6c64364d7f8f477527b5d2bb3b345551a174ccff
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-15  Keith Miller  <keith_miller@apple.com>
2
3         BytecodeDumper should print all switch labels
4         https://bugs.webkit.org/show_bug.cgi?id=190596
5
6         Reviewed by Saam Barati.
7
8         Right now the bytecode dumper only prints the default target not any of the
9         non-default targets.
10
11         * bytecode/BytecodeDumper.cpp:
12         (JSC::BytecodeDumper<Block>::dumpBytecode):
13
14 2018-10-15  Saam barati  <sbarati@apple.com>
15
16         Emit fjcvtzs on ARM64E on Darwin
17         https://bugs.webkit.org/show_bug.cgi?id=184023
18
19         Reviewed by Yusuke Suzuki and Filip Pizlo.
20
21         ARMv8.3 introduced the fjcvtzs instruction which does double->int32
22         conversion using the semantics defined by JavaScript:
23         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0801g/hko1477562192868.html
24         This patch teaches JSC to use that instruction when possible.
25
26         * assembler/ARM64Assembler.h:
27         (JSC::ARM64Assembler::fjcvtzs):
28         (JSC::ARM64Assembler::fjcvtzsInsn):
29         * assembler/MacroAssemblerARM64.cpp:
30         (JSC::MacroAssemblerARM64::collectCPUFeatures):
31         * assembler/MacroAssemblerARM64.h:
32         (JSC::MacroAssemblerARM64::supportsDoubleToInt32ConversionUsingJavaScriptSemantics):
33         (JSC::MacroAssemblerARM64::convertDoubleToInt32UsingJavaScriptSemantics):
34         * dfg/DFGSpeculativeJIT.cpp:
35         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
36         * disassembler/ARM64/A64DOpcode.cpp:
37         * disassembler/ARM64/A64DOpcode.h:
38         (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName):
39         * ftl/FTLLowerDFGToB3.cpp:
40         (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
41         * jit/JITRightShiftGenerator.cpp:
42         (JSC::JITRightShiftGenerator::generateFastPath):
43         * runtime/MathCommon.h:
44         (JSC::toInt32):
45
46 2018-10-15  Saam Barati  <sbarati@apple.com>
47
48         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
49         https://bugs.webkit.org/show_bug.cgi?id=190262
50         <rdar://problem/44986241>
51
52         Reviewed by Mark Lam.
53
54         We would take the fast path for shiftCountWithArrayStorage when the array
55         hasHoles(). However, the code for this was wrong. It'd incorrectly update
56         ArrayStorage::m_numValuesInVector. Since the hasHoles() for ArrayStorage
57         path is never taken in JetStream 2, this patch just removes that from
58         the fast path. Instead, we just fallback to the slow path when hasHoles().
59         If we find evidence that this matters for real use cases, we can
60         figure out a way to make the fast path work.
61
62         * runtime/JSArray.cpp:
63         (JSC::JSArray::shiftCountWithArrayStorage):
64
65 2018-10-15  Commit Queue  <commit-queue@webkit.org>
66
67         Unreviewed, rolling out r237054.
68         https://bugs.webkit.org/show_bug.cgi?id=190593
69
70         "this regressed JetStream 2 by 6% on iOS" (Requested by
71         saamyjoon on #webkit).
72
73         Reverted changeset:
74
75         "[JSC] JSC should have "parseFunction" to optimize Function
76         constructor"
77         https://bugs.webkit.org/show_bug.cgi?id=190340
78         https://trac.webkit.org/changeset/237054
79
80 2018-10-14  David Kilzer  <ddkilzer@apple.com>
81
82         REGRESSION (r237084): JavaScriptCore fails to build on Linux
83         <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10949>
84
85         * llint/LLIntSettingsExtractor.cpp: Attempt to fix build by
86         including <stdio.h>.
87
88 2018-10-15  Alex Christensen  <achristensen@webkit.org>
89
90         Shrink more enum classes
91         https://bugs.webkit.org/show_bug.cgi?id=190540
92
93         Reviewed by Chris Dumez.
94
95         * runtime/ConsoleTypes.h:
96
97 2018-10-15  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
98
99         [JSC] Disable DOMJIT on 32bit architecture
100         https://bugs.webkit.org/show_bug.cgi?id=190387
101
102         Reviewed by Mark Lam.
103
104         We disable DOMJIT on 32bit architecture due to exhaustion of registers.
105
106         * runtime/Options.h:
107
108 2018-10-15  Alex Christensen  <achristensen@webkit.org>
109
110         Include EnumTraits.h less
111         https://bugs.webkit.org/show_bug.cgi?id=190535
112
113         Reviewed by Chris Dumez.
114
115         * runtime/ConsoleTypes.h:
116
117 2018-10-14  Mark Lam  <mark.lam@apple.com>
118
119         Gardening: Build fix after r237084.
120         https://bugs.webkit.org/show_bug.cgi?id=189708
121
122         Unreviewd.
123
124         * llint/LLIntOffsetsExtractor.cpp:
125
126 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
127
128         [JSC] Remove Option::useAsyncIterator
129         https://bugs.webkit.org/show_bug.cgi?id=190567
130
131         Reviewed by Saam Barati.
132
133         Async iterator is enabled by default at 2017-08-09. It is already shipped in several releases,
134         and we can think that it is already mature. Let's drop the option `Option::useAsyncIterator`.
135
136         * Configurations/FeatureDefines.xcconfig:
137         * bytecompiler/BytecodeGenerator.cpp:
138         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
139         (JSC::BytecodeGenerator::emitNewFunction):
140         * parser/ASTBuilder.h:
141         (JSC::ASTBuilder::createFunctionMetadata):
142         * parser/Parser.cpp:
143         (JSC::Parser<LexerType>::parseForStatement):
144         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
145         (JSC::Parser<LexerType>::parseClass):
146         (JSC::Parser<LexerType>::parseProperty):
147         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
148         * runtime/Options.h:
149
150 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
151
152         [JSC] Remove Options::useObjectRestSpread
153         https://bugs.webkit.org/show_bug.cgi?id=190568
154
155         Reviewed by Saam Barati.
156
157         Options::useObjectRestSpread is enabled by default at 2017-06-27. It is already shipped in several releases,
158         and we can think that it is mature. Let's drop Options::useObjectRestSpread() flag.
159
160         * parser/Parser.cpp:
161         (JSC::Parser<LexerType>::Parser):
162         (JSC::Parser<LexerType>::parseDestructuringPattern):
163         (JSC::Parser<LexerType>::parseProperty):
164         * parser/Parser.h:
165         * runtime/Options.h:
166
167 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
168
169         [JSC] JSON.stringify can accept call-with-no-arguments
170         https://bugs.webkit.org/show_bug.cgi?id=190343
171
172         Reviewed by Mark Lam.
173
174         JSON.stringify can accept `JSON.stringify()` call (call-with-no-arguments) according to the spec[1].
175         Instead of throwing an error, we should take the first argument as `undefined` if it is not given.
176
177         [1]: https://tc39.github.io/ecma262/#sec-json.stringify
178
179         * runtime/JSONObject.cpp:
180         (JSC::JSONProtoFuncStringify):
181
182 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
183
184         Gardening: Build fix after r237084.
185         https://bugs.webkit.org/show_bug.cgi?id=189708
186
187         Unreviewd.
188
189         * JavaScriptCore.xcodeproj/project.pbxproj:
190
191 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
192
193         Separate configuration extraction from offset extraction
194         https://bugs.webkit.org/show_bug.cgi?id=189708
195
196         Reviewed by Keith Miller.
197
198         Instead of generating a file with all offsets for every combination of
199         configurations, we first generate a file with only the configuration
200         indices and pass that to the offset extractor. The offset extractor then
201         only generates the offsets for valid configurations
202
203         * CMakeLists.txt:
204         * JavaScriptCore.xcodeproj/project.pbxproj:
205         * llint/LLIntOffsetsExtractor.cpp:
206         (JSC::LLIntOffsetsExtractor::dummy):
207         * llint/LLIntSettingsExtractor.cpp: Added.
208         (main):
209         * offlineasm/generate_offset_extractor.rb:
210         * offlineasm/generate_settings_extractor.rb: Added.
211         * offlineasm/offsets.rb:
212         * offlineasm/settings.rb:
213
214 2018-10-12  Ryan Haddad  <ryanhaddad@apple.com>
215
216         Unreviewed, rolling out r237063.
217
218         Caused layout test fast/dom/Window/window-postmessage-clone-
219         deep-array.html to fail on macOS and iOS Debug bots.
220
221         Reverted changeset:
222
223         "[JSC] Remove gcc warnings on mips and armv7"
224         https://bugs.webkit.org/show_bug.cgi?id=188598
225         https://trac.webkit.org/changeset/237063
226
227 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
228
229         [JSC] Remove gcc warnings on mips and armv7
230         https://bugs.webkit.org/show_bug.cgi?id=188598
231
232         Reviewed by Mark Lam.
233
234         Fix many gcc/clang warnings that are false positives, mostly alignment
235         issues.
236
237         * assembler/MacroAssemblerPrinter.cpp:
238         (JSC::Printer::printMemory):
239         Use bitwise_cast instead of reinterpret_cast.
240         * assembler/testmasm.cpp:
241         (JSC::floatOperands):
242         marked as potentially unused as it is not used on all platforms.
243         (JSC::testProbeModifiesStackValues):
244         modifiedFlags is not used on mips, so don't declare it.
245         * bytecode/CodeBlock.h:
246         Make ScriptExecutable::prepareForExecution() return an
247         std::optional<Exception*> instead of a JSObject*.
248         * interpreter/Interpreter.cpp:
249         (JSC::Interpreter::executeProgram):
250         (JSC::Interpreter::executeCall):
251         (JSC::Interpreter::executeConstruct):
252         (JSC::Interpreter::prepareForRepeatCall):
253         (JSC::Interpreter::execute):
254         (JSC::Interpreter::executeModuleProgram):
255         Update calling code for the prototype change of
256         ScriptExecutable::prepareForExecution().
257         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
258         * llint/LLIntSlowPaths.cpp:
259         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
260         * runtime/JSBigInt.cpp:
261         (JSC::JSBigInt::dataStorage):
262         Use bitwise_cast instead of reinterpret_cast.
263         * runtime/ScriptExecutable.cpp:
264         * runtime/ScriptExecutable.h:
265         Make ScriptExecutable::prepareForExecution() return an
266         std::optional<Exception*> instead of a JSObject*.
267         * tools/JSDollarVM.cpp:
268         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
269
270 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
271
272         Use currentStackPointer more
273         https://bugs.webkit.org/show_bug.cgi?id=190503
274
275         Reviewed by Saam Barati.
276
277         * runtime/VM.cpp:
278         (JSC::VM::committedStackByteCount):
279
280 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
281
282         [JSC] JSC should have "parseFunction" to optimize Function constructor
283         https://bugs.webkit.org/show_bug.cgi?id=190340
284
285         Reviewed by Mark Lam.
286
287         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
288         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
289         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
290         is really costly and ideally we should meet the above requirement by the one time parsing.
291
292         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
293         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
294         For example, if we run the code,
295
296             Function('/*', '*/){')
297
298         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
299         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
300         that, in our implementation, we first create the entire string.
301
302             function anonymous(/*) {
303                 */){
304             }
305
306         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
307         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
308         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
309         above example while we parse the entire function only once. And we do not need to create two strings too.
310
311         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
312         significantly sped up (28.2%).
313
314         Before:
315             uglify-js:  2.94 runs/s
316         After:
317             uglify-js:  3.77 runs/s
318
319         * bytecode/UnlinkedFunctionExecutable.cpp:
320         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
321         * bytecode/UnlinkedFunctionExecutable.h:
322         * parser/Parser.cpp:
323         (JSC::Parser<LexerType>::parseInner):
324         (JSC::Parser<LexerType>::parseSingleFunction):
325         (JSC::Parser<LexerType>::parseFunctionInfo):
326         (JSC::Parser<LexerType>::parseFunctionDeclaration):
327         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
328         (JSC::Parser<LexerType>::parseClass):
329         (JSC::Parser<LexerType>::parsePropertyMethod):
330         (JSC::Parser<LexerType>::parseGetterSetter):
331         (JSC::Parser<LexerType>::parseFunctionExpression):
332         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
333         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
334         * parser/Parser.h:
335         (JSC::Parser<LexerType>::parse):
336         (JSC::parse):
337         (JSC::parseFunctionForFunctionConstructor):
338         * parser/ParserModes.h:
339         * parser/ParserTokens.h:
340         (JSC::JSTextPosition::JSTextPosition):
341         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
342         * parser/SourceCodeKey.h:
343         (JSC::SourceCodeKey::SourceCodeKey):
344         (JSC::SourceCodeKey::operator== const):
345         * runtime/CodeCache.cpp:
346         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
347         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
348         * runtime/CodeCache.h:
349         * runtime/FunctionConstructor.cpp:
350         (JSC::constructFunctionSkippingEvalEnabledCheck):
351         * runtime/FunctionExecutable.cpp:
352         (JSC::FunctionExecutable::fromGlobalCode):
353         * runtime/FunctionExecutable.h:
354
355 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
356
357         Fix non-existent define `CPU(JSVALUE64)`
358         https://bugs.webkit.org/show_bug.cgi?id=190479
359
360         Reviewed by Yusuke Suzuki.
361
362         * jit/CCallHelpers.h:
363         (JSC::CCallHelpers::setupArgumentsImpl):
364         Correct CPU(JSVALUE64) to USE(JSVALUE64).
365
366 2018-10-11  Keith Rollin  <krollin@apple.com>
367
368         CURRENT_ARCH should not be used in Run Script phase.
369         https://bugs.webkit.org/show_bug.cgi?id=190407
370         <rdar://problem/45133556>
371
372         Reviewed by Alexey Proskuryakov.
373
374         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
375         CURRENT_ARCH is not well-defined during this phase (and may even have
376         the value "undefined") since this phase is run just once per build
377         rather than once per supported architecture. Migrate away from
378         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
379         performing an operation for each value, or by picking the first entry
380         in ARCHS and using that as a representative value.
381
382         * JavaScriptCore.xcodeproj/project.pbxproj: Store
383         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
384         rather than CURRENT_ARCH.
385
386 2018-10-10  Mark Lam  <mark.lam@apple.com>
387
388         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
389         https://bugs.webkit.org/show_bug.cgi?id=190405
390         <rdar://problem/45131464>
391
392         Reviewed by Michael Saboff.
393
394         The ASAN detect_stack_use_after_return option checks for use of stack variables
395         after they have been freed.  It does this by allocating relevant stack variables
396         in heap memory (instead of on the stack) if the code ever takes the address of
397         those stack variables.  Unfortunately, this is a common idiom that we use to
398         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
399         computed approximate stack pointer value will point into the heap instead of the
400         stack.  This breaks the VM's expectations and wreaks havoc.
401
402         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
403         taking the address of stack variables.
404
405         We also need to enhance ExceptionScopes to be able to work with ASAN
406         detect_stack_use_after_return which will allocated the scope in the heap.  We
407         work around this by passing the current stack pointer of the instantiating calling
408         frame into the scope constructor, and using that for the position check in
409         ~ThrowScope() instead.
410
411         The above is only a start towards enabling ASAN detect_stack_use_after_return on
412         the VM.  There are still other issues to be resolved before we can run with this
413         ASAN option.
414
415         * runtime/CatchScope.h:
416         * runtime/ExceptionEventLocation.h:
417         (JSC::ExceptionEventLocation::ExceptionEventLocation):
418         * runtime/ExceptionScope.h:
419         (JSC::ExceptionScope::stackPosition const):
420         * runtime/JSLock.cpp:
421         (JSC::JSLock::didAcquireLock):
422         * runtime/ThrowScope.cpp:
423         (JSC::ThrowScope::~ThrowScope):
424         * runtime/ThrowScope.h:
425         * runtime/VM.h:
426         (JSC::VM::needExceptionCheck const):
427         (JSC::VM::isSafeToRecurse const):
428         * wasm/js/WebAssemblyFunction.cpp:
429         (JSC::callWebAssemblyFunction):
430         * yarr/YarrPattern.cpp:
431         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
432
433 2018-10-10  Devin Rousso  <drousso@apple.com>
434
435         Web Inspector: create special Network waterfall for media events
436         https://bugs.webkit.org/show_bug.cgi?id=189773
437         <rdar://problem/44626605>
438
439         Reviewed by Joseph Pecoraro.
440
441         * inspector/protocol/DOM.json:
442         Add `didFireEvent` event that is fired when specific event listeners added by
443         `InspectorInstrumentation::addEventListenersToNode` are fired.
444
445 2018-10-10  Michael Saboff  <msaboff@apple.com>
446
447         Increase executable memory pool from 64MB to 128MB for ARM64
448         https://bugs.webkit.org/show_bug.cgi?id=190453
449
450         Reviewed by Saam Barati.
451
452         * jit/ExecutableAllocator.cpp:
453
454 2018-10-10  Devin Rousso  <drousso@apple.com>
455
456         Web Inspector: notify the frontend when a canvas has started recording via console.record
457         https://bugs.webkit.org/show_bug.cgi?id=190306
458
459         Reviewed by Brian Burg.
460
461         * inspector/protocol/Canvas.json:
462         Add `recordingStarted` event.
463
464         * inspector/protocol/Recording.json:
465         Add `Initiator` enum for determining who started the recording.
466
467 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
468
469         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
470         https://bugs.webkit.org/show_bug.cgi?id=190429
471
472         Reviewed by Saam Barati.
473
474         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
475         To make it explicit that these functions can fail, we rename these functions from createXXX
476         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
477         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
478         and it should return RefPtr<>.
479
480         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
481         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
482         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
483         RELEASE_ASSERT on the result of `tryCreate(...)`.
484
485         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
486
487         This change actually finds one place which does not perform any null checkings while it uses
488         `RefPtr<> create(...)` function.
489
490         * API/JSCallbackObjectFunctions.h:
491         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
492         (JSC::JSCallbackObject<Parent>::put):
493         (JSC::JSCallbackObject<Parent>::putByIndex):
494         (JSC::JSCallbackObject<Parent>::deleteProperty):
495         (JSC::JSCallbackObject<Parent>::callbackGetter):
496         * API/JSClassRef.h:
497         (StaticValueEntry::StaticValueEntry):
498         * API/JSContext.mm:
499         (-[JSContext evaluateScript:withSourceURL:]):
500         (-[JSContext setName:]):
501         * API/JSContextRef.cpp:
502         (JSGlobalContextCopyName):
503         (JSContextCreateBacktrace):
504         * API/JSObjectRef.cpp:
505         (JSObjectCopyPropertyNames):
506         * API/JSScriptRef.cpp:
507         * API/JSStringRef.cpp:
508         (JSStringCreateWithCharactersNoCopy):
509         * API/JSValue.mm:
510         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
511         (+[JSValue valueWithNewErrorFromMessage:inContext:]):
512         (+[JSValue valueWithNewSymbolFromDescription:inContext:]):
513         (performPropertyOperation):
514         (-[JSValue invokeMethod:withArguments:]):
515         (containerValueToObject):
516         (objectToValueWithoutCopy):
517         (objectToValue):
518         * API/JSValueRef.cpp:
519         (JSValueCreateJSONString):
520         (JSValueToStringCopy):
521         * API/OpaqueJSString.cpp:
522         (OpaqueJSString::tryCreate):
523         (OpaqueJSString::create): Deleted.
524         * API/OpaqueJSString.h:
525         * API/glib/JSCContext.cpp:
526         (evaluateScriptInContext):
527         * API/glib/JSCValue.cpp:
528         (jsc_value_new_string_from_bytes):
529         * ftl/FTLLazySlowPath.h:
530         (JSC::FTL::LazySlowPath::createGenerator):
531         * ftl/FTLLazySlowPathCall.h:
532         (JSC::FTL::createLazyCallGenerator):
533         * ftl/FTLOSRExit.cpp:
534         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
535         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
536         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
537         * ftl/FTLOSRExit.h:
538         * ftl/FTLPatchpointExceptionHandle.cpp:
539         (JSC::FTL::PatchpointExceptionHandle::create):
540         (JSC::FTL::PatchpointExceptionHandle::createHandle):
541         * ftl/FTLPatchpointExceptionHandle.h:
542         * heap/EdenGCActivityCallback.h:
543         (JSC::GCActivityCallback::tryCreateEdenTimer):
544         (JSC::GCActivityCallback::createEdenTimer): Deleted.
545         * heap/FullGCActivityCallback.h:
546         (JSC::GCActivityCallback::tryCreateFullTimer):
547         (JSC::GCActivityCallback::createFullTimer): Deleted.
548         * heap/GCActivityCallback.h:
549         * heap/Heap.cpp:
550         (JSC::Heap::Heap):
551         * inspector/AsyncStackTrace.cpp:
552         (Inspector::AsyncStackTrace::create):
553         * inspector/AsyncStackTrace.h:
554         * jsc.cpp:
555         (fillBufferWithContentsOfFile):
556         * runtime/ArrayBuffer.h:
557         * runtime/GenericTypedArrayView.h:
558         * runtime/GenericTypedArrayViewInlines.h:
559         (JSC::GenericTypedArrayView<Adaptor>::create):
560         (JSC::GenericTypedArrayView<Adaptor>::tryCreate):
561         (JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
562         (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized):
563         (JSC::GenericTypedArrayView<Adaptor>::subarray const):
564         * runtime/JSArrayBufferView.cpp:
565         (JSC::JSArrayBufferView::possiblySharedImpl):
566         * runtime/JSGenericTypedArrayViewInlines.h:
567         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
568         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
569         * wasm/WasmMemory.cpp:
570         (JSC::Wasm::Memory::create):
571         (JSC::Wasm::Memory::tryCreate):
572         * wasm/WasmMemory.h:
573         * wasm/WasmTable.cpp:
574         (JSC::Wasm::Table::tryCreate):
575         (JSC::Wasm::Table::create): Deleted.
576         * wasm/WasmTable.h:
577         * wasm/js/JSWebAssemblyInstance.cpp:
578         (JSC::JSWebAssemblyInstance::create):
579         * wasm/js/JSWebAssemblyMemory.cpp:
580         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
581         * wasm/js/WebAssemblyMemoryConstructor.cpp:
582         (JSC::constructJSWebAssemblyMemory):
583         * wasm/js/WebAssemblyModuleRecord.cpp:
584         (JSC::WebAssemblyModuleRecord::link):
585         * wasm/js/WebAssemblyTableConstructor.cpp:
586         (JSC::constructJSWebAssemblyTable):
587
588 2018-10-09  Devin Rousso  <drousso@apple.com>
589
590         Web Inspector: show redirect requests in Network and Timelines tabs
591         https://bugs.webkit.org/show_bug.cgi?id=150005
592         <rdar://problem/5378164>
593
594         Reviewed by Joseph Pecoraro.
595
596         * inspector/protocol/Network.json:
597         Add missing fields to `ResourceTiming`.
598
599 2018-10-09  Claudio Saavedra  <csaavedra@igalia.com>
600
601         [WPE] Explicitly link against gmodule where used
602         https://bugs.webkit.org/show_bug.cgi?id=190398
603
604         Reviewed by Michael Catanzaro.
605
606         * PlatformWPE.cmake:
607
608 2018-10-08  Justin Fan  <justin_fan@apple.com>
609
610         WebGPU: Rename old WebGPU prototype to WebMetal
611         https://bugs.webkit.org/show_bug.cgi?id=190325
612         <rdar://problem/44990443>
613
614         Reviewed by Dean Jackson.
615
616         Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface.
617
618         * Configurations/FeatureDefines.xcconfig:
619         * inspector/protocol/Canvas.json:
620         * inspector/scripts/codegen/generator.py:
621
622 2018-10-08  Aditya Keerthi  <akeerthi@apple.com>
623
624         Make <input type=color> a runtime enabled (on-by-default) feature
625         https://bugs.webkit.org/show_bug.cgi?id=189162
626
627         Reviewed by Wenson Hsieh and Tim Horton.
628
629         * Configurations/FeatureDefines.xcconfig:
630
631 2018-10-08  Devin Rousso  <drousso@apple.com>
632
633         Web Inspector: group media network entries by the node that triggered the request
634         https://bugs.webkit.org/show_bug.cgi?id=189606
635         <rdar://problem/44438527>
636
637         Reviewed by Brian Burg.
638
639         * inspector/protocol/Network.json:
640         Add an optional `nodeId` field to the `Initiator` object that is set it is possible to
641         determine which ancestor node triggered the load. It may not correspond directly to the node
642         with the href/src, as that url may only be used by an ancestor for loading.
643
644 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
645
646         [JSC][Linux] Use non-truncated name for JIT workers in Linux
647         https://bugs.webkit.org/show_bug.cgi?id=190339
648
649         Reviewed by Mark Lam.
650
651         The current thread names are meaningless in Linux environment. We do not want to
652         have truncated name in Linux: we want to have clear name in Linux. Instead, we
653         should have the name for Linux separately from the name used in the non-Linux
654         environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for
655         Linux environment.
656
657         * dfg/DFGWorklist.cpp:
658         (JSC::DFG::createWorklistName):
659         (JSC::DFG::Worklist::Worklist):
660         (JSC::DFG::Worklist::create):
661         (JSC::DFG::ensureGlobalDFGWorklist):
662         (JSC::DFG::ensureGlobalFTLWorklist):
663         * dfg/DFGWorklist.h:
664         * jit/JITWorklist.cpp:
665
666 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
667
668         Name Heap threads
669         https://bugs.webkit.org/show_bug.cgi?id=190337
670
671         Reviewed by Mark Lam.
672
673         Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since
674         Linux does not accept the name longer than 15. We do not want to use the short name
675         for non-Linux environment. And we want to have clear name in Linux: truncated name
676         is not good. So, having the two names is the only way.
677
678         * heap/HeapHelperPool.cpp:
679         (JSC::heapHelperPool):
680
681 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
682
683         [JSC] Avoid creating ProgramExecutable in checkSyntax
684         https://bugs.webkit.org/show_bug.cgi?id=190332
685
686         Reviewed by Mark Lam.
687
688         uglify-js in web-tooling-benchmark executes massive number of Function constructor calls.
689         In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax
690         is important when the performance of Function constructor matters. Current checkSyntax code
691         unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves
692         the benchmark score slightly.
693
694         Before:
695             uglify-js:  2.87 runs/s
696         After:
697             uglify-js:  2.94 runs/s
698
699         * runtime/Completion.cpp:
700         (JSC::checkSyntaxInternal):
701         (JSC::checkSyntax):
702         * runtime/ProgramExecutable.cpp:
703         (JSC::ProgramExecutable::checkSyntax): Deleted.
704         * runtime/ProgramExecutable.h:
705
706 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
707
708         [ESNext][BigInt] Implement support for "|"
709         https://bugs.webkit.org/show_bug.cgi?id=186229
710
711         Reviewed by Yusuke Suzuki.
712
713         This patch is introducing support for BigInt into bitwise "or" operator.
714         In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and
715         "ValueBitOr", to replace "BitOr" node. The idea is to follow the
716         difference that we make on Arith<op> and Value<op>, where ArithBitOr
717         handles cases when the operands are Int32 and ValueBitOr handles
718         the remaining cases.
719
720         We are also changing op_bitor to use ValueProfile. We are using
721         ValueProfile during DFG generation to emit "ArithBitOr" when
722         outcome prediction is Int32.
723
724         * bytecode/CodeBlock.cpp:
725         (JSC::CodeBlock::finishCreation):
726         (JSC::CodeBlock::arithProfileForPC):
727         * bytecompiler/BytecodeGenerator.cpp:
728         (JSC::BytecodeGenerator::emitBinaryOp):
729         * dfg/DFGAbstractInterpreterInlines.h:
730         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
731         * dfg/DFGBackwardsPropagationPhase.cpp:
732         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
733         (JSC::DFG::BackwardsPropagationPhase::propagate):
734         * dfg/DFGByteCodeParser.cpp:
735         (JSC::DFG::ByteCodeParser::parseBlock):
736         * dfg/DFGClobberize.h:
737         (JSC::DFG::clobberize):
738         * dfg/DFGDoesGC.cpp:
739         (JSC::DFG::doesGC):
740         * dfg/DFGFixupPhase.cpp:
741         (JSC::DFG::FixupPhase::fixupNode):
742         * dfg/DFGNodeType.h:
743         * dfg/DFGOperations.cpp:
744         (JSC::DFG::bitwiseOp):
745         * dfg/DFGOperations.h:
746         * dfg/DFGPredictionPropagationPhase.cpp:
747         * dfg/DFGSafeToExecute.h:
748         (JSC::DFG::safeToExecute):
749         * dfg/DFGSpeculativeJIT.cpp:
750         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
751         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
752         * dfg/DFGSpeculativeJIT.h:
753         (JSC::DFG::SpeculativeJIT::bitOp):
754         * dfg/DFGSpeculativeJIT32_64.cpp:
755         (JSC::DFG::SpeculativeJIT::compile):
756         * dfg/DFGSpeculativeJIT64.cpp:
757         (JSC::DFG::SpeculativeJIT::compile):
758         * dfg/DFGStrengthReductionPhase.cpp:
759         (JSC::DFG::StrengthReductionPhase::handleNode):
760         * ftl/FTLCapabilities.cpp:
761         (JSC::FTL::canCompile):
762         * ftl/FTLLowerDFGToB3.cpp:
763         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
764         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
765         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr):
766         (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted.
767         * jit/JITArithmetic.cpp:
768         (JSC::JIT::emit_op_bitor):
769         * llint/LowLevelInterpreter32_64.asm:
770         * llint/LowLevelInterpreter64.asm:
771         * runtime/CommonSlowPaths.cpp:
772         (JSC::SLOW_PATH_DECL):
773         * runtime/JSBigInt.cpp:
774         (JSC::JSBigInt::bitwiseAnd):
775         (JSC::JSBigInt::bitwiseOr):
776         (JSC::JSBigInt::absoluteBitwiseOp):
777         (JSC::JSBigInt::absoluteAddOne):
778         * runtime/JSBigInt.h:
779
780 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
781
782         [JSC] Use new extra memory reporting in SparseArrayMap
783         https://bugs.webkit.org/show_bug.cgi?id=190278
784
785         Reviewed by Keith Miller.
786
787         This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory
788         to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap.
789
790         * runtime/SparseArrayValueMap.cpp:
791         (JSC::SparseArrayValueMap::add):
792         (JSC::SparseArrayValueMap::visitChildren):
793
794 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
795
796         [JSC][Linux] Support Perf JITDump logging
797         https://bugs.webkit.org/show_bug.cgi?id=189893
798
799         Reviewed by Mark Lam.
800
801         This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information.
802         We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory.
803         By using this dump and perf.data output, we can annotate JIT code with profiling information.
804
805             $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js
806             $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true
807             [ perf record: Woken up 1 times to write data ]
808             [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ]
809             $ perf inject --jit -i perf.data -o perf.jit.data
810             $ perf report -i perf.jit.data
811
812         * Sources.txt:
813         * assembler/LinkBuffer.cpp:
814         (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
815         * assembler/LinkBuffer.h:
816         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
817         * assembler/PerfLog.cpp: Added.
818         (JSC::PerfLog::singleton):
819         (JSC::generateTimestamp):
820         (JSC::getCurrentThreadID):
821         (JSC::PerfLog::PerfLog):
822         (JSC::PerfLog::write):
823         (JSC::PerfLog::flush):
824         (JSC::PerfLog::log):
825         * assembler/PerfLog.h: Added.
826         * jit/ExecutableAllocator.cpp:
827         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
828         * runtime/Options.cpp:
829         (JSC::Options::isAvailable):
830         * runtime/Options.h:
831
832 2018-10-05  Mark Lam  <mark.lam@apple.com>
833
834         Gardening: Build fix after r236880.
835         https://bugs.webkit.org/show_bug.cgi?id=190317
836
837         Unreviewed.
838
839         * jit/ExecutableAllocator.h:
840
841 2018-10-05  Mark Lam  <mark.lam@apple.com>
842
843         performJITMemcpy() should handle the case when the executable allocator is not initialized yet.
844         https://bugs.webkit.org/show_bug.cgi?id=190317
845         <rdar://problem/45039398>
846
847         Reviewed by Saam Barati.
848
849         When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy()
850         to copy memory before the JIT fixed memory pool is initialize.  Before r236864,
851         performJITMemcpy() would just do a memcpy in that case.  We need to restore the
852         equivalent behavior.
853
854         * jit/ExecutableAllocator.cpp:
855         (JSC::isJITPC):
856         * jit/ExecutableAllocator.h:
857         (JSC::performJITMemcpy):
858
859 2018-10-05  Carlos Eduardo Ramalho  <cadubentzen@gmail.com>
860
861         [WPE][JSC] Use Unified Sources for Platform-specific sources
862         https://bugs.webkit.org/show_bug.cgi?id=190300
863
864         Reviewed by Yusuke Suzuki.
865
866         Currently the GTK port already used Unified Sources with the same source files.
867         As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES
868         to the list of libraries to link with.
869
870         * PlatformWPE.cmake:
871         * SourcesWPE.txt: Added.
872         * shell/PlatformWPE.cmake:
873
874 2018-10-05  Mike Gorse  <mgorse@alum.wpi.edu>
875
876         [GTK] build fails with python 3 if LANG and LC_TYPE are unset
877         https://bugs.webkit.org/show_bug.cgi?id=190258
878
879         Reviewed by Konstantin Tokarev.
880
881         * Scripts/cssmin.py: Set stdout to UTF-8 on python 3.
882         * Scripts/generateIntlCanonicalizeLanguage.py: Open files with
883           encoding=UTF-8 on Python 3.
884         * yarr/generateYarrCanonicalizeUnicode: Ditto.
885         * yarr/generateYarrUnicodePropertyTables.py: Ditto.
886
887 2018-10-04  Mark Lam  <mark.lam@apple.com>
888
889         Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object.
890         https://bugs.webkit.org/show_bug.cgi?id=190295
891         <rdar://problem/19197193>
892
893         Reviewed by Saam Barati.
894
895         This allows us to use the tagging logic already baked into MacroAssemblerCodePtr
896         instead of needing to use our own custom version here.
897
898         * jit/ExecutableAllocator.cpp:
899         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
900         (JSC::FixedVMPoolExecutableAllocator::memoryStart):
901         (JSC::FixedVMPoolExecutableAllocator::memoryEnd):
902         (JSC::FixedVMPoolExecutableAllocator::isJITPC):
903         (JSC::ExecutableAllocator::allocate):
904         (JSC::startOfFixedExecutableMemoryPoolImpl):
905         (JSC::endOfFixedExecutableMemoryPoolImpl):
906         (JSC::isJITPC):
907         * jit/ExecutableAllocator.h:
908
909 2018-10-04  Mark Lam  <mark.lam@apple.com>
910
911         Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled.
912         https://bugs.webkit.org/show_bug.cgi?id=190283
913         <rdar://problem/45015752>
914
915         Reviewed by Keith Miller.
916
917         * runtime/Options.cpp:
918         (JSC::Options::initialize):
919         * wasm/WasmFaultSignalHandler.cpp:
920         (JSC::Wasm::enableFastMemory):
921
922 2018-10-03  Ross Kirsling  <ross.kirsling@sony.com>
923
924         [JSC] print() changes CRLF to CRCRLF on Windows
925         https://bugs.webkit.org/show_bug.cgi?id=190228
926
927         Reviewed by Mark Lam.
928
929         * jsc.cpp:
930         (main):
931         Ultimately, this is just the normal behavior of printf in text mode on Windows.
932         Since we're reading in files as binary, we need to be printing out as binary too
933         (just as we do in DumpRenderTree and ImageDiff.)
934
935 2018-10-03  Saam barati  <sbarati@apple.com>
936
937         lowXYZ in FTLLower should always filter the type of the incoming edge
938         https://bugs.webkit.org/show_bug.cgi?id=189939
939         <rdar://problem/44407030>
940
941         Reviewed by Michael Saboff.
942
943         For example, the FTL may know more about data flow than AI in certain programs,
944         and it needs to inform AI of these data flow properties to appease the assertion
945         we have in AI that a node must perform type checks on its child nodes.
946         
947         For example, consider this program:
948         
949         ```
950         bb#1
951         a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
952         Branch(...,  #2, #3)
953         
954         bb#2
955         ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
956         Jump(#3)
957         
958         bb#3
959         c: Add(Int32:@something, Int32:@a)
960         ```
961         
962         When the Add node does lowInt32() for @a, FTL lower used to just grab it
963         from the int32 hash table without filtering the AbstractValue. However,
964         the parent node is asking for a type check to happen, so we must inform
965         AI of this "type check" if we want to appease the assertion that all nodes
966         perform type checks for their edges that semantically perform type checks.
967         This patch makes it so we filter the AbstractValue in the lowXYZ even
968         if FTLLower proved the value must be XYZ.
969
970         * ftl/FTLLowerDFGToB3.cpp:
971         (JSC::FTL::DFG::LowerDFGToB3::compilePhi):
972         (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
973         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
974         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
975         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
976
977 2018-10-03  Michael Saboff  <msaboff@apple.com>
978
979         Command line jsc should report memory footprint in bytes
980         https://bugs.webkit.org/show_bug.cgi?id=190267
981
982         Reviewed by Mark Lam.
983
984         Change to leave the footprint values from the system unmodified.
985
986         * jsc.cpp:
987         (JSCMemoryFootprint::finishCreation):
988
989 2018-10-03  Mark Lam  <mark.lam@apple.com>
990
991         Suppress unreachable code warning for LLIntAssembly.h code.
992         https://bugs.webkit.org/show_bug.cgi?id=190263
993         <rdar://problem/44986532>
994
995         Reviewed by Saam Barati.
996
997         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
998         asm files, and may contain dead code which are harmless, but will trip up the warning.
999         We should suppress the warning so that it doesn't break builds.
1000
1001         * llint/LowLevelInterpreter.cpp:
1002         (JSC::CLoop::execute):
1003
1004 2018-10-03  Dan Bernstein  <mitz@apple.com>
1005
1006         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
1007         https://bugs.webkit.org/show_bug.cgi?id=190250
1008
1009         Reviewed by Alex Christensen.
1010
1011         * API/tests/Regress141275.mm:
1012         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
1013           by making the self-retaining explicit.
1014
1015         * API/tests/testapi.cpp:
1016         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
1017           loop instead of returning from the lambda.
1018
1019         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
1020           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
1021           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
1022
1023         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
1024           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
1025
1026         * assembler/MacroAssemblerPrinter.cpp:
1027         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
1028           some commas with semicolons.
1029
1030 2018-10-03  Mark Lam  <mark.lam@apple.com>
1031
1032         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
1033         https://bugs.webkit.org/show_bug.cgi?id=190187
1034         <rdar://problem/42512909>
1035
1036         Reviewed by Michael Saboff.
1037
1038         Allowing different max string lengths at each level opens up opportunities for
1039         bugs to creep in.  With 2 different max length values, it is more difficult to
1040         keep the story straight on how we do overflow / bounds checks at each place in
1041         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
1042         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
1043         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
1044         standardize on a MaxLength of INT_MAX at all levels.
1045
1046         We'll also standardize the way we do length overflow checks on using
1047         CheckedArithmetic, and add some asserts to document the assumptions of the code.
1048
1049         * runtime/FunctionConstructor.cpp:
1050         (JSC::constructFunctionSkippingEvalEnabledCheck):
1051         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
1052         * runtime/JSString.h:
1053         (JSC::JSString::finishCreation):
1054         (JSC::JSString::createHasOtherOwner):
1055         (JSC::JSString::setLength):
1056         * runtime/JSStringInlines.h:
1057         (JSC::jsMakeNontrivialString):
1058         * runtime/Operations.h:
1059         (JSC::jsString):
1060
1061 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
1062
1063         [JSC] Add a C++ callable overload of objectConstructorSeal
1064         https://bugs.webkit.org/show_bug.cgi?id=190137
1065
1066         Reviewed by Yusuke Suzuki.
1067
1068         * runtime/ObjectConstructor.cpp:
1069         * runtime/ObjectConstructor.h:
1070
1071 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
1072
1073         Fix Disassembler-output on ARM Thumb2
1074         https://bugs.webkit.org/show_bug.cgi?id=190203
1075
1076         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
1077         execution in thumb mode for jumps and calls. The actual machine
1078         instructions are still aligned to 2-bytes though. Use dataLocation() as
1079         start address for disassembling since it unsets the thumb bit.
1080         Until now the disassembler would start at the wrong address (off by 1),
1081         resulting in the wrong disassembled machine instructions.
1082
1083         Reviewed by Mark Lam.
1084
1085         * disassembler/CapstoneDisassembler.cpp:
1086         (JSC::tryToDisassemble):
1087
1088 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1089
1090         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
1091         https://bugs.webkit.org/show_bug.cgi?id=190215
1092
1093         Reviewed by Mark Lam.
1094
1095         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
1096         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
1097         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
1098         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
1099         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
1100
1101         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
1102         non-JIT configurations. This does not have any functionality allocating executable memory, thus
1103         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
1104
1105         * jit/ExecutableAllocator.cpp:
1106         (JSC::ExecutableAllocator::initializeAllocator):
1107         (JSC::ExecutableAllocator::singleton):
1108         * jit/ExecutableAllocator.h:
1109         (JSC::ExecutableAllocator::isValid const):
1110         (JSC::ExecutableAllocator::underMemoryPressure):
1111         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1112         (JSC::ExecutableAllocator::dumpProfile):
1113         (JSC::ExecutableAllocator::allocate):
1114         (JSC::ExecutableAllocator::isValidExecutableMemory):
1115         (JSC::ExecutableAllocator::committedByteCount):
1116         (JSC::ExecutableAllocator::getLock const):
1117         (JSC::performJITMemcpy):
1118
1119 2018-10-01  Dean Jackson  <dino@apple.com>
1120
1121         Remove CSS Animation Triggers
1122         https://bugs.webkit.org/show_bug.cgi?id=190175
1123         <rdar://problem/44925626>
1124
1125         Reviewed by Simon Fraser.
1126
1127         * Configurations/FeatureDefines.xcconfig:
1128
1129 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
1130
1131         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1132         https://bugs.webkit.org/show_bug.cgi?id=190033
1133
1134         Reviewed by Yusuke Suzuki.
1135
1136         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1137         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1138         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1139         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1140         digit.
1141
1142         * runtime/JSBigInt.cpp:
1143         (JSC::JSBigInt::toString):
1144         (JSC::JSBigInt::toStringBasePowerOfTwo):
1145         * runtime/JSBigInt.h:
1146
1147 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1148
1149         [JSC] Add branchIfNaN and branchIfNotNaN
1150         https://bugs.webkit.org/show_bug.cgi?id=190122
1151
1152         Reviewed by Mark Lam.
1153
1154         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
1155
1156         * dfg/DFGSpeculativeJIT.cpp:
1157         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
1158         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
1159         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
1160         (JSC::DFG::SpeculativeJIT::compileSpread):
1161         (JSC::DFG::SpeculativeJIT::compileNewArray):
1162         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
1163         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
1164         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
1165         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
1166         * dfg/DFGSpeculativeJIT32_64.cpp:
1167         (JSC::DFG::SpeculativeJIT::compile):
1168         * dfg/DFGSpeculativeJIT64.cpp:
1169         (JSC::DFG::SpeculativeJIT::compile):
1170         * jit/AssemblyHelpers.cpp:
1171         (JSC::AssemblyHelpers::purifyNaN):
1172         * jit/AssemblyHelpers.h:
1173         (JSC::AssemblyHelpers::branchIfNaN):
1174         (JSC::AssemblyHelpers::branchIfNotNaN):
1175         * jit/JITPropertyAccess.cpp:
1176         (JSC::JIT::emitGenericContiguousPutByVal):
1177         (JSC::JIT::emitDoubleLoad):
1178         (JSC::JIT::emitFloatTypedArrayGetByVal):
1179         * jit/JITPropertyAccess32_64.cpp:
1180         (JSC::JIT::emitGenericContiguousPutByVal):
1181         * wasm/js/JSToWasm.cpp:
1182         (JSC::Wasm::createJSToWasmWrapper):
1183
1184 2018-10-01  Mark Lam  <mark.lam@apple.com>
1185
1186         Function.toString() should also copy the source code Functions that are class definitions.
1187         https://bugs.webkit.org/show_bug.cgi?id=190186
1188         <rdar://problem/44733360>
1189
1190         Reviewed by Saam Barati.
1191
1192         Previously, if the Function is a class definition, functionProtoFuncToString()
1193         would create a String using StringView::toStringWithoutCopying(), and use that
1194         String to make a JSString.  This is not a problem if the underlying SourceProvider
1195         (that backs the characters in that StringView) is immortal.  However, this is
1196         not always the case in practice.
1197
1198         This patch fixes this issue by changing functionProtoFuncToString() to create the
1199         String using StringView::toString() instead, which makes a copy of the underlying
1200         characters buffer.  This detaches the resultant JSString from the SourceProvider
1201         characters buffer that it was created from, and ensure that the underlying
1202         characters buffer of the string will be alive for the entire lifetime of the
1203         JSString.
1204
1205         * runtime/FunctionPrototype.cpp:
1206         (JSC::functionProtoFuncToString):
1207
1208 2018-10-01  Keith Miller  <keith_miller@apple.com>
1209
1210         Create a RELEASE_AND_RETURN macro for ExceptionScopes
1211         https://bugs.webkit.org/show_bug.cgi?id=190163
1212
1213         Reviewed by Mark Lam.
1214
1215         The new RELEASE_AND_RETURN does all the work for cases
1216         where you want to return the result of some expression
1217         without explicitly checking for an exception. This is
1218         much like the existing RETURN_IF_EXCEPTION macro.
1219
1220         * dfg/DFGOperations.cpp:
1221         (JSC::DFG::newTypedArrayWithSize):
1222         * interpreter/Interpreter.cpp:
1223         (JSC::eval):
1224         * jit/JITOperations.cpp:
1225         (JSC::getByVal):
1226         * jsc.cpp:
1227         (functionDollarAgentReceiveBroadcast):
1228         * llint/LLIntSlowPaths.cpp:
1229         (JSC::LLInt::setUpCall):
1230         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1231         (JSC::LLInt::varargsSetup):
1232         * profiler/ProfilerDatabase.cpp:
1233         (JSC::Profiler::Database::toJSON const):
1234         * runtime/AbstractModuleRecord.cpp:
1235         (JSC::AbstractModuleRecord::hostResolveImportedModule):
1236         * runtime/ArrayConstructor.cpp:
1237         (JSC::constructArrayWithSizeQuirk):
1238         * runtime/ArrayPrototype.cpp:
1239         (JSC::getProperty):
1240         (JSC::fastJoin):
1241         (JSC::arrayProtoFuncToString):
1242         (JSC::arrayProtoFuncToLocaleString):
1243         (JSC::arrayProtoFuncJoin):
1244         (JSC::arrayProtoFuncPop):
1245         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1246         * runtime/BigIntConstructor.cpp:
1247         (JSC::toBigInt):
1248         * runtime/CommonSlowPaths.h:
1249         (JSC::CommonSlowPaths::opInByVal):
1250         * runtime/ConstructData.cpp:
1251         (JSC::construct):
1252         * runtime/DateConstructor.cpp:
1253         (JSC::dateParse):
1254         * runtime/DatePrototype.cpp:
1255         (JSC::dateProtoFuncToPrimitiveSymbol):
1256         * runtime/DirectArguments.h:
1257         * runtime/ErrorConstructor.cpp:
1258         (JSC::Interpreter::constructWithErrorConstructor):
1259         * runtime/ErrorPrototype.cpp:
1260         (JSC::errorProtoFuncToString):
1261         * runtime/ExceptionScope.h:
1262         * runtime/FunctionConstructor.cpp:
1263         (JSC::constructFunction):
1264         * runtime/FunctionPrototype.cpp:
1265         (JSC::functionProtoFuncToString):
1266         * runtime/GenericArgumentsInlines.h:
1267         (JSC::GenericArguments<Type>::defineOwnProperty):
1268         * runtime/GetterSetter.cpp:
1269         (JSC::callGetter):
1270         * runtime/IntlCollatorConstructor.cpp:
1271         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1272         * runtime/IntlCollatorPrototype.cpp:
1273         (JSC::IntlCollatorFuncCompare):
1274         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
1275         * runtime/IntlDateTimeFormatConstructor.cpp:
1276         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1277         * runtime/IntlDateTimeFormatPrototype.cpp:
1278         (JSC::IntlDateTimeFormatFuncFormatDateTime):
1279         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
1280         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
1281         * runtime/IntlNumberFormatConstructor.cpp:
1282         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1283         * runtime/IntlNumberFormatPrototype.cpp:
1284         (JSC::IntlNumberFormatFuncFormatNumber):
1285         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
1286         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
1287         * runtime/IntlObject.cpp:
1288         (JSC::intlNumberOption):
1289         * runtime/IntlObjectInlines.h:
1290         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
1291         * runtime/IntlPluralRules.cpp:
1292         (JSC::IntlPluralRules::resolvedOptions):
1293         * runtime/IntlPluralRulesConstructor.cpp:
1294         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
1295         * runtime/IntlPluralRulesPrototype.cpp:
1296         (JSC::IntlPluralRulesPrototypeFuncSelect):
1297         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
1298         * runtime/JSArray.cpp:
1299         (JSC::JSArray::defineOwnProperty):
1300         (JSC::JSArray::put):
1301         (JSC::JSArray::setLength):
1302         (JSC::JSArray::unshiftCountWithAnyIndexingType):
1303         * runtime/JSArrayBufferPrototype.cpp:
1304         (JSC::arrayBufferProtoGetterFuncByteLength):
1305         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
1306         * runtime/JSArrayInlines.h:
1307         (JSC::toLength):
1308         * runtime/JSBoundFunction.cpp:
1309         (JSC::boundFunctionCall):
1310         (JSC::boundFunctionConstruct):
1311         * runtime/JSCJSValue.cpp:
1312         (JSC::JSValue::putToPrimitive):
1313         * runtime/JSCJSValueInlines.h:
1314         (JSC::JSValue::toIndex const):
1315         (JSC::JSValue::toPropertyKey const):
1316         (JSC::JSValue::get const):
1317         (JSC::JSValue::getPropertySlot const):
1318         (JSC::JSValue::getOwnPropertySlot const):
1319         (JSC::JSValue::equalSlowCaseInline):
1320         * runtime/JSDataView.cpp:
1321         (JSC::JSDataView::put):
1322         (JSC::JSDataView::defineOwnProperty):
1323         * runtime/JSFunction.cpp:
1324         (JSC::JSFunction::put):
1325         (JSC::JSFunction::defineOwnProperty):
1326         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1327         (JSC::constructGenericTypedArrayViewWithArguments):
1328         (JSC::constructGenericTypedArrayView):
1329         * runtime/JSGenericTypedArrayViewInlines.h:
1330         (JSC::JSGenericTypedArrayView<Adaptor>::set):
1331         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1332         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1333         (JSC::speciesConstruct):
1334         (JSC::genericTypedArrayViewProtoFuncJoin):
1335         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1336         * runtime/JSGlobalObject.cpp:
1337         (JSC::JSGlobalObject::put):
1338         * runtime/JSGlobalObjectFunctions.cpp:
1339         (JSC::decode):
1340         (JSC::globalFuncEval):
1341         (JSC::globalFuncProtoGetter):
1342         * runtime/JSInternalPromise.cpp:
1343         (JSC::JSInternalPromise::then):
1344         * runtime/JSModuleEnvironment.cpp:
1345         (JSC::JSModuleEnvironment::put):
1346         * runtime/JSModuleLoader.cpp:
1347         (JSC::JSModuleLoader::provideFetch):
1348         (JSC::JSModuleLoader::loadAndEvaluateModule):
1349         (JSC::JSModuleLoader::loadModule):
1350         (JSC::JSModuleLoader::linkAndEvaluateModule):
1351         (JSC::JSModuleLoader::requestImportModule):
1352         (JSC::JSModuleLoader::getModuleNamespaceObject):
1353         (JSC::moduleLoaderRequestedModules):
1354         * runtime/JSONObject.cpp:
1355         (JSC::Stringifier::stringify):
1356         (JSC::Stringifier::toJSON):
1357         (JSC::Walker::walk):
1358         (JSC::JSONProtoFuncStringify):
1359         * runtime/JSObject.cpp:
1360         (JSC::ordinarySetSlow):
1361         (JSC::JSObject::putInlineSlow):
1362         (JSC::JSObject::toPrimitive const):
1363         (JSC::JSObject::hasInstance):
1364         (JSC::JSObject::toNumber const):
1365         (JSC::JSObject::defineOwnIndexedProperty):
1366         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
1367         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
1368         (JSC::JSObject::defineOwnNonIndexProperty):
1369         * runtime/JSObject.h:
1370         (JSC::JSObject::get const):
1371         * runtime/JSObjectInlines.h:
1372         (JSC::JSObject::getPropertySlot const):
1373         (JSC::JSObject::putInlineForJSObject):
1374         * runtime/MapConstructor.cpp:
1375         (JSC::constructMap):
1376         * runtime/NativeErrorConstructor.cpp:
1377         (JSC::Interpreter::constructWithNativeErrorConstructor):
1378         * runtime/ObjectConstructor.cpp:
1379         (JSC::constructObject):
1380         (JSC::objectConstructorGetPrototypeOf):
1381         (JSC::objectConstructorGetOwnPropertyDescriptor):
1382         (JSC::objectConstructorGetOwnPropertyDescriptors):
1383         (JSC::objectConstructorGetOwnPropertyNames):
1384         (JSC::objectConstructorGetOwnPropertySymbols):
1385         (JSC::objectConstructorKeys):
1386         (JSC::objectConstructorDefineProperty):
1387         (JSC::objectConstructorDefineProperties):
1388         (JSC::objectConstructorCreate):
1389         * runtime/ObjectPrototype.cpp:
1390         (JSC::objectProtoFuncToLocaleString):
1391         (JSC::objectProtoFuncToString):
1392         * runtime/Operations.cpp:
1393         (JSC::jsAddSlowCase):
1394         * runtime/Operations.h:
1395         (JSC::jsString):
1396         (JSC::jsLess):
1397         (JSC::jsLessEq):
1398         * runtime/ParseInt.h:
1399         (JSC::toStringView):
1400         * runtime/ProxyConstructor.cpp:
1401         (JSC::constructProxyObject):
1402         * runtime/ProxyObject.cpp:
1403         (JSC::ProxyObject::toStringName):
1404         (JSC::performProxyGet):
1405         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
1406         (JSC::ProxyObject::performHasProperty):
1407         (JSC::ProxyObject::getOwnPropertySlotCommon):
1408         (JSC::ProxyObject::performPut):
1409         (JSC::ProxyObject::putByIndexCommon):
1410         (JSC::performProxyCall):
1411         (JSC::performProxyConstruct):
1412         (JSC::ProxyObject::performDelete):
1413         (JSC::ProxyObject::performPreventExtensions):
1414         (JSC::ProxyObject::performIsExtensible):
1415         (JSC::ProxyObject::performDefineOwnProperty):
1416         (JSC::ProxyObject::performSetPrototype):
1417         (JSC::ProxyObject::performGetPrototype):
1418         * runtime/ReflectObject.cpp:
1419         (JSC::reflectObjectConstruct):
1420         (JSC::reflectObjectDefineProperty):
1421         (JSC::reflectObjectGet):
1422         (JSC::reflectObjectGetOwnPropertyDescriptor):
1423         (JSC::reflectObjectGetPrototypeOf):
1424         (JSC::reflectObjectOwnKeys):
1425         (JSC::reflectObjectSet):
1426         * runtime/RegExpConstructor.cpp:
1427         (JSC::constructRegExp):
1428         * runtime/RegExpObject.cpp:
1429         (JSC::RegExpObject::defineOwnProperty):
1430         (JSC::RegExpObject::matchGlobal):
1431         * runtime/RegExpPrototype.cpp:
1432         (JSC::regExpProtoFuncTestFast):
1433         (JSC::regExpProtoFuncExec):
1434         (JSC::regExpProtoFuncToString):
1435         * runtime/ScriptExecutable.cpp:
1436         (JSC::ScriptExecutable::newCodeBlockFor):
1437         * runtime/SetConstructor.cpp:
1438         (JSC::constructSet):
1439         * runtime/SparseArrayValueMap.cpp:
1440         (JSC::SparseArrayValueMap::putEntry):
1441         (JSC::SparseArrayEntry::put):
1442         * runtime/StringConstructor.cpp:
1443         (JSC::stringFromCharCode):
1444         (JSC::stringFromCodePoint):
1445         * runtime/StringObject.cpp:
1446         (JSC::StringObject::put):
1447         (JSC::StringObject::putByIndex):
1448         (JSC::StringObject::defineOwnProperty):
1449         * runtime/StringPrototype.cpp:
1450         (JSC::jsSpliceSubstrings):
1451         (JSC::jsSpliceSubstringsWithSeparators):
1452         (JSC::removeUsingRegExpSearch):
1453         (JSC::replaceUsingRegExpSearch):
1454         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
1455         (JSC::replaceUsingStringSearch):
1456         (JSC::repeatCharacter):
1457         (JSC::replace):
1458         (JSC::stringProtoFuncReplaceUsingRegExp):
1459         (JSC::stringProtoFuncReplaceUsingStringSearch):
1460         (JSC::stringProtoFuncSplitFast):
1461         (JSC::stringProtoFuncToLowerCase):
1462         (JSC::stringProtoFuncToUpperCase):
1463         (JSC::toLocaleCase):
1464         (JSC::trimString):
1465         (JSC::stringProtoFuncIncludes):
1466         (JSC::builtinStringIncludesInternal):
1467         (JSC::normalize):
1468         (JSC::stringProtoFuncNormalize):
1469         * runtime/SymbolPrototype.cpp:
1470         (JSC::symbolProtoFuncToString):
1471         (JSC::symbolProtoFuncValueOf):
1472         * tools/JSDollarVM.cpp:
1473         (WTF::functionWasmStreamingParserAddBytes):
1474         (JSC::functionGetPrivateProperty):
1475         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1476         (JSC::constructJSWebAssemblyCompileError):
1477         * wasm/js/WebAssemblyModuleConstructor.cpp:
1478         (JSC::constructJSWebAssemblyModule):
1479         (JSC::WebAssemblyModuleConstructor::createModule):
1480         * wasm/js/WebAssemblyTableConstructor.cpp:
1481         (JSC::constructJSWebAssemblyTable):
1482         * wasm/js/WebAssemblyWrapperFunction.cpp:
1483         (JSC::callWebAssemblyWrapperFunction):
1484
1485 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
1486
1487         [JSC] Add a JSONStringify overload that receives a JSValue space
1488         https://bugs.webkit.org/show_bug.cgi?id=190131
1489
1490         Reviewed by Yusuke Suzuki.
1491
1492         * runtime/JSONObject.cpp:
1493         * runtime/JSONObject.h:
1494
1495 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1496
1497         Unreviewed, rolling out r236647.
1498         https://bugs.webkit.org/show_bug.cgi?id=190124
1499
1500         Breaking test stress/big-int-to-string.js (Requested by
1501         caiolima_ on #webkit).
1502
1503         Reverted changeset:
1504
1505         "[BigInt] BigInt.proptotype.toString is broken when radix is
1506         power of 2"
1507         https://bugs.webkit.org/show_bug.cgi?id=190033
1508         https://trac.webkit.org/changeset/236647
1509
1510 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1511
1512         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
1513         https://bugs.webkit.org/show_bug.cgi?id=189498
1514
1515         Reviewed by Saam Barati.
1516
1517         To call JS-to-Wasm code we need to convert the result value from wasm function to
1518         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
1519         over signature.returnType(). But since we know the value of `signature.returnType()`
1520         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
1521         and remove this switch from callWebAssemblyFunction.
1522
1523         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
1524         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
1525         we add an implementation for that.
1526
1527         * jit/AssemblyHelpers.h:
1528         (JSC::AssemblyHelpers::boxDouble):
1529         * wasm/js/JSToWasm.cpp:
1530         (JSC::Wasm::createJSToWasmWrapper):
1531         * wasm/js/WebAssemblyFunction.cpp:
1532         (JSC::callWebAssemblyFunction):
1533
1534 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1535
1536         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1537         https://bugs.webkit.org/show_bug.cgi?id=190033
1538
1539         Reviewed by Yusuke Suzuki.
1540
1541         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1542         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1543         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1544         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1545         digit.
1546
1547         * runtime/JSBigInt.cpp:
1548         (JSC::JSBigInt::toString):
1549         (JSC::JSBigInt::toStringBasePowerOfTwo):
1550         * runtime/JSBigInt.h:
1551
1552 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1553
1554         [ESNext][BigInt] Implement support for "&"
1555         https://bugs.webkit.org/show_bug.cgi?id=186228
1556
1557         Reviewed by Yusuke Suzuki.
1558
1559         This patch introduces support of BigInt into bitwise "&" operation.
1560         We are also introducing the ValueBitAnd DFG node, that is responsible
1561         to take care of JIT for non-Int32 operands. With the introduction of this
1562         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
1563         follows the behavior of ArithAdd and other arithmetic nodes, where
1564         the Arith<op> version always results in Number (in the case of
1565         ArithBitAnd, its is always an Int32).
1566
1567         * bytecode/CodeBlock.cpp:
1568         (JSC::CodeBlock::finishCreation):
1569         * bytecompiler/BytecodeGenerator.cpp:
1570         (JSC::BytecodeGenerator::emitBinaryOp):
1571         * dfg/DFGAbstractInterpreterInlines.h:
1572         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1573         * dfg/DFGBackwardsPropagationPhase.cpp:
1574         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1575         (JSC::DFG::BackwardsPropagationPhase::propagate):
1576         * dfg/DFGByteCodeParser.cpp:
1577         (JSC::DFG::ByteCodeParser::parseBlock):
1578         * dfg/DFGClobberize.h:
1579         (JSC::DFG::clobberize):
1580         * dfg/DFGDoesGC.cpp:
1581         (JSC::DFG::doesGC):
1582         * dfg/DFGFixupPhase.cpp:
1583         (JSC::DFG::FixupPhase::fixupNode):
1584         * dfg/DFGNodeType.h:
1585         * dfg/DFGOperations.cpp:
1586         * dfg/DFGOperations.h:
1587         * dfg/DFGPredictionPropagationPhase.cpp:
1588         * dfg/DFGSafeToExecute.h:
1589         (JSC::DFG::safeToExecute):
1590         * dfg/DFGSpeculativeJIT.cpp:
1591         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
1592         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
1593         * dfg/DFGSpeculativeJIT.h:
1594         (JSC::DFG::SpeculativeJIT::bitOp):
1595         * dfg/DFGSpeculativeJIT32_64.cpp:
1596         (JSC::DFG::SpeculativeJIT::compile):
1597         * dfg/DFGSpeculativeJIT64.cpp:
1598         (JSC::DFG::SpeculativeJIT::compile):
1599         * dfg/DFGStrengthReductionPhase.cpp:
1600         (JSC::DFG::StrengthReductionPhase::handleNode):
1601         * ftl/FTLCapabilities.cpp:
1602         (JSC::FTL::canCompile):
1603         * ftl/FTLLowerDFGToB3.cpp:
1604         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1605         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
1606         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
1607         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
1608         * jit/JIT.h:
1609         * jit/JITArithmetic.cpp:
1610         (JSC::JIT::emitBitBinaryOpFastPath):
1611         (JSC::JIT::emit_op_bitand):
1612         * llint/LowLevelInterpreter32_64.asm:
1613         * llint/LowLevelInterpreter64.asm:
1614         * runtime/CommonSlowPaths.cpp:
1615         (JSC::SLOW_PATH_DECL):
1616         * runtime/JSBigInt.cpp:
1617         (JSC::JSBigInt::JSBigInt):
1618         (JSC::JSBigInt::initialize):
1619         (JSC::JSBigInt::createZero):
1620         (JSC::JSBigInt::createFrom):
1621         (JSC::JSBigInt::bitwiseAnd):
1622         (JSC::JSBigInt::absoluteBitwiseOp):
1623         (JSC::JSBigInt::absoluteAnd):
1624         (JSC::JSBigInt::absoluteOr):
1625         (JSC::JSBigInt::absoluteAndNot):
1626         (JSC::JSBigInt::absoluteAddOne):
1627         (JSC::JSBigInt::absoluteSubOne):
1628         * runtime/JSBigInt.h:
1629         * runtime/JSCJSValue.h:
1630         * runtime/JSCJSValueInlines.h:
1631         (JSC::JSValue::toBigIntOrInt32 const):
1632
1633 2018-09-28  Mark Lam  <mark.lam@apple.com>
1634
1635         Gardening: speculative build fix.
1636         <rdar://problem/44869924>
1637
1638         Not reviewed.
1639
1640         * assembler/LinkBuffer.cpp:
1641         (JSC::LinkBuffer::copyCompactAndLinkCode):
1642
1643 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
1644
1645         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
1646         https://bugs.webkit.org/show_bug.cgi?id=190080
1647
1648         Reviewed by Mark Lam.
1649
1650         * assembler/ARMv7Assembler.h:
1651         (JSC::ARMv7Assembler::link):
1652         (JSC::ARMv7Assembler::linkJumpT1):
1653         (JSC::ARMv7Assembler::linkJumpT2):
1654         (JSC::ARMv7Assembler::linkJumpT3):
1655         (JSC::ARMv7Assembler::linkJumpT4):
1656         (JSC::ARMv7Assembler::linkConditionalJumpT4):
1657         (JSC::ARMv7Assembler::linkBX):
1658         (JSC::ARMv7Assembler::linkConditionalBX):
1659         * assembler/MacroAssemblerARMv7.h:
1660         (JSC::MacroAssemblerARMv7::link):
1661
1662 2018-09-27  Saam barati  <sbarati@apple.com>
1663
1664         Verify the contents of AssemblerBuffer on arm64e
1665         https://bugs.webkit.org/show_bug.cgi?id=190057
1666         <rdar://problem/38916630>
1667
1668         Reviewed by Mark Lam.
1669
1670         * assembler/ARM64Assembler.h:
1671         (JSC::ARM64Assembler::ARM64Assembler):
1672         (JSC::ARM64Assembler::fillNops):
1673         (JSC::ARM64Assembler::link):
1674         (JSC::ARM64Assembler::linkJumpOrCall):
1675         (JSC::ARM64Assembler::linkCompareAndBranch):
1676         (JSC::ARM64Assembler::linkConditionalBranch):
1677         (JSC::ARM64Assembler::linkTestAndBranch):
1678         (JSC::ARM64Assembler::unlinkedCode): Deleted.
1679         * assembler/ARMAssembler.h:
1680         (JSC::ARMAssembler::fillNops):
1681         * assembler/ARMv7Assembler.h:
1682         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
1683         * assembler/AbstractMacroAssembler.h:
1684         (JSC::AbstractMacroAssembler::emitNops):
1685         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
1686         * assembler/AssemblerBuffer.h:
1687         (JSC::ARM64EHash::ARM64EHash):
1688         (JSC::ARM64EHash::update):
1689         (JSC::ARM64EHash::hash const):
1690         (JSC::ARM64EHash::randomSeed const):
1691         (JSC::AssemblerBuffer::AssemblerBuffer):
1692         (JSC::AssemblerBuffer::putShort):
1693         (JSC::AssemblerBuffer::putIntUnchecked):
1694         (JSC::AssemblerBuffer::putInt):
1695         (JSC::AssemblerBuffer::hash const):
1696         (JSC::AssemblerBuffer::data const):
1697         (JSC::AssemblerBuffer::putIntegralUnchecked):
1698         (JSC::AssemblerBuffer::append): Deleted.
1699         * assembler/LinkBuffer.cpp:
1700         (JSC::LinkBuffer::copyCompactAndLinkCode):
1701         * assembler/MIPSAssembler.h:
1702         (JSC::MIPSAssembler::fillNops):
1703         * assembler/MacroAssemblerARM64.h:
1704         (JSC::MacroAssemblerARM64::jumpsToLink):
1705         (JSC::MacroAssemblerARM64::link):
1706         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
1707         * assembler/MacroAssemblerARMv7.h:
1708         (JSC::MacroAssemblerARMv7::jumpsToLink):
1709         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
1710         * assembler/X86Assembler.h:
1711         (JSC::X86Assembler::fillNops):
1712
1713 2018-09-27  Mark Lam  <mark.lam@apple.com>
1714
1715         ByValInfo should not use integer offsets.
1716         https://bugs.webkit.org/show_bug.cgi?id=190070
1717         <rdar://problem/44803430>
1718
1719         Reviewed by Saam Barati.
1720
1721         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
1722
1723         * bytecode/ByValInfo.h:
1724         (JSC::ByValInfo::ByValInfo):
1725         * jit/JIT.cpp:
1726         (JSC::JIT::link):
1727         * jit/JITOpcodes.cpp:
1728         (JSC::JIT::privateCompileHasIndexedProperty):
1729         * jit/JITOpcodes32_64.cpp:
1730         (JSC::JIT::privateCompileHasIndexedProperty):
1731         * jit/JITPropertyAccess.cpp:
1732         (JSC::JIT::privateCompileGetByVal):
1733         (JSC::JIT::privateCompileGetByValWithCachedId):
1734         (JSC::JIT::privateCompilePutByVal):
1735         (JSC::JIT::privateCompilePutByValWithCachedId):
1736
1737 2018-09-27  Saam barati  <sbarati@apple.com>
1738
1739         DFG::OSRExit::m_patchableCodeOffset should not be an int
1740         https://bugs.webkit.org/show_bug.cgi?id=190066
1741         <rdar://problem/39498244>
1742
1743         Reviewed by Mark Lam.
1744
1745         * dfg/DFGJITCompiler.cpp:
1746         (JSC::DFG::JITCompiler::linkOSRExits):
1747         (JSC::DFG::JITCompiler::link):
1748         * dfg/DFGOSRExit.cpp:
1749         (JSC::DFG::OSRExit::codeLocationForRepatch const):
1750         (JSC::DFG::OSRExit::compileOSRExit):
1751         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
1752         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
1753         (JSC::DFG::OSRExit::correctJump): Deleted.
1754         * dfg/DFGOSRExit.h:
1755         * dfg/DFGOSRExitCompilationInfo.h:
1756
1757 2018-09-27  Saam barati  <sbarati@apple.com>
1758
1759         Don't use int offsets in StructureStubInfo
1760         https://bugs.webkit.org/show_bug.cgi?id=190064
1761         <rdar://problem/44784719>
1762
1763         Reviewed by Mark Lam.
1764
1765         * bytecode/InlineAccess.cpp:
1766         (JSC::linkCodeInline):
1767         * bytecode/StructureStubInfo.h:
1768         (JSC::StructureStubInfo::slowPathCallLocation):
1769         (JSC::StructureStubInfo::doneLocation):
1770         (JSC::StructureStubInfo::slowPathStartLocation):
1771         * jit/JITInlineCacheGenerator.cpp:
1772         (JSC::JITInlineCacheGenerator::finalize):
1773
1774 2018-09-27  Mark Lam  <mark.lam@apple.com>
1775
1776         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
1777         https://bugs.webkit.org/show_bug.cgi?id=190054
1778         <rdar://problem/44803543>
1779
1780         Reviewed by Saam Barati.
1781
1782         * dfg/DFGJITCode.h:
1783         (JSC::DFG::JITCode::appendOSREntryData):
1784         * dfg/DFGJITCompiler.cpp:
1785         (JSC::DFG::JITCompiler::noticeOSREntry):
1786         * dfg/DFGOSREntry.cpp:
1787         (JSC::DFG::OSREntryData::dumpInContext const):
1788         (JSC::DFG::prepareOSREntry):
1789         * dfg/DFGOSREntry.h:
1790         * runtime/JSCPtrTag.h:
1791
1792 2018-09-27  Mark Lam  <mark.lam@apple.com>
1793
1794         JITMathIC should not use integer offsets into machine code.
1795         https://bugs.webkit.org/show_bug.cgi?id=190030
1796         <rdar://problem/44803307>
1797
1798         Reviewed by Saam Barati.
1799
1800         We'll replace them with CodeLocation smart pointers instead.
1801
1802         * jit/JITMathIC.h:
1803         (JSC::isProfileEmpty):
1804
1805 2018-09-26  Mark Lam  <mark.lam@apple.com>
1806
1807         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
1808         https://bugs.webkit.org/show_bug.cgi?id=190022
1809         <rdar://problem/44800928>
1810
1811         Reviewed by Saam Barati.
1812
1813         * jit/ExecutableAllocator.cpp:
1814         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1815         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1816         * jit/ExecutableAllocator.h:
1817         (JSC::performJITMemcpy):
1818         * runtime/Options.cpp:
1819         (JSC::recomputeDependentOptions):
1820
1821 2018-09-26  Mark Lam  <mark.lam@apple.com>
1822
1823         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
1824         https://bugs.webkit.org/show_bug.cgi?id=190016
1825         <rdar://problem/44802875>
1826
1827         Reviewed by Saam Barati.
1828
1829         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
1830         JIT memory.
1831
1832         * assembler/ARM64Assembler.h:
1833         (JSC::ARM64Assembler::fillNops):
1834         (JSC::ARM64Assembler::replaceWithVMHalt):
1835         (JSC::ARM64Assembler::replaceWithJump):
1836         (JSC::ARM64Assembler::replaceWithLoad):
1837         (JSC::ARM64Assembler::replaceWithAddressComputation):
1838         (JSC::ARM64Assembler::setPointer):
1839         (JSC::ARM64Assembler::repatchInt32):
1840         (JSC::ARM64Assembler::repatchCompact):
1841         (JSC::ARM64Assembler::linkJumpOrCall):
1842         (JSC::ARM64Assembler::linkCompareAndBranch):
1843         (JSC::ARM64Assembler::linkConditionalBranch):
1844         (JSC::ARM64Assembler::linkTestAndBranch):
1845         * assembler/LinkBuffer.cpp:
1846         (JSC::LinkBuffer::copyCompactAndLinkCode):
1847         (JSC::LinkBuffer::linkCode):
1848         * jit/ExecutableAllocator.h:
1849         (JSC::performJITMemcpy):
1850
1851 2018-09-25  Keith Miller  <keith_miller@apple.com>
1852
1853         Move Symbol API to SPI
1854         https://bugs.webkit.org/show_bug.cgi?id=189946
1855
1856         Reviewed by Michael Saboff.
1857
1858         Some of the property access methods on JSValue needed to be moved
1859         to a category so that SPI overloads don't result in a compiler
1860         error for internal users.
1861
1862         Additionally, this patch does not move the new enum entry for
1863         Symbols in the JSType enumeration.
1864
1865         * API/JSObjectRef.h:
1866         * API/JSObjectRefPrivate.h:
1867         * API/JSValue.h:
1868         * API/JSValuePrivate.h:
1869         * API/JSValueRef.h:
1870
1871 2018-09-26  Keith Miller  <keith_miller@apple.com>
1872
1873         We should zero unused property storage when rebalancing array storage.
1874         https://bugs.webkit.org/show_bug.cgi?id=188151
1875
1876         Reviewed by Michael Saboff.
1877
1878         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
1879         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
1880         property storage.
1881
1882         * runtime/JSArray.cpp:
1883         (JSC::JSArray::unshiftCountSlowCase):
1884
1885 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1886
1887         Unreviewed, add scope verification handling
1888         https://bugs.webkit.org/show_bug.cgi?id=189780
1889
1890         * runtime/ArrayPrototype.cpp:
1891         (JSC::arrayProtoFuncIndexOf):
1892         (JSC::arrayProtoFuncLastIndexOf):
1893
1894 2018-09-26  Koby Boyango  <koby.b@mce.systems>
1895
1896         [JSC] offlineasm parser should handle CRLF in asm files
1897         https://bugs.webkit.org/show_bug.cgi?id=189949
1898
1899         Reviewed by Mark Lam.
1900
1901         * offlineasm/parser.rb:
1902
1903 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1904
1905         [JSC] Optimize Array#lastIndexOf
1906         https://bugs.webkit.org/show_bug.cgi?id=189780
1907
1908         Reviewed by Saam Barati.
1909
1910         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
1911         for JSArray with contiguous storage.
1912
1913         * runtime/ArrayPrototype.cpp:
1914         (JSC::arrayProtoFuncLastIndexOf):
1915
1916 2018-09-25  Saam Barati  <sbarati@apple.com>
1917
1918         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1919         https://bugs.webkit.org/show_bug.cgi?id=189940
1920         <rdar://problem/43640987>
1921
1922         Reviewed by Mark Lam.
1923
1924         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
1925         CodeBlock. There is nothing semantically wrong with doing that (except for
1926         poor naming), however, the poor naming here led us to make a real semantic
1927         mistake. We wanted the baseline CodeBlock's constant pool, but we were
1928         accessing the FTL CodeBlock's constant pool accidentally. We need to
1929         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
1930         constant value.
1931
1932         * bytecode/InlineCallFrame.h:
1933         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
1934         * ftl/FTLOperations.cpp:
1935         (JSC::FTL::operationMaterializeObjectInOSR):
1936
1937 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
1938
1939         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
1940         https://bugs.webkit.org/show_bug.cgi?id=189962
1941         <rdar://problem/44648287>
1942
1943         Reviewed by Brian Burg.
1944
1945         * inspector/scripts/codegen/generate_objc_header.py:
1946         (ObjCHeaderGenerator._callback_block_for_command):
1947         If there are no return parameters include "void" in the block signature.
1948
1949         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
1950         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
1951         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1952         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1953         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
1954         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
1955         Rebaseline test results.
1956
1957 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
1958
1959         Remove AUTHORS and THANKS files which are stale
1960         https://bugs.webkit.org/show_bug.cgi?id=189941
1961
1962         Reviewed by Darin Adler.
1963
1964         Included mentions below so their names are still in ChangeLogs.
1965
1966         * AUTHORS: Removed.
1967         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
1968         These authors remain mentioned in copyrights in source files.
1969
1970         * THANKS: Removed.
1971         Richard Moore <rich@kde.org> - for filling the Math object with some life
1972         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
1973         Marco Pinelli <pinmc@libero.it> - for his patches
1974         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
1975         
1976 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
1977
1978         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
1979         https://bugs.webkit.org/show_bug.cgi?id=189733
1980
1981         Reviewed by Michael Catanzaro.
1982
1983         * assembler/ARM64Assembler.h:
1984         * assembler/ARMAssembler.h:
1985         (JSC::ARMAssembler::cacheFlush):
1986         * assembler/MacroAssemblerARM.cpp:
1987         (JSC::isVFPPresent):
1988         * assembler/MacroAssemblerARM64.cpp:
1989         * assembler/MacroAssemblerARMv7.cpp:
1990         * assembler/MacroAssemblerMIPS.cpp:
1991         * assembler/MacroAssemblerX86Common.cpp:
1992         * heap/HeapCell.cpp:
1993         * heap/HeapCell.h:
1994         * jit/HostCallReturnValue.h:
1995         * jit/JIT.h:
1996         * jit/JITOperations.cpp:
1997         * jit/ThunkGenerators.cpp:
1998         * runtime/ArrayConventions.cpp:
1999         (JSC::clearArrayMemset):
2000         * runtime/JSBigInt.cpp:
2001         (JSC::JSBigInt::digitDiv):
2002
2003 2018-09-24  Saam Barati  <sbarati@apple.com>
2004
2005         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
2006         https://bugs.webkit.org/show_bug.cgi?id=189922
2007         <rdar://problem/44651275>
2008
2009         Reviewed by Mark Lam.
2010
2011         The implementation was first getting the length to iterate up to,
2012         then getting the starting index. However, getting the starting
2013         index may perform effects. e.g, it could change the length of the
2014         array. This changes it so we verify the length is still valid.
2015
2016         * runtime/ArrayPrototype.cpp:
2017         (JSC::arrayProtoFuncIndexOf):
2018
2019 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
2020
2021         offlineasm: fix macro scoping
2022         https://bugs.webkit.org/show_bug.cgi?id=189902
2023
2024         Reviewed by Mark Lam.
2025
2026         In the code below, the reference to `f` in `g`, which should refer to
2027         the outer macro definition will instead refer to the f argument of the
2028         anonymous macro passed to `g`. That leads to this code failing to
2029         compile (f expected 0 args but got 1).
2030         
2031         ```
2032         macro f(x)
2033             move x, t0
2034         end
2035         
2036         macro g(fn)
2037             fn(macro () f(42) end)
2038         end
2039         
2040         g(macro(f) f() end)
2041         ```
2042
2043         * offlineasm/ast.rb:
2044         * offlineasm/transform.rb:
2045
2046 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
2047
2048         Add forEach method for iterating CodeBlock's ValueProfiles
2049         https://bugs.webkit.org/show_bug.cgi?id=189897
2050
2051         Reviewed by Mark Lam.
2052
2053         Add method to abstract how we find ValueProfiles in a CodeBlock in
2054         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
2055         ValueProfiles will be stored in the MetadataTable.
2056
2057         * bytecode/CodeBlock.cpp:
2058         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2059         (JSC::CodeBlock::updateAllValueProfilePredictions):
2060         (JSC::CodeBlock::shouldOptimizeNow):
2061         (JSC::CodeBlock::dumpValueProfiles):
2062         * bytecode/CodeBlock.h:
2063         (JSC::CodeBlock::forEachValueProfile):
2064         (JSC::CodeBlock::numberOfArgumentValueProfiles):
2065         (JSC::CodeBlock::valueProfileForArgument):
2066         (JSC::CodeBlock::numberOfValueProfiles):
2067         (JSC::CodeBlock::valueProfile):
2068         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
2069         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
2070         * tools/HeapVerifier.cpp:
2071         (JSC::HeapVerifier::validateJSCell):
2072
2073 2018-09-24  Saam barati  <sbarati@apple.com>
2074
2075         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
2076         https://bugs.webkit.org/show_bug.cgi?id=189682
2077         <rdar://problem/43557315>
2078
2079         Reviewed by Mark Lam.
2080
2081         Otherwise, if we have code like this:
2082         ```
2083         a: Arguments
2084         b: GetButterfly(@a)
2085         c: ForceExit
2086         d: GetArrayLength(@a, @b)
2087         ```
2088         it will get transformed into this invalid DFG IR:
2089         ```
2090         a: PhantomArguments
2091         b: Check(@a)
2092         c: ForceExit
2093         d: GetArrayLength(@a, @b)
2094         ```
2095         
2096         And we will fail DFG validation since @b does not have a result.
2097         
2098         The fix is to just remove all nodes after the ForceExit and plant an
2099         Unreachable after it. So the above code program will now turn into this:
2100         ```
2101         a: PhantomArguments
2102         b: Check(@a)
2103         c: ForceExit
2104         e: Unreachable
2105         ```
2106
2107         * dfg/DFGArgumentsEliminationPhase.cpp:
2108
2109 2018-09-22  Saam barati  <sbarati@apple.com>
2110
2111         The sampling should not use Strong<CodeBlock> in its machineLocation field
2112         https://bugs.webkit.org/show_bug.cgi?id=189319
2113
2114         Reviewed by Filip Pizlo.
2115
2116         The sampling profiler has a CLI mode where we gather information about inline
2117         call frames. That data structure was using a Strong<CodeBlock>. We were
2118         constructing this Strong<CodeBlock> during GC concurrently to processing all
2119         the Strong handles. This is a bug since we end up corrupting that data
2120         structure. This patch fixes this by just making this data structure use the
2121         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
2122
2123         * inspector/agents/InspectorScriptProfilerAgent.cpp:
2124         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
2125         * runtime/SamplingProfiler.cpp:
2126         (JSC::SamplingProfiler::processUnverifiedStackTraces):
2127
2128         (JSC::SamplingProfiler::reportTopFunctions):
2129         (JSC::SamplingProfiler::reportTopBytecodes):
2130         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
2131         cause a GC to happen while already holding the sampling profiler's
2132         lock.
2133
2134 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2135
2136         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
2137         https://bugs.webkit.org/show_bug.cgi?id=189778
2138
2139         Reviewed by Keith Miller.
2140
2141         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
2142         Linux and macOS respectively. We would like to enable it for non JIT
2143         configurations in X86_64 and ARM64.
2144
2145         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
2146         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
2147         configuration. But it is wrong in the new scenario since we have a build
2148         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
2149         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
2150         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
2151         related to LLInt ASM interpreter and not related to JIT.
2152
2153         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
2154         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
2155         has machine register information that is used in LLInt ASM interpreter.
2156
2157         * API/tests/PingPongStackOverflowTest.cpp:
2158         (testPingPongStackOverflow):
2159         * CMakeLists.txt:
2160         * JavaScriptCore.xcodeproj/project.pbxproj:
2161         * assembler/MaxFrameExtentForSlowPathCall.h:
2162         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
2163         * bytecode/CodeBlock.cpp:
2164         (JSC::CodeBlock::finishCreation):
2165         * bytecode/CodeBlock.h:
2166         (JSC::CodeBlock::calleeSaveRegisters const):
2167         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
2168         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2169         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
2170         * bytecode/Opcode.h:
2171         (JSC::padOpcodeName):
2172         * heap/Heap.cpp:
2173         (JSC::Heap::gatherJSStackRoots):
2174         (JSC::Heap::stopThePeriphery):
2175         * interpreter/CLoopStack.cpp:
2176         * interpreter/CLoopStack.h:
2177         * interpreter/CLoopStackInlines.h:
2178         * interpreter/EntryFrame.h:
2179         * interpreter/Interpreter.cpp:
2180         (JSC::Interpreter::Interpreter):
2181         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
2182         * interpreter/Interpreter.h:
2183         * interpreter/StackVisitor.cpp:
2184         (JSC::StackVisitor::Frame::calleeSaveRegisters):
2185         * interpreter/VMEntryRecord.h:
2186         * jit/ExecutableAllocator.h:
2187         * jit/FPRInfo.h:
2188         (WTF::printInternal):
2189         * jit/GPRInfo.cpp:
2190         * jit/GPRInfo.h:
2191         (WTF::printInternal):
2192         * jit/HostCallReturnValue.cpp:
2193         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
2194         * jit/HostCallReturnValue.h:
2195         * jit/JITOperations.cpp:
2196         (JSC::getHostCallReturnValueWithExecState): Deleted.
2197         * jit/JITOperationsMSVC64.cpp:
2198         * jit/Reg.cpp:
2199         * jit/Reg.h:
2200         * jit/RegisterAtOffset.cpp:
2201         * jit/RegisterAtOffset.h:
2202         * jit/RegisterAtOffsetList.cpp:
2203         * jit/RegisterAtOffsetList.h:
2204         * jit/RegisterMap.h:
2205         * jit/RegisterSet.cpp:
2206         * jit/RegisterSet.h:
2207         * jit/TempRegisterSet.cpp:
2208         * jit/TempRegisterSet.h:
2209         * llint/LLIntCLoop.cpp:
2210         * llint/LLIntCLoop.h:
2211         * llint/LLIntData.cpp:
2212         (JSC::LLInt::initialize):
2213         (JSC::LLInt::Data::performAssertions):
2214         * llint/LLIntData.h:
2215         * llint/LLIntOfflineAsmConfig.h:
2216         * llint/LLIntOpcode.h:
2217         * llint/LLIntPCRanges.h:
2218         * llint/LLIntSlowPaths.cpp:
2219         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2220         * llint/LLIntSlowPaths.h:
2221         * llint/LLIntThunks.cpp:
2222         * llint/LowLevelInterpreter.cpp:
2223         * llint/LowLevelInterpreter.h:
2224         * runtime/JSCJSValue.h:
2225         * runtime/MachineContext.h:
2226         * runtime/SamplingProfiler.cpp:
2227         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
2228         for LLInt ASM interpreter with non JIT configuration.
2229         * runtime/TestRunnerUtils.cpp:
2230         (JSC::optimizeNextInvocation):
2231         * runtime/VM.cpp:
2232         (JSC::VM::VM):
2233         (JSC::VM::getHostFunction):
2234         (JSC::VM::updateSoftReservedZoneSize):
2235         (JSC::sanitizeStackForVM):
2236         (JSC::VM::committedStackByteCount):
2237         * runtime/VM.h:
2238         * runtime/VMInlines.h:
2239         (JSC::VM::ensureStackCapacityFor):
2240         (JSC::VM::isSafeToRecurseSoft const):
2241
2242 2018-09-21  Keith Miller  <keith_miller@apple.com>
2243
2244         Add Promise SPI
2245         https://bugs.webkit.org/show_bug.cgi?id=189809
2246
2247         Reviewed by Saam Barati.
2248
2249         The Patch adds new SPI to create promises. It's mostly SPI because
2250         I want to see how internal users react to it before we make it
2251         public.
2252
2253         This patch adds a couple of new Obj-C SPI methods. The first
2254         creates a new promise using the same API that JS does where the
2255         user provides an executor callback. If an exception is raised
2256         in/to that callback the promise is automagically rejected. The
2257         other methods create a pre-resolved or rejected promise as this
2258         appears to be a common way to initialize a promise.
2259
2260         I was also considering adding a second version of executor API
2261         where it would catch specific Obj-C exceptions. This would work by
2262         taking a Class paramter and checking isKindOfClass: on the
2263         exception. I decided against this as nothing else in our API
2264         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2265         corrupt state if an Obj-C exception unwinds through JS frames.
2266
2267         This patch adds a new C function that will create a "deferred"
2268         promise. A deferred promise is a style of creating promise/futures
2269         where the resolve and reject functions are passed as outputs of a
2270         function. I went with this style for the C SPI because we don't have
2271         any concept of forwarding exceptions in the C API.
2272
2273         In order to make the C API work I refactored a bit of the promise code
2274         so that we can call a static method on JSDeferredPromise and just get
2275         the components without allocating an extra cell wrapper.
2276
2277         * API/JSContext.mm:
2278         (+[JSContext currentCallee]):
2279         * API/JSObjectRef.cpp:
2280         (JSObjectMakeDeferredPromise):
2281         * API/JSObjectRefPrivate.h:
2282         * API/JSValue.mm:
2283         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2284         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2285         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2286         * API/JSValuePrivate.h: Added.
2287         * API/JSVirtualMachine.mm:
2288         * API/JSVirtualMachinePrivate.h:
2289         * API/tests/testapi.c:
2290         (main):
2291         * API/tests/testapi.cpp:
2292         (APIContext::operator JSC::ExecState*):
2293         (TestAPI::failed const):
2294         (TestAPI::check):
2295         (TestAPI::basicSymbol):
2296         (TestAPI::symbolsTypeof):
2297         (TestAPI::symbolsGetPropertyForKey):
2298         (TestAPI::symbolsSetPropertyForKey):
2299         (TestAPI::symbolsHasPropertyForKey):
2300         (TestAPI::symbolsDeletePropertyForKey):
2301         (TestAPI::promiseResolveTrue):
2302         (TestAPI::promiseRejectTrue):
2303         (testCAPIViaCpp):
2304         (TestAPI::run): Deleted.
2305         * API/tests/testapi.mm:
2306         (testObjectiveCAPIMain):
2307         (promiseWithExecutor):
2308         (promiseRejectOnJSException):
2309         (promiseCreateResolved):
2310         (promiseCreateRejected):
2311         (parallelPromiseResolveTest):
2312         (testObjectiveCAPI):
2313         * JavaScriptCore.xcodeproj/project.pbxproj:
2314         * runtime/JSInternalPromiseDeferred.cpp:
2315         (JSC::JSInternalPromiseDeferred::create):
2316         * runtime/JSPromise.h:
2317         * runtime/JSPromiseConstructor.cpp:
2318         (JSC::constructPromise):
2319         * runtime/JSPromiseDeferred.cpp:
2320         (JSC::JSPromiseDeferred::createDeferredData):
2321         (JSC::JSPromiseDeferred::create):
2322         (JSC::JSPromiseDeferred::finishCreation):
2323         (JSC::newPromiseCapability): Deleted.
2324         * runtime/JSPromiseDeferred.h:
2325         (JSC::JSPromiseDeferred::promise const):
2326         (JSC::JSPromiseDeferred::resolve const):
2327         (JSC::JSPromiseDeferred::reject const):
2328
2329 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
2330
2331         Unreviewed, rolling out r236359.
2332
2333         Broke the Windows build.
2334
2335         Reverted changeset:
2336
2337         "Add Promise SPI"
2338         https://bugs.webkit.org/show_bug.cgi?id=189809
2339         https://trac.webkit.org/changeset/236359
2340
2341 2018-09-21  Mark Lam  <mark.lam@apple.com>
2342
2343         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
2344         https://bugs.webkit.org/show_bug.cgi?id=189855
2345         <rdar://problem/44680181>
2346
2347         Reviewed by Filip Pizlo.
2348
2349         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
2350         ExecState* argument.  This is intentional so that resolveRope() does not throw
2351         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
2352         get the VM from the cell instead of via the ExecState.
2353
2354         Also removed an obsolete and unused field in JSString.
2355
2356         * runtime/JSString.cpp:
2357         (JSC::JSRopeString::resolveRope const):
2358         (JSC::JSRopeString::outOfMemory const):
2359         * runtime/JSString.h:
2360         (JSC::JSString::tryGetValue const):
2361
2362 2018-09-21  Michael Saboff  <msaboff@apple.com>
2363
2364         Add functions to measure memory footprint to JSC
2365         https://bugs.webkit.org/show_bug.cgi?id=189768
2366
2367         Reviewed by Saam Barati.
2368
2369         Rolling this back in again.
2370
2371         Provide system memory metrics for the current process to aid in memory reduction measurement and
2372         tuning using native JS tests.
2373
2374         * jsc.cpp:
2375         (MemoryFootprint::now):
2376         (MemoryFootprint::resetPeak):
2377         (GlobalObject::finishCreation):
2378         (JSCMemoryFootprint::JSCMemoryFootprint):
2379         (JSCMemoryFootprint::createStructure):
2380         (JSCMemoryFootprint::create):
2381         (JSCMemoryFootprint::finishCreation):
2382         (JSCMemoryFootprint::addProperty):
2383         (functionResetMemoryPeak):
2384
2385 2018-09-21  Keith Miller  <keith_miller@apple.com>
2386
2387         Add Promise SPI
2388         https://bugs.webkit.org/show_bug.cgi?id=189809
2389
2390         Reviewed by Saam Barati.
2391
2392         The Patch adds new SPI to create promises. It's mostly SPI because
2393         I want to see how internal users react to it before we make it
2394         public.
2395
2396         This patch adds a couple of new Obj-C SPI methods. The first
2397         creates a new promise using the same API that JS does where the
2398         user provides an executor callback. If an exception is raised
2399         in/to that callback the promise is automagically rejected. The
2400         other methods create a pre-resolved or rejected promise as this
2401         appears to be a common way to initialize a promise.
2402
2403         I was also considering adding a second version of executor API
2404         where it would catch specific Obj-C exceptions. This would work by
2405         taking a Class paramter and checking isKindOfClass: on the
2406         exception. I decided against this as nothing else in our API
2407         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2408         corrupt state if an Obj-C exception unwinds through JS frames.
2409
2410         This patch adds a new C function that will create a "deferred"
2411         promise. A deferred promise is a style of creating promise/futures
2412         where the resolve and reject functions are passed as outputs of a
2413         function. I went with this style for the C SPI because we don't have
2414         any concept of forwarding exceptions in the C API.
2415
2416         In order to make the C API work I refactored a bit of the promise code
2417         so that we can call a static method on JSDeferredPromise and just get
2418         the components without allocating an extra cell wrapper.
2419
2420         * API/JSContext.mm:
2421         (+[JSContext currentCallee]):
2422         * API/JSObjectRef.cpp:
2423         (JSObjectMakeDeferredPromise):
2424         * API/JSObjectRefPrivate.h:
2425         * API/JSValue.mm:
2426         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2427         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2428         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2429         * API/JSValuePrivate.h: Added.
2430         * API/JSVirtualMachine.mm:
2431         * API/JSVirtualMachinePrivate.h:
2432         * API/tests/testapi.c:
2433         (main):
2434         * API/tests/testapi.cpp:
2435         (APIContext::operator JSC::ExecState*):
2436         (TestAPI::failed const):
2437         (TestAPI::check):
2438         (TestAPI::basicSymbol):
2439         (TestAPI::symbolsTypeof):
2440         (TestAPI::symbolsGetPropertyForKey):
2441         (TestAPI::symbolsSetPropertyForKey):
2442         (TestAPI::symbolsHasPropertyForKey):
2443         (TestAPI::symbolsDeletePropertyForKey):
2444         (TestAPI::promiseResolveTrue):
2445         (TestAPI::promiseRejectTrue):
2446         (testCAPIViaCpp):
2447         (TestAPI::run): Deleted.
2448         * API/tests/testapi.mm:
2449         (testObjectiveCAPIMain):
2450         (promiseWithExecutor):
2451         (promiseRejectOnJSException):
2452         (promiseCreateResolved):
2453         (promiseCreateRejected):
2454         (parallelPromiseResolveTest):
2455         (testObjectiveCAPI):
2456         * JavaScriptCore.xcodeproj/project.pbxproj:
2457         * runtime/JSInternalPromiseDeferred.cpp:
2458         (JSC::JSInternalPromiseDeferred::create):
2459         * runtime/JSPromise.h:
2460         * runtime/JSPromiseConstructor.cpp:
2461         (JSC::constructPromise):
2462         * runtime/JSPromiseDeferred.cpp:
2463         (JSC::JSPromiseDeferred::createDeferredData):
2464         (JSC::JSPromiseDeferred::create):
2465         (JSC::JSPromiseDeferred::finishCreation):
2466         (JSC::newPromiseCapability): Deleted.
2467         * runtime/JSPromiseDeferred.h:
2468         (JSC::JSPromiseDeferred::promise const):
2469         (JSC::JSPromiseDeferred::resolve const):
2470         (JSC::JSPromiseDeferred::reject const):
2471
2472 2018-09-21  Truitt Savell  <tsavell@apple.com>
2473
2474         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
2475         https://bugs.webkit.org/show_bug.cgi?id=156674
2476
2477         Unreviewed Test Gardening
2478
2479         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2480         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2481
2482 2018-09-21  Mike Gorse  <mgorse@suse.com>
2483
2484         Build tools should work when the /usr/bin/python is python3
2485         https://bugs.webkit.org/show_bug.cgi?id=156674
2486
2487         Reviewed by Michael Catanzaro.
2488
2489         * Scripts/cssmin.py:
2490         * Scripts/generate-js-builtins.py:
2491         (do_open):
2492         (generate_bindings_for_builtins_files):
2493         * Scripts/generateIntlCanonicalizeLanguage.py:
2494         * Scripts/jsmin.py:
2495         (JavascriptMinify.minify.write):
2496         (JavascriptMinify):
2497         (JavascriptMinify.minify):
2498         * Scripts/make-js-file-arrays.py:
2499         (chunk):
2500         (main):
2501         * Scripts/wkbuiltins/__init__.py:
2502         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
2503         (generate_section_for_global_private_code_name_macro):
2504         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
2505         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
2506         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
2507         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
2508         * Scripts/wkbuiltins/builtins_model.py:
2509         (BuiltinFunction.__lt__):
2510         (BuiltinsCollection.copyrights):
2511         (BuiltinsCollection._parse_functions):
2512         * disassembler/udis86/ud_opcode.py:
2513         (UdOpcodeTables.pprint.printWalk):
2514         * generate-bytecode-files:
2515         * inspector/scripts/codegen/__init__.py:
2516         * inspector/scripts/codegen/cpp_generator.py:
2517         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2518         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
2519         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2520         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2521         (CppBackendDispatcherHeaderGenerator.generate_output):
2522         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2523         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2524         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2525         (CppBackendDispatcherImplementationGenerator.generate_output):
2526         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2527         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2528         (CppFrontendDispatcherHeaderGenerator.generate_output):
2529         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2530         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2531         (CppFrontendDispatcherImplementationGenerator.generate_output):
2532         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2533         (CppProtocolTypesHeaderGenerator.generate_output):
2534         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2535         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2536         (CppProtocolTypesImplementationGenerator.generate_output):
2537         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2538         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
2539         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2540         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2541         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
2542         * inspector/scripts/codegen/generate_js_backend_commands.py:
2543         (JSBackendCommandsGenerator.should_generate_domain):
2544         (JSBackendCommandsGenerator.domains_to_generate):
2545         (JSBackendCommandsGenerator.generate_output):
2546         (JSBackendCommandsGenerator.generate_domain):
2547         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2548         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2549         (ObjCBackendDispatcherHeaderGenerator.generate_output):
2550         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2551         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2552         (ObjCBackendDispatcherImplementationGenerator.generate_output):
2553         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
2554         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2555         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2556         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2557         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2558         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
2559         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2560         * inspector/scripts/codegen/generate_objc_header.py:
2561         (ObjCHeaderGenerator.generate_output):
2562         (ObjCHeaderGenerator._generate_type_interface):
2563         * inspector/scripts/codegen/generate_objc_internal_header.py:
2564         (ObjCInternalHeaderGenerator.generate_output):
2565         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2566         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2567         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
2568         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2569         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2570         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2571         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2572         (ObjCProtocolTypesImplementationGenerator.generate_output):
2573         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
2574         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2575         * inspector/scripts/codegen/generator.py:
2576         (Generator.non_supplemental_domains):
2577         (Generator.open_fields):
2578         (Generator.calculate_types_requiring_shape_assertions):
2579         (Generator._traverse_and_assign_enum_values):
2580         (Generator.stylized_name_for_enum_value):
2581         * inspector/scripts/codegen/models.py:
2582         (find_duplicates):
2583         * inspector/scripts/codegen/objc_generator.py:
2584         * wasm/generateWasm.py:
2585         (opcodeIterator):
2586         * yarr/generateYarrCanonicalizeUnicode:
2587         * yarr/generateYarrUnicodePropertyTables.py:
2588         * yarr/hasher.py:
2589         (stringHash):
2590
2591 2018-09-21  Tomas Popela  <tpopela@redhat.com>
2592
2593         [ARM] Build broken on armv7hl after r235517
2594         https://bugs.webkit.org/show_bug.cgi?id=189831
2595
2596         Reviewed by Yusuke Suzuki.
2597
2598         Add missing implementation of patchebleBranch8() for traditional ARM.
2599
2600         * assembler/MacroAssemblerARM.h:
2601         (JSC::MacroAssemblerARM::patchableBranch8):
2602
2603 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2604
2605         Unreviewed, rolling out r236293.
2606
2607         Internal build still broken.
2608
2609         Reverted changeset:
2610
2611         "Add functions to measure memory footprint to JSC"
2612         https://bugs.webkit.org/show_bug.cgi?id=189768
2613         https://trac.webkit.org/changeset/236293
2614
2615 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2616
2617         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
2618         https://bugs.webkit.org/show_bug.cgi?id=189558
2619
2620         Reviewed by Mark Lam.
2621
2622         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
2623
2624             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
2625
2626         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
2627         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
2628
2629         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
2630         And we propagate this value to the global atomic counter when rebalance happens.
2631
2632         We also reduce HeapCell::heap() access by using `vm.heap`.
2633
2634         * heap/SlotVisitor.cpp:
2635         (JSC::SlotVisitor::didStartMarking):
2636         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
2637         (JSC::SlotVisitor::drain):
2638         (JSC::SlotVisitor::performIncrementOfDraining):
2639         * heap/SlotVisitor.h:
2640         * heap/SlotVisitorInlines.h:
2641         (JSC::SlotVisitor::reportExtraMemoryVisited):
2642         * runtime/JSString.cpp:
2643         (JSC::JSRopeString::resolveRopeToAtomicString const):
2644         (JSC::JSRopeString::resolveRope const):
2645         * runtime/JSString.h:
2646         (JSC::JSString::finishCreation):
2647         * wasm/js/JSWebAssemblyInstance.cpp:
2648         (JSC::JSWebAssemblyInstance::finishCreation):
2649         * wasm/js/JSWebAssemblyMemory.cpp:
2650         (JSC::JSWebAssemblyMemory::finishCreation):
2651
2652 2018-09-20  Michael Saboff  <msaboff@apple.com>
2653
2654         Add functions to measure memory footprint to JSC
2655         https://bugs.webkit.org/show_bug.cgi?id=189768
2656
2657         Reviewed by Saam Barati.
2658
2659         Rolling this back in.
2660
2661         Provide system memory metrics for the current process to aid in memory reduction measurement and
2662         tuning using native JS tests.
2663
2664         * jsc.cpp:
2665         (MemoryFootprint::now):
2666         (MemoryFootprint::resetPeak):
2667         (GlobalObject::finishCreation):
2668         (JSCMemoryFootprint::JSCMemoryFootprint):
2669         (JSCMemoryFootprint::createStructure):
2670         (JSCMemoryFootprint::create):
2671         (JSCMemoryFootprint::finishCreation):
2672         (JSCMemoryFootprint::addProperty):
2673         (functionResetMemoryPeak):
2674
2675 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2676
2677         Unreviewed, rolling out r236235.
2678
2679         Breaks internal builds.
2680
2681         Reverted changeset:
2682
2683         "Add functions to measure memory footprint to JSC"
2684         https://bugs.webkit.org/show_bug.cgi?id=189768
2685         https://trac.webkit.org/changeset/236235
2686
2687 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
2688
2689         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
2690         https://bugs.webkit.org/show_bug.cgi?id=189730
2691
2692         Reviewed by Saam Barati.
2693
2694         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
2695
2696         * jit/JITMathIC.h:
2697         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
2698
2699 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2700
2701         [JSC] Optimize Array#indexOf in C++ runtime
2702         https://bugs.webkit.org/show_bug.cgi?id=189507
2703
2704         Reviewed by Saam Barati.
2705
2706         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
2707         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
2708         and actually it is working well, C++ Array#indexOf is called significant amount
2709         of time before tiering up, and it takes 6.74% of jsc main thread samples according
2710         to perf command in Linux. This is because C++ Array#indexOf is too generic and
2711         misses the chance to optimize JSArray cases.
2712
2713         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
2714         access to the given JSArray is non-observable and indexing type is good for the fast
2715         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
2716         babylon web-tooling-benchmark.
2717
2718         * runtime/ArrayPrototype.cpp:
2719         (JSC::arrayProtoFuncIndexOf):
2720         * runtime/JSArray.h:
2721         * runtime/JSArrayInlines.h:
2722         (JSC::JSArray::canDoFastIndexedAccess):
2723         (JSC::toLength):
2724         * runtime/JSCJSValueInlines.h:
2725         (JSC::JSValue::JSValue):
2726         * runtime/JSGlobalObject.h:
2727         * runtime/JSGlobalObjectInlines.h:
2728         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
2729         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
2730         * runtime/MathCommon.h:
2731         (JSC::canBeStrictInt32):
2732         (JSC::canBeInt32):
2733
2734 2018-09-19  Michael Saboff  <msaboff@apple.com>
2735
2736         Add functions to measure memory footprint to JSC
2737         https://bugs.webkit.org/show_bug.cgi?id=189768
2738
2739         Reviewed by Saam Barati.
2740
2741         Provide system memory metrics for the current process to aid in memory reduction measurement and
2742         tuning using native JS tests.
2743
2744         * jsc.cpp:
2745         (MemoryFootprint::now):
2746         (MemoryFootprint::resetPeak):
2747         (GlobalObject::finishCreation):
2748         (JSCMemoryFootprint::JSCMemoryFootprint):
2749         (JSCMemoryFootprint::createStructure):
2750         (JSCMemoryFootprint::create):
2751         (JSCMemoryFootprint::finishCreation):
2752         (JSCMemoryFootprint::addProperty):
2753         (functionResetMemoryPeak):
2754
2755 2018-09-19  Saam barati  <sbarati@apple.com>
2756
2757         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
2758         https://bugs.webkit.org/show_bug.cgi?id=189703
2759
2760         Reviewed by Mark Lam.
2761
2762         This fixes a crash that a TypeProfiler change revealed.
2763
2764         * dfg/DFGSpeculativeJIT64.cpp:
2765         (JSC::DFG::SpeculativeJIT::compile):
2766
2767 2018-09-19  Saam barati  <sbarati@apple.com>
2768
2769         AI rule for MultiPutByOffset executes its effects in the wrong order
2770         https://bugs.webkit.org/show_bug.cgi?id=189757
2771         <rdar://problem/43535257>
2772
2773         Reviewed by Michael Saboff.
2774
2775         The AI rule for MultiPutByOffset was executing effects in the wrong order.
2776         It first executed the transition effects and the effects on the base, and
2777         then executed the filtering effects on the value being stored. However, you
2778         can end up with the wrong type when the base and the value being stored
2779         are the same. E.g, in a program like `o.f = o`. These effects need to happen
2780         in the opposite order, modeling what happens in the runtime executing of
2781         MultiPutByOffset.
2782
2783         * dfg/DFGAbstractInterpreterInlines.h:
2784         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2785
2786 2018-09-18  Mark Lam  <mark.lam@apple.com>
2787
2788         Ensure that ForInContexts are invalidated if their loop local is over-written.
2789         https://bugs.webkit.org/show_bug.cgi?id=189571
2790         <rdar://problem/44402277>
2791
2792         Reviewed by Saam Barati.
2793
2794         Instead of hunting down every place in the BytecodeGenerator that potentially
2795         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
2796         the bytecode range of the loop body when the ForInContext is popped, and
2797         invalidate the context if we ever find the loop temp variable over-written.
2798
2799         This has 2 benefits:
2800         1. It ensures that every type of opcode that can write to the loop temp will be
2801            handled appropriately, not just the op_mov that we've hunted down.
2802         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
2803            every time we emit an op_mov (or other opcodes that can write to a local)
2804            even when we're not inside a for-in loop.
2805
2806         JSC benchmarks show that that this change is performance neutral.
2807
2808         * bytecompiler/BytecodeGenerator.cpp:
2809         (JSC::BytecodeGenerator::pushIndexedForInScope):
2810         (JSC::BytecodeGenerator::popIndexedForInScope):
2811         (JSC::BytecodeGenerator::pushStructureForInScope):
2812         (JSC::BytecodeGenerator::popStructureForInScope):
2813         (JSC::ForInContext::finalize):
2814         (JSC::StructureForInContext::finalize):
2815         (JSC::IndexedForInContext::finalize):
2816         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
2817         * bytecompiler/BytecodeGenerator.h:
2818         (JSC::ForInContext::ForInContext):
2819         (JSC::ForInContext::bodyBytecodeStartOffset const):
2820         (JSC::StructureForInContext::StructureForInContext):
2821         (JSC::IndexedForInContext::IndexedForInContext):
2822         * bytecompiler/NodesCodegen.cpp:
2823         (JSC::PostfixNode::emitResolve):
2824         (JSC::PrefixNode::emitResolve):
2825         (JSC::ReadModifyResolveNode::emitBytecode):
2826         (JSC::AssignResolveNode::emitBytecode):
2827         (JSC::EmptyLetExpression::emitBytecode):
2828         (JSC::ForInNode::emitLoopHeader):
2829         (JSC::ForOfNode::emitBytecode):
2830         (JSC::BindingNode::bindValue const):
2831         (JSC::AssignmentElementNode::bindValue const):
2832         * runtime/CommonSlowPaths.cpp:
2833         (JSC::SLOW_PATH_DECL):
2834
2835 2018-09-17  Devin Rousso  <drousso@apple.com>
2836
2837         Web Inspector: generate CSSKeywordCompletions from backend values
2838         https://bugs.webkit.org/show_bug.cgi?id=189041
2839
2840         Reviewed by Joseph Pecoraro.
2841
2842         * inspector/protocol/CSS.json:
2843         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
2844
2845 2018-09-17  Saam barati  <sbarati@apple.com>
2846
2847         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
2848         https://bugs.webkit.org/show_bug.cgi?id=189676
2849         <rdar://problem/39682897>
2850
2851         Reviewed by Michael Saboff.
2852
2853         Because the incoming value may be TDZ, CheckStructure may end up crashing.
2854         Since the Type Profile does not currently record TDZ values in any of its
2855         data structures, this is not a semantic change in how it will show you data.
2856         It just fixes crashes when we emit a CheckStructure and the incoming value
2857         is TDZ.
2858
2859         * dfg/DFGFixupPhase.cpp:
2860         (JSC::DFG::FixupPhase::fixupNode):
2861         * dfg/DFGNode.h:
2862         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
2863
2864 2018-09-17  Darin Adler  <darin@apple.com>
2865
2866         Use OpaqueJSString rather than JSRetainPtr inside WebKit
2867         https://bugs.webkit.org/show_bug.cgi?id=189652
2868
2869         Reviewed by Saam Barati.
2870
2871         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
2872         JSStringRef.h.
2873
2874         * API/JSContext.mm:
2875         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
2876         than JSStringCreateWithCFString, simplifying the code and also obviating the
2877         need for explicit JSStringRelease.
2878         (-[JSContext setName:]): Ditto.
2879
2880         * API/JSStringRef.cpp:
2881         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
2882         It seems that additional optimization is possible, obviating the need to allocate
2883         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
2884
2885         * API/JSValue.mm:
2886         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
2887         OpaqueJSString::create and adoptRef as appropriate.
2888         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
2889         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
2890         (performPropertyOperation): Ditto.
2891         (-[JSValue invokeMethod:withArguments:]): Ditto.
2892         (valueToObjectWithoutCopy): Ditto.
2893         (containerValueToObject): Ditto.
2894         (valueToString): Ditto.
2895         (objectToValueWithoutCopy): Ditto.
2896         (objectToValue): Ditto.
2897
2898 2018-09-08  Darin Adler  <darin@apple.com>
2899
2900         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
2901         https://bugs.webkit.org/show_bug.cgi?id=189455
2902
2903         Reviewed by Keith Miller.
2904
2905         * API/JSObjectRef.cpp:
2906         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
2907         JSRetainPtr<JSStringRef>.
2908         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
2909         adopt constructor.
2910         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
2911         the array elements are now Ref.
2912
2913         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
2914         it only works for two specific unrelated types, JSStringRef and
2915         JSGlobalContextRef. Simplified the default constructor using data
2916         member initialization. Prepared to make the adopt constructor private
2917         (got everything compiling that way, then made it public again so that
2918         Apple internal software will still build). Got rid of unneeded
2919         templated constructor and assignment operator, since it's not relevant
2920         since there is no inheritance between JSRetainPtr template types.
2921         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
2922         Added move constructor and move assignment operator for slightly better
2923         performance. Simplified implementations of various member functions
2924         so they are more obviously correct, by using leakPtr in more of them
2925         and using std::exchange to make the flow of values more obvious.
2926
2927         * API/JSValue.mm:
2928         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
2929         missing JSStringRelease to fix a leak.
2930
2931         * API/tests/CustomGlobalObjectClassTest.c:
2932         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
2933         (globalObjectSetPrototypeTest): Ditto.
2934         (globalObjectPrivatePropertyTest): Ditto.
2935
2936         * API/tests/ExecutionTimeLimitTest.cpp:
2937         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
2938         (testExecutionTimeLimit): Ditto, lots more.
2939
2940         * API/tests/FunctionOverridesTest.cpp:
2941         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
2942
2943         * API/tests/JSObjectGetProxyTargetTest.cpp:
2944         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
2945         a leak.
2946
2947         * API/tests/PingPongStackOverflowTest.cpp:
2948         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
2949         JSStringRelease to fix leaks.
2950
2951         * API/tests/testapi.c:
2952         (throwException): Added. Helper function for repeated idiom where we want
2953         to throw an exception, but with additional JSStringRelease calls so we don't
2954         have to leak just to keep the code simpler to read.
2955         (MyObject_getProperty): Use throwException.
2956         (MyObject_setProperty): Ditto.
2957         (MyObject_deleteProperty): Ditto.
2958         (isValueEqualToString): Added. Helper function for an idiom where we check
2959         if something is a string and then if it's equal to a particular string
2960         constant, but a version that has an additional JSStringRelease call so we
2961         don't have to leak just to keep the code simpler to read.
2962         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
2963         (MyObject_callAsConstructor): Ditto.
2964         (MyObject_hasInstance): Ditto.
2965         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
2966         (testMarkingConstraintsAndHeapFinalizers): Ditto.
2967
2968 2018-09-14  Saam barati  <sbarati@apple.com>
2969
2970         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
2971         https://bugs.webkit.org/show_bug.cgi?id=189628
2972         <rdar://problem/39481690>
2973
2974         Reviewed by Mark Lam.
2975
2976         An Availability may point to a Node. And that Node may be removed from
2977         the graph, e.g, it's freed and its memory is no longer owned by Graph.
2978         This patch makes it so we no longer dump this metadata by default. If
2979         this metadata is interesting to you, you'll need to go in and change
2980         Graph::dump to dump the needed metadata.
2981
2982         * dfg/DFGGraph.cpp:
2983         (JSC::DFG::Graph::dump):
2984
2985 2018-09-14  Mark Lam  <mark.lam@apple.com>
2986
2987         Refactor some ForInContext code for better encapsulation.
2988         https://bugs.webkit.org/show_bug.cgi?id=189626
2989         <rdar://problem/44466415>
2990
2991         Reviewed by Keith Miller.
2992
2993         1. Add a ForInContext::m_type field to store the context type.  This does not
2994            increase the class size, but eliminates the need for a virtual call to get the
2995            type.
2996
2997            Note: we still need a virtual destructor because we'll be mingling
2998            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
2999
3000         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
3001            convenience methods.
3002
3003         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
3004            to do the casting to the subclass types.  This ensures that we'll properly
3005            assert that the casting is legal.
3006
3007         * bytecompiler/BytecodeGenerator.cpp:
3008         (JSC::BytecodeGenerator::emitGetByVal):
3009         (JSC::BytecodeGenerator::popIndexedForInScope):
3010         (JSC::BytecodeGenerator::popStructureForInScope):
3011         * bytecompiler/BytecodeGenerator.h:
3012         (JSC::ForInContext::type const):
3013         (JSC::ForInContext::isIndexedForInContext const):
3014         (JSC::ForInContext::isStructureForInContext const):
3015         (JSC::ForInContext::asIndexedForInContext):
3016         (JSC::ForInContext::asStructureForInContext):
3017         (JSC::ForInContext::ForInContext):
3018         (JSC::StructureForInContext::StructureForInContext):
3019         (JSC::IndexedForInContext::IndexedForInContext):
3020         (JSC::ForInContext::~ForInContext): Deleted.
3021
3022 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
3023
3024         Web Inspector: Record actions performed on ImageBitmapRenderingContext
3025         https://bugs.webkit.org/show_bug.cgi?id=181341
3026
3027         Reviewed by Joseph Pecoraro.
3028
3029         * inspector/protocol/Recording.json:
3030         * inspector/scripts/codegen/generator.py:
3031
3032 2018-09-14  Mike Gorse  <mgorse@suse.com>
3033
3034         builtins directory causes name conflict on Python 3
3035         https://bugs.webkit.org/show_bug.cgi?id=189552
3036
3037         Reviewed by Michael Catanzaro.
3038
3039         * CMakeLists.txt: builtins -> wkbuiltins.
3040         * DerivedSources.make: builtins -> wkbuiltins.
3041         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
3042           builtins.
3043         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
3044         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
3045         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
3046         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
3047         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
3048         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
3049         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
3050         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
3051         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
3052         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
3053         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
3054         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
3055
3056 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3057
3058         [WebAssembly] Inline WasmContext accessor functions
3059         https://bugs.webkit.org/show_bug.cgi?id=189416
3060
3061         Reviewed by Saam Barati.
3062
3063         WasmContext accessor functions are very small while it resides in the critical path of
3064         JS to Wasm function call. This patch makes them inline to improve performance.
3065         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
3066
3067         * JavaScriptCore.xcodeproj/project.pbxproj:
3068         * Sources.txt:
3069         * interpreter/CallFrame.cpp:
3070         * jit/AssemblyHelpers.cpp:
3071         * wasm/WasmB3IRGenerator.cpp:
3072         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
3073         (JSC::Wasm::Context::useFastTLS):
3074         (JSC::Wasm::Context::load const):
3075         (JSC::Wasm::Context::store):
3076         * wasm/WasmMemoryInformation.cpp:
3077         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
3078         * wasm/js/JSToWasm.cpp:
3079         * wasm/js/WebAssemblyFunction.cpp:
3080
3081 2018-09-12  David Kilzer  <ddkilzer@apple.com>
3082
3083         Move JavaScriptCore files to match Xcode project hierarchy
3084         <https://webkit.org/b/189574>
3085
3086         Reviewed by Filip Pizlo.
3087
3088         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
3089         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
3090         * CMakeLists.txt: Update for new path to
3091         generateYarrUnicodePropertyTables.py, hasher.py and
3092         JSAPIValueWrapper.h.
3093         * DerivedSources.make: Ditto. Add missing dependency on
3094         hasher.py captured by CMakeLists.txt.
3095         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
3096         reference paths. Add hasher.py library to project.
3097         * Sources.txt: Update for new path to
3098         JSAPIValueWrapper.cpp.
3099         * runtime/JSImmutableButterfly.h: Add missing includes
3100         after changes to Sources.txt and regenerating unified
3101         sources.
3102         * runtime/RuntimeType.h: Ditto.
3103         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
3104         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
3105
3106 2018-09-12  David Kilzer  <ddkilzer@apple.com>
3107
3108         Let Xcode have its way with the JavaScriptCore project
3109
3110         * JavaScriptCore.xcodeproj/project.pbxproj:
3111
3112 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
3113
3114         Add IGNORE_WARNING_.* macros
3115         https://bugs.webkit.org/show_bug.cgi?id=188996
3116
3117         Reviewed by Michael Catanzaro.
3118
3119         * API/JSCallbackObject.h:
3120         * API/tests/testapi.c:
3121         * assembler/LinkBuffer.h:
3122         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
3123         * b3/B3LowerToAir.cpp:
3124         * b3/B3Opcode.cpp:
3125         * b3/B3Type.h:
3126         * b3/B3TypeMap.h:
3127         * b3/B3Width.h:
3128         * b3/air/AirArg.cpp:
3129         * b3/air/AirArg.h:
3130         * b3/air/AirCode.h:
3131         * bytecode/Opcode.h:
3132         (JSC::padOpcodeName):
3133         * dfg/DFGSpeculativeJIT.cpp:
3134         (JSC::DFG::SpeculativeJIT::speculateNumber):
3135         (JSC::DFG::SpeculativeJIT::speculateMisc):
3136         * dfg/DFGSpeculativeJIT64.cpp:
3137         * ftl/FTLOutput.h:
3138         * jit/CCallHelpers.h:
3139         (JSC::CCallHelpers::calculatePokeOffset):
3140         * llint/LLIntData.cpp:
3141         * llint/LLIntSlowPaths.cpp:
3142         (JSC::LLInt::slowPathLogF):
3143         * runtime/ConfigFile.cpp:
3144         (JSC::ConfigFile::canonicalizePaths):
3145         * runtime/JSDataViewPrototype.cpp:
3146         * runtime/JSGenericTypedArrayViewConstructor.h:
3147         * runtime/JSGenericTypedArrayViewPrototype.h:
3148         * runtime/Options.cpp:
3149         (JSC::Options::setAliasedOption):
3150         * tools/CodeProfiling.cpp:
3151         * wasm/WasmSections.h:
3152         * wasm/generateWasmValidateInlinesHeader.py:
3153
3154 == Rolled over to ChangeLog-2018-09-11 ==