Unreviewed, rolling out r237084, r237088, r237098, and
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-15  Commit Queue  <commit-queue@webkit.org>
2
3         Unreviewed, rolling out r237084, r237088, r237098, and
4         r237114.
5         https://bugs.webkit.org/show_bug.cgi?id=190602
6
7         Breaks internal builds. (Requested by ryanhaddad on #webkit).
8
9         Reverted changesets:
10
11         "Separate configuration extraction from offset extraction"
12         https://bugs.webkit.org/show_bug.cgi?id=189708
13         https://trac.webkit.org/changeset/237084
14
15         "Gardening: Build fix after r237084."
16         https://bugs.webkit.org/show_bug.cgi?id=189708
17         https://trac.webkit.org/changeset/237088
18
19         "Gardening: Build fix after r237084."
20         https://bugs.webkit.org/show_bug.cgi?id=189708
21         https://trac.webkit.org/changeset/237098
22
23         "REGRESSION (r237084): JavaScriptCore fails to build on Linux"
24         https://trac.webkit.org/changeset/237114
25
26 2018-10-15  Keith Miller  <keith_miller@apple.com>
27
28         BytecodeDumper should print all switch labels
29         https://bugs.webkit.org/show_bug.cgi?id=190596
30
31         Reviewed by Saam Barati.
32
33         Right now the bytecode dumper only prints the default target not any of the
34         non-default targets.
35
36         * bytecode/BytecodeDumper.cpp:
37         (JSC::BytecodeDumper<Block>::dumpBytecode):
38
39 2018-10-15  Saam barati  <sbarati@apple.com>
40
41         Emit fjcvtzs on ARM64E on Darwin
42         https://bugs.webkit.org/show_bug.cgi?id=184023
43
44         Reviewed by Yusuke Suzuki and Filip Pizlo.
45
46         ARMv8.3 introduced the fjcvtzs instruction which does double->int32
47         conversion using the semantics defined by JavaScript:
48         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0801g/hko1477562192868.html
49         This patch teaches JSC to use that instruction when possible.
50
51         * assembler/ARM64Assembler.h:
52         (JSC::ARM64Assembler::fjcvtzs):
53         (JSC::ARM64Assembler::fjcvtzsInsn):
54         * assembler/MacroAssemblerARM64.cpp:
55         (JSC::MacroAssemblerARM64::collectCPUFeatures):
56         * assembler/MacroAssemblerARM64.h:
57         (JSC::MacroAssemblerARM64::supportsDoubleToInt32ConversionUsingJavaScriptSemantics):
58         (JSC::MacroAssemblerARM64::convertDoubleToInt32UsingJavaScriptSemantics):
59         * dfg/DFGSpeculativeJIT.cpp:
60         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
61         * disassembler/ARM64/A64DOpcode.cpp:
62         * disassembler/ARM64/A64DOpcode.h:
63         (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName):
64         * ftl/FTLLowerDFGToB3.cpp:
65         (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
66         * jit/JITRightShiftGenerator.cpp:
67         (JSC::JITRightShiftGenerator::generateFastPath):
68         * runtime/MathCommon.h:
69         (JSC::toInt32):
70
71 2018-10-15  Saam Barati  <sbarati@apple.com>
72
73         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
74         https://bugs.webkit.org/show_bug.cgi?id=190262
75         <rdar://problem/44986241>
76
77         Reviewed by Mark Lam.
78
79         We would take the fast path for shiftCountWithArrayStorage when the array
80         hasHoles(). However, the code for this was wrong. It'd incorrectly update
81         ArrayStorage::m_numValuesInVector. Since the hasHoles() for ArrayStorage
82         path is never taken in JetStream 2, this patch just removes that from
83         the fast path. Instead, we just fallback to the slow path when hasHoles().
84         If we find evidence that this matters for real use cases, we can
85         figure out a way to make the fast path work.
86
87         * runtime/JSArray.cpp:
88         (JSC::JSArray::shiftCountWithArrayStorage):
89
90 2018-10-15  Commit Queue  <commit-queue@webkit.org>
91
92         Unreviewed, rolling out r237054.
93         https://bugs.webkit.org/show_bug.cgi?id=190593
94
95         "this regressed JetStream 2 by 6% on iOS" (Requested by
96         saamyjoon on #webkit).
97
98         Reverted changeset:
99
100         "[JSC] JSC should have "parseFunction" to optimize Function
101         constructor"
102         https://bugs.webkit.org/show_bug.cgi?id=190340
103         https://trac.webkit.org/changeset/237054
104
105 2018-10-14  David Kilzer  <ddkilzer@apple.com>
106
107         REGRESSION (r237084): JavaScriptCore fails to build on Linux
108         <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10949>
109
110         * llint/LLIntSettingsExtractor.cpp: Attempt to fix build by
111         including <stdio.h>.
112
113 2018-10-15  Alex Christensen  <achristensen@webkit.org>
114
115         Shrink more enum classes
116         https://bugs.webkit.org/show_bug.cgi?id=190540
117
118         Reviewed by Chris Dumez.
119
120         * runtime/ConsoleTypes.h:
121
122 2018-10-15  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
123
124         [JSC] Disable DOMJIT on 32bit architecture
125         https://bugs.webkit.org/show_bug.cgi?id=190387
126
127         Reviewed by Mark Lam.
128
129         We disable DOMJIT on 32bit architecture due to exhaustion of registers.
130
131         * runtime/Options.h:
132
133 2018-10-15  Alex Christensen  <achristensen@webkit.org>
134
135         Include EnumTraits.h less
136         https://bugs.webkit.org/show_bug.cgi?id=190535
137
138         Reviewed by Chris Dumez.
139
140         * runtime/ConsoleTypes.h:
141
142 2018-10-14  Mark Lam  <mark.lam@apple.com>
143
144         Gardening: Build fix after r237084.
145         https://bugs.webkit.org/show_bug.cgi?id=189708
146
147         Unreviewd.
148
149         * llint/LLIntOffsetsExtractor.cpp:
150
151 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
152
153         [JSC] Remove Option::useAsyncIterator
154         https://bugs.webkit.org/show_bug.cgi?id=190567
155
156         Reviewed by Saam Barati.
157
158         Async iterator is enabled by default at 2017-08-09. It is already shipped in several releases,
159         and we can think that it is already mature. Let's drop the option `Option::useAsyncIterator`.
160
161         * Configurations/FeatureDefines.xcconfig:
162         * bytecompiler/BytecodeGenerator.cpp:
163         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
164         (JSC::BytecodeGenerator::emitNewFunction):
165         * parser/ASTBuilder.h:
166         (JSC::ASTBuilder::createFunctionMetadata):
167         * parser/Parser.cpp:
168         (JSC::Parser<LexerType>::parseForStatement):
169         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
170         (JSC::Parser<LexerType>::parseClass):
171         (JSC::Parser<LexerType>::parseProperty):
172         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
173         * runtime/Options.h:
174
175 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
176
177         [JSC] Remove Options::useObjectRestSpread
178         https://bugs.webkit.org/show_bug.cgi?id=190568
179
180         Reviewed by Saam Barati.
181
182         Options::useObjectRestSpread is enabled by default at 2017-06-27. It is already shipped in several releases,
183         and we can think that it is mature. Let's drop Options::useObjectRestSpread() flag.
184
185         * parser/Parser.cpp:
186         (JSC::Parser<LexerType>::Parser):
187         (JSC::Parser<LexerType>::parseDestructuringPattern):
188         (JSC::Parser<LexerType>::parseProperty):
189         * parser/Parser.h:
190         * runtime/Options.h:
191
192 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
193
194         [JSC] JSON.stringify can accept call-with-no-arguments
195         https://bugs.webkit.org/show_bug.cgi?id=190343
196
197         Reviewed by Mark Lam.
198
199         JSON.stringify can accept `JSON.stringify()` call (call-with-no-arguments) according to the spec[1].
200         Instead of throwing an error, we should take the first argument as `undefined` if it is not given.
201
202         [1]: https://tc39.github.io/ecma262/#sec-json.stringify
203
204         * runtime/JSONObject.cpp:
205         (JSC::JSONProtoFuncStringify):
206
207 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
208
209         Gardening: Build fix after r237084.
210         https://bugs.webkit.org/show_bug.cgi?id=189708
211
212         Unreviewd.
213
214         * JavaScriptCore.xcodeproj/project.pbxproj:
215
216 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
217
218         Separate configuration extraction from offset extraction
219         https://bugs.webkit.org/show_bug.cgi?id=189708
220
221         Reviewed by Keith Miller.
222
223         Instead of generating a file with all offsets for every combination of
224         configurations, we first generate a file with only the configuration
225         indices and pass that to the offset extractor. The offset extractor then
226         only generates the offsets for valid configurations
227
228         * CMakeLists.txt:
229         * JavaScriptCore.xcodeproj/project.pbxproj:
230         * llint/LLIntOffsetsExtractor.cpp:
231         (JSC::LLIntOffsetsExtractor::dummy):
232         * llint/LLIntSettingsExtractor.cpp: Added.
233         (main):
234         * offlineasm/generate_offset_extractor.rb:
235         * offlineasm/generate_settings_extractor.rb: Added.
236         * offlineasm/offsets.rb:
237         * offlineasm/settings.rb:
238
239 2018-10-12  Ryan Haddad  <ryanhaddad@apple.com>
240
241         Unreviewed, rolling out r237063.
242
243         Caused layout test fast/dom/Window/window-postmessage-clone-
244         deep-array.html to fail on macOS and iOS Debug bots.
245
246         Reverted changeset:
247
248         "[JSC] Remove gcc warnings on mips and armv7"
249         https://bugs.webkit.org/show_bug.cgi?id=188598
250         https://trac.webkit.org/changeset/237063
251
252 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
253
254         [JSC] Remove gcc warnings on mips and armv7
255         https://bugs.webkit.org/show_bug.cgi?id=188598
256
257         Reviewed by Mark Lam.
258
259         Fix many gcc/clang warnings that are false positives, mostly alignment
260         issues.
261
262         * assembler/MacroAssemblerPrinter.cpp:
263         (JSC::Printer::printMemory):
264         Use bitwise_cast instead of reinterpret_cast.
265         * assembler/testmasm.cpp:
266         (JSC::floatOperands):
267         marked as potentially unused as it is not used on all platforms.
268         (JSC::testProbeModifiesStackValues):
269         modifiedFlags is not used on mips, so don't declare it.
270         * bytecode/CodeBlock.h:
271         Make ScriptExecutable::prepareForExecution() return an
272         std::optional<Exception*> instead of a JSObject*.
273         * interpreter/Interpreter.cpp:
274         (JSC::Interpreter::executeProgram):
275         (JSC::Interpreter::executeCall):
276         (JSC::Interpreter::executeConstruct):
277         (JSC::Interpreter::prepareForRepeatCall):
278         (JSC::Interpreter::execute):
279         (JSC::Interpreter::executeModuleProgram):
280         Update calling code for the prototype change of
281         ScriptExecutable::prepareForExecution().
282         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
283         * llint/LLIntSlowPaths.cpp:
284         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
285         * runtime/JSBigInt.cpp:
286         (JSC::JSBigInt::dataStorage):
287         Use bitwise_cast instead of reinterpret_cast.
288         * runtime/ScriptExecutable.cpp:
289         * runtime/ScriptExecutable.h:
290         Make ScriptExecutable::prepareForExecution() return an
291         std::optional<Exception*> instead of a JSObject*.
292         * tools/JSDollarVM.cpp:
293         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
294
295 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
296
297         Use currentStackPointer more
298         https://bugs.webkit.org/show_bug.cgi?id=190503
299
300         Reviewed by Saam Barati.
301
302         * runtime/VM.cpp:
303         (JSC::VM::committedStackByteCount):
304
305 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
306
307         [JSC] JSC should have "parseFunction" to optimize Function constructor
308         https://bugs.webkit.org/show_bug.cgi?id=190340
309
310         Reviewed by Mark Lam.
311
312         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
313         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
314         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
315         is really costly and ideally we should meet the above requirement by the one time parsing.
316
317         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
318         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
319         For example, if we run the code,
320
321             Function('/*', '*/){')
322
323         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
324         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
325         that, in our implementation, we first create the entire string.
326
327             function anonymous(/*) {
328                 */){
329             }
330
331         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
332         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
333         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
334         above example while we parse the entire function only once. And we do not need to create two strings too.
335
336         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
337         significantly sped up (28.2%).
338
339         Before:
340             uglify-js:  2.94 runs/s
341         After:
342             uglify-js:  3.77 runs/s
343
344         * bytecode/UnlinkedFunctionExecutable.cpp:
345         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
346         * bytecode/UnlinkedFunctionExecutable.h:
347         * parser/Parser.cpp:
348         (JSC::Parser<LexerType>::parseInner):
349         (JSC::Parser<LexerType>::parseSingleFunction):
350         (JSC::Parser<LexerType>::parseFunctionInfo):
351         (JSC::Parser<LexerType>::parseFunctionDeclaration):
352         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
353         (JSC::Parser<LexerType>::parseClass):
354         (JSC::Parser<LexerType>::parsePropertyMethod):
355         (JSC::Parser<LexerType>::parseGetterSetter):
356         (JSC::Parser<LexerType>::parseFunctionExpression):
357         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
358         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
359         * parser/Parser.h:
360         (JSC::Parser<LexerType>::parse):
361         (JSC::parse):
362         (JSC::parseFunctionForFunctionConstructor):
363         * parser/ParserModes.h:
364         * parser/ParserTokens.h:
365         (JSC::JSTextPosition::JSTextPosition):
366         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
367         * parser/SourceCodeKey.h:
368         (JSC::SourceCodeKey::SourceCodeKey):
369         (JSC::SourceCodeKey::operator== const):
370         * runtime/CodeCache.cpp:
371         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
372         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
373         * runtime/CodeCache.h:
374         * runtime/FunctionConstructor.cpp:
375         (JSC::constructFunctionSkippingEvalEnabledCheck):
376         * runtime/FunctionExecutable.cpp:
377         (JSC::FunctionExecutable::fromGlobalCode):
378         * runtime/FunctionExecutable.h:
379
380 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
381
382         Fix non-existent define `CPU(JSVALUE64)`
383         https://bugs.webkit.org/show_bug.cgi?id=190479
384
385         Reviewed by Yusuke Suzuki.
386
387         * jit/CCallHelpers.h:
388         (JSC::CCallHelpers::setupArgumentsImpl):
389         Correct CPU(JSVALUE64) to USE(JSVALUE64).
390
391 2018-10-11  Keith Rollin  <krollin@apple.com>
392
393         CURRENT_ARCH should not be used in Run Script phase.
394         https://bugs.webkit.org/show_bug.cgi?id=190407
395         <rdar://problem/45133556>
396
397         Reviewed by Alexey Proskuryakov.
398
399         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
400         CURRENT_ARCH is not well-defined during this phase (and may even have
401         the value "undefined") since this phase is run just once per build
402         rather than once per supported architecture. Migrate away from
403         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
404         performing an operation for each value, or by picking the first entry
405         in ARCHS and using that as a representative value.
406
407         * JavaScriptCore.xcodeproj/project.pbxproj: Store
408         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
409         rather than CURRENT_ARCH.
410
411 2018-10-10  Mark Lam  <mark.lam@apple.com>
412
413         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
414         https://bugs.webkit.org/show_bug.cgi?id=190405
415         <rdar://problem/45131464>
416
417         Reviewed by Michael Saboff.
418
419         The ASAN detect_stack_use_after_return option checks for use of stack variables
420         after they have been freed.  It does this by allocating relevant stack variables
421         in heap memory (instead of on the stack) if the code ever takes the address of
422         those stack variables.  Unfortunately, this is a common idiom that we use to
423         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
424         computed approximate stack pointer value will point into the heap instead of the
425         stack.  This breaks the VM's expectations and wreaks havoc.
426
427         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
428         taking the address of stack variables.
429
430         We also need to enhance ExceptionScopes to be able to work with ASAN
431         detect_stack_use_after_return which will allocated the scope in the heap.  We
432         work around this by passing the current stack pointer of the instantiating calling
433         frame into the scope constructor, and using that for the position check in
434         ~ThrowScope() instead.
435
436         The above is only a start towards enabling ASAN detect_stack_use_after_return on
437         the VM.  There are still other issues to be resolved before we can run with this
438         ASAN option.
439
440         * runtime/CatchScope.h:
441         * runtime/ExceptionEventLocation.h:
442         (JSC::ExceptionEventLocation::ExceptionEventLocation):
443         * runtime/ExceptionScope.h:
444         (JSC::ExceptionScope::stackPosition const):
445         * runtime/JSLock.cpp:
446         (JSC::JSLock::didAcquireLock):
447         * runtime/ThrowScope.cpp:
448         (JSC::ThrowScope::~ThrowScope):
449         * runtime/ThrowScope.h:
450         * runtime/VM.h:
451         (JSC::VM::needExceptionCheck const):
452         (JSC::VM::isSafeToRecurse const):
453         * wasm/js/WebAssemblyFunction.cpp:
454         (JSC::callWebAssemblyFunction):
455         * yarr/YarrPattern.cpp:
456         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
457
458 2018-10-10  Devin Rousso  <drousso@apple.com>
459
460         Web Inspector: create special Network waterfall for media events
461         https://bugs.webkit.org/show_bug.cgi?id=189773
462         <rdar://problem/44626605>
463
464         Reviewed by Joseph Pecoraro.
465
466         * inspector/protocol/DOM.json:
467         Add `didFireEvent` event that is fired when specific event listeners added by
468         `InspectorInstrumentation::addEventListenersToNode` are fired.
469
470 2018-10-10  Michael Saboff  <msaboff@apple.com>
471
472         Increase executable memory pool from 64MB to 128MB for ARM64
473         https://bugs.webkit.org/show_bug.cgi?id=190453
474
475         Reviewed by Saam Barati.
476
477         * jit/ExecutableAllocator.cpp:
478
479 2018-10-10  Devin Rousso  <drousso@apple.com>
480
481         Web Inspector: notify the frontend when a canvas has started recording via console.record
482         https://bugs.webkit.org/show_bug.cgi?id=190306
483
484         Reviewed by Brian Burg.
485
486         * inspector/protocol/Canvas.json:
487         Add `recordingStarted` event.
488
489         * inspector/protocol/Recording.json:
490         Add `Initiator` enum for determining who started the recording.
491
492 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
493
494         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
495         https://bugs.webkit.org/show_bug.cgi?id=190429
496
497         Reviewed by Saam Barati.
498
499         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
500         To make it explicit that these functions can fail, we rename these functions from createXXX
501         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
502         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
503         and it should return RefPtr<>.
504
505         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
506         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
507         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
508         RELEASE_ASSERT on the result of `tryCreate(...)`.
509
510         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
511
512         This change actually finds one place which does not perform any null checkings while it uses
513         `RefPtr<> create(...)` function.
514
515         * API/JSCallbackObjectFunctions.h:
516         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
517         (JSC::JSCallbackObject<Parent>::put):
518         (JSC::JSCallbackObject<Parent>::putByIndex):
519         (JSC::JSCallbackObject<Parent>::deleteProperty):
520         (JSC::JSCallbackObject<Parent>::callbackGetter):
521         * API/JSClassRef.h:
522         (StaticValueEntry::StaticValueEntry):
523         * API/JSContext.mm:
524         (-[JSContext evaluateScript:withSourceURL:]):
525         (-[JSContext setName:]):
526         * API/JSContextRef.cpp:
527         (JSGlobalContextCopyName):
528         (JSContextCreateBacktrace):
529         * API/JSObjectRef.cpp:
530         (JSObjectCopyPropertyNames):
531         * API/JSScriptRef.cpp:
532         * API/JSStringRef.cpp:
533         (JSStringCreateWithCharactersNoCopy):
534         * API/JSValue.mm:
535         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
536         (+[JSValue valueWithNewErrorFromMessage:inContext:]):
537         (+[JSValue valueWithNewSymbolFromDescription:inContext:]):
538         (performPropertyOperation):
539         (-[JSValue invokeMethod:withArguments:]):
540         (containerValueToObject):
541         (objectToValueWithoutCopy):
542         (objectToValue):
543         * API/JSValueRef.cpp:
544         (JSValueCreateJSONString):
545         (JSValueToStringCopy):
546         * API/OpaqueJSString.cpp:
547         (OpaqueJSString::tryCreate):
548         (OpaqueJSString::create): Deleted.
549         * API/OpaqueJSString.h:
550         * API/glib/JSCContext.cpp:
551         (evaluateScriptInContext):
552         * API/glib/JSCValue.cpp:
553         (jsc_value_new_string_from_bytes):
554         * ftl/FTLLazySlowPath.h:
555         (JSC::FTL::LazySlowPath::createGenerator):
556         * ftl/FTLLazySlowPathCall.h:
557         (JSC::FTL::createLazyCallGenerator):
558         * ftl/FTLOSRExit.cpp:
559         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
560         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
561         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
562         * ftl/FTLOSRExit.h:
563         * ftl/FTLPatchpointExceptionHandle.cpp:
564         (JSC::FTL::PatchpointExceptionHandle::create):
565         (JSC::FTL::PatchpointExceptionHandle::createHandle):
566         * ftl/FTLPatchpointExceptionHandle.h:
567         * heap/EdenGCActivityCallback.h:
568         (JSC::GCActivityCallback::tryCreateEdenTimer):
569         (JSC::GCActivityCallback::createEdenTimer): Deleted.
570         * heap/FullGCActivityCallback.h:
571         (JSC::GCActivityCallback::tryCreateFullTimer):
572         (JSC::GCActivityCallback::createFullTimer): Deleted.
573         * heap/GCActivityCallback.h:
574         * heap/Heap.cpp:
575         (JSC::Heap::Heap):
576         * inspector/AsyncStackTrace.cpp:
577         (Inspector::AsyncStackTrace::create):
578         * inspector/AsyncStackTrace.h:
579         * jsc.cpp:
580         (fillBufferWithContentsOfFile):
581         * runtime/ArrayBuffer.h:
582         * runtime/GenericTypedArrayView.h:
583         * runtime/GenericTypedArrayViewInlines.h:
584         (JSC::GenericTypedArrayView<Adaptor>::create):
585         (JSC::GenericTypedArrayView<Adaptor>::tryCreate):
586         (JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
587         (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized):
588         (JSC::GenericTypedArrayView<Adaptor>::subarray const):
589         * runtime/JSArrayBufferView.cpp:
590         (JSC::JSArrayBufferView::possiblySharedImpl):
591         * runtime/JSGenericTypedArrayViewInlines.h:
592         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
593         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
594         * wasm/WasmMemory.cpp:
595         (JSC::Wasm::Memory::create):
596         (JSC::Wasm::Memory::tryCreate):
597         * wasm/WasmMemory.h:
598         * wasm/WasmTable.cpp:
599         (JSC::Wasm::Table::tryCreate):
600         (JSC::Wasm::Table::create): Deleted.
601         * wasm/WasmTable.h:
602         * wasm/js/JSWebAssemblyInstance.cpp:
603         (JSC::JSWebAssemblyInstance::create):
604         * wasm/js/JSWebAssemblyMemory.cpp:
605         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
606         * wasm/js/WebAssemblyMemoryConstructor.cpp:
607         (JSC::constructJSWebAssemblyMemory):
608         * wasm/js/WebAssemblyModuleRecord.cpp:
609         (JSC::WebAssemblyModuleRecord::link):
610         * wasm/js/WebAssemblyTableConstructor.cpp:
611         (JSC::constructJSWebAssemblyTable):
612
613 2018-10-09  Devin Rousso  <drousso@apple.com>
614
615         Web Inspector: show redirect requests in Network and Timelines tabs
616         https://bugs.webkit.org/show_bug.cgi?id=150005
617         <rdar://problem/5378164>
618
619         Reviewed by Joseph Pecoraro.
620
621         * inspector/protocol/Network.json:
622         Add missing fields to `ResourceTiming`.
623
624 2018-10-09  Claudio Saavedra  <csaavedra@igalia.com>
625
626         [WPE] Explicitly link against gmodule where used
627         https://bugs.webkit.org/show_bug.cgi?id=190398
628
629         Reviewed by Michael Catanzaro.
630
631         * PlatformWPE.cmake:
632
633 2018-10-08  Justin Fan  <justin_fan@apple.com>
634
635         WebGPU: Rename old WebGPU prototype to WebMetal
636         https://bugs.webkit.org/show_bug.cgi?id=190325
637         <rdar://problem/44990443>
638
639         Reviewed by Dean Jackson.
640
641         Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface.
642
643         * Configurations/FeatureDefines.xcconfig:
644         * inspector/protocol/Canvas.json:
645         * inspector/scripts/codegen/generator.py:
646
647 2018-10-08  Aditya Keerthi  <akeerthi@apple.com>
648
649         Make <input type=color> a runtime enabled (on-by-default) feature
650         https://bugs.webkit.org/show_bug.cgi?id=189162
651
652         Reviewed by Wenson Hsieh and Tim Horton.
653
654         * Configurations/FeatureDefines.xcconfig:
655
656 2018-10-08  Devin Rousso  <drousso@apple.com>
657
658         Web Inspector: group media network entries by the node that triggered the request
659         https://bugs.webkit.org/show_bug.cgi?id=189606
660         <rdar://problem/44438527>
661
662         Reviewed by Brian Burg.
663
664         * inspector/protocol/Network.json:
665         Add an optional `nodeId` field to the `Initiator` object that is set it is possible to
666         determine which ancestor node triggered the load. It may not correspond directly to the node
667         with the href/src, as that url may only be used by an ancestor for loading.
668
669 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
670
671         [JSC][Linux] Use non-truncated name for JIT workers in Linux
672         https://bugs.webkit.org/show_bug.cgi?id=190339
673
674         Reviewed by Mark Lam.
675
676         The current thread names are meaningless in Linux environment. We do not want to
677         have truncated name in Linux: we want to have clear name in Linux. Instead, we
678         should have the name for Linux separately from the name used in the non-Linux
679         environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for
680         Linux environment.
681
682         * dfg/DFGWorklist.cpp:
683         (JSC::DFG::createWorklistName):
684         (JSC::DFG::Worklist::Worklist):
685         (JSC::DFG::Worklist::create):
686         (JSC::DFG::ensureGlobalDFGWorklist):
687         (JSC::DFG::ensureGlobalFTLWorklist):
688         * dfg/DFGWorklist.h:
689         * jit/JITWorklist.cpp:
690
691 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
692
693         Name Heap threads
694         https://bugs.webkit.org/show_bug.cgi?id=190337
695
696         Reviewed by Mark Lam.
697
698         Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since
699         Linux does not accept the name longer than 15. We do not want to use the short name
700         for non-Linux environment. And we want to have clear name in Linux: truncated name
701         is not good. So, having the two names is the only way.
702
703         * heap/HeapHelperPool.cpp:
704         (JSC::heapHelperPool):
705
706 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
707
708         [JSC] Avoid creating ProgramExecutable in checkSyntax
709         https://bugs.webkit.org/show_bug.cgi?id=190332
710
711         Reviewed by Mark Lam.
712
713         uglify-js in web-tooling-benchmark executes massive number of Function constructor calls.
714         In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax
715         is important when the performance of Function constructor matters. Current checkSyntax code
716         unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves
717         the benchmark score slightly.
718
719         Before:
720             uglify-js:  2.87 runs/s
721         After:
722             uglify-js:  2.94 runs/s
723
724         * runtime/Completion.cpp:
725         (JSC::checkSyntaxInternal):
726         (JSC::checkSyntax):
727         * runtime/ProgramExecutable.cpp:
728         (JSC::ProgramExecutable::checkSyntax): Deleted.
729         * runtime/ProgramExecutable.h:
730
731 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
732
733         [ESNext][BigInt] Implement support for "|"
734         https://bugs.webkit.org/show_bug.cgi?id=186229
735
736         Reviewed by Yusuke Suzuki.
737
738         This patch is introducing support for BigInt into bitwise "or" operator.
739         In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and
740         "ValueBitOr", to replace "BitOr" node. The idea is to follow the
741         difference that we make on Arith<op> and Value<op>, where ArithBitOr
742         handles cases when the operands are Int32 and ValueBitOr handles
743         the remaining cases.
744
745         We are also changing op_bitor to use ValueProfile. We are using
746         ValueProfile during DFG generation to emit "ArithBitOr" when
747         outcome prediction is Int32.
748
749         * bytecode/CodeBlock.cpp:
750         (JSC::CodeBlock::finishCreation):
751         (JSC::CodeBlock::arithProfileForPC):
752         * bytecompiler/BytecodeGenerator.cpp:
753         (JSC::BytecodeGenerator::emitBinaryOp):
754         * dfg/DFGAbstractInterpreterInlines.h:
755         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
756         * dfg/DFGBackwardsPropagationPhase.cpp:
757         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
758         (JSC::DFG::BackwardsPropagationPhase::propagate):
759         * dfg/DFGByteCodeParser.cpp:
760         (JSC::DFG::ByteCodeParser::parseBlock):
761         * dfg/DFGClobberize.h:
762         (JSC::DFG::clobberize):
763         * dfg/DFGDoesGC.cpp:
764         (JSC::DFG::doesGC):
765         * dfg/DFGFixupPhase.cpp:
766         (JSC::DFG::FixupPhase::fixupNode):
767         * dfg/DFGNodeType.h:
768         * dfg/DFGOperations.cpp:
769         (JSC::DFG::bitwiseOp):
770         * dfg/DFGOperations.h:
771         * dfg/DFGPredictionPropagationPhase.cpp:
772         * dfg/DFGSafeToExecute.h:
773         (JSC::DFG::safeToExecute):
774         * dfg/DFGSpeculativeJIT.cpp:
775         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
776         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
777         * dfg/DFGSpeculativeJIT.h:
778         (JSC::DFG::SpeculativeJIT::bitOp):
779         * dfg/DFGSpeculativeJIT32_64.cpp:
780         (JSC::DFG::SpeculativeJIT::compile):
781         * dfg/DFGSpeculativeJIT64.cpp:
782         (JSC::DFG::SpeculativeJIT::compile):
783         * dfg/DFGStrengthReductionPhase.cpp:
784         (JSC::DFG::StrengthReductionPhase::handleNode):
785         * ftl/FTLCapabilities.cpp:
786         (JSC::FTL::canCompile):
787         * ftl/FTLLowerDFGToB3.cpp:
788         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
789         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
790         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr):
791         (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted.
792         * jit/JITArithmetic.cpp:
793         (JSC::JIT::emit_op_bitor):
794         * llint/LowLevelInterpreter32_64.asm:
795         * llint/LowLevelInterpreter64.asm:
796         * runtime/CommonSlowPaths.cpp:
797         (JSC::SLOW_PATH_DECL):
798         * runtime/JSBigInt.cpp:
799         (JSC::JSBigInt::bitwiseAnd):
800         (JSC::JSBigInt::bitwiseOr):
801         (JSC::JSBigInt::absoluteBitwiseOp):
802         (JSC::JSBigInt::absoluteAddOne):
803         * runtime/JSBigInt.h:
804
805 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
806
807         [JSC] Use new extra memory reporting in SparseArrayMap
808         https://bugs.webkit.org/show_bug.cgi?id=190278
809
810         Reviewed by Keith Miller.
811
812         This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory
813         to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap.
814
815         * runtime/SparseArrayValueMap.cpp:
816         (JSC::SparseArrayValueMap::add):
817         (JSC::SparseArrayValueMap::visitChildren):
818
819 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
820
821         [JSC][Linux] Support Perf JITDump logging
822         https://bugs.webkit.org/show_bug.cgi?id=189893
823
824         Reviewed by Mark Lam.
825
826         This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information.
827         We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory.
828         By using this dump and perf.data output, we can annotate JIT code with profiling information.
829
830             $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js
831             $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true
832             [ perf record: Woken up 1 times to write data ]
833             [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ]
834             $ perf inject --jit -i perf.data -o perf.jit.data
835             $ perf report -i perf.jit.data
836
837         * Sources.txt:
838         * assembler/LinkBuffer.cpp:
839         (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
840         * assembler/LinkBuffer.h:
841         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
842         * assembler/PerfLog.cpp: Added.
843         (JSC::PerfLog::singleton):
844         (JSC::generateTimestamp):
845         (JSC::getCurrentThreadID):
846         (JSC::PerfLog::PerfLog):
847         (JSC::PerfLog::write):
848         (JSC::PerfLog::flush):
849         (JSC::PerfLog::log):
850         * assembler/PerfLog.h: Added.
851         * jit/ExecutableAllocator.cpp:
852         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
853         * runtime/Options.cpp:
854         (JSC::Options::isAvailable):
855         * runtime/Options.h:
856
857 2018-10-05  Mark Lam  <mark.lam@apple.com>
858
859         Gardening: Build fix after r236880.
860         https://bugs.webkit.org/show_bug.cgi?id=190317
861
862         Unreviewed.
863
864         * jit/ExecutableAllocator.h:
865
866 2018-10-05  Mark Lam  <mark.lam@apple.com>
867
868         performJITMemcpy() should handle the case when the executable allocator is not initialized yet.
869         https://bugs.webkit.org/show_bug.cgi?id=190317
870         <rdar://problem/45039398>
871
872         Reviewed by Saam Barati.
873
874         When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy()
875         to copy memory before the JIT fixed memory pool is initialize.  Before r236864,
876         performJITMemcpy() would just do a memcpy in that case.  We need to restore the
877         equivalent behavior.
878
879         * jit/ExecutableAllocator.cpp:
880         (JSC::isJITPC):
881         * jit/ExecutableAllocator.h:
882         (JSC::performJITMemcpy):
883
884 2018-10-05  Carlos Eduardo Ramalho  <cadubentzen@gmail.com>
885
886         [WPE][JSC] Use Unified Sources for Platform-specific sources
887         https://bugs.webkit.org/show_bug.cgi?id=190300
888
889         Reviewed by Yusuke Suzuki.
890
891         Currently the GTK port already used Unified Sources with the same source files.
892         As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES
893         to the list of libraries to link with.
894
895         * PlatformWPE.cmake:
896         * SourcesWPE.txt: Added.
897         * shell/PlatformWPE.cmake:
898
899 2018-10-05  Mike Gorse  <mgorse@alum.wpi.edu>
900
901         [GTK] build fails with python 3 if LANG and LC_TYPE are unset
902         https://bugs.webkit.org/show_bug.cgi?id=190258
903
904         Reviewed by Konstantin Tokarev.
905
906         * Scripts/cssmin.py: Set stdout to UTF-8 on python 3.
907         * Scripts/generateIntlCanonicalizeLanguage.py: Open files with
908           encoding=UTF-8 on Python 3.
909         * yarr/generateYarrCanonicalizeUnicode: Ditto.
910         * yarr/generateYarrUnicodePropertyTables.py: Ditto.
911
912 2018-10-04  Mark Lam  <mark.lam@apple.com>
913
914         Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object.
915         https://bugs.webkit.org/show_bug.cgi?id=190295
916         <rdar://problem/19197193>
917
918         Reviewed by Saam Barati.
919
920         This allows us to use the tagging logic already baked into MacroAssemblerCodePtr
921         instead of needing to use our own custom version here.
922
923         * jit/ExecutableAllocator.cpp:
924         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
925         (JSC::FixedVMPoolExecutableAllocator::memoryStart):
926         (JSC::FixedVMPoolExecutableAllocator::memoryEnd):
927         (JSC::FixedVMPoolExecutableAllocator::isJITPC):
928         (JSC::ExecutableAllocator::allocate):
929         (JSC::startOfFixedExecutableMemoryPoolImpl):
930         (JSC::endOfFixedExecutableMemoryPoolImpl):
931         (JSC::isJITPC):
932         * jit/ExecutableAllocator.h:
933
934 2018-10-04  Mark Lam  <mark.lam@apple.com>
935
936         Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled.
937         https://bugs.webkit.org/show_bug.cgi?id=190283
938         <rdar://problem/45015752>
939
940         Reviewed by Keith Miller.
941
942         * runtime/Options.cpp:
943         (JSC::Options::initialize):
944         * wasm/WasmFaultSignalHandler.cpp:
945         (JSC::Wasm::enableFastMemory):
946
947 2018-10-03  Ross Kirsling  <ross.kirsling@sony.com>
948
949         [JSC] print() changes CRLF to CRCRLF on Windows
950         https://bugs.webkit.org/show_bug.cgi?id=190228
951
952         Reviewed by Mark Lam.
953
954         * jsc.cpp:
955         (main):
956         Ultimately, this is just the normal behavior of printf in text mode on Windows.
957         Since we're reading in files as binary, we need to be printing out as binary too
958         (just as we do in DumpRenderTree and ImageDiff.)
959
960 2018-10-03  Saam barati  <sbarati@apple.com>
961
962         lowXYZ in FTLLower should always filter the type of the incoming edge
963         https://bugs.webkit.org/show_bug.cgi?id=189939
964         <rdar://problem/44407030>
965
966         Reviewed by Michael Saboff.
967
968         For example, the FTL may know more about data flow than AI in certain programs,
969         and it needs to inform AI of these data flow properties to appease the assertion
970         we have in AI that a node must perform type checks on its child nodes.
971         
972         For example, consider this program:
973         
974         ```
975         bb#1
976         a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
977         Branch(...,  #2, #3)
978         
979         bb#2
980         ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
981         Jump(#3)
982         
983         bb#3
984         c: Add(Int32:@something, Int32:@a)
985         ```
986         
987         When the Add node does lowInt32() for @a, FTL lower used to just grab it
988         from the int32 hash table without filtering the AbstractValue. However,
989         the parent node is asking for a type check to happen, so we must inform
990         AI of this "type check" if we want to appease the assertion that all nodes
991         perform type checks for their edges that semantically perform type checks.
992         This patch makes it so we filter the AbstractValue in the lowXYZ even
993         if FTLLower proved the value must be XYZ.
994
995         * ftl/FTLLowerDFGToB3.cpp:
996         (JSC::FTL::DFG::LowerDFGToB3::compilePhi):
997         (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
998         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
999         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
1000         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
1001
1002 2018-10-03  Michael Saboff  <msaboff@apple.com>
1003
1004         Command line jsc should report memory footprint in bytes
1005         https://bugs.webkit.org/show_bug.cgi?id=190267
1006
1007         Reviewed by Mark Lam.
1008
1009         Change to leave the footprint values from the system unmodified.
1010
1011         * jsc.cpp:
1012         (JSCMemoryFootprint::finishCreation):
1013
1014 2018-10-03  Mark Lam  <mark.lam@apple.com>
1015
1016         Suppress unreachable code warning for LLIntAssembly.h code.
1017         https://bugs.webkit.org/show_bug.cgi?id=190263
1018         <rdar://problem/44986532>
1019
1020         Reviewed by Saam Barati.
1021
1022         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
1023         asm files, and may contain dead code which are harmless, but will trip up the warning.
1024         We should suppress the warning so that it doesn't break builds.
1025
1026         * llint/LowLevelInterpreter.cpp:
1027         (JSC::CLoop::execute):
1028
1029 2018-10-03  Dan Bernstein  <mitz@apple.com>
1030
1031         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
1032         https://bugs.webkit.org/show_bug.cgi?id=190250
1033
1034         Reviewed by Alex Christensen.
1035
1036         * API/tests/Regress141275.mm:
1037         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
1038           by making the self-retaining explicit.
1039
1040         * API/tests/testapi.cpp:
1041         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
1042           loop instead of returning from the lambda.
1043
1044         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
1045           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
1046           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
1047
1048         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
1049           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
1050
1051         * assembler/MacroAssemblerPrinter.cpp:
1052         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
1053           some commas with semicolons.
1054
1055 2018-10-03  Mark Lam  <mark.lam@apple.com>
1056
1057         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
1058         https://bugs.webkit.org/show_bug.cgi?id=190187
1059         <rdar://problem/42512909>
1060
1061         Reviewed by Michael Saboff.
1062
1063         Allowing different max string lengths at each level opens up opportunities for
1064         bugs to creep in.  With 2 different max length values, it is more difficult to
1065         keep the story straight on how we do overflow / bounds checks at each place in
1066         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
1067         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
1068         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
1069         standardize on a MaxLength of INT_MAX at all levels.
1070
1071         We'll also standardize the way we do length overflow checks on using
1072         CheckedArithmetic, and add some asserts to document the assumptions of the code.
1073
1074         * runtime/FunctionConstructor.cpp:
1075         (JSC::constructFunctionSkippingEvalEnabledCheck):
1076         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
1077         * runtime/JSString.h:
1078         (JSC::JSString::finishCreation):
1079         (JSC::JSString::createHasOtherOwner):
1080         (JSC::JSString::setLength):
1081         * runtime/JSStringInlines.h:
1082         (JSC::jsMakeNontrivialString):
1083         * runtime/Operations.h:
1084         (JSC::jsString):
1085
1086 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
1087
1088         [JSC] Add a C++ callable overload of objectConstructorSeal
1089         https://bugs.webkit.org/show_bug.cgi?id=190137
1090
1091         Reviewed by Yusuke Suzuki.
1092
1093         * runtime/ObjectConstructor.cpp:
1094         * runtime/ObjectConstructor.h:
1095
1096 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
1097
1098         Fix Disassembler-output on ARM Thumb2
1099         https://bugs.webkit.org/show_bug.cgi?id=190203
1100
1101         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
1102         execution in thumb mode for jumps and calls. The actual machine
1103         instructions are still aligned to 2-bytes though. Use dataLocation() as
1104         start address for disassembling since it unsets the thumb bit.
1105         Until now the disassembler would start at the wrong address (off by 1),
1106         resulting in the wrong disassembled machine instructions.
1107
1108         Reviewed by Mark Lam.
1109
1110         * disassembler/CapstoneDisassembler.cpp:
1111         (JSC::tryToDisassemble):
1112
1113 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1114
1115         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
1116         https://bugs.webkit.org/show_bug.cgi?id=190215
1117
1118         Reviewed by Mark Lam.
1119
1120         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
1121         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
1122         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
1123         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
1124         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
1125
1126         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
1127         non-JIT configurations. This does not have any functionality allocating executable memory, thus
1128         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
1129
1130         * jit/ExecutableAllocator.cpp:
1131         (JSC::ExecutableAllocator::initializeAllocator):
1132         (JSC::ExecutableAllocator::singleton):
1133         * jit/ExecutableAllocator.h:
1134         (JSC::ExecutableAllocator::isValid const):
1135         (JSC::ExecutableAllocator::underMemoryPressure):
1136         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1137         (JSC::ExecutableAllocator::dumpProfile):
1138         (JSC::ExecutableAllocator::allocate):
1139         (JSC::ExecutableAllocator::isValidExecutableMemory):
1140         (JSC::ExecutableAllocator::committedByteCount):
1141         (JSC::ExecutableAllocator::getLock const):
1142         (JSC::performJITMemcpy):
1143
1144 2018-10-01  Dean Jackson  <dino@apple.com>
1145
1146         Remove CSS Animation Triggers
1147         https://bugs.webkit.org/show_bug.cgi?id=190175
1148         <rdar://problem/44925626>
1149
1150         Reviewed by Simon Fraser.
1151
1152         * Configurations/FeatureDefines.xcconfig:
1153
1154 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
1155
1156         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1157         https://bugs.webkit.org/show_bug.cgi?id=190033
1158
1159         Reviewed by Yusuke Suzuki.
1160
1161         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1162         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1163         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1164         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1165         digit.
1166
1167         * runtime/JSBigInt.cpp:
1168         (JSC::JSBigInt::toString):
1169         (JSC::JSBigInt::toStringBasePowerOfTwo):
1170         * runtime/JSBigInt.h:
1171
1172 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1173
1174         [JSC] Add branchIfNaN and branchIfNotNaN
1175         https://bugs.webkit.org/show_bug.cgi?id=190122
1176
1177         Reviewed by Mark Lam.
1178
1179         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
1180
1181         * dfg/DFGSpeculativeJIT.cpp:
1182         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
1183         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
1184         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
1185         (JSC::DFG::SpeculativeJIT::compileSpread):
1186         (JSC::DFG::SpeculativeJIT::compileNewArray):
1187         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
1188         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
1189         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
1190         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
1191         * dfg/DFGSpeculativeJIT32_64.cpp:
1192         (JSC::DFG::SpeculativeJIT::compile):
1193         * dfg/DFGSpeculativeJIT64.cpp:
1194         (JSC::DFG::SpeculativeJIT::compile):
1195         * jit/AssemblyHelpers.cpp:
1196         (JSC::AssemblyHelpers::purifyNaN):
1197         * jit/AssemblyHelpers.h:
1198         (JSC::AssemblyHelpers::branchIfNaN):
1199         (JSC::AssemblyHelpers::branchIfNotNaN):
1200         * jit/JITPropertyAccess.cpp:
1201         (JSC::JIT::emitGenericContiguousPutByVal):
1202         (JSC::JIT::emitDoubleLoad):
1203         (JSC::JIT::emitFloatTypedArrayGetByVal):
1204         * jit/JITPropertyAccess32_64.cpp:
1205         (JSC::JIT::emitGenericContiguousPutByVal):
1206         * wasm/js/JSToWasm.cpp:
1207         (JSC::Wasm::createJSToWasmWrapper):
1208
1209 2018-10-01  Mark Lam  <mark.lam@apple.com>
1210
1211         Function.toString() should also copy the source code Functions that are class definitions.
1212         https://bugs.webkit.org/show_bug.cgi?id=190186
1213         <rdar://problem/44733360>
1214
1215         Reviewed by Saam Barati.
1216
1217         Previously, if the Function is a class definition, functionProtoFuncToString()
1218         would create a String using StringView::toStringWithoutCopying(), and use that
1219         String to make a JSString.  This is not a problem if the underlying SourceProvider
1220         (that backs the characters in that StringView) is immortal.  However, this is
1221         not always the case in practice.
1222
1223         This patch fixes this issue by changing functionProtoFuncToString() to create the
1224         String using StringView::toString() instead, which makes a copy of the underlying
1225         characters buffer.  This detaches the resultant JSString from the SourceProvider
1226         characters buffer that it was created from, and ensure that the underlying
1227         characters buffer of the string will be alive for the entire lifetime of the
1228         JSString.
1229
1230         * runtime/FunctionPrototype.cpp:
1231         (JSC::functionProtoFuncToString):
1232
1233 2018-10-01  Keith Miller  <keith_miller@apple.com>
1234
1235         Create a RELEASE_AND_RETURN macro for ExceptionScopes
1236         https://bugs.webkit.org/show_bug.cgi?id=190163
1237
1238         Reviewed by Mark Lam.
1239
1240         The new RELEASE_AND_RETURN does all the work for cases
1241         where you want to return the result of some expression
1242         without explicitly checking for an exception. This is
1243         much like the existing RETURN_IF_EXCEPTION macro.
1244
1245         * dfg/DFGOperations.cpp:
1246         (JSC::DFG::newTypedArrayWithSize):
1247         * interpreter/Interpreter.cpp:
1248         (JSC::eval):
1249         * jit/JITOperations.cpp:
1250         (JSC::getByVal):
1251         * jsc.cpp:
1252         (functionDollarAgentReceiveBroadcast):
1253         * llint/LLIntSlowPaths.cpp:
1254         (JSC::LLInt::setUpCall):
1255         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1256         (JSC::LLInt::varargsSetup):
1257         * profiler/ProfilerDatabase.cpp:
1258         (JSC::Profiler::Database::toJSON const):
1259         * runtime/AbstractModuleRecord.cpp:
1260         (JSC::AbstractModuleRecord::hostResolveImportedModule):
1261         * runtime/ArrayConstructor.cpp:
1262         (JSC::constructArrayWithSizeQuirk):
1263         * runtime/ArrayPrototype.cpp:
1264         (JSC::getProperty):
1265         (JSC::fastJoin):
1266         (JSC::arrayProtoFuncToString):
1267         (JSC::arrayProtoFuncToLocaleString):
1268         (JSC::arrayProtoFuncJoin):
1269         (JSC::arrayProtoFuncPop):
1270         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1271         * runtime/BigIntConstructor.cpp:
1272         (JSC::toBigInt):
1273         * runtime/CommonSlowPaths.h:
1274         (JSC::CommonSlowPaths::opInByVal):
1275         * runtime/ConstructData.cpp:
1276         (JSC::construct):
1277         * runtime/DateConstructor.cpp:
1278         (JSC::dateParse):
1279         * runtime/DatePrototype.cpp:
1280         (JSC::dateProtoFuncToPrimitiveSymbol):
1281         * runtime/DirectArguments.h:
1282         * runtime/ErrorConstructor.cpp:
1283         (JSC::Interpreter::constructWithErrorConstructor):
1284         * runtime/ErrorPrototype.cpp:
1285         (JSC::errorProtoFuncToString):
1286         * runtime/ExceptionScope.h:
1287         * runtime/FunctionConstructor.cpp:
1288         (JSC::constructFunction):
1289         * runtime/FunctionPrototype.cpp:
1290         (JSC::functionProtoFuncToString):
1291         * runtime/GenericArgumentsInlines.h:
1292         (JSC::GenericArguments<Type>::defineOwnProperty):
1293         * runtime/GetterSetter.cpp:
1294         (JSC::callGetter):
1295         * runtime/IntlCollatorConstructor.cpp:
1296         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1297         * runtime/IntlCollatorPrototype.cpp:
1298         (JSC::IntlCollatorFuncCompare):
1299         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
1300         * runtime/IntlDateTimeFormatConstructor.cpp:
1301         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1302         * runtime/IntlDateTimeFormatPrototype.cpp:
1303         (JSC::IntlDateTimeFormatFuncFormatDateTime):
1304         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
1305         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
1306         * runtime/IntlNumberFormatConstructor.cpp:
1307         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1308         * runtime/IntlNumberFormatPrototype.cpp:
1309         (JSC::IntlNumberFormatFuncFormatNumber):
1310         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
1311         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
1312         * runtime/IntlObject.cpp:
1313         (JSC::intlNumberOption):
1314         * runtime/IntlObjectInlines.h:
1315         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
1316         * runtime/IntlPluralRules.cpp:
1317         (JSC::IntlPluralRules::resolvedOptions):
1318         * runtime/IntlPluralRulesConstructor.cpp:
1319         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
1320         * runtime/IntlPluralRulesPrototype.cpp:
1321         (JSC::IntlPluralRulesPrototypeFuncSelect):
1322         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
1323         * runtime/JSArray.cpp:
1324         (JSC::JSArray::defineOwnProperty):
1325         (JSC::JSArray::put):
1326         (JSC::JSArray::setLength):
1327         (JSC::JSArray::unshiftCountWithAnyIndexingType):
1328         * runtime/JSArrayBufferPrototype.cpp:
1329         (JSC::arrayBufferProtoGetterFuncByteLength):
1330         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
1331         * runtime/JSArrayInlines.h:
1332         (JSC::toLength):
1333         * runtime/JSBoundFunction.cpp:
1334         (JSC::boundFunctionCall):
1335         (JSC::boundFunctionConstruct):
1336         * runtime/JSCJSValue.cpp:
1337         (JSC::JSValue::putToPrimitive):
1338         * runtime/JSCJSValueInlines.h:
1339         (JSC::JSValue::toIndex const):
1340         (JSC::JSValue::toPropertyKey const):
1341         (JSC::JSValue::get const):
1342         (JSC::JSValue::getPropertySlot const):
1343         (JSC::JSValue::getOwnPropertySlot const):
1344         (JSC::JSValue::equalSlowCaseInline):
1345         * runtime/JSDataView.cpp:
1346         (JSC::JSDataView::put):
1347         (JSC::JSDataView::defineOwnProperty):
1348         * runtime/JSFunction.cpp:
1349         (JSC::JSFunction::put):
1350         (JSC::JSFunction::defineOwnProperty):
1351         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1352         (JSC::constructGenericTypedArrayViewWithArguments):
1353         (JSC::constructGenericTypedArrayView):
1354         * runtime/JSGenericTypedArrayViewInlines.h:
1355         (JSC::JSGenericTypedArrayView<Adaptor>::set):
1356         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1357         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1358         (JSC::speciesConstruct):
1359         (JSC::genericTypedArrayViewProtoFuncJoin):
1360         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1361         * runtime/JSGlobalObject.cpp:
1362         (JSC::JSGlobalObject::put):
1363         * runtime/JSGlobalObjectFunctions.cpp:
1364         (JSC::decode):
1365         (JSC::globalFuncEval):
1366         (JSC::globalFuncProtoGetter):
1367         * runtime/JSInternalPromise.cpp:
1368         (JSC::JSInternalPromise::then):
1369         * runtime/JSModuleEnvironment.cpp:
1370         (JSC::JSModuleEnvironment::put):
1371         * runtime/JSModuleLoader.cpp:
1372         (JSC::JSModuleLoader::provideFetch):
1373         (JSC::JSModuleLoader::loadAndEvaluateModule):
1374         (JSC::JSModuleLoader::loadModule):
1375         (JSC::JSModuleLoader::linkAndEvaluateModule):
1376         (JSC::JSModuleLoader::requestImportModule):
1377         (JSC::JSModuleLoader::getModuleNamespaceObject):
1378         (JSC::moduleLoaderRequestedModules):
1379         * runtime/JSONObject.cpp:
1380         (JSC::Stringifier::stringify):
1381         (JSC::Stringifier::toJSON):
1382         (JSC::Walker::walk):
1383         (JSC::JSONProtoFuncStringify):
1384         * runtime/JSObject.cpp:
1385         (JSC::ordinarySetSlow):
1386         (JSC::JSObject::putInlineSlow):
1387         (JSC::JSObject::toPrimitive const):
1388         (JSC::JSObject::hasInstance):
1389         (JSC::JSObject::toNumber const):
1390         (JSC::JSObject::defineOwnIndexedProperty):
1391         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
1392         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
1393         (JSC::JSObject::defineOwnNonIndexProperty):
1394         * runtime/JSObject.h:
1395         (JSC::JSObject::get const):
1396         * runtime/JSObjectInlines.h:
1397         (JSC::JSObject::getPropertySlot const):
1398         (JSC::JSObject::putInlineForJSObject):
1399         * runtime/MapConstructor.cpp:
1400         (JSC::constructMap):
1401         * runtime/NativeErrorConstructor.cpp:
1402         (JSC::Interpreter::constructWithNativeErrorConstructor):
1403         * runtime/ObjectConstructor.cpp:
1404         (JSC::constructObject):
1405         (JSC::objectConstructorGetPrototypeOf):
1406         (JSC::objectConstructorGetOwnPropertyDescriptor):
1407         (JSC::objectConstructorGetOwnPropertyDescriptors):
1408         (JSC::objectConstructorGetOwnPropertyNames):
1409         (JSC::objectConstructorGetOwnPropertySymbols):
1410         (JSC::objectConstructorKeys):
1411         (JSC::objectConstructorDefineProperty):
1412         (JSC::objectConstructorDefineProperties):
1413         (JSC::objectConstructorCreate):
1414         * runtime/ObjectPrototype.cpp:
1415         (JSC::objectProtoFuncToLocaleString):
1416         (JSC::objectProtoFuncToString):
1417         * runtime/Operations.cpp:
1418         (JSC::jsAddSlowCase):
1419         * runtime/Operations.h:
1420         (JSC::jsString):
1421         (JSC::jsLess):
1422         (JSC::jsLessEq):
1423         * runtime/ParseInt.h:
1424         (JSC::toStringView):
1425         * runtime/ProxyConstructor.cpp:
1426         (JSC::constructProxyObject):
1427         * runtime/ProxyObject.cpp:
1428         (JSC::ProxyObject::toStringName):
1429         (JSC::performProxyGet):
1430         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
1431         (JSC::ProxyObject::performHasProperty):
1432         (JSC::ProxyObject::getOwnPropertySlotCommon):
1433         (JSC::ProxyObject::performPut):
1434         (JSC::ProxyObject::putByIndexCommon):
1435         (JSC::performProxyCall):
1436         (JSC::performProxyConstruct):
1437         (JSC::ProxyObject::performDelete):
1438         (JSC::ProxyObject::performPreventExtensions):
1439         (JSC::ProxyObject::performIsExtensible):
1440         (JSC::ProxyObject::performDefineOwnProperty):
1441         (JSC::ProxyObject::performSetPrototype):
1442         (JSC::ProxyObject::performGetPrototype):
1443         * runtime/ReflectObject.cpp:
1444         (JSC::reflectObjectConstruct):
1445         (JSC::reflectObjectDefineProperty):
1446         (JSC::reflectObjectGet):
1447         (JSC::reflectObjectGetOwnPropertyDescriptor):
1448         (JSC::reflectObjectGetPrototypeOf):
1449         (JSC::reflectObjectOwnKeys):
1450         (JSC::reflectObjectSet):
1451         * runtime/RegExpConstructor.cpp:
1452         (JSC::constructRegExp):
1453         * runtime/RegExpObject.cpp:
1454         (JSC::RegExpObject::defineOwnProperty):
1455         (JSC::RegExpObject::matchGlobal):
1456         * runtime/RegExpPrototype.cpp:
1457         (JSC::regExpProtoFuncTestFast):
1458         (JSC::regExpProtoFuncExec):
1459         (JSC::regExpProtoFuncToString):
1460         * runtime/ScriptExecutable.cpp:
1461         (JSC::ScriptExecutable::newCodeBlockFor):
1462         * runtime/SetConstructor.cpp:
1463         (JSC::constructSet):
1464         * runtime/SparseArrayValueMap.cpp:
1465         (JSC::SparseArrayValueMap::putEntry):
1466         (JSC::SparseArrayEntry::put):
1467         * runtime/StringConstructor.cpp:
1468         (JSC::stringFromCharCode):
1469         (JSC::stringFromCodePoint):
1470         * runtime/StringObject.cpp:
1471         (JSC::StringObject::put):
1472         (JSC::StringObject::putByIndex):
1473         (JSC::StringObject::defineOwnProperty):
1474         * runtime/StringPrototype.cpp:
1475         (JSC::jsSpliceSubstrings):
1476         (JSC::jsSpliceSubstringsWithSeparators):
1477         (JSC::removeUsingRegExpSearch):
1478         (JSC::replaceUsingRegExpSearch):
1479         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
1480         (JSC::replaceUsingStringSearch):
1481         (JSC::repeatCharacter):
1482         (JSC::replace):
1483         (JSC::stringProtoFuncReplaceUsingRegExp):
1484         (JSC::stringProtoFuncReplaceUsingStringSearch):
1485         (JSC::stringProtoFuncSplitFast):
1486         (JSC::stringProtoFuncToLowerCase):
1487         (JSC::stringProtoFuncToUpperCase):
1488         (JSC::toLocaleCase):
1489         (JSC::trimString):
1490         (JSC::stringProtoFuncIncludes):
1491         (JSC::builtinStringIncludesInternal):
1492         (JSC::normalize):
1493         (JSC::stringProtoFuncNormalize):
1494         * runtime/SymbolPrototype.cpp:
1495         (JSC::symbolProtoFuncToString):
1496         (JSC::symbolProtoFuncValueOf):
1497         * tools/JSDollarVM.cpp:
1498         (WTF::functionWasmStreamingParserAddBytes):
1499         (JSC::functionGetPrivateProperty):
1500         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1501         (JSC::constructJSWebAssemblyCompileError):
1502         * wasm/js/WebAssemblyModuleConstructor.cpp:
1503         (JSC::constructJSWebAssemblyModule):
1504         (JSC::WebAssemblyModuleConstructor::createModule):
1505         * wasm/js/WebAssemblyTableConstructor.cpp:
1506         (JSC::constructJSWebAssemblyTable):
1507         * wasm/js/WebAssemblyWrapperFunction.cpp:
1508         (JSC::callWebAssemblyWrapperFunction):
1509
1510 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
1511
1512         [JSC] Add a JSONStringify overload that receives a JSValue space
1513         https://bugs.webkit.org/show_bug.cgi?id=190131
1514
1515         Reviewed by Yusuke Suzuki.
1516
1517         * runtime/JSONObject.cpp:
1518         * runtime/JSONObject.h:
1519
1520 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1521
1522         Unreviewed, rolling out r236647.
1523         https://bugs.webkit.org/show_bug.cgi?id=190124
1524
1525         Breaking test stress/big-int-to-string.js (Requested by
1526         caiolima_ on #webkit).
1527
1528         Reverted changeset:
1529
1530         "[BigInt] BigInt.proptotype.toString is broken when radix is
1531         power of 2"
1532         https://bugs.webkit.org/show_bug.cgi?id=190033
1533         https://trac.webkit.org/changeset/236647
1534
1535 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1536
1537         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
1538         https://bugs.webkit.org/show_bug.cgi?id=189498
1539
1540         Reviewed by Saam Barati.
1541
1542         To call JS-to-Wasm code we need to convert the result value from wasm function to
1543         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
1544         over signature.returnType(). But since we know the value of `signature.returnType()`
1545         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
1546         and remove this switch from callWebAssemblyFunction.
1547
1548         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
1549         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
1550         we add an implementation for that.
1551
1552         * jit/AssemblyHelpers.h:
1553         (JSC::AssemblyHelpers::boxDouble):
1554         * wasm/js/JSToWasm.cpp:
1555         (JSC::Wasm::createJSToWasmWrapper):
1556         * wasm/js/WebAssemblyFunction.cpp:
1557         (JSC::callWebAssemblyFunction):
1558
1559 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1560
1561         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1562         https://bugs.webkit.org/show_bug.cgi?id=190033
1563
1564         Reviewed by Yusuke Suzuki.
1565
1566         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1567         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1568         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1569         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1570         digit.
1571
1572         * runtime/JSBigInt.cpp:
1573         (JSC::JSBigInt::toString):
1574         (JSC::JSBigInt::toStringBasePowerOfTwo):
1575         * runtime/JSBigInt.h:
1576
1577 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1578
1579         [ESNext][BigInt] Implement support for "&"
1580         https://bugs.webkit.org/show_bug.cgi?id=186228
1581
1582         Reviewed by Yusuke Suzuki.
1583
1584         This patch introduces support of BigInt into bitwise "&" operation.
1585         We are also introducing the ValueBitAnd DFG node, that is responsible
1586         to take care of JIT for non-Int32 operands. With the introduction of this
1587         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
1588         follows the behavior of ArithAdd and other arithmetic nodes, where
1589         the Arith<op> version always results in Number (in the case of
1590         ArithBitAnd, its is always an Int32).
1591
1592         * bytecode/CodeBlock.cpp:
1593         (JSC::CodeBlock::finishCreation):
1594         * bytecompiler/BytecodeGenerator.cpp:
1595         (JSC::BytecodeGenerator::emitBinaryOp):
1596         * dfg/DFGAbstractInterpreterInlines.h:
1597         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1598         * dfg/DFGBackwardsPropagationPhase.cpp:
1599         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1600         (JSC::DFG::BackwardsPropagationPhase::propagate):
1601         * dfg/DFGByteCodeParser.cpp:
1602         (JSC::DFG::ByteCodeParser::parseBlock):
1603         * dfg/DFGClobberize.h:
1604         (JSC::DFG::clobberize):
1605         * dfg/DFGDoesGC.cpp:
1606         (JSC::DFG::doesGC):
1607         * dfg/DFGFixupPhase.cpp:
1608         (JSC::DFG::FixupPhase::fixupNode):
1609         * dfg/DFGNodeType.h:
1610         * dfg/DFGOperations.cpp:
1611         * dfg/DFGOperations.h:
1612         * dfg/DFGPredictionPropagationPhase.cpp:
1613         * dfg/DFGSafeToExecute.h:
1614         (JSC::DFG::safeToExecute):
1615         * dfg/DFGSpeculativeJIT.cpp:
1616         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
1617         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
1618         * dfg/DFGSpeculativeJIT.h:
1619         (JSC::DFG::SpeculativeJIT::bitOp):
1620         * dfg/DFGSpeculativeJIT32_64.cpp:
1621         (JSC::DFG::SpeculativeJIT::compile):
1622         * dfg/DFGSpeculativeJIT64.cpp:
1623         (JSC::DFG::SpeculativeJIT::compile):
1624         * dfg/DFGStrengthReductionPhase.cpp:
1625         (JSC::DFG::StrengthReductionPhase::handleNode):
1626         * ftl/FTLCapabilities.cpp:
1627         (JSC::FTL::canCompile):
1628         * ftl/FTLLowerDFGToB3.cpp:
1629         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1630         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
1631         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
1632         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
1633         * jit/JIT.h:
1634         * jit/JITArithmetic.cpp:
1635         (JSC::JIT::emitBitBinaryOpFastPath):
1636         (JSC::JIT::emit_op_bitand):
1637         * llint/LowLevelInterpreter32_64.asm:
1638         * llint/LowLevelInterpreter64.asm:
1639         * runtime/CommonSlowPaths.cpp:
1640         (JSC::SLOW_PATH_DECL):
1641         * runtime/JSBigInt.cpp:
1642         (JSC::JSBigInt::JSBigInt):
1643         (JSC::JSBigInt::initialize):
1644         (JSC::JSBigInt::createZero):
1645         (JSC::JSBigInt::createFrom):
1646         (JSC::JSBigInt::bitwiseAnd):
1647         (JSC::JSBigInt::absoluteBitwiseOp):
1648         (JSC::JSBigInt::absoluteAnd):
1649         (JSC::JSBigInt::absoluteOr):
1650         (JSC::JSBigInt::absoluteAndNot):
1651         (JSC::JSBigInt::absoluteAddOne):
1652         (JSC::JSBigInt::absoluteSubOne):
1653         * runtime/JSBigInt.h:
1654         * runtime/JSCJSValue.h:
1655         * runtime/JSCJSValueInlines.h:
1656         (JSC::JSValue::toBigIntOrInt32 const):
1657
1658 2018-09-28  Mark Lam  <mark.lam@apple.com>
1659
1660         Gardening: speculative build fix.
1661         <rdar://problem/44869924>
1662
1663         Not reviewed.
1664
1665         * assembler/LinkBuffer.cpp:
1666         (JSC::LinkBuffer::copyCompactAndLinkCode):
1667
1668 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
1669
1670         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
1671         https://bugs.webkit.org/show_bug.cgi?id=190080
1672
1673         Reviewed by Mark Lam.
1674
1675         * assembler/ARMv7Assembler.h:
1676         (JSC::ARMv7Assembler::link):
1677         (JSC::ARMv7Assembler::linkJumpT1):
1678         (JSC::ARMv7Assembler::linkJumpT2):
1679         (JSC::ARMv7Assembler::linkJumpT3):
1680         (JSC::ARMv7Assembler::linkJumpT4):
1681         (JSC::ARMv7Assembler::linkConditionalJumpT4):
1682         (JSC::ARMv7Assembler::linkBX):
1683         (JSC::ARMv7Assembler::linkConditionalBX):
1684         * assembler/MacroAssemblerARMv7.h:
1685         (JSC::MacroAssemblerARMv7::link):
1686
1687 2018-09-27  Saam barati  <sbarati@apple.com>
1688
1689         Verify the contents of AssemblerBuffer on arm64e
1690         https://bugs.webkit.org/show_bug.cgi?id=190057
1691         <rdar://problem/38916630>
1692
1693         Reviewed by Mark Lam.
1694
1695         * assembler/ARM64Assembler.h:
1696         (JSC::ARM64Assembler::ARM64Assembler):
1697         (JSC::ARM64Assembler::fillNops):
1698         (JSC::ARM64Assembler::link):
1699         (JSC::ARM64Assembler::linkJumpOrCall):
1700         (JSC::ARM64Assembler::linkCompareAndBranch):
1701         (JSC::ARM64Assembler::linkConditionalBranch):
1702         (JSC::ARM64Assembler::linkTestAndBranch):
1703         (JSC::ARM64Assembler::unlinkedCode): Deleted.
1704         * assembler/ARMAssembler.h:
1705         (JSC::ARMAssembler::fillNops):
1706         * assembler/ARMv7Assembler.h:
1707         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
1708         * assembler/AbstractMacroAssembler.h:
1709         (JSC::AbstractMacroAssembler::emitNops):
1710         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
1711         * assembler/AssemblerBuffer.h:
1712         (JSC::ARM64EHash::ARM64EHash):
1713         (JSC::ARM64EHash::update):
1714         (JSC::ARM64EHash::hash const):
1715         (JSC::ARM64EHash::randomSeed const):
1716         (JSC::AssemblerBuffer::AssemblerBuffer):
1717         (JSC::AssemblerBuffer::putShort):
1718         (JSC::AssemblerBuffer::putIntUnchecked):
1719         (JSC::AssemblerBuffer::putInt):
1720         (JSC::AssemblerBuffer::hash const):
1721         (JSC::AssemblerBuffer::data const):
1722         (JSC::AssemblerBuffer::putIntegralUnchecked):
1723         (JSC::AssemblerBuffer::append): Deleted.
1724         * assembler/LinkBuffer.cpp:
1725         (JSC::LinkBuffer::copyCompactAndLinkCode):
1726         * assembler/MIPSAssembler.h:
1727         (JSC::MIPSAssembler::fillNops):
1728         * assembler/MacroAssemblerARM64.h:
1729         (JSC::MacroAssemblerARM64::jumpsToLink):
1730         (JSC::MacroAssemblerARM64::link):
1731         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
1732         * assembler/MacroAssemblerARMv7.h:
1733         (JSC::MacroAssemblerARMv7::jumpsToLink):
1734         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
1735         * assembler/X86Assembler.h:
1736         (JSC::X86Assembler::fillNops):
1737
1738 2018-09-27  Mark Lam  <mark.lam@apple.com>
1739
1740         ByValInfo should not use integer offsets.
1741         https://bugs.webkit.org/show_bug.cgi?id=190070
1742         <rdar://problem/44803430>
1743
1744         Reviewed by Saam Barati.
1745
1746         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
1747
1748         * bytecode/ByValInfo.h:
1749         (JSC::ByValInfo::ByValInfo):
1750         * jit/JIT.cpp:
1751         (JSC::JIT::link):
1752         * jit/JITOpcodes.cpp:
1753         (JSC::JIT::privateCompileHasIndexedProperty):
1754         * jit/JITOpcodes32_64.cpp:
1755         (JSC::JIT::privateCompileHasIndexedProperty):
1756         * jit/JITPropertyAccess.cpp:
1757         (JSC::JIT::privateCompileGetByVal):
1758         (JSC::JIT::privateCompileGetByValWithCachedId):
1759         (JSC::JIT::privateCompilePutByVal):
1760         (JSC::JIT::privateCompilePutByValWithCachedId):
1761
1762 2018-09-27  Saam barati  <sbarati@apple.com>
1763
1764         DFG::OSRExit::m_patchableCodeOffset should not be an int
1765         https://bugs.webkit.org/show_bug.cgi?id=190066
1766         <rdar://problem/39498244>
1767
1768         Reviewed by Mark Lam.
1769
1770         * dfg/DFGJITCompiler.cpp:
1771         (JSC::DFG::JITCompiler::linkOSRExits):
1772         (JSC::DFG::JITCompiler::link):
1773         * dfg/DFGOSRExit.cpp:
1774         (JSC::DFG::OSRExit::codeLocationForRepatch const):
1775         (JSC::DFG::OSRExit::compileOSRExit):
1776         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
1777         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
1778         (JSC::DFG::OSRExit::correctJump): Deleted.
1779         * dfg/DFGOSRExit.h:
1780         * dfg/DFGOSRExitCompilationInfo.h:
1781
1782 2018-09-27  Saam barati  <sbarati@apple.com>
1783
1784         Don't use int offsets in StructureStubInfo
1785         https://bugs.webkit.org/show_bug.cgi?id=190064
1786         <rdar://problem/44784719>
1787
1788         Reviewed by Mark Lam.
1789
1790         * bytecode/InlineAccess.cpp:
1791         (JSC::linkCodeInline):
1792         * bytecode/StructureStubInfo.h:
1793         (JSC::StructureStubInfo::slowPathCallLocation):
1794         (JSC::StructureStubInfo::doneLocation):
1795         (JSC::StructureStubInfo::slowPathStartLocation):
1796         * jit/JITInlineCacheGenerator.cpp:
1797         (JSC::JITInlineCacheGenerator::finalize):
1798
1799 2018-09-27  Mark Lam  <mark.lam@apple.com>
1800
1801         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
1802         https://bugs.webkit.org/show_bug.cgi?id=190054
1803         <rdar://problem/44803543>
1804
1805         Reviewed by Saam Barati.
1806
1807         * dfg/DFGJITCode.h:
1808         (JSC::DFG::JITCode::appendOSREntryData):
1809         * dfg/DFGJITCompiler.cpp:
1810         (JSC::DFG::JITCompiler::noticeOSREntry):
1811         * dfg/DFGOSREntry.cpp:
1812         (JSC::DFG::OSREntryData::dumpInContext const):
1813         (JSC::DFG::prepareOSREntry):
1814         * dfg/DFGOSREntry.h:
1815         * runtime/JSCPtrTag.h:
1816
1817 2018-09-27  Mark Lam  <mark.lam@apple.com>
1818
1819         JITMathIC should not use integer offsets into machine code.
1820         https://bugs.webkit.org/show_bug.cgi?id=190030
1821         <rdar://problem/44803307>
1822
1823         Reviewed by Saam Barati.
1824
1825         We'll replace them with CodeLocation smart pointers instead.
1826
1827         * jit/JITMathIC.h:
1828         (JSC::isProfileEmpty):
1829
1830 2018-09-26  Mark Lam  <mark.lam@apple.com>
1831
1832         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
1833         https://bugs.webkit.org/show_bug.cgi?id=190022
1834         <rdar://problem/44800928>
1835
1836         Reviewed by Saam Barati.
1837
1838         * jit/ExecutableAllocator.cpp:
1839         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1840         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1841         * jit/ExecutableAllocator.h:
1842         (JSC::performJITMemcpy):
1843         * runtime/Options.cpp:
1844         (JSC::recomputeDependentOptions):
1845
1846 2018-09-26  Mark Lam  <mark.lam@apple.com>
1847
1848         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
1849         https://bugs.webkit.org/show_bug.cgi?id=190016
1850         <rdar://problem/44802875>
1851
1852         Reviewed by Saam Barati.
1853
1854         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
1855         JIT memory.
1856
1857         * assembler/ARM64Assembler.h:
1858         (JSC::ARM64Assembler::fillNops):
1859         (JSC::ARM64Assembler::replaceWithVMHalt):
1860         (JSC::ARM64Assembler::replaceWithJump):
1861         (JSC::ARM64Assembler::replaceWithLoad):
1862         (JSC::ARM64Assembler::replaceWithAddressComputation):
1863         (JSC::ARM64Assembler::setPointer):
1864         (JSC::ARM64Assembler::repatchInt32):
1865         (JSC::ARM64Assembler::repatchCompact):
1866         (JSC::ARM64Assembler::linkJumpOrCall):
1867         (JSC::ARM64Assembler::linkCompareAndBranch):
1868         (JSC::ARM64Assembler::linkConditionalBranch):
1869         (JSC::ARM64Assembler::linkTestAndBranch):
1870         * assembler/LinkBuffer.cpp:
1871         (JSC::LinkBuffer::copyCompactAndLinkCode):
1872         (JSC::LinkBuffer::linkCode):
1873         * jit/ExecutableAllocator.h:
1874         (JSC::performJITMemcpy):
1875
1876 2018-09-25  Keith Miller  <keith_miller@apple.com>
1877
1878         Move Symbol API to SPI
1879         https://bugs.webkit.org/show_bug.cgi?id=189946
1880
1881         Reviewed by Michael Saboff.
1882
1883         Some of the property access methods on JSValue needed to be moved
1884         to a category so that SPI overloads don't result in a compiler
1885         error for internal users.
1886
1887         Additionally, this patch does not move the new enum entry for
1888         Symbols in the JSType enumeration.
1889
1890         * API/JSObjectRef.h:
1891         * API/JSObjectRefPrivate.h:
1892         * API/JSValue.h:
1893         * API/JSValuePrivate.h:
1894         * API/JSValueRef.h:
1895
1896 2018-09-26  Keith Miller  <keith_miller@apple.com>
1897
1898         We should zero unused property storage when rebalancing array storage.
1899         https://bugs.webkit.org/show_bug.cgi?id=188151
1900
1901         Reviewed by Michael Saboff.
1902
1903         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
1904         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
1905         property storage.
1906
1907         * runtime/JSArray.cpp:
1908         (JSC::JSArray::unshiftCountSlowCase):
1909
1910 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1911
1912         Unreviewed, add scope verification handling
1913         https://bugs.webkit.org/show_bug.cgi?id=189780
1914
1915         * runtime/ArrayPrototype.cpp:
1916         (JSC::arrayProtoFuncIndexOf):
1917         (JSC::arrayProtoFuncLastIndexOf):
1918
1919 2018-09-26  Koby Boyango  <koby.b@mce.systems>
1920
1921         [JSC] offlineasm parser should handle CRLF in asm files
1922         https://bugs.webkit.org/show_bug.cgi?id=189949
1923
1924         Reviewed by Mark Lam.
1925
1926         * offlineasm/parser.rb:
1927
1928 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1929
1930         [JSC] Optimize Array#lastIndexOf
1931         https://bugs.webkit.org/show_bug.cgi?id=189780
1932
1933         Reviewed by Saam Barati.
1934
1935         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
1936         for JSArray with contiguous storage.
1937
1938         * runtime/ArrayPrototype.cpp:
1939         (JSC::arrayProtoFuncLastIndexOf):
1940
1941 2018-09-25  Saam Barati  <sbarati@apple.com>
1942
1943         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1944         https://bugs.webkit.org/show_bug.cgi?id=189940
1945         <rdar://problem/43640987>
1946
1947         Reviewed by Mark Lam.
1948
1949         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
1950         CodeBlock. There is nothing semantically wrong with doing that (except for
1951         poor naming), however, the poor naming here led us to make a real semantic
1952         mistake. We wanted the baseline CodeBlock's constant pool, but we were
1953         accessing the FTL CodeBlock's constant pool accidentally. We need to
1954         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
1955         constant value.
1956
1957         * bytecode/InlineCallFrame.h:
1958         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
1959         * ftl/FTLOperations.cpp:
1960         (JSC::FTL::operationMaterializeObjectInOSR):
1961
1962 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
1963
1964         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
1965         https://bugs.webkit.org/show_bug.cgi?id=189962
1966         <rdar://problem/44648287>
1967
1968         Reviewed by Brian Burg.
1969
1970         * inspector/scripts/codegen/generate_objc_header.py:
1971         (ObjCHeaderGenerator._callback_block_for_command):
1972         If there are no return parameters include "void" in the block signature.
1973
1974         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
1975         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
1976         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1977         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1978         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
1979         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
1980         Rebaseline test results.
1981
1982 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
1983
1984         Remove AUTHORS and THANKS files which are stale
1985         https://bugs.webkit.org/show_bug.cgi?id=189941
1986
1987         Reviewed by Darin Adler.
1988
1989         Included mentions below so their names are still in ChangeLogs.
1990
1991         * AUTHORS: Removed.
1992         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
1993         These authors remain mentioned in copyrights in source files.
1994
1995         * THANKS: Removed.
1996         Richard Moore <rich@kde.org> - for filling the Math object with some life
1997         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
1998         Marco Pinelli <pinmc@libero.it> - for his patches
1999         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
2000         
2001 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
2002
2003         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
2004         https://bugs.webkit.org/show_bug.cgi?id=189733
2005
2006         Reviewed by Michael Catanzaro.
2007
2008         * assembler/ARM64Assembler.h:
2009         * assembler/ARMAssembler.h:
2010         (JSC::ARMAssembler::cacheFlush):
2011         * assembler/MacroAssemblerARM.cpp:
2012         (JSC::isVFPPresent):
2013         * assembler/MacroAssemblerARM64.cpp:
2014         * assembler/MacroAssemblerARMv7.cpp:
2015         * assembler/MacroAssemblerMIPS.cpp:
2016         * assembler/MacroAssemblerX86Common.cpp:
2017         * heap/HeapCell.cpp:
2018         * heap/HeapCell.h:
2019         * jit/HostCallReturnValue.h:
2020         * jit/JIT.h:
2021         * jit/JITOperations.cpp:
2022         * jit/ThunkGenerators.cpp:
2023         * runtime/ArrayConventions.cpp:
2024         (JSC::clearArrayMemset):
2025         * runtime/JSBigInt.cpp:
2026         (JSC::JSBigInt::digitDiv):
2027
2028 2018-09-24  Saam Barati  <sbarati@apple.com>
2029
2030         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
2031         https://bugs.webkit.org/show_bug.cgi?id=189922
2032         <rdar://problem/44651275>
2033
2034         Reviewed by Mark Lam.
2035
2036         The implementation was first getting the length to iterate up to,
2037         then getting the starting index. However, getting the starting
2038         index may perform effects. e.g, it could change the length of the
2039         array. This changes it so we verify the length is still valid.
2040
2041         * runtime/ArrayPrototype.cpp:
2042         (JSC::arrayProtoFuncIndexOf):
2043
2044 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
2045
2046         offlineasm: fix macro scoping
2047         https://bugs.webkit.org/show_bug.cgi?id=189902
2048
2049         Reviewed by Mark Lam.
2050
2051         In the code below, the reference to `f` in `g`, which should refer to
2052         the outer macro definition will instead refer to the f argument of the
2053         anonymous macro passed to `g`. That leads to this code failing to
2054         compile (f expected 0 args but got 1).
2055         
2056         ```
2057         macro f(x)
2058             move x, t0
2059         end
2060         
2061         macro g(fn)
2062             fn(macro () f(42) end)
2063         end
2064         
2065         g(macro(f) f() end)
2066         ```
2067
2068         * offlineasm/ast.rb:
2069         * offlineasm/transform.rb:
2070
2071 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
2072
2073         Add forEach method for iterating CodeBlock's ValueProfiles
2074         https://bugs.webkit.org/show_bug.cgi?id=189897
2075
2076         Reviewed by Mark Lam.
2077
2078         Add method to abstract how we find ValueProfiles in a CodeBlock in
2079         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
2080         ValueProfiles will be stored in the MetadataTable.
2081
2082         * bytecode/CodeBlock.cpp:
2083         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2084         (JSC::CodeBlock::updateAllValueProfilePredictions):
2085         (JSC::CodeBlock::shouldOptimizeNow):
2086         (JSC::CodeBlock::dumpValueProfiles):
2087         * bytecode/CodeBlock.h:
2088         (JSC::CodeBlock::forEachValueProfile):
2089         (JSC::CodeBlock::numberOfArgumentValueProfiles):
2090         (JSC::CodeBlock::valueProfileForArgument):
2091         (JSC::CodeBlock::numberOfValueProfiles):
2092         (JSC::CodeBlock::valueProfile):
2093         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
2094         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
2095         * tools/HeapVerifier.cpp:
2096         (JSC::HeapVerifier::validateJSCell):
2097
2098 2018-09-24  Saam barati  <sbarati@apple.com>
2099
2100         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
2101         https://bugs.webkit.org/show_bug.cgi?id=189682
2102         <rdar://problem/43557315>
2103
2104         Reviewed by Mark Lam.
2105
2106         Otherwise, if we have code like this:
2107         ```
2108         a: Arguments
2109         b: GetButterfly(@a)
2110         c: ForceExit
2111         d: GetArrayLength(@a, @b)
2112         ```
2113         it will get transformed into this invalid DFG IR:
2114         ```
2115         a: PhantomArguments
2116         b: Check(@a)
2117         c: ForceExit
2118         d: GetArrayLength(@a, @b)
2119         ```
2120         
2121         And we will fail DFG validation since @b does not have a result.
2122         
2123         The fix is to just remove all nodes after the ForceExit and plant an
2124         Unreachable after it. So the above code program will now turn into this:
2125         ```
2126         a: PhantomArguments
2127         b: Check(@a)
2128         c: ForceExit
2129         e: Unreachable
2130         ```
2131
2132         * dfg/DFGArgumentsEliminationPhase.cpp:
2133
2134 2018-09-22  Saam barati  <sbarati@apple.com>
2135
2136         The sampling should not use Strong<CodeBlock> in its machineLocation field
2137         https://bugs.webkit.org/show_bug.cgi?id=189319
2138
2139         Reviewed by Filip Pizlo.
2140
2141         The sampling profiler has a CLI mode where we gather information about inline
2142         call frames. That data structure was using a Strong<CodeBlock>. We were
2143         constructing this Strong<CodeBlock> during GC concurrently to processing all
2144         the Strong handles. This is a bug since we end up corrupting that data
2145         structure. This patch fixes this by just making this data structure use the
2146         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
2147
2148         * inspector/agents/InspectorScriptProfilerAgent.cpp:
2149         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
2150         * runtime/SamplingProfiler.cpp:
2151         (JSC::SamplingProfiler::processUnverifiedStackTraces):
2152
2153         (JSC::SamplingProfiler::reportTopFunctions):
2154         (JSC::SamplingProfiler::reportTopBytecodes):
2155         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
2156         cause a GC to happen while already holding the sampling profiler's
2157         lock.
2158
2159 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2160
2161         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
2162         https://bugs.webkit.org/show_bug.cgi?id=189778
2163
2164         Reviewed by Keith Miller.
2165
2166         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
2167         Linux and macOS respectively. We would like to enable it for non JIT
2168         configurations in X86_64 and ARM64.
2169
2170         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
2171         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
2172         configuration. But it is wrong in the new scenario since we have a build
2173         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
2174         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
2175         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
2176         related to LLInt ASM interpreter and not related to JIT.
2177
2178         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
2179         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
2180         has machine register information that is used in LLInt ASM interpreter.
2181
2182         * API/tests/PingPongStackOverflowTest.cpp:
2183         (testPingPongStackOverflow):
2184         * CMakeLists.txt:
2185         * JavaScriptCore.xcodeproj/project.pbxproj:
2186         * assembler/MaxFrameExtentForSlowPathCall.h:
2187         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
2188         * bytecode/CodeBlock.cpp:
2189         (JSC::CodeBlock::finishCreation):
2190         * bytecode/CodeBlock.h:
2191         (JSC::CodeBlock::calleeSaveRegisters const):
2192         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
2193         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2194         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
2195         * bytecode/Opcode.h:
2196         (JSC::padOpcodeName):
2197         * heap/Heap.cpp:
2198         (JSC::Heap::gatherJSStackRoots):
2199         (JSC::Heap::stopThePeriphery):
2200         * interpreter/CLoopStack.cpp:
2201         * interpreter/CLoopStack.h:
2202         * interpreter/CLoopStackInlines.h:
2203         * interpreter/EntryFrame.h:
2204         * interpreter/Interpreter.cpp:
2205         (JSC::Interpreter::Interpreter):
2206         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
2207         * interpreter/Interpreter.h:
2208         * interpreter/StackVisitor.cpp:
2209         (JSC::StackVisitor::Frame::calleeSaveRegisters):
2210         * interpreter/VMEntryRecord.h:
2211         * jit/ExecutableAllocator.h:
2212         * jit/FPRInfo.h:
2213         (WTF::printInternal):
2214         * jit/GPRInfo.cpp:
2215         * jit/GPRInfo.h:
2216         (WTF::printInternal):
2217         * jit/HostCallReturnValue.cpp:
2218         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
2219         * jit/HostCallReturnValue.h:
2220         * jit/JITOperations.cpp:
2221         (JSC::getHostCallReturnValueWithExecState): Deleted.
2222         * jit/JITOperationsMSVC64.cpp:
2223         * jit/Reg.cpp:
2224         * jit/Reg.h:
2225         * jit/RegisterAtOffset.cpp:
2226         * jit/RegisterAtOffset.h:
2227         * jit/RegisterAtOffsetList.cpp:
2228         * jit/RegisterAtOffsetList.h:
2229         * jit/RegisterMap.h:
2230         * jit/RegisterSet.cpp:
2231         * jit/RegisterSet.h:
2232         * jit/TempRegisterSet.cpp:
2233         * jit/TempRegisterSet.h:
2234         * llint/LLIntCLoop.cpp:
2235         * llint/LLIntCLoop.h:
2236         * llint/LLIntData.cpp:
2237         (JSC::LLInt::initialize):
2238         (JSC::LLInt::Data::performAssertions):
2239         * llint/LLIntData.h:
2240         * llint/LLIntOfflineAsmConfig.h:
2241         * llint/LLIntOpcode.h:
2242         * llint/LLIntPCRanges.h:
2243         * llint/LLIntSlowPaths.cpp:
2244         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2245         * llint/LLIntSlowPaths.h:
2246         * llint/LLIntThunks.cpp:
2247         * llint/LowLevelInterpreter.cpp:
2248         * llint/LowLevelInterpreter.h:
2249         * runtime/JSCJSValue.h:
2250         * runtime/MachineContext.h:
2251         * runtime/SamplingProfiler.cpp:
2252         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
2253         for LLInt ASM interpreter with non JIT configuration.
2254         * runtime/TestRunnerUtils.cpp:
2255         (JSC::optimizeNextInvocation):
2256         * runtime/VM.cpp:
2257         (JSC::VM::VM):
2258         (JSC::VM::getHostFunction):
2259         (JSC::VM::updateSoftReservedZoneSize):
2260         (JSC::sanitizeStackForVM):
2261         (JSC::VM::committedStackByteCount):
2262         * runtime/VM.h:
2263         * runtime/VMInlines.h:
2264         (JSC::VM::ensureStackCapacityFor):
2265         (JSC::VM::isSafeToRecurseSoft const):
2266
2267 2018-09-21  Keith Miller  <keith_miller@apple.com>
2268
2269         Add Promise SPI
2270         https://bugs.webkit.org/show_bug.cgi?id=189809
2271
2272         Reviewed by Saam Barati.
2273
2274         The Patch adds new SPI to create promises. It's mostly SPI because
2275         I want to see how internal users react to it before we make it
2276         public.
2277
2278         This patch adds a couple of new Obj-C SPI methods. The first
2279         creates a new promise using the same API that JS does where the
2280         user provides an executor callback. If an exception is raised
2281         in/to that callback the promise is automagically rejected. The
2282         other methods create a pre-resolved or rejected promise as this
2283         appears to be a common way to initialize a promise.
2284
2285         I was also considering adding a second version of executor API
2286         where it would catch specific Obj-C exceptions. This would work by
2287         taking a Class paramter and checking isKindOfClass: on the
2288         exception. I decided against this as nothing else in our API
2289         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2290         corrupt state if an Obj-C exception unwinds through JS frames.
2291
2292         This patch adds a new C function that will create a "deferred"
2293         promise. A deferred promise is a style of creating promise/futures
2294         where the resolve and reject functions are passed as outputs of a
2295         function. I went with this style for the C SPI because we don't have
2296         any concept of forwarding exceptions in the C API.
2297
2298         In order to make the C API work I refactored a bit of the promise code
2299         so that we can call a static method on JSDeferredPromise and just get
2300         the components without allocating an extra cell wrapper.
2301
2302         * API/JSContext.mm:
2303         (+[JSContext currentCallee]):
2304         * API/JSObjectRef.cpp:
2305         (JSObjectMakeDeferredPromise):
2306         * API/JSObjectRefPrivate.h:
2307         * API/JSValue.mm:
2308         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2309         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2310         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2311         * API/JSValuePrivate.h: Added.
2312         * API/JSVirtualMachine.mm:
2313         * API/JSVirtualMachinePrivate.h:
2314         * API/tests/testapi.c:
2315         (main):
2316         * API/tests/testapi.cpp:
2317         (APIContext::operator JSC::ExecState*):
2318         (TestAPI::failed const):
2319         (TestAPI::check):
2320         (TestAPI::basicSymbol):
2321         (TestAPI::symbolsTypeof):
2322         (TestAPI::symbolsGetPropertyForKey):
2323         (TestAPI::symbolsSetPropertyForKey):
2324         (TestAPI::symbolsHasPropertyForKey):
2325         (TestAPI::symbolsDeletePropertyForKey):
2326         (TestAPI::promiseResolveTrue):
2327         (TestAPI::promiseRejectTrue):
2328         (testCAPIViaCpp):
2329         (TestAPI::run): Deleted.
2330         * API/tests/testapi.mm:
2331         (testObjectiveCAPIMain):
2332         (promiseWithExecutor):
2333         (promiseRejectOnJSException):
2334         (promiseCreateResolved):
2335         (promiseCreateRejected):
2336         (parallelPromiseResolveTest):
2337         (testObjectiveCAPI):
2338         * JavaScriptCore.xcodeproj/project.pbxproj:
2339         * runtime/JSInternalPromiseDeferred.cpp:
2340         (JSC::JSInternalPromiseDeferred::create):
2341         * runtime/JSPromise.h:
2342         * runtime/JSPromiseConstructor.cpp:
2343         (JSC::constructPromise):
2344         * runtime/JSPromiseDeferred.cpp:
2345         (JSC::JSPromiseDeferred::createDeferredData):
2346         (JSC::JSPromiseDeferred::create):
2347         (JSC::JSPromiseDeferred::finishCreation):
2348         (JSC::newPromiseCapability): Deleted.
2349         * runtime/JSPromiseDeferred.h:
2350         (JSC::JSPromiseDeferred::promise const):
2351         (JSC::JSPromiseDeferred::resolve const):
2352         (JSC::JSPromiseDeferred::reject const):
2353
2354 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
2355
2356         Unreviewed, rolling out r236359.
2357
2358         Broke the Windows build.
2359
2360         Reverted changeset:
2361
2362         "Add Promise SPI"
2363         https://bugs.webkit.org/show_bug.cgi?id=189809
2364         https://trac.webkit.org/changeset/236359
2365
2366 2018-09-21  Mark Lam  <mark.lam@apple.com>
2367
2368         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
2369         https://bugs.webkit.org/show_bug.cgi?id=189855
2370         <rdar://problem/44680181>
2371
2372         Reviewed by Filip Pizlo.
2373
2374         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
2375         ExecState* argument.  This is intentional so that resolveRope() does not throw
2376         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
2377         get the VM from the cell instead of via the ExecState.
2378
2379         Also removed an obsolete and unused field in JSString.
2380
2381         * runtime/JSString.cpp:
2382         (JSC::JSRopeString::resolveRope const):
2383         (JSC::JSRopeString::outOfMemory const):
2384         * runtime/JSString.h:
2385         (JSC::JSString::tryGetValue const):
2386
2387 2018-09-21  Michael Saboff  <msaboff@apple.com>
2388
2389         Add functions to measure memory footprint to JSC
2390         https://bugs.webkit.org/show_bug.cgi?id=189768
2391
2392         Reviewed by Saam Barati.
2393
2394         Rolling this back in again.
2395
2396         Provide system memory metrics for the current process to aid in memory reduction measurement and
2397         tuning using native JS tests.
2398
2399         * jsc.cpp:
2400         (MemoryFootprint::now):
2401         (MemoryFootprint::resetPeak):
2402         (GlobalObject::finishCreation):
2403         (JSCMemoryFootprint::JSCMemoryFootprint):
2404         (JSCMemoryFootprint::createStructure):
2405         (JSCMemoryFootprint::create):
2406         (JSCMemoryFootprint::finishCreation):
2407         (JSCMemoryFootprint::addProperty):
2408         (functionResetMemoryPeak):
2409
2410 2018-09-21  Keith Miller  <keith_miller@apple.com>
2411
2412         Add Promise SPI
2413         https://bugs.webkit.org/show_bug.cgi?id=189809
2414
2415         Reviewed by Saam Barati.
2416
2417         The Patch adds new SPI to create promises. It's mostly SPI because
2418         I want to see how internal users react to it before we make it
2419         public.
2420
2421         This patch adds a couple of new Obj-C SPI methods. The first
2422         creates a new promise using the same API that JS does where the
2423         user provides an executor callback. If an exception is raised
2424         in/to that callback the promise is automagically rejected. The
2425         other methods create a pre-resolved or rejected promise as this
2426         appears to be a common way to initialize a promise.
2427
2428         I was also considering adding a second version of executor API
2429         where it would catch specific Obj-C exceptions. This would work by
2430         taking a Class paramter and checking isKindOfClass: on the
2431         exception. I decided against this as nothing else in our API
2432         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2433         corrupt state if an Obj-C exception unwinds through JS frames.
2434
2435         This patch adds a new C function that will create a "deferred"
2436         promise. A deferred promise is a style of creating promise/futures
2437         where the resolve and reject functions are passed as outputs of a
2438         function. I went with this style for the C SPI because we don't have
2439         any concept of forwarding exceptions in the C API.
2440
2441         In order to make the C API work I refactored a bit of the promise code
2442         so that we can call a static method on JSDeferredPromise and just get
2443         the components without allocating an extra cell wrapper.
2444
2445         * API/JSContext.mm:
2446         (+[JSContext currentCallee]):
2447         * API/JSObjectRef.cpp:
2448         (JSObjectMakeDeferredPromise):
2449         * API/JSObjectRefPrivate.h:
2450         * API/JSValue.mm:
2451         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2452         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2453         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2454         * API/JSValuePrivate.h: Added.
2455         * API/JSVirtualMachine.mm:
2456         * API/JSVirtualMachinePrivate.h:
2457         * API/tests/testapi.c:
2458         (main):
2459         * API/tests/testapi.cpp:
2460         (APIContext::operator JSC::ExecState*):
2461         (TestAPI::failed const):
2462         (TestAPI::check):
2463         (TestAPI::basicSymbol):
2464         (TestAPI::symbolsTypeof):
2465         (TestAPI::symbolsGetPropertyForKey):
2466         (TestAPI::symbolsSetPropertyForKey):
2467         (TestAPI::symbolsHasPropertyForKey):
2468         (TestAPI::symbolsDeletePropertyForKey):
2469         (TestAPI::promiseResolveTrue):
2470         (TestAPI::promiseRejectTrue):
2471         (testCAPIViaCpp):
2472         (TestAPI::run): Deleted.
2473         * API/tests/testapi.mm:
2474         (testObjectiveCAPIMain):
2475         (promiseWithExecutor):
2476         (promiseRejectOnJSException):
2477         (promiseCreateResolved):
2478         (promiseCreateRejected):
2479         (parallelPromiseResolveTest):
2480         (testObjectiveCAPI):
2481         * JavaScriptCore.xcodeproj/project.pbxproj:
2482         * runtime/JSInternalPromiseDeferred.cpp:
2483         (JSC::JSInternalPromiseDeferred::create):
2484         * runtime/JSPromise.h:
2485         * runtime/JSPromiseConstructor.cpp:
2486         (JSC::constructPromise):
2487         * runtime/JSPromiseDeferred.cpp:
2488         (JSC::JSPromiseDeferred::createDeferredData):
2489         (JSC::JSPromiseDeferred::create):
2490         (JSC::JSPromiseDeferred::finishCreation):
2491         (JSC::newPromiseCapability): Deleted.
2492         * runtime/JSPromiseDeferred.h:
2493         (JSC::JSPromiseDeferred::promise const):
2494         (JSC::JSPromiseDeferred::resolve const):
2495         (JSC::JSPromiseDeferred::reject const):
2496
2497 2018-09-21  Truitt Savell  <tsavell@apple.com>
2498
2499         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
2500         https://bugs.webkit.org/show_bug.cgi?id=156674
2501
2502         Unreviewed Test Gardening
2503
2504         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2505         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2506
2507 2018-09-21  Mike Gorse  <mgorse@suse.com>
2508
2509         Build tools should work when the /usr/bin/python is python3
2510         https://bugs.webkit.org/show_bug.cgi?id=156674
2511
2512         Reviewed by Michael Catanzaro.
2513
2514         * Scripts/cssmin.py:
2515         * Scripts/generate-js-builtins.py:
2516         (do_open):
2517         (generate_bindings_for_builtins_files):
2518         * Scripts/generateIntlCanonicalizeLanguage.py:
2519         * Scripts/jsmin.py:
2520         (JavascriptMinify.minify.write):
2521         (JavascriptMinify):
2522         (JavascriptMinify.minify):
2523         * Scripts/make-js-file-arrays.py:
2524         (chunk):
2525         (main):
2526         * Scripts/wkbuiltins/__init__.py:
2527         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
2528         (generate_section_for_global_private_code_name_macro):
2529         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
2530         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
2531         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
2532         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
2533         * Scripts/wkbuiltins/builtins_model.py:
2534         (BuiltinFunction.__lt__):
2535         (BuiltinsCollection.copyrights):
2536         (BuiltinsCollection._parse_functions):
2537         * disassembler/udis86/ud_opcode.py:
2538         (UdOpcodeTables.pprint.printWalk):
2539         * generate-bytecode-files:
2540         * inspector/scripts/codegen/__init__.py:
2541         * inspector/scripts/codegen/cpp_generator.py:
2542         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2543         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
2544         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2545         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2546         (CppBackendDispatcherHeaderGenerator.generate_output):
2547         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2548         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2549         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2550         (CppBackendDispatcherImplementationGenerator.generate_output):
2551         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2552         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2553         (CppFrontendDispatcherHeaderGenerator.generate_output):
2554         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2555         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2556         (CppFrontendDispatcherImplementationGenerator.generate_output):
2557         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2558         (CppProtocolTypesHeaderGenerator.generate_output):
2559         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2560         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2561         (CppProtocolTypesImplementationGenerator.generate_output):
2562         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2563         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
2564         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2565         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2566         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
2567         * inspector/scripts/codegen/generate_js_backend_commands.py:
2568         (JSBackendCommandsGenerator.should_generate_domain):
2569         (JSBackendCommandsGenerator.domains_to_generate):
2570         (JSBackendCommandsGenerator.generate_output):
2571         (JSBackendCommandsGenerator.generate_domain):
2572         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2573         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2574         (ObjCBackendDispatcherHeaderGenerator.generate_output):
2575         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2576         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2577         (ObjCBackendDispatcherImplementationGenerator.generate_output):
2578         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
2579         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2580         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2581         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2582         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2583         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
2584         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2585         * inspector/scripts/codegen/generate_objc_header.py:
2586         (ObjCHeaderGenerator.generate_output):
2587         (ObjCHeaderGenerator._generate_type_interface):
2588         * inspector/scripts/codegen/generate_objc_internal_header.py:
2589         (ObjCInternalHeaderGenerator.generate_output):
2590         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2591         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2592         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
2593         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2594         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2595         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2596         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2597         (ObjCProtocolTypesImplementationGenerator.generate_output):
2598         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
2599         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2600         * inspector/scripts/codegen/generator.py:
2601         (Generator.non_supplemental_domains):
2602         (Generator.open_fields):
2603         (Generator.calculate_types_requiring_shape_assertions):
2604         (Generator._traverse_and_assign_enum_values):
2605         (Generator.stylized_name_for_enum_value):
2606         * inspector/scripts/codegen/models.py:
2607         (find_duplicates):
2608         * inspector/scripts/codegen/objc_generator.py:
2609         * wasm/generateWasm.py:
2610         (opcodeIterator):
2611         * yarr/generateYarrCanonicalizeUnicode:
2612         * yarr/generateYarrUnicodePropertyTables.py:
2613         * yarr/hasher.py:
2614         (stringHash):
2615
2616 2018-09-21  Tomas Popela  <tpopela@redhat.com>
2617
2618         [ARM] Build broken on armv7hl after r235517
2619         https://bugs.webkit.org/show_bug.cgi?id=189831
2620
2621         Reviewed by Yusuke Suzuki.
2622
2623         Add missing implementation of patchebleBranch8() for traditional ARM.
2624
2625         * assembler/MacroAssemblerARM.h:
2626         (JSC::MacroAssemblerARM::patchableBranch8):
2627
2628 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2629
2630         Unreviewed, rolling out r236293.
2631
2632         Internal build still broken.
2633
2634         Reverted changeset:
2635
2636         "Add functions to measure memory footprint to JSC"
2637         https://bugs.webkit.org/show_bug.cgi?id=189768
2638         https://trac.webkit.org/changeset/236293
2639
2640 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2641
2642         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
2643         https://bugs.webkit.org/show_bug.cgi?id=189558
2644
2645         Reviewed by Mark Lam.
2646
2647         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
2648
2649             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
2650
2651         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
2652         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
2653
2654         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
2655         And we propagate this value to the global atomic counter when rebalance happens.
2656
2657         We also reduce HeapCell::heap() access by using `vm.heap`.
2658
2659         * heap/SlotVisitor.cpp:
2660         (JSC::SlotVisitor::didStartMarking):
2661         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
2662         (JSC::SlotVisitor::drain):
2663         (JSC::SlotVisitor::performIncrementOfDraining):
2664         * heap/SlotVisitor.h:
2665         * heap/SlotVisitorInlines.h:
2666         (JSC::SlotVisitor::reportExtraMemoryVisited):
2667         * runtime/JSString.cpp:
2668         (JSC::JSRopeString::resolveRopeToAtomicString const):
2669         (JSC::JSRopeString::resolveRope const):
2670         * runtime/JSString.h:
2671         (JSC::JSString::finishCreation):
2672         * wasm/js/JSWebAssemblyInstance.cpp:
2673         (JSC::JSWebAssemblyInstance::finishCreation):
2674         * wasm/js/JSWebAssemblyMemory.cpp:
2675         (JSC::JSWebAssemblyMemory::finishCreation):
2676
2677 2018-09-20  Michael Saboff  <msaboff@apple.com>
2678
2679         Add functions to measure memory footprint to JSC
2680         https://bugs.webkit.org/show_bug.cgi?id=189768
2681
2682         Reviewed by Saam Barati.
2683
2684         Rolling this back in.
2685
2686         Provide system memory metrics for the current process to aid in memory reduction measurement and
2687         tuning using native JS tests.
2688
2689         * jsc.cpp:
2690         (MemoryFootprint::now):
2691         (MemoryFootprint::resetPeak):
2692         (GlobalObject::finishCreation):
2693         (JSCMemoryFootprint::JSCMemoryFootprint):
2694         (JSCMemoryFootprint::createStructure):
2695         (JSCMemoryFootprint::create):
2696         (JSCMemoryFootprint::finishCreation):
2697         (JSCMemoryFootprint::addProperty):
2698         (functionResetMemoryPeak):
2699
2700 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2701
2702         Unreviewed, rolling out r236235.
2703
2704         Breaks internal builds.
2705
2706         Reverted changeset:
2707
2708         "Add functions to measure memory footprint to JSC"
2709         https://bugs.webkit.org/show_bug.cgi?id=189768
2710         https://trac.webkit.org/changeset/236235
2711
2712 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
2713
2714         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
2715         https://bugs.webkit.org/show_bug.cgi?id=189730
2716
2717         Reviewed by Saam Barati.
2718
2719         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
2720
2721         * jit/JITMathIC.h:
2722         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
2723
2724 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2725
2726         [JSC] Optimize Array#indexOf in C++ runtime
2727         https://bugs.webkit.org/show_bug.cgi?id=189507
2728
2729         Reviewed by Saam Barati.
2730
2731         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
2732         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
2733         and actually it is working well, C++ Array#indexOf is called significant amount
2734         of time before tiering up, and it takes 6.74% of jsc main thread samples according
2735         to perf command in Linux. This is because C++ Array#indexOf is too generic and
2736         misses the chance to optimize JSArray cases.
2737
2738         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
2739         access to the given JSArray is non-observable and indexing type is good for the fast
2740         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
2741         babylon web-tooling-benchmark.
2742
2743         * runtime/ArrayPrototype.cpp:
2744         (JSC::arrayProtoFuncIndexOf):
2745         * runtime/JSArray.h:
2746         * runtime/JSArrayInlines.h:
2747         (JSC::JSArray::canDoFastIndexedAccess):
2748         (JSC::toLength):
2749         * runtime/JSCJSValueInlines.h:
2750         (JSC::JSValue::JSValue):
2751         * runtime/JSGlobalObject.h:
2752         * runtime/JSGlobalObjectInlines.h:
2753         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
2754         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
2755         * runtime/MathCommon.h:
2756         (JSC::canBeStrictInt32):
2757         (JSC::canBeInt32):
2758
2759 2018-09-19  Michael Saboff  <msaboff@apple.com>
2760
2761         Add functions to measure memory footprint to JSC
2762         https://bugs.webkit.org/show_bug.cgi?id=189768
2763
2764         Reviewed by Saam Barati.
2765
2766         Provide system memory metrics for the current process to aid in memory reduction measurement and
2767         tuning using native JS tests.
2768
2769         * jsc.cpp:
2770         (MemoryFootprint::now):
2771         (MemoryFootprint::resetPeak):
2772         (GlobalObject::finishCreation):
2773         (JSCMemoryFootprint::JSCMemoryFootprint):
2774         (JSCMemoryFootprint::createStructure):
2775         (JSCMemoryFootprint::create):
2776         (JSCMemoryFootprint::finishCreation):
2777         (JSCMemoryFootprint::addProperty):
2778         (functionResetMemoryPeak):
2779
2780 2018-09-19  Saam barati  <sbarati@apple.com>
2781
2782         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
2783         https://bugs.webkit.org/show_bug.cgi?id=189703
2784
2785         Reviewed by Mark Lam.
2786
2787         This fixes a crash that a TypeProfiler change revealed.
2788
2789         * dfg/DFGSpeculativeJIT64.cpp:
2790         (JSC::DFG::SpeculativeJIT::compile):
2791
2792 2018-09-19  Saam barati  <sbarati@apple.com>
2793
2794         AI rule for MultiPutByOffset executes its effects in the wrong order
2795         https://bugs.webkit.org/show_bug.cgi?id=189757
2796         <rdar://problem/43535257>
2797
2798         Reviewed by Michael Saboff.
2799
2800         The AI rule for MultiPutByOffset was executing effects in the wrong order.
2801         It first executed the transition effects and the effects on the base, and
2802         then executed the filtering effects on the value being stored. However, you
2803         can end up with the wrong type when the base and the value being stored
2804         are the same. E.g, in a program like `o.f = o`. These effects need to happen
2805         in the opposite order, modeling what happens in the runtime executing of
2806         MultiPutByOffset.
2807
2808         * dfg/DFGAbstractInterpreterInlines.h:
2809         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2810
2811 2018-09-18  Mark Lam  <mark.lam@apple.com>
2812
2813         Ensure that ForInContexts are invalidated if their loop local is over-written.
2814         https://bugs.webkit.org/show_bug.cgi?id=189571
2815         <rdar://problem/44402277>
2816
2817         Reviewed by Saam Barati.
2818
2819         Instead of hunting down every place in the BytecodeGenerator that potentially
2820         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
2821         the bytecode range of the loop body when the ForInContext is popped, and
2822         invalidate the context if we ever find the loop temp variable over-written.
2823
2824         This has 2 benefits:
2825         1. It ensures that every type of opcode that can write to the loop temp will be
2826            handled appropriately, not just the op_mov that we've hunted down.
2827         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
2828            every time we emit an op_mov (or other opcodes that can write to a local)
2829            even when we're not inside a for-in loop.
2830
2831         JSC benchmarks show that that this change is performance neutral.
2832
2833         * bytecompiler/BytecodeGenerator.cpp:
2834         (JSC::BytecodeGenerator::pushIndexedForInScope):
2835         (JSC::BytecodeGenerator::popIndexedForInScope):
2836         (JSC::BytecodeGenerator::pushStructureForInScope):
2837         (JSC::BytecodeGenerator::popStructureForInScope):
2838         (JSC::ForInContext::finalize):
2839         (JSC::StructureForInContext::finalize):
2840         (JSC::IndexedForInContext::finalize):
2841         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
2842         * bytecompiler/BytecodeGenerator.h:
2843         (JSC::ForInContext::ForInContext):
2844         (JSC::ForInContext::bodyBytecodeStartOffset const):
2845         (JSC::StructureForInContext::StructureForInContext):
2846         (JSC::IndexedForInContext::IndexedForInContext):
2847         * bytecompiler/NodesCodegen.cpp:
2848         (JSC::PostfixNode::emitResolve):
2849         (JSC::PrefixNode::emitResolve):
2850         (JSC::ReadModifyResolveNode::emitBytecode):
2851         (JSC::AssignResolveNode::emitBytecode):
2852         (JSC::EmptyLetExpression::emitBytecode):
2853         (JSC::ForInNode::emitLoopHeader):
2854         (JSC::ForOfNode::emitBytecode):
2855         (JSC::BindingNode::bindValue const):
2856         (JSC::AssignmentElementNode::bindValue const):
2857         * runtime/CommonSlowPaths.cpp:
2858         (JSC::SLOW_PATH_DECL):
2859
2860 2018-09-17  Devin Rousso  <drousso@apple.com>
2861
2862         Web Inspector: generate CSSKeywordCompletions from backend values
2863         https://bugs.webkit.org/show_bug.cgi?id=189041
2864
2865         Reviewed by Joseph Pecoraro.
2866
2867         * inspector/protocol/CSS.json:
2868         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
2869
2870 2018-09-17  Saam barati  <sbarati@apple.com>
2871
2872         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
2873         https://bugs.webkit.org/show_bug.cgi?id=189676
2874         <rdar://problem/39682897>
2875
2876         Reviewed by Michael Saboff.
2877
2878         Because the incoming value may be TDZ, CheckStructure may end up crashing.
2879         Since the Type Profile does not currently record TDZ values in any of its
2880         data structures, this is not a semantic change in how it will show you data.
2881         It just fixes crashes when we emit a CheckStructure and the incoming value
2882         is TDZ.
2883
2884         * dfg/DFGFixupPhase.cpp:
2885         (JSC::DFG::FixupPhase::fixupNode):
2886         * dfg/DFGNode.h:
2887         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
2888
2889 2018-09-17  Darin Adler  <darin@apple.com>
2890
2891         Use OpaqueJSString rather than JSRetainPtr inside WebKit
2892         https://bugs.webkit.org/show_bug.cgi?id=189652
2893
2894         Reviewed by Saam Barati.
2895
2896         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
2897         JSStringRef.h.
2898
2899         * API/JSContext.mm:
2900         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
2901         than JSStringCreateWithCFString, simplifying the code and also obviating the
2902         need for explicit JSStringRelease.
2903         (-[JSContext setName:]): Ditto.
2904
2905         * API/JSStringRef.cpp:
2906         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
2907         It seems that additional optimization is possible, obviating the need to allocate
2908         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
2909
2910         * API/JSValue.mm:
2911         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
2912         OpaqueJSString::create and adoptRef as appropriate.
2913         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
2914         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
2915         (performPropertyOperation): Ditto.
2916         (-[JSValue invokeMethod:withArguments:]): Ditto.
2917         (valueToObjectWithoutCopy): Ditto.
2918         (containerValueToObject): Ditto.
2919         (valueToString): Ditto.
2920         (objectToValueWithoutCopy): Ditto.
2921         (objectToValue): Ditto.
2922
2923 2018-09-08  Darin Adler  <darin@apple.com>
2924
2925         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
2926         https://bugs.webkit.org/show_bug.cgi?id=189455
2927
2928         Reviewed by Keith Miller.
2929
2930         * API/JSObjectRef.cpp:
2931         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
2932         JSRetainPtr<JSStringRef>.
2933         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
2934         adopt constructor.
2935         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
2936         the array elements are now Ref.
2937
2938         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
2939         it only works for two specific unrelated types, JSStringRef and
2940         JSGlobalContextRef. Simplified the default constructor using data
2941         member initialization. Prepared to make the adopt constructor private
2942         (got everything compiling that way, then made it public again so that
2943         Apple internal software will still build). Got rid of unneeded
2944         templated constructor and assignment operator, since it's not relevant
2945         since there is no inheritance between JSRetainPtr template types.
2946         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
2947         Added move constructor and move assignment operator for slightly better
2948         performance. Simplified implementations of various member functions
2949         so they are more obviously correct, by using leakPtr in more of them
2950         and using std::exchange to make the flow of values more obvious.
2951
2952         * API/JSValue.mm:
2953         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
2954         missing JSStringRelease to fix a leak.
2955
2956         * API/tests/CustomGlobalObjectClassTest.c:
2957         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
2958         (globalObjectSetPrototypeTest): Ditto.
2959         (globalObjectPrivatePropertyTest): Ditto.
2960
2961         * API/tests/ExecutionTimeLimitTest.cpp:
2962         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
2963         (testExecutionTimeLimit): Ditto, lots more.
2964
2965         * API/tests/FunctionOverridesTest.cpp:
2966         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
2967
2968         * API/tests/JSObjectGetProxyTargetTest.cpp:
2969         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
2970         a leak.
2971
2972         * API/tests/PingPongStackOverflowTest.cpp:
2973         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
2974         JSStringRelease to fix leaks.
2975
2976         * API/tests/testapi.c:
2977         (throwException): Added. Helper function for repeated idiom where we want
2978         to throw an exception, but with additional JSStringRelease calls so we don't
2979         have to leak just to keep the code simpler to read.
2980         (MyObject_getProperty): Use throwException.
2981         (MyObject_setProperty): Ditto.
2982         (MyObject_deleteProperty): Ditto.
2983         (isValueEqualToString): Added. Helper function for an idiom where we check
2984         if something is a string and then if it's equal to a particular string
2985         constant, but a version that has an additional JSStringRelease call so we
2986         don't have to leak just to keep the code simpler to read.
2987         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
2988         (MyObject_callAsConstructor): Ditto.
2989         (MyObject_hasInstance): Ditto.
2990         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
2991         (testMarkingConstraintsAndHeapFinalizers): Ditto.
2992
2993 2018-09-14  Saam barati  <sbarati@apple.com>
2994
2995         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
2996         https://bugs.webkit.org/show_bug.cgi?id=189628
2997         <rdar://problem/39481690>
2998
2999         Reviewed by Mark Lam.
3000
3001         An Availability may point to a Node. And that Node may be removed from
3002         the graph, e.g, it's freed and its memory is no longer owned by Graph.
3003         This patch makes it so we no longer dump this metadata by default. If
3004         this metadata is interesting to you, you'll need to go in and change
3005         Graph::dump to dump the needed metadata.
3006
3007         * dfg/DFGGraph.cpp:
3008         (JSC::DFG::Graph::dump):
3009
3010 2018-09-14  Mark Lam  <mark.lam@apple.com>
3011
3012         Refactor some ForInContext code for better encapsulation.
3013         https://bugs.webkit.org/show_bug.cgi?id=189626
3014         <rdar://problem/44466415>
3015
3016         Reviewed by Keith Miller.
3017
3018         1. Add a ForInContext::m_type field to store the context type.  This does not
3019            increase the class size, but eliminates the need for a virtual call to get the
3020            type.
3021
3022            Note: we still need a virtual destructor because we'll be mingling
3023            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
3024
3025         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
3026            convenience methods.
3027
3028         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
3029            to do the casting to the subclass types.  This ensures that we'll properly
3030            assert that the casting is legal.
3031
3032         * bytecompiler/BytecodeGenerator.cpp:
3033         (JSC::BytecodeGenerator::emitGetByVal):
3034         (JSC::BytecodeGenerator::popIndexedForInScope):
3035         (JSC::BytecodeGenerator::popStructureForInScope):
3036         * bytecompiler/BytecodeGenerator.h:
3037         (JSC::ForInContext::type const):
3038         (JSC::ForInContext::isIndexedForInContext const):
3039         (JSC::ForInContext::isStructureForInContext const):
3040         (JSC::ForInContext::asIndexedForInContext):
3041         (JSC::ForInContext::asStructureForInContext):
3042         (JSC::ForInContext::ForInContext):
3043         (JSC::StructureForInContext::StructureForInContext):
3044         (JSC::IndexedForInContext::IndexedForInContext):
3045         (JSC::ForInContext::~ForInContext): Deleted.
3046
3047 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
3048
3049         Web Inspector: Record actions performed on ImageBitmapRenderingContext
3050         https://bugs.webkit.org/show_bug.cgi?id=181341
3051
3052         Reviewed by Joseph Pecoraro.
3053
3054         * inspector/protocol/Recording.json:
3055         * inspector/scripts/codegen/generator.py:
3056
3057 2018-09-14  Mike Gorse  <mgorse@suse.com>
3058
3059         builtins directory causes name conflict on Python 3
3060         https://bugs.webkit.org/show_bug.cgi?id=189552
3061
3062         Reviewed by Michael Catanzaro.
3063
3064         * CMakeLists.txt: builtins -> wkbuiltins.
3065         * DerivedSources.make: builtins -> wkbuiltins.
3066         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
3067           builtins.
3068         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
3069         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
3070         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
3071         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
3072         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
3073         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
3074         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
3075         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
3076         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
3077         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
3078         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
3079         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
3080
3081 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3082
3083         [WebAssembly] Inline WasmContext accessor functions
3084         https://bugs.webkit.org/show_bug.cgi?id=189416
3085
3086         Reviewed by Saam Barati.
3087
3088         WasmContext accessor functions are very small while it resides in the critical path of
3089         JS to Wasm function call. This patch makes them inline to improve performance.
3090         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
3091
3092         * JavaScriptCore.xcodeproj/project.pbxproj:
3093         * Sources.txt:
3094         * interpreter/CallFrame.cpp:
3095         * jit/AssemblyHelpers.cpp:
3096         * wasm/WasmB3IRGenerator.cpp:
3097         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
3098         (JSC::Wasm::Context::useFastTLS):
3099         (JSC::Wasm::Context::load const):
3100         (JSC::Wasm::Context::store):
3101         * wasm/WasmMemoryInformation.cpp:
3102         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
3103         * wasm/js/JSToWasm.cpp:
3104         * wasm/js/WebAssemblyFunction.cpp:
3105
3106 2018-09-12  David Kilzer  <ddkilzer@apple.com>
3107
3108         Move JavaScriptCore files to match Xcode project hierarchy
3109         <https://webkit.org/b/189574>
3110
3111         Reviewed by Filip Pizlo.
3112
3113         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
3114         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
3115         * CMakeLists.txt: Update for new path to
3116         generateYarrUnicodePropertyTables.py, hasher.py and
3117         JSAPIValueWrapper.h.
3118         * DerivedSources.make: Ditto. Add missing dependency on
3119         hasher.py captured by CMakeLists.txt.
3120         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
3121         reference paths. Add hasher.py library to project.
3122         * Sources.txt: Update for new path to
3123         JSAPIValueWrapper.cpp.
3124         * runtime/JSImmutableButterfly.h: Add missing includes
3125         after changes to Sources.txt and regenerating unified
3126         sources.
3127         * runtime/RuntimeType.h: Ditto.
3128         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
3129         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
3130
3131 2018-09-12  David Kilzer  <ddkilzer@apple.com>
3132
3133         Let Xcode have its way with the JavaScriptCore project
3134
3135         * JavaScriptCore.xcodeproj/project.pbxproj:
3136
3137 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
3138
3139         Add IGNORE_WARNING_.* macros
3140         https://bugs.webkit.org/show_bug.cgi?id=188996
3141
3142         Reviewed by Michael Catanzaro.
3143
3144         * API/JSCallbackObject.h:
3145         * API/tests/testapi.c:
3146         * assembler/LinkBuffer.h:
3147         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
3148         * b3/B3LowerToAir.cpp:
3149         * b3/B3Opcode.cpp:
3150         * b3/B3Type.h:
3151         * b3/B3TypeMap.h:
3152         * b3/B3Width.h:
3153         * b3/air/AirArg.cpp:
3154         * b3/air/AirArg.h:
3155         * b3/air/AirCode.h:
3156         * bytecode/Opcode.h:
3157         (JSC::padOpcodeName):
3158         * dfg/DFGSpeculativeJIT.cpp:
3159         (JSC::DFG::SpeculativeJIT::speculateNumber):
3160         (JSC::DFG::SpeculativeJIT::speculateMisc):
3161         * dfg/DFGSpeculativeJIT64.cpp:
3162         * ftl/FTLOutput.h:
3163         * jit/CCallHelpers.h:
3164         (JSC::CCallHelpers::calculatePokeOffset):
3165         * llint/LLIntData.cpp:
3166         * llint/LLIntSlowPaths.cpp:
3167         (JSC::LLInt::slowPathLogF):
3168         * runtime/ConfigFile.cpp:
3169         (JSC::ConfigFile::canonicalizePaths):
3170         * runtime/JSDataViewPrototype.cpp:
3171         * runtime/JSGenericTypedArrayViewConstructor.h:
3172         * runtime/JSGenericTypedArrayViewPrototype.h:
3173         * runtime/Options.cpp:
3174         (JSC::Options::setAliasedOption):
3175         * tools/CodeProfiling.cpp:
3176         * wasm/WasmSections.h:
3177         * wasm/generateWasmValidateInlinesHeader.py:
3178
3179 == Rolled over to ChangeLog-2018-09-11 ==