53ad44b40b8bc9096ecfb574a4768997a867a452
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-27  JF Bastien  <jfbastien@apple.com>
2
3         WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
4         https://bugs.webkit.org/show_bug.cgi?id=170160
5
6         Reviewed by Mark Lam.
7
8         * JavaScriptCore.xcodeproj/project.pbxproj:
9         * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
10
11 2017-03-27  JF Bastien  <jfbastien@apple.com>
12
13         WebAssembly: misc memory testing
14         https://bugs.webkit.org/show_bug.cgi?id=170137
15
16         Reviewed by Keith Miller.
17
18         * wasm/js/WebAssemblyInstanceConstructor.cpp:
19         (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
20
21 2017-03-27  Michael Saboff  <msaboff@apple.com>
22
23         Add ARM64 system instructions to disassembler
24         https://bugs.webkit.org/show_bug.cgi?id=170084
25
26         Reviewed by Saam Barati.
27
28         This changes adds support for MRS and MSR instructions, and refactors the DMB
29         disassembly to handle all of the barrier instructions.
30
31         * disassembler/ARM64/A64DOpcode.cpp:
32         (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
33         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
34         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
35         (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
36         * disassembler/ARM64/A64DOpcode.h:
37         (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
38         (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
39         (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
40         (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
41         (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
42         (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
43         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
44         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
45         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
46         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
47         (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
48         (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
49         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
50
51 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
52
53         B3::fixSSA should do liveness pruning
54         https://bugs.webkit.org/show_bug.cgi?id=170111
55
56         Reviewed by Saam Barati.
57         
58         This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
59         create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
60         construction.
61         
62         This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
63         times.
64
65         * CMakeLists.txt:
66         * JavaScriptCore.xcodeproj/project.pbxproj:
67         * b3/B3BasicBlock.h:
68         (JSC::B3::BasicBlock::get):
69         * b3/B3FixSSA.cpp:
70         (JSC::B3::fixSSA):
71         * b3/B3VariableLiveness.cpp: Added.
72         (JSC::B3::VariableLiveness::VariableLiveness):
73         (JSC::B3::VariableLiveness::~VariableLiveness):
74         * b3/B3VariableLiveness.h: Added.
75         (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
76         (JSC::B3::VariableLivenessAdapter::numIndices):
77         (JSC::B3::VariableLivenessAdapter::valueToIndex):
78         (JSC::B3::VariableLivenessAdapter::indexToValue):
79         (JSC::B3::VariableLivenessAdapter::blockSize):
80         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
81         (JSC::B3::VariableLivenessAdapter::forEachLateUse):
82         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
83         (JSC::B3::VariableLivenessAdapter::forEachLateDef):
84         * b3/air/AirCFG.h: Added.
85         (JSC::B3::Air::CFG::CFG):
86         (JSC::B3::Air::CFG::root):
87         (JSC::B3::Air::CFG::newMap):
88         (JSC::B3::Air::CFG::successors):
89         (JSC::B3::Air::CFG::predecessors):
90         (JSC::B3::Air::CFG::index):
91         (JSC::B3::Air::CFG::node):
92         (JSC::B3::Air::CFG::numNodes):
93         (JSC::B3::Air::CFG::dump):
94         * b3/air/AirCode.cpp:
95         (JSC::B3::Air::Code::Code):
96         * b3/air/AirCode.h:
97         (JSC::B3::Air::Code::cfg):
98         * b3/air/AirLiveness.h:
99         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
100         (JSC::B3::Air::LivenessAdapter::blockSize):
101         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
102         (JSC::B3::Air::LivenessAdapter::forEachLateUse):
103         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
104         (JSC::B3::Air::LivenessAdapter::forEachLateDef):
105         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
106         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
107         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
108         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
109         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
110         (JSC::B3::Air::Liveness::Liveness):
111         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
112         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
113         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
114         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
115         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
116         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
117         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
118         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
119         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
120         (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
121         (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
122         (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
123         (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
124         (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
125         (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
126         (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
127         (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
128         (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
129         (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
130         (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
131         (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
132         (JSC::B3::Air::Liveness::Iterable::end): Deleted.
133         (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
134         (JSC::B3::Air::Liveness::liveAtHead): Deleted.
135         (JSC::B3::Air::Liveness::liveAtTail): Deleted.
136         (JSC::B3::Air::Liveness::workset): Deleted.
137
138 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
139
140         Air::Liveness shouldn't need HashSets
141         https://bugs.webkit.org/show_bug.cgi?id=170102
142
143         Reviewed by Yusuke Suzuki.
144         
145         This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
146         easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
147         the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
148         compile time progression on WasmBench.
149         
150         * b3/B3LowerToAir.cpp:
151         (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
152         * b3/air/AirLiveness.h:
153         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
154         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
155         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
156         (JSC::B3::Air::AbstractLiveness::liveAtHead):
157         (JSC::B3::Air::AbstractLiveness::liveAtTail):
158         * b3/air/AirTmp.h:
159         (JSC::B3::Air::Tmp::bank):
160         (JSC::B3::Air::Tmp::tmpIndex):
161         * dfg/DFGStoreBarrierClusteringPhase.cpp:
162
163 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
164
165         Air should use RegisterSet for RegLiveness
166         https://bugs.webkit.org/show_bug.cgi?id=170108
167
168         Reviewed by Yusuke Suzuki.
169         
170         The biggest change here is the introduction of the new RegLiveness class. This is a
171         drop-in replacement for the old RegLiveness, which was a specialization of
172         AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
173         sets everywhere, which is efficient for registers since RegisterSet is just two (on
174         x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
175         compile time progression on WasmBench.
176
177         * CMakeLists.txt:
178         * JavaScriptCore.xcodeproj/project.pbxproj:
179         * b3/B3TimingScope.cpp: Records phase timing totals.
180         (JSC::B3::TimingScope::TimingScope):
181         (JSC::B3::TimingScope::~TimingScope):
182         * b3/B3TimingScope.h:
183         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
184         (JSC::B3::Air::allocateRegistersByGraphColoring):
185         * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
186         (JSC::B3::Air::Liveness::Liveness):
187         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
188         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
189         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
190         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
191         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
192         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
193         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
194         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
195         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
196         (JSC::B3::Air::Liveness::Iterable::Iterable):
197         (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
198         (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
199         (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
200         (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
201         (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
202         (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
203         (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
204         (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
205         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
206         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
207         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
208         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
209         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
210         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
211         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
212         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
213         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
214         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
215         (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
216         (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
217         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
218         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
219         (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
220         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
221         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
222         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
223         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
224         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
225         (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
226         (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
227         (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
228         (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
229         (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
230         (JSC::B3::Air::AbstractLiveness::workset): Deleted.
231         * b3/air/AirLogRegisterPressure.cpp:
232         * b3/air/AirLowerAfterRegAlloc.cpp:
233         * b3/air/AirRegLiveness.cpp: Added.
234         (JSC::B3::Air::RegLiveness::RegLiveness):
235         (JSC::B3::Air::RegLiveness::~RegLiveness):
236         (JSC::B3::Air::RegLiveness::LocalCalc::execute):
237         * b3/air/AirRegLiveness.h: Added.
238         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
239         (JSC::B3::Air::RegLiveness::LocalCalc::live):
240         (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
241         (JSC::B3::Air::RegLiveness::liveAtHead):
242         (JSC::B3::Air::RegLiveness::liveAtTail):
243         * b3/air/AirReportUsedRegisters.cpp:
244         * jit/RegisterSet.h:
245         (JSC::RegisterSet::add):
246         (JSC::RegisterSet::remove):
247         (JSC::RegisterSet::contains):
248         (JSC::RegisterSet::subsumes):
249         (JSC::RegisterSet::iterator::iterator):
250         (JSC::RegisterSet::iterator::operator*):
251         (JSC::RegisterSet::iterator::operator++):
252         (JSC::RegisterSet::iterator::operator==):
253         (JSC::RegisterSet::iterator::operator!=):
254         (JSC::RegisterSet::begin):
255         (JSC::RegisterSet::end):
256
257 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
258
259         Fix wasm by returning after we do TLS.
260
261         Rubber stamped by Keith Miller.
262
263         * jit/AssemblyHelpers.h:
264         (JSC::AssemblyHelpers::storeWasmContext):
265
266 2017-03-24  Mark Lam  <mark.lam@apple.com>
267
268         Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
269         https://bugs.webkit.org/show_bug.cgi?id=170086
270         <rdar://problem/31253673>
271
272         Reviewed by Saam Barati.
273
274         Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
275         just before we RELEASE_ASSERT_NOT_REACHED.
276
277         * heap/Heap.cpp:
278         (JSC::Heap::resumeThePeriphery):
279
280 2017-03-24  JF Bastien  <jfbastien@apple.com>
281
282         WebAssembly: store state in TLS instead of on VM
283         https://bugs.webkit.org/show_bug.cgi?id=169611
284
285         Reviewed by Filip Pizlo.
286
287         Using thread-local storage instead of VM makes code more position
288         independent. We used to store the WebAssembly top Instance (the
289         latest one in the call stack) on VM, now we instead store it in
290         TLS. This top Instance is used to access a bunch of state such as
291         Memory location, size, table (for call_indirect), etc.
292
293         Instead of calling it "top", which is confusing, we now just call
294         it WasmContext.
295
296         Making the code PIC means future patches will be able to
297         postMessage and structured clone into IDB without having to
298         recompile the code. This wasn't possible before because we
299         hard-coded the address of VM at compilation time. That doesn't
300         work between workers, and doesn't work across reloads (which IDB
301         is intended to do).
302
303         It'll also potentially make code faster once we start tuning
304         what's in TLS, what's in which of the 4 free slots, and what's in
305         pinned registers. I'm leaving this tuning for later because
306         there's lower lying fruit for us to pick.
307
308         * CMakeLists.txt:
309         * JavaScriptCore.xcodeproj/project.pbxproj:
310         * assembler/AbstractMacroAssembler.h:
311         * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
312         (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
313         (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
314         * assembler/MacroAssembler.h:
315         (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
316         the code required to store to TLS, only to load
317         * assembler/MacroAssemblerARM64.h:
318         (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
319         (JSC::MacroAssemblerARM64::storeToTLS32):
320         (JSC::MacroAssemblerARM64::storeToTLS64):
321         (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
322         * assembler/MacroAssemblerX86Common.h:
323         (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
324         (JSC::MacroAssemblerX86Common::storeToTLS32):
325         (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
326         * assembler/MacroAssemblerX86_64.h:
327         (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
328         (JSC::MacroAssemblerX86_64::storeToTLS64):
329         * assembler/X86Assembler.h:
330         (JSC::X86Assembler::movl_rm):
331         (JSC::X86Assembler::movq_rm):
332         * b3/testb3.cpp:
333         (JSC::B3::testFastTLSLoad):
334         (JSC::B3::testFastTLSStore):
335         (JSC::B3::run):
336         * jit/AssemblyHelpers.h:
337         (JSC::AssemblyHelpers::loadWasmContext):
338         (JSC::AssemblyHelpers::storeWasmContext):
339         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
340         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
341         * jit/Repatch.cpp:
342         (JSC::webAssemblyOwner):
343         * jit/ThunkGenerators.cpp:
344         (JSC::throwExceptionFromWasmThunkGenerator):
345         * runtime/Options.h:
346         * runtime/VM.cpp:
347         (JSC::VM::VM):
348         * runtime/VM.h:
349         * wasm/WasmB3IRGenerator.cpp:
350         (JSC::Wasm::loadWasmContext):
351         (JSC::Wasm::storeWasmContext):
352         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
353         (JSC::Wasm::getMemoryBaseAndSize):
354         (JSC::Wasm::restoreWebAssemblyGlobalState):
355         (JSC::Wasm::createJSToWasmWrapper):
356         (JSC::Wasm::parseAndCompile):
357         * wasm/WasmBinding.cpp:
358         (JSC::Wasm::materializeImportJSCell):
359         (JSC::Wasm::wasmToJs):
360         (JSC::Wasm::wasmToWasm):
361         * wasm/WasmContext.cpp: Added.
362         (JSC::loadWasmContext):
363         (JSC::storeWasmContext):
364         * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
365         * wasm/js/WebAssemblyFunction.cpp:
366         (JSC::callWebAssemblyFunction):
367         * wasm/js/WebAssemblyInstanceConstructor.h:
368
369 2017-03-24  JF Bastien  <jfbastien@apple.com>
370
371         WebAssembly: spec-tests/memory.wast.js fails in debug
372         https://bugs.webkit.org/show_bug.cgi?id=169794
373
374         Reviewed by Keith Miller.
375
376         The failure was due to empty memories (with maximum size 0). Those
377         only occur in tests and in code that's trying to trip us. This
378         patch adds memory mode "none" which represents no memory. It can
379         work with either bounds checked or signaling code because it never
380         contains loads and stores.
381
382         The spec tests which were failing did the following:
383             > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
384             > (assert_return (invoke "memsize") (i32.const 0))
385             > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
386             > (assert_return (invoke "memsize") (i32.const 0))
387             > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
388             > (assert_return (invoke "memsize") (i32.const 1))
389
390         * wasm/WasmB3IRGenerator.cpp:
391         (JSC::Wasm::B3IRGenerator::memoryKind):
392         * wasm/WasmMemory.cpp:
393         (JSC::Wasm::tryGetFastMemory):
394         (JSC::Wasm::releaseFastMemory):
395         (JSC::Wasm::Memory::Memory):
396         (JSC::Wasm::Memory::createImpl):
397         (JSC::Wasm::Memory::create):
398         (JSC::Wasm::Memory::grow):
399         (JSC::Wasm::Memory::makeString):
400         * wasm/WasmMemory.h:
401         * wasm/WasmMemoryInformation.cpp:
402         (JSC::Wasm::MemoryInformation::MemoryInformation):
403         * wasm/js/JSWebAssemblyCodeBlock.cpp:
404         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
405         * wasm/js/JSWebAssemblyModule.cpp:
406         (JSC::JSWebAssemblyModule::codeBlock):
407         (JSC::JSWebAssemblyModule::finishCreation):
408         * wasm/js/JSWebAssemblyModule.h:
409         (JSC::JSWebAssemblyModule::codeBlock):
410         (JSC::JSWebAssemblyModule::codeBlockFor):
411
412 2017-03-24  Mark Lam  <mark.lam@apple.com>
413
414         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
415         https://bugs.webkit.org/show_bug.cgi?id=170064
416         <rdar://problem/31246098>
417
418         Reviewed by Geoffrey Garen.
419
420         * runtime/ArrayPrototype.cpp:
421         (JSC::arrayProtoPrivateFuncConcatMemcpy):
422         * runtime/JSArray.cpp:
423         (JSC::JSArray::fastSlice):
424
425 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
426
427         [JSC] Use jsNontrivialString agressively for ToString(Int52)
428         https://bugs.webkit.org/show_bug.cgi?id=170002
429
430         Reviewed by Sam Weinig.
431
432         We use the same logic used for Int32 to use jsNontvirialString.
433         After single character check, produced string is always longer than 1.
434         Thus, we can use jsNontrivialString.
435
436         * runtime/NumberPrototype.cpp:
437         (JSC::int52ToString):
438
439 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
440
441         [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
442         https://bugs.webkit.org/show_bug.cgi?id=170045
443
444         Reviewed by Mark Lam.
445
446         It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
447         interval fluctuation. Use WeakRandom instead.
448
449         * runtime/SamplingProfiler.cpp:
450         (JSC::SamplingProfiler::SamplingProfiler):
451         (JSC::SamplingProfiler::timerLoop):
452         * runtime/SamplingProfiler.h:
453
454 2017-03-23  Mark Lam  <mark.lam@apple.com>
455
456         Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
457         https://bugs.webkit.org/show_bug.cgi?id=170025
458         <rdar://problem/31228679>
459
460         Reviewed by Saam Barati.
461
462         * runtime/ArrayPrototype.cpp:
463         (JSC::copySplicedArrayElements):
464         (JSC::arrayProtoFuncSplice):
465
466 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
467
468         [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
469         https://bugs.webkit.org/show_bug.cgi?id=169998
470
471         Reviewed by Saam Barati.
472
473         Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
474         We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
475         We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
476
477         This patch tighten the conditions of addShouldSpeculateAnyInt.
478
479         1. Honor DoubleConstant.
480
481         When executing imaging-darkroom, we have a thing like that,
482
483             132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
484             1320:< 1:loc38>        Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
485             1321:< 1:loc39>        Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
486             133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
487
488         The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
489         of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
490         While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
491         severe performance regression.
492
493         Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
494
495         One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
496         We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
497         the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
498         it in Int52.
499
500         So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
501         Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
502
503         2. Two Int52Rep(Double) conversions are not desirable.
504
505         We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
506         decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
507         rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
508         cheap since only one Double to Int52 conversion could be required.
509         This recovers some regression in assorted tests while keeping kraken crypto improvements.
510
511         3. Avoid frequent Int52 to JSValue conversions.
512
513         Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
514         Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
515         converting Int52, performing ArithAdd, and soon converting back to JSValue.
516
517         The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
518         And still it keeps kraken crypto improvements.
519
520                                                    baseline                  patched
521
522         imaging-darkroom                       201.112+-3.192      ^     189.532+-2.883         ^ definitely 1.0611x faster
523         stanford-crypto-pbkdf2                 103.953+-2.325            100.926+-2.396           might be 1.0300x faster
524         stanford-crypto-sha256-iterative        35.103+-1.071      ?      36.049+-1.143         ? might be 1.0270x slower
525
526         * dfg/DFGGraph.h:
527         (JSC::DFG::Graph::addShouldSpeculateAnyInt):
528
529 == Rolled over to ChangeLog-2017-03-23 ==