834f2a324274338eb32a28d9aa57ed661b4bb1f8
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         [DFG] Define defs for MapSet/SetAdd to participate in CSE
4         https://bugs.webkit.org/show_bug.cgi?id=179911
5
6         Reviewed by Saam Barati.
7
8         With this patch, our MapSet and SetAdd DFG nodes participate in CSE.
9         To handle a bit tricky DFG Map operation nodes, MapSet and SetAdd
10         produce added bucket as its result. Subsequent GetMapBucket will
11         be removed by CSE.
12
13         * dfg/DFGAbstractInterpreterInlines.h:
14         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
15         * dfg/DFGClobberize.h:
16         (JSC::DFG::clobberize):
17         * dfg/DFGNodeType.h:
18         * dfg/DFGOperations.cpp:
19         * dfg/DFGOperations.h:
20         * dfg/DFGPredictionPropagationPhase.cpp:
21         * dfg/DFGSpeculativeJIT.cpp:
22         (JSC::DFG::SpeculativeJIT::compileSetAdd):
23         (JSC::DFG::SpeculativeJIT::compileMapSet):
24         * dfg/DFGSpeculativeJIT.h:
25         (JSC::DFG::SpeculativeJIT::callOperation):
26         * ftl/FTLLowerDFGToB3.cpp:
27         (JSC::FTL::DFG::LowerDFGToB3::compileSetAdd):
28         (JSC::FTL::DFG::LowerDFGToB3::compileMapSet):
29         * jit/JITOperations.h:
30         * runtime/HashMapImpl.h:
31         (JSC::HashMapImpl::addNormalized):
32         (JSC::HashMapImpl::addNormalizedInternal):
33
34 2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
35
36         [JSC] Remove LocalScope
37         https://bugs.webkit.org/show_bug.cgi?id=181206
38
39         Reviewed by Geoffrey Garen.
40
41         The last user of HandleStack and LocalScope is JSON. But MarkedArgumentBuffer is enough for their use.
42         This patch changes JSON parsing and stringifying to using MarkedArgumentBuffer. And remove HandleStack
43         and LocalScope.
44
45         We make Stringifier and Walker WTF_FORBID_HEAP_ALLOCATION to place them on the stack. So they can hold
46         JSObject* directly in their fields.
47
48         * JavaScriptCore.xcodeproj/project.pbxproj:
49         * Sources.txt:
50         * heap/HandleStack.cpp: Removed.
51         * heap/HandleStack.h: Removed.
52         * heap/Heap.cpp:
53         (JSC::Heap::addCoreConstraints):
54         * heap/Heap.h:
55         (JSC::Heap::handleSet):
56         (JSC::Heap::handleStack): Deleted.
57         * heap/Local.h: Removed.
58         * heap/LocalScope.h: Removed.
59         * runtime/JSONObject.cpp:
60         (JSC::Stringifier::Holder::object const):
61         (JSC::gap):
62         (JSC::Stringifier::Stringifier):
63         (JSC::Stringifier::stringify):
64         (JSC::Stringifier::appendStringifiedValue):
65         (JSC::Stringifier::Holder::Holder):
66         (JSC::Stringifier::Holder::appendNextProperty):
67         (JSC::Walker::Walker):
68         (JSC::Walker::callReviver):
69         (JSC::Walker::walk):
70         (JSC::JSONProtoFuncParse):
71         (JSC::JSONProtoFuncStringify):
72         (JSC::JSONParse):
73         (JSC::JSONStringify):
74
75 2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
76
77         [FTL] Optimize ObjectAllocationSinking mergePointerSets by using removeIf
78         https://bugs.webkit.org/show_bug.cgi?id=180238
79
80         Reviewed by Saam Barati.
81
82         We can optimize ObjectAllocationSinking a bit by using removeIf.
83
84         * dfg/DFGObjectAllocationSinkingPhase.cpp:
85
86 2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
87
88         [JSC] Create parallel SlotVisitors apriori
89         https://bugs.webkit.org/show_bug.cgi?id=180907
90
91         Reviewed by Saam Barati.
92
93         The number of SlotVisitors are capped with the number of HeapHelperPool's threads + 2.
94         If we create these SlotVisitors apriori, we do not need to create SlotVisitors dynamically.
95         Then we do not need to grab locks while iterating all the SlotVisitors.
96
97         In addition, we do not need to consider the case that the number of SlotVisitors increases
98         after setting up VisitCounters in MarkingConstraintSolver since the number of SlotVisitors
99         does not increase any more.
100
101         * heap/Heap.cpp:
102         (JSC::Heap::Heap):
103         (JSC::Heap::runBeginPhase):
104         * heap/Heap.h:
105         * heap/HeapInlines.h:
106         (JSC::Heap::forEachSlotVisitor):
107         (JSC::Heap::numberOfSlotVisitors): Deleted.
108         * heap/MarkingConstraintSolver.cpp:
109         (JSC::MarkingConstraintSolver::didVisitSomething const):
110
111 2018-01-03  Ting-Wei Lan  <lantw44@gmail.com>
112
113         Replace hard-coded paths in shebangs with #!/usr/bin/env
114         https://bugs.webkit.org/show_bug.cgi?id=181040
115
116         Reviewed by Alex Christensen.
117
118         * Scripts/UpdateContents.py:
119         * Scripts/cssmin.py:
120         * Scripts/generate-combined-inspector-json.py:
121         * Scripts/xxd.pl:
122         * create_hash_table:
123         * generate-bytecode-files:
124         * wasm/generateWasm.py:
125         * wasm/generateWasmOpsHeader.py:
126         * yarr/generateYarrCanonicalizeUnicode:
127
128 2018-01-03  Michael Saboff  <msaboff@apple.com>
129
130         Disable SharedArrayBuffers from Web API
131         https://bugs.webkit.org/show_bug.cgi?id=181266
132
133         Reviewed by Saam Barati.
134
135         Removed SharedArrayBuffer prototype and structure from GlobalObject creation
136         to disable.
137
138         * runtime/JSGlobalObject.cpp:
139         (JSC::JSGlobalObject::init):
140         (JSC::JSGlobalObject::visitChildren):
141         * runtime/JSGlobalObject.h:
142         (JSC::JSGlobalObject::arrayBufferPrototype const):
143         (JSC::JSGlobalObject::arrayBufferStructure const):
144
145 2018-01-03  Michael Saboff  <msaboff@apple.com>
146
147         Add "noInline" to $vm
148         https://bugs.webkit.org/show_bug.cgi?id=181265
149
150         Reviewed by Mark Lam.
151
152         This would be useful for web based tests.
153
154         * tools/JSDollarVM.cpp:
155         (JSC::getExecutableForFunction):
156         (JSC::functionNoInline):
157         (JSC::JSDollarVM::finishCreation):
158
159 2018-01-03  Michael Saboff  <msaboff@apple.com>
160
161         Remove unnecessary flushing of Butterfly pointer in functionCpuClflush()
162         https://bugs.webkit.org/show_bug.cgi?id=181263
163
164         Reviewed by Mark Lam.
165
166         Flushing the butterfly pointer provides no benefit and slows this function.
167
168         * tools/JSDollarVM.cpp:
169         (JSC::functionCpuClflush):
170
171 2018-01-03  Saam Barati  <sbarati@apple.com>
172
173         Fix BytecodeParser op_catch assert to work with useProfiler=1
174         https://bugs.webkit.org/show_bug.cgi?id=181260
175
176         Reviewed by Keith Miller.
177
178         op_catch was asserting that the current block was empty. This is only true
179         if the profiler isn't enabled. When the profiler is enabled, we will
180         insert a CountExecution node before each bytecode. This patch fixes the
181         assert to work with the profiler.
182
183         * dfg/DFGByteCodeParser.cpp:
184         (JSC::DFG::ByteCodeParser::parseBlock):
185
186 2018-01-03  Per Arne Vollan  <pvollan@apple.com>
187
188         [Win][Debug] testapi link error.
189         https://bugs.webkit.org/show_bug.cgi?id=181247
190         <rdar://problem/36166729>
191
192         Reviewed by Brent Fulgham.
193
194         Do not set the runtime library compile flag for C files, it is already set to the correct value.
195  
196         * shell/PlatformWin.cmake:
197
198 2018-01-03  Robin Morisset  <rmorisset@apple.com>
199
200         Inlining of a function that ends in op_unreachable crashes
201         https://bugs.webkit.org/show_bug.cgi?id=181027
202
203         Reviewed by Filip Pizlo.
204
205         * dfg/DFGByteCodeParser.cpp:
206         (JSC::DFG::ByteCodeParser::allocateTargetableBlock):
207         (JSC::DFG::ByteCodeParser::inlineCall):
208
209 2018-01-02  Saam Barati  <sbarati@apple.com>
210
211         Incorrect assertion inside AccessCase
212         https://bugs.webkit.org/show_bug.cgi?id=181200
213         <rdar://problem/35494754>
214
215         Reviewed by Yusuke Suzuki.
216
217         Consider a PutById compiled to a setter in a function like so:
218         
219         ```
220         function foo(o) { o.f = o; }
221         ```
222         
223         The DFG will often assign the same registers to the baseGPR (o in o.f) and the
224         valueRegsPayloadGPR (o in the RHS). The code totally works when these are assigned
225         to the same register. However, we're asserting that they're not the same register.
226         This patch just removes this invalid assertion.
227
228         * bytecode/AccessCase.cpp:
229         (JSC::AccessCase::generateImpl):
230
231 2018-01-02  Caio Lima  <ticaiolima@gmail.com>
232
233         [ESNext][BigInt] Implement BigIntConstructor and BigIntPrototype
234         https://bugs.webkit.org/show_bug.cgi?id=175359
235
236         Reviewed by Yusuke Suzuki.
237
238         This patch is implementing BigIntConstructor and BigIntPrototype
239         following spec[1, 2]. As addition, we are also implementing BigIntObject
240         warapper to handle ToObject(v) abstract operation when "v" is a BigInt
241         primitive. With these classes, now it's possible to syntetize
242         BigInt.prototype and then call "toString", "valueOf" and
243         "toLocaleString" when the primitive is a BigInt.
244         BigIntConstructor exposes an API to parse other primitives such as
245         Number, Boolean and String to BigInt.
246         We decided to skip parseInt implementation, since it was removed from
247         spec.
248
249         [1] - https://tc39.github.io/proposal-bigint/#sec-bigint-constructor
250         [2] - https://tc39.github.io/proposal-bigint/#sec-properties-of-the-bigint-prototype-object 
251
252         * CMakeLists.txt:
253         * DerivedSources.make:
254         * JavaScriptCore.xcodeproj/project.pbxproj:
255         * Sources.txt:
256         * jsc.cpp:
257         * runtime/BigIntConstructor.cpp: Added.
258         (JSC::BigIntConstructor::BigIntConstructor):
259         (JSC::BigIntConstructor::finishCreation):
260         (JSC::isSafeInteger):
261         (JSC::toBigInt):
262         (JSC::callBigIntConstructor):
263         (JSC::bigIntConstructorFuncAsUintN):
264         (JSC::bigIntConstructorFuncAsIntN):
265         * runtime/BigIntConstructor.h: Added.
266         (JSC::BigIntConstructor::create):
267         (JSC::BigIntConstructor::createStructure):
268         * runtime/BigIntObject.cpp: Added.
269         (JSC::BigIntObject::BigIntObject):
270         (JSC::BigIntObject::finishCreation):
271         (JSC::BigIntObject::toStringName):
272         (JSC::BigIntObject::defaultValue):
273         * runtime/BigIntObject.h: Added.
274         (JSC::BigIntObject::create):
275         (JSC::BigIntObject::internalValue const):
276         (JSC::BigIntObject::createStructure):
277         * runtime/BigIntPrototype.cpp: Added.
278         (JSC::BigIntPrototype::BigIntPrototype):
279         (JSC::BigIntPrototype::finishCreation):
280         (JSC::toThisBigIntValue):
281         (JSC::bigIntProtoFuncToString):
282         (JSC::bigIntProtoFuncToLocaleString):
283         (JSC::bigIntProtoFuncValueOf):
284         * runtime/BigIntPrototype.h: Added.
285         (JSC::BigIntPrototype::create):
286         (JSC::BigIntPrototype::createStructure):
287         * runtime/IntlCollator.cpp:
288         (JSC::IntlCollator::initializeCollator):
289         * runtime/IntlNumberFormat.cpp:
290         (JSC::IntlNumberFormat::initializeNumberFormat):
291         * runtime/JSBigInt.cpp:
292         (JSC::JSBigInt::createFrom):
293         (JSC::JSBigInt::parseInt):
294         (JSC::JSBigInt::toObject const):
295         * runtime/JSBigInt.h:
296         * runtime/JSCJSValue.cpp:
297         (JSC::JSValue::synthesizePrototype const):
298         * runtime/JSCPoisonedPtr.cpp:
299         * runtime/JSCell.cpp:
300         (JSC::JSCell::toObjectSlow const):
301         * runtime/JSGlobalObject.cpp:
302         (JSC::JSGlobalObject::init):
303         (JSC::JSGlobalObject::visitChildren):
304         * runtime/JSGlobalObject.h:
305         (JSC::JSGlobalObject::bigIntPrototype const):
306         (JSC::JSGlobalObject::bigIntObjectStructure const):
307         * runtime/StructureCache.h:
308         * runtime/StructureInlines.h:
309         (JSC::prototypeForLookupPrimitiveImpl):
310
311 2018-01-02  Tim Horton  <timothy_horton@apple.com>
312
313         Fix the MathCommon build with a recent compiler
314         https://bugs.webkit.org/show_bug.cgi?id=181216
315
316         Reviewed by Sam Weinig.
317
318         * runtime/MathCommon.cpp:
319         (JSC::fdlibmPow):
320         This cast drops the 'const' qualifier from the pointer to 'one',
321         but it doesn't have to, and it makes the compiler sad.
322
323 == Rolled over to ChangeLog-2018-01-01 ==