83cc437ed37b08bb752f8e6e3d49f3905b64405d
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-11-30  Don Olmstead  <don.olmstead@sony.com>
2
3         Rename ENABLE_SUBTLE_CRYPTO to ENABLE_WEB_CRYPTO
4         https://bugs.webkit.org/show_bug.cgi?id=192197
5
6         Reviewed by Jiewen Tan.
7
8         * Configurations/FeatureDefines.xcconfig:
9
10 2018-11-30  Dean Jackson  <dino@apple.com>
11
12         Add first-class support for .mjs files in jsc binary
13         https://bugs.webkit.org/show_bug.cgi?id=192190
14         <rdar://problem/46375715>
15
16         Reviewed by Keith Miller.
17
18         Treat files with a .mjs extension as a module, regardless
19         of whether or not the --module-file argument was given.
20
21         * jsc.cpp:
22         (printUsageStatement): Update usage.
23         (isMJSFile): Helper to look for .mjs extensions.
24         (CommandLine::parseArguments): Pick the appropriate script type.
25
26 2018-11-30  Caio Lima  <ticaiolima@gmail.com>
27
28         [BigInt] Implement ValueBitXor into DFG
29         https://bugs.webkit.org/show_bug.cgi?id=190264
30
31         Reviewed by Yusuke Suzuki.
32
33         This patch is splitting the BitXor node into ArithBitXor and
34         ValueBitXor. This is necessary due the introduction of
35         BigInt, since BitXor operations now can result into Int32 or BigInt.
36         In such case, we use ArithBitXor when operands are Int and fallback to
37         ValueBitXor when operands are anything else. In the case of
38         ValueBitXor, we speculate BigInt when op1 and op2 are predicted as
39         BigInt as well. BigInt specialization consist into call
40         `operationBigIntBitXor` function, that calls JSBigInt::bitXor.
41
42         * bytecode/BytecodeList.rb:
43         * bytecode/CodeBlock.cpp:
44         (JSC::CodeBlock::finishCreation):
45         (JSC::CodeBlock::arithProfileForPC):
46         * bytecode/Opcode.h:
47         (JSC::padOpcodeName):
48         * bytecompiler/BytecodeGenerator.h:
49         * dfg/DFGAbstractInterpreterInlines.h:
50         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
51         * dfg/DFGBackwardsPropagationPhase.cpp:
52         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
53         (JSC::DFG::BackwardsPropagationPhase::propagate):
54         * dfg/DFGByteCodeParser.cpp:
55         (JSC::DFG::ByteCodeParser::parseBlock):
56         * dfg/DFGClobberize.h:
57         (JSC::DFG::clobberize):
58         * dfg/DFGDoesGC.cpp:
59         (JSC::DFG::doesGC):
60         * dfg/DFGFixupPhase.cpp:
61         (JSC::DFG::FixupPhase::fixupNode):
62         * dfg/DFGNodeType.h:
63         * dfg/DFGOperations.cpp:
64         * dfg/DFGOperations.h:
65         * dfg/DFGPredictionPropagationPhase.cpp:
66         * dfg/DFGSafeToExecute.h:
67         (JSC::DFG::safeToExecute):
68         * dfg/DFGSpeculativeJIT.cpp:
69         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
70         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
71         * dfg/DFGSpeculativeJIT.h:
72         (JSC::DFG::SpeculativeJIT::bitOp):
73         * dfg/DFGSpeculativeJIT32_64.cpp:
74         (JSC::DFG::SpeculativeJIT::compile):
75         * dfg/DFGSpeculativeJIT64.cpp:
76         (JSC::DFG::SpeculativeJIT::compile):
77         * dfg/DFGStrengthReductionPhase.cpp:
78         (JSC::DFG::StrengthReductionPhase::handleNode):
79         * ftl/FTLCapabilities.cpp:
80         (JSC::FTL::canCompile):
81         * ftl/FTLLowerDFGToB3.cpp:
82         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
83         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitXor):
84         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitXor):
85         (JSC::FTL::DFG::LowerDFGToB3::compileBitXor): Deleted.
86         * jit/JITArithmetic.cpp:
87         (JSC::JIT::emit_op_bitxor):
88         * llint/LowLevelInterpreter32_64.asm:
89         * llint/LowLevelInterpreter64.asm:
90         * runtime/CommonSlowPaths.cpp:
91         (JSC::SLOW_PATH_DECL):
92
93 2018-11-29  Justin Michaud  <justin_michaud@apple.com>
94
95         CSS Painting API should pass 'this' correctly to paint callback, and repaint when properties change.
96         https://bugs.webkit.org/show_bug.cgi?id=191443
97
98         Reviewed by Dean Jackson.
99
100         Export the simpler construct() method for use in WebCore.
101
102         * runtime/ConstructData.h:
103
104 2018-11-28  Mark Lam  <mark.lam@apple.com>
105
106         ENABLE_SEPARATED_WX_HEAP needs to be defined in Platform.h.
107         https://bugs.webkit.org/show_bug.cgi?id=192110
108         <rdar://problem/46317746>
109
110         Reviewed by Saam Barati.
111
112         * config.h:
113
114 2018-11-28  Keith Rollin  <krollin@apple.com>
115
116         Update generate-{derived,unified}-sources scripts to support generating .xcfilelist files
117         https://bugs.webkit.org/show_bug.cgi?id=192031
118         <rdar://problem/46286816>
119
120         Reviewed by Alex Christensen.
121
122         The Generate Derived Sources and Generate Unified Sources build phases
123         in Xcode need to have their inputs and outputs specified. This
124         specification will come in the form of .xcfilelist files that will be
125         attached to these build phases. There is one .xcfilelist file that
126         lists the input file and one that lists the output files. As part of
127         this work, the various generate-{derived,unified}-sources scripts that
128         are executed in these Generate build phases are modified to help in
129         the creation of these .xcfilelist files. In particular, they can now
130         be invoked with command-line parameters. These parameters are then
131         used to alter the normal execution of these scripts, causing them to
132         produce the .xcfilelist files as opposed to actually generating the
133         files that are listed in those files.
134
135         * Scripts/generate-derived-sources.sh:
136         * Scripts/generate-unified-sources.sh:
137
138 2018-11-28  Keith Rollin  <krollin@apple.com>
139
140         Revert print_all_generated_files work in r238008; tighten up target specifications
141         https://bugs.webkit.org/show_bug.cgi?id=192025
142         <rdar://problem/46284301>
143
144         Reviewed by Alex Christensen.
145
146         In r238008, I added a facility for DerivedSources.make makefiles to
147         print out the list of files that they generate. This output was used
148         in the generation of .xcfilelist files used to specify the output of
149         the associated Generate Derived Sources build phases in Xcode. This
150         approach worked, but it meant that people would need to follow a
151         specific convention to keep this mechanism working.
152
153         Instead of continuing this approach, I'm going to implement a new
154         facility based on the output of `make` when passed the -d flag (which
155         prints dependency information). This new mechanism is completely
156         automatic and doesn't need maintainers to follow a convention. To that
157         end, remove most of the work performed in r238008 that supports the
158         print_all_generated_files target.
159
160         At the same time, it's important for the sets of targets and their
161         dependencies to be complete and correct. Therefore, also include
162         changes to bring those up-to-date. As part of that, you'll see
163         prevalent use of a particular technique. Here's an example:
164
165             BYTECODE_FILES = \
166                 Bytecodes.h \
167                 BytecodeIndices.h \
168                 BytecodeStructs.h \
169                 InitBytecodes.asm \
170             #
171             BYTECODE_FILES_PATTERNS = $(subst .,%,$(BYTECODE_FILES))
172
173             all : $(BYTECODE_FILES)
174
175             $(BYTECODE_FILES_PATTERNS): $(wildcard $(JavaScriptCore)/generator/*.rb) $(JavaScriptCore)/bytecode/BytecodeList.rb
176                 ...
177
178         These lines indicate a set of generated files (those specified in
179         BYTECODE_FILES). These files are generated by the BytecodeList.rb
180         tool. But, as opposed to the normal rule where a single foo.output is
181         generated by foo.input plus some additional dependencies, this rule
182         produces multiple output files from a tool whose connection to the
183         output files is not immediately clear. A special approach is needed
184         where a single rule produces multiple output files. The normal way to
185         implement this is to use an .INTERMEDIATE target. However, we used
186         this approach in the past and ran into a problem with it, addressing
187         it with an alternate approach in r210507. The above example shows this
188         approach. The .'s in the list of target files are replaced with %'s,
189         and the result is used as the left side of the dependency rule.
190
191         * DerivedSources.make:
192
193 2018-11-28  Keith Rollin  <krollin@apple.com>
194
195         Remove Postprocess Headers dependencies
196         https://bugs.webkit.org/show_bug.cgi?id=192023
197         <rdar://problem/46283377>
198
199         Reviewed by Mark Lam.
200
201         JavaScriptCore's Xcode Postprocess Headers build phase used to have a
202         dependency on a specific handful of files. In r234227, the script used
203         in this phase (postprocess-headers.sh) was completely rewritten to
204         operate on *all* files in JSC's Public and Private headers directories
205         instead of just this handful. This rewrite makes the previous
206         dependency specification insufficient, leading to incorrect
207         incremental builds if the right files weren't touched. Address this by
208         removing the dependencies completely. This will cause
209         postprocess-headers.sh to always be executed, even when none of its
210         files are touch. Running this script all the time is OK, since it has
211         built-in protections against unnecessarily touching files that haven't
212         changed.
213
214         * JavaScriptCore.xcodeproj/project.pbxproj:
215
216 2018-11-27  Mark Lam  <mark.lam@apple.com>
217
218         ENABLE_FAST_JIT_PERMISSIONS should be false for iosmac.
219         https://bugs.webkit.org/show_bug.cgi?id=192055
220         <rdar://problem/46288783>
221
222         Reviewed by Saam Barati.
223
224         * Configurations/FeatureDefines.xcconfig:
225
226 2018-11-27  Saam barati  <sbarati@apple.com>
227
228         r238510 broke scopes of size zero
229         https://bugs.webkit.org/show_bug.cgi?id=192033
230         <rdar://problem/46281734>
231
232         Reviewed by Keith Miller.
233
234         In r238510, I wrote the loop like this: 
235         `for (ScopeOffset offset { 0 }; offset <= symbolTable->maxScopeOffset(); offset += 1)`
236         
237         This breaks for scopes of size zero because maxScopeOffset() will be UINT_MAX.
238         
239         This patch fixes this by writing the loop as:
240         `for (unsigned offset = 0; offset < symbolTable->scopeSize(); ++offset)`
241
242         * dfg/DFGObjectAllocationSinkingPhase.cpp:
243
244 2018-11-27  Mark Lam  <mark.lam@apple.com>
245
246         ASSERTION FAILED: capacity && isPageAligned(capacity) in JSC::CLoopStack::CLoopStack(JSC::VM&).
247         https://bugs.webkit.org/show_bug.cgi?id=192018
248
249         Reviewed by Saam Barati.
250
251         This assertion failed because the regress-191579.js test was specifying
252         --maxPerThreadStackUsage=400000 i.e. it was running with a stack size that is not
253         page aligned.  Given that the user can specify any arbitrary stack size, and the
254         CLoop stack expects to be page aligned, we'll just round up the requested capacity
255         to the next page alignment.
256
257         * interpreter/CLoopStack.cpp:
258         (JSC::CLoopStack::CLoopStack):
259
260 2018-11-27  Mark Lam  <mark.lam@apple.com>
261
262         [Re-landing] NaNs read from Wasm code needs to be be purified.
263         https://bugs.webkit.org/show_bug.cgi?id=191056
264         <rdar://problem/45660341>
265
266         Reviewed by Filip Pizlo.
267
268         * wasm/js/WebAssemblyModuleRecord.cpp:
269         (JSC::WebAssemblyModuleRecord::link):
270
271 2018-11-27  Timothy Hatcher  <timothy@apple.com>
272
273         Web Inspector: Add support for forcing color scheme appearance in DOM tree.
274         https://bugs.webkit.org/show_bug.cgi?id=191820
275         rdar://problem/46153172
276
277         Reviewed by Devin Rousso.
278
279         * inspector/protocol/Page.json: Added setForcedAppearance.
280         Also added the defaultAppearanceDidChange event and Appearance enum.
281
282 2018-11-27  Ryan Haddad  <ryanhaddad@apple.com>
283
284         Unreviewed, rolling out r238509.
285
286         Causes JSC tests to fail on iOS.
287
288         Reverted changeset:
289
290         "NaNs read from Wasm code needs to be be purified."
291         https://bugs.webkit.org/show_bug.cgi?id=191056
292         https://trac.webkit.org/changeset/238509
293
294 2018-11-27  Mark Lam  <mark.lam@apple.com>
295
296         Introducing a ENABLE_SEPARATED_WX_HEAP macro.
297         https://bugs.webkit.org/show_bug.cgi?id=192013
298         <rdar://problem/45494310>
299
300         Reviewed by Keith Miller.
301
302         This makes the code a little more readable.
303
304         I put the definition of ENABLE_SEPARATED_WX_HEAP in JSC's config.h instead of
305         Platform.h because ENABLE_SEPARATED_WX_HEAP is only needed inside JSC.  Also,
306         ENABLE_SEPARATED_WX_HEAP depends on ENABLE(FAST_JIT_PERMISSIONS), which is only
307         defined for JSC.
308
309         * config.h:
310         * jit/ExecutableAllocator.cpp:
311         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
312         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
313         * jit/ExecutableAllocator.h:
314         (JSC::performJITMemcpy):
315         * runtime/Options.cpp:
316         (JSC::recomputeDependentOptions):
317
318 2018-11-26  Caio Lima  <ticaiolima@gmail.com>
319
320         Re-introduce op_bitnot
321         https://bugs.webkit.org/show_bug.cgi?id=190923
322
323         Reviewed by Yusuke Suzuki.
324
325         With the introduction of BigInt as a new type, we can't emit bitwise
326         not as `x ^ -1` anymore, because this is incompatible with the new type.
327         Based on that, this Patch is adding `op_bitnot` as a new operation
328         into LLInt, as well as introducing ArithBitNot node into DFG to support
329         JIT compilation of such opcode. We will use the ValueProfile of this
330         intruction in the future to generate better code when its operand
331         is not Int32.
332
333         * assembler/MacroAssemblerARM64.h:
334         (JSC::MacroAssemblerARM64::not32):
335         * assembler/MacroAssemblerARMv7.h:
336         (JSC::MacroAssemblerARMv7::not32):
337         * assembler/MacroAssemblerMIPS.h:
338         (JSC::MacroAssemblerMIPS::not32):
339         * bytecode/BytecodeList.rb:
340         * bytecode/BytecodeUseDef.h:
341         (JSC::computeUsesForBytecodeOffset):
342         (JSC::computeDefsForBytecodeOffset):
343         * bytecode/CodeBlock.cpp:
344         (JSC::CodeBlock::finishCreation):
345         * bytecode/Opcode.h:
346         (JSC::padOpcodeName):
347         * bytecompiler/BytecodeGenerator.cpp:
348         (JSC::BytecodeGenerator::emitUnaryOp):
349         * bytecompiler/NodesCodegen.cpp:
350         (JSC::UnaryPlusNode::emitBytecode):
351         (JSC::BitwiseNotNode::emitBytecode): Deleted.
352         * dfg/DFGAbstractInterpreterInlines.h:
353         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
354         * dfg/DFGBackwardsPropagationPhase.cpp:
355         (JSC::DFG::BackwardsPropagationPhase::propagate):
356         * dfg/DFGByteCodeParser.cpp:
357         (JSC::DFG::ByteCodeParser::parseBlock):
358         * dfg/DFGCapabilities.cpp:
359         (JSC::DFG::capabilityLevel):
360         * dfg/DFGClobberize.h:
361         (JSC::DFG::clobberize):
362         * dfg/DFGDoesGC.cpp:
363         (JSC::DFG::doesGC):
364         * dfg/DFGFixupPhase.cpp:
365         (JSC::DFG::FixupPhase::fixupNode):
366         * dfg/DFGNodeType.h:
367         * dfg/DFGOperations.cpp:
368         * dfg/DFGOperations.h:
369         * dfg/DFGPredictionPropagationPhase.cpp:
370         * dfg/DFGSafeToExecute.h:
371         (JSC::DFG::safeToExecute):
372         * dfg/DFGSpeculativeJIT.cpp:
373         (JSC::DFG::SpeculativeJIT::compileBitwiseNot):
374         * dfg/DFGSpeculativeJIT.h:
375         * dfg/DFGSpeculativeJIT32_64.cpp:
376         (JSC::DFG::SpeculativeJIT::compile):
377         * dfg/DFGSpeculativeJIT64.cpp:
378         (JSC::DFG::SpeculativeJIT::compile):
379         * ftl/FTLCapabilities.cpp:
380         (JSC::FTL::canCompile):
381         * ftl/FTLLowerDFGToB3.cpp:
382         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
383         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitNot):
384         * jit/JIT.cpp:
385         (JSC::JIT::privateCompileMainPass):
386         (JSC::JIT::privateCompileSlowCases):
387         * jit/JIT.h:
388         * jit/JITArithmetic.cpp:
389         (JSC::JIT::emit_op_bitnot):
390         * llint/LowLevelInterpreter32_64.asm:
391         * llint/LowLevelInterpreter64.asm:
392         * offlineasm/cloop.rb:
393         * parser/NodeConstructors.h:
394         (JSC::BitwiseNotNode::BitwiseNotNode):
395         * parser/Nodes.h:
396         * parser/ResultType.h:
397         (JSC::ResultType::bigIntOrInt32Type):
398         (JSC::ResultType::forBitOp):
399         * runtime/CommonSlowPaths.cpp:
400         (JSC::SLOW_PATH_DECL):
401         * runtime/CommonSlowPaths.h:
402
403 2018-11-26  Saam barati  <sbarati@apple.com>
404
405         InPlaceAbstractState::endBasicBlock rule for SetLocal should filter the value based on the flush format
406         https://bugs.webkit.org/show_bug.cgi?id=191956
407         <rdar://problem/45665806>
408
409         Reviewed by Yusuke Suzuki.
410
411         This is a similar bug to what Keith fixed in r232134. The issue is if we have
412         a program like this:
413         
414         a: JSConstant(jsNumber(0))
415         b: SetLocal(Int32:@a, loc1, FlushedInt32)
416         c: ArrayifyToStructure(Cell:@a)
417         d: Jump(...)
418         
419         At the point in the program right after the Jump, a GetLocal for loc1
420         would return whatever the ArrayifyToStructure resulting type is. This breaks
421         the invariant that a GetLocal must return a value that is a subtype of its
422         FlushFormat. InPlaceAbstractState::endBasicBlock will know if a SetLocal is
423         the final node touching a local slot. If so, it'll see if any nodes later
424         in the block may have refined the type of the value stored in that slot. If
425         so, endBasicBlock() further refines the type to ensure that any GetLocals
426         loading from the same slot will result in having this more refined type.
427         However, we must ensure that this logic only considers types within the
428         hierarchy of the variable access data's FlushFormat, otherwise, we may
429         break the invariant that a GetLocal's type is a subtype of its FlushFormat.
430
431         * dfg/DFGInPlaceAbstractState.cpp:
432         (JSC::DFG::InPlaceAbstractState::endBasicBlock):
433
434 2018-11-26  Saam barati  <sbarati@apple.com>
435
436         Object allocation sinking phase needs to iterate each scope offset instead of just iterating the symbol table's hashmap when handling an activation
437         https://bugs.webkit.org/show_bug.cgi?id=191958
438         <rdar://problem/46221877>
439
440         Reviewed by Yusuke Suzuki.
441
442         There may be more entries in an activation than unique variables
443         in a symbol table's hashmap. For example, if you have two parameters
444         to a function, and they both are the same name, and the function
445         uses eval, we'll end up with two scope slots, but only a single
446         entry in the hashmap in the symbol table. Object allocation sinking
447         phase was previously iterating over the hashmap, assuming these
448         values were equivalent. This is wrong in the above case. Instead,
449         we need to iterate over each scope offset.
450
451         * dfg/DFGObjectAllocationSinkingPhase.cpp:
452         * runtime/GenericOffset.h:
453         (JSC::GenericOffset::operator+=):
454         (JSC::GenericOffset::operator-=):
455
456 2018-11-26  Mark Lam  <mark.lam@apple.com>
457
458         NaNs read from Wasm code needs to be be purified.
459         https://bugs.webkit.org/show_bug.cgi?id=191056
460         <rdar://problem/45660341>
461
462         Reviewed by Filip Pizlo.
463
464         * wasm/js/WebAssemblyModuleRecord.cpp:
465         (JSC::WebAssemblyModuleRecord::link):
466
467 2018-11-26  Tadeu Zagallo  <tzagallo@apple.com>
468
469         ASSERTION FAILED: m_outOfLineJumpTargets.contains(bytecodeOffset)
470         https://bugs.webkit.org/show_bug.cgi?id=191716
471         <rdar://problem/45723878>
472
473         Reviewed by Saam Barati.
474
475         After https://bugs.webkit.org/show_bug.cgi?id=187373, when updating
476         jump targets during generatorification, we only stored the new jump
477         target when it changed. However, the out-of-line jump targets are
478         cleared at the beginning of the pass, so we need to store it
479         unconditionally.
480
481         * bytecode/PreciseJumpTargetsInlines.h:
482         (JSC::extractStoredJumpTargetsForInstruction):
483         (JSC::updateStoredJumpTargetsForInstruction):
484
485 2018-11-23  Wenson Hsieh  <wenson_hsieh@apple.com>
486
487         Enable drag and drop support for iOSMac
488         https://bugs.webkit.org/show_bug.cgi?id=191818
489         <rdar://problem/43907454>
490
491         Reviewed by Dean Jackson.
492
493         * Configurations/FeatureDefines.xcconfig:
494
495 2018-11-22  Mark Lam  <mark.lam@apple.com>
496
497         Make the jsc shell's dumpException() more robust against long exception strings.
498         https://bugs.webkit.org/show_bug.cgi?id=191910
499         <rdar://problem/46212980>
500
501         Reviewed by Michael Saboff.
502
503         This only affects the dumping of the exception string in the jsc shell due to
504         unhandled exceptions or exceptions at shell boot time before any JS code is
505         running.
506
507         * jsc.cpp:
508         (dumpException):
509
510 2018-11-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
511
512         [JSC] Drop ARM_TRADITIONAL support in LLInt, baseline JIT, and DFG
513         https://bugs.webkit.org/show_bug.cgi?id=191675
514
515         Reviewed by Mark Lam.
516
517         We no longer maintain ARM_TRADITIONAL LLInt and JIT in JSC. This architecture will use
518         CLoop instead. This patch removes ARM_TRADITIONAL support in LLInt and JIT.
519
520         Discussed in https://lists.webkit.org/pipermail/webkit-dev/2018-October/030220.html.
521
522         * CMakeLists.txt:
523         * JavaScriptCore.xcodeproj/project.pbxproj:
524         * Sources.txt:
525         * assembler/ARMAssembler.cpp: Removed.
526         * assembler/ARMAssembler.h: Removed.
527         * assembler/LinkBuffer.cpp:
528         (JSC::LinkBuffer::linkCode):
529         (JSC::LinkBuffer::dumpCode):
530         * assembler/MacroAssembler.h:
531         (JSC::MacroAssembler::patchableBranch32):
532         * assembler/MacroAssemblerARM.cpp: Removed.
533         * assembler/MacroAssemblerARM.h: Removed.
534         * assembler/PerfLog.cpp:
535         * assembler/PerfLog.h:
536         * assembler/ProbeContext.h:
537         (JSC::Probe::CPUState::pc):
538         (JSC::Probe::CPUState::fp):
539         (JSC::Probe::CPUState::sp):
540         * assembler/testmasm.cpp:
541         (JSC::isPC):
542         (JSC::testProbeModifiesStackPointer):
543         (JSC::testProbeModifiesStackValues):
544         * bytecode/InlineAccess.h:
545         (JSC::InlineAccess::sizeForPropertyAccess):
546         (JSC::InlineAccess::sizeForPropertyReplace):
547         (JSC::InlineAccess::sizeForLengthAccess):
548         * dfg/DFGSpeculativeJIT.h:
549         * disassembler/CapstoneDisassembler.cpp:
550         (JSC::tryToDisassemble):
551         * jit/AssemblyHelpers.cpp:
552         (JSC::AssemblyHelpers::debugCall):
553         * jit/AssemblyHelpers.h:
554         * jit/CCallHelpers.h:
555         (JSC::CCallHelpers::setupArgumentsImpl):
556         (JSC::CCallHelpers::prepareForTailCallSlow):
557         * jit/CallFrameShuffler.cpp:
558         (JSC::CallFrameShuffler::prepareForTailCall):
559         * jit/HostCallReturnValue.cpp:
560         * jit/JITMathIC.h:
561         (JSC::isProfileEmpty):
562         * jit/RegisterSet.cpp:
563         (JSC::RegisterSet::reservedHardwareRegisters):
564         (JSC::RegisterSet::calleeSaveRegisters):
565         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
566         (JSC::RegisterSet::dfgCalleeSaveRegisters):
567         * jit/Repatch.cpp:
568         (JSC::forceICFailure):
569         * jit/ThunkGenerators.cpp:
570         (JSC::nativeForGenerator):
571         * llint/LLIntOfflineAsmConfig.h:
572         * llint/LowLevelInterpreter.asm:
573         * llint/LowLevelInterpreter32_64.asm:
574         * offlineasm/arm.rb:
575         * offlineasm/backends.rb:
576         * yarr/YarrJIT.cpp:
577         (JSC::Yarr::YarrGenerator::generateEnter):
578         (JSC::Yarr::YarrGenerator::generateReturn):
579
580 2018-11-21  Saam barati  <sbarati@apple.com>
581
582         DFGSpeculativeJIT should not &= exitOK with mayExit(node)
583         https://bugs.webkit.org/show_bug.cgi?id=191897
584         <rdar://problem/45871998>
585
586         Reviewed by Mark Lam.
587
588         exitOK is a statement about it being legal to exit. mayExit() is about being
589         conservative and returning false only if an OSR exit *could never* happen.
590         mayExit() tries to be as smart as possible to see if it can return false.
591         It can't return false if a runtime exit *could* happen. However, there is
592         code in the compiler where mayExit() returns false (because it uses data
593         generated from AI about type checks being proved), but the code we emit in the
594         compiler backend unconditionally generates an OSR exit, even if that exit may
595         never execute. For example, let's say we have this IR:
596         
597         SomeNode(Boolean:@input)
598         
599         And we always emit code like this as a way of emitting a boolean type check:
600         
601         jump L1 if input == true
602         jump L1 if input == false
603         emit an OSR exit
604         
605         In such a program, when we generate the above OSR exit, in a validationEnabled()
606         build, and if @input is proved to be a boolean, we'll end up crashing because we
607         have the bogus assertion saying !exitOK. This is one reason why things are cleaner
608         if we don't conflate mayExit() with exitOK.
609
610         * dfg/DFGSpeculativeJIT.cpp:
611         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
612
613 2018-11-21  Saam barati  <sbarati@apple.com>
614
615         Fix assertion in KnownCellUse inside SpeculativeJIT::speculate
616         https://bugs.webkit.org/show_bug.cgi?id=191895
617         <rdar://problem/46167406>
618
619         Reviewed by Mark Lam.
620
621         We were asserting that the input edge should have type SpecCell but it should
622         really be SpecCellCheck since the type filter for KnownCellUse is SpecCellCheck.
623         
624         This patch cleans up that assertion code by joining a bunch of cases into a
625         single function call which grabs the type filter for the edge UseKind and
626         asserts that the incoming edge meets the type filter criteria.
627
628         * dfg/DFGSpeculativeJIT.cpp:
629         (JSC::DFG::SpeculativeJIT::speculate):
630         * ftl/FTLLowerDFGToB3.cpp:
631         (JSC::FTL::DFG::LowerDFGToB3::speculate):
632
633 2018-11-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
634
635         [JSC] Use ProtoCallFrame::numberOfRegisters instead of raw number `4`
636         https://bugs.webkit.org/show_bug.cgi?id=191877
637
638         Reviewed by Sam Weinig.
639
640         Instead of hard-coding `4` into LowLevelInterpreter, use ProtoCallFrame::numberOfRegisters.
641
642         * interpreter/ProtoCallFrame.h:
643         * llint/LowLevelInterpreter32_64.asm:
644         * llint/LowLevelInterpreter64.asm:
645
646 2018-11-21  Mark Lam  <mark.lam@apple.com>
647
648         Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError.
649         https://bugs.webkit.org/show_bug.cgi?id=191776
650         <rdar://problem/46152851>
651
652         Reviewed by Saam Barati.
653
654         * wasm/WasmMemory.cpp:
655         (JSC::Wasm::Memory::tryCreate):
656         - return nullptr if the requested bytes exceed MAX_ARRAY_BUFFER_SIZE.
657           The clients will already do a null check and throw an OutOfMemoryError if needed.
658         (JSC::Wasm::Memory::grow):
659         - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE.
660         * wasm/js/WebAssemblyMemoryConstructor.cpp:
661         (JSC::constructJSWebAssemblyMemory):
662         - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE.
663
664 2018-11-21  Caio Lima  <ticaiolima@gmail.com>
665
666         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
667         https://bugs.webkit.org/show_bug.cgi?id=190836
668
669         Reviewed by Saam Barati and Yusuke Suzuki.
670
671         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
672         where we allocate a BigInt trusting the length received as argument.
673         With this additional method, we now check if length passed to
674         `JSBigInt::tryCreateWithLength` is not greater than JSBigInt::maxLength.
675         When the length is greater than JSBigInt::maxLength, we then throw OOM
676         exception.
677         This required us to change the interface of some JSBigInt operations to
678         receive `ExecState*` instead of `VM&`. We changed only operations that
679         can throw because of OOM.
680         We beleive that this approach of throwing instead of finishing the
681         execution abruptly is better because JS programs can catch such
682         exception and handle this issue properly.
683
684         * dfg/DFGOperations.cpp:
685         * jit/JITOperations.cpp:
686         * runtime/CommonSlowPaths.cpp:
687         (JSC::SLOW_PATH_DECL):
688         * runtime/JSBigInt.cpp:
689         (JSC::JSBigInt::createZero):
690         (JSC::JSBigInt::tryCreateWithLength):
691         (JSC::JSBigInt::createWithLengthUnchecked):
692         (JSC::JSBigInt::createFrom):
693         (JSC::JSBigInt::multiply):
694         (JSC::JSBigInt::divide):
695         (JSC::JSBigInt::copy):
696         (JSC::JSBigInt::unaryMinus):
697         (JSC::JSBigInt::remainder):
698         (JSC::JSBigInt::add):
699         (JSC::JSBigInt::sub):
700         (JSC::JSBigInt::bitwiseAnd):
701         (JSC::JSBigInt::bitwiseOr):
702         (JSC::JSBigInt::bitwiseXor):
703         (JSC::JSBigInt::absoluteAdd):
704         (JSC::JSBigInt::absoluteSub):
705         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
706         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
707         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
708         (JSC::JSBigInt::absoluteBitwiseOp):
709         (JSC::JSBigInt::absoluteAddOne):
710         (JSC::JSBigInt::absoluteSubOne):
711         (JSC::JSBigInt::toStringGeneric):
712         (JSC::JSBigInt::rightTrim):
713         (JSC::JSBigInt::allocateFor):
714         (JSC::JSBigInt::createWithLength): Deleted.
715         * runtime/JSBigInt.h:
716         * runtime/Operations.cpp:
717         (JSC::jsAddSlowCase):
718         * runtime/Operations.h:
719         (JSC::jsSub):
720         (JSC::jsMul):
721
722 2018-11-20  Mark Lam  <mark.lam@apple.com>
723
724         Remove invalid assertion in VMTraps::SignalSender's SignalAction.
725         https://bugs.webkit.org/show_bug.cgi?id=191856
726         <rdar://problem/46089992>
727
728         Reviewed by Yusuke Suzuki.
729
730         The ASSERT(vm.traps().needTrapHandling()) assertion in SignalSender's SigAction
731         function is invalid because we can't be sure that the trap has been handled yet
732         by the time the trap fires.  This is because the main thread may also check traps
733         (in LLInt, baseline JIT and VM runtime code).  There's a race to handle the trap.
734         Hence, the SigAction cannot assume that the trap still needs handling by the time
735         it is executed.  This patch removed the invalid assertion.
736
737         Also renamed m_trapSet to m_condition because it is a AutomaticThreadCondition,
738         and all the ways it is used is as a condvar.  The m_trapSet name doesn't seem
739         appropriate nor meaningful.
740
741         * runtime/VMTraps.cpp:
742         (JSC::VMTraps::tryInstallTrapBreakpoints):
743         - Added a !needTrapHandling() check as an optimization: there's no need to install
744           VMTrap breakpoints if someone already beat us to handling the trap (remember,
745           the main thread is racing against the VMTraps signalling thread to handle the
746           trap too).  We only need to install the VMTraps breakpoints if we need DFG/FTL
747           compiled code to deopt so that they can check and handle pending traps.  If the
748           trap has already been handled, it's better to not deopt any DFG/FTL functions.
749
750         (JSC::VMTraps::willDestroyVM):
751         (JSC::VMTraps::fireTrap):
752         (JSC::VMTraps::VMTraps):
753         * runtime/VMTraps.h:
754
755 2018-11-21  Dominik Infuehr  <dinfuehr@igalia.com>
756
757         Enable JIT on ARM/Linux
758         https://bugs.webkit.org/show_bug.cgi?id=191548
759
760         Reviewed by Yusuke Suzuki.
761
762         Enable JIT by default on ARMv7/Linux after it was disabled with
763         recent bytcode format change.
764
765         * bytecode/CodeBlock.cpp:
766         (JSC::CodeBlock::getICStatusMap):
767         * bytecode/CodeBlock.h:
768         (JSC::CodeBlock::metadata):
769         * bytecode/InByIdStatus.cpp:
770         (JSC::InByIdStatus::computeFor):
771         * bytecode/Instruction.h:
772         (JSC::Instruction::cast):
773         * bytecode/MetadataTable.h:
774         (JSC::MetadataTable::forEach):
775         * bytecode/PutByIdStatus.cpp:
776         (JSC::PutByIdStatus::computeFor):
777         (JSC::PutByIdStatus::hasExitSite): Deleted.
778         * bytecode/PutByIdStatus.h:
779         * dfg/DFGOSRExit.cpp:
780         (JSC::DFG::reifyInlinedCallFrames):
781         * dfg/DFGOSRExitCompilerCommon.cpp:
782         (JSC::DFG::reifyInlinedCallFrames):
783         * generator/Argument.rb:
784         * generator/Opcode.rb:
785         * jit/GPRInfo.h:
786         * jit/JIT.h:
787         * jit/JITArithmetic32_64.cpp:
788         (JSC::JIT::emit_compareAndJump):
789         (JSC::JIT::emit_compareUnsignedAndJump):
790         (JSC::JIT::emit_compareUnsigned):
791         (JSC::JIT::emit_compareAndJumpSlow):
792         (JSC::JIT::emit_op_unsigned):
793         (JSC::JIT::emit_op_inc):
794         (JSC::JIT::emit_op_dec):
795         (JSC::JIT::emitBinaryDoubleOp):
796         (JSC::JIT::emit_op_mod):
797         (JSC::JIT::emitSlow_op_mod):
798         * jit/JITCall32_64.cpp:
799         (JSC::JIT::emitPutCallResult):
800         (JSC::JIT::emit_op_ret):
801         (JSC::JIT::emitSlow_op_call):
802         (JSC::JIT::emitSlow_op_tail_call):
803         (JSC::JIT::emitSlow_op_call_eval):
804         (JSC::JIT::emitSlow_op_call_varargs):
805         (JSC::JIT::emitSlow_op_tail_call_varargs):
806         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
807         (JSC::JIT::emitSlow_op_construct_varargs):
808         (JSC::JIT::emitSlow_op_construct):
809         (JSC::JIT::emit_op_call):
810         (JSC::JIT::emit_op_tail_call):
811         (JSC::JIT::emit_op_call_eval):
812         (JSC::JIT::emit_op_call_varargs):
813         (JSC::JIT::emit_op_tail_call_varargs):
814         (JSC::JIT::emit_op_tail_call_forward_arguments):
815         (JSC::JIT::emit_op_construct_varargs):
816         (JSC::JIT::emit_op_construct):
817         (JSC::JIT::compileSetupFrame):
818         (JSC::JIT::compileCallEval):
819         (JSC::JIT::compileCallEvalSlowCase):
820         (JSC::JIT::compileOpCall):
821         (JSC::JIT::compileOpCallSlowCase):
822         (JSC::JIT::compileSetupVarargsFrame): Deleted.
823         * jit/JITInlines.h:
824         (JSC::JIT::updateTopCallFrame):
825         * jit/JITOpcodes.cpp:
826         (JSC::JIT::emit_op_catch):
827         (JSC::JIT::emitSlow_op_loop_hint):
828         * jit/JITOpcodes32_64.cpp:
829         (JSC::JIT::emit_op_mov):
830         (JSC::JIT::emit_op_end):
831         (JSC::JIT::emit_op_jmp):
832         (JSC::JIT::emit_op_new_object):
833         (JSC::JIT::emitSlow_op_new_object):
834         (JSC::JIT::emit_op_overrides_has_instance):
835         (JSC::JIT::emit_op_instanceof):
836         (JSC::JIT::emit_op_instanceof_custom):
837         (JSC::JIT::emitSlow_op_instanceof):
838         (JSC::JIT::emitSlow_op_instanceof_custom):
839         (JSC::JIT::emit_op_is_empty):
840         (JSC::JIT::emit_op_is_undefined):
841         (JSC::JIT::emit_op_is_boolean):
842         (JSC::JIT::emit_op_is_number):
843         (JSC::JIT::emit_op_is_cell_with_type):
844         (JSC::JIT::emit_op_is_object):
845         (JSC::JIT::emit_op_to_primitive):
846         (JSC::JIT::emit_op_set_function_name):
847         (JSC::JIT::emit_op_not):
848         (JSC::JIT::emit_op_jfalse):
849         (JSC::JIT::emit_op_jtrue):
850         (JSC::JIT::emit_op_jeq_null):
851         (JSC::JIT::emit_op_jneq_null):
852         (JSC::JIT::emit_op_jneq_ptr):
853         (JSC::JIT::emit_op_eq):
854         (JSC::JIT::emitSlow_op_eq):
855         (JSC::JIT::emit_op_jeq):
856         (JSC::JIT::emitSlow_op_jeq):
857         (JSC::JIT::emit_op_neq):
858         (JSC::JIT::emitSlow_op_neq):
859         (JSC::JIT::emit_op_jneq):
860         (JSC::JIT::emitSlow_op_jneq):
861         (JSC::JIT::compileOpStrictEq):
862         (JSC::JIT::emit_op_stricteq):
863         (JSC::JIT::emit_op_nstricteq):
864         (JSC::JIT::compileOpStrictEqJump):
865         (JSC::JIT::emit_op_jstricteq):
866         (JSC::JIT::emit_op_jnstricteq):
867         (JSC::JIT::emitSlow_op_jstricteq):
868         (JSC::JIT::emitSlow_op_jnstricteq):
869         (JSC::JIT::emit_op_eq_null):
870         (JSC::JIT::emit_op_neq_null):
871         (JSC::JIT::emit_op_throw):
872         (JSC::JIT::emit_op_to_number):
873         (JSC::JIT::emit_op_to_string):
874         (JSC::JIT::emit_op_to_object):
875         (JSC::JIT::emit_op_catch):
876         (JSC::JIT::emit_op_identity_with_profile):
877         (JSC::JIT::emit_op_get_parent_scope):
878         (JSC::JIT::emit_op_switch_imm):
879         (JSC::JIT::emit_op_switch_char):
880         (JSC::JIT::emit_op_switch_string):
881         (JSC::JIT::emit_op_debug):
882         (JSC::JIT::emit_op_enter):
883         (JSC::JIT::emit_op_get_scope):
884         (JSC::JIT::emit_op_create_this):
885         (JSC::JIT::emit_op_to_this):
886         (JSC::JIT::emit_op_check_tdz):
887         (JSC::JIT::emit_op_has_structure_property):
888         (JSC::JIT::privateCompileHasIndexedProperty):
889         (JSC::JIT::emit_op_has_indexed_property):
890         (JSC::JIT::emitSlow_op_has_indexed_property):
891         (JSC::JIT::emit_op_get_direct_pname):
892         (JSC::JIT::emit_op_enumerator_structure_pname):
893         (JSC::JIT::emit_op_enumerator_generic_pname):
894         (JSC::JIT::emit_op_profile_type):
895         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
896         (JSC::JIT::emit_op_log_shadow_chicken_tail):
897         * jit/JITPropertyAccess32_64.cpp:
898         (JSC::JIT::emit_op_put_getter_by_id):
899         (JSC::JIT::emit_op_put_setter_by_id):
900         (JSC::JIT::emit_op_put_getter_setter_by_id):
901         (JSC::JIT::emit_op_put_getter_by_val):
902         (JSC::JIT::emit_op_put_setter_by_val):
903         (JSC::JIT::emit_op_del_by_id):
904         (JSC::JIT::emit_op_del_by_val):
905         (JSC::JIT::emit_op_get_by_val):
906         (JSC::JIT::emitGetByValWithCachedId):
907         (JSC::JIT::emitSlow_op_get_by_val):
908         (JSC::JIT::emit_op_put_by_val_direct):
909         (JSC::JIT::emit_op_put_by_val):
910         (JSC::JIT::emitGenericContiguousPutByVal):
911         (JSC::JIT::emitArrayStoragePutByVal):
912         (JSC::JIT::emitPutByValWithCachedId):
913         (JSC::JIT::emitSlow_op_put_by_val):
914         (JSC::JIT::emit_op_try_get_by_id):
915         (JSC::JIT::emitSlow_op_try_get_by_id):
916         (JSC::JIT::emit_op_get_by_id_direct):
917         (JSC::JIT::emitSlow_op_get_by_id_direct):
918         (JSC::JIT::emit_op_get_by_id):
919         (JSC::JIT::emitSlow_op_get_by_id):
920         (JSC::JIT::emit_op_get_by_id_with_this):
921         (JSC::JIT::emitSlow_op_get_by_id_with_this):
922         (JSC::JIT::emit_op_put_by_id):
923         (JSC::JIT::emitSlow_op_put_by_id):
924         (JSC::JIT::emit_op_in_by_id):
925         (JSC::JIT::emitSlow_op_in_by_id):
926         (JSC::JIT::emit_op_resolve_scope):
927         (JSC::JIT::emit_op_get_from_scope):
928         (JSC::JIT::emitSlow_op_get_from_scope):
929         (JSC::JIT::emit_op_put_to_scope):
930         (JSC::JIT::emitSlow_op_put_to_scope):
931         (JSC::JIT::emit_op_get_from_arguments):
932         (JSC::JIT::emit_op_put_to_arguments):
933         * jit/RegisterSet.cpp:
934         (JSC::RegisterSet::vmCalleeSaveRegisters):
935         * llint/LLIntData.cpp:
936         (JSC::LLInt::Data::performAssertions):
937         * llint/LowLevelInterpreter.asm:
938         * runtime/SamplingProfiler.cpp:
939         (JSC::tryGetBytecodeIndex):
940
941 2018-11-20  Saam barati  <sbarati@apple.com>
942
943         Merging an IC variant may lead to the IC status containing overlapping structure sets
944         https://bugs.webkit.org/show_bug.cgi?id=191869
945         <rdar://problem/45403453>
946
947         Reviewed by Mark Lam.
948
949         When merging two IC variant lists, we may end up in a world where we have
950         overlapping structure sets. We defend against this when we append a new
951         variant, but we should also defend against it once we merge in a new variant.
952         
953         Consider this case with MultiPutByOffset, where we merge two PutByIdStatuses
954         together, P1 and P2.
955         
956         Let's consider these structures:
957         s1 = {}
958         s2 = {p: 0}
959         s3 = {p: 0, p2: 1}
960         
961         P1 contains these variants:
962         Transition: [s1 => s2]
963         Replace: [s2, s3]
964         
965         P2 contains:
966         Replace: [s2]
967         
968         Because of the ordering of the variants, we may end up combining
969         P2's replace into P1's transition, forming this new list:
970         Transition: [(s1, s2) => s2]
971         Replace: [s2, s3]
972         
973         Obviously the ideal thing here is to have some ordering when we merge
974         in variants to choose the most ideal option. It'd be ideal for P2's
975         Replace to be merged into P1's replace.
976         
977         If we notice that this is super important, we can implement some kind
978         of ordering. None of our tests (until this patch) stress this. This patch
979         just makes it so we defend against this crazy scenario by falling back
980         to the slow path gracefully. This prevents us from emitting invalid
981         IR in FTL->B3 lowering by creating a switch with two case labels being
982         identical values.
983
984         * bytecode/ICStatusUtils.h:
985         (JSC::appendICStatusVariant):
986
987 2018-11-20  Fujii Hironori  <Hironori.Fujii@sony.com>
988
989         REGRESSION(r238039) WebCore::JSDOMGlobalObject::createStructure is using JSC::Structure::create without including StructureInlines.h
990         https://bugs.webkit.org/show_bug.cgi?id=191626
991         <rdar://problem/46161064>
992
993         Unreviewed adding comment for my change r238366.
994
995         * runtime/Structure.h: Added a comment for Structure::create.
996
997 2018-11-19  Mark Lam  <mark.lam@apple.com>
998
999         globalFuncImportModule() should return a promise when it clears exceptions.
1000         https://bugs.webkit.org/show_bug.cgi?id=191792
1001         <rdar://problem/46090763>
1002
1003         Reviewed by Michael Saboff.
1004
1005         If we're clearing the exceptions in a CatchScope, then it means that we've handled
1006         the exception, and is able to proceed in a normal manner.  Hence, we should not
1007         return the empty JSValue in this case: instead, we should return a Promise as
1008         expected by import's API.
1009
1010         The only time when we can't return a promise is when we fail to create a Promise.
1011         In that case, we should be propagating the exception.
1012
1013         Hence, globalFuncImportModule() contains a ThrowScope (for propagating the
1014         exception that arises from failure to create the Promise) wrapping a CatchScope
1015         (for catching any exception that arises from failure to execute the import).
1016
1017         Also fixed similar issues, and some exception check issues in JSModuleLoader and
1018         the jsc shell.
1019
1020         * jsc.cpp:
1021         (GlobalObject::moduleLoaderImportModule):
1022         (GlobalObject::moduleLoaderFetch):
1023         * runtime/JSGlobalObjectFunctions.cpp:
1024         (JSC::globalFuncImportModule):
1025         * runtime/JSModuleLoader.cpp:
1026         (JSC::JSModuleLoader::loadAndEvaluateModule):
1027         (JSC::JSModuleLoader::loadModule):
1028         (JSC::JSModuleLoader::requestImportModule):
1029         (JSC::JSModuleLoader::importModule):
1030         (JSC::JSModuleLoader::resolve):
1031         (JSC::JSModuleLoader::fetch):
1032         (JSC::moduleLoaderParseModule):
1033         (JSC::moduleLoaderResolveSync):
1034
1035 2018-11-19  Alex Christensen  <achristensen@webkit.org>
1036
1037         Add SPI to disable JIT in a WKWebView
1038         https://bugs.webkit.org/show_bug.cgi?id=191822
1039         <rdar://problem/28119360>
1040
1041         Reviewed by Geoffrey Garen.
1042
1043         * jit/ExecutableAllocator.cpp:
1044         (JSC::jitDisabled):
1045         (JSC::allowJIT):
1046         (JSC::ExecutableAllocator::setJITEnabled):
1047         * jit/ExecutableAllocator.h:
1048         (JSC::ExecutableAllocator::setJITEnabled):
1049
1050 2018-11-19  Fujii Hironori  <Hironori.Fujii@sony.com>
1051
1052         [MSVC] X86Assembler.h(108): error C2666: 'WebCore::operator -': 7 overloads have similar conversions
1053         https://bugs.webkit.org/show_bug.cgi?id=189467
1054         <rdar://problem/44290945>
1055
1056         Reviewed by Mark Lam.
1057
1058         This issue has happened several times. And, it seems that it will
1059         take more time for Microsoft to fix the MSVC bug. We need a
1060         effective workaround not to repeat this issue until they fix MSVC.
1061
1062         Remove ": int8_t" of RegisterID only for COMPILER(MSVC).
1063
1064         * assembler/X86Assembler.h: Added JSC_X86_ASM_REGISTER_ID_ENUM_BASE_TYPE macro.
1065
1066 2018-11-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1067
1068         [WebAssembly] I64 arguments / return value check should be moved from callWebAssemblyFunction to JSToWasm wrapper
1069         https://bugs.webkit.org/show_bug.cgi?id=190512
1070
1071         Reviewed by Keith Miller.
1072
1073         This patch moves I64 arguments / return value check from callWebAssemblyFunction to JSToWasm wrapper. Since this
1074         check can be done when compiling the function, we should encode the result into the generated wrapper instead of
1075         checking every time we call callWebAssemblyFunction. This change is also one of the steps removing callWebAssemblyFunction
1076         entirely.
1077
1078         * wasm/WasmExceptionType.h:
1079         * wasm/js/JSToWasm.cpp:
1080         (JSC::Wasm::createJSToWasmWrapper):
1081         * wasm/js/WebAssemblyFunction.cpp:
1082         (JSC::callWebAssemblyFunction):
1083         * wasm/js/WebAssemblyWrapperFunction.cpp:
1084         (JSC::callWebAssemblyWrapperFunction):
1085
1086 2018-11-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1087
1088         Consider removing double load for accessing the instructions from LLInt
1089         https://bugs.webkit.org/show_bug.cgi?id=190932
1090
1091         Reviewed by Mark Lam.
1092
1093         Changing InstructionStream to RefCountedArray like structure involves so much changes
1094         including BytecodeGraph, PreciseJumpTargets etc. Instead, CodeBlock simply hold a raw
1095         pointer to the InstructionStream's data. Since InstructionStream is not changed
1096         anymore, this pointer is valid while CodeBlock is live.
1097
1098         * bytecode/CodeBlock.cpp:
1099         (JSC::CodeBlock::CodeBlock):
1100         * bytecode/CodeBlock.h:
1101         * bytecode/InstructionStream.h:
1102         (JSC::InstructionStream::rawPointer const):
1103         * llint/LowLevelInterpreter.asm:
1104         * llint/LowLevelInterpreter32_64.asm:
1105         * llint/LowLevelInterpreter64.asm:
1106
1107 2018-11-18  Fujii Hironori  <Hironori.Fujii@sony.com>
1108
1109         REGRESSION(r238039) WebCore::JSDOMGlobalObject::createStructure is using JSC::Structure::create without including StructureInlines.h
1110         https://bugs.webkit.org/show_bug.cgi?id=191626
1111
1112         Reviewed by Yusuke Suzuki.
1113
1114         JSC::Structure::create is used everywhere. It should be defined in
1115         Structure.h, not in StructureInlines.h.
1116
1117         * runtime/Structure.h:
1118         (JSC::Structure::create): Moved.
1119         * runtime/StructureInlines.h: Moved JSC::Structure::create.
1120
1121 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1122
1123         Unreviewed, rolling in the rest of r237254
1124         https://bugs.webkit.org/show_bug.cgi?id=190340
1125
1126         * parser/ParserModes.h:
1127         * parser/ParserTokens.h:
1128         (JSC::JSTextPosition::JSTextPosition):
1129         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
1130         * runtime/CodeCache.cpp:
1131         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1132         * runtime/FunctionConstructor.cpp:
1133         (JSC::constructFunctionSkippingEvalEnabledCheck):
1134
1135 2018-11-17  Devin Rousso  <drousso@apple.com>
1136
1137         Web Inspector: Network: add button to show system certificate dialog
1138         https://bugs.webkit.org/show_bug.cgi?id=191458
1139         <rdar://problem/45977019>
1140
1141         Reviewed by Joseph Pecoraro.
1142
1143         * inspector/protocol/Network.json:
1144         Add `getSerializedCertificate` command.
1145
1146 2018-11-17  Dominik Infuehr  <dinfuehr@igalia.com>
1147
1148         Fix build with disabled DFG/FTL
1149         https://bugs.webkit.org/show_bug.cgi?id=191256
1150
1151         Reviewed by Yusuke Suzuki.
1152
1153         Fix compilation errors and warnings with both DFG and FTL
1154         disabled at compile-time.
1155
1156         * bytecode/CodeBlock.cpp:
1157         (JSC::CodeBlock::getICStatusMap):
1158         * bytecode/InByIdStatus.cpp:
1159         (JSC::InByIdStatus::computeFor):
1160         * bytecode/PutByIdStatus.cpp:
1161         (JSC::PutByIdStatus::computeFor):
1162         (JSC::PutByIdStatus::hasExitSite): Deleted.
1163         * bytecode/PutByIdStatus.h:
1164         * jit/JITOpcodes.cpp:
1165         (JSC::JIT::emit_op_catch):
1166
1167 2018-11-16  Joseph Pecoraro  <pecoraro@apple.com>
1168
1169         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Local Inspector)
1170         https://bugs.webkit.org/show_bug.cgi?id=191740
1171         <rdar://problem/45470897>
1172
1173         Reviewed by Timothy Hatcher.
1174
1175         * inspector/InspectorFrontendChannel.h:
1176         Expose EnumTraits for ConnectionType for WebKit IPC messages.
1177
1178 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1179
1180         All users of ArrayBuffer should agree on the same max size
1181         https://bugs.webkit.org/show_bug.cgi?id=191771
1182
1183         Reviewed by Mark Lam.
1184
1185         Array buffers cannot be larger than 0x7fffffff, because otherwise loading typedArray.length in the DFG/FTL would produce
1186         a uint32 or would require a signedness check, neither of which sounds reasonable. It's better to just bound their max size
1187         instead.
1188
1189         * runtime/ArrayBuffer.cpp:
1190         (JSC::ArrayBufferContents::ArrayBufferContents):
1191         (JSC::ArrayBufferContents::tryAllocate):
1192         (JSC::ArrayBufferContents::transferTo):
1193         (JSC::ArrayBufferContents::copyTo):
1194         (JSC::ArrayBufferContents::shareWith):
1195         * runtime/ArrayBuffer.h:
1196         * wasm/WasmMemory.cpp:
1197         (JSC::Wasm::Memory::tryCreate):
1198         (JSC::Wasm::Memory::grow):
1199         * wasm/WasmPageCount.h:
1200
1201 2018-11-16  Saam Barati  <sbarati@apple.com>
1202
1203         KnownCellUse should also have SpecCellCheck as its type filter
1204         https://bugs.webkit.org/show_bug.cgi?id=191729
1205         <rdar://problem/45872852>
1206
1207         Reviewed by Filip Pizlo.
1208
1209         We write transformations in the compiler like this where we emit edges with
1210         KnownCellUse if we know we're inserting code at a point where we're dominated
1211         by a Cell check:
1212         
1213         a: SomeValue
1214         b: Something(Cell:@a)
1215         c: SomethingElse(@b)
1216         d: CheckNotEmpty(@a)
1217         
1218         =>
1219         
1220         a: SomeValue
1221         b: Something(Cell:@a)
1222         e: RandomOtherThing(KnownCellUse:@a)
1223         c: SomethingElse(@b)
1224         d: CheckNotEmpty(@a)
1225         
1226         However, doing this used to lead to subtly incorrect programs since KnownCellUse
1227         did not allow the empty value to flow through it. We used to end up incorrectly
1228         deleting @d in the above program. We fix this, we make KnownCellUse allow the empty
1229         value to flow through.
1230
1231         * dfg/DFGUseKind.h:
1232         (JSC::DFG::typeFilterFor):
1233
1234 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
1235
1236         Fix assertion failure on BytecodeGenerator::recordOpcode
1237         https://bugs.webkit.org/show_bug.cgi?id=191724
1238         <rdar://problem/45724395>
1239
1240         Reviewed by Saam Barati.
1241
1242         Since https://bugs.webkit.org/show_bug.cgi?id=187373, we were not
1243         restoring m_lastInstruction after patching the bytecode when
1244         finalizing StructureForInContexts, only m_lastOpcodeID, which led to
1245         the assertion failure.
1246
1247         * bytecompiler/BytecodeGenerator.cpp:
1248         (JSC::StructureForInContext::finalize):
1249
1250 2018-11-15  Mark Lam  <mark.lam@apple.com>
1251
1252         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
1253         https://bugs.webkit.org/show_bug.cgi?id=191730
1254         <rdar://problem/46048517>
1255
1256         Reviewed by Saam Barati.
1257
1258         According to the spec https://www.ecma-international.org/ecma-262/9.0/index.html#sec-regexp.prototype-@@match,
1259         the RegExp match results are filled in using the spec's CreateDataProperty()
1260         function which does not consult the prototype for setters.  JSArray:push()
1261         consults the prototype for setters.  We should be using putDirectIndex() instead.
1262
1263         * runtime/RegExpObjectInlines.h:
1264         (JSC::collectMatches):
1265
1266 2018-11-15  Mark Lam  <mark.lam@apple.com>
1267
1268         RegExp operations should not take fast patch if lastIndex is not numeric.
1269         https://bugs.webkit.org/show_bug.cgi?id=191731
1270         <rdar://problem/46017305>
1271
1272         Reviewed by Saam Barati.
1273
1274         This is because if lastIndex is an object with a valueOf() method, it can execute
1275         arbitrary code which may have side effects, and side effects are not permitted by
1276         the RegExp fast paths.
1277
1278         * builtins/RegExpPrototype.js:
1279         (globalPrivate.hasObservableSideEffectsForRegExpMatch):
1280         (overriddenName.string_appeared_here.search):
1281         (globalPrivate.hasObservableSideEffectsForRegExpSplit):
1282         (intrinsic.RegExpTestIntrinsic.test):
1283         * builtins/StringPrototype.js:
1284         (globalPrivate.hasObservableSideEffectsForStringReplace):
1285
1286 2018-11-15  Keith Rollin  <krollin@apple.com>
1287
1288         Delete old .xcfilelist files
1289         https://bugs.webkit.org/show_bug.cgi?id=191669
1290         <rdar://problem/46081994>
1291
1292         Reviewed by Chris Dumez.
1293
1294         .xcfilelist files were created and added to the Xcode project files in
1295         https://trac.webkit.org/changeset/238008/webkit. However, they caused
1296         build issues and they were removed from the Xcode projects in
1297         https://trac.webkit.org/changeset/238055/webkit. This check-in removes
1298         the files from the repository altogether. They'll ultimately be
1299         replaced with new files with names that indicate whether the
1300         associated files are inputs to the Run Script phase or are files
1301         created by the Run Script phase.
1302
1303         * DerivedSources.xcfilelist: Removed.
1304         * UnifiedSources.xcfilelist: Removed.
1305
1306 2018-11-14  Keith Rollin  <krollin@apple.com>
1307
1308         Move scripts for Derived and Unified Sources to external files
1309         https://bugs.webkit.org/show_bug.cgi?id=191670
1310         <rdar://problem/46082278>
1311
1312         Reviewed by Keith Miller.
1313
1314         Move the scripts in the Generate Derived Sources and Generate Unified
1315         Sources Run Script phases from the Xcode projects to external shell
1316         script files. Then invoke those scripts from the Run Script phases.
1317         This refactoring is being performed to support later work that will
1318         invoke these scripts in other contexts.
1319
1320         The scripts were maintained as-is when making the move. I did a little
1321         reformatting and added 'set -e' to the top of each file, but that's
1322         it.
1323
1324         * JavaScriptCore.xcodeproj/project.pbxproj:
1325         * Scripts/generate-derived-sources.sh: Added.
1326         * Scripts/generate-unified-sources.sh: Added.
1327
1328 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
1329
1330         Web Inspector: Pass Inspector::FrontendChannel as a reference connect/disconnect methods
1331         https://bugs.webkit.org/show_bug.cgi?id=191612
1332
1333         Reviewed by Matt Baker.
1334
1335         * inspector/InspectorFrontendRouter.cpp:
1336         (Inspector::FrontendRouter::connectFrontend):
1337         (Inspector::FrontendRouter::disconnectFrontend):
1338         * inspector/InspectorFrontendRouter.h:
1339         * inspector/JSGlobalObjectInspectorController.cpp:
1340         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1341         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
1342         * inspector/JSGlobalObjectInspectorController.h:
1343         * inspector/remote/RemoteControllableTarget.h:
1344         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
1345         (Inspector::RemoteConnectionToTarget::setup):
1346         (Inspector::RemoteConnectionToTarget::close):
1347         * inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
1348         (Inspector::RemoteConnectionToTarget::setup):
1349         (Inspector::RemoteConnectionToTarget::close):
1350         * runtime/JSGlobalObjectDebuggable.cpp:
1351         (JSC::JSGlobalObjectDebuggable::connect):
1352         (JSC::JSGlobalObjectDebuggable::disconnect):
1353         * runtime/JSGlobalObjectDebuggable.h:
1354
1355 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
1356
1357         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Remote Inspector)
1358         https://bugs.webkit.org/show_bug.cgi?id=191494
1359         <rdar://problem/45469854>
1360
1361         Reviewed by Devin Rousso.
1362
1363         * CMakeLists.txt:
1364         * DerivedSources.make:
1365         * JavaScriptCore.xcodeproj/project.pbxproj:
1366         * Sources.txt:
1367         New domain and resources.
1368
1369         * inspector/protocol/Target.json: Added.
1370         New protocol domain, modeled after Worker.json, to allow for
1371         multiplexing between different targets.
1372
1373         * inspector/InspectorTarget.h:
1374         Each target will instantiate an InspectorTarget and must
1375         provide an identifier, type, and means of connecting/disconnecting
1376         to a frontend channel.
1377
1378         * inspector/agents/InspectorTargetAgent.cpp: Added.
1379         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
1380         (Inspector::InspectorTargetAgent::didCreateFrontendAndBackend):
1381         (Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend):
1382         (Inspector::InspectorTargetAgent::exists):
1383         (Inspector::InspectorTargetAgent::initialized):
1384         (Inspector::InspectorTargetAgent::sendMessageToTarget):
1385         (Inspector::InspectorTargetAgent::sendMessageFromTargetToFrontend):
1386         (Inspector::targetTypeToProtocolType):
1387         (Inspector::buildTargetInfoObject):
1388         (Inspector::InspectorTargetAgent::targetCreated):
1389         (Inspector::InspectorTargetAgent::targetTerminated):
1390         (Inspector::InspectorTargetAgent::connectToTargets):
1391         (Inspector::InspectorTargetAgent::disconnectFromTargets):
1392         * inspector/agents/InspectorTargetAgent.h: Added.
1393         TargetAgent holds a list of targets, and connects/disconnects to each
1394         of the targets when a frontend connects/disconnects.
1395
1396         * inspector/scripts/codegen/generator.py:
1397         Better enum casing of ServiceWorker.
1398
1399 2018-11-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1400
1401         Unreviewed, rolling in CodeCache in r237254
1402         https://bugs.webkit.org/show_bug.cgi?id=190340
1403
1404         Land the CodeCache part without adding an additional hash value.
1405
1406         * bytecode/UnlinkedFunctionExecutable.cpp:
1407         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1408         * bytecode/UnlinkedFunctionExecutable.h:
1409         * parser/SourceCodeKey.h:
1410         (JSC::SourceCodeKey::SourceCodeKey):
1411         (JSC::SourceCodeKey::operator== const):
1412         * runtime/CodeCache.cpp:
1413         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1414         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1415         * runtime/CodeCache.h:
1416         * runtime/FunctionConstructor.cpp:
1417         (JSC::constructFunctionSkippingEvalEnabledCheck):
1418         * runtime/FunctionExecutable.cpp:
1419         (JSC::FunctionExecutable::fromGlobalCode):
1420         * runtime/FunctionExecutable.h:
1421
1422 2018-11-13  Saam Barati  <sbarati@apple.com>
1423
1424         ProxyObject should check for VMInquiry and return early before throwing a stack overflow exception
1425         https://bugs.webkit.org/show_bug.cgi?id=191601
1426
1427         Reviewed by Mark Lam.
1428
1429         This doesn't fix any bugs today, but it may reduce future bugs. It was
1430         always weird that ProxyObject::getOwnPropertySlot with VMInquiry might
1431         throw a stack overflow error instead of just returning false like it
1432         normally does when VMInquiry is passed in.
1433
1434         * runtime/ProxyObject.cpp:
1435         (JSC::ProxyObject::getOwnPropertySlotCommon):
1436
1437 2018-11-13  Saam Barati  <sbarati@apple.com>
1438
1439         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
1440         https://bugs.webkit.org/show_bug.cgi?id=191600
1441
1442         Reviewed by Mark Lam.
1443
1444         processLogEntries will call into calculatedClassName, which will clear
1445         any exceptions it encounters (it assumes that they're stack overflow exceptions).
1446         However, this code may be called when an exception is already pending on the 
1447         VM (e.g, when we throw an exception in the DFG, we compile an OSR exit
1448         offramp, which may compile a baseline codeblock, which will process
1449         the type profiler log). To get around this, processLogEntires should stash
1450         away and re-apply any pending exceptions.
1451
1452         * dfg/DFGDriver.cpp:
1453         (JSC::DFG::compileImpl):
1454         * dfg/DFGOperations.cpp:
1455         * inspector/agents/InspectorRuntimeAgent.cpp:
1456         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1457         * jit/JIT.cpp:
1458         (JSC::JIT::doMainThreadPreparationBeforeCompile):
1459         * jit/JITOperations.cpp:
1460         * runtime/CommonSlowPaths.cpp:
1461         (JSC::SLOW_PATH_DECL):
1462         * runtime/TypeProfilerLog.cpp:
1463         (JSC::TypeProfilerLog::processLogEntries):
1464         * runtime/TypeProfilerLog.h:
1465         * runtime/VM.cpp:
1466         (JSC::VM::dumpTypeProfilerData):
1467         * runtime/VM.h:
1468         (JSC::VM::DeferExceptionScope::DeferExceptionScope):
1469         * tools/JSDollarVM.cpp:
1470         (JSC::functionFindTypeForExpression):
1471         (JSC::functionReturnTypeFor):
1472
1473 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
1474
1475         Unreviewed, rolling out r238132.
1476
1477         The test added with this change is timing out on Debug JSC
1478         bots.
1479
1480         Reverted changeset:
1481
1482         "[BigInt] JSBigInt::createWithLength should throw when length
1483         is greater than JSBigInt::maxLength"
1484         https://bugs.webkit.org/show_bug.cgi?id=190836
1485         https://trac.webkit.org/changeset/238132
1486
1487 2018-11-12  Mark Lam  <mark.lam@apple.com>
1488
1489         Add OOM detection to StringPrototype's substituteBackreferences().
1490         https://bugs.webkit.org/show_bug.cgi?id=191563
1491         <rdar://problem/45720428>
1492
1493         Reviewed by Saam Barati.
1494
1495         * dfg/DFGStrengthReductionPhase.cpp:
1496         (JSC::DFG::StrengthReductionPhase::handleNode):
1497         * runtime/StringPrototype.cpp:
1498         (JSC::substituteBackreferencesSlow):
1499         (JSC::substituteBackreferencesInline):
1500         (JSC::substituteBackreferences):
1501         (JSC::replaceUsingRegExpSearch):
1502         (JSC::replaceUsingStringSearch):
1503         * runtime/StringPrototype.h:
1504
1505 2018-11-13  Mark Lam  <mark.lam@apple.com>
1506
1507         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
1508         https://bugs.webkit.org/show_bug.cgi?id=191579
1509         <rdar://problem/45942472>
1510
1511         Reviewed by Saam Barati.
1512
1513         Both of these functions do a lot of work.  It would be good for the topCallFrame
1514         to be correct should we need to throw an exception.
1515
1516         For example, we've observed the following crash trace:
1517
1518           * frame #0: WTFCrash() at Assertions.cpp:253
1519             frame #1: ...
1520             frame #2: JSC::StructureIDTable::get(this=0x00006040000162f0, structureID=1874583248) at StructureIDTable.h:129
1521             frame #3: JSC::VM::getStructure(this=0x0000604000016210, id=4022066896) at VM.h:705
1522             frame #4: JSC::JSCell::structure(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:125
1523             frame #5: JSC::JSCell::classInfo(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:335
1524             frame #6: JSC::JSCell::inherits(this=0x00007ffeefbbde30, vm=0x0000604000016210, info=0x0000000105eaf020) const at JSCellInlines.h:302
1525             frame #7: JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(from=0x00007ffeefbbde30) at JSCast.h:36
1526             frame #8: JSC::asObject(cell=0x00007ffeefbbde30) at JSObject.h:1299
1527             frame #9: JSC::asObject(value=JSValue @ 0x00007ffeefbba380) at JSObject.h:1304
1528             frame #10: JSC::Register::object(this=0x00007ffeefbbdd58) const at JSObject.h:1514
1529             frame #11: JSC::ExecState::jsCallee(this=0x00007ffeefbbdd40) const at CallFrame.h:107
1530             frame #12: JSC::ExecState::isStackOverflowFrame(this=0x00007ffeefbbdd40) const at CallFrameInlines.h:36
1531             frame #13: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:52
1532             frame #14: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:41
1533             frame #15: void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>&, unsigned long, unsigned long)::$_3>(startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800, functor=0x00007ffeefbbaa60)::$_3 const&) at StackVisitor.h:147
1534             frame #16: JSC::Interpreter::getStackTrace(this=0x0000602000005db0, owner=0x000062d00020cbe0, results=0x00006020000249d0, framesToSkip=0, maxStackSize=1) at Interpreter.cpp:437
1535             frame #17: JSC::getStackTrace(exec=0x000062d00002c048, vm=0x0000631000000800, obj=0x000062d00020cbe0, useCurrentFrame=true) at Error.cpp:170
1536             frame #18: JSC::ErrorInstance::finishCreation(this=0x000062d00020cbe0, exec=0x000062d00002c048, vm=0x0000631000000800, message=0x00007ffeefbbb800, useCurrentFrame=true) at ErrorInstance.cpp:119
1537             frame #19: JSC::ErrorInstance::create(exec=0x000062d00002c048, vm=0x0000631000000800, structure=0x000062d0000f5730, message=0x00007ffeefbbb800, appender=0x0000000000000000, type=TypeNothing, useCurrentFrame=true)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) at ErrorInstance.h:49
1538             frame #20: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800, appender=0x0000000000000000)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) at Error.cpp:68
1539             frame #21: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800) at Error.cpp:316
1540             frame #22: JSC::createStackOverflowError(exec=0x000062d00002c048, globalObject=0x000062d00002c000) at ExceptionHelpers.cpp:77
1541             frame #23: JSC::createStackOverflowError(exec=0x000062d00002c048) at ExceptionHelpers.cpp:72
1542             frame #24: JSC::throwStackOverflowError(exec=0x000062d00002c048, scope=0x00007ffeefbbbaa0) at ExceptionHelpers.cpp:335
1543             frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372
1544             frame #26: JSC::ProxyObject::getOwnPropertySlot(object=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbd40, slot=0x00007ffeefbbc720) at ProxyObject.cpp:395
1545             frame #27: JSC::JSObject::getNonIndexPropertySlot(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbea0, slot=0x00007ffeefbbc720) at JSObjectInlines.h:150
1546             frame #28: bool JSC::JSObject::getPropertySlot<false>(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbc320, slot=0x00007ffeefbbc720) at JSObject.h:1424
1547             frame #29: JSC::JSObject::calculatedClassName(object=0x000062d000200e40) at JSObject.cpp:535
1548             frame #30: JSC::Structure::toStructureShape(this=0x000062d000007410, value=JSValue @ 0x00007ffeefbbcae0, sawPolyProtoStructure=0x00007ffeefbbcf60) at Structure.cpp:1142
1549             frame #31: JSC::TypeProfilerLog::processLogEntries(this=0x000060400000a950, reason=0x00007ffeefbbd5c0) at TypeProfilerLog.cpp:89
1550             frame #32: JSC::JIT::doMainThreadPreparationBeforeCompile(this=0x0000619000034da0) at JIT.cpp:951
1551             frame #33: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:43
1552             frame #34: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:42
1553             frame #35: JSC::JITWorklist::compileLater(this=0x0000616000001b80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:256
1554             frame #36: JSC::LLInt::jitCompileAndSetHeuristics(codeBlock=0x000062d0001d88c0, exec=0x00007ffeefbbde30, loopOSREntryBytecodeOffset=0) at LLIntSlowPaths.cpp:391
1555             frame #37: llint_replace(exec=0x00007ffeefbbde30, pc=0x00006040000161ba) at LLIntSlowPaths.cpp:516
1556             frame #38: llint_entry at LowLevelInterpreter64.asm:98
1557             frame #39: vmEntryToJavaScript at LowLevelInterpreter64.asm:296
1558             ...
1559
1560         This crash occurred because StackVisitor was seeing an invalid topCallFrame while
1561         trying to capture the Error stack while throwing a StackOverflowError below
1562         llint_replace.  While in this specific example, it is questionable whether we
1563         should be executing JS code below TypeProfilerLog::processLogEntries(), it is
1564         correct to have set the topCallFrame in llint_replace.  We do this by calling
1565         LLINT_BEGIN_NO_SET_PC() at the top of llint_replace.
1566
1567         We also do the same for llint_osr.
1568         
1569         Note: both of these LLInt slow path functions are called with a fully initialized
1570         CallFrame.  Hence, there's no issue with setting topCallFrame to their CallFrames
1571         for these functions.
1572
1573         * llint/LLIntSlowPaths.cpp:
1574         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1575
1576 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
1577
1578         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
1579         https://bugs.webkit.org/show_bug.cgi?id=190836
1580
1581         Reviewed by Saam Barati.
1582
1583         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
1584         where we allocate a BigInt trusting the length received as argument.
1585         With this additional method, we now check if length passed to
1586         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
1587         When the length is greater than maxLength, we then throw OOM
1588         exception.
1589         This required change the interface of some JSBigInt operations to
1590         receive `ExecState*` instead of `VM&`. We changed only operations that
1591         can throw because of OOM.
1592         We beleive that this approach of throwing instead of finishing the
1593         execution abruptly is better because JS programs can catch such
1594         exception and handle this issue properly.
1595
1596         * dfg/DFGOperations.cpp:
1597         * jit/JITOperations.cpp:
1598         * runtime/CommonSlowPaths.cpp:
1599         (JSC::SLOW_PATH_DECL):
1600         * runtime/JSBigInt.cpp:
1601         (JSC::JSBigInt::createZero):
1602         (JSC::JSBigInt::tryCreateWithLength):
1603         (JSC::JSBigInt::createWithLengthUnchecked):
1604         (JSC::JSBigInt::createFrom):
1605         (JSC::JSBigInt::multiply):
1606         (JSC::JSBigInt::divide):
1607         (JSC::JSBigInt::copy):
1608         (JSC::JSBigInt::unaryMinus):
1609         (JSC::JSBigInt::remainder):
1610         (JSC::JSBigInt::add):
1611         (JSC::JSBigInt::sub):
1612         (JSC::JSBigInt::bitwiseAnd):
1613         (JSC::JSBigInt::bitwiseOr):
1614         (JSC::JSBigInt::bitwiseXor):
1615         (JSC::JSBigInt::absoluteAdd):
1616         (JSC::JSBigInt::absoluteSub):
1617         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
1618         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
1619         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
1620         (JSC::JSBigInt::absoluteBitwiseOp):
1621         (JSC::JSBigInt::absoluteAddOne):
1622         (JSC::JSBigInt::absoluteSubOne):
1623         (JSC::JSBigInt::toStringGeneric):
1624         (JSC::JSBigInt::rightTrim):
1625         (JSC::JSBigInt::allocateFor):
1626         (JSC::JSBigInt::createWithLength): Deleted.
1627         * runtime/JSBigInt.h:
1628         * runtime/Operations.cpp:
1629         (JSC::jsAddSlowCase):
1630         * runtime/Operations.h:
1631         (JSC::jsSub):
1632         (JSC::jsMul):
1633
1634 2018-11-12  Devin Rousso  <drousso@apple.com>
1635
1636         Web Inspector: Network: show secure certificate details per-request
1637         https://bugs.webkit.org/show_bug.cgi?id=191447
1638         <rdar://problem/30019476>
1639
1640         Reviewed by Joseph Pecoraro.
1641
1642         Add Security domain to hold security related protocol types.
1643
1644         * CMakeLists.txt:
1645         * DerivedSources.make:
1646         * inspector/protocol/Network.json:
1647         * inspector/protocol/Security.json: Added.
1648         * inspector/scripts/codegen/objc_generator.py:
1649         (ObjCGenerator):
1650
1651 2018-11-12  Saam barati  <sbarati@apple.com>
1652
1653         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
1654         https://bugs.webkit.org/show_bug.cgi?id=191555
1655
1656         * bytecode/UnlinkedFunctionExecutable.cpp:
1657         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1658         * bytecode/UnlinkedFunctionExecutable.h:
1659         * parser/SourceCodeKey.h:
1660         (JSC::SourceCodeKey::SourceCodeKey):
1661         (JSC::SourceCodeKey::operator== const):
1662         * runtime/CodeCache.cpp:
1663         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1664         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1665         * runtime/CodeCache.h:
1666         * runtime/FunctionConstructor.cpp:
1667         (JSC::constructFunctionSkippingEvalEnabledCheck):
1668         * runtime/FunctionExecutable.cpp:
1669         (JSC::FunctionExecutable::fromGlobalCode):
1670         * runtime/FunctionExecutable.h:
1671
1672 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
1673
1674         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
1675         https://bugs.webkit.org/show_bug.cgi?id=191492
1676
1677         Reviewed by Alex Christensen.
1678
1679         Rename file.
1680
1681         * API/JSValue.mm:
1682
1683 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
1684
1685         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
1686         https://bugs.webkit.org/show_bug.cgi?id=191492
1687
1688         Reviewed by Alex Christensen.
1689
1690         * API/JSValue.mm:
1691
1692 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
1693
1694         Unreviewed, silence -Wunused-variable warning
1695
1696         * bytecode/Opcode.h:
1697         (JSC::padOpcodeName):
1698
1699 2018-11-09  Keith Rollin  <krollin@apple.com>
1700
1701         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
1702
1703         Remove the use of .xcfilelists until their side-effects are better
1704         understood.
1705
1706         * JavaScriptCore.xcodeproj/project.pbxproj:
1707
1708 2018-11-09  Keith Miller  <keith_miller@apple.com>
1709
1710         LLInt VectorSizeOffset should be based on offset extraction
1711         https://bugs.webkit.org/show_bug.cgi?id=191468
1712
1713         Reviewed by Yusuke Suzuki.
1714
1715         This patch also adds some usings to LLIntOffsetsExtractor that
1716         make it possible to use the bare names of Vector/RefCountedArray
1717         in offsets extraction.
1718
1719         * llint/LLIntOffsetsExtractor.cpp:
1720         * llint/LowLevelInterpreter.asm:
1721
1722 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1723
1724         Unreviewed, rolling in CodeCache in r237254
1725         https://bugs.webkit.org/show_bug.cgi?id=190340
1726
1727         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
1728
1729         * bytecode/UnlinkedFunctionExecutable.cpp:
1730         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1731         * bytecode/UnlinkedFunctionExecutable.h:
1732         * parser/SourceCodeKey.h:
1733         (JSC::SourceCodeKey::SourceCodeKey):
1734         (JSC::SourceCodeKey::operator== const):
1735         * runtime/CodeCache.cpp:
1736         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1737         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1738         * runtime/CodeCache.h:
1739         * runtime/FunctionConstructor.cpp:
1740         (JSC::constructFunctionSkippingEvalEnabledCheck):
1741         * runtime/FunctionExecutable.cpp:
1742         (JSC::FunctionExecutable::fromGlobalCode):
1743         * runtime/FunctionExecutable.h:
1744
1745 2018-11-08  Keith Miller  <keith_miller@apple.com>
1746
1747         put_by_val opcodes need to add the number tag as a 64-bit register
1748         https://bugs.webkit.org/show_bug.cgi?id=191456
1749
1750         Reviewed by Saam Barati.
1751
1752         Previously the LLInt would add it as a pointer sized value. That is
1753         wrong if pointer size is less 64-bits.
1754
1755         * llint/LowLevelInterpreter64.asm:
1756
1757 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
1758
1759         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
1760         https://bugs.webkit.org/show_bug.cgi?id=191439
1761
1762         Reviewed by Saam Barati.
1763
1764         * CMakeLists.txt:
1765         * runtime/ParseInt.h:
1766         (JSC::isStrWhiteSpace):
1767         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
1768
1769 2018-11-08  Michael Saboff  <msaboff@apple.com>
1770
1771         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
1772         https://bugs.webkit.org/show_bug.cgi?id=191444
1773
1774         Reviewed by Saam Barati.
1775
1776         * runtime/Options.h:
1777
1778 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
1779
1780         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
1781         https://bugs.webkit.org/show_bug.cgi?id=191416
1782
1783         Reviewed by Saam Barati.
1784
1785         * disassembler/UDis86Disassembler.cpp:
1786         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
1787
1788 2018-11-08  Keith Rollin  <krollin@apple.com>
1789
1790         Create .xcfilelist files
1791         https://bugs.webkit.org/show_bug.cgi?id=191324
1792         <rdar://problem/45852819>
1793
1794         Reviewed by Alex Christensen.
1795
1796         As part of preparing for enabling XCBuild, create and use .xcfilelist
1797         files. These files are using during Run Script build phases in an
1798         Xcode project. If a Run Script build phase produces new files that are
1799         used later as inputs to subsequent build phases, XCBuild needs to know
1800         about these files. These files can be either specified in an "output
1801         files" section of the Run Script phase editor, or in .xcfilelist files
1802         that are associated with the Run Script build phase.
1803
1804         This patch takes the second approach. It consists of three sets of changes:
1805
1806         - Modify the DerivedSources.make files to have a
1807           'print_all_generated_files" target that produces a list of the files
1808           they create.
1809
1810         - Create a shell script that produces .xcfilelist files from the
1811           output of the previous step, as well as for the files created in the
1812           Generate Unified Sources build steps.
1813
1814         - Add the new .xcfilelist files to the associated projects.
1815
1816         Note that, with these changes, the Xcode workspace and projects can no
1817         longer be fully loaded into Xcode 9. Xcode will attempt to load the
1818         projects that have .xcfilelist files associated with them, but will
1819         fail and display a placeholder for those projects instead. It's
1820         expected that all developers are using Xcode 10 by now and that not
1821         being able to load into Xcode 9 is not a practical issue. Keep in mind
1822         that this is strictly an IDE issue, and that the projects can still be
1823         built with `xcodebuild`.
1824
1825         Also note that the shell script that creates the .xcfilelist files can
1826         also be used to verify that the set of files that's currently checked
1827         in is up-to-date. This checking can be used as part of a check-in hook
1828         or part of check-webkit-style to sooner catch cases where the
1829         .xcfilelist files need to be regenerated.
1830
1831         * DerivedSources.make:
1832         * DerivedSources.xcfilelist: Added.
1833         * JavaScriptCore.xcodeproj/project.pbxproj:
1834         * UnifiedSources.xcfilelist: Added.
1835
1836 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
1837
1838         U+180E is no longer a whitespace character
1839         https://bugs.webkit.org/show_bug.cgi?id=191415
1840
1841         Reviewed by Saam Barati.
1842
1843         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
1844         (https://github.com/tc39/ecma262/pull/300)
1845
1846         * parser/Lexer.h:
1847         (JSC::Lexer<UChar>::isWhiteSpace):
1848         * runtime/ParseInt.h:
1849         (JSC::isStrWhiteSpace):
1850         * yarr/create_regex_tables:
1851
1852 2018-11-08  Keith Miller  <keith_miller@apple.com>
1853
1854         jitEnabledByDefault() should be on useJIT not useBaselineJIT
1855         https://bugs.webkit.org/show_bug.cgi?id=191434
1856
1857         Reviewed by Saam Barati.
1858
1859         * runtime/Options.h:
1860
1861 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
1862
1863         Web Inspector: Restrict domains at the target level instead of only at the window level
1864         https://bugs.webkit.org/show_bug.cgi?id=191344
1865
1866         Reviewed by Devin Rousso.
1867
1868         * inspector/protocol/Console.json:
1869         * inspector/protocol/Debugger.json:
1870         * inspector/protocol/Heap.json:
1871         * inspector/protocol/Runtime.json:
1872         Remove workerSupported as it is now no longer necessary. It is implied
1873         by availability being empty (meaning it is supported everywhere).
1874
1875         * inspector/protocol/Inspector.json:
1876         * inspector/protocol/ScriptProfiler.json:
1877         Restrict to "javascript" and "web" debuggables, not available in workers.
1878
1879         * inspector/protocol/Worker.json:
1880         Cleanup, remove empty types list.
1881         
1882         * inspector/protocol/Recording.json:
1883         Cleanup, only expose this in the "web" domain for now.
1884
1885         * inspector/scripts/codegen/generate_js_backend_commands.py:
1886         (JSBackendCommandsGenerator.generate_domain):
1887         * inspector/scripts/codegen/models.py:
1888         (Protocol.parse_domain):
1889         Allow a list of debuggable types. Add "worker" even though it is unused
1890         since that is a type we would want to allow or consider.
1891
1892         (Domain.__init__):
1893         (Domains):
1894         Remove now unnecessary workerSupported code.
1895         Allow availability on a domain with only types.
1896
1897         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
1898         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
1899
1900 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1901
1902         Consider removing double load for accessing the MetadataTable from LLInt
1903         https://bugs.webkit.org/show_bug.cgi?id=190933
1904
1905         Reviewed by Keith Miller.
1906
1907         This patch removes double load for accesses to MetadataTable from LLInt.
1908         MetadataTable is now specially RefCounted class, which has interesting memory layout.
1909         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
1910
1911         * bytecode/CodeBlock.cpp:
1912         (JSC::CodeBlock::finishCreation):
1913         (JSC::CodeBlock::estimatedSize):
1914         (JSC::CodeBlock::visitChildren):
1915         * bytecode/CodeBlock.h:
1916         (JSC::CodeBlock::metadata):
1917         * bytecode/CodeBlockInlines.h:
1918         (JSC::CodeBlock::forEachValueProfile):
1919         (JSC::CodeBlock::forEachArrayProfile):
1920         (JSC::CodeBlock::forEachArrayAllocationProfile):
1921         (JSC::CodeBlock::forEachObjectAllocationProfile):
1922         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1923         * bytecode/MetadataTable.cpp:
1924         (JSC::MetadataTable::MetadataTable):
1925         (JSC::MetadataTable::~MetadataTable):
1926         (JSC::MetadataTable::sizeInBytes):
1927         * bytecode/MetadataTable.h:
1928         (JSC::MetadataTable::get):
1929         (JSC::MetadataTable::forEach):
1930         (JSC::MetadataTable::ref const):
1931         (JSC::MetadataTable::deref const):
1932         (JSC::MetadataTable::refCount const):
1933         (JSC::MetadataTable::hasOneRef const):
1934         (JSC::MetadataTable::buffer):
1935         (JSC::MetadataTable::linkingData const):
1936         (JSC::MetadataTable::getImpl):
1937         * bytecode/UnlinkedMetadataTable.h:
1938         (JSC::UnlinkedMetadataTable::buffer const):
1939         * bytecode/UnlinkedMetadataTableInlines.h:
1940         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1941         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1942         (JSC::UnlinkedMetadataTable::addEntry):
1943         (JSC::UnlinkedMetadataTable::sizeInBytes):
1944         (JSC::UnlinkedMetadataTable::finalize):
1945         (JSC::UnlinkedMetadataTable::link):
1946         (JSC::UnlinkedMetadataTable::unlink):
1947         * llint/LowLevelInterpreter.asm:
1948         * llint/LowLevelInterpreter32_64.asm:
1949
1950 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
1951
1952         [BigInt] Add support to BigInt into ValueAdd
1953         https://bugs.webkit.org/show_bug.cgi?id=186177
1954
1955         Reviewed by Keith Miller.
1956
1957         We are adding a very primitive specialization case of BigInts into ValueAdd.
1958         When compiling a speculated version of this node to BigInt, we are currently
1959         calling 'operationAddBigInt', a function that expects only BigInts as
1960         parameter and effectly add numbers using JSBigInt::add. To properly
1961         speculate BigInt operands, we changed ArithProfile to observe when
1962         its result is a BigInt. With this new observation, we are able to identify
1963         when ValueAdd results into a String or BigInt.
1964
1965         Here are some numbers for this specialization running
1966         microbenchmarks:
1967
1968         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
1969         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
1970
1971         * bytecode/ArithProfile.cpp:
1972         (JSC::ArithProfile::emitObserveResult):
1973         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
1974         (JSC::ArithProfile::shouldEmitSetBigInt const):
1975         (JSC::ArithProfile::emitSetNonNumeric const):
1976         (JSC::ArithProfile::emitSetBigInt const):
1977         (WTF::printInternal):
1978         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
1979         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
1980         * bytecode/ArithProfile.h:
1981         (JSC::ArithProfile::observedUnaryInt):
1982         (JSC::ArithProfile::observedUnaryNumber):
1983         (JSC::ArithProfile::observedBinaryIntInt):
1984         (JSC::ArithProfile::observedBinaryNumberInt):
1985         (JSC::ArithProfile::observedBinaryIntNumber):
1986         (JSC::ArithProfile::observedBinaryNumberNumber):
1987         (JSC::ArithProfile::didObserveNonInt32 const):
1988         (JSC::ArithProfile::didObserveNonNumeric const):
1989         (JSC::ArithProfile::didObserveBigInt const):
1990         (JSC::ArithProfile::setObservedNonNumeric):
1991         (JSC::ArithProfile::setObservedBigInt):
1992         (JSC::ArithProfile::observeResult):
1993         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
1994         (JSC::ArithProfile::setObservedNonNumber): Deleted.
1995         * dfg/DFGByteCodeParser.cpp:
1996         (JSC::DFG::ByteCodeParser::makeSafe):
1997         * dfg/DFGFixupPhase.cpp:
1998         (JSC::DFG::FixupPhase::fixupNode):
1999         * dfg/DFGNode.h:
2000         (JSC::DFG::Node::mayHaveNonNumericResult):
2001         (JSC::DFG::Node::mayHaveBigIntResult):
2002         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
2003         * dfg/DFGNodeFlags.cpp:
2004         (JSC::DFG::dumpNodeFlags):
2005         * dfg/DFGNodeFlags.h:
2006         * dfg/DFGOperations.cpp:
2007         * dfg/DFGOperations.h:
2008         * dfg/DFGPredictionPropagationPhase.cpp:
2009         * dfg/DFGSpeculativeJIT.cpp:
2010         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2011         * ftl/FTLLowerDFGToB3.cpp:
2012         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2013         * runtime/CommonSlowPaths.cpp:
2014         (JSC::updateArithProfileForUnaryArithOp):
2015         (JSC::updateArithProfileForBinaryArithOp):
2016
2017 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
2018
2019         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
2020         https://bugs.webkit.org/show_bug.cgi?id=191340
2021
2022         Reviewed by Devin Rousso.
2023
2024         * inspector/ConsoleMessage.cpp:
2025         (Inspector::messageSourceValue):
2026         Use new enum name.
2027
2028         * inspector/scripts/codegen/generator.py:
2029         Correct the casing of "JavaScript".
2030
2031 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
2032
2033         Align wide opcodes in the instruction stream
2034         https://bugs.webkit.org/show_bug.cgi?id=191254
2035
2036         Reviewed by Keith Miller.
2037
2038         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
2039         aligned on platforms that don't like unaligned memory access.
2040
2041         For that, add a new type to represent jump targets, BoundLabel, which
2042         delays computing the offset in case we need to emit nops for padding.
2043         Extra padding is also emitted before op_yield and at the of each
2044         BytecodeWriter fragment, to ensure that the bytecode remains aligned
2045         after the rewriting.
2046
2047         As a side effect, we can longer guarantee that the point immediately
2048         before emitting an opcode is the start of that opcode, since nops
2049         might be emitted in between if the opcode needs to be wide. To fix
2050         that, we only take the offset of opcodes after they have been emitted,
2051         using `m_lastInstruction.offset()`.
2052
2053         * bytecode/BytecodeDumper.h:
2054         (JSC::BytecodeDumper::dumpValue):
2055         * bytecode/BytecodeGeneratorification.cpp:
2056         (JSC::BytecodeGeneratorification::run):
2057         * bytecode/BytecodeList.rb:
2058         * bytecode/BytecodeRewriter.h:
2059         (JSC::BytecodeRewriter::Fragment::align):
2060         (JSC::BytecodeRewriter::insertFragmentBefore):
2061         (JSC::BytecodeRewriter::insertFragmentAfter):
2062         * bytecode/Fits.h:
2063         * bytecode/InstructionStream.h:
2064         (JSC::InstructionStreamWriter::ref):
2065         * bytecode/PreciseJumpTargetsInlines.h:
2066         (JSC::updateStoredJumpTargetsForInstruction):
2067         * bytecompiler/BytecodeGenerator.cpp:
2068         (JSC::Label::setLocation):
2069         (JSC::BoundLabel::target):
2070         (JSC::BoundLabel::saveTarget):
2071         (JSC::BoundLabel::commitTarget):
2072         (JSC::BytecodeGenerator::generate):
2073         (JSC::BytecodeGenerator::recordOpcode):
2074         (JSC::BytecodeGenerator::alignWideOpcode):
2075         (JSC::BytecodeGenerator::emitProfileControlFlow):
2076         (JSC::BytecodeGenerator::emitResolveScope):
2077         (JSC::BytecodeGenerator::emitGetFromScope):
2078         (JSC::BytecodeGenerator::emitPutToScope):
2079         (JSC::BytecodeGenerator::emitGetById):
2080         (JSC::BytecodeGenerator::emitDirectGetById):
2081         (JSC::BytecodeGenerator::emitPutById):
2082         (JSC::BytecodeGenerator::emitDirectPutById):
2083         (JSC::BytecodeGenerator::emitGetByVal):
2084         (JSC::BytecodeGenerator::emitCreateThis):
2085         (JSC::BytecodeGenerator::beginSwitch):
2086         (JSC::BytecodeGenerator::endSwitch):
2087         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2088         (JSC::BytecodeGenerator::emitYieldPoint):
2089         (JSC::BytecodeGenerator::emitToThis):
2090         (JSC::Label::bind): Deleted.
2091         * bytecompiler/BytecodeGenerator.h:
2092         (JSC::BytecodeGenerator::recordOpcode): Deleted.
2093         * bytecompiler/Label.h:
2094         (JSC::BoundLabel::BoundLabel):
2095         (JSC::BoundLabel::operator int):
2096         (JSC::Label::bind):
2097         * generator/Opcode.rb:
2098
2099 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
2100
2101         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
2102         https://bugs.webkit.org/show_bug.cgi?id=191184
2103
2104         Reviewed by Saam Barati.
2105
2106         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
2107
2108         * API/tests/PingPongStackOverflowTest.cpp:
2109         (testPingPongStackOverflow):
2110
2111 2018-11-06  Justin Fan  <justin_fan@apple.com>
2112
2113         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
2114         https://bugs.webkit.org/show_bug.cgi?id=191291
2115
2116         Reviewed by Myles Maxfield.
2117
2118         Properly disable WEBGPU on all non-Metal platforms for now.
2119
2120         * Configurations/FeatureDefines.xcconfig:
2121
2122 2018-11-06  Keith Rollin  <krollin@apple.com>
2123
2124         Adjust handling of Include paths that need quoting
2125         https://bugs.webkit.org/show_bug.cgi?id=191314
2126         <rdar://problem/45849143>
2127
2128         Reviewed by Dan Bernstein.
2129
2130         There are several places in the JavaScriptCore Xcode project where the
2131         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
2132         definitions look like:
2133
2134             HEADER_SEARCH_PATHS = (
2135                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
2136                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
2137                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
2138                 "$(inherited)",
2139             );
2140
2141         The idea here is presumably to have the resulting $(CPP) command have
2142         -I options where the associated paths are themselves quoted,
2143         protecting against space characters in the paths.
2144
2145         This approach to quote management can break under Xcode 9. If
2146         .xcfilelist files are added to the project, the 'objectVersion' value
2147         in the Xcode project file is changed from 46 to 51. If a project with
2148         objectVersion=51 is presented to Xcode 9 (as can happen when we build
2149         for older OS's), it produces build lines where the quotes are escaped,
2150         thereby becoming part of the path. The build then fails because a
2151         search for a file normally found in a directory called "Foo" will be
2152         looked for in "\"Foo\"", which doesn't exist.
2153
2154         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
2155         definition doesn't work, leading to paths that need quoting due to
2156         space characters but that don't get this quoting (the part of the path
2157         after the space appears to simply go missing).
2158
2159         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
2160         the definitions to the .xcconfig fixes this problem.
2161
2162         * Configurations/ToolExecutable.xcconfig:
2163         * JavaScriptCore.xcodeproj/project.pbxproj:
2164
2165 2018-11-06  Michael Saboff  <msaboff@apple.com>
2166
2167         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
2168         https://bugs.webkit.org/show_bug.cgi?id=191271
2169
2170         Reviewed by Saam Barati.
2171
2172         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
2173         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
2174         exception bubbling for String.match() with a global RegExp as well as String.replace()
2175         and String.search().
2176
2177         * runtime/RegExpObjectInlines.h:
2178         (JSC::RegExpObject::matchInline):
2179         (JSC::collectMatches):
2180         * runtime/RegExpPrototype.cpp:
2181         (JSC::regExpProtoFuncSearchFast):
2182         * runtime/StringPrototype.cpp:
2183         (JSC::removeUsingRegExpSearch):
2184         (JSC::replaceUsingRegExpSearch):
2185
2186 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
2187
2188         Fix typos in closing ENABLE guards
2189         https://bugs.webkit.org/show_bug.cgi?id=191273
2190
2191         Reviewed by Keith Miller.
2192
2193         * ftl/FTLForOSREntryJITCode.h:
2194         * ftl/FTLJITCode.h:
2195         * jsc.cpp:
2196         * wasm/WasmMemoryInformation.h:
2197         * wasm/WasmPageCount.h:
2198
2199 2018-11-05  Keith Miller  <keith_miller@apple.com>
2200
2201         Make static_asserts in APICast into bitwise_cast
2202         https://bugs.webkit.org/show_bug.cgi?id=191272
2203
2204         Reviewed by Filip Pizlo.
2205
2206         * API/APICast.h:
2207         (toJS):
2208         (toJSForGC):
2209         (toRef):
2210
2211 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
2212
2213         Enable LLInt on ARMv7/Linux
2214         https://bugs.webkit.org/show_bug.cgi?id=191190
2215
2216         Reviewed by Yusuke Suzuki.
2217
2218         After enabling the new bytecode format in r237547, C_LOOP was
2219         forced on all 32-bit platforms. Now enable LLInt again on
2220         ARMv7-Thumb2/Linux.
2221
2222         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
2223         stores/restores it on LLInt function calls. It also introduces the globaladdr-
2224         instruction for the ARM-offlineasm to access the opcode-table.
2225
2226         * jit/GPRInfo.h:
2227         * jit/RegisterSet.cpp:
2228         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2229         * llint/LowLevelInterpreter.asm:
2230         * llint/LowLevelInterpreter32_64.asm:
2231         * offlineasm/arm.rb:
2232         * offlineasm/asm.rb:
2233         * offlineasm/instructions.rb:
2234
2235 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
2236
2237         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
2238         https://bugs.webkit.org/show_bug.cgi?id=191146
2239
2240         Reviewed by Yusuke Suzuki.
2241
2242         * jit/JIT.h: Changed is64BitType from a template class method to a
2243         template inner class.
2244
2245 2018-11-02  Keith Miller  <keith_miller@apple.com>
2246
2247         Assert JSValues can fit into a pointer when API casting
2248         https://bugs.webkit.org/show_bug.cgi?id=191220
2249
2250         Reviewed by Michael Saboff.
2251
2252         * API/APICast.h:
2253         (toJS):
2254         (toJSForGC):
2255         (toRef):
2256
2257 2018-11-02  Michael Saboff  <msaboff@apple.com>
2258
2259         Rolling in r237753 with unreviewed build fix.
2260
2261         Fixed issues with DECLARE_THROW_SCOPE placement.
2262
2263 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
2264
2265         Unreviewed, rolling out r237753.
2266
2267         Introduced JSC test failures
2268
2269         Reverted changeset:
2270
2271         "Running out of stack space not properly handled in
2272         RegExp::compile() and its callers"
2273         https://bugs.webkit.org/show_bug.cgi?id=191206
2274         https://trac.webkit.org/changeset/237753
2275
2276 2018-11-02  Michael Saboff  <msaboff@apple.com>
2277
2278         Running out of stack space not properly handled in RegExp::compile() and its callers
2279         https://bugs.webkit.org/show_bug.cgi?id=191206
2280
2281         Reviewed by Filip Pizlo.
2282
2283         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
2284         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
2285         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
2286
2287         * runtime/RegExp.cpp:
2288         (JSC::RegExp::compile):
2289         (JSC::RegExp::compileMatchOnly):
2290         * runtime/RegExp.h:
2291         * runtime/RegExpInlines.h:
2292         (JSC::RegExp::compileIfNecessary):
2293         (JSC::RegExp::matchInline):
2294         (JSC::RegExp::compileIfNecessaryMatchOnly):
2295         * runtime/RegExpObjectInlines.h:
2296         (JSC::RegExpObject::execInline):
2297         * yarr/YarrErrorCode.h:
2298         (JSC::Yarr::hasHardError):
2299
2300 2018-11-02  Keith Miller  <keith_miller@apple.com>
2301
2302         API should use wrapper object if address is 32-bit
2303         https://bugs.webkit.org/show_bug.cgi?id=191203
2304
2305         Reviewed by Filip Pizlo.
2306
2307         * API/APICast.h:
2308         (toJS):
2309         (toJSForGC):
2310         (toRef):
2311
2312 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
2313
2314         Metadata should not be copyable
2315         https://bugs.webkit.org/show_bug.cgi?id=191193
2316
2317         Reviewed by Keith Miller.
2318
2319         We should only ever hold references to the entry in the metadata table.
2320
2321         * bytecode/CodeBlock.cpp:
2322         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2323         * dfg/DFGByteCodeParser.cpp:
2324         (JSC::DFG::ByteCodeParser::parseBlock):
2325         * generator/Metadata.rb:
2326
2327 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
2328
2329         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
2330         https://bugs.webkit.org/show_bug.cgi?id=191175
2331
2332         Reviewed by Keith Miller.
2333
2334         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
2335
2336         * jit/JITExceptions.cpp:
2337         (JSC::genericUnwind):
2338         * llint/LLIntData.h:
2339         (JSC::LLInt::getWideCodePtr):
2340
2341 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
2342
2343         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
2344         https://bugs.webkit.org/show_bug.cgi?id=189693
2345
2346         Reviewed by Yusuke Suzuki.
2347
2348         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
2349         * API/JSStringRef.cpp: Ditto.
2350         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
2351         * wasm/WasmParser.h: Ditto.
2352
2353 2018-11-01  Keith Miller  <keith_miller@apple.com>
2354
2355         Unreviewed, JavaScriptCore should only guarantee to produce a
2356         modulemap if we are building for iOSMac.
2357
2358         * Configurations/JavaScriptCore.xcconfig:
2359
2360 2018-10-31  Devin Rousso  <drousso@apple.com>
2361
2362         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
2363         https://bugs.webkit.org/show_bug.cgi?id=190856
2364
2365         Reviewed by Brian Burg.
2366
2367         * inspector/protocol/Canvas.json:
2368         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
2369         immediately after a context is created.
2370
2371         * inspector/protocol/Recording.json:
2372         Add `creation` value for `Initiator` enum.
2373
2374 2018-10-31  Devin Rousso  <drousso@apple.com>
2375
2376         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
2377         https://bugs.webkit.org/show_bug.cgi?id=190641
2378         <rdar://problem/45319049>
2379
2380         Reviewed by Joseph Pecoraro.
2381
2382         * inspector/protocol/DOM.json:
2383         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
2384         whether a video element's low power state has changed.
2385
2386 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
2387
2388         Adjust inlining threshold for new bytecode format
2389         https://bugs.webkit.org/show_bug.cgi?id=191115
2390
2391         Reviewed by Saam Barati.
2392
2393         The new format reduced the number of operands for many opcodes, which
2394         changed inlining decisions and impacted performance negatively.
2395
2396         * runtime/Options.h:
2397
2398 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
2399
2400         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
2401         https://bugs.webkit.org/show_bug.cgi?id=191108
2402         <rdar://problem/45690700>
2403
2404         Reviewed by Saam Barati.
2405
2406         When linking the handler, we need to check whether the target op_catch is
2407         wide or narrow in order to chose the right code pointer for the handler.
2408
2409         * bytecode/CodeBlock.cpp:
2410         (JSC::CodeBlock::finishCreation):
2411
2412 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
2413
2414         Align entries in metadata table
2415         https://bugs.webkit.org/show_bug.cgi?id=191062
2416
2417         Reviewed by Filip Pizlo.
2418
2419         Entries in the metadata table need to be aligned on some 32-bit
2420         architectures.
2421
2422         * bytecode/MetadataTable.h:
2423         (JSC::MetadataTable::forEach):
2424         * bytecode/Opcode.cpp:
2425         (JSC::metadataAlignment):
2426         * bytecode/Opcode.h:
2427         * bytecode/UnlinkedMetadataTableInlines.h:
2428         (JSC::UnlinkedMetadataTable::finalize):
2429         * generator/Section.rb:
2430
2431 2018-10-31  Jim Mason  <jmason@ibinx.com>
2432
2433         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
2434         https://bugs.webkit.org/show_bug.cgi?id=191063
2435
2436         Reviewed by Yusuke Suzuki.
2437
2438         * wasm/WasmFaultSignalHandler.cpp:
2439
2440 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2441
2442         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
2443         https://bugs.webkit.org/show_bug.cgi?id=191092
2444
2445         Reviewed by Saam Barati.
2446
2447         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
2448         following things to tighten LLInt ASM code.
2449
2450         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
2451         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
2452         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
2453         a power of two, we convert it to lshift instruction.
2454
2455         * llint/LowLevelInterpreter32_64.asm:
2456         * llint/LowLevelInterpreter64.asm:
2457         * offlineasm/arm64.rb:
2458         * offlineasm/instructions.rb:
2459         * offlineasm/x86.rb:
2460
2461 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
2462
2463         [PlayStation] Enable JavaScriptCore
2464         https://bugs.webkit.org/show_bug.cgi?id=191072
2465
2466         Reviewed by Brent Fulgham.
2467
2468         Add platform files for the PlayStation port.
2469
2470         * PlatformPlayStation.cmake: Added.
2471
2472 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
2473
2474         Clean up some obsolete MAX_ALLOWED macros
2475         https://bugs.webkit.org/show_bug.cgi?id=190916
2476
2477         Reviewed by Tim Horton.
2478
2479         * API/JSManagedValue.mm:
2480         * API/JSVirtualMachine.mm:
2481         * API/JSWrapperMap.mm:
2482
2483 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
2484
2485         useProbeOSRExit causes failures for Win64 DFG JIT
2486         https://bugs.webkit.org/show_bug.cgi?id=190656
2487
2488         Reviewed by Keith Miller.
2489
2490         * assembler/ProbeContext.cpp:
2491         (JSC::Probe::executeProbe):
2492         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
2493         then let's just call lowWatermarkFromVisitingDirtyPages instead.
2494
2495         * dfg/DFGOSRExit.cpp:
2496         (JSC::DFG::OSRExit::executeOSRExit):
2497         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
2498         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
2499         (Also, stop redundantly setting the stack pointer twice in a row.)
2500
2501 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2502
2503         "Unreviewed, partial rolling in r237254"
2504         https://bugs.webkit.org/show_bug.cgi?id=190340
2505
2506         This only adds Parser.{cpp,h}. And it is not used in this patch.
2507         It examines that the regression is related to exact Parser changes.
2508
2509         * parser/Parser.cpp:
2510         (JSC::Parser<LexerType>::parseInner):
2511         (JSC::Parser<LexerType>::parseSingleFunction):
2512         (JSC::Parser<LexerType>::parseFunctionInfo):
2513         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2514         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
2515         * parser/Parser.h:
2516         (JSC::Parser<LexerType>::parse):
2517         (JSC::parse):
2518         (JSC::parseFunctionForFunctionConstructor):
2519
2520 2018-10-29  Mark Lam  <mark.lam@apple.com>
2521
2522         Correctly detect string overflow when using the 'Function' constructor.
2523         https://bugs.webkit.org/show_bug.cgi?id=184883
2524         <rdar://problem/36320331>
2525
2526         Reviewed by Saam Barati.
2527
2528         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
2529         we detect an overflow.
2530
2531         * runtime/FunctionConstructor.cpp:
2532         (JSC::constructFunctionSkippingEvalEnabledCheck):
2533         * runtime/JSGlobalObjectFunctions.cpp:
2534         (JSC::encode):
2535         (JSC::decode):
2536         * runtime/JSONObject.cpp:
2537         (JSC::Stringifier::stringify):
2538         (JSC::Stringifier::appendStringifiedValue):
2539
2540 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2541
2542         Unreviewed, fix JSC on arm64e after r237547
2543         https://bugs.webkit.org/show_bug.cgi?id=187373
2544
2545         Unreviewed.
2546
2547         Remove unused move guarded by POINTER_PROFILING that was trashing the
2548         metadata on arm64e.
2549
2550         * llint/LowLevelInterpreter64.asm:
2551
2552 2018-10-29  Keith Miller  <keith_miller@apple.com>
2553
2554         JSC should explicitly list its modulemap file
2555         https://bugs.webkit.org/show_bug.cgi?id=191032
2556
2557         Reviewed by Saam Barati.
2558
2559         The automagically generated module map file for JSC will
2560         include headers where they may not work out of the box.
2561         This patch makes it so we now export the same modulemap
2562         that used to be provided via the legacy system.
2563
2564         * Configurations/JavaScriptCore.xcconfig:
2565         * JavaScriptCore.modulemap: Added.
2566         * JavaScriptCore.xcodeproj/project.pbxproj:
2567
2568 2018-10-29  Tim Horton  <timothy_horton@apple.com>
2569
2570         Modernize WebKit nibs and lprojs for localization's sake
2571         https://bugs.webkit.org/show_bug.cgi?id=190911
2572         <rdar://problem/45349466>
2573
2574         Reviewed by Dan Bernstein.
2575
2576         * JavaScriptCore.xcodeproj/project.pbxproj:
2577         English->en
2578
2579 2018-10-29  Commit Queue  <commit-queue@webkit.org>
2580
2581         Unreviewed, rolling out r237492.
2582         https://bugs.webkit.org/show_bug.cgi?id=191035
2583
2584         "It regresses JetStream 2 by 5% on some iOS devices"
2585         (Requested by saamyjoon on #webkit).
2586
2587         Reverted changeset:
2588
2589         "Unreviewed, partial rolling in r237254"
2590         https://bugs.webkit.org/show_bug.cgi?id=190340
2591         https://trac.webkit.org/changeset/237492
2592
2593 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2594
2595         Add support for GetStack FlushedDouble
2596         https://bugs.webkit.org/show_bug.cgi?id=191012
2597         <rdar://problem/45265141>
2598
2599         Reviewed by Saam Barati.
2600
2601         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
2602         for doubles, but it turns out it may arise from the PutStack sinking
2603         phase: if we sink a PutStack into a successor block, other predecessors
2604         will emit a GetStack followed by a Upsilon.
2605
2606         * ftl/FTLLowerDFGToB3.cpp:
2607         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
2608
2609 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2610
2611         New bytecode format for JSC
2612         https://bugs.webkit.org/show_bug.cgi?id=187373
2613         <rdar://problem/44186758>
2614
2615         Reviewed by Filip Pizlo.
2616
2617         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
2618         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
2619         operands) and might contain an extra operand, the metadataID. The metadataID is used to
2620         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
2621
2622         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
2623         and types to all its operands. Additionally, reading a bytecode from the instruction stream
2624         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
2625         operands directly from the stream.
2626
2627
2628         * CMakeLists.txt:
2629         * DerivedSources.make:
2630         * JavaScriptCore.xcodeproj/project.pbxproj:
2631         * Sources.txt:
2632         * assembler/MacroAssemblerCodeRef.h:
2633         (JSC::ReturnAddressPtr::ReturnAddressPtr):
2634         (JSC::ReturnAddressPtr::value const):
2635         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
2636         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2637         * bytecode/ArithProfile.h:
2638         (JSC::ArithProfile::ArithProfile):
2639         * bytecode/ArrayAllocationProfile.h:
2640         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
2641         * bytecode/ArrayProfile.h:
2642         * bytecode/BytecodeBasicBlock.cpp:
2643         (JSC::isJumpTarget):
2644         (JSC::BytecodeBasicBlock::computeImpl):
2645         (JSC::BytecodeBasicBlock::compute):
2646         * bytecode/BytecodeBasicBlock.h:
2647         (JSC::BytecodeBasicBlock::leaderOffset const):
2648         (JSC::BytecodeBasicBlock::totalLength const):
2649         (JSC::BytecodeBasicBlock::offsets const):
2650         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
2651         (JSC::BytecodeBasicBlock::addLength):
2652         * bytecode/BytecodeDumper.cpp:
2653         (JSC::BytecodeDumper<Block>::printLocationAndOp):
2654         (JSC::BytecodeDumper<Block>::dumpBytecode):
2655         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2656         (JSC::BytecodeDumper<Block>::dumpConstants):
2657         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2658         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2659         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2660         (JSC::BytecodeDumper<Block>::dumpBlock):
2661         * bytecode/BytecodeDumper.h:
2662         (JSC::BytecodeDumper::dumpOperand):
2663         (JSC::BytecodeDumper::dumpValue):
2664         (JSC::BytecodeDumper::BytecodeDumper):
2665         (JSC::BytecodeDumper::block const):
2666         * bytecode/BytecodeGeneratorification.cpp:
2667         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2668         (JSC::BytecodeGeneratorification::enterPoint const):
2669         (JSC::BytecodeGeneratorification::instructions const):
2670         (JSC::GeneratorLivenessAnalysis::run):
2671         (JSC::BytecodeGeneratorification::run):
2672         (JSC::performGeneratorification):
2673         * bytecode/BytecodeGeneratorification.h:
2674         * bytecode/BytecodeGraph.h:
2675         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
2676         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
2677         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
2678         (JSC::BytecodeGraph::BytecodeGraph):
2679         * bytecode/BytecodeKills.h:
2680         * bytecode/BytecodeList.json: Removed.
2681         * bytecode/BytecodeList.rb: Added.
2682         * bytecode/BytecodeLivenessAnalysis.cpp:
2683         (JSC::BytecodeLivenessAnalysis::dumpResults):
2684         * bytecode/BytecodeLivenessAnalysis.h:
2685         * bytecode/BytecodeLivenessAnalysisInlines.h:
2686         (JSC::isValidRegisterForLiveness):
2687         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
2688         * bytecode/BytecodeRewriter.cpp:
2689         (JSC::BytecodeRewriter::applyModification):
2690         (JSC::BytecodeRewriter::execute):
2691         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
2692         (JSC::BytecodeRewriter::insertImpl):
2693         (JSC::BytecodeRewriter::adjustJumpTarget):
2694         (JSC::BytecodeRewriter::adjustJumpTargets):
2695         * bytecode/BytecodeRewriter.h:
2696         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
2697         (JSC::BytecodeRewriter::Fragment::Fragment):
2698         (JSC::BytecodeRewriter::Fragment::appendInstruction):
2699         (JSC::BytecodeRewriter::BytecodeRewriter):
2700         (JSC::BytecodeRewriter::insertFragmentBefore):
2701         (JSC::BytecodeRewriter::insertFragmentAfter):
2702         (JSC::BytecodeRewriter::removeBytecode):
2703         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
2704         (JSC::BytecodeRewriter::adjustJumpTarget):
2705         * bytecode/BytecodeUseDef.h:
2706         (JSC::computeUsesForBytecodeOffset):
2707         (JSC::computeDefsForBytecodeOffset):
2708         * bytecode/CallLinkStatus.cpp:
2709         (JSC::CallLinkStatus::computeFromLLInt):
2710         * bytecode/CodeBlock.cpp:
2711         (JSC::CodeBlock::dumpBytecode):
2712         (JSC::CodeBlock::CodeBlock):
2713         (JSC::CodeBlock::finishCreation):
2714         (JSC::CodeBlock::estimatedSize):
2715         (JSC::CodeBlock::visitChildren):
2716         (JSC::CodeBlock::propagateTransitions):
2717         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2718         (JSC::CodeBlock::addJITAddIC):
2719         (JSC::CodeBlock::addJITMulIC):
2720         (JSC::CodeBlock::addJITSubIC):
2721         (JSC::CodeBlock::addJITNegIC):
2722         (JSC::CodeBlock::stronglyVisitStrongReferences):
2723         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
2724         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
2725         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2726         (JSC::CodeBlock::getArrayProfile):
2727         (JSC::CodeBlock::updateAllArrayPredictions):
2728         (JSC::CodeBlock::predictedMachineCodeSize):
2729         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
2730         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2731         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2732         (JSC::CodeBlock::validate):
2733         (JSC::CodeBlock::outOfLineJumpOffset):
2734         (JSC::CodeBlock::outOfLineJumpTarget):
2735         (JSC::CodeBlock::arithProfileForBytecodeOffset):
2736         (JSC::CodeBlock::arithProfileForPC):
2737         (JSC::CodeBlock::couldTakeSpecialFastCase):
2738         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2739         * bytecode/CodeBlock.h:
2740         (JSC::CodeBlock::addMathIC):
2741         (JSC::CodeBlock::outOfLineJumpOffset):
2742         (JSC::CodeBlock::bytecodeOffset):
2743         (JSC::CodeBlock::instructions const):
2744         (JSC::CodeBlock::instructionCount const):
2745         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2746         (JSC::CodeBlock::metadata):
2747         (JSC::CodeBlock::metadataSizeInBytes):
2748         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
2749         (JSC::CodeBlock::totalNumberOfValueProfiles):
2750         * bytecode/CodeBlockInlines.h: Added.
2751         (JSC::CodeBlock::forEachValueProfile):
2752         (JSC::CodeBlock::forEachArrayProfile):
2753         (JSC::CodeBlock::forEachArrayAllocationProfile):
2754         (JSC::CodeBlock::forEachObjectAllocationProfile):
2755         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2756         * bytecode/Fits.h: Added.
2757         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2758         * bytecode/GetByIdStatus.cpp:
2759         (JSC::GetByIdStatus::computeFromLLInt):
2760         * bytecode/Instruction.h:
2761         (JSC::Instruction::Instruction):
2762         (JSC::Instruction::Impl::opcodeID const):
2763         (JSC::Instruction::opcodeID const):
2764         (JSC::Instruction::name const):
2765         (JSC::Instruction::isWide const):
2766         (JSC::Instruction::size const):
2767         (JSC::Instruction::is const):
2768         (JSC::Instruction::as const):
2769         (JSC::Instruction::cast):
2770         (JSC::Instruction::cast const):
2771         (JSC::Instruction::narrow const):
2772         (JSC::Instruction::wide const):
2773         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2774         (JSC::InstructionStream::InstructionStream):
2775         (JSC::InstructionStream::sizeInBytes const):
2776         * bytecode/InstructionStream.h: Added.
2777         (JSC::InstructionStream::BaseRef::BaseRef):
2778         (JSC::InstructionStream::BaseRef::operator=):
2779         (JSC::InstructionStream::BaseRef::operator-> const):
2780         (JSC::InstructionStream::BaseRef::ptr const):
2781         (JSC::InstructionStream::BaseRef::operator!= const):
2782         (JSC::InstructionStream::BaseRef::next const):
2783         (JSC::InstructionStream::BaseRef::offset const):
2784         (JSC::InstructionStream::BaseRef::isValid const):
2785         (JSC::InstructionStream::BaseRef::unwrap const):
2786         (JSC::InstructionStream::MutableRef::freeze const):
2787         (JSC::InstructionStream::MutableRef::operator->):
2788         (JSC::InstructionStream::MutableRef::ptr):
2789         (JSC::InstructionStream::MutableRef::operator Ref):
2790         (JSC::InstructionStream::MutableRef::unwrap):
2791         (JSC::InstructionStream::iterator::operator*):
2792         (JSC::InstructionStream::iterator::operator++):
2793         (JSC::InstructionStream::begin const):
2794         (JSC::InstructionStream::end const):
2795         (JSC::InstructionStream::at const):
2796         (JSC::InstructionStream::size const):
2797         (JSC::InstructionStreamWriter::InstructionStreamWriter):
2798         (JSC::InstructionStreamWriter::ref):
2799         (JSC::InstructionStreamWriter::seek):
2800         (JSC::InstructionStreamWriter::position):
2801         (JSC::InstructionStreamWriter::write):
2802         (JSC::InstructionStreamWriter::rewind):
2803         (JSC::InstructionStreamWriter::finalize):
2804         (JSC::InstructionStreamWriter::swap):
2805         (JSC::InstructionStreamWriter::iterator::operator*):
2806         (JSC::InstructionStreamWriter::iterator::operator++):
2807         (JSC::InstructionStreamWriter::begin):
2808         (JSC::InstructionStreamWriter::end):
2809         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
2810         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
2811         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
2812         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
2813         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
2814         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2815         (JSC::MetadataTable::MetadataTable):
2816         (JSC::DeallocTable::withOpcodeType):
2817         (JSC::MetadataTable::~MetadataTable):
2818         (JSC::MetadataTable::sizeInBytes):
2819         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
2820         (JSC::MetadataTable::get):
2821         (JSC::MetadataTable::forEach):
2822         (JSC::MetadataTable::getImpl):
2823         * bytecode/Opcode.cpp:
2824         (JSC::metadataSize):
2825         * bytecode/Opcode.h:
2826         (JSC::padOpcodeName):
2827         * bytecode/OpcodeInlines.h:
2828         (JSC::isOpcodeShape):
2829         (JSC::getOpcodeType):
2830         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2831         * bytecode/PreciseJumpTargets.cpp:
2832         (JSC::getJumpTargetsForInstruction):
2833         (JSC::computePreciseJumpTargetsInternal):
2834         (JSC::computePreciseJumpTargets):
2835         (JSC::recomputePreciseJumpTargets):
2836         (JSC::findJumpTargetsForInstruction):
2837         * bytecode/PreciseJumpTargets.h:
2838         * bytecode/PreciseJumpTargetsInlines.h:
2839         (JSC::jumpTargetForInstruction):
2840         (JSC::extractStoredJumpTargetsForInstruction):
2841         (JSC::updateStoredJumpTargetsForInstruction):
2842         * bytecode/PutByIdStatus.cpp:
2843         (JSC::PutByIdStatus::computeFromLLInt):
2844         * bytecode/SpecialPointer.cpp:
2845         (WTF::printInternal):
2846         * bytecode/SpecialPointer.h:
2847         * bytecode/UnlinkedCodeBlock.cpp:
2848         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2849         (JSC::UnlinkedCodeBlock::visitChildren):
2850         (JSC::UnlinkedCodeBlock::estimatedSize):
2851         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
2852         (JSC::dumpLineColumnEntry):
2853         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
2854         (JSC::UnlinkedCodeBlock::setInstructions):
2855         (JSC::UnlinkedCodeBlock::instructions const):
2856         (JSC::UnlinkedCodeBlock::applyModification):
2857         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
2858         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2859         * bytecode/UnlinkedCodeBlock.h:
2860         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
2861         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
2862         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
2863         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
2864         (JSC::UnlinkedCodeBlock::metadata):
2865         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
2866         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2867         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
2868         * bytecode/UnlinkedInstructionStream.cpp: Removed.
2869         * bytecode/UnlinkedInstructionStream.h: Removed.
2870         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2871         * bytecode/UnlinkedMetadataTableInlines.h: Added.
2872         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2873         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2874         (JSC::UnlinkedMetadataTable::addEntry):
2875         (JSC::UnlinkedMetadataTable::sizeInBytes):
2876         (JSC::UnlinkedMetadataTable::finalize):
2877         (JSC::UnlinkedMetadataTable::link):
2878         (JSC::UnlinkedMetadataTable::unlink):
2879         * bytecode/VirtualRegister.cpp:
2880         (JSC::VirtualRegister::VirtualRegister):
2881         * bytecode/VirtualRegister.h:
2882         * bytecompiler/BytecodeGenerator.cpp:
2883         (JSC::Label::setLocation):
2884         (JSC::Label::bind):
2885         (JSC::BytecodeGenerator::generate):
2886         (JSC::BytecodeGenerator::BytecodeGenerator):
2887         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2888         (JSC::BytecodeGenerator::emitEnter):
2889         (JSC::BytecodeGenerator::emitLoopHint):
2890         (JSC::BytecodeGenerator::emitJump):
2891         (JSC::BytecodeGenerator::emitCheckTraps):
2892         (JSC::BytecodeGenerator::rewind):
2893         (JSC::BytecodeGenerator::fuseCompareAndJump):
2894         (JSC::BytecodeGenerator::fuseTestAndJmp):
2895         (JSC::BytecodeGenerator::emitJumpIfTrue):
2896         (JSC::BytecodeGenerator::emitJumpIfFalse):
2897         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2898         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2899         (JSC::BytecodeGenerator::moveLinkTimeConstant):
2900         (JSC::BytecodeGenerator::moveEmptyValue):
2901         (JSC::BytecodeGenerator::emitMove):
2902         (JSC::BytecodeGenerator::emitUnaryOp):
2903         (JSC::BytecodeGenerator::emitBinaryOp):
2904         (JSC::BytecodeGenerator::emitToObject):
2905         (JSC::BytecodeGenerator::emitToNumber):
2906         (JSC::BytecodeGenerator::emitToString):
2907         (JSC::BytecodeGenerator::emitTypeOf):
2908         (JSC::BytecodeGenerator::emitInc):
2909         (JSC::BytecodeGenerator::emitDec):
2910         (JSC::BytecodeGenerator::emitEqualityOp):
2911         (JSC::BytecodeGenerator::emitProfileType):
2912         (JSC::BytecodeGenerator::emitProfileControlFlow):
2913         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2914         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
2915         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2916         (JSC::BytecodeGenerator::emitOverridesHasInstance):
2917         (JSC::BytecodeGenerator::emitResolveScope):
2918         (JSC::BytecodeGenerator::emitGetFromScope):
2919         (JSC::BytecodeGenerator::emitPutToScope):
2920         (JSC::BytecodeGenerator::emitInstanceOf):
2921         (JSC::BytecodeGenerator::emitInstanceOfCustom):
2922         (JSC::BytecodeGenerator::emitInByVal):
2923         (JSC::BytecodeGenerator::emitInById):
2924         (JSC::BytecodeGenerator::emitTryGetById):
2925         (JSC::BytecodeGenerator::emitGetById):
2926         (JSC::BytecodeGenerator::emitDirectGetById):
2927         (JSC::BytecodeGenerator::emitPutById):
2928         (JSC::BytecodeGenerator::emitDirectPutById):
2929         (JSC::BytecodeGenerator::emitPutGetterById):
2930         (JSC::BytecodeGenerator::emitPutSetterById):
2931         (JSC::BytecodeGenerator::emitPutGetterSetter):
2932         (JSC::BytecodeGenerator::emitPutGetterByVal):
2933         (JSC::BytecodeGenerator::emitPutSetterByVal):
2934         (JSC::BytecodeGenerator::emitDeleteById):
2935         (JSC::BytecodeGenerator::emitGetByVal):
2936         (JSC::BytecodeGenerator::emitPutByVal):
2937         (JSC::BytecodeGenerator::emitDirectPutByVal):
2938         (JSC::BytecodeGenerator::emitDeleteByVal):
2939         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
2940         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
2941         (JSC::BytecodeGenerator::emitIdWithProfile):
2942         (JSC::BytecodeGenerator::emitUnreachable):
2943         (JSC::BytecodeGenerator::emitGetArgument):
2944         (JSC::BytecodeGenerator::emitCreateThis):
2945         (JSC::BytecodeGenerator::emitTDZCheck):
2946         (JSC::BytecodeGenerator::emitNewObject):
2947         (JSC::BytecodeGenerator::emitNewArrayBuffer):
2948         (JSC::BytecodeGenerator::emitNewArray):
2949         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
2950         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2951         (JSC::BytecodeGenerator::emitNewRegExp):
2952         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
2953         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
2954         (JSC::BytecodeGenerator::emitNewFunction):
2955         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
2956         (JSC::BytecodeGenerator::emitCall):
2957         (JSC::BytecodeGenerator::emitCallInTailPosition):
2958         (JSC::BytecodeGenerator::emitCallEval):
2959         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2960         (JSC::BytecodeGenerator::emitCallVarargs):
2961         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
2962         (JSC::BytecodeGenerator::emitConstructVarargs):
2963         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
2964         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
2965         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
2966         (JSC::BytecodeGenerator::emitCallDefineProperty):
2967         (JSC::BytecodeGenerator::emitReturn):
2968         (JSC::BytecodeGenerator::emitEnd):
2969         (JSC::BytecodeGenerator::emitConstruct):
2970         (JSC::BytecodeGenerator::emitStrcat):
2971         (JSC::BytecodeGenerator::emitToPrimitive):
2972         (JSC::BytecodeGenerator::emitGetScope):
2973         (JSC::BytecodeGenerator::emitPushWithScope):
2974         (JSC::BytecodeGenerator::emitGetParentScope):
2975         (JSC::BytecodeGenerator::emitDebugHook):
2976         (JSC::BytecodeGenerator::emitCatch):
2977         (JSC::BytecodeGenerator::emitThrow):
2978         (JSC::BytecodeGenerator::emitArgumentCount):
2979         (JSC::BytecodeGenerator::emitThrowStaticError):
2980         (JSC::BytecodeGenerator::beginSwitch):
2981         (JSC::prepareJumpTableForSwitch):
2982         (JSC::prepareJumpTableForStringSwitch):
2983         (JSC::BytecodeGenerator::endSwitch):
2984         (JSC::BytecodeGenerator::emitGetEnumerableLength):
2985         (JSC::BytecodeGenerator::emitHasGenericProperty):
2986         (JSC::BytecodeGenerator::emitHasIndexedProperty):
2987         (JSC::BytecodeGenerator::emitHasStructureProperty):
2988         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
2989         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
2990         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
2991         (JSC::BytecodeGenerator::emitToIndexString):
2992         (JSC::BytecodeGenerator::emitIsCellWithType):
2993         (JSC::BytecodeGenerator::emitIsObject):
2994         (JSC::BytecodeGenerator::emitIsNumber):
2995         (JSC::BytecodeGenerator::emitIsUndefined):
2996         (JSC::BytecodeGenerator::emitIsEmpty):
2997         (JSC::BytecodeGenerator::emitRestParameter):
2998         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2999         (JSC::BytecodeGenerator::emitYieldPoint):
3000         (JSC::BytecodeGenerator::emitYield):
3001         (JSC::BytecodeGenerator::emitGetAsyncIterator):
3002         (JSC::BytecodeGenerator::emitDelegateYield):
3003         (JSC::BytecodeGenerator::emitFinallyCompletion):
3004         (JSC::BytecodeGenerator::emitJumpIf):
3005         (JSC::ForInContext::finalize):
3006         (JSC::StructureForInContext::finalize):
3007         (JSC::IndexedForInContext::finalize):
3008         (JSC::StaticPropertyAnalysis::record):
3009         (JSC::BytecodeGenerator::emitToThis):
3010         * bytecompiler/BytecodeGenerator.h:
3011         (JSC::StructureForInContext::addGetInst):
3012         (JSC::BytecodeGenerator::recordOpcode):
3013         (JSC::BytecodeGenerator::addMetadataFor):
3014         (JSC::BytecodeGenerator::emitUnaryOp):
3015         (JSC::BytecodeGenerator::kill):
3016         (JSC::BytecodeGenerator::instructions const):
3017         (JSC::BytecodeGenerator::write):
3018         (JSC::BytecodeGenerator::withWriter):
3019         * bytecompiler/Label.h:
3020         (JSC::Label::Label):
3021         (JSC::Label::bind):
3022         * bytecompiler/NodesCodegen.cpp:
3023         (JSC::ArrayNode::emitBytecode):
3024         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
3025         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3026         (JSC::BitwiseNotNode::emitBytecode):
3027         (JSC::BinaryOpNode::emitBytecode):
3028         (JSC::EqualNode::emitBytecode):
3029         (JSC::StrictEqualNode::emitBytecode):
3030         (JSC::emitReadModifyAssignment):
3031         (JSC::ForInNode::emitBytecode):
3032         (JSC::CaseBlockNode::emitBytecodeForBlock):
3033         (JSC::FunctionNode::emitBytecode):
3034         (JSC::ClassExprNode::emitBytecode):
3035         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
3036         (WTF::printInternal):
3037         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3038         * bytecompiler/RegisterID.h:
3039         * bytecompiler/StaticPropertyAnalysis.h:
3040         (JSC::StaticPropertyAnalysis::create):
3041         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
3042         * bytecompiler/StaticPropertyAnalyzer.h:
3043         (JSC::StaticPropertyAnalyzer::createThis):
3044         (JSC::StaticPropertyAnalyzer::newObject):
3045         (JSC::StaticPropertyAnalyzer::putById):
3046         (JSC::StaticPropertyAnalyzer::mov):
3047         (JSC::StaticPropertyAnalyzer::kill):
3048         * dfg/DFGByteCodeParser.cpp:
3049         (JSC::DFG::ByteCodeParser::addCall):
3050         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
3051         (JSC::DFG::ByteCodeParser::getArrayMode):
3052         (JSC::DFG::ByteCodeParser::handleCall):
3053         (JSC::DFG::ByteCodeParser::handleVarargsCall):
3054         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
3055         (JSC::DFG::ByteCodeParser::inlineCall):
3056         (JSC::DFG::ByteCodeParser::handleCallVariant):
3057         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
3058         (JSC::DFG::ByteCodeParser::handleInlining):
3059         (JSC::DFG::ByteCodeParser::handleMinMax):
3060         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3061         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
3062         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
3063         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
3064         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
3065         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
3066         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3067         (JSC::DFG::ByteCodeParser::handleGetById):
3068         (JSC::DFG::ByteCodeParser::handlePutById):
3069         (JSC::DFG::ByteCodeParser::parseGetById):
3070         (JSC::DFG::ByteCodeParser::parseBlock):
3071         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3072         (JSC::DFG::ByteCodeParser::handlePutByVal):
3073         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
3074         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
3075         (JSC::DFG::ByteCodeParser::handleNewFunc):
3076         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
3077         (JSC::DFG::ByteCodeParser::parse):
3078         * dfg/DFGCapabilities.cpp:
3079         (JSC::DFG::capabilityLevel):
3080         * dfg/DFGCapabilities.h:
3081         (JSC::DFG::capabilityLevel):
3082         * dfg/DFGOSREntry.cpp:
3083         (JSC::DFG::prepareCatchOSREntry):
3084         * dfg/DFGSpeculativeJIT.cpp:
3085         (JSC::DFG::SpeculativeJIT::compileValueAdd):
3086         (JSC::DFG::SpeculativeJIT::compileValueSub):
3087         (JSC::DFG::SpeculativeJIT::compileValueNegate):
3088         (JSC::DFG::SpeculativeJIT::compileArithMul):
3089         * ftl/FTLLowerDFGToB3.cpp:
3090         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
3091         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
3092         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
3093         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
3094         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
3095         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
3096         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
3097         * ftl/FTLOperations.cpp:
3098         (JSC::FTL::operationMaterializeObjectInOSR):
3099         * generate-bytecode-files: Removed.
3100         * generator/Argument.rb: Added.
3101         * generator/Assertion.rb: Added.
3102         * generator/DSL.rb: Added.
3103         * generator/Fits.rb: Added.
3104         * generator/GeneratedFile.rb: Added.
3105         * generator/Metadata.rb: Added.
3106         * generator/Opcode.rb: Added.
3107         * generator/OpcodeGroup.rb: Added.
3108         * generator/Options.rb: Added.
3109         * generator/Section.rb: Added.
3110         * generator/Template.rb: Added.
3111         * generator/Type.rb: Added.
3112         * generator/main.rb: Added.
3113         * interpreter/AbstractPC.h:
3114         * interpreter/CallFrame.cpp:
3115         (JSC::CallFrame::currentVPC const):
3116         (JSC::CallFrame::setCurrentVPC):
3117         * interpreter/CallFrame.h:
3118         (JSC::CallSiteIndex::CallSiteIndex):
3119         (JSC::ExecState::setReturnPC):
3120         * interpreter/Interpreter.cpp:
3121         (WTF::printInternal):
3122         * interpreter/Interpreter.h:
3123         * interpreter/InterpreterInlines.h:
3124         * interpreter/StackVisitor.cpp:
3125         (JSC::StackVisitor::Frame::dump const):
3126         * interpreter/VMEntryRecord.h:
3127         * jit/JIT.cpp:
3128         (JSC::JIT::JIT):
3129         (JSC::JIT::emitSlowCaseCall):
3130         (JSC::JIT::privateCompileMainPass):
3131         (JSC::JIT::privateCompileSlowCases):
3132         (JSC::JIT::compileWithoutLinking):
3133         (JSC::JIT::link):
3134         * jit/JIT.h:
3135         * jit/JITArithmetic.cpp:
3136         (JSC::JIT::emit_op_jless):
3137         (JSC::JIT::emit_op_jlesseq):
3138         (JSC::JIT::emit_op_jgreater):
3139         (JSC::JIT::emit_op_jgreatereq):
3140         (JSC::JIT::emit_op_jnless):
3141         (JSC::JIT::emit_op_jnlesseq):
3142         (JSC::JIT::emit_op_jngreater):
3143         (JSC::JIT::emit_op_jngreatereq):
3144         (JSC::JIT::emitSlow_op_jless):
3145         (JSC::JIT::emitSlow_op_jlesseq):
3146         (JSC::JIT::emitSlow_op_jgreater):
3147         (JSC::JIT::emitSlow_op_jgreatereq):
3148         (JSC::JIT::emitSlow_op_jnless):
3149         (JSC::JIT::emitSlow_op_jnlesseq):
3150         (JSC::JIT::emitSlow_op_jngreater):
3151         (JSC::JIT::emitSlow_op_jngreatereq):
3152         (JSC::JIT::emit_op_below):
3153         (JSC::JIT::emit_op_beloweq):
3154         (JSC::JIT::emit_op_jbelow):
3155         (JSC::JIT::emit_op_jbeloweq):
3156         (JSC::JIT::emit_op_unsigned):
3157         (JSC::JIT::emit_compareAndJump):
3158         (JSC::JIT::emit_compareUnsignedAndJump):
3159         (JSC::JIT::emit_compareUnsigned):
3160         (JSC::JIT::emit_compareAndJumpSlow):
3161         (JSC::JIT::emit_op_inc):
3162         (JSC::JIT::emit_op_dec):
3163         (JSC::JIT::emit_op_mod):
3164         (JSC::JIT::emitSlow_op_mod):
3165         (JSC::JIT::emit_op_negate):
3166         (JSC::JIT::emitSlow_op_negate):
3167         (JSC::JIT::emitBitBinaryOpFastPath):
3168         (JSC::JIT::emit_op_bitand):
3169         (JSC::JIT::emit_op_bitor):
3170         (JSC::JIT::emit_op_bitxor):
3171         (JSC::JIT::emit_op_lshift):
3172         (JSC::JIT::emitRightShiftFastPath):
3173         (JSC::JIT::emit_op_rshift):
3174         (JSC::JIT::emit_op_urshift):
3175         (JSC::getOperandTypes):
3176         (JSC::JIT::emit_op_add):
3177         (JSC::JIT::emitSlow_op_add):
3178         (JSC::JIT::emitMathICFast):
3179         (JSC::JIT::emitMathICSlow):
3180         (JSC::JIT::emit_op_div):
3181         (JSC::JIT::emit_op_mul):
3182         (JSC::JIT::emitSlow_op_mul):
3183         (JSC::JIT::emit_op_sub):
3184         (JSC::JIT::emitSlow_op_sub):
3185         * jit/JITCall.cpp:
3186         (JSC::JIT::emitPutCallResult):
3187         (JSC::JIT::compileSetupFrame):
3188         (JSC::JIT::compileCallEval):
3189         (JSC::JIT::compileCallEvalSlowCase):
3190         (JSC::JIT::compileTailCall):
3191         (JSC::JIT::compileOpCall):
3192         (JSC::JIT::compileOpCallSlowCase):
3193         (JSC::JIT::emit_op_call):
3194         (JSC::JIT::emit_op_tail_call):
3195         (JSC::JIT::emit_op_call_eval):
3196         (JSC::JIT::emit_op_call_varargs):
3197         (JSC::JIT::emit_op_tail_call_varargs):
3198         (JSC::JIT::emit_op_tail_call_forward_arguments):
3199         (JSC::JIT::emit_op_construct_varargs):
3200         (JSC::JIT::emit_op_construct):
3201         (JSC::JIT::emitSlow_op_call):
3202         (JSC::JIT::emitSlow_op_tail_call):
3203         (JSC::JIT::emitSlow_op_call_eval):
3204         (JSC::JIT::emitSlow_op_call_varargs):
3205         (JSC::JIT::emitSlow_op_tail_call_varargs):
3206         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
3207         (JSC::JIT::emitSlow_op_construct_varargs):
3208         (JSC::JIT::emitSlow_op_construct):
3209         * jit/JITDisassembler.cpp:
3210         (JSC::JITDisassembler::JITDisassembler):
3211         * jit/JITExceptions.cpp:
3212         (JSC::genericUnwind):
3213         * jit/JITInlines.h:
3214         (JSC::JIT::emitDoubleGetByVal):
3215         (JSC::JIT::emitLoadForArrayMode):
3216         (JSC::JIT::emitContiguousGetByVal):
3217         (JSC::JIT::emitArrayStorageGetByVal):
3218         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
3219         (JSC::JIT::sampleInstruction):
3220         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
3221         (JSC::JIT::emitValueProfilingSite):
3222         (JSC::JIT::jumpTarget):
3223         (JSC::JIT::copiedGetPutInfo):
3224         (JSC::JIT::copiedArithProfile):
3225         * jit/JITMathIC.h:
3226         (JSC::isProfileEmpty):
3227         (JSC::JITBinaryMathIC::JITBinaryMathIC):
3228         (JSC::JITUnaryMathIC::JITUnaryMathIC):
3229         * jit/JITOpcodes.cpp:
3230         (JSC::JIT::emit_op_mov):
3231         (JSC::JIT::emit_op_end):
3232         (JSC::JIT::emit_op_jmp):
3233         (JSC::JIT::emit_op_new_object):
3234         (JSC::JIT::emitSlow_op_new_object):
3235         (JSC::JIT::emit_op_overrides_has_instance):
3236         (JSC::JIT::emit_op_instanceof):
3237         (JSC::JIT::emitSlow_op_instanceof):
3238         (JSC::JIT::emit_op_instanceof_custom):
3239         (JSC::JIT::emit_op_is_empty):
3240         (JSC::JIT::emit_op_is_undefined):
3241         (JSC::JIT::emit_op_is_boolean):
3242         (JSC::JIT::emit_op_is_number):
3243         (JSC::JIT::emit_op_is_cell_with_type):
3244         (JSC::JIT::emit_op_is_object):
3245         (JSC::JIT::emit_op_ret):
3246         (JSC::JIT::emit_op_to_primitive):
3247         (JSC::JIT::emit_op_set_function_name):
3248         (JSC::JIT::emit_op_not):
3249         (JSC::JIT::emit_op_jfalse):
3250         (JSC::JIT::emit_op_jeq_null):
3251         (JSC::JIT::emit_op_jneq_null):
3252         (JSC::JIT::emit_op_jneq_ptr):
3253         (JSC::JIT::emit_op_eq):
3254         (JSC::JIT::emit_op_jeq):
3255         (JSC::JIT::emit_op_jtrue):
3256         (JSC::JIT::emit_op_neq):
3257         (JSC::JIT::emit_op_jneq):
3258         (JSC::JIT::emit_op_throw):
3259         (JSC::JIT::compileOpStrictEq):
3260         (JSC::JIT::emit_op_stricteq):
3261         (JSC::JIT::emit_op_nstricteq):
3262         (JSC::JIT::compileOpStrictEqJump):
3263         (JSC::JIT::emit_op_jstricteq):
3264         (JSC::JIT::emit_op_jnstricteq):
3265         (JSC::JIT::emitSlow_op_jstricteq):
3266         (JSC::JIT::emitSlow_op_jnstricteq):
3267         (JSC::JIT::emit_op_to_number):
3268         (JSC::JIT::emit_op_to_string):
3269         (JSC::JIT::emit_op_to_object):
3270         (JSC::JIT::emit_op_catch):
3271         (JSC::JIT::emit_op_identity_with_profile):
3272         (JSC::JIT::emit_op_get_parent_scope):
3273         (JSC::JIT::emit_op_switch_imm):
3274         (JSC::JIT::emit_op_switch_char):
3275         (JSC::JIT::emit_op_switch_string):
3276         (JSC::JIT::emit_op_debug):
3277         (JSC::JIT::emit_op_eq_null):
3278         (JSC::JIT::emit_op_neq_null):
3279         (JSC::JIT::emit_op_enter):
3280         (JSC::JIT::emit_op_get_scope):
3281         (JSC::JIT::emit_op_to_this):
3282         (JSC::JIT::emit_op_create_this):
3283         (JSC::JIT::emit_op_check_tdz):
3284         (JSC::JIT::emitSlow_op_eq):
3285         (JSC::JIT::emitSlow_op_neq):
3286         (JSC::JIT::emitSlow_op_jeq):
3287         (JSC::JIT::emitSlow_op_jneq):
3288         (JSC::JIT::emitSlow_op_instanceof_custom):
3289         (JSC::JIT::emit_op_loop_hint):
3290         (JSC::JIT::emitSlow_op_loop_hint):
3291         (JSC::JIT::emit_op_check_traps):
3292         (JSC::JIT::emit_op_nop):
3293         (JSC::JIT::emit_op_super_sampler_begin):
3294         (JSC::JIT::emit_op_super_sampler_end):
3295         (JSC::JIT::emitSlow_op_check_traps):
3296         (JSC::JIT::emit_op_new_regexp):
3297         (JSC::JIT::emitNewFuncCommon):
3298         (JSC::JIT::emit_op_new_func):
3299         (JSC::JIT::emit_op_new_generator_func):
3300         (JSC::JIT::emit_op_new_async_generator_func):
3301         (JSC::JIT::emit_op_new_async_func):
3302         (JSC::JIT::emitNewFuncExprCommon):
3303         (JSC::JIT::emit_op_new_func_exp):
3304         (JSC::JIT::emit_op_new_generator_func_exp):
3305         (JSC::JIT::emit_op_new_async_func_exp):
3306         (JSC::JIT::emit_op_new_async_generator_func_exp):
3307         (JSC::JIT::emit_op_new_array):
3308         (JSC::JIT::emit_op_new_array_with_size):
3309         (JSC::JIT::emit_op_has_structure_property):
3310         (JSC::JIT::privateCompileHasIndexedProperty):
3311         (JSC::JIT::emit_op_has_indexed_property):
3312         (JSC::JIT::emitSlow_op_has_indexed_property):
3313         (JSC::JIT::emit_op_get_direct_pname):
3314         (JSC::JIT::emit_op_enumerator_structure_pname):
3315         (JSC::JIT::emit_op_enumerator_generic_pname):
3316         (JSC::JIT::emit_op_profile_type):
3317         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
3318         (JSC::JIT::emit_op_log_shadow_chicken_tail):
3319         (JSC::JIT::emit_op_profile_control_flow):
3320         (JSC::JIT::emit_op_argument_count):
3321         (JSC::JIT::emit_op_get_rest_length):
3322         (JSC::JIT::emit_op_get_argument):
3323         * jit/JITOpcodes32_64.cpp:
3324         (JSC::JIT::emit_op_to_this):
3325         * jit/JITOperations.cpp:
3326         * jit/JITOperations.h:
3327         * jit/JITPropertyAccess.cpp:
3328         (JSC::JIT::emit_op_get_by_val):
3329         (JSC::JIT::emitGetByValWithCachedId):
3330         (JSC::JIT::emitSlow_op_get_by_val):
3331         (JSC::JIT::emit_op_put_by_val_direct):
3332         (JSC::JIT::emit_op_put_by_val):
3333         (JSC::JIT::emitGenericContiguousPutByVal):
3334         (JSC::JIT::emitArrayStoragePutByVal):
3335         (JSC::JIT::emitPutByValWithCachedId):
3336         (JSC::JIT::emitSlow_op_put_by_val):
3337         (JSC::JIT::emit_op_put_getter_by_id):
3338         (JSC::JIT::emit_op_put_setter_by_id):
3339         (JSC::JIT::emit_op_put_getter_setter_by_id):
3340         (JSC::JIT::emit_op_put_getter_by_val):
3341         (JSC::JIT::emit_op_put_setter_by_val):
3342         (JSC::JIT::emit_op_del_by_id):
3343         (JSC::JIT::emit_op_del_by_val):
3344         (JSC::JIT::emit_op_try_get_by_id):
3345         (JSC::JIT::emitSlow_op_try_get_by_id):
3346         (JSC::JIT::emit_op_get_by_id_direct):
3347         (JSC::JIT::emitSlow_op_get_by_id_direct):
3348         (JSC::JIT::emit_op_get_by_id):
3349         (JSC::JIT::emit_op_get_by_id_with_this):
3350         (JSC::JIT::emitSlow_op_get_by_id):
3351         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3352         (JSC::JIT::emit_op_put_by_id):
3353         (JSC::JIT::emitSlow_op_put_by_id):
3354         (JSC::JIT::emit_op_in_by_id):
3355         (JSC::JIT::emitSlow_op_in_by_id):
3356         (JSC::JIT::emit_op_resolve_scope):
3357         (JSC::JIT::emit_op_get_from_scope):
3358         (JSC::JIT::emitSlow_op_get_from_scope):
3359         (JSC::JIT::emit_op_put_to_scope):
3360         (JSC::JIT::emitSlow_op_put_to_scope):
3361         (JSC::JIT::emit_op_get_from_arguments):
3362         (JSC::JIT::emit_op_put_to_arguments):
3363         (JSC::JIT::privateCompileGetByVal):
3364         (JSC::JIT::privateCompileGetByValWithCachedId):
3365         (JSC::JIT::privateCompilePutByVal):
3366         (JSC::JIT::privateCompilePutByValWithCachedId):
3367         (JSC::JIT::emitDoubleLoad):
3368         (JSC::JIT::emitContiguousLoad):
3369         (JSC::JIT::emitArrayStorageLoad):
3370         (JSC::JIT::emitDirectArgumentsGetByVal):
3371         (JSC::JIT::emitScopedArgumentsGetByVal):
3372         (JSC::JIT::emitIntTypedArrayGetByVal):
3373         (JSC::JIT::emitFloatTypedArrayGetByVal):
3374         (JSC::JIT::emitIntTypedArrayPutByVal):
3375         (JSC::JIT::emitFloatTypedArrayPutByVal):
3376         * jit/RegisterSet.cpp:
3377         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
3378         * jit/SlowPathCall.h:
3379         (JSC::JITSlowPathCall::JITSlowPathCall):
3380         * llint/LLIntData.cpp:
3381         (JSC::LLInt::initialize):
3382         (JSC::LLInt::Data::performAssertions):
3383         * llint/LLIntData.h:
3384         (JSC::LLInt::exceptionInstructions):
3385         (JSC::LLInt::opcodeMap):
3386         (JSC::LLInt::opcodeMapWide):
3387         (JSC::LLInt::getOpcode):
3388         (JSC::LLInt::getOpcodeWide):
3389         (JSC::LLInt::getWideCodePtr):
3390         * llint/LLIntOffsetsExtractor.cpp:
3391         * llint/LLIntSlowPaths.cpp:
3392         (JSC::LLInt::llint_trace_operand):
3393         (JSC::LLInt::llint_trace_value):
3394         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3395         (JSC::LLInt::entryOSR):
3396         (JSC::LLInt::setupGetByIdPrototypeCache):
3397         (JSC::LLInt::getByVal):
3398         (JSC::LLInt::handleHostCall):
3399         (JSC::LLInt::setUpCall):
3400         (JSC::LLInt::genericCall):
3401         (JSC::LLInt::varargsSetup):
3402         (JSC::LLInt::commonCallEval):
3403         * llint/LLIntSlowPaths.h:
3404         * llint/LowLevelInterpreter.asm:
3405         * llint/LowLevelInterpreter.cpp:
3406         (JSC::CLoopRegister::operator const Instruction*):
3407         (JSC::CLoop::execute):
3408         * llint/LowLevelInterpreter32_64.asm:
3409         * llint/LowLevelInterpreter64.asm:
3410         * offlineasm/arm64.rb:
3411         * offlineasm/asm.rb:
3412         * offlineasm/ast.rb:
3413         * offlineasm/cloop.rb:
3414         * offlineasm/generate_offset_extractor.rb:
3415         * offlineasm/instructions.rb:
3416         * offlineasm/offsets.rb:
3417         * offlineasm/parser.rb:
3418         * offlineasm/transform.rb:
3419         * offlineasm/x86.rb:
3420         * parser/ResultType.h:
3421         (JSC::ResultType::dump const):
3422         (JSC::OperandTypes::first const):
3423         (JSC::OperandTypes::second const):
3424         (JSC::OperandTypes::dump const):
3425         * profiler/ProfilerBytecodeSequence.cpp:
3426         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
3427         * runtime/CommonSlowPaths.cpp:
3428         (JSC::SLOW_PATH_DECL):
3429         (JSC::updateArithProfileForUnaryArithOp):
3430         (JSC::updateArithProfileForBinaryArithOp):
3431         * runtime/CommonSlowPaths.h:
3432         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
3433         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
3434         * runtime/ExceptionFuzz.cpp:
3435         (JSC::doExceptionFuzzing):
3436         * runtime/ExceptionFuzz.h:
3437         (JSC::doExceptionFuzzingIfEnabled):
3438         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3439         (JSC::GetPutInfo::dump const):
3440         (WTF::printInternal):
3441         * runtime/GetPutInfo.h:
3442         (JSC::GetPutInfo::operand const):
3443         * runtime/JSCPoison.h:
3444         * runtime/JSType.cpp: Added.
3445         (WTF::printInternal):
3446         * runtime/JSType.h:
3447         * runtime/SamplingProfiler.cpp:
3448         (JSC::SamplingProfiler::StackFrame::displayName):
3449         * runtime/SamplingProfiler.h:
3450         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
3451         * runtime/SlowPathReturnType.h:
3452         (JSC::encodeResult):
3453         (JSC::decodeResult):
3454         * runtime/VM.h:
3455         * runtime/Watchdog.h:
3456         * tools/HeapVerifier.cpp:
3457
3458 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3459
3460         Unreviewed, partial rolling in r237254
3461         https://bugs.webkit.org/show_bug.cgi?id=190340
3462
3463         We do not use the added function right now to investigate what is the reason of the regression.
3464         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
3465         seems culprit of the regression on iOS devices.
3466
3467         * bytecode/UnlinkedFunctionExecutable.cpp:
3468         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3469         * bytecode/UnlinkedFunctionExecutable.h:
3470         * parser/SourceCodeKey.h:
3471         (JSC::SourceCodeKey::SourceCodeKey):
3472         (JSC::SourceCodeKey::operator== const):
3473         * runtime/CodeCache.cpp:
3474         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3475         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3476         * runtime/CodeCache.h:
3477         * runtime/FunctionConstructor.cpp:
3478         (JSC::constructFunctionSkippingEvalEnabledCheck):
3479         * runtime/FunctionExecutable.cpp:
3480         (JSC::FunctionExecutable::fromGlobalCode):
3481         * runtime/FunctionExecutable.h:
3482
3483 2018-10-26  Commit Queue  <commit-queue@webkit.org>
3484
3485         Unreviewed, rolling out r237479 and r237484.
3486         https://bugs.webkit.org/show_bug.cgi?id=190978
3487
3488         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
3489
3490         Reverted changesets:
3491
3492         "New bytecode format for JSC"
3493         https://bugs.webkit.org/show_bug.cgi?id=187373
3494         https://trac.webkit.org/changeset/237479
3495
3496         "Gardening: Build fix after r237479."
3497         https://bugs.webkit.org/show_bug.cgi?id=187373
3498         https://trac.webkit.org/changeset/237484
3499
3500 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
3501
3502         Gardening: Build fix after r237479.
3503         https://bugs.webkit.org/show_bug.cgi?id=187373
3504
3505         Unreviewed.
3506
3507         * Configurations/JSC.xcconfig:
3508         * JavaScriptCore.xcodeproj/project.pbxproj:
3509         * llint/LLIntData.cpp:
3510         (JSC::LLInt::initialize):
3511
3512 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
3513
3514         New bytecode format for JSC
3515         https://bugs.webkit.org/show_bug.cgi?id=187373
3516         <rdar://problem/44186758>
3517
3518         Reviewed by Filip Pizlo.
3519
3520         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
3521         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
3522         operands) and might contain an extra operand, the metadataID. The metadataID is used to
3523         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
3524
3525         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
3526         and types to all its operands. Additionally, reading a bytecode from the instruction stream
3527         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
3528         operands directly from the stream.
3529
3530
3531         * CMakeLists.txt:
3532         * DerivedSources.make:
3533         * JavaScriptCore.xcodeproj/project.pbxproj:
3534         * Sources.txt:
3535         * assembler/MacroAssemblerCodeRef.h:
3536         (JSC::ReturnAddressPtr::ReturnAddressPtr):
3537         (JSC::ReturnAddressPtr::value const):
3538         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
3539         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
3540         * bytecode/ArithProfile.h:
3541         (JSC::ArithProfile::ArithProfile):
3542         * bytecode/ArrayAllocationProfile.h:
3543         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
3544         * bytecode/ArrayProfile.h:
3545         * bytecode/BytecodeBasicBlock.cpp:
3546         (JSC::isJumpTarget):
3547         (JSC::BytecodeBasicBlock::computeImpl):
3548         (JSC::BytecodeBasicBlock::compute):
3549         * bytecode/BytecodeBasicBlock.h:
3550         (JSC::BytecodeBasicBlock::leaderOffset const):
3551         (JSC::BytecodeBasicBlock::totalLength const):
3552         (JSC::BytecodeBasicBlock::offsets const):
3553         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
3554         (JSC::BytecodeBasicBlock::addLength):
3555         * bytecode/BytecodeDumper.cpp:
3556         (JSC::BytecodeDumper<Block>::printLocationAndOp):
3557         (JSC::BytecodeDumper<Block>::dumpBytecode):
3558         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
3559         (JSC::BytecodeDumper<Block>::dumpConstants):
3560         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
3561         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
3562         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
3563         (JSC::BytecodeDumper<Block>::dumpBlock):
3564         * bytecode/BytecodeDumper.h:
3565         (JSC::BytecodeDumper::dumpOperand):
3566         (JSC::BytecodeDumper::dumpValue):
3567         (JSC::BytecodeDumper::BytecodeDumper):
3568         (JSC::BytecodeDumper::block const):
3569         * bytecode/BytecodeGeneratorification.cpp:
3570         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
3571         (JSC::BytecodeGeneratorification::enterPoint const):
3572         (JSC::BytecodeGeneratorification::instructions const):
3573         (JSC::GeneratorLivenessAnalysis::run):
3574         (JSC::BytecodeGeneratorification::run):
3575         (JSC::performGeneratorification):
3576         * bytecode/BytecodeGeneratorification.h:
3577         * bytecode/BytecodeGraph.h:
3578         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
3579         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
3580         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
3581         (JSC::BytecodeGraph::BytecodeGraph):
3582         * bytecode/BytecodeKills.h:
3583         * bytecode/BytecodeList.json: Removed.
3584         * bytecode/BytecodeList.rb: Added.
3585         * bytecode/BytecodeLivenessAnalysis.cpp:
3586         (JSC::BytecodeLivenessAnalysis::dumpResults):
3587         * bytecode/BytecodeLivenessAnalysis.h:
3588         * bytecode/BytecodeLivenessAnalysisInlines.h:
3589         (JSC::isValidRegisterForLiveness):
3590         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
3591         * bytecode/BytecodeRewriter.cpp:
3592         (JSC::BytecodeRewriter::applyModification):
3593         (JSC::BytecodeRewriter::execute):
3594         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
3595         (JSC::BytecodeRewriter::insertImpl):
3596         (JSC::BytecodeRewriter::adjustJumpTarget):
3597         (JSC::BytecodeRewriter::adjustJumpTargets):
3598         * bytecode/BytecodeRewriter.h:
3599         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
3600         (JSC::BytecodeRewriter::Fragment::Fragment):
3601         (JSC::BytecodeRewriter::Fragment::appendInstruction):
3602         (JSC::BytecodeRewriter::BytecodeRewriter):
3603         (JSC::BytecodeRewriter::insertFragmentBefore):
3604         (JSC::BytecodeRewriter::insertFragmentAfter):
3605         (JSC::BytecodeRewriter::removeBytecode):
3606         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
3607         (JSC::BytecodeRewriter::adjustJumpTarget):
3608         * bytecode/BytecodeUseDef.h:
3609         (JSC::computeUsesForBytecodeOffset):
3610         (JSC::computeDefsForBytecodeOffset):
3611         * bytecode/CallLinkStatus.cpp:
3612         (JSC::CallLinkStatus::computeFromLLInt):
3613         * bytecode/CodeBlock.cpp:
3614         (JSC::CodeBlock::dumpBytecode):
3615         (JSC::CodeBlock::CodeBlock):
3616         (JSC::CodeBlock::finishCreation):
3617         (JSC::CodeBlock::estimatedSize):
3618         (JSC::CodeBlock::visitChildren):
3619         (JSC::CodeBlock::propagateTransitions):
3620         (JSC::CodeBlock::finalizeLLIntInlineCaches):
3621         (JSC::CodeBlock::addJITAddIC):
3622         (JSC::CodeBlock::addJITMulIC):
3623         (JSC::CodeBlock::addJITSubIC):
3624         (JSC::CodeBlock::addJITNegIC):
3625         (JSC::CodeBlock::stronglyVisitStrongReferences):
3626         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
3627         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
3628         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
3629         (JSC::CodeBlock::getArrayProfile):
3630         (JSC::CodeBlock::updateAllArrayPredictions):
3631         (JSC::CodeBlock::predictedMachineCodeSize):
3632         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
3633         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
3634         (JSC::CodeBlock::valueProfileForBytecodeOffset):
3635         (JSC::CodeBlock::validate):
3636         (JSC::CodeBlock::outOfLineJumpOffset):
3637         (JSC::CodeBlock::outOfLineJumpTarget):
3638         (JSC::CodeBlock::arithProfileForBytecodeOffset):
3639         (JSC::CodeBlock::arithProfileForPC):
3640         (JSC::CodeBlock::couldTakeSpecialFastCase):
3641         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
3642         * bytecode/CodeBlock.h:
3643         (JSC::CodeBlock::addMathIC):
3644         (JSC::CodeBlock::outOfLineJumpOffset):
3645         (JSC::CodeBlock::bytecodeOffset):
3646         (JSC::CodeBlock::instructions const):
3647         (JSC::CodeBlock::instructionCount const):
3648         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
3649         (JSC::CodeBlock::metadata):
3650         (JSC::CodeBlock::metadataSizeInBytes):
3651         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
3652         (JSC::CodeBlock::totalNumberOfValueProfiles):
3653         * bytecode/CodeBlockInlines.h: Added.
3654         (JSC::CodeBlock::forEachValueProfile):
3655         (JSC::CodeBlock::forEachArrayProfile):
3656         (JSC::CodeBlock::forEachArrayAllocationProfile):
3657         (JSC::CodeBlock::forEachObjectAllocationProfile):
3658         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
3659         * bytecode/Fits.h: Added.
3660         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
3661         * bytecode/GetByIdStatus.cpp:
3662         (JSC::GetByIdStatus::computeFromLLInt):
3663         * bytecode/Instruction.h:
3664         (JSC::Instruction::Instruction):
3665         (JSC::Instruction::Impl::opcodeID const):
3666         (JSC::Instruction::opcodeID const):
3667         (JSC::Instruction::name const):
3668         (JSC::Instruction::isWide const):
3669         (JSC::Instruction::size const):
3670         (JSC::Instruction::is const):
3671         (JSC::Instruction::as const):
3672         (JSC::Instruction::cast):
3673         (JSC::Instruction::cast const):
3674         (JSC::Instruction::narrow const):
3675         (JSC::Instruction::wide const):
3676         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3677         (JSC::InstructionStream::InstructionStream):
3678         (JSC::InstructionStream::sizeInBytes const):
3679         * bytecode/InstructionStream.h: Added.
3680         (JSC::InstructionStream::BaseRef::BaseRef):
3681         (JSC::InstructionStream::BaseRef::operator=):
3682         (JSC::InstructionStream::BaseRef::operator-> const):
3683         (JSC::InstructionStream::BaseRef::ptr const):
3684         (JSC::InstructionStream::BaseRef::operator!= const):
3685         (JSC::InstructionStream::BaseRef::next const):
3686         (JSC::InstructionStream::BaseRef::offset const):
3687         (JSC::InstructionStream::BaseRef::isValid const):
3688         (JSC::InstructionStream::BaseRef::unwrap const):
3689         (JSC::InstructionStream::MutableRef::freeze const):
3690         (JSC::InstructionStream::MutableRef::operator->):
3691         (JSC::InstructionStream::MutableRef::ptr):
3692         (JSC::InstructionStream::MutableRef::operator Ref):
3693         (JSC::InstructionStream::MutableRef::unwrap):
3694         (JSC::InstructionStream::iterator::operator*):
3695         (JSC::InstructionStream::iterator::operator++):
3696         (JSC::InstructionStream::begin const):
3697         (JSC::InstructionStream::end const):
3698         (JSC::InstructionStream::at const):
3699         (JSC::InstructionStream::size const):
3700         (JSC::InstructionStreamWriter::InstructionStreamWriter):
3701         (JSC::InstructionStreamWriter::ref):
3702         (JSC::InstructionStreamWriter::seek):
3703         (JSC::InstructionStreamWriter::position):
3704         (JSC::InstructionStreamWriter::write):
3705         (JSC::InstructionStreamWriter::rewind):
3706         (JSC::InstructionStreamWriter::finalize):
3707         (JSC::InstructionStreamWriter::swap):
3708         (JSC::InstructionStreamWriter::iterator::operator*):
3709         (JSC::InstructionStreamWriter::iterator::operator++):
3710         (JSC::InstructionStreamWriter::begin):
3711         (JSC::InstructionStreamWriter::end):
3712         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
3713         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
3714         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
3715         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
3716         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
3717         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3718         (JSC::MetadataTable::MetadataTable):
3719         (JSC::DeallocTable::withOpcodeType):
3720         (JSC::MetadataTable::~MetadataTable):
3721         (JSC::MetadataTable::sizeInBytes):
3722         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
3723         (JSC::MetadataTable::get):
3724         (JSC::MetadataTable::forEach):
3725         (JSC::MetadataTable::getImpl):
3726         * bytecode/Opcode.cpp:
3727         (JSC::metadataSize):
3728         * bytecode/Opcode.h:
3729         (JSC::padOpcodeName):
3730         * bytecode/OpcodeInlines.h:
3731         (JSC::isOpcodeShape):
3732         (JSC::getOpcodeType):
3733         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3734         * bytecode/PreciseJumpTargets.cpp:
3735         (JSC::getJumpTargetsForInstruction):
3736         (JSC::computePreciseJumpTargetsInternal):
3737         (JSC::computePreciseJumpTargets):
3738         (JSC::recomputePreciseJumpTargets):
3739         (JSC::findJumpTargetsForInstruction):
3740         * bytecode/PreciseJumpTargets.h:
3741         * bytecode/PreciseJumpTargetsInlines.h:
3742         (JSC::jumpTargetForInstruction):
3743         (JSC::extractStoredJumpTargetsForInstruction):
3744         (JSC::updateStoredJumpTargetsForInstruction):
3745         * bytecode/PutByIdStatus.cpp:
3746         (JSC::PutByIdStatus::computeFromLLInt):
3747         * bytecode/SpecialPointer.cpp:
3748         (WTF::printInternal):
3749         * bytecode/SpecialPointer.h:
3750         * bytecode/UnlinkedCodeBlock.cpp:
3751         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
3752         (JSC::UnlinkedCodeBlock::visitChildren):
3753         (JSC::UnlinkedCodeBlock::estimatedSize):
3754         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
3755         (JSC::dumpLineColumnEntry):
3756         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
3757         (JSC::UnlinkedCodeBlock::setInstructions):
3758         (JSC::UnlinkedCodeBlock::instructions const):
3759         (JSC::UnlinkedCodeBlock::applyModification):
3760         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
3761         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
3762         * bytecode/UnlinkedCodeBlock.h:
3763         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
3764         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
3765         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3766         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
3767         (JSC::UnlinkedCodeBlock::metadata):
3768         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
3769         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
3770         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
3771         * bytecode/UnlinkedInstructionStream.cpp: Removed.
3772         * bytecode/UnlinkedInstructionStream.h: Removed.
3773         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
3774         * bytecode/UnlinkedMetadataTableInlines.h: Added.
3775         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
3776         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
3777         (JSC::UnlinkedMetadataTable::addEntry):
3778         (JSC::UnlinkedMetadataTable::sizeInBytes):
3779         (JSC::UnlinkedMetadataTable::finalize):
3780         (JSC::UnlinkedMetadataTable::link):
3781         (JSC::UnlinkedMetadataTable::unlink):
3782         * bytecode/VirtualRegister.cpp:
3783         (JSC::VirtualRegister::VirtualRegister):
3784         * bytecode/VirtualRegister.h:
3785         * bytecompiler/BytecodeGenerator.cpp:
3786         (JSC::Label::setLocation):
3787         (JSC::Label::bind):
3788         (JSC::BytecodeGenerator::generate):
3789         (JSC::BytecodeGenerator::BytecodeGenerator):
3790         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
3791         (JSC::BytecodeGenerator::emitEnter):
3792         (JSC::BytecodeGenerator::emitLoopHint):
3793         (JSC::BytecodeGenerator::emitJump):
3794         (JSC::BytecodeGenerator::emitCheckTraps):
3795         (JSC::BytecodeGenerator::rewind):
3796         (JSC::BytecodeGenerator::fuseCompareAndJump):
3797         (JSC::BytecodeGenerator::fuseTestAndJmp):
3798         (JSC::BytecodeGenerator::emitJumpIfTrue):
3799         (JSC::BytecodeGenerator::emitJumpIfFalse):
3800         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
3801         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
3802         (JSC::BytecodeGenerator::moveLinkTimeConstant):
3803         (JSC::BytecodeGenerator::moveEmptyValue):
3804         (JSC::BytecodeGenerator::emitMove):
3805         (JSC::BytecodeGenerator::emitUnaryOp):
3806         (JSC::BytecodeGenerator::emitBinaryOp):
3807         (JSC::BytecodeGenerator::emitToObject):
3808         (JSC::BytecodeGenerator::emitToNumber):
3809         (JSC::BytecodeGenerator::emitToString):
3810         (JSC::BytecodeGenerator::emitTypeOf):
3811         (JSC::BytecodeGenerator::emitInc):
3812         (JSC::BytecodeGenerator::emitDec):
3813         (JSC::BytecodeGenerator::emitEqualityOp):
3814         (JSC::BytecodeGenerator::emitProfileType):
3815         (JSC::BytecodeGenerator::emitProfileControlFlow):
3816         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3817         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
3818         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3819         (JSC::BytecodeGenerator::emitOverridesHasInstance):
3820         (JSC::BytecodeGenerator::emitResolveScope):
3821         (JSC::BytecodeGenerator::emitGetFromScope):
3822         (JSC::BytecodeGenerator::emitPutToScope):
3823         (JSC::BytecodeGenerator::emitInstanceOf):
3824         (JSC::BytecodeGenerator::emitInstanceOfCustom):
3825         (JSC::BytecodeGenerator::emitInByVal):
3826         (JSC::BytecodeGenerator::emitInById):
3827         (JSC::BytecodeGenerator::emitTryGetById):
3828         (JSC::BytecodeGenerator::emitGetById):
3829         (JSC::BytecodeGenerator::emitDirectGetById):
3830         (JSC::BytecodeGenerator::emitPutById):
3831         (JSC::BytecodeGenerator::emitDirectPutById):
3832         (JSC::BytecodeGenerator::emitPutGetterById):
3833         (JSC::BytecodeGenerator::emitPutSetterById):
3834         (JSC::BytecodeGenerator::emitPutGetterSetter):
3835         (JSC::BytecodeGenerator::emitPutGetterByVal):
3836         (JSC::BytecodeGenerator::emitPutSetterByVal):
3837         (JSC::BytecodeGenerator::emitDeleteById):
3838         (JSC::BytecodeGenerator::emitGetByVal):
3839         (JSC::BytecodeGenerator::emitPutByVal):
3840         (JSC::BytecodeGenerator::emitDirectPutByVal):
3841         (JSC::BytecodeGenerator::emitDeleteByVal):
3842         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
3843         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
3844         (JSC::BytecodeGenerator::emitIdWithProfile):
3845         (JSC::BytecodeGenerator::emitUnreachable):
3846         (JSC::BytecodeGenerator::emitGetArgument):
3847         (JSC::BytecodeGenerator::emitCreateThis):
3848         (JSC::BytecodeGenerator::emitTDZCheck):
3849         (JSC::BytecodeGenerator::emitNewObject):
3850         (JSC::BytecodeGenerator::emitNewArrayBuffer):
3851         (JSC::BytecodeGenerator::emitNewArray):
3852         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
3853         (JSC::BytecodeGenerator::emitNewArrayWithSize):
3854         (JSC::BytecodeGenerator::emitNewRegExp):
3855         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
3856         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
3857         (JSC::BytecodeGenerator::emitNewFunction):
3858         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
3859         (JSC::BytecodeGenerator::emitCall):
3860         (JSC::BytecodeGenerator::emitCallInTailPosition):
3861         (JSC::BytecodeGenerator::emitCallEval):
3862         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
3863         (JSC::BytecodeGenerator::emitCallVarargs):
3864         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
3865         (JSC::BytecodeGenerator::emitConstructVarargs):
3866         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
3867         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
3868         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
3869         (JSC::BytecodeGenerator::emitCallDefineProperty):
3870         (JSC::BytecodeGenerator::emitReturn):
3871         (JSC::BytecodeGenerator::emitEnd):
3872         (JSC::BytecodeGenerator::emitConstruct):
3873         (JSC::BytecodeGenerator::emitStrcat):
3874         (JSC::BytecodeGenerator::emitToPrimitive):
3875         (JSC::BytecodeGenerator::emitGetScope):
3876         (JSC::BytecodeGenerator::emitPushWithScope):
3877         (JSC::BytecodeGenerator::emitGetParentScope):
3878         (JSC::BytecodeGenerator::emitDebugHook):
3879         (JSC::BytecodeGenerator::emitCatch):
3880         (JSC::BytecodeGenerator::emitThrow):
3881         (JSC::BytecodeGenerator::emitArgumentCount):
3882         (JSC::BytecodeGenerator::emitThrowStaticError):
3883         (JSC::BytecodeGenerator::beginSwitch):
3884         (JSC::prepareJumpTableForSwitch):
3885         (JSC::prepareJumpTableForStringSwitch):
3886         (JSC::BytecodeGenerator::endSwitch):
3887         (JSC::BytecodeGenerator::emitGetEnumerableLength):
3888         (JSC::BytecodeGenerator::emitHasGenericProperty):
3889         (JSC::BytecodeGenerator::emitHasIndexedProperty):
3890         (JSC::BytecodeGenerator::emitHasStructureProperty):
3891         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
3892         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
3893         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
3894         (JSC::BytecodeGenerator::emitToIndexString):
3895         (JSC::BytecodeGenerator::emitIsCellWithType):
3896         (JSC::BytecodeGenerator::emitIsObject):
3897         (JSC::BytecodeGenerator::emitIsNumber):
3898         (JSC::BytecodeGenerator::emitIsUndefined):
3899         (JSC::BytecodeGenerator::emitIsEmpty):
3900         (JSC::BytecodeGenerator::emitRestParameter):
3901         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
3902         (JSC::BytecodeGenerator::emitYieldPoint):
3903         (JSC::BytecodeGenerator::emitYield):
3904         (JSC::BytecodeGenerator::emitGetAsyncIterator):
3905         (JSC::BytecodeGenerator::emitDelegateYield):
3906         (JSC::BytecodeGenerator::emitFinallyCompletion):
3907         (JSC::BytecodeGenerator::emitJumpIf):
3908         (JSC::ForInContext::finalize):
3909         (JSC::StructureForInContext::finalize):
3910         (JSC::IndexedForInContext::finalize):
3911         (JSC::StaticPropertyAnalysis::record):
3912         (JSC::BytecodeGenerator::emitToThis):
3913         * bytecompiler/BytecodeGenerator.h:
3914         (JSC::StructureForInContext::addGetInst):
3915         (JSC::BytecodeGenerator::recordOpcode):
3916         (JSC::BytecodeGenerator::addMetadataFor):
3917         (JSC::BytecodeGenerator::emitUnaryOp):
3918         (JSC::BytecodeGenerator::kill):
3919         (JSC::BytecodeGenerator::instructions const):
3920         (JSC::BytecodeGenerator::write):
3921         (JSC::BytecodeGenerator::withWriter):
3922         * bytecompiler/Label.h:
3923         (JSC::Label::Label):
3924         (JSC::Label::bind):
3925         * bytecompiler/NodesCodegen.cpp:
3926         (JSC::ArrayNode::emitBytecode):
3927         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
3928         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3929         (JSC::BitwiseNotNode::emitBytecode):
3930         (JSC::BinaryOpNode::emitBytecode):
3931         (JSC::EqualNode::emitBytecode):
3932         (JSC::StrictEqualNode::emitBytecode):
3933         (JSC::emitReadModifyAssignment):
3934         (JSC::ForInNode::emitBytecode):
3935         (JSC::CaseBlockNode::emitBytecodeForBlock):
3936         (JSC::FunctionNode::emitBytecode):
3937         (JSC::ClassExprNode::emitBytecode):
3938         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
3939         (WTF::printInternal):
3940         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3941         * bytecompiler/RegisterID.h:
3942         * bytecompiler/StaticPropertyAnalysis.h: