Property setters should not be called for bound arguments list entries.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-01-10  Mark Lam  <mark.lam@apple.com>
2
3         Property setters should not be called for bound arguments list entries.
4         https://bugs.webkit.org/show_bug.cgi?id=165631
5
6         Reviewed by Filip Pizlo.
7
8         * builtins/FunctionPrototype.js:
9         (bind):
10         - use @putByValDirect to set the bound arguments so that we don't consult the
11           prototype chain for setters.
12
13         * runtime/IntlDateTimeFormatPrototype.cpp:
14         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
15         * runtime/IntlNumberFormatPrototype.cpp:
16         (JSC::IntlNumberFormatPrototypeGetterFormat):
17         - no need to create a bound arguments array because these bound functions binds
18           no arguments according to the spec.
19
20 2017-01-10  Skachkov Oleksandr  <gskachkov@gmail.com>
21
22         Calling async arrow function which is in a class's member function will cause error
23         https://bugs.webkit.org/show_bug.cgi?id=166879
24
25         Reviewed by Saam Barati.
26
27         Current patch fixed loading 'super' in async arrow function. Errored appear becuase 
28         super was loaded always nevertherless if it used in async arrow function or not, but bytecompiler
29         put to arrow function context only if it used within arrow function. So to fix this issue we need to 
30         check if super was used in arrow function. 
31
32         * bytecompiler/BytecodeGenerator.h:
33         * bytecompiler/NodesCodegen.cpp:
34         (JSC::FunctionNode::emitBytecode):
35
36 2017-01-10  Commit Queue  <commit-queue@webkit.org>
37
38         Unreviewed, rolling out r210537.
39         https://bugs.webkit.org/show_bug.cgi?id=166903
40
41         This change introduced JSC test failures (Requested by
42         ryanhaddad on #webkit).
43
44         Reverted changeset:
45
46         "Implement JSSourceCode to propagate SourceCode in module
47         pipeline"
48         https://bugs.webkit.org/show_bug.cgi?id=166861
49         http://trac.webkit.org/changeset/210537
50
51 2017-01-10  Commit Queue  <commit-queue@webkit.org>
52
53         Unreviewed, rolling out r210540.
54         https://bugs.webkit.org/show_bug.cgi?id=166896
55
56         too crude for non-WebCore clients (Requested by kling on
57         #webkit).
58
59         Reverted changeset:
60
61         "Crash when GC heap grows way too large."
62         https://bugs.webkit.org/show_bug.cgi?id=166875
63         http://trac.webkit.org/changeset/210540
64
65 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
66
67         JSArray has some object scanning races
68         https://bugs.webkit.org/show_bug.cgi?id=166874
69
70         Reviewed by Mark Lam.
71         
72         This fixes two separate bugs, both of which I detected by running
73         array-splice-contiguous.js in extreme anger:
74         
75         1) Some of the paths of shifting and unshifting were not grabbing the internal cell
76            lock. This was causing the array storage scan to crash, even though it was well
77            synchronized (the scan does hold the lock). The fix is just to hold the lock anywhere
78            that memmoves the innards of the butterfly.
79         
80         2) Out of line property scanning was synchronized using double collect snapshot. Array
81            storage scanning was synchronized using locks. But what if array storage
82            transformations messed up the out of line properties? It turns out that we actually
83            need to hoist the array storage scanner's locking up into the double collect
84            snapshot.
85         
86         I don't know how to write a test that does any better of a job of catching this than
87         array-splice-contiguous.js.
88
89         * heap/DeferGC.h: Make DisallowGC usable even if NDEBUG.
90         * runtime/JSArray.cpp:
91         (JSC::JSArray::unshiftCountSlowCase):
92         (JSC::JSArray::shiftCountWithArrayStorage):
93         (JSC::JSArray::unshiftCountWithArrayStorage):
94         * runtime/JSObject.cpp:
95         (JSC::JSObject::visitButterflyImpl):
96
97 2017-01-10  Andreas Kling  <akling@apple.com>
98
99         Crash when GC heap grows way too large.
100         <https://webkit.org/b/166875>
101         <rdar://problem/27896585>
102
103         Reviewed by Mark Lam.
104
105         Hard cap the JavaScript heap at 4GB of live objects (determined post-GC.)
106         If we go past this limit, crash with a recognizable signature.
107
108         * heap/Heap.cpp:
109         (JSC::Heap::didExceedHeapSizeLimit):
110         (JSC::Heap::updateAllocationLimits):
111
112 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
113
114         Implement JSSourceCode to propagate SourceCode in module pipeline
115         https://bugs.webkit.org/show_bug.cgi?id=166861
116
117         Reviewed by Saam Barati.
118
119         Instead of propagating source code string, we propagate JSSourceCode
120         cell in the module pipeline. This allows us to attach a metadata
121         to the propagated source code string. In particular, it propagates
122         SourceOrigin through the module pipeline.
123
124         * CMakeLists.txt:
125         * JavaScriptCore.xcodeproj/project.pbxproj:
126         * builtins/ModuleLoaderPrototype.js:
127         (fulfillFetch):
128         (requestFetch):
129         * jsc.cpp:
130         (GlobalObject::moduleLoaderFetch):
131         * llint/LLIntData.cpp:
132         (JSC::LLInt::Data::performAssertions):
133         * llint/LowLevelInterpreter.asm:
134         * runtime/Completion.cpp:
135         (JSC::loadAndEvaluateModule):
136         (JSC::loadModule):
137         * runtime/JSModuleLoader.cpp:
138         (JSC::JSModuleLoader::provide):
139         * runtime/JSModuleLoader.h:
140         * runtime/JSSourceCode.cpp: Added.
141         (JSC::JSSourceCode::destroy):
142         * runtime/JSSourceCode.h: Added.
143         (JSC::JSSourceCode::createStructure):
144         (JSC::JSSourceCode::create):
145         (JSC::JSSourceCode::sourceCode):
146         (JSC::JSSourceCode::JSSourceCode):
147         * runtime/JSType.h:
148         * runtime/ModuleLoaderPrototype.cpp:
149         (JSC::moduleLoaderPrototypeParseModule):
150         * runtime/VM.cpp:
151         (JSC::VM::VM):
152         * runtime/VM.h:
153
154 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
155
156         REGRESSION (r210522): ASSERTION FAILED: divot.offset >= divotStart.offset seen with stress/import-basic.js and stress/import-from-eval.js
157         https://bugs.webkit.org/show_bug.cgi?id=166873
158
159         Reviewed by Saam Barati.
160
161         The divot should be the end of `import` token.
162
163         * parser/Parser.cpp:
164         (JSC::Parser<LexerType>::parseMemberExpression):
165
166 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
167
168         Unreviewed, fix cloop.
169
170         * dfg/DFGPlanInlines.h:
171
172 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
173
174         [JSC] Prototype dynamic-import
175         https://bugs.webkit.org/show_bug.cgi?id=165724
176
177         Reviewed by Saam Barati.
178
179         In this patch, we implement stage3 dynamic-import proposal[1].
180         This patch adds a new special operator `import`. And by using it, we can import
181         the module dynamically from modules and scripts. Before this feature, the module
182         is always imported statically and before executing the modules, importing the modules
183         needs to be done. And especially, the module can only be imported from the module.
184         So the classic script cannot import and use the modules. This dynamic-import relaxes
185         the above restrictions.
186
187         The typical dynamic-import form is the following.
188
189             import("...").then(function (namespace) { ... });
190
191         You can pass any AssignmentExpression for the import operator. So you can determine
192         the importing modules dynamically.
193
194             import(value).then(function (namespace) { ... });
195
196         And previously the module import declaration is only allowed in the top level statements.
197         But this import operator is just an expression. So you can use it in the function.
198         And you can use it conditionally.
199
200             async function go(cond)
201             {
202                 if (cond)
203                     return import("...");
204                 return undefined;
205             }
206             await go(true);
207
208         Currently, this patch just implements this feature only for the JSC shell.
209         JSC module loader requires a new hook, `importModule`. And the JSC shell implements
210         this hook. So, for now, this dynamic-import is not available in the browser side.
211         If you write this `import` call, it always returns the rejected promise.
212
213         import is implemented like a special operator similar to `super`.
214         This is because import is context-sensitive. If you call the `import`, the module
215         key resolution is done based on the caller's running context.
216
217         For example, if you are running the script which filename is "./ok/hello.js", the module
218         key for the call`import("./resource/syntax.js")` becomes `"./ok/resource/syntax.js"`.
219         But if you write the completely same import form in the script "./error/hello.js", the
220         key becomes "./error/resource/syntax.js". So exposing this feature as the `import`
221         function is misleading: this function becomes caller's context-sensitive. That's why
222         dynamic-import is specified as a special operator.
223
224         To resolve the module key, we need the caller's context information like the filename of
225         the caller. This is provided by the SourceOrigin implemented in r210149.
226         In the JSC shell implementation, this SourceOrigin holds the filename of the caller. So
227         based on this implementation, the module loader resolve the module key.
228         In the near future, we will extend this SourceOrigin to hold more information needed for
229         the browser-side import implementation.
230
231         [1]: https://tc39.github.io/proposal-dynamic-import/
232
233         * builtins/ModuleLoaderPrototype.js:
234         (importModule):
235         * bytecompiler/BytecodeGenerator.cpp:
236         (JSC::BytecodeGenerator::emitGetTemplateObject):
237         (JSC::BytecodeGenerator::emitGetGlobalPrivate):
238         * bytecompiler/BytecodeGenerator.h:
239         * bytecompiler/NodesCodegen.cpp:
240         (JSC::ImportNode::emitBytecode):
241         * jsc.cpp:
242         (absolutePath):
243         (GlobalObject::moduleLoaderImportModule):
244         (functionRun):
245         (functionLoad):
246         (functionCheckSyntax):
247         (runWithScripts):
248         * parser/ASTBuilder.h:
249         (JSC::ASTBuilder::createImportExpr):
250         * parser/NodeConstructors.h:
251         (JSC::ImportNode::ImportNode):
252         * parser/Nodes.h:
253         (JSC::ExpressionNode::isImportNode):
254         * parser/Parser.cpp:
255         (JSC::Parser<LexerType>::parseMemberExpression):
256         * parser/SyntaxChecker.h:
257         (JSC::SyntaxChecker::createImportExpr):
258         * runtime/JSGlobalObject.cpp:
259         (JSC::JSGlobalObject::init):
260         * runtime/JSGlobalObject.h:
261         * runtime/JSGlobalObjectFunctions.cpp:
262         (JSC::globalFuncImportModule):
263         * runtime/JSGlobalObjectFunctions.h:
264         * runtime/JSModuleLoader.cpp:
265         (JSC::JSModuleLoader::importModule):
266         (JSC::JSModuleLoader::getModuleNamespaceObject):
267         * runtime/JSModuleLoader.h:
268         * runtime/ModuleLoaderPrototype.cpp:
269         (JSC::moduleLoaderPrototypeGetModuleNamespaceObject):
270
271 2017-01-08  Filip Pizlo  <fpizlo@apple.com>
272
273         Make the collector's fixpoint smart about scheduling work
274         https://bugs.webkit.org/show_bug.cgi?id=165910
275
276         Reviewed by Keith Miller.
277         
278         Prior to this change, every time the GC would run any constraints in markToFixpoint, it
279         would run all of the constraints. It would always run them in the same order. That means
280         that so long as any one constraint was generating new work, we'd pay the price of all
281         constraints. This is usually OK because most constraints are cheap but it artificially
282         inflates the cost of slow constraints - especially ones that are expensive but usually
283         generate no new work.
284         
285         This patch redoes how the GC runs constraints by applying ideas from data flow analysis.
286         The GC now builds a MarkingConstraintSet when it boots up, and this contains all of the
287         constraints as well as some meta-data about them. Now, markToFixpoint just calls into
288         MarkingConstraintSet to execute constraints. Because constraint execution and scheduling
289         need to be aware of each other, I rewrote markToFixpoint in such a way that it's more
290         obvious how the GC goes between constraint solving, marking with stopped mutator, and
291         marking with resumed mutator. This also changes the scheduler API in such a way that a
292         synchronous stop-the-world collection no longer needs to do fake stop/resume - instead we
293         just swap the space-time scheduler for the stop-the-world scheduler.
294         
295         This is a big streamlining of the GC. This is a speed-up in GC-heavy tests because we
296         now execute most constraints exactly twice regardless of how many total fixpoint
297         iterations we do. Now, when we run out of marking work, the constraint solver will just
298         run the constraint that is most likely to generate new visiting work, and if it does
299         generate work, then the GC now goes back to marking. Before, it would run *all*
300         constraints and then go back to marking. The constraint solver is armed with three
301         information signals that it uses to sort the constraints in order of descending likelihood
302         to generate new marking work. Then it runs them in that order until it there is new
303         marking work. The signals are:
304         
305         1) Whether the constraint is greyed by marking or execution. We call this the volatility
306            of the constraint. For example, weak reference constraints have GreyedByMarking as
307            their volatility because they are most likely to have something to say after we've done
308            some marking. On the other hand, conservative roots have GreyedByExecution as their
309            volatility because they will give new information anytime we let the mutator run. The
310            constraint solver will only run GreyedByExecution constraints as roots and after the
311            GreyedByMarking constraints go silent. This ensures that we don't try to scan
312            conservative roots every time we need to re-run weak references and vice-versa.
313            
314            Another way to look at it is that the constraint solver tries to predict if the
315            wavefront is advancing or retreating. The wavefront is almost certainly advancing so
316            long as the mark stacks are non-empty or so long as at least one of the GreyedByMarking
317            constraints is still producing work. Otherwise the wavefront is almost certainly
318            retreating. It's most profitable to run GreyedByMarking constraints when the wavefront
319            is advancing, and most profitable to run GreyedByExecution constraints when the
320            wavefront is retreating.
321            
322            We use the predicted wavefront direction and the volatility of constraints as a
323            first-order signal of constraint profitability.
324         
325         2) How much visiting work was created the last time the constraint ran. The solver
326            remembers the lastVisitCount, and uses it to predict how much work the constraint will
327            generate next time. In practice this means we will keep re-running the one interesting
328            constraint until it shuts up.
329         
330         3) Optional work predictors for some constraints. The constraint that shuffles the mutator
331            mark stack into the main SlotVisitor's mutator mark stack always knows exactly how much
332            work it will create.
333            
334            The sum of (2) and (3) are used as a second-order signal of constraint profitability.
335         
336         The constraint solver will always run all of the GreyedByExecution constraints at GC
337         start, since these double as the GC's roots. The constraint solver will always run all of
338         the GreyedByMarking constraints the first time that marking stalls. Other than that, the
339         solver will keep running constraints, sorted according to their likelihood to create work,
340         until either work is created or we run out of constraints to run. GC termination happens
341         when we run out of constraints to run.
342         
343         This new infrastructure means that we have a much better chance of dealing with worst-case
344         DOM pathologies. If we can intelligently factor different evil DOM things into different
345         constraints with the right work predictions then this could reduce the cost of those DOM
346         things by a factor of N where N is the number of fixpoint iterations the GC typically
347         does. N is usually around 5-6 even for simple heaps.
348         
349         My perf measurements say:
350         
351         PLT3: 0.02% faster with 5.3% confidence.
352         JetStream: 0.15% faster with 17% confidence.
353         Speedometer: 0.58% faster with 82% confidence.
354         
355         Here are the details from JetStream:
356         
357         splay: 1.02173x faster with 0.996841 confidence
358         splay-latency: 1.0617x faster with 0.987462 confidence
359         towers.c: 1.01852x faster with 0.92128 confidence
360         crypto-md5: 1.06058x faster with 0.482363 confidence
361         score: 1.00152x faster with 0.16892 confidence
362         
363         I think that Speedometer is legitimately benefiting from this change based on looking at
364         --logGC=true output. We are now spending less time reexecuting expensive constraints. I
365         think that JetStream/splay is also benefiting, because although the constraints it sees
366         are cheap, it spends 30% of its time in GC so even small improvements matter.
367
368         * CMakeLists.txt:
369         * JavaScriptCore.xcodeproj/project.pbxproj:
370         * dfg/DFGPlan.cpp:
371         (JSC::DFG::Plan::markCodeBlocks): Deleted.
372         (JSC::DFG::Plan::rememberCodeBlocks): Deleted.
373         * dfg/DFGPlan.h:
374         * dfg/DFGPlanInlines.h: Added.
375         (JSC::DFG::Plan::iterateCodeBlocksForGC):
376         * dfg/DFGWorklist.cpp:
377         (JSC::DFG::Worklist::markCodeBlocks): Deleted.
378         (JSC::DFG::Worklist::rememberCodeBlocks): Deleted.
379         (JSC::DFG::rememberCodeBlocks): Deleted.
380         * dfg/DFGWorklist.h:
381         * dfg/DFGWorklistInlines.h: Added.
382         (JSC::DFG::iterateCodeBlocksForGC):
383         (JSC::DFG::Worklist::iterateCodeBlocksForGC):
384         * heap/CodeBlockSet.cpp:
385         (JSC::CodeBlockSet::writeBarrierCurrentlyExecuting): Deleted.
386         * heap/CodeBlockSet.h:
387         (JSC::CodeBlockSet::iterate): Deleted.
388         * heap/CodeBlockSetInlines.h:
389         (JSC::CodeBlockSet::iterate):
390         (JSC::CodeBlockSet::iterateCurrentlyExecuting):
391         * heap/Heap.cpp:
392         (JSC::Heap::Heap):
393         (JSC::Heap::iterateExecutingAndCompilingCodeBlocks):
394         (JSC::Heap::iterateExecutingAndCompilingCodeBlocksWithoutHoldingLocks):
395         (JSC::Heap::assertSharedMarkStacksEmpty):
396         (JSC::Heap::markToFixpoint):
397         (JSC::Heap::endMarking):
398         (JSC::Heap::collectInThread):
399         (JSC::Heap::stopIfNecessarySlow):
400         (JSC::Heap::acquireAccessSlow):
401         (JSC::Heap::collectIfNecessaryOrDefer):
402         (JSC::Heap::buildConstraintSet):
403         (JSC::Heap::notifyIsSafeToCollect):
404         (JSC::Heap::ResumeTheWorldScope::ResumeTheWorldScope): Deleted.
405         (JSC::Heap::ResumeTheWorldScope::~ResumeTheWorldScope): Deleted.
406         (JSC::Heap::harvestWeakReferences): Deleted.
407         (JSC::Heap::visitConservativeRoots): Deleted.
408         (JSC::Heap::visitCompilerWorklistWeakReferences): Deleted.
409         * heap/Heap.h:
410         * heap/MarkingConstraint.cpp: Added.
411         (JSC::MarkingConstraint::MarkingConstraint):
412         (JSC::MarkingConstraint::~MarkingConstraint):
413         (JSC::MarkingConstraint::resetStats):
414         (JSC::MarkingConstraint::execute):
415         * heap/MarkingConstraint.h: Added.
416         (JSC::MarkingConstraint::index):
417         (JSC::MarkingConstraint::abbreviatedName):
418         (JSC::MarkingConstraint::name):
419         (JSC::MarkingConstraint::lastVisitCount):
420         (JSC::MarkingConstraint::quickWorkEstimate):
421         (JSC::MarkingConstraint::workEstimate):
422         (JSC::MarkingConstraint::volatility):
423         * heap/MarkingConstraintSet.cpp: Added.
424         (JSC::MarkingConstraintSet::ExecutionContext::ExecutionContext):
425         (JSC::MarkingConstraintSet::ExecutionContext::didVisitSomething):
426         (JSC::MarkingConstraintSet::ExecutionContext::shouldTimeOut):
427         (JSC::MarkingConstraintSet::ExecutionContext::drain):
428         (JSC::MarkingConstraintSet::ExecutionContext::didExecute):
429         (JSC::MarkingConstraintSet::ExecutionContext::execute):
430         (JSC::MarkingConstraintSet::MarkingConstraintSet):
431         (JSC::MarkingConstraintSet::~MarkingConstraintSet):
432         (JSC::MarkingConstraintSet::resetStats):
433         (JSC::MarkingConstraintSet::add):
434         (JSC::MarkingConstraintSet::executeBootstrap):
435         (JSC::MarkingConstraintSet::executeConvergence):
436         (JSC::MarkingConstraintSet::isWavefrontAdvancing):
437         (JSC::MarkingConstraintSet::executeConvergenceImpl):
438         (JSC::MarkingConstraintSet::executeAll):
439         * heap/MarkingConstraintSet.h: Added.
440         (JSC::MarkingConstraintSet::isWavefrontRetreating):
441         * heap/MutatorScheduler.cpp: Added.
442         (JSC::MutatorScheduler::MutatorScheduler):
443         (JSC::MutatorScheduler::~MutatorScheduler):
444         (JSC::MutatorScheduler::didStop):
445         (JSC::MutatorScheduler::willResume):
446         (JSC::MutatorScheduler::didExecuteConstraints):
447         (JSC::MutatorScheduler::log):
448         (JSC::MutatorScheduler::shouldStop):
449         (JSC::MutatorScheduler::shouldResume):
450         * heap/MutatorScheduler.h: Added.
451         * heap/OpaqueRootSet.h:
452         (JSC::OpaqueRootSet::add):
453         * heap/SlotVisitor.cpp:
454         (JSC::SlotVisitor::visitAsConstraint):
455         (JSC::SlotVisitor::drain):
456         (JSC::SlotVisitor::didReachTermination):
457         (JSC::SlotVisitor::hasWork):
458         (JSC::SlotVisitor::drainFromShared):
459         (JSC::SlotVisitor::drainInParallelPassively):
460         (JSC::SlotVisitor::addOpaqueRoot):
461         * heap/SlotVisitor.h:
462         (JSC::SlotVisitor::addToVisitCount):
463         * heap/SpaceTimeMutatorScheduler.cpp: Copied from Source/JavaScriptCore/heap/SpaceTimeScheduler.cpp.
464         (JSC::SpaceTimeMutatorScheduler::Snapshot::Snapshot):
465         (JSC::SpaceTimeMutatorScheduler::Snapshot::now):
466         (JSC::SpaceTimeMutatorScheduler::Snapshot::bytesAllocatedThisCycle):
467         (JSC::SpaceTimeMutatorScheduler::SpaceTimeMutatorScheduler):
468         (JSC::SpaceTimeMutatorScheduler::~SpaceTimeMutatorScheduler):
469         (JSC::SpaceTimeMutatorScheduler::state):
470         (JSC::SpaceTimeMutatorScheduler::beginCollection):
471         (JSC::SpaceTimeMutatorScheduler::didStop):
472         (JSC::SpaceTimeMutatorScheduler::willResume):
473         (JSC::SpaceTimeMutatorScheduler::didExecuteConstraints):
474         (JSC::SpaceTimeMutatorScheduler::timeToStop):
475         (JSC::SpaceTimeMutatorScheduler::timeToResume):
476         (JSC::SpaceTimeMutatorScheduler::log):
477         (JSC::SpaceTimeMutatorScheduler::endCollection):
478         (JSC::SpaceTimeMutatorScheduler::bytesAllocatedThisCycleImpl):
479         (JSC::SpaceTimeMutatorScheduler::bytesSinceBeginningOfCycle):
480         (JSC::SpaceTimeMutatorScheduler::maxHeadroom):
481         (JSC::SpaceTimeMutatorScheduler::headroomFullness):
482         (JSC::SpaceTimeMutatorScheduler::mutatorUtilization):
483         (JSC::SpaceTimeMutatorScheduler::collectorUtilization):
484         (JSC::SpaceTimeMutatorScheduler::elapsedInPeriod):
485         (JSC::SpaceTimeMutatorScheduler::phase):
486         (JSC::SpaceTimeMutatorScheduler::shouldBeResumed):
487         (JSC::SpaceTimeScheduler::Decision::targetMutatorUtilization): Deleted.
488         (JSC::SpaceTimeScheduler::Decision::targetCollectorUtilization): Deleted.
489         (JSC::SpaceTimeScheduler::Decision::elapsedInPeriod): Deleted.
490         (JSC::SpaceTimeScheduler::Decision::phase): Deleted.
491         (JSC::SpaceTimeScheduler::Decision::shouldBeResumed): Deleted.
492         (JSC::SpaceTimeScheduler::Decision::timeToResume): Deleted.
493         (JSC::SpaceTimeScheduler::Decision::timeToStop): Deleted.
494         (JSC::SpaceTimeScheduler::SpaceTimeScheduler): Deleted.
495         (JSC::SpaceTimeScheduler::snapPhase): Deleted.
496         (JSC::SpaceTimeScheduler::currentDecision): Deleted.
497         * heap/SpaceTimeMutatorScheduler.h: Copied from Source/JavaScriptCore/heap/SpaceTimeScheduler.h.
498         (JSC::SpaceTimeScheduler::Decision::operator bool): Deleted.
499         * heap/SpaceTimeScheduler.cpp: Removed.
500         * heap/SpaceTimeScheduler.h: Removed.
501         * heap/SynchronousStopTheWorldMutatorScheduler.cpp: Added.
502         (JSC::SynchronousStopTheWorldMutatorScheduler::SynchronousStopTheWorldMutatorScheduler):
503         (JSC::SynchronousStopTheWorldMutatorScheduler::~SynchronousStopTheWorldMutatorScheduler):
504         (JSC::SynchronousStopTheWorldMutatorScheduler::state):
505         (JSC::SynchronousStopTheWorldMutatorScheduler::beginCollection):
506         (JSC::SynchronousStopTheWorldMutatorScheduler::timeToStop):
507         (JSC::SynchronousStopTheWorldMutatorScheduler::timeToResume):
508         (JSC::SynchronousStopTheWorldMutatorScheduler::endCollection):
509         * heap/SynchronousStopTheWorldMutatorScheduler.h: Added.
510         * heap/VisitingTimeout.h: Added.
511         (JSC::VisitingTimeout::VisitingTimeout):
512         (JSC::VisitingTimeout::visitCount):
513         (JSC::VisitingTimeout::didVisitSomething):
514         (JSC::VisitingTimeout::shouldTimeOut):
515         * runtime/Options.h:
516
517 2017-01-09  Commit Queue  <commit-queue@webkit.org>
518
519         Unreviewed, rolling out r210476.
520         https://bugs.webkit.org/show_bug.cgi?id=166859
521
522         "4% JSBench regression" (Requested by keith_mi_ on #webkit).
523
524         Reverted changeset:
525
526         "Add a slice intrinsic to the DFG/FTL"
527         https://bugs.webkit.org/show_bug.cgi?id=166707
528         http://trac.webkit.org/changeset/210476
529
530 2017-01-08  Andreas Kling  <akling@apple.com>
531
532         Inject MarkedSpace size classes for a few more high-volume objects.
533         <https://webkit.org/b/166815>
534
535         Reviewed by Darin Adler.
536
537         Add the following classes to the list of manually injected size classes:
538
539             - JSString
540             - JSFunction
541             - PropertyTable
542             - Structure
543
544         Only Structure actually ends up with a new size class, the others already
545         can't get any tighter due to the current MarkedBlock::atomSize being 16.
546         I've put them in anyway to ensure that we have optimally carved-out cells
547         for them in the future, should they grow.
548
549         With this change, Structures get allocated in 128-byte cells instead of
550         160-byte cells, giving us 25% more Structures per MarkedBlock.
551
552         * heap/MarkedSpace.cpp:
553
554 2017-01-06  Saam Barati  <sbarati@apple.com>
555
556         Add a slice intrinsic to the DFG/FTL
557         https://bugs.webkit.org/show_bug.cgi?id=166707
558
559         Reviewed by Filip Pizlo.
560
561         The gist of this patch is to inline Array.prototype.slice
562         into the DFG/FTL. The implementation in the DFG-backend
563         and FTLLowerDFGToB3 is just a straight forward implementation
564         of what the C function is doing. The more interesting bits
565         of this patch are setting up the proper watchpoints and conditions
566         in the executing code to prove that its safe to skip all of the
567         observable JS actions that Array.prototype.slice normally does.
568         
569         We perform the following proofs:
570         1. Array.prototype.constructor has not changed (via a watchpoint).
571         2. That Array.prototype.constructor[Symbol.species] has not changed (via a watchpoint).
572         3. The global object is not having a bad time.
573         3. The array that is being sliced has an original array structure.
574         5. Array.prototype/Object.prototype have not transitioned.
575         
576         Conditions 1, 2, and 3 are strictly required.
577         
578         4 is ensuring a couple things:
579         1. That a "constructor" property hasn't been added to the array
580         we're slicing since we're supposed to perform a Get(array, "constructor").
581         2. That we're not slicing an instance of a subclass of Array.
582         
583         We could relax 4.1 in the future if we find other ways to test if
584         the incoming array hasn't changed the "constructor" property.
585         
586         I'm seeing a 5% speedup on crypto-pbkdf2 and often a 1% speedup on
587         the total benchmark (the results are sometimes noisy).
588
589         * bytecode/ExitKind.cpp:
590         (JSC::exitKindToString):
591         * bytecode/ExitKind.h:
592         * dfg/DFGAbstractInterpreterInlines.h:
593         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
594         * dfg/DFGByteCodeParser.cpp:
595         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
596         * dfg/DFGClobberize.h:
597         (JSC::DFG::clobberize):
598         * dfg/DFGDoesGC.cpp:
599         (JSC::DFG::doesGC):
600         * dfg/DFGFixupPhase.cpp:
601         (JSC::DFG::FixupPhase::fixupNode):
602         * dfg/DFGNode.h:
603         (JSC::DFG::Node::hasHeapPrediction):
604         (JSC::DFG::Node::hasArrayMode):
605         * dfg/DFGNodeType.h:
606         * dfg/DFGPredictionPropagationPhase.cpp:
607         * dfg/DFGSafeToExecute.h:
608         (JSC::DFG::safeToExecute):
609         * dfg/DFGSpeculativeJIT.cpp:
610         (JSC::DFG::SpeculativeJIT::compileArraySlice):
611         * dfg/DFGSpeculativeJIT.h:
612         * dfg/DFGSpeculativeJIT32_64.cpp:
613         (JSC::DFG::SpeculativeJIT::compile):
614         * dfg/DFGSpeculativeJIT64.cpp:
615         (JSC::DFG::SpeculativeJIT::compile):
616         * ftl/FTLCapabilities.cpp:
617         (JSC::FTL::canCompile):
618         * ftl/FTLLowerDFGToB3.cpp:
619         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
620         (JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
621         * jit/AssemblyHelpers.cpp:
622         (JSC::AssemblyHelpers::emitLoadStructure):
623         * runtime/ArrayPrototype.cpp:
624         (JSC::ArrayPrototype::finishCreation):
625         (JSC::speciesWatchpointIsValid):
626         (JSC::speciesConstructArray):
627         (JSC::arrayProtoFuncSlice):
628         (JSC::arrayProtoPrivateFuncConcatMemcpy):
629         (JSC::ArrayPrototype::initializeSpeciesWatchpoint):
630         (JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire):
631         (JSC::speciesWatchpointsValid): Deleted.
632         (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint): Deleted.
633         * runtime/ArrayPrototype.h:
634         (JSC::ArrayPrototype::speciesWatchpointStatus): Deleted.
635         (): Deleted.
636         * runtime/Intrinsic.h:
637         * runtime/JSGlobalObject.cpp:
638         (JSC::JSGlobalObject::JSGlobalObject):
639         (JSC::JSGlobalObject::init):
640         * runtime/JSGlobalObject.h:
641         (JSC::JSGlobalObject::arraySpeciesWatchpoint):
642
643 2017-01-06  Mark Lam  <mark.lam@apple.com>
644
645         The ObjC API's JSVirtualMachine's map tables need to be guarded by a lock.
646         https://bugs.webkit.org/show_bug.cgi?id=166778
647         <rdar://problem/29761198>
648
649         Reviewed by Filip Pizlo.
650
651         Now that we have a concurrent GC, access to JSVirtualMachine's
652         m_externalObjectGraph and m_externalRememberedSet need to be guarded by a lock
653         since both the GC marker thread and the mutator thread may access them at the
654         same time.
655
656         * API/JSVirtualMachine.mm:
657         (-[JSVirtualMachine addExternalRememberedObject:]):
658         (-[JSVirtualMachine addManagedReference:withOwner:]):
659         (-[JSVirtualMachine removeManagedReference:withOwner:]):
660         (-[JSVirtualMachine externalDataMutex]):
661         (scanExternalObjectGraph):
662         (scanExternalRememberedSet):
663
664         * API/JSVirtualMachineInternal.h:
665         - Deleted externalObjectGraph method.  There's no need to expose this.
666
667 2017-01-06  Michael Saboff  <msaboff@apple.com>
668
669         @putByValDirect in Array.of and Array.from overwrites non-writable/configurable properties
670         https://bugs.webkit.org/show_bug.cgi?id=153486
671
672         Reviewed by Saam Barati.
673
674         Moved read only check in putDirect() to all paths.
675
676         * runtime/SparseArrayValueMap.cpp:
677         (JSC::SparseArrayValueMap::putDirect):
678
679 2016-12-30  Filip Pizlo  <fpizlo@apple.com>
680
681         DeferGC::~DeferGC should be super cheap
682         https://bugs.webkit.org/show_bug.cgi?id=166626
683
684         Reviewed by Saam Barati.
685         
686         Right now, ~DeferGC requires running the collector's full collectIfNecessaryOrDefer()
687         hook, which is super big. Normally, that hook would only be called from GC slow paths,
688         so it ought to be possible to add complex logic to it. It benefits the GC algorithm to
689         make that code smart, not necessarily fast.
690
691         The right thing for it to do is to have ~DeferGC check a boolean to see if
692         collectIfNecessaryOrDefer() had previously deferred anything, and only call it if that
693         is true. That's what this patch does.
694         
695         Unfortunately, this means that we lose the collectAccordingToDeferGCProbability mode,
696         which we used for two tests. Since I could only see two tests that used this mode, I
697         felt that it was better to enhance the GC than to keep the tests. I filed bug 166627 to
698         bring back something like that mode.
699         
700         Although this patch does make some paths faster, its real goal is to ensure that bug
701         165963 can add more logic to collectIfNecessaryOrDefer() without introducing a big
702         regression. Until then, I wouldn't be surprised if this patch was a progression, but I'm
703         not betting on it.
704
705         * heap/Heap.cpp:
706         (JSC::Heap::collectIfNecessaryOrDefer):
707         (JSC::Heap::decrementDeferralDepthAndGCIfNeededSlow):
708         (JSC::Heap::canCollect): Deleted.
709         (JSC::Heap::shouldCollectHeuristic): Deleted.
710         (JSC::Heap::shouldCollect): Deleted.
711         (JSC::Heap::collectAccordingToDeferGCProbability): Deleted.
712         (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): Deleted.
713         * heap/Heap.h:
714         * heap/HeapInlines.h:
715         (JSC::Heap::incrementDeferralDepth):
716         (JSC::Heap::decrementDeferralDepth):
717         (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
718         (JSC::Heap::mayNeedToStop):
719         (JSC::Heap::stopIfNecessary):
720         * runtime/Options.h:
721
722 2017-01-05  Filip Pizlo  <fpizlo@apple.com>
723
724         AutomaticThread timeout shutdown leaves a small window where notify() would think that the thread is still running
725         https://bugs.webkit.org/show_bug.cgi?id=166742
726
727         Reviewed by Geoffrey Garen.
728         
729         Update to new AutomaticThread API.
730
731         * dfg/DFGWorklist.cpp:
732
733 2017-01-05  Per Arne Vollan  <pvollan@apple.com>
734
735         [Win] Compile error.
736         https://bugs.webkit.org/show_bug.cgi?id=166726
737
738         Reviewed by Alex Christensen.
739
740         Add include folder.
741
742         * CMakeLists.txt:
743
744 2016-12-21  Brian Burg  <bburg@apple.com>
745
746         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
747         https://bugs.webkit.org/show_bug.cgi?id=166003
748         <rdar://problem/28718990>
749
750         Reviewed by Joseph Pecoraro.
751
752         This patch implements parser, model, and generator-side changes to account for
753         platform-specific types, events, and commands. The 'platform' property is parsed
754         for top-level definitions and assumed to be the 'generic' platform if none is specified.
755
756         Since the generator's platform setting acts to filter definitions with an incompatible platform,
757         all generators must be modified to consult a list of filtered types/commands/events for
758         a domain instead of directly accessing Domain.{type_declarations, commands, events}. To prevent
759         accidental misuse, hide those fields behind accessors (e.g., `all_type_declarations()`) so that they
760         are still accessible if truly necessary, but not used by default and caused an error if not migrated.
761
762         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
763         (CppAlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
764         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
765         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
766         (CppBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
767         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
768         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
769         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
770         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
771         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
772         (CppBackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
773         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
774         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
775         (CppFrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
776         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
777         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
778         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
779         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
780         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
781         (_generate_typedefs_for_domain):
782         (_generate_builders_for_domain):
783         (_generate_forward_declarations_for_binding_traits):
784         (_generate_declarations_for_enum_conversion_methods):
785         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
786         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
787         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
788         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
789         * inspector/scripts/codegen/generate_js_backend_commands.py:
790         (JSBackendCommandsGenerator.should_generate_domain):
791         (JSBackendCommandsGenerator.domains_to_generate):
792         (JSBackendCommandsGenerator.generate_domain):
793         (JSBackendCommandsGenerator.domains_to_generate.should_generate_domain): Deleted.
794         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
795         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
796         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
797         (ObjCBackendDispatcherHeaderGenerator._generate_objc_handler_declarations_for_domain):
798         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
799         (ObjCBackendDispatcherImplementationGenerator):
800         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
801         (ObjCBackendDispatcherImplementationGenerator._generate_handler_implementation_for_domain):
802         (ObjCConfigurationImplementationGenerator): Deleted.
803         (ObjCConfigurationImplementationGenerator.__init__): Deleted.
804         (ObjCConfigurationImplementationGenerator.output_filename): Deleted.
805         (ObjCConfigurationImplementationGenerator.domains_to_generate): Deleted.
806         (ObjCConfigurationImplementationGenerator.generate_output): Deleted.
807         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_domain): Deleted.
808         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_command): Deleted.
809         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command): Deleted.
810         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command.and): Deleted.
811         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command): Deleted.
812         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command.in_param_expression): Deleted.
813         (ObjCConfigurationImplementationGenerator._generate_invocation_for_command): Deleted.
814         * inspector/scripts/codegen/generate_objc_configuration_header.py:
815         (ObjCConfigurationHeaderGenerator.generate_output):
816         (ObjCConfigurationHeaderGenerator._generate_properties_for_domain):
817         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
818         (ObjCConfigurationImplementationGenerator):
819         (ObjCConfigurationImplementationGenerator.generate_output):
820         (ObjCConfigurationImplementationGenerator._generate_configuration_implementation_for_domains):
821         (ObjCConfigurationImplementationGenerator._generate_ivars):
822         (ObjCConfigurationImplementationGenerator._generate_dealloc):
823         (ObjCBackendDispatcherImplementationGenerator): Deleted.
824         (ObjCBackendDispatcherImplementationGenerator.__init__): Deleted.
825         (ObjCBackendDispatcherImplementationGenerator.output_filename): Deleted.
826         (ObjCBackendDispatcherImplementationGenerator.generate_output): Deleted.
827         (ObjCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains): Deleted.
828         (ObjCBackendDispatcherImplementationGenerator._generate_ivars): Deleted.
829         (ObjCBackendDispatcherImplementationGenerator._generate_dealloc): Deleted.
830         (ObjCBackendDispatcherImplementationGenerator._generate_handler_setter_for_domain): Deleted.
831         (ObjCBackendDispatcherImplementationGenerator._generate_event_dispatcher_getter_for_domain): Deleted.
832         (ObjCBackendDispatcherImplementationGenerator._variable_name_prefix_for_domain): Deleted.
833         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
834         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
835         (ObjCFrontendDispatcherImplementationGenerator._generate_event_dispatcher_implementations):
836         * inspector/scripts/codegen/generate_objc_header.py:
837         (ObjCHeaderGenerator.generate_output):
838         (ObjCHeaderGenerator._generate_forward_declarations):
839         (ObjCHeaderGenerator._generate_enums):
840         (ObjCHeaderGenerator._generate_types):
841         (ObjCHeaderGenerator._generate_command_protocols):
842         (ObjCHeaderGenerator._generate_event_interfaces):
843         * inspector/scripts/codegen/generate_objc_internal_header.py:
844         (ObjCInternalHeaderGenerator.generate_output):
845         (ObjCInternalHeaderGenerator._generate_event_dispatcher_private_interfaces):
846         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
847         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
848         (ObjCProtocolTypeConversionsHeaderGenerator._generate_enum_conversion_functions):
849         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
850         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
851         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_interface):
852         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_implementation):
853         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
854         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
855         (ObjCProtocolTypesImplementationGenerator.generate_type_implementations):
856
857         * inspector/scripts/codegen/generator.py:
858         (Generator.can_generate_platform):
859         (Generator):
860         (Generator.type_declarations_for_domain):
861         (Generator.commands_for_domain):
862         (Generator.events_for_domain):
863         These are the core methods for computing whether a definition can be used given a target platform.
864
865         (Generator.calculate_types_requiring_shape_assertions):
866         (Generator._traverse_and_assign_enum_values):
867         * inspector/scripts/codegen/models.py:
868         (Protocol.parse_type_declaration):
869         (Protocol.parse_command):
870         (Protocol.parse_event):
871         (Protocol.resolve_types):
872
873         (Domain.__init__):
874         (Domain):
875         (Domain.all_type_declarations):
876         (Domain.all_commands):
877         (Domain.all_events):
878         Hide fields behind these accessors so it's really obvious when we are ignoring platform filtering.
879
880         (Domain.resolve_type_references):
881         (TypeDeclaration.__init__):
882         (Command.__init__):
883         (Event.__init__):
884         * inspector/scripts/codegen/objc_generator.py:
885         (ObjCGenerator.should_generate_types_for_domain):
886         (ObjCGenerator):
887         (ObjCGenerator.should_generate_commands_for_domain):
888         (ObjCGenerator.should_generate_events_for_domain):
889         (ObjCGenerator.should_generate_domain_types_filter): Deleted.
890         (ObjCGenerator.should_generate_domain_types_filter.should_generate_domain_types): Deleted.
891         (ObjCGenerator.should_generate_domain_command_handler_filter): Deleted.
892         (ObjCGenerator.should_generate_domain_command_handler_filter.should_generate_domain_command_handler): Deleted.
893         (ObjCGenerator.should_generate_domain_event_dispatcher_filter): Deleted.
894         (ObjCGenerator.should_generate_domain_event_dispatcher_filter.should_generate_domain_event_dispatcher): Deleted.
895         Clean up some messy code that essentially did the same definition filtering as we must do for platforms.
896         This will be enhanced in a future patch so that platform filtering will take priority over the target framework.
897
898         The results above need rebaselining because the class names for two generators were swapped by accident.
899         Fixing the names causes the order of generated files to change, and this generates ugly diffs because every
900         generated file includes the same copyright block at the top.
901
902         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
903         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
904         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
905         * inspector/scripts/tests/generic/expected/enum-values.json-result:
906         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
907         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
908         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
909         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
910         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
911         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
912         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
913         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
914         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
915
916         * inspector/scripts/tests/generic/expected/fail-on-command-with-invalid-platform.json-error: Added.
917         * inspector/scripts/tests/generic/expected/fail-on-type-with-invalid-platform.json-error: Added.
918         * inspector/scripts/tests/generic/fail-on-command-with-invalid-platform.json: Added.
919         * inspector/scripts/tests/generic/fail-on-type-with-invalid-platform.json: Added.
920
921         Add error test cases for invalid platforms in commands, types, and events.
922
923         * inspector/scripts/tests/generic/definitions-with-mac-platform.json: Added.
924         * inspector/scripts/tests/generic/expected/definitions-with-mac-platform.json-result: Added.
925         * inspector/scripts/tests/all/definitions-with-mac-platform.json: Added.
926         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result: Added.
927         * inspector/scripts/tests/ios/definitions-with-mac-platform.json: Added.
928         * inspector/scripts/tests/ios/expected/definitions-with-mac-platform.json-result: Added.
929         * inspector/scripts/tests/mac/definitions-with-mac-platform.json: Added.
930         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result: Added.
931
932         Add a basic 4-way test that generates code for each platform from the same specification.
933         With 'macos' platform for each definition, only 'all' and 'mac' generate anything interesting.
934
935 2017-01-03  Brian Burg  <bburg@apple.com>
936
937         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
938         https://bugs.webkit.org/show_bug.cgi?id=166003
939         <rdar://problem/28718990>
940
941         Reviewed by Joseph Pecoraro.
942
943         This patch implements parser, model, and generator-side changes to account for
944         platform-specific types, events, and commands. The 'platform' property is parsed
945         for top-level definitions and assumed to be the 'generic' platform if none is specified.
946
947         Since the generator's platform setting acts to filter definitions with an incompatible platform,
948         all generators must be modified to consult a list of filtered types/commands/events for
949         a domain instead of directly accessing Domain.{type_declarations, commands, events}. To prevent
950         accidental misuse, hide those fields behind accessors (e.g., `all_type_declarations()`) so that they
951         are still accessible if truly necessary, but not used by default and caused an error if not migrated.
952
953         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
954         (CppAlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
955         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
956         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
957         (CppBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
958         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
959         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
960         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
961         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
962         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
963         (CppBackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
964         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
965         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
966         (CppFrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
967         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
968         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
969         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
970         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
971         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
972         (_generate_typedefs_for_domain):
973         (_generate_builders_for_domain):
974         (_generate_forward_declarations_for_binding_traits):
975         (_generate_declarations_for_enum_conversion_methods):
976         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
977         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
978         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
979         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
980         * inspector/scripts/codegen/generate_js_backend_commands.py:
981         (JSBackendCommandsGenerator.should_generate_domain):
982         (JSBackendCommandsGenerator.domains_to_generate):
983         (JSBackendCommandsGenerator.generate_domain):
984         (JSBackendCommandsGenerator.domains_to_generate.should_generate_domain): Deleted.
985         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
986         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
987         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
988         (ObjCBackendDispatcherHeaderGenerator._generate_objc_handler_declarations_for_domain):
989         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
990         (ObjCBackendDispatcherImplementationGenerator):
991         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
992         (ObjCBackendDispatcherImplementationGenerator._generate_handler_implementation_for_domain):
993         (ObjCConfigurationImplementationGenerator): Deleted.
994         (ObjCConfigurationImplementationGenerator.__init__): Deleted.
995         (ObjCConfigurationImplementationGenerator.output_filename): Deleted.
996         (ObjCConfigurationImplementationGenerator.domains_to_generate): Deleted.
997         (ObjCConfigurationImplementationGenerator.generate_output): Deleted.
998         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_domain): Deleted.
999         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_command): Deleted.
1000         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command): Deleted.
1001         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command.and): Deleted.
1002         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command): Deleted.
1003         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command.in_param_expression): Deleted.
1004         (ObjCConfigurationImplementationGenerator._generate_invocation_for_command): Deleted.
1005         * inspector/scripts/codegen/generate_objc_configuration_header.py:
1006         (ObjCConfigurationHeaderGenerator.generate_output):
1007         (ObjCConfigurationHeaderGenerator._generate_properties_for_domain):
1008         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
1009         (ObjCConfigurationImplementationGenerator):
1010         (ObjCConfigurationImplementationGenerator.generate_output):
1011         (ObjCConfigurationImplementationGenerator._generate_configuration_implementation_for_domains):
1012         (ObjCConfigurationImplementationGenerator._generate_ivars):
1013         (ObjCConfigurationImplementationGenerator._generate_dealloc):
1014         (ObjCBackendDispatcherImplementationGenerator): Deleted.
1015         (ObjCBackendDispatcherImplementationGenerator.__init__): Deleted.
1016         (ObjCBackendDispatcherImplementationGenerator.output_filename): Deleted.
1017         (ObjCBackendDispatcherImplementationGenerator.generate_output): Deleted.
1018         (ObjCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains): Deleted.
1019         (ObjCBackendDispatcherImplementationGenerator._generate_ivars): Deleted.
1020         (ObjCBackendDispatcherImplementationGenerator._generate_dealloc): Deleted.
1021         (ObjCBackendDispatcherImplementationGenerator._generate_handler_setter_for_domain): Deleted.
1022         (ObjCBackendDispatcherImplementationGenerator._generate_event_dispatcher_getter_for_domain): Deleted.
1023         (ObjCBackendDispatcherImplementationGenerator._variable_name_prefix_for_domain): Deleted.
1024         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1025         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
1026         (ObjCFrontendDispatcherImplementationGenerator._generate_event_dispatcher_implementations):
1027         * inspector/scripts/codegen/generate_objc_header.py:
1028         (ObjCHeaderGenerator.generate_output):
1029         (ObjCHeaderGenerator._generate_forward_declarations):
1030         (ObjCHeaderGenerator._generate_enums):
1031         (ObjCHeaderGenerator._generate_types):
1032         (ObjCHeaderGenerator._generate_command_protocols):
1033         (ObjCHeaderGenerator._generate_event_interfaces):
1034         * inspector/scripts/codegen/generate_objc_internal_header.py:
1035         (ObjCInternalHeaderGenerator.generate_output):
1036         (ObjCInternalHeaderGenerator._generate_event_dispatcher_private_interfaces):
1037         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1038         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
1039         (ObjCProtocolTypeConversionsHeaderGenerator._generate_enum_conversion_functions):
1040         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
1041         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
1042         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_interface):
1043         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_implementation):
1044         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1045         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
1046         (ObjCProtocolTypesImplementationGenerator.generate_type_implementations):
1047
1048         * inspector/scripts/codegen/generator.py:
1049         (Generator.can_generate_platform):
1050         (Generator):
1051         (Generator.type_declarations_for_domain):
1052         (Generator.commands_for_domain):
1053         (Generator.events_for_domain):
1054         These are the core methods for computing whether a definition can be used given a target platform.
1055
1056         (Generator.calculate_types_requiring_shape_assertions):
1057         (Generator._traverse_and_assign_enum_values):
1058         * inspector/scripts/codegen/models.py:
1059         (Protocol.parse_type_declaration):
1060         (Protocol.parse_command):
1061         (Protocol.parse_event):
1062         (Protocol.resolve_types):
1063
1064         (Domain.__init__):
1065         (Domain):
1066         (Domain.all_type_declarations):
1067         (Domain.all_commands):
1068         (Domain.all_events):
1069         Hide fields behind these accessors so it's really obvious when we are ignoring platform filtering.
1070
1071         (Domain.resolve_type_references):
1072         (TypeDeclaration.__init__):
1073         (Command.__init__):
1074         (Event.__init__):
1075         * inspector/scripts/codegen/objc_generator.py:
1076         (ObjCGenerator.should_generate_types_for_domain):
1077         (ObjCGenerator):
1078         (ObjCGenerator.should_generate_commands_for_domain):
1079         (ObjCGenerator.should_generate_events_for_domain):
1080         (ObjCGenerator.should_generate_domain_types_filter): Deleted.
1081         (ObjCGenerator.should_generate_domain_types_filter.should_generate_domain_types): Deleted.
1082         (ObjCGenerator.should_generate_domain_command_handler_filter): Deleted.
1083         (ObjCGenerator.should_generate_domain_command_handler_filter.should_generate_domain_command_handler): Deleted.
1084         (ObjCGenerator.should_generate_domain_event_dispatcher_filter): Deleted.
1085         (ObjCGenerator.should_generate_domain_event_dispatcher_filter.should_generate_domain_event_dispatcher): Deleted.
1086         Clean up some messy code that essentially did the same definition filtering as we must do for platforms.
1087         This will be enhanced in a future patch so that platform filtering will take priority over the target framework.
1088
1089         The following results need rebaselining because the class names for two generators were swapped by accident.
1090         Fixing the names causes the order of generated files to change, and this generates ugly diffs because every
1091         generated file includes the same copyright block at the top.
1092
1093         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
1094         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
1095         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1096         * inspector/scripts/tests/generic/expected/enum-values.json-result:
1097         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
1098         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1099         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
1100         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
1101         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
1102         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
1103         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
1104         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
1105         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
1106
1107 2017-01-03  Brian Burg  <bburg@apple.com>
1108
1109         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
1110         https://bugs.webkit.org/show_bug.cgi?id=166003
1111         <rdar://problem/28718990>
1112
1113         Reviewed by Joseph Pecoraro.
1114
1115         Make it possible to test inspector protocol generator output for different platforms.
1116
1117         Move existing tests to the generic/ subdirectory, as they are to be generated
1118         without any specific platform. Later, platform-specific generator behavior will be
1119         tested by cloning the same test to multiple platform directories.
1120
1121         * inspector/scripts/tests{/ => /generic/}commands-with-async-attribute.json
1122         * inspector/scripts/tests{/ => /generic/}commands-with-optional-call-return-parameters.json
1123         * inspector/scripts/tests{/ => /generic/}domains-with-varying-command-sizes.json
1124         * inspector/scripts/tests{/ => /generic/}enum-values.json
1125         * inspector/scripts/tests{/ => /generic/}events-with-optional-parameters.json
1126         * inspector/scripts/tests{/ => /generic/}expected/commands-with-async-attribute.json-result
1127         * inspector/scripts/tests{/ => /generic/}expected/commands-with-optional-call-return-parameters.json-result
1128         * inspector/scripts/tests{/ => /generic/}expected/domains-with-varying-command-sizes.json-result
1129         * inspector/scripts/tests{/ => /generic/}expected/enum-values.json-result
1130         * inspector/scripts/tests{/ => /generic/}expected/events-with-optional-parameters.json-result
1131         * inspector/scripts/tests{/ => /generic/}expected/fail-on-domain-availability.json-error
1132         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-command-call-parameter-names.json-error
1133         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-command-return-parameter-names.json-error
1134         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-event-parameter-names.json-error
1135         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-type-declarations.json-error
1136         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-type-member-names.json-error
1137         * inspector/scripts/tests{/ => /generic/}expected/fail-on-enum-with-no-values.json-error
1138         * inspector/scripts/tests{/ => /generic/}expected/fail-on-number-typed-optional-parameter-flag.json-error
1139         * inspector/scripts/tests{/ => /generic/}expected/fail-on-number-typed-optional-type-member.json-error
1140         * inspector/scripts/tests{/ => /generic/}expected/fail-on-string-typed-optional-parameter-flag.json-error
1141         * inspector/scripts/tests{/ => /generic/}expected/fail-on-string-typed-optional-type-member.json-error
1142         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-declaration-using-type-reference.json-error
1143         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-reference-as-primitive-type.json-error
1144         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-with-lowercase-name.json-error
1145         * inspector/scripts/tests{/ => /generic/}expected/fail-on-unknown-type-reference-in-type-declaration.json-error
1146         * inspector/scripts/tests{/ => /generic/}expected/fail-on-unknown-type-reference-in-type-member.json-error
1147         * inspector/scripts/tests{/ => /generic/}expected/generate-domains-with-feature-guards.json-result
1148         * inspector/scripts/tests{/ => /generic/}expected/same-type-id-different-domain.json-result
1149         * inspector/scripts/tests{/ => /generic/}expected/shadowed-optional-type-setters.json-result
1150         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-aliased-primitive-type.json-result
1151         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-array-type.json-result
1152         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-enum-type.json-result
1153         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-object-type.json-result
1154         * inspector/scripts/tests{/ => /generic/}expected/type-requiring-runtime-casts.json-result
1155         * inspector/scripts/tests{/ => /generic/}fail-on-domain-availability.json
1156         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-command-call-parameter-names.json
1157         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-command-return-parameter-names.json
1158         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-event-parameter-names.json
1159         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-type-declarations.json
1160         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-type-member-names.json
1161         * inspector/scripts/tests{/ => /generic/}fail-on-enum-with-no-values.json
1162         * inspector/scripts/tests{/ => /generic/}fail-on-number-typed-optional-parameter-flag.json
1163         * inspector/scripts/tests{/ => /generic/}fail-on-number-typed-optional-type-member.json
1164         * inspector/scripts/tests{/ => /generic/}fail-on-string-typed-optional-parameter-flag.json
1165         * inspector/scripts/tests{/ => /generic/}fail-on-string-typed-optional-type-member.json
1166         * inspector/scripts/tests{/ => /generic/}fail-on-type-declaration-using-type-reference.json
1167         * inspector/scripts/tests{/ => /generic/}fail-on-type-reference-as-primitive-type.json
1168         * inspector/scripts/tests{/ => /generic/}fail-on-type-with-lowercase-name.json
1169         * inspector/scripts/tests{/ => /generic/}fail-on-unknown-type-reference-in-type-declaration.json
1170         * inspector/scripts/tests{/ => /generic/}fail-on-unknown-type-reference-in-type-member.json
1171         * inspector/scripts/tests{/ => /generic/}generate-domains-with-feature-guards.json
1172         * inspector/scripts/tests{/ => /generic/}same-type-id-different-domain.json
1173         * inspector/scripts/tests{/ => /generic/}shadowed-optional-type-setters.json
1174         * inspector/scripts/tests{/ => /generic/}type-declaration-aliased-primitive-type.json
1175         * inspector/scripts/tests{/ => /generic/}type-declaration-array-type.json
1176         * inspector/scripts/tests{/ => /generic/}type-declaration-enum-type.json
1177         * inspector/scripts/tests{/ => /generic/}type-declaration-object-type.json
1178         * inspector/scripts/tests{/ => /generic/}type-requiring-runtime-casts.json
1179
1180 2017-01-03  Brian Burg  <bburg@apple.com>
1181
1182         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
1183         https://bugs.webkit.org/show_bug.cgi?id=166003
1184         <rdar://problem/28718990>
1185
1186         Reviewed by Joseph Pecoraro.
1187
1188         Add a --platform argument to generate-inspector-protocol-bindings.py and propagate
1189         the specified platform to each generator. This will be used in the next few patches
1190         to exclude types, events, and commands that are unsupported by the backend platform.
1191
1192         Covert all subclasses of Generator to pass along their positional arguments so that we
1193         can easily change base class arguments without editing all generator constructors.
1194
1195         * inspector/scripts/codegen/cpp_generator.py:
1196         (CppGenerator.__init__):
1197         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
1198         (CppAlternateBackendDispatcherHeaderGenerator.__init__):
1199         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1200         (CppBackendDispatcherHeaderGenerator.__init__):
1201         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1202         (CppBackendDispatcherImplementationGenerator.__init__):
1203         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1204         (CppFrontendDispatcherHeaderGenerator.__init__):
1205         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1206         (CppFrontendDispatcherImplementationGenerator.__init__):
1207         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1208         (CppProtocolTypesHeaderGenerator.__init__):
1209         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1210         (CppProtocolTypesImplementationGenerator.__init__):
1211         * inspector/scripts/codegen/generate_js_backend_commands.py:
1212         (JSBackendCommandsGenerator.__init__):
1213         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1214         (ObjCBackendDispatcherHeaderGenerator.__init__):
1215         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1216         (ObjCConfigurationImplementationGenerator.__init__):
1217         * inspector/scripts/codegen/generate_objc_configuration_header.py:
1218         (ObjCConfigurationHeaderGenerator.__init__):
1219         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
1220         (ObjCBackendDispatcherImplementationGenerator.__init__):
1221         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1222         (ObjCFrontendDispatcherImplementationGenerator.__init__):
1223         * inspector/scripts/codegen/generate_objc_header.py:
1224         (ObjCHeaderGenerator.__init__):
1225         * inspector/scripts/codegen/generate_objc_internal_header.py:
1226         (ObjCInternalHeaderGenerator.__init__):
1227         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1228         (ObjCProtocolTypeConversionsHeaderGenerator.__init__):
1229         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
1230         (ObjCProtocolTypeConversionsImplementationGenerator.__init__):
1231         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1232         (ObjCProtocolTypesImplementationGenerator.__init__):
1233         Pass along *args instead of single positional arguments.
1234
1235         * inspector/scripts/codegen/generator.py:
1236         (Generator.__init__):
1237         Save the target platform and add a getter.
1238
1239         * inspector/scripts/codegen/models.py:
1240         (Platform):
1241         (Platform.__init__):
1242         (Platform.fromString):
1243         (Platforms):
1244         Define the allowed Platform instances (iOS, macOS, and Any).
1245
1246         * inspector/scripts/codegen/objc_generator.py:
1247         (ObjCGenerator.and.__init__):
1248         * inspector/scripts/generate-inspector-protocol-bindings.py:
1249         (generate_from_specification):
1250         Pass along *args instead of single positional arguments.
1251
1252 2017-01-04  JF Bastien  <jfbastien@apple.com>
1253
1254         WebAssembly JS API: add Module.sections
1255         https://bugs.webkit.org/show_bug.cgi?id=165159
1256         <rdar://problem/29760326>
1257
1258         Reviewed by Mark Lam.
1259
1260         As described in: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblymodulecustomsections
1261
1262         This was added for Emscripten, and is likely to be used soon.
1263
1264         * wasm/WasmFormat.h: custom sections are just name + bytes
1265         * wasm/WasmModuleParser.cpp: parse them, instead of skipping over
1266         * wasm/WasmModuleParser.h:
1267         * wasm/js/WebAssemblyModulePrototype.cpp: construct the Array of
1268         ArrayBuffer as described in the spec
1269         (JSC::webAssemblyModuleProtoCustomSections):
1270
1271 2017-01-04  Saam Barati  <sbarati@apple.com>
1272
1273         We don't properly handle exceptions inside the nativeCallTrampoline macro in the LLInt
1274         https://bugs.webkit.org/show_bug.cgi?id=163720
1275
1276         Reviewed by Mark Lam.
1277
1278         In the LLInt, we were incorrectly doing the exception check after the call.
1279         Before the exception check, we were unwinding to our caller's
1280         frame under the assumption that our caller was always a JS frame.
1281         This is incorrect, however, because our caller might be a C frame.
1282         One way that it can be a C frame is when C calls to JS, and JS tail
1283         calls to native. This patch fixes this bug by doing unwinding from
1284         the native callee's frame instead of its callers.
1285
1286         * llint/LowLevelInterpreter32_64.asm:
1287         * llint/LowLevelInterpreter64.asm:
1288
1289 2017-01-03  JF Bastien  <jfbastien@apple.com>
1290
1291         REGRESSION (r210244): Release JSC Stress test failure: wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm
1292         https://bugs.webkit.org/show_bug.cgi?id=166669
1293         <rdar://problem/29856455>
1294
1295         Reviewed by Saam Barati.
1296
1297         Bug #165282 added wasm -> wasm calls, but caused crashes in
1298         release builds because the pinned registers are also callee-saved
1299         and were being clobbered. B3 didn't see itself clobbering them
1300         when no memory was used, and therefore omitted a restore.
1301
1302         This was causing the C++ code in callWebAssemblyFunction to crash
1303         because $r12 was 0, and it expected it to have its value prior to
1304         the call.
1305
1306         * wasm/WasmB3IRGenerator.cpp:
1307         (JSC::Wasm::createJSToWasmWrapper):
1308
1309 2017-01-03  Joseph Pecoraro  <pecoraro@apple.com>
1310
1311         Web Inspector: Address failures under LayoutTests/inspector/debugger/stepping
1312         https://bugs.webkit.org/show_bug.cgi?id=166300
1313
1314         Reviewed by Brian Burg.
1315
1316         * debugger/Debugger.cpp:
1317         (JSC::Debugger::continueProgram):
1318         When continuing, clear states that would have had us pause again.
1319
1320         * inspector/agents/InspectorDebuggerAgent.cpp:
1321         (Inspector::InspectorDebuggerAgent::didBecomeIdle):
1322         When resuming after becoming idle, be sure to clear Debugger state.
1323
1324 2017-01-03  JF Bastien  <jfbastien@apple.com>
1325
1326         WebAssembly JS API: check and test in-call / out-call values
1327         https://bugs.webkit.org/show_bug.cgi?id=164876
1328         <rdar://problem/29844107>
1329
1330         Reviewed by Saam Barati.
1331
1332         * wasm/WasmBinding.cpp:
1333         (JSC::Wasm::wasmToJs): fix the wasm -> JS call coercions for f32 /
1334         f64 which the assotiated tests inadvertently tripped on: the
1335         previous code wasn't correctly performing JSValue boxing for
1336         "double" values. This change is slightly involved because it
1337         requires two scratch registers to materialize the
1338         `DoubleEncodeOffset` value. This change therefore reorganizes the
1339         code to first generate traps, then handle all integers (freeing
1340         all GPRs), and then all the floating-point values.
1341         * wasm/js/WebAssemblyFunction.cpp:
1342         (JSC::callWebAssemblyFunction): Implement the defined semantics
1343         for mismatched arities when JS calls wasm:
1344         https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects
1345           - i32 is 0, f32 / f64 are NaN.
1346           - wasm functions which return "void" are "undefined" in JS.
1347
1348 2017-01-03  Per Arne Vollan  <pvollan@apple.com>
1349
1350         [Win] jsc.exe sometimes never exits.
1351         https://bugs.webkit.org/show_bug.cgi?id=158073
1352
1353         Reviewed by Darin Adler.
1354
1355         On Windows the thread specific destructor is also called when the main thread is exiting.
1356         This may lead to the main thread waiting forever for the machine thread lock when exiting,
1357         if the sampling profiler thread was terminated by the system while holding the machine
1358         thread lock.
1359
1360         * heap/MachineStackMarker.cpp:
1361         (JSC::MachineThreads::removeThread):
1362
1363 2017-01-02  Julien Brianceau  <jbriance@cisco.com>
1364
1365         Remove sh4 specific code from JavaScriptCore
1366         https://bugs.webkit.org/show_bug.cgi?id=166640
1367
1368         Reviewed by Filip Pizlo.
1369
1370         sh4-specific code does not compile for a while (r189884 at least).
1371         As nobody seems to have interest in this architecture anymore, let's
1372         remove this dead code and thus ease the burden for JSC maintainers.
1373
1374         * CMakeLists.txt:
1375         * JavaScriptCore.xcodeproj/project.pbxproj:
1376         * assembler/AbstractMacroAssembler.h:
1377         (JSC::AbstractMacroAssembler::Jump::Jump):
1378         (JSC::AbstractMacroAssembler::Jump::link):
1379         * assembler/MacroAssembler.h:
1380         * assembler/MacroAssemblerSH4.h: Removed.
1381         * assembler/MaxFrameExtentForSlowPathCall.h:
1382         * assembler/SH4Assembler.h: Removed.
1383         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
1384         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
1385         * dfg/DFGSpeculativeJIT.h:
1386         (JSC::DFG::SpeculativeJIT::callOperation):
1387         * jit/AssemblyHelpers.h:
1388         (JSC::AssemblyHelpers::debugCall):
1389         * jit/CCallHelpers.h:
1390         (JSC::CCallHelpers::setupArgumentsWithExecState):
1391         (JSC::CCallHelpers::prepareForTailCallSlow):
1392         * jit/CallFrameShuffler.cpp:
1393         (JSC::CallFrameShuffler::prepareForTailCall):
1394         * jit/ExecutableAllocator.h:
1395         * jit/FPRInfo.h:
1396         * jit/GPRInfo.h:
1397         * jit/JITInlines.h:
1398         (JSC::JIT::callOperation):
1399         * jit/JITOpcodes32_64.cpp:
1400         (JSC::JIT::privateCompileCTINativeCall):
1401         * jit/JITOperations.cpp:
1402         * jit/RegisterSet.cpp:
1403         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
1404         (JSC::RegisterSet::dfgCalleeSaveRegisters):
1405         * jit/ThunkGenerators.cpp:
1406         (JSC::nativeForGenerator):
1407         * llint/LLIntData.cpp:
1408         (JSC::LLInt::Data::performAssertions):
1409         * llint/LLIntOfflineAsmConfig.h:
1410         * llint/LowLevelInterpreter.asm:
1411         * llint/LowLevelInterpreter32_64.asm:
1412         * offlineasm/backends.rb:
1413         * offlineasm/instructions.rb:
1414         * offlineasm/sh4.rb: Removed.
1415         * yarr/YarrJIT.cpp:
1416         (JSC::Yarr::YarrGenerator::generateEnter):
1417         (JSC::Yarr::YarrGenerator::generateReturn):
1418
1419 2017-01-02  JF Bastien  <jfbastien@apple.com>
1420
1421         WebAssembly: handle and optimize wasm export → wasm import calls
1422         https://bugs.webkit.org/show_bug.cgi?id=165282
1423
1424         Reviewed by Saam Barati.
1425
1426           - Add a new JSType for WebAssemblyFunction, and use it when creating its
1427             structure. This will is used to quickly detect from wasm whether the import
1428             call is to another wasm module, or whether it's to JS.
1429           - Generate two stubs from the import stub generator: one for wasm->JS and one
1430             for wasm -> wasm. This is done at Module time. Which is called will only be
1431             known at Instance time, once we've received the import object. We want to
1432             avoid codegen at Instance time, so having both around is great.
1433           - Restore the WebAssembly global state (VM top Instance, and pinned registers)
1434             after call / call_indirect, and in the JS->wasm entry stub.
1435           - Pinned registers are now a global thing, not per-Memory, because the wasm ->
1436             wasm stubs are generated at Module time where we don't really have enough
1437             information to do the right thing (doing so would generate too much code).
1438
1439         * CMakeLists.txt:
1440         * JavaScriptCore.xcodeproj/project.pbxproj:
1441         * runtime/JSType.h: add WebAssemblyFunctionType as a JSType
1442         * wasm/WasmB3IRGenerator.cpp: significantly rework how calls which
1443         could be external work, and how we save / restore global state:
1444         VM's top Instance, and pinned registers
1445         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1446         (JSC::Wasm::getMemoryBaseAndSize):
1447         (JSC::Wasm::restoreWebAssemblyGlobalState):
1448         (JSC::Wasm::createJSToWasmWrapper):
1449         (JSC::Wasm::parseAndCompile):
1450         * wasm/WasmB3IRGenerator.h:
1451         * wasm/WasmBinding.cpp:
1452         (JSC::Wasm::materializeImportJSCell):
1453         (JSC::Wasm::wasmToJS):
1454         (JSC::Wasm::wasmToWasm): the main goal of this patch was adding this function
1455         (JSC::Wasm::exitStubGenerator):
1456         * wasm/WasmBinding.h:
1457         * wasm/WasmFormat.h: Get rid of much of the function index space:
1458         we already have all of its information elsewhere, and as-is it
1459         provides no extra efficiency.
1460         (JSC::Wasm::ModuleInformation::functionIndexSpaceSize):
1461         (JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace):
1462         (JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace):
1463         * wasm/WasmFunctionParser.h:
1464         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
1465         * wasm/WasmMemory.cpp: Add some logging.
1466         (JSC::Wasm::Memory::dump): this was nice when debugging
1467         (JSC::Wasm::Memory::makeString):
1468         (JSC::Wasm::Memory::Memory):
1469         (JSC::Wasm::Memory::~Memory):
1470         (JSC::Wasm::Memory::grow):
1471         * wasm/WasmMemory.h: don't use extra indirection, it wasn't
1472         needed. Reorder some of the fields which are looked up at runtime
1473         so they're more cache-friendly.
1474         (JSC::Wasm::Memory::Memory):
1475         (JSC::Wasm::Memory::mode):
1476         (JSC::Wasm::Memory::offsetOfSize):
1477         * wasm/WasmMemoryInformation.cpp: Pinned registers are now a
1478         global thing for all of JSC, not a per-Memory thing
1479         anymore. wasm->wasm calls are more complex otherwise: they have to
1480         figure out how to bridge between the caller and callee's
1481         special-snowflake pinning.
1482         (JSC::Wasm::PinnedRegisterInfo::get):
1483         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
1484         (JSC::Wasm::MemoryInformation::MemoryInformation):
1485         * wasm/WasmMemoryInformation.h:
1486         * wasm/WasmModuleParser.cpp:
1487         * wasm/WasmModuleParser.h:
1488         * wasm/WasmPageCount.cpp: Copied from Source/JavaScriptCore/wasm/WasmBinding.h.
1489         (JSC::Wasm::PageCount::dump): nice for debugging
1490         * wasm/WasmPageCount.h:
1491         * wasm/WasmPlan.cpp:
1492         (JSC::Wasm::Plan::parseAndValidateModule):
1493         (JSC::Wasm::Plan::run):
1494         * wasm/WasmPlan.h:
1495         (JSC::Wasm::Plan::takeWasmExitStubs):
1496         * wasm/WasmSignature.cpp:
1497         (JSC::Wasm::Signature::toString):
1498         (JSC::Wasm::Signature::dump):
1499         * wasm/WasmSignature.h:
1500         * wasm/WasmValidate.cpp:
1501         (JSC::Wasm::validateFunction):
1502         * wasm/WasmValidate.h:
1503         * wasm/js/JSWebAssemblyInstance.h:
1504         (JSC::JSWebAssemblyInstance::offsetOfTable):
1505         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
1506         (JSC::JSWebAssemblyInstance::offsetOfImportFunction):
1507         * wasm/js/JSWebAssemblyMemory.cpp:
1508         (JSC::JSWebAssemblyMemory::create):
1509         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
1510         (JSC::JSWebAssemblyMemory::buffer):
1511         (JSC::JSWebAssemblyMemory::grow):
1512         * wasm/js/JSWebAssemblyMemory.h:
1513         (JSC::JSWebAssemblyMemory::memory):
1514         (JSC::JSWebAssemblyMemory::offsetOfMemory):
1515         (JSC::JSWebAssemblyMemory::offsetOfSize):
1516         * wasm/js/JSWebAssemblyModule.cpp:
1517         (JSC::JSWebAssemblyModule::create):
1518         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1519         * wasm/js/JSWebAssemblyModule.h:
1520         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
1521         (JSC::JSWebAssemblyModule::functionImportCount):
1522         * wasm/js/WebAssemblyFunction.cpp:
1523         (JSC::callWebAssemblyFunction):
1524         (JSC::WebAssemblyFunction::create):
1525         (JSC::WebAssemblyFunction::createStructure):
1526         (JSC::WebAssemblyFunction::WebAssemblyFunction):
1527         (JSC::WebAssemblyFunction::finishCreation):
1528         * wasm/js/WebAssemblyFunction.h:
1529         (JSC::WebAssemblyFunction::wasmEntrypoint):
1530         (JSC::WebAssemblyFunction::offsetOfInstance):
1531         (JSC::WebAssemblyFunction::offsetOfWasmEntryPointCode):
1532         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1533         (JSC::constructJSWebAssemblyInstance): always start with a dummy
1534         memory, so wasm->wasm calls don't need to null-check
1535         * wasm/js/WebAssemblyMemoryConstructor.cpp:
1536         (JSC::constructJSWebAssemblyMemory):
1537         * wasm/js/WebAssemblyModuleConstructor.cpp:
1538         (JSC::WebAssemblyModuleConstructor::createModule):
1539         * wasm/js/WebAssemblyModuleRecord.cpp:
1540         (JSC::WebAssemblyModuleRecord::link):
1541         (JSC::WebAssemblyModuleRecord::evaluate):
1542         * wasm/js/WebAssemblyModuleRecord.h:
1543
1544 2017-01-02  Saam Barati  <sbarati@apple.com>
1545
1546         WebAssembly: Some loads don't take into account the offset
1547         https://bugs.webkit.org/show_bug.cgi?id=166616
1548         <rdar://problem/29841541>
1549
1550         Reviewed by Keith Miller.
1551
1552         * wasm/WasmB3IRGenerator.cpp:
1553         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1554
1555 2017-01-01  Jeff Miller  <jeffm@apple.com>
1556
1557         Update user-visible copyright strings to include 2017
1558         https://bugs.webkit.org/show_bug.cgi?id=166278
1559
1560         Reviewed by Dan Bernstein.
1561
1562         * Info.plist:
1563
1564 2016-12-28  Saam Barati  <sbarati@apple.com>
1565
1566         WebAssembly: Don't allow duplicate export names
1567         https://bugs.webkit.org/show_bug.cgi?id=166490
1568         <rdar://problem/29815000>
1569
1570         Reviewed by Keith Miller.
1571
1572         * wasm/WasmModuleParser.cpp:
1573
1574 2016-12-28  Saam Barati  <sbarati@apple.com>
1575
1576         Unreviewed. Fix jsc.cpp build error.
1577
1578         * jsc.cpp:
1579         (functionTestWasmModuleFunctions):
1580
1581 2016-12-28  Saam Barati  <sbarati@apple.com>
1582
1583         WebAssembly: Implement grow_memory and current_memory
1584         https://bugs.webkit.org/show_bug.cgi?id=166448
1585         <rdar://problem/29803676>
1586
1587         Reviewed by Keith Miller.
1588
1589         This patch implements grow_memory, current_memory, and WebAssembly.prototype.grow.
1590         See relevant spec texts here:
1591         
1592         https://github.com/WebAssembly/design/blob/master/Semantics.md#linear-memory-accesses
1593         https://github.com/WebAssembly/design/blob/master/JS.md#webassemblymemoryprototypegrow
1594         
1595         I also fix a couple miscellaneous bugs:
1596         
1597         1. Data section now understands full init_exprs. 
1598         2. parseVarUint1 no longer has a bug where we allow values larger than 1 if
1599         their bottom 8 bits are zero.
1600         
1601         Since the JS API can now grow memory, we need to make calling an import
1602         and call_indirect refresh the base memory register and the size registers.
1603
1604         * jsc.cpp:
1605         (functionTestWasmModuleFunctions):
1606         * runtime/Options.h:
1607         * runtime/VM.h:
1608         * wasm/WasmB3IRGenerator.cpp:
1609         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1610         (JSC::Wasm::reloadPinnedRegisters):
1611         (JSC::Wasm::B3IRGenerator::emitReloadPinnedRegisters):
1612         (JSC::Wasm::createJSToWasmWrapper):
1613         (JSC::Wasm::parseAndCompile):
1614         * wasm/WasmFormat.cpp:
1615         (JSC::Wasm::Segment::create):
1616         * wasm/WasmFormat.h:
1617         (JSC::Wasm::I32InitExpr::I32InitExpr):
1618         (JSC::Wasm::I32InitExpr::globalImport):
1619         (JSC::Wasm::I32InitExpr::constValue):
1620         (JSC::Wasm::I32InitExpr::isConst):
1621         (JSC::Wasm::I32InitExpr::isGlobalImport):
1622         (JSC::Wasm::I32InitExpr::globalImportIndex):
1623         (JSC::Wasm::Segment::byte):
1624         (JSC::Wasm::ModuleInformation::importFunctionCount):
1625         (JSC::Wasm::ModuleInformation::hasMemory):
1626         * wasm/WasmFunctionParser.h:
1627         * wasm/WasmMemory.cpp:
1628         (JSC::Wasm::Memory::Memory):
1629         (JSC::Wasm::Memory::grow):
1630         * wasm/WasmMemory.h:
1631         (JSC::Wasm::Memory::size):
1632         (JSC::Wasm::Memory::sizeInPages):
1633         (JSC::Wasm::Memory::offsetOfMemory):
1634         (JSC::Wasm::Memory::isValid): Deleted.
1635         (JSC::Wasm::Memory::grow): Deleted.
1636         * wasm/WasmModuleParser.cpp:
1637         (JSC::Wasm::makeI32InitExpr):
1638         * wasm/WasmModuleParser.h:
1639         * wasm/WasmPageCount.h:
1640         (JSC::Wasm::PageCount::bytes):
1641         (JSC::Wasm::PageCount::pageCount):
1642         (JSC::Wasm::PageCount::fromBytes):
1643         (JSC::Wasm::PageCount::operator+):
1644         * wasm/WasmParser.h:
1645         (JSC::Wasm::Parser<SuccessType>::parseVarUInt1):
1646         * wasm/WasmValidate.cpp:
1647         * wasm/js/JSWebAssemblyInstance.h:
1648         (JSC::JSWebAssemblyInstance::offsetOfMemory):
1649         * wasm/js/JSWebAssemblyMemory.cpp:
1650         (JSC::JSWebAssemblyMemory::~JSWebAssemblyMemory):
1651         (JSC::JSWebAssemblyMemory::grow):
1652         * wasm/js/JSWebAssemblyMemory.h:
1653         (JSC::JSWebAssemblyMemory::offsetOfMemory):
1654         * wasm/js/JSWebAssemblyModule.h:
1655         (JSC::JSWebAssemblyModule::functionImportCount):
1656         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace):
1657         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace):
1658         (JSC::JSWebAssemblyModule::importCount): Deleted.
1659         * wasm/js/WebAssemblyFunction.cpp:
1660         (JSC::callWebAssemblyFunction):
1661         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1662         (JSC::constructJSWebAssemblyInstance):
1663         * wasm/js/WebAssemblyMemoryConstructor.cpp:
1664         (JSC::constructJSWebAssemblyMemory):
1665         * wasm/js/WebAssemblyMemoryPrototype.cpp:
1666         (JSC::getMemory):
1667         (JSC::webAssemblyMemoryProtoFuncBuffer):
1668         (JSC::webAssemblyMemoryProtoFuncGrow):
1669         * wasm/js/WebAssemblyModuleRecord.cpp:
1670         (JSC::WebAssemblyModuleRecord::link):
1671         (JSC::dataSegmentFail):
1672         (JSC::WebAssemblyModuleRecord::evaluate):
1673         * wasm/wasm.json:
1674
1675 2016-12-26  Yusuke Suzuki  <utatane.tea@gmail.com>
1676
1677         Use variadic templates in JSC Parser to clean up
1678         https://bugs.webkit.org/show_bug.cgi?id=166482
1679
1680         Reviewed by Saam Barati.
1681
1682         * parser/Parser.cpp:
1683         (JSC::Parser<LexerType>::logError):
1684         * parser/Parser.h:
1685
1686 2016-12-25  Yusuke Suzuki  <utatane.tea@gmail.com>
1687
1688         Propagate the source origin as much as possible
1689         https://bugs.webkit.org/show_bug.cgi?id=166348
1690
1691         Reviewed by Darin Adler.
1692
1693         This patch introduces CallFrame::callerSourceOrigin, SourceOrigin class
1694         and SourceProvider::m_sourceOrigin. CallFrame::callerSourceOrigin returns
1695         an appropriate SourceOrigin if possible. If we cannot find the appropriate
1696         one, we just return null SourceOrigin.
1697
1698         This paves the way for implementing the module dynamic-import[1].
1699         When the import operator is evaluated, it will resolve the module
1700         specifier with this propagated source origin of the caller function.
1701
1702         To support import operator inside the dynamic code generation
1703         functions (like `eval`, `new Function`, indirect call to `eval`),
1704         we need to propagate the caller's source origin to the generated
1705         source code.
1706
1707         We do not use sourceURL for that purpose. This is because we
1708         would like to keep sourceURL for `eval` / `new Function` null.
1709         This sourceURL will be used for the stack dump for errors with line/column
1710         numbers. Dumping the caller's sourceURL with line/column numbers are
1711         meaningless. So we would like to keep it null while we would like
1712         to propagate SourceOrigin for dynamic imports.
1713
1714         [1]: https://github.com/tc39/proposal-dynamic-import
1715
1716         * API/JSBase.cpp:
1717         (JSEvaluateScript):
1718         (JSCheckScriptSyntax):
1719         * API/JSObjectRef.cpp:
1720         (JSObjectMakeFunction):
1721         * API/JSScriptRef.cpp:
1722         (OpaqueJSScript::create):
1723         (OpaqueJSScript::vm):
1724         (OpaqueJSScript::OpaqueJSScript):
1725         (parseScript):
1726         * JavaScriptCore.xcodeproj/project.pbxproj:
1727         * Scripts/builtins/builtins_templates.py:
1728         * Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
1729         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
1730         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
1731         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
1732         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
1733         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
1734         * builtins/BuiltinExecutables.cpp:
1735         (JSC::BuiltinExecutables::BuiltinExecutables):
1736         (JSC::BuiltinExecutables::createDefaultConstructor):
1737         * debugger/DebuggerCallFrame.cpp:
1738         (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
1739         * inspector/InjectedScriptManager.cpp:
1740         (Inspector::InjectedScriptManager::createInjectedScript):
1741         * inspector/JSInjectedScriptHost.cpp:
1742         (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
1743         * inspector/agents/InspectorRuntimeAgent.cpp:
1744         (Inspector::InspectorRuntimeAgent::parse):
1745         * interpreter/CallFrame.cpp:
1746         (JSC::CallFrame::callerSourceOrigin):
1747         * interpreter/CallFrame.h:
1748         * interpreter/Interpreter.cpp:
1749         (JSC::eval):
1750         * jsc.cpp:
1751         (jscSource):
1752         (GlobalObject::finishCreation):
1753         (extractDirectoryName):
1754         (currentWorkingDirectory):
1755         (GlobalObject::moduleLoaderResolve):
1756         (functionRunString):
1757         (functionLoadString):
1758         (functionCallerSourceOrigin):
1759         (functionCreateBuiltin):
1760         (functionCheckModuleSyntax):
1761         (runInteractive):
1762         * parser/SourceCode.h:
1763         (JSC::makeSource):
1764         * parser/SourceProvider.cpp:
1765         (JSC::SourceProvider::SourceProvider):
1766         * parser/SourceProvider.h:
1767         (JSC::SourceProvider::sourceOrigin):
1768         (JSC::StringSourceProvider::create):
1769         (JSC::StringSourceProvider::StringSourceProvider):
1770         (JSC::WebAssemblySourceProvider::create):
1771         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1772         * runtime/FunctionConstructor.cpp:
1773         (JSC::constructFunction):
1774         (JSC::constructFunctionSkippingEvalEnabledCheck):
1775         * runtime/FunctionConstructor.h:
1776         * runtime/JSGlobalObjectFunctions.cpp:
1777         (JSC::globalFuncEval):
1778         * runtime/ModuleLoaderPrototype.cpp:
1779         (JSC::moduleLoaderPrototypeParseModule):
1780         * runtime/ScriptExecutable.h:
1781         (JSC::ScriptExecutable::sourceOrigin):
1782         * runtime/SourceOrigin.h: Added.
1783         (JSC::SourceOrigin::SourceOrigin):
1784         (JSC::SourceOrigin::string):
1785         (JSC::SourceOrigin::isNull):
1786         * tools/FunctionOverrides.cpp:
1787         (JSC::initializeOverrideInfo):
1788
1789 2016-12-24  Caio Lima  <ticaiolima@gmail.com>
1790
1791         [test262] Fixing mapped arguments object property test case
1792         https://bugs.webkit.org/show_bug.cgi?id=159398
1793
1794         Reviewed by Saam Barati.
1795
1796         This patch changes GenericArguments' override mechanism to
1797         implement corret behavior on ECMAScript test262 suite test cases of
1798         mapped arguments object with non-configurable and non-writable
1799         property. Also it is ensuring that arguments[i]
1800         cannot be deleted when argument "i" is {configurable: false}.
1801         
1802         The previous implementation is against to the specification for 2 reasons:
1803
1804         1. Every argument in arguments object are {writable: true} by default
1805            (http://www.ecma-international.org/ecma-262/7.0/index.html#sec-createunmappedargumentsobject).
1806            It means that we have to stop mapping a defined property index
1807            if the new property descriptor contains writable (i.e writable is
1808            present) and its value is false (also check
1809            https://tc39.github.io/ecma262/#sec-arguments-exotic-objects-defineownproperty-p-desc).
1810            Previous implementation considers {writable: false} if writable is
1811            not present.
1812
1813         2. When a property is overriden, "delete" operation is always returning true. However
1814            delete operations should follow the specification.
1815
1816         We created an auxilary boolean array named m_modifiedArgumentsDescriptor
1817         to store which arguments[i] descriptor was changed from its default
1818         property descriptor. This modification was necessary because m_overrides
1819         was responsible to keep this information at the same time
1820         of keeping information about arguments mapping. The problem of this apporach was
1821         that we needed to call overridesArgument(i) as soon as the ith argument's property
1822         descriptor was changed and it stops the argument's mapping as sideffect, producing
1823         wrong behavior.
1824         To keep tracking arguments mapping status, we renamed DirectArguments::m_overrides to
1825         DirectArguments::m_mappedArguments and now we it is responsible to manage if an
1826         argument[i] is mapped or not.
1827         With these 2 structures, now it is possible to an argument[i] have its property 
1828         descriptor modified and don't stop the mapping as soon as it happens. One example
1829         of that wrong behavior can be found on arguments-bizarre-behaviour-disable-enumerability
1830         test case, that now is fixed by this new mechanism.
1831
1832         * bytecode/PolymorphicAccess.cpp:
1833         (JSC::AccessCase::generateWithGuard):
1834         * dfg/DFGSpeculativeJIT.cpp:
1835         (JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
1836         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
1837         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
1838         * ftl/FTLAbstractHeapRepository.h:
1839         * ftl/FTLLowerDFGToB3.cpp:
1840         (JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength):
1841         (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
1842         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
1843         * jit/JITOperations.cpp:
1844         (JSC::canAccessArgumentIndexQuickly):
1845         * jit/JITPropertyAccess.cpp:
1846         (JSC::JIT::emitDirectArgumentsGetByVal):
1847         * runtime/DirectArguments.cpp:
1848         (JSC::DirectArguments::estimatedSize):
1849         (JSC::DirectArguments::visitChildren):
1850         (JSC::DirectArguments::overrideThings):
1851         (JSC::DirectArguments::overrideThingsIfNecessary):
1852         (JSC::DirectArguments::unmapArgument):
1853         (JSC::DirectArguments::copyToArguments):
1854         (JSC::DirectArguments::overridesSize):
1855         (JSC::DirectArguments::overrideArgument): Deleted.
1856         * runtime/DirectArguments.h:
1857         (JSC::DirectArguments::length):
1858         (JSC::DirectArguments::isMappedArgument):
1859         (JSC::DirectArguments::isMappedArgumentInDFG):
1860         (JSC::DirectArguments::getIndexQuickly):
1861         (JSC::DirectArguments::setIndexQuickly):
1862         (JSC::DirectArguments::overrodeThings):
1863         (JSC::DirectArguments::initModifiedArgumentsDescriptorIfNecessary):
1864         (JSC::DirectArguments::setModifiedArgumentDescriptor):
1865         (JSC::DirectArguments::isModifiedArgumentDescriptor):
1866         (JSC::DirectArguments::offsetOfMappedArguments):
1867         (JSC::DirectArguments::offsetOfModifiedArgumentsDescriptor):
1868         (JSC::DirectArguments::canAccessIndexQuickly): Deleted.
1869         (JSC::DirectArguments::canAccessArgumentIndexQuicklyInDFG): Deleted.
1870         (JSC::DirectArguments::offsetOfOverrides): Deleted.
1871         * runtime/GenericArguments.h:
1872         * runtime/GenericArgumentsInlines.h:
1873         (JSC::GenericArguments<Type>::visitChildren):
1874         (JSC::GenericArguments<Type>::getOwnPropertySlot):
1875         (JSC::GenericArguments<Type>::getOwnPropertySlotByIndex):
1876         (JSC::GenericArguments<Type>::getOwnPropertyNames):
1877         (JSC::GenericArguments<Type>::put):
1878         (JSC::GenericArguments<Type>::putByIndex):
1879         (JSC::GenericArguments<Type>::deleteProperty):
1880         (JSC::GenericArguments<Type>::deletePropertyByIndex):
1881         (JSC::GenericArguments<Type>::defineOwnProperty):
1882         (JSC::GenericArguments<Type>::initModifiedArgumentsDescriptor):
1883         (JSC::GenericArguments<Type>::initModifiedArgumentsDescriptorIfNecessary):
1884         (JSC::GenericArguments<Type>::setModifiedArgumentDescriptor):
1885         (JSC::GenericArguments<Type>::isModifiedArgumentDescriptor):
1886         (JSC::GenericArguments<Type>::copyToArguments):
1887         * runtime/ScopedArguments.cpp:
1888         (JSC::ScopedArguments::visitChildren):
1889         (JSC::ScopedArguments::unmapArgument):
1890         (JSC::ScopedArguments::overrideArgument): Deleted.
1891         * runtime/ScopedArguments.h:
1892         (JSC::ScopedArguments::isMappedArgument):
1893         (JSC::ScopedArguments::isMappedArgumentInDFG):
1894         (JSC::ScopedArguments::getIndexQuickly):
1895         (JSC::ScopedArguments::setIndexQuickly):
1896         (JSC::ScopedArguments::initModifiedArgumentsDescriptorIfNecessary):
1897         (JSC::ScopedArguments::setModifiedArgumentDescriptor):
1898         (JSC::ScopedArguments::isModifiedArgumentDescriptor):
1899         (JSC::ScopedArguments::canAccessIndexQuickly): Deleted.
1900         (JSC::ScopedArguments::canAccessArgumentIndexQuicklyInDFG): Deleted.
1901
1902 2016-12-23  Mark Lam  <mark.lam@apple.com>
1903
1904         Using Option::breakOnThrow() shouldn't crash while printing a null CodeBlock.
1905         https://bugs.webkit.org/show_bug.cgi?id=166466
1906
1907         Reviewed by Keith Miller.
1908
1909         * runtime/VM.cpp:
1910         (JSC::VM::throwException):
1911
1912 2016-12-23  Mark Lam  <mark.lam@apple.com>
1913
1914         Enhance LLInt tracing to dump the codeBlock signature instead of just a pointer where appropriate.
1915         https://bugs.webkit.org/show_bug.cgi?id=166465
1916
1917         Reviewed by Keith Miller.
1918
1919         * llint/LLIntSlowPaths.cpp:
1920         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1921         (JSC::LLInt::traceFunctionPrologue):
1922
1923 2016-12-23  Keith Miller  <keith_miller@apple.com>
1924
1925         WebAssembly: trap on bad division.
1926         https://bugs.webkit.org/show_bug.cgi?id=164786
1927
1928         Reviewed by Mark Lam.
1929
1930         This patch adds traps for division / modulo by zero and for
1931         division by int_min / -1.
1932
1933         * wasm/WasmB3IRGenerator.cpp:
1934         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
1935         * wasm/WasmExceptionType.h:
1936         * wasm/WasmPlan.cpp:
1937         (JSC::Wasm::Plan::run):
1938         * wasm/wasm.json:
1939
1940 2016-12-23  Mark Lam  <mark.lam@apple.com>
1941
1942         Fix broken LLINT_SLOW_PATH_TRACING build.
1943         https://bugs.webkit.org/show_bug.cgi?id=166463
1944
1945         Reviewed by Keith Miller.
1946
1947         * llint/LLIntExceptions.cpp:
1948         (JSC::LLInt::returnToThrow):
1949         (JSC::LLInt::callToThrow):
1950         * runtime/CommonSlowPathsExceptions.cpp:
1951         (JSC::CommonSlowPaths::interpreterThrowInCaller):
1952
1953 2016-12-22  Keith Miller  <keith_miller@apple.com>
1954
1955         WebAssembly: Make spec-tests/f32.wast.js and spec-tests/f64.wast.js pass
1956         https://bugs.webkit.org/show_bug.cgi?id=166447
1957
1958         Reviewed by Saam Barati.
1959
1960         We needed to treat -0.0 < 0.0 for floating point min/max. For min,
1961         the algorithm works because if a == b then a and b are not NaNs so
1962         either they are the same or they are some zero. When we or a and b
1963         either we get the same number back or we get -0.0. Similarly for
1964         max we use an and and the sign bit gets dropped if one is 0.0 and
1965         the other is -0.0, otherwise, we get the same number back.
1966
1967         * wasm/wasm.json:
1968
1969 2016-12-22  Saam Barati  <sbarati@apple.com>
1970
1971         WebAssembly: Make calling Wasm functions that returns or takes an i64 as a parameter an early exception
1972         https://bugs.webkit.org/show_bug.cgi?id=166437
1973         <rdar://problem/29793949>
1974
1975         Reviewed by Keith Miller.
1976
1977         This patch makes it so that we throw an exception before we do
1978         anything else if we call a wasm function that either takes an
1979         i64 as an argument or returns an i64.
1980
1981         * wasm/js/WebAssemblyFunction.cpp:
1982         (JSC::callWebAssemblyFunction):
1983         (JSC::WebAssemblyFunction::WebAssemblyFunction):
1984         (JSC::WebAssemblyFunction::call): Deleted.
1985         * wasm/js/WebAssemblyFunction.h:
1986         (JSC::WebAssemblyFunction::signatureIndex):
1987         (JSC::WebAssemblyFunction::jsEntrypoint):
1988
1989 2016-12-22  Keith Miller  <keith_miller@apple.com>
1990
1991         Add BitOr for floating points to B3
1992         https://bugs.webkit.org/show_bug.cgi?id=166446
1993
1994         Reviewed by Saam Barati.
1995
1996         This patch does some slight refactoring to the ARM assembler,
1997         which groups all the vector floating point instructions together.
1998
1999         * assembler/ARM64Assembler.h:
2000         (JSC::ARM64Assembler::vand):
2001         (JSC::ARM64Assembler::vorr):
2002         (JSC::ARM64Assembler::vectorDataProcessingLogical):
2003         (JSC::ARM64Assembler::vectorDataProcessing2Source): Deleted.
2004         * assembler/MacroAssemblerARM64.h:
2005         (JSC::MacroAssemblerARM64::orDouble):
2006         (JSC::MacroAssemblerARM64::orFloat):
2007         * assembler/MacroAssemblerX86Common.h:
2008         (JSC::MacroAssemblerX86Common::orDouble):
2009         (JSC::MacroAssemblerX86Common::orFloat):
2010         * assembler/X86Assembler.h:
2011         (JSC::X86Assembler::orps_rr):
2012         * b3/B3ConstDoubleValue.cpp:
2013         (JSC::B3::ConstDoubleValue::bitOrConstant):
2014         (JSC::B3::ConstDoubleValue::bitXorConstant):
2015         * b3/B3ConstDoubleValue.h:
2016         * b3/B3ConstFloatValue.cpp:
2017         (JSC::B3::ConstFloatValue::bitOrConstant):
2018         (JSC::B3::ConstFloatValue::bitXorConstant):
2019         * b3/B3ConstFloatValue.h:
2020         * b3/B3LowerToAir.cpp:
2021         (JSC::B3::Air::LowerToAir::lower):
2022         * b3/B3Validate.cpp:
2023         * b3/air/AirInstInlines.h:
2024         (JSC::B3::Air::Inst::shouldTryAliasingDef):
2025         * b3/air/AirOpcode.opcodes:
2026         * b3/testb3.cpp:
2027         (JSC::B3::bitOrDouble):
2028         (JSC::B3::testBitOrArgDouble):
2029         (JSC::B3::testBitOrArgsDouble):
2030         (JSC::B3::testBitOrArgImmDouble):
2031         (JSC::B3::testBitOrImmsDouble):
2032         (JSC::B3::bitOrFloat):
2033         (JSC::B3::testBitOrArgFloat):
2034         (JSC::B3::testBitOrArgsFloat):
2035         (JSC::B3::testBitOrArgImmFloat):
2036         (JSC::B3::testBitOrImmsFloat):
2037         (JSC::B3::testBitOrArgsFloatWithUselessDoubleConversion):
2038         (JSC::B3::run):
2039
2040 2016-12-22  Mark Lam  <mark.lam@apple.com>
2041
2042         BytecodeGenerator::m_finallyDepth should be unsigned.
2043         https://bugs.webkit.org/show_bug.cgi?id=166438
2044
2045         Reviewed by Saam Barati.
2046
2047         Also removed FinallyContext::m_finallyDepth because it is not used.
2048
2049         * bytecompiler/BytecodeGenerator.cpp:
2050         (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
2051         (JSC::BytecodeGenerator::labelScopeDepth):
2052         * bytecompiler/BytecodeGenerator.h:
2053         (JSC::FinallyContext::FinallyContext):
2054         (JSC::FinallyContext::finallyLabel):
2055         (JSC::FinallyContext::depth): Deleted.
2056
2057 2016-12-22  Mark Lam  <mark.lam@apple.com>
2058
2059         De-duplicate finally blocks.
2060         https://bugs.webkit.org/show_bug.cgi?id=160168
2061
2062         Reviewed by Saam Barati.
2063
2064         JS execution can arrive at a finally block when there are abrupt completions from
2065         its try or catch block.  The abrupt completion types include Break,
2066         Continue, Return, and Throw.  The non-abrupt completion type is called Normal
2067         (i.e. the case of a try block falling through to the finally block).
2068
2069         Previously, we enable each of these paths for abrupt completion (except for Throw)
2070         to run the finally block code by duplicating the finally block code at each of
2071         the sites that trigger those completions.  This patch fixes the implementation so
2072         that each of these abrupt completions will set a completionTypeRegister (plus a
2073         completionValueRegister for CompletionType::Return) and then jump to the
2074         relevant finally blocks, and continue to thread through subsequent outer finally
2075         blocks until execution reaches the outermost finally block that the completion
2076         type dictates.  We no longer duplicate the finally block code.
2077
2078         The implementation details:
2079         1. We allocate a pair of registers (completionTypeRegister and completionValueRegister)
2080            just before entering the outermost try-catch-finally scope.
2081
2082            On allocating the registers, we initialize the completionTypeRegister to
2083            CompletionType::Normal, and set the completionValueRegister to the empty
2084            JSValue.
2085
2086         2. The completionTypeRegister will hold a CompletionType value.  This is how we
2087            encode the CompletionType value to be set:
2088
2089            a. For Normal, Return, and Throw completion types: 
2090               - The completionTypeRegister is set to CompletionType::Normal,
2091                 CompletionType::Return, and CompletionType::Throw respectively.
2092
2093            b. For Break and Continue completion types:
2094               - The completionTypeRegister is set to a unique jumpID where the jumpID is
2095                 computed as:
2096
2097                 jumpID = CompletionType::NumberOfTypes + bytecodeOffset
2098
2099                 The bytecodeOffset used here is the bytecodeOffset of the break or continue
2100                 statement that triggered this completion.
2101
2102         3. Each finally block will have 2 entries:
2103            a. the catch entry.
2104            b. the normal entry.
2105
2106            The catch entry is recorded in the codeBlock's exception handler table,
2107            and can only be jumped to by the VM's exception handling mechanism.
2108
2109            The normal entry is recorded in a FinallyContext (at bytecode generation time
2110            only) and is jumped to when we want enter the finally block due any of the
2111            other CompletionTypes.
2112
2113         4. How each completion type works?
2114
2115            CompletionType::Normal
2116            ======================
2117            We normally encounter this when falling through from a try or catch block to
2118            the finally block.  
2119           
2120            For the try block case, since completionTypeRegister is set to Normal by default,
2121            there's nothing more that needs to be done.
2122
2123            For the catch block case, since we entered the catch block with an exception,
2124            completionTypeRegister may be set to Throw.  We'll need to set it to Normal
2125            before jumping to the finally block's normal entry.
2126
2127            CompletionType::Break
2128            =====================
2129            When we emit bytecode for the BreakNode, we check if we have any FinallyContexts
2130            that we need to service before jumping to the breakTarget.  If we don't, then
2131            emit op_jump to the breakTarget as usual.  Otherwise:
2132
2133            a. we'll register a jumpID and the breakTarget with the FinallyContext for the
2134               outermost finally block that we're supposed to run through.
2135            b. we'll also increment the numberOfBreaksOrContinues count in each FinallyContext
2136               from the innermost to the one for that outermost finally block.
2137            c. emit bytecode to set the completionTypeRegister to the jumpID.
2138            d. emit bytecode to jump to the normal entry of the innermost finally block.
2139
2140            Each finally block will take care of cascading to the next outer finally block
2141            as needed (see (5) below).
2142
2143            CompletionType::Continue
2144            ========================
2145            Since continues and breaks work the same way (i.e. with a jump), we handle this
2146            exactly the same way as CompletionType::Break, except that we use the
2147            continueTarget instead of the breakTarget.
2148
2149            CompletionType::Return
2150            ======================
2151            When we emit bytecode for the ReturnNode, we check if we have any FinallyContexts
2152            at all on the m_controlFlowScopeStack.  If we don't, then emit op_ret as usual.
2153            Otherwise:
2154
2155            a. emit bytecode to set the completionTypeRegister to CompletionType::Return.
2156            b. emit bytecode to move the return value into the completionValueRegister.
2157            c. emit bytecode to jump to the normal entry of the innermost finally block.
2158
2159            Each finally block will take care of cascading to the next outer finally block
2160            as needed (see (5) below).
2161
2162            CompletionType::Throw
2163            ======================
2164            At the catch entry a finally block, we:
2165            1. emit an op_catch that stores the caught Exception object in the
2166               completionValueRegister.
2167            2. emit bytecode to set the completionTypeRegister to CompletionType::Throw.
2168            3. Fall through or jump to the finally block's normal entry.
2169
2170         5. What happens in each finally block?
2171            ==================================
2172            For details on the finally block's catch entry, see "CompletionType::Throw" in
2173            (4) above.
2174
2175            The finally block's normal entry will:
2176            1. restore the scope of the finally block.
2177            2. save the completionTypeRegister in a savedCompletionTypeRegister.
2178            3. proceed to execute the body of the finally block.
2179
2180            At the end of the finally block, we will emit bytecode check the
2181            savedCompletionTypeRegister for each completion type see emitFinallyCompletion())
2182            in the following order:
2183           
2184            a. Check for CompletionType::Normal
2185               ================================
2186               If savedCompletionTypeRegister is CompletionType::Normal, jump to the
2187               designated normalCompletion label.  We only need this check this finally
2188               block also needs to check for Break, Continue, or Return.  If not, the
2189               completion type check for CompletionType::Throw below will make this check
2190               redundant.
2191
2192            b. Check for CompletionType::Break and Continue
2193               ============================================
2194               If the FinallyContext for this block has registered FinallyJumps, we'll
2195               check the jumpIDs against the savedCompletionTypeRegister.  If the jumpID
2196               matches, jump to the corresponding jumpTarget.
2197
2198               If no jumpIDs match but the FinallyContext's numberOfBreaksOrContinues is
2199               greater than the number of registered FinallyJumps, then this means that
2200               we have a Break or Continue that needs to be handled by an outer finally
2201               block.  In that case, jump to the next outer finally block's normal entry.
2202              
2203            c. Check for CompletionType::Return
2204               ================================
2205               If this finally block is not the outermost and the savedCompletionTypeRegister
2206               is set to CompletionType::Return, then jump to the next outer finally
2207               block's normal entry.
2208
2209               Otherwise, if this finally block is the outermost and the savedCompletionTypeRegister
2210               is set to CompletionType::Return, then execute op_ret and return the value
2211               in the completionValueRegister.
2212
2213            d. CompletionType::Throw
2214               =====================
2215               If savedCompletionTypeRegister is CompletionType::Throw, then just re-throw the
2216               Exception object in the completionValueRegister.
2217
2218            Detail 1: that we check the savedCompletionTypeRegister (and not the
2219            completionTypeRegister).  This is because the finally block may itself contain
2220            a try-finally, and this inner try-finally may have trashed the completionTypeRegister.
2221            Here's an example:
2222
2223                try {
2224                    return "r1"; // Sets completionTypeRegister to CompletionType::Return;
2225                } finally {
2226                    // completionTypeRegister is CompletionType::Return here.
2227
2228                    try {
2229                        ... // do stuff.
2230                    } finally {
2231                        ... // do more stuff.
2232                    }
2233
2234                    // completionTypeRegister may be anything here depending on what
2235                    // was executed in the inner try-finally block above.
2236
2237                    // Hence, finally completion here must be based on a saved copy of the
2238                    // completionTypeRegister when we entered this finally block.
2239                }
2240
2241            Detail 2: the finally completion for CompletionType::Throw must always explicitly
2242            check if the savedCompletionTypeRegister is CompletionType::Throw before throwing.
2243            We cannot imply that it is so from the Throw case being last.  Here's why:
2244
2245                // completionTypeRegister is CompletionType::Normal here.
2246                try {
2247                    return "r1"; // Sets completionTypeRegister to CompletionType::Return;
2248                } finally {
2249                    // completionTypeRegister is CompletionType::Return here.
2250
2251                    try {
2252                        ... // do stuff.  No abrupt completions.
2253                    } finally {
2254                        // completionTypeRegister is CompletionType::Return here (from the outer try-finally).
2255                        // savedCompletionTypeRegister is set to completionTypeRegister (i.e. CompletionType::Return) here.
2256
2257                        ... // do more stuff.  No abrupt completions.
2258
2259                        // Unless there's an abrupt completion since entering the outer
2260                        // finally block, the savedCompletionTypeRegister will remain set
2261                        // to CompletionType::Return.  If we don't explicitly check if the
2262                        // savedCompletionTypeRegister is CompletionType::Throw before
2263                        // throwing here, we'll end up erroneously throwing "r1".
2264                    }
2265
2266                    ...
2267                }
2268
2269         6. restoreScopeRegister()
2270        
2271            Since the needed scope objects are always stored in a local, we can restore
2272            the scope register by simply moving from that local instead of going through
2273            op_get_parent_scope.
2274
2275         7. m_controlFlowScopeStack needs to be a SegmentedVector instead of a Vector.
2276            This makes it easier to keep a pointer to the FinallyContext on that stack,
2277            and not have to worry about the vector being realloc'ed due to resizing. 
2278
2279         Performance appears to be neutral both on ES6SampleBench (run via cli) and the
2280         JSC benchmarks.
2281
2282         Relevant spec references:
2283         https://tc39.github.io/ecma262/#sec-completion-record-specification-type
2284         https://tc39.github.io/ecma262/#sec-try-statement-runtime-semantics-evaluation
2285
2286         * bytecode/HandlerInfo.h:
2287         (JSC::HandlerInfoBase::typeName):
2288         * bytecompiler/BytecodeGenerator.cpp:
2289         (JSC::BytecodeGenerator::generate):
2290         (JSC::BytecodeGenerator::BytecodeGenerator):
2291         (JSC::BytecodeGenerator::emitReturn):
2292         (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
2293         (JSC::BytecodeGenerator::popFinallyControlFlowScope):
2294         (JSC::BytecodeGenerator::allocateAndEmitScope):
2295         (JSC::BytecodeGenerator::pushTry):
2296         (JSC::BytecodeGenerator::popTry):
2297         (JSC::BytecodeGenerator::emitCatch):
2298         (JSC::BytecodeGenerator::restoreScopeRegister):
2299         (JSC::BytecodeGenerator::labelScopeDepthToLexicalScopeIndex):
2300         (JSC::BytecodeGenerator::labelScopeDepth):
2301         (JSC::BytecodeGenerator::pushLocalControlFlowScope):
2302         (JSC::BytecodeGenerator::popLocalControlFlowScope):
2303         (JSC::BytecodeGenerator::emitEnumeration):
2304         (JSC::BytecodeGenerator::emitIsNumber):
2305         (JSC::BytecodeGenerator::emitYield):
2306         (JSC::BytecodeGenerator::emitDelegateYield):
2307         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
2308         (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
2309         (JSC::BytecodeGenerator::emitFinallyCompletion):
2310         (JSC::BytecodeGenerator::allocateCompletionRecordRegisters):
2311         (JSC::BytecodeGenerator::releaseCompletionRecordRegisters):
2312         (JSC::BytecodeGenerator::emitJumpIf):
2313         (JSC::BytecodeGenerator::pushIteratorCloseControlFlowScope): Deleted.
2314         (JSC::BytecodeGenerator::popIteratorCloseControlFlowScope): Deleted.
2315         (JSC::BytecodeGenerator::emitComplexPopScopes): Deleted.
2316         (JSC::BytecodeGenerator::emitPopScopes): Deleted.
2317         (JSC::BytecodeGenerator::popTryAndEmitCatch): Deleted.
2318         * bytecompiler/BytecodeGenerator.h:
2319         (JSC::bytecodeOffsetToJumpID):
2320         (JSC::FinallyJump::FinallyJump):
2321         (JSC::FinallyContext::FinallyContext):
2322         (JSC::FinallyContext::outerContext):
2323         (JSC::FinallyContext::finallyLabel):
2324         (JSC::FinallyContext::depth):
2325         (JSC::FinallyContext::numberOfBreaksOrContinues):
2326         (JSC::FinallyContext::incNumberOfBreaksOrContinues):
2327         (JSC::FinallyContext::handlesReturns):
2328         (JSC::FinallyContext::setHandlesReturns):
2329         (JSC::FinallyContext::registerJump):
2330         (JSC::FinallyContext::numberOfJumps):
2331         (JSC::FinallyContext::jumps):
2332         (JSC::ControlFlowScope::ControlFlowScope):
2333         (JSC::ControlFlowScope::isLabelScope):
2334         (JSC::ControlFlowScope::isFinallyScope):
2335         (JSC::BytecodeGenerator::currentLexicalScopeIndex):
2336         (JSC::BytecodeGenerator::CompletionRecordScope::CompletionRecordScope):
2337         (JSC::BytecodeGenerator::CompletionRecordScope::~CompletionRecordScope):
2338         (JSC::BytecodeGenerator::completionTypeRegister):
2339         (JSC::BytecodeGenerator::completionValueRegister):
2340         (JSC::BytecodeGenerator::emitSetCompletionType):
2341         (JSC::BytecodeGenerator::emitSetCompletionValue):
2342         (JSC::BytecodeGenerator::isInFinallyBlock): Deleted.
2343         * bytecompiler/NodesCodegen.cpp:
2344         (JSC::ContinueNode::emitBytecode):
2345         (JSC::BreakNode::emitBytecode):
2346         (JSC::ReturnNode::emitBytecode):
2347         (JSC::TryNode::emitBytecode):
2348
2349 2016-12-22  Saam Barati  <sbarati@apple.com>
2350
2351         WebAssembly: Make the spec-tests/address.wast.js test pass
2352         https://bugs.webkit.org/show_bug.cgi?id=166429
2353         <rdar://problem/29793220>
2354
2355         Reviewed by Keith Miller.
2356
2357         Right now, provably out of bound loads/stores (given a load/store's constant
2358         offset) are not a validation error. However, we were failing to catch uint32_t
2359         overflows in release builds (we did have a debug assertion). To fix this,
2360         I now detect when uint32_t addition will overflow, and instead of emitting
2361         a normal load/store, I emit code that throws an out of bounds memory exception.
2362
2363         * wasm/WasmB3IRGenerator.cpp:
2364
2365 2016-12-22  Keith Miller  <keith_miller@apple.com>
2366
2367         WebAssembly: The validator should not allow unused stack entries at the end of a block
2368         https://bugs.webkit.org/show_bug.cgi?id=166411
2369
2370         Reviewed by Saam Barati.
2371
2372         This patch also cleans up some of the verbose mode logging.
2373
2374         * wasm/WasmB3IRGenerator.cpp:
2375         (JSC::Wasm::dumpExpressionStack):
2376         (JSC::Wasm::B3IRGenerator::dump):
2377         * wasm/WasmFunctionParser.h:
2378         * wasm/WasmValidate.cpp:
2379         (JSC::Wasm::dumpExpressionStack):
2380         (JSC::Wasm::Validate::dump):
2381
2382 2016-12-22  Saam Barati  <sbarati@apple.com>
2383
2384         WebAssembly: Make the spec-tests/start.wast.js test pass
2385         https://bugs.webkit.org/show_bug.cgi?id=166416
2386         <rdar://problem/29784532>
2387
2388         Reviewed by Yusuke Suzuki.
2389
2390         To make the test run, I had to fix two bugs:
2391         
2392         1. We weren't properly finding the start function. There was code
2393         that would try to find the start function from the list of *exported*
2394         functions. This is wrong; the start function is an index into the
2395         function index space, which is the space for *imports* and *local*
2396         functions. So the code was just wrong in this respect, and I've
2397         fixed it do the right thing. We weren't sure if this was originally
2398         allowed or not in the spec, but it has been decided that it is allowed
2399         and the spec-tests test for it: https://github.com/WebAssembly/design/issues/896
2400         
2401         2. We were emitting a breakpoint for Unreachable. Instead of crashing,
2402         this opcode needs to throw an exception when executing.
2403
2404         * wasm/WasmB3IRGenerator.cpp:
2405         * wasm/WasmExceptionType.h:
2406         * wasm/js/WebAssemblyModuleRecord.cpp:
2407         (JSC::WebAssemblyModuleRecord::link):
2408         (JSC::WebAssemblyModuleRecord::evaluate):
2409         * wasm/js/WebAssemblyModuleRecord.h:
2410
2411 2016-12-21  Keith Miller  <keith_miller@apple.com>
2412
2413         WebAssembly: Fix decode floating point constants in unreachable code
2414         https://bugs.webkit.org/show_bug.cgi?id=166400
2415
2416         Reviewed by Saam Barati.
2417
2418         We decoded these as variable length but they should be fixed length.
2419
2420         * wasm/WasmFunctionParser.h:
2421
2422 2016-12-21  Keith Miller  <keith_miller@apple.com>
2423
2424         WebAssembly: Allow br, br_if, and br_table to act as a return
2425         https://bugs.webkit.org/show_bug.cgi?id=166393
2426
2427         Reviewed by Saam Barati.
2428
2429         This patch allows br, br_if, and br_table to treat branching to
2430         the size of the control stack to act as a return. This change was
2431         made by adding a new block type to the wasm function parser,
2432         TopLevel. Adding this new block eliminates a lot of the special
2433         case code we had in the parser previously. The only special case
2434         we need is when the end opcode is parsed from the top level.  The
2435         B3 IR generator needs to automatically emit a return at that
2436         point.
2437
2438         Also, this patch adds the function number to validation errors
2439         in the function parser. The current error message is not helpful
2440         otherwise.
2441
2442         * wasm/WasmB3IRGenerator.cpp:
2443         (JSC::Wasm::B3IRGenerator::ControlData::dump):
2444         (JSC::Wasm::B3IRGenerator::addTopLevel):
2445         * wasm/WasmFunctionParser.h:
2446         * wasm/WasmPlan.cpp:
2447         (JSC::Wasm::Plan::parseAndValidateModule):
2448         (JSC::Wasm::Plan::run):
2449         * wasm/WasmValidate.cpp:
2450         (JSC::Wasm::Validate::ControlData::dump):
2451         (JSC::Wasm::Validate::Validate):
2452         (JSC::Wasm::Validate::addTopLevel):
2453         (JSC::Wasm::validateFunction):
2454
2455 2016-12-21  JF Bastien  <jfbastien@apple.com>
2456
2457         WebAssembly JS API: cleanup & pass VM around to {Compile/Runtime}Error
2458         https://bugs.webkit.org/show_bug.cgi?id=166295
2459         <rdar://problem/29762017>
2460
2461         Reviewed by Mark Lam.
2462
2463         Rename the create* functions, and pass VM around, as suggested for
2464         LinkError in #165805.
2465
2466         At the same time, use the default source appender when
2467         constructing these error types, which gives a nice map back to the
2468         original source as part of the error message. This is clearer when
2469         using the current frame, so add that as well.
2470
2471         * jit/ThunkGenerators.cpp:
2472         (JSC::throwExceptionFromWasmThunkGenerator):
2473         * wasm/js/JSWebAssemblyCompileError.cpp:
2474         (JSC::JSWebAssemblyCompileError::create):
2475         (JSC::createJSWebAssemblyCompileError):
2476         (JSC::createWebAssemblyCompileError): Deleted.
2477         * wasm/js/JSWebAssemblyCompileError.h:
2478         (JSC::JSWebAssemblyCompileError::create):
2479         * wasm/js/JSWebAssemblyRuntimeError.cpp:
2480         (JSC::JSWebAssemblyRuntimeError::create):
2481         * wasm/js/JSWebAssemblyRuntimeError.h:
2482         (JSC::JSWebAssemblyRuntimeError::create):
2483         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
2484         (JSC::constructJSWebAssemblyCompileError):
2485         * wasm/js/WebAssemblyModuleConstructor.cpp:
2486         (JSC::WebAssemblyModuleConstructor::createModule):
2487         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
2488         (JSC::constructJSWebAssemblyRuntimeError):
2489
2490 2016-12-21  Yusuke Suzuki  <utatane.tea@gmail.com>
2491
2492         [ES6] Fix modules document in features.json
2493         https://bugs.webkit.org/show_bug.cgi?id=166313
2494
2495         Reviewed by Saam Barati.
2496
2497         * features.json:
2498
2499 2016-12-20  Taras Tsugrii  <ttsugrii@fb.com>
2500
2501         Fix undefined behavior caused by macro expansion producing 'defined'
2502         https://bugs.webkit.org/show_bug.cgi?id=166047
2503
2504         Reviewed by Darin Adler.
2505
2506         * API/JSBase.h:
2507
2508 2016-12-20  Keith Miller  <keith_miller@apple.com>
2509
2510         Add support for global
2511         https://bugs.webkit.org/show_bug.cgi?id=165171
2512
2513         Reviewed by Filip Pizlo.
2514
2515         This patch adds spport for the global property on the global object.
2516         The global property spec is in stage three and is quite simple.
2517         For reference: http://tc39.github.io/proposal-global/
2518
2519         * runtime/JSGlobalObject.cpp:
2520
2521 2016-12-20  Saam Barati  <sbarati@apple.com>
2522
2523         WebAssembly: We should compile wasm functions in parallel
2524         https://bugs.webkit.org/show_bug.cgi?id=165993
2525
2526         Reviewed by Keith Miller.
2527
2528         This patch adds a very simple parallel compiler for Wasm code.
2529         This patch speeds up compiling the Unity headless benchmark by
2530         slightly more than 4x on my MBP. To make this safe, I perform
2531         all linking on the main thread. I also had to change some code
2532         inside Wasmb3IRGenerator to be thread safe.
2533
2534         * b3/air/AirCustom.h:
2535         (JSC::B3::Air::WasmBoundsCheckCustom::generate):
2536         * b3/air/AirGenerationContext.h:
2537         * wasm/WasmB3IRGenerator.cpp:
2538         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2539         (JSC::Wasm::B3IRGenerator::emitExceptionCheck):
2540         (JSC::Wasm::createJSToWasmWrapper):
2541         (JSC::Wasm::parseAndCompile):
2542         * wasm/WasmB3IRGenerator.h:
2543         * wasm/WasmCallingConvention.h:
2544         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
2545         * wasm/WasmPlan.cpp:
2546         (JSC::Wasm::Plan::parseAndValidateModule):
2547         (JSC::Wasm::Plan::run):
2548         * wasm/WasmPlan.h:
2549
2550 2016-12-20  Brent Fulgham  <bfulgham@apple.com>
2551
2552         Address some style problems found by static analysis
2553         https://bugs.webkit.org/show_bug.cgi?id=165975
2554
2555         Reviewed by Alex Christensen.
2556
2557         Correct the const-correctness of functions that are implemented using stricter
2558         const declarations.
2559
2560         * inspector/agents/InspectorDebuggerAgent.h:
2561         * inspector/agents/InspectorHeapAgent.cpp:
2562         * inspector/agents/InspectorHeapAgent.h:
2563         * inspector/agents/InspectorRuntimeAgent.h:
2564         * inspector/agents/InspectorScriptProfilerAgent.cpp:
2565         * inspector/agents/InspectorScriptProfilerAgent.h:
2566         * inspector/scripts/codegen/cpp_generator.py:
2567         (cpp_type_for_unchecked_formal_in_parameter): Update to match const declarations of
2568         implementation files.
2569         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2570         Rebaselined results for "const Ptr* const" syntax.
2571
2572 2016-12-20  JF Bastien  <jfbastien@apple.com>
2573
2574         WebAssembly: construct 32-bit encodedJSValue properly
2575         https://bugs.webkit.org/show_bug.cgi?id=166199
2576
2577         Reviewed by Mark Lam.
2578
2579         Constructing an encodedJSValue using `{ }` yields the wrong value
2580         on 32-bit platforms. WebAssembly doesn't currently target 32-bit
2581         platforms, but we may as well get it right.
2582
2583         * wasm/JSWebAssembly.cpp:
2584         (JSC::webAssemblyCompileFunc):
2585         (JSC::webAssemblyValidateFunc):
2586         * wasm/js/JSWebAssemblyHelpers.h:
2587         (JSC::toNonWrappingUint32):
2588         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
2589         (JSC::constructJSWebAssemblyCompileError):
2590         * wasm/js/WebAssemblyFunction.cpp:
2591         (JSC::callWebAssemblyFunction):
2592         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2593         (JSC::constructJSWebAssemblyInstance):
2594         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2595         (JSC::constructJSWebAssemblyMemory):
2596         * wasm/js/WebAssemblyModuleConstructor.cpp:
2597         (JSC::constructJSWebAssemblyModule):
2598         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
2599         (JSC::constructJSWebAssemblyRuntimeError):
2600         * wasm/js/WebAssemblyTableConstructor.cpp:
2601         (JSC::constructJSWebAssemblyTable):
2602         * wasm/js/WebAssemblyTablePrototype.cpp:
2603         (JSC::webAssemblyTableProtoFuncLength):
2604         (JSC::webAssemblyTableProtoFuncGrow):
2605         (JSC::webAssemblyTableProtoFuncGet):
2606         (JSC::webAssemblyTableProtoFuncSet):
2607
2608 2016-12-20  Dean Jackson  <dino@apple.com>
2609
2610         Remove INDIE_UI
2611         https://bugs.webkit.org/show_bug.cgi?id=165881
2612         <rdar://problem/29672532>
2613
2614         Reviewed by Simon Fraser.
2615
2616         The Indie UI work has been discontinued.
2617
2618         * Configurations/FeatureDefines.xcconfig:
2619
2620 2016-12-20  JF Bastien  <jfbastien@apple.com>
2621
2622         WebAssembly API: implement WebAssembly.LinkError
2623         https://bugs.webkit.org/show_bug.cgi?id=165805
2624         <rdar://problem/29747874>
2625
2626         Reviewed by Mark Lam.
2627
2628         As described here: https://github.com/WebAssembly/design/pull/901
2629         Some TypeError and RangeError are now converted to WebAssembly.LinkError.
2630
2631         * CMakeLists.txt: add files
2632         * DerivedSources.make: add autoget .lut.h files
2633         * JavaScriptCore.xcodeproj/project.pbxproj: add files
2634         * builtins/BuiltinNames.h: new name LinkError
2635         * runtime/JSGlobalObject.h: auto-register LinkError using existing macro magic
2636         * wasm/JSWebAssembly.h: make the new includes available
2637         * wasm/js/JSWebAssemblyLinkError.cpp: Copied from Source/JavaScriptCore/wasm/JSWebAssemblyCompileError.cpp.
2638         (JSC::JSWebAssemblyLinkError::create):
2639         (JSC::JSWebAssemblyLinkError::JSWebAssemblyLinkError):
2640         (JSC::createWebAssemblyLinkError):
2641         * wasm/js/JSWebAssemblyLinkError.h: Copied from Source/JavaScriptCore/wasm/JSWebAssemblyCompileError.h.
2642         (JSC::JSWebAssemblyLinkError::create):
2643         * wasm/js/WebAssemblyInstanceConstructor.cpp: update as per spec change
2644         (JSC::constructJSWebAssemblyInstance):
2645         * wasm/js/WebAssemblyLinkErrorConstructor.cpp: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorConstructor.cpp.
2646         (JSC::constructJSWebAssemblyLinkError):
2647         (JSC::callJSWebAssemblyLinkError):
2648         (JSC::WebAssemblyLinkErrorConstructor::create):
2649         (JSC::WebAssemblyLinkErrorConstructor::createStructure):
2650         (JSC::WebAssemblyLinkErrorConstructor::finishCreation):
2651         (JSC::WebAssemblyLinkErrorConstructor::WebAssemblyLinkErrorConstructor):
2652         (JSC::WebAssemblyLinkErrorConstructor::getConstructData):
2653         (JSC::WebAssemblyLinkErrorConstructor::getCallData):
2654         * wasm/js/WebAssemblyLinkErrorConstructor.h: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorConstructor.h.
2655         * wasm/js/WebAssemblyLinkErrorPrototype.cpp: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorPrototypr.cpp.
2656         (JSC::WebAssemblyLinkErrorPrototype::create):
2657         (JSC::WebAssemblyLinkErrorPrototype::createStructure):
2658         (JSC::WebAssemblyLinkErrorPrototype::finishCreation):
2659         (JSC::WebAssemblyLinkErrorPrototype::WebAssemblyLinkErrorPrototype):
2660         * wasm/js/WebAssemblyLinkErrorPrototype.h: Copied from Source/JavaScriptCore/wasm/WebAssemblyCompileErrorPrototypr.h.
2661         * wasm/js/WebAssemblyModuleRecord.cpp: update as per spec change
2662         (JSC::dataSegmentFail):
2663         (JSC::WebAssemblyModuleRecord::evaluate):
2664
2665 2016-12-20  JF Bastien  <jfbastien@apple.com>
2666
2667         WebAssembly: unique function signatures
2668         https://bugs.webkit.org/show_bug.cgi?id=165957
2669         <rdar://problem/29735737>
2670
2671         Reviewed by Saam Barati.
2672
2673         Signatures in a Module's Type section can be duplicated, we
2674         therefore need to unique them so that call_indirect only needs to
2675         do a single integer compare to check that a callee's Signature is
2676         the same as the Signature declared at the call site. Without
2677         uniquing we'd either trap when duplicate Signatures are used, or
2678         we'd need to do multiple comparisons. This patch makes that narrow
2679         usecase function correctly.
2680
2681         There's further complication when calling from wasm to
2682         wasm, in which case the Signatures must also match. Such
2683         cross-instance calls will be improved in bug #165282, but this
2684         patch sets the groundwork for it:
2685
2686         - Signatures are now owned by SignatureInformation which lives on
2687           VM, and is shared by all Modules.
2688         - When parsing a Module, a Signature is created for every Type
2689           entry, and then uniqued by SignatureInformation's adopt
2690           method. Duplicate Signatures are dropped and the previous
2691           SignatureIndex is returned, new Signatures are adopted and a new
2692           SignatureIndex is created.
2693         - The SignatureIndex values are monotonic. 0 is used to represent
2694           invalid indices, which trap. This can only occur through Table.
2695         - SignatureInformation is used while generating code to map a
2696           SignatureIndex back to the Signature* when return / argument
2697           information is needed. This is a simple lookup into a Vector. It
2698           isn't used at runtime.
2699         - These Signatures live forever on VM because the bookkeeping
2700           likely isn't worth it. We may want to empty things out if all
2701           Modules die, this is tracked in bug #166037.
2702         - We can further improve things by bit-packing SignatureIndex with
2703           Code*, which is tracked by bug #165511.
2704
2705         * CMakeLists.txt:
2706         * JavaScriptCore.xcodeproj/project.pbxproj:
2707         * runtime/VM.h: wasm signatures are uniqued here, but aren't accessed frequently (only during parsing) so indirection is fine
2708         * wasm/WasmB3IRGenerator.cpp: use SignatureIndex instead of Signature* when appropriate, and when still using Signature* do so with its new API
2709         (JSC::Wasm::createJSToWasmWrapper):
2710         (JSC::Wasm::parseAndCompile):
2711         * wasm/WasmBinding.cpp:
2712         (JSC::Wasm::importStubGenerator): use SignatureIndex
2713         * wasm/WasmBinding.h:
2714         * wasm/WasmCallingConvention.h:
2715         (JSC::Wasm::CallingConvention::loadArguments):
2716         * wasm/WasmFormat.cpp: drive-by move of alloc/free functions to the implementation file, allows the .h file to drop an FastMalloc.h
2717         (JSC::Wasm::Segment::create):
2718         (JSC::Wasm::Segment::destroy):
2719         (JSC::Wasm::Segment::createPtr):
2720         * wasm/WasmFormat.h: move Signature to its own file
2721         (JSC::Wasm::CallableFunction::CallableFunction):
2722         * wasm/WasmFunctionParser.h:
2723         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
2724         * wasm/WasmModuleParser.cpp:
2725         * wasm/WasmModuleParser.h:
2726         (JSC::Wasm::ModuleParser::ModuleParser):
2727         * wasm/WasmParser.h:
2728         (JSC::Wasm::Parser<SuccessType>::Parser):
2729         * wasm/WasmPlan.cpp:
2730         (JSC::Wasm::Plan::parseAndValidateModule):
2731         (JSC::Wasm::Plan::run):
2732         * wasm/WasmSignature.cpp: Added.
2733         (JSC::Wasm::Signature::dump):
2734         (JSC::Wasm::Signature::hash):
2735         (JSC::Wasm::Signature::create):
2736         (JSC::Wasm::Signature::createInvalid):
2737         (JSC::Wasm::Signature::destroy):
2738         (JSC::Wasm::SignatureInformation::~SignatureInformation):
2739         (JSC::Wasm::SignatureInformation::adopt):
2740         (JSC::Wasm::SignatureInformation::get):
2741         * wasm/WasmSignature.h: Added.
2742         (JSC::Wasm::Signature::Signature):
2743         (JSC::Wasm::Signature::storage):
2744         (JSC::Wasm::Signature::allocatedSize):
2745         (JSC::Wasm::Signature::returnType):
2746         (JSC::Wasm::Signature::returnCount):
2747         (JSC::Wasm::Signature::argumentCount):
2748         (JSC::Wasm::Signature::argument):
2749         (JSC::Wasm::Signature::operator==):
2750         (JSC::Wasm::SignatureHash::empty):
2751         (JSC::Wasm::SignatureHash::deleted):
2752         (JSC::Wasm::SignatureHash::SignatureHash):
2753         (JSC::Wasm::SignatureHash::operator==):
2754         (JSC::Wasm::SignatureHash::equal):
2755         (JSC::Wasm::SignatureHash::hash):
2756         (JSC::Wasm::SignatureHash::isHashTableDeletedValue):
2757         * wasm/WasmValidate.cpp:
2758         (JSC::Wasm::validateFunction):
2759         * wasm/WasmValidate.h:
2760         * wasm/js/JSWebAssemblyInstance.cpp:
2761         (JSC::JSWebAssemblyInstance::create):
2762         * wasm/js/JSWebAssemblyModule.h:
2763         (JSC::JSWebAssemblyModule::signatureForFunctionIndexSpace):
2764         * wasm/js/JSWebAssemblyTable.cpp:
2765         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
2766         (JSC::JSWebAssemblyTable::clearFunction):
2767         (JSC::JSWebAssemblyTable::setFunction):
2768         * wasm/js/WebAssemblyFunction.cpp:
2769         (JSC::callWebAssemblyFunction):
2770         (JSC::WebAssemblyFunction::call):
2771         (JSC::WebAssemblyFunction::create):
2772         (JSC::WebAssemblyFunction::WebAssemblyFunction):
2773         (JSC::WebAssemblyFunction::finishCreation):
2774         * wasm/js/WebAssemblyFunction.h:
2775         (JSC::WebAssemblyFunction::signatureIndex):
2776         * wasm/js/WebAssemblyModuleRecord.cpp:
2777         (JSC::WebAssemblyModuleRecord::link):
2778         (JSC::WebAssemblyModuleRecord::evaluate):
2779
2780 2016-12-20  Konstantin Tokarev  <annulen@yandex.ru>
2781
2782         Modernize for loops in JSC
2783         https://bugs.webkit.org/show_bug.cgi?id=166060
2784
2785         Reviewed by Yusuke Suzuki.
2786
2787         * API/JSCallbackObject.h:
2788         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
2789         * bytecode/CodeBlock.cpp:
2790         (JSC::CodeBlock::dumpBytecode):
2791         (JSC::CodeBlock::propagateTransitions):
2792         (JSC::CodeBlock::stronglyVisitStrongReferences):
2793         (JSC::CodeBlock::stronglyVisitWeakReferences):
2794         (JSC::CodeBlock::jettison):
2795         (JSC::CodeBlock::getArrayProfile):
2796         (JSC::CodeBlock::tallyFrequentExitSites):
2797         (JSC::CodeBlock::nameForRegister):
2798         * bytecompiler/BytecodeGenerator.cpp:
2799         (JSC::BytecodeGenerator::generate):
2800         (JSC::BytecodeGenerator::BytecodeGenerator):
2801         * bytecompiler/NodesCodegen.cpp:
2802         (JSC::ObjectPatternNode::bindValue):
2803         * debugger/Debugger.cpp:
2804         (JSC::Debugger::applyBreakpoints):
2805         * dfg/DFGCPSRethreadingPhase.cpp:
2806         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
2807         * dfg/DFGClobberSet.cpp:
2808         (JSC::DFG::ClobberSet::setOf):
2809         * dfg/DFGDesiredIdentifiers.cpp:
2810         (JSC::DFG::DesiredIdentifiers::reallyAdd):
2811         * dfg/DFGGraph.cpp:
2812         (JSC::DFG::Graph::visitChildren):
2813         * dfg/DFGIntegerCheckCombiningPhase.cpp:
2814         (JSC::DFG::IntegerCheckCombiningPhase::handleBlock):
2815         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2816         * dfg/DFGJITCompiler.cpp:
2817         (JSC::DFG::JITCompiler::link):
2818         * dfg/DFGLICMPhase.cpp:
2819         (JSC::DFG::LICMPhase::run):
2820         * dfg/DFGMaximalFlushInsertionPhase.cpp:
2821         (JSC::DFG::MaximalFlushInsertionPhase::treatRootBlock):
2822         * dfg/DFGPutStackSinkingPhase.cpp:
2823         * dfg/DFGSpeculativeJIT.cpp:
2824         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2825         (JSC::DFG::SpeculativeJIT::linkBranches):
2826         * dfg/DFGStructureRegistrationPhase.cpp:
2827         (JSC::DFG::StructureRegistrationPhase::run):
2828         * dfg/DFGTypeCheckHoistingPhase.cpp:
2829         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
2830         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
2831         * dfg/DFGValidate.cpp:
2832         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2833         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2834         * heap/HeapVerifier.cpp:
2835         (JSC::trimDeadObjectsFromList):
2836         (JSC::HeapVerifier::trimDeadObjects):
2837         * heap/LiveObjectList.cpp:
2838         (JSC::LiveObjectList::findObject):
2839         * heap/MarkedAllocator.cpp:
2840         (JSC::MarkedAllocator::isPagedOut):
2841         * inspector/ScriptCallStack.cpp:
2842         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
2843         * jit/JIT.cpp:
2844         (JSC::JIT::link):
2845         * parser/VariableEnvironment.cpp:
2846         (JSC::VariableEnvironment::markAllVariablesAsCaptured):
2847         (JSC::VariableEnvironment::hasCapturedVariables):
2848         * runtime/FunctionHasExecutedCache.cpp:
2849         (JSC::FunctionHasExecutedCache::hasExecutedAtOffset):
2850         (JSC::FunctionHasExecutedCache::getFunctionRanges):
2851         * runtime/JSPropertyNameEnumerator.cpp:
2852         (JSC::JSPropertyNameEnumerator::visitChildren):
2853         * runtime/TypeProfiler.cpp:
2854         (JSC::TypeProfiler::findLocation):
2855         * runtime/TypeSet.cpp:
2856         (JSC::TypeSet::addTypeInformation):
2857         (JSC::TypeSet::dumpTypes):
2858         * runtime/VM.cpp:
2859         (JSC::VM::gatherConservativeRoots):
2860         * runtime/WeakMapData.cpp:
2861         (JSC::WeakMapData::DeadKeyCleaner::visitWeakReferences):
2862         (JSC::WeakMapData::DeadKeyCleaner::finalizeUnconditionally):
2863         * tools/ProfileTreeNode.h:
2864         (JSC::ProfileTreeNode::dumpInternal):
2865         * yarr/YarrInterpreter.cpp:
2866         (JSC::Yarr::ByteCompiler::emitDisjunction):
2867
2868 2016-12-20  Konstantin Tokarev  <annulen@yandex.ru>
2869
2870         __cpuid() requires <intrin.h> to be included
2871         https://bugs.webkit.org/show_bug.cgi?id=166051
2872
2873         Reviewed by Yusuke Suzuki.
2874
2875         * assembler/MacroAssemblerX86Common.h:
2876
2877 2016-12-19  Yusuke Suzuki  <utatane.tea@gmail.com>
2878
2879         [ES6] Enable ES6 Modules
2880         https://bugs.webkit.org/show_bug.cgi?id=165849
2881
2882         Reviewed by Geoffrey Garen.
2883
2884         * features.json:
2885
2886 2016-12-19  Mark Lam  <mark.lam@apple.com>
2887
2888         Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 2: Rollout r209952.
2889         https://bugs.webkit.org/show_bug.cgi?id=166049
2890
2891         Not reviewed.
2892
2893         * bytecode/HandlerInfo.h:
2894         (JSC::HandlerInfoBase::typeName):
2895         * bytecompiler/BytecodeGenerator.cpp:
2896         (JSC::BytecodeGenerator::generate):
2897         (JSC::BytecodeGenerator::BytecodeGenerator):
2898         (JSC::BytecodeGenerator::emitReturn):
2899         (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
2900         (JSC::BytecodeGenerator::pushIteratorCloseControlFlowScope):
2901         (JSC::BytecodeGenerator::popFinallyControlFlowScope):
2902         (JSC::BytecodeGenerator::popIteratorCloseControlFlowScope):
2903         (JSC::BytecodeGenerator::emitComplexPopScopes):
2904         (JSC::BytecodeGenerator::emitPopScopes):
2905         (JSC::BytecodeGenerator::pushTry):
2906         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2907         (JSC::BytecodeGenerator::labelScopeDepth):
2908         (JSC::BytecodeGenerator::pushLocalControlFlowScope):
2909         (JSC::BytecodeGenerator::popLocalControlFlowScope):
2910         (JSC::BytecodeGenerator::emitEnumeration):
2911         (JSC::BytecodeGenerator::emitYield):
2912         (JSC::BytecodeGenerator::emitDelegateYield):
2913         (JSC::BytecodeGenerator::popTry): Deleted.
2914         (JSC::BytecodeGenerator::emitCatch): Deleted.
2915         (JSC::BytecodeGenerator::restoreScopeRegister): Deleted.
2916         (JSC::BytecodeGenerator::labelScopeDepthToLexicalScopeIndex): Deleted.
2917         (JSC::BytecodeGenerator::emitIsNumber): Deleted.
2918         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded): Deleted.
2919         (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded): Deleted.
2920         (JSC::BytecodeGenerator::emitFinallyCompletion): Deleted.
2921         (JSC::BytecodeGenerator::allocateFinallyRegisters): Deleted.
2922         (JSC::BytecodeGenerator::releaseFinallyRegisters): Deleted.
2923         (JSC::BytecodeGenerator::emitCompareFinallyActionAndJumpIf): Deleted.
2924         * bytecompiler/BytecodeGenerator.h:
2925         (JSC::BytecodeGenerator::isInFinallyBlock):
2926         (JSC::FinallyJump::FinallyJump): Deleted.
2927         (JSC::FinallyContext::FinallyContext): Deleted.
2928         (JSC::FinallyContext::outerContext): Deleted.
2929         (JSC::FinallyContext::finallyLabel): Deleted.
2930         (JSC::FinallyContext::depth): Deleted.
2931         (JSC::FinallyContext::numberOfBreaksOrContinues): Deleted.
2932         (JSC::FinallyContext::incNumberOfBreaksOrContinues): Deleted.
2933         (JSC::FinallyContext::handlesReturns): Deleted.
2934         (JSC::FinallyContext::setHandlesReturns): Deleted.
2935         (JSC::FinallyContext::registerJump): Deleted.
2936         (JSC::FinallyContext::numberOfJumps): Deleted.
2937         (JSC::FinallyContext::jumps): Deleted.
2938         (JSC::ControlFlowScope::ControlFlowScope): Deleted.
2939         (JSC::ControlFlowScope::isLabelScope): Deleted.
2940         (JSC::ControlFlowScope::isFinallyScope): Deleted.
2941         (JSC::BytecodeGenerator::currentLexicalScopeIndex): Deleted.
2942         (JSC::BytecodeGenerator::FinallyRegistersScope::FinallyRegistersScope): Deleted.
2943         (JSC::BytecodeGenerator::FinallyRegistersScope::~FinallyRegistersScope): Deleted.
2944         (JSC::BytecodeGenerator::finallyActionRegister): Deleted.
2945         (JSC::BytecodeGenerator::finallyReturnValueRegister): Deleted.
2946         (JSC::BytecodeGenerator::emitSetFinallyActionToNormalCompletion): Deleted.
2947         (JSC::BytecodeGenerator::emitSetFinallyActionToReturnCompletion): Deleted.
2948         (JSC::BytecodeGenerator::emitSetFinallyActionToJumpID): Deleted.
2949         (JSC::BytecodeGenerator::emitSetFinallyReturnValueRegister): Deleted.
2950         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNormalCompletion): Deleted.
2951         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotJump): Deleted.
2952         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsReturnCompletion): Deleted.
2953         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotReturnCompletion): Deleted.
2954         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotThrowCompletion): Deleted.
2955         (JSC::BytecodeGenerator::emitJumpIfCompletionTypeIsThrow): Deleted.
2956         (JSC::BytecodeGenerator::bytecodeOffsetToJumpID): Deleted.
2957         * bytecompiler/NodesCodegen.cpp:
2958         (JSC::ContinueNode::emitBytecode):
2959         (JSC::BreakNode::emitBytecode):
2960         (JSC::ReturnNode::emitBytecode):
2961         (JSC::TryNode::emitBytecode):
2962
2963 2016-12-19  Mark Lam  <mark.lam@apple.com>
2964
2965         Rolling out r209974 and r209952. They break some websites in mysterious ways. Step 1: Rollout r209974.
2966         https://bugs.webkit.org/show_bug.cgi?id=166049
2967
2968         Not reviewed.
2969
2970         * bytecompiler/BytecodeGenerator.cpp:
2971         (JSC::BytecodeGenerator::emitEnumeration):
2972         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
2973         (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
2974         (JSC::BytecodeGenerator::emitFinallyCompletion):
2975         (JSC::BytecodeGenerator::allocateFinallyRegisters):
2976         (JSC::BytecodeGenerator::releaseFinallyRegisters):
2977         (JSC::BytecodeGenerator::emitCompareFinallyActionAndJumpIf):
2978         (JSC::BytecodeGenerator::allocateCompletionRecordRegisters): Deleted.
2979         (JSC::BytecodeGenerator::releaseCompletionRecordRegisters): Deleted.
2980         (JSC::BytecodeGenerator::emitJumpIfCompletionType): Deleted.
2981         * bytecompiler/BytecodeGenerator.h:
2982         (JSC::FinallyJump::FinallyJump):
2983         (JSC::FinallyContext::registerJump):
2984         (JSC::BytecodeGenerator::FinallyRegistersScope::FinallyRegistersScope):
2985         (JSC::BytecodeGenerator::FinallyRegistersScope::~FinallyRegistersScope):
2986         (JSC::BytecodeGenerator::finallyActionRegister):
2987         (JSC::BytecodeGenerator::finallyReturnValueRegister):
2988         (JSC::BytecodeGenerator::emitSetFinallyActionToNormalCompletion):
2989         (JSC::BytecodeGenerator::emitSetFinallyActionToReturnCompletion):
2990         (JSC::BytecodeGenerator::emitSetFinallyActionToJumpID):
2991         (JSC::BytecodeGenerator::emitSetFinallyReturnValueRegister):
2992         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNormalCompletion):
2993         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotJump):
2994         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsReturnCompletion):
2995         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotReturnCompletion):
2996         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotThrowCompletion):
2997         (JSC::BytecodeGenerator::emitJumpIfCompletionTypeIsThrow):
2998         (JSC::BytecodeGenerator::bytecodeOffsetToJumpID):
2999         (JSC::bytecodeOffsetToJumpID): Deleted.
3000         (JSC::BytecodeGenerator::CompletionRecordScope::CompletionRecordScope): Deleted.
3001         (JSC::BytecodeGenerator::CompletionRecordScope::~CompletionRecordScope): Deleted.
3002         (JSC::BytecodeGenerator::completionTypeRegister): Deleted.
3003         (JSC::BytecodeGenerator::completionValueRegister): Deleted.
3004         (JSC::BytecodeGenerator::emitSetCompletionType): Deleted.
3005         (JSC::BytecodeGenerator::emitSetCompletionValue): Deleted.
3006         * bytecompiler/NodesCodegen.cpp:
3007         (JSC::TryNode::emitBytecode):
3008
3009 2016-12-19  Joseph Pecoraro  <pecoraro@apple.com>
3010
3011         Web Inspector: Assertion seen in InspectorDebuggerAgent::refAsyncCallData with Inspector open
3012         https://bugs.webkit.org/show_bug.cgi?id=166034
3013         <rdar://problem/29554366>
3014
3015         Reviewed by Brian Burg.
3016
3017         * inspector/agents/InspectorDebuggerAgent.cpp:
3018         (Inspector::InspectorDebuggerAgent::refAsyncCallData):
3019         Remove assertion. This assert can happen if the currently executing callback
3020         was just explicitly cancelled by script. Existing code already handles if
3021         no async data was found for the given identifier.
3022
3023 2016-12-18  Saam Barati  <sbarati@apple.com>
3024
3025         WebAssembly: Implement the WebAssembly.compile and WebAssembly.validate
3026         https://bugs.webkit.org/show_bug.cgi?id=165936
3027
3028         Reviewed by Mark Lam.
3029
3030         The APIs are documented here:
3031         - https://github.com/WebAssembly/design/blob/master/JS.md#webassemblycompile
3032         - https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyvalidate
3033
3034         * wasm/JSWebAssembly.cpp:
3035         (JSC::webAssemblyCompileFunc):
3036         (JSC::webAssemblyValidateFunc):
3037         (JSC::JSWebAssembly::finishCreation):
3038         * wasm/WasmPlan.cpp:
3039         (JSC::Wasm::Plan::parseAndValidateModule):
3040         (JSC::Wasm::Plan::run):
3041         * wasm/WasmPlan.h:
3042         * wasm/js/JSWebAssemblyHelpers.h:
3043         (JSC::getWasmBufferFromValue):
3044         * wasm/js/WebAssemblyModuleConstructor.cpp:
3045         (JSC::constructJSWebAssemblyModule):
3046         (JSC::callJSWebAssemblyModule):
3047         (JSC::WebAssemblyModuleConstructor::createModule):
3048         * wasm/js/WebAssemblyModuleConstructor.h:
3049
3050 2016-12-18  Mark Lam  <mark.lam@apple.com>
3051
3052         Rename finallyActionRegister to completionTypeRegister and only store int JSValues in it.
3053         https://bugs.webkit.org/show_bug.cgi?id=165979
3054
3055         Reviewed by Saam Barati.
3056
3057         This patch makes it so that we only store int JSValues in the finallyActionRegister
3058         thereby making type prediction on this register more successful for JITs.  In so
3059         doing, we are able to get some additional benefits:
3060
3061         1. Renamed the following:
3062            FinallyRegistersScope => CompletionRecordScope
3063            finallyActionRegister => completionTypeRegister
3064            finallyReturnValueRegister => completionValueRegister
3065
3066            These new names are more in line with the ES spec, which describes these
3067            values as the completion record and its type and value properties.
3068            https://tc39.github.io/ecma262/#sec-completion-record-specification-type
3069
3070         2. We now think of the Break and Continue jumpIDs as encodings of CompletionType
3071            (in our implementation of completion type).  As a result, we only need one of
3072            each of the emitter methods for getting, setting, and compare-and-jump on the
3073            completion type.  The code using these methods also reads much clearer now.  
3074
3075         3. Finally blocks' op_catch should now always pop the caught Exception object into
3076            the completionValueRegister instead of the completionTypeRegister (formerly
3077            finallyActionRegister). 
3078
3079         Also removed the restoreScopeRegister() call in the IteratorClose catch block
3080         because that is an implementation specific synthesized catch block, and we
3081         can guarantee that it never needs to resolve any symbols from the scope.  Hence,
3082         there is no need to restore the scope register.
3083
3084         * bytecompiler/BytecodeGenerator.cpp:
3085         (JSC::BytecodeGenerator::emitEnumeration):
3086         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
3087         (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
3088         (JSC::BytecodeGenerator::emitFinallyCompletion):
3089         (JSC::BytecodeGenerator::allocateCompletionRecordRegisters):
3090         (JSC::BytecodeGenerator::releaseCompletionRecordRegisters):
3091         (JSC::BytecodeGenerator::emitJumpIfCompletionType):
3092         (JSC::BytecodeGenerator::allocateFinallyRegisters): Deleted.
3093         (JSC::BytecodeGenerator::releaseFinallyRegisters): Deleted.
3094         (JSC::BytecodeGenerator::emitCompareFinallyActionAndJumpIf): Deleted.
3095         * bytecompiler/BytecodeGenerator.h:
3096         (JSC::bytecodeOffsetToJumpID):
3097         (JSC::FinallyJump::FinallyJump):
3098         (JSC::FinallyContext::registerJump):
3099         (JSC::BytecodeGenerator::CompletionRecordScope::CompletionRecordScope):
3100         (JSC::BytecodeGenerator::CompletionRecordScope::~CompletionRecordScope):
3101         (JSC::BytecodeGenerator::completionTypeRegister):
3102         (JSC::BytecodeGenerator::completionValueRegister):
3103         (JSC::BytecodeGenerator::emitSetCompletionType):
3104         (JSC::BytecodeGenerator::emitSetCompletionValue):
3105         (JSC::BytecodeGenerator::FinallyRegistersScope::FinallyRegistersScope): Deleted.
3106         (JSC::BytecodeGenerator::FinallyRegistersScope::~FinallyRegistersScope): Deleted.
3107         (JSC::BytecodeGenerator::finallyActionRegister): Deleted.
3108         (JSC::BytecodeGenerator::finallyReturnValueRegister): Deleted.
3109         (JSC::BytecodeGenerator::emitSetFinallyActionToNormalCompletion): Deleted.
3110         (JSC::BytecodeGenerator::emitSetFinallyActionToReturnCompletion): Deleted.
3111         (JSC::BytecodeGenerator::emitSetFinallyActionToJumpID): Deleted.
3112         (JSC::BytecodeGenerator::emitSetFinallyReturnValueRegister): Deleted.
3113         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNormalCompletion): Deleted.
3114         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotJump): Deleted.
3115         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsReturnCompletion): Deleted.
3116         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotReturnCompletion): Deleted.
3117         (JSC::BytecodeGenerator::emitJumpIfFinallyActionIsNotThrowCompletion): Deleted.
3118         (JSC::BytecodeGenerator::emitJumpIfCompletionTypeIsThrow): Deleted.
3119         (JSC::BytecodeGenerator::bytecodeOffsetToJumpID): Deleted.
3120         * bytecompiler/NodesCodegen.cpp:
3121         (JSC::TryNode::emitBytecode):
3122
3123 2016-12-17  Saam Barati  <sbarati@apple.com>
3124
3125         WebAssembly: WasmB3IRGenerator uses WarmAny as a ValueRep but expects the incoming value to be a register
3126         https://bugs.webkit.org/show_bug.cgi?id=165989
3127
3128         Reviewed by Mark Lam.
3129
3130         The input should be constrained to a register to match what
3131         the patchpoint code expects.
3132
3133         * wasm/WasmB3IRGenerator.cpp:
3134
3135 2016-12-17  Saam Barati  <sbarati@apple.com>
3136
3137         WebAssembly: Change a RELEASE_ASSERT_NOT_REACHED to a jit.breakpoint() for now to allow us to run some wasm benchmarks
3138         https://bugs.webkit.org/show_bug.cgi?id=165990
3139
3140         Reviewed by Mark Lam.
3141
3142         * wasm/WasmBinding.cpp:
3143         (JSC::Wasm::importStubGenerator):
3144
3145 2016-12-16  Joseph Pecoraro  <pecoraro@apple.com>
3146
3147         JSContext Inspector: Avoid some possible exceptions inspecting a JSContext
3148         https://bugs.webkit.org/show_bug.cgi?id=165986
3149         <rdar://problem/29551379>
3150
3151         Reviewed by Matt Baker.
3152
3153         * inspector/InjectedScriptSource.js:
3154         (InjectedScript.prototype.processProperties):
3155         Prefer String.prototype.endsWith now that it is available.
3156
3157         (InjectedScript.prototype._describe):
3158         Prefer Function.prototype.toString for converting functions to String.
3159         Previously we were doing String(f) which would to Symbol.toPrimitive
3160         conversion which seems unnecessary here.
3161
3162 2016-12-16  Michael Catanzaro  <mcatanzaro@igalia.com>
3163
3164         Unreviewed, fix GCC 6 build failure after r209952
3165
3166         Return false, not nullptr, in function returning bool.
3167
3168         * bytecompiler/BytecodeGenerator.cpp:
3169         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
3170
3171 2016-12-16  Saam Barati  <sbarati@apple.com>
3172
3173         WebAssembly: We still have some incorrect parsing productions inside unreachable code
3174         https://bugs.webkit.org/show_bug.cgi?id=165981
3175
3176         Reviewed by Keith Miller.
3177
3178         This hardens our parsing for CallIndirect and Loop/Block/If to be exactly like their reachable variant.
3179         
3180         It also fixes a more nefarious bug in which we were decoding an extra varuint32
3181         for Br/BrIf inside unreachable code.
3182
3183         * wasm/WasmFunctionParser.h:
3184
3185 2016-12-16  Filip Pizlo  <fpizlo@apple.com>
3186
3187         CellState should have members with accurate names
3188         https://bugs.webkit.org/show_bug.cgi?id=165969
3189
3190         Reviewed by Mark Lam.
3191         
3192         This once again renames the members in CellState. I wanted to convey the following
3193         pieces of information in the names:
3194         
3195         - What does the state mean for Generational GC?
3196         - What does the state mean for Concurrent GC?
3197         - Does the state guarantee what it means, or is there some contingency?
3198         
3199         The names I came up with are:
3200         
3201         PossiblyOldOrBlack: An object in this state may be old, or may be black, depending on
3202             other things. If the mark bit is set then the object is either black or being
3203             blackened as we speak. It's going to survive the GC, so it will be old, but may be
3204             new now. In between GCs, objects in this state are definitely old. If the mark bit
3205             is not set, then the object is actually old and white.
3206         
3207         DefinitelyNewAndWhite: The object was just allocated so it is white (not marked) and
3208             new.
3209         
3210         DefinitelyGrey: The object is definitely grey - it will be rescanned in the future. It
3211             may be new or old depending on other things.
3212
3213         * heap/CellState.h:
3214         * heap/Heap.cpp:
3215         (JSC::Heap::addToRememberedSet):
3216         (JSC::Heap::writeBarrierSlowPath):
3217         * heap/SlotVisitor.cpp:
3218         (JSC::SlotVisitor::appendJSCellOrAuxiliary):
3219         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
3220         (JSC::SlotVisitor::appendToMarkStack):
3221         (JSC::SlotVisitor::visitChildren):
3222         * runtime/JSCellInlines.h:
3223         (JSC::JSCell::JSCell):
3224         * runtime/StructureIDBlob.h:
3225         (JSC::StructureIDBlob::StructureIDBlob):
3226
3227 2016-12-16  Saam Barati  <sbarati@apple.com>
3228
3229         B3::DoubleToFloatReduction will accidentally convince itself it converted a Phi from Double to Float and then convert uses of that Phi into a use of FloatToDouble(@Phi)
3230         https://bugs.webkit.org/show_bug.cgi?id=165946
3231
3232         Reviewed by Keith Miller.
3233
3234         This was happening because the phase will convert some Phi nodes
3235         from Double to Float. However, one place that did this conversion
3236         forgot to first check if the Phi was already a Float. If it's already
3237         a Float, a later part of the phase will be buggy if the phase claims that it has
3238         converted it from Double->Float. The reason is that at the end of the
3239         phase, we'll look for all uses of former Double Phi nodes and make them
3240         be a use of ConvertFloatToDouble on the Phi, instead of a use of the Phi itself.
3241         This is clearly wrong if the Phi were Float to begin with (and
3242         therefore, the uses were Float uses to begin with).
3243
3244         * b3/B3ReduceDoubleToFloat.cpp:
3245         * b3/testb3.cpp:
3246         (JSC::B3::testReduceFloatToDoubleValidates):
3247         (JSC::B3::run):
3248
3249 2016-12-16  Mark Lam  <mark.lam@apple.com>
3250
3251         De-duplicate finally blocks.
3252         https://bugs.webkit.org/show_bug.cgi?id=160168
3253