JSC should explicitly list its modulemap file
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-29  Keith Miller  <keith_miller@apple.com>
2
3         JSC should explicitly list its modulemap file
4         https://bugs.webkit.org/show_bug.cgi?id=191032
5
6         Reviewed by Saam Barati.
7
8         The automagically generated module map file for JSC will
9         include headers where they may not work out of the box.
10         This patch makes it so we now export the same modulemap
11         that used to be provided via the legacy system.
12
13         * Configurations/JavaScriptCore.xcconfig:
14         * JavaScriptCore.modulemap: Added.
15         * JavaScriptCore.xcodeproj/project.pbxproj:
16
17 2018-10-29  Tim Horton  <timothy_horton@apple.com>
18
19         Modernize WebKit nibs and lprojs for localization's sake
20         https://bugs.webkit.org/show_bug.cgi?id=190911
21         <rdar://problem/45349466>
22
23         Reviewed by Dan Bernstein.
24
25         * JavaScriptCore.xcodeproj/project.pbxproj:
26         English->en
27
28 2018-10-29  Commit Queue  <commit-queue@webkit.org>
29
30         Unreviewed, rolling out r237492.
31         https://bugs.webkit.org/show_bug.cgi?id=191035
32
33         "It regresses JetStream 2 by 5% on some iOS devices"
34         (Requested by saamyjoon on #webkit).
35
36         Reverted changeset:
37
38         "Unreviewed, partial rolling in r237254"
39         https://bugs.webkit.org/show_bug.cgi?id=190340
40         https://trac.webkit.org/changeset/237492
41
42 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
43
44         Add support for GetStack FlushedDouble
45         https://bugs.webkit.org/show_bug.cgi?id=191012
46         <rdar://problem/45265141>
47
48         Reviewed by Saam Barati.
49
50         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
51         for doubles, but it turns out it may arise from the PutStack sinking
52         phase: if we sink a PutStack into a successor block, other predecessors
53         will emit a GetStack followed by a Upsilon.
54
55         * ftl/FTLLowerDFGToB3.cpp:
56         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
57
58 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
59
60         New bytecode format for JSC
61         https://bugs.webkit.org/show_bug.cgi?id=187373
62         <rdar://problem/44186758>
63
64         Reviewed by Filip Pizlo.
65
66         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
67         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
68         operands) and might contain an extra operand, the metadataID. The metadataID is used to
69         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
70
71         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
72         and types to all its operands. Additionally, reading a bytecode from the instruction stream
73         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
74         operands directly from the stream.
75
76
77         * CMakeLists.txt:
78         * DerivedSources.make:
79         * JavaScriptCore.xcodeproj/project.pbxproj:
80         * Sources.txt:
81         * assembler/MacroAssemblerCodeRef.h:
82         (JSC::ReturnAddressPtr::ReturnAddressPtr):
83         (JSC::ReturnAddressPtr::value const):
84         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
85         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
86         * bytecode/ArithProfile.h:
87         (JSC::ArithProfile::ArithProfile):
88         * bytecode/ArrayAllocationProfile.h:
89         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
90         * bytecode/ArrayProfile.h:
91         * bytecode/BytecodeBasicBlock.cpp:
92         (JSC::isJumpTarget):
93         (JSC::BytecodeBasicBlock::computeImpl):
94         (JSC::BytecodeBasicBlock::compute):
95         * bytecode/BytecodeBasicBlock.h:
96         (JSC::BytecodeBasicBlock::leaderOffset const):
97         (JSC::BytecodeBasicBlock::totalLength const):
98         (JSC::BytecodeBasicBlock::offsets const):
99         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
100         (JSC::BytecodeBasicBlock::addLength):
101         * bytecode/BytecodeDumper.cpp:
102         (JSC::BytecodeDumper<Block>::printLocationAndOp):
103         (JSC::BytecodeDumper<Block>::dumpBytecode):
104         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
105         (JSC::BytecodeDumper<Block>::dumpConstants):
106         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
107         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
108         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
109         (JSC::BytecodeDumper<Block>::dumpBlock):
110         * bytecode/BytecodeDumper.h:
111         (JSC::BytecodeDumper::dumpOperand):
112         (JSC::BytecodeDumper::dumpValue):
113         (JSC::BytecodeDumper::BytecodeDumper):
114         (JSC::BytecodeDumper::block const):
115         * bytecode/BytecodeGeneratorification.cpp:
116         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
117         (JSC::BytecodeGeneratorification::enterPoint const):
118         (JSC::BytecodeGeneratorification::instructions const):
119         (JSC::GeneratorLivenessAnalysis::run):
120         (JSC::BytecodeGeneratorification::run):
121         (JSC::performGeneratorification):
122         * bytecode/BytecodeGeneratorification.h:
123         * bytecode/BytecodeGraph.h:
124         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
125         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
126         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
127         (JSC::BytecodeGraph::BytecodeGraph):
128         * bytecode/BytecodeKills.h:
129         * bytecode/BytecodeList.json: Removed.
130         * bytecode/BytecodeList.rb: Added.
131         * bytecode/BytecodeLivenessAnalysis.cpp:
132         (JSC::BytecodeLivenessAnalysis::dumpResults):
133         * bytecode/BytecodeLivenessAnalysis.h:
134         * bytecode/BytecodeLivenessAnalysisInlines.h:
135         (JSC::isValidRegisterForLiveness):
136         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
137         * bytecode/BytecodeRewriter.cpp:
138         (JSC::BytecodeRewriter::applyModification):
139         (JSC::BytecodeRewriter::execute):
140         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
141         (JSC::BytecodeRewriter::insertImpl):
142         (JSC::BytecodeRewriter::adjustJumpTarget):
143         (JSC::BytecodeRewriter::adjustJumpTargets):
144         * bytecode/BytecodeRewriter.h:
145         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
146         (JSC::BytecodeRewriter::Fragment::Fragment):
147         (JSC::BytecodeRewriter::Fragment::appendInstruction):
148         (JSC::BytecodeRewriter::BytecodeRewriter):
149         (JSC::BytecodeRewriter::insertFragmentBefore):
150         (JSC::BytecodeRewriter::insertFragmentAfter):
151         (JSC::BytecodeRewriter::removeBytecode):
152         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
153         (JSC::BytecodeRewriter::adjustJumpTarget):
154         * bytecode/BytecodeUseDef.h:
155         (JSC::computeUsesForBytecodeOffset):
156         (JSC::computeDefsForBytecodeOffset):
157         * bytecode/CallLinkStatus.cpp:
158         (JSC::CallLinkStatus::computeFromLLInt):
159         * bytecode/CodeBlock.cpp:
160         (JSC::CodeBlock::dumpBytecode):
161         (JSC::CodeBlock::CodeBlock):
162         (JSC::CodeBlock::finishCreation):
163         (JSC::CodeBlock::estimatedSize):
164         (JSC::CodeBlock::visitChildren):
165         (JSC::CodeBlock::propagateTransitions):
166         (JSC::CodeBlock::finalizeLLIntInlineCaches):
167         (JSC::CodeBlock::addJITAddIC):
168         (JSC::CodeBlock::addJITMulIC):
169         (JSC::CodeBlock::addJITSubIC):
170         (JSC::CodeBlock::addJITNegIC):
171         (JSC::CodeBlock::stronglyVisitStrongReferences):
172         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
173         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
174         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
175         (JSC::CodeBlock::getArrayProfile):
176         (JSC::CodeBlock::updateAllArrayPredictions):
177         (JSC::CodeBlock::predictedMachineCodeSize):
178         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
179         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
180         (JSC::CodeBlock::valueProfileForBytecodeOffset):
181         (JSC::CodeBlock::validate):
182         (JSC::CodeBlock::outOfLineJumpOffset):
183         (JSC::CodeBlock::outOfLineJumpTarget):
184         (JSC::CodeBlock::arithProfileForBytecodeOffset):
185         (JSC::CodeBlock::arithProfileForPC):
186         (JSC::CodeBlock::couldTakeSpecialFastCase):
187         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
188         * bytecode/CodeBlock.h:
189         (JSC::CodeBlock::addMathIC):
190         (JSC::CodeBlock::outOfLineJumpOffset):
191         (JSC::CodeBlock::bytecodeOffset):
192         (JSC::CodeBlock::instructions const):
193         (JSC::CodeBlock::instructionCount const):
194         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
195         (JSC::CodeBlock::metadata):
196         (JSC::CodeBlock::metadataSizeInBytes):
197         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
198         (JSC::CodeBlock::totalNumberOfValueProfiles):
199         * bytecode/CodeBlockInlines.h: Added.
200         (JSC::CodeBlock::forEachValueProfile):
201         (JSC::CodeBlock::forEachArrayProfile):
202         (JSC::CodeBlock::forEachArrayAllocationProfile):
203         (JSC::CodeBlock::forEachObjectAllocationProfile):
204         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
205         * bytecode/Fits.h: Added.
206         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
207         * bytecode/GetByIdStatus.cpp:
208         (JSC::GetByIdStatus::computeFromLLInt):
209         * bytecode/Instruction.h:
210         (JSC::Instruction::Instruction):
211         (JSC::Instruction::Impl::opcodeID const):
212         (JSC::Instruction::opcodeID const):
213         (JSC::Instruction::name const):
214         (JSC::Instruction::isWide const):
215         (JSC::Instruction::size const):
216         (JSC::Instruction::is const):
217         (JSC::Instruction::as const):
218         (JSC::Instruction::cast):
219         (JSC::Instruction::cast const):
220         (JSC::Instruction::narrow const):
221         (JSC::Instruction::wide const):
222         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
223         (JSC::InstructionStream::InstructionStream):
224         (JSC::InstructionStream::sizeInBytes const):
225         * bytecode/InstructionStream.h: Added.
226         (JSC::InstructionStream::BaseRef::BaseRef):
227         (JSC::InstructionStream::BaseRef::operator=):
228         (JSC::InstructionStream::BaseRef::operator-> const):
229         (JSC::InstructionStream::BaseRef::ptr const):
230         (JSC::InstructionStream::BaseRef::operator!= const):
231         (JSC::InstructionStream::BaseRef::next const):
232         (JSC::InstructionStream::BaseRef::offset const):
233         (JSC::InstructionStream::BaseRef::isValid const):
234         (JSC::InstructionStream::BaseRef::unwrap const):
235         (JSC::InstructionStream::MutableRef::freeze const):
236         (JSC::InstructionStream::MutableRef::operator->):
237         (JSC::InstructionStream::MutableRef::ptr):
238         (JSC::InstructionStream::MutableRef::operator Ref):
239         (JSC::InstructionStream::MutableRef::unwrap):
240         (JSC::InstructionStream::iterator::operator*):
241         (JSC::InstructionStream::iterator::operator++):
242         (JSC::InstructionStream::begin const):
243         (JSC::InstructionStream::end const):
244         (JSC::InstructionStream::at const):
245         (JSC::InstructionStream::size const):
246         (JSC::InstructionStreamWriter::InstructionStreamWriter):
247         (JSC::InstructionStreamWriter::ref):
248         (JSC::InstructionStreamWriter::seek):
249         (JSC::InstructionStreamWriter::position):
250         (JSC::InstructionStreamWriter::write):
251         (JSC::InstructionStreamWriter::rewind):
252         (JSC::InstructionStreamWriter::finalize):
253         (JSC::InstructionStreamWriter::swap):
254         (JSC::InstructionStreamWriter::iterator::operator*):
255         (JSC::InstructionStreamWriter::iterator::operator++):
256         (JSC::InstructionStreamWriter::begin):
257         (JSC::InstructionStreamWriter::end):
258         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
259         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
260         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
261         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
262         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
263         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
264         (JSC::MetadataTable::MetadataTable):
265         (JSC::DeallocTable::withOpcodeType):
266         (JSC::MetadataTable::~MetadataTable):
267         (JSC::MetadataTable::sizeInBytes):
268         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
269         (JSC::MetadataTable::get):
270         (JSC::MetadataTable::forEach):
271         (JSC::MetadataTable::getImpl):
272         * bytecode/Opcode.cpp:
273         (JSC::metadataSize):
274         * bytecode/Opcode.h:
275         (JSC::padOpcodeName):
276         * bytecode/OpcodeInlines.h:
277         (JSC::isOpcodeShape):
278         (JSC::getOpcodeType):
279         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
280         * bytecode/PreciseJumpTargets.cpp:
281         (JSC::getJumpTargetsForInstruction):
282         (JSC::computePreciseJumpTargetsInternal):
283         (JSC::computePreciseJumpTargets):
284         (JSC::recomputePreciseJumpTargets):
285         (JSC::findJumpTargetsForInstruction):
286         * bytecode/PreciseJumpTargets.h:
287         * bytecode/PreciseJumpTargetsInlines.h:
288         (JSC::jumpTargetForInstruction):
289         (JSC::extractStoredJumpTargetsForInstruction):
290         (JSC::updateStoredJumpTargetsForInstruction):
291         * bytecode/PutByIdStatus.cpp:
292         (JSC::PutByIdStatus::computeFromLLInt):
293         * bytecode/SpecialPointer.cpp:
294         (WTF::printInternal):
295         * bytecode/SpecialPointer.h:
296         * bytecode/UnlinkedCodeBlock.cpp:
297         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
298         (JSC::UnlinkedCodeBlock::visitChildren):
299         (JSC::UnlinkedCodeBlock::estimatedSize):
300         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
301         (JSC::dumpLineColumnEntry):
302         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
303         (JSC::UnlinkedCodeBlock::setInstructions):
304         (JSC::UnlinkedCodeBlock::instructions const):
305         (JSC::UnlinkedCodeBlock::applyModification):
306         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
307         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
308         * bytecode/UnlinkedCodeBlock.h:
309         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
310         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
311         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
312         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
313         (JSC::UnlinkedCodeBlock::metadata):
314         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
315         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
316         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
317         * bytecode/UnlinkedInstructionStream.cpp: Removed.
318         * bytecode/UnlinkedInstructionStream.h: Removed.
319         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
320         * bytecode/UnlinkedMetadataTableInlines.h: Added.
321         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
322         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
323         (JSC::UnlinkedMetadataTable::addEntry):
324         (JSC::UnlinkedMetadataTable::sizeInBytes):
325         (JSC::UnlinkedMetadataTable::finalize):
326         (JSC::UnlinkedMetadataTable::link):
327         (JSC::UnlinkedMetadataTable::unlink):
328         * bytecode/VirtualRegister.cpp:
329         (JSC::VirtualRegister::VirtualRegister):
330         * bytecode/VirtualRegister.h:
331         * bytecompiler/BytecodeGenerator.cpp:
332         (JSC::Label::setLocation):
333         (JSC::Label::bind):
334         (JSC::BytecodeGenerator::generate):
335         (JSC::BytecodeGenerator::BytecodeGenerator):
336         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
337         (JSC::BytecodeGenerator::emitEnter):
338         (JSC::BytecodeGenerator::emitLoopHint):
339         (JSC::BytecodeGenerator::emitJump):
340         (JSC::BytecodeGenerator::emitCheckTraps):
341         (JSC::BytecodeGenerator::rewind):
342         (JSC::BytecodeGenerator::fuseCompareAndJump):
343         (JSC::BytecodeGenerator::fuseTestAndJmp):
344         (JSC::BytecodeGenerator::emitJumpIfTrue):
345         (JSC::BytecodeGenerator::emitJumpIfFalse):
346         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
347         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
348         (JSC::BytecodeGenerator::moveLinkTimeConstant):
349         (JSC::BytecodeGenerator::moveEmptyValue):
350         (JSC::BytecodeGenerator::emitMove):
351         (JSC::BytecodeGenerator::emitUnaryOp):
352         (JSC::BytecodeGenerator::emitBinaryOp):
353         (JSC::BytecodeGenerator::emitToObject):
354         (JSC::BytecodeGenerator::emitToNumber):
355         (JSC::BytecodeGenerator::emitToString):
356         (JSC::BytecodeGenerator::emitTypeOf):
357         (JSC::BytecodeGenerator::emitInc):
358         (JSC::BytecodeGenerator::emitDec):
359         (JSC::BytecodeGenerator::emitEqualityOp):
360         (JSC::BytecodeGenerator::emitProfileType):
361         (JSC::BytecodeGenerator::emitProfileControlFlow):
362         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
363         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
364         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
365         (JSC::BytecodeGenerator::emitOverridesHasInstance):
366         (JSC::BytecodeGenerator::emitResolveScope):
367         (JSC::BytecodeGenerator::emitGetFromScope):
368         (JSC::BytecodeGenerator::emitPutToScope):
369         (JSC::BytecodeGenerator::emitInstanceOf):
370         (JSC::BytecodeGenerator::emitInstanceOfCustom):
371         (JSC::BytecodeGenerator::emitInByVal):
372         (JSC::BytecodeGenerator::emitInById):
373         (JSC::BytecodeGenerator::emitTryGetById):
374         (JSC::BytecodeGenerator::emitGetById):
375         (JSC::BytecodeGenerator::emitDirectGetById):
376         (JSC::BytecodeGenerator::emitPutById):
377         (JSC::BytecodeGenerator::emitDirectPutById):
378         (JSC::BytecodeGenerator::emitPutGetterById):
379         (JSC::BytecodeGenerator::emitPutSetterById):
380         (JSC::BytecodeGenerator::emitPutGetterSetter):
381         (JSC::BytecodeGenerator::emitPutGetterByVal):
382         (JSC::BytecodeGenerator::emitPutSetterByVal):
383         (JSC::BytecodeGenerator::emitDeleteById):
384         (JSC::BytecodeGenerator::emitGetByVal):
385         (JSC::BytecodeGenerator::emitPutByVal):
386         (JSC::BytecodeGenerator::emitDirectPutByVal):
387         (JSC::BytecodeGenerator::emitDeleteByVal):
388         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
389         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
390         (JSC::BytecodeGenerator::emitIdWithProfile):
391         (JSC::BytecodeGenerator::emitUnreachable):
392         (JSC::BytecodeGenerator::emitGetArgument):
393         (JSC::BytecodeGenerator::emitCreateThis):
394         (JSC::BytecodeGenerator::emitTDZCheck):
395         (JSC::BytecodeGenerator::emitNewObject):
396         (JSC::BytecodeGenerator::emitNewArrayBuffer):
397         (JSC::BytecodeGenerator::emitNewArray):
398         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
399         (JSC::BytecodeGenerator::emitNewArrayWithSize):
400         (JSC::BytecodeGenerator::emitNewRegExp):
401         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
402         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
403         (JSC::BytecodeGenerator::emitNewFunction):
404         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
405         (JSC::BytecodeGenerator::emitCall):
406         (JSC::BytecodeGenerator::emitCallInTailPosition):
407         (JSC::BytecodeGenerator::emitCallEval):
408         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
409         (JSC::BytecodeGenerator::emitCallVarargs):
410         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
411         (JSC::BytecodeGenerator::emitConstructVarargs):
412         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
413         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
414         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
415         (JSC::BytecodeGenerator::emitCallDefineProperty):
416         (JSC::BytecodeGenerator::emitReturn):
417         (JSC::BytecodeGenerator::emitEnd):
418         (JSC::BytecodeGenerator::emitConstruct):
419         (JSC::BytecodeGenerator::emitStrcat):
420         (JSC::BytecodeGenerator::emitToPrimitive):
421         (JSC::BytecodeGenerator::emitGetScope):
422         (JSC::BytecodeGenerator::emitPushWithScope):
423         (JSC::BytecodeGenerator::emitGetParentScope):
424         (JSC::BytecodeGenerator::emitDebugHook):
425         (JSC::BytecodeGenerator::emitCatch):
426         (JSC::BytecodeGenerator::emitThrow):
427         (JSC::BytecodeGenerator::emitArgumentCount):
428         (JSC::BytecodeGenerator::emitThrowStaticError):
429         (JSC::BytecodeGenerator::beginSwitch):
430         (JSC::prepareJumpTableForSwitch):
431         (JSC::prepareJumpTableForStringSwitch):
432         (JSC::BytecodeGenerator::endSwitch):
433         (JSC::BytecodeGenerator::emitGetEnumerableLength):
434         (JSC::BytecodeGenerator::emitHasGenericProperty):
435         (JSC::BytecodeGenerator::emitHasIndexedProperty):
436         (JSC::BytecodeGenerator::emitHasStructureProperty):
437         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
438         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
439         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
440         (JSC::BytecodeGenerator::emitToIndexString):
441         (JSC::BytecodeGenerator::emitIsCellWithType):
442         (JSC::BytecodeGenerator::emitIsObject):
443         (JSC::BytecodeGenerator::emitIsNumber):
444         (JSC::BytecodeGenerator::emitIsUndefined):
445         (JSC::BytecodeGenerator::emitIsEmpty):
446         (JSC::BytecodeGenerator::emitRestParameter):
447         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
448         (JSC::BytecodeGenerator::emitYieldPoint):
449         (JSC::BytecodeGenerator::emitYield):
450         (JSC::BytecodeGenerator::emitGetAsyncIterator):
451         (JSC::BytecodeGenerator::emitDelegateYield):
452         (JSC::BytecodeGenerator::emitFinallyCompletion):
453         (JSC::BytecodeGenerator::emitJumpIf):
454         (JSC::ForInContext::finalize):
455         (JSC::StructureForInContext::finalize):
456         (JSC::IndexedForInContext::finalize):
457         (JSC::StaticPropertyAnalysis::record):
458         (JSC::BytecodeGenerator::emitToThis):
459         * bytecompiler/BytecodeGenerator.h:
460         (JSC::StructureForInContext::addGetInst):
461         (JSC::BytecodeGenerator::recordOpcode):
462         (JSC::BytecodeGenerator::addMetadataFor):
463         (JSC::BytecodeGenerator::emitUnaryOp):
464         (JSC::BytecodeGenerator::kill):
465         (JSC::BytecodeGenerator::instructions const):
466         (JSC::BytecodeGenerator::write):
467         (JSC::BytecodeGenerator::withWriter):
468         * bytecompiler/Label.h:
469         (JSC::Label::Label):
470         (JSC::Label::bind):
471         * bytecompiler/NodesCodegen.cpp:
472         (JSC::ArrayNode::emitBytecode):
473         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
474         (JSC::ApplyFunctionCallDotNode::emitBytecode):
475         (JSC::BitwiseNotNode::emitBytecode):
476         (JSC::BinaryOpNode::emitBytecode):
477         (JSC::EqualNode::emitBytecode):
478         (JSC::StrictEqualNode::emitBytecode):
479         (JSC::emitReadModifyAssignment):
480         (JSC::ForInNode::emitBytecode):
481         (JSC::CaseBlockNode::emitBytecodeForBlock):
482         (JSC::FunctionNode::emitBytecode):
483         (JSC::ClassExprNode::emitBytecode):
484         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
485         (WTF::printInternal):
486         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
487         * bytecompiler/RegisterID.h:
488         * bytecompiler/StaticPropertyAnalysis.h:
489         (JSC::StaticPropertyAnalysis::create):
490         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
491         * bytecompiler/StaticPropertyAnalyzer.h:
492         (JSC::StaticPropertyAnalyzer::createThis):
493         (JSC::StaticPropertyAnalyzer::newObject):
494         (JSC::StaticPropertyAnalyzer::putById):
495         (JSC::StaticPropertyAnalyzer::mov):
496         (JSC::StaticPropertyAnalyzer::kill):
497         * dfg/DFGByteCodeParser.cpp:
498         (JSC::DFG::ByteCodeParser::addCall):
499         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
500         (JSC::DFG::ByteCodeParser::getArrayMode):
501         (JSC::DFG::ByteCodeParser::handleCall):
502         (JSC::DFG::ByteCodeParser::handleVarargsCall):
503         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
504         (JSC::DFG::ByteCodeParser::inlineCall):
505         (JSC::DFG::ByteCodeParser::handleCallVariant):
506         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
507         (JSC::DFG::ByteCodeParser::handleInlining):
508         (JSC::DFG::ByteCodeParser::handleMinMax):
509         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
510         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
511         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
512         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
513         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
514         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
515         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
516         (JSC::DFG::ByteCodeParser::handleGetById):
517         (JSC::DFG::ByteCodeParser::handlePutById):
518         (JSC::DFG::ByteCodeParser::parseGetById):
519         (JSC::DFG::ByteCodeParser::parseBlock):
520         (JSC::DFG::ByteCodeParser::parseCodeBlock):
521         (JSC::DFG::ByteCodeParser::handlePutByVal):
522         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
523         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
524         (JSC::DFG::ByteCodeParser::handleNewFunc):
525         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
526         (JSC::DFG::ByteCodeParser::parse):
527         * dfg/DFGCapabilities.cpp:
528         (JSC::DFG::capabilityLevel):
529         * dfg/DFGCapabilities.h:
530         (JSC::DFG::capabilityLevel):
531         * dfg/DFGOSREntry.cpp:
532         (JSC::DFG::prepareCatchOSREntry):
533         * dfg/DFGSpeculativeJIT.cpp:
534         (JSC::DFG::SpeculativeJIT::compileValueAdd):
535         (JSC::DFG::SpeculativeJIT::compileValueSub):
536         (JSC::DFG::SpeculativeJIT::compileValueNegate):
537         (JSC::DFG::SpeculativeJIT::compileArithMul):
538         * ftl/FTLLowerDFGToB3.cpp:
539         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
540         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
541         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
542         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
543         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
544         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
545         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
546         * ftl/FTLOperations.cpp:
547         (JSC::FTL::operationMaterializeObjectInOSR):
548         * generate-bytecode-files: Removed.
549         * generator/Argument.rb: Added.
550         * generator/Assertion.rb: Added.
551         * generator/DSL.rb: Added.
552         * generator/Fits.rb: Added.
553         * generator/GeneratedFile.rb: Added.
554         * generator/Metadata.rb: Added.
555         * generator/Opcode.rb: Added.
556         * generator/OpcodeGroup.rb: Added.
557         * generator/Options.rb: Added.
558         * generator/Section.rb: Added.
559         * generator/Template.rb: Added.
560         * generator/Type.rb: Added.
561         * generator/main.rb: Added.
562         * interpreter/AbstractPC.h:
563         * interpreter/CallFrame.cpp:
564         (JSC::CallFrame::currentVPC const):
565         (JSC::CallFrame::setCurrentVPC):
566         * interpreter/CallFrame.h:
567         (JSC::CallSiteIndex::CallSiteIndex):
568         (JSC::ExecState::setReturnPC):
569         * interpreter/Interpreter.cpp:
570         (WTF::printInternal):
571         * interpreter/Interpreter.h:
572         * interpreter/InterpreterInlines.h:
573         * interpreter/StackVisitor.cpp:
574         (JSC::StackVisitor::Frame::dump const):
575         * interpreter/VMEntryRecord.h:
576         * jit/JIT.cpp:
577         (JSC::JIT::JIT):
578         (JSC::JIT::emitSlowCaseCall):
579         (JSC::JIT::privateCompileMainPass):
580         (JSC::JIT::privateCompileSlowCases):
581         (JSC::JIT::compileWithoutLinking):
582         (JSC::JIT::link):
583         * jit/JIT.h:
584         * jit/JITArithmetic.cpp:
585         (JSC::JIT::emit_op_jless):
586         (JSC::JIT::emit_op_jlesseq):
587         (JSC::JIT::emit_op_jgreater):
588         (JSC::JIT::emit_op_jgreatereq):
589         (JSC::JIT::emit_op_jnless):
590         (JSC::JIT::emit_op_jnlesseq):
591         (JSC::JIT::emit_op_jngreater):
592         (JSC::JIT::emit_op_jngreatereq):
593         (JSC::JIT::emitSlow_op_jless):
594         (JSC::JIT::emitSlow_op_jlesseq):
595         (JSC::JIT::emitSlow_op_jgreater):
596         (JSC::JIT::emitSlow_op_jgreatereq):
597         (JSC::JIT::emitSlow_op_jnless):
598         (JSC::JIT::emitSlow_op_jnlesseq):
599         (JSC::JIT::emitSlow_op_jngreater):
600         (JSC::JIT::emitSlow_op_jngreatereq):
601         (JSC::JIT::emit_op_below):
602         (JSC::JIT::emit_op_beloweq):
603         (JSC::JIT::emit_op_jbelow):
604         (JSC::JIT::emit_op_jbeloweq):
605         (JSC::JIT::emit_op_unsigned):
606         (JSC::JIT::emit_compareAndJump):
607         (JSC::JIT::emit_compareUnsignedAndJump):
608         (JSC::JIT::emit_compareUnsigned):
609         (JSC::JIT::emit_compareAndJumpSlow):
610         (JSC::JIT::emit_op_inc):
611         (JSC::JIT::emit_op_dec):
612         (JSC::JIT::emit_op_mod):
613         (JSC::JIT::emitSlow_op_mod):
614         (JSC::JIT::emit_op_negate):
615         (JSC::JIT::emitSlow_op_negate):
616         (JSC::JIT::emitBitBinaryOpFastPath):
617         (JSC::JIT::emit_op_bitand):
618         (JSC::JIT::emit_op_bitor):
619         (JSC::JIT::emit_op_bitxor):
620         (JSC::JIT::emit_op_lshift):
621         (JSC::JIT::emitRightShiftFastPath):
622         (JSC::JIT::emit_op_rshift):
623         (JSC::JIT::emit_op_urshift):
624         (JSC::getOperandTypes):
625         (JSC::JIT::emit_op_add):
626         (JSC::JIT::emitSlow_op_add):
627         (JSC::JIT::emitMathICFast):
628         (JSC::JIT::emitMathICSlow):
629         (JSC::JIT::emit_op_div):
630         (JSC::JIT::emit_op_mul):
631         (JSC::JIT::emitSlow_op_mul):
632         (JSC::JIT::emit_op_sub):
633         (JSC::JIT::emitSlow_op_sub):
634         * jit/JITCall.cpp:
635         (JSC::JIT::emitPutCallResult):
636         (JSC::JIT::compileSetupFrame):
637         (JSC::JIT::compileCallEval):
638         (JSC::JIT::compileCallEvalSlowCase):
639         (JSC::JIT::compileTailCall):
640         (JSC::JIT::compileOpCall):
641         (JSC::JIT::compileOpCallSlowCase):
642         (JSC::JIT::emit_op_call):
643         (JSC::JIT::emit_op_tail_call):
644         (JSC::JIT::emit_op_call_eval):
645         (JSC::JIT::emit_op_call_varargs):
646         (JSC::JIT::emit_op_tail_call_varargs):
647         (JSC::JIT::emit_op_tail_call_forward_arguments):
648         (JSC::JIT::emit_op_construct_varargs):
649         (JSC::JIT::emit_op_construct):
650         (JSC::JIT::emitSlow_op_call):
651         (JSC::JIT::emitSlow_op_tail_call):
652         (JSC::JIT::emitSlow_op_call_eval):
653         (JSC::JIT::emitSlow_op_call_varargs):
654         (JSC::JIT::emitSlow_op_tail_call_varargs):
655         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
656         (JSC::JIT::emitSlow_op_construct_varargs):
657         (JSC::JIT::emitSlow_op_construct):
658         * jit/JITDisassembler.cpp:
659         (JSC::JITDisassembler::JITDisassembler):
660         * jit/JITExceptions.cpp:
661         (JSC::genericUnwind):
662         * jit/JITInlines.h:
663         (JSC::JIT::emitDoubleGetByVal):
664         (JSC::JIT::emitLoadForArrayMode):
665         (JSC::JIT::emitContiguousGetByVal):
666         (JSC::JIT::emitArrayStorageGetByVal):
667         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
668         (JSC::JIT::sampleInstruction):
669         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
670         (JSC::JIT::emitValueProfilingSite):
671         (JSC::JIT::jumpTarget):
672         (JSC::JIT::copiedGetPutInfo):
673         (JSC::JIT::copiedArithProfile):
674         * jit/JITMathIC.h:
675         (JSC::isProfileEmpty):
676         (JSC::JITBinaryMathIC::JITBinaryMathIC):
677         (JSC::JITUnaryMathIC::JITUnaryMathIC):
678         * jit/JITOpcodes.cpp:
679         (JSC::JIT::emit_op_mov):
680         (JSC::JIT::emit_op_end):
681         (JSC::JIT::emit_op_jmp):
682         (JSC::JIT::emit_op_new_object):
683         (JSC::JIT::emitSlow_op_new_object):
684         (JSC::JIT::emit_op_overrides_has_instance):
685         (JSC::JIT::emit_op_instanceof):
686         (JSC::JIT::emitSlow_op_instanceof):
687         (JSC::JIT::emit_op_instanceof_custom):
688         (JSC::JIT::emit_op_is_empty):
689         (JSC::JIT::emit_op_is_undefined):
690         (JSC::JIT::emit_op_is_boolean):
691         (JSC::JIT::emit_op_is_number):
692         (JSC::JIT::emit_op_is_cell_with_type):
693         (JSC::JIT::emit_op_is_object):
694         (JSC::JIT::emit_op_ret):
695         (JSC::JIT::emit_op_to_primitive):
696         (JSC::JIT::emit_op_set_function_name):
697         (JSC::JIT::emit_op_not):
698         (JSC::JIT::emit_op_jfalse):
699         (JSC::JIT::emit_op_jeq_null):
700         (JSC::JIT::emit_op_jneq_null):
701         (JSC::JIT::emit_op_jneq_ptr):
702         (JSC::JIT::emit_op_eq):
703         (JSC::JIT::emit_op_jeq):
704         (JSC::JIT::emit_op_jtrue):
705         (JSC::JIT::emit_op_neq):
706         (JSC::JIT::emit_op_jneq):
707         (JSC::JIT::emit_op_throw):
708         (JSC::JIT::compileOpStrictEq):
709         (JSC::JIT::emit_op_stricteq):
710         (JSC::JIT::emit_op_nstricteq):
711         (JSC::JIT::compileOpStrictEqJump):
712         (JSC::JIT::emit_op_jstricteq):
713         (JSC::JIT::emit_op_jnstricteq):
714         (JSC::JIT::emitSlow_op_jstricteq):
715         (JSC::JIT::emitSlow_op_jnstricteq):
716         (JSC::JIT::emit_op_to_number):
717         (JSC::JIT::emit_op_to_string):
718         (JSC::JIT::emit_op_to_object):
719         (JSC::JIT::emit_op_catch):
720         (JSC::JIT::emit_op_identity_with_profile):
721         (JSC::JIT::emit_op_get_parent_scope):
722         (JSC::JIT::emit_op_switch_imm):
723         (JSC::JIT::emit_op_switch_char):
724         (JSC::JIT::emit_op_switch_string):
725         (JSC::JIT::emit_op_debug):
726         (JSC::JIT::emit_op_eq_null):
727         (JSC::JIT::emit_op_neq_null):
728         (JSC::JIT::emit_op_enter):
729         (JSC::JIT::emit_op_get_scope):
730         (JSC::JIT::emit_op_to_this):
731         (JSC::JIT::emit_op_create_this):
732         (JSC::JIT::emit_op_check_tdz):
733         (JSC::JIT::emitSlow_op_eq):
734         (JSC::JIT::emitSlow_op_neq):
735         (JSC::JIT::emitSlow_op_jeq):
736         (JSC::JIT::emitSlow_op_jneq):
737         (JSC::JIT::emitSlow_op_instanceof_custom):
738         (JSC::JIT::emit_op_loop_hint):
739         (JSC::JIT::emitSlow_op_loop_hint):
740         (JSC::JIT::emit_op_check_traps):
741         (JSC::JIT::emit_op_nop):
742         (JSC::JIT::emit_op_super_sampler_begin):
743         (JSC::JIT::emit_op_super_sampler_end):
744         (JSC::JIT::emitSlow_op_check_traps):
745         (JSC::JIT::emit_op_new_regexp):
746         (JSC::JIT::emitNewFuncCommon):
747         (JSC::JIT::emit_op_new_func):
748         (JSC::JIT::emit_op_new_generator_func):
749         (JSC::JIT::emit_op_new_async_generator_func):
750         (JSC::JIT::emit_op_new_async_func):
751         (JSC::JIT::emitNewFuncExprCommon):
752         (JSC::JIT::emit_op_new_func_exp):
753         (JSC::JIT::emit_op_new_generator_func_exp):
754         (JSC::JIT::emit_op_new_async_func_exp):
755         (JSC::JIT::emit_op_new_async_generator_func_exp):
756         (JSC::JIT::emit_op_new_array):
757         (JSC::JIT::emit_op_new_array_with_size):
758         (JSC::JIT::emit_op_has_structure_property):
759         (JSC::JIT::privateCompileHasIndexedProperty):
760         (JSC::JIT::emit_op_has_indexed_property):
761         (JSC::JIT::emitSlow_op_has_indexed_property):
762         (JSC::JIT::emit_op_get_direct_pname):
763         (JSC::JIT::emit_op_enumerator_structure_pname):
764         (JSC::JIT::emit_op_enumerator_generic_pname):
765         (JSC::JIT::emit_op_profile_type):
766         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
767         (JSC::JIT::emit_op_log_shadow_chicken_tail):
768         (JSC::JIT::emit_op_profile_control_flow):
769         (JSC::JIT::emit_op_argument_count):
770         (JSC::JIT::emit_op_get_rest_length):
771         (JSC::JIT::emit_op_get_argument):
772         * jit/JITOpcodes32_64.cpp:
773         (JSC::JIT::emit_op_to_this):
774         * jit/JITOperations.cpp:
775         * jit/JITOperations.h:
776         * jit/JITPropertyAccess.cpp:
777         (JSC::JIT::emit_op_get_by_val):
778         (JSC::JIT::emitGetByValWithCachedId):
779         (JSC::JIT::emitSlow_op_get_by_val):
780         (JSC::JIT::emit_op_put_by_val_direct):
781         (JSC::JIT::emit_op_put_by_val):
782         (JSC::JIT::emitGenericContiguousPutByVal):
783         (JSC::JIT::emitArrayStoragePutByVal):
784         (JSC::JIT::emitPutByValWithCachedId):
785         (JSC::JIT::emitSlow_op_put_by_val):
786         (JSC::JIT::emit_op_put_getter_by_id):
787         (JSC::JIT::emit_op_put_setter_by_id):
788         (JSC::JIT::emit_op_put_getter_setter_by_id):
789         (JSC::JIT::emit_op_put_getter_by_val):
790         (JSC::JIT::emit_op_put_setter_by_val):
791         (JSC::JIT::emit_op_del_by_id):
792         (JSC::JIT::emit_op_del_by_val):
793         (JSC::JIT::emit_op_try_get_by_id):
794         (JSC::JIT::emitSlow_op_try_get_by_id):
795         (JSC::JIT::emit_op_get_by_id_direct):
796         (JSC::JIT::emitSlow_op_get_by_id_direct):
797         (JSC::JIT::emit_op_get_by_id):
798         (JSC::JIT::emit_op_get_by_id_with_this):
799         (JSC::JIT::emitSlow_op_get_by_id):
800         (JSC::JIT::emitSlow_op_get_by_id_with_this):
801         (JSC::JIT::emit_op_put_by_id):
802         (JSC::JIT::emitSlow_op_put_by_id):
803         (JSC::JIT::emit_op_in_by_id):
804         (JSC::JIT::emitSlow_op_in_by_id):
805         (JSC::JIT::emit_op_resolve_scope):
806         (JSC::JIT::emit_op_get_from_scope):
807         (JSC::JIT::emitSlow_op_get_from_scope):
808         (JSC::JIT::emit_op_put_to_scope):
809         (JSC::JIT::emitSlow_op_put_to_scope):
810         (JSC::JIT::emit_op_get_from_arguments):
811         (JSC::JIT::emit_op_put_to_arguments):
812         (JSC::JIT::privateCompileGetByVal):
813         (JSC::JIT::privateCompileGetByValWithCachedId):
814         (JSC::JIT::privateCompilePutByVal):
815         (JSC::JIT::privateCompilePutByValWithCachedId):
816         (JSC::JIT::emitDoubleLoad):
817         (JSC::JIT::emitContiguousLoad):
818         (JSC::JIT::emitArrayStorageLoad):
819         (JSC::JIT::emitDirectArgumentsGetByVal):
820         (JSC::JIT::emitScopedArgumentsGetByVal):
821         (JSC::JIT::emitIntTypedArrayGetByVal):
822         (JSC::JIT::emitFloatTypedArrayGetByVal):
823         (JSC::JIT::emitIntTypedArrayPutByVal):
824         (JSC::JIT::emitFloatTypedArrayPutByVal):
825         * jit/RegisterSet.cpp:
826         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
827         * jit/SlowPathCall.h:
828         (JSC::JITSlowPathCall::JITSlowPathCall):
829         * llint/LLIntData.cpp:
830         (JSC::LLInt::initialize):
831         (JSC::LLInt::Data::performAssertions):
832         * llint/LLIntData.h:
833         (JSC::LLInt::exceptionInstructions):
834         (JSC::LLInt::opcodeMap):
835         (JSC::LLInt::opcodeMapWide):
836         (JSC::LLInt::getOpcode):
837         (JSC::LLInt::getOpcodeWide):
838         (JSC::LLInt::getWideCodePtr):
839         * llint/LLIntOffsetsExtractor.cpp:
840         * llint/LLIntSlowPaths.cpp:
841         (JSC::LLInt::llint_trace_operand):
842         (JSC::LLInt::llint_trace_value):
843         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
844         (JSC::LLInt::entryOSR):
845         (JSC::LLInt::setupGetByIdPrototypeCache):
846         (JSC::LLInt::getByVal):
847         (JSC::LLInt::handleHostCall):
848         (JSC::LLInt::setUpCall):
849         (JSC::LLInt::genericCall):
850         (JSC::LLInt::varargsSetup):
851         (JSC::LLInt::commonCallEval):
852         * llint/LLIntSlowPaths.h:
853         * llint/LowLevelInterpreter.asm:
854         * llint/LowLevelInterpreter.cpp:
855         (JSC::CLoopRegister::operator const Instruction*):
856         (JSC::CLoop::execute):
857         * llint/LowLevelInterpreter32_64.asm:
858         * llint/LowLevelInterpreter64.asm:
859         * offlineasm/arm64.rb:
860         * offlineasm/asm.rb:
861         * offlineasm/ast.rb:
862         * offlineasm/cloop.rb:
863         * offlineasm/generate_offset_extractor.rb:
864         * offlineasm/instructions.rb:
865         * offlineasm/offsets.rb:
866         * offlineasm/parser.rb:
867         * offlineasm/transform.rb:
868         * offlineasm/x86.rb:
869         * parser/ResultType.h:
870         (JSC::ResultType::dump const):
871         (JSC::OperandTypes::first const):
872         (JSC::OperandTypes::second const):
873         (JSC::OperandTypes::dump const):
874         * profiler/ProfilerBytecodeSequence.cpp:
875         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
876         * runtime/CommonSlowPaths.cpp:
877         (JSC::SLOW_PATH_DECL):
878         (JSC::updateArithProfileForUnaryArithOp):
879         (JSC::updateArithProfileForBinaryArithOp):
880         * runtime/CommonSlowPaths.h:
881         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
882         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
883         * runtime/ExceptionFuzz.cpp:
884         (JSC::doExceptionFuzzing):
885         * runtime/ExceptionFuzz.h:
886         (JSC::doExceptionFuzzingIfEnabled):
887         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
888         (JSC::GetPutInfo::dump const):
889         (WTF::printInternal):
890         * runtime/GetPutInfo.h:
891         (JSC::GetPutInfo::operand const):
892         * runtime/JSCPoison.h:
893         * runtime/JSType.cpp: Added.
894         (WTF::printInternal):
895         * runtime/JSType.h:
896         * runtime/SamplingProfiler.cpp:
897         (JSC::SamplingProfiler::StackFrame::displayName):
898         * runtime/SamplingProfiler.h:
899         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
900         * runtime/SlowPathReturnType.h:
901         (JSC::encodeResult):
902         (JSC::decodeResult):
903         * runtime/VM.h:
904         * runtime/Watchdog.h:
905         * tools/HeapVerifier.cpp:
906
907 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
908
909         Unreviewed, partial rolling in r237254
910         https://bugs.webkit.org/show_bug.cgi?id=190340
911
912         We do not use the added function right now to investigate what is the reason of the regression.
913         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
914         seems culprit of the regression on iOS devices.
915
916         * bytecode/UnlinkedFunctionExecutable.cpp:
917         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
918         * bytecode/UnlinkedFunctionExecutable.h:
919         * parser/SourceCodeKey.h:
920         (JSC::SourceCodeKey::SourceCodeKey):
921         (JSC::SourceCodeKey::operator== const):
922         * runtime/CodeCache.cpp:
923         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
924         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
925         * runtime/CodeCache.h:
926         * runtime/FunctionConstructor.cpp:
927         (JSC::constructFunctionSkippingEvalEnabledCheck):
928         * runtime/FunctionExecutable.cpp:
929         (JSC::FunctionExecutable::fromGlobalCode):
930         * runtime/FunctionExecutable.h:
931
932 2018-10-26  Commit Queue  <commit-queue@webkit.org>
933
934         Unreviewed, rolling out r237479 and r237484.
935         https://bugs.webkit.org/show_bug.cgi?id=190978
936
937         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
938
939         Reverted changesets:
940
941         "New bytecode format for JSC"
942         https://bugs.webkit.org/show_bug.cgi?id=187373
943         https://trac.webkit.org/changeset/237479
944
945         "Gardening: Build fix after r237479."
946         https://bugs.webkit.org/show_bug.cgi?id=187373
947         https://trac.webkit.org/changeset/237484
948
949 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
950
951         Gardening: Build fix after r237479.
952         https://bugs.webkit.org/show_bug.cgi?id=187373
953
954         Unreviewed.
955
956         * Configurations/JSC.xcconfig:
957         * JavaScriptCore.xcodeproj/project.pbxproj:
958         * llint/LLIntData.cpp:
959         (JSC::LLInt::initialize):
960
961 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
962
963         New bytecode format for JSC
964         https://bugs.webkit.org/show_bug.cgi?id=187373
965         <rdar://problem/44186758>
966
967         Reviewed by Filip Pizlo.
968
969         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
970         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
971         operands) and might contain an extra operand, the metadataID. The metadataID is used to
972         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
973
974         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
975         and types to all its operands. Additionally, reading a bytecode from the instruction stream
976         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
977         operands directly from the stream.
978
979
980         * CMakeLists.txt:
981         * DerivedSources.make:
982         * JavaScriptCore.xcodeproj/project.pbxproj:
983         * Sources.txt:
984         * assembler/MacroAssemblerCodeRef.h:
985         (JSC::ReturnAddressPtr::ReturnAddressPtr):
986         (JSC::ReturnAddressPtr::value const):
987         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
988         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
989         * bytecode/ArithProfile.h:
990         (JSC::ArithProfile::ArithProfile):
991         * bytecode/ArrayAllocationProfile.h:
992         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
993         * bytecode/ArrayProfile.h:
994         * bytecode/BytecodeBasicBlock.cpp:
995         (JSC::isJumpTarget):
996         (JSC::BytecodeBasicBlock::computeImpl):
997         (JSC::BytecodeBasicBlock::compute):
998         * bytecode/BytecodeBasicBlock.h:
999         (JSC::BytecodeBasicBlock::leaderOffset const):
1000         (JSC::BytecodeBasicBlock::totalLength const):
1001         (JSC::BytecodeBasicBlock::offsets const):
1002         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
1003         (JSC::BytecodeBasicBlock::addLength):
1004         * bytecode/BytecodeDumper.cpp:
1005         (JSC::BytecodeDumper<Block>::printLocationAndOp):
1006         (JSC::BytecodeDumper<Block>::dumpBytecode):
1007         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1008         (JSC::BytecodeDumper<Block>::dumpConstants):
1009         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
1010         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
1011         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
1012         (JSC::BytecodeDumper<Block>::dumpBlock):
1013         * bytecode/BytecodeDumper.h:
1014         (JSC::BytecodeDumper::dumpOperand):
1015         (JSC::BytecodeDumper::dumpValue):
1016         (JSC::BytecodeDumper::BytecodeDumper):
1017         (JSC::BytecodeDumper::block const):
1018         * bytecode/BytecodeGeneratorification.cpp:
1019         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1020         (JSC::BytecodeGeneratorification::enterPoint const):
1021         (JSC::BytecodeGeneratorification::instructions const):
1022         (JSC::GeneratorLivenessAnalysis::run):
1023         (JSC::BytecodeGeneratorification::run):
1024         (JSC::performGeneratorification):
1025         * bytecode/BytecodeGeneratorification.h:
1026         * bytecode/BytecodeGraph.h:
1027         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
1028         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
1029         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
1030         (JSC::BytecodeGraph::BytecodeGraph):
1031         * bytecode/BytecodeKills.h:
1032         * bytecode/BytecodeList.json: Removed.
1033         * bytecode/BytecodeList.rb: Added.
1034         * bytecode/BytecodeLivenessAnalysis.cpp:
1035         (JSC::BytecodeLivenessAnalysis::dumpResults):
1036         * bytecode/BytecodeLivenessAnalysis.h:
1037         * bytecode/BytecodeLivenessAnalysisInlines.h:
1038         (JSC::isValidRegisterForLiveness):
1039         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1040         * bytecode/BytecodeRewriter.cpp:
1041         (JSC::BytecodeRewriter::applyModification):
1042         (JSC::BytecodeRewriter::execute):
1043         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
1044         (JSC::BytecodeRewriter::insertImpl):
1045         (JSC::BytecodeRewriter::adjustJumpTarget):
1046         (JSC::BytecodeRewriter::adjustJumpTargets):
1047         * bytecode/BytecodeRewriter.h:
1048         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
1049         (JSC::BytecodeRewriter::Fragment::Fragment):
1050         (JSC::BytecodeRewriter::Fragment::appendInstruction):
1051         (JSC::BytecodeRewriter::BytecodeRewriter):
1052         (JSC::BytecodeRewriter::insertFragmentBefore):
1053         (JSC::BytecodeRewriter::insertFragmentAfter):
1054         (JSC::BytecodeRewriter::removeBytecode):
1055         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
1056         (JSC::BytecodeRewriter::adjustJumpTarget):
1057         * bytecode/BytecodeUseDef.h:
1058         (JSC::computeUsesForBytecodeOffset):
1059         (JSC::computeDefsForBytecodeOffset):
1060         * bytecode/CallLinkStatus.cpp:
1061         (JSC::CallLinkStatus::computeFromLLInt):
1062         * bytecode/CodeBlock.cpp:
1063         (JSC::CodeBlock::dumpBytecode):
1064         (JSC::CodeBlock::CodeBlock):
1065         (JSC::CodeBlock::finishCreation):
1066         (JSC::CodeBlock::estimatedSize):
1067         (JSC::CodeBlock::visitChildren):
1068         (JSC::CodeBlock::propagateTransitions):
1069         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1070         (JSC::CodeBlock::addJITAddIC):
1071         (JSC::CodeBlock::addJITMulIC):
1072         (JSC::CodeBlock::addJITSubIC):
1073         (JSC::CodeBlock::addJITNegIC):
1074         (JSC::CodeBlock::stronglyVisitStrongReferences):
1075         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
1076         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
1077         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1078         (JSC::CodeBlock::getArrayProfile):
1079         (JSC::CodeBlock::updateAllArrayPredictions):
1080         (JSC::CodeBlock::predictedMachineCodeSize):
1081         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
1082         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
1083         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1084         (JSC::CodeBlock::validate):
1085         (JSC::CodeBlock::outOfLineJumpOffset):
1086         (JSC::CodeBlock::outOfLineJumpTarget):
1087         (JSC::CodeBlock::arithProfileForBytecodeOffset):
1088         (JSC::CodeBlock::arithProfileForPC):
1089         (JSC::CodeBlock::couldTakeSpecialFastCase):
1090         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1091         * bytecode/CodeBlock.h:
1092         (JSC::CodeBlock::addMathIC):
1093         (JSC::CodeBlock::outOfLineJumpOffset):
1094         (JSC::CodeBlock::bytecodeOffset):
1095         (JSC::CodeBlock::instructions const):
1096         (JSC::CodeBlock::instructionCount const):
1097         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1098         (JSC::CodeBlock::metadata):
1099         (JSC::CodeBlock::metadataSizeInBytes):
1100         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
1101         (JSC::CodeBlock::totalNumberOfValueProfiles):
1102         * bytecode/CodeBlockInlines.h: Added.
1103         (JSC::CodeBlock::forEachValueProfile):
1104         (JSC::CodeBlock::forEachArrayProfile):
1105         (JSC::CodeBlock::forEachArrayAllocationProfile):
1106         (JSC::CodeBlock::forEachObjectAllocationProfile):
1107         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1108         * bytecode/Fits.h: Added.
1109         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1110         * bytecode/GetByIdStatus.cpp:
1111         (JSC::GetByIdStatus::computeFromLLInt):
1112         * bytecode/Instruction.h:
1113         (JSC::Instruction::Instruction):
1114         (JSC::Instruction::Impl::opcodeID const):
1115         (JSC::Instruction::opcodeID const):
1116         (JSC::Instruction::name const):
1117         (JSC::Instruction::isWide const):
1118         (JSC::Instruction::size const):
1119         (JSC::Instruction::is const):
1120         (JSC::Instruction::as const):
1121         (JSC::Instruction::cast):
1122         (JSC::Instruction::cast const):
1123         (JSC::Instruction::narrow const):
1124         (JSC::Instruction::wide const):
1125         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1126         (JSC::InstructionStream::InstructionStream):
1127         (JSC::InstructionStream::sizeInBytes const):
1128         * bytecode/InstructionStream.h: Added.
1129         (JSC::InstructionStream::BaseRef::BaseRef):
1130         (JSC::InstructionStream::BaseRef::operator=):
1131         (JSC::InstructionStream::BaseRef::operator-> const):
1132         (JSC::InstructionStream::BaseRef::ptr const):
1133         (JSC::InstructionStream::BaseRef::operator!= const):
1134         (JSC::InstructionStream::BaseRef::next const):
1135         (JSC::InstructionStream::BaseRef::offset const):
1136         (JSC::InstructionStream::BaseRef::isValid const):
1137         (JSC::InstructionStream::BaseRef::unwrap const):
1138         (JSC::InstructionStream::MutableRef::freeze const):
1139         (JSC::InstructionStream::MutableRef::operator->):
1140         (JSC::InstructionStream::MutableRef::ptr):
1141         (JSC::InstructionStream::MutableRef::operator Ref):
1142         (JSC::InstructionStream::MutableRef::unwrap):
1143         (JSC::InstructionStream::iterator::operator*):
1144         (JSC::InstructionStream::iterator::operator++):
1145         (JSC::InstructionStream::begin const):
1146         (JSC::InstructionStream::end const):
1147         (JSC::InstructionStream::at const):
1148         (JSC::InstructionStream::size const):
1149         (JSC::InstructionStreamWriter::InstructionStreamWriter):
1150         (JSC::InstructionStreamWriter::ref):
1151         (JSC::InstructionStreamWriter::seek):
1152         (JSC::InstructionStreamWriter::position):
1153         (JSC::InstructionStreamWriter::write):
1154         (JSC::InstructionStreamWriter::rewind):
1155         (JSC::InstructionStreamWriter::finalize):
1156         (JSC::InstructionStreamWriter::swap):
1157         (JSC::InstructionStreamWriter::iterator::operator*):
1158         (JSC::InstructionStreamWriter::iterator::operator++):
1159         (JSC::InstructionStreamWriter::begin):
1160         (JSC::InstructionStreamWriter::end):
1161         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
1162         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
1163         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
1164         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
1165         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
1166         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1167         (JSC::MetadataTable::MetadataTable):
1168         (JSC::DeallocTable::withOpcodeType):
1169         (JSC::MetadataTable::~MetadataTable):
1170         (JSC::MetadataTable::sizeInBytes):
1171         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
1172         (JSC::MetadataTable::get):
1173         (JSC::MetadataTable::forEach):
1174         (JSC::MetadataTable::getImpl):
1175         * bytecode/Opcode.cpp:
1176         (JSC::metadataSize):
1177         * bytecode/Opcode.h:
1178         (JSC::padOpcodeName):
1179         * bytecode/OpcodeInlines.h:
1180         (JSC::isOpcodeShape):
1181         (JSC::getOpcodeType):
1182         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1183         * bytecode/PreciseJumpTargets.cpp:
1184         (JSC::getJumpTargetsForInstruction):
1185         (JSC::computePreciseJumpTargetsInternal):
1186         (JSC::computePreciseJumpTargets):
1187         (JSC::recomputePreciseJumpTargets):
1188         (JSC::findJumpTargetsForInstruction):
1189         * bytecode/PreciseJumpTargets.h:
1190         * bytecode/PreciseJumpTargetsInlines.h:
1191         (JSC::jumpTargetForInstruction):
1192         (JSC::extractStoredJumpTargetsForInstruction):
1193         (JSC::updateStoredJumpTargetsForInstruction):
1194         * bytecode/PutByIdStatus.cpp:
1195         (JSC::PutByIdStatus::computeFromLLInt):
1196         * bytecode/SpecialPointer.cpp:
1197         (WTF::printInternal):
1198         * bytecode/SpecialPointer.h:
1199         * bytecode/UnlinkedCodeBlock.cpp:
1200         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1201         (JSC::UnlinkedCodeBlock::visitChildren):
1202         (JSC::UnlinkedCodeBlock::estimatedSize):
1203         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1204         (JSC::dumpLineColumnEntry):
1205         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
1206         (JSC::UnlinkedCodeBlock::setInstructions):
1207         (JSC::UnlinkedCodeBlock::instructions const):
1208         (JSC::UnlinkedCodeBlock::applyModification):
1209         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
1210         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1211         * bytecode/UnlinkedCodeBlock.h:
1212         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
1213         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
1214         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
1215         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
1216         (JSC::UnlinkedCodeBlock::metadata):
1217         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1218         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1219         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
1220         * bytecode/UnlinkedInstructionStream.cpp: Removed.
1221         * bytecode/UnlinkedInstructionStream.h: Removed.
1222         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1223         * bytecode/UnlinkedMetadataTableInlines.h: Added.
1224         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1225         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1226         (JSC::UnlinkedMetadataTable::addEntry):
1227         (JSC::UnlinkedMetadataTable::sizeInBytes):
1228         (JSC::UnlinkedMetadataTable::finalize):
1229         (JSC::UnlinkedMetadataTable::link):
1230         (JSC::UnlinkedMetadataTable::unlink):
1231         * bytecode/VirtualRegister.cpp:
1232         (JSC::VirtualRegister::VirtualRegister):
1233         * bytecode/VirtualRegister.h:
1234         * bytecompiler/BytecodeGenerator.cpp:
1235         (JSC::Label::setLocation):
1236         (JSC::Label::bind):
1237         (JSC::BytecodeGenerator::generate):
1238         (JSC::BytecodeGenerator::BytecodeGenerator):
1239         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
1240         (JSC::BytecodeGenerator::emitEnter):
1241         (JSC::BytecodeGenerator::emitLoopHint):
1242         (JSC::BytecodeGenerator::emitJump):
1243         (JSC::BytecodeGenerator::emitCheckTraps):
1244         (JSC::BytecodeGenerator::rewind):
1245         (JSC::BytecodeGenerator::fuseCompareAndJump):
1246         (JSC::BytecodeGenerator::fuseTestAndJmp):
1247         (JSC::BytecodeGenerator::emitJumpIfTrue):
1248         (JSC::BytecodeGenerator::emitJumpIfFalse):
1249         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1250         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1251         (JSC::BytecodeGenerator::moveLinkTimeConstant):
1252         (JSC::BytecodeGenerator::moveEmptyValue):
1253         (JSC::BytecodeGenerator::emitMove):
1254         (JSC::BytecodeGenerator::emitUnaryOp):
1255         (JSC::BytecodeGenerator::emitBinaryOp):
1256         (JSC::BytecodeGenerator::emitToObject):
1257         (JSC::BytecodeGenerator::emitToNumber):
1258         (JSC::BytecodeGenerator::emitToString):
1259         (JSC::BytecodeGenerator::emitTypeOf):
1260         (JSC::BytecodeGenerator::emitInc):
1261         (JSC::BytecodeGenerator::emitDec):
1262         (JSC::BytecodeGenerator::emitEqualityOp):
1263         (JSC::BytecodeGenerator::emitProfileType):
1264         (JSC::BytecodeGenerator::emitProfileControlFlow):
1265         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1266         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
1267         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1268         (JSC::BytecodeGenerator::emitOverridesHasInstance):
1269         (JSC::BytecodeGenerator::emitResolveScope):
1270         (JSC::BytecodeGenerator::emitGetFromScope):
1271         (JSC::BytecodeGenerator::emitPutToScope):
1272         (JSC::BytecodeGenerator::emitInstanceOf):
1273         (JSC::BytecodeGenerator::emitInstanceOfCustom):
1274         (JSC::BytecodeGenerator::emitInByVal):
1275         (JSC::BytecodeGenerator::emitInById):
1276         (JSC::BytecodeGenerator::emitTryGetById):
1277         (JSC::BytecodeGenerator::emitGetById):
1278         (JSC::BytecodeGenerator::emitDirectGetById):
1279         (JSC::BytecodeGenerator::emitPutById):
1280         (JSC::BytecodeGenerator::emitDirectPutById):
1281         (JSC::BytecodeGenerator::emitPutGetterById):
1282         (JSC::BytecodeGenerator::emitPutSetterById):
1283         (JSC::BytecodeGenerator::emitPutGetterSetter):
1284         (JSC::BytecodeGenerator::emitPutGetterByVal):
1285         (JSC::BytecodeGenerator::emitPutSetterByVal):
1286         (JSC::BytecodeGenerator::emitDeleteById):
1287         (JSC::BytecodeGenerator::emitGetByVal):
1288         (JSC::BytecodeGenerator::emitPutByVal):
1289         (JSC::BytecodeGenerator::emitDirectPutByVal):
1290         (JSC::BytecodeGenerator::emitDeleteByVal):
1291         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
1292         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
1293         (JSC::BytecodeGenerator::emitIdWithProfile):
1294         (JSC::BytecodeGenerator::emitUnreachable):
1295         (JSC::BytecodeGenerator::emitGetArgument):
1296         (JSC::BytecodeGenerator::emitCreateThis):
1297         (JSC::BytecodeGenerator::emitTDZCheck):
1298         (JSC::BytecodeGenerator::emitNewObject):
1299         (JSC::BytecodeGenerator::emitNewArrayBuffer):
1300         (JSC::BytecodeGenerator::emitNewArray):
1301         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
1302         (JSC::BytecodeGenerator::emitNewArrayWithSize):
1303         (JSC::BytecodeGenerator::emitNewRegExp):
1304         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1305         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
1306         (JSC::BytecodeGenerator::emitNewFunction):
1307         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
1308         (JSC::BytecodeGenerator::emitCall):
1309         (JSC::BytecodeGenerator::emitCallInTailPosition):
1310         (JSC::BytecodeGenerator::emitCallEval):
1311         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
1312         (JSC::BytecodeGenerator::emitCallVarargs):
1313         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
1314         (JSC::BytecodeGenerator::emitConstructVarargs):
1315         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
1316         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
1317         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
1318         (JSC::BytecodeGenerator::emitCallDefineProperty):
1319         (JSC::BytecodeGenerator::emitReturn):
1320         (JSC::BytecodeGenerator::emitEnd):
1321         (JSC::BytecodeGenerator::emitConstruct):
1322         (JSC::BytecodeGenerator::emitStrcat):
1323         (JSC::BytecodeGenerator::emitToPrimitive):
1324         (JSC::BytecodeGenerator::emitGetScope):
1325         (JSC::BytecodeGenerator::emitPushWithScope):
1326         (JSC::BytecodeGenerator::emitGetParentScope):
1327         (JSC::BytecodeGenerator::emitDebugHook):
1328         (JSC::BytecodeGenerator::emitCatch):
1329         (JSC::BytecodeGenerator::emitThrow):
1330         (JSC::BytecodeGenerator::emitArgumentCount):
1331         (JSC::BytecodeGenerator::emitThrowStaticError):
1332         (JSC::BytecodeGenerator::beginSwitch):
1333         (JSC::prepareJumpTableForSwitch):
1334         (JSC::prepareJumpTableForStringSwitch):
1335         (JSC::BytecodeGenerator::endSwitch):
1336         (JSC::BytecodeGenerator::emitGetEnumerableLength):
1337         (JSC::BytecodeGenerator::emitHasGenericProperty):
1338         (JSC::BytecodeGenerator::emitHasIndexedProperty):
1339         (JSC::BytecodeGenerator::emitHasStructureProperty):
1340         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
1341         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
1342         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
1343         (JSC::BytecodeGenerator::emitToIndexString):
1344         (JSC::BytecodeGenerator::emitIsCellWithType):
1345         (JSC::BytecodeGenerator::emitIsObject):
1346         (JSC::BytecodeGenerator::emitIsNumber):
1347         (JSC::BytecodeGenerator::emitIsUndefined):
1348         (JSC::BytecodeGenerator::emitIsEmpty):
1349         (JSC::BytecodeGenerator::emitRestParameter):
1350         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1351         (JSC::BytecodeGenerator::emitYieldPoint):
1352         (JSC::BytecodeGenerator::emitYield):
1353         (JSC::BytecodeGenerator::emitGetAsyncIterator):
1354         (JSC::BytecodeGenerator::emitDelegateYield):
1355         (JSC::BytecodeGenerator::emitFinallyCompletion):
1356         (JSC::BytecodeGenerator::emitJumpIf):
1357         (JSC::ForInContext::finalize):
1358         (JSC::StructureForInContext::finalize):
1359         (JSC::IndexedForInContext::finalize):
1360         (JSC::StaticPropertyAnalysis::record):
1361         (JSC::BytecodeGenerator::emitToThis):
1362         * bytecompiler/BytecodeGenerator.h:
1363         (JSC::StructureForInContext::addGetInst):
1364         (JSC::BytecodeGenerator::recordOpcode):
1365         (JSC::BytecodeGenerator::addMetadataFor):
1366         (JSC::BytecodeGenerator::emitUnaryOp):
1367         (JSC::BytecodeGenerator::kill):
1368         (JSC::BytecodeGenerator::instructions const):
1369         (JSC::BytecodeGenerator::write):
1370         (JSC::BytecodeGenerator::withWriter):
1371         * bytecompiler/Label.h:
1372         (JSC::Label::Label):
1373         (JSC::Label::bind):
1374         * bytecompiler/NodesCodegen.cpp:
1375         (JSC::ArrayNode::emitBytecode):
1376         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
1377         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1378         (JSC::BitwiseNotNode::emitBytecode):
1379         (JSC::BinaryOpNode::emitBytecode):
1380         (JSC::EqualNode::emitBytecode):
1381         (JSC::StrictEqualNode::emitBytecode):
1382         (JSC::emitReadModifyAssignment):
1383         (JSC::ForInNode::emitBytecode):
1384         (JSC::CaseBlockNode::emitBytecodeForBlock):
1385         (JSC::FunctionNode::emitBytecode):
1386         (JSC::ClassExprNode::emitBytecode):
1387         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
1388         (WTF::printInternal):
1389         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1390         * bytecompiler/RegisterID.h:
1391         * bytecompiler/StaticPropertyAnalysis.h:
1392         (JSC::StaticPropertyAnalysis::create):
1393         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
1394         * bytecompiler/StaticPropertyAnalyzer.h:
1395         (JSC::StaticPropertyAnalyzer::createThis):
1396         (JSC::StaticPropertyAnalyzer::newObject):
1397         (JSC::StaticPropertyAnalyzer::putById):
1398         (JSC::StaticPropertyAnalyzer::mov):
1399         (JSC::StaticPropertyAnalyzer::kill):
1400         * dfg/DFGByteCodeParser.cpp:
1401         (JSC::DFG::ByteCodeParser::addCall):
1402         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1403         (JSC::DFG::ByteCodeParser::getArrayMode):
1404         (JSC::DFG::ByteCodeParser::handleCall):
1405         (JSC::DFG::ByteCodeParser::handleVarargsCall):
1406         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1407         (JSC::DFG::ByteCodeParser::inlineCall):
1408         (JSC::DFG::ByteCodeParser::handleCallVariant):
1409         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
1410         (JSC::DFG::ByteCodeParser::handleInlining):
1411         (JSC::DFG::ByteCodeParser::handleMinMax):
1412         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1413         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
1414         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
1415         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
1416         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1417         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1418         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1419         (JSC::DFG::ByteCodeParser::handleGetById):
1420         (JSC::DFG::ByteCodeParser::handlePutById):
1421         (JSC::DFG::ByteCodeParser::parseGetById):
1422         (JSC::DFG::ByteCodeParser::parseBlock):
1423         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1424         (JSC::DFG::ByteCodeParser::handlePutByVal):
1425         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
1426         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
1427         (JSC::DFG::ByteCodeParser::handleNewFunc):
1428         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
1429         (JSC::DFG::ByteCodeParser::parse):
1430         * dfg/DFGCapabilities.cpp:
1431         (JSC::DFG::capabilityLevel):
1432         * dfg/DFGCapabilities.h:
1433         (JSC::DFG::capabilityLevel):
1434         * dfg/DFGOSREntry.cpp:
1435         (JSC::DFG::prepareCatchOSREntry):
1436         * dfg/DFGSpeculativeJIT.cpp:
1437         (JSC::DFG::SpeculativeJIT::compileValueAdd):
1438         (JSC::DFG::SpeculativeJIT::compileValueSub):
1439         (JSC::DFG::SpeculativeJIT::compileValueNegate):
1440         (JSC::DFG::SpeculativeJIT::compileArithMul):
1441         * ftl/FTLLowerDFGToB3.cpp:
1442         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
1443         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
1444         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
1445         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
1446         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
1447         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
1448         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
1449         * ftl/FTLOperations.cpp:
1450         (JSC::FTL::operationMaterializeObjectInOSR):
1451         * generate-bytecode-files: Removed.
1452         * generator/Argument.rb: Added.
1453         * generator/Assertion.rb: Added.
1454         * generator/DSL.rb: Added.
1455         * generator/Fits.rb: Added.
1456         * generator/GeneratedFile.rb: Added.
1457         * generator/Metadata.rb: Added.
1458         * generator/Opcode.rb: Added.
1459         * generator/OpcodeGroup.rb: Added.
1460         * generator/Options.rb: Added.
1461         * generator/Section.rb: Added.
1462         * generator/Template.rb: Added.
1463         * generator/Type.rb: Added.
1464         * generator/main.rb: Added.
1465         * interpreter/AbstractPC.h:
1466         * interpreter/CallFrame.cpp:
1467         (JSC::CallFrame::currentVPC const):
1468         (JSC::CallFrame::setCurrentVPC):
1469         * interpreter/CallFrame.h:
1470         (JSC::CallSiteIndex::CallSiteIndex):
1471         (JSC::ExecState::setReturnPC):
1472         * interpreter/Interpreter.cpp:
1473         (WTF::printInternal):
1474         * interpreter/Interpreter.h:
1475         * interpreter/InterpreterInlines.h:
1476         * interpreter/StackVisitor.cpp:
1477         (JSC::StackVisitor::Frame::dump const):
1478         * interpreter/VMEntryRecord.h:
1479         * jit/JIT.cpp:
1480         (JSC::JIT::JIT):
1481         (JSC::JIT::emitSlowCaseCall):
1482         (JSC::JIT::privateCompileMainPass):
1483         (JSC::JIT::privateCompileSlowCases):
1484         (JSC::JIT::compileWithoutLinking):
1485         (JSC::JIT::link):
1486         * jit/JIT.h:
1487         * jit/JITArithmetic.cpp:
1488         (JSC::JIT::emit_op_jless):
1489         (JSC::JIT::emit_op_jlesseq):
1490         (JSC::JIT::emit_op_jgreater):
1491         (JSC::JIT::emit_op_jgreatereq):
1492         (JSC::JIT::emit_op_jnless):
1493         (JSC::JIT::emit_op_jnlesseq):
1494         (JSC::JIT::emit_op_jngreater):
1495         (JSC::JIT::emit_op_jngreatereq):
1496         (JSC::JIT::emitSlow_op_jless):
1497         (JSC::JIT::emitSlow_op_jlesseq):
1498         (JSC::JIT::emitSlow_op_jgreater):
1499         (JSC::JIT::emitSlow_op_jgreatereq):
1500         (JSC::JIT::emitSlow_op_jnless):
1501         (JSC::JIT::emitSlow_op_jnlesseq):
1502         (JSC::JIT::emitSlow_op_jngreater):
1503         (JSC::JIT::emitSlow_op_jngreatereq):
1504         (JSC::JIT::emit_op_below):
1505         (JSC::JIT::emit_op_beloweq):
1506         (JSC::JIT::emit_op_jbelow):
1507         (JSC::JIT::emit_op_jbeloweq):
1508         (JSC::JIT::emit_op_unsigned):
1509         (JSC::JIT::emit_compareAndJump):
1510         (JSC::JIT::emit_compareUnsignedAndJump):
1511         (JSC::JIT::emit_compareUnsigned):
1512         (JSC::JIT::emit_compareAndJumpSlow):
1513         (JSC::JIT::emit_op_inc):
1514         (JSC::JIT::emit_op_dec):
1515         (JSC::JIT::emit_op_mod):
1516         (JSC::JIT::emitSlow_op_mod):
1517         (JSC::JIT::emit_op_negate):
1518         (JSC::JIT::emitSlow_op_negate):
1519         (JSC::JIT::emitBitBinaryOpFastPath):
1520         (JSC::JIT::emit_op_bitand):
1521         (JSC::JIT::emit_op_bitor):
1522         (JSC::JIT::emit_op_bitxor):
1523         (JSC::JIT::emit_op_lshift):
1524         (JSC::JIT::emitRightShiftFastPath):
1525         (JSC::JIT::emit_op_rshift):
1526         (JSC::JIT::emit_op_urshift):
1527         (JSC::getOperandTypes):
1528         (JSC::JIT::emit_op_add):
1529         (JSC::JIT::emitSlow_op_add):
1530         (JSC::JIT::emitMathICFast):
1531         (JSC::JIT::emitMathICSlow):
1532         (JSC::JIT::emit_op_div):
1533         (JSC::JIT::emit_op_mul):
1534         (JSC::JIT::emitSlow_op_mul):
1535         (JSC::JIT::emit_op_sub):
1536         (JSC::JIT::emitSlow_op_sub):
1537         * jit/JITCall.cpp:
1538         (JSC::JIT::emitPutCallResult):
1539         (JSC::JIT::compileSetupFrame):
1540         (JSC::JIT::compileCallEval):
1541         (JSC::JIT::compileCallEvalSlowCase):
1542         (JSC::JIT::compileTailCall):
1543         (JSC::JIT::compileOpCall):
1544         (JSC::JIT::compileOpCallSlowCase):
1545         (JSC::JIT::emit_op_call):
1546         (JSC::JIT::emit_op_tail_call):
1547         (JSC::JIT::emit_op_call_eval):
1548         (JSC::JIT::emit_op_call_varargs):
1549         (JSC::JIT::emit_op_tail_call_varargs):
1550         (JSC::JIT::emit_op_tail_call_forward_arguments):
1551         (JSC::JIT::emit_op_construct_varargs):
1552         (JSC::JIT::emit_op_construct):
1553         (JSC::JIT::emitSlow_op_call):
1554         (JSC::JIT::emitSlow_op_tail_call):
1555         (JSC::JIT::emitSlow_op_call_eval):
1556         (JSC::JIT::emitSlow_op_call_varargs):
1557         (JSC::JIT::emitSlow_op_tail_call_varargs):
1558         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
1559         (JSC::JIT::emitSlow_op_construct_varargs):
1560         (JSC::JIT::emitSlow_op_construct):
1561         * jit/JITDisassembler.cpp:
1562         (JSC::JITDisassembler::JITDisassembler):
1563         * jit/JITExceptions.cpp:
1564         (JSC::genericUnwind):
1565         * jit/JITInlines.h:
1566         (JSC::JIT::emitDoubleGetByVal):
1567         (JSC::JIT::emitLoadForArrayMode):
1568         (JSC::JIT::emitContiguousGetByVal):
1569         (JSC::JIT::emitArrayStorageGetByVal):
1570         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1571         (JSC::JIT::sampleInstruction):
1572         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
1573         (JSC::JIT::emitValueProfilingSite):
1574         (JSC::JIT::jumpTarget):
1575         (JSC::JIT::copiedGetPutInfo):
1576         (JSC::JIT::copiedArithProfile):
1577         * jit/JITMathIC.h:
1578         (JSC::isProfileEmpty):
1579         (JSC::JITBinaryMathIC::JITBinaryMathIC):
1580         (JSC::JITUnaryMathIC::JITUnaryMathIC):
1581         * jit/JITOpcodes.cpp:
1582         (JSC::JIT::emit_op_mov):
1583         (JSC::JIT::emit_op_end):
1584         (JSC::JIT::emit_op_jmp):
1585         (JSC::JIT::emit_op_new_object):
1586         (JSC::JIT::emitSlow_op_new_object):
1587         (JSC::JIT::emit_op_overrides_has_instance):
1588         (JSC::JIT::emit_op_instanceof):
1589         (JSC::JIT::emitSlow_op_instanceof):
1590         (JSC::JIT::emit_op_instanceof_custom):
1591         (JSC::JIT::emit_op_is_empty):
1592         (JSC::JIT::emit_op_is_undefined):
1593         (JSC::JIT::emit_op_is_boolean):
1594         (JSC::JIT::emit_op_is_number):
1595         (JSC::JIT::emit_op_is_cell_with_type):
1596         (JSC::JIT::emit_op_is_object):
1597         (JSC::JIT::emit_op_ret):
1598         (JSC::JIT::emit_op_to_primitive):
1599         (JSC::JIT::emit_op_set_function_name):
1600         (JSC::JIT::emit_op_not):
1601         (JSC::JIT::emit_op_jfalse):
1602         (JSC::JIT::emit_op_jeq_null):
1603         (JSC::JIT::emit_op_jneq_null):
1604         (JSC::JIT::emit_op_jneq_ptr):
1605         (JSC::JIT::emit_op_eq):
1606         (JSC::JIT::emit_op_jeq):
1607         (JSC::JIT::emit_op_jtrue):
1608         (JSC::JIT::emit_op_neq):
1609         (JSC::JIT::emit_op_jneq):
1610         (JSC::JIT::emit_op_throw):
1611         (JSC::JIT::compileOpStrictEq):
1612         (JSC::JIT::emit_op_stricteq):
1613         (JSC::JIT::emit_op_nstricteq):
1614         (JSC::JIT::compileOpStrictEqJump):
1615         (JSC::JIT::emit_op_jstricteq):
1616         (JSC::JIT::emit_op_jnstricteq):
1617         (JSC::JIT::emitSlow_op_jstricteq):
1618         (JSC::JIT::emitSlow_op_jnstricteq):
1619         (JSC::JIT::emit_op_to_number):
1620         (JSC::JIT::emit_op_to_string):
1621         (JSC::JIT::emit_op_to_object):
1622         (JSC::JIT::emit_op_catch):
1623         (JSC::JIT::emit_op_identity_with_profile):
1624         (JSC::JIT::emit_op_get_parent_scope):
1625         (JSC::JIT::emit_op_switch_imm):
1626         (JSC::JIT::emit_op_switch_char):
1627         (JSC::JIT::emit_op_switch_string):
1628         (JSC::JIT::emit_op_debug):
1629         (JSC::JIT::emit_op_eq_null):
1630         (JSC::JIT::emit_op_neq_null):
1631         (JSC::JIT::emit_op_enter):
1632         (JSC::JIT::emit_op_get_scope):
1633         (JSC::JIT::emit_op_to_this):
1634         (JSC::JIT::emit_op_create_this):
1635         (JSC::JIT::emit_op_check_tdz):
1636         (JSC::JIT::emitSlow_op_eq):
1637         (JSC::JIT::emitSlow_op_neq):
1638         (JSC::JIT::emitSlow_op_jeq):
1639         (JSC::JIT::emitSlow_op_jneq):
1640         (JSC::JIT::emitSlow_op_instanceof_custom):
1641         (JSC::JIT::emit_op_loop_hint):
1642         (JSC::JIT::emitSlow_op_loop_hint):
1643         (JSC::JIT::emit_op_check_traps):
1644         (JSC::JIT::emit_op_nop):
1645         (JSC::JIT::emit_op_super_sampler_begin):
1646         (JSC::JIT::emit_op_super_sampler_end):
1647         (JSC::JIT::emitSlow_op_check_traps):
1648         (JSC::JIT::emit_op_new_regexp):
1649         (JSC::JIT::emitNewFuncCommon):
1650         (JSC::JIT::emit_op_new_func):
1651         (JSC::JIT::emit_op_new_generator_func):
1652         (JSC::JIT::emit_op_new_async_generator_func):
1653         (JSC::JIT::emit_op_new_async_func):
1654         (JSC::JIT::emitNewFuncExprCommon):
1655         (JSC::JIT::emit_op_new_func_exp):
1656         (JSC::JIT::emit_op_new_generator_func_exp):
1657         (JSC::JIT::emit_op_new_async_func_exp):
1658         (JSC::JIT::emit_op_new_async_generator_func_exp):
1659         (JSC::JIT::emit_op_new_array):
1660         (JSC::JIT::emit_op_new_array_with_size):
1661         (JSC::JIT::emit_op_has_structure_property):
1662         (JSC::JIT::privateCompileHasIndexedProperty):
1663         (JSC::JIT::emit_op_has_indexed_property):
1664         (JSC::JIT::emitSlow_op_has_indexed_property):
1665         (JSC::JIT::emit_op_get_direct_pname):
1666         (JSC::JIT::emit_op_enumerator_structure_pname):
1667         (JSC::JIT::emit_op_enumerator_generic_pname):
1668         (JSC::JIT::emit_op_profile_type):
1669         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1670         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1671         (JSC::JIT::emit_op_profile_control_flow):
1672         (JSC::JIT::emit_op_argument_count):
1673         (JSC::JIT::emit_op_get_rest_length):
1674         (JSC::JIT::emit_op_get_argument):
1675         * jit/JITOpcodes32_64.cpp:
1676         (JSC::JIT::emit_op_to_this):
1677         * jit/JITOperations.cpp:
1678         * jit/JITOperations.h:
1679         * jit/JITPropertyAccess.cpp:
1680         (JSC::JIT::emit_op_get_by_val):
1681         (JSC::JIT::emitGetByValWithCachedId):
1682         (JSC::JIT::emitSlow_op_get_by_val):
1683         (JSC::JIT::emit_op_put_by_val_direct):
1684         (JSC::JIT::emit_op_put_by_val):
1685         (JSC::JIT::emitGenericContiguousPutByVal):
1686         (JSC::JIT::emitArrayStoragePutByVal):
1687         (JSC::JIT::emitPutByValWithCachedId):
1688         (JSC::JIT::emitSlow_op_put_by_val):
1689         (JSC::JIT::emit_op_put_getter_by_id):
1690         (JSC::JIT::emit_op_put_setter_by_id):
1691         (JSC::JIT::emit_op_put_getter_setter_by_id):
1692         (JSC::JIT::emit_op_put_getter_by_val):
1693         (JSC::JIT::emit_op_put_setter_by_val):
1694         (JSC::JIT::emit_op_del_by_id):
1695         (JSC::JIT::emit_op_del_by_val):
1696         (JSC::JIT::emit_op_try_get_by_id):
1697         (JSC::JIT::emitSlow_op_try_get_by_id):
1698         (JSC::JIT::emit_op_get_by_id_direct):
1699         (JSC::JIT::emitSlow_op_get_by_id_direct):
1700         (JSC::JIT::emit_op_get_by_id):
1701         (JSC::JIT::emit_op_get_by_id_with_this):
1702         (JSC::JIT::emitSlow_op_get_by_id):
1703         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1704         (JSC::JIT::emit_op_put_by_id):
1705         (JSC::JIT::emitSlow_op_put_by_id):
1706         (JSC::JIT::emit_op_in_by_id):
1707         (JSC::JIT::emitSlow_op_in_by_id):
1708         (JSC::JIT::emit_op_resolve_scope):
1709         (JSC::JIT::emit_op_get_from_scope):
1710         (JSC::JIT::emitSlow_op_get_from_scope):
1711         (JSC::JIT::emit_op_put_to_scope):
1712         (JSC::JIT::emitSlow_op_put_to_scope):
1713         (JSC::JIT::emit_op_get_from_arguments):
1714         (JSC::JIT::emit_op_put_to_arguments):
1715         (JSC::JIT::privateCompileGetByVal):
1716         (JSC::JIT::privateCompileGetByValWithCachedId):
1717         (JSC::JIT::privateCompilePutByVal):
1718         (JSC::JIT::privateCompilePutByValWithCachedId):
1719         (JSC::JIT::emitDoubleLoad):
1720         (JSC::JIT::emitContiguousLoad):
1721         (JSC::JIT::emitArrayStorageLoad):
1722         (JSC::JIT::emitDirectArgumentsGetByVal):
1723         (JSC::JIT::emitScopedArgumentsGetByVal):
1724         (JSC::JIT::emitIntTypedArrayGetByVal):
1725         (JSC::JIT::emitFloatTypedArrayGetByVal):
1726         (JSC::JIT::emitIntTypedArrayPutByVal):
1727         (JSC::JIT::emitFloatTypedArrayPutByVal):
1728         * jit/RegisterSet.cpp:
1729         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
1730         * jit/SlowPathCall.h:
1731         (JSC::JITSlowPathCall::JITSlowPathCall):
1732         * llint/LLIntData.cpp:
1733         (JSC::LLInt::initialize):
1734         (JSC::LLInt::Data::performAssertions):
1735         * llint/LLIntData.h:
1736         (JSC::LLInt::exceptionInstructions):
1737         (JSC::LLInt::opcodeMap):
1738         (JSC::LLInt::opcodeMapWide):
1739         (JSC::LLInt::getOpcode):
1740         (JSC::LLInt::getOpcodeWide):
1741         (JSC::LLInt::getWideCodePtr):
1742         * llint/LLIntOffsetsExtractor.cpp:
1743         * llint/LLIntSlowPaths.cpp:
1744         (JSC::LLInt::llint_trace_operand):
1745         (JSC::LLInt::llint_trace_value):
1746         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1747         (JSC::LLInt::entryOSR):
1748         (JSC::LLInt::setupGetByIdPrototypeCache):
1749         (JSC::LLInt::getByVal):
1750         (JSC::LLInt::handleHostCall):
1751         (JSC::LLInt::setUpCall):
1752         (JSC::LLInt::genericCall):
1753         (JSC::LLInt::varargsSetup):
1754         (JSC::LLInt::commonCallEval):
1755         * llint/LLIntSlowPaths.h:
1756         * llint/LowLevelInterpreter.asm:
1757         * llint/LowLevelInterpreter.cpp:
1758         (JSC::CLoopRegister::operator const Instruction*):
1759         (JSC::CLoop::execute):
1760         * llint/LowLevelInterpreter32_64.asm:
1761         * llint/LowLevelInterpreter64.asm:
1762         * offlineasm/arm64.rb:
1763         * offlineasm/asm.rb:
1764         * offlineasm/ast.rb:
1765         * offlineasm/cloop.rb:
1766         * offlineasm/generate_offset_extractor.rb:
1767         * offlineasm/instructions.rb:
1768         * offlineasm/offsets.rb:
1769         * offlineasm/parser.rb:
1770         * offlineasm/transform.rb:
1771         * offlineasm/x86.rb:
1772         * parser/ResultType.h:
1773         (JSC::ResultType::dump const):
1774         (JSC::OperandTypes::first const):
1775         (JSC::OperandTypes::second const):
1776         (JSC::OperandTypes::dump const):
1777         * profiler/ProfilerBytecodeSequence.cpp:
1778         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1779         * runtime/CommonSlowPaths.cpp:
1780         (JSC::SLOW_PATH_DECL):
1781         (JSC::updateArithProfileForUnaryArithOp):
1782         (JSC::updateArithProfileForBinaryArithOp):
1783         * runtime/CommonSlowPaths.h:
1784         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
1785         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
1786         * runtime/ExceptionFuzz.cpp:
1787         (JSC::doExceptionFuzzing):
1788         * runtime/ExceptionFuzz.h:
1789         (JSC::doExceptionFuzzingIfEnabled):
1790         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1791         (JSC::GetPutInfo::dump const):
1792         (WTF::printInternal):
1793         * runtime/GetPutInfo.h:
1794         (JSC::GetPutInfo::operand const):
1795         * runtime/JSCPoison.h:
1796         * runtime/JSType.cpp: Added.
1797         (WTF::printInternal):
1798         * runtime/JSType.h:
1799         * runtime/SamplingProfiler.cpp:
1800         (JSC::SamplingProfiler::StackFrame::displayName):
1801         * runtime/SamplingProfiler.h:
1802         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
1803         * runtime/SlowPathReturnType.h:
1804         (JSC::encodeResult):
1805         (JSC::decodeResult):
1806         * runtime/VM.h:
1807         * runtime/Watchdog.h:
1808         * tools/HeapVerifier.cpp:
1809
1810 2018-10-26  Commit Queue  <commit-queue@webkit.org>
1811
1812         Unreviewed, rolling out r237445.
1813         https://bugs.webkit.org/show_bug.cgi?id=190972
1814
1815         Cause performance regression on iOS devices (Requested by
1816         yusukesuzuki on #webkit).
1817
1818         Reverted changeset:
1819
1820         "Unreviewed, partial rolling in r237254"
1821         https://bugs.webkit.org/show_bug.cgi?id=190340
1822         https://trac.webkit.org/changeset/237445
1823
1824 2018-10-26  Mark Lam  <mark.lam@apple.com>
1825
1826         Fix missing edge cases with JSGlobalObjects having a bad time.
1827         https://bugs.webkit.org/show_bug.cgi?id=189028
1828         <rdar://problem/45204939>
1829
1830         Reviewed by Saam Barati.
1831
1832         Consider the following scenario:
1833
1834             let object O1 (of global G1) have an indexing type that is not SlowPut.
1835             let global G2 have a bad time.
1836             let object O2 (of global G2) be set as the prototype of O1.
1837             let object O3 (of global G2) have indexed accessors.
1838
1839         In the existing code, if we set O3 as O2's prototype, we'll have a bug where
1840         O1 will not be made aware that that there are indexed accessors in its prototype
1841         chain.
1842
1843         In this patch, we solve this issue by introducing a new invariant:
1844
1845             A prototype chain is considered to possibly have indexed accessors if any
1846             object in the chain belongs to a global object that is having a bad time.
1847
1848         We apply this invariant as follows:
1849
1850         1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are
1851            affected by it having a bad time.  If so, it also ensures that those affected
1852            global objects have a bad time.
1853
1854            The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder
1855            to find all objects affected by the global object having a bad time.  We enhance
1856            ObjectsWithBrokenIndexingFinder to also check for the possibility that any global
1857            objects may be affected by other global objects having a bad time i.e.
1858
1859                 let g1 = global1
1860                 let g2 = global2
1861                 let o1 = an object in g1
1862                 let o2 = an object in g2
1863
1864                 let g1 have a bad time
1865                 g2 is affected if
1866                     o1 is in the prototype chain of o2,
1867                     and o2 may be a prototype.
1868
1869            If the ObjectsWithBrokenIndexingFinder does find the possibility of other global
1870            objects being affected, it will abort its heap scan and let haveABadTime() take
1871            a slow path to do a more complete multi global object scan.
1872
1873            The slow path works as follows:
1874
1875            1. Iterate the heap and record the graph of all global object dependencies.
1876
1877               For each global object, record the list of other global objects that are
1878               affected by it.
1879
1880            2. Compute a list of global objects that need to have a bad time using the
1881               current global object dependency graph.
1882
1883            3. For each global object in the list of affected global objects, fire their
1884               HaveABadTime watchpoint and convert all their array structures to the
1885               SlowPut alternatives.
1886
1887            4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected
1888               by any of the globals in the list from (2).
1889
1890         2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the
1891            structure's global object is having a bad time.
1892
1893         Note: there are 3 scenarios that we need to consider:
1894
1895             let g1 = global1
1896             let g2 = global2
1897             let o1 = an object in g1
1898             let o2 = an object in g2
1899
1900             Scenario 1: o2 is a prototype, and
1901                         g1 has a bad time after o1 is inserted into the o2's prototype chain.
1902
1903             Scenario 2: o2 is a prototype, and
1904                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
1905
1906             Scenario 3: o2 is NOT a prototype, and
1907                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
1908
1909             For scenario 1, when g1 has a bad time, we need to also make sure g2 has
1910             a bad time.  This is handled by enhancement 1 above.
1911
1912             For scenario 2, when o1 is inserted into o2's prototype chain, we need to check
1913             if o1's global object has a bad time.  If so, then we need to make sure o2's
1914             global also has a bad time (because o2 is a prototype) and convert o2's
1915             storage type to SlowPut.  This is handled by enhancement 2 above in conjunction
1916             with JSObject::setPrototypeDirect().
1917
1918             For scenario 3, when o1 is inserted into o2's prototype chain, we need to check
1919             if o1's global object has a bad time.  If so, then we only need to convert o2's
1920             storage type to SlowPut (because o2 is NOT a prototype).  This is handled by
1921             enhancement 2 above.
1922
1923         3. Also add $vm.isHavingABadTime(), $vm.createGlobalObject() to enable us to
1924            write some tests for this issue.
1925
1926         * runtime/JSGlobalObject.cpp:
1927         (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
1928         (JSC::JSGlobalObject::haveABadTime):
1929         * runtime/JSGlobalObject.h:
1930         * runtime/JSObject.h:
1931         (JSC::JSObject::mayInterceptIndexedAccesses): Deleted.
1932         * runtime/JSObjectInlines.h:
1933         (JSC::JSObject::mayInterceptIndexedAccesses):
1934         * runtime/Structure.h:
1935         * runtime/StructureInlines.h:
1936         (JSC::Structure::mayInterceptIndexedAccesses const):
1937         * tools/JSDollarVM.cpp:
1938         (JSC::functionHaveABadTime):
1939         (JSC::functionIsHavingABadTime):
1940         (JSC::functionCreateGlobalObject):
1941         (JSC::JSDollarVM::finishCreation):
1942
1943 2018-10-26  Keith Miller  <keith_miller@apple.com>
1944
1945         JSC xcconfig should set DEFINES_MODULE
1946         https://bugs.webkit.org/show_bug.cgi?id=190952
1947
1948         Reviewed by Mark Lam.
1949
1950         This should mean that the JavaScriptCore.framework will have a module map.
1951
1952         * Configurations/JavaScriptCore.xcconfig:
1953
1954 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1955
1956         [JSC] havingABadTimeWatchpoint is not required in Array#indexOf optimization
1957         https://bugs.webkit.org/show_bug.cgi?id=190941
1958
1959         Reviewed by Saam Barati.
1960
1961         While "Rest" operation fast path requires havingABadTimeWatchpoint since it allocates
1962         JSArray, Array#{indexOf,lastIndexOf} do not require it when we use the fast path for them.
1963         This patch removes watching on havingABadTimeWatchpoint in Array#indexOf. The test causing
1964         "havingABadTime" is already included in our test suites (e.g. array-indexof-have-a-bad-time.js).
1965
1966         * dfg/DFGByteCodeParser.cpp:
1967         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1968         * runtime/JSArrayInlines.h:
1969         (JSC::JSArray::canDoFastIndexedAccess):
1970         * runtime/JSGlobalObject.h:
1971         * runtime/JSGlobalObjectInlines.h:
1972         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
1973         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable): Deleted.
1974
1975 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1976
1977         Unreviewed, partial rolling in r237254
1978         https://bugs.webkit.org/show_bug.cgi?id=190340
1979
1980         We do not use the added function right now to investigate what is the reason of the regression.
1981         If it causes the regression, it seems that Parser.cpp's inlining decision seems culprit.
1982
1983         * bytecode/UnlinkedFunctionExecutable.cpp:
1984         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1985         * bytecode/UnlinkedFunctionExecutable.h:
1986         * parser/Parser.cpp:
1987         (JSC::Parser<LexerType>::parseInner):
1988         (JSC::Parser<LexerType>::parseSingleFunction):
1989         (JSC::Parser<LexerType>::parseFunctionInfo):
1990         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1991         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
1992         * parser/Parser.h:
1993         (JSC::Parser<LexerType>::parse):
1994         (JSC::parse):
1995         (JSC::parseFunctionForFunctionConstructor):
1996         * parser/ParserModes.h:
1997         * parser/ParserTokens.h:
1998         (JSC::JSTextPosition::JSTextPosition):
1999         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
2000         * parser/SourceCodeKey.h:
2001         (JSC::SourceCodeKey::SourceCodeKey):
2002         (JSC::SourceCodeKey::operator== const):
2003         * runtime/CodeCache.cpp:
2004         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2005         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2006         * runtime/CodeCache.h:
2007         * runtime/FunctionConstructor.cpp:
2008         (JSC::constructFunctionSkippingEvalEnabledCheck):
2009         * runtime/FunctionExecutable.cpp:
2010         (JSC::FunctionExecutable::fromGlobalCode):
2011         * runtime/FunctionExecutable.h:
2012
2013 2018-10-25  Brent Fulgham  <bfulgham@apple.com>
2014
2015         Unreviewed build fix for Visual Studio 2017
2016
2017         * API/tests/testapi.c:
2018         (testMarkingConstraintsAndHeapFinalizers):
2019         (main):
2020
2021 2018-10-25  Devin Rousso  <drousso@apple.com>
2022
2023         Web Inspector: display fullscreen enter/exit events in Timelines and Network node waterfalls
2024         https://bugs.webkit.org/show_bug.cgi?id=189874
2025         <rdar://problem/44700000>
2026
2027         Reviewed by Joseph Pecoraro.
2028
2029         * inspector/protocol/DOM.json:
2030         Allow `data` to be passed to the frontend with `didFireEvent`.
2031
2032 2018-10-25  Ross Kirsling  <ross.kirsling@sony.com>
2033
2034         Cleanup: inline constexpr is redundant as constexpr implies inline
2035         https://bugs.webkit.org/show_bug.cgi?id=190819
2036
2037         Reviewed by Mark Lam.
2038
2039         * bytecode/ArrayProfile.h:
2040         (JSC::asArrayModes):
2041         * runtime/IndexingType.h:
2042         (JSC::isCopyOnWrite):
2043         * runtime/MathCommon.h:
2044         (JSC::maxSafeInteger):
2045         (JSC::minSafeInteger):
2046         * runtime/StackAlignment.h:
2047         (JSC::stackAlignmentBytes):
2048         (JSC::stackAlignmentRegisters):
2049
2050 2018-10-24  Megan Gardner  <megan_gardner@apple.com>
2051
2052         Turn on Conic Gradients
2053         https://bugs.webkit.org/show_bug.cgi?id=190810
2054
2055         Reviewed by Tim Horton.
2056
2057         * Configurations/FeatureDefines.xcconfig:
2058
2059 2018-10-24  Michael Saboff  <msaboff@apple.com>
2060
2061         Increase executable memory pool from 64MB to 128MB for ARM64
2062         https://bugs.webkit.org/show_bug.cgi?id=190453
2063
2064         Unreviewed, rolling back in r237024.
2065
2066         The original change did impact ARES-6 performance by 4-8%.  That will
2067         be investigated separately.
2068
2069 2018-10-22  Keith Rollin  <krollin@apple.com>
2070
2071         Use Location = "Relative to Build Products" rather than "Relative to Group"
2072         https://bugs.webkit.org/show_bug.cgi?id=190781
2073
2074         Reviewed by Alexey Proskuryakov.
2075
2076         Almost all Derived Files are included in Xcode projects with the
2077         Location attribute set to "Relative to Group". While this currently
2078         works, the Derived Files can no longer be found when enabling XCBuild
2079         (which has stricter requirements). Fix this by setting the Location
2080         attribute to "Relative to Build Products".
2081
2082         * JavaScriptCore.xcodeproj/project.pbxproj:
2083
2084 2018-10-22  Mark Lam  <mark.lam@apple.com>
2085
2086         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
2087         https://bugs.webkit.org/show_bug.cgi?id=190515
2088         <rdar://problem/45222379>
2089
2090         Reviewed by Saam Barati.
2091
2092         1. Fixes calls to asArrayModes() to take a structure's IndexingMode instead of
2093            IndexingType.
2094
2095         2. DFG's compileNewArrayBuffer()'s HaveABadTime case was previously using the
2096            node's indexingType (instead of indexingMode) to choose the array structure
2097            to use for creating an array buffer with.  This turns out to not be an issue
2098            because when the VM is in having a bad time, all the
2099            arrayStructureForIndexingTypeDuringAllocation structure pointers will point to
2100            the SlowPutArrayStorage structure anyway.  However, to be strictly correct,
2101            we'll fix it to use the structure for the node's indexingMode.
2102
2103         * dfg/DFGAbstractValue.cpp:
2104         (JSC::DFG::AbstractValue::set):
2105         (JSC::DFG::AbstractValue::mergeOSREntryValue):
2106         * dfg/DFGAbstractValue.h:
2107         (JSC::DFG::AbstractValue::validate const):
2108         * dfg/DFGOSRExit.cpp:
2109         (JSC::DFG::OSRExit::executeOSRExit):
2110         * dfg/DFGRegisteredStructureSet.cpp:
2111         (JSC::DFG::RegisteredStructureSet::arrayModesFromStructures const):
2112         * dfg/DFGSpeculativeJIT.cpp:
2113         (JSC::DFG::SpeculativeJIT::compileNewArrayBuffer):
2114
2115 2018-10-19  Commit Queue  <commit-queue@webkit.org>
2116
2117         Unreviewed, rolling out r237254.
2118         https://bugs.webkit.org/show_bug.cgi?id=190760
2119
2120         "It regresses JetStream 2 by 5% on some iOS devices"
2121         (Requested by saamyjoon on #webkit).
2122
2123         Reverted changeset:
2124
2125         "[JSC] JSC should have "parseFunction" to optimize Function
2126         constructor"
2127         https://bugs.webkit.org/show_bug.cgi?id=190340
2128         https://trac.webkit.org/changeset/237254
2129
2130 2018-10-19  Saam Barati  <sbarati@apple.com>
2131
2132         vmCall should check if we exit before emitting an OSR exit due to exceptions
2133         https://bugs.webkit.org/show_bug.cgi?id=190740
2134         <rdar://problem/45220139>
2135
2136         Reviewed by Mark Lam.
2137
2138         The bug we were seeing is the MovHint removal phase would
2139         eliminate a superfluous MovHint. This left a certain range
2140         of nodes in a state where they would not be able to reconstruct
2141         values for an OSR exit. This is OK, since this phase proved those
2142         nodes don't exit. However, some of these nodes may use the vmCall
2143         construct in FTLLower. vmCall used to unconditionally emit an
2144         exception check after each call. However, if such a call happens
2145         in the range of nodes where we can't exit, we would end up generating
2146         an invalid exit (and running with validateFTLOSRExitLiveness flag
2147         would find this issue).
2148         
2149         This patch makes vmCall check to see if the node can exit before
2150         emitting an exception check. A node not being able to exit implies
2151         that it can't exit for exceptions, therefore, by definition, it can't
2152         throw an exception.
2153
2154         * ftl/FTLLowerDFGToB3.cpp:
2155         (JSC::FTL::DFG::LowerDFGToB3::vmCall):
2156
2157 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
2158
2159         [ESNext][BigInt] Implement support for "^"
2160         https://bugs.webkit.org/show_bug.cgi?id=186235
2161
2162         Reviewed by Yusuke Suzuki.
2163
2164         This patch is introducing support for BigInt into bitwise xor
2165         operation. We are including only support into LLInt and Baseline.
2166
2167         * runtime/CommonSlowPaths.cpp:
2168         (JSC::SLOW_PATH_DECL):
2169         * runtime/JSBigInt.cpp:
2170         (JSC::JSBigInt::bitwiseXor):
2171         (JSC::JSBigInt::absoluteXor):
2172         * runtime/JSBigInt.h:
2173
2174 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
2175
2176         [BigInt] Add ValueSub into DFG
2177         https://bugs.webkit.org/show_bug.cgi?id=186176
2178
2179         Reviewed by Yusuke Suzuki.
2180
2181         We are introducing in this patch a new node called ValueSub. This node
2182         is necessary due to introduction of BigInt, making subtraction
2183         operations result in non-Number values in some cases. In such case, ValueSub is
2184         responsible to handle Untyped and BigInt operations.
2185         In addition, we are also creating a speculative path when both
2186         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
2187         this represents a speedup of ~1.2x faster.
2188
2189         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
2190
2191         * dfg/DFGAbstractInterpreterInlines.h:
2192         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2193         * dfg/DFGByteCodeParser.cpp:
2194         (JSC::DFG::ByteCodeParser::parseBlock):
2195         * dfg/DFGClobberize.h:
2196         (JSC::DFG::clobberize):
2197         * dfg/DFGDoesGC.cpp:
2198         (JSC::DFG::doesGC):
2199         * dfg/DFGFixupPhase.cpp:
2200         (JSC::DFG::FixupPhase::fixupNode):
2201         * dfg/DFGGraph.h:
2202         (JSC::DFG::Graph::addSpeculationMode):
2203         * dfg/DFGNodeType.h:
2204         * dfg/DFGOperations.cpp:
2205         * dfg/DFGOperations.h:
2206         * dfg/DFGPredictionPropagationPhase.cpp:
2207         * dfg/DFGSafeToExecute.h:
2208         (JSC::DFG::safeToExecute):
2209         * dfg/DFGSpeculativeJIT.cpp:
2210         (JSC::DFG::SpeculativeJIT::compileValueSub):
2211         (JSC::DFG::SpeculativeJIT::compileArithSub):
2212         * dfg/DFGSpeculativeJIT.h:
2213         * dfg/DFGSpeculativeJIT32_64.cpp:
2214         (JSC::DFG::SpeculativeJIT::compile):
2215         * dfg/DFGSpeculativeJIT64.cpp:
2216         (JSC::DFG::SpeculativeJIT::compile):
2217         * dfg/DFGValidate.cpp:
2218         * ftl/FTLCapabilities.cpp:
2219         (JSC::FTL::canCompile):
2220         * ftl/FTLLowerDFGToB3.cpp:
2221         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2222         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2223         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2224
2225 2018-10-18  Alexey Proskuryakov  <ap@apple.com>
2226
2227         Switch from PLATFORM(IOS) to PLATFORM(IOS_FAMILY)
2228         https://bugs.webkit.org/show_bug.cgi?id=190729
2229
2230         Reviewed by Tim Horton.
2231
2232         * API/JSBase.cpp:
2233         * API/JSWrapperMap.mm:
2234         * assembler/ARM64Assembler.h:
2235         (JSC::ARM64Assembler::cacheFlush):
2236         * assembler/ARMv7Assembler.h:
2237         (JSC::ARMv7Assembler::cacheFlush):
2238         * assembler/AssemblerCommon.h:
2239         (JSC::isIOS):
2240         * heap/FullGCActivityCallback.cpp:
2241         (JSC::FullGCActivityCallback::doCollection):
2242         * heap/Heap.cpp:
2243         (JSC::Heap::overCriticalMemoryThreshold):
2244         (JSC::Heap::updateAllocationLimits):
2245         (JSC::Heap::collectIfNecessaryOrDefer):
2246         * heap/Heap.h:
2247         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2248         (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget):
2249         * jit/ExecutableAllocator.cpp:
2250         (JSC::allowJIT):
2251         * jit/ExecutableAllocator.h:
2252         * jit/RegisterSet.cpp:
2253         (JSC::RegisterSet::reservedHardwareRegisters):
2254         (JSC::RegisterSet::calleeSaveRegisters):
2255         * jit/ThunkGenerators.cpp:
2256         * jsc.cpp:
2257         (main):
2258         * runtime/MathCommon.cpp:
2259         * runtime/Options.cpp:
2260         (JSC::overrideDefaults):
2261         (JSC::recomputeDependentOptions):
2262         * runtime/Options.h:
2263
2264 2018-10-18  Ross Kirsling  <ross.kirsling@sony.com>
2265
2266         delete expression should not throw without a reference
2267         https://bugs.webkit.org/show_bug.cgi?id=190637
2268
2269         Reviewed by Yusuke Suzuki.
2270
2271         * parser/Parser.cpp:
2272         (JSC::Parser<LexerType>::parseUnaryExpression):
2273         Eliminate non-spec-compliant switch case.
2274
2275 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2276
2277         [JSC] JSC should have "parseFunction" to optimize Function constructor
2278         https://bugs.webkit.org/show_bug.cgi?id=190340
2279
2280         Reviewed by Mark Lam.
2281
2282         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
2283         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
2284         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
2285         is really costly and ideally we should meet the above requirement by the one time parsing.
2286
2287         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
2288         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
2289         For example, if we run the code,
2290
2291             Function('/*', '*/){')
2292
2293         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
2294         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
2295         that, in our implementation, we first create the entire string.
2296
2297             function anonymous(/*) {
2298                 */){
2299             }
2300
2301         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
2302         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
2303         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
2304         above example while we parse the entire function only once. And we do not need to create two strings too.
2305
2306         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
2307         significantly sped up (28.2%).
2308
2309         Before:
2310             uglify-js:  2.94 runs/s
2311         After:
2312             uglify-js:  3.77 runs/s
2313
2314         * bytecode/UnlinkedFunctionExecutable.cpp:
2315         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2316         * bytecode/UnlinkedFunctionExecutable.h:
2317         * parser/Parser.cpp:
2318         (JSC::Parser<LexerType>::parseInner):
2319         (JSC::Parser<LexerType>::parseSingleFunction):
2320         (JSC::Parser<LexerType>::parseFunctionInfo):
2321         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2322         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
2323         * parser/Parser.h:
2324         (JSC::Parser<LexerType>::parse):
2325         (JSC::parse):
2326         (JSC::parseFunctionForFunctionConstructor):
2327         * parser/ParserModes.h:
2328         * parser/ParserTokens.h:
2329         (JSC::JSTextPosition::JSTextPosition):
2330         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
2331         * parser/SourceCodeKey.h:
2332         (JSC::SourceCodeKey::SourceCodeKey):
2333         (JSC::SourceCodeKey::operator== const):
2334         * runtime/CodeCache.cpp:
2335         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2336         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2337         * runtime/CodeCache.h:
2338         * runtime/FunctionConstructor.cpp:
2339         (JSC::constructFunctionSkippingEvalEnabledCheck):
2340         * runtime/FunctionExecutable.cpp:
2341         (JSC::FunctionExecutable::fromGlobalCode):
2342         * runtime/FunctionExecutable.h:
2343
2344 2018-10-18  Commit Queue  <commit-queue@webkit.org>
2345
2346         Unreviewed, rolling out r237242.
2347         https://bugs.webkit.org/show_bug.cgi?id=190701
2348
2349         it breaks "stress/sampling-profiler-basic.js" (Requested by
2350         caiolima on #webkit).
2351
2352         Reverted changeset:
2353
2354         "[BigInt] Add ValueSub into DFG"
2355         https://bugs.webkit.org/show_bug.cgi?id=186176
2356         https://trac.webkit.org/changeset/237242
2357
2358 2018-10-18  Takafumi Kubota  <takafumi.kubota1012@sslab.ics.keio.ac.jp>
2359
2360         Missing #pragma once in WasmOpcodeOrigin.h
2361         https://bugs.webkit.org/show_bug.cgi?id=190699
2362
2363         Reviewed by Yusuke Suzuki.
2364
2365         This patch add ''#pragma once'' into WasmOpcodeOrigin.h to avoid the
2366         multiple inclusion that can happen in the unified build
2367         configuration.
2368
2369         * wasm/WasmOpcodeOrigin.h:
2370
2371 2018-10-17  Wenson Hsieh  <wenson_hsieh@apple.com>
2372
2373         Enable the datalist element by default on iOS and macOS
2374         https://bugs.webkit.org/show_bug.cgi?id=190594
2375         <rdar://problem/45281159>
2376
2377         Reviewed by Ryosuke Niwa and Tim Horton.
2378
2379         * Configurations/FeatureDefines.xcconfig:
2380
2381 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
2382
2383         [BigInt] Add ValueSub into DFG
2384         https://bugs.webkit.org/show_bug.cgi?id=186176
2385
2386         Reviewed by Yusuke Suzuki.
2387
2388         We are introducing in this patch a new node called ValueSub. This node
2389         is necessary due to introduction of BigInt, making subtraction
2390         operations result in non-Number values in some cases. In such case, ValueSub is
2391         responsible to handle Untyped and BigInt operations.
2392         In addition, we are also creating a speculative path when both
2393         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
2394         this represents a speedup of ~1.2x faster.
2395
2396         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
2397
2398         * dfg/DFGAbstractInterpreterInlines.h:
2399         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2400         * dfg/DFGByteCodeParser.cpp:
2401         (JSC::DFG::ByteCodeParser::parseBlock):
2402         * dfg/DFGClobberize.h:
2403         (JSC::DFG::clobberize):
2404         * dfg/DFGDoesGC.cpp:
2405         (JSC::DFG::doesGC):
2406         * dfg/DFGFixupPhase.cpp:
2407         (JSC::DFG::FixupPhase::fixupNode):
2408         * dfg/DFGGraph.h:
2409         (JSC::DFG::Graph::addSpeculationMode):
2410         * dfg/DFGNodeType.h:
2411         * dfg/DFGOperations.cpp:
2412         * dfg/DFGOperations.h:
2413         * dfg/DFGPredictionPropagationPhase.cpp:
2414         * dfg/DFGSafeToExecute.h:
2415         (JSC::DFG::safeToExecute):
2416         * dfg/DFGSpeculativeJIT.cpp:
2417         (JSC::DFG::SpeculativeJIT::compileValueSub):
2418         (JSC::DFG::SpeculativeJIT::compileArithSub):
2419         * dfg/DFGSpeculativeJIT.h:
2420         * dfg/DFGSpeculativeJIT32_64.cpp:
2421         (JSC::DFG::SpeculativeJIT::compile):
2422         * dfg/DFGSpeculativeJIT64.cpp:
2423         (JSC::DFG::SpeculativeJIT::compile):
2424         * dfg/DFGValidate.cpp:
2425         * ftl/FTLCapabilities.cpp:
2426         (JSC::FTL::canCompile):
2427         * ftl/FTLLowerDFGToB3.cpp:
2428         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2429         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2430         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2431
2432 2018-10-17  Mark Lam  <mark.lam@apple.com>
2433
2434         The parser should not emit a ApplyFunctionCallDotNode for Reflect.apply.
2435         https://bugs.webkit.org/show_bug.cgi?id=190671
2436         <rdar://problem/45201145>
2437
2438         Reviewed by Saam Barati.
2439
2440         The bytecode generator does not currently know how to inline Reflect.apply (see
2441         https://bugs.webkit.org/show_bug.cgi?id=190668).  Hence, it's a waste of time to
2442         emit the ApplyFunctionCallDotNode since the function check against Function.apply
2443         that it will generate will always fail.
2444
2445         Also fixed CallVariant::dump() to be able to handle dumping a non-executable
2446         callee.  Reflect.apply used to trip this up.  Any object with an apply property
2447         invoked as a function could also trip this up.  This is now fixed.
2448
2449         * bytecode/CallVariant.cpp:
2450         (JSC::CallVariant::dump const):
2451         * bytecompiler/NodesCodegen.cpp:
2452         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2453         * parser/ASTBuilder.h:
2454         (JSC::ASTBuilder::makeFunctionCallNode):
2455
2456 2018-10-17  Commit Queue  <commit-queue@webkit.org>
2457
2458         Unreviewed, rolling out r237024.
2459         https://bugs.webkit.org/show_bug.cgi?id=190673
2460
2461         "It regressed ARES6 on iOS devices by 4-8%" (Requested by
2462         saamyjoon on #webkit).
2463
2464         Reverted changeset:
2465
2466         "Increase executable memory pool from 64MB to 128MB for ARM64"
2467         https://bugs.webkit.org/show_bug.cgi?id=190453
2468         https://trac.webkit.org/changeset/237024
2469
2470 2018-10-17  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2471
2472         [JSC] Use WTF::Function instead of std::function
2473         https://bugs.webkit.org/show_bug.cgi?id=190665
2474
2475         Reviewed by Keith Miller.
2476
2477         We should use WTF::Function as much as possible. It allocates memory from bmalloc instead of standard malloc.
2478
2479         * runtime/JSNativeStdFunction.h:
2480
2481 2018-10-17  Keith Miller  <keith_miller@apple.com>
2482
2483         Remove debug logging from generate_offsets_extractor.rb
2484         https://bugs.webkit.org/show_bug.cgi?id=190667
2485
2486         Reviewed by Mark Lam.
2487
2488         * offlineasm/generate_offset_extractor.rb:
2489
2490 2018-10-17  Keith Miller  <keith_miller@apple.com>
2491
2492         AI does not clear Phantom allocation nodes.
2493         https://bugs.webkit.org/show_bug.cgi?id=190694
2494
2495         Reviewed by Saam Barati.
2496
2497         Phantom nodes claim to have a result so they should make sure they clear
2498         their abstract values.
2499
2500         * dfg/DFGAbstractInterpreterInlines.h:
2501         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2502
2503 2018-10-17  Keith Miller  <keith_miller@apple.com>
2504
2505         Unreviewed, fix windows build.
2506
2507         * offlineasm/generate_offset_extractor.rb:
2508
2509 2018-10-17  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2510
2511         [JSC] More aggressively use `constexpr` in LowLevelInterpreter.asm for constant values
2512         https://bugs.webkit.org/show_bug.cgi?id=190659
2513
2514         Reviewed by Keith Miller.
2515
2516         Asking the actual constant value to the JSC binary is always the best way to get the correct value.
2517         The value is correctly updated once the original value is changed. We would like to encourage this
2518         approach more in LowLevelInterpreter.asm.
2519
2520         This patch expands the coverage of this approach. We make ObservedType, ResultType, and ArithProfile
2521         constexpr-friendly to produce the magic value used in LowLevelInterpreter.asm at compiling time.
2522         This change allows us to easily extend ArithProfile in the future to adopt BigInt efficiently.
2523
2524         We additionally use `constexpr` for several constant values in LowLevelInterpreter.asm.
2525
2526         * assembler/MaxFrameExtentForSlowPathCall.h:
2527         Use this value in LowLevelInterpreter.asm directly. We also make them constexpr. And we add CPU(ARM64E).
2528
2529         * bytecode/ArithProfile.h:
2530         (JSC::ObservedType::ObservedType):
2531         (JSC::ObservedType::sawInt32 const):
2532         (JSC::ObservedType::isOnlyInt32 const):
2533         (JSC::ObservedType::sawNumber const):
2534         (JSC::ObservedType::isOnlyNumber const):
2535         (JSC::ObservedType::sawNonNumber const):
2536         (JSC::ObservedType::isOnlyNonNumber const):
2537         (JSC::ObservedType::isEmpty const):
2538         (JSC::ObservedType::bits const):
2539         (JSC::ObservedType::withInt32 const):
2540         (JSC::ObservedType::withNumber const):
2541         (JSC::ObservedType::withNonNumber const):
2542         (JSC::ObservedType::withoutNonNumber const):
2543         (JSC::ObservedType::operator== const):
2544         (JSC::ArithProfile::ArithProfile):
2545         (JSC::ArithProfile::fromInt):
2546         (JSC::ArithProfile::observedUnaryInt):
2547         (JSC::ArithProfile::observedUnaryNumber):
2548         (JSC::ArithProfile::observedBinaryIntInt):
2549         (JSC::ArithProfile::observedBinaryNumberInt):
2550         (JSC::ArithProfile::observedBinaryIntNumber):
2551         (JSC::ArithProfile::observedBinaryNumberNumber):
2552         (JSC::ArithProfile::lhsObservedType const):
2553         (JSC::ArithProfile::rhsObservedType const):
2554         (JSC::ArithProfile::bits const):
2555         Make ObservedType and ArithProfile constexpr-friendly.
2556
2557         * llint/LLIntData.cpp:
2558         (JSC::LLInt::Data::performAssertions):
2559         Make several ASSERTs to STATIC_ASSERTs. Remove some unnecessary checks.
2560         * llint/LLIntOffsetsExtractor.cpp:
2561         * llint/LowLevelInterpreter.asm:
2562         Remove unused constant values. Use constexpr more and more aggressively.
2563
2564         * parser/ResultType.h:
2565         (JSC::ResultType::ResultType):
2566         (JSC::ResultType::isInt32 const):
2567         (JSC::ResultType::definitelyIsNumber const):
2568         (JSC::ResultType::definitelyIsString const):
2569         (JSC::ResultType::definitelyIsBoolean const):
2570         (JSC::ResultType::definitelyIsBigInt const):
2571         (JSC::ResultType::mightBeNumber const):
2572         (JSC::ResultType::isNotNumber const):
2573         (JSC::ResultType::mightBeBigInt const):
2574         (JSC::ResultType::isNotBigInt const):
2575         (JSC::ResultType::nullType):
2576         (JSC::ResultType::booleanType):
2577         (JSC::ResultType::numberType):
2578         (JSC::ResultType::numberTypeIsInt32):
2579         (JSC::ResultType::stringOrNumberType):
2580         (JSC::ResultType::addResultType):
2581         (JSC::ResultType::stringType):
2582         (JSC::ResultType::bigIntType):
2583         (JSC::ResultType::unknownType):
2584         (JSC::ResultType::forAdd):
2585         (JSC::ResultType::forLogicalOp):
2586         (JSC::ResultType::forBitOp):
2587         (JSC::ResultType::bits const):
2588         Make ResultType constexpr-friendly.
2589
2590         * runtime/JSCJSValue.h:
2591         Use offsetof instead of OBJECT_OFFSETOF. It is OK since EncodedValueDescriptor is POD.
2592         This change makes TagOffset and PayloadOffset macros constexpr-friendly while OBJECT_OFFSETOF
2593         cannot be used in constexpr since it uses reinterpret_cast.
2594
2595 2018-10-17  Keith Miller  <keith_miller@apple.com>
2596
2597         Unreviewed revert Fujii's revert in r237214 with new WinCairo build fix.
2598
2599 2018-10-16  Mark Lam  <mark.lam@apple.com>
2600
2601         GetIndexedPropertyStorage can GC.
2602         https://bugs.webkit.org/show_bug.cgi?id=190625
2603         <rdar://problem/45309366>
2604
2605         Reviewed by Saam Barati.
2606
2607         This is because if the ArrayMode type is String, the DFG and FTL will be emitting
2608         a call to operationResolveRope, and operationResolveRope can GC.  This patch
2609         updates doesGC() to reflect this.
2610
2611         * dfg/DFGDoesGC.cpp:
2612         (JSC::DFG::doesGC):
2613
2614 2018-10-16  Fujii Hironori  <Hironori.Fujii@sony.com>
2615
2616         Unreviewed, rolling out r237188, r237189, and r237197.
2617
2618         It breaks WinCairo Debug builds and Release LayoutTests
2619
2620         Reverted changesets:
2621
2622         https://bugs.webkit.org/show_bug.cgi?id=189708
2623         https://trac.webkit.org/changeset/237188
2624
2625         "Unreviewed, forgot to add untracked files."
2626         https://trac.webkit.org/changeset/237189
2627
2628         "isASTErroneous in offlineasm should de-macroify before
2629         looking for Errors"
2630         https://bugs.webkit.org/show_bug.cgi?id=190634
2631         https://trac.webkit.org/changeset/237197
2632
2633 2018-10-16  Devin Rousso  <drousso@apple.com>
2634
2635         Web Inspector: Canvas: capture previously saved states and add them to the recording payload
2636         https://bugs.webkit.org/show_bug.cgi?id=190473
2637
2638         Reviewed by Joseph Pecoraro.
2639
2640         * inspector/protocol/Recording.json:
2641         Add `states` key to `InitialState` object.
2642
2643 2018-10-16  Keith Miller  <keith_miller@apple.com>
2644
2645         isASTErroneous in offlineasm should de-macroify before looking for Errors
2646         https://bugs.webkit.org/show_bug.cgi?id=190634
2647
2648         Reviewed by Mark Lam.
2649
2650         If a macro isn't usable in a configuration it might still cause us to
2651         think the ast is invalid. This change runs the de-macroifier before
2652         looking for errors.
2653
2654         Also, it adds a missing include to Printer.h.
2655
2656         * assembler/Printer.h:
2657         * offlineasm/settings.rb:
2658
2659 2018-10-16  Justin Michaud  <justin_michaud@apple.com>
2660
2661         Implement feature flag and bindings for CSS Painting API
2662         https://bugs.webkit.org/show_bug.cgi?id=190237
2663
2664         Reviewed by Ryosuke Niwa.
2665
2666         * Configurations/FeatureDefines.xcconfig:
2667
2668 2018-10-16  Keith Miller  <keith_miller@apple.com>
2669
2670         Unreviewed, forgot to add untracked files.
2671
2672         * llint/LLIntSettingsExtractor.cpp: Added.
2673         (main):
2674         * offlineasm/generate_settings_extractor.rb: Added.
2675
2676 2018-10-16  Keith Miller  <keith_miller@apple.com>
2677
2678         Unreviewed, reland https://bugs.webkit.org/show_bug.cgi?id=189708 with build fix.
2679
2680         * CMakeLists.txt:
2681         * JavaScriptCore.xcodeproj/project.pbxproj:
2682         * llint/LLIntOffsetsExtractor.cpp:
2683         (JSC::LLIntOffsetsExtractor::dummy):
2684         * offlineasm/generate_offset_extractor.rb:
2685         * offlineasm/offsets.rb:
2686         * offlineasm/settings.rb:
2687
2688 2018-10-16  Keith Miller  <keith_miller@apple.com>
2689
2690         Unreviewed, add missing include.
2691
2692         * runtime/BasicBlockLocation.h:
2693
2694 2018-10-15  Keith Miller  <keith_miller@apple.com>
2695
2696         Support arm64 CPUs with a 32-bit address space
2697         https://bugs.webkit.org/show_bug.cgi?id=190273
2698
2699         Reviewed by Michael Saboff.
2700
2701         This patch adds support for arm64_32 in the LLInt. In order to
2702         make this work we needed to add a new type that reflects the size
2703         of a cpu register. This type is called CPURegister or UCPURegister
2704         for the unsigned version. Most places that used void* or intptr_t
2705         to refer to a register have been changed to use this new type.
2706
2707         * JavaScriptCore.xcodeproj/project.pbxproj:
2708         * assembler/ARM64Assembler.h:
2709         (JSC::isInt):
2710         (JSC::is4ByteAligned):
2711         (JSC::PairPostIndex::PairPostIndex):
2712         (JSC::PairPreIndex::PairPreIndex):
2713         (JSC::ARM64Assembler::readPointer):
2714         (JSC::ARM64Assembler::readCallTarget):
2715         (JSC::ARM64Assembler::computeJumpType):
2716         (JSC::ARM64Assembler::linkCompareAndBranch):
2717         (JSC::ARM64Assembler::linkConditionalBranch):
2718         (JSC::ARM64Assembler::linkTestAndBranch):
2719         (JSC::ARM64Assembler::loadRegisterLiteral):
2720         (JSC::ARM64Assembler::loadStoreRegisterPairPostIndex):
2721         (JSC::ARM64Assembler::loadStoreRegisterPairPreIndex):
2722         (JSC::ARM64Assembler::loadStoreRegisterPairOffset):
2723         (JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
2724         (JSC::isInt7): Deleted.
2725         (JSC::isInt11): Deleted.
2726         * assembler/CPU.h:
2727         (JSC::isAddress64Bit):
2728         (JSC::isAddress32Bit):
2729         * assembler/MacroAssembler.h:
2730         (JSC::MacroAssembler::shouldBlind):
2731         * assembler/MacroAssemblerARM64.cpp:
2732         (JSC::MacroAssemblerARM64::collectCPUFeatures):
2733         * assembler/MacroAssemblerARM64.h:
2734         (JSC::MacroAssemblerARM64::load):
2735         (JSC::MacroAssemblerARM64::store):
2736         (JSC::MacroAssemblerARM64::isInIntRange): Deleted.
2737         * assembler/Printer.h:
2738         * assembler/ProbeContext.h:
2739         (JSC::Probe::CPUState::gpr):
2740         (JSC::Probe::CPUState::spr):
2741         (JSC::Probe::Context::gpr):
2742         (JSC::Probe::Context::spr):
2743         * b3/B3ConstPtrValue.h:
2744         * b3/B3StackmapSpecial.cpp:
2745         (JSC::B3::StackmapSpecial::isArgValidForRep):
2746         * b3/air/AirArg.h:
2747         (JSC::B3::Air::Arg::stackSlot const):
2748         (JSC::B3::Air::Arg::special const):
2749         * b3/air/testair.cpp:
2750         * b3/testb3.cpp:
2751         (JSC::B3::testStoreConstantPtr):
2752         (JSC::B3::testInterpreter):
2753         (JSC::B3::testAddShl32):
2754         (JSC::B3::testLoadBaseIndexShift32):
2755         * bindings/ScriptFunctionCall.cpp:
2756         (Deprecated::ScriptCallArgumentHandler::appendArgument):
2757         * bindings/ScriptFunctionCall.h:
2758         * bytecode/CodeBlock.cpp:
2759         (JSC::roundCalleeSaveSpaceAsVirtualRegisters):
2760         * dfg/DFGOSRExit.cpp:
2761         (JSC::DFG::restoreCalleeSavesFor):
2762         (JSC::DFG::saveCalleeSavesFor):
2763         (JSC::DFG::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
2764         (JSC::DFG::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
2765         * dfg/DFGOSRExitCompilerCommon.cpp:
2766         (JSC::DFG::reifyInlinedCallFrames):
2767         * dfg/DFGSpeculativeJIT64.cpp:
2768         (JSC::DFG::SpeculativeJIT::compile):
2769         * disassembler/UDis86Disassembler.cpp:
2770         (JSC::tryToDisassembleWithUDis86):
2771         * ftl/FTLLowerDFGToB3.cpp:
2772         (JSC::FTL::DFG::LowerDFGToB3::compileWeakMapGet):
2773         * heap/MachineStackMarker.cpp:
2774         (JSC::copyMemory):
2775         * interpreter/CallFrame.h:
2776         (JSC::ExecState::returnPC const):
2777         (JSC::ExecState::hasReturnPC const):
2778         (JSC::ExecState::clearReturnPC):
2779         (JSC::ExecState::returnPCOffset):
2780         (JSC::ExecState::isGlobalExec const):
2781         (JSC::ExecState::setReturnPC):
2782         * interpreter/CalleeBits.h:
2783         (JSC::CalleeBits::boxWasm):
2784         (JSC::CalleeBits::isWasm const):
2785         (JSC::CalleeBits::asWasmCallee const):
2786         * interpreter/Interpreter.cpp:
2787         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
2788         * interpreter/VMEntryRecord.h:
2789         * jit/AssemblyHelpers.h:
2790         (JSC::AssemblyHelpers::clearStackFrame):
2791         * jit/RegisterAtOffset.h:
2792         (JSC::RegisterAtOffset::offsetAsIndex const):
2793         * jit/RegisterAtOffsetList.cpp:
2794         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2795         * llint/LLIntData.cpp:
2796         (JSC::LLInt::Data::performAssertions):
2797         * llint/LLIntOfflineAsmConfig.h:
2798         * llint/LowLevelInterpreter.asm:
2799         * llint/LowLevelInterpreter64.asm:
2800         * offlineasm/arm64.rb:
2801         * offlineasm/asm.rb:
2802         * offlineasm/ast.rb:
2803         * offlineasm/backends.rb:
2804         * offlineasm/parser.rb:
2805         * offlineasm/x86.rb:
2806         * runtime/BasicBlockLocation.cpp:
2807         (JSC::BasicBlockLocation::dumpData const):
2808         (JSC::BasicBlockLocation::emitExecuteCode const):
2809         * runtime/BasicBlockLocation.h:
2810         * runtime/HasOwnPropertyCache.h:
2811         * runtime/JSBigInt.cpp:
2812         (JSC::JSBigInt::inplaceMultiplyAdd):
2813         (JSC::JSBigInt::digitDiv):
2814         * runtime/JSBigInt.h:
2815         * runtime/JSObject.h:
2816         * runtime/Options.cpp:
2817         (JSC::jitEnabledByDefault):
2818         * runtime/Options.h:
2819         * runtime/RegExp.cpp:
2820         (JSC::RegExp::printTraceData):
2821         * runtime/SamplingProfiler.cpp:
2822         (JSC::CFrameWalker::walk):
2823         * runtime/SlowPathReturnType.h:
2824         (JSC::encodeResult):
2825         (JSC::decodeResult):
2826         * tools/SigillCrashAnalyzer.cpp:
2827         (JSC::SigillCrashAnalyzer::dumpCodeBlock):
2828
2829 2018-10-15  Justin Fan  <justin_fan@apple.com>
2830
2831         Add WebGPU 2018 feature flag and experimental feature flag
2832         https://bugs.webkit.org/show_bug.cgi?id=190509
2833
2834         Reviewed by Dean Jackson.
2835
2836         Re-add ENABLE_WEBGPU, an experimental feature flag, and a RuntimeEnabledFeature
2837         for the 2018 WebGPU prototype.
2838
2839         * Configurations/FeatureDefines.xcconfig:
2840
2841 2018-10-15  Timothy Hatcher  <timothy@apple.com>
2842
2843         Add support for prefers-color-scheme media query
2844         https://bugs.webkit.org/show_bug.cgi?id=190499
2845         rdar://problem/45212025
2846
2847         Reviewed by Dean Jackson.
2848
2849         * Configurations/FeatureDefines.xcconfig: Added ENABLE_DARK_MODE_CSS.
2850
2851 2018-10-15  Commit Queue  <commit-queue@webkit.org>
2852
2853         Unreviewed, rolling out r237084, r237088, r237098, and
2854         r237114.
2855         https://bugs.webkit.org/show_bug.cgi?id=190602
2856
2857         Breaks internal builds. (Requested by ryanhaddad on #webkit).
2858
2859         Reverted changesets:
2860
2861         "Separate configuration extraction from offset extraction"
2862         https://bugs.webkit.org/show_bug.cgi?id=189708
2863         https://trac.webkit.org/changeset/237084
2864
2865         "Gardening: Build fix after r237084."
2866         https://bugs.webkit.org/show_bug.cgi?id=189708
2867         https://trac.webkit.org/changeset/237088
2868
2869         "Gardening: Build fix after r237084."
2870         https://bugs.webkit.org/show_bug.cgi?id=189708
2871         https://trac.webkit.org/changeset/237098
2872
2873         "REGRESSION (r237084): JavaScriptCore fails to build on Linux"
2874         https://trac.webkit.org/changeset/237114
2875
2876 2018-10-15  Keith Miller  <keith_miller@apple.com>
2877
2878         BytecodeDumper should print all switch labels
2879         https://bugs.webkit.org/show_bug.cgi?id=190596
2880
2881         Reviewed by Saam Barati.
2882
2883         Right now the bytecode dumper only prints the default target not any of the
2884         non-default targets.
2885
2886         * bytecode/BytecodeDumper.cpp:
2887         (JSC::BytecodeDumper<Block>::dumpBytecode):
2888
2889 2018-10-15  Saam barati  <sbarati@apple.com>
2890
2891         Emit fjcvtzs on ARM64E on Darwin
2892         https://bugs.webkit.org/show_bug.cgi?id=184023
2893
2894         Reviewed by Yusuke Suzuki and Filip Pizlo.
2895
2896         ARMv8.3 introduced the fjcvtzs instruction which does double->int32
2897         conversion using the semantics defined by JavaScript:
2898         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0801g/hko1477562192868.html
2899         This patch teaches JSC to use that instruction when possible.
2900
2901         * assembler/ARM64Assembler.h:
2902         (JSC::ARM64Assembler::fjcvtzs):
2903         (JSC::ARM64Assembler::fjcvtzsInsn):
2904         * assembler/MacroAssemblerARM64.cpp:
2905         (JSC::MacroAssemblerARM64::collectCPUFeatures):
2906         * assembler/MacroAssemblerARM64.h:
2907         (JSC::MacroAssemblerARM64::supportsDoubleToInt32ConversionUsingJavaScriptSemantics):
2908         (JSC::MacroAssemblerARM64::convertDoubleToInt32UsingJavaScriptSemantics):
2909         * dfg/DFGSpeculativeJIT.cpp:
2910         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2911         * disassembler/ARM64/A64DOpcode.cpp:
2912         * disassembler/ARM64/A64DOpcode.h:
2913         (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName):
2914         * ftl/FTLLowerDFGToB3.cpp:
2915         (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
2916         * jit/JITRightShiftGenerator.cpp:
2917         (JSC::JITRightShiftGenerator::generateFastPath):
2918         * runtime/MathCommon.h:
2919         (JSC::toInt32):
2920
2921 2018-10-15  Saam Barati  <sbarati@apple.com>
2922
2923         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
2924         https://bugs.webkit.org/show_bug.cgi?id=190262
2925         <rdar://problem/44986241>
2926
2927         Reviewed by Mark Lam.
2928
2929         We would take the fast path for shiftCountWithArrayStorage when the array
2930         hasHoles(). However, the code for this was wrong. It'd incorrectly update
2931         ArrayStorage::m_numValuesInVector. Since the hasHoles() for ArrayStorage
2932         path is never taken in JetStream 2, this patch just removes that from
2933         the fast path. Instead, we just fallback to the slow path when hasHoles().
2934         If we find evidence that this matters for real use cases, we can
2935         figure out a way to make the fast path work.
2936
2937         * runtime/JSArray.cpp:
2938         (JSC::JSArray::shiftCountWithArrayStorage):
2939
2940 2018-10-15  Commit Queue  <commit-queue@webkit.org>
2941
2942         Unreviewed, rolling out r237054.
2943         https://bugs.webkit.org/show_bug.cgi?id=190593
2944
2945         "this regressed JetStream 2 by 6% on iOS" (Requested by
2946         saamyjoon on #webkit).
2947
2948         Reverted changeset:
2949
2950         "[JSC] JSC should have "parseFunction" to optimize Function
2951         constructor"
2952         https://bugs.webkit.org/show_bug.cgi?id=190340
2953         https://trac.webkit.org/changeset/237054
2954
2955 2018-10-14  David Kilzer  <ddkilzer@apple.com>
2956
2957         REGRESSION (r237084): JavaScriptCore fails to build on Linux
2958         <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10949>
2959
2960         * llint/LLIntSettingsExtractor.cpp: Attempt to fix build by
2961         including <stdio.h>.
2962
2963 2018-10-15  Alex Christensen  <achristensen@webkit.org>
2964
2965         Shrink more enum classes
2966         https://bugs.webkit.org/show_bug.cgi?id=190540
2967
2968         Reviewed by Chris Dumez.
2969
2970         * runtime/ConsoleTypes.h:
2971
2972 2018-10-15  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2973
2974         [JSC] Disable DOMJIT on 32bit architecture
2975         https://bugs.webkit.org/show_bug.cgi?id=190387
2976
2977         Reviewed by Mark Lam.
2978
2979         We disable DOMJIT on 32bit architecture due to exhaustion of registers.
2980
2981         * runtime/Options.h:
2982
2983 2018-10-15  Alex Christensen  <achristensen@webkit.org>
2984
2985         Include EnumTraits.h less
2986         https://bugs.webkit.org/show_bug.cgi?id=190535
2987
2988         Reviewed by Chris Dumez.
2989
2990         * runtime/ConsoleTypes.h:
2991
2992 2018-10-14  Mark Lam  <mark.lam@apple.com>
2993
2994         Gardening: Build fix after r237084.
2995         https://bugs.webkit.org/show_bug.cgi?id=189708
2996
2997         Unreviewd.
2998
2999         * llint/LLIntOffsetsExtractor.cpp:
3000
3001 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3002
3003         [JSC] Remove Option::useAsyncIterator
3004         https://bugs.webkit.org/show_bug.cgi?id=190567
3005
3006         Reviewed by Saam Barati.
3007
3008         Async iterator is enabled by default at 2017-08-09. It is already shipped in several releases,
3009         and we can think that it is already mature. Let's drop the option `Option::useAsyncIterator`.
3010
3011         * Configurations/FeatureDefines.xcconfig:
3012         * bytecompiler/BytecodeGenerator.cpp:
3013         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
3014         (JSC::BytecodeGenerator::emitNewFunction):
3015         * parser/ASTBuilder.h:
3016         (JSC::ASTBuilder::createFunctionMetadata):
3017         * parser/Parser.cpp:
3018         (JSC::Parser<LexerType>::parseForStatement):
3019         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3020         (JSC::Parser<LexerType>::parseClass):
3021         (JSC::Parser<LexerType>::parseProperty):
3022         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
3023         * runtime/Options.h:
3024
3025 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3026
3027         [JSC] Remove Options::useObjectRestSpread
3028         https://bugs.webkit.org/show_bug.cgi?id=190568
3029
3030         Reviewed by Saam Barati.
3031
3032         Options::useObjectRestSpread is enabled by default at 2017-06-27. It is already shipped in several releases,
3033         and we can think that it is mature. Let's drop Options::useObjectRestSpread() flag.
3034
3035         * parser/Parser.cpp:
3036         (JSC::Parser<LexerType>::Parser):
3037         (JSC::Parser<LexerType>::parseDestructuringPattern):
3038         (JSC::Parser<LexerType>::parseProperty):
3039         * parser/Parser.h:
3040         * runtime/Options.h:
3041
3042 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3043
3044         [JSC] JSON.stringify can accept call-with-no-arguments
3045         https://bugs.webkit.org/show_bug.cgi?id=190343
3046
3047         Reviewed by Mark Lam.
3048
3049         JSON.stringify can accept `JSON.stringify()` call (call-with-no-arguments) according to the spec[1].
3050         Instead of throwing an error, we should take the first argument as `undefined` if it is not given.
3051
3052         [1]: https://tc39.github.io/ecma262/#sec-json.stringify
3053
3054         * runtime/JSONObject.cpp:
3055         (JSC::JSONProtoFuncStringify):
3056
3057 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
3058
3059         Gardening: Build fix after r237084.
3060         https://bugs.webkit.org/show_bug.cgi?id=189708
3061
3062         Unreviewd.
3063
3064         * JavaScriptCore.xcodeproj/project.pbxproj:
3065
3066 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
3067
3068         Separate configuration extraction from offset extraction
3069         https://bugs.webkit.org/show_bug.cgi?id=189708
3070
3071         Reviewed by Keith Miller.
3072
3073         Instead of generating a file with all offsets for every combination of
3074         configurations, we first generate a file with only the configuration
3075         indices and pass that to the offset extractor. The offset extractor then
3076         only generates the offsets for valid configurations
3077
3078         * CMakeLists.txt:
3079         * JavaScriptCore.xcodeproj/project.pbxproj:
3080         * llint/LLIntOffsetsExtractor.cpp:
3081         (JSC::LLIntOffsetsExtractor::dummy):
3082         * llint/LLIntSettingsExtractor.cpp: Added.
3083         (main):
3084         * offlineasm/generate_offset_extractor.rb:
3085         * offlineasm/generate_settings_extractor.rb: Added.
3086         * offlineasm/offsets.rb:
3087         * offlineasm/settings.rb:
3088
3089 2018-10-12  Ryan Haddad  <ryanhaddad@apple.com>
3090
3091         Unreviewed, rolling out r237063.
3092
3093         Caused layout test fast/dom/Window/window-postmessage-clone-
3094         deep-array.html to fail on macOS and iOS Debug bots.
3095
3096         Reverted changeset:
3097
3098         "[JSC] Remove gcc warnings on mips and armv7"
3099         https://bugs.webkit.org/show_bug.cgi?id=188598
3100         https://trac.webkit.org/changeset/237063
3101
3102 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
3103
3104         [JSC] Remove gcc warnings on mips and armv7
3105         https://bugs.webkit.org/show_bug.cgi?id=188598
3106
3107         Reviewed by Mark Lam.
3108
3109         Fix many gcc/clang warnings that are false positives, mostly alignment
3110         issues.
3111
3112         * assembler/MacroAssemblerPrinter.cpp:
3113         (JSC::Printer::printMemory):
3114         Use bitwise_cast instead of reinterpret_cast.
3115         * assembler/testmasm.cpp:
3116         (JSC::floatOperands):
3117         marked as potentially unused as it is not used on all platforms.
3118         (JSC::testProbeModifiesStackValues):
3119         modifiedFlags is not used on mips, so don't declare it.
3120         * bytecode/CodeBlock.h:
3121         Make ScriptExecutable::prepareForExecution() return an
3122         std::optional<Exception*> instead of a JSObject*.
3123         * interpreter/Interpreter.cpp:
3124         (JSC::Interpreter::executeProgram):
3125         (JSC::Interpreter::executeCall):
3126         (JSC::Interpreter::executeConstruct):
3127         (JSC::Interpreter::prepareForRepeatCall):
3128         (JSC::Interpreter::execute):
3129         (JSC::Interpreter::executeModuleProgram):
3130         Update calling code for the prototype change of
3131         ScriptExecutable::prepareForExecution().
3132         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
3133         * llint/LLIntSlowPaths.cpp:
3134         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
3135         * runtime/JSBigInt.cpp:
3136         (JSC::JSBigInt::dataStorage):
3137         Use bitwise_cast instead of reinterpret_cast.
3138         * runtime/ScriptExecutable.cpp:
3139         * runtime/ScriptExecutable.h:
3140         Make ScriptExecutable::prepareForExecution() return an
3141         std::optional<Exception*> instead of a JSObject*.
3142         * tools/JSDollarVM.cpp:
3143         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
3144
3145 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3146
3147         Use currentStackPointer more
3148         https://bugs.webkit.org/show_bug.cgi?id=190503
3149
3150         Reviewed by Saam Barati.
3151
3152         * runtime/VM.cpp:
3153         (JSC::VM::committedStackByteCount):
3154
3155 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3156
3157         [JSC] JSC should have "parseFunction" to optimize Function constructor
3158         https://bugs.webkit.org/show_bug.cgi?id=190340
3159
3160         Reviewed by Mark Lam.
3161
3162         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
3163         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
3164         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
3165         is really costly and ideally we should meet the above requirement by the one time parsing.
3166
3167         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
3168         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
3169         For example, if we run the code,
3170
3171             Function('/*', '*/){')
3172
3173         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
3174         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
3175         that, in our implementation, we first create the entire string.
3176
3177             function anonymous(/*) {
3178                 */){
3179             }
3180
3181         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
3182         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
3183         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
3184         above example while we parse the entire function only once. And we do not need to create two strings too.
3185
3186         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
3187         significantly sped up (28.2%).
3188
3189         Before:
3190             uglify-js:  2.94 runs/s
3191         After:
3192             uglify-js:  3.77 runs/s
3193
3194         * bytecode/UnlinkedFunctionExecutable.cpp:
3195         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3196         * bytecode/UnlinkedFunctionExecutable.h:
3197         * parser/Parser.cpp:
3198         (JSC::Parser<LexerType>::parseInner):
3199         (JSC::Parser<LexerType>::parseSingleFunction):
3200         (JSC::Parser<LexerType>::parseFunctionInfo):
3201         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3202         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3203         (JSC::Parser<LexerType>::parseClass):
3204         (JSC::Parser<LexerType>::parsePropertyMethod):
3205         (JSC::Parser<LexerType>::parseGetterSetter):
3206         (JSC::Parser<LexerType>::parseFunctionExpression):
3207         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
3208         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
3209         * parser/Parser.h:
3210         (JSC::Parser<LexerType>::parse):
3211         (JSC::parse):
3212         (JSC::parseFunctionForFunctionConstructor):
3213         * parser/ParserModes.h:
3214         * parser/ParserTokens.h:
3215         (JSC::JSTextPosition::JSTextPosition):
3216         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
3217         * parser/SourceCodeKey.h:
3218         (JSC::SourceCodeKey::SourceCodeKey):
3219         (JSC::SourceCodeKey::operator== const):
3220         * runtime/CodeCache.cpp:
3221         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3222         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3223         * runtime/CodeCache.h:
3224         * runtime/FunctionConstructor.cpp:
3225         (JSC::constructFunctionSkippingEvalEnabledCheck):
3226         * runtime/FunctionExecutable.cpp:
3227         (JSC::FunctionExecutable::fromGlobalCode):
3228         * runtime/FunctionExecutable.h:
3229
3230 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
3231
3232         Fix non-existent define `CPU(JSVALUE64)`
3233         https://bugs.webkit.org/show_bug.cgi?id=190479
3234
3235         Reviewed by Yusuke Suzuki.
3236
3237         * jit/CCallHelpers.h:
3238         (JSC::CCallHelpers::setupArgumentsImpl):
3239         Correct CPU(JSVALUE64) to USE(JSVALUE64).
3240
3241 2018-10-11  Keith Rollin  <krollin@apple.com>
3242
3243         CURRENT_ARCH should not be used in Run Script phase.
3244         https://bugs.webkit.org/show_bug.cgi?id=190407
3245         <rdar://problem/45133556>
3246
3247         Reviewed by Alexey Proskuryakov.
3248
3249         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
3250         CURRENT_ARCH is not well-defined during this phase (and may even have
3251         the value "undefined") since this phase is run just once per build
3252         rather than once per supported architecture. Migrate away from
3253         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
3254         performing an operation for each value, or by picking the first entry
3255         in ARCHS and using that as a representative value.
3256
3257         * JavaScriptCore.xcodeproj/project.pbxproj: Store
3258         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
3259         rather than CURRENT_ARCH.
3260
3261 2018-10-10  Mark Lam  <mark.lam@apple.com>
3262
3263         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
3264         https://bugs.webkit.org/show_bug.cgi?id=190405
3265         <rdar://problem/45131464>
3266
3267         Reviewed by Michael Saboff.
3268
3269         The ASAN detect_stack_use_after_return option checks for use of stack variables
3270         after they have been freed.  It does this by allocating relevant stack variables
3271         in heap memory (instead of on the stack) if the code ever takes the address of
3272         those stack variables.  Unfortunately, this is a common idiom that we use to
3273         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
3274         computed approximate stack pointer value will point into the heap instead of the
3275         stack.  This breaks the VM's expectations and wreaks havoc.
3276
3277         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
3278         taking the address of stack variables.
3279
3280         We also need to enhance ExceptionScopes to be able to work with ASAN
3281         detect_stack_use_after_return which will allocated the scope in the heap.  We
3282         work around this by passing the current stack pointer of the instantiating calling
3283         frame into the scope constructor, and using that for the position check in
3284         ~ThrowScope() instead.
3285
3286         The above is only a start towards enabling ASAN detect_stack_use_after_return on
3287         the VM.  There are still other issues to be resolved before we can run with this
3288         ASAN option.
3289
3290         * runtime/CatchScope.h:
3291         * runtime/ExceptionEventLocation.h:
3292         (JSC::ExceptionEventLocation::ExceptionEventLocation):
3293         * runtime/ExceptionScope.h:
3294         (JSC::ExceptionScope::stackPosition const):
3295         * runtime/JSLock.cpp:
3296         (JSC::JSLock::didAcquireLock):
3297         * runtime/ThrowScope.cpp:
3298         (JSC::ThrowScope::~ThrowScope):
3299         * runtime/ThrowScope.h:
3300         * runtime/VM.h:
3301         (JSC::VM::needExceptionCheck const):
3302         (JSC::VM::isSafeToRecurse const):
3303         * wasm/js/WebAssemblyFunction.cpp:
3304         (JSC::callWebAssemblyFunction):
3305         * yarr/YarrPattern.cpp:
3306         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
3307
3308 2018-10-10  Devin Rousso  <drousso@apple.com>
3309
3310         Web Inspector: create special Network waterfall for media events
3311         https://bugs.webkit.org/show_bug.cgi?id=189773
3312         <rdar://problem/44626605>
3313
3314         Reviewed by Joseph Pecoraro.
3315
3316         * inspector/protocol/DOM.json:
3317         Add `didFireEvent` event that is fired when specific event listeners added by
3318         `InspectorInstrumentation::addEventListenersToNode` are fired.
3319
3320 2018-10-10  Michael Saboff  <msaboff@apple.com>
3321
3322         Increase executable memory pool from 64MB to 128MB for ARM64
3323         https://bugs.webkit.org/show_bug.cgi?id=190453
3324
3325         Reviewed by Saam Barati.
3326
3327         * jit/ExecutableAllocator.cpp:
3328
3329 2018-10-10  Devin Rousso  <drousso@apple.com>
3330
3331         Web Inspector: notify the frontend when a canvas has started recording via console.record
3332         https://bugs.webkit.org/show_bug.cgi?id=190306
3333
3334         Reviewed by Brian Burg.
3335
3336         * inspector/protocol/Canvas.json:
3337         Add `recordingStarted` event.
3338
3339         * inspector/protocol/Recording.json:
3340         Add `Initiator` enum for determining who started the recording.
3341
3342 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3343
3344         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
3345         https://bugs.webkit.org/show_bug.cgi?id=190429
3346
3347         Reviewed by Saam Barati.
3348
3349         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
3350         To make it explicit that these functions can fail, we rename these functions from createXXX
3351         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
3352         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
3353         and it should return RefPtr<>.
3354
3355         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
3356         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
3357         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
3358         RELEASE_ASSERT on the result of `tryCreate(...)`.
3359
3360         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
3361
3362         This change actually finds one place which does not perform any null checkings while it uses
3363         `RefPtr<> create(...)` function.
3364
3365         * API/JSCallbackObjectFunctions.h:
3366         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
3367         (JSC::JSCallbackObject<Parent>::put):
3368         (JSC::JSCallbackObject<Parent>::putByIndex):
3369         (JSC::JSCallbackObject<Parent>::deleteProperty):
3370         (JSC::JSCallbackObject<Parent>::callbackGetter):
3371         * API/JSClassRef.h:
3372         (StaticValueEntry::StaticValueEntry):
3373         * API/JSContext.mm:
3374         (-[JSContext evaluateScript:withSourceURL:]):
3375         (-[JSContext setName:]):
3376         * API/JSContextRef.cpp:
3377         (JSGlobalContextCopyName):
3378         (JSContextCreateBacktrace):
3379         * API/JSObjectRef.cpp:
3380         (JSObjectCopyPropertyNames):
3381         * API/JSScriptRef.cpp:
3382         * API/JSStringRef.cpp:
3383         (JSStringCreateWithCharactersNoCopy):
3384         * API/JSValue.mm:
3385         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
3386         (+[JSValue valueWithNewErrorFromMessage:inContext:]):