6b3dee88b56cd3adbe84d589186e8eef937e161c
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-03  Mark Lam  <mark.lam@apple.com>
2
3         Suppress unreachable code warning for LLIntAssembly.h code.
4         https://bugs.webkit.org/show_bug.cgi?id=190263
5         <rdar://problem/44986532>
6
7         Reviewed by Saam Barati.
8
9         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
10         asm files, and may contain dead code which are harmless, but will trip up the warning.
11         We should suppress the warning so that it doesn't break builds.
12
13         * llint/LowLevelInterpreter.cpp:
14         (JSC::CLoop::execute):
15
16 2018-10-03  Dan Bernstein  <mitz@apple.com>
17
18         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
19         https://bugs.webkit.org/show_bug.cgi?id=190250
20
21         Reviewed by Alex Christensen.
22
23         * API/tests/Regress141275.mm:
24         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
25           by making the self-retaining explicit.
26
27         * API/tests/testapi.cpp:
28         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
29           loop instead of returning from the lambda.
30
31         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
32           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
33           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
34
35         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
36           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
37
38         * assembler/MacroAssemblerPrinter.cpp:
39         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
40           some commas with semicolons.
41
42 2018-10-03  Mark Lam  <mark.lam@apple.com>
43
44         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
45         https://bugs.webkit.org/show_bug.cgi?id=190187
46         <rdar://problem/42512909>
47
48         Reviewed by Michael Saboff.
49
50         Allowing different max string lengths at each level opens up opportunities for
51         bugs to creep in.  With 2 different max length values, it is more difficult to
52         keep the story straight on how we do overflow / bounds checks at each place in
53         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
54         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
55         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
56         standardize on a MaxLength of INT_MAX at all levels.
57
58         We'll also standardize the way we do length overflow checks on using
59         CheckedArithmetic, and add some asserts to document the assumptions of the code.
60
61         * runtime/FunctionConstructor.cpp:
62         (JSC::constructFunctionSkippingEvalEnabledCheck):
63         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
64         * runtime/JSString.h:
65         (JSC::JSString::finishCreation):
66         (JSC::JSString::createHasOtherOwner):
67         (JSC::JSString::setLength):
68         * runtime/JSStringInlines.h:
69         (JSC::jsMakeNontrivialString):
70         * runtime/Operations.h:
71         (JSC::jsString):
72
73 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
74
75         [JSC] Add a C++ callable overload of objectConstructorSeal
76         https://bugs.webkit.org/show_bug.cgi?id=190137
77
78         Reviewed by Yusuke Suzuki.
79
80         * runtime/ObjectConstructor.cpp:
81         * runtime/ObjectConstructor.h:
82
83 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
84
85         Fix Disassembler-output on ARM Thumb2
86         https://bugs.webkit.org/show_bug.cgi?id=190203
87
88         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
89         execution in thumb mode for jumps and calls. The actual machine
90         instructions are still aligned to 2-bytes though. Use dataLocation() as
91         start address for disassembling since it unsets the thumb bit.
92         Until now the disassembler would start at the wrong address (off by 1),
93         resulting in the wrong disassembled machine instructions.
94
95         Reviewed by Mark Lam.
96
97         * disassembler/CapstoneDisassembler.cpp:
98         (JSC::tryToDisassemble):
99
100 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
101
102         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
103         https://bugs.webkit.org/show_bug.cgi?id=190215
104
105         Reviewed by Mark Lam.
106
107         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
108         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
109         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
110         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
111         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
112
113         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
114         non-JIT configurations. This does not have any functionality allocating executable memory, thus
115         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
116
117         * jit/ExecutableAllocator.cpp:
118         (JSC::ExecutableAllocator::initializeAllocator):
119         (JSC::ExecutableAllocator::singleton):
120         * jit/ExecutableAllocator.h:
121         (JSC::ExecutableAllocator::isValid const):
122         (JSC::ExecutableAllocator::underMemoryPressure):
123         (JSC::ExecutableAllocator::memoryPressureMultiplier):
124         (JSC::ExecutableAllocator::dumpProfile):
125         (JSC::ExecutableAllocator::allocate):
126         (JSC::ExecutableAllocator::isValidExecutableMemory):
127         (JSC::ExecutableAllocator::committedByteCount):
128         (JSC::ExecutableAllocator::getLock const):
129         (JSC::performJITMemcpy):
130
131 2018-10-01  Dean Jackson  <dino@apple.com>
132
133         Remove CSS Animation Triggers
134         https://bugs.webkit.org/show_bug.cgi?id=190175
135         <rdar://problem/44925626>
136
137         Reviewed by Simon Fraser.
138
139         * Configurations/FeatureDefines.xcconfig:
140
141 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
142
143         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
144         https://bugs.webkit.org/show_bug.cgi?id=190033
145
146         Reviewed by Yusuke Suzuki.
147
148         The implementation of JSBigInt::toStringToGeneric doesn't handle power
149         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
150         implemented JSBigInt::toStringBasePowerOfTwo that follows the
151         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
152         digit.
153
154         * runtime/JSBigInt.cpp:
155         (JSC::JSBigInt::toString):
156         (JSC::JSBigInt::toStringBasePowerOfTwo):
157         * runtime/JSBigInt.h:
158
159 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
160
161         [JSC] Add branchIfNaN and branchIfNotNaN
162         https://bugs.webkit.org/show_bug.cgi?id=190122
163
164         Reviewed by Mark Lam.
165
166         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
167
168         * dfg/DFGSpeculativeJIT.cpp:
169         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
170         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
171         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
172         (JSC::DFG::SpeculativeJIT::compileSpread):
173         (JSC::DFG::SpeculativeJIT::compileNewArray):
174         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
175         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
176         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
177         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
178         * dfg/DFGSpeculativeJIT32_64.cpp:
179         (JSC::DFG::SpeculativeJIT::compile):
180         * dfg/DFGSpeculativeJIT64.cpp:
181         (JSC::DFG::SpeculativeJIT::compile):
182         * jit/AssemblyHelpers.cpp:
183         (JSC::AssemblyHelpers::purifyNaN):
184         * jit/AssemblyHelpers.h:
185         (JSC::AssemblyHelpers::branchIfNaN):
186         (JSC::AssemblyHelpers::branchIfNotNaN):
187         * jit/JITPropertyAccess.cpp:
188         (JSC::JIT::emitGenericContiguousPutByVal):
189         (JSC::JIT::emitDoubleLoad):
190         (JSC::JIT::emitFloatTypedArrayGetByVal):
191         * jit/JITPropertyAccess32_64.cpp:
192         (JSC::JIT::emitGenericContiguousPutByVal):
193         * wasm/js/JSToWasm.cpp:
194         (JSC::Wasm::createJSToWasmWrapper):
195
196 2018-10-01  Mark Lam  <mark.lam@apple.com>
197
198         Function.toString() should also copy the source code Functions that are class definitions.
199         https://bugs.webkit.org/show_bug.cgi?id=190186
200         <rdar://problem/44733360>
201
202         Reviewed by Saam Barati.
203
204         Previously, if the Function is a class definition, functionProtoFuncToString()
205         would create a String using StringView::toStringWithoutCopying(), and use that
206         String to make a JSString.  This is not a problem if the underlying SourceProvider
207         (that backs the characters in that StringView) is immortal.  However, this is
208         not always the case in practice.
209
210         This patch fixes this issue by changing functionProtoFuncToString() to create the
211         String using StringView::toString() instead, which makes a copy of the underlying
212         characters buffer.  This detaches the resultant JSString from the SourceProvider
213         characters buffer that it was created from, and ensure that the underlying
214         characters buffer of the string will be alive for the entire lifetime of the
215         JSString.
216
217         * runtime/FunctionPrototype.cpp:
218         (JSC::functionProtoFuncToString):
219
220 2018-10-01  Keith Miller  <keith_miller@apple.com>
221
222         Create a RELEASE_AND_RETURN macro for ExceptionScopes
223         https://bugs.webkit.org/show_bug.cgi?id=190163
224
225         Reviewed by Mark Lam.
226
227         The new RELEASE_AND_RETURN does all the work for cases
228         where you want to return the result of some expression
229         without explicitly checking for an exception. This is
230         much like the existing RETURN_IF_EXCEPTION macro.
231
232         * dfg/DFGOperations.cpp:
233         (JSC::DFG::newTypedArrayWithSize):
234         * interpreter/Interpreter.cpp:
235         (JSC::eval):
236         * jit/JITOperations.cpp:
237         (JSC::getByVal):
238         * jsc.cpp:
239         (functionDollarAgentReceiveBroadcast):
240         * llint/LLIntSlowPaths.cpp:
241         (JSC::LLInt::setUpCall):
242         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
243         (JSC::LLInt::varargsSetup):
244         * profiler/ProfilerDatabase.cpp:
245         (JSC::Profiler::Database::toJSON const):
246         * runtime/AbstractModuleRecord.cpp:
247         (JSC::AbstractModuleRecord::hostResolveImportedModule):
248         * runtime/ArrayConstructor.cpp:
249         (JSC::constructArrayWithSizeQuirk):
250         * runtime/ArrayPrototype.cpp:
251         (JSC::getProperty):
252         (JSC::fastJoin):
253         (JSC::arrayProtoFuncToString):
254         (JSC::arrayProtoFuncToLocaleString):
255         (JSC::arrayProtoFuncJoin):
256         (JSC::arrayProtoFuncPop):
257         (JSC::arrayProtoPrivateFuncConcatMemcpy):
258         * runtime/BigIntConstructor.cpp:
259         (JSC::toBigInt):
260         * runtime/CommonSlowPaths.h:
261         (JSC::CommonSlowPaths::opInByVal):
262         * runtime/ConstructData.cpp:
263         (JSC::construct):
264         * runtime/DateConstructor.cpp:
265         (JSC::dateParse):
266         * runtime/DatePrototype.cpp:
267         (JSC::dateProtoFuncToPrimitiveSymbol):
268         * runtime/DirectArguments.h:
269         * runtime/ErrorConstructor.cpp:
270         (JSC::Interpreter::constructWithErrorConstructor):
271         * runtime/ErrorPrototype.cpp:
272         (JSC::errorProtoFuncToString):
273         * runtime/ExceptionScope.h:
274         * runtime/FunctionConstructor.cpp:
275         (JSC::constructFunction):
276         * runtime/FunctionPrototype.cpp:
277         (JSC::functionProtoFuncToString):
278         * runtime/GenericArgumentsInlines.h:
279         (JSC::GenericArguments<Type>::defineOwnProperty):
280         * runtime/GetterSetter.cpp:
281         (JSC::callGetter):
282         * runtime/IntlCollatorConstructor.cpp:
283         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
284         * runtime/IntlCollatorPrototype.cpp:
285         (JSC::IntlCollatorFuncCompare):
286         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
287         * runtime/IntlDateTimeFormatConstructor.cpp:
288         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
289         * runtime/IntlDateTimeFormatPrototype.cpp:
290         (JSC::IntlDateTimeFormatFuncFormatDateTime):
291         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
292         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
293         * runtime/IntlNumberFormatConstructor.cpp:
294         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
295         * runtime/IntlNumberFormatPrototype.cpp:
296         (JSC::IntlNumberFormatFuncFormatNumber):
297         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
298         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
299         * runtime/IntlObject.cpp:
300         (JSC::intlNumberOption):
301         * runtime/IntlObjectInlines.h:
302         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
303         * runtime/IntlPluralRules.cpp:
304         (JSC::IntlPluralRules::resolvedOptions):
305         * runtime/IntlPluralRulesConstructor.cpp:
306         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
307         * runtime/IntlPluralRulesPrototype.cpp:
308         (JSC::IntlPluralRulesPrototypeFuncSelect):
309         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
310         * runtime/JSArray.cpp:
311         (JSC::JSArray::defineOwnProperty):
312         (JSC::JSArray::put):
313         (JSC::JSArray::setLength):
314         (JSC::JSArray::unshiftCountWithAnyIndexingType):
315         * runtime/JSArrayBufferPrototype.cpp:
316         (JSC::arrayBufferProtoGetterFuncByteLength):
317         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
318         * runtime/JSArrayInlines.h:
319         (JSC::toLength):
320         * runtime/JSBoundFunction.cpp:
321         (JSC::boundFunctionCall):
322         (JSC::boundFunctionConstruct):
323         * runtime/JSCJSValue.cpp:
324         (JSC::JSValue::putToPrimitive):
325         * runtime/JSCJSValueInlines.h:
326         (JSC::JSValue::toIndex const):
327         (JSC::JSValue::toPropertyKey const):
328         (JSC::JSValue::get const):
329         (JSC::JSValue::getPropertySlot const):
330         (JSC::JSValue::getOwnPropertySlot const):
331         (JSC::JSValue::equalSlowCaseInline):
332         * runtime/JSDataView.cpp:
333         (JSC::JSDataView::put):
334         (JSC::JSDataView::defineOwnProperty):
335         * runtime/JSFunction.cpp:
336         (JSC::JSFunction::put):
337         (JSC::JSFunction::defineOwnProperty):
338         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
339         (JSC::constructGenericTypedArrayViewWithArguments):
340         (JSC::constructGenericTypedArrayView):
341         * runtime/JSGenericTypedArrayViewInlines.h:
342         (JSC::JSGenericTypedArrayView<Adaptor>::set):
343         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
344         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
345         (JSC::speciesConstruct):
346         (JSC::genericTypedArrayViewProtoFuncJoin):
347         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
348         * runtime/JSGlobalObject.cpp:
349         (JSC::JSGlobalObject::put):
350         * runtime/JSGlobalObjectFunctions.cpp:
351         (JSC::decode):
352         (JSC::globalFuncEval):
353         (JSC::globalFuncProtoGetter):
354         * runtime/JSInternalPromise.cpp:
355         (JSC::JSInternalPromise::then):
356         * runtime/JSModuleEnvironment.cpp:
357         (JSC::JSModuleEnvironment::put):
358         * runtime/JSModuleLoader.cpp:
359         (JSC::JSModuleLoader::provideFetch):
360         (JSC::JSModuleLoader::loadAndEvaluateModule):
361         (JSC::JSModuleLoader::loadModule):
362         (JSC::JSModuleLoader::linkAndEvaluateModule):
363         (JSC::JSModuleLoader::requestImportModule):
364         (JSC::JSModuleLoader::getModuleNamespaceObject):
365         (JSC::moduleLoaderRequestedModules):
366         * runtime/JSONObject.cpp:
367         (JSC::Stringifier::stringify):
368         (JSC::Stringifier::toJSON):
369         (JSC::Walker::walk):
370         (JSC::JSONProtoFuncStringify):
371         * runtime/JSObject.cpp:
372         (JSC::ordinarySetSlow):
373         (JSC::JSObject::putInlineSlow):
374         (JSC::JSObject::toPrimitive const):
375         (JSC::JSObject::hasInstance):
376         (JSC::JSObject::toNumber const):
377         (JSC::JSObject::defineOwnIndexedProperty):
378         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
379         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
380         (JSC::JSObject::defineOwnNonIndexProperty):
381         * runtime/JSObject.h:
382         (JSC::JSObject::get const):
383         * runtime/JSObjectInlines.h:
384         (JSC::JSObject::getPropertySlot const):
385         (JSC::JSObject::putInlineForJSObject):
386         * runtime/MapConstructor.cpp:
387         (JSC::constructMap):
388         * runtime/NativeErrorConstructor.cpp:
389         (JSC::Interpreter::constructWithNativeErrorConstructor):
390         * runtime/ObjectConstructor.cpp:
391         (JSC::constructObject):
392         (JSC::objectConstructorGetPrototypeOf):
393         (JSC::objectConstructorGetOwnPropertyDescriptor):
394         (JSC::objectConstructorGetOwnPropertyDescriptors):
395         (JSC::objectConstructorGetOwnPropertyNames):
396         (JSC::objectConstructorGetOwnPropertySymbols):
397         (JSC::objectConstructorKeys):
398         (JSC::objectConstructorDefineProperty):
399         (JSC::objectConstructorDefineProperties):
400         (JSC::objectConstructorCreate):
401         * runtime/ObjectPrototype.cpp:
402         (JSC::objectProtoFuncToLocaleString):
403         (JSC::objectProtoFuncToString):
404         * runtime/Operations.cpp:
405         (JSC::jsAddSlowCase):
406         * runtime/Operations.h:
407         (JSC::jsString):
408         (JSC::jsLess):
409         (JSC::jsLessEq):
410         * runtime/ParseInt.h:
411         (JSC::toStringView):
412         * runtime/ProxyConstructor.cpp:
413         (JSC::constructProxyObject):
414         * runtime/ProxyObject.cpp:
415         (JSC::ProxyObject::toStringName):
416         (JSC::performProxyGet):
417         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
418         (JSC::ProxyObject::performHasProperty):
419         (JSC::ProxyObject::getOwnPropertySlotCommon):
420         (JSC::ProxyObject::performPut):
421         (JSC::ProxyObject::putByIndexCommon):
422         (JSC::performProxyCall):
423         (JSC::performProxyConstruct):
424         (JSC::ProxyObject::performDelete):
425         (JSC::ProxyObject::performPreventExtensions):
426         (JSC::ProxyObject::performIsExtensible):
427         (JSC::ProxyObject::performDefineOwnProperty):
428         (JSC::ProxyObject::performSetPrototype):
429         (JSC::ProxyObject::performGetPrototype):
430         * runtime/ReflectObject.cpp:
431         (JSC::reflectObjectConstruct):
432         (JSC::reflectObjectDefineProperty):
433         (JSC::reflectObjectGet):
434         (JSC::reflectObjectGetOwnPropertyDescriptor):
435         (JSC::reflectObjectGetPrototypeOf):
436         (JSC::reflectObjectOwnKeys):
437         (JSC::reflectObjectSet):
438         * runtime/RegExpConstructor.cpp:
439         (JSC::constructRegExp):
440         * runtime/RegExpObject.cpp:
441         (JSC::RegExpObject::defineOwnProperty):
442         (JSC::RegExpObject::matchGlobal):
443         * runtime/RegExpPrototype.cpp:
444         (JSC::regExpProtoFuncTestFast):
445         (JSC::regExpProtoFuncExec):
446         (JSC::regExpProtoFuncToString):
447         * runtime/ScriptExecutable.cpp:
448         (JSC::ScriptExecutable::newCodeBlockFor):
449         * runtime/SetConstructor.cpp:
450         (JSC::constructSet):
451         * runtime/SparseArrayValueMap.cpp:
452         (JSC::SparseArrayValueMap::putEntry):
453         (JSC::SparseArrayEntry::put):
454         * runtime/StringConstructor.cpp:
455         (JSC::stringFromCharCode):
456         (JSC::stringFromCodePoint):
457         * runtime/StringObject.cpp:
458         (JSC::StringObject::put):
459         (JSC::StringObject::putByIndex):
460         (JSC::StringObject::defineOwnProperty):
461         * runtime/StringPrototype.cpp:
462         (JSC::jsSpliceSubstrings):
463         (JSC::jsSpliceSubstringsWithSeparators):
464         (JSC::removeUsingRegExpSearch):
465         (JSC::replaceUsingRegExpSearch):
466         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
467         (JSC::replaceUsingStringSearch):
468         (JSC::repeatCharacter):
469         (JSC::replace):
470         (JSC::stringProtoFuncReplaceUsingRegExp):
471         (JSC::stringProtoFuncReplaceUsingStringSearch):
472         (JSC::stringProtoFuncSplitFast):
473         (JSC::stringProtoFuncToLowerCase):
474         (JSC::stringProtoFuncToUpperCase):
475         (JSC::toLocaleCase):
476         (JSC::trimString):
477         (JSC::stringProtoFuncIncludes):
478         (JSC::builtinStringIncludesInternal):
479         (JSC::normalize):
480         (JSC::stringProtoFuncNormalize):
481         * runtime/SymbolPrototype.cpp:
482         (JSC::symbolProtoFuncToString):
483         (JSC::symbolProtoFuncValueOf):
484         * tools/JSDollarVM.cpp:
485         (WTF::functionWasmStreamingParserAddBytes):
486         (JSC::functionGetPrivateProperty):
487         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
488         (JSC::constructJSWebAssemblyCompileError):
489         * wasm/js/WebAssemblyModuleConstructor.cpp:
490         (JSC::constructJSWebAssemblyModule):
491         (JSC::WebAssemblyModuleConstructor::createModule):
492         * wasm/js/WebAssemblyTableConstructor.cpp:
493         (JSC::constructJSWebAssemblyTable):
494         * wasm/js/WebAssemblyWrapperFunction.cpp:
495         (JSC::callWebAssemblyWrapperFunction):
496
497 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
498
499         [JSC] Add a JSONStringify overload that receives a JSValue space
500         https://bugs.webkit.org/show_bug.cgi?id=190131
501
502         Reviewed by Yusuke Suzuki.
503
504         * runtime/JSONObject.cpp:
505         * runtime/JSONObject.h:
506
507 2018-10-01  Commit Queue  <commit-queue@webkit.org>
508
509         Unreviewed, rolling out r236647.
510         https://bugs.webkit.org/show_bug.cgi?id=190124
511
512         Breaking test stress/big-int-to-string.js (Requested by
513         caiolima_ on #webkit).
514
515         Reverted changeset:
516
517         "[BigInt] BigInt.proptotype.toString is broken when radix is
518         power of 2"
519         https://bugs.webkit.org/show_bug.cgi?id=190033
520         https://trac.webkit.org/changeset/236647
521
522 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
523
524         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
525         https://bugs.webkit.org/show_bug.cgi?id=189498
526
527         Reviewed by Saam Barati.
528
529         To call JS-to-Wasm code we need to convert the result value from wasm function to
530         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
531         over signature.returnType(). But since we know the value of `signature.returnType()`
532         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
533         and remove this switch from callWebAssemblyFunction.
534
535         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
536         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
537         we add an implementation for that.
538
539         * jit/AssemblyHelpers.h:
540         (JSC::AssemblyHelpers::boxDouble):
541         * wasm/js/JSToWasm.cpp:
542         (JSC::Wasm::createJSToWasmWrapper):
543         * wasm/js/WebAssemblyFunction.cpp:
544         (JSC::callWebAssemblyFunction):
545
546 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
547
548         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
549         https://bugs.webkit.org/show_bug.cgi?id=190033
550
551         Reviewed by Yusuke Suzuki.
552
553         The implementation of JSBigInt::toStringToGeneric doesn't handle power
554         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
555         implemented JSBigInt::toStringBasePowerOfTwo that follows the
556         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
557         digit.
558
559         * runtime/JSBigInt.cpp:
560         (JSC::JSBigInt::toString):
561         (JSC::JSBigInt::toStringBasePowerOfTwo):
562         * runtime/JSBigInt.h:
563
564 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
565
566         [ESNext][BigInt] Implement support for "&"
567         https://bugs.webkit.org/show_bug.cgi?id=186228
568
569         Reviewed by Yusuke Suzuki.
570
571         This patch introduces support of BigInt into bitwise "&" operation.
572         We are also introducing the ValueBitAnd DFG node, that is responsible
573         to take care of JIT for non-Int32 operands. With the introduction of this
574         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
575         follows the behavior of ArithAdd and other arithmetic nodes, where
576         the Arith<op> version always results in Number (in the case of
577         ArithBitAnd, its is always an Int32).
578
579         * bytecode/CodeBlock.cpp:
580         (JSC::CodeBlock::finishCreation):
581         * bytecompiler/BytecodeGenerator.cpp:
582         (JSC::BytecodeGenerator::emitBinaryOp):
583         * dfg/DFGAbstractInterpreterInlines.h:
584         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
585         * dfg/DFGBackwardsPropagationPhase.cpp:
586         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
587         (JSC::DFG::BackwardsPropagationPhase::propagate):
588         * dfg/DFGByteCodeParser.cpp:
589         (JSC::DFG::ByteCodeParser::parseBlock):
590         * dfg/DFGClobberize.h:
591         (JSC::DFG::clobberize):
592         * dfg/DFGDoesGC.cpp:
593         (JSC::DFG::doesGC):
594         * dfg/DFGFixupPhase.cpp:
595         (JSC::DFG::FixupPhase::fixupNode):
596         * dfg/DFGNodeType.h:
597         * dfg/DFGOperations.cpp:
598         * dfg/DFGOperations.h:
599         * dfg/DFGPredictionPropagationPhase.cpp:
600         * dfg/DFGSafeToExecute.h:
601         (JSC::DFG::safeToExecute):
602         * dfg/DFGSpeculativeJIT.cpp:
603         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
604         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
605         * dfg/DFGSpeculativeJIT.h:
606         (JSC::DFG::SpeculativeJIT::bitOp):
607         * dfg/DFGSpeculativeJIT32_64.cpp:
608         (JSC::DFG::SpeculativeJIT::compile):
609         * dfg/DFGSpeculativeJIT64.cpp:
610         (JSC::DFG::SpeculativeJIT::compile):
611         * dfg/DFGStrengthReductionPhase.cpp:
612         (JSC::DFG::StrengthReductionPhase::handleNode):
613         * ftl/FTLCapabilities.cpp:
614         (JSC::FTL::canCompile):
615         * ftl/FTLLowerDFGToB3.cpp:
616         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
617         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
618         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
619         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
620         * jit/JIT.h:
621         * jit/JITArithmetic.cpp:
622         (JSC::JIT::emitBitBinaryOpFastPath):
623         (JSC::JIT::emit_op_bitand):
624         * llint/LowLevelInterpreter32_64.asm:
625         * llint/LowLevelInterpreter64.asm:
626         * runtime/CommonSlowPaths.cpp:
627         (JSC::SLOW_PATH_DECL):
628         * runtime/JSBigInt.cpp:
629         (JSC::JSBigInt::JSBigInt):
630         (JSC::JSBigInt::initialize):
631         (JSC::JSBigInt::createZero):
632         (JSC::JSBigInt::createFrom):
633         (JSC::JSBigInt::bitwiseAnd):
634         (JSC::JSBigInt::absoluteBitwiseOp):
635         (JSC::JSBigInt::absoluteAnd):
636         (JSC::JSBigInt::absoluteOr):
637         (JSC::JSBigInt::absoluteAndNot):
638         (JSC::JSBigInt::absoluteAddOne):
639         (JSC::JSBigInt::absoluteSubOne):
640         * runtime/JSBigInt.h:
641         * runtime/JSCJSValue.h:
642         * runtime/JSCJSValueInlines.h:
643         (JSC::JSValue::toBigIntOrInt32 const):
644
645 2018-09-28  Mark Lam  <mark.lam@apple.com>
646
647         Gardening: speculative build fix.
648         <rdar://problem/44869924>
649
650         Not reviewed.
651
652         * assembler/LinkBuffer.cpp:
653         (JSC::LinkBuffer::copyCompactAndLinkCode):
654
655 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
656
657         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
658         https://bugs.webkit.org/show_bug.cgi?id=190080
659
660         Reviewed by Mark Lam.
661
662         * assembler/ARMv7Assembler.h:
663         (JSC::ARMv7Assembler::link):
664         (JSC::ARMv7Assembler::linkJumpT1):
665         (JSC::ARMv7Assembler::linkJumpT2):
666         (JSC::ARMv7Assembler::linkJumpT3):
667         (JSC::ARMv7Assembler::linkJumpT4):
668         (JSC::ARMv7Assembler::linkConditionalJumpT4):
669         (JSC::ARMv7Assembler::linkBX):
670         (JSC::ARMv7Assembler::linkConditionalBX):
671         * assembler/MacroAssemblerARMv7.h:
672         (JSC::MacroAssemblerARMv7::link):
673
674 2018-09-27  Saam barati  <sbarati@apple.com>
675
676         Verify the contents of AssemblerBuffer on arm64e
677         https://bugs.webkit.org/show_bug.cgi?id=190057
678         <rdar://problem/38916630>
679
680         Reviewed by Mark Lam.
681
682         * assembler/ARM64Assembler.h:
683         (JSC::ARM64Assembler::ARM64Assembler):
684         (JSC::ARM64Assembler::fillNops):
685         (JSC::ARM64Assembler::link):
686         (JSC::ARM64Assembler::linkJumpOrCall):
687         (JSC::ARM64Assembler::linkCompareAndBranch):
688         (JSC::ARM64Assembler::linkConditionalBranch):
689         (JSC::ARM64Assembler::linkTestAndBranch):
690         (JSC::ARM64Assembler::unlinkedCode): Deleted.
691         * assembler/ARMAssembler.h:
692         (JSC::ARMAssembler::fillNops):
693         * assembler/ARMv7Assembler.h:
694         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
695         * assembler/AbstractMacroAssembler.h:
696         (JSC::AbstractMacroAssembler::emitNops):
697         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
698         * assembler/AssemblerBuffer.h:
699         (JSC::ARM64EHash::ARM64EHash):
700         (JSC::ARM64EHash::update):
701         (JSC::ARM64EHash::hash const):
702         (JSC::ARM64EHash::randomSeed const):
703         (JSC::AssemblerBuffer::AssemblerBuffer):
704         (JSC::AssemblerBuffer::putShort):
705         (JSC::AssemblerBuffer::putIntUnchecked):
706         (JSC::AssemblerBuffer::putInt):
707         (JSC::AssemblerBuffer::hash const):
708         (JSC::AssemblerBuffer::data const):
709         (JSC::AssemblerBuffer::putIntegralUnchecked):
710         (JSC::AssemblerBuffer::append): Deleted.
711         * assembler/LinkBuffer.cpp:
712         (JSC::LinkBuffer::copyCompactAndLinkCode):
713         * assembler/MIPSAssembler.h:
714         (JSC::MIPSAssembler::fillNops):
715         * assembler/MacroAssemblerARM64.h:
716         (JSC::MacroAssemblerARM64::jumpsToLink):
717         (JSC::MacroAssemblerARM64::link):
718         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
719         * assembler/MacroAssemblerARMv7.h:
720         (JSC::MacroAssemblerARMv7::jumpsToLink):
721         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
722         * assembler/X86Assembler.h:
723         (JSC::X86Assembler::fillNops):
724
725 2018-09-27  Mark Lam  <mark.lam@apple.com>
726
727         ByValInfo should not use integer offsets.
728         https://bugs.webkit.org/show_bug.cgi?id=190070
729         <rdar://problem/44803430>
730
731         Reviewed by Saam Barati.
732
733         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
734
735         * bytecode/ByValInfo.h:
736         (JSC::ByValInfo::ByValInfo):
737         * jit/JIT.cpp:
738         (JSC::JIT::link):
739         * jit/JITOpcodes.cpp:
740         (JSC::JIT::privateCompileHasIndexedProperty):
741         * jit/JITOpcodes32_64.cpp:
742         (JSC::JIT::privateCompileHasIndexedProperty):
743         * jit/JITPropertyAccess.cpp:
744         (JSC::JIT::privateCompileGetByVal):
745         (JSC::JIT::privateCompileGetByValWithCachedId):
746         (JSC::JIT::privateCompilePutByVal):
747         (JSC::JIT::privateCompilePutByValWithCachedId):
748
749 2018-09-27  Saam barati  <sbarati@apple.com>
750
751         DFG::OSRExit::m_patchableCodeOffset should not be an int
752         https://bugs.webkit.org/show_bug.cgi?id=190066
753         <rdar://problem/39498244>
754
755         Reviewed by Mark Lam.
756
757         * dfg/DFGJITCompiler.cpp:
758         (JSC::DFG::JITCompiler::linkOSRExits):
759         (JSC::DFG::JITCompiler::link):
760         * dfg/DFGOSRExit.cpp:
761         (JSC::DFG::OSRExit::codeLocationForRepatch const):
762         (JSC::DFG::OSRExit::compileOSRExit):
763         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
764         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
765         (JSC::DFG::OSRExit::correctJump): Deleted.
766         * dfg/DFGOSRExit.h:
767         * dfg/DFGOSRExitCompilationInfo.h:
768
769 2018-09-27  Saam barati  <sbarati@apple.com>
770
771         Don't use int offsets in StructureStubInfo
772         https://bugs.webkit.org/show_bug.cgi?id=190064
773         <rdar://problem/44784719>
774
775         Reviewed by Mark Lam.
776
777         * bytecode/InlineAccess.cpp:
778         (JSC::linkCodeInline):
779         * bytecode/StructureStubInfo.h:
780         (JSC::StructureStubInfo::slowPathCallLocation):
781         (JSC::StructureStubInfo::doneLocation):
782         (JSC::StructureStubInfo::slowPathStartLocation):
783         * jit/JITInlineCacheGenerator.cpp:
784         (JSC::JITInlineCacheGenerator::finalize):
785
786 2018-09-27  Mark Lam  <mark.lam@apple.com>
787
788         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
789         https://bugs.webkit.org/show_bug.cgi?id=190054
790         <rdar://problem/44803543>
791
792         Reviewed by Saam Barati.
793
794         * dfg/DFGJITCode.h:
795         (JSC::DFG::JITCode::appendOSREntryData):
796         * dfg/DFGJITCompiler.cpp:
797         (JSC::DFG::JITCompiler::noticeOSREntry):
798         * dfg/DFGOSREntry.cpp:
799         (JSC::DFG::OSREntryData::dumpInContext const):
800         (JSC::DFG::prepareOSREntry):
801         * dfg/DFGOSREntry.h:
802         * runtime/JSCPtrTag.h:
803
804 2018-09-27  Mark Lam  <mark.lam@apple.com>
805
806         JITMathIC should not use integer offsets into machine code.
807         https://bugs.webkit.org/show_bug.cgi?id=190030
808         <rdar://problem/44803307>
809
810         Reviewed by Saam Barati.
811
812         We'll replace them with CodeLocation smart pointers instead.
813
814         * jit/JITMathIC.h:
815         (JSC::isProfileEmpty):
816
817 2018-09-26  Mark Lam  <mark.lam@apple.com>
818
819         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
820         https://bugs.webkit.org/show_bug.cgi?id=190022
821         <rdar://problem/44800928>
822
823         Reviewed by Saam Barati.
824
825         * jit/ExecutableAllocator.cpp:
826         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
827         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
828         * jit/ExecutableAllocator.h:
829         (JSC::performJITMemcpy):
830         * runtime/Options.cpp:
831         (JSC::recomputeDependentOptions):
832
833 2018-09-26  Mark Lam  <mark.lam@apple.com>
834
835         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
836         https://bugs.webkit.org/show_bug.cgi?id=190016
837         <rdar://problem/44802875>
838
839         Reviewed by Saam Barati.
840
841         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
842         JIT memory.
843
844         * assembler/ARM64Assembler.h:
845         (JSC::ARM64Assembler::fillNops):
846         (JSC::ARM64Assembler::replaceWithVMHalt):
847         (JSC::ARM64Assembler::replaceWithJump):
848         (JSC::ARM64Assembler::replaceWithLoad):
849         (JSC::ARM64Assembler::replaceWithAddressComputation):
850         (JSC::ARM64Assembler::setPointer):
851         (JSC::ARM64Assembler::repatchInt32):
852         (JSC::ARM64Assembler::repatchCompact):
853         (JSC::ARM64Assembler::linkJumpOrCall):
854         (JSC::ARM64Assembler::linkCompareAndBranch):
855         (JSC::ARM64Assembler::linkConditionalBranch):
856         (JSC::ARM64Assembler::linkTestAndBranch):
857         * assembler/LinkBuffer.cpp:
858         (JSC::LinkBuffer::copyCompactAndLinkCode):
859         (JSC::LinkBuffer::linkCode):
860         * jit/ExecutableAllocator.h:
861         (JSC::performJITMemcpy):
862
863 2018-09-25  Keith Miller  <keith_miller@apple.com>
864
865         Move Symbol API to SPI
866         https://bugs.webkit.org/show_bug.cgi?id=189946
867
868         Reviewed by Michael Saboff.
869
870         Some of the property access methods on JSValue needed to be moved
871         to a category so that SPI overloads don't result in a compiler
872         error for internal users.
873
874         Additionally, this patch does not move the new enum entry for
875         Symbols in the JSType enumeration.
876
877         * API/JSObjectRef.h:
878         * API/JSObjectRefPrivate.h:
879         * API/JSValue.h:
880         * API/JSValuePrivate.h:
881         * API/JSValueRef.h:
882
883 2018-09-26  Keith Miller  <keith_miller@apple.com>
884
885         We should zero unused property storage when rebalancing array storage.
886         https://bugs.webkit.org/show_bug.cgi?id=188151
887
888         Reviewed by Michael Saboff.
889
890         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
891         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
892         property storage.
893
894         * runtime/JSArray.cpp:
895         (JSC::JSArray::unshiftCountSlowCase):
896
897 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
898
899         Unreviewed, add scope verification handling
900         https://bugs.webkit.org/show_bug.cgi?id=189780
901
902         * runtime/ArrayPrototype.cpp:
903         (JSC::arrayProtoFuncIndexOf):
904         (JSC::arrayProtoFuncLastIndexOf):
905
906 2018-09-26  Koby Boyango  <koby.b@mce.systems>
907
908         [JSC] offlineasm parser should handle CRLF in asm files
909         https://bugs.webkit.org/show_bug.cgi?id=189949
910
911         Reviewed by Mark Lam.
912
913         * offlineasm/parser.rb:
914
915 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
916
917         [JSC] Optimize Array#lastIndexOf
918         https://bugs.webkit.org/show_bug.cgi?id=189780
919
920         Reviewed by Saam Barati.
921
922         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
923         for JSArray with contiguous storage.
924
925         * runtime/ArrayPrototype.cpp:
926         (JSC::arrayProtoFuncLastIndexOf):
927
928 2018-09-25  Saam Barati  <sbarati@apple.com>
929
930         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
931         https://bugs.webkit.org/show_bug.cgi?id=189940
932         <rdar://problem/43640987>
933
934         Reviewed by Mark Lam.
935
936         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
937         CodeBlock. There is nothing semantically wrong with doing that (except for
938         poor naming), however, the poor naming here led us to make a real semantic
939         mistake. We wanted the baseline CodeBlock's constant pool, but we were
940         accessing the FTL CodeBlock's constant pool accidentally. We need to
941         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
942         constant value.
943
944         * bytecode/InlineCallFrame.h:
945         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
946         * ftl/FTLOperations.cpp:
947         (JSC::FTL::operationMaterializeObjectInOSR):
948
949 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
950
951         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
952         https://bugs.webkit.org/show_bug.cgi?id=189962
953         <rdar://problem/44648287>
954
955         Reviewed by Brian Burg.
956
957         * inspector/scripts/codegen/generate_objc_header.py:
958         (ObjCHeaderGenerator._callback_block_for_command):
959         If there are no return parameters include "void" in the block signature.
960
961         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
962         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
963         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
964         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
965         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
966         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
967         Rebaseline test results.
968
969 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
970
971         Remove AUTHORS and THANKS files which are stale
972         https://bugs.webkit.org/show_bug.cgi?id=189941
973
974         Reviewed by Darin Adler.
975
976         Included mentions below so their names are still in ChangeLogs.
977
978         * AUTHORS: Removed.
979         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
980         These authors remain mentioned in copyrights in source files.
981
982         * THANKS: Removed.
983         Richard Moore <rich@kde.org> - for filling the Math object with some life
984         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
985         Marco Pinelli <pinmc@libero.it> - for his patches
986         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
987         
988 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
989
990         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
991         https://bugs.webkit.org/show_bug.cgi?id=189733
992
993         Reviewed by Michael Catanzaro.
994
995         * assembler/ARM64Assembler.h:
996         * assembler/ARMAssembler.h:
997         (JSC::ARMAssembler::cacheFlush):
998         * assembler/MacroAssemblerARM.cpp:
999         (JSC::isVFPPresent):
1000         * assembler/MacroAssemblerARM64.cpp:
1001         * assembler/MacroAssemblerARMv7.cpp:
1002         * assembler/MacroAssemblerMIPS.cpp:
1003         * assembler/MacroAssemblerX86Common.cpp:
1004         * heap/HeapCell.cpp:
1005         * heap/HeapCell.h:
1006         * jit/HostCallReturnValue.h:
1007         * jit/JIT.h:
1008         * jit/JITOperations.cpp:
1009         * jit/ThunkGenerators.cpp:
1010         * runtime/ArrayConventions.cpp:
1011         (JSC::clearArrayMemset):
1012         * runtime/JSBigInt.cpp:
1013         (JSC::JSBigInt::digitDiv):
1014
1015 2018-09-24  Saam Barati  <sbarati@apple.com>
1016
1017         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1018         https://bugs.webkit.org/show_bug.cgi?id=189922
1019         <rdar://problem/44651275>
1020
1021         Reviewed by Mark Lam.
1022
1023         The implementation was first getting the length to iterate up to,
1024         then getting the starting index. However, getting the starting
1025         index may perform effects. e.g, it could change the length of the
1026         array. This changes it so we verify the length is still valid.
1027
1028         * runtime/ArrayPrototype.cpp:
1029         (JSC::arrayProtoFuncIndexOf):
1030
1031 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1032
1033         offlineasm: fix macro scoping
1034         https://bugs.webkit.org/show_bug.cgi?id=189902
1035
1036         Reviewed by Mark Lam.
1037
1038         In the code below, the reference to `f` in `g`, which should refer to
1039         the outer macro definition will instead refer to the f argument of the
1040         anonymous macro passed to `g`. That leads to this code failing to
1041         compile (f expected 0 args but got 1).
1042         
1043         ```
1044         macro f(x)
1045             move x, t0
1046         end
1047         
1048         macro g(fn)
1049             fn(macro () f(42) end)
1050         end
1051         
1052         g(macro(f) f() end)
1053         ```
1054
1055         * offlineasm/ast.rb:
1056         * offlineasm/transform.rb:
1057
1058 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1059
1060         Add forEach method for iterating CodeBlock's ValueProfiles
1061         https://bugs.webkit.org/show_bug.cgi?id=189897
1062
1063         Reviewed by Mark Lam.
1064
1065         Add method to abstract how we find ValueProfiles in a CodeBlock in
1066         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
1067         ValueProfiles will be stored in the MetadataTable.
1068
1069         * bytecode/CodeBlock.cpp:
1070         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1071         (JSC::CodeBlock::updateAllValueProfilePredictions):
1072         (JSC::CodeBlock::shouldOptimizeNow):
1073         (JSC::CodeBlock::dumpValueProfiles):
1074         * bytecode/CodeBlock.h:
1075         (JSC::CodeBlock::forEachValueProfile):
1076         (JSC::CodeBlock::numberOfArgumentValueProfiles):
1077         (JSC::CodeBlock::valueProfileForArgument):
1078         (JSC::CodeBlock::numberOfValueProfiles):
1079         (JSC::CodeBlock::valueProfile):
1080         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
1081         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
1082         * tools/HeapVerifier.cpp:
1083         (JSC::HeapVerifier::validateJSCell):
1084
1085 2018-09-24  Saam barati  <sbarati@apple.com>
1086
1087         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1088         https://bugs.webkit.org/show_bug.cgi?id=189682
1089         <rdar://problem/43557315>
1090
1091         Reviewed by Mark Lam.
1092
1093         Otherwise, if we have code like this:
1094         ```
1095         a: Arguments
1096         b: GetButterfly(@a)
1097         c: ForceExit
1098         d: GetArrayLength(@a, @b)
1099         ```
1100         it will get transformed into this invalid DFG IR:
1101         ```
1102         a: PhantomArguments
1103         b: Check(@a)
1104         c: ForceExit
1105         d: GetArrayLength(@a, @b)
1106         ```
1107         
1108         And we will fail DFG validation since @b does not have a result.
1109         
1110         The fix is to just remove all nodes after the ForceExit and plant an
1111         Unreachable after it. So the above code program will now turn into this:
1112         ```
1113         a: PhantomArguments
1114         b: Check(@a)
1115         c: ForceExit
1116         e: Unreachable
1117         ```
1118
1119         * dfg/DFGArgumentsEliminationPhase.cpp:
1120
1121 2018-09-22  Saam barati  <sbarati@apple.com>
1122
1123         The sampling should not use Strong<CodeBlock> in its machineLocation field
1124         https://bugs.webkit.org/show_bug.cgi?id=189319
1125
1126         Reviewed by Filip Pizlo.
1127
1128         The sampling profiler has a CLI mode where we gather information about inline
1129         call frames. That data structure was using a Strong<CodeBlock>. We were
1130         constructing this Strong<CodeBlock> during GC concurrently to processing all
1131         the Strong handles. This is a bug since we end up corrupting that data
1132         structure. This patch fixes this by just making this data structure use the
1133         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
1134
1135         * inspector/agents/InspectorScriptProfilerAgent.cpp:
1136         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1137         * runtime/SamplingProfiler.cpp:
1138         (JSC::SamplingProfiler::processUnverifiedStackTraces):
1139
1140         (JSC::SamplingProfiler::reportTopFunctions):
1141         (JSC::SamplingProfiler::reportTopBytecodes):
1142         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
1143         cause a GC to happen while already holding the sampling profiler's
1144         lock.
1145
1146 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1147
1148         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
1149         https://bugs.webkit.org/show_bug.cgi?id=189778
1150
1151         Reviewed by Keith Miller.
1152
1153         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
1154         Linux and macOS respectively. We would like to enable it for non JIT
1155         configurations in X86_64 and ARM64.
1156
1157         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
1158         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
1159         configuration. But it is wrong in the new scenario since we have a build
1160         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
1161         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
1162         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
1163         related to LLInt ASM interpreter and not related to JIT.
1164
1165         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
1166         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
1167         has machine register information that is used in LLInt ASM interpreter.
1168
1169         * API/tests/PingPongStackOverflowTest.cpp:
1170         (testPingPongStackOverflow):
1171         * CMakeLists.txt:
1172         * JavaScriptCore.xcodeproj/project.pbxproj:
1173         * assembler/MaxFrameExtentForSlowPathCall.h:
1174         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
1175         * bytecode/CodeBlock.cpp:
1176         (JSC::CodeBlock::finishCreation):
1177         * bytecode/CodeBlock.h:
1178         (JSC::CodeBlock::calleeSaveRegisters const):
1179         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
1180         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1181         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
1182         * bytecode/Opcode.h:
1183         (JSC::padOpcodeName):
1184         * heap/Heap.cpp:
1185         (JSC::Heap::gatherJSStackRoots):
1186         (JSC::Heap::stopThePeriphery):
1187         * interpreter/CLoopStack.cpp:
1188         * interpreter/CLoopStack.h:
1189         * interpreter/CLoopStackInlines.h:
1190         * interpreter/EntryFrame.h:
1191         * interpreter/Interpreter.cpp:
1192         (JSC::Interpreter::Interpreter):
1193         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
1194         * interpreter/Interpreter.h:
1195         * interpreter/StackVisitor.cpp:
1196         (JSC::StackVisitor::Frame::calleeSaveRegisters):
1197         * interpreter/VMEntryRecord.h:
1198         * jit/ExecutableAllocator.h:
1199         * jit/FPRInfo.h:
1200         (WTF::printInternal):
1201         * jit/GPRInfo.cpp:
1202         * jit/GPRInfo.h:
1203         (WTF::printInternal):
1204         * jit/HostCallReturnValue.cpp:
1205         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
1206         * jit/HostCallReturnValue.h:
1207         * jit/JITOperations.cpp:
1208         (JSC::getHostCallReturnValueWithExecState): Deleted.
1209         * jit/JITOperationsMSVC64.cpp:
1210         * jit/Reg.cpp:
1211         * jit/Reg.h:
1212         * jit/RegisterAtOffset.cpp:
1213         * jit/RegisterAtOffset.h:
1214         * jit/RegisterAtOffsetList.cpp:
1215         * jit/RegisterAtOffsetList.h:
1216         * jit/RegisterMap.h:
1217         * jit/RegisterSet.cpp:
1218         * jit/RegisterSet.h:
1219         * jit/TempRegisterSet.cpp:
1220         * jit/TempRegisterSet.h:
1221         * llint/LLIntCLoop.cpp:
1222         * llint/LLIntCLoop.h:
1223         * llint/LLIntData.cpp:
1224         (JSC::LLInt::initialize):
1225         (JSC::LLInt::Data::performAssertions):
1226         * llint/LLIntData.h:
1227         * llint/LLIntOfflineAsmConfig.h:
1228         * llint/LLIntOpcode.h:
1229         * llint/LLIntPCRanges.h:
1230         * llint/LLIntSlowPaths.cpp:
1231         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1232         * llint/LLIntSlowPaths.h:
1233         * llint/LLIntThunks.cpp:
1234         * llint/LowLevelInterpreter.cpp:
1235         * llint/LowLevelInterpreter.h:
1236         * runtime/JSCJSValue.h:
1237         * runtime/MachineContext.h:
1238         * runtime/SamplingProfiler.cpp:
1239         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
1240         for LLInt ASM interpreter with non JIT configuration.
1241         * runtime/TestRunnerUtils.cpp:
1242         (JSC::optimizeNextInvocation):
1243         * runtime/VM.cpp:
1244         (JSC::VM::VM):
1245         (JSC::VM::getHostFunction):
1246         (JSC::VM::updateSoftReservedZoneSize):
1247         (JSC::sanitizeStackForVM):
1248         (JSC::VM::committedStackByteCount):
1249         * runtime/VM.h:
1250         * runtime/VMInlines.h:
1251         (JSC::VM::ensureStackCapacityFor):
1252         (JSC::VM::isSafeToRecurseSoft const):
1253
1254 2018-09-21  Keith Miller  <keith_miller@apple.com>
1255
1256         Add Promise SPI
1257         https://bugs.webkit.org/show_bug.cgi?id=189809
1258
1259         Reviewed by Saam Barati.
1260
1261         The Patch adds new SPI to create promises. It's mostly SPI because
1262         I want to see how internal users react to it before we make it
1263         public.
1264
1265         This patch adds a couple of new Obj-C SPI methods. The first
1266         creates a new promise using the same API that JS does where the
1267         user provides an executor callback. If an exception is raised
1268         in/to that callback the promise is automagically rejected. The
1269         other methods create a pre-resolved or rejected promise as this
1270         appears to be a common way to initialize a promise.
1271
1272         I was also considering adding a second version of executor API
1273         where it would catch specific Obj-C exceptions. This would work by
1274         taking a Class paramter and checking isKindOfClass: on the
1275         exception. I decided against this as nothing else in our API
1276         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
1277         corrupt state if an Obj-C exception unwinds through JS frames.
1278
1279         This patch adds a new C function that will create a "deferred"
1280         promise. A deferred promise is a style of creating promise/futures
1281         where the resolve and reject functions are passed as outputs of a
1282         function. I went with this style for the C SPI because we don't have
1283         any concept of forwarding exceptions in the C API.
1284
1285         In order to make the C API work I refactored a bit of the promise code
1286         so that we can call a static method on JSDeferredPromise and just get
1287         the components without allocating an extra cell wrapper.
1288
1289         * API/JSContext.mm:
1290         (+[JSContext currentCallee]):
1291         * API/JSObjectRef.cpp:
1292         (JSObjectMakeDeferredPromise):
1293         * API/JSObjectRefPrivate.h:
1294         * API/JSValue.mm:
1295         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
1296         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
1297         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
1298         * API/JSValuePrivate.h: Added.
1299         * API/JSVirtualMachine.mm:
1300         * API/JSVirtualMachinePrivate.h:
1301         * API/tests/testapi.c:
1302         (main):
1303         * API/tests/testapi.cpp:
1304         (APIContext::operator JSC::ExecState*):
1305         (TestAPI::failed const):
1306         (TestAPI::check):
1307         (TestAPI::basicSymbol):
1308         (TestAPI::symbolsTypeof):
1309         (TestAPI::symbolsGetPropertyForKey):
1310         (TestAPI::symbolsSetPropertyForKey):
1311         (TestAPI::symbolsHasPropertyForKey):
1312         (TestAPI::symbolsDeletePropertyForKey):
1313         (TestAPI::promiseResolveTrue):
1314         (TestAPI::promiseRejectTrue):
1315         (testCAPIViaCpp):
1316         (TestAPI::run): Deleted.
1317         * API/tests/testapi.mm:
1318         (testObjectiveCAPIMain):
1319         (promiseWithExecutor):
1320         (promiseRejectOnJSException):
1321         (promiseCreateResolved):
1322         (promiseCreateRejected):
1323         (parallelPromiseResolveTest):
1324         (testObjectiveCAPI):
1325         * JavaScriptCore.xcodeproj/project.pbxproj:
1326         * runtime/JSInternalPromiseDeferred.cpp:
1327         (JSC::JSInternalPromiseDeferred::create):
1328         * runtime/JSPromise.h:
1329         * runtime/JSPromiseConstructor.cpp:
1330         (JSC::constructPromise):
1331         * runtime/JSPromiseDeferred.cpp:
1332         (JSC::JSPromiseDeferred::createDeferredData):
1333         (JSC::JSPromiseDeferred::create):
1334         (JSC::JSPromiseDeferred::finishCreation):
1335         (JSC::newPromiseCapability): Deleted.
1336         * runtime/JSPromiseDeferred.h:
1337         (JSC::JSPromiseDeferred::promise const):
1338         (JSC::JSPromiseDeferred::resolve const):
1339         (JSC::JSPromiseDeferred::reject const):
1340
1341 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
1342
1343         Unreviewed, rolling out r236359.
1344
1345         Broke the Windows build.
1346
1347         Reverted changeset:
1348
1349         "Add Promise SPI"
1350         https://bugs.webkit.org/show_bug.cgi?id=189809
1351         https://trac.webkit.org/changeset/236359
1352
1353 2018-09-21  Mark Lam  <mark.lam@apple.com>
1354
1355         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
1356         https://bugs.webkit.org/show_bug.cgi?id=189855
1357         <rdar://problem/44680181>
1358
1359         Reviewed by Filip Pizlo.
1360
1361         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
1362         ExecState* argument.  This is intentional so that resolveRope() does not throw
1363         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
1364         get the VM from the cell instead of via the ExecState.
1365
1366         Also removed an obsolete and unused field in JSString.
1367
1368         * runtime/JSString.cpp:
1369         (JSC::JSRopeString::resolveRope const):
1370         (JSC::JSRopeString::outOfMemory const):
1371         * runtime/JSString.h:
1372         (JSC::JSString::tryGetValue const):
1373
1374 2018-09-21  Michael Saboff  <msaboff@apple.com>
1375
1376         Add functions to measure memory footprint to JSC
1377         https://bugs.webkit.org/show_bug.cgi?id=189768
1378
1379         Reviewed by Saam Barati.
1380
1381         Rolling this back in again.
1382
1383         Provide system memory metrics for the current process to aid in memory reduction measurement and
1384         tuning using native JS tests.
1385
1386         * jsc.cpp:
1387         (MemoryFootprint::now):
1388         (MemoryFootprint::resetPeak):
1389         (GlobalObject::finishCreation):
1390         (JSCMemoryFootprint::JSCMemoryFootprint):
1391         (JSCMemoryFootprint::createStructure):
1392         (JSCMemoryFootprint::create):
1393         (JSCMemoryFootprint::finishCreation):
1394         (JSCMemoryFootprint::addProperty):
1395         (functionResetMemoryPeak):
1396
1397 2018-09-21  Keith Miller  <keith_miller@apple.com>
1398
1399         Add Promise SPI
1400         https://bugs.webkit.org/show_bug.cgi?id=189809
1401
1402         Reviewed by Saam Barati.
1403
1404         The Patch adds new SPI to create promises. It's mostly SPI because
1405         I want to see how internal users react to it before we make it
1406         public.
1407
1408         This patch adds a couple of new Obj-C SPI methods. The first
1409         creates a new promise using the same API that JS does where the
1410         user provides an executor callback. If an exception is raised
1411         in/to that callback the promise is automagically rejected. The
1412         other methods create a pre-resolved or rejected promise as this
1413         appears to be a common way to initialize a promise.
1414
1415         I was also considering adding a second version of executor API
1416         where it would catch specific Obj-C exceptions. This would work by
1417         taking a Class paramter and checking isKindOfClass: on the
1418         exception. I decided against this as nothing else in our API
1419         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
1420         corrupt state if an Obj-C exception unwinds through JS frames.
1421
1422         This patch adds a new C function that will create a "deferred"
1423         promise. A deferred promise is a style of creating promise/futures
1424         where the resolve and reject functions are passed as outputs of a
1425         function. I went with this style for the C SPI because we don't have
1426         any concept of forwarding exceptions in the C API.
1427
1428         In order to make the C API work I refactored a bit of the promise code
1429         so that we can call a static method on JSDeferredPromise and just get
1430         the components without allocating an extra cell wrapper.
1431
1432         * API/JSContext.mm:
1433         (+[JSContext currentCallee]):
1434         * API/JSObjectRef.cpp:
1435         (JSObjectMakeDeferredPromise):
1436         * API/JSObjectRefPrivate.h:
1437         * API/JSValue.mm:
1438         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
1439         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
1440         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
1441         * API/JSValuePrivate.h: Added.
1442         * API/JSVirtualMachine.mm:
1443         * API/JSVirtualMachinePrivate.h:
1444         * API/tests/testapi.c:
1445         (main):
1446         * API/tests/testapi.cpp:
1447         (APIContext::operator JSC::ExecState*):
1448         (TestAPI::failed const):
1449         (TestAPI::check):
1450         (TestAPI::basicSymbol):
1451         (TestAPI::symbolsTypeof):
1452         (TestAPI::symbolsGetPropertyForKey):
1453         (TestAPI::symbolsSetPropertyForKey):
1454         (TestAPI::symbolsHasPropertyForKey):
1455         (TestAPI::symbolsDeletePropertyForKey):
1456         (TestAPI::promiseResolveTrue):
1457         (TestAPI::promiseRejectTrue):
1458         (testCAPIViaCpp):
1459         (TestAPI::run): Deleted.
1460         * API/tests/testapi.mm:
1461         (testObjectiveCAPIMain):
1462         (promiseWithExecutor):
1463         (promiseRejectOnJSException):
1464         (promiseCreateResolved):
1465         (promiseCreateRejected):
1466         (parallelPromiseResolveTest):
1467         (testObjectiveCAPI):
1468         * JavaScriptCore.xcodeproj/project.pbxproj:
1469         * runtime/JSInternalPromiseDeferred.cpp:
1470         (JSC::JSInternalPromiseDeferred::create):
1471         * runtime/JSPromise.h:
1472         * runtime/JSPromiseConstructor.cpp:
1473         (JSC::constructPromise):
1474         * runtime/JSPromiseDeferred.cpp:
1475         (JSC::JSPromiseDeferred::createDeferredData):
1476         (JSC::JSPromiseDeferred::create):
1477         (JSC::JSPromiseDeferred::finishCreation):
1478         (JSC::newPromiseCapability): Deleted.
1479         * runtime/JSPromiseDeferred.h:
1480         (JSC::JSPromiseDeferred::promise const):
1481         (JSC::JSPromiseDeferred::resolve const):
1482         (JSC::JSPromiseDeferred::reject const):
1483
1484 2018-09-21  Truitt Savell  <tsavell@apple.com>
1485
1486         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
1487         https://bugs.webkit.org/show_bug.cgi?id=156674
1488
1489         Unreviewed Test Gardening
1490
1491         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
1492         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
1493
1494 2018-09-21  Mike Gorse  <mgorse@suse.com>
1495
1496         Build tools should work when the /usr/bin/python is python3
1497         https://bugs.webkit.org/show_bug.cgi?id=156674
1498
1499         Reviewed by Michael Catanzaro.
1500
1501         * Scripts/cssmin.py:
1502         * Scripts/generate-js-builtins.py:
1503         (do_open):
1504         (generate_bindings_for_builtins_files):
1505         * Scripts/generateIntlCanonicalizeLanguage.py:
1506         * Scripts/jsmin.py:
1507         (JavascriptMinify.minify.write):
1508         (JavascriptMinify):
1509         (JavascriptMinify.minify):
1510         * Scripts/make-js-file-arrays.py:
1511         (chunk):
1512         (main):
1513         * Scripts/wkbuiltins/__init__.py:
1514         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
1515         (generate_section_for_global_private_code_name_macro):
1516         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
1517         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
1518         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
1519         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
1520         * Scripts/wkbuiltins/builtins_model.py:
1521         (BuiltinFunction.__lt__):
1522         (BuiltinsCollection.copyrights):
1523         (BuiltinsCollection._parse_functions):
1524         * disassembler/udis86/ud_opcode.py:
1525         (UdOpcodeTables.pprint.printWalk):
1526         * generate-bytecode-files:
1527         * inspector/scripts/codegen/__init__.py:
1528         * inspector/scripts/codegen/cpp_generator.py:
1529         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
1530         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
1531         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1532         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
1533         (CppBackendDispatcherHeaderGenerator.generate_output):
1534         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1535         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1536         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
1537         (CppBackendDispatcherImplementationGenerator.generate_output):
1538         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1539         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
1540         (CppFrontendDispatcherHeaderGenerator.generate_output):
1541         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1542         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
1543         (CppFrontendDispatcherImplementationGenerator.generate_output):
1544         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1545         (CppProtocolTypesHeaderGenerator.generate_output):
1546         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
1547         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1548         (CppProtocolTypesImplementationGenerator.generate_output):
1549         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
1550         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
1551         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1552         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
1553         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
1554         * inspector/scripts/codegen/generate_js_backend_commands.py:
1555         (JSBackendCommandsGenerator.should_generate_domain):
1556         (JSBackendCommandsGenerator.domains_to_generate):
1557         (JSBackendCommandsGenerator.generate_output):
1558         (JSBackendCommandsGenerator.generate_domain):
1559         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1560         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
1561         (ObjCBackendDispatcherHeaderGenerator.generate_output):
1562         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1563         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
1564         (ObjCBackendDispatcherImplementationGenerator.generate_output):
1565         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
1566         * inspector/scripts/codegen/generate_objc_configuration_header.py:
1567         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
1568         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1569         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
1570         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
1571         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1572         * inspector/scripts/codegen/generate_objc_header.py:
1573         (ObjCHeaderGenerator.generate_output):
1574         (ObjCHeaderGenerator._generate_type_interface):
1575         * inspector/scripts/codegen/generate_objc_internal_header.py:
1576         (ObjCInternalHeaderGenerator.generate_output):
1577         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1578         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
1579         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
1580         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
1581         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
1582         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1583         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
1584         (ObjCProtocolTypesImplementationGenerator.generate_output):
1585         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
1586         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1587         * inspector/scripts/codegen/generator.py:
1588         (Generator.non_supplemental_domains):
1589         (Generator.open_fields):
1590         (Generator.calculate_types_requiring_shape_assertions):
1591         (Generator._traverse_and_assign_enum_values):
1592         (Generator.stylized_name_for_enum_value):
1593         * inspector/scripts/codegen/models.py:
1594         (find_duplicates):
1595         * inspector/scripts/codegen/objc_generator.py:
1596         * wasm/generateWasm.py:
1597         (opcodeIterator):
1598         * yarr/generateYarrCanonicalizeUnicode:
1599         * yarr/generateYarrUnicodePropertyTables.py:
1600         * yarr/hasher.py:
1601         (stringHash):
1602
1603 2018-09-21  Tomas Popela  <tpopela@redhat.com>
1604
1605         [ARM] Build broken on armv7hl after r235517
1606         https://bugs.webkit.org/show_bug.cgi?id=189831
1607
1608         Reviewed by Yusuke Suzuki.
1609
1610         Add missing implementation of patchebleBranch8() for traditional ARM.
1611
1612         * assembler/MacroAssemblerARM.h:
1613         (JSC::MacroAssemblerARM::patchableBranch8):
1614
1615 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
1616
1617         Unreviewed, rolling out r236293.
1618
1619         Internal build still broken.
1620
1621         Reverted changeset:
1622
1623         "Add functions to measure memory footprint to JSC"
1624         https://bugs.webkit.org/show_bug.cgi?id=189768
1625         https://trac.webkit.org/changeset/236293
1626
1627 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1628
1629         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
1630         https://bugs.webkit.org/show_bug.cgi?id=189558
1631
1632         Reviewed by Mark Lam.
1633
1634         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
1635
1636             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
1637
1638         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
1639         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
1640
1641         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
1642         And we propagate this value to the global atomic counter when rebalance happens.
1643
1644         We also reduce HeapCell::heap() access by using `vm.heap`.
1645
1646         * heap/SlotVisitor.cpp:
1647         (JSC::SlotVisitor::didStartMarking):
1648         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
1649         (JSC::SlotVisitor::drain):
1650         (JSC::SlotVisitor::performIncrementOfDraining):
1651         * heap/SlotVisitor.h:
1652         * heap/SlotVisitorInlines.h:
1653         (JSC::SlotVisitor::reportExtraMemoryVisited):
1654         * runtime/JSString.cpp:
1655         (JSC::JSRopeString::resolveRopeToAtomicString const):
1656         (JSC::JSRopeString::resolveRope const):
1657         * runtime/JSString.h:
1658         (JSC::JSString::finishCreation):
1659         * wasm/js/JSWebAssemblyInstance.cpp:
1660         (JSC::JSWebAssemblyInstance::finishCreation):
1661         * wasm/js/JSWebAssemblyMemory.cpp:
1662         (JSC::JSWebAssemblyMemory::finishCreation):
1663
1664 2018-09-20  Michael Saboff  <msaboff@apple.com>
1665
1666         Add functions to measure memory footprint to JSC
1667         https://bugs.webkit.org/show_bug.cgi?id=189768
1668
1669         Reviewed by Saam Barati.
1670
1671         Rolling this back in.
1672
1673         Provide system memory metrics for the current process to aid in memory reduction measurement and
1674         tuning using native JS tests.
1675
1676         * jsc.cpp:
1677         (MemoryFootprint::now):
1678         (MemoryFootprint::resetPeak):
1679         (GlobalObject::finishCreation):
1680         (JSCMemoryFootprint::JSCMemoryFootprint):
1681         (JSCMemoryFootprint::createStructure):
1682         (JSCMemoryFootprint::create):
1683         (JSCMemoryFootprint::finishCreation):
1684         (JSCMemoryFootprint::addProperty):
1685         (functionResetMemoryPeak):
1686
1687 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
1688
1689         Unreviewed, rolling out r236235.
1690
1691         Breaks internal builds.
1692
1693         Reverted changeset:
1694
1695         "Add functions to measure memory footprint to JSC"
1696         https://bugs.webkit.org/show_bug.cgi?id=189768
1697         https://trac.webkit.org/changeset/236235
1698
1699 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
1700
1701         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
1702         https://bugs.webkit.org/show_bug.cgi?id=189730
1703
1704         Reviewed by Saam Barati.
1705
1706         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
1707
1708         * jit/JITMathIC.h:
1709         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
1710
1711 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1712
1713         [JSC] Optimize Array#indexOf in C++ runtime
1714         https://bugs.webkit.org/show_bug.cgi?id=189507
1715
1716         Reviewed by Saam Barati.
1717
1718         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
1719         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
1720         and actually it is working well, C++ Array#indexOf is called significant amount
1721         of time before tiering up, and it takes 6.74% of jsc main thread samples according
1722         to perf command in Linux. This is because C++ Array#indexOf is too generic and
1723         misses the chance to optimize JSArray cases.
1724
1725         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
1726         access to the given JSArray is non-observable and indexing type is good for the fast
1727         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
1728         babylon web-tooling-benchmark.
1729
1730         * runtime/ArrayPrototype.cpp:
1731         (JSC::arrayProtoFuncIndexOf):
1732         * runtime/JSArray.h:
1733         * runtime/JSArrayInlines.h:
1734         (JSC::JSArray::canDoFastIndexedAccess):
1735         (JSC::toLength):
1736         * runtime/JSCJSValueInlines.h:
1737         (JSC::JSValue::JSValue):
1738         * runtime/JSGlobalObject.h:
1739         * runtime/JSGlobalObjectInlines.h:
1740         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
1741         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
1742         * runtime/MathCommon.h:
1743         (JSC::canBeStrictInt32):
1744         (JSC::canBeInt32):
1745
1746 2018-09-19  Michael Saboff  <msaboff@apple.com>
1747
1748         Add functions to measure memory footprint to JSC
1749         https://bugs.webkit.org/show_bug.cgi?id=189768
1750
1751         Reviewed by Saam Barati.
1752
1753         Provide system memory metrics for the current process to aid in memory reduction measurement and
1754         tuning using native JS tests.
1755
1756         * jsc.cpp:
1757         (MemoryFootprint::now):
1758         (MemoryFootprint::resetPeak):
1759         (GlobalObject::finishCreation):
1760         (JSCMemoryFootprint::JSCMemoryFootprint):
1761         (JSCMemoryFootprint::createStructure):
1762         (JSCMemoryFootprint::create):
1763         (JSCMemoryFootprint::finishCreation):
1764         (JSCMemoryFootprint::addProperty):
1765         (functionResetMemoryPeak):
1766
1767 2018-09-19  Saam barati  <sbarati@apple.com>
1768
1769         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
1770         https://bugs.webkit.org/show_bug.cgi?id=189703
1771
1772         Reviewed by Mark Lam.
1773
1774         This fixes a crash that a TypeProfiler change revealed.
1775
1776         * dfg/DFGSpeculativeJIT64.cpp:
1777         (JSC::DFG::SpeculativeJIT::compile):
1778
1779 2018-09-19  Saam barati  <sbarati@apple.com>
1780
1781         AI rule for MultiPutByOffset executes its effects in the wrong order
1782         https://bugs.webkit.org/show_bug.cgi?id=189757
1783         <rdar://problem/43535257>
1784
1785         Reviewed by Michael Saboff.
1786
1787         The AI rule for MultiPutByOffset was executing effects in the wrong order.
1788         It first executed the transition effects and the effects on the base, and
1789         then executed the filtering effects on the value being stored. However, you
1790         can end up with the wrong type when the base and the value being stored
1791         are the same. E.g, in a program like `o.f = o`. These effects need to happen
1792         in the opposite order, modeling what happens in the runtime executing of
1793         MultiPutByOffset.
1794
1795         * dfg/DFGAbstractInterpreterInlines.h:
1796         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1797
1798 2018-09-18  Mark Lam  <mark.lam@apple.com>
1799
1800         Ensure that ForInContexts are invalidated if their loop local is over-written.
1801         https://bugs.webkit.org/show_bug.cgi?id=189571
1802         <rdar://problem/44402277>
1803
1804         Reviewed by Saam Barati.
1805
1806         Instead of hunting down every place in the BytecodeGenerator that potentially
1807         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
1808         the bytecode range of the loop body when the ForInContext is popped, and
1809         invalidate the context if we ever find the loop temp variable over-written.
1810
1811         This has 2 benefits:
1812         1. It ensures that every type of opcode that can write to the loop temp will be
1813            handled appropriately, not just the op_mov that we've hunted down.
1814         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
1815            every time we emit an op_mov (or other opcodes that can write to a local)
1816            even when we're not inside a for-in loop.
1817
1818         JSC benchmarks show that that this change is performance neutral.
1819
1820         * bytecompiler/BytecodeGenerator.cpp:
1821         (JSC::BytecodeGenerator::pushIndexedForInScope):
1822         (JSC::BytecodeGenerator::popIndexedForInScope):
1823         (JSC::BytecodeGenerator::pushStructureForInScope):
1824         (JSC::BytecodeGenerator::popStructureForInScope):
1825         (JSC::ForInContext::finalize):
1826         (JSC::StructureForInContext::finalize):
1827         (JSC::IndexedForInContext::finalize):
1828         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
1829         * bytecompiler/BytecodeGenerator.h:
1830         (JSC::ForInContext::ForInContext):
1831         (JSC::ForInContext::bodyBytecodeStartOffset const):
1832         (JSC::StructureForInContext::StructureForInContext):
1833         (JSC::IndexedForInContext::IndexedForInContext):
1834         * bytecompiler/NodesCodegen.cpp:
1835         (JSC::PostfixNode::emitResolve):
1836         (JSC::PrefixNode::emitResolve):
1837         (JSC::ReadModifyResolveNode::emitBytecode):
1838         (JSC::AssignResolveNode::emitBytecode):
1839         (JSC::EmptyLetExpression::emitBytecode):
1840         (JSC::ForInNode::emitLoopHeader):
1841         (JSC::ForOfNode::emitBytecode):
1842         (JSC::BindingNode::bindValue const):
1843         (JSC::AssignmentElementNode::bindValue const):
1844         * runtime/CommonSlowPaths.cpp:
1845         (JSC::SLOW_PATH_DECL):
1846
1847 2018-09-17  Devin Rousso  <drousso@apple.com>
1848
1849         Web Inspector: generate CSSKeywordCompletions from backend values
1850         https://bugs.webkit.org/show_bug.cgi?id=189041
1851
1852         Reviewed by Joseph Pecoraro.
1853
1854         * inspector/protocol/CSS.json:
1855         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
1856
1857 2018-09-17  Saam barati  <sbarati@apple.com>
1858
1859         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
1860         https://bugs.webkit.org/show_bug.cgi?id=189676
1861         <rdar://problem/39682897>
1862
1863         Reviewed by Michael Saboff.
1864
1865         Because the incoming value may be TDZ, CheckStructure may end up crashing.
1866         Since the Type Profile does not currently record TDZ values in any of its
1867         data structures, this is not a semantic change in how it will show you data.
1868         It just fixes crashes when we emit a CheckStructure and the incoming value
1869         is TDZ.
1870
1871         * dfg/DFGFixupPhase.cpp:
1872         (JSC::DFG::FixupPhase::fixupNode):
1873         * dfg/DFGNode.h:
1874         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
1875
1876 2018-09-17  Darin Adler  <darin@apple.com>
1877
1878         Use OpaqueJSString rather than JSRetainPtr inside WebKit
1879         https://bugs.webkit.org/show_bug.cgi?id=189652
1880
1881         Reviewed by Saam Barati.
1882
1883         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
1884         JSStringRef.h.
1885
1886         * API/JSContext.mm:
1887         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
1888         than JSStringCreateWithCFString, simplifying the code and also obviating the
1889         need for explicit JSStringRelease.
1890         (-[JSContext setName:]): Ditto.
1891
1892         * API/JSStringRef.cpp:
1893         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
1894         It seems that additional optimization is possible, obviating the need to allocate
1895         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
1896
1897         * API/JSValue.mm:
1898         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
1899         OpaqueJSString::create and adoptRef as appropriate.
1900         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
1901         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
1902         (performPropertyOperation): Ditto.
1903         (-[JSValue invokeMethod:withArguments:]): Ditto.
1904         (valueToObjectWithoutCopy): Ditto.
1905         (containerValueToObject): Ditto.
1906         (valueToString): Ditto.
1907         (objectToValueWithoutCopy): Ditto.
1908         (objectToValue): Ditto.
1909
1910 2018-09-08  Darin Adler  <darin@apple.com>
1911
1912         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
1913         https://bugs.webkit.org/show_bug.cgi?id=189455
1914
1915         Reviewed by Keith Miller.
1916
1917         * API/JSObjectRef.cpp:
1918         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
1919         JSRetainPtr<JSStringRef>.
1920         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
1921         adopt constructor.
1922         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
1923         the array elements are now Ref.
1924
1925         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
1926         it only works for two specific unrelated types, JSStringRef and
1927         JSGlobalContextRef. Simplified the default constructor using data
1928         member initialization. Prepared to make the adopt constructor private
1929         (got everything compiling that way, then made it public again so that
1930         Apple internal software will still build). Got rid of unneeded
1931         templated constructor and assignment operator, since it's not relevant
1932         since there is no inheritance between JSRetainPtr template types.
1933         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
1934         Added move constructor and move assignment operator for slightly better
1935         performance. Simplified implementations of various member functions
1936         so they are more obviously correct, by using leakPtr in more of them
1937         and using std::exchange to make the flow of values more obvious.
1938
1939         * API/JSValue.mm:
1940         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
1941         missing JSStringRelease to fix a leak.
1942
1943         * API/tests/CustomGlobalObjectClassTest.c:
1944         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
1945         (globalObjectSetPrototypeTest): Ditto.
1946         (globalObjectPrivatePropertyTest): Ditto.
1947
1948         * API/tests/ExecutionTimeLimitTest.cpp:
1949         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
1950         (testExecutionTimeLimit): Ditto, lots more.
1951
1952         * API/tests/FunctionOverridesTest.cpp:
1953         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
1954
1955         * API/tests/JSObjectGetProxyTargetTest.cpp:
1956         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
1957         a leak.
1958
1959         * API/tests/PingPongStackOverflowTest.cpp:
1960         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
1961         JSStringRelease to fix leaks.
1962
1963         * API/tests/testapi.c:
1964         (throwException): Added. Helper function for repeated idiom where we want
1965         to throw an exception, but with additional JSStringRelease calls so we don't
1966         have to leak just to keep the code simpler to read.
1967         (MyObject_getProperty): Use throwException.
1968         (MyObject_setProperty): Ditto.
1969         (MyObject_deleteProperty): Ditto.
1970         (isValueEqualToString): Added. Helper function for an idiom where we check
1971         if something is a string and then if it's equal to a particular string
1972         constant, but a version that has an additional JSStringRelease call so we
1973         don't have to leak just to keep the code simpler to read.
1974         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
1975         (MyObject_callAsConstructor): Ditto.
1976         (MyObject_hasInstance): Ditto.
1977         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
1978         (testMarkingConstraintsAndHeapFinalizers): Ditto.
1979
1980 2018-09-14  Saam barati  <sbarati@apple.com>
1981
1982         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1983         https://bugs.webkit.org/show_bug.cgi?id=189628
1984         <rdar://problem/39481690>
1985
1986         Reviewed by Mark Lam.
1987
1988         An Availability may point to a Node. And that Node may be removed from
1989         the graph, e.g, it's freed and its memory is no longer owned by Graph.
1990         This patch makes it so we no longer dump this metadata by default. If
1991         this metadata is interesting to you, you'll need to go in and change
1992         Graph::dump to dump the needed metadata.
1993
1994         * dfg/DFGGraph.cpp:
1995         (JSC::DFG::Graph::dump):
1996
1997 2018-09-14  Mark Lam  <mark.lam@apple.com>
1998
1999         Refactor some ForInContext code for better encapsulation.
2000         https://bugs.webkit.org/show_bug.cgi?id=189626
2001         <rdar://problem/44466415>
2002
2003         Reviewed by Keith Miller.
2004
2005         1. Add a ForInContext::m_type field to store the context type.  This does not
2006            increase the class size, but eliminates the need for a virtual call to get the
2007            type.
2008
2009            Note: we still need a virtual destructor because we'll be mingling
2010            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
2011
2012         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
2013            convenience methods.
2014
2015         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
2016            to do the casting to the subclass types.  This ensures that we'll properly
2017            assert that the casting is legal.
2018
2019         * bytecompiler/BytecodeGenerator.cpp:
2020         (JSC::BytecodeGenerator::emitGetByVal):
2021         (JSC::BytecodeGenerator::popIndexedForInScope):
2022         (JSC::BytecodeGenerator::popStructureForInScope):
2023         * bytecompiler/BytecodeGenerator.h:
2024         (JSC::ForInContext::type const):
2025         (JSC::ForInContext::isIndexedForInContext const):
2026         (JSC::ForInContext::isStructureForInContext const):
2027         (JSC::ForInContext::asIndexedForInContext):
2028         (JSC::ForInContext::asStructureForInContext):
2029         (JSC::ForInContext::ForInContext):
2030         (JSC::StructureForInContext::StructureForInContext):
2031         (JSC::IndexedForInContext::IndexedForInContext):
2032         (JSC::ForInContext::~ForInContext): Deleted.
2033
2034 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
2035
2036         Web Inspector: Record actions performed on ImageBitmapRenderingContext
2037         https://bugs.webkit.org/show_bug.cgi?id=181341
2038
2039         Reviewed by Joseph Pecoraro.
2040
2041         * inspector/protocol/Recording.json:
2042         * inspector/scripts/codegen/generator.py:
2043
2044 2018-09-14  Mike Gorse  <mgorse@suse.com>
2045
2046         builtins directory causes name conflict on Python 3
2047         https://bugs.webkit.org/show_bug.cgi?id=189552
2048
2049         Reviewed by Michael Catanzaro.
2050
2051         * CMakeLists.txt: builtins -> wkbuiltins.
2052         * DerivedSources.make: builtins -> wkbuiltins.
2053         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
2054           builtins.
2055         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
2056         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
2057         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
2058         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
2059         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
2060         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
2061         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
2062         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
2063         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
2064         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
2065         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
2066         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
2067
2068 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2069
2070         [WebAssembly] Inline WasmContext accessor functions
2071         https://bugs.webkit.org/show_bug.cgi?id=189416
2072
2073         Reviewed by Saam Barati.
2074
2075         WasmContext accessor functions are very small while it resides in the critical path of
2076         JS to Wasm function call. This patch makes them inline to improve performance.
2077         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
2078
2079         * JavaScriptCore.xcodeproj/project.pbxproj:
2080         * Sources.txt:
2081         * interpreter/CallFrame.cpp:
2082         * jit/AssemblyHelpers.cpp:
2083         * wasm/WasmB3IRGenerator.cpp:
2084         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
2085         (JSC::Wasm::Context::useFastTLS):
2086         (JSC::Wasm::Context::load const):
2087         (JSC::Wasm::Context::store):
2088         * wasm/WasmMemoryInformation.cpp:
2089         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
2090         * wasm/js/JSToWasm.cpp:
2091         * wasm/js/WebAssemblyFunction.cpp:
2092
2093 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2094
2095         Move JavaScriptCore files to match Xcode project hierarchy
2096         <https://webkit.org/b/189574>
2097
2098         Reviewed by Filip Pizlo.
2099
2100         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
2101         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
2102         * CMakeLists.txt: Update for new path to
2103         generateYarrUnicodePropertyTables.py, hasher.py and
2104         JSAPIValueWrapper.h.
2105         * DerivedSources.make: Ditto. Add missing dependency on
2106         hasher.py captured by CMakeLists.txt.
2107         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
2108         reference paths. Add hasher.py library to project.
2109         * Sources.txt: Update for new path to
2110         JSAPIValueWrapper.cpp.
2111         * runtime/JSImmutableButterfly.h: Add missing includes
2112         after changes to Sources.txt and regenerating unified
2113         sources.
2114         * runtime/RuntimeType.h: Ditto.
2115         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
2116         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
2117
2118 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2119
2120         Let Xcode have its way with the JavaScriptCore project
2121
2122         * JavaScriptCore.xcodeproj/project.pbxproj:
2123
2124 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
2125
2126         Add IGNORE_WARNING_.* macros
2127         https://bugs.webkit.org/show_bug.cgi?id=188996
2128
2129         Reviewed by Michael Catanzaro.
2130
2131         * API/JSCallbackObject.h:
2132         * API/tests/testapi.c:
2133         * assembler/LinkBuffer.h:
2134         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2135         * b3/B3LowerToAir.cpp:
2136         * b3/B3Opcode.cpp:
2137         * b3/B3Type.h:
2138         * b3/B3TypeMap.h:
2139         * b3/B3Width.h:
2140         * b3/air/AirArg.cpp:
2141         * b3/air/AirArg.h:
2142         * b3/air/AirCode.h:
2143         * bytecode/Opcode.h:
2144         (JSC::padOpcodeName):
2145         * dfg/DFGSpeculativeJIT.cpp:
2146         (JSC::DFG::SpeculativeJIT::speculateNumber):
2147         (JSC::DFG::SpeculativeJIT::speculateMisc):
2148         * dfg/DFGSpeculativeJIT64.cpp:
2149         * ftl/FTLOutput.h:
2150         * jit/CCallHelpers.h:
2151         (JSC::CCallHelpers::calculatePokeOffset):
2152         * llint/LLIntData.cpp:
2153         * llint/LLIntSlowPaths.cpp:
2154         (JSC::LLInt::slowPathLogF):
2155         * runtime/ConfigFile.cpp:
2156         (JSC::ConfigFile::canonicalizePaths):
2157         * runtime/JSDataViewPrototype.cpp:
2158         * runtime/JSGenericTypedArrayViewConstructor.h:
2159         * runtime/JSGenericTypedArrayViewPrototype.h:
2160         * runtime/Options.cpp:
2161         (JSC::Options::setAliasedOption):
2162         * tools/CodeProfiling.cpp:
2163         * wasm/WasmSections.h:
2164         * wasm/generateWasmValidateInlinesHeader.py:
2165
2166 == Rolled over to ChangeLog-2018-09-11 ==