Reserve capacity for StringBuilder in unescape
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-01-14  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         Reserve capacity for StringBuilder in unescape
4         https://bugs.webkit.org/show_bug.cgi?id=167008
5
6         Reviewed by Sam Weinig.
7
8         `unescape` function is frequently called in Kraken sha256-iterative.
9         This patch just reserves the capacity for the StringBuilder.
10
11         Currently, we select the length of the string for the reserved capacity.
12         It improves the performance 2.73%.
13
14             Benchmark report for Kraken on sakura-trick.
15
16             VMs tested:
17             "baseline" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/untot/Release/bin/jsc
18             "patched" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/un/Release/bin/jsc
19
20             Collected 100 samples per benchmark/VM, with 100 VM invocations per benchmark. Emitted a call to gc() between
21             sample measurements. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime()
22             function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in
23             milliseconds.
24
25                                                        baseline                  patched
26
27             stanford-crypto-sha256-iterative        51.609+-0.672             50.237+-0.860           might be 1.0273x faster
28
29             <arithmetic>                            51.609+-0.672             50.237+-0.860           might be 1.0273x faster
30
31         * runtime/JSGlobalObjectFunctions.cpp:
32         (JSC::globalFuncUnescape):
33
34 2017-01-13  Joseph Pecoraro  <pecoraro@apple.com>
35
36         Remove ENABLE(DETAILS_ELEMENT) guards
37         https://bugs.webkit.org/show_bug.cgi?id=167042
38
39         Reviewed by Alex Christensen.
40
41         * Configurations/FeatureDefines.xcconfig:
42
43 2017-01-11  Darin Adler  <darin@apple.com>
44
45         Remove PassRefPtr from more of "platform"
46         https://bugs.webkit.org/show_bug.cgi?id=166809
47
48         Reviewed by Sam Weinig.
49
50         * inspector/JSInjectedScriptHost.h:
51         (Inspector::JSInjectedScriptHost::impl): Simplified code since we don't need a
52         const_cast here any more.
53         * runtime/PrivateName.h:
54         (JSC::PrivateName::uid): Ditto.
55
56 2017-01-13  Ryan Haddad  <ryanhaddad@apple.com>
57
58         Unreviewed, rolling out r210735.
59
60         This change introduced LayoutTest and JSC test flakiness.
61
62         Reverted changeset:
63
64         "Reserve capacity for StringBuilder in unescape"
65         https://bugs.webkit.org/show_bug.cgi?id=167008
66         http://trac.webkit.org/changeset/210735
67
68 2017-01-13  Saam Barati  <sbarati@apple.com>
69
70         Initialize the ArraySpecies watchpoint as Clear and transition to IsWatched once slice is called for the first time
71         https://bugs.webkit.org/show_bug.cgi?id=167017
72         <rdar://problem/30019309>
73
74         Reviewed by Keith Miller and Filip Pizlo.
75
76         This patch is to reverse the JSBench regression from r210695.
77         
78         The new state diagram for the array species watchpoint is as
79         follows:
80         
81         1. On GlobalObject construction, it starts life out as ClearWatchpoint.
82         2. When slice is called for the first time, we observe the state
83         of the world, and either transition it to IsWatched if we were able
84         to set up the object property conditions, or to IsInvalidated if we
85         were not.
86         3. The DFG compiler will now only lower slice as an intrinsic if
87         it observed the speciesWatchpoint.state() as IsWatched.
88         4. The IsWatched => IsInvalidated transition happens only when
89         one of the object property condition watchpoints fire.
90
91         * dfg/DFGByteCodeParser.cpp:
92         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
93         * runtime/ArrayPrototype.cpp:
94         (JSC::speciesWatchpointIsValid):
95         (JSC::speciesConstructArray):
96         (JSC::arrayProtoPrivateFuncConcatMemcpy):
97         (JSC::ArrayPrototype::tryInitializeSpeciesWatchpoint):
98         (JSC::ArrayPrototype::initializeSpeciesWatchpoint): Deleted.
99         * runtime/ArrayPrototype.h:
100         * runtime/JSGlobalObject.cpp:
101         (JSC::JSGlobalObject::JSGlobalObject):
102         (JSC::JSGlobalObject::init):
103
104 2017-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
105
106         Reserve capacity for StringBuilder in unescape
107         https://bugs.webkit.org/show_bug.cgi?id=167008
108
109         Reviewed by Sam Weinig.
110
111         `unescape` function is frequently called in Kraken sha256-iterative.
112         This patch just reserves the capacity for the StringBuilder.
113
114         Currently, we select the length of the string for the reserved capacity.
115         It improves the performance 2.73%.
116
117             Benchmark report for Kraken on sakura-trick.
118
119             VMs tested:
120             "baseline" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/untot/Release/bin/jsc
121             "patched" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/un/Release/bin/jsc
122
123             Collected 100 samples per benchmark/VM, with 100 VM invocations per benchmark. Emitted a call to gc() between
124             sample measurements. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime()
125             function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in
126             milliseconds.
127
128                                                        baseline                  patched
129
130             stanford-crypto-sha256-iterative        51.609+-0.672             50.237+-0.860           might be 1.0273x faster
131
132             <arithmetic>                            51.609+-0.672             50.237+-0.860           might be 1.0273x faster
133
134         * runtime/JSGlobalObjectFunctions.cpp:
135         (JSC::globalFuncUnescape):
136
137 2017-01-12  Saam Barati  <sbarati@apple.com>
138
139         Add a slice intrinsic to the DFG/FTL
140         https://bugs.webkit.org/show_bug.cgi?id=166707
141         <rdar://problem/29913445>
142
143         Reviewed by Filip Pizlo.
144
145         The gist of this patch is to inline Array.prototype.slice
146         into the DFG/FTL. The implementation in the DFG-backend
147         and FTLLowerDFGToB3 is just a straight forward implementation
148         of what the C function is doing. The more interesting bits
149         of this patch are setting up the proper watchpoints and conditions
150         in the executing code to prove that its safe to skip all of the
151         observable JS actions that Array.prototype.slice normally does.
152         
153         We perform the following proofs:
154         1. Array.prototype.constructor has not changed (via a watchpoint).
155         2. That Array.prototype.constructor[Symbol.species] has not changed (via a watchpoint).
156         3. The global object is not having a bad time.
157         4. The array that is being sliced has an original array structure.
158         5. Array.prototype/Object.prototype have not transitioned.
159         
160         Conditions 1, 2, and 3 are strictly required.
161         
162         4 is ensuring a couple things:
163         1. That a "constructor" property hasn't been added to the array
164         we're slicing since we're supposed to perform a Get(array, "constructor").
165         2. That we're not slicing an instance of a subclass of Array.
166         
167         We could relax 4.1 in the future if we find other ways to test if
168         the incoming array hasn't changed the "constructor" property. We
169         would probably use TryGetById to do this.
170         
171         I'm seeing a 5% speedup on crypto-pbkdf2 and often a 1% speedup on
172         the total benchmark (the results are sometimes noisy).
173
174         * dfg/DFGAbstractInterpreterInlines.h:
175         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
176         * dfg/DFGByteCodeParser.cpp:
177         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
178         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
179         (JSC::DFG::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator):
180         * dfg/DFGClobberize.h:
181         (JSC::DFG::clobberize):
182         * dfg/DFGDoesGC.cpp:
183         (JSC::DFG::doesGC):
184         * dfg/DFGFixupPhase.cpp:
185         (JSC::DFG::FixupPhase::fixupNode):
186         * dfg/DFGNodeType.h:
187         * dfg/DFGPredictionPropagationPhase.cpp:
188         * dfg/DFGSafeToExecute.h:
189         (JSC::DFG::safeToExecute):
190         * dfg/DFGSpeculativeJIT.cpp:
191         (JSC::DFG::SpeculativeJIT::compileArraySlice):
192         (JSC::DFG::SpeculativeJIT::emitAllocateButterfly):
193         * dfg/DFGSpeculativeJIT.h:
194         * dfg/DFGSpeculativeJIT32_64.cpp:
195         (JSC::DFG::SpeculativeJIT::compile):
196         (JSC::DFG::SpeculativeJIT::emitInitializeButterfly):
197         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
198         * dfg/DFGSpeculativeJIT64.cpp:
199         (JSC::DFG::SpeculativeJIT::compile):
200         (JSC::DFG::SpeculativeJIT::emitInitializeButterfly):
201         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
202         * ftl/FTLAbstractHeapRepository.h:
203         * ftl/FTLCapabilities.cpp:
204         (JSC::FTL::canCompile):
205         * ftl/FTLLowerDFGToB3.cpp:
206         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
207         (JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
208         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
209         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
210         (JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
211         (JSC::FTL::DFG::LowerDFGToB3::storeStructure):
212         (JSC::FTL::DFG::LowerDFGToB3::allocateCell):
213         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
214         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
215         (JSC::FTL::DFG::LowerDFGToB3::allocateUninitializedContiguousJSArray):
216         * jit/AssemblyHelpers.cpp:
217         (JSC::AssemblyHelpers::emitLoadStructure):
218         * runtime/ArrayPrototype.cpp:
219         (JSC::ArrayPrototype::finishCreation):
220         (JSC::speciesWatchpointIsValid):
221         (JSC::speciesConstructArray):
222         (JSC::arrayProtoFuncSlice):
223         (JSC::arrayProtoPrivateFuncConcatMemcpy):
224         (JSC::ArrayPrototype::initializeSpeciesWatchpoint):
225         (JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire):
226         (JSC::speciesWatchpointsValid): Deleted.
227         (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint): Deleted.
228         * runtime/ArrayPrototype.h:
229         (JSC::ArrayPrototype::speciesWatchpointStatus): Deleted.
230         (): Deleted.
231         * runtime/Intrinsic.h:
232         * runtime/JSGlobalObject.cpp:
233         (JSC::JSGlobalObject::JSGlobalObject):
234         (JSC::JSGlobalObject::init):
235         * runtime/JSGlobalObject.h:
236         (JSC::JSGlobalObject::arraySpeciesWatchpoint):
237         * runtime/Structure.h:
238
239 2017-01-12  Saam Barati  <sbarati@apple.com>
240
241         Concurrent GC has a bug where we would detect a race but fail to rescan the object
242         https://bugs.webkit.org/show_bug.cgi?id=166960
243         <rdar://problem/29983526>
244
245         Reviewed by Filip Pizlo and Mark Lam.
246
247         We have code like this in JSC:
248         
249         ```
250         Butterfly* butterfly = allocateMoreOutOfLineStorage(vm, oldOutOfLineCapacity, newOutOfLineCapacity);
251         nukeStructureAndSetButterfly(vm, structureID, butterfly);
252         structure->setLastOffset(newLastOffset);
253         WTF::storeStoreFence();
254         setStructureIDDirectly(structureID);
255         ```
256         
257         Note that the collector could detect a race here, which sometimes
258         incorrectly caused us to not visit the object again.
259         
260         Mutator Thread: M, Collector Thread: C, assuming sequential consistency via
261         proper barriers:
262         
263         M: allocate new butterfly
264         M: Set nuked structure ID
265         M: Set butterfly (this does a barrier)
266         C: Start scanning O
267         C: load structure ID
268         C: See it's nuked and bail, (we used to rely on a write barrier to rescan).
269         
270         We sometimes never rescanned here because we were calling
271         setStructureIDDirectly which doesn't do a write barrier.
272         (Note, the places that do this but call setStructure were
273         OK because setStructure will perform a write barrier.)
274         
275         (This same issue also existed in places where the collector thread
276         detected races for Structure::m_offset, but places that changed
277         Structure::m_offset didn't perform a write barrier on the object
278         after changing its Structure's m_offset.)
279         
280         To prevent such code from requiring every call site to perform
281         a write barrier on the object, I've changed the collector code
282         to keep a stack of cells to be revisited due to races. This stack
283         is then consulted when we do marking. Because such races are rare,
284         we have a single stack on Heap that is guarded by a lock.
285
286         * heap/Heap.cpp:
287         (JSC::Heap::Heap):
288         (JSC::Heap::~Heap):
289         (JSC::Heap::markToFixpoint):
290         (JSC::Heap::endMarking):
291         (JSC::Heap::buildConstraintSet):
292         (JSC::Heap::addToRaceMarkStack):
293         * heap/Heap.h:
294         (JSC::Heap::collectorSlotVisitor):
295         (JSC::Heap::mutatorMarkStack): Deleted.
296         * heap/SlotVisitor.cpp:
297         (JSC::SlotVisitor::didRace):
298         * heap/SlotVisitor.h:
299         (JSC::SlotVisitor::didRace):
300         (JSC::SlotVisitor::didNotRace): Deleted.
301         * heap/SlotVisitorInlines.h:
302         (JSC::SlotVisitor::didNotRace): Deleted.
303         * runtime/JSObject.cpp:
304         (JSC::JSObject::visitButterfly):
305         (JSC::JSObject::visitButterflyImpl):
306         * runtime/JSObjectInlines.h:
307         (JSC::JSObject::prepareToPutDirectWithoutTransition):
308         * runtime/Structure.cpp:
309         (JSC::Structure::flattenDictionaryStructure):
310
311 2017-01-12  Chris Dumez  <cdumez@apple.com>
312
313         Add KEYBOARD_KEY_ATTRIBUTE / KEYBOARD_CODE_ATTRIBUTE to FeatureDefines.xcconfig
314         https://bugs.webkit.org/show_bug.cgi?id=166995
315
316         Reviewed by Jer Noble.
317
318         Add KEYBOARD_KEY_ATTRIBUTE / KEYBOARD_CODE_ATTRIBUTE to FeatureDefines.xcconfig
319         as some people are having trouble building without it.
320
321         * Configurations/FeatureDefines.xcconfig:
322
323 2017-01-12  Yusuke Suzuki  <utatane.tea@gmail.com>
324
325         Implement InlineClassicScript
326         https://bugs.webkit.org/show_bug.cgi?id=166925
327
328         Reviewed by Ryosuke Niwa.
329
330         Add ScriptFetcher field for SourceOrigin.
331
332         * runtime/SourceOrigin.h:
333         (JSC::SourceOrigin::SourceOrigin):
334         (JSC::SourceOrigin::fetcher):
335
336 2017-01-11  Andreas Kling  <akling@apple.com>
337
338         Crash when WebCore's GC heap grows way too large.
339         <https://webkit.org/b/166875>
340         <rdar://problem/27896585>
341
342         Reviewed by Mark Lam.
343
344         Add a simple API to JSC::Heap that allows setting a hard limit on the amount
345         of live bytes. If this is exceeded, we crash with a recognizable signature.
346         By default there is no limit.
347
348         * heap/Heap.cpp:
349         (JSC::Heap::didExceedMaxLiveSize):
350         (JSC::Heap::updateAllocationLimits):
351         * heap/Heap.h:
352         (JSC::Heap::setMaxLiveSize):
353
354 2017-01-11  Yusuke Suzuki  <utatane.tea@gmail.com>
355
356         Decouple module loading initiator from ScriptElement
357         https://bugs.webkit.org/show_bug.cgi?id=166888
358
359         Reviewed by Saam Barati and Ryosuke Niwa.
360
361         Add ScriptFetcher and JSScriptFetcher.
362
363         * CMakeLists.txt:
364         * JavaScriptCore.xcodeproj/project.pbxproj:
365         * builtins/ModuleLoaderPrototype.js:
366         (requestFetch):
367         (requestInstantiate):
368         (requestSatisfy):
369         (requestInstantiateAll):
370         (requestLink):
371         (moduleEvaluation):
372         (loadAndEvaluateModule):
373         (importModule):
374         * llint/LLIntData.cpp:
375         (JSC::LLInt::Data::performAssertions):
376         * llint/LowLevelInterpreter.asm:
377         * runtime/Completion.cpp:
378         (JSC::loadAndEvaluateModule):
379         (JSC::loadModule):
380         (JSC::linkAndEvaluateModule):
381         * runtime/Completion.h:
382         * runtime/JSModuleLoader.cpp:
383         (JSC::JSModuleLoader::loadAndEvaluateModule):
384         (JSC::JSModuleLoader::loadModule):
385         (JSC::JSModuleLoader::linkAndEvaluateModule):
386         (JSC::JSModuleLoader::resolve):
387         (JSC::JSModuleLoader::fetch):
388         (JSC::JSModuleLoader::instantiate):
389         (JSC::JSModuleLoader::evaluate):
390         * runtime/JSModuleLoader.h:
391         * runtime/JSScriptFetcher.cpp: Copied from Source/WebCore/dom/LoadableScript.cpp.
392         (JSC::JSScriptFetcher::destroy):
393         * runtime/JSScriptFetcher.h: Added.
394         (JSC::JSScriptFetcher::createStructure):
395         (JSC::JSScriptFetcher::create):
396         (JSC::JSScriptFetcher::fetcher):
397         (JSC::JSScriptFetcher::JSScriptFetcher):
398         * runtime/JSType.h:
399         * runtime/ScriptFetcher.h: Copied from Source/WebCore/dom/LoadableScript.cpp.
400         (JSC::ScriptFetcher::~ScriptFetcher):
401         * runtime/VM.cpp:
402         (JSC::VM::VM):
403         * runtime/VM.h:
404
405 2017-01-10  Yusuke Suzuki  <utatane.tea@gmail.com>
406
407         Implement JSSourceCode to propagate SourceCode in module pipeline
408         https://bugs.webkit.org/show_bug.cgi?id=166861
409
410         Reviewed by Saam Barati.
411
412         Instead of propagating source code string, we propagate JSSourceCode
413         cell in the module pipeline. This allows us to attach a metadata
414         to the propagated source code string. In particular, it propagates
415         SourceOrigin through the module pipeline.
416
417         And it also fixes JSC shell to use Module source type for module source code.
418
419         * CMakeLists.txt:
420         * JavaScriptCore.xcodeproj/project.pbxproj:
421         * builtins/ModuleLoaderPrototype.js:
422         (fulfillFetch):
423         (requestFetch):
424         * jsc.cpp:
425         (GlobalObject::moduleLoaderFetch):
426         (runWithScripts):
427         * llint/LLIntData.cpp:
428         (JSC::LLInt::Data::performAssertions):
429         * llint/LowLevelInterpreter.asm:
430         * runtime/Completion.cpp:
431         (JSC::loadAndEvaluateModule):
432         (JSC::loadModule):
433         * runtime/JSModuleLoader.cpp:
434         (JSC::JSModuleLoader::provide):
435         * runtime/JSModuleLoader.h:
436         * runtime/JSSourceCode.cpp: Added.
437         (JSC::JSSourceCode::destroy):
438         * runtime/JSSourceCode.h: Added.
439         (JSC::JSSourceCode::createStructure):
440         (JSC::JSSourceCode::create):
441         (JSC::JSSourceCode::sourceCode):
442         (JSC::JSSourceCode::JSSourceCode):
443         * runtime/JSType.h:
444         * runtime/ModuleLoaderPrototype.cpp:
445         (JSC::moduleLoaderPrototypeParseModule):
446         * runtime/VM.cpp:
447         (JSC::VM::VM):
448         * runtime/VM.h:
449
450 2017-01-10  Commit Queue  <commit-queue@webkit.org>
451
452         Unreviewed, rolling out r210052.
453         https://bugs.webkit.org/show_bug.cgi?id=166915
454
455         "breaks web compatability" (Requested by keith_miller on
456         #webkit).
457
458         Reverted changeset:
459
460         "Add support for global"
461         https://bugs.webkit.org/show_bug.cgi?id=165171
462         http://trac.webkit.org/changeset/210052
463
464 2017-01-10  Sam Weinig  <sam@webkit.org>
465
466         [WebIDL] Remove most of the custom bindings for the WebGL code
467         https://bugs.webkit.org/show_bug.cgi?id=166834
468
469         Reviewed by Alex Christensen.
470
471         * runtime/ArrayPrototype.h:
472         * runtime/ObjectPrototype.h:
473         Export the ClassInfo so it can be used from WebCore.
474
475 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
476
477         Streamline the GC barrier slowpath
478         https://bugs.webkit.org/show_bug.cgi?id=166878
479
480         Reviewed by Geoffrey Garen and Saam Barati.
481         
482         This implements two optimizations to the barrier:
483         
484         - Removes the write barrier buffer. This was just overhead.
485         
486         - Teaches the slow path how to white an object that was black but unmarked, ensuring that
487           we don't take slow path for this object again.
488
489         * JavaScriptCore.xcodeproj/project.pbxproj:
490         * dfg/DFGSpeculativeJIT.cpp:
491         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
492         * ftl/FTLLowerDFGToB3.cpp:
493         (JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
494         * heap/CellState.h:
495         * heap/Heap.cpp:
496         (JSC::Heap::Heap):
497         (JSC::Heap::markToFixpoint):
498         (JSC::Heap::addToRememberedSet):
499         (JSC::Heap::stopTheWorld):
500         (JSC::Heap::writeBarrierSlowPath):
501         (JSC::Heap::buildConstraintSet):
502         (JSC::Heap::flushWriteBarrierBuffer): Deleted.
503         * heap/Heap.h:
504         (JSC::Heap::writeBarrierBuffer): Deleted.
505         * heap/SlotVisitor.cpp:
506         (JSC::SlotVisitor::appendJSCellOrAuxiliary):
507         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
508         (JSC::SlotVisitor::appendToMarkStack):
509         (JSC::SlotVisitor::visitChildren):
510         * heap/WriteBarrierBuffer.cpp: Removed.
511         * heap/WriteBarrierBuffer.h: Removed.
512         * jit/JITOperations.cpp:
513         * jit/JITOperations.h:
514         * runtime/JSCellInlines.h:
515         (JSC::JSCell::JSCell):
516         * runtime/StructureIDBlob.h:
517         (JSC::StructureIDBlob::StructureIDBlob):
518
519 2017-01-10  Mark Lam  <mark.lam@apple.com>
520
521         Property setters should not be called for bound arguments list entries.
522         https://bugs.webkit.org/show_bug.cgi?id=165631
523
524         Reviewed by Filip Pizlo.
525
526         * builtins/FunctionPrototype.js:
527         (bind):
528         - use @putByValDirect to set the bound arguments so that we don't consult the
529           prototype chain for setters.
530
531         * runtime/IntlDateTimeFormatPrototype.cpp:
532         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
533         * runtime/IntlNumberFormatPrototype.cpp:
534         (JSC::IntlNumberFormatPrototypeGetterFormat):
535         - no need to create a bound arguments array because these bound functions binds
536           no arguments according to the spec.
537
538 2017-01-10  Skachkov Oleksandr  <gskachkov@gmail.com>
539
540         Calling async arrow function which is in a class's member function will cause error
541         https://bugs.webkit.org/show_bug.cgi?id=166879
542
543         Reviewed by Saam Barati.
544
545         Current patch fixed loading 'super' in async arrow function. Errored appear becuase 
546         super was loaded always nevertherless if it used in async arrow function or not, but bytecompiler
547         put to arrow function context only if it used within arrow function. So to fix this issue we need to 
548         check if super was used in arrow function. 
549
550         * bytecompiler/BytecodeGenerator.h:
551         * bytecompiler/NodesCodegen.cpp:
552         (JSC::FunctionNode::emitBytecode):
553
554 2017-01-10  Commit Queue  <commit-queue@webkit.org>
555
556         Unreviewed, rolling out r210537.
557         https://bugs.webkit.org/show_bug.cgi?id=166903
558
559         This change introduced JSC test failures (Requested by
560         ryanhaddad on #webkit).
561
562         Reverted changeset:
563
564         "Implement JSSourceCode to propagate SourceCode in module
565         pipeline"
566         https://bugs.webkit.org/show_bug.cgi?id=166861
567         http://trac.webkit.org/changeset/210537
568
569 2017-01-10  Commit Queue  <commit-queue@webkit.org>
570
571         Unreviewed, rolling out r210540.
572         https://bugs.webkit.org/show_bug.cgi?id=166896
573
574         too crude for non-WebCore clients (Requested by kling on
575         #webkit).
576
577         Reverted changeset:
578
579         "Crash when GC heap grows way too large."
580         https://bugs.webkit.org/show_bug.cgi?id=166875
581         http://trac.webkit.org/changeset/210540
582
583 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
584
585         JSArray has some object scanning races
586         https://bugs.webkit.org/show_bug.cgi?id=166874
587
588         Reviewed by Mark Lam.
589         
590         This fixes two separate bugs, both of which I detected by running
591         array-splice-contiguous.js in extreme anger:
592         
593         1) Some of the paths of shifting and unshifting were not grabbing the internal cell
594            lock. This was causing the array storage scan to crash, even though it was well
595            synchronized (the scan does hold the lock). The fix is just to hold the lock anywhere
596            that memmoves the innards of the butterfly.
597         
598         2) Out of line property scanning was synchronized using double collect snapshot. Array
599            storage scanning was synchronized using locks. But what if array storage
600            transformations messed up the out of line properties? It turns out that we actually
601            need to hoist the array storage scanner's locking up into the double collect
602            snapshot.
603         
604         I don't know how to write a test that does any better of a job of catching this than
605         array-splice-contiguous.js.
606
607         * heap/DeferGC.h: Make DisallowGC usable even if NDEBUG.
608         * runtime/JSArray.cpp:
609         (JSC::JSArray::unshiftCountSlowCase):
610         (JSC::JSArray::shiftCountWithArrayStorage):
611         (JSC::JSArray::unshiftCountWithArrayStorage):
612         * runtime/JSObject.cpp:
613         (JSC::JSObject::visitButterflyImpl):
614
615 2017-01-10  Andreas Kling  <akling@apple.com>
616
617         Crash when GC heap grows way too large.
618         <https://webkit.org/b/166875>
619         <rdar://problem/27896585>
620
621         Reviewed by Mark Lam.
622
623         Hard cap the JavaScript heap at 4GB of live objects (determined post-GC.)
624         If we go past this limit, crash with a recognizable signature.
625
626         * heap/Heap.cpp:
627         (JSC::Heap::didExceedHeapSizeLimit):
628         (JSC::Heap::updateAllocationLimits):
629
630 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
631
632         Implement JSSourceCode to propagate SourceCode in module pipeline
633         https://bugs.webkit.org/show_bug.cgi?id=166861
634
635         Reviewed by Saam Barati.
636
637         Instead of propagating source code string, we propagate JSSourceCode
638         cell in the module pipeline. This allows us to attach a metadata
639         to the propagated source code string. In particular, it propagates
640         SourceOrigin through the module pipeline.
641
642         * CMakeLists.txt:
643         * JavaScriptCore.xcodeproj/project.pbxproj:
644         * builtins/ModuleLoaderPrototype.js:
645         (fulfillFetch):
646         (requestFetch):
647         * jsc.cpp:
648         (GlobalObject::moduleLoaderFetch):
649         * llint/LLIntData.cpp:
650         (JSC::LLInt::Data::performAssertions):
651         * llint/LowLevelInterpreter.asm:
652         * runtime/Completion.cpp:
653         (JSC::loadAndEvaluateModule):
654         (JSC::loadModule):
655         * runtime/JSModuleLoader.cpp:
656         (JSC::JSModuleLoader::provide):
657         * runtime/JSModuleLoader.h:
658         * runtime/JSSourceCode.cpp: Added.
659         (JSC::JSSourceCode::destroy):
660         * runtime/JSSourceCode.h: Added.
661         (JSC::JSSourceCode::createStructure):
662         (JSC::JSSourceCode::create):
663         (JSC::JSSourceCode::sourceCode):
664         (JSC::JSSourceCode::JSSourceCode):
665         * runtime/JSType.h:
666         * runtime/ModuleLoaderPrototype.cpp:
667         (JSC::moduleLoaderPrototypeParseModule):
668         * runtime/VM.cpp:
669         (JSC::VM::VM):
670         * runtime/VM.h:
671
672 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
673
674         REGRESSION (r210522): ASSERTION FAILED: divot.offset >= divotStart.offset seen with stress/import-basic.js and stress/import-from-eval.js
675         https://bugs.webkit.org/show_bug.cgi?id=166873
676
677         Reviewed by Saam Barati.
678
679         The divot should be the end of `import` token.
680
681         * parser/Parser.cpp:
682         (JSC::Parser<LexerType>::parseMemberExpression):
683
684 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
685
686         Unreviewed, fix cloop.
687
688         * dfg/DFGPlanInlines.h:
689
690 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
691
692         [JSC] Prototype dynamic-import
693         https://bugs.webkit.org/show_bug.cgi?id=165724
694
695         Reviewed by Saam Barati.
696
697         In this patch, we implement stage3 dynamic-import proposal[1].
698         This patch adds a new special operator `import`. And by using it, we can import
699         the module dynamically from modules and scripts. Before this feature, the module
700         is always imported statically and before executing the modules, importing the modules
701         needs to be done. And especially, the module can only be imported from the module.
702         So the classic script cannot import and use the modules. This dynamic-import relaxes
703         the above restrictions.
704
705         The typical dynamic-import form is the following.
706
707             import("...").then(function (namespace) { ... });
708
709         You can pass any AssignmentExpression for the import operator. So you can determine
710         the importing modules dynamically.
711
712             import(value).then(function (namespace) { ... });
713
714         And previously the module import declaration is only allowed in the top level statements.
715         But this import operator is just an expression. So you can use it in the function.
716         And you can use it conditionally.
717
718             async function go(cond)
719             {
720                 if (cond)
721                     return import("...");
722                 return undefined;
723             }
724             await go(true);
725
726         Currently, this patch just implements this feature only for the JSC shell.
727         JSC module loader requires a new hook, `importModule`. And the JSC shell implements
728         this hook. So, for now, this dynamic-import is not available in the browser side.
729         If you write this `import` call, it always returns the rejected promise.
730
731         import is implemented like a special operator similar to `super`.
732         This is because import is context-sensitive. If you call the `import`, the module
733         key resolution is done based on the caller's running context.
734
735         For example, if you are running the script which filename is "./ok/hello.js", the module
736         key for the call`import("./resource/syntax.js")` becomes `"./ok/resource/syntax.js"`.
737         But if you write the completely same import form in the script "./error/hello.js", the
738         key becomes "./error/resource/syntax.js". So exposing this feature as the `import`
739         function is misleading: this function becomes caller's context-sensitive. That's why
740         dynamic-import is specified as a special operator.
741
742         To resolve the module key, we need the caller's context information like the filename of
743         the caller. This is provided by the SourceOrigin implemented in r210149.
744         In the JSC shell implementation, this SourceOrigin holds the filename of the caller. So
745         based on this implementation, the module loader resolve the module key.
746         In the near future, we will extend this SourceOrigin to hold more information needed for
747         the browser-side import implementation.
748
749         [1]: https://tc39.github.io/proposal-dynamic-import/
750
751         * builtins/ModuleLoaderPrototype.js:
752         (importModule):
753         * bytecompiler/BytecodeGenerator.cpp:
754         (JSC::BytecodeGenerator::emitGetTemplateObject):
755         (JSC::BytecodeGenerator::emitGetGlobalPrivate):
756         * bytecompiler/BytecodeGenerator.h:
757         * bytecompiler/NodesCodegen.cpp:
758         (JSC::ImportNode::emitBytecode):
759         * jsc.cpp:
760         (absolutePath):
761         (GlobalObject::moduleLoaderImportModule):
762         (functionRun):
763         (functionLoad):
764         (functionCheckSyntax):
765         (runWithScripts):
766         * parser/ASTBuilder.h:
767         (JSC::ASTBuilder::createImportExpr):
768         * parser/NodeConstructors.h:
769         (JSC::ImportNode::ImportNode):
770         * parser/Nodes.h:
771         (JSC::ExpressionNode::isImportNode):
772         * parser/Parser.cpp:
773         (JSC::Parser<LexerType>::parseMemberExpression):
774         * parser/SyntaxChecker.h:
775         (JSC::SyntaxChecker::createImportExpr):
776         * runtime/JSGlobalObject.cpp:
777         (JSC::JSGlobalObject::init):
778         * runtime/JSGlobalObject.h:
779         * runtime/JSGlobalObjectFunctions.cpp:
780         (JSC::globalFuncImportModule):
781         * runtime/JSGlobalObjectFunctions.h:
782         * runtime/JSModuleLoader.cpp:
783         (JSC::JSModuleLoader::importModule):
784         (JSC::JSModuleLoader::getModuleNamespaceObject):
785         * runtime/JSModuleLoader.h:
786         * runtime/ModuleLoaderPrototype.cpp:
787         (JSC::moduleLoaderPrototypeGetModuleNamespaceObject):
788
789 2017-01-08  Filip Pizlo  <fpizlo@apple.com>
790
791         Make the collector's fixpoint smart about scheduling work
792         https://bugs.webkit.org/show_bug.cgi?id=165910
793
794         Reviewed by Keith Miller.
795         
796         Prior to this change, every time the GC would run any constraints in markToFixpoint, it
797         would run all of the constraints. It would always run them in the same order. That means
798         that so long as any one constraint was generating new work, we'd pay the price of all
799         constraints. This is usually OK because most constraints are cheap but it artificially
800         inflates the cost of slow constraints - especially ones that are expensive but usually
801         generate no new work.
802         
803         This patch redoes how the GC runs constraints by applying ideas from data flow analysis.
804         The GC now builds a MarkingConstraintSet when it boots up, and this contains all of the
805         constraints as well as some meta-data about them. Now, markToFixpoint just calls into
806         MarkingConstraintSet to execute constraints. Because constraint execution and scheduling
807         need to be aware of each other, I rewrote markToFixpoint in such a way that it's more
808         obvious how the GC goes between constraint solving, marking with stopped mutator, and
809         marking with resumed mutator. This also changes the scheduler API in such a way that a
810         synchronous stop-the-world collection no longer needs to do fake stop/resume - instead we
811         just swap the space-time scheduler for the stop-the-world scheduler.
812         
813         This is a big streamlining of the GC. This is a speed-up in GC-heavy tests because we
814         now execute most constraints exactly twice regardless of how many total fixpoint
815         iterations we do. Now, when we run out of marking work, the constraint solver will just
816         run the constraint that is most likely to generate new visiting work, and if it does
817         generate work, then the GC now goes back to marking. Before, it would run *all*
818         constraints and then go back to marking. The constraint solver is armed with three
819         information signals that it uses to sort the constraints in order of descending likelihood
820         to generate new marking work. Then it runs them in that order until it there is new
821         marking work. The signals are:
822         
823         1) Whether the constraint is greyed by marking or execution. We call this the volatility
824            of the constraint. For example, weak reference constraints have GreyedByMarking as
825            their volatility because they are most likely to have something to say after we've done
826            some marking. On the other hand, conservative roots have GreyedByExecution as their
827            volatility because they will give new information anytime we let the mutator run. The
828            constraint solver will only run GreyedByExecution constraints as roots and after the
829            GreyedByMarking constraints go silent. This ensures that we don't try to scan
830            conservative roots every time we need to re-run weak references and vice-versa.
831            
832            Another way to look at it is that the constraint solver tries to predict if the
833            wavefront is advancing or retreating. The wavefront is almost certainly advancing so
834            long as the mark stacks are non-empty or so long as at least one of the GreyedByMarking
835            constraints is still producing work. Otherwise the wavefront is almost certainly
836            retreating. It's most profitable to run GreyedByMarking constraints when the wavefront
837            is advancing, and most profitable to run GreyedByExecution constraints when the
838            wavefront is retreating.
839            
840            We use the predicted wavefront direction and the volatility of constraints as a
841            first-order signal of constraint profitability.
842         
843         2) How much visiting work was created the last time the constraint ran. The solver
844            remembers the lastVisitCount, and uses it to predict how much work the constraint will
845            generate next time. In practice this means we will keep re-running the one interesting
846            constraint until it shuts up.
847         
848         3) Optional work predictors for some constraints. The constraint that shuffles the mutator
849            mark stack into the main SlotVisitor's mutator mark stack always knows exactly how much
850            work it will create.
851            
852            The sum of (2) and (3) are used as a second-order signal of constraint profitability.
853         
854         The constraint solver will always run all of the GreyedByExecution constraints at GC
855         start, since these double as the GC's roots. The constraint solver will always run all of
856         the GreyedByMarking constraints the first time that marking stalls. Other than that, the
857         solver will keep running constraints, sorted according to their likelihood to create work,
858         until either work is created or we run out of constraints to run. GC termination happens
859         when we run out of constraints to run.
860         
861         This new infrastructure means that we have a much better chance of dealing with worst-case
862         DOM pathologies. If we can intelligently factor different evil DOM things into different
863         constraints with the right work predictions then this could reduce the cost of those DOM
864         things by a factor of N where N is the number of fixpoint iterations the GC typically
865         does. N is usually around 5-6 even for simple heaps.
866         
867         My perf measurements say:
868         
869         PLT3: 0.02% faster with 5.3% confidence.
870         JetStream: 0.15% faster with 17% confidence.
871         Speedometer: 0.58% faster with 82% confidence.
872         
873         Here are the details from JetStream:
874         
875         splay: 1.02173x faster with 0.996841 confidence
876         splay-latency: 1.0617x faster with 0.987462 confidence
877         towers.c: 1.01852x faster with 0.92128 confidence
878         crypto-md5: 1.06058x faster with 0.482363 confidence
879         score: 1.00152x faster with 0.16892 confidence
880         
881         I think that Speedometer is legitimately benefiting from this change based on looking at
882         --logGC=true output. We are now spending less time reexecuting expensive constraints. I
883         think that JetStream/splay is also benefiting, because although the constraints it sees
884         are cheap, it spends 30% of its time in GC so even small improvements matter.
885
886         * CMakeLists.txt:
887         * JavaScriptCore.xcodeproj/project.pbxproj:
888         * dfg/DFGPlan.cpp:
889         (JSC::DFG::Plan::markCodeBlocks): Deleted.
890         (JSC::DFG::Plan::rememberCodeBlocks): Deleted.
891         * dfg/DFGPlan.h:
892         * dfg/DFGPlanInlines.h: Added.
893         (JSC::DFG::Plan::iterateCodeBlocksForGC):
894         * dfg/DFGWorklist.cpp:
895         (JSC::DFG::Worklist::markCodeBlocks): Deleted.
896         (JSC::DFG::Worklist::rememberCodeBlocks): Deleted.
897         (JSC::DFG::rememberCodeBlocks): Deleted.
898         * dfg/DFGWorklist.h:
899         * dfg/DFGWorklistInlines.h: Added.
900         (JSC::DFG::iterateCodeBlocksForGC):
901         (JSC::DFG::Worklist::iterateCodeBlocksForGC):
902         * heap/CodeBlockSet.cpp:
903         (JSC::CodeBlockSet::writeBarrierCurrentlyExecuting): Deleted.
904         * heap/CodeBlockSet.h:
905         (JSC::CodeBlockSet::iterate): Deleted.
906         * heap/CodeBlockSetInlines.h:
907         (JSC::CodeBlockSet::iterate):
908         (JSC::CodeBlockSet::iterateCurrentlyExecuting):
909         * heap/Heap.cpp:
910         (JSC::Heap::Heap):
911         (JSC::Heap::iterateExecutingAndCompilingCodeBlocks):
912         (JSC::Heap::iterateExecutingAndCompilingCodeBlocksWithoutHoldingLocks):
913         (JSC::Heap::assertSharedMarkStacksEmpty):
914         (JSC::Heap::markToFixpoint):
915         (JSC::Heap::endMarking):
916         (JSC::Heap::collectInThread):
917         (JSC::Heap::stopIfNecessarySlow):
918         (JSC::Heap::acquireAccessSlow):
919         (JSC::Heap::collectIfNecessaryOrDefer):
920         (JSC::Heap::buildConstraintSet):
921         (JSC::Heap::notifyIsSafeToCollect):
922         (JSC::Heap::ResumeTheWorldScope::ResumeTheWorldScope): Deleted.
923         (JSC::Heap::ResumeTheWorldScope::~ResumeTheWorldScope): Deleted.
924         (JSC::Heap::harvestWeakReferences): Deleted.
925         (JSC::Heap::visitConservativeRoots): Deleted.
926         (JSC::Heap::visitCompilerWorklistWeakReferences): Deleted.
927         * heap/Heap.h:
928         * heap/MarkingConstraint.cpp: Added.
929         (JSC::MarkingConstraint::MarkingConstraint):
930         (JSC::MarkingConstraint::~MarkingConstraint):
931         (JSC::MarkingConstraint::resetStats):
932         (JSC::MarkingConstraint::execute):
933         * heap/MarkingConstraint.h: Added.
934         (JSC::MarkingConstraint::index):
935         (JSC::MarkingConstraint::abbreviatedName):
936         (JSC::MarkingConstraint::name):
937         (JSC::MarkingConstraint::lastVisitCount):
938         (JSC::MarkingConstraint::quickWorkEstimate):
939         (JSC::MarkingConstraint::workEstimate):
940         (JSC::MarkingConstraint::volatility):
941         * heap/MarkingConstraintSet.cpp: Added.
942         (JSC::MarkingConstraintSet::ExecutionContext::ExecutionContext):
943         (JSC::MarkingConstraintSet::ExecutionContext::didVisitSomething):
944         (JSC::MarkingConstraintSet::ExecutionContext::shouldTimeOut):
945         (JSC::MarkingConstraintSet::ExecutionContext::drain):
946         (JSC::MarkingConstraintSet::ExecutionContext::didExecute):
947         (JSC::MarkingConstraintSet::ExecutionContext::execute):
948         (JSC::MarkingConstraintSet::MarkingConstraintSet):
949         (JSC::MarkingConstraintSet::~MarkingConstraintSet):
950         (JSC::MarkingConstraintSet::resetStats):
951         (JSC::MarkingConstraintSet::add):
952         (JSC::MarkingConstraintSet::executeBootstrap):
953         (JSC::MarkingConstraintSet::executeConvergence):
954         (JSC::MarkingConstraintSet::isWavefrontAdvancing):
955         (JSC::MarkingConstraintSet::executeConvergenceImpl):
956         (JSC::MarkingConstraintSet::executeAll):
957         * heap/MarkingConstraintSet.h: Added.
958         (JSC::MarkingConstraintSet::isWavefrontRetreating):
959         * heap/MutatorScheduler.cpp: Added.
960         (JSC::MutatorScheduler::MutatorScheduler):
961         (JSC::MutatorScheduler::~MutatorScheduler):
962         (JSC::MutatorScheduler::didStop):
963         (JSC::MutatorScheduler::willResume):
964         (JSC::MutatorScheduler::didExecuteConstraints):
965         (JSC::MutatorScheduler::log):
966         (JSC::MutatorScheduler::shouldStop):
967         (JSC::MutatorScheduler::shouldResume):
968         * heap/MutatorScheduler.h: Added.
969         * heap/OpaqueRootSet.h:
970         (JSC::OpaqueRootSet::add):
971         * heap/SlotVisitor.cpp:
972         (JSC::SlotVisitor::visitAsConstraint):
973         (JSC::SlotVisitor::drain):
974         (JSC::SlotVisitor::didReachTermination):
975         (JSC::SlotVisitor::hasWork):
976         (JSC::SlotVisitor::drainFromShared):
977         (JSC::SlotVisitor::drainInParallelPassively):
978         (JSC::SlotVisitor::addOpaqueRoot):
979         * heap/SlotVisitor.h:
980         (JSC::SlotVisitor::addToVisitCount):
981         * heap/SpaceTimeMutatorScheduler.cpp: Copied from Source/JavaScriptCore/heap/SpaceTimeScheduler.cpp.
982         (JSC::SpaceTimeMutatorScheduler::Snapshot::Snapshot):
983         (JSC::SpaceTimeMutatorScheduler::Snapshot::now):
984         (JSC::SpaceTimeMutatorScheduler::Snapshot::bytesAllocatedThisCycle):
985         (JSC::SpaceTimeMutatorScheduler::SpaceTimeMutatorScheduler):
986         (JSC::SpaceTimeMutatorScheduler::~SpaceTimeMutatorScheduler):
987         (JSC::SpaceTimeMutatorScheduler::state):
988         (JSC::SpaceTimeMutatorScheduler::beginCollection):
989         (JSC::SpaceTimeMutatorScheduler::didStop):
990         (JSC::SpaceTimeMutatorScheduler::willResume):
991         (JSC::SpaceTimeMutatorScheduler::didExecuteConstraints):
992         (JSC::SpaceTimeMutatorScheduler::timeToStop):
993         (JSC::SpaceTimeMutatorScheduler::timeToResume):
994         (JSC::SpaceTimeMutatorScheduler::log):
995         (JSC::SpaceTimeMutatorScheduler::endCollection):
996         (JSC::SpaceTimeMutatorScheduler::bytesAllocatedThisCycleImpl):
997         (JSC::SpaceTimeMutatorScheduler::bytesSinceBeginningOfCycle):
998         (JSC::SpaceTimeMutatorScheduler::maxHeadroom):
999         (JSC::SpaceTimeMutatorScheduler::headroomFullness):
1000         (JSC::SpaceTimeMutatorScheduler::mutatorUtilization):
1001         (JSC::SpaceTimeMutatorScheduler::collectorUtilization):
1002         (JSC::SpaceTimeMutatorScheduler::elapsedInPeriod):
1003         (JSC::SpaceTimeMutatorScheduler::phase):
1004         (JSC::SpaceTimeMutatorScheduler::shouldBeResumed):
1005         (JSC::SpaceTimeScheduler::Decision::targetMutatorUtilization): Deleted.
1006         (JSC::SpaceTimeScheduler::Decision::targetCollectorUtilization): Deleted.
1007         (JSC::SpaceTimeScheduler::Decision::elapsedInPeriod): Deleted.
1008         (JSC::SpaceTimeScheduler::Decision::phase): Deleted.
1009         (JSC::SpaceTimeScheduler::Decision::shouldBeResumed): Deleted.
1010         (JSC::SpaceTimeScheduler::Decision::timeToResume): Deleted.
1011         (JSC::SpaceTimeScheduler::Decision::timeToStop): Deleted.
1012         (JSC::SpaceTimeScheduler::SpaceTimeScheduler): Deleted.
1013         (JSC::SpaceTimeScheduler::snapPhase): Deleted.
1014         (JSC::SpaceTimeScheduler::currentDecision): Deleted.
1015         * heap/SpaceTimeMutatorScheduler.h: Copied from Source/JavaScriptCore/heap/SpaceTimeScheduler.h.
1016         (JSC::SpaceTimeScheduler::Decision::operator bool): Deleted.
1017         * heap/SpaceTimeScheduler.cpp: Removed.
1018         * heap/SpaceTimeScheduler.h: Removed.
1019         * heap/SynchronousStopTheWorldMutatorScheduler.cpp: Added.
1020         (JSC::SynchronousStopTheWorldMutatorScheduler::SynchronousStopTheWorldMutatorScheduler):
1021         (JSC::SynchronousStopTheWorldMutatorScheduler::~SynchronousStopTheWorldMutatorScheduler):
1022         (JSC::SynchronousStopTheWorldMutatorScheduler::state):
1023         (JSC::SynchronousStopTheWorldMutatorScheduler::beginCollection):
1024         (JSC::SynchronousStopTheWorldMutatorScheduler::timeToStop):
1025         (JSC::SynchronousStopTheWorldMutatorScheduler::timeToResume):
1026         (JSC::SynchronousStopTheWorldMutatorScheduler::endCollection):
1027         * heap/SynchronousStopTheWorldMutatorScheduler.h: Added.
1028         * heap/VisitingTimeout.h: Added.
1029         (JSC::VisitingTimeout::VisitingTimeout):
1030         (JSC::VisitingTimeout::visitCount):
1031         (JSC::VisitingTimeout::didVisitSomething):
1032         (JSC::VisitingTimeout::shouldTimeOut):
1033         * runtime/Options.h:
1034
1035 2017-01-09  Commit Queue  <commit-queue@webkit.org>
1036
1037         Unreviewed, rolling out r210476.
1038         https://bugs.webkit.org/show_bug.cgi?id=166859
1039
1040         "4% JSBench regression" (Requested by keith_mi_ on #webkit).
1041
1042         Reverted changeset:
1043
1044         "Add a slice intrinsic to the DFG/FTL"
1045         https://bugs.webkit.org/show_bug.cgi?id=166707
1046         http://trac.webkit.org/changeset/210476
1047
1048 2017-01-08  Andreas Kling  <akling@apple.com>
1049
1050         Inject MarkedSpace size classes for a few more high-volume objects.
1051         <https://webkit.org/b/166815>
1052
1053         Reviewed by Darin Adler.
1054
1055         Add the following classes to the list of manually injected size classes:
1056
1057             - JSString
1058             - JSFunction
1059             - PropertyTable
1060             - Structure
1061
1062         Only Structure actually ends up with a new size class, the others already
1063         can't get any tighter due to the current MarkedBlock::atomSize being 16.
1064         I've put them in anyway to ensure that we have optimally carved-out cells
1065         for them in the future, should they grow.
1066
1067         With this change, Structures get allocated in 128-byte cells instead of
1068         160-byte cells, giving us 25% more Structures per MarkedBlock.
1069
1070         * heap/MarkedSpace.cpp:
1071
1072 2017-01-06  Saam Barati  <sbarati@apple.com>
1073
1074         Add a slice intrinsic to the DFG/FTL
1075         https://bugs.webkit.org/show_bug.cgi?id=166707
1076
1077         Reviewed by Filip Pizlo.
1078
1079         The gist of this patch is to inline Array.prototype.slice
1080         into the DFG/FTL. The implementation in the DFG-backend
1081         and FTLLowerDFGToB3 is just a straight forward implementation
1082         of what the C function is doing. The more interesting bits
1083         of this patch are setting up the proper watchpoints and conditions
1084         in the executing code to prove that its safe to skip all of the
1085         observable JS actions that Array.prototype.slice normally does.
1086         
1087         We perform the following proofs:
1088         1. Array.prototype.constructor has not changed (via a watchpoint).
1089         2. That Array.prototype.constructor[Symbol.species] has not changed (via a watchpoint).
1090         3. The global object is not having a bad time.
1091         3. The array that is being sliced has an original array structure.
1092         5. Array.prototype/Object.prototype have not transitioned.
1093         
1094         Conditions 1, 2, and 3 are strictly required.
1095         
1096         4 is ensuring a couple things:
1097         1. That a "constructor" property hasn't been added to the array
1098         we're slicing since we're supposed to perform a Get(array, "constructor").
1099         2. That we're not slicing an instance of a subclass of Array.
1100         
1101         We could relax 4.1 in the future if we find other ways to test if
1102         the incoming array hasn't changed the "constructor" property.
1103         
1104         I'm seeing a 5% speedup on crypto-pbkdf2 and often a 1% speedup on
1105         the total benchmark (the results are sometimes noisy).
1106
1107         * bytecode/ExitKind.cpp:
1108         (JSC::exitKindToString):
1109         * bytecode/ExitKind.h:
1110         * dfg/DFGAbstractInterpreterInlines.h:
1111         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1112         * dfg/DFGByteCodeParser.cpp:
1113         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1114         * dfg/DFGClobberize.h:
1115         (JSC::DFG::clobberize):
1116         * dfg/DFGDoesGC.cpp:
1117         (JSC::DFG::doesGC):
1118         * dfg/DFGFixupPhase.cpp:
1119         (JSC::DFG::FixupPhase::fixupNode):
1120         * dfg/DFGNode.h:
1121         (JSC::DFG::Node::hasHeapPrediction):
1122         (JSC::DFG::Node::hasArrayMode):
1123         * dfg/DFGNodeType.h:
1124         * dfg/DFGPredictionPropagationPhase.cpp:
1125         * dfg/DFGSafeToExecute.h:
1126         (JSC::DFG::safeToExecute):
1127         * dfg/DFGSpeculativeJIT.cpp:
1128         (JSC::DFG::SpeculativeJIT::compileArraySlice):
1129         * dfg/DFGSpeculativeJIT.h:
1130         * dfg/DFGSpeculativeJIT32_64.cpp:
1131         (JSC::DFG::SpeculativeJIT::compile):
1132         * dfg/DFGSpeculativeJIT64.cpp:
1133         (JSC::DFG::SpeculativeJIT::compile):
1134         * ftl/FTLCapabilities.cpp:
1135         (JSC::FTL::canCompile):
1136         * ftl/FTLLowerDFGToB3.cpp:
1137         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1138         (JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
1139         * jit/AssemblyHelpers.cpp:
1140         (JSC::AssemblyHelpers::emitLoadStructure):
1141         * runtime/ArrayPrototype.cpp:
1142         (JSC::ArrayPrototype::finishCreation):
1143         (JSC::speciesWatchpointIsValid):
1144         (JSC::speciesConstructArray):
1145         (JSC::arrayProtoFuncSlice):
1146         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1147         (JSC::ArrayPrototype::initializeSpeciesWatchpoint):
1148         (JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire):
1149         (JSC::speciesWatchpointsValid): Deleted.
1150         (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint): Deleted.
1151         * runtime/ArrayPrototype.h:
1152         (JSC::ArrayPrototype::speciesWatchpointStatus): Deleted.
1153         (): Deleted.
1154         * runtime/Intrinsic.h:
1155         * runtime/JSGlobalObject.cpp:
1156         (JSC::JSGlobalObject::JSGlobalObject):
1157         (JSC::JSGlobalObject::init):
1158         * runtime/JSGlobalObject.h:
1159         (JSC::JSGlobalObject::arraySpeciesWatchpoint):
1160
1161 2017-01-06  Mark Lam  <mark.lam@apple.com>
1162
1163         The ObjC API's JSVirtualMachine's map tables need to be guarded by a lock.
1164         https://bugs.webkit.org/show_bug.cgi?id=166778
1165         <rdar://problem/29761198>
1166
1167         Reviewed by Filip Pizlo.
1168
1169         Now that we have a concurrent GC, access to JSVirtualMachine's
1170         m_externalObjectGraph and m_externalRememberedSet need to be guarded by a lock
1171         since both the GC marker thread and the mutator thread may access them at the
1172         same time.
1173
1174         * API/JSVirtualMachine.mm:
1175         (-[JSVirtualMachine addExternalRememberedObject:]):
1176         (-[JSVirtualMachine addManagedReference:withOwner:]):
1177         (-[JSVirtualMachine removeManagedReference:withOwner:]):
1178         (-[JSVirtualMachine externalDataMutex]):
1179         (scanExternalObjectGraph):
1180         (scanExternalRememberedSet):
1181
1182         * API/JSVirtualMachineInternal.h:
1183         - Deleted externalObjectGraph method.  There's no need to expose this.
1184
1185 2017-01-06  Michael Saboff  <msaboff@apple.com>
1186
1187         @putByValDirect in Array.of and Array.from overwrites non-writable/configurable properties
1188         https://bugs.webkit.org/show_bug.cgi?id=153486
1189
1190         Reviewed by Saam Barati.
1191
1192         Moved read only check in putDirect() to all paths.
1193
1194         * runtime/SparseArrayValueMap.cpp:
1195         (JSC::SparseArrayValueMap::putDirect):
1196
1197 2016-12-30  Filip Pizlo  <fpizlo@apple.com>
1198
1199         DeferGC::~DeferGC should be super cheap
1200         https://bugs.webkit.org/show_bug.cgi?id=166626
1201
1202         Reviewed by Saam Barati.
1203         
1204         Right now, ~DeferGC requires running the collector's full collectIfNecessaryOrDefer()
1205         hook, which is super big. Normally, that hook would only be called from GC slow paths,
1206         so it ought to be possible to add complex logic to it. It benefits the GC algorithm to
1207         make that code smart, not necessarily fast.
1208
1209         The right thing for it to do is to have ~DeferGC check a boolean to see if
1210         collectIfNecessaryOrDefer() had previously deferred anything, and only call it if that
1211         is true. That's what this patch does.
1212         
1213         Unfortunately, this means that we lose the collectAccordingToDeferGCProbability mode,
1214         which we used for two tests. Since I could only see two tests that used this mode, I
1215         felt that it was better to enhance the GC than to keep the tests. I filed bug 166627 to
1216         bring back something like that mode.
1217         
1218         Although this patch does make some paths faster, its real goal is to ensure that bug
1219         165963 can add more logic to collectIfNecessaryOrDefer() without introducing a big
1220         regression. Until then, I wouldn't be surprised if this patch was a progression, but I'm
1221         not betting on it.
1222
1223         * heap/Heap.cpp:
1224         (JSC::Heap::collectIfNecessaryOrDefer):
1225         (JSC::Heap::decrementDeferralDepthAndGCIfNeededSlow):
1226         (JSC::Heap::canCollect): Deleted.
1227         (JSC::Heap::shouldCollectHeuristic): Deleted.
1228         (JSC::Heap::shouldCollect): Deleted.
1229         (JSC::Heap::collectAccordingToDeferGCProbability): Deleted.
1230         (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): Deleted.
1231         * heap/Heap.h:
1232         * heap/HeapInlines.h:
1233         (JSC::Heap::incrementDeferralDepth):
1234         (JSC::Heap::decrementDeferralDepth):
1235         (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
1236         (JSC::Heap::mayNeedToStop):
1237         (JSC::Heap::stopIfNecessary):
1238         * runtime/Options.h:
1239
1240 2017-01-05  Filip Pizlo  <fpizlo@apple.com>
1241
1242         AutomaticThread timeout shutdown leaves a small window where notify() would think that the thread is still running
1243         https://bugs.webkit.org/show_bug.cgi?id=166742
1244
1245         Reviewed by Geoffrey Garen.
1246         
1247         Update to new AutomaticThread API.
1248
1249         * dfg/DFGWorklist.cpp:
1250
1251 2017-01-05  Per Arne Vollan  <pvollan@apple.com>
1252
1253         [Win] Compile error.
1254         https://bugs.webkit.org/show_bug.cgi?id=166726
1255
1256         Reviewed by Alex Christensen.
1257
1258         Add include folder.
1259
1260         * CMakeLists.txt:
1261
1262 2016-12-21  Brian Burg  <bburg@apple.com>
1263
1264         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
1265         https://bugs.webkit.org/show_bug.cgi?id=166003
1266         <rdar://problem/28718990>
1267
1268         Reviewed by Joseph Pecoraro.
1269
1270         This patch implements parser, model, and generator-side changes to account for
1271         platform-specific types, events, and commands. The 'platform' property is parsed
1272         for top-level definitions and assumed to be the 'generic' platform if none is specified.
1273
1274         Since the generator's platform setting acts to filter definitions with an incompatible platform,
1275         all generators must be modified to consult a list of filtered types/commands/events for
1276         a domain instead of directly accessing Domain.{type_declarations, commands, events}. To prevent
1277         accidental misuse, hide those fields behind accessors (e.g., `all_type_declarations()`) so that they
1278         are still accessible if truly necessary, but not used by default and caused an error if not migrated.
1279
1280         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
1281         (CppAlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
1282         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1283         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
1284         (CppBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
1285         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1286         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1287         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
1288         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
1289         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1290         (CppBackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
1291         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1292         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
1293         (CppFrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1294         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1295         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
1296         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
1297         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1298         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
1299         (_generate_typedefs_for_domain):
1300         (_generate_builders_for_domain):
1301         (_generate_forward_declarations_for_binding_traits):
1302         (_generate_declarations_for_enum_conversion_methods):
1303         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1304         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
1305         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1306         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
1307         * inspector/scripts/codegen/generate_js_backend_commands.py:
1308         (JSBackendCommandsGenerator.should_generate_domain):
1309         (JSBackendCommandsGenerator.domains_to_generate):
1310         (JSBackendCommandsGenerator.generate_domain):
1311         (JSBackendCommandsGenerator.domains_to_generate.should_generate_domain): Deleted.
1312         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1313         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
1314         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1315         (ObjCBackendDispatcherHeaderGenerator._generate_objc_handler_declarations_for_domain):
1316         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1317         (ObjCBackendDispatcherImplementationGenerator):
1318         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
1319         (ObjCBackendDispatcherImplementationGenerator._generate_handler_implementation_for_domain):
1320         (ObjCConfigurationImplementationGenerator): Deleted.
1321         (ObjCConfigurationImplementationGenerator.__init__): Deleted.
1322         (ObjCConfigurationImplementationGenerator.output_filename): Deleted.
1323         (ObjCConfigurationImplementationGenerator.domains_to_generate): Deleted.
1324         (ObjCConfigurationImplementationGenerator.generate_output): Deleted.
1325         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_domain): Deleted.
1326         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_command): Deleted.
1327         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command): Deleted.
1328         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command.and): Deleted.
1329         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command): Deleted.
1330         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command.in_param_expression): Deleted.
1331         (ObjCConfigurationImplementationGenerator._generate_invocation_for_command): Deleted.
1332         * inspector/scripts/codegen/generate_objc_configuration_header.py:
1333         (ObjCConfigurationHeaderGenerator.generate_output):
1334         (ObjCConfigurationHeaderGenerator._generate_properties_for_domain):
1335         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
1336         (ObjCConfigurationImplementationGenerator):
1337         (ObjCConfigurationImplementationGenerator.generate_output):
1338         (ObjCConfigurationImplementationGenerator._generate_configuration_implementation_for_domains):
1339         (ObjCConfigurationImplementationGenerator._generate_ivars):
1340         (ObjCConfigurationImplementationGenerator._generate_dealloc):
1341         (ObjCBackendDispatcherImplementationGenerator): Deleted.
1342         (ObjCBackendDispatcherImplementationGenerator.__init__): Deleted.
1343         (ObjCBackendDispatcherImplementationGenerator.output_filename): Deleted.
1344         (ObjCBackendDispatcherImplementationGenerator.generate_output): Deleted.
1345         (ObjCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains): Deleted.
1346         (ObjCBackendDispatcherImplementationGenerator._generate_ivars): Deleted.
1347         (ObjCBackendDispatcherImplementationGenerator._generate_dealloc): Deleted.
1348         (ObjCBackendDispatcherImplementationGenerator._generate_handler_setter_for_domain): Deleted.
1349         (ObjCBackendDispatcherImplementationGenerator._generate_event_dispatcher_getter_for_domain): Deleted.
1350         (ObjCBackendDispatcherImplementationGenerator._variable_name_prefix_for_domain): Deleted.
1351         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1352         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
1353         (ObjCFrontendDispatcherImplementationGenerator._generate_event_dispatcher_implementations):
1354         * inspector/scripts/codegen/generate_objc_header.py:
1355         (ObjCHeaderGenerator.generate_output):
1356         (ObjCHeaderGenerator._generate_forward_declarations):
1357         (ObjCHeaderGenerator._generate_enums):
1358         (ObjCHeaderGenerator._generate_types):
1359         (ObjCHeaderGenerator._generate_command_protocols):
1360         (ObjCHeaderGenerator._generate_event_interfaces):
1361         * inspector/scripts/codegen/generate_objc_internal_header.py:
1362         (ObjCInternalHeaderGenerator.generate_output):
1363         (ObjCInternalHeaderGenerator._generate_event_dispatcher_private_interfaces):
1364         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1365         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
1366         (ObjCProtocolTypeConversionsHeaderGenerator._generate_enum_conversion_functions):
1367         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
1368         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
1369         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_interface):
1370         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_implementation):
1371         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1372         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
1373         (ObjCProtocolTypesImplementationGenerator.generate_type_implementations):
1374
1375         * inspector/scripts/codegen/generator.py:
1376         (Generator.can_generate_platform):
1377         (Generator):
1378         (Generator.type_declarations_for_domain):
1379         (Generator.commands_for_domain):
1380         (Generator.events_for_domain):
1381         These are the core methods for computing whether a definition can be used given a target platform.
1382
1383         (Generator.calculate_types_requiring_shape_assertions):
1384         (Generator._traverse_and_assign_enum_values):
1385         * inspector/scripts/codegen/models.py:
1386         (Protocol.parse_type_declaration):
1387         (Protocol.parse_command):
1388         (Protocol.parse_event):
1389         (Protocol.resolve_types):
1390
1391         (Domain.__init__):
1392         (Domain):
1393         (Domain.all_type_declarations):
1394         (Domain.all_commands):
1395         (Domain.all_events):
1396         Hide fields behind these accessors so it's really obvious when we are ignoring platform filtering.
1397
1398         (Domain.resolve_type_references):
1399         (TypeDeclaration.__init__):
1400         (Command.__init__):
1401         (Event.__init__):
1402         * inspector/scripts/codegen/objc_generator.py:
1403         (ObjCGenerator.should_generate_types_for_domain):
1404         (ObjCGenerator):
1405         (ObjCGenerator.should_generate_commands_for_domain):
1406         (ObjCGenerator.should_generate_events_for_domain):
1407         (ObjCGenerator.should_generate_domain_types_filter): Deleted.
1408         (ObjCGenerator.should_generate_domain_types_filter.should_generate_domain_types): Deleted.
1409         (ObjCGenerator.should_generate_domain_command_handler_filter): Deleted.
1410         (ObjCGenerator.should_generate_domain_command_handler_filter.should_generate_domain_command_handler): Deleted.
1411         (ObjCGenerator.should_generate_domain_event_dispatcher_filter): Deleted.
1412         (ObjCGenerator.should_generate_domain_event_dispatcher_filter.should_generate_domain_event_dispatcher): Deleted.
1413         Clean up some messy code that essentially did the same definition filtering as we must do for platforms.
1414         This will be enhanced in a future patch so that platform filtering will take priority over the target framework.
1415
1416         The results above need rebaselining because the class names for two generators were swapped by accident.
1417         Fixing the names causes the order of generated files to change, and this generates ugly diffs because every
1418         generated file includes the same copyright block at the top.
1419
1420         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
1421         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
1422         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1423         * inspector/scripts/tests/generic/expected/enum-values.json-result:
1424         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
1425         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1426         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
1427         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
1428         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
1429         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
1430         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
1431         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
1432         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
1433
1434         * inspector/scripts/tests/generic/expected/fail-on-command-with-invalid-platform.json-error: Added.
1435         * inspector/scripts/tests/generic/expected/fail-on-type-with-invalid-platform.json-error: Added.
1436         * inspector/scripts/tests/generic/fail-on-command-with-invalid-platform.json: Added.
1437         * inspector/scripts/tests/generic/fail-on-type-with-invalid-platform.json: Added.
1438
1439         Add error test cases for invalid platforms in commands, types, and events.
1440
1441         * inspector/scripts/tests/generic/definitions-with-mac-platform.json: Added.
1442         * inspector/scripts/tests/generic/expected/definitions-with-mac-platform.json-result: Added.
1443         * inspector/scripts/tests/all/definitions-with-mac-platform.json: Added.
1444         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result: Added.
1445         * inspector/scripts/tests/ios/definitions-with-mac-platform.json: Added.
1446         * inspector/scripts/tests/ios/expected/definitions-with-mac-platform.json-result: Added.
1447         * inspector/scripts/tests/mac/definitions-with-mac-platform.json: Added.
1448         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result: Added.
1449
1450         Add a basic 4-way test that generates code for each platform from the same specification.
1451         With 'macos' platform for each definition, only 'all' and 'mac' generate anything interesting.
1452
1453 2017-01-03  Brian Burg  <bburg@apple.com>
1454
1455         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
1456         https://bugs.webkit.org/show_bug.cgi?id=166003
1457         <rdar://problem/28718990>
1458
1459         Reviewed by Joseph Pecoraro.
1460
1461         This patch implements parser, model, and generator-side changes to account for
1462         platform-specific types, events, and commands. The 'platform' property is parsed
1463         for top-level definitions and assumed to be the 'generic' platform if none is specified.
1464
1465         Since the generator's platform setting acts to filter definitions with an incompatible platform,
1466         all generators must be modified to consult a list of filtered types/commands/events for
1467         a domain instead of directly accessing Domain.{type_declarations, commands, events}. To prevent
1468         accidental misuse, hide those fields behind accessors (e.g., `all_type_declarations()`) so that they
1469         are still accessible if truly necessary, but not used by default and caused an error if not migrated.
1470
1471         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
1472         (CppAlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
1473         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1474         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
1475         (CppBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
1476         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1477         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1478         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
1479         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
1480         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1481         (CppBackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
1482         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1483         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
1484         (CppFrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1485         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1486         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
1487         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
1488         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1489         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
1490         (_generate_typedefs_for_domain):
1491         (_generate_builders_for_domain):
1492         (_generate_forward_declarations_for_binding_traits):
1493         (_generate_declarations_for_enum_conversion_methods):
1494         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1495         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
1496         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1497         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
1498         * inspector/scripts/codegen/generate_js_backend_commands.py:
1499         (JSBackendCommandsGenerator.should_generate_domain):
1500         (JSBackendCommandsGenerator.domains_to_generate):
1501         (JSBackendCommandsGenerator.generate_domain):
1502         (JSBackendCommandsGenerator.domains_to_generate.should_generate_domain): Deleted.
1503         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1504         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
1505         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1506         (ObjCBackendDispatcherHeaderGenerator._generate_objc_handler_declarations_for_domain):
1507         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1508         (ObjCBackendDispatcherImplementationGenerator):
1509         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
1510         (ObjCBackendDispatcherImplementationGenerator._generate_handler_implementation_for_domain):
1511         (ObjCConfigurationImplementationGenerator): Deleted.
1512         (ObjCConfigurationImplementationGenerator.__init__): Deleted.
1513         (ObjCConfigurationImplementationGenerator.output_filename): Deleted.
1514         (ObjCConfigurationImplementationGenerator.domains_to_generate): Deleted.
1515         (ObjCConfigurationImplementationGenerator.generate_output): Deleted.
1516         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_domain): Deleted.
1517         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_command): Deleted.
1518         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command): Deleted.
1519         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command.and): Deleted.
1520         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command): Deleted.
1521         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command.in_param_expression): Deleted.
1522         (ObjCConfigurationImplementationGenerator._generate_invocation_for_command): Deleted.
1523         * inspector/scripts/codegen/generate_objc_configuration_header.py:
1524         (ObjCConfigurationHeaderGenerator.generate_output):
1525         (ObjCConfigurationHeaderGenerator._generate_properties_for_domain):
1526         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
1527         (ObjCConfigurationImplementationGenerator):
1528         (ObjCConfigurationImplementationGenerator.generate_output):
1529         (ObjCConfigurationImplementationGenerator._generate_configuration_implementation_for_domains):
1530         (ObjCConfigurationImplementationGenerator._generate_ivars):
1531         (ObjCConfigurationImplementationGenerator._generate_dealloc):
1532         (ObjCBackendDispatcherImplementationGenerator): Deleted.
1533         (ObjCBackendDispatcherImplementationGenerator.__init__): Deleted.
1534         (ObjCBackendDispatcherImplementationGenerator.output_filename): Deleted.
1535         (ObjCBackendDispatcherImplementationGenerator.generate_output): Deleted.
1536         (ObjCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains): Deleted.
1537         (ObjCBackendDispatcherImplementationGenerator._generate_ivars): Deleted.
1538         (ObjCBackendDispatcherImplementationGenerator._generate_dealloc): Deleted.
1539         (ObjCBackendDispatcherImplementationGenerator._generate_handler_setter_for_domain): Deleted.
1540         (ObjCBackendDispatcherImplementationGenerator._generate_event_dispatcher_getter_for_domain): Deleted.
1541         (ObjCBackendDispatcherImplementationGenerator._variable_name_prefix_for_domain): Deleted.
1542         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1543         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
1544         (ObjCFrontendDispatcherImplementationGenerator._generate_event_dispatcher_implementations):
1545         * inspector/scripts/codegen/generate_objc_header.py:
1546         (ObjCHeaderGenerator.generate_output):
1547         (ObjCHeaderGenerator._generate_forward_declarations):
1548         (ObjCHeaderGenerator._generate_enums):
1549         (ObjCHeaderGenerator._generate_types):
1550         (ObjCHeaderGenerator._generate_command_protocols):
1551         (ObjCHeaderGenerator._generate_event_interfaces):
1552         * inspector/scripts/codegen/generate_objc_internal_header.py:
1553         (ObjCInternalHeaderGenerator.generate_output):
1554         (ObjCInternalHeaderGenerator._generate_event_dispatcher_private_interfaces):
1555         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1556         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
1557         (ObjCProtocolTypeConversionsHeaderGenerator._generate_enum_conversion_functions):
1558         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
1559         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
1560         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_interface):
1561         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_implementation):
1562         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1563         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
1564         (ObjCProtocolTypesImplementationGenerator.generate_type_implementations):
1565
1566         * inspector/scripts/codegen/generator.py:
1567         (Generator.can_generate_platform):
1568         (Generator):
1569         (Generator.type_declarations_for_domain):
1570         (Generator.commands_for_domain):
1571         (Generator.events_for_domain):
1572         These are the core methods for computing whether a definition can be used given a target platform.
1573
1574         (Generator.calculate_types_requiring_shape_assertions):
1575         (Generator._traverse_and_assign_enum_values):
1576         * inspector/scripts/codegen/models.py:
1577         (Protocol.parse_type_declaration):
1578         (Protocol.parse_command):
1579         (Protocol.parse_event):
1580         (Protocol.resolve_types):
1581
1582         (Domain.__init__):
1583         (Domain):
1584         (Domain.all_type_declarations):
1585         (Domain.all_commands):
1586         (Domain.all_events):
1587         Hide fields behind these accessors so it's really obvious when we are ignoring platform filtering.
1588
1589         (Domain.resolve_type_references):
1590         (TypeDeclaration.__init__):
1591         (Command.__init__):
1592         (Event.__init__):
1593         * inspector/scripts/codegen/objc_generator.py:
1594         (ObjCGenerator.should_generate_types_for_domain):
1595         (ObjCGenerator):
1596         (ObjCGenerator.should_generate_commands_for_domain):
1597         (ObjCGenerator.should_generate_events_for_domain):
1598         (ObjCGenerator.should_generate_domain_types_filter): Deleted.
1599         (ObjCGenerator.should_generate_domain_types_filter.should_generate_domain_types): Deleted.
1600         (ObjCGenerator.should_generate_domain_command_handler_filter): Deleted.
1601         (ObjCGenerator.should_generate_domain_command_handler_filter.should_generate_domain_command_handler): Deleted.
1602         (ObjCGenerator.should_generate_domain_event_dispatcher_filter): Deleted.
1603         (ObjCGenerator.should_generate_domain_event_dispatcher_filter.should_generate_domain_event_dispatcher): Deleted.
1604         Clean up some messy code that essentially did the same definition filtering as we must do for platforms.
1605         This will be enhanced in a future patch so that platform filtering will take priority over the target framework.
1606
1607         The following results need rebaselining because the class names for two generators were swapped by accident.
1608         Fixing the names causes the order of generated files to change, and this generates ugly diffs because every
1609         generated file includes the same copyright block at the top.
1610
1611         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
1612         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
1613         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1614         * inspector/scripts/tests/generic/expected/enum-values.json-result:
1615         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
1616         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1617         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
1618         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
1619         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
1620         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
1621         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
1622         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
1623         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
1624
1625 2017-01-03  Brian Burg  <bburg@apple.com>
1626
1627         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
1628         https://bugs.webkit.org/show_bug.cgi?id=166003
1629         <rdar://problem/28718990>
1630
1631         Reviewed by Joseph Pecoraro.
1632
1633         Make it possible to test inspector protocol generator output for different platforms.
1634
1635         Move existing tests to the generic/ subdirectory, as they are to be generated
1636         without any specific platform. Later, platform-specific generator behavior will be
1637         tested by cloning the same test to multiple platform directories.
1638
1639         * inspector/scripts/tests{/ => /generic/}commands-with-async-attribute.json
1640         * inspector/scripts/tests{/ => /generic/}commands-with-optional-call-return-parameters.json
1641         * inspector/scripts/tests{/ => /generic/}domains-with-varying-command-sizes.json
1642         * inspector/scripts/tests{/ => /generic/}enum-values.json
1643         * inspector/scripts/tests{/ => /generic/}events-with-optional-parameters.json
1644         * inspector/scripts/tests{/ => /generic/}expected/commands-with-async-attribute.json-result
1645         * inspector/scripts/tests{/ => /generic/}expected/commands-with-optional-call-return-parameters.json-result
1646         * inspector/scripts/tests{/ => /generic/}expected/domains-with-varying-command-sizes.json-result
1647         * inspector/scripts/tests{/ => /generic/}expected/enum-values.json-result
1648         * inspector/scripts/tests{/ => /generic/}expected/events-with-optional-parameters.json-result
1649         * inspector/scripts/tests{/ => /generic/}expected/fail-on-domain-availability.json-error
1650         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-command-call-parameter-names.json-error
1651         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-command-return-parameter-names.json-error
1652         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-event-parameter-names.json-error
1653         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-type-declarations.json-error
1654         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-type-member-names.json-error
1655         * inspector/scripts/tests{/ => /generic/}expected/fail-on-enum-with-no-values.json-error
1656         * inspector/scripts/tests{/ => /generic/}expected/fail-on-number-typed-optional-parameter-flag.json-error
1657         * inspector/scripts/tests{/ => /generic/}expected/fail-on-number-typed-optional-type-member.json-error
1658         * inspector/scripts/tests{/ => /generic/}expected/fail-on-string-typed-optional-parameter-flag.json-error
1659         * inspector/scripts/tests{/ => /generic/}expected/fail-on-string-typed-optional-type-member.json-error
1660         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-declaration-using-type-reference.json-error
1661         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-reference-as-primitive-type.json-error
1662         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-with-lowercase-name.json-error
1663         * inspector/scripts/tests{/ => /generic/}expected/fail-on-unknown-type-reference-in-type-declaration.json-error
1664         * inspector/scripts/tests{/ => /generic/}expected/fail-on-unknown-type-reference-in-type-member.json-error
1665         * inspector/scripts/tests{/ => /generic/}expected/generate-domains-with-feature-guards.json-result
1666         * inspector/scripts/tests{/ => /generic/}expected/same-type-id-different-domain.json-result
1667         * inspector/scripts/tests{/ => /generic/}expected/shadowed-optional-type-setters.json-result
1668         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-aliased-primitive-type.json-result
1669         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-array-type.json-result
1670         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-enum-type.json-result
1671         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-object-type.json-result
1672         * inspector/scripts/tests{/ => /generic/}expected/type-requiring-runtime-casts.json-result
1673         * inspector/scripts/tests{/ => /generic/}fail-on-domain-availability.json
1674         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-command-call-parameter-names.json
1675         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-command-return-parameter-names.json
1676         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-event-parameter-names.json
1677         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-type-declarations.json
1678         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-type-member-names.json
1679         * inspector/scripts/tests{/ => /generic/}fail-on-enum-with-no-values.json
1680         * inspector/scripts/tests{/ => /generic/}fail-on-number-typed-optional-parameter-flag.json
1681         * inspector/scripts/tests{/ => /generic/}fail-on-number-typed-optional-type-member.json
1682         * inspector/scripts/tests{/ => /generic/}fail-on-string-typed-optional-parameter-flag.json
1683         * inspector/scripts/tests{/ => /generic/}fail-on-string-typed-optional-type-member.json
1684         * inspector/scripts/tests{/ => /generic/}fail-on-type-declaration-using-type-reference.json
1685         * inspector/scripts/tests{/ => /generic/}fail-on-type-reference-as-primitive-type.json
1686         * inspector/scripts/tests{/ => /generic/}fail-on-type-with-lowercase-name.json
1687         * inspector/scripts/tests{/ => /generic/}fail-on-unknown-type-reference-in-type-declaration.json
1688         * inspector/scripts/tests{/ => /generic/}fail-on-unknown-type-reference-in-type-member.json
1689         * inspector/scripts/tests{/ => /generic/}generate-domains-with-feature-guards.json
1690         * inspector/scripts/tests{/ => /generic/}same-type-id-different-domain.json
1691         * inspector/scripts/tests{/ => /generic/}shadowed-optional-type-setters.json
1692         * inspector/scripts/tests{/ => /generic/}type-declaration-aliased-primitive-type.json
1693         * inspector/scripts/tests{/ => /generic/}type-declaration-array-type.json
1694         * inspector/scripts/tests{/ => /generic/}type-declaration-enum-type.json
1695         * inspector/scripts/tests{/ => /generic/}type-declaration-object-type.json
1696         * inspector/scripts/tests{/ => /generic/}type-requiring-runtime-casts.json
1697
1698 2017-01-03  Brian Burg  <bburg@apple.com>
1699
1700         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
1701         https://bugs.webkit.org/show_bug.cgi?id=166003
1702         <rdar://problem/28718990>
1703
1704         Reviewed by Joseph Pecoraro.
1705
1706         Add a --platform argument to generate-inspector-protocol-bindings.py and propagate
1707         the specified platform to each generator. This will be used in the next few patches
1708         to exclude types, events, and commands that are unsupported by the backend platform.
1709
1710         Covert all subclasses of Generator to pass along their positional arguments so that we
1711         can easily change base class arguments without editing all generator constructors.
1712
1713         * inspector/scripts/codegen/cpp_generator.py:
1714         (CppGenerator.__init__):
1715         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
1716         (CppAlternateBackendDispatcherHeaderGenerator.__init__):
1717         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1718         (CppBackendDispatcherHeaderGenerator.__init__):
1719         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1720         (CppBackendDispatcherImplementationGenerator.__init__):
1721         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1722         (CppFrontendDispatcherHeaderGenerator.__init__):
1723         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1724         (CppFrontendDispatcherImplementationGenerator.__init__):
1725         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1726         (CppProtocolTypesHeaderGenerator.__init__):
1727         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1728         (CppProtocolTypesImplementationGenerator.__init__):
1729         * inspector/scripts/codegen/generate_js_backend_commands.py:
1730         (JSBackendCommandsGenerator.__init__):
1731         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1732         (ObjCBackendDispatcherHeaderGenerator.__init__):
1733         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1734         (ObjCConfigurationImplementationGenerator.__init__):
1735         * inspector/scripts/codegen/generate_objc_configuration_header.py:
1736         (ObjCConfigurationHeaderGenerator.__init__):
1737         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
1738         (ObjCBackendDispatcherImplementationGenerator.__init__):
1739         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1740         (ObjCFrontendDispatcherImplementationGenerator.__init__):
1741         * inspector/scripts/codegen/generate_objc_header.py:
1742         (ObjCHeaderGenerator.__init__):
1743         * inspector/scripts/codegen/generate_objc_internal_header.py:
1744         (ObjCInternalHeaderGenerator.__init__):
1745         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1746         (ObjCProtocolTypeConversionsHeaderGenerator.__init__):
1747         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
1748         (ObjCProtocolTypeConversionsImplementationGenerator.__init__):
1749         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1750         (ObjCProtocolTypesImplementationGenerator.__init__):
1751         Pass along *args instead of single positional arguments.
1752
1753         * inspector/scripts/codegen/generator.py:
1754         (Generator.__init__):
1755         Save the target platform and add a getter.
1756
1757         * inspector/scripts/codegen/models.py:
1758         (Platform):
1759         (Platform.__init__):
1760         (Platform.fromString):
1761         (Platforms):
1762         Define the allowed Platform instances (iOS, macOS, and Any).
1763
1764         * inspector/scripts/codegen/objc_generator.py:
1765         (ObjCGenerator.and.__init__):
1766         * inspector/scripts/generate-inspector-protocol-bindings.py:
1767         (generate_from_specification):
1768         Pass along *args instead of single positional arguments.
1769
1770 2017-01-04  JF Bastien  <jfbastien@apple.com>
1771
1772         WebAssembly JS API: add Module.sections
1773         https://bugs.webkit.org/show_bug.cgi?id=165159
1774         <rdar://problem/29760326>
1775
1776         Reviewed by Mark Lam.
1777
1778         As described in: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblymodulecustomsections
1779
1780         This was added for Emscripten, and is likely to be used soon.
1781
1782         * wasm/WasmFormat.h: custom sections are just name + bytes
1783         * wasm/WasmModuleParser.cpp: parse them, instead of skipping over
1784         * wasm/WasmModuleParser.h:
1785         * wasm/js/WebAssemblyModulePrototype.cpp: construct the Array of
1786         ArrayBuffer as described in the spec
1787         (JSC::webAssemblyModuleProtoCustomSections):
1788
1789 2017-01-04  Saam Barati  <sbarati@apple.com>
1790
1791         We don't properly handle exceptions inside the nativeCallTrampoline macro in the LLInt
1792         https://bugs.webkit.org/show_bug.cgi?id=163720
1793
1794         Reviewed by Mark Lam.
1795
1796         In the LLInt, we were incorrectly doing the exception check after the call.
1797         Before the exception check, we were unwinding to our caller's
1798         frame under the assumption that our caller was always a JS frame.
1799         This is incorrect, however, because our caller might be a C frame.
1800         One way that it can be a C frame is when C calls to JS, and JS tail
1801         calls to native. This patch fixes this bug by doing unwinding from
1802         the native callee's frame instead of its callers.
1803
1804         * llint/LowLevelInterpreter32_64.asm:
1805         * llint/LowLevelInterpreter64.asm:
1806
1807 2017-01-03  JF Bastien  <jfbastien@apple.com>
1808
1809         REGRESSION (r210244): Release JSC Stress test failure: wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm
1810         https://bugs.webkit.org/show_bug.cgi?id=166669
1811         <rdar://problem/29856455>
1812
1813         Reviewed by Saam Barati.
1814
1815         Bug #165282 added wasm -> wasm calls, but caused crashes in
1816         release builds because the pinned registers are also callee-saved
1817         and were being clobbered. B3 didn't see itself clobbering them
1818         when no memory was used, and therefore omitted a restore.
1819
1820         This was causing the C++ code in callWebAssemblyFunction to crash
1821         because $r12 was 0, and it expected it to have its value prior to
1822         the call.
1823
1824         * wasm/WasmB3IRGenerator.cpp:
1825         (JSC::Wasm::createJSToWasmWrapper):
1826
1827 2017-01-03  Joseph Pecoraro  <pecoraro@apple.com>
1828
1829         Web Inspector: Address failures under LayoutTests/inspector/debugger/stepping
1830         https://bugs.webkit.org/show_bug.cgi?id=166300
1831
1832         Reviewed by Brian Burg.
1833
1834         * debugger/Debugger.cpp:
1835         (JSC::Debugger::continueProgram):
1836         When continuing, clear states that would have had us pause again.
1837
1838         * inspector/agents/InspectorDebuggerAgent.cpp:
1839         (Inspector::InspectorDebuggerAgent::didBecomeIdle):
1840         When resuming after becoming idle, be sure to clear Debugger state.
1841
1842 2017-01-03  JF Bastien  <jfbastien@apple.com>
1843
1844         WebAssembly JS API: check and test in-call / out-call values
1845         https://bugs.webkit.org/show_bug.cgi?id=164876
1846         <rdar://problem/29844107>
1847
1848         Reviewed by Saam Barati.
1849
1850         * wasm/WasmBinding.cpp:
1851         (JSC::Wasm::wasmToJs): fix the wasm -> JS call coercions for f32 /
1852         f64 which the assotiated tests inadvertently tripped on: the
1853         previous code wasn't correctly performing JSValue boxing for
1854         "double" values. This change is slightly involved because it
1855         requires two scratch registers to materialize the
1856         `DoubleEncodeOffset` value. This change therefore reorganizes the
1857         code to first generate traps, then handle all integers (freeing
1858         all GPRs), and then all the floating-point values.
1859         * wasm/js/WebAssemblyFunction.cpp:
1860         (JSC::callWebAssemblyFunction): Implement the defined semantics
1861         for mismatched arities when JS calls wasm:
1862         https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects
1863           - i32 is 0, f32 / f64 are NaN.
1864           - wasm functions which return "void" are "undefined" in JS.
1865
1866 2017-01-03  Per Arne Vollan  <pvollan@apple.com>
1867
1868         [Win] jsc.exe sometimes never exits.
1869         https://bugs.webkit.org/show_bug.cgi?id=158073
1870
1871         Reviewed by Darin Adler.
1872
1873         On Windows the thread specific destructor is also called when the main thread is exiting.
1874         This may lead to the main thread waiting forever for the machine thread lock when exiting,
1875         if the sampling profiler thread was terminated by the system while holding the machine
1876         thread lock.
1877
1878         * heap/MachineStackMarker.cpp:
1879         (JSC::MachineThreads::removeThread):
1880
1881 2017-01-02  Julien Brianceau  <jbriance@cisco.com>
1882
1883         Remove sh4 specific code from JavaScriptCore
1884         https://bugs.webkit.org/show_bug.cgi?id=166640
1885
1886         Reviewed by Filip Pizlo.
1887
1888         sh4-specific code does not compile for a while (r189884 at least).
1889         As nobody seems to have interest in this architecture anymore, let's
1890         remove this dead code and thus ease the burden for JSC maintainers.
1891
1892         * CMakeLists.txt:
1893         * JavaScriptCore.xcodeproj/project.pbxproj:
1894         * assembler/AbstractMacroAssembler.h:
1895         (JSC::AbstractMacroAssembler::Jump::Jump):
1896         (JSC::AbstractMacroAssembler::Jump::link):
1897         * assembler/MacroAssembler.h:
1898         * assembler/MacroAssemblerSH4.h: Removed.
1899         * assembler/MaxFrameExtentForSlowPathCall.h:
1900         * assembler/SH4Assembler.h: Removed.
1901         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
1902         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
1903         * dfg/DFGSpeculativeJIT.h:
1904         (JSC::DFG::SpeculativeJIT::callOperation):
1905         * jit/AssemblyHelpers.h:
1906         (JSC::AssemblyHelpers::debugCall):
1907         * jit/CCallHelpers.h:
1908         (JSC::CCallHelpers::setupArgumentsWithExecState):
1909         (JSC::CCallHelpers::prepareForTailCallSlow):
1910         * jit/CallFrameShuffler.cpp:
1911         (JSC::CallFrameShuffler::prepareForTailCall):
1912         * jit/ExecutableAllocator.h:
1913         * jit/FPRInfo.h:
1914         * jit/GPRInfo.h:
1915         * jit/JITInlines.h:
1916         (JSC::JIT::callOperation):
1917         * jit/JITOpcodes32_64.cpp:
1918         (JSC::JIT::privateCompileCTINativeCall):
1919         * jit/JITOperations.cpp:
1920         * jit/RegisterSet.cpp:
1921         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
1922         (JSC::RegisterSet::dfgCalleeSaveRegisters):
1923         * jit/ThunkGenerators.cpp:
1924         (JSC::nativeForGenerator):
1925         * llint/LLIntData.cpp:
1926         (JSC::LLInt::Data::performAssertions):
1927         * llint/LLIntOfflineAsmConfig.h:
1928         * llint/LowLevelInterpreter.asm:
1929         * llint/LowLevelInterpreter32_64.asm:
1930         * offlineasm/backends.rb:
1931         * offlineasm/instructions.rb:
1932         * offlineasm/sh4.rb: Removed.
1933         * yarr/YarrJIT.cpp:
1934         (JSC::Yarr::YarrGenerator::generateEnter):
1935         (JSC::Yarr::YarrGenerator::generateReturn):
1936
1937 2017-01-02  JF Bastien  <jfbastien@apple.com>
1938
1939         WebAssembly: handle and optimize wasm export → wasm import calls
1940         https://bugs.webkit.org/show_bug.cgi?id=165282
1941
1942         Reviewed by Saam Barati.
1943
1944           - Add a new JSType for WebAssemblyFunction, and use it when creating its
1945             structure. This will is used to quickly detect from wasm whether the import
1946             call is to another wasm module, or whether it's to JS.
1947           - Generate two stubs from the import stub generator: one for wasm->JS and one
1948             for wasm -> wasm. This is done at Module time. Which is called will only be
1949             known at Instance time, once we've received the import object. We want to
1950             avoid codegen at Instance time, so having both around is great.
1951           - Restore the WebAssembly global state (VM top Instance, and pinned registers)
1952             after call / call_indirect, and in the JS->wasm entry stub.
1953           - Pinned registers are now a global thing, not per-Memory, because the wasm ->
1954             wasm stubs are generated at Module time where we don't really have enough
1955             information to do the right thing (doing so would generate too much code).
1956
1957         * CMakeLists.txt:
1958         * JavaScriptCore.xcodeproj/project.pbxproj:
1959         * runtime/JSType.h: add WebAssemblyFunctionType as a JSType
1960         * wasm/WasmB3IRGenerator.cpp: significantly rework how calls which
1961         could be external work, and how we save / restore global state:
1962         VM's top Instance, and pinned registers
1963         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1964         (JSC::Wasm::getMemoryBaseAndSize):
1965         (JSC::Wasm::restoreWebAssemblyGlobalState):
1966         (JSC::Wasm::createJSToWasmWrapper):
1967         (JSC::Wasm::parseAndCompile):
1968         * wasm/WasmB3IRGenerator.h:
1969         * wasm/WasmBinding.cpp:
1970         (JSC::Wasm::materializeImportJSCell):
1971         (JSC::Wasm::wasmToJS):
1972         (JSC::Wasm::wasmToWasm): the main goal of this patch was adding this function
1973         (JSC::Wasm::exitStubGenerator):
1974         * wasm/WasmBinding.h:
1975         * wasm/WasmFormat.h: Get rid of much of the function index space:
1976         we already have all of its information elsewhere, and as-is it
1977         provides no extra efficiency.
1978         (JSC::Wasm::ModuleInformation::functionIndexSpaceSize):
1979         (JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace):
1980         (JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace):
1981         * wasm/WasmFunctionParser.h:
1982         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
1983         * wasm/WasmMemory.cpp: Add some logging.
1984         (JSC::Wasm::Memory::dump): this was nice when debugging
1985         (JSC::Wasm::Memory::makeString):
1986         (JSC::Wasm::Memory::Memory):
1987         (JSC::Wasm::Memory::~Memory):
1988         (JSC::Wasm::Memory::grow):
1989         * wasm/WasmMemory.h: don't use extra indirection, it wasn't
1990         needed. Reorder some of the fields which are looked up at runtime
1991         so they're more cache-friendly.
1992         (JSC::Wasm::Memory::Memory):
1993         (JSC::Wasm::Memory::mode):
1994         (JSC::Wasm::Memory::offsetOfSize):
1995         * wasm/WasmMemoryInformation.cpp: Pinned registers are now a
1996         global thing for all of JSC, not a per-Memory thing
1997         anymore. wasm->wasm calls are more complex otherwise: they have to
1998         figure out how to bridge between the caller and callee's
1999         special-snowflake pinning.
2000         (JSC::Wasm::PinnedRegisterInfo::get):
2001         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
2002         (JSC::Wasm::MemoryInformation::MemoryInformation):
2003         * wasm/WasmMemoryInformation.h:
2004         * wasm/WasmModuleParser.cpp:
2005         * wasm/WasmModuleParser.h:
2006         * wasm/WasmPageCount.cpp: Copied from Source/JavaScriptCore/wasm/WasmBinding.h.
2007         (JSC::Wasm::PageCount::dump): nice for debugging
2008         * wasm/WasmPageCount.h:
2009         * wasm/WasmPlan.cpp:
2010         (JSC::Wasm::Plan::parseAndValidateModule):
2011         (JSC::Wasm::Plan::run):
2012         * wasm/WasmPlan.h:
2013         (JSC::Wasm::Plan::takeWasmExitStubs):
2014         * wasm/WasmSignature.cpp:
2015         (JSC::Wasm::Signature::toString):
2016         (JSC::Wasm::Signature::dump):
2017         * wasm/WasmSignature.h:
2018         * wasm/WasmValidate.cpp:
2019         (JSC::Wasm::validateFunction):
2020         * wasm/WasmValidate.h:
2021         * wasm/js/JSWebAssemblyInstance.h:
2022         (JSC::JSWebAssemblyInstance::offsetOfTable):
2023         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
2024         (JSC::JSWebAssemblyInstance::offsetOfImportFunction):
2025         * wasm/js/JSWebAssemblyMemory.cpp:
2026         (JSC::JSWebAssemblyMemory::create):
2027         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
2028         (JSC::JSWebAssemblyMemory::buffer):
2029         (JSC::JSWebAssemblyMemory::grow):
2030         * wasm/js/JSWebAssemblyMemory.h:
2031         (JSC::JSWebAssemblyMemory::memory):
2032         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2033         (JSC::JSWebAssemblyMemory::offsetOfSize):
2034         * wasm/js/JSWebAssemblyModule.cpp:
2035         (JSC::JSWebAssemblyModule::create):
2036         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2037         * wasm/js/JSWebAssemblyModule.h:
2038         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2039         (JSC::JSWebAssemblyModule::functionImportCount):
2040         * wasm/js/WebAssemblyFunction.cpp:
2041         (JSC::callWebAssemblyFunction):
2042         (JSC::WebAssemblyFunction::create):
2043         (JSC::WebAssemblyFunction::createStructure):
2044         (JSC::WebAssemblyFunction::WebAssemblyFunction):
2045         (JSC::WebAssemblyFunction::finishCreation):
2046         * wasm/js/WebAssemblyFunction.h:
2047         (JSC::WebAssemblyFunction::wasmEntrypoint):
2048         (JSC::WebAssemblyFunction::offsetOfInstance):
2049         (JSC::WebAssemblyFunction::offsetOfWasmEntryPointCode):
2050         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2051         (JSC::constructJSWebAssemblyInstance): always start with a dummy
2052         memory, so wasm->wasm calls don't need to null-check
2053         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2054         (JSC::constructJSWebAssemblyMemory):
2055         * wasm/js/WebAssemblyModuleConstructor.cpp:
2056         (JSC::WebAssemblyModuleConstructor::createModule):
2057         * wasm/js/WebAssemblyModuleRecord.cpp:
2058         (JSC::WebAssemblyModuleRecord::link):
2059         (JSC::WebAssemblyModuleRecord::evaluate):
2060         * wasm/js/WebAssemblyModuleRecord.h:
2061
2062 2017-01-02  Saam Barati  <sbarati@apple.com>
2063
2064         WebAssembly: Some loads don't take into account the offset
2065         https://bugs.webkit.org/show_bug.cgi?id=166616
2066         <rdar://problem/29841541>
2067
2068         Reviewed by Keith Miller.
2069
2070         * wasm/WasmB3IRGenerator.cpp:
2071         (JSC::Wasm::B3IRGenerator::emitLoadOp):
2072
2073 2017-01-01  Jeff Miller  <jeffm@apple.com>
2074
2075         Update user-visible copyright strings to include 2017
2076         https://bugs.webkit.org/show_bug.cgi?id=166278
2077
2078         Reviewed by Dan Bernstein.
2079
2080         * Info.plist:
2081
2082 2016-12-28  Saam Barati  <sbarati@apple.com>
2083
2084         WebAssembly: Don't allow duplicate export names
2085         https://bugs.webkit.org/show_bug.cgi?id=166490
2086         <rdar://problem/29815000>
2087
2088         Reviewed by Keith Miller.
2089
2090         * wasm/WasmModuleParser.cpp:
2091
2092 2016-12-28  Saam Barati  <sbarati@apple.com>
2093
2094         Unreviewed. Fix jsc.cpp build error.
2095
2096         * jsc.cpp:
2097         (functionTestWasmModuleFunctions):
2098
2099 2016-12-28  Saam Barati  <sbarati@apple.com>
2100
2101         WebAssembly: Implement grow_memory and current_memory
2102         https://bugs.webkit.org/show_bug.cgi?id=166448
2103         <rdar://problem/29803676>
2104
2105         Reviewed by Keith Miller.
2106
2107         This patch implements grow_memory, current_memory, and WebAssembly.prototype.grow.
2108         See relevant spec texts here:
2109         
2110         https://github.com/WebAssembly/design/blob/master/Semantics.md#linear-memory-accesses
2111         https://github.com/WebAssembly/design/blob/master/JS.md#webassemblymemoryprototypegrow
2112         
2113         I also fix a couple miscellaneous bugs:
2114         
2115         1. Data section now understands full init_exprs. 
2116         2. parseVarUint1 no longer has a bug where we allow values larger than 1 if
2117         their bottom 8 bits are zero.
2118         
2119         Since the JS API can now grow memory, we need to make calling an import
2120         and call_indirect refresh the base memory register and the size registers.
2121
2122         * jsc.cpp:
2123         (functionTestWasmModuleFunctions):
2124         * runtime/Options.h:
2125         * runtime/VM.h:
2126         * wasm/WasmB3IRGenerator.cpp:
2127         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2128         (JSC::Wasm::reloadPinnedRegisters):
2129         (JSC::Wasm::B3IRGenerator::emitReloadPinnedRegisters):
2130         (JSC::Wasm::createJSToWasmWrapper):
2131         (JSC::Wasm::parseAndCompile):
2132         * wasm/WasmFormat.cpp:
2133         (JSC::Wasm::Segment::create):
2134         * wasm/WasmFormat.h:
2135         (JSC::Wasm::I32InitExpr::I32InitExpr):
2136         (JSC::Wasm::I32InitExpr::globalImport):
2137         (JSC::Wasm::I32InitExpr::constValue):
2138         (JSC::Wasm::I32InitExpr::isConst):
2139         (JSC::Wasm::I32InitExpr::isGlobalImport):
2140         (JSC::Wasm::I32InitExpr::globalImportIndex):
2141         (JSC::Wasm::Segment::byte):
2142         (JSC::Wasm::ModuleInformation::importFunctionCount):
2143         (JSC::Wasm::ModuleInformation::hasMemory):
2144         * wasm/WasmFunctionParser.h:
2145         * wasm/WasmMemory.cpp:
2146         (JSC::Wasm::Memory::Memory):
2147         (JSC::Wasm::Memory::grow):
2148         * wasm/WasmMemory.h:
2149         (JSC::Wasm::Memory::size):
2150         (JSC::Wasm::Memory::sizeInPages):
2151         (JSC::Wasm::Memory::offsetOfMemory):
2152         (JSC::Wasm::Memory::isValid): Deleted.
2153         (JSC::Wasm::Memory::grow): Deleted.
2154         * wasm/WasmModuleParser.cpp:
2155         (JSC::Wasm::makeI32InitExpr):
2156         * wasm/WasmModuleParser.h:
2157         * wasm/WasmPageCount.h:
2158         (JSC::Wasm::PageCount::bytes):
2159         (JSC::Wasm::PageCount::pageCount):
2160         (JSC::Wasm::PageCount::fromBytes):
2161         (JSC::Wasm::PageCount::operator+):
2162         * wasm/WasmParser.h:
2163         (JSC::Wasm::Parser<SuccessType>::parseVarUInt1):
2164         * wasm/WasmValidate.cpp:
2165         * wasm/js/JSWebAssemblyInstance.h:
2166         (JSC::JSWebAssemblyInstance::offsetOfMemory):
2167         * wasm/js/JSWebAssemblyMemory.cpp:
2168         (JSC::JSWebAssemblyMemory::~JSWebAssemblyMemory):
2169         (JSC::JSWebAssemblyMemory::grow):
2170         * wasm/js/JSWebAssemblyMemory.h:
2171         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2172         * wasm/js/JSWebAssemblyModule.h:
2173         (JSC::JSWebAssemblyModule::functionImportCount):
2174         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace):
2175         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace):
2176         (JSC::JSWebAssemblyModule::importCount): Deleted.
2177         * wasm/js/WebAssemblyFunction.cpp:
2178         (JSC::callWebAssemblyFunction):
2179         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2180         (JSC::constructJSWebAssemblyInstance):
2181         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2182         (JSC::constructJSWebAssemblyMemory):
2183         * wasm/js/WebAssemblyMemoryPrototype.cpp:
2184         (JSC::getMemory):
2185         (JSC::webAssemblyMemoryProtoFuncBuffer):
2186         (JSC::webAssemblyMemoryProtoFuncGrow):
2187         * wasm/js/WebAssemblyModuleRecord.cpp:
2188         (JSC::WebAssemblyModuleRecord::link):
2189         (JSC::dataSegmentFail):
2190         (JSC::WebAssemblyModuleRecord::evaluate):
2191         * wasm/wasm.json:
2192
2193 2016-12-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2194
2195         Use variadic templates in JSC Parser to clean up
2196         https://bugs.webkit.org/show_bug.cgi?id=166482
2197
2198         Reviewed by Saam Barati.
2199
2200         * parser/Parser.cpp:
2201         (JSC::Parser<LexerType>::logError):
2202         * parser/Parser.h:
2203
2204 2016-12-25  Yusuke Suzuki  <utatane.tea@gmail.com>
2205
2206         Propagate the source origin as much as possible
2207         https://bugs.webkit.org/show_bug.cgi?id=166348
2208
2209         Reviewed by Darin Adler.
2210
2211         This patch introduces CallFrame::callerSourceOrigin, SourceOrigin class
2212         and SourceProvider::m_sourceOrigin. CallFrame::callerSourceOrigin returns
2213         an appropriate SourceOrigin if possible. If we cannot find the appropriate
2214         one, we just return null SourceOrigin.
2215
2216         This paves the way for implementing the module dynamic-import[1].
2217         When the import operator is evaluated, it will resolve the module
2218         specifier with this propagated source origin of the caller function.
2219
2220         To support import operator inside the dynamic code generation
2221         functions (like `eval`, `new Function`, indirect call to `eval`),
2222         we need to propagate the caller's source origin to the generated
2223         source code.
2224
2225         We do not use sourceURL for that purpose. This is because we
2226         would like to keep sourceURL for `eval` / `new Function` null.
2227         This sourceURL will be used for the stack dump for errors with line/column
2228         numbers. Dumping the caller's sourceURL with line/column numbers are
2229         meaningless. So we would like to keep it null while we would like
2230         to propagate SourceOrigin for dynamic imports.
2231
2232         [1]: https://github.com/tc39/proposal-dynamic-import
2233
2234         * API/JSBase.cpp:
2235         (JSEvaluateScript):
2236         (JSCheckScriptSyntax):
2237         * API/JSObjectRef.cpp:
2238         (JSObjectMakeFunction):
2239         * API/JSScriptRef.cpp:
2240         (OpaqueJSScript::create):
2241         (OpaqueJSScript::vm):
2242         (OpaqueJSScript::OpaqueJSScript):
2243         (parseScript):
2244         * JavaScriptCore.xcodeproj/project.pbxproj:
2245         * Scripts/builtins/builtins_templates.py:
2246         * Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
2247         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
2248         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2249         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2250         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2251         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2252         * builtins/BuiltinExecutables.cpp:
2253         (JSC::BuiltinExecutables::BuiltinExecutables):
2254         (JSC::BuiltinExecutables::createDefaultConstructor):
2255         * debugger/DebuggerCallFrame.cpp:
2256         (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
2257         * inspector/InjectedScriptManager.cpp:
2258         (Inspector::InjectedScriptManager::createInjectedScript):
2259         * inspector/JSInjectedScriptHost.cpp:
2260         (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
2261         * inspector/agents/InspectorRuntimeAgent.cpp:
2262         (Inspector::InspectorRuntimeAgent::parse):
2263         * interpreter/CallFrame.cpp:
2264         (JSC::CallFrame::callerSourceOrigin):
2265         * interpreter/CallFrame.h:
2266         * interpreter/Interpreter.cpp:
2267         (JSC::eval):
2268         * jsc.cpp:
2269         (jscSource):
2270         (GlobalObject::finishCreation):
2271         (extractDirectoryName):
2272         (currentWorkingDirectory):
2273         (GlobalObject::moduleLoaderResolve):
2274         (functionRunString):
2275         (functionLoadString):
2276         (functionCallerSourceOrigin):
2277         (functionCreateBuiltin):
2278         (functionCheckModuleSyntax):
2279         (runInteractive):
2280         * parser/SourceCode.h:
2281         (JSC::makeSource):
2282         * parser/SourceProvider.cpp:
2283         (JSC::SourceProvider::SourceProvider):
2284         * parser/SourceProvider.h:
2285         (JSC::SourceProvider::sourceOrigin):
2286         (JSC::StringSourceProvider::create):
2287         (JSC::StringSourceProvider::StringSourceProvider):
2288         (JSC::WebAssemblySourceProvider::create):
2289         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2290         * runtime/FunctionConstructor.cpp:
2291         (JSC::constructFunction):
2292         (JSC::constructFunctionSkippingEvalEnabledCheck):
2293         * runtime/FunctionConstructor.h:
2294         * runtime/JSGlobalObjectFunctions.cpp:
2295         (JSC::globalFuncEval):
2296         * runtime/ModuleLoaderPrototype.cpp:
2297         (JSC::moduleLoaderPrototypeParseModule):
2298         * runtime/ScriptExecutable.h:
2299         (JSC::ScriptExecutable::sourceOrigin):
2300         * runtime/SourceOrigin.h: Added.
2301         (JSC::SourceOrigin::SourceOrigin):
2302         (JSC::SourceOrigin::string):
2303         (JSC::SourceOrigin::isNull):
2304         * tools/FunctionOverrides.cpp:
2305         (JSC::initializeOverrideInfo):
2306
2307 2016-12-24  Caio Lima  <ticaiolima@gmail.com>
2308
2309         [test262] Fixing mapped arguments object property test case
2310         https://bugs.webkit.org/show_bug.cgi?id=159398
2311
2312         Reviewed by Saam Barati.
2313
2314         This patch changes GenericArguments' override mechanism to
2315         implement corret behavior on ECMAScript test262 suite test cases of
2316         mapped arguments object with non-configurable and non-writable
2317         property. Also it is ensuring that arguments[i]
2318         cannot be deleted when argument "i" is {configurable: false}.
2319         
2320         The previous implementation is against to the specification for 2 reasons:
2321
2322         1. Every argument in arguments object are {writable: true} by default
2323            (http://www.ecma-international.org/ecma-262/7.0/index.html#sec-createunmappedargumentsobject).
2324            It means that we have to stop mapping a defined property index
2325            if the new property descriptor contains writable (i.e writable is
2326            present) and its value is false (also check
2327            https://tc39.github.io/ecma262/#sec-arguments-exotic-objects-defineownproperty-p-desc).
2328            Previous implementation considers {writable: false} if writable is
2329            not present.
2330
2331         2. When a property is overriden, "delete" operation is always returning true. However
2332            delete operations should follow the specification.
2333
2334         We created an auxilary boolean array named m_modifiedArgumentsDescriptor
2335         to store which arguments[i] descriptor was changed from its default
2336         property descriptor. This modification was necessary because m_overrides
2337         was responsible to keep this information at the same time
2338         of keeping information about arguments mapping. The problem of this apporach was
2339         that we needed to call overridesArgument(i) as soon as the ith argument's property
2340         descriptor was changed and it stops the argument's mapping as sideffect, producing
2341         wrong behavior.
2342         To keep tracking arguments mapping status, we renamed DirectArguments::m_overrides to
2343         DirectArguments::m_mappedArguments and now we it is responsible to manage if an
2344         argument[i] is mapped or not.
2345         With these 2 structures, now it is possible to an argument[i] have its property 
2346         descriptor modified and don't stop the mapping as soon as it happens. One example
2347         of that wrong behavior can be found on arguments-bizarre-behaviour-disable-enumerability
2348         test case, that now is fixed by this new mechanism.
2349
2350         * bytecode/PolymorphicAccess.cpp:
2351         (JSC::AccessCase::generateWithGuard):
2352         * dfg/DFGSpeculativeJIT.cpp:
2353         (JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
2354         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
2355         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
2356         * ftl/FTLAbstractHeapRepository.h:
2357         * ftl/FTLLowerDFGToB3.cpp:
2358         (JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength):
2359         (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
2360         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
2361         * jit/JITOperations.cpp:
2362         (JSC::canAccessArgumentIndexQuickly):
2363         * jit/JITPropertyAccess.cpp:
2364         (JSC::JIT::emitDirectArgumentsGetByVal):
2365         * runtime/DirectArguments.cpp:
2366         (JSC::DirectArguments::estimatedSize):
2367         (JSC::DirectArguments::visitChildren):
2368         (JSC::DirectArguments::overrideThings):
2369         (JSC::DirectArguments::overrideThingsIfNecessary):
2370         (JSC::DirectArguments::unmapArgument):
2371         (JSC::DirectArguments::copyToArguments):
2372         (JSC::DirectArguments::overridesSize):
2373         (JSC::DirectArguments::overrideArgument): Deleted.
2374         * runtime/DirectArguments.h:
2375         (JSC::DirectArguments::length):
2376         (JSC::DirectArguments::isMappedArgument):
2377         (JSC::DirectArguments::isMappedArgumentInDFG):
2378         (JSC::DirectArguments::getIndexQuickly):
2379         (JSC::DirectArguments::setIndexQuickly):
2380         (JSC::DirectArguments::overrodeThings):
2381         (JSC::DirectArguments::initModifiedArgumentsDescriptorIfNecessary):
2382         (JSC::DirectArguments::setModifiedArgumentDescriptor):
2383         (JSC::DirectArguments::isModifiedArgumentDescriptor):
2384         (JSC::DirectArguments::offsetOfMappedArguments):
2385         (JSC::DirectArguments::offsetOfModifiedArgumentsDescriptor):
2386         (JSC::DirectArguments::canAccessIndexQuickly): Deleted.
2387         (JSC::DirectArguments::canAccessArgumentIndexQuicklyInDFG): Deleted.
2388         (JSC::DirectArguments::offsetOfOverrides): Deleted.
2389         * runtime/GenericArguments.h:
2390         * runtime/GenericArgumentsInlines.h:
2391         (JSC::GenericArguments<Type>::visitChildren):
2392         (JSC::GenericArguments<Type>::getOwnPropertySlot):
2393         (JSC::GenericArguments<Type>::getOwnPropertySlotByIndex):
2394         (JSC::GenericArguments<Type>::getOwnPropertyNames):
2395         (JSC::GenericArguments<Type>::put):
2396         (JSC::GenericArguments<Type>::putByIndex):
2397         (JSC::GenericArguments<Type>::deleteProperty):
2398         (JSC::GenericArguments<Type>::deletePropertyByIndex):
2399         (JSC::GenericArguments<Type>::defineOwnProperty):
2400         (JSC::GenericArguments<Type>::initModifiedArgumentsDescriptor):
2401         (JSC::GenericArguments<Type>::initModifiedArgumentsDescriptorIfNecessary):
2402         (JSC::GenericArguments<Type>::setModifiedArgumentDescriptor):
2403         (JSC::GenericArguments<Type>::isModifiedArgumentDescriptor):
2404         (JSC::GenericArguments<Type>::copyToArguments):
2405         * runtime/ScopedArguments.cpp:
2406         (JSC::ScopedArguments::visitChildren):
2407         (JSC::ScopedArguments::unmapArgument):
2408         (JSC::ScopedArguments::overrideArgument): Deleted.
2409         * runtime/ScopedArguments.h:
2410         (JSC::ScopedArguments::isMappedArgument):
2411         (JSC::ScopedArguments::isMappedArgumentInDFG):
2412         (JSC::ScopedArguments::getIndexQuickly):
2413         (JSC::ScopedArguments::setIndexQuickly):
2414         (JSC::ScopedArguments::initModifiedArgumentsDescriptorIfNecessary):
2415         (JSC::ScopedArguments::setModifiedArgumentDescriptor):
2416         (JSC::ScopedArguments::isModifiedArgumentDescriptor):
2417         (JSC::ScopedArguments::canAccessIndexQuickly): Deleted.
2418         (JSC::ScopedArguments::canAccessArgumentIndexQuicklyInDFG): Deleted.
2419
2420 2016-12-23  Mark Lam  <mark.lam@apple.com>
2421
2422         Using Option::breakOnThrow() shouldn't crash while printing a null CodeBlock.
2423         https://bugs.webkit.org/show_bug.cgi?id=166466
2424
2425         Reviewed by Keith Miller.
2426
2427         * runtime/VM.cpp:
2428         (JSC::VM::throwException):
2429
2430 2016-12-23  Mark Lam  <mark.lam@apple.com>
2431
2432         Enhance LLInt tracing to dump the codeBlock signature instead of just a pointer where appropriate.
2433         https://bugs.webkit.org/show_bug.cgi?id=166465
2434
2435         Reviewed by Keith Miller.
2436
2437         * llint/LLIntSlowPaths.cpp:
2438         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2439         (JSC::LLInt::traceFunctionPrologue):
2440
2441 2016-12-23  Keith Miller  <keith_miller@apple.com>
2442
2443         WebAssembly: trap on bad division.
2444         https://bugs.webkit.org/show_bug.cgi?id=164786
2445
2446         Reviewed by Mark Lam.
2447
2448         This patch adds traps for division / modulo by zero and for
2449         division by int_min / -1.
2450
2451         * wasm/WasmB3IRGenerator.cpp:
2452         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
2453         * wasm/WasmExceptionType.h:
2454         * wasm/WasmPlan.cpp:
2455         (JSC::Wasm::Plan::run):
2456         * wasm/wasm.json:
2457
2458 2016-12-23  Mark Lam  <mark.lam@apple.com>
2459
2460         Fix broken LLINT_SLOW_PATH_TRACING build.
2461         https://bugs.webkit.org/show_bug.cgi?id=166463
2462
2463         Reviewed by Keith Miller.
2464
2465         * llint/LLIntExceptions.cpp:
2466         (JSC::LLInt::returnToThrow):
2467         (JSC::LLInt::callToThrow):
2468         * runtime/CommonSlowPathsExceptions.cpp:
2469         (JSC::CommonSlowPaths::interpreterThrowInCaller):
2470
2471 2016-12-22  Keith Miller  <keith_miller@apple.com>
2472
2473         WebAssembly: Make spec-tests/f32.wast.js and spec-tests/f64.wast.js pass
2474         https://bugs.webkit.org/show_bug.cgi?id=166447
2475
2476         Reviewed by Saam Barati.
2477
2478         We needed to treat -0.0 < 0.0 for floating point min/max. For min,
2479         the algorithm works because if a == b then a and b are not NaNs so
2480         either they are the same or they are some zero. When we or a and b
2481         either we get the same number back or we get -0.0. Similarly for
2482         max we use an and and the sign bit gets dropped if one is 0.0 and
2483         the other is -0.0, otherwise, we get the same number back.
2484
2485         * wasm/wasm.json:
2486
2487 2016-12-22  Saam Barati  <sbarati@apple.com>
2488
2489         WebAssembly: Make calling Wasm functions that returns or takes an i64 as a parameter an early exception
2490         https://bugs.webkit.org/show_bug.cgi?id=166437
2491         <rdar://problem/29793949>
2492
2493         Reviewed by Keith Miller.
2494
2495         This patch makes it so that we throw an exception before we do
2496         anything else if we call a wasm function that either takes an
2497         i64 as an argument or returns an i64.
2498
2499         * wasm/js/WebAssemblyFunction.cpp:
2500         (JSC::callWebAssemblyFunction):
2501         (JSC::WebAssemblyFunction::WebAssemblyFunction):
2502         (JSC::WebAssemblyFunction::call): Deleted.
2503         * wasm/js/WebAssemblyFunction.h:
2504         (JSC::WebAssemblyFunction::signatureIndex):
2505         (JSC::WebAssemblyFunction::jsEntrypoint):
2506
2507 2016-12-22  Keith Miller  <keith_miller@apple.com>
2508
2509         Add BitOr for floating points to B3
2510         https://bugs.webkit.org/show_bug.cgi?id=166446
2511
2512         Reviewed by Saam Barati.
2513
2514         This patch does some slight refactoring to the ARM assembler,
2515         which groups all the vector floating point instructions together.
2516
2517         * assembler/ARM64Assembler.h:
2518         (JSC::ARM64Assembler::vand):
2519         (JSC::ARM64Assembler::vorr):
2520         (JSC::ARM64Assembler::vectorDataProcessingLogical):
2521         (JSC::ARM64Assembler::vectorDataProcessing2Source): Deleted.
2522         * assembler/MacroAssemblerARM64.h:
2523         (JSC::MacroAssemblerARM64::orDouble):
2524         (JSC::MacroAssemblerARM64::orFloat):
2525         * assembler/MacroAssemblerX86Common.h:
2526         (JSC::MacroAssemblerX86Common::orDouble):
2527         (JSC::MacroAssemblerX86Common::orFloat):
2528         * assembler/X86Assembler.h:
2529         (JSC::X86Assembler::orps_rr):
2530         * b3/B3ConstDoubleValue.cpp:
2531         (JSC::B3::ConstDoubleValue::bitOrConstant):
2532         (JSC::B3::ConstDoubleValue::bitXorConstant):
2533         * b3/B3ConstDoubleValue.h:
2534         * b3/B3ConstFloatValue.cpp:
2535         (JSC::B3::ConstFloatValue::bitOrConstant):
2536         (JSC::B3::ConstFloatValue::bitXorConstant):
2537         * b3/B3ConstFloatValue.h:
2538         * b3/B3LowerToAir.cpp:
2539         (JSC::B3::Air::LowerToAir::lower):
2540         * b3/B3Validate.cpp:
2541         * b3/air/AirInstInlines.h:
2542         (JSC::B3::Air::Inst::shouldTryAliasingDef):
2543         * b3/air/AirOpcode.opcodes:
2544         * b3/testb3.cpp:
2545         (JSC::B3::bitOrDouble):
2546         (JSC::B3::testBitOrArgDouble):
2547         (JSC::B3::testBitOrArgsDouble):
2548         (JSC::B3::testBitOrArgImmDouble):
2549         (JSC::B3::testBitOrImmsDouble):
2550         (JSC::B3::bitOrFloat):
2551         (JSC::B3::testBitOrArgFloat):
2552         (JSC::B3::testBitOrArgsFloat):
2553         (JSC::B3::testBitOrArgImmFloat):
2554         (JSC::B3::testBitOrImmsFloat):
2555         (JSC::B3::testBitOrArgsFloatWithUselessDoubleConversion):
2556         (JSC::B3::run):
2557
2558 2016-12-22  Mark Lam  <mark.lam@apple.com>
2559
2560         BytecodeGenerator::m_finallyDepth should be unsigned.
2561         https://bugs.webkit.org/show_bug.cgi?id=166438
2562
2563         Reviewed by Saam Barati.
2564
2565         Also removed FinallyContext::m_finallyDepth because it is not used.
2566
2567         * bytecompiler/BytecodeGenerator.cpp:
2568         (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
2569         (JSC::BytecodeGenerator::labelScopeDepth):
2570         * bytecompiler/BytecodeGenerator.h:
2571         (JSC::FinallyContext::FinallyContext):
2572         (JSC::FinallyContext::finallyLabel):
2573         (JSC::FinallyContext::depth): Deleted.
2574
2575 2016-12-22  Mark Lam  <mark.lam@apple.com>
2576
2577         De-duplicate finally blocks.
2578         https://bugs.webkit.org/show_bug.cgi?id=160168
2579
2580         Reviewed by Saam Barati.
2581
2582         JS execution can arrive at a finally block when there are abrupt completions from
2583         its try or catch block.  The abrupt completion types include Break,
2584         Continue, Return, and Throw.  The non-abrupt completion type is called Normal
2585         (i.e. the case of a try block falling through to the finally block).
2586
2587         Previously, we enable each of these paths for abrupt completion (except for Throw)
2588         to run the finally block code by duplicating the finally block code at each of
2589         the sites that trigger those completions.  This patch fixes the implementation so
2590         that each of these abrupt completions will set a completionTypeRegister (plus a
2591         completionValueRegister for CompletionType::Return) and then jump to the
2592         relevant finally blocks, and continue to thread through subsequent outer finally
2593         blocks until execution reaches the outermost finally block that the completion
2594         type dictates.  We no longer duplicate the finally block code.
2595
2596         The implementation details:
2597         1. We allocate a pair of registers (completionTypeRegister and completionValueRegister)
2598            just before entering the outermost try-catch-finally scope.
2599
2600            On allocating the registers, we initialize the completionTypeRegister to
2601            CompletionType::Normal, and set the completionValueRegister to the empty
2602            JSValue.
2603
2604         2. The completionTypeRegister will hold a CompletionType value.  This is how we
2605            encode the CompletionType value to be set:
2606
2607            a. For Normal, Return, and Throw completion types: 
2608               - The completionTypeRegister is set to CompletionType::Normal,
2609                 CompletionType::Return, and CompletionType::Throw respectively.
2610
2611            b. For Break and Continue completion types:
2612               - The completionTypeRegister is set to a unique jumpID where the jumpID is
2613                 computed as:
2614
2615                 jumpID = CompletionType::NumberOfTypes + bytecodeOffset
2616
2617                 The bytecodeOffset used here is the bytecodeOffset of the break or continue
2618                 statement that triggered this completion.
2619
2620         3. Each finally block will have 2 entries:
2621            a. the catch entry.
2622            b. the normal entry.
2623
2624            The catch entry is recorded in the codeBlock's exception handler table,
2625            and can only be jumped to by the VM's exception handling mechanism.
2626
2627            The normal entry is recorded in a FinallyContext (at bytecode generation time
2628            only) and is jumped to when we want enter the finally block due any of the
2629            other CompletionTypes.
2630
2631         4. How each completion type works?
2632
2633            CompletionType::Normal
2634            ======================
2635            We normally encounter this when falling through from a try or catch block to
2636            the finally block.  
2637           
2638            For the try block case, since completionTypeRegister is set to Normal by default,
2639            there's nothing more that needs to be done.
2640
2641            For the catch block case, since we entered the catch block with an exception,
2642            completionTypeRegister may be set to Throw.  We'll need to set it to Normal
2643            before jumping to the finally block's normal entry.
2644
2645            CompletionType::Break
2646            =====================
2647            When we emit bytecode for the BreakNode, we check if we have any FinallyContexts
2648            that we need to service before jumping to the breakTarget.  If we don't, then
2649            emit op_jump to the breakTarget as usual.  Otherwise:
2650
2651            a. we'll register a jumpID and the breakTarget with the FinallyContext for the
2652               outermost finally block that we're supposed to run through.
2653            b. we'll also increment the numberOfBreaksOrContinues count in each FinallyContext
2654               from the innermost to the one for that outermost finally block.
2655            c. emit bytecode to set the completionTypeRegister to the jumpID.
2656            d. emit bytecode to jump to the normal entry of the innermost finally block.
2657
2658            Each finally block will take care of cascading to the next outer finally block
2659            as needed (see (5) below).
2660
2661            CompletionType::Continue
2662            ========================
2663            Since continues and breaks work the same way (i.e. with a jump), we handle this
2664            exactly the same way as CompletionType::Break, except that we use the
2665            continueTarget instead of the breakTarget.
2666
2667            CompletionType::Return
2668            ======================
2669            When we emit bytecode for the ReturnNode, we check if we have any FinallyContexts
2670            at all on the m_controlFlowScopeStack.  If we don't, then emit op_ret as usual.
2671            Otherwise:
2672
2673            a. emit bytecode to set the completionTypeRegister to CompletionType::Return.
2674            b. emit bytecode to move the return value into the completionValueRegister.
2675            c. emit bytecode to jump to the normal entry of the innermost finally block.
2676
2677            Each finally block will take care of cascading to the next outer finally block
2678            as needed (see (5) below).
2679
2680            CompletionType::Throw
2681            ======================
2682            At the catch entry a finally block, we:
2683            1. emit an op_catch that stores the caught Exception object in the
2684               completionValueRegister.
2685            2. emit bytecode to set the completionTypeRegister to CompletionType::Throw.
2686            3. Fall through or jump to the finally block's normal entry.
2687
2688         5. What happens in each finally block?
2689            ==================================
2690            For details on the finally block's catch entry, see "CompletionType::Throw" in
2691            (4) above.
2692
2693            The finally block's normal entry will:
2694            1. restore the scope of the finally block.
2695            2. save the completionTypeRegister in a savedCompletionTypeRegister.
2696            3. proceed to execute the body of the finally block.
2697
2698            At the end of the finally block, we will emit bytecode check the
2699            savedCompletionTypeRegister for each completion type see emitFinallyCompletion())
2700            in the following order:
2701           
2702            a. Check for CompletionType::Normal
2703               ================================
2704               If savedCompletionTypeRegister is CompletionType::Normal, jump to the
2705               designated normalCompletion label.  We only need this check this finally
2706               block also needs to check for Break, Continue, or Return.  If not, the
2707               completion type check for CompletionType::Throw below will make this check
2708               redundant.
2709
2710            b. Check for CompletionType::Break and Continue
2711               ============================================
2712               If the FinallyContext for this block has registered FinallyJumps, we'll
2713               check the jumpIDs against the savedCompletionTypeRegister.  If the jumpID
2714               matches, jump to the corresponding jumpTarget.
2715
2716               If no jumpIDs match but the FinallyContext's numberOfBreaksOrContinues is
2717               greater than the number of registered FinallyJumps, then this means that
2718               we have a Break or Continue that needs to be handled by an outer finally
2719               block.  In that case, jump to the next outer finally block's normal entry.
2720              
2721            c. Check for CompletionType::Return
2722               ================================
2723               If this finally block is not the outermost and the savedCompletionTypeRegister
2724               is set to CompletionType::Return, then jump to the next outer finally
2725               block's normal entry.
2726
2727               Otherwise, if this finally block is the outermost and the savedCompletionTypeRegister
2728               is set to CompletionType::Return, then execute op_ret and return the value
2729               in the completionValueRegister.
2730
2731            d. CompletionType::Throw
2732               =====================
2733               If savedCompletionTypeRegister is CompletionType::Throw, then just re-throw the
2734               Exception object in the completionValueRegister.
2735
2736            Detail 1: that we check the savedCompletionTypeRegister (and not the
2737            completionTypeRegister).  This is because the finally block may itself contain
2738            a try-finally, and this inner try-finally may have trashed the completionTypeRegister.
2739            Here's an example:
2740
2741                try {
2742                    return "r1"; // Sets completionTypeRegister to CompletionType::Return;
2743                } finally {
2744                    // completionTypeRegister is CompletionType::Return here.
2745
2746                    try {
2747                        ... // do stuff.
2748                    } finally {
2749                        ... // do more stuff.
2750                    }
2751
2752                    // completionTypeRegister may be anything here depending on what
2753                    // was executed in the inner try-finally block above.
2754
2755                    // Hence, finally completion here must be based on a saved copy of the
2756                    // completionTypeRegister when we entered this finally block.
2757                }
2758
2759            Detail 2: the finally completion for CompletionType::Throw must always explicitly
2760            check if the savedCompletionTypeRegister is CompletionType::Throw before throwing.
2761            We cannot imply that it is so from the Throw case being last.  Here's why:
2762
2763                // completionTypeRegister is CompletionType::Normal here.
2764                try {
2765                    return "r1"; // Sets completionTypeRegister to CompletionType::Return;
2766                } finally {
2767                    // completionTypeRegister is CompletionType::Return here.
2768
2769                    try {
2770                        ... // do stuff.  No abrupt completions.
2771                    } finally {
2772                        // completionTypeRegister is CompletionType::Return here (from the outer try-finally).
2773                        // savedCompletionTypeRegister is set to completionTypeRegister (i.e. CompletionType::Return) here.
2774
2775                        ... // do more stuff.  No abrupt completions.
2776
2777                        // Unless there's an abrupt completion since entering the outer
2778                        // finally block, the savedCompletionTypeRegister will remain set
2779                        // to CompletionType::Return.  If we don't explicitly check if the
2780                        // savedCompletionTypeRegister is CompletionType::Throw before
2781                        // throwing here, we'll end up erroneously throwing "r1".
2782                    }
2783
2784                    ...
2785                }
2786
2787         6. restoreScopeRegister()
2788        
2789            Since the needed scope objects are always stored in a local, we can restore
2790            the scope register by simply moving from that local instead of going through
2791            op_get_parent_scope.
2792
2793         7. m_controlFlowScopeStack needs to be a SegmentedVector instead of a Vector.
2794            This makes it easier to keep a pointer to the FinallyContext on that stack,
2795            and not have to worry about the vector being realloc'ed due to resizing. 
2796
2797         Performance appears to be neutral both on ES6SampleBench (run via cli) and the
2798         JSC benchmarks.
2799
2800         Relevant spec references:
2801         https://tc39.github.io/ecma262/#sec-completion-record-specification-type
2802         https://tc39.github.io/ecma262/#sec-try-statement-runtime-semantics-evaluation
2803
2804         * bytecode/HandlerInfo.h:
2805         (JSC::HandlerInfoBase::typeName):
2806         * bytecompiler/BytecodeGenerator.cpp:
2807         (JSC::BytecodeGenerator::generate):
2808         (JSC::BytecodeGenerator::BytecodeGenerator):
2809         (JSC::BytecodeGenerator::emitReturn):
2810         (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
2811         (JSC::BytecodeGenerator::popFinallyControlFlowScope):
2812         (JSC::BytecodeGenerator::allocateAndEmitScope):
2813         (JSC::BytecodeGenerator::pushTry):
2814         (JSC::BytecodeGenerator::popTry):
2815         (JSC::BytecodeGenerator::emitCatch):
2816         (JSC::BytecodeGenerator::restoreScopeRegister):
2817         (JSC::BytecodeGenerator::labelScopeDepthToLexicalScopeIndex):
2818         (JSC::BytecodeGenerator::labelScopeDepth):
2819         (JSC::BytecodeGenerator::pushLocalControlFlowScope):
2820         (JSC::BytecodeGenerator::popLocalControlFlowScope):
2821         (JSC::BytecodeGenerator::emitEnumeration):
2822         (JSC::BytecodeGenerator::emitIsNumber):
2823         (JSC::BytecodeGenerator::emitYield):
2824         (JSC::BytecodeGenerator::emitDelegateYield):
2825         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
2826         (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
2827         (JSC::BytecodeGenerator::emitFinallyCompletion):
2828         (JSC::BytecodeGenerator::allocateCompletionRecordRegisters):
2829         (JSC::BytecodeGenerator::releaseCompletionRecordRegisters):
2830         (JSC::BytecodeGenerator::emitJumpIf):
2831         (JSC::BytecodeGenerator::pushIteratorCloseControlFlowScope): Deleted.
2832         (JSC::BytecodeGenerator::popIteratorCloseControlFlowScope): Deleted.
2833         (JSC::BytecodeGenerator::emitComplexPopScopes): Deleted.
2834         (JSC::BytecodeGenerator::emitPopScopes): Deleted.
2835         (JSC::BytecodeGenerator::popTryAndEmitCatch): Deleted.
2836         * bytecompiler/BytecodeGenerator.h:
2837         (JSC::bytecodeOffsetToJumpID):
2838         (JSC::FinallyJump::FinallyJump):
2839         (JSC::FinallyContext::FinallyContext):
2840         (JSC::FinallyContext::outerContext):
2841         (JSC::FinallyContext::finallyLabel):
2842         (JSC::FinallyContext::depth):
2843         (JSC::FinallyContext::numberOfBreaksOrContinues):
2844         (JSC::FinallyContext::incNumberOfBreaksOrContinues):
2845         (JSC::FinallyContext::handlesReturns):
2846         (JSC::FinallyContext::setHandlesReturns):
2847         (JSC::FinallyContext::registerJump):
2848         (JSC::FinallyContext::numberOfJumps):
2849         (JSC::FinallyContext::jumps):
2850         (JSC::ControlFlowScope::ControlFlowScope):
2851         (JSC::ControlFlowScope::isLabelScope):
2852         (JSC::ControlFlowScope::isFinallyScope):
2853         (JSC::BytecodeGenerator::currentLexicalScopeIndex):
2854         (JSC::BytecodeGenerator::CompletionRecordScope::CompletionRecordScope):
2855         (JSC::BytecodeGenerator::CompletionRecordScope::~CompletionRecordScope):
2856         (JSC::BytecodeGenerator::completionTypeRegister):
2857         (JSC::BytecodeGenerator::completionValueRegister):
2858         (JSC::BytecodeGenerator::emitSetCompletionType):
2859         (JSC::BytecodeGenerator::emitSetCompletionValue):
2860         (JSC::BytecodeGenerator::isInFinallyBlock): Deleted.
2861         * bytecompiler/NodesCodegen.cpp:
2862         (JSC::ContinueNode::emitBytecode):
2863         (JSC::BreakNode::emitBytecode):
2864         (JSC::ReturnNode::emitBytecode):
2865         (JSC::TryNode::emitBytecode):
2866
2867 2016-12-22  Saam Barati  <sbarati@apple.com>
2868
2869         WebAssembly: Make the spec-tests/address.wast.js test pass
2870         https://bugs.webkit.org/show_bug.cgi?id=166429
2871         <rdar://problem/29793220>
2872
2873         Reviewed by Keith Miller.
2874
2875         Right now, provably out of bound loads/stores (given a load/store's constant
2876         offset) are not a validation error. However, we were failing to catch uint32_t
2877         overflows in release builds (we did have a debug assertion). To fix this,
2878         I now detect when uint32_t addition will overflow, and instead of emitting
2879         a normal load/store, I emit code that throws an out of bounds memory exception.
2880
2881         * wasm/WasmB3IRGenerator.cpp:
2882
2883 2016-12-22  Keith Miller  <keith_miller@apple.com>
2884
2885         WebAssembly: The validator should not allow unused stack entries at the end of a block
2886         https://bugs.webkit.org/show_bug.cgi?id=166411
2887
2888         Reviewed by Saam Barati.
2889
2890         This patch also cleans up some of the verbose mode logging.
2891
2892         * wasm/WasmB3IRGenerator.cpp:
2893         (JSC::Wasm::dumpExpressionStack):
2894         (JSC::Wasm::B3IRGenerator::dump):
2895         * wasm/WasmFunctionParser.h:
2896         * wasm/WasmValidate.cpp:
2897         (JSC::Wasm::dumpExpressionStack):
2898         (JSC::Wasm::Validate::dump):
2899
2900 2016-12-22  Saam Barati  <sbarati@apple.com>
2901
2902         WebAssembly: Make the spec-tests/start.wast.js test pass
2903         https://bugs.webkit.org/show_bug.cgi?id=166416
2904         <rdar://problem/29784532>
2905
2906         Reviewed by Yusuke Suzuki.
2907
2908         To make the test run, I had to fix two bugs:
2909         
2910         1. We weren't properly finding the start function. There was code
2911         that would try to find the start function from the list of *exported*
2912         functions. This is wrong; the start function is an index into the
2913         function index space, which is the space for *imports* and *local*
2914         functions. So the code was just wrong in this respect, and I've
2915         fixed it do the right thing. We weren't sure if this was originally
2916         allowed or not in the spec, but it has been decided that it is allowed
2917         and the spec-tests test for it: https://github.com/WebAssembly/design/issues/896
2918         
2919         2. We were emitting a breakpoint for Unreachable. Instead of crashing,
2920         this opcode needs to throw an exception when executing.
2921
2922         * wasm/WasmB3IRGenerator.cpp:
2923         * wasm/WasmExceptionType.h:
2924         * wasm/js/WebAssemblyModuleRecord.cpp:
2925         (JSC::WebAssemblyModuleRecord::link):
2926         (JSC::WebAssemblyModuleRecord::evaluate):
2927         * wasm/js/WebAssemblyModuleRecord.h:
2928
2929 2016-12-21  Keith Miller  <keith_miller@apple.com>
2930
2931         WebAssembly: Fix decode floating point constants in unreachable code
2932         https://bugs.webkit.org/show_bug.cgi?id=166400
2933
2934         Reviewed by Saam Barati.
2935
2936         We decoded these as variable length but they should be fixed length.
2937
2938         * wasm/WasmFunctionParser.h:
2939
2940 2016-12-21  Keith Miller  <keith_miller@apple.com>
2941
2942         WebAssembly: Allow br, br_if, and br_table to act as a return
2943         https://bugs.webkit.org/show_bug.cgi?id=166393
2944
2945         Reviewed by Saam Barati.
2946
2947         This patch allows br, br_if, and br_table to treat branching to
2948         the size of the control stack to act as a return. This change was
2949         made by adding a new block type to the wasm function parser,
2950         TopLevel. Adding this new block eliminates a lot of the special
2951         case code we had in the parser previously. The only special case
2952         we need is when the end opcode is parsed from the top level.  The
2953         B3 IR generator needs to automatically emit a return at that
2954         point.
2955
2956         Also, this patch adds the function number to validation errors
2957         in the function parser. The current error message is not helpful
2958         otherwise.
2959
2960         * wasm/WasmB3IRGenerator.cpp:
2961         (JSC::Wasm::B3IRGenerator::ControlData::dump):
2962         (JSC::Wasm::B3IRGenerator::addTopLevel):
2963         * wasm/WasmFunctionParser.h:
2964         * wasm/WasmPlan.cpp:
2965         (JSC::Wasm::Plan::parseAndValidateModule):
2966         (JSC::Wasm::Plan::run):
2967         * wasm/WasmValidate.cpp:
2968         (JSC::Wasm::Validate::ControlData::dump):
2969         (JSC::Wasm::Validate::Validate):
2970         (JSC::Wasm::Validate::addTopLevel):
2971         (JSC::Wasm::validateFunction):
2972
2973 2016-12-21  JF Bastien  <jfbastien@apple.com>
2974
2975         WebAssembly JS API: cleanup & pass VM around to {Compile/Runtime}Error
2976         https://bugs.webkit.org/show_bug.cgi?id=166295
2977         <rdar://problem/29762017>
2978
2979         Reviewed by Mark Lam.
2980
2981         Rename the create* functions, and pass VM around, as suggested for
2982         LinkError in #165805.
2983
2984         At the same time, use the default source appender when
2985         constructing these error types, which gives a nice map back to the
2986         original source as part of the error message. This is clearer when
2987         using the current frame, so add that as well.
2988
2989         * jit/ThunkGenerators.cpp:
2990         (JSC::throwExceptionFromWasmThunkGenerator):
2991         * wasm/js/JSWebAssemblyCompileError.cpp:
2992         (JSC::JSWebAssemblyCompileError::create):
2993         (JSC::createJSWebAssemblyCompileError):
2994         (JSC::createWebAssemblyCompileError): Deleted.
2995         * wasm/js/JSWebAssemblyCompileError.h:
2996         (JSC::JSWebAssemblyCompileError::create):
2997         * wasm/js/JSWebAssemblyRuntimeError.cpp:
2998         (JSC::JSWebAssemblyRuntimeError::create):
2999         * wasm/js/JSWebAssemblyRuntimeError.h:
3000         (JSC::JSWebAssemblyRuntimeError::create):
3001         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
3002         (JSC::constructJSWebAssemblyCompileError):
3003         * wasm/js/WebAssemblyModuleConstructor.cpp:
3004         (JSC::WebAssemblyModuleConstructor::createModule):
3005         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
3006         (JSC::constructJSWebAssemblyRuntimeError):
3007
3008 2016-12-21  Yusuke Suzuki  <utatane.tea@gmail.com>
3009
3010         [ES6] Fix modules document in features.json
3011         https://bugs.webkit.org/show_bug.cgi?id=166313
3012
3013         Reviewed by Saam Barati.
3014
3015         * features.json:
3016
3017 2016-12-20  Taras Tsugrii  <ttsugrii@fb.com>
3018
3019         Fix undefined behavior caused by macro expansion producing 'defined'
3020         https://bugs.webkit.org/show_bug.cgi?id=166047
3021
3022         Reviewed by Darin Adler.
3023
3024         * API/JSBase.h:
3025
3026 2016-12-20  Keith Miller  <keith_miller@apple.com>
3027
3028         Add support for global
3029         https://bugs.webkit.org/show_bug.cgi?id=165171
3030
3031         Reviewed by Filip Pizlo.
3032
3033         This patch adds spport for the global property on the global object.
3034         The global property spec is in stage three and is quite simple.
3035         For reference: http://tc39.github.io/proposal-global/
3036
3037         * runtime/JSGlobalObject.cpp:
3038
3039 2016-12-20  Saam Barati  <sbarati@apple.com>
3040
3041         WebAssembly: We should compile wasm functions in parallel
3042         https://bugs.webkit.org/show_bug.cgi?id=165993
3043
3044         Reviewed by Keith Miller.
3045
3046         This patch adds a very simple parallel compiler for Wasm code.
3047         This patch speeds up compiling the Unity headless benchmark by
3048         slightly more than 4x on my MBP. To make this safe, I perform
3049         all linking on the main thread. I also had to change some code
3050         inside Wasmb3IRGenerator to be thread safe.
3051
3052         * b3/air/AirCustom.h:
3053         (JSC::B3::Air::WasmBoundsCheckCustom::generate):
3054         * b3/air/AirGenerationContext.h:
3055         * wasm/WasmB3IRGenerator.cpp:
3056         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
3057         (JSC::Wasm::B3IRGenerator::emitExceptionCheck):
3058         (JSC::Wasm::createJSToWasmWrapper):
3059         (JSC::Wasm::parseAndCompile):
3060         * wasm/WasmB3IRGenerator.h:
3061         * wasm/WasmCallingConvention.h:
3062         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
3063         * wasm/WasmPlan.cpp:
3064         (JSC::Wasm::Plan::parseAndValidateModule):
3065         (JSC::Wasm::Plan::run):
3066         * wasm/WasmPlan.h:
3067
3068 2016-12-20  Brent Fulgham  <bfulgham@apple.com>
3069
3070         Address some style problems found by static analysis
3071         https://bugs.webkit.org/show_bug.cgi?id=165975
3072
3073         Reviewed by Alex Christensen.
3074
3075         Correct the const-correctness of functions that are implemented using stricter
3076         const declarations.
3077
3078         * inspector/agents/InspectorDebuggerAgent.h:
3079         * inspector/agents/InspectorHeapAgent.cpp:
3080         * inspector/agents/InspectorHeapAgent.h:
3081         * inspector/agents/InspectorRuntimeAgent.h:
3082         * inspector/agents/InspectorScriptProfilerAgent.cpp:
3083         * inspector/agents/InspectorScriptProfilerAgent.h:
3084         * inspector/scripts/codegen/cpp_generator.py:
3085         (cpp_type_for_unchecked_formal_in_parameter): Update to match const declarations of
3086         implementation files.
3087         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3088         Rebaselined results for "const Ptr* const" syntax.
3089
3090 2016-12-20  JF Bastien  <jfbastien@apple.com>
3091
3092         WebAssembly: construct 32-bit encodedJSValue properly
3093         https://bugs.webkit.org/show_bug.cgi?id=166199
3094
3095         Reviewed by Mark Lam.
3096
3097         Constructing an encodedJSValue using `{ }` yields the wrong value
3098         on 32-bit platforms. WebAssembly doesn't currently target 32-bit
3099         platforms, but we may as well get it right.
3100
3101         * wasm/JSWebAssembly.cpp:
3102         (JSC::webAssemblyCompileFunc):
3103         (JSC::webAssemblyValidateFunc):
3104         * wasm/js/JSWebAssemblyHelpers.h:
3105         (JSC::toNonWrappingUint32):
3106         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
3107         (JSC::constructJSWebAssemblyCompileError):
3108         * wasm/js/WebAssemblyFunction.cpp:
3109         (JSC::callWebAssemblyFunction):
3110         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3111         (JSC::constructJSWebAssemblyInstance):
3112         * wasm/js/WebAssemblyMemoryConstructor.cpp:
3113         (JSC::constructJSWebAssemblyMemory):
3114         * wasm/js/WebAssemblyModuleConstructor.cpp:
3115         (JSC::constructJSWebAssemblyModule):
3116         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
3117         (JSC::constructJSWebAssemblyRuntimeError):
3118         * wasm/js/WebAssemblyTableConstructor.cpp:
3119         (JSC::constructJSWebAssemblyTable):
3120         * wasm/js/WebAssemblyTablePrototype.cpp:
3121         (JSC::webAssemblyTableProtoFuncLength):
3122         (JSC::webAssemblyTableProtoFuncGrow):
3123         (JSC::webAssemblyTableProtoFuncGet):
3124         (JSC::webAssemblyTableProtoFuncSet):
3125
3126 2016-12-20  Dean Jackson  <dino@apple.com>
3127
3128         Remove INDIE_UI
3129         https://bugs.webkit.org/show_bug.cgi?id=165881
3130         <rdar://problem/29672532>
3131
3132         Reviewed by Simon Fraser.
3133
3134         The Indie UI work has been discontinued.
3135
3136         * Configurations/FeatureDefines.xcconfig:
3137
3138 2016-12-20  JF Bastien  <jfbastien@apple.com>
3139
3140         WebAssembly API: implement WebAssembly.LinkError
3141         https://bugs.webkit.org/show_bug.cgi?id=165805
3142         <rdar://problem/29747874>
3143
3144         Reviewed by Mark Lam.
3145
3146         As described here: https://github.com/WebAssembly/design/pull/901
3147         Some TypeError and RangeError are now converted to WebAssembly.LinkError.
3148
3149         * CMakeLists.txt: add files
3150         * DerivedSources.make: add autoget .lut.h files
3151         * JavaScriptCore.xcodeproj/project.pbxproj: add files
3152         * builtins/BuiltinNames.h: new name LinkError
3153         * runtime/JSGlobalObject.h: auto-register LinkError using existing macro magic
3154         * wasm/JSWebAssembly.h: make the new includes available
3155         * wasm/js/JSWebAssemblyLinkError.cpp: Copied from Source/JavaScriptCore/wasm/JSWebAssemblyCompileError.cpp.
3156         (JSC::JSWebAssemblyLinkError::create):
3157         (JSC::JSWebAssemblyLinkError::JSWebAssemblyLinkError):
3158         (JSC::createWebAssemblyLinkError):
3159         * wasm/js/JSWebAssemblyLinkError.h: Copied from Source/JavaScriptCore/wasm/JSWebAssemblyCompileError.h.
3160         (JSC::JSWebAssemblyLinkError::create):
3161         * wasm/js/WebAssemblyInstanceConstructor.cpp: update as per spec change
3162         (JSC::constructJSWebAssemblyInstance):
3163         * wasm/js/WebAssemblyLinkErrorConstructor.cpp: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorConstructor.cpp.
3164         (JSC::constructJSWebAssemblyLinkError):
3165         (JSC::callJSWebAssemblyLinkError):
3166         (JSC::WebAssemblyLinkErrorConstructor::create):
3167         (JSC::WebAssemblyLinkErrorConstructor::createStructure):
3168         (JSC::WebAssemblyLinkErrorConstructor::finishCreation):
3169         (JSC::WebAssemblyLinkErrorConstructor::WebAssemblyLinkErrorConstructor):
3170         (JSC::WebAssemblyLinkErrorConstructor::getConstructData):
3171         (JSC::WebAssemblyLinkErrorConstructor::getCallData):
3172         * wasm/js/WebAssemblyLinkErrorConstructor.h: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorConstructor.h.
3173         * wasm/js/WebAssemblyLinkErrorPrototype.cpp: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorPrototypr.cpp.
3174         (JSC::WebAssemblyLinkErrorPrototype::create):
3175         (JSC::WebAssemblyLinkErrorPrototype::createStructure):
3176         (JSC::WebAssemblyLinkErrorPrototype::finishCreation):
3177         (JSC::WebAssemblyLinkErrorPrototype::WebAssemblyLinkErrorPrototype):
3178         * wasm/js/WebAssemblyLinkErrorPrototype.h: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorPrototypr.h.
3179         * wasm/js/WebAssemblyModuleRecord.cpp: update as per spec change
3180         (JSC::dataSegmentFail):
3181         (JSC::WebAssemblyModuleRecord::evaluate):
3182
3183 2016-12-20  JF Bastien  <jfbastien@apple.com>
3184
3185         WebAssembly: unique function signatures
3186         https://bugs.webkit.org/show_bug.cgi?id=165957
3187         <rdar://problem/29735737>
3188
3189         Reviewed by Saam Barati.
3190
3191         Signatures in a Module's Type section can be duplicated, we
3192         therefore need to unique them so that call_indirect only needs to
3193         do a single integer compare to check that a callee's Signature is
3194         the same as the Signature declared at the call site. Without
3195         uniquing we'd either trap when duplicate Signatures are used, or
3196         we'd need to do multiple comparisons. This patch makes that narrow
3197         usecase function correctly.
3198
3199         There's further complication when calling from wasm to
3200         wasm, in which case the Signatures must also match. Such
3201         cross-instance calls will be improved in bug #165282, but this
3202         patch sets the groundwork for it:
3203
3204         - Signatures are now owned by SignatureInformation which lives on
3205           VM, and is shared by all Modules.
3206         - When parsing a Module, a Signature is created for every Type
3207           entry, and then uniqued by SignatureInformation's adopt
3208           method. Duplicate Signatures are dropped and the previous
3209           SignatureIndex is returned, new Signatures are adopted and a new
3210           SignatureIndex is created.
3211         - The SignatureIndex values are monotonic. 0 is used to represent
3212           invalid indices, which trap. This can only occur through Table.
3213         - SignatureInformation is used while generating code to map a
3214           SignatureIndex back to the Signature* when return / argument
3215           information is needed. This is a simple lookup into a Vector. It
3216           isn't used at runtime.
3217         - These Signatures live forever on VM because the bookkeeping
3218           likely isn't worth it. We may want to empty things out if all
3219           Modules die, this is tracked in bug #166037.
3220         - We can further improve things by bit-packing SignatureIndex with
3221           Code*, which is tracked by bug #165511.
3222
3223         * CMakeLists.txt:
3224         * JavaScriptCore.xcodeproj/project.pbxproj:
3225         * runtime/VM.h: wasm signatures are uniqued here, but aren't accessed frequently (only during parsing) so indirection is fine
3226         * wasm/WasmB3IRGenerator.cpp: use SignatureIndex instead of Signature* when appropriate, and when still using Signature* do so with its new API
3227         (JSC::Wasm::createJSToWasmWrapper):
3228         (JSC::Wasm::parseAndCompile):
3229         * wasm/WasmBinding.cpp:
3230         (JSC::Wasm::importStubGenerator): use SignatureIndex
3231         * wasm/WasmBinding.h:
3232         * wasm/WasmCallingConvention.h:
3233         (JSC::Wasm::CallingConvention::loadArguments):
3234         * wasm/WasmFormat.cpp: drive-by move of alloc/free functions to the implementation file, allows the .h file to drop an FastMalloc.h
3235         (JSC::Wasm::Segment::create):
3236         (JSC::Wasm::Segment::destroy):
3237         (JSC::Wasm::Segment::createPtr):
3238         * wasm/WasmFormat.h: move Signature to its own file
3239         (JSC::Wasm::CallableFunction::CallableFunction):
3240         * wasm/WasmFunctionParser.h:
3241         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
3242         * wasm/WasmModuleParser.cpp:
3243         * wasm/WasmModuleParser.h:
3244         (JSC::Wasm::ModuleParser::ModuleParser):
3245         * wasm/WasmParser.h:
3246         (JSC::Wasm::Parser<SuccessType>::Parser):
3247         * wasm/WasmPlan.cpp:
3248         (JSC::Wasm::Plan::parseAndValidateModule):
3249         (JSC::Wasm::Plan::run):
3250         * wasm/WasmSignature.cpp: Added.
3251         (JSC::Wasm::Signature::dump):
3252         (JSC::Wasm::Signature::hash):
3253         (JSC::Wasm::Signature::create):
3254         (JSC::Wasm::Signature::createInvalid):
3255         (JSC::Wasm::Signature::destroy):
3256         (JSC::Wasm::SignatureInformation::~SignatureInformation):
3257         (JSC::Wasm::SignatureInformation::adopt):
3258         (JSC::Wasm::SignatureInformation::get):
3259