?id=190405
164         <rdar://problem/45131464>
165
166         Reviewed by Michael Saboff.
167
168         The ASAN detect_stack_use_after_return option checks for use of stack variables
169         after they have been freed.  It does this by allocating relevant stack variables
170         in heap memory (instead of on the stack) if the code ever takes the address of
171         those stack variables.  Unfortunately, this is a common idiom that we use to
172         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
173         computed approximate stack pointer value will point into the heap instead of the
174         stack.  This breaks the VM's expectations and wreaks havoc.
175
176         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
177         taking the address of stack variables.
178
179         We also need to enhance ExceptionScopes to be able to work with ASAN
180         detect_stack_use_after_return which will allocated the scope in the heap.  We
181         work around this by passing the current stack pointer of the instantiating calling
182         frame into the scope constructor, and using that for the position check in
183         ~ThrowScope() instead.
184
185         The above is only a start towards enabling ASAN detect_stack_use_after_return on
186         the VM.  There are still other issues to be resolved before we can run with this
187         ASAN option.
188
189         * runtime/CatchScope.h:
190         * runtime/ExceptionEventLocation.h:
191         (JSC::ExceptionEventLocation::ExceptionEventLocation):
192         * runtime/ExceptionScope.h:
193         (JSC::ExceptionScope::stackPosition const):
194         * runtime/JSLock.cpp:
195         (JSC::JSLock::didAcquireLock):
196         * runtime/ThrowScope.cpp:
197         (JSC::ThrowScope::~ThrowScope):
198         * runtime/ThrowScope.h:
199         * runtime/VM.h:
200         (JSC::VM::needExceptionCheck const):
201         (JSC::VM::isSafeToRecurse const):
202         * wasm/js/WebAssemblyFunction.cpp:
203         (JSC::callWebAssemblyFunction):
204         * yarr/YarrPattern.cpp:
205         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
206
207 2018-10-10  Devin Rousso  <drousso@apple.com>
208
209         Web Inspector: create special Network waterfall for media events
210         https://bugs.webkit.org/show_bug.cgi?id=189773
211         <rdar://problem/44626605>
212
213         Reviewed by Joseph Pecoraro.
214
215         * inspector/protocol/DOM.json:
216         Add `didFireEvent` event that is fired when specific event listeners added by
217         `InspectorInstrumentation::addEventListenersToNode` are fired.
218
219 2018-10-10  Michael Saboff  <msaboff@apple.com>
220
221         Increase executable memory pool from 64MB to 128MB for ARM64
222         https://bugs.webkit.org/show_bug.cgi?id=190453
223
224         Reviewed by Saam Barati.
225
226         * jit/ExecutableAllocator.cpp:
227
228 2018-10-10  Devin Rousso  <drousso@apple.com>
229
230         Web Inspector: notify the frontend when a canvas has started recording via console.record
231         https://bugs.webkit.org/show_bug.cgi?id=190306
232
233         Reviewed by Brian Burg.
234
235         * inspector/protocol/Canvas.json:
236         Add `recordingStarted` event.
237
238         * inspector/protocol/Recording.json:
239         Add `Initiator` enum for determining who started the recording.
240
241 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
242
243         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
244         https://bugs.webkit.org/show_bug.cgi?id=190429
245
246         Reviewed by Saam Barati.
247
248         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
249         To make it explicit that these functions can fail, we rename these functions from createXXX
250         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
251         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
252         and it should return RefPtr<>.
253
254         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
255         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
256         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
257         RELEASE_ASSERT on the result of `tryCreate(...)`.
258
259         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
260
261         This change actually finds one place which does not perform any null checkings while it uses
262         `RefPtr<> create(...)` function.
263
264         * API/JSCallbackObjectFunctions.h:
265         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
266         (JSC::JSCallbackObject<Parent>::put):
267         (JSC::JSCallbackObject<Parent>::putByIndex):
268         (JSC::JSCallbackObject<Parent>::deleteProperty):
269         (JSC::JSCallbackObject<Parent>::callbackGetter):
270         * API/JSClassRef.h:
271         (StaticValueEntry::StaticValueEntry):
272         * API/JSContext.mm:
273         (-[JSContext evaluateScript:withSourceURL:]):
274         (-[JSContext setName:]):
275         * API/JSContextRef.cpp:
276         (JSGlobalContextCopyName):
277         (JSContextCreateBacktrace):
278         * API/JSObjectRef.cpp:
279         (JSObjectCopyPropertyNames):
280         * API/JSScriptRef.cpp:
281         * API/JSStringRef.cpp:
282         (JSStringCreateWithCharactersNoCopy):
283         * API/JSValue.mm:
284         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
285         (+[JSValue valueWithNewErrorFromMessage:inContext:]):
286         (+[JSValue valueWithNewSymbolFromDescription:inContext:]):
287         (performPropertyOperation):
288         (-[JSValue invokeMethod:withArguments:]):
289         (containerValueToObject):
290         (objectToValueWithoutCopy):
291         (objectToValue):
292         * API/JSValueRef.cpp:
293         (JSValueCreateJSONString):
294         (JSValueToStringCopy):
295         * API/OpaqueJSString.cpp:
296         (OpaqueJSString::tryCreate):
297         (OpaqueJSString::create): Deleted.
298         * API/OpaqueJSString.h:
299         * API/glib/JSCContext.cpp:
300         (evaluateScriptInContext):
301         * API/glib/JSCValue.cpp:
302         (jsc_value_new_string_from_bytes):
303         * ftl/FTLLazySlowPath.h:
304         (JSC::FTL::LazySlowPath::createGenerator):
305         * ftl/FTLLazySlowPathCall.h:
306         (JSC::FTL::createLazyCallGenerator):
307         * ftl/FTLOSRExit.cpp:
308         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
309         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
310         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
311         * ftl/FTLOSRExit.h:
312         * ftl/FTLPatchpointExceptionHandle.cpp:
313         (JSC::FTL::PatchpointExceptionHandle::create):
314         (JSC::FTL::PatchpointExceptionHandle::createHandle):
315         * ftl/FTLPatchpointExceptionHandle.h:
316         * heap/EdenGCActivityCallback.h:
317         (JSC::GCActivityCallback::tryCreateEdenTimer):
318         (JSC::GCActivityCallback::createEdenTimer): Deleted.
319         * heap/FullGCActivityCallback.h:
320         (JSC::GCActivityCallback::tryCreateFullTimer):
321         (JSC::GCActivityCallback::createFullTimer): Deleted.
322         * heap/GCActivityCallback.h:
323         * heap/Heap.cpp:
324         (JSC::Heap::Heap):
325         * inspector/AsyncStackTrace.cpp:
326         (Inspector::AsyncStackTrace::create):
327         * inspector/AsyncStackTrace.h:
328         * jsc.cpp:
329         (fillBufferWithContentsOfFile):
330         * runtime/ArrayBuffer.h:
331         * runtime/GenericTypedArrayView.h:
332         * runtime/GenericTypedArrayViewInlines.h:
333         (JSC::GenericTypedArrayView<Adaptor>::create):
334         (JSC::GenericTypedArrayView<Adaptor>::tryCreate):
335         (JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
336         (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized):
337         (JSC::GenericTypedArrayView<Adaptor>::subarray const):
338         * runtime/JSArrayBufferView.cpp:
339         (JSC::JSArrayBufferView::possiblySharedImpl):
340         * runtime/JSGenericTypedArrayViewInlines.h:
341         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
342         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
343         * wasm/WasmMemory.cpp:
344         (JSC::Wasm::Memory::create):
345         (JSC::Wasm::Memory::tryCreate):
346         * wasm/WasmMemory.h:
347         * wasm/WasmTable.cpp:
348         (JSC::Wasm::Table::tryCreate):
349         (JSC::Wasm::Table::create): Deleted.
350         * wasm/WasmTable.h:
351         * wasm/js/JSWebAssemblyInstance.cpp:
352         (JSC::JSWebAssemblyInstance::create):
353         * wasm/js/JSWebAssemblyMemory.cpp:
354         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
355         * wasm/js/WebAssemblyMemoryConstructor.cpp:
356         (JSC::constructJSWebAssemblyMemory):
357         * wasm/js/WebAssemblyModuleRecord.cpp:
358         (JSC::WebAssemblyModuleRecord::link):
359         * wasm/js/WebAssemblyTableConstructor.cpp:
360         (JSC::constructJSWebAssemblyTable):
361
362 2018-10-09  Devin Rousso  <drousso@apple.com>
363
364         Web Inspector: show redirect requests in Network and Timelines tabs
365         https://bugs.webkit.org/show_bug.cgi?id=150005
366         <rdar://problem/5378164>
367
368         Reviewed by Joseph Pecoraro.
369
370         * inspector/protocol/Network.json:
371         Add missing fields to `ResourceTiming`.
372
373 2018-10-09  Claudio Saavedra  <csaavedra@igalia.com>
374
375         [WPE] Explicitly link against gmodule where used
376         https://bugs.webkit.org/show_bug.cgi?id=190398
377
378         Reviewed by Michael Catanzaro.
379
380         * PlatformWPE.cmake:
381
382 2018-10-08  Justin Fan  <justin_fan@apple.com>
383
384         WebGPU: Rename old WebGPU prototype to WebMetal
385         https://bugs.webkit.org/show_bug.cgi?id=190325
386         <rdar://problem/44990443>
387
388         Reviewed by Dean Jackson.
389
390         Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface.
391
392         * Configurations/FeatureDefines.xcconfig:
393         * inspector/protocol/Canvas.json:
394         * inspector/scripts/codegen/generator.py:
395
396 2018-10-08  Aditya Keerthi  <akeerthi@apple.com>
397
398         Make <input type=color> a runtime enabled (on-by-default) feature
399         https://bugs.webkit.org/show_bug.cgi?id=189162
400
401         Reviewed by Wenson Hsieh and Tim Horton.
402
403         * Configurations/FeatureDefines.xcconfig:
404
405 2018-10-08  Devin Rousso  <drousso@apple.com>
406
407         Web Inspector: group media network entries by the node that triggered the request
408         https://bugs.webkit.org/show_bug.cgi?id=189606
409         <rdar://problem/44438527>
410
411         Reviewed by Brian Burg.
412
413         * inspector/protocol/Network.json:
414         Add an optional `nodeId` field to the `Initiator` object that is set it is possible to
415         determine which ancestor node triggered the load. It may not correspond directly to the node
416         with the href/src, as that url may only be used by an ancestor for loading.
417
418 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
419
420         [JSC][Linux] Use non-truncated name for JIT workers in Linux
421         https://bugs.webkit.org/show_bug.cgi?id=190339
422
423         Reviewed by Mark Lam.
424
425         The current thread names are meaningless in Linux environment. We do not want to
426         have truncated name in Linux: we want to have clear name in Linux. Instead, we
427         should have the name for Linux separately from the name used in the non-Linux
428         environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for
429         Linux environment.
430
431         * dfg/DFGWorklist.cpp:
432         (JSC::DFG::createWorklistName):
433         (JSC::DFG::Worklist::Worklist):
434         (JSC::DFG::Worklist::create):
435         (JSC::DFG::ensureGlobalDFGWorklist):
436         (JSC::DFG::ensureGlobalFTLWorklist):
437         * dfg/DFGWorklist.h:
438         * jit/JITWorklist.cpp:
439
440 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
441
442         Name Heap threads
443         https://bugs.webkit.org/show_bug.cgi?id=190337
444
445         Reviewed by Mark Lam.
446
447         Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since
448         Linux does not accept the name longer than 15. We do not want to use the short name
449         for non-Linux environment. And we want to have clear name in Linux: truncated name
450         is not good. So, having the two names is the only way.
451
452         * heap/HeapHelperPool.cpp:
453         (JSC::heapHelperPool):
454
455 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
456
457         [JSC] Avoid creating ProgramExecutable in checkSyntax
458         https://bugs.webkit.org/show_bug.cgi?id=190332
459
460         Reviewed by Mark Lam.
461
462         uglify-js in web-tooling-benchmark executes massive number of Function constructor calls.
463         In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax
464         is important when the performance of Function constructor matters. Current checkSyntax code
465         unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves
466         the benchmark score slightly.
467
468         Before:
469             uglify-js:  2.87 runs/s
470         After:
471             uglify-js:  2.94 runs/s
472
473         * runtime/Completion.cpp:
474         (JSC::checkSyntaxInternal):
475         (JSC::checkSyntax):
476         * runtime/ProgramExecutable.cpp:
477         (JSC::ProgramExecutable::checkSyntax): Deleted.
478         * runtime/ProgramExecutable.h:
479
480 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
481
482         [ESNext][BigInt] Implement support for "|"
483         https://bugs.webkit.org/show_bug.cgi?id=186229
484
485         Reviewed by Yusuke Suzuki.
486
487         This patch is introducing support for BigInt into bitwise "or" operator.
488         In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and
489         "ValueBitOr", to replace "BitOr" node. The idea is to follow the
490         difference that we make on Arith<op> and Value<op>, where ArithBitOr
491         handles cases when the operands are Int32 and ValueBitOr handles
492         the remaining cases.
493
494         We are also changing op_bitor to use ValueProfile. We are using
495         ValueProfile during DFG generation to emit "ArithBitOr" when
496         outcome prediction is Int32.
497
498         * bytecode/CodeBlock.cpp:
499         (JSC::CodeBlock::finishCreation):
500         (JSC::CodeBlock::arithProfileForPC):
501         * bytecompiler/BytecodeGenerator.cpp:
502         (JSC::BytecodeGenerator::emitBinaryOp):
503         * dfg/DFGAbstractInterpreterInlines.h:
504         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
505         * dfg/DFGBackwardsPropagationPhase.cpp:
506         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
507         (JSC::DFG::BackwardsPropagationPhase::propagate):
508         * dfg/DFGByteCodeParser.cpp:
509         (JSC::DFG::ByteCodeParser::parseBlock):
510         * dfg/DFGClobberize.h:
511         (JSC::DFG::clobberize):
512         * dfg/DFGDoesGC.cpp:
513         (JSC::DFG::doesGC):
514         * dfg/DFGFixupPhase.cpp:
515         (JSC::DFG::FixupPhase::fixupNode):
516         * dfg/DFGNodeType.h:
517         * dfg/DFGOperations.cpp:
518         (JSC::DFG::bitwiseOp):
519         * dfg/DFGOperations.h:
520         * dfg/DFGPredictionPropagationPhase.cpp:
521         * dfg/DFGSafeToExecute.h:
522         (JSC::DFG::safeToExecute):
523         * dfg/DFGSpeculativeJIT.cpp:
524         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
525         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
526         * dfg/DFGSpeculativeJIT.h:
527         (JSC::DFG::SpeculativeJIT::bitOp):
528         * dfg/DFGSpeculativeJIT32_64.cpp:
529         (JSC::DFG::SpeculativeJIT::compile):
530         * dfg/DFGSpeculativeJIT64.cpp:
531         (JSC::DFG::SpeculativeJIT::compile):
532         * dfg/DFGStrengthReductionPhase.cpp:
533         (JSC::DFG::StrengthReductionPhase::handleNode):
534         * ftl/FTLCapabilities.cpp:
535         (JSC::FTL::canCompile):
536         * ftl/FTLLowerDFGToB3.cpp:
537         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
538         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
539         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr):
540         (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted.
541         * jit/JITArithmetic.cpp:
542         (JSC::JIT::emit_op_bitor):
543         * llint/LowLevelInterpreter32_64.asm:
544         * llint/LowLevelInterpreter64.asm:
545         * runtime/CommonSlowPaths.cpp:
546         (JSC::SLOW_PATH_DECL):
547         * runtime/JSBigInt.cpp:
548         (JSC::JSBigInt::bitwiseAnd):
549         (JSC::JSBigInt::bitwiseOr):
550         (JSC::JSBigInt::absoluteBitwiseOp):
551         (JSC::JSBigInt::absoluteAddOne):
552         * runtime/JSBigInt.h:
553
554 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
555
556         [JSC] Use new extra memory reporting in SparseArrayMap
557         https://bugs.webkit.org/show_bug.cgi?id=190278
558
559         Reviewed by Keith Miller.
560
561         This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory
562         to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap.
563
564         * runtime/SparseArrayValueMap.cpp:
565         (JSC::SparseArrayValueMap::add):
566         (JSC::SparseArrayValueMap::visitChildren):
567
568 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
569
570         [JSC][Linux] Support Perf JITDump logging
571         https://bugs.webkit.org/show_bug.cgi?id=189893
572
573         Reviewed by Mark Lam.
574
575         This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information.
576         We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory.
577         By using this dump and perf.data output, we can annotate JIT code with profiling information.
578
579             $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js
580             $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true
581             [ perf record: Woken up 1 times to write data ]
582             [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ]
583             $ perf inject --jit -i perf.data -o perf.jit.data
584             $ perf report -i perf.jit.data
585
586         * Sources.txt:
587         * assembler/LinkBuffer.cpp:
588         (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
589         * assembler/LinkBuffer.h:
590         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
591         * assembler/PerfLog.cpp: Added.
592         (JSC::PerfLog::singleton):
593         (JSC::generateTimestamp):
594         (JSC::getCurrentThreadID):
595         (JSC::PerfLog::PerfLog):
596         (JSC::PerfLog::write):
597         (JSC::PerfLog::flush):
598         (JSC::PerfLog::log):
599         * assembler/PerfLog.h: Added.
600         * jit/ExecutableAllocator.cpp:
601         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
602         * runtime/Options.cpp:
603         (JSC::Options::isAvailable):
604         * runtime/Options.h:
605
606 2018-10-05  Mark Lam  <mark.lam@apple.com>
607
608         Gardening: Build fix after r236880.
609         https://bugs.webkit.org/show_bug.cgi?id=190317
610
611         Unreviewed.
612
613         * jit/ExecutableAllocator.h:
614
615 2018-10-05  Mark Lam  <mark.lam@apple.com>
616
617         performJITMemcpy() should handle the case when the executable allocator is not initialized yet.
618         https://bugs.webkit.org/show_bug.cgi?id=190317
619         <rdar://problem/45039398>
620
621         Reviewed by Saam Barati.
622
623         When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy()
624         to copy memory before the JIT fixed memory pool is initialize.  Before r236864,
625         performJITMemcpy() would just do a memcpy in that case.  We need to restore the
626         equivalent behavior.
627
628         * jit/ExecutableAllocator.cpp:
629         (JSC::isJITPC):
630         * jit/ExecutableAllocator.h:
631         (JSC::performJITMemcpy):
632
633 2018-10-05  Carlos Eduardo Ramalho  <cadubentzen@gmail.com>
634
635         [WPE][JSC] Use Unified Sources for Platform-specific sources
636         https://bugs.webkit.org/show_bug.cgi?id=190300
637
638         Reviewed by Yusuke Suzuki.
639
640         Currently the GTK port already used Unified Sources with the same source files.
641         As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES
642         to the list of libraries to link with.
643
644         * PlatformWPE.cmake:
645         * SourcesWPE.txt: Added.
646         * shell/PlatformWPE.cmake:
647
648 2018-10-05  Mike Gorse  <mgorse@alum.wpi.edu>
649
650         [GTK] build fails with python 3 if LANG and LC_TYPE are unset
651         https://bugs.webkit.org/show_bug.cgi?id=190258
652
653         Reviewed by Konstantin Tokarev.
654
655         * Scripts/cssmin.py: Set stdout to UTF-8 on python 3.
656         * Scripts/generateIntlCanonicalizeLanguage.py: Open files with
657           encoding=UTF-8 on Python 3.
658         * yarr/generateYarrCanonicalizeUnicode: Ditto.
659         * yarr/generateYarrUnicodePropertyTables.py: Ditto.
660
661 2018-10-04  Mark Lam  <mark.lam@apple.com>
662
663         Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object.
664         https://bugs.webkit.org/show_bug.cgi?id=190295
665         <rdar://problem/19197193>
666
667         Reviewed by Saam Barati.
668
669         This allows us to use the tagging logic already baked into MacroAssemblerCodePtr
670         instead of needing to use our own custom version here.
671
672         * jit/ExecutableAllocator.cpp:
673         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
674         (JSC::FixedVMPoolExecutableAllocator::memoryStart):
675         (JSC::FixedVMPoolExecutableAllocator::memoryEnd):
676         (JSC::FixedVMPoolExecutableAllocator::isJITPC):
677         (JSC::ExecutableAllocator::allocate):
678         (JSC::startOfFixedExecutableMemoryPoolImpl):
679         (JSC::endOfFixedExecutableMemoryPoolImpl):
680         (JSC::isJITPC):
681         * jit/ExecutableAllocator.h:
682
683 2018-10-04  Mark Lam  <mark.lam@apple.com>
684
685         Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled.
686         https://bugs.webkit.org/show_bug.cgi?id=190283
687         <rdar://problem/45015752>
688
689         Reviewed by Keith Miller.
690
691         * runtime/Options.cpp:
692         (JSC::Options::initialize):
693         * wasm/WasmFaultSignalHandler.cpp:
694         (JSC::Wasm::enableFastMemory):
695
696 2018-10-03  Ross Kirsling  <ross.kirsling@sony.com>
697
698         [JSC] print() changes CRLF to CRCRLF on Windows
699         https://bugs.webkit.org/show_bug.cgi?id=190228
700
701         Reviewed by Mark Lam.
702
703         * jsc.cpp:
704         (main):
705         Ultimately, this is just the normal behavior of printf in text mode on Windows.
706         Since we're reading in files as binary, we need to be printing out as binary too
707         (just as we do in DumpRenderTree and ImageDiff.)
708
709 2018-10-03  Saam barati  <sbarati@apple.com>
710
711         lowXYZ in FTLLower should always filter the type of the incoming edge
712         https://bugs.webkit.org/show_bug.cgi?id=189939
713         <rdar://problem/44407030>
714
715         Reviewed by Michael Saboff.
716
717         For example, the FTL may know more about data flow than AI in certain programs,
718         and it needs to inform AI of these data flow properties to appease the assertion
719         we have in AI that a node must perform type checks on its child nodes.
720         
721         For example, consider this program:
722         
723         ```
724         bb#1
725         a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
726         Branch(...,  #2, #3)
727         
728         bb#2
729         ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
730         Jump(#3)
731         
732         bb#3
733         c: Add(Int32:@something, Int32:@a)
734         ```
735         
736         When the Add node does lowInt32() for @a, FTL lower used to just grab it
737         from the int32 hash table without filtering the AbstractValue. However,
738         the parent node is asking for a type check to happen, so we must inform
739         AI of this "type check" if we want to appease the assertion that all nodes
740         perform type checks for their edges that semantically perform type checks.
741         This patch makes it so we filter the AbstractValue in the lowXYZ even
742         if FTLLower proved the value must be XYZ.
743
744         * ftl/FTLLowerDFGToB3.cpp:
745         (JSC::FTL::DFG::LowerDFGToB3::compilePhi):
746         (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
747         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
748         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
749         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
750
751 2018-10-03  Michael Saboff  <msaboff@apple.com>
752
753         Command line jsc should report memory footprint in bytes
754         https://bugs.webkit.org/show_bug.cgi?id=190267
755
756         Reviewed by Mark Lam.
757
758         Change to leave the footprint values from the system unmodified.
759
760         * jsc.cpp:
761         (JSCMemoryFootprint::finishCreation):
762
763 2018-10-03  Mark Lam  <mark.lam@apple.com>
764
765         Suppress unreachable code warning for LLIntAssembly.h code.
766         https://bugs.webkit.org/show_bug.cgi?id=190263
767         <rdar://problem/44986532>
768
769         Reviewed by Saam Barati.
770
771         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
772         asm files, and may contain dead code which are harmless, but will trip up the warning.
773         We should suppress the warning so that it doesn't break builds.
774
775         * llint/LowLevelInterpreter.cpp:
776         (JSC::CLoop::execute):
777
778 2018-10-03  Dan Bernstein  <mitz@apple.com>
779
780         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
781         https://bugs.webkit.org/show_bug.cgi?id=190250
782
783         Reviewed by Alex Christensen.
784
785         * API/tests/Regress141275.mm:
786         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
787           by making the self-retaining explicit.
788
789         * API/tests/testapi.cpp:
790         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
791           loop instead of returning from the lambda.
792
793         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
794           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
795           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
796
797         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
798           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
799
800         * assembler/MacroAssemblerPrinter.cpp:
801         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
802           some commas with semicolons.
803
804 2018-10-03  Mark Lam  <mark.lam@apple.com>
805
806         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
807         https://bugs.webkit.org/show_bug.cgi?id=190187
808         <rdar://problem/42512909>
809
810         Reviewed by Michael Saboff.
811
812         Allowing different max string lengths at each level opens up opportunities for
813         bugs to creep in.  With 2 different max length values, it is more difficult to
814         keep the story straight on how we do overflow / bounds checks at each place in
815         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
816         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
817         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
818         standardize on a MaxLength of INT_MAX at all levels.
819
820         We'll also standardize the way we do length overflow checks on using
821         CheckedArithmetic, and add some asserts to document the assumptions of the code.
822
823         * runtime/FunctionConstructor.cpp:
824         (JSC::constructFunctionSkippingEvalEnabledCheck):
825         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
826         * runtime/JSString.h:
827         (JSC::JSString::finishCreation):
828         (JSC::JSString::createHasOtherOwner):
829         (JSC::JSString::setLength):
830         * runtime/JSStringInlines.h:
831         (JSC::jsMakeNontrivialString):
832         * runtime/Operations.h:
833         (JSC::jsString):
834
835 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
836
837         [JSC] Add a C++ callable overload of objectConstructorSeal
838         https://bugs.webkit.org/show_bug.cgi?id=190137
839
840         Reviewed by Yusuke Suzuki.
841
842         * runtime/ObjectConstructor.cpp:
843         * runtime/ObjectConstructor.h:
844
845 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
846
847         Fix Disassembler-output on ARM Thumb2
848         https://bugs.webkit.org/show_bug.cgi?id=190203
849
850         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
851         execution in thumb mode for jumps and calls. The actual machine
852         instructions are still aligned to 2-bytes though. Use dataLocation() as
853         start address for disassembling since it unsets the thumb bit.
854         Until now the disassembler would start at the wrong address (off by 1),
855         resulting in the wrong disassembled machine instructions.
856
857         Reviewed by Mark Lam.
858
859         * disassembler/CapstoneDisassembler.cpp:
860         (JSC::tryToDisassemble):
861
862 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
863
864         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
865         https://bugs.webkit.org/show_bug.cgi?id=190215
866
867         Reviewed by Mark Lam.
868
869         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
870         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
871         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
872         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
873         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
874
875         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
876         non-JIT configurations. This does not have any functionality allocating executable memory, thus
877         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
878
879         * jit/ExecutableAllocator.cpp:
880         (JSC::ExecutableAllocator::initializeAllocator):
881         (JSC::ExecutableAllocator::singleton):
882         * jit/ExecutableAllocator.h:
883         (JSC::ExecutableAllocator::isValid const):
884         (JSC::ExecutableAllocator::underMemoryPressure):
885         (JSC::ExecutableAllocator::memoryPressureMultiplier):
886         (JSC::ExecutableAllocator::dumpProfile):
887         (JSC::ExecutableAllocator::allocate):
888         (JSC::ExecutableAllocator::isValidExecutableMemory):
889         (JSC::ExecutableAllocator::committedByteCount):
890         (JSC::ExecutableAllocator::getLock const):
891         (JSC::performJITMemcpy):
892
893 2018-10-01  Dean Jackson  <dino@apple.com>
894
895         Remove CSS Animation Triggers
896         https://bugs.webkit.org/show_bug.cgi?id=190175
897         <rdar://problem/44925626>
898
899         Reviewed by Simon Fraser.
900
901         * Configurations/FeatureDefines.xcconfig:
902
903 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
904
905         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
906         https://bugs.webkit.org/show_bug.cgi?id=190033
907
908         Reviewed by Yusuke Suzuki.
909
910         The implementation of JSBigInt::toStringToGeneric doesn't handle power
911         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
912         implemented JSBigInt::toStringBasePowerOfTwo that follows the
913         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
914         digit.
915
916         * runtime/JSBigInt.cpp:
917         (JSC::JSBigInt::toString):
918         (JSC::JSBigInt::toStringBasePowerOfTwo):
919         * runtime/JSBigInt.h:
920
921 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
922
923         [JSC] Add branchIfNaN and branchIfNotNaN
924         https://bugs.webkit.org/show_bug.cgi?id=190122
925
926         Reviewed by Mark Lam.
927
928         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
929
930         * dfg/DFGSpeculativeJIT.cpp:
931         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
932         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
933         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
934         (JSC::DFG::SpeculativeJIT::compileSpread):
935         (JSC::DFG::SpeculativeJIT::compileNewArray):
936         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
937         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
938         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
939         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
940         * dfg/DFGSpeculativeJIT32_64.cpp:
941         (JSC::DFG::SpeculativeJIT::compile):
942         * dfg/DFGSpeculativeJIT64.cpp:
943         (JSC::DFG::SpeculativeJIT::compile):
944         * jit/AssemblyHelpers.cpp:
945         (JSC::AssemblyHelpers::purifyNaN):
946         * jit/AssemblyHelpers.h:
947         (JSC::AssemblyHelpers::branchIfNaN):
948         (JSC::AssemblyHelpers::branchIfNotNaN):
949         * jit/JITPropertyAccess.cpp:
950         (JSC::JIT::emitGenericContiguousPutByVal):
951         (JSC::JIT::emitDoubleLoad):
952         (JSC::JIT::emitFloatTypedArrayGetByVal):
953         * jit/JITPropertyAccess32_64.cpp:
954         (JSC::JIT::emitGenericContiguousPutByVal):
955         * wasm/js/JSToWasm.cpp:
956         (JSC::Wasm::createJSToWasmWrapper):
957
958 2018-10-01  Mark Lam  <mark.lam@apple.com>
959
960         Function.toString() should also copy the source code Functions that are class definitions.
961         https://bugs.webkit.org/show_bug.cgi?id=190186
962         <rdar://problem/44733360>
963
964         Reviewed by Saam Barati.
965
966         Previously, if the Function is a class definition, functionProtoFuncToString()
967         would create a String using StringView::toStringWithoutCopying(), and use that
968         String to make a JSString.  This is not a problem if the underlying SourceProvider
969         (that backs the characters in that StringView) is immortal.  However, this is
970         not always the case in practice.
971
972         This patch fixes this issue by changing functionProtoFuncToString() to create the
973         String using StringView::toString() instead, which makes a copy of the underlying
974         characters buffer.  This detaches the resultant JSString from the SourceProvider
975         characters buffer that it was created from, and ensure that the underlying
976         characters buffer of the string will be alive for the entire lifetime of the
977         JSString.
978
979         * runtime/FunctionPrototype.cpp:
980         (JSC::functionProtoFuncToString):
981
982 2018-10-01  Keith Miller  <keith_miller@apple.com>
983
984         Create a RELEASE_AND_RETURN macro for ExceptionScopes
985         https://bugs.webkit.org/show_bug.cgi?id=190163
986
987         Reviewed by Mark Lam.
988
989         The new RELEASE_AND_RETURN does all the work for cases
990         where you want to return the result of some expression
991         without explicitly checking for an exception. This is
992         much like the existing RETURN_IF_EXCEPTION macro.
993
994         * dfg/DFGOperations.cpp:
995         (JSC::DFG::newTypedArrayWithSize):
996         * interpreter/Interpreter.cpp:
997         (JSC::eval):
998         * jit/JITOperations.cpp:
999         (JSC::getByVal):
1000         * jsc.cpp:
1001         (functionDollarAgentReceiveBroadcast):
1002         * llint/LLIntSlowPaths.cpp:
1003         (JSC::LLInt::setUpCall):
1004         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1005         (JSC::LLInt::varargsSetup):
1006         * profiler/ProfilerDatabase.cpp:
1007         (JSC::Profiler::Database::toJSON const):
1008         * runtime/AbstractModuleRecord.cpp:
1009         (JSC::AbstractModuleRecord::hostResolveImportedModule):
1010         * runtime/ArrayConstructor.cpp:
1011         (JSC::constructArrayWithSizeQuirk):
1012         * runtime/ArrayPrototype.cpp:
1013         (JSC::getProperty):
1014         (JSC::fastJoin):
1015         (JSC::arrayProtoFuncToString):
1016         (JSC::arrayProtoFuncToLocaleString):
1017         (JSC::arrayProtoFuncJoin):
1018         (JSC::arrayProtoFuncPop):
1019         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1020         * runtime/BigIntConstructor.cpp:
1021         (JSC::toBigInt):
1022         * runtime/CommonSlowPaths.h:
1023         (JSC::CommonSlowPaths::opInByVal):
1024         * runtime/ConstructData.cpp:
1025         (JSC::construct):
1026         * runtime/DateConstructor.cpp:
1027         (JSC::dateParse):
1028         * runtime/DatePrototype.cpp:
1029         (JSC::dateProtoFuncToPrimitiveSymbol):
1030         * runtime/DirectArguments.h:
1031         * runtime/ErrorConstructor.cpp:
1032         (JSC::Interpreter::constructWithErrorConstructor):
1033         * runtime/ErrorPrototype.cpp:
1034         (JSC::errorProtoFuncToString):
1035         * runtime/ExceptionScope.h:
1036         * runtime/FunctionConstructor.cpp:
1037         (JSC::constructFunction):
1038         * runtime/FunctionPrototype.cpp:
1039         (JSC::functionProtoFuncToString):
1040         * runtime/GenericArgumentsInlines.h:
1041         (JSC::GenericArguments<Type>::defineOwnProperty):
1042         * runtime/GetterSetter.cpp:
1043         (JSC::callGetter):
1044         * runtime/IntlCollatorConstructor.cpp:
1045         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1046         * runtime/IntlCollatorPrototype.cpp:
1047         (JSC::IntlCollatorFuncCompare):
1048         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
1049         * runtime/IntlDateTimeFormatConstructor.cpp:
1050         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1051         * runtime/IntlDateTimeFormatPrototype.cpp:
1052         (JSC::IntlDateTimeFormatFuncFormatDateTime):
1053         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
1054         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
1055         * runtime/IntlNumberFormatConstructor.cpp:
1056         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1057         * runtime/IntlNumberFormatPrototype.cpp:
1058         (JSC::IntlNumberFormatFuncFormatNumber):
1059         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
1060         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
1061         * runtime/IntlObject.cpp:
1062         (JSC::intlNumberOption):
1063         * runtime/IntlObjectInlines.h:
1064         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
1065         * runtime/IntlPluralRules.cpp:
1066         (JSC::IntlPluralRules::resolvedOptions):
1067         * runtime/IntlPluralRulesConstructor.cpp:
1068         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
1069         * runtime/IntlPluralRulesPrototype.cpp:
1070         (JSC::IntlPluralRulesPrototypeFuncSelect):
1071         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
1072         * runtime/JSArray.cpp:
1073         (JSC::JSArray::defineOwnProperty):
1074         (JSC::JSArray::put):
1075         (JSC::JSArray::setLength):
1076         (JSC::JSArray::unshiftCountWithAnyIndexingType):
1077         * runtime/JSArrayBufferPrototype.cpp:
1078         (JSC::arrayBufferProtoGetterFuncByteLength):
1079         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
1080         * runtime/JSArrayInlines.h:
1081         (JSC::toLength):
1082         * runtime/JSBoundFunction.cpp:
1083         (JSC::boundFunctionCall):
1084         (JSC::boundFunctionConstruct):
1085         * runtime/JSCJSValue.cpp:
1086         (JSC::JSValue::putToPrimitive):
1087         * runtime/JSCJSValueInlines.h:
1088         (JSC::JSValue::toIndex const):
1089         (JSC::JSValue::toPropertyKey const):
1090         (JSC::JSValue::get const):
1091         (JSC::JSValue::getPropertySlot const):
1092         (JSC::JSValue::getOwnPropertySlot const):
1093         (JSC::JSValue::equalSlowCaseInline):
1094         * runtime/JSDataView.cpp:
1095         (JSC::JSDataView::put):
1096         (JSC::JSDataView::defineOwnProperty):
1097         * runtime/JSFunction.cpp:
1098         (JSC::JSFunction::put):
1099         (JSC::JSFunction::defineOwnProperty):
1100         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1101         (JSC::constructGenericTypedArrayViewWithArguments):
1102         (JSC::constructGenericTypedArrayView):
1103         * runtime/JSGenericTypedArrayViewInlines.h:
1104         (JSC::JSGenericTypedArrayView<Adaptor>::set):
1105         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1106         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1107         (JSC::speciesConstruct):
1108         (JSC::genericTypedArrayViewProtoFuncJoin):
1109         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1110         * runtime/JSGlobalObject.cpp:
1111         (JSC::JSGlobalObject::put):
1112         * runtime/JSGlobalObjectFunctions.cpp:
1113         (JSC::decode):
1114         (JSC::globalFuncEval):
1115         (JSC::globalFuncProtoGetter):
1116         * runtime/JSInternalPromise.cpp:
1117         (JSC::JSInternalPromise::then):
1118         * runtime/JSModuleEnvironment.cpp:
1119         (JSC::JSModuleEnvironment::put):
1120         * runtime/JSModuleLoader.cpp:
1121         (JSC::JSModuleLoader::provideFetch):
1122         (JSC::JSModuleLoader::loadAndEvaluateModule):
1123         (JSC::JSModuleLoader::loadModule):
1124         (JSC::JSModuleLoader::linkAndEvaluateModule):
1125         (JSC::JSModuleLoader::requestImportModule):
1126         (JSC::JSModuleLoader::getModuleNamespaceObject):
1127         (JSC::moduleLoaderRequestedModules):
1128         * runtime/JSONObject.cpp:
1129         (JSC::Stringifier::stringify):
1130         (JSC::Stringifier::toJSON):
1131         (JSC::Walker::walk):
1132         (JSC::JSONProtoFuncStringify):
1133         * runtime/JSObject.cpp:
1134         (JSC::ordinarySetSlow):
1135         (JSC::JSObject::putInlineSlow):
1136         (JSC::JSObject::toPrimitive const):
1137         (JSC::JSObject::hasInstance):
1138         (JSC::JSObject::toNumber const):
1139         (JSC::JSObject::defineOwnIndexedProperty):
1140         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
1141         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
1142         (JSC::JSObject::defineOwnNonIndexProperty):
1143         * runtime/JSObject.h:
1144         (JSC::JSObject::get const):
1145         * runtime/JSObjectInlines.h:
1146         (JSC::JSObject::getPropertySlot const):
1147         (JSC::JSObject::putInlineForJSObject):
1148         * runtime/MapConstructor.cpp:
1149         (JSC::constructMap):
1150         * runtime/NativeErrorConstructor.cpp:
1151         (JSC::Interpreter::constructWithNativeErrorConstructor):
1152         * runtime/ObjectConstructor.cpp:
1153         (JSC::constructObject):
1154         (JSC::objectConstructorGetPrototypeOf):
1155         (JSC::objectConstructorGetOwnPropertyDescriptor):
1156         (JSC::objectConstructorGetOwnPropertyDescriptors):
1157         (JSC::objectConstructorGetOwnPropertyNames):
1158         (JSC::objectConstructorGetOwnPropertySymbols):
1159         (JSC::objectConstructorKeys):
1160         (JSC::objectConstructorDefineProperty):
1161         (JSC::objectConstructorDefineProperties):
1162         (JSC::objectConstructorCreate):
1163         * runtime/ObjectPrototype.cpp:
1164         (JSC::objectProtoFuncToLocaleString):
1165         (JSC::objectProtoFuncToString):
1166         * runtime/Operations.cpp:
1167         (JSC::jsAddSlowCase):
1168         * runtime/Operations.h:
1169         (JSC::jsString):
1170         (JSC::jsLess):
1171         (JSC::jsLessEq):
1172         * runtime/ParseInt.h:
1173         (JSC::toStringView):
1174         * runtime/ProxyConstructor.cpp:
1175         (JSC::constructProxyObject):
1176         * runtime/ProxyObject.cpp:
1177         (JSC::ProxyObject::toStringName):
1178         (JSC::performProxyGet):
1179         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
1180         (JSC::ProxyObject::performHasProperty):
1181         (JSC::ProxyObject::getOwnPropertySlotCommon):
1182         (JSC::ProxyObject::performPut):
1183         (JSC::ProxyObject::putByIndexCommon):
1184         (JSC::performProxyCall):
1185         (JSC::performProxyConstruct):
1186         (JSC::ProxyObject::performDelete):
1187         (JSC::ProxyObject::performPreventExtensions):
1188         (JSC::ProxyObject::performIsExtensible):
1189         (JSC::ProxyObject::performDefineOwnProperty):
1190         (JSC::ProxyObject::performSetPrototype):
1191         (JSC::ProxyObject::performGetPrototype):
1192         * runtime/ReflectObject.cpp:
1193         (JSC::reflectObjectConstruct):
1194         (JSC::reflectObjectDefineProperty):
1195         (JSC::reflectObjectGet):
1196         (JSC::reflectObjectGetOwnPropertyDescriptor):
1197         (JSC::reflectObjectGetPrototypeOf):
1198         (JSC::reflectObjectOwnKeys):
1199         (JSC::reflectObjectSet):
1200         * runtime/RegExpConstructor.cpp:
1201         (JSC::constructRegExp):
1202         * runtime/RegExpObject.cpp:
1203         (JSC::RegExpObject::defineOwnProperty):
1204         (JSC::RegExpObject::matchGlobal):
1205         * runtime/RegExpPrototype.cpp:
1206         (JSC::regExpProtoFuncTestFast):
1207         (JSC::regExpProtoFuncExec):
1208         (JSC::regExpProtoFuncToString):
1209         * runtime/ScriptExecutable.cpp:
1210         (JSC::ScriptExecutable::newCodeBlockFor):
1211         * runtime/SetConstructor.cpp:
1212         (JSC::constructSet):
1213         * runtime/SparseArrayValueMap.cpp:
1214         (JSC::SparseArrayValueMap::putEntry):
1215         (JSC::SparseArrayEntry::put):
1216         * runtime/StringConstructor.cpp:
1217         (JSC::stringFromCharCode):
1218         (JSC::stringFromCodePoint):
1219         * runtime/StringObject.cpp:
1220         (JSC::StringObject::put):
1221         (JSC::StringObject::putByIndex):
1222         (JSC::StringObject::defineOwnProperty):
1223         * runtime/StringPrototype.cpp:
1224         (JSC::jsSpliceSubstrings):
1225         (JSC::jsSpliceSubstringsWithSeparators):
1226         (JSC::removeUsingRegExpSearch):
1227         (JSC::replaceUsingRegExpSearch):
1228         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
1229         (JSC::replaceUsingStringSearch):
1230         (JSC::repeatCharacter):
1231         (JSC::replace):
1232         (JSC::stringProtoFuncReplaceUsingRegExp):
1233         (JSC::stringProtoFuncReplaceUsingStringSearch):
1234         (JSC::stringProtoFuncSplitFast):
1235         (JSC::stringProtoFuncToLowerCase):
1236         (JSC::stringProtoFuncToUpperCase):
1237         (JSC::toLocaleCase):
1238         (JSC::trimString):
1239         (JSC::stringProtoFuncIncludes):
1240         (JSC::builtinStringIncludesInternal):
1241         (JSC::normalize):
1242         (JSC::stringProtoFuncNormalize):
1243         * runtime/SymbolPrototype.cpp:
1244         (JSC::symbolProtoFuncToString):
1245         (JSC::symbolProtoFuncValueOf):
1246         * tools/JSDollarVM.cpp:
1247         (WTF::functionWasmStreamingParserAddBytes):
1248         (JSC::functionGetPrivateProperty):
1249         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1250         (JSC::constructJSWebAssemblyCompileError):
1251         * wasm/js/WebAssemblyModuleConstructor.cpp:
1252         (JSC::constructJSWebAssemblyModule):
1253         (JSC::WebAssemblyModuleConstructor::createModule):
1254         * wasm/js/WebAssemblyTableConstructor.cpp:
1255         (JSC::constructJSWebAssemblyTable):
1256         * wasm/js/WebAssemblyWrapperFunction.cpp:
1257         (JSC::callWebAssemblyWrapperFunction):
1258
1259 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
1260
1261         [JSC] Add a JSONStringify overload that receives a JSValue space
1262         https://bugs.webkit.org/show_bug.cgi?id=190131
1263
1264         Reviewed by Yusuke Suzuki.
1265
1266         * runtime/JSONObject.cpp:
1267         * runtime/JSONObject.h:
1268
1269 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1270
1271         Unreviewed, rolling out r236647.
1272         https://bugs.webkit.org/show_bug.cgi?id=190124
1273
1274         Breaking test stress/big-int-to-string.js (Requested by
1275         caiolima_ on #webkit).
1276
1277         Reverted changeset:
1278
1279         "[BigInt] BigInt.proptotype.toString is broken when radix is
1280         power of 2"
1281         https://bugs.webkit.org/show_bug.cgi?id=190033
1282         https://trac.webkit.org/changeset/236647
1283
1284 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1285
1286         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
1287         https://bugs.webkit.org/show_bug.cgi?id=189498
1288
1289         Reviewed by Saam Barati.
1290
1291         To call JS-to-Wasm code we need to convert the result value from wasm function to
1292         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
1293         over signature.returnType(). But since we know the value of `signature.returnType()`
1294         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
1295         and remove this switch from callWebAssemblyFunction.
1296
1297         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
1298         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
1299         we add an implementation for that.
1300
1301         * jit/AssemblyHelpers.h:
1302         (JSC::AssemblyHelpers::boxDouble):
1303         * wasm/js/JSToWasm.cpp:
1304         (JSC::Wasm::createJSToWasmWrapper):
1305         * wasm/js/WebAssemblyFunction.cpp:
1306         (JSC::callWebAssemblyFunction):
1307
1308 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1309
1310         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1311         https://bugs.webkit.org/show_bug.cgi?id=190033
1312
1313         Reviewed by Yusuke Suzuki.
1314
1315         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1316         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1317         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1318         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1319         digit.
1320
1321         * runtime/JSBigInt.cpp:
1322         (JSC::JSBigInt::toString):
1323         (JSC::JSBigInt::toStringBasePowerOfTwo):
1324         * runtime/JSBigInt.h:
1325
1326 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1327
1328         [ESNext][BigInt] Implement support for "&"
1329         https://bugs.webkit.org/show_bug.cgi?id=186228
1330
1331         Reviewed by Yusuke Suzuki.
1332
1333         This patch introduces support of BigInt into bitwise "&" operation.
1334         We are also introducing the ValueBitAnd DFG node, that is responsible
1335         to take care of JIT for non-Int32 operands. With the introduction of this
1336         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
1337         follows the behavior of ArithAdd and other arithmetic nodes, where
1338         the Arith<op> version always results in Number (in the case of
1339         ArithBitAnd, its is always an Int32).
1340
1341         * bytecode/CodeBlock.cpp:
1342         (JSC::CodeBlock::finishCreation):
1343         * bytecompiler/BytecodeGenerator.cpp:
1344         (JSC::BytecodeGenerator::emitBinaryOp):
1345         * dfg/DFGAbstractInterpreterInlines.h:
1346         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1347         * dfg/DFGBackwardsPropagationPhase.cpp:
1348         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1349         (JSC::DFG::BackwardsPropagationPhase::propagate):
1350         * dfg/DFGByteCodeParser.cpp:
1351         (JSC::DFG::ByteCodeParser::parseBlock):
1352         * dfg/DFGClobberize.h:
1353         (JSC::DFG::clobberize):
1354         * dfg/DFGDoesGC.cpp:
1355         (JSC::DFG::doesGC):
1356         * dfg/DFGFixupPhase.cpp:
1357         (JSC::DFG::FixupPhase::fixupNode):
1358         * dfg/DFGNodeType.h:
1359         * dfg/DFGOperations.cpp:
1360         * dfg/DFGOperations.h:
1361         * dfg/DFGPredictionPropagationPhase.cpp:
1362         * dfg/DFGSafeToExecute.h:
1363         (JSC::DFG::safeToExecute):
1364         * dfg/DFGSpeculativeJIT.cpp:
1365         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
1366         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
1367         * dfg/DFGSpeculativeJIT.h:
1368         (JSC::DFG::SpeculativeJIT::bitOp):
1369         * dfg/DFGSpeculativeJIT32_64.cpp:
1370         (JSC::DFG::SpeculativeJIT::compile):
1371         * dfg/DFGSpeculativeJIT64.cpp:
1372         (JSC::DFG::SpeculativeJIT::compile):
1373         * dfg/DFGStrengthReductionPhase.cpp:
1374         (JSC::DFG::StrengthReductionPhase::handleNode):
1375         * ftl/FTLCapabilities.cpp:
1376         (JSC::FTL::canCompile):
1377         * ftl/FTLLowerDFGToB3.cpp:
1378         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1379         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
1380         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
1381         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
1382         * jit/JIT.h:
1383         * jit/JITArithmetic.cpp:
1384         (JSC::JIT::emitBitBinaryOpFastPath):
1385         (JSC::JIT::emit_op_bitand):
1386         * llint/LowLevelInterpreter32_64.asm:
1387         * llint/LowLevelInterpreter64.asm:
1388         * runtime/CommonSlowPaths.cpp:
1389         (JSC::SLOW_PATH_DECL):
1390         * runtime/JSBigInt.cpp:
1391         (JSC::JSBigInt::JSBigInt):
1392         (JSC::JSBigInt::initialize):
1393         (JSC::JSBigInt::createZero):
1394         (JSC::JSBigInt::createFrom):
1395         (JSC::JSBigInt::bitwiseAnd):
1396         (JSC::JSBigInt::absoluteBitwiseOp):
1397         (JSC::JSBigInt::absoluteAnd):
1398         (JSC::JSBigInt::absoluteOr):
1399         (JSC::JSBigInt::absoluteAndNot):
1400         (JSC::JSBigInt::absoluteAddOne):
1401         (JSC::JSBigInt::absoluteSubOne):
1402         * runtime/JSBigInt.h:
1403         * runtime/JSCJSValue.h:
1404         * runtime/JSCJSValueInlines.h:
1405         (JSC::JSValue::toBigIntOrInt32 const):
1406
1407 2018-09-28  Mark Lam  <mark.lam@apple.com>
1408
1409         Gardening: speculative build fix.
1410         <rdar://problem/44869924>
1411
1412         Not reviewed.
1413
1414         * assembler/LinkBuffer.cpp:
1415         (JSC::LinkBuffer::copyCompactAndLinkCode):
1416
1417 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
1418
1419         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
1420         https://bugs.webkit.org/show_bug.cgi?id=190080
1421
1422         Reviewed by Mark Lam.
1423
1424         * assembler/ARMv7Assembler.h:
1425         (JSC::ARMv7Assembler::link):
1426         (JSC::ARMv7Assembler::linkJumpT1):
1427         (JSC::ARMv7Assembler::linkJumpT2):
1428         (JSC::ARMv7Assembler::linkJumpT3):
1429         (JSC::ARMv7Assembler::linkJumpT4):
1430         (JSC::ARMv7Assembler::linkConditionalJumpT4):
1431         (JSC::ARMv7Assembler::linkBX):
1432         (JSC::ARMv7Assembler::linkConditionalBX):
1433         * assembler/MacroAssemblerARMv7.h:
1434         (JSC::MacroAssemblerARMv7::link):
1435
1436 2018-09-27  Saam barati  <sbarati@apple.com>
1437
1438         Verify the contents of AssemblerBuffer on arm64e
1439         https://bugs.webkit.org/show_bug.cgi?id=190057
1440         <rdar://problem/38916630>
1441
1442         Reviewed by Mark Lam.
1443
1444         * assembler/ARM64Assembler.h:
1445         (JSC::ARM64Assembler::ARM64Assembler):
1446         (JSC::ARM64Assembler::fillNops):
1447         (JSC::ARM64Assembler::link):
1448         (JSC::ARM64Assembler::linkJumpOrCall):
1449         (JSC::ARM64Assembler::linkCompareAndBranch):
1450         (JSC::ARM64Assembler::linkConditionalBranch):
1451         (JSC::ARM64Assembler::linkTestAndBranch):
1452         (JSC::ARM64Assembler::unlinkedCode): Deleted.
1453         * assembler/ARMAssembler.h:
1454         (JSC::ARMAssembler::fillNops):
1455         * assembler/ARMv7Assembler.h:
1456         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
1457         * assembler/AbstractMacroAssembler.h:
1458         (JSC::AbstractMacroAssembler::emitNops):
1459         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
1460         * assembler/AssemblerBuffer.h:
1461         (JSC::ARM64EHash::ARM64EHash):
1462         (JSC::ARM64EHash::update):
1463         (JSC::ARM64EHash::hash const):
1464         (JSC::ARM64EHash::randomSeed const):
1465         (JSC::AssemblerBuffer::AssemblerBuffer):
1466         (JSC::AssemblerBuffer::putShort):
1467         (JSC::AssemblerBuffer::putIntUnchecked):
1468         (JSC::AssemblerBuffer::putInt):
1469         (JSC::AssemblerBuffer::hash const):
1470         (JSC::AssemblerBuffer::data const):
1471         (JSC::AssemblerBuffer::putIntegralUnchecked):
1472         (JSC::AssemblerBuffer::append): Deleted.
1473         * assembler/LinkBuffer.cpp:
1474         (JSC::LinkBuffer::copyCompactAndLinkCode):
1475         * assembler/MIPSAssembler.h:
1476         (JSC::MIPSAssembler::fillNops):
1477         * assembler/MacroAssemblerARM64.h:
1478         (JSC::MacroAssemblerARM64::jumpsToLink):
1479         (JSC::MacroAssemblerARM64::link):
1480         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
1481         * assembler/MacroAssemblerARMv7.h:
1482         (JSC::MacroAssemblerARMv7::jumpsToLink):
1483         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
1484         * assembler/X86Assembler.h:
1485         (JSC::X86Assembler::fillNops):
1486
1487 2018-09-27  Mark Lam  <mark.lam@apple.com>
1488
1489         ByValInfo should not use integer offsets.
1490         https://bugs.webkit.org/show_bug.cgi?id=190070
1491         <rdar://problem/44803430>
1492
1493         Reviewed by Saam Barati.
1494
1495         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
1496
1497         * bytecode/ByValInfo.h:
1498         (JSC::ByValInfo::ByValInfo):
1499         * jit/JIT.cpp:
1500         (JSC::JIT::link):
1501         * jit/JITOpcodes.cpp:
1502         (JSC::JIT::privateCompileHasIndexedProperty):
1503         * jit/JITOpcodes32_64.cpp:
1504         (JSC::JIT::privateCompileHasIndexedProperty):
1505         * jit/JITPropertyAccess.cpp:
1506         (JSC::JIT::privateCompileGetByVal):
1507         (JSC::JIT::privateCompileGetByValWithCachedId):
1508         (JSC::JIT::privateCompilePutByVal):
1509         (JSC::JIT::privateCompilePutByValWithCachedId):
1510
1511 2018-09-27  Saam barati  <sbarati@apple.com>
1512
1513         DFG::OSRExit::m_patchableCodeOffset should not be an int
1514         https://bugs.webkit.org/show_bug.cgi?id=190066
1515         <rdar://problem/39498244>
1516
1517         Reviewed by Mark Lam.
1518
1519         * dfg/DFGJITCompiler.cpp:
1520         (JSC::DFG::JITCompiler::linkOSRExits):
1521         (JSC::DFG::JITCompiler::link):
1522         * dfg/DFGOSRExit.cpp:
1523         (JSC::DFG::OSRExit::codeLocationForRepatch const):
1524         (JSC::DFG::OSRExit::compileOSRExit):
1525         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
1526         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
1527         (JSC::DFG::OSRExit::correctJump): Deleted.
1528         * dfg/DFGOSRExit.h:
1529         * dfg/DFGOSRExitCompilationInfo.h:
1530
1531 2018-09-27  Saam barati  <sbarati@apple.com>
1532
1533         Don't use int offsets in StructureStubInfo
1534         https://bugs.webkit.org/show_bug.cgi?id=190064
1535         <rdar://problem/44784719>
1536
1537         Reviewed by Mark Lam.
1538
1539         * bytecode/InlineAccess.cpp:
1540         (JSC::linkCodeInline):
1541         * bytecode/StructureStubInfo.h:
1542         (JSC::StructureStubInfo::slowPathCallLocation):
1543         (JSC::StructureStubInfo::doneLocation):
1544         (JSC::StructureStubInfo::slowPathStartLocation):
1545         * jit/JITInlineCacheGenerator.cpp:
1546         (JSC::JITInlineCacheGenerator::finalize):
1547
1548 2018-09-27  Mark Lam  <mark.lam@apple.com>
1549
1550         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
1551         https://bugs.webkit.org/show_bug.cgi?id=190054
1552         <rdar://problem/44803543>
1553
1554         Reviewed by Saam Barati.
1555
1556         * dfg/DFGJITCode.h:
1557         (JSC::DFG::JITCode::appendOSREntryData):
1558         * dfg/DFGJITCompiler.cpp:
1559         (JSC::DFG::JITCompiler::noticeOSREntry):
1560         * dfg/DFGOSREntry.cpp:
1561         (JSC::DFG::OSREntryData::dumpInContext const):
1562         (JSC::DFG::prepareOSREntry):
1563         * dfg/DFGOSREntry.h:
1564         * runtime/JSCPtrTag.h:
1565
1566 2018-09-27  Mark Lam  <mark.lam@apple.com>
1567
1568         JITMathIC should not use integer offsets into machine code.
1569         https://bugs.webkit.org/show_bug.cgi?id=190030
1570         <rdar://problem/44803307>
1571
1572         Reviewed by Saam Barati.
1573
1574         We'll replace them with CodeLocation smart pointers instead.
1575
1576         * jit/JITMathIC.h:
1577         (JSC::isProfileEmpty):
1578
1579 2018-09-26  Mark Lam  <mark.lam@apple.com>
1580
1581         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
1582         https://bugs.webkit.org/show_bug.cgi?id=190022
1583         <rdar://problem/44800928>
1584
1585         Reviewed by Saam Barati.
1586
1587         * jit/ExecutableAllocator.cpp:
1588         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1589         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1590         * jit/ExecutableAllocator.h:
1591         (JSC::performJITMemcpy):
1592         * runtime/Options.cpp:
1593         (JSC::recomputeDependentOptions):
1594
1595 2018-09-26  Mark Lam  <mark.lam@apple.com>
1596
1597         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
1598         https://bugs.webkit.org/show_bug.cgi?id=190016
1599         <rdar://problem/44802875>
1600
1601         Reviewed by Saam Barati.
1602
1603         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
1604         JIT memory.
1605
1606         * assembler/ARM64Assembler.h:
1607         (JSC::ARM64Assembler::fillNops):
1608         (JSC::ARM64Assembler::replaceWithVMHalt):
1609         (JSC::ARM64Assembler::replaceWithJump):
1610         (JSC::ARM64Assembler::replaceWithLoad):
1611         (JSC::ARM64Assembler::replaceWithAddressComputation):
1612         (JSC::ARM64Assembler::setPointer):
1613         (JSC::ARM64Assembler::repatchInt32):
1614         (JSC::ARM64Assembler::repatchCompact):
1615         (JSC::ARM64Assembler::linkJumpOrCall):
1616         (JSC::ARM64Assembler::linkCompareAndBranch):
1617         (JSC::ARM64Assembler::linkConditionalBranch):
1618         (JSC::ARM64Assembler::linkTestAndBranch):
1619         * assembler/LinkBuffer.cpp:
1620         (JSC::LinkBuffer::copyCompactAndLinkCode):
1621         (JSC::LinkBuffer::linkCode):
1622         * jit/ExecutableAllocator.h:
1623         (JSC::performJITMemcpy):
1624
1625 2018-09-25  Keith Miller  <keith_miller@apple.com>
1626
1627         Move Symbol API to SPI
1628         https://bugs.webkit.org/show_bug.cgi?id=189946
1629
1630         Reviewed by Michael Saboff.
1631
1632         Some of the property access methods on JSValue needed to be moved
1633         to a category so that SPI overloads don't result in a compiler
1634         error for internal users.
1635
1636         Additionally, this patch does not move the new enum entry for
1637         Symbols in the JSType enumeration.
1638
1639         * API/JSObjectRef.h:
1640         * API/JSObjectRefPrivate.h:
1641         * API/JSValue.h:
1642         * API/JSValuePrivate.h:
1643         * API/JSValueRef.h:
1644
1645 2018-09-26  Keith Miller  <keith_miller@apple.com>
1646
1647         We should zero unused property storage when rebalancing array storage.
1648         https://bugs.webkit.org/show_bug.cgi?id=188151
1649
1650         Reviewed by Michael Saboff.
1651
1652         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
1653         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
1654         property storage.
1655
1656         * runtime/JSArray.cpp:
1657         (JSC::JSArray::unshiftCountSlowCase):
1658
1659 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1660
1661         Unreviewed, add scope verification handling
1662         https://bugs.webkit.org/show_bug.cgi?id=189780
1663
1664         * runtime/ArrayPrototype.cpp:
1665         (JSC::arrayProtoFuncIndexOf):
1666         (JSC::arrayProtoFuncLastIndexOf):
1667
1668 2018-09-26  Koby Boyango  <koby.b@mce.systems>
1669
1670         [JSC] offlineasm parser should handle CRLF in asm files
1671         https://bugs.webkit.org/show_bug.cgi?id=189949
1672
1673         Reviewed by Mark Lam.
1674
1675         * offlineasm/parser.rb:
1676
1677 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1678
1679         [JSC] Optimize Array#lastIndexOf
1680         https://bugs.webkit.org/show_bug.cgi?id=189780
1681
1682         Reviewed by Saam Barati.
1683
1684         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
1685         for JSArray with contiguous storage.
1686
1687         * runtime/ArrayPrototype.cpp:
1688         (JSC::arrayProtoFuncLastIndexOf):
1689
1690 2018-09-25  Saam Barati  <sbarati@apple.com>
1691
1692         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1693         https://bugs.webkit.org/show_bug.cgi?id=189940
1694         <rdar://problem/43640987>
1695
1696         Reviewed by Mark Lam.
1697
1698         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
1699         CodeBlock. There is nothing semantically wrong with doing that (except for
1700         poor naming), however, the poor naming here led us to make a real semantic
1701         mistake. We wanted the baseline CodeBlock's constant pool, but we were
1702         accessing the FTL CodeBlock's constant pool accidentally. We need to
1703         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
1704         constant value.
1705
1706         * bytecode/InlineCallFrame.h:
1707         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
1708         * ftl/FTLOperations.cpp:
1709         (JSC::FTL::operationMaterializeObjectInOSR):
1710
1711 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
1712
1713         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
1714         https://bugs.webkit.org/show_bug.cgi?id=189962
1715         <rdar://problem/44648287>
1716
1717         Reviewed by Brian Burg.
1718
1719         * inspector/scripts/codegen/generate_objc_header.py:
1720         (ObjCHeaderGenerator._callback_block_for_command):
1721         If there are no return parameters include "void" in the block signature.
1722
1723         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
1724         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
1725         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1726         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1727         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
1728         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
1729         Rebaseline test results.
1730
1731 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
1732
1733         Remove AUTHORS and THANKS files which are stale
1734         https://bugs.webkit.org/show_bug.cgi?id=189941
1735
1736         Reviewed by Darin Adler.
1737
1738         Included mentions below so their names are still in ChangeLogs.
1739
1740         * AUTHORS: Removed.
1741         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
1742         These authors remain mentioned in copyrights in source files.
1743
1744         * THANKS: Removed.
1745         Richard Moore <rich@kde.org> - for filling the Math object with some life
1746         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
1747         Marco Pinelli <pinmc@libero.it> - for his patches
1748         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
1749         
1750 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
1751
1752         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
1753         https://bugs.webkit.org/show_bug.cgi?id=189733
1754
1755         Reviewed by Michael Catanzaro.
1756
1757         * assembler/ARM64Assembler.h:
1758         * assembler/ARMAssembler.h:
1759         (JSC::ARMAssembler::cacheFlush):
1760         * assembler/MacroAssemblerARM.cpp:
1761         (JSC::isVFPPresent):
1762         * assembler/MacroAssemblerARM64.cpp:
1763         * assembler/MacroAssemblerARMv7.cpp:
1764         * assembler/MacroAssemblerMIPS.cpp:
1765         * assembler/MacroAssemblerX86Common.cpp:
1766         * heap/HeapCell.cpp:
1767         * heap/HeapCell.h:
1768         * jit/HostCallReturnValue.h:
1769         * jit/JIT.h:
1770         * jit/JITOperations.cpp:
1771         * jit/ThunkGenerators.cpp:
1772         * runtime/ArrayConventions.cpp:
1773         (JSC::clearArrayMemset):
1774         * runtime/JSBigInt.cpp:
1775         (JSC::JSBigInt::digitDiv):
1776
1777 2018-09-24  Saam Barati  <sbarati@apple.com>
1778
1779         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1780         https://bugs.webkit.org/show_bug.cgi?id=189922
1781         <rdar://problem/44651275>
1782
1783         Reviewed by Mark Lam.
1784
1785         The implementation was first getting the length to iterate up to,
1786         then getting the starting index. However, getting the starting
1787         index may perform effects. e.g, it could change the length of the
1788         array. This changes it so we verify the length is still valid.
1789
1790         * runtime/ArrayPrototype.cpp:
1791         (JSC::arrayProtoFuncIndexOf):
1792
1793 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1794
1795         offlineasm: fix macro scoping
1796         https://bugs.webkit.org/show_bug.cgi?id=189902
1797
1798         Reviewed by Mark Lam.
1799
1800         In the code below, the reference to `f` in `g`, which should refer to
1801         the outer macro definition will instead refer to the f argument of the
1802         anonymous macro passed to `g`. That leads to this code failing to
1803         compile (f expected 0 args but got 1).
1804         
1805         ```
1806         macro f(x)
1807             move x, t0
1808         end
1809         
1810         macro g(fn)
1811             fn(macro () f(42) end)
1812         end
1813         
1814         g(macro(f) f() end)
1815         ```
1816
1817         * offlineasm/ast.rb:
1818         * offlineasm/transform.rb:
1819
1820 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1821
1822         Add forEach method for iterating CodeBlock's ValueProfiles
1823         https://bugs.webkit.org/show_bug.cgi?id=189897
1824
1825         Reviewed by Mark Lam.
1826
1827         Add method to abstract how we find ValueProfiles in a CodeBlock in
1828         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
1829         ValueProfiles will be stored in the MetadataTable.
1830
1831         * bytecode/CodeBlock.cpp:
1832         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1833         (JSC::CodeBlock::updateAllValueProfilePredictions):
1834         (JSC::CodeBlock::shouldOptimizeNow):
1835         (JSC::CodeBlock::dumpValueProfiles):
1836         * bytecode/CodeBlock.h:
1837         (JSC::CodeBlock::forEachValueProfile):
1838         (JSC::CodeBlock::numberOfArgumentValueProfiles):
1839         (JSC::CodeBlock::valueProfileForArgument):
1840         (JSC::CodeBlock::numberOfValueProfiles):
1841         (JSC::CodeBlock::valueProfile):
1842         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
1843         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
1844         * tools/HeapVerifier.cpp:
1845         (JSC::HeapVerifier::validateJSCell):
1846
1847 2018-09-24  Saam barati  <sbarati@apple.com>
1848
1849         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1850         https://bugs.webkit.org/show_bug.cgi?id=189682
1851         <rdar://problem/43557315>
1852
1853         Reviewed by Mark Lam.
1854
1855         Otherwise, if we have code like this:
1856         ```
1857         a: Arguments
1858         b: GetButterfly(@a)
1859         c: ForceExit
1860         d: GetArrayLength(@a, @b)
1861         ```
1862         it will get transformed into this invalid DFG IR:
1863         ```
1864         a: PhantomArguments
1865         b: Check(@a)
1866         c: ForceExit
1867         d: GetArrayLength(@a, @b)
1868         ```
1869         
1870         And we will fail DFG validation since @b does not have a result.
1871         
1872         The fix is to just remove all nodes after the ForceExit and plant an
1873         Unreachable after it. So the above code program will now turn into this:
1874         ```
1875         a: PhantomArguments
1876         b: Check(@a)
1877         c: ForceExit
1878         e: Unreachable
1879         ```
1880
1881         * dfg/DFGArgumentsEliminationPhase.cpp:
1882
1883 2018-09-22  Saam barati  <sbarati@apple.com>
1884
1885         The sampling should not use Strong<CodeBlock> in its machineLocation field
1886         https://bugs.webkit.org/show_bug.cgi?id=189319
1887
1888         Reviewed by Filip Pizlo.
1889
1890         The sampling profiler has a CLI mode where we gather information about inline
1891         call frames. That data structure was using a Strong<CodeBlock>. We were
1892         constructing this Strong<CodeBlock> during GC concurrently to processing all
1893         the Strong handles. This is a bug since we end up corrupting that data
1894         structure. This patch fixes this by just making this data structure use the
1895         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
1896
1897         * inspector/agents/InspectorScriptProfilerAgent.cpp:
1898         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1899         * runtime/SamplingProfiler.cpp:
1900         (JSC::SamplingProfiler::processUnverifiedStackTraces):
1901
1902         (JSC::SamplingProfiler::reportTopFunctions):
1903         (JSC::SamplingProfiler::reportTopBytecodes):
1904         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
1905         cause a GC to happen while already holding the sampling profiler's
1906         lock.
1907
1908 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1909
1910         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
1911         https://bugs.webkit.org/show_bug.cgi?id=189778
1912
1913         Reviewed by Keith Miller.
1914
1915         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
1916         Linux and macOS respectively. We would like to enable it for non JIT
1917         configurations in X86_64 and ARM64.
1918
1919         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
1920         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
1921         configuration. But it is wrong in the new scenario since we have a build
1922         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
1923         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
1924         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
1925         related to LLInt ASM interpreter and not related to JIT.
1926
1927         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
1928         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
1929         has machine register information that is used in LLInt ASM interpreter.
1930
1931         * API/tests/PingPongStackOverflowTest.cpp:
1932         (testPingPongStackOverflow):
1933         * CMakeLists.txt:
1934         * JavaScriptCore.xcodeproj/project.pbxproj:
1935         * assembler/MaxFrameExtentForSlowPathCall.h:
1936         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
1937         * bytecode/CodeBlock.cpp:
1938         (JSC::CodeBlock::finishCreation):
1939         * bytecode/CodeBlock.h:
1940         (JSC::CodeBlock::calleeSaveRegisters const):
1941         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
1942         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1943         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
1944         * bytecode/Opcode.h:
1945         (JSC::padOpcodeName):
1946         * heap/Heap.cpp:
1947         (JSC::Heap::gatherJSStackRoots):
1948         (JSC::Heap::stopThePeriphery):
1949         * interpreter/CLoopStack.cpp:
1950         * interpreter/CLoopStack.h:
1951         * interpreter/CLoopStackInlines.h:
1952         * interpreter/EntryFrame.h:
1953         * interpreter/Interpreter.cpp:
1954         (JSC::Interpreter::Interpreter):
1955         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
1956         * interpreter/Interpreter.h:
1957         * interpreter/StackVisitor.cpp:
1958         (JSC::StackVisitor::Frame::calleeSaveRegisters):
1959         * interpreter/VMEntryRecord.h:
1960         * jit/ExecutableAllocator.h:
1961         * jit/FPRInfo.h:
1962         (WTF::printInternal):
1963         * jit/GPRInfo.cpp:
1964         * jit/GPRInfo.h:
1965         (WTF::printInternal):
1966         * jit/HostCallReturnValue.cpp:
1967         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
1968         * jit/HostCallReturnValue.h:
1969         * jit/JITOperations.cpp:
1970         (JSC::getHostCallReturnValueWithExecState): Deleted.
1971         * jit/JITOperationsMSVC64.cpp:
1972         * jit/Reg.cpp:
1973         * jit/Reg.h:
1974         * jit/RegisterAtOffset.cpp:
1975         * jit/RegisterAtOffset.h:
1976         * jit/RegisterAtOffsetList.cpp:
1977         * jit/RegisterAtOffsetList.h:
1978         * jit/RegisterMap.h:
1979         * jit/RegisterSet.cpp:
1980         * jit/RegisterSet.h:
1981         * jit/TempRegisterSet.cpp:
1982         * jit/TempRegisterSet.h:
1983         * llint/LLIntCLoop.cpp:
1984         * llint/LLIntCLoop.h:
1985         * llint/LLIntData.cpp:
1986         (JSC::LLInt::initialize):
1987         (JSC::LLInt::Data::performAssertions):
1988         * llint/LLIntData.h:
1989         * llint/LLIntOfflineAsmConfig.h:
1990         * llint/LLIntOpcode.h:
1991         * llint/LLIntPCRanges.h:
1992         * llint/LLIntSlowPaths.cpp:
1993         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1994         * llint/LLIntSlowPaths.h:
1995         * llint/LLIntThunks.cpp:
1996         * llint/LowLevelInterpreter.cpp:
1997         * llint/LowLevelInterpreter.h:
1998         * runtime/JSCJSValue.h:
1999         * runtime/MachineContext.h:
2000         * runtime/SamplingProfiler.cpp:
2001         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
2002         for LLInt ASM interpreter with non JIT configuration.
2003         * runtime/TestRunnerUtils.cpp:
2004         (JSC::optimizeNextInvocation):
2005         * runtime/VM.cpp:
2006         (JSC::VM::VM):
2007         (JSC::VM::getHostFunction):
2008         (JSC::VM::updateSoftReservedZoneSize):
2009         (JSC::sanitizeStackForVM):
2010         (JSC::VM::committedStackByteCount):
2011         * runtime/VM.h:
2012         * runtime/VMInlines.h:
2013         (JSC::VM::ensureStackCapacityFor):
2014         (JSC::VM::isSafeToRecurseSoft const):
2015
2016 2018-09-21  Keith Miller  <keith_miller@apple.com>
2017
2018         Add Promise SPI
2019         https://bugs.webkit.org/show_bug.cgi?id=189809
2020
2021         Reviewed by Saam Barati.
2022
2023         The Patch adds new SPI to create promises. It's mostly SPI because
2024         I want to see how internal users react to it before we make it
2025         public.
2026
2027         This patch adds a couple of new Obj-C SPI methods. The first
2028         creates a new promise using the same API that JS does where the
2029         user provides an executor callback. If an exception is raised
2030         in/to that callback the promise is automagically rejected. The
2031         other methods create a pre-resolved or rejected promise as this
2032         appears to be a common way to initialize a promise.
2033
2034         I was also considering adding a second version of executor API
2035         where it would catch specific Obj-C exceptions. This would work by
2036         taking a Class paramter and checking isKindOfClass: on the
2037         exception. I decided against this as nothing else in our API
2038         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2039         corrupt state if an Obj-C exception unwinds through JS frames.
2040
2041         This patch adds a new C function that will create a "deferred"
2042         promise. A deferred promise is a style of creating promise/futures
2043         where the resolve and reject functions are passed as outputs of a
2044         function. I went with this style for the C SPI because we don't have
2045         any concept of forwarding exceptions in the C API.
2046
2047         In order to make the C API work I refactored a bit of the promise code
2048         so that we can call a static method on JSDeferredPromise and just get
2049         the components without allocating an extra cell wrapper.
2050
2051         * API/JSContext.mm:
2052         (+[JSContext currentCallee]):
2053         * API/JSObjectRef.cpp:
2054         (JSObjectMakeDeferredPromise):
2055         * API/JSObjectRefPrivate.h:
2056         * API/JSValue.mm:
2057         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2058         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2059         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2060         * API/JSValuePrivate.h: Added.
2061         * API/JSVirtualMachine.mm:
2062         * API/JSVirtualMachinePrivate.h:
2063         * API/tests/testapi.c:
2064         (main):
2065         * API/tests/testapi.cpp:
2066         (APIContext::operator JSC::ExecState*):
2067         (TestAPI::failed const):
2068         (TestAPI::check):
2069         (TestAPI::basicSymbol):
2070         (TestAPI::symbolsTypeof):
2071         (TestAPI::symbolsGetPropertyForKey):
2072         (TestAPI::symbolsSetPropertyForKey):
2073         (TestAPI::symbolsHasPropertyForKey):
2074         (TestAPI::symbolsDeletePropertyForKey):
2075         (TestAPI::promiseResolveTrue):
2076         (TestAPI::promiseRejectTrue):
2077         (testCAPIViaCpp):
2078         (TestAPI::run): Deleted.
2079         * API/tests/testapi.mm:
2080         (testObjectiveCAPIMain):
2081         (promiseWithExecutor):
2082         (promiseRejectOnJSException):
2083         (promiseCreateResolved):
2084         (promiseCreateRejected):
2085         (parallelPromiseResolveTest):
2086         (testObjectiveCAPI):
2087         * JavaScriptCore.xcodeproj/project.pbxproj:
2088         * runtime/JSInternalPromiseDeferred.cpp:
2089         (JSC::JSInternalPromiseDeferred::create):
2090         * runtime/JSPromise.h:
2091         * runtime/JSPromiseConstructor.cpp:
2092         (JSC::constructPromise):
2093         * runtime/JSPromiseDeferred.cpp:
2094         (JSC::JSPromiseDeferred::createDeferredData):
2095         (JSC::JSPromiseDeferred::create):
2096         (JSC::JSPromiseDeferred::finishCreation):
2097         (JSC::newPromiseCapability): Deleted.
2098         * runtime/JSPromiseDeferred.h:
2099         (JSC::JSPromiseDeferred::promise const):
2100         (JSC::JSPromiseDeferred::resolve const):
2101         (JSC::JSPromiseDeferred::reject const):
2102
2103 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
2104
2105         Unreviewed, rolling out r236359.
2106
2107         Broke the Windows build.
2108
2109         Reverted changeset:
2110
2111         "Add Promise SPI"
2112         https://bugs.webkit.org/show_bug.cgi?id=189809
2113         https://trac.webkit.org/changeset/236359
2114
2115 2018-09-21  Mark Lam  <mark.lam@apple.com>
2116
2117         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
2118         https://bugs.webkit.org/show_bug.cgi?id=189855
2119         <rdar://problem/44680181>
2120
2121         Reviewed by Filip Pizlo.
2122
2123         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
2124         ExecState* argument.  This is intentional so that resolveRope() does not throw
2125         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
2126         get the VM from the cell instead of via the ExecState.
2127
2128         Also removed an obsolete and unused field in JSString.
2129
2130         * runtime/JSString.cpp:
2131         (JSC::JSRopeString::resolveRope const):
2132         (JSC::JSRopeString::outOfMemory const):
2133         * runtime/JSString.h:
2134         (JSC::JSString::tryGetValue const):
2135
2136 2018-09-21  Michael Saboff  <msaboff@apple.com>
2137
2138         Add functions to measure memory footprint to JSC
2139         https://bugs.webkit.org/show_bug.cgi?id=189768
2140
2141         Reviewed by Saam Barati.
2142
2143         Rolling this back in again.
2144
2145         Provide system memory metrics for the current process to aid in memory reduction measurement and
2146         tuning using native JS tests.
2147
2148         * jsc.cpp:
2149         (MemoryFootprint::now):
2150         (MemoryFootprint::resetPeak):
2151         (GlobalObject::finishCreation):
2152         (JSCMemoryFootprint::JSCMemoryFootprint):
2153         (JSCMemoryFootprint::createStructure):
2154         (JSCMemoryFootprint::create):
2155         (JSCMemoryFootprint::finishCreation):
2156         (JSCMemoryFootprint::addProperty):
2157         (functionResetMemoryPeak):
2158
2159 2018-09-21  Keith Miller  <keith_miller@apple.com>
2160
2161         Add Promise SPI
2162         https://bugs.webkit.org/show_bug.cgi?id=189809
2163
2164         Reviewed by Saam Barati.
2165
2166         The Patch adds new SPI to create promises. It's mostly SPI because
2167         I want to see how internal users react to it before we make it
2168         public.
2169
2170         This patch adds a couple of new Obj-C SPI methods. The first
2171         creates a new promise using the same API that JS does where the
2172         user provides an executor callback. If an exception is raised
2173         in/to that callback the promise is automagically rejected. The
2174         other methods create a pre-resolved or rejected promise as this
2175         appears to be a common way to initialize a promise.
2176
2177         I was also considering adding a second version of executor API
2178         where it would catch specific Obj-C exceptions. This would work by
2179         taking a Class paramter and checking isKindOfClass: on the
2180         exception. I decided against this as nothing else in our API
2181         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2182         corrupt state if an Obj-C exception unwinds through JS frames.
2183
2184         This patch adds a new C function that will create a "deferred"
2185         promise. A deferred promise is a style of creating promise/futures
2186         where the resolve and reject functions are passed as outputs of a
2187         function. I went with this style for the C SPI because we don't have
2188         any concept of forwarding exceptions in the C API.
2189
2190         In order to make the C API work I refactored a bit of the promise code
2191         so that we can call a static method on JSDeferredPromise and just get
2192         the components without allocating an extra cell wrapper.
2193
2194         * API/JSContext.mm:
2195         (+[JSContext currentCallee]):
2196         * API/JSObjectRef.cpp:
2197         (JSObjectMakeDeferredPromise):
2198         * API/JSObjectRefPrivate.h:
2199         * API/JSValue.mm:
2200         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2201         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2202         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2203         * API/JSValuePrivate.h: Added.
2204         * API/JSVirtualMachine.mm:
2205         * API/JSVirtualMachinePrivate.h:
2206         * API/tests/testapi.c:
2207         (main):
2208         * API/tests/testapi.cpp:
2209         (APIContext::operator JSC::ExecState*):
2210         (TestAPI::failed const):
2211         (TestAPI::check):
2212         (TestAPI::basicSymbol):
2213         (TestAPI::symbolsTypeof):
2214         (TestAPI::symbolsGetPropertyForKey):
2215         (TestAPI::symbolsSetPropertyForKey):
2216         (TestAPI::symbolsHasPropertyForKey):
2217         (TestAPI::symbolsDeletePropertyForKey):
2218         (TestAPI::promiseResolveTrue):
2219         (TestAPI::promiseRejectTrue):
2220         (testCAPIViaCpp):
2221         (TestAPI::run): Deleted.
2222         * API/tests/testapi.mm:
2223         (testObjectiveCAPIMain):
2224         (promiseWithExecutor):
2225         (promiseRejectOnJSException):
2226         (promiseCreateResolved):
2227         (promiseCreateRejected):
2228         (parallelPromiseResolveTest):
2229         (testObjectiveCAPI):
2230         * JavaScriptCore.xcodeproj/project.pbxproj:
2231         * runtime/JSInternalPromiseDeferred.cpp:
2232         (JSC::JSInternalPromiseDeferred::create):
2233         * runtime/JSPromise.h:
2234         * runtime/JSPromiseConstructor.cpp:
2235         (JSC::constructPromise):
2236         * runtime/JSPromiseDeferred.cpp:
2237         (JSC::JSPromiseDeferred::createDeferredData):
2238         (JSC::JSPromiseDeferred::create):
2239         (JSC::JSPromiseDeferred::finishCreation):
2240         (JSC::newPromiseCapability): Deleted.
2241         * runtime/JSPromiseDeferred.h:
2242         (JSC::JSPromiseDeferred::promise const):
2243         (JSC::JSPromiseDeferred::resolve const):
2244         (JSC::JSPromiseDeferred::reject const):
2245
2246 2018-09-21  Truitt Savell  <tsavell@apple.com>
2247
2248         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
2249         https://bugs.webkit.org/show_bug.cgi?id=156674
2250
2251         Unreviewed Test Gardening
2252
2253         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2254         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2255
2256 2018-09-21  Mike Gorse  <mgorse@suse.com>
2257
2258         Build tools should work when the /usr/bin/python is python3
2259         https://bugs.webkit.org/show_bug.cgi?id=156674
2260
2261         Reviewed by Michael Catanzaro.
2262
2263         * Scripts/cssmin.py:
2264         * Scripts/generate-js-builtins.py:
2265         (do_open):
2266         (generate_bindings_for_builtins_files):
2267         * Scripts/generateIntlCanonicalizeLanguage.py:
2268         * Scripts/jsmin.py:
2269         (JavascriptMinify.minify.write):
2270         (JavascriptMinify):
2271         (JavascriptMinify.minify):
2272         * Scripts/make-js-file-arrays.py:
2273         (chunk):
2274         (main):
2275         * Scripts/wkbuiltins/__init__.py:
2276         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
2277         (generate_section_for_global_private_code_name_macro):
2278         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
2279         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
2280         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
2281         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
2282         * Scripts/wkbuiltins/builtins_model.py:
2283         (BuiltinFunction.__lt__):
2284         (BuiltinsCollection.copyrights):
2285         (BuiltinsCollection._parse_functions):
2286         * disassembler/udis86/ud_opcode.py:
2287         (UdOpcodeTables.pprint.printWalk):
2288         * generate-bytecode-files:
2289         * inspector/scripts/codegen/__init__.py:
2290         * inspector/scripts/codegen/cpp_generator.py:
2291         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2292         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
2293         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2294         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2295         (CppBackendDispatcherHeaderGenerator.generate_output):
2296         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2297         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2298         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2299         (CppBackendDispatcherImplementationGenerator.generate_output):
2300         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2301         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2302         (CppFrontendDispatcherHeaderGenerator.generate_output):
2303         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2304         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2305         (CppFrontendDispatcherImplementationGenerator.generate_output):
2306         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2307         (CppProtocolTypesHeaderGenerator.generate_output):
2308         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2309         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2310         (CppProtocolTypesImplementationGenerator.generate_output):
2311         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2312         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
2313         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2314         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2315         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
2316         * inspector/scripts/codegen/generate_js_backend_commands.py:
2317         (JSBackendCommandsGenerator.should_generate_domain):
2318         (JSBackendCommandsGenerator.domains_to_generate):
2319         (JSBackendCommandsGenerator.generate_output):
2320         (JSBackendCommandsGenerator.generate_domain):
2321         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2322         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2323         (ObjCBackendDispatcherHeaderGenerator.generate_output):
2324         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2325         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2326         (ObjCBackendDispatcherImplementationGenerator.generate_output):
2327         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
2328         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2329         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2330         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2331         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2332         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
2333         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2334         * inspector/scripts/codegen/generate_objc_header.py:
2335         (ObjCHeaderGenerator.generate_output):
2336         (ObjCHeaderGenerator._generate_type_interface):
2337         * inspector/scripts/codegen/generate_objc_internal_header.py:
2338         (ObjCInternalHeaderGenerator.generate_output):
2339         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2340         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2341         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
2342         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2343         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2344         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2345         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2346         (ObjCProtocolTypesImplementationGenerator.generate_output):
2347         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
2348         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2349         * inspector/scripts/codegen/generator.py:
2350         (Generator.non_supplemental_domains):
2351         (Generator.open_fields):
2352         (Generator.calculate_types_requiring_shape_assertions):
2353         (Generator._traverse_and_assign_enum_values):
2354         (Generator.stylized_name_for_enum_value):
2355         * inspector/scripts/codegen/models.py:
2356         (find_duplicates):
2357         * inspector/scripts/codegen/objc_generator.py:
2358         * wasm/generateWasm.py:
2359         (opcodeIterator):
2360         * yarr/generateYarrCanonicalizeUnicode:
2361         * yarr/generateYarrUnicodePropertyTables.py:
2362         * yarr/hasher.py:
2363         (stringHash):
2364
2365 2018-09-21  Tomas Popela  <tpopela@redhat.com>
2366
2367         [ARM] Build broken on armv7hl after r235517
2368         https://bugs.webkit.org/show_bug.cgi?id=189831
2369
2370         Reviewed by Yusuke Suzuki.
2371
2372         Add missing implementation of patchebleBranch8() for traditional ARM.
2373
2374         * assembler/MacroAssemblerARM.h:
2375         (JSC::MacroAssemblerARM::patchableBranch8):
2376
2377 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2378
2379         Unreviewed, rolling out r236293.
2380
2381         Internal build still broken.
2382
2383         Reverted changeset:
2384
2385         "Add functions to measure memory footprint to JSC"
2386         https://bugs.webkit.org/show_bug.cgi?id=189768
2387         https://trac.webkit.org/changeset/236293
2388
2389 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2390
2391         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
2392         https://bugs.webkit.org/show_bug.cgi?id=189558
2393
2394         Reviewed by Mark Lam.
2395
2396         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
2397
2398             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
2399
2400         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
2401         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
2402
2403         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
2404         And we propagate this value to the global atomic counter when rebalance happens.
2405
2406         We also reduce HeapCell::heap() access by using `vm.heap`.
2407
2408         * heap/SlotVisitor.cpp:
2409         (JSC::SlotVisitor::didStartMarking):
2410         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
2411         (JSC::SlotVisitor::drain):
2412         (JSC::SlotVisitor::performIncrementOfDraining):
2413         * heap/SlotVisitor.h:
2414         * heap/SlotVisitorInlines.h:
2415         (JSC::SlotVisitor::reportExtraMemoryVisited):
2416         * runtime/JSString.cpp:
2417         (JSC::JSRopeString::resolveRopeToAtomicString const):
2418         (JSC::JSRopeString::resolveRope const):
2419         * runtime/JSString.h:
2420         (JSC::JSString::finishCreation):
2421         * wasm/js/JSWebAssemblyInstance.cpp:
2422         (JSC::JSWebAssemblyInstance::finishCreation):
2423         * wasm/js/JSWebAssemblyMemory.cpp:
2424         (JSC::JSWebAssemblyMemory::finishCreation):
2425
2426 2018-09-20  Michael Saboff  <msaboff@apple.com>
2427
2428         Add functions to measure memory footprint to JSC
2429         https://bugs.webkit.org/show_bug.cgi?id=189768
2430
2431         Reviewed by Saam Barati.
2432
2433         Rolling this back in.
2434
2435         Provide system memory metrics for the current process to aid in memory reduction measurement and
2436         tuning using native JS tests.
2437
2438         * jsc.cpp:
2439         (MemoryFootprint::now):
2440         (MemoryFootprint::resetPeak):
2441         (GlobalObject::finishCreation):
2442         (JSCMemoryFootprint::JSCMemoryFootprint):
2443         (JSCMemoryFootprint::createStructure):
2444         (JSCMemoryFootprint::create):
2445         (JSCMemoryFootprint::finishCreation):
2446         (JSCMemoryFootprint::addProperty):
2447         (functionResetMemoryPeak):
2448
2449 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2450
2451         Unreviewed, rolling out r236235.
2452
2453         Breaks internal builds.
2454
2455         Reverted changeset:
2456
2457         "Add functions to measure memory footprint to JSC"
2458         https://bugs.webkit.org/show_bug.cgi?id=189768
2459         https://trac.webkit.org/changeset/236235
2460
2461 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
2462
2463         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
2464         https://bugs.webkit.org/show_bug.cgi?id=189730
2465
2466         Reviewed by Saam Barati.
2467
2468         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
2469
2470         * jit/JITMathIC.h:
2471         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
2472
2473 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2474
2475         [JSC] Optimize Array#indexOf in C++ runtime
2476         https://bugs.webkit.org/show_bug.cgi?id=189507
2477
2478         Reviewed by Saam Barati.
2479
2480         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
2481         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
2482         and actually it is working well, C++ Array#indexOf is called significant amount
2483         of time before tiering up, and it takes 6.74% of jsc main thread samples according
2484         to perf command in Linux. This is because C++ Array#indexOf is too generic and
2485         misses the chance to optimize JSArray cases.
2486
2487         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
2488         access to the given JSArray is non-observable and indexing type is good for the fast
2489         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
2490         babylon web-tooling-benchmark.
2491
2492         * runtime/ArrayPrototype.cpp:
2493         (JSC::arrayProtoFuncIndexOf):
2494         * runtime/JSArray.h:
2495         * runtime/JSArrayInlines.h:
2496         (JSC::JSArray::canDoFastIndexedAccess):
2497         (JSC::toLength):
2498         * runtime/JSCJSValueInlines.h:
2499         (JSC::JSValue::JSValue):
2500         * runtime/JSGlobalObject.h:
2501         * runtime/JSGlobalObjectInlines.h:
2502         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
2503         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
2504         * runtime/MathCommon.h:
2505         (JSC::canBeStrictInt32):
2506         (JSC::canBeInt32):
2507
2508 2018-09-19  Michael Saboff  <msaboff@apple.com>
2509
2510         Add functions to measure memory footprint to JSC
2511         https://bugs.webkit.org/show_bug.cgi?id=189768
2512
2513         Reviewed by Saam Barati.
2514
2515         Provide system memory metrics for the current process to aid in memory reduction measurement and
2516         tuning using native JS tests.
2517
2518         * jsc.cpp:
2519         (MemoryFootprint::now):
2520         (MemoryFootprint::resetPeak):
2521         (GlobalObject::finishCreation):
2522         (JSCMemoryFootprint::JSCMemoryFootprint):
2523         (JSCMemoryFootprint::createStructure):
2524         (JSCMemoryFootprint::create):
2525         (JSCMemoryFootprint::finishCreation):
2526         (JSCMemoryFootprint::addProperty):
2527         (functionResetMemoryPeak):
2528
2529 2018-09-19  Saam barati  <sbarati@apple.com>
2530
2531         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
2532         https://bugs.webkit.org/show_bug.cgi?id=189703
2533
2534         Reviewed by Mark Lam.
2535
2536         This fixes a crash that a TypeProfiler change revealed.
2537
2538         * dfg/DFGSpeculativeJIT64.cpp:
2539         (JSC::DFG::SpeculativeJIT::compile):
2540
2541 2018-09-19  Saam barati  <sbarati@apple.com>
2542
2543         AI rule for MultiPutByOffset executes its effects in the wrong order
2544         https://bugs.webkit.org/show_bug.cgi?id=189757
2545         <rdar://problem/43535257>
2546
2547         Reviewed by Michael Saboff.
2548
2549         The AI rule for MultiPutByOffset was executing effects in the wrong order.
2550         It first executed the transition effects and the effects on the base, and
2551         then executed the filtering effects on the value being stored. However, you
2552         can end up with the wrong type when the base and the value being stored
2553         are the same. E.g, in a program like `o.f = o`. These effects need to happen
2554         in the opposite order, modeling what happens in the runtime executing of
2555         MultiPutByOffset.
2556
2557         * dfg/DFGAbstractInterpreterInlines.h:
2558         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2559
2560 2018-09-18  Mark Lam  <mark.lam@apple.com>
2561
2562         Ensure that ForInContexts are invalidated if their loop local is over-written.
2563         https://bugs.webkit.org/show_bug.cgi?id=189571
2564         <rdar://problem/44402277>
2565
2566         Reviewed by Saam Barati.
2567
2568         Instead of hunting down every place in the BytecodeGenerator that potentially
2569         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
2570         the bytecode range of the loop body when the ForInContext is popped, and
2571         invalidate the context if we ever find the loop temp variable over-written.
2572
2573         This has 2 benefits:
2574         1. It ensures that every type of opcode that can write to the loop temp will be
2575            handled appropriately, not just the op_mov that we've hunted down.
2576         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
2577            every time we emit an op_mov (or other opcodes that can write to a local)
2578            even when we're not inside a for-in loop.
2579
2580         JSC benchmarks show that that this change is performance neutral.
2581
2582         * bytecompiler/BytecodeGenerator.cpp:
2583         (JSC::BytecodeGenerator::pushIndexedForInScope):
2584         (JSC::BytecodeGenerator::popIndexedForInScope):
2585         (JSC::BytecodeGenerator::pushStructureForInScope):
2586         (JSC::BytecodeGenerator::popStructureForInScope):
2587         (JSC::ForInContext::finalize):
2588         (JSC::StructureForInContext::finalize):
2589         (JSC::IndexedForInContext::finalize):
2590         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
2591         * bytecompiler/BytecodeGenerator.h:
2592         (JSC::ForInContext::ForInContext):
2593         (JSC::ForInContext::bodyBytecodeStartOffset const):
2594         (JSC::StructureForInContext::StructureForInContext):
2595         (JSC::IndexedForInContext::IndexedForInContext):
2596         * bytecompiler/NodesCodegen.cpp:
2597         (JSC::PostfixNode::emitResolve):
2598         (JSC::PrefixNode::emitResolve):
2599         (JSC::ReadModifyResolveNode::emitBytecode):
2600         (JSC::AssignResolveNode::emitBytecode):
2601         (JSC::EmptyLetExpression::emitBytecode):
2602         (JSC::ForInNode::emitLoopHeader):
2603         (JSC::ForOfNode::emitBytecode):
2604         (JSC::BindingNode::bindValue const):
2605         (JSC::AssignmentElementNode::bindValue const):
2606         * runtime/CommonSlowPaths.cpp:
2607         (JSC::SLOW_PATH_DECL):
2608
2609 2018-09-17  Devin Rousso  <drousso@apple.com>
2610
2611         Web Inspector: generate CSSKeywordCompletions from backend values
2612         https://bugs.webkit.org/show_bug.cgi?id=189041
2613
2614         Reviewed by Joseph Pecoraro.
2615
2616         * inspector/protocol/CSS.json:
2617         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
2618
2619 2018-09-17  Saam barati  <sbarati@apple.com>
2620
2621         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
2622         https://bugs.webkit.org/show_bug.cgi?id=189676
2623         <rdar://problem/39682897>
2624
2625         Reviewed by Michael Saboff.
2626
2627         Because the incoming value may be TDZ, CheckStructure may end up crashing.
2628         Since the Type Profile does not currently record TDZ values in any of its
2629         data structures, this is not a semantic change in how it will show you data.
2630         It just fixes crashes when we emit a CheckStructure and the incoming value
2631         is TDZ.
2632
2633         * dfg/DFGFixupPhase.cpp:
2634         (JSC::DFG::FixupPhase::fixupNode):
2635         * dfg/DFGNode.h:
2636         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
2637
2638 2018-09-17  Darin Adler  <darin@apple.com>
2639
2640         Use OpaqueJSString rather than JSRetainPtr inside WebKit
2641         https://bugs.webkit.org/show_bug.cgi?id=189652
2642
2643         Reviewed by Saam Barati.
2644
2645         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
2646         JSStringRef.h.
2647
2648         * API/JSContext.mm:
2649         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
2650         than JSStringCreateWithCFString, simplifying the code and also obviating the
2651         need for explicit JSStringRelease.
2652         (-[JSContext setName:]): Ditto.
2653
2654         * API/JSStringRef.cpp:
2655         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
2656         It seems that additional optimization is possible, obviating the need to allocate
2657         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
2658
2659         * API/JSValue.mm:
2660         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
2661         OpaqueJSString::create and adoptRef as appropriate.
2662         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
2663         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
2664         (performPropertyOperation): Ditto.
2665         (-[JSValue invokeMethod:withArguments:]): Ditto.
2666         (valueToObjectWithoutCopy): Ditto.
2667         (containerValueToObject): Ditto.
2668         (valueToString): Ditto.
2669         (objectToValueWithoutCopy): Ditto.
2670         (objectToValue): Ditto.
2671
2672 2018-09-08  Darin Adler  <darin@apple.com>
2673
2674         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
2675         https://bugs.webkit.org/show_bug.cgi?id=189455
2676
2677         Reviewed by Keith Miller.
2678
2679         * API/JSObjectRef.cpp:
2680         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
2681         JSRetainPtr<JSStringRef>.
2682         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
2683         adopt constructor.
2684         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
2685         the array elements are now Ref.
2686
2687         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
2688         it only works for two specific unrelated types, JSStringRef and
2689         JSGlobalContextRef. Simplified the default constructor using data
2690         member initialization. Prepared to make the adopt constructor private
2691         (got everything compiling that way, then made it public again so that
2692         Apple internal software will still build). Got rid of unneeded
2693         templated constructor and assignment operator, since it's not relevant
2694         since there is no inheritance between JSRetainPtr template types.
2695         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
2696         Added move constructor and move assignment operator for slightly better
2697         performance. Simplified implementations of various member functions
2698         so they are more obviously correct, by using leakPtr in more of them
2699         and using std::exchange to make the flow of values more obvious.
2700
2701         * API/JSValue.mm:
2702         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
2703         missing JSStringRelease to fix a leak.
2704
2705         * API/tests/CustomGlobalObjectClassTest.c:
2706         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
2707         (globalObjectSetPrototypeTest): Ditto.
2708         (globalObjectPrivatePropertyTest): Ditto.
2709
2710         * API/tests/ExecutionTimeLimitTest.cpp:
2711         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
2712         (testExecutionTimeLimit): Ditto, lots more.
2713
2714         * API/tests/FunctionOverridesTest.cpp:
2715         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
2716
2717         * API/tests/JSObjectGetProxyTargetTest.cpp:
2718         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
2719         a leak.
2720
2721         * API/tests/PingPongStackOverflowTest.cpp:
2722         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
2723         JSStringRelease to fix leaks.
2724
2725         * API/tests/testapi.c:
2726         (throwException): Added. Helper function for repeated idiom where we want
2727         to throw an exception, but with additional JSStringRelease calls so we don't
2728         have to leak just to keep the code simpler to read.
2729         (MyObject_getProperty): Use throwException.
2730         (MyObject_setProperty): Ditto.
2731         (MyObject_deleteProperty): Ditto.
2732         (isValueEqualToString): Added. Helper function for an idiom where we check
2733         if something is a string and then if it's equal to a particular string
2734         constant, but a version that has an additional JSStringRelease call so we
2735         don't have to leak just to keep the code simpler to read.
2736         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
2737         (MyObject_callAsConstructor): Ditto.
2738         (MyObject_hasInstance): Ditto.
2739         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
2740         (testMarkingConstraintsAndHeapFinalizers): Ditto.
2741
2742 2018-09-14  Saam barati  <sbarati@apple.com>
2743
2744         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
2745         https://bugs.webkit.org/show_bug.cgi?id=189628
2746         <rdar://problem/39481690>
2747
2748         Reviewed by Mark Lam.
2749
2750         An Availability may point to a Node. And that Node may be removed from
2751         the graph, e.g, it's freed and its memory is no longer owned by Graph.
2752         This patch makes it so we no longer dump this metadata by default. If
2753         this metadata is interesting to you, you'll need to go in and change
2754         Graph::dump to dump the needed metadata.
2755
2756         * dfg/DFGGraph.cpp:
2757         (JSC::DFG::Graph::dump):
2758
2759 2018-09-14  Mark Lam  <mark.lam@apple.com>
2760
2761         Refactor some ForInContext code for better encapsulation.
2762         https://bugs.webkit.org/show_bug.cgi?id=189626
2763         <rdar://problem/44466415>
2764
2765         Reviewed by Keith Miller.
2766
2767         1. Add a ForInContext::m_type field to store the context type.  This does not
2768            increase the class size, but eliminates the need for a virtual call to get the
2769            type.
2770
2771            Note: we still need a virtual destructor because we'll be mingling
2772            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
2773
2774         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
2775            convenience methods.
2776
2777         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
2778            to do the casting to the subclass types.  This ensures that we'll properly
2779            assert that the casting is legal.
2780
2781         * bytecompiler/BytecodeGenerator.cpp:
2782         (JSC::BytecodeGenerator::emitGetByVal):
2783         (JSC::BytecodeGenerator::popIndexedForInScope):
2784         (JSC::BytecodeGenerator::popStructureForInScope):
2785         * bytecompiler/BytecodeGenerator.h:
2786         (JSC::ForInContext::type const):
2787         (JSC::ForInContext::isIndexedForInContext const):
2788         (JSC::ForInContext::isStructureForInContext const):
2789         (JSC::ForInContext::asIndexedForInContext):
2790         (JSC::ForInContext::asStructureForInContext):
2791         (JSC::ForInContext::ForInContext):
2792         (JSC::StructureForInContext::StructureForInContext):
2793         (JSC::IndexedForInContext::IndexedForInContext):
2794         (JSC::ForInContext::~ForInContext): Deleted.
2795
2796 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
2797
2798         Web Inspector: Record actions performed on ImageBitmapRenderingContext
2799         https://bugs.webkit.org/show_bug.cgi?id=181341
2800
2801         Reviewed by Joseph Pecoraro.
2802
2803         * inspector/protocol/Recording.json:
2804         * inspector/scripts/codegen/generator.py:
2805
2806 2018-09-14  Mike Gorse  <mgorse@suse.com>
2807
2808         builtins directory causes name conflict on Python 3
2809         https://bugs.webkit.org/show_bug.cgi?id=189552
2810
2811         Reviewed by Michael Catanzaro.
2812
2813         * CMakeLists.txt: builtins -> wkbuiltins.
2814         * DerivedSources.make: builtins -> wkbuiltins.
2815         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
2816           builtins.
2817         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
2818         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
2819         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
2820         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
2821         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
2822         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
2823         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
2824         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
2825         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
2826         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
2827         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
2828         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
2829
2830 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2831
2832         [WebAssembly] Inline WasmContext accessor functions
2833         https://bugs.webkit.org/show_bug.cgi?id=189416
2834
2835         Reviewed by Saam Barati.
2836
2837         WasmContext accessor functions are very small while it resides in the critical path of
2838         JS to Wasm function call. This patch makes them inline to improve performance.
2839         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
2840
2841         * JavaScriptCore.xcodeproj/project.pbxproj:
2842         * Sources.txt:
2843         * interpreter/CallFrame.cpp:
2844         * jit/AssemblyHelpers.cpp:
2845         * wasm/WasmB3IRGenerator.cpp:
2846         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
2847         (JSC::Wasm::Context::useFastTLS):
2848         (JSC::Wasm::Context::load const):
2849         (JSC::Wasm::Context::store):
2850         * wasm/WasmMemoryInformation.cpp:
2851         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
2852         * wasm/js/JSToWasm.cpp:
2853         * wasm/js/WebAssemblyFunction.cpp:
2854
2855 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2856
2857         Move JavaScriptCore files to match Xcode project hierarchy
2858         <https://webkit.org/b/189574>
2859
2860         Reviewed by Filip Pizlo.
2861
2862         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
2863         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
2864         * CMakeLists.txt: Update for new path to
2865         generateYarrUnicodePropertyTables.py, hasher.py and
2866         JSAPIValueWrapper.h.
2867         * DerivedSources.make: Ditto. Add missing dependency on
2868         hasher.py captured by CMakeLists.txt.
2869         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
2870         reference paths. Add hasher.py library to project.
2871         * Sources.txt: Update for new path to
2872         JSAPIValueWrapper.cpp.
2873         * runtime/JSImmutableButterfly.h: Add missing includes
2874         after changes to Sources.txt and regenerating unified
2875         sources.
2876         * runtime/RuntimeType.h: Ditto.
2877         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
2878         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
2879
2880 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2881
2882         Let Xcode have its way with the JavaScriptCore project
2883
2884         * JavaScriptCore.xcodeproj/project.pbxproj:
2885
2886 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
2887
2888         Add IGNORE_WARNING_.* macros
2889         https://bugs.webkit.org/show_bug.cgi?id=188996
2890
2891         Reviewed by Michael Catanzaro.
2892
2893         * API/JSCallbackObject.h:
2894         * API/tests/testapi.c:
2895         * assembler/LinkBuffer.h:
2896         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2897         * b3/B3LowerToAir.cpp:
2898         * b3/B3Opcode.cpp:
2899         * b3/B3Type.h:
2900         * b3/B3TypeMap.h:
2901         * b3/B3Width.h:
2902         * b3/air/AirArg.cpp:
2903         * b3/air/AirArg.h:
2904         * b3/air/AirCode.h:
2905         * bytecode/Opcode.h:
2906         (JSC::padOpcodeName):
2907         * dfg/DFGSpeculativeJIT.cpp:
2908         (JSC::DFG::SpeculativeJIT::speculateNumber):
2909         (JSC::DFG::SpeculativeJIT::speculateMisc):
2910         * dfg/DFGSpeculativeJIT64.cpp:
2911         * ftl/FTLOutput.h:
2912         * jit/CCallHelpers.h:
2913         (JSC::CCallHelpers::calculatePokeOffset):
2914         * llint/LLIntData.cpp:
2915         * llint/LLIntSlowPaths.cpp:
2916         (JSC::LLInt::slowPathLogF):
2917         * runtime/ConfigFile.cpp:
2918         (JSC::ConfigFile::canonicalizePaths):
2919         * runtime/JSDataViewPrototype.cpp:
2920         * runtime/JSGenericTypedArrayViewConstructor.h:
2921         * runtime/JSGenericTypedArrayViewPrototype.h:
2922         * runtime/Options.cpp:
2923         (JSC::Options::setAliasedOption):
2924         * tools/CodeProfiling.cpp:
2925         * wasm/WasmSections.h:
2926         * wasm/generateWasmValidateInlinesHeader.py:
2927
2928 == Rolled over to ChangeLog-2018-09-11 ==