Implement the Remote Playback API.

[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2019-10-07  Jer Noble  <jer.noble@apple.com>

        Implement the Remote Playback API.
        https://bugs.webkit.org/show_bug.cgi?id=162971

        Reviewed by Youenn Fablet.

        Add RemotePlayback as a common identifier, needed for bindings due to "EnabledAtRuntime=RemotePlayback".

        * runtime/CommonIdentifiers.h:

2019-10-29  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Add fast path for String#localeCompare
        https://bugs.webkit.org/show_bug.cgi?id=202676

        Reviewed by Mark Lam.

        When String#localeCompare is invoked, we are setting up UCharIterator to iterate code points.
        But this is too slow since its implementation is invoking function pointer for each code point
        to get next code point. Strings have many code points typically. Invoking function pointer so many times
        takes too much time just for locale-aware comparison.

        This patch revises the implementation by adding 2 fast path and 1 slow path. The slow path requires extra memory,
        but it is soon released (not GC-managed).

        1. If both strings are ASCII (not Latin1), we use ucol_strcollUTF8.
        2. If both strings are 16-bit, we use ucol_strcoll.
        3. Otherwise, we convert strings to 16-bit strings, and then we use ucol_strcoll.

        JetStream2/cdjs is improved from 56 to 85 on iMac Pro (50%).

        * runtime/IntlCollator.cpp:
        (JSC::IntlCollator::compareStrings):
        * tools/JSDollarVM.cpp:
        (JSC::functionMake16BitStringIfPossible):
        (JSC::JSDollarVM::finishCreation):

2019-10-28  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Remove JSPromiseDeferred
        https://bugs.webkit.org/show_bug.cgi?id=203400

        Reviewed by Keith Miller.

        This patch optimizes the existing Promise usage in C++. We remove JSPromiseDeferred and JSInternalPromiseDeferred, use JSPromise and JSInternalPromise directly.
        JSC now offers first `resolve` and `reject` operations to `JSPromise` without separating `resolve` and `reject` function from `JSPromise`. Then, we do not need
        to have a tuple of these functions and promise, and we can just use `JSPromise::resolve` and `JSPromise::reject`. This removes unnecessary function allocations
        and cell allocation for JSPromiseDeferred and makes API simple.

        * API/JSAPIGlobalObject.mm:
        (JSC::JSAPIGlobalObject::moduleLoaderImportModule):
        (JSC::JSAPIGlobalObject::moduleLoaderFetch):
        (JSC::JSAPIGlobalObject::loadAndEvaluateJSScriptModule):
        * API/JSObjectRef.cpp:
        (JSObjectMakeDeferredPromise):
        * CMakeLists.txt:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Sources.txt:
        * jsc.cpp:
        (GlobalObject::moduleLoaderImportModule):
        (GlobalObject::moduleLoaderFetch):
        (runJSC):
        * runtime/Completion.cpp:
        (JSC::rejectPromise):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
        (JSC::JSGlobalObject::visitChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::newPromiseCapabilityFunction const):
        (JSC::JSGlobalObject::resolvePromiseFunction const):
        (JSC::JSGlobalObject::rejectPromiseFunction const):
        (JSC::JSGlobalObject::numberProtoToStringFunction const):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncImportModule):
        * runtime/JSInternalPromise.h:
        * runtime/JSInternalPromiseDeferred.cpp: Removed.
        * runtime/JSInternalPromiseDeferred.h: Removed.
        * runtime/JSModuleLoader.cpp:
        (JSC::JSModuleLoader::importModule):
        (JSC::JSModuleLoader::resolve):
        (JSC::JSModuleLoader::fetch):
        (JSC::moduleLoaderParseModule):
        * runtime/JSPromise.cpp:
        (JSC::JSPromise::flags const):
        (JSC::JSPromise::isHandled const):
        (JSC::JSPromise::createDeferredData):
        (JSC::JSPromise::resolvedPromise):
        (JSC::callFunction):
        (JSC::JSPromise::resolve):
        (JSC::JSPromise::reject):
        * runtime/JSPromise.h:
        * runtime/JSPromiseDeferred.cpp: Removed.
        * runtime/JSPromiseDeferred.h: Removed.
        * runtime/PromiseTimer.cpp: Renamed from Source/JavaScriptCore/runtime/PromiseDeferredTimer.cpp.
        (JSC::PromiseTimer::PromiseTimer):
        (JSC::PromiseTimer::doWork):
        (JSC::PromiseTimer::runRunLoop):
        (JSC::PromiseTimer::addPendingPromise):
        (JSC::PromiseTimer::hasPendingPromise):
        (JSC::PromiseTimer::hasDependancyInPendingPromise):
        (JSC::PromiseTimer::cancelPendingPromise):
        (JSC::PromiseTimer::scheduleWorkSoon):
        * runtime/PromiseTimer.h: Renamed from Source/JavaScriptCore/runtime/PromiseDeferredTimer.h.
        (JSC::PromiseTimer::create):
        * runtime/StringRecursionChecker.h:
        * runtime/VM.cpp:
        (JSC::VM::VM):
        (JSC::VM::~VM):
        * runtime/VM.h:
        * wasm/js/JSWebAssembly.cpp:
        (JSC::reject):
        (JSC::webAssemblyModuleValidateAsyncInternal):
        (JSC::webAssemblyCompileFunc):
        (JSC::resolve):
        (JSC::JSWebAssembly::webAssemblyModuleValidateAsync):
        (JSC::instantiate):
        (JSC::compileAndInstantiate):
        (JSC::JSWebAssembly::instantiate):
        (JSC::webAssemblyModuleInstantinateAsyncInternal):
        (JSC::JSWebAssembly::webAssemblyModuleInstantinateAsync):
        (JSC::webAssemblyInstantiateFunc):
        (JSC::webAssemblyCompileStreamingInternal):
        (JSC::webAssemblyInstantiateStreamingInternal):
        * wasm/js/JSWebAssembly.h:
        * wasm/js/JSWebAssemblyCodeBlock.h:

2019-10-28  Adrian Perez de Castro  <aperez@igalia.com>

        [GTK][WPE] Fix various non-unified build issues introduced since r251436
        https://bugs.webkit.org/show_bug.cgi?id=203492

        Reviewed by Alex Christensen and Mark Lam.

        * bytecode/BytecodeIndex.cpp: Add missing inclusion of wtf/PrintStream.h
        * bytecode/ICStatusUtils.h: Add missing inclusion if BytecodeIndex.h
        * bytecode/InstructionStream.h: Ditto.
        * debugger/DebuggerLocation.cpp: Add missing inclusion of JSCellInlines.h
        * dfg/DFGLazyJSValue.h: Add missing inclusion of GPRInfo.h
        * ftl/FTLOSREntry.h: Add missing inclusion of BytecodeIndex.h
        * heap/CompleteSubspaceInlines.h: Add missing inclusions of CompleteSubspace.h and VM.h
        * inspector/JavaScriptCallFrame.h:
        (Inspector::JavaScriptCallFrame::thisValue const): Prepend namespace to the JSC::VM type.
        * jit/JITDisassembler.h: Add missing inclusion of BytecodeIndex.h
        * jit/JITWorklist.h: Ditto.
        * runtime/JSImmutableButterfly.cpp: Add missing inclusion of ButterflyInlines.h
        * runtime/ObjectInitializationScope.h: Add missing inclusion of VM.h
        * runtime/StringRecursionChecker.h: Add missing inclusion of GetVM.h
        * runtime/VMTraps.cpp: Add missing inclusion of CallFrameInlines.h
        * tools/Integrity.cpp: Add missing inclusion of Integrity.h, HeapCellInlines.h, and
        JSCellInlines.h
        * wasm/WasmOperations.cpp: Add missing inclusion of JSCJSValueInlines.h and
        JSGlobalObjectInlines.h
        * wasm/WasmOperations.h: Add missing inclusion of IndexingType.h, JSCJSValue.h, and
        WasmExceptionType.h; add forward declarations for JSArrray and Wasm::Signature.
        * wasm/js/JSWebAssembly.cpp: Add missing inclusion of WasmOperations.h
        * wasm/js/JSWebAssemblyHelpers.h: Add missing inclusion of Error.h and JSArrayBufferView.h

2019-10-28  Ross Kirsling  <ross.kirsling@sony.com>

        [JSC] Lexer flags should be an OptionSet
        https://bugs.webkit.org/show_bug.cgi?id=203032

        Reviewed by Yusuke Suzuki.

        LexerFlags has an annoyingly misspelled value LexexFlagsDontBuildKeywords;
        let's use this as an opportunity to modernize this enum.

        * parser/ASTBuilder.h:
        * parser/Lexer.cpp:
        (JSC::Lexer<LChar>::parseIdentifier):
        (JSC::Lexer<UChar>::parseIdentifier):
        (JSC::Lexer<CharacterType>::parseIdentifierSlowCase):
        (JSC::Lexer<T>::lexWithoutClearingLineTerminator):
        * parser/Lexer.h:
        (JSC::Lexer<T>::lexExpectIdentifier):
        (JSC::Lexer<T>::lex):
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::parseProperty):
        (JSC::Parser<LexerType>::parseMemberExpression):
        * parser/Parser.h:
        (JSC::Parser::next):
        (JSC::Parser::nextWithoutClearingLineTerminator):
        (JSC::Parser::nextExpectIdentifier):
        (JSC::Parser::consume):
        * parser/SyntaxChecker.h:

2019-10-28  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Optimize Promise runtime functions
        https://bugs.webkit.org/show_bug.cgi?id=203454

        Reviewed by Keith Miller.

        This patch optimizes Promise runtime functions a bit.

        1. Add fast paths to Promise.resolve / Promise.reject.
        2. Remove state check in async-functions. Unlike generators, async-function's next function is not exposed to users.
           It is called by runtime so we can control state perfectly.
        3. Add "enqueueJob" name to make sampling profiler work for this function.
        4. Make Promise/InternalPromise constructor inlinable size

                                              ToT                     Patched

            promise-creation-many       25.5794+-0.3681     ^     22.5410+-0.3229        ^ definitely 1.1348x faster
            promise-resolve             32.3793+-0.4252     ^      9.4219+-0.1114        ^ definitely 3.4366x faster
            promise-reject             108.5968+-0.7741     ^     36.9383+-0.3770        ^ definitely 2.9400x faster

        * builtins/AsyncFunctionPrototype.js:
        (globalPrivate.asyncFunctionResume):
        * builtins/PromiseConstructor.js:
        (reject):
        (resolve):
        (nakedConstructor.Promise.reject):
        (nakedConstructor.Promise):
        (nakedConstructor.InternalPromise.reject):
        (nakedConstructor.InternalPromise):
        (nakedConstructor.Promise.resolve): Deleted.
        (nakedConstructor.InternalPromise.resolve): Deleted.
        * builtins/PromiseOperations.js:
        (globalPrivate.newPromiseCapability.resolve):
        (globalPrivate.newPromiseCapability.reject):
        (globalPrivate.newPromiseCapability):
        (globalPrivate.promiseResolveSlow):
        (globalPrivate.promiseRejectSlow):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):

2019-10-28  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Use FTLOutput::callWithoutSideEffects if operation does not have side effects
        https://bugs.webkit.org/show_bug.cgi?id=203485

        Reviewed by Mark Lam.

        This makes Call's Effect none, and encourages optimizations around it.

        * ftl/FTLLowerDFGToB3.cpp:
        (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
        (JSC::FTL::DFG::LowerDFGToB3::sensibleDoubleToInt32):
        (JSC::FTL::DFG::LowerDFGToB3::jsValueToStrictInt52):

2019-10-28  Tuomas Karkkainen  <tuomas.webkit@apple.com>

        dumpSpeculation in SpeculatedType.cpp prints to the wrong stream and has wrong capitalization for NaN
        https://bugs.webkit.org/show_bug.cgi?id=203486

        Reviewed by Antti Koivisto.

        * bytecode/SpeculatedType.cpp:
        (JSC::dumpSpeculation):

2019-10-28  Fujii Hironori  <Hironori.Fujii@sony.com>

        [Windows][Clang] error LNK2001: unresolved external symbol "void * __cdecl JSC::allocateCell<class JSC::JSGenericTypedArrayView<struct JSC::Float32Adaptor> >(class JSC::Heap &,unsigned __int64)"
        https://bugs.webkit.org/show_bug.cgi?id=203483

        Unreviewed build fix for clang-cl builds.

        * runtime/JSGenericTypedArrayViewInlines.h: Added #include "JSCellInlines.h".

2019-10-26  Chris Lord  <clord@igalia.com>

        Put OffscreenCanvas behind a build flag
        https://bugs.webkit.org/show_bug.cgi?id=203146

        Reviewed by Ryosuke Niwa.

        * Configurations/FeatureDefines.xcconfig:

2019-10-25  Yury Semikhatsky  <yurys@chromium.org>

        Web Inspector: support emulateUserGesture parameter in Runtime.callFunctionOn
        https://bugs.webkit.org/show_bug.cgi?id=200262

        Reviewed by Devin Rousso.

        * inspector/agents/InspectorRuntimeAgent.cpp:
        (Inspector::InspectorRuntimeAgent::callFunctionOn):
        * inspector/agents/InspectorRuntimeAgent.h:
        * inspector/protocol/Runtime.json:

2019-10-24  Mark Lam  <mark.lam@apple.com>

        Move JSC::Register inline methods into RegisterInlines.h.
        https://bugs.webkit.org/show_bug.cgi?id=203391

        Reviewed by Yusuke Suzuki and Keith Miller.

        We're doing this because:
        1. RegisterInlines.h is the canonical place to put inline Register methods.
        2. It helps reduce build time.
           e.g. build-jsc went from 208.02 to 196.81 seconds (about a 5% reduction).
        3. This enables experimental work to box JSCells in JSValue.

        This patch also handles the fallout of this change, which necessitates more
        inline methods being moved from <file>.h to their respective <file>Inlines.h.

        JSArray.h used to include ButterflyInlines.h and JSCellInlines.h.  This is a
        violation of inclusion ordering (.h should not #include Inlines.h).  This
        violation has been removed.

        * API/JSAPIGlobalObject.mm:
        * CMakeLists.txt:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.h:
        (JSC::CallFrame::r): Deleted.
        (JSC::CallFrame::uncheckedR): Deleted.
        * bytecode/MetadataTable.cpp:
        * ftl/FTLLowerDFGToB3.cpp:
        * interpreter/CallFrame.h:
        (JSC::CallFrame::guaranteedJSValueCallee const): Deleted.
        (JSC::CallFrame::jsCallee const): Deleted.
        (JSC::CallFrame::codeBlock const): Deleted.
        (JSC::CallFrame::unsafeCodeBlock const): Deleted.
        (JSC::CallFrame::scope const): Deleted.
        (JSC::CallFrame::topOfFrame): Deleted.
        (JSC::CallFrame::setScope): Deleted.
        (JSC::CallFrame::setCallee): Deleted.
        (JSC::CallFrame::setCodeBlock): Deleted.
        * interpreter/CallFrameInlines.h:
        (JSC::CallFrame::r):
        (JSC::CallFrame::uncheckedR):
        (JSC::CallFrame::guaranteedJSValueCallee const):
        (JSC::CallFrame::jsCallee const):
        (JSC::CallFrame::codeBlock const):
        (JSC::CallFrame::unsafeCodeBlock const):
        (JSC::CallFrame::lexicalGlobalObject const):
        (JSC::CallFrame::setCallee):
        (JSC::CallFrame::setCodeBlock):
        (JSC::CallFrame::setScope):
        (JSC::CallFrame::scope const):
        (JSC::CallFrame::topOfFrame):
        * interpreter/Interpreter.cpp:
        * interpreter/ProtoCallFrame.h:
        (JSC::ProtoCallFrame::init): Deleted.
        * interpreter/ProtoCallFrameInlines.h: Added.
        (JSC::ProtoCallFrame::init):
        (JSC::ProtoCallFrame::callee const):
        (JSC::ProtoCallFrame::setCallee):
        (JSC::ProtoCallFrame::codeBlock const):
        (JSC::ProtoCallFrame::setCodeBlock):
        * interpreter/Register.h:
        (JSC::Register::callFrame const): Deleted.
        (JSC::Register::codeBlock const): Deleted.
        (JSC::Register::asanUnsafeCodeBlock const): Deleted.
        * interpreter/RegisterInlines.h: Added.
        (JSC::Register::callFrame const):
        (JSC::Register::codeBlock const):
        (JSC::Register::asanUnsafeCodeBlock const):
        (JSC::Register::object const):
        (JSC::Register::operator=):
        (JSC::Register::scope const):
        * interpreter/StackVisitor.cpp:
        * jit/AssemblyHelpers.h:
        * llint/LLIntSlowPaths.cpp:
        * runtime/ArrayStorage.h:
        (JSC::ArrayStorage::optimalVectorLength): Deleted.
        * runtime/ArrayStorageInlines.h: Added.
        (JSC::ArrayStorage::availableVectorLength):
        (JSC::ArrayStorage::optimalVectorLength):
        (JSC::ArrayStorage::totalSize const):
        * runtime/ButterflyInlines.h:
        * runtime/ClassInfo.h:
        * runtime/GetVM.h: Added.
        * runtime/JSArray.h:
        * runtime/JSArrayInlines.h:
        * runtime/JSCellInlines.h:
        * runtime/JSGlobalObject.h:
        * runtime/JSObject.h:
        (JSC::Register::object const): Deleted.
        (JSC::Register::operator=): Deleted.
        * runtime/JSObjectInlines.h:
        * runtime/JSScope.h:
        (JSC::Register::operator=): Deleted.
        (JSC::Register::scope const): Deleted.
        (JSC::CallFrame::lexicalGlobalObject const): Deleted.
        * runtime/JSString.h:
        * runtime/PropertyNameArray.h:
        * runtime/PropertySlot.h:
        * runtime/VMInlines.h:
        * tools/HeapVerifier.cpp:
        * wasm/js/WebAssemblyFunction.cpp:

2019-10-24  Zan Dobersek  <zdobersek@igalia.com>

        REGRESSION(r251468): Build, test failures in 32-bit JSC after BytecodeIndex refactoring
        https://bugs.webkit.org/show_bug.cgi?id=203290

        Reviewed by Keith Miller.

        * bytecode/BytecodeIndex.h:
        (JSC::BytecodeIndex::BytecodeIndex):
        Add a BytecodeIndex(WTF::HashTableDeletedValueType) constructor.
        * bytecode/CodeOrigin.h:
        (JSC::CodeOrigin::CodeOrigin):
        Have the CodeOrigin(WTF::HashTableDeletedValueType) constructor
        initialize the BytecodeIndex object accordingly, as a deleted value.
        (JSC::CodeOrigin::isHashTableDeletedValue const):
        Test BytecodeIndex object's deleted-value condition through the
        corresponding BytecodeIndex::isHashTableDeletedValue() method.
        * profiler/ProfilerOrigin.h:
        (JSC::Profiler::Origin::Origin):
        Simplify the m_bytecodeIndex member initialization for a deleted value.
        (JSC::Profiler::Origin::operator! const):
        Fix the negation operator, returning true if the m_bytecodeIndex is
        either empty or deleted.

2019-10-24  Sihui Liu  <sihui_liu@apple.com>

        [ Mac WK1 ] REGRESSION (r251261): Layout Test inspector/console/webcore-logging.html is consistently Failing
        https://bugs.webkit.org/show_bug.cgi?id=203173
        <rdar://problem/56424721>

        Hold a strong reference to JSGlobalOjbect in ConsoleMessage so that object is not garbage collected before
        WebConsoleAgent::frameWindowDiscarded.

        Covered by existing test: inspector/console/webcore-logging.html.

        Reviewed by Geoffrey Garen.

        * inspector/ConsoleMessage.cpp:
        (Inspector::ConsoleMessage::ConsoleMessage):
        (Inspector::ConsoleMessage::clear):
        * inspector/ConsoleMessage.h:

2019-10-24  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Properly organize wasm operations
        https://bugs.webkit.org/show_bug.cgi?id=203360

        Reviewed by Keith Miller.

        This patch cleans up operation functions called from Wasm.

        1. Properly name these operations with prefix "operation".
        2. Do not use lambda. Define function with JIT_OPERATION.
        3. Consolidate them in WasmOperations.cpp.

        * wasm/WasmAirIRGenerator.cpp:
        (JSC::Wasm::AirIRGenerator::addRefFunc):
        (JSC::Wasm::AirIRGenerator::addTableGet):
        (JSC::Wasm::AirIRGenerator::addTableSet):
        (JSC::Wasm::AirIRGenerator::addTableSize):
        (JSC::Wasm::AirIRGenerator::addTableGrow):
        (JSC::Wasm::AirIRGenerator::addTableFill):
        (JSC::Wasm::AirIRGenerator::addGrowMemory):
        (JSC::Wasm::AirIRGenerator::emitWriteBarrierForJSWrapper):
        (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Popcnt>):
        (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Popcnt>):
        * wasm/WasmB3IRGenerator.cpp:
        (JSC::Wasm::B3IRGenerator::addTableGet):
        (JSC::Wasm::B3IRGenerator::addTableSet):
        (JSC::Wasm::B3IRGenerator::addRefFunc):
        (JSC::Wasm::B3IRGenerator::addTableSize):
        (JSC::Wasm::B3IRGenerator::addTableGrow):
        (JSC::Wasm::B3IRGenerator::addTableFill):
        (JSC::Wasm::B3IRGenerator::addGrowMemory):
        (JSC::Wasm::B3IRGenerator::emitWriteBarrierForJSWrapper):
        (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Popcnt>):
        (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Popcnt>):
        * wasm/WasmInstance.cpp:
        (JSC::Wasm::getWasmTableElement): Deleted.
        (JSC::Wasm::setWasmTableElement): Deleted.
        (JSC::Wasm::doWasmTableGrow): Deleted.
        (JSC::Wasm::doWasmTableFill): Deleted.
        (JSC::Wasm::doWasmRefFunc): Deleted.
        * wasm/WasmInstance.h:
        * wasm/WasmOperations.cpp:
        (JSC::Wasm::operationWasmUnwind):
        (JSC::Wasm::operationConvertToF64):
        (JSC::Wasm::operationConvertToI32):
        (JSC::Wasm::operationConvertToF32):
        (JSC::Wasm::operationIterateResults):
        (JSC::Wasm::operationAllocateResultsArray):
        (JSC::Wasm::operationWasmWriteBarrierSlowPath):
        (JSC::Wasm::operationPopcount32):
        (JSC::Wasm::operationPopcount64):
        (JSC::Wasm::operationGrowMemory):
        (JSC::Wasm::operationGetWasmTableElement):
        (JSC::Wasm::setWasmTableElement):
        (JSC::Wasm::operationSetWasmTableElement):
        (JSC::Wasm::operationWasmTableGrow):
        (JSC::Wasm::operationWasmTableFill):
        (JSC::Wasm::operationWasmRefFunc):
        (JSC::Wasm::operationGetWasmTableSize):
        (JSC::Wasm::operationWasmToJSException):
        * wasm/WasmOperations.h:
        * wasm/js/JSToWasm.cpp:
        (JSC::Wasm::marshallJSResult):
        (JSC::Wasm::allocateResultsArray): Deleted.
        * wasm/js/WasmToJS.cpp:
        (JSC::Wasm::wasmToJS):
        (JSC::Wasm::operationWasmToJSException): Deleted.
        * wasm/js/WasmToJS.h:
        * wasm/js/WebAssemblyInstanceConstructor.cpp:

2019-10-24  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Remove LLInt's Callee size assumption
        https://bugs.webkit.org/show_bug.cgi?id=203282

        Reviewed by Mark Lam.

        LLInt code still assumes that Callee is always allocated in non-LargeAllocation.
        This patch removes this assumption by following three changes.

        1. If we can get CodeBlock, we get VM& from CodeBlock.
        2. In nativeCallTrampoline and internalFunctionCallTrampoline, we get VM& from JSGlobalObject. It involves one more pointer-chasing but it is OK
           since this JSGlobalObject's VM* field will be touched in called native functions anyway. And this code is only used when we are not using JIT.
        3. In exception handling code in LLInt, we get VM& from callee by checking LargeAllocation possibility. This is OK since it is only executed when
           exception unwinding happens, and which is an expensive operation anyway.

        * heap/LargeAllocation.h:
        (JSC::LargeAllocation::headerSize):
        * heap/WeakSet.h:
        (JSC::WeakSet::WeakSet):
        (JSC::WeakSet::vm const):
        * llint/LowLevelInterpreter.asm:
        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::JSGlobalObject):
        (JSC::JSGlobalObject::init):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::vm const):
        (JSC::JSGlobalObject::defaultCodeGenerationMode const):
        * runtime/VM.h:
        (JSC::WeakSet::heap const):

2019-10-24  Zan Dobersek  <zdobersek@igalia.com>

        [JSC] Get 32-bit ports back into building order
        https://bugs.webkit.org/show_bug.cgi?id=203358

        Reviewed by Carlos Garcia Campos.

        Get JSC building again on 32-bit architectures after changes in r251468.
        Some 32-bit code in LLint and JIT is brought back, and additional casts
        around BytecodeIndex construction are added as necessary.

        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::reifyInlinedCallFrames):
        * dfg/DFGOSRExitCompilerCommon.cpp:
        (JSC::DFG::reifyInlinedCallFrames):
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::setCurrentVPC):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::compileCallEvalSlowCase):
        (JSC::JIT::compileOpCall):
        * jit/JITInlines.h:
        (JSC::JIT::updateTopCallFrame):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_log_shadow_chicken_tail):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emit_op_get_by_val):
        (JSC::JIT::emitGetByValWithCachedId):
        (JSC::JIT::emit_op_put_by_val):
        (JSC::JIT::emitPutByValWithCachedId):
        (JSC::JIT::emit_op_try_get_by_id):
        (JSC::JIT::emit_op_get_by_id_direct):
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emit_op_get_by_id_with_this):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::emit_op_in_by_id):
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):

2019-10-24  Paulo Matos  <pmatos@igalia.com>

        Disable pichdr generation on MIPS for return location labels
        https://bugs.webkit.org/show_bug.cgi?id=203040

        Reviewed by Yusuke Suzuki.

        Disable generation of pichdr for return location labels generated in
        defineOSRExitReturnLabel. Since r250806 (Allow OSR exit to the LLInt),
        MIPS was segfaulting since the pichdr after an OSR exit was corruption
        the gp register.

        * offlineasm/mips.rb:

2019-10-23  Devin Rousso  <drousso@apple.com>

        Web Inspector: provide a way to inject "bootstrap" JavaScript into the page as the first script executed
        https://bugs.webkit.org/show_bug.cgi?id=195847
        <rdar://problem/48950551>

        Reviewed by Joseph Pecoraro.

        When debugging webpages, it's often useful to be able to swizzle various functions in order
        to add extra logs for when they're called (e.g. `Event.prototype.preventDefault`). Sometimes
        this can be difficult, such as if the page saves a copy of the function and references that
        instead, in which case it would be helpful to have a way to guarantee that the swizzled code
        is the first thing evaluated after the context is created.

        This change adds support for that concept, which has been named Inspector Bootstrap Script.
        Once created, it will be injected as the first user script to every new global object that
        is created afterwards. Modifications to the Inspector Bootstrap Script take effect for all
        new global objects created _after_ the modification happened.

        * inspector/protocol/Page.json:
        Add `setBoostrapScript` command.

2019-10-23  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Remove wasmAwareLexicalGlobalObject
        https://bugs.webkit.org/show_bug.cgi?id=203351

        Reviewed by Mark Lam.

        CallFrame::lexicalGlobalObject() is no longer called frequently. We can just make the current wasmAwareLexicalGlobalObject as CallFrame::lexicalGlobalObject,
        and remove wasmAwareLexicalGlobalObject function.

        * debugger/Debugger.cpp:
        (JSC::Debugger::hasBreakpoint):
        (JSC::Debugger::breakProgram):
        (JSC::lexicalGlobalObjectForCallFrame):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::deprecatedVMEntryGlobalObject const):
        (JSC::DebuggerCallFrame::scope):
        (JSC::DebuggerCallFrame::thisValue const):
        (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
        * debugger/DebuggerCallFrame.h:
        * inspector/JSJavaScriptCallFrame.cpp:
        (Inspector::JSJavaScriptCallFrame::thisObject const):
        * inspector/JavaScriptCallFrame.h:
        (Inspector::JavaScriptCallFrame::thisValue const):
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::lexicalGlobalObjectFromWasmCallee const):
        (JSC::CallFrame::wasmAwareLexicalGlobalObject): Deleted.
        * interpreter/CallFrame.h:
        * interpreter/Interpreter.cpp:
        (JSC::notifyDebuggerOfUnwinding):
        (JSC::Interpreter::debug):
        * interpreter/StackVisitor.cpp:
        (JSC::StackVisitor::Frame::createArguments):
        * interpreter/StackVisitor.h:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::llint_throw_stack_overflow_error):
        * runtime/JSFunction.cpp:
        (JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
        (JSC::RetrieveArgumentsFunctor::operator() const):
        (JSC::retrieveArguments):
        * runtime/JSScope.h:
        (JSC::CallFrame::lexicalGlobalObject const):
        * runtime/RegExpInlines.h:
        (JSC::RegExp::matchInline):
        * wasm/js/WasmToJS.cpp:
        (JSC::Wasm::wasmToJS):

2019-10-23  Keith Miller  <keith_miller@apple.com>

        Undo incidental change from BytecodeIndex class patch
        https://bugs.webkit.org/show_bug.cgi?id=203339

        Reviewed by Mark Lam.

        It's not totally clear why we need to claim our bytecode index is
        0 when we can't figure what the true index is. I'd rather unbreak
        our build for now, however, and fix the underlying issue in
        https://bugs.webkit.org/show_bug.cgi?id=203340

        * runtime/Error.cpp:
        (JSC::getBytecodeIndex):

2019-10-23  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Figure out missing prepareCallOperation
        https://bugs.webkit.org/show_bug.cgi?id=203285

        Reviewed by Mark Lam.

        We start using __builtin_frame_address to get CallFrame* in JIT operations. For the platform which is not supporting this API (MSVC),
        we put frame-pointer to vm.topCallFrame in the caller side. The problem is that all Apple platform is now using __builtin_frame_address,
        and we are not testing vm.topCallFrame version at all.

        To find missing prepareCallOperation call, we introduce JITOperationPrologueCallFrameTracer. When USE(BUILTIN_FRAME_ADDRESS) is enabled and
        if it is debug build, we anyway put frame-pointer to vm.topCallFrame. And after that, we ensure that vm.topCallFrame is the same to the
        CallFrame* gained by __builtin_frame_address. By doing this, we can find places missing this call in debug build of Apple ports.

        We also found that FTL's custom getter calling is putting wrong value to vm.topCallFrame. This patch fixes it too.

        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::emitRestoreArguments):
        (JSC::DFG::operationCompileOSRExit):
        (JSC::DFG::OSRExit::compileExit):
        (JSC::DFG::operationDebugPrintSpeculationFailure):
        (JSC::DFG::OSRExit::compileOSRExit): Deleted.
        (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure): Deleted.
        * dfg/DFGOSRExit.h:
        * dfg/DFGOSRExitCompilerCommon.cpp:
        (JSC::DFG::handleExitCounts):
        (JSC::DFG::osrWriteBarrier):
        * dfg/DFGOSRExitCompilerCommon.h:
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGThunks.cpp:
        (JSC::DFG::osrExitThunkGenerator):
        (JSC::DFG::osrExitGenerationThunkGenerator):
        * ftl/FTLLowerDFGToB3.cpp:
        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
        (JSC::FTL::DFG::LowerDFGToB3::callPreflight):
        (JSC::FTL::DFG::LowerDFGToB3::callCheck):
        * ftl/FTLOSRExitCompiler.cpp:
        (JSC::FTL::compileStub):
        (JSC::FTL::operationCompileFTLOSRExit):
        (JSC::FTL::compileFTLOSRExit): Deleted.
        * ftl/FTLOSRExitCompiler.h:
        * ftl/FTLOperations.cpp:
        (JSC::FTL::operationPopulateObjectInOSR):
        (JSC::FTL::operationMaterializeObjectInOSR):
        (JSC::FTL::operationCompileFTLLazySlowPath):
        (JSC::FTL::compileFTLLazySlowPath): Deleted.
        * ftl/FTLOperations.h:
        * ftl/FTLSlowPathCall.cpp:
        (JSC::FTL::SlowPathCallContext::makeCall):
        * ftl/FTLThunks.cpp:
        (JSC::FTL::genericGenerationThunkGenerator):
        (JSC::FTL::osrExitGenerationThunkGenerator):
        (JSC::FTL::lazySlowPathGenerationThunkGenerator):
        (JSC::FTL::slowPathCallThunkGenerator):
        * ftl/FTLThunks.h:
        (JSC::FTL::generateIfNecessary):
        (JSC::FTL::Thunks::getSlowPathCallThunk):
        * interpreter/FrameTracers.h:
        (JSC::SlowPathFrameTracer::SlowPathFrameTracer):
        (JSC::JITOperationPrologueCallFrameTracer::JITOperationPrologueCallFrameTracer):
        (JSC::JITOperationPrologueCallFrameTracer::~JITOperationPrologueCallFrameTracer):
        * jit/AssemblyHelpers.cpp:
        (JSC::AssemblyHelpers::callExceptionFuzz):
        (JSC::AssemblyHelpers::debugCall):
        * jit/AssemblyHelpers.h:
        (JSC::AssemblyHelpers::prepareCallOperation):
        * jit/CCallHelpers.cpp:
        (JSC::CCallHelpers::ensureShadowChickenPacket):
        * jit/CCallHelpers.h:
        (JSC::CCallHelpers::prepareCallOperation): Deleted.
        * jit/JITOperations.cpp:
        * jit/JITOperations.h:
        * jit/Repatch.cpp:
        (JSC::ftlThunkAwareRepatchCall):
        * jit/ThunkGenerators.cpp:
        (JSC::boundThisNoArgsFunctionCallGenerator):
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        (JSC::LLInt::handleHostCall):
        * runtime/AtomicsObject.cpp:
        (JSC::operationAtomicsAdd):
        (JSC::operationAtomicsAnd):
        (JSC::operationAtomicsCompareExchange):
        (JSC::operationAtomicsExchange):
        (JSC::operationAtomicsIsLockFree):
        (JSC::operationAtomicsLoad):
        (JSC::operationAtomicsOr):
        (JSC::operationAtomicsStore):
        (JSC::operationAtomicsSub):
        (JSC::operationAtomicsXor):
        * runtime/CommonSlowPaths.cpp:
        (JSC::SLOW_PATH_DECL):
        * runtime/StringPrototype.cpp:
        (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
        (JSC::operationStringProtoFuncReplaceRegExpString):
        (JSC::operationStringProtoFuncReplaceGeneric):
        * tools/JSDollarVM.cpp:
        (IGNORE_WARNINGS_BEGIN):
        * wasm/WasmAirIRGenerator.cpp:
        (JSC::Wasm::AirIRGenerator::emitLoopTierUpCheck):
        * wasm/WasmB3IRGenerator.cpp:
        (JSC::Wasm::B3IRGenerator::emitLoopTierUpCheck):
        * wasm/WasmOperations.cpp:
        (JSC::Wasm::operationWasmThrowBadI64):
        (JSC::Wasm::operationWasmTriggerOSREntryNow):
        (JSC::Wasm::operationWasmTriggerTierUpNow):
        (JSC::Wasm::operationThrowBadI64): Deleted.
        (JSC::Wasm::triggerOSREntryNow): Deleted.
        (JSC::Wasm::triggerTierUpNow): Deleted.
        * wasm/WasmOperations.h:
        * wasm/WasmThunks.cpp:
        (JSC::Wasm::triggerOMGEntryTierUpThunkGenerator):
        * wasm/js/JSWebAssembly.cpp:
        (JSC::instantiate):
        * wasm/js/WasmToJS.cpp:
        (JSC::Wasm::handleBadI64Use):
        (JSC::Wasm::operationWasmToJSException):
        (JSC::Wasm::emitThrowWasmToJSException):
        (JSC::Wasm::wasmToJSException): Deleted.
        * wasm/js/WasmToJS.h:
        * wasm/js/WebAssemblyInstanceConstructor.cpp:
        (JSC::constructJSWebAssemblyInstance):

2019-10-23  Truitt Savell  <tsavell@apple.com>

        Unreviewed, rolling out r251482.

        r251261 broke multiple tests, reverting this as part of that
        rollout.

        Reverted changeset:

        "[ Mac WK1 ] REGRESSION (r251261): Layout Test
        inspector/console/webcore-logging.html is consistently
        Failing"
        https://bugs.webkit.org/show_bug.cgi?id=203173
        https://trac.webkit.org/changeset/251482

2019-10-23  Yury Semikhatsky  <yurys@chromium.org>

        Web Inspector: notify inspector when provisional page is created, committed and destroyed
        https://bugs.webkit.org/show_bug.cgi?id=202704

        Reviewed by Devin Rousso.

        * inspector/InspectorTarget.h: changed InspectorTarget to not require FrontendChannel as
        all messages are routed by means of the owning InspectorTargetAgent.
        * inspector/agents/InspectorTargetAgent.cpp:
        (Inspector::InspectorTargetAgent::InspectorTargetAgent):
        (Inspector::buildTargetInfoObject):
        (Inspector::InspectorTargetAgent::targetCreated):
        (Inspector::InspectorTargetAgent::targetDestroyed):
        (Inspector::InspectorTargetAgent::didCommitProvisionalTarget): this method is used to
        notify frontend that corresponding provisional target has committed and replaced previous
        target.
        (Inspector::InspectorTargetAgent::connectionType const):
        (Inspector::InspectorTargetAgent::connectToTargets):
        (Inspector::InspectorTargetAgent::disconnectFromTargets):
        * inspector/agents/InspectorTargetAgent.h:
        * inspector/protocol/Target.json: extended TargetInfo with provisional page details and
        added event which is fired when provisional page gets committed. If provisional
        load fails there will be targetDestroyed event without corresponding commit.

2019-10-23  Ross Kirsling  <ross.kirsling@sony.com>

        String.prototype.matchAll should throw on non-global regex
        https://bugs.webkit.org/show_bug.cgi?id=202838

        Reviewed by Keith Miller.

        * builtins/StringPrototype.js:
        (matchAll):
        Implement normative change from https://github.com/tc39/ecma262/pull/1716.

        * builtins/BuiltinNames.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
        * runtime/RegExpConstructor.cpp:
        (JSC::esSpecIsRegExp): Added.
        * runtime/RegExpConstructor.h:
        Expose isRegExp to builtins. (This differs from @isRegExpObject by first checking for Symbol.match.)

2019-10-23  Sihui Liu  <sihui_liu@apple.com>

        [ Mac WK1 ] REGRESSION (r251261): Layout Test inspector/console/webcore-logging.html is consistently Failing
        https://bugs.webkit.org/show_bug.cgi?id=203173
        <rdar://problem/56424721>

        Hold a strong reference to JSGlobalOjbect in ConsoleMessage so that object is not garbage collected before
        WebConsoleAgent::frameWindowDiscarded.

        Covered by existing test: inspector/console/webcore-logging.html.

        Reviewed by Geoffrey Garen.

        * inspector/ConsoleMessage.cpp:
        (Inspector::ConsoleMessage::ConsoleMessage):
        (Inspector::ConsoleMessage::clear):
        * inspector/ConsoleMessage.h:

2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>

        Make `JSGlobalObject*` threading change more stabilized by adding tests and assertions
        https://bugs.webkit.org/show_bug.cgi?id=203274

        Reviewed by Saam Barati.

        This patch does some follow-up changes after r251425.

        1. Add tests that tests vm.topCallFrame from C++ world to ensure that `vm.topCallFrame` is kept nullptr if it is accessed from C++ world even after executing some scripts.
        2. Add assertion to ensure that `DECLARE_CALL_FRAME` is only called in JIT operation's prologue.
        3. Remove some of ExecState::deprecatedVM call.
        4. Define `USE(BUILTIN_FRAME_ADDRESS)` when using __builtin_frame_address to get CallFrame.

        * API/tests/testapi.cpp:
        (TestAPI::topCallFrameAccess):
        (testCAPIViaCpp):
        * interpreter/CallFrame.cpp:
        (JSC::isFromJSCode):
        * interpreter/CallFrame.h:
        * jit/CCallHelpers.h:
        (JSC::CCallHelpers::prepareCallOperation):
        * tools/VMInspector.cpp:
        (JSC::VMInspector::dumpRegisters):

2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>

        Unreviewed, WinCairo build fix after r251468
        https://bugs.webkit.org/show_bug.cgi?id=203276

        * jit/JIT.h:

2019-10-22  Keith Miller  <keith_miller@apple.com>

        BytecodeIndex should be a proper C++ class
        https://bugs.webkit.org/show_bug.cgi?id=203276

        Reviewed by Mark Lam.

        This patch makes a change to how we refer to the bytecode index in
        a bytecode stream. Previously we just used an unsigned number to
        represent the index, this patch changes most of the code to use a
        BytecodeIndex class instead. The only places where this patch does
        not change this is for jump and switch targets / deltas.

        Additionally, this patch attempts to canonicalize the terminology
        around how we refer to bytecode indices. Now we use the word index
        to refer to the bytecode index class and offset to refer to the
        unsigned byte offset into the instruction stream.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Sources.txt:
        * bytecode/ByValInfo.h:
        (JSC::ByValInfo::ByValInfo):
        (JSC::getByValInfoBytecodeIndex):
        * bytecode/BytecodeBasicBlock.cpp:
        (JSC::BytecodeBasicBlock::computeImpl):
        * bytecode/BytecodeGeneratorification.cpp:
        (JSC::GeneratorLivenessAnalysis::run):
        * bytecode/BytecodeIndex.cpp: Added.
        (JSC::BytecodeIndex::dump const):
        * bytecode/BytecodeIndex.h: Added.
        (JSC::BytecodeIndex::BytecodeIndex):
        (JSC::BytecodeIndex::offset const):
        (JSC::BytecodeIndex::asBits const):
        (JSC::BytecodeIndex::hash const):
        (JSC::BytecodeIndex::deletedValue):
        (JSC::BytecodeIndex::isHashTableDeletedValue const):
        (JSC::BytecodeIndex::operator bool const):
        (JSC::BytecodeIndex::operator == const):
        (JSC::BytecodeIndex::operator != const):
        (JSC::BytecodeIndex::operator < const):
        (JSC::BytecodeIndex::operator > const):
        (JSC::BytecodeIndex::operator <= const):
        (JSC::BytecodeIndex::operator >= const):
        (JSC::BytecodeIndex::fromBits):
        (JSC::BytecodeIndexHash::hash):
        (JSC::BytecodeIndexHash::equal):
        * bytecode/BytecodeLivenessAnalysis.cpp:
        (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeIndex):
        (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
        (JSC::BytecodeLivenessAnalysis::computeKills):
        (JSC::BytecodeLivenessAnalysis::dumpResults):
        (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset): Deleted.
        * bytecode/BytecodeLivenessAnalysis.h:
        * bytecode/BytecodeLivenessAnalysisInlines.h:
        (JSC::BytecodeLivenessPropagation::stepOverInstruction):
        (JSC::BytecodeLivenessPropagation::computeLocalLivenessForBytecodeIndex):
        (JSC::BytecodeLivenessPropagation::computeLocalLivenessForBlock):
        (JSC::BytecodeLivenessPropagation::getLivenessInfoAtBytecodeIndex):
        (JSC::BytecodeLivenessPropagation::computeLocalLivenessForBytecodeOffset): Deleted.
        (JSC::BytecodeLivenessPropagation::getLivenessInfoAtBytecodeOffset): Deleted.
        * bytecode/BytecodeUseDef.h:
        (JSC::computeUsesForBytecodeIndex):
        (JSC::computeDefsForBytecodeIndex):
        (JSC::computeUsesForBytecodeOffset): Deleted.
        (JSC::computeDefsForBytecodeOffset): Deleted.
        * bytecode/CallLinkStatus.cpp:
        (JSC::CallLinkStatus::computeFromLLInt):
        (JSC::CallLinkStatus::computeFor):
        (JSC::CallLinkStatus::computeExitSiteData):
        * bytecode/CallLinkStatus.h:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::getCallLinkInfoForBytecodeIndex):
        (JSC::CodeBlock::addRareCaseProfile):
        (JSC::CodeBlock::rareCaseProfileForBytecodeIndex):
        (JSC::CodeBlock::rareCaseProfileCountForBytecodeIndex):
        (JSC::CodeBlock::handlerForBytecodeIndex):
        (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeIndex):
        (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeIndexSlow):
        (JSC::CodeBlock::lineNumberForBytecodeIndex):
        (JSC::CodeBlock::columnNumberForBytecodeIndex):
        (JSC::CodeBlock::expressionRangeForBytecodeIndex const):
        (JSC::CodeBlock::hasOpDebugForLineAndColumn):
        (JSC::CodeBlock::getArrayProfile):
        (JSC::CodeBlock::tryGetValueProfileForBytecodeIndex):
        (JSC::CodeBlock::valueProfilePredictionForBytecodeIndex):
        (JSC::CodeBlock::valueProfileForBytecodeIndex):
        (JSC::CodeBlock::validate):
        (JSC::CodeBlock::arithProfileForBytecodeIndex):
        (JSC::CodeBlock::couldTakeSpecialArithFastCase):
        (JSC::CodeBlock::bytecodeIndexFromCallSiteIndex):
        (JSC::CodeBlock::rareCaseProfileForBytecodeOffset): Deleted.
        (JSC::CodeBlock::rareCaseProfileCountForBytecodeOffset): Deleted.
        (JSC::CodeBlock::handlerForBytecodeOffset): Deleted.
        (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset): Deleted.
        (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow): Deleted.
        (JSC::CodeBlock::lineNumberForBytecodeOffset): Deleted.
        (JSC::CodeBlock::columnNumberForBytecodeOffset): Deleted.
        (JSC::CodeBlock::expressionRangeForBytecodeOffset const): Deleted.
        (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset): Deleted.
        (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): Deleted.
        (JSC::CodeBlock::valueProfileForBytecodeOffset): Deleted.
        (JSC::CodeBlock::arithProfileForBytecodeOffset): Deleted.
        (JSC::CodeBlock::couldTakeSpecialFastCase): Deleted.
        (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex): Deleted.
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::likelyToTakeSlowCase):
        (JSC::CodeBlock::couldTakeSlowCase):
        (JSC::CodeBlock::bytecodeIndex):
        * bytecode/CodeOrigin.cpp:
        (JSC::CodeOrigin::approximateHash const):
        (JSC::CodeOrigin::dump const):
        * bytecode/CodeOrigin.h:
        (JSC::CodeOrigin::CodeOrigin):
        (JSC::CodeOrigin::isSet const):
        (JSC::CodeOrigin::isHashTableDeletedValue const):
        (JSC::CodeOrigin::bytecodeIndex const):
        (JSC::CodeOrigin::OutOfLineCodeOrigin::OutOfLineCodeOrigin):
        (JSC::CodeOrigin::buildCompositeValue):
        (JSC::CodeOrigin::hash const):
        * bytecode/DFGExitProfile.cpp:
        (JSC::DFG::FrequentExitSite::dump const):
        (JSC::DFG::ExitProfile::exitSitesFor):
        * bytecode/DFGExitProfile.h:
        (JSC::DFG::FrequentExitSite::FrequentExitSite):
        (JSC::DFG::FrequentExitSite::operator== const):
        (JSC::DFG::FrequentExitSite::subsumes const):
        (JSC::DFG::FrequentExitSite::hash const):
        (JSC::DFG::FrequentExitSite::bytecodeIndex const):
        (JSC::DFG::FrequentExitSite::isHashTableDeletedValue const):
        (JSC::DFG::QueryableExitProfile::hasExitSite const):
        (JSC::DFG::FrequentExitSite::bytecodeOffset const): Deleted.
        * bytecode/DeferredSourceDump.cpp:
        (JSC::DeferredSourceDump::DeferredSourceDump):
        (JSC::DeferredSourceDump::dump):
        * bytecode/DeferredSourceDump.h:
        (): Deleted.
        * bytecode/FullBytecodeLiveness.h:
        (JSC::FullBytecodeLiveness::getLiveness const):
        (JSC::FullBytecodeLiveness::operandIsLive const):
        * bytecode/GetByIdStatus.cpp:
        (JSC::GetByIdStatus::computeFromLLInt):
        (JSC::GetByIdStatus::computeFor):
        (JSC::GetByIdStatus::computeForStubInfo):
        * bytecode/GetByIdStatus.h:
        * bytecode/ICStatusUtils.cpp:
        (JSC::hasBadCacheExitSite):
        * bytecode/ICStatusUtils.h:
        * bytecode/InByIdStatus.cpp:
        (JSC::InByIdStatus::computeFor):
        * bytecode/InByIdStatus.h:
        * bytecode/InlineCallFrame.cpp:
        (JSC::InlineCallFrame::dumpInContext const):
        * bytecode/InstanceOfStatus.cpp:
        (JSC::InstanceOfStatus::computeFor):
        * bytecode/InstanceOfStatus.h:
        * bytecode/InstructionStream.h:
        (JSC::InstructionStream::BaseRef::offset const):
        (JSC::InstructionStream::BaseRef::index const):
        (JSC::InstructionStream::at const):
        * bytecode/LazyOperandValueProfile.h:
        (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
        (JSC::LazyOperandValueProfileKey::operator== const):
        (JSC::LazyOperandValueProfileKey::hash const):
        (JSC::LazyOperandValueProfileKey::bytecodeIndex const):
        (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue const):
        (JSC::LazyOperandValueProfileKey::bytecodeOffset const): Deleted.
        * bytecode/MethodOfGettingAValueProfile.cpp:
        (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
        * bytecode/MethodOfGettingAValueProfile.h:
        * bytecode/PutByIdStatus.cpp:
        (JSC::PutByIdStatus::computeFromLLInt):
        (JSC::PutByIdStatus::computeFor):
        * bytecode/PutByIdStatus.h:
        * bytecode/StructureStubInfo.cpp:
        (JSC::StructureStubInfo::StructureStubInfo):
        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedCodeBlock::lineNumberForBytecodeIndex):
        (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeIndex const):
        (JSC::UnlinkedCodeBlock::handlerForBytecodeIndex):
        (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
        (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const): Deleted.
        (JSC::UnlinkedCodeBlock::handlerForBytecodeOffset): Deleted.
        * bytecode/UnlinkedCodeBlock.h:
        * bytecode/ValueProfile.h:
        (JSC::RareCaseProfile::RareCaseProfile):
        (JSC::getRareCaseProfileBytecodeIndex):
        (JSC::getRareCaseProfileBytecodeOffset): Deleted.
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::ForInContext::finalize):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::currentPosition):
        * dfg/DFGBasicBlock.cpp:
        (JSC::DFG::BasicBlock::BasicBlock):
        * dfg/DFGBasicBlock.h:
        (JSC::DFG::getBytecodeBeginForBlock):
        (JSC::DFG::blockForBytecodeIndex):
        (JSC::DFG::blockForBytecodeOffset): Deleted.
        * dfg/DFGBlockInsertionSet.cpp:
        (JSC::DFG::BlockInsertionSet::insert):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::flushForTerminalImpl):
        (JSC::DFG::ByteCodeParser::flushIfTerminal):
        (JSC::DFG::ByteCodeParser::branchData):
        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
        (JSC::DFG::ByteCodeParser::getPrediction):
        (JSC::DFG::ByteCodeParser::getArrayMode):
        (JSC::DFG::ByteCodeParser::makeSafe):
        (JSC::DFG::ByteCodeParser::makeDivSafe):
        (JSC::DFG::ByteCodeParser::allocateTargetableBlock):
        (JSC::DFG::ByteCodeParser::allocateUntargetableBlock):
        (JSC::DFG::ByteCodeParser::makeBlockTargetable):
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
        (JSC::DFG::ByteCodeParser::inlineCall):
        (JSC::DFG::ByteCodeParser::handleCallVariant):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        (JSC::DFG::ByteCodeParser::linkBlock):
        (JSC::DFG::ByteCodeParser::parseCodeBlock):
        (JSC::DFG::ByteCodeParser::parse):
        * dfg/DFGCommonData.cpp:
        (JSC::DFG::CommonData::addCodeOrigin):
        (JSC::DFG::CommonData::addUniqueCallSiteIndex):
        (JSC::DFG::CommonData::lastCallSite const):
        * dfg/DFGCommonData.h:
        (JSC::DFG::CommonData::catchOSREntryDataForBytecodeIndex):
        (JSC::DFG::CommonData::appendCatchEntrypoint):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compileImpl):
        (JSC::DFG::compile):
        * dfg/DFGDriver.h:
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
        (JSC::DFG::Graph::willCatchExceptionInMachineFrame):
        * dfg/DFGGraph.h:
        * dfg/DFGJITCode.cpp:
        (JSC::DFG::JITCode::clearOSREntryBlockAndResetThresholds):
        * dfg/DFGJITCode.h:
        (JSC::DFG::JITCode::appendOSREntryData):
        (JSC::DFG::JITCode::osrEntryDataForBytecodeIndex):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::JITCompiler):
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::setStartOfCode):
        * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
        (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlockForTryCatch):
        * dfg/DFGOSREntry.cpp:
        (JSC::DFG::OSREntryData::dumpInContext const):
        (JSC::DFG::prepareOSREntry):
        (JSC::DFG::prepareCatchOSREntry):
        * dfg/DFGOSREntry.h:
        (JSC::DFG::getOSREntryDataBytecodeIndex):
        (JSC::DFG::prepareOSREntry):
        * dfg/DFGOSREntrypointCreationPhase.cpp:
        (JSC::DFG::OSREntrypointCreationPhase::run):
        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::executeOSRExit):
        (JSC::DFG::reifyInlinedCallFrames):
        (JSC::DFG::adjustAndJumpToTarget):
        (JSC::DFG::printOSRExit):
        (JSC::DFG::OSRExit::compileExit):
        (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure):
        * dfg/DFGOSRExit.h:
        * dfg/DFGOSRExitCompilerCommon.cpp:
        (JSC::DFG::callerReturnPC):
        (JSC::DFG::reifyInlinedCallFrames):
        (JSC::DFG::adjustAndJumpToTarget):
        * dfg/DFGOSRExitCompilerCommon.h:
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGPlan.cpp:
        (JSC::DFG::Plan::Plan):
        (JSC::DFG::Plan::compileInThreadImpl):
        (JSC::DFG::Plan::cleanMustHandleValuesIfNecessary):
        * dfg/DFGPlan.h:
        (JSC::DFG::Plan::osrEntryBytecodeIndex const):
        (JSC::DFG::Plan::tierUpInLoopHierarchy):
        (JSC::DFG::Plan::tierUpAndOSREnterBytecodes):
        * dfg/DFGSSAConversionPhase.cpp:
        (JSC::DFG::SSAConversionPhase::run):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
        (JSC::DFG::SpeculativeJIT::compileValueAdd):
        (JSC::DFG::SpeculativeJIT::compileValueSub):
        (JSC::DFG::SpeculativeJIT::compileValueNegate):
        (JSC::DFG::SpeculativeJIT::compileValueMul):
        (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGTierUpCheckInjectionPhase.cpp:
        (JSC::DFG::TierUpCheckInjectionPhase::run):
        (JSC::DFG::TierUpCheckInjectionPhase::buildNaturalLoopToLoopHintMap):
        * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
        (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
        * dfg/DFGValidate.cpp:
        * ftl/FTLCompile.cpp:
        (JSC::FTL::compile):
        * ftl/FTLForOSREntryJITCode.h:
        (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
        (JSC::FTL::ForOSREntryJITCode::bytecodeIndex const):
        * ftl/FTLLowerDFGToB3.cpp:
        (JSC::FTL::DFG::LowerDFGToB3::lower):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
        * ftl/FTLOSREntry.cpp:
        (JSC::FTL::prepareOSREntry):
        * ftl/FTLOSREntry.h:
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::callSiteIndex const):
        (JSC::CallFrame::unsafeCallSiteIndex const):
        (JSC::CallFrame::setCurrentVPC):
        (JSC::CallFrame::bytecodeIndex):
        (JSC::CallFrame::codeOrigin):
        (JSC::CallFrame::dump):
        (JSC::CallFrame::bytecodeOffset): Deleted.
        * interpreter/CallFrame.h:
        (JSC::CallSiteIndex::CallSiteIndex):
        (JSC::CallSiteIndex::operator bool const):
        (JSC::CallSiteIndex::operator== const):
        (JSC::CallSiteIndex::bits const):
        (JSC::CallSiteIndex::bytecodeIndex const):
        (JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
        (): Deleted.
        * interpreter/Interpreter.cpp:
        (JSC::GetStackTraceFunctor::operator() const):
        (JSC::findExceptionHandler):
        * interpreter/ShadowChicken.cpp:
        (JSC::ShadowChicken::update):
        * interpreter/StackVisitor.cpp:
        (JSC::StackVisitor::readNonInlinedFrame):
        (JSC::StackVisitor::readInlinedFrame):
        (JSC::StackVisitor::Frame::retrieveExpressionInfo const):
        (JSC::StackVisitor::Frame::dump const):
        * interpreter/StackVisitor.h:
        (JSC::StackVisitor::Frame::bytecodeIndex const):
        (JSC::StackVisitor::Frame::bytecodeOffset const): Deleted.
        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        (JSC::JIT::emitEnterOptimizationCheck):
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::compileWithoutLinking):
        (JSC::JIT::link):
        (JSC::JIT::privateCompileExceptionHandlers):
        * jit/JIT.h:
        (JSC::CallRecord::CallRecord):
        (JSC::SlowCaseEntry::SlowCaseEntry):
        (JSC::SwitchRecord::SwitchRecord):
        (JSC::ByValCompilationInfo::ByValCompilationInfo):
        * jit/JITCall.cpp:
        (JSC::JIT::compileCallEvalSlowCase):
        (JSC::JIT::compileOpCall):
        * jit/JITCodeMap.h:
        (JSC::JITCodeMap::Entry::Entry):
        (JSC::JITCodeMap::Entry::bytecodeIndex const):
        (JSC::JITCodeMap::append):
        (JSC::JITCodeMap::find const):
        * jit/JITDisassembler.cpp:
        (JSC::JITDisassembler::dumpVectorForInstructions):
        (JSC::JITDisassembler::reportInstructions):
        * jit/JITDisassembler.h:
        * jit/JITInlines.h:
        (JSC::JIT::emitNakedCall):
        (JSC::JIT::emitNakedTailCall):
        (JSC::JIT::updateTopCallFrame):
        (JSC::JIT::linkAllSlowCasesForBytecodeIndex):
        (JSC::JIT::addSlowCase):
        (JSC::JIT::addJump):
        (JSC::JIT::emitJumpSlowToHot):
        (JSC::JIT::emitGetVirtualRegister):
        (JSC::JIT::linkAllSlowCasesForBytecodeOffset): Deleted.
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_instanceof):
        (JSC::JIT::emit_op_catch):
        (JSC::JIT::emit_op_switch_imm):
        (JSC::JIT::emit_op_switch_char):
        (JSC::JIT::emit_op_switch_string):
        (JSC::JIT::emitSlow_op_loop_hint):
        (JSC::JIT::emit_op_has_indexed_property):
        (JSC::JIT::emit_op_log_shadow_chicken_tail):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_instanceof):
        (JSC::JIT::emit_op_catch):
        (JSC::JIT::emit_op_switch_imm):
        (JSC::JIT::emit_op_switch_char):
        (JSC::JIT::emit_op_switch_string):
        (JSC::JIT::emit_op_has_indexed_property):
        * jit/JITOperations.cpp:
        (JSC::getByVal):
        (JSC::tryGetByValOptimize):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emit_op_get_by_val):
        (JSC::JIT::emitGetByValWithCachedId):
        (JSC::JIT::emit_op_put_by_val):
        (JSC::JIT::emitPutByValWithCachedId):
        (JSC::JIT::emit_op_try_get_by_id):
        (JSC::JIT::emit_op_get_by_id_direct):
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emit_op_get_by_id_with_this):
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::emit_op_in_by_id):
        * jit/JITWorklist.cpp:
        (JSC::JITWorklist::Plan::Plan):
        (JSC::JITWorklist::Plan::compileNow):
        (JSC::JITWorklist::compileLater):
        (JSC::JITWorklist::compileNow):
        * jit/JITWorklist.h:
        * jit/PCToCodeOriginMap.cpp:
        (JSC::PCToCodeOriginMap::PCToCodeOriginMap):
        (JSC::PCToCodeOriginMap::findPC const):
        * jit/PCToCodeOriginMap.h:
        (JSC::PCToCodeOriginMapBuilder::defaultCodeOrigin):
        * jit/SlowPathCall.h:
        (JSC::JITSlowPathCall::call):
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::jitCompileAndSetHeuristics):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * profiler/ProfilerOrigin.cpp:
        (JSC::Profiler::Origin::Origin):
        (JSC::Profiler::Origin::dump const):
        (JSC::Profiler::Origin::toJS const):
        * profiler/ProfilerOrigin.h:
        (JSC::Profiler::Origin::Origin):
        (JSC::Profiler::Origin::operator! const):
        (JSC::Profiler::Origin::bytecodeIndex const):
        (JSC::Profiler::Origin::hash const):
        (JSC::Profiler::Origin::isHashTableDeletedValue const):
        * runtime/Error.cpp:
        (JSC::getBytecodeIndex):
        (JSC::getBytecodeOffset): Deleted.
        * runtime/Error.h:
        * runtime/ErrorInstance.cpp:
        (JSC::appendSourceToError):
        (JSC::ErrorInstance::finishCreation):
        * runtime/SamplingProfiler.cpp:
        (JSC::tryGetBytecodeIndex):
        (JSC::SamplingProfiler::processUnverifiedStackTraces):
        (JSC::SamplingProfiler::reportTopBytecodes):
        * runtime/SamplingProfiler.h:
        (JSC::SamplingProfiler::StackFrame::CodeLocation::hasBytecodeIndex const):
        * runtime/StackFrame.cpp:
        (JSC::StackFrame::StackFrame):
        (JSC::StackFrame::computeLineAndColumn const):
        * runtime/StackFrame.h:
        (JSC::StackFrame::hasBytecodeIndex const):
        (JSC::StackFrame::bytecodeIndex):
        (JSC::StackFrame::hasBytecodeOffset const): Deleted.
        (JSC::StackFrame::bytecodeOffset): Deleted.
        * tools/VMInspector.cpp:
        (JSC::VMInspector::dumpRegisters):

2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>

        Unreviewed, make 32bit JIT built
        https://bugs.webkit.org/show_bug.cgi?id=202392

        This patch makes 32bit JIT built at least.

        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_throw):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emitGetByValWithCachedId):
        (JSC::JIT::emitSlow_op_get_by_id_direct):
        (JSC::JIT::emitSlow_op_get_by_id):
        (JSC::JIT::emitSlow_op_get_by_id_with_this):
        (JSC::JIT::emitSlow_op_get_from_scope):

2019-10-22  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Remove non-LargeAllocation restriction for JSCallee
        https://bugs.webkit.org/show_bug.cgi?id=203260

        Reviewed by Saam Barati.

        We now pass JSGlobalObject* instead of ExecState*. And we are getting VM& from JSGlobalObject*.
        Because now accessing ExecState::vm() becomes less frequent, we can remove the restriction that
        callee is only allocated in non-LargeAllocation, which restriction made ExecState::vm fast.

        This patch renames `CallFrame::vm` to `CallFrame::deprecatedVM`. And we avoid using it as much as possible.
        And we also remove the restriction that callee needs to be in non-LargeAllocation.

        * API/JSContextRef.cpp:
        (JSContextCreateBacktrace):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::noticeIncomingCall):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::deprecatedVMEntryGlobalObject const):
        (JSC::DebuggerCallFrame::functionName const):
        (JSC::DebuggerCallFrame::scope):
        (JSC::DebuggerCallFrame::type const):
        (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
        (JSC::DebuggerCallFrame::positionForCallFrame):
        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::executeOSRExit):
        (JSC::DFG::OSRExit::compileOSRExit):
        (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure):
        * dfg/DFGOperations.cpp:
        * ftl/FTLOSRExitCompiler.cpp:
        (JSC::FTL::compileFTLOSRExit):
        * ftl/FTLOperations.cpp:
        (JSC::FTL::compileFTLLazySlowPath):
        * inspector/JSInjectedScriptHost.cpp:
        (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
        * inspector/ScriptCallStackFactory.cpp:
        (Inspector::createScriptCallStack):
        (Inspector::createScriptCallStackForConsole):
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::callerSourceOrigin):
        (JSC::CallFrame::friendlyFunctionName):
        * interpreter/CallFrame.h:
        (JSC::CallFrame::iterate):
        * interpreter/Interpreter.cpp:
        (JSC::sizeOfVarargs):
        (JSC::sizeFrameForVarargs):
        (JSC::Interpreter::getStackTrace):
        (JSC::Interpreter::unwind):
        (JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
        (JSC::Interpreter::debug):
        * interpreter/Interpreter.h:
        * interpreter/ShadowChicken.cpp:
        (JSC::ShadowChicken::update):
        * interpreter/StackVisitor.cpp:
        (JSC::StackVisitor::StackVisitor):
        (JSC::StackVisitor::Frame::functionName const):
        * interpreter/StackVisitor.h:
        (JSC::StackVisitor::visit):
        * jit/HostCallReturnValue.cpp:
        (JSC::getHostCallReturnValueWithExecState):
        * jit/JITOperations.cpp:
        * jit/Repatch.cpp:
        (JSC::linkFor):
        (JSC::linkPolymorphicCall):
        * jit/Repatch.h:
        * jsc.cpp:
        (functionJSCStack):
        (functionRunString):
        (functionLoadString):
        (functionCallerSourceOrigin):
        (functionCallerIsOMGCompiled):
        (functionDollarEvalScript):
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/Error.cpp:
        (JSC::getBytecodeOffset):
        * runtime/FunctionConstructor.cpp:
        (JSC::constructFunction):
        * runtime/JSCellInlines.h:
        (JSC::CallFrame::deprecatedVM const):
        (JSC::CallFrame::vm const): Deleted.
        * runtime/JSFunction.cpp:
        (JSC::retrieveArguments):
        (JSC::JSFunction::argumentsGetter):
        (JSC::retrieveCallerFunction):
        (JSC::JSFunction::callerGetter):
        (JSC::JSFunction::defineOwnProperty):
        * runtime/JSGlobalObject.cpp:
        (JSC::assertCall):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        (JSC::globalFuncImportModule):
        * runtime/NullSetterFunction.cpp:
        (JSC::callerIsStrict):
        (JSC::NullSetterFunctionInternal::callReturnUndefined):
        * tools/JSDollarVM.cpp:
        (IGNORE_WARNINGS_BEGIN):
        (JSC::functionLLintTrue):
        (JSC::functionJITTrue):
        (JSC::functionDumpRegisters):
        (JSC::functionShadowChickenFunctionsOnStack):
        * tools/VMInspector.cpp:
        (JSC::VMInspector::codeBlockForFrame):
        (JSC::VMInspector::dumpCallFrame):
        (JSC::VMInspector::dumpRegisters):
        (JSC::VMInspector::dumpStack):
        * wasm/js/WasmToJS.cpp:
        (JSC::Wasm::wasmToJS):

2019-10-22  Mark Lam  <mark.lam@apple.com>

        Clients of JSArray::tryCreateUninitializedRestricted() should invoke the mutatorFence().
        https://bugs.webkit.org/show_bug.cgi?id=203231
        <rdar://problem/56486552>

        Reviewed by Saam Barati.

        Clients of JSArray::tryCreateUninitializedRestricted() creates a partially
        initialized JSArray butterfly, with the contract that it (the client) will take
        care of filling in all the missing indexed properties before setting the newly
        created array loose in the world.  We intentionally do not unconditionally write
        barrier the newly created array but, instead, rely on an owner object (or GC root)
        that it gets put into to scan it.

        That said, we do need to ensure that all the stores are completed before this
        array is put in an owner object (or GC root) which makes it scannable by the GC.
        This ensures that the GC will not be scanning a partially initialized array
        butterfly.  To achieve this, we should invoke the mutatorFence after the clients
        of JSArray::tryCreateUninitializedRestricted() finish initializing the array.

        By design, all clients of tryCreateUninitializedRestricted() must instantiate an
        ObjectInitializationScope RAII object.  This patch makes use of the
        ObjectInitializationScope destructor to invoke the mutatorFence.

        Note: we technically only need to invoke the fence if we succeeded in allocating
        the array.  However, we just invoke the fence unconditionally because we expect
        that in the common path, we will succeed in allocating the array.  The release
        build version of ObjectInitializationScope does not keep record of whether we
        succeed in allocating the array anyway.  To keep the behavior consistent, the
        debug build version of ObjectInitializationScope will also unconditionally
        invoke the fence even if we failed to allocate the array.

        This patch also does the following:

        1. Replaced the setting of the public length in arrayProtoPrivateFuncConcatMemcpy()
           with an assertion.  The public length was already set by
           tryCreateUninitializedRestricted() earlier.

           Ditto for JSArray::fastSlice().

        2. Removed a redundant instance of ObjectInitializationScope in
           createEmptyRegExpMatchesArray().

        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoPrivateFuncConcatMemcpy):
        * runtime/JSArray.cpp:
        (JSC::JSArray::fastSlice):
        * runtime/ObjectInitializationScope.cpp:
        (JSC::ObjectInitializationScope::~ObjectInitializationScope):
        * runtime/ObjectInitializationScope.h:
        (JSC::ObjectInitializationScope::~ObjectInitializationScope):
        * runtime/RegExpMatchesArray.cpp:
        (JSC::createEmptyRegExpMatchesArray):

2019-10-22  Mark Lam  <mark.lam@apple.com>

        Fix incorrect assertion in operationRegExpExecNonGlobalOrSticky().
        https://bugs.webkit.org/show_bug.cgi?id=203230
        <rdar://problem/56460749>

        Reviewed by Robin Morisset.

        operationRegExpExecNonGlobalOrSticky() was asserting no exception when
        createRegExpMatchesArray() returns null.  createRegExpMatchesArray() only returns
        null when RegExp::matchInline() returns -1.  RegExp::matchInline() can return -1
        either when there's an error, or if the match fails.  When there's an error,
        RegExp::matchInline() also throws an exception via a throwError() helper.

        This patch fixes operationRegExpExecNonGlobalOrSticky() to check for an exception
        being thrown, or createRegExpMatchesArray() returning a null array due to a failed
        match.

        * dfg/DFGOperations.cpp:

2019-10-22  Adrian Perez de Castro  <aperez@igalia.com>

        [GTK][WPE] Fix non-unified builds after r251326
        https://bugs.webkit.org/show_bug.cgi?id=203244

        Reviewed by Youenn Fablet.

        * ftl/FTLOSREntry.h: Add missing forward declaration of JSC::VM.
        * inspector/ScriptCallStackFactory.h: Add missing forward declaration of JSC::JSGlobalObject.
        * llint/LLIntExceptions.h: Add missing forward declaration of JSC::VM.
        * runtime/ExceptionFuzz.h: Add missing forward declaration of JSC::JSGlobalObject.
        * runtime/JSDateMath.h: Ditto.
        * runtime/JSStringJoiner.h: Add missing inclusion of the JSGlobalObject.h header.
        * runtime/Watchdog.h: Add missing forward declaration of JSC::JSGlobalObject.
        * wasm/WasmOperations.h: Add missing forward declaration of JSC::JSWebAssemblyInstance.

2019-10-21  Yusuke Suzuki  <ysuzuki@apple.com>

        [JSC] Thread JSGlobalObject* instead of ExecState*
        https://bugs.webkit.org/show_bug.cgi?id=202392

        Reviewed by Geoffrey Garen.

        This patch replaces JSC's convention entirely: instead of passing ExecState*, we pass lexical JSGlobalObject*.
        We have many issues historically.

        1. We have a hack like global-exec, since many runtime functions take ExecState* while valid ExecState* is populated only after executing some JS function.
        2. We pass ExecState* without considering whether this is correct one when inlining a function. If inlined function has different realm, `exec->lexicalGlobalObject()` just returns wrong JSGlobalObject*.

        This patch attempts to remove these issues entirely by passing JSGlobalObject* instead of ExecState*.

        1. We change ExecState* to JSGlobalObject*.
        2. JIT operations should take JSGlobalObject* instead of ExecState* to reflect the inlinee's JSGlobalObject* correctly.
        3. We get CallFrame* by using `__builtin_frame_address(1)` in JIT operations. When it is not available, we put CallFrame* to `vm.topCallFrame` in the caller side and load it from VM.
        4. We remove ExecState*. All the actual call-frame is called `CallFrame*`. CallFrame* is passed only when CallFrame* is actually needed: accessing arguments, OSR etc.
        5. LLInt and Baseline slow paths are just getting CallFrame*. It gets CodeBlock from CallFrame* and getting VM& and JSGlobalObject* from it since they do not have inlining.
        6. We basically removed `VM::vmEntryGlobalObject`. It returns JSGlobalObject* from VMEntryScope. APIs and Completion.cpp use this but they are wrong. And by using lexical JSGlobalObject*, we fixed WPT issues.
        7. This patch does not fix complicated JSGlobalObject* issues. But we put FIXME if it seems wrong and it needs to be revisited.
        8. FunctionConstructor, ArrayConstructor etc. are exposed from JSGlobalObject to use it for InternalFunction::createStructure() without using `CallFrame*`.

        * API/APICallbackFunction.h:
        (JSC::APICallbackFunction::call):
        (JSC::APICallbackFunction::construct):
        * API/APICast.h:
        (toJS):
        (toJSGlobalObject):
        (toJSForGC):
        (toRef):
        (toGlobalRef):
        * API/APIUtils.h:
        (handleExceptionIfNeeded):
        (setException):
        * API/JSAPIGlobalObject.h:
        * API/JSAPIGlobalObject.mm:
        (JSC::JSAPIGlobalObject::moduleLoaderResolve):
        (JSC::JSAPIGlobalObject::moduleLoaderImportModule):
        (JSC::JSAPIGlobalObject::moduleLoaderFetch):
        (JSC::JSAPIGlobalObject::moduleLoaderCreateImportMetaProperties):
        (JSC::JSAPIGlobalObject::moduleLoaderEvaluate):
        (JSC::JSAPIGlobalObject::loadAndEvaluateJSScriptModule):
        * API/JSAPIValueWrapper.h:
        * API/JSBase.cpp:
        (JSEvaluateScriptInternal):
        (JSEvaluateScript):
        (JSCheckScriptSyntax):
        (JSGarbageCollect):
        (JSReportExtraMemoryCost):
        (JSSynchronousGarbageCollectForDebugging):
        (JSSynchronousEdenCollectForDebugging):
        * API/JSBaseInternal.h:
        * API/JSCTestRunnerUtils.cpp:
        (JSC::failNextNewCodeBlock):
        (JSC::numberOfDFGCompiles):
        (JSC::setNeverInline):
        (JSC::setNeverOptimize):
        * API/JSCallbackConstructor.h:
        * API/JSCallbackObject.h:
        * API/JSCallbackObjectFunctions.h:
        (JSC::JSCallbackObject<Parent>::JSCallbackObject):
        (JSC::JSCallbackObject<Parent>::finishCreation):
        (JSC::JSCallbackObject<Parent>::init):
        (JSC::JSCallbackObject<Parent>::toStringName):
        (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
        (JSC::JSCallbackObject<Parent>::getOwnPropertySlotByIndex):
        (JSC::JSCallbackObject<Parent>::defaultValue):
        (JSC::JSCallbackObject<Parent>::put):
        (JSC::JSCallbackObject<Parent>::putByIndex):
        (JSC::JSCallbackObject<Parent>::deleteProperty):
        (JSC::JSCallbackObject<Parent>::deletePropertyByIndex):
        (JSC::JSCallbackObject<Parent>::construct):
        (JSC::JSCallbackObject<Parent>::customHasInstance):
        (JSC::JSCallbackObject<Parent>::call):
        (JSC::JSCallbackObject<Parent>::getOwnNonIndexPropertyNames):
        (JSC::JSCallbackObject<Parent>::getStaticValue):
        (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
        (JSC::JSCallbackObject<Parent>::callbackGetter):
        * API/JSClassRef.cpp:
        (OpaqueJSClass::contextData):
        (OpaqueJSClass::staticValues):
        (OpaqueJSClass::staticFunctions):
        (OpaqueJSClass::prototype):
        * API/JSClassRef.h:
        * API/JSContext.mm:
        (-[JSContext ensureWrapperMap]):
        (-[JSContext evaluateJSScript:]):
        (-[JSContext dependencyIdentifiersForModuleJSScript:]):
        (-[JSContext setException:]):
        (-[JSContext initWithGlobalContextRef:]):
        (-[JSContext wrapperMap]):
        * API/JSContextRef.cpp:
        (internalScriptTimeoutCallback):
        (JSGlobalContextCreateInGroup):
        (JSGlobalContextRetain):
        (JSGlobalContextRelease):
        (JSContextGetGlobalObject):
        (JSContextGetGroup):
        (JSContextGetGlobalContext):
        (JSGlobalContextCopyName):
        (JSGlobalContextSetName):
        (JSGlobalContextSetUnhandledRejectionCallback):
        (JSContextCreateBacktrace):
        (JSGlobalContextGetRemoteInspectionEnabled):
        (JSGlobalContextSetRemoteInspectionEnabled):
        (JSGlobalContextGetIncludesNativeCallStackWhenReportingExceptions):
        (JSGlobalContextSetIncludesNativeCallStackWhenReportingExceptions):
        (JSGlobalContextGetDebuggerRunLoop):
        (JSGlobalContextSetDebuggerRunLoop):
        (JSGlobalContextGetAugmentableInspectorController):
        * API/JSManagedValue.mm:
        (-[JSManagedValue initWithValue:]):
        (-[JSManagedValue value]):
        * API/JSObjectRef.cpp:
        (JSObjectMake):
        (JSObjectMakeFunctionWithCallback):
        (JSObjectMakeConstructor):
        (JSObjectMakeFunction):
        (JSObjectMakeArray):
        (JSObjectMakeDate):
        (JSObjectMakeError):
        (JSObjectMakeRegExp):
        (JSObjectMakeDeferredPromise):
        (JSObjectGetPrototype):
        (JSObjectSetPrototype):
        (JSObjectHasProperty):
        (JSObjectGetProperty):
        (JSObjectSetProperty):
        (JSObjectHasPropertyForKey):
        (JSObjectGetPropertyForKey):
        (JSObjectSetPropertyForKey):
        (JSObjectDeletePropertyForKey):
        (JSObjectGetPropertyAtIndex):
        (JSObjectSetPropertyAtIndex):
        (JSObjectDeleteProperty):
        (JSObjectGetPrivateProperty):
        (JSObjectSetPrivateProperty):
        (JSObjectDeletePrivateProperty):
        (JSObjectIsFunction):
        (JSObjectCallAsFunction):
        (JSObjectIsConstructor):
        (JSObjectCallAsConstructor):
        (JSObjectCopyPropertyNames):
        (JSObjectGetGlobalContext):
        * API/JSScriptRef.cpp:
        * API/JSTypedArray.cpp:
        (createTypedArray):
        (JSValueGetTypedArrayType):
        (JSObjectMakeTypedArray):
        (JSObjectMakeTypedArrayWithBytesNoCopy):
        (JSObjectMakeTypedArrayWithArrayBuffer):
        (JSObjectMakeTypedArrayWithArrayBufferAndOffset):
        (JSObjectGetTypedArrayBytesPtr):
        (JSObjectGetTypedArrayLength):
        (JSObjectGetTypedArrayByteLength):
        (JSObjectGetTypedArrayByteOffset):
        (JSObjectGetTypedArrayBuffer):
        (JSObjectMakeArrayBufferWithBytesNoCopy):
        (JSObjectGetArrayBufferBytesPtr):
        (JSObjectGetArrayBufferByteLength):
        * API/JSValue.mm:
        (JSContainerConvertor::add):
        (reportExceptionToInspector):
        (valueToObjectWithoutCopy):
        (ObjcContainerConvertor::add):
        * API/JSValueRef.cpp:
        (JSValueGetType):
        (JSValueIsUndefined):
        (JSValueIsNull):
        (JSValueIsBoolean):
        (JSValueIsNumber):
        (JSValueIsString):
        (JSValueIsObject):
        (JSValueIsSymbol):
        (JSValueIsArray):
        (JSValueIsDate):
        (JSValueIsObjectOfClass):
        (JSValueIsEqual):
        (JSValueIsStrictEqual):
        (JSValueIsInstanceOfConstructor):
        (JSValueMakeUndefined):
        (JSValueMakeNull):
        (JSValueMakeBoolean):
        (JSValueMakeNumber):
        (JSValueMakeSymbol):
        (JSValueMakeString):
        (JSValueMakeFromJSONString):
        (JSValueCreateJSONString):
        (JSValueToBoolean):
        (JSValueToNumber):
        (JSValueToStringCopy):
        (JSValueToObject):
        (JSValueProtect):
        (JSValueUnprotect):
        * API/JSWeakObjectMapRefPrivate.cpp:
        * API/JSWrapperMap.mm:
        (constructorHasInstance):
        (makeWrapper):
        (putNonEnumerable):
        (copyMethodsToObject):
        (-[JSObjCClassInfo wrapperForObject:inContext:]):
        (-[JSObjCClassInfo structureInContext:]):
        * API/ObjCCallbackFunction.mm:
        (JSC::objCCallbackFunctionCallAsFunction):
        (JSC::objCCallbackFunctionCallAsConstructor):
        (objCCallbackFunctionForInvocation):
        * API/glib/JSCCallbackFunction.cpp:
        (JSC::JSCCallbackFunction::call):
        (JSC::JSCCallbackFunction::construct):
        * API/glib/JSCClass.cpp:
        (isWrappedObject):
        (jscContextForObject):
        (jscClassCreateConstructor):
        (jscClassAddMethod):
        * API/glib/JSCContext.cpp:
        (jsc_context_evaluate_in_object):
        (jsc_context_check_syntax):
        * API/glib/JSCException.cpp:
        (jscExceptionCreate):
        * API/glib/JSCValue.cpp:
        (jsc_value_object_define_property_data):
        (jsc_value_object_define_property_accessor):
        (jscValueFunctionCreate):
        * API/glib/JSCWeakValue.cpp:
        (jscWeakValueInitialize):
        (jsc_weak_value_get_value):
        * API/glib/JSCWrapperMap.cpp:
        (JSC::WrapperMap::createJSWrappper):
        (JSC::WrapperMap::createContextWithJSWrappper):
        * API/tests/JSONParseTest.cpp:
        (testJSONParse):
        * API/tests/JSObjectGetProxyTargetTest.cpp:
        (testJSObjectGetProxyTarget):
        * API/tests/JSWrapperMapTests.mm:
        (+[JSWrapperMapTests testStructureIdentity]):
        * API/tests/testapi.cpp:
        (APIContext::APIContext):
        (APIContext::operator JSC::JSGlobalObject*):
        (APIContext::operator JSC::ExecState*): Deleted.
        * CMakeLists.txt:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bindings/ScriptFunctionCall.cpp:
        (Deprecated::ScriptCallArgumentHandler::appendArgument):
        (Deprecated::ScriptFunctionCall::ScriptFunctionCall):
        (Deprecated::ScriptFunctionCall::call):
        * bindings/ScriptFunctionCall.h:
        * bindings/ScriptObject.cpp:
        (Deprecated::ScriptObject::ScriptObject):
        * bindings/ScriptObject.h:
        (Deprecated::ScriptObject::globalObject const):
        (Deprecated::ScriptObject::scriptState const): Deleted.
        * bindings/ScriptValue.cpp:
        (Inspector::jsToInspectorValue):
        (Inspector::toInspectorValue):
        * bindings/ScriptValue.h:
        * bytecode/AccessCase.cpp:
        (JSC::AccessCase::generateImpl):
        * bytecode/AccessCaseSnippetParams.cpp:
        (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::finishCreation):
        (JSC::CodeBlock::setConstantIdentifierSetRegisters):
        (JSC::CodeBlock::setConstantRegisters):
        (JSC::CodeBlock::linkIncomingCall):
        (JSC::CodeBlock::linkIncomingPolymorphicCall):
        (JSC::CodeBlock::noticeIncomingCall):
        * bytecode/CodeBlock.h:
        (JSC::CallFrame::r):
        (JSC::CallFrame::uncheckedR):
        (JSC::ExecState::r): Deleted.
        (JSC::ExecState::uncheckedR): Deleted.
        * bytecode/DirectEvalCodeCache.cpp:
        (JSC::DirectEvalCodeCache::setSlow):
        * bytecode/DirectEvalCodeCache.h:
        (JSC::DirectEvalCodeCache::set):
        * bytecode/InlineCallFrame.cpp:
        (JSC::InlineCallFrame::calleeForCallFrame const):
        * bytecode/InlineCallFrame.h:
        * bytecode/InternalFunctionAllocationProfile.h:
        (JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
        * bytecode/ObjectPropertyConditionSet.cpp:
        (JSC::generateConditionsForPropertyMiss):
        (JSC::generateConditionsForPropertySetterMiss):
        (JSC::generateConditionsForPrototypePropertyHit):
        (JSC::generateConditionsForPrototypePropertyHitCustom):
        (JSC::generateConditionsForInstanceOf):
        * bytecode/ObjectPropertyConditionSet.h:
        * bytecode/PolymorphicAccess.cpp:
        (JSC::AccessGenerationState::emitExplicitExceptionHandler):
        * bytecode/StructureStubInfo.h:
        (JSC::appropriateGenericGetByIdFunction):
        * bytecode/UnlinkedFunctionExecutable.cpp:
        (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
        * bytecode/UnlinkedFunctionExecutable.h:
        * bytecode/ValueRecovery.cpp:
        (JSC::ValueRecovery::recover const):
        * bytecode/ValueRecovery.h:
        * debugger/Debugger.cpp:
        (JSC::Debugger::attach):
        (JSC::Debugger::hasBreakpoint):
        (JSC::Debugger::breakProgram):
        (JSC::lexicalGlobalObjectForCallFrame):
        (JSC::Debugger::updateCallFrame):
        (JSC::Debugger::pauseIfNeeded):
        (JSC::Debugger::exception):
        (JSC::Debugger::atStatement):
        (JSC::Debugger::atExpression):
        (JSC::Debugger::callEvent):
        (JSC::Debugger::returnEvent):
        (JSC::Debugger::unwindEvent):
        (JSC::Debugger::willExecuteProgram):
        (JSC::Debugger::didExecuteProgram):
        (JSC::Debugger::didReachBreakpoint):
        * debugger/Debugger.h:
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::create):
        (JSC::DebuggerCallFrame::globalObject):
        (JSC::DebuggerCallFrame::deprecatedVMEntryGlobalObject const):
        (JSC::DebuggerCallFrame::thisValue const):
        (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
        (JSC::DebuggerCallFrame::sourceIDForCallFrame):
        (JSC::DebuggerCallFrame::globalExec): Deleted.
        (JSC::DebuggerCallFrame::vmEntryGlobalObject const): Deleted.
        * debugger/DebuggerCallFrame.h:
        * debugger/DebuggerEvalEnabler.h:
        (JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
        (JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
        * debugger/DebuggerScope.cpp:
        (JSC::DebuggerScope::toStringName):
        (JSC::DebuggerScope::getOwnPropertySlot):
        (JSC::DebuggerScope::put):
        (JSC::DebuggerScope::deleteProperty):
        (JSC::DebuggerScope::getOwnPropertyNames):
        (JSC::DebuggerScope::defineOwnProperty):
        (JSC::DebuggerScope::caughtValue const):
        * debugger/DebuggerScope.h:
        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult):
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGArithMode.h:
        * dfg/DFGArrayifySlowPathGenerator.h:
        * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
        (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
        (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
        (JSC::DFG::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator):
        * dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::globalThisObjectFor):
        * dfg/DFGJITCode.cpp:
        (JSC::DFG::JITCode::reconstruct):
        * dfg/DFGJITCode.h:
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compileExceptionHandlers):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGOSREntry.cpp:
        (JSC::DFG::prepareOSREntry):
        (JSC::DFG::prepareCatchOSREntry):
        * dfg/DFGOSREntry.h:
        (JSC::DFG::prepareOSREntry):
        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::createClonedArgumentsDuringExit):
        (JSC::DFG::OSRExit::executeOSRExit):
        (JSC::DFG::adjustAndJumpToTarget):
        (JSC::DFG::printOSRExit):
        (JSC::DFG::OSRExit::emitRestoreArguments):
        (JSC::DFG::OSRExit::compileOSRExit):
        (JSC::DFG::OSRExit::debugOperationPrintSpeculationFailure):
        * dfg/DFGOSRExit.h:
        * dfg/DFGOSRExitCompilerCommon.cpp:
        (JSC::DFG::osrWriteBarrier):
        (JSC::DFG::adjustAndJumpToTarget):
        * dfg/DFGOperations.cpp:
        (JSC::DFG::putByVal):
        (JSC::DFG::putByValInternal):
        (JSC::DFG::putByValCellInternal):
        (JSC::DFG::putByValCellStringInternal):
        (JSC::DFG::newTypedArrayWithSize):
        (JSC::DFG::putWithThis):
        (JSC::DFG::binaryOp):
        (JSC::DFG::bitwiseBinaryOp):
        (JSC::DFG::getByValObject):
        * dfg/DFGOperations.h:
        * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
        (JSC::DFG::SaneStringGetByValSlowPathGenerator::SaneStringGetByValSlowPathGenerator):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileInById):
        (JSC::DFG::SpeculativeJIT::compileInByVal):
        (JSC::DFG::SpeculativeJIT::compileDeleteById):
        (JSC::DFG::SpeculativeJIT::compileDeleteByVal):
        (JSC::DFG::SpeculativeJIT::compilePushWithScope):
        (JSC::DFG::SpeculativeJIT::compileStringSlice):
        (JSC::DFG::SpeculativeJIT::compileToLowerCase):
        (JSC::DFG::SpeculativeJIT::compileCheckTraps):
        (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
        (JSC::DFG::SpeculativeJIT::compileFromCharCode):
        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
        (JSC::DFG::SpeculativeJIT::compileGetByValForObjectWithString):
        (JSC::DFG::SpeculativeJIT::compileGetByValForObjectWithSymbol):
        (JSC::DFG::SpeculativeJIT::compilePutByValForCellWithString):
        (JSC::DFG::SpeculativeJIT::compilePutByValForCellWithSymbol):
        (JSC::DFG::SpeculativeJIT::compileGetByValWithThis):
        (JSC::DFG::SpeculativeJIT::compileParseInt):
        (JSC::DFG::SpeculativeJIT::compileInstanceOfForCells):
        (JSC::DFG::SpeculativeJIT::compileValueBitNot):
        (JSC::DFG::SpeculativeJIT::emitUntypedBitOp):
        (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
        (JSC::DFG::SpeculativeJIT::emitUntypedRightShiftBitOp):
        (JSC::DFG::SpeculativeJIT::compileValueLShiftOp):
        (JSC::DFG::SpeculativeJIT::compileValueBitRShift):
        (JSC::DFG::SpeculativeJIT::compileValueAdd):
        (JSC::DFG::SpeculativeJIT::compileValueSub):
        (JSC::DFG::SpeculativeJIT::compileMathIC):
        (JSC::DFG::SpeculativeJIT::compileInstanceOfCustom):
        (JSC::DFG::SpeculativeJIT::compileToObjectOrCallObjectConstructor):
        (JSC::DFG::SpeculativeJIT::compileArithAbs):
        (JSC::DFG::SpeculativeJIT::compileArithClz32):
        (JSC::DFG::SpeculativeJIT::compileArithDoubleUnaryOp):
        (JSC::DFG::SpeculativeJIT::compileValueMul):
        (JSC::DFG::SpeculativeJIT::compileValueDiv):
        (JSC::DFG::SpeculativeJIT::compileArithFRound):
        (JSC::DFG::SpeculativeJIT::compileValueMod):
        (JSC::DFG::SpeculativeJIT::compileArithRounding):
        (JSC::DFG::SpeculativeJIT::compileArithSqrt):
        (JSC::DFG::SpeculativeJIT::compileValuePow):
        (JSC::DFG::SpeculativeJIT::compileStringEquality):
        (JSC::DFG::SpeculativeJIT::compileStringCompare):
        (JSC::DFG::SpeculativeJIT::compileSameValue):
        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
        (JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
        (JSC::DFG::SpeculativeJIT::compileNewFunction):
        (JSC::DFG::SpeculativeJIT::compileSetFunctionName):
        (JSC::DFG::SpeculativeJIT::compileLoadVarargs):
        (JSC::DFG::SpeculativeJIT::compileCreateActivation):
        (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
        (JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
        (JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
        (JSC::DFG::SpeculativeJIT::compileCreateRest):
        (JSC::DFG::SpeculativeJIT::compileSpread):
        (JSC::DFG::SpeculativeJIT::compileNewArray):
        (JSC::DFG::SpeculativeJIT::compileNewArrayWithSpread):
        (JSC::DFG::SpeculativeJIT::compileArraySlice):
        (JSC::DFG::SpeculativeJIT::compileArrayIndexOf):
        (JSC::DFG::SpeculativeJIT::compileArrayPush):
        (JSC::DFG::SpeculativeJIT::compileNotifyWrite):
        (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
        (JSC::DFG::SpeculativeJIT::compileCallDOM):
        (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
        (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOrStringValueOf):
        (JSC::DFG::SpeculativeJIT::compileNumberToStringWithValidRadixConstant):
        (JSC::DFG::SpeculativeJIT::compileNumberToStringWithRadix):
        (JSC::DFG::SpeculativeJIT::compileNewStringObject):
        (JSC::DFG::SpeculativeJIT::compileNewSymbol):
        (JSC::DFG::SpeculativeJIT::compileNewTypedArrayWithSize):
        (JSC::DFG::SpeculativeJIT::compileNewRegexp):
        (JSC::DFG::SpeculativeJIT::emitSwitchImm):
        (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
        (JSC::DFG::SpeculativeJIT::emitSwitchChar):
        (JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
        (JSC::DFG::SpeculativeJIT::emitSwitchString):
        (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
        (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
        (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
        (JSC::DFG::SpeculativeJIT::compileResolveScope):
        (JSC::DFG::SpeculativeJIT::compileResolveScopeForHoistingFuncDeclInEval):
        (JSC::DFG::SpeculativeJIT::compileGetDynamicVar):
        (JSC::DFG::SpeculativeJIT::compilePutDynamicVar):
        (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
        (JSC::DFG::SpeculativeJIT::compileStringReplace):
        (JSC::DFG::SpeculativeJIT::compileDefineDataProperty):
        (JSC::DFG::SpeculativeJIT::compileDefineAccessorProperty):
        (JSC::DFG::SpeculativeJIT::compileThrow):
        (JSC::DFG::SpeculativeJIT::compileThrowStaticError):
        (JSC::DFG::SpeculativeJIT::compileHasGenericProperty):
        (JSC::DFG::SpeculativeJIT::compileToIndexString):
        (JSC::DFG::SpeculativeJIT::compilePutByIdWithThis):
        (JSC::DFG::SpeculativeJIT::compileHasStructureProperty):
        (JSC::DFG::SpeculativeJIT::compileGetPropertyEnumerator):
        (JSC::DFG::SpeculativeJIT::compileStrCat):
        (JSC::DFG::SpeculativeJIT::compileNewArrayBuffer):
        (JSC::DFG::SpeculativeJIT::compileNewArrayWithSize):
        (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
        (JSC::DFG::SpeculativeJIT::compileToThis):
        (JSC::DFG::SpeculativeJIT::compileObjectKeys):
        (JSC::DFG::SpeculativeJIT::compileObjectCreate):
        (JSC::DFG::SpeculativeJIT::compileCreateThis):
        (JSC::DFG::SpeculativeJIT::compileCreatePromise):
        (JSC::DFG::SpeculativeJIT::compileCreateInternalFieldObject):
        (JSC::DFG::SpeculativeJIT::compileNewObject):
        (JSC::DFG::SpeculativeJIT::compileNewPromise):
        (JSC::DFG::SpeculativeJIT::compileNewInternalFieldObject):
        (JSC::DFG::SpeculativeJIT::compileToPrimitive):
        (JSC::DFG::SpeculativeJIT::compileSetAdd):
        (JSC::DFG::SpeculativeJIT::compileMapSet):
        (JSC::DFG::SpeculativeJIT::compileWeakSetAdd):
        (JSC::DFG::SpeculativeJIT::compileWeakMapSet):
        (JSC::DFG::SpeculativeJIT::compileGetPrototypeOf):
        (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
        (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
        (JSC::DFG::SpeculativeJIT::compileGetDirectPname):
        (JSC::DFG::SpeculativeJIT::compileProfileType):
        (JSC::DFG::SpeculativeJIT::cachedPutById):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
        (JSC::DFG::SpeculativeJIT::compileBigIntEquality):
        (JSC::DFG::SpeculativeJIT::compileMakeRope):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
        (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::cachedGetById):
        (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitCall):
        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::cachedGetById):
        (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitCall):
        (JSC::DFG::SpeculativeJIT::compile):
        * dynbench.cpp:
        (main):
        * ftl/FTLCompile.cpp:
        (JSC::FTL::compile):
        * ftl/FTLGeneratedFunction.h:
        * ftl/FTLLink.cpp:
        (JSC::FTL::link):
        * ftl/FTLLowerDFGToB3.cpp:
        (JSC::FTL::DFG::LowerDFGToB3::lower):
        (JSC::FTL::DFG::LowerDFGToB3::compileToObjectOrCallObjectConstructor):
        (JSC::FTL::DFG::LowerDFGToB3::compileToThis):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
        (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
        (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
        (JSC::FTL::DFG::LowerDFGToB3::compileStrCat):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithClz32):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueDiv):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueMod):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithUnary):
        (JSC::FTL::DFG::LowerDFGToB3::compileValuePow):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithTrunc):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithSqrt):
        (JSC::FTL::DFG::LowerDFGToB3::compileArithFRound):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueBitNot):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueBitXor):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueBitRShift):
        (JSC::FTL::DFG::LowerDFGToB3::compileValueBitLShift):
        (JSC::FTL::DFG::LowerDFGToB3::compileArrayify):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetById):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetByValWithThis):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutByIdWithThis):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutByValWithThis):
        (JSC::FTL::DFG::LowerDFGToB3::compileAtomicsReadModifyWrite):
        (JSC::FTL::DFG::LowerDFGToB3::compileAtomicsIsLockFree):
        (JSC::FTL::DFG::LowerDFGToB3::compileDefineDataProperty):
        (JSC::FTL::DFG::LowerDFGToB3::compileDefineAccessorProperty):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutById):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetPrototypeOf):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutAccessorById):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutGetterSetterById):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutAccessorByVal):
        (JSC::FTL::DFG::LowerDFGToB3::compileDeleteById):
        (JSC::FTL::DFG::LowerDFGToB3::compileDeleteByVal):
        (JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
        (JSC::FTL::DFG::LowerDFGToB3::compileArrayIndexOf):
        (JSC::FTL::DFG::LowerDFGToB3::compileArrayPop):
        (JSC::FTL::DFG::LowerDFGToB3::compilePushWithScope):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreateScopedArguments):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreateClonedArguments):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreateRest):
        (JSC::FTL::DFG::LowerDFGToB3::compileObjectKeys):
        (JSC::FTL::DFG::LowerDFGToB3::compileObjectCreate):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewPromise):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewInternalFieldObject):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewSymbol):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewArray):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreateThis):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreatePromise):
        (JSC::FTL::DFG::LowerDFGToB3::compileCreateInternalFieldObject):
        (JSC::FTL::DFG::LowerDFGToB3::compileSpread):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayBuffer):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
        (JSC::FTL::DFG::LowerDFGToB3::compileToNumber):
        (JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructorOrStringValueOf):
        (JSC::FTL::DFG::LowerDFGToB3::compileToPrimitive):
        (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
        (JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
        (JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCode):
        (JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
        (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
        (JSC::FTL::DFG::LowerDFGToB3::compileSameValue):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
        (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
        (JSC::FTL::DFG::LowerDFGToB3::compileLoadVarargs):
        (JSC::FTL::DFG::LowerDFGToB3::compileSwitch):
        (JSC::FTL::DFG::LowerDFGToB3::compileThrow):
        (JSC::FTL::DFG::LowerDFGToB3::compileThrowStaticError):
        (JSC::FTL::DFG::LowerDFGToB3::mapHashString):
        (JSC::FTL::DFG::LowerDFGToB3::compileMapHash):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucket):
        (JSC::FTL::DFG::LowerDFGToB3::compileSetAdd):
        (JSC::FTL::DFG::LowerDFGToB3::compileMapSet):
        (JSC::FTL::DFG::LowerDFGToB3::compileWeakSetAdd):
        (JSC::FTL::DFG::LowerDFGToB3::compileWeakMapSet):
        (JSC::FTL::DFG::LowerDFGToB3::compileInByVal):
        (JSC::FTL::DFG::LowerDFGToB3::compileInById):
        (JSC::FTL::DFG::LowerDFGToB3::compileHasOwnProperty):
        (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
        (JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
        (JSC::FTL::DFG::LowerDFGToB3::compileInstanceOfCustom):
        (JSC::FTL::DFG::LowerDFGToB3::compileHasIndexedProperty):
        (JSC::FTL::DFG::LowerDFGToB3::compileHasGenericProperty):
        (JSC::FTL::DFG::LowerDFGToB3::compileHasStructureProperty):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetDirectPname):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetPropertyEnumerator):
        (JSC::FTL::DFG::LowerDFGToB3::compileToIndexString):
        (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
        (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
        (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
        (JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
        (JSC::FTL::DFG::LowerDFGToB3::compileRegExpExecNonGlobalOrSticky):
        (JSC::FTL::DFG::LowerDFGToB3::compileRegExpMatchFastGlobal):
        (JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
        (JSC::FTL::DFG::LowerDFGToB3::compileRegExpMatchFast):
        (JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
        (JSC::FTL::DFG::LowerDFGToB3::compileSetFunctionName):
        (JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
        (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
        (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
        (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
        (JSC::FTL::DFG::LowerDFGToB3::getById):
        (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
        (JSC::FTL::DFG::LowerDFGToB3::compare):
        (JSC::FTL::DFG::LowerDFGToB3::compileStringSlice):
        (JSC::FTL::DFG::LowerDFGToB3::compileToLowerCase):
        (JSC::FTL::DFG::LowerDFGToB3::compileNumberToStringWithRadix):
        (JSC::FTL::DFG::LowerDFGToB3::compileNumberToStringWithValidRadixConstant):
        (JSC::FTL::DFG::LowerDFGToB3::compileResolveScopeForHoistingFuncDeclInEval):
        (JSC::FTL::DFG::LowerDFGToB3::compileResolveScope):
        (JSC::FTL::DFG::LowerDFGToB3::compileGetDynamicVar):
        (JSC::FTL::DFG::LowerDFGToB3::compilePutDynamicVar):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):
        (JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
        (JSC::FTL::DFG::LowerDFGToB3::nonSpeculativeCompare):
        (JSC::FTL::DFG::LowerDFGToB3::stringsEqual):
        (JSC::FTL::DFG::LowerDFGToB3::emitBinarySnippet):
        (JSC::FTL::DFG::LowerDFGToB3::emitBinaryBitOpSnippet):
        (JSC::FTL::DFG::LowerDFGToB3::emitRightShiftSnippet):
        (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
        (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
        (JSC::FTL::DFG::LowerDFGToB3::ensureShadowChickenPacket):
        (JSC::FTL::DFG::LowerDFGToB3::contiguousPutByValOutOfBounds):
        (JSC::FTL::DFG::LowerDFGToB3::switchStringSlow):
        (JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
        (JSC::FTL::DFG::LowerDFGToB3::callCheck):
        * ftl/FTLOSREntry.cpp:
        (JSC::FTL::prepareOSREntry):
        * ftl/FTLOSREntry.h:
        * ftl/FTLOSRExitCompiler.cpp:
        (JSC::FTL::compileStub):
        (JSC::FTL::compileFTLOSRExit):
        * ftl/FTLOSRExitCompiler.h:
        * ftl/FTLOperations.cpp:
        (JSC::FTL::operationPopulateObjectInOSR):
        (JSC::FTL::operationMaterializeObjectInOSR):
        (JSC::FTL::compileFTLLazySlowPath):
        * ftl/FTLOperations.h:
        * ftl/FTLSlowPathCall.h:
        (JSC::FTL::callOperation):
        * generator/Metadata.rb:
        * heap/Handle.h:
        * heap/HeapCell.h:
        * heap/HeapSnapshotBuilder.cpp:
        (JSC::HeapSnapshotBuilder::json):
        * inspector/ConsoleMessage.cpp:
        (Inspector::ConsoleMessage::ConsoleMessage):
        (Inspector::ConsoleMessage::autogenerateMetadata):
        (Inspector::ConsoleMessage::addToFrontend):
        (Inspector::ConsoleMessage::globalObject const):
        (Inspector::ConsoleMessage::scriptState const): Deleted.
        * inspector/ConsoleMessage.h:
        * inspector/InjectedScript.cpp:
        (Inspector::InjectedScript::wrapCallFrames const):
        (Inspector::InjectedScript::wrapObject const):
        (Inspector::InjectedScript::wrapJSONString const):
        (Inspector::InjectedScript::wrapTable const):
        (Inspector::InjectedScript::previewValue const):
        (Inspector::InjectedScript::arrayFromVector):
        * inspector/InjectedScriptBase.cpp:
        (Inspector::InjectedScriptBase::hasAccessToInspectedScriptState const):
        (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled const):
        (Inspector::InjectedScriptBase::makeCall):
        (Inspector::InjectedScriptBase::makeAsyncCall):
        * inspector/InjectedScriptBase.h:
        * inspector/InjectedScriptHost.cpp:
        (Inspector::InjectedScriptHost::wrapper):
        * inspector/InjectedScriptHost.h:
        * inspector/InjectedScriptManager.cpp:
        (Inspector::InjectedScriptManager::injectedScriptIdFor):
        (Inspector::InjectedScriptManager::createInjectedScript):
        (Inspector::InjectedScriptManager::injectedScriptFor):
        * inspector/InjectedScriptManager.h:
        * inspector/InjectedScriptModule.cpp:
        (Inspector::InjectedScriptModule::ensureInjected):
        * inspector/InjectedScriptModule.h:
        * inspector/InspectorEnvironment.h:
        * inspector/JSGlobalObjectConsoleClient.cpp:
        (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
        (Inspector::JSGlobalObjectConsoleClient::count):
        (Inspector::JSGlobalObjectConsoleClient::countReset):
        (Inspector::JSGlobalObjectConsoleClient::profile):
        (Inspector::JSGlobalObjectConsoleClient::profileEnd):
        (Inspector::JSGlobalObjectConsoleClient::takeHeapSnapshot):
        (Inspector::JSGlobalObjectConsoleClient::time):
        (Inspector::JSGlobalObjectConsoleClient::timeLog):
        (Inspector::JSGlobalObjectConsoleClient::timeEnd):
        (Inspector::JSGlobalObjectConsoleClient::timeStamp):
        (Inspector::JSGlobalObjectConsoleClient::record):
        (Inspector::JSGlobalObjectConsoleClient::recordEnd):
        (Inspector::JSGlobalObjectConsoleClient::screenshot):
        * inspector/JSGlobalObjectConsoleClient.h:
        * inspector/JSGlobalObjectInspectorController.cpp:
        (Inspector::JSGlobalObjectInspectorController::reportAPIException):
        * inspector/JSGlobalObjectInspectorController.h:
        * inspector/JSGlobalObjectScriptDebugServer.h:
        * inspector/JSInjectedScriptHost.cpp:
        (Inspector::JSInjectedScriptHost::evaluate const):
        (Inspector::JSInjectedScriptHost::savedResultAlias const):
        (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
        (Inspector::JSInjectedScriptHost::internalConstructorName):
        (Inspector::JSInjectedScriptHost::isHTMLAllCollection):
        (Inspector::JSInjectedScriptHost::isPromiseRejectedWithNativeGetterTypeError):
        (Inspector::JSInjectedScriptHost::subtype):
        (Inspector::JSInjectedScriptHost::functionDetails):
        (Inspector::constructInternalProperty):
        (Inspector::JSInjectedScriptHost::getInternalProperties):
        (Inspector::JSInjectedScriptHost::proxyTargetValue):
        (Inspector::JSInjectedScriptHost::weakMapSize):
        (Inspector::JSInjectedScriptHost::weakMapEntries):
        (Inspector::JSInjectedScriptHost::weakSetSize):
        (Inspector::JSInjectedScriptHost::weakSetEntries):
        (Inspector::cloneArrayIteratorObject):
        (Inspector::cloneMapIteratorObject):
        (Inspector::cloneSetIteratorObject):
        (Inspector::JSInjectedScriptHost::iteratorEntries):
        (Inspector::checkForbiddenPrototype):
        (Inspector::JSInjectedScriptHost::queryInstances):
        (Inspector::JSInjectedScriptHost::queryHolders):
        * inspector/JSInjectedScriptHost.h:
        * inspector/JSInjectedScriptHostPrototype.cpp:
        (Inspector::jsInjectedScriptHostPrototypeAttributeEvaluate):
        (Inspector::jsInjectedScriptHostPrototypeAttributeSavedResultAlias):
        (Inspector::jsInjectedScriptHostPrototypeFunctionInternalConstructorName):
        (Inspector::jsInjectedScriptHostPrototypeFunctionIsHTMLAllCollection):
        (Inspector::jsInjectedScriptHostPrototypeFunctionIsPromiseRejectedWithNativeGetterTypeError):
        (Inspector::jsInjectedScriptHostPrototypeFunctionProxyTargetValue):
        (Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapSize):
        (Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapEntries):
        (Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetSize):
        (Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetEntries):
        (Inspector::jsInjectedScriptHostPrototypeFunctionIteratorEntries):
        (Inspector::jsInjectedScriptHostPrototypeFunctionQueryInstances):
        (Inspector::jsInjectedScriptHostPrototypeFunctionQueryHolders):
        (Inspector::jsInjectedScriptHostPrototypeFunctionEvaluateWithScopeExtension):
        (Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
        (Inspector::jsInjectedScriptHostPrototypeFunctionFunctionDetails):
        (Inspector::jsInjectedScriptHostPrototypeFunctionGetInternalProperties):
        * inspector/JSJavaScriptCallFrame.cpp:
        (Inspector::JSJavaScriptCallFrame::evaluateWithScopeExtension):
        (Inspector::valueForScopeLocation):
        (Inspector::JSJavaScriptCallFrame::scopeDescriptions):
        (Inspector::JSJavaScriptCallFrame::caller const):
        (Inspector::JSJavaScriptCallFrame::sourceID const):
        (Inspector::JSJavaScriptCallFrame::line const):
        (Inspector::JSJavaScriptCallFrame::column const):
        (Inspector::JSJavaScriptCallFrame::functionName const):
        (Inspector::JSJavaScriptCallFrame::scopeChain const):
        (Inspector::JSJavaScriptCallFrame::thisObject const):
        (Inspector::JSJavaScriptCallFrame::isTailDeleted const):
        (Inspector::JSJavaScriptCallFrame::type const):
        (Inspector::toJS):
        * inspector/JSJavaScriptCallFrame.h:
        * inspector/JSJavaScriptCallFramePrototype.cpp:
        (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluateWithScopeExtension):
        (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeDescriptions):
        (Inspector::jsJavaScriptCallFrameAttributeCaller):
        (Inspector::jsJavaScriptCallFrameAttributeSourceID):
        (Inspector::jsJavaScriptCallFrameAttributeLine):
        (Inspector::jsJavaScriptCallFrameAttributeColumn):
        (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
        (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
        (Inspector::jsJavaScriptCallFrameAttributeThisObject):
        (Inspector::jsJavaScriptCallFrameAttributeType):
        (Inspector::jsJavaScriptCallFrameIsTailDeleted):
        * inspector/JavaScriptCallFrame.h:
        (Inspector::JavaScriptCallFrame::deprecatedVMEntryGlobalObject const):
        (Inspector::JavaScriptCallFrame::vmEntryGlobalObject const): Deleted.
        * inspector/ScriptArguments.cpp:
        (Inspector::ScriptArguments::create):
        (Inspector::ScriptArguments::ScriptArguments):
        (Inspector::ScriptArguments::globalObject const):
        (Inspector::ScriptArguments::getFirstArgumentAsString const):
        (Inspector::ScriptArguments::isEqual const):
        (Inspector::ScriptArguments::globalState const): Deleted.
        * inspector/ScriptArguments.h:
        * inspector/ScriptCallStackFactory.cpp:
        (Inspector::createScriptCallStack):
        (Inspector::createScriptCallStackForConsole):
        (Inspector::extractSourceInformationFromException):
        (Inspector::createScriptCallStackFromException):
        (Inspector::createScriptArguments):
        * inspector/ScriptCallStackFactory.h:
        * inspector/ScriptDebugListener.h:
        * inspector/ScriptDebugServer.cpp:
        (Inspector::ScriptDebugServer::evaluateBreakpointAction):
        (Inspector::ScriptDebugServer::sourceParsed):
        (Inspector::ScriptDebugServer::handleExceptionInBreakpointCondition const):
        (Inspector::ScriptDebugServer::handlePause):
        (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
        * inspector/ScriptDebugServer.h:
        * inspector/agents/InspectorAuditAgent.cpp:
        (Inspector::InspectorAuditAgent::setup):
        (Inspector::InspectorAuditAgent::populateAuditObject):
        * inspector/agents/InspectorAuditAgent.h:
        * inspector/agents/InspectorConsoleAgent.cpp:
        (Inspector::InspectorConsoleAgent::startTiming):
        (Inspector::InspectorConsoleAgent::logTiming):
        (Inspector::InspectorConsoleAgent::stopTiming):
        (Inspector::InspectorConsoleAgent::count):
        (Inspector::InspectorConsoleAgent::countReset):
        * inspector/agents/InspectorConsoleAgent.h:
        * inspector/agents/InspectorDebuggerAgent.cpp:
        (Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
        (Inspector::InspectorDebuggerAgent::resume):
        (Inspector::InspectorDebuggerAgent::didPause):
        (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
        (Inspector::InspectorDebuggerAgent::didContinue):
        (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
        (Inspector::InspectorDebuggerAgent::assertPaused):
        * inspector/agents/InspectorDebuggerAgent.h:
        * inspector/agents/InspectorHeapAgent.cpp:
        (Inspector::InspectorHeapAgent::snapshot):
        (Inspector::InspectorHeapAgent::getPreview):
        (Inspector::InspectorHeapAgent::getRemoteObject):
        * inspector/agents/JSGlobalObjectAuditAgent.cpp:
        (Inspector::JSGlobalObjectAuditAgent::injectedScriptForEval):
        * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
        (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
        (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
        * inspector/agents/JSGlobalObjectDebuggerAgent.h:
        * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
        (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
        * interpreter/AbstractPC.cpp:
        (JSC::AbstractPC::AbstractPC):
        * interpreter/AbstractPC.h:
        * interpreter/CachedCall.h:
        (JSC::CachedCall::CachedCall):
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::initDeprecatedCallFrameForDebugger):
        (JSC::CallFrame::wasmAwareLexicalGlobalObject):
        (JSC::CallFrame::convertToStackOverflowFrame):
        (JSC::ExecState::initGlobalExec): Deleted.
        * interpreter/CallFrame.h:
        (JSC::CallFrame::isDeprecatedCallFrameForDebugger const):
        (JSC::CallFrame::isGlobalExec const): Deleted.
        * interpreter/Interpreter.cpp:
        (JSC::eval):
        (JSC::sizeOfVarargs):
        (JSC::sizeFrameForForwardArguments):
        (JSC::sizeFrameForVarargs):
        (JSC::loadVarargs):
        (JSC::setupVarargsFrame):
        (JSC::setupVarargsFrameAndSetThis):
        (JSC::setupForwardArgumentsFrame):
        (JSC::setupForwardArgumentsFrameAndSetThis):
        (JSC::notifyDebuggerOfUnwinding):
        (JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
        (JSC::Interpreter::executeProgram):
        (JSC::Interpreter::executeCall):
        (JSC::Interpreter::executeConstruct):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::executeModuleProgram):
        (JSC::Interpreter::debug):
        * interpreter/Interpreter.h:
        * interpreter/InterpreterInlines.h:
        (JSC::Interpreter::execute):
        * interpreter/Register.h:
        * interpreter/ShadowChicken.cpp:
        (JSC::ShadowChicken::log):
        (JSC::ShadowChicken::update):
        (JSC::ShadowChicken::functionsOnStack):
        * interpreter/ShadowChicken.h:
        * interpreter/ShadowChickenInlines.h:
        (JSC::ShadowChicken::iterate):
        * interpreter/StackVisitor.cpp:
        (JSC::StackVisitor::Frame::createArguments):
        * interpreter/StackVisitor.h:
        * jit/AssemblyHelpers.cpp:
        (JSC::AssemblyHelpers::emitDumbVirtualCall):
        * jit/AssemblyHelpers.h:
        * jit/CCallHelpers.cpp:
        (JSC::CCallHelpers::ensureShadowChickenPacket):
        * jit/CCallHelpers.h:
        (JSC::CCallHelpers::prepareCallOperation):
        (JSC::CCallHelpers::setupArguments):
        * jit/HostCallReturnValue.cpp:
        (JSC::getHostCallReturnValueWithExecState):
        * jit/HostCallReturnValue.h:
        (JSC::initializeHostCallReturnValue):
        * jit/JIT.cpp:
        (JSC::JIT::emitEnterOptimizationCheck):
        (JSC::JIT::compileWithoutLinking):
        (JSC::JIT::privateCompileExceptionHandlers):
        * jit/JIT.h:
        * jit/JITArithmetic.cpp:
        (JSC::JIT::emit_compareAndJumpSlow):
        (JSC::JIT::emitMathICFast):
        (JSC::JIT::emitMathICSlow):
        * jit/JITArithmetic32_64.cpp:
        (JSC::JIT::emit_compareAndJumpSlow):
        * jit/JITCall.cpp:
        (JSC::JIT::compileSetupFrame):
        (JSC::JIT::compileCallEval):
        (JSC::JIT::compileCallEvalSlowCase):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::compileCallEval):
        (JSC::JIT::compileCallEvalSlowCase):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITExceptions.cpp:
        (JSC::genericUnwind):
        * jit/JITExceptions.h:
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emitSlow_op_new_object):
        (JSC::JIT::emitSlow_op_instanceof):
        (JSC::JIT::emit_op_set_function_name):
        (JSC::JIT::emit_op_throw):
        (JSC::JIT::emitSlow_op_jstricteq):
        (JSC::JIT::emitSlow_op_jnstricteq):
        (JSC::JIT::emit_op_catch):
        (JSC::JIT::emit_op_switch_imm):
        (JSC::JIT::emit_op_switch_char):
        (JSC::JIT::emit_op_switch_string):
        (JSC::JIT::emit_op_debug):
        (JSC::JIT::emitSlow_op_eq):
        (JSC::JIT::emitSlow_op_neq):
        (JSC::JIT::emitSlow_op_jeq):
        (JSC::JIT::emitSlow_op_jneq):
        (JSC::JIT::emitSlow_op_instanceof_custom):
        (JSC::JIT::emitSlow_op_loop_hint):
        (JSC::JIT::emitSlow_op_check_traps):
        (JSC::JIT::emit_op_new_regexp):
        (JSC::JIT::emitNewFuncCommon):
        (JSC::JIT::emitNewFuncExprCommon):
        (JSC::JIT::emit_op_new_array):
        (JSC::JIT::emit_op_new_array_with_size):
        (JSC::JIT::emitSlow_op_has_indexed_property):
        (JSC::JIT::emit_op_profile_type):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emitSlow_op_new_object):
        (JSC::JIT::emit_op_catch):
        (JSC::JIT::emit_op_switch_imm):
        (JSC::JIT::emit_op_debug):
        (JSC::JIT::emit_op_profile_type):
        * jit/JITOperations.cpp:
        (JSC::newFunctionCommon):
        (JSC::getByVal):
        (JSC::tryGetByValOptimize):
        (JSC::operationNewFunctionCommon): Deleted.
        * jit/JITOperations.h:
        * jit/JITOperationsMSVC64.cpp:
        (JSC::getHostCallReturnValueWithExecState):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emitGetByValWithCachedId):
        (JSC::JIT::emitSlow_op_get_by_val):
        (JSC::JIT::emitPutByValWithCachedId):
        (JSC::JIT::emitSlow_op_put_by_val):
        (JSC::JIT::emit_op_put_getter_by_id):
        (JSC::JIT::emit_op_put_setter_by_id):
        (JSC::JIT::emit_op_put_getter_setter_by_id):
        (JSC::JIT::emit_op_put_getter_by_val):
        (JSC::JIT::emit_op_put_setter_by_val):
        (JSC::JIT::emit_op_del_by_id):
        (JSC::JIT::emit_op_del_by_val):
        (JSC::JIT::emitSlow_op_try_get_by_id):
        (JSC::JIT::emitSlow_op_get_by_id_direct):
        (JSC::JIT::emitSlow_op_get_by_id):
        (JSC::JIT::emitSlow_op_get_by_id_with_this):
        (JSC::JIT::emitSlow_op_put_by_id):
        (JSC::JIT::emitSlow_op_in_by_id):
        (JSC::JIT::emitSlow_op_get_from_scope):
        (JSC::JIT::emitSlow_op_put_to_scope):
        (JSC::JIT::emitWriteBarrier):
        * jit/PolymorphicCallStubRoutine.cpp:
        (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
        * jit/PolymorphicCallStubRoutine.h:
        * jit/Repatch.cpp:
        (JSC::forceICFailure):
        (JSC::tryCacheGetByID):
        (JSC::repatchGetByID):
        (JSC::tryCachePutByID):
        (JSC::repatchPutByID):
        (JSC::tryCacheInByID):
        (JSC::repatchInByID):
        (JSC::tryCacheInstanceOf):
        (JSC::repatchInstanceOf):
        (JSC::linkFor):
        (JSC::linkDirectFor):
        (JSC::linkSlowFor):
        (JSC::linkVirtualFor):
        (JSC::linkPolymorphicCall):
        * jit/Repatch.h:
        * jit/SnippetSlowPathCalls.h:
        * jit/ThunkGenerators.cpp:
        (JSC::throwExceptionFromCallSlowPathGenerator):
        (JSC::slowPathFor):
        (JSC::nativeForGenerator):
        (JSC::boundThisNoArgsFunctionCallGenerator):
        * jit/ThunkGenerators.h:
        * jsc.cpp:
        (GlobalObject::finishCreation):
        (GlobalObject::moduleLoaderImportModule):
        (GlobalObject::moduleLoaderResolve):
        (GlobalObject::moduleLoaderFetch):
        (GlobalObject::moduleLoaderCreateImportMetaProperties):
        (cStringFromViewWithString):
        (printInternal):
        (functionPrintStdOut):
        (functionPrintStdErr):
        (functionDebug):
        (functionSleepSeconds):
        (functionRun):
        (functionRunString):
        (functionLoad):
        (functionLoadString):
        (functionReadFile):
        (functionCheckSyntax):
        (functionSetSamplingFlags):
        (functionClearSamplingFlags):
        (functionSetRandomSeed):
        (functionNeverInlineFunction):
        (functionNoDFG):
        (functionNoOSRExitFuzzing):
        (functionOptimizeNextInvocation):
        (functionNumberOfDFGCompiles):
        (functionCallerIsOMGCompiled):
        (functionDollarEvalScript):
        (functionDollarAgentStart):
        (functionDollarAgentReceiveBroadcast):
        (functionDollarAgentReport):
        (functionDollarAgentSleep):
        (functionDollarAgentBroadcast):
        (functionFlashHeapAccess):
        (functionJSCOptions):
        (functionTransferArrayBuffer):
        (functionCheckModuleSyntax):
        (functionGenerateHeapSnapshot):
        (functionSamplingProfilerStackTraces):
        (functionAsyncTestStart):
        (functionWebAssemblyMemoryMode):
        (functionSetUnhandledRejectionCallback):
        (dumpException):
        (checkUncaughtException):
        (checkException):
        (runWithOptions):
        (runInteractive):
        * llint/LLIntExceptions.cpp:
        (JSC::LLInt::returnToThrow):
        (JSC::LLInt::callToThrow):
        * llint/LLIntExceptions.h:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::getNonConstantOperand):
        (JSC::LLInt::getOperand):
        (JSC::LLInt::llint_trace_operand):
        (JSC::LLInt::llint_trace_value):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        (JSC::LLInt::traceFunctionPrologue):
        (JSC::LLInt::jitCompileAndSetHeuristics):
        (JSC::LLInt::entryOSR):
        (JSC::LLInt::setupGetByIdPrototypeCache):
        (JSC::LLInt::getByVal):
        (JSC::LLInt::handleHostCall):
        (JSC::LLInt::setUpCall):
        (JSC::LLInt::genericCall):
        (JSC::LLInt::varargsSetup):
        (JSC::LLInt::commonCallEval):
        (JSC::LLInt::llint_throw_stack_overflow_error):
        (JSC::LLInt::llint_write_barrier_slow):
        * llint/LLIntSlowPaths.h:
        * llint/LowLevelInterpreter.asm:
        * llint/LowLevelInterpreter.cpp:
        (JSC::CLoopRegister::operator CallFrame*):
        (JSC::CLoopRegister::operator ExecState*): Deleted.
        * parser/ModuleAnalyzer.cpp:
        (JSC::ModuleAnalyzer::ModuleAnalyzer):
        * parser/ModuleAnalyzer.h:
        * parser/ParserError.h:
        (JSC::ParserError::toErrorObject):
        * profiler/ProfilerBytecode.cpp:
        (JSC::Profiler::Bytecode::toJS const):
        * profiler/ProfilerBytecode.h:
        * profiler/ProfilerBytecodeSequence.cpp:
        (JSC::Profiler::BytecodeSequence::addSequenceProperties const):
        * profiler/ProfilerBytecodeSequence.h:
        * profiler/ProfilerBytecodes.cpp:
        (JSC::Profiler::Bytecodes::toJS const):
        * profiler/ProfilerBytecodes.h:
        * profiler/ProfilerCompilation.cpp:
        (JSC::Profiler::Compilation::toJS const):
        * profiler/ProfilerCompilation.h:
        * profiler/ProfilerCompiledBytecode.cpp:
        (JSC::Profiler::CompiledBytecode::toJS const):
        * profiler/ProfilerCompiledBytecode.h:
        * profiler/ProfilerDatabase.cpp:
        (JSC::Profiler::Database::toJS const):
        (JSC::Profiler::Database::toJSON const):
        * profiler/ProfilerDatabase.h:
        * profiler/ProfilerEvent.cpp:
        (JSC::Profiler::Event::toJS const):
        * profiler/ProfilerEvent.h:
        * profiler/ProfilerOSRExit.cpp:
        (JSC::Profiler::OSRExit::toJS const):
        * profiler/ProfilerOSRExit.h:
        * profiler/ProfilerOSRExitSite.cpp:
        (JSC::Profiler::OSRExitSite::toJS const):
        * profiler/ProfilerOSRExitSite.h:
        * profiler/ProfilerOrigin.cpp:
        (JSC::Profiler::Origin::toJS const):
        * profiler/ProfilerOrigin.h:
        * profiler/ProfilerOriginStack.cpp:
        (JSC::Profiler::OriginStack::toJS const):
        * profiler/ProfilerOriginStack.h:
        * profiler/ProfilerProfiledBytecodes.cpp:
        (JSC::Profiler::ProfiledBytecodes::toJS const):
        * profiler/ProfilerProfiledBytecodes.h:
        * profiler/ProfilerUID.cpp:
        (JSC::Profiler::UID::toJS const):
        * profiler/ProfilerUID.h:
        * runtime/AbstractModuleRecord.cpp:
        (JSC::AbstractModuleRecord::finishCreation):
        (JSC::AbstractModuleRecord::hostResolveImportedModule):
        (JSC::AbstractModuleRecord::resolveImport):
        (JSC::AbstractModuleRecord::resolveExportImpl):
        (JSC::AbstractModuleRecord::resolveExport):
        (JSC::getExportedNames):
        (JSC::AbstractModuleRecord::getModuleNamespace):
        (JSC::AbstractModuleRecord::link):
        (JSC::AbstractModuleRecord::evaluate):
        * runtime/AbstractModuleRecord.h:
        * runtime/ArgList.h:
        (JSC::ArgList::ArgList):
        * runtime/ArrayBufferView.h:
        * runtime/ArrayConstructor.cpp:
        (JSC::constructArrayWithSizeQuirk):
        (JSC::constructWithArrayConstructor):
        (JSC::callArrayConstructor):
        (JSC::isArraySlowInline):
        (JSC::isArraySlow):
        (JSC::arrayConstructorPrivateFuncIsArraySlow):
        * runtime/ArrayConstructor.h:
        (JSC::isArray):
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::finishCreation):
        (JSC::getProperty):
        (JSC::putLength):
        (JSC::setLength):
        (JSC::speciesWatchpointIsValid):
        (JSC::arrayProtoFuncSpeciesCreate):
        (JSC::argumentClampedIndexFromStartOrEnd):
        (JSC::shift):
        (JSC::unshift):
        (JSC::fastJoin):
        (JSC::arrayProtoFuncToString):
        (JSC::arrayProtoFuncToLocaleString):
        (JSC::slowJoin):
        (JSC::arrayProtoFuncJoin):
        (JSC::arrayProtoFuncPop):
        (JSC::arrayProtoFuncPush):
        (JSC::arrayProtoFuncReverse):
        (JSC::arrayProtoFuncShift):
        (JSC::arrayProtoFuncSlice):
        (JSC::arrayProtoFuncSplice):
        (JSC::arrayProtoFuncUnShift):
        (JSC::fastIndexOf):
        (JSC::arrayProtoFuncIndexOf):
        (JSC::arrayProtoFuncLastIndexOf):
        (JSC::moveElements):
        (JSC::concatAppendOne):
        (JSC::arrayProtoPrivateFuncConcatMemcpy):
        (JSC::arrayProtoPrivateFuncAppendMemcpy):
        * runtime/AsyncFunctionConstructor.cpp:
        (JSC::callAsyncFunctionConstructor):
        (JSC::constructAsyncFunctionConstructor):
        * runtime/AsyncGeneratorFunctionConstructor.cpp:
        (JSC::callAsyncGeneratorFunctionConstructor):
        (JSC::constructAsyncGeneratorFunctionConstructor):
        * runtime/AtomicsObject.cpp:
        (JSC::atomicsFuncAdd):
        (JSC::atomicsFuncAnd):
        (JSC::atomicsFuncCompareExchange):
        (JSC::atomicsFuncExchange):
        (JSC::atomicsFuncIsLockFree):
        (JSC::atomicsFuncLoad):
        (JSC::atomicsFuncOr):
        (JSC::atomicsFuncStore):
        (JSC::atomicsFuncSub):
        (JSC::atomicsFuncWait):
        (JSC::atomicsFuncWake):
        (JSC::atomicsFuncXor):
        (JSC::operationAtomicsAdd):
        (JSC::operationAtomicsAnd):
        (JSC::operationAtomicsCompareExchange):
        (JSC::operationAtomicsExchange):
        (JSC::operationAtomicsIsLockFree):
        (JSC::operationAtomicsLoad):
        (JSC::operationAtomicsOr):
        (JSC::operationAtomicsStore):
        (JSC::operationAtomicsSub):
        (JSC::operationAtomicsXor):
        * runtime/AtomicsObject.h:
        * runtime/BigIntConstructor.cpp:
        (JSC::toBigInt):
        (JSC::callBigIntConstructor):
        * runtime/BigIntObject.cpp:
        (JSC::BigIntObject::toStringName):
        (JSC::BigIntObject::defaultValue):
        * runtime/BigIntObject.h:
        * runtime/BigIntPrototype.cpp:
        (JSC::bigIntProtoFuncToStringImpl):
        (JSC::bigIntProtoFuncValueOf):
        * runtime/BooleanConstructor.cpp:
        (JSC::callBooleanConstructor):
        (JSC::constructWithBooleanConstructor):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanConstructor.h:
        * runtime/BooleanPrototype.cpp:
        (JSC::booleanProtoFuncToString):
        (JSC::booleanProtoFuncValueOf):
        * runtime/CallData.cpp:
        (JSC::call):
        (JSC::profiledCall):
        * runtime/CallData.h:
        * runtime/ClassInfo.h:
        * runtime/ClonedArguments.cpp:
        (JSC::ClonedArguments::createEmpty):
        (JSC::ClonedArguments::createWithInlineFrame):
        (JSC::ClonedArguments::createWithMachineFrame):
        (JSC::ClonedArguments::createByCopyingFrom):
        (JSC::ClonedArguments::getOwnPropertySlot):
        (JSC::ClonedArguments::getOwnPropertyNames):
        (JSC::ClonedArguments::put):
        (JSC::ClonedArguments::deleteProperty):
        (JSC::ClonedArguments::defineOwnProperty):
        (JSC::ClonedArguments::materializeSpecials):
        (JSC::ClonedArguments::materializeSpecialsIfNecessary):
        * runtime/ClonedArguments.h:
        * runtime/CommonSlowPaths.cpp:
        (JSC::throwArityCheckStackOverflowError):
        (JSC::SLOW_PATH_DECL):
        (JSC::createInternalFieldObject):
        (JSC::updateArithProfileForBinaryArithOp):
        * runtime/CommonSlowPaths.h:
        (JSC::CommonSlowPaths::codeBlockFromCallFrameCallee):
        (JSC::CommonSlowPaths::arityCheckFor):
        (JSC::CommonSlowPaths::opInByVal):
        (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
        (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
        (JSC::CommonSlowPaths::putDirectWithReify):
        (JSC::CommonSlowPaths::putDirectAccessorWithReify):
        * runtime/Completion.cpp:
        (JSC::checkSyntax):
        (JSC::checkModuleSyntax):
        (JSC::evaluate):
        (JSC::profiledEvaluate):
        (JSC::evaluateWithScopeExtension):
        (JSC::rejectPromise):
        (JSC::loadAndEvaluateModule):
        (JSC::loadModule):
        (JSC::linkAndEvaluateModule):
        (JSC::importModule):
        * runtime/Completion.h:
        (JSC::evaluate):
        (JSC::profiledEvaluate):
        * runtime/ConsoleClient.cpp:
        (JSC::ConsoleClient::printConsoleMessageWithArguments):
        (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
        (JSC::ConsoleClient::logWithLevel):
        (JSC::ConsoleClient::clear):
        (JSC::ConsoleClient::dir):
        (JSC::ConsoleClient::dirXML):
        (JSC::ConsoleClient::table):
        (JSC::ConsoleClient::trace):
        (JSC::ConsoleClient::assertion):
        (JSC::ConsoleClient::group):
        (JSC::ConsoleClient::groupCollapsed):
        (JSC::ConsoleClient::groupEnd):
        * runtime/ConsoleClient.h:
        * runtime/ConsoleObject.cpp:
        (JSC::valueOrDefaultLabelString):
        (JSC::valueToStringWithUndefinedOrNullCheck):
        (JSC::consoleLogWithLevel):
        (JSC::consoleProtoFuncDebug):
        (JSC::consoleProtoFuncError):
        (JSC::consoleProtoFuncLog):
        (JSC::consoleProtoFuncInfo):
        (JSC::consoleProtoFuncWarn):
        (JSC::consoleProtoFuncClear):
        (JSC::consoleProtoFuncDir):
        (JSC::consoleProtoFuncDirXML):
        (JSC::consoleProtoFuncTable):
        (JSC::consoleProtoFuncTrace):
        (JSC::consoleProtoFuncAssert):
        (JSC::consoleProtoFuncCount):
        (JSC::consoleProtoFuncCountReset):
        (JSC::consoleProtoFuncProfile):
        (JSC::consoleProtoFuncProfileEnd):
        (JSC::consoleProtoFuncTakeHeapSnapshot):
        (JSC::consoleProtoFuncTime):
        (JSC::consoleProtoFuncTimeLog):
        (JSC::consoleProtoFuncTimeEnd):
        (JSC::consoleProtoFuncTimeStamp):
        (JSC::consoleProtoFuncGroup):
        (JSC::consoleProtoFuncGroupCollapsed):
        (JSC::consoleProtoFuncGroupEnd):
        (JSC::consoleProtoFuncRecord):
        (JSC::consoleProtoFuncRecordEnd):
        (JSC::consoleProtoFuncScreenshot):
        * runtime/ConstructData.cpp:
        (JSC::construct):
        (JSC::profiledConstruct):
        * runtime/ConstructData.h:
        (JSC::construct):
        (JSC::profiledConstruct):
        * runtime/CustomGetterSetter.cpp:
        (JSC::callCustomSetter):
        * runtime/CustomGetterSetter.h:
        * runtime/DataView.cpp:
        (JSC::DataView::wrap):
        * runtime/DataView.h:
        * runtime/DateConstructor.cpp:
        (JSC::millisecondsFromComponents):
        (JSC::constructDate):
        (JSC::constructWithDateConstructor):
        (JSC::dateParse):
        (JSC::dateUTC):
        * runtime/DateConstructor.h:
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::calculateGregorianDateTime const):
        (JSC::DateInstance::calculateGregorianDateTimeUTC const):
        * runtime/DateInstance.h:
        * runtime/DatePrototype.cpp:
        (JSC::formatLocaleDate):
        (JSC::formateDateInstance):
        (JSC::fillStructuresUsingTimeArgs):
        (JSC::fillStructuresUsingDateArgs):
        (JSC::dateProtoFuncToString):
        (JSC::dateProtoFuncToUTCString):
        (JSC::dateProtoFuncToISOString):
        (JSC::dateProtoFuncToDateString):
        (JSC::dateProtoFuncToTimeString):
        (JSC::dateProtoFuncToLocaleString):
        (JSC::dateProtoFuncToLocaleDateString):
        (JSC::dateProtoFuncToLocaleTimeString):
        (JSC::dateProtoFuncToPrimitiveSymbol):
        (JSC::dateProtoFuncGetTime):
        (JSC::dateProtoFuncGetFullYear):
        (JSC::dateProtoFuncGetUTCFullYear):
        (JSC::dateProtoFuncGetMonth):
        (JSC::dateProtoFuncGetUTCMonth):
        (JSC::dateProtoFuncGetDate):
        (JSC::dateProtoFuncGetUTCDate):
        (JSC::dateProtoFuncGetDay):
        (JSC::dateProtoFuncGetUTCDay):
        (JSC::dateProtoFuncGetHours):
        (JSC::dateProtoFuncGetUTCHours):
        (JSC::dateProtoFuncGetMinutes):
        (JSC::dateProtoFuncGetUTCMinutes):
        (JSC::dateProtoFuncGetSeconds):
        (JSC::dateProtoFuncGetUTCSeconds):
        (JSC::dateProtoFuncGetMilliSeconds):
        (JSC::dateProtoFuncGetUTCMilliseconds):
        (JSC::dateProtoFuncGetTimezoneOffset):
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetMilliSeconds):
        (JSC::dateProtoFuncSetUTCMilliseconds):
        (JSC::dateProtoFuncSetSeconds):
        (JSC::dateProtoFuncSetUTCSeconds):
        (JSC::dateProtoFuncSetMinutes):
        (JSC::dateProtoFuncSetUTCMinutes):
        (JSC::dateProtoFuncSetHours):
        (JSC::dateProtoFuncSetUTCHours):
        (JSC::dateProtoFuncSetDate):
        (JSC::dateProtoFuncSetUTCDate):
        (JSC::dateProtoFuncSetMonth):
        (JSC::dateProtoFuncSetUTCMonth):
        (JSC::dateProtoFuncSetFullYear):
        (JSC::dateProtoFuncSetUTCFullYear):
        (JSC::dateProtoFuncSetYear):
        (JSC::dateProtoFuncGetYear):
        (JSC::dateProtoFuncToJSON):
        * runtime/DirectArguments.cpp:
        (JSC::DirectArguments::createByCopying):
        (JSC::DirectArguments::copyToArguments):
        * runtime/DirectArguments.h:
        * runtime/DirectEvalExecutable.cpp:
        (JSC::DirectEvalExecutable::create):
        (JSC::DirectEvalExecutable::DirectEvalExecutable):
        * runtime/DirectEvalExecutable.h:
        * runtime/Error.cpp:
        (JSC::createError):
        (JSC::createEvalError):
        (JSC::createRangeError):
        (JSC::createReferenceError):
        (JSC::createSyntaxError):
        (JSC::createTypeError):
        (JSC::createNotEnoughArgumentsError):
        (JSC::createURIError):
        (JSC::createGetterTypeError):
        (JSC::getStackTrace):
        (JSC::getBytecodeOffset):
        (JSC::addErrorInfo):
        (JSC::throwConstructorCannotBeCalledAsFunctionTypeError):
        (JSC::throwTypeError):
        (JSC::throwSyntaxError):
        (JSC::throwGetterTypeError):
        (JSC::throwDOMAttributeGetterTypeError):
        (JSC::createOutOfMemoryError):
        * runtime/Error.h:
        (JSC::throwRangeError):
        (JSC::throwVMError):
        (JSC::throwVMTypeError):
        (JSC::throwVMRangeError):
        (JSC::throwVMGetterTypeError):
        (JSC::throwVMDOMAttributeGetterTypeError):
        * runtime/ErrorConstructor.cpp:
        (JSC::constructErrorConstructor):
        (JSC::callErrorConstructor):
        (JSC::ErrorConstructor::put):
        (JSC::ErrorConstructor::deleteProperty):
        * runtime/ErrorConstructor.h:
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::create):
        (JSC::appendSourceToError):
        (JSC::ErrorInstance::finishCreation):
        (JSC::ErrorInstance::sanitizedToString):
        (JSC::ErrorInstance::getOwnPropertySlot):
        (JSC::ErrorInstance::getOwnNonIndexPropertyNames):
        (JSC::ErrorInstance::getStructurePropertyNames):
        (JSC::ErrorInstance::defineOwnProperty):
        (JSC::ErrorInstance::put):
        (JSC::ErrorInstance::deleteProperty):
        * runtime/ErrorInstance.h:
        (JSC::ErrorInstance::create):
        * runtime/ErrorPrototype.cpp:
        (JSC::errorProtoFuncToString):
        * runtime/EvalExecutable.cpp:
        (JSC::EvalExecutable::EvalExecutable):
        * runtime/EvalExecutable.h:
        * runtime/ExceptionFuzz.cpp:
        (JSC::doExceptionFuzzing):
        * runtime/ExceptionFuzz.h:
        (JSC::doExceptionFuzzingIfEnabled):
        * runtime/ExceptionHelpers.cpp:
        (JSC::TerminatedExecutionError::defaultValue):
        (JSC::createStackOverflowError):
        (JSC::createUndefinedVariableError):
        (JSC::errorDescriptionForValue):
        (JSC::createError):
        (JSC::createInvalidFunctionApplyParameterError):
        (JSC::createInvalidInParameterError):
        (JSC::createInvalidInstanceofParameterErrorNotFunction):
        (JSC::createInvalidInstanceofParameterErrorHasInstanceValueNotFunction):
        (JSC::createNotAConstructorError):
        (JSC::createNotAFunctionError):
        (JSC::createNotAnObjectError):
        (JSC::createErrorForInvalidGlobalAssignment):
        (JSC::createTDZError):
        (JSC::throwOutOfMemoryError):
        (JSC::throwStackOverflowError):
        (JSC::throwTerminatedExecutionException):
        * runtime/ExceptionHelpers.h:
        * runtime/FunctionConstructor.cpp:
        (JSC::constructWithFunctionConstructor):
        (JSC::callFunctionConstructor):
        (JSC::constructFunction):
        (JSC::constructFunctionSkippingEvalEnabledCheck):
        * runtime/FunctionConstructor.h:
        * runtime/FunctionExecutable.cpp:
        (JSC::FunctionExecutable::fromGlobalCode):
        * runtime/FunctionExecutable.h:
        * runtime/FunctionPrototype.cpp:
        (JSC::functionProtoFuncToString):
        * runtime/FunctionRareData.h:
        * runtime/GeneratorFunctionConstructor.cpp:
        (JSC::callGeneratorFunctionConstructor):
        (JSC::constructGeneratorFunctionConstructor):
        * runtime/GenericArguments.h:
        * runtime/GenericArgumentsInlines.h:
        (JSC::GenericArguments<Type>::getOwnPropertySlot):
        (JSC::GenericArguments<Type>::getOwnPropertySlotByIndex):
        (JSC::GenericArguments<Type>::getOwnPropertyNames):
        (JSC::GenericArguments<Type>::put):
        (JSC::GenericArguments<Type>::putByIndex):
        (JSC::GenericArguments<Type>::deleteProperty):
        (JSC::GenericArguments<Type>::deletePropertyByIndex):
        (JSC::GenericArguments<Type>::defineOwnProperty):
        (JSC::GenericArguments<Type>::copyToArguments):
        * runtime/GenericTypedArrayView.h:
        * runtime/GenericTypedArrayViewInlines.h:
        (JSC::GenericTypedArrayView<Adaptor>::wrap):
        * runtime/GetterSetter.cpp:
        (JSC::callGetter):
        (JSC::callSetter):
        * runtime/GetterSetter.h:
        * runtime/HashMapImpl.h:
        (JSC::HashMapBuffer::create):
        (JSC::areKeysEqual):
        (JSC::jsMapHash):
        (JSC::HashMapImpl::finishCreation):
        (JSC::HashMapImpl::findBucket):
        (JSC::HashMapImpl::get):
        (JSC::HashMapImpl::has):
        (JSC::HashMapImpl::add):
        (JSC::HashMapImpl::addNormalized):
        (JSC::HashMapImpl::remove):
        (JSC::HashMapImpl::clear):
        (JSC::HashMapImpl::setUpHeadAndTail):
        (JSC::HashMapImpl::addNormalizedNonExistingForCloning):
        (JSC::HashMapImpl::addNormalizedInternal):
        (JSC::HashMapImpl::findBucketAlreadyHashedAndNormalized):
        (JSC::HashMapImpl::rehash):
        (JSC::HashMapImpl::makeAndSetNewBuffer):
        * runtime/Identifier.h:
        * runtime/IndirectEvalExecutable.cpp:
        (JSC::IndirectEvalExecutable::create):
        (JSC::IndirectEvalExecutable::IndirectEvalExecutable):
        * runtime/IndirectEvalExecutable.h:
        * runtime/InspectorInstrumentationObject.cpp:
        (JSC::inspectorInstrumentationObjectLog):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        (JSC::InternalFunction::createSubclassStructureSlow):
        * runtime/InternalFunction.h:
        (JSC::InternalFunction::createSubclassStructure):
        * runtime/IntlCollator.cpp:
        (JSC::IntlCollator::initializeCollator):
        (JSC::IntlCollator::createCollator):
        (JSC::IntlCollator::compareStrings):
        (JSC::IntlCollator::resolvedOptions):
        * runtime/IntlCollator.h:
        * runtime/IntlCollatorConstructor.cpp:
        (JSC::constructIntlCollator):
        (JSC::callIntlCollator):
        (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
        * runtime/IntlCollatorPrototype.cpp:
        (JSC::IntlCollatorFuncCompare):
        (JSC::IntlCollatorPrototypeGetterCompare):
        (JSC::IntlCollatorPrototypeFuncResolvedOptions):
        * runtime/IntlDateTimeFormat.cpp:
        (JSC::IntlDTFInternal::toDateTimeOptionsAnyDate):
        (JSC::IntlDateTimeFormat::initializeDateTimeFormat):
        (JSC::IntlDateTimeFormat::resolvedOptions):
        (JSC::IntlDateTimeFormat::format):
        (JSC::IntlDateTimeFormat::formatToParts):
        * runtime/IntlDateTimeFormat.h:
        * runtime/IntlDateTimeFormatConstructor.cpp:
        (JSC::constructIntlDateTimeFormat):
        (JSC::callIntlDateTimeFormat):
        (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
        * runtime/IntlDateTimeFormatPrototype.cpp:
        (JSC::IntlDateTimeFormatFuncFormatDateTime):
        (JSC::IntlDateTimeFormatPrototypeGetterFormat):
        (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
        (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
        * runtime/IntlNumberFormat.cpp:
        (JSC::IntlNumberFormat::initializeNumberFormat):
        (JSC::IntlNumberFormat::formatNumber):
        (JSC::IntlNumberFormat::resolvedOptions):
        (JSC::IntlNumberFormat::formatToParts):
        * runtime/IntlNumberFormat.h:
        * runtime/IntlNumberFormatConstructor.cpp:
        (JSC::constructIntlNumberFormat):
        (JSC::callIntlNumberFormat):
        (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
        * runtime/IntlNumberFormatPrototype.cpp:
        (JSC::IntlNumberFormatFuncFormatNumber):
        (JSC::IntlNumberFormatPrototypeGetterFormat):
        (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
        (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
        * runtime/IntlObject.cpp:
        (JSC::intlBooleanOption):
        (JSC::intlStringOption):
        (JSC::intlNumberOption):
        (JSC::intlDefaultNumberOption):
        (JSC::canonicalizeLocaleList):
        (JSC::defaultLocale):
        (JSC::lookupMatcher):
        (JSC::bestFitMatcher):
        (JSC::resolveLocale):
        (JSC::lookupSupportedLocales):
        (JSC::bestFitSupportedLocales):
        (JSC::supportedLocales):
        (JSC::intlObjectFuncGetCanonicalLocales):
        * runtime/IntlObject.h:
        * runtime/IntlObjectInlines.h:
        (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
        * runtime/IntlPluralRules.cpp:
        (JSC::IntlPluralRules::initializePluralRules):
        (JSC::IntlPluralRules::resolvedOptions):
        (JSC::IntlPluralRules::select):
        * runtime/IntlPluralRules.h:
        * runtime/IntlPluralRulesConstructor.cpp:
        (JSC::constructIntlPluralRules):
        (JSC::callIntlPluralRules):
        (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
        * runtime/IntlPluralRulesPrototype.cpp:
        (JSC::IntlPluralRulesPrototypeFuncSelect):
        (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
        * runtime/IteratorOperations.cpp:
        (JSC::iteratorNext):
        (JSC::iteratorValue):
        (JSC::iteratorComplete):
        (JSC::iteratorStep):
        (JSC::iteratorClose):
        (JSC::createIteratorResultObject):
        (JSC::hasIteratorMethod):
        (JSC::iteratorMethod):
        (JSC::iteratorForIterable):
        * runtime/IteratorOperations.h:
        (JSC::forEachInIterable):
        * runtime/JSArray.cpp:
        (JSC::JSArray::setLengthWritable):
        (JSC::JSArray::defineOwnProperty):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::put):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::getOwnNonIndexPropertyNames):
        (JSC::JSArray::setLengthWithArrayStorage):
        (JSC::JSArray::appendMemcpy):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::fastSlice):
        (JSC::JSArray::shiftCountWithAnyIndexingType):
        (JSC::JSArray::unshiftCountWithArrayStorage):
        (JSC::JSArray::unshiftCountWithAnyIndexingType):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToArguments):
        (JSC::constructArray):
        (JSC::constructArrayNegativeIndexed):
        * runtime/JSArray.h:
        (JSC::JSArray::shiftCountForShift):
        (JSC::JSArray::shiftCountForSplice):
        (JSC::JSArray::shiftCount):
        (JSC::JSArray::unshiftCountForShift):
        (JSC::JSArray::unshiftCountForSplice):
        (JSC::JSArray::unshiftCount):
        * runtime/JSArrayBufferConstructor.cpp:
        (JSC::JSGenericArrayBufferConstructor<sharingMode>::constructArrayBuffer):
        (JSC::callArrayBuffer):
        * runtime/JSArrayBufferPrototype.cpp:
        (JSC::arrayBufferProtoFuncSlice):
        (JSC::arrayBufferProtoGetterFuncByteLength):
        (JSC::sharedArrayBufferProtoGetterFuncByteLength):
        * runtime/JSArrayBufferView.cpp:
        (JSC::JSArrayBufferView::toStringName):
        (JSC::JSArrayBufferView::put):
        (JSC::JSArrayBufferView::unsharedJSBuffer):
        (JSC::JSArrayBufferView::possiblySharedJSBuffer):
        (JSC::JSArrayBufferView::slowDownAndWasteMemory):
        * runtime/JSArrayBufferView.h:
        * runtime/JSArrayInlines.h:
        (JSC::toLength):
        (JSC::JSArray::pushInline):
        * runtime/JSBigInt.cpp:
        (JSC::JSBigInt::tryCreateWithLength):
        (JSC::JSBigInt::toPrimitive const):
        (JSC::JSBigInt::parseInt):
        (JSC::JSBigInt::stringToBigInt):
        (JSC::JSBigInt::toString):
        (JSC::JSBigInt::exponentiate):
        (JSC::JSBigInt::multiply):
        (JSC::JSBigInt::divide):
        (JSC::JSBigInt::remainder):
        (JSC::JSBigInt::add):
        (JSC::JSBigInt::sub):
        (JSC::JSBigInt::bitwiseAnd):
        (JSC::JSBigInt::bitwiseOr):
        (JSC::JSBigInt::bitwiseXor):
        (JSC::JSBigInt::leftShift):
        (JSC::JSBigInt::signedRightShift):
        (JSC::JSBigInt::bitwiseNot):
        (JSC::JSBigInt::absoluteAdd):
        (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
        (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
        (JSC::JSBigInt::absoluteAddOne):
        (JSC::JSBigInt::absoluteSubOne):
        (JSC::JSBigInt::leftShiftByAbsolute):
        (JSC::JSBigInt::rightShiftByAbsolute):
        (JSC::JSBigInt::toStringBasePowerOfTwo):
        (JSC::JSBigInt::toStringGeneric):
        (JSC::JSBigInt::allocateFor):
        (JSC::JSBigInt::toNumber const):
        (JSC::JSBigInt::getPrimitiveNumber const):
        (JSC::JSBigInt::toObject const):
        * runtime/JSBigInt.h:
        * runtime/JSBoundFunction.cpp:
        (JSC::boundThisNoArgsFunctionCall):
        (JSC::boundFunctionCall):
        (JSC::boundThisNoArgsFunctionConstruct):
        (JSC::boundFunctionConstruct):
        (JSC::hasInstanceBoundFunction):
        (JSC::getBoundFunctionStructure):
        (JSC::JSBoundFunction::create):
        (JSC::JSBoundFunction::customHasInstance):
        (JSC::JSBoundFunction::boundArgsCopy):
        * runtime/JSBoundFunction.h:
        * runtime/JSCJSValue.cpp:
        (JSC::JSValue::toInteger const):
        (JSC::JSValue::toIntegerPreserveNaN const):
        (JSC::JSValue::toLength const):
        (JSC::JSValue::toNumberSlowCase const):
        (JSC::JSValue::toObjectSlowCase const):
        (JSC::JSValue::toThisSlowCase const):
        (JSC::JSValue::synthesizePrototype const):
        (JSC::JSValue::putToPrimitive):
        (JSC::JSValue::putToPrimitiveByIndex):
        (JSC::JSValue::toStringSlowCase const):
        (JSC::JSValue::toWTFStringSlowCase const):
        * runtime/JSCJSValue.h:
        (JSC::JSValue::toFloat const):
        * runtime/JSCJSValueInlines.h:
        (JSC::JSValue::toInt32 const):
        (JSC::JSValue::toUInt32 const):
        (JSC::JSValue::toIndex const):
        (JSC::JSValue::getString const):
        (JSC::Unknown>::getString const):
        (JSC::JSValue::toPropertyKey const):
        (JSC::JSValue::toPrimitive const):
        (JSC::toPreferredPrimitiveType):
        (JSC::JSValue::getPrimitiveNumber):
        (JSC::JSValue::toNumber const):
        (JSC::JSValue::toNumeric const):
        (JSC::JSValue::toBigIntOrInt32 const):