JSC: BindingNode::bindValue doesn't increase the scope's reference count.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-10  Mark Lam  <mark.lam@apple.com>
2
3         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
4         https://bugs.webkit.org/show_bug.cgi?id=168546
5         <rdar://problem/30589551>
6
7         Reviewed by Saam Barati.
8
9         We should protect the scope RegisterID with a RefPtr while it is still needed.
10
11         * bytecompiler/NodesCodegen.cpp:
12         (JSC::ForInNode::emitLoopHeader):
13         (JSC::ForOfNode::emitBytecode):
14         (JSC::BindingNode::bindValue):
15
16 2017-03-10  Alex Christensen  <achristensen@webkit.org>
17
18         Fix CMake build.
19
20         * CMakeLists.txt:
21         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
22
23 2017-03-10  Mark Lam  <mark.lam@apple.com>
24
25         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
26         https://bugs.webkit.org/show_bug.cgi?id=169454
27
28         Reviewed by Michael Saboff.
29
30         The underlying implementation is hoisted right out of Assertions.cpp from the
31         implementations of WTFPrintBacktrace().
32
33         The reason we need this StackTrace object is because during heap debugging, we
34         sometimes want to capture the stack trace that allocated the objects of interest.
35         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
36         perturb the execution profile sufficiently that an issue may not reproduce,
37         while alternatively, just capturing the stack trace and deferring printing it
38         till we actually need it later perturbs the execution profile less.
39
40         In addition, just capturing the stack traces (instead of printing them
41         immediately at each capture site) allows us to avoid polluting stdout with tons
42         of stack traces that may be irrelevant.
43
44         For now, we only capture the native stack trace.  We'll leave capturing and
45         integrating the JS stack trace as an exercise for the future if we need it then.
46
47         Here's an example of how to use this StackTrace utility:
48
49             // Capture a stack trace of the top 10 frames.
50             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
51             // Print the trace.
52             dataLog(*trace);
53
54         * CMakeLists.txt:
55         * JavaScriptCore.xcodeproj/project.pbxproj:
56         * tools/StackTrace.cpp: Added.
57         (JSC::StackTrace::instanceSize):
58         (JSC::StackTrace::captureStackTrace):
59         (JSC::StackTrace::dump):
60         * tools/StackTrace.h: Added.
61         (JSC::StackTrace::size):
62         (JSC::StackTrace::StackTrace):
63
64 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
65
66         B3 should have comprehensive support for atomic operations
67         https://bugs.webkit.org/show_bug.cgi?id=162349
68
69         Reviewed by Keith Miller.
70         
71         This adds the following capabilities to B3:
72         
73         - Atomic weak/strong unfenced/fenced compare-and-swap
74         - Atomic add/sub/or/and/xor/xchg
75         - Acquire/release fencing on loads/stores
76         - Fenceless load-load dependencies
77         
78         This adds lowering to the following instructions on x86:
79         
80         - lock cmpxchg
81         - lock xadd
82         - lock add/sub/or/and/xor/xchg
83         
84         This adds lowering to the following instructions on ARM64:
85         
86         - ldar and friends
87         - stlr and friends
88         - ldxr and friends (unfenced LL)
89         - stxr and friends (unfended SC)
90         - ldaxr and friends (fenced LL)
91         - stlxr and friends (fenced SC)
92         - eor as a fenceless load-load dependency
93         
94         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
95         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
96         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
97         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
98         generate the best possible branch sequence on x86 and ARM64.
99         
100         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
101         respect to each other and with respect to rel stores, creating sequential consistency that
102         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
103         fence effects may only target some abstract heaps but not others, so that load elimination and
104         store sinking can still operate across fences if you just tell B3 that the fence does not alias
105         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
106         Even better, it lets you express fine-grained dependencies where the atomics that affect one
107         property in shared memory do not clobber non-atomics that ffect some other property in shared
108         memory.
109         
110         One of my favorite features is Depend, which allows you to express load-load dependencies. On
111         x86 it lowers to nothing, while on ARM64 it lowers to eor.
112         
113         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
114         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
115         
116         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
117         implementations of the Atomics object, for now.
118         
119         * CMakeLists.txt:
120         * JavaScriptCore.xcodeproj/project.pbxproj:
121         * assembler/ARM64Assembler.h:
122         (JSC::ARM64Assembler::ldar):
123         (JSC::ARM64Assembler::ldxr):
124         (JSC::ARM64Assembler::ldaxr):
125         (JSC::ARM64Assembler::stxr):
126         (JSC::ARM64Assembler::stlr):
127         (JSC::ARM64Assembler::stlxr):
128         (JSC::ARM64Assembler::excepnGenerationImmMask):
129         (JSC::ARM64Assembler::exoticLoad):
130         (JSC::ARM64Assembler::storeRelease):
131         (JSC::ARM64Assembler::exoticStore):
132         * assembler/AbstractMacroAssembler.cpp: Added.
133         (WTF::printInternal):
134         * assembler/AbstractMacroAssembler.h:
135         (JSC::AbstractMacroAssemblerBase::invert):
136         * assembler/MacroAssembler.h:
137         * assembler/MacroAssemblerARM64.h:
138         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
139         (JSC::MacroAssemblerARM64::loadAcq8):
140         (JSC::MacroAssemblerARM64::storeRel8):
141         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
142         (JSC::MacroAssemblerARM64::loadAcq16):
143         (JSC::MacroAssemblerARM64::storeRel16):
144         (JSC::MacroAssemblerARM64::loadAcq32):
145         (JSC::MacroAssemblerARM64::loadAcq64):
146         (JSC::MacroAssemblerARM64::storeRel32):
147         (JSC::MacroAssemblerARM64::storeRel64):
148         (JSC::MacroAssemblerARM64::loadLink8):
149         (JSC::MacroAssemblerARM64::loadLinkAcq8):
150         (JSC::MacroAssemblerARM64::storeCond8):
151         (JSC::MacroAssemblerARM64::storeCondRel8):
152         (JSC::MacroAssemblerARM64::loadLink16):
153         (JSC::MacroAssemblerARM64::loadLinkAcq16):
154         (JSC::MacroAssemblerARM64::storeCond16):
155         (JSC::MacroAssemblerARM64::storeCondRel16):
156         (JSC::MacroAssemblerARM64::loadLink32):
157         (JSC::MacroAssemblerARM64::loadLinkAcq32):
158         (JSC::MacroAssemblerARM64::storeCond32):
159         (JSC::MacroAssemblerARM64::storeCondRel32):
160         (JSC::MacroAssemblerARM64::loadLink64):
161         (JSC::MacroAssemblerARM64::loadLinkAcq64):
162         (JSC::MacroAssemblerARM64::storeCond64):
163         (JSC::MacroAssemblerARM64::storeCondRel64):
164         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
165         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
166         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
167         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
168         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
169         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
170         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
171         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
172         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
173         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
174         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
175         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
176         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
177         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
178         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
179         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
180         (JSC::MacroAssemblerARM64::depend32):
181         (JSC::MacroAssemblerARM64::depend64):
182         (JSC::MacroAssemblerARM64::loadLink):
183         (JSC::MacroAssemblerARM64::loadLinkAcq):
184         (JSC::MacroAssemblerARM64::storeCond):
185         (JSC::MacroAssemblerARM64::storeCondRel):
186         (JSC::MacroAssemblerARM64::signExtend):
187         (JSC::MacroAssemblerARM64::branch):
188         (JSC::MacroAssemblerARM64::atomicStrongCAS):
189         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
190         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
191         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
192         (JSC::MacroAssemblerARM64::extractSimpleAddress):
193         (JSC::MacroAssemblerARM64::signExtend<8>):
194         (JSC::MacroAssemblerARM64::signExtend<16>):
195         (JSC::MacroAssemblerARM64::branch<64>):
196         * assembler/MacroAssemblerX86Common.h:
197         (JSC::MacroAssemblerX86Common::add32):
198         (JSC::MacroAssemblerX86Common::and32):
199         (JSC::MacroAssemblerX86Common::and16):
200         (JSC::MacroAssemblerX86Common::and8):
201         (JSC::MacroAssemblerX86Common::neg32):
202         (JSC::MacroAssemblerX86Common::neg16):
203         (JSC::MacroAssemblerX86Common::neg8):
204         (JSC::MacroAssemblerX86Common::or32):
205         (JSC::MacroAssemblerX86Common::or16):
206         (JSC::MacroAssemblerX86Common::or8):
207         (JSC::MacroAssemblerX86Common::sub16):
208         (JSC::MacroAssemblerX86Common::sub8):
209         (JSC::MacroAssemblerX86Common::sub32):
210         (JSC::MacroAssemblerX86Common::xor32):
211         (JSC::MacroAssemblerX86Common::xor16):
212         (JSC::MacroAssemblerX86Common::xor8):
213         (JSC::MacroAssemblerX86Common::not32):
214         (JSC::MacroAssemblerX86Common::not16):
215         (JSC::MacroAssemblerX86Common::not8):
216         (JSC::MacroAssemblerX86Common::store16):
217         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
218         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
219         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
220         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
221         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
222         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
223         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
224         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
225         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
226         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
227         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
228         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
229         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
230         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
231         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
232         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
233         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
234         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
235         (JSC::MacroAssemblerX86Common::atomicAdd8):
236         (JSC::MacroAssemblerX86Common::atomicAdd16):
237         (JSC::MacroAssemblerX86Common::atomicAdd32):
238         (JSC::MacroAssemblerX86Common::atomicSub8):
239         (JSC::MacroAssemblerX86Common::atomicSub16):
240         (JSC::MacroAssemblerX86Common::atomicSub32):
241         (JSC::MacroAssemblerX86Common::atomicAnd8):
242         (JSC::MacroAssemblerX86Common::atomicAnd16):
243         (JSC::MacroAssemblerX86Common::atomicAnd32):
244         (JSC::MacroAssemblerX86Common::atomicOr8):
245         (JSC::MacroAssemblerX86Common::atomicOr16):
246         (JSC::MacroAssemblerX86Common::atomicOr32):
247         (JSC::MacroAssemblerX86Common::atomicXor8):
248         (JSC::MacroAssemblerX86Common::atomicXor16):
249         (JSC::MacroAssemblerX86Common::atomicXor32):
250         (JSC::MacroAssemblerX86Common::atomicNeg8):
251         (JSC::MacroAssemblerX86Common::atomicNeg16):
252         (JSC::MacroAssemblerX86Common::atomicNeg32):
253         (JSC::MacroAssemblerX86Common::atomicNot8):
254         (JSC::MacroAssemblerX86Common::atomicNot16):
255         (JSC::MacroAssemblerX86Common::atomicNot32):
256         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
257         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
258         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
259         (JSC::MacroAssemblerX86Common::atomicXchg8):
260         (JSC::MacroAssemblerX86Common::atomicXchg16):
261         (JSC::MacroAssemblerX86Common::atomicXchg32):
262         (JSC::MacroAssemblerX86Common::loadAcq8):
263         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
264         (JSC::MacroAssemblerX86Common::loadAcq16):
265         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
266         (JSC::MacroAssemblerX86Common::loadAcq32):
267         (JSC::MacroAssemblerX86Common::storeRel8):
268         (JSC::MacroAssemblerX86Common::storeRel16):
269         (JSC::MacroAssemblerX86Common::storeRel32):
270         (JSC::MacroAssemblerX86Common::storeFence):
271         (JSC::MacroAssemblerX86Common::loadFence):
272         (JSC::MacroAssemblerX86Common::replaceWithJump):
273         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
274         (JSC::MacroAssemblerX86Common::patchableJumpSize):
275         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
276         (JSC::MacroAssemblerX86Common::supportsAVX):
277         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
278         (JSC::MacroAssemblerX86Common::x86Condition):
279         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
280         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
281         * assembler/MacroAssemblerX86_64.h:
282         (JSC::MacroAssemblerX86_64::add64):
283         (JSC::MacroAssemblerX86_64::and64):
284         (JSC::MacroAssemblerX86_64::neg64):
285         (JSC::MacroAssemblerX86_64::or64):
286         (JSC::MacroAssemblerX86_64::sub64):
287         (JSC::MacroAssemblerX86_64::xor64):
288         (JSC::MacroAssemblerX86_64::not64):
289         (JSC::MacroAssemblerX86_64::store64):
290         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
291         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
292         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
293         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
294         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
295         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
296         (JSC::MacroAssemblerX86_64::atomicAdd64):
297         (JSC::MacroAssemblerX86_64::atomicSub64):
298         (JSC::MacroAssemblerX86_64::atomicAnd64):
299         (JSC::MacroAssemblerX86_64::atomicOr64):
300         (JSC::MacroAssemblerX86_64::atomicXor64):
301         (JSC::MacroAssemblerX86_64::atomicNeg64):
302         (JSC::MacroAssemblerX86_64::atomicNot64):
303         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
304         (JSC::MacroAssemblerX86_64::atomicXchg64):
305         (JSC::MacroAssemblerX86_64::loadAcq64):
306         (JSC::MacroAssemblerX86_64::storeRel64):
307         * assembler/X86Assembler.h:
308         (JSC::X86Assembler::addl_mr):
309         (JSC::X86Assembler::addq_mr):
310         (JSC::X86Assembler::addq_rm):
311         (JSC::X86Assembler::addq_im):
312         (JSC::X86Assembler::andl_mr):
313         (JSC::X86Assembler::andl_rm):
314         (JSC::X86Assembler::andw_rm):
315         (JSC::X86Assembler::andb_rm):
316         (JSC::X86Assembler::andl_im):
317         (JSC::X86Assembler::andw_im):
318         (JSC::X86Assembler::andb_im):
319         (JSC::X86Assembler::andq_mr):
320         (JSC::X86Assembler::andq_rm):
321         (JSC::X86Assembler::andq_im):
322         (JSC::X86Assembler::incq_m):
323         (JSC::X86Assembler::negq_m):
324         (JSC::X86Assembler::negl_m):
325         (JSC::X86Assembler::negw_m):
326         (JSC::X86Assembler::negb_m):
327         (JSC::X86Assembler::notl_m):
328         (JSC::X86Assembler::notw_m):
329         (JSC::X86Assembler::notb_m):
330         (JSC::X86Assembler::notq_m):
331         (JSC::X86Assembler::orl_mr):
332         (JSC::X86Assembler::orl_rm):
333         (JSC::X86Assembler::orw_rm):
334         (JSC::X86Assembler::orb_rm):
335         (JSC::X86Assembler::orl_im):
336         (JSC::X86Assembler::orw_im):
337         (JSC::X86Assembler::orb_im):
338         (JSC::X86Assembler::orq_mr):
339         (JSC::X86Assembler::orq_rm):
340         (JSC::X86Assembler::orq_im):
341         (JSC::X86Assembler::subl_mr):
342         (JSC::X86Assembler::subl_rm):
343         (JSC::X86Assembler::subw_rm):
344         (JSC::X86Assembler::subb_rm):
345         (JSC::X86Assembler::subl_im):
346         (JSC::X86Assembler::subw_im):
347         (JSC::X86Assembler::subb_im):
348         (JSC::X86Assembler::subq_mr):
349         (JSC::X86Assembler::subq_rm):
350         (JSC::X86Assembler::subq_im):
351         (JSC::X86Assembler::xorl_mr):
352         (JSC::X86Assembler::xorl_rm):
353         (JSC::X86Assembler::xorl_im):
354         (JSC::X86Assembler::xorw_rm):
355         (JSC::X86Assembler::xorw_im):
356         (JSC::X86Assembler::xorb_rm):
357         (JSC::X86Assembler::xorb_im):
358         (JSC::X86Assembler::xorq_im):
359         (JSC::X86Assembler::xorq_rm):
360         (JSC::X86Assembler::xorq_mr):
361         (JSC::X86Assembler::xchgb_rm):
362         (JSC::X86Assembler::xchgw_rm):
363         (JSC::X86Assembler::xchgl_rm):
364         (JSC::X86Assembler::xchgq_rm):
365         (JSC::X86Assembler::movw_im):
366         (JSC::X86Assembler::movq_i32m):
367         (JSC::X86Assembler::cmpxchgb_rm):
368         (JSC::X86Assembler::cmpxchgw_rm):
369         (JSC::X86Assembler::cmpxchgl_rm):
370         (JSC::X86Assembler::cmpxchgq_rm):
371         (JSC::X86Assembler::xaddb_rm):
372         (JSC::X86Assembler::xaddw_rm):
373         (JSC::X86Assembler::xaddl_rm):
374         (JSC::X86Assembler::xaddq_rm):
375         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
376         * b3/B3AtomicValue.cpp: Added.
377         (JSC::B3::AtomicValue::~AtomicValue):
378         (JSC::B3::AtomicValue::dumpMeta):
379         (JSC::B3::AtomicValue::cloneImpl):
380         (JSC::B3::AtomicValue::AtomicValue):
381         * b3/B3AtomicValue.h: Added.
382         * b3/B3BasicBlock.h:
383         * b3/B3BlockInsertionSet.cpp:
384         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
385         (JSC::B3::BlockInsertionSet::insert): Deleted.
386         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
387         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
388         (JSC::B3::BlockInsertionSet::execute): Deleted.
389         * b3/B3BlockInsertionSet.h:
390         * b3/B3Effects.cpp:
391         (JSC::B3::Effects::interferes):
392         (JSC::B3::Effects::operator==):
393         (JSC::B3::Effects::dump):
394         * b3/B3Effects.h:
395         (JSC::B3::Effects::forCall):
396         (JSC::B3::Effects::mustExecute):
397         * b3/B3EliminateCommonSubexpressions.cpp:
398         * b3/B3Generate.cpp:
399         (JSC::B3::generateToAir):
400         * b3/B3GenericBlockInsertionSet.h: Added.
401         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
402         (JSC::B3::GenericBlockInsertionSet::insert):
403         (JSC::B3::GenericBlockInsertionSet::insertBefore):
404         (JSC::B3::GenericBlockInsertionSet::insertAfter):
405         (JSC::B3::GenericBlockInsertionSet::execute):
406         * b3/B3HeapRange.h:
407         (JSC::B3::HeapRange::operator|):
408         * b3/B3InsertionSet.cpp:
409         (JSC::B3::InsertionSet::insertClone):
410         * b3/B3InsertionSet.h:
411         * b3/B3LegalizeMemoryOffsets.cpp:
412         * b3/B3LowerMacros.cpp:
413         (JSC::B3::lowerMacros):
414         * b3/B3LowerMacrosAfterOptimizations.cpp:
415         * b3/B3LowerToAir.cpp:
416         (JSC::B3::Air::LowerToAir::LowerToAir):
417         (JSC::B3::Air::LowerToAir::run):
418         (JSC::B3::Air::LowerToAir::effectiveAddr):
419         (JSC::B3::Air::LowerToAir::addr):
420         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
421         (JSC::B3::Air::LowerToAir::appendShift):
422         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
423         (JSC::B3::Air::LowerToAir::storeOpcode):
424         (JSC::B3::Air::LowerToAir::createStore):
425         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
426         (JSC::B3::Air::LowerToAir::newBlock):
427         (JSC::B3::Air::LowerToAir::splitBlock):
428         (JSC::B3::Air::LowerToAir::fillStackmap):
429         (JSC::B3::Air::LowerToAir::appendX86Div):
430         (JSC::B3::Air::LowerToAir::appendX86UDiv):
431         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
432         (JSC::B3::Air::LowerToAir::storeCondOpcode):
433         (JSC::B3::Air::LowerToAir::appendCAS):
434         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
435         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
436         (JSC::B3::Air::LowerToAir::lower):
437         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
438         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
439         * b3/B3LowerToAir.h:
440         * b3/B3MemoryValue.cpp:
441         (JSC::B3::MemoryValue::isLegalOffset):
442         (JSC::B3::MemoryValue::accessType):
443         (JSC::B3::MemoryValue::accessBank):
444         (JSC::B3::MemoryValue::accessByteSize):
445         (JSC::B3::MemoryValue::dumpMeta):
446         (JSC::B3::MemoryValue::MemoryValue):
447         (JSC::B3::MemoryValue::accessWidth): Deleted.
448         * b3/B3MemoryValue.h:
449         * b3/B3MemoryValueInlines.h: Added.
450         (JSC::B3::MemoryValue::isLegalOffset):
451         (JSC::B3::MemoryValue::requiresSimpleAddr):
452         (JSC::B3::MemoryValue::accessWidth):
453         * b3/B3MoveConstants.cpp:
454         * b3/B3NativeTraits.h: Added.
455         * b3/B3Opcode.cpp:
456         (JSC::B3::storeOpcode):
457         (WTF::printInternal):
458         * b3/B3Opcode.h:
459         (JSC::B3::isLoad):
460         (JSC::B3::isStore):
461         (JSC::B3::isLoadStore):
462         (JSC::B3::isAtomic):
463         (JSC::B3::isAtomicCAS):
464         (JSC::B3::isAtomicXchg):
465         (JSC::B3::isMemoryAccess):
466         (JSC::B3::signExtendOpcode):
467         * b3/B3Procedure.cpp:
468         (JSC::B3::Procedure::dump):
469         * b3/B3Procedure.h:
470         (JSC::B3::Procedure::hasQuirks):
471         (JSC::B3::Procedure::setHasQuirks):
472         * b3/B3PureCSE.cpp:
473         (JSC::B3::pureCSE):
474         * b3/B3PureCSE.h:
475         * b3/B3ReduceStrength.cpp:
476         * b3/B3Validate.cpp:
477         * b3/B3Value.cpp:
478         (JSC::B3::Value::returnsBool):
479         (JSC::B3::Value::effects):
480         (JSC::B3::Value::key):
481         (JSC::B3::Value::performSubstitution):
482         (JSC::B3::Value::typeFor):
483         * b3/B3Value.h:
484         * b3/B3Width.cpp:
485         (JSC::B3::bestType):
486         * b3/B3Width.h:
487         (JSC::B3::canonicalWidth):
488         (JSC::B3::isCanonicalWidth):
489         (JSC::B3::mask):
490         * b3/air/AirArg.cpp:
491         (JSC::B3::Air::Arg::jsHash):
492         (JSC::B3::Air::Arg::dump):
493         (WTF::printInternal):
494         * b3/air/AirArg.h:
495         (JSC::B3::Air::Arg::isAnyUse):
496         (JSC::B3::Air::Arg::isColdUse):
497         (JSC::B3::Air::Arg::cooled):
498         (JSC::B3::Air::Arg::isEarlyUse):
499         (JSC::B3::Air::Arg::isLateUse):
500         (JSC::B3::Air::Arg::isAnyDef):
501         (JSC::B3::Air::Arg::isEarlyDef):
502         (JSC::B3::Air::Arg::isLateDef):
503         (JSC::B3::Air::Arg::isZDef):
504         (JSC::B3::Air::Arg::simpleAddr):
505         (JSC::B3::Air::Arg::statusCond):
506         (JSC::B3::Air::Arg::isSimpleAddr):
507         (JSC::B3::Air::Arg::isMemory):
508         (JSC::B3::Air::Arg::isStatusCond):
509         (JSC::B3::Air::Arg::isCondition):
510         (JSC::B3::Air::Arg::ptr):
511         (JSC::B3::Air::Arg::base):
512         (JSC::B3::Air::Arg::isGP):
513         (JSC::B3::Air::Arg::isFP):
514         (JSC::B3::Air::Arg::isValidForm):
515         (JSC::B3::Air::Arg::forEachTmpFast):
516         (JSC::B3::Air::Arg::forEachTmp):
517         (JSC::B3::Air::Arg::asAddress):
518         (JSC::B3::Air::Arg::asStatusCondition):
519         (JSC::B3::Air::Arg::isInvertible):
520         (JSC::B3::Air::Arg::inverted):
521         * b3/air/AirBasicBlock.cpp:
522         (JSC::B3::Air::BasicBlock::setSuccessors):
523         * b3/air/AirBasicBlock.h:
524         * b3/air/AirBlockInsertionSet.cpp: Added.
525         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
526         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
527         * b3/air/AirBlockInsertionSet.h: Added.
528         * b3/air/AirDumpAsJS.cpp: Removed.
529         * b3/air/AirDumpAsJS.h: Removed.
530         * b3/air/AirEliminateDeadCode.cpp:
531         (JSC::B3::Air::eliminateDeadCode):
532         * b3/air/AirGenerate.cpp:
533         (JSC::B3::Air::prepareForGeneration):
534         * b3/air/AirInstInlines.h:
535         (JSC::B3::Air::isAtomicStrongCASValid):
536         (JSC::B3::Air::isBranchAtomicStrongCASValid):
537         (JSC::B3::Air::isAtomicStrongCAS8Valid):
538         (JSC::B3::Air::isAtomicStrongCAS16Valid):
539         (JSC::B3::Air::isAtomicStrongCAS32Valid):
540         (JSC::B3::Air::isAtomicStrongCAS64Valid):
541         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
542         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
543         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
544         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
545         * b3/air/AirOpcode.opcodes:
546         * b3/air/AirOptimizeBlockOrder.cpp:
547         (JSC::B3::Air::optimizeBlockOrder):
548         * b3/air/AirPadInterference.cpp:
549         (JSC::B3::Air::padInterference):
550         * b3/air/AirSpillEverything.cpp:
551         (JSC::B3::Air::spillEverything):
552         * b3/air/opcode_generator.rb:
553         * b3/testb3.cpp:
554         (JSC::B3::testLoadAcq42):
555         (JSC::B3::testStoreRelAddLoadAcq32):
556         (JSC::B3::testStoreRelAddLoadAcq8):
557         (JSC::B3::testStoreRelAddFenceLoadAcq8):
558         (JSC::B3::testStoreRelAddLoadAcq16):
559         (JSC::B3::testStoreRelAddLoadAcq64):
560         (JSC::B3::testTrappingStoreElimination):
561         (JSC::B3::testX86LeaAddAdd):
562         (JSC::B3::testX86LeaAddShlLeftScale1):
563         (JSC::B3::testAtomicWeakCAS):
564         (JSC::B3::testAtomicStrongCAS):
565         (JSC::B3::testAtomicXchg):
566         (JSC::B3::testDepend32):
567         (JSC::B3::testDepend64):
568         (JSC::B3::run):
569         * runtime/Options.h:
570
571 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
572
573         Unreviewed typo fixes after r213652.
574         https://bugs.webkit.org/show_bug.cgi?id=168920
575
576         * assembler/MacroAssemblerARM.h:
577         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
578         * assembler/MacroAssemblerMIPS.h:
579         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
580
581 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
582
583         Unreviewed ARM buildfix after r213652.
584         https://bugs.webkit.org/show_bug.cgi?id=168920
585
586         r213652 used replaceWithBrk and replaceWithBkpt names for the same
587         function, which was inconsistent and caused build error in ARMAssembler.
588
589         * assembler/ARM64Assembler.h:
590         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
591         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
592         * assembler/ARMAssembler.h:
593         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
594         (JSC::ARMAssembler::replaceWithBrk): Deleted.
595         * assembler/MacroAssemblerARM64.h:
596         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
597
598 2017-03-10  Alex Christensen  <achristensen@webkit.org>
599
600         Win64 build fix.
601
602         * b3/B3FenceValue.h:
603         * b3/B3Value.h:
604         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
605         doesn't accomplish anything except making Visual Studio mad.
606         * b3/air/opcode_generator.rb:
607         winnt.h has naming collisions with enum values from AirOpcode.h.
608         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
609         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
610         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
611         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
612
613 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
614
615         Unreviewed, rolling out r213695.
616
617         This change broke the Windows build.
618
619         Reverted changeset:
620
621         "Implement a StackTrace utility object that can capture stack
622         traces for debugging."
623         https://bugs.webkit.org/show_bug.cgi?id=169454
624         http://trac.webkit.org/changeset/213695
625
626 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
627
628         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
629         https://bugs.webkit.org/show_bug.cgi?id=167962
630
631         Reviewed by Keith Miller.
632
633         Object Rest/Spread Destructing proposal is in stage 3[1] and this
634         Patch is a prototype implementation of it. A simple change over the
635         parser was necessary to support the new '...' token on Object Pattern
636         destruction rule. In the bytecode generator side, We changed the
637         bytecode generated on ObjectPatternNode::bindValue to store in an
638         array identifiers of already destructed properties, following spec draft
639         section[2], and then pass it as excludedNames to CopyDataProperties.
640         The rest destruction the calls copyDataProperties to perform the
641         copy of rest properties in rhs.
642
643         We also implemented CopyDataProperties as private JS global operation
644         on builtins/GlobalOperations.js following it's specification on [3].
645         It is implemented using Set object to verify if a property is on
646         excludedNames to keep this algorithm with O(n + m) complexity, where n
647         = number of source's own properties and m = excludedNames.length. 
648
649         As a requirement to use JSSets as constants, a change in
650         CodeBlock::create API was necessary, because JSSet creation can throws OOM
651         exception. Now, CodeBlock::finishCreation returns ```false``` if an
652         execption is throwed by
653         CodeBlock::setConstantIdentifierSetRegisters and then we return
654         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
655         check if CodeBlock was constructed properly and then, throw OOM
656         exception to the correct scope.
657
658         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
659         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
660         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
661
662         * builtins/BuiltinNames.h:
663         * builtins/GlobalOperations.js:
664         (globalPrivate.copyDataProperties):
665         * bytecode/CodeBlock.cpp:
666         (JSC::CodeBlock::finishCreation):
667         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
668         * bytecode/CodeBlock.h:
669         * bytecode/EvalCodeBlock.h:
670         (JSC::EvalCodeBlock::create):
671         * bytecode/FunctionCodeBlock.h:
672         (JSC::FunctionCodeBlock::create):
673         * bytecode/ModuleProgramCodeBlock.h:
674         (JSC::ModuleProgramCodeBlock::create):
675         * bytecode/ProgramCodeBlock.h:
676         (JSC::ProgramCodeBlock::create):
677         * bytecode/UnlinkedCodeBlock.h:
678         (JSC::UnlinkedCodeBlock::addSetConstant):
679         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
680         * bytecompiler/BytecodeGenerator.cpp:
681         (JSC::BytecodeGenerator::emitLoad):
682         * bytecompiler/BytecodeGenerator.h:
683         * bytecompiler/NodesCodegen.cpp:
684         (JSC::ObjectPatternNode::bindValue):
685         * parser/ASTBuilder.h:
686         (JSC::ASTBuilder::appendObjectPatternEntry):
687         (JSC::ASTBuilder::appendObjectPatternRestEntry):
688         (JSC::ASTBuilder::setContainsObjectRestElement):
689         * parser/Nodes.h:
690         (JSC::ObjectPatternNode::appendEntry):
691         (JSC::ObjectPatternNode::setContainsRestElement):
692         * parser/Parser.cpp:
693         (JSC::Parser<LexerType>::parseDestructuringPattern):
694         (JSC::Parser<LexerType>::parseProperty):
695         * parser/SyntaxChecker.h:
696         (JSC::SyntaxChecker::operatorStackPop):
697         * runtime/JSGlobalObject.cpp:
698         (JSC::JSGlobalObject::init):
699         * runtime/JSGlobalObjectFunctions.cpp:
700         (JSC::privateToObject):
701         * runtime/JSGlobalObjectFunctions.h:
702         * runtime/ScriptExecutable.cpp:
703         (JSC::ScriptExecutable::newCodeBlockFor):
704
705 2017-03-09  Mark Lam  <mark.lam@apple.com>
706
707         Implement a StackTrace utility object that can capture stack traces for debugging.
708         https://bugs.webkit.org/show_bug.cgi?id=169454
709
710         Reviewed by Michael Saboff.
711
712         The underlying implementation is hoisted right out of Assertions.cpp from the
713         implementations of WTFPrintBacktrace().
714
715         The reason we need this StackTrace object is because during heap debugging, we
716         sometimes want to capture the stack trace that allocated the objects of interest.
717         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
718         perturb the execution profile sufficiently that an issue may not reproduce,
719         while alternatively, just capturing the stack trace and deferring printing it
720         till we actually need it later perturbs the execution profile less.
721
722         In addition, just capturing the stack traces (instead of printing them
723         immediately at each capture site) allows us to avoid polluting stdout with tons
724         of stack traces that may be irrelevant.
725
726         For now, we only capture the native stack trace.  We'll leave capturing and
727         integrating the JS stack trace as an exercise for the future if we need it then.
728
729         Here's an example of how to use this StackTrace utility:
730
731             // Capture a stack trace of the top 10 frames.
732             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
733             // Print the trace.
734             dataLog(*trace);
735
736         * CMakeLists.txt:
737         * JavaScriptCore.xcodeproj/project.pbxproj:
738         * tools/StackTrace.cpp: Added.
739         (JSC::StackTrace::instanceSize):
740         (JSC::StackTrace::captureStackTrace):
741         (JSC::StackTrace::dump):
742         * tools/StackTrace.h: Added.
743         (JSC::StackTrace::StackTrace):
744         (JSC::StackTrace::size):
745
746 2017-03-09  Keith Miller  <keith_miller@apple.com>
747
748         WebAssembly: Enable fast memory for WK2
749         https://bugs.webkit.org/show_bug.cgi?id=169437
750
751         Reviewed by Tim Horton.
752
753         * JavaScriptCore.xcodeproj/project.pbxproj:
754
755 2017-03-09  Matt Baker  <mattbaker@apple.com>
756
757         Web Inspector: Add XHR breakpoints UI
758         https://bugs.webkit.org/show_bug.cgi?id=168763
759         <rdar://problem/30952439>
760
761         Reviewed by Joseph Pecoraro.
762
763         * inspector/protocol/DOMDebugger.json:
764         Added clarifying comments to command descriptions.
765
766 2017-03-09  Michael Saboff  <msaboff@apple.com>
767
768         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
769         https://bugs.webkit.org/show_bug.cgi?id=169387
770
771         Reviewed by Filip Pizlo.
772
773         Added a helper function, processConfigFile(), to process configuration file.
774         Changed jsc.cpp to use that function in lieu of processing the config file
775         manually.
776
777         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
778         * jsc.cpp:
779         (jscmain):
780         * runtime/ConfigFile.cpp:
781         (JSC::processConfigFile):
782         * runtime/ConfigFile.h:
783
784 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
785
786         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
787         https://bugs.webkit.org/show_bug.cgi?id=29687
788         <rdar://problem/19281586>
789
790         Reviewed by Matt Baker and Brian Burg.
791
792         * inspector/protocol/Network.json:
793         Add metrics object with optional properties to loadingFinished event.
794
795 2017-03-09  Youenn Fablet  <youenn@apple.com>
796
797         Minimal build is broken
798         https://bugs.webkit.org/show_bug.cgi?id=169416
799
800         Reviewed by Chris Dumez.
801
802         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
803         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
804
805         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
806         (generate_members):
807         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
808         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
809         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
810
811 2017-03-09  Daniel Bates  <dabates@apple.com>
812
813         Guard Credential Management implementation behind a runtime enabled feature flag
814         https://bugs.webkit.org/show_bug.cgi?id=169364
815         <rdar://problem/30957425>
816
817         Reviewed by Brent Fulgham.
818
819         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
820         needed to guard these interfaces behind a runtime enabled feature flag.
821
822         * runtime/CommonIdentifiers.h:
823
824 2017-03-09  Mark Lam  <mark.lam@apple.com>
825
826         Refactoring some HeapVerifier code.
827         https://bugs.webkit.org/show_bug.cgi?id=169443
828
829         Reviewed by Filip Pizlo.
830
831         Renamed LiveObjectData to CellProfile.
832         Renamed LiveObjectList to CellList.
833         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
834         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
835
836         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
837
838         * CMakeLists.txt:
839         * JavaScriptCore.xcodeproj/project.pbxproj:
840         * heap/Heap.cpp:
841         (JSC::Heap::runBeginPhase):
842         (JSC::Heap::runEndPhase):
843         * heap/HeapVerifier.cpp: Removed.
844         * heap/HeapVerifier.h: Removed.
845         * heap/LiveObjectData.h: Removed.
846         * heap/LiveObjectList.cpp: Removed.
847         * heap/LiveObjectList.h: Removed.
848         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
849         (JSC::CellList::findCell):
850         (JSC::LiveObjectList::findObject): Deleted.
851         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
852         (JSC::CellList::CellList):
853         (JSC::CellList::reset):
854         (JSC::LiveObjectList::LiveObjectList): Deleted.
855         (JSC::LiveObjectList::reset): Deleted.
856         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
857         (JSC::CellProfile::CellProfile):
858         (JSC::LiveObjectData::LiveObjectData): Deleted.
859         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
860         (JSC::GatherCellFunctor::GatherCellFunctor):
861         (JSC::GatherCellFunctor::visit):
862         (JSC::GatherCellFunctor::operator()):
863         (JSC::HeapVerifier::gatherLiveCells):
864         (JSC::HeapVerifier::cellListForGathering):
865         (JSC::trimDeadCellsFromList):
866         (JSC::HeapVerifier::trimDeadCells):
867         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
868         (JSC::HeapVerifier::reportCell):
869         (JSC::HeapVerifier::checkIfRecorded):
870         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
871         (JSC::GatherLiveObjFunctor::visit): Deleted.
872         (JSC::GatherLiveObjFunctor::operator()): Deleted.
873         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
874         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
875         (JSC::trimDeadObjectsFromList): Deleted.
876         (JSC::HeapVerifier::trimDeadObjects): Deleted.
877         (JSC::HeapVerifier::reportObject): Deleted.
878         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
879
880 2017-03-09  Anders Carlsson  <andersca@apple.com>
881
882         Add delegate support to WebCore
883         https://bugs.webkit.org/show_bug.cgi?id=169427
884         Part of rdar://problem/28880714.
885
886         Reviewed by Geoffrey Garen.
887
888         * Configurations/FeatureDefines.xcconfig:
889         Add feature define.
890
891 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
892
893         Web Inspector: Show individual messages in the content pane for a WebSocket
894         https://bugs.webkit.org/show_bug.cgi?id=169011
895
896         Reviewed by Joseph Pecoraro.
897
898         Add walltime parameter and correct the description of Timestamp type.
899
900         * inspector/protocol/Network.json:
901
902 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
903
904         Unreviewed, fix weak external symbol error.
905
906         * heap/SlotVisitor.h:
907
908 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
909
910         std::isnan/isinf should work with WTF time classes
911         https://bugs.webkit.org/show_bug.cgi?id=164991
912
913         Reviewed by Darin Adler.
914         
915         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
916
917         * runtime/AtomicsObject.cpp:
918         (JSC::atomicsFuncWait):
919
920 2017-03-09  Mark Lam  <mark.lam@apple.com>
921
922         Use const AbstractLocker& (instead of const LockHolder&) in more places.
923         https://bugs.webkit.org/show_bug.cgi?id=169424
924
925         Reviewed by Filip Pizlo.
926
927         * heap/CodeBlockSet.cpp:
928         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
929         * heap/CodeBlockSet.h:
930         * heap/CodeBlockSetInlines.h:
931         (JSC::CodeBlockSet::mark):
932         * heap/ConservativeRoots.cpp:
933         (JSC::CompositeMarkHook::CompositeMarkHook):
934         * heap/MachineStackMarker.cpp:
935         (JSC::MachineThreads::tryCopyOtherThreadStacks):
936         * heap/MachineStackMarker.h:
937         * profiler/ProfilerDatabase.cpp:
938         (JSC::Profiler::Database::ensureBytecodesFor):
939         * profiler/ProfilerDatabase.h:
940         * runtime/SamplingProfiler.cpp:
941         (JSC::FrameWalker::FrameWalker):
942         (JSC::CFrameWalker::CFrameWalker):
943         (JSC::SamplingProfiler::createThreadIfNecessary):
944         (JSC::SamplingProfiler::takeSample):
945         (JSC::SamplingProfiler::start):
946         (JSC::SamplingProfiler::pause):
947         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
948         (JSC::SamplingProfiler::clearData):
949         (JSC::SamplingProfiler::releaseStackTraces):
950         * runtime/SamplingProfiler.h:
951         (JSC::SamplingProfiler::setStopWatch):
952         * wasm/WasmMemory.cpp:
953         (JSC::Wasm::availableFastMemories):
954         (JSC::Wasm::activeFastMemories):
955         (JSC::Wasm::viewActiveFastMemories):
956         * wasm/WasmMemory.h:
957
958 2017-03-09  Saam Barati  <sbarati@apple.com>
959
960         WebAssembly: Make the Unity AngryBots demo run
961         https://bugs.webkit.org/show_bug.cgi?id=169268
962
963         Reviewed by Keith Miller.
964
965         This patch fixes three bugs:
966         1. The WasmBinding code for making a JS call was off
967         by 1 in its stack layout code.
968         2. The WasmBinding code had a "<" comparison instead
969         of a ">=" comparison. This would cause us to calculate
970         the wrong frame pointer offset.
971         3. The code to reload wasm state inside B3IRGenerator didn't
972         properly represent its effects.
973
974         * wasm/WasmB3IRGenerator.cpp:
975         (JSC::Wasm::restoreWebAssemblyGlobalState):
976         (JSC::Wasm::parseAndCompile):
977         * wasm/WasmBinding.cpp:
978         (JSC::Wasm::wasmToJs):
979         * wasm/js/WebAssemblyInstanceConstructor.cpp:
980         (JSC::WebAssemblyInstanceConstructor::createInstance):
981
982 2017-03-09  Mark Lam  <mark.lam@apple.com>
983
984         Make the VM Traps mechanism non-polling for the DFG and FTL.
985         https://bugs.webkit.org/show_bug.cgi?id=168920
986         <rdar://problem/30738588>
987
988         Reviewed by Filip Pizlo.
989
990         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
991            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
992         2. Added assembler functions for overwriting an instruction with a breakpoint.
993         3. Added a new JettisonDueToVMTraps jettison reason.
994         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
995            invalidation points with breakpoint instructions.
996         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
997         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
998            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
999            Options::usePollingTraps() to always be true.  This makes the VMTraps
1000            implementation fall back to using polling based traps only.
1001
1002         7. Make VMTraps support signal based traps.
1003
1004         Some design and implementation details of signal based VM traps:
1005
1006         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
1007
1008         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
1009           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
1010           we want to trap, and check for the occurence of one of the following events:
1011
1012           a. VMTraps::handleTraps() has been called for the requested trap, or
1013
1014           b. the VM is inactive and is no longer executing any JS code.  We determine
1015              this to be the case if the thread no longer owns the JSLock and the VM's
1016              entryScope is null.
1017
1018              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1019              null.  This happens when the thread calls JSLock::dropAllLocks() before
1020              calling a host function that may block on IO (or whatever).  For our purpose,
1021              this counts as the VM still running JS code, and VM::fireTrap() will still
1022              be waiting.
1023
1024           If the SignalSender does not see either of these events, it will sleep for a
1025           while and then re-send SIGUSR1 and check for the events again.  When it sees
1026           one of these events, it will consider the mutator to have received the trap
1027           request.
1028
1029         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1030           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1031           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1032           safe to jettison the codeBlock.
1033
1034           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1035           insert the breakpoint instructions itself.  This is because we need the
1036           register state of the the mutator thread (that we want to trap in) in order to
1037           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1038           we don't have a generic way for the requester thread to get the register state
1039           of another thread.
1040
1041         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1042           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1043           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1044           baseline JIT code will eventually reach an op_check_traps and call
1045           VMTraps::handleTraps().
1046
1047           If the handler is not trapping at an invalidation point, then it must be
1048           observing an assertion failure (which also uses the breakpoint instruction).
1049           In this case, the handler will defer to the default SIGTRAP handler and crash.
1050
1051         - The reason we need the SignalSender is because SignalSender::send() is called
1052           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1053           send() needs to make use of the VM pointer, and it is not guaranteed that the
1054           VM will outlive the thread.  SignalSender provides the mechanism by which we
1055           can nullify the VM pointer when the VM dies so that the thread does not
1056           continue to use it.
1057
1058         * assembler/ARM64Assembler.h:
1059         (JSC::ARM64Assembler::replaceWithBrk):
1060         * assembler/ARMAssembler.h:
1061         (JSC::ARMAssembler::replaceWithBrk):
1062         * assembler/ARMv7Assembler.h:
1063         (JSC::ARMv7Assembler::replaceWithBkpt):
1064         * assembler/MIPSAssembler.h:
1065         (JSC::MIPSAssembler::replaceWithBkpt):
1066         * assembler/MacroAssemblerARM.h:
1067         (JSC::MacroAssemblerARM::replaceWithJump):
1068         * assembler/MacroAssemblerARM64.h:
1069         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1070         * assembler/MacroAssemblerARMv7.h:
1071         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1072         * assembler/MacroAssemblerMIPS.h:
1073         (JSC::MacroAssemblerMIPS::replaceWithJump):
1074         * assembler/MacroAssemblerX86Common.h:
1075         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1076         * assembler/X86Assembler.h:
1077         (JSC::X86Assembler::replaceWithInt3):
1078         * bytecode/CodeBlock.cpp:
1079         (JSC::CodeBlock::jettison):
1080         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1081         (JSC::CodeBlock::installVMTrapBreakpoints):
1082         * bytecode/CodeBlock.h:
1083         * bytecompiler/BytecodeGenerator.cpp:
1084         (JSC::BytecodeGenerator::emitCheckTraps):
1085         * dfg/DFGCommonData.cpp:
1086         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1087         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1088         * dfg/DFGCommonData.h:
1089         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1090         * dfg/DFGJumpReplacement.cpp:
1091         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1092         * dfg/DFGJumpReplacement.h:
1093         (JSC::DFG::JumpReplacement::dataLocation):
1094         * dfg/DFGNodeType.h:
1095         * heap/CodeBlockSet.cpp:
1096         (JSC::CodeBlockSet::contains):
1097         * heap/CodeBlockSet.h:
1098         * heap/CodeBlockSetInlines.h:
1099         (JSC::CodeBlockSet::iterate):
1100         * heap/Heap.cpp:
1101         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1102         * heap/Heap.h:
1103         * heap/HeapInlines.h:
1104         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1105         * heap/MachineStackMarker.h:
1106         (JSC::MachineThreads::threadsListHead):
1107         * jit/ExecutableAllocator.cpp:
1108         (JSC::ExecutableAllocator::isValidExecutableMemory):
1109         * jit/ExecutableAllocator.h:
1110         * profiler/ProfilerJettisonReason.cpp:
1111         (WTF::printInternal):
1112         * profiler/ProfilerJettisonReason.h:
1113         * runtime/JSLock.cpp:
1114         (JSC::JSLock::didAcquireLock):
1115         * runtime/Options.cpp:
1116         (JSC::overrideDefaults):
1117         * runtime/Options.h:
1118         * runtime/PlatformThread.h:
1119         (JSC::platformThreadSignal):
1120         * runtime/VM.cpp:
1121         (JSC::VM::~VM):
1122         (JSC::VM::ensureWatchdog):
1123         (JSC::VM::handleTraps): Deleted.
1124         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1125         * runtime/VM.h:
1126         (JSC::VM::ownerThread):
1127         (JSC::VM::traps):
1128         (JSC::VM::handleTraps):
1129         (JSC::VM::needTrapHandling):
1130         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1131         * runtime/VMTraps.cpp:
1132         (JSC::VMTraps::vm):
1133         (JSC::SignalContext::SignalContext):
1134         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1135         (JSC::vmIsInactive):
1136         (JSC::findActiveVMAndStackBounds):
1137         (JSC::handleSigusr1):
1138         (JSC::handleSigtrap):
1139         (JSC::installSignalHandlers):
1140         (JSC::sanitizedTopCallFrame):
1141         (JSC::isSaneFrame):
1142         (JSC::VMTraps::tryInstallTrapBreakpoints):
1143         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1144         (JSC::VMTraps::VMTraps):
1145         (JSC::VMTraps::willDestroyVM):
1146         (JSC::VMTraps::addSignalSender):
1147         (JSC::VMTraps::removeSignalSender):
1148         (JSC::VMTraps::SignalSender::willDestroyVM):
1149         (JSC::VMTraps::SignalSender::send):
1150         (JSC::VMTraps::fireTrap):
1151         (JSC::VMTraps::handleTraps):
1152         * runtime/VMTraps.h:
1153         (JSC::VMTraps::~VMTraps):
1154         (JSC::VMTraps::needTrapHandling):
1155         (JSC::VMTraps::notifyGrabAllLocks):
1156         (JSC::VMTraps::SignalSender::SignalSender):
1157         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1158         * tools/VMInspector.cpp:
1159         * tools/VMInspector.h:
1160         (JSC::VMInspector::getLock):
1161         (JSC::VMInspector::iterate):
1162
1163 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1164
1165         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1166         https://bugs.webkit.org/show_bug.cgi?id=169215
1167
1168         Reviewed by Mark Lam.
1169         
1170         This doesn't have a test because it would be a very complicated test.
1171
1172         * runtime/JSObject.h:
1173         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1174
1175 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1176
1177         WTF should make it super easy to do ARM concurrency tricks
1178         https://bugs.webkit.org/show_bug.cgi?id=169300
1179
1180         Reviewed by Mark Lam.
1181         
1182         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1183         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1184         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1185         machine code, I found other opportunities for improvement, like inlining the "am I
1186         marked" part of the marking functions.
1187
1188         * heap/Heap.cpp:
1189         (JSC::Heap::setGCDidJIT):
1190         * heap/HeapInlines.h:
1191         (JSC::Heap::testAndSetMarked):
1192         * heap/LargeAllocation.h:
1193         (JSC::LargeAllocation::isMarked):
1194         (JSC::LargeAllocation::isMarkedConcurrently):
1195         (JSC::LargeAllocation::aboutToMark):
1196         (JSC::LargeAllocation::testAndSetMarked):
1197         * heap/MarkedBlock.h:
1198         (JSC::MarkedBlock::areMarksStaleWithDependency):
1199         (JSC::MarkedBlock::aboutToMark):
1200         (JSC::MarkedBlock::isMarkedConcurrently):
1201         (JSC::MarkedBlock::isMarked):
1202         (JSC::MarkedBlock::testAndSetMarked):
1203         * heap/SlotVisitor.cpp:
1204         (JSC::SlotVisitor::appendSlow):
1205         (JSC::SlotVisitor::appendHiddenSlow):
1206         (JSC::SlotVisitor::appendHiddenSlowImpl):
1207         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1208         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1209         (JSC::SlotVisitor::appendHidden): Deleted.
1210         * heap/SlotVisitor.h:
1211         * heap/SlotVisitorInlines.h:
1212         (JSC::SlotVisitor::appendUnbarriered):
1213         (JSC::SlotVisitor::appendHidden):
1214         (JSC::SlotVisitor::append):
1215         (JSC::SlotVisitor::appendValues):
1216         (JSC::SlotVisitor::appendValuesHidden):
1217         * runtime/CustomGetterSetter.cpp:
1218         * runtime/JSObject.cpp:
1219         (JSC::JSObject::visitButterflyImpl):
1220         * runtime/JSObject.h:
1221
1222 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1223
1224         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1225         https://bugs.webkit.org/show_bug.cgi?id=160124
1226
1227         Reviewed by Mark Lam.
1228
1229         When performing CallVarargs, we will copy values to the stack.
1230         Before actually copying values, we need to adjust the stackPointerRegister
1231         to ensure copied values are in the allocated stack area.
1232         If we do not that, OS can break the values that is stored beyond the stack
1233         pointer. For example, signal stack can be constructed on these area, and
1234         breaks values.
1235
1236         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1237         in Linux port. Since Linux ports use signal to suspend and resume threads,
1238         signal handler is frequently called when enabling sampling profiler. Thus this
1239         crash occurs.
1240
1241         * dfg/DFGSpeculativeJIT32_64.cpp:
1242         (JSC::DFG::SpeculativeJIT::emitCall):
1243         * dfg/DFGSpeculativeJIT64.cpp:
1244         (JSC::DFG::SpeculativeJIT::emitCall):
1245         * ftl/FTLLowerDFGToB3.cpp:
1246         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1247         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1248         * jit/SetupVarargsFrame.cpp:
1249         (JSC::emitSetupVarargsFrameFastCase):
1250         * jit/SetupVarargsFrame.h:
1251
1252 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1253
1254         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1255         https://bugs.webkit.org/show_bug.cgi?id=164892
1256         <rdar://problem/29320562>
1257
1258         Reviewed by Brian Burg.
1259
1260         * inspector/protocol/Network.json:
1261         Replace "fromDiskCache" property with "source" property which includes
1262         more complete information about the source of this response (network,
1263         memory cache, disk cache, or unknown).
1264
1265         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1266         (_generate_class_for_object_declaration):
1267         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1268         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1269         * inspector/scripts/codegen/generator.py:
1270         (Generator):
1271         (Generator.open_fields):
1272         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1273         enum and open accessor string symbol that would have the same name, only generate
1274         a specific list of open accessor strings. This reduces the list of exported
1275         symbols from all properties to just the ones that are needed. This can be
1276         cleaned up later if needed.
1277
1278         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1279         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1280         Test for open accessors generation.
1281
1282 2017-03-08  Keith Miller  <keith_miller@apple.com>
1283
1284         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1285         https://bugs.webkit.org/show_bug.cgi?id=169290
1286
1287         Reviewed by Saam Barati.
1288
1289         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1290         of some wasm fast memory.
1291
1292         * wasm/WasmFaultSignalHandler.cpp:
1293         (JSC::Wasm::trapHandler):
1294         (JSC::Wasm::enableFastMemory):
1295         * wasm/WasmMemory.cpp:
1296         (JSC::Wasm::activeFastMemories):
1297         (JSC::Wasm::viewActiveFastMemories):
1298         (JSC::Wasm::tryGetFastMemory):
1299         (JSC::Wasm::releaseFastMemory):
1300         * wasm/WasmMemory.h:
1301
1302 2017-03-07  Dean Jackson  <dino@apple.com>
1303
1304         Some platforms won't be able to create a GPUDevice
1305         https://bugs.webkit.org/show_bug.cgi?id=169314
1306         <rdar://problems/30907521>
1307
1308         Reviewed by Jon Lee.
1309
1310         Disable WEB_GPU on the iOS Simulator.
1311
1312         * Configurations/FeatureDefines.xcconfig:
1313
1314 2017-03-06  Saam Barati  <sbarati@apple.com>
1315
1316         WebAssembly: Implement the WebAssembly.instantiate API
1317         https://bugs.webkit.org/show_bug.cgi?id=165982
1318         <rdar://problem/29760110>
1319
1320         Reviewed by Keith Miller.
1321
1322         This patch is a straight forward implementation of the WebAssembly.instantiate
1323         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1324         
1325         I implemented the API in a synchronous manner. We should make it
1326         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1327
1328         * wasm/JSWebAssembly.cpp:
1329         (JSC::webAssemblyCompileFunc):
1330         (JSC::webAssemblyInstantiateFunc):
1331         (JSC::JSWebAssembly::finishCreation):
1332         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1333         (JSC::constructJSWebAssemblyInstance):
1334         (JSC::WebAssemblyInstanceConstructor::createInstance):
1335         * wasm/js/WebAssemblyInstanceConstructor.h:
1336         * wasm/js/WebAssemblyModuleConstructor.cpp:
1337         (JSC::constructJSWebAssemblyModule):
1338         (JSC::WebAssemblyModuleConstructor::createModule):
1339         * wasm/js/WebAssemblyModuleConstructor.h:
1340
1341 2017-03-06  Michael Saboff  <msaboff@apple.com>
1342
1343         Take advantage of fast permissions switching of JIT memory for devices that support it
1344         https://bugs.webkit.org/show_bug.cgi?id=169155
1345
1346         Reviewed by Saam Barati.
1347
1348         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1349         control access to JIT memory.
1350
1351         Had to update the Xcode config files to handle various build variations of
1352         public and internal SDKs.
1353
1354         * Configurations/Base.xcconfig:
1355         * Configurations/FeatureDefines.xcconfig:
1356         * jit/ExecutableAllocator.cpp:
1357         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1358         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1359         * jit/ExecutableAllocator.h:
1360         (JSC::performJITMemcpy):
1361
1362 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1363
1364         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1365         https://bugs.webkit.org/show_bug.cgi?id=168502
1366
1367         Reviewed by Filip Pizlo.
1368
1369         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1370
1371 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1372
1373         op_get_by_id_with_this should use inline caching
1374         https://bugs.webkit.org/show_bug.cgi?id=162124
1375
1376         Reviewed by Saam Barati.
1377
1378         This patch is enabling inline cache for op_get_by_id_with_this in all
1379         tiers. It means that operations using ```super.member``` are going to
1380         be able to be optimized by PIC. To enable it, we introduced a new
1381         member of StructureStubInfo.patch named thisGPR, created a new class
1382         to manage the IC named JITGetByIdWithThisGenerator and changed
1383         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1384         to decide the correct this value on inline caches.
1385         With inline cached enabled, ```super.member``` are ~4.5x faster,
1386         according microbenchmarks.
1387
1388         * bytecode/AccessCase.cpp:
1389         (JSC::AccessCase::generateImpl):
1390         * bytecode/PolymorphicAccess.cpp:
1391         (JSC::PolymorphicAccess::regenerate):
1392         * bytecode/PolymorphicAccess.h:
1393         * bytecode/StructureStubInfo.cpp:
1394         (JSC::StructureStubInfo::reset):
1395         * bytecode/StructureStubInfo.h:
1396         * dfg/DFGFixupPhase.cpp:
1397         (JSC::DFG::FixupPhase::fixupNode):
1398         * dfg/DFGJITCompiler.cpp:
1399         (JSC::DFG::JITCompiler::link):
1400         * dfg/DFGJITCompiler.h:
1401         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1402         * dfg/DFGSpeculativeJIT.cpp:
1403         (JSC::DFG::SpeculativeJIT::compileIn):
1404         * dfg/DFGSpeculativeJIT.h:
1405         (JSC::DFG::SpeculativeJIT::callOperation):
1406         * dfg/DFGSpeculativeJIT32_64.cpp:
1407         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1408         (JSC::DFG::SpeculativeJIT::compile):
1409         * dfg/DFGSpeculativeJIT64.cpp:
1410         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1411         (JSC::DFG::SpeculativeJIT::compile):
1412         * ftl/FTLLowerDFGToB3.cpp:
1413         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1414         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1415         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1416         * jit/CCallHelpers.h:
1417         (JSC::CCallHelpers::setupArgumentsWithExecState):
1418         * jit/ICStats.h:
1419         * jit/JIT.cpp:
1420         (JSC::JIT::JIT):
1421         (JSC::JIT::privateCompileSlowCases):
1422         (JSC::JIT::link):
1423         * jit/JIT.h:
1424         * jit/JITInlineCacheGenerator.cpp:
1425         (JSC::JITByIdGenerator::JITByIdGenerator):
1426         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1427         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1428         * jit/JITInlineCacheGenerator.h:
1429         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1430         * jit/JITInlines.h:
1431         (JSC::JIT::callOperation):
1432         * jit/JITOperations.cpp:
1433         * jit/JITOperations.h:
1434         * jit/JITPropertyAccess.cpp:
1435         (JSC::JIT::emit_op_get_by_id_with_this):
1436         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1437         * jit/JITPropertyAccess32_64.cpp:
1438         (JSC::JIT::emit_op_get_by_id_with_this):
1439         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1440         * jit/Repatch.cpp:
1441         (JSC::appropriateOptimizingGetByIdFunction):
1442         (JSC::appropriateGenericGetByIdFunction):
1443         (JSC::tryCacheGetByID):
1444         * jit/Repatch.h:
1445         * jsc.cpp:
1446         (WTF::CustomGetter::getOwnPropertySlot):
1447         (WTF::CustomGetter::customGetterAcessor):
1448
1449 2017-03-06  Saam Barati  <sbarati@apple.com>
1450
1451         WebAssembly: implement init_expr for Element
1452         https://bugs.webkit.org/show_bug.cgi?id=165888
1453         <rdar://problem/29760199>
1454
1455         Reviewed by Keith Miller.
1456
1457         This patch fixes a few bugs. The main change is allowing init_expr
1458         for the Element's offset. To do this, I had to fix a couple of
1459         other bugs:
1460         
1461         - I removed our invalid early module-parse-time invalidation
1462         of out of bound Element sections. This is not in the spec because
1463         it can't be validated in the general case when the offset is a
1464         get_global.
1465         
1466         - Our get_global validation inside our init_expr parsing code was simply wrong.
1467         It thought that the index operand to get_global went into the pool of imports,
1468         but it does not. It indexes into the pool of globals. I changed the code to
1469         refer to the global pool instead.
1470
1471         * wasm/WasmFormat.h:
1472         (JSC::Wasm::Element::Element):
1473         * wasm/WasmModuleParser.cpp:
1474         * wasm/js/WebAssemblyModuleRecord.cpp:
1475         (JSC::WebAssemblyModuleRecord::evaluate):
1476
1477 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1478
1479         [JSC] Allow indexed module namespace object fields
1480         https://bugs.webkit.org/show_bug.cgi?id=168870
1481
1482         Reviewed by Saam Barati.
1483
1484         While JS modules cannot expose any indexed bindings,
1485         Wasm modules can expose them. However, module namespace
1486         object currently does not support indexed properties.
1487         This patch allows module namespace objects to offer
1488         indexed binding accesses.
1489
1490         * runtime/JSModuleNamespaceObject.cpp:
1491         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
1492         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1493         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
1494         * runtime/JSModuleNamespaceObject.h:
1495
1496 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1497
1498         Null pointer crash when loading module with unresolved import also as a script file
1499         https://bugs.webkit.org/show_bug.cgi?id=168971
1500
1501         Reviewed by Saam Barati.
1502
1503         If linking throws an error, this error should be re-thrown
1504         when requesting the same module.
1505
1506         * builtins/ModuleLoaderPrototype.js:
1507         (globalPrivate.newRegistryEntry):
1508         * runtime/JSModuleRecord.cpp:
1509         (JSC::JSModuleRecord::link):
1510
1511 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1512
1513         [GTK][JSCOnly] Enable WebAssembly on Linux environment
1514         https://bugs.webkit.org/show_bug.cgi?id=164032
1515
1516         Reviewed by Michael Catanzaro.
1517
1518         This patch enables WebAssembly on JSCOnly and GTK ports.
1519         Basically, almost all the WASM code is portable to Linux.
1520         One platform-dependent part is faster memory load using SIGBUS
1521         signal handler. This patch ports this part to Linux.
1522
1523         * CMakeLists.txt:
1524         * llint/LLIntSlowPaths.cpp:
1525         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1526         * wasm/WasmFaultSignalHandler.cpp:
1527         (JSC::Wasm::trapHandler):
1528         (JSC::Wasm::enableFastMemory):
1529
1530 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
1531
1532         Currency digits calculation in Intl.NumberFormat should call out to ICU
1533         https://bugs.webkit.org/show_bug.cgi?id=169182
1534
1535         Reviewed by Yusuke Suzuki.
1536
1537         * runtime/IntlNumberFormat.cpp:
1538         (JSC::computeCurrencyDigits):
1539         (JSC::computeCurrencySortKey): Deleted.
1540         (JSC::extractCurrencySortKey): Deleted.
1541
1542 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
1543
1544         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
1545         https://bugs.webkit.org/show_bug.cgi?id=168869
1546
1547         Reviewed by Keith Miller.
1548
1549         * b3/B3Width.h:
1550         * wasm/WasmSections.h:
1551
1552 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
1553
1554         [ARM] Unreviewed buildfix after r213376.
1555
1556         * assembler/ARMAssembler.h:
1557         (JSC::ARMAssembler::isBkpt): Typo fixed.
1558
1559 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1560
1561         [JSC] build fix after r213399
1562         https://bugs.webkit.org/show_bug.cgi?id=169154
1563
1564         Unreviewed.
1565
1566         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
1567
1568 2017-03-03  Dean Jackson  <dino@apple.com>
1569
1570         Add WebGPU compile flag and experimental feature flag
1571         https://bugs.webkit.org/show_bug.cgi?id=169161
1572         <rdar://problem/30846689>
1573
1574         Reviewed by Tim Horton.
1575
1576         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
1577         and an InternalSetting.
1578
1579         * Configurations/FeatureDefines.xcconfig:
1580
1581 2017-03-03  Michael Saboff  <msaboff@apple.com>
1582
1583         Add support for relative pathnames to JSC config files
1584         https://bugs.webkit.org/show_bug.cgi?id=169154
1585
1586         Reviewed by Saam Barati.
1587
1588         If the config file is a relative path, prepend the current working directory.
1589         After canonicalizing the config file path, we extract its directory path and
1590         use that for the directory for a relative log pathname.
1591
1592         * runtime/ConfigFile.cpp:
1593         (JSC::ConfigFile::ConfigFile):
1594         (JSC::ConfigFile::parse):
1595         (JSC::ConfigFile::canonicalizePaths):
1596         * runtime/ConfigFile.h:
1597
1598 2017-03-03  Michael Saboff  <msaboff@apple.com>
1599
1600         Add load / store exclusive instruction group to ARM64 disassembler
1601         https://bugs.webkit.org/show_bug.cgi?id=169152
1602
1603         Reviewed by Filip Pizlo.
1604
1605         * disassembler/ARM64/A64DOpcode.cpp:
1606         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
1607         * disassembler/ARM64/A64DOpcode.h:
1608         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
1609         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
1610         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
1611         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
1612         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
1613         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
1614         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
1615         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
1616         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
1617
1618 2017-03-03  Keith Miller  <keith_miller@apple.com>
1619
1620         WASM should support faster loads.
1621         https://bugs.webkit.org/show_bug.cgi?id=162693
1622
1623         Reviewed by Saam Barati.
1624
1625         This patch adds support for WebAssembly using a 32-bit address
1626         space for memory (along with some extra space for offset
1627         overflow). With a 32-bit address space (we call them
1628         Signaling/fast memories), we reserve the virtual address space for
1629         2^32 + offset bytes of memory and only mark the usable section as
1630         read/write. If wasm code would read/write out of bounds we use a
1631         custom signal handler to catch the SIGBUS. The signal handler then
1632         checks if the faulting instruction is wasm code and tells the
1633         thread to resume executing from the wasm exception
1634         handler. Otherwise, the signal handler crashes the process, as
1635         usual.
1636
1637         All of the allocations of these memories are managed by the
1638         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
1639         old Signaling memories that are no longer in use. Since getting
1640         the wrong memory can cause recompiles, we try to reserve a memory
1641         for modules that do not import a memory. If a module does import a
1642         memory, we try to guess the type of memory we are going to get
1643         based on the last one allocated.
1644
1645         This patch also changes how the wasm JS-api manages objects. Since
1646         we can compile different versions of code, this patch adds a new
1647         JSWebAssemblyCodeBlock class that holds all the information
1648         specific to running a module in a particular bounds checking
1649         mode. Additionally, the Wasm::Memory object is now a reference
1650         counted class that is shared between the JSWebAssemblyMemory
1651         object and the ArrayBuffer that also views it.
1652
1653         * JavaScriptCore.xcodeproj/project.pbxproj:
1654         * jit/JITThunks.cpp:
1655         (JSC::JITThunks::existingCTIStub):
1656         * jit/JITThunks.h:
1657         * jsc.cpp:
1658         (jscmain):
1659         * runtime/Options.h:
1660         * runtime/VM.cpp:
1661         (JSC::VM::VM):
1662         * runtime/VM.h:
1663         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1664         (JSC::JSWebAssemblyCodeBlock::create):
1665         (JSC::JSWebAssemblyCodeBlock::createStructure):
1666         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
1667         (JSC::JSWebAssemblyCodeBlock::mode):
1668         (JSC::JSWebAssemblyCodeBlock::module):
1669         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
1670         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
1671         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
1672         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
1673         (JSC::JSWebAssemblyCodeBlock::callees):
1674         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
1675         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1676         * wasm/WasmB3IRGenerator.cpp:
1677         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1678         (JSC::Wasm::getMemoryBaseAndSize):
1679         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1680         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1681         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1682         * wasm/WasmCallingConvention.h:
1683         * wasm/WasmFaultSignalHandler.cpp: Added.
1684         (JSC::Wasm::trapHandler):
1685         (JSC::Wasm::registerCode):
1686         (JSC::Wasm::unregisterCode):
1687         (JSC::Wasm::fastMemoryEnabled):
1688         (JSC::Wasm::enableFastMemory):
1689         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
1690         * wasm/WasmFormat.h:
1691         (JSC::Wasm::ModuleInformation::importFunctionCount):
1692         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
1693         * wasm/WasmMemory.cpp:
1694         (JSC::Wasm::mmapBytes):
1695         (JSC::Wasm::Memory::lastAllocatedMode):
1696         (JSC::Wasm::availableFastMemories):
1697         (JSC::Wasm::tryGetFastMemory):
1698         (JSC::Wasm::releaseFastMemory):
1699         (JSC::Wasm::Memory::Memory):
1700         (JSC::Wasm::Memory::createImpl):
1701         (JSC::Wasm::Memory::create):
1702         (JSC::Wasm::Memory::~Memory):
1703         (JSC::Wasm::Memory::grow):
1704         (JSC::Wasm::Memory::dump):
1705         (JSC::Wasm::Memory::makeString):
1706         * wasm/WasmMemory.h:
1707         (JSC::Wasm::Memory::operator bool):
1708         (JSC::Wasm::Memory::size):
1709         (JSC::Wasm::Memory::check):
1710         (JSC::Wasm::Memory::Memory): Deleted.
1711         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
1712         (JSC::Wasm::Memory::offsetOfSize): Deleted.
1713         * wasm/WasmMemoryInformation.cpp:
1714         (JSC::Wasm::MemoryInformation::MemoryInformation):
1715         * wasm/WasmMemoryInformation.h:
1716         (JSC::Wasm::MemoryInformation::hasReservedMemory):
1717         (JSC::Wasm::MemoryInformation::takeReservedMemory):
1718         (JSC::Wasm::MemoryInformation::mode):
1719         * wasm/WasmModuleParser.cpp:
1720         * wasm/WasmModuleParser.h:
1721         (JSC::Wasm::ModuleParser::ModuleParser):
1722         * wasm/WasmPlan.cpp:
1723         (JSC::Wasm::Plan::parseAndValidateModule):
1724         (JSC::Wasm::Plan::run):
1725         * wasm/WasmPlan.h:
1726         (JSC::Wasm::Plan::mode):
1727         * wasm/js/JSWebAssemblyCallee.cpp:
1728         (JSC::JSWebAssemblyCallee::finishCreation):
1729         (JSC::JSWebAssemblyCallee::destroy):
1730         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
1731         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1732         (JSC::JSWebAssemblyCodeBlock::destroy):
1733         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1734         (JSC::JSWebAssemblyCodeBlock::visitChildren):
1735         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
1736         * wasm/js/JSWebAssemblyInstance.cpp:
1737         (JSC::JSWebAssemblyInstance::setMemory):
1738         (JSC::JSWebAssemblyInstance::finishCreation):
1739         (JSC::JSWebAssemblyInstance::visitChildren):
1740         * wasm/js/JSWebAssemblyInstance.h:
1741         (JSC::JSWebAssemblyInstance::module):
1742         (JSC::JSWebAssemblyInstance::codeBlock):
1743         (JSC::JSWebAssemblyInstance::memoryMode):
1744         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
1745         * wasm/js/JSWebAssemblyMemory.cpp:
1746         (JSC::JSWebAssemblyMemory::create):
1747         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
1748         (JSC::JSWebAssemblyMemory::buffer):
1749         (JSC::JSWebAssemblyMemory::grow):
1750         (JSC::JSWebAssemblyMemory::destroy):
1751         * wasm/js/JSWebAssemblyMemory.h:
1752         (JSC::JSWebAssemblyMemory::memory):
1753         (JSC::JSWebAssemblyMemory::offsetOfMemory):
1754         (JSC::JSWebAssemblyMemory::offsetOfSize):
1755         * wasm/js/JSWebAssemblyModule.cpp:
1756         (JSC::JSWebAssemblyModule::buildCodeBlock):
1757         (JSC::JSWebAssemblyModule::create):
1758         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1759         (JSC::JSWebAssemblyModule::codeBlock):
1760         (JSC::JSWebAssemblyModule::finishCreation):
1761         (JSC::JSWebAssemblyModule::visitChildren):
1762         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
1763         * wasm/js/JSWebAssemblyModule.h:
1764         (JSC::JSWebAssemblyModule::takeReservedMemory):
1765         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
1766         (JSC::JSWebAssemblyModule::codeBlock):
1767         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
1768         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
1769         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
1770         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
1771         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
1772         (JSC::JSWebAssemblyModule::callees): Deleted.
1773         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
1774         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
1775         * wasm/js/WebAssemblyFunction.cpp:
1776         (JSC::callWebAssemblyFunction):
1777         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1778         (JSC::constructJSWebAssemblyInstance):
1779         * wasm/js/WebAssemblyMemoryConstructor.cpp:
1780         (JSC::constructJSWebAssemblyMemory):
1781         * wasm/js/WebAssemblyModuleConstructor.cpp:
1782         (JSC::WebAssemblyModuleConstructor::createModule):
1783         * wasm/js/WebAssemblyModuleRecord.cpp:
1784         (JSC::WebAssemblyModuleRecord::link):
1785         (JSC::WebAssemblyModuleRecord::evaluate):
1786
1787 2017-03-03  Mark Lam  <mark.lam@apple.com>
1788
1789         Gardening: fix broken ARM64 build.
1790         https://bugs.webkit.org/show_bug.cgi?id=169139
1791
1792         Not reviewed.
1793
1794         * assembler/ARM64Assembler.h:
1795         (JSC::ARM64Assembler::excepnGenerationImmMask):
1796
1797 2017-03-03  Mark Lam  <mark.lam@apple.com>
1798
1799         Add MacroAssembler::isBreakpoint() query function.
1800         https://bugs.webkit.org/show_bug.cgi?id=169139
1801
1802         Reviewed by Michael Saboff.
1803
1804         This will be needed soon when we use breakpoint instructions to implement
1805         non-polling VM traps, and need to discern between a VM trap signal and a genuine
1806         assertion breakpoint.
1807
1808         * assembler/ARM64Assembler.h:
1809         (JSC::ARM64Assembler::isBrk):
1810         (JSC::ARM64Assembler::excepnGenerationImmMask):
1811         * assembler/ARMAssembler.h:
1812         (JSC::ARMAssembler::isBkpt):
1813         * assembler/ARMv7Assembler.h:
1814         (JSC::ARMv7Assembler::isBkpt):
1815         * assembler/MIPSAssembler.h:
1816         (JSC::MIPSAssembler::isBkpt):
1817         * assembler/MacroAssemblerARM.h:
1818         (JSC::MacroAssemblerARM::isBreakpoint):
1819         * assembler/MacroAssemblerARM64.h:
1820         (JSC::MacroAssemblerARM64::isBreakpoint):
1821         * assembler/MacroAssemblerARMv7.h:
1822         (JSC::MacroAssemblerARMv7::isBreakpoint):
1823         * assembler/MacroAssemblerMIPS.h:
1824         (JSC::MacroAssemblerMIPS::isBreakpoint):
1825         * assembler/MacroAssemblerX86Common.h:
1826         (JSC::MacroAssemblerX86Common::isBreakpoint):
1827         * assembler/X86Assembler.h:
1828         (JSC::X86Assembler::isInt3):
1829
1830 2017-03-03  Mark Lam  <mark.lam@apple.com>
1831
1832         We should only check for traps that we're able to handle.
1833         https://bugs.webkit.org/show_bug.cgi?id=169136
1834
1835         Reviewed by Michael Saboff.
1836
1837         The execute methods in interpreter were checking for the existence of any traps
1838         (without masking) and only handling a subset of those via a mask.  This can
1839         result in a failed assertion on debug builds.
1840
1841         This patch fixes this by applying the same mask for both the needTrapHandling()
1842         check and the handleTraps() call.  Also added a few assertions.
1843
1844         * interpreter/Interpreter.cpp:
1845         (JSC::Interpreter::executeProgram):
1846         (JSC::Interpreter::executeCall):
1847         (JSC::Interpreter::executeConstruct):
1848         (JSC::Interpreter::execute):
1849         * jit/JITOperations.cpp:
1850         * llint/LLIntSlowPaths.cpp:
1851         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1852
1853 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
1854
1855         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
1856         https://bugs.webkit.org/show_bug.cgi?id=169074
1857
1858         Reviewed by Joseph Pecoraro.
1859
1860         They are not actually cocoa specific.
1861
1862         * inspector/remote/RemoteInspector.cpp:
1863         (Inspector::RemoteInspector::updateTargetListing):
1864         * inspector/remote/RemoteInspector.h:
1865         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
1866
1867 2017-03-02  Mark Lam  <mark.lam@apple.com>
1868
1869         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
1870         https://bugs.webkit.org/show_bug.cgi?id=169089
1871
1872         Reviewed by Tim Horton and Joseph Pecoraro.
1873
1874         * runtime/VM.cpp:
1875         (JSC::VM::handleTraps):
1876         * runtime/VM.h:
1877         (JSC::VM::notifyNeedDebuggerBreak):
1878
1879 2017-03-02  Michael Saboff  <msaboff@apple.com>
1880
1881         Add JSC identity when code signing to allow debugging on iOS
1882         https://bugs.webkit.org/show_bug.cgi?id=169099
1883
1884         Reviewed by Filip Pizlo.
1885
1886         * Configurations/JSC.xcconfig:
1887         * Configurations/ToolExecutable.xcconfig:
1888
1889 2017-03-02  Keith Miller  <keith_miller@apple.com>
1890
1891         WebAssemblyFunction should have Function.prototype as its prototype
1892         https://bugs.webkit.org/show_bug.cgi?id=169101
1893
1894         Reviewed by Filip Pizlo.
1895
1896         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
1897         objects should have Function.prototype as their prototype.
1898
1899         * runtime/JSGlobalObject.cpp:
1900         (JSC::JSGlobalObject::init):
1901
1902 2017-03-02  Mark Lam  <mark.lam@apple.com>
1903
1904         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
1905         https://bugs.webkit.org/show_bug.cgi?id=169088
1906
1907         Reviewed by Keith Miller.
1908
1909         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
1910         generated.  This is useful for testing purposes until we have signal based
1911         traps, at which point, we will always emit the op_check_traps bytecode and remove
1912         this option.
1913
1914         Options::usePollingTraps() enables the use of polling VM traps all the time.
1915         This will be useful for benchmark comparisons, (between polling and non-polling
1916         traps), as well as for forcing polling traps later for ports that don't support
1917         signal based traps.
1918
1919         Note: signal based traps are not fully implemented yet.  As a result, if the VM
1920         watchdog is in use, we will force Options::usePollingTraps() to be true.
1921
1922         * bytecompiler/BytecodeGenerator.cpp:
1923         (JSC::BytecodeGenerator::emitCheckTraps):
1924         * dfg/DFGClobberize.h:
1925         (JSC::DFG::clobberize):
1926         * dfg/DFGSpeculativeJIT.cpp:
1927         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
1928         * dfg/DFGSpeculativeJIT32_64.cpp:
1929         (JSC::DFG::SpeculativeJIT::compile):
1930         * dfg/DFGSpeculativeJIT64.cpp:
1931         (JSC::DFG::SpeculativeJIT::compile):
1932         * ftl/FTLLowerDFGToB3.cpp:
1933         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1934         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
1935         * runtime/Options.cpp:
1936         (JSC::recomputeDependentOptions):
1937         * runtime/Options.h:
1938
1939 2017-03-02  Keith Miller  <keith_miller@apple.com>
1940
1941         Fix addressing mode for B3WasmAddress
1942         https://bugs.webkit.org/show_bug.cgi?id=169092
1943
1944         Reviewed by Filip Pizlo.
1945
1946         Fix the potential addressing modes for B3WasmAddress. ARM does not
1947         support a base + index*1 + offset addressing mode. I think when I
1948         read it the first time I assumed it would always work on both ARM
1949         and X86. While true for X86 it's not true for ARM.
1950
1951         * b3/B3LowerToAir.cpp:
1952         (JSC::B3::Air::LowerToAir::effectiveAddr):
1953
1954 2017-03-02  Mark Lam  <mark.lam@apple.com>
1955
1956         Add support for selective handling of VM traps.
1957         https://bugs.webkit.org/show_bug.cgi?id=169087
1958
1959         Reviewed by Keith Miller.
1960
1961         This is needed because there are some places in the VM where it's appropriate to
1962         handle some types of VM traps but not others.
1963
1964         We implement this selection by using a VMTraps::Mask that allows the user to
1965         specify which traps should be serviced.
1966
1967         * interpreter/Interpreter.cpp:
1968         (JSC::Interpreter::executeProgram):
1969         (JSC::Interpreter::executeCall):
1970         (JSC::Interpreter::executeConstruct):
1971         (JSC::Interpreter::execute):
1972         * runtime/VM.cpp:
1973         (JSC::VM::handleTraps):
1974         * runtime/VM.h:
1975         * runtime/VMTraps.cpp:
1976         (JSC::VMTraps::takeTrap): Deleted.
1977         * runtime/VMTraps.h:
1978         (JSC::VMTraps::Mask::Mask):
1979         (JSC::VMTraps::Mask::allEventTypes):
1980         (JSC::VMTraps::Mask::bits):
1981         (JSC::VMTraps::Mask::init):
1982         (JSC::VMTraps::needTrapHandling):
1983         (JSC::VMTraps::hasTrapForEvent):
1984
1985 2017-03-02  Alex Christensen  <achristensen@webkit.org>
1986
1987         Continue enabling WebRTC
1988         https://bugs.webkit.org/show_bug.cgi?id=169056
1989
1990         Reviewed by Jon Lee.
1991
1992         * Configurations/FeatureDefines.xcconfig:
1993
1994 2017-03-02  Tomas Popela  <tpopela@redhat.com>
1995
1996         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
1997         https://bugs.webkit.org/show_bug.cgi?id=169034
1998
1999         Reviewed by Mark Lam.
2000
2001         It should not assign to offset, but compare to offset.
2002
2003         * runtime/JSGlobalObject.cpp:
2004         (JSC::JSGlobalObject::addStaticGlobals):
2005
2006 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2007
2008         Unreviewed, rolling out r213259.
2009
2010         Broke an internal build
2011
2012         Reverted changeset:
2013
2014         "Continue enabling WebRTC"
2015         https://bugs.webkit.org/show_bug.cgi?id=169056
2016         http://trac.webkit.org/changeset/213259
2017
2018 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2019
2020         Continue enabling WebRTC
2021         https://bugs.webkit.org/show_bug.cgi?id=169056
2022
2023         Reviewed by Jon Lee.
2024
2025         * Configurations/FeatureDefines.xcconfig:
2026
2027 2017-03-01  Michael Saboff  <msaboff@apple.com>
2028
2029         Source/JavaScriptCore/ChangeLog
2030         https://bugs.webkit.org/show_bug.cgi?id=169055
2031
2032         Reviewed by Mark Lam.
2033
2034         Made local copies of options strings for OptionRange and string typed options.
2035
2036         * runtime/Options.cpp:
2037         (JSC::parse):
2038         (JSC::OptionRange::init):
2039
2040 2017-03-01  Mark Lam  <mark.lam@apple.com>
2041
2042         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2043         https://bugs.webkit.org/show_bug.cgi?id=168996
2044
2045         Reviewed by Filip Pizlo and Saam Barati.
2046
2047         PlatformThread is more useful because it allows us to:
2048         1. find the MachineThreads::Thread which is associated with it.
2049         2. suspend / resume threads.
2050         3. send a signal to a thread.
2051
2052         We can't do those with std::thread::id.  We will need one or more of these
2053         capabilities to implement non-polling VM traps later.
2054
2055         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2056         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2057         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2058         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2059
2060         * JavaScriptCore.xcodeproj/project.pbxproj:
2061         * heap/MachineStackMarker.cpp:
2062         (JSC::MachineThreads::Thread::createForCurrentThread):
2063         (JSC::MachineThreads::machineThreadForCurrentThread):
2064         (JSC::MachineThreads::removeThread):
2065         (JSC::MachineThreads::Thread::suspend):
2066         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2067         (JSC::getCurrentPlatformThread): Deleted.
2068         * heap/MachineStackMarker.h:
2069         * runtime/JSCellInlines.h:
2070         (JSC::JSCell::classInfo):
2071         * runtime/JSLock.cpp:
2072         (JSC::JSLock::JSLock):
2073         (JSC::JSLock::lock):
2074         (JSC::JSLock::unlock):
2075         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2076         * runtime/JSLock.h:
2077         (JSC::JSLock::ownerThread):
2078         (JSC::JSLock::currentThreadIsHoldingLock):
2079         * runtime/PlatformThread.h: Added.
2080         (JSC::currentPlatformThread):
2081         * runtime/VM.cpp:
2082         (JSC::VM::~VM):
2083         * runtime/VM.h:
2084         (JSC::VM::ownerThread):
2085         * runtime/Watchdog.cpp:
2086         (JSC::Watchdog::setTimeLimit):
2087         (JSC::Watchdog::shouldTerminate):
2088         (JSC::Watchdog::startTimer):
2089         (JSC::Watchdog::stopTimer):
2090         * tools/JSDollarVMPrototype.cpp:
2091         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2092         * tools/VMInspector.cpp:
2093
2094 2017-03-01  Saam Barati  <sbarati@apple.com>
2095
2096         Implement a mega-disassembler that'll be used in the FTL
2097         https://bugs.webkit.org/show_bug.cgi?id=168685
2098
2099         Reviewed by Mark Lam.
2100
2101         This patch extends the previous Air disassembler to print the
2102         DFG and B3 nodes belonging to particular Air instructions.
2103         The algorithm I'm using to do this is not perfect. For example,
2104         it won't try to print the entire DFG/B3 graph. It'll just print
2105         the related nodes for particular Air instructions. We can make the
2106         algorithm more sophisticated as we get more experience looking at
2107         these IR dumps and get a better feel for what we want out of them.
2108
2109         This is an example of the output:
2110
2111         ...
2112         ...
2113         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2114            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2115                Patch &Patchpoint2, %r20, %r20, %r0, @54
2116          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2117            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2118                Move 32(%r20), %r5, @57
2119                       0x389cc9ac0:    ldur   x5, [x20, #32]
2120         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2121            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2122                Move32 (%r5), %r1, @58
2123                       0x389cc9ac4:    ldur   w1, [x5]
2124            Int32 @59 = Const32(DFG:@115, 92)
2125            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2126            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2127                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2128                       0x389cc9ac8:    cmp    w1, #92
2129                       0x389cc9acc:    b.ne   0x389cc9dac
2130         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2131            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2132                Move 8(%r5), %r4, @64
2133                       0x389cc9ad0:    ldur   x4, [x5, #8]
2134          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2135            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2136                Move32 -8(%r4), %r2, @67
2137                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2138       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2139            Int32 @68 = Const32(DFG:@192, -1)
2140                Move $0xffffffffffffffff, %r1, $-1(@68)
2141                       0x389cc9ad8:    mov    x1, #-1
2142          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2143            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2144                Add32 %r2, %r1, %r1, @69
2145                       0x389cc9adc:    add    w1, w2, w1
2146          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2147            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2148            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2149                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2150                       0x389cc9ae0:    cmp    x0, x22
2151                       0x389cc9ae4:    b.lo   0x389cc9dc0
2152            Int32 @72 = Trunc(@53, DFG:@86)
2153            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2154                And32 %r1, %r0, %r1, @73
2155                       0x389cc9ae8:    and    w1, w1, w0
2156            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2157            Int32 @72 = Trunc(@53, DFG:@86)
2158            Int64 @11 = SlotBase(stack0)
2159            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2160                Move32 %r0, -64(%fp), @76
2161                       0x389cc9aec:    stur   w0, [fp, #-64]
2162            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2163            Int64 @77 = ZExt32(@73, DFG:@12)
2164            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2165                Add64 %r1, %r22, %r3, @78
2166                       0x389cc9af0:    add    x3, x1, x22
2167            Int64 @11 = SlotBase(stack0)
2168            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2169                Move %r3, -72(%fp), @81
2170                       0x389cc9af4:    stur   x3, [fp, #-72]
2171            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2172            Int32 @82 = Trunc(@24, DFG:@10)
2173            Int64 @11 = SlotBase(stack0)
2174            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2175                Move32 %r21, -80(%fp), @85
2176                       0x389cc9af8:    stur   w21, [fp, #-80]
2177           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2178            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2179            Void @90 = Branch(@89, DFG:@129, Terminal)
2180                Branch32 AboveOrEqual, %r1, %r2, @90
2181                       0x389cc9afc:    cmp    w1, w2
2182                       0x389cc9b00:    b.hs   0x389cc9bec
2183         ...
2184         ...
2185
2186         * b3/air/AirDisassembler.cpp:
2187         (JSC::B3::Air::Disassembler::dump):
2188         * b3/air/AirDisassembler.h:
2189         * ftl/FTLCompile.cpp:
2190         (JSC::FTL::compile):
2191         * ftl/FTLLowerDFGToB3.cpp:
2192         (JSC::FTL::DFG::LowerDFGToB3::lower):
2193         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2194         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2195         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2196         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2197
2198 2017-03-01  Mark Lam  <mark.lam@apple.com>
2199
2200         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2201         https://bugs.webkit.org/show_bug.cgi?id=169042
2202
2203         Not reviewed.
2204
2205         Rolling out r213229 and r213202.
2206
2207         * JavaScriptCore.xcodeproj/project.pbxproj:
2208         * heap/MachineStackMarker.cpp:
2209         (JSC::getCurrentPlatformThread):
2210         (JSC::MachineThreads::Thread::createForCurrentThread):
2211         (JSC::MachineThreads::machineThreadForCurrentThread):
2212         (JSC::MachineThreads::removeThread):
2213         (JSC::MachineThreads::Thread::suspend):
2214         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2215         * heap/MachineStackMarker.h:
2216         * runtime/JSCellInlines.h:
2217         (JSC::JSCell::classInfo):
2218         * runtime/JSLock.cpp:
2219         (JSC::JSLock::JSLock):
2220         (JSC::JSLock::lock):
2221         (JSC::JSLock::unlock):
2222         (JSC::JSLock::currentThreadIsHoldingLock):
2223         * runtime/JSLock.h:
2224         (JSC::JSLock::ownerThread):
2225         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2226         * runtime/PlatformThread.h: Removed.
2227         * runtime/VM.cpp:
2228         (JSC::VM::~VM):
2229         * runtime/VM.h:
2230         (JSC::VM::ownerThread):
2231         * runtime/Watchdog.cpp:
2232         (JSC::Watchdog::setTimeLimit):
2233         (JSC::Watchdog::shouldTerminate):
2234         (JSC::Watchdog::startTimer):
2235         (JSC::Watchdog::stopTimer):
2236         * tools/JSDollarVMPrototype.cpp:
2237         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2238         * tools/VMInspector.cpp:
2239
2240 2017-03-01  Mark Lam  <mark.lam@apple.com>
2241
2242         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2243         https://bugs.webkit.org/show_bug.cgi?id=169042
2244
2245         Reviewed by Filip Pizlo.
2246
2247         * runtime/JSLock.h:
2248         (JSC::JSLock::currentThreadIsHoldingLock):
2249
2250 2017-02-28  Brian Burg  <bburg@apple.com>
2251
2252         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2253         https://bugs.webkit.org/show_bug.cgi?id=168695
2254         <rdar://problem/30643899>
2255
2256         Reviewed by Joseph Pecoraro.
2257
2258         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2259         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2260         to gather listing information for RemoteAutomationTargets.
2261
2262         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2263         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2264         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2265
2266         * inspector/remote/RemoteInspector.h:
2267         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2268
2269         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2270         (Inspector::RemoteConnectionToTarget::setup):
2271         (Inspector::RemoteConnectionToTarget::close):
2272         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2273         and use it inside the block later after it may have been destructed already. If that happens,
2274         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2275
2276         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2277         (Inspector::RemoteInspector::updateTargetListing):
2278         We need to make sure to request a listing push after the target is updated, so implicitly call
2279         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2280
2281         (Inspector::RemoteInspector::receivedSetupMessage):
2282         (Inspector::RemoteInspector::receivedDidCloseMessage):
2283         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2284         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2285         and asynchronously on the target's queue when the connection to target is opened or closed.
2286
2287 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2288
2289         Leak under Options::setOptions
2290         https://bugs.webkit.org/show_bug.cgi?id=169029
2291
2292         Reviewed by Michael Saboff.
2293
2294         Don't leak the optionsStrCopy variable.
2295
2296         * runtime/Options.cpp:
2297         (JSC::Options::setOptions):
2298
2299 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2300
2301         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2302         https://bugs.webkit.org/show_bug.cgi?id=168968
2303
2304         Reviewed by Saam Barati.
2305
2306         This patch decouples dumping bytecode sequence from CodeBlock.
2307         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2308         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2309         called Generatorification.
2310
2311         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2312         this class to dump bytecode sequence.
2313
2314         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2315         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2316
2317         * CMakeLists.txt:
2318         * JavaScriptCore.xcodeproj/project.pbxproj:
2319         * bytecode/BytecodeDumper.cpp: Added.
2320         (JSC::getStructureID):
2321         (JSC::getSpecialPointer):
2322         (JSC::getPutByIdFlags):
2323         (JSC::getToThisStatus):
2324         (JSC::getPointer):
2325         (JSC::getStructureChain):
2326         (JSC::getStructure):
2327         (JSC::getCallLinkInfo):
2328         (JSC::getBasicBlockLocation):
2329         (JSC::BytecodeDumper<Block>::actualPointerFor):
2330         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2331         (JSC::beginDumpProfiling):
2332         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2333         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2334         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2335         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2336         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2337         (JSC::dumpRareCaseProfile):
2338         (JSC::dumpArithProfile):
2339         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2340         (JSC::BytecodeDumper<Block>::vm):
2341         (JSC::BytecodeDumper<Block>::identifier):
2342         (JSC::regexpToSourceString):
2343         (JSC::regexpName):
2344         (JSC::printLocationAndOp):
2345         (JSC::isConstantRegisterIndex):
2346         (JSC::debugHookName):
2347         (JSC::BytecodeDumper<Block>::registerName):
2348         (JSC::idName):
2349         (JSC::BytecodeDumper<Block>::constantName):
2350         (JSC::BytecodeDumper<Block>::printUnaryOp):
2351         (JSC::BytecodeDumper<Block>::printBinaryOp):
2352         (JSC::BytecodeDumper<Block>::printConditionalJump):
2353         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2354         (JSC::dumpStructure):
2355         (JSC::dumpChain):
2356         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2357         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2358         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2359         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2360         (JSC::BytecodeDumper<Block>::printCallOp):
2361         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2362         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2363         (JSC::BytecodeDumper<Block>::dumpBytecode):
2364         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2365         (JSC::BytecodeDumper<Block>::dumpConstants):
2366         (JSC::BytecodeDumper<Block>::dumpRegExps):
2367         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2368         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2369         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2370         (JSC::BytecodeDumper<Block>::dumpBlock):
2371         * bytecode/BytecodeDumper.h: Added.
2372         (JSC::BytecodeDumper::BytecodeDumper):
2373         (JSC::BytecodeDumper::block):
2374         (JSC::BytecodeDumper::instructionsBegin):
2375         * bytecode/BytecodeGeneratorification.cpp:
2376         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2377         (JSC::performGeneratorification):
2378         * bytecode/BytecodeLivenessAnalysis.cpp:
2379         (JSC::BytecodeLivenessAnalysis::dumpResults):
2380         * bytecode/CodeBlock.cpp:
2381         (JSC::CodeBlock::dumpBytecode):
2382         (JSC::CodeBlock::finishCreation):
2383         (JSC::CodeBlock::propagateTransitions):
2384         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2385         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2386         (JSC::CodeBlock::usesOpcode):
2387         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2388         (JSC::CodeBlock::arithProfileForPC):
2389         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2390         (JSC::idName): Deleted.
2391         (JSC::CodeBlock::registerName): Deleted.
2392         (JSC::CodeBlock::constantName): Deleted.
2393         (JSC::regexpToSourceString): Deleted.
2394         (JSC::regexpName): Deleted.
2395         (JSC::debugHookName): Deleted.
2396         (JSC::CodeBlock::printUnaryOp): Deleted.
2397         (JSC::CodeBlock::printBinaryOp): Deleted.
2398         (JSC::CodeBlock::printConditionalJump): Deleted.
2399         (JSC::CodeBlock::printGetByIdOp): Deleted.
2400         (JSC::dumpStructure): Deleted.
2401         (JSC::dumpChain): Deleted.
2402         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2403         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2404         (JSC::CodeBlock::printCallOp): Deleted.
2405         (JSC::CodeBlock::printPutByIdOp): Deleted.
2406         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2407         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2408         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2409         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2410         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2411         (JSC::CodeBlock::dumpArithProfile): Deleted.
2412         (JSC::CodeBlock::printLocationAndOp): Deleted.
2413         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2414         * bytecode/CodeBlock.h:
2415         (JSC::CodeBlock::constantRegisters):
2416         (JSC::CodeBlock::numberOfRegExps):
2417         (JSC::CodeBlock::bitVectors):
2418         (JSC::CodeBlock::bitVector):
2419         * bytecode/HandlerInfo.h:
2420         (JSC::HandlerInfoBase::typeName):
2421         * bytecode/UnlinkedCodeBlock.cpp:
2422         (JSC::UnlinkedCodeBlock::dump):
2423         * bytecode/UnlinkedCodeBlock.h:
2424         (JSC::UnlinkedCodeBlock::getConstant):
2425         * bytecode/UnlinkedInstructionStream.cpp:
2426         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2427         * bytecode/UnlinkedInstructionStream.h:
2428         (JSC::UnlinkedInstructionStream::Reader::next):
2429         * runtime/Options.h:
2430
2431 2017-02-28  Mark Lam  <mark.lam@apple.com>
2432
2433         Change JSLock to stash PlatformThread instead of std::thread::id.
2434         https://bugs.webkit.org/show_bug.cgi?id=168996
2435
2436         Reviewed by Filip Pizlo.
2437
2438         PlatformThread is more useful because it allows us to:
2439         1. find the MachineThreads::Thread which is associated with it.
2440         2. suspend / resume threads.
2441         3. send a signal to a thread.
2442
2443         We can't do those with std::thread::id.  We will need one or more of these
2444         capabilities to implement non-polling VM traps later.
2445
2446         * JavaScriptCore.xcodeproj/project.pbxproj:
2447         * heap/MachineStackMarker.cpp:
2448         (JSC::MachineThreads::Thread::createForCurrentThread):
2449         (JSC::MachineThreads::machineThreadForCurrentThread):
2450         (JSC::MachineThreads::removeThread):
2451         (JSC::MachineThreads::Thread::suspend):
2452         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2453         (JSC::getCurrentPlatformThread): Deleted.
2454         * heap/MachineStackMarker.h:
2455         * runtime/JSCellInlines.h:
2456         (JSC::JSCell::classInfo):
2457         * runtime/JSLock.cpp:
2458         (JSC::JSLock::lock):
2459         (JSC::JSLock::unlock):
2460         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2461         * runtime/JSLock.h:
2462         (JSC::JSLock::ownerThread):
2463         (JSC::JSLock::currentThreadIsHoldingLock):
2464         * runtime/PlatformThread.h: Added.
2465         (JSC::currentPlatformThread):
2466         * runtime/VM.cpp:
2467         (JSC::VM::~VM):
2468         * runtime/VM.h:
2469         (JSC::VM::ownerThread):
2470         * runtime/Watchdog.cpp:
2471         (JSC::Watchdog::setTimeLimit):
2472         (JSC::Watchdog::shouldTerminate):
2473         (JSC::Watchdog::startTimer):
2474         (JSC::Watchdog::stopTimer):
2475         * tools/JSDollarVMPrototype.cpp:
2476         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2477         * tools/VMInspector.cpp:
2478
2479 2017-02-28  Mark Lam  <mark.lam@apple.com>
2480
2481         Enable the SigillCrashAnalyzer by default for iOS.
2482         https://bugs.webkit.org/show_bug.cgi?id=168989
2483
2484         Reviewed by Keith Miller.
2485
2486         * runtime/Options.cpp:
2487         (JSC::overrideDefaults):
2488
2489 2017-02-28  Mark Lam  <mark.lam@apple.com>
2490
2491         Remove setExclusiveThread() and peers from the JSLock.
2492         https://bugs.webkit.org/show_bug.cgi?id=168977
2493
2494         Reviewed by Filip Pizlo.
2495
2496         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
2497         Speedometer, we see that removal of exclusive thread status has no measurable
2498         impact on performance.  So, let's remove the code for handling exclusive thread
2499         status, and simplify the JSLock code.
2500
2501         For the records, exclusive thread status does improve JSLock locking/unlocking
2502         time by up to 20%.  However, this difference is not measurable in the way WebCore
2503         uses the JSLock as confirmed by Speedometer.
2504
2505         Also applied a minor optimization in JSLock::lock() to assume the initial lock
2506         entry case (as opposed to the re-entry case).  This appears to shows a small
2507         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
2508         time in a micro-benchmark.
2509
2510         * heap/Heap.cpp:
2511         (JSC::Heap::Heap):
2512         * heap/MachineStackMarker.cpp:
2513         (JSC::MachineThreads::MachineThreads):
2514         (JSC::MachineThreads::addCurrentThread):
2515         * heap/MachineStackMarker.h:
2516         * runtime/JSLock.cpp:
2517         (JSC::JSLock::JSLock):
2518         (JSC::JSLock::lock):
2519         (JSC::JSLock::unlock):
2520         (JSC::JSLock::currentThreadIsHoldingLock):
2521         (JSC::JSLock::dropAllLocks):
2522         (JSC::JSLock::grabAllLocks):
2523         (JSC::JSLock::setExclusiveThread): Deleted.
2524         * runtime/JSLock.h:
2525         (JSC::JSLock::ownerThread):
2526         (JSC::JSLock::hasExclusiveThread): Deleted.
2527         (JSC::JSLock::exclusiveThread): Deleted.
2528         * runtime/VM.h:
2529         (JSC::VM::hasExclusiveThread): Deleted.
2530         (JSC::VM::exclusiveThread): Deleted.
2531         (JSC::VM::setExclusiveThread): Deleted.
2532
2533 2017-02-28  Saam Barati  <sbarati@apple.com>
2534
2535         Arm64 disassembler prints "ars" instead of "asr"
2536         https://bugs.webkit.org/show_bug.cgi?id=168923
2537
2538         Rubber stamped by Michael Saboff.
2539
2540         * disassembler/ARM64/A64DOpcode.cpp:
2541         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2542
2543 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
2544
2545         Use of arguments in arrow function is slow
2546         https://bugs.webkit.org/show_bug.cgi?id=168829
2547
2548         Reviewed by Saam Barati.
2549
2550         Current patch improves performance access to arguments within arrow functuion
2551         by preventing create arguments variable within arrow function, also allow to cache 
2552         arguments variable. Before arguments variable always have Dynamic resolve type, after 
2553         patch it can be ClosureVar, that increase performance of access to arguments variable
2554         in 9 times inside of the arrow function. 
2555
2556         * bytecompiler/BytecodeGenerator.cpp:
2557         (JSC::BytecodeGenerator::BytecodeGenerator):
2558         * runtime/JSScope.cpp:
2559         (JSC::abstractAccess):
2560
2561 2017-02-28  Michael Saboff  <msaboff@apple.com>
2562
2563         Add ability to configure JSC options from a file
2564         https://bugs.webkit.org/show_bug.cgi?id=168914
2565
2566         Reviewed by Filip Pizlo.
2567
2568         Added the ability to set options and DataLog file location via a configuration file.
2569         The configuration file is specified with the --configFile option to JSC or the
2570         JSC_configFile environment variable.
2571
2572         The file format allows for options conditionally dependent on various attributes.
2573         Currently those attributes are the process name, parent process name and build
2574         type (Release or Debug).  In this patch, the parent process type is not set.
2575         That will be set up in WebKit code with a follow up patch.
2576
2577         Here is an example config file:
2578
2579             logFile = "/tmp/jscLog.%pid.txt"
2580
2581             jscOptions {
2582                 dumpOptions = 2
2583             }
2584
2585             build == "Debug" {
2586                 jscOptions {
2587                     useConcurrentJIT = false
2588                     dumpDisassembly = true
2589                 }
2590             }
2591
2592             build == "Release" && processName == "jsc" {
2593                 jscOptions {
2594                     asyncDisassembly = true
2595                 }
2596             }
2597
2598         Eliminated the prior options file code.
2599
2600         * CMakeLists.txt:
2601         * JavaScriptCore.xcodeproj/project.pbxproj:
2602         * jsc.cpp:
2603         (jscmain):
2604         * runtime/ConfigFile.cpp: Added.
2605         (JSC::ConfigFileScanner::ConfigFileScanner):
2606         (JSC::ConfigFileScanner::start):
2607         (JSC::ConfigFileScanner::lineNumber):
2608         (JSC::ConfigFileScanner::currentBuffer):
2609         (JSC::ConfigFileScanner::atFileEnd):
2610         (JSC::ConfigFileScanner::tryConsume):
2611         (JSC::ConfigFileScanner::tryConsumeString):
2612         (JSC::ConfigFileScanner::tryConsumeUpto):
2613         (JSC::ConfigFileScanner::fillBufferIfNeeded):
2614         (JSC::ConfigFileScanner::fillBuffer):
2615         (JSC::ConfigFile::ConfigFile):
2616         (JSC::ConfigFile::setProcessName):
2617         (JSC::ConfigFile::setParentProcessName):
2618         (JSC::ConfigFile::parse):
2619         * runtime/ConfigFile.h: Added.
2620         * runtime/Options.cpp:
2621         (JSC::Options::initialize):
2622         (JSC::Options::setOptions):
2623         * runtime/Options.h:
2624
2625 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2626
2627         Begin enabling WebRTC on 64-bit
2628         https://bugs.webkit.org/show_bug.cgi?id=168915
2629
2630         Reviewed by Eric Carlson.
2631
2632         * Configurations/FeatureDefines.xcconfig:
2633
2634 2017-02-27  Mark Lam  <mark.lam@apple.com>
2635
2636         Introduce a VM Traps mechanism and refactor Watchdog to use it.
2637         https://bugs.webkit.org/show_bug.cgi?id=168842
2638
2639         Reviewed by Filip Pizlo.
2640
2641         Currently, the traps mechanism is only used for the JSC watchdog, and for
2642         asynchronous termination requests (which is currently only used for worker
2643         threads termination).
2644
2645         This first cut of the traps mechanism still relies on polling from DFG and FTL
2646         code.  This is done to keep the patch as small as possible.  The work to do
2647         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
2648         another patch.
2649
2650         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
2651         flag to enable the traps polling in the DFG and FTL code.  When we have the
2652         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
2653         the VM::m_needAsynchronousTerminationSupport flag.
2654
2655         Note: this patch also separates asynchronous termination support from the JSC
2656         watchdog.  This separation allows us to significantly simplify the locking
2657         requirements in the watchdog code, and make it easier to reason about its
2658         correctness.
2659
2660         * CMakeLists.txt:
2661         * JavaScriptCore.xcodeproj/project.pbxproj:
2662         * bytecode/BytecodeList.json:
2663         * bytecode/BytecodeUseDef.h:
2664         (JSC::computeUsesForBytecodeOffset):
2665         (JSC::computeDefsForBytecodeOffset):
2666         * bytecode/CodeBlock.cpp:
2667         (JSC::CodeBlock::dumpBytecode):
2668         * bytecompiler/BytecodeGenerator.cpp:
2669         (JSC::BytecodeGenerator::BytecodeGenerator):
2670         (JSC::BytecodeGenerator::emitLoopHint):
2671         (JSC::BytecodeGenerator::emitCheckTraps):
2672         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
2673         * bytecompiler/BytecodeGenerator.h:
2674         * dfg/DFGAbstractInterpreterInlines.h:
2675         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2676         * dfg/DFGByteCodeParser.cpp:
2677         (JSC::DFG::ByteCodeParser::parseBlock):
2678         * dfg/DFGCapabilities.cpp:
2679         (JSC::DFG::capabilityLevel):
2680         * dfg/DFGClobberize.h:
2681         (JSC::DFG::clobberize):
2682         * dfg/DFGDoesGC.cpp:
2683         (JSC::DFG::doesGC):
2684         * dfg/DFGFixupPhase.cpp:
2685         (JSC::DFG::FixupPhase::fixupNode):
2686         * dfg/DFGNodeType.h:
2687         * dfg/DFGPredictionPropagationPhase.cpp:
2688         * dfg/DFGSafeToExecute.h:
2689         (JSC::DFG::safeToExecute):
2690         * dfg/DFGSpeculativeJIT.cpp:
2691         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2692         * dfg/DFGSpeculativeJIT.h:
2693         * dfg/DFGSpeculativeJIT32_64.cpp:
2694         (JSC::DFG::SpeculativeJIT::compile):
2695         * dfg/DFGSpeculativeJIT64.cpp:
2696         (JSC::DFG::SpeculativeJIT::compile):
2697         * ftl/FTLCapabilities.cpp:
2698         (JSC::FTL::canCompile):
2699         * ftl/FTLLowerDFGToB3.cpp:
2700         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2701         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2702         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
2703         * interpreter/Interpreter.cpp:
2704         (JSC::Interpreter::executeProgram):
2705         (JSC::Interpreter::executeCall):
2706         (JSC::Interpreter::executeConstruct):
2707         (JSC::Interpreter::execute):
2708         * jit/JIT.cpp:
2709         (JSC::JIT::privateCompileMainPass):
2710         (JSC::JIT::privateCompileSlowCases):
2711         * jit/JIT.h:
2712         * jit/JITOpcodes.cpp:
2713         (JSC::JIT::emit_op_check_traps):
2714         (JSC::JIT::emitSlow_op_check_traps):
2715         (JSC::JIT::emit_op_watchdog): Deleted.
2716         (JSC::JIT::emitSlow_op_watchdog): Deleted.
2717         * jit/JITOperations.cpp:
2718         * jit/JITOperations.h:
2719         * llint/LLIntSlowPaths.cpp:
2720         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2721         * llint/LLIntSlowPaths.h:
2722         * llint/LowLevelInterpreter.asm:
2723         * llint/LowLevelInterpreter32_64.asm:
2724         * llint/LowLevelInterpreter64.asm:
2725         * runtime/VM.cpp:
2726         (JSC::VM::~VM):
2727         (JSC::VM::ensureWatchdog):
2728         (JSC::VM::handleTraps):
2729         * runtime/VM.h:
2730         (JSC::VM::ownerThread):
2731         (JSC::VM::needTrapHandling):
2732         (JSC::VM::needTrapHandlingAddress):
2733         (JSC::VM::notifyNeedTermination):
2734         (JSC::VM::notifyNeedWatchdogCheck):
2735         (JSC::VM::needAsynchronousTerminationSupport):
2736         (JSC::VM::setNeedAsynchronousTerminationSupport):
2737         * runtime/VMInlines.h:
2738         (JSC::VM::shouldTriggerTermination): Deleted.
2739         * runtime/VMTraps.cpp: Added.
2740         (JSC::VMTraps::fireTrap):
2741         (JSC::VMTraps::takeTrap):
2742         * runtime/VMTraps.h: Added.
2743         (JSC::VMTraps::needTrapHandling):
2744         (JSC::VMTraps::needTrapHandlingAddress):
2745         (JSC::VMTraps::hasTrapForEvent):
2746         (JSC::VMTraps::setTrapForEvent):
2747         (JSC::VMTraps::clearTrapForEvent):
2748         * runtime/Watchdog.cpp:
2749         (JSC::Watchdog::Watchdog):
2750         (JSC::Watchdog::setTimeLimit):
2751         (JSC::Watchdog::shouldTerminate):
2752         (JSC::Watchdog::enteredVM):
2753         (JSC::Watchdog::exitedVM):
2754         (JSC::Watchdog::startTimer):
2755         (JSC::Watchdog::stopTimer):
2756         (JSC::Watchdog::willDestroyVM):
2757         (JSC::Watchdog::terminateSoon): Deleted.
2758         (JSC::Watchdog::shouldTerminateSlow): Deleted.
2759         * runtime/Watchdog.h:
2760         (JSC::Watchdog::shouldTerminate): Deleted.
2761         (JSC::Watchdog::timerDidFireAddress): Deleted.
2762
2763 2017-02-27  Commit Queue  <commit-queue@webkit.org>
2764
2765         Unreviewed, rolling out r213019.
2766         https://bugs.webkit.org/show_bug.cgi?id=168925
2767
2768         "It broke 32-bit jsc tests in debug builds" (Requested by
2769         saamyjoon on #webkit).
2770
2771         Reverted changeset:
2772
2773         "op_get_by_id_with_this should use inline caching"
2774         https://bugs.webkit.org/show_bug.cgi?id=162124
2775         http://trac.webkit.org/changeset/213019
2776
2777 2017-02-27  JF Bastien  <jfbastien@apple.com>
2778
2779         WebAssembly: miscellaneous spec fixes part deux
2780         https://bugs.webkit.org/show_bug.cgi?id=168861
2781
2782         Reviewed by Keith Miller.
2783
2784         * wasm/WasmFunctionParser.h: add some FIXME
2785
2786 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2787
2788         [libwebrtc] Enable WebRTC in some Production Builds
2789         https://bugs.webkit.org/show_bug.cgi?id=168858
2790
2791         * Configurations/FeatureDefines.xcconfig:
2792
2793 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
2794
2795         op_get_by_id_with_this should use inline caching
2796         https://bugs.webkit.org/show_bug.cgi?id=162124
2797
2798         Reviewed by Saam Barati.
2799
2800         This patch is enabling inline cache for op_get_by_id_with_this in all
2801         tiers. It means that operations using ```super.member``` are going to
2802         be able to be optimized by PIC. To enable it, we introduced a new
2803         member of StructureStubInfo.patch named thisGPR, created a new class
2804         to manage the IC named JITGetByIdWithThisGenerator and changed
2805         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
2806         to decide the correct this value on inline caches.
2807         With inline cached enabled, ```super.member``` are ~4.5x faster,
2808         according microbenchmarks.
2809
2810         * bytecode/AccessCase.cpp:
2811         (JSC::AccessCase::generateImpl):
2812         * bytecode/PolymorphicAccess.cpp:
2813         (JSC::PolymorphicAccess::regenerate):
2814         * bytecode/PolymorphicAccess.h:
2815         * bytecode/StructureStubInfo.cpp:
2816         (JSC::StructureStubInfo::reset):
2817         * bytecode/StructureStubInfo.h:
2818         * dfg/DFGFixupPhase.cpp:
2819         (JSC::DFG::FixupPhase::fixupNode):
2820         * dfg/DFGJITCompiler.cpp:
2821         (JSC::DFG::JITCompiler::link):
2822         * dfg/DFGJITCompiler.h:
2823         (JSC::DFG::JITCompiler::addGetByIdWithThis):
2824         * dfg/DFGSpeculativeJIT.cpp:
2825         (JSC::DFG::SpeculativeJIT::compileIn):
2826         * dfg/DFGSpeculativeJIT.h:
2827         (JSC::DFG::SpeculativeJIT::callOperation):
2828         * dfg/DFGSpeculativeJIT32_64.cpp:
2829         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2830         (JSC::DFG::SpeculativeJIT::compile):
2831         * dfg/DFGSpeculativeJIT64.cpp:
2832         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2833         (JSC::DFG::SpeculativeJIT::compile):
2834         * ftl/FTLLowerDFGToB3.cpp:
2835         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
2836         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
2837         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
2838         * jit/CCallHelpers.h:
2839         (JSC::CCallHelpers::setupArgumentsWithExecState):
2840         * jit/ICStats.h:
2841         * jit/JIT.cpp:
2842         (JSC::JIT::JIT):
2843         (JSC::JIT::privateCompileSlowCases):
2844         (JSC::JIT::link):
2845         * jit/JIT.h:
2846         * jit/JITInlineCacheGenerator.cpp:
2847         (JSC::JITByIdGenerator::JITByIdGenerator):
2848         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2849         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
2850         * jit/JITInlineCacheGenerator.h:
2851         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2852         * jit/JITInlines.h:
2853         (JSC::JIT::callOperation):
2854         * jit/JITOperations.cpp:
2855         * jit/JITOperations.h:
2856         * jit/JITPropertyAccess.cpp:
2857         (JSC::JIT::emit_op_get_by_id_with_this):
2858         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2859         * jit/JITPropertyAccess32_64.cpp:
2860         (JSC::JIT::emit_op_get_by_id_with_this):
2861         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2862         * jit/Repatch.cpp:
2863         (JSC::appropriateOptimizingGetByIdFunction):
2864         (JSC::appropriateGenericGetByIdFunction):
2865         (JSC::tryCacheGetByID):
2866         * jit/Repatch.h:
2867         * jsc.cpp:
2868         (WTF::CustomGetter::getOwnPropertySlot):
2869         (WTF::CustomGetter::customGetterAcessor):
2870
2871 2017-02-24  JF Bastien  <jfbastien@apple.com>
2872
2873         WebAssembly: miscellaneous spec fixes
2874         https://bugs.webkit.org/show_bug.cgi?id=168822
2875
2876         Reviewed by Saam Barati.
2877
2878         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
2879         * wasm/WasmSections.h:
2880         (JSC::Wasm::validateOrder):
2881         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
2882         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2883         (JSC::constructJSWebAssemblyInstance): disallow i64 import
2884         * wasm/js/WebAssemblyModuleRecord.cpp:
2885         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
2886         (JSC::WebAssemblyModuleRecord::evaluate):
2887
2888 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
2889
2890         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
2891         https://bugs.webkit.org/show_bug.cgi?id=168833
2892
2893         Reviewed by Saam Barati.
2894         
2895         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
2896         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
2897         approach that if something is not specific to Air, then it should be in the B3
2898         namespace.
2899         
2900         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
2901         
2902         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
2903         was never really a type. Its purpose was always to identify register banks, and we use
2904         this enum when the thing we care about is whether the value is most appropriate for
2905         GPRs or FPRs.
2906         
2907         I kept both as non-enum classes because I think that we've learned that terse compiler
2908         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
2909         argument is even stronger, since you cannot say Width::8 but you can say Width8.
2910
2911         * CMakeLists.txt:
2912         * JavaScriptCore.xcodeproj/project.pbxproj:
2913         * b3/B3Bank.cpp: Added.
2914         (WTF::printInternal):
2915         * b3/B3Bank.h: Added.
2916         (JSC::B3::forEachBank):
2917         (JSC::B3::bankForType):
2918         * b3/B3CheckSpecial.cpp:
2919         (JSC::B3::CheckSpecial::forEachArg):
2920         * b3/B3LegalizeMemoryOffsets.cpp:
2921         * b3/B3LowerToAir.cpp:
2922         (JSC::B3::Air::LowerToAir::run):
2923         (JSC::B3::Air::LowerToAir::tmp):
2924         (JSC::B3::Air::LowerToAir::scaleForShl):
2925         (JSC::B3::Air::LowerToAir::effectiveAddr):
2926         (JSC::B3::Air::LowerToAir::addr):
2927         (JSC::B3::Air::LowerToAir::createGenericCompare):
2928         (JSC::B3::Air::LowerToAir::createBranch):
2929         (JSC::B3::Air::LowerToAir::createCompare):
2930         (JSC::B3::Air::LowerToAir::createSelect):
2931         (JSC::B3::Air::LowerToAir::lower):
2932         * b3/B3MemoryValue.cpp:
2933         (JSC::B3::MemoryValue::accessWidth):
2934         * b3/B3MemoryValue.h:
2935         * b3/B3MoveConstants.cpp:
2936         * b3/B3PatchpointSpecial.cpp:
2937         (JSC::B3::PatchpointSpecial::forEachArg):
2938         * b3/B3StackmapSpecial.cpp:
2939         (JSC::B3::StackmapSpecial::forEachArgImpl):
2940         * b3/B3Value.h:
2941         * b3/B3Variable.h:
2942         (JSC::B3::Variable::width):
2943         (JSC::B3::Variable::bank):
2944         * b3/B3WasmAddressValue.h:
2945         * b3/B3Width.cpp: Added.
2946         (WTF::printInternal):
2947         * b3/B3Width.h: Added.
2948         (JSC::B3::pointerWidth):
2949         (JSC::B3::widthForType):
2950         (JSC::B3::conservativeWidth):
2951         (JSC::B3::minimumWidth):
2952         (JSC::B3::bytes):
2953         (JSC::B3::widthForBytes):
2954         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
2955         * b3/air/AirAllocateStack.cpp:
2956         (JSC::B3::Air::allocateStack):
2957         * b3/air/AirArg.cpp:
2958         (JSC::B3::Air::Arg::canRepresent):
2959         (JSC::B3::Air::Arg::isCompatibleBank):
2960         (JSC::B3::Air::Arg::isCompatibleType): Deleted.
2961         * b3/air/AirArg.h:
2962         (JSC::B3::Air::Arg::hasBank):
2963         (JSC::B3::Air::Arg::bank):
2964         (JSC::B3::Air::Arg::isBank):
2965         (JSC::B3::Air::Arg::forEachTmp):
2966         (JSC::B3::Air::Arg::forEachType): Deleted.
2967         (JSC::B3::Air::Arg::pointerWidth): Deleted.
2968         (JSC::B3::Air::Arg::typeForB3Type): Deleted.
2969         (JSC::B3::Air::Arg::widthForB3Type): Deleted.
2970         (JSC::B3::Air::Arg::conservativeWidth): Deleted.
2971         (JSC::B3::Air::Arg::minimumWidth): Deleted.
2972         (JSC::B3::Air::Arg::bytes): Deleted.
2973         (JSC::B3::Air::Arg::widthForBytes): Deleted.
2974         (JSC::B3::Air::Arg::hasType): Deleted.
2975         (JSC::B3::Air::Arg::type): Deleted.
2976         (JSC::B3::Air::Arg::isType): Deleted.
2977         * b3/air/AirArgInlines.h:
2978         (JSC::B3::Air::ArgThingHelper<Tmp>::forEach):
2979         (JSC::B3::Air::ArgThingHelper<Arg>::forEach):
2980         (JSC::B3::Air::ArgThingHelper<Reg>::forEach):
2981         (JSC::B3::Air::Arg::forEach):
2982         * b3/air/AirCCallSpecial.cpp:
2983         (JSC::B3::Air::CCallSpecial::forEachArg):
2984         * b3/air/AirCCallingConvention.cpp:
2985         * b3/air/AirCode.cpp:
2986         (JSC::B3::Air::Code::Code):
2987         (JSC::B3::Air::Code::setRegsInPriorityOrder):
2988         (JSC::B3::Air::Code::pinRegister):
2989         * b3/air/AirCode.h:
2990         (JSC::B3::Air::Code::regsInPriorityOrder):
2991         (JSC::B3::Air::Code::newTmp):
2992         (JSC::B3::Air::Code::numTmps):
2993         (JSC::B3::Air::Code::regsInPriorityOrderImpl):
2994         * b3/air/AirCustom.cpp:
2995         (JSC::B3::Air::PatchCustom::isValidForm):
2996         (JSC::B3::Air::ShuffleCustom::isValidForm):
2997         * b3/air/AirCustom.h:
2998         (JSC::B3::Air::PatchCustom::forEachArg):
2999         (JSC::B3::Air::CCallCustom::forEachArg):
3000         (JSC::B3::Air::ColdCCallCustom::forEachArg):
3001         (JSC::B3::Air::ShuffleCustom::forEachArg):
3002         (JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
3003         * b3/air/AirDumpAsJS.cpp:
3004         (JSC::B3::Air::dumpAsJS):
3005         * b3/air/AirEliminateDeadCode.cpp:
3006         (JSC::B3::Air::eliminateDeadCode):
3007         * b3/air/AirEmitShuffle.cpp:
3008         (JSC::B3::Air::emitShuffle):
3009         * b3/air/AirEmitShuffle.h:
3010         (JSC::B3::Air::ShufflePair::ShufflePair):
3011         (JSC::B3::Air::ShufflePair::width):
3012         * b3/air/AirFixObviousSpills.cpp:
3013         * b3/air/AirFixPartialRegisterStalls.cpp:
3014         (JSC::B3::Air::fixPartialRegisterStalls):
3015         * b3/air/AirInst.cpp:
3016         (JSC::B3::Air::Inst::hasArgEffects):
3017         * b3/air/AirInst.h:
3018         (JSC::B3::Air::Inst::forEachTmp):
3019         * b3/air/AirInstInlines.h:
3020         (JSC::B3::Air::Inst::forEach):
3021         (JSC::B3::Air::Inst::forEachDef):
3022         (JSC::B3::Air::Inst::forEachDefWithExtraClobberedRegs):
3023         * b3/air/AirLiveness.h:
3024         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
3025         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
3026         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
3027         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
3028         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
3029         (JSC::B3::Air::RegLivenessAdapter::acceptsBank):
3030         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
3031         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
3032         (JSC::B3::Air::TmpLivenessAdapter::acceptsType): Deleted.
3033         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsType): Deleted.
3034         (JSC::B3::Air::RegLivenessAdapter::acceptsType): Deleted.
3035         * b3/air/AirLogRegisterPressure.cpp:
3036         (JSC::B3::Air::logRegisterPressure):
3037         * b3/air/AirLowerAfterRegAlloc.cpp:
3038         (JSC::B3::Air::lowerAfterRegAlloc):
3039         * b3/air/AirLowerMacros.cpp:
3040         (JSC::B3::Air::lowerMacros):
3041         * b3/air/AirPadInterference.cpp:
3042         (JSC::B3::Air::padInterference):
3043         * b3/air/AirReportUsedRegisters.cpp:
3044         (JSC::B3::Air::reportUsedRegisters):
3045         * b3/air/AirSpillEverything.cpp:
3046         (JSC::B3::Air::spillEverything):
3047         * b3/air/AirTmpInlines.h:
3048         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex): Deleted.
3049         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::lastMachineRegisterIndex): Deleted.
3050         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
3051         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex): Deleted.
3052         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::lastMachineRegisterIndex): Deleted.
3053         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
3054         * b3/air/AirTmpWidth.cpp:
3055         (JSC::B3::Air::TmpWidth::recompute):
3056         * b3/air/AirTmpWidth.h:
3057         (JSC::B3::Air::TmpWidth::width):
3058         (JSC::B3::Air::TmpWidth::requiredWidth):
3059         (JSC::B3::Air::TmpWidth::defWidth):
3060         (JSC::B3::Air::TmpWidth::useWidth):
3061         (JSC::B3::Air::TmpWidth::Widths::Widths):
3062         * b3/air/AirUseCounts.h:
3063         (JSC::B3::Air::UseCounts::UseCounts):
3064         * b3/air/AirValidate.cpp:
3065         * b3/air/opcode_generator.rb:
3066         * b3/air/testair.cpp:
3067         (JSC::B3::Air::compile): Deleted.
3068         (JSC::B3::Air::invoke): Deleted.
3069         (JSC::B3::Air::compileAndRun): Deleted.
3070         (JSC::B3::Air::testSimple): Deleted.
3071         (JSC::B3::Air::loadConstantImpl): Deleted.
3072         (JSC::B3::Air::loadConstant): Deleted.
3073         (JSC::B3::Air::loadDoubleConstant): Deleted.
3074         (JSC::B3::Air::testShuffleSimpleSwap): Deleted.
3075         (JSC::B3::Air::testShuffleSimpleShift): Deleted.
3076         (JSC::B3::Air::testShuffleLongShift): Deleted.
3077         (JSC::B3::Air::testShuffleLongShiftBackwards): Deleted.
3078         (JSC::B3::Air::testShuffleSimpleRotate): Deleted.
3079         (JSC::B3::Air::testShuffleSimpleBroadcast): Deleted.
3080         (JSC::B3::Air::testShuffleBroadcastAllRegs): Deleted.
3081         (JSC::B3::Air::testShuffleTreeShift): Deleted.
3082         (JSC::B3::Air::testShuffleTreeShiftBackward): Deleted.
3083         (JSC::B3::Air::testShuffleTreeShiftOtherBackward): Deleted.
3084         (JSC::B3::Air::testShuffleMultipleShifts): Deleted.
3085         (JSC::B3::Air::testShuffleRotateWithFringe): Deleted.
3086         (JSC::B3::Air::testShuffleRotateWithFringeInWeirdOrder): Deleted.
3087         (JSC::B3::Air::testShuffleRotateWithLongFringe): Deleted.
3088         (JSC::B3::Air::testShuffleMultipleRotates): Deleted.
3089         (JSC::B3::Air::testShuffleShiftAndRotate): Deleted.
3090         (JSC::B3::Air::testShuffleShiftAllRegs): Deleted.
3091         (JSC::B3::Air::testShuffleRotateAllRegs): Deleted.
3092         (JSC::B3::Air::testShuffleSimpleSwap64): Deleted.
3093         (JSC::B3::Air::testShuffleSimpleShift64): Deleted.
3094         (JSC::B3::Air::testShuffleSwapMixedWidth): Deleted.
3095         (JSC::B3::Air::testShuffleShiftMixedWidth): Deleted.
3096         (JSC::B3::Air::testShuffleShiftMemory): Deleted.
3097         (JSC::B3::Air::testShuffleShiftMemoryLong): Deleted.
3098         (JSC::B3::Air::testShuffleShiftMemoryAllRegs): Deleted.
3099         (JSC::B3::Air::testShuffleShiftMemoryAllRegs64): Deleted.
3100         (JSC::B3::Air::combineHiLo): Deleted.
3101         (JSC::B3::Air::testShuffleShiftMemoryAllRegsMixedWidth): Deleted.
3102         (JSC::B3::Air::testShuffleRotateMemory): Deleted.
3103         (JSC::B3::Air::testShuffleRotateMemory64): Deleted.
3104         (JSC::B3::Air::testShuffleRotateMemoryMixedWidth): Deleted.
3105         (JSC::B3::Air::testShuffleRotateMemoryAllRegs64): Deleted.
3106         (JSC::B3::Air::testShuffleRotateMemoryAllRegsMixedWidth): Deleted.
3107         (JSC::B3::Air::testShuffleSwapDouble): Deleted.
3108         (JSC::B3::Air::testShuffleShiftDouble): Deleted.
3109         (JSC::B3::Air::testX86VMULSD): Deleted.
3110         (JSC::B3::Air::testX86VMULSDDestRex): Deleted.
3111         (JSC::B3::Air::testX86VMULSDOp1DestRex): Deleted.
3112         (JSC::B3::Air::testX86VMULSDOp2DestRex): Deleted.
3113         (JSC::B3::Air::testX86VMULSDOpsDestRex): Deleted.
3114         (JSC::B3::Air::testX86VMULSDAddr): Deleted.
3115         (JSC::B3::Air::testX86VMULSDAddrOpRexAddr): Deleted.
3116         (JSC::B3::Air::testX86VMULSDDestRexAddr): Deleted.
3117         (JSC::B3::Air::testX86VMULSDRegOpDestRexAddr): Deleted.
3118         (JSC::B3::Air::testX86VMULSDAddrOpDestRexAddr): Deleted.
3119         (JSC::B3::Air::testX86VMULSDBaseNeedsRex): Deleted.
3120         (JSC::B3::Air::testX86VMULSDIndexNeedsRex): Deleted.
3121         (JSC::B3::Air::testX86VMULSDBaseIndexNeedRex): Deleted.
3122         (JSC::B3::Air::run): Deleted.
3123
3124 2017-02-24  Keith Miller  <keith_miller@apple.com>
3125
3126         We should be able to use std::tuples as keys in HashMap
3127         https://bugs.webkit.org/show_bug.cgi?id=168805
3128
3129         Reviewed by Filip Pizlo.
3130
3131         Convert the mess of std::pairs we used as the keys in PrototypeMap
3132         to a std::tuple. I also plan on using this for a HashMap in wasm.
3133
3134         * JavaScriptCore.xcodeproj/project.pbxproj:
3135         * runtime/PrototypeMap.cpp:
3136         (JSC::PrototypeMap::createEmptyStructure):
3137         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
3138         * runtime/PrototypeMap.h:
3139
3140 2017-02-24  Saam Barati  <sbarati@apple.com>
3141
3142         Unreviewed. Remove inaccurate copy-paste comment from r212939.
3143
3144         * dfg/DFGOperations.cpp:
3145
3146 2017-02-23  Saam Barati  <sbarati@apple.com>
3147
3148         Intrinsicify parseInt
3149         https://bugs.webkit.org/show_bug.cgi?id=168627
3150
3151         Reviewed by Filip Pizlo.
3152
3153         This patch makes parseInt an intrinsic in the DFG and FTL.
3154         We do our best to eliminate this node. If we speculate that
3155         the first operand to the operation is an int32, and that there
3156         isn't a second operand, we convert to the identity of the first
3157         operand. That's because parseInt(someInt) === someInt.
3158         
3159         If the first operand is proven to be an integer, and the second
3160         operand is the integer 0 or the integer 10, we can eliminate the
3161         node by making it an identity over its first operand. That's
3162         because parseInt(someInt, 0) === someInt and parseInt(someInt, 10) === someInt.
3163         
3164         If we are not able to constant fold the node away, we try to remove
3165         checks. The most common use case of parseInt is that its first operand
3166         is a proven string. The DFG might be able to remove type checks in this
3167         case. We also set up CSE rules for parseInt(someString, someIntRadix)
3168         because it's a "pure" operation (modulo resolving a rope).
3169
3170         This looks to be a 4% Octane/Box2D progression.
3171
3172         * dfg/DFGAbstractInterpreterInlines.h:
3173         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3174         * dfg/DFGByteCodeParser.cpp:
3175         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3176         * dfg/DFGClobberize.h:
3177         (JSC::DFG::clobberize):
3178         * dfg/DFGConstantFoldingPhase.cpp:
3179         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3180         * dfg/DFGDoesGC.cpp:
3181         (JSC::DFG::doesGC):
3182         * dfg/DFGFixupPhase.cpp:
3183         (JSC::DFG::FixupPhase::fixupNode):
3184         * dfg/DFGNode.h:
3185         (JSC::DFG::Node::hasHeapPrediction):
3186         * dfg/DFGNodeType.h:
3187         * dfg/DFGOperations.cpp:
3188         (JSC::DFG::parseIntResult):
3189         * dfg/DFGOperations.h:
3190         * dfg/DFGPredictionPropagationPhase.cpp:
3191         * dfg/DFGSafeToExecute.h:
3192         (JSC::DFG::safeToExecute):
3193         * dfg/DFGSpeculativeJIT.cpp:
3194         (JSC::DFG::SpeculativeJIT::compileParseInt):
3195         * dfg/DFGSpeculativeJIT.h:
3196         (JSC::DFG::SpeculativeJIT::callOperation):
3197         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
3198         * dfg/DFGSpeculativeJIT32_64.cpp:
3199         (JSC::DFG::SpeculativeJIT::compile):
3200         * dfg/DFGSpeculativeJIT64.cpp:
3201         (JSC::DFG::SpeculativeJIT::compile):
3202         * ftl/FTLCapabilities.cpp:
3203         (JSC::FTL::canCompile):
3204         * ftl/FTLLowerDFGToB3.cpp:
3205         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3206         (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
3207         * jit/JITOperations.h:
3208         * parser/Lexer.cpp:
3209         * runtime/ErrorInstance.cpp:
3210         * runtime/Intrinsic.h:
3211         * runtime/JSGlobalObject.cpp:
3212         (JSC::JSGlobalObject::init):
3213         * runtime/JSGlobalObjectFunctions.cpp:
3214         (JSC::toStringView): Deleted.
3215         (JSC::isStrWhiteSpace): Deleted.
3216         (JSC::parseDigit): Deleted.
3217         (JSC::parseIntOverflow): Deleted.
3218         (JSC::parseInt): Deleted.
3219         * runtime/JSGlobalObjectFunctions.h:
3220         * runtime/ParseInt.h: Added.
3221         (JSC::parseDigit):
3222         (JSC::parseIntOverflow):
3223         (JSC::isStrWhiteSpace):
3224         (JSC::parseInt):
3225         (JSC::toStringView):
3226         * runtime/StringPrototype.cpp:
3227
3228 2017-02-23  JF Bastien  <jfbastien@apple.com>
3229
3230         WebAssembly: support 0x1 version
3231         https://bugs.webkit.org/show_bug.cgi?id=168672
3232
3233         Reviewed by Keith Miller.
3234
3235         * wasm/wasm.json: update the version number, everything is based
3236         on its value
3237
3238 2017-02-23  Saam Barati  <sbarati@apple.com>
3239
3240         Make Briggs fixpoint validation run only with validateGraphAtEachPhase
3241         https://bugs.webkit.org/show_bug.cgi?id=168795
3242
3243         Rubber stamped by Keith Miller.
3244
3245         The Briggs allocator was running intensive validation
3246         on each step of the fixpoint. Instead, it now will just
3247         do it when shouldValidateIRAtEachPhase() is true because
3248         doing this for all !ASSERT_DISABLED builds takes too long.
3249
3250         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3251
3252 2017-02-23  Filip Pizlo  <fpizlo@apple.com>
3253
3254         SpeculativeJIT::compilePutByValForIntTypedArray should only do the constant-folding optimization when the constant passes the type check
3255         https://bugs.webkit.org/show_bug.cgi?id=168787
3256
3257         Reviewed by Michael Saboff and Mark Lam.
3258
3259         * dfg/DFGSpeculativeJIT.cpp:
3260         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3261
3262 2017-02-23  Mark Lam  <mark.lam@apple.com>
3263
3264         Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
3265         https://bugs.webkit.org/show_bug.cgi?id=168786
3266
3267         Reviewed by Filip Pizlo.
3268
3269         In practice, we will always have multiple instructions after invalidation points,
3270         and have enough room in the JIT buffer for the invalidation point to work with.
3271         However, as a precaution, we can guarantee that there's enough room by always
3272         emitting a label just before we link the buffer.  The label will emit nop padding
3273         if needed.
3274
3275         * assembler/LinkBuffer.cpp:
3276         (JSC::LinkBuffer::linkCode):
3277
3278 2017-02-23  Keith Miller  <keith_miller@apple.com>
3279
3280         Unreviewed, fix the cloop build. Needed a #if.
3281
3282         * jit/ExecutableAllocator.cpp:
3283
3284 2017-02-22  Carlos Garcia Campos  <cgarcia@igalia.com>
3285
3286         Better handle Thread and RunLoop initialization
3287         https://bugs.webkit.org/show_bug.cgi?id=167828
3288
3289         Reviewed by Yusuke Suzuki.
3290
3291         * runtime/InitializeThreading.cpp:
3292         (JSC::initializeThreading): Do not initialize double_conversion, that is already initialized by WTF, and GC
3293         threads that will be initialized by WTF main thread when needed.
3294
3295 2017-02-22  JF Bastien  <jfbastien@apple.com>
3296
3297         WebAssembly: clear out insignificant i32 bits when calling JavaScript
3298         https://bugs.webkit.org/show_bug.cgi?id=166677
3299
3300         Reviewed by Keith Miller.
3301
3302         When WebAssembly calls JavaScript it needs to clear out the
3303         insignificant bits of int32 values:
3304
3305           +------------------- tag
3306           |  +---------------- insignificant
3307           |  |   +------------ 32-bit integer value
3308           |  |   |
3309           |--|---|-------|
3310         0xffff0000ffffffff
3311
3312         At least some JavaScript code assumes that these bits are all
3313         zero. In the wasm-to-wasm.js example we store a 64-bit value in an
3314         object with lo / hi fields, each containing 32-bit integers. We
3315         then load these back, and the baseline compiler fails its
3316         comparison because it first checks the value are the same type
3317         (yes, because the int32 tag is set in both), and then whether they
3318         have the same value (no, because comparing the two registers
3319         fails). We could argue that the baseline compiler is wrong for
3320         performing a 64-bit comparison, but it doesn't really matter
3321         because there's not much of a point in breaking that invariant for
3322         WebAssembly's sake.
3323
3324         * wasm/WasmBinding.cpp:
3325         (JSC::Wasm::wasmToJs):
3326
3327 2017-02-22  Keith Miller  <keith_miller@apple.com>
3328
3329         Remove the demand executable allocator
3330         https://bugs.webkit.org/show_bug.cgi?id=168754
3331
3332         Reviewed by Saam Barati.
3333
3334         We currently only use the demand executable allocator for non-iOS 32-bit platforms.
3335         Benchmark results on a MBP indicate there is no appreciable performance difference
3336         between a the fixed and demand allocators. In a future patch I will go back through
3337         this code and remove more of the abstractions.
3338
3339         * JavaScriptCore.xcodeproj/project.pbxproj:
3340         * jit/ExecutableAllocator.cpp:
3341         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
3342         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
3343         (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
3344         (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
3345         (JSC::ExecutableAllocator::initializeAllocator):
3346         (JSC::ExecutableAllocator::ExecutableAllocator):
3347         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
3348         (JSC::ExecutableAllocator::isValid):
3349         (JSC::ExecutableAllocator::underMemoryPressure):
3350         (JSC::ExecutableAllocator::memoryPressureMultiplier):
3351         (JSC::ExecutableAllocator::allocate):
3352         (JSC::ExecutableAllocator::isValidExecutableMemory):
3353         (JSC::ExecutableAllocator::getLock):
3354         (JSC::ExecutableAllocator::committedByteCount):
3355         (JSC::ExecutableAllocator::dumpProfile):
3356         (JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
3357         (JSC::DemandExecutableAllocator