[DFG] Define defs for MapSet/SetAdd to participate in CSE

[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>

        [DFG] Define defs for MapSet/SetAdd to participate in CSE
        https://bugs.webkit.org/show_bug.cgi?id=179911

        Reviewed by Saam Barati.

        With this patch, our MapSet and SetAdd DFG nodes participate in CSE.
        To handle a bit tricky DFG Map operation nodes, MapSet and SetAdd
        produce added bucket as its result. Subsequent GetMapBucket will
        be removed by CSE.

        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGClobberize.h:
        (JSC::DFG::clobberize):
        * dfg/DFGNodeType.h:
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGPredictionPropagationPhase.cpp:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileSetAdd):
        (JSC::DFG::SpeculativeJIT::compileMapSet):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation):
        * ftl/FTLLowerDFGToB3.cpp:
        (JSC::FTL::DFG::LowerDFGToB3::compileSetAdd):
        (JSC::FTL::DFG::LowerDFGToB3::compileMapSet):
        * jit/JITOperations.h:
        * runtime/HashMapImpl.h:
        (JSC::HashMapImpl::addNormalized):
        (JSC::HashMapImpl::addNormalizedInternal):

2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Remove LocalScope
        https://bugs.webkit.org/show_bug.cgi?id=181206

        Reviewed by Geoffrey Garen.

        The last user of HandleStack and LocalScope is JSON. But MarkedArgumentBuffer is enough for their use.
        This patch changes JSON parsing and stringifying to using MarkedArgumentBuffer. And remove HandleStack
        and LocalScope.

        We make Stringifier and Walker WTF_FORBID_HEAP_ALLOCATION to place them on the stack. So they can hold
        JSObject* directly in their fields.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Sources.txt:
        * heap/HandleStack.cpp: Removed.
        * heap/HandleStack.h: Removed.
        * heap/Heap.cpp:
        (JSC::Heap::addCoreConstraints):
        * heap/Heap.h:
        (JSC::Heap::handleSet):
        (JSC::Heap::handleStack): Deleted.
        * heap/Local.h: Removed.
        * heap/LocalScope.h: Removed.
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object const):
        (JSC::gap):
        (JSC::Stringifier::Stringifier):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::appendStringifiedValue):
        (JSC::Stringifier::Holder::Holder):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::Walker):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        (JSC::JSONProtoFuncParse):
        (JSC::JSONProtoFuncStringify):
        (JSC::JSONParse):
        (JSC::JSONStringify):

2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>

        [FTL] Optimize ObjectAllocationSinking mergePointerSets by using removeIf
        https://bugs.webkit.org/show_bug.cgi?id=180238

        Reviewed by Saam Barati.

        We can optimize ObjectAllocationSinking a bit by using removeIf.

        * dfg/DFGObjectAllocationSinkingPhase.cpp:

2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Create parallel SlotVisitors apriori
        https://bugs.webkit.org/show_bug.cgi?id=180907

        Reviewed by Saam Barati.

        The number of SlotVisitors are capped with the number of HeapHelperPool's threads + 2.
        If we create these SlotVisitors apriori, we do not need to create SlotVisitors dynamically.
        Then we do not need to grab locks while iterating all the SlotVisitors.

        In addition, we do not need to consider the case that the number of SlotVisitors increases
        after setting up VisitCounters in MarkingConstraintSolver since the number of SlotVisitors
        does not increase any more.

        * heap/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::runBeginPhase):
        * heap/Heap.h:
        * heap/HeapInlines.h:
        (JSC::Heap::forEachSlotVisitor):
        (JSC::Heap::numberOfSlotVisitors): Deleted.
        * heap/MarkingConstraintSolver.cpp:
        (JSC::MarkingConstraintSolver::didVisitSomething const):

2018-01-03  Ting-Wei Lan  <lantw44@gmail.com>

        Replace hard-coded paths in shebangs with #!/usr/bin/env
        https://bugs.webkit.org/show_bug.cgi?id=181040

        Reviewed by Alex Christensen.

        * Scripts/UpdateContents.py:
        * Scripts/cssmin.py:
        * Scripts/generate-combined-inspector-json.py:
        * Scripts/xxd.pl:
        * create_hash_table:
        * generate-bytecode-files:
        * wasm/generateWasm.py:
        * wasm/generateWasmOpsHeader.py:
        * yarr/generateYarrCanonicalizeUnicode:

2018-01-03  Michael Saboff  <msaboff@apple.com>

        Disable SharedArrayBuffers from Web API
        https://bugs.webkit.org/show_bug.cgi?id=181266

        Reviewed by Saam Barati.

        Removed SharedArrayBuffer prototype and structure from GlobalObject creation
        to disable.

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
        (JSC::JSGlobalObject::visitChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::arrayBufferPrototype const):
        (JSC::JSGlobalObject::arrayBufferStructure const):

2018-01-03  Michael Saboff  <msaboff@apple.com>

        Add "noInline" to $vm
        https://bugs.webkit.org/show_bug.cgi?id=181265

        Reviewed by Mark Lam.

        This would be useful for web based tests.

        * tools/JSDollarVM.cpp:
        (JSC::getExecutableForFunction):
        (JSC::functionNoInline):
        (JSC::JSDollarVM::finishCreation):

2018-01-03  Michael Saboff  <msaboff@apple.com>

        Remove unnecessary flushing of Butterfly pointer in functionCpuClflush()
        https://bugs.webkit.org/show_bug.cgi?id=181263

        Reviewed by Mark Lam.

        Flushing the butterfly pointer provides no benefit and slows this function.

        * tools/JSDollarVM.cpp:
        (JSC::functionCpuClflush):

2018-01-03  Saam Barati  <sbarati@apple.com>

        Fix BytecodeParser op_catch assert to work with useProfiler=1
        https://bugs.webkit.org/show_bug.cgi?id=181260

        Reviewed by Keith Miller.

        op_catch was asserting that the current block was empty. This is only true
        if the profiler isn't enabled. When the profiler is enabled, we will
        insert a CountExecution node before each bytecode. This patch fixes the
        assert to work with the profiler.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):

2018-01-03  Per Arne Vollan  <pvollan@apple.com>

        [Win][Debug] testapi link error.
        https://bugs.webkit.org/show_bug.cgi?id=181247
        <rdar://problem/36166729>

        Reviewed by Brent Fulgham.

        Do not set the runtime library compile flag for C files, it is already set to the correct value.
 
        * shell/PlatformWin.cmake:

2018-01-03  Robin Morisset  <rmorisset@apple.com>

        Inlining of a function that ends in op_unreachable crashes
        https://bugs.webkit.org/show_bug.cgi?id=181027

        Reviewed by Filip Pizlo.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::allocateTargetableBlock):
        (JSC::DFG::ByteCodeParser::inlineCall):

2018-01-02  Saam Barati  <sbarati@apple.com>

        Incorrect assertion inside AccessCase
        https://bugs.webkit.org/show_bug.cgi?id=181200
        <rdar://problem/35494754>

        Reviewed by Yusuke Suzuki.

        Consider a PutById compiled to a setter in a function like so:
        
        ```
        function foo(o) { o.f = o; }
        ```
        
        The DFG will often assign the same registers to the baseGPR (o in o.f) and the
        valueRegsPayloadGPR (o in the RHS). The code totally works when these are assigned
        to the same register. However, we're asserting that they're not the same register.
        This patch just removes this invalid assertion.

        * bytecode/AccessCase.cpp:
        (JSC::AccessCase::generateImpl):

2018-01-02  Caio Lima  <ticaiolima@gmail.com>

        [ESNext][BigInt] Implement BigIntConstructor and BigIntPrototype
        https://bugs.webkit.org/show_bug.cgi?id=175359

        Reviewed by Yusuke Suzuki.

        This patch is implementing BigIntConstructor and BigIntPrototype
        following spec[1, 2]. As addition, we are also implementing BigIntObject
        warapper to handle ToObject(v) abstract operation when "v" is a BigInt
        primitive. With these classes, now it's possible to syntetize
        BigInt.prototype and then call "toString", "valueOf" and
        "toLocaleString" when the primitive is a BigInt.
        BigIntConstructor exposes an API to parse other primitives such as
        Number, Boolean and String to BigInt.
        We decided to skip parseInt implementation, since it was removed from
        spec.

        [1] - https://tc39.github.io/proposal-bigint/#sec-bigint-constructor
        [2] - https://tc39.github.io/proposal-bigint/#sec-properties-of-the-bigint-prototype-object 

        * CMakeLists.txt:
        * DerivedSources.make:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Sources.txt:
        * jsc.cpp:
        * runtime/BigIntConstructor.cpp: Added.
        (JSC::BigIntConstructor::BigIntConstructor):
        (JSC::BigIntConstructor::finishCreation):
        (JSC::isSafeInteger):
        (JSC::toBigInt):
        (JSC::callBigIntConstructor):
        (JSC::bigIntConstructorFuncAsUintN):
        (JSC::bigIntConstructorFuncAsIntN):
        * runtime/BigIntConstructor.h: Added.
        (JSC::BigIntConstructor::create):
        (JSC::BigIntConstructor::createStructure):
        * runtime/BigIntObject.cpp: Added.
        (JSC::BigIntObject::BigIntObject):
        (JSC::BigIntObject::finishCreation):
        (JSC::BigIntObject::toStringName):
        (JSC::BigIntObject::defaultValue):
        * runtime/BigIntObject.h: Added.
        (JSC::BigIntObject::create):
        (JSC::BigIntObject::internalValue const):
        (JSC::BigIntObject::createStructure):
        * runtime/BigIntPrototype.cpp: Added.
        (JSC::BigIntPrototype::BigIntPrototype):
        (JSC::BigIntPrototype::finishCreation):
        (JSC::toThisBigIntValue):
        (JSC::bigIntProtoFuncToString):
        (JSC::bigIntProtoFuncToLocaleString):
        (JSC::bigIntProtoFuncValueOf):
        * runtime/BigIntPrototype.h: Added.
        (JSC::BigIntPrototype::create):
        (JSC::BigIntPrototype::createStructure):
        * runtime/IntlCollator.cpp:
        (JSC::IntlCollator::initializeCollator):
        * runtime/IntlNumberFormat.cpp:
        (JSC::IntlNumberFormat::initializeNumberFormat):
        * runtime/JSBigInt.cpp:
        (JSC::JSBigInt::createFrom):
        (JSC::JSBigInt::parseInt):
        (JSC::JSBigInt::toObject const):
        * runtime/JSBigInt.h:
        * runtime/JSCJSValue.cpp:
        (JSC::JSValue::synthesizePrototype const):
        * runtime/JSCPoisonedPtr.cpp:
        * runtime/JSCell.cpp:
        (JSC::JSCell::toObjectSlow const):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
        (JSC::JSGlobalObject::visitChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::bigIntPrototype const):
        (JSC::JSGlobalObject::bigIntObjectStructure const):
        * runtime/StructureCache.h:
        * runtime/StructureInlines.h:
        (JSC::prototypeForLookupPrimitiveImpl):

2018-01-02  Tim Horton  <timothy_horton@apple.com>

        Fix the MathCommon build with a recent compiler
        https://bugs.webkit.org/show_bug.cgi?id=181216

        Reviewed by Sam Weinig.

        * runtime/MathCommon.cpp:
        (JSC::fdlibmPow):
        This cast drops the 'const' qualifier from the pointer to 'one',
        but it doesn't have to, and it makes the compiler sad.

== Rolled over to ChangeLog-2018-01-01 ==