isASTErroneous in offlineasm should de-macroify before looking for Errors
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-16  Keith Miller  <keith_miller@apple.com>
2
3         isASTErroneous in offlineasm should de-macroify before looking for Errors
4         https://bugs.webkit.org/show_bug.cgi?id=190634
5
6         Reviewed by Mark Lam.
7
8         If a macro isn't usable in a configuration it might still cause us to
9         think the ast is invalid. This change runs the de-macroifier before
10         looking for errors.
11
12         Also, it adds a missing include to Printer.h.
13
14         * assembler/Printer.h:
15         * offlineasm/settings.rb:
16
17 2018-10-16  Justin Michaud  <justin_michaud@apple.com>
18
19         Implement feature flag and bindings for CSS Painting API
20         https://bugs.webkit.org/show_bug.cgi?id=190237
21
22         Reviewed by Ryosuke Niwa.
23
24         * Configurations/FeatureDefines.xcconfig:
25
26 2018-10-16  Keith Miller  <keith_miller@apple.com>
27
28         Unreviewed, forgot to add untracked files.
29
30         * llint/LLIntSettingsExtractor.cpp: Added.
31         (main):
32         * offlineasm/generate_settings_extractor.rb: Added.
33
34 2018-10-16  Keith Miller  <keith_miller@apple.com>
35
36         Unreviewed, reland https://bugs.webkit.org/show_bug.cgi?id=189708 with build fix.
37
38         * CMakeLists.txt:
39         * JavaScriptCore.xcodeproj/project.pbxproj:
40         * llint/LLIntOffsetsExtractor.cpp:
41         (JSC::LLIntOffsetsExtractor::dummy):
42         * offlineasm/generate_offset_extractor.rb:
43         * offlineasm/offsets.rb:
44         * offlineasm/settings.rb:
45
46 2018-10-16  Keith Miller  <keith_miller@apple.com>
47
48         Unreviewed, add missing include.
49
50         * runtime/BasicBlockLocation.h:
51
52 2018-10-15  Keith Miller  <keith_miller@apple.com>
53
54         Support arm64 CPUs with a 32-bit address space
55         https://bugs.webkit.org/show_bug.cgi?id=190273
56
57         Reviewed by Michael Saboff.
58
59         This patch adds support for arm64_32 in the LLInt. In order to
60         make this work we needed to add a new type that reflects the size
61         of a cpu register. This type is called CPURegister or UCPURegister
62         for the unsigned version. Most places that used void* or intptr_t
63         to refer to a register have been changed to use this new type.
64
65         * JavaScriptCore.xcodeproj/project.pbxproj:
66         * assembler/ARM64Assembler.h:
67         (JSC::isInt):
68         (JSC::is4ByteAligned):
69         (JSC::PairPostIndex::PairPostIndex):
70         (JSC::PairPreIndex::PairPreIndex):
71         (JSC::ARM64Assembler::readPointer):
72         (JSC::ARM64Assembler::readCallTarget):
73         (JSC::ARM64Assembler::computeJumpType):
74         (JSC::ARM64Assembler::linkCompareAndBranch):
75         (JSC::ARM64Assembler::linkConditionalBranch):
76         (JSC::ARM64Assembler::linkTestAndBranch):
77         (JSC::ARM64Assembler::loadRegisterLiteral):
78         (JSC::ARM64Assembler::loadStoreRegisterPairPostIndex):
79         (JSC::ARM64Assembler::loadStoreRegisterPairPreIndex):
80         (JSC::ARM64Assembler::loadStoreRegisterPairOffset):
81         (JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
82         (JSC::isInt7): Deleted.
83         (JSC::isInt11): Deleted.
84         * assembler/CPU.h:
85         (JSC::isAddress64Bit):
86         (JSC::isAddress32Bit):
87         * assembler/MacroAssembler.h:
88         (JSC::MacroAssembler::shouldBlind):
89         * assembler/MacroAssemblerARM64.cpp:
90         (JSC::MacroAssemblerARM64::collectCPUFeatures):
91         * assembler/MacroAssemblerARM64.h:
92         (JSC::MacroAssemblerARM64::load):
93         (JSC::MacroAssemblerARM64::store):
94         (JSC::MacroAssemblerARM64::isInIntRange): Deleted.
95         * assembler/Printer.h:
96         * assembler/ProbeContext.h:
97         (JSC::Probe::CPUState::gpr):
98         (JSC::Probe::CPUState::spr):
99         (JSC::Probe::Context::gpr):
100         (JSC::Probe::Context::spr):
101         * b3/B3ConstPtrValue.h:
102         * b3/B3StackmapSpecial.cpp:
103         (JSC::B3::StackmapSpecial::isArgValidForRep):
104         * b3/air/AirArg.h:
105         (JSC::B3::Air::Arg::stackSlot const):
106         (JSC::B3::Air::Arg::special const):
107         * b3/air/testair.cpp:
108         * b3/testb3.cpp:
109         (JSC::B3::testStoreConstantPtr):
110         (JSC::B3::testInterpreter):
111         (JSC::B3::testAddShl32):
112         (JSC::B3::testLoadBaseIndexShift32):
113         * bindings/ScriptFunctionCall.cpp:
114         (Deprecated::ScriptCallArgumentHandler::appendArgument):
115         * bindings/ScriptFunctionCall.h:
116         * bytecode/CodeBlock.cpp:
117         (JSC::roundCalleeSaveSpaceAsVirtualRegisters):
118         * dfg/DFGOSRExit.cpp:
119         (JSC::DFG::restoreCalleeSavesFor):
120         (JSC::DFG::saveCalleeSavesFor):
121         (JSC::DFG::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
122         (JSC::DFG::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
123         * dfg/DFGOSRExitCompilerCommon.cpp:
124         (JSC::DFG::reifyInlinedCallFrames):
125         * dfg/DFGSpeculativeJIT64.cpp:
126         (JSC::DFG::SpeculativeJIT::compile):
127         * disassembler/UDis86Disassembler.cpp:
128         (JSC::tryToDisassembleWithUDis86):
129         * ftl/FTLLowerDFGToB3.cpp:
130         (JSC::FTL::DFG::LowerDFGToB3::compileWeakMapGet):
131         * heap/MachineStackMarker.cpp:
132         (JSC::copyMemory):
133         * interpreter/CallFrame.h:
134         (JSC::ExecState::returnPC const):
135         (JSC::ExecState::hasReturnPC const):
136         (JSC::ExecState::clearReturnPC):
137         (JSC::ExecState::returnPCOffset):
138         (JSC::ExecState::isGlobalExec const):
139         (JSC::ExecState::setReturnPC):
140         * interpreter/CalleeBits.h:
141         (JSC::CalleeBits::boxWasm):
142         (JSC::CalleeBits::isWasm const):
143         (JSC::CalleeBits::asWasmCallee const):
144         * interpreter/Interpreter.cpp:
145         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
146         * interpreter/VMEntryRecord.h:
147         * jit/AssemblyHelpers.h:
148         (JSC::AssemblyHelpers::clearStackFrame):
149         * jit/RegisterAtOffset.h:
150         (JSC::RegisterAtOffset::offsetAsIndex const):
151         * jit/RegisterAtOffsetList.cpp:
152         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
153         * llint/LLIntData.cpp:
154         (JSC::LLInt::Data::performAssertions):
155         * llint/LLIntOfflineAsmConfig.h:
156         * llint/LowLevelInterpreter.asm:
157         * llint/LowLevelInterpreter64.asm:
158         * offlineasm/arm64.rb:
159         * offlineasm/asm.rb:
160         * offlineasm/ast.rb:
161         * offlineasm/backends.rb:
162         * offlineasm/parser.rb:
163         * offlineasm/x86.rb:
164         * runtime/BasicBlockLocation.cpp:
165         (JSC::BasicBlockLocation::dumpData const):
166         (JSC::BasicBlockLocation::emitExecuteCode const):
167         * runtime/BasicBlockLocation.h:
168         * runtime/HasOwnPropertyCache.h:
169         * runtime/JSBigInt.cpp:
170         (JSC::JSBigInt::inplaceMultiplyAdd):
171         (JSC::JSBigInt::digitDiv):
172         * runtime/JSBigInt.h:
173         * runtime/JSObject.h:
174         * runtime/Options.cpp:
175         (JSC::jitEnabledByDefault):
176         * runtime/Options.h:
177         * runtime/RegExp.cpp:
178         (JSC::RegExp::printTraceData):
179         * runtime/SamplingProfiler.cpp:
180         (JSC::CFrameWalker::walk):
181         * runtime/SlowPathReturnType.h:
182         (JSC::encodeResult):
183         (JSC::decodeResult):
184         * tools/SigillCrashAnalyzer.cpp:
185         (JSC::SigillCrashAnalyzer::dumpCodeBlock):
186
187 2018-10-15  Justin Fan  <justin_fan@apple.com>
188
189         Add WebGPU 2018 feature flag and experimental feature flag
190         https://bugs.webkit.org/show_bug.cgi?id=190509
191
192         Reviewed by Dean Jackson.
193
194         Re-add ENABLE_WEBGPU, an experimental feature flag, and a RuntimeEnabledFeature
195         for the 2018 WebGPU prototype.
196
197         * Configurations/FeatureDefines.xcconfig:
198
199 2018-10-15  Timothy Hatcher  <timothy@apple.com>
200
201         Add support for prefers-color-scheme media query
202         https://bugs.webkit.org/show_bug.cgi?id=190499
203         rdar://problem/45212025
204
205         Reviewed by Dean Jackson.
206
207         * Configurations/FeatureDefines.xcconfig: Added ENABLE_DARK_MODE_CSS.
208
209 2018-10-15  Commit Queue  <commit-queue@webkit.org>
210
211         Unreviewed, rolling out r237084, r237088, r237098, and
212         r237114.
213         https://bugs.webkit.org/show_bug.cgi?id=190602
214
215         Breaks internal builds. (Requested by ryanhaddad on #webkit).
216
217         Reverted changesets:
218
219         "Separate configuration extraction from offset extraction"
220         https://bugs.webkit.org/show_bug.cgi?id=189708
221         https://trac.webkit.org/changeset/237084
222
223         "Gardening: Build fix after r237084."
224         https://bugs.webkit.org/show_bug.cgi?id=189708
225         https://trac.webkit.org/changeset/237088
226
227         "Gardening: Build fix after r237084."
228         https://bugs.webkit.org/show_bug.cgi?id=189708
229         https://trac.webkit.org/changeset/237098
230
231         "REGRESSION (r237084): JavaScriptCore fails to build on Linux"
232         https://trac.webkit.org/changeset/237114
233
234 2018-10-15  Keith Miller  <keith_miller@apple.com>
235
236         BytecodeDumper should print all switch labels
237         https://bugs.webkit.org/show_bug.cgi?id=190596
238
239         Reviewed by Saam Barati.
240
241         Right now the bytecode dumper only prints the default target not any of the
242         non-default targets.
243
244         * bytecode/BytecodeDumper.cpp:
245         (JSC::BytecodeDumper<Block>::dumpBytecode):
246
247 2018-10-15  Saam barati  <sbarati@apple.com>
248
249         Emit fjcvtzs on ARM64E on Darwin
250         https://bugs.webkit.org/show_bug.cgi?id=184023
251
252         Reviewed by Yusuke Suzuki and Filip Pizlo.
253
254         ARMv8.3 introduced the fjcvtzs instruction which does double->int32
255         conversion using the semantics defined by JavaScript:
256         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0801g/hko1477562192868.html
257         This patch teaches JSC to use that instruction when possible.
258
259         * assembler/ARM64Assembler.h:
260         (JSC::ARM64Assembler::fjcvtzs):
261         (JSC::ARM64Assembler::fjcvtzsInsn):
262         * assembler/MacroAssemblerARM64.cpp:
263         (JSC::MacroAssemblerARM64::collectCPUFeatures):
264         * assembler/MacroAssemblerARM64.h:
265         (JSC::MacroAssemblerARM64::supportsDoubleToInt32ConversionUsingJavaScriptSemantics):
266         (JSC::MacroAssemblerARM64::convertDoubleToInt32UsingJavaScriptSemantics):
267         * dfg/DFGSpeculativeJIT.cpp:
268         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
269         * disassembler/ARM64/A64DOpcode.cpp:
270         * disassembler/ARM64/A64DOpcode.h:
271         (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName):
272         * ftl/FTLLowerDFGToB3.cpp:
273         (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
274         * jit/JITRightShiftGenerator.cpp:
275         (JSC::JITRightShiftGenerator::generateFastPath):
276         * runtime/MathCommon.h:
277         (JSC::toInt32):
278
279 2018-10-15  Saam Barati  <sbarati@apple.com>
280
281         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
282         https://bugs.webkit.org/show_bug.cgi?id=190262
283         <rdar://problem/44986241>
284
285         Reviewed by Mark Lam.
286
287         We would take the fast path for shiftCountWithArrayStorage when the array
288         hasHoles(). However, the code for this was wrong. It'd incorrectly update
289         ArrayStorage::m_numValuesInVector. Since the hasHoles() for ArrayStorage
290         path is never taken in JetStream 2, this patch just removes that from
291         the fast path. Instead, we just fallback to the slow path when hasHoles().
292         If we find evidence that this matters for real use cases, we can
293         figure out a way to make the fast path work.
294
295         * runtime/JSArray.cpp:
296         (JSC::JSArray::shiftCountWithArrayStorage):
297
298 2018-10-15  Commit Queue  <commit-queue@webkit.org>
299
300         Unreviewed, rolling out r237054.
301         https://bugs.webkit.org/show_bug.cgi?id=190593
302
303         "this regressed JetStream 2 by 6% on iOS" (Requested by
304         saamyjoon on #webkit).
305
306         Reverted changeset:
307
308         "[JSC] JSC should have "parseFunction" to optimize Function
309         constructor"
310         https://bugs.webkit.org/show_bug.cgi?id=190340
311         https://trac.webkit.org/changeset/237054
312
313 2018-10-14  David Kilzer  <ddkilzer@apple.com>
314
315         REGRESSION (r237084): JavaScriptCore fails to build on Linux
316         <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10949>
317
318         * llint/LLIntSettingsExtractor.cpp: Attempt to fix build by
319         including <stdio.h>.
320
321 2018-10-15  Alex Christensen  <achristensen@webkit.org>
322
323         Shrink more enum classes
324         https://bugs.webkit.org/show_bug.cgi?id=190540
325
326         Reviewed by Chris Dumez.
327
328         * runtime/ConsoleTypes.h:
329
330 2018-10-15  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
331
332         [JSC] Disable DOMJIT on 32bit architecture
333         https://bugs.webkit.org/show_bug.cgi?id=190387
334
335         Reviewed by Mark Lam.
336
337         We disable DOMJIT on 32bit architecture due to exhaustion of registers.
338
339         * runtime/Options.h:
340
341 2018-10-15  Alex Christensen  <achristensen@webkit.org>
342
343         Include EnumTraits.h less
344         https://bugs.webkit.org/show_bug.cgi?id=190535
345
346         Reviewed by Chris Dumez.
347
348         * runtime/ConsoleTypes.h:
349
350 2018-10-14  Mark Lam  <mark.lam@apple.com>
351
352         Gardening: Build fix after r237084.
353         https://bugs.webkit.org/show_bug.cgi?id=189708
354
355         Unreviewd.
356
357         * llint/LLIntOffsetsExtractor.cpp:
358
359 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
360
361         [JSC] Remove Option::useAsyncIterator
362         https://bugs.webkit.org/show_bug.cgi?id=190567
363
364         Reviewed by Saam Barati.
365
366         Async iterator is enabled by default at 2017-08-09. It is already shipped in several releases,
367         and we can think that it is already mature. Let's drop the option `Option::useAsyncIterator`.
368
369         * Configurations/FeatureDefines.xcconfig:
370         * bytecompiler/BytecodeGenerator.cpp:
371         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
372         (JSC::BytecodeGenerator::emitNewFunction):
373         * parser/ASTBuilder.h:
374         (JSC::ASTBuilder::createFunctionMetadata):
375         * parser/Parser.cpp:
376         (JSC::Parser<LexerType>::parseForStatement):
377         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
378         (JSC::Parser<LexerType>::parseClass):
379         (JSC::Parser<LexerType>::parseProperty):
380         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
381         * runtime/Options.h:
382
383 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
384
385         [JSC] Remove Options::useObjectRestSpread
386         https://bugs.webkit.org/show_bug.cgi?id=190568
387
388         Reviewed by Saam Barati.
389
390         Options::useObjectRestSpread is enabled by default at 2017-06-27. It is already shipped in several releases,
391         and we can think that it is mature. Let's drop Options::useObjectRestSpread() flag.
392
393         * parser/Parser.cpp:
394         (JSC::Parser<LexerType>::Parser):
395         (JSC::Parser<LexerType>::parseDestructuringPattern):
396         (JSC::Parser<LexerType>::parseProperty):
397         * parser/Parser.h:
398         * runtime/Options.h:
399
400 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
401
402         [JSC] JSON.stringify can accept call-with-no-arguments
403         https://bugs.webkit.org/show_bug.cgi?id=190343
404
405         Reviewed by Mark Lam.
406
407         JSON.stringify can accept `JSON.stringify()` call (call-with-no-arguments) according to the spec[1].
408         Instead of throwing an error, we should take the first argument as `undefined` if it is not given.
409
410         [1]: https://tc39.github.io/ecma262/#sec-json.stringify
411
412         * runtime/JSONObject.cpp:
413         (JSC::JSONProtoFuncStringify):
414
415 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
416
417         Gardening: Build fix after r237084.
418         https://bugs.webkit.org/show_bug.cgi?id=189708
419
420         Unreviewd.
421
422         * JavaScriptCore.xcodeproj/project.pbxproj:
423
424 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
425
426         Separate configuration extraction from offset extraction
427         https://bugs.webkit.org/show_bug.cgi?id=189708
428
429         Reviewed by Keith Miller.
430
431         Instead of generating a file with all offsets for every combination of
432         configurations, we first generate a file with only the configuration
433         indices and pass that to the offset extractor. The offset extractor then
434         only generates the offsets for valid configurations
435
436         * CMakeLists.txt:
437         * JavaScriptCore.xcodeproj/project.pbxproj:
438         * llint/LLIntOffsetsExtractor.cpp:
439         (JSC::LLIntOffsetsExtractor::dummy):
440         * llint/LLIntSettingsExtractor.cpp: Added.
441         (main):
442         * offlineasm/generate_offset_extractor.rb:
443         * offlineasm/generate_settings_extractor.rb: Added.
444         * offlineasm/offsets.rb:
445         * offlineasm/settings.rb:
446
447 2018-10-12  Ryan Haddad  <ryanhaddad@apple.com>
448
449         Unreviewed, rolling out r237063.
450
451         Caused layout test fast/dom/Window/window-postmessage-clone-
452         deep-array.html to fail on macOS and iOS Debug bots.
453
454         Reverted changeset:
455
456         "[JSC] Remove gcc warnings on mips and armv7"
457         https://bugs.webkit.org/show_bug.cgi?id=188598
458         https://trac.webkit.org/changeset/237063
459
460 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
461
462         [JSC] Remove gcc warnings on mips and armv7
463         https://bugs.webkit.org/show_bug.cgi?id=188598
464
465         Reviewed by Mark Lam.
466
467         Fix many gcc/clang warnings that are false positives, mostly alignment
468         issues.
469
470         * assembler/MacroAssemblerPrinter.cpp:
471         (JSC::Printer::printMemory):
472         Use bitwise_cast instead of reinterpret_cast.
473         * assembler/testmasm.cpp:
474         (JSC::floatOperands):
475         marked as potentially unused as it is not used on all platforms.
476         (JSC::testProbeModifiesStackValues):
477         modifiedFlags is not used on mips, so don't declare it.
478         * bytecode/CodeBlock.h:
479         Make ScriptExecutable::prepareForExecution() return an
480         std::optional<Exception*> instead of a JSObject*.
481         * interpreter/Interpreter.cpp:
482         (JSC::Interpreter::executeProgram):
483         (JSC::Interpreter::executeCall):
484         (JSC::Interpreter::executeConstruct):
485         (JSC::Interpreter::prepareForRepeatCall):
486         (JSC::Interpreter::execute):
487         (JSC::Interpreter::executeModuleProgram):
488         Update calling code for the prototype change of
489         ScriptExecutable::prepareForExecution().
490         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
491         * llint/LLIntSlowPaths.cpp:
492         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
493         * runtime/JSBigInt.cpp:
494         (JSC::JSBigInt::dataStorage):
495         Use bitwise_cast instead of reinterpret_cast.
496         * runtime/ScriptExecutable.cpp:
497         * runtime/ScriptExecutable.h:
498         Make ScriptExecutable::prepareForExecution() return an
499         std::optional<Exception*> instead of a JSObject*.
500         * tools/JSDollarVM.cpp:
501         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
502
503 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
504
505         Use currentStackPointer more
506         https://bugs.webkit.org/show_bug.cgi?id=190503
507
508         Reviewed by Saam Barati.
509
510         * runtime/VM.cpp:
511         (JSC::VM::committedStackByteCount):
512
513 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
514
515         [JSC] JSC should have "parseFunction" to optimize Function constructor
516         https://bugs.webkit.org/show_bug.cgi?id=190340
517
518         Reviewed by Mark Lam.
519
520         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
521         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
522         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
523         is really costly and ideally we should meet the above requirement by the one time parsing.
524
525         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
526         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
527         For example, if we run the code,
528
529             Function('/*', '*/){')
530
531         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
532         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
533         that, in our implementation, we first create the entire string.
534
535             function anonymous(/*) {
536                 */){
537             }
538
539         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
540         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
541         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
542         above example while we parse the entire function only once. And we do not need to create two strings too.
543
544         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
545         significantly sped up (28.2%).
546
547         Before:
548             uglify-js:  2.94 runs/s
549         After:
550             uglify-js:  3.77 runs/s
551
552         * bytecode/UnlinkedFunctionExecutable.cpp:
553         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
554         * bytecode/UnlinkedFunctionExecutable.h:
555         * parser/Parser.cpp:
556         (JSC::Parser<LexerType>::parseInner):
557         (JSC::Parser<LexerType>::parseSingleFunction):
558         (JSC::Parser<LexerType>::parseFunctionInfo):
559         (JSC::Parser<LexerType>::parseFunctionDeclaration):
560         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
561         (JSC::Parser<LexerType>::parseClass):
562         (JSC::Parser<LexerType>::parsePropertyMethod):
563         (JSC::Parser<LexerType>::parseGetterSetter):
564         (JSC::Parser<LexerType>::parseFunctionExpression):
565         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
566         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
567         * parser/Parser.h:
568         (JSC::Parser<LexerType>::parse):
569         (JSC::parse):
570         (JSC::parseFunctionForFunctionConstructor):
571         * parser/ParserModes.h:
572         * parser/ParserTokens.h:
573         (JSC::JSTextPosition::JSTextPosition):
574         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
575         * parser/SourceCodeKey.h:
576         (JSC::SourceCodeKey::SourceCodeKey):
577         (JSC::SourceCodeKey::operator== const):
578         * runtime/CodeCache.cpp:
579         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
580         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
581         * runtime/CodeCache.h:
582         * runtime/FunctionConstructor.cpp:
583         (JSC::constructFunctionSkippingEvalEnabledCheck):
584         * runtime/FunctionExecutable.cpp:
585         (JSC::FunctionExecutable::fromGlobalCode):
586         * runtime/FunctionExecutable.h:
587
588 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
589
590         Fix non-existent define `CPU(JSVALUE64)`
591         https://bugs.webkit.org/show_bug.cgi?id=190479
592
593         Reviewed by Yusuke Suzuki.
594
595         * jit/CCallHelpers.h:
596         (JSC::CCallHelpers::setupArgumentsImpl):
597         Correct CPU(JSVALUE64) to USE(JSVALUE64).
598
599 2018-10-11  Keith Rollin  <krollin@apple.com>
600
601         CURRENT_ARCH should not be used in Run Script phase.
602         https://bugs.webkit.org/show_bug.cgi?id=190407
603         <rdar://problem/45133556>
604
605         Reviewed by Alexey Proskuryakov.
606
607         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
608         CURRENT_ARCH is not well-defined during this phase (and may even have
609         the value "undefined") since this phase is run just once per build
610         rather than once per supported architecture. Migrate away from
611         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
612         performing an operation for each value, or by picking the first entry
613         in ARCHS and using that as a representative value.
614
615         * JavaScriptCore.xcodeproj/project.pbxproj: Store
616         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
617         rather than CURRENT_ARCH.
618
619 2018-10-10  Mark Lam  <mark.lam@apple.com>
620
621         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
622         https://bugs.webkit.org/show_bug.cgi?id=190405
623         <rdar://problem/45131464>
624
625         Reviewed by Michael Saboff.
626
627         The ASAN detect_stack_use_after_return option checks for use of stack variables
628         after they have been freed.  It does this by allocating relevant stack variables
629         in heap memory (instead of on the stack) if the code ever takes the address of
630         those stack variables.  Unfortunately, this is a common idiom that we use to
631         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
632         computed approximate stack pointer value will point into the heap instead of the
633         stack.  This breaks the VM's expectations and wreaks havoc.
634
635         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
636         taking the address of stack variables.
637
638         We also need to enhance ExceptionScopes to be able to work with ASAN
639         detect_stack_use_after_return which will allocated the scope in the heap.  We
640         work around this by passing the current stack pointer of the instantiating calling
641         frame into the scope constructor, and using that for the position check in
642         ~ThrowScope() instead.
643
644         The above is only a start towards enabling ASAN detect_stack_use_after_return on
645         the VM.  There are still other issues to be resolved before we can run with this
646         ASAN option.
647
648         * runtime/CatchScope.h:
649         * runtime/ExceptionEventLocation.h:
650         (JSC::ExceptionEventLocation::ExceptionEventLocation):
651         * runtime/ExceptionScope.h:
652         (JSC::ExceptionScope::stackPosition const):
653         * runtime/JSLock.cpp:
654         (JSC::JSLock::didAcquireLock):
655         * runtime/ThrowScope.cpp:
656         (JSC::ThrowScope::~ThrowScope):
657         * runtime/ThrowScope.h:
658         * runtime/VM.h:
659         (JSC::VM::needExceptionCheck const):
660         (JSC::VM::isSafeToRecurse const):
661         * wasm/js/WebAssemblyFunction.cpp:
662         (JSC::callWebAssemblyFunction):
663         * yarr/YarrPattern.cpp:
664         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
665
666 2018-10-10  Devin Rousso  <drousso@apple.com>
667
668         Web Inspector: create special Network waterfall for media events
669         https://bugs.webkit.org/show_bug.cgi?id=189773
670         <rdar://problem/44626605>
671
672         Reviewed by Joseph Pecoraro.
673
674         * inspector/protocol/DOM.json:
675         Add `didFireEvent` event that is fired when specific event listeners added by
676         `InspectorInstrumentation::addEventListenersToNode` are fired.
677
678 2018-10-10  Michael Saboff  <msaboff@apple.com>
679
680         Increase executable memory pool from 64MB to 128MB for ARM64
681         https://bugs.webkit.org/show_bug.cgi?id=190453
682
683         Reviewed by Saam Barati.
684
685         * jit/ExecutableAllocator.cpp:
686
687 2018-10-10  Devin Rousso  <drousso@apple.com>
688
689         Web Inspector: notify the frontend when a canvas has started recording via console.record
690         https://bugs.webkit.org/show_bug.cgi?id=190306
691
692         Reviewed by Brian Burg.
693
694         * inspector/protocol/Canvas.json:
695         Add `recordingStarted` event.
696
697         * inspector/protocol/Recording.json:
698         Add `Initiator` enum for determining who started the recording.
699
700 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
701
702         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
703         https://bugs.webkit.org/show_bug.cgi?id=190429
704
705         Reviewed by Saam Barati.
706
707         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
708         To make it explicit that these functions can fail, we rename these functions from createXXX
709         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
710         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
711         and it should return RefPtr<>.
712
713         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
714         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
715         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
716         RELEASE_ASSERT on the result of `tryCreate(...)`.
717
718         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
719
720         This change actually finds one place which does not perform any null checkings while it uses
721         `RefPtr<> create(...)` function.
722
723         * API/JSCallbackObjectFunctions.h:
724         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
725         (JSC::JSCallbackObject<Parent>::put):
726         (JSC::JSCallbackObject<Parent>::putByIndex):
727         (JSC::JSCallbackObject<Parent>::deleteProperty):
728         (JSC::JSCallbackObject<Parent>::callbackGetter):
729         * API/JSClassRef.h:
730         (StaticValueEntry::StaticValueEntry):
731         * API/JSContext.mm:
732         (-[JSContext evaluateScript:withSourceURL:]):
733         (-[JSContext setName:]):
734         * API/JSContextRef.cpp:
735         (JSGlobalContextCopyName):
736         (JSContextCreateBacktrace):
737         * API/JSObjectRef.cpp:
738         (JSObjectCopyPropertyNames):
739         * API/JSScriptRef.cpp:
740         * API/JSStringRef.cpp:
741         (JSStringCreateWithCharactersNoCopy):
742         * API/JSValue.mm:
743         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
744         (+[JSValue valueWithNewErrorFromMessage:inContext:]):
745         (+[JSValue valueWithNewSymbolFromDescription:inContext:]):
746         (performPropertyOperation):
747         (-[JSValue invokeMethod:withArguments:]):
748         (containerValueToObject):
749         (objectToValueWithoutCopy):
750         (objectToValue):
751         * API/JSValueRef.cpp:
752         (JSValueCreateJSONString):
753         (JSValueToStringCopy):
754         * API/OpaqueJSString.cpp:
755         (OpaqueJSString::tryCreate):
756         (OpaqueJSString::create): Deleted.
757         * API/OpaqueJSString.h:
758         * API/glib/JSCContext.cpp:
759         (evaluateScriptInContext):
760         * API/glib/JSCValue.cpp:
761         (jsc_value_new_string_from_bytes):
762         * ftl/FTLLazySlowPath.h:
763         (JSC::FTL::LazySlowPath::createGenerator):
764         * ftl/FTLLazySlowPathCall.h:
765         (JSC::FTL::createLazyCallGenerator):
766         * ftl/FTLOSRExit.cpp:
767         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
768         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
769         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
770         * ftl/FTLOSRExit.h:
771         * ftl/FTLPatchpointExceptionHandle.cpp:
772         (JSC::FTL::PatchpointExceptionHandle::create):
773         (JSC::FTL::PatchpointExceptionHandle::createHandle):
774         * ftl/FTLPatchpointExceptionHandle.h:
775         * heap/EdenGCActivityCallback.h:
776         (JSC::GCActivityCallback::tryCreateEdenTimer):
777         (JSC::GCActivityCallback::createEdenTimer): Deleted.
778         * heap/FullGCActivityCallback.h:
779         (JSC::GCActivityCallback::tryCreateFullTimer):
780         (JSC::GCActivityCallback::createFullTimer): Deleted.
781         * heap/GCActivityCallback.h:
782         * heap/Heap.cpp:
783         (JSC::Heap::Heap):
784         * inspector/AsyncStackTrace.cpp:
785         (Inspector::AsyncStackTrace::create):
786         * inspector/AsyncStackTrace.h:
787         * jsc.cpp:
788         (fillBufferWithContentsOfFile):
789         * runtime/ArrayBuffer.h:
790         * runtime/GenericTypedArrayView.h:
791         * runtime/GenericTypedArrayViewInlines.h:
792         (JSC::GenericTypedArrayView<Adaptor>::create):
793         (JSC::GenericTypedArrayView<Adaptor>::tryCreate):
794         (JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
795         (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized):
796         (JSC::GenericTypedArrayView<Adaptor>::subarray const):
797         * runtime/JSArrayBufferView.cpp:
798         (JSC::JSArrayBufferView::possiblySharedImpl):
799         * runtime/JSGenericTypedArrayViewInlines.h:
800         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
801         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
802         * wasm/WasmMemory.cpp:
803         (JSC::Wasm::Memory::create):
804         (JSC::Wasm::Memory::tryCreate):
805         * wasm/WasmMemory.h:
806         * wasm/WasmTable.cpp:
807         (JSC::Wasm::Table::tryCreate):
808         (JSC::Wasm::Table::create): Deleted.
809         * wasm/WasmTable.h:
810         * wasm/js/JSWebAssemblyInstance.cpp:
811         (JSC::JSWebAssemblyInstance::create):
812         * wasm/js/JSWebAssemblyMemory.cpp:
813         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
814         * wasm/js/WebAssemblyMemoryConstructor.cpp:
815         (JSC::constructJSWebAssemblyMemory):
816         * wasm/js/WebAssemblyModuleRecord.cpp:
817         (JSC::WebAssemblyModuleRecord::link):
818         * wasm/js/WebAssemblyTableConstructor.cpp:
819         (JSC::constructJSWebAssemblyTable):
820
821 2018-10-09  Devin Rousso  <drousso@apple.com>
822
823         Web Inspector: show redirect requests in Network and Timelines tabs
824         https://bugs.webkit.org/show_bug.cgi?id=150005
825         <rdar://problem/5378164>
826
827         Reviewed by Joseph Pecoraro.
828
829         * inspector/protocol/Network.json:
830         Add missing fields to `ResourceTiming`.
831
832 2018-10-09  Claudio Saavedra  <csaavedra@igalia.com>
833
834         [WPE] Explicitly link against gmodule where used
835         https://bugs.webkit.org/show_bug.cgi?id=190398
836
837         Reviewed by Michael Catanzaro.
838
839         * PlatformWPE.cmake:
840
841 2018-10-08  Justin Fan  <justin_fan@apple.com>
842
843         WebGPU: Rename old WebGPU prototype to WebMetal
844         https://bugs.webkit.org/show_bug.cgi?id=190325
845         <rdar://problem/44990443>
846
847         Reviewed by Dean Jackson.
848
849         Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface.
850
851         * Configurations/FeatureDefines.xcconfig:
852         * inspector/protocol/Canvas.json:
853         * inspector/scripts/codegen/generator.py:
854
855 2018-10-08  Aditya Keerthi  <akeerthi@apple.com>
856
857         Make <input type=color> a runtime enabled (on-by-default) feature
858         https://bugs.webkit.org/show_bug.cgi?id=189162
859
860         Reviewed by Wenson Hsieh and Tim Horton.
861
862         * Configurations/FeatureDefines.xcconfig:
863
864 2018-10-08  Devin Rousso  <drousso@apple.com>
865
866         Web Inspector: group media network entries by the node that triggered the request
867         https://bugs.webkit.org/show_bug.cgi?id=189606
868         <rdar://problem/44438527>
869
870         Reviewed by Brian Burg.
871
872         * inspector/protocol/Network.json:
873         Add an optional `nodeId` field to the `Initiator` object that is set it is possible to
874         determine which ancestor node triggered the load. It may not correspond directly to the node
875         with the href/src, as that url may only be used by an ancestor for loading.
876
877 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
878
879         [JSC][Linux] Use non-truncated name for JIT workers in Linux
880         https://bugs.webkit.org/show_bug.cgi?id=190339
881
882         Reviewed by Mark Lam.
883
884         The current thread names are meaningless in Linux environment. We do not want to
885         have truncated name in Linux: we want to have clear name in Linux. Instead, we
886         should have the name for Linux separately from the name used in the non-Linux
887         environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for
888         Linux environment.
889
890         * dfg/DFGWorklist.cpp:
891         (JSC::DFG::createWorklistName):
892         (JSC::DFG::Worklist::Worklist):
893         (JSC::DFG::Worklist::create):
894         (JSC::DFG::ensureGlobalDFGWorklist):
895         (JSC::DFG::ensureGlobalFTLWorklist):
896         * dfg/DFGWorklist.h:
897         * jit/JITWorklist.cpp:
898
899 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
900
901         Name Heap threads
902         https://bugs.webkit.org/show_bug.cgi?id=190337
903
904         Reviewed by Mark Lam.
905
906         Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since
907         Linux does not accept the name longer than 15. We do not want to use the short name
908         for non-Linux environment. And we want to have clear name in Linux: truncated name
909         is not good. So, having the two names is the only way.
910
911         * heap/HeapHelperPool.cpp:
912         (JSC::heapHelperPool):
913
914 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
915
916         [JSC] Avoid creating ProgramExecutable in checkSyntax
917         https://bugs.webkit.org/show_bug.cgi?id=190332
918
919         Reviewed by Mark Lam.
920
921         uglify-js in web-tooling-benchmark executes massive number of Function constructor calls.
922         In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax
923         is important when the performance of Function constructor matters. Current checkSyntax code
924         unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves
925         the benchmark score slightly.
926
927         Before:
928             uglify-js:  2.87 runs/s
929         After:
930             uglify-js:  2.94 runs/s
931
932         * runtime/Completion.cpp:
933         (JSC::checkSyntaxInternal):
934         (JSC::checkSyntax):
935         * runtime/ProgramExecutable.cpp:
936         (JSC::ProgramExecutable::checkSyntax): Deleted.
937         * runtime/ProgramExecutable.h:
938
939 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
940
941         [ESNext][BigInt] Implement support for "|"
942         https://bugs.webkit.org/show_bug.cgi?id=186229
943
944         Reviewed by Yusuke Suzuki.
945
946         This patch is introducing support for BigInt into bitwise "or" operator.
947         In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and
948         "ValueBitOr", to replace "BitOr" node. The idea is to follow the
949         difference that we make on Arith<op> and Value<op>, where ArithBitOr
950         handles cases when the operands are Int32 and ValueBitOr handles
951         the remaining cases.
952
953         We are also changing op_bitor to use ValueProfile. We are using
954         ValueProfile during DFG generation to emit "ArithBitOr" when
955         outcome prediction is Int32.
956
957         * bytecode/CodeBlock.cpp:
958         (JSC::CodeBlock::finishCreation):
959         (JSC::CodeBlock::arithProfileForPC):
960         * bytecompiler/BytecodeGenerator.cpp:
961         (JSC::BytecodeGenerator::emitBinaryOp):
962         * dfg/DFGAbstractInterpreterInlines.h:
963         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
964         * dfg/DFGBackwardsPropagationPhase.cpp:
965         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
966         (JSC::DFG::BackwardsPropagationPhase::propagate):
967         * dfg/DFGByteCodeParser.cpp:
968         (JSC::DFG::ByteCodeParser::parseBlock):
969         * dfg/DFGClobberize.h:
970         (JSC::DFG::clobberize):
971         * dfg/DFGDoesGC.cpp:
972         (JSC::DFG::doesGC):
973         * dfg/DFGFixupPhase.cpp:
974         (JSC::DFG::FixupPhase::fixupNode):
975         * dfg/DFGNodeType.h:
976         * dfg/DFGOperations.cpp:
977         (JSC::DFG::bitwiseOp):
978         * dfg/DFGOperations.h:
979         * dfg/DFGPredictionPropagationPhase.cpp:
980         * dfg/DFGSafeToExecute.h:
981         (JSC::DFG::safeToExecute):
982         * dfg/DFGSpeculativeJIT.cpp:
983         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
984         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
985         * dfg/DFGSpeculativeJIT.h:
986         (JSC::DFG::SpeculativeJIT::bitOp):
987         * dfg/DFGSpeculativeJIT32_64.cpp:
988         (JSC::DFG::SpeculativeJIT::compile):
989         * dfg/DFGSpeculativeJIT64.cpp:
990         (JSC::DFG::SpeculativeJIT::compile):
991         * dfg/DFGStrengthReductionPhase.cpp:
992         (JSC::DFG::StrengthReductionPhase::handleNode):
993         * ftl/FTLCapabilities.cpp:
994         (JSC::FTL::canCompile):
995         * ftl/FTLLowerDFGToB3.cpp:
996         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
997         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
998         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr):
999         (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted.
1000         * jit/JITArithmetic.cpp:
1001         (JSC::JIT::emit_op_bitor):
1002         * llint/LowLevelInterpreter32_64.asm:
1003         * llint/LowLevelInterpreter64.asm:
1004         * runtime/CommonSlowPaths.cpp:
1005         (JSC::SLOW_PATH_DECL):
1006         * runtime/JSBigInt.cpp:
1007         (JSC::JSBigInt::bitwiseAnd):
1008         (JSC::JSBigInt::bitwiseOr):
1009         (JSC::JSBigInt::absoluteBitwiseOp):
1010         (JSC::JSBigInt::absoluteAddOne):
1011         * runtime/JSBigInt.h:
1012
1013 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1014
1015         [JSC] Use new extra memory reporting in SparseArrayMap
1016         https://bugs.webkit.org/show_bug.cgi?id=190278
1017
1018         Reviewed by Keith Miller.
1019
1020         This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory
1021         to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap.
1022
1023         * runtime/SparseArrayValueMap.cpp:
1024         (JSC::SparseArrayValueMap::add):
1025         (JSC::SparseArrayValueMap::visitChildren):
1026
1027 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1028
1029         [JSC][Linux] Support Perf JITDump logging
1030         https://bugs.webkit.org/show_bug.cgi?id=189893
1031
1032         Reviewed by Mark Lam.
1033
1034         This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information.
1035         We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory.
1036         By using this dump and perf.data output, we can annotate JIT code with profiling information.
1037
1038             $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js
1039             $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true
1040             [ perf record: Woken up 1 times to write data ]
1041             [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ]
1042             $ perf inject --jit -i perf.data -o perf.jit.data
1043             $ perf report -i perf.jit.data
1044
1045         * Sources.txt:
1046         * assembler/LinkBuffer.cpp:
1047         (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
1048         * assembler/LinkBuffer.h:
1049         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1050         * assembler/PerfLog.cpp: Added.
1051         (JSC::PerfLog::singleton):
1052         (JSC::generateTimestamp):
1053         (JSC::getCurrentThreadID):
1054         (JSC::PerfLog::PerfLog):
1055         (JSC::PerfLog::write):
1056         (JSC::PerfLog::flush):
1057         (JSC::PerfLog::log):
1058         * assembler/PerfLog.h: Added.
1059         * jit/ExecutableAllocator.cpp:
1060         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1061         * runtime/Options.cpp:
1062         (JSC::Options::isAvailable):
1063         * runtime/Options.h:
1064
1065 2018-10-05  Mark Lam  <mark.lam@apple.com>
1066
1067         Gardening: Build fix after r236880.
1068         https://bugs.webkit.org/show_bug.cgi?id=190317
1069
1070         Unreviewed.
1071
1072         * jit/ExecutableAllocator.h:
1073
1074 2018-10-05  Mark Lam  <mark.lam@apple.com>
1075
1076         performJITMemcpy() should handle the case when the executable allocator is not initialized yet.
1077         https://bugs.webkit.org/show_bug.cgi?id=190317
1078         <rdar://problem/45039398>
1079
1080         Reviewed by Saam Barati.
1081
1082         When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy()
1083         to copy memory before the JIT fixed memory pool is initialize.  Before r236864,
1084         performJITMemcpy() would just do a memcpy in that case.  We need to restore the
1085         equivalent behavior.
1086
1087         * jit/ExecutableAllocator.cpp:
1088         (JSC::isJITPC):
1089         * jit/ExecutableAllocator.h:
1090         (JSC::performJITMemcpy):
1091
1092 2018-10-05  Carlos Eduardo Ramalho  <cadubentzen@gmail.com>
1093
1094         [WPE][JSC] Use Unified Sources for Platform-specific sources
1095         https://bugs.webkit.org/show_bug.cgi?id=190300
1096
1097         Reviewed by Yusuke Suzuki.
1098
1099         Currently the GTK port already used Unified Sources with the same source files.
1100         As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES
1101         to the list of libraries to link with.
1102
1103         * PlatformWPE.cmake:
1104         * SourcesWPE.txt: Added.
1105         * shell/PlatformWPE.cmake:
1106
1107 2018-10-05  Mike Gorse  <mgorse@alum.wpi.edu>
1108
1109         [GTK] build fails with python 3 if LANG and LC_TYPE are unset
1110         https://bugs.webkit.org/show_bug.cgi?id=190258
1111
1112         Reviewed by Konstantin Tokarev.
1113
1114         * Scripts/cssmin.py: Set stdout to UTF-8 on python 3.
1115         * Scripts/generateIntlCanonicalizeLanguage.py: Open files with
1116           encoding=UTF-8 on Python 3.
1117         * yarr/generateYarrCanonicalizeUnicode: Ditto.
1118         * yarr/generateYarrUnicodePropertyTables.py: Ditto.
1119
1120 2018-10-04  Mark Lam  <mark.lam@apple.com>
1121
1122         Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object.
1123         https://bugs.webkit.org/show_bug.cgi?id=190295
1124         <rdar://problem/19197193>
1125
1126         Reviewed by Saam Barati.
1127
1128         This allows us to use the tagging logic already baked into MacroAssemblerCodePtr
1129         instead of needing to use our own custom version here.
1130
1131         * jit/ExecutableAllocator.cpp:
1132         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1133         (JSC::FixedVMPoolExecutableAllocator::memoryStart):
1134         (JSC::FixedVMPoolExecutableAllocator::memoryEnd):
1135         (JSC::FixedVMPoolExecutableAllocator::isJITPC):
1136         (JSC::ExecutableAllocator::allocate):
1137         (JSC::startOfFixedExecutableMemoryPoolImpl):
1138         (JSC::endOfFixedExecutableMemoryPoolImpl):
1139         (JSC::isJITPC):
1140         * jit/ExecutableAllocator.h:
1141
1142 2018-10-04  Mark Lam  <mark.lam@apple.com>
1143
1144         Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled.
1145         https://bugs.webkit.org/show_bug.cgi?id=190283
1146         <rdar://problem/45015752>
1147
1148         Reviewed by Keith Miller.
1149
1150         * runtime/Options.cpp:
1151         (JSC::Options::initialize):
1152         * wasm/WasmFaultSignalHandler.cpp:
1153         (JSC::Wasm::enableFastMemory):
1154
1155 2018-10-03  Ross Kirsling  <ross.kirsling@sony.com>
1156
1157         [JSC] print() changes CRLF to CRCRLF on Windows
1158         https://bugs.webkit.org/show_bug.cgi?id=190228
1159
1160         Reviewed by Mark Lam.
1161
1162         * jsc.cpp:
1163         (main):
1164         Ultimately, this is just the normal behavior of printf in text mode on Windows.
1165         Since we're reading in files as binary, we need to be printing out as binary too
1166         (just as we do in DumpRenderTree and ImageDiff.)
1167
1168 2018-10-03  Saam barati  <sbarati@apple.com>
1169
1170         lowXYZ in FTLLower should always filter the type of the incoming edge
1171         https://bugs.webkit.org/show_bug.cgi?id=189939
1172         <rdar://problem/44407030>
1173
1174         Reviewed by Michael Saboff.
1175
1176         For example, the FTL may know more about data flow than AI in certain programs,
1177         and it needs to inform AI of these data flow properties to appease the assertion
1178         we have in AI that a node must perform type checks on its child nodes.
1179         
1180         For example, consider this program:
1181         
1182         ```
1183         bb#1
1184         a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
1185         Branch(...,  #2, #3)
1186         
1187         bb#2
1188         ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
1189         Jump(#3)
1190         
1191         bb#3
1192         c: Add(Int32:@something, Int32:@a)
1193         ```
1194         
1195         When the Add node does lowInt32() for @a, FTL lower used to just grab it
1196         from the int32 hash table without filtering the AbstractValue. However,
1197         the parent node is asking for a type check to happen, so we must inform
1198         AI of this "type check" if we want to appease the assertion that all nodes
1199         perform type checks for their edges that semantically perform type checks.
1200         This patch makes it so we filter the AbstractValue in the lowXYZ even
1201         if FTLLower proved the value must be XYZ.
1202
1203         * ftl/FTLLowerDFGToB3.cpp:
1204         (JSC::FTL::DFG::LowerDFGToB3::compilePhi):
1205         (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
1206         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
1207         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
1208         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
1209
1210 2018-10-03  Michael Saboff  <msaboff@apple.com>
1211
1212         Command line jsc should report memory footprint in bytes
1213         https://bugs.webkit.org/show_bug.cgi?id=190267
1214
1215         Reviewed by Mark Lam.
1216
1217         Change to leave the footprint values from the system unmodified.
1218
1219         * jsc.cpp:
1220         (JSCMemoryFootprint::finishCreation):
1221
1222 2018-10-03  Mark Lam  <mark.lam@apple.com>
1223
1224         Suppress unreachable code warning for LLIntAssembly.h code.
1225         https://bugs.webkit.org/show_bug.cgi?id=190263
1226         <rdar://problem/44986532>
1227
1228         Reviewed by Saam Barati.
1229
1230         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
1231         asm files, and may contain dead code which are harmless, but will trip up the warning.
1232         We should suppress the warning so that it doesn't break builds.
1233
1234         * llint/LowLevelInterpreter.cpp:
1235         (JSC::CLoop::execute):
1236
1237 2018-10-03  Dan Bernstein  <mitz@apple.com>
1238
1239         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
1240         https://bugs.webkit.org/show_bug.cgi?id=190250
1241
1242         Reviewed by Alex Christensen.
1243
1244         * API/tests/Regress141275.mm:
1245         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
1246           by making the self-retaining explicit.
1247
1248         * API/tests/testapi.cpp:
1249         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
1250           loop instead of returning from the lambda.
1251
1252         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
1253           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
1254           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
1255
1256         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
1257           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
1258
1259         * assembler/MacroAssemblerPrinter.cpp:
1260         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
1261           some commas with semicolons.
1262
1263 2018-10-03  Mark Lam  <mark.lam@apple.com>
1264
1265         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
1266         https://bugs.webkit.org/show_bug.cgi?id=190187
1267         <rdar://problem/42512909>
1268
1269         Reviewed by Michael Saboff.
1270
1271         Allowing different max string lengths at each level opens up opportunities for
1272         bugs to creep in.  With 2 different max length values, it is more difficult to
1273         keep the story straight on how we do overflow / bounds checks at each place in
1274         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
1275         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
1276         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
1277         standardize on a MaxLength of INT_MAX at all levels.
1278
1279         We'll also standardize the way we do length overflow checks on using
1280         CheckedArithmetic, and add some asserts to document the assumptions of the code.
1281
1282         * runtime/FunctionConstructor.cpp:
1283         (JSC::constructFunctionSkippingEvalEnabledCheck):
1284         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
1285         * runtime/JSString.h:
1286         (JSC::JSString::finishCreation):
1287         (JSC::JSString::createHasOtherOwner):
1288         (JSC::JSString::setLength):
1289         * runtime/JSStringInlines.h:
1290         (JSC::jsMakeNontrivialString):
1291         * runtime/Operations.h:
1292         (JSC::jsString):
1293
1294 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
1295
1296         [JSC] Add a C++ callable overload of objectConstructorSeal
1297         https://bugs.webkit.org/show_bug.cgi?id=190137
1298
1299         Reviewed by Yusuke Suzuki.
1300
1301         * runtime/ObjectConstructor.cpp:
1302         * runtime/ObjectConstructor.h:
1303
1304 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
1305
1306         Fix Disassembler-output on ARM Thumb2
1307         https://bugs.webkit.org/show_bug.cgi?id=190203
1308
1309         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
1310         execution in thumb mode for jumps and calls. The actual machine
1311         instructions are still aligned to 2-bytes though. Use dataLocation() as
1312         start address for disassembling since it unsets the thumb bit.
1313         Until now the disassembler would start at the wrong address (off by 1),
1314         resulting in the wrong disassembled machine instructions.
1315
1316         Reviewed by Mark Lam.
1317
1318         * disassembler/CapstoneDisassembler.cpp:
1319         (JSC::tryToDisassemble):
1320
1321 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1322
1323         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
1324         https://bugs.webkit.org/show_bug.cgi?id=190215
1325
1326         Reviewed by Mark Lam.
1327
1328         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
1329         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
1330         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
1331         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
1332         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
1333
1334         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
1335         non-JIT configurations. This does not have any functionality allocating executable memory, thus
1336         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
1337
1338         * jit/ExecutableAllocator.cpp:
1339         (JSC::ExecutableAllocator::initializeAllocator):
1340         (JSC::ExecutableAllocator::singleton):
1341         * jit/ExecutableAllocator.h:
1342         (JSC::ExecutableAllocator::isValid const):
1343         (JSC::ExecutableAllocator::underMemoryPressure):
1344         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1345         (JSC::ExecutableAllocator::dumpProfile):
1346         (JSC::ExecutableAllocator::allocate):
1347         (JSC::ExecutableAllocator::isValidExecutableMemory):
1348         (JSC::ExecutableAllocator::committedByteCount):
1349         (JSC::ExecutableAllocator::getLock const):
1350         (JSC::performJITMemcpy):
1351
1352 2018-10-01  Dean Jackson  <dino@apple.com>
1353
1354         Remove CSS Animation Triggers
1355         https://bugs.webkit.org/show_bug.cgi?id=190175
1356         <rdar://problem/44925626>
1357
1358         Reviewed by Simon Fraser.
1359
1360         * Configurations/FeatureDefines.xcconfig:
1361
1362 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
1363
1364         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1365         https://bugs.webkit.org/show_bug.cgi?id=190033
1366
1367         Reviewed by Yusuke Suzuki.
1368
1369         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1370         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1371         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1372         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1373         digit.
1374
1375         * runtime/JSBigInt.cpp:
1376         (JSC::JSBigInt::toString):
1377         (JSC::JSBigInt::toStringBasePowerOfTwo):
1378         * runtime/JSBigInt.h:
1379
1380 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1381
1382         [JSC] Add branchIfNaN and branchIfNotNaN
1383         https://bugs.webkit.org/show_bug.cgi?id=190122
1384
1385         Reviewed by Mark Lam.
1386
1387         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
1388
1389         * dfg/DFGSpeculativeJIT.cpp:
1390         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
1391         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
1392         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
1393         (JSC::DFG::SpeculativeJIT::compileSpread):
1394         (JSC::DFG::SpeculativeJIT::compileNewArray):
1395         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
1396         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
1397         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
1398         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
1399         * dfg/DFGSpeculativeJIT32_64.cpp:
1400         (JSC::DFG::SpeculativeJIT::compile):
1401         * dfg/DFGSpeculativeJIT64.cpp:
1402         (JSC::DFG::SpeculativeJIT::compile):
1403         * jit/AssemblyHelpers.cpp:
1404         (JSC::AssemblyHelpers::purifyNaN):
1405         * jit/AssemblyHelpers.h:
1406         (JSC::AssemblyHelpers::branchIfNaN):
1407         (JSC::AssemblyHelpers::branchIfNotNaN):
1408         * jit/JITPropertyAccess.cpp:
1409         (JSC::JIT::emitGenericContiguousPutByVal):
1410         (JSC::JIT::emitDoubleLoad):
1411         (JSC::JIT::emitFloatTypedArrayGetByVal):
1412         * jit/JITPropertyAccess32_64.cpp:
1413         (JSC::JIT::emitGenericContiguousPutByVal):
1414         * wasm/js/JSToWasm.cpp:
1415         (JSC::Wasm::createJSToWasmWrapper):
1416
1417 2018-10-01  Mark Lam  <mark.lam@apple.com>
1418
1419         Function.toString() should also copy the source code Functions that are class definitions.
1420         https://bugs.webkit.org/show_bug.cgi?id=190186
1421         <rdar://problem/44733360>
1422
1423         Reviewed by Saam Barati.
1424
1425         Previously, if the Function is a class definition, functionProtoFuncToString()
1426         would create a String using StringView::toStringWithoutCopying(), and use that
1427         String to make a JSString.  This is not a problem if the underlying SourceProvider
1428         (that backs the characters in that StringView) is immortal.  However, this is
1429         not always the case in practice.
1430
1431         This patch fixes this issue by changing functionProtoFuncToString() to create the
1432         String using StringView::toString() instead, which makes a copy of the underlying
1433         characters buffer.  This detaches the resultant JSString from the SourceProvider
1434         characters buffer that it was created from, and ensure that the underlying
1435         characters buffer of the string will be alive for the entire lifetime of the
1436         JSString.
1437
1438         * runtime/FunctionPrototype.cpp:
1439         (JSC::functionProtoFuncToString):
1440
1441 2018-10-01  Keith Miller  <keith_miller@apple.com>
1442
1443         Create a RELEASE_AND_RETURN macro for ExceptionScopes
1444         https://bugs.webkit.org/show_bug.cgi?id=190163
1445
1446         Reviewed by Mark Lam.
1447
1448         The new RELEASE_AND_RETURN does all the work for cases
1449         where you want to return the result of some expression
1450         without explicitly checking for an exception. This is
1451         much like the existing RETURN_IF_EXCEPTION macro.
1452
1453         * dfg/DFGOperations.cpp:
1454         (JSC::DFG::newTypedArrayWithSize):
1455         * interpreter/Interpreter.cpp:
1456         (JSC::eval):
1457         * jit/JITOperations.cpp:
1458         (JSC::getByVal):
1459         * jsc.cpp:
1460         (functionDollarAgentReceiveBroadcast):
1461         * llint/LLIntSlowPaths.cpp:
1462         (JSC::LLInt::setUpCall):
1463         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1464         (JSC::LLInt::varargsSetup):
1465         * profiler/ProfilerDatabase.cpp:
1466         (JSC::Profiler::Database::toJSON const):
1467         * runtime/AbstractModuleRecord.cpp:
1468         (JSC::AbstractModuleRecord::hostResolveImportedModule):
1469         * runtime/ArrayConstructor.cpp:
1470         (JSC::constructArrayWithSizeQuirk):
1471         * runtime/ArrayPrototype.cpp:
1472         (JSC::getProperty):
1473         (JSC::fastJoin):
1474         (JSC::arrayProtoFuncToString):
1475         (JSC::arrayProtoFuncToLocaleString):
1476         (JSC::arrayProtoFuncJoin):
1477         (JSC::arrayProtoFuncPop):
1478         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1479         * runtime/BigIntConstructor.cpp:
1480         (JSC::toBigInt):
1481         * runtime/CommonSlowPaths.h:
1482         (JSC::CommonSlowPaths::opInByVal):
1483         * runtime/ConstructData.cpp:
1484         (JSC::construct):
1485         * runtime/DateConstructor.cpp:
1486         (JSC::dateParse):
1487         * runtime/DatePrototype.cpp:
1488         (JSC::dateProtoFuncToPrimitiveSymbol):
1489         * runtime/DirectArguments.h:
1490         * runtime/ErrorConstructor.cpp:
1491         (JSC::Interpreter::constructWithErrorConstructor):
1492         * runtime/ErrorPrototype.cpp:
1493         (JSC::errorProtoFuncToString):
1494         * runtime/ExceptionScope.h:
1495         * runtime/FunctionConstructor.cpp:
1496         (JSC::constructFunction):
1497         * runtime/FunctionPrototype.cpp:
1498         (JSC::functionProtoFuncToString):
1499         * runtime/GenericArgumentsInlines.h:
1500         (JSC::GenericArguments<Type>::defineOwnProperty):
1501         * runtime/GetterSetter.cpp:
1502         (JSC::callGetter):
1503         * runtime/IntlCollatorConstructor.cpp:
1504         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1505         * runtime/IntlCollatorPrototype.cpp:
1506         (JSC::IntlCollatorFuncCompare):
1507         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
1508         * runtime/IntlDateTimeFormatConstructor.cpp:
1509         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1510         * runtime/IntlDateTimeFormatPrototype.cpp:
1511         (JSC::IntlDateTimeFormatFuncFormatDateTime):
1512         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
1513         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
1514         * runtime/IntlNumberFormatConstructor.cpp:
1515         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1516         * runtime/IntlNumberFormatPrototype.cpp:
1517         (JSC::IntlNumberFormatFuncFormatNumber):
1518         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
1519         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
1520         * runtime/IntlObject.cpp:
1521         (JSC::intlNumberOption):
1522         * runtime/IntlObjectInlines.h:
1523         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
1524         * runtime/IntlPluralRules.cpp:
1525         (JSC::IntlPluralRules::resolvedOptions):
1526         * runtime/IntlPluralRulesConstructor.cpp:
1527         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
1528         * runtime/IntlPluralRulesPrototype.cpp:
1529         (JSC::IntlPluralRulesPrototypeFuncSelect):
1530         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
1531         * runtime/JSArray.cpp:
1532         (JSC::JSArray::defineOwnProperty):
1533         (JSC::JSArray::put):
1534         (JSC::JSArray::setLength):
1535         (JSC::JSArray::unshiftCountWithAnyIndexingType):
1536         * runtime/JSArrayBufferPrototype.cpp:
1537         (JSC::arrayBufferProtoGetterFuncByteLength):
1538         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
1539         * runtime/JSArrayInlines.h:
1540         (JSC::toLength):
1541         * runtime/JSBoundFunction.cpp:
1542         (JSC::boundFunctionCall):
1543         (JSC::boundFunctionConstruct):
1544         * runtime/JSCJSValue.cpp:
1545         (JSC::JSValue::putToPrimitive):
1546         * runtime/JSCJSValueInlines.h:
1547         (JSC::JSValue::toIndex const):
1548         (JSC::JSValue::toPropertyKey const):
1549         (JSC::JSValue::get const):
1550         (JSC::JSValue::getPropertySlot const):
1551         (JSC::JSValue::getOwnPropertySlot const):
1552         (JSC::JSValue::equalSlowCaseInline):
1553         * runtime/JSDataView.cpp:
1554         (JSC::JSDataView::put):
1555         (JSC::JSDataView::defineOwnProperty):
1556         * runtime/JSFunction.cpp:
1557         (JSC::JSFunction::put):
1558         (JSC::JSFunction::defineOwnProperty):
1559         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1560         (JSC::constructGenericTypedArrayViewWithArguments):
1561         (JSC::constructGenericTypedArrayView):
1562         * runtime/JSGenericTypedArrayViewInlines.h:
1563         (JSC::JSGenericTypedArrayView<Adaptor>::set):
1564         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1565         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1566         (JSC::speciesConstruct):
1567         (JSC::genericTypedArrayViewProtoFuncJoin):
1568         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1569         * runtime/JSGlobalObject.cpp:
1570         (JSC::JSGlobalObject::put):
1571         * runtime/JSGlobalObjectFunctions.cpp:
1572         (JSC::decode):
1573         (JSC::globalFuncEval):
1574         (JSC::globalFuncProtoGetter):
1575         * runtime/JSInternalPromise.cpp:
1576         (JSC::JSInternalPromise::then):
1577         * runtime/JSModuleEnvironment.cpp:
1578         (JSC::JSModuleEnvironment::put):
1579         * runtime/JSModuleLoader.cpp:
1580         (JSC::JSModuleLoader::provideFetch):
1581         (JSC::JSModuleLoader::loadAndEvaluateModule):
1582         (JSC::JSModuleLoader::loadModule):
1583         (JSC::JSModuleLoader::linkAndEvaluateModule):
1584         (JSC::JSModuleLoader::requestImportModule):
1585         (JSC::JSModuleLoader::getModuleNamespaceObject):
1586         (JSC::moduleLoaderRequestedModules):
1587         * runtime/JSONObject.cpp:
1588         (JSC::Stringifier::stringify):
1589         (JSC::Stringifier::toJSON):
1590         (JSC::Walker::walk):
1591         (JSC::JSONProtoFuncStringify):
1592         * runtime/JSObject.cpp:
1593         (JSC::ordinarySetSlow):
1594         (JSC::JSObject::putInlineSlow):
1595         (JSC::JSObject::toPrimitive const):
1596         (JSC::JSObject::hasInstance):
1597         (JSC::JSObject::toNumber const):
1598         (JSC::JSObject::defineOwnIndexedProperty):
1599         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
1600         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
1601         (JSC::JSObject::defineOwnNonIndexProperty):
1602         * runtime/JSObject.h:
1603         (JSC::JSObject::get const):
1604         * runtime/JSObjectInlines.h:
1605         (JSC::JSObject::getPropertySlot const):
1606         (JSC::JSObject::putInlineForJSObject):
1607         * runtime/MapConstructor.cpp:
1608         (JSC::constructMap):
1609         * runtime/NativeErrorConstructor.cpp:
1610         (JSC::Interpreter::constructWithNativeErrorConstructor):
1611         * runtime/ObjectConstructor.cpp:
1612         (JSC::constructObject):
1613         (JSC::objectConstructorGetPrototypeOf):
1614         (JSC::objectConstructorGetOwnPropertyDescriptor):
1615         (JSC::objectConstructorGetOwnPropertyDescriptors):
1616         (JSC::objectConstructorGetOwnPropertyNames):
1617         (JSC::objectConstructorGetOwnPropertySymbols):
1618         (JSC::objectConstructorKeys):
1619         (JSC::objectConstructorDefineProperty):
1620         (JSC::objectConstructorDefineProperties):
1621         (JSC::objectConstructorCreate):
1622         * runtime/ObjectPrototype.cpp:
1623         (JSC::objectProtoFuncToLocaleString):
1624         (JSC::objectProtoFuncToString):
1625         * runtime/Operations.cpp:
1626         (JSC::jsAddSlowCase):
1627         * runtime/Operations.h:
1628         (JSC::jsString):
1629         (JSC::jsLess):
1630         (JSC::jsLessEq):
1631         * runtime/ParseInt.h:
1632         (JSC::toStringView):
1633         * runtime/ProxyConstructor.cpp:
1634         (JSC::constructProxyObject):
1635         * runtime/ProxyObject.cpp:
1636         (JSC::ProxyObject::toStringName):
1637         (JSC::performProxyGet):
1638         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
1639         (JSC::ProxyObject::performHasProperty):
1640         (JSC::ProxyObject::getOwnPropertySlotCommon):
1641         (JSC::ProxyObject::performPut):
1642         (JSC::ProxyObject::putByIndexCommon):
1643         (JSC::performProxyCall):
1644         (JSC::performProxyConstruct):
1645         (JSC::ProxyObject::performDelete):
1646         (JSC::ProxyObject::performPreventExtensions):
1647         (JSC::ProxyObject::performIsExtensible):
1648         (JSC::ProxyObject::performDefineOwnProperty):
1649         (JSC::ProxyObject::performSetPrototype):
1650         (JSC::ProxyObject::performGetPrototype):
1651         * runtime/ReflectObject.cpp:
1652         (JSC::reflectObjectConstruct):
1653         (JSC::reflectObjectDefineProperty):
1654         (JSC::reflectObjectGet):
1655         (JSC::reflectObjectGetOwnPropertyDescriptor):
1656         (JSC::reflectObjectGetPrototypeOf):
1657         (JSC::reflectObjectOwnKeys):
1658         (JSC::reflectObjectSet):
1659         * runtime/RegExpConstructor.cpp:
1660         (JSC::constructRegExp):
1661         * runtime/RegExpObject.cpp:
1662         (JSC::RegExpObject::defineOwnProperty):
1663         (JSC::RegExpObject::matchGlobal):
1664         * runtime/RegExpPrototype.cpp:
1665         (JSC::regExpProtoFuncTestFast):
1666         (JSC::regExpProtoFuncExec):
1667         (JSC::regExpProtoFuncToString):
1668         * runtime/ScriptExecutable.cpp:
1669         (JSC::ScriptExecutable::newCodeBlockFor):
1670         * runtime/SetConstructor.cpp:
1671         (JSC::constructSet):
1672         * runtime/SparseArrayValueMap.cpp:
1673         (JSC::SparseArrayValueMap::putEntry):
1674         (JSC::SparseArrayEntry::put):
1675         * runtime/StringConstructor.cpp:
1676         (JSC::stringFromCharCode):
1677         (JSC::stringFromCodePoint):
1678         * runtime/StringObject.cpp:
1679         (JSC::StringObject::put):
1680         (JSC::StringObject::putByIndex):
1681         (JSC::StringObject::defineOwnProperty):
1682         * runtime/StringPrototype.cpp:
1683         (JSC::jsSpliceSubstrings):
1684         (JSC::jsSpliceSubstringsWithSeparators):
1685         (JSC::removeUsingRegExpSearch):
1686         (JSC::replaceUsingRegExpSearch):
1687         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
1688         (JSC::replaceUsingStringSearch):
1689         (JSC::repeatCharacter):
1690         (JSC::replace):
1691         (JSC::stringProtoFuncReplaceUsingRegExp):
1692         (JSC::stringProtoFuncReplaceUsingStringSearch):
1693         (JSC::stringProtoFuncSplitFast):
1694         (JSC::stringProtoFuncToLowerCase):
1695         (JSC::stringProtoFuncToUpperCase):
1696         (JSC::toLocaleCase):
1697         (JSC::trimString):
1698         (JSC::stringProtoFuncIncludes):
1699         (JSC::builtinStringIncludesInternal):
1700         (JSC::normalize):
1701         (JSC::stringProtoFuncNormalize):
1702         * runtime/SymbolPrototype.cpp:
1703         (JSC::symbolProtoFuncToString):
1704         (JSC::symbolProtoFuncValueOf):
1705         * tools/JSDollarVM.cpp:
1706         (WTF::functionWasmStreamingParserAddBytes):
1707         (JSC::functionGetPrivateProperty):
1708         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1709         (JSC::constructJSWebAssemblyCompileError):
1710         * wasm/js/WebAssemblyModuleConstructor.cpp:
1711         (JSC::constructJSWebAssemblyModule):
1712         (JSC::WebAssemblyModuleConstructor::createModule):
1713         * wasm/js/WebAssemblyTableConstructor.cpp:
1714         (JSC::constructJSWebAssemblyTable):
1715         * wasm/js/WebAssemblyWrapperFunction.cpp:
1716         (JSC::callWebAssemblyWrapperFunction):
1717
1718 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
1719
1720         [JSC] Add a JSONStringify overload that receives a JSValue space
1721         https://bugs.webkit.org/show_bug.cgi?id=190131
1722
1723         Reviewed by Yusuke Suzuki.
1724
1725         * runtime/JSONObject.cpp:
1726         * runtime/JSONObject.h:
1727
1728 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1729
1730         Unreviewed, rolling out r236647.
1731         https://bugs.webkit.org/show_bug.cgi?id=190124
1732
1733         Breaking test stress/big-int-to-string.js (Requested by
1734         caiolima_ on #webkit).
1735
1736         Reverted changeset:
1737
1738         "[BigInt] BigInt.proptotype.toString is broken when radix is
1739         power of 2"
1740         https://bugs.webkit.org/show_bug.cgi?id=190033
1741         https://trac.webkit.org/changeset/236647
1742
1743 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1744
1745         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
1746         https://bugs.webkit.org/show_bug.cgi?id=189498
1747
1748         Reviewed by Saam Barati.
1749
1750         To call JS-to-Wasm code we need to convert the result value from wasm function to
1751         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
1752         over signature.returnType(). But since we know the value of `signature.returnType()`
1753         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
1754         and remove this switch from callWebAssemblyFunction.
1755
1756         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
1757         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
1758         we add an implementation for that.
1759
1760         * jit/AssemblyHelpers.h:
1761         (JSC::AssemblyHelpers::boxDouble):
1762         * wasm/js/JSToWasm.cpp:
1763         (JSC::Wasm::createJSToWasmWrapper):
1764         * wasm/js/WebAssemblyFunction.cpp:
1765         (JSC::callWebAssemblyFunction):
1766
1767 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1768
1769         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1770         https://bugs.webkit.org/show_bug.cgi?id=190033
1771
1772         Reviewed by Yusuke Suzuki.
1773
1774         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1775         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1776         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1777         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1778         digit.
1779
1780         * runtime/JSBigInt.cpp:
1781         (JSC::JSBigInt::toString):
1782         (JSC::JSBigInt::toStringBasePowerOfTwo):
1783         * runtime/JSBigInt.h:
1784
1785 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1786
1787         [ESNext][BigInt] Implement support for "&"
1788         https://bugs.webkit.org/show_bug.cgi?id=186228
1789
1790         Reviewed by Yusuke Suzuki.
1791
1792         This patch introduces support of BigInt into bitwise "&" operation.
1793         We are also introducing the ValueBitAnd DFG node, that is responsible
1794         to take care of JIT for non-Int32 operands. With the introduction of this
1795         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
1796         follows the behavior of ArithAdd and other arithmetic nodes, where
1797         the Arith<op> version always results in Number (in the case of
1798         ArithBitAnd, its is always an Int32).
1799
1800         * bytecode/CodeBlock.cpp:
1801         (JSC::CodeBlock::finishCreation):
1802         * bytecompiler/BytecodeGenerator.cpp:
1803         (JSC::BytecodeGenerator::emitBinaryOp):
1804         * dfg/DFGAbstractInterpreterInlines.h:
1805         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1806         * dfg/DFGBackwardsPropagationPhase.cpp:
1807         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1808         (JSC::DFG::BackwardsPropagationPhase::propagate):
1809         * dfg/DFGByteCodeParser.cpp:
1810         (JSC::DFG::ByteCodeParser::parseBlock):
1811         * dfg/DFGClobberize.h:
1812         (JSC::DFG::clobberize):
1813         * dfg/DFGDoesGC.cpp:
1814         (JSC::DFG::doesGC):
1815         * dfg/DFGFixupPhase.cpp:
1816         (JSC::DFG::FixupPhase::fixupNode):
1817         * dfg/DFGNodeType.h:
1818         * dfg/DFGOperations.cpp:
1819         * dfg/DFGOperations.h:
1820         * dfg/DFGPredictionPropagationPhase.cpp:
1821         * dfg/DFGSafeToExecute.h:
1822         (JSC::DFG::safeToExecute):
1823         * dfg/DFGSpeculativeJIT.cpp:
1824         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
1825         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
1826         * dfg/DFGSpeculativeJIT.h:
1827         (JSC::DFG::SpeculativeJIT::bitOp):
1828         * dfg/DFGSpeculativeJIT32_64.cpp:
1829         (JSC::DFG::SpeculativeJIT::compile):
1830         * dfg/DFGSpeculativeJIT64.cpp:
1831         (JSC::DFG::SpeculativeJIT::compile):
1832         * dfg/DFGStrengthReductionPhase.cpp:
1833         (JSC::DFG::StrengthReductionPhase::handleNode):
1834         * ftl/FTLCapabilities.cpp:
1835         (JSC::FTL::canCompile):
1836         * ftl/FTLLowerDFGToB3.cpp:
1837         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1838         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
1839         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
1840         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
1841         * jit/JIT.h:
1842         * jit/JITArithmetic.cpp:
1843         (JSC::JIT::emitBitBinaryOpFastPath):
1844         (JSC::JIT::emit_op_bitand):
1845         * llint/LowLevelInterpreter32_64.asm:
1846         * llint/LowLevelInterpreter64.asm:
1847         * runtime/CommonSlowPaths.cpp:
1848         (JSC::SLOW_PATH_DECL):
1849         * runtime/JSBigInt.cpp:
1850         (JSC::JSBigInt::JSBigInt):
1851         (JSC::JSBigInt::initialize):
1852         (JSC::JSBigInt::createZero):
1853         (JSC::JSBigInt::createFrom):
1854         (JSC::JSBigInt::bitwiseAnd):
1855         (JSC::JSBigInt::absoluteBitwiseOp):
1856         (JSC::JSBigInt::absoluteAnd):
1857         (JSC::JSBigInt::absoluteOr):
1858         (JSC::JSBigInt::absoluteAndNot):
1859         (JSC::JSBigInt::absoluteAddOne):
1860         (JSC::JSBigInt::absoluteSubOne):
1861         * runtime/JSBigInt.h:
1862         * runtime/JSCJSValue.h:
1863         * runtime/JSCJSValueInlines.h:
1864         (JSC::JSValue::toBigIntOrInt32 const):
1865
1866 2018-09-28  Mark Lam  <mark.lam@apple.com>
1867
1868         Gardening: speculative build fix.
1869         <rdar://problem/44869924>
1870
1871         Not reviewed.
1872
1873         * assembler/LinkBuffer.cpp:
1874         (JSC::LinkBuffer::copyCompactAndLinkCode):
1875
1876 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
1877
1878         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
1879         https://bugs.webkit.org/show_bug.cgi?id=190080
1880
1881         Reviewed by Mark Lam.
1882
1883         * assembler/ARMv7Assembler.h:
1884         (JSC::ARMv7Assembler::link):
1885         (JSC::ARMv7Assembler::linkJumpT1):
1886         (JSC::ARMv7Assembler::linkJumpT2):
1887         (JSC::ARMv7Assembler::linkJumpT3):
1888         (JSC::ARMv7Assembler::linkJumpT4):
1889         (JSC::ARMv7Assembler::linkConditionalJumpT4):
1890         (JSC::ARMv7Assembler::linkBX):
1891         (JSC::ARMv7Assembler::linkConditionalBX):
1892         * assembler/MacroAssemblerARMv7.h:
1893         (JSC::MacroAssemblerARMv7::link):
1894
1895 2018-09-27  Saam barati  <sbarati@apple.com>
1896
1897         Verify the contents of AssemblerBuffer on arm64e
1898         https://bugs.webkit.org/show_bug.cgi?id=190057
1899         <rdar://problem/38916630>
1900
1901         Reviewed by Mark Lam.
1902
1903         * assembler/ARM64Assembler.h:
1904         (JSC::ARM64Assembler::ARM64Assembler):
1905         (JSC::ARM64Assembler::fillNops):
1906         (JSC::ARM64Assembler::link):
1907         (JSC::ARM64Assembler::linkJumpOrCall):
1908         (JSC::ARM64Assembler::linkCompareAndBranch):
1909         (JSC::ARM64Assembler::linkConditionalBranch):
1910         (JSC::ARM64Assembler::linkTestAndBranch):
1911         (JSC::ARM64Assembler::unlinkedCode): Deleted.
1912         * assembler/ARMAssembler.h:
1913         (JSC::ARMAssembler::fillNops):
1914         * assembler/ARMv7Assembler.h:
1915         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
1916         * assembler/AbstractMacroAssembler.h:
1917         (JSC::AbstractMacroAssembler::emitNops):
1918         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
1919         * assembler/AssemblerBuffer.h:
1920         (JSC::ARM64EHash::ARM64EHash):
1921         (JSC::ARM64EHash::update):
1922         (JSC::ARM64EHash::hash const):
1923         (JSC::ARM64EHash::randomSeed const):
1924         (JSC::AssemblerBuffer::AssemblerBuffer):
1925         (JSC::AssemblerBuffer::putShort):
1926         (JSC::AssemblerBuffer::putIntUnchecked):
1927         (JSC::AssemblerBuffer::putInt):
1928         (JSC::AssemblerBuffer::hash const):
1929         (JSC::AssemblerBuffer::data const):
1930         (JSC::AssemblerBuffer::putIntegralUnchecked):
1931         (JSC::AssemblerBuffer::append): Deleted.
1932         * assembler/LinkBuffer.cpp:
1933         (JSC::LinkBuffer::copyCompactAndLinkCode):
1934         * assembler/MIPSAssembler.h:
1935         (JSC::MIPSAssembler::fillNops):
1936         * assembler/MacroAssemblerARM64.h:
1937         (JSC::MacroAssemblerARM64::jumpsToLink):
1938         (JSC::MacroAssemblerARM64::link):
1939         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
1940         * assembler/MacroAssemblerARMv7.h:
1941         (JSC::MacroAssemblerARMv7::jumpsToLink):
1942         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
1943         * assembler/X86Assembler.h:
1944         (JSC::X86Assembler::fillNops):
1945
1946 2018-09-27  Mark Lam  <mark.lam@apple.com>
1947
1948         ByValInfo should not use integer offsets.
1949         https://bugs.webkit.org/show_bug.cgi?id=190070
1950         <rdar://problem/44803430>
1951
1952         Reviewed by Saam Barati.
1953
1954         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
1955
1956         * bytecode/ByValInfo.h:
1957         (JSC::ByValInfo::ByValInfo):
1958         * jit/JIT.cpp:
1959         (JSC::JIT::link):
1960         * jit/JITOpcodes.cpp:
1961         (JSC::JIT::privateCompileHasIndexedProperty):
1962         * jit/JITOpcodes32_64.cpp:
1963         (JSC::JIT::privateCompileHasIndexedProperty):
1964         * jit/JITPropertyAccess.cpp:
1965         (JSC::JIT::privateCompileGetByVal):
1966         (JSC::JIT::privateCompileGetByValWithCachedId):
1967         (JSC::JIT::privateCompilePutByVal):
1968         (JSC::JIT::privateCompilePutByValWithCachedId):
1969
1970 2018-09-27  Saam barati  <sbarati@apple.com>
1971
1972         DFG::OSRExit::m_patchableCodeOffset should not be an int
1973         https://bugs.webkit.org/show_bug.cgi?id=190066
1974         <rdar://problem/39498244>
1975
1976         Reviewed by Mark Lam.
1977
1978         * dfg/DFGJITCompiler.cpp:
1979         (JSC::DFG::JITCompiler::linkOSRExits):
1980         (JSC::DFG::JITCompiler::link):
1981         * dfg/DFGOSRExit.cpp:
1982         (JSC::DFG::OSRExit::codeLocationForRepatch const):
1983         (JSC::DFG::OSRExit::compileOSRExit):
1984         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
1985         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
1986         (JSC::DFG::OSRExit::correctJump): Deleted.
1987         * dfg/DFGOSRExit.h:
1988         * dfg/DFGOSRExitCompilationInfo.h:
1989
1990 2018-09-27  Saam barati  <sbarati@apple.com>
1991
1992         Don't use int offsets in StructureStubInfo
1993         https://bugs.webkit.org/show_bug.cgi?id=190064
1994         <rdar://problem/44784719>
1995
1996         Reviewed by Mark Lam.
1997
1998         * bytecode/InlineAccess.cpp:
1999         (JSC::linkCodeInline):
2000         * bytecode/StructureStubInfo.h:
2001         (JSC::StructureStubInfo::slowPathCallLocation):
2002         (JSC::StructureStubInfo::doneLocation):
2003         (JSC::StructureStubInfo::slowPathStartLocation):
2004         * jit/JITInlineCacheGenerator.cpp:
2005         (JSC::JITInlineCacheGenerator::finalize):
2006
2007 2018-09-27  Mark Lam  <mark.lam@apple.com>
2008
2009         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
2010         https://bugs.webkit.org/show_bug.cgi?id=190054
2011         <rdar://problem/44803543>
2012
2013         Reviewed by Saam Barati.
2014
2015         * dfg/DFGJITCode.h:
2016         (JSC::DFG::JITCode::appendOSREntryData):
2017         * dfg/DFGJITCompiler.cpp:
2018         (JSC::DFG::JITCompiler::noticeOSREntry):
2019         * dfg/DFGOSREntry.cpp:
2020         (JSC::DFG::OSREntryData::dumpInContext const):
2021         (JSC::DFG::prepareOSREntry):
2022         * dfg/DFGOSREntry.h:
2023         * runtime/JSCPtrTag.h:
2024
2025 2018-09-27  Mark Lam  <mark.lam@apple.com>
2026
2027         JITMathIC should not use integer offsets into machine code.
2028         https://bugs.webkit.org/show_bug.cgi?id=190030
2029         <rdar://problem/44803307>
2030
2031         Reviewed by Saam Barati.
2032
2033         We'll replace them with CodeLocation smart pointers instead.
2034
2035         * jit/JITMathIC.h:
2036         (JSC::isProfileEmpty):
2037
2038 2018-09-26  Mark Lam  <mark.lam@apple.com>
2039
2040         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
2041         https://bugs.webkit.org/show_bug.cgi?id=190022
2042         <rdar://problem/44800928>
2043
2044         Reviewed by Saam Barati.
2045
2046         * jit/ExecutableAllocator.cpp:
2047         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
2048         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
2049         * jit/ExecutableAllocator.h:
2050         (JSC::performJITMemcpy):
2051         * runtime/Options.cpp:
2052         (JSC::recomputeDependentOptions):
2053
2054 2018-09-26  Mark Lam  <mark.lam@apple.com>
2055
2056         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
2057         https://bugs.webkit.org/show_bug.cgi?id=190016
2058         <rdar://problem/44802875>
2059
2060         Reviewed by Saam Barati.
2061
2062         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
2063         JIT memory.
2064
2065         * assembler/ARM64Assembler.h:
2066         (JSC::ARM64Assembler::fillNops):
2067         (JSC::ARM64Assembler::replaceWithVMHalt):
2068         (JSC::ARM64Assembler::replaceWithJump):
2069         (JSC::ARM64Assembler::replaceWithLoad):
2070         (JSC::ARM64Assembler::replaceWithAddressComputation):
2071         (JSC::ARM64Assembler::setPointer):
2072         (JSC::ARM64Assembler::repatchInt32):
2073         (JSC::ARM64Assembler::repatchCompact):
2074         (JSC::ARM64Assembler::linkJumpOrCall):
2075         (JSC::ARM64Assembler::linkCompareAndBranch):
2076         (JSC::ARM64Assembler::linkConditionalBranch):
2077         (JSC::ARM64Assembler::linkTestAndBranch):
2078         * assembler/LinkBuffer.cpp:
2079         (JSC::LinkBuffer::copyCompactAndLinkCode):
2080         (JSC::LinkBuffer::linkCode):
2081         * jit/ExecutableAllocator.h:
2082         (JSC::performJITMemcpy):
2083
2084 2018-09-25  Keith Miller  <keith_miller@apple.com>
2085
2086         Move Symbol API to SPI
2087         https://bugs.webkit.org/show_bug.cgi?id=189946
2088
2089         Reviewed by Michael Saboff.
2090
2091         Some of the property access methods on JSValue needed to be moved
2092         to a category so that SPI overloads don't result in a compiler
2093         error for internal users.
2094
2095         Additionally, this patch does not move the new enum entry for
2096         Symbols in the JSType enumeration.
2097
2098         * API/JSObjectRef.h:
2099         * API/JSObjectRefPrivate.h:
2100         * API/JSValue.h:
2101         * API/JSValuePrivate.h:
2102         * API/JSValueRef.h:
2103
2104 2018-09-26  Keith Miller  <keith_miller@apple.com>
2105
2106         We should zero unused property storage when rebalancing array storage.
2107         https://bugs.webkit.org/show_bug.cgi?id=188151
2108
2109         Reviewed by Michael Saboff.
2110
2111         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
2112         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
2113         property storage.
2114
2115         * runtime/JSArray.cpp:
2116         (JSC::JSArray::unshiftCountSlowCase):
2117
2118 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2119
2120         Unreviewed, add scope verification handling
2121         https://bugs.webkit.org/show_bug.cgi?id=189780
2122
2123         * runtime/ArrayPrototype.cpp:
2124         (JSC::arrayProtoFuncIndexOf):
2125         (JSC::arrayProtoFuncLastIndexOf):
2126
2127 2018-09-26  Koby Boyango  <koby.b@mce.systems>
2128
2129         [JSC] offlineasm parser should handle CRLF in asm files
2130         https://bugs.webkit.org/show_bug.cgi?id=189949
2131
2132         Reviewed by Mark Lam.
2133
2134         * offlineasm/parser.rb:
2135
2136 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2137
2138         [JSC] Optimize Array#lastIndexOf
2139         https://bugs.webkit.org/show_bug.cgi?id=189780
2140
2141         Reviewed by Saam Barati.
2142
2143         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
2144         for JSArray with contiguous storage.
2145
2146         * runtime/ArrayPrototype.cpp:
2147         (JSC::arrayProtoFuncLastIndexOf):
2148
2149 2018-09-25  Saam Barati  <sbarati@apple.com>
2150
2151         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
2152         https://bugs.webkit.org/show_bug.cgi?id=189940
2153         <rdar://problem/43640987>
2154
2155         Reviewed by Mark Lam.
2156
2157         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
2158         CodeBlock. There is nothing semantically wrong with doing that (except for
2159         poor naming), however, the poor naming here led us to make a real semantic
2160         mistake. We wanted the baseline CodeBlock's constant pool, but we were
2161         accessing the FTL CodeBlock's constant pool accidentally. We need to
2162         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
2163         constant value.
2164
2165         * bytecode/InlineCallFrame.h:
2166         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
2167         * ftl/FTLOperations.cpp:
2168         (JSC::FTL::operationMaterializeObjectInOSR):
2169
2170 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
2171
2172         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
2173         https://bugs.webkit.org/show_bug.cgi?id=189962
2174         <rdar://problem/44648287>
2175
2176         Reviewed by Brian Burg.
2177
2178         * inspector/scripts/codegen/generate_objc_header.py:
2179         (ObjCHeaderGenerator._callback_block_for_command):
2180         If there are no return parameters include "void" in the block signature.
2181
2182         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
2183         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
2184         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
2185         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
2186         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
2187         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
2188         Rebaseline test results.
2189
2190 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
2191
2192         Remove AUTHORS and THANKS files which are stale
2193         https://bugs.webkit.org/show_bug.cgi?id=189941
2194
2195         Reviewed by Darin Adler.
2196
2197         Included mentions below so their names are still in ChangeLogs.
2198
2199         * AUTHORS: Removed.
2200         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
2201         These authors remain mentioned in copyrights in source files.
2202
2203         * THANKS: Removed.
2204         Richard Moore <rich@kde.org> - for filling the Math object with some life
2205         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
2206         Marco Pinelli <pinmc@libero.it> - for his patches
2207         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
2208         
2209 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
2210
2211         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
2212         https://bugs.webkit.org/show_bug.cgi?id=189733
2213
2214         Reviewed by Michael Catanzaro.
2215
2216         * assembler/ARM64Assembler.h:
2217         * assembler/ARMAssembler.h:
2218         (JSC::ARMAssembler::cacheFlush):
2219         * assembler/MacroAssemblerARM.cpp:
2220         (JSC::isVFPPresent):
2221         * assembler/MacroAssemblerARM64.cpp:
2222         * assembler/MacroAssemblerARMv7.cpp:
2223         * assembler/MacroAssemblerMIPS.cpp:
2224         * assembler/MacroAssemblerX86Common.cpp:
2225         * heap/HeapCell.cpp:
2226         * heap/HeapCell.h:
2227         * jit/HostCallReturnValue.h:
2228         * jit/JIT.h:
2229         * jit/JITOperations.cpp:
2230         * jit/ThunkGenerators.cpp:
2231         * runtime/ArrayConventions.cpp:
2232         (JSC::clearArrayMemset):
2233         * runtime/JSBigInt.cpp:
2234         (JSC::JSBigInt::digitDiv):
2235
2236 2018-09-24  Saam Barati  <sbarati@apple.com>
2237
2238         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
2239         https://bugs.webkit.org/show_bug.cgi?id=189922
2240         <rdar://problem/44651275>
2241
2242         Reviewed by Mark Lam.
2243
2244         The implementation was first getting the length to iterate up to,
2245         then getting the starting index. However, getting the starting
2246         index may perform effects. e.g, it could change the length of the
2247         array. This changes it so we verify the length is still valid.
2248
2249         * runtime/ArrayPrototype.cpp:
2250         (JSC::arrayProtoFuncIndexOf):
2251
2252 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
2253
2254         offlineasm: fix macro scoping
2255         https://bugs.webkit.org/show_bug.cgi?id=189902
2256
2257         Reviewed by Mark Lam.
2258
2259         In the code below, the reference to `f` in `g`, which should refer to
2260         the outer macro definition will instead refer to the f argument of the
2261         anonymous macro passed to `g`. That leads to this code failing to
2262         compile (f expected 0 args but got 1).
2263         
2264         ```
2265         macro f(x)
2266             move x, t0
2267         end
2268         
2269         macro g(fn)
2270             fn(macro () f(42) end)
2271         end
2272         
2273         g(macro(f) f() end)
2274         ```
2275
2276         * offlineasm/ast.rb:
2277         * offlineasm/transform.rb:
2278
2279 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
2280
2281         Add forEach method for iterating CodeBlock's ValueProfiles
2282         https://bugs.webkit.org/show_bug.cgi?id=189897
2283
2284         Reviewed by Mark Lam.
2285
2286         Add method to abstract how we find ValueProfiles in a CodeBlock in
2287         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
2288         ValueProfiles will be stored in the MetadataTable.
2289
2290         * bytecode/CodeBlock.cpp:
2291         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2292         (JSC::CodeBlock::updateAllValueProfilePredictions):
2293         (JSC::CodeBlock::shouldOptimizeNow):
2294         (JSC::CodeBlock::dumpValueProfiles):
2295         * bytecode/CodeBlock.h:
2296         (JSC::CodeBlock::forEachValueProfile):
2297         (JSC::CodeBlock::numberOfArgumentValueProfiles):
2298         (JSC::CodeBlock::valueProfileForArgument):
2299         (JSC::CodeBlock::numberOfValueProfiles):
2300         (JSC::CodeBlock::valueProfile):
2301         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
2302         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
2303         * tools/HeapVerifier.cpp:
2304         (JSC::HeapVerifier::validateJSCell):
2305
2306 2018-09-24  Saam barati  <sbarati@apple.com>
2307
2308         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
2309         https://bugs.webkit.org/show_bug.cgi?id=189682
2310         <rdar://problem/43557315>
2311
2312         Reviewed by Mark Lam.
2313
2314         Otherwise, if we have code like this:
2315         ```
2316         a: Arguments
2317         b: GetButterfly(@a)
2318         c: ForceExit
2319         d: GetArrayLength(@a, @b)
2320         ```
2321         it will get transformed into this invalid DFG IR:
2322         ```
2323         a: PhantomArguments
2324         b: Check(@a)
2325         c: ForceExit
2326         d: GetArrayLength(@a, @b)
2327         ```
2328         
2329         And we will fail DFG validation since @b does not have a result.
2330         
2331         The fix is to just remove all nodes after the ForceExit and plant an
2332         Unreachable after it. So the above code program will now turn into this:
2333         ```
2334         a: PhantomArguments
2335         b: Check(@a)
2336         c: ForceExit
2337         e: Unreachable
2338         ```
2339
2340         * dfg/DFGArgumentsEliminationPhase.cpp:
2341
2342 2018-09-22  Saam barati  <sbarati@apple.com>
2343
2344         The sampling should not use Strong<CodeBlock> in its machineLocation field
2345         https://bugs.webkit.org/show_bug.cgi?id=189319
2346
2347         Reviewed by Filip Pizlo.
2348
2349         The sampling profiler has a CLI mode where we gather information about inline
2350         call frames. That data structure was using a Strong<CodeBlock>. We were
2351         constructing this Strong<CodeBlock> during GC concurrently to processing all
2352         the Strong handles. This is a bug since we end up corrupting that data
2353         structure. This patch fixes this by just making this data structure use the
2354         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
2355
2356         * inspector/agents/InspectorScriptProfilerAgent.cpp:
2357         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
2358         * runtime/SamplingProfiler.cpp:
2359         (JSC::SamplingProfiler::processUnverifiedStackTraces):
2360
2361         (JSC::SamplingProfiler::reportTopFunctions):
2362         (JSC::SamplingProfiler::reportTopBytecodes):
2363         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
2364         cause a GC to happen while already holding the sampling profiler's
2365         lock.
2366
2367 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2368
2369         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
2370         https://bugs.webkit.org/show_bug.cgi?id=189778
2371
2372         Reviewed by Keith Miller.
2373
2374         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
2375         Linux and macOS respectively. We would like to enable it for non JIT
2376         configurations in X86_64 and ARM64.
2377
2378         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
2379         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
2380         configuration. But it is wrong in the new scenario since we have a build
2381         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
2382         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
2383         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
2384         related to LLInt ASM interpreter and not related to JIT.
2385
2386         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
2387         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
2388         has machine register information that is used in LLInt ASM interpreter.
2389
2390         * API/tests/PingPongStackOverflowTest.cpp:
2391         (testPingPongStackOverflow):
2392         * CMakeLists.txt:
2393         * JavaScriptCore.xcodeproj/project.pbxproj:
2394         * assembler/MaxFrameExtentForSlowPathCall.h:
2395         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
2396         * bytecode/CodeBlock.cpp:
2397         (JSC::CodeBlock::finishCreation):
2398         * bytecode/CodeBlock.h:
2399         (JSC::CodeBlock::calleeSaveRegisters const):
2400         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
2401         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2402         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
2403         * bytecode/Opcode.h:
2404         (JSC::padOpcodeName):
2405         * heap/Heap.cpp:
2406         (JSC::Heap::gatherJSStackRoots):
2407         (JSC::Heap::stopThePeriphery):
2408         * interpreter/CLoopStack.cpp:
2409         * interpreter/CLoopStack.h:
2410         * interpreter/CLoopStackInlines.h:
2411         * interpreter/EntryFrame.h:
2412         * interpreter/Interpreter.cpp:
2413         (JSC::Interpreter::Interpreter):
2414         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
2415         * interpreter/Interpreter.h:
2416         * interpreter/StackVisitor.cpp:
2417         (JSC::StackVisitor::Frame::calleeSaveRegisters):
2418         * interpreter/VMEntryRecord.h:
2419         * jit/ExecutableAllocator.h:
2420         * jit/FPRInfo.h:
2421         (WTF::printInternal):
2422         * jit/GPRInfo.cpp:
2423         * jit/GPRInfo.h:
2424         (WTF::printInternal):
2425         * jit/HostCallReturnValue.cpp:
2426         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
2427         * jit/HostCallReturnValue.h:
2428         * jit/JITOperations.cpp:
2429         (JSC::getHostCallReturnValueWithExecState): Deleted.
2430         * jit/JITOperationsMSVC64.cpp:
2431         * jit/Reg.cpp:
2432         * jit/Reg.h:
2433         * jit/RegisterAtOffset.cpp:
2434         * jit/RegisterAtOffset.h:
2435         * jit/RegisterAtOffsetList.cpp:
2436         * jit/RegisterAtOffsetList.h:
2437         * jit/RegisterMap.h:
2438         * jit/RegisterSet.cpp:
2439         * jit/RegisterSet.h:
2440         * jit/TempRegisterSet.cpp:
2441         * jit/TempRegisterSet.h:
2442         * llint/LLIntCLoop.cpp:
2443         * llint/LLIntCLoop.h:
2444         * llint/LLIntData.cpp:
2445         (JSC::LLInt::initialize):
2446         (JSC::LLInt::Data::performAssertions):
2447         * llint/LLIntData.h:
2448         * llint/LLIntOfflineAsmConfig.h:
2449         * llint/LLIntOpcode.h:
2450         * llint/LLIntPCRanges.h:
2451         * llint/LLIntSlowPaths.cpp:
2452         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2453         * llint/LLIntSlowPaths.h:
2454         * llint/LLIntThunks.cpp:
2455         * llint/LowLevelInterpreter.cpp:
2456         * llint/LowLevelInterpreter.h:
2457         * runtime/JSCJSValue.h:
2458         * runtime/MachineContext.h:
2459         * runtime/SamplingProfiler.cpp:
2460         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
2461         for LLInt ASM interpreter with non JIT configuration.
2462         * runtime/TestRunnerUtils.cpp:
2463         (JSC::optimizeNextInvocation):
2464         * runtime/VM.cpp:
2465         (JSC::VM::VM):
2466         (JSC::VM::getHostFunction):
2467         (JSC::VM::updateSoftReservedZoneSize):
2468         (JSC::sanitizeStackForVM):
2469         (JSC::VM::committedStackByteCount):
2470         * runtime/VM.h:
2471         * runtime/VMInlines.h:
2472         (JSC::VM::ensureStackCapacityFor):
2473         (JSC::VM::isSafeToRecurseSoft const):
2474
2475 2018-09-21  Keith Miller  <keith_miller@apple.com>
2476
2477         Add Promise SPI
2478         https://bugs.webkit.org/show_bug.cgi?id=189809
2479
2480         Reviewed by Saam Barati.
2481
2482         The Patch adds new SPI to create promises. It's mostly SPI because
2483         I want to see how internal users react to it before we make it
2484         public.
2485
2486         This patch adds a couple of new Obj-C SPI methods. The first
2487         creates a new promise using the same API that JS does where the
2488         user provides an executor callback. If an exception is raised
2489         in/to that callback the promise is automagically rejected. The
2490         other methods create a pre-resolved or rejected promise as this
2491         appears to be a common way to initialize a promise.
2492
2493         I was also considering adding a second version of executor API
2494         where it would catch specific Obj-C exceptions. This would work by
2495         taking a Class paramter and checking isKindOfClass: on the
2496         exception. I decided against this as nothing else in our API
2497         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2498         corrupt state if an Obj-C exception unwinds through JS frames.
2499
2500         This patch adds a new C function that will create a "deferred"
2501         promise. A deferred promise is a style of creating promise/futures
2502         where the resolve and reject functions are passed as outputs of a
2503         function. I went with this style for the C SPI because we don't have
2504         any concept of forwarding exceptions in the C API.
2505
2506         In order to make the C API work I refactored a bit of the promise code
2507         so that we can call a static method on JSDeferredPromise and just get
2508         the components without allocating an extra cell wrapper.
2509
2510         * API/JSContext.mm:
2511         (+[JSContext currentCallee]):
2512         * API/JSObjectRef.cpp:
2513         (JSObjectMakeDeferredPromise):
2514         * API/JSObjectRefPrivate.h:
2515         * API/JSValue.mm:
2516         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2517         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2518         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2519         * API/JSValuePrivate.h: Added.
2520         * API/JSVirtualMachine.mm:
2521         * API/JSVirtualMachinePrivate.h:
2522         * API/tests/testapi.c:
2523         (main):
2524         * API/tests/testapi.cpp:
2525         (APIContext::operator JSC::ExecState*):
2526         (TestAPI::failed const):
2527         (TestAPI::check):
2528         (TestAPI::basicSymbol):
2529         (TestAPI::symbolsTypeof):
2530         (TestAPI::symbolsGetPropertyForKey):
2531         (TestAPI::symbolsSetPropertyForKey):
2532         (TestAPI::symbolsHasPropertyForKey):
2533         (TestAPI::symbolsDeletePropertyForKey):
2534         (TestAPI::promiseResolveTrue):
2535         (TestAPI::promiseRejectTrue):
2536         (testCAPIViaCpp):
2537         (TestAPI::run): Deleted.
2538         * API/tests/testapi.mm:
2539         (testObjectiveCAPIMain):
2540         (promiseWithExecutor):
2541         (promiseRejectOnJSException):
2542         (promiseCreateResolved):
2543         (promiseCreateRejected):
2544         (parallelPromiseResolveTest):
2545         (testObjectiveCAPI):
2546         * JavaScriptCore.xcodeproj/project.pbxproj:
2547         * runtime/JSInternalPromiseDeferred.cpp:
2548         (JSC::JSInternalPromiseDeferred::create):
2549         * runtime/JSPromise.h:
2550         * runtime/JSPromiseConstructor.cpp:
2551         (JSC::constructPromise):
2552         * runtime/JSPromiseDeferred.cpp:
2553         (JSC::JSPromiseDeferred::createDeferredData):
2554         (JSC::JSPromiseDeferred::create):
2555         (JSC::JSPromiseDeferred::finishCreation):
2556         (JSC::newPromiseCapability): Deleted.
2557         * runtime/JSPromiseDeferred.h:
2558         (JSC::JSPromiseDeferred::promise const):
2559         (JSC::JSPromiseDeferred::resolve const):
2560         (JSC::JSPromiseDeferred::reject const):
2561
2562 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
2563
2564         Unreviewed, rolling out r236359.
2565
2566         Broke the Windows build.
2567
2568         Reverted changeset:
2569
2570         "Add Promise SPI"
2571         https://bugs.webkit.org/show_bug.cgi?id=189809
2572         https://trac.webkit.org/changeset/236359
2573
2574 2018-09-21  Mark Lam  <mark.lam@apple.com>
2575
2576         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
2577         https://bugs.webkit.org/show_bug.cgi?id=189855
2578         <rdar://problem/44680181>
2579
2580         Reviewed by Filip Pizlo.
2581
2582         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
2583         ExecState* argument.  This is intentional so that resolveRope() does not throw
2584         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
2585         get the VM from the cell instead of via the ExecState.
2586
2587         Also removed an obsolete and unused field in JSString.
2588
2589         * runtime/JSString.cpp:
2590         (JSC::JSRopeString::resolveRope const):
2591         (JSC::JSRopeString::outOfMemory const):
2592         * runtime/JSString.h:
2593         (JSC::JSString::tryGetValue const):
2594
2595 2018-09-21  Michael Saboff  <msaboff@apple.com>
2596
2597         Add functions to measure memory footprint to JSC
2598         https://bugs.webkit.org/show_bug.cgi?id=189768
2599
2600         Reviewed by Saam Barati.
2601
2602         Rolling this back in again.
2603
2604         Provide system memory metrics for the current process to aid in memory reduction measurement and
2605         tuning using native JS tests.
2606
2607         * jsc.cpp:
2608         (MemoryFootprint::now):
2609         (MemoryFootprint::resetPeak):
2610         (GlobalObject::finishCreation):
2611         (JSCMemoryFootprint::JSCMemoryFootprint):
2612         (JSCMemoryFootprint::createStructure):
2613         (JSCMemoryFootprint::create):
2614         (JSCMemoryFootprint::finishCreation):
2615         (JSCMemoryFootprint::addProperty):
2616         (functionResetMemoryPeak):
2617
2618 2018-09-21  Keith Miller  <keith_miller@apple.com>
2619
2620         Add Promise SPI
2621         https://bugs.webkit.org/show_bug.cgi?id=189809
2622
2623         Reviewed by Saam Barati.
2624
2625         The Patch adds new SPI to create promises. It's mostly SPI because
2626         I want to see how internal users react to it before we make it
2627         public.
2628
2629         This patch adds a couple of new Obj-C SPI methods. The first
2630         creates a new promise using the same API that JS does where the
2631         user provides an executor callback. If an exception is raised
2632         in/to that callback the promise is automagically rejected. The
2633         other methods create a pre-resolved or rejected promise as this
2634         appears to be a common way to initialize a promise.
2635
2636         I was also considering adding a second version of executor API
2637         where it would catch specific Obj-C exceptions. This would work by
2638         taking a Class paramter and checking isKindOfClass: on the
2639         exception. I decided against this as nothing else in our API
2640         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2641         corrupt state if an Obj-C exception unwinds through JS frames.
2642
2643         This patch adds a new C function that will create a "deferred"
2644         promise. A deferred promise is a style of creating promise/futures
2645         where the resolve and reject functions are passed as outputs of a
2646         function. I went with this style for the C SPI because we don't have
2647         any concept of forwarding exceptions in the C API.
2648
2649         In order to make the C API work I refactored a bit of the promise code
2650         so that we can call a static method on JSDeferredPromise and just get
2651         the components without allocating an extra cell wrapper.
2652
2653         * API/JSContext.mm:
2654         (+[JSContext currentCallee]):
2655         * API/JSObjectRef.cpp:
2656         (JSObjectMakeDeferredPromise):
2657         * API/JSObjectRefPrivate.h:
2658         * API/JSValue.mm:
2659         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2660         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2661         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2662         * API/JSValuePrivate.h: Added.
2663         * API/JSVirtualMachine.mm:
2664         * API/JSVirtualMachinePrivate.h:
2665         * API/tests/testapi.c:
2666         (main):
2667         * API/tests/testapi.cpp:
2668         (APIContext::operator JSC::ExecState*):
2669         (TestAPI::failed const):
2670         (TestAPI::check):
2671         (TestAPI::basicSymbol):
2672         (TestAPI::symbolsTypeof):
2673         (TestAPI::symbolsGetPropertyForKey):
2674         (TestAPI::symbolsSetPropertyForKey):
2675         (TestAPI::symbolsHasPropertyForKey):
2676         (TestAPI::symbolsDeletePropertyForKey):
2677         (TestAPI::promiseResolveTrue):
2678         (TestAPI::promiseRejectTrue):
2679         (testCAPIViaCpp):
2680         (TestAPI::run): Deleted.
2681         * API/tests/testapi.mm:
2682         (testObjectiveCAPIMain):
2683         (promiseWithExecutor):
2684         (promiseRejectOnJSException):
2685         (promiseCreateResolved):
2686         (promiseCreateRejected):
2687         (parallelPromiseResolveTest):
2688         (testObjectiveCAPI):
2689         * JavaScriptCore.xcodeproj/project.pbxproj:
2690         * runtime/JSInternalPromiseDeferred.cpp:
2691         (JSC::JSInternalPromiseDeferred::create):
2692         * runtime/JSPromise.h:
2693         * runtime/JSPromiseConstructor.cpp:
2694         (JSC::constructPromise):
2695         * runtime/JSPromiseDeferred.cpp:
2696         (JSC::JSPromiseDeferred::createDeferredData):
2697         (JSC::JSPromiseDeferred::create):
2698         (JSC::JSPromiseDeferred::finishCreation):
2699         (JSC::newPromiseCapability): Deleted.
2700         * runtime/JSPromiseDeferred.h:
2701         (JSC::JSPromiseDeferred::promise const):
2702         (JSC::JSPromiseDeferred::resolve const):
2703         (JSC::JSPromiseDeferred::reject const):
2704
2705 2018-09-21  Truitt Savell  <tsavell@apple.com>
2706
2707         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
2708         https://bugs.webkit.org/show_bug.cgi?id=156674
2709
2710         Unreviewed Test Gardening
2711
2712         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2713         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2714
2715 2018-09-21  Mike Gorse  <mgorse@suse.com>
2716
2717         Build tools should work when the /usr/bin/python is python3
2718         https://bugs.webkit.org/show_bug.cgi?id=156674
2719
2720         Reviewed by Michael Catanzaro.
2721
2722         * Scripts/cssmin.py:
2723         * Scripts/generate-js-builtins.py:
2724         (do_open):
2725         (generate_bindings_for_builtins_files):
2726         * Scripts/generateIntlCanonicalizeLanguage.py:
2727         * Scripts/jsmin.py:
2728         (JavascriptMinify.minify.write):
2729         (JavascriptMinify):
2730         (JavascriptMinify.minify):
2731         * Scripts/make-js-file-arrays.py:
2732         (chunk):
2733         (main):
2734         * Scripts/wkbuiltins/__init__.py:
2735         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
2736         (generate_section_for_global_private_code_name_macro):
2737         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
2738         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
2739         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
2740         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
2741         * Scripts/wkbuiltins/builtins_model.py:
2742         (BuiltinFunction.__lt__):
2743         (BuiltinsCollection.copyrights):
2744         (BuiltinsCollection._parse_functions):
2745         * disassembler/udis86/ud_opcode.py:
2746         (UdOpcodeTables.pprint.printWalk):
2747         * generate-bytecode-files:
2748         * inspector/scripts/codegen/__init__.py:
2749         * inspector/scripts/codegen/cpp_generator.py:
2750         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2751         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
2752         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2753         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2754         (CppBackendDispatcherHeaderGenerator.generate_output):
2755         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2756         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2757         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2758         (CppBackendDispatcherImplementationGenerator.generate_output):
2759         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2760         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2761         (CppFrontendDispatcherHeaderGenerator.generate_output):
2762         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2763         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2764         (CppFrontendDispatcherImplementationGenerator.generate_output):
2765         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2766         (CppProtocolTypesHeaderGenerator.generate_output):
2767         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2768         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2769         (CppProtocolTypesImplementationGenerator.generate_output):
2770         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2771         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
2772         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2773         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2774         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
2775         * inspector/scripts/codegen/generate_js_backend_commands.py:
2776         (JSBackendCommandsGenerator.should_generate_domain):
2777         (JSBackendCommandsGenerator.domains_to_generate):
2778         (JSBackendCommandsGenerator.generate_output):
2779         (JSBackendCommandsGenerator.generate_domain):
2780         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2781         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2782         (ObjCBackendDispatcherHeaderGenerator.generate_output):
2783         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2784         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2785         (ObjCBackendDispatcherImplementationGenerator.generate_output):
2786         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
2787         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2788         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2789         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2790         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2791         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
2792         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2793         * inspector/scripts/codegen/generate_objc_header.py:
2794         (ObjCHeaderGenerator.generate_output):
2795         (ObjCHeaderGenerator._generate_type_interface):
2796         * inspector/scripts/codegen/generate_objc_internal_header.py:
2797         (ObjCInternalHeaderGenerator.generate_output):
2798         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2799         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2800         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
2801         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2802         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2803         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2804         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2805         (ObjCProtocolTypesImplementationGenerator.generate_output):
2806         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
2807         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2808         * inspector/scripts/codegen/generator.py:
2809         (Generator.non_supplemental_domains):
2810         (Generator.open_fields):
2811         (Generator.calculate_types_requiring_shape_assertions):
2812         (Generator._traverse_and_assign_enum_values):
2813         (Generator.stylized_name_for_enum_value):
2814         * inspector/scripts/codegen/models.py:
2815         (find_duplicates):
2816         * inspector/scripts/codegen/objc_generator.py:
2817         * wasm/generateWasm.py:
2818         (opcodeIterator):
2819         * yarr/generateYarrCanonicalizeUnicode:
2820         * yarr/generateYarrUnicodePropertyTables.py:
2821         * yarr/hasher.py:
2822         (stringHash):
2823
2824 2018-09-21  Tomas Popela  <tpopela@redhat.com>
2825
2826         [ARM] Build broken on armv7hl after r235517
2827         https://bugs.webkit.org/show_bug.cgi?id=189831
2828
2829         Reviewed by Yusuke Suzuki.
2830
2831         Add missing implementation of patchebleBranch8() for traditional ARM.
2832
2833         * assembler/MacroAssemblerARM.h:
2834         (JSC::MacroAssemblerARM::patchableBranch8):
2835
2836 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2837
2838         Unreviewed, rolling out r236293.
2839
2840         Internal build still broken.
2841
2842         Reverted changeset:
2843
2844         "Add functions to measure memory footprint to JSC"
2845         https://bugs.webkit.org/show_bug.cgi?id=189768
2846         https://trac.webkit.org/changeset/236293
2847
2848 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2849
2850         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
2851         https://bugs.webkit.org/show_bug.cgi?id=189558
2852
2853         Reviewed by Mark Lam.
2854
2855         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
2856
2857             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
2858
2859         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
2860         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
2861
2862         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
2863         And we propagate this value to the global atomic counter when rebalance happens.
2864
2865         We also reduce HeapCell::heap() access by using `vm.heap`.
2866
2867         * heap/SlotVisitor.cpp:
2868         (JSC::SlotVisitor::didStartMarking):
2869         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
2870         (JSC::SlotVisitor::drain):
2871         (JSC::SlotVisitor::performIncrementOfDraining):
2872         * heap/SlotVisitor.h:
2873         * heap/SlotVisitorInlines.h:
2874         (JSC::SlotVisitor::reportExtraMemoryVisited):
2875         * runtime/JSString.cpp:
2876         (JSC::JSRopeString::resolveRopeToAtomicString const):
2877         (JSC::JSRopeString::resolveRope const):
2878         * runtime/JSString.h:
2879         (JSC::JSString::finishCreation):
2880         * wasm/js/JSWebAssemblyInstance.cpp:
2881         (JSC::JSWebAssemblyInstance::finishCreation):
2882         * wasm/js/JSWebAssemblyMemory.cpp:
2883         (JSC::JSWebAssemblyMemory::finishCreation):
2884
2885 2018-09-20  Michael Saboff  <msaboff@apple.com>
2886
2887         Add functions to measure memory footprint to JSC
2888         https://bugs.webkit.org/show_bug.cgi?id=189768
2889
2890         Reviewed by Saam Barati.
2891
2892         Rolling this back in.
2893
2894         Provide system memory metrics for the current process to aid in memory reduction measurement and
2895         tuning using native JS tests.
2896
2897         * jsc.cpp:
2898         (MemoryFootprint::now):
2899         (MemoryFootprint::resetPeak):
2900         (GlobalObject::finishCreation):
2901         (JSCMemoryFootprint::JSCMemoryFootprint):
2902         (JSCMemoryFootprint::createStructure):
2903         (JSCMemoryFootprint::create):
2904         (JSCMemoryFootprint::finishCreation):
2905         (JSCMemoryFootprint::addProperty):
2906         (functionResetMemoryPeak):
2907
2908 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2909
2910         Unreviewed, rolling out r236235.
2911
2912         Breaks internal builds.
2913
2914         Reverted changeset:
2915
2916         "Add functions to measure memory footprint to JSC"
2917         https://bugs.webkit.org/show_bug.cgi?id=189768
2918         https://trac.webkit.org/changeset/236235
2919
2920 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
2921
2922         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
2923         https://bugs.webkit.org/show_bug.cgi?id=189730
2924
2925         Reviewed by Saam Barati.
2926
2927         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
2928
2929         * jit/JITMathIC.h:
2930         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
2931
2932 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2933
2934         [JSC] Optimize Array#indexOf in C++ runtime
2935         https://bugs.webkit.org/show_bug.cgi?id=189507
2936
2937         Reviewed by Saam Barati.
2938
2939         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
2940         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
2941         and actually it is working well, C++ Array#indexOf is called significant amount
2942         of time before tiering up, and it takes 6.74% of jsc main thread samples according
2943         to perf command in Linux. This is because C++ Array#indexOf is too generic and
2944         misses the chance to optimize JSArray cases.
2945
2946         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
2947         access to the given JSArray is non-observable and indexing type is good for the fast
2948         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
2949         babylon web-tooling-benchmark.
2950
2951         * runtime/ArrayPrototype.cpp:
2952         (JSC::arrayProtoFuncIndexOf):
2953         * runtime/JSArray.h:
2954         * runtime/JSArrayInlines.h:
2955         (JSC::JSArray::canDoFastIndexedAccess):
2956         (JSC::toLength):
2957         * runtime/JSCJSValueInlines.h:
2958         (JSC::JSValue::JSValue):
2959         * runtime/JSGlobalObject.h:
2960         * runtime/JSGlobalObjectInlines.h:
2961         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
2962         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
2963         * runtime/MathCommon.h:
2964         (JSC::canBeStrictInt32):
2965         (JSC::canBeInt32):
2966
2967 2018-09-19  Michael Saboff  <msaboff@apple.com>
2968
2969         Add functions to measure memory footprint to JSC
2970         https://bugs.webkit.org/show_bug.cgi?id=189768
2971
2972         Reviewed by Saam Barati.
2973
2974         Provide system memory metrics for the current process to aid in memory reduction measurement and
2975         tuning using native JS tests.
2976
2977         * jsc.cpp:
2978         (MemoryFootprint::now):
2979         (MemoryFootprint::resetPeak):
2980         (GlobalObject::finishCreation):
2981         (JSCMemoryFootprint::JSCMemoryFootprint):
2982         (JSCMemoryFootprint::createStructure):
2983         (JSCMemoryFootprint::create):
2984         (JSCMemoryFootprint::finishCreation):
2985         (JSCMemoryFootprint::addProperty):
2986         (functionResetMemoryPeak):
2987
2988 2018-09-19  Saam barati  <sbarati@apple.com>
2989
2990         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
2991         https://bugs.webkit.org/show_bug.cgi?id=189703
2992
2993         Reviewed by Mark Lam.
2994
2995         This fixes a crash that a TypeProfiler change revealed.
2996
2997         * dfg/DFGSpeculativeJIT64.cpp:
2998         (JSC::DFG::SpeculativeJIT::compile):
2999
3000 2018-09-19  Saam barati  <sbarati@apple.com>
3001
3002         AI rule for MultiPutByOffset executes its effects in the wrong order
3003         https://bugs.webkit.org/show_bug.cgi?id=189757
3004         <rdar://problem/43535257>
3005
3006         Reviewed by Michael Saboff.
3007
3008         The AI rule for MultiPutByOffset was executing effects in the wrong order.
3009         It first executed the transition effects and the effects on the base, and
3010         then executed the filtering effects on the value being stored. However, you
3011         can end up with the wrong type when the base and the value being stored
3012         are the same. E.g, in a program like `o.f = o`. These effects need to happen
3013         in the opposite order, modeling what happens in the runtime executing of
3014         MultiPutByOffset.
3015
3016         * dfg/DFGAbstractInterpreterInlines.h:
3017         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3018
3019 2018-09-18  Mark Lam  <mark.lam@apple.com>
3020
3021         Ensure that ForInContexts are invalidated if their loop local is over-written.
3022         https://bugs.webkit.org/show_bug.cgi?id=189571
3023         <rdar://problem/44402277>
3024
3025         Reviewed by Saam Barati.
3026
3027         Instead of hunting down every place in the BytecodeGenerator that potentially
3028         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
3029         the bytecode range of the loop body when the ForInContext is popped, and
3030         invalidate the context if we ever find the loop temp variable over-written.
3031
3032         This has 2 benefits:
3033         1. It ensures that every type of opcode that can write to the loop temp will be
3034            handled appropriately, not just the op_mov that we've hunted down.
3035         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
3036            every time we emit an op_mov (or other opcodes that can write to a local)
3037            even when we're not inside a for-in loop.
3038
3039         JSC benchmarks show that that this change is performance neutral.
3040
3041         * bytecompiler/BytecodeGenerator.cpp:
3042         (JSC::BytecodeGenerator::pushIndexedForInScope):
3043         (JSC::BytecodeGenerator::popIndexedForInScope):
3044         (JSC::BytecodeGenerator::pushStructureForInScope):
3045         (JSC::BytecodeGenerator::popStructureForInScope):
3046         (JSC::ForInContext::finalize):
3047         (JSC::StructureForInContext::finalize):
3048         (JSC::IndexedForInContext::finalize):
3049         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
3050         * bytecompiler/BytecodeGenerator.h:
3051         (JSC::ForInContext::ForInContext):
3052         (JSC::ForInContext::bodyBytecodeStartOffset const):
3053         (JSC::StructureForInContext::StructureForInContext):
3054         (JSC::IndexedForInContext::IndexedForInContext):
3055         * bytecompiler/NodesCodegen.cpp:
3056         (JSC::PostfixNode::emitResolve):
3057         (JSC::PrefixNode::emitResolve):
3058         (JSC::ReadModifyResolveNode::emitBytecode):
3059         (JSC::AssignResolveNode::emitBytecode):
3060         (JSC::EmptyLetExpression::emitBytecode):
3061         (JSC::ForInNode::emitLoopHeader):
3062         (JSC::ForOfNode::emitBytecode):
3063         (JSC::BindingNode::bindValue const):
3064         (JSC::AssignmentElementNode::bindValue const):
3065         * runtime/CommonSlowPaths.cpp:
3066         (JSC::SLOW_PATH_DECL):
3067
3068 2018-09-17  Devin Rousso  <drousso@apple.com>
3069
3070         Web Inspector: generate CSSKeywordCompletions from backend values
3071         https://bugs.webkit.org/show_bug.cgi?id=189041
3072
3073         Reviewed by Joseph Pecoraro.
3074
3075         * inspector/protocol/CSS.json:
3076         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
3077
3078 2018-09-17  Saam barati  <sbarati@apple.com>
3079
3080         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
3081         https://bugs.webkit.org/show_bug.cgi?id=189676
3082         <rdar://problem/39682897>
3083
3084         Reviewed by Michael Saboff.
3085
3086         Because the incoming value may be TDZ, CheckStructure may end up crashing.
3087         Since the Type Profile does not currently record TDZ values in any of its
3088         data structures, this is not a semantic change in how it will show you data.
3089         It just fixes crashes when we emit a CheckStructure and the incoming value
3090         is TDZ.
3091
3092         * dfg/DFGFixupPhase.cpp:
3093         (JSC::DFG::FixupPhase::fixupNode):
3094         * dfg/DFGNode.h:
3095         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
3096
3097 2018-09-17  Darin Adler  <darin@apple.com>
3098
3099         Use OpaqueJSString rather than JSRetainPtr inside WebKit
3100         https://bugs.webkit.org/show_bug.cgi?id=189652
3101
3102         Reviewed by Saam Barati.
3103
3104         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
3105         JSStringRef.h.
3106
3107         * API/JSContext.mm:
3108         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
3109         than JSStringCreateWithCFString, simplifying the code and also obviating the
3110         need for explicit JSStringRelease.
3111         (-[JSContext setName:]): Ditto.
3112
3113         * API/JSStringRef.cpp:
3114         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
3115         It seems that additional optimization is possible, obviating the need to allocate
3116         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
3117
3118         * API/JSValue.mm:
3119         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
3120         OpaqueJSString::create and adoptRef as appropriate.
3121         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
3122         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
3123         (performPropertyOperation): Ditto.
3124         (-[JSValue invokeMethod:withArguments:]): Ditto.
3125         (valueToObjectWithoutCopy): Ditto.
3126         (containerValueToObject): Ditto.
3127         (valueToString): Ditto.
3128         (objectToValueWithoutCopy): Ditto.
3129         (objectToValue): Ditto.
3130
3131 2018-09-08  Darin Adler  <darin@apple.com>
3132
3133         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
3134         https://bugs.webkit.org/show_bug.cgi?id=189455
3135
3136         Reviewed by Keith Miller.
3137
3138         * API/JSObjectRef.cpp:
3139         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
3140         JSRetainPtr<JSStringRef>.
3141         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
3142         adopt constructor.
3143         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
3144         the array elements are now Ref.
3145
3146         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
3147         it only works for two specific unrelated types, JSStringRef and
3148         JSGlobalContextRef. Simplified the default constructor using data
3149         member initialization. Prepared to make the adopt constructor private
3150         (got everything compiling that way, then made it public again so that
3151         Apple internal software will still build). Got rid of unneeded
3152         templated constructor and assignment operator, since it's not relevant
3153         since there is no inheritance between JSRetainPtr template types.
3154         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
3155         Added move constructor and move assignment operator for slightly better
3156         performance. Simplified implementations of various member functions
3157         so they are more obviously correct, by using leakPtr in more of them
3158         and using std::exchange to make the flow of values more obvious.
3159
3160         * API/JSValue.mm:
3161         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
3162         missing JSStringRelease to fix a leak.
3163
3164         * API/tests/CustomGlobalObjectClassTest.c:
3165         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
3166         (globalObjectSetPrototypeTest): Ditto.
3167         (globalObjectPrivatePropertyTest): Ditto.
3168
3169         * API/tests/ExecutionTimeLimitTest.cpp:
3170         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
3171         (testExecutionTimeLimit): Ditto, lots more.
3172
3173         * API/tests/FunctionOverridesTest.cpp:
3174         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
3175
3176         * API/tests/JSObjectGetProxyTargetTest.cpp:
3177         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
3178         a leak.
3179
3180         * API/tests/PingPongStackOverflowTest.cpp:
3181         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
3182         JSStringRelease to fix leaks.
3183
3184         * API/tests/testapi.c:
3185         (throwException): Added. Helper function for repeated idiom where we want
3186         to throw an exception, but with additional JSStringRelease calls so we don't
3187         have to leak just to keep the code simpler to read.
3188         (MyObject_getProperty): Use throwException.
3189         (MyObject_setProperty): Ditto.
3190         (MyObject_deleteProperty): Ditto.
3191         (isValueEqualToString): Added. Helper function for an idiom where we check
3192         if something is a string and then if it's equal to a particular string
3193         constant, but a version that has an additional JSStringRelease call so we
3194         don't have to leak just to keep the code simpler to read.
3195         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
3196         (MyObject_callAsConstructor): Ditto.
3197         (MyObject_hasInstance): Ditto.
3198         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
3199         (testMarkingConstraintsAndHeapFinalizers): Ditto.
3200
3201 2018-09-14  Saam barati  <sbarati@apple.com>
3202
3203         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
3204         https://bugs.webkit.org/show_bug.cgi?id=189628
3205         <rdar://problem/39481690>
3206
3207         Reviewed by Mark Lam.
3208
3209         An Availability may point to a Node. And that Node may be removed from
3210         the graph, e.g, it's freed and its memory is no longer owned by Graph.
3211         This patch makes it so we no longer dump this metadata by default. If
3212         this metadata is interesting to you, you'll need to go in and change
3213         Graph::dump to dump the needed metadata.
3214
3215         * dfg/DFGGraph.cpp:
3216         (JSC::DFG::Graph::dump):
3217
3218 2018-09-14  Mark Lam  <mark.lam@apple.com>
3219
3220         Refactor some ForInContext code for better encapsulation.
3221         https://bugs.webkit.org/show_bug.cgi?id=189626
3222         <rdar://problem/44466415>
3223
3224         Reviewed by Keith Miller.
3225
3226         1. Add a ForInContext::m_type field to store the context type.  This does not
3227            increase the class size, but eliminates the need for a virtual call to get the
3228            type.
3229
3230            Note: we still need a virtual destructor because we'll be mingling
3231            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
3232
3233         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
3234            convenience methods.
3235
3236         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
3237            to do the casting to the subclass types.  This ensures that we'll properly
3238            assert that the casting is legal.
3239
3240         * bytecompiler/BytecodeGenerator.cpp:
3241         (JSC::BytecodeGenerator::emitGetByVal):
3242         (JSC::BytecodeGenerator::popIndexedForInScope):
3243         (JSC::BytecodeGenerator::popStructureForInScope):
3244         * bytecompiler/BytecodeGenerator.h:
3245         (JSC::ForInContext::type const):
3246         (JSC::ForInContext::isIndexedForInContext const):
3247         (JSC::ForInContext::isStructureForInContext const):
3248         (JSC::ForInContext::asIndexedForInContext):
3249         (JSC::ForInContext::asStructureForInContext):
3250         (JSC::ForInContext::ForInContext):
3251         (JSC::StructureForInContext::StructureForInContext):
3252         (JSC::IndexedForInContext::IndexedForInContext):
3253         (JSC::ForInContext::~ForInContext): Deleted.
3254
3255 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
3256
3257         Web Inspector: Record actions performed on ImageBitmapRenderingContext
3258         https://bugs.webkit.org/show_bug.cgi?id=181341
3259
3260         Reviewed by Joseph Pecoraro.
3261
3262         * inspector/protocol/Recording.json:
3263         * inspector/scripts/codegen/generator.py:
3264
3265 2018-09-14  Mike Gorse  <mgorse@suse.com>
3266
3267         builtins directory causes name conflict on Python 3
3268         https://bugs.webkit.org/show_bug.cgi?id=189552
3269
3270         Reviewed by Michael Catanzaro.
3271
3272         * CMakeLists.txt: builtins -> wkbuiltins.
3273         * DerivedSources.make: builtins -> wkbuiltins.
3274         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
3275           builtins.
3276         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
3277         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
3278         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
3279         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
3280         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
3281         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
3282         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
3283         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
3284         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
3285         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
3286         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
3287         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
3288
3289 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3290
3291         [WebAssembly] Inline WasmContext accessor functions
3292         https://bugs.webkit.org/show_bug.cgi?id=189416
3293
3294         Reviewed by Saam Barati.
3295
3296         WasmContext accessor functions are very small while it resides in the critical path of
3297         JS to Wasm function call. This patch makes them inline to improve performance.
3298         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
3299
3300         * JavaScriptCore.xcodeproj/project.pbxproj:
3301         * Sources.txt:
3302         * interpreter/CallFrame.cpp:
3303         * jit/AssemblyHelpers.cpp:
3304         * wasm/WasmB3IRGenerator.cpp:
3305         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
3306         (JSC::Wasm::Context::useFastTLS):
3307         (JSC::Wasm::Context::load const):
3308         (JSC::Wasm::Context::store):
3309         * wasm/WasmMemoryInformation.cpp:
3310         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
3311         * wasm/js/JSToWasm.cpp:
3312         * wasm/js/WebAssemblyFunction.cpp:
3313
3314 2018-09-12  David Kilzer  <ddkilzer@apple.com>
3315
3316         Move JavaScriptCore files to match Xcode project hierarchy
3317         <https://webkit.org/b/189574>
3318
3319         Reviewed by Filip Pizlo.
3320
3321         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
3322         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
3323         * CMakeLists.txt: Update for new path to
3324         generateYarrUnicodePropertyTables.py, hasher.py and
3325         JSAPIValueWrapper.h.
3326         * DerivedSources.make: Ditto. Add missing dependency on
3327         hasher.py captured by CMakeLists.txt.
3328         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
3329         reference paths. Add hasher.py library to project.
3330         * Sources.txt: Update for new path to
3331         JSAPIValueWrapper.cpp.
3332         * runtime/JSImmutableButterfly.h: Add missing includes
3333         after changes to Sources.txt and regenerating unified
3334         sources.
3335         * runtime/RuntimeType.h: Ditto.
3336         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
3337         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
3338
3339 2018-09-12  David Kilzer  <ddkilzer@apple.com>
3340
3341         Let Xcode have its way with the JavaScriptCore project
3342
3343         * JavaScriptCore.xcodeproj/project.pbxproj:
3344
3345 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
3346
3347         Add IGNORE_WARNING_.* macros
3348         https://bugs.webkit.org/show_bug.cgi?id=188996
3349
3350         Reviewed by Michael Catanzaro.
3351
3352         * API/JSCallbackObject.h:
3353         * API/tests/testapi.c:
3354         * assembler/LinkBuffer.h:
3355         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
3356         * b3/B3LowerToAir.cpp:
3357         * b3/B3Opcode.cpp:
3358         * b3/B3Type.h:
3359         * b3/B3TypeMap.h:
3360         * b3/B3Width.h:
3361         * b3/air/AirArg.cpp:
3362         * b3/air/AirArg.h:
3363         * b3/air/AirCode.h:
3364         * bytecode/Opcode.h:
3365         (JSC::padOpcodeName):
3366         * dfg/DFGSpeculativeJIT.cpp:
3367         (JSC::DFG::SpeculativeJIT::speculateNumber):
3368         (JSC::DFG::SpeculativeJIT::speculateMisc):
3369         * dfg/DFGSpeculativeJIT64.cpp:
3370         * ftl/FTLOutput.h:
3371         * jit/CCallHelpers.h:
3372         (JSC::CCallHelpers::calculatePokeOffset):
3373         * llint/LLIntData.cpp:
3374         * llint/LLIntSlowPaths.cpp:
3375         (JSC::LLInt::slowPathLogF):
3376         * runtime/ConfigFile.cpp:
3377         (JSC::ConfigFile::canonicalizePaths):
3378         * runtime/JSDataViewPrototype.cpp:
3379         * runtime/JSGenericTypedArrayViewConstructor.h:
3380         * runtime/JSGenericTypedArrayViewPrototype.h:
3381         * runtime/Options.cpp:
3382         (JSC::Options::setAliasedOption):
3383         * tools/CodeProfiling.cpp:
3384         * wasm/WasmSections.h:
3385         * wasm/generateWasmValidateInlinesHeader.py:
3386
3387 == Rolled over to ChangeLog-2018-09-11 ==